@praxis.guard/auditor-cli 0.0.33 → 0.0.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/approval/argv-fingerprint.d.ts +10 -1
- package/dist/approval/argv-fingerprint.d.ts.map +1 -1
- package/dist/approval/argv-fingerprint.js +10 -1
- package/dist/approval/argv-fingerprint.js.map +1 -1
- package/dist/approval/hook-inline-approval.d.ts +2 -0
- package/dist/approval/hook-inline-approval.d.ts.map +1 -1
- package/dist/approval/hook-inline-approval.js +6 -2
- package/dist/approval/hook-inline-approval.js.map +1 -1
- package/dist/approval/mcp-flow.d.ts +4 -2
- package/dist/approval/mcp-flow.d.ts.map +1 -1
- package/dist/approval/mcp-flow.js +9 -3
- package/dist/approval/mcp-flow.js.map +1 -1
- package/dist/approval/redeem.d.ts +2 -0
- package/dist/approval/redeem.d.ts.map +1 -1
- package/dist/approval/redeem.js +7 -2
- package/dist/approval/redeem.js.map +1 -1
- package/dist/bridge/execution-ticket.d.ts +3 -0
- package/dist/bridge/execution-ticket.d.ts.map +1 -1
- package/dist/bridge/execution-ticket.js +38 -9
- package/dist/bridge/execution-ticket.js.map +1 -1
- package/dist/bridge/shell-approval-bridge.d.ts +14 -5
- package/dist/bridge/shell-approval-bridge.d.ts.map +1 -1
- package/dist/bridge/shell-approval-bridge.js +47 -24
- package/dist/bridge/shell-approval-bridge.js.map +1 -1
- package/dist/hooks/agent-message.d.ts.map +1 -1
- package/dist/hooks/agent-message.js +26 -14
- package/dist/hooks/agent-message.js.map +1 -1
- package/dist/hooks/before-shell-io.d.ts +3 -0
- package/dist/hooks/before-shell-io.d.ts.map +1 -0
- package/dist/hooks/before-shell-io.js +26 -0
- package/dist/hooks/before-shell-io.js.map +1 -0
- package/dist/hooks/before-shell-mutate.d.ts +23 -0
- package/dist/hooks/before-shell-mutate.d.ts.map +1 -0
- package/dist/hooks/before-shell-mutate.js +74 -0
- package/dist/hooks/before-shell-mutate.js.map +1 -0
- package/dist/hooks/before-shell-skipped.d.ts +11 -0
- package/dist/hooks/before-shell-skipped.d.ts.map +1 -0
- package/dist/hooks/before-shell-skipped.js +49 -0
- package/dist/hooks/before-shell-skipped.js.map +1 -0
- package/dist/hooks/before-shell-types.d.ts +12 -0
- package/dist/hooks/before-shell-types.d.ts.map +1 -0
- package/dist/hooks/before-shell-types.js +2 -0
- package/dist/hooks/before-shell-types.js.map +1 -0
- package/dist/hooks/run-before-shell.d.ts +2 -10
- package/dist/hooks/run-before-shell.d.ts.map +1 -1
- package/dist/hooks/run-before-shell.js +63 -142
- package/dist/hooks/run-before-shell.js.map +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +2 -2
- package/dist/index.js.map +1 -1
- package/dist/mcp/evaluate-guard.d.ts.map +1 -1
- package/dist/mcp/evaluate-guard.js +20 -9
- package/dist/mcp/evaluate-guard.js.map +1 -1
- package/dist/mcp/guard-approval-block.d.ts +1 -0
- package/dist/mcp/guard-approval-block.d.ts.map +1 -1
- package/dist/mcp/guard-approval-block.js +1 -0
- package/dist/mcp/guard-approval-block.js.map +1 -1
- package/dist/policies.v1.json +4 -0
- package/dist/policy/index.d.ts +4 -0
- package/dist/policy/index.d.ts.map +1 -1
- package/dist/policy/index.js +6 -0
- package/dist/policy/index.js.map +1 -1
- package/dist/shell/analyze-command-aggregate.d.ts +16 -0
- package/dist/shell/analyze-command-aggregate.d.ts.map +1 -0
- package/dist/shell/analyze-command-aggregate.js +89 -0
- package/dist/shell/analyze-command-aggregate.js.map +1 -0
- package/dist/shell/analyze-command-invocations.d.ts +11 -0
- package/dist/shell/analyze-command-invocations.d.ts.map +1 -0
- package/dist/shell/analyze-command-invocations.js +113 -0
- package/dist/shell/analyze-command-invocations.js.map +1 -0
- package/dist/shell/analyze-command.d.ts +7 -0
- package/dist/shell/analyze-command.d.ts.map +1 -0
- package/dist/shell/analyze-command.js +46 -0
- package/dist/shell/analyze-command.js.map +1 -0
- package/dist/shell/analyze-command.types.d.ts +38 -0
- package/dist/shell/analyze-command.types.d.ts.map +1 -0
- package/dist/shell/analyze-command.types.js +2 -0
- package/dist/shell/analyze-command.types.js.map +1 -0
- package/dist/shell/evaluate.d.ts +15 -18
- package/dist/shell/evaluate.d.ts.map +1 -1
- package/dist/shell/evaluate.js +57 -47
- package/dist/shell/evaluate.js.map +1 -1
- package/dist/shell/governed-tools.d.ts +18 -1
- package/dist/shell/governed-tools.d.ts.map +1 -1
- package/dist/shell/governed-tools.js +60 -1
- package/dist/shell/governed-tools.js.map +1 -1
- package/dist/shell/guard-eval.d.ts +15 -0
- package/dist/shell/guard-eval.d.ts.map +1 -0
- package/dist/shell/guard-eval.js +35 -0
- package/dist/shell/guard-eval.js.map +1 -0
- package/dist/shell/parse-segments.d.ts +14 -0
- package/dist/shell/parse-segments.d.ts.map +1 -0
- package/dist/shell/parse-segments.js +41 -0
- package/dist/shell/parse-segments.js.map +1 -0
- package/package.json +1 -1
|
@@ -1,2 +1,11 @@
|
|
|
1
|
-
export { shellArgvApprovalId
|
|
1
|
+
export { shellApprovalFingerprintId, shellArgvApprovalId, } from "../bridge/shell-approval-bridge.js";
|
|
2
|
+
import type { ShellApprovalFingerprintPayload } from "../shell/analyze-command.js";
|
|
3
|
+
import { shellArgvApprovalId } from "../bridge/shell-approval-bridge.js";
|
|
4
|
+
/** @deprecated Use `resolveShellApprovalHash` for shell commands. */
|
|
5
|
+
export declare const argvSha256: typeof shellArgvApprovalId;
|
|
6
|
+
export declare function resolveShellApprovalHash(input: {
|
|
7
|
+
kind: "shell" | "mcp";
|
|
8
|
+
argv: readonly string[];
|
|
9
|
+
approval_fingerprint?: ShellApprovalFingerprintPayload | null;
|
|
10
|
+
}): string;
|
|
2
11
|
//# sourceMappingURL=argv-fingerprint.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"argv-fingerprint.d.ts","sourceRoot":"","sources":["../../src/approval/argv-fingerprint.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,
|
|
1
|
+
{"version":3,"file":"argv-fingerprint.d.ts","sourceRoot":"","sources":["../../src/approval/argv-fingerprint.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,0BAA0B,EAC1B,mBAAmB,GACpB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,6BAA6B,CAAC;AACnF,OAAO,EAA8B,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAErG,qEAAqE;AACrE,eAAO,MAAM,UAAU,4BAAsB,CAAC;AAE9C,wBAAgB,wBAAwB,CAAC,KAAK,EAAE;IAC9C,IAAI,EAAE,OAAO,GAAG,KAAK,CAAC;IACtB,IAAI,EAAE,SAAS,MAAM,EAAE,CAAC;IACxB,oBAAoB,CAAC,EAAE,+BAA+B,GAAG,IAAI,CAAC;CAC/D,GAAG,MAAM,CAKT"}
|
|
@@ -1,2 +1,11 @@
|
|
|
1
|
-
export { shellArgvApprovalId
|
|
1
|
+
export { shellApprovalFingerprintId, shellArgvApprovalId, } from "../bridge/shell-approval-bridge.js";
|
|
2
|
+
import { shellApprovalFingerprintId, shellArgvApprovalId } from "../bridge/shell-approval-bridge.js";
|
|
3
|
+
/** @deprecated Use `resolveShellApprovalHash` for shell commands. */
