@safebrowse/daemon 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +64 -11
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +54 -11
- package/dist/cli.js.map +1 -1
- package/dist/loaders.d.ts.map +1 -1
- package/dist/loaders.js +65 -2
- package/dist/loaders.js.map +1 -1
- package/dist/modelGuard.d.ts +28 -0
- package/dist/modelGuard.d.ts.map +1 -0
- package/dist/modelGuard.js +325 -0
- package/dist/modelGuard.js.map +1 -0
- package/dist/parserIsolation.d.ts +7 -9
- package/dist/parserIsolation.d.ts.map +1 -1
- package/dist/parserIsolation.js.map +1 -1
- package/dist/parserWorker.js +11 -12
- package/dist/parserWorker.js.map +1 -1
- package/dist/runtime/config/auditor/{v5_secure_claim_suite.json → v6_secure_claim_suite.json} +9 -9
- package/dist/server.d.ts +5 -3
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +541 -1853
- package/dist/server.js.map +1 -1
- package/package.json +2 -2
- package/dist/runtime/config/auditor/v4_prompt_injection_coverage_suite.json +0 -2789
- package/dist/runtime/config/v2-compromised-fixtures.json +0 -34
|
@@ -0,0 +1,325 @@
|
|
|
1
|
+
const SUPPORTED_FEATURE_SCHEMA_VERSIONS = new Set(["recipe_v1", "v1"]);
|
|
2
|
+
const DECISION_LABELS = new Set([
|
|
3
|
+
"allow_read_only",
|
|
4
|
+
"require_shadow_replay",
|
|
5
|
+
"require_user_approval",
|
|
6
|
+
"deny"
|
|
7
|
+
]);
|
|
8
|
+
const ENFORCEMENT_MODES = new Set(["off", "shadow", "tighten"]);
|
|
9
|
+
const MAX_REASON_CODES = 32;
|
|
10
|
+
const MAX_EVIDENCE_CHUNKS = 12;
|
|
11
|
+
const MAX_EVIDENCE_EXCERPT_CHARS = 1_000;
|
|
12
|
+
function normalizeBaseUrl(value) {
|
|
13
|
+
const trimmed = value?.trim();
|
|
14
|
+
if (!trimmed) {
|
|
15
|
+
return undefined;
|
|
16
|
+
}
|
|
17
|
+
let end = trimmed.length;
|
|
18
|
+
while (end > 0 && trimmed.charCodeAt(end - 1) === 47) {
|
|
19
|
+
end -= 1;
|
|
20
|
+
}
|
|
21
|
+
return trimmed.slice(0, end);
|
|
22
|
+
}
|
|
23
|
+
function defaultHealthSnapshot(configured, enforcementMode, validationError) {
|
|
24
|
+
return {
|
|
25
|
+
configured,
|
|
26
|
+
ready: false,
|
|
27
|
+
runtimeMode: "python_sidecar",
|
|
28
|
+
enforcementMode,
|
|
29
|
+
...(validationError ? { validationError } : {})
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
function isRecord(value) {
|
|
33
|
+
return typeof value === "object" && value !== null && !Array.isArray(value);
|
|
34
|
+
}
|
|
35
|
+
function isFiniteProbability(value) {
|
|
36
|
+
return typeof value === "number" && Number.isFinite(value) && value >= 0 && value <= 1;
|
|
37
|
+
}
|
|
38
|
+
function isFiniteNumber(value) {
|
|
39
|
+
return typeof value === "number" && Number.isFinite(value);
|
|
40
|
+
}
|
|
41
|
+
function requiredString(value, field) {
|
|
42
|
+
if (typeof value !== "string" || value.trim().length === 0) {
|
|
43
|
+
throw new Error(`invalid model guard ${field}`);
|
|
44
|
+
}
|
|
45
|
+
return value;
|
|
46
|
+
}
|
|
47
|
+
function optionalString(value, field) {
|
|
48
|
+
if (value === undefined) {
|
|
49
|
+
return undefined;
|
|
50
|
+
}
|
|
51
|
+
return requiredString(value, field);
|
|
52
|
+
}
|
|
53
|
+
function validateFeatureSchemaVersion(value) {
|
|
54
|
+
const version = requiredString(value, "feature schema version");
|
|
55
|
+
if (!SUPPORTED_FEATURE_SCHEMA_VERSIONS.has(version)) {
|
|
56
|
+
throw new Error(`unsupported model guard feature schema version: ${version}`);
|
|
57
|
+
}
|
|
58
|
+
return version;
|
|
59
|
+
}
|
|
60
|
+
function validateComponentDigests(value) {
|
|
61
|
+
if (value === undefined) {
|
|
62
|
+
return undefined;
|
|
63
|
+
}
|
|
64
|
+
if (!isRecord(value)) {
|
|
65
|
+
throw new Error("invalid model guard component digests");
|
|
66
|
+
}
|
|
67
|
+
const digests = {};
|
|
68
|
+
for (const [key, digest] of Object.entries(value)) {
|
|
69
|
+
if (!/^[A-Za-z0-9_.:-]{1,80}$/.test(key)) {
|
|
70
|
+
throw new Error("invalid model guard component digest key");
|
|
71
|
+
}
|
|
72
|
+
if (typeof digest !== "string" || !/^[A-Fa-f0-9]{32,128}$/.test(digest)) {
|
|
73
|
+
throw new Error("invalid model guard component digest value");
|
|
74
|
+
}
|
|
75
|
+
digests[key] = digest;
|
|
76
|
+
}
|
|
77
|
+
return digests;
|
|
78
|
+
}
|
|
79
|
+
function validateReasonCodes(value) {
|
|
80
|
+
if (!Array.isArray(value) || value.length > MAX_REASON_CODES) {
|
|
81
|
+
throw new Error("invalid model guard reason codes");
|
|
82
|
+
}
|
|
83
|
+
return value.map((entry) => {
|
|
84
|
+
if (typeof entry !== "string" || !/^[A-Z0-9_:-]{1,128}$/.test(entry)) {
|
|
85
|
+
throw new Error("invalid model guard reason code");
|
|
86
|
+
}
|
|
87
|
+
return entry;
|
|
88
|
+
});
|
|
89
|
+
}
|
|
90
|
+
function validateEvidenceChunkIds(value) {
|
|
91
|
+
if (!Array.isArray(value) || value.length > MAX_EVIDENCE_CHUNKS) {
|
|
92
|
+
throw new Error("invalid model guard evidence chunk ids");
|
|
93
|
+
}
|
|
94
|
+
return value.map((entry) => {
|
|
95
|
+
if (typeof entry !== "string" || entry.trim().length === 0 || entry.length > 128) {
|
|
96
|
+
throw new Error("invalid model guard evidence chunk id");
|
|
97
|
+
}
|
|
98
|
+
return entry;
|
|
99
|
+
});
|
|
100
|
+
}
|
|
101
|
+
function validateEvidenceChunks(value) {
|
|
102
|
+
if (value === undefined) {
|
|
103
|
+
return undefined;
|
|
104
|
+
}
|
|
105
|
+
if (!Array.isArray(value) || value.length > MAX_EVIDENCE_CHUNKS) {
|
|
106
|
+
throw new Error("invalid model guard evidence chunks");
|
|
107
|
+
}
|
|
108
|
+
return value.map((entry) => {
|
|
109
|
+
if (!isRecord(entry)) {
|
|
110
|
+
throw new Error("invalid model guard evidence chunk");
|
|
111
|
+
}
|
|
112
|
+
const chunkId = requiredString(entry.chunkId, "evidence chunk id");
|
|
113
|
+
const excerpt = requiredString(entry.excerpt, "evidence chunk excerpt").slice(0, MAX_EVIDENCE_EXCERPT_CHARS);
|
|
114
|
+
if (entry.score !== undefined && !isFiniteNumber(entry.score)) {
|
|
115
|
+
throw new Error("invalid model guard evidence chunk score");
|
|
116
|
+
}
|
|
117
|
+
return {
|
|
118
|
+
chunkId,
|
|
119
|
+
...(typeof entry.score === "number" ? { score: entry.score } : {}),
|
|
120
|
+
excerpt
|
|
121
|
+
};
|
|
122
|
+
});
|
|
123
|
+
}
|
|
124
|
+
function validateHealthPayload(payload) {
|
|
125
|
+
if (!isRecord(payload)) {
