npm - clawsec - Versions diffs - 0.0.1 - Mend

clawsec 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (361) hide show

package/README.md +560 -0
package/dist/bin/clawsec.d.ts +7 -0
package/dist/bin/clawsec.d.ts.map +1 -0
package/dist/bin/clawsec.js +12 -0
package/dist/bin/clawsec.js.map +1 -0
package/dist/src/actions/block.d.ts +22 -0
package/dist/src/actions/block.d.ts.map +1 -0
package/dist/src/actions/block.js +83 -0
package/dist/src/actions/block.js.map +1 -0
package/dist/src/actions/confirm.d.ts +35 -0
package/dist/src/actions/confirm.d.ts.map +1 -0
package/dist/src/actions/confirm.js +156 -0
package/dist/src/actions/confirm.js.map +1 -0
package/dist/src/actions/executor.d.ts +64 -0
package/dist/src/actions/executor.d.ts.map +1 -0
package/dist/src/actions/executor.js +114 -0
package/dist/src/actions/executor.js.map +1 -0
package/dist/src/actions/index.d.ts +13 -0
package/dist/src/actions/index.d.ts.map +1 -0
package/dist/src/actions/index.js +15 -0
package/dist/src/actions/index.js.map +1 -0
package/dist/src/actions/log.d.ts +19 -0
package/dist/src/actions/log.d.ts.map +1 -0
package/dist/src/actions/log.js +63 -0
package/dist/src/actions/log.js.map +1 -0
package/dist/src/actions/types.d.ts +85 -0
package/dist/src/actions/types.d.ts.map +1 -0
package/dist/src/actions/types.js +78 -0
package/dist/src/actions/types.js.map +1 -0
package/dist/src/actions/warn.d.ts +22 -0
package/dist/src/actions/warn.d.ts.map +1 -0
package/dist/src/actions/warn.js +84 -0
package/dist/src/actions/warn.js.map +1 -0
package/dist/src/approval/agent-confirm.d.ts +104 -0
package/dist/src/approval/agent-confirm.d.ts.map +1 -0
package/dist/src/approval/agent-confirm.js +173 -0
package/dist/src/approval/agent-confirm.js.map +1 -0
package/dist/src/approval/index.d.ts +14 -0
package/dist/src/approval/index.d.ts.map +1 -0
package/dist/src/approval/index.js +9 -0
package/dist/src/approval/index.js.map +1 -0
package/dist/src/approval/native.d.ts +56 -0
package/dist/src/approval/native.d.ts.map +1 -0
package/dist/src/approval/native.js +196 -0
package/dist/src/approval/native.js.map +1 -0
package/dist/src/approval/store.d.ts +88 -0
package/dist/src/approval/store.d.ts.map +1 -0
package/dist/src/approval/store.js +192 -0
package/dist/src/approval/store.js.map +1 -0
package/dist/src/approval/types.d.ts +119 -0
package/dist/src/approval/types.d.ts.map +1 -0
package/dist/src/approval/types.js +6 -0
package/dist/src/approval/types.js.map +1 -0
package/dist/src/approval/webhook.d.ts +170 -0
package/dist/src/approval/webhook.d.ts.map +1 -0
package/dist/src/approval/webhook.js +362 -0
package/dist/src/approval/webhook.js.map +1 -0
package/dist/src/cli/commands/audit.d.ts +43 -0
package/dist/src/cli/commands/audit.d.ts.map +1 -0
package/dist/src/cli/commands/audit.js +115 -0
package/dist/src/cli/commands/audit.js.map +1 -0
package/dist/src/cli/commands/feedback.d.ts +27 -0
package/dist/src/cli/commands/feedback.d.ts.map +1 -0
package/dist/src/cli/commands/feedback.js +228 -0
package/dist/src/cli/commands/feedback.js.map +1 -0
package/dist/src/cli/commands/index.d.ts +11 -0
package/dist/src/cli/commands/index.d.ts.map +1 -0
package/dist/src/cli/commands/index.js +13 -0
package/dist/src/cli/commands/index.js.map +1 -0
package/dist/src/cli/commands/status.d.ts +20 -0
package/dist/src/cli/commands/status.d.ts.map +1 -0
package/dist/src/cli/commands/status.js +122 -0
package/dist/src/cli/commands/status.js.map +1 -0
package/dist/src/cli/commands/test.d.ts +23 -0
package/dist/src/cli/commands/test.d.ts.map +1 -0
package/dist/src/cli/commands/test.js +134 -0
package/dist/src/cli/commands/test.js.map +1 -0
package/dist/src/cli/commands/types.d.ts +81 -0
package/dist/src/cli/commands/types.d.ts.map +1 -0
package/dist/src/cli/commands/types.js +6 -0
package/dist/src/cli/commands/types.js.map +1 -0
package/dist/src/cli/index.d.ts +17 -0
package/dist/src/cli/index.d.ts.map +1 -0
package/dist/src/cli/index.js +267 -0
package/dist/src/cli/index.js.map +1 -0
package/dist/src/config/defaults.d.ts +20 -0
package/dist/src/config/defaults.d.ts.map +1 -0
package/dist/src/config/defaults.js +123 -0
package/dist/src/config/defaults.js.map +1 -0
package/dist/src/config/index.d.ts +8 -0
package/dist/src/config/index.d.ts.map +1 -0
package/dist/src/config/index.js +41 -0
package/dist/src/config/index.js.map +1 -0
package/dist/src/config/loader.d.ts +99 -0
package/dist/src/config/loader.d.ts.map +1 -0
package/dist/src/config/loader.js +242 -0
package/dist/src/config/loader.js.map +1 -0
package/dist/src/config/schema.d.ts +627 -0
package/dist/src/config/schema.d.ts.map +1 -0
package/dist/src/config/schema.js +585 -0
package/dist/src/config/schema.js.map +1 -0
package/dist/src/detectors/destructive/cloud-detector.d.ts +51 -0
package/dist/src/detectors/destructive/cloud-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/cloud-detector.js +556 -0
package/dist/src/detectors/destructive/cloud-detector.js.map +1 -0
package/dist/src/detectors/destructive/code-detector.d.ts +59 -0
package/dist/src/detectors/destructive/code-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/code-detector.js +558 -0
package/dist/src/detectors/destructive/code-detector.js.map +1 -0
package/dist/src/detectors/destructive/index.d.ts +54 -0
package/dist/src/detectors/destructive/index.d.ts.map +1 -0
package/dist/src/detectors/destructive/index.js +168 -0
package/dist/src/detectors/destructive/index.js.map +1 -0
package/dist/src/detectors/destructive/shell-detector.d.ts +43 -0
package/dist/src/detectors/destructive/shell-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/shell-detector.js +302 -0
package/dist/src/detectors/destructive/shell-detector.js.map +1 -0
package/dist/src/detectors/destructive/types.d.ts +143 -0
package/dist/src/detectors/destructive/types.d.ts.map +1 -0
package/dist/src/detectors/destructive/types.js +6 -0
package/dist/src/detectors/destructive/types.js.map +1 -0
package/dist/src/detectors/exfiltration/cloud-detector.d.ts +51 -0
package/dist/src/detectors/exfiltration/cloud-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/cloud-detector.js +427 -0
package/dist/src/detectors/exfiltration/cloud-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/http-detector.d.ts +47 -0
package/dist/src/detectors/exfiltration/http-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/http-detector.js +429 -0
package/dist/src/detectors/exfiltration/http-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/index.d.ts +44 -0
package/dist/src/detectors/exfiltration/index.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/index.js +118 -0
package/dist/src/detectors/exfiltration/index.js.map +1 -0
package/dist/src/detectors/exfiltration/network-detector.d.ts +55 -0
package/dist/src/detectors/exfiltration/network-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/network-detector.js +504 -0
package/dist/src/detectors/exfiltration/network-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/types.d.ts +139 -0
package/dist/src/detectors/exfiltration/types.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/types.js +6 -0
package/dist/src/detectors/exfiltration/types.js.map +1 -0
package/dist/src/detectors/purchase/domain-detector.d.ts +44 -0
package/dist/src/detectors/purchase/domain-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/domain-detector.js +296 -0
package/dist/src/detectors/purchase/domain-detector.js.map +1 -0
package/dist/src/detectors/purchase/form-detector.d.ts +27 -0
package/dist/src/detectors/purchase/form-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/form-detector.js +344 -0
package/dist/src/detectors/purchase/form-detector.js.map +1 -0
package/dist/src/detectors/purchase/index.d.ts +65 -0
package/dist/src/detectors/purchase/index.d.ts.map +1 -0
package/dist/src/detectors/purchase/index.js +216 -0
package/dist/src/detectors/purchase/index.js.map +1 -0
package/dist/src/detectors/purchase/spend-tracker.d.ts +132 -0
package/dist/src/detectors/purchase/spend-tracker.d.ts.map +1 -0
package/dist/src/detectors/purchase/spend-tracker.js +313 -0
package/dist/src/detectors/purchase/spend-tracker.js.map +1 -0
package/dist/src/detectors/purchase/types.d.ts +139 -0
package/dist/src/detectors/purchase/types.d.ts.map +1 -0
package/dist/src/detectors/purchase/types.js +6 -0
package/dist/src/detectors/purchase/types.js.map +1 -0
package/dist/src/detectors/purchase/url-detector.d.ts +31 -0
package/dist/src/detectors/purchase/url-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/url-detector.js +292 -0
package/dist/src/detectors/purchase/url-detector.js.map +1 -0
package/dist/src/detectors/secrets/api-key-detector.d.ts +30 -0
package/dist/src/detectors/secrets/api-key-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/api-key-detector.js +297 -0
package/dist/src/detectors/secrets/api-key-detector.js.map +1 -0
package/dist/src/detectors/secrets/index.d.ts +43 -0
package/dist/src/detectors/secrets/index.d.ts.map +1 -0
package/dist/src/detectors/secrets/index.js +261 -0
package/dist/src/detectors/secrets/index.js.map +1 -0
package/dist/src/detectors/secrets/pii-detector.d.ts +54 -0
package/dist/src/detectors/secrets/pii-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/pii-detector.js +286 -0
package/dist/src/detectors/secrets/pii-detector.js.map +1 -0
