openclaw-guardian 0.3.0 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +167 -52
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -0
- package/dist/index.js.map +1 -1
- package/dist/src/audit-log.d.ts +1 -0
- package/dist/src/audit-log.d.ts.map +1 -1
- package/dist/src/audit-log.js +15 -0
- package/dist/src/audit-log.js.map +1 -1
- package/dist/src/blacklist.d.ts.map +1 -1
- package/dist/src/blacklist.js +31 -2
- package/dist/src/blacklist.js.map +1 -1
- package/dist/src/proxy-server.d.ts +3 -0
- package/dist/src/proxy-server.d.ts.map +1 -0
- package/dist/src/proxy-server.js +98 -0
- package/dist/src/proxy-server.js.map +1 -0
- package/dist/src/sensitive-scan.d.ts +8 -0
- package/dist/src/sensitive-scan.d.ts.map +1 -0
- package/dist/src/sensitive-scan.js +29 -0
- package/dist/src/sensitive-scan.js.map +1 -0
- package/dist/src/start.d.ts +2 -0
- package/dist/src/start.d.ts.map +1 -0
- package/dist/src/start.js +5 -0
- package/dist/src/start.js.map +1 -0
- package/package.json +11 -3
package/README.md
CHANGED
|
@@ -10,29 +10,49 @@ The community has been vocal: *"security nightmare"*, *"what if the AI deletes m
|
|
|
10
10
|
|
|
11
11
|
**openclaw-guardian** fills that gap. It sits between the AI's decision and the actual execution, using a two-tier blacklist to catch dangerous operations and LLM-based intent verification to confirm the user actually asked for them. Think of it as a security checkpoint that only stops you when you're carrying something dangerous — and even then, it just checks your ID before letting you through.
|
|
12
12
|
|
|
13
|
+
> [!WARNING]
|
|
14
|
+
> **本插件强制启用入口防护,所有客户端必须连接 `ws://localhost:18790?token=xxx`,否则无法使用 OpenClaw!**
|
|
15
|
+
>
|
|
16
|
+
> 基于最新的安全考量(如防范网页/JS 恶意连接),现在必须通过带有 token 校验的代理网关访问。
|
|
17
|
+
|
|
13
18
|
The key insight: **99% of what an AI agent does is harmless** (reading files, fetching URLs, writing notes). Only ~1% is potentially dangerous (deleting files, running destructive commands, accessing secrets). Guardian only intervenes on that 1%, so you get safety without sacrificing speed.
|
|
14
19
|
|
|
15
20
|
## How It Works
|
|
16
21
|
|
|
17
22
|
```
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
23
|
+
┌──────────────────────────────────┐
|
|
24
|
+
Client (Browser, │ Layer 1: Entry Protection │
|
|
25
|
+
Telegram, Slack, etc.) │ Guardian Proxy :18790 │
|
|
26
|
+
│ │ ✓ Token 校验 (?token=xxx) │
|
|
27
|
+
│ │ ✓ Origin 校验 (localhost only) │
|
|
28
|
+
│ │ ✓ Every attempt → audit log │
|
|
29
|
+
▼ └────────────┬─────────────────────┘
|
|
30
|
+
ws://localhost:18790 │ token OK
|
|
31
|
+
?token=xxx ▼
|
|
32
|
+
┌──────────────────────────────────┐
|
|
33
|
+
│ OpenClaw Gateway :18789 │
|
|
34
|
+
│ (bind loopback, 不直接暴露) │
|
|
35
|
+
└────────────┬─────────────────────┘
|
|
36
|
+
│ tool call
|
|
37
|
+
▼
|
|
38
|
+
┌──────────────────────────────────┐
|
|
39
|
+
│ Layer 2: Execution Protection │
|
|
40
|
+
│ ✓ Blacklist regex (0ms) │
|
|
41
|
+
│ ✓ Sensitive data scan │
|
|
42
|
+
│ ✓ LLM intent verification │
|
|
43
|
+
└────────────┬─────────────────────┘
|
|
44
|
+
│
|
|
45
|
+
┌────────────────┼────────────────┐
|
|
46
|
+
↓ ↓ ↓
|
|
47
|
+
No match warning critical
|
|
48
|
+
(pass) (1 LLM vote) (3 LLM votes)
|
|
49
|
+
↓ ↓ ↓
|
|
50
|
+
Execute 1 vote check 3 parallel votes
|
|
51
|
+
0ms ~1-2s ~2-4s
|
|
52
|
+
↓ ↓
|
|
53
|
+
confirmed? → ALL 3 confirmed?
|
|
54
|
+
yes: execute yes: execute
|
|
55
|
+
no: block no: block
|
|
36
56
|
```
|
|
37
57
|
|
|
38
58
|
### Two-Tier Blacklist
|
|
@@ -108,31 +128,34 @@ Guardian doesn't just inspect `exec`, `write`, and `edit` — it also scans tool
|
|
|
108
128
|
|
|
109
129
|
Everyday operations like `send`, `get`, `web_fetch`, `cron`, `snapshot`, etc. are completely unaffected — they never match any blacklist pattern.
|
|
110
130
|
|
|
111
|
-
###
|
|
131
|
+
### Triple Protection Protocol (三重防护)
|
|
132
|
+
|
|
133
|
+
Guardian provides **three layers** of protection that work together:
|
|
112
134
|
|
|
113
|
-
Guardian
|
|
135
|
+
**Layer 1 — Entry Protection (入口防护):** All clients must connect through the Guardian Proxy (port 18790) with a valid token. Malicious scripts, rogue webpages, or external attackers **cannot** directly reach the OpenClaw gateway on port 18789. This blocks the entire class of "ClawJacked" attacks where external JS silently connects to `ws://localhost:18789`.
|
|
114
136
|
|
|
115
|
-
**Layer
|
|
137
|
+
**Layer 2 — Execution Protection (执行防护):** Regex blacklist + sensitive data scanning + LLM intent verification. Every tool call is checked before execution. Dangerous operations are blocked and logged.
|
|
116
138
|
|
|
117
|
-
**Layer
|
|
139
|
+
**Layer 3 — Agent Self-Discipline (Agent 自律):** When an agent receives a Guardian block notification, it **must immediately stop**, report the blocked command and reason to the human user, and **wait for explicit confirmation** before proceeding.
|
|
118
140
|
|
|
119
141
|
**The protection chain:**
|
|
120
142
|
|
|
121
143
|
```
|
|
122
|
-
|
|
144
|
+
Client → Token 校验 (Layer 1) → Gateway → Tool call → Regex + Scan (Layer 2) → LLM 投票 → Agent 停下 (Layer 3) → 人类确认
|
|
123
145
|
```
|
|
124
146
|
|
|
125
|
-
|
|
147
|
+
**Why forced entry protection?** Without it, any webpage you visit could silently open `ws://localhost:18789` and send commands to your AI agent. The proxy acts as a door guard — no token, no entry. It's like putting a lock on your front door instead of just hoping nobody walks in.
|
|
126
148
|
|
|
127
149
|
#### Recommended AGENTS.md Rule
|
|
128
150
|
|
|
129
|
-
To activate Layer
|
|
151
|
+
To activate Layer 3, add this rule to your `AGENTS.md` (or equivalent agent instructions file):
|
|
130
152
|
|
|
131
153
|
```markdown
|
|
132
|
-
### Guardian
|
|
133
|
-
1.
|
|
134
|
-
2.
|
|
135
|
-
3.
|
|
154
|
+
### Guardian 三重防护协议(硬规则)
|
|
155
|
+
1. **第一层(入口防护)**:所有连接必须通过 Guardian Proxy (18790) + token 校验,恶意 JS/外部攻击者无法直连 gateway
|
|
156
|
+
2. **第二层(执行防护)**:regex 初筛 + 敏感数据扫描 + LLM 意图确认,自动拦截危险操作
|
|
157
|
+
3. **第三层(Agent 自律)**:当 Guardian 拦截命令时,agent 收到拦截通知后**必须立刻停下**,向用户报告被拦截的命令和原因,等待确认后才能继续。禁止自行绕过、重试或换方式执行被拦截的操作。
|
|
158
|
+
4. **防护链**:token 校验 → regex 初筛 → 敏感数据扫描 → LLM 投票 → Guardian 拦截 → agent 停下 → 人类确认 → 继续/放弃
|
|
136
159
|
```
|
|
137
160
|
|
|
138
161
|
This ensures the agent treats Guardian blocks as hard stops rather than soft suggestions.
|
|
@@ -141,16 +164,18 @@ This ensures the agent treats Guardian blocks as hard stops rather than soft sug
|
|
|
141
164
|
|
|
142
165
|
Guardian's blacklist uses **zero-cost keyword rules** — no model calls for pattern matching. Regex like `rm -rf /` → critical, `sudo` → warning is instant and deterministic. LLM verification is only triggered for the ~1% of operations that actually hit the blacklist, and its only job is confirming user intent — not scoring risk.
