@terminals-tech/agent-zero 1.0.0

package/dist/security/capabilities.d.ts

@@ -0,0 +1,178 @@
+/**
+ * Skill-Specific Capability Enforcement
+ *
+ * Extends IsomorphicSandbox with OpenClaw skill integration.
+ * Parses SKILL.md frontmatter capability declarations and enforces
+ * scoped access during skill execution.
+ *
+ * Security Model:
+ * - Skills declare required capabilities in frontmatter (filesystem, network, spawn, etc.)
+ * - SkillCapabilityManager creates attenuated capability from root
+ * - All skill operations checked against declared capabilities
+ * - Escalation attempts denied and logged as violations
+ * - Capability revocation kills tracked processes
+ */
+import { z } from 'zod';
+import { IsomorphicSandbox, CapabilityScope, BoundaryViolation } from './sandbox.js';
+export declare const SkillCapabilityDeclaration: z.ZodObject<{
+    /** Filesystem access (glob patterns) */
+    filesystem: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    /** Network access (domain patterns) */
+    network: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    /** Max child agents to spawn */
+    spawn: z.ZodDefault<z.ZodNumber>;
+    /** Memory limit in bytes */
+    memory: z.ZodDefault<z.ZodNumber>;
+    /** Execute permission */
+    execute: z.ZodDefault<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    memory: number;
+    spawn: number;
+    execute: boolean;
+    network: string[];
+    filesystem: string[];
+}, {
+    memory?: number | undefined;
+    spawn?: number | undefined;
+    execute?: boolean | undefined;
+    network?: string[] | undefined;
+    filesystem?: string[] | undefined;
+}>;
+export type SkillCapabilityDeclaration = z.infer<typeof SkillCapabilityDeclaration>;
+export declare const SkillExecutionContext: z.ZodObject<{
+    /** Skill name */
+    skillName: z.ZodString;
+    /** Declared capabilities */
+    declaration: z.ZodObject<{
+        /** Filesystem access (glob patterns) */
+        filesystem: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+        /** Network access (domain patterns) */
+        network: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+        /** Max child agents to spawn */
+        spawn: z.ZodDefault<z.ZodNumber>;
+        /** Memory limit in bytes */
+        memory: z.ZodDefault<z.ZodNumber>;
+        /** Execute permission */
+        execute: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        memory: number;
+        spawn: number;
+        execute: boolean;
+        network: string[];
+        filesystem: string[];
+    }, {
+        memory?: number | undefined;
+        spawn?: number | undefined;
+        execute?: boolean | undefined;
+        network?: string[] | undefined;
+        filesystem?: string[] | undefined;
+    }>;
+    /** Capability token from sandbox */
+    capabilityToken: z.ZodString;
+    /** Tracked process ID (if spawned) */
+    pid: z.ZodNullable<z.ZodNumber>;
+    /** Execution start timestamp */
+    startedAt: z.ZodNumber;
+    /** Accumulated violations */
+    violations: z.ZodArray<z.ZodObject<{
+        type: z.ZodEnum<["scope_denied", "resource_denied", "capability_expired", "capability_revoked", "injection_detected", "boundary_crossed"]>;
+        message: z.ZodString;
+        capability: z.ZodOptional<z.ZodString>;
+        resource: z.ZodOptional<z.ZodString>;
+        timestamp: z.ZodNumber;
+    }, "strip", z.ZodTypeAny, {
+        message: string;
+        type: "scope_denied" | "resource_denied" | "capability_expired" | "capability_revoked" | "injection_detected" | "boundary_crossed";
+        timestamp: number;
+        capability?: string | undefined;
+        resource?: string | undefined;
+    }, {
+        message: string;
+        type: "scope_denied" | "resource_denied" | "capability_expired" | "capability_revoked" | "injection_detected" | "boundary_crossed";
+        timestamp: number;
+        capability?: string | undefined;
+        resource?: string | undefined;
+    }>, "many">;
+}, "strip", z.ZodTypeAny, {
+    skillName: string;
+    declaration: {
+        memory: number;
+        spawn: number;
+        execute: boolean;
+        network: string[];
+        filesystem: string[];
+    };
+    capabilityToken: string;
+    pid: number | null;
+    startedAt: number;
+    violations: {
+        message: string;
+        type: "scope_denied" | "resource_denied" | "capability_expired" | "capability_revoked" | "injection_detected" | "boundary_crossed";
+        timestamp: number;
+        capability?: string | undefined;
+        resource?: string | undefined;
+    }[];
+}, {
+    skillName: string;
+    declaration: {
+        memory?: number | undefined;
+        spawn?: number | undefined;
+        execute?: boolean | undefined;
+        network?: string[] | undefined;
+        filesystem?: string[] | undefined;
+    };
+    capabilityToken: string;
+    pid: number | null;
+    startedAt: number;
+    violations: {
+        message: string;
+        type: "scope_denied" | "resource_denied" | "capability_expired" | "capability_revoked" | "injection_detected" | "boundary_crossed";
+        timestamp: number;
+        capability?: string | undefined;
+        resource?: string | undefined;
+    }[];
+}>;
+export type SkillExecutionContext = z.infer<typeof SkillExecutionContext>;
+export declare class SkillCapabilityManager {
+    private sandbox;
+    private contexts;
+    constructor(sandbox: IsomorphicSandbox);
+    /**
+     * Register a skill and create attenuated capability from root
+     */
+    registerSkill(name: string, declaration: SkillCapabilityDeclaration): SkillExecutionContext;
+    /**
+     * Check if skill has access to scope+resource
+     */
+    checkSkillAccess(name: string, scope: CapabilityScope, resource: string): {
+        allowed: boolean;
+        violation?: BoundaryViolation;
+    };
+    /**
+     * Handle capability escalation attempt
+     */
+    onCapabilityEscalation(name: string, requestedScope: CapabilityScope): BoundaryViolation;
+    /**
+     * Revoke skill capability and kill tracked process
+     */
+    revokeSkill(name: string): void;
+    /**
+     * List active skills with stats
+     */
+    listActiveSkills(): Array<{
+        name: string;
+        scopes: CapabilityScope[];
+        uptime: number;
+        violationCount: number;
+    }>;
+    /**
+     * Parse capability declaration from SKILL.md frontmatter
+     */
+    parseDeclarationFromFrontmatter(frontmatter: string): SkillCapabilityDeclaration;
+    /**
+     * Infer scopes from declaration
+     */
+    private inferScopesFromDeclaration;
+}
+export declare function createSkillCapabilityManager(sandbox: IsomorphicSandbox): SkillCapabilityManager;
+//# sourceMappingURL=capabilities.d.ts.map

