bulkhead-runtime 0.1.0 → 2026.4.5-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +337 -234
- package/dist/cli.js +5 -1
- package/dist/cli.js.map +1 -1
- package/dist/config/index.d.ts +28 -0
- package/dist/config/index.d.ts.map +1 -1
- package/dist/config/index.js +9 -6
- package/dist/config/index.js.map +1 -1
- package/dist/credentials/store.d.ts.map +1 -1
- package/dist/credentials/store.js +39 -15
- package/dist/credentials/store.js.map +1 -1
- package/dist/index.d.ts +18 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +38 -1
- package/dist/index.js.map +1 -1
- package/dist/infra/warning-filter.js +1 -1
- package/dist/infra/warning-filter.js.map +1 -1
- package/dist/logging/subsystem.d.ts +15 -1
- package/dist/logging/subsystem.d.ts.map +1 -1
- package/dist/logging/subsystem.js +310 -45
- package/dist/logging/subsystem.js.map +1 -1
- package/dist/memory/embedding-batch.d.ts +38 -0
- package/dist/memory/embedding-batch.d.ts.map +1 -0
- package/dist/memory/embedding-batch.js +253 -0
- package/dist/memory/embedding-batch.js.map +1 -0
- package/dist/memory/embedding-cache.d.ts +16 -0
- package/dist/memory/embedding-cache.d.ts.map +1 -0
- package/dist/memory/embedding-cache.js +113 -0
- package/dist/memory/embedding-cache.js.map +1 -0
- package/dist/memory/embeddings-debug.js +1 -1
- package/dist/memory/embeddings.d.ts +1 -0
- package/dist/memory/embeddings.d.ts.map +1 -1
- package/dist/memory/embeddings.js +115 -92
- package/dist/memory/embeddings.js.map +1 -1
- package/dist/memory/file-indexer.d.ts +26 -0
- package/dist/memory/file-indexer.d.ts.map +1 -0
- package/dist/memory/file-indexer.js +245 -0
- package/dist/memory/file-indexer.js.map +1 -0
- package/dist/memory/hybrid.d.ts.map +1 -1
- package/dist/memory/hybrid.js +6 -2
- package/dist/memory/hybrid.js.map +1 -1
- package/dist/memory/index.d.ts +5 -0
- package/dist/memory/index.d.ts.map +1 -1
- package/dist/memory/index.js +5 -2
- package/dist/memory/index.js.map +1 -1
- package/dist/memory/session-indexer.d.ts +41 -0
- package/dist/memory/session-indexer.d.ts.map +1 -0
- package/dist/memory/session-indexer.js +341 -0
- package/dist/memory/session-indexer.js.map +1 -0
- package/dist/memory/simple-manager.d.ts +6 -0
- package/dist/memory/simple-manager.d.ts.map +1 -1
- package/dist/memory/simple-manager.js +35 -12
- package/dist/memory/simple-manager.js.map +1 -1
- package/dist/memory/ssrf.d.ts +18 -0
- package/dist/memory/ssrf.d.ts.map +1 -0
- package/dist/memory/ssrf.js +316 -0
- package/dist/memory/ssrf.js.map +1 -0
- package/dist/package.json +8 -5
- package/dist/platform/platform.d.ts.map +1 -1
- package/dist/platform/platform.js +30 -7
- package/dist/platform/platform.js.map +1 -1
- package/dist/platform/types.d.ts +2 -0
- package/dist/platform/types.d.ts.map +1 -1
- package/dist/runtime/agent.d.ts +8 -0
- package/dist/runtime/agent.d.ts.map +1 -1
- package/dist/runtime/agent.js +194 -46
- package/dist/runtime/agent.js.map +1 -1
- package/dist/runtime/api-key-rotation.d.ts +26 -0
- package/dist/runtime/api-key-rotation.d.ts.map +1 -0
- package/dist/runtime/api-key-rotation.js +174 -0
- package/dist/runtime/api-key-rotation.js.map +1 -0
- package/dist/runtime/context-guard.d.ts +32 -0
- package/dist/runtime/context-guard.d.ts.map +1 -0
- package/dist/runtime/context-guard.js +61 -0
- package/dist/runtime/context-guard.js.map +1 -0
- package/dist/runtime/failover-error.d.ts +62 -0
- package/dist/runtime/failover-error.d.ts.map +1 -0
- package/dist/runtime/failover-error.js +733 -0
- package/dist/runtime/failover-error.js.map +1 -0
- package/dist/runtime/failover-policy.d.ts +5 -0
- package/dist/runtime/failover-policy.d.ts.map +1 -0
- package/dist/runtime/failover-policy.js +18 -0
- package/dist/runtime/failover-policy.js.map +1 -0
- package/dist/runtime/index.d.ts +11 -0
- package/dist/runtime/index.d.ts.map +1 -1
- package/dist/runtime/index.js +11 -0
- package/dist/runtime/index.js.map +1 -1
- package/dist/runtime/memory-flush.d.ts +24 -0
- package/dist/runtime/memory-flush.d.ts.map +1 -0
- package/dist/runtime/memory-flush.js +64 -0
- package/dist/runtime/memory-flush.js.map +1 -0
- package/dist/runtime/memory-tools.d.ts +14 -0
- package/dist/runtime/memory-tools.d.ts.map +1 -0
- package/dist/runtime/memory-tools.js +58 -0
- package/dist/runtime/memory-tools.js.map +1 -0
- package/dist/runtime/model-fallback.d.ts +56 -0
- package/dist/runtime/model-fallback.d.ts.map +1 -0
- package/dist/runtime/model-fallback.js +301 -0
- package/dist/runtime/model-fallback.js.map +1 -0
- package/dist/runtime/model-fallback.types.d.ts +14 -0
- package/dist/runtime/model-fallback.types.d.ts.map +1 -0
- package/dist/runtime/model-fallback.types.js +3 -0
- package/dist/runtime/model-fallback.types.js.map +1 -0
- package/dist/runtime/retry.d.ts +24 -0
- package/dist/runtime/retry.d.ts.map +1 -0
- package/dist/runtime/retry.js +102 -0
- package/dist/runtime/retry.js.map +1 -0
- package/dist/runtime/session-pruning.d.ts +22 -0
- package/dist/runtime/session-pruning.d.ts.map +1 -0
- package/dist/runtime/session-pruning.js +118 -0
- package/dist/runtime/session-pruning.js.map +1 -0
- package/dist/runtime/stream-adapters.d.ts +11 -0
- package/dist/runtime/stream-adapters.d.ts.map +1 -0
- package/dist/runtime/stream-adapters.js +46 -0
- package/dist/runtime/stream-adapters.js.map +1 -0
- package/dist/runtime/subagent.d.ts +83 -0
- package/dist/runtime/subagent.d.ts.map +1 -0
- package/dist/runtime/subagent.js +190 -0
- package/dist/runtime/subagent.js.map +1 -0
- package/dist/runtime/tool-result-truncation.d.ts +25 -0
- package/dist/runtime/tool-result-truncation.d.ts.map +1 -0
- package/dist/runtime/tool-result-truncation.js +115 -0
- package/dist/runtime/tool-result-truncation.js.map +1 -0
- package/dist/sandbox/cgroup.d.ts +4 -1
- package/dist/sandbox/cgroup.d.ts.map +1 -1
- package/dist/sandbox/cgroup.js +28 -15
- package/dist/sandbox/cgroup.js.map +1 -1
- package/dist/sandbox/index.d.ts +2 -1
- package/dist/sandbox/index.d.ts.map +1 -1
- package/dist/sandbox/index.js +2 -1
- package/dist/sandbox/index.js.map +1 -1
- package/dist/sandbox/ipc.d.ts +4 -1
- package/dist/sandbox/ipc.d.ts.map +1 -1
- package/dist/sandbox/ipc.js +33 -17
- package/dist/sandbox/ipc.js.map +1 -1
- package/dist/sandbox/manager.d.ts +1 -2
- package/dist/sandbox/manager.d.ts.map +1 -1
- package/dist/sandbox/manager.js +132 -130
