@neurosec/sentry 1.0.0

package/dist/discovery.js

@@ -0,0 +1,279 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.discoverProcesses = discoverProcesses;
+exports.detectHighRiskChildren = detectHighRiskChildren;
+const promises_1 = __importDefault(require("fs/promises"));
+const types_1 = require("./types");
+const logger_1 = require("./logger");
+const FRAMEWORK_SIGNATURES = [
+    {
+        id: 'langchain',
+        name: 'LangChain',
+        packagePatterns: ['langchain', '@langchain/'],
+        importRegexes: [/from\s+langchain\b/i, /import\s+langchain\b/i, /from\s+['"]@langchain\//i],
+        envKeys: ['LANGCHAIN_API_KEY', 'LANGCHAIN_TRACING_V2'],
+        manifestFiles: [],
+        processRegexes: [/langchain/i],
+    },
+    {
+        id: 'langgraph',
+        name: 'LangGraph',
+        packagePatterns: ['langgraph'],
+        importRegexes: [/from\s+langgraph\b/i, /import\s+langgraph\b/i],
+        envKeys: [],
+        manifestFiles: [],
+        processRegexes: [/langgraph\s+dev/i, /langgraph/i],
+    },
+    {
+        id: 'crewai',
+        name: 'CrewAI',
+        packagePatterns: ['crewai'],
+        importRegexes: [/from\s+crewai\b/i, /import\s+crewai\b/i],
+        envKeys: [],
+        manifestFiles: ['agents.yaml'],
+        processRegexes: [/python\s+-m\s+crewai/i, /crewai/i],
+    },
+    {
+        id: 'autogen',
+        name: 'AutoGen',
+        packagePatterns: ['autogen', 'pyautogen'],
+        importRegexes: [/from\s+autogen\b/i, /import\s+autogen\b/i],
+        envKeys: [],
+        manifestFiles: [],
+        processRegexes: [/autogen/i],
+    },
+    {
+        id: 'semantic-kernel',
+        name: 'Semantic Kernel',
+        packagePatterns: ['semantic-kernel', 'microsoft.semantickernel', '@microsoft/semantic-kernel'],
+        importRegexes: [/semantic_kernel/i, /@microsoft\/semantic-kernel/i, /Microsoft\.SemanticKernel/i],
+        envKeys: [],
+        manifestFiles: [],
+        processRegexes: [/semantic/i],
+    },
+    {
+        id: 'dspy',
+        name: 'DSPy',
+        packagePatterns: ['dspy', 'dspy-ai'],
+        importRegexes: [/import\s+dspy\b/i, /from\s+dspy\b/i],
+        envKeys: [],
+        manifestFiles: [],
+        processRegexes: [/dspy/i],
+    },
+    {
+        id: 'haystack',
+        name: 'Haystack',
+        packagePatterns: ['haystack-ai', 'farm-haystack'],
+        importRegexes: [/from\s+haystack\b/i, /import\s+haystack\b/i],
+        envKeys: [],
+        manifestFiles: [],
+        processRegexes: [/haystack/i],
+    },
+    {
+        id: 'mcp-server',
+        name: 'MCP Server',
+        packagePatterns: ['@modelcontextprotocol/sdk', 'modelcontextprotocol'],
+        importRegexes: [/modelcontextprotocol/i, /MCP_SERVER_/i],
+        envKeys: ['MCP_SERVER_NAME', 'MCP_SERVER_PORT', 'MCP_SERVER_TRANSPORT'],
+        manifestFiles: ['mcp.json', 'claude_desktop_config.json'],
+        processRegexes: [/mcp/i],
+    },
+    {
+        id: 'claude-code',
+        name: 'Claude Code',
+        packagePatterns: [],
+        importRegexes: [/claude_desktop_config\.json/i],
+        envKeys: [],
+        manifestFiles: ['claude_desktop_config.json'],
+        processRegexes: [/claude/i],
+    },
+    {
+        id: 'aider',
+        name: 'Aider',
+        packagePatterns: ['aider-chat', 'aider'],
+        importRegexes: [/aider/i],
+        envKeys: [],
+        manifestFiles: [],
+        processRegexes: [/aider/i],
+    },
+    {
+        id: 'openai-assistants',
+        name: 'OpenAI Assistants',
+        packagePatterns: [],
+        importRegexes: [/client\.beta\.assistants/i, /assistants\.create/i],
+        envKeys: [],
+        manifestFiles: [],
+        processRegexes: [],
+    },
+];
+const HIGH_RISK_PROCESS_PATTERNS = [
+    /sudo/i, /pkexec/i, /su\s/, /doas/i,
+    /chmod\s+777/i, /chown/i,
+    /rm\s+-rf/i, /mkfs/i, /dd\s+if/i,
+    /nc\s/, /ncat/i, /netcat/i,
+    /bash\s+-c\s+.*curl/i, /bash\s+-c\s+.*wget/i,
+    /perl\s+-e/i, /python\s+-c\s+.*import/i,
+    /openssl\s+s_client/i,
+    /ssh\s+-R/i,
+    /iptables/i, /nft/i,
+    /tcpdump/i, /tshark/i,
+    /nmap/i, /masscan/i,