|
|
4
|
+
export const argvSha256 = shellArgvApprovalId;
|
|
5
|
+
export function resolveShellApprovalHash(input) {
|
|
6
|
+
if (input.kind === "shell" && input.approval_fingerprint) {
|
|
7
|
+
return shellApprovalFingerprintId(input.approval_fingerprint);
|
|
8
|
+
}
|
|
9
|
+
return shellArgvApprovalId(input.argv);
|
|
10
|
+
}
|
|
2
11
|
//# sourceMappingURL=argv-fingerprint.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"argv-fingerprint.js","sourceRoot":"","sources":["../../src/approval/argv-fingerprint.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"argv-fingerprint.js","sourceRoot":"","sources":["../../src/approval/argv-fingerprint.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,0BAA0B,EAC1B,mBAAmB,GACpB,MAAM,oCAAoC,CAAC;AAG5C,OAAO,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAErG,qEAAqE;AACrE,MAAM,CAAC,MAAM,UAAU,GAAG,mBAAmB,CAAC;AAE9C,MAAM,UAAU,wBAAwB,CAAC,KAIxC;IACC,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO,IAAI,KAAK,CAAC,oBAAoB,EAAE,CAAC;QACzD,OAAO,0BAA0B,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,mBAAmB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import type { ShellApprovalFingerprintPayload } from "../shell/analyze-command.js";
|
|
1
2
|
export type HookInlineApprovalInput = {
|
|
2
3
|
argv: string[];
|
|
3
4
|
kind: "shell" | "mcp";
|
|
@@ -9,6 +10,7 @@ export type HookInlineApprovalInput = {
|
|
|
9
10
|
tool_input_sha256?: string | null;
|
|
10
11
|
sessionId?: string | null;
|
|
11
12
|
environment?: string | null;
|
|
13
|
+
approval_fingerprint?: ShellApprovalFingerprintPayload | null;
|
|
12
14
|
};
|
|
13
15
|
export type HookInlineApprovalResult = {
|
|
14
16
|
request_id: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hook-inline-approval.d.ts","sourceRoot":"","sources":["../../src/approval/hook-inline-approval.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"hook-inline-approval.d.ts","sourceRoot":"","sources":["../../src/approval/hook-inline-approval.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,6BAA6B,CAAC;AAEnF,MAAM,MAAM,uBAAuB,GAAG;IACpC,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,IAAI,EAAE,OAAO,GAAG,KAAK,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,oBAAoB,CAAC,EAAE,+BAA+B,GAAG,IAAI,CAAC;CAC/D,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,wBAAgB,yBAAyB,IAAI,OAAO,CAEnD;AAOD;;GAEG;AACH,wBAAsB,4BAA4B,CAChD,KAAK,EAAE,uBAAuB,GAC7B,OAAO,CAAC,wBAAwB,GAAG,IAAI,CAAC,CAqD1C"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { getInstallId } from "../cli/install-id.js";
|
|
2
2
|
import { resolveGuardToken } from "../cli/credentials.js";
|
|
3
3
|
import { createApprovalRequest } from "./client.js";
|
|
4
|
-
import {
|
|
4
|
+
import { resolveShellApprovalHash } from "./argv-fingerprint.js";
|
|
5
5
|
import { writePendingApprovalIndex } from "../bridge/pending-approval-index.js";
|
|
6
6
|
import { resolveGuardStorageRoot } from "../bridge/guard-storage-root.js";
|
|
7
7
|
export function hookInlineApprovalEnabled() {
|
|
@@ -20,7 +20,11 @@ export async function tryHookInlineApprovalRequest(input) {
|
|
|
20
20
|
if (!resolveGuardToken())
|
|
21
21
|
return null;
|
|
22
22
|
const storageRoot = resolveGuardStorageRoot(input.storageRoot);
|
|
23
|
-
const hash =
|
|
23
|
+
const hash = resolveShellApprovalHash({
|
|
24
|
+
kind: input.kind,
|
|
25
|
+
argv: input.argv,
|
|
26
|
+
approval_fingerprint: input.approval_fingerprint,
|
|
27
|
+
});
|
|
24
28
|
const timeoutMs = inlineTimeoutMs();
|
|
25
29
|
try {
|
|
26
30
|
const created = await Promise.race([
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hook-inline-approval.js","sourceRoot":"","sources":["../../src/approval/hook-inline-approval.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"hook-inline-approval.js","sourceRoot":"","sources":["../../src/approval/hook-inline-approval.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAuB1E,MAAM,UAAU,yBAAyB;IACvC,OAAO,OAAO,CAAC,GAAG,CAAC,2BAA2B,KAAK,GAAG,CAAC;AACzD,CAAC;AAED,SAAS,eAAe;IACtB,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;IACrE,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,KAA8B;IAE9B,IAAI,CAAC,yBAAyB,EAAE;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,CAAC,iBAAiB,EAAE;QAAE,OAAO,IAAI,CAAC;IAEtC,MAAM,WAAW,GAAG,uBAAuB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,wBAAwB,CAAC;QACpC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;KACjD,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,eAAe,EAAE,CAAC;IAEpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;YACjC,qBAAqB,CAAC;gBACtB,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC;gBACrB,UAAU,EAAE,YAAY,EAAE;gBAC1B,UAAU,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;gBACnC,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI;gBACtC,WAAW,EAAE,KAAK,CAAC,UAAU;gBAC7B,QAAQ,EAAE,KAAK,CAAC,OAAO;gBACvB,eAAe,EAAE,KAAK,CAAC,cAAc;gBACrC,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,IAAI,IAAI;gBAClD,cAAc,EAAE,OAAO;aACtB,CAAC;YACF,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC,EAAE,SAAS,CAAC,CAC1E;SACF,CAAC,CAAC;QAEH,MAAM,yBAAyB,CAC7B;YACE,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,WAAW,EAAE,IAAI;YACjB,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC;YACrB,UAAU,EAAE,YAAY,EAAE;YAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,QAAQ,EAAE,KAAK,CAAC,OAAO;YACvB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,IAAI,IAAI;YAClD,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACrC,EACD,EAAE,WAAW,EAAE,CAChB,CAAC;QAEF,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { resolveShellApprovalHash } from "./argv-fingerprint.js";
|
|
2
|
+
import type { ShellApprovalFingerprintPayload } from "../shell/analyze-command.js";
|
|
2
3
|
export type McpApprovalContext = {
|
|
3
4
|
request_id?: string | null;
|
|
4
5
|
grant?: string | null;
|
|
@@ -37,7 +38,8 @@ export declare function resolveMutateApproval(input: {
|
|
|
37
38
|
approval?: McpApprovalContext | null;
|
|
38
39
|
waitMs?: number | null;
|
|
39
40
|
tool_input_sha256?: string | null;
|
|
41
|
+
approval_fingerprint?: ShellApprovalFingerprintPayload | null;
|
|
40
42
|
}): Promise<McpApprovalOutcome>;
|
|
41
43
|
export declare function argvFingerprint(argv: readonly string[]): string;
|
|
42
|
-
export {
|
|
44
|
+
export { resolveShellApprovalHash };
|
|
43
45
|
