@terminals-tech/agent-zero 1.0.0 → 2.0.0

package/dist/security/isolation.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Agent Isolation Boundaries
+ *
+ * Enforces security boundaries between parent and child agents.
+ * Controls what capabilities a child agent inherits from its parent,
+ * limits spawn depth to prevent unbounded agent trees, and optionally
+ * isolates semantic memory between agents.
+ *
+ * Security Model:
+ * - Each parent-child relationship has an explicit IsolationBoundary
+ * - sharedScopes defines the maximum capabilities a child can access
+ * - maxSpawnDepth prevents exponential agent proliferation
+ * - memoryIsolated prevents children from reading parent memories
+ */
+import type { CapabilityScope } from './sandbox.js';
+export interface IsolationBoundary {
+    /** Parent agent ID */
+    parentId: string;
+    /** Child agent ID */
+    childId: string;
+    /** Scopes the child can access from parent */
+    sharedScopes: CapabilityScope[];
+    /** Maximum spawn depth for this child and its descendants */
+    maxSpawnDepth: number;
+    /** Whether the child is memory-isolated from the parent */
+    memoryIsolated: boolean;
+}
+export declare class AgentIsolationManager {
+    /** Boundaries keyed by childId for O(1) lookup */
+    private boundaries;
+    /**
+     * Create an isolation boundary between a parent and child agent.
+     *
+     * Config fields override defaults:
+     * - sharedScopes defaults to ['read', 'write', 'execute', 'memory', 'broadcast']
+     * - maxSpawnDepth defaults to 3
+     * - memoryIsolated defaults to true
+     */
+    createBoundary(parentId: string, childId: string, config?: Partial<IsolationBoundary>): IsolationBoundary;
+    /**
+     * Check if a child agent has access to a given scope and resource.
+     *
+     * Returns false if:
+     * - No boundary exists for the child
+     * - The requested scope is not in the child's sharedScopes
+     * - The scope is 'memory' and the child is memory-isolated
+     */
+    checkAccess(childId: string, scope: CapabilityScope, resource: string): boolean;
+    /**
+     * Get the spawn depth of an agent by walking the parent chain.
+     * Root agents (no boundary) have depth 0.
+     */
+    getSpawnDepth(agentId: string): number;
+    /**
+     * Check if an agent can spawn children.
+     *
+     * An agent can spawn if its current depth is less than its maxSpawnDepth.
+     * If maxDepth is provided, it overrides the boundary's maxSpawnDepth.
+     * Root agents (no boundary) can always spawn.
+     */
+    canSpawn(agentId: string, maxDepth?: number): boolean;
+    /**
+     * Remove the boundary for a child agent.
+     */
+    removeBoundary(childId: string): void;
+    /**
+     * Get the boundary for a child agent, if it exists.
+     */
+    getBoundary(childId: string): IsolationBoundary | undefined;
+    /**
+     * Get the maximum spawn depth for an agent from its boundary.
+     * Returns DEFAULT_MAX_SPAWN_DEPTH if no boundary exists.
+     */
+    getMaxSpawnDepth(agentId: string): number;
+}
+//# sourceMappingURL=isolation.d.ts.map

package/dist/security/isolation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"isolation.d.ts","sourceRoot":"","sources":["../../src/security/isolation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAMpD,MAAM,WAAW,iBAAiB;IAChC,sBAAsB;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,8CAA8C;IAC9C,YAAY,EAAE,eAAe,EAAE,CAAC;IAChC,6DAA6D;IAC7D,aAAa,EAAE,MAAM,CAAC;IACtB,2DAA2D;IAC3D,cAAc,EAAE,OAAO,CAAC;CACzB;AAcD,qBAAa,qBAAqB;IAChC,kDAAkD;IAClD,OAAO,CAAC,UAAU,CAA6C;IAE/D;;;;;;;OAOG;IACH,cAAc,CACZ,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,MAAM,GAAE,OAAO,CAAC,iBAAiB,CAAM,GACtC,iBAAiB;IAapB;;;;;;;OAOG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO;IAa/E;;;OAGG;IACH,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;IActC;;;;;;OAMG;IACH,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO;IAYrD;;OAEG;IACH,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAIrC;;OAEG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,GAAG,SAAS;IAI3D;;;OAGG;IACH,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;CAI1C"}

package/dist/security/isolation.js

@@ -0,0 +1,118 @@
+/**
+ * Agent Isolation Boundaries
+ *
+ * Enforces security boundaries between parent and child agents.
+ * Controls what capabilities a child agent inherits from its parent,
+ * limits spawn depth to prevent unbounded agent trees, and optionally
+ * isolates semantic memory between agents.
