sentinel-agentos 0.1.0

package/dist/guard/risk-gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-gate.js","sourceRoot":"","sources":["../../src/guard/risk-gate.ts"],"names":[],"mappings":";;;AAOA,MAAM,aAAa,GAAgC;IACjD,KAAK,EAAE,CAAC;IACR,SAAS,EAAE,CAAC;IACZ,OAAO,EAAE,CAAC;IACV,MAAM,EAAE,EAAE;CACX,CAAC;AAOF,MAAM,kBAAkB,GAAqC;IAC3D,IAAI,EAAE,GAAG;IACT,GAAG,EAAE,GAAG;IACR,MAAM,EAAE,GAAG;IACX,IAAI,EAAE,GAAG;IACT,QAAQ,EAAE,GAAG;CACd,CAAC;AAEF;;GAEG;AACH,MAAM,mBAAmB,GAA2B;IAClD,IAAI,EAAE,IAAI;IACV,KAAK,EAAE,IAAI;IACX,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,IAAI;CACd,CAAC;AA4CF;;GAEG;AACU,QAAA,uBAAuB,GAAmB;IACrD,WAAW,EAAE,GAAG;IAChB,MAAM,EAAE,GAAG;IACX,OAAO,EAAE,GAAG;IACZ,IAAI,EAAE,GAAG;CACV,CAAC;AAEF;;;;;;;GAOG;AACH,MAAa,QAAQ;IACX,QAAQ,GAAiC,IAAI,GAAG,EAAE,CAAC;IACnD,KAAK,GAA2B,IAAI,GAAG,EAAE,CAAC;IAC1C,UAAU,CAAiB;IAEnC,YAAY,aAA6B,+BAAuB;QAC9D,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED,yCAAyC;IACzC,eAAe,CAAC,OAAwB;QACtC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACzC,0CAA0C;QAC1C,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAClC,MAAM,SAAS,GACb,OAAO,CAAC,gBAAgB;gBACxB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC9E,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE;gBAC3B,UAAU,EAAE,CAAC;gBACb,QAAQ,EAAE,CAAC;gBACX,SAAS;gBACT,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE;aACxB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,yCAAyC;IACzC,gBAAgB,CAAC,QAA2B;QAC1C,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;IACnD,CAAC;IAED,kCAAkC;IAClC,WAAW;QACT,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,+CAA+C;IAC/C,UAAU,CAAC,IAAY;QACrB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED;;;;;OAKG;IACH,QAAQ,CAAC,IAAY,EAAE,OAAiC;QACtD,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAExC,oEAAoE;QACpE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,CAAC,WAAW,GAAG,GAAG,CAAC;YACxD,OAAO;gBACL,KAAK,EAAE,aAAa;gBACpB,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE;oBACV,MAAM,EAAE,CAAC;oBACT,aAAa,EAAE,CAAC;oBAChB,WAAW,EAAE,CAAC;oBACd,SAAS,EAAE,CAAC;iBACb;aACF,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7C,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC;QACtE,MAAM,WAAW,GAAG,kBAAkB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAC5D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,KAAK,EAAE,SAAS,IAAI,IAAI,CAAC;QAE3C,MAAM,KAAK,GACT,MAAM,GAAG,CAAC,CAAC,GAAG,aAAa,CAAC,GAAG,WAAW,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC;QAE/D,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAEzC,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,GAAG,EAAE,4BAA4B;YAClE,MAAM;YACN,UAAU,EAAE;gBACV,MAAM;gBACN,aAAa;gBACb,WAAW;gBACX,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,IAAI;aAC/C;SACF,CAAC;IACJ,CAAC;IAED,wDAAwD;IACxD,aAAa,CAAC,IAAY,EAAE,OAAgB;QAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK;YAAE,OAAO;QAEnB,KAAK,CAAC,UAAU,EAAE,CAAC;QACnB,IAAI,CAAC,OAAO;YAAE,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC/B,KAAK,CAAC,SAAS;YACb,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/D,KAAK,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACjC,CAAC;IAED,0BAA0B;IAC1B,QAAQ,CAAC,IAAY;QACnB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,8BAA8B;IAC9B,WAAW;QACT,OAAO,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IAED,mCAAmC;IACnC,aAAa,CAAC,UAAmC;QAC/C,IAAI,CAAC,UAAU,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,GAAG,UAAU,EAAE,CAAC;IAC1D,CAAC;IAED,6BAA6B;IAC7B,aAAa;QACX,OAAO,EAAE,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;IAChC,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,KAAa;QACjC,IAAI,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW;YAAE,OAAO,MAAM,CAAC;QACxD,IAAI,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM;YAAE,OAAO,QAAQ,CAAC;QACrD,IAAI,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO;YAAE,OAAO,SAAS,CAAC;QACvD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAjID,4BAiIC"}

package/dist/guard/sandbox.d.ts

@@ -0,0 +1,112 @@
+/**
+ * Execution mode — from DESIGN.md §4.5
+ */
+export type ExecutionMode = 'direct' | 'sandbox' | 'dry-run';
+/**
+ * Network access policy for sandbox mode.
