@agenshield/daemon 0.5.0 → 0.6.1

package/main.js

@@ -1,7 +1,13 @@
 #!/usr/bin/env node
-
-// libs/shield-daemon/src/main.ts
-import * as fs20 from "node:fs";
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
 
 // libs/shield-daemon/src/config/paths.ts
 import * as path from "node:path";
@@ -16,10 +22,14 @@ function getConfigPath() {
 function getPidPath() {
   return path.join(getConfigDir(), PID_FILE);
 }
+var init_paths = __esm({
+  "libs/shield-daemon/src/config/paths.ts"() {
+    "use strict";
+  }
+});
 
 // libs/shield-daemon/src/config/defaults.ts
 import { DEFAULT_PORT, DEFAULT_HOST } from "@agenshield/ipc";
-var VERSION = "0.1.0";
 function getDefaultConfig() {
   return {
     version: VERSION,
@@ -36,8 +46,22 @@ function getDefaultConfig() {
     }
   };
 }
+var VERSION;
+var init_defaults = __esm({
+  "libs/shield-daemon/src/config/defaults.ts"() {
+    "use strict";
+    VERSION = "0.1.0";
+  }
+});
 
 // libs/shield-daemon/src/config/loader.ts
+var loader_exports = {};
+__export(loader_exports, {
+  ensureConfigDir: () => ensureConfigDir,
+  loadConfig: () => loadConfig,
+  saveConfig: () => saveConfig,
+  updateConfig: () => updateConfig
+});
 import * as fs from "node:fs";
 import { ShieldConfigSchema, DEFAULT_PORT as DEFAULT_PORT2 } from "@agenshield/ipc";
 function ensureConfigDir() {
@@ -84,31 +108,35 @@ function updateConfig(updates) {
   saveConfig(updated);
   return updated;
 }
-
-// libs/shield-daemon/src/server.ts
-import * as fs19 from "node:fs";
-import Fastify from "fastify";
-import cors from "@fastify/cors";
-import fastifyStatic from "@fastify/static";
-
-// libs/shield-daemon/src/routes/index.ts
-import { API_PREFIX } from "@agenshield/ipc";
-
-// libs/shield-daemon/src/routes/health.ts
-async function healthRoutes(app) {
-  app.get("/health", async () => {
-    return {
-      success: true,
-      data: {
-        ok: true,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-        mode: "daemon"
-      }
-    };
-  });
-}
+var init_loader = __esm({
+  "libs/shield-daemon/src/config/loader.ts"() {
+    "use strict";
+    init_paths();
+    init_defaults();
+  }
+});
 
