@spacebar_ai/moldclaw-core 2026.3.14 → 2026.3.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +108 -3
- package/dist/account-id-plS5L20e.d.ts +1 -0
- package/dist/accounts-BAYVGC2k.js +109 -0
- package/dist/accounts-DrjRgReV.d.ts +103 -0
- package/dist/acp-cli-at_UYEOS.js +2088 -0
- package/dist/acpx-Chy1GQ_k.d.ts +5 -0
- package/dist/actions.runtime-C0F7dMfO.js +114 -0
- package/dist/actions.runtime-caI2LG9o.js +128 -0
- package/dist/agent-media-payload-CkpAqaOh.d.ts +16 -0
- package/dist/agents-B98yPGc5.js +853 -0
- package/dist/agents-BrLr08L3.js +217 -0
- package/dist/allow-from-BIwT4dl7.d.ts +42 -0
- package/dist/allow-list-CHt7yvAf.js +81 -0
- package/dist/allowlist-CxQo2wQc.js +142 -0
- package/dist/allowlist-resolution-B7ib7gye.d.ts +17 -0
- package/dist/api-Co7TNHbL.js +6953 -0
- package/dist/api-cEQ_ql_8.js +112 -0
- package/dist/audit-AnKnnlaZ.js +787 -0
- package/dist/audit-channel.collect.runtime-CAk1DFQ3.js +600 -0
- package/dist/audit-channel.runtime-5phdZp_m.js +116 -0
- package/dist/audit-extra.async-B8ZXFxic.js +813 -0
- package/dist/audit-hdKa3D-u.js +54 -0
- package/dist/audit-membership-runtime-CJV5XvGU.js +157 -0
- package/dist/audit.deep.runtime-DNMcRQrp.js +24 -0
- package/dist/audit.nondeep.runtime-DhNDL6yM.js +831 -0
- package/dist/audit.runtime-Bx7uWEh8.js +113 -0
- package/dist/auth-choice-C37W9MA7.js +268 -0
- package/dist/auth-choice-CNppOY_V.js +117 -0
- package/dist/auth-choice-XYFnp6fI.js +502 -0
- package/dist/auth-choice-options-D6oZY4Xo.js +123 -0
- package/dist/auth-choice-prompt-BhRqchJx.js +110 -0
- package/dist/auth-choice-prompt-C1xv0N08.js +36 -0
- package/dist/auth-choice.plugin-providers.runtime-DhLEtbmR.js +114 -0
- package/dist/auth-profiles-9zZdaXJK.js +127756 -0
- package/dist/auth-profiles.runtime-HONFDgiu.js +111 -0
- package/dist/bluebubbles-BY8JhO4y.js +64 -0
- package/dist/bluebubbles-CQjEnzK_.d.ts +6 -0
- package/dist/bluebubbles-RmcKgkBa.d.ts +45 -0
- package/dist/boolean-param-F1sMwnPu.d.ts +5 -0
- package/dist/bot-BGh-ATV7.d.ts +478 -0
- package/dist/brave-CljenznH.js +24 -0
- package/dist/browser-cli-CX8i0wf0.js +1492 -0
- package/dist/build-info.json +3 -3
- package/dist/bundled/boot-md/handler.d.ts +6 -0
- package/dist/bundled/boot-md/handler.js +26 -26
- package/dist/bundled/bootstrap-extra-files/handler.d.ts +6 -0
- package/dist/bundled/command-logger/handler.d.ts +9 -0
- package/dist/bundled/session-memory/handler.d.ts +9 -0
- package/dist/bundled/session-memory/handler.js +27 -27
- package/dist/call-Bc257L16.js +37 -0
- package/dist/call-DYFR7oGy.js +639 -0
- package/dist/canvas-host/a2ui/.bundle.hash +1 -1
- package/dist/channel-Bd-igGEW.js +803 -0
- package/dist/channel-BgRMb6bZ.js +575 -0
- package/dist/channel-BtcLrU6J.js +1598 -0
- package/dist/channel-Bwf6m_hD.js +538 -0
- package/dist/channel-C7-kgDBd.js +562 -0
- package/dist/channel-CEXOAxIc.js +949 -0
- package/dist/channel-CpZ3p9MJ.js +226 -0
- package/dist/channel-CqBlN6A2.js +619 -0
- package/dist/channel-DKhfHW4U.js +352 -0
- package/dist/channel-DS3t_KdJ2.js +316 -0
- package/dist/channel-DY24FA1v.js +4681 -0
- package/dist/channel-DYFGmImJ.js +542 -0
- package/dist/channel-DcyIqX5p.js +207 -0
- package/dist/channel-J-2XcAli.js +214 -0
- package/dist/channel-N616f4gZ.js +306 -0
- package/dist/channel-NY7aU2Gj.js +397 -0
- package/dist/channel-PNI8BOmm.js +1321 -0
- package/dist/channel-UcXepDJs.js +943 -0
- package/dist/channel-account-context-CL3hEq1j.js +103 -0
- package/dist/channel-config-schema-Q2nzcCCR.d.ts +1 -0
- package/dist/channel-jA_jodJo.js +920 -0
- package/dist/channel-options-CtgU5qkG.js +50 -0
- package/dist/channel-policy-7wXDp6d3.d.ts +1 -0
- package/dist/channel-rGI8uig4.js +497 -0
- package/dist/channel-summary-DGJZXo0r.js +106 -0
- package/dist/channel.runtime--WZvlNJM.js +413 -0
- package/dist/channel.runtime-B0ct42DL.js +122 -0
- package/dist/channel.runtime-BEZUZrYB.js +177 -0
- package/dist/channel.runtime-BMuWmsIC.js +166 -0
- package/dist/channel.runtime-BtvHP0po.js +4006 -0
- package/dist/channel.runtime-Cwf993pX.js +194 -0
- package/dist/channel.runtime-Cy4lEpTX.js +174 -0
- package/dist/channel.runtime-DAz6axda.js +865 -0
- package/dist/channel.runtime-DdQ2mOVh.js +236 -0
- package/dist/channel.runtime-Dy3HPgOU.js +399 -0
- package/dist/channel.runtime-iqfC25k7.js +213 -0
- package/dist/channel.setup-B4VYMZlQ.js +9 -0
- package/dist/channel.setup-BohGbCbI.js +57 -0
- package/dist/channel.setup-Bq2AQqqc.js +6 -0
- package/dist/channel.setup-BxiSfLp1.js +8 -0
- package/dist/channel.setup-DOUS6fjO.js +8 -0
- package/dist/channel.setup-DXhdYU3g.js +9 -0
- package/dist/channel.setup-N51CgfNy.js +11 -0
- package/dist/channels/plugins/actions/discord.d.ts +3 -0
- package/dist/channels/plugins/actions/discord.js +26 -26
- package/dist/channels/plugins/actions/signal.d.ts +2 -0
- package/dist/channels/plugins/actions/signal.js +26 -26
- package/dist/channels/plugins/actions/telegram.d.ts +3 -0
- package/dist/channels/plugins/actions/telegram.js +26 -26
- package/dist/channels/plugins/agent-tools/whatsapp-login.d.ts +4 -0
- package/dist/channels/plugins/agent-tools/whatsapp-login.js +26 -26
- package/dist/channels-CueeFf0q.js +404 -0
- package/dist/channels-PheAd73E.js +1113 -0
- package/dist/channels-cli-CXzVF84v.js +286 -0
- package/dist/channels-status-issues-BjWBQHhU.js +16 -0
- package/dist/chat-type-BlSN0vo4.d.ts +5 -0
- package/dist/clawbot-cli-BBehDXW1.js +113 -0
- package/dist/cli/daemon-cli.d.ts +58 -0
- package/dist/cli/daemon-cli.js +1 -1
- package/dist/cli-CIm7d5Id.js +149 -0
- package/dist/command-format-pq3tS8t2.d.ts +4 -0
- package/dist/command-registry-CDkp__KH.js +13 -0
- package/dist/command-registry-DSEkUBW1.js +212 -0
- package/dist/command-secret-gateway-CqP_o0n8.js +106 -0
- package/dist/compact.runtime-Qm_csEtG.js +111 -0
- package/dist/completion-cli-Ch1sgSLQ.js +445 -0
- package/dist/completion-cli-vF067Tso.js +16 -0
- package/dist/config-B2W1zTP1.js +44 -0
- package/dist/config-CMhKplgO.js +938 -0
- package/dist/config-DchtRsvs.js +30 -0
- package/dist/config-cli-C41d88_c.js +428 -0
- package/dist/config-guard-B_vjkXCQ.js +117 -0
- package/dist/config-schema-pPBCF4hz.js +31 -0
- package/dist/config-validation-6om9cBUx.js +262 -0
- package/dist/config-value-Dl3XEpA6.js +132 -0
- package/dist/configure-BxzvDSzu.js +1100 -0
- package/dist/configure-CLMLoWAn.js +238 -0
- package/dist/control-ui-shared-E8Nz6uKZ.js +29 -0
- package/dist/core-Cd3fMFKq.d.ts +87 -0
- package/dist/credentials-yYt6VWCq.js +268 -0
- package/dist/cron-cli-CA3lV3kh.js +634 -0
- package/dist/daemon-cli-BtQuIXEk.js +339 -0
- package/dist/daemon-install-BWKGzgMm.js +175 -0
- package/dist/deliver-CgMNmfTy.js +106 -0
- package/dist/deliver-runtime-Bn1KWoiQ.js +106 -0
- package/dist/devices-cli-D601npiL.js +340 -0
- package/dist/diagnostic-CkiYEGqt.js +310 -0
- package/dist/diffs-B5tZ8Coj.d.ts +1 -0
- package/dist/directory-cli-skEV8MT7.js +306 -0
- package/dist/directory-config-helpers-B-tiBKIv.d.ts +38 -0
- package/dist/directory-runtime-BEJ2fCIR.d.ts +1 -0
- package/dist/directory.static-CnyzoWbV.js +44 -0
- package/dist/discord-B_gbzPti.js +109 -0
- package/dist/discovery-CqI-e_Mv.js +48 -0
- package/dist/dm-policy-shared-nybkS1uP.d.ts +95 -0
- package/dist/dns-cli-Cjes3Ruw.js +216 -0
- package/dist/docs-cli-C3g3Gi_d.js +173 -0
- package/dist/doctor-completion-TvgV4SZH.js +90 -0
- package/dist/doctor-config-flow-0w9Ux7V8.js +107 -0
- package/dist/doctor-config-flow-DLzr8W7Y.js +2437 -0
- package/dist/enable-VYzv8b2z.js +24 -0
- package/dist/entry.d.ts +7 -0
- package/dist/entry.js +1 -1
- package/dist/env-overrides-DYVIkuvN.js +434 -0
- package/dist/env-overrides.runtime-6kijpIuu.js +17 -0
- package/dist/exec-approvals-cli-D_lkTG-l.js +419 -0
- package/dist/exec-sVmouhA9.d.ts +39 -0
- package/dist/extensions/acpx/index.d.ts +11 -0
- package/dist/extensions/acpx/index.js +1 -1
- package/dist/extensions/amazon-bedrock/index.d.ts +11 -0
- package/dist/extensions/anthropic/index.d.ts +11 -0
- package/dist/extensions/anthropic/index.js +26 -26
- package/dist/extensions/bluebubbles/index.d.ts +11 -0
- package/dist/extensions/bluebubbles/index.js +30 -30
- package/dist/extensions/bluebubbles/setup-entry.d.ts +59 -0
- package/dist/extensions/bluebubbles/setup-entry.js +30 -30
- package/dist/extensions/brave/index.d.ts +11 -0
- package/dist/extensions/brave/index.js +2 -2
- package/dist/extensions/byteplus/index.d.ts +11 -0
- package/dist/extensions/byteplus/index.js +26 -26
- package/dist/extensions/cloudflare-ai-gateway/index.d.ts +11 -0
- package/dist/extensions/cloudflare-ai-gateway/index.js +27 -27
- package/dist/extensions/copilot-proxy/index.d.ts +11 -0
- package/dist/extensions/device-pair/index.d.ts +12 -0
- package/dist/extensions/diagnostics-otel/index.d.ts +11 -0
- package/dist/extensions/diffs/index.d.ts +11 -0
- package/dist/extensions/discord/index.d.ts +11 -0
- package/dist/extensions/discord/index.js +31 -31
- package/dist/extensions/discord/setup-entry.d.ts +7 -0
- package/dist/extensions/discord/setup-entry.js +29 -29
- package/dist/extensions/elevenlabs/index.d.ts +11 -0
- package/dist/extensions/elevenlabs/index.js +26 -26
- package/dist/extensions/feishu/index.d.ts +229 -0
- package/dist/extensions/feishu/index.js +31 -31
- package/dist/extensions/feishu/setup-entry.d.ts +9 -0
- package/dist/extensions/feishu/setup-entry.js +28 -28
- package/dist/extensions/firecrawl/index.d.ts +11 -0
- package/dist/extensions/firecrawl/index.js +26 -26
- package/dist/extensions/github-copilot/index.d.ts +11 -0
- package/dist/extensions/github-copilot/index.js +27 -27
- package/dist/extensions/google/index.d.ts +11 -0
- package/dist/extensions/google/index.js +26 -26
- package/dist/extensions/googlechat/index.d.ts +11 -0
- package/dist/extensions/googlechat/index.js +30 -30
- package/dist/extensions/googlechat/setup-entry.d.ts +19 -0
- package/dist/extensions/googlechat/setup-entry.js +30 -30
- package/dist/extensions/huggingface/index.d.ts +11 -0
- package/dist/extensions/huggingface/index.js +26 -26
- package/dist/extensions/imessage/index.d.ts +11 -0
- package/dist/extensions/imessage/index.js +30 -30
- package/dist/extensions/imessage/setup-entry.d.ts +7 -0
- package/dist/extensions/imessage/setup-entry.js +30 -30
- package/dist/extensions/irc/index.d.ts +11 -0
- package/dist/extensions/irc/index.js +29 -29
- package/dist/extensions/irc/setup-entry.d.ts +8 -0
- package/dist/extensions/irc/setup-entry.js +29 -29
- package/dist/extensions/kakao-talkchannel/index.d.ts +19 -0
- package/dist/extensions/kakao-talkchannel/index.js +1762 -0
- package/dist/extensions/kakao-talkchannel/moldclaw.plugin.json +111 -0
- package/dist/extensions/kakao-talkchannel/package.json +12 -0
- package/dist/extensions/kilocode/index.d.ts +11 -0
- package/dist/extensions/kilocode/index.js +26 -26
- package/dist/extensions/kimi-coding/index.d.ts +11 -0
- package/dist/extensions/kimi-coding/index.js +26 -26
- package/dist/extensions/line/index.d.ts +11 -0
- package/dist/extensions/line/index.js +28 -28
- package/dist/extensions/line/setup-entry.d.ts +7 -0
- package/dist/extensions/line/setup-entry.js +28 -28
- package/dist/extensions/llm-task/index.d.ts +11 -0
- package/dist/extensions/llm-task/index.js +28 -28
- package/dist/extensions/lobster/index.d.ts +11 -0
- package/dist/extensions/matrix/index.d.ts +11 -0
- package/dist/extensions/matrix/index.js +31 -31
- package/dist/extensions/matrix/setup-entry.d.ts +20 -0
- package/dist/extensions/matrix/setup-entry.js +31 -31
- package/dist/extensions/mattermost/index.d.ts +11 -0
- package/dist/extensions/mattermost/index.js +28 -28
- package/dist/extensions/mattermost/setup-entry.d.ts +88 -0
- package/dist/extensions/mattermost/setup-entry.js +28 -28
- package/dist/extensions/memory-core/index.d.ts +11 -0
- package/dist/extensions/memory-lancedb/index.d.ts +25 -0
- package/dist/extensions/microsoft/index.d.ts +11 -0
- package/dist/extensions/microsoft/index.js +26 -26
- package/dist/extensions/minimax/index.d.ts +11 -0
- package/dist/extensions/minimax/index.js +26 -26
- package/dist/extensions/mistral/index.d.ts +11 -0
- package/dist/extensions/mistral/index.js +26 -26
- package/dist/extensions/modelstudio/index.d.ts +11 -0
- package/dist/extensions/modelstudio/index.js +26 -26
