@agenshield/daemon 0.6.0 → 0.6.2

package/index.js

@@ -1,25 +1,12 @@
-// libs/shield-daemon/src/server.ts
-import * as fs20 from "node:fs";
-import Fastify from "fastify";
-import cors from "@fastify/cors";
-import fastifyStatic from "@fastify/static";
-
-// libs/shield-daemon/src/routes/index.ts
-import { API_PREFIX } from "@agenshield/ipc";
-
-// libs/shield-daemon/src/routes/health.ts
-async function healthRoutes(app) {
-  app.get("/health", async () => {
-    return {
-      success: true,
-      data: {
-        ok: true,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-        mode: "daemon"
-      }
-    };
-  });
-}
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
 
 // libs/shield-daemon/src/config/paths.ts
 import * as path from "node:path";
@@ -37,10 +24,14 @@ function getPidPath() {
 function getLogPath() {
   return path.join(getConfigDir(), LOG_FILE);
 }
+var init_paths = __esm({
+  "libs/shield-daemon/src/config/paths.ts"() {
+    "use strict";
+  }
+});
 
 // libs/shield-daemon/src/config/defaults.ts
 import { DEFAULT_PORT, DEFAULT_HOST } from "@agenshield/ipc";
-var VERSION = "0.1.0";
 function getDefaultConfig() {
   return {
     version: VERSION,
@@ -57,8 +48,22 @@ function getDefaultConfig() {
     }
   };
 }
+var VERSION;
+var init_defaults = __esm({
+  "libs/shield-daemon/src/config/defaults.ts"() {
+    "use strict";
+    VERSION = "0.1.0";
+  }
+});
 
 // libs/shield-daemon/src/config/loader.ts
+var loader_exports = {};
+__export(loader_exports, {
+  ensureConfigDir: () => ensureConfigDir,
+  loadConfig: () => loadConfig,
+  saveConfig: () => saveConfig,
+  updateConfig: () => updateConfig
+});
 import * as fs from "node:fs";
 import { ShieldConfigSchema, DEFAULT_PORT as DEFAULT_PORT2 } from "@agenshield/ipc";
 function ensureConfigDir() {
@@ -105,8 +110,35 @@ function updateConfig(updates) {
   saveConfig(updated);
   return updated;
 }
+var init_loader = __esm({
+  "libs/shield-daemon/src/config/loader.ts"() {
+    "use strict";
+    init_paths();
+    init_defaults();
+  }
+});
 
