agentlock-shared 0.1.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/billing.test.d.ts +2 -0
- package/dist/__tests__/billing.test.d.ts.map +1 -0
- package/dist/__tests__/billing.test.js +31 -0
- package/dist/__tests__/billing.test.js.map +1 -0
- package/dist/__tests__/crypto.test.js +137 -47
- package/dist/__tests__/crypto.test.js.map +1 -1
- package/dist/__tests__/dns-pinning.test.d.ts +2 -0
- package/dist/__tests__/dns-pinning.test.d.ts.map +1 -0
- package/dist/__tests__/dns-pinning.test.js +33 -0
- package/dist/__tests__/dns-pinning.test.js.map +1 -0
- package/dist/__tests__/llm-classifier-cache-store.test.d.ts +2 -0
- package/dist/__tests__/llm-classifier-cache-store.test.d.ts.map +1 -0
- package/dist/__tests__/llm-classifier-cache-store.test.js +65 -0
- package/dist/__tests__/llm-classifier-cache-store.test.js.map +1 -0
- package/dist/__tests__/llm-classifier-cache.test.d.ts +2 -0
- package/dist/__tests__/llm-classifier-cache.test.d.ts.map +1 -0
- package/dist/__tests__/llm-classifier-cache.test.js +44 -0
- package/dist/__tests__/llm-classifier-cache.test.js.map +1 -0
- package/dist/__tests__/llm-classifier.test.d.ts +2 -0
- package/dist/__tests__/llm-classifier.test.d.ts.map +1 -0
- package/dist/__tests__/llm-classifier.test.js +167 -0
- package/dist/__tests__/llm-classifier.test.js.map +1 -0
- package/dist/__tests__/messaging.test.d.ts +2 -0
- package/dist/__tests__/messaging.test.d.ts.map +1 -0
- package/dist/__tests__/messaging.test.js +75 -0
- package/dist/__tests__/messaging.test.js.map +1 -0
- package/dist/__tests__/plans-classifier-limits.test.d.ts +2 -0
- package/dist/__tests__/plans-classifier-limits.test.d.ts.map +1 -0
- package/dist/__tests__/plans-classifier-limits.test.js +22 -0
- package/dist/__tests__/plans-classifier-limits.test.js.map +1 -0
- package/dist/__tests__/policy-category-floor.test.d.ts +2 -0
- package/dist/__tests__/policy-category-floor.test.d.ts.map +1 -0
- package/dist/__tests__/policy-category-floor.test.js +46 -0
- package/dist/__tests__/policy-category-floor.test.js.map +1 -0
- package/dist/__tests__/policy-claude-bash.test.d.ts +2 -0
- package/dist/__tests__/policy-claude-bash.test.d.ts.map +1 -0
- package/dist/__tests__/policy-claude-bash.test.js +401 -0
- package/dist/__tests__/policy-claude-bash.test.js.map +1 -0
- package/dist/__tests__/policy-llm-floor.test.d.ts +2 -0
- package/dist/__tests__/policy-llm-floor.test.d.ts.map +1 -0
- package/dist/__tests__/policy-llm-floor.test.js +107 -0
- package/dist/__tests__/policy-llm-floor.test.js.map +1 -0
- package/dist/__tests__/policy-ssh-e2e.test.d.ts +2 -0
- package/dist/__tests__/policy-ssh-e2e.test.d.ts.map +1 -0
- package/dist/__tests__/policy-ssh-e2e.test.js +89 -0
- package/dist/__tests__/policy-ssh-e2e.test.js.map +1 -0
- package/dist/__tests__/policy-ssh-sessions.test.d.ts +2 -0
- package/dist/__tests__/policy-ssh-sessions.test.d.ts.map +1 -0
- package/dist/__tests__/policy-ssh-sessions.test.js +139 -0
- package/dist/__tests__/policy-ssh-sessions.test.js.map +1 -0
- package/dist/__tests__/policy-ssh.test.d.ts +2 -0
- package/dist/__tests__/policy-ssh.test.d.ts.map +1 -0
- package/dist/__tests__/policy-ssh.test.js +180 -0
- package/dist/__tests__/policy-ssh.test.js.map +1 -0
- package/dist/__tests__/policy.test.js +522 -7
- package/dist/__tests__/policy.test.js.map +1 -1
- package/dist/__tests__/redact.test.js +76 -0
- package/dist/__tests__/redact.test.js.map +1 -1
- package/dist/__tests__/signing.test.js +89 -0
- package/dist/__tests__/signing.test.js.map +1 -1
- package/dist/__tests__/ssh-fingerprint.test.d.ts +2 -0
- package/dist/__tests__/ssh-fingerprint.test.d.ts.map +1 -0
- package/dist/__tests__/ssh-fingerprint.test.js +19 -0
- package/dist/__tests__/ssh-fingerprint.test.js.map +1 -0
- package/dist/__tests__/vpn-route.test.d.ts +2 -0
- package/dist/__tests__/vpn-route.test.d.ts.map +1 -0
- package/dist/__tests__/vpn-route.test.js +72 -0
- package/dist/__tests__/vpn-route.test.js.map +1 -0
- package/dist/__tests__/wireguard.test.d.ts +2 -0
- package/dist/__tests__/wireguard.test.d.ts.map +1 -0
- package/dist/__tests__/wireguard.test.js +114 -0
- package/dist/__tests__/wireguard.test.js.map +1 -0
- package/dist/billing.d.ts +12 -0
- package/dist/billing.d.ts.map +1 -0
- package/dist/billing.js +41 -0
- package/dist/billing.js.map +1 -0
- package/dist/crypto.d.ts +41 -0
- package/dist/crypto.d.ts.map +1 -1
- package/dist/crypto.js +208 -6
- package/dist/crypto.js.map +1 -1
- package/dist/dns-pinning.d.ts +28 -0
- package/dist/dns-pinning.d.ts.map +1 -0
- package/dist/dns-pinning.js +113 -0
- package/dist/dns-pinning.js.map +1 -0
- package/dist/index.d.ts +6 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +9 -0
- package/dist/index.js.map +1 -1
- package/dist/llm-classifier-cache-store.d.ts +49 -0
- package/dist/llm-classifier-cache-store.d.ts.map +1 -0
- package/dist/llm-classifier-cache-store.js +63 -0
- package/dist/llm-classifier-cache-store.js.map +1 -0
- package/dist/llm-classifier-cache.d.ts +6 -0
- package/dist/llm-classifier-cache.d.ts.map +1 -0
- package/dist/llm-classifier-cache.js +52 -0
- package/dist/llm-classifier-cache.js.map +1 -0
- package/dist/llm-classifier.d.ts +29 -0
- package/dist/llm-classifier.d.ts.map +1 -0
- package/dist/llm-classifier.js +191 -0
- package/dist/llm-classifier.js.map +1 -0
- package/dist/observability.d.ts +36 -0
- package/dist/observability.d.ts.map +1 -0
- package/dist/observability.js +75 -0
- package/dist/observability.js.map +1 -0
- package/dist/plans.d.ts +21 -0
- package/dist/plans.d.ts.map +1 -1
- package/dist/plans.js +52 -14
- package/dist/plans.js.map +1 -1
- package/dist/policy.d.ts +173 -3
- package/dist/policy.d.ts.map +1 -1
- package/dist/policy.js +951 -58
- package/dist/policy.js.map +1 -1
- package/dist/redact.d.ts.map +1 -1
- package/dist/redact.js +104 -7
- package/dist/redact.js.map +1 -1
- package/dist/regex-safety.d.ts +21 -0
- package/dist/regex-safety.d.ts.map +1 -0
- package/dist/regex-safety.js +49 -0