 // libs/shield-daemon/src/state/index.ts
+var state_exports = {};
+__export(state_exports, {
+  addConnectedIntegration: () => addConnectedIntegration,
+  addGroupState: () => addGroupState,
+  addUserState: () => addUserState,
+  getDefaultState: () => getDefaultState,
+  getPasscodeProtectionState: () => getPasscodeProtectionState,
+  getStatePath: () => getStatePath,
+  initializeState: () => initializeState,
+  loadState: () => loadState,
+  removeConnectedIntegration: () => removeConnectedIntegration,
+  removeGroupState: () => removeGroupState,
+  removeUserState: () => removeUserState,
+  saveState: () => saveState,
+  updateAgenCoState: () => updateAgenCoState,
+  updateDaemonState: () => updateDaemonState,
+  updateInstallationState: () => updateInstallationState,
+  updatePasscodeProtectionState: () => updatePasscodeProtectionState,
+  updateState: () => updateState
+});
 import * as fs2 from "node:fs";
 import * as path2 from "node:path";
 import { STATE_FILE, DEFAULT_PORT as DEFAULT_PORT3 } from "@agenshield/ipc";
@@ -165,18 +193,89 @@ function saveState(state) {
   }
   fs2.writeFileSync(statePath, JSON.stringify(state, null, 2), { mode: 420 });
 }
+function updateState(updates) {
+  const current = loadState();
+  const updated = {
+    ...current,
+    ...updates
+  };
+  if (updates.daemon) {
+    updated.daemon = { ...current.daemon, ...updates.daemon };
+  }
+  if (updates.agenco) {
+    updated.agenco = { ...current.agenco, ...updates.agenco };
+  }
+  if (updates.installation) {
+    updated.installation = { ...current.installation, ...updates.installation };
+  }
+  if (updates.passcodeProtection) {
+    updated.passcodeProtection = { ...current.passcodeProtection, ...updates.passcodeProtection };
+  }
+  saveState(updated);
+  return updated;
+}
+function updateDaemonState(updates) {
+  const current = loadState();
+  current.daemon = { ...current.daemon, ...updates };
+  saveState(current);
+  return current;
+}
 function updateAgenCoState(updates) {
   const current = loadState();
   current.agenco = { ...current.agenco, ...updates };
   saveState(current);
   return current;
 }
+function updateInstallationState(updates) {
+  const current = loadState();
+  current.installation = { ...current.installation, ...updates };
+  saveState(current);
+  return current;
+}
 function updatePasscodeProtectionState(updates) {
   const current = loadState();
   current.passcodeProtection = { ...current.passcodeProtection, ...updates };
   saveState(current);
   return current;
 }
+function getPasscodeProtectionState() {
+  const current = loadState();
+  return current.passcodeProtection;
+}
+function addUserState(user) {
+  const current = loadState();
+  const existingIndex = current.users.findIndex((u) => u.username === user.username);
+  if (existingIndex >= 0) {
+    current.users[existingIndex] = user;
+  } else {
+    current.users.push(user);
+  }
+  saveState(current);
+  return current;
+}
+function removeUserState(username) {
+  const current = loadState();
+  current.users = current.users.filter((u) => u.username !== username);
+  saveState(current);
+  return current;
+}
+function addGroupState(group) {
+  const current = loadState();
+  const existingIndex = current.groups.findIndex((g) => g.name === group.name);
+  if (existingIndex >= 0) {
+    current.groups[existingIndex] = group;
+  } else {
+    current.groups.push(group);
+  }
+  saveState(current);
+  return current;
+}
+function removeGroupState(name) {
+  const current = loadState();
+  current.groups = current.groups.filter((g) => g.name !== name);
+  saveState(current);
+  return current;
+}
 function addConnectedIntegration(integrationId) {
   const current = loadState();
   if (!current.agenco.connectedIntegrations.includes(integrationId)) {
@@ -185,8 +284,308 @@ function addConnectedIntegration(integrationId) {
   }
   return current;
 }
+function removeConnectedIntegration(integrationId) {
+  const current = loadState();
+  current.agenco.connectedIntegrations = current.agenco.connectedIntegrations.filter(
+    (id) => id !== integrationId
+  );
+  saveState(current);
+  return current;
+}
+function initializeState() {
+  const statePath = getStatePath();
+  if (!fs2.existsSync(statePath)) {
+    const state = getDefaultState();
+    saveState(state);
+    return state;
+  }
+  return loadState();
+}
+var init_state = __esm({
+  "libs/shield-daemon/src/state/index.ts"() {
+    "use strict";
+    init_paths();
+  }
+});
+
+// libs/shield-daemon/src/command-sync.ts
+var command_sync_exports = {};
+__export(command_sync_exports, {
+  ensureWrappersInstalled: () => ensureWrappersInstalled,
+  syncCommandPolicies: () => syncCommandPolicies,
+  syncCommandPoliciesAndWrappers: () => syncCommandPoliciesAndWrappers
+});
+import * as fs5 from "node:fs";
+import * as path5 from "node:path";
+import { execSync as execSync3 } from "node:child_process";
+import { PROXIED_COMMANDS, BASIC_SYSTEM_COMMANDS } from "@agenshield/sandbox";
+function resolveCommandPaths(name) {
+  const paths = [];
+  for (const dir of BIN_SEARCH_DIRS) {
+    const candidate = path5.join(dir, name);
+    try {
+      if (fs5.existsSync(candidate)) {
+        const stat = fs5.statSync(candidate);
+        if (stat.isFile() && (stat.mode & 73) !== 0) {
+          paths.push(candidate);
+        }
+      }
+    } catch {
+    }
+  }
+  if (paths.length === 0) {
+    try {
+      const result = execSync3(`which ${name} 2>/dev/null`, { encoding: "utf-8" }).trim();
+      if (result && path5.isAbsolute(result)) {
+        paths.push(result);
+      }
+    } catch {
+    }
+  }
+  return paths;
+}
+function extractCommandName(pattern) {
+  return pattern.trim().split(/\s+/)[0];
+}
+function extractPolicyCommandNames(policies) {
+  const names = /* @__PURE__ */ new Set();
+  for (const p of policies) {
+    if (p.target === "command" && p.action === "allow" && p.enabled) {
+      for (const pattern of p.patterns) {
+        const name = extractCommandName(pattern);
+        if (name) names.add(name);
+      }
+    }
+  }
+  return names;
+}
+function syncCommandPolicies(policies, logger) {
+  const log = logger ?? noop2;
+  const commandPolicies = policies.filter(
+    (p) => p.target === "command" && p.action === "allow" && p.enabled
+  );
+  const commandNames = /* @__PURE__ */ new Set();
+  for (const policy of commandPolicies) {
+    for (const pattern of policy.patterns) {
+      const name = extractCommandName(pattern);
+      if (name) commandNames.add(name);
+    }
+  }
+  const commands = [];
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  for (const name of commandNames) {
+    const paths = resolveCommandPaths(name);
+    if (paths.length === 0) {
+      log.warn(`[command-sync] command '${name}' not found on system, adding without paths`);
+    }
+    commands.push({
+      name,
+      paths,
+      addedAt: now,
+      addedBy: "policy",
+      category: "policy-managed"
+    });
+  }
+  const config = {
+    version: "1.0.0",
+    commands
+  };
+  const json = JSON.stringify(config, null, 2) + "\n";
+  try {
+    const dir = path5.dirname(ALLOWED_COMMANDS_PATH);
+    if (!fs5.existsSync(dir)) {
+      fs5.mkdirSync(dir, { recursive: true });
+    }
+    fs5.writeFileSync(ALLOWED_COMMANDS_PATH, json, "utf-8");
+    log.info(`[command-sync] wrote ${commands.length} commands to allowlist`);
+  } catch {
+    log.warn(`[command-sync] cannot write to ${ALLOWED_COMMANDS_PATH} (broker forwards to daemon for policy checks)`);
+  }
+}
+function generateFallbackWrapper(cmd) {
+  return [
+    "#!/bin/bash",
+    `# ${cmd} - AgenShield proxy (auto-generated)`,
+    "if ! /bin/pwd > /dev/null 2>&1; then cd ~ 2>/dev/null || cd /; fi",
+    `exec /opt/agenshield/bin/shield-client exec ${cmd} "$@"`,
+    ""
+  ].join("\n");
+}
+function installWrappersInDir(binDir, log, policyCommands) {
+  const shieldExecPath = "/opt/agenshield/bin/shield-exec";
+  if (!fs5.existsSync(binDir)) {
+    try {
+      fs5.mkdirSync(binDir, { recursive: true, mode: 493 });
+    } catch {
+      log.warn(`[command-sync] cannot create bin dir ${binDir}`);
+      return;
+    }
+  }
+  const hasShieldExec = fs5.existsSync(shieldExecPath);
+  if (!hasShieldExec) {
+    log.warn("[command-sync] shield-exec not found, using bash wrapper fallback");
+  }
+  for (const cmd of ALL_PROXIED_COMMANDS) {
+    const wrapperPath = path5.join(binDir, cmd);
+    if (fs5.existsSync(wrapperPath)) {
+      continue;
+    }
+    if (hasShieldExec) {
+      try {
+        fs5.symlinkSync(shieldExecPath, wrapperPath);
+        continue;
+      } catch {
+        log.warn(`[command-sync] cannot symlink ${cmd}, falling back to bash wrapper`);
+      }
+    }
+    try {
+      fs5.writeFileSync(wrapperPath, generateFallbackWrapper(cmd), { mode: 493 });
+    } catch {
+      log.warn(`[command-sync] cannot write wrapper for ${cmd}`);
+    }
+  }
+  if (policyCommands) {
+    for (const cmd of policyCommands) {
+      if (PROXIED_COMMANDS_SET.has(cmd)) continue;
+      if (BASIC_SYSTEM_COMMANDS_SET.has(cmd)) continue;
+      if (SPECIALIZED_WRAPPER_COMMANDS.has(cmd)) continue;
+      const wrapperPath = path5.join(binDir, cmd);
+      if (fs5.existsSync(wrapperPath)) continue;
+      if (hasShieldExec) {
+        try {
+          fs5.symlinkSync(shieldExecPath, wrapperPath);
+          log.info(`[command-sync] installed dynamic wrapper (symlink): ${cmd}`);
+          continue;
+        } catch {
+          log.warn(`[command-sync] cannot symlink ${cmd}, falling back to bash wrapper`);
+        }
+      }
+      try {
+        fs5.writeFileSync(wrapperPath, generateFallbackWrapper(cmd), { mode: 493 });
+        log.info(`[command-sync] installed dynamic wrapper (bash): ${cmd}`);
+      } catch {
+        log.warn(`[command-sync] cannot write dynamic wrapper for ${cmd}`);
+      }
+    }
+  }
+}
+function cleanupStaleWrappers(binDir, policyCommands, log) {
+  const shieldExecPath = "/opt/agenshield/bin/shield-exec";
+  let entries;
+  try {
+    entries = fs5.readdirSync(binDir);
+  } catch {
+    return;
+  }
+  for (const entry of entries) {
+    if (PROXIED_COMMANDS_SET.has(entry)) continue;
+    if (SPECIALIZED_WRAPPER_COMMANDS.has(entry)) continue;
+    if (BASIC_SYSTEM_COMMANDS_SET.has(entry)) continue;
+    if (policyCommands.has(entry)) continue;
+    const wrapperPath = path5.join(binDir, entry);
+    try {
+      const stat = fs5.lstatSync(wrapperPath);
+      if (stat.isSymbolicLink()) {
+        const target = fs5.readlinkSync(wrapperPath);
+        if (target === shieldExecPath) {
+          fs5.unlinkSync(wrapperPath);
+          log.info(`[command-sync] removed stale dynamic wrapper (symlink): ${entry}`);
+        }
+      } else if (stat.isFile()) {
+        const content = fs5.readFileSync(wrapperPath, "utf-8");
+        if (content.includes("shield-client exec") && content.includes("AgenShield proxy (auto-generated)")) {
+          fs5.unlinkSync(wrapperPath);
+          log.info(`[command-sync] removed stale dynamic wrapper (bash): ${entry}`);
+        }
+      }
+    } catch {
+    }
+  }
+}
+function ensureWrappersInstalled(state, logger, policyCommands) {
+  const log = logger ?? noop2;
+  const agentUser = state.users.find((u) => u.type === "agent");
+  if (!agentUser) {
+    log.warn("[command-sync] no agent user in state, skipping wrapper installation");
+    return;
+  }
+  const agentBinDir = path5.join(agentUser.homeDir, "bin");
+  log.info(`[command-sync] ensuring wrappers in agent bin: ${agentBinDir}`);
+  installWrappersInDir(agentBinDir, log, policyCommands);
+  if (policyCommands) {
+    cleanupStaleWrappers(agentBinDir, policyCommands, log);
+  }
+  const agentHomeEnv = process.env["AGENSHIELD_AGENT_HOME"];
+  if (agentHomeEnv && agentHomeEnv !== agentUser.homeDir) {
+    const envBinDir = path5.join(agentHomeEnv, "bin");
+    log.info(`[command-sync] ensuring wrappers in env agent bin: ${envBinDir}`);
+    installWrappersInDir(envBinDir, log, policyCommands);
+    if (policyCommands) {
+      cleanupStaleWrappers(envBinDir, policyCommands, log);
+    }
+  }
+}
+function syncCommandPoliciesAndWrappers(policies, state, logger) {
+  const policyCommands = extractPolicyCommandNames(policies);
+  syncCommandPolicies(policies, logger);
+  ensureWrappersInstalled(state, logger, policyCommands);
+}
+var noop2, ALLOWED_COMMANDS_PATH, BIN_SEARCH_DIRS, ALL_PROXIED_COMMANDS, BASIC_SYSTEM_COMMANDS_SET, SPECIALIZED_WRAPPER_COMMANDS, PROXIED_COMMANDS_SET;
+var init_command_sync = __esm({
+  "libs/shield-daemon/src/command-sync.ts"() {
+    "use strict";
+    noop2 = { warn() {
+    }, info() {
+    } };
+    ALLOWED_COMMANDS_PATH = "/opt/agenshield/config/allowed-commands.json";
+    BIN_SEARCH_DIRS = [
+      "/usr/bin",
+      "/usr/local/bin",
+      "/opt/homebrew/bin",
+      "/usr/sbin",
+      "/usr/local/sbin",
+      "/opt/homebrew/sbin"
+    ];
+    ALL_PROXIED_COMMANDS = [...PROXIED_COMMANDS];
+    BASIC_SYSTEM_COMMANDS_SET = new Set(BASIC_SYSTEM_COMMANDS);
+    SPECIALIZED_WRAPPER_COMMANDS = /* @__PURE__ */ new Set(["node", "python", "python3"]);
+    PROXIED_COMMANDS_SET = new Set(ALL_PROXIED_COMMANDS);
+  }
+});
+
+// libs/shield-daemon/src/main.ts
+import * as fs20 from "node:fs";
+
+// libs/shield-daemon/src/config/index.ts
+init_paths();
+init_defaults();
+init_loader();
+
+// libs/shield-daemon/src/server.ts
+import * as fs19 from "node:fs";
+import Fastify from "fastify";
+import cors from "@fastify/cors";
+import fastifyStatic from "@fastify/static";
+
+// libs/shield-daemon/src/routes/index.ts
+import { API_PREFIX } from "@agenshield/ipc";
+
+// libs/shield-daemon/src/routes/health.ts
+async function healthRoutes(app) {
+  app.get("/health", async () => {
+    return {
+      success: true,
+      data: {
+        ok: true,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        mode: "daemon"
+      }
+    };
+  });
+}
 