//# sourceMappingURL=mcp-flow.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-flow.d.ts","sourceRoot":"","sources":["../../src/approval/mcp-flow.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"mcp-flow.d.ts","sourceRoot":"","sources":["../../src/approval/mcp-flow.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,6BAA6B,CAAC;AASnF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAC1B;IACE,IAAI,EAAE,kBAAkB,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB,GACD;IACE,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACpB,GACD;IACE,IAAI,EAAE,yBAAyB,CAAC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB,GACD;IAAE,IAAI,EAAE,qBAAqB,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAMrD,wBAAsB,qBAAqB,CAAC,KAAK,EAAE;IACjD,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,YAAY,EAAE,OAAO,GAAG,KAAK,CAAC;IAC9B,iEAAiE;IACjE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,QAAQ,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,oBAAoB,CAAC,EAAE,+BAA+B,GAAG,IAAI,CAAC;CAC/D,GAAG,OAAO,CAAC,kBAAkB,CAAC,CA2I9B;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,GAAG,MAAM,CAE/D;AAED,OAAO,EAAE,wBAAwB,EAAE,CAAC"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { getInstallId } from "../cli/install-id.js";
|
|
2
2
|
import { resolveGuardStorageRoot } from "../bridge/guard-storage-root.js";
|
|
3
3
|
import { writePendingApprovalIndex } from "../bridge/pending-approval-index.js";
|
|
4
|
-
import {
|
|
4
|
+
import { resolveShellApprovalHash } from "./argv-fingerprint.js";
|
|
5
5
|
import { createApprovalRequest, getApprovalRequest, pollUntilApproved, } from "./client.js";
|
|
6
6
|
import { redeemApprovalAndRecordBridge } from "./redeem.js";
|
|
7
7
|
import { verifyApprovalGrant } from "./grant.js";
|
|
@@ -45,6 +45,7 @@ export async function resolveMutateApproval(input) {
|
|
|
45
45
|
grant,
|
|
46
46
|
environment: input.environment,
|
|
47
47
|
session_id: input.sessionId,
|
|
48
|
+
approval_fingerprint: input.approval_fingerprint,
|
|
48
49
|
});
|
|
49
50
|
if (!redeem.ticketRecorded) {
|
|
50
51
|
return {
|
|
@@ -85,6 +86,7 @@ export async function resolveMutateApproval(input) {
|
|
|
85
86
|
storageRoot,
|
|
86
87
|
environment: input.environment,
|
|
87
88
|
session_id: input.sessionId,
|
|
89
|
+
approval_fingerprint: input.approval_fingerprint,
|
|
88
90
|
});
|
|
89
91
|
if (!redeem.ticketRecorded) {
|
|
90
92
|
return {
|
|
@@ -102,7 +104,11 @@ export async function resolveMutateApproval(input) {
|
|
|
102
104
|
request_id: created.request_id,
|
|
103
105
|
};
|
|
104
106
|
}
|
|
105
|
-
const hash =
|
|
107
|
+
const hash = resolveShellApprovalHash({
|
|
108
|
+
kind: input.proposalKind,
|
|
109
|
+
argv: input.argv,
|
|
110
|
+
approval_fingerprint: input.approval_fingerprint,
|
|
111
|
+
});
|
|
106
112
|
await writePendingApprovalIndex({
|
|
107
113
|
request_id: created.request_id,
|
|
108
114
|
argv_sha256: hash,
|
|
@@ -130,5 +136,5 @@ export async function resolveMutateApproval(input) {
|
|
|
130
136
|
export function argvFingerprint(argv) {
|
|
131
137
|
return JSON.stringify(argv);
|
|
132
138
|
}
|
|
133
|
-
export {
|
|
139
|
+
export { resolveShellApprovalHash };
|
|
134
140
|
//# sourceMappingURL=mcp-flow.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mcp-flow.js","sourceRoot":"","sources":["../../src/approval/mcp-flow.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAC1E,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"mcp-flow.js","sourceRoot":"","sources":["../../src/approval/mcp-flow.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAC1E,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AAEjE,OAAO,EACL,qBAAqB,EACrB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,6BAA6B,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AA6BjD,SAAS,aAAa;IACpB,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,EAAE,IAAI,4BAA4B,CAAC;AAC5E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,KAe3C;IACC,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,WAAW,GAAG,uBAAuB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,KAAK,CAAC,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAC7D,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAEpD,IAAI,CAAC;QACH,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;gBAC1C,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;oBAC/C,OAAO,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC;gBACnE,CAAC;YACH,CAAC;YAED,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC;YAEhD,IAAI,MAAM,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7D,MAAM,iBAAiB,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;YAClE,CAAC;iBAAM,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBAChC,OAAO;oBACL,IAAI,EAAE,kBAAkB;oBACxB,UAAU,EAAE,SAAS;oBACrB,QAAQ,EAAE,GAAG,EAAE,QAAQ,IAAI,GAAG,aAAa,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,kBAAkB,SAAS,EAAE;oBAC7F,UAAU,EAAE,GAAG,EAAE,UAAU,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;iBACnF,CAAC;YACJ,CAAC;YAED,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACxB,OAAO,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC;YACrE,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,6BAA6B,CAAC;gBACjD,UAAU,EAAE,SAAS;gBACrB,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,IAAI,EAAE,KAAK,CAAC,YAAY;gBACxB,WAAW;gBACX,KAAK;gBACL,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,UAAU,EAAE,KAAK,CAAC,SAAS;gBAC3B,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;aACjD,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;gBAC3B,OAAO;oBACL,IAAI,EAAE,yBAAyB;oBAC/B,UAAU,EAAE,SAAS;oBACrB,OAAO,EACL,2HAA2H;iBAC9H,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,cAAc,EAAE,KAAK;gBACrB,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,UAAU,EAAE,SAAS;aACtB,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC;YAC1C,IAAI,EAAE,KAAK,CAAC,YAAY;YACxB,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC;YACrB,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;YACnC,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI;YACtC,WAAW,EAAE,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YACrD,QAAQ,EAAE,KAAK,CAAC,OAAO;YACvB,eAAe,EAAE,KAAK,CAAC,cAAc;YACrC,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,IAAI,IAAI;YAClD,cAAc,EAAE,OAAO;SACxB,CAAC,CAAC;QAEH,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,iBAAiB,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;YACzE,MAAM,MAAM,GAAG,MAAM,6BAA6B,CAAC;gBACjD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,IAAI,EAAE,KAAK,CAAC,YAAY;gBACxB,WAAW;gBACX,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,UAAU,EAAE,KAAK,CAAC,SAAS;gBAC3B,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;aACjD,CAAC,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;gBAC3B,OAAO;oBACL,IAAI,EAAE,yBAAyB;oBAC/B,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,OAAO,EACL,2HAA2H;iBAC9H,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,cAAc,EAAE,KAAK;gBACrB,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,wBAAwB,CAAC;YACpC,IAAI,EAAE,KAAK,CAAC,YAAY;YACxB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;SACjD,CAAC,CAAC;QACH,MAAM,yBAAyB,CAC7B;YACE,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,WAAW,EAAE,IAAI;YACjB,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC;YACrB,UAAU,EAAE,SAAS;YACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,QAAQ,EAAE,KAAK,CAAC,OAAO;YACvB,iBAAiB,EAAE,KAAK,CAAC,iBAAiB,IAAI,IAAI;YAClD,IAAI,EAAE,KAAK,CAAC,YAAY;YACxB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACrC,EACD,EAAE,WAAW,EAAE,CAChB,CAAC;QAEF,OAAO;YACL,IAAI,EAAE,kBAAkB;YACxB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;IACvD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAuB;IACrD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,OAAO,EAAE,wBAAwB,EAAE,CAAC"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import type { ShellApprovalFingerprintPayload } from "../shell/analyze-command.js";