|
|
126
|
+
throw new Error("invalid model guard health payload");
|
|
127
|
+
}
|
|
128
|
+
if (payload.status !== "ok" && payload.status !== "error") {
|
|
129
|
+
throw new Error("invalid model guard health status");
|
|
130
|
+
}
|
|
131
|
+
if (typeof payload.ready !== "boolean") {
|
|
132
|
+
throw new Error("invalid model guard health ready flag");
|
|
133
|
+
}
|
|
134
|
+
if (payload.runtimeMode !== "python_sidecar") {
|
|
135
|
+
throw new Error("invalid model guard runtime mode");
|
|
136
|
+
}
|
|
137
|
+
if (!ENFORCEMENT_MODES.has(payload.enforcementMode)) {
|
|
138
|
+
throw new Error("invalid model guard health enforcement mode");
|
|
139
|
+
}
|
|
140
|
+
const ready = payload.status === "ok" && payload.ready;
|
|
141
|
+
const bundleVersion = optionalString(payload.bundleVersion, "bundle version");
|
|
142
|
+
const featureSchemaVersion = ready
|
|
143
|
+
? validateFeatureSchemaVersion(payload.featureSchemaVersion)
|
|
144
|
+
: optionalString(payload.featureSchemaVersion, "feature schema version");
|
|
145
|
+
const bundleDigest = optionalString(payload.bundleDigest, "bundle digest");
|
|
146
|
+
const componentDigests = validateComponentDigests(payload.componentDigests);
|
|
147
|
+
return {
|
|
148
|
+
status: payload.status,
|
|
149
|
+
ready,
|
|
150
|
+
runtimeMode: "python_sidecar",
|
|
151
|
+
enforcementMode: payload.enforcementMode,
|
|
152
|
+
...(bundleVersion ? { bundleVersion } : {}),
|
|
153
|
+
...(featureSchemaVersion ? { featureSchemaVersion } : {}),
|
|
154
|
+
...(bundleDigest ? { bundleDigest } : {}),
|
|
155
|
+
...(componentDigests ? { componentDigests } : {})
|
|
156
|
+
};
|
|
157
|
+
}
|
|
158
|
+
function validateObservationResponsePayload(payload, health, enforcementMode) {
|
|
159
|
+
if (!isRecord(payload) || !isRecord(payload.assessment)) {
|
|
160
|
+
throw new Error("invalid model guard observation response");
|
|
161
|
+
}
|
|
162
|
+
const assessment = payload.assessment;
|
|
163
|
+
const decisionLabel = assessment.decisionLabel;
|
|
164
|
+
const calibratedDecisionLabel = assessment.calibratedDecisionLabel;
|
|
165
|
+
if (!DECISION_LABELS.has(decisionLabel)) {
|
|
166
|
+
throw new Error("invalid model guard decision label");
|
|
167
|
+
}
|
|
168
|
+
if (!DECISION_LABELS.has(calibratedDecisionLabel)) {
|
|
169
|
+
throw new Error("invalid model guard calibrated decision label");
|
|
170
|
+
}
|
|
171
|
+
if (!isFiniteProbability(assessment.binaryThreatProbability)) {
|
|
172
|
+
throw new Error("invalid model guard probability");
|
|
173
|
+
}
|
|
174
|
+
if (!isRecord(assessment.pipeline)) {
|
|
175
|
+
throw new Error("invalid model guard pipeline metadata");
|
|
176
|
+
}
|
|
177
|
+
const pipeline = assessment.pipeline;
|
|
178
|
+
if (pipeline.runtimeMode !== "python_sidecar") {
|
|
179
|
+
throw new Error("invalid model guard assessment runtime mode");
|
|
180
|
+
}
|
|
181
|
+
if (typeof pipeline.scoredAt !== "string" || pipeline.scoredAt.trim().length === 0) {
|
|
182
|
+
throw new Error("invalid model guard scored timestamp");
|
|
183
|
+
}
|
|
184
|
+
const bundleVersion = requiredString(assessment.bundleVersion, "bundle version");
|
|
185
|
+
const featureSchemaVersion = validateFeatureSchemaVersion(assessment.featureSchemaVersion);
|
|
186
|
+
if (health.bundleVersion && health.bundleVersion !== bundleVersion) {
|
|
187
|
+
throw new Error("model guard bundle version changed after health check");
|
|
188
|
+
}
|
|
189
|
+
if (health.featureSchemaVersion && health.featureSchemaVersion !== featureSchemaVersion) {
|
|
190
|
+
throw new Error("model guard feature schema version changed after health check");
|
|
191
|
+
}
|
|
192
|
+
const bundleDigest = optionalString(assessment.bundleDigest, "bundle digest") ?? health.bundleDigest;
|
|
193
|
+
const componentDigests = validateComponentDigests(assessment.componentDigests) ?? health.componentDigests;
|
|
194
|
+
const evidenceChunks = validateEvidenceChunks(payload.evidenceChunks);
|
|
195
|
+
return {
|
|
196
|
+
assessment: {
|
|
197
|
+
assessmentId: requiredString(assessment.assessmentId, "assessment id"),
|
|
198
|
+
bundleVersion,
|
|
199
|
+
featureSchemaVersion,
|
|
200
|
+
...(bundleDigest ? { bundleDigest } : {}),
|
|
201
|
+
...(componentDigests ? { componentDigests } : {}),
|
|
202
|
+
binaryThreatProbability: assessment.binaryThreatProbability,
|
|
203
|
+
decisionLabel: decisionLabel,
|
|
204
|
+
calibratedDecisionLabel: calibratedDecisionLabel,
|
|
205
|
+
coarseReasonCodes: validateReasonCodes(assessment.coarseReasonCodes),
|
|
206
|
+
evidenceChunkIds: validateEvidenceChunkIds(assessment.evidenceChunkIds),
|
|
207
|
+
pipeline: {
|
|
208
|
+
runtimeMode: "python_sidecar",
|
|
209
|
+
enforcementMode,
|
|
210
|
+
scoredAt: pipeline.scoredAt,
|
|
211
|
+
...(typeof pipeline.latencyMs === "number" && Number.isFinite(pipeline.latencyMs)
|
|
212
|
+
? { latencyMs: pipeline.latencyMs }
|
|
213
|
+
: {}),
|
|
214
|
+
...(typeof pipeline.sentinelVersion === "string"
|
|
215
|
+
? { sentinelVersion: pipeline.sentinelVersion }
|
|
216
|
+
: {}),
|
|
217
|
+
...(typeof pipeline.expertVersion === "string"
|
|
218
|
+
? { expertVersion: pipeline.expertVersion }
|
|
219
|
+
: {}),
|
|
220
|
+
...(typeof pipeline.stackerVersion === "string"
|
|
221
|
+
? { stackerVersion: pipeline.stackerVersion }
|
|
222
|
+
: {})
|
|
223
|
+
}
|
|
224
|
+
},
|
|
225
|
+
...(evidenceChunks ? { evidenceChunks } : {})
|
|
226
|
+
};
|
|
227
|
+
}
|
|
228
|
+
class DisabledModelGuardClient {
|
|
229
|
+
enforcementMode;
|
|
230
|
+
configured = false;
|
|
231
|
+
constructor(enforcementMode = "off") {
|
|
232
|
+
this.enforcementMode = enforcementMode;
|
|
233
|
+
}
|
|
234
|
+
async scoreObservation() {
|
|
235
|
+
throw new Error("model guard is not configured");
|
|
236
|
+
}
|
|
237
|
+
async getCachedHealth() {
|
|
238
|
+
return defaultHealthSnapshot(false, this.enforcementMode);
|
|
239
|
+
}
|
|
240
|
+
async refreshHealth() {
|
|
241
|
+
return defaultHealthSnapshot(false, this.enforcementMode);
|
|
242
|
+
}
|
|
243
|
+
async close() {
|
|
244
|
+
return;
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
class HttpModelGuardClient {
|
|
248
|
+
baseUrl;
|
|
249
|
