lavamoat-core - npm Package Compare versions

Comparing version 15.4.0 to 16.0.0

CHANGELOG.md

		@@ -9,2 +9,45 @@ # Changelog

		## [16.0.0](https://github.com/LavaMoat/LavaMoat/compare/lavamoat-core-v15.4.0...lavamoat-core-v16.0.0) (2024-08-15)


		### ⚠ BREAKING CHANGES

		* node: remove support for Node.js v16
		* browserify: remove support for Node.js v16
		* perf: remove support for Node.js v16
		* tofu: remove support for Node.js v16
		* webpack: remove support for Node.js v16
		* core: remove support for Node.js v16

		### Features

		* core: make makeMinimalViewOfRef usage in builtin attenuation consistent with globals for negative policy overrides, moving implementation to endowmentsToolkit as a side-effect desireable for webpack plugin ([c0c91fc](https://github.com/LavaMoat/LavaMoat/commit/c0c91fc1b857ccd8d61891c342a080641edbbc86))
		* global store with attenuation support ([#1158](https://github.com/LavaMoat/LavaMoat/issues/1158)) ([f7175a6](https://github.com/LavaMoat/LavaMoat/commit/f7175a6de366cc975ab158c631dbef16cb346fde))


		### Bug Fixes

		* deps: update babel monorepo ([0880e2e](https://github.com/LavaMoat/LavaMoat/commit/0880e2edde6e8f661e4fdebddcb47e585a43b469))
		* deps: update babel monorepo ([d9d40b4](https://github.com/LavaMoat/LavaMoat/commit/d9d40b4e5358734bd9fdd680a5b8048d9efbc55c))
		* deps: update babel monorepo ([b6aa714](https://github.com/LavaMoat/LavaMoat/commit/b6aa71446e00e9e201fad90abdc847d12b0d27a0))
		* deps: update dependency type-fest to v4.23.0 ([d04e1f3](https://github.com/LavaMoat/LavaMoat/commit/d04e1f33af0931598443cbbf102020906cbd9b92))
		* deps: update dependency type-fest to v4.24.0 ([c735909](https://github.com/LavaMoat/LavaMoat/commit/c73590938207181ccec21727a5f11b8df2f2b7c0))


		### Miscellaneous Chores

		* browserify: remove support for Node.js v16 ([6ca05ba](https://github.com/LavaMoat/LavaMoat/commit/6ca05baa80bf7b022255b8ef476577343e514018))
		* core: remove support for Node.js v16 ([6ca05ba](https://github.com/LavaMoat/LavaMoat/commit/6ca05baa80bf7b022255b8ef476577343e514018))
		* node: remove support for Node.js v16 ([6ca05ba](https://github.com/LavaMoat/LavaMoat/commit/6ca05baa80bf7b022255b8ef476577343e514018))
		* perf: remove support for Node.js v16 ([6ca05ba](https://github.com/LavaMoat/LavaMoat/commit/6ca05baa80bf7b022255b8ef476577343e514018))
		* tofu: remove support for Node.js v16 ([6ca05ba](https://github.com/LavaMoat/LavaMoat/commit/6ca05baa80bf7b022255b8ef476577343e514018))
		* webpack: remove support for Node.js v16 ([6ca05ba](https://github.com/LavaMoat/LavaMoat/commit/6ca05baa80bf7b022255b8ef476577343e514018))


		### Dependencies

		* The following workspace dependencies were updated
		* dependencies
		* lavamoat-tofu bumped from ^7.3.0 to ^8.0.0

		## [15.4.0](https://github.com/LavaMoat/LavaMoat/compare/lavamoat-core-v15.3.0...lavamoat-core-v15.4.0) (2024-07-11)
		@@ -11,0 +54,0 @@

package.json

		{
		"name": "lavamoat-core",
		"version": "15.4.0",
		"version": "16.0.0",
		"description": "LavaMoat kernel and utils",
		@@ -17,3 +17,3 @@ "repository": {
		"engines": {
		"node": "^16.20.0 \|\| ^18.0.0 \|\| ^20.0.0 \|\| ^22.0.0"
		"node": "^18.0.0 \|\| ^20.0.0 \|\| ^22.0.0"
		},
		@@ -39,7 +39,7 @@ "main": "src/index.js",
		"dependencies": {
		"@babel/types": "7.24.6",
		"@babel/types": "7.25.2",
		"json-stable-stringify": "1.1.1",
		"lavamoat-tofu": "^7.3.0",
		"lavamoat-tofu": "^8.0.0",
		"merge-deep": "3.0.3",
		"type-fest": "4.15.0"
		"type-fest": "4.24.0"
		},
		@@ -46,0 +46,0 @@ "devDependencies": {