 // libs/shield-daemon/src/routes/status.ts
+init_state();
 var startedAt = /* @__PURE__ */ new Date();
 async function statusRoutes(app) {
   app.get("/status", async () => {
@@ -214,7 +613,8 @@ async function statusRoutes(app) {
 
 // libs/shield-daemon/src/routes/config.ts
 import * as fs6 from "node:fs";
-import * as path5 from "node:path";
+import * as path6 from "node:path";
+init_state();
 
 // libs/shield-daemon/src/vault/index.ts
 import * as fs3 from "node:fs";
@@ -275,6 +675,7 @@ function decrypt(encryptedData, key) {
 }
 
 // libs/shield-daemon/src/vault/index.ts
+init_paths();
 var Vault = class {
   key;
   vaultPath;
@@ -518,8 +919,30 @@ function getSessionManager() {
 import { execSync as execSync2 } from "node:child_process";
 import * as os3 from "node:os";
 import * as fs4 from "node:fs";
+import * as path4 from "node:path";
 var noop = { warn() {
 } };
+var TRAVERSAL_PERMS = "search";
+var WORLD_TRAVERSABLE_PATHS = /* @__PURE__ */ new Set([
+  "/",
+  "/Users",
+  "/tmp",
+  "/private",
+  "/private/tmp",
+  "/private/var",
+  "/var",
+  "/opt",
+  "/usr",
+  "/usr/local",
+  "/Applications",
+  "/Library",
+  "/System",
+  "/Volumes"
+]);
+function normalizePath(p) {
+  if (p === "/") return p;
+  return p.replace(/\/+$/, "") || "/";
+}
 function stripGlobToBasePath(pattern) {
   let p = pattern;
   if (p.startsWith("~")) {
@@ -531,7 +954,7 @@ function stripGlobToBasePath(pattern) {
     if (/[*?[]/.test(seg)) break;
     base.push(seg);
   }
-  return base.length === 0 ? "/" : base.join("/") || "/";
+  return normalizePath(base.length === 0 ? "/" : base.join("/") || "/");
 }
 function operationsToAclPerms(operations) {
   const perms = [];
@@ -589,197 +1012,69 @@ function removeGroupAcl(targetPath, groupName, log = noop) {
     log.warn(`[acl] failed to read ACLs on ${targetPath}: ${err.message}`);
   }
 }
-function syncFilesystemPolicyAcls(oldPolicies, newPolicies, groupName, logger) {
-  const log = logger ?? noop;
-  const oldFs = oldPolicies.filter((p) => p.target === "filesystem");
-  const newFs = newPolicies.filter((p) => p.target === "filesystem");
-  const oldMap = new Map(oldFs.map((p) => [p.id, p]));
-  const newMap = new Map(newFs.map((p) => [p.id, p]));
-  for (const [id, oldP] of oldMap) {
-    if (!newMap.has(id)) {
-      for (const pattern of oldP.patterns) {
-        removeGroupAcl(stripGlobToBasePath(pattern), groupName, log);
-      }
-    }
-  }
-  for (const [id, newP] of newMap) {
-    if (!oldMap.has(id)) {
-      const perms = operationsToAclPerms(newP.operations ?? []);
-      if (!perms) continue;
-      for (const pattern of newP.patterns) {
-        addGroupAcl(stripGlobToBasePath(pattern), groupName, perms, log);
-      }
-    }
-  }
-  for (const [id, newP] of newMap) {
-    const oldP = oldMap.get(id);
-    if (!oldP) continue;
-    const patternsChanged = JSON.stringify(oldP.patterns) !== JSON.stringify(newP.patterns);
-    const opsChanged = JSON.stringify(oldP.operations ?? []) !== JSON.stringify(newP.operations ?? []);
-    if (patternsChanged || opsChanged) {
-      for (const pattern of oldP.patterns) {
-        removeGroupAcl(stripGlobToBasePath(pattern), groupName, log);
-      }
-      const perms = operationsToAclPerms(newP.operations ?? []);
-      if (!perms) continue;
-      for (const pattern of newP.patterns) {
-        addGroupAcl(stripGlobToBasePath(pattern), groupName, perms, log);
-      }
-    }
-  }
-}
-
-// libs/shield-daemon/src/command-sync.ts
-import * as fs5 from "node:fs";
-import * as path4 from "node:path";
-import { execSync as execSync3 } from "node:child_process";
-var noop2 = { warn() {
-}, info() {
-} };
-var ALLOWED_COMMANDS_PATH = "/opt/agenshield/config/allowed-commands.json";
-var BIN_SEARCH_DIRS = [
-  "/usr/bin",
-  "/usr/local/bin",
-  "/opt/homebrew/bin",
-  "/usr/sbin",
-  "/usr/local/sbin",
-  "/opt/homebrew/sbin"
-];
-var ALL_PROXIED_COMMANDS = [
-  "curl",
-  "wget",
-  "git",
-  "ssh",
-  "scp",
-  "rsync",
-  "brew",
-  "npm",
-  "npx",
-  "pip",
-  "pip3",
-  "open-url",
-  "shieldctl",
-  "agenco"
-];
-function resolveCommandPaths(name) {
-  const paths = [];
-  for (const dir of BIN_SEARCH_DIRS) {
-    const candidate = path4.join(dir, name);
-    try {
-      if (fs5.existsSync(candidate)) {
-        const stat = fs5.statSync(candidate);
-        if (stat.isFile() && (stat.mode & 73) !== 0) {
-          paths.push(candidate);
-        }
-      }
-    } catch {
+function getAncestorsNeedingTraversal(targetPath) {
+  const ancestors = [];
+  let dir = path4.dirname(targetPath);
+  while (dir !== targetPath && dir !== "/") {
+    if (!WORLD_TRAVERSABLE_PATHS.has(dir)) {
+      ancestors.push(dir);
     }
+    targetPath = dir;
+    dir = path4.dirname(dir);
   }
-  if (paths.length === 0) {
-    try {
-      const result = execSync3(`which ${name} 2>/dev/null`, { encoding: "utf-8" }).trim();
-      if (result && path4.isAbsolute(result)) {
-        paths.push(result);
-      }
-    } catch {
-    }
-  }
-  return paths;
+  return ancestors;
 }
-function extractCommandName(pattern) {
-  return pattern.trim().split(/\s+/)[0];
+function mergePerms(a, b) {
+  const set = /* @__PURE__ */ new Set([
+    ...a.split(",").filter(Boolean),
+    ...b.split(",").filter(Boolean)
+  ]);
+  return [...set].join(",");
 }
-function syncCommandPolicies(policies, logger) {
-  const log = logger ?? noop2;
-  const commandPolicies = policies.filter(
-    (p) => p.target === "command" && p.action === "allow" && p.enabled
-  );
-  const commandNames = /* @__PURE__ */ new Set();
-  for (const policy of commandPolicies) {
+function computeAclMap(policies) {
+  const aclMap = /* @__PURE__ */ new Map();
+  for (const policy of policies.filter((p) => p.action === "allow")) {
+    const perms = operationsToAclPerms(policy.operations ?? []);
+    if (!perms) continue;
     for (const pattern of policy.patterns) {
-      const name = extractCommandName(pattern);
-      if (name) commandNames.add(name);
-    }
-  }
-  const commands = [];
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  for (const name of commandNames) {
-    const paths = resolveCommandPaths(name);
-    if (paths.length === 0) {
-      log.warn(`[command-sync] command '${name}' not found on system, adding without paths`);
-    }
-    commands.push({
-      name,
-      paths,
-      addedAt: now,
-      addedBy: "policy",
-      category: "policy-managed"
-    });
-  }
-  const config = {
-    version: "1.0.0",
-    commands
-  };
-  try {
-    const dir = path4.dirname(ALLOWED_COMMANDS_PATH);
-    if (!fs5.existsSync(dir)) {
-      fs5.mkdirSync(dir, { recursive: true });
-    }
-    fs5.writeFileSync(ALLOWED_COMMANDS_PATH, JSON.stringify(config, null, 2) + "\n", "utf-8");
-    log.info(`[command-sync] wrote ${commands.length} commands to allowlist`);
-  } catch (err) {
-    log.warn(`[command-sync] failed to write allowlist: ${err.message}`);
-  }
-}
-function installWrappersInDir(binDir, log) {
-  const shieldExecPath = "/opt/agenshield/bin/shield-exec";
-  if (!fs5.existsSync(binDir)) {
-    try {
-      fs5.mkdirSync(binDir, { recursive: true, mode: 493 });
-    } catch (err) {
-      log.warn(`[command-sync] failed to create bin dir ${binDir}: ${err.message}`);
-      return;
+      const target = stripGlobToBasePath(pattern);
+      const existing = aclMap.get(target);
+      aclMap.set(target, existing ? mergePerms(existing, perms) : perms);
     }
   }
-  for (const cmd of ALL_PROXIED_COMMANDS) {
-    const wrapperPath = path4.join(binDir, cmd);
-    if (fs5.existsSync(wrapperPath)) {
-      continue;
-    }
-    try {
-      if (fs5.existsSync(shieldExecPath)) {
-        fs5.symlinkSync(shieldExecPath, wrapperPath);
-      } else {
-        log.warn(`[command-sync] shield-exec not found at ${shieldExecPath}, skipping ${cmd} wrapper`);
+  for (const policy of policies.filter((p) => p.action === "allow")) {
+    const perms = operationsToAclPerms(policy.operations ?? []);
+    if (!perms) continue;
+    for (const pattern of policy.patterns) {
+      const target = stripGlobToBasePath(pattern);
+      for (const ancestor of getAncestorsNeedingTraversal(target)) {
+        if (!aclMap.has(ancestor)) {
+          aclMap.set(ancestor, TRAVERSAL_PERMS);
+        }
       }
-    } catch (err) {
-      log.warn(`[command-sync] failed to create wrapper ${wrapperPath}: ${err.message}`);
     }
   }
+  return aclMap;
 }
-function ensureWrappersInstalled(state, logger) {
-  const log = logger ?? noop2;
-  const agentUser = state.users.find((u) => u.type === "agent");
-  if (!agentUser) {
-    log.warn("[command-sync] no agent user in state, skipping wrapper installation");
-    return;
+function syncFilesystemPolicyAcls(oldPolicies, newPolicies, groupName, logger) {
+  const log = logger ?? noop;
+  const oldFs = oldPolicies.filter((p) => p.target === "filesystem");
+  const newFs = newPolicies.filter((p) => p.target === "filesystem");
+  const oldAclMap = computeAclMap(oldFs);
+  const newAclMap = computeAclMap(newFs);
+  for (const oldPath of oldAclMap.keys()) {
+    if (!newAclMap.has(oldPath)) {
+      removeGroupAcl(oldPath, groupName, log);
+    }
   }
-  const agentBinDir = path4.join(agentUser.homeDir, "bin");
-  log.info(`[command-sync] ensuring wrappers in agent bin: ${agentBinDir}`);
-  installWrappersInDir(agentBinDir, log);
-  const agentHomeEnv = process.env["AGENSHIELD_AGENT_HOME"];
-  if (agentHomeEnv && agentHomeEnv !== agentUser.homeDir) {
-    const envBinDir = path4.join(agentHomeEnv, "bin");
-    log.info(`[command-sync] ensuring wrappers in env agent bin: ${envBinDir}`);
-    installWrappersInDir(envBinDir, log);
+  for (const [targetPath, perms] of newAclMap) {
+    addGroupAcl(targetPath, groupName, perms, log);
   }
 }
-function syncCommandPoliciesAndWrappers(policies, state, logger) {
-  syncCommandPolicies(policies, logger);
-  ensureWrappersInstalled(state, logger);
-}
 
