npm - skillshield - Versions diffs - 1.0.0 → 2.0.0 - Mend

skillshield 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +2 -0
package/dist/index.js.map +1 -1
package/dist/shield/audit-trail.d.ts +67 -0
package/dist/shield/audit-trail.d.ts.map +1 -0
package/dist/shield/audit-trail.js +140 -0
package/dist/shield/audit-trail.js.map +1 -0
package/dist/shield/filesystem-jail.d.ts +80 -0
package/dist/shield/filesystem-jail.d.ts.map +1 -0
package/dist/shield/filesystem-jail.js +320 -0
package/dist/shield/filesystem-jail.js.map +1 -0
package/dist/shield/index.d.ts +82 -0
package/dist/shield/index.d.ts.map +1 -0
package/dist/shield/index.js +88 -0
package/dist/shield/index.js.map +1 -0
package/dist/shield/network-policy.d.ts +74 -0
package/dist/shield/network-policy.d.ts.map +1 -0
package/dist/shield/network-policy.js +226 -0
package/dist/shield/network-policy.js.map +1 -0
package/dist/shield/runtime-monitor.d.ts +106 -0
package/dist/shield/runtime-monitor.d.ts.map +1 -0
package/dist/shield/runtime-monitor.js +233 -0
package/dist/shield/runtime-monitor.js.map +1 -0
package/package.json +1 -1

package/dist/shield/filesystem-jail.js ADDED Viewed

@@ -0,0 +1,320 @@
+/**
+ * SkillShield — Filesystem Jail
+ *
+ * Restricts skill access to specific directories. Skills can only read/write
+ * within their jail, and sensitive paths are always blocked.
+ *
+ * Unlike NVIDIA OpenShell (which needs Landlock/Linux), this works
+ * cross-platform by intercepting Node.js fs module calls.
+ */
+import { resolve, normalize, relative, isAbsolute } from 'path';
+/** Sensitive paths that are ALWAYS blocked regardless of policy */
+const SENSITIVE_PATHS = [
+    // SSH & credentials
+    '~/.ssh',
+    '~/.aws',
+    '~/.config/gcloud',
+    '~/.kube',
+    '~/.gnupg',
+    '~/.npmrc',
+    '~/.pypirc',
+    // Environment files
+    '.env',
+    '.env.local',
+    '.env.production',
+    '.env.staging',
+    'credentials.json',
+    'secrets.json',
+    'service-account.json',
+    // System files
+    '/etc/passwd',
+    '/etc/shadow',
+    '/etc/sudoers',
+    // Agent identity files (Memory Poisoning protection)
+    'SOUL.md',
+    'MEMORY.md',
+    'IDENTITY.md',
+    'HEARTBEAT.md',
+    'AGENTS.md',
+    'USER.md',
+    '.clawhome',
+    '.openclaw',
+    // Git credentials
+    '.git-credentials',
+    '.gitconfig',
+];
+/** Sensitive path patterns (regex) */
+const SENSITIVE_PATTERNS = [
+    /\.env(\.[a-z]+)?$/i,
+    /id_rsa|id_ed25519|id_ecdsa/i,
+    /\.pem$/i,
+    /\.key$/i,
+    /credentials/i,
+    /secrets?\.(json|yaml|yml|toml)$/i,
+    /service.account.*\.json$/i,
+];
+export class FilesystemJail {
+    constructor(policy) {
+        this.violations = [];
+        this.fileCount = 0;
+        this.totalBytesWritten = 0;
+        this.policy = policy;
+        this.jailRoot = resolve(policy.jailRoot);
+        this.homeDir = process.env.HOME || process.env.USERPROFILE || '/tmp';
+        // Expand ~ in sensitive paths and add to blocked set
+        this.blockedPaths = new Set([
+            ...SENSITIVE_PATHS.map((p) => this.expandPath(p)),
+            ...(policy.blockedPaths || []).map((p) => resolve(p)),
+        ]);
+    }
+    /**
+     * Check if a read operation is allowed.