package/dist/security/capabilities.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capabilities.d.ts","sourceRoot":"","sources":["../../src/security/capabilities.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,iBAAiB,EAElB,MAAM,cAAc,CAAC;AAMtB,eAAO,MAAM,0BAA0B;IACrC,wCAAwC;;IAExC,uCAAuC;;IAEvC,gCAAgC;;IAEhC,4BAA4B;;IAE5B,yBAAyB;;;;;;;;;;;;;;EAEzB,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,eAAO,MAAM,qBAAqB;IAChC,iBAAiB;;IAEjB,4BAA4B;;QAhB5B,wCAAwC;;QAExC,uCAAuC;;QAEvC,gCAAgC;;QAEhC,4BAA4B;;QAE5B,yBAAyB;;;;;;;;;;;;;;;IAUzB,oCAAoC;;IAEpC,sCAAsC;;IAEtC,gCAAgC;;IAEhC,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE7B,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAM1E,qBAAa,sBAAsB;IACjC,OAAO,CAAC,OAAO,CAAoB;IACnC,OAAO,CAAC,QAAQ,CAAiD;gBAErD,OAAO,EAAE,iBAAiB;IAItC;;OAEG;IACH,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,0BAA0B,GAAG,qBAAqB;IAoE3F;;OAEG;IACH,gBAAgB,CACd,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,eAAe,EACtB,QAAQ,EAAE,MAAM,GACf;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,iBAAiB,CAAA;KAAE;IAuBtD;;OAEG;IACH,sBAAsB,CAAC,IAAI,EAAE,MAAM,EAAE,cAAc,EAAE,eAAe,GAAG,iBAAiB;IAexF;;OAEG;IACH,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAmB/B;;OAEG;IACH,gBAAgB,IAAI,KAAK,CAAC;QACxB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,eAAe,EAAE,CAAC;QAC1B,MAAM,EAAE,MAAM,CAAC;QACf,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IAmBF;;OAEG;IACH,+BAA+B,CAAC,WAAW,EAAE,MAAM,GAAG,0BAA0B;IAkEhF;;OAEG;IACH,OAAO,CAAC,0BAA0B;CAmBnC;AAMD,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,iBAAiB,GAAG,sBAAsB,CAE/F"}