+ *
+ * Security Model:
+ * - Each parent-child relationship has an explicit IsolationBoundary
+ * - sharedScopes defines the maximum capabilities a child can access
+ * - maxSpawnDepth prevents exponential agent proliferation
+ * - memoryIsolated prevents children from reading parent memories
+ */
+// ============================================================================
+// ISOLATION MANAGER
+// ============================================================================
+/** Default maximum spawn depth if not specified */
+const DEFAULT_MAX_SPAWN_DEPTH = 3;
+/** Default shared scopes for child agents */
+const DEFAULT_SHARED_SCOPES = [
+    'read', 'write', 'execute', 'memory', 'broadcast',
+];
+export class AgentIsolationManager {
+    /** Boundaries keyed by childId for O(1) lookup */
+    boundaries = new Map();
+    /**
+     * Create an isolation boundary between a parent and child agent.
+     *
+     * Config fields override defaults:
+     * - sharedScopes defaults to ['read', 'write', 'execute', 'memory', 'broadcast']
+     * - maxSpawnDepth defaults to 3
+     * - memoryIsolated defaults to true
+     */
+    createBoundary(parentId, childId, config = {}) {
+        const boundary = {
+            parentId,
+            childId,
+            sharedScopes: config.sharedScopes ?? [...DEFAULT_SHARED_SCOPES],
+            maxSpawnDepth: config.maxSpawnDepth ?? DEFAULT_MAX_SPAWN_DEPTH,
+            memoryIsolated: config.memoryIsolated ?? true,
+        };
+        this.boundaries.set(childId, boundary);
+        return boundary;
+    }
+    /**
+     * Check if a child agent has access to a given scope and resource.
+     *
+     * Returns false if:
+     * - No boundary exists for the child
+     * - The requested scope is not in the child's sharedScopes
+     * - The scope is 'memory' and the child is memory-isolated
+     */
+    checkAccess(childId, scope, resource) {
+        const boundary = this.boundaries.get(childId);
+        if (!boundary)
+            return false;
+        // Memory isolation check
+        if (scope === 'memory' && boundary.memoryIsolated) {
+            return false;
+        }
+        // Scope check
+        return boundary.sharedScopes.includes(scope);
+    }
+    /**
+     * Get the spawn depth of an agent by walking the parent chain.
+     * Root agents (no boundary) have depth 0.
+     */
+    getSpawnDepth(agentId) {
+        let depth = 0;
+        let currentId = agentId;
+        while (currentId) {
+            const boundary = this.boundaries.get(currentId);
+            if (!boundary)
+                break;
+            depth++;
+            currentId = boundary.parentId;
+        }
+        return depth;
+    }
+    /**
+     * Check if an agent can spawn children.
+     *
+     * An agent can spawn if its current depth is less than its maxSpawnDepth.
+     * If maxDepth is provided, it overrides the boundary's maxSpawnDepth.
+     * Root agents (no boundary) can always spawn.
+     */
+    canSpawn(agentId, maxDepth) {
+        const boundary = this.boundaries.get(agentId);
+        // Root agents can always spawn (they have no boundary constraining them)
+        if (!boundary)
+            return true;
+        const effectiveMaxDepth = maxDepth ?? boundary.maxSpawnDepth;
+        const currentDepth = this.getSpawnDepth(agentId);
+        return currentDepth < effectiveMaxDepth;
+    }
+    /**
+     * Remove the boundary for a child agent.
+     */
+    removeBoundary(childId) {
+        this.boundaries.delete(childId);
+    }
+    /**
+     * Get the boundary for a child agent, if it exists.
+     */
+    getBoundary(childId) {
+        return this.boundaries.get(childId);
+    }
+    /**
+     * Get the maximum spawn depth for an agent from its boundary.
+     * Returns DEFAULT_MAX_SPAWN_DEPTH if no boundary exists.
