agentlock-shared 0.2.0 → 0.3.0

package/dist/wireguard.js

@@ -0,0 +1,226 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VPN_LIMITS_BY_PLAN = exports.WireGuardConfigSchema = void 0;
+exports.parseWireGuardConfig = parseWireGuardConfig;
+const zod_1 = require("zod");
+const WG_KEY_RE = /^[A-Za-z0-9+/]{43}=$/;
+const WG_ENDPOINT_RE = /^[a-zA-Z0-9.-]+:\d{1,5}$/;
+const WG_CIDR_RE = /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/\d{1,2}$/;
+function isValidIpv4Cidr(cidr) {
+    const [ip, prefix] = cidr.split('/');
+    if (!ip || !prefix)
+        return false;
+    const octets = ip.split('.');
+    if (octets.length !== 4)
+        return false;
+    for (const o of octets) {
+        const n = Number(o);
+        if (!Number.isInteger(n) || n < 0 || n > 255)
+            return false;
+    }
+    const p = Number(prefix);
+    return Number.isInteger(p) && p >= 0 && p <= 32;
+}
+/**
+ * Reject AllowedIPs entries that route so broadly that they would effectively
+ * turn the tunnel into a catch-all proxy. The HTTP/MCP connectors use the
+ * peer's `allowedIPs` as an SSRF exemption list; a 0/0 entry would make
+ * cloud-metadata endpoints and unrelated private networks reachable via a
+ * single misconfigured credential.
+ *
+ * Blocks:
+ *   - 0.0.0.0/0 (default route)
+ *   - Any prefix ≤ 7 (anything broader than /8 covers &gt; 1 Class-A network)
+ *
+ * A workspace admin who genuinely needs to proxy the whole internet must use
+ * narrower, intentionally listed CIDRs.
+ */
+function isAllowedIpsEntry(cidr) {
+    if (!isValidIpv4Cidr(cidr))
+        return false;
+    const [ip, prefixStr] = cidr.split('/');
+    const prefix = Number(prefixStr);
+    // 0.0.0.0/0 is explicitly the "route everything" default — forbid.
+    if (ip === '0.0.0.0' && prefix === 0)
+        return false;
+    // Any prefix 0–7 is a supernet of many /8s and is almost never legitimate.
+    if (prefix < 8)
+        return false;
+    // Block ranges that must never be tunnel-reachable (loopback, link-local /
+    // cloud-metadata, 0.0.0.0/8) even via an otherwise-legitimate VPN — this
+    // closes the `169.254.169.254/32` SSRF-exemption pivot. RFC1918 / CGNAT stay
+    // allowed because reaching a private remote network is the point of a VPN.
+    if (allowedIpsOverlapsForbidden(cidr))
+        return false;
+    return true;
+}
+function ipv4ToInt(ip) {
+    const octets = ip.split('.');
+    if (octets.length !== 4)
+        return null;
+    let value = 0;
+    for (const o of octets) {
+        const n = Number(o);
+        if (!Number.isInteger(n) || n < 0 || n > 255)
+            return null;
+        value = value * 256 + n;
+    }
+    return value >>> 0;
+}
+function cidrRangeV4(cidr) {
+    const [ip, prefixStr] = cidr.split('/');
+    const base = ipv4ToInt(ip);
+    if (base === null)
+        return null;
+    const prefix = Number(prefixStr);
+    if (!Number.isInteger(prefix) || prefix < 0 || prefix > 32)
+        return null;
+    const mask = prefix === 0 ? 0 : (0xffffffff << (32 - prefix)) >>> 0;
+    const network = (base & mask) >>> 0;
+    const broadcast = (network | (~mask >>> 0)) >>> 0;
+    return [network, broadcast];
+}
+/**
+ * Addresses that must never be reachable through the tunnel, even though a
+ * tunnel's AllowedIPs are deliberately exempt from the SSRF guard. RFC1918 and
+ * CGNAT are intentionally NOT here — reaching a private remote network is the
+ * whole point of a VPN credential. What stays blocked is the runner's own
+ * loopback, the link-local / cloud-metadata range, and the 0.0.0.0/8 wildcard.
+ */
+const TUNNEL_FORBIDDEN_V4_CIDRS = ['0.0.0.0/8', '127.0.0.0/8', '169.254.0.0/16'];
+function isForbiddenTunnelIpv4(ip) {
+    const value = ipv4ToInt(ip);
+    if (value === null)
+        return false;
+    return TUNNEL_FORBIDDEN_V4_CIDRS.some((cidr) => {
+        const range = cidrRangeV4(cidr);
+        return range !== null && value >= range[0] && value <= range[1];
+    });
+}
+function isForbiddenTunnelIpv6(ip) {
+    const lower = ip.toLowerCase();
+    if (lower === '::1')
+        return true; // loopback
+    if (lower.startsWith('fe80:'))
+        return true; // link-local
+    const mapped = lower.match(/::ffff:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/);
+    if (mapped)
+        return isForbiddenTunnelIpv4(mapped[1]);
+    return false;
+}
+/** True if an AllowedIPs CIDR overlaps any tunnel-forbidden range. */
+function allowedIpsOverlapsForbidden(cidr) {
+    const range = cidrRangeV4(cidr);
