agentseal 0.9.1 → 0.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agentseal.js +79 -37
- package/dist/{cache-MVU2E2LB.js → cache-2FZ63WCN.js} +1 -1
- package/dist/{canaries-K2JQLX7Z.js → canaries-44EQSA46.js} +1 -1
- package/dist/{chunk-ZNNQ2HKJ.js → chunk-2WEF3SNR.js} +1 -1
- package/dist/{chunk-PG5LEDUE.js → chunk-5OOVCUWO.js} +2 -2
- package/dist/{chunk-ZLRN7Q7C.js → chunk-7N7GSU6K.js} +7 -0
- package/dist/{chunk-EGCYEYIX.js → chunk-I6AROGUC.js} +1 -1
- package/dist/{chunk-IO5DO7DS.js → chunk-OWUAAOL5.js} +1 -1
- package/dist/{collectors-Y5Z2R2UT.js → collectors-547WABBZ.js} +4 -4
- package/dist/{deep-reasoning-GHCZ3SO6.js → deep-reasoning-ONRM7ZJH.js} +1 -1
- package/dist/{fix-NOFNO7VW.js → fix-UPZVHLZQ.js} +1 -1
- package/dist/{http-AIVCASYV.js → http-PXQ35XSA.js} +1 -1
- package/dist/{llm-client-4F2EACT5.js → llm-client-7C4LHDD4.js} +1 -1
- package/dist/{profiles-UHSPR44T.js → profiles-7SYXUQLY.js} +1 -1
- package/dist/{project-3P2OW3W6.js → project-IIYVIGAI.js} +3 -3
- package/dist/{scan-mcp-YOM2YJJG.js → scan-mcp-NDDHRBKV.js} +1 -1
- package/dist/{shield-HCIU3CSU.js → shield-QAQMFF5V.js} +3 -3
- package/dist/{skill-llm-R3L7TL42.js → skill-llm-BWEIBILZ.js} +1 -1
- package/package.json +1 -1
package/dist/agentseal.js
CHANGED
|
@@ -15,7 +15,7 @@ import {
|
|
|
15
15
|
BaselineStore,
|
|
16
16
|
RuleEngine,
|
|
17
17
|
runGuardInit
|
|
18
|
-
} from "./chunk-
|
|
18
|
+
} from "./chunk-5OOVCUWO.js";
|
|
19
19
|
import {
|
|
20
20
|
guardReportFromDict,
|
|
21
21
|
totalDangers,
|
|
@@ -26,11 +26,11 @@ import {
|
|
|
26
26
|
ProviderError,
|
|
27
27
|
fromEndpoint
|
|
28
28
|
} from "./chunk-XQGUICLL.js";
|
|
29
|
-
import "./chunk-
|
|
29
|
+
import "./chunk-I6AROGUC.js";
|
|
30
30
|
import {
|
|
31
31
|
collectAll
|
|
32
|
-
} from "./chunk-
|
|
33
|
-
import "./chunk-
|
|
32
|
+
} from "./chunk-2WEF3SNR.js";
|
|
33
|
+
import "./chunk-OWUAAOL5.js";
|
|
34
34
|
import {
|
|
35
35
|
RegistryCache
|
|
36
36
|
} from "./chunk-RJ56XHCI.js";
|
|
@@ -42,7 +42,9 @@ import {
|
|
|
42
42
|
severityCounts,
|
|
43
43
|
sortedFindings
|
|
44
44
|
} from "./chunk-4EOVMNW5.js";
|
|
45
|
-
import
|
|
45
|
+
import {
|
|
46
|
+
__require
|
|
47
|
+
} from "./chunk-7N7GSU6K.js";
|
|
46
48
|
|
|
47
49
|
// bin/agentseal.ts
|
|
48
50
|
import { Command } from "commander";
|
|
@@ -2581,7 +2583,7 @@ var GuardEngine = class {
|
|
|
2581
2583
|
const started = performance.now();
|
|
2582
2584
|
const agents = collectAll();
|
|
2583
2585
|
if (this.opts.projectPath) {
|
|
2584
|
-
const { setProjectDir } = await import("./project-
|
|
2586
|
+
const { setProjectDir } = await import("./project-IIYVIGAI.js");
|
|
2585
2587
|
setProjectDir(this.opts.projectPath);
|
|
2586
2588
|
const projectAgents = collectAll();
|
|
2587
2589
|
for (const pa of projectAgents) {
|
|
@@ -2631,9 +2633,9 @@ var GuardEngine = class {
|
|
|
2631
2633
|
);
|
|
2632