+     */
+    getMaxSpawnDepth(agentId) {
+        const boundary = this.boundaries.get(agentId);
+        return boundary?.maxSpawnDepth ?? DEFAULT_MAX_SPAWN_DEPTH;
+    }
+}
+//# sourceMappingURL=isolation.js.map

package/dist/security/isolation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isolation.js","sourceRoot":"","sources":["../../src/security/isolation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAqBH,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,mDAAmD;AACnD,MAAM,uBAAuB,GAAG,CAAC,CAAC;AAElC,6CAA6C;AAC7C,MAAM,qBAAqB,GAAsB;IAC/C,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW;CAClD,CAAC;AAEF,MAAM,OAAO,qBAAqB;IAChC,kDAAkD;IAC1C,UAAU,GAAmC,IAAI,GAAG,EAAE,CAAC;IAE/D;;;;;;;OAOG;IACH,cAAc,CACZ,QAAgB,EAChB,OAAe,EACf,SAAqC,EAAE;QAEvC,MAAM,QAAQ,GAAsB;YAClC,QAAQ;YACR,OAAO;YACP,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,CAAC,GAAG,qBAAqB,CAAC;YAC/D,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,uBAAuB;YAC9D,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,IAAI;SAC9C,CAAC;QAEF,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACvC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;;;;;OAOG;IACH,WAAW,CAAC,OAAe,EAAE,KAAsB,EAAE,QAAgB;QACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9C,IAAI,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAC;QAE5B,yBAAyB;QACzB,IAAI,KAAK,KAAK,QAAQ,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;YAClD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,cAAc;QACd,OAAO,QAAQ,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,OAAe;QAC3B,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,IAAI,SAAS,GAAuB,OAAO,CAAC;QAE5C,OAAO,SAAS,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAChD,IAAI,CAAC,QAAQ;gBAAE,MAAM;YACrB,KAAK,EAAE,CAAC;YACR,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC;QAChC,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;OAMG;IACH,QAAQ,CAAC,OAAe,EAAE,QAAiB;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAE9C,yEAAyE;QACzE,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAE3B,MAAM,iBAAiB,GAAG,QAAQ,IAAI,QAAQ,CAAC,aAAa,CAAC;QAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAEjD,OAAO,YAAY,GAAG,iBAAiB,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,OAAe;QAC5B,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,OAAe;QACzB,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,gBAAgB,CAAC,OAAe;QAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9C,OAAO,QAAQ,EAAE,aAAa,IAAI,uBAAuB,CAAC;IAC5D,CAAC;CACF"}

package/dist/security/sandbox.d.ts

@@ -132,10 +132,26 @@ export declare function generateCapabilityToken(): string;
  * Hash a capability token for storage
  */
 export declare function hashCapabilityToken(token: string): string;
+export interface AuditEntry {
+    /** Timestamp of the check */
+    timestamp: number;
+    /** Truncated capability token */
+    token: string;
+    /** Scope that was checked */
+    scope: CapabilityScope;
+    /** Resource that was checked */
+    resource: string;
+    /** Result of the check */
+    result: 'allowed' | 'denied';
+    /** Reason for denial (if denied) */
+    reason?: string;
+}
 export declare class IsomorphicSandbox {
     private capabilities;
     private violations;
     private rootCapability;
+    private auditLog;
+    private auditEnabled;
     constructor();
     /**
      * Create the root capability (admin only)
@@ -145,6 +161,22 @@ export declare class IsomorphicSandbox {
      * Get the root capability token (for initial setup only)
      */
     getRootToken(): string;
+    /**
+     * Enable audit logging of all capability checks.
+     */
+    enableAudit(): void;
+    /**
+     * Disable audit logging (default state). Stops recording new entries.
+     */
+    disableAudit(): void;
+    /**
+     * Get audit log entries. Optionally limit to the most recent N entries.
+     */
+    getAuditLog(limit?: number): AuditEntry[];
+    /**
+     * Clear the audit log.
+     */
+    clearAuditLog(): void;
     /**
      * Attenuate a capability to create a more restricted child
      */
@@ -159,12 +191,17 @@ export declare class IsomorphicSandbox {
      */
     isValid(token: string): boolean;
     /**
-     * Check if a capability grants a specific scope for a resource
+     * Check if a capability grants a specific scope for a resource.
+     * Records an audit entry when auditing is enabled.
      */
     check(token: string, scope: CapabilityScope, resource: string): {
         allowed: boolean;
         violation?: BoundaryViolation;
     };
+    /**
+     * Record an audit entry if auditing is enabled.