- package/dist/regex-safety.js.map +1 -0
- package/dist/sanitize.d.ts +31 -0
- package/dist/sanitize.d.ts.map +1 -0
- package/dist/sanitize.js +54 -0
- package/dist/sanitize.js.map +1 -0
- package/dist/schemas.d.ts +267 -14
- package/dist/schemas.d.ts.map +1 -1
- package/dist/schemas.js +152 -10
- package/dist/schemas.js.map +1 -1
- package/dist/signing.d.ts +15 -0
- package/dist/signing.d.ts.map +1 -1
- package/dist/signing.js +53 -4
- package/dist/signing.js.map +1 -1
- package/dist/ssh-fingerprint.d.ts +10 -0
- package/dist/ssh-fingerprint.d.ts.map +1 -0
- package/dist/ssh-fingerprint.js +52 -0
- package/dist/ssh-fingerprint.js.map +1 -0
- package/dist/ssrf.d.ts +36 -0
- package/dist/ssrf.d.ts.map +1 -0
- package/dist/ssrf.js +140 -0
- package/dist/ssrf.js.map +1 -0
- package/dist/types.d.ts +131 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/wireguard.d.ts +63 -0
- package/dist/wireguard.d.ts.map +1 -0
- package/dist/wireguard.js +226 -0
- package/dist/wireguard.js.map +1 -0
- package/package.json +42 -29
- package/.turbo/turbo-build.log +0 -4
- package/.turbo/turbo-test.log +0 -34
- package/dist/__tests__/content-crypto.test.d.ts +0 -2
- package/dist/__tests__/content-crypto.test.d.ts.map +0 -1
- package/dist/__tests__/content-crypto.test.js +0 -117
- package/dist/__tests__/content-crypto.test.js.map +0 -1
- package/dist/content-crypto.d.ts +0 -24
- package/dist/content-crypto.d.ts.map +0 -1
- package/dist/content-crypto.js +0 -58
- package/dist/content-crypto.js.map +0 -1
- package/src/__tests__/policy.test.ts +0 -88
- package/src/__tests__/redact.test.ts +0 -41
- package/src/__tests__/signing.test.ts +0 -55
- package/src/crypto.ts +0 -87
- package/src/index.ts +0 -8
- package/src/mcp-catalog.ts +0 -181
- package/src/plans.ts +0 -96
- package/src/policy.ts +0 -186
- package/src/redact.ts +0 -114
- package/src/schemas.ts +0 -53
- package/src/signing.ts +0 -120
- package/src/types.ts +0 -212
- package/test-gateway.mjs +0 -47
- package/tsconfig.json +0 -10
- package/vitest.config.ts +0 -8
package/dist/signing.js
CHANGED
|
@@ -3,12 +3,24 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
exports.SIGNATURE_VERSION_CURRENT = void 0;
|
|
6
7
|
exports.generateKeypair = generateKeypair;
|
|
7
8
|
exports.canonicalStringify = canonicalStringify;
|
|
8
9
|
exports.signRequest = signRequest;
|
|
9
10
|
exports.verifyRequest = verifyRequest;
|
|
10
11
|
const tweetnacl_1 = __importDefault(require("tweetnacl"));
|
|
11
12
|
const tweetnacl_util_1 = require("tweetnacl-util");
|
|
13
|
+
/**
|
|
14
|
+
* Supported signature-scheme version. v1 is the original Ed25519 over
|
|
15
|
+
* `${canonicalStringify(body)}:${timestamp}:${nonce}`. Future versions
|
|
16
|
+
* (e.g. v2 switching to a hash-chained nonce or a different canonicalisation)
|
|
17
|
+
* bump this number; `verifyRequest` must then dispatch on the header value.
|
|
18
|
+
*
|
|
19
|
+
* The header is OPTIONAL for backward-compat with agents that don't send it;
|
|
20
|
+
* an absent header is treated as v1. New clients should set it explicitly so
|
|
21
|
+
* a future v2 rollout can leave v1 traffic alone during the transition.
|
|
22
|
+
*/
|
|
23
|
+
exports.SIGNATURE_VERSION_CURRENT = '1';
|
|
12
24
|
function generateKeypair() {
|
|
13
25
|
const pair = tweetnacl_1.default.sign.keyPair();
|
|
14
26
|
return {
|
|
@@ -60,7 +72,12 @@ function signRequest(body, agentId, privateKeyBase64) {
|
|
|
60
72
|
const timestamp = Date.now().toString();
|
|
61
73
|
const nonce = (0, tweetnacl_util_1.encodeBase64)(tweetnacl_1.default.randomBytes(16));
|
|
62
74
|
const canonical = canonicalStringify(body);
|
|
63
|
-
|
|
75
|
+
// Bind the signature-scheme version into the signed material so an on-path
|
|
76
|
+
// attacker cannot strip `x-signature-version` to force a future v2-signed
|
|
77
|
+
// request to verify under v1 rules (cross-version downgrade). Without this,
|
|
78
|
+
// adding a v2 scheme later becomes a breaking change for every deployed
|
|
79
|
+
// agent — fixing it at the moment the version header is introduced is free.
|
|
80
|
+
const message = (0, tweetnacl_util_1.decodeUTF8)(`${canonical}:${timestamp}:${nonce}:${exports.SIGNATURE_VERSION_CURRENT}`);
|
|
64
81
|
const privateKey = (0, tweetnacl_util_1.decodeBase64)(privateKeyBase64);
|
|
65
82
|
const signature = tweetnacl_1.default.sign.detached(message, privateKey);
|
|
66
83
|
return {
|
|
@@ -68,29 +85,61 @@ function signRequest(body, agentId, privateKeyBase64) {
|
|
|
68
85
|
'x-timestamp': timestamp,
|
|
69
86
|
'x-signature': (0, tweetnacl_util_1.encodeBase64)(signature),
|
|
70
87
|
'x-nonce': nonce,
|
|
88
|
+
'x-signature-version': exports.SIGNATURE_VERSION_CURRENT,
|
|
71
89
|
};
|
|
72
90
|
}
|
|
91
|
+
const SUPPORTED_SIGNATURE_VERSIONS = new Set(['1']);
|
|
73
92
|
function verifyRequest(body, headers, publicKeyBase64, maxSkewMs = 5 * 60 * 1000) {
|
|
74
93
|
const agentId = headers['x-agent-id'];
|
|
75
94
|
const timestamp = headers['x-timestamp'];
|
|
76
95
|
const signatureB64 = headers['x-signature'];
|
|
77
96
|
const nonce = headers['x-nonce'];
|
|
97
|
+
// Optional for backward compat. Absent = treat as v1 so existing agents
|
|
98
|
+
// keep working. A future breaking change bumps SIGNATURE_VERSION_CURRENT
|
|
99
|
+
// and adds a new branch below; v1 traffic continues to verify until we
|
|
100
|
+
// decide to hard-retire it.
|
|
101
|
+
const version = headers['x-signature-version'] ?? '1';
|
|
78
102
|
if (!agentId || !timestamp || !signatureB64 || !nonce) {
|
|
79
103
|
throw new Error('Missing required signature headers');
|
|
80
104
|
}
|
|
105
|
+
if (!SUPPORTED_SIGNATURE_VERSIONS.has(version)) {
|
|
106
|
+
throw new Error(`Unsupported signature version: ${version}`);
|
|
107
|
+
}
|
|
81
108
|
const ts = parseInt(timestamp, 10);
|
|
109
|
+
// A non-numeric timestamp parses to NaN, and `Math.abs(now - NaN) > skew`
|
|
110
|
+
// is false — which would silently skip the freshness check. Reject it.