+    if (range === null)
+        return false;
+    return TUNNEL_FORBIDDEN_V4_CIDRS.some((blocked) => {
+        const b = cidrRangeV4(blocked);
+        return b !== null && range[0] <= b[1] && b[0] <= range[1];
+    });
+}
+exports.WireGuardConfigSchema = zod_1.z.object({
+    privateKey: zod_1.z.string().regex(WG_KEY_RE, 'Invalid WireGuard private key'),
+    address: zod_1.z
+        .string()
+        .regex(WG_CIDR_RE, 'Invalid CIDR for Address')
+        .refine(isValidIpv4Cidr, 'Invalid IPv4 CIDR'),
+    dns: zod_1.z
+        .array(zod_1.z
+        .string()
+        .ip()
+        .refine((ip) => !isForbiddenTunnelIpv4(ip) && !isForbiddenTunnelIpv6(ip), 'DNS server must not be a loopback, link-local or cloud-metadata address'))
+        .max(4)
+        .optional(),
+    mtu: zod_1.z.number().int().min(576).max(9000).optional(),
+    peer: zod_1.z.object({
+        publicKey: zod_1.z.string().regex(WG_KEY_RE, 'Invalid peer public key'),
+        presharedKey: zod_1.z.string().regex(WG_KEY_RE, 'Invalid preshared key').optional(),
+        endpoint: zod_1.z
+            .string()
+            .regex(WG_ENDPOINT_RE, 'Endpoint must be host:port')
+            .refine((s) => {
+            const port = Number(s.split(':').pop());
+            return Number.isInteger(port) && port >= 1 && port <= 65535;
+        }, 'Endpoint port must be between 1 and 65535'),
+        allowedIPs: zod_1.z
+            .array(zod_1.z
+            .string()
+            .regex(WG_CIDR_RE, 'Invalid CIDR in AllowedIPs')
+            .refine(isValidIpv4Cidr, 'Invalid IPv4 CIDR')
+            .refine(isAllowedIpsEntry, 'AllowedIPs entries broader than /8 are not allowed (e.g. 0.0.0.0/0). Use a narrower, intentional CIDR.'))
+            .min(1)
+            .max(20),
+        persistentKeepalive: zod_1.z.number().int().min(0).max(65535).optional(),
+    }).strict(),
+}).strict();
+/**
+ * Parse a wg-quick-style .conf file into a structured WireGuardConfig.
+ * Exactly one [Interface] and exactly one [Peer] block are required.
+ */
+function parseWireGuardConfig(raw) {
+    const sections = {};
+    let current = null;
+    const peerBlocks = [];
+    for (const rawLine of raw.split('\n')) {
+        const line = rawLine.replace(/#.*$/, '').trim();
+        if (!line)
+            continue;
+        const sectionMatch = line.match(/^\[(\w+)\]$/);
+        if (sectionMatch) {
+            current = sectionMatch[1];
+            if (current === 'Peer') {
+                peerBlocks.push({});
+            }
+            else if (current === 'Interface') {
+                if (sections[current])
+                    throw new Error('Duplicate [Interface] section');
+                sections[current] = {};
+            }
+            else {
+                sections[current] = {};
+            }
+            continue;
+        }
+        const kvMatch = line.match(/^([A-Za-z]+)\s*=\s*(.+)$/);
+        if (!kvMatch || !current)
+            continue;
+        const [, key, value] = kvMatch;
+        if (current === 'Peer') {
+            const block = peerBlocks[peerBlocks.length - 1];
+            if (key in block)
+                throw new Error(`Duplicate key: ${key}`);
+            block[key] = value;
+        }
+        else {
+            if (key in sections[current])
+                throw new Error(`Duplicate key: ${key}`);
+            sections[current][key] = value;
+        }
+    }
+    if (!sections.Interface)
+        throw new Error('Missing [Interface] section');
+    if (peerBlocks.length !== 1)
+        throw new Error('Config must contain exactly one [Peer] block');
+    const iface = sections.Interface;
+    const peer = peerBlocks[0];
+    const parsed = {
+        privateKey: iface.PrivateKey,
+        address: iface.Address,
+        ...(iface.DNS && { dns: iface.DNS.split(',').map((s) => s.trim()).filter(Boolean) }),
+        ...(iface.MTU && { mtu: parseInt(iface.MTU, 10) }),
+        peer: {
+            publicKey: peer.PublicKey,
+            ...(peer.PresharedKey && { presharedKey: peer.PresharedKey }),
+            endpoint: peer.Endpoint,
+            allowedIPs: (peer.AllowedIPs ?? '').split(',').map((s) => s.trim()).filter(Boolean),
+            ...(peer.PersistentKeepalive && { persistentKeepalive: parseInt(peer.PersistentKeepalive, 10) }),
+        },
+    };
+    return exports.WireGuardConfigSchema.parse(parsed);
+}
+exports.VPN_LIMITS_BY_PLAN = {
+    free: 0,
+    pro: 3,
+    team: 10,
+};
+//# sourceMappingURL=wireguard.js.map

