@tankpkg/sdk 0.14.4 → 0.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client.d.ts +1 -1
- package/dist/client.d.ts.map +1 -1
- package/dist/index.mjs +129 -78
- package/dist/install/permissions.d.ts +2 -7
- package/dist/install/permissions.d.ts.map +1 -1
- package/package.json +1 -1
package/dist/client.d.ts
CHANGED
|
@@ -24,7 +24,7 @@ export declare class TankClient {
|
|
|
24
24
|
publishedAt: string;
|
|
25
25
|
}>;
|
|
26
26
|
}>;
|
|
27
|
-
download(name: string, version: string, options?: DownloadOptions): Promise<ReadableStream | Buffer |
|
|
27
|
+
download(name: string, version: string, options?: DownloadOptions): Promise<ReadableStream | Buffer | undefined>;
|
|
28
28
|
audit(name: string, version?: string): Promise<VersionDetail>;
|
|
29
29
|
permissions(name: string, version?: string): Promise<Permissions | null>;
|
|
30
30
|
whoami(): Promise<UserInfo | null>;
|
package/dist/client.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EACV,eAAe,EACf,WAAW,EACX,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,QAAQ,EACR,aAAa,EACd,MAAM,YAAY,CAAC;AAyDpB,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAqB;IAC3C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEvB,OAAO,GAAE,iBAAsB;YAQ7B,mBAAmB;IAiBjC,OAAO,CAAC,OAAO;YAaD,OAAO;YAwCP,IAAI;IAsBZ,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAO3F,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAI9C,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QACpC,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,KAAK,CAAC;YACd,OAAO,EAAE,MAAM,CAAC;YAChB,SAAS,EAAE,MAAM,CAAC;YAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;YAC1B,WAAW,EAAE,MAAM,CAAC;YACpB,WAAW,EAAE,MAAM,CAAC;SACrB,CAAC,CAAC;KACJ,CAAC;IAII,QAAQ,
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EACV,eAAe,EACf,WAAW,EACX,cAAc,EACd,YAAY,EACZ,iBAAiB,EACjB,iBAAiB,EACjB,QAAQ,EACR,aAAa,EACd,MAAM,YAAY,CAAC;AAyDpB,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAqB;IAC3C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEvB,OAAO,GAAE,iBAAsB;YAQ7B,mBAAmB;IAiBjC,OAAO,CAAC,OAAO;YAaD,OAAO;YAwCP,IAAI;IAsBZ,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAO3F,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAI9C,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QACpC,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,KAAK,CAAC;YACd,OAAO,EAAE,MAAM,CAAC;YAChB,SAAS,EAAE,MAAM,CAAC;YAClB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;YAC1B,WAAW,EAAE,MAAM,CAAC;YACpB,WAAW,EAAE,MAAM,CAAC;SACrB,CAAC,CAAC;KACJ,CAAC;IAII,QAAQ,CACZ,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,cAAc,GAAG,MAAM,GAAG,SAAS,CAAC;IAsDzC,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAU7D,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAKxE,MAAM,IAAI,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAUlC,cAAc,IAAI,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC;IAKnE,iBAAiB,CACrB,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE;YAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;YAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;SAAE,CAAA;KAAE,GAAG,IAAI,CAAC;IASnF,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAO5D,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAalE,SAAS;IAqBjB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IA4BhE,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,OAAO,CAAA;KAAE,CAAC;IAI1E,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjC,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG1C"}
|
package/dist/index.mjs
CHANGED
|
@@ -4236,6 +4236,30 @@ object({
|
|
|
4236
4236
|
visibility: _enum(["public", "private"]).optional(),
|
|
4237
4237
|
