nox-openclaw-hunter 1.0.0

package/dist/isolator/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/isolator/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAUH,OAAO,EAAE,WAAW,EAAiB,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACpF,OAAO,EACL,mBAAmB,EACnB,eAAe,EACf,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAEhF,0CAA0C;AAC1C,cAAc,eAAe,CAAC;AAC9B,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC;AAE9B,MAAM,oBAAoB,GAAG,KAAK,CAAC;AAOnC;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,SAA0B,EAC1B,UAA2B,EAAE;IAE7B,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAsB,EAAE,CAAC;IACtC,IAAI,gBAA8C,CAAC;IAEnD,MAAM,eAAe,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC;IACzD,MAAM,gBAAgB,GAAG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC;IAC3D,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC;IAEvD,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAEhD,wBAAwB;IACxB,IAAI,eAAe,EAAE,CAAC;QACpB,iBAAiB;QACjB,gEAAgE;QAChE,wDAAwD;QACxD,qEAAqE;QACrE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,6CAA6C;YAC7C,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,QAAQ,EAAE;gBAC9C,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC,CAAC;YACH,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;aAAM,IAAI,SAAS,CAAC,OAAO,CAAC,KAAK,IAAI,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAC7D,uCAAuC;YACvC,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,QAAQ,EAAE;gBAC9C,IAAI,EAAE,SAAS,CAAC,OAAO,CAAC,IAAI;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC,CAAC;YACH,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,2DAA2D;YAC3D,MAAM,CAAC,IAAI,CAAC,gGAAgG,CAAC,CAAC;YAC9G,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,YAAY;gBAClB,MAAM,EAAE,qBAAqB;gBAC7B,MAAM,EAAE,QAAQ;gBAChB,KAAK,EAAE,6FAA6F;aACrG,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,IAAI,gBAAgB,EAAE,CAAC;QACrB,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,mBAAmB,CAAC,QAAQ,EAAE,SAAS,EAAE;YACxE,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrB,gBAAgB,GAAG,MAAM,CAAC;IAC5B,CAAC;IAED,oBAAoB;IACpB,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,eAAe,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE;YACpD,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC;IACnC,CAAC;IAED,cAAc;IACd,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;IACxE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC;IAEnE,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;QACjB,MAAM,CAAC,OAAO,CAAC,uBAAuB,UAAU,uBAAuB,CAAC,CAAC;IAC3E,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,uBAAuB,UAAU,gBAAgB,MAAM,SAAS,CAAC,CAAC;IAChF,CAAC;IAED,OAAO;QACL,OAAO;QACP,UAAU,EAAE,gBAAgB;KAC7B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,UAA2B,EAAE;IAC3D,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAsB,EAAE,CAAC;IAEtC,MAAM,iBAAiB,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC;IAC3D,MAAM,oBAAoB,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC;IAE7D,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAE9C,0BAA0B;IAC1B,IAAI,iBAAiB,EAAE,CAAC;QACtB,kFAAkF;QAClF,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,QAAQ,EAAE;YAChD,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,oBAAoB;YAC1C,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACvB,CAAC;IAED,qBAAqB;IACrB,IAAI,oBAAoB,EAAE,CAAC;QACzB,MAAM,eAAe,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE;YACrD,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC;AAoBD,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAE/B,MAAM,CAAC,WAAW,EAAE,cAAc,EAAE,WAAW,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACnE,aAAa,CAAC,QAAQ,EAAE,oBAAoB,CAAC;QAC7C,gBAAgB,CAAC,QAAQ,CAAC;QAC1B,eAAe,CAAC,QAAQ,CAAC;KAC1B,CAAC,CAAC;IAEH,yCAAyC;IACzC,IAAI,aAAmC,CAAC;IACxC,IAAI,cAAc,EAAE,CAAC;QACnB,aAAa,GAAG,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;IACjD,CAAC;IAED,2BAA2B;IAC3B,MAAM,iBAAiB,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC9C,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,aAAa,EAAE,CAAC,CAAC,SAAS,CAAC,MAAM;QACjC,KAAK,EAAE,CAAC,CAAC,SAAS,EAAE,KAAK;QACzB,QAAQ,EAAE,CAAC,CAAC,SAAS,EAAE,QAAQ;KAChC,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,WAAW;QACX,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS;QAC3D,cAAc;QACd,aAAa;QACb,gBAAgB,EAAE,WAAW,CAAC,MAAM;QACpC,iBAAiB,EAAE,iBAAiB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS;KAChF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAAC,QAAkB;IAC9C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;IACtD,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;IAEvC,kBAAkB;IAClB,KAAK,MAAM,QAAQ,IAAI,QAAQ,CAAC,eAAe,EAAE,EAAE,CAAC;QAClD,IAAI,MAAM,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,KAAK,MAAM,QAAQ,IAAI,QAAQ,CAAC,eAAe,EAAE,EAAE,CAAC;QAClD,IAAI,MAAM,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,8BAA8B;IAC9B,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACnD,IAAI,KAAK,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,6BAA6B;IAC/B,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB;;OAEG;IACH,KAAK,CAAC,IAAI;QACR,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;QAC/B,OAAO,eAAe,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CACX,EAAU;QAEV,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;QAC/B,OAAO,kBAAkB,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,EAAU;QACrB,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;QAC/B,OAAO,iBAAiB,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACzC,CAAC;CACF,CAAC"}

package/dist/isolator/lockdown.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Lockdown functionality to prevent OpenClaw reinstallation.
+ */
+import type { IsolationAction } from '../types/isolation.js';
+import type { Platform } from '../platform/index.js';
+export interface LockdownOptions {
+    dryRun?: boolean;
+}
+/**
+ * Apply lockdown to prevent OpenClaw reinstallation.
+ * Creates blocking files/directories in known installation paths.
+ */
+export declare function applyLockdown(platform: Platform, options?: LockdownOptions): Promise<IsolationAction[]>;
+/**
+ * Remove lockdown protections.
+ */
+export declare function removeLockdown(platform: Platform, options?: LockdownOptions): Promise<IsolationAction[]>;
+/**
+ * Check if lockdown is currently active.
+ */
+export declare function isLockdownActive(platform: Platform): Promise<boolean>;
+//# sourceMappingURL=lockdown.d.ts.map

package/dist/isolator/lockdown.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lockdown.d.ts","sourceRoot":"","sources":["../../src/isolator/lockdown.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAKrD,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAYD;;;GAGG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,QAAQ,EAClB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,eAAe,EAAE,CAAC,CAiC5B;AAgQD;;GAEG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,QAAQ,EAClB,OAAO,GAAE,eAAoB,GAC5B,OAAO,CAAC,eAAe,EAAE,CAAC,CA6D5B;AAgED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAU3E"}

package/dist/isolator/lockdown.js

@@ -0,0 +1,401 @@
+/**
+ * Lockdown functionality to prevent OpenClaw reinstallation.
+ */
+import * as path from 'node:path';
+import { writeFile } from 'node:fs/promises';
+import { exec } from '../utils/exec.js';
+import { pathExists, ensureDir, safeRemove } from '../utils/fs.js';
+import { logger } from '../utils/logger.js';
+/**
+ * Marker file content indicating a lockdown is in place.
+ */
+const LOCKDOWN_MARKER_CONTENT = `# Nox OpenClaw Lockdown
+# This directory is protected by Nox Security
+# OpenClaw installation has been blocked on this device
+# Contact your IT administrator for more information
+# Generated: ${new Date().toISOString()}
+`;
+/**
+ * Apply lockdown to prevent OpenClaw reinstallation.
+ * Creates blocking files/directories in known installation paths.
+ */
+export async function applyLockdown(platform, options = {}) {
+    const actions = [];
+    if (options.dryRun) {
+        logger.info('[dry-run] Would apply lockdown to prevent reinstallation');
+        actions.push({
+            type: 'lockdown',
+            target: 'cli-paths',
+            status: 'success',
+        });
+        actions.push({
+            type: 'lockdown',
+            target: 'config-paths',
+            status: 'success',
+        });
+        return actions;
+    }
+    // Lock CLI paths
+    actions.push(await lockCliPaths(platform));
+    // Lock config/state directory paths
+    actions.push(await lockConfigPaths(platform));
+    // Lock app bundle path (macOS)
+    if (platform.name === 'darwin') {
+        actions.push(await lockAppPath(platform));
+    }
+    // Add system-level protections
+    actions.push(await addSystemProtections(platform));
+    return actions;
+}
+/**
+ * Create blocking entries at CLI binary locations.