 // libs/shield-daemon/src/routes/config.ts
+init_command_sync();
+import { installShieldExec, createUserConfig } from "@agenshield/sandbox";
 async function configRoutes(app) {
   app.get("/config", async () => {
     const config = loadConfig();
@@ -841,9 +1136,31 @@ async function configRoutes(app) {
       };
     }
   });
+  app.post("/config/install-wrappers", async () => {
+    try {
+      const state = loadState();
+      const agentUser = state.users.find((u) => u.type === "agent");
+      if (!agentUser) {
+        return { success: false, error: "No agent user found in state" };
+      }
+      const userConfig = createUserConfig();
+      const binDir = path6.join(agentUser.homeDir, "bin");
+      const result = await installShieldExec(userConfig, binDir);
+      return {
+        success: result.success,
+        installed: result.installed,
+        error: result.error
+      };
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Failed to install wrappers"
+      };
+    }
+  });
   app.get("/config/openclaw", async (_request, reply) => {
     const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-    const configDir = path5.join(agentHome, ".openclaw");
+    const configDir = path6.join(agentHome, ".openclaw");
     const configFiles = readConfigDir(configDir);
     return reply.send({ configDir, files: configFiles });
   });
@@ -855,7 +1172,7 @@ async function configRoutes(app) {
         return reply.code(400).send({ error: "original query param required" });
       }
       const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-      const agentConfigDir = path5.join(agentHome, ".openclaw");
+      const agentConfigDir = path6.join(agentHome, ".openclaw");
       const diff = diffConfigDirs(original, agentConfigDir);
       return reply.send({ diff });
     }
@@ -877,13 +1194,13 @@ function readConfigDir(dir, base) {
   for (const entry of entries) {
     if (entry.isDirectory()) {
       if (SKIP_DIRS.has(entry.name)) continue;
-      const sub = readConfigDir(path5.join(dir, entry.name), root);
+      const sub = readConfigDir(path6.join(dir, entry.name), root);
       Object.assign(result, sub);
     } else if (entry.isFile()) {
-      const ext = path5.extname(entry.name).toLowerCase();
+      const ext = path6.extname(entry.name).toLowerCase();
       if ([".json", ".yaml", ".yml", ".toml", ".txt", ".md", ".conf", ""].includes(ext)) {
-        const filePath = path5.join(dir, entry.name);
-        const relPath = path5.relative(root, filePath);
+        const filePath = path6.join(dir, entry.name);
+        const relPath = path6.relative(root, filePath);
         try {
           result[relPath] = fs6.readFileSync(filePath, "utf-8");
         } catch {
@@ -1005,10 +1322,10 @@ function emitSecurityWarning(warning) {
 function emitSecurityCritical(issue) {
   daemonEvents.broadcast("security:critical", { message: issue });
 }
-function emitApiRequest(method, path18, statusCode, duration, requestBody, responseBody) {
+function emitApiRequest(method, path19, statusCode, duration, requestBody, responseBody) {
   daemonEvents.broadcast("api:request", {
     method,
-    path: path18,
+    path: path19,
     statusCode,
     duration,
     ...requestBody !== void 0 && { requestBody },
@@ -1051,6 +1368,7 @@ function emitEvent(type, data) {
 
