agentseal 0.9.0 → 0.9.2

package/dist/chunk-RJ56XHCI.js

@@ -0,0 +1,115 @@
+#!/usr/bin/env node
+
+// src/guard/registry/cache.ts
+import * as fs from "fs";
+import * as os from "os";
+import * as path from "path";
+var STALE_SECONDS = 86400;
+var CACHE_URL = "https://agentseal.org/api/v1/mcp/guard-cache";
+var DEFAULT_CACHE_PATH = path.join(os.homedir(), ".agentseal", "registry_cache.json");
+var REGISTRY_PREFIXES = ["npm:", "pypi:", "docker:", "github:"];
+var NAME_PREFIXES = ["mcp-server-", "server-", "mcp-"];
+function toRegistryData(entry) {
+  return {
+    trustScore: entry.trust_score ?? entry.trustScore ?? 50,
+    findings: entry.findings ?? [],
+    capabilityLabels: new Set(entry.capability_labels ?? entry.capabilityLabels ?? []),
+    analyzedVersion: entry.analyzed_version ?? entry.analyzedVersion ?? null,
+    analyzedAt: entry.analyzed_at ?? entry.analyzedAt ?? null,
+    tools: entry.tools ?? []
+  };
+}
+function stripName(packageId) {
+  let name = packageId;
+  for (const prefix of REGISTRY_PREFIXES) {
+    if (name.startsWith(prefix)) {
+      name = name.slice(prefix.length);
+      break;
+    }
+  }
+  const slashIdx = name.indexOf("/");
+  if (name.startsWith("@") && slashIdx !== -1) {
+    name = name.slice(slashIdx + 1);
+  }
+  for (const prefix of NAME_PREFIXES) {
+    if (name.startsWith(prefix)) {
+      name = name.slice(prefix.length);
+      break;
+    }
+  }
+  return name;
+}
+var RegistryCache = class {
+  cachePath;
+  baseUrl;
+  skipFetch;
+  data = null;
+  constructor(opts) {
+    this.cachePath = opts?.path ?? DEFAULT_CACHE_PATH;
+    this.baseUrl = opts?.baseUrl ?? CACHE_URL;
+    this.skipFetch = opts?.skipFetch ?? false;
+    this._loadFromDisk();
+  }
+  _loadFromDisk() {
+    try {
+      const raw = fs.readFileSync(this.cachePath, "utf8");
+      this.data = JSON.parse(raw);
+    } catch {
+      this.data = null;
+    }
+  }
+  isStale() {
+    if (this.data === null) return true;
+    const ts = this.data.fetchedAt ?? this.data.fetched_at ?? this.data.updated_at ?? 0;
+    const ageSeconds = Date.now() / 1e3 - ts;
+    return ageSeconds >= STALE_SECONDS;
+  }
+  serverCount() {
+    if (this.data === null) return 0;
+    return Object.keys(this.data.servers).length;
+  }
+  async fetchRemote() {
+    const response = await fetch(this.baseUrl);
+    if (!response.ok) {
+      throw new Error(`Registry fetch failed: ${response.status} ${response.statusText}`);
+    }
+    const payload = await response.json();
+    const newData = {
+      fetchedAt: Math.floor(Date.now() / 1e3),
+      servers: payload.servers
+    };
+    this._setData(newData);
+    try {
+      const dir = path.dirname(this.cachePath);
+      fs.mkdirSync(dir, { recursive: true });
+      fs.writeFileSync(this.cachePath, JSON.stringify(newData), "utf8");
+    } catch {
+    }
+    return Object.keys(newData.servers).length;
+  }
+  async ensureFresh() {
+    if (this.skipFetch) return;
+    if (this.isStale()) {
+      await this.fetchRemote();
+    }
+  }
+  lookup(packageId) {
+    if (packageId === null || this.data === null) return null;
+    const exact = this.data.servers[packageId];
+    if (exact !== void 0) return toRegistryData(exact);
+    const needle = stripName(packageId);
+    for (const [key, entry] of Object.entries(this.data.servers)) {
+      if (stripName(key) === needle) {
+        return toRegistryData(entry);
+      }
+    }
+    return null;
+  }
+  _setData(data) {
+    this.data = data;
+  }
+};
+
+export {
+  RegistryCache
+};

package/dist/chunk-XQGUICLL.js

@@ -0,0 +1,45 @@
+#!/usr/bin/env node
+
+// src/errors.ts
+var AgentSealError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "AgentSealError";
+  }
+};
+var ProviderError = class extends AgentSealError {
+  constructor(provider, message) {
+    super(`[${provider}] ${message}`);
+    this.name = "ProviderError";
+  }
+};
+
+// src/providers/http.ts
+function fromEndpoint(opts) {
+  const msgField = opts.messageField ?? "message";
+  const respField = opts.responseField ?? "response";
+  return async (message) => {
+    const res = await fetch(opts.url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        ...opts.headers
+      },
+      body: JSON.stringify({ [msgField]: message })
+    });
+    if (!res.ok) {
+      throw new ProviderError("http", `HTTP ${res.status}: ${res.statusText}`);
+    }
+    const data = await res.json();
+    const response = data[respField];
+    if (typeof response !== "string") {
+      throw new ProviderError("http", `Response field '${respField}' not found or not a string`);
+    }
+    return response;
+  };
+}
+
+export {
+  ProviderError,
+  fromEndpoint
+};