+ */
+export type NetworkPolicy = 'none' | 'localhost' | 'whitelist';
+/**
+ * Execution context configuration — full DESIGN.md §4.5 interface.
+ */
+export interface ExecutionContext {
+    /** Execution mode */
+    mode: ExecutionMode;
+    /** Timeout in milliseconds */
+    timeoutMs: number;
+    /** Network policy (sandbox mode only) */
+    networkAccess?: NetworkPolicy;
+    /** Allowed network hosts (sandbox + whitelist mode only) */
+    networkWhitelist?: string[];
+    /** Writable paths (sandbox mode) */
+    writablePaths?: string[];
+    /** Read-only paths (sandbox mode) */
+    readonlyPaths?: string[];
+    /** Workspace root */
+    workspaceRoot: string;
+    /** Max output size before truncation */
+    maxOutputSize?: number;
+    /** Allowed tools in sandbox mode */
+    allowedTools?: string[];
+    /** Forbidden tools in any mode */
+    forbiddenTools?: string[];
+}
+/**
+ * Sandbox execution result.
+ */
+export interface SandboxResult {
+    /** Execution outcome */
+    success: boolean;
+    /** Exit code (0 = success) */
+    exitCode: number;
+    /** stdout */
+    stdout: string;
+    /** stderr */
+    stderr: string;
+    /** Truncated flag */
+    truncated: boolean;
+    /** Error message if sandbox rejected */
+    sandboxRejectReason?: string;
+    /** Dry-run: what would have happened */
+    dryRunSummary?: string;
+    /** Execution time in ms */
+    durationMs: number;
+}
+/**
+ * Sandbox Violation types.
+ */
+export declare enum SandboxViolation {
+    NETWORK_FORBIDDEN = "NETWORK_FORBIDDEN",
+    PATH_NOT_WRITABLE = "PATH_NOT_WRITABLE",
+    PATH_READONLY = "PATH_READONLY",
+    TOOL_FORBIDDEN = "TOOL_FORBIDDEN",
+    TOOL_NOT_ALLOWED = "TOOL_NOT_ALLOWED",
+    COMMAND_FORBIDDEN = "COMMAND_FORBIDDEN"
+}
+/**
+ * Sandbox Executor — controlled execution environment.
+ *
+ * Implements three execution modes from DESIGN.md §4.5:
+ * - direct: Execute in shared environment (default, no sandboxing)
+ * - sandbox: Restricted execution with network + filesystem policies
+ * - dry-run: Preview only, no actual execution
+ */
+export declare class SandboxExecutor {
+    private config;
+    /** Forbidden shell commands (dangerous patterns) */
+    private static FORBIDDEN_COMMANDS;
+    constructor(config: ExecutionContext);
+    /**
+     * Validate and possibly reject a tool call before execution.
+     *
+     * @returns {SandboxResult} with sandboxRejectReason if rejected
+     */
+    validate(toolName: string, params: Record<string, unknown>): SandboxResult | null;
+    /**
+     * Execute a shell command in the configured mode.
+     */
+    execute(toolName: string, params: Record<string, unknown>): Promise<SandboxResult>;
+    /**
+     * Dry-run: return a summary of what would happen.
+     */
+    private dryRun;
+    /**
+     * Execute shell commands with sandbox policies.
+     */
+    private executeShell;
+    /**
+     * Build environment with sandbox network restrictions.
+     */
+    private buildSandboxEnv;
+    /**
+     * Validate a filesystem path against sandbox policies.
+     */
+    private validatePath;
+    /**
+     * Validate a shell command against forbidden patterns.
