@mohanscodex/spectra-code 0.4.5 → 0.4.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/package.json +1 -1
- package/dist/src/agents/definitions.d.ts +2 -2
- package/dist/src/agents/definitions.d.ts.map +1 -1
- package/dist/src/agents/definitions.js +18 -18
- package/dist/src/agents/definitions.js.map +1 -1
- package/dist/src/agents/registry.d.ts +1 -1
- package/dist/src/agents/registry.d.ts.map +1 -1
- package/dist/src/agents/registry.js.map +1 -1
- package/dist/src/cli.js +117 -115
- package/dist/src/cli.js.map +1 -1
- package/dist/src/commands/agent.d.ts +1 -1
- package/dist/src/commands/agent.d.ts.map +1 -1
- package/dist/src/commands/agent.js +14 -14
- package/dist/src/commands/agent.js.map +1 -1
- package/dist/src/commands/db.d.ts +1 -1
- package/dist/src/commands/db.d.ts.map +1 -1
- package/dist/src/commands/db.js +11 -11
- package/dist/src/commands/db.js.map +1 -1
- package/dist/src/commands/doctor.d.ts.map +1 -1
- package/dist/src/commands/doctor.js +33 -30
- package/dist/src/commands/doctor.js.map +1 -1
- package/dist/src/commands/mcp.d.ts +1 -1
- package/dist/src/commands/mcp.d.ts.map +1 -1
- package/dist/src/commands/mcp.js +39 -39
- package/dist/src/commands/mcp.js.map +1 -1
- package/dist/src/commands/plugin.d.ts +1 -1
- package/dist/src/commands/plugin.d.ts.map +1 -1
- package/dist/src/commands/plugin.js +13 -13
- package/dist/src/commands/plugin.js.map +1 -1
- package/dist/src/commands/session.d.ts +1 -1
- package/dist/src/commands/session.d.ts.map +1 -1
- package/dist/src/commands/session.js +12 -12
- package/dist/src/commands/session.js.map +1 -1
- package/dist/src/index.d.ts +18 -18
- package/dist/src/index.d.ts.map +1 -1
- package/dist/src/index.js +16 -16
- package/dist/src/index.js.map +1 -1
- package/dist/src/integrations/acp/index.d.ts +1 -1
- package/dist/src/integrations/acp/index.js +1 -1
- package/dist/src/integrations/acp/server.d.ts.map +1 -1
- package/dist/src/integrations/acp/server.js +89 -79
- package/dist/src/integrations/acp/server.js.map +1 -1
- package/dist/src/integrations/custom-tools/index.d.ts +2 -2
- package/dist/src/integrations/custom-tools/index.js +1 -1
- package/dist/src/integrations/custom-tools/loader.d.ts +2 -2
- package/dist/src/integrations/custom-tools/loader.d.ts.map +1 -1
- package/dist/src/integrations/custom-tools/loader.js +19 -18
- package/dist/src/integrations/custom-tools/loader.js.map +1 -1
- package/dist/src/integrations/mcp/client.d.ts +5 -5
- package/dist/src/integrations/mcp/client.d.ts.map +1 -1
- package/dist/src/integrations/mcp/client.js +7 -7
- package/dist/src/integrations/mcp/client.js.map +1 -1
- package/dist/src/integrations/mcp/index.d.ts +2 -2
- package/dist/src/integrations/mcp/index.d.ts.map +1 -1
- package/dist/src/integrations/mcp/index.js +1 -1
- package/dist/src/integrations/mcp/index.js.map +1 -1
- package/dist/src/security/doom-loop.d.ts +1 -1
- package/dist/src/security/doom-loop.d.ts.map +1 -1
- package/dist/src/security/doom-loop.js +4 -4
- package/dist/src/security/doom-loop.js.map +1 -1
- package/dist/src/security/index.d.ts +10 -10
- package/dist/src/security/index.d.ts.map +1 -1
- package/dist/src/security/index.js +116 -69
- package/dist/src/security/index.js.map +1 -1
- package/dist/src/security/path-safety.d.ts +1 -1
- package/dist/src/security/path-safety.d.ts.map +1 -1
- package/dist/src/security/path-safety.js +19 -19
- package/dist/src/security/path-safety.js.map +1 -1
- package/dist/src/security/permissions.d.ts +1 -1
- package/dist/src/security/permissions.d.ts.map +1 -1
- package/dist/src/security/permissions.js +12 -10
- package/dist/src/security/permissions.js.map +1 -1
- package/dist/src/security/read-tracker.d.ts +2 -2
- package/dist/src/security/read-tracker.d.ts.map +1 -1
- package/dist/src/security/read-tracker.js +15 -13
- package/dist/src/security/read-tracker.js.map +1 -1
- package/dist/src/security/ssrf-guard.d.ts +1 -1
- package/dist/src/security/ssrf-guard.d.ts.map +1 -1
- package/dist/src/security/ssrf-guard.js +11 -11
- package/dist/src/security/ssrf-guard.js.map +1 -1
- package/dist/src/security/types.d.ts +4 -4
- package/dist/src/security/types.d.ts.map +1 -1
- package/dist/src/security/wildcard.d.ts.map +1 -1
- package/dist/src/security/wildcard.js +14 -16
- package/dist/src/security/wildcard.js.map +1 -1
- package/dist/src/services/auth-store.d.ts +3 -3
- package/dist/src/services/auth-store.d.ts.map +1 -1
- package/dist/src/services/auth-store.js +7 -7
- package/dist/src/services/auth-store.js.map +1 -1
- package/dist/src/services/config.d.ts +3 -3
- package/dist/src/services/config.d.ts.map +1 -1
- package/dist/src/services/config.js +17 -21
- package/dist/src/services/config.js.map +1 -1
- package/dist/src/services/context.d.ts.map +1 -1
- package/dist/src/services/context.js +5 -8
- package/dist/src/services/context.js.map +1 -1
- package/dist/src/services/custom-providers.d.ts +2 -2
- package/dist/src/services/custom-providers.d.ts.map +1 -1
- package/dist/src/services/custom-providers.js +108 -49
- package/dist/src/services/custom-providers.js.map +1 -1
- package/dist/src/services/session-store.d.ts +1 -1
- package/dist/src/services/session-store.d.ts.map +1 -1
- package/dist/src/services/session-store.js +32 -24
- package/dist/src/services/session-store.js.map +1 -1
- package/dist/src/services/snapshot-manager.d.ts.map +1 -1
- package/dist/src/services/snapshot-manager.js +14 -15
- package/dist/src/services/snapshot-manager.js.map +1 -1
- package/dist/src/tools/edit.d.ts +1 -1
- package/dist/src/tools/edit.js +18 -16
- package/dist/src/tools/edit.js.map +1 -1
- package/dist/src/tools/glob.d.ts +1 -1
- package/dist/src/tools/glob.d.ts.map +1 -1
- package/dist/src/tools/glob.js +20 -16
- package/dist/src/tools/glob.js.map +1 -1
- package/dist/src/tools/grep.d.ts +1 -1
- package/dist/src/tools/grep.d.ts.map +1 -1
- package/dist/src/tools/grep.js +18 -18
- package/dist/src/tools/grep.js.map +1 -1
- package/dist/src/tools/index.d.ts +4 -4
- package/dist/src/tools/index.d.ts.map +1 -1
- package/dist/src/tools/index.js +40 -32
- package/dist/src/tools/index.js.map +1 -1
- package/dist/src/tools/mcp-tool.d.ts +2 -2
- package/dist/src/tools/mcp-tool.d.ts.map +1 -1
- package/dist/src/tools/mcp-tool.js +28 -25
- package/dist/src/tools/mcp-tool.js.map +1 -1
- package/dist/src/tools/read.d.ts +1 -1
- package/dist/src/tools/read.d.ts.map +1 -1
- package/dist/src/tools/read.js +15 -13
- package/dist/src/tools/read.js.map +1 -1
- package/dist/src/tools/shell.d.ts +1 -1
- package/dist/src/tools/shell.d.ts.map +1 -1
- package/dist/src/tools/shell.js +71 -62
- package/dist/src/tools/shell.js.map +1 -1
