network-ai 5.5.1 → 5.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/INTEGRATION_GUIDE.md +1 -1
  2. package/README.md +1 -1
  3. package/SKILL.md +1 -0
  4. package/dist/lib/transport-agent.d.ts.map +1 -1
  5. package/dist/lib/transport-agent.js +5 -4
  6. package/dist/lib/transport-agent.js.map +1 -1
  7. package/package.json +1 -1
  8. package/scripts/check_permission.py +58 -4
  9. package/scripts/validate_token.py +57 -5
package/INTEGRATION_GUIDE.md CHANGED
@@ -564,4 +564,4 @@ Run these before declaring the integration production-ready:
564
564
 
565
565
  ---
566
566
 
567
- *Network-AI v5.5.1 · MIT License · https://github.com/Jovancoding/Network-AI*
567
+ *Network-AI v5.5.3 · MIT License · https://github.com/Jovancoding/Network-AI*
package/README.md CHANGED
@@ -5,7 +5,7 @@
5
5
  [![Website](https://img.shields.io/badge/website-network--ai.org-4b9df2?style=flat&logo=web&logoColor=white)](https://network-ai.org/)
6
6
  [![CI](https://github.com/Jovancoding/Network-AI/actions/workflows/ci.yml/badge.svg)](https://github.com/Jovancoding/Network-AI/actions/workflows/ci.yml)
7
7
  [![CodeQL](https://github.com/Jovancoding/Network-AI/actions/workflows/codeql.yml/badge.svg)](https://github.com/Jovancoding/Network-AI/actions/workflows/codeql.yml)
8
- [![Release](https://img.shields.io/badge/release-v5.5.1-blue.svg)](https://github.com/Jovancoding/Network-AI/releases)
8
+ [![Release](https://img.shields.io/badge/release-v5.5.3-blue.svg)](https://github.com/Jovancoding/Network-AI/releases)
9
9
  [![npm](https://img.shields.io/npm/dw/network-ai.svg?label=npm%20downloads)](https://www.npmjs.com/package/network-ai)
10
10
  [![Tests](https://img.shields.io/badge/tests-3093%20passing-brightgreen.svg)](#testing)
11
11
  [![Adapters](https://img.shields.io/badge/frameworks-29%20supported-blueviolet.svg)](#adapter-system)
package/SKILL.md CHANGED
@@ -711,6 +711,7 @@ This skill is scanned on every publish. The following Notes are flagged by desig
711
711
  |---------|------------|---------------|--------------------|
712
712
  | **ASI01** Agent Goal Hijack | High | Orchestrator skill forces 3-sub-task decomposition by design | Use this skill only when multi-agent orchestration is desired; disable for simple one-shot tasks |
713
713
  | **ASI03** Identity and Privilege Abuse (advisory tokens) | High | Grant tokens are advisory only — caller identity is not cryptographically verified | Tokens are explicitly marked advisory in SKILL.md and source; require separate platform auth and human approval before any real database, payment, email, or export action |
714
+ | **ASI03** Identity and Privilege Abuse (token integrity) | ~~High~~ Resolved | Token payload had no integrity protection — active_grants.json could be edited to forge elevated grants | Fixed in v5.5.2 — `check_permission.py` HMAC-SHA256 signs each grant (`_sig` field, stdlib `hmac`+`hashlib`, key at `data/.signing_key`); `validate_token.py` verifies before accepting; tampered tokens rejected with `"Token signature invalid"` |
714
715
  | **ASI03** Identity and Privilege Abuse (env-scoped paths) | ~~High~~ Resolved | `revoke_token.py` resolved `GRANTS_FILE`/`AUDIT_LOG` at module load from root `data/`, ignoring `NETWORK_AI_ENV` — revoking tokens in one env could silently miss env-specific grant files | Fixed in v5.5.1 — `_resolve_data_dir()` added, `--env` CLI argument introduced, paths re-resolved in `main()` before file I/O; consistent with `check_permission.py` and `validate_token.py` |
715
716
  | **ASI06** Memory and Context Poisoning | High | Persistent `data/project-context.json` is injected into agent sessions by design | `_validate_context()` runs injection-pattern detection before every inject; do not store secrets/credentials; review `data/project-context.json` before use; clear `data/` between projects |
716
717
  | **ASI07** Insecure Inter-Agent Communication | High | Blackboard is local file-based; origin/identity depends on local file access, not authenticated messaging | Run in a trusted workspace; restrict file permissions on `data/`; review blackboard changes before relying on them for important decisions |
package/dist/lib/transport-agent.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"transport-agent.d.ts","sourceRoot":"","sources":["../../lib/transport-agent.