+     */
+    checkRead(filePath) {
+        const resolved = this.resolvePath(filePath);
+        // Always block sensitive paths
+        if (this.isSensitivePath(resolved)) {
+            this.recordViolation({
+                type: 'SENSITIVE_PATH',
+                path: resolved,
+                operation: 'read',
+                details: `Access to sensitive path blocked: ${resolved}`,
+            });
+            return false;
+        }
+        // Check if inside jail
+        if (this.isInsideJail(resolved)) {
+            return true;
+        }
+        // Check additional readable paths
+        if (this.policy.readablePaths?.some((p) => resolved.startsWith(resolve(p)))) {
+            return true;
+        }
+        // Check allow-read-outside setting
+        if (this.policy.allowReadOutsideJail) {
+            return true;
+        }
+        this.recordViolation({
+            type: 'READ_BLOCKED',
+            path: resolved,
+            operation: 'read',
+            details: `Read outside jail: ${resolved} (jail: ${this.jailRoot})`,
+        });
+        return false;
+    }
+    /**
+     * Check if a write operation is allowed.
+     */
+    checkWrite(filePath, size) {
+        const resolved = this.resolvePath(filePath);
+        // Always block sensitive paths
+        if (this.isSensitivePath(resolved)) {
+            this.recordViolation({
+                type: 'SENSITIVE_PATH',
+                path: resolved,
+                operation: 'write',
+                details: `Write to sensitive path blocked: ${resolved}`,
+            });
+            return false;
+        }
+        // Must be inside jail OR in writable paths
+        const isInJail = this.isInsideJail(resolved);
+        const isInWritable = this.policy.writablePaths?.some((p) => resolved.startsWith(resolve(p))) || false;
+        if (!isInJail && !isInWritable) {
+            this.recordViolation({
+                type: 'WRITE_BLOCKED',
+                path: resolved,
+                operation: 'write',
+                details: `Write outside jail: ${resolved} (jail: ${this.jailRoot})`,
+            });
+            return false;
+        }
+        // Check file size
+        if (size && this.policy.maxWriteSize && size > this.policy.maxWriteSize) {
+            this.recordViolation({
+                type: 'SIZE_EXCEEDED',
+                path: resolved,
+                operation: 'write',
+                details: `File size ${size} exceeds limit ${this.policy.maxWriteSize}`,
+            });
+            return false;
+        }
+        // Check file count
+        if (this.policy.maxFileCount && this.fileCount >= this.policy.maxFileCount) {
+            this.recordViolation({
+                type: 'FILE_COUNT_EXCEEDED',
+                path: resolved,
+                operation: 'write',
+                details: `File count ${this.fileCount} exceeds limit ${this.policy.maxFileCount}`,
+            });
+            return false;
+        }
+        this.fileCount++;
+        if (size)
+            this.totalBytesWritten += size;
+        return true;
+    }
+    /**
+     * Check if a delete operation is allowed.
+     */
+    checkDelete(filePath) {
+        const resolved = this.resolvePath(filePath);
+        // Never allow deleting sensitive paths
+        if (this.isSensitivePath(resolved)) {
+            this.recordViolation({
+                type: 'SENSITIVE_PATH',
+                path: resolved,
+                operation: 'delete',
+                details: `Delete of sensitive path blocked: ${resolved}`,
+            });
+            return false;
+        }
+        // Must be inside jail only
+        if (!this.isInsideJail(resolved)) {
+            this.recordViolation({
+                type: 'DELETE_BLOCKED',
+                path: resolved,
+                operation: 'delete',
+                details: `Delete outside jail: ${resolved} (jail: ${this.jailRoot})`,
+            });
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Generate Node.js code that enforces filesystem policy at runtime.