+     */
+    private validateCommand;
+    private isShellTool;
+    private isWriteTool;
+}
+//# sourceMappingURL=sandbox.d.ts.map

package/dist/guard/sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.d.ts","sourceRoot":"","sources":["../../src/guard/sandbox.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;AAE7D;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,WAAW,GAAG,WAAW,CAAC;AAE/D;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,qBAAqB;IACrB,IAAI,EAAE,aAAa,CAAC;IACpB,8BAA8B;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,yCAAyC;IACzC,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,4DAA4D;IAC5D,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,oCAAoC;IACpC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,qCAAqC;IACrC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oCAAoC;IACpC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,kCAAkC;IAClC,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,wBAAwB;IACxB,OAAO,EAAE,OAAO,CAAC;IACjB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa;IACb,MAAM,EAAE,MAAM,CAAC;IACf,aAAa;IACb,MAAM,EAAE,MAAM,CAAC;IACf,qBAAqB;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,wCAAwC;IACxC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,wCAAwC;IACxC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,2BAA2B;IAC3B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,oBAAY,gBAAgB;IAC1B,iBAAiB,sBAAsB;IACvC,iBAAiB,sBAAsB;IACvC,aAAa,kBAAkB;IAC/B,cAAc,mBAAmB;IACjC,gBAAgB,qBAAqB;IACrC,iBAAiB,sBAAsB;CACxC;AAED;;;;;;;GAOG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAmB;IAEjC,oDAAoD;IACpD,OAAO,CAAC,MAAM,CAAC,kBAAkB,CAU/B;gBAEU,MAAM,EAAE,gBAAgB;IAOpC;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,aAAa,GAAG,IAAI;IA6DjF;;OAEG;IACG,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC;IA6BxF;;OAEG;IACH,OAAO,CAAC,MAAM;IAiCd;;OAEG;YACW,YAAY;IAyD1B;;OAEG;IACH,OAAO,CAAC,eAAe;IAsCvB;;OAEG;IACH,OAAO,CAAC,YAAY;IA0DpB;;OAEG;IACH,OAAO,CAAC,eAAe;IAkBvB,OAAO,CAAC,WAAW;IAInB,OAAO,CAAC,WAAW;CAQpB"}

package/dist/guard/sandbox.js

@@ -0,0 +1,379 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SandboxExecutor = exports.SandboxViolation = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+/**
+ * Sandbox Violation types.
+ */
+var SandboxViolation;
+(function (SandboxViolation) {
+    SandboxViolation["NETWORK_FORBIDDEN"] = "NETWORK_FORBIDDEN";
+    SandboxViolation["PATH_NOT_WRITABLE"] = "PATH_NOT_WRITABLE";
+    SandboxViolation["PATH_READONLY"] = "PATH_READONLY";
+    SandboxViolation["TOOL_FORBIDDEN"] = "TOOL_FORBIDDEN";
+    SandboxViolation["TOOL_NOT_ALLOWED"] = "TOOL_NOT_ALLOWED";
+    SandboxViolation["COMMAND_FORBIDDEN"] = "COMMAND_FORBIDDEN";
+})(SandboxViolation || (exports.SandboxViolation = SandboxViolation = {}));
+/**
+ * Sandbox Executor — controlled execution environment.
+ *
+ * Implements three execution modes from DESIGN.md §4.5:
+ * - direct: Execute in shared environment (default, no sandboxing)
+ * - sandbox: Restricted execution with network + filesystem policies
+ * - dry-run: Preview only, no actual execution
+ */
+class SandboxExecutor {
+    config;
+    /** Forbidden shell commands (dangerous patterns) */
+    static FORBIDDEN_COMMANDS = [
+        /rm\s+-rf\s+\//,
+        /sudo\s/,
+        /chmod\s+777/,
+        />\s*\/dev\//,
+        /mkfs\./,
+        /dd\s+if=/,
+        /:()\s*\{\s*:/, // fork bomb
+        /curl.*\|\s*bash/,
+        /wget.*\|\s*sh/,
+    ];
+    constructor(config) {
+        this.config = {
+            maxOutputSize: 1024 * 1024, // 1MB default
+            ...config,
+        };
+    }
+    /**
+     * Validate and possibly reject a tool call before execution.
+     *
+     * @returns {SandboxResult} with sandboxRejectReason if rejected
+     */
+    validate(toolName, params) {
+        // Check forbidden tools
+        if (this.config.forbiddenTools) {
+            if (this.config.forbiddenTools.includes(toolName)) {
+                return {
+                    success: false,
+                    exitCode: 126,
+                    stdout: '',
+                    stderr: '',
+                    truncated: false,
+                    durationMs: 0,
+                    sandboxRejectReason: `Tool "${toolName}" is forbidden by sandbox policy`,
+                };
+            }
+        }
+        // Check allowed tools (sandbox mode)
+        if (this.config.mode === 'sandbox' && this.config.allowedTools) {
+            if (!this.config.allowedTools.includes(toolName)) {
+                return {
+                    success: false,
+                    exitCode: 126,
+                    stdout: '',
+                    stderr: '',
+                    truncated: false,
+                    durationMs: 0,
+                    sandboxRejectReason: `Tool "${toolName}" is not in the sandbox allowed-tools list`,
+                };
+            }
+        }
+        // Check filesystem writes
+        if (this.config.mode === 'sandbox') {
+            const pathParam = params['path'] || params['file'] || params['filePath'];
+            if (typeof pathParam === 'string') {
+                const fsCheck = this.validatePath(pathParam, this.isWriteTool(toolName));
+                if (fsCheck)
+                    return fsCheck;
+            }
+            // Check multiple paths
+            const paths = params['paths'] || params['files'] || params['targets'];
+            if (Array.isArray(paths)) {
+                for (const p of paths) {
+                    if (typeof p === 'string') {
+                        const fsCheck = this.validatePath(p, this.isWriteTool(toolName));
+                        if (fsCheck)
+                            return fsCheck;
+                    }
+                }
+            }
+        }
+        // Check shell commands for dangerous patterns
+        if (toolName === 'exec' || toolName === 'shell' || toolName === 'command') {
+            const command = String(params['command'] || params['cmd'] || '');
+            const cmdCheck = this.validateCommand(command);
+            if (cmdCheck)
+                return cmdCheck;
+        }
+        return null; // All clear
+    }
+    /**
+     * Execute a shell command in the configured mode.
