npm - @terminals-tech/agent-zero - Versions diffs - 1.0.0 - Mend

@terminals-tech/agent-zero 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (263) hide show

package/README.md +209 -0
package/bin/agent-zero.js +332 -0
package/dist/agency/commandRouter.d.ts +48 -0
package/dist/agency/commandRouter.d.ts.map +1 -0
package/dist/agency/commandRouter.js +343 -0
package/dist/agency/commandRouter.js.map +1 -0
package/dist/agency/runtime.d.ts +66 -0
package/dist/agency/runtime.d.ts.map +1 -0
package/dist/agency/runtime.js +247 -0
package/dist/agency/runtime.js.map +1 -0
package/dist/agency/summaryGenerator.d.ts +39 -0
package/dist/agency/summaryGenerator.d.ts.map +1 -0
package/dist/agency/summaryGenerator.js +110 -0
package/dist/agency/summaryGenerator.js.map +1 -0
package/dist/agency/summaryScheduler.d.ts +33 -0
package/dist/agency/summaryScheduler.d.ts.map +1 -0
package/dist/agency/summaryScheduler.js +68 -0
package/dist/agency/summaryScheduler.js.map +1 -0
package/dist/browser/agent-runtime/RuntimePanel.d.ts +20 -0
package/dist/browser/agent-runtime/RuntimePanel.d.ts.map +1 -0
package/dist/browser/agent-runtime/RuntimePanel.js +203 -0
package/dist/browser/agent-runtime/RuntimePanel.js.map +1 -0
package/dist/browser/agent-runtime/config.d.ts +28 -0
package/dist/browser/agent-runtime/config.d.ts.map +1 -0
package/dist/browser/agent-runtime/config.js +50 -0
package/dist/browser/agent-runtime/config.js.map +1 -0
package/dist/browser/agent-runtime/launcher.d.ts +71 -0
package/dist/browser/agent-runtime/launcher.d.ts.map +1 -0
package/dist/browser/agent-runtime/launcher.js +167 -0
package/dist/browser/agent-runtime/launcher.js.map +1 -0
package/dist/browser/rail-auth-bridge.d.ts +85 -0
package/dist/browser/rail-auth-bridge.d.ts.map +1 -0
package/dist/browser/rail-auth-bridge.js +209 -0
package/dist/browser/rail-auth-bridge.js.map +1 -0
package/dist/channels/index.d.ts +13 -0
package/dist/channels/index.d.ts.map +1 -0
package/dist/channels/index.js +12 -0
package/dist/channels/index.js.map +1 -0
package/dist/channels/moltbook.d.ts +114 -0
package/dist/channels/moltbook.d.ts.map +1 -0
package/dist/channels/moltbook.js +348 -0
package/dist/channels/moltbook.js.map +1 -0
package/dist/channels/sms.d.ts +33 -0
package/dist/channels/sms.d.ts.map +1 -0
package/dist/channels/sms.js +160 -0
package/dist/channels/sms.js.map +1 -0
package/dist/channels/telegram.d.ts +47 -0
package/dist/channels/telegram.d.ts.map +1 -0
package/dist/channels/telegram.js +276 -0
package/dist/channels/telegram.js.map +1 -0
package/dist/channels/twitter.d.ts +93 -0
package/dist/channels/twitter.d.ts.map +1 -0
package/dist/channels/twitter.js +411 -0
package/dist/channels/twitter.js.map +1 -0
package/dist/channels/whatsapp.d.ts +77 -0
package/dist/channels/whatsapp.d.ts.map +1 -0
package/dist/channels/whatsapp.js +514 -0
package/dist/channels/whatsapp.js.map +1 -0
package/dist/checkout/index.d.ts +92 -0
package/dist/checkout/index.d.ts.map +1 -0
package/dist/checkout/index.js +125 -0
package/dist/checkout/index.js.map +1 -0
package/dist/cli/moltbook.d.ts +11 -0
package/dist/cli/moltbook.d.ts.map +1 -0
package/dist/cli/moltbook.js +259 -0
package/dist/cli/moltbook.js.map +1 -0
package/dist/cli/setup.d.ts +10 -0
package/dist/cli/setup.d.ts.map +1 -0
package/dist/cli/setup.js +232 -0
package/dist/cli/setup.js.map +1 -0
package/dist/coherence/absorption.d.ts +141 -0
package/dist/coherence/absorption.d.ts.map +1 -0
package/dist/coherence/absorption.js +343 -0
package/dist/coherence/absorption.js.map +1 -0
package/dist/coherence/crossPlatform.d.ts +55 -0
package/dist/coherence/crossPlatform.d.ts.map +1 -0
package/dist/coherence/crossPlatform.js +219 -0
package/dist/coherence/crossPlatform.js.map +1 -0
package/dist/coherence/identityResolver.d.ts +27 -0
package/dist/coherence/identityResolver.d.ts.map +1 -0
package/dist/coherence/identityResolver.js +102 -0
package/dist/coherence/identityResolver.js.map +1 -0
package/dist/identity/burner.d.ts +100 -0
package/dist/identity/burner.d.ts.map +1 -0
package/dist/identity/burner.js +256 -0
package/dist/identity/burner.js.map +1 -0
package/dist/identity/burnerScheduler.d.ts +18 -0
package/dist/identity/burnerScheduler.d.ts.map +1 -0
package/dist/identity/burnerScheduler.js +82 -0
package/dist/identity/burnerScheduler.js.map +1 -0
package/dist/identity/moltbookBurnerAdapter.d.ts +14 -0
package/dist/identity/moltbookBurnerAdapter.d.ts.map +1 -0
package/dist/identity/moltbookBurnerAdapter.js +82 -0
package/dist/identity/moltbookBurnerAdapter.js.map +1 -0
package/dist/identity/operationalVault.d.ts +108 -0
package/dist/identity/operationalVault.d.ts.map +1 -0
package/dist/identity/operationalVault.js +259 -0
package/dist/identity/operationalVault.js.map +1 -0
package/dist/index.d.ts +43 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +57 -0
package/dist/index.js.map +1 -0
package/dist/moltbook/apiErrorHandler.d.ts +48 -0
package/dist/moltbook/apiErrorHandler.d.ts.map +1 -0
package/dist/moltbook/apiErrorHandler.js +125 -0
package/dist/moltbook/apiErrorHandler.js.map +1 -0