package/dist/src/detectors/secrets/token-detector.d.ts +51 -0
package/dist/src/detectors/secrets/token-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/token-detector.js +233 -0
package/dist/src/detectors/secrets/token-detector.js.map +1 -0
package/dist/src/detectors/secrets/types.d.ts +157 -0
package/dist/src/detectors/secrets/types.d.ts.map +1 -0
package/dist/src/detectors/secrets/types.js +6 -0
package/dist/src/detectors/secrets/types.js.map +1 -0
package/dist/src/detectors/website/category-detector.d.ts +22 -0
package/dist/src/detectors/website/category-detector.d.ts.map +1 -0
package/dist/src/detectors/website/category-detector.js +162 -0
package/dist/src/detectors/website/category-detector.js.map +1 -0
package/dist/src/detectors/website/index.d.ts +53 -0
package/dist/src/detectors/website/index.d.ts.map +1 -0
package/dist/src/detectors/website/index.js +232 -0
package/dist/src/detectors/website/index.js.map +1 -0
package/dist/src/detectors/website/pattern-matcher.d.ts +33 -0
package/dist/src/detectors/website/pattern-matcher.d.ts.map +1 -0
package/dist/src/detectors/website/pattern-matcher.js +121 -0
package/dist/src/detectors/website/pattern-matcher.js.map +1 -0
package/dist/src/detectors/website/types.d.ts +105 -0
package/dist/src/detectors/website/types.d.ts.map +1 -0
package/dist/src/detectors/website/types.js +6 -0
package/dist/src/detectors/website/types.js.map +1 -0
package/dist/src/engine/analyzer.d.ts +87 -0
package/dist/src/engine/analyzer.d.ts.map +1 -0
package/dist/src/engine/analyzer.js +427 -0
package/dist/src/engine/analyzer.js.map +1 -0
package/dist/src/engine/cache.d.ts +80 -0
package/dist/src/engine/cache.d.ts.map +1 -0
package/dist/src/engine/cache.js +167 -0
package/dist/src/engine/cache.js.map +1 -0
package/dist/src/engine/index.d.ts +11 -0
package/dist/src/engine/index.d.ts.map +1 -0
package/dist/src/engine/index.js +11 -0
package/dist/src/engine/index.js.map +1 -0
package/dist/src/engine/llm-client.d.ts +210 -0
package/dist/src/engine/llm-client.d.ts.map +1 -0
package/dist/src/engine/llm-client.js +506 -0
package/dist/src/engine/llm-client.js.map +1 -0
package/dist/src/engine/types.d.ts +163 -0
package/dist/src/engine/types.d.ts.map +1 -0
package/dist/src/engine/types.js +21 -0
package/dist/src/engine/types.js.map +1 -0
package/dist/src/feedback/index.d.ts +9 -0
package/dist/src/feedback/index.d.ts.map +1 -0
package/dist/src/feedback/index.js +8 -0
package/dist/src/feedback/index.js.map +1 -0
package/dist/src/feedback/learner.d.ts +222 -0
package/dist/src/feedback/learner.d.ts.map +1 -0
package/dist/src/feedback/learner.js +401 -0
package/dist/src/feedback/learner.js.map +1 -0
package/dist/src/feedback/store.d.ts +113 -0
package/dist/src/feedback/store.d.ts.map +1 -0
package/dist/src/feedback/store.js +228 -0
package/dist/src/feedback/store.js.map +1 -0
package/dist/src/feedback/types.d.ts +126 -0
package/dist/src/feedback/types.d.ts.map +1 -0
package/dist/src/feedback/types.js +6 -0
package/dist/src/feedback/types.js.map +1 -0
package/dist/src/hooks/before-agent-start/handler.d.ts +37 -0
package/dist/src/hooks/before-agent-start/handler.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/handler.js +109 -0
package/dist/src/hooks/before-agent-start/handler.js.map +1 -0
package/dist/src/hooks/before-agent-start/index.d.ts +8 -0
package/dist/src/hooks/before-agent-start/index.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/index.js +7 -0
package/dist/src/hooks/before-agent-start/index.js.map +1 -0
package/dist/src/hooks/before-agent-start/prompts.d.ts +48 -0
package/dist/src/hooks/before-agent-start/prompts.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/prompts.js +103 -0
package/dist/src/hooks/before-agent-start/prompts.js.map +1 -0
package/dist/src/hooks/before-tool-call/handler.d.ts +42 -0
package/dist/src/hooks/before-tool-call/handler.d.ts.map +1 -0
package/dist/src/hooks/before-tool-call/handler.js +226 -0
package/dist/src/hooks/before-tool-call/handler.js.map +1 -0
package/dist/src/hooks/before-tool-call/index.d.ts +7 -0
package/dist/src/hooks/before-tool-call/index.d.ts.map +1 -0
package/dist/src/hooks/before-tool-call/index.js +6 -0
package/dist/src/hooks/before-tool-call/index.js.map +1 -0
package/dist/src/hooks/tool-result-persist/filter.d.ts +72 -0
package/dist/src/hooks/tool-result-persist/filter.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/filter.js +305 -0
package/dist/src/hooks/tool-result-persist/filter.js.map +1 -0
package/dist/src/hooks/tool-result-persist/handler.d.ts +49 -0
package/dist/src/hooks/tool-result-persist/handler.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/handler.js +217 -0
package/dist/src/hooks/tool-result-persist/handler.js.map +1 -0
package/dist/src/hooks/tool-result-persist/index.d.ts +11 -0
package/dist/src/hooks/tool-result-persist/index.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/index.js +11 -0
package/dist/src/hooks/tool-result-persist/index.js.map +1 -0
package/dist/src/index.d.ts +256 -0
package/dist/src/index.d.ts.map +1 -0
package/dist/src/index.js +222 -0
package/dist/src/index.js.map +1 -0
package/dist/src/notifications/discord.d.ts +10 -0
package/dist/src/notifications/discord.d.ts.map +1 -0
package/dist/src/notifications/discord.js +218 -0
package/dist/src/notifications/discord.js.map +1 -0
package/dist/src/notifications/index.d.ts +37 -0
package/dist/src/notifications/index.d.ts.map +1 -0
package/dist/src/notifications/index.js +68 -0
package/dist/src/notifications/index.js.map +1 -0
package/dist/src/notifications/slack.d.ts +10 -0
package/dist/src/notifications/slack.d.ts.map +1 -0
package/dist/src/notifications/slack.js +218 -0
package/dist/src/notifications/slack.js.map +1 -0
package/dist/src/notifications/telegram.d.ts +10 -0
package/dist/src/notifications/telegram.d.ts.map +1 -0
package/dist/src/notifications/telegram.js +242 -0
package/dist/src/notifications/telegram.js.map +1 -0
package/dist/src/notifications/types.d.ts +119 -0
package/dist/src/notifications/types.d.ts.map +1 -0
package/dist/src/notifications/types.js +6 -0
package/dist/src/notifications/types.js.map +1 -0
package/dist/src/proxy/index.d.ts +8 -0
package/dist/src/proxy/index.d.ts.map +1 -0
package/dist/src/proxy/index.js +9 -0
package/dist/src/proxy/index.js.map +1 -0
package/dist/src/proxy/middleware.d.ts +55 -0
package/dist/src/proxy/middleware.d.ts.map +1 -0
package/dist/src/proxy/middleware.js +215 -0
package/dist/src/proxy/middleware.js.map +1 -0
package/dist/src/proxy/server.d.ts +57 -0
package/dist/src/proxy/server.d.ts.map +1 -0
package/dist/src/proxy/server.js +298 -0
package/dist/src/proxy/server.js.map +1 -0
package/dist/src/proxy/types.d.ts +136 -0
package/dist/src/proxy/types.d.ts.map +1 -0
package/dist/src/proxy/types.js +6 -0
package/dist/src/proxy/types.js.map +1 -0
package/dist/src/sanitization/index.d.ts +10 -0
package/dist/src/sanitization/index.d.ts.map +1 -0
package/dist/src/sanitization/index.js +9 -0
package/dist/src/sanitization/index.js.map +1 -0
package/dist/src/sanitization/patterns.d.ts +51 -0
package/dist/src/sanitization/patterns.d.ts.map +1 -0
package/dist/src/sanitization/patterns.js +266 -0
package/dist/src/sanitization/patterns.js.map +1 -0
package/dist/src/sanitization/scanner.d.ts +29 -0
package/dist/src/sanitization/scanner.d.ts.map +1 -0
package/dist/src/sanitization/scanner.js +328 -0
package/dist/src/sanitization/scanner.js.map +1 -0
package/dist/src/sanitization/types.d.ts +57 -0
package/dist/src/sanitization/types.d.ts.map +1 -0
package/dist/src/sanitization/types.js +5 -0
package/dist/src/sanitization/types.js.map +1 -0
package/openclaw.plugin.json +114 -0
package/package.json +63 -0
package/rules/builtin/README.md +139 -0
package/rules/builtin/ai-services.yaml +70 -0
package/rules/builtin/api-keys.yaml +64 -0
package/rules/builtin/authentication.yaml +56 -0
package/rules/builtin/aws-security.yaml +57 -0
package/rules/builtin/azure-security.yaml +58 -0
package/rules/builtin/cicd-security.yaml +64 -0
package/rules/builtin/cloud-storage.yaml +64 -0
package/rules/builtin/container-registry.yaml +55 -0
package/rules/builtin/crypto-wallets.yaml +71 -0
package/rules/builtin/database-nosql.yaml +58 -0
package/rules/builtin/database-sql.yaml +62 -0
package/rules/builtin/development-env.yaml +67 -0
package/rules/builtin/docker.yaml +57 -0
package/rules/builtin/filesystem.yaml +71 -0
package/rules/builtin/financial-pci.yaml +61 -0
package/rules/builtin/gcp-security.yaml +57 -0
package/rules/builtin/git-operations.yaml +68 -0
package/rules/builtin/healthcare-hipaa.yaml +64 -0
package/rules/builtin/kubernetes.yaml +60 -0
package/rules/builtin/messaging-services.yaml +53 -0
package/rules/builtin/minimal.yaml +47 -0
package/rules/builtin/mobile-development.yaml +61 -0
package/rules/builtin/monitoring.yaml +63 -0
package/rules/builtin/network-security.yaml +57 -0
package/rules/builtin/package-managers.yaml +74 -0
package/rules/builtin/payment-processing.yaml +66 -0
package/rules/builtin/pii-protection.yaml +48 -0
package/rules/builtin/production-strict.yaml +55 -0
package/rules/builtin/secrets-management.yaml +63 -0
package/rules/builtin/serverless.yaml +74 -0
package/rules/builtin/ssh-security.yaml +66 -0
package/rules/builtin/terraform.yaml +51 -0
package/rules/builtin/web-security.yaml +62 -0