package/dist/security/capabilities.js

@@ -0,0 +1,270 @@
+/**
+ * Skill-Specific Capability Enforcement
+ *
+ * Extends IsomorphicSandbox with OpenClaw skill integration.
+ * Parses SKILL.md frontmatter capability declarations and enforces
+ * scoped access during skill execution.
+ *
+ * Security Model:
+ * - Skills declare required capabilities in frontmatter (filesystem, network, spawn, etc.)
+ * - SkillCapabilityManager creates attenuated capability from root
+ * - All skill operations checked against declared capabilities
+ * - Escalation attempts denied and logged as violations
+ * - Capability revocation kills tracked processes
+ */
+import { z } from 'zod';
+import { BoundaryViolation, } from './sandbox.js';
+// ============================================================================
+// SKILL CAPABILITY SCHEMAS
+// ============================================================================
+export const SkillCapabilityDeclaration = z.object({
+    /** Filesystem access (glob patterns) */
+    filesystem: z.array(z.string()).default([]),
+    /** Network access (domain patterns) */
+    network: z.array(z.string()).default([]),
+    /** Max child agents to spawn */
+    spawn: z.number().int().nonnegative().default(0),
+    /** Memory limit in bytes */
+    memory: z.number().int().positive().default(100 * 1024 * 1024), // 100MB default
+    /** Execute permission */
+    execute: z.boolean().default(false),
+});
+export const SkillExecutionContext = z.object({
+    /** Skill name */
+    skillName: z.string(),
+    /** Declared capabilities */
+    declaration: SkillCapabilityDeclaration,
+    /** Capability token from sandbox */
+    capabilityToken: z.string(),
+    /** Tracked process ID (if spawned) */
+    pid: z.number().nullable(),
+    /** Execution start timestamp */
+    startedAt: z.number(),
+    /** Accumulated violations */
+    violations: z.array(BoundaryViolation),
+});
+// ============================================================================
+// SKILL CAPABILITY MANAGER
+// ============================================================================
+export class SkillCapabilityManager {
+    sandbox;
+    contexts = new Map();
+    constructor(sandbox) {
+        this.sandbox = sandbox;
+    }
+    /**
+     * Register a skill and create attenuated capability from root
+     */
+    registerSkill(name, declaration) {
+        // Map declaration to scopes and resources
+        const scopes = [];
+        const resources = [];
+        // Filesystem access
+        if (declaration.filesystem.length > 0) {
+            scopes.push('read', 'write');
+            for (const pattern of declaration.filesystem) {
+                resources.push({ pattern, type: 'allow' });
+            }
+        }
+        // Network access
+        if (declaration.network.length > 0) {
+            scopes.push('network');
+            for (const pattern of declaration.network) {
+                resources.push({ pattern: `https://${pattern}/**`, type: 'allow' });
+                resources.push({ pattern: `http://${pattern}/**`, type: 'allow' });
+            }
+        }
+        // Spawn permission
+        if (declaration.spawn > 0) {
+            scopes.push('spawn');
+            resources.push({ pattern: `spawn:*:${declaration.spawn}`, type: 'allow' });
+        }
+        // Memory access
+        scopes.push('memory');
+        resources.push({ pattern: `memory:bytes:${declaration.memory}`, type: 'allow' });
+        // Execute permission
+        if (declaration.execute) {
+            scopes.push('execute');
+            resources.push({ pattern: 'exec:**', type: 'allow' });
+        }
+        // Always allow broadcast for communication
+        scopes.push('broadcast');
+        resources.push({ pattern: 'channel:**', type: 'allow' });
+        // Create attenuated capability
+        const rootToken = this.sandbox.getRootToken();
+        const capability = this.sandbox.attenuate(rootToken, {
+            scopes,
+            resources,
+            reason: `Skill: ${name}`,
+        });
+        if (!capability) {
+            throw new Error(`Failed to create capability for skill: ${name}`);
+        }
+        // Create execution context
+        const context = {
+            skillName: name,
+            declaration,
+            capabilityToken: capability.token,
+            pid: null,
+            startedAt: Date.now(),
+            violations: [],
+        };
+        this.contexts.set(name, context);
+        return context;
+    }
+    /**
+     * Check if skill has access to scope+resource
+     */
+    checkSkillAccess(name, scope, resource) {
+        const context = this.contexts.get(name);
+        if (!context) {
+            const violation = {
+                type: 'capability_revoked',
+                message: `Skill '${name}' not registered`,
+                resource,
+                timestamp: Date.now(),
+            };