- package/dist/src/tools/task.d.ts +1 -1
- package/dist/src/tools/task.js +22 -22
- package/dist/src/tools/task.js.map +1 -1
- package/dist/src/tools/types.d.ts +3 -3
- package/dist/src/tools/types.d.ts.map +1 -1
- package/dist/src/tools/utils.d.ts +1 -1
- package/dist/src/tools/utils.js +2 -2
- package/dist/src/tools/utils.js.map +1 -1
- package/dist/src/tools/web-fetch.d.ts +1 -1
- package/dist/src/tools/web-fetch.js +31 -31
- package/dist/src/tools/web-fetch.js.map +1 -1
- package/dist/src/tools/write.d.ts +1 -1
- package/dist/src/tools/write.js +9 -9
- package/dist/src/tools/write.js.map +1 -1
- package/dist/src/tui/app-constants.d.ts.map +1 -1
- package/dist/src/tui/app-constants.js +11 -2
- package/dist/src/tui/app-constants.js.map +1 -1
- package/dist/src/tui/app.d.ts +1 -1
- package/dist/src/tui/app.d.ts.map +1 -1
- package/dist/src/tui/app.js +293 -121
- package/dist/src/tui/app.js.map +1 -1
- package/dist/src/tui/commands.d.ts +14 -14
- package/dist/src/tui/commands.d.ts.map +1 -1
- package/dist/src/tui/commands.js +242 -49
- package/dist/src/tui/commands.js.map +1 -1
- package/dist/src/tui/components/chat-area.d.ts +2 -2
- package/dist/src/tui/components/chat-area.d.ts.map +1 -1
- package/dist/src/tui/components/chat-area.js +5 -5
- package/dist/src/tui/components/chat-area.js.map +1 -1
- package/dist/src/tui/components/command-palette.d.ts.map +1 -1
- package/dist/src/tui/components/command-palette.js +7 -5
- package/dist/src/tui/components/command-palette.js.map +1 -1
- package/dist/src/tui/components/message.d.ts +2 -2
- package/dist/src/tui/components/message.d.ts.map +1 -1
- package/dist/src/tui/components/message.js +63 -50
- package/dist/src/tui/components/message.js.map +1 -1
- package/dist/src/tui/components/slash-autocomplete.d.ts +2 -2
- package/dist/src/tui/components/slash-autocomplete.d.ts.map +1 -1
- package/dist/src/tui/components/slash-autocomplete.js +6 -8
- package/dist/src/tui/components/slash-autocomplete.js.map +1 -1
- package/dist/src/tui/components/toast.d.ts +2 -2
- package/dist/src/tui/components/toast.d.ts.map +1 -1
- package/dist/src/tui/components/toast.js +10 -5
- package/dist/src/tui/components/toast.js.map +1 -1
- package/dist/src/tui/hooks/use-agent.d.ts +3 -3
- package/dist/src/tui/hooks/use-agent.d.ts.map +1 -1
- package/dist/src/tui/hooks/use-agent.js +22 -29
- package/dist/src/tui/hooks/use-agent.js.map +1 -1
- package/dist/src/tui/hooks/use-app-keyboard.d.ts +3 -3
- package/dist/src/tui/hooks/use-app-keyboard.d.ts.map +1 -1
- package/dist/src/tui/hooks/use-app-keyboard.js +28 -29
- package/dist/src/tui/hooks/use-app-keyboard.js.map +1 -1
- package/dist/src/tui/hooks/use-chat-submit.d.ts +6 -6
- package/dist/src/tui/hooks/use-chat-submit.d.ts.map +1 -1
- package/dist/src/tui/hooks/use-chat-submit.js +115 -54
- package/dist/src/tui/hooks/use-chat-submit.js.map +1 -1
- package/dist/src/tui/hooks/use-permission-queue.d.ts +2 -2
- package/dist/src/tui/hooks/use-permission-queue.d.ts.map +1 -1
- package/dist/src/tui/hooks/use-permission-queue.js +1 -1
- package/dist/src/tui/hooks/use-permission-queue.js.map +1 -1
- package/dist/src/tui/hooks/use-revert.d.ts +4 -4
- package/dist/src/tui/hooks/use-revert.d.ts.map +1 -1
- package/dist/src/tui/hooks/use-revert.js +22 -13
- package/dist/src/tui/hooks/use-revert.js.map +1 -1
- package/dist/src/tui/index.d.ts.map +1 -1
- package/dist/src/tui/index.js +11 -11
- package/dist/src/tui/index.js.map +1 -1
- package/dist/src/tui/prompt-bar.d.ts +1 -1
- package/dist/src/tui/prompt-bar.d.ts.map +1 -1
- package/dist/src/tui/prompt-bar.js +14 -11
- package/dist/src/tui/prompt-bar.js.map +1 -1
- package/dist/src/tui/slash-commands.d.ts +2 -2
- package/dist/src/tui/slash-commands.d.ts.map +1 -1
- package/dist/src/tui/slash-commands.js +9 -9
- package/dist/src/tui/slash-commands.js.map +1 -1
- package/dist/src/tui/theme.d.ts +1 -1
- package/dist/src/tui/theme.d.ts.map +1 -1
- package/dist/src/tui/theme.js +46 -38
- package/dist/src/tui/theme.js.map +1 -1
- package/dist/src/tui/tips.d.ts.map +1 -1
- package/dist/src/tui/tips.js +14 -14
- package/dist/src/tui/tips.js.map +1 -1
- package/dist/src/tui/types.d.ts +5 -5
- package/dist/src/tui/types.d.ts.map +1 -1
- package/dist/src/tui/ui/about-dialog.d.ts.map +1 -1
- package/dist/src/tui/ui/about-dialog.js +5 -4
- package/dist/src/tui/ui/about-dialog.js.map +1 -1
- package/dist/src/tui/ui/agent-switcher.d.ts.map +1 -1
- package/dist/src/tui/ui/agent-switcher.js +16 -14
- package/dist/src/tui/ui/agent-switcher.js.map +1 -1
- package/dist/src/tui/ui/debug-dialog.d.ts +1 -1
- package/dist/src/tui/ui/debug-dialog.d.ts.map +1 -1
- package/dist/src/tui/ui/debug-dialog.js +26 -25
- package/dist/src/tui/ui/debug-dialog.js.map +1 -1
- package/dist/src/tui/ui/doctor-dialog.d.ts +2 -2
- package/dist/src/tui/ui/doctor-dialog.d.ts.map +1 -1
- package/dist/src/tui/ui/doctor-dialog.js +10 -8
- package/dist/src/tui/ui/doctor-dialog.js.map +1 -1
- package/dist/src/tui/ui/manage-providers-dialog.d.ts +1 -1
- package/dist/src/tui/ui/manage-providers-dialog.d.ts.map +1 -1
- package/dist/src/tui/ui/manage-providers-dialog.js +102 -86
- package/dist/src/tui/ui/manage-providers-dialog.js.map +1 -1
- package/dist/src/tui/ui/mcp-toggle-dialog.d.ts.map +1 -1
- package/dist/src/tui/ui/mcp-toggle-dialog.js +17 -14
- package/dist/src/tui/ui/mcp-toggle-dialog.js.map +1 -1
- package/dist/src/tui/ui/message-controls.d.ts +1 -1
- package/dist/src/tui/ui/message-controls.d.ts.map +1 -1
- package/dist/src/tui/ui/message-controls.js +40 -28
- package/dist/src/tui/ui/message-controls.js.map +1 -1
- package/dist/src/tui/ui/model-switcher.d.ts.map +1 -1
- package/dist/src/tui/ui/model-switcher.js +40 -25
- package/dist/src/tui/ui/model-switcher.js.map +1 -1
- package/dist/src/tui/ui/permission-dialog.d.ts +1 -1
- package/dist/src/tui/ui/permission-dialog.d.ts.map +1 -1
- package/dist/src/tui/ui/permission-dialog.js +11 -11
- package/dist/src/tui/ui/permission-dialog.js.map +1 -1
- package/dist/src/tui/ui/provider-dialog.d.ts.map +1 -1
- package/dist/src/tui/ui/provider-dialog.js +75 -64
- package/dist/src/tui/ui/provider-dialog.js.map +1 -1
- package/dist/src/tui/ui/session-list.d.ts +3 -3
- package/dist/src/tui/ui/session-list.d.ts.map +1 -1
- package/dist/src/tui/ui/session-list.js +44 -32
- package/dist/src/tui/ui/session-list.js.map +1 -1
- package/dist/src/tui/ui/thinking-effort-dialog.d.ts.map +1 -1
- package/dist/src/tui/ui/thinking-effort-dialog.js +19 -19
- package/dist/src/tui/ui/thinking-effort-dialog.js.map +1 -1
- package/dist/src/tui/utils/model-config.d.ts.map +1 -1
- package/dist/src/tui/utils/model-config.js +13 -13