 // libs/shield-daemon/src/auth/passcode.ts
 import * as crypto3 from "node:crypto";
+init_state();
 import { DEFAULT_AUTH_CONFIG as DEFAULT_AUTH_CONFIG2 } from "@agenshield/ipc";
 var ITERATIONS = 1e5;
 var KEY_LENGTH = 64;
@@ -1215,16 +1533,16 @@ var PROTECTED_ROUTES = [
   { method: "POST", path: "/api/config/factory-reset" },
   { method: "POST", path: "/api/skills/install" }
 ];
-function isProtectedRoute(method, path18) {
+function isProtectedRoute(method, path19) {
   return PROTECTED_ROUTES.some(
-    (route) => route.method === method && path18.startsWith(route.path)
+    (route) => route.method === method && path19.startsWith(route.path)
   );
 }
 function createAuthHook() {
   return async (request, reply) => {
     const method = request.method;
-    const path18 = request.url.split("?")[0];
-    if (!isProtectedRoute(method, path18)) {
+    const path19 = request.url.split("?")[0];
+    if (!isProtectedRoute(method, path19)) {
       return;
     }
     if (!isAuthenticated(request)) {
@@ -1731,6 +2049,9 @@ async function loggedFetch(url, init, context) {
   }
 }
 
+// libs/shield-daemon/src/routes/agenco.ts
+init_state();
+
 // libs/shield-daemon/src/mcp/client.ts
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
@@ -2057,7 +2378,7 @@ function getMCPState() {
 
 // libs/shield-daemon/src/services/integration-skills.ts
 import * as fs8 from "node:fs";
-import * as path7 from "node:path";
+import * as path8 from "node:path";
 
 // libs/shield-skills/dist/index.js
 import * as path22 from "node:path";
@@ -2123,7 +2444,7 @@ var BUILTIN_SKILLS_DIR = path22.resolve(__skills_dirname, "..", "skills");
 
 // libs/shield-daemon/src/watchers/skills.ts
 import * as fs7 from "node:fs";
-import * as path6 from "node:path";
+import * as path7 from "node:path";
 import { execSync as execSync4 } from "node:child_process";
 var APPROVED_SKILLS_PATH = "/opt/agenshield/config/approved-skills.json";
 var QUARANTINE_DIR = "/opt/agenshield/quarantine/skills";
@@ -2145,7 +2466,7 @@ function loadApprovedSkills() {
 }
 function saveApprovedSkills(skills) {
   try {
-    const dir = path6.dirname(APPROVED_SKILLS_PATH);
+    const dir = path7.dirname(APPROVED_SKILLS_PATH);
     fs7.mkdirSync(dir, { recursive: true });
     const content = JSON.stringify(skills, null, 2);
     fs7.writeFileSync(APPROVED_SKILLS_PATH, content, "utf-8");
@@ -2159,7 +2480,7 @@ function isApproved(skillName) {
 }
 function quarantineSkill(skillName, skillPath) {
   try {
-    const quarantinePath = path6.join(QUARANTINE_DIR, skillName);
+    const quarantinePath = path7.join(QUARANTINE_DIR, skillName);
     if (!fs7.existsSync(QUARANTINE_DIR)) {
       fs7.mkdirSync(QUARANTINE_DIR, { recursive: true, mode: 448 });
     }
@@ -2192,7 +2513,7 @@ function scanSkills() {
       if (!entry.isDirectory()) continue;
       const skillName = entry.name;
       if (!isApproved(skillName)) {
-        const fullPath = path6.join(skillsDir, skillName);
+        const fullPath = path7.join(skillsDir, skillName);
         const info = quarantineSkill(skillName, fullPath);
         if (info && callbacks.onQuarantined) {
           callbacks.onQuarantined(info);
@@ -2258,8 +2579,8 @@ function stopSkillsWatcher() {
 }
 function approveSkill(skillName) {
   try {
-    const quarantinedPath = path6.join(QUARANTINE_DIR, skillName);
-    const destPath = path6.join(skillsDir, skillName);
+    const quarantinedPath = path7.join(QUARANTINE_DIR, skillName);
+    const destPath = path7.join(skillsDir, skillName);
     if (!fs7.existsSync(quarantinedPath)) {
       return { success: false, error: `Skill "${skillName}" not found in quarantine` };
     }
@@ -2285,7 +2606,7 @@ function approveSkill(skillName) {
 }
 function rejectSkill(skillName) {
   try {
-    const quarantinedPath = path6.join(QUARANTINE_DIR, skillName);
+    const quarantinedPath = path7.join(QUARANTINE_DIR, skillName);
     if (!fs7.existsSync(quarantinedPath)) {
       return { success: false, error: `Skill "${skillName}" not found in quarantine` };
     }
@@ -2301,7 +2622,7 @@ function revokeSkill(skillName) {
     const approved = loadApprovedSkills();
     const filtered = approved.filter((s) => s.name !== skillName);
     saveApprovedSkills(filtered);
-    const skillPath = path6.join(skillsDir, skillName);
+    const skillPath = path7.join(skillsDir, skillName);
     if (fs7.existsSync(skillPath)) {
       quarantineSkill(skillName, skillPath);
     }
@@ -2320,11 +2641,11 @@ function listQuarantined() {
     const entries = fs7.readdirSync(QUARANTINE_DIR, { withFileTypes: true });
     for (const entry of entries) {
       if (entry.isDirectory()) {
-        const stat = fs7.statSync(path6.join(QUARANTINE_DIR, entry.name));
+        const stat = fs7.statSync(path7.join(QUARANTINE_DIR, entry.name));
         results.push({
           name: entry.name,
           quarantinedAt: stat.mtime.toISOString(),
-          originalPath: path6.join(skillsDir, entry.name),
+          originalPath: path7.join(skillsDir, entry.name),
           reason: "Skill not in approved list"
         });
       }
@@ -2364,8 +2685,8 @@ function copyDirSync(src, dest) {
   fs8.mkdirSync(dest, { recursive: true });
   const entries = fs8.readdirSync(src, { withFileTypes: true });
   for (const entry of entries) {
-    const srcPath = path7.join(src, entry.name);
-    const destPath = path7.join(dest, entry.name);
+    const srcPath = path8.join(src, entry.name);
+    const destPath = path8.join(dest, entry.name);
     if (entry.isDirectory()) {
       copyDirSync(srcPath, destPath);
     } else {
@@ -2379,8 +2700,8 @@ async function provisionAgenCoSkill() {
     console.warn("[IntegrationSkills] Skills directory not configured \u2014 skipping provision");
     return { installed: false };
   }
-  const destDir = path7.join(skillsDir2, AGENCO_SKILL_NAME);
-  const srcDir = path7.join(BUILTIN_SKILLS_DIR, AGENCO_SKILL_NAME);
+  const destDir = path8.join(skillsDir2, AGENCO_SKILL_NAME);
+  const srcDir = path8.join(BUILTIN_SKILLS_DIR, AGENCO_SKILL_NAME);
   if (fs8.existsSync(destDir)) {
     return { installed: false };
   }
@@ -2408,8 +2729,8 @@ async function provisionIntegrationSkill(integrationSlug) {
     return { installed: false };
   }
   const skillName = `integration-${integrationSlug}`;
-  const destDir = path7.join(skillsDir2, skillName);
-  const srcDir = path7.join(BUILTIN_SKILLS_DIR, skillName);
+  const destDir = path8.join(skillsDir2, skillName);
+  const srcDir = path8.join(BUILTIN_SKILLS_DIR, skillName);
   if (fs8.existsSync(destDir)) {
     return { installed: false };
   }
@@ -4949,13 +5270,13 @@ async function agencoRoutes(app) {
 
 // libs/shield-daemon/src/routes/skills.ts
 import * as fs13 from "node:fs";
-import * as path12 from "node:path";
+import * as path13 from "node:path";
 import { execSync as execSync8 } from "node:child_process";
 import { parseSkillMd } from "@agenshield/sandbox";
 