+ * Creates immutable files that prevent installation.
+ */
+async function lockCliPaths(platform) {
+    const action = {
+        type: 'lockdown',
+        target: 'cli-paths',
+        status: 'pending',
+    };
+    const locations = platform.getCliLocations();
+    const errors = [];
+    for (const location of locations) {
+        try {
+            // Create parent directory if needed
+            const dir = path.dirname(location);
+            if (!(await pathExists(dir))) {
+                continue; // Skip if parent doesn't exist (e.g., homebrew not installed)
+            }
+            // Remove existing file if present
+            if (await pathExists(location)) {
+                await safeRemove(location);
+            }
+            // Create a blocking directory (harder to overwrite than a file)
+            await ensureDir(location);
+            await writeFile(path.join(location, '.nox-lockdown'), LOCKDOWN_MARKER_CONTENT, 'utf8');
+            // Make directory immutable (platform-specific)
+            await makeImmutable(platform, location);
+            logger.success(`Locked CLI path: ${location}`);
+        }
+        catch (err) {
+            errors.push(`${location}: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+    if (errors.length === 0) {
+        action.status = 'success';
+    }
+    else if (errors.length < locations.length) {
+        action.status = 'success'; // Partial success
+        action.error = errors.join('; ');
+    }
+    else {
+        action.status = 'failed';
+        action.error = errors.join('; ');
+    }
+    return action;
+}
+/**
+ * Create blocking entries at config directory locations.
+ */
+async function lockConfigPaths(platform) {
+    const action = {
+        type: 'lockdown',
+        target: 'config-paths',
+        status: 'pending',
+    };
+    try {
+        const users = await platform.getAllUsers();
+        const errors = [];
+        for (const user of users) {
+            const statePath = platform.getStateDirPath(user);
+            try {
+                // Remove existing directory if present
+                if (await pathExists(statePath)) {
+                    await safeRemove(statePath);
+                }
+                // Create blocking directory
+                await ensureDir(statePath);
+                await writeFile(path.join(statePath, '.nox-lockdown'), LOCKDOWN_MARKER_CONTENT, 'utf8');
+                // Make directory immutable
+                await makeImmutable(platform, statePath);
+                logger.success(`Locked config path for user ${user}: ${statePath}`);
+            }
+            catch (err) {
+                errors.push(`${statePath}: ${err instanceof Error ? err.message : String(err)}`);
+            }
+        }
+        if (errors.length === 0) {
+            action.status = 'success';
+        }
+        else {
+            action.status = 'failed';
+            action.error = errors.join('; ');
+        }
+    }
+    catch (err) {
+        action.status = 'failed';
+        action.error = err instanceof Error ? err.message : String(err);
+    }
+    return action;
+}
+/**
+ * Create blocking entry at app bundle location (macOS only).
+ */
+async function lockAppPath(platform) {
+    const action = {
+        type: 'lockdown',
+        target: 'app-path',
+        status: 'pending',
+    };
+    const locations = platform.getAppLocations();
+    const errors = [];
+    for (const location of locations) {
+        try {
+            // Remove existing app if present
+            if (await pathExists(location)) {
+                await safeRemove(location);
+            }
+            // Create blocking directory
+            await ensureDir(location);
+            await writeFile(path.join(location, '.nox-lockdown'), LOCKDOWN_MARKER_CONTENT, 'utf8');
+            // Make directory immutable
+            await makeImmutable(platform, location);
+            logger.success(`Locked app path: ${location}`);
+        }
+        catch (err) {
+            errors.push(`${location}: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+    if (errors.length === 0) {
+        action.status = 'success';
+    }
+    else {
+        action.status = 'failed';
+        action.error = errors.join('; ');
+    }
+    return action;
+}
+/**
+ * Add system-level protections.
