npm - skillshield - Versions diffs - 1.0.0 → 2.1.0 - Mend

skillshield 1.0.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/README.md +143 -301
package/dist/cli/commands/run.d.ts +12 -0
package/dist/cli/commands/run.d.ts.map +1 -1
package/dist/cli/commands/run.js +228 -60
package/dist/cli/commands/run.js.map +1 -1
package/dist/cli/index.js +5 -3
package/dist/cli/index.js.map +1 -1
package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +2 -0
package/dist/index.js.map +1 -1
package/dist/shield/audit-trail.d.ts +67 -0
package/dist/shield/audit-trail.d.ts.map +1 -0
package/dist/shield/audit-trail.js +140 -0
package/dist/shield/audit-trail.js.map +1 -0
package/dist/shield/filesystem-jail.d.ts +80 -0
package/dist/shield/filesystem-jail.d.ts.map +1 -0
package/dist/shield/filesystem-jail.js +320 -0
package/dist/shield/filesystem-jail.js.map +1 -0
package/dist/shield/index.d.ts +82 -0
package/dist/shield/index.d.ts.map +1 -0
package/dist/shield/index.js +88 -0
package/dist/shield/index.js.map +1 -0
package/dist/shield/network-policy.d.ts +74 -0
package/dist/shield/network-policy.d.ts.map +1 -0
package/dist/shield/network-policy.js +226 -0
package/dist/shield/network-policy.js.map +1 -0
package/dist/shield/runtime-monitor.d.ts +106 -0
package/dist/shield/runtime-monitor.d.ts.map +1 -0
package/dist/shield/runtime-monitor.js +233 -0
package/dist/shield/runtime-monitor.js.map +1 -0
package/package.json +1 -1

package/dist/shield/audit-trail.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"audit-trail.d.ts","sourceRoot":"","sources":["../../src/shield/audit-trail.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,MAAM,WAAW,UAAU;IACzB,oBAAoB;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,wEAAwE;IACxE,IAAI,EAAE,MAAM,CAAC;IACb,iDAAiD;IACjD,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB;IACpB,IAAI,EAAE,cAAc,CAAC;IACrB,2BAA2B;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,iCAAiC;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,oCAAoC;IACpC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,4BAA4B;IAC5B,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,UAAU,CAAC;CACxC;AAED,MAAM,MAAM,cAAc,GACtB,YAAY,GACZ,eAAe,GACf,cAAc,GACd,iBAAiB,GACjB,eAAe,GACf,iBAAiB,GACjB,iBAAiB,GACjB,WAAW,GACX,YAAY,GACZ,cAAc,GACd,aAAa,GACb,kBAAkB,GAClB,gBAAgB,GAChB,UAAU,GACV,WAAW,CAAC;AAEhB,qBAAa,UAAU;IACrB,OAAO,CAAC,KAAK,CAAoB;IACjC,OAAO,CAAC,OAAO,CAAS;gBAEZ,OAAO,EAAE,MAAM;IAI3B;;OAEG;IACH,MAAM,CACJ,IAAI,EAAE,cAAc,EACpB,WAAW,EAAE,MAAM,EACnB,QAAQ,GAAE,UAAU,CAAC,UAAU,CAAU,EACzC,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,UAAU;IA2Bb,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,UAAU;IAI3D,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,UAAU;IAKxE,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU;IAIhG,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,UAAU;IAI/D,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,GAAG,UAAU;IAKtF,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,UAAU;IAI1D,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,UAAU;IAIxE,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU;IAMtC;;;OAGG;IACH,MAAM,IAAI;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE;IAgCjE;;OAEG;IACH,MAAM,IAAI,MAAM;IAWhB;;OAEG;IACH,SAAS,IAAI,MAAM;IAoBnB,QAAQ,IAAI,UAAU,EAAE;IAIxB,SAAS,IAAI,MAAM;IAInB,aAAa,IAAI,MAAM,GAAG,IAAI;CAG/B"}

package/dist/shield/audit-trail.js ADDED Viewed

@@ -0,0 +1,140 @@
+/**
+ * SkillShield — Cryptographic Audit Trail
+ *
+ * Hash-chained log of every action during skill execution.
+ * Each entry is linked to the previous via SHA-256, creating
+ * a tamper-evident chain (like Aegis, but integrated with our
+ * scanner + runtime instead of being a separate tool).
+ */
+import { createHash } from 'crypto';
+export class AuditTrail {
+    constructor(skillId) {
+        this.chain = [];
+        this.skillId = skillId;
+    }
+    /**
+     * Record an event in the audit trail.