+    /gdb\s/, /lldb\s/, /strace/i, /dtrace/i,
+];
+function matchByEnvKeys(env) {
+    const matched = [];
+    const keys = Object.keys(env);
+    for (const sig of FRAMEWORK_SIGNATURES) {
+        if (sig.envKeys.length > 0 && sig.envKeys.some(ek => keys.includes(ek))) {
+            matched.push(sig);
+        }
+    }
+    return matched;
+}
+function matchByProcessCommand(command) {
+    const matched = [];
+    for (const sig of FRAMEWORK_SIGNATURES) {
+        if (sig.processRegexes.length > 0 && sig.processRegexes.some(re => re.test(command))) {
+            matched.push(sig);
+        }
+    }
+    return matched;
+}
+async function getPidEnv(pid) {
+    const env = {};
+    try {
+        const content = await promises_1.default.readFile(`/proc/${pid}/environ`, 'utf8');
+        const parts = content.split('\u0000').filter(Boolean);
+        for (const part of parts) {
+            const eqIdx = part.indexOf('=');
+            if (eqIdx > 0) {
+                env[part.slice(0, eqIdx)] = part.slice(eqIdx + 1);
+            }
+        }
+    }
+    catch {
+        // no /proc or permission denied
+    }
+    return env;
+}
+async function getPidCmdline(pid) {
+    try {
+        const content = await promises_1.default.readFile(`/proc/${pid}/cmdline`, 'utf8');
+        return content.replace(/\u0000/g, ' ').trim();
+    }
+    catch {
+        return '';
+    }
+}
+async function getPidExe(pid) {
+    try {
+        return await promises_1.default.readlink(`/proc/${pid}/exe`);
+    }
+    catch {
+        return '';
+    }
+}
+async function getPidUid(pid) {
+    try {
+        const status = await promises_1.default.readFile(`/proc/${pid}/status`, 'utf8');
+        const match = status.match(/^Uid:\s+(\d+)/m);
+        return match ? parseInt(match[1], 10) : 0;
+    }
+    catch {
+        return 0;
+    }
+}
+function matchFrameworkSignatures(command, env) {
+    const byEnv = matchByEnvKeys(env);
+    const byCommand = matchByProcessCommand(command);
+    const all = [...new Set([...byEnv, ...byCommand])];
+    if (all.length === 0)
+        return null;
+    const best = all.reduce((a, b) => {
+        const aScore = (byEnv.includes(a) ? 0.3 : 0) + (byCommand.includes(a) ? 0.4 : 0);
+        const bScore = (byEnv.includes(b) ? 0.3 : 0) + (byCommand.includes(b) ? 0.4 : 0);
+        return bScore > aScore ? b : a;
+    });
+    let confidence = byEnv.includes(best) ? 0.6 : 0.4;
+    if (byCommand.includes(best))
+        confidence += 0.3;
+    confidence = Math.min(confidence, 0.95);
+    return { frameworkId: best.id, frameworkName: best.name, confidence };
+}
+function findSandboxProfile(frameworkId) {
+    for (const profile of types_1.AGENT_SANDBOX_PROFILES) {
+        if (profile.frameworkIds.includes(frameworkId)) {
+            return profile.name;
+        }
+    }
+    return null;
+}
+function isHighRiskCommand(command) {
+    return HIGH_RISK_PROCESS_PATTERNS.some(re => re.test(command));
+}
+async function discoverProcesses(config) {
+    const tagged = [];
+    try {
+        await promises_1.default.access('/proc');
+    }
+    catch {
+        logger_1.logger.warn('/proc not available — process discovery requires Linux with /proc mounted');
+        return tagged;
+    }
+    const entries = await promises_1.default.readdir('/proc');
+    const selfPid = process.pid;
+    for (const entry of entries) {
+        if (!/^\d+$/.test(entry))
+            continue;
+        const pid = parseInt(entry, 10);
+        if (pid === selfPid || pid === 1 || pid === 2)
+            continue;
+        const [command, exePath, env, uid] = await Promise.all([
+            getPidCmdline(pid),
+            getPidExe(pid),
+            getPidEnv(pid),
+            getPidUid(pid),
+        ]);
+        if (!command)
+            continue;
+        const ppidStr = await promises_1.default.readFile(`/proc/${pid}/status`, 'utf8')
+            .then(s => s.match(/^PPid:\s+(\d+)/m)?.[1])
+            .catch(() => undefined);
+        const match = matchFrameworkSignatures(command, env);
+        if (!match)
+            continue;
