averecion-lite 1.3.0

package/dist/server.js

@@ -0,0 +1,226 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startServer = startServer;
+exports.stopServer = stopServer;
+const express_1 = __importDefault(require("express"));
+const path = __importStar(require("path"));
+const ws_1 = require("ws");
+const metrics_1 = require("./metrics");
+const storage_1 = require("./storage");
+const risk_engine_1 = require("./src/risk-engine");
+const capability_manifest_1 = require("./src/capability-manifest");
+const log_watcher_1 = require("./log-watcher");
+let server = null;
+let wss = null;
+function validateSecret(req, res, next) {
+    const secret = process.env.LITE_ADAPTER_SECRET;
+    if (!secret) {
+        res.status(500).json({ error: "LITE_ADAPTER_SECRET not set" });
+        return;
+    }
+    if (req.headers["x-lite-secret"] !== secret) {
+        res.status(401).json({ error: "Unauthorized" });
+        return;
+    }
+    next();
+}
+function localOnly(req, res, next) {
+    const allowRemote = process.env.LITE_ALLOW_REMOTE === "true";
+    if (allowRemote) {
+        next();
+        return;
+    }
+    const addr = req.socket.remoteAddress;
+    if (addr !== "127.0.0.1" && addr !== "::1" && addr !== "::ffff:127.0.0.1") {
+        res.status(403).json({ error: "Local-only" });
+        return;
+    }
+    next();
+}
+function broadcastToClients(message) {
+    if (!wss)
+        return;
+    const data = JSON.stringify(message);
+    wss.clients.forEach((client) => {
+        if (client.readyState === ws_1.WebSocket.OPEN) {
+            client.send(data);
+        }
+    });
+}
+async function startServer(port = 4321, host = "0.0.0.0") {
+    const app = (0, express_1.default)();
+    app.use(express_1.default.json());
+    const dashboardDir = path.join(__dirname, "..", "dashboard");
+    app.get("/lite-metrics", localOnly, validateSecret, (_req, res) => res.json((0, metrics_1.getMetrics)(24)));
+    app.get("/lite-config", localOnly, validateSecret, (_req, res) => {
+        const config = (0, storage_1.getConfig)();
+        res.json(config || { enabled: false, showMode: false, protectionLevel: "balanced", consented: false });
+    });
+    app.get("/lite-pending", localOnly, validateSecret, (_req, res) => {
+        res.json((0, storage_1.getPendingApprovals)());
+    });
+    app.post("/lite-approval", localOnly, validateSecret, (req, res) => {
+        const { id, approved } = req.body;
+        if (!id) {
+            res.status(400).json({ error: "Missing id" });
+            return;
+        }
+        const success = (0, storage_1.resolveApproval)(id, approved === true);
+        res.json({ success, id, approved });
+    });
+    app.get("/", localOnly, (_req, res) => res.sendFile(path.join(dashboardDir, "landing.html")));
+    app.get("/clawguard", localOnly, (_req, res) => res.sendFile(path.join(dashboardDir, "index.html")));
+    app.get("/lite-dash", localOnly, (_req, res) => res.redirect("/clawguard"));
+    app.use("/static", localOnly, express_1.default.static(dashboardDir));
+    app.get("/health", (_req, res) => res.json({ status: "ok" }));
+    app.get("/api/agents", localOnly, validateSecret, (_req, res) => {
+        const agents = (0, risk_engine_1.listAgents)();
+        const withRisk = agents.map(agent => ({
+            ...agent,
+            risk: (0, risk_engine_1.assessAgentRisk)(agent)
+        }));
+        res.json(withRisk);
+    });
+    app.get("/api/agents/:id", localOnly, validateSecret, (req, res) => {
+        const agent = (0, risk_engine_1.getAgent)(req.params.id);
+        if (!agent) {
+            res.status(404).json({ error: "Agent not found" });
+            return;
+        }
+        res.json({ ...agent, risk: (0, risk_engine_1.assessAgentRisk)(agent) });
+    });
+    app.post("/api/agents", localOnly, validateSecret, (req, res) => {
+        const result = (0, capability_manifest_1.parseManifestData)(req.body);
+        if (!result.success || !result.manifest) {
+            res.status(400).json({ error: result.error });
+            return;
+        }
+        const registered = (0, risk_engine_1.registerAgent)(result.manifest);
+        const risk = (0, risk_engine_1.assessAgentRisk)(registered);
+        res.json({ ...registered, risk });
+    });
+    app.post("/api/assess-action", localOnly, validateSecret, (req, res) => {
+        const { type, tool, command, url, path: filePath, agentId } = req.body;
+        if (!type) {
+            res.status(400).json({ error: "Missing 'type' field" });
+            return;
+        }
+        const assessment = (0, risk_engine_1.assessActionRisk)({ type, tool, command, url, path: filePath }, agentId);
+        res.json(assessment);
+    });
+    app.get("/api/manifest-template", localOnly, (req, res) => {
+        const framework = typeof req.query?.framework === "string" ? req.query.framework : undefined;
+        res.type("application/json").send((0, capability_manifest_1.generateManifestTemplate)(framework));
+    });
+    return new Promise((resolve, reject) => {
+        server = app.listen(port, host, () => {
+            console.log(`[Averecion Lite] http://${host}:${port}/clawguard`);
+            wss = new ws_1.WebSocketServer({ server: server });
+            wss.on("connection", (ws, req) => {
+                const allowRemote = process.env.LITE_ALLOW_REMOTE === "true";
+                const addr = req.socket.remoteAddress;
+                const isLocal = addr === "127.0.0.1" || addr === "::1" || addr === "::ffff:127.0.0.1";
+                if (!isLocal && allowRemote) {
+                    const url = new URL(req.url || "/", `http://${req.headers.host}`);
+                    const secret = url.searchParams.get("secret") || req.headers["x-lite-secret"];
+                    const expectedSecret = process.env.LITE_ADAPTER_SECRET;
+                    if (!expectedSecret || secret !== expectedSecret) {
+                        console.log("[WebSocket] Unauthorized remote connection rejected");
+                        ws.close(4001, "Unauthorized");
+                        return;
+                    }
+                }
+                console.log("[WebSocket] Client connected");
+                ws.send(JSON.stringify({ type: "connected", message: "Clawguard monitoring active" }));
+                const metrics = (0, metrics_1.getMetrics)(24);
+                ws.send(JSON.stringify({ type: "metrics", data: metrics }));
+                ws.on("close", () => {
+                    console.log("[WebSocket] Client disconnected");
+                });
+            });
+            const logWatcher = (0, log_watcher_1.startLogWatcher)();
+            logWatcher.on("toolEvent", (event) => {
+                broadcastToClients({
+                    type: "toolEvent",
+                    data: {
+                        tool: event.tool,
+                        runId: event.runId,
+                        toolCallId: event.toolCallId,
+                        phase: event.phase,
+                        timestamp: event.timestamp.toISOString(),
+                        analysis: event.analysis,
+                        actionEvent: event.actionEvent,
+                    }
+                });
+            });
+            logWatcher.on("toolComplete", (event) => {
+                broadcastToClients({
+                    type: "toolComplete",
+                    data: {
+                        tool: event.tool,
+                        runId: event.runId,
+                        toolCallId: event.toolCallId,
+                        duration: event.duration,
+                        timestamp: event.timestamp.toISOString(),
+                    }
+                });
+            });
+            resolve();
+        });
+        server.on("error", reject);
+    });
+}
+async function stopServer() {
+    (0, log_watcher_1.stopLogWatcher)();
+    return new Promise(resolve => {
+        if (wss) {
+            wss.close();
+            wss = null;
+        }
+        if (server) {
+            server.close(() => {
+                server = null;
+                resolve();
+            });
+        }
+        else {
+            resolve();
+        }
+    });
+}