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAMH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,KAAK,EAAE,kBAAkB,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAClF,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAMlD,+CAA+C;AAC/C,MAAM,MAAM,eAAe,GACvB,SAAS,GACT,UAAU,GACV,WAAW,GACX,QAAQ,GACR,UAAU,GACV,aAAa,GACb,QAAQ,CAAC;AAEb;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,+BAA+B;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,oCAAoC;IACpC,KAAK,EAAE,OAAO,CAAC;IACf,wEAAwE;IACxE,MAAM,EAAE,MAAM,CAAC;IACf,2EAA2E;IAC3E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wEAAwE;IACxE,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,6EAA6E;IAC7E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,6EAA6E;IAC7E,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,8EAA8E;IAC9E,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,sEAAsE;AACtE,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,eAAe,CAAC;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+DAA+D;IAC/D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,6EAA6E;IAC7E,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,yDAAyD;AACzD,MAAM,WAAW,qBAAqB;IACpC,kDAAkD;IAClD,UAAU,EAAE,gBAAgB,CAAC;IAC7B,iEAAiE;IACjE,UAAU,EAAE,kBAAkB,CAAC;IAC/B,iEAAiE;IACjE,YAAY,EAAE,YAAY,CAAC;IAC3B,oFAAoF;IACpF,KAAK,CAAC,EAAE,SAAS,EAAE,CAAC;IACpB,kEAAkE;IAClE,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,yEAAyE;IACzE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+DAA+D;IAC/D,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,wFAAwF;IACxF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,4EAA4E;IAC5E,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAcD;;;;;;;;;;;;;GAaG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAmB;IAC/C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAe;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAgC;IACnE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,WAAW,CAA+B;IAClD,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,WAAW,CAAS;gBAEhB,OAAO,EAAE,qBAAqB;IAgB1C;;;OAGG;IACH,KAAK,IAAI,IAAI;IAQb;;;OAGG;IACH,IAAI,IAAI,IAAI;IAQZ,8CAA8C;IAC9C,IAAI,SAAS,IAAI,OAAO,CAA0B;IAElD;;;;;;OAMG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAY3D;;;;;OAKG;IACH,MAAM,CAAC,aAAa,CAAC,UAAU,EAAE,gBAAgB,EAAE,OAAO,EAAE,gBAAgB,GAAG,MAAM;YA0BvE,SAAS;YAuBT,aAAa;IAiK3B,8EAA8E;IAC9E,OAAO,CAAC,WAAW;IAQnB,wDAAwD;IACxD,OAAO,CAAC,YAAY;IAMpB;;;;OAIG;YACW,aAAa;IAc3B,OAAO,CAAC,WAAW;CAQpB"}
1
+ {"version":3,"file":"transport-agent.d.ts","sourceRoot":"","sources":["../../lib/transport-agent.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAMH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,KAAK,EAAE,kBAAkB,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAClF,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC9D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAMlD,+CAA+C;AAC/C,MAAM,MAAM,eAAe,GACvB,SAAS,GACT,UAAU,GACV,WAAW,GACX,QAAQ,GACR,UAAU,GACV,aAAa,GACb,QAAQ,CAAC;AAEb;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,+BAA+B;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,oCAAoC;IACpC,KAAK,EAAE,OAAO,CAAC;IACf,wEAAwE;IACxE,MAAM,EAAE,MAAM,CAAC;IACf,2EAA2E;IAC3E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wEAAwE;IACxE,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,6EAA6E;IAC7E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,6EAA6E;IAC7E,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,8EAA8E;IAC9E,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,sEAAsE;AACtE,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,eAAe,CAAC;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,+DAA+D;IAC/D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,6EAA6E;IAC7E,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,yDAAyD;AACzD,MAAM,WAAW,qBAAqB;IACpC,kDAAkD;IAClD,UAAU,EAAE,gBAAgB,CAAC;IAC7B,iEAAiE;IACjE,UAAU,EAAE,kBAAkB,CAAC;IAC/B,iEAAiE;IACjE,YAAY,EAAE,YAAY,CAAC;IAC3B,oFAAoF;IACpF,KAAK,CAAC,EAAE,SAAS,EAAE,CAAC;IACpB,kEAAkE;IAClE,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,yEAAyE;IACzE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+DAA+D;IAC/D,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,wFAAwF;IACxF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,4EAA4E;IAC5E,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAcD;;;;;;;;;;;;;GAaG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAmB;IAC/C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAe;IAC7C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAgC;IACnE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;IACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;IACvC,OAAO,CAAC,WAAW,CAA+B;IAClD,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,WAAW,CAAS;gBAEhB,OAAO,EAAE,qBAAqB;IAgB1C;;;OAGG;IACH,KAAK,IAAI,IAAI;IAQb;;;OAGG;IACH,IAAI,IAAI,IAAI;IAQZ,8CAA8C;IAC9C,IAAI,SAAS,IAAI,OAAO,CAA0B;IAElD;;;;;;OAMG;IACG,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAY3D;;;;;OAKG;IACH,MAAM,CAAC,aAAa,CAAC,UAAU,EAAE,gBAAgB,EAAE,OAAO,EAAE,gBAAgB,GAAG,MAAM;YA0BvE,SAAS;YAuBT,aAAa;IAkK3B,8EAA8E;IAC9E,OAAO,CAAC,WAAW;IAQnB,wDAAwD;IACxD,OAAO,CAAC,YAAY;IAMpB;;;;OAIG;YACW,aAAa;IAc3B,OAAO,CAAC,WAAW;CAQpB"}
package/dist/lib/transport-agent.js CHANGED
@@ -192,7 +192,8 @@ class TransportAgent {
192
192
  this._blackboard.write(`transport:status:${trId}`, updated, this._agentId);
193
193
  return updated;
194
194
  };
195
- let status = updateStatus({ startedAt: now() });
195
+ updateStatus({ startedAt: now() }); // persist initial status record (side effect only)
196
+ let status;
196
197
  // ------------------------------------------------------------------
197
198
  // 1. Prerequisite check
198
199
  // ------------------------------------------------------------------
@@ -235,7 +236,7 @@ class TransportAgent {
235
236
