@agenshield/daemon 0.1.0

package/mcp/client.d.ts

@@ -0,0 +1,73 @@
+/**
+ * MCP Client — thin wrapper around the official SDK
+ *
+ * Uses Client + StreamableHTTPClientTransport with VaultOAuthProvider
+ * for automatic OAuth (DCR, PKCE, token exchange, refresh, 401 retry).
+ *
+ * On-demand connection model: each operation opens a fresh connection,
+ * executes, and closes immediately. No persistent connection is maintained.
+ * State `connected` means "authenticated and ready for on-demand calls".
+ */
+export type MCPConnectionState = 'disconnected' | 'connecting' | 'connected' | 'error' | 'unauthorized';
+/**
+ * Typed error thrown when the MCP connection is unauthorized.
+ * Routes catch this to return structured `{ error: 'unauthorized' }` responses.
+ */
+export declare class MCPUnauthorizedError extends Error {
+    constructor(message?: string);
+}
+export interface MCPTool {
+    name: string;
+    description: string;
+    inputSchema: Record<string, unknown>;
+    integration?: string;
+}
+export interface MCPToolResult {
+    content: Array<{
+        type: string;
+        text?: string;
+        data?: unknown;
+    }>;
+    isError?: boolean;
+}
+export declare class MCPClient {
+    private provider;
+    private gatewayUrl;
+    private state;
+    private active;
+    /** Transport kept only during the OAuth flow (activate → finishAuth) */
+    private authTransport;
+    /** Called when the connection state changes */
+    onStateChange?: (state: MCPConnectionState) => void;
+    constructor(gatewayUrl: string, daemonPort: number);
+    /**
+     * Activate the MCP client.
+     * Tries a probe connection to verify stored tokens are valid.
+     * Returns { authUrl } if the user needs to complete OAuth in a browser.
+     */
+    activate(): Promise<{
+        authUrl?: string;
+    }>;
+    /**
+     * Complete OAuth after receiving the authorization code.
+     * The SDK exchanges the code for tokens, then we verify with a probe connection.
+     */
+    finishAuth(code: string): Promise<void>;
+    /** Mark the client as deactivated */
+    deactivate(): Promise<void>;
+    /** Whether the client has been activated */
+    isActive(): boolean;
+    /** Current connection state */
+    getState(): MCPConnectionState;
+    /** List all available tools from the MCP gateway (on-demand connection) */
+    listTools(): Promise<MCPTool[]>;
+    /** Call a tool on the MCP gateway (on-demand connection) */
+    callTool(name: string, args: Record<string, unknown>): Promise<MCPToolResult>;
+    /**
+     * Open a temporary connection, run `fn`, then close.
+     * Handles UnauthorizedError → sets state and throws MCPUnauthorizedError.
+     */
+    private withConnection;
+    private setState;
+}
+//# sourceMappingURL=client.d.ts.map

package/mcp/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/mcp/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AASH,MAAM,MAAM,kBAAkB,GAAG,cAAc,GAAG,YAAY,GAAG,WAAW,GAAG,OAAO,GAAG,cAAc,CAAC;AAExG;;;GAGG;AACH,qBAAa,oBAAqB,SAAQ,KAAK;gBACjC,OAAO,SAA+E;CAInG;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAChE,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAqB;IACrC,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,KAAK,CAAsC;IACnD,OAAO,CAAC,MAAM,CAAS;IAEvB,wEAAwE;IACxE,OAAO,CAAC,aAAa,CAA8C;IAEnE,+CAA+C;IAC/C,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,kBAAkB,KAAK,IAAI,CAAC;gBAExC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM;IAKlD;;;;OAIG;IACG,QAAQ,IAAI,OAAO,CAAC;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAwC/C;;;OAGG;IACG,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAmC7C,qCAAqC;IAC/B,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAMjC,4CAA4C;IAC5C,QAAQ,IAAI,OAAO;IAInB,+BAA+B;IAC/B,QAAQ,IAAI,kBAAkB;IAI9B,2EAA2E;IACrE,SAAS,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;IAWrC,4DAA4D;IACtD,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,aAAa,CAAC;IASnF;;;OAGG;YACW,cAAc;IA2B5B,OAAO,CAAC,QAAQ;CAMjB"}