 // libs/shield-daemon/src/state/index.ts
+var state_exports = {};
+__export(state_exports, {
+  addConnectedIntegration: () => addConnectedIntegration,
+  addGroupState: () => addGroupState,
+  addUserState: () => addUserState,
+  getDefaultState: () => getDefaultState,
+  getPasscodeProtectionState: () => getPasscodeProtectionState,
+  getStatePath: () => getStatePath,
+  initializeState: () => initializeState,
+  loadState: () => loadState,
+  removeConnectedIntegration: () => removeConnectedIntegration,
+  removeGroupState: () => removeGroupState,
+  removeUserState: () => removeUserState,
+  saveState: () => saveState,
+  updateAgenCoState: () => updateAgenCoState,
+  updateDaemonState: () => updateDaemonState,
+  updateInstallationState: () => updateInstallationState,
+  updatePasscodeProtectionState: () => updatePasscodeProtectionState,
+  updateState: () => updateState
+});
 import * as fs2 from "node:fs";
 import * as path2 from "node:path";
 import { STATE_FILE, DEFAULT_PORT as DEFAULT_PORT3 } from "@agenshield/ipc";
@@ -184,12 +216,24 @@ function updateState(updates) {
   saveState(updated);
   return updated;
 }
+function updateDaemonState(updates) {
+  const current = loadState();
+  current.daemon = { ...current.daemon, ...updates };
+  saveState(current);
+  return current;
+}
 function updateAgenCoState(updates) {
   const current = loadState();
   current.agenco = { ...current.agenco, ...updates };
   saveState(current);
   return current;
 }
+function updateInstallationState(updates) {
+  const current = loadState();
+  current.installation = { ...current.installation, ...updates };
+  saveState(current);
+  return current;
+}
 function updatePasscodeProtectionState(updates) {
   const current = loadState();
   current.passcodeProtection = { ...current.passcodeProtection, ...updates };
@@ -200,6 +244,40 @@ function getPasscodeProtectionState() {
   const current = loadState();
   return current.passcodeProtection;
 }
+function addUserState(user) {
+  const current = loadState();
+  const existingIndex = current.users.findIndex((u) => u.username === user.username);
+  if (existingIndex >= 0) {
+    current.users[existingIndex] = user;
+  } else {
+    current.users.push(user);
+  }
+  saveState(current);
+  return current;
+}
+function removeUserState(username) {
+  const current = loadState();
+  current.users = current.users.filter((u) => u.username !== username);
+  saveState(current);
+  return current;
+}
+function addGroupState(group) {
+  const current = loadState();
+  const existingIndex = current.groups.findIndex((g) => g.name === group.name);
+  if (existingIndex >= 0) {
+    current.groups[existingIndex] = group;
+  } else {
+    current.groups.push(group);
+  }
+  saveState(current);
+  return current;
+}
+function removeGroupState(name) {
+  const current = loadState();
+  current.groups = current.groups.filter((g) => g.name !== name);
+  saveState(current);
+  return current;
+}
 function addConnectedIntegration(integrationId) {
   const current = loadState();
   if (!current.agenco.connectedIntegrations.includes(integrationId)) {
@@ -208,8 +286,305 @@ function addConnectedIntegration(integrationId) {
   }
   return current;
 }
+function removeConnectedIntegration(integrationId) {
+  const current = loadState();
+  current.agenco.connectedIntegrations = current.agenco.connectedIntegrations.filter(
+    (id) => id !== integrationId
+  );
+  saveState(current);
+  return current;
+}
+function initializeState() {
+  const statePath = getStatePath();
+  if (!fs2.existsSync(statePath)) {
+    const state = getDefaultState();
+    saveState(state);
+    return state;
+  }
+  return loadState();
+}
+var init_state = __esm({
+  "libs/shield-daemon/src/state/index.ts"() {
+    "use strict";
+    init_paths();
+  }
+});
+
+// libs/shield-daemon/src/command-sync.ts
+var command_sync_exports = {};
+__export(command_sync_exports, {
+  ensureWrappersInstalled: () => ensureWrappersInstalled,
+  syncCommandPolicies: () => syncCommandPolicies,
+  syncCommandPoliciesAndWrappers: () => syncCommandPoliciesAndWrappers
+});
+import * as fs5 from "node:fs";
+import * as path5 from "node:path";
+import { execSync as execSync3 } from "node:child_process";
+import { PROXIED_COMMANDS, BASIC_SYSTEM_COMMANDS } from "@agenshield/sandbox";
+function resolveCommandPaths(name) {
+  const paths = [];