+
timeoutMs;
|
|
250
|
+
enforcementMode;
|
|
251
|
+
configured = true;
|
|
252
|
+
cachedHealth;
|
|
253
|
+
constructor(baseUrl, timeoutMs, enforcementMode) {
|
|
254
|
+
this.baseUrl = baseUrl;
|
|
255
|
+
this.timeoutMs = timeoutMs;
|
|
256
|
+
this.enforcementMode = enforcementMode;
|
|
257
|
+
this.cachedHealth = defaultHealthSnapshot(true, enforcementMode);
|
|
258
|
+
}
|
|
259
|
+
async scoreObservation(request) {
|
|
260
|
+
if (this.enforcementMode === "off") {
|
|
261
|
+
throw new Error("model guard scoring is disabled");
|
|
262
|
+
}
|
|
263
|
+
if (!this.cachedHealth.ready) {
|
|
264
|
+
throw new Error("model guard is not ready");
|
|
265
|
+
}
|
|
266
|
+
const response = await fetch(`${this.baseUrl}/v1/score/observation`, {
|
|
267
|
+
method: "POST",
|
|
268
|
+
headers: {
|
|
269
|
+
"content-type": "application/json"
|
|
270
|
+
},
|
|
271
|
+
body: JSON.stringify(request),
|
|
272
|
+
signal: AbortSignal.timeout(this.timeoutMs)
|
|
273
|
+
});
|
|
274
|
+
if (!response.ok) {
|
|
275
|
+
throw new Error(`model guard returned ${response.status}`);
|
|
276
|
+
}
|
|
277
|
+
return validateObservationResponsePayload(await response.json(), this.cachedHealth, this.enforcementMode);
|
|
278
|
+
}
|
|
279
|
+
async getCachedHealth() {
|
|
280
|
+
return this.cachedHealth;
|
|
281
|
+
}
|
|
282
|
+
async refreshHealth() {
|
|
283
|
+
try {
|
|
284
|
+
const response = await fetch(`${this.baseUrl}/health`, {
|
|
285
|
+
method: "GET",
|
|
286
|
+
signal: AbortSignal.timeout(this.timeoutMs)
|
|
287
|
+
});
|
|
288
|
+
if (!response.ok) {
|
|
289
|
+
throw new Error(`model guard returned ${response.status}`);
|
|
290
|
+
}
|
|
291
|
+
const payload = validateHealthPayload(await response.json());
|
|
292
|
+
this.cachedHealth = {
|
|
293
|
+
configured: true,
|
|
294
|
+
ready: payload.ready,
|
|
295
|
+
runtimeMode: payload.runtimeMode,
|
|
296
|
+
enforcementMode: this.enforcementMode,
|
|
297
|
+
bundleVersion: payload.bundleVersion,
|
|
298
|
+
featureSchemaVersion: payload.featureSchemaVersion,
|
|
299
|
+
bundleDigest: payload.bundleDigest,
|
|
300
|
+
componentDigests: payload.componentDigests,
|
|
301
|
+
lastCheckedAt: new Date().toISOString()
|
|
302
|
+
};
|
|
303
|
+
}
|
|
304
|
+
catch (error) {
|
|
305
|
+
this.cachedHealth = {
|
|
306
|
+
...defaultHealthSnapshot(true, this.enforcementMode, error instanceof Error ? error.message : "model guard health check failed"),
|
|
307
|
+
lastCheckedAt: new Date().toISOString()
|
|
308
|
+
};
|
|
309
|
+
}
|
|
310
|
+
return this.cachedHealth;
|
|
311
|
+
}
|
|
312
|
+
async close() {
|
|
313
|
+
return;
|
|
314
|
+
}
|
|
315
|
+
}
|
|
316
|
+
export function createModelGuardClient(options = {}) {
|
|
317
|
+
const baseUrl = normalizeBaseUrl(options.baseUrl);
|
|
318
|
+
const enforcementMode = options.enforcementMode ?? "off";
|
|
319
|
+
const timeoutMs = options.timeoutMs ?? 2_500;
|
|
320
|
+
if (!baseUrl) {
|
|
321
|
+
return new DisabledModelGuardClient(enforcementMode);
|
|
322
|
+
}
|
|
323
|
+
return new HttpModelGuardClient(baseUrl, timeoutMs, enforcementMode);
|
|
324
|
+
}
|
|
325
|
+
//# sourceMappingURL=modelGuard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"modelGuard.js","sourceRoot":"","sources":["../src/modelGuard.ts"],"names":[],"mappings":"AASA,MAAM,iCAAiC,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC;AACvE,MAAM,eAAe,GAAG,IAAI,GAAG,CAA0B;IACvD,iBAAiB;IACjB,uBAAuB;IACvB,uBAAuB;IACvB,MAAM;CACP,CAAC,CAAC;AACH,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAA4B,CAAC,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;AAC3F,MAAM,gBAAgB,GAAG,EAAE,CAAC;AAC5B,MAAM,mBAAmB,GAAG,EAAE,CAAC;AAC/B,MAAM,0BAA0B,GAAG,KAAK,CAAC;AA8BzC,SAAS,gBAAgB,CAAC,KAAyB;IACjD,MAAM,OAAO,GAAG,KAAK,EAAE,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IACzB,OAAO,GAAG,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;QACrD,GAAG,IAAI,CAAC,CAAC;IACX,CAAC;IACD,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AAC/B,CAAC;AAED,SAAS,qBAAqB,CAC5B,UAAmB,EACnB,eAA0C,EAC1C,eAAwB;IAExB,OAAO;QACL,UAAU;QACV,KAAK,EAAE,KAAK;QACZ,WAAW,EAAE,gBAAgB;QAC7B,eAAe;QACf,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAChD,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc;IACzC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;AACzF,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,cAAc,CAAC,KAAc,EAAE,KAAa;IACnD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,uBAAuB,KAAK,EAAE,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,KAAc,EAAE,KAAa;IACnD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,cAAc,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;AACtC,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAc;IAClD,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,EAAE,wBAAwB,CAAC,CAAC;IAChE,IAAI,CAAC,iCAAiC,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,mDAAmD,OAAO,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAc;IAC9C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAClD,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YACxE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;IACxB,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc;IACzC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QACzB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAc;IAC9C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,mBAAmB,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC5D,CAAC;IACD,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QACzB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACjF,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAc;IAC5C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,mBAAmB,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QACzB,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;QACnE,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,OAAO,EAAE,wBAAwB,CAAC,CAAC,KAAK,CAC3E,CAAC,EACD,0BAA0B,CAC3B,CAAC;QACF,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO;YACL,OAAO;YACP,GAAG,CAAC,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,OAAO;SACR,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAgB;IAC7C,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,OAAO,CAAC,WAAW,KAAK,gBAAgB,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