+     */
+    private recordAudit;
     /**
      * Check content for injection attempts
      */

package/dist/security/sandbox.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../src/security/sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAOxB,eAAO,MAAM,eAAe,6FAS1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,eAAO,MAAM,eAAe;IAC1B,gDAAgD;;IAEhD,+CAA+C;;;;;;;;EAE/C,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,eAAO,MAAM,UAAU;IACrB,8BAA8B;;IAE9B,wCAAwC;;IAExC,mDAAmD;;QAZnD,gDAAgD;;QAEhD,+CAA+C;;;;;;;;;IAY/C,sDAAsD;;IAEtD,kDAAkD;;IAElD,+CAA+C;;IAE/C,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAM5B,CAAC;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAMpD,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;EAa5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AA2BlE;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAOxD;AAED;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,CAGhD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEzD;AAMD,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,YAAY,CAAsC;IAC1D,OAAO,CAAC,UAAU,CAA2B;IAC7C,OAAO,CAAC,cAAc,CAAa;;IAQnC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAgB5B;;OAEG;IACH,YAAY,IAAI,MAAM;IAItB;;OAEG;IACH,SAAS,CACP,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE;QACP,MAAM,EAAE,eAAe,EAAE,CAAC;QAC1B,SAAS,EAAE,eAAe,EAAE,CAAC;QAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC;KAChB,GACA,UAAU,GAAG,IAAI;IA8BpB;;OAEG;IACH,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAc/B;;OAEG;IACH,KAAK,CACH,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,eAAe,EACtB,QAAQ,EAAE,MAAM,GACf;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,iBAAiB,CAAA;KAAE;IAsGtD;;OAEG;IACH,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,iBAAiB,CAAA;KAAE;IAajF;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAc3B;;OAEG;IACH,aAAa,IAAI,iBAAiB,EAAE;IAIpC;;OAEG;IACH,eAAe,IAAI,IAAI;IAIvB;;OAEG;IACH,OAAO,CAAC,YAAY;CAWrB"}
+{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../src/security/sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAOxB,eAAO,MAAM,eAAe,6FAS1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,eAAO,MAAM,eAAe;IAC1B,gDAAgD;;IAEhD,+CAA+C;;;;;;;;EAE/C,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,eAAO,MAAM,UAAU;IACrB,8BAA8B;;IAE9B,wCAAwC;;IAExC,mDAAmD;;QAZnD,gDAAgD;;QAEhD,+CAA+C;;;;;;;;;IAY/C,sDAAsD;;IAEtD,kDAAkD;;IAElD,+CAA+C;;IAE/C,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAM5B,CAAC;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAMpD,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;EAa5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AA2BlE;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAOxD;AAED;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,CAGhD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEzD;AAMD,MAAM,WAAW,UAAU;IACzB,6BAA6B;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,6BAA6B;IAC7B,KAAK,EAAE,eAAe,CAAC;IACvB,gCAAgC;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,0BAA0B;IAC1B,MAAM,EAAE,SAAS,GAAG,QAAQ,CAAC;IAC7B,oCAAoC;IACpC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAMD,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,YAAY,CAAsC;IAC1D,OAAO,CAAC,UAAU,CAA2B;IAC7C,OAAO,CAAC,cAAc,CAAa;IACnC,OAAO,CAAC,QAAQ,CAAoB;IACpC,OAAO,CAAC,YAAY,CAAkB;;IAQtC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAgB5B;;OAEG;IACH,YAAY,IAAI,MAAM;IAQtB;;OAEG;IACH,WAAW,IAAI,IAAI;IAInB;;OAEG;IACH,YAAY,IAAI,IAAI;IAIpB;;OAEG;IACH,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE;IAOzC;;OAEG;IACH,aAAa,IAAI,IAAI;IAIrB;;OAEG;IACH,SAAS,CACP,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE;QACP,MAAM,EAAE,eAAe,EAAE,CAAC;QAC1B,SAAS,EAAE,eAAe,EAAE,CAAC;QAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC;KAChB,GACA,UAAU,GAAG,IAAI;IA8BpB;;OAEG;IACH,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAc/B;;;OAGG;IACH,KAAK,CACH,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,eAAe,EACtB,QAAQ,EAAE,MAAM,GACf;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,iBAAiB,CAAA;KAAE;IA+GtD;;OAEG;IACH,OAAO,CAAC,WAAW;IAwBnB;;OAEG;IACH,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,iBAAiB,CAAA;KAAE;IAajF;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAc3B;;OAEG;IACH,aAAa,IAAI,iBAAiB,EAAE;IAIpC;;OAEG;IACH,eAAe,IAAI,IAAI;IAIvB;;OAEG;IACH,OAAO,CAAC,YAAY;CAWrB"}

package/dist/security/sandbox.js

@@ -127,6 +127,8 @@ export class IsomorphicSandbox {
     capabilities = new Map();
     violations = [];
     rootCapability;
+    auditLog = [];
+    auditEnabled = false;
     constructor() {
         // Create root capability with all permissions
         this.rootCapability = this.createRootCapability();
@@ -156,6 +158,36 @@ export class IsomorphicSandbox {
     getRootToken() {
         return this.rootCapability.token;
     }
+    // ==========================================================================
+    // AUDIT CONTROL
+    // ==========================================================================
+    /**
+     * Enable audit logging of all capability checks.
+     */
+    enableAudit() {
+        this.auditEnabled = true;
+    }
+    /**
+     * Disable audit logging (default state). Stops recording new entries.