package/dist/wireguard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wireguard.js","sourceRoot":"","sources":["../src/wireguard.ts"],"names":[],"mappings":";;;AAkKA,oDA0DC;AA5ND,6BAAwB;AAExB,MAAM,SAAS,GAAG,sBAAsB,CAAC;AACzC,MAAM,cAAc,GAAG,0BAA0B,CAAC;AAClD,MAAM,UAAU,GAAG,+CAA+C,CAAC;AAEnE,SAAS,eAAe,CAAC,IAAY;IACnC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,CAAC,EAAE,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACjC,MAAM,MAAM,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG;YAAE,OAAO,KAAK,CAAC;IAC7D,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;AAClD,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,SAAS,iBAAiB,CAAC,IAAY;IACrC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACzC,MAAM,CAAC,EAAE,EAAE,SAAS,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IACjC,mEAAmE;IACnE,IAAI,EAAE,KAAK,SAAS,IAAI,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACnD,2EAA2E;IAC3E,IAAI,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7B,2EAA2E;IAC3E,yEAAyE;IACzE,6EAA6E;IAC7E,2EAA2E;IAC3E,IAAI,2BAA2B,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACpD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,SAAS,CAAC,EAAU;IAC3B,MAAM,MAAM,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACrC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG;YAAE,OAAO,IAAI,CAAC;QAC1D,KAAK,GAAG,KAAK,GAAG,GAAG,GAAG,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,KAAK,KAAK,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,MAAM,CAAC,EAAE,EAAE,SAAS,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC3B,IAAI,IAAI,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IACjC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,GAAG,CAAC,IAAI,MAAM,GAAG,EAAE;QAAE,OAAO,IAAI,CAAC;IACxE,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;IACpE,MAAM,OAAO,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAClD,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,yBAAyB,GAAG,CAAC,WAAW,EAAE,aAAa,EAAE,gBAAgB,CAAC,CAAC;AAEjF,SAAS,qBAAqB,CAAC,EAAU;IACvC,MAAM,KAAK,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC5B,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACjC,OAAO,yBAAyB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE;QAC7C,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;QAChC,OAAO,KAAK,KAAK,IAAI,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,qBAAqB,CAAC,EAAU;IACvC,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC;IAC/B,IAAI,KAAK,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC,CAAC,WAAW;IAC7C,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,aAAa;IACzD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAC3E,IAAI,MAAM;QAAE,OAAO,qBAAqB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,sEAAsE;AACtE,SAAS,2BAA2B,CAAC,IAAY;IAC/C,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACjC,OAAO,yBAAyB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QAChD,MAAM,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QAC/B,OAAO,CAAC,KAAK,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;AACL,CAAC;AAEY,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,+BAA+B,CAAC;IACxE,OAAO,EAAE,OAAC;SACP,MAAM,EAAE;SACR,KAAK,CAAC,UAAU,EAAE,0BAA0B,CAAC;SAC7C,MAAM,CAAC,eAAe,EAAE,mBAAmB,CAAC;IAC/C,GAAG,EAAE,OAAC;SACH,KAAK,CACJ,OAAC;SACE,MAAM,EAAE;SACR,EAAE,EAAE;SACJ,MAAM,CACL,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,qBAAqB,CAAC,EAAE,CAAC,IAAI,CAAC,qBAAqB,CAAC,EAAE,CAAC,EAChE,yEAAyE,CAC1E,CACJ;SACA,GAAG,CAAC,CAAC,CAAC;SACN,QAAQ,EAAE;IACb,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE;IACnD,IAAI,EAAE,OAAC,CAAC,MAAM,CAAC;QACb,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,yBAAyB,CAAC;QACjE,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC,QAAQ,EAAE;QAC7E,QAAQ,EAAE,OAAC;aACR,MAAM,EAAE;aACR,KAAK,CAAC,cAAc,EAAE,4BAA4B,CAAC;aACnD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACZ,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;YACxC,OAAO,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,CAAC;QAC9D,CAAC,EAAE,2CAA2C,CAAC;QACjD,UAAU,EAAE,OAAC;aACV,KAAK,CACJ,OAAC;aACE,MAAM,EAAE;aACR,KAAK,CAAC,UAAU,EAAE,4BAA4B,CAAC;aAC/C,MAAM,CAAC,eAAe,EAAE,mBAAmB,CAAC;aAC5C,MAAM,CACL,iBAAiB,EACjB,wGAAwG,CACzG,CACJ;aACA,GAAG,CAAC,CAAC,CAAC;aACN,GAAG,CAAC,EAAE,CAAC;QACV,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE;KACnE,CAAC,CAAC,MAAM,EAAE;CACZ,CAAC,CAAC,MAAM,EAAE,CAAC;AAIZ;;;GAGG;AACH,SAAgB,oBAAoB,CAAC,GAAW;IAC9C,MAAM,QAAQ,GAA2C,EAAE,CAAC;IAC5D,IAAI,OAAO,GAAkB,IAAI,CAAC;IAClC,MAAM,UAAU,GAA6B,EAAE,CAAC;IAEhD,KAAK,MAAM,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAChD,IAAI,CAAC,IAAI;YAAE,SAAS;QAEpB,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAC/C,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;YAC1B,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;gBACvB,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACtB,CAAC;iBAAM,IAAI,OAAO,KAAK,WAAW,EAAE,CAAC;gBACnC,IAAI,QAAQ,CAAC,OAAO,CAAC;oBAAE,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;gBACxE,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACzB,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACzB,CAAC;YACD,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACvD,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;YAAE,SAAS;QACnC,MAAM,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,OAAO,CAAC;QAE/B,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,UAAU,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAChD,IAAI,GAAG,IAAI,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,GAAG,EAAE,CAAC,CAAC;YAC3D,KAAK,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACrB,CAAC;aAAM,CAAC;YACN,IAAI,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,GAAG,EAAE,CAAC,CAAC;YACvE,QAAQ,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACjC,CAAC;IACH,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACxE,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAE7F,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC;IACjC,MAAM,IAAI,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IAE3B,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,GAAG,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QACpF,GAAG,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,CAAC;QAClD,IAAI,EAAE;YACJ,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,GAAG,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;YAC7D,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,UAAU,EAAE,CAAC,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;YACnF,GAAG,CAAC,IAAI,CAAC,mBAAmB,IAAI,EAAE,mBAAmB,EAAE,QAAQ,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,CAAC,EAAE,CAAC;SACjG;KACF,CAAC;IAEF,OAAO,6BAAqB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AAC7C,CAAC;AAEY,QAAA,kBAAkB,GAAG;IAChC,IAAI,EAAE,CAAC;IACP,GAAG,EAAE,CAAC;IACN,IAAI,EAAE,EAAE;CACA,CAAC"}