audit: object({ min_score: number().min(0).max(10) }).strict().optional()
|
|
4238
4238
|
}).strict();
|
|
4239
|
+
const commandSchema = string().min(1, "command must not be empty");
|
|
4240
|
+
const argSchema = array(string()).default([]);
|
|
4241
|
+
const envSchema = record(string(), string()).optional();
|
|
4242
|
+
const remoteUrlSchema = string().url("remote must be a valid URL");
|
|
4243
|
+
const mcpServerSchema = union([object({
|
|
4244
|
+
command: commandSchema,
|
|
4245
|
+
args: argSchema,
|
|
4246
|
+
env: envSchema,
|
|
4247
|
+
requires_auth: literal(false).optional()
|
|
4248
|
+
}).strict(), object({
|
|
4249
|
+
remote: remoteUrlSchema,
|
|
4250
|
+
requires_auth: boolean().default(false),
|
|
4251
|
+
env: envSchema
|
|
4252
|
+
}).strict()]);
|
|
4253
|
+
const perToolOverrideSchema = object({
|
|
4254
|
+
scan: boolean().optional(),
|
|
4255
|
+
blockOnMatch: boolean().optional()
|
|
4256
|
+
}).strict();
|
|
4257
|
+
object({
|
|
4258
|
+
perfBudgetMs: number().positive().optional(),
|
|
4259
|
+
blockOnMatch: boolean().optional(),
|
|
4260
|
+
resetPinsOnMismatch: boolean().optional(),
|
|
4261
|
+
perTool: record(string(), perToolOverrideSchema).optional()
|
|
4262
|
+
}).strict();
|
|
4239
4263
|
const baseManifestFields = {
|
|
4240
4264
|
name: string().min(1, "Name must not be empty").max(214, `Name must be 214 characters or fewer`).regex(/^@[a-z0-9-]+\/[a-z0-9][a-z0-9-]*$/, "Name must be scoped (@org/name), lowercase alphanumeric and hyphens"),
|
|
4241
4265
|
version: string().regex(/^\d+\.\d+\.\d+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$/, "Version must be valid semver"),
|
|
@@ -4244,7 +4268,8 @@ const baseManifestFields = {
|
|
|
4244
4268
|
permissions: permissionsSchema.optional(),
|
|
4245
4269
|
repository: string().url("Repository must be a valid URL").optional(),
|
|
4246
4270
|
visibility: _enum(["public", "private"]).optional(),
|
|
4247
|
-
audit: object({ min_score: number().min(0).max(10) }).strict().optional()
|
|
4271
|
+
audit: object({ min_score: number().min(0).max(10) }).strict().optional(),
|
|
4272
|
+
mcp_server: mcpServerSchema.optional()
|
|
4248
4273
|
};
|
|
4249
4274
|
object(baseManifestFields).strict();
|
|
4250
4275
|
object({
|
|
@@ -4653,83 +4678,6 @@ function hasNativeAcceleration() {
|
|
|
4653
4678
|
return tryLoadNative() !== null;
|
|
4654
4679
|
}
|
|
4655
4680
|
//#endregion
|
|
4656
|
-
//#region src/install/permissions.ts
|
|
4657
|
-
function checkPermissionBudget(budget, skillPerms, skillName) {
|
|
4658
|
-
if (!skillPerms) return;
|
|
4659
|
-
if (skillPerms.subprocess === true && budget.subprocess !== true) throw new TankPermissionError(`${skillName} requires subprocess access, but project budget does not allow it`);
|
|
4660
|
-
if (skillPerms.network?.outbound && skillPerms.network.outbound.length > 0) {
|
|
4661
|
-
const budgetDomains = budget.network?.outbound ?? [];
|
|
4662
|
-
for (const domain of skillPerms.network.outbound) if (!isDomainAllowed(domain, budgetDomains)) throw new TankPermissionError(`${skillName} requests network access to "${domain}", which is not in the project's permission budget`);
|
|
4663
|
-
}
|
|
4664
|
-
if (skillPerms.filesystem?.read && skillPerms.filesystem.read.length > 0) {
|
|
4665
|
-
const budgetPaths = budget.filesystem?.read ?? [];
|
|
4666
|
-
for (const p of skillPerms.filesystem.read) if (!isPathAllowed(p, budgetPaths)) throw new TankPermissionError(`${skillName} requests filesystem read access to "${p}", which is not in the project's permission budget`);
|
|
4667
|
-
}
|
|
4668
|
-
if (skillPerms.filesystem?.write && skillPerms.filesystem.write.length > 0) {
|
|