package/dist/moltbook/approvalGate.d.ts +81 -0
package/dist/moltbook/approvalGate.d.ts.map +1 -0
package/dist/moltbook/approvalGate.js +211 -0
package/dist/moltbook/approvalGate.js.map +1 -0
package/dist/moltbook/attentionField.d.ts +55 -0
package/dist/moltbook/attentionField.d.ts.map +1 -0
package/dist/moltbook/attentionField.js +163 -0
package/dist/moltbook/attentionField.js.map +1 -0
package/dist/moltbook/contentEnhancer.d.ts +28 -0
package/dist/moltbook/contentEnhancer.d.ts.map +1 -0
package/dist/moltbook/contentEnhancer.js +129 -0
package/dist/moltbook/contentEnhancer.js.map +1 -0
package/dist/moltbook/daemon.d.ts +111 -0
package/dist/moltbook/daemon.d.ts.map +1 -0
package/dist/moltbook/daemon.js +497 -0
package/dist/moltbook/daemon.js.map +1 -0
package/dist/moltbook/observer.d.ts +44 -0
package/dist/moltbook/observer.d.ts.map +1 -0
package/dist/moltbook/observer.js +71 -0
package/dist/moltbook/observer.js.map +1 -0
package/dist/moltbook/responseComposer.d.ts +54 -0
package/dist/moltbook/responseComposer.d.ts.map +1 -0
package/dist/moltbook/responseComposer.js +233 -0
package/dist/moltbook/responseComposer.js.map +1 -0
package/dist/openclaw/gateway.d.ts +45 -0
package/dist/openclaw/gateway.d.ts.map +1 -0
package/dist/openclaw/gateway.js +139 -0
package/dist/openclaw/gateway.js.map +1 -0
package/dist/openclaw/skill.d.ts +185 -0
package/dist/openclaw/skill.d.ts.map +1 -0
package/dist/openclaw/skill.js +297 -0
package/dist/openclaw/skill.js.map +1 -0
package/dist/primitives/index.d.ts +23 -0
package/dist/primitives/index.d.ts.map +1 -0
package/dist/primitives/index.js +27 -0
package/dist/primitives/index.js.map +1 -0
package/dist/primitives/types.d.ts +673 -0
package/dist/primitives/types.d.ts.map +1 -0
package/dist/primitives/types.js +205 -0
package/dist/primitives/types.js.map +1 -0
package/dist/rail/absorptionBridge.d.ts +47 -0
package/dist/rail/absorptionBridge.d.ts.map +1 -0
package/dist/rail/absorptionBridge.js +78 -0
package/dist/rail/absorptionBridge.js.map +1 -0
package/dist/rail/authProtocol.d.ts +32 -0
package/dist/rail/authProtocol.d.ts.map +1 -0
package/dist/rail/authProtocol.js +83 -0
package/dist/rail/authProtocol.js.map +1 -0
package/dist/rail/clientRateLimiter.d.ts +17 -0
package/dist/rail/clientRateLimiter.d.ts.map +1 -0
package/dist/rail/clientRateLimiter.js +64 -0
package/dist/rail/clientRateLimiter.js.map +1 -0
package/dist/rail/index.d.ts +8 -0
package/dist/rail/index.d.ts.map +1 -0
package/dist/rail/index.js +38 -0
package/dist/rail/index.js.map +1 -0
package/dist/rail/jwtVerifier.d.ts +11 -0
package/dist/rail/jwtVerifier.d.ts.map +1 -0
package/dist/rail/jwtVerifier.js +55 -0
package/dist/rail/jwtVerifier.js.map +1 -0
package/dist/rail/logger.d.ts +13 -0
package/dist/rail/logger.d.ts.map +1 -0
package/dist/rail/logger.js +29 -0
package/dist/rail/logger.js.map +1 -0
package/dist/rail/metadataBroadcaster.d.ts +53 -0
package/dist/rail/metadataBroadcaster.d.ts.map +1 -0
package/dist/rail/metadataBroadcaster.js +126 -0
package/dist/rail/metadataBroadcaster.js.map +1 -0
package/dist/rail/persistence.d.ts +57 -0
package/dist/rail/persistence.d.ts.map +1 -0
package/dist/rail/persistence.js +103 -0
package/dist/rail/persistence.js.map +1 -0
package/dist/rail/securityMonitor.d.ts +23 -0
package/dist/rail/securityMonitor.d.ts.map +1 -0
package/dist/rail/securityMonitor.js +52 -0
package/dist/rail/securityMonitor.js.map +1 -0
package/dist/rail/server.d.ts +186 -0
package/dist/rail/server.d.ts.map +1 -0
package/dist/rail/server.js +568 -0
package/dist/rail/server.js.map +1 -0
package/dist/rail/userSessionManager.d.ts +29 -0
package/dist/rail/userSessionManager.d.ts.map +1 -0
package/dist/rail/userSessionManager.js +87 -0
package/dist/rail/userSessionManager.js.map +1 -0
package/dist/rail/wsServer.d.ts +39 -0
package/dist/rail/wsServer.d.ts.map +1 -0
package/dist/rail/wsServer.js +544 -0
package/dist/rail/wsServer.js.map +1 -0
package/dist/resonance/globalKuramoto.d.ts +67 -0
package/dist/resonance/globalKuramoto.d.ts.map +1 -0
package/dist/resonance/globalKuramoto.js +161 -0
package/dist/resonance/globalKuramoto.js.map +1 -0
package/dist/resonance/index.d.ts +12 -0
package/dist/resonance/index.d.ts.map +1 -0
package/dist/resonance/index.js +9 -0
package/dist/resonance/index.js.map +1 -0
package/dist/resonance/kuramoto.d.ts +118 -0
package/dist/resonance/kuramoto.d.ts.map +1 -0
package/dist/resonance/kuramoto.js +212 -0
package/dist/resonance/kuramoto.js.map +1 -0
package/dist/routing/distributedRouter.d.ts +84 -0
package/dist/routing/distributedRouter.d.ts.map +1 -0
package/dist/routing/distributedRouter.js +209 -0
package/dist/routing/distributedRouter.js.map +1 -0
package/dist/routing/index.d.ts +8 -0
package/dist/routing/index.d.ts.map +1 -0
package/dist/routing/index.js +7 -0
package/dist/routing/index.js.map +1 -0
package/dist/routing/thermodynamic.d.ts +91 -0
package/dist/routing/thermodynamic.d.ts.map +1 -0
package/dist/routing/thermodynamic.js +184 -0
package/dist/routing/thermodynamic.js.map +1 -0
package/dist/runtime/agent-zero.d.ts +138 -0