+     */
+    async execute(toolName, params) {
+        const startTime = Date.now();
+        // 1. Pre-flight validation
+        const rejection = this.validate(toolName, params);
+        if (rejection)
+            return rejection;
+        // 2. Dry-run mode
+        if (this.config.mode === 'dry-run') {
+            return this.dryRun(toolName, params);
+        }
+        // 3. Build command for exec-based tools
+        if (this.isShellTool(toolName)) {
+            return this.executeShell(params);
+        }
+        // 4. For non-shell tools: delegate (no sandbox exec here — that's the agent runtime's job)
+        // Sandbox mode only applies to shell commands at this level
+        return {
+            success: true,
+            exitCode: 0,
+            stdout: '',
+            stderr: '',
+            truncated: false,
+            durationMs: Date.now() - startTime,
+        };
+    }
+    /**
+     * Dry-run: return a summary of what would happen.
+     */
+    dryRun(toolName, params) {
+        const summaryParts = [];
+        if (this.isShellTool(toolName)) {
+            const command = String(params['command'] || '');
+            summaryParts.push(`Would execute: ${command}`);
+        }
+        else {
+            summaryParts.push(`Would call: ${toolName}(${JSON.stringify(params)})`);
+        }
+        // Check files that would be affected
+        const pathParam = params['path'] || params['file'] || params['filePath'];
+        if (typeof pathParam === 'string') {
+            const fullPath = path.resolve(this.config.workspaceRoot, pathParam);
+            if (fs.existsSync(fullPath)) {
+                const stat = fs.statSync(fullPath);
+                summaryParts.push(`File exists: ${pathParam} (${stat.size} bytes)`);
+            }
+            else {
+                summaryParts.push(`File would be created: ${pathParam}`);
+            }
+        }
+        return {
+            success: true,
+            exitCode: 0,
+            stdout: '',
+            stderr: '',
+            truncated: false,
+            durationMs: 0,
+            dryRunSummary: summaryParts.join('\n'),
+        };
+    }
+    /**
+     * Execute shell commands with sandbox policies.
+     */
+    async executeShell(params) {
+        const startTime = Date.now();
+        const command = String(params['command'] || '');
+        const cwd = String(params['cwd'] || this.config.workspaceRoot);
+        try {
+            const { execSync } = require('child_process');
+            // Apply network restrictions
+            const env = this.buildSandboxEnv();
+            let output;
+            try {
+                output = execSync(command, {
+                    cwd,
+                    encoding: 'utf-8',
+                    env,
+                    timeout: this.config.timeoutMs,
+                    maxBuffer: this.config.maxOutputSize,
+                    stdio: ['pipe', 'pipe', 'pipe'],
+                });
+            }
+            catch (execErr) {
+                return {
+                    success: false,
+                    exitCode: execErr.status ?? 1,
+                    stdout: execErr.stdout?.slice(0, this.config.maxOutputSize) ?? '',
+                    stderr: execErr.stderr?.slice(0, this.config.maxOutputSize) ?? '',
+                    truncated: (execErr.stdout?.length ?? 0) > (this.config.maxOutputSize ?? 1024 * 1024),
+                    durationMs: Date.now() - startTime,
+                };
+            }
+            const truncated = output.length > (this.config.maxOutputSize ?? 1024 * 1024);
+            const finalOutput = truncated
+                ? output.slice(0, this.config.maxOutputSize ?? 1024 * 1024)
+                : output;
+            return {
+                success: true,
+                exitCode: 0,
+                stdout: finalOutput,
+                stderr: '',
+                truncated,
+                durationMs: Date.now() - startTime,
+            };
+        }
+        catch (err) {
+            return {
+                success: false,
+                exitCode: 1,
+                stdout: '',
+                stderr: err.message ?? 'Unknown execution error',
+                truncated: false,
+                durationMs: Date.now() - startTime,
+            };
+        }
+    }
+    /**
+     * Build environment with sandbox network restrictions.