|
|
143
166
|
|
|
144
|
-
## Quick Start
|
|
167
|
+
## Quick Start
|
|
145
168
|
|
|
146
|
-
### 1
|
|
169
|
+
### Step 1: Clone & Install
|
|
147
170
|
|
|
148
171
|
```bash
|
|
149
172
|
cd ~/.openclaw/workspace
|
|
150
173
|
git clone https://github.com/fatcatMaoFei/openclaw-guardian.git
|
|
174
|
+
cd openclaw-guardian
|
|
175
|
+
npm install
|
|
151
176
|
```
|
|
152
177
|
|
|
153
|
-
### 2
|
|
178
|
+
### Step 2: Register Plugin (执行防护)
|
|
154
179
|
|
|
155
180
|
Add to your `openclaw.json`:
|
|
156
181
|
|
|
@@ -169,27 +194,74 @@ Add to your `openclaw.json`:
|
|
|
169
194
|
}
|
|
170
195
|
```
|
|
171
196
|
|
|
172
|
-
|
|
197
|
+
Then restart the gateway:
|
|
173
198
|
|
|
174
199
|
```bash
|
|
175
200
|
openclaw gateway restart
|
|
176
201
|
```
|
|
177
202
|
|
|
178
|
-
|
|
203
|
+
> This activates **Layer 2 (Execution Protection)** — blacklist + sensitive data scan + LLM voting on every tool call.
|
|
179
204
|
|
|
180
|
-
|
|
205
|
+
### Step 3: Start Guardian Proxy (入口防护)
|
|
181
206
|
|
|
182
|
-
|
|
207
|
+
```bash
|
|
208
|
+
npm run start
|
|
209
|
+
```
|
|
183
210
|
|
|
184
|
-
|
|
211
|
+
Console output will display:
|
|
185
212
|
|
|
186
|
-
```
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
213
|
+
```
|
|
214
|
+
======================================================
|
|
215
|
+
🛡️ openclaw-guardian: Entry Protection is ONLINE 🛡️
|
|
216
|
+
======================================================
|
|
217
|
+
|
|
218
|
+
All clients MUST connect to the proxy port: ws://localhost:18790
|
|
219
|
+
Access Token: a1b2c3d4e5f6...your_32_char_token...
|
|
220
|
+
|
|
221
|
+
Example WebSocket connection:
|
|
222
|
+
wscat -c ws://localhost:18790?token=a1b2c3d4...
|
|
223
|
+
|
|
224
|
+
Example HTTP webhook:
|
|
225
|
+
http://localhost:18790/your-path?token=a1b2c3d4...
|
|
226
|
+
|
|
227
|
+
Do NOT connect directly to the gateway port 18789.
|
|
228
|
+
======================================================
|
|
229
|
+
```
|
|
230
|
+
|
|
231
|
+
> This activates **Layer 1 (Entry Protection)** — all connections must carry a valid token.
|
|
232
|
+
|
|
233
|
+
### Step 4: Update All Client Connections
|
|
234
|
+
|
|
235
|
+
**All clients must now use the Guardian proxy port `18790` and supply the token:**
|
|
236
|
+
|
|
237
|
+
| Client Type | Before | After |
|
|
238
|
+
|-------------|--------|-------|
|
|
239
|
+
| WebSocket | `ws://localhost:18789` | `ws://localhost:18790?token=YOUR_TOKEN` |
|
|
240
|
+
| HTTP webhook | `http://localhost:18789/path` | `http://localhost:18790/path?token=YOUR_TOKEN` |
|
|
241
|
+
| Telegram | webhook → `:18789/tg` | webhook → `:18790/tg?token=YOUR_TOKEN` |
|
|
242
|
+
| Slack | webhook → `:18789/slack` | webhook → `:18790/slack?token=YOUR_TOKEN` |
|
|
243
|
+
|
|
244
|
+
Alternatively, pass the token in the HTTP header:
|
|
245
|
+
```
|
|
246
|
+
Authorization: Bearer YOUR_TOKEN
|
|
247
|
+
```
|
|
248
|
+
|
|
249
|
+
> [!CAUTION]
|
|
250
|
+
> **Do NOT connect directly to port 18789.** The entire point of this plugin is that all traffic must pass through the proxy's token validation layer.
|
|
251
|
+
|
|
252
|
+
### Step 5: Verify It Works
|
|
253
|
+
|
|
254
|
+
```bash
|
|
255
|
+
# Should FAIL (no token):
|
|
256
|
+
wscat -c ws://localhost:18790
|
|
257
|
+
# → Connection rejected: 401 Unauthorized
|
|
258
|
+
|
|
259
|
+
# Should SUCCEED (with token):
|
|
260
|
+
wscat -c "ws://localhost:18790?token=YOUR_TOKEN"
|
|
261
|
+
# → Connected to OpenClaw gateway
|
|
190
262
|
```
|
|
191
263
|
|
|
192
|
-
|
|
264
|
+
## Customization
|
|
193
265
|
|
|
194
266
|
### Blacklist Rules
|
|
195
267
|
|
|
@@ -219,11 +291,23 @@ No extra configuration needed.
|
|
|
219
291
|
|
|
220
292
|
## Audit Trail
|
|
221
293
|
|
|
222
|
-
|
|
294
|
+
All events are logged to `~/.openclaw/guardian-audit.jsonl`. There are two types of log entries:
|
|
223
295
|
|
|
296
|
+
**Proxy connection log (Layer 1):**
|
|
224
297
|
```json
|
|
225
298
|
{
|
|
226
|
-
"timestamp": "2026-
|
|
299
|
+
"timestamp": "2026-03-05T09:30:00.000Z",
|
|
300
|
+
"event": "PROXY_CONNECTION",
|
|
301
|
+
"ip": "::1",
|
|
302
|
+
"status": "REJECTED",
|
|
303
|
+
"reason": "Missing token"
|
|
304
|
+
}
|
|
305
|
+
```
|
|
306
|
+
|
|
307
|
+
**Tool call interception log (Layer 2, with SHA-256 hash chain):**
|
|
308
|
+
```json
|
|
309
|
+
{
|
|
310
|
+
"timestamp": "2026-03-05T09:30:00.000Z",
|
|
227
311
|
"toolName": "exec",
|
|
228
312
|
"blacklistLevel": "critical",
|
|
229
313
|
"blacklistReason": "rm -rf on root-level system path",
|
|
@@ -235,30 +319,61 @@ Every blacklist-matched operation is logged to `~/.openclaw/guardian-audit.jsonl
|
|
|
235
319
|
}
|
|
236
320
|
```
|
|
237
321
|
|
|
238
|
-
Tamper-evident: each entry's hash includes the previous entry's hash. Break one link and the whole chain fails verification.
|
|
322
|
+
Tamper-evident: each tool call entry's hash includes the previous entry's hash. Break one link and the whole chain fails verification.
|
|
323
|
+
|
|
324
|
+
## Configuration
|
|
325
|
+
|
|
326
|
+
### Environment Variables (`.env`)
|
|
327
|
+
|
|
328
|
+
| Variable | Default | Description |
|
|
329
|
+
|----------|---------|-------------|
|
|
330
|
+
| `PROXY_PORT` | `18790` | Port for the Guardian Proxy |
|
|
331
|
+
| `GUARDIAN_TOKEN` | (auto-generated) | Token for client authentication. If not set, auto-generates a 32-char hex token and saves to `~/.openclaw/.guardian_token` |
|
|
332
|
+
|
|
333
|
+
Create a `.env` file in the project root to customize:
|
|
334
|
+
|
|
335
|
+
```env
|
|
336
|
+
PROXY_PORT=18790
|
|
337
|
+
GUARDIAN_TOKEN=your_custom_token_here
|
|
338
|
+
```
|
|
339
|
+
|
|
340
|
+
### Enable / Disable Execution Protection
|
|
341
|
+
|
|
342
|
+
Edit `default-policies.json`:
|
|
343
|
+
|
|
344
|
+
```json
|
|
345
|
+
{
|
|
346
|
+
"enabled": true
|
|
347
|
+
}
|
|
348
|
+
```
|
|
349
|
+
|
|
350
|
+
Set to `false` to disable Guardian's execution protection (blacklist + LLM) entirely without uninstalling. The proxy (entry protection) runs independently.
|
|
239
351
|
|
|
240
352
|
## Architecture
|
|
241
353
|
|
|
242
354
|
```
|
|
243
355
|
openclaw-guardian/
|
|
244
356
|
├── openclaw.plugin.json # Plugin manifest (v2.0.0)
|
|
245
|
-
├── index.ts #
|
|
357
|
+
├── index.ts # Plugin entry — before_tool_call hook + sensitive scan
|
|
246
358
|
├── src/
|
|
247
|
-
│ ├──
|
|
359
|
+
│ ├── proxy-server.ts # 🆕 Entry protection — token-gated reverse proxy (:18790 → :18789)
|
|
360
|
+
│ ├── start.ts # 🆕 Standalone entry point (npm run start)
|
|
361
|
+
│ ├── sensitive-scan.ts # 🆕 Regex scanner for API keys, tokens, passwords in tool params
|
|
362
|
+
│ ├── blacklist.ts # Two-tier keyword rules (critical/warning) + reverse shells, container escapes
|
|
248
363
|
│ ├── llm-voter.ts # LLM intent verification (single vote or 3-vote unanimous)
|
|
249
|
-
│ └── audit-log.ts # SHA-256 hash-chain audit logger
|
|
250
|
-
├── default-policies.json # Enable/disable toggle
|
|
364
|
+
│ └── audit-log.ts # SHA-256 hash-chain audit logger + proxy connection logger
|
|
365
|
+
├── default-policies.json # Enable/disable execution protection toggle
|
|
251
366
|
├── package.json
|
|
252
367
|
└── tsconfig.json
|
|
253
368
|
```
|
|
254
369
|
|
|
255
370
|
### How It Hooks Into OpenClaw
|
|
256
371
|
|
|
257
|
-
|
|
372
|
+
**Entry Protection (proxy-server.ts):** Runs as a standalone HTTP/WebSocket reverse proxy. Listens on port 18790, validates token + Origin on every connection, and forwards valid traffic to the OpenClaw gateway on port 18789.