package/dist/src/actions/confirm.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * Confirm Action Handler
+ * Handles requesting approval for potentially risky tool calls
+ */
+import type { ActionContext, ActionHandler, ActionResult, ActionLogger, ApprovalMethod, PendingApproval } from './types.js';
+/**
+ * Generate a UUID v4
+ * Uses crypto.randomUUID if available, falls back to manual implementation
+ */
+export declare function generateApprovalId(): string;
+/**
+ * Determine which approval methods are enabled based on config
+ */
+export declare function getEnabledApprovalMethods(context: ActionContext): ApprovalMethod[];
+/**
+ * Get the timeout for approval requests (in seconds)
+ */
+export declare function getApprovalTimeout(context: ActionContext): number;
+/**
+ * Generate a message explaining the confirmation requirement
+ */
+export declare function generateConfirmMessage(context: ActionContext, approval: PendingApproval): string;
+/**
+ * Confirm action handler implementation
+ */
+export declare class ConfirmHandler implements ActionHandler {
+    private logger;
+    constructor(logger?: ActionLogger);
+    execute(context: ActionContext): Promise<ActionResult>;
+}
+/**
+ * Create a confirm action handler with the given logger
+ */
+export declare function createConfirmHandler(logger?: ActionLogger): ConfirmHandler;
+//# sourceMappingURL=confirm.d.ts.map