+     */
+    disableAudit() {
+        this.auditEnabled = false;
+    }
+    /**
+     * Get audit log entries. Optionally limit to the most recent N entries.
+     */
+    getAuditLog(limit) {
+        if (limit !== undefined && limit > 0) {
+            return this.auditLog.slice(-limit);
+        }
+        return [...this.auditLog];
+    }
+    /**
+     * Clear the audit log.
+     */
+    clearAuditLog() {
+        this.auditLog = [];
+    }
     /**
      * Attenuate a capability to create a more restricted child
      */
@@ -205,20 +237,23 @@ export class IsomorphicSandbox {
         return true;
     }
     /**
-     * Check if a capability grants a specific scope for a resource
+     * Check if a capability grants a specific scope for a resource.
+     * Records an audit entry when auditing is enabled.
      */
     check(token, scope, resource) {
         const cap = this.capabilities.get(token);
+        const truncatedToken = token.slice(0, 8) + '...';
         // Capability not found
         if (!cap) {
             const violation = {
                 type: 'capability_revoked',
                 message: 'Capability not found',
-                capability: token.slice(0, 8) + '...',
+                capability: truncatedToken,
                 resource,
                 timestamp: Date.now(),
             };
             this.violations.push(violation);
+            this.recordAudit(truncatedToken, scope, resource, 'denied', 'Capability not found');
             return { allowed: false, violation };
         }
         // Capability revoked
@@ -226,11 +261,12 @@ export class IsomorphicSandbox {
             const violation = {
                 type: 'capability_revoked',
                 message: 'Capability has been revoked',
-                capability: token.slice(0, 8) + '...',
+                capability: truncatedToken,
                 resource,
                 timestamp: Date.now(),
             };
             this.violations.push(violation);
+            this.recordAudit(truncatedToken, scope, resource, 'denied', 'Capability has been revoked');
             return { allowed: false, violation };
         }
         // Capability expired
@@ -238,11 +274,12 @@ export class IsomorphicSandbox {
             const violation = {
                 type: 'capability_expired',
                 message: 'Capability has expired',
-                capability: token.slice(0, 8) + '...',
+                capability: truncatedToken,
                 resource,
                 timestamp: Date.now(),
             };
             this.violations.push(violation);
+            this.recordAudit(truncatedToken, scope, resource, 'denied', 'Capability has expired');
             return { allowed: false, violation };
         }
         // Scope not granted
@@ -250,11 +287,12 @@ export class IsomorphicSandbox {
             const violation = {
                 type: 'scope_denied',
                 message: `Scope '${scope}' not granted by capability`,
-                capability: token.slice(0, 8) + '...',
+                capability: truncatedToken,
                 resource,
                 timestamp: Date.now(),
             };
             this.violations.push(violation);
+            this.recordAudit(truncatedToken, scope, resource, 'denied', `Scope '${scope}' not granted`);
             return { allowed: false, violation };
         }
         // Check resource patterns
@@ -265,11 +303,12 @@ export class IsomorphicSandbox {
                     const violation = {
                         type: 'resource_denied',
                         message: `Resource '${resource}' denied by pattern '${pattern.pattern}'`,
-                        capability: token.slice(0, 8) + '...',
+                        capability: truncatedToken,
                         resource,
                         timestamp: Date.now(),
                     };
                     this.violations.push(violation);
+                    this.recordAudit(truncatedToken, scope, resource, 'denied', `Denied by pattern '${pattern.pattern}'`);
                     return { allowed: false, violation };
                 }
                 allowed = true;
@@ -279,11 +318,12 @@ export class IsomorphicSandbox {
             const violation = {
                 type: 'resource_denied',
                 message: `Resource '${resource}' not matched by any allow pattern`,
-                capability: token.slice(0, 8) + '...',
+                capability: truncatedToken,
                 resource,
                 timestamp: Date.now(),
             };
             this.violations.push(violation);
+            this.recordAudit(truncatedToken, scope, resource, 'denied', 'No matching allow pattern');
             return { allowed: false, violation };
         }
         // Check ancestor chain
@@ -291,15 +331,35 @@ export class IsomorphicSandbox {
             const violation = {
                 type: 'capability_revoked',
                 message: 'Parent capability is no longer valid',
-                capability: token.slice(0, 8) + '...',
+                capability: truncatedToken,
                 resource,
                 timestamp: Date.now(),
             };
             this.violations.push(violation);
+            this.recordAudit(truncatedToken, scope, resource, 'denied', 'Parent capability invalid');
             return { allowed: false, violation };
         }
+        this.recordAudit(truncatedToken, scope, resource, 'allowed');
         return { allowed: true };
     }
+    /**
+     * Record an audit entry if auditing is enabled.