+     */
+    record(type, description, severity = 'INFO', data) {
+        const id = this.chain.length;
+        const previousHash = id === 0 ? '0' : this.chain[id - 1].hash;
+        const timestamp = new Date().toISOString();
+        // Compute hash from content + previous hash
+        const content = JSON.stringify({ id, timestamp, type, skillId: this.skillId, description, data, previousHash });
+        const hash = createHash('sha256').update(content).digest('hex');
+        const entry = {
+            id,
+            timestamp,
+            hash,
+            previousHash,
+            type,
+            skillId: this.skillId,
+            description,
+            data,
+            severity,
+        };
+        this.chain.push(entry);
+        return entry;
+    }
+    // ── Convenience methods ──
+    scanStart(patterns, categories) {
+        return this.record('SCAN_START', `Scanning skill with ${patterns} patterns across ${categories} categories`, 'INFO', { patterns, categories });
+    }
+    scanComplete(score, threats, status) {
+        const severity = threats > 0 ? (status === 'BLOCKED' ? 'CRITICAL' : 'WARN') : 'INFO';
+        return this.record('SCAN_COMPLETE', `Scan complete: score=${score}/100, threats=${threats}, status=${status}`, severity, { score, threats, status });
+    }
+    threatFound(patternId, category, severity, evidence) {
+        return this.record('THREAT_FOUND', `Threat ${patternId} (${category}/${severity}): ${evidence.substring(0, 100)}`, 'CRITICAL', { patternId, category, severity, evidence: evidence.substring(0, 500) });
+    }
+    executionStart(sandbox, policies) {
+        return this.record('EXECUTION_START', `Executing in ${sandbox} sandbox with policies: ${policies.join(', ')}`, 'INFO', { sandbox, policies });
+    }
+    executionEnd(exitCode, durationMs, killed) {
+        const severity = killed ? 'CRITICAL' : (exitCode === 0 ? 'INFO' : 'WARN');
+        return this.record('EXECUTION_END', `Execution ended: code=${exitCode}, duration=${durationMs}ms, killed=${killed}`, severity, { exitCode, durationMs, killed });
+    }
+    networkBlocked(domain, reason) {
+        return this.record('NETWORK_BLOCKED', `Network blocked: ${domain} — ${reason}`, 'WARN', { domain, reason });
+    }
+    fileBlocked(path, operation, reason) {
+        return this.record('FILE_BLOCKED', `File ${operation} blocked: ${path} — ${reason}`, 'WARN', { path, operation, reason });
+    }
+    killSwitch(reason) {
+        return this.record('KILL_SWITCH', `Kill switch activated: ${reason}`, 'CRITICAL', { reason });
+    }
+    // ── Chain operations ──
+    /**
+     * Verify the integrity of the entire chain.
+     * Returns true if no tampering detected.
+     */
+    verify() {
+        for (let i = 0; i < this.chain.length; i++) {
+            const entry = this.chain[i];
+            // Check previous hash linkage
+            if (i === 0 && entry.previousHash !== '0') {
+                return { valid: false, brokenAt: 0, details: 'Genesis entry has wrong previousHash' };
+            }
+            if (i > 0 && entry.previousHash !== this.chain[i - 1].hash) {
+                return { valid: false, brokenAt: i, details: `Entry ${i} previousHash doesn't match entry ${i - 1} hash` };
+            }
+            // Recompute hash
+            const content = JSON.stringify({
+                id: entry.id,
+                timestamp: entry.timestamp,
+                type: entry.type,
+                skillId: entry.skillId,
+                description: entry.description,
+                data: entry.data,
+                previousHash: entry.previousHash,
+            });
+            const expectedHash = createHash('sha256').update(content).digest('hex');
+            if (entry.hash !== expectedHash) {
+                return { valid: false, brokenAt: i, details: `Entry ${i} hash mismatch — data was tampered` };
+            }
+        }
+        return { valid: true };
+    }
+    /**
+     * Export the full chain as JSON (for storage / compliance).
+     */
+    toJSON() {
+        return JSON.stringify({
+            skillId: this.skillId,
+            chainLength: this.chain.length,
+            genesisHash: this.chain[0]?.hash || null,
+            latestHash: this.chain[this.chain.length - 1]?.hash || null,
+            verified: this.verify().valid,
+            entries: this.chain,
+        }, null, 2);
+    }
+    /**
+     * Export as compact summary for CLI display.
+     */
+    toSummary() {
+        const lines = [];
+        const threats = this.chain.filter((e) => e.severity === 'CRITICAL');
+        const warnings = this.chain.filter((e) => e.severity === 'WARN');
+        const verification = this.verify();
+        lines.push(`Audit Trail: ${this.skillId}`);
+        lines.push(`Entries: ${this.chain.length} | Threats: ${threats.length} | Warnings: ${warnings.length}`);
+        lines.push(`Chain integrity: ${verification.valid ? 'VERIFIED ✓' : 'BROKEN ✗ at entry ' + verification.brokenAt}`);
+        if (threats.length > 0) {
+            lines.push('\nCritical Events:');
+            threats.forEach((e) => {
+                lines.push(`  [${e.timestamp}] ${e.type}: ${e.description}`);
+            });
+        }
+        return lines.join('\n');
+    }
+    getChain() {
+        return [...this.chain];
+    }
+    getLength() {
+        return this.chain.length;
+    }
+    getLatestHash() {
+        return this.chain.length > 0 ? this.chain[this.chain.length - 1].hash : null;
+    }
+}
+//# sourceMappingURL=audit-trail.js.map