- package/dist/extensions/moonshot/index.d.ts +11 -0
- package/dist/extensions/moonshot/index.js +26 -26
- package/dist/extensions/msteams/index.d.ts +11 -0
- package/dist/extensions/msteams/index.js +31 -31
- package/dist/extensions/msteams/setup-entry.d.ts +11 -0
- package/dist/extensions/msteams/setup-entry.js +31 -31
- package/dist/extensions/nextcloud-talk/index.d.ts +11 -0
- package/dist/extensions/nextcloud-talk/index.js +28 -28
- package/dist/extensions/nextcloud-talk/setup-entry.d.ts +60 -0
- package/dist/extensions/nextcloud-talk/setup-entry.js +28 -28
- package/dist/extensions/nostr/index.d.ts +11 -0
- package/dist/extensions/nostr/index.js +28 -28
- package/dist/extensions/nostr/setup-entry.d.ts +49 -0
- package/dist/extensions/nostr/setup-entry.js +28 -28
- package/dist/extensions/nvidia/index.d.ts +11 -0
- package/dist/extensions/ollama/index.d.ts +11 -0
- package/dist/extensions/open-prose/index.d.ts +11 -0
- package/dist/extensions/openai/index.d.ts +11 -0
- package/dist/extensions/openai/index.js +26 -26
- package/dist/extensions/opencode/index.d.ts +11 -0
- package/dist/extensions/opencode/index.js +26 -26
- package/dist/extensions/opencode-go/index.d.ts +11 -0
- package/dist/extensions/opencode-go/index.js +26 -26
- package/dist/extensions/openrouter/index.d.ts +11 -0
- package/dist/extensions/openrouter/index.js +26 -26
- package/dist/extensions/openshell/index.d.ts +11 -0
- package/dist/extensions/openshell/index.js +26 -26
- package/dist/extensions/perplexity/index.d.ts +11 -0
- package/dist/extensions/perplexity/index.js +2 -2
- package/dist/extensions/phone-control/index.d.ts +12 -0
- package/dist/extensions/qianfan/index.d.ts +11 -0
- package/dist/extensions/qianfan/index.js +26 -26
- package/dist/extensions/qwen-portal-auth/index.d.ts +12 -0
- package/dist/extensions/qwen-portal-auth/index.js +26 -26
- package/dist/extensions/sglang/index.d.ts +11 -0
- package/dist/extensions/sglang/index.js +26 -26
- package/dist/extensions/signal/index.d.ts +11 -0
- package/dist/extensions/signal/index.js +29 -29
- package/dist/extensions/signal/setup-entry.d.ts +7 -0
- package/dist/extensions/signal/setup-entry.js +29 -29
- package/dist/extensions/slack/index.d.ts +11 -0
- package/dist/extensions/slack/index.js +30 -30
- package/dist/extensions/slack/setup-entry.d.ts +7 -0
- package/dist/extensions/slack/setup-entry.js +29 -29
- package/dist/extensions/synology-chat/index.d.ts +11 -0
- package/dist/extensions/synology-chat/index.js +28 -28
- package/dist/extensions/synology-chat/setup-entry.d.ts +138 -0
- package/dist/extensions/synology-chat/setup-entry.js +28 -28
- package/dist/extensions/synthetic/index.d.ts +11 -0
- package/dist/extensions/synthetic/index.js +26 -26
- package/dist/extensions/talk-voice/index.d.ts +12 -0
- package/dist/extensions/talk-voice/index.js +26 -26
- package/dist/extensions/telegram/index.d.ts +11 -0
- package/dist/extensions/telegram/index.js +29 -29
- package/dist/extensions/telegram/setup-entry.d.ts +7 -0
- package/dist/extensions/telegram/setup-entry.js +28 -28
- package/dist/extensions/thread-ownership/index.d.ts +12 -0
- package/dist/extensions/tlon/index.d.ts +11 -0
- package/dist/extensions/tlon/index.js +28 -28
- package/dist/extensions/tlon/setup-entry.d.ts +7 -0
- package/dist/extensions/tlon/setup-entry.js +28 -28
- package/dist/extensions/together/index.d.ts +11 -0
- package/dist/extensions/together/index.js +26 -26
- package/dist/extensions/twitch/index.d.ts +39 -0
- package/dist/extensions/twitch/index.js +28 -28
- package/dist/extensions/venice/index.d.ts +11 -0
- package/dist/extensions/venice/index.js +26 -26
- package/dist/extensions/vercel-ai-gateway/index.d.ts +11 -0
- package/dist/extensions/vercel-ai-gateway/index.js +26 -26
- package/dist/extensions/vllm/index.d.ts +11 -0
- package/dist/extensions/vllm/index.js +26 -26
- package/dist/extensions/voice-call/index.d.ts +11 -0
- package/dist/extensions/voice-call/index.js +26 -26
- package/dist/extensions/volcengine/index.d.ts +11 -0
- package/dist/extensions/volcengine/index.js +26 -26
- package/dist/extensions/whatsapp/index.d.ts +11 -0
- package/dist/extensions/whatsapp/index.js +29 -29
- package/dist/extensions/whatsapp/setup-entry.d.ts +7 -0
- package/dist/extensions/whatsapp/setup-entry.js +29 -29
- package/dist/extensions/xai/index.d.ts +11 -0
- package/dist/extensions/xai/index.js +26 -26
- package/dist/extensions/xiaomi/index.d.ts +11 -0
- package/dist/extensions/xiaomi/index.js +26 -26
- package/dist/extensions/zai/index.d.ts +11 -0
- package/dist/extensions/zai/index.js +26 -26
- package/dist/extensions/zalo/index.d.ts +11 -0
- package/dist/extensions/zalo/index.js +30 -30
- package/dist/extensions/zalo/setup-entry.d.ts +34 -0
- package/dist/extensions/zalo/setup-entry.js +30 -30
- package/dist/extensions/zalouser/index.d.ts +11 -0
- package/dist/extensions/zalouser/index.js +31 -31
- package/dist/extensions/zalouser/setup-entry.d.ts +42 -0
- package/dist/extensions/zalouser/setup-entry.js +31 -31
- package/dist/feishu-DCKEC3ao.d.ts +36 -0
- package/dist/gateway-cli-DN1Ii6J-.js +26432 -0
- package/dist/gateway-install-token-CJYFJBaC.js +163 -0
- package/dist/gateway-rpc-CroQg9MB.js +26 -0
- package/dist/gateway-runtime-D9FRZqKP.js +69 -0
- package/dist/googlechat-CBCkerAy.js +307 -0
- package/dist/googlechat-CSUNieHX.d.ts +12 -0
- package/dist/group-access-rSvkIglb.d.ts +61 -0
- package/dist/health-B6WwLJp4.js +570 -0
- package/dist/health-CAlJydXv.js +108 -0
- package/dist/history-BwNxb0sJ.d.ts +75 -0
- package/dist/hooks-BYlfU3Nf.d.ts +6 -0
- package/dist/hooks-cli-DuKmdo_H.js +995 -0
- package/dist/http-registry-DX_LVtuK.d.ts +20 -0
- package/dist/image-generation-DKkdRpve.d.ts +9 -0
- package/dist/imessage-7abjbe2Q.js +31 -0
- package/dist/imessage-DOH1yaDE.js +110 -0
- package/dist/inbound-envelope-CmvweL6U.d.ts +78 -0
- package/dist/inbound-reply-dispatch-BvnKTOec.js +71 -0
- package/dist/inbound-reply-dispatch-C7LjHRZN.d.ts +72 -0
- package/dist/index-DTQqfqj9.d.ts +1 -0
- package/dist/index.d.ts +27 -0
- package/dist/index.js +2 -2
- package/dist/infra/warning-filter.d.ts +10 -0
- package/dist/install-target-tXRD7VkM.js +574 -0
- package/dist/installs-C8fz8sm3.js +532 -0
- package/dist/io-C6XifaT4.js +9737 -0
- package/dist/io-C8awRnSW.js +28 -0
- package/dist/ipv4-d88_Jn2p.js +82 -0
- package/dist/irc-DpR6FXjN.js +672 -0
- package/dist/json-store-Sr_kk-II.d.ts +14 -0
- package/dist/keyed-async-queue-BA3BKukE.d.ts +19 -0
- package/dist/library-DOwowAGN.js +107 -0
- package/dist/lifecycle-core-BHHBoRTY.js +382 -0
- package/dist/line/accounts.d.ts +3 -0
- package/dist/line/send.d.ts +2 -0
- package/dist/line/send.js +4 -4
- package/dist/line/template-messages.d.ts +2 -0
- package/dist/line-8rsNbJCP.js +530 -0
- package/dist/line-D_cvIf6B.d.ts +75 -0
- package/dist/links-BOnvOj1z.d.ts +7 -0
- package/dist/llm-slug-generator-D9HjWtJT.js +67 -0
- package/dist/llm-slug-generator.d.ts +12 -0
- package/dist/llm-slug-generator.js +27 -27
- package/dist/logging-BhqLWxTD.js +13 -0
- package/dist/logging-DfaiL4OX.js +29 -0
- package/dist/login-qr-COBYR52w.js +233 -0
- package/dist/login-qr-xK4QIpPc.js +107 -0
- package/dist/logs-cli-RSSTw8L_.js +254 -0
- package/dist/manager-runtime-DL6JoSj9.js +106 -0
- package/dist/manager.runtime-Cbyhg1vB.js +710 -0
- package/dist/markdown-to-line-BTlEkOls.d.ts +91 -0
- package/dist/matrix-DX-jaB88.js +1490 -0
- package/dist/matrix-H6Yyj1QZ.d.ts +68 -0
- package/dist/matrix-J8s45tRw.js +1269 -0
- package/dist/mattermost-D75n6bRI.d.ts +6 -0
- package/dist/mcp-cli-CLc3_yCO.js +86 -0
- package/dist/media-understanding.runtime-BI0Lljbl.js +111 -0
- package/dist/memory-cli-CTp2cYrf.js +106 -0
- package/dist/method-scopes-Du8ODGFW.js +2586 -0
- package/dist/model-auth-markers-DEDakSUW.d.ts +20 -0
- package/dist/model-picker-CDBs7LJF.js +390 -0
- package/dist/model-picker-CRix4Wwv.js +107 -0
- package/dist/model-picker.runtime-CITyy3Rn.js +120 -0
- package/dist/model-suppression.runtime-Ce7D6QUT.js +111 -0
- package/dist/models-BK1eanuP.js +113 -0
- package/dist/models-X4Czy3uE.js +2514 -0
- package/dist/models-cli-C79Ulviy.js +304 -0
- package/dist/models-config-DALlu3S9.js +106 -0
- package/dist/models-config.providers.discovery-CSJ1STM1.d.ts +18 -0
- package/dist/monitor-B45a_RpX.js +3468 -0
- package/dist/monitor-C8KbJ-i0.js +767 -0
- package/dist/monitor-CIhrvegZ.js +3076 -0
- package/dist/monitor-CQut7klP.js +6823 -0
- package/dist/monitor-DZb5IJle.js +777 -0
- package/dist/monitor-DaFkdD27.js +108 -0
- package/dist/monitor-Do9Tp2Ii.js +110 -0
- package/dist/monitor-shared-CMK9cDOb.js +444 -0
- package/dist/msteams-A6H_wv5F.js +852 -0
- package/dist/net-DpMJgN-o.d.ts +19 -0
- package/dist/nextcloud-talk-f1pZ5Bge.d.ts +1 -0
- package/dist/node-cli-BXnmsjzL.js +2498 -0
- package/dist/node-resolve-CupmrA0Y.js +835 -0
- package/dist/nodes-cli-DZVrah_8.js +1375 -0
- package/dist/nostr-DMV534Ks.d.ts +7 -0
- package/dist/nostr-SAk3tjtR.js +8744 -0
- package/dist/npm-resolution-Dr9wssCY.js +60 -0
- package/dist/oauth-utils-DnyXdWU9.d.ts +10 -0
- package/dist/onboard-BE5pmb1g.js +589 -0
- package/dist/onboard-channels-3hNVY0E7.js +1241 -0
- package/dist/onboard-channels-vaO3nWLL.js +200 -0
- package/dist/onboard-custom-CI5uFyWH.js +571 -0
- package/dist/onboard-custom-eIvRswgv.js +109 -0
- package/dist/onboard-helpers-ChMWfUnl.js +335 -0
- package/dist/onboard-helpers-DRFi9oaD.js +108 -0
- package/dist/onboard-remote-BTspTgA4.js +112 -0
- package/dist/onboard-remote-so38yXlX.js +181 -0
- package/dist/onboard-search-DS0tZS24.js +297 -0
- package/dist/onboard-skills-B9DxCCiU.js +133 -0
- package/dist/onboard-skills-so0a_BJV.js +112 -0
- package/dist/outbound-media-BiJscGlR.js +11 -0
- package/dist/outbound-media-DJF-TuJu.d.ts +11 -0
- package/dist/pairing-access-CuiJP9xN.d.ts +21 -0
- package/dist/pairing-cli-DN0u1Cez.js +212 -0
- package/dist/parse-finite-number-B3FJTjyQ.d.ts +5 -0
- package/dist/perplexity-Bw1u3CAF.js +24 -0
- package/dist/persistent-dedupe-DR5Ka6BX.d.ts +26 -0
- package/dist/pi-model-discovery-runtime-iwKNCaYu.js +106 -0
- package/dist/pi-tools.before-tool-call.runtime-BM_N-JZe.js +380 -0
- package/dist/plugin-install--KVul05Z.js +184 -0
- package/dist/plugin-install-DVpPsLkS.js +112 -0
- package/dist/plugin-install-plan-Dwc6-coz.js +49 -0
- package/dist/plugin-registry-XRswugE9.js +108 -0
- package/dist/plugin-registry-jozQafRo.js +49 -0
- package/dist/plugin-sdk/account-resolution.js +26 -26
- package/dist/plugin-sdk/acp-runtime.js +26 -26
- package/dist/plugin-sdk/acpx.js +1 -1
- package/dist/plugin-sdk/agent-runtime.js +26 -26
- package/dist/plugin-sdk/bluebubbles.js +29 -29
- package/dist/plugin-sdk/channel-config-helpers.js +26 -26
- package/dist/plugin-sdk/channel-config-schema.js +2 -2
- package/dist/plugin-sdk/channel-policy.js +26 -26
- package/dist/plugin-sdk/channel-runtime.js +26 -26
- package/dist/plugin-sdk/compat.js +27 -27
- package/dist/plugin-sdk/config-runtime.js +28 -28
- package/dist/plugin-sdk/conversation-runtime.js +26 -26
- package/dist/plugin-sdk/discord.js +26 -26
- package/dist/plugin-sdk/feishu.js +27 -27
- package/dist/plugin-sdk/gateway-runtime.js +8 -8
- package/dist/plugin-sdk/googlechat.js +29 -29
- package/dist/plugin-sdk/image-generation-runtime.js +26 -26
- package/dist/plugin-sdk/image-generation.js +26 -26
- package/dist/plugin-sdk/imessage.js +27 -27
- package/dist/plugin-sdk/index.js +26 -26
- package/dist/plugin-sdk/infra-runtime.js +26 -26
- package/dist/plugin-sdk/irc.js +29 -29
- package/dist/plugin-sdk/line.js +27 -27
- package/dist/plugin-sdk/llm-task.js +26 -26
- package/dist/plugin-sdk/matrix.js +29 -29
- package/dist/plugin-sdk/mattermost.js +28 -28
- package/dist/plugin-sdk/media-runtime.js +26 -26
- package/dist/plugin-sdk/media-understanding-runtime.js +26 -26
- package/dist/plugin-sdk/media-understanding.js +26 -26
- package/dist/plugin-sdk/msteams.js +30 -30
- package/dist/plugin-sdk/nextcloud-talk.js +28 -28
- package/dist/plugin-sdk/nostr.js +27 -27
- package/dist/plugin-sdk/plugin-runtime.js +26 -26
- package/dist/plugin-sdk/provider-auth.js +28 -28
- package/dist/plugin-sdk/provider-setup.js +27 -27
- package/dist/plugin-sdk/provider-web-search.js +1 -1
- package/dist/plugin-sdk/qwen-portal-auth.js +26 -26