+     */
+    generateEnforcementCode() {
+        const jailRootJSON = JSON.stringify(this.jailRoot);
+        const sensitiveJSON = JSON.stringify([...this.blockedPaths]);
+        const patternsJSON = JSON.stringify(SENSITIVE_PATTERNS.map((p) => p.source));
+        const readableJSON = JSON.stringify((this.policy.readablePaths || []).map((p) => resolve(p)));
+        const writableJSON = JSON.stringify((this.policy.writablePaths || []).map((p) => resolve(p)));
+        return `
+// ── SkillShield Filesystem Jail ──
+const __ss_path = require('path');
+const __ss_jailRoot = ${jailRootJSON};
+const __ss_sensitive = new Set(${sensitiveJSON});
+const __ss_patterns = ${patternsJSON}.map(s => new RegExp(s, 'i'));
+const __ss_readable = ${readableJSON};
+const __ss_writable = ${writableJSON};
+const __ss_maxWrite = ${this.policy.maxWriteSize || 0};
+let __ss_fileCount = 0;
+const __ss_maxFiles = ${this.policy.maxFileCount || 100};
+function __ss_isSensitive(p) {
+  const resolved = __ss_path.resolve(p);
+  if (__ss_sensitive.has(resolved)) return true;
+  for (const s of __ss_sensitive) { if (resolved.startsWith(s + __ss_path.sep)) return true; }
+  for (const pat of __ss_patterns) { if (pat.test(resolved)) return true; }
+  return false;
+}
+function __ss_isInJail(p) {
+  const resolved = __ss_path.resolve(p);
+  const rel = __ss_path.relative(__ss_jailRoot, resolved);
+  return !rel.startsWith('..') && !__ss_path.isAbsolute(rel);
+}
+function __ss_checkRead(p) {
+  if (__ss_isSensitive(p)) throw new Error('[SkillShield] BLOCKED: Access to sensitive path: ' + p);
+  if (__ss_isInJail(p)) return true;
+  for (const r of __ss_readable) { if (__ss_path.resolve(p).startsWith(r)) return true; }
+  throw new Error('[SkillShield] BLOCKED: Read outside jail: ' + p);
+}
+function __ss_checkWrite(p) {
+  if (__ss_isSensitive(p)) throw new Error('[SkillShield] BLOCKED: Write to sensitive path: ' + p);
+  if (__ss_isInJail(p)) { __ss_fileCount++; if (__ss_fileCount > __ss_maxFiles) throw new Error('[SkillShield] File count limit exceeded'); return true; }
+  for (const w of __ss_writable) { if (__ss_path.resolve(p).startsWith(w)) return true; }
+  throw new Error('[SkillShield] BLOCKED: Write outside jail: ' + p);
+}
+// Intercept fs operations
+const __ss_fs = require('fs');
+const __ss_origReadFile = __ss_fs.readFileSync;
+const __ss_origWriteFile = __ss_fs.writeFileSync;
+const __ss_origUnlink = __ss_fs.unlinkSync;
+__ss_fs.readFileSync = function(path, ...args) {
+  __ss_checkRead(String(path));
+  return __ss_origReadFile.call(this, path, ...args);
+};
+__ss_fs.writeFileSync = function(path, data, ...args) {
+  __ss_checkWrite(String(path));
+  return __ss_origWriteFile.call(this, path, data, ...args);
+};
+__ss_fs.unlinkSync = function(path, ...args) {
+  if (__ss_isSensitive(String(path)) || !__ss_isInJail(String(path)))
+    throw new Error('[SkillShield] BLOCKED: Delete outside jail: ' + path);
+  return __ss_origUnlink.call(this, path, ...args);
+};
+// ── End SkillShield Filesystem Jail ──
+`;
+    }
+    isSensitivePath(resolved) {
+        // Direct match
+        if (this.blockedPaths.has(resolved))
+            return true;
+        // Check if path is under a blocked directory
+        for (const blocked of this.blockedPaths) {
+            if (resolved.startsWith(blocked + '/') || resolved.startsWith(blocked + '\\')) {
+                return true;
+            }
+        }
+        // Pattern match
+        for (const pattern of SENSITIVE_PATTERNS) {
+            if (pattern.test(resolved))
+                return true;
+        }
+        return false;
+    }
+    isInsideJail(resolved) {
+        const rel = relative(this.jailRoot, resolved);
+        return !rel.startsWith('..') && !isAbsolute(rel);
+    }
+    resolvePath(filePath) {
+        return resolve(normalize(filePath));
+    }
+    expandPath(p) {
+        if (p.startsWith('~/') || p === '~') {
+            return resolve(this.homeDir, p.slice(2));
+        }
+        return resolve(p);
+    }
+    recordViolation(partial) {
+        this.violations.push({ ...partial, timestamp: new Date().toISOString() });
+    }
+    getViolations() {
+        return [...this.violations];
+    }
+    getStats() {
+        return {
+            filesCreated: this.fileCount,
+            bytesWritten: this.totalBytesWritten,
+            violations: this.violations.length,
+        };
+    }
+}
+/**
+ * Parse filesystem policy from SKILL.md frontmatter.