- package/dist/src/tui/utils/model-config.js.map +1 -1
- package/dist/src/tui/utils/session-messages.d.ts +2 -2
- package/dist/src/tui/utils/session-messages.d.ts.map +1 -1
- package/dist/src/tui/utils/session-messages.js +35 -22
- package/dist/src/tui/utils/session-messages.js.map +1 -1
- package/dist/src/tui/utils/version.d.ts +2 -0
- package/dist/src/tui/utils/version.d.ts.map +1 -0
- package/dist/src/tui/utils/version.js +24 -0
- package/dist/src/tui/utils/version.js.map +1 -0
- package/dist/src/tui/utils.d.ts +2 -2
- package/dist/src/tui/utils.d.ts.map +1 -1
- package/dist/src/tui/utils.js +7 -7
- package/dist/src/tui/utils.js.map +1 -1
- package/dist/src/tui/variant-cycle.d.ts.map +1 -1
- package/dist/src/tui/variant-cycle.js +23 -23
- package/dist/src/tui/variant-cycle.js.map +1 -1
- package/dist/src/utils/paths.d.ts.map +1 -1
- package/dist/src/utils/paths.js +25 -25
- package/dist/src/utils/paths.js.map +1 -1
- package/dist/src/utils/platform.d.ts.map +1 -1
- package/dist/src/utils/platform.js +15 -17
- package/dist/src/utils/platform.js.map +1 -1
- package/package.json +3 -3
|
@@ -1,43 +1,81 @@
|
|
|
1
|
-
import { evaluate, fromConfig } from
|
|
2
|
-
import { PathSafety } from
|
|
3
|
-
import { ReadTracker } from
|
|
4
|
-
import { DoomLoopDetector } from
|
|
5
|
-
import { SsrfGuard } from
|
|
6
|
-
import { isInsideWorkingDir, canonicalPath, matchWildcard, ensureDirGlob } from
|
|
7
|
-
import { resolve, dirname } from
|
|
8
|
-
import { URL } from
|
|
9
|
-
import { statSync } from
|
|
10
|
-
export { evaluate, fromConfig } from
|
|
11
|
-
export { PathSafety } from
|
|
12
|
-
export { ReadTracker } from
|
|
13
|
-
export { DoomLoopDetector } from
|
|
14
|
-
export { SsrfGuard } from
|
|
1
|
+
import { evaluate, fromConfig } from './permissions.js';
|
|
2
|
+
import { PathSafety } from './path-safety.js';
|
|
3
|
+
import { ReadTracker } from './read-tracker.js';
|
|
4
|
+
import { DoomLoopDetector } from './doom-loop.js';
|
|
5
|
+
import { SsrfGuard } from './ssrf-guard.js';
|
|
6
|
+
import { isInsideWorkingDir, canonicalPath, matchWildcard, ensureDirGlob } from './wildcard.js';
|
|
7
|
+
import { resolve, dirname } from 'path';
|
|
8
|
+
import { URL } from 'url';
|
|
9
|
+
import { statSync } from 'fs';
|
|
10
|
+
export { evaluate, fromConfig } from './permissions.js';
|
|
11
|
+
export { PathSafety } from './path-safety.js';
|
|
12
|
+
export { ReadTracker } from './read-tracker.js';
|
|
13
|
+
export { DoomLoopDetector } from './doom-loop.js';
|
|
14
|
+
export { SsrfGuard } from './ssrf-guard.js';
|
|
15
15
|
const BASHLIST_COMMANDS = new Set([
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
16
|
+
'shutdown',
|
|
17
|
+
'reboot',
|
|
18
|
+
'halt',
|
|
19
|
+
'poweroff',
|
|
20
|
+
'mkfs',
|
|
21
|
+
'fdisk',
|
|
22
|
+
'mkswap',
|
|
23
|
+
'swapon',
|
|
24
|
+
'telnet',
|
|
25
|
+
'chroot',
|
|
19
26
|
]);
|
|
20
27
|
const BASHLIST_PATTERNS = [
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
28
|
+
'rm -rf /*',
|
|
29
|
+
'sudo rm -rf /*',
|
|
30
|
+
'doas rm -rf /*',
|
|
31
|
+
'rm -rf ~',
|
|
32
|
+
'rm -rf /home*',
|
|
33
|
+
'rm -rf /root*',
|
|
34
|
+
'dd if=*of=/dev/*',
|
|
35
|
+
'> /dev/sd*',
|
|
36
|
+
'> /dev/hd*',
|
|
37
|
+
'> /dev/nvme*',
|
|
38
|
+
':(){ :|:& };:*',
|
|
39
|
+
'curl * | sh',
|
|
40
|
+
'curl * | bash',
|
|
41
|
+
'curl * | zsh',
|
|
42
|
+
'wget * | sh',
|
|
43
|
+
'wget * | bash',
|
|
44
|
+
'wget * | zsh',
|
|
45
|
+
'sudo chmod 777 /*',
|
|
46
|
+
'sudo chown -R /*',
|
|
47
|
+
'sudo chown -R /',
|
|
48
|
+
'cat .env | curl *',
|
|
49
|
+
'cat .env | wget *',
|
|
50
|
+
'git push --force origin main',
|
|
51
|
+
'git push --force origin master',
|
|
52
|
+
'git push -f origin main',
|
|
53
|
+
'git push -f origin master',
|
|
54
|
+
'git push --force --no-verify origin main',
|
|
55
|
+
'git push --force --no-verify origin master',
|
|
34
56
|
];
|
|
35
57
|
const FILE_COMMANDS = new Set([
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
58
|
+
'cat',
|
|
59
|
+
'cp',
|
|
60
|
+
'mv',
|
|
61
|
+
'rm',
|
|
62
|
+
'mkdir',
|
|
63
|
+
'touch',
|
|
64
|
+
'chmod',
|
|
65
|
+
'chown',
|
|
66
|
+
'ls',
|
|
67
|
+
'less',
|
|
68
|
+
'more',
|
|
69
|
+
'head',
|
|
70
|
+
'tail',
|
|
71
|
+
'file',
|
|
72
|
+
'stat',
|
|
73
|
+
'diff',
|
|
74
|
+
'cmp',
|
|
75
|
+
'find',
|
|
76
|
+
'ln',
|
|
39
77
|
]);
|
|
40
|
-
const FILE_TOOL_NAMES = new Set([
|
|
78
|
+
const FILE_TOOL_NAMES = new Set(['read', 'write', 'edit', 'grep', 'glob']);
|
|
41
79
|
function unquoteShell(s) {
|
|
42
80
|
if (s.length >= 2) {
|
|
43
81
|
const first = s[0], last = s[s.length - 1];
|
|
@@ -50,7 +88,7 @@ function unquoteShell(s) {
|
|
|
50
88
|
function extractBashPaths(command, cwd) {
|
|
51
89
|
const externalPaths = [];
|
|
52
90
|
const pathPatterns = [];
|
|
53
|
-
for (const firstLine of command.split(
|
|
91
|
+
for (const firstLine of command.split('\n')) {
|
|
54
92
|
const trimmed = firstLine.trim();
|
|
55
93
|
if (!trimmed)
|
|
56
94
|
continue;
|
|
@@ -59,11 +97,11 @@ function extractBashPaths(command, cwd) {
|
|
|
59
97
|
const parts = segment.trim().split(/\s+/).filter(Boolean);
|
|
60
98
|
if (parts.length < 2)
|
|
61
99
|
continue;
|
|
62
|
-
const cmd = (parts[0] ||
|
|
100
|
+
const cmd = (parts[0] || '').toLowerCase();
|
|
63
101
|
if (!FILE_COMMANDS.has(cmd))
|
|
64
102
|
continue;
|
|
65
103
|
for (const arg of parts.slice(1)) {
|
|
66
|
-
if (arg.startsWith(
|
|
104
|
+
if (arg.startsWith('-') || arg.startsWith('--'))
|
|
67
105
|
continue;
|
|
68
106
|
const unquoted = unquoteShell(arg);
|
|
69
107
|
try {
|
|
@@ -80,7 +118,7 @@ function extractBashPaths(command, cwd) {
|
|
|
80
118
|
return { externalPaths, pathPatterns };
|
|
81
119
|
}
|
|
82
120
|
function isBashBlocked(command) {
|
|
83
|
-
const firstWord = command.trim().split(/\s+/)[0] ||
|
|
121
|
+
const firstWord = command.trim().split(/\s+/)[0] || '';
|
|
84
122
|
if (BASHLIST_COMMANDS.has(firstWord))
|
|
85
123
|
return true;
|
|
86
124
|
const normalized = command.trim();
|
|
@@ -93,7 +131,7 @@ export class PermissionDeniedError extends Error {
|
|
|
93
131
|
super(`Permission denied: '${permission}' for '${pattern}'`);
|
|
94
132
|
this.permission = permission;
|
|
95
133
|
this.pattern = pattern;
|
|
96
|
-
this.name =
|
|
134
|
+
this.name = 'PermissionDeniedError';
|
|
97
135
|
}
|
|
98
136
|
}
|
|
99
137
|
export function createSecurityManager(options = {}) {
|
|
@@ -105,7 +143,7 @@ export function createSecurityManager(options = {}) {
|
|
|
105
143
|
allowedPaths: options.security?.allowedPaths,
|
|
106
144
|
});
|
|
107
145
|
const readTracker = new ReadTracker({
|
|
108
|
-
mode: options.security?.writeGuard ??