 // libs/shield-daemon/src/services/skill-analyzer.ts
 import * as fs9 from "node:fs";
-import * as path8 from "node:path";
+import * as path9 from "node:path";
 import { execSync as execSync5 } from "node:child_process";
 var ANALYSIS_CACHE_PATH = "/opt/agenshield/config/skill-analyses.json";
 var COMMAND_PATTERNS = [
@@ -5026,7 +5347,7 @@ function loadCache() {
 }
 function saveCache(cache3) {
   try {
-    const dir = path8.dirname(ANALYSIS_CACHE_PATH);
+    const dir = path9.dirname(ANALYSIS_CACHE_PATH);
     if (!fs9.existsSync(dir)) {
       fs9.mkdirSync(dir, { recursive: true });
     }
@@ -5173,13 +5494,13 @@ function clearCachedAnalysis(skillName) {
 
 // libs/shield-daemon/src/services/skill-lifecycle.ts
 import * as fs10 from "node:fs";
-import * as path9 from "node:path";
+import * as path10 from "node:path";
 import { execSync as execSync6 } from "node:child_process";
 function createSkillWrapper(name, binDir) {
   if (!fs10.existsSync(binDir)) {
     fs10.mkdirSync(binDir, { recursive: true });
   }
-  const wrapperPath = path9.join(binDir, name);
+  const wrapperPath = path10.join(binDir, name);
   const wrapperContent = `#!/bin/bash
 # ${name} skill wrapper - policy-enforced execution
 # Ensure accessible working directory
@@ -5195,7 +5516,7 @@ exec /opt/agenshield/bin/shield-client skill run "${name}" "$@"
   }
 }
 function removeSkillWrapper(name, binDir) {
-  const wrapperPath = path9.join(binDir, name);
+  const wrapperPath = path10.join(binDir, name);
   try {
     if (fs10.existsSync(wrapperPath)) {
       fs10.unlinkSync(wrapperPath);
@@ -5232,11 +5553,11 @@ function removeSkillPolicy(name) {
 
 // libs/shield-daemon/src/services/openclaw-config.ts
 import * as fs11 from "node:fs";
-import * as path10 from "node:path";
+import * as path11 from "node:path";
 import { execSync as execSync7 } from "node:child_process";
 function getOpenClawConfigPath() {
   const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-  return path10.join(agentHome, ".openclaw", "openclaw.json");
+  return path11.join(agentHome, ".openclaw", "openclaw.json");
 }
 function readConfig() {
   const configPath = getOpenClawConfigPath();
@@ -5251,10 +5572,10 @@ function readConfig() {
 }
 function writeConfig(config) {
   const configPath = getOpenClawConfigPath();
-  fs11.mkdirSync(path10.dirname(configPath), { recursive: true });
+  fs11.mkdirSync(path11.dirname(configPath), { recursive: true });
   fs11.writeFileSync(configPath, JSON.stringify(config, null, 2), "utf-8");
   const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-  const brokerUser = path10.basename(agentHome) + "_broker";
+  const brokerUser = path11.basename(agentHome) + "_broker";
   const socketGroup = process.env["AGENSHIELD_SOCKET_GROUP"] || "clawshield";
   try {
     execSync7(`chown ${brokerUser}:${socketGroup} "${configPath}"`, { stdio: "pipe" });
@@ -5288,7 +5609,7 @@ function removeSkillEntry(slug) {
 