package/dist/src/actions/confirm.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"confirm.d.ts","sourceRoot":"","sources":["../../../src/actions/confirm.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAG5H;;;GAGG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,CAY3C;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,EAAE,CAoBlF;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,aAAa,GAAG,MAAM,CAKjE;AA6CD;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,eAAe,GAAG,MAAM,CAuBhG;AAED;;GAEG;AACH,qBAAa,cAAe,YAAW,aAAa;IAClD,OAAO,CAAC,MAAM,CAAe;gBAEjB,MAAM,GAAE,YAAyB;IAIvC,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;CAsC7D;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,CAAC,EAAE,YAAY,GAAG,cAAc,CAE1E"}

package/dist/src/actions/confirm.js ADDED Viewed

@@ -0,0 +1,156 @@
+/**
+ * Confirm Action Handler
+ * Handles requesting approval for potentially risky tool calls
+ */
+import { noOpLogger } from './types.js';
+/**
+ * Generate a UUID v4
+ * Uses crypto.randomUUID if available, falls back to manual implementation
+ */
+export function generateApprovalId() {
+    // Use native crypto if available (Node.js 16+, modern browsers)
+    if (typeof crypto !== 'undefined' && crypto.randomUUID) {
+        return crypto.randomUUID();
+    }
+    // Fallback implementation
+    return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, (c) => {
+        const r = (Math.random() * 16) | 0;
+        const v = c === 'x' ? r : (r & 0x3) | 0x8;
+        return v.toString(16);
+    });
+}
+/**
+ * Determine which approval methods are enabled based on config
+ */
+export function getEnabledApprovalMethods(context) {
+    const { config } = context;
+    const methods = [];
+    // Check native approval
+    if (config.approval?.native?.enabled !== false) {
+        methods.push('native');
+    }
+    // Check agent-confirm
+    if (config.approval?.agentConfirm?.enabled !== false) {
+        methods.push('agent-confirm');
+    }
+    // Check webhook (only if URL is configured)
+    if (config.approval?.webhook?.enabled && config.approval.webhook.url) {
+        methods.push('webhook');
+    }
+    return methods;
+}
+/**
+ * Get the timeout for approval requests (in seconds)
+ */
+export function getApprovalTimeout(context) {
+    const { config } = context;
+    // Use native timeout as the primary timeout
+    return config.approval?.native?.timeout ?? 300;
+}
+/**
+ * Format a severity level for display
+ */
+function formatSeverity(severity) {
+    return severity.toUpperCase();
+}
+/**
+ * Format a threat category for display
+ */
+function formatCategory(category) {
+    const categoryNames = {
+        purchase: 'Purchase/Payment',
+        website: 'Website Access',
+        destructive: 'Destructive Command',
+        secrets: 'Secrets/PII',
+        exfiltration: 'Data Transfer',
+    };
+    return categoryNames[category] || category;
+}
+/**
+ * Generate approval instructions based on enabled methods
+ */
+function generateApprovalInstructions(methods, approvalId, context) {
+    const instructions = [];
+    if (methods.includes('native')) {
+        instructions.push(`  - Type: /approve ${approvalId}`);
+    }
+    if (methods.includes('agent-confirm')) {
+        const paramName = context.config.approval?.agentConfirm?.parameterName ?? '_clawsec_confirm';
+        instructions.push(`  - Retry with parameter: ${paramName}="${approvalId}"`);
+    }
+    if (methods.includes('webhook')) {
+        instructions.push(`  - Webhook approval is enabled (external system will be notified)`);
+    }
+    return instructions.join('\n');
+}
+/**
+ * Generate a message explaining the confirmation requirement
+ */
+export function generateConfirmMessage(context, approval) {
+    const { analysis, toolCall } = context;
+    const { primaryDetection } = analysis;
+    let message = '';
+    if (primaryDetection) {
+        const category = formatCategory(primaryDetection.category);
+        const severity = formatSeverity(primaryDetection.severity);
+        message = `[${severity}] ${category} requires approval\n`;
+        message += `Tool: ${toolCall.toolName}\n`;
+        message += `Reason: ${primaryDetection.reason}\n\n`;
+    }
+    else {
+        message = `Action requires approval\n`;
+        message += `Tool: ${toolCall.toolName}\n\n`;
+    }
+    message += `Approval ID: ${approval.id}\n`;
+    message += `Timeout: ${approval.timeout} seconds\n\n`;
+    message += `To approve, use one of the following methods:\n`;
+    message += generateApprovalInstructions(approval.methods, approval.id, context);
+    return message;
+}
+/**
+ * Confirm action handler implementation
+ */
+export class ConfirmHandler {
+    logger;
+    constructor(logger = noOpLogger) {
+        this.logger = logger;
+    }
+    async execute(context) {
+        const { analysis, toolCall } = context;
+        // Generate unique approval ID
+        const approvalId = generateApprovalId();
+        // Determine enabled approval methods
+        const methods = getEnabledApprovalMethods(context);
+        // Get timeout
+        const timeout = getApprovalTimeout(context);
+        const pendingApproval = {
+            id: approvalId,
+            timeout,
+            methods,
+        };
+        const message = generateConfirmMessage(context, pendingApproval);
+        // Log the confirmation request
+        this.logger.info('Action requires approval', {
+            toolName: toolCall.toolName,
+            approvalId,
+            category: analysis.primaryDetection?.category,
+            severity: analysis.primaryDetection?.severity,
+            reason: analysis.primaryDetection?.reason,
+            methods,
+            timeout,
+        });
+        return {
+            allowed: false,
+            message,
+            pendingApproval,
+            logged: true,
+        };
+    }
+}
+/**
+ * Create a confirm action handler with the given logger
+ */
+export function createConfirmHandler(logger) {
+    return new ConfirmHandler(logger);
+}
+//# sourceMappingURL=confirm.js.map

