workerclaw 0.2.0

package/dist/ingress/platform-api.js

@@ -0,0 +1,209 @@
+/**
+ * 平台 API 客户端
+ *
+ * 负责与智工坊平台 HTTP API 通信
+ * - 任务结果上报
+ * - 任务状态更新
+ * - 心跳续约
+ */
+import { createLogger } from '../core/logger.js';
+import { EventBus, WorkerClawEvent } from '../core/events.js';
+export class PlatformApiClient {
+    logger = createLogger('PlatformAPI');
+    eventBus;
+    config;
+    constructor(config, eventBus) {
+        if ('platform' in config) {
+            this.config = config.platform;
+            this.eventBus = eventBus;
+        }
+        else {
+            this.config = config;
+            this.eventBus = eventBus || new EventBus();
+        }
+    }
+    /**
+     * 上报任务结果
+     */
+    async reportResult(taskId, result) {
+        const endpoint = `${this.config.apiUrl}/tasks/${taskId}/result`;
+        try {
+            this.eventBus.emit(WorkerClawEvent.API_REPORT, {
+                taskId,
+                endpoint,
+            });
+            const response = await this.request(endpoint, 'POST', {
+                taskId,
+                status: result.status,
+                content: result.content,
+                outputs: result.outputs,
+                tokensUsed: result.tokensUsed,
+                durationMs: result.durationMs,
+                error: result.error,
+                reportedAt: new Date().toISOString(),
+            });
+            if (response.ok) {
+                this.logger.info(`任务结果上报成功 [${taskId}]`, { status: result.status });
+                return true;
+            }
+            else {
+                this.logger.error(`任务结果上报失败 [${taskId}]`, {
+                    status: response.status,
+                    body: await response.text().catch(() => 'unknown'),
+                });
+                this.eventBus.emit(WorkerClawEvent.API_ERROR, {
+                    taskId,
+                    endpoint,
+                    error: new Error(`HTTP ${response.status}`),
+                });
+                return false;
+            }
+        }
+        catch (err) {
+            const error = err;
+            this.logger.error(`任务结果上报异常 [${taskId}]`, { error: error.message });
+            this.eventBus.emit(WorkerClawEvent.API_ERROR, {
+                taskId,
+                endpoint,
+                error,
+            });
+            return false;
+        }
+    }
+    /**
+     * 更新任务状态
+     */
+    async updateStatus(taskId, status, reason) {
+        const endpoint = `${this.config.apiUrl}/tasks/${taskId}/status`;
+        try {
+            const response = await this.request(endpoint, 'PUT', {
+                taskId,
+                status,
+                reason,
+                updatedAt: new Date().toISOString(),
+            });
+            if (response.ok) {
+                this.logger.debug(`任务状态更新成功 [${taskId}] → ${status}`);
+                return true;
+            }
+            else {
+                this.logger.warn(`任务状态更新失败 [${taskId}]`, { httpStatus: response.status });
+                return false;
+            }
+        }
+        catch (err) {
+            this.logger.warn(`任务状态更新异常 [${taskId}]`, { error: err.message });
+            return false;
+        }
+    }
+    /**
+     * 发送心跳续约
+     */
+    async heartbeat() {
+        const endpoint = `${this.config.apiUrl}/heartbeat`;
+        try {
+            const response = await this.request(endpoint, 'POST', {
+                botId: this.config.botId,
+                timestamp: new Date().toISOString(),
+            });
+            return response.ok;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Agent 注册
+     * 调用平台 API 自动创建 Agent 账户
+     */
+    async registerAgent(params) {
+        const endpoint = `${this.config.apiUrl}/api/openclaw/register`;
+        try {
+            const response = await fetch(endpoint, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify(params),
+                signal: AbortSignal.timeout(15000),
+            });
+            const data = await response.json();
+            if (response.ok && (data.success || data.data)) {
+                return {
+                    success: true,
+                    botId: data.botId || data.data?.botId,
+                    token: data.token || data.data?.token,
+                    nickname: data.nickname || data.data?.nickname,
+                    email: data.email || data.data?.email,
+                };
+            }
+            else {
+                return {
+                    success: false,
+                    error: data.error || data.message || `HTTP ${response.status}`,
+                };
+            }
+        }
+        catch (err) {
+            return {
+                success: false,
+                error: err.message,
+            };
+        }
+    }
+    /**
+     * 获取 Bot 信息
+     */
+    async getBotInfo(botId) {
+        const id = botId || this.config.botId;
+        const endpoint = `${this.config.apiUrl}/bots/${id}`;
+        try {
+            const response = await this.request(endpoint, 'GET', undefined);
+            if (!response.ok)
+                return null;
+            return await response.json();
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * 测试连接（验证 token 有效性）
+     */
+    async testConnection() {
+        try {
+            const response = await this.request(`${this.config.apiUrl}/heartbeat`, 'POST', {
+                botId: this.config.botId,
+                timestamp: new Date().toISOString(),
+            });
+            if (response.ok) {
+                return { success: true, botId: this.config.botId };
+            }
+            return { success: false };
+        }
+        catch {
+            return { success: false };
+        }
+    }
+    /**
+     * 通用 HTTP 请求方法
+     */
+    async request(url, method, body) {
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        if (this.config.token) {
+            headers['Authorization'] = `Bearer ${this.config.token}`;
+        }
+        const options = {
+            method,
+            headers,
+            signal: AbortSignal.timeout(10000),
+        };
+        if (body !== undefined && method !== 'GET') {
+            options.body = JSON.stringify(body);
+        }
+        return fetch(url, options);
+    }
+}
+//# sourceMappingURL=platform-api.js.map

