@terminals-tech/agent-zero 1.0.0

package/dist/security/sandbox.js

@@ -0,0 +1,359 @@
+/**
+ * Isomorphic Security Sandbox
+ *
+ * Implements capability-based security for Agent Zero.
+ * Addresses OpenClaw's critical security gaps:
+ * - Plaintext credential storage → Capability tokens with scoped access
+ * - Unauthenticated instances → Mandatory capability validation
+ * - Prompt injection → Semantic boundary enforcement
+ * - No directory sandboxing → Isomorphic containment
+ *
+ * Security Model:
+ * - Capabilities are unforgeable tokens that grant specific access
+ * - No ambient authority - everything requires explicit capability
+ * - Attenuation: derived capabilities can only be more restrictive
+ * - Revocation: capabilities can be invalidated at any time
+ */
+import { z } from 'zod';
+import { createHash, randomBytes } from 'crypto';
+// ============================================================================
+// CAPABILITY DEFINITIONS
+// ============================================================================
+export const CapabilityScope = z.enum([
+    'read', // Read-only access
+    'write', // Write access
+    'execute', // Execute commands
+    'network', // Network access
+    'memory', // Semantic memory access
+    'spawn', // Spawn child agents
+    'broadcast', // Send to channels
+    'admin', // Administrative actions
+]);
+export const ResourcePattern = z.object({
+    /** Glob-style pattern for matching resources */
+    pattern: z.string(),
+    /** Whether this is an allow or deny pattern */
+    type: z.enum(['allow', 'deny']),
+});
+export const Capability = z.object({
+    /** Unique capability token */
+    token: z.string(),
+    /** Scopes granted by this capability */
+    scopes: z.array(CapabilityScope),
+    /** Resource patterns this capability applies to */
+    resources: z.array(ResourcePattern),
+    /** Parent capability token (for attenuation chain) */
+    parent: z.string().nullable(),
+    /** Expiration timestamp (null = never expires) */
+    expiresAt: z.number().nullable(),
+    /** Whether this capability has been revoked */
+    revoked: z.boolean(),
+    /** Metadata for auditing */
+    metadata: z.object({
+        createdAt: z.number(),
+        createdBy: z.string(),
+        reason: z.string(),
+    }),
+});
+// ============================================================================
+// SECURITY BOUNDARY
+// ============================================================================
+export const BoundaryViolation = z.object({
+    type: z.enum([
+        'scope_denied',
+        'resource_denied',
+        'capability_expired',
+        'capability_revoked',
+        'injection_detected',
+        'boundary_crossed',
+    ]),
+    message: z.string(),
+    capability: z.string().optional(),
+    resource: z.string().optional(),
+    timestamp: z.number(),
+});
+// Injection patterns to detect and block
+const INJECTION_PATTERNS = [
+    // Prompt injection attempts
+    /ignore previous instructions/i,
+    /disregard (?:all )?(?:prior|previous) (?:instructions|context)/i,
+    /you are now/i,
+    /pretend you are/i,
+    /act as if/i,
+    /system prompt override/i,
+    /admin override/i,
+    /developer mode/i,
+    /jailbreak/i,
+    // Code injection
+    /eval\s*\(/,
+    /new\s+Function\s*\(/,
+    /setTimeout\s*\([^,]*,/,
+    /setInterval\s*\([^,]*,/,
+    /__proto__/,
+    /constructor\s*\[/,
+    // Path traversal
+    /\.\.\//,
+    /%2e%2e%2f/i,
+    /%252e%252e%252f/i,
+];
+/**
+ * Check if content contains injection attempts
+ */
+export function detectInjection(content) {
+    for (const pattern of INJECTION_PATTERNS) {
+        if (pattern.test(content)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Generate a cryptographically secure capability token
+ */
+export function generateCapabilityToken() {
+    const bytes = randomBytes(32);
+    return bytes.toString('base64url');
+}
+/**
+ * Hash a capability token for storage
+ */
+export function hashCapabilityToken(token) {
+    return createHash('sha256').update(token).digest('hex');
+}
+// ============================================================================
+// SANDBOX CLASS
+// ============================================================================
+export class IsomorphicSandbox {
+    capabilities = new Map();
+    violations = [];
+    rootCapability;
+    constructor() {
+        // Create root capability with all permissions
+        this.rootCapability = this.createRootCapability();
+        this.capabilities.set(this.rootCapability.token, this.rootCapability);
+    }
+    /**
+     * Create the root capability (admin only)
+     */
+    createRootCapability() {
+        return {
+            token: generateCapabilityToken(),