|
|
146
|
+
mode: options.security?.writeGuard ?? 'soft',
|
|
109
147
|
exclude: options.security?.writeGuardExclude,
|
|
110
148
|
});
|
|
111
149
|
const doomLoop = new DoomLoopDetector(options.security?.doomLoop);
|
|
@@ -124,22 +162,29 @@ export function createSecurityManager(options = {}) {
|
|
|
124
162
|
function addApproval(rules) {
|
|
125
163
|
approvedRuleset.push(...rules);
|
|
126
164
|
}
|
|
127
|
-
function getReadTracker() {
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
function
|
|
165
|
+
function getReadTracker() {
|
|
166
|
+
return readTracker;
|
|
167
|
+
}
|
|
168
|
+
function getDoomLoop() {
|
|
169
|
+
return doomLoop;
|
|
170
|
+
}
|
|
171
|
+
function getSsrfGuard() {
|
|
172
|
+
return ssrfGuard;
|
|
173
|
+
}
|
|
174
|
+
function getPathSafety() {
|
|
175
|
+
return pathSafety;
|
|
176
|
+
}
|
|
131
177
|
function getApprovedConfig() {
|
|
132
178
|
const config = {};
|
|
133
179
|
for (const rule of approvedRuleset) {
|
|
134
|
-
if (rule.action !==
|
|
180
|
+
if (rule.action !== 'allow')
|
|
135
181
|
continue;
|
|
136
182
|
const existing = config[rule.permission];
|
|
137
|
-
if (typeof existing ===
|
|
138
|
-
;
|
|
139
|
-
existing[rule.pattern] = "allow";
|
|
183
|
+
if (typeof existing === 'object' && existing !== null) {
|
|
184
|
+
existing[rule.pattern] = 'allow';
|
|
140
185
|
}
|
|
141
186
|
else {
|
|
142
|
-
config[rule.permission] = { [rule.pattern]:
|
|
187
|
+
config[rule.permission] = { [rule.pattern]: 'allow' };
|
|
143
188
|
}
|
|
144
189
|
}
|
|
145
190
|
return config;
|
|
@@ -147,15 +192,15 @@ export function createSecurityManager(options = {}) {
|
|
|
147
192
|
function checkPath(rawPath) {
|
|
148
193
|
const result = pathSafety.check(rawPath, cwd);
|
|
149
194
|
if (!result.ok) {
|
|
150
|
-
throw new PermissionDeniedError(
|
|
195
|
+
throw new PermissionDeniedError('path_safety', rawPath);
|
|
151
196
|
}
|
|
152
197
|
}
|
|
153
198
|
function internalPathsOnly(permission, patterns) {
|
|
154
|
-
if (!FILE_TOOL_NAMES.has(permission) && permission !==
|
|
199
|
+
if (!FILE_TOOL_NAMES.has(permission) && permission !== 'external_directory') {
|
|
155
200
|
return false;
|
|
156
201
|
}
|
|
157
202
|
return patterns.every((p) => {
|
|
158
|
-
if (p ===
|
|
203
|
+
if (p === '*')
|
|
159
204
|
return false;
|
|
160
205
|
try {
|
|
161
206
|
return isInsideWorkingDir(p, cwd);
|
|
@@ -166,9 +211,9 @@ export function createSecurityManager(options = {}) {
|
|
|
166
211
|
});
|
|
167
212
|
}
|
|
168
213
|
async function checkPermission(permission, patterns, tool, details) {
|
|
169
|
-
const isBash = permission ===
|
|
214
|
+
const isBash = permission === 'bash' || permission === 'shell';
|
|
170
215
|
if (isBash) {
|
|
171
|
-
const command = patterns[0] ??
|
|
216
|
+
const command = patterns[0] ?? '';
|
|
172
217
|
if (isBashBlocked(command)) {
|
|
173
218
|
throw new PermissionDeniedError(permission, command);
|
|
174
219
|
}
|
|
@@ -176,10 +221,10 @@ export function createSecurityManager(options = {}) {
|
|
|
176
221
|
const ruleset = getRuleset();
|
|
177
222
|
for (const pattern of patterns) {
|
|
178
223
|
const rule = evaluate(permission, pattern, ruleset);
|
|
179
|
-
if (rule.action ===
|
|
224
|
+
if (rule.action === 'deny') {
|
|
180
225
|
throw new PermissionDeniedError(permission, pattern);
|
|
181
226
|
}
|
|
182
|
-
if (rule.action ===
|
|
227
|
+
if (rule.action === 'allow') {
|
|
183
228
|
return;
|
|
184
229
|
}
|
|
185
230
|
}
|
|
@@ -227,16 +272,16 @@ export function createSecurityManager(options = {}) {
|
|
|
227
272
|
if (!pending)
|
|
228
273
|
return;
|
|
229
274
|
pendingRequests.delete(id);
|
|
230
|
-
if (response.action ===
|
|
275
|
+
if (response.action === 'deny') {
|
|
231
276
|
pending.reject(new PermissionDeniedError(pending.permission, pending.pattern));
|
|
232
277
|
return;
|
|
233
278
|
}
|
|
234
|
-
if (response.action ===
|
|
279
|
+
if (response.action === 'always') {
|
|
235
280
|
for (const alwaysPattern of pending.always) {
|
|
236
281
|
approvedRuleset.push({
|
|
237
282
|
permission: pending.permission,
|
|
238
283
|
pattern: alwaysPattern,
|
|
239
|
-
action:
|
|
284
|
+
action: 'allow',
|
|
240
285
|
});
|
|
241
286
|
}
|
|
242
287
|
cascadeAutoResolve();
|
|
@@ -247,7 +292,7 @@ export function createSecurityManager(options = {}) {
|
|
|
247
292
|
function cascadeAutoResolve() {
|
|
248
293
|
const ruleset = getRuleset();
|
|
249
294
|
for (const [pid, entry] of pendingRequests) {
|
|
250
|
-
const allAllowed = entry.always.every((ap) => evaluate(entry.permission, ap, ruleset).action ===
|
|
295
|
+
const allAllowed = entry.always.every((ap) => evaluate(entry.permission, ap, ruleset).action === 'allow');
|
|
251
296
|
if (allAllowed) {
|
|
252
297
|
pendingRequests.delete(pid);
|
|
253
298
|
entry.resolve();
|
|
@@ -255,7 +300,7 @@ export function createSecurityManager(options = {}) {
|
|
|
255
300
|
}
|
|
256
301
|
}
|
|
257
302
|
function generateAlwaysPatterns(permission, pattern) {
|
|
258
|
-
if (permission ===
|
|
303
|
+
if (permission === 'external_directory') {
|
|
259
304
|
const resolved = canonicalPath(pattern, cwd);
|
|
260
305
|
let dir;
|
|
261
306
|
try {
|
|
@@ -268,9 +313,9 @@ export function createSecurityManager(options = {}) {
|
|
|
268
313
|
return [pattern, ensureDirGlob(dir)];
|
|
269
314
|
}
|
|
270
315
|
if (FILE_TOOL_NAMES.has(permission)) {
|
|
271
|
-
return [
|
|
316
|
+
return ['*'];
|
|
272
317
|
}
|
|
273
|
-
if (permission ===
|
|
318
|
+
if (permission === 'bash') {
|
|
274
319
|
const parts = pattern.split(/\s+/);
|
|
275
320
|
if (parts.length >= 2) {
|
|
276
321
|
return [pattern, `${parts[0]} ${parts[1]} *`, `${parts[0]} *`];
|
|
@@ -296,10 +341,10 @@ export function createSecurityManager(options = {}) {
|
|
|
296
341
|
}
|
|
297
342
|
catch { }
|
|
298
343
|
}
|
|
299
|
-
if (toolName ===
|
|
344
|
+
if (toolName === 'bash' || toolName === 'shell') {
|
|
300
345
|
const command = args.command;
|
|
301
346
|
if (command) {
|
|
302
|
-
const firstLine = command.split(
|
|
347
|
+
const firstLine = command.split('\n')[0].trim();
|
|
303
348
|
toolPatterns.push(firstLine);
|
|
304
349
|
const parts = firstLine.split(/\s+/).filter(Boolean);
|
|
305
350
|
if (parts.length >= 2) {
|
|
@@ -321,7 +366,7 @@ export function createSecurityManager(options = {}) {
|
|
|
321
366
|
}
|
|
322
367
|
}
|
|
323
368
|
}
|
|
324
|
-
if (toolName ===
|
|
369
|
+
if (toolName === 'web_fetch' || toolName === 'webfetch') {
|
|
325
370
|
const url = args.url;
|
|
326
371
|
if (url) {
|
|
327
372
|
try {
|
|
@@ -330,7 +375,7 @@ export function createSecurityManager(options = {}) {
|
|
|
330
375
|
catch { }
|
|
331
376
|
}
|
|
332
377
|
}
|
|
333
|
-
if (toolName ===
|
|
378
|
+
if (toolName === 'task') {
|
|
334
379
|
const subagent = (args.subagent_name || args.subagent_type);
|
|
335
380
|
if (subagent)
|
|
336
381
|
toolPatterns.push(subagent);
|
|
@@ -339,7 +384,7 @@ export function createSecurityManager(options = {}) {
|
|
|
339
384
|
toolPatterns.push(...pathPatterns);
|
|
340
385
|
}
|
|
341
386
|
if (toolPatterns.length === 0) {
|
|
342
|
-
toolPatterns.push(
|
|
387
|
+
toolPatterns.push('*');
|
|
343
388
|
}
|
|
344
389
|
return { toolPatterns, externalPaths, pathPatterns };
|
|
345
390
|
}
|
|
@@ -356,7 +401,9 @@ export function createSecurityManager(options = {}) {
|
|
|
356
401
|
respondToRequest,
|
|
357
402
|
getRuleset,
|
|
358
403
|
getApprovedConfig,
|
|
359
|
-
get pendingCount() {
|
|
404
|
+
get pendingCount() {
|
|
405
|
+
return pendingRequests.size;
|
|
406
|
+
},
|
|
360
407
|
};
|
|
361
408
|
}
|
|
362
409