  // ----------------------------------------------------------------
236
237
  // 4. Drain pools tagged for the destination environment
237
238
  // ----------------------------------------------------------------
238
- status = updateStatus({ status: 'draining' });
239
+ updateStatus({ status: 'draining' }); // side effect only — value overwritten before next read
239
240
  const drainedPools = this._drainPools(request.toEnv);
240
241
  await this._waitForDrain(drainedPools);
241
242
  // ----------------------------------------------------------------
@@ -252,7 +253,7 @@ class TransportAgent {
252
253
  // ----------------------------------------------------------------
253
254
  // 6. Promote
254
255
  // ----------------------------------------------------------------
255
- status = updateStatus({ status: 'promoting', backupId });
256
+ updateStatus({ status: 'promoting', backupId }); // side effect only — value overwritten before next read
256
257
  let promotionResult;
257
258
  try {
258
259
  promotionResult = this._envManager.promote(request.fromEnv, request.toEnv, {
@@ -272,7 +273,7 @@ class TransportAgent {
272
273
  const canaryWindowMs = request.canaryWindowMs ?? 30_000;
273
274
  const canaryMaxViolations = request.canaryMaxViolations ?? 0;
274
275
  if (canaryWindowMs > 0 && this._complianceMonitor) {
275
- status = updateStatus({ status: 'canary', promotionResult });
276
+ updateStatus({ status: 'canary', promotionResult }); // side effect only — value overwritten before next read
276
277
  this._resumePools(drainedPools, request.canaryPercent ?? 20);
277
278
  const violationsBefore = this._complianceMonitor.getViolations().length;
278
279
  await sleep(canaryWindowMs);
package/dist/lib/transport-agent.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"transport-agent.js","sourceRoot":"","sources":["../../lib/transport-agent.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;;;AAEH,2BAAoC;AACpC,+BAA4B;AAC5B,mCAAoC;AAsFpC,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,+EAA+E;AAC/E,kBAAkB;AAClB,+EAA+E;AAE/E;;;;;;;;;;;;;GAaG;AACH,MAAa,cAAc;IACR,WAAW,CAAmB;IAC9B,WAAW,CAAqB;IAChC,aAAa,CAAe;IAC5B,MAAM,CAAc;IACpB,kBAAkB,CAAgC;IAClD,QAAQ,CAAS;IACjB,eAAe,CAAS;IACxB,eAAe,CAAS;IACxB,aAAa,CAAS;IAC/B,WAAW,GAA0B,IAAI,CAAC;IAC1C,QAAQ,GAAG,KAAK,CAAC;IACjB,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,OAA8B;QACxC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;QACtC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;QACtC,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;QAC1C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC;QAClC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QACpD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,OAAO,IAAI,iBAAiB,CAAC;QACrD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,cAAc,IAAI,KAAK,CAAC;QACvD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,cAAc,IAAI,MAAM,CAAC;QACxD,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,YAAY,IAAI,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAC9F,CAAC;IAED,6EAA6E;IAC7E,mBAAmB;IACnB,6EAA6E;IAE7E;;;OAGG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO;QAC1B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE;YAClC,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;QACxB,CAAC,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,IAAI;QACF,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC;QACtB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAChC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,IAAI,SAAS,KAAc,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAElD;;;;;;OAMG;IACH,KAAK,CAAC,OAAO,CAAC,IAAY;QACxB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;QACjE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,sBAAsB,IAAI,2BAA2B,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,KAAyB,CAAC,CAAC;IACnE,CAAC;IAED,6EAA6E;IAC7E,iBAAiB;IACjB,6EAA6E;IAE7E;;;;;OAKG;IACH,MAAM,CAAC,aAAa,CAAC,UAA4B,EAAE,OAAyB;QAC1E,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAClE,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAA,mBAAU,GAAE,EAAE,CAAC;QAClC,UAAU,CAAC,KAAK,CAAC,qBAAqB,IAAI,EAAE,EAAE,OAAO,EAAE,iBAAiB,CAAC,CAAC;QAC1E,MAAM,MAAM,GAA0B;YACpC,IAAI;YACJ,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACtC,CAAC;QACF,UAAU,CAAC,KAAK,CAAC,oBAAoB,IAAI,EAAE,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC;QACxE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,6EAA6E;IAC7E,qBAAqB;IACrB,6EAA6E;IAErE,KAAK,CAAC,SAAS;QACrB,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAC7B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC,CAAC;YACzF,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;gBACnD,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;gBACtE,IAAI,CAAC,WAAW;oBAAE,SAAS;gBAC3B,IAAK,WAAW,CAAC,KAA+B,CAAC,MAAM,KAAK,SAAS;oBAAE,SAAS;gBAChF,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAChD,IAAI,CAAC,YAAY;oBAAE,SAAS;gBAC5B,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,YAAY,CAAC,KAAyB,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,sBAAsB;IACtB,6EAA6E;IAErE,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