 // libs/shield-daemon/src/services/marketplace.ts
 import * as fs12 from "node:fs";
-import * as path11 from "node:path";
+import * as path12 from "node:path";
 import * as os4 from "node:os";
 import { CONFIG_DIR as CONFIG_DIR2, MARKETPLACE_DIR } from "@agenshield/ipc";
 var cache = /* @__PURE__ */ new Map();
@@ -5312,35 +5633,35 @@ var ANALYSIS_TIMEOUT = 4 * 6e4;
 var SEARCH_CACHE_TTL = 6e4;
 var DETAIL_CACHE_TTL = 5 * 6e4;
 var SHORT_TIMEOUT = 1e4;
-async function convexAction(path18, args, timeout) {
+async function convexAction(path19, args, timeout) {
   const res = await fetch(`${CONVEX_BASE}/api/action`, {
     method: "POST",
     signal: AbortSignal.timeout(timeout),
     headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ path: path18, args, format: "json" })
+    body: JSON.stringify({ path: path19, args, format: "json" })
   });
   if (!res.ok) {
-    throw new Error(`Convex action ${path18} returned ${res.status}`);
+    throw new Error(`Convex action ${path19} returned ${res.status}`);
   }
   const body = await res.json();
   if (body.status === "error") {
-    throw new Error(`Convex action ${path18}: ${body.errorMessage ?? "unknown error"}`);
+    throw new Error(`Convex action ${path19}: ${body.errorMessage ?? "unknown error"}`);
   }
   return body.value;
 }
-async function convexQuery(path18, args, timeout) {
+async function convexQuery(path19, args, timeout) {
   const res = await fetch(`${CONVEX_BASE}/api/query`, {
     method: "POST",
     signal: AbortSignal.timeout(timeout),
     headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ path: path18, args, format: "json" })
+    body: JSON.stringify({ path: path19, args, format: "json" })
   });
   if (!res.ok) {
-    throw new Error(`Convex query ${path18} returned ${res.status}`);
+    throw new Error(`Convex query ${path19} returned ${res.status}`);
   }
   const body = await res.json();
   if (body.status === "error") {
-    throw new Error(`Convex query ${path18}: ${body.errorMessage ?? "unknown error"}`);
+    throw new Error(`Convex query ${path19}: ${body.errorMessage ?? "unknown error"}`);
   }
   return body.value;
 }
@@ -5401,7 +5722,7 @@ function isImageExt(filePath) {
 }
 var MAX_IMAGE_SIZE = 5e5;
 function getMarketplaceDir() {
-  return path11.join(os4.homedir(), CONFIG_DIR2, MARKETPLACE_DIR);
+  return path12.join(os4.homedir(), CONFIG_DIR2, MARKETPLACE_DIR);
 }
 async function downloadAndExtractZip(slug) {
   const url = `${CLAWHUB_DOWNLOAD_BASE}/download?slug=${encodeURIComponent(slug)}`;
@@ -5439,20 +5760,20 @@ async function downloadAndExtractZip(slug) {
   return files;
 }
 function storeDownloadedSkill(slug, meta, files) {
-  const dir = path11.join(getMarketplaceDir(), slug);
-  const filesDir = path11.join(dir, "files");
+  const dir = path12.join(getMarketplaceDir(), slug);
+  const filesDir = path12.join(dir, "files");
   fs12.mkdirSync(filesDir, { recursive: true });
   const fullMeta = { ...meta, downloadedAt: (/* @__PURE__ */ new Date()).toISOString() };
-  fs12.writeFileSync(path11.join(dir, "metadata.json"), JSON.stringify(fullMeta, null, 2), "utf-8");
+  fs12.writeFileSync(path12.join(dir, "metadata.json"), JSON.stringify(fullMeta, null, 2), "utf-8");
   for (const file of files) {
-    const filePath = path11.join(filesDir, file.name);
-    fs12.mkdirSync(path11.dirname(filePath), { recursive: true });
+    const filePath = path12.join(filesDir, file.name);
+    fs12.mkdirSync(path12.dirname(filePath), { recursive: true });
     fs12.writeFileSync(filePath, file.content, "utf-8");
   }
   console.log(`[Marketplace] Stored ${files.length} files for ${slug}`);
 }
 function updateDownloadedAnalysis(slug, analysis) {
-  const metaPath = path11.join(getMarketplaceDir(), slug, "metadata.json");
+  const metaPath = path12.join(getMarketplaceDir(), slug, "metadata.json");
   try {
     if (!fs12.existsSync(metaPath)) return;
     const meta = JSON.parse(fs12.readFileSync(metaPath, "utf-8"));
@@ -5469,7 +5790,7 @@ function listDownloadedSkills() {
     const entries = fs12.readdirSync(baseDir, { withFileTypes: true });
     for (const entry of entries) {
       if (!entry.isDirectory()) continue;
-      const metaPath = path11.join(baseDir, entry.name, "metadata.json");
+      const metaPath = path12.join(baseDir, entry.name, "metadata.json");
       try {
         const meta = JSON.parse(fs12.readFileSync(metaPath, "utf-8"));
         results.push({
@@ -5488,7 +5809,7 @@ function listDownloadedSkills() {
   return results;
 }
 function getDownloadedSkillFiles(slug) {
-  const filesDir = path11.join(getMarketplaceDir(), slug, "files");
+  const filesDir = path12.join(getMarketplaceDir(), slug, "files");
   if (!fs12.existsSync(filesDir)) return [];
   const files = [];
   function walk(dir, prefix) {
@@ -5496,9 +5817,9 @@ function getDownloadedSkillFiles(slug) {
     for (const entry of entries) {
       const rel = prefix ? `${prefix}/${entry.name}` : entry.name;
       if (entry.isDirectory()) {
-        walk(path11.join(dir, entry.name), rel);
+        walk(path12.join(dir, entry.name), rel);
       } else {
-        const content = fs12.readFileSync(path11.join(dir, entry.name), "utf-8");
+        const content = fs12.readFileSync(path12.join(dir, entry.name), "utf-8");
         files.push({ name: rel, type: guessContentType(entry.name), content });
       }
     }
@@ -5507,7 +5828,7 @@ function getDownloadedSkillFiles(slug) {
   return files;
 }
 function getDownloadedSkillMeta(slug) {
-  const metaPath = path11.join(getMarketplaceDir(), slug, "metadata.json");
+  const metaPath = path12.join(getMarketplaceDir(), slug, "metadata.json");
   try {
     if (fs12.existsSync(metaPath)) {
       return JSON.parse(fs12.readFileSync(metaPath, "utf-8"));
@@ -6047,13 +6368,13 @@ function findSkillMdRecursive(dir, depth = 0) {
   if (depth > 3) return null;
   try {
     for (const name of ["SKILL.md", "skill.md", "README.md", "readme.md"]) {
-      const candidate = path12.join(dir, name);
+      const candidate = path13.join(dir, name);
       if (fs13.existsSync(candidate)) return candidate;
     }
     const entries = fs13.readdirSync(dir, { withFileTypes: true });
     for (const entry of entries) {
       if (!entry.isDirectory()) continue;
-      const found = findSkillMdRecursive(path12.join(dir, entry.name), depth + 1);
+      const found = findSkillMdRecursive(path13.join(dir, entry.name), depth + 1);
       if (found) return found;
     }
   } catch {
@@ -6096,9 +6417,9 @@ async function skillsRoutes(app) {
         name: a.name,
         source: "user",
         status: "active",
-        path: path12.join(skillsDir2 ?? "", a.name),
+        path: path13.join(skillsDir2 ?? "", a.name),
         publisher: a.publisher,
-        description: skillsDir2 ? readSkillDescription(path12.join(skillsDir2, a.name)) : void 0
+        description: skillsDir2 ? readSkillDescription(path13.join(skillsDir2, a.name)) : void 0
       })),
       // Quarantined
       ...quarantined.map((q) => ({
@@ -6113,8 +6434,8 @@ async function skillsRoutes(app) {
         name,
         source: "workspace",
         status: "workspace",
-        path: path12.join(skillsDir2 ?? "", name),
-        description: skillsDir2 ? readSkillDescription(path12.join(skillsDir2, name)) : void 0
+        path: path13.join(skillsDir2 ?? "", name),
+        description: skillsDir2 ? readSkillDescription(path13.join(skillsDir2, name)) : void 0
       })),
       // Downloaded (not installed) → available
       ...availableDownloads.map((d) => ({
@@ -6155,15 +6476,15 @@ async function skillsRoutes(app) {
       } else if (entry) {
         source = "user";
         status = "active";
-        skillPath = skillsDir2 ? path12.join(skillsDir2, name) : "";
+        skillPath = skillsDir2 ? path13.join(skillsDir2, name) : "";
       } else if (skillsDir2) {
         source = "workspace";
         status = "workspace";
-        skillPath = path12.join(skillsDir2, name);
+        skillPath = path13.join(skillsDir2, name);
       }
       let content = "";
       let metadata;
-      const dirToRead = skillPath || (skillsDir2 ? path12.join(skillsDir2, name) : "");
+      const dirToRead = skillPath || (skillsDir2 ? path13.join(skillsDir2, name) : "");
       if (dirToRead) {
         try {
           const mdPath = findSkillMdRecursive(dirToRead);
@@ -6297,9 +6618,9 @@ async function skillsRoutes(app) {
         return reply.code(500).send({ error: "Skills directory not configured" });
       }
       const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-      const binDir = path12.join(agentHome, "bin");
+      const binDir = path13.join(agentHome, "bin");
       const socketGroup = process.env["AGENSHIELD_SOCKET_GROUP"] || "clawshield";
-      const skillDir = path12.join(skillsDir2, name);
+      const skillDir = path13.join(skillsDir2, name);
       const isInstalled = fs13.existsSync(skillDir);
       if (isInstalled) {
         try {
@@ -6346,8 +6667,8 @@ async function skillsRoutes(app) {
           } else {
             fs13.mkdirSync(skillDir, { recursive: true });
             for (const file of files) {
-              const filePath = path12.join(skillDir, file.name);
-              fs13.mkdirSync(path12.dirname(filePath), { recursive: true });
+              const filePath = path13.join(skillDir, file.name);
+              fs13.mkdirSync(path13.dirname(filePath), { recursive: true });
               fs13.writeFileSync(filePath, file.content, "utf-8");
             }
             try {
@@ -6402,15 +6723,15 @@ async function skillsRoutes(app) {
         return reply.code(500).send({ error: "Skills directory not configured" });
       }
       const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-      const binDir = path12.join(agentHome, "bin");
+      const binDir = path13.join(agentHome, "bin");
       const socketGroup = process.env["AGENSHIELD_SOCKET_GROUP"] || "clawshield";
-      const skillDir = path12.join(skillsDir2, name);
+      const skillDir = path13.join(skillsDir2, name);
       try {
         addToApprovedList(name, publisher);
         fs13.mkdirSync(skillDir, { recursive: true });
         for (const file of files) {
-          const filePath = path12.join(skillDir, file.name);
-          fs13.mkdirSync(path12.dirname(filePath), { recursive: true });
+          const filePath = path13.join(skillDir, file.name);
+          fs13.mkdirSync(path13.dirname(filePath), { recursive: true });
           fs13.writeFileSync(filePath, file.content, "utf-8");
         }
         try {
@@ -6440,7 +6761,7 @@ async function skillsRoutes(app) {
 
 // libs/shield-daemon/src/routes/exec.ts
 import * as fs14 from "node:fs";
-import * as path13 from "node:path";
+import * as path14 from "node:path";
 var ALLOWED_COMMANDS_PATH2 = "/opt/agenshield/config/allowed-commands.json";
 var BIN_DIRS = [
   "/usr/bin",
@@ -6464,7 +6785,7 @@ function loadConfig2() {
   }
 }
 function saveConfig2(config) {
-  const dir = path13.dirname(ALLOWED_COMMANDS_PATH2);
+  const dir = path14.dirname(ALLOWED_COMMANDS_PATH2);
   if (!fs14.existsSync(dir)) {
     fs14.mkdirSync(dir, { recursive: true });
   }
@@ -6481,7 +6802,7 @@ function scanSystemBins() {
       const entries = fs14.readdirSync(dir);
       for (const entry of entries) {
         if (seen.has(entry)) continue;
-        const fullPath = path13.join(dir, entry);
+        const fullPath = path14.join(dir, entry);
         try {
           const stat = fs14.statSync(fullPath);
           if (stat.isFile() && (stat.mode & 73) !== 0) {
@@ -6536,7 +6857,7 @@ async function execRoutes(app) {
       };
     }
     for (const p of paths) {
-      if (!path13.isAbsolute(p)) {
+      if (!path14.isAbsolute(p)) {
         return {
           success: false,
           error: {
@@ -6964,7 +7285,7 @@ async function secretsRoutes(app) {
 