+  for (const dir of BIN_SEARCH_DIRS) {
+    const candidate = path5.join(dir, name);
+    try {
+      if (fs5.existsSync(candidate)) {
+        const stat = fs5.statSync(candidate);
+        if (stat.isFile() && (stat.mode & 73) !== 0) {
+          paths.push(candidate);
+        }
+      }
+    } catch {
+    }
+  }
+  if (paths.length === 0) {
+    try {
+      const result = execSync3(`which ${name} 2>/dev/null`, { encoding: "utf-8" }).trim();
+      if (result && path5.isAbsolute(result)) {
+        paths.push(result);
+      }
+    } catch {
+    }
+  }
+  return paths;
+}
+function extractCommandName(pattern) {
+  return pattern.trim().split(/\s+/)[0];
+}
+function extractPolicyCommandNames(policies) {
+  const names = /* @__PURE__ */ new Set();
+  for (const p of policies) {
+    if (p.target === "command" && p.action === "allow" && p.enabled) {
+      for (const pattern of p.patterns) {
+        const name = extractCommandName(pattern);
+        if (name) names.add(name);
+      }
+    }
+  }
+  return names;
+}
+function syncCommandPolicies(policies, logger) {
+  const log = logger ?? noop2;
+  const commandPolicies = policies.filter(
+    (p) => p.target === "command" && p.action === "allow" && p.enabled
+  );
+  const commandNames = /* @__PURE__ */ new Set();
+  for (const policy of commandPolicies) {
+    for (const pattern of policy.patterns) {
+      const name = extractCommandName(pattern);
+      if (name) commandNames.add(name);
+    }
+  }
+  const commands = [];
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  for (const name of commandNames) {
+    const paths = resolveCommandPaths(name);
+    if (paths.length === 0) {
+      log.warn(`[command-sync] command '${name}' not found on system, adding without paths`);
+    }
+    commands.push({
+      name,
+      paths,
+      addedAt: now,
+      addedBy: "policy",
+      category: "policy-managed"
+    });
+  }
+  const config = {
+    version: "1.0.0",
+    commands
+  };
+  const json = JSON.stringify(config, null, 2) + "\n";
+  try {
+    const dir = path5.dirname(ALLOWED_COMMANDS_PATH);
+    if (!fs5.existsSync(dir)) {
+      fs5.mkdirSync(dir, { recursive: true });
+    }
+    fs5.writeFileSync(ALLOWED_COMMANDS_PATH, json, "utf-8");
+    log.info(`[command-sync] wrote ${commands.length} commands to allowlist`);
+  } catch {
+    log.warn(`[command-sync] cannot write to ${ALLOWED_COMMANDS_PATH} (broker forwards to daemon for policy checks)`);
+  }
+}
+function generateFallbackWrapper(cmd) {
+  return [
+    "#!/bin/bash",
+    `# ${cmd} - AgenShield proxy (auto-generated)`,
+    "if ! /bin/pwd > /dev/null 2>&1; then cd ~ 2>/dev/null || cd /; fi",
+    `exec /opt/agenshield/bin/shield-client exec ${cmd} "$@"`,
+    ""
+  ].join("\n");
+}
+function installWrappersInDir(binDir, log, policyCommands) {
+  const shieldExecPath = "/opt/agenshield/bin/shield-exec";
+  if (!fs5.existsSync(binDir)) {
+    try {
+      fs5.mkdirSync(binDir, { recursive: true, mode: 493 });
+    } catch {
+      log.warn(`[command-sync] cannot create bin dir ${binDir}`);
+      return;
+    }
+  }
+  const hasShieldExec = fs5.existsSync(shieldExecPath);
+  if (!hasShieldExec) {
+    log.warn("[command-sync] shield-exec not found, using bash wrapper fallback");
+  }
+  for (const cmd of ALL_PROXIED_COMMANDS) {
+    const wrapperPath = path5.join(binDir, cmd);
+    if (fs5.existsSync(wrapperPath)) {
+      continue;
+    }
+    if (hasShieldExec) {
+      try {
+        fs5.symlinkSync(shieldExecPath, wrapperPath);
+        continue;
+      } catch {
+        log.warn(`[command-sync] cannot symlink ${cmd}, falling back to bash wrapper`);
+      }
+    }
+    try {
+      fs5.writeFileSync(wrapperPath, generateFallbackWrapper(cmd), { mode: 493 });
+    } catch {
+      log.warn(`[command-sync] cannot write wrapper for ${cmd}`);
+    }
+  }
+  if (policyCommands) {
+    for (const cmd of policyCommands) {
+      if (PROXIED_COMMANDS_SET.has(cmd)) continue;
+      if (BASIC_SYSTEM_COMMANDS_SET.has(cmd)) continue;
+      if (SPECIALIZED_WRAPPER_COMMANDS.has(cmd)) continue;
+      const wrapperPath = path5.join(binDir, cmd);
+      if (fs5.existsSync(wrapperPath)) continue;
+      if (hasShieldExec) {
+        try {
+          fs5.symlinkSync(shieldExecPath, wrapperPath);
+          log.info(`[command-sync] installed dynamic wrapper (symlink): ${cmd}`);
+          continue;