2634
|
let deepAnalysis = null;
|
|
2633
2635
|
if (this.opts.deep && this.opts.model) {
|
|
2634
|
-
const { resolveClient } = await import("./llm-client-
|
|
2635
|
-
const { DeepReasoningAnalyzer } = await import("./deep-reasoning-
|
|
2636
|
-
const { SkillLLMAnalyzer } = await import("./skill-llm-
|
|
2636
|
+
const { resolveClient } = await import("./llm-client-7C4LHDD4.js");
|
|
2637
|
+
const { DeepReasoningAnalyzer } = await import("./deep-reasoning-ONRM7ZJH.js");
|
|
2638
|
+
const { SkillLLMAnalyzer } = await import("./skill-llm-BWEIBILZ.js");
|
|
2637
2639
|
const client = resolveClient(this.opts.model, {
|
|
2638
2640
|
apiKey: this.opts.apiKey
|
|
2639
2641
|
});
|
|
@@ -3356,27 +3358,34 @@ guardCmd.command("test").description("Run self-tests on custom rules").option("-
|
|
|
3356
3358
|
process.exit(2);
|
|
3357
3359
|
}
|
|
3358
3360
|
});
|
|
3359
|
-
|
|
3360
|
-
const
|
|
3361
|
-
const
|
|
3362
|
-
|
|
3363
|
-
|
|
3364
|
-
|
|
3365
|
-
|
|
3366
|
-
|
|
3367
|
-
}
|
|
3368
|
-
|
|
3369
|
-
|
|
3370
|
-
|
|
3371
|
-
|
|
3372
|
-
|
|
3373
|
-
|
|
3374
|
-
|
|
3361
|
+
function promptLine(prompt) {
|
|
3362
|
+
const { createInterface } = __require("readline");
|
|
3363
|
+
const rl = createInterface({ input: process.stdin, output: process.stdout });
|
|
3364
|
+
return new Promise((resolve) => {
|
|
3365
|
+
rl.question(prompt, (answer) => {
|
|
3366
|
+
rl.close();
|
|
3367
|
+
resolve(answer.trim());
|
|
3368
|
+
});
|
|
3369
|
+
});
|
|
3370
|
+
}
|
|
3371
|
+
async function loginApiKey(config, apiUrl, configPath) {
|
|
3372
|
+
console.log();
|
|
3373
|
+
console.log(" \x1B[90mGenerate an API key at: https://agentseal.org/dashboard/settings\x1B[0m");
|
|
3374
|
+
console.log();
|
|
3375
|
+
const key = await promptLine(" Paste API key: ");
|
|
3376
|
+
if (!key) {
|
|
3377
|
+
console.log(" \x1B[91m\u2717 No key provided.\x1B[0m");
|
|
3375
3378
|
return;
|
|
3376
3379
|
}
|
|
3377
|
-
|
|
3380
|
+
config.api_url = apiUrl;
|
|
3381
|
+
config.api_key = key;
|
|
3382
|
+
fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
|
|
3383
|
+
fs.chmodSync(configPath, 384);
|
|
3384
|
+
console.log("\n \x1B[32m\u2713 Credentials saved to ~/.agentseal/config.json\x1B[0m");
|
|
3385
|
+
}
|
|
3386
|
+
async function loginBrowser(config, apiUrl, configPath) {
|
|
3378
3387
|
const base = apiUrl.replace(/\/+$/, "");
|
|
3379
|
-
console.log(
|
|
3388
|
+
console.log();
|
|
3380
3389
|
console.log(" \x1B[90mOpening browser for authentication...\x1B[0m\n");
|
|
3381
3390
|
let data;
|
|
3382
3391
|
try {
|
|
@@ -3385,7 +3394,7 @@ program.command("login").description("Authenticate with AgentSeal dashboard").op
|
|
|
3385
3394
|
data = await resp.json();
|
|
3386
3395
|
} catch (e) {
|
|
3387
3396
|
console.error(` \x1B[91mFailed to start login: ${e}\x1B[0m`);
|
|
3388
|
-
console.error(" \x1B[
|
|
3397
|
+