package/dist/runtime/agent-zero.d.ts.map +1 -0
package/dist/runtime/agent-zero.js +435 -0
package/dist/runtime/agent-zero.js.map +1 -0
package/dist/runtime/index.d.ts +13 -0
package/dist/runtime/index.d.ts.map +1 -0
package/dist/runtime/index.js +15 -0
package/dist/runtime/index.js.map +1 -0
package/dist/security/capabilities.d.ts +178 -0
package/dist/security/capabilities.d.ts.map +1 -0
package/dist/security/capabilities.js +270 -0
package/dist/security/capabilities.js.map +1 -0
package/dist/security/channelFirewallMiddleware.d.ts +22 -0
package/dist/security/channelFirewallMiddleware.d.ts.map +1 -0
package/dist/security/channelFirewallMiddleware.js +52 -0
package/dist/security/channelFirewallMiddleware.js.map +1 -0
package/dist/security/index.d.ts +11 -0
package/dist/security/index.d.ts.map +1 -0
package/dist/security/index.js +11 -0
package/dist/security/index.js.map +1 -0
package/dist/security/injectionFirewall.d.ts +47 -0
package/dist/security/injectionFirewall.d.ts.map +1 -0
package/dist/security/injectionFirewall.js +262 -0
package/dist/security/injectionFirewall.js.map +1 -0
package/dist/security/outputSanitizer.d.ts +28 -0
package/dist/security/outputSanitizer.d.ts.map +1 -0
package/dist/security/outputSanitizer.js +66 -0
package/dist/security/outputSanitizer.js.map +1 -0
package/dist/security/sandbox.d.ts +192 -0
package/dist/security/sandbox.d.ts.map +1 -0
package/dist/security/sandbox.js +359 -0
package/dist/security/sandbox.js.map +1 -0
package/dist/security/skillVerify.d.ts +128 -0
package/dist/security/skillVerify.d.ts.map +1 -0
package/dist/security/skillVerify.js +220 -0
package/dist/security/skillVerify.js.map +1 -0
package/dist/security/vault.d.ts +60 -0
package/dist/security/vault.d.ts.map +1 -0
package/dist/security/vault.js +522 -0
package/dist/security/vault.js.map +1 -0
package/dist/utils/persistentRateLimiter.d.ts +69 -0
package/dist/utils/persistentRateLimiter.d.ts.map +1 -0
package/dist/utils/persistentRateLimiter.js +128 -0
package/dist/utils/persistentRateLimiter.js.map +1 -0
package/package.json +95 -0

package/dist/security/injectionFirewall.js ADDED Viewed

@@ -0,0 +1,262 @@
+import { z } from 'zod';
+// Schemas
+export const ParanoiaLevel = z.enum(['relaxed', 'standard', 'paranoid']);
+export const MessageOrigin = z.enum([
+    'human-direct',
+    'forwarded',
+    'channel-bridged',
+    'agent-to-agent',
+    'unknown',
+]);
+export const FirewallVerdict = z.object({
+    safe: z.boolean(),
+    score: z.number().min(0).max(1),
+    threats: z.array(z.string()),
+    origin: MessageOrigin,
+    quarantined: z.boolean(),
+});
+// Pattern definitions
+const INSTRUCTION_PATTERNS = [
+    /ignore\s+(previous|all|earlier|your)\s+(instruction|prompt|rule|command)/gi,
+    /disregard\s+(previous|all|earlier|your)\s+(instruction|prompt|rule|command)/gi,
+    /you\s+are\s+now\s+(a|an|the)/gi,
+    /pretend\s+(you|to\s+be|that\s+you)/gi,
+    /act\s+as\s+(if|a|an|the)/gi,
+    /system\s+prompt/gi,
+    /admin\s+override/gi,
+    /developer\s+mode/gi,
+    /jailbreak/gi,
+    /\bDAN\b/g,
+    /do\s+anything\s+now/gi,
+    /bypass\s+(restriction|filter|safety)/gi,
+    /forget\s+(your|all)\s+(instruction|rule|training)/gi,
+];
+const ENCODING_PATTERNS = [
+    /\b[A-Za-z]{13}\b.*\b[A-Za-z]{13}\b/g, // ROT13-like patterns
+    /[A-Za-z0-9+/]{20,}={0,2}/g, // Base64-like strings
+    /(?:0x)?[0-9a-fA-F]{40,}/g, // Hex-encoded strings
+    /\\u[0-9a-fA-F]{4}/g, // Unicode escape sequences
+];
+const DELAYED_INJECTION = [
+    /remember\s+this\s+for\s+later/gi,
+    /when\s+I\s+say\s+\w+\s+(?:do|execute|run)/gi,
+    /on\s+the\s+next\s+message/gi,
+    /after\s+this\s+(?:message|conversation)/gi,
+    /store\s+this\s+(?:instruction|command)/gi,
+];
+const EXFILTRATION_PATTERNS = [
+    /send\s+(?:this\s+)?to\s+\S+@\S+/gi,
+    /forward\s+(?:this\s+)?to/gi,
+    /email\s+this\s+to/gi,
+    /post\s+this\s+to/gi,
+    /upload\s+(?:this\s+)?to/gi,
+    /transmit\s+to/gi,
+];
+const AUTHORITY_PATTERNS = [
+    /I\s+am\s+(?:the\s+)?admin/gi,
+    /authorized\s+by/gi,
+    /emergency\s+override/gi,
+    /root\s+access/gi,
+    /sudo\s+mode/gi,
+    /privileged\s+access/gi,
+    /admin\s+credentials/gi,
+];
+const PARANOIA_WEIGHTS = {
+    relaxed: {
+        instruction: 0.15,
+        encoding: 0,
+        delayed: 0,
+        exfiltration: 0,
+        authority: 0,
+        entropy: 0,
+        length: 0,
+    },
+    standard: {
+        instruction: 0.2,
+        encoding: 0.15,
+        delayed: 0.15,
+        exfiltration: 0.2,
+        authority: 0.2,
+        entropy: 0,
+        length: 0,
+    },
+    paranoid: {
+        instruction: 0.25,
+        encoding: 0.2,
+        delayed: 0.2,
+        exfiltration: 0.25,
+        authority: 0.25,
+        entropy: 0.15,
+        length: 0.1,
+    },
+};
+const PARANOIA_THRESHOLDS = {
+    relaxed: 0.7,
+    standard: 0.5,
+    paranoid: 0.3,
+};
+export class InjectionFirewall {
+    level;
+    stats = { scanned: 0, blocked: 0, quarantined: 0 };
+    constructor(level = 'standard') {
+        this.level = level;