|
|
258
373
|
|
|
259
|
-
|
|
374
|
+
**Execution Protection (index.ts):** Registers a `before_tool_call` plugin hook in OpenClaw's agent loop (`Model → tool_call → Tool Executor → result → Model`). This hook fires **after** the model decides to call a tool but **before** the tool actually executes. If Guardian returns `{ block: true }`, the tool is stopped and the model receives a rejection message.
|
|
260
375
|
|
|
261
|
-
|
|
376
|
+
The two layers are independent — the proxy runs as a separate process, while the plugin runs inside OpenClaw. Both write to the same audit log at `~/.openclaw/guardian-audit.jsonl`.
|
|
262
377
|
|
|
263
378
|
## Token Cost
|
|
264
379
|
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AA2B7D,MAAM,CAAC,OAAO,UAAU,KAAK,CAAC,GAAG,EAAE,iBAAiB,GAAG,IAAI,CA6E1D"}
|
package/dist/index.js
CHANGED
|
@@ -23,6 +23,7 @@ function canonicalizePath(raw) {
|
|
|
23
23
|
import { checkExecBlacklist, checkPathBlacklist, checkToolBlacklist } from "./src/blacklist.js";
|
|
24
24
|
import { initLlm, singleVote, multiVote } from "./src/llm-voter.js";
|
|
25
25
|
import { initAuditLog, writeAuditEntry } from "./src/audit-log.js";
|
|
26
|
+
import { scanSensitiveData } from "./src/sensitive-scan.js";
|
|
26
27
|
function loadEnabled() {
|
|
27
28
|
try {
|
|
28
29
|
const dir = dirname(fileURLToPath(import.meta.url));
|
|
@@ -60,6 +61,10 @@ export default function setup(api) {
|
|
|
60
61
|
// Check tool-level blacklist (covers all other tools like email, message, etc.)
|
|
61
62
|
match = checkToolBlacklist(toolName, (params ?? {}));
|
|
62
63
|
}
|
|
64
|
+
if (!match) {
|
|
65
|
+
// Check for sensitive data exposure
|
|
66
|
+
match = scanSensitiveData((params ?? {}));
|
|
67
|
+
}
|
|
63
68
|
if (!match)
|
|
64
69
|
return; // 99% of calls end here
|
|
65
70
|
const detail = toolName === "exec"
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,SAAS,gBAAgB,CAAC,GAAW;IACnC,IAAI,CAAC,GAAG;QAAE,OAAO,GAAG,CAAC;IACrB,uBAAuB;IACvB,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,CAAC;IAC9E,oDAAoD;IACpD,OAAO,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC;AACD,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAChG,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,SAAS,gBAAgB,CAAC,GAAW;IACnC,IAAI,CAAC,GAAG;QAAE,OAAO,GAAG,CAAC;IACrB,uBAAuB;IACvB,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,CAAC;IAC9E,oDAAoD;IACpD,OAAO,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC;AACD,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAChG,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpE,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAE5D,SAAS,WAAW;IAClB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACpD,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,EAAE,uBAAuB,CAAC,EAAE,OAAO,CAAC,CAAC;QACtE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,CAAC,+BAA+B;IAC9C,CAAC;AACH,CAAC;AAED,MAAM,CAAC,OAAO,UAAU,KAAK,CAAC,GAAsB;IAClD,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;QACnB,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACjD,OAAO;IACT,CAAC;IAED,YAAY,EAAE,CAAC;IACf,wFAAwF;IACxF,MAAM,YAAY,GAAI,GAAW,CAAC,YAAY,IAAI,EAAE,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAClC,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;IACvB,GAAG,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;IAEvE,GAAG,CAAC,EAAE,CAAC,kBAAkB,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE;QAC9C,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;QAEnC,kEAAkE;QAClE,IAAI,KAAK,GAAG,IAAI,CAAC;QAEjB,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;YACxB,KAAK,GAAG,kBAAkB,CAAC,CAAC,MAAM,EAAE,OAAO,IAAI,EAAE,CAAW,CAAC,CAAC;QAChE,CAAC;aAAM,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,OAAO,GAAG,CAAC,MAAM,EAAE,SAAS,IAAI,MAAM,EAAE,IAAI,IAAI,EAAE,CAAW,CAAC;YACpE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;YAC3C,KAAK,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACvC,CAAC;QAED,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,gFAAgF;YAChF,KAAK,GAAG,kBAAkB,CAAC,QAAQ,EAAE,CAAC,MAAM,IAAI,EAAE,CAA4B,CAAC,CAAC;QAClF,CAAC;QAED,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,oCAAoC;YACpC,KAAK,GAAG,iBAAiB,CAAC,CAAC,MAAM,IAAI,EAAE,CAA4B,CAAC,CAAC;QACvE,CAAC;QAED,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,wBAAwB;QAE5C,MAAM,MAAM,GAAG,QAAQ,KAAK,MAAM;YAChC,CAAC,CAAC,CAAC,MAAM,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAClD,CAAC,CAAC,CAAC,MAAM,EAAE,SAAS,IAAI,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAEvE,GAAG,CAAC,IAAI,CAAC,gCAAgC,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,WAAW,QAAQ,MAAM,MAAM,WAAW,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAE5H,6CAA6C;QAC7C,MAAM,UAAU,GAAG,GAAG,EAAE,UAAgC,CAAC;QAEzD,IAAI,KAAK,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;YACzE,eAAe,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;YAEhF,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBACtB,GAAG,CAAC,KAAK,CAAC,yCAAyC,QAAQ,MAAM,MAAM,YAAY,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;gBACpG,OAAO;oBACL,KAAK,EAAE,IAAI;oBACX,WAAW,EAAE,2BAA2B,KAAK,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,EAAE;iBACxE,CAAC;YACJ,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,uDAAuD,QAAQ,MAAM,MAAM,EAAE,CAAC,CAAC;YACxF,OAAO;QACT,CAAC;QAED,wBAAwB;QACxB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,EAAE,UAAU,CAAC,CAAC;QACpE,eAAe,CAAC,QAAQ,EAAE,MAAM,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAEhF,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;YACtB,GAAG,CAAC,IAAI,CAAC,wCAAwC,QAAQ,MAAM,MAAM,aAAa,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;YACnG,OAAO;gBACL,KAAK,EAAE,IAAI;gBACX,WAAW,EAAE,6BAA6B,KAAK,CAAC,MAAM,kBAAkB;aACzE,CAAC;QACJ,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,uDAAuD,QAAQ,MAAM,MAAM,EAAE,CAAC,CAAC;QACxF,OAAO;IACT,CAAC,CAAC,CAAC;AACL,CAAC"}
|
package/dist/src/audit-log.d.ts
CHANGED
|
@@ -16,4 +16,5 @@ export type AuditEntry = {
|
|
|
16
16
|
};
|
|
17
17
|
export declare function initAuditLog(): void;
|
|
18
18
|
export declare function writeAuditEntry(toolName: string, params: Record<string, unknown>, match: BlacklistMatch, userConfirmed: boolean, reason: string): void;
|
|
19
|
+
export declare function writeProxyAuditEntry(ip: string, status: string, reason: string): void;
|
|
19
20
|
//# sourceMappingURL=audit-log.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit-log.d.ts","sourceRoot":"","sources":["../../src/audit-log.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAErD,MAAM,MAAM,UAAU,GAAG;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,OAAO,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AA6BF,wBAAgB,YAAY,IAAI,IAAI,CAKnC;AAED,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,KAAK,EAAE,cAAc,EACrB,aAAa,EAAE,OAAO,EACtB,MAAM,EAAE,MAAM,GACb,IAAI,CAqBN"}
|
|
1
|
+
{"version":3,"file":"audit-log.d.ts","sourceRoot":"","sources":["../../src/audit-log.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAErD,MAAM,MAAM,UAAU,GAAG;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,OAAO,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AA6BF,wBAAgB,YAAY,IAAI,IAAI,CAKnC;AAED,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,KAAK,EAAE,cAAc,EACrB,aAAa,EAAE,OAAO,EACtB,MAAM,EAAE,MAAM,GACb,IAAI,CAqBN;AAED,wBAAgB,oBAAoB,CAClC,EAAE,EAAE,MAAM,EACV,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,GACb,IAAI,CAaN"}
|
package/dist/src/audit-log.js
CHANGED
|
@@ -61,4 +61,19 @@ export function writeAuditEntry(toolName, params, match, userConfirmed, reason)
|
|
|
61
61
|
console.error(`[guardian] audit write failed: ${err}`);
|
|
62
62
|
}
|
|
63
63
|
}
|
|
64
|
+
export function writeProxyAuditEntry(ip, status, reason) {
|
|
65
|
+
const entry = {
|
|
66
|
+
timestamp: new Date().toISOString(),
|
|
67
|
+
event: "PROXY_CONNECTION",
|
|
68
|
+
ip,
|
|
69
|
+
status,
|
|
70
|
+
reason,
|
|
71
|
+
};
|
|
72
|
+
try {
|
|
73
|
+
appendFileSync(getLogPath(), JSON.stringify(entry) + "\n", "utf-8");
|
|
74
|
+
}
|
|
75
|
+
catch (err) {
|
|
76
|
+
console.error(`[guardian] proxy audit write failed: ${err}`);