console.error(" \x1B[90mTry: agentseal login --api-key <key>\x1B[0m");
|
|
3389
3398
|
return;
|
|
3390
3399
|
}
|
|
3391
3400
|
const { device_code, user_code, verification_url } = data;
|
|
@@ -3421,6 +3430,39 @@ program.command("login").description("Authenticate with AgentSeal dashboard").op
|
|
|
3421
3430
|
process.stdout.write(".");
|
|
3422
3431
|
}
|
|
3423
3432
|
console.log("\n\n \x1B[91m\u2717 Timed out.\x1B[0m");
|
|
3433
|
+
}
|
|
3434
|
+
program.command("login").description("Authenticate with AgentSeal dashboard").option("--api-url <url>", "Dashboard API URL").option("--api-key <key>", "Dashboard API key (skip browser auth)").action(async (opts) => {
|
|
3435
|
+
const configPath = path.join(os.homedir(), ".agentseal", "config.json");
|
|
3436
|
+
const dir = path.dirname(configPath);
|
|
3437
|
+
if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
|
|
3438
|
+
let config = {};
|
|
3439
|
+
try {
|
|
3440
|
+
config = JSON.parse(fs.readFileSync(configPath, "utf-8"));
|
|
3441
|
+
} catch {
|
|
3442
|
+
}
|
|
3443
|
+
const defaultUrl = config.api_url ?? "https://agentseal.org/api/v1";
|
|
3444
|
+
if (opts.apiKey) {
|
|
3445
|
+
config.api_url = opts.apiUrl ?? defaultUrl;
|
|
3446
|
+
config.api_key = opts.apiKey;
|
|
3447
|
+
fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
|
|
3448
|
+
fs.chmodSync(configPath, 384);
|
|
3449
|
+
console.log("\n \x1B[32m\u2713 Credentials saved to ~/.agentseal/config.json\x1B[0m");
|
|
3450
|
+
return;
|
|
3451
|
+
}
|
|
3452
|
+
const apiUrl = opts.apiUrl ?? defaultUrl;
|
|
3453
|
+
console.log("\n \x1B[1mAgentSeal CLI Login\x1B[0m");
|
|
3454
|
+
console.log();
|
|
3455
|
+
console.log(" How would you like to authenticate?");
|
|
3456
|
+
console.log();
|
|
3457
|
+
console.log(" \x1B[1m1.\x1B[0m Browser login \x1B[90m\u2014 opens agentseal.org to approve\x1B[0m");
|
|
3458
|
+
console.log(" \x1B[1m2.\x1B[0m API key \x1B[90m\u2014 paste a key from Dashboard \u2192 Settings\x1B[0m");
|
|
3459
|
+
console.log();
|
|
3460
|
+
const choice = await promptLine(" Enter choice (1/2): ");
|
|
3461
|
+
if (choice === "2") {
|
|
3462
|
+
await loginApiKey(config, apiUrl, configPath);
|
|
3463
|
+
} else {
|
|
3464
|
+
await loginBrowser(config, apiUrl, configPath);
|
|
3465
|
+
}
|
|
3424
3466
|
});
|
|
3425
3467
|
program.command("activate").description("Activate a Pro license key").argument("[key]", "License key").action((key) => {
|
|
3426
3468
|
if (!key) {
|
|
@@ -3445,8 +3487,8 @@ program.command("watch").description("Run canary regression scan (5 probes, for
|
|
|
3445
3487
|
runCanaryScan,
|
|
3446
3488
|
detectRegression,
|
|
3447
3489
|
sendWebhook
|
|
3448
|
-
} = await import("./canaries-
|
|
3449
|
-
const { fromEndpoint: fromEndpoint2 } = await import("./http-
|
|
3490
|
+
} = await import("./canaries-44EQSA46.js");
|
|
3491
|
+
const { fromEndpoint: fromEndpoint2 } = await import("./http-PXQ35XSA.js");