,OAAyB;QACjE,MAAM,GAAG,GAAG,GAAW,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAEnD,MAAM,YAAY,GAAG,CAAC,KAAqC,EAAyB,EAAE;YACpF,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,oBAAoB,IAAI,EAAE,CAAC,EAAE,KAA0C,CAAC;YAC/G,MAAM,OAAO,GAA0B;gBACrC,GAAG,CAAC,QAAQ,IAAI;oBACd,IAAI;oBACJ,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,WAAW,EAAE,GAAG,EAAE;iBACnB,CAAC;gBACF,GAAG,KAAK;aACT,CAAC;YACF,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC3E,OAAO,OAAO,CAAC;QACjB,CAAC,CAAC;QAEF,IAAI,MAAM,GAAG,YAAY,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAEhD,qEAAqE;QACrE,wBAAwB;QACxB,qEAAqE;QACrE,KAAK,MAAM,QAAQ,IAAI,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC,EAAE,CAAC;YACrD,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,oBAAoB,QAAQ,EAAE,CAAC,CAAC;YAC1E,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,oBAAoB,QAAQ,aAAa,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gBAClH,IAAI,CAAC,WAAW,CAAC,yBAAyB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;gBAChE,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,MAAM,WAAW,GAAI,WAAW,CAAC,KAA+B,CAAC,MAAM,CAAC;YACxE,IAAI,WAAW,KAAK,UAAU,EAAE,CAAC;gBAC/B,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,oBAAoB,QAAQ,kBAAkB,WAAW,yBAAyB,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gBAC3J,IAAI,CAAC,WAAW,CAAC,yBAAyB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;gBAC7E,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,qEAAqE;QACrE,mEAAmE;QACnE,qEAAqE;QACrE,MAAM,OAAO,GAAG,kBAAkB,OAAO,CAAC,KAAK,EAAE,CAAC;QAClD,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAG,YAAY,CAAC,KAA2C,CAAC;YAC1E,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,gBAAgB,OAAO,CAAC,KAAK,sBAAsB,QAAQ,CAAC,IAAI,GAAG,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YAC5I,IAAI,CAAC,WAAW,CAAC,yBAAyB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YACrG,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE1E,IAAI,CAAC;YACH,mEAAmE;YACnE,gBAAgB;YAChB,mEAAmE;YACnE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CACtD,IAAI,CAAC,QAAQ,EACb,qBAAqB,EACrB,aAAa,IAAI,KAAK,OAAO,CAAC,MAAM,EAAE,EACtC,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,KAAK,EAAE,CACtC,CAAC;YACF,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;gBACnB,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,sBAAsB,KAAK,CAAC,MAAM,IAAI,2CAA2C,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gBAC5J,IAAI,CAAC,WAAW,CAAC,uBAAuB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC1E,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,mEAAmE;YACnE,wDAAwD;YACxD,mEAAmE;YACnE,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;YAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACrD,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YAEvC,mEAAmE;YACnE,uDAAuD;YACvD,mEAAmE;YACnE,IAAI,QAA4B,CAAC;YACjC,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC5D,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC;YACnC,CAAC;YAAC,MAAM,CAAC;gBACP,yDAAyD;YAC3D,CAAC;YAED,mEAAmE;YACnE,aAAa;YACb,mEAAmE;YACnE,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,CAAC;YACzD,IAAI,eAAgC,CAAC;YACrC,IAAI,CAAC;gBACH,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE;oBACzE,WAAW,EAAE,OAAO,CAAC,QAAQ;oBAC7B,UAAU,EAAE,OAAO,CAAC,QAAQ;iBAC7B,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,mBAAmB,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gBACzG,IAAI,CAAC,WAAW,CAAC,0BAA0B,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAC3E,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;gBACrC,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,mEAAmE;YACnE,kBAAkB;YAClB,mEAAmE;YACnE,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,MAAM,CAAC;YACxD,MAAM,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,IAAI,CAAC,CAAC;YAE7D,IAAI,cAAc,GAAG,CAAC,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAClD,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,CAAC,CAAC;gBAC7D,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC;gBAE7D,MAAM,gBAAgB,GAAG,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC,MAAM,CAAC;gBACxE,MAAM,KAAK,CAAC,cAAc,CAAC,CAAC;gBAC5B,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC,MAAM,CAAC;gBACvE,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,eAAe,GAAG,gBAAgB,CAAC,CAAC;gBAExE,IAAI,eAAe,GAAG,mBAAmB,EAAE,CAAC;oBAC1C,4BAA4B;oBAC5B,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,kBAAkB,EAAE,eAAe,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;oBAC1G,IAAI,CAAC,WAAW,CAAC,yBAAyB,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,mBAAmB,EAAE,CAAC,CAAC;oBAC5F,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;oBACrC,IAAI,QAAQ,EAAE,CAAC;wBACb,IAAI,CAAC;4BACH,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;4BAClD,IAAI,CAAC,WAAW,CAAC,6BAA6B,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;wBAC5F,CAAC;wBAAC,OAAO,WAAW,EAAE,CAAC;4BACrB,IAAI,CAAC,WAAW,CAAC,2BAA2B,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;wBAChG,CAAC;oBACH,CAAC;oBACD,OAAO,MAAM,CAAC;gBAChB,CAAC;gBAED,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,kBAAkB,