package/package.json

@@ -1,29 +1,42 @@
-{
-  "name": "agentlock-shared",
-  "version": "0.2.0",
-  "main": "./dist/index.js",
-  "types": "./dist/index.d.ts",
-  "exports": {
-    ".": {
-      "import": "./dist/index.js",
-      "require": "./dist/index.js",
-      "types": "./dist/index.d.ts"
-    }
-  },
-  "scripts": {
-    "build": "tsc",
-    "typecheck": "tsc --noEmit",
-    "test": "vitest run",
-    "test:watch": "vitest"
-  },
-  "dependencies": {
-    "tweetnacl": "^1.0.3",
-    "tweetnacl-util": "^0.15.1",
-    "zod": "^3.23.8"
-  },
-  "devDependencies": {
-    "@types/node": "^22.19.11",
-    "typescript": "^5.6.0",
-    "vitest": "^4.0.18"
-  }
-}
+{
+  "name": "agentlock-shared",
+  "version": "0.3.0",
+  "files": [
+    "dist"
+  ],
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.js"
+    },
+    "./ssrf": {
+      "types": "./dist/ssrf.d.ts",
+      "import": "./dist/ssrf.js",
+      "require": "./dist/ssrf.js"
+    },
+    "./dns-pinning": {
+      "types": "./dist/dns-pinning.d.ts",
+      "import": "./dist/dns-pinning.js",
+      "require": "./dist/dns-pinning.js"
+    }
+  },
+  "dependencies": {
+    "tweetnacl": "^1.0.3",
+    "tweetnacl-util": "^0.15.1",
+    "zod": "^3.23.8"
+  },
+  "devDependencies": {
+    "@types/node": "^22.19.11",
+    "typescript": "^5.6.0",
+    "vitest": "^4.0.18"
+  },
+  "scripts": {
+    "build": "tsc",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  }
+}

package/.turbo/turbo-build.log

@@ -1,4 +0,0 @@
-
-> agentlock-shared@0.1.0 build D:\agentlock\packages\shared
-> tsc
-

package/.turbo/turbo-test.log

@@ -1,76 +0,0 @@
-
-> agentlock-shared@0.1.0 test D:\agentlock\packages\shared
-> vitest run
-
-▲ [WARNING] The condition "types" here will never be used as it comes after both "import" and "require" [package.json]
-
-    package.json:10:6:
-      10 │       "types": "./dist/index.d.ts"
-         ╵       ~~~~~~~
-
-  The "import" condition comes earlier and will be used for all "import" statements:
-
-    package.json:8:6:
-      8 │       "import": "./dist/index.js",
-        ╵       ~~~~~~~~
-
-  The "require" condition comes earlier and will be used for all "require" calls:
-
-    package.json:9:6:
-      9 │       "require": "./dist/index.js",
-        ╵       ~~~~~~~~~
-
-
- RUN  v4.0.18 D:/agentlock/packages/shared
-
- ❯ src/__tests__/policy.test.ts (21 tests | 1 failed) 12ms
-     × should ALLOW read actions by default 7ms
-     ✓ should REQUIRE_APPROVAL for write actions 0ms
-     ✓ should BLOCK admin actions 0ms
-     ✓ should REQUIRE_APPROVAL for financial actions 0ms
-     ✓ should BLOCK disallowed HTTP domains 0ms
-     ✓ should BLOCK explicitly blocklisted domains 0ms
-     ✓ should REQUIRE_APPROVAL for admin actions even when defaultMode is allow 0ms
-     ✓ should REQUIRE_APPROVAL for financial actions even when defaultMode is allow 0ms
-     ✓ should REQUIRE_APPROVAL for admin action even with explicit ALLOW rule 0ms
-     ✓ should REQUIRE_APPROVAL for financial action even with explicit ALLOW rule 0ms
-     ✓ should still respect explicit rules for admin even with defaultMode allow 0ms
-     ✓ should BLOCK when cost exceeds limit 0ms
-     ✓ should enforce HTTP domain allowlist even with mixed-case tool name 0ms
-     ✓ should match tool-specific rules case-insensitively 0ms
-     ✓ should not match subdomain of blocklisted domain (e.g., notevil.com vs evil.com) 0ms
-     ✓ should BLOCK HTTP tool with no URL in payload 0ms
-     ✓ should REQUIRE_APPROVAL for browser.open 0ms
-     ✓ should BLOCK browser.* actions without a session (reaching policy engine) 0ms
-     ✓ should BLOCK unknown action types 0ms
-     ✓ should not enforce budget check when cost_estimate is omitted 0ms
-     ✓ should REQUIRE_APPROVAL when HTTP allowlist is empty (safe default) 0ms
- ✓ src/__tests__/redact.test.ts (5 tests) 5ms
- ✓ src/__tests__/signing.test.ts (7 tests) 73ms
- ✓ src/__tests__/messaging.test.ts (11 tests) 7ms
-
-⎯⎯⎯⎯⎯⎯⎯ Failed Tests 1 ⎯⎯⎯⎯⎯⎯⎯
-
- FAIL  src/__tests__/policy.test.ts > Policy Engine > should ALLOW read actions by default
-AssertionError: expected 'BLOCK' to be 'ALLOW' // Object.is equality
-
-Expected: "ALLOW"
-Received: "BLOCK"
-
- ❯ src/__tests__/policy.test.ts:8:67
-      6|   it('should ALLOW read actions by default', () => {
-      7|     const action: AgentActionRequest = { action_type: 'read', tool: 'h…
-      8|     expect(evaluatePolicy(action, DEFAULT_POLICY_RULES).decision).toBe…
-       |                                                                   ^
-      9|   });
-     10| 
-
-⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯[1/1]⎯
-
-
- Test Files  1 failed | 3 passed (4)
-      Tests  1 failed | 43 passed (44)
-   Start at  00:05:31
-   Duration  738ms (transform 982ms, setup 0ms, import 1.39s, tests 96ms, environment 1ms)
-
- ELIFECYCLE  Test failed. See above for more details.

package/dist/__tests__/content-crypto.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=content-crypto.test.d.ts.map

package/dist/__tests__/content-crypto.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"content-crypto.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/content-crypto.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/content-crypto.test.js

