agentlock-shared 0.2.0 → 0.3.0

package/dist/ssh-fingerprint.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.normalizeSshHostKeyFingerprint = normalizeSshHostKeyFingerprint;
+/**
+ * Normalize an SSH host-key fingerprint to canonical lowercase SHA-256 hex.
+ *
+ * Accepted input forms:
+ * - 64-char hex digest
+ * - OpenSSH-style `SHA256:<base64>`
+ * - bare base64 / url-safe base64 (43/44 chars, optional padding)
+ */
+function normalizeSshHostKeyFingerprint(fp) {
+    const stripped = fp.trim().replace(/^sha256:/i, '').replace(/\s+/g, '');
+    if (stripped.length === 0) {
+        throw new Error('Empty host key fingerprint');
+    }
+    if (/^[0-9a-f]{64}$/i.test(stripped)) {
+        return stripped.toLowerCase();
+    }
+    const b64Like = /^[A-Za-z0-9+/_-]{43,44}={0,2}$/.test(stripped);
+    if (b64Like) {
+        const normalized = stripped.replace(/-/g, '+').replace(/_/g, '/');
+        const padded = normalized.length % 4 === 0
+            ? normalized
+            : normalized + '='.repeat(4 - (normalized.length % 4));
+        const decoded = decodeBase64Bytes(padded);
+        if (decoded && decoded.length === 32) {
+            return Array.from(decoded, (byte) => byte.toString(16).padStart(2, '0')).join('');
+        }
+    }
+    throw new Error(`Invalid SHA-256 host key fingerprint: expected 64-char hex or base64 (OpenSSH-style), got ${stripped.length} chars`);
+}
+function decodeBase64Bytes(base64) {
+    try {
+        if (typeof Buffer !== 'undefined') {
+            return Uint8Array.from(Buffer.from(base64, 'base64'));
+        }
+        if (typeof globalThis.atob === 'function') {
+            const binary = globalThis.atob(base64);
+            const bytes = new Uint8Array(binary.length);
+            for (let i = 0; i < binary.length; i += 1) {
+                bytes[i] = binary.charCodeAt(i);
+            }
+            return bytes;
+        }
+    }
+    catch {
+        return null;
+    }
+    return null;
+}
+//# sourceMappingURL=ssh-fingerprint.js.map

package/dist/ssh-fingerprint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssh-fingerprint.js","sourceRoot":"","sources":["../src/ssh-fingerprint.ts"],"names":[],"mappings":";;AAQA,wEAyBC;AAjCD;;;;;;;GAOG;AACH,SAAgB,8BAA8B,CAAC,EAAU;IACvD,MAAM,QAAQ,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACxE,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,iBAAiB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrC,OAAO,QAAQ,CAAC,WAAW,EAAE,CAAC;IAChC,CAAC;IAED,MAAM,OAAO,GAAG,gCAAgC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAChE,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;YACxC,CAAC,CAAC,UAAU;YACZ,CAAC,CAAC,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAC1C,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YACrC,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACpF,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CACb,6FAA6F,QAAQ,CAAC,MAAM,QAAQ,CACrH,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAc;IACvC,IAAI,CAAC;QACH,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;YAClC,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,OAAO,UAAU,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACvC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAClC,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/ssrf.d.ts

@@ -0,0 +1,36 @@
+/** True iff the literal `ip` string falls inside one of BLOCKED_IP_RANGES. */
+export declare function isPrivateIP(ip: string): boolean;
+/**
+ * Test whether an IPv4 dotted-quad is inside an IPv4 CIDR block.
+ * Used by the VPN allow-list path: addresses inside `peer.allowedIPs` are
+ * intentionally reachable through the tunnel and should not be blocked by
+ * the standard private-IP checks.
+ * Returns false for malformed inputs, non-IPv4 addresses, or IPv6 CIDRs.
+ * 32-bit math is kept in unsigned space via `>>> 0`.
+ */
+export declare function ipv4InCidr(ip: string, cidr: string): boolean;
+/**
+ * Resolver used by validateNotSSRF. Default = node's `dns/promises`. The HTTP
+ * connector passes in a version backed by its `createPinnedLookup()` cache
+ * so the IP the check sees is byte-for-byte the one the socket will connect
+ * to — closes a DNS-rebinding window where an attacker-controlled TTL=0
+ * record returns a public IP to validateNotSSRF and a private IP to the
+ * subsequent TCP connect.