4669
|
-
const budgetPaths = budget.filesystem?.write ?? [];
|
|
4670
|
-
for (const p of skillPerms.filesystem.write) if (!isPathAllowed(p, budgetPaths)) throw new TankPermissionError(`${skillName} requests filesystem write access to "${p}", which is not in the project's permission budget`);
|
|
4671
|
-
}
|
|
4672
|
-
}
|
|
4673
|
-
function isDomainAllowed(domain, allowedDomains) {
|
|
4674
|
-
for (const allowed of allowedDomains) {
|
|
4675
|
-
if (allowed === domain) return true;
|
|
4676
|
-
if (allowed.startsWith("*.")) {
|
|
4677
|
-
const suffix = allowed.slice(1);
|
|
4678
|
-
if (domain.endsWith(suffix) || domain === allowed.slice(2)) return true;
|
|
4679
|
-
if (domain === allowed) return true;
|
|
4680
|
-
}
|
|
4681
|
-
}
|
|
4682
|
-
return false;
|
|
4683
|
-
}
|
|
4684
|
-
function isPathAllowed(requestedPath, allowedPaths) {
|
|
4685
|
-
const norm = (p) => p.replaceAll("\\", "/");
|
|
4686
|
-
const req = norm(requestedPath);
|
|
4687
|
-
if (req.includes("..")) return false;
|
|
4688
|
-
for (const allowed of allowedPaths) {
|
|
4689
|
-
const a = norm(allowed);
|
|
4690
|
-
if (a === req) return true;
|
|
4691
|
-
if (a.endsWith("/**")) {
|
|
4692
|
-
const prefix = a.slice(0, -3);
|
|
4693
|
-
if (req === prefix || req.startsWith(`${prefix}/`)) return true;
|
|
4694
|
-
}
|
|
4695
|
-
}
|
|
4696
|
-
return false;
|
|
4697
|
-
}
|
|
4698
|
-
function collectPermissionViolations(budget, skillPerms, skillName) {
|
|
4699
|
-
const violations = [];
|
|
4700
|
-
if (!skillPerms) return violations;
|
|
4701
|
-
if (skillPerms.subprocess === true && budget.subprocess !== true) violations.push({
|
|
4702
|
-
skillName,
|
|
4703
|
-
type: "subprocess",
|
|
4704
|
-
requested: "true"
|
|
4705
|
-
});
|
|
4706
|
-
if (skillPerms.network?.outbound) {
|
|
4707
|
-
const budgetDomains = budget.network?.outbound ?? [];
|
|
4708
|
-
for (const domain of skillPerms.network.outbound) if (!isDomainAllowed(domain, budgetDomains)) violations.push({
|
|
4709
|
-
skillName,
|
|
4710
|
-
type: "network.outbound",
|
|
4711
|
-
requested: domain
|
|
4712
|
-
});
|
|
4713
|
-
}
|
|
4714
|
-
if (skillPerms.filesystem?.read) {
|
|
4715
|
-
const budgetPaths = budget.filesystem?.read ?? [];
|
|
4716
|
-
for (const p of skillPerms.filesystem.read) if (!isPathAllowed(p, budgetPaths)) violations.push({
|
|
4717
|
-
skillName,
|
|
4718
|
-
type: "filesystem.read",
|
|
4719
|
-
requested: p
|
|
4720
|
-
});
|
|
4721
|
-
}
|
|
4722
|
-
if (skillPerms.filesystem?.write) {
|
|
4723
|
-
const budgetPaths = budget.filesystem?.write ?? [];
|
|
4724
|
-
for (const p of skillPerms.filesystem.write) if (!isPathAllowed(p, budgetPaths)) violations.push({
|
|
4725
|
-
skillName,
|
|
4726
|
-
type: "filesystem.write",
|
|
4727
|
-
requested: p
|
|
4728
|
-
});
|
|
4729
|
-
}
|
|
4730
|
-
return violations;
|
|
4731
|
-
}
|
|
4732
|
-
//#endregion
|
|
4733
4681
|
//#region ../../node_modules/.bun/semver@7.7.4/node_modules/semver/internal/constants.js
|
|
4734
4682
|
var require_constants = /* @__PURE__ */ __commonJSMin(((exports, module) => {
|
|
4735
4683
|
const SEMVER_SPEC_VERSION = "2.0.0";
|
|
@@ -6066,6 +6014,8 @@ var import_semver = /* @__PURE__ */ __toESM((/* @__PURE__ */ __commonJSMin(((exp
|
|
|
6066
6014
|
rcompareIdentifiers: identifiers.rcompareIdentifiers
|
|
6067
6015
|
};
|
|
6068
6016
|
})))(), 1);
|
|
6017
|
+
const ALPHANUMERIC = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
|
6018
|
+
`${ALPHANUMERIC}`, `${ALPHANUMERIC}`, `${ALPHANUMERIC}`, `${ALPHANUMERIC}`;
|
|
6069
6019
|
function resolve(range, versions) {
|
|
6070
6020
|
try {
|
|
6071
6021
|
if (!range || !import_semver.default.validRange(range)) return null;