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gBACxH,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;YACvC,CAAC;iBAAM,CAAC;gBACN,mCAAmC;gBACnC,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gBACnF,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,WAAW,CAAC,oBAAoB,EAAE;gBACrC,IAAI;gBACJ,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,IAAI;aACnC,CAAC,CAAC;YACH,OAAO,MAAM,CAAC;QAChB,CAAC;gBAAS,CAAC;YACT,yDAAyD;YACzD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,eAAe;IACf,6EAA6E;IAE7E,8EAA8E;IACtE,WAAW,CAAC,GAAY;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QACxG,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;YAC1B,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAC9B,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,wDAAwD;IAChD,YAAY,CAAC,KAAkB,EAAE,OAAe;QACtD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,aAAa,CAAC,KAAkB;QAC5C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC;QACnD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAChD,IAAI,CAAC,SAAS;gBAAE,OAAO;YACvB,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,eAAe;IACf,6EAA6E;IAErE,WAAW,CAAC,KAAa,EAAE,OAAgC;QACjE,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;YACzF,IAAA,mBAAc,EAAC,IAAI,CAAC,aAAa,EAAE,KAAK,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAAC,MAAM,CAAC;YACP,8EAA8E;QAChF,CAAC;IACH,CAAC;CACF;AA/UD,wCA+UC"}
1
+ {"version":3,"file":"transport-agent.js","sourceRoot":"","sources":["../../lib/transport-agent.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;;;AAEH,2BAAoC;AACpC,+BAA4B;AAC5B,mCAAoC;AAsFpC,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,+EAA+E;AAC/E,kBAAkB;AAClB,+EAA+E;AAE/E;;;;;;;;;;;;;GAaG;AACH,MAAa,cAAc;IACR,WAAW,CAAmB;IAC9B,WAAW,CAAqB;IAChC,aAAa,CAAe;IAC5B,MAAM,CAAc;IACpB,kBAAkB,CAAgC;IAClD,QAAQ,CAAS;IACjB,eAAe,CAAS;IACxB,eAAe,CAAS;IACxB,aAAa,CAAS;IAC/B,WAAW,GAA0B,IAAI,CAAC;IAC1C,QAAQ,GAAG,KAAK,CAAC;IACjB,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,OAA8B;QACxC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;QACtC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;QACtC,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;QAC1C,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC;QAClC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QACpD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,OAAO,IAAI,iBAAiB,CAAC;QACrD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,cAAc,IAAI,KAAK,CAAC;QACvD,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC,cAAc,IAAI,MAAM,CAAC;QACxD,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,YAAY,IAAI,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAC9F,CAAC;IAED,6EAA6E;IAC7E,mBAAmB;IACnB,6EAA6E;IAE7E;;;OAGG;IACH,KAAK;QACH,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO;QAC1B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,GAAG,EAAE;YAClC,KAAK,IAAI,CAAC,SAAS,EAAE,CAAC;QACxB,CAAC,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,IAAI;QACF,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC;QACtB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAChC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,IAAI,SAAS,KAAc,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAElD;;;;;;OAMG;IACH,KAAK,CAAC,OAAO,CAAC,IAAY;QACxB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;QACjE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,sBAAsB,IAAI,2BAA2B,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,CAAC,KAAyB,CAAC,CAAC;IACnE,CAAC;IAED,6EAA6E;IAC7E,iBAAiB;IACjB,6EAA6E;IAE7E;;;;;OAKG;IACH,MAAM,CAAC,aAAa,CAAC,UAA4B,EAAE,OAAyB;QAC1E,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAClE,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAA,mBAAU,GAAE,EAAE,CAAC;QAClC,UAAU,CAAC,KAAK,CAAC,qBAAqB,IAAI,EAAE,EAAE,OAAO,EAAE,iBAAiB,CAAC,CAAC;QAC1E,MAAM,MAAM,GAA0B;YACpC,IAAI;YACJ,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACtC,CAAC;QACF,UAAU,CAAC,KAAK,CAAC,oBAAoB,IAAI,EAAE,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC;QACxE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,6EAA6E;IAC7E,qBAAqB;IACrB,6EAA6E;IAErE,KAAK,CAAC,SAAS;QACrB,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO;QAC7B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC,CAAC;YACzF,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;gBACnD,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;gBACtE,IAAI,CAAC,WAAW;oBAAE,SAAS;gBAC3B,IAAK,WAAW,CAAC,KAA+B,CAAC,MAAM,KAAK,SAAS;oBAAE,SAAS;gBAChF,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAChD,IAAI,CAAC,YAAY;oBAAE,SAAS;gBAC5B,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,YAAY,CAAC,KAAyB,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,sBAAsB;IACtB,6EAA6E;IAErE,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,OAAyB;QACjE,MAAM,GAAG,GAAG,GAAW,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAEnD,MAAM,YAAY,GAAG,CAAC,KAAqC,EAAyB,EAAE;YACpF,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,oBAAoB,IAAI,EAAE,CAAC,EAAE,KAA0C,CAAC;YAC/G,MAAM,OAAO,GAA0B;gBACrC,GAAG,CAAC,QAAQ,IAAI;oBACd,IAAI;oBACJ,MAAM,EAAE,SAAS;oBACjB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