+        const isHighRisk = isHighRiskCommand(command);
+        tagged.push({
+            pid,
+            ppid: ppidStr ? parseInt(ppidStr, 10) : 0,
+            frameworkId: match.frameworkId,
+            frameworkName: match.frameworkName,
+            command: command.slice(0, 500),
+            exePath: exePath.slice(0, 255),
+            confidence: isHighRisk ? Math.min(match.confidence + 0.1, 0.99) : match.confidence,
+            envKeys: Object.keys(env).slice(0, 20),
+            discoveredAt: Date.now(),
+            sandboxed: false,
+            sandboxProfileName: findSandboxProfile(match.frameworkId),
+            uid,
+            gid: uid,
+        });
+    }
+    logger_1.logger.info('Process discovery complete', { tagged: tagged.length });
+    return tagged;
+}
+function detectHighRiskChildren(taggedProcesses) {
+    const pidSet = new Set(taggedProcesses.map(p => p.pid));
+    return taggedProcesses.filter(p => {
+        if (p.frameworkId === 'unknown')
+            return false;
+        if (pidSet.has(p.ppid) && taggedProcesses.some(parent => parent.pid === p.ppid)) {
+            return true;
+        }
+        return false;
+    });
+}
+//# sourceMappingURL=discovery.js.map

package/dist/discovery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery.js","sourceRoot":"","sources":["../src/discovery.ts"],"names":[],"mappings":";;;;;AA2OA,8CAuDC;AAED,wDASC;AA7SD,2DAA6B;AAI7B,mCAAgE;AAChE,qCAAkC;AAYlC,MAAM,oBAAoB,GAAyB;IACjD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,WAAW;QACjB,eAAe,EAAE,CAAC,WAAW,EAAE,aAAa,CAAC;QAC7C,aAAa,EAAE,CAAC,qBAAqB,EAAE,uBAAuB,EAAE,0BAA0B,CAAC;QAC3F,OAAO,EAAE,CAAC,mBAAmB,EAAE,sBAAsB,CAAC;QACtD,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,CAAC,YAAY,CAAC;KAC/B;IACD;QACE,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,WAAW;QACjB,eAAe,EAAE,CAAC,WAAW,CAAC;QAC9B,aAAa,EAAE,CAAC,qBAAqB,EAAE,uBAAuB,CAAC;QAC/D,OAAO,EAAE,EAAE;QACX,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,CAAC,kBAAkB,EAAE,YAAY,CAAC;KACnD;IACD;QACE,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,QAAQ;QACd,eAAe,EAAE,CAAC,QAAQ,CAAC;QAC3B,aAAa,EAAE,CAAC,kBAAkB,EAAE,oBAAoB,CAAC;QACzD,OAAO,EAAE,EAAE;QACX,aAAa,EAAE,CAAC,aAAa,CAAC;QAC9B,cAAc,EAAE,CAAC,uBAAuB,EAAE,SAAS,CAAC;KACrD;IACD;QACE,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,SAAS;QACf,eAAe,EAAE,CAAC,SAAS,EAAE,WAAW,CAAC;QACzC,aAAa,EAAE,CAAC,mBAAmB,EAAE,qBAAqB,CAAC;QAC3D,OAAO,EAAE,EAAE;QACX,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,CAAC,UAAU,CAAC;KAC7B;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,iBAAiB;QACvB,eAAe,EAAE,CAAC,iBAAiB,EAAE,0BAA0B,EAAE,4BAA4B,CAAC;QAC9F,aAAa,EAAE,CAAC,kBAAkB,EAAE,8BAA8B,EAAE,4BAA4B,CAAC;QACjG,OAAO,EAAE,EAAE;QACX,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,CAAC,WAAW,CAAC;KAC9B;IACD;QACE,EAAE,EAAE,MAAM;QACV,IAAI,EAAE,MAAM;QACZ,eAAe,EAAE,CAAC,MAAM,EAAE,SAAS,CAAC;QACpC,aAAa,EAAE,CAAC,kBAAkB,EAAE,gBAAgB,CAAC;QACrD,OAAO,EAAE,EAAE;QACX,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,CAAC,OAAO,CAAC;KAC1B;IACD;QACE,EAAE,EAAE,UAAU;QACd,IAAI,EAAE,UAAU;QAChB,eAAe,EAAE,CAAC,aAAa,EAAE,eAAe,CAAC;QACjD,aAAa,EAAE,CAAC,oBAAoB,EAAE,sBAAsB,CAAC;QAC7D,OAAO,EAAE,EAAE;QACX,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,CAAC,WAAW,CAAC;KAC9B;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,YAAY;QAClB,eAAe,EAAE,CAAC,2BAA2B,EAAE,sBAAsB,CAAC;QACtE,aAAa,EAAE,CAAC,uBAAuB,EAAE,cAAc,CAAC;QACxD,OAAO,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,EAAE,sBAAsB,CAAC;QACvE,aAAa,EAAE,CAAC,UAAU,EAAE,4BAA4B,CAAC;QACzD,cAAc,EAAE,CAAC,MAAM,CAAC;KACzB;IACD;QACE,EAAE,EAAE,aAAa;QACjB,IAAI,EAAE,aAAa;QACnB,eAAe,EAAE,EAAE;QACnB,aAAa,EAAE,CAAC,8BAA8B,CAAC;QAC/C,OAAO,EAAE,EAAE;QACX,aAAa,EAAE,CAAC,4BAA4B,CAAC;QAC7C,cAAc,EAAE,CAAC,SAAS,CAAC;KAC5B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,OAAO;QACb,eAAe,EAAE,CAAC,YAAY,EAAE,OAAO,CAAC;QACxC,aAAa,EAAE,CAAC,QAAQ,CAAC;QACzB,OAAO,EAAE,EAAE;QACX,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,CAAC,QAAQ,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,mBAAmB;QACzB,eAAe,EAAE,EAAE;QACnB,aAAa,EAAE,CAAC,2BAA2B,EAAE,qBAAqB,CAAC;QACnE,OAAO,EAAE,EAAE;QACX,aAAa,EAAE,EAAE;QACjB,cAAc,EAAE,EAAE;KACnB;CACF,CAAC;AAEF,MAAM,0BAA0B,GAAG;IACjC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO;IACnC,cAAc,EAAE,QAAQ;IACxB,WAAW,EAAE,OAAO,EAAE,UAAU;IAChC,MAAM,EAAE,OAAO,EAAE,SAAS;IAC1B,qBAAqB,EAAE,qBAAqB;IAC5C,YAAY,EAAE,yBAAyB;IACvC,qBAAqB;IACrB,WAAW;IACX,WAAW,EAAE,MAAM;IACnB,UAAU,EAAE,SAAS;IACrB,OAAO,EAAE,UAAU;IACnB,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS;CACxC,CAAC;AAEF,SAAS,cAAc,CAAC,GAAuC;IAC7D,MAAM,OAAO,GAAyB,EAAE,CAAC;IACzC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC9B,KAAK,MAAM,GAAG,IAAI,oBAAoB,EAAE,CAAC;QACvC,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACxE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAe;IAC5C,MAAM,OAAO,GAAyB,EAAE,CAAC;IACzC,KAAK,MAAM,GAAG,IAAI,oBAAoB,EAAE,CAAC;QACvC,IAAI,GAAG,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,IAAI,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YACrF,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,GAAW;IAClC,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,SAAS,GAAG,UAAU,EAAE,MAAM,CAAC,CAAC;QAClE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACtD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBACd,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,GAAW;IACtC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,SAAS,GAAG,UAAU,EAAE,MAAM,CAAC,CAAC;QAClE,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,OAAO,MAAM,kBAAE,CAAC,QAAQ,CAAC,SAAS,GAAG,MAAM,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,GAAW;IAClC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,SAAS,GAAG,SAAS,EAAE,MAAM,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAC7C,OAAO,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAC/B,OAAe,EACf,GAA2B;IAE3B,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,GAAG,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,KAAK,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;IACnD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAElC,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC/B,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACjF,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACjF,OAAO,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,IAAI,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAClD,IAAI,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,UAAU,IAAI,GAAG,CAAC;IAChD,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IAExC,OAAO,EAAE,WAAW,EAAE,IAAI,CAAC,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,CAAC;AACxE,CAAC;AAED,SAAS,kBAAkB,CAAC,WAAmB;IAC7C,KAAK,MAAM,OAAO,IAAI,8BAAsB,EAAE,CAAC;QAC7C,IAAI,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,OAAO,OAAO,CAAC,IAAI,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAe;IACxC,OAAO,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;AACjE,CAAC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAoB;IAC1D,MAAM,MAAM,GAAoB,EAAE,CAAC;IAEnC,IAAI,CAAC;QACH,MAAM,kBAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,eAAM,CAAC,IAAI,CAAC,2EAA2E,CAAC,CAAC;QACzF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,kBAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC;IAE5B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,SAAS;QACnC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAChC,IAAI,GAAG,KAAK,OAAO,IAAI,GAAG,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC;YAAE,SAAS;QAExD,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACrD,aAAa,CAAC,GAAG,CAAC;YAClB,SAAS,CAAC,GAAG,CAAC;YACd,SAAS,CAAC,GAAG,CAAC;YACd,SAAS,CAAC,GAAG,CAAC;SACf,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,MAAM,OAAO,GAAG,MAAM,kBAAE,CAAC,QAAQ,CAAC,SAAS,GAAG,SAAS,EAAE,MAAM,CAAC;aAC7D,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;aAC1C,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAE1B,MAAM,KAAK,GAAG,wBAAwB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACrD,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAE9C,MAAM,CAAC,IAAI,CAAC;YACV,GAAG;YACH,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACzC,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,aAAa,EAAE,KAAK,CAAC,aAAa;YAClC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC9B,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC9B,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,GAAG,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU;YAClF,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACtC,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE;YACxB,SAAS,EAAE,KAAK;YAChB,kBAAkB,EAAE,kBAAkB,CAAC,KAAK,CAAC,WAAW,CAAC;YACzD,GAAG;YACH,GAAG,EAAE,GAAG;SACT,CAAC,CAAC;IACL,CAAC;IAED,eAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACrE,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,sBAAsB,CAAC,eAAgC;IACrE,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACxD,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;QAChC,IAAI,CAAC,CAAC,WAAW,KAAK,SAAS;YAAE,OAAO,KAAK,CAAC;QAC9C,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YAChF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/enforcement/enforcement-engine.d.ts

@@ -0,0 +1,37 @@
+import { SentryConfig } from '../config';
+import { TaggedProcess, FileAccessEvent, NetworkEvent, SyscallEvent, EnforcementDecision } from '../types';
+import { AuditLogger } from '../audit';
+export declare class EnforcementEngine {
+    private config;
+    private decisions;
+    private decisionsDenied;
+    private taggedProcesses;
+    private auditLogger;
+    constructor(config: SentryConfig, auditLogger?: AuditLogger);
+    updateTaggedProcesses(processes: TaggedProcess[]): void;
+    getTaggedProcess(pid: number): TaggedProcess | null;
+    evaluateFileAccess(event: Omit<FileAccessEvent, 'decision' | 'timestamp'>): EnforcementDecision;
+    evaluateNetworkAccess(event: Omit<NetworkEvent, 'decision' | 'timestamp'>): EnforcementDecision;
+    evaluateSyscall(event: Omit<SyscallEvent, 'decision' | 'timestamp'>): EnforcementDecision;
+    evaluateSkillAuthz(frameworkId: string | null, skillName: string, pid: number, context: Record<string, unknown>): {
+        action: 'allow' | 'deny' | 'require_approval';
+        reason: string;
+        riskScore: number;
+    };
+    getStats(): {
+        total: number;
+        denied: number;
+        quarantined: number;
+    };
+    getRecentDecisions(limit?: number): EnforcementDecision[];
+    private recordDecision;
+    private decideFileAccess;
+    private decideNetworkAccess;
+    private isSyscallBlocked;
+    private findProfile;
+    private scoreSkillRisk;
+    private buildFileAccessReason;
+    private buildNetworkAccessReason;
+    private isPrivateIp;
+}
+//# sourceMappingURL=enforcement-engine.d.ts.map

package/dist/enforcement/enforcement-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"enforcement-engine.d.ts","sourceRoot":"","sources":["../../src/enforcement/enforcement-engine.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EACL,aAAa,EACb,eAAe,EACf,YAAY,EACZ,YAAY,EACZ,mBAAmB,EAKpB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAsBvC,qBAAa,iBAAiB;IAO1B,OAAO,CAAC,MAAM;IANhB,OAAO,CAAC,SAAS,CAA6B;IAC9C,OAAO,CAAC,eAAe,CAAK;IAC5B,OAAO,CAAC,eAAe,CAAyC;IAChE,OAAO,CAAC,WAAW,CAAc;gBAGvB,MAAM,EAAE,YAAY,EAC5B,WAAW,CAAC,EAAE,WAAW;IAK3B,qBAAqB,CAAC,SAAS,EAAE,aAAa,EAAE,GAAG,IAAI;IAOvD,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI;IAInD,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,eAAe,EAAE,UAAU,GAAG,WAAW,CAAC,GAAG,mBAAmB;IAuB/F,qBAAqB,CAAC,KAAK,EAAE,IAAI,CAAC,YAAY,EAAE,UAAU,GAAG,WAAW,CAAC,GAAG,mBAAmB;IAwB/F,eAAe,CAAC,KAAK,EAAE,IAAI,CAAC,YAAY,EAAE,UAAU,GAAG,WAAW,CAAC,GAAG,mBAAmB;IA8BzF,kBAAkB,CAChB,WAAW,EAAE,MAAM,GAAG,IAAI,EAC1B,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,MAAM,EACX,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B;QAAE,MAAM,EAAE,OAAO,GAAG,MAAM,GAAG,kBAAkB,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE;IA4BvF,QAAQ,IAAI;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAQlE,kBAAkB,CAAC,KAAK,SAAM,GAAG,mBAAmB,EAAE;IAItD,OAAO,CAAC,cAAc;IAkCtB,OAAO,CAAC,gBAAgB;IA+BxB,OAAO,CAAC,mBAAmB;IAoC3B,OAAO,CAAC,gBAAgB;IAUxB,OAAO,CAAC,WAAW;IAOnB,OAAO,CAAC,cAAc;IAiCtB,OAAO,CAAC,qBAAqB;IAa7B,OAAO,CAAC,wBAAwB;IAchC,OAAO,CAAC,WAAW;CAUpB"}

package/dist/enforcement/enforcement-engine.js

@@ -0,0 +1,325 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnforcementEngine = void 0;
+const uuid_1 = require("uuid");