- package/dist/sandbox/manager.js.map +1 -1
- package/dist/sandbox/namespace.d.ts +1 -1
- package/dist/sandbox/namespace.d.ts.map +1 -1
- package/dist/sandbox/namespace.js +36 -37
- package/dist/sandbox/namespace.js.map +1 -1
- package/dist/sandbox/rootfs.d.ts +6 -1
- package/dist/sandbox/rootfs.d.ts.map +1 -1
- package/dist/sandbox/rootfs.js +114 -30
- package/dist/sandbox/rootfs.js.map +1 -1
- package/dist/sandbox/seccomp-apply.d.ts +9 -0
- package/dist/sandbox/seccomp-apply.d.ts.map +1 -0
- package/dist/sandbox/seccomp-apply.js +227 -0
- package/dist/sandbox/seccomp-apply.js.map +1 -0
- package/dist/sandbox/seccomp.js +3 -3
- package/dist/sandbox/seccomp.js.map +1 -1
- package/dist/sandbox/types.d.ts +1 -3
- package/dist/sandbox/types.d.ts.map +1 -1
- package/dist/sandbox/types.js.map +1 -1
- package/dist/sandbox/worker.d.ts +3 -0
- package/dist/sandbox/worker.d.ts.map +1 -1
- package/dist/sandbox/worker.js +84 -17
- package/dist/sandbox/worker.js.map +1 -1
- package/dist/sessions/index.d.ts +1 -0
- package/dist/sessions/index.d.ts.map +1 -1
- package/dist/sessions/index.js +1 -0
- package/dist/sessions/index.js.map +1 -1
- package/dist/sessions/store.d.ts +2 -2
- package/dist/sessions/store.d.ts.map +1 -1
- package/dist/sessions/store.js +49 -27
- package/dist/sessions/store.js.map +1 -1
- package/dist/sessions/transcript-events.d.ts +11 -0
- package/dist/sessions/transcript-events.d.ts.map +1 -0
- package/dist/sessions/transcript-events.js +40 -0
- package/dist/sessions/transcript-events.js.map +1 -0
- package/dist/shared/agent-session.d.ts +10 -0
- package/dist/shared/agent-session.d.ts.map +1 -0
- package/dist/shared/agent-session.js +33 -0
- package/dist/shared/agent-session.js.map +1 -0
- package/dist/shared/constants.d.ts +6 -0
- package/dist/shared/constants.d.ts.map +1 -0
- package/dist/shared/constants.js +11 -0
- package/dist/shared/constants.js.map +1 -0
- package/dist/shared/fs.d.ts +7 -0
- package/dist/shared/fs.d.ts.map +1 -0
- package/dist/shared/fs.js +14 -0
- package/dist/shared/fs.js.map +1 -0
- package/dist/shared/index.d.ts +4 -0
- package/dist/shared/index.d.ts.map +1 -0
- package/dist/shared/index.js +4 -0
- package/dist/shared/index.js.map +1 -0
- package/dist/skills/enablement.d.ts.map +1 -1
- package/dist/skills/enablement.js +2 -2
- package/dist/skills/enablement.js.map +1 -1
- package/dist/workspace/runner.d.ts.map +1 -1
- package/dist/workspace/runner.js +353 -106
- package/dist/workspace/runner.js.map +1 -1
- package/dist/workspace/types.d.ts +1 -0
- package/dist/workspace/types.d.ts.map +1 -1
- package/dist/workspace/workspace.d.ts.map +1 -1
- package/dist/workspace/workspace.js +12 -3
- package/dist/workspace/workspace.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"simple-manager.js","sourceRoot":"","sources":["../../src/memory/simple-manager.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"simple-manager.js","sourceRoot":"","sources":["../../src/memory/simple-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAiB,QAAQ,EAAE,MAAM,eAAe,CAAC;AAC1F,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAGjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAuB,MAAM,sBAAsB,CAAC;AAE9F,MAAM,iBAAiB,GAAG,GAAG,CAAC;AAC9B,MAAM,wBAAwB,GAAG,MAAM,CAAC;AAmBxC,SAAS,UAAU;IACjB,OAAO,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,OAAmC;IAC3E,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACrD,MAAM,EAAE,YAAY,EAAE,GAAG,iBAAiB,EAAE,CAAC;IAC7C,MAAM,EAAE,GAAiB,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;IAElD,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IACrC,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAEtC,+CAA+C;IAC/C,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;GAcP,CAAC,CAAC;IAEH,IAAI,YAAY,GAAG,KAAK,CAAC;IACzB,IAAI,aAAa,GAAyC,IAAI,CAAC;IAC/D,IAAI,aAAa,GAAyC,IAAI,CAAC;IAC/D,IAAI,CAAC;QACH,EAAE,CAAC,IAAI,CAAC;;;KAGP,CAAC,CAAC;QACH,aAAa,GAAG,EAAE,CAAC,OAAO,CAAC,wEAAwE,CAAC,CAAC;QACrG,aAAa,GAAG,EAAE,CAAC,OAAO,CAAC,qCAAqC,CAAC,CAAC;QAClE,YAAY,GAAG,IAAI,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,qBAAqB;IACvB,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC;IACnD,MAAM,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IAE7E,MAAM,cAAc,GAAG,CAAC,OAAO,CAAC,oBAAoB,KAAK,KAAK,IAAI,QAAQ,CAAC;QACzE,CAAC,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC1B,CAAC,CAAC,IAAI,CAAC;IACT,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,IAAI,MAAM,CAAC;IAE1D,MAAM,UAAU,GAAG,EAAE,CAAC,OAAO,CAAC;;;GAG7B,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,EAAE,CAAC,OAAO,CAAC,iCAAiC,CAAC,CAAC;IACjE,MAAM,WAAW,GAAG,EAAE,CAAC,OAAO,CAAC,+EAA+E,CAAC,CAAC;IAChH,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,mCAAmC,CAAC,CAAC;IAEhE,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,OAAO,EAAE,QAAQ;YAC3B,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;YAE/B,IAAI,aAAa,GAAkB,IAAI,CAAC;YACxC,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC;oBACH,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;oBACzC,MAAM,MAAM,GAAG,cAAc,EAAE,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;oBAC7E,IAAI,GAAa,CAAC;oBAClB,IAAI,MAAM,EAAE,CAAC;wBACX,GAAG,GAAG,MAAM,CAAC;wBACb,kBAAkB,CAAC,sBAAsB,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;oBACvE,CAAC;yBAAM,CAAC;wBACN,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;wBACzC,cAAc,EAAE,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC,KAAK,EAAE,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;wBACnF,kBAAkB,CAAC,gBAAgB,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;oBACjE,CAAC;oBACD,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACtC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,kBAAkB,CAAC,kBAAkB,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACrE,CAAC;YACH,CAAC;YAED,UAAU,CAAC,GAAG,CACZ,EAAE,EAAE,OAAO,EAAE,aAAa,EAC1B,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAC1C,QAAQ,EAAE,IAAI,EAAE,aAAa,EAC7B,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,GAAG,CAChB,CAAC;YAEF,IAAI,aAAa,EAAE,CAAC;gBAClB,IAAI,CAAC;oBACH,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;gBAC1D,CAAC;gBAAC,MAAM,CAAC;oBACP,0DAA0D;gBAC5D,CAAC;YACH,CAAC;YAED,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI;YACtB,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,EAAE,CAAC;YAC1C,MAAM,QAAQ,GAAG,IAAI,EAAE,QAAQ,IAAI,CAAC,CAAC;YACrC,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