+ */
+export type SsrfResolver = (hostname: string) => Promise<string[]>;
+/**
+ * Validate that a URL does not target a private/internal address.
+ *
+ * The `allowedPrivateCidrs` list exempts specific IPv4 CIDRs that a
+ * WireGuard VPN peer announces as reachable (peer.allowedIPs). This keeps
+ * the SSRF check active for everything outside the tunnel — including
+ * cloud metadata endpoints — even when a VPN is in use.
+ *
+ * Fails closed on DNS resolution errors: an unreachable hostname can't be
+ * verified as public and could be a DNS-rebinding attempt.
+ *
+ * Pass `resolver` (e.g. a pinnedLookup-backed one) to share the same DNS
+ * answer with the connect path and remove the TOCTOU window.
+ */
+export declare function validateNotSSRF(url: string, allowedPrivateCidrs?: string[], resolver?: SsrfResolver): Promise<void>;
+//# sourceMappingURL=ssrf.d.ts.map

package/dist/ssrf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf.d.ts","sourceRoot":"","sources":["../src/ssrf.ts"],"names":[],"mappings":"AAwCA,8EAA8E;AAC9E,wBAAgB,WAAW,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAE/C;AAED;;;;;;;GAOG;AACH,wBAAgB,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAiB5D;AAqBD;;;;;;;GAOG;AACH,MAAM,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AAQnE;;;;;;;;;;;;;GAaG;AACH,wBAAsB,eAAe,CACnC,GAAG,EAAE,MAAM,EACX,mBAAmB,GAAE,MAAM,EAAO,EAClC,QAAQ,GAAE,YAA8B,GACvC,OAAO,CAAC,IAAI,CAAC,CA6Bf"}

package/dist/ssrf.js

@@ -0,0 +1,140 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isPrivateIP = isPrivateIP;
+exports.ipv4InCidr = ipv4InCidr;
+exports.validateNotSSRF = validateNotSSRF;
+const promises_1 = require("dns/promises");
+const net_1 = require("net");
+/**
+ * Regex patterns covering the address ranges we refuse to reach from
+ * server-side fetches: RFC 1918 private, loopback, link-local (incl. cloud
+ * metadata 169.254.169.254), CGNAT, multicast, broadcast, IPv6 equivalents.
+ * Single source of truth for both the Runner and the Web inline executor —
+ * previously these lists were duplicated and could drift apart.
+ *
+ * NOTE: this module imports Node's `dns/promises` and is therefore server-
+ * only. It is NOT re-exported from `agentlock-shared/index.ts` — if it were,
+ * Next.js client bundles transitively importing the barrel would fail to
+ * resolve `dns/promises`. Import from the `agentlock-shared/ssrf` subpath
+ * in server-only code (HTTP/MCP connectors, webhook-side validators).
+ */
+const BLOCKED_IP_RANGES = [
+    /^127\./, // loopback
+    /^10\./, // RFC 1918
+    /^172\.(1[6-9]|2\d|3[01])\./, // RFC 1918
+    /^192\.168\./, // RFC 1918
+    /^169\.254\./, // link-local (cloud metadata endpoints)
+    /^0\./, // current network
+    /^100\.(6[4-9]|[7-9]\d|1[01]\d|12[0-7])\./, // CGNAT (RFC 6598)
+    /^192\.0\.0\./, // IETF protocol assignments
+    /^198\.(1[89])\./, // benchmark testing (RFC 2544)
+    /^224\./, // multicast
+    /^240\./, // reserved (class E)
+    /^255\.255\.255\.255$/, // broadcast
+    /^::1$/, // IPv6 loopback
+    /^::$/, // IPv6 unspecified
+    /^::ffff:/i, // IPv4-mapped IPv6
+    /^fe80:/i, // IPv6 link-local
+    /^fc00:/i, // IPv6 unique local
+    /^fd/i, // IPv6 unique local
+    /^ff0[0-9a-f]:/i, // IPv6 multicast
+    /^64:ff9b:/i, // NAT64 (RFC 6052) — embeds an IPv4 that can map to a forbidden range (e.g. metadata)
+    /^2002:/i, // 6to4 (RFC 3056) — embeds an IPv4 that can map to a forbidden range
+];
+/** True iff the literal `ip` string falls inside one of BLOCKED_IP_RANGES. */
+function isPrivateIP(ip) {
+    return BLOCKED_IP_RANGES.some((re) => re.test(ip));
+}
+/**
+ * Test whether an IPv4 dotted-quad is inside an IPv4 CIDR block.