+        } catch {
+          log.warn(`[command-sync] cannot symlink ${cmd}, falling back to bash wrapper`);
+        }
+      }
+      try {
+        fs5.writeFileSync(wrapperPath, generateFallbackWrapper(cmd), { mode: 493 });
+        log.info(`[command-sync] installed dynamic wrapper (bash): ${cmd}`);
+      } catch {
+        log.warn(`[command-sync] cannot write dynamic wrapper for ${cmd}`);
+      }
+    }
+  }
+}
+function cleanupStaleWrappers(binDir, policyCommands, log) {
+  const shieldExecPath = "/opt/agenshield/bin/shield-exec";
+  let entries;
+  try {
+    entries = fs5.readdirSync(binDir);
+  } catch {
+    return;
+  }
+  for (const entry of entries) {
+    if (PROXIED_COMMANDS_SET.has(entry)) continue;
+    if (SPECIALIZED_WRAPPER_COMMANDS.has(entry)) continue;
+    if (BASIC_SYSTEM_COMMANDS_SET.has(entry)) continue;
+    if (policyCommands.has(entry)) continue;
+    const wrapperPath = path5.join(binDir, entry);
+    try {
+      const stat = fs5.lstatSync(wrapperPath);
+      if (stat.isSymbolicLink()) {
+        const target = fs5.readlinkSync(wrapperPath);
+        if (target === shieldExecPath) {
+          fs5.unlinkSync(wrapperPath);
+          log.info(`[command-sync] removed stale dynamic wrapper (symlink): ${entry}`);
+        }
+      } else if (stat.isFile()) {
+        const content = fs5.readFileSync(wrapperPath, "utf-8");
+        if (content.includes("shield-client exec") && content.includes("AgenShield proxy (auto-generated)")) {
+          fs5.unlinkSync(wrapperPath);
+          log.info(`[command-sync] removed stale dynamic wrapper (bash): ${entry}`);
+        }
+      }
+    } catch {
+    }
+  }
+}
+function ensureWrappersInstalled(state, logger, policyCommands) {
+  const log = logger ?? noop2;
+  const agentUser = state.users.find((u) => u.type === "agent");
+  if (!agentUser) {
+    log.warn("[command-sync] no agent user in state, skipping wrapper installation");
+    return;
+  }
+  const agentBinDir = path5.join(agentUser.homeDir, "bin");
+  log.info(`[command-sync] ensuring wrappers in agent bin: ${agentBinDir}`);
+  installWrappersInDir(agentBinDir, log, policyCommands);
+  if (policyCommands) {
+    cleanupStaleWrappers(agentBinDir, policyCommands, log);
+  }
+  const agentHomeEnv = process.env["AGENSHIELD_AGENT_HOME"];
+  if (agentHomeEnv && agentHomeEnv !== agentUser.homeDir) {
+    const envBinDir = path5.join(agentHomeEnv, "bin");
+    log.info(`[command-sync] ensuring wrappers in env agent bin: ${envBinDir}`);
+    installWrappersInDir(envBinDir, log, policyCommands);
+    if (policyCommands) {
+      cleanupStaleWrappers(envBinDir, policyCommands, log);
+    }
+  }
+}
+function syncCommandPoliciesAndWrappers(policies, state, logger) {
+  const policyCommands = extractPolicyCommandNames(policies);
+  syncCommandPolicies(policies, logger);
+  ensureWrappersInstalled(state, logger, policyCommands);
+}
+var noop2, ALLOWED_COMMANDS_PATH, BIN_SEARCH_DIRS, ALL_PROXIED_COMMANDS, BASIC_SYSTEM_COMMANDS_SET, SPECIALIZED_WRAPPER_COMMANDS, PROXIED_COMMANDS_SET;
+var init_command_sync = __esm({
+  "libs/shield-daemon/src/command-sync.ts"() {
+    "use strict";
+    noop2 = { warn() {
+    }, info() {
+    } };
+    ALLOWED_COMMANDS_PATH = "/opt/agenshield/config/allowed-commands.json";
+    BIN_SEARCH_DIRS = [
+      "/usr/bin",
+      "/usr/local/bin",
+      "/opt/homebrew/bin",
+      "/usr/sbin",
+      "/usr/local/sbin",
+      "/opt/homebrew/sbin"
+    ];
+    ALL_PROXIED_COMMANDS = [...PROXIED_COMMANDS];
+    BASIC_SYSTEM_COMMANDS_SET = new Set(BASIC_SYSTEM_COMMANDS);
+    SPECIALIZED_WRAPPER_COMMANDS = /* @__PURE__ */ new Set(["node", "python", "python3"]);
+    PROXIED_COMMANDS_SET = new Set(ALL_PROXIED_COMMANDS);
+  }
+});
+
+// libs/shield-daemon/src/server.ts
+import * as fs19 from "node:fs";
+import Fastify from "fastify";
+import cors from "@fastify/cors";
+import fastifyStatic from "@fastify/static";
+
+// libs/shield-daemon/src/routes/index.ts
+import { API_PREFIX } from "@agenshield/ipc";
+
+// libs/shield-daemon/src/routes/health.ts
+async function healthRoutes(app) {
+  app.get("/health", async () => {
+    return {
+      success: true,
+      data: {
+        ok: true,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        mode: "daemon"
+      }
+    };
+  });
+}
+
+// libs/shield-daemon/src/config/index.ts
+init_paths();
+init_defaults();
+init_loader();
 