|
|
3450
3492
|
let systemPrompt;
|
|
3451
3493
|
if (opts.prompt) systemPrompt = opts.prompt;
|
|
3452
3494
|
else if (opts.file) systemPrompt = fs.readFileSync(opts.file, "utf-8").trim();
|
|
@@ -3539,7 +3581,7 @@ program.command("watch").description("Run canary regression scan (5 probes, for
|
|
|
3539
3581
|
if (alert) process.exit(2);
|
|
3540
3582
|
});
|
|
3541
3583
|
program.command("shield").description("Continuously monitor your machine for AI agent threats").option("--no-notify", "Disable desktop notifications").option("--debounce <seconds>", "Seconds to wait after change", "2").option("-q, --quiet", "Suppress terminal output").action(async (opts) => {
|
|
3542
|
-
const { Shield } = await import("./shield-
|
|
3584
|
+
const { Shield } = await import("./shield-QAQMFF5V.js");
|
|
3543
3585
|
const onEvent = opts.quiet ? void 0 : (eventType, filePath, summary) => {
|
|
3544
3586
|
const ts = (/* @__PURE__ */ new Date()).toLocaleTimeString();
|
|
3545
3587
|
const color = eventType === "threat" ? "\x1B[91m" : eventType === "warning" ? "\x1B[33m" : eventType === "error" ? "\x1B[90m" : "\x1B[32m";
|
|
@@ -3558,7 +3600,7 @@ program.command("shield").description("Continuously monitor your machine for AI
|
|
|
3558
3600
|
`);
|
|
3559
3601
|
});
|
|
3560
3602
|
program.command("fix").description("Fix dangerous skills and harden prompts").option("--from-guard", "Load guard report and quarantine dangerous skills").option("--from-scan", "Load scan report and generate hardened prompt").option("--report <path>", "Path to report file").option("--auto", "Quarantine all without prompting").option("--dry-run", "Show what would be done").option("--list-quarantine", "List quarantined skills").option("--restore <name>", "Restore a quarantined skill").option("-o, --output <path>", "Save hardened prompt to file").action(async (opts) => {
|
|
3561
|
-
const { listQuarantine, restoreSkill, loadGuardReport, quarantineSkill, getFixableSkills } = await import("./fix-
|
|
3603
|
+
const { listQuarantine, restoreSkill, loadGuardReport, quarantineSkill, getFixableSkills } = await import("./fix-UPZVHLZQ.js");
|
|
3562
3604
|
if (opts.listQuarantine) {
|
|
3563
3605
|
const entries = listQuarantine();
|
|
3564
3606
|
if (entries.length === 0) {
|
|
@@ -3607,13 +3649,13 @@ program.command("fix").description("Fix dangerous skills and harden prompts").op
|
|
|
3607
3649
|
}
|
|
3608
3650
|
});
|
|
3609
3651
|
program.command("profiles").description("List available scan profiles").action(async () => {
|
|
3610
|
-
const { listProfiles } = await import("./profiles-
|
|
3652
|
+
const { listProfiles } = await import("./profiles-7SYXUQLY.js");
|
|
3611
3653
|
console.log();
|
|
3612
3654
|
console.log(listProfiles());
|
|
3613
3655
|
console.log();
|
|
3614
3656
|
});
|
|
3615
3657
|