352

src/endowmentsToolkit.js

		@@ -18,13 +18,35 @@ // @ts-check

		/**
		* WARNING: This module is used directly by the runtime in webpack plugin which
		* uses simple shimming to assemble modules. It doesn't bundle properly. This
		* file cannot reqire any files or packages.
		*/

		module.exports = endowmentsToolkit

		// Exports for testing
		module.exports._test = { instrumentDynamicValueAtPath }

		/**
		* Returns a compy of endowmentsToolkit initialized on provided configuration.
		*
		* @param {object} opts
		* @param {DefaultWrapperFn} [opts.createFunctionWrapper]
		* @param {boolean} [opts.handleGlobalWrite]
		* @param {Set<string>} [opts.knownWritableFields] - List of globals that can be
		* mutated later
		*/
		function endowmentsToolkit({
		createFunctionWrapper = defaultCreateFunctionWrapper,
		handleGlobalWrite = false,
		knownWritableFields = new Set(),
		} = {}) {
		return {
		// public API
		getEndowmentsForConfig,
		copyWrappedGlobals,
		getBuiltinForConfig,
		createFunctionWrapper,
		// internals exposed for core
		// TODO: hide eventually?
		makeMinimalViewOfRef,
		@@ -34,4 +56,2 @@ copyValueAtPath,
		applyEndowmentPropDescTransforms,
		copyWrappedGlobals,
		createFunctionWrapper,
		}
		@@ -43,3 +63,4 @@
		*
		* @param {object} sourceRef - Object from which to copy properties
		* @template {object} T Deep properties specified in the packagePolicy
		* @param {T} sourceRef - Object from which to copy properties
		* @param {LMPolicy.PackagePolicy} packagePolicy - LavaMoat policy item
		@@ -51,3 +72,3 @@ * representing a package
		* replace (default: targetRef)
		* @returns {object} - The targetRef
		* @returns {Partial<T>} - The targetRef
		*/
		@@ -66,4 +87,7 @@ function getEndowmentsForConfig(
		const whitelistedReads = []
		/** @type {Set<string>} */
		const allowedWriteFields = new Set()
		/** @type {string[]} */
		const explicitlyBanned = []

		Object.entries(packagePolicy.globals).forEach(
		@@ -88,2 +112,12 @@ ([path, packagePolicyValue]) => {
		if (packagePolicyValue === 'write') {
		if (!handleGlobalWrite) {
		return
		}
		if (pathParts.length > 1) {
		throw new Error(
		`LavaMoat - write access is only allowed at the top level, saw "${path}"`
		)
		}
		allowedWriteFields.add(path)
		whitelistedReads.push(path)
		return
		@@ -99,2 +133,4 @@ }
		)
		// sort by length to optimize further steps
		whitelistedReads.sort((a, b) => a.length - b.length)
		return makeMinimalViewOfRef(
		@@ -105,3 +141,4 @@ sourceRef,
		unwrapFrom,
		explicitlyBanned
		explicitlyBanned,
		allowedWriteFields
		)
		@@ -111,8 +148,13 @@ }
		/**
		* @param {object} sourceRef
		* Creates an object populated with only the deep properties specified by the
		* paths array.
		*
		* @template {object} T
		* @param {T} sourceRef
		* @param {string[]} paths
		* @param {object} unwrapTo
		* @param {object} unwrapFrom
		* @param {string[]} explicitlyBanned
		* @returns {object}
		* @param {object} [unwrapTo]
		* @param {object} [unwrapFrom]
		* @param {string[]} [explicitlyBanned]
		* @param {Set<string>} [allowedWriteFields]
		* @returns {Partial<T>}
		*/
		@@ -124,3 +166,4 @@ function makeMinimalViewOfRef(
		unwrapFrom,
		explicitlyBanned = []
		explicitlyBanned = [],
		allowedWriteFields = new Set()
		) {
		@@ -130,11 +173,20 @@ /** @type {object} */
		paths.forEach((path) => {
		copyValueAtPath(
		'',
		path.split('.'),
		explicitlyBanned,
		sourceRef,
		targetRef,
		unwrapTo,
		unwrapFrom
		)
		const pathParts = path.split('.')
		if (knownWritableFields.has(pathParts[0])) {
		if (allowedWriteFields.has(pathParts[0])) {
		makeWritableValueAtPath(pathParts[0], sourceRef, targetRef)
		} else {
		instrumentDynamicValueAtPath(pathParts, sourceRef, targetRef)
		}
		} else {
		copyValueAtPath(
		'',
		pathParts,
		explicitlyBanned,
		sourceRef,
		targetRef,
		unwrapTo,
		unwrapFrom
		)
		}
		})
		@@ -145,30 +197,43 @@ return targetRef
		/**
		* @param {string} visited
		* @param {string} next
		* Creates an object populated with only the deep properties specified in the
		* packagePolicy for builtins.
		*
		* @template {object} T
		* @param {T} moduleNamespace
		* @param {string} moduleId
		* @param {LMPolicy.BuiltinPolicy} policyBuiltin
		* @returns {Partial<T>}
		*/
		function extendPath(visited, next) {
		// FIXME: second part of this conditional should be unnecessary
		if (!visited \|\| visited.length === 0) {
		return next
		}
		return `${visited}.${next}`
		}
		function getBuiltinForConfig(moduleNamespace, moduleId, policyBuiltin) {
		/** @type {string[]} */
		const builtinPaths = []