package/dist/collectors-547WABBZ.js

@@ -0,0 +1,39 @@
+#!/usr/bin/env node
+import "./chunk-I6AROGUC.js";
+import {
+  AgentCollector,
+  appdata,
+  collectAll,
+  collectSkillDirs,
+  collectSkillFiles,
+  extractMcpServers,
+  getCollectors,
+  home,
+  isDir,
+  isFile,
+  makeAgent,
+  parseMcpConfig,
+  platformPath,
+  readConfig,
+  registerCollector
+} from "./chunk-2WEF3SNR.js";
+import "./chunk-OWUAAOL5.js";
+import "./chunk-4EOVMNW5.js";
+import "./chunk-7N7GSU6K.js";
+export {
+  AgentCollector,
+  appdata,
+  collectAll,
+  collectSkillDirs,
+  collectSkillFiles,
+  extractMcpServers,
+  getCollectors,
+  home,
+  isDir,
+  isFile,
+  makeAgent,
+  parseMcpConfig,
+  platformPath,
+  readConfig,
+  registerCollector
+};

package/dist/deep-reasoning-ONRM7ZJH.js

@@ -0,0 +1,17 @@
+#!/usr/bin/env node
+import {
+  DeepReasoningAnalyzer,
+  buildPrompt,
+  parseLlmResponse,
+  sanitizeName,
+  sanitizeText
+} from "./chunk-BXOPZ7UC.js";
+import "./chunk-4EOVMNW5.js";
+import "./chunk-7N7GSU6K.js";
+export {
+  DeepReasoningAnalyzer,
+  buildPrompt,
+  parseLlmResponse,
+  sanitizeName,
+  sanitizeText
+};