,CAAC,CAAC,CAAC;YAEnD,gBAAgB;YAChB,IAAI,aAAa,GAAkI,EAAE,CAAC;YACtJ,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;oBAClD,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CACrB,wEAAwE,CACzE,CAAC,GAAG,CAAC,aAAa,EAAE,wBAAwB,CAAmC,CAAC;oBAEjF,MAAM,MAAM,GAA2D,EAAE,CAAC;oBAC1E,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;wBACvB,MAAM,SAAS,GAAG,cAAc,CAAC,GAAG,CAAC,SAAmB,CAAC,CAAC;wBAC1D,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;4BAAE,SAAS;wBACrC,MAAM,KAAK,GAAG,gBAAgB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;wBACpD,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;4BAAE,MAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;oBAC1D,CAAC;oBACD,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;oBAEzC,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;wBACvE,EAAE,EAAE,GAAG,CAAC,EAAY;wBACpB,IAAI,EAAG,GAAG,CAAC,IAAe,IAAI,EAAE;wBAChC,SAAS,EAAG,GAAG,CAAC,UAAqB,IAAI,CAAC;wBAC1C,OAAO,EAAG,GAAG,CAAC,QAAmB,IAAI,CAAC;wBACtC,MAAM,EAAG,GAAG,CAAC,MAAiB,IAAI,QAAQ;wBAC1C,OAAO,EAAE,CAAE,GAAG,CAAC,OAAkB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,iBAAiB,CAAC;wBACpE,WAAW,EAAE,KAAK;qBACnB,CAAC,CAAC,CAAC;gBACN,CAAC;gBAAC,MAAM,CAAC;oBACP,uBAAuB;gBACzB,CAAC;YACH,CAAC;YAED,kDAAkD;YAClD,IAAI,cAAc,GAAgI,EAAE,CAAC;YAErJ,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;gBACxC,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBAE7D,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;oBAC/B,MAAM,QAAQ,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;oBACrC,IAAI,CAAC,QAAQ;wBAAE,SAAS;oBACxB,IAAI,CAAC;wBACH,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CACrB,yHAAyH,CAC1H,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAyE,CAAC;wBAExG,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;4BACvB,cAAc,CAAC,IAAI,CAAC;gCAClB,EAAE,EAAE,GAAG,CAAC,EAAE;gCACV,IAAI,EAAE,EAAE;gCACR,SAAS,EAAE,CAAC;gCACZ,OAAO,EAAE,CAAC;gCACV,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,QAAQ;gCAC9B,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,iBAAiB,CAAC;gCAChD,SAAS,EAAE,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC;6BACrC,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC;wBACP,mBAAmB;oBACrB,CAAC;gBACH,CAAC;gBAED,8BAA8B;gBAC9B,MAAM,IAAI,GAAG,IAAI,GAAG,EAAsC,CAAC;gBAC3D,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;oBAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBAChC,IAAI,CAAC,QAAQ,IAAI,CAAC,CAAC,SAAS,GAAG,QAAQ,CAAC,SAAS;wBAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;gBACvE,CAAC;gBACD,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;YAC7C,CAAC;YAED,sCAAsC;YACtC,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC;gBACtC,MAAM,EAAE,aAAa;gBACrB,OAAO,EAAE,cAAc;gBACvB,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBAChC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;aAC/B,CAAC,CAAC;YAEH,OAAO,MAAM;iBACV,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,QAAQ,CAAC;iBAClC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAyB,CAAC;QAClD,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,EAAE;YACb,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAwC,CAAC;YACnE,IAAI,CAAC,GAAG;gBAAE,OAAO,KAAK,CAAC;YACvB,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACnB,IAAI,aAAa,EAAE,CAAC;gBAClB,IAAI,CAAC;oBACH,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACxB,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,KAAK,CAAC,IAAI;YACR,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,EAAyF,CAAC;YACtH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACtB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAA6B,CAAC,CAAC,CAAC,SAAS;gBACtF,SAAS,EAAE,CAAC,CAAC,UAAU;aACxB,CAAC,CAAC,CAAC;QACN,CAAC;QAED,KAAK,CAAC,KAAK;YACT,IAAI,cAAc,EAAE,CAAC;gBACnB,cAAc,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YACxC,CAAC;YACD,EAAE,CAAC,KAAK,EAAE,CAAC;QACb,CAAC;QAED,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC,CAAC,CAAC;QACvB,IAAI,cAAc,KAAK,OAAO,cAAc,CAAC,CAAC,CAAC;KAChD,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
export declare class SsrFBlockedError extends Error {
|
|
2
|
+
constructor(message: string);
|
|
3
|
+
}
|
|
4
|
+
export type SsrfPolicy = {
|
|
5
|
+
allowPrivateNetwork?: boolean;
|
|
6
|
+
allowedHostnames?: string[];
|
|
7
|
+
hostnameAllowlist?: string[];
|
|
8
|
+
};
|
|
9
|
+
export declare function isBlockedHostname(hostname: string): boolean;
|
|
10
|
+
export declare function isPrivateIpAddress(address: string): boolean;
|
|
11
|
+
export declare function isBlockedHostnameOrIp(hostname: string): boolean;
|
|
12
|
+
export declare function buildBaseUrlPolicy(baseUrl: string): SsrfPolicy | undefined;
|
|
13
|
+
export interface ValidateUrlResult {
|
|
14
|
+
resolvedAddresses: string[];
|
|
15
|
+
}
|
|
16
|
+
export declare function validateUrl(url: string, policy?: SsrfPolicy): Promise<ValidateUrlResult>;
|
|
17
|
+
export declare function fetchWithSsrfGuard(url: string, init: RequestInit, policy?: SsrfPolicy): Promise<Response>;
|
|
18
|
+
//# sourceMappingURL=ssrf.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ssrf.d.ts","sourceRoot":"","sources":["../../src/memory/ssrf.ts"],"names":[],"mappings":"AAUA,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM;CAI5B;AAED,MAAM,MAAM,UAAU,GAAG;IACvB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC9B,CAAC;AA6BF,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAI3D;AA8DD,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAgB3D;AAED,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAI/D;AAyBD,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAU1E;AAOD,MAAM,WAAW,iBAAiB;IAChC,iBAAiB,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,wBAAsB,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,iBAAiB,CAAC,CA4D9F;AAuBD,wBAAsB,kBAAkB,CACtC,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,WAAW,EACjB,MAAM,CAAC,EAAE,UAAU,GAClB,OAAO,CAAC,QAAQ,CAAC,CA+DnB"}
|
|
@@ -0,0 +1,316 @@
|
|
|
1
|
+
// Ported from OpenClaw src/infra/net/ssrf.ts + fetch-guard.ts
|
|
2
|
+
// DNS pinning: we resolve DNS ourselves, validate ALL IPs, then rewrite the
|
|
3
|
+
// URL to use the resolved IP directly and set a Host header. This pins the
|
|
4
|
+
// TCP connection to the validated IP, closing the TOCTOU window between
|
|
5
|
+
// DNS check and fetch()'s own resolution.
|
|
6
|
+
// Mitigation: fail-closed on DNS failure or empty results.