+ * Expected format:
+ *   filesystem:
+ *     writable: ["./output", "/tmp"]
+ *     readable: ["./data"]
+ *     maxWriteMB: 50
+ *     maxFiles: 100
+ */
+export function parseFilesystemPolicy(frontmatter, defaultJailRoot) {
+    const fs = (frontmatter.filesystem || frontmatter.fs || {});
+    return {
+        jailRoot: fs.root || defaultJailRoot,
+        readablePaths: fs.readable || [],
+        writablePaths: fs.writable || [],
+        blockedPaths: fs.blocked || [],
+        allowReadOutsideJail: fs.allowReadOutside || false,
+        maxWriteSize: (fs.maxWriteMB || 50) * 1024 * 1024,
+        maxFileCount: fs.maxFiles || 100,
+    };
+}
+//# sourceMappingURL=filesystem-jail.js.map

package/dist/shield/filesystem-jail.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"filesystem-jail.js","sourceRoot":"","sources":["../../src/shield/filesystem-jail.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AA2BhE,mEAAmE;AACnE,MAAM,eAAe,GAAa;IAChC,oBAAoB;IACpB,QAAQ;IACR,QAAQ;IACR,kBAAkB;IAClB,SAAS;IACT,UAAU;IACV,UAAU;IACV,WAAW;IACX,oBAAoB;IACpB,MAAM;IACN,YAAY;IACZ,iBAAiB;IACjB,cAAc;IACd,kBAAkB;IAClB,cAAc;IACd,sBAAsB;IACtB,eAAe;IACf,aAAa;IACb,aAAa;IACb,cAAc;IACd,qDAAqD;IACrD,SAAS;IACT,WAAW;IACX,aAAa;IACb,cAAc;IACd,WAAW;IACX,SAAS;IACT,WAAW;IACX,WAAW;IACX,kBAAkB;IAClB,kBAAkB;IAClB,YAAY;CACb,CAAC;AAEF,sCAAsC;AACtC,MAAM,kBAAkB,GAAa;IACnC,oBAAoB;IACpB,6BAA6B;IAC7B,SAAS;IACT,SAAS;IACT,cAAc;IACd,kCAAkC;IAClC,2BAA2B;CAC5B,CAAC;AAEF,MAAM,OAAO,cAAc;IASzB,YAAY,MAAwB;QAP5B,eAAU,GAA0B,EAAE,CAAC;QACvC,cAAS,GAAW,CAAC,CAAC;QACtB,sBAAiB,GAAW,CAAC,CAAC;QAMpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,MAAM,CAAC;QAErE,qDAAqD;QACrD,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,CAAC;YAC1B,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YACjD,GAAG,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;SACtD,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,QAAgB;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE5C,+BAA+B;QAC/B,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,MAAM;gBACjB,OAAO,EAAE,qCAAqC,QAAQ,EAAE;aACzD,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,uBAAuB;QACvB,IAAI,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kCAAkC;QAClC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5E,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mCAAmC;QACnC,IAAI,IAAI,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,eAAe,CAAC;YACnB,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,MAAM;YACjB,OAAO,EAAE,sBAAsB,QAAQ,WAAW,IAAI,CAAC,QAAQ,GAAG;SACnE,CAAC,CAAC;QACH,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,QAAgB,EAAE,IAAa;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE5C,+BAA+B;QAC/B,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,OAAO;gBAClB,OAAO,EAAE,oCAAoC,QAAQ,EAAE;aACxD,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2CAA2C;QAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;QAEtG,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;YAC/B,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,OAAO;gBAClB,OAAO,EAAE,uBAAuB,QAAQ,WAAW,IAAI,CAAC,QAAQ,GAAG;aACpE,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,kBAAkB;QAClB,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACxE,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,OAAO;gBAClB,OAAO,EAAE,aAAa,IAAI,kBAAkB,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE;aACvE,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC3E,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,qBAAqB;gBAC3B,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,OAAO;gBAClB,OAAO,EAAE,cAAc,IAAI,CAAC,SAAS,kBAAkB,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE;aAClF,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,SAAS,EAAE,CAAC;QACjB,IAAI,IAAI;YAAE,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,QAAgB;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE5C,uCAAuC;QACvC,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,QAAQ;gBACnB,OAAO,EAAE,qCAAqC,QAAQ,EAAE;aACzD,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,QAAQ;gBACnB,OAAO,EAAE,wBAAwB,QAAQ,WAAW,IAAI,CAAC,QAAQ,GAAG;aACrE,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,uBAAuB;QACrB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnD,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;QAC7E,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9F,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAE9F,OAAO;;;wBAGa,YAAY;iCACH,aAAa;wBACtB,YAAY;wBACZ,YAAY;wBACZ,YAAY;wBACZ,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC;;wBAE7B,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkDtD,CAAC;IACA,CAAC;IAEO,eAAe,CAAC,QAAgB;QACtC,eAAe;QACf,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QAEjD,6CAA6C;QAC7C,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACxC,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,GAAG,GAAG,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC;gBAC9E,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;YACzC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC1C,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,YAAY,CAAC,QAAgB;QACnC,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACnD,CAAC;IAEO,WAAW,CAAC,QAAgB;QAClC,OAAO,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtC,CAAC;IAEO,UAAU,CAAC,CAAS;QAC1B,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACpC,OAAO,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAEO,eAAe,CAAC,OAA+C;QACrE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,aAAa;QACX,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;IAED,QAAQ;QACN,OAAO;YACL,YAAY,EAAE,IAAI,CAAC,SAAS;YAC5B,YAAY,EAAE,IAAI,CAAC,iBAAiB;YACpC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;SACnC,CAAC;IACJ,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,WAAoC,EACpC,eAAuB;IAEvB,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,UAAU,IAAI,WAAW,CAAC,EAAE,IAAI,EAAE,CAA4B,CAAC;IAEvF,OAAO;QACL,QAAQ,EAAG,EAAE,CAAC,IAAe,IAAI,eAAe;QAChD,aAAa,EAAG,EAAE,CAAC,QAAqB,IAAI,EAAE;QAC9C,aAAa,EAAG,EAAE,CAAC,QAAqB,IAAI,EAAE;QAC9C,YAAY,EAAG,EAAE,CAAC,OAAoB,IAAI,EAAE;QAC5C,oBAAoB,EAAG,EAAE,CAAC,gBAA4B,IAAI,KAAK;QAC/D,YAAY,EAAE,CAAE,EAAE,CAAC,UAAqB,IAAI,EAAE,CAAC,GAAG,IAAI,GAAG,IAAI;QAC7D,YAAY,EAAG,EAAE,CAAC,QAAmB,IAAI,GAAG;KAC7C,CAAC;AACJ,CAAC"}

package/dist/shield/index.d.ts ADDED Viewed

@@ -0,0 +1,82 @@
+/**
+ * SkillShield — Unified Runtime Security Engine
+ *
+ * Combines: Pre-scan (guard) + Network Policy + Filesystem Jail +
+ * Runtime Monitor + Kill Switch + Audit Trail
+ *
+ * This is what makes SkillShield unique:
+ * - Snyk/Cisco only scan before install
+ * - NVIDIA OpenShell needs Linux + enterprise infra
+ * - Aegis only intercepts LLM API calls
+ * - SkillShield does scan + runtime in one CLI, cross-platform
+ */
+export { NetworkPolicyEngine, parseNetworkPolicy } from './network-policy.js';
+export type { NetworkPolicy, NetworkViolation } from './network-policy.js';
+export { FilesystemJail, parseFilesystemPolicy } from './filesystem-jail.js';
+export type { FilesystemPolicy, FilesystemViolation } from './filesystem-jail.js';
+export { RuntimeMonitor, getDefaultMonitorPolicy } from './runtime-monitor.js';
+export type { MonitorPolicy, RuntimeEvent, MonitorReport } from './runtime-monitor.js';
+export { AuditTrail } from './audit-trail.js';
+export type { AuditEntry, AuditEventType } from './audit-trail.js';
+import { NetworkPolicyEngine, type NetworkPolicy } from './network-policy.js';
+import { FilesystemJail, type FilesystemPolicy } from './filesystem-jail.js';
+import { RuntimeMonitor, type MonitorPolicy } from './runtime-monitor.js';
+import { AuditTrail } from './audit-trail.js';
+export interface ShieldConfig {
+    skillId: string;
+    /** SKILL.md frontmatter for policy extraction */
+    frontmatter?: Record<string, unknown>;
+    /** Override network policy */
+    networkPolicy?: Partial<NetworkPolicy>;
+    /** Override filesystem policy */
+    filesystemPolicy?: Partial<FilesystemPolicy>;
+    /** Override monitor policy */
+    monitorPolicy?: Partial<MonitorPolicy>;
+    /** Working directory for the skill */
+    workDir?: string;
+    /** Enable audit trail (default: true) */
+    enableAudit?: boolean;
+    /** Verbose logging */
+    verbose?: boolean;
+}
+export interface ShieldReport {
+    skillId: string;
+    timestamp: string;
+    /** Pre-execution scan results */
+    scanScore: number;
+    scanStatus: string;
+    /** Runtime results */
+    killed: boolean;
+    killReason?: string;
+    durationMs: number;
+    /** Violations across all layers */
+    networkViolations: number;
+    filesystemViolations: number;
+    runtimeThreats: number;
+    totalViolations: number;
+    /** Audit trail hash (for verification) */
+    auditHash: string | null;
+    auditLength: number;
+    auditVerified: boolean;
+}
+/**
+ * The main Shield — orchestrates all security layers.