|
|
1
2
|
export type RedeemAndBridgeInput = {
|
|
2
3
|
request_id: string;
|
|
3
4
|
argv: string[];
|
|
@@ -7,6 +8,7 @@ export type RedeemAndBridgeInput = {
|
|
|
7
8
|
grant?: string | null;
|
|
8
9
|
environment?: string | null;
|
|
9
10
|
session_id?: string | null;
|
|
11
|
+
approval_fingerprint?: ShellApprovalFingerprintPayload | null;
|
|
10
12
|
};
|
|
11
13
|
export type RedeemAndBridgeResult = {
|
|
12
14
|
redeemed: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"redeem.d.ts","sourceRoot":"","sources":["../../src/approval/redeem.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"redeem.d.ts","sourceRoot":"","sources":["../../src/approval/redeem.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,6BAA6B,CAAC;AAEnF,MAAM,MAAM,oBAAoB,GAAG;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,IAAI,EAAE,OAAO,GAAG,KAAK,CAAC;IACtB,0DAA0D;IAC1D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,oBAAoB,CAAC,EAAE,+BAA+B,GAAG,IAAI,CAAC;CAC/D,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,0DAA0D;IAC1D,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;CACjC,CAAC;AAEF;;GAEG;AACH,wBAAsB,6BAA6B,CACjD,KAAK,EAAE,oBAAoB,GAC1B,OAAO,CAAC,qBAAqB,CAAC,CAmEhC"}
|
package/dist/approval/redeem.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { getInstallId } from "../cli/install-id.js";
|
|
2
2
|
import { resolveGuardStorageRoot } from "../bridge/guard-storage-root.js";
|
|
3
3
|
import { recordExecutionTicket } from "../bridge/execution-ticket.js";
|
|
4
|
-
import {
|
|
4
|
+
import { resolveShellApprovalHash } from "./argv-fingerprint.js";
|
|
5
5
|
import { getApprovalRequest, redeemApprovalGrant } from "./client.js";
|
|
6
6
|
import { verifyApprovalGrant } from "./grant.js";
|
|
7
7
|
/**
|
|
@@ -9,7 +9,11 @@ import { verifyApprovalGrant } from "./grant.js";
|
|
|
9
9
|
*/
|
|
10
10
|
export async function redeemApprovalAndRecordBridge(input) {
|
|
11
11
|
const installId = getInstallId();
|
|
12
|
-
const hash =
|
|
12
|
+
const hash = resolveShellApprovalHash({
|
|
13
|
+
kind: input.kind,
|
|
14
|
+
argv: input.argv,
|
|
15
|
+
approval_fingerprint: input.approval_fingerprint,
|
|
16
|
+
});
|
|
13
17
|
const storageRoot = resolveGuardStorageRoot(input.storageRoot);
|
|
14
18
|
let grant = input.grant?.trim() || null;
|
|
15
19
|
if (grant) {
|
|
@@ -58,6 +62,7 @@ export async function redeemApprovalAndRecordBridge(input) {
|
|
|
58
62
|
await recordExecutionTicket(executionTicket, input.argv, {
|
|
59
63
|
storageRoot,
|
|
60
64
|
kind: input.kind,
|
|
65
|
+
approval_fingerprint: input.approval_fingerprint,
|
|
61
66
|
});
|
|
62
67
|
ticketRecorded = true;
|
|
63
68
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"redeem.js","sourceRoot":"","sources":["../../src/approval/redeem.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"redeem.js","sourceRoot":"","sources":["../../src/approval/redeem.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AACtE,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAwBjD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,KAA2B;IAE3B,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,IAAI,GAAG,wBAAwB,CAAC;QACpC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;KACjD,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,uBAAuB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC/D,IAAI,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAExC,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QAC9C,IAAI,MAAM,CAAC,UAAU,KAAK,KAAK,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACnF,IAAI,MAAM,CAAC,WAAW,KAAK,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QAClE,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC9E,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACvD,IAAI,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,sBAAsB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,IAAI,MAA0F,CAAC;IAC/F,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,mBAAmB,CAAC;YACjC,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,KAAK,EAAE,KAAK,IAAI,SAAS;YACzB,UAAU,EAAE,SAAS;YACrB,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC;SACtB,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,IAAI,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5D,MAAM,GAAG;gBACP,QAAQ,EAAE,IAAI;gBACd,WAAW,EAAE,IAAI;gBACjB,gBAAgB,EAAE,IAAI;aACvB,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;IAED,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,MAAM,eAAe,GAAG,MAAM,CAAC,gBAAgB,CAAC;IAEhD,IAAI,eAAe,EAAE,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,qBAAqB,CAAC,eAAe,EAAE,KAAK,CAAC,IAAI,EAAE;gBACvD,WAAW;gBACX,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,oBAAoB,EAAE,KAAK,CAAC,oBAAoB;aACjD,CAAC,CAAC;YACH,cAAc,GAAG,IAAI,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,cAAc,GAAG,KAAK,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,cAAc,EAAE,KAAK;QACrB,cAAc;QACd,gBAAgB,EAAE,eAAe;KAClC,CAAC;AACJ,CAAC"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import type { ShellApprovalFingerprintPayload } from "../shell/analyze-command.js";
|
|
1
2
|
export declare const EXECUTION_TICKET_ENV = "PRAXIS_GUARD_EXECUTION_TICKET";
|
|
2
3
|
export declare function executionTicketDir(storageRoot?: string): string;
|
|
3
4
|
/**
|
|
@@ -6,6 +7,7 @@ export declare function executionTicketDir(storageRoot?: string): string;
|
|
|
6
7
|
export declare function recordExecutionTicket(ticket: string, argv: readonly string[], opts?: {
|
|
7
8
|
storageRoot?: string;
|
|
8
9
|
kind?: "shell" | "mcp";
|
|
10
|
+
approval_fingerprint?: ShellApprovalFingerprintPayload | null;
|
|
9
11
|
}): Promise<void>;
|
|
10
12
|
/**
|
|
11
13
|
* Verify a signed execution ticket locally and consume it once (env var or ticket files).
|
|
@@ -14,5 +16,6 @@ export declare function tryConsumeExecutionTicket(argv: readonly string[], opts?