+ * - Block OpenClaw domains in hosts file
+ * - Add firewall rules
+ */
+async function addSystemProtections(platform) {
+    const action = {
+        type: 'lockdown',
+        target: 'system-protections',
+        status: 'pending',
+    };
+    const errors = [];
+    // Block known OpenClaw domains via hosts file
+    try {
+        await blockDomainsInHosts(platform);
+        logger.success('Added domain blocks to hosts file');
+    }
+    catch (err) {
+        errors.push(`hosts: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    if (errors.length === 0) {
+        action.status = 'success';
+    }
+    else {
+        action.status = 'failed';
+        action.error = errors.join('; ');
+    }
+    return action;
+}
+/**
+ * Make a file or directory immutable (platform-specific).
+ */
+async function makeImmutable(platform, filePath) {
+    try {
+        if (platform.name === 'darwin') {
+            // Use chflags on macOS
+            await exec(`sudo chflags schg "${filePath}" 2>/dev/null || true`);
+            await exec(`sudo chflags uchg "${filePath}" 2>/dev/null || true`);
+        }
+        else if (platform.name === 'linux') {
+            // Use chattr on Linux
+            await exec(`sudo chattr +i "${filePath}" 2>/dev/null || true`);
+        }
+        else if (platform.name === 'windows') {
+            // Use attrib on Windows
+            await exec(`attrib +R +S +H "${filePath}" 2>nul || echo.`);
+        }
+    }
+    catch {
+        // Immutability is best-effort; continue if it fails
+        logger.warn(`Could not make ${filePath} immutable (requires elevated permissions)`);
+    }
+}
+/**
+ * Block OpenClaw-related domains in the hosts file.
+ */
+async function blockDomainsInHosts(platform) {
+    const domains = [
+        'api.openclaw.ai',
+        'gateway.openclaw.ai',
+        'download.openclaw.ai',
+        'update.openclaw.ai',
+        'molt.bot',
+        'api.molt.bot',
+        'gateway.molt.bot',
+    ];
+    const marker = '# Nox OpenClaw Lockdown';
+    const blockEntries = domains.map((d) => `0.0.0.0 ${d}`).join('\n');
+    const content = `\n${marker} - START\n${blockEntries}\n${marker} - END\n`;
+    const hostsPath = platform.name === 'windows' ? 'C:\\Windows\\System32\\drivers\\etc\\hosts' : '/etc/hosts';
+    try {
+        const { readFile: readF, appendFile } = await import('node:fs/promises');
+        const existing = await readF(hostsPath, 'utf8');
+        // Check if already blocked
+        if (existing.includes(marker)) {
+            logger.info('Domain blocks already present in hosts file');
+            return;
+        }
+        // Append blocks (requires sudo on Unix, admin on Windows)
+        if (platform.name === 'windows') {
+            await appendFile(hostsPath, content, 'utf8');
+        }
+        else {
+            // Use sudo on Unix
+            await exec(`echo '${content}' | sudo tee -a "${hostsPath}" > /dev/null`);
+        }
+    }
+    catch (err) {
+        throw new Error(`Failed to modify hosts file: ${err instanceof Error ? err.message : String(err)}`);
+    }
+}
+/**
+ * Remove lockdown protections.