		/**
		* @template T
		* @param {T \| null} value
		* @returns {value is null}
		*/
		function isEmpty(value) {
		return !value
		/** @type {string[]} */
		const explicitlyBanned = []

		// Collect the same paths information as getEndowmentsForConfig to enable
		// matching behavior of policy between globals and builtins
		Object.entries(policyBuiltin).forEach(([packagePath, allowed]) => {
		const packagePathParts = packagePath.split('.')
		if (moduleId === packagePathParts[0]) {
		const packagePathWithoutPackage = packagePathParts.slice(1).join('.')
		if (allowed === true) {
		builtinPaths.push(packagePathWithoutPackage)
		} else if (allowed === false) {
		explicitlyBanned.push(packagePathWithoutPackage)
		}
		}
		})
		const moduleNamespaceView = makeMinimalViewOfRef(
		moduleNamespace,
		builtinPaths.sort(),
		undefined,
		undefined,
		explicitlyBanned
		)
		return moduleNamespaceView
		}

		/**
		* @param {string} visitedPath
		* @param {string[]} pathParts
		* @param {string[]} explicitlyBanned
		* @param {object} sourceRef
		* @param {object} targetRef
		* @param {object} unwrapTo
		* @param {object} unwrapFrom
		* @type {CopyValueAtPath}
		*/
		@@ -321,6 +386,3 @@ function copyValueAtPath(
		/**
		* @param {PropertyDescriptor} propDesc
		* @param {object} unwrapFromCompartmentGlobalThis
		* @param {object} unwrapToGlobalThis
		* @returns {PropertyDescriptor}
		* @type {ApplyEndowmentPropDescTransforms}
		*/
		@@ -347,6 +409,3 @@ function applyEndowmentPropDescTransforms(
		/**
		* @param {PropertyDescriptor} sourcePropDesc
		* @param {object} unwrapFromGlobalThis
		* @param {object} unwrapToGlobalThis
		* @returns {PropertyDescriptor}
		* @type {ApplyGetSetPropDescTransforms}
		*/
		@@ -413,2 +472,4 @@ function applyGetSetPropDescTransforms(
		/**
		* Utility function used by copyWrappedGlobals to wrap a function.
		*
		* @param {PropertyDescriptor} propDesc
		@@ -477,5 +538,3 @@ * @param {object} unwrapFromCompartmentGlobalThis
		/**
		* @param {object} globalRef
		* @param {Record<PropertyKey, any>} target
		* @param {string[]} globalThisRefs
		* @type {CopyWrappedGlobals}
		*/
		@@ -552,22 +611,120 @@ function copyWrappedGlobals(
		}
		}
		/**
		* Util for getting the prototype chain as an array includes the provided value
		* in the result
		*
		* @param {any} value
		* @returns {any[]}
		*/
		function getPrototypeChain(value) {
		const protoChain = []
		let current = value
		while (
		current &&
		(typeof current === 'object' \|\| typeof current === 'function')
		) {
		protoChain.push(current)
		current = Reflect.getPrototypeOf(current)
		}
		return protoChain
		}

		/**
		* Util for getting the prototype chain as an array includes the provided
		* value in the result
		*
		* @param {any} value
		* @returns {any[]}
		*/
		function getPrototypeChain(value) {
		const protoChain = []
		let current = value
		while (
		current &&
		(typeof current === 'object' \|\| typeof current === 'function')
		) {
		protoChain.push(current)
		current = Reflect.getPrototypeOf(current)
		/**
		* @param {string} visited
		* @param {string} next
		*/
		function extendPath(visited, next) {
		// FIXME: second part of this conditional should be unnecessary
		if (!visited \|\| visited.length === 0) {
		return next
		}
		return `${visited}.${next}`
		}