package/dist/shield/audit-trail.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"audit-trail.js","sourceRoot":"","sources":["../../src/shield/audit-trail.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAwCpC,MAAM,OAAO,UAAU;IAIrB,YAAY,OAAe;QAHnB,UAAK,GAAiB,EAAE,CAAC;QAI/B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,MAAM,CACJ,IAAoB,EACpB,WAAmB,EACnB,WAAmC,MAAM,EACzC,IAA8B;QAE9B,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;QAC7B,MAAM,YAAY,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;QAC9D,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAE3C,4CAA4C;QAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC;QAChH,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEhE,MAAM,KAAK,GAAe;YACxB,EAAE;YACF,SAAS;YACT,IAAI;YACJ,YAAY;YACZ,IAAI;YACJ,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,WAAW;YACX,IAAI;YACJ,QAAQ;SACT,CAAC;QAEF,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,4BAA4B;IAE5B,SAAS,CAAC,QAAgB,EAAE,UAAkB;QAC5C,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,uBAAuB,QAAQ,oBAAoB,UAAU,aAAa,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC;IACjJ,CAAC;IAED,YAAY,CAAC,KAAa,EAAE,OAAe,EAAE,MAAc;QACzD,MAAM,QAAQ,GAAG,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACrF,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,wBAAwB,KAAK,iBAAiB,OAAO,YAAY,MAAM,EAAE,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;IACvJ,CAAC;IAED,WAAW,CAAC,SAAiB,EAAE,QAAgB,EAAE,QAAgB,EAAE,QAAgB;QACjF,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,UAAU,SAAS,KAAK,QAAQ,IAAI,QAAQ,MAAM,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,UAAU,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;IAC1M,CAAC;IAED,cAAc,CAAC,OAAe,EAAE,QAAkB;QAChD,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,gBAAgB,OAAO,2BAA2B,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;IAChJ,CAAC;IAED,YAAY,CAAC,QAAuB,EAAE,UAAkB,EAAE,MAAe;QACvE,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC1E,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,yBAAyB,QAAQ,cAAc,UAAU,cAAc,MAAM,EAAE,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC,CAAC;IACnK,CAAC;IAED,cAAc,CAAC,MAAc,EAAE,MAAc;QAC3C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,oBAAoB,MAAM,MAAM,MAAM,EAAE,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC9G,CAAC;IAED,WAAW,CAAC,IAAY,EAAE,SAAiB,EAAE,MAAc;QACzD,OAAO,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,QAAQ,SAAS,aAAa,IAAI,MAAM,MAAM,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5H,CAAC;IAED,UAAU,CAAC,MAAc;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,0BAA0B,MAAM,EAAE,EAAE,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAChG,CAAC;IAED,yBAAyB;IAEzB;;;OAGG;IACH,MAAM;QACJ,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAE5B,8BAA8B;YAC9B,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,YAAY,KAAK,GAAG,EAAE,CAAC;gBAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;YACxF,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,YAAY,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC3D,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,qCAAqC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;YAC7G,CAAC;YAED,iBAAiB;YACjB,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;gBAC7B,EAAE,EAAE,KAAK,CAAC,EAAE;gBACZ,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,YAAY,EAAE,KAAK,CAAC,YAAY;aACjC,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAExE,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAChC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,oCAAoC,EAAE,CAAC;YAChG,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM;YAC9B,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,IAAI;YACxC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,IAAI,IAAI,IAAI;YAC3D,QAAQ,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK;YAC7B,OAAO,EAAE,IAAI,CAAC,KAAK;SACpB,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACd,CAAC;IAED;;OAEG;IACH,SAAS;QACP,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;QACpE,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;QACjE,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAEnC,KAAK,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,KAAK,CAAC,MAAM,eAAe,OAAO,CAAC,MAAM,gBAAgB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QACxG,KAAK,CAAC,IAAI,CAAC,oBAAoB,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,oBAAoB,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC;QAEnH,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YACjC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;gBACpB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YAC/D,CAAC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,QAAQ;QACN,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IAED,SAAS;QACP,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IAC/E,CAAC;CACF"}

package/dist/shield/filesystem-jail.d.ts ADDED Viewed

@@ -0,0 +1,80 @@
+/**
+ * SkillShield — Filesystem Jail
+ *
+ * Restricts skill access to specific directories. Skills can only read/write
+ * within their jail, and sensitive paths are always blocked.
+ *
+ * Unlike NVIDIA OpenShell (which needs Landlock/Linux), this works
+ * cross-platform by intercepting Node.js fs module calls.
+ */
+export interface FilesystemPolicy {
+    /** Root directory for the jail (skill can only access within this) */
+    jailRoot: string;
+    /** Additional readable paths outside jail */
+    readablePaths?: string[];
+    /** Additional writable paths outside jail */
+    writablePaths?: string[];
+    /** Completely blocked paths (always denied, overrides everything) */
+    blockedPaths?: string[];
+    /** Allow reading files outside jail? (default: false) */
+    allowReadOutsideJail?: boolean;
+    /** Max file size the skill can write (bytes) */
+    maxWriteSize?: number;
+    /** Max total files the skill can create */
+    maxFileCount?: number;
+}
+export interface FilesystemViolation {
+    timestamp: string;
+    type: 'READ_BLOCKED' | 'WRITE_BLOCKED' | 'DELETE_BLOCKED' | 'SENSITIVE_PATH' | 'SIZE_EXCEEDED' | 'FILE_COUNT_EXCEEDED';
+    path: string;
+    operation: string;
+    details: string;
+}
+export declare class FilesystemJail {
+    private policy;
+    private violations;
+    private fileCount;
+    private totalBytesWritten;
+    private jailRoot;
+    private blockedPaths;
+    private homeDir;
+    constructor(policy: FilesystemPolicy);
+    /**
+     * Check if a read operation is allowed.