+ */
+export async function removeLockdown(platform, options = {}) {
+    const actions = [];
+    if (options.dryRun) {
+        logger.info('[dry-run] Would remove lockdown protections');
+        actions.push({
+            type: 'lockdown',
+            target: 'all',
+            status: 'success',
+        });
+        return actions;
+    }
+    // Remove immutability and blocking directories
+    const allPaths = [
+        ...platform.getCliLocations(),
+        ...platform.getAppLocations(),
+    ];
+    // Add user config paths
+    try {
+        const users = await platform.getAllUsers();
+        for (const user of users) {
+            allPaths.push(platform.getStateDirPath(user));
+        }
+    }
+    catch {
+        // Continue with available paths
+    }
+    for (const p of allPaths) {
+        if (await pathExists(p)) {
+            try {
+                // Remove immutability first
+                await removeImmutable(platform, p);
+                // Check if it's a lockdown directory
+                const lockdownMarker = path.join(p, '.nox-lockdown');
+                if (await pathExists(lockdownMarker)) {
+                    await safeRemove(p);
+                    logger.success(`Removed lockdown at: ${p}`);
+                }
+            }
+            catch (err) {
+                logger.warn(`Could not remove lockdown at ${p}: ${err instanceof Error ? err.message : String(err)}`);
+            }
+        }
+    }
+    // Remove hosts file entries
+    try {
+        await removeHostsBlocks(platform);
+        logger.success('Removed domain blocks from hosts file');
+    }
+    catch (err) {
+        logger.warn(`Could not remove hosts blocks: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    actions.push({
+        type: 'lockdown',
+        target: 'all',
+        status: 'success',
+    });
+    return actions;
+}
+/**
+ * Remove immutability from a file or directory.
+ */
+async function removeImmutable(platform, filePath) {
+    try {
+        if (platform.name === 'darwin') {
+            await exec(`sudo chflags noschg "${filePath}" 2>/dev/null || true`);
+            await exec(`sudo chflags nouchg "${filePath}" 2>/dev/null || true`);
+        }
+        else if (platform.name === 'linux') {
+            await exec(`sudo chattr -i "${filePath}" 2>/dev/null || true`);
+        }
+        else if (platform.name === 'windows') {
+            await exec(`attrib -R -S -H "${filePath}" 2>nul || echo.`);
+        }
+    }
+    catch {
+        // Continue even if removal fails
+    }
+}
+/**
+ * Remove OpenClaw domain blocks from hosts file.
+ */
+async function removeHostsBlocks(platform) {
+    const marker = '# Nox OpenClaw Lockdown';
+    const hostsPath = platform.name === 'windows' ? 'C:\\Windows\\System32\\drivers\\etc\\hosts' : '/etc/hosts';
+    try {
+        const { readFile: readF, writeFile: writeF } = await import('node:fs/promises');
+        const content = await readF(hostsPath, 'utf8');
+        if (!content.includes(marker)) {
+            return; // Nothing to remove
+        }
+        // Remove the lockdown block
+        const startMarker = `${marker} - START`;
+        const endMarker = `${marker} - END`;
+        const startIdx = content.indexOf(startMarker);
+        const endIdx = content.indexOf(endMarker);
+        if (startIdx === -1 || endIdx === -1) {
+            return;
+        }
+        const newContent = content.substring(0, startIdx) +
+            content.substring(endIdx + endMarker.length);
+        if (platform.name === 'windows') {
+            await writeF(hostsPath, newContent, 'utf8');
+        }
+        else {
+            // Use temp file + sudo on Unix
+            const tempFile = '/tmp/nox-hosts-clean';
+            await writeF(tempFile, newContent, 'utf8');
+            await exec(`sudo cp "${tempFile}" "${hostsPath}"`);
+            await safeRemove(tempFile);
+        }
+    }
+    catch (err) {
+        throw new Error(`Failed to modify hosts file: ${err instanceof Error ? err.message : String(err)}`);
+    }
+}
+/**
+ * Check if lockdown is currently active.