		/**
		* @param {object \| null} value
		* @returns {value is null}
		*/
		function isEmpty(value) {
		return !value
		}

		/**
		* Sets up the getter and setter pair so that the specific targetRef field is
		* effectively writeable and the value propagates to sourceRef. This implements
		* the `'write'` permission for a global in a specific resource.
		*
		* @param {string} key
		* @param {Record<string, any>} sourceRef
		* @param {Record<string, any>} targetRef
		*/
		function makeWritableValueAtPath(key, sourceRef, targetRef) {
		const enumerable = Reflect.getOwnPropertyDescriptor(
		sourceRef,
		key
		)?.enumerable
		Reflect.defineProperty(targetRef, key, {
		configurable: false,
		enumerable,
		set(newValue) {
		sourceRef[key] = newValue
		},
		get() {
		return sourceRef[key]
		},
		})
		}

		/**
		* Puts a getter at the end of the path that returns the nested values from a
		* top-level field that might change at runtime.
		*
		* @param {string[]} pathParts
		* @param {Record<string, any>} sourceRef
		* @param {Record<string, any>} targetRef
		*/
		function instrumentDynamicValueAtPath(pathParts, sourceRef, targetRef) {
		const enumerable = Reflect.getOwnPropertyDescriptor(
		sourceRef,
		pathParts[0]
		)?.enumerable
		const dynamicGetterDesc = {
		get: () => {
		const dynamicValue = sourceRef[pathParts[0]]
		let leaf = dynamicValue,
		parent = sourceRef

		for (let i = 1; i < pathParts.length; i++) {
		parent = leaf
		leaf = leaf[pathParts[i]]
		}
		if (typeof leaf === 'function') {
		leaf = leaf.bind(parent) // TODO: consider the risks, should not differ from unwrapping
		}
		return leaf
		},
		writeable: false,
		enumerable, // Initial value will have to suffice. Change will not propagate dynamically.
		configurable: false,
		}
		let currentTarget = targetRef
		let currentPath = ''
		for (let depth = 0; depth < pathParts.length - 1; depth++) {
		currentPath = extendPath(currentPath, pathParts[depth])
		const nextPart = pathParts[depth]
		if (Reflect.getOwnPropertyDescriptor(currentTarget, nextPart)?.get) {
		// We could silently ignore this, but it could introduce a false sense of security in the policy file
		throw Error(
		`LavaMoat - "${pathParts[0]}" is writeable elsewhere and both "${currentPath}" and "${pathParts.join('.')}" are allowed for one package. One of these entries is redundant.`
		)
		}
		return protoChain
		if (typeof currentTarget[nextPart] !== 'object') {
		currentTarget[nextPart] = {}
		}
		currentTarget = currentTarget[nextPart]
		}

		const lastPart = pathParts[pathParts.length - 1]
		Reflect.defineProperty(currentTarget, lastPart, dynamicGetterDesc)
		}
		@@ -603,2 +760,5 @@
		/**
		* The default implementation of the utility for wrapping endowed function to
		* set `this` to a correct reference.
		*
		* @callback DefaultWrapperFn
		@@ -610,1 +770,51 @@ * @param {(...args: any[]) => any} sourceValue
		*/

		/**
		* Makes a copy of all globals from the global ref to a target and wraps them
		* with the wrapper this endowmentsToolkit was configured to use. It also copies
		* all circular references to the root package compartment globalThis.
		*
		* @callback CopyWrappedGlobals
		* @param {object} globalRef
		* @param {Record<PropertyKey, any>} target - The object to copy the properties
		* to, recursively (hence any not unknown type)
		* @param {string[]} globalThisRefs
		* @returns {Record<PropertyKey, any>}
		*/

		/**
		* A recursive function to copy a single (nested) property located at the
		* provided path from a sourceRef to targetRef.
		*
		* @callback CopyValueAtPath
		* @param {string} visitedPath
		* @param {string[]} pathParts
		* @param {string[]} explicitlyBanned
		* @param {object} sourceRef
		* @param {object} targetRef
		* @param {object} [unwrapTo]
		* @param {object} [unwrapFrom]
		* @returns {void}
		*/

		/**
		* Utility function used by copyWrappedGlobals to wrap a property with a getter
		* and/or setter.
		*
		* @callback ApplyGetSetPropDescTransforms
		* @param {PropertyDescriptor} sourcePropDesc
		* @param {object} unwrapFromGlobalThis
		* @param {object} unwrapToGlobalThis
		* @returns {PropertyDescriptor}
		*/