+const os_1 = __importDefault(require("os"));
+const types_1 = require("../types");
+const logger_1 = require("../logger");
+const audit_1 = require("../audit");
+function matchGlob(pattern, target) {
+    if (pattern.endsWith('/**')) {
+        const prefix = pattern.slice(0, -3);
+        return target.startsWith(prefix);
+    }
+    if (pattern.endsWith('*')) {
+        const prefix = pattern.slice(0, -1);
+        return target.startsWith(prefix);
+    }
+    return target === pattern;
+}
+function matchHostname(hostPattern, hostname) {
+    if (hostPattern.startsWith('*.')) {
+        const suffix = hostPattern.slice(1);
+        return hostname.endsWith(suffix);
+    }
+    return hostname === hostPattern;
+}
+class EnforcementEngine {
+    constructor(config, auditLogger) {
+        this.config = config;
+        this.decisions = [];
+        this.decisionsDenied = 0;
+        this.taggedProcesses = new Map();
+        this.auditLogger = auditLogger ?? new audit_1.AuditLogger(config);
+    }
+    updateTaggedProcesses(processes) {
+        this.taggedProcesses.clear();
+        for (const p of processes) {
+            this.taggedProcesses.set(p.pid, p);
+        }
+    }
+    getTaggedProcess(pid) {
+        return this.taggedProcesses.get(pid) ?? null;
+    }
+    evaluateFileAccess(event) {
+        const frameworkId = event.frameworkId;
+        const decision = this.decideFileAccess(event.pid, event.targetPath, event.operation, frameworkId);
+        const result = {
+            id: (0, uuid_1.v4)(),
+            type: 'file_access',
+            action: decision,
+            reason: this.buildFileAccessReason(event, decision),
+            frameworkId: event.frameworkId,
+            pid: event.pid,
+            detail: {
+                targetPath: event.targetPath,
+                operation: event.operation,
+                processPath: event.processPath,
+            },
+            timestamp: Date.now(),
+        };
+        this.recordDecision(result);
+        return result;
+    }
+    evaluateNetworkAccess(event) {
+        const frameworkId = event.frameworkId;
+        const decision = this.decideNetworkAccess(event.pid, event.destIp, event.destPort, event.hostname, frameworkId);
+        const result = {
+            id: (0, uuid_1.v4)(),
+            type: 'network',
+            action: decision,
+            reason: this.buildNetworkAccessReason(event, decision),
+            frameworkId: event.frameworkId,
+            pid: event.pid,
+            detail: {
+                destIp: event.destIp,
+                destPort: event.destPort,
+                hostname: event.hostname,
+                direction: event.direction,
+            },
+            timestamp: Date.now(),
+        };
+        this.recordDecision(result);
+        return result;
+    }
+    evaluateSyscall(event) {
+        const frameworkId = event.frameworkId;
+        const isBlocked = this.isSyscallBlocked(event.syscall, frameworkId);
+        let decision = 'allow';
+        if (isBlocked && this.config.enforcement.mode === 'enforce') {
+            decision = 'deny';
+        }
+        else if (isBlocked && this.config.enforcement.mode === 'quarantine') {
+            decision = 'quarantine';
+        }
+        else if (isBlocked) {
+            decision = 'allow';
+        }
+        const result = {
+            id: (0, uuid_1.v4)(),
+            type: 'syscall',
+            action: decision,
+            reason: isBlocked
+                ? `Blocked syscall '${event.syscall}' for ${frameworkId ?? 'unknown'} agent`
+                : `Allowed syscall '${event.syscall}'`,
+            frameworkId: event.frameworkId,
+            pid: event.pid,
+            detail: { syscall: event.syscall, ...event.details },
+            timestamp: Date.now(),
+        };
+        this.recordDecision(result);
+        return result;
+    }
+    evaluateSkillAuthz(frameworkId, skillName, pid, context) {
+        const riskScore = this.scoreSkillRisk(skillName, context);
+        let action;
+        let reason;