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/security/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAC3C,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AAC/F,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACvC,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,CAAA;AACzB,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAA;AAG7B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AACvD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAA;AAE3C,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU;IACxC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ;IACnC,QAAQ,EAAE,QAAQ;CACnB,CAAC,CAAA;AAEF,MAAM,iBAAiB,GAAG;IACxB,WAAW,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,UAAU;IAC3D,eAAe,EAAE,eAAe;IAChC,kBAAkB;IAClB,YAAY,EAAE,YAAY,EAAE,cAAc;IAC1C,gBAAgB;IAChB,aAAa,EAAE,eAAe,EAAE,cAAc;IAC9C,aAAa,EAAE,eAAe,EAAE,cAAc;IAC9C,mBAAmB,EAAE,kBAAkB,EAAE,iBAAiB;IAC1D,mBAAmB,EAAE,mBAAmB;IACxC,8BAA8B,EAAE,gCAAgC;IAChE,yBAAyB,EAAE,2BAA2B;IACtD,0CAA0C;IAC1C,4CAA4C;CAC7C,CAAA;AAED,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IAC5B,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO;IAC3D,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IACpD,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI;CAC5B,CAAC,CAAA;AAEF,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;AAE1E,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;QAC1C,IAAI,CAAC,KAAK,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACvE,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACvB,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAA;AACV,CAAC;AAED,SAAS,gBAAgB,CACvB,OAAe,EACf,GAAW;IAEX,MAAM,aAAa,GAAa,EAAE,CAAA;IAClC,MAAM,YAAY,GAAa,EAAE,CAAA;IAEjC,KAAK,MAAM,SAAS,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,CAAA;QAChC,IAAI,CAAC,OAAO;YAAE,SAAQ;QAEtB,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;QAC1C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;YACzD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,SAAQ;YAE9B,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAA;YAC1C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAQ;YAErC,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjC,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC;oBAAE,SAAQ;gBACzD,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;gBAElC,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;oBACvC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;oBAC3B,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,CAAC;wBACvC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;oBAC9B,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,CAAA;AACxC,CAAC;AAED,SAAS,aAAa,CAAC,OAAe;IACpC,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;IAEtD,IAAI,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAA;IAEjD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAE,CAAA;IACjC,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,CAAA;AACpE,CAAC;AAED,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAE5B;IACA;IAFlB,YACkB,UAAkB,EAClB,OAAe;QAE/B,KAAK,CAAC,uBAAuB,UAAU,UAAU,OAAO,GAAG,CAAC,CAAA;QAH5C,eAAU,GAAV,UAAU,CAAQ;QAClB,YAAO,GAAP,OAAO,CAAQ;QAG/B,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAA;IACrC,CAAC;CACF;AAwBD,MAAM,UAAU,qBAAqB,CAAC,UAAoC,EAAE;IAC1E,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IACtE,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,EAAE,CAAA;IACnD,MAAM,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAA;IAExD,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC;QAChC,YAAY,EAAE,OAAO,CAAC,QAAQ,EAAE,YAAY;QAC5C,YAAY,EAAE,OAAO,CAAC,QAAQ,EAAE,YAAY;KAC7C,CAAC,CAAA;IACF,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC;QAClC,IAAI,EAAE,OAAO,CAAC,QAAQ,EAAE,UAAU,IAAI,MAAM;QAC5C,OAAO,EAAE,OAAO,CAAC,QAAQ,EAAE,iBAAiB;KAC7C,CAAC,CAAA;IACF,MAAM,QAAQ,GAAG,IAAI,gBAAgB,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;IACjE,MAAM,SAAS,GAAG,IAAI,SAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;IAEvD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAA;IAExC,IAAI,eAAe,GAAY,CAAC,GAAG,gBAAgB,CAAC,CAAA;IACpD,MAAM,eAAe,GAAG,IAAI,GAAG,EAA0B,CAAA;IACzD,IAAI,QAAQ,GAA8B,IAAI,CAAA;IAC9C,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;IAEnC,SAAS,UAAU;QACjB,OAAO,CAAC,GAAG,aAAa,EAAE,GAAG,eAAe,EAAE,GAAG,cAAc,CAAC,CAAA;IAClE,CAAC;IAED,SAAS,WAAW,CAAC,EAA6B;QAChD,QAAQ,GAAG,EAAE,CAAA;IACf,CAAC;IAED,SAAS,WAAW,CAAC,KAAa;QAChC,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAA;IAChC,CAAC;IAED,SAAS,cAAc,KAAkB,OAAO,WAAW,CAAA,CAAC,CAAC;IAC7D,SAAS,WAAW,KAAuB,OAAO,QAAQ,CAAA,CAAC,CAAC;IAC5D,SAAS,YAAY,KAAgB,OAAO,SAAS,CAAA,CAAC,CAAC;IACvD,SAAS,aAAa,KAAiB,OAAO,UAAU,CAAA,CAAC,CAAC;IAE1D,SAAS,iBAAiB;QACxB,MAAM,MAAM,GAAqB,EAAE,CAAA;QACnC,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO;gBAAE,SAAQ;YACrC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YACxC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACtD,CAAC;gBAAC,QAA6C,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,OAAO,CAAA;YACzE,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,CAAA;YACvD,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IAED,SAAS,SAAS,CAAC,OAAe;QAChC,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;QAC7C,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,IAAI,qBAAqB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAA;QACzD,CAAC;IACH,CAAC;IAED,SAAS,iBAAiB,CAAC,UAAkB,EAAE,QAAkB;QAC/D,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,UAAU,KAAK,oBAAoB,EAAE,CAAC;YAC5E,OAAO,KAAK,CAAA;QACd,CAAC;QACD,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;YAC1B,IAAI,CAAC,KAAK,GAAG;gBAAE,OAAO,KAAK,CAAA;YAC3B,IAAI,CAAC;gBAAC,OAAO,kBAAkB,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;YAAC,CAAC;YAAC,MAAM,CAAC;gBAAC,OAAO,KAAK,CAAA;YAAC,CAAC;QAClE,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,KAAK,UAAU,eAAe,CAC5B,UAAkB,EAClB,QAAkB,EAClB,IAAa,EACb,OAAgB;QAEhB,MAAM,MAAM,GAAG,UAAU,KAAK,MAAM,IAAI,UAAU,KAAK,OAAO,CAAA;QAE9D,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;YACjC,IAAI,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC3B,MAAM,IAAI,qBAAqB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,EAAE,CAAA;QAE5B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,CAAA;YAEnD,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,MAAM,IAAI,qBAAqB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;YACtD,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBAC5B,OAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,MAAM,EAAE,CAAC;YACX,OAAM;QACR,CAAC;QAED,IAAI,iBAAiB,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC5C,OAAM;QACR,CAAC;QAED,MAAM,eAAe,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;IAC9E,CAAC;IAED,KAAK,UAAU,eAAe,CAC5B,UAAkB,EAClB,OAAe,EACf,IAAa,EACb,OAAgB;QAEhB,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC3C,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;YAClD,MAAM,cAAc,GAAG,sBAAsB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;YAElE,MAAM,OAAO,GAAmB;gBAC9B,EAAE;gBACF,UAAU;gBACV,OAAO;gBACP,IAAI,EAAE,IAAI,IAAI,UAAU;gBACxB,OAAO,EAAE,OAAO,IAAI,OAAO;gBAC3B,MAAM,EAAE,cAAc;gBACtB,OAAO;gBACP,MAAM;aACP,CAAA;YAED,eAAe,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,CAAA;YAEhC,QAAQ,EAAE,CAAC;gBACT,EAAE;gBACF,UAAU;gBACV,OAAO;gBACP,IAAI,EAAE,IAAI,IAAI,UAAU;gBACxB,OAAO,EAAE,OAAO,IAAI,OAAO;gBAC3B,MAAM,EAAE,cAAc;aACvB,CAAC,CAAA;YAEF,UAAU,CAAC,GAAG,EAAE;gBACd,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBAC5B,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;oBAC1B,MAAM,CAAC,IAAI,qBAAqB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAA;gBACxD,CAAC;YACH,CAAC,EAAE,MAAM,CAAC,CAAA;QACZ,CAAC,CAAC,CAAA;IACJ,CAAC;IAED,SAAS,gBAAgB,CAAC,EAAU,EAAE,QAA4B;QAChE,MAAM,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QACvC,IAAI,CAAC,OAAO;YAAE,OAAM;QACpB,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;QAE1B,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC/B,OAAO,CAAC,MAAM,CAAC,IAAI,qBAAqB,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAA;YAC9E,OAAM;QACR,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACjC,KAAK,MAAM,aAAa,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBAC3C,eAAe,CAAC,IAAI,CAAC;oBACnB,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,OAAO,EAAE,aAAa;oBACtB,MAAM,EAAE,OAAO;iBAChB,CAAC,CAAA;YACJ,CAAC;YAED,kBAAkB,EAAE,CAAA;YACpB,SAAS,EAAE,CAAC,eAAe,CAAC,CAAA;QAC9B,CAAC;QAED,OAAO,CAAC,OAAO,EAAE,CAAA;IACnB,CAAC;IAED,SAAS,kBAAkB;QACzB,MAAM,OAAO,GAAG,UAAU,EAAE,CAAA;QAC5B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,eAAe,EAAE,CAAC;YAC3C,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE,CAC3C,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC,MAAM,KAAK,OAAO,CAC3D,CAAA;YACD,IAAI,UAAU,EAAE,CAAC;gBACf,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;gBAC3B,KAAK,CAAC,OAAO,EAAE,CAAA;YACjB,CAAC;QACH,CAAC;IACH,CAAC;IAED,SAAS,sBAAsB,CAAC,UAAkB,EAAE,OAAe;QACjE,IAAI,UAAU,KAAK,oBAAoB,EAAE,CAAC;YACxC,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;YAC5C,IAAI,GAAW,CAAA;YACf,IAAI,CAAC;gBACH,MAAM,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAA;gBAC7B,GAAG,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;YACzB,CAAC;YACD,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAA;QACtC,CAAC;QAED,IAAI,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,CAAA;QACd,CAAC;QAED,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;YAC1B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;YAClC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBACtB,OAAO,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;YAChE,CAAC;YACD,OAAO,CAAC,GAAG,OAAO,IAAI,CAAC,CAAA;QACzB,CAAC;QAED,OAAO,CAAC,OAAO,CAAC,CAAA;IAClB,CAAC;IAED,SAAS,mBAAmB,CAC1B,QAAgB,EAChB,IAA6B;QAE7B,MAAM,YAAY,GAAa,EAAE,CAAA;QACjC,MAAM,aAAa,GAAa,EAAE,CAAA;QAClC,MAAM,YAAY,GAAa,EAAE,CAAA;QAEjC,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAuB,CAAA;QAEpF,IAAI,OAAO,EAAE,CAAC;YACZ,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;YAC1B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;gBACjC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACtB,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;oBACtC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;oBAC3B,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACzB,CAAC;YACH,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACZ,CAAC;QAED,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YAChD,MAAM,OAAO,GAAG,IAAI,CAAC,OAA6B,CAAA;YAClD,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;gBAC/C,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;gBAC5B,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;gBACpD,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBACtB,YAAY,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;gBAChD,CAAC;gBACD,YAAY,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;gBAElC,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,GACnE,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;gBAChC,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC5B,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;wBAC9B,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;4BACvD,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;wBACxB,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,KAAK,MAAM,EAAE,IAAI,gBAAgB,EAAE,CAAC;oBAClC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;wBACtD,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;oBACvB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,KAAK,WAAW,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;YACxD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAyB,CAAA;YAC1C,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC;oBACH,YAAY,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAA;gBAC1C,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;YACxB,MAAM,QAAQ,GAAG,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,aAAa,CAAuB,CAAA;YACjF,IAAI,QAAQ;gBAAE,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAC3C,CAAC;QAED,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzD,YAAY,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAA;QACpC,CAAC;QAED,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACxB,CAAC;QAED,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,CAAA;IACtD,CAAC;IAED,OAAO;QACL,cAAc;QACd,WAAW;QACX,YAAY;QACZ,aAAa;QACb,SAAS;QACT,eAAe;QACf,mBAAmB;QACnB,WAAW;QACX,WAAW;QACX,gBAAgB;QAChB,UAAU;QACV,iBAAiB;QACjB,IAAI,YAAY,KAAK,OAAO,eAAe,CAAC,IAAI,CAAA,CAAC,CAAC;KACnD,CAAA;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/security/index.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAChG,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACxC,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC;AAC1B,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAC;AAG9B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IACjC,UAAU;IACV,QAAQ;IACR,MAAM;IACN,UAAU;IACV,MAAM;IACN,OAAO;IACP,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,QAAQ;CACR,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG;IACzB,WAAW;IACX,gBAAgB;IAChB,gBAAgB;IAChB,UAAU;IACV,eAAe;IACf,eAAe;IACf,kBAAkB;IAClB,YAAY;IACZ,YAAY;IACZ,cAAc;IACd,gBAAgB;IAChB,aAAa;IACb,eAAe;IACf,cAAc;IACd,aAAa;IACb,eAAe;IACf,cAAc;IACd,mBAAmB;IACnB,kBAAkB;IAClB,iBAAiB;IACjB,mBAAmB;IACnB,mBAAmB;IACnB,8BAA8B;IAC9B,gCAAgC;IAChC,yBAAyB;IACzB,2BAA2B;IAC3B,0CAA0C;IAC1C,4CAA4C;CAC5C,CAAC;AAEF,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC;IAC7B,KAAK;IACL,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,OAAO;IACP,OAAO;IACP,OAAO;IACP,OAAO;IACP,IAAI;IACJ,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,KAAK;IACL,MAAM;IACN,IAAI;CACJ,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;AAE3E,SAAS,YAAY,CAAC,CAAS;IAC9B,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACnB,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,EACjB,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxB,IAAI,CAAC,KAAK,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACxE,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACvB,CAAC;IACF,CAAC;IACD,OAAO,CAAC,CAAC;AACV,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe,EAAE,GAAW;IACrD,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,KAAK,MAAM,SAAS,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;QACjC,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC3C,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC1D,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;gBAAE,SAAS;YAE/B,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;YAC3C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAEtC,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClC,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC;oBAAE,SAAS;gBAC1D,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;gBAEnC,IAAI,CAAC;oBACJ,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;oBACxC,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAC5B,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,CAAC;wBACxC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAC9B,CAAC;gBACF,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACX,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,aAAa,CAAC,OAAe;IACrC,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAEvD,IAAI,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAElD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAClC,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,CAAC;AACpE,CAAC;AAED,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAE9B;IACA;IAFjB,YACiB,UAAkB,EAClB,OAAe;QAE/B,KAAK,CAAC,uBAAuB,UAAU,UAAU,OAAO,GAAG,CAAC,CAAC;QAH7C,eAAU,GAAV,UAAU,CAAQ;QAClB,YAAO,GAAP,OAAO,CAAQ;QAG/B,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACrC,CAAC;CACD;AAwBD,MAAM,UAAU,qBAAqB,CAAC,UAAoC,EAAE;IAC3E,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACvE,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC;IACpD,MAAM,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC;IAEzD,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC;QACjC,YAAY,EAAE,OAAO,CAAC,QAAQ,EAAE,YAAY;QAC5C,YAAY,EAAE,OAAO,CAAC,QAAQ,EAAE,YAAY;KAC5C,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC;QACnC,IAAI,EAAE,OAAO,CAAC,QAAQ,EAAE,UAAU,IAAI,MAAM;QAC5C,OAAO,EAAE,OAAO,CAAC,QAAQ,EAAE,iBAAiB;KAC5C,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,IAAI,gBAAgB,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAClE,MAAM,SAAS,GAAG,IAAI,SAAS,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAExD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IAEzC,IAAI,eAAe,GAAY,CAAC,GAAG,gBAAgB,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,IAAI,GAAG,EAA0B,CAAC;IAC1D,IAAI,QAAQ,GAA8B,IAAI,CAAC;IAC/C,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IAEpC,SAAS,UAAU;QAClB,OAAO,CAAC,GAAG,aAAa,EAAE,GAAG,eAAe,EAAE,GAAG,cAAc,CAAC,CAAC;IAClE,CAAC;IAED,SAAS,WAAW,CAAC,EAA6B;QACjD,QAAQ,GAAG,EAAE,CAAC;IACf,CAAC;IAED,SAAS,WAAW,CAAC,KAAa;QACjC,eAAe,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC;IAChC,CAAC;IAED,SAAS,cAAc;QACtB,OAAO,WAAW,CAAC;IACpB,CAAC;IACD,SAAS,WAAW;QACnB,OAAO,QAAQ,CAAC;IACjB,CAAC;IACD,SAAS,YAAY;QACpB,OAAO,SAAS,CAAC;IAClB,CAAC;IACD,SAAS,aAAa;QACrB,OAAO,UAAU,CAAC;IACnB,CAAC;IAED,SAAS,iBAAiB;QACzB,MAAM,MAAM,GAAqB,EAAE,CAAC;QACpC,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO;gBAAE,SAAS;YACtC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACzC,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;gBACtD,QAA6C,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;YACxE,CAAC;iBAAM,CAAC;gBACP,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC;YACvD,CAAC;QACF,CAAC;QACD,OAAO,MAAM,CAAC;IACf,CAAC;IAED,SAAS,SAAS,CAAC,OAAe;QACjC,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YAChB,MAAM,IAAI,qBAAqB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;QACzD,CAAC;IACF,CAAC;IAED,SAAS,iBAAiB,CAAC,UAAkB,EAAE,QAAkB;QAChE,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,UAAU,KAAK,oBAAoB,EAAE,CAAC;YAC7E,OAAO,KAAK,CAAC;QACd,CAAC;QACD,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;YAC3B,IAAI,CAAC,KAAK,GAAG;gBAAE,OAAO,KAAK,CAAC;YAC5B,IAAI,CAAC;gBACJ,OAAO,kBAAkB,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;YACnC,CAAC;YAAC,MAAM,CAAC;gBACR,OAAO,KAAK,CAAC;YACd,CAAC;QACF,CAAC,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,eAAe,CAC7B,UAAkB,EAClB,QAAkB,EAClB,IAAa,EACb,OAAgB;QAEhB,MAAM,MAAM,GAAG,UAAU,KAAK,MAAM,IAAI,UAAU,KAAK,OAAO,CAAC;QAE/D,IAAI,MAAM,EAAE,CAAC;YACZ,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClC,IAAI,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,qBAAqB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACtD,CAAC;QACF,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAE7B,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAChC,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAEpD,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC5B,MAAM,IAAI,qBAAqB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACtD,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBAC7B,OAAO;YACR,CAAC;QACF,CAAC;QAED,IAAI,MAAM,