|
|
111
|
+
if (!Number.isFinite(ts)) {
|
|
112
|
+
throw new Error('Invalid timestamp');
|
|
113
|
+
}
|
|
82
114
|
const now = Date.now();
|
|
83
115
|
if (Math.abs(now - ts) > maxSkewMs) {
|
|
84
116
|
throw new Error(`Timestamp skew too large: ${Math.abs(now - ts)}ms`);
|
|
85
117
|
}
|
|
86
118
|
const canonical = canonicalStringify(body);
|
|
87
|
-
|
|
119
|
+
// Mirror the version binding in signRequest. A stripped `x-signature-version`
|
|
120
|
+
// header defaults to `'1'` here, so the pre-image bytes match only when the
|
|
121
|
+
// signer also used v1. Any future v2 scheme binds `'2'` into its message,
|
|
122
|
+
// making version-downgrade attempts flip the verify result to false.
|
|
123
|
+
const messageBound = (0, tweetnacl_util_1.decodeUTF8)(`${canonical}:${timestamp}:${nonce}:${version}`);
|
|
88
124
|
const signature = (0, tweetnacl_util_1.decodeBase64)(signatureB64);
|
|
89
125
|
const publicKey = (0, tweetnacl_util_1.decodeBase64)(publicKeyBase64);
|
|
90
|
-
|
|
126
|
+
let valid = tweetnacl_1.default.sign.detached.verify(messageBound, signature, publicKey);
|
|
127
|
+
// Transitional legacy fallback: pre-version-binding agents sign the
|
|
128
|
+
// unbound pre-image (`canonical:timestamp:nonce`) and send no version
|
|
129
|
+
// header. Accept those signatures so the binding rollout doesn't force
|
|
130
|
+
// every deployed agent to redeploy simultaneously. The fallback only
|
|
131
|
+
// engages when the caller did NOT send `x-signature-version`, so it
|
|
132
|
+
// closes only the "client upgrades are lagging" gap, not a
|
|
133
|
+
// header-strip downgrade. Remove this branch before introducing v2 —
|
|
134
|
+
// by then every client must send the header for the binding to be
|
|
135
|
+
// meaningful.
|
|
136
|
+
if (!valid && headers['x-signature-version'] === undefined) {
|
|
137
|
+
const messageLegacy = (0, tweetnacl_util_1.decodeUTF8)(`${canonical}:${timestamp}:${nonce}`);
|
|
138
|
+
valid = tweetnacl_1.default.sign.detached.verify(messageLegacy, signature, publicKey);
|
|
139
|
+
}
|
|
91
140
|
if (!valid) {
|
|
92
141
|
throw new Error('Invalid signature');
|
|
93
142
|
}
|
|
94
|
-
return { agentId, nonce };
|
|
143
|
+
return { agentId, nonce, version: version };
|
|
95
144
|
}
|
|
96
145
|
//# sourceMappingURL=signing.js.map
|
package/dist/signing.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signing.js","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"signing.js","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":";;;;;;AA6BA,0CAMC;AAoCD,gDAEC;AAED,kCAyBC;AAID,sCAuEC;AA/KD,0DAA6B;AAC7B,mDAAwE;AAExE;;;;;;;;;GASG;AACU,QAAA,yBAAyB,GAAG,GAAY,CAAC;AAgBtD,SAAgB,eAAe;IAC7B,MAAM,IAAI,GAAG,mBAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;IACjC,OAAO;QACL,SAAS,EAAE,IAAA,6BAAY,EAAC,IAAI,CAAC,SAAS,CAAC;QACvC,UAAU,EAAE,IAAA,6BAAY,EAAC,IAAI,CAAC,SAAS,CAAC;KACzC,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,eAAe,CAAC,GAAY;IACnC,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IACxC,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAChC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,2DAA2D;QAC3D,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,MAAM,CAAC;QACzC,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IACpF,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;IACvE,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAa,CAAC,CAAC,IAAI,EAAE,CAAC;QACjD,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,MAAM,CAAC,GAAG,eAAe,CAAE,GAA+B,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/D,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACpB,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;QACD,OAAO,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;IAChC,CAAC;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAgB,kBAAkB,CAAC,GAA4B;IAC7D,OAAO,eAAe,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;AACtC,CAAC;AAED,SAAgB,WAAW,CACzB,IAA6B,EAC7B,OAAe,EACf,gBAAwB;IAExB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,IAAA,6BAAY,EAAC,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC3C,2EAA2E;IAC3E,0EAA0E;IAC1E,4EAA4E;IAC5E,wEAAwE;IACxE,4EAA4E;IAC5E,MAAM,OAAO,GAAG,IAAA,2BAAU,EAAC,GAAG,SAAS,IAAI,SAAS,IAAI,KAAK,IAAI,iCAAyB,EAAE,CAAC,CAAC;IAE9F,MAAM,UAAU,GAAG,IAAA,6BAAY,EAAC,gBAAgB,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,mBAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAE1D,OAAO;QACL,YAAY,EAAE,OAAO;QACrB,aAAa,EAAE,SAAS;QACxB,aAAa,EAAE,IAAA,6BAAY,EAAC,SAAS,CAAC;QACtC,SAAS,EAAE,KAAK;QAChB,qBAAqB,EAAE,iCAAyB;KACjD,CAAC;AACJ,CAAC;AAED,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAS,CAAC,GAAG,CAAC,CAAC,CAAC;AAE5D,SAAgB,aAAa,CAC3B,IAA6B,EAC7B,OAMC,EACD,eAAuB,EACvB,SAAS,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI;IAEzB,MAAM,OAAO,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACzC,MAAM,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACjC,wEAAwE;IACxE,yEAAyE;IACzE,uEAAuE;IACvE,4BAA4B;IAC5B,MAAM,OAAO,GAAG,OAAO,CAAC,qBAAqB,CAAC,IAAI,GAAG,CAAC;IAEtD,IAAI,CAAC,OAAO,IAAI,CAAC,SAAS,IAAI,CAAC,YAAY,IAAI,CAAC,KAAK,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,CAAC,4BAA4B,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,kCAAkC,OAAO,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IACnC,0EAA0E;IAC1E,uEAAuE;IACvE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,SAAS,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC3C,8EAA8E;IAC9E,4EAA4E;IAC5E,0EAA0E;IAC1E,qEAAqE;IACrE,MAAM,YAAY,GAAG,IAAA,2BAAU,EAAC,GAAG,SAAS,IAAI,SAAS,IAAI,KAAK,IAAI,OAAO,EAAE,CAAC,CAAC;IACjF,MAAM,SAAS,GAAG,IAAA,6BAAY,EAAC,YAAY,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,IAAA,6BAAY,EAAC,eAAe,CAAC,CAAC;IAEhD,IAAI,KAAK,GAAG,mBAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IAE1E,oEAAoE;IACpE,sEAAsE;IACtE,uEAAuE;IACvE,qEAAqE;IACrE,oEAAoE;IACpE,2DAA2D;IAC3D,qEAAqE;IACrE,kEAAkE;IAClE,cAAc;IACd,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,qBAAqB,CAAC,KAAK,SAAS,EAAE,CAAC;QAC3D,MAAM,aAAa,GAAG,IAAA,2BAAU,EAAC,GAAG,SAAS,IAAI,SAAS,IAAI,KAAK,EAAE,CAAC,CAAC;QACvE,KAAK,GAAG,mBAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,aAAa,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,OAA2B,EAAE,CAAC;AAClE,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Normalize an SSH host-key fingerprint to canonical lowercase SHA-256 hex.