package/dist/src/actions/confirm.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"confirm.js","sourceRoot":"","sources":["../../../src/actions/confirm.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC;;;GAGG;AACH,MAAM,UAAU,kBAAkB;IAChC,gEAAgE;IAChE,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACvD,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC;IAC7B,CAAC;IAED,0BAA0B;IAC1B,OAAO,sCAAsC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;QACnE,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACnC,MAAM,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;QAC1C,OAAO,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,OAAsB;IAC9D,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAC3B,MAAM,OAAO,GAAqB,EAAE,CAAC;IAErC,wBAAwB;IACxB,IAAI,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;QAC/C,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzB,CAAC;IAED,sBAAsB;IACtB,IAAI,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;QACrD,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAChC,CAAC;IAED,4CAA4C;IAC5C,IAAI,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACrE,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAsB;IACvD,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAE3B,4CAA4C;IAC5C,OAAO,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,IAAI,GAAG,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,QAAgB;IACtC,OAAO,QAAQ,CAAC,WAAW,EAAE,CAAC;AAChC,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,aAAa,GAA2B;QAC5C,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,gBAAgB;QACzB,WAAW,EAAE,qBAAqB;QAClC,OAAO,EAAE,aAAa;QACtB,YAAY,EAAE,eAAe;KAC9B,CAAC;IACF,OAAO,aAAa,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,SAAS,4BAA4B,CAAC,OAAyB,EAAE,UAAkB,EAAE,OAAsB;IACzG,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,YAAY,CAAC,IAAI,CAAC,sBAAsB,UAAU,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa,IAAI,kBAAkB,CAAC;QAC7F,YAAY,CAAC,IAAI,CAAC,6BAA6B,SAAS,KAAK,UAAU,GAAG,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,YAAY,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;IAC1F,CAAC;IAED,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAsB,EAAE,QAAyB;IACtF,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IACvC,MAAM,EAAE,gBAAgB,EAAE,GAAG,QAAQ,CAAC;IAEtC,IAAI,OAAO,GAAG,EAAE,CAAC;IAEjB,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,QAAQ,GAAG,cAAc,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,cAAc,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC3D,OAAO,GAAG,IAAI,QAAQ,KAAK,QAAQ,sBAAsB,CAAC;QAC1D,OAAO,IAAI,SAAS,QAAQ,CAAC,QAAQ,IAAI,CAAC;QAC1C,OAAO,IAAI,WAAW,gBAAgB,CAAC,MAAM,MAAM,CAAC;IACtD,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,4BAA4B,CAAC;QACvC,OAAO,IAAI,SAAS,QAAQ,CAAC,QAAQ,MAAM,CAAC;IAC9C,CAAC;IAED,OAAO,IAAI,gBAAgB,QAAQ,CAAC,EAAE,IAAI,CAAC;IAC3C,OAAO,IAAI,YAAY,QAAQ,CAAC,OAAO,cAAc,CAAC;IACtD,OAAO,IAAI,iDAAiD,CAAC;IAC7D,OAAO,IAAI,4BAA4B,CAAC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;IAEhF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,cAAc;IACjB,MAAM,CAAe;IAE7B,YAAY,SAAuB,UAAU;QAC3C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAsB;QAClC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;QAEvC,8BAA8B;QAC9B,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;QAExC,qCAAqC;QACrC,MAAM,OAAO,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;QAEnD,cAAc;QACd,MAAM,OAAO,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAE5C,MAAM,eAAe,GAAoB;YACvC,EAAE,EAAE,UAAU;YACd,OAAO;YACP,OAAO;SACR,CAAC;QAEF,MAAM,OAAO,GAAG,sBAAsB,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QAEjE,+BAA+B;QAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;YAC3C,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,UAAU;YACV,QAAQ,EAAE,QAAQ,CAAC,gBAAgB,EAAE,QAAQ;YAC7C,QAAQ,EAAE,QAAQ,CAAC,gBAAgB,EAAE,QAAQ;YAC7C,MAAM,EAAE,QAAQ,CAAC,gBAAgB,EAAE,MAAM;YACzC,OAAO;YACP,OAAO;SACR,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO;YACP,eAAe;YACf,MAAM,EAAE,IAAI;SACb,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAqB;IACxD,OAAO,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;AACpC,CAAC"}