package/mcp/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * MCP module exports
+ */
+export { MCPClient, MCPUnauthorizedError } from './client';
+export type { MCPConnectionState, MCPTool, MCPToolResult } from './client';
+export { getMCPClient, activateMCP, deactivateMCP, getMCPState, finishMCPAuth } from './state';
+//# sourceMappingURL=index.d.ts.map

package/mcp/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mcp/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAC3D,YAAY,EAAE,kBAAkB,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC"}

package/mcp/oauth-provider.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Vault-backed OAuth provider for MCP SDK
+ *
+ * Implements OAuthClientProvider using the encrypted vault for
+ * persisting client credentials and tokens. PKCE code verifier
+ * is kept in-memory (single auth session at a time).
+ */
+import type { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth.js';
+import type { OAuthClientMetadata, OAuthTokens, OAuthClientInformationFull } from '@modelcontextprotocol/sdk/shared/auth.js';
+export declare class VaultOAuthProvider implements OAuthClientProvider {
+    private _codeVerifier;
+    private _authUrl;
+    private daemonPort;
+    constructor(daemonPort: number);
+    /** Auth URL captured during redirectToAuthorization */
+    get capturedAuthUrl(): string | null;
+    get redirectUrl(): string;
+    get clientMetadata(): OAuthClientMetadata;
+    clientInformation(): Promise<OAuthClientInformationFull | undefined>;
+    saveClientInformation(info: OAuthClientInformationFull): Promise<void>;
+    tokens(): Promise<OAuthTokens | undefined>;
+    saveTokens(tokens: OAuthTokens): Promise<void>;
+    redirectToAuthorization(authorizationUrl: URL): Promise<void>;
+    saveCodeVerifier(codeVerifier: string): Promise<void>;
+    codeVerifier(): Promise<string>;
+}
+//# sourceMappingURL=oauth-provider.d.ts.map

package/mcp/oauth-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-provider.d.ts","sourceRoot":"","sources":["../../src/mcp/oauth-provider.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,0CAA0C,CAAC;AACpF,OAAO,KAAK,EACV,mBAAmB,EACnB,WAAW,EACX,0BAA0B,EAC3B,MAAM,0CAA0C,CAAC;AASlD,qBAAa,kBAAmB,YAAW,mBAAmB;IAC5D,OAAO,CAAC,aAAa,CAAM;IAC3B,OAAO,CAAC,QAAQ,CAAuB;IACvC,OAAO,CAAC,UAAU,CAAS;gBAEf,UAAU,EAAE,MAAM;IAI9B,uDAAuD;IACvD,IAAI,eAAe,IAAI,MAAM,GAAG,IAAI,CAEnC;IAED,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,IAAI,cAAc,IAAI,mBAAmB,CAQxC;IAEK,iBAAiB,IAAI,OAAO,CAAC,0BAA0B,GAAG,SAAS,CAAC;IAepE,qBAAqB,CAAC,IAAI,EAAE,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC;IAatE,MAAM,IAAI,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAe1C,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAiB9C,uBAAuB,CAAC,gBAAgB,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAM7D,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKrD,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;CAGtC"}

package/mcp/state.d.ts

@@ -0,0 +1,31 @@
+/**
+ * MCP client lifecycle manager
+ *
+ * Singleton management for the MCP client instance.
+ */
+import { MCPClient, type MCPConnectionState } from './client';
+/**
+ * Get the current MCP client instance (or null if not initialized)
+ */
+export declare function getMCPClient(): MCPClient | null;
+/**
+ * Create and activate the MCP client.
+ * @param daemonPort The port the daemon is listening on (for OAuth redirect_uri)
+ * @returns { authUrl } if the user needs to complete OAuth in a browser
+ */
+export declare function activateMCP(daemonPort: number): Promise<{
+    authUrl?: string;
+}>;
+/**
+ * Complete the OAuth flow with an authorization code.
+ */
+export declare function finishMCPAuth(code: string): Promise<void>;
+/**
+ * Deactivate and destroy the MCP client
+ */
+export declare function deactivateMCP(): Promise<void>;
+/**
+ * Get the current MCP connection state
+ */
+export declare function getMCPState(): MCPConnectionState;
+//# sourceMappingURL=state.d.ts.map