+    }
+    scan(content, origin) {
+        this.stats.scanned++;
+        const threats = [];
+        let score = 0;
+        const weights = PARANOIA_WEIGHTS[this.level];
+        // Instruction pattern detection
+        for (const pattern of INSTRUCTION_PATTERNS) {
+            const matches = content.match(pattern);
+            if (matches) {
+                score += weights.instruction * matches.length;
+                threats.push(`instruction-override: ${matches[0]}`);
+            }
+        }
+        // Encoding pattern detection (standard+)
+        if (this.level !== 'relaxed') {
+            for (const pattern of ENCODING_PATTERNS) {
+                const matches = content.match(pattern);
+                if (matches) {
+                    for (const match of matches) {
+                        if (this.isLikelyEncoded(match)) {
+                            score += weights.encoding;
+                            threats.push(`encoded-content: ${match.substring(0, 20)}...`);
+                        }
+                    }
+                }
+            }
+            // Delayed injection
+            for (const pattern of DELAYED_INJECTION) {
+                const matches = content.match(pattern);
+                if (matches) {
+                    score += weights.delayed * matches.length;
+                    threats.push(`delayed-injection: ${matches[0]}`);
+                }
+            }
+            // Exfiltration
+            for (const pattern of EXFILTRATION_PATTERNS) {
+                const matches = content.match(pattern);
+                if (matches) {
+                    score += weights.exfiltration * matches.length;
+                    threats.push(`exfiltration-attempt: ${matches[0]}`);
+                }
+            }
+            // Authority claims
+            for (const pattern of AUTHORITY_PATTERNS) {
+                const matches = content.match(pattern);
+                if (matches) {
+                    score += weights.authority * matches.length;
+                    threats.push(`authority-claim: ${matches[0]}`);
+                }
+            }
+        }
+        // Paranoid-only checks
+        if (this.level === 'paranoid') {
+            const entropy = this.calculateEntropy(content);
+            if (entropy > 4.5) {
+                score += weights.entropy;
+                threats.push(`high-entropy: ${entropy.toFixed(2)}`);
+            }
+            if (content.length > 5000) {
+                score += weights.length;
+                threats.push(`excessive-length: ${content.length}`);
+            }
+        }
+        score = Math.min(score, 1);
+        const threshold = PARANOIA_THRESHOLDS[this.level];
+        const safe = score < threshold;
+        if (!safe) {
+            this.stats.blocked++;
+        }
+        return {
+            safe,
+            score,
+            threats,
+            origin,
+            quarantined: false,
+        };
+    }
+    scanBatch(messages) {
+        return messages.map(msg => this.scan(msg.content, msg.origin));
+    }
+    quarantine(content) {
+        this.stats.quarantined++;
+        let sanitized = content;
+        // Redact instruction patterns
+        for (const pattern of INSTRUCTION_PATTERNS) {
+            sanitized = sanitized.replace(pattern, '[REDACTED-INSTRUCTION]');
+        }
+        // Redact encoding patterns
+        for (const pattern of ENCODING_PATTERNS) {
+            sanitized = sanitized.replace(pattern, (match) => {
+                if (this.isLikelyEncoded(match)) {
+                    return '[REDACTED-ENCODED]';
+                }
+                return match;
+            });
+        }
+        // Redact other threat patterns
+        for (const pattern of [...DELAYED_INJECTION, ...EXFILTRATION_PATTERNS, ...AUTHORITY_PATTERNS]) {
+            sanitized = sanitized.replace(pattern, '[REDACTED-THREAT]');
+        }
+        return sanitized;
+    }
+    setLevel(level) {
+        this.level = level;
+    }
+    getStats() {
+        return { ...this.stats };
+    }
+    isLikelyEncoded(text) {
+        if (text.length < 20)
+            return false;
+        // Check for base64
+        if (/^[A-Za-z0-9+/]+=*$/.test(text)) {
+            try {
+                const decoded = Buffer.from(text, 'base64').toString('utf-8');
+                if (this.containsSuspiciousKeywords(decoded)) {
+                    return true;
+                }
+            }
+            catch {
+                // Not valid base64
+            }
+        }
+        // Check for hex
+        if (/^(?:0x)?[0-9a-fA-F]+$/.test(text)) {
+            try {
+                const decoded = Buffer.from(text.replace(/^0x/, ''), 'hex').toString('utf-8');
+                if (this.containsSuspiciousKeywords(decoded)) {
+                    return true;
+                }
+            }
+            catch {
+                // Not valid hex
+            }
+        }
+        return false;
+    }
+    containsSuspiciousKeywords(text) {