|
|
77
|
+
}
|
|
78
|
+
}
|
|
64
79
|
//# sourceMappingURL=audit-log.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit-log.js","sourceRoot":"","sources":["../../src/audit-log.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC9E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAelC,IAAI,QAAQ,GAAG,EAAE,CAAC;AAClB,IAAI,OAAO,GAAG,EAAE,CAAC;AAEjB,SAAS,UAAU;IACjB,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAC5B,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,sBAAsB,CAAC,CAAC;IAC/D,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,eAAe,CAAC,IAAY;IACnC,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACnD,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAe,CAAC;QACjD,OAAO,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,MAAM,IAAI,GAAG,UAAU,EAAE,CAAC;IAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,QAAgB,EAChB,MAA+B,EAC/B,KAAqB,EACrB,aAAsB,EACtB,MAAc;IAEd,MAAM,KAAK,GAAiD;QAC1D,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ;QACR,cAAc,EAAE,KAAK,CAAC,KAAK;QAC3B,eAAe,EAAE,KAAK,CAAC,MAAM;QAC7B,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,aAAa;QACb,WAAW,EAAE,MAAM;QACnB,QAAQ,EAAE,QAAQ;KACnB,CAAC;IAEF,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACxC,KAAK,CAAC,IAAI,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IACpC,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC;IAEtB,IAAI,CAAC;QACH,cAAc,CAAC,UAAU,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IACtE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,kCAAkC,GAAG,EAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC"}
|
|
1
|
+
{"version":3,"file":"audit-log.js","sourceRoot":"","sources":["../../src/audit-log.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC9E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAelC,IAAI,QAAQ,GAAG,EAAE,CAAC;AAClB,IAAI,OAAO,GAAG,EAAE,CAAC;AAEjB,SAAS,UAAU;IACjB,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAC5B,OAAO,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,sBAAsB,CAAC,CAAC;IAC/D,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,eAAe,CAAC,IAAY;IACnC,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACnD,IAAI,CAAC,OAAO;YAAE,OAAO,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAe,CAAC;QACjD,OAAO,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,MAAM,IAAI,GAAG,UAAU,EAAE,CAAC;IAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,QAAgB,EAChB,MAA+B,EAC/B,KAAqB,EACrB,aAAsB,EACtB,MAAc;IAEd,MAAM,KAAK,GAAiD;QAC1D,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,QAAQ;QACR,cAAc,EAAE,KAAK,CAAC,KAAK;QAC3B,eAAe,EAAE,KAAK,CAAC,MAAM;QAC7B,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,aAAa;QACb,WAAW,EAAE,MAAM;QACnB,QAAQ,EAAE,QAAQ;KACnB,CAAC;IAEF,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACxC,KAAK,CAAC,IAAI,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IACpC,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC;IAEtB,IAAI,CAAC;QACH,cAAc,CAAC,UAAU,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IACtE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,kCAAkC,GAAG,EAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,EAAU,EACV,MAAc,EACd,MAAc;IAEd,MAAM,KAAK,GAAG;QACZ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,KAAK,EAAE,kBAAkB;QACzB,EAAE;QACF,MAAM;QACN,MAAM;KACP,CAAC;IACF,IAAI,CAAC;QACH,cAAc,CAAC,UAAU,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IACtE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,wCAAwC,GAAG,EAAE,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"blacklist.d.ts","sourceRoot":"","sources":["../../src/blacklist.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,EAAE,UAAU,GAAG,SAAS,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;
|
|
1
|
+
{"version":3,"file":"blacklist.d.ts","sourceRoot":"","sources":["../../src/blacklist.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,EAAE,UAAU,GAAG,SAAS,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB,CAAC;AAoPF;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CA4DzE;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAI1E;AAqBD;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,cAAc,GAAG,IAAI,CAmB3G"}
|
package/dist/src/blacklist.js
CHANGED
|
@@ -35,10 +35,25 @@ const CRITICAL_EXEC = [
|
|
|
35
35
|
// find -exec with dangerous commands
|
|
36
36
|
{ pattern: /find\s+.*-exec\s+.*\brm\b/, reason: "find -exec rm (indirect deletion)" },
|
|
37
37
|
{ pattern: /find\s+.*-delete\b/, reason: "find -delete (bulk deletion)" },
|
|
38
|
+
// Reverse shells and bind shells
|
|
39
|
+
{ pattern: /nc\s+-e\s+\/bin\/(?:ba)?sh/, reason: "netcat reverse shell" },
|
|
40
|
+
{ pattern: /bash\s+-i\s+>\s?&?\s?\/dev\/tcp\//, reason: "bash reverse shell" },
|
|
41
|
+
{ pattern: /python\s+-c\s+.*import socket.*pty\.spawn/, reason: "python reverse shell" },
|
|
42
|
+
{ pattern: /\/dev\/tcp\/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]+/, reason: "direct /dev/tcp connection" },
|
|
43
|
+
{ pattern: /mkfifo\s+\/tmp\/[a-zA-Z0-9_-]+.*nc\s+/, reason: "named pipe reverse shell" },
|
|
44
|
+
// Container escapes
|
|
45
|
+
{ pattern: /curl\s+--unix-socket\s+\/var\/run\/docker\.sock/, reason: "docker socket abuse" },
|
|
46
|
+
{ pattern: /nsenter\s+--mount=.*--uts=.*--ipc=.*--net=.*--pid=/, reason: "nsenter container escape" },
|
|
47
|
+
// Account manipulation
|
|
48
|
+
{ pattern: /usermod\s+-aG\s+(?:sudo|wheel|root|docker)\s+/, reason: "privilege escalation via group assignment" },
|
|
38
49
|
];
|
|
39
50
|
const CRITICAL_PATH = [
|
|
40
51
|
{ pattern: /^\/etc\/(?:passwd|shadow|sudoers)$/, reason: "write to system auth file" },
|
|
41
52
|
{ pattern: /^\/boot\//, reason: "write to boot partition" },
|
|
53
|
+
{ pattern: /^\/home\/[^\/]+\/\.ssh\/authorized_keys$/, reason: "SSH key backdoor" },
|
|
54
|
+
{ pattern: /^\/home\/[^\/]+\/\.(bashrc|zshrc|profile|bash_profile)$/, reason: "shell profile backdoor" },
|
|
55
|
+
{ pattern: /^\/root\/\.ssh\/authorized_keys$/, reason: "root SSH key backdoor" },
|
|
56
|
+
{ pattern: /^\/var\/spool\/cron\//, reason: "cron backdoor" },
|
|
42
57
|
];
|
|
43
58
|
// ── WARNING: risky but possibly intentional ────────────────────────
|
|
44
59
|
// Needs 1/1 LLM vote confirming user intent to pass
|
|
@@ -128,6 +143,19 @@ function matchRules(text, rules, level) {
|
|
|
128
143
|
}
|
|
129
144
|
return null;
|
|
130
145
|
}
|
|
146
|
+
/**
|
|
147
|
+
* Like matchRules but skips quote/comment detection.
|
|
148
|
+
* Used for interpreter payloads where quotes are language syntax, not shell quoting.
|
|
149
|
+
*/
|
|
150
|
+
function matchRulesRaw(text, rules, level) {
|
|
151
|
+
for (const rule of rules) {
|
|
152
|
+
const m = rule.pattern.exec(text);
|
|
153
|
+
if (m) {
|
|
154
|
+
return { level, pattern: rule.pattern.source, reason: rule.reason };
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
return null;
|
|
158
|
+
}
|
|
131
159
|
// ── Command Segmentation ───────────────────────────────────────────
|
|
132
160
|
function splitCommand(cmd) {
|
|
133
161
|
// Split on shell operators, but not inside quotes
|
|
@@ -242,8 +270,9 @@ export function checkExecBlacklist(command) {
|
|
|
242
270
|
const interpPayload = extractInterpreterPayload(seg);
|
|
243
271
|
if (interpPayload) {
|
|
244
272
|
// Check interpreter payload against exec blacklist patterns
|
|
245
|
-
|
|
246
|
-
|
|
273
|
+
// Use matchRulesRaw: quotes inside interpreter code are language syntax, not shell quoting
|
|
274
|
+
const innerMatch = matchRulesRaw(interpPayload, CRITICAL_EXEC, "critical")
|
|
275
|
+
?? matchRulesRaw(interpPayload, WARNING_EXEC, "warning");
|
|
247
276
|
if (innerMatch) {
|
|
248
277
|
return {
|
|
249
278
|