package/mcp/state.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../../src/mcp/state.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,SAAS,EAAE,KAAK,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAU9D;;GAEG;AACH,wBAAgB,YAAY,IAAI,SAAS,GAAG,IAAI,CAE/C;AAED;;;;GAIG;AACH,wBAAsB,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAoCnF;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAK/D;AAED;;GAEG;AACH,wBAAsB,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAMnD;AAED;;GAEG;AACH,wBAAgB,WAAW,IAAI,kBAAkB,CAGhD"}

package/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@agenshield/daemon",
+  "version": "0.1.0",
+  "type": "module",
+  "description": "AgenShield HTTP daemon server with embedded UI",
+  "main": "./index.js",
+  "types": "./index.d.ts",
+  "bin": {
+    "agenshield-daemon": "./main.js"
+  },
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./index.js",
+      "default": "./index.js"
+    }
+  },
+  "files": [
+    "**/*.js",
+    "**/*.d.ts",
+    "**/*.d.ts.map",
+    "ui-assets"
+  ],
+  "license": "MIT",
+  "dependencies": {
+    "@agenshield/ipc": "0.1.0",
+    "@agenshield/broker": "0.1.0",
+    "@agenshield/sandbox": "0.1.0",
+    "@modelcontextprotocol/sdk": "^1.26.0",
+    "fastify": "^5.7.0",
+    "zod": "^4.3.6",
+    "@frontmcp/sdk": "^0.8.1",
+    "@fastify/static": "^8.3.0",
+    "@fastify/cors": "^11.0.0",
+    "jszip": "^3.10.1"
+  },
+  "devDependencies": {
+    "@types/node": "^24.0.0",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3"
+  }
+}

package/routes/agenco.d.ts

@@ -0,0 +1,13 @@
+/**
+ * AgenCo API routes
+ *
+ * Routes for AgenCo authentication and tool execution.
+ * Tool/integration routes use the MCP client; auth routes handle OAuth
+ * via the official MCP SDK (DCR, PKCE, token exchange, refresh are automatic).
+ */
+import type { FastifyInstance } from 'fastify';
+/**
+ * Register AgenCo routes
+ */
+export declare function agencoRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=agenco.d.ts.map

package/routes/agenco.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agenco.d.ts","sourceRoot":"","sources":["../../src/routes/agenco.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAiK7E;;GAEG;AACH,wBAAsB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAsbtE"}

package/routes/auth.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Authentication routes
+ *
+ * Handles passcode setup, authentication, and session management.
+ */
+import type { FastifyInstance } from 'fastify';
+/**
+ * Register authentication routes
+ */
+export declare function authRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=auth.d.ts.map

package/routes/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/routes/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAiC7E;;GAEG;AACH,wBAAsB,UAAU,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAkVpE"}

package/routes/config.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Configuration routes
+ */
+import type { FastifyInstance } from 'fastify';
+export declare function configRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=config.d.ts.map

package/routes/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/routes/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAa7E,wBAAsB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAoHtE"}

package/routes/discovery.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Discovery routes — GET /discovery/scan
+ *
+ * Provides a cached system discovery scan covering binaries and skills.
+ */
+import type { FastifyInstance } from 'fastify';
+export declare function discoveryRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=discovery.d.ts.map

package/routes/discovery.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery.d.ts","sourceRoot":"","sources":["../../src/routes/discovery.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAS/C,wBAAsB,eAAe,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAwBzE"}

package/routes/exec.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Exec command allowlist management routes
+ */
+import type { FastifyInstance } from 'fastify';
+export declare function execRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=exec.d.ts.map

package/routes/exec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../src/routes/exec.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAyF/C,wBAAsB,UAAU,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAwHpE"}

package/routes/fs.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Filesystem browse route
+ */
+import type { FastifyInstance } from 'fastify';
+export declare function fsRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=fs.d.ts.map

package/routes/fs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fs.d.ts","sourceRoot":"","sources":["../../src/routes/fs.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAK/C,wBAAsB,QAAQ,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAmClE"}

package/routes/health.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Health check route
+ */
+import type { FastifyInstance } from 'fastify';
+export declare function healthRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=health.d.ts.map

package/routes/health.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../src/routes/health.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAG/C,wBAAsB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAWtE"}

package/routes/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Route registration
+ */
+import type { FastifyInstance } from 'fastify';
+/**
+ * Register all API routes under the /api prefix
+ */
+export declare function registerRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=index.d.ts.map