+     */
+    checkRead(filePath: string): boolean;
+    /**
+     * Check if a write operation is allowed.
+     */
+    checkWrite(filePath: string, size?: number): boolean;
+    /**
+     * Check if a delete operation is allowed.
+     */
+    checkDelete(filePath: string): boolean;
+    /**
+     * Generate Node.js code that enforces filesystem policy at runtime.
+     */
+    generateEnforcementCode(): string;
+    private isSensitivePath;
+    private isInsideJail;
+    private resolvePath;
+    private expandPath;
+    private recordViolation;
+    getViolations(): FilesystemViolation[];
+    getStats(): {
+        filesCreated: number;
+        bytesWritten: number;
+        violations: number;
+    };
+}
+/**
+ * Parse filesystem policy from SKILL.md frontmatter.
+ * Expected format:
+ *   filesystem:
+ *     writable: ["./output", "/tmp"]
+ *     readable: ["./data"]
+ *     maxWriteMB: 50
+ *     maxFiles: 100
+ */
+export declare function parseFilesystemPolicy(frontmatter: Record<string, unknown>, defaultJailRoot: string): FilesystemPolicy;
+//# sourceMappingURL=filesystem-jail.d.ts.map

package/dist/shield/filesystem-jail.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"filesystem-jail.d.ts","sourceRoot":"","sources":["../../src/shield/filesystem-jail.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,MAAM,WAAW,gBAAgB;IAC/B,sEAAsE;IACtE,QAAQ,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,6CAA6C;IAC7C,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,qEAAqE;IACrE,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,yDAAyD;IACzD,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,2CAA2C;IAC3C,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,cAAc,GAAG,eAAe,GAAG,gBAAgB,GAAG,gBAAgB,GAAG,eAAe,GAAG,qBAAqB,CAAC;IACvH,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB;AAiDD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,UAAU,CAA6B;IAC/C,OAAO,CAAC,SAAS,CAAa;IAC9B,OAAO,CAAC,iBAAiB,CAAa;IACtC,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,YAAY,CAAc;IAClC,OAAO,CAAC,OAAO,CAAS;gBAEZ,MAAM,EAAE,gBAAgB;IAYpC;;OAEG;IACH,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAsCpC;;OAEG;IACH,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO;IAuDpD;;OAEG;IACH,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IA4BtC;;OAEG;IACH,uBAAuB,IAAI,MAAM;IAsEjC,OAAO,CAAC,eAAe;IAmBvB,OAAO,CAAC,YAAY;IAKpB,OAAO,CAAC,WAAW;IAInB,OAAO,CAAC,UAAU;IAOlB,OAAO,CAAC,eAAe;IAIvB,aAAa,IAAI,mBAAmB,EAAE;IAItC,QAAQ,IAAI;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE;CAO/E;AAED;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CACnC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACpC,eAAe,EAAE,MAAM,GACtB,gBAAgB,CAYlB"}

package/dist/shield/filesystem-jail.js ADDED Viewed

@@ -0,0 +1,320 @@
+/**
+ * SkillShield — Filesystem Jail
+ *
+ * Restricts skill access to specific directories. Skills can only read/write
+ * within their jail, and sensitive paths are always blocked.
+ *
+ * Unlike NVIDIA OpenShell (which needs Landlock/Linux), this works
+ * cross-platform by intercepting Node.js fs module calls.
+ */
+import { resolve, normalize, relative, isAbsolute } from 'path';
+/** Sensitive paths that are ALWAYS blocked regardless of policy */
+const SENSITIVE_PATHS = [
+    // SSH & credentials
+    '~/.ssh',
+    '~/.aws',
+    '~/.config/gcloud',
+    '~/.kube',
+    '~/.gnupg',
+    '~/.npmrc',
+    '~/.pypirc',
+    // Environment files
+    '.env',
+    '.env.local',
+    '.env.production',
+    '.env.staging',
+    'credentials.json',
+    'secrets.json',
+    'service-account.json',
+    // System files
+    '/etc/passwd',
+    '/etc/shadow',
+    '/etc/sudoers',
+    // Agent identity files (Memory Poisoning protection)
+    'SOUL.md',
+    'MEMORY.md',
+    'IDENTITY.md',
+    'HEARTBEAT.md',
+    'AGENTS.md',
+    'USER.md',
+    '.clawhome',
+    '.openclaw',
+    // Git credentials
+    '.git-credentials',
+    '.gitconfig',
+];
+/** Sensitive path patterns (regex) */
+const SENSITIVE_PATTERNS = [
+    /\.env(\.[a-z]+)?$/i,
+    /id_rsa|id_ed25519|id_ecdsa/i,
+    /\.pem$/i,
+    /\.key$/i,
+    /credentials/i,
+    /secrets?\.(json|yaml|yml|toml)$/i,
+    /service.account.*\.json$/i,
+];
+export class FilesystemJail {
+    constructor(policy) {
+        this.violations = [];
+        this.fileCount = 0;
+        this.totalBytesWritten = 0;
+        this.policy = policy;
+        this.jailRoot = resolve(policy.jailRoot);
+        this.homeDir = process.env.HOME || process.env.USERPROFILE || '/tmp';
+        // Expand ~ in sensitive paths and add to blocked set
+        this.blockedPaths = new Set([
+            ...SENSITIVE_PATHS.map((p) => this.expandPath(p)),
+            ...(policy.blockedPaths || []).map((p) => resolve(p)),
+        ]);
+    }
+    /**
+     * Check if a read operation is allowed.
