typeclaw 0.1.5 → 0.1.6

package/src/bundled-plugins/memory/migration.ts

@@ -0,0 +1,276 @@
+import { randomUUID } from 'node:crypto'
+import { existsSync } from 'node:fs'
+import { readdir, readFile, unlink } from 'node:fs/promises'
+import { join } from 'node:path'
+
+import { loadDreamingState, saveDreamingState, setDreamedLines } from './dreaming-state'
+import { type StreamEvent, streamEventSchema } from './stream-events'
+import { writeEventsAtomic as defaultWriteEventsAtomic } from './stream-io'
+
+export type MigrationResult = {
+  migrated: string[]
+  skipped: string[]
+  legacyProseCount: number
+  fragmentCount: number
+  watermarkCount: number
+}
+
+export type MigrationLogger = {
+  info: (message: string) => void
+  warn: (message: string) => void
+  error: (message: string) => void
+}
+
+export type MigrationGit = {
+  spawn?: (args: string[], options: { cwd: string }) => Promise<{ exitCode: number; stdout: string; stderr: string }>
+}
+
+export type RunMigrationOptions = {
+  agentDir: string
+  logger: MigrationLogger
+  git?: MigrationGit
+  writeEventsAtomic?: (path: string, events: readonly StreamEvent[]) => Promise<void>
+}
+
+const DAILY_MD_NAME = /^(\d{4}-\d{2}-\d{2})\.md$/
+const DAILY_JSONL_NAME = /^(\d{4}-\d{2}-\d{2})\.jsonl$/
+const LEGACY_FRAGMENT_RE =
+  /<!-- fragment source=(\S+) entry=(\S+) -->\n## (.+)\n([\s\S]*?)(?=<!-- fragment |<!-- watermark |$)/g
+const LEGACY_WATERMARK_RE = /<!-- watermark source=(\S+) entry=(\S+) -->/g
+
+export async function runMigration(options: RunMigrationOptions): Promise<MigrationResult> {
+  const memoryDir = join(options.agentDir, 'memory')
+  const result: MigrationResult = {
+    migrated: [],
+    skipped: [],
+    legacyProseCount: 0,
+    fragmentCount: 0,
+    watermarkCount: 0,
+  }
+
+  let entries: string[]
+  try {
+    entries = await readdir(memoryDir)
+  } catch {
+    return result
+  }
+
+  const dates = collectDailyDates(entries)
+  for (const date of dates) {
+    const mdPath = join(memoryDir, `${date}.md`)
+    const jsonlPath = join(memoryDir, `${date}.jsonl`)
+    const hasMd = existsSync(mdPath)
+    const hasJsonl = existsSync(jsonlPath)
+
+    if (hasJsonl && !hasMd) {
+      result.skipped.push(date)
+      continue
+    }
+
+    if (hasJsonl && hasMd) {
+      options.logger.warn(`[memory:migration] ${date}: skipped because both .md and .jsonl exist`)
+      result.skipped.push(date)
+      continue
+    }
+
+    if (!hasMd) continue
+
+    const content = await readFile(mdPath, 'utf8')
+    const events = parseLegacyMarkdown(content)
+    const invalid = findInvalidEvent(events)
+    if (invalid !== null) {
+      options.logger.error(
+        `[memory:migration] ${date}.md: event ${invalid.index + 1} failed validation: ${invalid.reason}`,
+      )
+      result.skipped.push(date)
+      continue
+    }
+
+    const counts = countEvents(events)
+    try {
+      await (options.writeEventsAtomic ?? defaultWriteEventsAtomic)(jsonlPath, events)
+    } catch (err) {
+      options.logger.error(`[memory:migration] ${date}.md: failed to write JSONL: ${describeError(err)}`)
+      result.skipped.push(date)
+      continue
+    }
+    await unlink(mdPath)
+
+    result.fragmentCount += counts.fragmentCount
+    result.watermarkCount += counts.watermarkCount
+    result.legacyProseCount += counts.legacyProseCount
+    result.migrated.push(date)
+    options.logger.info(
+      `[memory:migration] ${date}: ${counts.fragmentCount} fragments, ${counts.watermarkCount} watermarks, ${counts.legacyProseCount} legacy_prose regions`,
+    )
+  }
+
+  if (result.migrated.length > 0) {
+    await resetDreamingWatermarks(options.agentDir, result.migrated)
+    await commitMigration(options.agentDir, result.migrated, options.logger, options.git)
+  }
+
+  return result
+}
+
+function collectDailyDates(entries: readonly string[]): string[] {
+  const dates = new Set<string>()
+  for (const entry of entries) {
+    const md = DAILY_MD_NAME.exec(entry)
+    if (md?.[1] !== undefined) dates.add(md[1])
+    const jsonl = DAILY_JSONL_NAME.exec(entry)
+    if (jsonl?.[1] !== undefined) dates.add(jsonl[1])
+  }
+  return Array.from(dates).sort()
+}
+
+function parseLegacyMarkdown(content: string): StreamEvent[] {
+  const events: StreamEvent[] = []
+  let cursor = 0
+
+  while (cursor < content.length) {
+    const fragment = nextMatch(LEGACY_FRAGMENT_RE, content, cursor)
+    const watermark = nextMatch(LEGACY_WATERMARK_RE, content, cursor)
+    const next = earliest(fragment, watermark)
+    if (next === null) break
+
+    addLegacyProse(events, content.slice(cursor, next.match.index))
+    if (next.kind === 'fragment') {
+      events.push({