package/dist/src/actions/executor.d.ts ADDED Viewed

@@ -0,0 +1,64 @@
+/**
+ * Action Executor
+ * Main executor that routes to appropriate action handlers based on analysis results
+ */
+import type { ActionContext, ActionExecutor, ActionResult, ActionLogger, ActionHandler } from './types.js';
+/**
+ * Configuration for the action executor
+ */
+export interface ExecutorConfig {
+    /** Logger to use for action logging */
+    logger?: ActionLogger;
+    /** Custom block handler */
+    blockHandler?: ActionHandler;
+    /** Custom confirm handler */
+    confirmHandler?: ActionHandler;
+    /** Custom warn handler */
+    warnHandler?: ActionHandler;
+    /** Custom log handler */
+    logHandler?: ActionHandler;
+}
+/**
+ * Default action executor implementation
+ */
+export declare class DefaultActionExecutor implements ActionExecutor {
+    private logger;
+    private blockHandler;
+    private confirmHandler;
+    private warnHandler;
+    private logHandler;
+    constructor(config?: ExecutorConfig);
+    /**
+     * Execute the appropriate action based on analysis result
+     */
+    execute(context: ActionContext): Promise<ActionResult>;
+    /**
+     * Handle allow action - no detection, pass through
+     */
+    private handleAllow;
+    /**
+     * Handle block action
+     */
+    private handleBlock;
+    /**
+     * Handle confirm action
+     */
+    private handleConfirm;
+    /**
+     * Handle warn action
+     */
+    private handleWarn;
+    /**
+     * Handle log action
+     */
+    private handleLog;
+}
+/**
+ * Create an action executor with the given configuration
+ */
+export declare function createActionExecutor(config?: ExecutorConfig): ActionExecutor;
+/**
+ * Create an action executor with default logger based on config log level
+ */
+export declare function createDefaultActionExecutor(logLevel?: 'debug' | 'info' | 'warn' | 'error'): ActionExecutor;
+//# sourceMappingURL=executor.d.ts.map

package/dist/src/actions/executor.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../../../src/actions/executor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAO3G;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,uCAAuC;IACvC,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,2BAA2B;IAC3B,YAAY,CAAC,EAAE,aAAa,CAAC;IAC7B,6BAA6B;IAC7B,cAAc,CAAC,EAAE,aAAa,CAAC;IAC/B,0BAA0B;IAC1B,WAAW,CAAC,EAAE,aAAa,CAAC;IAC5B,yBAAyB;IACzB,UAAU,CAAC,EAAE,aAAa,CAAC;CAC5B;AAED;;GAEG;AACH,qBAAa,qBAAsB,YAAW,cAAc;IAC1D,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,cAAc,CAAgB;IACtC,OAAO,CAAC,WAAW,CAAgB;IACnC,OAAO,CAAC,UAAU,CAAgB;gBAEtB,MAAM,GAAE,cAAmB;IAQvC;;OAEG;IACG,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;IAsC5D;;OAEG;YACW,WAAW;IAWzB;;OAEG;YACW,WAAW;IAIzB;;OAEG;YACW,aAAa;IAI3B;;OAEG;YACW,UAAU;IAIxB;;OAEG;YACW,SAAS;CAGxB;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,CAAC,EAAE,cAAc,GAAG,cAAc,CAE5E;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,GAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAgB,GAAG,cAAc,CAGlH"}

package/dist/src/actions/executor.js ADDED Viewed

@@ -0,0 +1,114 @@
+/**
+ * Action Executor
+ * Main executor that routes to appropriate action handlers based on analysis results
+ */
+import { noOpLogger, createLogger } from './types.js';
+import { createBlockHandler } from './block.js';
+import { createConfirmHandler } from './confirm.js';
+import { createWarnHandler } from './warn.js';
+import { createLogHandler } from './log.js';
+/**
+ * Default action executor implementation
+ */
+export class DefaultActionExecutor {
+    logger;
+    blockHandler;
+    confirmHandler;
+    warnHandler;
+    logHandler;
+    constructor(config = {}) {
+        this.logger = config.logger ?? noOpLogger;
+        this.blockHandler = config.blockHandler ?? createBlockHandler(this.logger);
+        this.confirmHandler = config.confirmHandler ?? createConfirmHandler(this.logger);
+        this.warnHandler = config.warnHandler ?? createWarnHandler(this.logger);
+        this.logHandler = config.logHandler ?? createLogHandler(this.logger);
+    }
+    /**
+     * Execute the appropriate action based on analysis result
+     */
+    async execute(context) {
+        const { analysis, config } = context;
+        const action = analysis.action;
+        // Check if the plugin is disabled
+        if (config.global?.enabled === false) {
+            this.logger.debug('Plugin disabled, allowing action');
+            return {
+                allowed: true,
+                logged: false,
+            };
+        }
+        // Route to appropriate handler based on action
+        switch (action) {
+            case 'allow':
+                return this.handleAllow(context);
+            case 'block':
+                return this.handleBlock(context);
+            case 'confirm':
+                return this.handleConfirm(context);
+            case 'warn':
+                return this.handleWarn(context);
+            case 'log':
+                return this.handleLog(context);
+            default:
+                // Unknown action, log and allow as a safety measure
+                this.logger.warn('Unknown action type, defaulting to allow', {
+                    action: action,
+                });
+                return {
+                    allowed: true,
+                    message: `Unknown action type: ${action}`,
+                    logged: true,
+                };
+        }
+    }
+    /**
+     * Handle allow action - no detection, pass through
+     */
+    async handleAllow(context) {
+        this.logger.debug('Action allowed', {
+            toolName: context.toolCall.toolName,
+        });
+        return {
+            allowed: true,
+            logged: false,
+        };
+    }
+    /**
+     * Handle block action
+     */
+    async handleBlock(context) {
+        return this.blockHandler.execute(context);
+    }
+    /**
+     * Handle confirm action
+     */
+    async handleConfirm(context) {
+        return this.confirmHandler.execute(context);
+    }
+    /**
+     * Handle warn action
+     */
+    async handleWarn(context) {
+        return this.warnHandler.execute(context);
+    }
+    /**
+     * Handle log action
+     */
+    async handleLog(context) {
+        return this.logHandler.execute(context);
+    }
+}
+/**
+ * Create an action executor with the given configuration
+ */
+export function createActionExecutor(config) {
+    return new DefaultActionExecutor(config);
+}
+/**
+ * Create an action executor with default logger based on config log level
+ */
+export function createDefaultActionExecutor(logLevel = 'info') {
+    const logger = createLogger(logLevel);
+    return new DefaultActionExecutor({ logger });
+}
+//# sourceMappingURL=executor.js.map