+     */
+    buildSandboxEnv() {
+        if (this.config.mode !== 'sandbox' || this.config.networkAccess === undefined) {
+            return undefined; // Use default env
+        }
+        const env = { ...process.env };
+        switch (this.config.networkAccess) {
+            case 'none':
+                env['http_proxy'] = 'http://0.0.0.0:0'; // Blackhole
+                env['https_proxy'] = 'http://0.0.0.0:0';
+                env['HTTP_PROXY'] = 'http://0.0.0.0:0';
+                env['HTTPS_PROXY'] = 'http://0.0.0.0:0';
+                env['NO_PROXY'] = '';
+                break;
+            case 'localhost':
+                env['http_proxy'] = 'http://0.0.0.0:0';
+                env['https_proxy'] = 'http://0.0.0.0:0';
+                env['HTTP_PROXY'] = 'http://0.0.0.0:0';
+                env['HTTPS_PROXY'] = 'http://0.0.0.0:0';
+                env['NO_PROXY'] = 'localhost,127.0.0.1,::1';
+                break;
+            case 'whitelist':
+                if (this.config.networkWhitelist) {
+                    env['http_proxy'] = 'http://0.0.0.0:0';
+                    env['https_proxy'] = 'http://0.0.0.0:0';
+                    env['HTTP_PROXY'] = 'http://0.0.0.0:0';
+                    env['HTTPS_PROXY'] = 'http://0.0.0.0:0';
+                    env['NO_PROXY'] = this.config.networkWhitelist.join(',') + ',localhost,127.0.0.1';
+                }
+                break;
+        }
+        return env;
+    }
+    /**
+     * Validate a filesystem path against sandbox policies.
+     */
+    validatePath(filePath, isWrite) {
+        const resolvedPath = path.resolve(this.config.workspaceRoot, filePath);
+        const normalizedRoot = path.resolve(this.config.workspaceRoot);
+        // Check if path is within workspace
+        if (!resolvedPath.startsWith(normalizedRoot + path.sep) && resolvedPath !== normalizedRoot) {
+            return {
+                success: false,
+                exitCode: 126,
+                stdout: '',
+                stderr: '',
+                truncated: false,
+                durationMs: 0,
+                sandboxRejectReason: `Path "${filePath}" is outside workspace boundaries`,
+            };
+        }
+        if (isWrite) {
+            // Check writable paths
+            if (this.config.writablePaths && this.config.writablePaths.length > 0) {
+                const isWritable = this.config.writablePaths.some((wp) => resolvedPath.startsWith(path.resolve(this.config.workspaceRoot, wp)));
+                if (!isWritable) {
+                    return {
+                        success: false,
+                        exitCode: 126,
+                        stdout: '',
+                        stderr: '',
+                        truncated: false,
+                        durationMs: 0,
+                        sandboxRejectReason: `Path "${filePath}" is not in the sandbox writable paths list`,
+                    };
+                }
+            }
+            // Check readonly paths
+            if (this.config.readonlyPaths) {
+                const isReadonly = this.config.readonlyPaths.some((rp) => resolvedPath.startsWith(path.resolve(this.config.workspaceRoot, rp)));
+                if (isReadonly) {
+                    return {
+                        success: false,
+                        exitCode: 126,
+                        stdout: '',
+                        stderr: '',
+                        truncated: false,
+                        durationMs: 0,
+                        sandboxRejectReason: `Path "${filePath}" is read-only in sandbox mode`,
+                    };
+                }
+            }
+        }
+        return null;
+    }
+    /**
+     * Validate a shell command against forbidden patterns.
+     */
+    validateCommand(command) {
+        for (const pattern of SandboxExecutor.FORBIDDEN_COMMANDS) {
+            if (pattern.test(command)) {
+                return {
+                    success: false,
+                    exitCode: 126,
+                    stdout: '',
+                    stderr: '',
+                    truncated: false,
+                    durationMs: 0,
+                    sandboxRejectReason: `Command matches forbidden pattern: "${pattern.source}"`,
+                };
+            }
+        }
+        return null;
+    }
+    isShellTool(toolName) {
+        return ['exec', 'shell', 'command', 'bash', 'sh', 'cmd'].includes(toolName);
+    }
+    isWriteTool(toolName) {
+        const writeTools = [
+            'write_file', 'write', 'edit', 'edit_file', 'create_file',
+            'mkdir', 'rm', 'unlink', 'delete_file', 'delete', 'mv', 'cp',