|
|
|
14
16
|
storageRoot?: string;
|
|
15
17
|
kind?: "shell" | "mcp";
|
|
16
18
|
tool_input_sha256?: string | null;
|
|
19
|
+
approval_fingerprint?: ShellApprovalFingerprintPayload | null;
|
|
17
20
|
}): Promise<boolean>;
|
|
18
21
|
//# sourceMappingURL=execution-ticket.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"execution-ticket.d.ts","sourceRoot":"","sources":["../../src/bridge/execution-ticket.ts"],"names":[],"mappings":"AASA,eAAO,MAAM,oBAAoB,kCAAkC,CAAC;AAEpE,wBAAgB,kBAAkB,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CAE/D;
|
|
1
|
+
{"version":3,"file":"execution-ticket.d.ts","sourceRoot":"","sources":["../../src/bridge/execution-ticket.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,6BAA6B,CAAC;AAEnF,eAAO,MAAM,oBAAoB,kCAAkC,CAAC;AAEpE,wBAAgB,kBAAkB,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CAE/D;AA+CD;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,IAAI,CAAC,EAAE;IACL,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC;IACvB,oBAAoB,CAAC,EAAE,+BAA+B,GAAG,IAAI,CAAC;CAC/D,GACA,OAAO,CAAC,IAAI,CAAC,CAkBf;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,IAAI,CAAC,EAAE;IACL,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,oBAAoB,CAAC,EAAE,+BAA+B,GAAG,IAAI,CAAC;CAC/D,GACA,OAAO,CAAC,OAAO,CAAC,CAoElB"}
|
|
@@ -3,8 +3,9 @@ import { mkdir, readdir, readFile, unlink, writeFile } from "node:fs/promises";
|
|
|
3
3
|
import path from "node:path";
|
|
4
4
|
import { getInstallId } from "../cli/install-id.js";
|
|
5
5
|
import { verifyExecutionTicket } from "../approval/grant.js";
|
|
6
|
+
import { resolveShellApprovalHash } from "../approval/argv-fingerprint.js";
|
|
6
7
|
import { resolveGuardStorageRoot } from "./guard-storage-root.js";
|
|
7
|
-
import { shellArgvApprovalId } from "./shell-approval-bridge.js";
|
|
8
|
+
import { shellApprovalFingerprintId, shellArgvApprovalId } from "./shell-approval-bridge.js";
|
|
8
9
|
export const EXECUTION_TICKET_ENV = "PRAXIS_GUARD_EXECUTION_TICKET";
|
|
9
10
|
export function executionTicketDir(storageRoot) {
|
|
10
11
|
return path.join(resolveGuardStorageRoot(storageRoot), ".cursor/guard/tickets");
|
|
@@ -14,6 +15,11 @@ function argvDeepEqual(stored, requested) {
|
|
|
14
15
|
return false;
|
|
15
16
|
return stored.every((v, i) => typeof v === "string" && v === requested[i]);
|
|
16
17
|
}
|
|
18
|
+
function fingerprintDeepEqual(stored, requested) {
|
|
19
|
+
if (!stored || typeof stored !== "object")
|
|
20
|
+
return false;
|
|
21
|
+
return shellApprovalFingerprintId(stored) === shellApprovalFingerprintId(requested);
|
|
22
|
+
}
|
|
17
23
|
function isEquivalentMcpInvocation(approved, requested) {
|
|
18
24
|
if (approved.length < 3 || requested.length < 3)
|
|
19
25
|
return false;
|
|
@@ -25,7 +31,15 @@ function isEquivalentMcpInvocation(approved, requested) {
|
|
|
25
31
|
return true;
|
|
26
32
|
return approved[1] === "stdio" || requested[1] === "stdio";
|
|
27
33
|
}
|
|
28
|
-
function
|
|
34
|
+
function shellApprovalId(argv, fingerprint) {
|
|
35
|
+
if (fingerprint)
|
|
36
|
+
return shellApprovalFingerprintId(fingerprint);
|
|
37
|
+
return shellArgvApprovalId(argv);
|
|
38
|
+
}
|
|
39
|
+
function argvMatchesApproval(approved, requested, kind, approvedFingerprint, requestedFingerprint) {
|
|
40
|
+
if (kind === "shell" && approvedFingerprint && requestedFingerprint) {
|
|
41
|
+
return fingerprintDeepEqual(approvedFingerprint, requestedFingerprint);
|
|
42
|
+
}
|
|
29
43
|
if (!approved)
|
|
30
44
|
return false;
|
|
31
45
|
if (argvDeepEqual(approved, requested))
|
|
@@ -38,7 +52,7 @@ function argvMatchesApproval(approved, requested, kind) {
|
|
|
38
52
|
* After redeem, persist a signed execution ticket for hook verification (dual-write with bridge).
|
|
39
53
|
*/
|
|
40
54
|
export async function recordExecutionTicket(ticket, argv, opts) {
|
|
41
|
-
const id =
|
|
55
|
+
const id = shellApprovalId(argv, opts?.approval_fingerprint);
|
|
42
56
|
const dir = executionTicketDir(opts?.storageRoot);
|
|
43
57
|
await mkdir(dir, { recursive: true });
|
|
44
58
|
const claims = verifyExecutionTicket(ticket);
|
|
@@ -47,6 +61,7 @@ export async function recordExecutionTicket(ticket, argv, opts) {
|
|
|
47
61
|
await writeFile(file, JSON.stringify({
|
|
48
62
|
exp: expMs,
|
|
49
63
|
argv: [...argv],
|
|
64
|
+
fingerprint: opts?.approval_fingerprint ?? undefined,
|
|
50
65
|
ticket,
|
|
51
66
|
kind: opts?.kind ?? claims?.kind ?? "shell",
|
|
52
67
|
}), "utf8");
|
|
@@ -68,9 +83,10 @@ export async function tryConsumeExecutionTicket(argv, opts) {
|
|
|
68
83
|
return false;
|
|
69
84
|
}
|
|
70
85
|
const now = Date.now();
|
|
86
|
+
const approvalId = shellApprovalId(argv, opts?.approval_fingerprint);
|
|
71
87
|
const candidates = opts?.kind === "mcp"
|
|
72
88
|
? names.filter((n) => n.endsWith(".json"))
|
|
73
|
-
: names.filter((n) => n.startsWith(`${
|
|
89
|
+
: names.filter((n) => n.startsWith(`${approvalId}_`) && n.endsWith(".json"));
|
|
74
90
|
for (const name of candidates) {
|
|
75
91
|
const file = path.join(dir, name);
|
|
76
92
|
try {
|
|
@@ -80,7 +96,7 @@ export async function tryConsumeExecutionTicket(argv, opts) {
|
|
|
80
96
|
await unlink(file).catch(() => { });
|
|
81
97
|
continue;
|
|
82
98
|
}
|
|
83
|
-
if (!argvMatchesApproval(row.argv, argv, opts?.kind ?? row.kind)) {
|
|
99
|
+
if (!argvMatchesApproval(row.argv, argv, opts?.kind ?? row.kind, row.fingerprint, opts?.approval_fingerprint)) {
|
|
84
100
|
continue;
|
|
85
101
|
}
|
|
86
102
|
const ticket = typeof row.ticket === "string" ? row.ticket : "";
|
|
@@ -89,6 +105,8 @@ export async function tryConsumeExecutionTicket(argv, opts) {
|
|
|
89
105
|
kind: opts?.kind ?? row.kind,
|
|
90
106
|
tool_input_sha256: opts?.tool_input_sha256,
|
|
91
107
|
approved_argv: row.argv,
|
|
108
|
+
approval_fingerprint: opts?.approval_fingerprint,
|
|
109
|
+
approved_fingerprint: row.fingerprint,
|
|
92
110
|
})) {
|
|
93
111
|
continue;
|
|
94
112
|
}
|
|
@@ -105,17 +123,28 @@ export async function tryConsumeExecutionTicket(argv, opts) {
|
|
|
105
123
|
}
|
|
106
124
|
function tryConsumeTicketToken(ticket, argv, opts) {
|
|
107
125
|
const claims = verifyExecutionTicket(ticket);
|
|
126
|
+
const expectedHash = resolveShellApprovalHash({
|
|
127
|
+
kind: opts?.kind ?? "shell",
|
|
128
|
+
argv,
|
|
129
|
+