package/routes/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/routes/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAoB/C;;GAEG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAsFxE"}

package/routes/marketplace.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Marketplace Routes
+ *
+ * Proxy endpoints for ClawHub marketplace search/detail,
+ * agen.co vulnerability analysis, and local skill installation.
+ */
+import type { FastifyInstance } from 'fastify';
+export declare function marketplaceRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=marketplace.d.ts.map

package/routes/marketplace.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"marketplace.d.ts","sourceRoot":"","sources":["../../src/routes/marketplace.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAmC7E,wBAAsB,iBAAiB,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAsX3E"}

package/routes/rpc.d.ts

@@ -0,0 +1,9 @@
+/**
+ * JSON-RPC endpoint for the interceptor
+ *
+ * Handles policy_check, events_batch, http_request, and ping methods.
+ * Registered at root level (not under /api) so it skips auth middleware.
+ */
+import type { FastifyInstance } from 'fastify';
+export declare function rpcRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=rpc.d.ts.map

package/routes/rpc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rpc.d.ts","sourceRoot":"","sources":["../../src/routes/rpc.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAsQ7E,wBAAsB,SAAS,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CA0CnE"}

package/routes/secrets.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Secrets routes — CRUD backed by encrypted vault
+ */
+import type { FastifyInstance } from 'fastify';
+export declare function secretsRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=secrets.d.ts.map

package/routes/secrets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/routes/secrets.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AA6B/C,wBAAsB,aAAa,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CA2FvE"}

package/routes/security.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Security status route
+ */
+import type { FastifyInstance } from 'fastify';
+export declare function securityRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=security.d.ts.map

package/routes/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/routes/security.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAI/C,wBAAsB,cAAc,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAwCxE"}

package/routes/skills.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Skills Management Routes
+ *
+ * API endpoints for managing agent skills (approved and quarantined).
+ */
+import type { FastifyInstance } from 'fastify';
+/**
+ * Register skills management routes
+ */
+export declare function skillsRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=skills.d.ts.map

package/routes/skills.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skills.d.ts","sourceRoot":"","sources":["../../src/routes/skills.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AA0C7E;;GAEG;AACH,wBAAsB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAuYtE"}

package/routes/sse.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Server-Sent Events (SSE) route for real-time updates
+ */
+import type { FastifyInstance } from 'fastify';
+/**
+ * Register SSE routes
+ */
+export declare function sseRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=sse.d.ts.map

package/routes/sse.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sse.d.ts","sourceRoot":"","sources":["../../src/routes/sse.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AAsB7E;;GAEG;AACH,wBAAsB,SAAS,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAmInE"}

package/routes/status.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Status route
+ */
+import type { FastifyInstance } from 'fastify';
+export declare function statusRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=status.d.ts.map

package/routes/status.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.d.ts","sourceRoot":"","sources":["../../src/routes/status.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAO/C,wBAAsB,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAwBtE"}

package/routes/wrappers.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Wrapper management routes
+ *
+ * Provides API endpoints for dynamic wrapper management.
+ * Allows adding, removing, updating wrappers based on policy configuration.
+ */
+import type { FastifyInstance } from 'fastify';
+/**
+ * Register wrapper management routes
+ */
+export declare function wrappersRoutes(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=wrappers.d.ts.map

package/routes/wrappers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wrappers.d.ts","sourceRoot":"","sources":["../../src/routes/wrappers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAgC,MAAM,SAAS,CAAC;AA2D7E;;GAEG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CA8XxE"}

package/server.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Fastify server setup for AgenShield daemon
+ */
+import { type FastifyInstance } from 'fastify';
+import type { DaemonConfig } from '@agenshield/ipc';
+/**
+ * Create and configure the Fastify server
+ * @param config Daemon configuration
+ * @returns Configured Fastify instance
+ */
+export declare function createServer(config: DaemonConfig): Promise<FastifyInstance>;
+/**
+ * Start the server
+ * @param config Daemon configuration
+ * @returns The running Fastify instance
+ */
+export declare function startServer(config: DaemonConfig): Promise<FastifyInstance>;
+//# sourceMappingURL=server.d.ts.map

package/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAgB,EAAE,KAAK,eAAe,EAAE,MAAM,SAAS,CAAC;AAGxD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAUpD;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC,CAgCjF;AAED;;;;GAIG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC,CAuDhF"}