+        const keywords = ['ignore', 'override', 'admin', 'system', 'jailbreak', 'execute', 'bypass'];
+        return keywords.some(kw => text.toLowerCase().includes(kw));
+    }
+    calculateEntropy(text) {
+        const freq = {};
+        for (const char of text) {
+            freq[char] = (freq[char] || 0) + 1;
+        }
+        let entropy = 0;
+        const len = text.length;
+        for (const count of Object.values(freq)) {
+            const p = count / len;
+            entropy -= p * Math.log2(p);
+        }
+        return entropy;
+    }
+}
+export function createFirewall(level = 'standard') {
+    return new InjectionFirewall(level);
+}
+//# sourceMappingURL=injectionFirewall.js.map

package/dist/security/injectionFirewall.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"injectionFirewall.js","sourceRoot":"","sources":["../../src/security/injectionFirewall.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,UAAU;AACV,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;AAGzE,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,IAAI,CAAC;IAClC,cAAc;IACd,WAAW;IACX,iBAAiB;IACjB,gBAAgB;IAChB,SAAS;CACV,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE;IACjB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/B,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAC5B,MAAM,EAAE,aAAa;IACrB,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE;CACzB,CAAC,CAAC;AAGH,sBAAsB;AACtB,MAAM,oBAAoB,GAAa;IACrC,4EAA4E;IAC5E,+EAA+E;IAC/E,gCAAgC;IAChC,sCAAsC;IACtC,4BAA4B;IAC5B,mBAAmB;IACnB,oBAAoB;IACpB,oBAAoB;IACpB,aAAa;IACb,UAAU;IACV,uBAAuB;IACvB,wCAAwC;IACxC,qDAAqD;CACtD,CAAC;AAEF,MAAM,iBAAiB,GAAa;IAClC,qCAAqC,EAAE,sBAAsB;IAC7D,2BAA2B,EAAE,sBAAsB;IACnD,0BAA0B,EAAE,sBAAsB;IAClD,oBAAoB,EAAE,2BAA2B;CAClD,CAAC;AAEF,MAAM,iBAAiB,GAAa;IAClC,iCAAiC;IACjC,6CAA6C;IAC7C,6BAA6B;IAC7B,2CAA2C;IAC3C,0CAA0C;CAC3C,CAAC;AAEF,MAAM,qBAAqB,GAAa;IACtC,mCAAmC;IACnC,4BAA4B;IAC5B,qBAAqB;IACrB,oBAAoB;IACpB,2BAA2B;IAC3B,iBAAiB;CAClB,CAAC;AAEF,MAAM,kBAAkB,GAAa;IACnC,6BAA6B;IAC7B,mBAAmB;IACnB,wBAAwB;IACxB,iBAAiB;IACjB,eAAe;IACf,uBAAuB;IACvB,uBAAuB;CACxB,CAAC;AAYF,MAAM,gBAAgB,GAA0C;IAC9D,OAAO,EAAE;QACP,WAAW,EAAE,IAAI;QACjB,QAAQ,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;QACV,YAAY,EAAE,CAAC;QACf,SAAS,EAAE,CAAC;QACZ,OAAO,EAAE,CAAC;QACV,MAAM,EAAE,CAAC;KACV;IACD,QAAQ,EAAE;QACR,WAAW,EAAE,GAAG;QAChB,QAAQ,EAAE,IAAI;QACd,OAAO,EAAE,IAAI;QACb,YAAY,EAAE,GAAG;QACjB,SAAS,EAAE,GAAG;QACd,OAAO,EAAE,CAAC;QACV,MAAM,EAAE,CAAC;KACV;IACD,QAAQ,EAAE;QACR,WAAW,EAAE,IAAI;QACjB,QAAQ,EAAE,GAAG;QACb,OAAO,EAAE,GAAG;QACZ,YAAY,EAAE,IAAI;QAClB,SAAS,EAAE,IAAI;QACf,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,GAAG;KACZ;CACF,CAAC;AAEF,MAAM,mBAAmB,GAAkC;IACzD,OAAO,EAAE,GAAG;IACZ,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;CACd,CAAC;AAEF,MAAM,OAAO,iBAAiB;IACpB,KAAK,CAAgB;IACrB,KAAK,GAAG,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC;IAE3D,YAAY,QAAuB,UAAU;QAC3C,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,IAAI,CAAC,OAAe,EAAE,MAAqB;QACzC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;QAErB,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAE7C,gCAAgC;QAChC,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;YAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACvC,IAAI,OAAO,EAAE,CAAC;gBACZ,KAAK,IAAI,OAAO,CAAC,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC;gBAC9C,OAAO,CAAC,IAAI,CAAC,yBAAyB,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;QAED,yCAAyC;QACzC,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;YAC7B,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;gBACxC,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvC,IAAI,OAAO,EAAE,CAAC;oBACZ,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;wBAC5B,IAAI,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;4BAChC,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC;4BAC1B,OAAO,CAAC,IAAI,CAAC,oBAAoB,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;wBAChE,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,oBAAoB;YACpB,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;gBACxC,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvC,IAAI,OAAO,EAAE,CAAC;oBACZ,KAAK,IAAI,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;oBAC1C,OAAO,CAAC,IAAI,CAAC,sBAAsB,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACnD,CAAC;YACH,CAAC;YAED,eAAe;YACf,KAAK,MAAM,OAAO,IAAI,qBAAqB,EAAE,CAAC;gBAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvC,IAAI,OAAO,EAAE,CAAC;oBACZ,KAAK,IAAI,OAAO,CAAC,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC;oBAC/C,OAAO,CAAC,IAAI,CAAC,yBAAyB,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAED,mBAAmB;YACnB,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;gBACzC,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvC,IAAI,OAAO,EAAE,CAAC;oBACZ,KAAK,IAAI,OAAO,CAAC,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC;oBAC5C,OAAO,CAAC,IAAI,CAAC,oBAAoB,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,IAAI,IAAI,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC/C,IAAI,OAAO,GAAG,GAAG,EAAE,CAAC;gBAClB,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