+     */
+    recordAudit(token, scope, resource, result, reason) {
+        if (!this.auditEnabled)
+            return;
+        const entry = {
+            timestamp: Date.now(),
+            token,
+            scope,
+            resource,
+            result,
+        };
+        if (reason !== undefined) {
+            entry.reason = reason;
+        }
+        this.auditLog.push(entry);
+    }
     /**
      * Check content for injection attempts
      */

package/dist/security/sandbox.js.map

@@ -1 +1 @@
-{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../src/security/sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAEjD,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,IAAI,CAAC;IACpC,MAAM,EAAS,mBAAmB;IAClC,OAAO,EAAQ,eAAe;IAC9B,SAAS,EAAM,mBAAmB;IAClC,SAAS,EAAM,iBAAiB;IAChC,QAAQ,EAAO,yBAAyB;IACxC,OAAO,EAAQ,qBAAqB;IACpC,WAAW,EAAI,mBAAmB;IAClC,OAAO,EAAQ,yBAAyB;CACzC,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,gDAAgD;IAChD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,+CAA+C;IAC/C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CAChC,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,8BAA8B;IAC9B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,wCAAwC;IACxC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC;IAChC,mDAAmD;IACnD,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC;IACnC,sDAAsD;IACtD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,kDAAkD;IAClD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,+CAA+C;IAC/C,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE;IACpB,4BAA4B;IAC5B,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;QACjB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;KACnB,CAAC;CACH,CAAC,CAAC;AAGH,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;QACX,cAAc;QACd,iBAAiB;QACjB,oBAAoB;QACpB,oBAAoB;QACpB,oBAAoB;QACpB,kBAAkB;KACnB,CAAC;IACF,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC;AAGH,yCAAyC;AACzC,MAAM,kBAAkB,GAAG;IACzB,4BAA4B;IAC5B,+BAA+B;IAC/B,iEAAiE;IACjE,cAAc;IACd,kBAAkB;IAClB,YAAY;IACZ,yBAAyB;IACzB,iBAAiB;IACjB,iBAAiB;IACjB,YAAY;IACZ,iBAAiB;IACjB,WAAW;IACX,qBAAqB;IACrB,uBAAuB;IACvB,wBAAwB;IACxB,WAAW;IACX,kBAAkB;IAClB,iBAAiB;IACjB,QAAQ;IACR,YAAY;IACZ,kBAAkB;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC1D,CAAC;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,MAAM,OAAO,iBAAiB;IACpB,YAAY,GAA4B,IAAI,GAAG,EAAE,CAAC;IAClD,UAAU,GAAwB,EAAE,CAAC;IACrC,cAAc,CAAa;IAEnC;QACE,8CAA8C;QAC9C,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAClD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACK,oBAAoB;QAC1B,OAAO;YACL,KAAK,EAAE,uBAAuB,EAAE;YAChC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAsB;YAChE,SAAS,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;YAC7C,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,iBAAiB;aAC1B;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,SAAS,CACP,WAAmB,EACnB,OAKC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,iCAAiC;QACjC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QAE5C,oDAAoD;QACpD,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1E,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAE1C,+BAA+B;QAC/B,MAAM,KAAK,GAAe;YACxB,KAAK,EAAE,uBAAuB,EAAE;YAChC,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI;YACpC,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBAC1C,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB;SACF,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC1C,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,KAAa;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,CAAC,GAAG;YAAE,OAAO,KAAK,CAAC;QACvB,IAAI,GAAG,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAC9B,IAAI,GAAG,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC;QAE9D,uBAAuB;QACvB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CACH,KAAa,EACb,KAAsB,EACtB,QAAgB;QAEhB,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEzC,uBAAuB;QACvB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,sBAAsB;gBAC/B,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBACrC,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,qBAAqB;QACrB,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,6BAA6B;gBACtC,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBACrC,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,qBAAqB;QACrB,IAAI,GAAG,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;YAChD,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,wBAAwB;gBACjC,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBACrC,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,oBAAoB;QACpB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAChC,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,UAAU,KAAK,6BAA6B;gBACrD,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBACrC,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,0BAA0B;QAC1B,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,KAAK,MAAM,OAAO,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;gBACjD,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;oBAC5B,MAAM,SAAS,GAAsB;wBACnC,IAAI,EAAE,iBAAiB;wBACvB,OAAO,EAAE,aAAa,QAAQ,wBAAwB,OAAO,CAAC,OAAO,GAAG;wBACxE,