IACD,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,eAA4C,CAAC,EAAE,CAAC;QACjF,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC;IACvD,MAAM,aAAa,GAAG,cAAc,CAAC,OAAO,CAAC,aAAa,EAAE,gBAAgB,CAAC,CAAC;IAC9E,MAAM,oBAAoB,GAAG,KAAK;QAChC,CAAC,CAAC,4BAA4B,CAAC,OAAO,CAAC,oBAAoB,CAAC;QAC5D,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,oBAAoB,EAAE,wBAAwB,CAAC,CAAC;IAC3E,MAAM,YAAY,GAAG,cAAc,CAAC,OAAO,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;IAC3E,MAAM,gBAAgB,GAAG,wBAAwB,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAE5E,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,KAAK;QACL,WAAW,EAAE,gBAAgB;QAC7B,eAAe,EAAE,OAAO,CAAC,eAA4C;QACrE,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3C,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzD,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAClD,CAAC;AACJ,CAAC;AAED,SAAS,kCAAkC,CACzC,OAAgB,EAChB,MAAgC,EAChC,eAA0C;IAE1C,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IACD,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACtC,MAAM,aAAa,GAAG,UAAU,CAAC,aAAa,CAAC;IAC/C,MAAM,uBAAuB,GAAG,UAAU,CAAC,uBAAuB,CAAC;IACnE,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,aAAwC,CAAC,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,uBAAkD,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,CAAC,mBAAmB,CAAC,UAAU,CAAC,uBAAuB,CAAC,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC;IACrC,IAAI,QAAQ,CAAC,WAAW,KAAK,gBAAgB,EAAE,CAAC;QAC9C,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,OAAO,QAAQ,CAAC,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnF,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,aAAa,GAAG,cAAc,CAAC,UAAU,CAAC,aAAa,EAAE,gBAAgB,CAAC,CAAC;IACjF,MAAM,oBAAoB,GAAG,4BAA4B,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IAC3F,IAAI,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,aAAa,KAAK,aAAa,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,MAAM,CAAC,oBAAoB,IAAI,MAAM,CAAC,oBAAoB,KAAK,oBAAoB,EAAE,CAAC;QACxF,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;IACnF,CAAC;IAED,MAAM,YAAY,GAAG,cAAc,CAAC,UAAU,CAAC,YAAY,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,YAAY,CAAC;IACrG,MAAM,gBAAgB,GACpB,wBAAwB,CAAC,UAAU,CAAC,gBAAgB,CAAC,IAAI,MAAM,CAAC,gBAAgB,CAAC;IACnF,MAAM,cAAc,GAAG,sBAAsB,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAEtE,OAAO;QACL,UAAU,EAAE;YACV,YAAY,EAAE,cAAc,CAAC,UAAU,CAAC,YAAY,EAAE,eAAe,CAAC;YACtE,aAAa;YACb,oBAAoB;YACpB,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACzC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACjD,uBAAuB,EAAE,UAAU,CAAC,uBAAuB;YAC3D,aAAa,EAAE,aAAwC;YACvD,uBAAuB,EAAE,uBAAkD;YAC3E,iBAAiB,EAAE,mBAAmB,CAAC,UAAU,CAAC,iBAAiB,CAAC;YACpE,gBAAgB,EAAE,wBAAwB,CAAC,UAAU,CAAC,gBAAgB,CAAC;YACvE,QAAQ,EAAE;gBACR,WAAW,EAAE,gBAAgB;gBAC7B,eAAe;gBACf,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,GAAG,CAAC,OAAO,QAAQ,CAAC,SAAS,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;oBAC/E,CAAC,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE;oBACnC,CAAC,CAAC,EAAE,CAAC;gBACP,GAAG,CAAC,OAAO,QAAQ,CAAC,eAAe,KAAK,QAAQ;oBAC9C,CAAC,CAAC,EAAE,eAAe,EAAE,QAAQ,CAAC,eAAe,EAAE;oBAC/C,CAAC,CAAC,EAAE,CAAC;gBACP,GAAG,CAAC,OAAO,QAAQ,CAAC,aAAa,KAAK,QAAQ;oBAC5C,CAAC,CAAC,EAAE,aAAa,EAAE,QAAQ,CAAC,aAAa,EAAE;oBAC3C,CAAC,CAAC,EAAE,CAAC;gBACP,GAAG,CAAC,OAAO,QAAQ,CAAC,cAAc,KAAK,QAAQ;oBAC7C,CAAC,CAAC,EAAE,cAAc,EAAE,QAAQ,CAAC,cAAc,EAAE;oBAC7C,CAAC,CAAC,EAAE,CAAC;aACR;SACF;QACD,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9C,CAAC;AACJ,CAAC;AAED,MAAM,wBAAwB;IAGP;IAFZ,UAAU,GAAG,KAAK,CAAC;IAE5B,YAAqB,kBAA6C,KAAK;QAAlD,oBAAe,GAAf,eAAe,CAAmC;IAAG,CAAC;IAE3E,KAAK,CAAC,gBAAgB;QACpB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,OAAO,qBAAqB,CAAC,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,OAAO,qBAAqB,CAAC,KAAK,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5D,CAAC;IAED,KAAK,CAAC,KAAK;QACT,OAAO;IACT,CAAC;CACF;AAED,MAAM,oBAAoB;IAML;IACA;IACR;IAPF,UAAU,GAAG,IAAI,CAAC;IAEnB,YAAY,CAA2B;IAE/C,YACmB,OAAe,EACf,SAAiB,EACzB,eAA0C;QAFlC,YAAO,GAAP,OAAO,CAAQ;QACf,cAAS,GAAT,SAAS,CAAQ;QACzB,oBAAe,GAAf,eAAe,CAA2B;QAEnD,IAAI,CAAC,YAAY,GAAG,qBAAqB,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;IACnE,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,OAAqC;QAC1D,IAAI,IAAI,CAAC,eAAe,KAAK,KAAK,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,uBAAuB,EAAE;YACnE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC;SAC5C,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO,kCAAkC,CACvC,MAAM,QAAQ,CAAC,IAAI,EAAE,EACrB,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,eAAe,CACrB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,SAAS,EAAE;gBACrD,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC;aAC5C,CAAC,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC7D,CAAC;YACD,MAAM,OAAO,GAAG,qBAAqB,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;YAC7D,IAAI,CAAC,YAAY,GAAG;gBAClB,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,eAAe,EAAE,IAAI,CAAC,eAAe;gBACrC,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;gBAClD,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;gBAC1C,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACxC,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,YAAY,GAAG;gBAClB,GAAG,qBAAqB,CACtB,IAAI,EACJ,IAAI,CAAC,eAAe,EACpB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,iCAAiC,CAC3E;gBACD,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACxC,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,KAAK;QACT,OAAO;IACT,CAAC;CACF;AAED,MAAM,UAAU,sBAAsB,CAAC,UAAmC,EAAE;IAC1E,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAClD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,KAAK,CAAC;IACzD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,KAAK,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,IAAI,wBAAwB,CAAC,eAAe,CAAC,CAAC;IACvD,CAAC;IACD,OAAO,IAAI,oBAAoB,CAAC,OAAO,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;AACvE,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { CompiledObservationV6, ParserIsolationMode, ParserWorkerProbe, PlannerViewV6, RuntimeContext, SurfaceCapture } from "@safebrowse/core";
|
|
2
2
|
type ToolManifestDigests = {
|
|
3
3
|
manifestHash?: string;
|
|
4
4
|
schemaHash?: string;
|
|