program.command("registry").description("Manage the MCP server registry").argument("<action>", "info | update | list").option("--api-url <url>", "Custom API URL").action(async (action, opts) => {
|
|
3616
|
-
const { RegistryCache: RegistryCache2 } = await import("./cache-
|
|
3658
|
+
const { RegistryCache: RegistryCache2 } = await import("./cache-2FZ63WCN.js");
|
|
3617
3659
|
const cache = new RegistryCache2({ baseUrl: opts.apiUrl, skipFetch: action === "info" });
|
|
3618
3660
|
if (action === "info") {
|
|
3619
3661
|
console.log(`
|
|
@@ -3692,7 +3734,7 @@ program.command("config").description("Manage local configuration (API keys, LLM
|
|
|
3692
3734
|
}
|
|
3693
3735
|
});
|
|
3694
3736
|
program.command("scan-mcp").description("Runtime MCP server scanner \u2014 connect, analyze, score").option("--server <name>", "Scan specific server by name").option("--url <url>", "Scan a remote HTTP/SSE endpoint").option("--timeout <n>", "Per-server timeout (seconds)", "30").option("--concurrency <n>", "Max parallel connections", "3").option("-o, --output <format>", "terminal or json", "terminal").option("--save <path>", "Save JSON report to file").option("--min-score <n>", "Exit code 1 if any server below this score").option("-v, --verbose", "Show individual tool findings").option("-y, --yes", "Skip confirmation (CI)").option("--reset-baselines", "Reset all baselines").action(async (opts) => {
|
|
3695
|
-
const scanMcpMod = await import("./scan-mcp-
|
|
3737
|
+
const scanMcpMod = await import("./scan-mcp-NDDHRBKV.js");
|
|
3696
3738
|
const { ScanMCP } = scanMcpMod;
|
|
3697
3739
|
console.log();
|
|
3698
3740
|
console.log(` \x1B[36m\x1B[1mAgentSeal Scan-MCP\x1B[0m \x1B[90m\u2014 Runtime MCP Server Scanner\x1B[0m`);
|
|
@@ -3703,7 +3745,7 @@ program.command("scan-mcp").description("Runtime MCP server scanner \u2014 conne
|
|
|
3703
3745
|
const name = opts.server ?? new URL(opts.url).hostname;
|
|
3704
3746
|
servers = [{ name, url: opts.url }];
|
|
3705
3747
|
} else if (opts.server) {
|
|
3706
|
-
const { collectAll: collectAll2 } = await import("./collectors-
|
|
3748
|
+
const { collectAll: collectAll2 } = await import("./collectors-547WABBZ.js");
|
|
3707
3749
|
const agents = collectAll2();
|
|
3708
3750
|
const mcpServers = agents.flatMap((a) => a.mcpServers);
|
|
3709
3751
|
const match = mcpServers.find(
|
|
@@ -3724,7 +3766,7 @@ program.command("scan-mcp").description("Runtime MCP server scanner \u2014 conne
|
|
|
3724
3766
|
}
|
|
3725
3767
|
];
|
|
3726
3768
|
} else {
|
|
3727
|
-
const { collectAll: collectAll2 } = await import("./collectors-
|
|
3769
|
+
const { collectAll: collectAll2 } = await import("./collectors-547WABBZ.js");
|
|
3728
3770
|
const agents = collectAll2();
|
|
3729
3771
|
const seen = /* @__PURE__ */ new Set();
|
|
3730
3772
|
servers = [];
|
|
@@ -2,10 +2,10 @@
|
|
|
2
2
|
import {
|
|
3
3
|
init_machine_discovery,
|
|
4
4
|
machine_discovery_exports
