create-vellaveto 4.0.3 → 4.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/generators/toml.js +26 -27
- package/package.json +1 -1
package/dist/generators/toml.js
CHANGED
|
@@ -136,27 +136,27 @@ function generateStrictPreset() {
|
|
|
136
136
|
toml += 'name = "Default deny all"\n';
|
|
137
137
|
toml += 'policy_type = "Deny"\n';
|
|
138
138
|
toml += "priority = 0\n";
|
|
139
|
-
toml += '
|
|
140
|
-
toml += '
|
|
139
|
+
toml += 'tool_pattern = "*"\n';
|
|
140
|
+
toml += 'function_pattern = "*"\n\n';
|
|
141
141
|
// Block credentials
|
|
142
142
|
toml += "[[policies]]\n";
|
|
143
143
|
toml += 'id = "block-credentials"\n';
|
|
144
144
|
toml += 'name = "Block credential access"\n';
|
|
145
145
|
toml += 'policy_type = "Deny"\n';
|
|
146
146
|
toml += "priority = 100\n";
|
|
147
|
-
toml += '
|
|
148
|
-
toml += '
|
|
147
|
+
toml += 'tool_pattern = "*"\n';
|
|
148
|
+
toml += 'function_pattern = "*"\n\n';
|
|
149
149
|
toml += "[policies.path_rules]\n";
|
|
150
150
|
toml +=
|
|
151
|
-
'
|
|
151
|
+
'blocked = ["**/.env", "**/*.key", "**/*.pem", "**/credentials*", "**/.ssh/**", "**/.aws/**"]\n\n';
|
|
152
152
|
// Block exfiltration
|
|
153
153
|
toml += "[[policies]]\n";
|
|
154
154
|
toml += 'id = "block-exfiltration"\n';
|
|
155
155
|
toml += 'name = "Block data exfiltration"\n';
|
|
156
156
|
toml += 'policy_type = "Deny"\n';
|
|
157
157
|
toml += "priority = 100\n";
|
|
158
|
-
toml += '
|
|
159
|
-
toml += '
|
|
158
|
+
toml += 'tool_pattern = "*"\n';
|
|
159
|
+
toml += 'function_pattern = "*"\n\n';
|
|
160
160
|
toml += "[policies.network_rules]\n";
|
|
161
161
|
toml +=
|
|
162
162
|
'blocked_domains = ["*.pastebin.com", "*.transfer.sh", "*.ngrok.io"]\n\n';
|
|
@@ -166,10 +166,9 @@ function generateStrictPreset() {
|
|
|
166
166
|
toml += 'name = "Require approval for destructive operations"\n';
|
|
167
167
|
toml += 'policy_type = "RequireApproval"\n';
|
|
168
168
|
toml += "priority = 50\n";
|
|
169
|
-
toml += '
|
|
170
|
-
toml += '
|
|
171
|
-
|
|
172
|
-
toml += 'write_patterns = ["**/*"]\n\n';
|
|
169
|
+
toml += 'tool_pattern = "*"\n';
|
|
170
|
+
toml += 'function_pattern = "*"\n\n';
|
|
171
|
+
// No path_rules needed — tool_pattern/function_pattern already match all
|
|
173
172
|
return toml;
|
|
174
173
|
}
|
|
175
174
|
function generateBalancedPreset() {
|
|
@@ -182,35 +181,35 @@ function generateBalancedPreset() {
|
|
|
182
181
|
toml += 'name = "Default deny all"\n';
|
|
183
182
|
toml += 'policy_type = "Deny"\n';
|
|
184
183
|
toml += "priority = 0\n";
|
|
185
|
-
toml += '
|
|
186
|
-
toml += '
|
|
184
|
+
toml += 'tool_pattern = "*"\n';
|
|
185
|
+
toml += 'function_pattern = "*"\n\n';
|
|
187
186
|
// Block credentials
|
|
188
187
|
toml += "[[policies]]\n";
|
|
189
188
|
toml += 'id = "block-credentials"\n';
|
|
190
189
|
toml += 'name = "Block credential access"\n';
|
|
191
190
|