+            return { allowed: false, violation };
+        }
+        // Delegate to sandbox with skill's token
+        const result = this.sandbox.check(context.capabilityToken, scope, resource);
+        // Record violation
+        if (result.violation) {
+            context.violations.push(result.violation);
+        }
+        return result;
+    }
+    /**
+     * Handle capability escalation attempt
+     */
+    onCapabilityEscalation(name, requestedScope) {
+        const violation = {
+            type: 'scope_denied',
+            message: `Skill '${name}' attempted escalation to scope '${requestedScope}'`,
+            timestamp: Date.now(),
+        };
+        const context = this.contexts.get(name);
+        if (context) {
+            context.violations.push(violation);
+        }
+        return violation;
+    }
+    /**
+     * Revoke skill capability and kill tracked process
+     */
+    revokeSkill(name) {
+        const context = this.contexts.get(name);
+        if (!context)
+            return;
+        // Revoke capability in sandbox
+        this.sandbox.revoke(context.capabilityToken);
+        // Kill tracked process if exists
+        if (context.pid !== null) {
+            try {
+                process.kill(context.pid, 'SIGTERM');
+            }
+            catch (err) {
+                // Process may already be dead, ignore
+            }
+        }
+        this.contexts.delete(name);
+    }
+    /**
+     * List active skills with stats
+     */
+    listActiveSkills() {
+        const result = [];
+        for (const [name, context] of this.contexts) {
+            const scopes = this.inferScopesFromDeclaration(context.declaration);
+            const uptime = Date.now() - context.startedAt;
+            const violationCount = context.violations.length;
+            result.push({ name, scopes, uptime, violationCount });
+        }
+        return result;
+    }
+    /**
+     * Parse capability declaration from SKILL.md frontmatter
+     */
+    parseDeclarationFromFrontmatter(frontmatter) {
+        // Remove frontmatter delimiters
+        const content = frontmatter.replace(/^---\n?/, '').replace(/\n?---$/, '');
+        // Parse YAML-like frontmatter
+        const lines = content.split('\n');
+        const parsed = {};
+        let currentKey = null;
+        let currentArray = [];
+        for (const line of lines) {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith('#'))
+                continue;
+            // Array item
+            if (trimmed.startsWith('- ')) {
+                if (currentKey) {
+                    currentArray.push(trimmed.slice(2).trim());
+                }
+                continue;
+            }
+            // Flush previous array
+            if (currentKey && currentArray.length > 0) {
+                parsed[currentKey] = currentArray;
+                currentArray = [];
+            }
+            // Key-value pair
+            const match = trimmed.match(/^([a-zA-Z_][a-zA-Z0-9_]*)\s*:\s*(.*)$/);
+            if (match) {
+                const [, key, value] = match;
+                currentKey = key;
+                // Boolean
+                if (value === 'true' || value === 'false') {
+                    parsed[key] = value === 'true';
+                    currentKey = null;
+                    continue;
+                }
+                // Number
+                if (/^\d+$/.test(value)) {
+                    parsed[key] = parseInt(value, 10);
+                    currentKey = null;
+                    continue;
+                }
+                // String (empty value means array follows)
+                if (value) {
+                    parsed[key] = value;
+                    currentKey = null;
+                }
+            }
+        }
+        // Flush final array
+        if (currentKey && currentArray.length > 0) {
+            parsed[currentKey] = currentArray;
+        }
+        // Validate and return
+        return SkillCapabilityDeclaration.parse(parsed);
+    }
+    /**
+     * Infer scopes from declaration
+     */
+    inferScopesFromDeclaration(declaration) {
+        const scopes = [];
+        if (declaration.filesystem.length > 0) {
+            scopes.push('read', 'write');
+        }
+        if (declaration.network.length > 0) {
+            scopes.push('network');
+        }
+        if (declaration.spawn > 0) {
+            scopes.push('spawn');
+        }
+        if (declaration.execute) {
+            scopes.push('execute');
+        }
+        scopes.push('memory', 'broadcast'); // Always granted
+        return scopes;
+    }
+}
+// ============================================================================
+// FACTORY
+// ============================================================================
+export function createSkillCapabilityManager(sandbox) {
+    return new SkillCapabilityManager(sandbox);
+}
+//# sourceMappingURL=capabilities.js.map