,WAAW,EAAE,GAAG,EAAE;iBACnB,CAAC;gBACF,GAAG,KAAK;aACT,CAAC;YACF,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,oBAAoB,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC3E,OAAO,OAAO,CAAC;QACjB,CAAC,CAAC;QAEF,YAAY,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,mDAAmD;QACvF,IAAI,MAA6B,CAAC;QAElC,qEAAqE;QACrE,wBAAwB;QACxB,qEAAqE;QACrE,KAAK,MAAM,QAAQ,IAAI,CAAC,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC,EAAE,CAAC;YACrD,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,oBAAoB,QAAQ,EAAE,CAAC,CAAC;YAC1E,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,oBAAoB,QAAQ,aAAa,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gBAClH,IAAI,CAAC,WAAW,CAAC,yBAAyB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;gBAChE,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,MAAM,WAAW,GAAI,WAAW,CAAC,KAA+B,CAAC,MAAM,CAAC;YACxE,IAAI,WAAW,KAAK,UAAU,EAAE,CAAC;gBAC/B,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,oBAAoB,QAAQ,kBAAkB,WAAW,yBAAyB,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gBAC3J,IAAI,CAAC,WAAW,CAAC,yBAAyB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;gBAC7E,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,qEAAqE;QACrE,mEAAmE;QACnE,qEAAqE;QACrE,MAAM,OAAO,GAAG,kBAAkB,OAAO,CAAC,KAAK,EAAE,CAAC;QAClD,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAG,YAAY,CAAC,KAA2C,CAAC;YAC1E,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,gBAAgB,OAAO,CAAC,KAAK,sBAAsB,QAAQ,CAAC,IAAI,GAAG,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YAC5I,IAAI,CAAC,WAAW,CAAC,yBAAyB,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YACrG,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE1E,IAAI,CAAC;YACH,mEAAmE;YACnE,gBAAgB;YAChB,mEAAmE;YACnE,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CACtD,IAAI,CAAC,QAAQ,EACb,qBAAqB,EACrB,aAAa,IAAI,KAAK,OAAO,CAAC,MAAM,EAAE,EACtC,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,KAAK,EAAE,CACtC,CAAC;YACF,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;gBACnB,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,sBAAsB,KAAK,CAAC,MAAM,IAAI,2CAA2C,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gBAC5J,IAAI,CAAC,WAAW,CAAC,uBAAuB,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC1E,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,mEAAmE;YACnE,wDAAwD;YACxD,mEAAmE;YACnE,YAAY,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,wDAAwD;YAC9F,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YACrD,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YAEvC,mEAAmE;YACnE,uDAAuD;YACvD,mEAAmE;YACnE,IAAI,QAA4B,CAAC;YACjC,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC5D,QAAQ,GAAG,YAAY,CAAC,QAAQ,CAAC;YACnC,CAAC;YAAC,MAAM,CAAC;gBACP,yDAAyD;YAC3D,CAAC;YAED,mEAAmE;YACnE,aAAa;YACb,mEAAmE;YACnE,YAAY,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,wDAAwD;YACzG,IAAI,eAAgC,CAAC;YACrC,IAAI,CAAC;gBACH,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE;oBACzE,WAAW,EAAE,OAAO,CAAC,QAAQ;oBAC7B,UAAU,EAAE,OAAO,CAAC,QAAQ;iBAC7B,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,mBAAmB,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gBACzG,IAAI,CAAC,WAAW,CAAC,0BAA0B,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAC3E,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;gBACrC,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,mEAAmE;YACnE,kBAAkB;YAClB,mEAAmE;YACnE,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,MAAM,CAAC;YACxD,MAAM,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,IAAI,CAAC,CAAC;YAE7D,IAAI,cAAc,GAAG,CAAC,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAClD,YAAY,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,wDAAwD;gBAC7G,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC;gBAE7D,MAAM,gBAAgB,GAAG,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC,MAAM,CAAC;gBACxE,MAAM,KAAK,CAAC,cAAc,CAAC,CAAC;gBAC5B,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC,MAAM,CAAC;gBACvE,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,eAAe,GAAG,gBAAgB,CAAC,CAAC;gBAExE,IAAI,eAAe,GAAG,mBAAmB,EAAE,CAAC;oBAC1C,4BAA4B;oBAC5B,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,kBAAkB,EAAE,eAAe,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;oBAC1G,IAAI,CAAC,WAAW,CAAC,yBAAyB,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,mBAAmB,EAAE,CAAC,CAAC;oBAC5F,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;oBACrC,IAAI,QAAQ,EAAE,CAAC;wBACb,IAAI,CAAC;4BACH,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;4BAClD,IAAI,CAAC,WAAW,CAAC,6BAA6B,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;wBAC5F,CAAC;wBAAC,OAAO,WAAW,EAAE,CAAC;4BACrB,IAAI,CAAC,WAAW,CAAC,2BAA2B,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;wBAChG,CAAC;oBACH,CAAC;oBACD,OAAO,MAAM,CAAC;gBAChB,CAAC;gBAED,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,kBAAkB,EAAE,eAAe,EAAE,eAAe,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gBACxH,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;YACvC,CAAC;iBAAM,CAAC;gBACN,mCAAmC;gBACnC,MAAM,GAAG,YAAY,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,WAAW,