 // libs/shield-daemon/src/routes/status.ts
+init_state();
 var startedAt = /* @__PURE__ */ new Date();
 async function statusRoutes(app) {
   app.get("/status", async () => {
@@ -236,8 +611,9 @@ async function statusRoutes(app) {
 }
 
 // libs/shield-daemon/src/routes/config.ts
-import * as fs7 from "node:fs";
-import * as path7 from "node:path";
+import * as fs6 from "node:fs";
+import * as path6 from "node:path";
+init_state();
 
 // libs/shield-daemon/src/vault/index.ts
 import * as fs3 from "node:fs";
@@ -298,6 +674,7 @@ function decrypt(encryptedData, key) {
 }
 
 // libs/shield-daemon/src/vault/index.ts
+init_paths();
 var Vault = class {
   key;
   vaultPath;
@@ -598,21 +975,21 @@ function operationsToAclPerms(operations) {
   }
   return perms.join(",");
 }
-function addGroupAcl(targetPath, groupName, permissions, log = noop) {
+function addUserAcl(targetPath, userName, permissions, log = noop) {
   try {
     if (!fs4.existsSync(targetPath)) {
       log.warn(`[acl] skipping non-existent path: ${targetPath}`);
       return;
     }
     execSync2(
-      `sudo chmod +a "group:${groupName} allow ${permissions}" "${targetPath}"`,
+      `sudo chmod +a "user:${userName} allow ${permissions}" "${targetPath}"`,
       { stdio: "pipe" }
     );
   } catch (err) {
     log.warn(`[acl] failed to add ACL on ${targetPath}: ${err.message}`);
   }
 }
-function removeGroupAcl(targetPath, groupName, log = noop) {
+function removeUserAcl(targetPath, userName, log = noop) {
   try {
     if (!fs4.existsSync(targetPath)) {
       log.warn(`[acl] skipping non-existent path: ${targetPath}`);
@@ -624,8 +1001,8 @@ function removeGroupAcl(targetPath, groupName, log = noop) {
     });
     const indices = [];
     for (const line of output.split("\n")) {
-      const match = line.match(/^\s*(\d+):\s+group:(\S+)\s+allow/);
-      if (match && match[2] === groupName) {
+      const match = line.match(/^\s*(\d+):\s+user:(\S+)\s+/);
+      if (match && match[2] === userName) {
         indices.push(Number(match[1]));
       }
     }
@@ -665,7 +1042,7 @@ function mergePerms(a, b) {
 }
 function computeAclMap(policies) {
   const aclMap = /* @__PURE__ */ new Map();
-  for (const policy of policies) {
+  for (const policy of policies.filter((p) => p.action === "allow")) {
     const perms = operationsToAclPerms(policy.operations ?? []);
     if (!perms) continue;
     for (const pattern of policy.patterns) {
@@ -674,7 +1051,7 @@ function computeAclMap(policies) {
       aclMap.set(target, existing ? mergePerms(existing, perms) : perms);
     }
   }
-  for (const policy of policies) {
+  for (const policy of policies.filter((p) => p.action === "allow")) {
     const perms = operationsToAclPerms(policy.operations ?? []);
     if (!perms) continue;
     for (const pattern of policy.patterns) {
@@ -688,282 +1065,25 @@ function computeAclMap(policies) {
   }
   return aclMap;
 }
-function syncFilesystemPolicyAcls(oldPolicies, newPolicies, groupName, logger) {
+function syncFilesystemPolicyAcls(oldPolicies, newPolicies, userName, logger) {
   const log = logger ?? noop;
   const oldFs = oldPolicies.filter((p) => p.target === "filesystem");
   const newFs = newPolicies.filter((p) => p.target === "filesystem");
   const oldAclMap = computeAclMap(oldFs);
   const newAclMap = computeAclMap(newFs);
-  for (const oldPath of oldAclMap.keys()) {
-    if (!newAclMap.has(oldPath)) {
-      removeGroupAcl(oldPath, groupName, log);
-    }
-  }
-  for (const [targetPath, perms] of newAclMap) {
-    addGroupAcl(targetPath, groupName, perms, log);
-  }
-}
-
-// libs/shield-daemon/src/command-sync.ts
-import * as fs5 from "node:fs";
-import * as path5 from "node:path";
-import { execSync as execSync3 } from "node:child_process";
-var noop2 = { warn() {
-}, info() {
-} };
-var ALLOWED_COMMANDS_PATH = "/opt/agenshield/config/allowed-commands.json";
-var BIN_SEARCH_DIRS = [
-  "/usr/bin",
-  "/usr/local/bin",
-  "/opt/homebrew/bin",
-  "/usr/sbin",
-  "/usr/local/sbin",
-  "/opt/homebrew/sbin"
-];
-var ALL_PROXIED_COMMANDS = [
-  "curl",
-  "wget",
-  "git",
-  "ssh",
-  "scp",
-  "rsync",
-  "brew",
-  "npm",
-  "npx",
-  "pip",
-  "pip3",
-  "open-url",
-  "shieldctl",
-  "agenco"
-];
-function resolveCommandPaths(name) {
-  const paths = [];
-  for (const dir of BIN_SEARCH_DIRS) {
-    const candidate = path5.join(dir, name);
-    try {
-      if (fs5.existsSync(candidate)) {
-        const stat = fs5.statSync(candidate);
-        if (stat.isFile() && (stat.mode & 73) !== 0) {
-          paths.push(candidate);
-        }
-      }
-    } catch {
-    }
-  }
-  if (paths.length === 0) {
-    try {
-      const result = execSync3(`which ${name} 2>/dev/null`, { encoding: "utf-8" }).trim();
-      if (result && path5.isAbsolute(result)) {
-        paths.push(result);
-      }
-    } catch {
-    }
-  }
-  return paths;
-}
-function extractCommandName(pattern) {
-  return pattern.trim().split(/\s+/)[0];
-}
-function syncCommandPolicies(policies, logger) {
-  const log = logger ?? noop2;
-  const commandPolicies = policies.filter(
-    (p) => p.target === "command" && p.action === "allow" && p.enabled
-  );
-  const commandNames = /* @__PURE__ */ new Set();
-  for (const policy of commandPolicies) {
-    for (const pattern of policy.patterns) {
-      const name = extractCommandName(pattern);
-      if (name) commandNames.add(name);
-    }
-  }
-  const commands = [];
-  const now = (/* @__PURE__ */ new Date()).toISOString();
-  for (const name of commandNames) {
-    const paths = resolveCommandPaths(name);
-    if (paths.length === 0) {
-      log.warn(`[command-sync] command '${name}' not found on system, adding without paths`);
-    }
-    commands.push({
-      name,
-      paths,
-      addedAt: now,
-      addedBy: "policy",
-      category: "policy-managed"
-    });
-  }
-  const config = {
-    version: "1.0.0",
-    commands
-  };
-  const json = JSON.stringify(config, null, 2) + "\n";
-  try {