@@ -1,117 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const vitest_1 = require("vitest");
-const content_crypto_1 = require("../content-crypto");
-const crypto_1 = require("../crypto");
-const tweetnacl_1 = __importDefault(require("tweetnacl"));
-const tweetnacl_util_1 = require("tweetnacl-util");
-(0, vitest_1.describe)('content-crypto', () => {
-    (0, vitest_1.describe)('generateWCK', () => {
-        (0, vitest_1.it)('returns a 32-byte key', () => {
-            const wck = (0, content_crypto_1.generateWCK)();
-            (0, vitest_1.expect)(wck).toBeInstanceOf(Uint8Array);
-            (0, vitest_1.expect)(wck.length).toBe(32);
-        });
-        (0, vitest_1.it)('generates unique keys', () => {
-            const a = (0, content_crypto_1.generateWCK)();
-            const b = (0, content_crypto_1.generateWCK)();
-            (0, vitest_1.expect)(Buffer.from(a).equals(Buffer.from(b))).toBe(false);
-        });
-    });
-    (0, vitest_1.describe)('wrapKey / unwrapKey (server roundtrip)', () => {
-        (0, vitest_1.it)('wraps and unwraps a WCK with MASTER_KEY', () => {
-            const masterKey = (0, crypto_1.generateKey)();
-            const wck = (0, content_crypto_1.generateWCK)();
-            const { ciphertext, nonce } = (0, content_crypto_1.wrapKey)(wck, masterKey);
-            (0, vitest_1.expect)(typeof ciphertext).toBe('string');
-            (0, vitest_1.expect)(typeof nonce).toBe('string');
-            const unwrapped = (0, content_crypto_1.unwrapKey)(ciphertext, nonce, masterKey);
-            (0, vitest_1.expect)(Buffer.from(unwrapped).equals(Buffer.from(wck))).toBe(true);
-        });
-        (0, vitest_1.it)('throws with wrong wrapping key', () => {
-            const masterKey = (0, crypto_1.generateKey)();
-            const wrongKey = (0, crypto_1.generateKey)();
-            const wck = (0, content_crypto_1.generateWCK)();
-            const { ciphertext, nonce } = (0, content_crypto_1.wrapKey)(wck, masterKey);
-            (0, vitest_1.expect)(() => (0, content_crypto_1.unwrapKey)(ciphertext, nonce, wrongKey)).toThrow('unwrapKey failed');
-        });
-        (0, vitest_1.it)('throws with corrupted ciphertext', () => {
-            const masterKey = (0, crypto_1.generateKey)();
-            const wck = (0, content_crypto_1.generateWCK)();
-            const { ciphertext, nonce } = (0, content_crypto_1.wrapKey)(wck, masterKey);
-            // Corrupt ciphertext
-            const bytes = (0, tweetnacl_util_1.decodeBase64)(ciphertext);
-            bytes[0] ^= 0xff;
-            const corrupted = Buffer.from(bytes).toString('base64');
-            (0, vitest_1.expect)(() => (0, content_crypto_1.unwrapKey)(corrupted, nonce, masterKey)).toThrow();
-        });
-    });
-    (0, vitest_1.describe)('wrapWCKForUser / unwrapWCKFromUser (passphrase roundtrip)', () => {
-        (0, vitest_1.it)('wraps and unwraps with passphrase', () => {
-            const wck = (0, content_crypto_1.generateWCK)();
-            const passphrase = 'my-strong-passphrase-2024!';
-            const { ciphertext, nonce, salt } = (0, content_crypto_1.wrapWCKForUser)(wck, passphrase);
-            (0, vitest_1.expect)(typeof ciphertext).toBe('string');
-            (0, vitest_1.expect)(typeof nonce).toBe('string');
-            (0, vitest_1.expect)(typeof salt).toBe('string');
-            const unwrapped = (0, content_crypto_1.unwrapWCKFromUser)(ciphertext, nonce, salt, passphrase);
-            (0, vitest_1.expect)(Buffer.from(unwrapped).equals(Buffer.from(wck))).toBe(true);
-        });
-        (0, vitest_1.it)('throws with wrong passphrase', () => {
-            const wck = (0, content_crypto_1.generateWCK)();
-            const { ciphertext, nonce, salt } = (0, content_crypto_1.wrapWCKForUser)(wck, 'correct-pass');
-            (0, vitest_1.expect)(() => (0, content_crypto_1.unwrapWCKFromUser)(ciphertext, nonce, salt, 'wrong-pass')).toThrow();
-        });
-    });
-    (0, vitest_1.describe)('deriveKEK', () => {
-        (0, vitest_1.it)('is deterministic for same passphrase+salt', () => {
-            const salt = tweetnacl_1.default.randomBytes(32);
-            const kek1 = (0, content_crypto_1.deriveKEK)('test-passphrase', salt);
-            const kek2 = (0, content_crypto_1.deriveKEK)('test-passphrase', salt);
-            (0, vitest_1.expect)(Buffer.from(kek1).equals(Buffer.from(kek2))).toBe(true);
-        });
-        (0, vitest_1.it)('produces different keys for different passphrases', () => {
-            const salt = tweetnacl_1.default.randomBytes(32);
-            const kek1 = (0, content_crypto_1.deriveKEK)('pass-1', salt);
-            const kek2 = (0, content_crypto_1.deriveKEK)('pass-2', salt);
-            (0, vitest_1.expect)(Buffer.from(kek1).equals(Buffer.from(kek2))).toBe(false);
-        });
-        (0, vitest_1.it)('produces different keys for different salts', () => {
-            const salt1 = tweetnacl_1.default.randomBytes(32);
-            const salt2 = tweetnacl_1.default.randomBytes(32);
-            const kek1 = (0, content_crypto_1.deriveKEK)('same-pass', salt1);
-            const kek2 = (0, content_crypto_1.deriveKEK)('same-pass', salt2);
-            (0, vitest_1.expect)(Buffer.from(kek1).equals(Buffer.from(kek2))).toBe(false);
-        });
-        (0, vitest_1.it)('returns a 32-byte key', () => {
-            const salt = tweetnacl_1.default.randomBytes(32);
-            const kek = (0, content_crypto_1.deriveKEK)('test', salt);
-            (0, vitest_1.expect)(kek.length).toBe(32);
-        });
-    });
-    (0, vitest_1.describe)('cross-compatibility with existing encrypt/decrypt', () => {
-        (0, vitest_1.it)('WCK works as a key with existing encrypt/decrypt', () => {
-            const wck = (0, content_crypto_1.generateWCK)();
-            const data = JSON.stringify({ tool: 'demo.write', action_type: 'write' });
-            const encrypted = (0, crypto_1.encrypt)(data, wck);
-            const decrypted = (0, crypto_1.decrypt)(encrypted, wck);
-            (0, vitest_1.expect)(decrypted).toBe(data);
-        });
-        (0, vitest_1.it)('data encrypted with WCK cannot be decrypted with MASTER_KEY', () => {
-            const wck = (0, content_crypto_1.generateWCK)();
-            const masterKey = (0, crypto_1.generateKey)();
-            const encrypted = (0, crypto_1.encrypt)('sensitive data', wck);
-            (0, vitest_1.expect)(() => (0, crypto_1.decrypt)(encrypted, masterKey)).toThrow();
-        });
-    });
-    (0, vitest_1.describe)('version constants', () => {
-        (0, vitest_1.it)('has correct version values', () => {
-            (0, vitest_1.expect)(content_crypto_1.PAYLOAD_VERSION_LEGACY).toBe(0);
-            (0, vitest_1.expect)(content_crypto_1.PAYLOAD_VERSION_WCK).toBe(1);
-        });
-    });
-});
-//# sourceMappingURL=content-crypto.test.js.map