...innerMatch,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"blacklist.js","sourceRoot":"","sources":["../../src/blacklist.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAaH,sEAAsE;AACtE,qDAAqD;AAErD,MAAM,aAAa,GAAW;IAC5B,6DAA6D;IAC7D,EAAE,OAAO,EAAE,2EAA2E,EAAE,MAAM,EAAE,kCAAkC,EAAE;IACpI,EAAE,OAAO,EAAE,kDAAkD,EAAE,MAAM,EAAE,0BAA0B,EAAE;IACnG,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,0BAA0B,EAAE;IACzD,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,qBAAqB,EAAE;IAClE,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,0BAA0B,EAAE;IAChE,6CAA6C;IAC7C,EAAE,OAAO,EAAE,gDAAgD,EAAE,MAAM,EAAE,2BAA2B,EAAE;IAClG,EAAE,OAAO,EAAE,4CAA4C,EAAE,MAAM,EAAE,mCAAmC,EAAE;IACtG,kBAAkB;IAClB,EAAE,OAAO,EAAE,yBAAyB,EAAE,MAAM,EAAE,wBAAwB,EAAE;IACxE,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,2BAA2B,EAAE;IACnE,qCAAqC;IACrC,EAAE,OAAO,EAAE,qCAAqC,EAAE,MAAM,EAAE,8BAA8B,EAAE;IAC1F,4BAA4B;IAC5B,sBAAsB;IACtB,EAAE,OAAO,EAAE,uCAAuC,EAAE,MAAM,EAAE,sBAAsB,EAAE;IACpF,EAAE,OAAO,EAAE,4CAA4C,EAAE,MAAM,EAAE,sBAAsB,EAAE;IACzF,4CAA4C;IAC5C,gCAAgC;IAChC,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,8BAA8B,EAAE;IACvE,EAAE,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,0CAA0C,EAAE;IACtF,qCAAqC;IACrC,EAAE,OAAO,EAAE,2BAA2B,EAAE,MAAM,EAAE,mCAAmC,EAAE;IACrF,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,EAAE,8BAA8B,EAAE;CAC1E,CAAC;AAEF,MAAM,aAAa,GAAW;IAC5B,EAAE,OAAO,EAAE,oCAAoC,EAAE,MAAM,EAAE,2BAA2B,EAAE;IACtF,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,yBAAyB,EAAE;CAC5D,CAAC;AAEF,sEAAsE;AACtE,oDAAoD;AAEpD,MAAM,YAAY,GAAW;IAC3B,8EAA8E;IAC9E,EAAE,OAAO,EAAE,gCAAgC,EAAE,MAAM,EAAE,yBAAyB,EAAE;IAChF,uBAAuB;IACvB,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,6BAA6B,EAAE;IAC/D,wBAAwB;IACxB,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,uCAAuC,EAAE;IAChF,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,6BAA6B,EAAE;IACnE,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,4BAA4B,EAAE;IAClE,aAAa;IACb,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,8BAA8B,EAAE;IACnE,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,mBAAmB,EAAE;IACxD,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,iBAAiB,EAAE;IACpD,qEAAqE;IACrE,EAAE,OAAO,EAAE,iCAAiC,EAAE,MAAM,EAAE,gCAAgC,EAAE;IACxF,uBAAuB;IACvB,EAAE,OAAO,EAAE,8BAA8B,EAAE,MAAM,EAAE,qBAAqB,EAAE;IAC1E,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,gBAAgB,EAAE;IACrD,8FAA8F;IAC9F,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,iCAAiC,EAAE;IACnE,2BAA2B;IAC3B,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,iCAAiC,EAAE;IACvE,EAAE,OAAO,EAAE,yCAAyC,EAAE,MAAM,EAAE,4BAA4B,EAAE;IAC5F,uBAAuB;IACvB,EAAE,OAAO,EAAE,uBAAuB,EAAE,MAAM,EAAE,sBAAsB,EAAE;IACpE,kBAAkB;IAClB,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,0BAA0B,EAAE;IAC7D,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,0BAA0B,EAAE;IAC9D,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,4BAA4B,EAAE;IAC/D,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,8BAA8B,EAAE;IAClE,qBAAqB;IACrB,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,iCAAiC,EAAE;IACvE,+DAA+D;IAC/D,EAAE,OAAO,EAAE,+CAA+C,EAAE,MAAM,EAAE,gDAAgD,EAAE;CACvH,CAAC;AAEF,MAAM,YAAY,GAAW;IAC3B,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,8BAA8B,EAAE;IAC/D,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,2BAA2B,EAAE;CAC9D,CAAC;AAEF,uEAAuE;AAEvE,MAAM,SAAS,GAAa;IAC1B,0DAA0D;IAC1D,wBAAwB;IACxB,oCAAoC;IACpC,6GAA6G;IAC7G,qFAAqF;IACrF,qBAAqB;IACrB,qEAAqE;IACrE,oHAAoH;IACpH,6BAA6B;IAC7B,qDAAqD;IACrD,wDAAwD;IACxD,qBAAqB;IACrB,6CAA6C;IAC7C,2CAA2C;IAC3C,eAAe;IACf,cAAc;CACf,CAAC;AAEF,sEAAsE;AAEtE,SAAS,mBAAmB,CAAC,IAAY,EAAE,UAAkB;IAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAEzC,wBAAwB;IACxB,MAAM,YAAY,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;IACvD,IAAI,YAAY,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAExC,wBAAwB;IACxB,MAAM,YAAY,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;IACvD,IAAI,YAAY,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAExC,8CAA8C;IAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;IAClD,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,sEAAsE;AAEtE,SAAS,UAAU,CAAC,IAAY,EAAE,KAAa,EAAE,KAA6B;IAC5E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7C,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;QACtE,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,sEAAsE;AAEtE,SAAS,YAAY,CAAC,GAAW;IAC/B,kDAAkD;IAClD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,EAAE,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAAC,QAAQ,GAAG,CAAC,QAAQ,CAAC;YAAC,OAAO,IAAI,EAAE,CAAC;YAAC,SAAS;QAAC,CAAC;QAC/E,IAAI,EAAE,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAAC,QAAQ,GAAG,CAAC,QAAQ,CAAC;YAAC,OAAO,IAAI,EAAE,CAAC;YAAC,SAAS;QAAC,CAAC;QAC/E,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3B,+CAA+C;YAC/C,IAAI,CAAC,EAAE,KAAK,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;gBAC7E,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC9B,OAAO,GAAG,EAAE,CAAC;gBACb,CAAC,EAAE,CAAC,CAAC,mBAAmB;gBACxB,SAAS;YACX,CAAC;YACD,iCAAiC;YACjC,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;gBAC5C,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC9B,OAAO,GAAG,EAAE,CAAC;gBACb,SAAS;YACX,CAAC;QACH,CAAC;QACD,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,EAAE;QAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAClD,OAAO,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAClC,CAAC;AAED,sEAAsE;AAEtE;;;;;;GAMG;AACH,SAAS,0BAA0B,CAAC,OAAe;IACjD,2DAA2D;IAC3D,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAChC,+GAA+G,CAChH,CAAC;IACF,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,YAAY,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IACvE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,yBAAyB,CAAC,OAAe;IAChD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAC/B,mGAAmG,CACpG,CAAC;IACF,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,WAAW,CAAC,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IAClD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,sEAAsE;AAEtE;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,gEAAgE;IAChE,kFAAkF;IAClF,MAAM,YAAY,GAAW;QAC3B,EAAE,OAAO,EAAE,mDAAmD,EAAE,MAAM,EAAE,8BAA8B,EAAE;QACxG,EAAE,OAAO,EAAE,sDAAsD,EAAE,MAAM,EAAE,4CAA4C,EAAE;QACzH,EAAE,OAAO,EAAE,sDAAsD,EAAE,MAAM,EAAE,4CAA4C,EAAE;QACzH,EAAE,OAAO,EAAE,uCAAuC,EAAE,MAAM,EAAE,oBAAoB,EAAE;QAClF,EAAE,OAAO,EAAE,yCAAyC,EAAE,MAAM,EAAE,sBAAsB,EAAE;QACtF,EAAE,OAAO,EAAE,+BAA+B,EAAE,MAAM,EAAE,2BAA2B,EAAE;QACjF,EAAE,OAAO,EAAE,mCAAmC,EAAE,MAAM,EAAE,2BAA2B,EAAE;KACtF,CAAC;IACF,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;IAChE,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC;IAEhC,yDAAyD;IACzD,wDAAwD;IACxD,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACvC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,iCAAiC;QACjC,MAAM,YAAY,GAAG,0BAA0B,CAAC,GAAG,CAAC,CAAC;QACrD,IAAI,YAAY,EAAE,CAAC;YACjB,sCAAsC;YACtC,MAAM,UAAU,GAAG,kBAAkB,CAAC,YAAY,CAAC,CAAC;YACpD,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;oBACL,GAAG,UAAU;oBACb,MAAM,EAAE,GAAG,UAAU,CAAC,MAAM,wBAAwB,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM;iBAC3E,CAAC;YACJ,CAAC;QACH,CAAC;QAED,oCAAoC;QACpC,MAAM,aAAa,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAC;QACrD,IAAI,aAAa,EAAE,CAAC;YAClB,4DAA4D;YAC5D,MAAM,UAAU,GAAG,UAAU,CAAC,aAAa,EAAE,aAAa,EAAE,UAAU,CAAC;mBAClE,UAAU,CAAC,aAAa,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;YACxD,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;oBACL,GAAG,UAAU;oBACb,MAAM,EAAE,GAAG,UAAU,CAAC,MAAM,gCAAgC;iBAC7D,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,yDAAyD;QACzD,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAAE,SAAS;QAEjD,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,aAAa,EAAE,UAAU,CAAC;eAC/C,UAAU,CAAC,GAAG,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;QAC9C,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO,UAAU,CAAC,QAAQ,EAAE,aAAa,EAAE,UAAU,CAAC;WACjD,UAAU,CAAC,QAAQ,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC;AAYD,MAAM,UAAU,GAAe;IAC7B,sDAAsD;IACtD,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,+CAA+C,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,oCAAoC,EAAE;IACrJ,+DAA+D;IAC/D,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,wBAAwB,EAAE;IAChH,uDAAuD;IACvD,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,8DAA8D,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,2CAA2C,EAAE;CAC5K,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB,EAAE,MAA+B;IAClF,kDAAkD;IAClD,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACpF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE7D,8CAA8C;IAC9C,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IAClE,MAAM,WAAW,GAAG,YAAY;SAC7B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAW,CAAC,CAAC,CAAC,EAAE,CAAC;SAClE,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,GAAG,CAAC;SACT,WAAW,EAAE,CAAC;IAEjB,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,SAAS;QACxC,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACzC,IAAI,CAAC;YAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;IACzF,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