+        type: 'fragment',
+        id: randomUUID(),
+        ts: new Date().toISOString(),
+        source: next.match[1]!,
+        entry: next.match[2]!,
+        topic: next.match[3]!,
+        body: next.match[4]!,
+      })
+    } else {
+      events.push({
+        type: 'watermark',
+        id: randomUUID(),
+        ts: new Date().toISOString(),
+        source: next.match[1]!,
+        entry: next.match[2]!,
+      })
+    }
+    cursor = next.match.index + next.match[0].length
+  }
+
+  addLegacyProse(events, content.slice(cursor))
+  return events
+}
+
+function addLegacyProse(events: StreamEvent[], text: string): void {
+  if (text.trim() === '') return
+  events.push({ type: 'legacy_prose', ts: new Date().toISOString(), text, origin: 'migration' })
+}
+
+function nextMatch(regex: RegExp, content: string, cursor: number): RegExpExecArray | null {
+  regex.lastIndex = cursor
+  return regex.exec(content)
+}
+
+function earliest(
+  fragment: RegExpExecArray | null,
+  watermark: RegExpExecArray | null,
+): { kind: 'fragment' | 'watermark'; match: RegExpExecArray } | null {
+  if (fragment === null && watermark === null) return null
+  if (fragment === null) return { kind: 'watermark', match: watermark! }
+  if (watermark === null) return { kind: 'fragment', match: fragment }
+  return fragment.index <= watermark.index
+    ? { kind: 'fragment', match: fragment }
+    : { kind: 'watermark', match: watermark }
+}
+
+function findInvalidEvent(events: readonly StreamEvent[]): { index: number; reason: string } | null {
+  for (let i = 0; i < events.length; i++) {
+    const parsed = streamEventSchema.safeParse(events[i])
+    if (!parsed.success) {
+      return { index: i, reason: parsed.error.issues.map((issue) => issue.message).join('; ') }
+    }
+  }
+  return null
+}
+
+function countEvents(
+  events: readonly StreamEvent[],
+): Pick<MigrationResult, 'fragmentCount' | 'watermarkCount' | 'legacyProseCount'> {
+  let fragmentCount = 0
+  let watermarkCount = 0
+  let legacyProseCount = 0
+  for (const event of events) {
+    if (event.type === 'fragment') fragmentCount++
+    if (event.type === 'watermark') watermarkCount++
+    if (event.type === 'legacy_prose') legacyProseCount++
+  }
+  return { fragmentCount, watermarkCount, legacyProseCount }
+}
+
+async function resetDreamingWatermarks(agentDir: string, dates: readonly string[]): Promise<void> {
+  let state = await loadDreamingState(agentDir)
+  const ts = new Date().toISOString()
+  for (const date of dates) {
+    state = setDreamedLines(state, date, 0, ts)
+  }
+  await saveDreamingState(agentDir, state)
+}
+
+async function commitMigration(
+  agentDir: string,
+  dates: readonly string[],
+  logger: MigrationLogger,
+  git: MigrationGit | undefined,
+): Promise<void> {
+  const spawn = git?.spawn ?? spawnGit
+  const inside = await spawn(['rev-parse', '--is-inside-work-tree'], { cwd: agentDir })
+  if (inside.exitCode !== 0) {
+    logger.info('[memory:migration] not in a git repo; skipping git commit')
+    return
+  }
+
+  const jsonlPaths = dates.map((date) => `memory/${date}.jsonl`)
+  const addJsonl = await spawn(['add', '--', ...jsonlPaths], { cwd: agentDir })
+  if (addJsonl.exitCode !== 0) {
+    logger.warn(`[memory:migration] git add failed: ${addJsonl.stderr || addJsonl.stdout}`.trim())
+    return
+  }
+
+  for (const date of dates) {
+    const mdPath = `memory/${date}.md`
+    const tracked = await spawn(['ls-files', '--error-unmatch', '--', mdPath], { cwd: agentDir })
+    if (tracked.exitCode !== 0) continue
+    const addDeletedMd = await spawn(['add', '-u', '--', mdPath], { cwd: agentDir })
+    if (addDeletedMd.exitCode !== 0) {
+      logger.warn(`[memory:migration] git add failed: ${addDeletedMd.stderr || addDeletedMd.stdout}`.trim())
+      return
+    }
+  }
+
+  const commit = await spawn(
+    ['commit', '-m', `memory: migrate ${dates.length} daily stream(s) to JSONL`, '--no-edit'],
+    {
+      cwd: agentDir,
+    },
+  )
+  if (commit.exitCode !== 0) {
+    logger.warn(`[memory:migration] git commit failed: ${commit.stderr || commit.stdout}`.trim())
+  }
+}
+
+async function spawnGit(
+  args: string[],
+  options: { cwd: string },
+): Promise<{ exitCode: number; stdout: string; stderr: string }> {
+  const proc = Bun.spawn({ cmd: ['git', ...args], cwd: options.cwd, stdout: 'pipe', stderr: 'pipe' })
+  const [stdout, stderr, exitCode] = await Promise.all([
+    new Response(proc.stdout).text(),
+    new Response(proc.stderr).text(),
+    proc.exited,
+  ])
+  return { exitCode, stdout, stderr }
+}
+
+function describeError(err: unknown): string {
+  return err instanceof Error ? err.message : String(err)
+}