package/dist/ingress/platform-api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"platform-api.js","sourceRoot":"","sources":["../../src/ingress/platform-api.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,YAAY,EAAe,MAAM,mBAAmB,CAAC;AAC9D,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAuC9D,MAAM,OAAO,iBAAiB;IACpB,MAAM,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;IACrC,QAAQ,CAAW;IACnB,MAAM,CAAiB;IAI/B,YAAY,MAAgD,EAAE,QAAmB;QAC/E,IAAI,UAAU,IAAI,MAAM,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC;YAC9B,IAAI,CAAC,QAAQ,GAAG,QAAS,CAAC;QAC5B,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;YACrB,IAAI,CAAC,QAAQ,GAAG,QAAQ,IAAI,IAAI,QAAQ,EAAE,CAAC;QAC7C,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,MAAkB;QACnD,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,UAAU,MAAM,SAAS,CAAC;QAEhE,IAAI,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,UAAiB,EAAE;gBACpD,MAAM;gBACN,QAAQ;aACT,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE;gBACpD,MAAM;gBACN,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACrC,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,MAAM,GAAG,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;gBACpE,OAAO,IAAI,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,MAAM,GAAG,EAAE;oBACxC,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,IAAI,EAAE,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC;iBACnD,CAAC,CAAC;gBACH,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,SAAgB,EAAE;oBACnD,MAAM;oBACN,QAAQ;oBACR,KAAK,EAAE,IAAI,KAAK,CAAC,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;iBAC5C,CAAC,CAAC;gBACH,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,KAAK,GAAG,GAAY,CAAC;YAC3B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,MAAM,GAAG,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACpE,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,SAAgB,EAAE;gBACnD,MAAM;gBACN,QAAQ;gBACR,KAAK;aACN,CAAC,CAAC;YACH,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,MAAc,EAAE,MAAe;QAChE,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,UAAU,MAAM,SAAS,CAAC;QAEhE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE;gBACnD,MAAM;gBACN,MAAM;gBACN,MAAM;gBACN,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,MAAM,OAAO,MAAM,EAAE,CAAC,CAAC;gBACtD,OAAO,IAAI,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,MAAM,GAAG,EAAE,EAAE,UAAU,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC1E,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,MAAM,GAAG,EAAE,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;YAC5E,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS;QACb,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,YAAY,CAAC;QAEnD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE;gBACpD,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;gBACxB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,CAAC,CAAC;YAEH,OAAO,QAAQ,CAAC,EAAE,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,aAAa,CAAC,MAA2B;QAC7C,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,wBAAwB,CAAC;QAE/D,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;gBACrC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;iBACnC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;gBAC5B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;aACnC,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAS,CAAC;YAE1C,IAAI,QAAQ,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC/C,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK;oBACrC,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK;oBACrC,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,QAAQ;oBAC9C,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK;iBACtC,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,OAAO,IAAI,QAAQ,QAAQ,CAAC,MAAM,EAAE;iBAC/D,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAG,GAAa,CAAC,OAAO;aAC9B,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,KAAc;QAC7B,MAAM,EAAE,GAAG,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;QACtC,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,SAAS,EAAE,EAAE,CAAC;QAEpD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;YAChE,IAAI,CAAC,QAAQ,CAAC,EAAE;gBAAE,OAAO,IAAI,CAAC;YAC9B,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAa,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc;QAClB,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CACjC,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,YAAY,EACjC,MAAM,EACN;gBACE,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;gBACxB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,CACF,CAAC;YAEF,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACrD,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,OAAO,CACnB,GAAW,EACX,MAAc,EACd,IAAS;QAET,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;SACnC,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAC3D,CAAC;QAED,MAAM,OAAO,GAAgB;YAC3B,MAAM;YACN,OAAO;YACP,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;SACnC,CAAC;QAEF,IAAI,IAAI,KAAK,SAAS,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;YAC3C,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACtC,CAAC;QAED,OAAO,KAAK,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC7B,CAAC;CACF"}