1
|
+
{"version":3,"file":"blacklist.js","sourceRoot":"","sources":["../../src/blacklist.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAaH,sEAAsE;AACtE,qDAAqD;AAErD,MAAM,aAAa,GAAW;IAC5B,6DAA6D;IAC7D,EAAE,OAAO,EAAE,2EAA2E,EAAE,MAAM,EAAE,kCAAkC,EAAE;IACpI,EAAE,OAAO,EAAE,kDAAkD,EAAE,MAAM,EAAE,0BAA0B,EAAE;IACnG,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,0BAA0B,EAAE;IACzD,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,qBAAqB,EAAE;IAClE,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,0BAA0B,EAAE;IAChE,6CAA6C;IAC7C,EAAE,OAAO,EAAE,gDAAgD,EAAE,MAAM,EAAE,2BAA2B,EAAE;IAClG,EAAE,OAAO,EAAE,4CAA4C,EAAE,MAAM,EAAE,mCAAmC,EAAE;IACtG,kBAAkB;IAClB,EAAE,OAAO,EAAE,yBAAyB,EAAE,MAAM,EAAE,wBAAwB,EAAE;IACxE,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,2BAA2B,EAAE;IACnE,qCAAqC;IACrC,EAAE,OAAO,EAAE,qCAAqC,EAAE,MAAM,EAAE,8BAA8B,EAAE;IAC1F,4BAA4B;IAC5B,sBAAsB;IACtB,EAAE,OAAO,EAAE,uCAAuC,EAAE,MAAM,EAAE,sBAAsB,EAAE;IACpF,EAAE,OAAO,EAAE,4CAA4C,EAAE,MAAM,EAAE,sBAAsB,EAAE;IACzF,4CAA4C;IAC5C,gCAAgC;IAChC,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,8BAA8B,EAAE;IACvE,EAAE,OAAO,EAAE,qBAAqB,EAAE,MAAM,EAAE,0CAA0C,EAAE;IACtF,qCAAqC;IACrC,EAAE,OAAO,EAAE,2BAA2B,EAAE,MAAM,EAAE,mCAAmC,EAAE;IACrF,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,EAAE,8BAA8B,EAAE;IACzE,iCAAiC;IACjC,EAAE,OAAO,EAAE,4BAA4B,EAAE,MAAM,EAAE,sBAAsB,EAAE;IACzE,EAAE,OAAO,EAAE,mCAAmC,EAAE,MAAM,EAAE,oBAAoB,EAAE;IAC9E,EAAE,OAAO,EAAE,2CAA2C,EAAE,MAAM,EAAE,sBAAsB,EAAE;IACxF,EAAE,OAAO,EAAE,oEAAoE,EAAE,MAAM,EAAE,4BAA4B,EAAE;IACvH,EAAE,OAAO,EAAE,uCAAuC,EAAE,MAAM,EAAE,0BAA0B,EAAE;IACxF,oBAAoB;IACpB,EAAE,OAAO,EAAE,iDAAiD,EAAE,MAAM,EAAE,qBAAqB,EAAE;IAC7F,EAAE,OAAO,EAAE,oDAAoD,EAAE,MAAM,EAAE,0BAA0B,EAAE;IACrG,uBAAuB;IACvB,EAAE,OAAO,EAAE,+CAA+C,EAAE,MAAM,EAAE,2CAA2C,EAAE;CAClH,CAAC;AAEF,MAAM,aAAa,GAAW;IAC5B,EAAE,OAAO,EAAE,oCAAoC,EAAE,MAAM,EAAE,2BAA2B,EAAE;IACtF,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,yBAAyB,EAAE;IAC3D,EAAE,OAAO,EAAE,0CAA0C,EAAE,MAAM,EAAE,kBAAkB,EAAE;IACnF,EAAE,OAAO,EAAE,yDAAyD,EAAE,MAAM,EAAE,wBAAwB,EAAE;IACxG,EAAE,OAAO,EAAE,kCAAkC,EAAE,MAAM,EAAE,uBAAuB,EAAE;IAChF,EAAE,OAAO,EAAE,uBAAuB,EAAE,MAAM,EAAE,eAAe,EAAE;CAC9D,CAAC;AAEF,sEAAsE;AACtE,oDAAoD;AAEpD,MAAM,YAAY,GAAW;IAC3B,8EAA8E;IAC9E,EAAE,OAAO,EAAE,gCAAgC,EAAE,MAAM,EAAE,yBAAyB,EAAE;IAChF,uBAAuB;IACvB,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,6BAA6B,EAAE;IAC/D,wBAAwB;IACxB,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,uCAAuC,EAAE;IAChF,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,6BAA6B,EAAE;IACnE,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,4BAA4B,EAAE;IAClE,aAAa;IACb,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,8BAA8B,EAAE;IACnE,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,mBAAmB,EAAE;IACxD,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,iBAAiB,EAAE;IACpD,qEAAqE;IACrE,EAAE,OAAO,EAAE,iCAAiC,EAAE,MAAM,EAAE,gCAAgC,EAAE;IACxF,uBAAuB;IACvB,EAAE,OAAO,EAAE,8BAA8B,EAAE,MAAM,EAAE,qBAAqB,EAAE;IAC1E,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,gBAAgB,EAAE;IACrD,8FAA8F;IAC9F,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,iCAAiC,EAAE;IACnE,2BAA2B;IAC3B,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,iCAAiC,EAAE;IACvE,EAAE,OAAO,EAAE,yCAAyC,EAAE,MAAM,EAAE,4BAA4B,EAAE;IAC5F,uBAAuB;IACvB,EAAE,OAAO,EAAE,uBAAuB,EAAE,MAAM,EAAE,sBAAsB,EAAE;IACpE,kBAAkB;IAClB,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,0BAA0B,EAAE;IAC7D,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,0BAA0B,EAAE;IAC9D,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,4BAA4B,EAAE;IAC/D,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,8BAA8B,EAAE;IAClE,qBAAqB;IACrB,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,iCAAiC,EAAE;IACvE,+DAA+D;IAC/D,EAAE,OAAO,EAAE,+CAA+C,EAAE,MAAM,EAAE,gDAAgD,EAAE;CACvH,CAAC;AAEF,MAAM,YAAY,GAAW;IAC3B,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,8BAA8B,EAAE;IAC/D,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,2BAA2B,EAAE;CAC9D,CAAC;AAEF,uEAAuE;AAEvE,MAAM,SAAS,GAAa;IAC1B,0DAA0D;IAC1D,wBAAwB;IACxB,oCAAoC;IACpC,6GAA6G;IAC7G,qFAAqF;IACrF,qBAAqB;IACrB,qEAAqE;IACrE,oHAAoH;IACpH,6BAA6B;IAC7B,qDAAqD;IACrD,wDAAwD;IACxD,qBAAqB;IACrB,6CAA6C;IAC7C,2CAA2C;IAC3C,eAAe;IACf,cAAc;CACf,CAAC;AAEF,sEAAsE;AAEtE,SAAS,mBAAmB,CAAC,IAAY,EAAE,UAAkB;IAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;IAEzC,wBAAwB;IACxB,MAAM,YAAY,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;IACvD,IAAI,YAAY,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAExC,wBAAwB;IACxB,MAAM,YAAY,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;IACvD,IAAI,YAAY,GAAG,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAExC,8CAA8C;IAC9C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;IAClD,IAAI,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3C,OAAO,KAAK,CAAC;AACf,CAAC;AAED,sEAAsE;AAEtE,SAAS,UAAU,CAAC,IAAY,EAAE,KAAa,EAAE,KAA6B;IAC5E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7C,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;QACtE,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,IAAY,EAAE,KAAa,EAAE,KAA6B;IAC/E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,EAAE,CAAC;YACN,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;QACtE,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,sEAAsE;AAEtE,SAAS,YAAY,CAAC,GAAW;IAC/B,kDAAkD;IAClD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;QAClB,IAAI,EAAE,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAAC,QAAQ,GAAG,CAAC,QAAQ,CAAC;YAAC,OAAO,IAAI,EAAE,CAAC;YAAC,SAAS;QAAC,CAAC;QAC/E,IAAI,EAAE,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAAC,QAAQ,GAAG,CAAC,QAAQ,CAAC;YAAC,OAAO,IAAI,EAAE,CAAC;YAAC,SAAS;QAAC,CAAC;QAC/E,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3B,+CAA+C;YAC/C,IAAI,CAAC,EAAE,KAAK,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;gBAC7E,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC9B,OAAO,GAAG,EAAE,CAAC;gBACb,CAAC,EAAE,CAAC,CAAC,mBAAmB;gBACxB,SAAS;YACX,CAAC;YACD,iCAAiC;YACjC,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;gBAC5C,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;gBAC9B,OAAO,GAAG,EAAE,CAAC;gBACb,SAAS;YACX,CAAC;QACH,CAAC;QACD,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC;IACD,IAAI,OAAO,CAAC,IAAI,EAAE;QAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAClD,OAAO,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;AAClC,CAAC;AAED,sEAAsE;AAEtE;;;;;;GAMG;AACH,SAAS,0BAA0B,CAAC,OAAe;IACjD,2DAA2D;IAC3D,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAChC,+GAA+G,CAChH,CAAC;IACF,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,YAAY,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IACvE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,yBAAyB,CAAC,OAAe;IAChD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAC/B,mGAAmG,CACpG,CAAC;IACF,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,WAAW,CAAC,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IAClD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,sEAAsE;AAEtE;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,gEAAgE;IAChE,kFAAkF;IAClF,MAAM,YAAY,GAAW;QAC3B,EAAE,OAAO,EAAE,mDAAmD,EAAE,MAAM,EAAE,8BAA8B,EAAE;QACxG,EAAE,OAAO,EAAE,sDAAsD,EAAE,MAAM,EAAE,4CAA4C,EAAE;QACzH,EAAE,OAAO,EAAE,sDAAsD,EAAE,MAAM,EAAE,4CAA4C,EAAE;QACzH,EAAE,OAAO,EAAE,uCAAuC,EAAE,MAAM,EAAE,oBAAoB,EAAE;QAClF,EAAE,OAAO,EAAE,yCAAyC,EAAE,MAAM,EAAE,sBAAsB,EAAE;QACtF,EAAE,OAAO,EAAE,+BAA+B,EAAE,MAAM,EAAE,2BAA2B,EAAE;QACjF,EAAE,OAAO,EAAE,mCAAmC,EAAE,MAAM,EAAE,2BAA2B,EAAE;KACtF,CAAC;IACF,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,EAAE,YAAY,EAAE,UAAU,CAAC,CAAC;IAChE,IAAI,SAAS;QAAE,OAAO,SAAS,CAAC;IAEhC,yDAAyD;IACzD,wDAAwD;IACxD,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACvC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,iCAAiC;QACjC,MAAM,YAAY,GAAG,0BAA0B,CAAC,GAAG,CAAC,CAAC;QACrD,IAAI,YAAY,EAAE,CAAC;YACjB,sCAAsC;YACtC,MAAM,UAAU,GAAG,kBAAkB,CAAC,YAAY,CAAC,CAAC;YACpD,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;oBACL,GAAG,UAAU;oBACb,MAAM,EAAE,GAAG,UAAU,CAAC,MAAM,wBAAwB,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM;iBAC3E,CAAC;YACJ,CAAC;QACH,CAAC;QAED,oCAAoC;QACpC,MAAM,aAAa,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAC;QACrD,IAAI,aAAa,EAAE,CAAC;YAClB,4DAA4D;YAC5D,2FAA2F;YAC3F,MAAM,UAAU,GAAG,aAAa,CAAC,aAAa,EAAE,aAAa,EAAE,UAAU,CAAC;mBACrE,aAAa,CAAC,aAAa,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;YAC3D,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO;oBACL,GAAG,UAAU;oBACb,MAAM,EAAE,GAAG,UAAU,CAAC,MAAM,gCAAgC;iBAC7D,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,yDAAyD;QACzD,IAAI,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAAE,SAAS;QAEjD,MAAM,CAAC,GAAG,UAAU,CAAC,GAAG,EAAE,aAAa,EAAE,UAAU,CAAC;eAC/C,UAAU,CAAC,GAAG,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;QAC9C,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB;IACjD,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO,UAAU,CAAC,QAAQ,EAAE,aAAa,EAAE,UAAU,CAAC;WACjD,UAAU,CAAC,QAAQ,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC;AAYD,MAAM,UAAU,GAAe;IAC7B,sDAAsD;IACtD,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,+CAA+C,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,oCAAoC,EAAE;IACrJ,+DAA+D;IAC/D,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,uBAAuB,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,wBAAwB,EAAE;IAChH,uDAAuD;IACvD,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,8DAA8D,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,2CAA2C,EAAE;CAC5K,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAgB,EAAE,MAA+B;IAClF,kDAAkD;IAClD,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACpF,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE7D,8CAA8C;IAC9C,MAAM,YAAY,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;IAClE,MAAM,WAAW,GAAG,YAAY;SAC7B,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAW,CAAC,CAAC,CAAC,EAAE,CAAC;SAClE,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,GAAG,CAAC;SACT,WAAW,EAAE,CAAC;IAEjB,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,SAAS;QACxC,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACzC,IAAI,CAAC;YAAE,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;IACzF,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"proxy-server.d.ts","sourceRoot":"","sources":["../../src/proxy-server.ts"],"names":[],"mappings":"AA4BA,eAAO,MAAM,cAAc,QAAU,CAAC;AA0CtC,wBAAgB,UAAU,IAAI,IAAI,CA8CjC"}
|
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
import { createServer } from "node:http";
|
|
2
|
+
import { parse } from "node:url";
|
|
3
|
+
import { randomBytes } from "node:crypto";
|
|
4
|
+
import { readFileSync, writeFileSync, existsSync } from "node:fs";
|
|
5
|
+
import { join } from "node:path";
|
|
6
|
+
import { homedir } from "node:os";
|
|
7
|
+
import httpProxy from "http-proxy";
|
|
8
|
+
import { writeProxyAuditEntry, initAuditLog } from "./audit-log.js";
|
|
9
|
+
import dotenv from "dotenv";
|
|
10
|
+
dotenv.config();
|
|
11
|
+
const PROXY_PORT = parseInt(process.env.PROXY_PORT || "18790", 10);
|
|
12
|
+
const TARGET_URL = "http://127.0.0.1:18789";
|
|
13
|
+
// Load or generate token
|
|
14
|
+
const tokenPath = join(homedir(), ".openclaw", ".guardian_token");
|
|
15
|
+
let _token = process.env.GUARDIAN_TOKEN;
|
|
16
|
+
if (!_token) {
|
|
17
|
+
if (existsSync(tokenPath)) {
|
|
18
|
+
_token = readFileSync(tokenPath, "utf-8").trim();
|
|
19
|
+
}
|
|
20
|
+
else {
|
|
21
|
+
_token = randomBytes(16).toString("hex"); // 32 chars
|
|
22
|
+
writeFileSync(tokenPath, _token, "utf-8");
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
export const GUARDIAN_TOKEN = _token;
|
|
26
|
+
const proxy = httpProxy.createProxyServer({
|
|
27
|
+
target: TARGET_URL,
|
|
28
|
+
ws: true,
|
|
29
|
+
});
|
|
30
|
+
proxy.on("error", (err, req, res) => {
|
|
31
|
+
console.error("[Proxy Error]", err);
|
|
32
|
+
if (res && res.writeHead) {
|
|
33
|
+
res.writeHead(502, { "Content-Type": "application/json" });
|
|
34
|
+
res.end(JSON.stringify({ error: "Bad Gateway" }));
|
|
35
|
+
}
|
|
36
|
+
});
|
|
37
|
+
function validateRequest(req, isWs) {
|
|
38
|
+
const origin = req.headers.origin;
|
|
39
|
+
if (origin && origin !== "http://localhost" && origin !== "http://127.0.0.1" && origin !== "null") {
|
|
40
|
+
return { ok: false, reason: "Invalid Origin" };
|
|
41
|
+
}
|
|
42
|
+
const purl = parse(req.url || "", true);
|
|
43
|
+
let token = purl.query.token;
|
|
44
|
+
if (!token && req.headers.authorization) {
|
|
45
|
+
const parts = req.headers.authorization.split(" ");
|
|
46
|
+
if (parts.length === 2 && parts[0].toLowerCase() === "bearer") {
|
|
47
|
+
token = parts[1];
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
if (!token) {
|
|
51
|
+
return { ok: false, reason: "Missing token" };
|
|
52
|
+
}
|
|
53
|
+
if (token !== GUARDIAN_TOKEN) {
|
|
54
|
+
return { ok: false, reason: "Invalid token" };
|
|
55
|
+
}
|
|
56
|
+
return { ok: true };
|
|
57
|
+
}
|
|
58
|
+
export function startProxy() {
|
|
59
|
+
initAuditLog();
|
|
60
|
+
const server = createServer((req, res) => {
|
|
61
|
+
const ip = req.socket.remoteAddress || "unknown";
|
|
62
|
+
const { ok, reason } = validateRequest(req, false);
|
|
63
|
+
if (!ok) {
|
|
64
|
+
writeProxyAuditEntry(ip, "REJECTED", reason || "Unauthorized");
|
|
65
|
+
res.writeHead(401, { "Content-Type": "application/json" });
|
|
66
|
+
res.end(JSON.stringify({ error: reason }));
|
|
67
|
+
return;
|
|
68
|
+
}
|
|
69
|
+
writeProxyAuditEntry(ip, "PASSED", "Authorized");
|
|
70
|
+
proxy.web(req, res);
|
|
71
|
+
});
|
|
72
|
+
server.on("upgrade", (req, socket, head) => {
|
|
73
|
+
const ip = req.socket.remoteAddress || "unknown";
|
|
74
|
+
const { ok, reason } = validateRequest(req, true);
|
|
75
|
+
if (!ok) {
|
|
76
|
+
writeProxyAuditEntry(ip, "REJECTED", reason || "Unauthorized WebSocket");
|
|
77
|
+
socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
|
|
78
|
+
socket.destroy();
|
|
79
|
+
return;
|
|
80
|
+
}
|
|
81
|
+
writeProxyAuditEntry(ip, "PASSED", "Authorized WebSocket");
|
|
82
|
+
proxy.ws(req, socket, head);
|
|
83
|
+
});
|
|
84
|
+
server.listen(PROXY_PORT, () => {
|
|
85
|
+
console.log(`\n======================================================`);
|
|
86
|
+
console.log(`🛡️ openclaw-guardian: Entry Protection is ONLINE 🛡️`);
|
|
87
|
+
console.log(`======================================================`);
|
|
88
|
+
console.log(`\nAll clients MUST connect to the proxy port: ws://localhost:${PROXY_PORT}`);
|
|
89
|
+
console.log(`Access Token: ${GUARDIAN_TOKEN}`);
|
|
90
|
+
console.log(`\nExample WebSocket connection:`);
|
|
91
|
+
console.log(` wscat -c ws://localhost:${PROXY_PORT}?token=${GUARDIAN_TOKEN}`);
|
|
92
|
+
console.log(`\nExample HTTP webhook:`);
|
|
93
|
+
console.log(` http://localhost:${PROXY_PORT}/your-path?token=${GUARDIAN_TOKEN}`);
|
|
94
|
+
console.log(`\nDo NOT connect directly to the gateway port 18789.`);
|
|
95
|
+
console.log(`======================================================\n`);
|
|
96
|
+
});
|
|
97
|
+
}
|
|
98
|
+