-    const dir = path5.dirname(ALLOWED_COMMANDS_PATH);
-    if (!fs5.existsSync(dir)) {
-      fs5.mkdirSync(dir, { recursive: true });
-    }
-    fs5.writeFileSync(ALLOWED_COMMANDS_PATH, json, "utf-8");
-    log.info(`[command-sync] wrote ${commands.length} commands to allowlist`);
-  } catch {
-    try {
-      execSync3(`sudo -n tee "${ALLOWED_COMMANDS_PATH}" > /dev/null`, {
-        input: json,
-        stdio: ["pipe", "pipe", "pipe"],
-        timeout: 5e3
-      });
-      log.info(`[command-sync] wrote ${commands.length} commands to allowlist (via sudo)`);
-    } catch (sudoErr) {
-      log.warn(`[command-sync] cannot write to ${ALLOWED_COMMANDS_PATH} \u2014 fix with: sudo chmod 775 ${path5.dirname(ALLOWED_COMMANDS_PATH)}`);
-      log.warn(`[command-sync] error: ${sudoErr.message}`);
-    }
-  }
-}
-function installWrappersInDir(binDir, log) {
-  const shieldExecPath = "/opt/agenshield/bin/shield-exec";
-  if (!fs5.existsSync(binDir)) {
-    try {
-      fs5.mkdirSync(binDir, { recursive: true, mode: 493 });
-    } catch {
-      try {
-        execSync3(`sudo -n mkdir -p "${binDir}" && sudo -n chmod 755 "${binDir}"`, {
-          stdio: "pipe",
-          timeout: 5e3
-        });
-      } catch (sudoErr) {
-        log.warn(`[command-sync] failed to create bin dir ${binDir}: ${sudoErr.message}`);
-        return;
-      }
-    }
-  }
-  if (!fs5.existsSync(shieldExecPath)) {
-    log.warn(`[command-sync] shield-exec not found at ${shieldExecPath}, skipping wrapper installation`);
-    return;
-  }
-  for (const cmd of ALL_PROXIED_COMMANDS) {
-    const wrapperPath = path5.join(binDir, cmd);
-    if (fs5.existsSync(wrapperPath)) {
-      continue;
-    }
-    try {
-      fs5.symlinkSync(shieldExecPath, wrapperPath);
-    } catch {
-      try {
-        execSync3(`sudo -n ln -s "${shieldExecPath}" "${wrapperPath}"`, {
-          stdio: "pipe",
-          timeout: 5e3
-        });
-      } catch (sudoErr) {
-        log.warn(`[command-sync] failed to create wrapper ${wrapperPath}: ${sudoErr.message}`);
-      }
-    }
-  }
-}
-function ensureWrappersInstalled(state, logger) {
-  const log = logger ?? noop2;
-  const agentUser = state.users.find((u) => u.type === "agent");
-  if (!agentUser) {
-    log.warn("[command-sync] no agent user in state, skipping wrapper installation");
-    return;
-  }
-  const agentBinDir = path5.join(agentUser.homeDir, "bin");
-  log.info(`[command-sync] ensuring wrappers in agent bin: ${agentBinDir}`);
-  installWrappersInDir(agentBinDir, log);
-  const agentHomeEnv = process.env["AGENSHIELD_AGENT_HOME"];
-  if (agentHomeEnv && agentHomeEnv !== agentUser.homeDir) {
-    const envBinDir = path5.join(agentHomeEnv, "bin");
-    log.info(`[command-sync] ensuring wrappers in env agent bin: ${envBinDir}`);
-    installWrappersInDir(envBinDir, log);
-  }
-}
-function syncCommandPoliciesAndWrappers(policies, state, logger) {
-  syncCommandPolicies(policies, logger);
-  ensureWrappersInstalled(state, logger);
-}
-
-// libs/shield-daemon/src/policy-sync.ts
-import * as fs6 from "node:fs";
-import * as path6 from "node:path";
-import { execSync as execSync4 } from "node:child_process";
-var noop3 = { warn() {
-}, info() {
-} };
-var BROKER_POLICIES_DIR = "/opt/agenshield/policies";
-var USER_POLICIES_FILE = path6.join(BROKER_POLICIES_DIR, "custom", "user-policies.json");
-var BROKER_TARGETS = /* @__PURE__ */ new Set(["url", "command", "skill"]);
-function normalizeUrlPatterns(pattern) {
-  let p = pattern.trim();
-  p = p.replace(/\/+$/, "");
-  if (!p.match(/^(\*|https?):\/\//i)) {
-    p = `https://${p}`;
-  }
-  if (p.endsWith("*")) {
-    const base = p.replace(/\/\*+$/, "");
-    if (base !== p) {
-      return [base, p];
-    }
-    return [p];
-  }
-  return [p, `${p}/**`];
-}
-function inferOperations(target) {
-  switch (target) {
-    case "url":
-      return ["http_request", "open_url"];
-    case "command":
-      return ["exec"];
-    case "skill":
-      return ["skill_install", "skill_uninstall"];
-    default:
-      return ["*"];
-  }
-}
-function toBrokerRule(policy) {
-  let patterns;
-  if (policy.target === "url") {
-    patterns = policy.patterns.flatMap(normalizeUrlPatterns);
-    patterns = [...new Set(patterns)];
-  } else {
-    patterns = [...policy.patterns];
-  }
-  return {
-    id: policy.id,
-    name: policy.name,
-    action: policy.action,
-    target: policy.target,
-    operations: policy.operations?.length ? [...policy.operations] : inferOperations(policy.target),
-    patterns,
-    enabled: policy.enabled,
-    priority: policy.priority ?? 0
-  };
-}
-function syncPoliciesToBrokerDir(policies, logger) {
-  const log = logger ?? noop3;
-  const applicable = policies.filter((p) => BROKER_TARGETS.has(p.target));
-  const rules = applicable.map(toBrokerRule);
-  const payload = { rules };
-  const json = JSON.stringify(payload, null, 2) + "\n";
-  try {
-    const dir = path6.dirname(USER_POLICIES_FILE);
-    if (!fs6.existsSync(dir)) {
-      fs6.mkdirSync(dir, { recursive: true });
-    }
-    fs6.writeFileSync(USER_POLICIES_FILE, json, "utf-8");
-    log.info(`[policy-sync] wrote ${rules.length} user policies to broker dir`);
-  } catch {
-    try {
-      execSync4(`sudo -n tee "${USER_POLICIES_FILE}" > /dev/null`, {
-        input: json,
-        stdio: ["pipe", "pipe", "pipe"],
-        timeout: 5e3
-      });
-      log.info(`[policy-sync] wrote ${rules.length} user policies to broker dir (via sudo)`);
-    } catch (sudoErr) {
-      log.warn(`[policy-sync] cannot write to ${USER_POLICIES_FILE} \u2014 fix with: sudo chmod 775 ${path6.dirname(USER_POLICIES_FILE)}`);
-      log.warn(`[policy-sync] error: ${sudoErr.message}`);
+  const allPaths = /* @__PURE__ */ new Set([...oldAclMap.keys(), ...newAclMap.keys()]);
+  for (const targetPath of allPaths) {
+    removeUserAcl(targetPath, userName, log);
+    const newPerms = newAclMap.get(targetPath);
+    if (newPerms) {
+      addUserAcl(targetPath, userName, newPerms, log);
     }
   }
 }
 