package/dist/fix-UPZVHLZQ.js

@@ -0,0 +1,204 @@
+#!/usr/bin/env node
+import "./chunk-7N7GSU6K.js";
+
+// src/fix.ts
+import {
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  readdirSync,
+  renameSync,
+  writeFileSync
+} from "fs";
+import { homedir } from "os";
+import { basename, dirname, extname, join, resolve } from "path";
+var QUARANTINE_DIR = join(homedir(), ".agentseal", "quarantine");
+var REPORTS_DIR = join(homedir(), ".agentseal", "reports");
+var BACKUPS_DIR = join(homedir(), ".agentseal", "backups");
+function manifestPath(quarantineDir) {
+  return join(quarantineDir, "manifest.json");
+}
+function rglob(dir) {
+  const results = [];
+  const walk = (d) => {
+    try {
+      for (const entry of readdirSync(d, { withFileTypes: true })) {
+        const full = join(d, entry.name);
+        if (entry.isDirectory()) walk(full);
+        else if (entry.isFile()) results.push(full);
+      }
+    } catch {
+    }
+  };
+  walk(dir);
+  return results;
+}
+function loadManifest(quarantineDir) {
+  const mp = manifestPath(quarantineDir);
+  if (!existsSync(mp)) return [];
+  try {
+    const data = JSON.parse(readFileSync(mp, "utf-8"));
+    if (Array.isArray(data)) return data;
+  } catch {
+  }
+  const entries = [];
+  for (const f of rglob(quarantineDir)) {
+    if (basename(f) === "manifest.json") continue;
+    const stem = basename(f, extname(f));
+    entries.push({
+      original_path: "",
+      quarantine_path: f,
+      reason: "recovered from corrupted manifest",
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      skill_name: stem
+    });
+  }
+  return entries;
+}
+function saveManifest(quarantineDir, entries) {
+  mkdirSync(quarantineDir, { recursive: true });
+  writeFileSync(manifestPath(quarantineDir), JSON.stringify(entries, null, 2), "utf-8");
+}
+function quarantineSkill(skillPath, reason = "", quarantineDir) {
+  const qdir = quarantineDir ?? QUARANTINE_DIR;
+  const resolvedSkill = resolve(skillPath);
+  if (!existsSync(resolvedSkill)) {
+    throw new Error(`Skill not found: ${resolvedSkill}`);
+  }
+  const parts = resolvedSkill.split("/").filter(Boolean);
+  const relative = parts.length >= 2 ? join(parts[parts.length - 2], parts[parts.length - 1]) : basename(resolvedSkill);
+  let dest = join(qdir, relative);
+  if (existsSync(dest)) {
+    const stem = basename(dest, extname(dest));
+    const suffix = extname(dest);
+    const parent = dirname(dest);
+    let counter = 1;
+    while (existsSync(dest)) {
+      dest = join(parent, `${stem}_${counter}${suffix}`);
+      counter++;
+    }
+  }
+  mkdirSync(dirname(dest), { recursive: true });
+  renameSync(resolvedSkill, dest);
+  const entry = {
+    original_path: resolvedSkill,
+    quarantine_path: dest,
+    reason,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    skill_name: basename(resolvedSkill, extname(resolvedSkill))
+  };
+  const manifest = loadManifest(qdir);
+  manifest.push(entry);
+  saveManifest(qdir, manifest);
+  return entry;
+}
+function restoreSkill(skillName, quarantineDir) {
+  const qdir = quarantineDir ?? QUARANTINE_DIR;
+  const manifest = loadManifest(qdir);
+  let idx = -1;
+  for (let i = 0; i < manifest.length; i++) {
+    if (manifest[i].skill_name === skillName) {
+      idx = i;
+      break;
+    }
+  }
+  if (idx === -1) {
+    throw new Error(`Skill '${skillName}' not found in quarantine`);
+  }
+  const entry = manifest[idx];
+  if (!entry.original_path) {
+    throw new Error(
+      `Cannot restore '${skillName}': original path is empty (recovered from corrupted manifest). Re-quarantine or move manually.`
+    );
+  }
+  const original = resolve(entry.original_path);
+  const quarantined = resolve(entry.quarantine_path);
+  const qdirResolved = resolve(qdir);
+  if (!quarantined.startsWith(qdirResolved)) {
+    throw new Error(
+      `Cannot restore '${skillName}': quarantine path ${quarantined} is outside quarantine directory. Manifest may be tampered.`
+    );
+  }
+  if (existsSync(original)) {
+    throw new Error(`Cannot restore: original path already occupied: ${original}`);
+  }
+  if (!existsSync(quarantined)) {
+    throw new Error(`Quarantined file missing: ${quarantined}`);
+  }
+  mkdirSync(dirname(original), { recursive: true });
+  renameSync(quarantined, original);
+  manifest.splice(idx, 1);
+  saveManifest(qdir, manifest);
+  return original;
+}
+function listQuarantine(quarantineDir) {
+  const qdir = quarantineDir ?? QUARANTINE_DIR;
+  const manifest = loadManifest(qdir);
+  const required = ["original_path", "quarantine_path", "reason", "timestamp", "skill_name"];
+  return manifest.filter((e) => required.every((k) => k in e)).map((e) => ({
+    original_path: e.original_path,
+    quarantine_path: e.quarantine_path,
+    reason: e.reason,
+    timestamp: e.timestamp,
+    skill_name: e.skill_name
+  }));
+}
+function loadGuardReport(path, reportsDir) {
+  const target = path ?? join(reportsDir ?? REPORTS_DIR, "guard-latest.json");
+  if (!existsSync(target)) {
+    throw new Error(
+      `Guard report not found: ${target}
+Run 'agentseal guard' first to generate a report.`
+    );
+  }
+  return JSON.parse(readFileSync(target, "utf-8"));
+}
+function loadScanReport(path, reportsDir) {
+  const target = path ?? join(reportsDir ?? REPORTS_DIR, "scan-latest.json");
+  if (!existsSync(target)) {
+    throw new Error(
+      `Scan report not found: ${target}
+Run 'agentseal scan' first to generate a report.`
+    );
+  }
+  return JSON.parse(readFileSync(target, "utf-8"));
+}
+function saveReport(reportDict, reportType, reportsDir) {
+  if (reportType.includes("/") || reportType.includes("..") || reportType.includes("\\")) {
+    throw new Error("Invalid report type");
+  }
+  const dir = reportsDir ?? REPORTS_DIR;
+  mkdirSync(dir, { recursive: true });
+  const target = join(dir, `${reportType}-latest.json`);
+  writeFileSync(target, JSON.stringify(reportDict, null, 2), "utf-8");
+  return target;
+}
+function getFixableSkills(guardReport) {
+  const results = [];
+  for (const skill of guardReport.skill_results ?? []) {
+    if (skill.verdict === "danger") {
+      results.push({
+        name: skill.name ?? "",
+        path: skill.path ?? "",
+        findings: skill.findings ?? [],
+        verdict: skill.verdict ?? ""
+      });
+    }
+  }
+  return results;
+}
+export {
+  BACKUPS_DIR,
+  QUARANTINE_DIR,
+  REPORTS_DIR,
+  getFixableSkills,
+  listQuarantine,
+  loadGuardReport,
+  loadManifest,
+  loadScanReport,
+  manifestPath,
+  quarantineSkill,
+  restoreSkill,
+  saveManifest,
+  saveReport
+};

package/dist/http-PXQ35XSA.js

@@ -0,0 +1,8 @@
+#!/usr/bin/env node
+import {
+  fromEndpoint
+} from "./chunk-XQGUICLL.js";
+import "./chunk-7N7GSU6K.js";
+export {
+  fromEndpoint
+};