|
|
3
|
+
*
|
|
4
|
+
* Accepted input forms:
|
|
5
|
+
* - 64-char hex digest
|
|
6
|
+
* - OpenSSH-style `SHA256:<base64>`
|
|
7
|
+
* - bare base64 / url-safe base64 (43/44 chars, optional padding)
|
|
8
|
+
*/
|
|
9
|
+
export declare function normalizeSshHostKeyFingerprint(fp: string): string;
|
|
10
|
+
//# sourceMappingURL=ssh-fingerprint.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ssh-fingerprint.d.ts","sourceRoot":"","sources":["../src/ssh-fingerprint.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,wBAAgB,8BAA8B,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAyBjE"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.normalizeSshHostKeyFingerprint = normalizeSshHostKeyFingerprint;
|
|
4
|
+
/**
|
|
5
|
+
* Normalize an SSH host-key fingerprint to canonical lowercase SHA-256 hex.
|
|
6
|
+
*
|
|
7
|
+
* Accepted input forms:
|
|
8
|
+
* - 64-char hex digest
|
|
9
|
+
* - OpenSSH-style `SHA256:<base64>`
|
|
10
|
+
* - bare base64 / url-safe base64 (43/44 chars, optional padding)
|
|
11
|
+
*/
|
|
12
|
+
function normalizeSshHostKeyFingerprint(fp) {
|
|
13
|
+
const stripped = fp.trim().replace(/^sha256:/i, '').replace(/\s+/g, '');
|
|
14
|
+
if (stripped.length === 0) {
|
|
15
|
+
throw new Error('Empty host key fingerprint');
|
|
16
|
+
}
|
|
17
|
+
if (/^[0-9a-f]{64}$/i.test(stripped)) {
|
|
18
|
+
return stripped.toLowerCase();
|
|
19
|
+
}
|
|
20
|
+
const b64Like = /^[A-Za-z0-9+/_-]{43,44}={0,2}$/.test(stripped);
|
|
21
|
+
if (b64Like) {
|
|
22
|
+
const normalized = stripped.replace(/-/g, '+').replace(/_/g, '/');
|
|
23
|
+
const padded = normalized.length % 4 === 0
|
|
24
|
+
? normalized
|
|
25
|
+
: normalized + '='.repeat(4 - (normalized.length % 4));
|
|
26
|
+
const decoded = decodeBase64Bytes(padded);
|
|
27
|
+
if (decoded && decoded.length === 32) {
|
|
28
|
+
return Array.from(decoded, (byte) => byte.toString(16).padStart(2, '0')).join('');
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
throw new Error(`Invalid SHA-256 host key fingerprint: expected 64-char hex or base64 (OpenSSH-style), got ${stripped.length} chars`);
|
|
32
|
+
}
|
|
33
|
+
function decodeBase64Bytes(base64) {
|
|
34
|
+
try {
|
|
35
|
+
if (typeof Buffer !== 'undefined') {
|
|
36
|
+
return Uint8Array.from(Buffer.from(base64, 'base64'));
|
|
37
|
+
}
|
|
38
|
+
if (typeof globalThis.atob === 'function') {
|
|
39
|
+
const binary = globalThis.atob(base64);
|
|
40
|
+
const bytes = new Uint8Array(binary.length);
|
|
41
|
+
for (let i = 0; i < binary.length; i += 1) {
|
|
42
|
+
bytes[i] = binary.charCodeAt(i);
|
|
43
|
+
}
|
|
44
|
+
return bytes;
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
catch {
|
|
48
|
+
return null;
|
|
49
|
+
}
|
|
50
|
+
return null;
|
|
51
|
+
}
|
|
52
|
+
//# sourceMappingURL=ssh-fingerprint.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ssh-fingerprint.js","sourceRoot":"","sources":["../src/ssh-fingerprint.ts"],"names":[],"mappings":";;AAQA,wEAyBC;AAjCD;;;;;;;GAOG;AACH,SAAgB,8BAA8B,CAAC,EAAU;IACvD,MAAM,QAAQ,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACxE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrC,OAAO,QAAQ,CAAC,WAAW,EAAE,CAAC;IAChC,CAAC;IAED,MAAM,OAAO,GAAG,gCAAgC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAChE,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;YACxC,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACrC,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACpF,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CACb,6FAA6F,QAAQ,CAAC,MAAM,QAAQ,CACrH,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAc;IACvC,IAAI,CAAC;QACH,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,OAAO,UAAU,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAClC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
package/dist/ssrf.d.ts
ADDED
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
/** True iff the literal `ip` string falls inside one of BLOCKED_IP_RANGES. */
|
|
2
|
+
export declare function isPrivateIP(ip: string): boolean;
|
|
3
|
+
/**
|
|
4
|
+
* Test whether an IPv4 dotted-quad is inside an IPv4 CIDR block.
|
|
5
|
+
* Used by the VPN allow-list path: addresses inside `peer.allowedIPs` are
|
|
6
|
+
* intentionally reachable through the tunnel and should not be blocked by
|
|
7
|
+
* the standard private-IP checks.
|
|
8
|
+
* Returns false for malformed inputs, non-IPv4 addresses, or IPv6 CIDRs.
|
|
9
|
+
* 32-bit math is kept in unsigned space via `>>> 0`.
|
|
10
|
+
*/
|
|
11
|
+
export declare function ipv4InCidr(ip: string, cidr: string): boolean;
|
|
12
|
+
/**
|
|
13
|
+
* Resolver used by validateNotSSRF. Default = node's `dns/promises`. The HTTP
|
|
14
|
+
* connector passes in a version backed by its `createPinnedLookup()` cache
|
|
15
|
+
* so the IP the check sees is byte-for-byte the one the socket will connect
|
|
16
|
+
* to — closes a DNS-rebinding window where an attacker-controlled TTL=0
|
|
17
|
+
* record returns a public IP to validateNotSSRF and a private IP to the
|
|
18
|
+
* subsequent TCP connect.
|
|
19
|
+
*/
|
|
20
|
+
export type SsrfResolver = (hostname: string) => Promise<string[]>;
|
|
21
|
+
/**
|
|
22
|
+
* Validate that a URL does not target a private/internal address.
|
|
23
|
+
*
|
|
24
|
+
* The `allowedPrivateCidrs` list exempts specific IPv4 CIDRs that a
|
|
25
|
+
* WireGuard VPN peer announces as reachable (peer.allowedIPs). This keeps
|
|
26
|
+
* the SSRF check active for everything outside the tunnel — including
|
|
27
|
+
* cloud metadata endpoints — even when a VPN is in use.
|
|
28
|
+
*
|
|
29
|
+
* Fails closed on DNS resolution errors: an unreachable hostname can't be
|
|
30
|
+
* verified as public and could be a DNS-rebinding attempt.
|
|
31
|
+
*
|
|
32
|
+
* Pass `resolver` (e.g. a pinnedLookup-backed one) to share the same DNS
|
|
33
|
+
* answer with the connect path and remove the TOCTOU window.