+ * Used by the VPN allow-list path: addresses inside `peer.allowedIPs` are
+ * intentionally reachable through the tunnel and should not be blocked by
+ * the standard private-IP checks.
+ * Returns false for malformed inputs, non-IPv4 addresses, or IPv6 CIDRs.
+ * 32-bit math is kept in unsigned space via `>>> 0`.
+ */
+function ipv4InCidr(ip, cidr) {
+    const slash = cidr.indexOf('/');
+    if (slash < 0)
+        return false;
+    const net = cidr.slice(0, slash);
+    const bits = parseInt(cidr.slice(slash + 1), 10);
+    if (!Number.isInteger(bits) || bits < 0 || bits > 32)
+        return false;
+    const ipOct = ip.split('.').map((s) => Number(s));
+    const netOct = net.split('.').map((s) => Number(s));
+    if (ipOct.length !== 4 || netOct.length !== 4)
+        return false;
+    if (ipOct.some((n) => !Number.isInteger(n) || n < 0 || n > 255))
+        return false;
+    if (netOct.some((n) => !Number.isInteger(n) || n < 0 || n > 255))
+        return false;
+    const ipInt = (((ipOct[0] << 24) | (ipOct[1] << 16) | (ipOct[2] << 8) | ipOct[3]) >>> 0);
+    const netInt = (((netOct[0] << 24) | (netOct[1] << 16) | (netOct[2] << 8) | netOct[3]) >>> 0);
+    const mask = bits === 0 ? 0 : ((-1 << (32 - bits)) >>> 0);
+    return (ipInt & mask) === (netInt & mask);
+}
+function normalizeHostname(hostname) {
+    if (hostname.startsWith('[') && hostname.endsWith(']')) {
+        return hostname.slice(1, -1);
+    }
+    return hostname;
+}
+function checkIPv4MappedIPv6(hostname) {
+    const hexMatch = hostname.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/i);
+    if (hexMatch) {
+        const hi = parseInt(hexMatch[1], 16);
+        const lo = parseInt(hexMatch[2], 16);
+        const ipv4 = `${hi >> 8}.${hi & 0xff}.${lo >> 8}.${lo & 0xff}`;
+        if (isPrivateIP(ipv4)) {
+            throw new Error(`SSRF blocked: IPv4-mapped IPv6 resolves to private ${ipv4}`);
+        }
+    }
+}
+const defaultResolver = async (hostname) => {
+    const ipv4 = await (0, promises_1.resolve4)(hostname).catch(() => []);
+    const ipv6 = await (0, promises_1.resolve6)(hostname).catch(() => []);
+    return [...ipv4, ...ipv6];
+};
+/**
+ * Validate that a URL does not target a private/internal address.
+ *
+ * The `allowedPrivateCidrs` list exempts specific IPv4 CIDRs that a
+ * WireGuard VPN peer announces as reachable (peer.allowedIPs). This keeps
+ * the SSRF check active for everything outside the tunnel — including
+ * cloud metadata endpoints — even when a VPN is in use.
+ *
+ * Fails closed on DNS resolution errors: an unreachable hostname can't be
+ * verified as public and could be a DNS-rebinding attempt.
+ *
+ * Pass `resolver` (e.g. a pinnedLookup-backed one) to share the same DNS
+ * answer with the connect path and remove the TOCTOU window.