package/dist/sandbox/command-sandbox.d.ts

@@ -0,0 +1,46 @@
+/**
+ * 命令执行沙箱
+ *
+ * 进程级轻量沙箱，参考 OpenClaw 2026.3.22 安全增强
+ * - 危险命令模式阻断
+ * - 命令执行超时
+ * - 输出大小限制
+ * - 环境变量过滤
+ */
+import type { PermissionLevel } from '../security/permission-level.js';
+export interface CommandSandboxConfig {
+    commandTimeoutMs: number;
+    maxOutputKB: number;
+    allowLocalhost: boolean;
+}
+export interface CommandResult {
+    success: boolean;
+    stdout: string;
+    stderr: string;
+    exitCode: number | null;
+    durationMs: number;
+    truncated: boolean;
+    blocked?: string;
+}
+export declare class CommandSandbox {
+    private logger;
+    private config;
+    constructor(config: CommandSandboxConfig);
+    /**
+     * 在沙箱中执行命令
+     */
+    execute(command: string, options?: {
+        cwd?: string;
+        env?: Record<string, string>;
+        permissionLevel?: PermissionLevel;
+    }): Promise<CommandResult>;
+    /**
+     * 检查危险命令模式
+     */
+    checkDangerousPatterns(command: string): string | null;
+    /**
+     * 过滤环境变量
+     */
+    private filterEnvVars;
+}
+//# sourceMappingURL=command-sandbox.d.ts.map

package/dist/sandbox/command-sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-sandbox.d.ts","sourceRoot":"","sources":["../../src/sandbox/command-sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAwCvE,MAAM,WAAW,oBAAoB;IACnC,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;CACzB;AAID,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAID,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,MAAM,CAAuB;gBAEzB,MAAM,EAAE,oBAAoB;IAKxC;;OAEG;IACG,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QACvC,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC7B,eAAe,CAAC,EAAE,eAAe,CAAC;KACnC,GAAG,OAAO,CAAC,aAAa,CAAC;IA4D1B;;OAEG;IACH,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAUtD;;OAEG;IACH,OAAO,CAAC,aAAa;CAoBtB"}