		/**
		* Utility function used by copyWrappedGlobals to choose a wrapping strategy for
		* a property.
		*
		* @callback ApplyEndowmentPropDescTransforms
		* @param {PropertyDescriptor} propDesc
		* @param {object} unwrapFromCompartmentGlobalThis
		* @param {object} unwrapToGlobalThis
		* @returns {PropertyDescriptor}
		*/

src/kernelCoreTemplate.js

		@@ -69,3 +69,3 @@ (function () {
		// "templateRequire" calls are inlined in "generateKernel"
		const { getEndowmentsForConfig, makeMinimalViewOfRef, applyEndowmentPropDescTransforms, copyWrappedGlobals, createFunctionWrapper } = templateRequire('endowmentsToolkit')()
		const { getEndowmentsForConfig, getBuiltinForConfig, applyEndowmentPropDescTransforms, copyWrappedGlobals, createFunctionWrapper } = templateRequire('endowmentsToolkit')()
		const { prepareCompartmentGlobalFromConfig } = templateRequire('makePrepareRealmGlobalFromConfig')({ createFunctionWrapper })
		@@ -215,12 +215,3 @@ const { strictScopeTerminator } = templateRequire('strict-scope-terminator')
		if (!parentIsEntryModule && moduleData.type === 'builtin' && !parentPackagePolicy.builtin[moduleId]) {
		const builtinPaths = (
		Object.entries(parentPackagePolicy.builtin)
		// grab all allowed builtin paths that match this package
		.filter(([packagePath, allowed]) => allowed === true && moduleId === packagePath.split('.')[0])
		// only include the paths after the packageName
		// eslint-disable-next-line @typescript-eslint/no-unused-vars
		.map(([packagePath, allowed]) => packagePath.split('.').slice(1).join('.'))
		.sort()
		)
		moduleExports = makeMinimalViewOfRef(moduleExports, builtinPaths)
		moduleExports = getBuiltinForConfig(moduleExports, moduleId, parentPackagePolicy.builtin)
		}
		@@ -227,0 +218,0 @@

src/schema/ambient.ts

		@@ -28,2 +28,3 @@ /* eslint-disable @typescript-eslint/no-namespace */
		export type PackagePolicy = import('./index').PackagePolicy
		export type BuiltinPolicy = import('./index').BuiltinPolicy
		}
		@@ -30,0 +31,0 @@ }

src/types.ts

		@@ -0,1 +1,3 @@
		import type E from './endowmentsToolkit'

		export type * from './generatePolicy'
		@@ -7,1 +9,3 @@ export * from './index'
		export type * from './schema'
		export { E as EndowmentsToolkitFactory }