package/dist/src/actions/executor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"executor.js","sourceRoot":"","sources":["../../../src/actions/executor.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAkB5C;;GAEG;AACH,MAAM,OAAO,qBAAqB;IACxB,MAAM,CAAe;IACrB,YAAY,CAAgB;IAC5B,cAAc,CAAgB;IAC9B,WAAW,CAAgB;IAC3B,UAAU,CAAgB;IAElC,YAAY,SAAyB,EAAE;QACrC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,UAAU,CAAC;QAC1C,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3E,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,oBAAoB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjF,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxE,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,OAAsB;QAClC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;QACrC,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;QAE/B,kCAAkC;QAClC,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YACrC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;YACtD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,KAAK;aACd,CAAC;QACJ,CAAC;QAED,+CAA+C;QAC/C,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACnC,KAAK,OAAO;gBACV,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACnC,KAAK,SAAS;gBACZ,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;YACrC,KAAK,MAAM;gBACT,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAClC,KAAK,KAAK;gBACR,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;YACjC;gBACE,oDAAoD;gBACpD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0CAA0C,EAAE;oBAC3D,MAAM,EAAE,MAAgB;iBACzB,CAAC,CAAC;gBACH,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,wBAAwB,MAAM,EAAE;oBACzC,MAAM,EAAE,IAAI;iBACb,CAAC;QACN,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CAAC,OAAsB;QAC9C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE;YAClC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,QAAQ;SACpC,CAAC,CAAC;QAEH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,KAAK;SACd,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,WAAW,CAAC,OAAsB;QAC9C,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,aAAa,CAAC,OAAsB;QAChD,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,UAAU,CAAC,OAAsB;QAC7C,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC3C,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,SAAS,CAAC,OAAsB;QAC5C,OAAO,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAuB;IAC1D,OAAO,IAAI,qBAAqB,CAAC,MAAM,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,WAAgD,MAAM;IAChG,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACtC,OAAO,IAAI,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;AAC/C,CAAC"}

package/dist/src/actions/index.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Action Executor Module
+ * Re-exports for the action execution system
+ */
+export type { ActionContext, ActionResult, ActionHandler, ActionExecutor, ActionLogger, ApprovalMethod, PendingApproval, } from './types.js';
+export { consoleLogger, noOpLogger, createLogger, } from './types.js';
+export { BlockHandler, createBlockHandler, generateBlockMessage, } from './block.js';
+export { ConfirmHandler, createConfirmHandler, generateConfirmMessage, generateApprovalId, getEnabledApprovalMethods, getApprovalTimeout, } from './confirm.js';
+export { WarnHandler, createWarnHandler, generateWarnMessage, } from './warn.js';
+export { LogHandler, createLogHandler, } from './log.js';
+export type { ExecutorConfig } from './executor.js';
+export { DefaultActionExecutor, createActionExecutor, createDefaultActionExecutor, } from './executor.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/actions/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/actions/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,YAAY,EACV,aAAa,EACb,YAAY,EACZ,aAAa,EACb,cAAc,EACd,YAAY,EACZ,cAAc,EACd,eAAe,GAChB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,aAAa,EACb,UAAU,EACV,YAAY,GACb,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,sBAAsB,EACtB,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,GACnB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,WAAW,CAAC;AAGnB,OAAO,EACL,UAAU,EACV,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAGlB,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,eAAe,CAAC"}

package/dist/src/actions/index.js ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * Action Executor Module
+ * Re-exports for the action execution system
+ */
+export { consoleLogger, noOpLogger, createLogger, } from './types.js';
+// Block handler
+export { BlockHandler, createBlockHandler, generateBlockMessage, } from './block.js';
+// Confirm handler
+export { ConfirmHandler, createConfirmHandler, generateConfirmMessage, generateApprovalId, getEnabledApprovalMethods, getApprovalTimeout, } from './confirm.js';
+// Warn handler
+export { WarnHandler, createWarnHandler, generateWarnMessage, } from './warn.js';
+// Log handler
+export { LogHandler, createLogHandler, } from './log.js';
+export { DefaultActionExecutor, createActionExecutor, createDefaultActionExecutor, } from './executor.js';
+//# sourceMappingURL=index.js.map

package/dist/src/actions/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/actions/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAaH,OAAO,EACL,aAAa,EACb,UAAU,EACV,YAAY,GACb,MAAM,YAAY,CAAC;AAEpB,gBAAgB;AAChB,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAEpB,kBAAkB;AAClB,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,sBAAsB,EACtB,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,GACnB,MAAM,cAAc,CAAC;AAEtB,eAAe;AACf,OAAO,EACL,WAAW,EACX,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,WAAW,CAAC;AAEnB,cAAc;AACd,OAAO,EACL,UAAU,EACV,gBAAgB,GACjB,MAAM,UAAU,CAAC;AAIlB,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,eAAe,CAAC"}

package/dist/src/actions/log.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Log Action Handler
+ * Handles silent audit logging for tool calls that should be allowed but tracked
+ */
+import type { ActionContext, ActionHandler, ActionResult, ActionLogger } from './types.js';
+/**
+ * Log action handler implementation
+ * Allows the action but logs it silently for audit purposes
+ */
+export declare class LogHandler implements ActionHandler {
+    private logger;
+    constructor(logger?: ActionLogger);
+    execute(context: ActionContext): Promise<ActionResult>;
+}
+/**
+ * Create a log action handler with the given logger
+ */
+export declare function createLogHandler(logger?: ActionLogger): LogHandler;
+//# sourceMappingURL=log.d.ts.map

package/dist/src/actions/log.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"log.d.ts","sourceRoot":"","sources":["../../../src/actions/log.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAiB3F;;;GAGG;AACH,qBAAa,UAAW,YAAW,aAAa;IAC9C,OAAO,CAAC,MAAM,CAAe;gBAEjB,MAAM,GAAE,YAAyB;IAIvC,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;CA6B7D;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,CAAC,EAAE,YAAY,GAAG,UAAU,CAElE"}

package/dist/src/actions/log.js ADDED Viewed

@@ -0,0 +1,63 @@
+/**
+ * Log Action Handler
+ * Handles silent audit logging for tool calls that should be allowed but tracked
+ */
+import { noOpLogger } from './types.js';
+/**
+ * Format a threat category for display
+ */
+function formatCategory(category) {
+    const categoryNames = {
+        purchase: 'Purchase/Payment',
+        website: 'Website Access',
+        destructive: 'Destructive Command',
+        secrets: 'Secrets/PII',
+        exfiltration: 'Data Transfer',
+    };
+    return categoryNames[category] || category;
+}
+/**
+ * Log action handler implementation
+ * Allows the action but logs it silently for audit purposes
+ */
+export class LogHandler {
+    logger;
+    constructor(logger = noOpLogger) {
+        this.logger = logger;
+    }
+    async execute(context) {
+        const { analysis, toolCall } = context;
+        // Log the action for audit (silent - no user-visible message)
+        if (analysis.primaryDetection) {
+            this.logger.info('Action logged for audit', {
+                toolName: toolCall.toolName,
+                category: analysis.primaryDetection.category,
+                severity: analysis.primaryDetection.severity,
+                reason: analysis.primaryDetection.reason,
+                detectionCount: analysis.detections.length,
+                detections: analysis.detections.map((d) => ({
+                    category: formatCategory(d.category),
+                    severity: d.severity,
+                    reason: d.reason,
+                })),
+            });
+        }
+        else {
+            this.logger.debug('Action logged for audit (no detections)', {
+                toolName: toolCall.toolName,
+            });
+        }
+        // No user-visible message for log action
+        return {
+            allowed: true,
+            logged: true,
+        };
+    }
+}
+/**
+ * Create a log action handler with the given logger
+ */
+export function createLogHandler(logger) {
+    return new LogHandler(logger);
+}
+//# sourceMappingURL=log.js.map