package/dist/sandbox/command-sandbox.js

@@ -0,0 +1,144 @@
+/**
+ * 命令执行沙箱
+ *
+ * 进程级轻量沙箱，参考 OpenClaw 2026.3.22 安全增强
+ * - 危险命令模式阻断
+ * - 命令执行超时
+ * - 输出大小限制
+ * - 环境变量过滤
+ */
+import { exec } from 'node:child_process';
+import { promisify } from 'node:util';
+import { createLogger } from '../core/logger.js';
+const execAsync = promisify(exec);
+// ==================== 危险命令模式 ====================
+const DANGEROUS_PATTERNS = [
+    // OpenClaw 2026.3.22: JVM 注入
+    /MAVEN_OPTS/i,
+    /JAVA_TOOL_OPTIONS/i,
+    // OpenClaw 2026.3.22: glibc 漏洞利用
+    /GLIBC_TUNABLES/i,
+    // OpenClaw 2026.3.22: .NET 依赖劫持
+    /DOTNET_ADDITIONAL_DEPS/i,
+    /DOTNET_STARTUP_HOOKS/i,
+    // 通用危险命令
+    /rm\s+-rf\s+\/(?!\s)/,
+    /curl.*\|.*sh/i,
+    /wget.*\|.*sh/i,
+    /mkfs/i,
+    /dd\s+if=/i,
+    />\s*\/dev\//i,
+    /chmod\s+777\s+\//i,
+    /chown\s+.*\s+\//i,
+    /nc\s+-[el]/i,
+    /socat/i,
+    /python.*-c.*import\s+socket/i,
+    /bash\s+-i\s+>&/i,
+];
+// 禁止的环境变量
+const BLOCKED_ENV_VARS = [
+    'MAVEN_OPTS', 'JAVA_TOOL_OPTIONS', 'GLIBC_TUNABLES',
+    'DOTNET_ADDITIONAL_DEPS', 'DOTNET_STARTUP_HOOKS',
+    'LD_PRELOAD', 'DYLD_INSERT_LIBRARIES',
+    'PYTHONPATH', 'NODE_PATH',
+];
+// ==================== 命令沙箱 ====================
+export class CommandSandbox {
+    logger;
+    config;
+    constructor(config) {
+        this.config = config;
+        this.logger = createLogger('CommandSandbox');
+    }
+    /**
+     * 在沙箱中执行命令
+     */
+    async execute(command, options) {
+        const startTime = Date.now();
+        // 1. 危险命令检查
+        const blockResult = this.checkDangerousPatterns(command);
+        if (blockResult) {
+            this.logger.warn('命令被沙箱阻断', { reason: blockResult, command: command.slice(0, 100) });
+            return {
+                success: false,
+                stdout: '',
+                stderr: `命令被安全沙箱阻断: ${blockResult}`,
+                exitCode: -1,
+                durationMs: Date.now() - startTime,
+                truncated: false,
+                blocked: blockResult,
+            };
+        }
+        // 2. 过滤环境变量
+        const safeEnv = this.filterEnvVars(options?.env);
+        // 3. 执行命令（带超时）
+        try {
+            const { stdout, stderr } = await execAsync(command, {
+                cwd: options?.cwd || process.cwd(),
+                env: safeEnv,
+                timeout: this.config.commandTimeoutMs,
+                maxBuffer: this.config.maxOutputKB * 1024,
+                // 限制子进程不产生新的子进程
+                shell: '/bin/bash',
+            });
+            const durationMs = Date.now() - startTime;
+            const truncated = stdout.length > this.config.maxOutputKB * 1024;
+            return {
+                success: true,
+                stdout: truncated ? stdout.slice(0, this.config.maxOutputKB * 512) : stdout,
+                stderr,
+                exitCode: 0,
+                durationMs,
+                truncated,
+            };
+        }
+        catch (err) {
+            const durationMs = Date.now() - startTime;
+            const stdout = err.stdout || '';
+            const stderr = err.stderr || '';
+            const truncated = stdout.length > this.config.maxOutputKB * 1024;
+            return {
+                success: false,
+                stdout: truncated ? stdout.slice(0, this.config.maxOutputKB * 512) : stdout,
+                stderr: stderr || err.message,
+                exitCode: err.code || -1,
+                durationMs,
+                truncated,
+            };
+        }
+    }
+    /**
+     * 检查危险命令模式
+     */
+    checkDangerousPatterns(command) {
+        for (const pattern of DANGEROUS_PATTERNS) {
+            if (pattern.test(command)) {
+                const match = command.match(pattern);
+                return `匹配危险模式: "${match?.[0]?.slice(0, 50)}"`;
+            }
+        }
+        return null;
+    }
+    /**
+     * 过滤环境变量
+     */
+    filterEnvVars(extraEnv) {
+        const env = {};
+        // 基础安全环境变量
+        const safeBase = ['PATH', 'HOME', 'LANG', 'TERM', 'NODE_ENV', 'TZ'];
+        for (const key of safeBase) {
+            if (process.env[key])
+                env[key] = process.env[key];
+        }
+        // 额外的安全变量
+        if (extraEnv) {
+            for (const [key, value] of Object.entries(extraEnv)) {
+                if (!BLOCKED_ENV_VARS.includes(key.toUpperCase())) {
+                    env[key] = value;
+                }
+            }
+        }
+        return env;
+    }
+}
+//# sourceMappingURL=command-sandbox.js.map