 // libs/shield-daemon/src/routes/config.ts
+init_command_sync();
+import { installShieldExec, createUserConfig } from "@agenshield/sandbox";
 async function configRoutes(app) {
   app.get("/config", async () => {
     const config = loadConfig();
@@ -980,12 +1100,11 @@ async function configRoutes(app) {
         const updated = updateConfig(request.body);
         if (request.body.policies) {
           const state = loadState();
-          const wsGroup = state.groups.find((g) => g.type === "workspace");
-          if (wsGroup) {
-            syncFilesystemPolicyAcls(oldPolicies, updated.policies, wsGroup.name, app.log);
+          const agentUser = state.users.find((u) => u.type === "agent");
+          if (agentUser) {
+            syncFilesystemPolicyAcls(oldPolicies, updated.policies, agentUser.username, app.log);
           }
           syncCommandPoliciesAndWrappers(updated.policies, state, app.log);
-          syncPoliciesToBrokerDir(updated.policies, app.log);
         }
         return {
           success: true,
@@ -1006,12 +1125,11 @@ async function configRoutes(app) {
     try {
       const oldConfig = loadConfig();
       const state = loadState();
-      const wsGroup = state.groups.find((g) => g.type === "workspace");
-      if (wsGroup) {
-        syncFilesystemPolicyAcls(oldConfig.policies, [], wsGroup.name, app.log);
+      const agentUser = state.users.find((u) => u.type === "agent");
+      if (agentUser) {
+        syncFilesystemPolicyAcls(oldConfig.policies, [], agentUser.username, app.log);
       }
       syncCommandPoliciesAndWrappers([], state, app.log);
-      syncPoliciesToBrokerDir([], app.log);
       saveConfig(getDefaultConfig());
       const vault = getVault();
       await vault.destroy();
@@ -1027,9 +1145,31 @@ async function configRoutes(app) {
       };
     }
   });
+  app.post("/config/install-wrappers", async () => {
+    try {
+      const state = loadState();
+      const agentUser = state.users.find((u) => u.type === "agent");
+      if (!agentUser) {
+        return { success: false, error: "No agent user found in state" };
+      }
+      const userConfig = createUserConfig();
+      const binDir = path6.join(agentUser.homeDir, "bin");
+      const result = await installShieldExec(userConfig, binDir);
+      return {
+        success: result.success,
+        installed: result.installed,
+        error: result.error
+      };
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Failed to install wrappers"
+      };
+    }
+  });
   app.get("/config/openclaw", async (_request, reply) => {
     const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-    const configDir = path7.join(agentHome, ".openclaw");
+    const configDir = path6.join(agentHome, ".openclaw");
     const configFiles = readConfigDir(configDir);
     return reply.send({ configDir, files: configFiles });
   });
@@ -1041,7 +1181,7 @@ async function configRoutes(app) {
         return reply.code(400).send({ error: "original query param required" });
       }
       const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-      const agentConfigDir = path7.join(agentHome, ".openclaw");
+      const agentConfigDir = path6.join(agentHome, ".openclaw");
       const diff = diffConfigDirs(original, agentConfigDir);
       return reply.send({ diff });
     }
@@ -1051,27 +1191,27 @@ var SKIP_DIRS = /* @__PURE__ */ new Set(["skills", "node_modules", ".git", "dist
 function readConfigDir(dir, base) {
   const result = {};
   const root = base ?? dir;
-  if (!fs7.existsSync(dir)) {
+  if (!fs6.existsSync(dir)) {
     return result;
   }
   let entries;
   try {
-    entries = fs7.readdirSync(dir, { withFileTypes: true });
+    entries = fs6.readdirSync(dir, { withFileTypes: true });
   } catch {
     return result;
   }
   for (const entry of entries) {
     if (entry.isDirectory()) {
       if (SKIP_DIRS.has(entry.name)) continue;
-      const sub = readConfigDir(path7.join(dir, entry.name), root);
+      const sub = readConfigDir(path6.join(dir, entry.name), root);
       Object.assign(result, sub);
     } else if (entry.isFile()) {
-      const ext = path7.extname(entry.name).toLowerCase();
+      const ext = path6.extname(entry.name).toLowerCase();
       if ([".json", ".yaml", ".yml", ".toml", ".txt", ".md", ".conf", ""].includes(ext)) {
-        const filePath = path7.join(dir, entry.name);
-        const relPath = path7.relative(root, filePath);
+        const filePath = path6.join(dir, entry.name);
+        const relPath = path6.relative(root, filePath);
         try {
-          result[relPath] = fs7.readFileSync(filePath, "utf-8");
+          result[relPath] = fs6.readFileSync(filePath, "utf-8");
         } catch {
         }
       }
@@ -1191,10 +1331,10 @@ function emitSecurityWarning(warning) {
 function emitSecurityCritical(issue) {
   daemonEvents.broadcast("security:critical", { message: issue });
 }
-function emitApiRequest(method, path20, statusCode, duration, requestBody, responseBody) {
+function emitApiRequest(method, path19, statusCode, duration, requestBody, responseBody) {
   daemonEvents.broadcast("api:request", {
     method,
-    path: path20,
+    path: path19,
     statusCode,
     duration,
     ...requestBody !== void 0 && { requestBody },
@@ -1237,6 +1377,7 @@ function emitEvent(type, data) {
 