@@ -13,12 +13,11 @@ export interface ParserIsolationService {
|
|
|
13
13
|
workflowHash?: string;
|
|
14
14
|
allowlistedEgress?: string[];
|
|
15
15
|
runtime?: Partial<RuntimeContext>;
|
|
16
|
-
compilerVersion?: "
|
|
16
|
+
compilerVersion?: "v6";
|
|
17
17
|
parserIsolationMode?: ParserIsolationMode;
|
|
18
18
|
}): Promise<{
|
|
19
|
-
compiledObservation:
|
|
20
|
-
|
|
21
|
-
plannerView?: unknown;
|
|
19
|
+
compiledObservation: CompiledObservationV6;
|
|
20
|
+
plannerView?: PlannerViewV6;
|
|
22
21
|
toolManifestDigests?: ToolManifestDigests;
|
|
23
22
|
}>;
|
|
24
23
|
getCachedProbe(): Promise<ParserIsolationProbeSnapshot>;
|
|
@@ -35,12 +34,11 @@ export declare function compileObservationInIsolation(input: {
|
|
|
35
34
|
workflowHash?: string;
|
|
36
35
|
allowlistedEgress?: string[];
|
|
37
36
|
runtime?: Partial<RuntimeContext>;
|
|
38
|
-
compilerVersion?: "
|
|
37
|
+
compilerVersion?: "v6";
|
|
39
38
|
parserIsolationMode?: ParserIsolationMode;
|
|
40
39
|
}): Promise<{
|
|
41
|
-
compiledObservation:
|
|
42
|
-
|
|
43
|
-
plannerView?: unknown;
|
|
40
|
+
compiledObservation: CompiledObservationV6;
|
|
41
|
+
plannerView?: PlannerViewV6;
|
|
44
42
|
toolManifestDigests?: ToolManifestDigests;
|
|
45
43
|
}>;
|
|
46
44
|
export declare function probeParserIsolation(parserIsolationMode?: ParserIsolationMode): Promise<ParserWorkerProbe>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parserIsolation.d.ts","sourceRoot":"","sources":["../src/parserIsolation.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EACV,
|
|
1
|
+
{"version":3,"file":"parserIsolation.d.ts","sourceRoot":"","sources":["../src/parserIsolation.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EACV,qBAAqB,EACrB,mBAAmB,EACnB,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,cAAc,EACf,MAAM,kBAAkB,CAAC;AAgC1B,KAAK,mBAAmB,GAAG;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAmBF,MAAM,WAAW,4BAA4B;IAC3C,KAAK,EAAE,iBAAiB,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,sBAAsB;IACrC,kBAAkB,CAAC,KAAK,EAAE;QACxB,OAAO,EAAE,cAAc,CAAC;QACxB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC7B,OAAO,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;QAClC,eAAe,CAAC,EAAE,IAAI,CAAC;QACvB,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;KAC3C,GAAG,OAAO,CAAC;QACV,mBAAmB,EAAE,qBAAqB,CAAC;QAC3C,WAAW,CAAC,EAAE,aAAa,CAAC;QAC5B,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;KAC3C,CAAC,CAAC;IACH,cAAc,IAAI,OAAO,CAAC,4BAA4B,CAAC,CAAC;IACxD,YAAY,IAAI,OAAO,CAAC,4BAA4B,CAAC,CAAC;IACtD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB;AAED,UAAU,6BAA6B;IACrC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;CACnC;AAoPD,wBAAgB,4BAA4B,CAC1C,mBAAmB,GAAE,mBAAwC,EAC7D,OAAO,GAAE,6BAAkC,GAC1C,sBAAsB,CAExB;AAED,wBAAgB,6BAA6B,CAAC,KAAK,EAAE;IACnD,OAAO,EAAE,cAAc,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;IAClC,eAAe,CAAC,EAAE,IAAI,CAAC;IACvB,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;CAC3C,GAAG,OAAO,CAAC;IACV,mBAAmB,EAAE,qBAAqB,CAAC;IAC3C,WAAW,CAAC,EAAE,aAAa,CAAC;IAC5B,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;CAC3C,CAAC,CAMD;AAED,wBAAgB,oBAAoB,CAClC,mBAAmB,GAAE,mBAAwC,GAC5D,OAAO,CAAC,iBAAiB,CAAC,CAI5B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parserIsolation.js","sourceRoot":"","sources":["../src/parserIsolation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAqB,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAW7C,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1D,MAAM,kBAAkB,GAAG,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;AACjE,MAAM,gBAAgB,GAAG,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;AAC/D,MAAM,UAAU,GAAG,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"parserIsolation.js","sourceRoot":"","sources":["../src/parserIsolation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAqB,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAW7C,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1D,MAAM,kBAAkB,GAAG,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;AACjE,MAAM,gBAAgB,GAAG,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;AAC/D,MAAM,UAAU,GAAG,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,gBAAgB,CAAC;AA6E1F,SAAS,eAAe;IACtB,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1F,CAAC;AAED,SAAS,aAAa,CAAC,IAAyB;IAC9C,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QACzC,CAAC,CAAC,IAAI,KAAK,yBAAyB;YAClC,CAAC,CAAC,CAAC,4BAA4B,CAAC;YAChC,CAAC,CAAC,CAAC,UAAU,EAAE,KAAK,CAAC;QACvB,CAAC,CAAC,EAAE,CAAC;IACP,IAAI,IAAI,KAAK,yBAAyB,EAAE,CAAC;QACvC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO;QACL,cAAc;QACd,GAAG,eAAe,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,mBAAmB,IAAI,EAAE,CAAC;QAC7D,GAAG,QAAQ;KACZ,CAAC;AACJ,CAAC;AAOD,MAAM,0BAA0B;IAYX;IACA;IAZX,KAAK,CAAgB;IAErB,MAAM,GAAG,KAAK,CAAC;IAEf,WAAW,CAAgC;IAE3C,OAAO,CAAiB;IAEf,OAAO,GAAG,IAAI,GAAG,EAAmC,CAAC;IAEtE,YACmB,IAAyB,EACzB,UAAyC,EAAE;QAD3C,SAAI,GAAJ,IAAI,CAAqB;QACzB,YAAO,GAAP,OAAO,CAAoC;IAC3D,CAAC;IAEJ,KAAK,CAAC,kBAAkB,CAAC,KAOxB;QAKC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAIlC;YACD,IAAI,EAAE,OAAO;YACb,eAAe,EAAE,KAAK,CAAC,eAAe;YACtC,mBAAmB,EAAE,KAAK,CAAC,mBAAmB,IAAI,IAAI,CAAC,IAAI;YAC3D,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,iBAAiB,EACf,KAAK,CAAC,iBAAiB,IAAI,IAAI,CAAC,OAAO,CAAC,iBAAiB;YAC3D,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO;SAC/C,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC,WAAW,CAAC;QAC1B,CAAC;QAED,OAAO,IAAI,CAAC,YAAY,EAAE,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAoB;YACtD,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,GAAG;YACjB,KAAK;YACL,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACxC,CAAC;QACF,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC7B,MAAM,YAAY,GAAG,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QAClE,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YAC1D,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC/B,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC/B,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QAEzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACvB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;QACT,CAAC;QAED,MAAM,IAAI,OAAO,CAAO,CAAC,cAAc,EAAE,EAAE;YACzC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