+            scopes: Object.values(CapabilityScope.enum),
+            resources: [{ pattern: '**', type: 'allow' }],
+            parent: null,
+            expiresAt: null,
+            revoked: false,
+            metadata: {
+                createdAt: Date.now(),
+                createdBy: 'system',
+                reason: 'Root capability',
+            },
+        };
+    }
+    /**
+     * Get the root capability token (for initial setup only)
+     */
+    getRootToken() {
+        return this.rootCapability.token;
+    }
+    /**
+     * Attenuate a capability to create a more restricted child
+     */
+    attenuate(parentToken, options) {
+        const parent = this.capabilities.get(parentToken);
+        if (!parent)
+            return null;
+        // Validate parent is still valid
+        if (!this.isValid(parentToken))
+            return null;
+        // Attenuated scopes must be subset of parent scopes
+        const validScopes = options.scopes.filter(s => parent.scopes.includes(s));
+        if (validScopes.length === 0)
+            return null;
+        // Create attenuated capability
+        const child = {
+            token: generateCapabilityToken(),
+            scopes: validScopes,
+            resources: options.resources,
+            parent: parentToken,
+            expiresAt: options.expiresAt ?? null,
+            revoked: false,
+            metadata: {
+                createdAt: Date.now(),
+                createdBy: parentToken.slice(0, 8) + '...',
+                reason: options.reason,
+            },
+        };
+        this.capabilities.set(child.token, child);
+        return child;
+    }
+    /**
+     * Check if a capability is valid (not expired, not revoked, ancestors valid)
+     */
+    isValid(token) {
+        const cap = this.capabilities.get(token);
+        if (!cap)
+            return false;
+        if (cap.revoked)
+            return false;
+        if (cap.expiresAt && Date.now() > cap.expiresAt)
+            return false;
+        // Check ancestor chain
+        if (cap.parent) {
+            return this.isValid(cap.parent);
+        }
+        return true;
+    }
+    /**
+     * Check if a capability grants a specific scope for a resource
+     */
+    check(token, scope, resource) {
+        const cap = this.capabilities.get(token);
+        // Capability not found
+        if (!cap) {
+            const violation = {
+                type: 'capability_revoked',
+                message: 'Capability not found',
+                capability: token.slice(0, 8) + '...',
+                resource,
+                timestamp: Date.now(),
+            };
+            this.violations.push(violation);
+            return { allowed: false, violation };
+        }
+        // Capability revoked
+        if (cap.revoked) {
+            const violation = {
+                type: 'capability_revoked',
+                message: 'Capability has been revoked',
+                capability: token.slice(0, 8) + '...',
+                resource,
+                timestamp: Date.now(),
+            };
+            this.violations.push(violation);
+            return { allowed: false, violation };
+        }
+        // Capability expired
+        if (cap.expiresAt && Date.now() > cap.expiresAt) {
+            const violation = {
+                type: 'capability_expired',
+                message: 'Capability has expired',
+                capability: token.slice(0, 8) + '...',
+                resource,
+                timestamp: Date.now(),
+            };
+            this.violations.push(violation);
+            return { allowed: false, violation };
+        }
+        // Scope not granted
+        if (!cap.scopes.includes(scope)) {
+            const violation = {
+                type: 'scope_denied',
+                message: `Scope '${scope}' not granted by capability`,
+                capability: token.slice(0, 8) + '...',
+                resource,
+                timestamp: Date.now(),
+            };
+            this.violations.push(violation);
+            return { allowed: false, violation };
+        }
+        // Check resource patterns
+        let allowed = false;
+        for (const pattern of cap.resources) {
+            if (this.matchPattern(pattern.pattern, resource)) {
+                if (pattern.type === 'deny') {
+                    const violation = {
+                        type: 'resource_denied',
+                        message: `Resource '${resource}' denied by pattern '${pattern.pattern}'`,
+                        capability: token.slice(0, 8) + '...',
+                        resource,
+                        timestamp: Date.now(),
+                    };