- package/dist/plugin-sdk/reply-history.js +26 -26
- package/dist/plugin-sdk/reply-runtime.js +26 -26
- package/dist/plugin-sdk/sandbox.js +26 -26
- package/dist/plugin-sdk/security-runtime.js +26 -26
- package/dist/plugin-sdk/self-hosted-provider-setup.js +27 -27
- package/dist/plugin-sdk/setup.js +27 -27
- package/dist/plugin-sdk/signal.js +26 -26
- package/dist/plugin-sdk/slack.js +26 -26
- package/dist/plugin-sdk/speech-runtime.js +26 -26
- package/dist/plugin-sdk/speech.js +26 -26
- package/dist/plugin-sdk/src/channels/plugins/setup-wizard-helpers.d.ts +3 -0
- package/dist/plugin-sdk/src/config/config-lock.d.ts +38 -0
- package/dist/plugin-sdk/src/config/config.d.ts +1 -1
- package/dist/plugin-sdk/src/config/io.d.ts +39 -0
- package/dist/plugin-sdk/src/config/types.gateway.d.ts +12 -0
- package/dist/plugin-sdk/src/config/types.secrets.d.ts +10 -0
- package/dist/plugin-sdk/src/config/zod-schema.d.ts +2 -0
- package/dist/plugin-sdk/src/gateway/credential-planner.d.ts +3 -1
- package/dist/plugin-sdk/src/secrets/provider-env-vars.d.ts +61 -0
- package/dist/plugin-sdk/src/secrets/sec1-placeholder.d.ts +181 -0
- package/dist/plugin-sdk/src/secrets/sec1-utils.d.ts +57 -0
- package/dist/plugin-sdk/synology-chat.js +27 -27
- package/dist/plugin-sdk/telegram.js +26 -26
- package/dist/plugin-sdk/text-runtime.js +4 -4
- package/dist/plugin-sdk/tlon.js +27 -27
- package/dist/plugin-sdk/twitch.js +26 -26
- package/dist/plugin-sdk/voice-call.js +26 -26
- package/dist/plugin-sdk/whatsapp.js +26 -26
- package/dist/plugin-sdk/zalo.js +30 -30
- package/dist/plugin-sdk/zalouser.js +29 -29
- package/dist/plugins/runtime/index.d.ts +22 -0
- package/dist/plugins/runtime/index.js +26 -26
- package/dist/plugins-C4PiDdjc.js +106 -0
- package/dist/plugins-cli-zhmliYNU.js +912 -0
- package/dist/policy-CcSolumc.js +143 -0
- package/dist/preflight-audio.runtime-BAbfqqzW.js +111 -0
- package/dist/probe-Bgt5c-cr.js +129 -0
- package/dist/probe-CPk5iGcg.js +47 -0
- package/dist/probe-DR4KRKXz.js +19 -0
- package/dist/probe-DnoCyJ_m.js +1793 -0
- package/dist/probe-VsLtK3vQ.js +6328 -0
- package/dist/probe-auth-BnsKrQt7.js +38 -0
- package/dist/probe-auth-DYdUG8l1.js +48 -0
- package/dist/program-8enYYBsc.js +247 -0
- package/dist/prompt-select-styled-DxBcUasv.js +2673 -0
- package/dist/provider-api-key-auth.runtime-DsLZyt6h.js +116 -0
- package/dist/provider-auth-choice-30EvRxqc.js +126 -0
- package/dist/provider-auth-choice-preference-DMr1WmRg.js +189 -0
- package/dist/provider-auth-choice.runtime-CI98BgQF.js +118 -0
- package/dist/provider-auth-guidance-WKDIi_wk.js +34 -0
- package/dist/provider-auth-result-Cs8wguSI.d.ts +18 -0
- package/dist/provider-models-EOys_Nvi.d.ts +867 -0
- package/dist/provider-ollama-setup-D89zlm9C.d.ts +32 -0
- package/dist/provider-onboard-BzOpgCLu.d.ts +40 -0
- package/dist/provider-runtime.runtime-Cm4as2KG.js +106 -0
- package/dist/provider-self-hosted-setup-Bmv_AQmw.d.ts +61 -0
- package/dist/provider-self-hosted-setup-CJwFVVB4.js +182 -0
- package/dist/provider-usage-CVNyLLDb.js +106 -0
- package/dist/provider-usage.types-CdTymHNu.d.ts +16 -0
- package/dist/provider-web-search-BJhXD5dH.js +2392 -0
- package/dist/provider-wizard-DMMYXjlW.js +152 -0
- package/dist/push-apns-BnWTdTEk.js +1038 -0
- package/dist/pw-ai-CtK_7Cy2.js +1866 -0
- package/dist/qr-cli-CA-BF0--.js +108 -0
- package/dist/qr-cli-D18HiUkh.js +369 -0
- package/dist/reactions-Df7XG8Uh.js +281 -0
- package/dist/read-only-account-inspect.discord.runtime-B-FP0mwb.js +111 -0
- package/dist/read-only-account-inspect.slack.runtime-DkWZ2ccW.js +111 -0
- package/dist/read-only-account-inspect.telegram.runtime-BnlTkn_e.js +111 -0
- package/dist/redact-snapshot-DVdstBvO.js +2661 -0
- package/dist/ref-contract-RPkB754Q.js +53 -0
- package/dist/register.agent-DVAxXQKW.js +434 -0
- package/dist/register.backup-CUuL5KUZ.js +624 -0
- package/dist/register.configure-bC0UEwfU.js +247 -0
- package/dist/register.maintenance-iIqvl_eT.js +569 -0
- package/dist/register.message-CEDd4z07.js +704 -0
- package/dist/register.onboard-Cejfnysy.js +187 -0
- package/dist/register.setup-DU7uHdYt.js +207 -0
- package/dist/register.status-health-sessions-BWphMXNR.js +493 -0
- package/dist/register.subclis-DnIweTEG.js +315 -0
- package/dist/register.subclis-gJX_Pbub.js +12 -0
- package/dist/registry-Dgwc-7eS.js +1183 -0
- package/dist/replies-D9PEZ8yn.js +110 -0
- package/dist/reply-history-lHgoC4l3.d.ts +1 -0
- package/dist/reply-payload-Bd2HuR4g.d.ts +46 -0
- package/dist/request-url-BcSJaiiu.d.ts +5 -0
- package/dist/resolve-BbsCHGLY.js +660 -0
- package/dist/resolve-channels-BtrGC95o.js +262 -0
- package/dist/resolve-channels-C1SthO1N.js +226 -0
- package/dist/resolve-users-CgSxHrU0.js +143 -0
- package/dist/routes-BZtqNrBf.js +7097 -0
- package/dist/rpc-D3KMxG4J.js +67 -0
- package/dist/run-command-C8b3dCZV.d.ts +16 -0
- package/dist/run-main-BlWJVotF.js +423 -0
- package/dist/runtime-RWGbO5Qy.d.ts +26 -0
- package/dist/runtime-discord-ops.runtime-DUXIYvQr.js +9073 -0
- package/dist/runtime-slack-ops.runtime-n1yFfyp1.js +4551 -0
- package/dist/runtime-telegram-ops.runtime-PZUWchjT.js +128 -0
- package/dist/runtime-whatsapp-login.runtime-xsuNyvGz.js +109 -0
- package/dist/runtime-whatsapp-outbound.runtime-5EfEyCsO.js +112 -0
- package/dist/sandbox-cli-Dw1nWNmQ.js +530 -0
- package/dist/search-manager-BJoRxOaf.js +15 -0
- package/dist/search-manager-DxkQvUrW.js +386 -0
- package/dist/secret-input-schema-Cp_La9qv.d.ts +19 -0
- package/dist/secrets-cli-BPyV2gSq.js +2065 -0
- package/dist/security-cli-EK4sSRfG.js +570 -0
- package/dist/send-B01Gvh9m.js +629 -0
- package/dist/send-B4L4wRJO.js +100 -0
- package/dist/send-BDcGrXt0.js +1025 -0
- package/dist/send-BRRtHxyR.js +283 -0
- package/dist/send-DU6dmMXW.js +631 -0
- package/dist/server-CWw5GFEg.js +106 -0
- package/dist/server-node-events-92cDVswC.js +501 -0
- package/dist/session-key-DbkfhOjM.d.ts +46 -0
- package/dist/sessions-B052uHA3.js +218 -0
- package/dist/sessions-Cef4dZNP.js +107 -0
- package/dist/setup-BlQPyDPy.js +387 -0
- package/dist/setup-DcSZ_pTn.d.ts +37 -0
- package/dist/setup-core-B9mdZYnU.js +166 -0
- package/dist/setup-core-Cj0sLkpP.js +47 -0
- package/dist/setup-core-CkZbebOv.js +143 -0
- package/dist/setup-core-MRNjnrJl.js +205 -0
- package/dist/setup-surface-3ZY0JtWE.js +490 -0
- package/dist/setup-wizard-helpers-Dwzb9Dcz.d.ts +203 -0
- package/dist/setup.finalize-B5ETm3Ui.js +517 -0
- package/dist/setup.gateway-config-C8hdtlbw.js +338 -0
- package/dist/setup.secret-input-BZSIeiqy.js +25 -0
- package/dist/shared--9_eQ_lc.js +75 -0
- package/dist/shared-CxkH3H0U.js +102 -0
- package/dist/shared-DTNL0hA9.js +298 -0
- package/dist/shared-HSP1OV-Q.js +96 -0
- package/dist/shared-UIjWb_3B.js +182 -0
- package/dist/signal-CTI6bSmB.js +109 -0
- package/dist/skills-4-r1mfJM.js +853 -0
- package/dist/skills-RNm54CBO.js +19 -0
- package/dist/skills-cli-te7dSs5p.js +291 -0
- package/dist/skills-install-Del-Ogv8.js +763 -0
- package/dist/skills-status-BZpoMXrR.js +169 -0
- package/dist/skills-status-Dq61Sz8U.js +20 -0
- package/dist/slack-oc-viUtl.js +109 -0
- package/dist/slash-commands.runtime-NdkD2LZV.js +123 -0
- package/dist/slash-dispatch.runtime-DQgeaF3J.js +136 -0
- package/dist/slash-skill-commands.runtime-DmOl2DnL.js +111 -0
- package/dist/src-0wtt7seR.js +1696 -0
- package/dist/status-5oR_gqv_.js +121 -0
- package/dist/status-BO8LY0hC.js +1599 -0
- package/dist/status-D_oHA9yO.js +126 -0
- package/dist/status-IrMacJRj.js +606 -0
- package/dist/status-Prdeg53E.js +43 -0
- package/dist/status-json-Da0hR-1Z.js +286 -0
- package/dist/status.link-channel-BgUJEZAz.js +138 -0
- package/dist/status.scan.deps.runtime-D9vHTxOW.js +121 -0
- package/dist/status.scan.runtime-D-EdD5CW.js +114 -0
- package/dist/status.summary--i6xduWH.js +592 -0
- package/dist/status.summary.runtime-BqMXjaBc.js +113 -0
- package/dist/subagent-orphan-recovery-DiRJcFQc.js +302 -0
- package/dist/subagent-registry-runtime-B66EYEYm.js +106 -0
- package/dist/synology-chat-BemXqdzG.js +297 -0
- package/dist/system-cli-CSuiia4-.js +92 -0
- package/dist/telegram/audit.d.ts +2 -0
- package/dist/telegram/audit.js +1 -1
- package/dist/telegram/token.d.ts +2 -0
- package/dist/telegram/token.js +26 -26
- package/dist/telegram-DLFcRv5a.js +109 -0
- package/dist/testing-DZrulv-n.d.ts +1755 -0
- package/dist/text-chunking-BaYBIUoR.d.ts +79 -0
- package/dist/text-chunking-C8kmbNfa.js +84 -0
- package/dist/thinking-D8aqmr3o.d.ts +13 -0
- package/dist/tlon-Bpr4f3yF.js +433 -0
- package/dist/tool-send-BHKm5ztm.d.ts +9 -0
- package/dist/tui-BY3QRgC1.js +3834 -0
- package/dist/tui-cli-CCfZOlV0.js +132 -0
- package/dist/types-CKx5nDZB.d.ts +45 -0
- package/dist/types-DBhDdMQd.d.ts +22670 -0
- package/dist/types.base-B_TkkSS8.d.ts +188 -0
- package/dist/types.secrets-Bojc4omL.js +92 -0
- package/dist/ui-1UpZZyI3.js +31 -0
- package/dist/update-BR4JvFpV.js +1036 -0
- package/dist/update-cli-BZv44lFq.js +1498 -0
- package/dist/update-offset-store-DGdBotIW.js +107 -0
- package/dist/update-runner-D34sooPe.js +1496 -0
- package/dist/vllm-defaults-BCGSJ7K0.d.ts +13 -0
- package/dist/wait-BU9vJv22.d.ts +4 -0
- package/dist/web-CXpU2D41.js +107 -0
- package/dist/web-shared-B4sL45ah.d.ts +45 -0
- package/dist/webhook-memory-guards-B7oLVseG.d.ts +43 -0
- package/dist/webhook-request-guards-CqIH7equ.d.ts +76 -0
- package/dist/webhook-targets-CAAGATtk.js +181 -0
- package/dist/webhook-targets-oQ0jd4r0.d.ts +106 -0
- package/dist/webhooks-cli-B46t2VT5.js +349 -0
- package/dist/whatsapp-Dniwd4Rv.js +109 -0
- package/dist/whatsapp-actions-fL46PsNs.js +162 -0
- package/dist/windows-spawn-DGeE98SH.d.ts +43 -0
- package/dist/workspace-dirs-d3Ms_ryk.js +2002 -0
- package/dist/zalo-Csulx0XK.d.ts +9 -0
- package/dist/zalo-gh0yAWmS.js +415 -0
- package/dist/zalouser-CuxRvztM.js +30911 -0
- package/dist/zod-schema.agent-runtime-B4MkB-_3.d.ts +10 -0
- package/dist/zod-schema.core-D5reNip6.js +541 -0
- package/dist/zod-schema.core-DN3RhEUG.d.ts +173 -0
- package/docs/SEC1.md +523 -0
- package/docs/SEC1_IMPLEMENTATION/CHANNELS_REPORT.md +173 -0
- package/docs/SEC1_IMPLEMENTATION/CORE_UTIL_REPORT.md +139 -0
- package/docs/SEC1_IMPLEMENTATION/DOCS_REPORT.md +134 -0
- package/docs/SEC1_IMPLEMENTATION/ENV_MAP_DRAFT.md +148 -0
- package/docs/SEC1_IMPLEMENTATION/INTEGRATION_REPORT.md +170 -0
- package/docs/SEC1_IMPLEMENTATION/PROVIDERS_REPORT.md +291 -0
- package/docs/SEC1_IMPLEMENTATION/QA_REPORT.md +249 -0
- package/docs/SEC1_IMPLEMENTATION/RECURSIVE_QA/wave1-channels.md +317 -0
- package/docs/SEC1_IMPLEMENTATION/RECURSIVE_QA/wave1-docs.md +212 -0
- package/docs/SEC1_IMPLEMENTATION/RECURSIVE_QA/wave1-security.md +368 -0
- package/docs/SEC1_IMPLEMENTATION/RECURSIVE_QA/wave2-critic-consolidated.md +195 -0
- package/docs/SEC1_IMPLEMENTATION/RECURSIVE_QA/wave3-fix-report.md +105 -0
- package/docs/SEC1_IMPLEMENTATION/STRATEGY.md +451 -0
- package/docs/SEC1_IMPLEMENTATION/TEST_REPORT.md +156 -0
- package/docs/pipeline-sdk/CLI_SPEC.md +609 -0
- package/docs/pipeline-sdk/PIPELINE_SDK_DESIGN.md +1372 -0
- package/extensions/kakao-talkchannel/MIGRATION_ARCH_ANALYSIS.md +455 -0
- package/extensions/kakao-talkchannel/MIGRATION_CODE_ANALYSIS.md +383 -0
- package/extensions/kakao-talkchannel/MIGRATION_STRATEGY.md +115 -0
- package/extensions/kakao-talkchannel/README.md +50 -0
- package/extensions/kakao-talkchannel/index.ts +20 -0
- package/extensions/kakao-talkchannel/moldclaw.plugin.json +98 -0
- package/extensions/kakao-talkchannel/package.json +12 -0
- package/extensions/kakao-talkchannel/src/adapters/config.ts +132 -0
- package/extensions/kakao-talkchannel/src/adapters/gateway.ts +974 -0
- package/extensions/kakao-talkchannel/src/adapters/outbound.ts +52 -0
- package/extensions/kakao-talkchannel/src/adapters/pairing.ts +35 -0
- package/extensions/kakao-talkchannel/src/adapters/security.ts +57 -0
- package/extensions/kakao-talkchannel/src/adapters/setup.ts +105 -0
- package/extensions/kakao-talkchannel/src/adapters/status.ts +117 -0
- package/extensions/kakao-talkchannel/src/channel.ts +58 -0
- package/extensions/kakao-talkchannel/src/commands/card.ts +413 -0
- package/extensions/kakao-talkchannel/src/config/schema.ts +129 -0
- package/extensions/kakao-talkchannel/src/kakao/callback.ts +133 -0