package/dist/__tests__/content-crypto.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"content-crypto.test.js","sourceRoot":"","sources":["../../src/__tests__/content-crypto.test.ts"],"names":[],"mappings":";;;;;AAAA,mCAA8C;AAC9C,sDAS2B;AAC3B,sCAA0D;AAC1D,0DAA6B;AAC7B,mDAA8C;AAE9C,IAAA,iBAAQ,EAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,IAAA,iBAAQ,EAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,IAAA,WAAE,EAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,GAAG,GAAG,IAAA,4BAAW,GAAE,CAAC;YAC1B,IAAA,eAAM,EAAC,GAAG,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;YACvC,IAAA,eAAM,EAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,CAAC,GAAG,IAAA,4BAAW,GAAE,CAAC;YACxB,MAAM,CAAC,GAAG,IAAA,4BAAW,GAAE,CAAC;YACxB,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAQ,EAAC,wCAAwC,EAAE,GAAG,EAAE;QACtD,IAAA,WAAE,EAAC,yCAAyC,EAAE,GAAG,EAAE;YACjD,MAAM,SAAS,GAAG,IAAA,oBAAW,GAAE,CAAC;YAChC,MAAM,GAAG,GAAG,IAAA,4BAAW,GAAE,CAAC;YAC1B,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,IAAA,wBAAO,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YAEtD,IAAA,eAAM,EAAC,OAAO,UAAU,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzC,IAAA,eAAM,EAAC,OAAO,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAEpC,MAAM,SAAS,GAAG,IAAA,0BAAS,EAAC,UAAU,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;YAC1D,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,SAAS,GAAG,IAAA,oBAAW,GAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,IAAA,oBAAW,GAAE,CAAC;YAC/B,MAAM,GAAG,GAAG,IAAA,4BAAW,GAAE,CAAC;YAC1B,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,IAAA,wBAAO,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YAEtD,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,0BAAS,EAAC,UAAU,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAC1D,kBAAkB,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,SAAS,GAAG,IAAA,oBAAW,GAAE,CAAC;YAChC,MAAM,GAAG,GAAG,IAAA,4BAAW,GAAE,CAAC;YAC1B,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,GAAG,IAAA,wBAAO,EAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YAEtD,qBAAqB;YACrB,MAAM,KAAK,GAAG,IAAA,6BAAY,EAAC,UAAU,CAAC,CAAC;YACvC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAExD,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,0BAAS,EAAC,SAAS,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACjE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAQ,EAAC,2DAA2D,EAAE,GAAG,EAAE;QACzE,IAAA,WAAE,EAAC,mCAAmC,EAAE,GAAG,EAAE;YAC3C,MAAM,GAAG,GAAG,IAAA,4BAAW,GAAE,CAAC;YAC1B,MAAM,UAAU,GAAG,4BAA4B,CAAC;YAChD,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,IAAA,+BAAc,EAAC,GAAG,EAAE,UAAU,CAAC,CAAC;YAEpE,IAAA,eAAM,EAAC,OAAO,UAAU,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzC,IAAA,eAAM,EAAC,OAAO,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACpC,IAAA,eAAM,EAAC,OAAO,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAEnC,MAAM,SAAS,GAAG,IAAA,kCAAiB,EAAC,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC;YACzE,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,GAAG,GAAG,IAAA,4BAAW,GAAE,CAAC;YAC1B,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,IAAA,+BAAc,EAAC,GAAG,EAAE,cAAc,CAAC,CAAC;YAExE,IAAA,eAAM,EAAC,GAAG,EAAE,CACV,IAAA,kCAAiB,EAAC,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,YAAY,CAAC,CACzD,CAAC,OAAO,EAAE,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAQ,EAAC,WAAW,EAAE,GAAG,EAAE;QACzB,IAAA,WAAE,EAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,IAAI,GAAG,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;YAClC,MAAM,IAAI,GAAG,IAAA,0BAAS,EAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;YAChD,MAAM,IAAI,GAAG,IAAA,0BAAS,EAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;YAChD,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,MAAM,IAAI,GAAG,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;YAClC,MAAM,IAAI,GAAG,IAAA,0BAAS,EAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YACvC,MAAM,IAAI,GAAG,IAAA,0BAAS,EAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YACvC,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,KAAK,GAAG,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;YACnC,MAAM,KAAK,GAAG,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;YACnC,MAAM,IAAI,GAAG,IAAA,0BAAS,EAAC,WAAW,EAAE,KAAK,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAG,IAAA,0BAAS,EAAC,WAAW,EAAE,KAAK,CAAC,CAAC;YAC3C,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,uBAAuB,EAAE,GAAG,EAAE;YAC/B,MAAM,IAAI,GAAG,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;YAClC,MAAM,GAAG,GAAG,IAAA,0BAAS,EAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACpC,IAAA,eAAM,EAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAQ,EAAC,mDAAmD,EAAE,GAAG,EAAE;QACjE,IAAA,WAAE,EAAC,kDAAkD,EAAE,GAAG,EAAE;YAC1D,MAAM,GAAG,GAAG,IAAA,4BAAW,GAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1E,MAAM,SAAS,GAAG,IAAA,gBAAO,EAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YACrC,MAAM,SAAS,GAAG,IAAA,gBAAO,EAAC,SAAS,EAAE,GAAG,CAAC,CAAC;YAC1C,IAAA,eAAM,EAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,6DAA6D,EAAE,GAAG,EAAE;YACrE,MAAM,GAAG,GAAG,IAAA,4BAAW,GAAE,CAAC;YAC1B,MAAM,SAAS,GAAG,IAAA,oBAAW,GAAE,CAAC;YAChC,MAAM,SAAS,GAAG,IAAA,gBAAO,EAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YACjD,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,gBAAO,EAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAQ,EAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,IAAA,WAAE,EAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,IAAA,eAAM,EAAC,uCAAsB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACvC,IAAA,eAAM,EAAC,oCAAmB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/signing.test (# Edit conflict 2026-04-01 z3etfmC #).js