|
|
@@ -6076,6 +6026,107 @@ function resolve(range, versions) {
|
|
|
6076
6026
|
return null;
|
|
6077
6027
|
}
|
|
6078
6028
|
}
|
|
6029
|
+
function isDomainAllowed(domain, allowedDomains) {
|
|
6030
|
+
for (const allowed of allowedDomains) {
|
|
6031
|
+
if (allowed === domain) return true;
|
|
6032
|
+
if (allowed.startsWith("*.")) {
|
|
6033
|
+
const suffix = allowed.slice(1);
|
|
6034
|
+
if (domain.endsWith(suffix) || domain === allowed.slice(2)) return true;
|
|
6035
|
+
if (domain === allowed) return true;
|
|
6036
|
+
}
|
|
6037
|
+
}
|
|
6038
|
+
return false;
|
|
6039
|
+
}
|
|
6040
|
+
function isPathAllowed(requestedPath, allowedPaths) {
|
|
6041
|
+
const norm = (p) => p.replaceAll("\\", "/");
|
|
6042
|
+
const req = norm(requestedPath);
|
|
6043
|
+
if (req.includes("..")) return false;
|
|
6044
|
+
for (const allowed of allowedPaths) {
|
|
6045
|
+
const a = norm(allowed);
|
|
6046
|
+
if (a === req) return true;
|
|
6047
|
+
if (a.endsWith("/**")) {
|
|
6048
|
+
const prefix = a.slice(0, -3);
|
|
6049
|
+
if (req === prefix || req.startsWith(`${prefix}/`)) return true;
|
|
6050
|
+
}
|
|
6051
|
+
}
|
|
6052
|
+
return false;
|
|
6053
|
+
}
|
|
6054
|
+
/**
|
|
6055
|
+
* Thrown by checkPermissionBudget when a skill's declared permissions exceed the project budget.
|
|
6056
|
+
*
|
|
6057
|
+
* internals-helpers cannot import from @tankpkg/sdk (would invert dep graph).
|
|
6058
|
+
* sdk shim catches this and re-throws as TankPermissionError to preserve
|
|
6059
|
+
* the public sdk error API. See D7 / INTENT C25b.
|
|
6060
|
+
*/
|
|
6061
|
+
var PermissionBudgetError = class extends Error {
|
|
6062
|
+
constructor(message) {
|
|
6063
|
+
super(message);
|
|
6064
|
+
this.name = "PermissionBudgetError";
|
|
6065
|
+
}
|
|
6066
|
+
};
|
|
6067
|
+
function checkPermissionBudget$1(budget, skillPerms, skillName) {
|
|
6068
|
+
if (!skillPerms) return;
|
|
6069
|
+
if (skillPerms.subprocess === true && budget.subprocess !== true) throw new PermissionBudgetError(`${skillName} requires subprocess access, but project budget does not allow it`);
|
|
6070
|
+
if (skillPerms.network?.outbound && skillPerms.network.outbound.length > 0) {
|
|
6071
|
+
const budgetDomains = budget.network?.outbound ?? [];
|
|
6072
|
+
for (const domain of skillPerms.network.outbound) if (!isDomainAllowed(domain, budgetDomains)) throw new PermissionBudgetError(`${skillName} requests network access to "${domain}", which is not in the project's permission budget`);
|
|
6073
|
+
}
|
|
6074
|
+
if (skillPerms.filesystem?.read && skillPerms.filesystem.read.length > 0) {
|
|
6075
|
+
const budgetPaths = budget.filesystem?.read ?? [];
|
|
6076
|
+
for (const p of skillPerms.filesystem.read) if (!isPathAllowed(p, budgetPaths)) throw new PermissionBudgetError(`${skillName} requests filesystem read access to "${p}", which is not in the project's permission budget`);
|
|
6077
|
+
}
|
|
6078
|
+
if (skillPerms.filesystem?.write && skillPerms.filesystem.write.length > 0) {
|
|
6079
|
+
const budgetPaths = budget.filesystem?.write ?? [];
|
|
6080
|
+
for (const p of skillPerms.filesystem.write) if (!isPathAllowed(p, budgetPaths)) throw new PermissionBudgetError(`${skillName} requests filesystem write access to "${p}", which is not in the project's permission budget`);
|
|
6081
|
+
}
|
|
6082
|
+
}
|
|
6083
|
+
function collectPermissionViolations$1(budget, skillPerms, skillName) {
|
|
6084
|
+
const violations = [];
|
|
6085
|
+
if (!skillPerms) return violations;
|
|
6086
|
+
if (skillPerms.subprocess === true && budget.subprocess !== true) violations.push({
|
|
6087
|