+            'exec', 'shell', 'git_commit', 'git_push',
+        ];
+        return writeTools.some((t) => toolName.includes(t));
+    }
+}
+exports.SandboxExecutor = SandboxExecutor;
+//# sourceMappingURL=sandbox.js.map

package/dist/guard/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../src/guard/sandbox.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AA4D7B;;GAEG;AACH,IAAY,gBAOX;AAPD,WAAY,gBAAgB;IAC1B,2DAAuC,CAAA;IACvC,2DAAuC,CAAA;IACvC,mDAA+B,CAAA;IAC/B,qDAAiC,CAAA;IACjC,yDAAqC,CAAA;IACrC,2DAAuC,CAAA;AACzC,CAAC,EAPW,gBAAgB,gCAAhB,gBAAgB,QAO3B;AAED;;;;;;;GAOG;AACH,MAAa,eAAe;IAClB,MAAM,CAAmB;IAEjC,oDAAoD;IAC5C,MAAM,CAAC,kBAAkB,GAAG;QAClC,eAAe;QACf,QAAQ;QACR,aAAa;QACb,aAAa;QACb,QAAQ;QACR,UAAU;QACV,cAAc,EAAG,YAAY;QAC7B,iBAAiB;QACjB,eAAe;KAChB,CAAC;IAEF,YAAY,MAAwB;QAClC,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,IAAI,GAAG,IAAI,EAAE,cAAc;YAC1C,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,QAAQ,CAAC,QAAgB,EAAE,MAA+B;QACxD,wBAAwB;QACxB,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YAC/B,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,QAAQ,EAAE,GAAG;oBACb,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,EAAE;oBACV,SAAS,EAAE,KAAK;oBAChB,UAAU,EAAE,CAAC;oBACb,mBAAmB,EAAE,SAAS,QAAQ,kCAAkC;iBACzE,CAAC;YACJ,CAAC;QACH,CAAC;QAED,qCAAqC;QACrC,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC/D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,QAAQ,EAAE,GAAG;oBACb,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,EAAE;oBACV,SAAS,EAAE,KAAK;oBAChB,UAAU,EAAE,CAAC;oBACb,mBAAmB,EAAE,SAAS,QAAQ,4CAA4C;iBACnF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,0BAA0B;QAC1B,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,CAAC;YACzE,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;gBAClC,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;gBACzE,IAAI,OAAO;oBAAE,OAAO,OAAO,CAAC;YAC9B,CAAC;YAED,uBAAuB;YACvB,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC;YACtE,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;oBACtB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;wBAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;wBACjE,IAAI,OAAO;4BAAE,OAAO,OAAO,CAAC;oBAC9B,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,8CAA8C;QAC9C,IAAI,QAAQ,KAAK,MAAM,IAAI,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC1E,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACjE,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YAC/C,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;QAChC,CAAC;QAED,OAAO,IAAI,CAAC,CAAC,YAAY;IAC3B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,MAA+B;QAC7D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,2BAA2B;QAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAClD,IAAI,SAAS;YAAE,OAAO,SAAS,CAAC;QAEhC,kBAAkB;QAClB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACvC,CAAC;QAED,wCAAwC;QACxC,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACnC,CAAC;QAED,2FAA2F;QAC3F,4DAA4D;QAC5D,OAAO;YACL,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,CAAC;YACX,MAAM,EAAE,EAAE;YACV,MAAM,EAAE,EAAE;YACV,SAAS,EAAE,KAAK;YAChB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;SACnC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,QAAgB,EAAE,MAA+B;QAC9D,MAAM,YAAY,GAAa,EAAE,CAAC;QAElC,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;YAChD,YAAY,CAAC,IAAI,CAAC,kBAAkB,OAAO,EAAE,CAAC,CAAC;QACjD,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,eAAe,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC1E,CAAC;QAED,qCAAqC;QACrC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,CAAC;QACzE,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YACpE,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACnC,YAAY,CAAC,IAAI,CAAC,gBAAgB,SAAS,KAAK,IAAI,CAAC,IAAI,SAAS,CAAC,CAAC;YACtE,CAAC;iBAAM,CAAC;gBACN,YAAY,CAAC,IAAI,CAAC,0BAA0B,SAAS,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,CAAC;YACX,MAAM,EAAE,EAAE;YACV,MAAM,EAAE,EAAE;YACV,SAAS,EAAE,KAAK;YAChB,UAAU,EAAE,CAAC;YACb,aAAa,EAAE,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;SACvC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY,CAAC,MAA+B;QACxD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAE/D,IAAI,CAAC;YACH,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;YAE9C,6BAA6B;YAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YAEnC,IAAI,MAAc,CAAC;YACnB,IAAI,CAAC;gBACH,MAAM,GAAG,QAAQ,CAAC,OAAO,EAAE;oBACzB,GAAG;oBACH,QAAQ,EAAE,OAAO;oBACjB,GAAG;oBACH,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;oBAC9B,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa;oBACpC,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;iBAChC,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,OAAY,EAAE,CAAC;gBACtB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,QAAQ,EAAE,OAAO,CAAC,MAAM,IAAI,CAAC;oBAC7B,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,EAAE;oBACjE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,EAAE;oBACjE,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,GAAG,IAAI,CAAC;oBACrF,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC;YACJ,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,GAAG,IAAI,CAAC,CAAC;YAC7E,MAAM,WAAW,GAAG,SAAS;gBAC3B,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,GAAG,IAAI,CAAC;gBAC3D,CAAC,CAAC,MAAM,CAAC;YAEX,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,CAAC;gBACX,MAAM,EAAE,WAAW;gBACnB,MAAM,EAAE,EAAE;gBACV,SAAS;gBACT,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC;QACJ,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,QAAQ,EAAE,CAAC;gBACX,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,GAAG,CAAC,OAAO,IAAI,yBAAyB;gBAChD,SAAS,EAAE,KAAK;gBAChB,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACK,eAAe;QACrB,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YAC9E,OAAO,SAAS,CAAC,CAAC,kBAAkB;QACtC,CAAC;QAED,MAAM,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;QAE/B,QAAQ,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAClC,KAAK,MAAM;gBACT,GAAG,CAAC,YAAY,CAAC,GAAG,kBAAkB,CAAC,CAAC,YAAY;gBACpD,GAAG,CAAC,aAAa,CAAC,GAAG,kBAAkB,CAAC;gBACxC,GAAG,CAAC,YAAY,CAAC,GAAG,kBAAkB,CAAC;gBACvC,GAAG,CAAC,aAAa,CAAC,GAAG,kBAAkB,CAAC;gBACxC,GAAG,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC;gBACrB,MAAM;YAER,KAAK,WAAW;gBACd,GAAG,CAAC,YAAY,CAAC,GAAG,kBAAkB,CAAC;gBACvC,GAAG,CAAC,aAAa,CAAC,GAAG,kBAAkB,CAAC;gBACxC,GAAG,CAAC,YAAY,CAAC,GAAG,kBAAkB,CAAC;gBACvC,GAAG,CAAC,aAAa,CAAC,GAAG,kBAAkB,CAAC;gBACxC,GAAG,CAAC,UAAU,CAAC,GAAG,yBAAyB,CAAC;gBAC5C,MAAM;YAER,KAAK,WAAW;gBACd,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;oBACjC,GAAG,CAAC,YAAY,CAAC,GAAG,kBAAkB,CAAC;oBACvC,GAAG,CAAC,aAAa,CAAC,GAAG,kBAAkB,CAAC;oBACxC,GAAG,CAAC,YAAY,CAAC,GAAG,kBAAkB,CAAC;oBACvC,GAAG,CAAC,aAAa,CAAC,GAAG,kBAAkB,CAAC;oBACxC,GAAG,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,sBAAsB,CAAC;gBACpF,CAAC;gBACD,MAAM;QACV,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,QAAgB,EAAE,OAAgB;QACrD,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QACvE,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAE/D,oCAAoC;QACpC,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,YAAY,KAAK,cAAc,EAAE,CAAC;YAC3F,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,QAAQ,EAAE,GAAG;gBACb,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,EAAE;gBACV,SAAS,EAAE,KAAK;gBAChB,UAAU,EAAE,CAAC;gBACb,mBAAmB,EAAE,SAAS,QAAQ,mCAAmC;aAC1E,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,uBAAuB;YACvB,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtE,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAC/C,CAAC,EAAE,EAAE,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,aAAc,EAAE,EAAE,CAAC,CAAC,CAC9E,CAAC;gBACF,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,QAAQ,EAAE,GAAG;wBACb,MAAM,EAAE,EAAE;wBACV,MAAM,EAAE,EAAE;wBACV,SAAS,EAAE,KAAK;wBAChB,UAAU,EAAE,CAAC;wBACb,mBAAmB,EAAE,SAAS,QAAQ,6CAA6C;qBACpF,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,uBAAuB;YACvB,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;gBAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAC/C,CAAC,EAAE,EAAE,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,aAAc,EAAE,EAAE,CAAC,CAAC,CAC9E,CAAC;gBACF,IAAI,UAAU,EAAE,CAAC;oBACf,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,QAAQ,EAAE,GAAG;wBACb,MAAM,EAAE,EAAE;wBACV,MAAM,EAAE,EAAE;wBACV,SAAS,EAAE,KAAK;wBAChB,UAAU,EAAE,CAAC;wBACb,mBAAmB,EAAE,SAAS,QAAQ,gCAAgC;qBACvE,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,OAAe;QACrC,KAAK,MAAM,OAAO,IAAI,eAAe,CAAC,kBAAkB,EAAE,CAAC;YACzD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,QAAQ,EAAE,GAAG;oBACb,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,EAAE;oBACV,SAAS,EAAE,KAAK;oBAChB,UAAU,EAAE,CAAC;oBACb,mBAAmB,EAAE,uCAAuC,OAAO,CAAC,MAAM,GAAG;iBAC9E,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,WAAW,CAAC,QAAgB;QAClC,OAAO,CAAC,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC9E,CAAC;IAEO,WAAW,CAAC,QAAgB;QAClC,MAAM,UAAU,GAAG;YACjB,YAAY,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa;YACzD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI;YAC5D,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,UAAU;SAC1C,CAAC;QACF,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,CAAC;;AA/VH,0CAgWC"}

package/dist/guard/schema-gate.d.ts

@@ -0,0 +1,90 @@
+import { SchemaCheck } from '../types';
+import type { GuardConfig } from '../types';
+/**
+ * Extended schema rule — supports all x- extensions from DESIGN.md §4.2.