approval_fingerprint: opts?.approval_fingerprint,
|
|
130
|
+
});
|
|
108
131
|
if (!claims) {
|
|
109
|
-
return argvMatchesApproval(opts?.approved_argv, argv, opts?.kind);
|
|
132
|
+
return argvMatchesApproval(opts?.approved_argv, argv, opts?.kind, opts?.approved_fingerprint, opts?.approval_fingerprint);
|
|
110
133
|
}
|
|
111
134
|
const approvedArgv = opts?.approved_argv;
|
|
135
|
+
const approvedHash = resolveShellApprovalHash({
|
|
136
|
+
kind: opts?.kind ?? claims.kind ?? "shell",
|
|
137
|
+
argv: approvedArgv ?? argv,
|
|
138
|
+
approval_fingerprint: opts?.approved_fingerprint ?? opts?.approval_fingerprint,
|
|
139
|
+
});
|
|
112
140
|
if (approvedArgv) {
|
|
113
|
-
if (claims.argv_sha256 !==
|
|
141
|
+
if (claims.argv_sha256 !== approvedHash)
|
|
114
142
|
return false;
|
|
115
|
-
if (!argvMatchesApproval(approvedArgv, argv, opts?.kind ?? claims.kind))
|
|
143
|
+
if (!argvMatchesApproval(approvedArgv, argv, opts?.kind ?? claims.kind, opts?.approved_fingerprint, opts?.approval_fingerprint)) {
|
|
116
144
|
return false;
|
|
145
|
+
}
|
|
117
146
|
}
|
|
118
|
-
else if (claims.argv_sha256 !==
|
|
147
|
+
else if (claims.argv_sha256 !== expectedHash) {
|
|
119
148
|
return false;
|
|
120
149
|
}
|
|
121
150
|
if (claims.install_id !== getInstallId())
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"execution-ticket.js","sourceRoot":"","sources":["../../src/bridge/execution-ticket.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"execution-ticket.js","sourceRoot":"","sources":["../../src/bridge/execution-ticket.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAC3E,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAG7F,MAAM,CAAC,MAAM,oBAAoB,GAAG,+BAA+B,CAAC;AAEpE,MAAM,UAAU,kBAAkB,CAAC,WAAoB;IACrD,OAAO,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,WAAW,CAAC,EAAE,uBAAuB,CAAC,CAAC;AAClF,CAAC;AAED,SAAS,aAAa,CAAC,MAAe,EAAE,SAA4B;IAClE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC/E,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAe,EAAE,SAA0C;IACvF,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IACxD,OAAO,0BAA0B,CAAC,MAAyC,CAAC,KAAK,0BAA0B,CAAC,SAAS,CAAC,CAAC;AACzH,CAAC;AAED,SAAS,yBAAyB,CAChC,QAA2B,EAC3B,SAA4B;IAE5B,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC9D,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,SAAS,CAAC,CAAC,CAAC,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IAClE,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/C,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,OAAO,QAAQ,CAAC,CAAC,CAAC,KAAK,OAAO,IAAI,SAAS,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC;AAC7D,CAAC;AAED,SAAS,eAAe,CACtB,IAAuB,EACvB,WAAoD;IAEpD,IAAI,WAAW;QAAE,OAAO,0BAA0B,CAAC,WAAW,CAAC,CAAC;IAChE,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,mBAAmB,CAC1B,QAAuC,EACvC,SAA4B,EAC5B,IAAsB,EACtB,mBAA4D,EAC5D,oBAA6D;IAE7D,IAAI,IAAI,KAAK,OAAO,IAAI,mBAAmB,IAAI,oBAAoB,EAAE,CAAC;QACpE,OAAO,oBAAoB,CAAC,mBAAmB,EAAE,oBAAoB,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,CAAC,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5B,IAAI,aAAa,CAAC,QAAQ,EAAE,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,IAAI,IAAI,KAAK,KAAK;QAAE,OAAO,yBAAyB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC1E,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,MAAc,EACd,IAAuB,EACvB,IAIC;IAED,MAAM,EAAE,GAAG,eAAe,CAAC,IAAI,EAAE,IAAI,EAAE,oBAAoB,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAClD,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IACvE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,UAAU,EAAE,OAAO,CAAC,CAAC;IAC1D,MAAM,SAAS,CACb,IAAI,EACJ,IAAI,CAAC,SAAS,CAAC;QACb,GAAG,EAAE,KAAK;QACV,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QACf,WAAW,EAAE,IAAI,EAAE,oBAAoB,IAAI,SAAS;QACpD,MAAM;QACN,IAAI,EAAE,IAAI,EAAE,IAAI,IAAI,MAAM,EAAE,IAAI,IAAI,OAAO;KAC5C,CAAC,EACF,MAAM,CACP,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,IAAuB,EACvB,IAKC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,IAAI,EAAE,CAAC;IAC1D,IAAI,OAAO,IAAI,qBAAqB,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAClD,IAAI,KAAK,GAAa,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,EAAE,IAAI,EAAE,oBAAoB,CAAC,CAAC;IACrE,MAAM,UAAU,GACd,IAAI,EAAE,IAAI,KAAK,KAAK;QAClB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC1C,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,UAAU,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAEjF,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAMzB,CAAC;YACF,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;gBACjD,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;gBACnC,SAAS;YACX,CAAC;YACD,IACE,CAAC,mBAAmB,CAClB,GAAG,CAAC,IAAI,EACR,IAAI,EACJ,IAAI,EAAE,IAAI,IAAK,GAAG,CAAC,IAAwB,EAC3C,GAAG,CAAC,WAAW,EACf,IAAI,EAAE,oBAAoB,CAC3B,EACD,CAAC;gBACD,SAAS;YACX,CAAC;YACD,MAAM,MAAM,GAAG,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,IACE,CAAC,MAAM;gBACP,CAAC,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE;oBACnC,IAAI,EAAE,IAAI,EAAE,IAAI,IAAK,GAAG,CAAC,IAAwB;oBACjD,iBAAiB,EAAE,IAAI,EAAE,iBAAiB;oBAC1C,aAAa,EAAE,GAAG,CAAC,IAAI;oBACvB,oBAAoB,EAAE,IAAI,EAAE,oBAAoB;oBAChD,oBAAoB,EAAE,GAAG,CAAC,WAAW;iBACtC,CAAC,EACF,CAAC;gBACD,SAAS;YACX,CAAC;YACD,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,IAAI,IAAI,GAAG,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI;gBAAE,SAAS;YAC/D,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,qBAAqB,CAC5B,MAAc,EACd,IAAuB,EACvB,IAMC;IAED,MAAM,MAAM,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC7C,MAAM,YAAY,GAAG,wBAAwB,CAAC;QAC5C,IAAI,EAAE,IAAI,EAAE,IAAI,IAAI,OAAO;QAC3B,IAAI;QACJ,oBAAoB,EAAE,IAAI,EAAE,oBAAoB;KACjD,CAAC,CAAC;IAEH,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,mBAAmB,CACxB,IAAI,EAAE,aAAa,EACnB,IAAI,EACJ,IAAI,EAAE,IAAI,EACV,IAAI,EAAE,oBAAoB,EAC1B,IAAI,EAAE,oBAAoB,CAC3B,CAAC;IACJ,CAAC;IACD,MAAM,YAAY,GAAG,IAAI,EAAE,aAAa,CAAC;IACzC,MAAM,YAAY,GAAG,wBAAwB,CAAC;QAC5C,IAAI,EAAE,IAAI,EAAE,IAAI,IAAI,MAAM,CAAC,IAAI,IAAI,OAAO;QAC1C,IAAI,EAAE,YAAY,IAAI,IAAI;QAC1B,oBAAoB,EAAE,IAAI,EAAE,oBAAoB,IAAI,IAAI,EAAE,oBAAoB;KAC/E,CAAC,CAAC;IACH,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,MAAM,CAAC,WAAW,KAAK,YAAY;YAAE,OAAO,KAAK,CAAC;QACtD,IACE,CAAC,mBAAmB,CAClB,YAAY,EACZ,IAAI,EACJ,IAAI,EAAE,IAAI,IAAI,MAAM,CAAC,IAAI,EACzB,IAAI,EAAE,oBAAoB,EAC1B,IAAI,EAAE,oBAAoB,CAC3B,EACD,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,CAAC,WAAW,KAAK,YAAY,EAAE,CAAC;QAC/C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,MAAM,CAAC,UAAU,KAAK,YAAY,EAAE;QAAE,OAAO,KAAK,CAAC;IACvD,IAAI,IAAI,EAAE,IAAI,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAC1D,MAAM,gBAAgB,GAAG,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IACjE,MAAM,aAAa,GACjB,OAAO,MAAM,CAAC,iBAAiB,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACxF,IAAI,aAAa,IAAI,gBAAgB,IAAI,aAAa,KAAK,gBAAgB;QAAE,OAAO,KAAK,CAAC;IAC1F,IAAI,aAAa,IAAI,CAAC,gBAAgB;QAAE,OAAO,KAAK,CAAC;IACrD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -1,23 +1,32 @@