|
|
7
|
+
import * as dns from "node:dns/promises";
|
|
8
|
+
import * as net from "node:net";
|
|
9
|
+
export class SsrFBlockedError extends Error {
|
|
10
|
+
constructor(message) {
|
|
11
|
+
super(message);
|
|
12
|
+
this.name = "SsrFBlockedError";
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
// --- Hostname normalization ---
|
|
16
|
+
function normalizeHostname(hostname) {
|
|
17
|
+
const trimmed = hostname.trim().toLowerCase();
|
|
18
|
+
if (trimmed.startsWith("[") && trimmed.endsWith("]")) {
|
|
19
|
+
return trimmed.slice(1, -1);
|
|
20
|
+
}
|
|
21
|
+
return trimmed.replace(/\.+$/, "");
|
|
22
|
+
}
|
|
23
|
+
// --- Blocked hostnames (from OpenClaw) ---
|
|
24
|
+
const BLOCKED_HOSTNAMES = new Set([
|
|
25
|
+
"localhost",
|
|
26
|
+
"localhost.localdomain",
|
|
27
|
+
"metadata.google.internal",
|
|
28
|
+
]);
|
|
29
|
+
function isBlockedHostnameNormalized(normalized) {
|
|
30
|
+
if (BLOCKED_HOSTNAMES.has(normalized))
|
|
31
|
+
return true;
|
|
32
|
+
return (normalized.endsWith(".localhost") ||
|
|
33
|
+
normalized.endsWith(".local") ||
|
|
34
|
+
normalized.endsWith(".internal"));
|
|
35
|
+
}
|
|
36
|
+
export function isBlockedHostname(hostname) {
|
|
37
|
+
const normalized = normalizeHostname(hostname);
|
|
38
|
+
if (!normalized)
|
|
39
|
+
return false;
|
|
40
|
+
return isBlockedHostnameNormalized(normalized);
|
|
41
|
+
}
|
|
42
|
+
// --- IP validation (from OpenClaw) ---
|
|
43
|
+
function isCanonicalDottedDecimalIPv4(address) {
|
|
44
|
+
const parts = address.split(".");
|
|
45
|
+
if (parts.length !== 4)
|
|
46
|
+
return false;
|
|
47
|
+
for (const part of parts) {
|
|
48
|
+
if (!/^\d{1,3}$/.test(part))
|
|
49
|
+
return false;
|
|
50
|
+
const num = Number(part);
|
|
51
|
+
if (num < 0 || num > 255)
|
|
52
|
+
return false;
|
|
53
|
+
if (part.length > 1 && part.startsWith("0"))
|
|
54
|
+
return false;
|
|
55
|
+
}
|
|
56
|
+
return true;
|
|
57
|
+
}
|
|
58
|
+
function isLegacyIpv4Literal(address) {
|
|
59
|
+
return /^(?:0x[\da-f]+|\d+)(?:\.(?:0x[\da-f]+|\d+)){0,3}$/i.test(address);
|
|
60
|
+
}
|
|
61
|
+
function looksLikeUnsupportedIpv4Literal(address) {
|
|
62
|
+
const parts = address.split(".");
|
|
63
|
+
if (parts.length === 0 || parts.length > 4)
|
|
64
|
+
return false;
|
|
65
|
+
if (parts.some((part) => part.length === 0))
|
|
66
|
+
return true;
|
|
67
|
+
return parts.every((part) => /^[0-9]+$/.test(part) || /^0x/i.test(part));
|
|
68
|
+
}
|
|
69
|
+
function isBlockedSpecialUseIpv4(ip) {
|
|
70
|
+
if (!net.isIPv4(ip))
|
|
71
|
+
return false;
|
|
72
|
+
const parts = ip.split(".").map(Number);
|
|
73
|
+
const [a, b] = parts;
|
|
74
|
+
if (a === 0)
|
|
75
|
+
return true; // 0.0.0.0/8 "this network"
|
|
76
|
+
if (a === 10)
|
|
77
|
+
return true; // 10.0.0.0/8 RFC 1918
|
|
78
|
+
if (a === 100 && b >= 64 && b <= 127)
|
|
79
|
+
return true; // 100.64.0.0/10 CGN
|
|
80
|
+
if (a === 127)
|
|
81
|
+
return true; // 127.0.0.0/8 loopback
|
|
82
|
+
if (a === 169 && b === 254)
|
|
83
|
+
return true; // 169.254.0.0/16 link-local
|
|
84
|
+
if (a === 172 && b >= 16 && b <= 31)
|
|
85
|
+
return true; // 172.16.0.0/12 RFC 1918
|
|
86
|
+
if (a === 192 && b === 0 && parts[2] === 0)
|
|
87
|
+
return true; // 192.0.0.0/24 IETF protocol
|
|
88
|
+
if (a === 192 && b === 0 && parts[2] === 2)
|
|
89
|
+
return true; // 192.0.2.0/24 TEST-NET-1
|
|
90
|
+
if (a === 192 && b === 88 && parts[2] === 99)
|
|
91
|
+
return true; // 192.88.99.0/24 6to4 relay
|
|
92
|
+
if (a === 192 && b === 168)
|
|
93
|
+
return true; // 192.168.0.0/16 RFC 1918
|
|
94
|
+
if (a === 198 && (b === 18 || b === 19))
|
|
95
|
+
return true; // 198.18.0.0/15 benchmark
|
|
96
|
+
if (a === 198 && b === 51 && parts[2] === 100)
|
|
97
|
+
return true; // 198.51.100.0/24 TEST-NET-2
|
|
98
|
+
if (a === 203 && b === 0 && parts[2] === 113)
|
|
99
|
+
return true; // 203.0.113.0/24 TEST-NET-3
|
|
100
|
+
if (a >= 224)
|
|
101
|
+
return true; // 224.0.0.0/3 multicast + reserved
|
|
102
|
+
return false;
|
|
103
|
+
}
|
|
104
|
+
function isBlockedSpecialUseIpv6(ip) {
|
|
105
|
+
const lower = ip.toLowerCase();
|
|
106
|
+
if (lower === "::")
|
|
107
|
+
return true; // unspecified
|
|
108
|
+
if (lower === "::1")
|
|
109
|
+
return true; // loopback
|
|
110
|
+
if (lower.startsWith("fe80:"))
|
|
111
|
+
return true; // link-local
|
|
112
|
+
if (lower.startsWith("fc") || lower.startsWith("fd"))
|
|
113
|
+
return true; // ULA
|
|
114
|
+
if (lower.startsWith("ff"))
|
|
115
|
+
return true; // multicast
|
|
116
|
+
if (lower.startsWith("::ffff:")) {
|
|
117
|
+
const embedded = lower.slice(7);
|
|
118
|
+
if (net.isIPv4(embedded) && isBlockedSpecialUseIpv4(embedded))
|
|
119
|
+
return true;
|
|
120
|
+
}
|
|
121
|
+
return false;
|
|
122
|
+
}
|
|
123
|
+
export function isPrivateIpAddress(address) {
|
|
124
|
+
let normalized = address.trim().toLowerCase();
|
|
125
|
+
if (normalized.startsWith("[") && normalized.endsWith("]")) {
|
|
126
|
+
normalized = normalized.slice(1, -1);
|
|
127
|
+
}
|
|
128
|
+
if (!normalized)
|
|
129
|
+
return false;
|
|
130
|
+
if (net.isIPv4(normalized))
|
|
131
|
+
return isBlockedSpecialUseIpv4(normalized);
|
|
132
|
+
if (net.isIPv6(normalized))
|
|
133
|
+
return isBlockedSpecialUseIpv6(normalized);
|
|
134
|
+
// Malformed IPv6 literals: fail closed
|
|
135
|
+
if (normalized.includes(":") && !net.isIPv6(normalized))
|
|
136
|
+
return true;
|
|
137
|
+
if (!isCanonicalDottedDecimalIPv4(normalized) && isLegacyIpv4Literal(normalized))
|
|
138
|
+
return true;
|
|
139
|
+
if (looksLikeUnsupportedIpv4Literal(normalized))
|
|
140
|
+
return true;
|
|
141
|
+
return false;
|
|
142
|
+
}
|
|
143
|
+
export function isBlockedHostnameOrIp(hostname) {
|
|
144
|
+
const normalized = normalizeHostname(hostname);
|
|
145
|
+
if (!normalized)
|
|
146
|
+
return false;
|
|
147
|
+
return isBlockedHostnameNormalized(normalized) || isPrivateIpAddress(normalized);
|
|
148
|
+
}
|
|
149
|
+
// --- Hostname allowlist ---
|
|
150
|
+
function matchesHostnameAllowlist(hostname, allowlist) {
|
|
151
|
+
if (allowlist.length === 0)
|
|
152
|
+
return true;
|
|
153
|
+
return allowlist.some((pattern) => {
|
|
154
|
+
if (pattern.startsWith("*.")) {
|
|
155
|
+
const suffix = pattern.slice(2);
|
|
156
|
+
if (!suffix || hostname === suffix)
|
|
157
|
+
return false;
|
|
158
|
+
return hostname.endsWith(`.${suffix}`);
|
|
159
|
+
}
|
|
160
|
+
return hostname === pattern;
|
|
161
|
+
});
|
|
162
|
+
}
|
|
163
|
+
// --- Policy helpers ---
|
|
164
|
+
function shouldSkipPrivateNetworkChecks(hostname, policy) {
|
|
165
|
+
return (policy?.allowPrivateNetwork === true ||
|
|
166
|
+
new Set(policy?.allowedHostnames?.map(normalizeHostname)).has(hostname));
|
|
167
|
+
}
|
|
168
|
+
export function buildBaseUrlPolicy(baseUrl) {
|
|
169
|
+
const trimmed = baseUrl.trim();
|
|
170
|
+
if (!trimmed)
|
|
171
|
+
return undefined;
|
|
172
|
+
try {
|
|
173
|
+
const parsed = new URL(trimmed);
|
|
174
|
+
if (parsed.protocol !== "http:" && parsed.protocol !== "https:")