@@ -1,51 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const vitest_1 = require("vitest");
-const signing_js_1 = require("../signing.js");
-(0, vitest_1.describe)('Ed25519 Signing', () => {
-    (0, vitest_1.it)('should generate valid keypair', () => {
-        const kp = (0, signing_js_1.generateKeypair)();
-        (0, vitest_1.expect)(kp.publicKey).toBeTruthy();
-        (0, vitest_1.expect)(kp.privateKey).toBeTruthy();
-        (0, vitest_1.expect)(kp.publicKey.length).toBeGreaterThan(0);
-    });
-    (0, vitest_1.it)('should sign and verify a request', () => {
-        const kp = (0, signing_js_1.generateKeypair)();
-        const body = { action_type: 'write', tool: 'demo', payload: { key: 'value' } };
-        const headers = (0, signing_js_1.signRequest)(body, 'agent-123', kp.privateKey);
-        (0, vitest_1.expect)(() => (0, signing_js_1.verifyRequest)(body, headers, kp.publicKey)).not.toThrow();
-    });
-    (0, vitest_1.it)('should reject tampered body (top-level field)', () => {
-        const kp = (0, signing_js_1.generateKeypair)();
-        const body = { action_type: 'write', tool: 'demo', payload: { key: 'value' } };
-        const headers = (0, signing_js_1.signRequest)(body, 'agent-123', kp.privateKey);
-        const tampered = { ...body, tool: 'admin' };
-        (0, vitest_1.expect)(() => (0, signing_js_1.verifyRequest)(tampered, headers, kp.publicKey)).toThrow('Invalid signature');
-    });
-    (0, vitest_1.it)('should reject tampered nested payload field', () => {
-        const kp = (0, signing_js_1.generateKeypair)();
-        const body = { action_type: 'write', tool: 'demo', payload: { key: 'value', amount: 100 } };
-        const headers = (0, signing_js_1.signRequest)(body, 'agent-123', kp.privateKey);
-        const tampered = { ...body, payload: { key: 'value', amount: 999999 } };
-        (0, vitest_1.expect)(() => (0, signing_js_1.verifyRequest)(tampered, headers, kp.publicKey)).toThrow('Invalid signature');
-    });
-    (0, vitest_1.it)('canonicalStringify should sort keys recursively at all nesting levels', () => {
-        const obj = { z: 1, a: { y: 2, b: 3 }, m: [{ q: 4, c: 5 }] };
-        const result = (0, signing_js_1.canonicalStringify)(obj);
-        // All object levels must have sorted keys
-        (0, vitest_1.expect)(result).toBe('{"a":{"b":3,"y":2},"m":[{"c":5,"q":4}],"z":1}');
-    });
-    (0, vitest_1.it)('should reject missing headers', () => {
-        const kp = (0, signing_js_1.generateKeypair)();
-        const body = { action_type: 'write', tool: 'demo', payload: {} };
-        (0, vitest_1.expect)(() => (0, signing_js_1.verifyRequest)(body, {}, kp.publicKey)).toThrow('Missing required signature headers');
-    });
-    (0, vitest_1.it)('should reject stale timestamp', () => {
-        const kp = (0, signing_js_1.generateKeypair)();
-        const body = { action_type: 'write', tool: 'demo', payload: {} };
-        const headers = (0, signing_js_1.signRequest)(body, 'agent-123', kp.privateKey);
-        headers['x-timestamp'] = String(Date.now() - 10 * 60 * 1000);
-        (0, vitest_1.expect)(() => (0, signing_js_1.verifyRequest)(body, headers, kp.publicKey)).toThrow('Timestamp skew');
-    });
-});
-//# sourceMappingURL=signing.test.js.map

package/dist/__tests__/signing.test.js (# Edit conflict 2026-04-01 4rndy9C #).map