+     */
+    checkRead(filePath) {
+        const resolved = this.resolvePath(filePath);
+        // Always block sensitive paths
+        if (this.isSensitivePath(resolved)) {
+            this.recordViolation({
+                type: 'SENSITIVE_PATH',
+                path: resolved,
+                operation: 'read',
+                details: `Access to sensitive path blocked: ${resolved}`,
+            });
+            return false;
+        }
+        // Check if inside jail
+        if (this.isInsideJail(resolved)) {
+            return true;
+        }
+        // Check additional readable paths
+        if (this.policy.readablePaths?.some((p) => resolved.startsWith(resolve(p)))) {
+            return true;
+        }
+        // Check allow-read-outside setting
+        if (this.policy.allowReadOutsideJail) {
+            return true;
+        }
+        this.recordViolation({
+            type: 'READ_BLOCKED',
+            path: resolved,
+            operation: 'read',
+            details: `Read outside jail: ${resolved} (jail: ${this.jailRoot})`,
+        });
+        return false;
+    }
+    /**
+     * Check if a write operation is allowed.
+     */
+    checkWrite(filePath, size) {
+        const resolved = this.resolvePath(filePath);
+        // Always block sensitive paths
+        if (this.isSensitivePath(resolved)) {
+            this.recordViolation({
+                type: 'SENSITIVE_PATH',
+                path: resolved,
+                operation: 'write',
+                details: `Write to sensitive path blocked: ${resolved}`,
+            });
+            return false;
+        }
+        // Must be inside jail OR in writable paths
+        const isInJail = this.isInsideJail(resolved);
+        const isInWritable = this.policy.writablePaths?.some((p) => resolved.startsWith(resolve(p))) || false;
+        if (!isInJail && !isInWritable) {
+            this.recordViolation({
+                type: 'WRITE_BLOCKED',
+                path: resolved,
+                operation: 'write',
+                details: `Write outside jail: ${resolved} (jail: ${this.jailRoot})`,
+            });
+            return false;
+        }
+        // Check file size
+        if (size && this.policy.maxWriteSize && size > this.policy.maxWriteSize) {
+            this.recordViolation({
+                type: 'SIZE_EXCEEDED',
+                path: resolved,
+                operation: 'write',
+                details: `File size ${size} exceeds limit ${this.policy.maxWriteSize}`,
+            });
+            return false;
+        }
+        // Check file count
+        if (this.policy.maxFileCount && this.fileCount >= this.policy.maxFileCount) {
+            this.recordViolation({
+                type: 'FILE_COUNT_EXCEEDED',
+                path: resolved,
+                operation: 'write',
+                details: `File count ${this.fileCount} exceeds limit ${this.policy.maxFileCount}`,
+            });
+            return false;
+        }
+        this.fileCount++;
+        if (size)
+            this.totalBytesWritten += size;
+        return true;
+    }
+    /**
+     * Check if a delete operation is allowed.
+     */
+    checkDelete(filePath) {
+        const resolved = this.resolvePath(filePath);
+        // Never allow deleting sensitive paths
+        if (this.isSensitivePath(resolved)) {
+            this.recordViolation({
+                type: 'SENSITIVE_PATH',
+                path: resolved,
+                operation: 'delete',
+                details: `Delete of sensitive path blocked: ${resolved}`,
+            });
+            return false;
+        }
+        // Must be inside jail only
+        if (!this.isInsideJail(resolved)) {
+            this.recordViolation({
+                type: 'DELETE_BLOCKED',
+                path: resolved,
+                operation: 'delete',
+                details: `Delete outside jail: ${resolved} (jail: ${this.jailRoot})`,
+            });
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Generate Node.js code that enforces filesystem policy at runtime.