- package/extensions/kakao-talkchannel/src/kakao/limits.ts +129 -0
- package/extensions/kakao-talkchannel/src/kakao/payload.ts +138 -0
- package/extensions/kakao-talkchannel/src/kakao/response.ts +373 -0
- package/extensions/kakao-talkchannel/src/relay/client.ts +146 -0
- package/extensions/kakao-talkchannel/src/relay/session.ts +137 -0
- package/extensions/kakao-talkchannel/src/relay/sse.ts +258 -0
- package/extensions/kakao-talkchannel/src/relay/stream.ts +149 -0
- package/extensions/kakao-talkchannel/src/runtime.ts +21 -0
- package/extensions/kakao-talkchannel/src/types.ts +447 -0
- package/extensions/kakao-talkchannel/src/version.ts +3 -0
- package/extensions/kakao-talkchannel/tsconfig.json +19 -0
- package/package.json +23 -8
- package/skills/meshy/SKILL.md +69 -0
- package/skills/meshy/scripts/__pycache__/check_status.cpython-312.pyc +0 -0
- package/skills/meshy/scripts/__pycache__/image_to_3d.cpython-312.pyc +0 -0
- package/skills/meshy/scripts/__pycache__/text_to_3d.cpython-312.pyc +0 -0
- package/skills/meshy/scripts/check_status.py +147 -0
- package/skills/meshy/scripts/image_to_3d.py +229 -0
- package/skills/meshy/scripts/text_to_3d.py +214 -0
- package/skills/nano-banana-pro/scripts/generate_image.py +1 -1
- package/skills/openai-whisper-api/scripts/transcribe.sh +0 -0
- package/skills/tavily-search/SKILL.md +61 -0
- package/skills/tavily-search/scripts/__pycache__/search.cpython-312.pyc +0 -0
- package/skills/tavily-search/scripts/search.py +238 -0
- package/skills/video-frames/scripts/frame.sh +0 -0
- package/LICENSE +0 -21
- package/dist/accounts-UcSvD34O.js +0 -109
- package/dist/acp-cli-BPb8PgHP.js +0 -2088
- package/dist/actions.runtime-BL5QRooG.js +0 -114
- package/dist/actions.runtime-DSdfSo40.js +0 -128
- package/dist/agents-CHeX_5-H.js +0 -217
- package/dist/agents-DQRL9XKP.js +0 -853
- package/dist/allow-list-Boi79v-U.js +0 -81
- package/dist/allowlist-B2eBBeMF.js +0 -142
- package/dist/api-CFAtRSYL.js +0 -6953
- package/dist/api-D5JNJj8n.js +0 -112
- package/dist/audit-BM0GsdzV.js +0 -787
- package/dist/audit-BqRK9OSj.js +0 -54
- package/dist/audit-channel.collect.runtime-BPvDB8aq.js +0 -600
- package/dist/audit-channel.runtime-D3fzHiAo.js +0 -116
- package/dist/audit-extra.async-NveNIzX0.js +0 -813
- package/dist/audit-membership-runtime-mu470WFO.js +0 -157
- package/dist/audit.deep.runtime-RdxvW8Tj.js +0 -24
- package/dist/audit.nondeep.runtime-DDu8vA9Z.js +0 -831
- package/dist/audit.runtime-Y8C9W7s9.js +0 -113
- package/dist/auth-choice-C1CIxRsi.js +0 -268
- package/dist/auth-choice-CTvqWiDI.js +0 -117
- package/dist/auth-choice-Ddzko1B8.js +0 -502
- package/dist/auth-choice-options-BIAmAiCe.js +0 -123
- package/dist/auth-choice-prompt-B815kArz.js +0 -110
- package/dist/auth-choice-prompt-CGhTNCJx.js +0 -36
- package/dist/auth-choice.plugin-providers.runtime-AvAZ6S5W.js +0 -114
- package/dist/auth-profiles-BJcHzwPy.js +0 -127650
- package/dist/auth-profiles.runtime-CieFilK5.js +0 -111
- package/dist/bluebubbles-F8FGE9cH.js +0 -64
- package/dist/brave-BG5Yopn8.js +0 -24
- package/dist/browser-cli-Co7PJGZF.js +0 -1492
- package/dist/call-CoaQYq7c.js +0 -639
- package/dist/call-D3eu5Jjh.js +0 -37
- package/dist/channel-BftWD6yu.js +0 -1321
- package/dist/channel-Bub9U5Xg.js +0 -214
- package/dist/channel-C0oDs7TO.js +0 -4681
- package/dist/channel-C8CnEdkZ.js +0 -352
- package/dist/channel-CI-RC-xf.js +0 -497
- package/dist/channel-CY-hZCOJ.js +0 -397
- package/dist/channel-CbtGJB2x.js +0 -943
- package/dist/channel-CcfK3wP8.js +0 -803
- package/dist/channel-DBoDIeVj.js +0 -619
- package/dist/channel-DEq6Ecs-.js +0 -920
- package/dist/channel-DH4dhW1n.js +0 -226
- package/dist/channel-DQ_wdKg_.js +0 -575
- package/dist/channel-DT6qD1Ic.js +0 -207
- package/dist/channel-DZNAyxwr.js +0 -542
- package/dist/channel-DtakwAEe.js +0 -538
- package/dist/channel-DuYgH6p1.js +0 -562
- package/dist/channel-Hn-AN-d52.js +0 -316
- package/dist/channel-_R4hbD5h.js +0 -1598
- package/dist/channel-account-context-DXq8dlvI.js +0 -103
- package/dist/channel-kQmEVn3I.js +0 -306
- package/dist/channel-options-DHfxaklg.js +0 -50
- package/dist/channel-summary-DUpnoYhI.js +0 -106
- package/dist/channel-t-JxCWk6.js +0 -949
- package/dist/channel.runtime--GYriaXU.js +0 -213
- package/dist/channel.runtime-BJtn3GOH.js +0 -174
- package/dist/channel.runtime-BV7t_oNz.js +0 -166
- package/dist/channel.runtime-Bi8a3n9S.js +0 -865
- package/dist/channel.runtime-BjsYF0NN.js +0 -122
- package/dist/channel.runtime-BnI6YtmI.js +0 -413
- package/dist/channel.runtime-CQOftcCd.js +0 -194
- package/dist/channel.runtime-CuIAcPjZ.js +0 -4006
- package/dist/channel.runtime-DH1Q1G4k.js +0 -399
- package/dist/channel.runtime-DYYUPKxr.js +0 -236
- package/dist/channel.runtime-U5Gszsr5.js +0 -177
- package/dist/channel.setup-BQFHmgki.js +0 -9
- package/dist/channel.setup-BVoDwklu.js +0 -8
- package/dist/channel.setup-Bf73HsXr.js +0 -57
- package/dist/channel.setup-CblD4flM.js +0 -11
- package/dist/channel.setup-DgxlrPgz.js +0 -6
- package/dist/channel.setup-GLIAEVKL.js +0 -8
- package/dist/channel.setup-YTy5R1sz.js +0 -9
- package/dist/channels-CTL8iR9J.js +0 -404
- package/dist/channels-DBGvnjHY.js +0 -1113
- package/dist/channels-cli-BmVO5-sq.js +0 -286
- package/dist/channels-status-issues-kDtsWzA-.js +0 -16
- package/dist/clawbot-cli-DtcMJHqX.js +0 -113
- package/dist/cli-BNGECGVY.js +0 -149
- package/dist/command-registry-1SDrWgER.js +0 -13
- package/dist/command-registry-DNorYU4w.js +0 -212
- package/dist/command-secret-gateway-DqDZparO.js +0 -106
- package/dist/compact.runtime-C1ZN8UGb.js +0 -111
- package/dist/completion-cli-Q_Jt5Foc.js +0 -16
- package/dist/completion-cli-QkTXhuJh.js +0 -445
- package/dist/config-BbxrRaLf.js +0 -938
- package/dist/config-CkD8DJ7L.js +0 -44
- package/dist/config-cli-BoPrlYTp.js +0 -428
- package/dist/config-guard-CEhCvr_u.js +0 -117
- package/dist/config-schema-GQ6uWjXe.js +0 -31
- package/dist/config-validation-woE2_LpC.js +0 -262
- package/dist/config-value-Dh8m-CFf.js +0 -132
- package/dist/config-y4i5g7s4.js +0 -30
- package/dist/configure-DGRzwdFN.js +0 -1100
- package/dist/configure-S4AHE3k_.js +0 -238
- package/dist/control-ui-shared-kLBp4YlS.js +0 -29
- package/dist/credentials-D5uBf_C5.js +0 -265
- package/dist/cron-cli-lGupeVCW.js +0 -634
- package/dist/daemon-cli-Cs_edi0I.js +0 -339
- package/dist/daemon-install-DIFpP_qv.js +0 -175
- package/dist/deliver-DYa_DFZU.js +0 -106
- package/dist/deliver-runtime-DCW_o2Ot.js +0 -106
- package/dist/devices-cli-YsGOW2-w.js +0 -340
- package/dist/diagnostic-vMghIesG.js +0 -310
- package/dist/directory-cli-DtjMQjU5.js +0 -306
- package/dist/directory.static-DBZGvsdF.js +0 -44
- package/dist/discord-DYCu19HT.js +0 -109
- package/dist/discovery-DZYAoDF_.js +0 -48
- package/dist/dns-cli-DqW4pNgW.js +0 -216
- package/dist/docs-cli-Bu9TBlDU.js +0 -173
- package/dist/doctor-completion-B5hcQD5c.js +0 -90
- package/dist/doctor-config-flow-BBB2ZKfT.js +0 -107
- package/dist/doctor-config-flow-DDBYUS9f.js +0 -2437
- package/dist/enable-Tmsp8QuB.js +0 -24
- package/dist/env-overrides-BHxqjYZG.js +0 -434
- package/dist/env-overrides.runtime-Cz98bf-l.js +0 -17
- package/dist/exec-approvals-cli-wO5cYfMa.js +0 -419
- package/dist/gateway-cli-CFvDGhB9.js +0 -26429
- package/dist/gateway-install-token-CskJfo_N.js +0 -163
- package/dist/gateway-rpc-srYfBID9.js +0 -26
- package/dist/gateway-runtime-C76hUmUV.js +0 -69
- package/dist/googlechat-Cha5utST.js +0 -307
- package/dist/health-DDQYYsJy.js +0 -108
- package/dist/health-DXZykGaX.js +0 -570
- package/dist/hooks-cli-DfkurPYP.js +0 -995
- package/dist/imessage-B26k39pl.js +0 -110
- package/dist/imessage-Bp1_6cws.js +0 -31
- package/dist/inbound-reply-dispatch-DoIJLztA.js +0 -71
- package/dist/install-target-BjOuS4I8.js +0 -574
- package/dist/installs-Cz4k0W1Y.js +0 -532
- package/dist/io-B0OKifLZ.js +0 -28
- package/dist/io-DcoxdH6t.js +0 -9570
- package/dist/ipv4-CTQQ4_IW.js +0 -82
- package/dist/irc-B8vBDigm.js +0 -672
- package/dist/library-VCM_cQY4.js +0 -107
- package/dist/lifecycle-core-Ctz36PdQ.js +0 -382
- package/dist/line-B_uTLrdI.js +0 -530
- package/dist/llm-slug-generator-YWg0g2pj.js +0 -67
- package/dist/logging-S-5LPdfQ.js +0 -13
- package/dist/logging-ueBMCGMR.js +0 -29
- package/dist/login-qr-pcACm2Ng.js +0 -107
- package/dist/login-qr-pv-kxMfF.js +0 -233
- package/dist/logs-cli-RgADgSMO.js +0 -254
- package/dist/manager-runtime-BhTkoKmb.js +0 -106
- package/dist/manager.runtime-BjHzikoK.js +0 -710
- package/dist/matrix-C4EEu2Qp.js +0 -1490
- package/dist/matrix-Dfzcc5nV.js +0 -1269
- package/dist/mcp-cli-CJmOm9Oj.js +0 -86
- package/dist/media-understanding.runtime-DCETFCw_.js +0 -111
- package/dist/memory-cli-DFqd6tYx.js +0 -106
- package/dist/method-scopes-D-Q9dvbj.js +0 -2586
- package/dist/model-picker-Z-CUcuMr.js +0 -390
- package/dist/model-picker-v5mUsZ4J.js +0 -107
- package/dist/model-picker.runtime-A_z0dHfS.js +0 -120
- package/dist/model-suppression.runtime-QVWVJRr-.js +0 -111
- package/dist/models-Bbj0xV4F.js +0 -2514
- package/dist/models-D-OIjZqU.js +0 -113
- package/dist/models-cli-Bpn-5i4h.js +0 -304
- package/dist/models-config-Cwa5cJbC.js +0 -106
- package/dist/monitor-BchfCAaU.js +0 -6823
- package/dist/monitor-BydV44SP.js +0 -3076
- package/dist/monitor-CT8axwfm.js +0 -767
- package/dist/monitor-CZGWNOvn.js +0 -777
- package/dist/monitor-DN62r69g.js +0 -3468
- package/dist/monitor-DZ0fzJku.js +0 -110
- package/dist/monitor-DvNjzWFu.js +0 -108
- package/dist/monitor-shared-B-DBSlkQ.js +0 -444
- package/dist/msteams-Bf-wk2Rp.js +0 -852
- package/dist/node-cli-kH16TQI7.js +0 -2498
- package/dist/node-resolve-DfOpQmxm.js +0 -835
- package/dist/nodes-cli-CkAMXW5u.js +0 -1375
- package/dist/nostr-B8UGHclZ.js +0 -8744
- package/dist/npm-resolution-DmjlifII.js +0 -60
- package/dist/onboard-C883nfyw.js +0 -589
- package/dist/onboard-channels-Dc-BxN7p.js +0 -200
- package/dist/onboard-channels-j5EENtum.js +0 -1241
- package/dist/onboard-custom-0atne0C5.js +0 -571
- package/dist/onboard-custom-CWMqwjJx.js +0 -109
- package/dist/onboard-helpers-D3wWfH8F.js +0 -335
- package/dist/onboard-helpers-DZmRCe8l.js +0 -108
- package/dist/onboard-remote-Cn6kW-p0.js +0 -112
- package/dist/onboard-remote-Cx4w5VAk.js +0 -181
- package/dist/onboard-search-Ck9HRh2M.js +0 -297
- package/dist/onboard-skills-BtqrGioT.js +0 -133
- package/dist/onboard-skills-Dnw19Os8.js +0 -112
- package/dist/outbound-media-C5Nv4o18.js +0 -11
- package/dist/pairing-cli-Cwy9QZ_4.js +0 -212
- package/dist/perplexity-Brhpb45X.js +0 -24
- package/dist/pi-model-discovery-runtime-DIOdo6D8.js +0 -106
- package/dist/pi-tools.before-tool-call.runtime-CFM4gsDF.js +0 -380
- package/dist/plugin-install-BOV00hia.js +0 -112
- package/dist/plugin-install-Bak8fUBv.js +0 -184
- package/dist/plugin-install-plan-bKkEefRf.js +0 -49
- package/dist/plugin-registry-DxAXQUlZ.js +0 -108
- package/dist/plugin-registry-n0p3phem.js +0 -49
- package/dist/plugins-Ca3RK8Fi.js +0 -106
- package/dist/plugins-cli-BnC51H2R.js +0 -912
- package/dist/policy-BJv97w9e.js +0 -143
- package/dist/preflight-audio.runtime-BrFcf-6_.js +0 -111
- package/dist/probe-063xvvZc.js +0 -19
- package/dist/probe-BJEb2wGv.js +0 -1793
- package/dist/probe-CJQlxgsl.js +0 -47
- package/dist/probe-Caa2HznF.js +0 -6328
- package/dist/probe-CfL4tnJ6.js +0 -129
- package/dist/probe-auth-DN2Ec83-.js +0 -38
- package/dist/probe-auth-D_UKzu4m.js +0 -48
- package/dist/program-BOMdC7MC.js +0 -247
- package/dist/prompt-select-styled-DDnCfM3j.js +0 -2673
- package/dist/provider-api-key-auth.runtime-DUns3fwX.js +0 -116
- package/dist/provider-auth-choice-B_j1ctT2.js +0 -126
- package/dist/provider-auth-choice-preference-BaOBZ_Xn.js +0 -189
- package/dist/provider-auth-choice.runtime-DOako_zV.js +0 -118
- package/dist/provider-auth-guidance-CrjxnoNZ.js +0 -34
- package/dist/provider-runtime.runtime-BkOkgmTw.js +0 -106
- package/dist/provider-self-hosted-setup-BFDU6dRa.js +0 -182
- package/dist/provider-usage-CaDE0mqq.js +0 -106
- package/dist/provider-web-search-BR7etTjJ.js +0 -2392
- package/dist/provider-wizard-DCPdKUvb.js +0 -152
- package/dist/push-apns-B_OZjm4v.js +0 -1038
- package/dist/pw-ai-dG60P0hQ.js +0 -1866
- package/dist/qr-cli-DWfiw79I.js +0 -369
- package/dist/qr-cli-DwuKtyZQ.js +0 -108