package/src/bundled-plugins/memory/stream-events.ts

@@ -0,0 +1,55 @@
+import { z } from 'zod'
+
+export const fragmentEventSchema = z
+  .object({
+    type: z.literal('fragment'),
+    id: z.string().min(1),
+    ts: z.string().datetime(),
+    source: z.string(),
+    entry: z.string(),
+    topic: z.string(),
+    body: z.string(),
+  })
+  .passthrough()
+
+export const watermarkEventSchema = z
+  .object({
+    type: z.literal('watermark'),
+    id: z.string().min(1),
+    ts: z.string().datetime(),
+    source: z.string(),
+    entry: z.string(),
+  })
+  .passthrough()
+
+export const legacyProseEventSchema = z
+  .object({
+    type: z.literal('legacy_prose'),
+    ts: z.string().datetime(),
+    text: z.string(),
+    origin: z.literal('migration'),
+  })
+  .passthrough()
+
+export const streamEventSchema = z.discriminatedUnion('type', [
+  fragmentEventSchema,
+  watermarkEventSchema,
+  legacyProseEventSchema,
+])
+
+export type FragmentEvent = z.infer<typeof fragmentEventSchema>
+export type WatermarkEvent = z.infer<typeof watermarkEventSchema>
+export type LegacyProseEvent = z.infer<typeof legacyProseEventSchema>
+export type StreamEvent = FragmentEvent | WatermarkEvent | LegacyProseEvent
+
+export function parseEventLine(line: string): StreamEvent | null {
+  let raw: unknown
+  try {
+    raw = JSON.parse(line)
+  } catch {
+    return null
+  }
+  const result = streamEventSchema.safeParse(raw)
+  if (!result.success) return null
+  return result.data
+}