EAAE,CAAC;YACZ,OAAO;QACR,CAAC;QAED,IAAI,iBAAiB,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,CAAC;YAC7C,OAAO;QACR,CAAC;QAED,MAAM,eAAe,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,KAAK,UAAU,eAAe,CAAC,UAAkB,EAAE,OAAe,EAAE,IAAa,EAAE,OAAgB;QAClG,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC5C,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACnD,MAAM,cAAc,GAAG,sBAAsB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YAEnE,MAAM,OAAO,GAAmB;gBAC/B,EAAE;gBACF,UAAU;gBACV,OAAO;gBACP,IAAI,EAAE,IAAI,IAAI,UAAU;gBACxB,OAAO,EAAE,OAAO,IAAI,OAAO;gBAC3B,MAAM,EAAE,cAAc;gBACtB,OAAO;gBACP,MAAM;aACN,CAAC;YAEF,eAAe,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YAEjC,QAAQ,EAAE,CAAC;gBACV,EAAE;gBACF,UAAU;gBACV,OAAO;gBACP,IAAI,EAAE,IAAI,IAAI,UAAU;gBACxB,OAAO,EAAE,OAAO,IAAI,OAAO;gBAC3B,MAAM,EAAE,cAAc;aACtB,CAAC,CAAC;YAEH,UAAU,CAAC,GAAG,EAAE;gBACf,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;oBAC7B,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;oBAC3B,MAAM,CAAC,IAAI,qBAAqB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;gBACxD,CAAC;YACF,CAAC,EAAE,MAAM,CAAC,CAAC;QACZ,CAAC,CAAC,CAAC;IACJ,CAAC;IAED,SAAS,gBAAgB,CAAC,EAAU,EAAE,QAA4B;QACjE,MAAM,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACxC,IAAI,CAAC,OAAO;YAAE,OAAO;QACrB,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAE3B,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAChC,OAAO,CAAC,MAAM,CAAC,IAAI,qBAAqB,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;YAC/E,OAAO;QACR,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAClC,KAAK,MAAM,aAAa,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;gBAC5C,eAAe,CAAC,IAAI,CAAC;oBACpB,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,OAAO,EAAE,aAAa;oBACtB,MAAM,EAAE,OAAO;iBACf,CAAC,CAAC;YACJ,CAAC;YAED,kBAAkB,EAAE,CAAC;YACrB,SAAS,EAAE,CAAC,eAAe,CAAC,CAAC;QAC9B,CAAC;QAED,OAAO,CAAC,OAAO,EAAE,CAAC;IACnB,CAAC;IAED,SAAS,kBAAkB;QAC1B,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;QAC7B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,eAAe,EAAE,CAAC;YAC5C,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC;YAC1G,IAAI,UAAU,EAAE,CAAC;gBAChB,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC5B,KAAK,CAAC,OAAO,EAAE,CAAC;YACjB,CAAC;QACF,CAAC;IACF,CAAC;IAED,SAAS,sBAAsB,CAAC,UAAkB,EAAE,OAAe;QAClE,IAAI,UAAU,KAAK,oBAAoB,EAAE,CAAC;YACzC,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAC7C,IAAI,GAAW,CAAC;YAChB,IAAI,CAAC;gBACJ,MAAM,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBAC9B,GAAG,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACR,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;YACzB,CAAC;YACD,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC;QACtC,CAAC;QAED,IAAI,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACrC,OAAO,CAAC,GAAG,CAAC,CAAC;QACd,CAAC;QAED,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACnC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBACvB,OAAO,CAAC,OAAO,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAChE,CAAC;YACD,OAAO,CAAC,GAAG,OAAO,IAAI,CAAC,CAAC;QACzB,CAAC;QAED,OAAO,CAAC,OAAO,CAAC,CAAC;IAClB,CAAC;IAED,SAAS,mBAAmB,CAC3B,QAAgB,EAChB,IAA6B;QAE7B,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,MAAM,aAAa,GAAa,EAAE,CAAC;QACnC,MAAM,YAAY,GAAa,EAAE,CAAC;QAElC,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAuB,CAAC;QAErF,IAAI,OAAO,EAAE,CAAC;YACb,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC3B,IAAI,CAAC;gBACJ,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;gBAClC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACvB,IAAI,CAAC,kBAAkB,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;oBACvC,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBAC5B,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACzB,CAAC;YACF,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACX,CAAC;QAED,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjD,MAAM,OAAO,GAAG,IAAI,CAAC,OAA6B,CAAC;YACnD,IAAI,OAAO,EAAE,CAAC;gBACb,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAChD,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;gBAC7B,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACrD,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBACvB,YAAY,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBAChD,CAAC;gBACD,YAAY,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBAEnC,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,GAAG,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBACvG,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC7B,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;wBAC/B,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;4BACxD,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACxB,CAAC;oBACF,CAAC;gBACF,CAAC;gBACD,KAAK,MAAM,EAAE,IAAI,gBAAgB,EAAE,CAAC;oBACnC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,CAAC;wBACvD,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBACvB,CAAC;gBACF,CAAC;YACF,CAAC;QACF,CAAC;QAED,IAAI,QAAQ,KAAK,WAAW,IAAI,QAAQ,KAAK,UAAU,EAAE,CAAC;YACzD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAyB,CAAC;YAC3C,IAAI,GAAG,EAAE,CAAC;gBACT,IAAI,CAAC;oBACJ,YAAY,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,CAAC;gBAC1C,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACX,CAAC;QACF,CAAC;QAED,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,aAAa,CAAuB,CAAC;YAClF,IAAI,QAAQ;gBAAE,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC;QAED,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1D,YAAY,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;QACpC,CAAC;QAED,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACxB,CAAC;QAED,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC;IACtD,CAAC;IAED,OAAO;QACN,cAAc;QACd,WAAW;QACX,YAAY;QACZ,aAAa;QACb,SAAS;QACT,eAAe;QACf,mBAAmB;QACnB,WAAW;QACX,WAAW;QACX,gBAAgB;QAChB,UAAU;QACV,iBAAiB;QACjB,IAAI,YAAY;YACf,OAAO,eAAe,CAAC,IAAI,CAAC;QAC7B,CAAC;KACD,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"path-safety.d.ts","sourceRoot":"","sources":["../../../src/security/path-safety.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,
|
|
1
|
+
{"version":3,"file":"path-safety.d.ts","sourceRoot":"","sources":["../../../src/security/path-safety.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAiBnD,UAAU,gBAAgB;IACzB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,qBAAa,UAAU;IACtB,OAAO,CAAC,OAAO,CAAW;IAC1B,OAAO,CAAC,OAAO,CAAW;gBAEd,MAAM,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC;IAK9C,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,GAAE,MAAsB,GAAG,gBAAgB;IAkBrE,OAAO,CAAC,SAAS;IAajB,OAAO,CAAC,SAAS;CAQjB"}
|
|
@@ -1,17 +1,17 @@
|
|
|
1
|
-
import { resolve, relative } from
|
|
2
|
-
import { matchWildcard } from
|
|
1
|
+
import { resolve, relative } from 'path';
|
|
2
|
+
import { matchWildcard } from './wildcard.js';
|
|
3
3
|
const DEFAULT_BLOCKED = [
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
4
|
+
'**/.ssh/**',
|
|
5
|
+
'**/.aws/credentials',
|
|
6
|
+
'**/.aws/config',
|
|
7
|
+
'**/.gnupg/**',
|
|
8
|
+
'**/.netrc',
|
|
9
|
+
'**/etc/shadow',
|
|
10
|
+
'**/etc/gshadow',
|
|
11
|
+
'**/etc/sudoers',
|
|
12
|
+
'**/.password-store/**',
|
|
13
|
+
'**/.docker/config.json',
|
|
14
|
+
'**/.kube/config',
|
|
15
15
|
];
|
|
16
16
|
export class PathSafety {
|
|
17
17
|
blocked;
|
|
@@ -21,8 +21,8 @@ export class PathSafety {
|
|
|
21
21
|
this.allowed = config?.allowedPaths ?? [];
|
|
22
22
|
}
|
|
23
23
|
check(rawPath, cwd = process.cwd()) {
|
|
24
|
-
if (rawPath.includes(
|
|
25
|
-
return { ok: false, reason:
|
|
24
|
+
if (rawPath.includes('\0')) {
|
|
25
|
+
return { ok: false, reason: 'Path contains null bytes' };
|
|
26
26
|
}
|
|
27
27
|
const resolved = resolve(cwd, rawPath);
|
|
28
28
|
if (this.isAllowed(resolved)) {
|
|
@@ -35,11 +35,11 @@ export class PathSafety {
|
|
|
35
35
|
}
|
|
36
36
|
isBlocked(fullPath) {
|
|
37
37
|
for (const pattern of this.blocked) {
|
|
38
|
-
if (matchWildcard(
|
|
38
|
+
if (matchWildcard('**/' + pattern, fullPath) || matchWildcard(pattern, fullPath)) {
|
|
39
39
|
return true;
|
|
40
40
|
}
|
|
41
|
-
const suffixIdx = pattern.replace(/^(\*\*\/)+/,
|
|
42
|
-
if (fullPath.replace(/\\/g,
|
|
41
|
+
const suffixIdx = pattern.replace(/^(\*\*\/)+/, '');
|
|
42
|
+
if (fullPath.replace(/\\/g, '/').endsWith('/' + suffixIdx)) {
|
|
43
43
|
return true;
|
|
44
44
|
}
|
|
45
45
|
}
|
|
@@ -47,7 +47,7 @@ export class PathSafety {
|
|
|
47
47
|
}
|
|
48
48
|
isAllowed(fullPath) {
|
|
49
49
|
for (const pattern of this.allowed) {
|
|
50
|
-
if (matchWildcard(pattern, fullPath) || matchWildcard(
|
|
50
|
+
if (matchWildcard(pattern, fullPath) || matchWildcard('**/' + pattern, fullPath)) {
|
|
51
51
|
return true;
|
|
52
52
|
}
|
|
53
53
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"path-safety.js","sourceRoot":"","sources":["../../../src/security/path-safety.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,