- package/dist/reactions-CIGAPBn8.js +0 -281
- package/dist/read-only-account-inspect.discord.runtime-D54mnq8l.js +0 -111
- package/dist/read-only-account-inspect.slack.runtime-Bxs9ObMC.js +0 -111
- package/dist/read-only-account-inspect.telegram.runtime-UoVuf_Yo.js +0 -111
- package/dist/redact-snapshot-DZ3Vq-SC.js +0 -2657
- package/dist/ref-contract-D96lSYLs.js +0 -53
- package/dist/register.agent-2KmeahEL.js +0 -434
- package/dist/register.backup-ECBnWVR7.js +0 -624
- package/dist/register.configure-Doz1daCp.js +0 -247
- package/dist/register.maintenance-C33cV-WM.js +0 -569
- package/dist/register.message-CnL0NiF6.js +0 -704
- package/dist/register.onboard-BrYGZeQA.js +0 -187
- package/dist/register.setup-Bx6gEg6X.js +0 -207
- package/dist/register.status-health-sessions-FLb0CUOO.js +0 -493
- package/dist/register.subclis-BuqgaeIf.js +0 -12
- package/dist/register.subclis-DwdgfdnT.js +0 -315
- package/dist/registry-xhgvU89y.js +0 -1107
- package/dist/replies-hB2aipLu.js +0 -110
- package/dist/resolve-3ErMOltL.js +0 -660
- package/dist/resolve-channels-BV8GXuPe.js +0 -226
- package/dist/resolve-channels-CTY_XRIP.js +0 -262
- package/dist/resolve-users-DQ4Ne4Zc.js +0 -143
- package/dist/routes-BNDsNO_e.js +0 -7097
- package/dist/rpc-BLGTBWXq.js +0 -67
- package/dist/run-main-COAE4GlI.js +0 -423
- package/dist/runtime-discord-ops.runtime-Dxg-nlgd.js +0 -9073
- package/dist/runtime-slack-ops.runtime-Di474LJr.js +0 -4551
- package/dist/runtime-telegram-ops.runtime-Da8vgf3O.js +0 -128
- package/dist/runtime-whatsapp-login.runtime-DcouP4iF.js +0 -109
- package/dist/runtime-whatsapp-outbound.runtime-CYamaEJX.js +0 -112
- package/dist/sandbox-cli-U5ZTxhxL.js +0 -530
- package/dist/search-manager-CfizyEMk.js +0 -386
- package/dist/search-manager-DaF2QP4s.js +0 -15
- package/dist/secrets-cli-C0gytFip.js +0 -2065
- package/dist/security-cli-C74EuLUO.js +0 -570
- package/dist/send-BTLVBf_E.js +0 -631
- package/dist/send-BlWWCEZE.js +0 -1025
- package/dist/send-CfypD1B_.js +0 -100
- package/dist/send-Cm9v3uhF.js +0 -283
- package/dist/send-g2odQuYI.js +0 -629
- package/dist/server-C8b5QJ2s.js +0 -106
- package/dist/server-node-events-xqQe5xiu.js +0 -501
- package/dist/sessions-CSSzvgPQ.js +0 -107
- package/dist/sessions-z0GIvdKa.js +0 -218
- package/dist/setup-D9XTmlF8.js +0 -387
- package/dist/setup-core-BDrLOwYO.js +0 -143
- package/dist/setup-core-CM7cY7_i.js +0 -166
- package/dist/setup-core-CnmgANY-.js +0 -205
- package/dist/setup-core-DgcjCKmG.js +0 -47
- package/dist/setup-surface-DzRrVKYj.js +0 -490
- package/dist/setup.finalize-UaPu_adv.js +0 -517
- package/dist/setup.gateway-config-Djc1ceEh.js +0 -338
- package/dist/setup.secret-input-BkczghbR.js +0 -25
- package/dist/shared-BHizGoNk.js +0 -298
- package/dist/shared-CUfYhQkP.js +0 -96
- package/dist/shared-DYYqr9EC.js +0 -75
- package/dist/shared-DthOxMRQ.js +0 -182
- package/dist/shared-On_A5_hW.js +0 -102
- package/dist/signal-D6px9PGZ.js +0 -109
- package/dist/skills-B4h1k-SP.js +0 -853
- package/dist/skills-Bto10BGB.js +0 -19
- package/dist/skills-cli-CXGR3Y5j.js +0 -291
- package/dist/skills-install-B1AlkK8C.js +0 -763
- package/dist/skills-status-BsmJ_iSg.js +0 -20
- package/dist/skills-status-DGdxY3OI.js +0 -169
- package/dist/slack-B7vWFmxP.js +0 -109
- package/dist/slash-commands.runtime-DXdAT84n.js +0 -123
- package/dist/slash-dispatch.runtime-CNf2-9Aj.js +0 -136
- package/dist/slash-skill-commands.runtime-CBjffHRX.js +0 -111
- package/dist/src-Cp7P7T08.js +0 -1696
- package/dist/status-158fWh4A.js +0 -43
- package/dist/status-BJIVLJnb.js +0 -1599
- package/dist/status-BQiBI6N9.js +0 -126
- package/dist/status-CZipXGUu.js +0 -121
- package/dist/status-ZZIVFLI-.js +0 -606
- package/dist/status-json-BNUy5Mem.js +0 -286
- package/dist/status.link-channel-B694y1Xu.js +0 -138
- package/dist/status.scan.deps.runtime-BcoKEzQD.js +0 -121
- package/dist/status.scan.runtime-CqScDt-p.js +0 -114
- package/dist/status.summary-AMek7qvI.js +0 -592
- package/dist/status.summary.runtime-XgkcQ_kr.js +0 -113
- package/dist/subagent-orphan-recovery-CrCYTmFC.js +0 -302
- package/dist/subagent-registry-runtime-Cg-YvLx3.js +0 -106
- package/dist/synology-chat-0G85jIqQ.js +0 -297
- package/dist/system-cli-kZtSxKNm.js +0 -92
- package/dist/telegram-DV0Wy89w.js +0 -109
- package/dist/text-chunking-C2J2Oeul.js +0 -84
- package/dist/tlon-DmK1NUVP.js +0 -433
- package/dist/tui-D3bNPLG7.js +0 -3834
- package/dist/tui-cli-DtMp9k_s.js +0 -132
- package/dist/types.secrets-DuSPmmWB.js +0 -80
- package/dist/ui-CeGztSEL.js +0 -31
- package/dist/update-De7VudzP.js +0 -1036
- package/dist/update-cli-BH8Pb-So.js +0 -1498
- package/dist/update-offset-store-syELkdEW.js +0 -107
- package/dist/update-runner-Cq-Q40T9.js +0 -1496
- package/dist/web-CjMtvfSq.js +0 -107
- package/dist/webhook-targets-_jTR0Bb_.js +0 -181
- package/dist/webhooks-cli-DQ6u2Qau.js +0 -349
- package/dist/whatsapp-CyLk16SZ.js +0 -109
- package/dist/whatsapp-actions-Dzr2Wzqw.js +0 -162
- package/dist/workspace-dirs-L1_QQ9mB.js +0 -2002
- package/dist/zalo-CrehfXvK.js +0 -415
- package/dist/zalouser-D1QD-O-I.js +0 -30911
- package/dist/zod-schema.core-CWxzqcUs.js +0 -541
|
@@ -0,0 +1,813 @@
|
|
|
1
|
+
import { h as resolveOAuthDir } from "./paths-D6AgsMTU.js";
|
|
2
|
+
import { m as resolveDefaultAgentId } from "./agent-scope-DA7O8MVG.js";
|
|
3
|
+
import { c as normalizeAgentId } from "./session-key-DyhRsRh-.js";
|
|
4
|
+
import { a as hasConfiguredSecretInput } from "./types.secrets-Bojc4omL.js";
|
|
5
|
+
import { c as extensionUsesSkippedScannerPath, l as isPathInside, r as normalizePluginsConfig } from "./config-state-D1JkXt39.js";
|
|
6
|
+
import { n as MANIFEST_KEY } from "./legacy-names-COLWJGwZ.js";
|
|
7
|
+
import { i as safeStat, n as formatPermissionRemediation, r as inspectPathPermissions, t as formatPermissionDetail } from "./audit-fs-SjcfoPO7.js";
|
|
8
|
+
import { R as resolveSandboxConfigForAgent, V as resolveSandboxToolPolicyForAgent, X as resolveToolProfilePolicy, i as pickSandboxToolPolicy, l as resolveNativeSkillsEnabled, m as execDockerRaw, n as isToolAllowedByPolicies, st as SANDBOX_BROWSER_SECURITY_HASH_EPOCH, t as listAgentWorkspaceDirs } from "./workspace-dirs-d3Ms_ryk.js";
|
|
9
|
+
import { t as formatCliCommand } from "./command-format-DIDjlImI.js";
|
|
10
|
+
import { t as scanDirectoryWithSummary } from "./skill-scanner-DB0hEKWk.js";
|
|
11
|
+
import { t as collectIncludePathsRecursive } from "./includes-scan-BCG1k877.js";
|
|
12
|
+
import path from "node:path";
|
|
13
|
+
import fs from "node:fs/promises";
|
|
14
|
+
//#region src/security/audit-extra.async.ts
|
|
15
|
+
/**
|
|
16
|
+
* Asynchronous security audit collector functions.
|
|
17
|
+
*
|
|
18
|
+
* These functions perform I/O (filesystem, config reads) to detect security issues.
|
|
19
|
+
*/
|
|
20
|
+
const MAX_WORKSPACE_SKILL_SCAN_FILES_PER_WORKSPACE = 2e3;
|
|
21
|
+
const MAX_WORKSPACE_SKILL_ESCAPE_DETAIL_ROWS = 12;
|
|
22
|
+
let skillsModulePromise;
|
|
23
|
+
let configModulePromise;
|
|
24
|
+
function loadSkillsModule() {
|
|
25
|
+
skillsModulePromise ??= import("./skills-RNm54CBO.js");
|
|
26
|
+
return skillsModulePromise;
|
|
27
|
+
}
|
|
28
|
+
function loadConfigModule() {
|
|
29
|
+
configModulePromise ??= import("./config-DchtRsvs.js");
|
|
30
|
+
return configModulePromise;
|
|
31
|
+
}
|
|
32
|
+
function expandTilde(p, env) {
|
|
33
|
+
if (!p.startsWith("~")) return p;
|
|
34
|
+
const home = typeof env.HOME === "string" && env.HOME.trim() ? env.HOME.trim() : null;
|
|
35
|
+
if (!home) return null;
|
|
36
|
+
if (p === "~") return home;
|
|
37
|
+
if (p.startsWith("~/") || p.startsWith("~\\")) return path.join(home, p.slice(2));
|
|
38
|
+
return null;
|
|
39
|
+
}
|
|
40
|
+
async function readPluginManifestExtensions(pluginPath) {
|
|
41
|
+
const manifestPath = path.join(pluginPath, "package.json");
|
|
42
|
+
const raw = await fs.readFile(manifestPath, "utf-8").catch(() => "");
|
|
43
|
+
if (!raw.trim()) return [];
|
|
44
|
+
const extensions = JSON.parse(raw)?.[MANIFEST_KEY]?.extensions;
|
|
45
|
+
if (!Array.isArray(extensions)) return [];
|
|
46
|
+
return extensions.map((entry) => typeof entry === "string" ? entry.trim() : "").filter(Boolean);
|
|
47
|
+
}
|
|
48
|
+
function formatCodeSafetyDetails(findings, rootDir) {
|
|
49
|
+
return findings.map((finding) => {
|
|
50
|
+
const relPath = path.relative(rootDir, finding.file);
|
|
51
|
+
const normalizedPath = (relPath && relPath !== "." && !relPath.startsWith("..") ? relPath : path.basename(finding.file)).replaceAll("\\", "/");
|
|
52
|
+
return ` - [${finding.ruleId}] ${finding.message} (${normalizedPath}:${finding.line})`;
|
|
53
|
+
}).join("\n");
|
|
54
|
+
}
|
|
55
|
+
async function listInstalledPluginDirs(params) {
|
|
56
|
+
const extensionsDir = path.join(params.stateDir, "extensions");
|
|
57
|
+
const st = await safeStat(extensionsDir);
|
|
58
|
+
if (!st.ok || !st.isDir) return {
|
|
59
|
+
extensionsDir,
|
|
60
|
+
pluginDirs: []
|
|
61
|
+
};
|
|
62
|
+
return {
|
|
63
|
+
extensionsDir,
|
|
64
|
+
pluginDirs: (await fs.readdir(extensionsDir, { withFileTypes: true }).catch((err) => {
|
|
65
|
+
params.onReadError?.(err);
|
|
66
|
+
return [];
|
|
67
|
+
})).filter((entry) => entry.isDirectory()).map((entry) => entry.name).filter(Boolean)
|
|
68
|
+
};
|
|
69
|
+
}
|
|
70
|
+
function resolveToolPolicies(params) {
|
|
71
|
+
const policies = [
|
|
72
|
+
resolveToolProfilePolicy(params.agentTools?.profile ?? params.cfg.tools?.profile),
|
|
73
|
+
pickSandboxToolPolicy(params.cfg.tools ?? void 0),
|
|
74
|
+
pickSandboxToolPolicy(params.agentTools)
|
|
75
|
+
];
|
|
76
|
+
if (params.sandboxMode === "all") policies.push(resolveSandboxToolPolicyForAgent(params.cfg, params.agentId ?? void 0));
|
|
77
|
+
return policies;
|
|
78
|
+
}
|
|
79
|
+
function normalizePluginIdSet(entries) {
|
|
80
|
+
return new Set(entries.map((entry) => entry.trim().toLowerCase()).filter(Boolean));
|
|
81
|
+
}
|
|
82
|
+
function resolveEnabledExtensionPluginIds(params) {
|
|
83
|
+
const normalized = normalizePluginsConfig(params.cfg.plugins);
|
|
84
|
+
if (!normalized.enabled) return [];
|
|
85
|
+
const allowSet = normalizePluginIdSet(normalized.allow);
|
|
86
|
+
const denySet = normalizePluginIdSet(normalized.deny);
|
|
87
|
+
const entryById = /* @__PURE__ */ new Map();
|
|
88
|
+
for (const [id, entry] of Object.entries(normalized.entries)) entryById.set(id.trim().toLowerCase(), entry);
|
|
89
|
+
const enabled = [];
|
|
90
|
+
for (const id of params.pluginDirs) {
|
|
91
|
+
const normalizedId = id.trim().toLowerCase();
|
|
92
|
+
if (!normalizedId) continue;
|
|
93
|
+
if (denySet.has(normalizedId)) continue;
|
|
94
|
+
if (allowSet.size > 0 && !allowSet.has(normalizedId)) continue;
|
|
95
|
+
if (entryById.get(normalizedId)?.enabled === false) continue;
|
|
96
|
+
enabled.push(normalizedId);
|
|
97
|
+
}
|
|
98
|
+
return enabled;
|
|
99
|
+
}
|
|
100
|
+
function collectAllowEntries(config) {
|
|
101
|
+
const out = [];
|
|
102
|
+
if (Array.isArray(config?.allow)) out.push(...config.allow);
|
|
103
|
+
if (Array.isArray(config?.alsoAllow)) out.push(...config.alsoAllow);
|
|
104
|
+
return out.map((entry) => entry.trim().toLowerCase()).filter(Boolean);
|
|
105
|
+
}
|
|
106
|
+
function hasExplicitPluginAllow(params) {
|
|
107
|
+
return params.allowEntries.some((entry) => entry === "group:plugins" || params.enabledPluginIds.has(entry));
|
|
108
|
+
}
|
|
109
|
+
function hasProviderPluginAllow(params) {
|
|
110
|
+
if (!params.byProvider) return false;
|
|
111
|
+
for (const policy of Object.values(params.byProvider)) if (hasExplicitPluginAllow({
|
|
112
|
+
allowEntries: collectAllowEntries(policy),
|
|
113
|
+
enabledPluginIds: params.enabledPluginIds
|
|
114
|
+
})) return true;
|
|
115
|
+
return false;
|
|
116
|
+
}
|
|
117
|
+
function isPinnedRegistrySpec(spec) {
|
|
118
|
+
const value = spec.trim();
|
|
119
|
+
if (!value) return false;
|
|
120
|
+
const at = value.lastIndexOf("@");
|
|
121
|
+
if (at <= 0 || at >= value.length - 1) return false;
|
|
122
|
+
const version = value.slice(at + 1).trim();
|
|
123
|
+
return /^v?\d+\.\d+\.\d+(?:-[0-9A-Za-z.-]+)?(?:\+[0-9A-Za-z.-]+)?$/.test(version);
|
|
124
|
+
}
|
|
125
|