package/src/bundled-plugins/memory/stream-io.ts

@@ -0,0 +1,63 @@
+import { readFile, appendFile, writeFile, rename } from 'node:fs/promises'
+
+import { parseEventLine, type StreamEvent } from './stream-events'
+
+export async function readEvents(path: string): Promise<StreamEvent[]> {
+  let raw: string
+  try {
+    raw = await readFile(path, 'utf-8')
+  } catch (e) {
+    if ((e as NodeJS.ErrnoException).code === 'ENOENT') return []
+    throw e
+  }
+
+  const lines = raw.split('\n')
+  const events: StreamEvent[] = []
+
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i]!
+    if (line === '') continue
+    const event = parseEventLine(line)
+    if (event === null) {
+      console.warn(`[stream-io] ${path}: skipping malformed line ${i + 1}`)
+      continue
+    }
+    events.push(event)
+  }
+
+  return events
+}
+
+export async function appendEvents(path: string, events: readonly StreamEvent[]): Promise<void> {
+  if (events.length === 0) return
+  const joined = events.map((e) => `${JSON.stringify(e)}\n`).join('')
+  await appendFile(path, joined, 'utf-8')
+}
+
+export async function writeEventsAtomic(path: string, events: readonly StreamEvent[]): Promise<void> {
+  const joined = events.map((e) => `${JSON.stringify(e)}\n`).join('')
+  const tmp = `${path}.tmp`
+  await writeFile(tmp, joined, 'utf-8')
+  await rename(tmp, path)
+}
+
+export async function countEvents(path: string): Promise<number> {
+  let raw: string
+  try {
+    raw = await readFile(path, 'utf-8')
+  } catch (e) {
+    if ((e as NodeJS.ErrnoException).code === 'ENOENT') return 0
+    throw e
+  }
+
+  const lines = raw.split('\n')
+  let count = 0
+
+  for (const line of lines) {
+    if (line === '') continue
+    const event = parseEventLine(line)
+    if (event !== null) count++
+  }
+
+  return count
+}

package/src/bundled-plugins/memory/watermark.ts

@@ -1,15 +1,55 @@
-import { existsSync, readFileSync } from 'node:fs'
+import { readdir } from 'node:fs/promises'
+import { join } from 'node:path'
 
-const WATERMARK_MARKER = /<!--\s*(?:fragment|watermark)\s+source=(\S+)\s+entry=(\S+)(?:\s+\S+=\S+)*\s*-->/g
+import { readEvents } from './stream-io'
 
-export function readWatermark(streamFilePath: string, parentSessionId: string): string | null {
-  if (!existsSync(streamFilePath)) return null
-  const content = readFileSync(streamFilePath, 'utf8')
+// Daily stream files are named `YYYY-MM-DD.jsonl` (see `formatLocalDate` in
+// `src/shared`). The cross-day lookup ignores any other file the user or a
+// plugin may have dropped into `memory/`.
+const DAILY_STREAM_NAME = /^\d{4}-\d{2}-\d{2}\.jsonl$/
+
+export async function readWatermarkFromFile(streamFilePath: string, parentSessionId: string): Promise<string | null> {
+  const events = await readEvents(streamFilePath)
 
   let lastEntryId: string | null = null
-  for (const match of content.matchAll(WATERMARK_MARKER)) {
-    const [, source, entry] = match
-    if (source === parentSessionId) lastEntryId = entry ?? null
+  for (const event of events) {
+    if ((event.type === 'fragment' || event.type === 'watermark') && event.source === parentSessionId) {
+      lastEntryId = event.entry
+    }
   }
   return lastEntryId
 }
+
+// Returns the latest watermark entry id for `parentSessionId` across all
+// `YYYY-MM-DD.jsonl` daily-stream files under `memoryDir`, walking newest-first
+// (by filename, which is equivalent to chronological order). Short-circuits
+// on the first file that contains a matching marker — for the common case
+// where memory-logger ran yesterday, this reads exactly one file.
+//
+// Why cross-day: channel sessions (Slack, Discord, KakaoTalk) routinely
+// survive the midnight rollover because the same human keeps the same
+// session alive across days. If `readWatermark` only looked at today's
+// stream file, every midnight would force a full transcript reread for
+// every long-lived session — burning ~135k input tokens per memory-logger
+// run on a 762KB transcript (observed on a real Discord agent: PR #207).
+//
+// The append target stays today's file; only the lookup crosses the day
+// boundary. This means yesterday's stream is treated as read-only history,
+// which it already is by construction (dreaming snapshots full days, never
+// touches in-progress days).
+export async function readLatestWatermark(memoryDir: string, parentSessionId: string): Promise<string | null> {
+  let entries: string[]
+  try {
+    entries = await readdir(memoryDir)
+  } catch {
+    return null
+  }
+  const dailyStreams = entries
+    .filter((name) => DAILY_STREAM_NAME.test(name))
+    .sort((a, b) => (a < b ? 1 : a > b ? -1 : 0))
+  for (const name of dailyStreams) {
+    const watermark = await readWatermarkFromFile(join(memoryDir, name), parentSessionId)
+    if (watermark !== null) return watermark
+  }
+  return null
+}