package/dist/security/capabilities.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"capabilities.js","sourceRoot":"","sources":["../../src/security/capabilities.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAGL,iBAAiB,GAElB,MAAM,cAAc,CAAC;AAEtB,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,wCAAwC;IACxC,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IAC3C,uCAAuC;IACvC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACxC,gCAAgC;IAChC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IAChD,4BAA4B;IAC5B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,EAAE,gBAAgB;IAChF,yBAAyB;IACzB,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACpC,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5C,iBAAiB;IACjB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,4BAA4B;IAC5B,WAAW,EAAE,0BAA0B;IACvC,oCAAoC;IACpC,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE;IAC3B,sCAAsC;IACtC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,gCAAgC;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,6BAA6B;IAC7B,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC;CACvC,CAAC,CAAC;AAGH,+EAA+E;AAC/E,2BAA2B;AAC3B,+EAA+E;AAE/E,MAAM,OAAO,sBAAsB;IACzB,OAAO,CAAoB;IAC3B,QAAQ,GAAuC,IAAI,GAAG,EAAE,CAAC;IAEjE,YAAY,OAA0B;QACpC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,IAAY,EAAE,WAAuC;QACjE,0CAA0C;QAC1C,MAAM,MAAM,GAAsB,EAAE,CAAC;QACrC,MAAM,SAAS,GAAsB,EAAE,CAAC;QAExC,oBAAoB;QACpB,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC7B,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,UAAU,EAAE,CAAC;gBAC7C,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAED,iBAAiB;QACjB,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvB,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;gBAC1C,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,WAAW,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;gBACpE,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,UAAU,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;QAED,mBAAmB;QACnB,IAAI,WAAW,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrB,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,WAAW,WAAW,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,gBAAgB;QAChB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACtB,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,gBAAgB,WAAW,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAEjF,qBAAqB;QACrB,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvB,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,2CAA2C;QAC3C,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACzB,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAEzD,+BAA+B;QAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE;YACnD,MAAM;YACN,SAAS;YACT,MAAM,EAAE,UAAU,IAAI,EAAE;SACzB,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,0CAA0C,IAAI,EAAE,CAAC,CAAC;QACpE,CAAC;QAED,2BAA2B;QAC3B,MAAM,OAAO,GAA0B;YACrC,SAAS,EAAE,IAAI;YACf,WAAW;YACX,eAAe,EAAE,UAAU,CAAC,KAAK;YACjC,GAAG,EAAE,IAAI;YACT,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,UAAU,EAAE,EAAE;SACf,CAAC;QAEF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACjC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,gBAAgB,CACd,IAAY,EACZ,KAAsB,EACtB,QAAgB;QAEhB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,UAAU,IAAI,kBAAkB;gBACzC,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,yCAAyC;QACzC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;QAE5E,mBAAmB;QACnB,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5C,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,sBAAsB,CAAC,IAAY,EAAE,cAA+B;QAClE,MAAM,SAAS,GAAsB;YACnC,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,UAAU,IAAI,oCAAoC,cAAc,GAAG;YAC5E,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACrC,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,IAAY;QACtB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,CAAC,OAAO;YAAE,OAAO;QAErB,+BAA+B;QAC/B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAE7C,iCAAiC;QACjC,IAAI,OAAO,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YACvC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,sCAAsC;YACxC,CAAC;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,gBAAgB;QAMd,MAAM,MAAM,GAKP,EAAE,CAAC;QAER,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YACpE,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC;YAC9C,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC;YAEjD,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,+BAA+B,CAAC,WAAmB;QACjD,gCAAgC;QAChC,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;QAE1E,8BAA8B;QAC9B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,MAAM,GAA4B,EAAE,CAAC;QAE3C,IAAI,UAAU,GAAkB,IAAI,CAAC;QACrC,IAAI,YAAY,GAAa,EAAE,CAAC;QAEhC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAElD,aAAa;YACb,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7B,IAAI,UAAU,EAAE,CAAC;oBACf,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC7C,CAAC;gBACD,SAAS;YACX,CAAC;YAED,uBAAuB;YACvB,IAAI,UAAU,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1C,MAAM,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC;gBAClC,YAAY,GAAG,EAAE,CAAC;YACpB,CAAC;YAED,iBAAiB;YACjB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;YACrE,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC;gBAC7B,UAAU,GAAG,GAAG,CAAC;gBAEjB,UAAU;gBACV,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;oBAC1C,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,KAAK,MAAM,CAAC;oBAC/B,UAAU,GAAG,IAAI,CAAC;oBAClB,SAAS;gBACX,CAAC;gBAED,SAAS;gBACT,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBACxB,MAAM,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;oBAClC,UAAU,GAAG,IAAI,CAAC;oBAClB,SAAS;gBACX,CAAC;gBAED,2CAA2C;gBAC3C,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;oBACpB,UAAU,GAAG,IAAI,CAAC;gBACpB,CAAC;YACH,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,IAAI,UAAU,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1C,MAAM,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC;QACpC,CAAC;QAED,sBAAsB;QACtB,OAAO,0BAA0B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACK,0BAA0B,CAAC,WAAuC;QACxE,MAAM,MAAM,GAAsB,EAAE,CAAC;QAErC,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC/B,CAAC;QACD,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,WAAW,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;QACD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACzB,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAC,iBAAiB;QACrD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E,MAAM,UAAU,4BAA4B,CAAC,OAA0B;IACrE,OAAO,IAAI,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAC7C,CAAC"}