+ */
+export declare class SkillShield {
+    private config;
+    network: NetworkPolicyEngine;
+    filesystem: FilesystemJail;
+    monitor: RuntimeMonitor;
+    audit: AuditTrail;
+    constructor(config: ShieldConfig);
+    /**
+     * Generate the combined enforcement code that wraps skill execution.
+     * This code is prepended to the skill's execution context.
+     */
+    generateEnforcementWrapper(): string;
+    /**
+     * Get the final shield report after execution.
+     */
+    getReport(scanScore: number, scanStatus: string, durationMs: number): ShieldReport;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/shield/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/shield/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAC9E,YAAY,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAE3E,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7E,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAElF,OAAO,EAAE,cAAc,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAC/E,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAEvF,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAEnE,OAAO,EAAE,mBAAmB,EAAsB,KAAK,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAClG,OAAO,EAAE,cAAc,EAAyB,KAAK,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACpG,OAAO,EAAE,cAAc,EAA2B,KAAK,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACnG,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,iDAAiD;IACjD,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,8BAA8B;IAC9B,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IACvC,iCAAiC;IACjC,gBAAgB,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC7C,8BAA8B;IAC9B,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IACvC,sCAAsC;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yCAAyC;IACzC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,sBAAsB;IACtB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,sBAAsB;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,0CAA0C;IAC1C,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAe;IACtB,OAAO,EAAE,mBAAmB,CAAC;IAC7B,UAAU,EAAE,cAAc,CAAC;IAC3B,OAAO,EAAE,cAAc,CAAC;IACxB,KAAK,EAAE,UAAU,CAAC;gBAEb,MAAM,EAAE,YAAY;IAwBhC;;;OAGG;IACH,0BAA0B,IAAI,MAAM;IAgBpC;;OAEG;IACH,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,YAAY;CAuBnF"}

package/dist/shield/index.js ADDED Viewed

@@ -0,0 +1,88 @@
+/**
+ * SkillShield — Unified Runtime Security Engine
+ *
+ * Combines: Pre-scan (guard) + Network Policy + Filesystem Jail +
+ * Runtime Monitor + Kill Switch + Audit Trail
+ *
+ * This is what makes SkillShield unique:
+ * - Snyk/Cisco only scan before install
+ * - NVIDIA OpenShell needs Linux + enterprise infra
+ * - Aegis only intercepts LLM API calls
+ * - SkillShield does scan + runtime in one CLI, cross-platform
+ */
+export { NetworkPolicyEngine, parseNetworkPolicy } from './network-policy.js';
+export { FilesystemJail, parseFilesystemPolicy } from './filesystem-jail.js';
+export { RuntimeMonitor, getDefaultMonitorPolicy } from './runtime-monitor.js';
+export { AuditTrail } from './audit-trail.js';
+import { NetworkPolicyEngine, parseNetworkPolicy } from './network-policy.js';
+import { FilesystemJail, parseFilesystemPolicy } from './filesystem-jail.js';
+import { RuntimeMonitor, getDefaultMonitorPolicy } from './runtime-monitor.js';
+import { AuditTrail } from './audit-trail.js';
+/**
+ * The main Shield — orchestrates all security layers.
+ */
+export class SkillShield {
+    constructor(config) {
+        this.config = config;
+        const frontmatter = config.frontmatter || {};
+        const workDir = config.workDir || process.cwd();
+        // Initialize network policy
+        const baseNetPolicy = parseNetworkPolicy(frontmatter);
+        const netPolicy = { ...baseNetPolicy, ...config.networkPolicy };
+        this.network = new NetworkPolicyEngine(netPolicy);
+        // Initialize filesystem jail
+        const baseFsPolicy = parseFilesystemPolicy(frontmatter, workDir);
+        const fsPolicy = { ...baseFsPolicy, ...config.filesystemPolicy };
+        this.filesystem = new FilesystemJail(fsPolicy);
+        // Initialize runtime monitor
+        const baseMonPolicy = getDefaultMonitorPolicy();
+        const monPolicy = { ...baseMonPolicy, ...config.monitorPolicy };
+        this.monitor = new RuntimeMonitor(monPolicy);
+        // Initialize audit trail
+        this.audit = new AuditTrail(config.skillId);
+    }
+    /**
+     * Generate the combined enforcement code that wraps skill execution.