+ */
+async function validateNotSSRF(url, allowedPrivateCidrs = [], resolver = defaultResolver) {
+    const parsed = new URL(url);
+    const hostname = normalizeHostname(parsed.hostname);
+    const isAllowedByCidr = (ip) => allowedPrivateCidrs.some((cidr) => ipv4InCidr(ip, cidr));
+    if (isPrivateIP(hostname) && !isAllowedByCidr(hostname)) {
+        throw new Error(`SSRF blocked: private IP address ${hostname}`);
+    }
+    checkIPv4MappedIPv6(hostname);
+    if ((0, net_1.isIP)(hostname))
+        return;
+    try {
+        const allIPs = await resolver(hostname);
+        if (allIPs.length === 0) {
+            throw new Error(`SSRF check failed: DNS resolution returned no addresses for ${hostname}`);
+        }
+        for (const ip of allIPs) {
+            if (isPrivateIP(ip) && !isAllowedByCidr(ip)) {
+                throw new Error(`SSRF blocked: ${hostname} resolves to private IP ${ip}`);
+            }
+        }
+    }
+    catch (e) {
+        if (e.message.startsWith('SSRF blocked'))
+            throw e;
+        throw new Error(`SSRF check failed: DNS resolution error for ${hostname}`);
+    }
+}
+//# sourceMappingURL=ssrf.js.map

package/dist/ssrf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf.js","sourceRoot":"","sources":["../src/ssrf.ts"],"names":[],"mappings":";;AAyCA,kCAEC;AAUD,gCAiBC;AAmDD,0CAiCC;AA1JD,2CAAkD;AAClD,6BAA2B;AAE3B;;;;;;;;;;;;GAYG;AACH,MAAM,iBAAiB,GAAG;IACxB,QAAQ,EAAE,WAAW;IACrB,OAAO,EAAE,WAAW;IACpB,4BAA4B,EAAE,WAAW;IACzC,aAAa,EAAE,WAAW;IAC1B,aAAa,EAAE,wCAAwC;IACvD,MAAM,EAAE,kBAAkB;IAC1B,0CAA0C,EAAE,mBAAmB;IAC/D,cAAc,EAAE,4BAA4B;IAC5C,iBAAiB,EAAE,+BAA+B;IAClD,QAAQ,EAAE,YAAY;IACtB,QAAQ,EAAE,qBAAqB;IAC/B,sBAAsB,EAAE,YAAY;IACpC,OAAO,EAAE,gBAAgB;IACzB,MAAM,EAAE,mBAAmB;IAC3B,WAAW,EAAE,mBAAmB;IAChC,SAAS,EAAE,kBAAkB;IAC7B,SAAS,EAAE,oBAAoB;IAC/B,MAAM,EAAE,oBAAoB;IAC5B,gBAAgB,EAAE,iBAAiB;IACnC,YAAY,EAAE,sFAAsF;IACpG,SAAS,EAAE,qEAAqE;CACjF,CAAC;AAEF,8EAA8E;AAC9E,SAAgB,WAAW,CAAC,EAAU;IACpC,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AACrD,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,UAAU,CAAC,EAAU,EAAE,IAAY;IACjD,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,IAAI,KAAK,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,EAAE;QAAE,OAAO,KAAK,CAAC;IAEnE,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5D,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC9E,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAE/E,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IACzF,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9F,MAAM,IAAI,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IAC1D,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvD,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/B,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgB;IAC3C,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC7E,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,EAAE,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,MAAM,IAAI,GAAG,GAAG,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC;QAC/D,IAAI,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,sDAAsD,IAAI,EAAE,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;AACH,CAAC;AAYD,MAAM,eAAe,GAAiB,KAAK,EAAE,QAAQ,EAAE,EAAE;IACvD,MAAM,IAAI,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAc,CAAC,CAAC;IAClE,MAAM,IAAI,GAAG,MAAM,IAAA,mBAAQ,EAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAc,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;AAC5B,CAAC,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACI,KAAK,UAAU,eAAe,CACnC,GAAW,EACX,sBAAgC,EAAE,EAClC,WAAyB,eAAe;IAExC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEpD,MAAM,eAAe,GAAG,CAAC,EAAU,EAAE,EAAE,CACrC,mBAAmB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC;IAE3D,IAAI,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IAC9B,IAAI,IAAA,UAAI,EAAC,QAAQ,CAAC;QAAE,OAAO;IAE3B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,+DAA+D,QAAQ,EAAE,CAAC,CAAC;QAC7F,CAAC;QAED,KAAK,MAAM,EAAE,IAAI,MAAM,EAAE,CAAC;YACxB,IAAI,WAAW,CAAC,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC5C,MAAM,IAAI,KAAK,CAAC,iBAAiB,QAAQ,2BAA2B,EAAE,EAAE,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAK,CAAW,CAAC,OAAO,CAAC,UAAU,CAAC,cAAc,CAAC;YAAE,MAAM,CAAC,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,+CAA+C,QAAQ,EAAE,CAAC,CAAC;IAC7E,CAAC;AACH,CAAC"}