types/src/endowmentsToolkit.d.ts

		export = endowmentsToolkit;
		/**
		* Returns a compy of endowmentsToolkit initialized on provided configuration.
		*
		* @param {object} opts
		* @param {DefaultWrapperFn} [opts.createFunctionWrapper]
		* @param {boolean} [opts.handleGlobalWrite]
		* @param {Set<string>} [opts.knownWritableFields] - List of globals that can be
		* mutated later
		*/
		declare function endowmentsToolkit({ createFunctionWrapper, }?: {
		declare function endowmentsToolkit({ createFunctionWrapper, handleGlobalWrite, knownWritableFields, }?: {
		createFunctionWrapper?: DefaultWrapperFn \| undefined;
		handleGlobalWrite?: boolean \| undefined;
		knownWritableFields?: Set<string> \| undefined;
		}): {
		getEndowmentsForConfig: (sourceRef: object, packagePolicy: LMPolicy.PackagePolicy, unwrapTo: object, unwrapFrom: object) => object;
		makeMinimalViewOfRef: (sourceRef: object, paths: string[], unwrapTo: object, unwrapFrom: object, explicitlyBanned?: string[]) => object;
		copyValueAtPath: (visitedPath: string, pathParts: string[], explicitlyBanned: string[], sourceRef: object, targetRef: object, unwrapTo?: object, unwrapFrom?: object) => void;
		getEndowmentsForConfig: <T extends object>(sourceRef: T, packagePolicy: LMPolicy.PackagePolicy, unwrapTo: object, unwrapFrom: object) => Partial<T>;
		copyWrappedGlobals: (globalRef: object, target: Record<PropertyKey, any>, globalThisRefs: string[]) => Record<PropertyKey, any>;
		getBuiltinForConfig: <T extends object>(moduleNamespace: T, moduleId: string, policyBuiltin: LMPolicy.BuiltinPolicy) => Partial<T>;
		createFunctionWrapper: DefaultWrapperFn;
		makeMinimalViewOfRef: <T extends object>(sourceRef: T, paths: string[], unwrapTo?: object \| undefined, unwrapFrom?: object \| undefined, explicitlyBanned?: string[] \| undefined, allowedWriteFields?: Set<string> \| undefined) => Partial<T>;
		copyValueAtPath: (visitedPath: string, pathParts: string[], explicitlyBanned: string[], sourceRef: object, targetRef: object, unwrapTo?: object \| undefined, unwrapFrom?: object \| undefined) => void;
		applyGetSetPropDescTransforms: (sourcePropDesc: PropertyDescriptor, unwrapFromGlobalThis: object, unwrapToGlobalThis: object) => PropertyDescriptor;
		applyEndowmentPropDescTransforms: (propDesc: PropertyDescriptor, unwrapFromCompartmentGlobalThis: object, unwrapToGlobalThis: object) => PropertyDescriptor;
		copyWrappedGlobals: (globalRef: object, target: Record<PropertyKey, any>, globalThisRefs?: string[]) => Record<PropertyKey, any>;
		createFunctionWrapper: DefaultWrapperFn;
		};
		declare namespace endowmentsToolkit {
		export { DefaultWrapperFn };
		export { _test, DefaultWrapperFn, CopyWrappedGlobals, CopyValueAtPath, ApplyGetSetPropDescTransforms, ApplyEndowmentPropDescTransforms };
		}
		declare namespace _test {
		export { instrumentDynamicValueAtPath };
		}
		/**
		* The default implementation of the utility for wrapping endowed function to
		* set `this` to a correct reference.
		*/
		type DefaultWrapperFn = (sourceValue: (...args: any[]) => any, unwrapTest: (value: any) => boolean, unwrapTo: object) => (...args: any[]) => any;
		/**
		* Makes a copy of all globals from the global ref to a target and wraps them
		* with the wrapper this endowmentsToolkit was configured to use. It also copies
		* all circular references to the root package compartment globalThis.
		*/
		type CopyWrappedGlobals = (globalRef: object, target: Record<PropertyKey, any>, globalThisRefs: string[]) => Record<PropertyKey, any>;
		/**
		* A recursive function to copy a single (nested) property located at the
		* provided path from a sourceRef to targetRef.
		*/
		type CopyValueAtPath = (visitedPath: string, pathParts: string[], explicitlyBanned: string[], sourceRef: object, targetRef: object, unwrapTo?: object \| undefined, unwrapFrom?: object \| undefined) => void;
		/**
		* Utility function used by copyWrappedGlobals to wrap a property with a getter
		* and/or setter.
		*/
		type ApplyGetSetPropDescTransforms = (sourcePropDesc: PropertyDescriptor, unwrapFromGlobalThis: object, unwrapToGlobalThis: object) => PropertyDescriptor;
		/**
		* Utility function used by copyWrappedGlobals to choose a wrapping strategy for
		* a property.
		*/
		type ApplyEndowmentPropDescTransforms = (propDesc: PropertyDescriptor, unwrapFromCompartmentGlobalThis: object, unwrapToGlobalThis: object) => PropertyDescriptor;
		/**
		* Puts a getter at the end of the path that returns the nested values from a
		* top-level field that might change at runtime.
		*
		* @param {string[]} pathParts
		* @param {Record<string, any>} sourceRef
		* @param {Record<string, any>} targetRef
		*/
		declare function instrumentDynamicValueAtPath(pathParts: string[], sourceRef: Record<string, any>, targetRef: Record<string, any>): void;
		//# sourceMappingURL=endowmentsToolkit.d.ts.map