+                    this.violations.push(violation);
+                    return { allowed: false, violation };
+                }
+                allowed = true;
+            }
+        }
+        if (!allowed) {
+            const violation = {
+                type: 'resource_denied',
+                message: `Resource '${resource}' not matched by any allow pattern`,
+                capability: token.slice(0, 8) + '...',
+                resource,
+                timestamp: Date.now(),
+            };
+            this.violations.push(violation);
+            return { allowed: false, violation };
+        }
+        // Check ancestor chain
+        if (cap.parent && !this.isValid(cap.parent)) {
+            const violation = {
+                type: 'capability_revoked',
+                message: 'Parent capability is no longer valid',
+                capability: token.slice(0, 8) + '...',
+                resource,
+                timestamp: Date.now(),
+            };
+            this.violations.push(violation);
+            return { allowed: false, violation };
+        }
+        return { allowed: true };
+    }
+    /**
+     * Check content for injection attempts
+     */
+    checkInjection(content) {
+        if (detectInjection(content)) {
+            const violation = {
+                type: 'injection_detected',
+                message: 'Potential injection attack detected in content',
+                timestamp: Date.now(),
+            };
+            this.violations.push(violation);
+            return { safe: false, violation };
+        }
+        return { safe: true };
+    }
+    /**
+     * Revoke a capability and all its descendants
+     */
+    revoke(token) {
+        const cap = this.capabilities.get(token);
+        if (cap) {
+            cap.revoked = true;
+            // Revoke all descendants
+            for (const [childToken, child] of this.capabilities) {
+                if (child.parent === token) {
+                    this.revoke(childToken);
+                }
+            }
+        }
+    }
+    /**
+     * Get violation history
+     */
+    getViolations() {
+        return [...this.violations];
+    }
+    /**
+     * Clear violation history
+     */
+    clearViolations() {
+        this.violations = [];
+    }
+    /**
+     * Glob-style pattern matching
+     */
+    matchPattern(pattern, resource) {
+        // Convert glob to regex
+        const regexPattern = pattern
+            .replace(/\*\*/g, '<<<GLOBSTAR>>>')
+            .replace(/\*/g, '[^/]*')
+            .replace(/<<<GLOBSTAR>>>/g, '.*')
+            .replace(/\?/g, '.');
+        const regex = new RegExp(`^${regexPattern}$`);
+        return regex.test(resource);
+    }
+}
+//# sourceMappingURL=sandbox.js.map

package/dist/security/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../src/security/sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAEjD,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,IAAI,CAAC;IACpC,MAAM,EAAS,mBAAmB;IAClC,OAAO,EAAQ,eAAe;IAC9B,SAAS,EAAM,mBAAmB;IAClC,SAAS,EAAM,iBAAiB;IAChC,QAAQ,EAAO,yBAAyB;IACxC,OAAO,EAAQ,qBAAqB;IACpC,WAAW,EAAI,mBAAmB;IAClC,OAAO,EAAQ,yBAAyB;CACzC,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,gDAAgD;IAChD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,+CAA+C;IAC/C,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;CAChC,CAAC,CAAC;AAGH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,8BAA8B;IAC9B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,wCAAwC;IACxC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC;IAChC,mDAAmD;IACnD,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC;IACnC,sDAAsD;IACtD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,kDAAkD;IAClD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,+CAA+C;IAC/C,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE;IACpB,4BAA4B;IAC5B,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;QACjB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;KACnB,CAAC;CACH,CAAC,CAAC;AAGH,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC;QACX,cAAc;QACd,iBAAiB;QACjB,oBAAoB;QACpB,oBAAoB;QACpB,oBAAoB;QACpB,kBAAkB;KACnB,CAAC;IACF,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;CACtB,CAAC,CAAC;AAGH,yCAAyC;AACzC,MAAM,kBAAkB,GAAG;IACzB,4BAA4B;IAC5B,+BAA+B;IAC/B,iEAAiE;IACjE,cAAc;IACd,kBAAkB;IAClB,YAAY;IACZ,yBAAyB;IACzB,iBAAiB;IACjB,iBAAiB;IACjB,YAAY;IACZ,iBAAiB;IACjB,WAAW;IACX,qBAAqB;IACrB,uBAAuB;IACvB,wBAAwB;IACxB,WAAW;IACX,kBAAkB;IAClB,iBAAiB;IACjB,QAAQ;IACR,YAAY;IACZ,kBAAkB;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC1D,CAAC;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,MAAM,OAAO,iBAAiB;IACpB,YAAY,GAA4B,IAAI,GAAG,EAAE,CAAC;IAClD,UAAU,GAAwB,EAAE,CAAC;IACrC,cAAc,CAAa;IAEnC;QACE,8CAA8C;QAC9C,