package/src/bundled-plugins/security/index.ts

@@ -1,6 +1,8 @@
 import { definePlugin } from '@/plugin'
 
-import { checkGitExfilGuard } from './policies/git-exfil'
+import { SECURITY_PERMISSIONS } from './permissions'
+import type { SecurityPermission } from './permissions'
+import { checkGitExfilGuard, checkGitRemoteTaintedGuard, recordGitRemoteTaintIfAny } from './policies/git-exfil'
 import { checkOutboundSecretGuard } from './policies/outbound-secret-scan'
 import { applyPromptInjectionDefense } from './policies/prompt-injection'
 import { clearSessionTaints } from './policies/remote-taint-state'
@@ -9,22 +11,113 @@ import { checkSecretExfilReadGuard } from './policies/secret-exfil-read'
 import { checkSessionSearchSecretsGuard } from './policies/session-search-secrets'
 import { checkSsrfGuard } from './policies/ssrf'
 import { checkSystemPromptLeakGuard } from './policies/system-prompt-leak'
+import type { SecurityBlock } from './policy'
+
+export { SECURITY_PERMISSIONS, type SecurityPermission } from './permissions'
+
+// Maps each security bypass permission to a one-line hint about which
+// built-in roles carry it. The `satisfies` clause is load-bearing: it
+// forces exhaustive coverage of `SecurityPermission` at compile time, so
+// adding a new `SECURITY_PERMISSIONS` entry without a hint here is a type
+// error rather than a silent fallback to the inaccurate default. `owner`
+// always carries every `security.bypass.*` via the wildcard expansion in
+// builtins.ts, so the hint must mention owner even for permissions where
+// it's the only carrier.
+const BYPASS_ROLE_HINT = {
+  [SECURITY_PERMISSIONS.bypassSecretExfilBash]: 'owner and trusted have it by default',
+  [SECURITY_PERMISSIONS.bypassGitExfil]: 'only owner has it by default',
+  [SECURITY_PERMISSIONS.bypassGitRemoteTainted]: 'only owner has it by default',
+  [SECURITY_PERMISSIONS.bypassSecretExfilRead]: 'only owner has it by default',
+  [SECURITY_PERMISSIONS.bypassSsrf]: 'only owner has it by default',
+  [SECURITY_PERMISSIONS.bypassSessionSearchSecrets]: 'only owner has it by default',
+  [SECURITY_PERMISSIONS.bypassSystemPromptLeak]: 'only owner has it by default',
+  [SECURITY_PERMISSIONS.bypassOutboundSecret]: 'only owner has it by default',
+} as const satisfies Record<SecurityPermission, string>
+
+function withPermissionHint(
+  result: SecurityBlock | undefined,
+  permission: SecurityPermission,
+): SecurityBlock | undefined {
+  if (!result) return result
+  const hint = BYPASS_ROLE_HINT[permission]
+  return {
+    block: true,
+    reason: `${result.reason} Or run as a role carrying \`${permission}\` (${hint}); see the \`typeclaw-permissions\` skill.`,
+  }
+}
 