package/dist/types.d.ts

@@ -1,6 +1,9 @@
 export type WorkspaceRole = 'owner' | 'admin' | 'approver' | 'member';
 export type AgentStatus = 'active' | 'revoked' | 'suspended';
 export type AgentEnvironment = 'development' | 'staging' | 'production';
+export type PermissionRoutingMode = 'bypass' | 'gateway';
+/** @deprecated Renamed to {@link PermissionRoutingMode}. Re-exported as an alias for one release so external SDK consumers don't break on import. Note that the value set has also changed from `'local' | 'risky' | 'all'` to `'bypass' | 'gateway'`; consumers passing the old strings will fail validation server-side. */
+export type ClaudePermissionMode = PermissionRoutingMode;
 export type ApprovalStatus = 'PENDING' | 'NEEDS_SECOND_APPROVAL' | 'APPROVED' | 'DENIED' | 'EXPIRED' | 'CANCELLED';
 export type ExecutionStatus = 'PENDING' | 'RUNNING' | 'SUCCEEDED' | 'FAILED' | 'UNDONE';
 export type ActionType = 'read' | 'write' | 'financial' | 'admin';
@@ -34,6 +37,25 @@ export interface Agent {
     public_key: string;
     allowed_tools: string[];
     status: AgentStatus;
+    /**
+     * When TRUE, the gateway trusts the agent's self-declared `action_type` and
+     * skips the server-side category floor. Default FALSE (floor applied). Only
+     * enable for agents with a narrow allowed_tools list and tight policy rules.
+     */
+    trust_declared_action_type?: boolean;
+    /**
+     * Controls how the harness's pre-tool-use hook routes tool-permission
+     * decisions for this agent. Applies to Claude Code, Codex CLI, Gemini
+     * CLI and OpenCode. `bypass` keeps the harness's own permission system
+     * in charge (AgentLock not in the loop, no audit trail). `gateway`
+     * routes every controlled tool call through AgentLock — fail-closed
+     * by default, anything without a matching claudeBash rule is forwarded
+     * to the approval inbox. To loosen, add explicit ALLOW rules or set
+     * `claudeBash.defaultDecision: 'ALLOW'` per-policy.
+     */
+    permission_routing_mode?: PermissionRoutingMode;
+    permission_routing_updated_at?: string | null;
+    permission_routing_updated_by?: string | null;
     created_by?: string;
     created_at: string;
     updated_at: string;
@@ -65,11 +87,98 @@ export interface PolicyRules {
         allowedDomains: string[];
         allowedMethods: string[];
         blockList: string[];
+        /**
+         * DANGEROUS: When true, HTTP calls to any domain (except blockList) are permitted
+         * without explicit allowlisting. Opt-in only — default safe behavior requires
+         * an explicit allowedDomains list. Users must acknowledge the risk in the UI.
+         */
+        allowAllDomains?: boolean;
     };
     limits?: {
         maxCostPerAction?: number;
         maxActionsPerHour?: number;
     };
+    /**
+     * DANGEROUS: Opt-in to disable the hardcoded safety rails that prevent
+     * auto-approval of financial/admin actions. When a category is set to true,
+     * explicit ALLOW rules (or permissive defaultMode) for that action_type are
+     * honored instead of being force-upgraded to REQUIRE_APPROVAL. Users must
+     * acknowledge the risk in the UI.
+     */
+    allowHighRiskAutoApproval?: {
+        financial?: boolean;
+        admin?: boolean;
+    };
+    /**
+     * SSH connector policy. When present, governs `ssh.run` command evaluation
+     * via glob pattern rules (with `/regex/` as an escape hatch), plus host/user
+     * allowlists that constrain which stored SSH credentials may be used.
+     */
+    ssh?: {
+        allowedHosts: string[];
+        allowedUsers: string[];
+        commandRules: Array<{
+            pattern: string;
+            decision: PolicyDecision;
+            require_two_approvals?: boolean;
+            allowed_approvers?: string[];
+            description?: string;
+        }>;
+        defaultDecision: PolicyDecision;
+    };
+    /**
+     * Optional domain→VPN routing table. When a tool targets a domain that
+     * matches one of these patterns, the policy engine attaches the listed
+     * WireGuard credential regardless of what VPN (if any) the primary
+     * credential references. First match wins; later entries are ignored.