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAClD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACK,oBAAoB;QAC1B,OAAO;YACL,KAAK,EAAE,uBAAuB,EAAE;YAChC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAsB;YAChE,SAAS,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;YAC7C,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,IAAI;YACf,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,QAAQ;gBACnB,MAAM,EAAE,iBAAiB;aAC1B;SACF,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,SAAS,CACP,WAAmB,EACnB,OAKC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,iCAAiC;QACjC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QAE5C,oDAAoD;QACpD,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1E,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAE1C,+BAA+B;QAC/B,MAAM,KAAK,GAAe;YACxB,KAAK,EAAE,uBAAuB,EAAE;YAChC,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI;YACpC,OAAO,EAAE,KAAK;YACd,QAAQ,EAAE;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBAC1C,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB;SACF,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;QAC1C,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,KAAa;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,CAAC,GAAG;YAAE,OAAO,KAAK,CAAC;QACvB,IAAI,GAAG,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC;QAC9B,IAAI,GAAG,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC;QAE9D,uBAAuB;QACvB,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAClC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,KAAK,CACH,KAAa,EACb,KAAsB,EACtB,QAAgB;QAEhB,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAEzC,uBAAuB;QACvB,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,sBAAsB;gBAC/B,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBACrC,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,qBAAqB;QACrB,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,6BAA6B;gBACtC,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBACrC,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,qBAAqB;QACrB,IAAI,GAAG,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;YAChD,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,wBAAwB;gBACjC,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBACrC,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,oBAAoB;QACpB,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAChC,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,cAAc;gBACpB,OAAO,EAAE,UAAU,KAAK,6BAA6B;gBACrD,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBACrC,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,0BAA0B;QAC1B,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,KAAK,MAAM,OAAO,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;gBACjD,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;oBAC5B,MAAM,SAAS,GAAsB;wBACnC,IAAI,EAAE,iBAAiB;wBACvB,OAAO,EAAE,aAAa,QAAQ,wBAAwB,OAAO,CAAC,OAAO,GAAG;wBACxE,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;wBACrC,QAAQ;wBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;qBACtB,CAAC;oBACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;gBACvC,CAAC;gBACD,OAAO,GAAG,IAAI,CAAC;YACjB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,aAAa,QAAQ,oCAAoC;gBAClE,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBACrC,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,uBAAuB;QACvB,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5C,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,sCAAsC;gBAC/C,UAAU,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK;gBACrC,QAAQ;gBACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACvC,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,OAAe;QAC5B,IAAI,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAsB;gBACnC,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,gDAAgD;gBACzD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC;YACF,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAa;QAClB,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,GAAG,EAAE,CAAC;YACR,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;YAEnB,yBAAyB;YACzB,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACpD,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;oBAC3B,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,eAAe;QACb,IAAI,CAAC,UAAU,GAAG,EAAE,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,OAAe,EAAE,QAAgB;QACpD,wBAAwB;QACxB,MAAM,YAAY,GAAG,OAAO;aACzB,OAAO,CAAC,OAAO,EAAE,gBAAgB,CAAC;aAClC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC;aACvB,OAAO,CAAC,iBAAiB,EAAE,IAAI,CAAC;aAChC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAEvB,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,YAAY,GAAG,CAAC,CAAC;QAC9C,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC;CACF"}

package/dist/security/skillVerify.d.ts

@@ -0,0 +1,128 @@
+import { z } from 'zod';