 export default definePlugin({
-  plugin: async () => ({
+  permissions: Object.values(SECURITY_PERMISSIONS),
+  plugin: async (ctx) => ({
     hooks: {
       'session.prompt': async (event) => {
         applyPromptInjectionDefense(event)
       },
       'tool.before': async (event) => {
-        const checks = [
-          checkSecretExfilBashGuard({ tool: event.tool, args: event.args }),
-          checkGitExfilGuard({ tool: event.tool, args: event.args, sessionId: event.sessionId }),
-          checkSecretExfilReadGuard({ tool: event.tool, args: event.args }),
-          checkSsrfGuard({ tool: event.tool, args: event.args }),
-          checkSessionSearchSecretsGuard({ tool: event.tool, args: event.args }),
-          checkSystemPromptLeakGuard({ tool: event.tool, args: event.args }),
-          checkOutboundSecretGuard({ tool: event.tool, args: event.args }),
+        const can = (perm: string) => ctx.permissions.has(event.origin, perm)
+
+        // Taint-recording runs FIRST, independently of the gitExfil guard.
+        // The gitRemoteTainted defense depends on it. We pass through
+        // `permittedBypass` for actors who can skip gitExfil via permission
+        // so the recorder still fires for them (an acked or
+        // permission-bypassed command will actually run, so its remote
+        // change must be remembered).
+        recordGitRemoteTaintIfAny({
+          tool: event.tool,
+          args: event.args,
+          sessionId: event.sessionId,
+          permittedBypass: can(SECURITY_PERMISSIONS.bypassGitExfil),
+        })
+
+        const checks: (SecurityBlock | undefined)[] = [
+          can(SECURITY_PERMISSIONS.bypassGitRemoteTainted)
+            ? undefined
+            : withPermissionHint(
+                checkGitRemoteTaintedGuard({ tool: event.tool, args: event.args, sessionId: event.sessionId }),
+                SECURITY_PERMISSIONS.bypassGitRemoteTainted,
+              ),
+          can(SECURITY_PERMISSIONS.bypassSecretExfilBash)
+            ? undefined
+            : withPermissionHint(
+                checkSecretExfilBashGuard({ tool: event.tool, args: event.args }),
+                SECURITY_PERMISSIONS.bypassSecretExfilBash,
+              ),
+          can(SECURITY_PERMISSIONS.bypassGitExfil)
+            ? undefined
+            : withPermissionHint(
+                checkGitExfilGuard({ tool: event.tool, args: event.args, sessionId: event.sessionId }),
+                SECURITY_PERMISSIONS.bypassGitExfil,
+              ),
+          can(SECURITY_PERMISSIONS.bypassSecretExfilRead)
+            ? undefined
+            : withPermissionHint(
+                checkSecretExfilReadGuard({ tool: event.tool, args: event.args }),
+                SECURITY_PERMISSIONS.bypassSecretExfilRead,
+              ),
+          can(SECURITY_PERMISSIONS.bypassSsrf)
+            ? undefined
+            : withPermissionHint(
+                checkSsrfGuard({ tool: event.tool, args: event.args }),
+                SECURITY_PERMISSIONS.bypassSsrf,
+              ),
+          can(SECURITY_PERMISSIONS.bypassSessionSearchSecrets)
+            ? undefined
+            : withPermissionHint(
+                checkSessionSearchSecretsGuard({ tool: event.tool, args: event.args }),
+                SECURITY_PERMISSIONS.bypassSessionSearchSecrets,
+              ),
+          can(SECURITY_PERMISSIONS.bypassSystemPromptLeak)
+            ? undefined
+            : withPermissionHint(
+                checkSystemPromptLeakGuard({ tool: event.tool, args: event.args }),
+                SECURITY_PERMISSIONS.bypassSystemPromptLeak,
+              ),
+          can(SECURITY_PERMISSIONS.bypassOutboundSecret)
+            ? undefined
+            : withPermissionHint(
+                checkOutboundSecretGuard({ tool: event.tool, args: event.args }),
+                SECURITY_PERMISSIONS.bypassOutboundSecret,
+              ),
         ]
         for (const result of checks) {
           if (result) return result

package/src/bundled-plugins/security/permissions.ts

@@ -0,0 +1,12 @@
+export const SECURITY_PERMISSIONS = {
+  bypassSecretExfilBash: 'security.bypass.secretExfilBash',
+  bypassGitExfil: 'security.bypass.gitExfil',
+  bypassSecretExfilRead: 'security.bypass.secretExfilRead',
+  bypassSsrf: 'security.bypass.ssrf',
+  bypassSessionSearchSecrets: 'security.bypass.sessionSearchSecrets',
+  bypassSystemPromptLeak: 'security.bypass.systemPromptLeak',
+  bypassOutboundSecret: 'security.bypass.outboundSecret',
+  bypassGitRemoteTainted: 'security.bypass.gitRemoteTainted',
+} as const
+
+export type SecurityPermission = (typeof SECURITY_PERMISSIONS)[keyof typeof SECURITY_PERMISSIONS]