+ */
+export async function isLockdownActive(platform) {
+    // Check if any lockdown markers exist
+    const locations = platform.getCliLocations();
+    for (const location of locations) {
+        const markerPath = path.join(location, '.nox-lockdown');
+        if (await pathExists(markerPath)) {
+            return true;
+        }
+    }
+    return false;
+}
+//# sourceMappingURL=lockdown.js.map

package/dist/isolator/lockdown.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lockdown.js","sourceRoot":"","sources":["../../src/isolator/lockdown.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,SAAS,EAAgB,MAAM,kBAAkB,CAAC;AAG3D,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACxC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAM5C;;GAEG;AACH,MAAM,uBAAuB,GAAG;;;;eAIjB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;CACtC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAkB,EAClB,UAA2B,EAAE;IAE7B,MAAM,OAAO,GAAsB,EAAE,CAAC;IAEtC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,WAAW;YACnB,MAAM,EAAE,SAAS;SAClB,CAAC,CAAC;QACH,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,cAAc;YACtB,MAAM,EAAE,SAAS;SAClB,CAAC,CAAC;QACH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,iBAAiB;IACjB,OAAO,CAAC,IAAI,CAAC,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE3C,oCAAoC;IACpC,OAAO,CAAC,IAAI,CAAC,MAAM,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE9C,+BAA+B;IAC/B,IAAI,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,+BAA+B;IAC/B,OAAO,CAAC,IAAI,CAAC,MAAM,oBAAoB,CAAC,QAAQ,CAAC,CAAC,CAAC;IAEnD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,YAAY,CAAC,QAAkB;IAC5C,MAAM,MAAM,GAAoB;QAC9B,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,WAAW;QACnB,MAAM,EAAE,SAAS;KAClB,CAAC;IAEF,MAAM,SAAS,GAAG,QAAQ,CAAC,eAAe,EAAE,CAAC;IAC7C,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,oCAAoC;YACpC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,CAAC,CAAC,MAAM,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC7B,SAAS,CAAC,8DAA8D;YAC1E,CAAC;YAED,kCAAkC;YAClC,IAAI,MAAM,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC/B,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;YAC7B,CAAC;YAED,gEAAgE;YAChE,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;YAC1B,MAAM,SAAS,CACb,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EACpC,uBAAuB,EACvB,MAAM,CACP,CAAC;YAEF,+CAA+C;YAC/C,MAAM,aAAa,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAExC,MAAM,CAAC,OAAO,CAAC,oBAAoB,QAAQ,EAAE,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClF,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC;IAC5B,CAAC;SAAM,IAAI,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC;QAC5C,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC,kBAAkB;QAC7C,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;QACzB,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAAC,QAAkB;IAC/C,MAAM,MAAM,GAAoB;QAC9B,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,cAAc;QACtB,MAAM,EAAE,SAAS;KAClB,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC3C,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,SAAS,GAAG,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YACjD,IAAI,CAAC;gBACH,uCAAuC;gBACvC,IAAI,MAAM,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;oBAChC,MAAM,UAAU,CAAC,SAAS,CAAC,CAAC;gBAC9B,CAAC;gBAED,4BAA4B;gBAC5B,MAAM,SAAS,CAAC,SAAS,CAAC,CAAC;gBAC3B,MAAM,SAAS,CACb,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EACrC,uBAAuB,EACvB,MAAM,CACP,CAAC;gBAEF,2BAA2B;gBAC3B,MAAM,aAAa,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;gBAEzC,MAAM,CAAC,OAAO,CAAC,+BAA+B,IAAI,KAAK,SAAS,EAAE,CAAC,CAAC;YACtE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,IAAI,CAAC,GAAG,SAAS,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACnF,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;YACzB,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;QACzB,MAAM,CAAC,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAClE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,WAAW,CAAC,QAAkB;IAC3C,MAAM,MAAM,GAAoB;QAC9B,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,UAAU;QAClB,MAAM,EAAE,SAAS;KAClB,CAAC;IAEF,MAAM,SAAS,GAAG,QAAQ,CAAC,eAAe,EAAE,CAAC;IAC7C,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,iCAAiC;YACjC,IAAI,MAAM,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC/B,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