,cAAc,EAAE,CAAC,CAAC;YAC5C,KAAK,CAAC,IAAI,EAAE,CAAC;QACf,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,OAAO,CAAC;QACtB,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,EAAE,EAAE,EAAE;gBACjC,GAAG,EACD,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,yBAAyB;oBACnE,CAAC,CAAC,EAAE,iBAAiB,EAAE,GAAG,EAAE;oBAC5B,CAAC,CAAC,EAAE;gBACR,KAAK,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC;gBAC5C,QAAQ,EAAE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;aACnC,CAAC,CAAC;YACH,KAAK,CAAC,KAAK,EAAE,CAAC;YAEd,KAAK,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,OAAgB,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;YACvE,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC;YAC9D,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;gBAChC,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5C,IAAI,CAAC,mBAAmB,CACtB,IAAI,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,kCAAkC,IAAI,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAC9F,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;YAEnB,IAAI,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC3D,MAAM,IAAI,CAAC,WAAW,CAAO;oBAC3B,IAAI,EAAE,WAAW;oBACjB,mBAAmB,EAAE,IAAI,CAAC,IAAI;oBAC9B,iBAAiB,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB;oBACjD,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO;iBAC9B,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;YAChB,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAEO,aAAa,CAAC,OAAgB;QACpC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,WAAW,IAAI,OAAO,CAAC,EAAE,CAAC;YACzE,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,OAAiC,CAAC;QACnD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACrD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACxC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;YAC1C,OAAO;QACT,CAAC;QAED,OAAO,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,MAAM,CAAY,CAAC,CAAC;IAClE,CAAC;IAEO,mBAAmB,CAAC,KAAa;QACvC,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACvB,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,CAAC,kBAAkB,EAAE,CAAC;QAC7B,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YAC3C,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,KAAK,IAAI,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACxE,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YAC1D,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC/B,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW,CAAI,OAAsB;QACjD,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAE1B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,OAAO,IAAI,OAAO,CAAI,CAAC,cAAc,EAAE,aAAa,EAAE,EAAE;YACtD,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE;gBAC1B,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,cAAc,CAAC,KAAU,CAAC;gBAC9C,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;YAEH,IAAI,CAAC;gBACH,KAAK,CAAC,IAAI,CAAC;oBACT,SAAS;oBACT,OAAO;iBACwB,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAC/B,aAAa,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,eAAe,GAAG,IAAI,GAAG,EAA+C,CAAC;AAE/E,SAAS,qBAAqB,CAAC,IAAyB;IACtD,IAAI,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,4BAA4B,CAAC,IAAI,CAAC,CAAC;QAC7C,eAAe,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,sBAA2C,kBAAkB,EAC7D,UAAyC,EAAE;IAE3C,OAAO,IAAI,0BAA0B,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,6BAA6B,CAAC,KAO7C;IAKC,MAAM,IAAI,GAAG,KAAK,CAAC,mBAAmB,IAAI,kBAAkB,CAAC;IAC7D,OAAO,qBAAqB,CAAC,IAAI,CAAC,CAAC,kBAAkB,CAAC;QACpD,GAAG,KAAK;QACR,mBAAmB,EAAE,IAAI;KAC1B,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,sBAA2C,kBAAkB;IAE7D,OAAO,qBAAqB,CAAC,mBAAmB,CAAC;SAC9C,YAAY,EAAE;SACd,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACxC,CAAC"}
|
package/dist/parserWorker.js
CHANGED
|
@@ -2,6 +2,7 @@ import { existsSync } from "node:fs";
|
|
|
2
2
|
import { createRequire } from "node:module";
|
|
3
3
|
import os from "node:os";
|
|
4
4
|
import process from "node:process";
|
|
5
|
+
import { fileURLToPath } from "node:url";
|
|
5
6
|
const require = createRequire(import.meta.url);
|
|
6
7
|
function denyNetwork(message = "Parser worker egress denied") {
|
|
7
8
|
const denial = () => {
|
|
@@ -45,7 +46,8 @@ async function probeIsolation() {
|
|
|
45
46
|
}
|
|
46
47
|
const permissionModelEnabled = Boolean(process.permission);
|
|
47
48
|
const fsReadRestricted = permissionModelEnabled
|
|
48
|
-
? !process.permission.has("fs.read", os.tmpdir()) &&
|
|
49
|
+
? !process.permission.has("fs.read", os.tmpdir()) &&
|
|
50
|
+
!process.permission.has("fs.read", os.homedir())
|
|
49
51
|
: false;
|
|
50
52
|
return {
|
|
51
53
|
mode: permissionModelEnabled ? "node_permission_process" : "scrubbed_process",
|
|
@@ -70,18 +72,15 @@ async function getCachedProbe() {
|
|
|
70
72
|
}
|
|
71
73
|
return cachedProbePromise;
|
|
72
74
|
}
|
|
73
|
-
async function loadCoreRuntime(
|
|
75
|
+
async function loadCoreRuntime() {
|
|
74
76
|
if (cachedCoreRuntimePromise) {
|
|
75
77
|
return cachedCoreRuntimePromise;
|
|
76
78
|
}
|
|
77
79
|
cachedCoreRuntimePromise = (async () => {
|
|
78
80
|
if (import.meta.url.endsWith(".ts")) {
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
return import(distEntryUrl.href);
|
|
83
|
-
}
|
|
84
|
-
throw new Error("secure profile parser worker requires a built @safebrowse/core dist runtime");
|
|
81
|
+
const distEntryUrl = new URL("../../core/dist/index.js", import.meta.url);
|
|
82
|
+
if (existsSync(fileURLToPath(distEntryUrl))) {
|
|
83
|
+
return import(distEntryUrl.href);
|
|
85
84
|
}
|
|
86
85
|
const sourceEntryUrl = new URL("../../core/src/index.ts", import.meta.url).href;
|
|
87
86
|
return import(sourceEntryUrl);
|
|
@@ -103,7 +102,7 @@ process.on("message", async (message) => {
|
|
|
103
102
|
workerRuntimeDefaults = payload.runtime;
|
|
104
103
|
workerAllowlistedEgress = payload.allowlistedEgress ?? [];
|
|
105
104
|
workerParserIsolationMode = payload.parserIsolationMode;
|
|
106
|
-
await loadCoreRuntime(
|
|
105
|
+
await loadCoreRuntime();
|
|
107
106
|
sendResponse(message.requestId, {
|
|
108
107
|
ok: true
|
|
109
108
|
});
|
|
@@ -119,12 +118,12 @@ process.on("message", async (message) => {
|
|
|
119
118
|
const parserIsolationMode = payload.parserIsolationMode ??