+
async function readInstalledPackageVersion(dir) {
|
|
126
|
+
try {
|
|
127
|
+
const raw = await fs.readFile(path.join(dir, "package.json"), "utf-8");
|
|
128
|
+
const parsed = JSON.parse(raw);
|
|
129
|
+
return typeof parsed.version === "string" ? parsed.version : void 0;
|
|
130
|
+
} catch {
|
|
131
|
+
return;
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
function buildCodeSafetySummaryCacheKey(params) {
|
|
135
|
+
const includeFiles = (params.includeFiles ?? []).map((entry) => entry.trim()).filter(Boolean);
|
|
136
|
+
const includeKey = includeFiles.length > 0 ? includeFiles.toSorted().join("\0") : "";
|
|
137
|
+
return `${params.dirPath}\u0000${includeKey}`;
|
|
138
|
+
}
|
|
139
|
+
async function getCodeSafetySummary(params) {
|
|
140
|
+
const cacheKey = buildCodeSafetySummaryCacheKey({
|
|
141
|
+
dirPath: params.dirPath,
|
|
142
|
+
includeFiles: params.includeFiles
|
|
143
|
+
});
|
|
144
|
+
const cache = params.summaryCache;
|
|
145
|
+
if (cache) {
|
|
146
|
+
const hit = cache.get(cacheKey);
|
|
147
|
+
if (hit) return await hit;
|
|
148
|
+
const pending = scanDirectoryWithSummary(params.dirPath, { includeFiles: params.includeFiles });
|
|
149
|
+
cache.set(cacheKey, pending);
|
|
150
|
+
return await pending;
|
|
151
|
+
}
|
|
152
|
+
return await scanDirectoryWithSummary(params.dirPath, { includeFiles: params.includeFiles });
|
|
153
|
+
}
|
|
154
|
+
async function listWorkspaceSkillMarkdownFiles(workspaceDir) {
|
|
155
|
+
const skillsRoot = path.join(workspaceDir, "skills");
|
|
156
|
+
const rootStat = await safeStat(skillsRoot);
|
|
157
|
+
if (!rootStat.ok || !rootStat.isDir) return [];
|
|
158
|
+
const skillFiles = [];
|
|
159
|
+
const queue = [skillsRoot];
|
|
160
|
+
const visitedDirs = /* @__PURE__ */ new Set();
|
|
161
|
+
while (queue.length > 0 && skillFiles.length < MAX_WORKSPACE_SKILL_SCAN_FILES_PER_WORKSPACE) {
|
|
162
|
+
const dir = queue.shift();
|
|
163
|
+
const dirRealPath = await fs.realpath(dir).catch(() => path.resolve(dir));
|
|
164
|
+
if (visitedDirs.has(dirRealPath)) continue;
|
|
165
|
+
visitedDirs.add(dirRealPath);
|
|
166
|
+
const entries = await fs.readdir(dir, { withFileTypes: true }).catch(() => []);
|
|
167
|
+
for (const entry of entries) {
|
|
168
|
+
if (entry.name.startsWith(".") || entry.name === "node_modules") continue;
|
|
169
|
+
const fullPath = path.join(dir, entry.name);
|
|
170
|
+
if (entry.isDirectory()) {
|
|
171
|
+
queue.push(fullPath);
|
|
172
|
+
continue;
|
|
173
|
+
}
|
|
174
|
+
if (entry.isSymbolicLink()) {
|
|
175
|
+
const stat = await fs.stat(fullPath).catch(() => null);
|
|
176
|
+
if (!stat) continue;
|
|
177
|
+
if (stat.isDirectory()) {
|
|
178
|
+
queue.push(fullPath);
|
|
179
|
+
continue;
|
|
180
|
+
}
|
|
181
|
+
if (stat.isFile() && entry.name === "SKILL.md") skillFiles.push(fullPath);
|
|
182
|
+
continue;
|
|
183
|
+
}
|
|
184
|
+
if (entry.isFile() && entry.name === "SKILL.md") skillFiles.push(fullPath);
|
|
185
|
+
}
|
|
186
|
+
}
|
|
187
|
+
return skillFiles;
|
|
188
|
+
}
|
|
189
|
+
function normalizeDockerLabelValue(raw) {
|
|
190
|
+
const trimmed = raw?.trim() ?? "";
|
|
191
|
+
if (!trimmed || trimmed === "<no value>") return null;
|
|
192
|
+
return trimmed;
|
|
193
|
+
}
|
|
194
|
+
async function listSandboxBrowserContainers(execDockerRawFn) {
|
|
195
|
+
try {
|
|
196
|
+
const result = await execDockerRawFn([
|
|
197
|
+
"ps",
|
|
198
|
+
"-a",
|
|
199
|
+
"--filter",
|
|
200
|
+
"label=moldclaw.sandboxBrowser=1",
|
|
201
|
+
"--format",
|
|
202
|
+
"{{.Names}}"
|
|
203
|
+
], { allowFailure: true });
|
|
204
|
+
if (result.code !== 0) return null;
|
|
205
|
+
return result.stdout.toString("utf8").split(/\r?\n/).map((entry) => entry.trim()).filter(Boolean);
|
|
206
|
+
} catch {
|
|
207
|
+
return null;
|
|
208
|
+
}
|
|
209
|
+
}
|
|
210
|
+
async function readSandboxBrowserHashLabels(params) {
|
|
211
|
+
try {
|
|
212
|
+
const result = await params.execDockerRawFn([
|
|
213
|
+
"inspect",
|
|
214
|
+
"-f",
|
|
215
|
+
"{{ index .Config.Labels \"moldclaw.configHash\" }} {{ index .Config.Labels \"moldclaw.browserConfigEpoch\" }}",
|
|
216
|
+
params.containerName
|
|
217
|
+
], { allowFailure: true });
|
|
218
|
+
if (result.code !== 0) return null;
|
|
219
|
+
const [hashRaw, epochRaw] = result.stdout.toString("utf8").split(" ");
|
|
220
|
+
return {
|
|
221
|
+
configHash: normalizeDockerLabelValue(hashRaw),
|
|
222
|
+
epoch: normalizeDockerLabelValue(epochRaw)
|
|
223
|
+
};
|
|
224
|
+
} catch {
|
|
225
|
+
return null;
|
|
226
|
+
}
|
|
227
|
+
}
|
|
228
|
+
function parsePublishedHostFromDockerPortLine(line) {
|
|
229
|
+
const trimmed = line.trim();
|
|
230
|
+
const rhs = trimmed.includes("->") ? trimmed.split("->").at(-1)?.trim() ?? "" : trimmed;
|
|
231
|
+
if (!rhs) return null;
|
|
232
|
+
const bracketHost = rhs.match(/^\[([^\]]+)\]:\d+$/);
|
|
233
|
+
if (bracketHost?.[1]) return bracketHost[1];
|
|
234
|
+
const hostPort = rhs.match(/^([^:]+):\d+$/);
|
|
235
|
+
if (hostPort?.[1]) return hostPort[1];
|
|
236
|
+
return null;
|
|
237
|
+
}
|
|
238
|
+
function isLoopbackPublishHost(host) {
|
|
239
|
+
const normalized = host.trim().toLowerCase();
|
|
240
|
+
return normalized === "127.0.0.1" || normalized === "::1" || normalized === "localhost";
|
|
241
|
+
}
|
|
242
|
+
async function readSandboxBrowserPortMappings(params) {
|
|
243
|
+
try {
|
|
244
|
+
const result = await params.execDockerRawFn(["port", params.containerName], { allowFailure: true });
|
|
245
|
+
if (result.code !== 0) return null;
|
|
246
|
+
return result.stdout.toString("utf8").split(/\r?\n/).map((entry) => entry.trim()).filter(Boolean);
|
|
247
|
+
} catch {
|
|
248
|
+
return null;
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
async function collectSandboxBrowserHashLabelFindings(params) {
|
|
252
|
+
const findings = [];
|
|
253
|
+
const execFn = params?.execDockerRawFn ?? execDockerRaw;
|
|
254
|
+
const containers = await listSandboxBrowserContainers(execFn);
|
|
255
|
+
if (!containers || containers.length === 0) return findings;
|
|
256
|
+
const missingHash = [];
|
|
257
|
+
const staleEpoch = [];
|
|
258
|
+
const nonLoopbackPublished = [];
|
|
259
|
+
for (const containerName of containers) {
|
|
260
|
+
const labels = await readSandboxBrowserHashLabels({
|
|
261
|
+
containerName,
|
|
262
|
+
execDockerRawFn: execFn
|
|
263
|
+
});
|
|
264
|
+
if (!labels) continue;
|
|
265
|
+
if (!labels.configHash) missingHash.push(containerName);
|
|
266
|
+
if (labels.epoch !== "2026-02-28-no-sandbox-env") staleEpoch.push(containerName);
|
|
267
|
+
const portMappings = await readSandboxBrowserPortMappings({
|
|
268
|
+
containerName,
|
|
269
|
+
execDockerRawFn: execFn
|
|
270
|
+
});
|
|
271
|
+
if (!portMappings?.length) continue;
|
|
272
|
+
const exposedMappings = portMappings.filter((line) => {
|
|
273
|
+
const host = parsePublishedHostFromDockerPortLine(line);
|
|
274
|
+
return Boolean(host && !isLoopbackPublishHost(host));
|
|
275
|
+
});
|
|
276
|
+
if (exposedMappings.length > 0) nonLoopbackPublished.push(`${containerName} (${exposedMappings.join("; ")})`);
|
|
277
|
+
}
|
|
278
|
+
if (missingHash.length > 0) findings.push({
|
|
279
|
+
checkId: "sandbox.browser_container.hash_label_missing",
|
|
280
|
+
severity: "warn",
|
|
281
|
+
title: "Sandbox browser container missing config hash label",
|
|
282
|
+
detail: `Containers: ${missingHash.join(", ")}. These browser containers predate hash-based drift checks and may miss security remediations until recreated.`,
|
|
283
|
+
remediation: `${formatCliCommand("moldclaw sandbox recreate --browser --all")} (add --force to skip prompt).`
|
|
284
|
+
});
|
|
285
|
+
if (staleEpoch.length > 0) findings.push({
|
|
286
|
+
checkId: "sandbox.browser_container.hash_epoch_stale",
|
|
287
|
+
severity: "warn",
|
|
288
|
+
title: "Sandbox browser container hash epoch is stale",
|
|
289
|
+
detail: `Containers: ${staleEpoch.join(", ")}. Expected moldclaw.browserConfigEpoch=${SANDBOX_BROWSER_SECURITY_HASH_EPOCH}.`,
|
|
290
|
+
remediation: `${formatCliCommand("moldclaw sandbox recreate --browser --all")} (add --force to skip prompt).`
|
|
291
|
+
});
|
|
292
|
+
if (nonLoopbackPublished.length > 0) findings.push({
|
|
293
|
+
checkId: "sandbox.browser_container.non_loopback_publish",
|
|
294
|
+
severity: "critical",
|
|
295
|
+
title: "Sandbox browser container publishes ports on non-loopback interfaces",
|
|
296
|
+
detail: `Containers: ${nonLoopbackPublished.join(", ")}. Sandbox browser observer/control ports should stay loopback-only to avoid unintended remote access.`,
|
|
297
|
+
remediation: `${formatCliCommand("moldclaw sandbox recreate --browser --all")} (add --force to skip prompt), then verify published ports are bound to 127.0.0.1.`
|
|
298
|
+
});
|
|
299
|
+
return findings;
|
|
300
|
+
}
|
|
301
|
+
async function collectPluginsTrustFindings(params) {
|
|
302
|
+
const findings = [];
|
|
303
|
+
const { extensionsDir, pluginDirs } = await listInstalledPluginDirs({ stateDir: params.stateDir });
|
|
304
|
+
if (pluginDirs.length > 0) {
|
|
305
|
+
const allow = params.cfg.plugins?.allow;
|
|
306
|
+
if (!(Array.isArray(allow) && allow.length > 0)) {
|
|
307
|
+
const hasString = (value) => typeof value === "string" && value.trim().length > 0;
|
|
308
|
+
const hasSecretInput = (value) => hasConfiguredSecretInput(value, params.cfg.secrets?.defaults);
|
|
309
|
+
const hasAccountStringKey = (account, key) => Boolean(account && typeof account === "object" && hasString(account[key]));
|
|
310
|
+
const hasAccountSecretInputKey = (account, key) => Boolean(account && typeof account === "object" && hasSecretInput(account[key]));
|
|
311
|
+
const discordConfigured = hasSecretInput(params.cfg.channels?.discord?.token) || Boolean(params.cfg.channels?.discord?.accounts && Object.values(params.cfg.channels.discord.accounts).some((a) => hasAccountSecretInputKey(a, "token"))) || hasString(process.env.DISCORD_BOT_TOKEN);
|
|
312
|
+
const telegramConfigured = hasSecretInput(params.cfg.channels?.telegram?.botToken) || hasString(params.cfg.channels?.telegram?.tokenFile) || Boolean(params.cfg.channels?.telegram?.accounts && Object.values(params.cfg.channels.telegram.accounts).some((a) => hasAccountSecretInputKey(a, "botToken") || hasAccountStringKey(a, "tokenFile"))) || hasString(process.env.TELEGRAM_BOT_TOKEN);
|
|
313
|
+
const slackConfigured = hasSecretInput(params.cfg.channels?.slack?.botToken) || hasSecretInput(params.cfg.channels?.slack?.appToken) || Boolean(params.cfg.channels?.slack?.accounts && Object.values(params.cfg.channels.slack.accounts).some((a) => hasAccountSecretInputKey(a, "botToken") || hasAccountSecretInputKey(a, "appToken"))) || hasString(process.env.SLACK_BOT_TOKEN) || hasString(process.env.SLACK_APP_TOKEN);
|
|
314
|
+
const skillCommandsLikelyExposed = discordConfigured && resolveNativeSkillsEnabled({
|
|
315
|
+
providerId: "discord",
|
|
316
|
+
providerSetting: params.cfg.channels?.discord?.commands?.nativeSkills,
|
|
317
|
+
globalSetting: params.cfg.commands?.nativeSkills
|
|
318
|
+
}) || telegramConfigured && resolveNativeSkillsEnabled({
|
|
319
|
+
providerId: "telegram",
|
|
320
|
+
providerSetting: params.cfg.channels?.telegram?.commands?.nativeSkills,
|
|
321
|
+
globalSetting: params.cfg.commands?.nativeSkills
|
|
322
|
+
}) || slackConfigured && resolveNativeSkillsEnabled({
|
|
323
|
+
providerId: "slack",
|
|
324
|
+
providerSetting: params.cfg.channels?.slack?.commands?.nativeSkills,
|
|
325
|
+
globalSetting: params.cfg.commands?.nativeSkills
|
|
326
|
+
});
|
|
327
|
+
findings.push({
|
|
328
|
+
checkId: "plugins.extensions_no_allowlist",
|
|
329
|
+
severity: skillCommandsLikelyExposed ? "critical" : "warn",
|
|
330
|
+
title: "Extensions exist but plugins.allow is not set",
|
|
331
|
+
detail: `Found ${pluginDirs.length} extension(s) under ${extensionsDir}. Without plugins.allow, any discovered plugin id may load (depending on config and plugin behavior).` + (skillCommandsLikelyExposed ? "\nNative skill commands are enabled on at least one configured chat surface; treat unpinned/unallowlisted extensions as high risk." : ""),
|
|
332
|
+
remediation: "Set plugins.allow to an explicit list of plugin ids you trust."