package/dist/src/capability-manifest.d.ts

@@ -0,0 +1,16 @@
+import { AgentManifest, assessAgentRisk } from "./risk-engine";
+export interface ManifestParseResult {
+    success: boolean;
+    manifest?: AgentManifest;
+    error?: string;
+}
+export declare function parseManifestFile(filePath: string): ManifestParseResult;
+export declare function parseManifestData(data: Record<string, unknown>): ManifestParseResult;
+export declare function registerAgentFromManifest(filePath: string): {
+    success: boolean;
+    manifest?: AgentManifest;
+    risk?: ReturnType<typeof assessAgentRisk>;
+    error?: string;
+};
+export declare function generateManifestTemplate(framework?: string): string;
+//# sourceMappingURL=capability-manifest.d.ts.map

package/dist/src/capability-manifest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capability-manifest.d.ts","sourceRoot":"","sources":["../../src/capability-manifest.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAkC,eAAe,EAAE,MAAM,eAAe,CAAC;AAE/F,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAkCD,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,mBAAmB,CA+BvE;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,mBAAmB,CAqEpF;AAcD,wBAAgB,yBAAyB,CAAC,QAAQ,EAAE,MAAM,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,QAAQ,CAAC,EAAE,aAAa,CAAC;IAAC,IAAI,CAAC,EAAE,UAAU,CAAC,OAAO,eAAe,CAAC,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAWrK;AAED,wBAAgB,wBAAwB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAmCnE"}