types/src/generatePolicy.d.ts

		export type ModuleToPackageFallbackFn = (requestedName: string) => string \| undefined;
		export type AggregateDepsOptions = {
		packageModules: Record<string, import('./moduleRecord').LavamoatModuleRecord>;
		moduleIdToModuleRecord: Map<string, import('./moduleRecord').LavamoatModuleRecord>;
		packageModules: Record<string, import("./moduleRecord").LavamoatModuleRecord>;
		moduleIdToModuleRecord: Map<string, import("./moduleRecord").LavamoatModuleRecord>;
		moduleToPackageFallback?: ModuleToPackageFallbackFn \| undefined;
		};
		export type GeneratePolicyFn = (opts: Partial<ModuleInspectorOptions> & {
		policyOverride?: import('./schema').LavaMoatPolicyOverrides;
		policyOverride?: import("./schema").LavaMoatPolicyOverrides;
		moduleToPackageFallback?: (value: string) => string \| undefined;
		}) => import('./schema').LavaMoatPolicy \| import('./schema').LavaMoatPolicyDebug;
		export type InspectModuleFn = (moduleRecord: import('./moduleRecord').LavamoatModuleRecord, opts?: Partial<ModuleInspectorOptions> \| undefined) => any;
		}) => import("./schema").LavaMoatPolicy \| import("./schema").LavaMoatPolicyDebug;
		export type InspectModuleFn = (moduleRecord: import("./moduleRecord").LavamoatModuleRecord, opts?: Partial<ModuleInspectorOptions> \| undefined) => any;
		export type ModuleInspectorOptions = {
		@@ -21,4 +21,4 @@ isBuiltin: (value: string) => boolean;
		};
		export type ModuleInspector = import('node:events').EventEmitter & ModuleInspectorMembers;
		export type AST = import('@babel/parser').ParseResult<import('@babel/types').File> \| import('@babel/types').File;
		export type ModuleInspector = import("node:events").EventEmitter & ModuleInspectorMembers;
		export type AST = import("@babel/parser").ParseResult<import("@babel/types").File> \| import("@babel/types").File;
		export const rootSlug: "$root$";
		@@ -25,0 +25,0 @@ /**

types/src/loadPolicy.d.ts

		@@ -15,3 +15,3 @@ export type PolicyOpts = {
		*/
		export function loadPolicy({ debugMode, policyPath }: PolicyOpts): Promise<import('./schema').LavaMoatPolicy>;
		export function loadPolicy({ debugMode, policyPath }: PolicyOpts): Promise<import("./schema").LavaMoatPolicy>;
		/**
		@@ -27,3 +27,3 @@ * Loads policy and policy overrides from disk and merges them.
		policyOverridePath: string;
		}): Promise<import('./schema').LavaMoatPolicy>;
		}): Promise<import("./schema").LavaMoatPolicy>;
		/**
		@@ -45,5 +45,5 @@ * Loads policy and policy overrides from disk and merges them.
		}): {
		policy: import('./schema').LavaMoatPolicy \| undefined;
		applyOverride: (main: import('./schema').LavaMoatPolicy) => import('./schema').LavaMoatPolicy;
		policy: import("./schema").LavaMoatPolicy \| undefined;
		applyOverride: (main: import("./schema").LavaMoatPolicy) => import("./schema").LavaMoatPolicy;
		};
		//# sourceMappingURL=loadPolicy.d.ts.map

types/src/moduleRecord.d.ts

		/**
		* Options for {@link LavamoatModuleRecord } constructor.
		* Options for {@link LavamoatModuleRecord} constructor.
		*/
		@@ -40,9 +40,9 @@ export type LavamoatModuleRecordOptions<InitArgs extends any[] = DefaultModuleInitArgs> = {
		/**
		* Possible value of {@link LavamoatModuleRecord.type }.
		* Possible value of {@link LavamoatModuleRecord.type}.
		*
		* _Note:_ `js` means "source code", not "JavaScript source code"
		*/
		export type ModuleRecordType = 'builtin' \| 'native' \| 'js';
		export type ModuleRecordType = "builtin" \| "native" \| "js";
		/**
		* Default {@link ModuleInitializer } arguments
		* Default {@link ModuleInitializer} arguments
		*/
		@@ -113,3 +113,3 @@ export type DefaultModuleInitArgs = [exports: Record<string, any>, require: (id: string) => unknown, module: Record<string, any>];
		*/
		ast: import('@babel/types').File \| undefined;
		ast: import("@babel/types").File \| undefined;
		/**
		@@ -116,0 +116,0 @@ * Module initializer function

types/src/options.d.ts

		/**
		* Value of the {@link LavaMoatOpts.scuttleGlobalThis } option.
		* Value of the {@link LavaMoatOpts.scuttleGlobalThis} option.
		*/
		@@ -4,0 +4,0 @@ export type LavaMoatScuttleOpts = {

types/src/parseForPolicy.d.ts

		@@ -1,2 +0,2 @@
		export type ImportHookFn = (address: string) => Promise<import('./moduleRecord').LavamoatModuleRecord>;
		export type ImportHookFn = (address: string) => Promise<import("./moduleRecord").LavamoatModuleRecord>;
		export type IsBuiltinFn = (specifier: string) => boolean;
		@@ -19,3 +19,3 @@ export type ShouldImportFn = (childSpecifier: string, moduleSpecifier: string) => boolean;
		*/
		export function parseForPolicy({ moduleSpecifier, importHook, isBuiltin, shouldImport, policyOverride, includeDebugInfo, inspector, }: ParseForPolicyOpts): Promise<import('./schema').LavaMoatPolicy>;
		export function parseForPolicy({ moduleSpecifier, importHook, isBuiltin, shouldImport, policyOverride, includeDebugInfo, inspector, }: ParseForPolicyOpts): Promise<import("./schema").LavaMoatPolicy>;
		//# sourceMappingURL=parseForPolicy.d.ts.map