|
|
120
119
|
workerParserIsolationMode ??
|
|
121
120
|
(await getCachedProbe()).mode;
|
|
122
|
-
|
|
123
|
-
const
|
|
121
|
+
void parserIsolationMode;
|
|
122
|
+
const { compileObservationV6, computeToolManifestHash, computeToolSchemaHash } = await loadCoreRuntime();
|
|
124
123
|
const probe = await getCachedProbe();
|
|
125
124
|
const runtime = payload.runtime ?? workerRuntimeDefaults ?? {};
|
|
126
125
|
const allowlistedEgress = payload.allowlistedEgress ?? workerAllowlistedEgress;
|
|
127
|
-
const result =
|
|
126
|
+
const result = compileObservationV6(payload.capture, runtime, {
|
|
128
127
|
workflowHash: payload.workflowHash,
|
|
129
128
|
parserIsolation: {
|
|
130
129
|
mode: probe.mode,
|
package/dist/parserWorker.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parserWorker.js","sourceRoot":"","sources":["../src/parserWorker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,OAAO,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"parserWorker.js","sourceRoot":"","sources":["../src/parserWorker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,OAAO,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAIzC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAE/C,SAAS,WAAW,CAAC,OAAO,GAAG,6BAA6B;IAC1D,MAAM,MAAM,GAAG,GAAG,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC,CAAC;IAEF,MAAM,IAAI,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACpC,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAChC,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAChC,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACtB,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC;IAClB,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC;IACvB,KAAK,CAAC,GAAG,GAAG,MAAM,CAAC;IACnB,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC;IACrB,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC;IAC9B,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC;IACrB,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC;IACpB,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC;IACrB,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC;IACtB,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC;IAEtB,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE;QACxB,KAAK,EAAE,KAAK,IAAI,EAAE;YAChB,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC;QAC3B,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB;IAC1B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3C,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IACD,WAAW,EAAE,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,cAAc;IAU3B,IAAI,YAAY,GAAG,KAAK,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,UAAU,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,GAAG,IAAI,CAAC;IACtB,CAAC;IAED,MAAM,sBAAsB,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3D,MAAM,gBAAgB,GAAG,sBAAsB;QAC7C,CAAC,CAAC,CAAC,OAAO,CAAC,UAAW,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC;YAChD,CAAC,OAAO,CAAC,UAAW,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC;QACnD,CAAC,CAAC,KAAK,CAAC;IACV,OAAO;QACL,IAAI,EAAE,sBAAsB,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,kBAAkB;QAC7E,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;QACjC,YAAY;QACZ,eAAe,EAAE,IAAI;QACrB,sBAAsB;QACtB,gBAAgB;QAChB,kBAAkB,EAAE,sBAAsB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK;QACtF,mBAAmB,EAAE,sBAAsB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK;KACzF,CAAC;AACJ,CAAC;AAED,mBAAmB,EAAE,CAAC;AAEtB,IAAI,kBAAmF,CAAC;AACxF,IAAI,wBAMS,CAAC;AACd,IAAI,qBAA0D,CAAC;AAC/D,IAAI,uBAAuB,GAAa,EAAE,CAAC;AAC3C,IAAI,yBAAqF,CAAC;AAE1F,KAAK,UAAU,cAAc;IAC3B,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,kBAAkB,GAAG,cAAc,EAAE,CAAC;IACxC,CAAC;IACD,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,eAAe;IAK5B,IAAI,wBAAwB,EAAE,CAAC;QAC7B,OAAO,wBAAwB,CAAC;IAClC,CAAC;IAED,wBAAwB,GAAG,CAAC,KAAK,IAAI,EAAE;QACrC,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,0BAA0B,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1E,IAAI,UAAU,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;gBAC5C,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;YACnC,CAAC;YACD,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,yBAAyB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAChF,OAAO,MAAM,CAAC,cAAc,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACpC,CAAC,CAAC,EAAE,CAAC;IAEL,OAAO,wBAAwB,CAAC;AAClC,CAAC;AA+BD,SAAS,YAAY,CACnB,SAAiB,EACjB,OAgBK;IAEL,OAAO,CAAC,IAAI,EAAE,CAAC;QACb,SAAS;QACT,GAAG,OAAO;KACX,CAAC,CAAC;AACL,CAAC;AAED,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,OAA4B,EAAE,EAAE;IAC3D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAChC,IAAI,OAAO,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YACjC,qBAAqB,GAAG,OAAO,CAAC,OAAO,CAAC;YACxC,uBAAuB,GAAG,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC;YAC1D,yBAAyB,GAAG,OAAO,CAAC,mBAAmB,CAAC;YACxD,MAAM,eAAe,EAAE,CAAC;YACxB,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE;gBAC9B,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC7B,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE;gBAC9B,EAAE,EAAE,IAAI;gBACR,KAAK,EAAE,MAAM,cAAc,EAAE;aAC9B,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,mBAAmB,GACvB,OAAO,CAAC,mBAAmB;YAC3B,yBAAyB;YACzB,CAAC,MAAM,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC;QAChC,KAAK,mBAAmB,CAAC;QAEzB,MAAM,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,GAC5E,MAAM,eAAe,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,MAAM,cAAc,EAAE,CAAC;QACrC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,qBAAqB,IAAI,EAAE,CAAC;QAC/D,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,IAAI,uBAAuB,CAAC;QAC/E,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE;YAC5D,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,eAAe,EAAE;gBACf,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,eAAe,EAAE,KAAK,CAAC,eAAe;gBACtC,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;gBACvC,