package/dist/src/capability-manifest.js

@@ -0,0 +1,228 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseManifestFile = parseManifestFile;
+exports.parseManifestData = parseManifestData;
+exports.registerAgentFromManifest = registerAgentFromManifest;
+exports.generateManifestTemplate = generateManifestTemplate;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const risk_engine_1 = require("./risk-engine");
+const KNOWN_FRAMEWORKS = {
+    "clawdbot": [
+        { name: "execute", type: "shell", riskWeight: 80, description: "Execute shell commands" },
+        { name: "read", type: "filesystem", riskWeight: 20, description: "Read files" },
+        { name: "write", type: "filesystem", riskWeight: 50, description: "Write files" },
+        { name: "process", type: "process", riskWeight: 60, description: "Process management" },
+        { name: "http", type: "http", riskWeight: 30, description: "HTTP requests" },
+    ],
+    "claude-desktop": [
+        { name: "computer", type: "shell", riskWeight: 90, description: "Computer use capability" },
+        { name: "bash", type: "shell", riskWeight: 80, description: "Bash command execution" },
+        { name: "text_editor", type: "filesystem", riskWeight: 50, description: "Text file editing" },
+    ],
+    "langchain": [
+        { name: "shell", type: "shell", riskWeight: 80, description: "Shell tool" },
+        { name: "python_repl", type: "code", riskWeight: 85, description: "Python REPL" },
+        { name: "requests", type: "http", riskWeight: 40, description: "HTTP requests" },
+    ],
+    "autogpt": [
+        { name: "execute_shell", type: "shell", riskWeight: 80, description: "Shell execution" },
+        { name: "write_file", type: "filesystem", riskWeight: 50, description: "File writing" },
+        { name: "read_file", type: "filesystem", riskWeight: 20, description: "File reading" },
+        { name: "browse_website", type: "network", riskWeight: 40, description: "Web browsing" },
+        { name: "execute_python_code", type: "code", riskWeight: 85, description: "Python execution" },
+    ],
+    "openai-agents": [
+        { name: "code_interpreter", type: "code", riskWeight: 70, description: "Code interpreter" },
+        { name: "file_search", type: "filesystem", riskWeight: 20, description: "File search" },
+        { name: "function_calling", type: "custom", riskWeight: 50, description: "Function calls" },
+    ],
+};
+function parseManifestFile(filePath) {
+    try {
+        if (!fs.existsSync(filePath)) {
+            return { success: false, error: `File not found: ${filePath}` };
+        }
+        const content = fs.readFileSync(filePath, "utf-8");
+        const ext = path.extname(filePath).toLowerCase();
+        let data;
+        if (ext === ".yaml" || ext === ".yml") {
+            const lines = content.split("\n");
+            data = {};
+            let currentKey = "";
+            for (const line of lines) {
+                const match = line.match(/^(\w+):\s*(.*)$/);
+                if (match) {
+                    currentKey = match[1];
+                    data[currentKey] = match[2] || [];
+                }
+            }
+        }
+        else if (ext === ".json") {
+            data = JSON.parse(content);
+        }
+        else {
+            return { success: false, error: `Unsupported file format: ${ext}` };
+        }
+        return parseManifestData(data);
+    }
+    catch (err) {
+        return { success: false, error: `Parse error: ${err.message}` };
+    }
+}
+function parseManifestData(data) {
+    if (!data.id || typeof data.id !== "string") {
+        return { success: false, error: "Manifest must have an 'id' field" };
+    }
+    if (!data.name || typeof data.name !== "string") {
+        return { success: false, error: "Manifest must have a 'name' field" };
+    }
+    let capabilities = [];
+    if (data.framework && typeof data.framework === "string") {
+        const frameworkCaps = KNOWN_FRAMEWORKS[data.framework.toLowerCase()];
+        if (frameworkCaps) {
+            capabilities = [...frameworkCaps];
+        }
+    }
+    if (Array.isArray(data.capabilities)) {
+        for (const cap of data.capabilities) {
+            if (typeof cap === "string") {
+                capabilities.push({
+                    name: cap,
+                    type: inferCapabilityType(cap),