|
|
34
|
+
*/
|
|
35
|
+
export declare function validateNotSSRF(url: string, allowedPrivateCidrs?: string[], resolver?: SsrfResolver): Promise<void>;
|
|
36
|
+
//# sourceMappingURL=ssrf.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ssrf.d.ts","sourceRoot":"","sources":["../src/ssrf.ts"],"names":[],"mappings":"AAwCA,8EAA8E;AAC9E,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAE/C;AAED;;;;;;;GAOG;AACH,wBAAgB,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAiB5D;AAqBD;;;;;;;GAOG;AACH,MAAM,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AAQnE;;;;;;;;;;;;;GAaG;AACH,wBAAsB,eAAe,CACnC,GAAG,EAAE,MAAM,EACX,mBAAmB,GAAE,MAAM,EAAO,EAClC,QAAQ,GAAE,YAA8B,GACvC,OAAO,CAAC,IAAI,CAAC,CA6Bf"}
|
package/dist/ssrf.js
ADDED
|
@@ -0,0 +1,140 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.isPrivateIP = isPrivateIP;
|
|
4
|
+
exports.ipv4InCidr = ipv4InCidr;
|
|
5
|
+
exports.validateNotSSRF = validateNotSSRF;
|
|
6
|
+
const promises_1 = require("dns/promises");
|
|
7
|
+
const net_1 = require("net");
|
|
8
|
+
/**
|
|
9
|
+
* Regex patterns covering the address ranges we refuse to reach from
|
|
10
|
+
* server-side fetches: RFC 1918 private, loopback, link-local (incl. cloud
|
|
11
|
+
* metadata 169.254.169.254), CGNAT, multicast, broadcast, IPv6 equivalents.
|
|
12
|
+
* Single source of truth for both the Runner and the Web inline executor —
|
|
13
|
+
* previously these lists were duplicated and could drift apart.
|
|
14
|
+
*
|
|
15
|
+
* NOTE: this module imports Node's `dns/promises` and is therefore server-
|
|
16
|
+
* only. It is NOT re-exported from `agentlock-shared/index.ts` — if it were,
|
|
17
|
+
* Next.js client bundles transitively importing the barrel would fail to
|
|
18
|
+
* resolve `dns/promises`. Import from the `agentlock-shared/ssrf` subpath
|
|
19
|
+
* in server-only code (HTTP/MCP connectors, webhook-side validators).
|
|
20
|
+
*/
|
|
21
|
+
const BLOCKED_IP_RANGES = [
|
|
22
|
+
/^127\./, // loopback
|
|
23
|
+
/^10\./, // RFC 1918
|
|
24
|
+
/^172\.(1[6-9]|2\d|3[01])\./, // RFC 1918
|
|
25
|
+
/^192\.168\./, // RFC 1918
|
|
26
|
+
/^169\.254\./, // link-local (cloud metadata endpoints)
|
|
27
|
+
/^0\./, // current network
|
|
28
|
+
/^100\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7])\./, // CGNAT (RFC 6598)
|
|
29
|
+
/^192\.0\.0\./, // IETF protocol assignments
|
|
30
|
+
/^198\.(1[89])\./, // benchmark testing (RFC 2544)
|
|
31
|
+
/^224\./, // multicast
|
|
32
|
+
/^240\./, // reserved (class E)
|
|
33
|
+
/^255\.255\.255\.255$/, // broadcast
|
|
34
|
+
/^::1$/, // IPv6 loopback
|
|
35
|
+
/^::$/, // IPv6 unspecified
|
|
36
|
+
/^::ffff:/i, // IPv4-mapped IPv6
|
|
37
|
+
/^fe80:/i, // IPv6 link-local
|
|
38
|
+
/^fc00:/i, // IPv6 unique local
|
|
39
|
+
/^fd/i, // IPv6 unique local
|
|
40
|
+
/^ff0[0-9a-f]:/i, // IPv6 multicast
|
|
41
|
+
/^64:ff9b:/i, // NAT64 (RFC 6052) — embeds an IPv4 that can map to a forbidden range (e.g. metadata)
|
|
42
|
+
/^2002:/i, // 6to4 (RFC 3056) — embeds an IPv4 that can map to a forbidden range
|
|
43
|
+
];
|
|
44
|
+
/** True iff the literal `ip` string falls inside one of BLOCKED_IP_RANGES. */
|
|
45
|
+
function isPrivateIP(ip) {
|
|
46
|
+
return BLOCKED_IP_RANGES.some((re) => re.test(ip));
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* Test whether an IPv4 dotted-quad is inside an IPv4 CIDR block.
|
|
50
|
+
* Used by the VPN allow-list path: addresses inside `peer.allowedIPs` are
|
|
51
|
+
* intentionally reachable through the tunnel and should not be blocked by
|
|
52
|
+
* the standard private-IP checks.
|
|
53
|
+
* Returns false for malformed inputs, non-IPv4 addresses, or IPv6 CIDRs.
|
|
54
|
+
* 32-bit math is kept in unsigned space via `>>> 0`.
|
|
55
|
+
*/
|
|
56
|
+
function ipv4InCidr(ip, cidr) {
|
|
57
|
+
const slash = cidr.indexOf('/');
|
|
58
|
+
if (slash < 0)
|
|
59
|
+
return false;
|
|
60
|
+
const net = cidr.slice(0, slash);
|
|
61
|
+
const bits = parseInt(cidr.slice(slash + 1), 10);
|
|
62
|
+
if (!Number.isInteger(bits) || bits < 0 || bits > 32)
|
|
63
|
+
return false;
|
|
64
|
+
const ipOct = ip.split('.').map((s) => Number(s));
|
|
65
|
+
const netOct = net.split('.').map((s) => Number(s));
|
|
66
|
+
if (ipOct.length !== 4 || netOct.length !== 4)
|
|
67
|
+
return false;
|
|
68
|
+
if (ipOct.some((n) => !Number.isInteger(n) || n < 0 || n > 255))
|
|
69
|
+
return false;
|
|
70
|
+
if (netOct.some((n) => !Number.isInteger(n) || n < 0 || n > 255))
|
|
71
|
+
return false;
|
|
72
|
+
const ipInt = (((ipOct[0] << 24) | (ipOct[1] << 16) | (ipOct[2] << 8) | ipOct[3]) >>> 0);
|
|
73
|
+
const netInt = (((netOct[0] << 24) | (netOct[1] << 16) | (netOct[2] << 8) | netOct[3]) >>> 0);
|
|
74
|
+
const mask = bits === 0 ? 0 : ((-1 << (32 - bits)) >>> 0);
|
|
75
|
+
return (ipInt & mask) === (netInt & mask);
|
|
76
|
+
}
|
|
77
|
+
function normalizeHostname(hostname) {
|
|
78
|
+
if (hostname.startsWith('[') && hostname.endsWith(']')) {
|
|
79
|
+
return hostname.slice(1, -1);
|
|
80
|
+
}
|
|
81
|
+
return hostname;
|
|
82
|
+
}
|
|
83
|
+
function checkIPv4MappedIPv6(hostname) {
|
|
84
|
+
const hexMatch = hostname.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/i);
|
|
85
|
+
if (hexMatch) {
|
|
86
|
+
const hi = parseInt(hexMatch[1], 16);
|
|
87
|
+
const lo = parseInt(hexMatch[2], 16);
|
|
88
|
+
const ipv4 = `${hi >> 8}.${hi & 0xff}.${lo >> 8}.${lo & 0xff}`;
|
|
89
|
+
if (isPrivateIP(ipv4)) {
|
|
90
|
+
throw new Error(`SSRF blocked: IPv4-mapped IPv6 resolves to private ${ipv4}`);
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
const defaultResolver = async (hostname) => {
|
|
95
|
+
const ipv4 = await (0, promises_1.resolve4)(hostname).catch(() => []);
|
|
96
|
+
const ipv6 = await (0, promises_1.resolve6)(hostname).catch(() => []);
|
|
97
|
+
return [...ipv4, ...ipv6];
|
|
98
|
+
};
|
|
99
|
+
/**
|
|
100
|
+
* Validate that a URL does not target a private/internal address.