//# sourceMappingURL=proxy-server.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"proxy-server.js","sourceRoot":"","sources":["../../src/proxy-server.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAmC,MAAM,WAAW,CAAC;AAC1E,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAClE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,SAAS,MAAM,YAAY,CAAC;AACnC,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACpE,OAAO,MAAM,MAAM,QAAQ,CAAC;AAE5B,MAAM,CAAC,MAAM,EAAE,CAAC;AAEhB,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,EAAE,EAAE,CAAC,CAAC;AACnE,MAAM,UAAU,GAAG,wBAAwB,CAAC;AAE5C,yBAAyB;AACzB,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,iBAAiB,CAAC,CAAC;AAClE,IAAI,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AAExC,IAAI,CAAC,MAAM,EAAE,CAAC;IACV,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACxB,MAAM,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IACrD,CAAC;SAAM,CAAC;QACJ,MAAM,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW;QACrD,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;AACL,CAAC;AAED,MAAM,CAAC,MAAM,cAAc,GAAG,MAAO,CAAC;AAEtC,MAAM,KAAK,GAAG,SAAS,CAAC,iBAAiB,CAAC;IACtC,MAAM,EAAE,UAAU;IAClB,EAAE,EAAE,IAAI;CACX,CAAC,CAAC;AAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAQ,EAAE,EAAE;IACrC,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;IACpC,IAAI,GAAG,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;QACvB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;IACtD,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,SAAS,eAAe,CAAC,GAAoB,EAAE,IAAa;IACxD,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC;IAClC,IAAI,MAAM,IAAI,MAAM,KAAK,kBAAkB,IAAI,MAAM,KAAK,kBAAkB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QAChG,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC;IACnD,CAAC;IAED,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;IACxC,IAAI,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAe,CAAC;IAEvC,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC5D,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACrB,CAAC;IACL,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACT,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAClD,CAAC;IAED,IAAI,KAAK,KAAK,cAAc,EAAE,CAAC;QAC3B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAClD,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,UAAU;IACtB,YAAY,EAAE,CAAC;IAEf,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;QACtE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC;QACjD,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,eAAe,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAEnD,IAAI,CAAC,EAAE,EAAE,CAAC;YACN,oBAAoB,CAAC,EAAE,EAAE,UAAU,EAAE,MAAM,IAAI,cAAc,CAAC,CAAC;YAC/D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;YAC3C,OAAO;QACX,CAAC;QAED,oBAAoB,CAAC,EAAE,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;QACjD,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAoB,EAAE,MAAW,EAAE,IAAS,EAAE,EAAE;QAClE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC;QACjD,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,eAAe,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAElD,IAAI,CAAC,EAAE,EAAE,CAAC;YACN,oBAAoB,CAAC,EAAE,EAAE,UAAU,EAAE,MAAM,IAAI,wBAAwB,CAAC,CAAC;YACzE,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;YAClD,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO;QACX,CAAC;QAED,oBAAoB,CAAC,EAAE,EAAE,QAAQ,EAAE,sBAAsB,CAAC,CAAC;QAC3D,KAAK,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,EAAE;QAC3B,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;QACxE,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;QACtE,OAAO,CAAC,GAAG,CAAC,gEAAgE,UAAU,EAAE,CAAC,CAAC;QAC1F,OAAO,CAAC,GAAG,CAAC,iBAAiB,cAAc,EAAE,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,6BAA6B,UAAU,UAAU,cAAc,EAAE,CAAC,CAAC;QAC/E,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,sBAAsB,UAAU,oBAAoB,cAAc,EAAE,CAAC,CAAC;QAClF,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;QACpE,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { BlacklistMatch } from "./blacklist.js";
|
|
2
|
+
/**
|
|
3
|
+
* Scans tool call parameters for sensitive data strings (credentials).
|
|
4
|
+
* @param params Tool parameters to scan
|
|
5
|
+
* @returns BlacklistMatch or null if safe
|
|
6
|
+
*/
|
|
7
|
+
export declare function scanSensitiveData(params: Record<string, unknown>): BlacklistMatch | null;
|
|
8
|
+
//# sourceMappingURL=sensitive-scan.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sensitive-scan.d.ts","sourceRoot":"","sources":["../../src/sensitive-scan.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAYrD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,cAAc,GAAG,IAAI,CAexF"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
// Regexes for common sensitive data
|
|
2
|
+
const SENSITIVE_PATTERNS = [
|
|
3
|
+
{ regex: /sk-[a-zA-Z0-9]{48}/, reason: "OpenAI Secret Key" },
|
|
4
|
+
{ regex: /AKIA[0-9A-Z]{16}/, reason: "AWS Access Key ID" },
|
|
5
|
+
{ regex: /(?:bearer|authorization)\s*[:=]\s*(?:bearer\s+)?([a-zA-Z0-9-_\.]+)/i, reason: "Bearer/Authorization Token" },
|
|
6
|
+
{ regex: /password\s*=\s*['"]?([^'"\s&]+)/i, reason: "Plaintext Password" },
|
|
7
|
+
{ regex: /xox[baprs]-[0-9a-zA-Z]+/, reason: "Slack Token" },
|
|
8
|
+
{ regex: /gh[ps]_[a-zA-Z0-9]{36}/, reason: "GitHub Token" },
|
|
9
|
+
];
|
|
10
|
+
/**
|
|
11
|
+
* Scans tool call parameters for sensitive data strings (credentials).
|
|
12
|
+
* @param params Tool parameters to scan
|
|
13
|
+
* @returns BlacklistMatch or null if safe
|
|
14
|
+
*/
|
|
15
|
+
export function scanSensitiveData(params) {
|
|
16
|
+
const paramsStr = JSON.stringify(params);
|
|
17
|
+
for (const pattern of SENSITIVE_PATTERNS) {
|
|
18
|
+
if (pattern.regex.test(paramsStr)) {
|
|
19
|
+
const match = paramsStr.match(pattern.regex);
|
|
20
|
+
return {
|
|
21
|
+
pattern: pattern.regex.toString(),
|
|
22
|
+
level: "warning",
|
|
23
|
+
reason: `Sensitive data exposure detected: ${pattern.reason}`,
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
return null;
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=sensitive-scan.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sensitive-scan.js","sourceRoot":"","sources":["../../src/sensitive-scan.ts"],"names":[],"mappings":"AAEA,oCAAoC;AACpC,MAAM,kBAAkB,GAAG;IACvB,EAAE,KAAK,EAAE,oBAAoB,EAAE,MAAM,EAAE,mBAAmB,EAAE;IAC5D,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,EAAE,mBAAmB,EAAE;IAC1D,EAAE,KAAK,EAAE,qEAAqE,EAAE,MAAM,EAAE,4BAA4B,EAAE;IACtH,EAAE,KAAK,EAAE,kCAAkC,EAAE,MAAM,EAAE,oBAAoB,EAAE;IAC3E,EAAE,KAAK,EAAE,yBAAyB,EAAE,MAAM,EAAE,aAAa,EAAE;IAC3D,EAAE,KAAK,EAAE,wBAAwB,EAAE,MAAM,EAAE,cAAc,EAAE;CAC9D,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAA+B;IAC7D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEzC,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACvC,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC7C,OAAO;gBACH,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE;gBACjC,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,qCAAqC,OAAO,CAAC,MAAM,EAAE;aAChE,CAAC;QACN,CAAC;IACL,CAAC;IAED,OAAO,IAAI,CAAC;AAChB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"start.d.ts","sourceRoot":"","sources":["../../src/start.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"start.js","sourceRoot":"","sources":["../../src/start.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,8CAA8C;AAC9C,sDAAsD;AAEtD,UAAU,EAAE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "openclaw-guardian",
|
|
3
|
-
"version": "0.3.
|
|
4
|
-
"description": "Security gate plugin for OpenClaw
|
|
3
|
+
"version": "0.3.2",
|
|
4
|
+
"description": "Security gate plugin for OpenClaw — two-tier blacklist (regex + LLM intent verification) prevents dangerous tool executions",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
@@ -19,6 +19,7 @@
|
|
|
19
19
|
"LICENSE"
|
|
20
20
|
],
|
|
21
21
|
"scripts": {
|
|
22
|
+
"start": "ts-node src/start.ts",
|
|
22
23
|
"build": "tsc",
|
|
23
24
|
"prepublishOnly": "npm run build"
|
|
24
25
|
},
|
|
@@ -46,12 +47,19 @@
|
|
|
46
47
|
"openclaw": ">=2026.1.26"
|
|
47
48
|
},
|
|
48
49
|
"devDependencies": {
|
|
50
|
+
"@types/http-proxy": "^1.17.17",
|
|
49
51
|
"@types/node": "^25.3.2",
|
|
52
|
+
"@types/ws": "^8.18.1",
|
|
50
53
|
"typescript": "^5.9.0"
|
|
51
54
|
},
|
|
52
55
|
"openclaw": {
|
|
53
56
|
"extensions": [
|
|
54
57
|
"dist/index.js"
|
|
55
58
|
]
|
|
59
|
+
},
|
|
60
|
+
"dependencies": {
|
|
61
|
+
"dotenv": "^17.3.1",
|
|
62
|
+
"http-proxy": "^1.18.1",
|
|
63
|
+
"ws": "^8.19.0"
|
|
56
64
|
}
|
|
57
|
-
}
|
|
65
|
+
}
|