+     * This code is prepended to the skill's execution context.
+     */
+    generateEnforcementWrapper() {
+        const networkCode = this.network.generateEnforcementCode();
+        const filesystemCode = this.filesystem.generateEnforcementCode();
+        return `
+// ╔══════════════════════════════════════════════════════════════╗
+// ║              SKILLSHIELD RUNTIME ENFORCEMENT                ║
+// ║  Network Policy + Filesystem Jail + Output Monitoring       ║
+// ╚══════════════════════════════════════════════════════════════╝
+${networkCode}
+${filesystemCode}
+// ── SkillShield Ready ──
+console.error('[SkillShield] Runtime enforcement active');
+`;
+    }
+    /**
+     * Get the final shield report after execution.
+     */
+    getReport(scanScore, scanStatus, durationMs) {
+        const networkStats = this.network.getStats();
+        const fsStats = this.filesystem.getStats();
+        const monitorReport = this.monitor.getReport();
+        const auditVerification = this.audit.verify();
+        return {
+            skillId: this.config.skillId,
+            timestamp: new Date().toISOString(),
+            scanScore,
+            scanStatus,
+            killed: this.monitor.isKilled(),
+            killReason: monitorReport.killReason,
+            durationMs,
+            networkViolations: networkStats.violations,
+            filesystemViolations: fsStats.violations,
+            runtimeThreats: monitorReport.threatsDetected,
+            totalViolations: networkStats.violations + fsStats.violations + monitorReport.threatsDetected,
+            auditHash: this.audit.getLatestHash(),
+            auditLength: this.audit.getLength(),
+            auditVerified: auditVerification.valid,
+        };
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/shield/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/shield/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAG9E,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAG7E,OAAO,EAAE,cAAc,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAG/E,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAG9C,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAsB,MAAM,qBAAqB,CAAC;AAClG,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAyB,MAAM,sBAAsB,CAAC;AACpG,OAAO,EAAE,cAAc,EAAE,uBAAuB,EAAsB,MAAM,sBAAsB,CAAC;AACnG,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAyC9C;;GAEG;AACH,MAAM,OAAO,WAAW;IAOtB,YAAY,MAAoB;QAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAEhD,4BAA4B;QAC5B,MAAM,aAAa,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;QACtD,MAAM,SAAS,GAAkB,EAAE,GAAG,aAAa,EAAE,GAAG,MAAM,CAAC,aAAa,EAAE,CAAC;QAC/E,IAAI,CAAC,OAAO,GAAG,IAAI,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAElD,6BAA6B;QAC7B,MAAM,YAAY,GAAG,qBAAqB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QACjE,MAAM,QAAQ,GAAqB,EAAE,GAAG,YAAY,EAAE,GAAG,MAAM,CAAC,gBAAgB,EAAE,CAAC;QACnF,IAAI,CAAC,UAAU,GAAG,IAAI,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE/C,6BAA6B;QAC7B,MAAM,aAAa,GAAG,uBAAuB,EAAE,CAAC;QAChD,MAAM,SAAS,GAAkB,EAAE,GAAG,aAAa,EAAE,GAAG,MAAM,CAAC,aAAa,EAAE,CAAC;QAC/E,IAAI,CAAC,OAAO,GAAG,IAAI,cAAc,CAAC,SAAS,CAAC,CAAC;QAE7C,yBAAyB;QACzB,IAAI,CAAC,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED;;;OAGG;IACH,0BAA0B;QACxB,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,uBAAuB,EAAE,CAAC;QAC3D,MAAM,cAAc,GAAG,IAAI,CAAC,UAAU,CAAC,uBAAuB,EAAE,CAAC;QAEjE,OAAO;;;;;EAKT,WAAW;EACX,cAAc;;;CAGf,CAAC;IACA,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,SAAiB,EAAE,UAAkB,EAAE,UAAkB;QACjE,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;QAC3C,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QAC/C,MAAM,iBAAiB,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QAE9C,OAAO;YACL,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,SAAS;YACT,UAAU;YACV,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;YAC/B,UAAU,EAAE,aAAa,CAAC,UAAU;YACpC,UAAU;YACV,iBAAiB,EAAE,YAAY,CAAC,UAAU;YAC1C,oBAAoB,EAAE,OAAO,CAAC,UAAU;YACxC,cAAc,EAAE,aAAa,CAAC,eAAe;YAC7C,eAAe,EAAE,YAAY,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,GAAG,aAAa,CAAC,eAAe;YAC7F,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE;YACrC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE;YACnC,aAAa,EAAE,iBAAiB,CAAC,KAAK;SACvC,CAAC;IACJ,CAAC;CACF"}

package/dist/shield/network-policy.d.ts ADDED Viewed

@@ -0,0 +1,74 @@
+/**
+ * SkillShield — Network Policy Engine
+ *
+ * Per-skill domain allowlisting. Skills declare which domains they need,
+ * and SkillShield blocks everything else at the DNS resolution level.