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;wBACrC,QAAQ;wBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;qBACtB,CAAC;oBACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;gBACvC,CAAC;gBACD,OAAO,GAAG,IAAI,CAAC;YACjB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,aAAa,QAAQ,oCAAoC;gBAClE,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBACrC,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,uBAAuB;QACvB,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5C,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,sCAAsC;gBAC/C,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBACrC,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,OAAe;QAC5B,IAAI,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,gDAAgD;gBACzD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAa;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,GAAG,EAAE,CAAC;YACR,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;YAEnB,yBAAyB;YACzB,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpD,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;oBAC3B,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,OAAe,EAAE,QAAgB;QACpD,wBAAwB;QACxB,MAAM,YAAY,GAAG,OAAO;aACzB,OAAO,CAAC,OAAO,EAAE,gBAAgB,CAAC;aAClC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC;aACvB,OAAO,CAAC,iBAAiB,EAAE,IAAI,CAAC;aAChC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAEvB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,YAAY,GAAG,CAAC,CAAC;QAC9C,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;CACF"}
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../src/security/sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAEjD,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,IAAI,CAAC;IACpC,MAAM,EAAS,mBAAmB;IAClC,OAAO,EAAQ,eAAe;IAC9B,SAAS,EAAM,mBAAmB;IAClC,SAAS,EAAM,iBAAiB;IAChC,QAAQ,EAAO,yBAAyB;IACxC,OAAO,EAAQ,qBAAqB;IACpC,WAAW,EAAI,mBAAmB;IAClC,OAAO,EAAQ,yBAAyB;CACzC,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,gDAAgD;IAChD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,+CAA+C;IAC/C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CAChC,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,8BAA8B;IAC9B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,wCAAwC;IACxC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC;IAChC,mDAAmD;IACnD,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC;IACnC,sDAAsD;IACtD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,kDAAkD;IAClD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,+CAA+C;IAC/C,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE;IACpB,4BAA4B;IAC5B,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;QACjB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;KACnB,CAAC;CACH,CAAC,CAAC;AAGH,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;QACX,cAAc;QACd,iBAAiB;QACjB,oBAAoB;QACpB,oBAAoB;QACpB,oBAAoB;QACpB,kBAAkB;KACnB,CAAC;IACF,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC;AAGH,yCAAyC;AACzC,MAAM,kBAAkB,GAAG;IACzB,4BAA4B;IAC5B,+BAA+B;IAC/B,iEAAiE;IACjE,cAAc;IACd,kBAAkB;IAClB,YAAY;IACZ,yBAAyB;IACzB,iBAAiB;IACjB,iBAAiB;IACjB,YAAY;IACZ,iBAAiB;IACjB,WAAW;IACX,qBAAqB;IACrB,uBAAuB;IACvB,wBAAwB;IACxB,WAAW;IACX,kBAAkB;IAClB,iBAAiB;IACjB,QAAQ;IACR,YAAY;IACZ,kBAAkB;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC1D,CAAC;AAqBD,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,MAAM,OAAO,iBAAiB;IACpB,YAAY,GAA4B,IAAI,GAAG,EAAE,CAAC;IAClD,UAAU,GAAwB,EAAE,CAAC;IACrC,cAAc,CAAa;IAC3B,QAAQ,GAAiB,EAAE,CAAC;IAC5B,YAAY,GAAY,KAAK,CAAC;IAEtC;QACE,8CAA8C;QAC9C,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAClD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACK,oBAAoB;QAC1B,OAAO;YACL,KAAK,EAAE,uBAAuB,EAAE;YAChC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAsB;YAChE,SAAS,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;YAC7C,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,iBAAiB;aAC1B;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC;IACnC,CAAC;IAED,6EAA6E;IAC7E,gBAAgB;IAChB,6EAA6E;IAE7E;;OAEG;IACH,WAAW;QACT,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,YAAY;QACV,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,KAAc;QACxB,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,aAAa;QACX,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;IACrB,CAAC;IAED;;OAEG;IACH,SAAS,CACP,WAAmB,EACnB,OAKC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,iCAAiC;QACjC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QAE5C,oDAAoD;QACpD,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1E,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAE1C,+BAA+B;QAC/B,MAAM,KAAK,GAAe;YACxB,KAAK,EAAE,uBAAuB,EAAE;YAChC,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI;YACpC,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBAC1C,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB;SACF,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC1C,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,KAAa;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,CAAC,GAAG;YAAE,OAAO,KAAK,CAAC;QACvB,IAAI,GAAG,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAC9B,IAAI,GAAG,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC;QAE9D,uBAAuB;QACvB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,KAAK,CACH,KAAa,EACb,KAAsB,EACtB,QAAgB;QAEhB,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzC,MAAM,cAAc,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;QAEjD,uBAAuB;QACvB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,sBAAsB;gBAC/B,UAAU,EAAE,cAAc;gBAC1B,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,sBAAsB,CAAC,CAAC;YACpF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,qBAAqB;QACrB,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,6BAA6B;gBACtC,UAAU,EAAE,cAAc;gBAC1B,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,6BAA6B,CAAC,CAAC;YAC3F,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,qBAAqB;QACrB,IAAI,GAAG,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;YAChD,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,wBAAwB;gBACjC,UAAU,EAAE,cAAc;gBAC1B,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,wBAAwB,CAAC,CAAC;YACtF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,oBAAoB;QACpB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAChC,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,UAAU,KAAK,6BAA6B;gBACrD,UAAU,EAAE,cAAc;gBAC1B,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,KAAK,eAAe,CAAC,CAAC;YAC5F,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,0BAA0B;QAC1B,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,KAAK,MAAM,OAAO,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;gBACjD,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;oBAC5B,MAAM,SAAS,GAAsB;wBACnC,IAAI,EAAE,iBAAiB;wBACvB,OAAO,EAAE,aAAa,QAAQ,wBAAwB,OAAO,CAAC,OAAO,GAAG;wBACxE,UAAU,EAAE,cAAc;wBAC1B,QAAQ;wBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;qBACtB,CAAC;oBACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBAChC,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,sBAAsB,OAAO,CAAC,OAAO,GAAG,CAAC,CAAC;oBACtG,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;gBACvC,CAAC;gBACD,OAAO,GAAG,IAAI,CAAC;YACjB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,aAAa,QAAQ,oCAAoC;gBAClE,UAAU,EAAE,cAAc;gBAC1B,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,2BAA2B,CAAC,CAAC;YACzF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,uBAAuB;QACvB,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5C,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,sCAAsC;gBAC/C,UAAU,EAAE,cAAc;gBAC1B,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,2BAA2B,CAAC,CAAC;YACzF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,IAAI,CAAC,WAAW,CAAC,cAAc,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;OAEG;IACK,WAAW,CACjB,KAAa,EACb,KAAsB,EACtB,QAAgB,EAChB,MAA4B,EAC5B,MAAe;QAEf,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,OAAO;QAE/B,MAAM,KAAK,GAAe;YACxB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK;YACL,KAAK;YACL,QAAQ;YACR,MAAM;SACP,CAAC;QAEF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC;QACxB,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,OAAe;QAC5B,IAAI,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,gDAAgD;gBACzD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAa;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,GAAG,EAAE,CAAC;YACR,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;YAEnB,yBAAyB;YACzB,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpD,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;oBAC3B,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,OAAe,EAAE,QAAgB;QACpD,wBAAwB;QACxB,MAAM,YAAY,GAAG,OAAO;aACzB,OAAO,CAAC,OAAO,EAAE,gBAAgB,CAAC;aAClC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC;aACvB,OAAO,CAAC,iBAAiB,EAAE,IAAI,CAAC;aAChC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAEvB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,YAAY,GAAG,CAAC,CAAC;QAC9C,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;CACF"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@terminals-tech/agent-zero",
-  "version": "1.0.0",
-  "description": "Secure primitives for autonomous systems. Kuramoto coherence, thermodynamic routing, capability-based security, encrypted vault. Built by systems intelligence.",
+  "version": "2.0.0",
+  "description": "Secure primitives for autonomous systems. Kuramoto coherence, thermodynamic routing, capability-based security, encrypted vault, session persistence, multi-model mesh, protocol interop. Built by systems intelligence.",
   "type": "module",
   "main": "dist/primitives/index.js",
   "types": "dist/primitives/index.d.ts",
@@ -25,6 +25,10 @@
     "./routing": {
       "import": "./dist/routing/index.js",
       "types": "./dist/routing/index.d.ts"
+    },
+    "./interop": {
+      "import": "./dist/interop/index.js",
+      "types": "./dist/interop/index.d.ts"
     }
   },
   "bin": {
@@ -34,6 +38,7 @@
     "dist",
     "bin",
     "README.md",
+    "THEORY.md",
     "LICENSE"
   ],
   "scripts": {
@@ -55,7 +60,12 @@
     "phase-synchronization",
     "agent-coordination",
     "terminals-tech",
-    "agent-zero"
+    "agent-zero",
+    "a2a",
+    "mcp",
+    "multi-model",
+    "session-persistence",
+    "context-engineering"
   ],
   "author": "terminals.tech",
   "license": "MIT",