+     */
+    generateEnforcementCode() {
+        const jailRootJSON = JSON.stringify(this.jailRoot);
+        const sensitiveJSON = JSON.stringify([...this.blockedPaths]);
+        const patternsJSON = JSON.stringify(SENSITIVE_PATTERNS.map((p) => p.source));
+        const readableJSON = JSON.stringify((this.policy.readablePaths || []).map((p) => resolve(p)));
+        const writableJSON = JSON.stringify((this.policy.writablePaths || []).map((p) => resolve(p)));
+        return `
+// ── SkillShield Filesystem Jail ──
+const __ss_path = require('path');
+const __ss_jailRoot = ${jailRootJSON};
+const __ss_sensitive = new Set(${sensitiveJSON});
+const __ss_patterns = ${patternsJSON}.map(s => new RegExp(s, 'i'));
+const __ss_readable = ${readableJSON};
+const __ss_writable = ${writableJSON};
+const __ss_maxWrite = ${this.policy.maxWriteSize || 0};
+let __ss_fileCount = 0;
+const __ss_maxFiles = ${this.policy.maxFileCount || 100};
+function __ss_isSensitive(p) {
+  const resolved = __ss_path.resolve(p);
+  if (__ss_sensitive.has(resolved)) return true;
+  for (const s of __ss_sensitive) { if (resolved.startsWith(s + __ss_path.sep)) return true; }
+  for (const pat of __ss_patterns) { if (pat.test(resolved)) return true; }
+  return false;
+}
+function __ss_isInJail(p) {
+  const resolved = __ss_path.resolve(p);
+  const rel = __ss_path.relative(__ss_jailRoot, resolved);
+  return !rel.startsWith('..') && !__ss_path.isAbsolute(rel);
+}
+function __ss_checkRead(p) {
+  if (__ss_isSensitive(p)) throw new Error('[SkillShield] BLOCKED: Access to sensitive path: ' + p);
+  if (__ss_isInJail(p)) return true;
+  for (const r of __ss_readable) { if (__ss_path.resolve(p).startsWith(r)) return true; }
+  throw new Error('[SkillShield] BLOCKED: Read outside jail: ' + p);
+}
+function __ss_checkWrite(p) {
+  if (__ss_isSensitive(p)) throw new Error('[SkillShield] BLOCKED: Write to sensitive path: ' + p);
+  if (__ss_isInJail(p)) { __ss_fileCount++; if (__ss_fileCount > __ss_maxFiles) throw new Error('[SkillShield] File count limit exceeded'); return true; }
+  for (const w of __ss_writable) { if (__ss_path.resolve(p).startsWith(w)) return true; }
+  throw new Error('[SkillShield] BLOCKED: Write outside jail: ' + p);
+}
+// Intercept fs operations
+const __ss_fs = require('fs');
+const __ss_origReadFile = __ss_fs.readFileSync;
+const __ss_origWriteFile = __ss_fs.writeFileSync;
+const __ss_origUnlink = __ss_fs.unlinkSync;
+__ss_fs.readFileSync = function(path, ...args) {
+  __ss_checkRead(String(path));
+  return __ss_origReadFile.call(this, path, ...args);
+};
+__ss_fs.writeFileSync = function(path, data, ...args) {
+  __ss_checkWrite(String(path));
+  return __ss_origWriteFile.call(this, path, data, ...args);
+};
+__ss_fs.unlinkSync = function(path, ...args) {
+  if (__ss_isSensitive(String(path)) || !__ss_isInJail(String(path)))
+    throw new Error('[SkillShield] BLOCKED: Delete outside jail: ' + path);
+  return __ss_origUnlink.call(this, path, ...args);
+};
+// ── End SkillShield Filesystem Jail ──
+`;
+    }
+    isSensitivePath(resolved) {
+        // Direct match
+        if (this.blockedPaths.has(resolved))
+            return true;
+        // Check if path is under a blocked directory
+        for (const blocked of this.blockedPaths) {
+            if (resolved.startsWith(blocked + '/') || resolved.startsWith(blocked + '\\')) {
+                return true;
+            }
+        }
+        // Pattern match
+        for (const pattern of SENSITIVE_PATTERNS) {
+            if (pattern.test(resolved))
+                return true;
+        }
+        return false;
+    }
+    isInsideJail(resolved) {
+        const rel = relative(this.jailRoot, resolved);
+        return !rel.startsWith('..') && !isAbsolute(rel);
+    }
+    resolvePath(filePath) {
+        return resolve(normalize(filePath));
+    }
+    expandPath(p) {
+        if (p.startsWith('~/') || p === '~') {
+            return resolve(this.homeDir, p.slice(2));
+        }
+        return resolve(p);
+    }
+    recordViolation(partial) {
+        this.violations.push({ ...partial, timestamp: new Date().toISOString() });
+    }
+    getViolations() {
+        return [...this.violations];
+    }
+    getStats() {
+        return {
+            filesCreated: this.fileCount,
+            bytesWritten: this.totalBytesWritten,
+            violations: this.violations.length,
+        };
+    }
+}
+/**
+ * Parse filesystem policy from SKILL.md frontmatter.