;gBACzB,OAAO,CAAC,IAAI,CAAC,iBAAiB,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACtD,CAAC;YAED,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;gBAC1B,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC;gBACxB,OAAO,CAAC,IAAI,CAAC,qBAAqB,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YACtD,CAAC;QACH,CAAC;QAED,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC3B,MAAM,SAAS,GAAG,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,IAAI,GAAG,KAAK,GAAG,SAAS,CAAC;QAE/B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;QACvB,CAAC;QAED,OAAO;YACL,IAAI;YACJ,KAAK;YACL,OAAO;YACP,MAAM;YACN,WAAW,EAAE,KAAK;SACnB,CAAC;IACJ,CAAC;IAED,SAAS,CAAC,QAA2D;QACnE,OAAO,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;IACjE,CAAC;IAED,UAAU,CAAC,OAAe;QACxB,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;QAEzB,IAAI,SAAS,GAAG,OAAO,CAAC;QAExB,8BAA8B;QAC9B,KAAK,MAAM,OAAO,IAAI,oBAAoB,EAAE,CAAC;YAC3C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,wBAAwB,CAAC,CAAC;QACnE,CAAC;QAED,2BAA2B;QAC3B,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;YACxC,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBAC/C,IAAI,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;oBAChC,OAAO,oBAAoB,CAAC;gBAC9B,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC,CAAC,CAAC;QACL,CAAC;QAED,+BAA+B;QAC/B,KAAK,MAAM,OAAO,IAAI,CAAC,GAAG,iBAAiB,EAAE,GAAG,qBAAqB,EAAE,GAAG,kBAAkB,CAAC,EAAE,CAAC;YAC9F,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,QAAQ,CAAC,KAAoB;QAC3B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAED,QAAQ;QACN,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;IAC3B,CAAC;IAEO,eAAe,CAAC,IAAY;QAClC,IAAI,IAAI,CAAC,MAAM,GAAG,EAAE;YAAE,OAAO,KAAK,CAAC;QAEnC,mBAAmB;QACnB,IAAI,oBAAoB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAC9D,IAAI,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC7C,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,mBAAmB;YACrB,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,IAAI,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAC9E,IAAI,IAAI,CAAC,0BAA0B,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC7C,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,gBAAgB;YAClB,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,0BAA0B,CAAC,IAAY;QAC7C,MAAM,QAAQ,GAAG,CAAC,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;QAC7F,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9D,CAAC;IAEO,gBAAgB,CAAC,IAAY;QACnC,MAAM,IAAI,GAA2B,EAAE,CAAC;QACxC,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;YACxB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QACrC,CAAC;QAED,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC;QACxB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,CAAC,GAAG,KAAK,GAAG,GAAG,CAAC;YACtB,OAAO,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;CACF;AAED,MAAM,UAAU,cAAc,CAAC,QAAuB,UAAU;IAC9D,OAAO,IAAI,iBAAiB,CAAC,KAAK,CAAC,CAAC;AACtC,CAAC"}

package/dist/security/outputSanitizer.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * Output Sanitizer
+ *
+ * Sanitizes agent outputs to prevent XSS, injection attacks, and malicious content
+ * in HTML, Markdown, and plain text outputs.
+ */
+/**
+ * Escape HTML entities to prevent XSS attacks.
+ */
+export declare function escapeHtml(input: string): string;
+/**
+ * Sanitize Markdown content by stripping dangerous elements.
+ * Removes script tags, event handlers, javascript: and data: URLs, and embedded objects.
+ */
+export declare function sanitizeMarkdown(input: string): string;
+/**
+ * Validate that a URL uses a safe protocol (http or https).
+ */
+export declare function isSafeUrl(url: string): boolean;
+/**
+ * Sanitize output content based on format.
+ *
+ * @param content - The content to sanitize
+ * @param format - Output format: 'html', 'markdown', or 'plain'
+ * @returns Sanitized content safe for the specified format
+ */
+export declare function sanitizeOutput(content: string, format?: 'html' | 'markdown' | 'plain'): string;
+//# sourceMappingURL=outputSanitizer.d.ts.map

package/dist/security/outputSanitizer.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"outputSanitizer.d.ts","sourceRoot":"","sources":["../../src/security/outputSanitizer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAUH;;GAEG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAiBtD;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAO9C;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,MAAM,GAAE,MAAM,GAAG,UAAU,GAAG,OAAiB,GAC9C,MAAM,CASR"}

package/dist/security/outputSanitizer.js ADDED Viewed

@@ -0,0 +1,66 @@
+/**
+ * Output Sanitizer
+ *
+ * Sanitizes agent outputs to prevent XSS, injection attacks, and malicious content
+ * in HTML, Markdown, and plain text outputs.
+ */
+const HTML_ENTITIES = {
+    '&': '&amp;',
+    '<': '&lt;',
+    '>': '&gt;',
+    '"': '&quot;',
+    "'": '&#x27;',
+};
+/**
+ * Escape HTML entities to prevent XSS attacks.
+ */
+export function escapeHtml(input) {
+    return input.replace(/[&<>"']/g, ch => HTML_ENTITIES[ch]);
+}
+/**
+ * Sanitize Markdown content by stripping dangerous elements.