+ *
+ * This is what Snyk and Cisco DON'T do — they scan before install,
+ * but can't stop a skill from phoning home at runtime.
+ */
+export interface NetworkPolicy {
+    /** Allowed domains (e.g., ["api.openai.com", "api.anthropic.com"]) */
+    allowedDomains: string[];
+    /** Allowed IP ranges in CIDR notation (e.g., ["10.0.0.0/8"]) */
+    allowedIPs?: string[];
+    /** Block all outbound by default? (true = default-deny) */
+    defaultDeny: boolean;
+    /** Max concurrent connections per skill */
+    maxConnections?: number;
+    /** Max data transfer in bytes (prevent exfiltration) */
+    maxTransferBytes?: number;
+    /** Block known malicious IPs/domains */
+    blockMalicious?: boolean;
+}
+export interface NetworkViolation {
+    timestamp: string;
+    type: 'DNS_BLOCKED' | 'CONNECTION_BLOCKED' | 'TRANSFER_EXCEEDED' | 'MALICIOUS_DOMAIN';
+    domain?: string;
+    ip?: string;
+    port?: number;
+    details: string;
+}
+export declare class NetworkPolicyEngine {
+    private policy;
+    private violations;
+    private connectionCount;
+    private transferredBytes;
+    private blockedDomains;
+    constructor(policy: NetworkPolicy);
+    /**
+     * Check if a domain is allowed by the policy.
+     * Returns true if allowed, false if blocked.
+     */
+    checkDomain(domain: string): boolean;
+    /**
+     * Check if a connection attempt is allowed.
+     */
+    checkConnection(domain: string, port: number): boolean;
+    /**
+     * Track data transfer and block if limit exceeded.
+     */
+    trackTransfer(bytes: number): boolean;
+    /**
+     * Generate the Node.js code that enforces this policy at runtime.
+     * This wraps the skill's execution with DNS/network interception.
+     */
+    generateEnforcementCode(): string;
+    private recordViolation;
+    getViolations(): NetworkViolation[];
+    getStats(): {
+        connections: number;
+        transferredBytes: number;
+        violations: number;
+    };
+    reset(): void;
+}
+/**
+ * Parse network policy from SKILL.md frontmatter.
+ * Expected format in frontmatter:
+ *   network:
+ *     allowed: ["api.openai.com", "api.anthropic.com"]
+ *     maxTransferMB: 10
+ */
+export declare function parseNetworkPolicy(frontmatter: Record<string, unknown>): NetworkPolicy;
+//# sourceMappingURL=network-policy.d.ts.map

package/dist/shield/network-policy.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"network-policy.d.ts","sourceRoot":"","sources":["../../src/shield/network-policy.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,aAAa;IAC5B,sEAAsE;IACtE,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,gEAAgE;IAChE,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,2DAA2D;IAC3D,WAAW,EAAE,OAAO,CAAC;IACrB,2CAA2C;IAC3C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,wDAAwD;IACxD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,wCAAwC;IACxC,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,aAAa,GAAG,oBAAoB,GAAG,mBAAmB,GAAG,kBAAkB,CAAC;IACtF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AA0BD,qBAAa,mBAAmB;IAC9B,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,UAAU,CAA0B;IAC5C,OAAO,CAAC,eAAe,CAAa;IACpC,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,cAAc,CAAc;gBAExB,MAAM,EAAE,aAAa;IAQjC;;;OAGG;IACH,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAgDpC;;OAEG;IACH,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO;IAqBtD;;OAEG;IACH,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAcrC;;;OAGG;IACH,uBAAuB,IAAI,MAAM;IA6DjC,OAAO,CAAC,eAAe;IAOvB,aAAa,IAAI,gBAAgB,EAAE;IAInC,QAAQ,IAAI;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE;IAQjF,KAAK,IAAI,IAAI;CAKd;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,aAAa,CAYtF"}