+ * Expected format:
+ *   filesystem:
+ *     writable: ["./output", "/tmp"]
+ *     readable: ["./data"]
+ *     maxWriteMB: 50
+ *     maxFiles: 100
+ */
+export function parseFilesystemPolicy(frontmatter, defaultJailRoot) {
+    const fs = (frontmatter.filesystem || frontmatter.fs || {});
+    return {
+        jailRoot: fs.root || defaultJailRoot,
+        readablePaths: fs.readable || [],
+        writablePaths: fs.writable || [],
+        blockedPaths: fs.blocked || [],
+        allowReadOutsideJail: fs.allowReadOutside || false,
+        maxWriteSize: (fs.maxWriteMB || 50) * 1024 * 1024,
+        maxFileCount: fs.maxFiles || 100,
+    };
+}
+//# sourceMappingURL=filesystem-jail.js.map

package/dist/shield/filesystem-jail.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"filesystem-jail.js","sourceRoot":"","sources":["../../src/shield/filesystem-jail.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AA2BhE,mEAAmE;AACnE,MAAM,eAAe,GAAa;IAChC,oBAAoB;IACpB,QAAQ;IACR,QAAQ;IACR,kBAAkB;IAClB,SAAS;IACT,UAAU;IACV,UAAU;IACV,WAAW;IACX,oBAAoB;IACpB,MAAM;IACN,YAAY;IACZ,iBAAiB;IACjB,cAAc;IACd,kBAAkB;IAClB,cAAc;IACd,sBAAsB;IACtB,eAAe;IACf,aAAa;IACb,aAAa;IACb,cAAc;IACd,qDAAqD;IACrD,SAAS;IACT,WAAW;IACX,aAAa;IACb,cAAc;IACd,WAAW;IACX,SAAS;IACT,WAAW;IACX,WAAW;IACX,kBAAkB;IAClB,kBAAkB;IAClB,YAAY;CACb,CAAC;AAEF,sCAAsC;AACtC,MAAM,kBAAkB,GAAa;IACnC,oBAAoB;IACpB,6BAA6B;IAC7B,SAAS;IACT,SAAS;IACT,cAAc;IACd,kCAAkC;IAClC,2BAA2B;CAC5B,CAAC;AAEF,MAAM,OAAO,cAAc;IASzB,YAAY,MAAwB;QAP5B,eAAU,GAA0B,EAAE,CAAC;QACvC,cAAS,GAAW,CAAC,CAAC;QACtB,sBAAiB,GAAW,CAAC,CAAC;QAMpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,MAAM,CAAC;QAErE,qDAAqD;QACrD,IAAI,CAAC,YAAY,GAAG,IAAI,GAAG,CAAC;YAC1B,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YACjD,GAAG,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;SACtD,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,QAAgB;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE5C,+BAA+B;QAC/B,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,MAAM;gBACjB,OAAO,EAAE,qCAAqC,QAAQ,EAAE;aACzD,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,uBAAuB;QACvB,IAAI,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kCAAkC;QAClC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5E,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mCAAmC;QACnC,IAAI,IAAI,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC,eAAe,CAAC;YACnB,IAAI,EAAE,cAAc;YACpB,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,MAAM;YACjB,OAAO,EAAE,sBAAsB,QAAQ,WAAW,IAAI,CAAC,QAAQ,GAAG;SACnE,CAAC,CAAC;QACH,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,QAAgB,EAAE,IAAa;QACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE5C,+BAA+B;QAC/B,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,OAAO;gBAClB,OAAO,EAAE,oCAAoC,QAAQ,EAAE;aACxD,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2CAA2C;QAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;QAEtG,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;YAC/B,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,OAAO;gBAClB,OAAO,EAAE,uBAAuB,QAAQ,WAAW,IAAI,CAAC,QAAQ,GAAG;aACpE,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,kBAAkB;QAClB,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACxE,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,OAAO;gBAClB,OAAO,EAAE,aAAa,IAAI,kBAAkB,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE;aACvE,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,mBAAmB;QACnB,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YAC3E,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,qBAAqB;gBAC3B,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,OAAO;gBAClB,OAAO,EAAE,cAAc,IAAI,CAAC,SAAS,kBAAkB,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE;aAClF,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,SAAS,EAAE,CAAC;QACjB,IAAI,IAAI;YAAE,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,QAAgB;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAE5C,uCAAuC;QACvC,IAAI,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,QAAQ;gBACnB,OAAO,EAAE,qCAAqC,QAAQ,EAAE;aACzD,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,2BAA2B;QAC3B,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,IAAI,CAAC,eAAe,CAAC;gBACnB,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,QAAQ;gBACd,SAAS,EAAE,QAAQ;gBACnB,OAAO,EAAE,wBAAwB,QAAQ,WAAW,IAAI,CAAC,QAAQ,GAAG;aACrE,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,uBAAuB;QACrB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnD,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;QAC7E,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9F,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAE9F,OAAO;;;wBAGa,YAAY;iCACH,aAAa;wBACtB,YAAY;wBACZ,YAAY;wBACZ,YAAY;wBACZ,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC;;wBAE7B,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkDtD,CAAC;IACA,CAAC;IAEO,eAAe,CAAC,QAAgB;QACtC,eAAe;QACf,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QAEjD,6CAA6C;QAC7C,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACxC,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,GAAG,GAAG,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC;gBAC9E,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,gBAAgB;QAChB,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;YACzC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC1C,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,YAAY,CAAC,QAAgB;QACnC,MAAM,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACnD,CAAC;IAEO,WAAW,CAAC,QAAgB;QAClC,OAAO,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtC,CAAC;IAEO,UAAU,CAAC,CAAS;QAC1B,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACpC,OAAO,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;IAEO,eAAe,CAAC,OAA+C;QACrE,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,aAAa;QACX,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;IAC9B,CAAC;IAED,QAAQ;QACN,OAAO;YACL,YAAY,EAAE,IAAI,CAAC,SAAS;YAC5B,YAAY,EAAE,IAAI,CAAC,iBAAiB;YACpC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM;SACnC,CAAC;IACJ,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,qBAAqB,CACnC,WAAoC,EACpC,eAAuB;IAEvB,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,UAAU,IAAI,WAAW,CAAC,EAAE,IAAI,EAAE,CAA4B,CAAC;IAEvF,OAAO;QACL,QAAQ,EAAG,EAAE,CAAC,IAAe,IAAI,eAAe;QAChD,aAAa,EAAG,EAAE,CAAC,QAAqB,IAAI,EAAE;QAC9C,aAAa,EAAG,EAAE,CAAC,QAAqB,IAAI,EAAE;QAC9C,YAAY,EAAG,EAAE,CAAC,OAAoB,IAAI,EAAE;QAC5C,oBAAoB,EAAG,EAAE,CAAC,gBAA4B,IAAI,KAAK;QAC/D,YAAY,EAAE,CAAE,EAAE,CAAC,UAAqB,IAAI,EAAE,CAAC,GAAG,IAAI,GAAG,IAAI;QAC7D,YAAY,EAAG,EAAE,CAAC,QAAmB,IAAI,GAAG;KAC7C,CAAC;AACJ,CAAC"}