+ */
+export interface SchemaRule {
+    /** Tool name to match */
+    tool: string;
+    /** Required parameter names */
+    required?: string[];
+    /** Parameter type constraints */
+    types?: Record<string, 'string' | 'number' | 'boolean' | 'object' | 'array'>;
+    /** Allowed values for specific parameters */
+    allowedValues?: Record<string, unknown[]>;
+    /** Min/max numeric constraints */
+    min?: Record<string, number>;
+    max?: Record<string, number>;
+    /** Regex patterns for string validation */
+    patterns?: Record<string, string>;
+    /** Custom validation functions */
+    custom?: Record<string, (value: unknown) => string | null>;
+    /** x- extensions: path scope constraint */
+    pathScope?: Record<string, 'workspace' | 'temp' | 'global'>;
+    /** x- extensions: allowed path glob patterns */
+    pathAllow?: Record<string, string[]>;
+    /** x- extensions: denied path glob patterns */
+    pathDeny?: Record<string, string[]>;
+    /** x- extensions: max parameter size in bytes */
+    maxSize?: Record<string, number>;
+    /** x- extensions: parameters marked as secret (redacted in logs) */
+    secrets?: string[];
+    /** x- extensions: parameter dependency — if X is set, Y is required */
+    dependsOn?: Record<string, {
+        required: string[];
+    }>;
+    /** x- extensions: mutually exclusive parameter groups */
+    mutuallyExclusive?: string[][];
+    /** Workspace root for path validation */
+    workspaceRoot?: string;
+}
+/**
+ * Schema Gate — deterministic parameter validation with JSON Schema x- extensions.
+ *
+ * Implements every validation rule from DESIGN.md §4.2:
+ * - required fields ✓
+ * - type checking ✓
+ * - allowed values ✓
+ * - numeric range ✓
+ * - regex patterns ✓
+ * - path scope constraint (x-path-scope) ✓
+ * - path allow/deny globs (x-path-allow/x-path-deny) ✓
+ * - max parameter size (x-max-size) ✓
+ * - secret parameter marking (x-secret) ✓
+ * - parameter dependencies (x-depends-on) ✓
+ * - mutually exclusive params (x-mutually-exclusive) ✓
+ * - custom validators ✓
+ *
+ * Zero LLM dependency. Pure deterministic logic.
+ */
+export declare class SchemaGate {
+    private rules;
+    constructor(config?: GuardConfig);
+    /** Register a schema rule for a tool */
+    registerRule(rule: SchemaRule): void;
+    /** Register multiple rules at once */
+    registerRules(rules: SchemaRule[]): void;
+    /** Get all registered rules */
+    getRules(): SchemaRule[];
+    /** Check if a tool has a registered rule */
+    hasRule(tool: string): boolean;
+    /**
+     * Full validation: runs all applicable checks.
+     * Returns { pass: boolean, errors: SchemaError[] }.
+     */
+    check(toolName: string, params: Record<string, unknown>): SchemaCheck;
+    /**
+     * Check if a parameter is marked as secret (x-secret).
+     */
+    isSecret(toolName: string, field: string): boolean;
+    /**
+     * Get all secret field names for a tool.
+     */
+    getSecrets(toolName: string): string[];
+    /**
+     * Simple glob matching for path allow/deny patterns.
+     * Supports *, **, ? wildcards.
+     */
+    private matchGlob;
+}
+//# sourceMappingURL=schema-gate.d.ts.map

package/dist/guard/schema-gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema-gate.d.ts","sourceRoot":"","sources":["../../src/guard/schema-gate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAe,MAAM,UAAU,CAAC;AACpD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAG5C;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,yBAAyB;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,iCAAiC;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,GAAG,QAAQ,GAAG,OAAO,CAAC,CAAC;IAC7E,6CAA6C;IAC7C,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;IAC1C,kCAAkC;IAClC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClC,kCAAkC;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC;IAC3D,2CAA2C;IAC3C,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,GAAG,MAAM,GAAG,QAAQ,CAAC,CAAC;IAC5D,gDAAgD;IAChD,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IACrC,+CAA+C;IAC/C,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IACpC,iDAAiD;IACjD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,oEAAoE;IACpE,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,uEAAuE;IACvE,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,QAAQ,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAC;IACnD,yDAAyD;IACzD,iBAAiB,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC;IAC/B,yCAAyC;IACzC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,KAAK,CAAsC;gBAEvC,MAAM,CAAC,EAAE,WAAW;IAsBhC,wCAAwC;IACxC,YAAY,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI;IAIpC,sCAAsC;IACtC,aAAa,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,IAAI;IAIxC,+BAA+B;IAC/B,QAAQ,IAAI,UAAU,EAAE;IAIxB,4CAA4C;IAC5C,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAI9B;;;OAGG;IACH,KAAK,CACH,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC9B,WAAW;IA+Td;;OAEG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO;IAKlD;;OAEG;IACH,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE;IAItC;;;OAGG;IACH,OAAO,CAAC,SAAS;CA2BlB"}