|
|
101
|
+
*
|
|
102
|
+
* The `allowedPrivateCidrs` list exempts specific IPv4 CIDRs that a
|
|
103
|
+
* WireGuard VPN peer announces as reachable (peer.allowedIPs). This keeps
|
|
104
|
+
* the SSRF check active for everything outside the tunnel — including
|
|
105
|
+
* cloud metadata endpoints — even when a VPN is in use.
|
|
106
|
+
*
|
|
107
|
+
* Fails closed on DNS resolution errors: an unreachable hostname can't be
|
|
108
|
+
* verified as public and could be a DNS-rebinding attempt.
|
|
109
|
+
*
|
|
110
|
+
* Pass `resolver` (e.g. a pinnedLookup-backed one) to share the same DNS
|
|
111
|
+
* answer with the connect path and remove the TOCTOU window.
|
|
112
|
+
*/
|
|
113
|
+
async function validateNotSSRF(url, allowedPrivateCidrs = [], resolver = defaultResolver) {
|
|
114
|
+
const parsed = new URL(url);
|
|
115
|
+
const hostname = normalizeHostname(parsed.hostname);
|
|
116
|
+
const isAllowedByCidr = (ip) => allowedPrivateCidrs.some((cidr) => ipv4InCidr(ip, cidr));
|
|
117
|
+
if (isPrivateIP(hostname) && !isAllowedByCidr(hostname)) {
|
|
118
|
+
throw new Error(`SSRF blocked: private IP address ${hostname}`);
|
|
119
|
+
}
|
|
120
|
+
checkIPv4MappedIPv6(hostname);
|
|
121
|
+
if ((0, net_1.isIP)(hostname))
|
|
122
|
+
return;
|
|
123
|
+
try {
|
|
124
|
+
const allIPs = await resolver(hostname);
|
|
125
|
+
if (allIPs.length === 0) {
|
|
126
|
+
throw new Error(`SSRF check failed: DNS resolution returned no addresses for ${hostname}`);
|
|
127
|
+
}
|
|
128
|
+
for (const ip of allIPs) {
|
|
129
|
+
if (isPrivateIP(ip) && !isAllowedByCidr(ip)) {
|
|
130
|
+
throw new Error(`SSRF blocked: ${hostname} resolves to private IP ${ip}`);
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
catch (e) {
|
|
135
|
+
if (e.message.startsWith('SSRF blocked'))
|
|
136
|
+
throw e;
|
|
137
|
+
throw new Error(`SSRF check failed: DNS resolution error for ${hostname}`);
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
//# sourceMappingURL=ssrf.js.map
|
package/dist/ssrf.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ssrf.js","sourceRoot":"","sources":["../src/ssrf.ts"],"names":[],"mappings":";;AAyCA,kCAEC;AAUD,gCAiBC;AAmDD,0CAiCC;AA1JD,2CAAkD;AAClD,6BAA2B;AAE3B;;;;;;;;;;;;GAYG;AACH,MAAM,iBAAiB,GAAG;IACxB,QAAQ,EAAE,WAAW;IACrB,OAAO,EAAE,WAAW;IACpB,4BAA4B,EAAE,WAAW;IACzC,aAAa,EAAE,WAAW;IAC1B,aAAa,EAAE,wCAAwC;IACvD,MAAM,EAAE,kBAAkB;IAC1B,0CAA0C,EAAE,mBAAmB;IAC/D,cAAc,EAAE,4BAA4B;IAC5C,iBAAiB,EAAE,+BAA+B;IAClD,QAAQ,EAAE,YAAY;IACtB,QAAQ,EAAE,qBAAqB;IAC/B,sBAAsB,EAAE,YAAY;IACpC,OAAO,EAAE,gBAAgB;IACzB,MAAM,EAAE,mBAAmB;IAC3B,WAAW,EAAE,mBAAmB;IAChC,SAAS,EAAE,kBAAkB;IAC7B,SAAS,EAAE,oBAAoB;IAC/B,MAAM,EAAE,oBAAoB;IAC5B,gBAAgB,EAAE,iBAAiB;IACnC,YAAY,EAAE,sFAAsF;IACpG,SAAS,EAAE,qEAAqE;CACjF,CAAC;AAEF,8EAA8E;AAC9E,SAAgB,WAAW,CAAC,EAAU;IACpC,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AACrD,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,UAAU,CAAC,EAAU,EAAE,IAAY;IACjD,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,EAAE;QAAE,OAAO,KAAK,CAAC;IAEnE,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5D,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC9E,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAE/E,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IACzF,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9F,MAAM,IAAI,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAC1D,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvD,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/B,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgB;IAC3C,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC7E,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,GAAG,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC;QAC/D,IAAI,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,sDAAsD,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;AACH,CAAC;AAYD,MAAM,eAAe,GAAiB,KAAK,EAAE,QAAQ,EAAE,EAAE;IACvD,MAAM,IAAI,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAc,CAAC,CAAC;IAClE,MAAM,IAAI,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAc,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;AAC5B,CAAC,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACI,KAAK,UAAU,eAAe,CACnC,GAAW,EACX,sBAAgC,EAAE,EAClC,WAAyB,eAAe;IAExC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEpD,MAAM,eAAe,GAAG,CAAC,EAAU,EAAE,EAAE,CACrC,mBAAmB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC;IAE3D,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAC9B,IAAI,IAAA,UAAI,EAAC,QAAQ,CAAC;QAAE,OAAO;IAE3B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,+DAA+D,QAAQ,EAAE,CAAC,CAAC;QAC7F,CAAC;QAED,KAAK,MAAM,EAAE,IAAI,MAAM,EAAE,CAAC;YACxB,IAAI,WAAW,CAAC,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC5C,MAAM,IAAI,KAAK,CAAC,iBAAiB,QAAQ,2BAA2B,EAAE,EAAE,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAK,CAAW,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC;YAAE,MAAM,CAAC,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,+CAA+C,QAAQ,EAAE,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
export type WorkspaceRole = 'owner' | 'admin' | 'approver' | 'member';
|
|
2
2
|
export type AgentStatus = 'active' | 'revoked' | 'suspended';
|
|
3
3
|
export type AgentEnvironment = 'development' | 'staging' | 'production';
|
|
4
|
+
export type PermissionRoutingMode = 'bypass' | 'gateway';
|
|
5
|
+
/** @deprecated Renamed to {@link PermissionRoutingMode}. Re-exported as an alias for one release so external SDK consumers don't break on import. Note that the value set has also changed from `'local' | 'risky' | 'all'` to `'bypass' | 'gateway'`; consumers passing the old strings will fail validation server-side. */
|
|
6
|
+
export type ClaudePermissionMode = PermissionRoutingMode;
|
|
4
7
|
export type ApprovalStatus = 'PENDING' | 'NEEDS_SECOND_APPROVAL' | 'APPROVED' | 'DENIED' | 'EXPIRED' | 'CANCELLED';
|
|
5
8
|
export type ExecutionStatus = 'PENDING' | 'RUNNING' | 'SUCCEEDED' | 'FAILED' | 'UNDONE';
|
|
6
9
|
export type ActionType = 'read' | 'write' | 'financial' | 'admin';
|
|
@@ -34,6 +37,25 @@ export interface Agent {
|
|
|
34
37
|
public_key: string;
|
|
35
38
|
allowed_tools: string[];
|
|
36
39
|
status: AgentStatus;
|
|
40
|
+
/**
|
|
41
|
+
* When TRUE, the gateway trusts the agent's self-declared `action_type` and
|
|
42
|
+
* skips the server-side category floor. Default FALSE (floor applied). Only
|
|
43
|
+
* enable for agents with a narrow allowed_tools list and tight policy rules.