package/dist/sandbox/command-sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-sandbox.js","sourceRoot":"","sources":["../../src/sandbox/command-sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,YAAY,EAAe,MAAM,mBAAmB,CAAC;AAG9D,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAElC,mDAAmD;AAEnD,MAAM,kBAAkB,GAAa;IACnC,6BAA6B;IAC7B,aAAa;IACb,oBAAoB;IACpB,iCAAiC;IACjC,iBAAiB;IACjB,gCAAgC;IAChC,yBAAyB;IACzB,uBAAuB;IACvB,SAAS;IACT,qBAAqB;IACrB,eAAe;IACf,eAAe;IACf,OAAO;IACP,WAAW;IACX,cAAc;IACd,mBAAmB;IACnB,kBAAkB;IAClB,aAAa;IACb,QAAQ;IACR,8BAA8B;IAC9B,iBAAiB;CAClB,CAAC;AAEF,UAAU;AACV,MAAM,gBAAgB,GAAG;IACvB,YAAY,EAAE,mBAAmB,EAAE,gBAAgB;IACnD,wBAAwB,EAAE,sBAAsB;IAChD,YAAY,EAAE,uBAAuB;IACrC,YAAY,EAAE,WAAW;CAC1B,CAAC;AAsBF,iDAAiD;AAEjD,MAAM,OAAO,cAAc;IACjB,MAAM,CAAS;IACf,MAAM,CAAuB;IAErC,YAAY,MAA4B;QACtC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO,CAAC,OAAe,EAAE,OAI9B;QACC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,YAAY;QACZ,MAAM,WAAW,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;QACzD,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YACrF,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,EAAE;gBACV,MAAM,EAAE,cAAc,WAAW,EAAE;gBACnC,QAAQ,EAAE,CAAC,CAAC;gBACZ,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;gBAClC,SAAS,EAAE,KAAK;gBAChB,OAAO,EAAE,WAAW;aACrB,CAAC;QACJ,CAAC;QAED,YAAY;QACZ,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAEjD,eAAe;QACf,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE;gBAClD,GAAG,EAAE,OAAO,EAAE,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE;gBAClC,GAAG,EAAE,OAAO;gBACZ,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB;gBACrC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI;gBACzC,gBAAgB;gBAChB,KAAK,EAAE,WAAW;aACnB,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAC1C,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;YAEjE,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM;gBAC3E,MAAM;gBACN,QAAQ,EAAE,CAAC;gBACX,UAAU;gBACV,SAAS;aACV,CAAC;QACJ,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAC1C,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;YAChC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;YAChC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,CAAC;YAEjE,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM;gBAC3E,MAAM,EAAE,MAAM,IAAI,GAAG,CAAC,OAAO;gBAC7B,QAAQ,EAAE,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC;gBACxB,UAAU;gBACV,SAAS;aACV,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,sBAAsB,CAAC,OAAe;QACpC,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;YACzC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACrC,OAAO,YAAY,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC;YACjD,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,QAAiC;QACrD,MAAM,GAAG,GAA2B,EAAE,CAAC;QAEvC,WAAW;QACX,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,CAAC,CAAC;QACpE,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,GAAG,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC;QACrD,CAAC;QAED,UAAU;QACV,IAAI,QAAQ,EAAE,CAAC;YACb,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpD,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;oBAClD,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;gBACnB,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;CACF"}