package/dist/shield/index.d.ts ADDED Viewed

@@ -0,0 +1,82 @@
+/**
+ * SkillShield — Unified Runtime Security Engine
+ *
+ * Combines: Pre-scan (guard) + Network Policy + Filesystem Jail +
+ * Runtime Monitor + Kill Switch + Audit Trail
+ *
+ * This is what makes SkillShield unique:
+ * - Snyk/Cisco only scan before install
+ * - NVIDIA OpenShell needs Linux + enterprise infra
+ * - Aegis only intercepts LLM API calls
+ * - SkillShield does scan + runtime in one CLI, cross-platform
+ */
+export { NetworkPolicyEngine, parseNetworkPolicy } from './network-policy.js';
+export type { NetworkPolicy, NetworkViolation } from './network-policy.js';
+export { FilesystemJail, parseFilesystemPolicy } from './filesystem-jail.js';
+export type { FilesystemPolicy, FilesystemViolation } from './filesystem-jail.js';
+export { RuntimeMonitor, getDefaultMonitorPolicy } from './runtime-monitor.js';
+export type { MonitorPolicy, RuntimeEvent, MonitorReport } from './runtime-monitor.js';
+export { AuditTrail } from './audit-trail.js';
+export type { AuditEntry, AuditEventType } from './audit-trail.js';
+import { NetworkPolicyEngine, type NetworkPolicy } from './network-policy.js';
+import { FilesystemJail, type FilesystemPolicy } from './filesystem-jail.js';
+import { RuntimeMonitor, type MonitorPolicy } from './runtime-monitor.js';
+import { AuditTrail } from './audit-trail.js';
+export interface ShieldConfig {
+    skillId: string;
+    /** SKILL.md frontmatter for policy extraction */
+    frontmatter?: Record<string, unknown>;
+    /** Override network policy */
+    networkPolicy?: Partial<NetworkPolicy>;
+    /** Override filesystem policy */
+    filesystemPolicy?: Partial<FilesystemPolicy>;
+    /** Override monitor policy */
+    monitorPolicy?: Partial<MonitorPolicy>;
+    /** Working directory for the skill */
+    workDir?: string;
+    /** Enable audit trail (default: true) */
+    enableAudit?: boolean;
+    /** Verbose logging */
+    verbose?: boolean;
+}
+export interface ShieldReport {
+    skillId: string;
+    timestamp: string;
+    /** Pre-execution scan results */
+    scanScore: number;
+    scanStatus: string;
+    /** Runtime results */
+    killed: boolean;
+    killReason?: string;
+    durationMs: number;
+    /** Violations across all layers */
+    networkViolations: number;
+    filesystemViolations: number;
+    runtimeThreats: number;
+    totalViolations: number;
+    /** Audit trail hash (for verification) */
+    auditHash: string | null;
+    auditLength: number;
+    auditVerified: boolean;
+}
+/**
+ * The main Shield — orchestrates all security layers.
+ */
+export declare class SkillShield {
+    private config;
+    network: NetworkPolicyEngine;
+    filesystem: FilesystemJail;
+    monitor: RuntimeMonitor;
+    audit: AuditTrail;
+    constructor(config: ShieldConfig);
+    /**
+     * Generate the combined enforcement code that wraps skill execution.
+     * This code is prepended to the skill's execution context.
+     */
+    generateEnforcementWrapper(): string;
+    /**
+     * Get the final shield report after execution.
+     */
+    getReport(scanScore: number, scanStatus: string, durationMs: number): ShieldReport;
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/shield/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/shield/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAC9E,YAAY,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAE3E,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7E,YAAY,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAElF,OAAO,EAAE,cAAc,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAC/E,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAEvF,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAC9C,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAEnE,OAAO,EAAE,mBAAmB,EAAsB,KAAK,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAClG,OAAO,EAAE,cAAc,EAAyB,KAAK,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACpG,OAAO,EAAE,cAAc,EAA2B,KAAK,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACnG,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAE9C,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,iDAAiD;IACjD,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,8BAA8B;IAC9B,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IACvC,iCAAiC;IACjC,gBAAgB,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC7C,8BAA8B;IAC9B,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;IACvC,sCAAsC;IACtC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yCAAyC;IACzC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,sBAAsB;IACtB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,sBAAsB;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,0CAA0C;IAC1C,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAe;IACtB,OAAO,EAAE,mBAAmB,CAAC;IAC7B,UAAU,EAAE,cAAc,CAAC;IAC3B,OAAO,EAAE,cAAc,CAAC;IACxB,KAAK,EAAE,UAAU,CAAC;gBAEb,MAAM,EAAE,YAAY;IAwBhC;;;OAGG;IACH,0BAA0B,IAAI,MAAM;IAgBpC;;OAEG;IACH,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,YAAY;CAuBnF"}