|
|
|
1
1
|
import type { Tier } from "../policy/index.js";
|
|
2
|
+
import type { ShellApprovalFingerprintPayload } from "../shell/analyze-command.js";
|
|
2
3
|
/** Same window as MCP approval grants (see packages/auditor-cli/src/mcp/server.ts). */
|
|
3
4
|
export declare const DEFAULT_SHELL_BRIDGE_TTL_MS: number;
|
|
4
5
|
export declare function shellBridgeDir(cwd?: string): string;
|
|
5
|
-
/** Stable id for argv
|
|
6
|
+
/** Stable id for argv-only legacy bridge rows. */
|
|
6
7
|
export declare function shellArgvApprovalId(argv: readonly string[]): string;
|
|
8
|
+
/** Canonical approval identity for shell commands (full analyzed fingerprint). */
|
|
9
|
+
export declare function shellApprovalFingerprintId(payload: ShellApprovalFingerprintPayload): string;
|
|
10
|
+
export type ShellBridgeRecord = {
|
|
11
|
+
exp: number;
|
|
12
|
+
argv?: string[];
|
|
13
|
+
fingerprint?: ShellApprovalFingerprintPayload;
|
|
14
|
+
};
|
|
7
15
|
/**
|
|
8
16
|
* After MCP `guard` returns allow for a MUTATE shell proposal, record a one-shot
|
|
9
17
|
* bridge so `beforeShellExecution` can allow the matching terminal command once.
|
|
10
18
|
*/
|
|
11
|
-
export declare function recordShellApprovalBridge(
|
|
19
|
+
export declare function recordShellApprovalBridge(fingerprint: ShellApprovalFingerprintPayload, opts?: {
|
|
12
20
|
cwd?: string;
|
|
13
21
|
ttlMs?: number;
|
|
22
|
+
canonical_argv?: readonly string[];
|
|
14
23
|
}): Promise<void>;
|
|
15
24
|
/**
|
|
16
|
-
* If a non-expired bridge file exists for this
|
|
17
|
-
* Otherwise return false. POC: local filesystem trust boundary only.
|
|
25
|
+
* If a non-expired bridge file exists for this fingerprint, delete it and return true.
|
|
18
26
|
*/
|
|
19
|
-
export declare function tryConsumeShellApprovalBridge(
|
|
27
|
+
export declare function tryConsumeShellApprovalBridge(fingerprint: ShellApprovalFingerprintPayload, opts?: {
|
|
20
28
|
cwd?: string;
|
|
29
|
+
legacy_argv?: readonly string[];
|
|
21
30
|
}): Promise<boolean>;
|
|
22
31
|
/** Whether MCP should write a bridge file for this outcome. */
|
|
23
32
|
export declare function shouldRecordShellBridge(opts: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shell-approval-bridge.d.ts","sourceRoot":"","sources":["../../src/bridge/shell-approval-bridge.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"shell-approval-bridge.d.ts","sourceRoot":"","sources":["../../src/bridge/shell-approval-bridge.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,6BAA6B,CAAC;AAEnF,uFAAuF;AACvF,eAAO,MAAM,2BAA2B,QAAiB,CAAC;AAE1D,wBAAgB,cAAc,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAEnD;AAMD,kDAAkD;AAClD,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,GAAG,MAAM,CAEnE;AAED,kFAAkF;AAClF,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,+BAA+B,GAAG,MAAM,CAE3F;AAWD,MAAM,MAAM,iBAAiB,GAAG;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,CAAC,EAAE,+BAA+B,CAAC;CAC/C,CAAC;AAEF;;;GAGG;AACH,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,+BAA+B,EAC5C,IAAI,CAAC,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;CAAE,GAC1E,OAAO,CAAC,IAAI,CAAC,CAef;AAED;;GAEG;AACH,wBAAsB,6BAA6B,CACjD,WAAW,EAAE,+BAA+B,EAC5C,IAAI,CAAC,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;CAAE,GACvD,OAAO,CAAC,OAAO,CAAC,CA2ClB;AAED,+DAA+D;AAC/D,wBAAgB,uBAAuB,CAAC,IAAI,EAAE;IAC5C,QAAQ,EAAE,OAAO,GAAG,kBAAkB,GAAG,OAAO,CAAC;IACjD,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,IAAI,CAAC;CACZ,GAAG,OAAO,CAEV"}
|
|
@@ -6,9 +6,19 @@ export const DEFAULT_SHELL_BRIDGE_TTL_MS = 10 * 60 * 1000;
|
|
|
6
6
|
export function shellBridgeDir(cwd) {
|
|
7
7
|
return path.resolve(cwd ?? process.cwd(), ".cursor/guard/bridge");
|
|
8
8
|
}
|
|
9
|
-
|
|
9
|
+
function stableJsonHash(payload) {
|
|
10
|
+
return createHash("sha256").update(JSON.stringify(payload), "utf8").digest("hex");
|
|
11
|
+
}
|
|
12
|
+
/** Stable id for argv-only legacy bridge rows. */
|
|
10
13
|
export function shellArgvApprovalId(argv) {
|
|
11
|
-
return
|
|
14
|
+
return stableJsonHash([...argv]);
|
|
15
|
+
}
|
|
16
|
+
/** Canonical approval identity for shell commands (full analyzed fingerprint). */
|
|
17
|
+
export function shellApprovalFingerprintId(payload) {
|
|
18
|
+
return stableJsonHash(payload);
|
|
19
|
+
}
|
|
20
|
+
function fingerprintDeepEqual(stored, requested) {
|
|
21
|
+
return stableJsonHash(stored) === shellApprovalFingerprintId(requested);
|
|
12
22
|
}
|
|
13
23
|
function argvDeepEqual(stored, requested) {
|
|
14
24
|
if (!Array.isArray(stored) || stored.length !== requested.length)
|
|
@@ -19,20 +29,25 @@ function argvDeepEqual(stored, requested) {
|
|
|
19
29
|
* After MCP `guard` returns allow for a MUTATE shell proposal, record a one-shot
|
|
20
30
|
* bridge so `beforeShellExecution` can allow the matching terminal command once.
|
|
21
31
|
*/
|
|
22
|
-
export async function recordShellApprovalBridge(
|
|
23
|
-
const id =
|
|
32
|
+
export async function recordShellApprovalBridge(fingerprint, opts) {
|
|
33
|
+
const id = shellApprovalFingerprintId(fingerprint);
|
|
24
34
|
const dir = shellBridgeDir(opts?.cwd);
|
|
25
35
|
await mkdir(dir, { recursive: true });
|
|
26
36
|
const exp = Date.now() + (opts?.ttlMs ?? DEFAULT_SHELL_BRIDGE_TTL_MS);
|
|
27
37
|
const file = path.join(dir, `${id}_${randomUUID()}.json`);
|
|
28
|
-
await writeFile(file, JSON.stringify({
|
|
38
|
+
await writeFile(file, JSON.stringify({
|
|
39
|
+
exp,
|
|
40
|
+
fingerprint,
|
|
41
|
+
argv: opts?.canonical_argv ? [...opts.canonical_argv] : undefined,
|
|
42
|
+
}), "utf8");
|
|
29
43
|
}
|
|
30
44
|
/**
|
|
31
|
-
* If a non-expired bridge file exists for this
|
|
32
|
-
* Otherwise return false. POC: local filesystem trust boundary only.