package/dist/sandbox/fs-sandbox.d.ts

@@ -0,0 +1,56 @@
+/**
+ * 文件系统沙箱
+ *
+ * 路径验证 + 工作目录隔离
+ * - 阻止路径遍历
+ * - 每个任务独立工作目录
+ * - 白名单/黑名单路径控制
+ */
+export interface FsSandboxConfig {
+    /** 沙箱根目录 */
+    workDir: string;
+    /** 允许访问的路径（绝对路径列表） */
+    allowedPaths: string[];
+    /** 禁止访问的路径 */
+    deniedPaths: string[];
+}
+export interface PathValidation {
+    allowed: boolean;
+    resolvedPath: string;
+    reason?: string;
+}
+export declare class FsSandbox {
+    private logger;
+    private config;
+    private taskDirs;
+    constructor(config: FsSandboxConfig);
+    /**
+     * 验证路径是否允许访问
+     */
+    validatePath(requestedPath: string): PathValidation;
+    /**
+     * 为任务创建隔离工作目录
+     */
+    createTaskWorkDir(taskId: string): Promise<string>;
+    /**
+     * 获取任务工作目录
+     */
+    getTaskWorkDir(taskId: string): string | undefined;
+    /**
+     * 清理任务工作目录
+     */
+    cleanupTaskWorkDir(taskId: string): Promise<void>;
+    /**
+     * 清理所有任务工作目录
+     */
+    cleanupAll(): Promise<void>;
+    /**
+     * 确保沙箱根目录存在
+     */
+    ensureWorkDir(): Promise<void>;
+    /**
+     * 解析并标准化路径
+     */
+    private resolveAndNormalize;
+}
+//# sourceMappingURL=fs-sandbox.d.ts.map

package/dist/sandbox/fs-sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fs-sandbox.d.ts","sourceRoot":"","sources":["../../src/sandbox/fs-sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAQH,MAAM,WAAW,eAAe;IAC9B,YAAY;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,sBAAsB;IACtB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,cAAc;IACd,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAID,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAID,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,QAAQ,CAA6B;gBAEjC,MAAM,EAAE,eAAe;IAKnC;;OAEG;IACH,YAAY,CAAC,aAAa,EAAE,MAAM,GAAG,cAAc;IAmDnD;;OAEG;IACG,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAQxD;;OAEG;IACH,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAIlD;;OAEG;IACG,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAavD;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAMjC;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAIpC;;OAEG;IACH,OAAO,CAAC,mBAAmB;CAM5B"}