+ * Removes script tags, event handlers, javascript: and data: URLs, and embedded objects.
+ */
+export function sanitizeMarkdown(input) {
+    let result = input;
+    // Strip script tags
+    result = result.replace(/<script\b[^>]*>[\s\S]*?<\/script>/gi, '');
+    // Strip event handlers (onclick, onload, etc.)
+    result = result.replace(/\bon\w+\s*=\s*["'][^"']*["']/gi, '');
+    // Strip javascript: and data: URLs
+    result = result.replace(/\b(javascript|data)\s*:/gi, 'blocked:');
+    // Strip iframe/object/embed tags (both paired and self-closing)
+    result = result.replace(/<(iframe|object|embed)\b[^>]*>[\s\S]*?<\/\1>/gi, '');
+    result = result.replace(/<(iframe|object|embed)\b[^>]*\/?>/gi, '');
+    return result;
+}
+/**
+ * Validate that a URL uses a safe protocol (http or https).
+ */
+export function isSafeUrl(url) {
+    try {
+        const parsed = new URL(url);
+        return ['http:', 'https:'].includes(parsed.protocol);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Sanitize output content based on format.
+ *
+ * @param content - The content to sanitize
+ * @param format - Output format: 'html', 'markdown', or 'plain'
+ * @returns Sanitized content safe for the specified format
+ */
+export function sanitizeOutput(content, format = 'plain') {
+    switch (format) {
+        case 'html':
+            return escapeHtml(content);
+        case 'markdown':
+            return sanitizeMarkdown(content);
+        case 'plain':
+            return sanitizeMarkdown(escapeHtml(content));
+    }
+}
+//# sourceMappingURL=outputSanitizer.js.map

package/dist/security/outputSanitizer.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"outputSanitizer.js","sourceRoot":"","sources":["../../src/security/outputSanitizer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,aAAa,GAA2B;IAC5C,GAAG,EAAE,OAAO;IACZ,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,QAAQ;CACd,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,KAAa;IACtC,OAAO,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAa;IAC5C,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,oBAAoB;IACpB,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,qCAAqC,EAAE,EAAE,CAAC,CAAC;IAEnE,+CAA+C;IAC/C,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,gCAAgC,EAAE,EAAE,CAAC,CAAC;IAE9D,mCAAmC;IACnC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,2BAA2B,EAAE,UAAU,CAAC,CAAC;IAEjE,gEAAgE;IAChE,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,gDAAgD,EAAE,EAAE,CAAC,CAAC;IAC9E,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,qCAAqC,EAAE,EAAE,CAAC,CAAC;IAEnE,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,GAAW;IACnC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAC5B,OAAe,EACf,SAAwC,OAAO;IAE/C,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,MAAM;YACT,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;QAC7B,KAAK,UAAU;YACb,OAAO,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACnC,KAAK,OAAO;YACV,OAAO,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;IACjD,CAAC;AACH,CAAC"}

package/dist/security/sandbox.d.ts ADDED Viewed

@@ -0,0 +1,192 @@
+/**
+ * Isomorphic Security Sandbox
+ *
+ * Implements capability-based security for Agent Zero.
+ * Addresses OpenClaw's critical security gaps:
+ * - Plaintext credential storage → Capability tokens with scoped access
+ * - Unauthenticated instances → Mandatory capability validation
+ * - Prompt injection → Semantic boundary enforcement
+ * - No directory sandboxing → Isomorphic containment
+ *
+ * Security Model:
+ * - Capabilities are unforgeable tokens that grant specific access
+ * - No ambient authority - everything requires explicit capability
+ * - Attenuation: derived capabilities can only be more restrictive
+ * - Revocation: capabilities can be invalidated at any time
+ */
+import { z } from 'zod';
+export declare const CapabilityScope: z.ZodEnum<["read", "write", "execute", "network", "memory", "spawn", "broadcast", "admin"]>;
+export type CapabilityScope = z.infer<typeof CapabilityScope>;
+export declare const ResourcePattern: z.ZodObject<{
+    /** Glob-style pattern for matching resources */
+    pattern: z.ZodString;
+    /** Whether this is an allow or deny pattern */
+    type: z.ZodEnum<["allow", "deny"]>;
+}, "strip", z.ZodTypeAny, {
+    type: "allow" | "deny";
+    pattern: string;
+}, {
+    type: "allow" | "deny";
+    pattern: string;
+}>;
+export type ResourcePattern = z.infer<typeof ResourcePattern>;
+export declare const Capability: z.ZodObject<{
+    /** Unique capability token */
+    token: z.ZodString;
+    /** Scopes granted by this capability */
+    scopes: z.ZodArray<z.ZodEnum<["read", "write", "execute", "network", "memory", "spawn", "broadcast", "admin"]>, "many">;
+    /** Resource patterns this capability applies to */
+    resources: z.ZodArray<z.ZodObject<{
+        /** Glob-style pattern for matching resources */
+        pattern: z.ZodString;
+        /** Whether this is an allow or deny pattern */
+        type: z.ZodEnum<["allow", "deny"]>;
+    }, "strip", z.ZodTypeAny, {
+        type: "allow" | "deny";
+        pattern: string;
+    }, {
+        type: "allow" | "deny";
+        pattern: string;
+    }>, "many">;
+    /** Parent capability token (for attenuation chain) */
+    parent: z.ZodNullable<z.ZodString>;
+    /** Expiration timestamp (null = never expires) */
+    expiresAt: z.ZodNullable<z.ZodNumber>;
+    /** Whether this capability has been revoked */
+    revoked: z.ZodBoolean;
+    /** Metadata for auditing */
+    metadata: z.ZodObject<{
+        createdAt: z.ZodNumber;
+        createdBy: z.ZodString;
+        reason: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        createdAt: number;
+        createdBy: string;
+        reason: string;
+    }, {