|
|
45
|
+
* If a non-expired bridge file exists for this fingerprint, delete it and return true.
|
|
33
46
|
*/
|
|
34
|
-
export async function tryConsumeShellApprovalBridge(
|
|
35
|
-
const
|
|
47
|
+
export async function tryConsumeShellApprovalBridge(fingerprint, opts) {
|
|
48
|
+
const ids = new Set([shellApprovalFingerprintId(fingerprint)]);
|
|
49
|
+
if (opts?.legacy_argv)
|
|
50
|
+
ids.add(shellArgvApprovalId(opts.legacy_argv));
|
|
36
51
|
const dir = shellBridgeDir(opts?.cwd);
|
|
37
52
|
let names = [];
|
|
38
53
|
try {
|
|
@@ -42,24 +57,32 @@ export async function tryConsumeShellApprovalBridge(argv, opts) {
|
|
|
42
57
|
return false;
|
|
43
58
|
}
|
|
44
59
|
const now = Date.now();
|
|
45
|
-
const
|
|
46
|
-
|
|
47
|
-
const
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
60
|
+
for (const id of ids) {
|
|
61
|
+
const candidates = names.filter((n) => n.startsWith(`${id}_`) && n.endsWith(".json"));
|
|
62
|
+
for (const name of candidates) {
|
|
63
|
+
const file = path.join(dir, name);
|
|
64
|
+
try {
|
|
65
|
+
const raw = await readFile(file, "utf8");
|
|
66
|
+
const row = JSON.parse(raw);
|
|
67
|
+
if (typeof row.exp !== "number" || row.exp < now) {
|
|
68
|
+
await unlink(file).catch(() => { });
|
|
69
|
+
continue;
|
|
70
|
+
}
|
|
71
|
+
if (row.fingerprint && fingerprintDeepEqual(row.fingerprint, fingerprint)) {
|
|
72
|
+
await unlink(file);
|
|
73
|
+
return true;
|
|
74
|
+
}
|
|
75
|
+
if (opts?.legacy_argv &&
|
|
76
|
+
row.argv &&
|
|
77
|
+
argvDeepEqual(row.argv, opts.legacy_argv) &&
|
|
78
|
+
!row.fingerprint) {
|
|
79
|
+
await unlink(file);
|
|
80
|
+
return true;
|
|
81
|
+
}
|
|
54
82
|
}
|
|
55
|
-
|
|
83
|
+
catch {
|
|
56
84
|
continue;
|
|
57
85
|
}
|
|
58
|
-
await unlink(file);
|
|
59
|
-
return true;
|
|
60
|
-
}
|
|
61
|
-
catch {
|
|
62
|
-
continue;
|
|
63
86
|
}
|
|
64
87
|
}
|
|
65
88
|
return false;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shell-approval-bridge.js","sourceRoot":"","sources":["../../src/bridge/shell-approval-bridge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,IAAI,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"shell-approval-bridge.js","sourceRoot":"","sources":["../../src/bridge/shell-approval-bridge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,IAAI,MAAM,WAAW,CAAC;AAK7B,uFAAuF;AACvF,MAAM,CAAC,MAAM,2BAA2B,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE1D,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,sBAAsB,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,cAAc,CAAC,OAAgB;IACtC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACpF,CAAC;AAED,kDAAkD;AAClD,MAAM,UAAU,mBAAmB,CAAC,IAAuB;IACzD,OAAO,cAAc,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,kFAAkF;AAClF,MAAM,UAAU,0BAA0B,CAAC,OAAwC;IACjF,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAe,EAAE,SAA0C;IACvF,OAAO,cAAc,CAAC,MAAM,CAAC,KAAK,0BAA0B,CAAC,SAAS,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,aAAa,CAAC,MAAe,EAAE,SAA4B;IAClE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC/E,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7E,CAAC;AAQD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,WAA4C,EAC5C,IAA2E;IAE3E,MAAM,EAAE,GAAG,0BAA0B,CAAC,WAAW,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACtC,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,EAAE,KAAK,IAAI,2BAA2B,CAAC,CAAC;IACtE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,UAAU,EAAE,OAAO,CAAC,CAAC;IAC1D,MAAM,SAAS,CACb,IAAI,EACJ,IAAI,CAAC,SAAS,CAAC;QACb,GAAG;QACH,WAAW;QACX,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,SAAS;KAClE,CAAC,EACF,MAAM,CACP,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,WAA4C,EAC5C,IAAwD;IAExD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,0BAA0B,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAC/D,IAAI,IAAI,EAAE,WAAW;QAAE,GAAG,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IAEtE,MAAM,GAAG,GAAG,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACtC,IAAI,KAAK,GAAa,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEvB,KAAK,MAAM,EAAE,IAAI,GAAG,EAAE,CAAC;QACrB,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QACtF,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAClC,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;gBACzC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAsB,CAAC;gBACjD,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;oBACjD,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;oBACnC,SAAS;gBACX,CAAC;gBACD,IAAI,GAAG,CAAC,WAAW,IAAI,oBAAoB,CAAC,GAAG,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;oBAC1E,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;oBACnB,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,IACE,IAAI,EAAE,WAAW;oBACjB,GAAG,CAAC,IAAI;oBACR,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC;oBACzC,CAAC,GAAG,CAAC,WAAW,EAChB,CAAC;oBACD,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;oBACnB,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,uBAAuB,CAAC,IAIvC;IACC,OAAO,IAAI,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC;AAC9E,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent-message.d.ts","sourceRoot":"","sources":["../../src/hooks/agent-message.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAE/C,MAAM,MAAM,QAAQ,GAAG,sBAAsB,GAAG,oBAAoB,CAAC;AAErE,MAAM,MAAM,2BAA2B,GAAG;IACxC,IAAI,EAAE,QAAQ,CAAC;IACf,IAAI,EAAE,IAAI,CAAC;IACX,IAAI,EAAE,SAAS,MAAM,EAAE,CAAC;IACxB,OAAO,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,2DAA2D;IAC3D,cAAc,CAAC,EAAE;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;KAClB,GAAG,IAAI,CAAC;CACV,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;
|
|
1
|
+
{"version":3,"file":"agent-message.d.ts","sourceRoot":"","sources":["../../src/hooks/agent-message.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAE/C,MAAM,MAAM,QAAQ,GAAG,sBAAsB,GAAG,oBAAoB,CAAC;AAErE,MAAM,MAAM,2BAA2B,GAAG;IACxC,IAAI,EAAE,QAAQ,CAAC;IACf,IAAI,EAAE,IAAI,CAAC;IACX,IAAI,EAAE,SAAS,MAAM,EAAE,CAAC;IACxB,OAAO,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,2DAA2D;IAC3D,cAAc,CAAC,EAAE;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;KAClB,GAAG,IAAI,CAAC;CACV,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAkCF,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,2BAA2B,GAAG,gBAAgB,CAgE3F;AAED,wBAAgB,mCAAmC,CAAC,IAAI,EAAE;IACxD,cAAc,EAAE,OAAO,CAAC;CACzB,GAAG,MAAM,GAAG,SAAS,CAKrB"}
|