package/dist/sandbox/fs-sandbox.js

@@ -0,0 +1,119 @@
+/**
+ * 文件系统沙箱
+ *
+ * 路径验证 + 工作目录隔离
+ * - 阻止路径遍历
+ * - 每个任务独立工作目录
+ * - 白名单/黑名单路径控制
+ */
+import { resolve, isAbsolute, join } from 'node:path';
+import { mkdir, rm } from 'node:fs/promises';
+import { createLogger } from '../core/logger.js';
+// ==================== 文件系统沙箱 ====================
+export class FsSandbox {
+    logger;
+    config;
+    taskDirs = new Map();
+    constructor(config) {
+        this.config = config;
+        this.logger = createLogger('FsSandbox');
+    }
+    /**
+     * 验证路径是否允许访问
+     */
+    validatePath(requestedPath) {
+        const resolved = this.resolveAndNormalize(requestedPath);
+        // 1. 检查黑名单
+        for (const denied of this.config.deniedPaths) {
+            if (resolved.startsWith(denied) || resolved === denied) {
+                return {
+                    allowed: false,
+                    resolvedPath: '',
+                    reason: `路径 "${requestedPath}" 在禁止访问列表中（匹配 ${denied}）`,
+                };
+            }
+        }
+        // 2. 检查白名单
+        const isAllowed = this.config.allowedPaths.some(allowed => resolved.startsWith(allowed));
+        // 3. 检查是否在任务工作目录内
+        const isInTaskDir = [...this.taskDirs.values()].some(taskDir => resolved.startsWith(taskDir));
+        // 4. 检查是否在沙箱根目录内
+        const workDirResolved = resolve(this.config.workDir);
+        const isInWorkDir = resolved.startsWith(workDirResolved);
+        if (!isAllowed && !isInTaskDir && !isInWorkDir) {
+            return {
+                allowed: false,
+                resolvedPath: '',
+                reason: `路径 "${requestedPath}" 不在允许的访问范围内`,
+            };
+        }
+        // 5. 检查路径遍历（已通过 resolve 处理，这里做二次校验）
+        if (requestedPath.includes('..')) {
+            const normalized = resolve(requestedPath);
+            if (!normalized.startsWith(resolve(this.config.workDir))) {
+                return {
+                    allowed: false,
+                    resolvedPath: '',
+                    reason: '路径遍历攻击已阻止',
+                };
+            }
+        }
+        return { allowed: true, resolvedPath: resolved };
+    }
+    /**
+     * 为任务创建隔离工作目录
+     */
+    async createTaskWorkDir(taskId) {
+        const dir = join(resolve(this.config.workDir), `task-${taskId}-${Date.now()}`);
+        await mkdir(dir, { recursive: true });
+        this.taskDirs.set(taskId, dir);
+        this.logger.debug(`创建任务工作目录: ${dir}`);
+        return dir;
+    }
+    /**
+     * 获取任务工作目录
+     */
+    getTaskWorkDir(taskId) {
+        return this.taskDirs.get(taskId);
+    }
+    /**
+     * 清理任务工作目录
+     */
+    async cleanupTaskWorkDir(taskId) {
+        const dir = this.taskDirs.get(taskId);
+        if (!dir)
+            return;
+        try {
+            await rm(dir, { recursive: true, force: true });
+            this.taskDirs.delete(taskId);
+            this.logger.debug(`清理任务工作目录: ${dir}`);
+        }
+        catch (err) {
+            this.logger.warn(`清理工作目录失败: ${dir}`, err.message);
+        }
+    }
+    /**
+     * 清理所有任务工作目录
+     */
+    async cleanupAll() {
+        for (const taskId of [...this.taskDirs.keys()]) {
+            await this.cleanupTaskWorkDir(taskId);
+        }
+    }
+    /**
+     * 确保沙箱根目录存在
+     */
+    async ensureWorkDir() {
+        await mkdir(resolve(this.config.workDir), { recursive: true });
+    }
+    /**
+     * 解析并标准化路径
+     */
+    resolveAndNormalize(inputPath) {
+        if (!isAbsolute(inputPath)) {
+            inputPath = resolve(inputPath);
+        }
+        return resolve(inputPath);
+    }
+}
+//# sourceMappingURL=fs-sandbox.js.map