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gBACnF,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,GAAG,CAAC,CAAC;YACvC,CAAC;YAED,IAAI,CAAC,WAAW,CAAC,oBAAoB,EAAE;gBACrC,IAAI;gBACJ,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,IAAI;aACnC,CAAC,CAAC;YACH,OAAO,MAAM,CAAC;QAChB,CAAC;gBAAS,CAAC;YACT,yDAAyD;YACzD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,eAAe;IACf,6EAA6E;IAE7E,8EAA8E;IACtE,WAAW,CAAC,GAAY;QAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QACxG,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;YAC1B,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAC9B,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,wDAAwD;IAChD,YAAY,CAAC,KAAkB,EAAE,OAAe;QACtD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,aAAa,CAAC,KAAkB;QAC5C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC;QACnD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAChD,IAAI,CAAC,SAAS;gBAAE,OAAO;YACvB,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,eAAe;IACf,6EAA6E;IAErE,WAAW,CAAC,KAAa,EAAE,OAAgC;QACjE,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;YACzF,IAAA,mBAAc,EAAC,IAAI,CAAC,aAAa,EAAE,KAAK,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAAC,MAAM,CAAC;YACP,8EAA8E;QAChF,CAAC;IACH,CAAC;CACF;AAhVD,wCAgVC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "network-ai",
3
- "version": "5.5.1",
3
+ "version": "5.5.3",
4
4
  "description": "AI agent orchestration framework for TypeScript/Node.js - 29 adapters (LangChain, AutoGen, CrewAI, OpenAI Assistants, LlamaIndex, Semantic Kernel, Haystack, DSPy, Agno, MCP, OpenClaw, A2A, Codex, MiniMax, NemoClaw, APS, Copilot, LangGraph, Anthropic Computer Use, OpenAI Agents SDK, Vertex AI, Pydantic AI, Browser Agent, Hermes, Orchestrator, RLM + streaming variants). Built-in CLI, security, swarm intelligence, real-time streaming, and agentic workflow patterns.",
5
5
  "homepage": "https://network-ai.org",
6
6
  "main": "dist/index.js",
package/scripts/check_permission.py CHANGED
@@ -1,9 +1,11 @@
1
1
  #!/usr/bin/env python3
2
2
  # SECURITY: This script makes NO network calls and spawns NO subprocesses.
3
3
  # All I/O is local file operations only:
4
- # READS: data/active_grants.json, data/audit_log.jsonl
5
- # WRITES: data/active_grants.json, data/audit_log.jsonl
6
- # Imports used: argparse, json, re, sys, uuid, datetime, pathlib, typing
4
+ # READS: data[/<env>]/active_grants.json, data[/<env>]/audit_log.jsonl,
5
+ # data[/<env>]/.signing_key (HMAC key; auto-created on first run)
6
+ # WRITES: data[/<env>]/active_grants.json, data[/<env>]/audit_log.jsonl,
7
+ # data[/<env>]/.signing_key (on first run only; chmod 0o600)
8
+ # Imports used: argparse, json, re, sys, uuid, hmac, hashlib, datetime, pathlib, typing
7
9
  # No imports of: requests, socket, subprocess, urllib, http, ssl, ftplib, smtplib
8
10
  """
9
11
  AuthGuardian Permission Checker
@@ -28,6 +30,8 @@ Examples:
28
30
  """
29
31
 
30
32
  import argparse
33
+ import hashlib
34
+ import hmac
31
35
  import json
32
36
  import re
33
37
  import sys
@@ -264,6 +268,53 @@ def generate_grant_token() -> str:
264
268
  return f"grant_{uuid.uuid4().hex}"
265
269
 
266
270
 
271
+ def _load_signing_key() -> bytes:
272
+ """
273
+ Load or create the local HMAC-SHA256 signing key for grant tokens.
274
+
275
+ The key is stored at data[/<env>]/.signing_key as a 32-byte hex string.
276
+ It is auto-generated with os.urandom(32) on first use and restricted to
277
+ mode 0o600. It lives inside the env-scoped data dir so multi-environment
278
+ deployments each have an independent key.
279
+ """
280
+ key_file = _DATA_DIR / ".signing_key"
281
+ if key_file.exists():
282
+ try:
283
+ return bytes.fromhex(key_file.read_text().strip())
284
+ except (ValueError, OSError):
285
+ pass # Corrupt key file — regenerate below
286
+ key = os.urandom(32)
287
+ _DATA_DIR.mkdir(parents=True, exist_ok=True)
288
+ key_file.write_text(key.hex())
289
+ try:
290
+ key_file.chmod(0o600) # Restrict to owner; no-op on Windows
291
+ except OSError:
292
+ # chmod is not supported on all platforms (e.g. Windows NTFS);
293
+ # the key is still functional — caller must protect the data directory.
294
+ pass
295
+ return key
296
+
297
+
298
+ def _sign_grant(grant: dict[str, Any]) -> str:
299
+ """
300
+ Return an HMAC-SHA256 hex signature over the canonical grant fields.
301
+
302
+ Covered fields: token, agent_id, resource_type, scope, expires_at, granted_at.
303
+ Storing this in the grant record lets validate_token.py detect any
304
+ post-issuance tampering of active_grants.json.
305
+ """
306
+ payload = "|".join([
307
+ grant.get("token", ""),
308
+ grant.get("agent_id", ""),
309
+ grant.get("resource_type", ""),
310
+ grant.get("scope") or "",
311
+ grant.get("expires_at", ""),
312
+ grant.get("granted_at", ""),
313
+ ])
314
+ key = _load_signing_key()
315
+ return hmac.new(key, payload.encode("utf-8"), hashlib.sha256).hexdigest()
316
+
317
+
267
318
  def log_audit(action: str, details: dict[str, Any]) -> None:
268
319
  """Append entry to audit log."""