types/src/schema/ambient.d.ts

		@@ -24,2 +24,3 @@ /**
		type PackagePolicy = import('./index').PackagePolicy;
		type BuiltinPolicy = import('./index').BuiltinPolicy;
		}
		@@ -26,0 +27,0 @@ }

types/src/types.d.ts

		@@ -0,1 +1,2 @@
		import type E from './endowmentsToolkit';
		export type * from './generatePolicy';
		@@ -7,2 +8,3 @@ export * from './index';
		export type * from './schema';
		export { E as EndowmentsToolkitFactory };
		//# sourceMappingURL=types.d.ts.map

types/src/walk.d.ts

		@@ -1,2 +0,2 @@
		export type VisitorFn = (moduleRecord: import('./moduleRecord').LavamoatModuleRecord) => void;
		export type VisitorFn = (moduleRecord: import("./moduleRecord").LavamoatModuleRecord) => void;
		/**
		@@ -17,5 +17,5 @@ * @callback VisitorFn
		moduleSpecifier: string;
		importHook: import('./parseForPolicy').ImportHookFn;
		importHook: import("./parseForPolicy").ImportHookFn;
		visitorFn: VisitorFn;
		shouldImport: import('./parseForPolicy').ShouldImportFn;
		shouldImport: import("./parseForPolicy").ShouldImportFn;
		visitedSpecifiers?: Set<string> \| undefined;
		@@ -35,6 +35,6 @@ }): Promise<void>;
		moduleSpecifier: string;
		importHook: import('./parseForPolicy').ImportHookFn;
		importHook: import("./parseForPolicy").ImportHookFn;
		shouldImport?: import("./parseForPolicy").ShouldImportFn \| undefined;
		visitedSpecifiers?: Set<string> \| undefined;
		}): AsyncIterableIterator<import('./moduleRecord').LavamoatModuleRecord>;
		}): AsyncIterableIterator<import("./moduleRecord").LavamoatModuleRecord>;
		//# sourceMappingURL=walk.d.ts.map

types/test/scenarios/security.d.ts

		@@ -1,11 +0,11 @@
		declare const _exports: boolean \| (() => Promise<any>)[] \| {
		declare const _exports: boolean \| (() => Promise<any>)[] \| typeof setTimeout \| {
		objectXyz: boolean;
		protoXyz: boolean;
		} \| typeof setTimeout;
		};
		export = _exports;
		declare const _exports: boolean \| (() => Promise<any>)[] \| {
		declare const _exports: boolean \| (() => Promise<any>)[] \| typeof setTimeout \| {
		objectXyz: boolean;
		protoXyz: boolean;
		} \| typeof setTimeout;
		};
		export = _exports;
		//# sourceMappingURL=security.d.ts.map

types/test/util.d.ts

		@@ -6,10 +6,10 @@ declare namespace _exports {
		export = _exports;
		type GeneratePolicyFromFilesOpts = Partial<import('../src/parseForPolicy').ParseForPolicyOpts> & {
		files: import('./scenario').NormalizedScenarioJSFile[];
		type GeneratePolicyFromFilesOpts = Partial<import("../src/parseForPolicy").ParseForPolicyOpts> & {
		files: import("./scenario").NormalizedScenarioJSFile[];
		};
		/**
		* Options for {@link PlatformRunScenario }
		* Options for {@link PlatformRunScenario}
		*/
		type PlatformRunScenarioOpts<Result = unknown> = {
		scenario: import('./scenario').NormalizedScenario<Result>;
		scenario: import("./scenario").NormalizedScenario<Result>;
		runWithPrecompiledModules?: boolean \| undefined;
		@@ -21,3 +21,3 @@ log?: ((...args: any[]) => void) \| undefined;
		*
		* Called by {@link runAndTestScenario }
		* Called by {@link runAndTestScenario}
		*/
		@@ -30,3 +30,3 @@ type PlatformRunScenario<Result = unknown> = (opts: PlatformRunScenarioOpts<Result>) => Promise<Result>;
		type FsPromiseApi = {
		mkdir: (dir: string, opts?: import('node:fs').MakeDirectoryOptions & {
		mkdir: (dir: string, opts?: import("node:fs").MakeDirectoryOptions & {
		recursive: true;
		@@ -33,0 +33,0 @@ }) => Promise<string \| undefined>;

types/src/endowmentsToolkit.d.ts.map