package/dist/security/channelFirewallMiddleware.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Channel Firewall Middleware
+ *
+ * Wraps InjectionFirewall for channel adapters with event emission.
+ * Scans incoming content for injection patterns and sanitizes/blocks threats.
+ */
+import { type ParanoiaLevel, type MessageOrigin } from './injectionFirewall.js';
+export interface FirewallResult {
+    safe: boolean;
+    sanitized: string;
+    threats: Array<{
+        pattern: string;
+        score: number;
+        category: string;
+    }>;
+}
+export interface ChannelFirewallMiddleware {
+    process(content: string, origin: MessageOrigin): FirewallResult;
+    on(event: 'firewall:blocked' | 'firewall:quarantined', handler: (data: any) => void): void;
+}
+export declare function createFirewallMiddleware(paranoiaLevel?: ParanoiaLevel): ChannelFirewallMiddleware;
+//# sourceMappingURL=channelFirewallMiddleware.d.ts.map

package/dist/security/channelFirewallMiddleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"channelFirewallMiddleware.d.ts","sourceRoot":"","sources":["../../src/security/channelFirewallMiddleware.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAqB,KAAK,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAEnG,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACtE;AAED,MAAM,WAAW,yBAAyB;IACxC,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,cAAc,CAAC;IAChE,EAAE,CAAC,KAAK,EAAE,kBAAkB,GAAG,sBAAsB,EAAE,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,IAAI,GAAG,IAAI,CAAC;CAC5F;AAED,wBAAgB,wBAAwB,CACtC,aAAa,GAAE,aAA0B,GACxC,yBAAyB,CA6C3B"}