|
|
175
|
+
return undefined;
|
|
176
|
+
return { allowedHostnames: [parsed.hostname], hostnameAllowlist: [normalizeHostname(parsed.hostname)] };
|
|
177
|
+
}
|
|
178
|
+
catch {
|
|
179
|
+
return undefined;
|
|
180
|
+
}
|
|
181
|
+
}
|
|
182
|
+
// --- URL validation ---
|
|
183
|
+
const BLOCKED_HOST_OR_IP_MESSAGE = "Blocked hostname or private/internal/special-use IP address";
|
|
184
|
+
const BLOCKED_RESOLVED_IP_MESSAGE = "Blocked: resolves to private/internal/special-use IP address";
|
|
185
|
+
export async function validateUrl(url, policy) {
|
|
186
|
+
const parsed = new URL(url);
|
|
187
|
+
if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
|
|
188
|
+
throw new SsrFBlockedError(`SSRF: blocked non-HTTP protocol: ${parsed.protocol}`);
|
|
189
|
+
}
|
|
190
|
+
const hostname = normalizeHostname(parsed.hostname);
|
|
191
|
+
if (!hostname)
|
|
192
|
+
throw new SsrFBlockedError("SSRF: empty hostname");
|
|
193
|
+
const hostnameAllowlist = (policy?.hostnameAllowlist ?? []).map(normalizeHostname).filter(Boolean);
|
|
194
|
+
if (hostnameAllowlist.length > 0 && !matchesHostnameAllowlist(hostname, hostnameAllowlist)) {
|
|
195
|
+
throw new SsrFBlockedError(`Blocked hostname (not in allowlist): ${parsed.hostname}`);
|
|
196
|
+
}
|
|
197
|
+
if (!shouldSkipPrivateNetworkChecks(hostname, policy)) {
|
|
198
|
+
if (isBlockedHostnameOrIp(hostname)) {
|
|
199
|
+
throw new SsrFBlockedError(BLOCKED_HOST_OR_IP_MESSAGE);
|
|
200
|
+
}
|
|
201
|
+
// Resolve both IPv4 and IPv6 and check ALL results.
|
|
202
|
+
// Fail-closed: if DNS resolution fails entirely, block the request
|
|
203
|
+
// (we cannot verify the target IP is safe).
|
|
204
|
+
const allAddresses = [];
|
|
205
|
+
let v4Error = null;
|
|
206
|
+
let v6Error = null;
|
|
207
|
+
try {
|
|
208
|
+
const v4 = await dns.resolve4(hostname);
|
|
209
|
+
allAddresses.push(...v4);
|
|
210
|
+
}
|
|
211
|
+
catch (err) {
|
|
212
|
+
if (err instanceof SsrFBlockedError)
|
|
213
|
+
throw err;
|
|
214
|
+
v4Error = err;
|
|
215
|
+
}
|
|
216
|
+
try {
|
|
217
|
+
const v6 = await dns.resolve6(hostname);
|
|
218
|
+
allAddresses.push(...v6);
|
|
219
|
+
}
|
|
220
|
+
catch (err) {
|
|
221
|
+
if (err instanceof SsrFBlockedError)
|
|
222
|
+
throw err;
|
|
223
|
+
v6Error = err;
|
|
224
|
+
}
|
|
225
|
+
// Fail-closed: if we got zero resolved addresses (whether DNS errored
|
|
226
|
+
// or returned empty results) and the hostname is not a literal IP,
|
|
227
|
+
// block the request — we cannot verify the target IP is safe.
|
|
228
|
+
if (allAddresses.length === 0 && !net.isIP(hostname)) {
|
|
229
|
+
throw new SsrFBlockedError(`SSRF: unable to resolve hostname "${hostname}" — blocking (fail-closed)`);
|
|
230
|
+
}
|
|
231
|
+
for (const addr of allAddresses) {
|
|
232
|
+
if (isBlockedHostnameOrIp(addr)) {
|
|
233
|
+
throw new SsrFBlockedError(BLOCKED_RESOLVED_IP_MESSAGE);
|
|
234
|
+
}
|
|
235
|
+
}
|
|
236
|
+
return { resolvedAddresses: allAddresses };
|
|
237
|
+
}
|
|
238
|
+
return { resolvedAddresses: [] };
|
|
239
|
+
}
|
|
240
|
+
// --- Guarded fetch with redirect handling (from fetch-guard.ts) ---
|
|
241
|
+
const DEFAULT_MAX_REDIRECTS = 3;
|
|
242
|
+
function retainSafeHeadersForCrossOriginRedirect(headers) {
|
|
243
|
+
if (!headers)
|
|
244
|
+
return undefined;
|
|
245
|
+
const safe = {};
|
|
246
|
+
const headerObj = new Headers(headers);
|
|
247
|
+
const SAFE_HEADERS = new Set(["accept", "accept-language", "content-language", "content-type"]);
|
|
248
|
+
headerObj.forEach((value, key) => {
|
|
249
|
+
if (SAFE_HEADERS.has(key.toLowerCase())) {
|
|
250
|
+
safe[key] = value;
|
|
251
|
+
}
|
|
252
|
+
});
|
|
253
|
+
return Object.keys(safe).length > 0 ? safe : undefined;
|
|
254
|
+
}
|
|
255
|
+
function isRedirectStatus(status) {
|
|
256
|
+
return status === 301 || status === 302 || status === 303 || status === 307 || status === 308;
|
|
257
|
+
}
|
|
258
|
+
export async function fetchWithSsrfGuard(url, init, policy) {
|
|
259
|
+
const maxRedirects = DEFAULT_MAX_REDIRECTS;
|
|
260
|
+
const visited = new Set();
|
|
261
|
+
let currentUrl = url;
|
|
262
|
+
let currentInit = init ? { ...init } : undefined;
|
|
263
|
+
let redirectCount = 0;
|
|
264
|
+
while (true) {
|
|
265
|
+
let parsedUrl;
|
|
266
|
+
try {
|
|
267
|
+
parsedUrl = new URL(currentUrl);
|
|
268
|
+
}
|
|
269
|
+
catch {
|
|
270
|
+
throw new Error("Invalid URL: must be http or https");
|
|
271
|
+
}
|
|
272
|
+
if (!["http:", "https:"].includes(parsedUrl.protocol)) {
|
|
273
|
+
throw new Error("Invalid URL: must be http or https");
|
|
274
|
+
}
|
|
275
|
+
const validation = await validateUrl(currentUrl, policy);
|
|
276
|
+
let pinnedUrl = parsedUrl.toString();
|
|
277
|
+
let pinnedInit = currentInit ? { ...currentInit } : {};
|
|
278
|
+
if (validation.resolvedAddresses.length > 0) {
|
|
279
|
+
const pinnedIp = validation.resolvedAddresses[0];
|
|
280
|
+
const pinnedParsed = new URL(parsedUrl.toString());
|
|
281
|
+
const originalHost = pinnedParsed.host;
|
|
282
|
+
pinnedParsed.hostname = net.isIPv6(pinnedIp) ? `[${pinnedIp}]` : pinnedIp;
|
|
283
|
+
pinnedUrl = pinnedParsed.toString();
|
|
284
|
+
const headers = new Headers(pinnedInit.headers);
|
|
285
|
+
if (!headers.has("Host")) {
|
|
286
|
+
headers.set("Host", originalHost);
|
|
287
|
+
}
|
|
288
|
+
pinnedInit = { ...pinnedInit, headers };
|
|
289
|
+
}
|
|
290
|
+
const response = await fetch(pinnedUrl, {
|
|
291
|
+
...pinnedInit,
|
|
292
|
+
redirect: "manual",
|
|
293
|
+
});
|
|
294
|
+
if (isRedirectStatus(response.status)) {
|
|
295
|
+
const location = response.headers.get("location");
|
|
296
|
+
if (!location)
|
|
297
|
+
throw new Error(`Redirect missing location header (${response.status})`);
|
|
298
|
+
redirectCount += 1;
|
|
299
|
+
if (redirectCount > maxRedirects)
|
|
300
|
+
throw new Error(`Too many redirects (limit: ${maxRedirects})`);
|
|
301
|
+
const nextParsedUrl = new URL(location, parsedUrl);
|
|
302
|
+
const nextUrl = nextParsedUrl.toString();
|
|
303
|
+
if (visited.has(nextUrl))
|
|
304
|
+
throw new Error("Redirect loop detected");
|
|
305
|
+
if (nextParsedUrl.origin !== parsedUrl.origin && currentInit?.headers) {
|
|
306
|
+
const safeHeaders = retainSafeHeadersForCrossOriginRedirect(currentInit.headers);
|
|
307
|
+
currentInit = { ...currentInit, headers: safeHeaders };
|
|
308
|
+
}
|
|
309
|
+
visited.add(nextUrl);
|
|
310
|
+
currentUrl = nextUrl;
|
|
311
|
+
continue;
|
|
312
|
+
}
|
|
313
|
+
return response;
|
|
314
|
+
}
|
|
315
|
+
}
|
|
316
|
+