|
|
5
|
-
} from "./chunk-
|
|
5
|
+
} from "./chunk-OWUAAOL5.js";
|
|
6
6
|
import {
|
|
7
7
|
__toCommonJS
|
|
8
|
-
} from "./chunk-
|
|
8
|
+
} from "./chunk-7N7GSU6K.js";
|
|
9
9
|
|
|
10
10
|
// src/project-config.ts
|
|
11
11
|
import { existsSync, readFileSync, writeFileSync, statSync } from "fs";
|
|
@@ -3,6 +3,12 @@ var __defProp = Object.defineProperty;
|
|
|
3
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
5
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
|
+
var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
|
|
7
|
+
get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
|
|
8
|
+
}) : x)(function(x) {
|
|
9
|
+
if (typeof require !== "undefined") return require.apply(this, arguments);
|
|
10
|
+
throw Error('Dynamic require of "' + x + '" is not supported');
|
|
11
|
+
});
|
|
6
12
|
var __esm = (fn, res) => function __init() {
|
|
7
13
|
return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
|
|
8
14
|
};
|
|
@@ -21,6 +27,7 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
21
27
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
22
28
|
|
|
23
29
|
export {
|
|
30
|
+
__require,
|
|
24
31
|
__esm,
|
|
25
32
|
__export,
|
|
26
33
|
__toCommonJS
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
import "./chunk-
|
|
2
|
+
import "./chunk-I6AROGUC.js";
|
|
3
3
|
import {
|
|
4
4
|
AgentCollector,
|
|
5
5
|
appdata,
|
|
@@ -16,10 +16,10 @@ import {
|
|
|
16
16
|
platformPath,
|
|
17
17
|
readConfig,
|
|
18
18
|
registerCollector
|
|
19
|
-
} from "./chunk-
|
|
20
|
-
import "./chunk-
|
|
19
|
+
} from "./chunk-2WEF3SNR.js";
|
|
20
|
+
import "./chunk-OWUAAOL5.js";
|
|
21
21
|
import "./chunk-4EOVMNW5.js";
|
|
22
|
-
import "./chunk-
|
|
22
|
+
import "./chunk-7N7GSU6K.js";
|
|
23
23
|
export {
|
|
24
24
|
AgentCollector,
|
|
25
25
|
appdata,
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
import {
|
|
3
3
|
setProjectDir
|
|
4
|
-
} from "./chunk-
|
|
5
|
-
import "./chunk-
|
|
4
|
+
} from "./chunk-2WEF3SNR.js";
|
|
5
|
+
import "./chunk-OWUAAOL5.js";
|
|
6
6
|
import "./chunk-4EOVMNW5.js";
|
|
7
|
-
import "./chunk-
|
|
7
|
+
import "./chunk-7N7GSU6K.js";
|
|
8
8
|
export {
|
|
9
9
|
setProjectDir
|
|
10
10
|
};
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
import {
|
|
3
3
|
BaselineStore
|
|
4
|
-
} from "./chunk-
|
|
4
|
+
} from "./chunk-5OOVCUWO.js";
|
|
5
5
|
import {
|
|
6
6
|
GuardVerdict
|
|
7
7
|
} from "./chunk-IGSX7F4B.js";
|
|
@@ -11,8 +11,8 @@ import {
|
|
|
11
11
|
getWellKnownConfigs,
|
|
12
12
|
init_machine_discovery,
|
|
13
13
|
stripJsonComments
|
|
14
|
-
} from "./chunk-
|
|
15
|
-
import "./chunk-
|
|
14
|
+
} from "./chunk-OWUAAOL5.js";
|
|
15
|
+
import "./chunk-7N7GSU6K.js";
|
|
16
16
|
|
|
17
17
|
// src/shield.ts
|
|
18
18
|
import { readFileSync as readFileSync3, statSync as statSync3, watch } from "fs";
|
package/package.json
CHANGED