+     *
+     * Patterns support an optional `*.` prefix for wildcard subdomain match
+     * (e.g. `*.corp.example` matches `www.corp.example` and `api.corp.example`
+     * but not `corp.example` itself). Exact hostnames match literally.
+     *
+     * Engine-level enforcement is a separate concern — this schema exists so
+     * the UI + SDK can store the mapping today; the evaluator reads it when
+     * the routing enforcement lands.
+     */
+    vpnRoutes?: Array<{
+        domainPattern: string;
+        vpnCredentialId: string;
+    }>;
+    /**
+     * User-defined rules for the Claude Code Bash tool. First match wins;
+     * rules below are ignored. Each rule's `pattern` is a glob matched against
+     * the FULL command string — `grep` matches only `grep`; use `grep *` to
+     * also match `grep /home/foo`. Wrap a pattern in `/.../` for a raw regex
+     * when globs aren't enough (patterns containing ^ $ ( ) | \ are also
+     * treated as regex for backward compat).
+     *
+     * If no rule matches and `defaultDecision` is unset, the routing endpoint
+     * forwards the command for approval (fail-closed). Setting
+     * `defaultDecision` applies that decision to every unmatched command.
+     */
+    claudeBash?: {
+        rules: Array<{
+            pattern: string;
+            decision: PolicyDecision;
+            description?: string;
+            /**
+             * Per-rule two-person approval. Mirrors the same field on `rules[]`
+             * and `ssh.commandRules[]`. When set, an approval generated from
+             * this rule needs two distinct approvers regardless of what the
+             * surrounding `tool: 'permission.claude_code'` rule says — letting
+             * admins tighten OR loosen the requirement on a per-command basis.
+             */
+            require_two_approvals?: boolean;
+            /**
+             * Per-rule approver allowlist. UUIDs of users who may decide an
+             * approval generated from this rule; empty/unset means anyone with
+             * approver-or-higher can decide. Same semantics as the field on
+             * top-level `rules[]`.
+             */
+            allowed_approvers?: string[];
+        }>;
+        defaultDecision?: PolicyDecision;
+    };
 }
 export interface PolicyRule {
     action_type?: ActionType;
@@ -84,6 +193,12 @@ export interface PolicyEvaluationResult {
     risk_level: RiskLevel;
     reason: string;
     matched_rule?: PolicyRule;
+    /**
+     * The action_type used for the decision after applying the server-side
+     * category floor. Equals the declared action_type unless the floor raised it
+     * (e.g. an agent declared `read` for `stripe.charge`, server floored to `financial`).
+     */
+    effective_action_type?: ActionType;
 }
 export interface ApprovalRequest {
     id: string;
@@ -114,6 +229,21 @@ export interface ActionPreview {
     impact?: string;
     cost_estimate?: number;
     raw_action?: Record<string, unknown>;
+    /**
+     * The raw Bash command string for `permission.claude_code` approvals where
+     * the underlying tool is Bash. Used by the approval UI's "Approve and
+     * remember" affordance to seed the rule-pattern suggestion. Truncated to
+     * 2000 chars, redaction applied. Never set for Edit/Write/etc.
+     */
+    command?: string;
+    /**
+     * For `permission.claude_code` previews — the underlying Claude Code tool
+     * that triggered the approval (`Bash`, `Edit`, `Write`, …). Lets the UI
+     * show the rule-creation flow only when the surface supports it.