package/dist/security/channelFirewallMiddleware.js

@@ -0,0 +1,52 @@
+/**
+ * Channel Firewall Middleware
+ *
+ * Wraps InjectionFirewall for channel adapters with event emission.
+ * Scans incoming content for injection patterns and sanitizes/blocks threats.
+ */
+import { EventEmitter } from 'eventemitter3';
+import { InjectionFirewall } from './injectionFirewall.js';
+export function createFirewallMiddleware(paranoiaLevel = 'standard') {
+    const firewall = new InjectionFirewall(paranoiaLevel);
+    const emitter = new EventEmitter();
+    return {
+        process(content, origin) {
+            const verdict = firewall.scan(content, origin);
+            const threats = verdict.threats.map(threat => {
+                const [category, pattern] = threat.split(': ');
+                return {
+                    category: category ?? 'unknown',
+                    pattern: pattern ?? threat,
+                    score: verdict.score,
+                };
+            });
+            let sanitized = content;
+            if (!verdict.safe) {
+                sanitized = firewall.quarantine(content);
+                emitter.emit('firewall:blocked', {
+                    origin,
+                    threats,
+                    timestamp: Date.now(),
+                    originalLength: content.length,
+                    sanitizedLength: sanitized.length,
+                });
+            }
+            else if (threats.length > 0) {
+                emitter.emit('firewall:quarantined', {
+                    origin,
+                    threats,
+                    timestamp: Date.now(),
+                });
+            }
+            return {
+                safe: verdict.safe,
+                sanitized,
+                threats,
+            };
+        },
+        on(event, handler) {
+            emitter.on(event, handler);
+        },
+    };
+}
+//# sourceMappingURL=channelFirewallMiddleware.js.map

package/dist/security/channelFirewallMiddleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"channelFirewallMiddleware.js","sourceRoot":"","sources":["../../src/security/channelFirewallMiddleware.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAA0C,MAAM,wBAAwB,CAAC;AAanG,MAAM,UAAU,wBAAwB,CACtC,gBAA+B,UAAU;IAEzC,MAAM,QAAQ,GAAG,IAAI,iBAAiB,CAAC,aAAa,CAAC,CAAC;IACtD,MAAM,OAAO,GAAG,IAAI,YAAY,EAAE,CAAC;IAEnC,OAAO;QACL,OAAO,CAAC,OAAe,EAAE,MAAqB;YAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAE/C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;gBAC3C,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBAC/C,OAAO;oBACL,QAAQ,EAAE,QAAQ,IAAI,SAAS;oBAC/B,OAAO,EAAE,OAAO,IAAI,MAAM;oBAC1B,KAAK,EAAE,OAAO,CAAC,KAAK;iBACrB,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,SAAS,GAAG,OAAO,CAAC;YACxB,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBAClB,SAAS,GAAG,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBACzC,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE;oBAC/B,MAAM;oBACN,OAAO;oBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,cAAc,EAAE,OAAO,CAAC,MAAM;oBAC9B,eAAe,EAAE,SAAS,CAAC,MAAM;iBAClC,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,OAAO,CAAC,IAAI,CAAC,sBAAsB,EAAE;oBACnC,MAAM;oBACN,OAAO;oBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACtB,CAAC,CAAC;YACL,CAAC;YAED,OAAO;gBACL,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,SAAS;gBACT,OAAO;aACR,CAAC;QACJ,CAAC;QACD,EAAE,CAAC,KAAa,EAAE,OAAiC;YACjD,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC7B,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/security/index.d.ts

@@ -0,0 +1,11 @@
+/**
+ * @terminals-tech/agent-zero/security
+ *
+ * AES-256-GCM vault, capability sandbox, injection firewall, Ed25519 skill verification.
+ */
+export { Vault, createVault } from './vault.js';
+export { IsomorphicSandbox, CapabilityScope, detectInjection, generateCapabilityToken } from './sandbox.js';
+export { SkillCapabilityManager, createSkillCapabilityManager } from './capabilities.js';
+export { InjectionFirewall, ParanoiaLevel, createFirewall } from './injectionFirewall.js';
+export { generateSigningKeyPair, signManifest, verifyManifest, verifySkillIntegrity, createManifest, hashFile, loadSignedManifest, } from './skillVerify.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/security/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAC5G,OAAO,EAAE,sBAAsB,EAAE,4BAA4B,EAAE,MAAM,mBAAmB,CAAC;AACzF,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC1F,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,cAAc,EACd,oBAAoB,EACpB,cAAc,EACd,QAAQ,EACR,kBAAkB,GACnB,MAAM,kBAAkB,CAAC"}

package/dist/security/index.js

@@ -0,0 +1,11 @@
+/**
+ * @terminals-tech/agent-zero/security
+ *
+ * AES-256-GCM vault, capability sandbox, injection firewall, Ed25519 skill verification.
+ */
+export { Vault, createVault } from './vault.js';
+export { IsomorphicSandbox, CapabilityScope, detectInjection, generateCapabilityToken } from './sandbox.js';
+export { SkillCapabilityManager, createSkillCapabilityManager } from './capabilities.js';
+export { InjectionFirewall, ParanoiaLevel, createFirewall } from './injectionFirewall.js';
+export { generateSigningKeyPair, signManifest, verifyManifest, verifySkillIntegrity, createManifest, hashFile, loadSignedManifest, } from './skillVerify.js';
+//# sourceMappingURL=index.js.map