+        if (this.config.skillAuthz.requireApproval.some(s => skillName.toLowerCase().includes(s.toLowerCase()))) {
+            action = 'require_approval';
+            reason = `Skill '${skillName}' requires interactive approval`;
+        }
+        else if (riskScore >= 75 && this.config.enforcement.mode !== 'monitor') {
+            action = 'deny';
+            reason = `Skill '${skillName}' exceeds risk threshold (${riskScore}/100)`;
+        }
+        else if (riskScore >= 50 && this.config.enforcement.mode === 'enforce') {
+            action = 'require_approval';
+            reason = `Skill '${skillName}' has elevated risk (${riskScore}/100), requires approval`;
+        }
+        else {
+            action = 'allow';
+            reason = `Skill '${skillName}' passed authorization (risk: ${riskScore}/100)`;
+        }
+        if (this.config.enforcement.mode === 'monitor') {
+            action = 'allow';
+            reason = `[MONITOR] ${reason}`;
+        }
+        return { action, reason, riskScore };
+    }
+    getStats() {
+        return {
+            total: this.decisions.length,
+            denied: this.decisionsDenied,
+            quarantined: this.decisions.filter(d => d.action === 'quarantine').length,
+        };
+    }
+    getRecentDecisions(limit = 100) {
+        return this.decisions.slice(-limit);
+    }
+    recordDecision(decision) {
+        this.decisions.push(decision);
+        if (this.decisions.length > 10000) {
+            this.decisions = this.decisions.slice(-5000);
+        }
+        if (decision.action === 'deny' || decision.action === 'quarantine') {
+            this.decisionsDenied++;
+            logger_1.logger.warn('Enforcement decision', {
+                type: decision.type,
+                action: decision.action,
+                reason: decision.reason,
+                pid: decision.pid,
+                frameworkId: decision.frameworkId,
+            });
+        }
+        const auditEntry = {
+            id: decision.id,
+            timestamp: decision.timestamp,
+            type: decision.type,
+            action: decision.action,
+            frameworkId: decision.frameworkId,
+            frameworkName: this.taggedProcesses.get(decision.pid)?.frameworkName ?? null,
+            pid: decision.pid,
+            reason: decision.reason,
+            detail: decision.detail,
+            hostname: os_1.default.hostname(),
+        };
+        this.auditLogger.log(auditEntry).catch(err => {
+            logger_1.logger.error('Audit log write failed', { err: err.message });
+        });
+    }
+    decideFileAccess(pid, targetPath, operation, frameworkId) {
+        if (!frameworkId)
+            return 'allow';
+        const profile = this.findProfile(frameworkId);
+        if (!profile)
+            return 'allow';
+        if (this.config.enforcement.mode === 'monitor')
+            return 'allow';
+        if (this.config.enforcement.mode === 'quarantine')
+            return 'quarantine';
+        for (const rule of profile.fsRules) {
+            if (matchGlob(rule.path, targetPath)) {
+                if (rule.permissions === 'none')
+                    return 'deny';
+                if (rule.permissions === 'r' && operation === 'write')
+                    return 'deny';
+                if (rule.permissions === 'r' && operation === 'delete')
+                    return 'deny';
+                if (rule.permissions === 'r' && operation === 'chmod')
+                    return 'deny';
+                if (rule.permissions === 'rx' && operation === 'write')
+                    return 'deny';
+                if (rule.permissions === 'rx' && operation === 'delete')
+                    return 'deny';
+                if (rule.permissions === 'rx' && operation === 'chmod')
+                    return 'deny';
+                return 'allow';
+            }
+        }
+        if (this.config.enforcement.mode === 'enforce')
+            return 'deny';
+        return 'allow';
+    }
+    decideNetworkAccess(pid, destIp, destPort, hostname, frameworkId) {
+        if (!frameworkId)
+            return 'allow';