+     */
+    claude_tool?: string;
+    declared_action_type?: ActionType;
+    effective_action_type?: ActionType;
 }
 export interface ActionExecution {
     id: string;

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,QAAQ,CAAC;AACtE,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,SAAS,GAAG,WAAW,CAAC;AAC7D,MAAM,MAAM,gBAAgB,GAAG,aAAa,GAAG,SAAS,GAAG,YAAY,CAAC;AACxE,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,uBAAuB,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,GAAG,WAAW,CAAC;AACnH,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC;AACxF,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,OAAO,GAAG,WAAW,GAAG,OAAO,CAAC;AAClE,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,kBAAkB,GAAG,OAAO,CAAC;AACpE,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE/D,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,OAAO,CAAC;IACnB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,aAAa,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,KAAK;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,gBAAgB,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,MAAM,EAAE,WAAW,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;IACpB,KAAK,EAAE,WAAW,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,OAAO,GAAG,kBAAkB,GAAG,OAAO,CAAC;IACpD,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,IAAI,CAAC,EAAE;QACL,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,SAAS,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;IACF,MAAM,CAAC,EAAE;QACP,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;KAC5B,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,cAAc,CAAC;IACzB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,UAAU,CAAC;CAC3B;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,cAAc,CAAC;IACvB,WAAW,EAAE,UAAU,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,aAAa,CAAC;IACvB,UAAU,EAAE,SAAS,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,sBAAsB,EAAE,OAAO,CAAC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,UAAU,CAAC;IACxB,MAAM,EAAE,eAAe,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7C,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,oBAAoB,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;AAEnE,MAAM,MAAM,WAAW,GACnB,cAAc,GACd,eAAe,GACf,cAAc,GACd,0BAA0B,GAC1B,kBAAkB,GAClB,kBAAkB,GAClB,oBAAoB,GACpB,mBAAmB,GACnB,gBAAgB,GAChB,gBAAgB,GAChB,eAAe,CAAC;AAEpB,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,MAAM,EAAE,oBAAoB,CAAC;IAC7B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,UAAU,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,cAAc,CAAC;IACzB,MAAM,EAAE,cAAc,GAAG,SAAS,GAAG,SAAS,CAAC;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG,OAAO,GAAG,OAAO,GAAG,UAAU,GAAG,QAAQ,CAAC;AACtE,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,SAAS,GAAG,WAAW,CAAC;AAC7D,MAAM,MAAM,gBAAgB,GAAG,aAAa,GAAG,SAAS,GAAG,YAAY,CAAC;AACxE,MAAM,MAAM,qBAAqB,GAAG,QAAQ,GAAG,SAAS,CAAC;AACzD,8TAA8T;AAC9T,MAAM,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACzD,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,uBAAuB,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,GAAG,WAAW,CAAC;AACnH,MAAM,MAAM,eAAe,GAAG,SAAS,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC;AACxF,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,OAAO,GAAG,WAAW,GAAG,OAAO,CAAC;AAElE,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,kBAAkB,GAAG,OAAO,CAAC;AACpE,MAAM,MAAM,SAAS,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE/D,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,OAAO,CAAC;IACnB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,aAAa,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,KAAK;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,gBAAgB,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,MAAM,EAAE,WAAW,CAAC;IACpB;;;;OAIG;IACH,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC;;;;;;;;;OASG;IACH,uBAAuB,CAAC,EAAE,qBAAqB,CAAC;IAChD,6BAA6B,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9C,6BAA6B,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;IACpB,KAAK,EAAE,WAAW,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,OAAO,GAAG,kBAAkB,GAAG,OAAO,CAAC;IACpD,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,IAAI,CAAC,EAAE;QACL,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,SAAS,EAAE,MAAM,EAAE,CAAC;QACpB;;;;WAIG;QACH,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,CAAC;IACF,MAAM,CAAC,EAAE;QACP,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,iBAAiB,CAAC,EAAE,MAAM,CAAC;KAC5B,CAAC;IACF;;;;;;OAMG;IACH,yBAAyB,CAAC,EAAE;QAC1B,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,KAAK,CAAC,EAAE,OAAO,CAAC;KACjB,CAAC;IACF;;;;OAIG;IACH,GAAG,CAAC,EAAE;QACJ,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,YAAY,EAAE,MAAM,EAAE,CAAC;QACvB,YAAY,EAAE,KAAK,CAAC;YAClB,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,cAAc,CAAC;YACzB,qBAAqB,CAAC,EAAE,OAAO,CAAC;YAChC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;YAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;SACtB,CAAC,CAAC;QACH,eAAe,EAAE,cAAc,CAAC;KACjC,CAAC;IACF;;;;;;;;;;;;;OAaG;IACH,SAAS,CAAC,EAAE,KAAK,CAAC;QAChB,aAAa,EAAE,MAAM,CAAC;QACtB,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC,CAAC;IACH;;;;;;;;;;;OAWG;IACH,UAAU,CAAC,EAAE;QACX,KAAK,EAAE,KAAK,CAAC;YACX,OAAO,EAAE,MAAM,CAAC;YAChB,QAAQ,EAAE,cAAc,CAAC;YACzB,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;;;eAMG;YACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;YAChC;;;;;eAKG;YACH,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;SAC9B,CAAC,CAAC;QACH,eAAe,CAAC,EAAE,cAAc,CAAC;KAClC,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,CAAC,EAAE,UAAU,CAAC;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,cAAc,CAAC;IACzB,qBAAqB,CAAC,EAAE,OAAO,CAAC;IAChC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,UAAU,CAAC;IAC1B;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,UAAU,CAAC;CACpC;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,cAAc,CAAC;IACvB,WAAW,EAAE,UAAU,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,aAAa,CAAC;IACvB,UAAU,EAAE,SAAS,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,sBAAsB,EAAE,OAAO,CAAC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oBAAoB,CAAC,EAAE,UAAU,CAAC;IAClC,qBAAqB,CAAC,EAAE,UAAU,CAAC;CACpC;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,UAAU,CAAC;IACxB,MAAM,EAAE,eAAe,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7C,cAAc,EAAE,OAAO,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,oBAAoB,GAAG,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;AAEnE,MAAM,MAAM,WAAW,GACnB,cAAc,GACd,eAAe,GACf,cAAc,GACd,0BAA0B,GAC1B,kBAAkB,GAClB,kBAAkB,GAClB,oBAAoB,GACpB,mBAAmB,GACnB,gBAAgB,GAChB,gBAAgB,GAChB,eAAe,CAAC;AAEpB,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,MAAM,EAAE,oBAAoB,CAAC;IAC7B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,UAAU,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,cAAc,CAAC;IACzB,MAAM,EAAE,cAAc,GAAG,SAAS,GAAG,SAAS,CAAC;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB"}

package/dist/wireguard.d.ts

@@ -0,0 +1,63 @@
+import { z } from 'zod';
+export declare const WireGuardConfigSchema: z.ZodObject<{
+    privateKey: z.ZodString;
+    address: z.ZodEffects<z.ZodString, string, string>;
+    dns: z.ZodOptional<z.ZodArray<z.ZodEffects<z.ZodString, string, string>, "many">>;
+    mtu: z.ZodOptional<z.ZodNumber>;
+    peer: z.ZodObject<{
+        publicKey: z.ZodString;
+        presharedKey: z.ZodOptional<z.ZodString>;
+        endpoint: z.ZodEffects<z.ZodString, string, string>;
+        allowedIPs: z.ZodArray<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, "many">;
+        persistentKeepalive: z.ZodOptional<z.ZodNumber>;
+    }, "strict", z.ZodTypeAny, {
+        publicKey: string;
+        endpoint: string;
+        allowedIPs: string[];
+        presharedKey?: string | undefined;
+        persistentKeepalive?: number | undefined;
+    }, {
+        publicKey: string;
+        endpoint: string;
+        allowedIPs: string[];
+        presharedKey?: string | undefined;
+        persistentKeepalive?: number | undefined;
+    }>;
+}, "strict", z.ZodTypeAny, {
+    address: string;
+    privateKey: string;
+    peer: {
+        publicKey: string;
+        endpoint: string;
+        allowedIPs: string[];
+        presharedKey?: string | undefined;
+        persistentKeepalive?: number | undefined;
+    };
+    dns?: string[] | undefined;
+    mtu?: number | undefined;
+}, {
+    address: string;
+    privateKey: string;
+    peer: {
+        publicKey: string;
+        endpoint: string;
+        allowedIPs: string[];
+        presharedKey?: string | undefined;
+        persistentKeepalive?: number | undefined;
+    };
+    dns?: string[] | undefined;
+    mtu?: number | undefined;
+}>;
+export type WireGuardConfig = z.infer<typeof WireGuardConfigSchema>;
+/**
+ * Parse a wg-quick-style .conf file into a structured WireGuardConfig.
+ * Exactly one [Interface] and exactly one [Peer] block are required.
+ */
+export declare function parseWireGuardConfig(raw: string): WireGuardConfig;
+export declare const VPN_LIMITS_BY_PLAN: {
+    readonly free: 0;
+    readonly pro: 3;
+    readonly team: 10;
+};
+export type WorkspacePlan = keyof typeof VPN_LIMITS_BY_PLAN;
+//# sourceMappingURL=wireguard.d.ts.map

package/dist/wireguard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wireguard.d.ts","sourceRoot":"","sources":["../src/wireguard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AA8GxB,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA4CvB,CAAC;AAEZ,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,CA0DjE;AAED,eAAO,MAAM,kBAAkB;;;;CAIrB,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,MAAM,OAAO,kBAAkB,CAAC"}