 // libs/shield-daemon/src/routes/marketplace.ts
 import * as fs15 from "node:fs";
-import * as path14 from "node:path";
+import * as path15 from "node:path";
 async function marketplaceRoutes(app) {
   app.get(
     "/marketplace/search",
@@ -7160,9 +7481,9 @@ async function marketplaceRoutes(app) {
           return reply.code(500).send({ error: "Skills directory not configured" });
         }
         const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-        const binDir = path14.join(agentHome, "bin");
+        const binDir = path15.join(agentHome, "bin");
         const socketGroup = process.env["AGENSHIELD_SOCKET_GROUP"] || "clawshield";
-        skillDir = path14.join(skillsDir2, slug);
+        skillDir = path15.join(skillsDir2, slug);
         emitSkillInstallProgress(slug, "approve", "Pre-approving skill");
         addToApprovedList(slug, publisher);
         logs.push("Skill pre-approved");
@@ -7230,14 +7551,14 @@ async function marketplaceRoutes(app) {
 
 // libs/shield-daemon/src/routes/fs.ts
 import * as fs16 from "node:fs";
-import * as path15 from "node:path";
+import * as path16 from "node:path";
 import * as os5 from "node:os";
 var MAX_ENTRIES = 200;
 async function fsRoutes(app) {
   app.get("/fs/browse", async (request) => {
     const dirPath = request.query.path || os5.homedir();
     const showHidden = request.query.showHidden === "true";
-    const resolvedPath = path15.resolve(dirPath);
+    const resolvedPath = path16.resolve(dirPath);
     let dirents;
     try {
       dirents = fs16.readdirSync(resolvedPath, { withFileTypes: true });
@@ -7249,7 +7570,7 @@ async function fsRoutes(app) {
       if (!showHidden && dirent.name.startsWith(".")) continue;
       entries.push({
         name: dirent.name,
-        path: path15.join(resolvedPath, dirent.name),
+        path: path16.join(resolvedPath, dirent.name),
         type: dirent.isDirectory() ? "directory" : "file"
       });
       if (entries.length >= MAX_ENTRIES) break;
@@ -7264,7 +7585,8 @@ async function fsRoutes(app) {
 
 // libs/shield-daemon/src/services/activity-log.ts
 import * as fs17 from "node:fs";
-import * as path16 from "node:path";
+import * as path17 from "node:path";
+init_paths();
 var ACTIVITY_FILE = "activity.jsonl";
 var MAX_SIZE_BYTES = 100 * 1024 * 1024;
 var MAX_AGE_MS = 24 * 60 * 60 * 1e3;
@@ -7281,7 +7603,7 @@ var ActivityLog = class {
   writeCount = 0;
   unsubscribe;
   constructor() {
-    this.filePath = path16.join(getConfigDir(), ACTIVITY_FILE);
+    this.filePath = path17.join(getConfigDir(), ACTIVITY_FILE);
   }
   /** Read historical events from the JSONL file, newest first */
   getHistory(limit = 500) {
@@ -7381,26 +7703,31 @@ function globToRegex(pattern) {
   const regexPattern = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*\*/g, "{{GLOBSTAR}}").replace(/\*/g, "[^/]*").replace(/\?/g, ".").replace(/{{GLOBSTAR}}/g, ".*");
   return new RegExp(`^${regexPattern}$`, "i");
 }
-function normalizeUrlPattern(pattern) {
+function normalizeUrlBase(pattern) {
   let p = pattern.trim();
   p = p.replace(/\/+$/, "");
   if (!p.match(/^(\*|https?):\/\//i)) {
     p = `https://${p}`;
   }
-  if (!p.endsWith("*")) {
-    p = `${p}/**`;
-  }
   return p;
 }
+function matchUrlPattern(pattern, target) {
+  const base = normalizeUrlBase(pattern);
+  const trimmed = pattern.trim().replace(/\/+$/, "");
+  if (trimmed.endsWith("*")) {
+    return globToRegex(base).test(target);
+  }
+  return globToRegex(base).test(target) || globToRegex(`${base}/**`).test(target);
+}
 function normalizeUrlTarget(url) {
   const trimmed = url.trim();
   try {
     const parsed = new URL(trimmed);
-    let path18 = parsed.pathname;
-    if (path18.length > 1) {
-      path18 = path18.replace(/\/+$/, "");
+    let path19 = parsed.pathname;
+    if (path19.length > 1) {
+      path19 = path19.replace(/\/+$/, "");
     }
-    return `${parsed.protocol}//${parsed.host}${path18}${parsed.search}`;
+    return `${parsed.protocol}//${parsed.host}${path19}${parsed.search}`;
   } catch {
     return trimmed.replace(/\/+$/, "");
   }
@@ -7432,10 +7759,8 @@ function evaluatePolicyCheck(operation, target) {
       if (policy.target !== "url" || policy.action !== "allow") continue;
       for (const pattern of policy.patterns) {
         if (!pattern.match(/^http:\/\//i)) continue;
-        const effectivePattern = normalizeUrlPattern(pattern);
         const effectiveTarget = normalizeUrlTarget(target);
-        const regex = globToRegex(effectivePattern);
-        if (regex.test(effectiveTarget)) {
+        if (matchUrlPattern(pattern, effectiveTarget)) {
           explicitHttpAllow = true;
           break;
         }
@@ -7457,11 +7782,15 @@ function evaluatePolicyCheck(operation, target) {
     }
     console.log("[policy_check] checking policy:", policy.name, "target:", policy.target, "action:", policy.action);
     for (const pattern of policy.patterns) {
-      const effectivePattern = targetType === "url" ? normalizeUrlPattern(pattern) : pattern;
       const effectiveTarget = targetType === "url" ? normalizeUrlTarget(target) : target;
-      const regex = globToRegex(effectivePattern);
-      const matches = regex.test(effectiveTarget);
-      console.log("[policy_check]   pattern:", pattern, "-> normalized:", effectivePattern, "| target:", effectiveTarget, "| matches:", matches);
+      let matches;
+      if (targetType === "url") {
+        matches = matchUrlPattern(pattern, effectiveTarget);
+      } else {
+        const regex = globToRegex(pattern);
+        matches = regex.test(effectiveTarget);
+      }
+      console.log("[policy_check]   pattern:", pattern, "-> base:", targetType === "url" ? normalizeUrlBase(pattern) : pattern, "| target:", effectiveTarget, "| matches:", matches);
       if (matches) {
         console.log("[policy_check] MATCHED policy:", policy.name, "action:", policy.action);
         return {
@@ -7635,20 +7964,20 @@ async function registerRoutes(app) {
 
 // libs/shield-daemon/src/static.ts
 import * as fs18 from "node:fs";
-import * as path17 from "node:path";
+import * as path18 from "node:path";
 import { fileURLToPath as fileURLToPath2 } from "node:url";
 var __filename = fileURLToPath2(import.meta.url);
-var __dirname = path17.dirname(__filename);
+var __dirname = path18.dirname(__filename);
 function getUiAssetsPath() {
-  const pkgRootPath = path17.join(__dirname, "..", "ui-assets");
+  const pkgRootPath = path18.join(__dirname, "..", "ui-assets");
   if (fs18.existsSync(pkgRootPath)) {
     return pkgRootPath;
   }
-  const bundledPath = path17.join(__dirname, "ui-assets");
+  const bundledPath = path18.join(__dirname, "ui-assets");
   if (fs18.existsSync(bundledPath)) {
     return bundledPath;
   }
-  const devPath = path17.join(__dirname, "..", "..", "..", "dist", "apps", "shield-ui");
+  const devPath = path18.join(__dirname, "..", "..", "..", "dist", "apps", "shield-ui");
   if (fs18.existsSync(devPath)) {
     return devPath;
   }
@@ -7748,6 +8077,17 @@ async function startServer(config) {
   }, 3e4);
   const activityLog = getActivityLog();
   activityLog.start();
+  try {
+    const { loadConfig: loadDaemonConfig } = await Promise.resolve().then(() => (init_loader(), loader_exports));
+    const { loadState: loadState2 } = await Promise.resolve().then(() => (init_state(), state_exports));
+    const { syncCommandPoliciesAndWrappers: syncCommandPoliciesAndWrappers2 } = await Promise.resolve().then(() => (init_command_sync(), command_sync_exports));
+    const cfg = loadDaemonConfig();
+    const st = loadState2();
+    syncCommandPoliciesAndWrappers2(cfg.policies, st, app.log);
+    app.log.info("[startup] boot-time command-sync completed");
+  } catch (err) {
+    app.log.warn(`[startup] boot-time command-sync failed: ${err.message}`);
+  }
   try {
     const vault = getVault();
     const agenco = await vault.get("agenco");