+        createdAt: number;
+        createdBy: string;
+        reason: string;
+    }>;
+}, "strip", z.ZodTypeAny, {
+    token: string;
+    scopes: ("memory" | "spawn" | "broadcast" | "read" | "write" | "execute" | "network" | "admin")[];
+    resources: {
+        type: "allow" | "deny";
+        pattern: string;
+    }[];
+    parent: string | null;
+    expiresAt: number | null;
+    revoked: boolean;
+    metadata: {
+        createdAt: number;
+        createdBy: string;
+        reason: string;
+    };
+}, {
+    token: string;
+    scopes: ("memory" | "spawn" | "broadcast" | "read" | "write" | "execute" | "network" | "admin")[];
+    resources: {
+        type: "allow" | "deny";
+        pattern: string;
+    }[];
+    parent: string | null;
+    expiresAt: number | null;
+    revoked: boolean;
+    metadata: {
+        createdAt: number;
+        createdBy: string;
+        reason: string;
+    };
+}>;
+export type Capability = z.infer<typeof Capability>;
+export declare const BoundaryViolation: z.ZodObject<{
+    type: z.ZodEnum<["scope_denied", "resource_denied", "capability_expired", "capability_revoked", "injection_detected", "boundary_crossed"]>;
+    message: z.ZodString;
+    capability: z.ZodOptional<z.ZodString>;
+    resource: z.ZodOptional<z.ZodString>;
+    timestamp: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    message: string;
+    type: "scope_denied" | "resource_denied" | "capability_expired" | "capability_revoked" | "injection_detected" | "boundary_crossed";
+    timestamp: number;
+    capability?: string | undefined;
+    resource?: string | undefined;
+}, {
+    message: string;
+    type: "scope_denied" | "resource_denied" | "capability_expired" | "capability_revoked" | "injection_detected" | "boundary_crossed";
+    timestamp: number;
+    capability?: string | undefined;
+    resource?: string | undefined;
+}>;
+export type BoundaryViolation = z.infer<typeof BoundaryViolation>;
+/**
+ * Check if content contains injection attempts
+ */
+export declare function detectInjection(content: string): boolean;
+/**
+ * Generate a cryptographically secure capability token
+ */
+export declare function generateCapabilityToken(): string;
+/**
+ * Hash a capability token for storage
+ */
+export declare function hashCapabilityToken(token: string): string;
+export declare class IsomorphicSandbox {
+    private capabilities;
+    private violations;
+    private rootCapability;
+    constructor();
+    /**
+     * Create the root capability (admin only)
+     */
+    private createRootCapability;
+    /**
+     * Get the root capability token (for initial setup only)
+     */
+    getRootToken(): string;
+    /**
+     * Attenuate a capability to create a more restricted child
+     */
+    attenuate(parentToken: string, options: {
+        scopes: CapabilityScope[];
+        resources: ResourcePattern[];
+        expiresAt?: number;
+        reason: string;
+    }): Capability | null;
+    /**
+     * Check if a capability is valid (not expired, not revoked, ancestors valid)
+     */
+    isValid(token: string): boolean;
+    /**
+     * Check if a capability grants a specific scope for a resource
+     */
+    check(token: string, scope: CapabilityScope, resource: string): {
+        allowed: boolean;
+        violation?: BoundaryViolation;
+    };
+    /**
+     * Check content for injection attempts
+     */
+    checkInjection(content: string): {
+        safe: boolean;
+        violation?: BoundaryViolation;
+    };
+    /**
+     * Revoke a capability and all its descendants
+     */
+    revoke(token: string): void;
+    /**
+     * Get violation history
+     */
+    getViolations(): BoundaryViolation[];
+    /**
+     * Clear violation history
+     */
+    clearViolations(): void;
+    /**
+     * Glob-style pattern matching
+     */
+    private matchPattern;
+}
+//# sourceMappingURL=sandbox.d.ts.map

package/dist/security/sandbox.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../src/security/sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAOxB,eAAO,MAAM,eAAe,6FAS1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,eAAO,MAAM,eAAe;IAC1B,gDAAgD;;IAEhD,+CAA+C;;;;;;;;EAE/C,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,eAAO,MAAM,UAAU;IACrB,8BAA8B;;IAE9B,wCAAwC;;IAExC,mDAAmD;;QAZnD,gDAAgD;;QAEhD,+CAA+C;;;;;;;;;IAY/C,sDAAsD;;IAEtD,kDAAkD;;IAElD,+CAA+C;;IAE/C,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAM5B,CAAC;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAMpD,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;EAa5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AA2BlE;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAOxD;AAED;;GAEG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,CAGhD;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEzD;AAMD,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,YAAY,CAAsC;IAC1D,OAAO,CAAC,UAAU,CAA2B;IAC7C,OAAO,CAAC,cAAc,CAAa;;IAQnC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAgB5B;;OAEG;IACH,YAAY,IAAI,MAAM;IAItB;;OAEG;IACH,SAAS,CACP,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE;QACP,MAAM,EAAE,eAAe,EAAE,CAAC;QAC1B,SAAS,EAAE,eAAe,EAAE,CAAC;QAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC;KAChB,GACA,UAAU,GAAG,IAAI;IA8BpB;;OAEG;IACH,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAc/B;;OAEG;IACH,KAAK,CACH,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,eAAe,EACtB,QAAQ,EAAE,MAAM,GACf;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,iBAAiB,CAAA;KAAE;IAsGtD;;OAEG;IACH,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,SAAS,CAAC,EAAE,iBAAiB,CAAA;KAAE;IAajF;;OAEG;IACH,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAc3B;;OAEG;IACH,aAAa,IAAI,iBAAiB,EAAE;IAIpC;;OAEG;IACH,eAAe,IAAI,IAAI;IAIvB;;OAEG;IACH,OAAO,CAAC,YAAY;CAWrB"}