+declare const FileHashSchema: z.ZodObject<{
+    path: z.ZodString;
+    sha256: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    path: string;
+    sha256: string;
+}, {
+    path: string;
+    sha256: string;
+}>;
+export declare const SkillManifestSchema: z.ZodObject<{
+    name: z.ZodString;
+    version: z.ZodString;
+    files: z.ZodArray<z.ZodObject<{
+        path: z.ZodString;
+        sha256: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        path: string;
+        sha256: string;
+    }, {
+        path: string;
+        sha256: string;
+    }>, "many">;
+    timestamp: z.ZodNumber;
+    publicKey: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    timestamp: number;
+    name: string;
+    version: string;
+    files: {
+        path: string;
+        sha256: string;
+    }[];
+    publicKey: string;
+}, {
+    timestamp: number;
+    name: string;
+    version: string;
+    files: {
+        path: string;
+        sha256: string;
+    }[];
+    publicKey: string;
+}>;
+export declare const SignedManifestSchema: z.ZodObject<{
+    name: z.ZodString;
+    version: z.ZodString;
+    files: z.ZodArray<z.ZodObject<{
+        path: z.ZodString;
+        sha256: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        path: string;
+        sha256: string;
+    }, {
+        path: string;
+        sha256: string;
+    }>, "many">;
+    timestamp: z.ZodNumber;
+    publicKey: z.ZodString;
+} & {
+    signature: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    timestamp: number;
+    name: string;
+    version: string;
+    files: {
+        path: string;
+        sha256: string;
+    }[];
+    publicKey: string;
+    signature: string;
+}, {
+    timestamp: number;
+    name: string;
+    version: string;
+    files: {
+        path: string;
+        sha256: string;
+    }[];
+    publicKey: string;
+    signature: string;
+}>;
+export type FileHash = z.infer<typeof FileHashSchema>;
+export type SkillManifest = z.infer<typeof SkillManifestSchema>;
+export type SignedManifest = z.infer<typeof SignedManifestSchema>;
+/**
+ * Generate Ed25519 keypair for skill signing
+ */
+export declare function generateSigningKeyPair(): {
+    publicKey: string;
+    privateKey: string;
+};
+/**
+ * Compute SHA256 hash of file contents
+ */
+export declare function hashFile(filePath: string): Promise<string>;
+/**
+ * Create skill manifest by hashing all files in directory
+ */
+export declare function createManifest(skillDir: string, name: string, version: string): Promise<SkillManifest>;
+/**
+ * Sign manifest with Ed25519 private key
+ */
+export declare function signManifest(manifest: SkillManifest, privateKey: string): SignedManifest;
+/**
+ * Verify manifest signature using embedded public key
+ */
+export declare function verifyManifest(signed: SignedManifest): boolean;
+/**
+ * Verify skill directory matches signed manifest
+ * Returns list of tampered files (empty if valid)
+ */
+export declare function verifySkillIntegrity(skillDir: string, signed: SignedManifest): Promise<{
+    valid: boolean;
+    tamperedFiles: string[];
+}>;
+/**
+ * Load and parse signed manifest from JSON file
+ */
+export declare function loadSignedManifest(manifestPath: string): Promise<SignedManifest>;
+/**
+ * Check if skill directory has been modified since signing
+ * Useful for hot-reload scenarios
+ */
+export declare function needsReVerification(skillDir: string, signed: SignedManifest): Promise<boolean>;
+export {};
+//# sourceMappingURL=skillVerify.d.ts.map

package/dist/security/skillVerify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skillVerify.d.ts","sourceRoot":"","sources":["../../src/security/skillVerify.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAMxB,QAAA,MAAM,cAAc;;;;;;;;;EAGlB,CAAC;AAEH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAM9B,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE/B,CAAC;AAEH,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AACtD,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAChE,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAMlE;;GAEG;AACH,wBAAgB,sBAAsB,IAAI;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAOlF;AAMD;;GAEG;AACH,wBAAsB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAGhE;AA8BD;;GAEG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,aAAa,CAAC,CAkBxB;AA2BD;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,GAAG,cAAc,CAiBxF;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAY9D;AAMD;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,aAAa,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CAqCtD;AAMD;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAItF;AAED;;;GAGG;AACH,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,OAAO,CAAC,CAqBlB"}