//# sourceMappingURL=ssrf.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ssrf.js","sourceRoot":"","sources":["../../src/memory/ssrf.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,4EAA4E;AAC5E,2EAA2E;AAC3E,wEAAwE;AACxE,0CAA0C;AAC1C,2DAA2D;AAE3D,OAAO,KAAK,GAAG,MAAM,mBAAmB,CAAC;AACzC,OAAO,KAAK,GAAG,MAAM,UAAU,CAAC;AAEhC,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACzC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAQD,iCAAiC;AAEjC,SAAS,iBAAiB,CAAC,QAAgB;IACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrD,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,4CAA4C;AAE5C,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,WAAW;IACX,uBAAuB;IACvB,0BAA0B;CAC3B,CAAC,CAAC;AAEH,SAAS,2BAA2B,CAAC,UAAkB;IACrD,IAAI,iBAAiB,CAAC,GAAG,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IACnD,OAAO,CACL,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC;QACjC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC7B,UAAU,CAAC,QAAQ,CAAC,WAAW,CAAC,CACjC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC/C,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAC9B,OAAO,2BAA2B,CAAC,UAAU,CAAC,CAAC;AACjD,CAAC;AAED,wCAAwC;AAExC,SAAS,4BAA4B,CAAC,OAAe;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,KAAK,CAAC;QAC1C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QACzB,IAAI,GAAG,GAAG,CAAC,IAAI,GAAG,GAAG,GAAG;YAAE,OAAO,KAAK,CAAC;QACvC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;IAC5D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAe;IAC1C,OAAO,oDAAoD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC5E,CAAC;AAED,SAAS,+BAA+B,CAAC,OAAe;IACtD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACzD,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACzD,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,uBAAuB,CAAC,EAAU;IACzC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QAAE,OAAO,KAAK,CAAC;IAClC,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;IACrB,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAa,2BAA2B;IACjE,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC,CAAY,sBAAsB;IAC5D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,GAAG;QAAE,OAAO,IAAI,CAAC,CAAE,oBAAoB;IACxE,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC,CAAW,uBAAuB;IAC7D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC,CAAE,4BAA4B;IACtE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC,CAAG,yBAAyB;IAC7E,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAE,6BAA6B;IACvF,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,CAAE,0BAA0B;IACpF,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,EAAE,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC,CAAC,4BAA4B;IACvF,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC,CAAE,0BAA0B;IACpE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,0BAA0B;IAChF,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,EAAE,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC,CAAC,6BAA6B;IACzF,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC,CAAE,4BAA4B;IACxF,IAAI,CAAC,IAAI,GAAG;QAAE,OAAO,IAAI,CAAC,CAAY,mCAAmC;IACzE,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,uBAAuB,CAAC,EAAU;IACzC,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC;IAC/B,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC,CAAU,cAAc;IACxD,IAAI,KAAK,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC,CAAS,WAAW;IACrD,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC,CAAE,aAAa;IAC1D,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,CAAC,MAAM;IACzE,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC,CAAE,YAAY;IACtD,IAAI,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChC,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,uBAAuB,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;IAC7E,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,IAAI,UAAU,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3D,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IACD,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAE9B,IAAI,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC;QAAE,OAAO,uBAAuB,CAAC,UAAU,CAAC,CAAC;IACvE,IAAI,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC;QAAE,OAAO,uBAAuB,CAAC,UAAU,CAAC,CAAC;IAEvE,uCAAuC;IACvC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAErE,IAAI,CAAC,4BAA4B,CAAC,UAAU,CAAC,IAAI,mBAAmB,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9F,IAAI,+BAA+B,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,MAAM,UAAU,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC/C,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAC9B,OAAO,2BAA2B,CAAC,UAAU,CAAC,IAAI,kBAAkB,CAAC,UAAU,CAAC,CAAC;AACnF,CAAC;AAED,6BAA6B;AAE7B,SAAS,wBAAwB,CAAC,QAAgB,EAAE,SAAmB;IACrE,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QAChC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAChC,IAAI,CAAC,MAAM,IAAI,QAAQ,KAAK,MAAM;gBAAE,OAAO,KAAK,CAAC;YACjD,OAAO,QAAQ,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,QAAQ,KAAK,OAAO,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,yBAAyB;AAEzB,SAAS,8BAA8B,CAAC,QAAgB,EAAE,MAAmB;IAC3E,OAAO,CACL,MAAM,EAAE,mBAAmB,KAAK,IAAI;QACpC,IAAI,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CACxE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QAChC,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QAClF,OAAO,EAAE,gBAAgB,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,iBAAiB,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;IAC1G,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,yBAAyB;AAEzB,MAAM,0BAA0B,GAAG,6DAA6D,CAAC;AACjG,MAAM,2BAA2B,GAAG,8DAA8D,CAAC;AAMnG,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,GAAW,EAAE,MAAmB;IAChE,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChE,MAAM,IAAI,gBAAgB,CAAC,oCAAoC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpD,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;IAElE,MAAM,iBAAiB,GAAG,CAAC,MAAM,EAAE,iBAAiB,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACnG,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,wBAAwB,CAAC,QAAQ,EAAE,iBAAiB,CAAC,EAAE,CAAC;QAC3F,MAAM,IAAI,gBAAgB,CAAC,wCAAwC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IACxF,CAAC;IAED,IAAI,CAAC,8BAA8B,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC;QACtD,IAAI,qBAAqB,CAAC,QAAQ,CAAC,EAAE,CAAC;YACpC,MAAM,IAAI,gBAAgB,CAAC,0BAA0B,CAAC,CAAC;QACzD,CAAC;QAED,oDAAoD;QACpD,mEAAmE;QACnE,4CAA4C;QAC5C,MAAM,YAAY,GAAa,EAAE,CAAC;QAClC,IAAI,OAAO,GAAY,IAAI,CAAC;QAC5B,IAAI,OAAO,GAAY,IAAI,CAAC;QAE5B,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxC,YAAY,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,gBAAgB;gBAAE,MAAM,GAAG,CAAC;YAC/C,OAAO,GAAG,GAAG,CAAC;QAChB,CAAC;QACD,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACxC,YAAY,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,gBAAgB;gBAAE,MAAM,GAAG,CAAC;YAC/C,OAAO,GAAG,GAAG,CAAC;QAChB,CAAC;QAED,sEAAsE;QACtE,mEAAmE;QACnE,8DAA8D;QAC9D,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrD,MAAM,IAAI,gBAAgB,CACxB,qCAAqC,QAAQ,4BAA4B,CAC1E,CAAC;QACJ,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;YAChC,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,MAAM,IAAI,gBAAgB,CAAC,2BAA2B,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC;QAED,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,CAAC;IAC7C,CAAC;IAED,OAAO,EAAE,iBAAiB,EAAE,EAAE,EAAE,CAAC;AACnC,CAAC;AAED,qEAAqE;AAErE,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAEhC,SAAS,uCAAuC,CAAC,OAAqB;IACpE,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAC/B,MAAM,IAAI,GAA2B,EAAE,CAAC;IACxC,MAAM,SAAS,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC;IACvC,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,cAAc,CAAC,CAAC,CAAC;IAChG,SAAS,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC/B,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACxC,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACpB,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AACzD,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAc;IACtC,OAAO,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,CAAC;AAChG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,GAAW,EACX,IAAiB,EACjB,MAAmB;IAEnB,MAAM,YAAY,GAAG,qBAAqB,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,IAAI,UAAU,GAAG,GAAG,CAAC;IACrB,IAAI,WAAW,GAA4B,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;IAC1E,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,OAAO,IAAI,EAAE,CAAC;QACZ,IAAI,SAAc,CAAC;QACnB,IAAI,CAAC;YACH,SAAS,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAEzD,IAAI,SAAS,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC;QACrC,IAAI,UAAU,GAAG,WAAW,CAAC,CAAC,CAAC,EAAE,GAAG,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvD,IAAI,UAAU,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5C,MAAM,QAAQ,GAAG,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;YACjD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;YACnD,MAAM,YAAY,GAAG,YAAY,CAAC,IAAI,CAAC;YACvC,YAAY,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,QAAQ,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;YAC1E,SAAS,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC;YACpC,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAChD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;YACpC,CAAC;YACD,UAAU,GAAG,EAAE,GAAG,UAAU,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YACtC,GAAG,UAAU;YACb,QAAQ,EAAE,QAAQ;SACnB,CAAC,CAAC;QAEH,IAAI,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAClD,IAAI,CAAC,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;YAExF,aAAa,IAAI,CAAC,CAAC;YACnB,IAAI,aAAa,GAAG,YAAY;gBAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,YAAY,GAAG,CAAC,CAAC;YAEjG,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;YACnD,MAAM,OAAO,GAAG,aAAa,CAAC,QAAQ,EAAE,CAAC;YACzC,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;YAEpE,IAAI,aAAa,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM,IAAI,WAAW,EAAE,OAAO,EAAE,CAAC;gBACtE,MAAM,WAAW,GAAG,uCAAuC,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;gBACjF,WAAW,GAAG,EAAE,GAAG,WAAW,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;YACzD,CAAC;YAED,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACrB,UAAU,GAAG,OAAO,CAAC;YACrB,SAAS;QACX,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC"}
|
package/dist/package.json
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
{
|
|
2
|
-
"name": "
|
|
3
|
-
"version": "
|
|
4
|
-
"description": "
|
|
2
|
+
"name": "bulkhead-runtime",
|
|
3
|
+
"version": "2026.4.5-beta.1",
|
|
4
|
+
"description": "Multi-tenant AI agent runtime with OS-level isolation. Sandboxed execution, encrypted credentials, private memory per tenant — one server, no Docker.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"repository": {
|
|
7
7
|
"type": "git",
|
|
8
|
-
"url": "git+https://github.com/tonga54/
|
|
8
|
+
"url": "git+https://github.com/tonga54/bulkhead-runtime.git"
|
|
9
9
|
},
|
|
10
10
|
"type": "module",
|
|
11
11
|
"main": "index.js",
|
|
12
12
|
"types": "index.d.ts",
|
|
13
13
|
"bin": {
|
|
14
|
-
"
|
|
14
|
+
"bulkhead-runtime": "dist/cli.js"
|
|
15
15
|
},
|
|
16
16
|
"exports": {
|
|
17
17
|
".": {
|
|
@@ -32,5 +32,8 @@
|
|
|
32
32
|
"engines": {
|
|
33
33
|
"node": ">=22.12.0"
|
|
34
34
|
},
|
|
35
|
+
"os": [
|
|
36
|
+
"linux"
|
|
37
|
+
],
|
|
35
38
|
"packageManager": "pnpm@10.23.0"
|
|
36
39
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"platform.d.ts","sourceRoot":"","sources":["../../src/platform/platform.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"platform.d.ts","sourceRoot":"","sources":["../../src/platform/platform.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAc3D,wBAAgB,cAAc,CAAC,MAAM,EAAE,cAAc,GAAG,QAAQ,CAyF/D"}
|
|
@@ -2,13 +2,21 @@ import * as fs from "node:fs";
|
|
|
2
2
|
import * as path from "node:path";
|
|
3
3
|
import { createWorkspace, validateWorkspaceId, loadWorkspaceConfig, } from "../workspace/workspace.js";
|
|
4
4
|
import { createSkillRegistry } from "../skills/registry.js";
|
|
5
|
+
const PLATFORM_SENSITIVE_PATHS = new Set([
|
|
6
|
+
"/", "/root", "/proc", "/sys", "/dev", "/boot", "/run",
|
|
7
|
+
"/tmp", "/var", "/etc", "/bin", "/sbin", "/usr", "/lib",
|
|
8
|
+
]);
|
|
5
9
|
export function createPlatform(config) {
|
|
6
10
|
const { stateDir } = config;
|
|
11
|
+
const resolvedStateDir = path.resolve(stateDir);
|
|
12
|
+
if (PLATFORM_SENSITIVE_PATHS.has(resolvedStateDir)) {
|
|
13
|
+
throw new Error(`stateDir "${stateDir}" references a sensitive system path`);
|
|
14
|
+
}
|
|
7
15
|
const skillsDir = config.skillsDir ?? path.join(stateDir, "skills");
|
|
8
16
|
const workspacesDir = path.join(stateDir, "workspaces");
|
|
9
|
-
fs.mkdirSync(stateDir, { recursive: true });
|
|
10
|
-
fs.mkdirSync(skillsDir, { recursive: true });
|
|
11
|
-
fs.mkdirSync(workspacesDir, { recursive: true });
|
|
17
|
+
fs.mkdirSync(stateDir, { recursive: true, mode: 0o700 });
|
|
18
|
+
fs.mkdirSync(skillsDir, { recursive: true, mode: 0o700 });
|
|
19
|
+
fs.mkdirSync(workspacesDir, { recursive: true, mode: 0o700 });
|
|
12
20
|
const skills = createSkillRegistry(skillsDir);
|
|
13
21
|
return {
|
|
14
22
|
stateDir,
|
|
@@ -16,10 +24,19 @@ export function createPlatform(config) {
|
|
|
16
24
|
async createWorkspace(userId, wsConfig) {
|
|
17
25
|
validateWorkspaceId(userId);
|
|
18
26
|
const wsDir = path.join(workspacesDir, userId);
|
|
19
|
-
|
|
20
|
-
|
|
27
|
+
try {
|
|
28
|
+
fs.mkdirSync(wsDir, { mode: 0o700 });
|
|
29
|
+
}
|
|
30
|
+
catch (err) {
|
|
31
|
+
if (err.code === "EEXIST") {
|
|
32
|
+
throw new Error(`Workspace "${userId}" already exists`);
|
|
33
|
+
}
|
|
34
|
+
throw err;
|
|
21
35
|
}
|
|
22
|
-
const mergedConfig = {
|
|
36
|
+
const mergedConfig = {
|
|
37
|
+
credentialPassphrase: config.credentialPassphrase,
|
|
38
|
+
...wsConfig,
|
|
39
|
+
};
|
|
23
40
|
return createWorkspace({
|
|
24
41
|
userId,
|
|
25
42
|
stateDir,
|
|
@@ -34,6 +51,9 @@ export function createPlatform(config) {
|
|
|
34
51
|
throw new Error(`Workspace "${userId}" does not exist`);
|
|
35
52
|
}
|
|
36
53
|
const wsConfig = loadWorkspaceConfig(wsDir);
|
|
54
|
+
if (!wsConfig.credentialPassphrase && config.credentialPassphrase) {
|
|
55
|
+
wsConfig.credentialPassphrase = config.credentialPassphrase;
|
|
56
|
+
}
|
|
37
57
|
return createWorkspace({
|
|
38
58
|
userId,
|
|
39
59
|
stateDir,
|
|
@@ -44,7 +64,10 @@ export function createPlatform(config) {
|
|
|
44
64
|
async listWorkspaces() {
|
|
45
65
|
try {
|
|
46
66
|
const entries = fs.readdirSync(workspacesDir, { withFileTypes: true });
|
|