package/services/activity-log.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Persistent activity log with rotation
+ *
+ * Appends every daemon event as JSONL to ~/.agenshield/activity.jsonl.
+ * Rotation: max 100 MB file size (keep newest half), max 24 h retention.
+ */
+export declare class ActivityLog {
+    private filePath;
+    private writeCount;
+    private unsubscribe?;
+    constructor();
+    start(): void;
+    stop(): void;
+    private append;
+    private rotate;
+    /** Keep newest half of lines when file exceeds size limit */
+    private truncateBySize;
+    /** Remove entries older than 24 hours */
+    private pruneOldEntries;
+}
+//# sourceMappingURL=activity-log.d.ts.map

package/services/activity-log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"activity-log.d.ts","sourceRoot":"","sources":["../../src/services/activity-log.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAYH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,UAAU,CAAK;IACvB,OAAO,CAAC,WAAW,CAAC,CAAa;;IAMjC,KAAK,IAAI,IAAI;IAOb,IAAI,IAAI,IAAI;IAIZ,OAAO,CAAC,MAAM;IAWd,OAAO,CAAC,MAAM;IAYd,6DAA6D;IAC7D,OAAO,CAAC,cAAc;IAOtB,yCAAyC;IACzC,OAAO,CAAC,eAAe;CAiBxB"}

package/services/broker-bridge.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Broker Bridge Service
+ *
+ * Provides helper functions for daemon-to-broker communication.
+ * Used for privileged operations that require broker's elevated permissions.
+ */
+import { type SkillInstallResult, type SkillUninstallResult } from '@agenshield/broker';
+/**
+ * Check if the broker is available
+ */
+export declare function isBrokerAvailable(): Promise<boolean>;
+/**
+ * Install a skill via the broker
+ *
+ * @param slug - Skill slug (directory name)
+ * @param files - Array of files to install
+ * @param options - Installation options
+ * @returns Installation result
+ */
+export declare function installSkillViaBroker(slug: string, files: Array<{
+    name: string;
+    content: string;
+}>, options?: {
+    createWrapper?: boolean;
+    agentHome?: string;
+    socketGroup?: string;
+}): Promise<SkillInstallResult>;
+/**
+ * Uninstall a skill via the broker
+ *
+ * @param slug - Skill slug to uninstall
+ * @param options - Uninstallation options
+ * @returns Uninstallation result
+ */
+export declare function uninstallSkillViaBroker(slug: string, options?: {
+    removeWrapper?: boolean;
+    agentHome?: string;
+}): Promise<SkillUninstallResult>;
+/**
+ * Reset the broker client (for testing or reconnection)
+ */
+export declare function resetBrokerClient(): void;
+//# sourceMappingURL=broker-bridge.d.ts.map

package/services/broker-bridge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"broker-bridge.d.ts","sourceRoot":"","sources":["../../src/services/broker-bridge.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAuC,KAAK,kBAAkB,EAAE,KAAK,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAqB7H;;GAEG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC,CAO1D;AAED;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,KAAK,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,EAC/C,OAAO,GAAE;IACP,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACjB,GACL,OAAO,CAAC,kBAAkB,CAAC,CAmB7B;AAED;;;;;;GAMG;AACH,wBAAsB,uBAAuB,CAC3C,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE;IACP,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;CACf,GACL,OAAO,CAAC,oBAAoB,CAAC,CAU/B;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,IAAI,CAExC"}

package/services/integration-skills.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Integration Skills Service
+ *
+ * Provisions the single `agenco-secure-integrations` skill into
+ * the user's skills directory when any integration is connected.
+ */
+/**
+ * Provision the `agenco-secure-integrations` skill into the user's
+ * skills directory.  Call this when ANY integration is connected.
+ *
+ * Returns `{ installed: true }` if newly copied, `{ installed: false }` if
+ * already present, or throws on unexpected errors.
+ */
+export declare function provisionAgenCoSkill(): Promise<{
+    installed: boolean;
+}>;
+/**
+ * Provision an integration-specific documentation skill into the user's
+ * skills directory.  Call this when a specific integration is connected.
+ *
+ * Graceful no-op if the skill folder doesn't exist (integration not in marketplace).
+ */
+export declare function provisionIntegrationSkill(integrationSlug: string): Promise<{
+    installed: boolean;
+}>;
+//# sourceMappingURL=integration-skills.d.ts.map