;YAC7B,CAAC;YAED,4BAA4B;YAC5B,MAAM,SAAS,CAAC,QAAQ,CAAC,CAAC;YAC1B,MAAM,SAAS,CACb,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,EACpC,uBAAuB,EACvB,MAAM,CACP,CAAC;YAEF,2BAA2B;YAC3B,MAAM,aAAa,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YAExC,MAAM,CAAC,OAAO,CAAC,oBAAoB,QAAQ,EAAE,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClF,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC;IAC5B,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;QACzB,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,oBAAoB,CAAC,QAAkB;IACpD,MAAM,MAAM,GAAoB;QAC9B,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,oBAAoB;QAC5B,MAAM,EAAE,SAAS;KAClB,CAAC;IAEF,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,8CAA8C;IAC9C,IAAI,CAAC;QACH,MAAM,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QACpC,MAAM,CAAC,OAAO,CAAC,mCAAmC,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC;IAC5B,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;QACzB,MAAM,CAAC,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAAC,QAAkB,EAAE,QAAgB;IAC/D,IAAI,CAAC;QACH,IAAI,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC/B,uBAAuB;YACvB,MAAM,IAAI,CAAC,sBAAsB,QAAQ,uBAAuB,CAAC,CAAC;YAClE,MAAM,IAAI,CAAC,sBAAsB,QAAQ,uBAAuB,CAAC,CAAC;QACpE,CAAC;aAAM,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YACrC,sBAAsB;YACtB,MAAM,IAAI,CAAC,mBAAmB,QAAQ,uBAAuB,CAAC,CAAC;QACjE,CAAC;aAAM,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACvC,wBAAwB;YACxB,MAAM,IAAI,CAAC,oBAAoB,QAAQ,kBAAkB,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oDAAoD;QACpD,MAAM,CAAC,IAAI,CAAC,kBAAkB,QAAQ,4CAA4C,CAAC,CAAC;IACtF,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB,CAAC,QAAkB;IACnD,MAAM,OAAO,GAAG;QACd,iBAAiB;QACjB,qBAAqB;QACrB,sBAAsB;QACtB,oBAAoB;QACpB,UAAU;QACV,cAAc;QACd,kBAAkB;KACnB,CAAC;IAEF,MAAM,MAAM,GAAG,yBAAyB,CAAC;IACzC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACnE,MAAM,OAAO,GAAG,KAAK,MAAM,aAAa,YAAY,KAAK,MAAM,UAAU,CAAC;IAE1E,MAAM,SAAS,GACb,QAAQ,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,4CAA4C,CAAC,CAAC,CAAC,YAAY,CAAC;IAE5F,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACzE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAEhD,2BAA2B;QAC3B,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;YAC3D,OAAO;QACT,CAAC;QAED,0DAA0D;QAC1D,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChC,MAAM,UAAU,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,mBAAmB;YACnB,MAAM,IAAI,CAAC,SAAS,OAAO,oBAAoB,SAAS,eAAe,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACtG,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAkB,EAClB,UAA2B,EAAE;IAE7B,MAAM,OAAO,GAAsB,EAAE,CAAC;IAEtC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC;QAC3D,OAAO,CAAC,IAAI,CAAC;YACX,IAAI,EAAE,UAAU;YAChB,MAAM,EAAE,KAAK;YACb,MAAM,EAAE,SAAS;SAClB,CAAC,CAAC;QACH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,+CAA+C;IAC/C,MAAM,QAAQ,GAAa;QACzB,GAAG,QAAQ,CAAC,eAAe,EAAE;QAC7B,GAAG,QAAQ,CAAC,eAAe,EAAE;KAC9B,CAAC;IAEF,wBAAwB;IACxB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC3C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gCAAgC;IAClC,CAAC;IAED,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,MAAM,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC;gBACH,4BAA4B;gBAC5B,MAAM,eAAe,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;gBACnC,qCAAqC;gBACrC,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;gBACrD,IAAI,MAAM,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;oBACrC,MAAM,UAAU,CAAC,CAAC,CAAC,CAAC;oBACpB,MAAM,CAAC,OAAO,CAAC,wBAAwB,CAAC,EAAE,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,CAAC,IAAI,CAAC,gCAAgC,CAAC,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACxG,CAAC;QACH,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,IAAI,CAAC;QACH,MAAM,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,CAAC,OAAO,CAAC,uCAAuC,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,kCAAkC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACpG,CAAC;IAED,OAAO,CAAC,IAAI,CAAC;QACX,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,KAAK;QACb,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IAEH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAAC,QAAkB,EAAE,QAAgB;IACjE,IAAI,CAAC;QACH,IAAI,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC/B,MAAM,IAAI,CAAC,wBAAwB,QAAQ,uBAAuB,CAAC,CAAC;YACpE,MAAM,IAAI,CAAC,wBAAwB,QAAQ,uBAAuB,CAAC,CAAC;QACtE,CAAC;aAAM,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YACrC,MAAM,IAAI,CAAC,mBAAmB,QAAQ,uBAAuB,CAAC,CAAC;QACjE,CAAC;aAAM,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACvC,MAAM,IAAI,CAAC,oBAAoB,QAAQ,kBAAkB,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iCAAiC;IACnC,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB,CAAC,QAAkB;IACjD,MAAM,MAAM,GAAG,yBAAyB,CAAC;IACzC,MAAM,SAAS,GACb,QAAQ,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,4CAA4C,CAAC,CAAC,CAAC,YAAY,CAAC;IAE5F,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAChF,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAE/C,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,oBAAoB;QAC9B,CAAC;QAED,4BAA4B;QAC5B,MAAM,WAAW,GAAG,GAAG,MAAM,UAAU,CAAC;QACxC,MAAM,SAAS,GAAG,GAAG,MAAM,QAAQ,CAAC;QACpC,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAC9C,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAE1C,IAAI,QAAQ,KAAK,CAAC,CAAC,IAAI,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;YACrC,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GACd,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC;YAC9B,OAAO,CAAC,SAAS,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QAE/C,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAChC,MAAM,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,+BAA+B;YAC/B,MAAM,QAAQ,GAAG,sBAAsB,CAAC;YACxC,MAAM,MAAM,CAAC,QAAQ,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;YAC3C,MAAM,IAAI,CAAC,YAAY,QAAQ,MAAM,SAAS,GAAG,CAAC,CAAC;YACnD,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACtG,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,QAAkB;IACvD,sCAAsC;IACtC,MAAM,SAAS,GAAG,QAAQ,CAAC,eAAe,EAAE,CAAC;IAC7C,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QACxD,IAAI,MAAM,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/isolator/quarantine.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Quarantine management for OpenClaw artifacts.
+ * Moves files to a secure quarantine directory with manifest tracking.
+ */
+import type { DetectionResult } from '../types/detection.js';
+import type { IsolationAction, QuarantineManifest, QuarantineResult } from '../types/isolation.js';
+import type { Platform } from '../platform/index.js';
+export interface QuarantineOptions {
+    dryRun?: boolean;
+}
+/**
+ * Quarantine all detected OpenClaw artifacts.
+ * Moves files to a secure location and creates a manifest for potential restoration.
+ */
+export declare function quarantineArtifacts(platform: Platform, detection: DetectionResult, options?: QuarantineOptions): Promise<{
+    action: IsolationAction;
+    result?: QuarantineResult;
+}>;
+/**
+ * List all quarantined items.
+ */
+export declare function listQuarantined(platform: Platform): Promise<QuarantineManifest[]>;
+/**
+ * Restore quarantined artifacts to their original locations.
+ * If the destination already exists, it will be removed first.
+ */
+export declare function restoreQuarantined(platform: Platform, quarantineId: string): Promise<{
+    success: boolean;
+    restored: number;
+    errors: string[];
+}>;
+/**
+ * Permanently delete quarantined artifacts.
+ */
+export declare function deleteQuarantined(platform: Platform, quarantineId: string): Promise<{
+    success: boolean;
+    error?: string;
+}>;
+//# sourceMappingURL=quarantine.d.ts.map

package/dist/isolator/quarantine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"quarantine.d.ts","sourceRoot":"","sources":["../../src/isolator/quarantine.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,KAAK,EACV,eAAe,EAEf,kBAAkB,EAClB,gBAAgB,EACjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAIrD,MAAM,WAAW,iBAAiB;IAChC,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAcD;;;GAGG;AACH,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,QAAQ,EAClB,SAAS,EAAE,eAAe,EAC1B,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC;IAAE,MAAM,EAAE,eAAe,CAAC;IAAC,MAAM,CAAC,EAAE,gBAAgB,CAAA;CAAE,CAAC,CAgJjE;AAgED;;GAEG;AACH,wBAAsB,eAAe,CACnC,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,kBAAkB,EAAE,CAAC,CA8B/B;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,QAAQ,EAClB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CAyGnE;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,QAAQ,EAClB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA6B/C"}