+                    riskWeight: 50
+                });
+            }
+            else if (typeof cap === "object" && cap !== null) {
+                const capObj = cap;
+                capabilities.push({
+                    name: String(capObj.name ?? "unknown"),
+                    type: capObj.type ?? inferCapabilityType(String(capObj.name ?? "")),
+                    description: capObj.description,
+                    permissions: Array.isArray(capObj.permissions) ? capObj.permissions.map(String) : undefined,
+                    riskWeight: typeof capObj.riskWeight === "number" ? capObj.riskWeight : 50
+                });
+            }
+        }
+    }
+    if (Array.isArray(data.tools)) {
+        for (const tool of data.tools) {
+            if (typeof tool === "string") {
+                capabilities.push({
+                    name: tool,
+                    type: inferCapabilityType(tool),
+                    riskWeight: 50
+                });
+            }
+            else if (typeof tool === "object" && tool !== null) {
+                const toolObj = tool;
+                capabilities.push({
+                    name: String(toolObj.name ?? toolObj.function ?? "unknown"),
+                    type: inferCapabilityType(String(toolObj.name ?? toolObj.function ?? "")),
+                    description: (toolObj.description ?? toolObj.desc),
+                    riskWeight: 50
+                });
+            }
+        }
+    }
+    const manifest = {
+        id: data.id,
+        name: data.name,
+        version: data.version,
+        framework: data.framework,
+        capabilities,
+        registeredAt: new Date().toISOString()
+    };
+    return { success: true, manifest };
+}
+function inferCapabilityType(name) {
+    const lowerName = name.toLowerCase();
+    if (/shell|bash|exec|terminal|command/.test(lowerName))
+        return "shell";
+    if (/http|api|request|fetch|curl/.test(lowerName))
+        return "http";
+    if (/file|read|write|fs|disk/.test(lowerName))
+        return "filesystem";
+    if (/process|spawn|kill|signal/.test(lowerName))
+        return "process";
+    if (/network|tcp|udp|socket|connect/.test(lowerName))
+        return "network";
+    return "custom";
+}
+function registerAgentFromManifest(filePath) {
+    const result = parseManifestFile(filePath);
+    if (!result.success || !result.manifest) {
+        return { success: false, error: result.error };
+    }
+    const registered = (0, risk_engine_1.registerAgent)(result.manifest);
+    const risk = (0, risk_engine_1.assessAgentRisk)(registered);
+    return { success: true, manifest: registered, risk };
+}
+function generateManifestTemplate(framework) {
+    const template = {
+        id: "my-agent",
+        name: "My AI Agent",
+        version: "1.0.0",
+        framework: framework ?? "custom",
+        capabilities: [
+            {
+                name: "shell",
+                type: "shell",
+                description: "Execute shell commands",
+                riskWeight: 80
+            },
+            {
+                name: "file_read",
+                type: "filesystem",
+                description: "Read files from disk",
+                riskWeight: 20
+            },
+            {
+                name: "file_write",
+                type: "filesystem",
+                description: "Write files to disk",
+                riskWeight: 50
+            },
+            {
+                name: "http_request",
+                type: "http",
+                description: "Make HTTP requests",
+                riskWeight: 30
+            }
+        ]
+    };
+    return JSON.stringify(template, null, 2);
+}

package/dist/src/http-proxy.d.ts

@@ -0,0 +1,4 @@
+import * as http from "http";
+export declare function createProxyServer(port?: number): http.Server;
+export declare function getProxyEnvVars(port?: number): Record<string, string>;
+//# sourceMappingURL=http-proxy.d.ts.map

package/dist/src/http-proxy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-proxy.d.ts","sourceRoot":"","sources":["../../src/http-proxy.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AA6M7B,wBAAgB,iBAAiB,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC,MAAM,CAgE5D;AAED,wBAAgB,eAAe,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAWrE"}