269
320
  ensure_data_dir()
@@ -412,7 +463,7 @@ def evaluate_permission(
412
463
  token = generate_grant_token()
413
464
  expires_at = (datetime.now(timezone.utc) + timedelta(minutes=GRANT_TOKEN_TTL_MINUTES)).isoformat()
414
465
  restrictions = RESTRICTIONS.get(resource_type, [])
415
-
466
+
416
467
  grant: dict[str, Any] = {
417
468
  "token": token,
418
469
  "agent_id": agent_id,
@@ -425,6 +476,9 @@ def evaluate_permission(
425
476
  "unknown_agent": unknown_agent,
426
477
  }
427
478
 
479
+ # Sign the grant — lets validate_token.py detect tampered grant records
480
+ grant["_sig"] = _sign_grant(grant)
481
+
428
482
  # Save grant and log
429
483
  save_grant(grant)
430
484
  log_audit("permission_granted", grant)
package/scripts/validate_token.py CHANGED
@@ -1,9 +1,9 @@
1
1
  #!/usr/bin/env python3
2
2
  # SECURITY: This script makes NO network calls and spawns NO subprocesses.
3
3
  # All I/O is local file operations only:
4
- # READS: data/active_grants.json
4
+ # READS: data[/<env>]/active_grants.json, data[/<env>]/.signing_key
5
5
  # WRITES: none
6
- # Imports used: argparse, json, sys, datetime, pathlib, typing
6
+ # Imports used: argparse, json, sys, hmac, hashlib, datetime, pathlib, typing
7
7
  # No imports of: requests, socket, subprocess, urllib, http, ssl, ftplib, smtplib
8
8
  """
9
9
  Validate Grant Token
@@ -18,11 +18,13 @@ Example:
18
18
  """
19
19
 
20
20
  import argparse
21
+ import hashlib
22
+ import hmac
21
23
  import json
22
24
  import sys
23
25
  from datetime import datetime, timezone
24
26
  from pathlib import Path
25
- from typing import Any
27
+ from typing import Any, Optional
26
28
 
27
29
  def _resolve_data_dir(env: str = "") -> Path:
28
30
  """Return the active data directory, scoped to <env> when set."""
@@ -38,6 +40,47 @@ def _resolve_data_dir(env: str = "") -> Path:
38
40
  GRANTS_FILE = _resolve_data_dir() / "active_grants.json"
39
41
 
40
42
 
43
+ def _load_signing_key() -> "Optional[bytes]":
44
+ """
45
+ Load the local HMAC-SHA256 signing key used by check_permission.py.
46
+ Returns None if the key file does not exist or cannot be read.
47
+ """
48
+ key_file = GRANTS_FILE.parent / ".signing_key"
49
+ if not key_file.exists():
50
+ return None
51
+ try:
52
+ return bytes.fromhex(key_file.read_text().strip())
53
+ except (ValueError, OSError):
54
+ return None
55
+
56
+
57
+ def _verify_grant_sig(grant: "dict[str, Any]") -> "Optional[bool]":
58
+ """
59
+ Verify the HMAC-SHA256 signature stored in a grant record.
60
+
61
+ Returns:
62
+ True — signature present and valid
63
+ False — signature present but invalid (tampered)
64
+ None — no signature (pre-v5.5.2 token) or key unavailable
65
+ """
66
+ stored_sig = grant.get("_sig")
67
+ if not stored_sig:
68
+ return None # Backward-compatible: unsigned token from before v5.5.2
69
+ key = _load_signing_key()
70
+ if key is None:
71
+ return None # Key not present — cannot verify; treat as unverified
72
+ payload = "|".join([
73
+ grant.get("token", ""),
74
+ grant.get("agent_id", ""),
75
+ grant.get("resource_type", ""),
76
+ grant.get("scope") or "",
77
+ grant.get("expires_at", ""),
78
+ grant.get("granted_at", ""),
79
+ ])
80
+ expected = hmac.new(key, payload.encode("utf-8"), hashlib.sha256).hexdigest()
81
+ return hmac.compare_digest(expected, stored_sig)
82
+
83
+
41
84
  def validate_token(token: str) -> dict[str, Any]:
42
85
  """Validate a grant token and return its details."""
43
86
  if not GRANTS_FILE.exists():
@@ -61,7 +104,15 @@ def validate_token(token: str) -> dict[str, Any]:
61
104
  }
62
105
 
63
106
  grant = grants[token]
64
-
107
+
108
+ # Guard against tampered grant records (checks HMAC-SHA256 signature)
109
+ sig_result = _verify_grant_sig(grant)
110
+ if sig_result is False:
111
+ return {
112
+ "valid": False,
113
+ "reason": "Token signature invalid — grant record may have been tampered with",
114
+ }
115
+
65
116
  # Check expiration
66
117
  expires_at = grant.get("expires_at")
67
118
  if expires_at:
@@ -80,7 +131,8 @@ def validate_token(token: str) -> dict[str, Any]:
80
131
 
81
132
  return {
82
133
  "valid": True,
83
- "grant": grant
134
+ "grant": grant,
135
+ "sig_verified": sig_result is True,
84
136
  }
85
137
 
86
138