package/dist/security/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAC5G,OAAO,EAAE,sBAAsB,EAAE,4BAA4B,EAAE,MAAM,mBAAmB,CAAC;AACzF,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAC1F,OAAO,EACL,sBAAsB,EACtB,YAAY,EACZ,cAAc,EACd,oBAAoB,EACpB,cAAc,EACd,QAAQ,EACR,kBAAkB,GACnB,MAAM,kBAAkB,CAAC"}

package/dist/security/injectionFirewall.d.ts

@@ -0,0 +1,47 @@
+import { z } from 'zod';
+export declare const ParanoiaLevel: z.ZodEnum<["relaxed", "standard", "paranoid"]>;
+export type ParanoiaLevel = z.infer<typeof ParanoiaLevel>;
+export declare const MessageOrigin: z.ZodEnum<["human-direct", "forwarded", "channel-bridged", "agent-to-agent", "unknown"]>;
+export type MessageOrigin = z.infer<typeof MessageOrigin>;
+export declare const FirewallVerdict: z.ZodObject<{
+    safe: z.ZodBoolean;
+    score: z.ZodNumber;
+    threats: z.ZodArray<z.ZodString, "many">;
+    origin: z.ZodEnum<["human-direct", "forwarded", "channel-bridged", "agent-to-agent", "unknown"]>;
+    quarantined: z.ZodBoolean;
+}, "strip", z.ZodTypeAny, {
+    safe: boolean;
+    score: number;
+    threats: string[];
+    origin: "unknown" | "human-direct" | "forwarded" | "channel-bridged" | "agent-to-agent";
+    quarantined: boolean;
+}, {
+    safe: boolean;
+    score: number;
+    threats: string[];
+    origin: "unknown" | "human-direct" | "forwarded" | "channel-bridged" | "agent-to-agent";
+    quarantined: boolean;
+}>;
+export type FirewallVerdict = z.infer<typeof FirewallVerdict>;
+export declare class InjectionFirewall {
+    private level;
+    private stats;
+    constructor(level?: ParanoiaLevel);
+    scan(content: string, origin: MessageOrigin): FirewallVerdict;
+    scanBatch(messages: Array<{
+        content: string;
+        origin: MessageOrigin;
+    }>): FirewallVerdict[];
+    quarantine(content: string): string;
+    setLevel(level: ParanoiaLevel): void;
+    getStats(): {
+        scanned: number;
+        blocked: number;
+        quarantined: number;
+    };
+    private isLikelyEncoded;
+    private containsSuspiciousKeywords;
+    private calculateEntropy;
+}
+export declare function createFirewall(level?: ParanoiaLevel): InjectionFirewall;
+//# sourceMappingURL=injectionFirewall.d.ts.map

package/dist/security/injectionFirewall.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"injectionFirewall.d.ts","sourceRoot":"","sources":["../../src/security/injectionFirewall.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,eAAO,MAAM,aAAa,gDAA8C,CAAC;AACzE,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAE1D,eAAO,MAAM,aAAa,0FAMxB,CAAC;AACH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAE1D,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;EAM1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAmG9D,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,KAAK,CAAgB;IAC7B,OAAO,CAAC,KAAK,CAA8C;gBAE/C,KAAK,GAAE,aAA0B;IAI7C,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,eAAe;IAyF7D,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,aAAa,CAAA;KAAE,CAAC,GAAG,eAAe,EAAE;IAIzF,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;IA4BnC,QAAQ,CAAC,KAAK,EAAE,aAAa,GAAG,IAAI;IAIpC,QAAQ,IAAI;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAIrE,OAAO,CAAC,eAAe;IA8BvB,OAAO,CAAC,0BAA0B;IAKlC,OAAO,CAAC,gBAAgB;CAezB;AAED,wBAAgB,cAAc,CAAC,KAAK,GAAE,aAA0B,GAAG,iBAAiB,CAEnF"}