package/dist/src/actions/log.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"log.js","sourceRoot":"","sources":["../../../src/actions/log.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC;;GAEG;AACH,SAAS,cAAc,CAAC,QAAgB;IACtC,MAAM,aAAa,GAA2B;QAC5C,QAAQ,EAAE,kBAAkB;QAC5B,OAAO,EAAE,gBAAgB;QACzB,WAAW,EAAE,qBAAqB;QAClC,OAAO,EAAE,aAAa;QACtB,YAAY,EAAE,eAAe;KAC9B,CAAC;IACF,OAAO,aAAa,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC;AAC7C,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,UAAU;IACb,MAAM,CAAe;IAE7B,YAAY,SAAuB,UAAU;QAC3C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAsB;QAClC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;QAEvC,8DAA8D;QAC9D,IAAI,QAAQ,CAAC,gBAAgB,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE;gBAC1C,QAAQ,EAAE,QAAQ,CAAC,QAAQ;gBAC3B,QAAQ,EAAE,QAAQ,CAAC,gBAAgB,CAAC,QAAQ;gBAC5C,QAAQ,EAAE,QAAQ,CAAC,gBAAgB,CAAC,QAAQ;gBAC5C,MAAM,EAAE,QAAQ,CAAC,gBAAgB,CAAC,MAAM;gBACxC,cAAc,EAAE,QAAQ,CAAC,UAAU,CAAC,MAAM;gBAC1C,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBAC1C,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC;oBACpC,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,MAAM,EAAE,CAAC,CAAC,MAAM;iBACjB,CAAC,CAAC;aACJ,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE;gBAC3D,QAAQ,EAAE,QAAQ,CAAC,QAAQ;aAC5B,CAAC,CAAC;QACL,CAAC;QAED,yCAAyC;QACzC,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,IAAI;SACb,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAqB;IACpD,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC"}

package/dist/src/actions/types.d.ts ADDED Viewed

@@ -0,0 +1,85 @@
+/**
+ * Action Executor Types
+ * Type definitions for the action execution system
+ */
+import type { ClawsecConfig } from '../config/index.js';
+import type { AnalysisResult, ToolCallContext } from '../engine/types.js';
+/**
+ * Approval methods available for confirmation flow
+ */
+export type ApprovalMethod = 'native' | 'agent-confirm' | 'webhook';
+/**
+ * Context provided to action handlers
+ */
+export interface ActionContext {
+    /** Result from the hybrid analyzer */
+    analysis: AnalysisResult;
+    /** Original tool call context */
+    toolCall: ToolCallContext;
+    /** Plugin configuration */
+    config: ClawsecConfig;
+}
+/**
+ * Pending approval details returned when action requires confirmation
+ */
+export interface PendingApproval {
+    /** Unique identifier for this approval request */
+    id: string;
+    /** Timeout in seconds for the approval */
+    timeout: number;
+    /** Approval methods available for this request */
+    methods: ApprovalMethod[];
+}
+/**
+ * Result of executing an action
+ */
+export interface ActionResult {
+    /** Whether the tool call is allowed to proceed */
+    allowed: boolean;
+    /** Human-readable message about the action taken */
+    message?: string;
+    /** Pending approval details (only for confirm action) */
+    pendingApproval?: PendingApproval;
+    /** Whether the action was logged for audit */
+    logged: boolean;
+}
+/**
+ * Interface for individual action handlers
+ */
+export interface ActionHandler {
+    /** Execute the action and return the result */
+    execute(context: ActionContext): Promise<ActionResult>;
+}
+/**
+ * Main executor interface
+ */
+export interface ActionExecutor {
+    /** Execute the appropriate action based on analysis result */
+    execute(context: ActionContext): Promise<ActionResult>;
+}
+/**
+ * Logger interface for action logging
+ */
+export interface ActionLogger {
+    /** Log a debug message */
+    debug(message: string, data?: Record<string, unknown>): void;
+    /** Log an info message */
+    info(message: string, data?: Record<string, unknown>): void;
+    /** Log a warning message */
+    warn(message: string, data?: Record<string, unknown>): void;
+    /** Log an error message */
+    error(message: string, data?: Record<string, unknown>): void;
+}
+/**
+ * Default console logger implementation
+ */
+export declare const consoleLogger: ActionLogger;
+/**
+ * No-op logger for testing or silent mode
+ */
+export declare const noOpLogger: ActionLogger;
+/**
+ * Create a logger based on log level
+ */
+export declare function createLogger(logLevel: 'debug' | 'info' | 'warn' | 'error'): ActionLogger;
+//# sourceMappingURL=types.d.ts.map

package/dist/src/actions/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/actions/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAE1E;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,eAAe,GAAG,SAAS,CAAC;AAEpE;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,sCAAsC;IACtC,QAAQ,EAAE,cAAc,CAAC;IACzB,iCAAiC;IACjC,QAAQ,EAAE,eAAe,CAAC;IAC1B,2BAA2B;IAC3B,MAAM,EAAE,aAAa,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,kDAAkD;IAClD,EAAE,EAAE,MAAM,CAAC;IACX,0CAA0C;IAC1C,OAAO,EAAE,MAAM,CAAC;IAChB,kDAAkD;IAClD,OAAO,EAAE,cAAc,EAAE,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,kDAAkD;IAClD,OAAO,EAAE,OAAO,CAAC;IACjB,oDAAoD;IACpD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yDAAyD;IACzD,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,8CAA8C;IAC9C,MAAM,EAAE,OAAO,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,+CAA+C;IAC/C,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CACxD;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,8DAA8D;IAC9D,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;CACxD;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,0BAA0B;IAC1B,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC7D,0BAA0B;IAC1B,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC5D,4BAA4B;IAC5B,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC5D,2BAA2B;IAC3B,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC9D;AAED;;GAEG;AAEH,eAAO,MAAM,aAAa,EAAE,YA6B3B,CAAC;AAGF;;GAEG;AACH,eAAO,MAAM,UAAU,EAAE,YAKxB,CAAC;AAEF;;GAEG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,YAAY,CAkBxF"}