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;gBACpD,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;gBACxC,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;gBAC5C,mBAAmB,EAAE,KAAK,CAAC,mBAAmB;gBAC9C,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,iBAAiB;aAClB;SACF,CAAC,CAAC;QACH,MAAM,mBAAmB,GACvB,OAAO,CAAC,OAAO,CAAC,WAAW,KAAK,eAAe;YAC7C,CAAC,CAAC;gBACE,YAAY,EAAE,uBAAuB,CAAC;oBACpC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM;oBAC9B,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW;oBACxC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ;oBAClC,eAAe,EAAE,OAAO,CAAC,OAAO,CAAC,eAAe;oBAChD,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW;iBACzC,CAAC;gBACF,UAAU,EAAE,qBAAqB,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC;aACtE;YACH,CAAC,CAAC,SAAS,CAAC;QAEhB,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE;YAC9B,EAAE,EAAE,IAAI;YACR,MAAM,EAAE;gBACN,GAAG,MAAM;gBACT,mBAAmB;aACpB;SACF,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE;YAC9B,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC,CAAC"}
|
package/dist/runtime/config/auditor/{v5_secure_claim_suite.json → v6_secure_claim_suite.json}
RENAMED
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
{
|
|
2
|
-
"suite_id": "safebrowse-
|
|
3
|
-
"claim_profile": "
|
|
2
|
+
"suite_id": "safebrowse-v6-secure-claim-suite",
|
|
3
|
+
"claim_profile": "secure_v6",
|
|
4
4
|
"cases": [
|
|
5
5
|
{
|
|
6
|
-
"id": "
|
|
6
|
+
"id": "V6-01",
|
|
7
7
|
"title": "Hidden anchor on first observation does not mint capability",
|
|
8
8
|
"kind": "hidden_html",
|
|
9
9
|
"html": "<main>Visible docs only.</main><div hidden><a href=\"https://docs.python.org/3/tutorial/\">continuity path</a></div>",
|
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
}
|
|
15
15
|
},
|
|
16
16
|
{
|
|
17
|
-
"id": "
|
|
17
|
+
"id": "V6-02",
|
|
18
18
|
"title": "Visible allowlisted anchor mints one navigate capability",
|
|
19
19
|
"kind": "visible_navigation",
|
|
20
20
|
"html": "<main>Visible docs only.</main><a href=\"https://docs.python.org/3/tutorial/\">Docs</a>",
|
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
}
|
|
26
26
|
},
|
|
27
27
|
{
|
|
28
|
-
"id": "
|
|
28
|
+
"id": "V6-03",
|
|
29
29
|
"title": "Visible navigate capability cannot authorize connector onboarding",
|
|
30
30
|
"kind": "navigate_cannot_issue_connector_approval",
|
|
31
31
|
"html": "<main>Visible docs only.</main><a href=\"https://docs.python.org/3/tutorial/\">Docs</a>",
|
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
}
|
|
36
36
|
},
|
|
37
37
|
{
|
|
38
|
-
"id": "
|
|
38
|
+
"id": "V6-04",
|
|
39
39
|
"title": "Unsigned broker approval is rejected",
|
|
40
40
|
"kind": "unsigned_connector_approval",
|
|
41
41
|
"expected": {
|
|
@@ -43,7 +43,7 @@
|
|
|
43
43
|
}
|
|
44
44
|
},
|
|
45
45
|
{
|
|
46
|
-
"id": "
|
|
46
|
+
"id": "V6-05",
|
|
47
47
|
"title": "Signed connector approval prepares onboarding",
|
|
48
48
|
"kind": "signed_connector_prepare",
|
|
49
49
|
"expected": {
|
|
@@ -51,7 +51,7 @@
|
|
|
51
51
|
}
|
|
52
52
|
},
|
|
53
53
|
{
|
|
54
|
-
"id": "
|
|
54
|
+
"id": "V6-06",
|
|
55
55
|
"title": "Callback mismatch is rejected",
|
|
56
56
|
"kind": "callback_mismatch",
|
|
57
57
|
"expected": {
|
|
@@ -59,7 +59,7 @@
|
|
|
59
59
|
}
|
|
60
60
|
},
|
|
61
61
|
{
|
|
62
|
-
"id": "
|
|
62
|
+
"id": "V6-07",
|
|
63
63
|
"title": "Secure profile disables legacy routes",
|
|
64
64
|
"kind": "legacy_route_disabled",
|
|
65
65
|
"expected": {
|
package/dist/server.d.ts
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
import { type Server } from "node:http";
|
|
2
|
-
import { type KnowledgeBaseContext, type ParserIsolationMode, type PolicyPack } from "@safebrowse/core";
|
|
3
|
-
import type { VerifiedRegistryBundle } from "@safebrowse/core";
|
|
2
|
+
import { type KnowledgeBaseContext, type ModelGuardEnforcementMode, type ParserIsolationMode, type PolicyPack, type VerifiedRegistryBundle } from "@safebrowse/core";
|
|
4
3
|
export interface SafeBrowseDaemonOptions {
|
|
5
4
|
host?: string;
|
|
6
5
|
port?: number;
|
|
@@ -10,10 +9,13 @@ export interface SafeBrowseDaemonOptions {
|
|
|
10
9
|
verifiedRegistry?: VerifiedRegistryBundle;
|
|
11
10
|
parserAllowlistedEgress?: string[];
|
|
12
11
|
parserIsolationMode?: ParserIsolationMode;
|
|
13
|
-
deploymentProfile?: "development" | "
|
|
12
|
+
deploymentProfile?: "development" | "secure_v6";
|
|
14
13
|
approvalBrokerPublicKeyPath?: string;
|
|
15
14
|
approvalBrokerPublicKeyPem?: string;
|
|
16
15
|
approvalBrokerMode?: "signature_verification" | "external_service";
|
|
16
|
+
modelGuardBaseUrl?: string;
|
|
17
|
+
modelGuardTimeoutMs?: number;
|
|
18
|
+
modelGuardEnforcementMode?: ModelGuardEnforcementMode;
|
|
17
19
|
}
|
|
18
20
|
export declare function createSafeBrowseServer(options?: SafeBrowseDaemonOptions): Promise<Server>;
|
|
19
21
|
export declare function startSafeBrowseDaemon(options?: SafeBrowseDaemonOptions): Promise<Server>;
|
package/dist/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAEA,OAAO,EAAsC,KAAK,MAAM,EAAuB,MAAM,WAAW,CAAC;AAIjG,OAAO,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAEA,OAAO,EAAsC,KAAK,MAAM,EAAuB,MAAM,WAAW,CAAC;AAIjG,OAAO,EAyBL,KAAK,oBAAoB,EAKzB,KAAK,yBAAyB,EAC9B,KAAK,mBAAmB,EAExB,KAAK,UAAU,EAYf,KAAK,sBAAsB,EAG5B,MAAM,kBAAkB,CAAC;AAW1B,MAAM,WAAW,uBAAuB;IACtC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;IAC1C,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;IAC1C,iBAAiB,CAAC,EAAE,aAAa,GAAG,WAAW,CAAC;IAChD,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,kBAAkB,CAAC,EAAE,wBAAwB,GAAG,kBAAkB,CAAC;IACnE,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,yBAAyB,CAAC,EAAE,yBAAyB,CAAC;CACvD;AAoeD,wBAAsB,sBAAsB,CAC1C,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,MAAM,CAAC,CAozBjB;AAED,wBAAsB,qBAAqB,CACzC,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,MAAM,CAAC,CAWjB"}
|