@@ -1 +0,0 @@
-{"version":3,"file":"signing.test.js","sourceRoot":"","sources":["../../src/__tests__/signing.test.ts"],"names":[],"mappings":";;AAAA,mCAA8C;AAC9C,8CAAgG;AAEhG,IAAA,iBAAQ,EAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,IAAA,WAAE,EAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,EAAE,GAAG,IAAA,4BAAe,GAAE,CAAC;QAC7B,IAAA,eAAM,EAAC,EAAE,CAAC,SAAS,CAAC,CAAC,UAAU,EAAE,CAAC;QAClC,IAAA,eAAM,EAAC,EAAE,CAAC,UAAU,CAAC,CAAC,UAAU,EAAE,CAAC;QACnC,IAAA,eAAM,EAAC,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,EAAE,GAAG,IAAA,4BAAe,GAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,CAAC;QAC/E,MAAM,OAAO,GAAG,IAAA,wBAAW,EAAC,IAAI,EAAE,WAAW,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC;QAC9D,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,0BAAa,EAAC,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACzE,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,EAAE,GAAG,IAAA,4BAAe,GAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,CAAC;QAC/E,MAAM,OAAO,GAAG,IAAA,wBAAW,EAAC,IAAI,EAAE,WAAW,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAAG,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC5C,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,0BAAa,EAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC5F,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,EAAE,GAAG,IAAA,4BAAe,GAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC;QAC5F,MAAM,OAAO,GAAG,IAAA,wBAAW,EAAC,IAAI,EAAE,WAAW,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAAG,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,CAAC;QACxE,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,0BAAa,EAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC5F,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,uEAAuE,EAAE,GAAG,EAAE;QAC/E,MAAM,GAAG,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;QAC7D,MAAM,MAAM,GAAG,IAAA,+BAAkB,EAAC,GAAG,CAAC,CAAC;QACvC,0CAA0C;QAC1C,IAAA,eAAM,EAAC,MAAM,CAAC,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,EAAE,GAAG,IAAA,4BAAe,GAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACjE,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,0BAAa,EAAC,IAAI,EAAE,EAAE,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,oCAAoC,CAAC,CAAC;IACpG,CAAC,CAAC,CAAC;IAEH,IAAA,WAAE,EAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,EAAE,GAAG,IAAA,4BAAe,GAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QACjE,MAAM,OAAO,GAAG,IAAA,wBAAW,EAAC,IAAI,EAAE,WAAW,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC;QAC9D,OAAO,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7D,IAAA,eAAM,EAAC,GAAG,EAAE,CAAC,IAAA,0BAAa,EAAC,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACrF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/content-crypto.d.ts

@@ -1,24 +0,0 @@
-/** Payload encrypted with MASTER_KEY (legacy) */
-export declare const PAYLOAD_VERSION_LEGACY = 0;
-/** Payload encrypted with per-workspace WCK */
-export declare const PAYLOAD_VERSION_WCK = 1;
-/** Generate a random 32-byte Workspace Content Key */
-export declare function generateWCK(): Uint8Array;
-/** Wrap a WCK using a wrapping key (e.g. MASTER_KEY). Returns base64 ciphertext + nonce. */
-export declare function wrapKey(wck: Uint8Array, wrappingKey: Uint8Array): {
-    ciphertext: string;
-    nonce: string;
-};
-/** Unwrap a WCK using a wrapping key. Returns the raw 32-byte WCK. */
-export declare function unwrapKey(ciphertext: string, nonce: string, wrappingKey: Uint8Array): Uint8Array;
-/** Derive a Key Encryption Key from a passphrase using scrypt. */
-export declare function deriveKEK(passphrase: string, salt: Uint8Array): Uint8Array;
-/** Wrap a WCK for a user using their passphrase. Returns base64 strings. */
-export declare function wrapWCKForUser(wck: Uint8Array, passphrase: string): {
-    ciphertext: string;
-    nonce: string;
-    salt: string;
-};
-/** Unwrap a WCK using a user's passphrase. Returns the raw 32-byte WCK. */
-export declare function unwrapWCKFromUser(ciphertext: string, nonce: string, salt: string, passphrase: string): Uint8Array;
-//# sourceMappingURL=content-crypto.d.ts.map

package/dist/content-crypto.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"content-crypto.d.ts","sourceRoot":"","sources":["../src/content-crypto.ts"],"names":[],"mappings":"AAIA,iDAAiD;AACjD,eAAO,MAAM,sBAAsB,IAAI,CAAC;AACxC,+CAA+C;AAC/C,eAAO,MAAM,mBAAmB,IAAI,CAAC;AAErC,sDAAsD;AACtD,wBAAgB,WAAW,IAAI,UAAU,CAExC;AAED,4FAA4F;AAC5F,wBAAgB,OAAO,CACrB,GAAG,EAAE,UAAU,EACf,WAAW,EAAE,UAAU,GACtB;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAIvC;AAED,sEAAsE;AACtE,wBAAgB,SAAS,CACvB,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,UAAU,GACtB,UAAU,CAQZ;AAED,kEAAkE;AAClE,wBAAgB,SAAS,CACvB,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,UAAU,GACf,UAAU,CAGZ;AAED,4EAA4E;AAC5E,wBAAgB,cAAc,CAC5B,GAAG,EAAE,UAAU,EACf,UAAU,EAAE,MAAM,GACjB;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAKrD;AAED,2EAA2E;AAC3E,wBAAgB,iBAAiB,CAC/B,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,GACjB,UAAU,CAIZ"}