|
|
333
|
+
});
|
|
334
|
+
}
|
|
335
|
+
const enabledExtensionPluginIds = resolveEnabledExtensionPluginIds({
|
|
336
|
+
cfg: params.cfg,
|
|
337
|
+
pluginDirs
|
|
338
|
+
});
|
|
339
|
+
if (enabledExtensionPluginIds.length > 0) {
|
|
340
|
+
const enabledPluginSet = new Set(enabledExtensionPluginIds);
|
|
341
|
+
const contexts = [{ label: "default" }];
|
|
342
|
+
for (const entry of params.cfg.agents?.list ?? []) {
|
|
343
|
+
if (!entry || typeof entry !== "object" || typeof entry.id !== "string") continue;
|
|
344
|
+
contexts.push({
|
|
345
|
+
label: `agents.list.${entry.id}`,
|
|
346
|
+
agentId: entry.id,
|
|
347
|
+
tools: entry.tools
|
|
348
|
+
});
|
|
349
|
+
}
|
|
350
|
+
const permissiveContexts = [];
|
|
351
|
+
for (const context of contexts) {
|
|
352
|
+
const profile = context.tools?.profile ?? params.cfg.tools?.profile;
|
|
353
|
+
const restrictiveProfile = Boolean(resolveToolProfilePolicy(profile));
|
|
354
|
+
const sandboxMode = resolveSandboxConfigForAgent(params.cfg, context.agentId).mode;
|
|
355
|
+
const broadPolicy = isToolAllowedByPolicies("__moldclaw_plugin_probe__", resolveToolPolicies({
|
|
356
|
+
cfg: params.cfg,
|
|
357
|
+
agentTools: context.tools,
|
|
358
|
+
sandboxMode,
|
|
359
|
+
agentId: context.agentId
|
|
360
|
+
}));
|
|
361
|
+
const explicitPluginAllow = !restrictiveProfile && (hasExplicitPluginAllow({
|
|
362
|
+
allowEntries: collectAllowEntries(params.cfg.tools),
|
|
363
|
+
enabledPluginIds: enabledPluginSet
|
|
364
|
+
}) || hasProviderPluginAllow({
|
|
365
|
+
byProvider: params.cfg.tools?.byProvider,
|
|
366
|
+
enabledPluginIds: enabledPluginSet
|
|
367
|
+
}) || hasExplicitPluginAllow({
|
|
368
|
+
allowEntries: collectAllowEntries(context.tools),
|
|
369
|
+
enabledPluginIds: enabledPluginSet
|
|
370
|
+
}) || hasProviderPluginAllow({
|
|
371
|
+
byProvider: context.tools?.byProvider,
|
|
372
|
+
enabledPluginIds: enabledPluginSet
|
|
373
|
+
}));
|
|
374
|
+
if (broadPolicy || explicitPluginAllow) permissiveContexts.push(context.label);
|
|
375
|
+
}
|
|
376
|
+
if (permissiveContexts.length > 0) findings.push({
|
|
377
|
+
checkId: "plugins.tools_reachable_permissive_policy",
|
|
378
|
+
severity: "warn",
|
|
379
|
+
title: "Extension plugin tools may be reachable under permissive tool policy",
|
|
380
|
+
detail: `Enabled extension plugins: ${enabledExtensionPluginIds.join(", ")}.\nPermissive tool policy contexts:\n${permissiveContexts.map((entry) => `- ${entry}`).join("\n")}`,
|
|
381
|
+
remediation: "Use restrictive profiles (`minimal`/`coding`) or explicit tool allowlists that exclude plugin tools for agents handling untrusted input."
|
|
382
|
+
});
|
|
383
|
+
}
|
|
384
|
+
}
|
|
385
|
+
const pluginInstalls = params.cfg.plugins?.installs ?? {};
|
|
386
|
+
const npmPluginInstalls = Object.entries(pluginInstalls).filter(([, record]) => record?.source === "npm");
|
|
387
|
+
if (npmPluginInstalls.length > 0) {
|
|
388
|
+
const unpinned = npmPluginInstalls.filter(([, record]) => typeof record.spec === "string" && !isPinnedRegistrySpec(record.spec)).map(([pluginId, record]) => `${pluginId} (${record.spec})`);
|
|
389
|
+
if (unpinned.length > 0) findings.push({
|
|
390
|
+
checkId: "plugins.installs_unpinned_npm_specs",
|
|
391
|
+
severity: "warn",
|
|
392
|
+
title: "Plugin installs include unpinned npm specs",
|
|
393
|
+
detail: `Unpinned plugin install records:\n${unpinned.map((entry) => `- ${entry}`).join("\n")}`,
|
|
394
|
+
remediation: "Pin install specs to exact versions (for example, `@scope/pkg@1.2.3`) for higher supply-chain stability."
|
|
395
|
+
});
|
|
396
|
+
const missingIntegrity = npmPluginInstalls.filter(([, record]) => typeof record.integrity !== "string" || record.integrity.trim() === "").map(([pluginId]) => pluginId);
|
|
397
|
+
if (missingIntegrity.length > 0) findings.push({
|
|
398
|
+
checkId: "plugins.installs_missing_integrity",
|
|
399
|
+
severity: "warn",
|
|
400
|
+
title: "Plugin installs are missing integrity metadata",
|
|
401
|
+
detail: `Plugin install records missing integrity:\n${missingIntegrity.map((entry) => `- ${entry}`).join("\n")}`,
|
|
402
|
+
remediation: "Reinstall or update plugins to refresh install metadata with resolved integrity hashes."
|
|
403
|
+
});
|
|
404
|
+
const pluginVersionDrift = [];
|
|
405
|
+
for (const [pluginId, record] of npmPluginInstalls) {
|
|
406
|
+
const recordedVersion = record.resolvedVersion ?? record.version;
|
|
407
|
+
if (!recordedVersion) continue;
|
|
408
|
+
const installedVersion = await readInstalledPackageVersion(record.installPath ?? path.join(params.stateDir, "extensions", pluginId));
|
|
409
|
+
if (!installedVersion || installedVersion === recordedVersion) continue;
|
|
410
|
+
pluginVersionDrift.push(`${pluginId} (recorded ${recordedVersion}, installed ${installedVersion})`);
|
|
411
|
+
}
|
|
412
|
+
if (pluginVersionDrift.length > 0) findings.push({
|
|
413
|
+
checkId: "plugins.installs_version_drift",
|
|
414
|
+
severity: "warn",
|
|
415
|
+
title: "Plugin install records drift from installed package versions",
|
|
416
|
+
detail: `Detected plugin install metadata drift:\n${pluginVersionDrift.map((entry) => `- ${entry}`).join("\n")}`,
|
|
417
|
+
remediation: "Run `moldclaw plugins update --all` (or reinstall affected plugins) to refresh install metadata."
|
|
418
|
+
});
|
|
419
|
+
}
|
|
420
|
+
const hookInstalls = params.cfg.hooks?.internal?.installs ?? {};
|
|
421
|
+
const npmHookInstalls = Object.entries(hookInstalls).filter(([, record]) => record?.source === "npm");
|
|
422
|
+
if (npmHookInstalls.length > 0) {
|
|
423
|
+
const unpinned = npmHookInstalls.filter(([, record]) => typeof record.spec === "string" && !isPinnedRegistrySpec(record.spec)).map(([hookId, record]) => `${hookId} (${record.spec})`);
|
|
424
|
+
if (unpinned.length > 0) findings.push({
|
|
425
|
+
checkId: "hooks.installs_unpinned_npm_specs",
|
|
426
|
+
severity: "warn",
|
|
427
|
+
title: "Hook installs include unpinned npm specs",
|
|
428
|
+
detail: `Unpinned hook install records:\n${unpinned.map((entry) => `- ${entry}`).join("\n")}`,
|
|
429
|
+
remediation: "Pin hook install specs to exact versions (for example, `@scope/pkg@1.2.3`) for higher supply-chain stability."
|
|
430
|
+
});
|
|
431
|
+
const missingIntegrity = npmHookInstalls.filter(([, record]) => typeof record.integrity !== "string" || record.integrity.trim() === "").map(([hookId]) => hookId);
|
|
432
|
+
if (missingIntegrity.length > 0) findings.push({
|
|
433
|
+
checkId: "hooks.installs_missing_integrity",
|
|
434
|
+
severity: "warn",
|
|
435
|
+
title: "Hook installs are missing integrity metadata",
|
|
436
|
+
detail: `Hook install records missing integrity:\n${missingIntegrity.map((entry) => `- ${entry}`).join("\n")}`,
|
|
437
|
+
remediation: "Reinstall or update hooks to refresh install metadata with resolved integrity hashes."
|
|
438
|
+
});
|
|
439
|
+
const hookVersionDrift = [];
|
|
440
|
+
for (const [hookId, record] of npmHookInstalls) {
|
|
441
|
+
const recordedVersion = record.resolvedVersion ?? record.version;
|
|
442
|
+
if (!recordedVersion) continue;
|
|
443
|
+
const installedVersion = await readInstalledPackageVersion(record.installPath ?? path.join(params.stateDir, "hooks", hookId));
|
|
444
|
+
if (!installedVersion || installedVersion === recordedVersion) continue;
|
|
445
|
+
hookVersionDrift.push(`${hookId} (recorded ${recordedVersion}, installed ${installedVersion})`);
|
|
446
|
+
}
|
|
447
|
+
if (hookVersionDrift.length > 0) findings.push({
|
|
448
|
+
checkId: "hooks.installs_version_drift",
|
|
449
|
+
severity: "warn",
|
|
450
|
+
title: "Hook install records drift from installed package versions",
|
|
451
|
+
detail: `Detected hook install metadata drift:\n${hookVersionDrift.map((entry) => `- ${entry}`).join("\n")}`,
|
|
452
|
+
remediation: "Run `moldclaw hooks update --all` (or reinstall affected hooks) to refresh install metadata."
|
|
453
|
+
});
|
|
454
|
+
}
|
|
455
|
+
return findings;
|
|
456
|
+
}
|
|
457
|
+
async function collectWorkspaceSkillSymlinkEscapeFindings(params) {
|
|
458
|
+
const findings = [];
|
|
459
|
+
const workspaceDirs = listAgentWorkspaceDirs(params.cfg);
|
|
460
|
+
if (workspaceDirs.length === 0) return findings;
|
|
461
|
+
const escapedSkillFiles = [];
|
|
462
|
+
const seenSkillPaths = /* @__PURE__ */ new Set();
|
|
463
|
+
for (const workspaceDir of workspaceDirs) {
|
|
464
|
+
const workspacePath = path.resolve(workspaceDir);
|
|
465
|
+
const workspaceRealPath = await fs.realpath(workspacePath).catch(() => workspacePath);
|
|
466
|
+
const skillFilePaths = await listWorkspaceSkillMarkdownFiles(workspacePath);
|
|
467
|
+
for (const skillFilePath of skillFilePaths) {
|
|
468
|
+
const canonicalSkillPath = path.resolve(skillFilePath);
|
|
469
|
+
if (seenSkillPaths.has(canonicalSkillPath)) continue;
|
|
470
|
+
seenSkillPaths.add(canonicalSkillPath);
|
|
471
|
+
const skillRealPath = await fs.realpath(canonicalSkillPath).catch(() => null);
|
|
472
|
+
if (!skillRealPath) continue;
|
|
473
|
+
if (isPathInside(workspaceRealPath, skillRealPath)) continue;
|
|
474
|
+
escapedSkillFiles.push({
|
|
475
|
+
workspaceDir: workspacePath,
|
|
476
|
+
skillFilePath: canonicalSkillPath,
|
|
477
|
+
skillRealPath
|
|
478
|
+
});
|
|
479
|
+
}
|
|
480
|
+
}
|
|
481
|
+
if (escapedSkillFiles.length === 0) return findings;
|
|
482
|
+
findings.push({
|
|
483
|
+
checkId: "skills.workspace.symlink_escape",
|
|
484
|
+
severity: "warn",
|
|
485
|
+
title: "Workspace skill files resolve outside the workspace root",
|
|
486
|
+
detail: "Detected workspace `skills/**/SKILL.md` paths whose realpath escapes their workspace root:\n" + escapedSkillFiles.slice(0, MAX_WORKSPACE_SKILL_ESCAPE_DETAIL_ROWS).map((entry) => `- workspace=${entry.workspaceDir}\n skill=${entry.skillFilePath}\n realpath=${entry.skillRealPath}`).join("\n") + (escapedSkillFiles.length > MAX_WORKSPACE_SKILL_ESCAPE_DETAIL_ROWS ? `\n- +${escapedSkillFiles.length - MAX_WORKSPACE_SKILL_ESCAPE_DETAIL_ROWS} more` : ""),
|
|
487
|
+
remediation: "Keep workspace skills inside the workspace root (replace symlinked escapes with real in-workspace files), or move trusted shared skills to managed/bundled skill locations."