+        if (this.config.enforcement.mode === 'monitor')
+            return 'allow';
+        if (this.config.enforcement.mode === 'quarantine')
+            return 'quarantine';
+        const profile = this.findProfile(frameworkId);
+        if (!profile)
+            return 'allow';
+        const hostToMatch = hostname ?? destIp;
+        for (const rule of profile.networkRules) {
+            if (rule.direction !== 'egress')
+                continue;
+            if (rule.host && !matchHostname(rule.host, hostToMatch))
+                continue;
+            if (rule.port && rule.port !== destPort)
+                continue;
+            if (rule.action === 'deny')
+                return 'deny';
+            if (rule.action === 'allow')
+                return 'allow';
+        }
+        if (this.config.network.allowPrivate && this.isPrivateIp(destIp)) {
+            return 'allow';
+        }
+        for (const blocked of this.config.network.blockHosts) {
+            if (matchHostname(blocked, hostToMatch))
+                return 'deny';
+        }
+        return 'deny';
+    }
+    isSyscallBlocked(syscall, frameworkId) {
+        if (!frameworkId)
+            return false;
+        const profile = this.findProfile(frameworkId);
+        if (!profile)
+            return false;
+        if (profile.blockedSyscalls.includes(syscall))
+            return true;
+        return false;
+    }
+    findProfile(frameworkId) {
+        for (const p of types_1.AGENT_SANDBOX_PROFILES) {
+            if (p.frameworkIds.includes(frameworkId))
+                return p;
+        }
+        return null;
+    }
+    scoreSkillRisk(skillName, args) {
+        let score = 0;
+        const highRiskPatterns = [
+            /exec/i, /shell/i, /bash/i, /terminal/i, /command/i,
+            /fs_|_fs_|filesystem|read_file|write_file|delete_file/i,
+            /db_|_db_|database|query|sql/i,
+            /network|http|fetch|curl|wget|request/i,
+            /ssh|scp|rsync/i,
+            /sudo|su|chmod|chown/i,
+            /rm\s/i, /mkfs/i,
+        ];
+        for (const pattern of highRiskPatterns) {
+            if (pattern.test(skillName))
+                score += 20;
+        }
+        const argString = JSON.stringify(args).toLowerCase();
+        const dangerousArgs = [
+            /rm\s+-rf/i, /mkfs/i, /dd\s+if/i,
+            /:\/\/[\w\.]+@/i,
+            /chmod\s+777/i,
+            /\/etc\/(passwd|shadow|sudoers)/i,
+            /\/\.ssh\//i, /\/\.aws\//i, /\/\.config\/gcloud/i,
+            /\/var\/log\/auth/i,
+        ];
+        for (const pattern of dangerousArgs) {
+            if (pattern.test(argString))
+                score += 15;
+        }
+        return Math.min(score, 100);
+    }
+    buildFileAccessReason(event, decision) {
+        if (decision === 'deny') {
+            return `Agent (pid ${event.pid}) ${event.operation} access to '${event.targetPath}' denied`;
+        }
+        if (decision === 'quarantine') {
+            return `Agent (pid ${event.pid}) ${event.operation} access to '${event.targetPath}' — host quarantined`;
+        }
+        return `Agent (pid ${event.pid}) ${event.operation} access to '${event.targetPath}' allowed`;
+    }
+    buildNetworkAccessReason(event, decision) {
+        const target = event.hostname ?? event.destIp;
+        if (decision === 'deny') {
+            return `Agent (pid ${event.pid}) egress to '${target}:${event.destPort}' denied`;
+        }
+        if (decision === 'quarantine') {
+            return `Agent (pid ${event.pid}) egress — host quarantined`;
+        }
+        return `Agent (pid ${event.pid}) egress to '${target}:${event.destPort}' allowed`;
+    }
+    isPrivateIp(ip) {
+        const parts = ip.split('.').map(Number);
+        if (parts.length !== 4)
+            return false;
+        return (parts[0] === 10 ||
+            (parts[0] === 172 && parts[1] >= 16 && parts[1] <= 31) ||
+            (parts[0] === 192 && parts[1] === 168) ||
+            parts[0] === 127);
+    }
+}
+exports.EnforcementEngine = EnforcementEngine;
+//# sourceMappingURL=enforcement-engine.js.map