|
|
44
|
+
*/
|
|
45
|
+
trust_declared_action_type?: boolean;
|
|
46
|
+
/**
|
|
47
|
+
* Controls how the harness's pre-tool-use hook routes tool-permission
|
|
48
|
+
* decisions for this agent. Applies to Claude Code, Codex CLI, Gemini
|
|
49
|
+
* CLI and OpenCode. `bypass` keeps the harness's own permission system
|
|
50
|
+
* in charge (AgentLock not in the loop, no audit trail). `gateway`
|
|
51
|
+
* routes every controlled tool call through AgentLock — fail-closed
|
|
52
|
+
* by default, anything without a matching claudeBash rule is forwarded
|
|
53
|
+
* to the approval inbox. To loosen, add explicit ALLOW rules or set
|
|
54
|
+
* `claudeBash.defaultDecision: 'ALLOW'` per-policy.
|
|
55
|
+
*/
|
|
56
|
+
permission_routing_mode?: PermissionRoutingMode;
|
|
57
|
+
permission_routing_updated_at?: string | null;
|
|
58
|
+
permission_routing_updated_by?: string | null;
|
|
37
59
|
created_by?: string;
|
|
38
60
|
created_at: string;
|
|
39
61
|
updated_at: string;
|
|
@@ -65,11 +87,98 @@ export interface PolicyRules {
|
|
|
65
87
|
allowedDomains: string[];
|
|
66
88
|
allowedMethods: string[];
|
|
67
89
|
blockList: string[];
|
|
90
|
+
/**
|
|
91
|
+
* DANGEROUS: When true, HTTP calls to any domain (except blockList) are permitted
|
|
92
|
+
* without explicit allowlisting. Opt-in only — default safe behavior requires
|
|
93
|
+
* an explicit allowedDomains list. Users must acknowledge the risk in the UI.
|
|
94
|
+
*/
|
|
95
|
+
allowAllDomains?: boolean;
|
|
68
96
|
};
|
|
69
97
|
limits?: {
|
|
70
98
|
maxCostPerAction?: number;
|
|
71
99
|
maxActionsPerHour?: number;
|
|
72
100
|
};
|
|
101
|
+
/**
|
|
102
|
+
* DANGEROUS: Opt-in to disable the hardcoded safety rails that prevent
|
|
103
|
+
* auto-approval of financial/admin actions. When a category is set to true,
|
|
104
|
+
* explicit ALLOW rules (or permissive defaultMode) for that action_type are
|
|
105
|
+
* honored instead of being force-upgraded to REQUIRE_APPROVAL. Users must
|
|
106
|
+
* acknowledge the risk in the UI.
|
|
107
|
+
*/
|
|
108
|
+
allowHighRiskAutoApproval?: {
|
|
109
|
+
financial?: boolean;
|
|
110
|
+
admin?: boolean;
|
|
111
|
+
};
|
|
112
|
+
/**
|
|
113
|
+
* SSH connector policy. When present, governs `ssh.run` command evaluation
|
|
114
|
+
* via glob pattern rules (with `/regex/` as an escape hatch), plus host/user
|
|
115
|
+
* allowlists that constrain which stored SSH credentials may be used.
|
|
116
|
+
*/
|
|
117
|
+
ssh?: {
|
|
118
|
+
allowedHosts: string[];
|
|
119
|
+
allowedUsers: string[];
|
|
120
|
+
commandRules: Array<{
|
|
121
|
+
pattern: string;
|
|
122
|
+
decision: PolicyDecision;
|
|
123
|
+
require_two_approvals?: boolean;
|
|
124
|
+
allowed_approvers?: string[];
|
|
125
|
+
description?: string;
|
|
126
|
+
}>;
|
|
127
|
+
defaultDecision: PolicyDecision;
|
|
128
|
+
};
|
|
129
|
+
/**
|
|
130
|
+
* Optional domain→VPN routing table. When a tool targets a domain that
|
|
131
|
+
* matches one of these patterns, the policy engine attaches the listed
|
|
132
|
+
* WireGuard credential regardless of what VPN (if any) the primary
|
|
133
|
+
* credential references. First match wins; later entries are ignored.
|
|
134
|
+
*
|
|
135
|
+
* Patterns support an optional `*.` prefix for wildcard subdomain match
|
|
136
|
+
* (e.g. `*.corp.example` matches `www.corp.example` and `api.corp.example`
|
|
137
|
+
* but not `corp.example` itself). Exact hostnames match literally.
|
|
138
|
+
*
|
|
139
|
+
* Engine-level enforcement is a separate concern — this schema exists so
|
|
140
|
+
* the UI + SDK can store the mapping today; the evaluator reads it when
|
|
141
|
+
* the routing enforcement lands.
|
|
142
|
+
*/
|
|
143
|
+
vpnRoutes?: Array<{
|
|
144
|
+
domainPattern: string;
|
|
145
|
+
vpnCredentialId: string;
|
|
146
|
+
}>;
|
|
147
|
+
/**
|
|
148
|
+
* User-defined rules for the Claude Code Bash tool. First match wins;
|
|
149
|
+
* rules below are ignored. Each rule's `pattern` is a glob matched against
|
|
150
|
+
* the FULL command string — `grep` matches only `grep`; use `grep *` to
|
|
151
|
+
* also match `grep /home/foo`. Wrap a pattern in `/.../` for a raw regex
|
|
152
|
+
* when globs aren't enough (patterns containing ^ $ ( ) | \ are also
|
|
153
|
+
* treated as regex for backward compat).
|
|
154
|
+
*
|
|
155
|
+
* If no rule matches and `defaultDecision` is unset, the routing endpoint
|
|
156
|
+
* forwards the command for approval (fail-closed). Setting
|
|
157
|
+
* `defaultDecision` applies that decision to every unmatched command.
|
|
158
|
+
*/
|
|
159
|
+
claudeBash?: {
|
|
160
|
+
rules: Array<{
|
|
161
|
+
pattern: string;
|
|
162
|
+
decision: PolicyDecision;
|
|
163
|
+
description?: string;
|
|
164
|
+
/**
|
|
165
|
+
* Per-rule two-person approval. Mirrors the same field on `rules[]`
|
|
166
|
+
* and `ssh.commandRules[]`. When set, an approval generated from
|
|
167
|
+
* this rule needs two distinct approvers regardless of what the
|
|
168
|
+
* surrounding `tool: 'permission.claude_code'` rule says — letting
|
|
169
|
+
* admins tighten OR loosen the requirement on a per-command basis.
