shellward 0.5.5 → 0.5.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/auto-check.ts +9 -7
- package/src/commands/harden.ts +1 -1
- package/src/index.ts +1 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "shellward",
|
|
3
|
-
"version": "0.5.
|
|
3
|
+
"version": "0.5.6",
|
|
4
4
|
"description": "AI Agent Security Middleware — 8-layer defense against prompt injection, data exfiltration & dangerous commands. DLP model: use data freely, block external leaks. Zero dependencies. SDK + OpenClaw plugin. Supports LangChain, AutoGPT, Claude Code, Cursor, OpenAI Agents.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"shellward",
|
package/src/auto-check.ts
CHANGED
|
@@ -38,7 +38,7 @@ function getOpenClawVersion(): string {
|
|
|
38
38
|
/**
|
|
39
39
|
* 检查 OpenClaw 是否受已知漏洞影响
|
|
40
40
|
*/
|
|
41
|
-
async function checkOpenClawVulns(version: string): Promise<{ id: string; severity: string; description: string }[]> {
|
|
41
|
+
async function checkOpenClawVulns(version: string, locale: 'zh' | 'en' = 'en'): Promise<{ id: string; severity: string; description: string }[]> {
|
|
42
42
|
const vulns: { id: string; severity: string; description: string }[] = []
|
|
43
43
|
try {
|
|
44
44
|
const { vulns: db } = await fetchVulnDB()
|
|
@@ -51,7 +51,9 @@ async function checkOpenClawVulns(version: string): Promise<{ id: string; severi
|
|
|
51
51
|
vulns.push({
|
|
52
52
|
id: v.id,
|
|
53
53
|
severity: v.severity || 'MEDIUM',
|
|
54
|
-
description:
|
|
54
|
+
description: locale === 'zh'
|
|
55
|
+
? ((v as any).description_zh || (v as any).description_en || v.id)
|
|
56
|
+
: ((v as any).description_en || (v as any).description_zh || v.id),
|
|
55
57
|
})
|
|
56
58
|
}
|
|
57
59
|
}
|
|
@@ -121,10 +123,10 @@ function scanMcpConfig(): { config: string; risk: string }[] {
|
|
|
121
123
|
/**
|
|
122
124
|
* 执行全部自动检查,返回结果(供启动时告警用)
|
|
123
125
|
*/
|
|
124
|
-
export async function runAutoCheck(): Promise<AutoCheckResult> {
|
|
126
|
+
export async function runAutoCheck(locale: 'zh' | 'en' = 'en'): Promise<AutoCheckResult> {
|
|
125
127
|
const ocVersion = getOpenClawVersion()
|
|
126
128
|
const [openclawVulns, pluginRisks, mcpRisks] = await Promise.all([
|
|
127
|
-
checkOpenClawVulns(ocVersion),
|
|
129
|
+
checkOpenClawVulns(ocVersion, locale),
|
|
128
130
|
Promise.resolve(scanPluginsQuick()),
|
|
129
131
|
Promise.resolve(scanMcpConfig()),
|
|
130
132
|
])
|
|
@@ -136,7 +138,7 @@ export async function runAutoCheck(): Promise<AutoCheckResult> {
|
|
|
136
138
|
* 启动时执行检查,发现问题时通过 logger 告警
|
|
137
139
|
*/
|
|
138
140
|
export function runAutoCheckOnStartup(logger: { warn: (s: string) => void }, locale: 'zh' | 'en'): void {
|
|
139
|
-
runAutoCheck().then(result => {
|
|
141
|
+
runAutoCheck(locale).then(result => {
|
|
140
142
|
const zh = locale === 'zh'
|
|
141
143
|
const lines: string[] = []
|
|
142
144
|
|
|
@@ -154,7 +156,7 @@ export function runAutoCheckOnStartup(logger: { warn: (s: string) => void }, loc
|
|
|
154
156
|
lines.push(` ${r.plugin}: ${r.risk}`)
|
|
155
157
|
}
|
|
156
158
|
if (result.pluginRisks.length > 3) {
|
|
157
|
-
lines.push(` ... 共 ${result.pluginRisks.length} 项`)
|
|
159
|
+
lines.push(zh ? ` ... 共 ${result.pluginRisks.length} 项` : ` ... ${result.pluginRisks.length} total`)
|
|
158
160
|
}
|
|
159
161
|
lines.push(zh ? ' 请运行 /scan-plugins 查看详情' : ' Run /scan-plugins for details')
|
|
160
162
|
}
|
|
@@ -171,7 +173,7 @@ export function runAutoCheckOnStartup(logger: { warn: (s: string) => void }, loc
|
|
|
171
173
|
}
|
|
172
174
|
|
|
173
175
|
if (lines.length > 0) {
|
|
174
|
-
logger.warn('[ShellWard] 自动安全检查:\n' + lines.join('\n'))
|
|
176
|
+
logger.warn((zh ? '[ShellWard] 自动安全检查:\n' : '[ShellWard] Auto security check:\n') + lines.join('\n'))
|
|
175
177
|
}
|
|
176
178
|
}).catch(() => { /* 静默失败,不阻塞 */ })
|
|
177
179
|
}
|
package/src/commands/harden.ts
CHANGED
|
@@ -195,7 +195,7 @@ export function registerHardenCommand(api: any, config: ShellWardConfig) {
|
|
|
195
195
|
// Firewall
|
|
196
196
|
lines.push(zh ? '**防火墙限制** — 仅允许必要出站:' : '**Firewall** — allow only necessary outbound:')
|
|
197
197
|
lines.push('```bash')
|
|
198
|
-
lines.push('# 只允许 HTTPS 出站(API 调用),禁止其他出站')
|
|
198
|
+
lines.push(zh ? '# 只允许 HTTPS 出站(API 调用),禁止其他出站' : '# Allow only HTTPS outbound (API calls), block everything else')
|
|
199
199
|
lines.push('sudo iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT')
|
|
200
200
|
lines.push('sudo iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT')
|
|
201
201
|
lines.push('sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT # DNS')
|
package/src/index.ts
CHANGED
|
@@ -20,7 +20,7 @@ import { registerAllCommands } from './commands/index'
|
|
|
20
20
|
import { checkForUpdate } from './update-check'
|
|
21
21
|
import { runAutoCheckOnStartup } from './auto-check'
|
|
22
22
|
|
|
23
|
-
const CURRENT_VERSION = '0.5.
|
|
23
|
+
const CURRENT_VERSION = '0.5.6'
|
|
24
24
|
|
|
25
25
|
// Re-export core engine for SDK usage
|
|
26
26
|
export { ShellWard } from './core/engine'
|