package/dist/sandbox/fs-sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fs-sandbox.js","sourceRoot":"","sources":["../../src/sandbox/fs-sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,OAAO,EAAW,UAAU,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC/D,OAAO,EAAE,KAAK,EAAE,EAAE,EAAqB,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,YAAY,EAAe,MAAM,mBAAmB,CAAC;AAqB9D,mDAAmD;AAEnD,MAAM,OAAO,SAAS;IACZ,MAAM,CAAS;IACf,MAAM,CAAkB;IACxB,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE7C,YAAY,MAAuB;QACjC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,aAAqB;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;QAEzD,WAAW;QACX,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAC7C,IAAI,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;gBACvD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,YAAY,EAAE,EAAE;oBAChB,MAAM,EAAE,OAAO,aAAa,iBAAiB,MAAM,GAAG;iBACvD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,WAAW;QACX,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CACxD,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAC7B,CAAC;QAEF,kBAAkB;QAClB,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAC7D,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAC7B,CAAC;QAEF,iBAAiB;QACjB,MAAM,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACrD,MAAM,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QAEzD,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,YAAY,EAAE,EAAE;gBAChB,MAAM,EAAE,OAAO,aAAa,cAAc;aAC3C,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,IAAI,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;YAC1C,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;gBACzD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,YAAY,EAAE,EAAE;oBAChB,MAAM,EAAE,WAAW;iBACpB,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,MAAc;QACpC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,QAAQ,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC/E,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC;QACtC,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,MAAc;QAC3B,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,kBAAkB,CAAC,MAAc;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACtC,IAAI,CAAC,GAAG;YAAE,OAAO;QAEjB,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YAChD,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,aAAa,GAAG,EAAE,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,GAAG,EAAE,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU;QACd,KAAK,MAAM,MAAM,IAAI,CAAC,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa;QACjB,MAAM,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;IAED;;OAEG;IACK,mBAAmB,CAAC,SAAiB;QAC3C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3B,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;QACjC,CAAC;QACD,OAAO,OAAO,CAAC,SAAS,CAAC,CAAC;IAC5B,CAAC;CACF"}

package/dist/sandbox/network-sandbox.d.ts

@@ -0,0 +1,41 @@
+/**
+ * 网络访问沙箱
+ *
+ * URL 验证 + 域名白名单 + SSRF 防护
+ * 参考 OpenClaw 的安全增强设计
+ */
+import type { PermissionLevel } from '../security/permission-level.js';
+export interface NetworkSandboxConfig {
+    allowLocalhost: boolean;
+    allowedDomains: string[];
+    deniedDomains: string[];
+    blockUnknownDomains: boolean;
+}
+export interface UrlValidation {
+    allowed: boolean;
+    reason?: string;
+    protocol?: string;
+    hostname?: string;
+}
+export declare class NetworkSandbox {
+    private logger;
+    private config;
+    constructor(config: NetworkSandboxConfig);
+    /**
+     * 验证 URL 是否允许访问
+     */
+    validateUrl(url: string, permissionLevel?: PermissionLevel): UrlValidation;
+    /**
+     * 检查是否是本地/内网地址
+     */
+    isLocalAddress(hostname: string): boolean;
+    /**
+     * 域名匹配（支持通配符 *）
+     */
+    private matchDomain;
+    /**
+     * 验证并返回安全的 URL（用于 fetch 包装）
+     */
+    safeFetchUrl(url: string, permissionLevel?: PermissionLevel): string;
+}
+//# sourceMappingURL=network-sandbox.d.ts.map

package/dist/sandbox/network-sandbox.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"network-sandbox.d.ts","sourceRoot":"","sources":["../../src/sandbox/network-sandbox.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAIvE,MAAM,WAAW,oBAAoB;IACnC,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,mBAAmB,EAAE,OAAO,CAAC;CAC9B;AAID,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAoBD,qBAAa,cAAc;IACzB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,MAAM,CAAuB;gBAEzB,MAAM,EAAE,oBAAoB;IAKxC;;OAEG;IACH,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,eAAe,GAAG,aAAa;IAoD1E;;OAEG;IACH,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;IAezC;;OAEG;IACH,OAAO,CAAC,WAAW;IAanB;;OAEG;IACH,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,eAAe,CAAC,EAAE,eAAe,GAAG,MAAM;CAOrE"}