package/services/integration-skills.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"integration-skills.d.ts","sourceRoot":"","sources":["../../src/services/integration-skills.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA0BH;;;;;;GAMG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC;IAAE,SAAS,EAAE,OAAO,CAAA;CAAE,CAAC,CAqC5E;AAED;;;;;GAKG;AACH,wBAAsB,yBAAyB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,SAAS,EAAE,OAAO,CAAA;CAAE,CAAC,CAsCxG"}

package/services/marketplace.d.ts

@@ -0,0 +1,79 @@
+/**
+ * Marketplace Service
+ *
+ * Proxies requests to ClawHub via Convex HTTP API (search/detail) and agen.co (analysis).
+ * Includes in-memory TTL cache for search and detail results.
+ */
+import type { MarketplaceSkill, MarketplaceSkillFile, AnalyzeSkillResponse } from '@agenshield/ipc';
+/**
+ * Download and extract a skill zip bundle from ClawHub.
+ * Returns the extracted text files as MarketplaceSkillFile[].
+ */
+export declare function downloadAndExtractZip(slug: string): Promise<MarketplaceSkillFile[]>;
+/** Metadata stored alongside downloaded skill files */
+export interface DownloadedSkillMeta {
+    name: string;
+    slug: string;
+    author: string;
+    version: string;
+    description: string;
+    tags: string[];
+    downloadedAt: string;
+    analysis?: AnalyzeSkillResponse['analysis'];
+}
+/**
+ * Persist a downloaded skill to ~/.agenshield/marketplace/<slug>/.
+ */
+export declare function storeDownloadedSkill(slug: string, meta: Omit<DownloadedSkillMeta, 'downloadedAt'>, files: MarketplaceSkillFile[]): void;
+/**
+ * Update the analysis result in an already-stored download.
+ */
+export declare function updateDownloadedAnalysis(slug: string, analysis: AnalyzeSkillResponse['analysis']): void;
+/** Summary info for a downloaded skill */
+export interface DownloadedSkillInfo {
+    slug: string;
+    name: string;
+    author: string;
+    version: string;
+    description: string;
+    hasAnalysis: boolean;
+}
+/**
+ * List all downloaded marketplace skills from ~/.agenshield/marketplace/.
+ */
+export declare function listDownloadedSkills(): DownloadedSkillInfo[];
+/**
+ * Read all files for a downloaded skill from the local cache.
+ */
+export declare function getDownloadedSkillFiles(slug: string): MarketplaceSkillFile[];
+/**
+ * Get the metadata for a downloaded skill, or null if not downloaded.
+ */
+export declare function getDownloadedSkillMeta(slug: string): DownloadedSkillMeta | null;
+/**
+ * Search the ClawHub marketplace for skills via Convex.
+ * Results are cached for 60 seconds keyed by query string.
+ */
+export declare function searchMarketplace(query: string): Promise<MarketplaceSkill[]>;
+/**
+ * Get a single skill's detail from ClawHub by slug via Convex.
+ * Fetches readme and file contents in parallel.
+ * Cached for 5 minutes.
+ */
+export declare function getMarketplaceSkill(slug: string): Promise<MarketplaceSkill>;
+/**
+ * Send skill files to the skills-analyzer edge function for AI-powered vulnerability analysis.
+ * Consumes an NDJSON stream and returns the aggregated summary as AnalyzeSkillResponse.
+ */
+export declare function analyzeSkillBundle(files: MarketplaceSkillFile[], skillName?: string, publisher?: string): Promise<AnalyzeSkillResponse>;
+/**
+ * Forward a slug + source to the skills-analyzer for remote ZIP download and analysis.
+ * Vercel handles the ZIP download directly — no local files needed.
+ */
+export declare function analyzeSkillBySlug(slug: string, skillName?: string, publisher?: string): Promise<AnalyzeSkillResponse>;
+/**
+ * Retrieve a previously cached analysis for a skill by name and publisher.
+ * Returns null if no cached result exists (upstream returns 404).
+ */
+export declare function getCachedAnalysis(skillName: string, publisher: string): Promise<AnalyzeSkillResponse | null>;
+//# sourceMappingURL=marketplace.d.ts.map