+
skillName,
|
|
6088
|
+
type: "subprocess",
|
|
6089
|
+
requested: "true"
|
|
6090
|
+
});
|
|
6091
|
+
if (skillPerms.network?.outbound) {
|
|
6092
|
+
const budgetDomains = budget.network?.outbound ?? [];
|
|
6093
|
+
for (const domain of skillPerms.network.outbound) if (!isDomainAllowed(domain, budgetDomains)) violations.push({
|
|
6094
|
+
skillName,
|
|
6095
|
+
type: "network.outbound",
|
|
6096
|
+
requested: domain
|
|
6097
|
+
});
|
|
6098
|
+
}
|
|
6099
|
+
if (skillPerms.filesystem?.read) {
|
|
6100
|
+
const budgetPaths = budget.filesystem?.read ?? [];
|
|
6101
|
+
for (const p of skillPerms.filesystem.read) if (!isPathAllowed(p, budgetPaths)) violations.push({
|
|
6102
|
+
skillName,
|
|
6103
|
+
type: "filesystem.read",
|
|
6104
|
+
requested: p
|
|
6105
|
+
});
|
|
6106
|
+
}
|
|
6107
|
+
if (skillPerms.filesystem?.write) {
|
|
6108
|
+
const budgetPaths = budget.filesystem?.write ?? [];
|
|
6109
|
+
for (const p of skillPerms.filesystem.write) if (!isPathAllowed(p, budgetPaths)) violations.push({
|
|
6110
|
+
skillName,
|
|
6111
|
+
type: "filesystem.write",
|
|
6112
|
+
requested: p
|
|
6113
|
+
});
|
|
6114
|
+
}
|
|
6115
|
+
return violations;
|
|
6116
|
+
}
|
|
6117
|
+
//#endregion
|
|
6118
|
+
//#region src/install/permissions.ts
|
|
6119
|
+
function checkPermissionBudget(budget, skillPerms, skillName) {
|
|
6120
|
+
try {
|
|
6121
|
+
checkPermissionBudget$1(budget, skillPerms, skillName);
|
|
6122
|
+
} catch (e) {
|
|
6123
|
+
if (e instanceof PermissionBudgetError) throw new TankPermissionError(e.message);
|
|
6124
|
+
throw e;
|
|
6125
|
+
}
|
|
6126
|
+
}
|
|
6127
|
+
function collectPermissionViolations(budget, skillPerms, skillName) {
|
|
6128
|
+
return collectPermissionViolations$1(budget, skillPerms, skillName);
|
|
6129
|
+
}
|
|
6079
6130
|
//#endregion
|
|
6080
6131
|
//#region src/install/resolver.ts
|
|
6081
6132
|
function buildSkillKey(name, version) {
|
|
@@ -1,11 +1,6 @@
|
|
|
1
|
+
import { isDomainAllowed, isPathAllowed, type PermissionViolation } from '@internals/helpers';
|
|
1
2
|
import type { Permissions } from '@internals/schemas';
|
|
2
|
-
export
|
|
3
|
-
skillName: string;
|
|
4
|
-
type: 'network.outbound' | 'filesystem.read' | 'filesystem.write' | 'subprocess';
|
|
5
|
-
requested: string;
|
|
6
|
-
}
|
|
3
|
+
export { isDomainAllowed, isPathAllowed, type PermissionViolation };
|
|
7
4
|
export declare function checkPermissionBudget(budget: Permissions, skillPerms: Permissions | undefined, skillName: string): void;
|
|
8
|
-
export declare function isDomainAllowed(domain: string, allowedDomains: string[]): boolean;
|
|
9
|
-
export declare function isPathAllowed(requestedPath: string, allowedPaths: string[]): boolean;
|
|
10
5
|
export declare function collectPermissionViolations(budget: Permissions, skillPerms: Permissions | undefined, skillName: string): PermissionViolation[];
|
|
11
6
|
//# sourceMappingURL=permissions.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../src/install/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"permissions.d.ts","sourceRoot":"","sources":["../../src/install/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,eAAe,EACf,aAAa,EAGb,KAAK,mBAAmB,EACzB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtD,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,KAAK,mBAAmB,EAAE,CAAC;AAIpE,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,WAAW,EACnB,UAAU,EAAE,WAAW,GAAG,SAAS,EACnC,SAAS,EAAE,MAAM,GAChB,IAAI,CASN;AAED,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,WAAW,EACnB,UAAU,EAAE,WAAW,GAAG,SAAS,EACnC,SAAS,EAAE,MAAM,GAChB,mBAAmB,EAAE,CAEvB"}
|
package/package.json
CHANGED