|
|
170
|
+
*/
|
|
171
|
+
require_two_approvals?: boolean;
|
|
172
|
+
/**
|
|
173
|
+
* Per-rule approver allowlist. UUIDs of users who may decide an
|
|
174
|
+
* approval generated from this rule; empty/unset means anyone with
|
|
175
|
+
* approver-or-higher can decide. Same semantics as the field on
|
|
176
|
+
* top-level `rules[]`.
|
|
177
|
+
*/
|
|
178
|
+
allowed_approvers?: string[];
|
|
179
|
+
}>;
|
|
180
|
+
defaultDecision?: PolicyDecision;
|
|
181
|
+
};
|
|
73
182
|
}
|
|
74
183
|
export interface PolicyRule {
|
|
75
184
|
action_type?: ActionType;
|
|
@@ -77,12 +186,19 @@ export interface PolicyRule {
|
|
|
77
186
|
domain?: string;
|
|
78
187
|
decision: PolicyDecision;
|
|
79
188
|
require_two_approvals?: boolean;
|
|
189
|
+
allowed_approvers?: string[];
|
|
80
190
|
}
|
|
81
191
|
export interface PolicyEvaluationResult {
|
|
82
192
|
decision: PolicyDecision;
|
|
83
193
|
risk_level: RiskLevel;
|
|
84
194
|
reason: string;
|
|
85
195
|
matched_rule?: PolicyRule;
|
|
196
|
+
/**
|
|
197
|
+
* The action_type used for the decision after applying the server-side
|
|
198
|
+
* category floor. Equals the declared action_type unless the floor raised it
|
|
199
|
+
* (e.g. an agent declared `read` for `stripe.charge`, server floored to `financial`).
|
|
200
|
+
*/
|
|
201
|
+
effective_action_type?: ActionType;
|
|
86
202
|
}
|
|
87
203
|
export interface ApprovalRequest {
|
|
88
204
|
id: string;
|
|
@@ -113,6 +229,21 @@ export interface ActionPreview {
|
|
|
113
229
|
impact?: string;
|
|
114
230
|
cost_estimate?: number;
|
|
115
231
|
raw_action?: Record<string, unknown>;
|
|
232
|
+
/**
|
|
233
|
+
* The raw Bash command string for `permission.claude_code` approvals where
|
|
234
|
+
* the underlying tool is Bash. Used by the approval UI's "Approve and
|
|
235
|
+
* remember" affordance to seed the rule-pattern suggestion. Truncated to
|
|
236
|
+
* 2000 chars, redaction applied. Never set for Edit/Write/etc.
|
|
237
|
+
*/
|
|
238
|
+
command?: string;
|
|
239
|
+
/**
|
|
240
|
+
* For `permission.claude_code` previews — the underlying Claude Code tool
|
|
241
|
+
* that triggered the approval (`Bash`, `Edit`, `Write`, …). Lets the UI
|
|
242
|
+
* show the rule-creation flow only when the surface supports it.
|
|
243
|
+
*/
|
|
244
|
+
claude_tool?: string;
|
|
245
|
+
declared_action_type?: ActionType;
|
|
246
|
+
effective_action_type?: ActionType;
|
|
116
247
|
}
|
|
117
248
|
export interface ActionExecution {
|
|
118
249
|
id: string;
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,QAAQ,CAAC;AACtE,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,SAAS,GAAG,WAAW,CAAC;AAC7D,MAAM,MAAM,gBAAgB,GAAG,aAAa,GAAG,SAAS,GAAG,YAAY,CAAC;AACxE,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,uBAAuB,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,GAAG,WAAW,CAAC;AACnH,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC;AACxF,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,OAAO,GAAG,WAAW,GAAG,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,QAAQ,CAAC;AACtE,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,SAAS,GAAG,WAAW,CAAC;AAC7D,MAAM,MAAM,gBAAgB,GAAG,aAAa,GAAG,SAAS,GAAG,YAAY,CAAC;AACxE,MAAM,MAAM,qBAAqB,GAAG,QAAQ,GAAG,SAAS,CAAC;AACzD,8TAA8T;AAC9T,MAAM,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACzD,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,uBAAuB,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,GAAG,WAAW,CAAC;AACnH,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC;AACxF,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,OAAO,GAAG,WAAW,GAAG,OAAO,CAAC;AAElE,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,kBAAkB,GAAG,OAAO,CAAC;AACpE,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE/D,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,OAAO,CAAC;IACnB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,aAAa,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,KAAK;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,gBAAgB,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,MAAM,EAAE,WAAW,CAAC;IACpB;;;;OAIG;IACH,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC;;;;;;;;;OASG;IACH,uBAAuB,CAAC,EAAE,qBAAqB,CAAC;IAChD,6BAA6B,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9C,6BAA6B,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;IACpB,KAAK,EAAE,WAAW,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,OAAO,GAAG,kBAAkB,GAAG,OAAO,CAAC;IACpD,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,IAAI,CAAC,EAAE;QACL,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB;;;;WAIG;QACH,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,CAAC;IACF,MAAM,CAAC,EAAE;QACP,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF;;;;;;OAMG;IACH,yBAAyB,CAAC,EAAE;QAC1B,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,KAAK,CAAC,EAAE,OAAO,CAAC;KACjB,CAAC;IACF;;;;OAIG;IACH,GAAG,CAAC,EAAE;QACJ,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,YAAY,EAAE,KAAK,CAAC;YAClB,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,cAAc,CAAC;YACzB,qBAAqB,CAAC,EAAE,OAAO,CAAC;YAChC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;YAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;SACtB,CAAC,CAAC;QACH,eAAe,EAAE,cAAc,CAAC;KACjC,CAAC;IACF;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,EAAE,KAAK,CAAC;QAChB,aAAa,EAAE,MAAM,CAAC;QACtB,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC,CAAC;IACH;;;;;;;;;;;OAWG;IACH,UAAU,CAAC,EAAE;QACX,KAAK,EAAE,KAAK,CAAC;YACX,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,cAAc,CAAC;YACzB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;;;eAMG;YACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;YAChC;;;;;eAKG;YACH,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;SAC9B,CAAC,CAAC;QACH,eAAe,CAAC,EAAE,cAAc,CAAC;KAClC,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,cAAc,CAAC;IACzB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,UAAU,CAAC;IAC1B;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,UAAU,CAAC;CACpC;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,cAAc,CAAC;IACvB,WAAW,EAAE,UAAU,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,aAAa,CAAC;IACvB,UAAU,EAAE,SAAS,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,sBAAsB,EAAE,OAAO,CAAC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oBAAoB,CAAC,EAAE,UAAU,CAAC;IAClC,qBAAqB,CAAC,EAAE,UAAU,CAAC;CACpC;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,UAAU,CAAC;IACxB,MAAM,EAAE,eAAe,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7C,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,oBAAoB,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;AAEnE,MAAM,MAAM,WAAW,GACnB,cAAc,GACd,eAAe,GACf,cAAc,GACd,0BAA0B,GAC1B,kBAAkB,GAClB,kBAAkB,GAClB,oBAAoB,GACpB,mBAAmB,GACnB,gBAAgB,GAChB,gBAAgB,GAChB,eAAe,CAAC;AAEpB,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,MAAM,EAAE,oBAAoB,CAAC;IAC7B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,UAAU,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,cAAc,CAAC;IACzB,MAAM,EAAE,cAAc,GAAG,SAAS,GAAG,SAAS,CAAC;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB"}
|