47
|
-
return entries
|
|
67
|
+
return entries
|
|
68
|
+
.filter((e) => e.isDirectory())
|
|
69
|
+
.filter((e) => fs.existsSync(path.join(workspacesDir, e.name, "config.json")))
|
|
70
|
+
.map((e) => e.name);
|
|
48
71
|
}
|
|
49
72
|
catch {
|
|
50
73
|
return [];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"platform.js","sourceRoot":"","sources":["../../src/platform/platform.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAGlC,OAAO,EACL,eAAe,EACf,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,MAAM,UAAU,cAAc,CAAC,MAAsB;IACnD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;IAC5B,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACpE,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAExD,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"platform.js","sourceRoot":"","sources":["../../src/platform/platform.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAGlC,OAAO,EACL,eAAe,EACf,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAE5D,MAAM,wBAAwB,GAAG,IAAI,GAAG,CAAC;IACvC,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IACtD,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM;CACxD,CAAC,CAAC;AAEH,MAAM,UAAU,cAAc,CAAC,MAAsB;IACnD,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;IAC5B,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAChD,IAAI,wBAAwB,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,aAAa,QAAQ,sCAAsC,CAAC,CAAC;IAC/E,CAAC;IACD,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACpE,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAExD,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1D,EAAE,CAAC,SAAS,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAE9D,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;IAE9C,OAAO;QACL,QAAQ;QACR,MAAM;QAEN,KAAK,CAAC,eAAe,CAAC,MAAM,EAAE,QAAQ;YACpC,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YAC/C,IAAI,CAAC;gBACH,EAAE,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YACvC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACrD,MAAM,IAAI,KAAK,CAAC,cAAc,MAAM,kBAAkB,CAAC,CAAC;gBAC1D,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;YAED,MAAM,YAAY,GAAoB;gBACpC,oBAAoB,EAAE,MAAM,CAAC,oBAAoB;gBACjD,GAAG,QAAQ;aACZ,CAAC;YACF,OAAO,eAAe,CAAC;gBACrB,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,YAAY;gBACpB,aAAa,EAAE,MAAM;aACtB,CAAC,CAAC;QACL,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,MAAM;YACvB,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YAC/C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,cAAc,MAAM,kBAAkB,CAAC,CAAC;YAC1D,CAAC;YAED,MAAM,QAAQ,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAC5C,IAAI,CAAC,QAAQ,CAAC,oBAAoB,IAAI,MAAM,CAAC,oBAAoB,EAAE,CAAC;gBAClE,QAAQ,CAAC,oBAAoB,GAAG,MAAM,CAAC,oBAAoB,CAAC;YAC9D,CAAC;YACD,OAAO,eAAe,CAAC;gBACrB,MAAM;gBACN,QAAQ;gBACR,MAAM,EAAE,QAAQ;gBAChB,aAAa,EAAE,MAAM;aACtB,CAAC,CAAC;QACL,CAAC;QAED,KAAK,CAAC,cAAc;YAClB,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,aAAa,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;gBACvE,OAAO,OAAO;qBACX,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;qBAC9B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC;qBAC7E,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACxB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,KAAK,CAAC,eAAe,CAAC,MAAM;YAC1B,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YAC/C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,cAAc,MAAM,kBAAkB,CAAC,CAAC;YAC1D,CAAC;YACD,EAAE,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,KAAK,CAAC,eAAe,CAAC,MAAM;YAC1B,mBAAmB,CAAC,MAAM,CAAC,CAAC;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YAC/C,OAAO,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC9B,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/dist/platform/types.d.ts
CHANGED
|
@@ -3,6 +3,8 @@ import type { SkillRegistry } from "../skills/registry.js";
|
|
|
3
3
|
export interface PlatformConfig {
|
|
4
4
|
stateDir: string;
|
|
5
5
|
skillsDir?: string;
|
|
6
|
+
/** Default passphrase for credential encryption. Falls back to BULKHEAD_CREDENTIAL_KEY env var. */
|
|
7
|
+
credentialPassphrase?: string;
|
|
6
8
|
}
|
|
7
9
|
export interface Platform {
|
|
8
10
|
readonly stateDir: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/platform/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAE3D,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/platform/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAE3D,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mGAAmG;IACnG,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;IAE/B,eAAe,CACb,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,GAChC,OAAO,CAAC,SAAS,CAAC,CAAC;IACtB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACjD,cAAc,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACpC,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/C,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACnD"}
|
package/dist/runtime/agent.d.ts
CHANGED
|
@@ -8,15 +8,23 @@ export interface AgentRunOptions {
|
|
|
8
8
|
model?: string;
|
|
9
9
|
provider?: string;
|
|
10
10
|
apiKey?: string;
|
|
11
|
+
apiKeys?: string[];
|
|
11
12
|
workspaceDir?: string;
|
|
12
13
|
systemPrompt?: string;
|
|
13
14
|
configPath?: string;
|
|
14
15
|
tools?: ToolDefinition[];
|
|
15
16
|
onEvent?: AgentSessionEventListener;
|
|
17
|
+
fallbacks?: string[];
|
|
18
|
+
contextTokens?: number;
|
|
19
|
+
maxRetries?: number;
|
|
20
|
+
enableSubagents?: boolean;
|
|
16
21
|
}
|
|
17
22
|
export interface AgentRunResult {
|
|
18
23
|
response: string;
|
|
19
24
|
sessionId: string;
|
|
25
|
+
provider?: string;
|
|
26
|
+
model?: string;
|
|
27
|
+
fallbackUsed?: boolean;
|
|
20
28
|
}
|
|
21
29
|
export interface AgentRuntime {
|
|
22
30
|
run(options: AgentRunOptions): Promise<AgentRunResult>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../../src/runtime/agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAKL,KAAK,yBAAyB,EAE9B,KAAK,cAAc,EACpB,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EAAoB,KAAK,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAA6B,KAAK,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAOzF,OAAO,EAGL,KAAK,kBAAkB,EACxB,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"agent.d.ts","sourceRoot":"","sources":["../../src/runtime/agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAKL,KAAK,yBAAyB,EAE9B,KAAK,cAAc,EACpB,MAAM,+BAA+B,CAAC;AAEvC,OAAO,EAAoB,KAAK,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACtE,OAAO,EAA6B,KAAK,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAOzF,OAAO,EAGL,KAAK,kBAAkB,EACxB,MAAM,oBAAoB,CAAC;AAqC5B,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,cAAc,EAAE,CAAC;IACzB,OAAO,CAAC,EAAE,yBAAyB,CAAC;IACpC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,YAAY;IAC3B,GAAG,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IACvD,KAAK,EAAE,UAAU,CAAC;IAClB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,MAAM,EAAE,kBAAkB,CAAC;CAC5B;AAQD,wBAAsB,aAAa,CACjC,SAAS,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,GACtC,OAAO,CAAC,YAAY,CAAC,CAyRvB"}
|