|
|
488
|
+
});
|
|
489
|
+
return findings;
|
|
490
|
+
}
|
|
491
|
+
async function collectIncludeFilePermFindings(params) {
|
|
492
|
+
const findings = [];
|
|
493
|
+
if (!params.configSnapshot.exists) return findings;
|
|
494
|
+
const configPath = params.configSnapshot.path;
|
|
495
|
+
const includePaths = await collectIncludePathsRecursive({
|
|
496
|
+
configPath,
|
|
497
|
+
parsed: params.configSnapshot.parsed
|
|
498
|
+
});
|
|
499
|
+
if (includePaths.length === 0) return findings;
|
|
500
|
+
for (const p of includePaths) {
|
|
501
|
+
const perms = await inspectPathPermissions(p, {
|
|
502
|
+
env: params.env,
|
|
503
|
+
platform: params.platform,
|
|
504
|
+
exec: params.execIcacls
|
|
505
|
+
});
|
|
506
|
+
if (!perms.ok) continue;
|
|
507
|
+
if (perms.worldWritable || perms.groupWritable) findings.push({
|
|
508
|
+
checkId: "fs.config_include.perms_writable",
|
|
509
|
+
severity: "critical",
|
|
510
|
+
title: "Config include file is writable by others",
|
|
511
|
+
detail: `${formatPermissionDetail(p, perms)}; another user could influence your effective config.`,
|
|
512
|
+
remediation: formatPermissionRemediation({
|
|
513
|
+
targetPath: p,
|
|
514
|
+
perms,
|
|
515
|
+
isDir: false,
|
|
516
|
+
posixMode: 384,
|
|
517
|
+
env: params.env
|
|
518
|
+
})
|
|
519
|
+
});
|
|
520
|
+
else if (perms.worldReadable) findings.push({
|
|
521
|
+
checkId: "fs.config_include.perms_world_readable",
|
|
522
|
+
severity: "critical",
|
|
523
|
+
title: "Config include file is world-readable",
|
|
524
|
+
detail: `${formatPermissionDetail(p, perms)}; include files can contain tokens and private settings.`,
|
|
525
|
+
remediation: formatPermissionRemediation({
|
|
526
|
+
targetPath: p,
|
|
527
|
+
perms,
|
|
528
|
+
isDir: false,
|
|
529
|
+
posixMode: 384,
|
|
530
|
+
env: params.env
|
|
531
|
+
})
|
|
532
|
+
});
|
|
533
|
+
else if (perms.groupReadable) findings.push({
|
|
534
|
+
checkId: "fs.config_include.perms_group_readable",
|
|
535
|
+
severity: "warn",
|
|
536
|
+
title: "Config include file is group-readable",
|
|
537
|
+
detail: `${formatPermissionDetail(p, perms)}; include files can contain tokens and private settings.`,
|
|
538
|
+
remediation: formatPermissionRemediation({
|
|
539
|
+
targetPath: p,
|
|
540
|
+
perms,
|
|
541
|
+
isDir: false,
|
|
542
|
+
posixMode: 384,
|
|
543
|
+
env: params.env
|
|
544
|
+
})
|
|
545
|
+
});
|
|
546
|
+
}
|
|
547
|
+
return findings;
|
|
548
|
+
}
|
|
549
|
+
async function collectStateDeepFilesystemFindings(params) {
|
|
550
|
+
const findings = [];
|
|
551
|
+
const oauthDir = resolveOAuthDir(params.env, params.stateDir);
|
|
552
|
+
const oauthPerms = await inspectPathPermissions(oauthDir, {
|
|
553
|
+
env: params.env,
|
|
554
|
+
platform: params.platform,
|
|
555
|
+
exec: params.execIcacls
|
|
556
|
+
});
|
|
557
|
+
if (oauthPerms.ok && oauthPerms.isDir) {
|
|
558
|
+
if (oauthPerms.worldWritable || oauthPerms.groupWritable) findings.push({
|
|
559
|
+
checkId: "fs.credentials_dir.perms_writable",
|
|
560
|
+
severity: "critical",
|
|
561
|
+
title: "Credentials dir is writable by others",
|
|
562
|
+
detail: `${formatPermissionDetail(oauthDir, oauthPerms)}; another user could drop/modify credential files.`,
|
|
563
|
+
remediation: formatPermissionRemediation({
|
|
564
|
+
targetPath: oauthDir,
|
|
565
|
+
perms: oauthPerms,
|
|
566
|
+
isDir: true,
|
|
567
|
+
posixMode: 448,
|
|
568
|
+
env: params.env
|
|
569
|
+
})
|
|
570
|
+
});
|
|
571
|
+
else if (oauthPerms.groupReadable || oauthPerms.worldReadable) findings.push({
|
|
572
|
+
checkId: "fs.credentials_dir.perms_readable",
|
|
573
|
+
severity: "warn",
|
|
574
|
+
title: "Credentials dir is readable by others",
|
|
575
|
+
detail: `${formatPermissionDetail(oauthDir, oauthPerms)}; credentials and allowlists can be sensitive.`,
|
|
576
|
+
remediation: formatPermissionRemediation({
|
|
577
|
+
targetPath: oauthDir,
|
|
578
|
+
perms: oauthPerms,
|
|
579
|
+
isDir: true,
|
|
580
|
+
posixMode: 448,
|
|
581
|
+
env: params.env
|
|
582
|
+
})
|
|
583
|
+
});
|
|
584
|
+
}
|
|
585
|
+
const agentIds = Array.isArray(params.cfg.agents?.list) ? params.cfg.agents?.list.map((a) => a && typeof a === "object" && typeof a.id === "string" ? a.id.trim() : "").filter(Boolean) : [];
|
|
586
|
+
const defaultAgentId = resolveDefaultAgentId(params.cfg);
|
|
587
|
+
const ids = Array.from(new Set([defaultAgentId, ...agentIds])).map((id) => normalizeAgentId(id));
|
|
588
|
+
for (const agentId of ids) {
|
|
589
|
+
const agentDir = path.join(params.stateDir, "agents", agentId, "agent");
|
|
590
|
+
const authPath = path.join(agentDir, "auth-profiles.json");
|
|
591
|
+
const authPerms = await inspectPathPermissions(authPath, {
|
|
592
|
+
env: params.env,
|
|
593
|
+
platform: params.platform,
|
|
594
|
+
exec: params.execIcacls
|
|
595
|
+
});
|
|
596
|
+
if (authPerms.ok) {
|
|
597
|
+
if (authPerms.worldWritable || authPerms.groupWritable) findings.push({
|
|
598
|
+
checkId: "fs.auth_profiles.perms_writable",
|
|
599
|
+
severity: "critical",
|
|
600
|
+
title: "auth-profiles.json is writable by others",
|
|
601
|
+
detail: `${formatPermissionDetail(authPath, authPerms)}; another user could inject credentials.`,
|
|
602
|
+
remediation: formatPermissionRemediation({
|
|
603
|
+
targetPath: authPath,
|
|
604
|
+
perms: authPerms,
|
|
605
|
+
isDir: false,
|
|
606
|
+
posixMode: 384,
|
|
607
|
+
env: params.env
|
|
608
|
+
})
|
|
609
|
+
});
|
|
610
|
+
else if (authPerms.worldReadable || authPerms.groupReadable) findings.push({
|
|
611
|
+
checkId: "fs.auth_profiles.perms_readable",
|
|
612
|
+
severity: "warn",
|
|
613
|
+
title: "auth-profiles.json is readable by others",
|
|
614
|
+
detail: `${formatPermissionDetail(authPath, authPerms)}; auth-profiles.json contains API keys and OAuth tokens.`,
|
|
615
|
+
remediation: formatPermissionRemediation({
|
|
616
|
+
targetPath: authPath,
|
|
617
|
+
perms: authPerms,
|
|
618
|
+
isDir: false,
|
|
619
|
+
posixMode: 384,
|
|
620
|
+
env: params.env
|
|
621
|
+
})
|
|
622
|
+
});
|
|
623
|
+
}
|
|
624
|
+
const storePath = path.join(params.stateDir, "agents", agentId, "sessions", "sessions.json");
|
|
625
|
+
const storePerms = await inspectPathPermissions(storePath, {
|
|
626
|
+
env: params.env,
|
|
627
|
+
platform: params.platform,
|
|
628
|
+
exec: params.execIcacls
|
|
629
|
+
});
|
|
630
|
+
if (storePerms.ok) {
|
|
631
|
+
if (storePerms.worldReadable || storePerms.groupReadable) findings.push({
|
|
632
|
+
checkId: "fs.sessions_store.perms_readable",
|
|
633
|
+
severity: "warn",
|
|
634
|
+
title: "sessions.json is readable by others",
|
|
635
|
+
detail: `${formatPermissionDetail(storePath, storePerms)}; routing and transcript metadata can be sensitive.`,
|
|
636
|
+
remediation: formatPermissionRemediation({
|
|
637
|
+
targetPath: storePath,
|
|
638
|
+
perms: storePerms,
|
|
639
|
+
isDir: false,
|
|
640
|
+
posixMode: 384,
|
|
641
|
+
env: params.env
|
|
642
|
+
})
|
|
643
|
+
});
|
|
644
|
+
}
|
|
645
|
+
}
|
|
646
|
+
const logFile = typeof params.cfg.logging?.file === "string" ? params.cfg.logging.file.trim() : "";
|
|
647
|
+
if (logFile) {
|
|
648
|
+
const expanded = logFile.startsWith("~") ? expandTilde(logFile, params.env) : logFile;
|
|
649
|
+
if (expanded) {
|
|
650
|
+
const logPath = path.resolve(expanded);
|
|
651
|
+
const logPerms = await inspectPathPermissions(logPath, {
|
|
652
|
+
env: params.env,
|
|
653
|
+
platform: params.platform,
|
|
654
|
+
exec: params.execIcacls
|
|
655
|
+
});
|
|
656
|
+
if (logPerms.ok) {
|
|
657
|
+
if (logPerms.worldReadable || logPerms.groupReadable) findings.push({
|
|
658
|
+
checkId: "fs.log_file.perms_readable",
|
|
659
|
+
severity: "warn",
|
|
660
|
+
title: "Log file is readable by others",
|
|
661
|
+
detail: `${formatPermissionDetail(logPath, logPerms)}; logs can contain private messages and tool output.`,
|
|
662
|
+
remediation: formatPermissionRemediation({
|
|
663
|
+
targetPath: logPath,
|
|
664
|
+
perms: logPerms,
|
|
665
|
+
isDir: false,
|
|
666
|
+
posixMode: 384,
|
|
667
|
+
env: params.env
|
|
668
|
+
})
|
|
669
|
+
});
|
|
670
|
+
}
|
|
671
|
+
}
|
|
672
|
+
}
|
|
673
|
+
return findings;
|
|
674
|
+
}
|
|
675
|
+
async function readConfigSnapshotForAudit(params) {
|
|
676
|
+
const { createConfigIO } = await loadConfigModule();
|
|
677
|
+
return await createConfigIO({
|
|
678
|
+
env: params.env,
|
|
679
|
+
configPath: params.configPath
|
|
680
|
+
}).readConfigFileSnapshot();
|
|
681
|
+
}
|
|
682
|
+
async function collectPluginsCodeSafetyFindings(params) {
|
|
683
|
+
const findings = [];
|
|
684
|
+
const { extensionsDir, pluginDirs } = await listInstalledPluginDirs({
|
|
685
|
+
stateDir: params.stateDir,
|
|
686
|
+
onReadError: (err) => {
|
|
687
|
+
findings.push({
|
|
688
|
+
checkId: "plugins.code_safety.scan_failed",
|
|
689
|
+
severity: "warn",
|
|
690
|
+
title: "Plugin extensions directory scan failed",
|
|
691
|
+
detail: `Static code scan could not list extensions directory: ${String(err)}`,
|
|
692
|
+
remediation: "Check file permissions and plugin layout, then rerun `moldclaw security audit --deep`."
|
|
693
|
+
});
|
|
694
|
+
}
|
|
695
|
+
});
|
|
696
|
+
for (const pluginName of pluginDirs) {
|
|
697
|
+
const pluginPath = path.join(extensionsDir, pluginName);
|
|
698
|
+
const extensionEntries = await readPluginManifestExtensions(pluginPath).catch(() => []);
|
|
699
|
+
const forcedScanEntries = [];
|
|
700
|
+
const escapedEntries = [];
|
|
701
|
+
for (const entry of extensionEntries) {
|
|
702
|
+
const resolvedEntry = path.resolve(pluginPath, entry);
|
|
703
|
+
if (!isPathInside(pluginPath, resolvedEntry)) {
|
|
704
|
+
escapedEntries.push(entry);
|
|
705
|
+
continue;
|
|
706
|
+
}
|
|
707
|
+
if (extensionUsesSkippedScannerPath(entry)) findings.push({
|
|
708
|
+
checkId: "plugins.code_safety.entry_path",
|
|
709
|
+
severity: "warn",
|
|
710
|
+
title: `Plugin "${pluginName}" entry path is hidden or node_modules`,
|
|
711
|
+
detail: `Extension entry "${entry}" points to a hidden or node_modules path. Deep code scan will cover this entry explicitly, but review this path choice carefully.`,
|
|
712
|
+
remediation: "Prefer extension entrypoints under normal source paths like dist/ or src/."
|
|
713
|
+
});
|
|
714
|
+
forcedScanEntries.push(resolvedEntry);
|
|
715
|
+
}
|
|
716
|
+
if (escapedEntries.length > 0) findings.push({
|
|
717
|
+
checkId: "plugins.code_safety.entry_escape",
|
|
718
|
+
severity: "critical",
|
|
719
|
+
title: `Plugin "${pluginName}" has extension entry path traversal`,
|
|
720
|
+
detail: `Found extension entries that escape the plugin directory:\n${escapedEntries.map((entry) => ` - ${entry}`).join("\n")}`,
|
|
721
|
+
remediation: "Update the plugin manifest so all moldclaw.extensions entries stay inside the plugin directory."
|
|
722
|
+
});
|
|
723
|
+
const summary = await getCodeSafetySummary({
|
|
724
|
+
dirPath: pluginPath,
|
|
725
|
+
includeFiles: forcedScanEntries,
|
|
726
|
+
summaryCache: params.summaryCache
|
|
727
|
+
}).catch((err) => {
|
|
728
|
+
findings.push({
|
|
729
|
+
checkId: "plugins.code_safety.scan_failed",
|
|
730
|
+
severity: "warn",
|
|
731
|
+
title: `Plugin "${pluginName}" code scan failed`,
|
|
732
|
+
detail: `Static code scan could not complete: ${String(err)}`,
|
|
733
|
+
remediation: "Check file permissions and plugin layout, then rerun `moldclaw security audit --deep`."
|
|
734
|
+
});
|
|
735
|
+
return null;
|
|
736
|
+
});
|
|
737
|
+
if (!summary) continue;
|
|
738
|
+
if (summary.critical > 0) {
|
|
739
|
+
const details = formatCodeSafetyDetails(summary.findings.filter((f) => f.severity === "critical"), pluginPath);
|
|
740
|
+
findings.push({
|
|
741
|
+
checkId: "plugins.code_safety",
|
|
742
|
+
severity: "critical",
|
|
743
|
+
title: `Plugin "${pluginName}" contains dangerous code patterns`,
|
|
744
|
+
detail: `Found ${summary.critical} critical issue(s) in ${summary.scannedFiles} scanned file(s):\n${details}`,
|
|
745
|
+
remediation: "Review the plugin source code carefully before use. If untrusted, remove the plugin from your moldClaw extensions state directory."
|
|
746
|
+
});
|
|
747
|
+
} else if (summary.warn > 0) {
|
|
748
|
+
const details = formatCodeSafetyDetails(summary.findings.filter((f) => f.severity === "warn"), pluginPath);
|
|
749
|
+
findings.push({
|
|
750
|
+
checkId: "plugins.code_safety",
|
|
751
|
+
severity: "warn",
|
|
752
|
+
title: `Plugin "${pluginName}" contains suspicious code patterns`,
|
|
753
|
+
detail: `Found ${summary.warn} warning(s) in ${summary.scannedFiles} scanned file(s):\n${details}`,
|
|
754
|
+
remediation: `Review the flagged code to ensure it is intentional and safe.`
|
|
755
|
+
});
|
|
756
|
+
}
|
|
757
|
+
}
|
|
758
|
+
return findings;
|
|
759
|
+
}
|
|
760
|
+
async function collectInstalledSkillsCodeSafetyFindings(params) {
|
|
761
|
+
const findings = [];
|
|
762
|
+
const pluginExtensionsDir = path.join(params.stateDir, "extensions");
|
|
763
|
+
const scannedSkillDirs = /* @__PURE__ */ new Set();
|
|
764
|
+
const workspaceDirs = listAgentWorkspaceDirs(params.cfg);
|
|
765
|
+
const { loadWorkspaceSkillEntries } = await loadSkillsModule();
|
|
766
|
+
for (const workspaceDir of workspaceDirs) {
|
|
767
|
+
const entries = loadWorkspaceSkillEntries(workspaceDir, { config: params.cfg });
|
|
768
|
+
for (const entry of entries) {
|
|
769
|
+
if (entry.skill.source === "moldclaw-bundled") continue;
|
|
770
|
+
const skillDir = path.resolve(entry.skill.baseDir);
|
|
771
|
+
if (isPathInside(pluginExtensionsDir, skillDir)) continue;
|
|
772
|
+
if (scannedSkillDirs.has(skillDir)) continue;
|
|
773
|
+
scannedSkillDirs.add(skillDir);
|
|
774
|
+
const skillName = entry.skill.name;
|
|
775
|
+
const summary = await getCodeSafetySummary({
|
|
776
|
+
dirPath: skillDir,
|
|
777
|
+
summaryCache: params.summaryCache
|
|
778
|
+
}).catch((err) => {
|
|
779
|
+
findings.push({
|
|
780
|
+
checkId: "skills.code_safety.scan_failed",
|
|
781
|
+
severity: "warn",
|
|
782
|
+
title: `Skill "${skillName}" code scan failed`,
|
|
783
|
+
detail: `Static code scan could not complete for ${skillDir}: ${String(err)}`,
|
|
784
|
+
remediation: "Check file permissions and skill layout, then rerun `moldclaw security audit --deep`."
|
|
785
|
+
});
|
|
786
|
+
return null;
|
|
787
|
+
});
|
|
788
|
+
if (!summary) continue;
|
|
789
|
+
if (summary.critical > 0) {
|
|
790
|
+
const details = formatCodeSafetyDetails(summary.findings.filter((finding) => finding.severity === "critical"), skillDir);
|
|
791
|
+
findings.push({
|
|
792
|
+
checkId: "skills.code_safety",
|
|
793
|
+
severity: "critical",
|
|
794
|
+
title: `Skill "${skillName}" contains dangerous code patterns`,
|
|
795
|
+
detail: `Found ${summary.critical} critical issue(s) in ${summary.scannedFiles} scanned file(s) under ${skillDir}:\n${details}`,
|
|
796
|
+
remediation: `Review the skill source code before use. If untrusted, remove "${skillDir}".`
|
|
797
|
+
});
|
|
798
|
+
} else if (summary.warn > 0) {
|
|
799
|
+
const details = formatCodeSafetyDetails(summary.findings.filter((finding) => finding.severity === "warn"), skillDir);
|
|
800
|
+
findings.push({
|
|
801
|
+
checkId: "skills.code_safety",
|
|
802
|
+
severity: "warn",
|
|
803
|
+
title: `Skill "${skillName}" contains suspicious code patterns`,
|
|
804
|
+
detail: `Found ${summary.warn} warning(s) in ${summary.scannedFiles} scanned file(s) under ${skillDir}:\n${details}`,
|
|
805
|
+
remediation: "Review flagged lines to ensure the behavior is intentional and safe."
|
|
806
|
+
});
|
|
807
|
+
}
|
|
808
|
+
}
|
|
809
|
+
}
|
|
810
|
+
return findings;
|
|
811
|
+
}
|
|
812
|
+
//#endregion
|
|
813
|
+
export { collectSandboxBrowserHashLabelFindings as a, readConfigSnapshotForAudit as c, collectPluginsTrustFindings as i, collectInstalledSkillsCodeSafetyFindings as n, collectStateDeepFilesystemFindings as o, collectPluginsCodeSafetyFindings as r, collectWorkspaceSkillSymlinkEscapeFindings as s, collectIncludeFilePermFindings as t };
|