|
|
1
|
+
{"version":3,"file":"path-safety.js","sourceRoot":"","sources":["../../../src/security/path-safety.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AAEzC,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAE9C,MAAM,eAAe,GAAG;IACvB,YAAY;IACZ,qBAAqB;IACrB,gBAAgB;IAChB,cAAc;IACd,WAAW;IACX,eAAe;IACf,gBAAgB;IAChB,gBAAgB;IAChB,uBAAuB;IACvB,wBAAwB;IACxB,iBAAiB;CACjB,CAAC;AAOF,MAAM,OAAO,UAAU;IACd,OAAO,CAAW;IAClB,OAAO,CAAW;IAE1B,YAAY,MAAkC;QAC7C,IAAI,CAAC,OAAO,GAAG,MAAM,EAAE,YAAY,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC;QAC5D,IAAI,CAAC,OAAO,GAAG,MAAM,EAAE,YAAY,IAAI,EAAE,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,OAAe,EAAE,MAAc,OAAO,CAAC,GAAG,EAAE;QACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;QAC1D,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAEvC,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,QAAQ,EAAE,CAAC;QAC/F,CAAC;QAED,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,oCAAoC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,QAAQ,EAAE,EAAE,CAAC;QACzG,CAAC;QAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,QAAQ,EAAE,CAAC;IAC/F,CAAC;IAEO,SAAS,CAAC,QAAgB;QACjC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACpC,IAAI,aAAa,CAAC,KAAK,GAAG,OAAO,EAAE,QAAQ,CAAC,IAAI,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;gBAClF,OAAO,IAAI,CAAC;YACb,CAAC;YACD,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;YACpD,IAAI,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,QAAQ,CAAC,GAAG,GAAG,SAAS,CAAC,EAAE,CAAC;gBAC5D,OAAO,IAAI,CAAC;YACb,CAAC;QACF,CAAC;QACD,OAAO,KAAK,CAAC;IACd,CAAC;IAEO,SAAS,CAAC,QAAgB;QACjC,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACpC,IAAI,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,aAAa,CAAC,KAAK,GAAG,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;gBAClF,OAAO,IAAI,CAAC;YACb,CAAC;QACF,CAAC;QACD,OAAO,KAAK,CAAC;IACd,CAAC;CACD"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { Rule, Ruleset, PermissionConfig } from
|
|
1
|
+
import type { Rule, Ruleset, PermissionConfig } from './types.js';
|
|
2
2
|
export declare function evaluate(permission: string, pattern: string, ...rulesets: Ruleset[]): Rule;
|
|
3
3
|
export declare function fromConfig(config: PermissionConfig): Ruleset;
|
|
4
4
|
export declare function merge(...rulesets: Ruleset[]): Ruleset;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../../src/security/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAoB,gBAAgB,EAAE,MAAM,YAAY,
|
|
1
|
+
{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../../src/security/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAoB,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAGpF,wBAAgB,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,OAAO,EAAE,GAAG,IAAI,CAM1F;AAED,wBAAgB,UAAU,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAc5D;AAED,wBAAgB,KAAK,CAAC,GAAG,QAAQ,EAAE,OAAO,EAAE,GAAG,OAAO,CAErD;AAID,wBAAgB,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,CAW3E;AAED,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAE/D"}
|
|
@@ -1,16 +1,18 @@
|
|
|
1
|
-
import { matchWildcard } from
|
|
1
|
+
import { matchWildcard } from './wildcard.js';
|
|
2
2
|
export function evaluate(permission, pattern, ...rulesets) {
|
|
3
3
|
const rules = rulesets.flat();
|
|
4
|
-
const match = [...rules]
|
|
5
|
-
|
|
4
|
+
const match = [...rules]
|
|
5
|
+
.reverse()
|
|
6
|
+
.find((rule) => matchWildcard(rule.permission, permission) && matchWildcard(rule.pattern, pattern));
|
|
7
|
+
return match ?? { permission, pattern: '*', action: 'ask' };
|
|
6
8
|
}
|
|
7
9
|
export function fromConfig(config) {
|
|
8
10
|
const ruleset = [];
|
|
9
11
|
for (const [key, value] of Object.entries(config)) {
|
|
10
|
-
if (typeof value ===
|
|
11
|
-
ruleset.push({ permission: key, pattern:
|
|
12
|
+
if (typeof value === 'string') {
|
|
13
|
+
ruleset.push({ permission: key, pattern: '*', action: value });
|
|
12
14
|
}
|
|
13
|
-
else if (typeof value ===
|
|
15
|
+
else if (typeof value === 'object' && value !== null) {
|
|
14
16
|
for (const [pattern, action] of Object.entries(value)) {
|
|
15
17
|
ruleset.push({ permission: key, pattern, action });
|
|
16
18
|
}
|
|
@@ -21,21 +23,21 @@ export function fromConfig(config) {
|
|
|
21
23
|
export function merge(...rulesets) {
|
|
22
24
|
return rulesets.flat();
|
|
23
25
|
}
|
|
24
|
-
const WRITE_TOOL_NAMES = [
|
|
26
|
+
const WRITE_TOOL_NAMES = ['edit', 'write', 'apply_patch'];
|
|
25
27
|
export function disabled(toolNames, ruleset) {
|
|
26
28
|
const result = new Set();
|
|
27
29
|
for (const tool of toolNames) {
|
|
28
|
-
const permission = WRITE_TOOL_NAMES.includes(tool) ?
|
|
30
|
+
const permission = WRITE_TOOL_NAMES.includes(tool) ? 'write' : tool;
|
|
29
31
|
const rule = [...ruleset].reverse().find((r) => matchWildcard(r.permission, permission));
|
|
30
32
|
if (!rule)
|
|
31
33
|
continue;
|
|
32
|
-
if (rule.pattern ===
|
|
34
|
+
if (rule.pattern === '*' && rule.action === 'deny') {
|
|
33
35
|
result.add(tool);
|
|
34
36
|
}
|
|
35
37
|
}
|
|
36
38
|
return result;
|
|
37
39
|
}
|
|
38
40
|
export function getCanonicalPermission(toolName) {
|
|
39
|
-
return WRITE_TOOL_NAMES.includes(toolName) ?
|
|
41
|
+
return WRITE_TOOL_NAMES.includes(toolName) ? 'write' : toolName;
|
|
40
42
|
}
|
|
41
43
|
//# sourceMappingURL=permissions.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissions.js","sourceRoot":"","sources":["../../../src/security/permissions.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,
|
|
1
|
+
{"version":3,"file":"permissions.js","sourceRoot":"","sources":["../../../src/security/permissions.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAE9C,MAAM,UAAU,QAAQ,CAAC,UAAkB,EAAE,OAAe,EAAE,GAAG,QAAmB;IACnF,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC9B,MAAM,KAAK,GAAG,CAAC,GAAG,KAAK,CAAC;SACtB,OAAO,EAAE;SACT,IAAI,CAAC,CAAC,IAAU,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IAC3G,OAAO,KAAK,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,MAAwB;IAClD,MAAM,OAAO,GAAY,EAAE,CAAC;IAE5B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAO,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,KAAyB,EAAE,CAAC,CAAC;QACpF,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACxD,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAyC,CAAC,EAAE,CAAC;gBAC3F,OAAO,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;YACpD,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,OAAO,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,KAAK,CAAC,GAAG,QAAmB;IAC3C,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC;AACxB,CAAC;AAED,MAAM,gBAAgB,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;AAE1D,MAAM,UAAU,QAAQ,CAAC,SAAmB,EAAE,OAAgB;IAC7D,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC9B,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;QACpE,MAAM,IAAI,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,CAAO,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;QAC/F,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,IAAI,IAAI,CAAC,OAAO,KAAK,GAAG,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACpD,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClB,CAAC;IACF,CAAC;IACD,OAAO,MAAM,CAAC;AACf,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,QAAgB;IACtD,OAAO,gBAAgB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;AACjE,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import type { WriteGuardResult } from
|
|
2
|
-
type WriteGuardMode =
|
|
1
|
+
import type { WriteGuardResult } from './types.js';
|
|
2
|
+
type WriteGuardMode = 'soft' | 'strict' | 'off';
|
|
3
3
|
export declare class ReadTracker {
|
|
4
4
|
private readPaths;
|
|
5
5
|
private writtenPaths;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"read-tracker.d.ts","sourceRoot":"","sources":["../../../src/security/read-tracker.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,
|
|
1
|
+
{"version":3,"file":"read-tracker.d.ts","sourceRoot":"","sources":["../../../src/security/read-tracker.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAGnD,KAAK,cAAc,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAEhD,qBAAa,WAAW;IACvB,OAAO,CAAC,SAAS,CAAqB;IACtC,OAAO,CAAC,YAAY,CAAqB;IACzC,OAAO,CAAC,WAAW,CAAqB;IACxC,OAAO,CAAC,IAAI,CAAiB;IAC7B,OAAO,CAAC,OAAO,CAAc;gBAEjB,MAAM,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,cAAc,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE;IAKlE,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,GAAE,MAAsB,GAAG,IAAI;IAO/D,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,GAAE,MAAsB,GAAG,IAAI;IAOhE,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,GAAE,MAAsB,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,gBAAgB;IA0C9F,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,GAAE,MAAsB,GAAG,OAAO;IAIjE,KAAK,IAAI,IAAI;CAKb"}
|