toml += 'policy_type = "Deny"\n';
|
|
192
191
|
toml += "priority = 100\n";
|
|
193
|
-
toml += '
|
|
194
|
-
toml += '
|
|
192
|
+
toml += 'tool_pattern = "*"\n';
|
|
193
|
+
toml += 'function_pattern = "*"\n\n';
|
|
195
194
|
toml += "[policies.path_rules]\n";
|
|
196
195
|
toml +=
|
|
197
|
-
'
|
|
196
|
+
'blocked = ["**/.env", "**/*.key", "**/*.pem", "**/credentials*", "**/.ssh/**", "**/.aws/**"]\n\n';
|
|
198
197
|
// Allow reads
|
|
199
198
|
toml += "[[policies]]\n";
|
|
200
199
|
toml += 'id = "allow-reads"\n';
|
|
201
200
|
toml += 'name = "Allow file reads"\n';
|
|
202
201
|
toml += 'policy_type = "Allow"\n';
|
|
203
202
|
toml += "priority = 50\n";
|
|
204
|
-
toml += '
|
|
205
|
-
toml += '
|
|
203
|
+
toml += 'tool_pattern = "*"\n';
|
|
204
|
+
toml += 'function_pattern = "read*"\n\n';
|
|
206
205
|
// Require approval for writes
|
|
207
206
|
toml += "[[policies]]\n";
|
|
208
207
|
toml += 'id = "approve-writes"\n';
|
|
209
208
|
toml += 'name = "Require approval for file writes"\n';
|
|
210
209
|
toml += 'policy_type = "RequireApproval"\n';
|
|
211
210
|
toml += "priority = 50\n";
|
|
212
|
-
toml += '
|
|
213
|
-
toml += '
|
|
211
|
+
toml += 'tool_pattern = "*"\n';
|
|
212
|
+
toml += 'function_pattern = "write*"\n\n';
|
|
214
213
|
return toml;
|
|
215
214
|
}
|
|
216
215
|
function generatePermissivePreset() {
|
|
@@ -223,27 +222,27 @@ function generatePermissivePreset() {
|
|
|
223
222
|
toml += 'name = "Default allow all"\n';
|
|
224
223
|
toml += 'policy_type = "Allow"\n';
|
|
225
224
|
toml += "priority = 0\n";
|
|
226
|
-
toml += '
|
|
227
|
-
toml += '
|
|
225
|
+
toml += 'tool_pattern = "*"\n';
|
|
226
|
+
toml += 'function_pattern = "*"\n\n';
|
|
228
227
|
// Block credentials
|
|
229
228
|
toml += "[[policies]]\n";
|
|
230
229
|
toml += 'id = "block-credentials"\n';
|
|
231
230
|
toml += 'name = "Block credential access"\n';
|
|
232
231
|
toml += 'policy_type = "Deny"\n';
|
|
233
232
|
toml += "priority = 100\n";
|
|
234
|
-
toml += '
|
|
235
|
-
toml += '
|
|
233
|
+
toml += 'tool_pattern = "*"\n';
|
|
234
|
+
toml += 'function_pattern = "*"\n\n';
|
|
236
235
|
toml += "[policies.path_rules]\n";
|
|
237
236
|
toml +=
|
|
238
|
-
'
|
|
237
|
+
'blocked = ["**/.env", "**/*.key", "**/*.pem", "**/credentials*", "**/.ssh/**", "**/.aws/**"]\n\n';
|
|
239
238
|
// Block exfiltration
|
|
240
239
|
toml += "[[policies]]\n";
|
|
241
240
|
toml += 'id = "block-exfiltration"\n';
|
|
242
241
|
toml += 'name = "Block data exfiltration"\n';
|
|
243
242
|
toml += 'policy_type = "Deny"\n';
|
|
244
243
|
toml += "priority = 100\n";
|
|
245
|
-
toml += '
|
|
246
|
-
toml += '
|
|
244
|
+
toml += 'tool_pattern = "*"\n';
|
|
245
|
+
toml += 'function_pattern = "*"\n\n';
|
|
247
246
|
toml += "[policies.network_rules]\n";
|
|
248
247
|
toml +=
|
|
249
248
|
'blocked_domains = ["*.pastebin.com", "*.transfer.sh", "*.ngrok.io"]\n\n';
|