 // libs/shield-daemon/src/auth/passcode.ts
 import * as crypto3 from "node:crypto";
+init_state();
 import { DEFAULT_AUTH_CONFIG as DEFAULT_AUTH_CONFIG2 } from "@agenshield/ipc";
 var ITERATIONS = 1e5;
 var KEY_LENGTH = 64;
@@ -1401,16 +1542,16 @@ var PROTECTED_ROUTES = [
   { method: "POST", path: "/api/config/factory-reset" },
   { method: "POST", path: "/api/skills/install" }
 ];
-function isProtectedRoute(method, path20) {
+function isProtectedRoute(method, path19) {
   return PROTECTED_ROUTES.some(
-    (route) => route.method === method && path20.startsWith(route.path)
+    (route) => route.method === method && path19.startsWith(route.path)
   );
 }
 function createAuthHook() {
   return async (request, reply) => {
     const method = request.method;
-    const path20 = request.url.split("?")[0];
-    if (!isProtectedRoute(method, path20)) {
+    const path19 = request.url.split("?")[0];
+    if (!isProtectedRoute(method, path19)) {
       return;
     }
     if (!isAuthenticated(request)) {
@@ -1917,6 +2058,9 @@ async function loggedFetch(url, init, context) {
   }
 }
 
+// libs/shield-daemon/src/routes/agenco.ts
+init_state();
+
 // libs/shield-daemon/src/mcp/client.ts
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
@@ -2242,8 +2386,8 @@ function getMCPState() {
 }
 
 // libs/shield-daemon/src/services/integration-skills.ts
-import * as fs9 from "node:fs";
-import * as path9 from "node:path";
+import * as fs8 from "node:fs";
+import * as path8 from "node:path";
 
 // libs/shield-skills/dist/index.js
 import * as path22 from "node:path";
@@ -2308,9 +2452,9 @@ var __skills_dirname = path22.dirname(fileURLToPath(import.meta.url));
 var BUILTIN_SKILLS_DIR = path22.resolve(__skills_dirname, "..", "skills");
 
 // libs/shield-daemon/src/watchers/skills.ts
-import * as fs8 from "node:fs";
-import * as path8 from "node:path";
-import { execSync as execSync5 } from "node:child_process";
+import * as fs7 from "node:fs";
+import * as path7 from "node:path";
+import { execSync as execSync4 } from "node:child_process";
 var APPROVED_SKILLS_PATH = "/opt/agenshield/config/approved-skills.json";
 var QUARANTINE_DIR = "/opt/agenshield/quarantine/skills";
 var DEBOUNCE_MS = 500;
@@ -2321,8 +2465,8 @@ var skillsDir = "";
 var callbacks = {};
 function loadApprovedSkills() {
   try {
-    if (fs8.existsSync(APPROVED_SKILLS_PATH)) {
-      const content = fs8.readFileSync(APPROVED_SKILLS_PATH, "utf-8");
+    if (fs7.existsSync(APPROVED_SKILLS_PATH)) {
+      const content = fs7.readFileSync(APPROVED_SKILLS_PATH, "utf-8");
       return JSON.parse(content);
     }
   } catch {
@@ -2331,10 +2475,10 @@ function loadApprovedSkills() {
 }
 function saveApprovedSkills(skills) {
   try {
-    const dir = path8.dirname(APPROVED_SKILLS_PATH);
-    fs8.mkdirSync(dir, { recursive: true });
+    const dir = path7.dirname(APPROVED_SKILLS_PATH);
+    fs7.mkdirSync(dir, { recursive: true });
     const content = JSON.stringify(skills, null, 2);
-    fs8.writeFileSync(APPROVED_SKILLS_PATH, content, "utf-8");
+    fs7.writeFileSync(APPROVED_SKILLS_PATH, content, "utf-8");
   } catch (err) {
     console.error("Failed to save approved skills:", err.message);
   }
@@ -2345,16 +2489,16 @@ function isApproved(skillName) {
 }
 function quarantineSkill(skillName, skillPath) {
   try {
-    const quarantinePath = path8.join(QUARANTINE_DIR, skillName);
-    if (!fs8.existsSync(QUARANTINE_DIR)) {
-      fs8.mkdirSync(QUARANTINE_DIR, { recursive: true, mode: 448 });
+    const quarantinePath = path7.join(QUARANTINE_DIR, skillName);
+    if (!fs7.existsSync(QUARANTINE_DIR)) {
+      fs7.mkdirSync(QUARANTINE_DIR, { recursive: true, mode: 448 });
     }
-    if (fs8.existsSync(quarantinePath)) {
-      fs8.rmSync(quarantinePath, { recursive: true, force: true });
+    if (fs7.existsSync(quarantinePath)) {
+      fs7.rmSync(quarantinePath, { recursive: true, force: true });
     }
-    execSync5(`mv "${skillPath}" "${quarantinePath}"`, { stdio: "pipe" });
-    execSync5(`chown -R root:wheel "${quarantinePath}"`, { stdio: "pipe" });
-    execSync5(`chmod -R 700 "${quarantinePath}"`, { stdio: "pipe" });
+    execSync4(`mv "${skillPath}" "${quarantinePath}"`, { stdio: "pipe" });
+    execSync4(`chown -R root:wheel "${quarantinePath}"`, { stdio: "pipe" });
+    execSync4(`chmod -R 700 "${quarantinePath}"`, { stdio: "pipe" });
     const info = {
       name: skillName,
       quarantinedAt: (/* @__PURE__ */ new Date()).toISOString(),
@@ -2369,16 +2513,16 @@ function quarantineSkill(skillName, skillPath) {
   }
 }
 function scanSkills() {
-  if (!skillsDir || !fs8.existsSync(skillsDir)) {
+  if (!skillsDir || !fs7.existsSync(skillsDir)) {
     return;
   }
   try {
-    const entries = fs8.readdirSync(skillsDir, { withFileTypes: true });
+    const entries = fs7.readdirSync(skillsDir, { withFileTypes: true });
     for (const entry of entries) {
       if (!entry.isDirectory()) continue;
       const skillName = entry.name;
       if (!isApproved(skillName)) {
-        const fullPath = path8.join(skillsDir, skillName);
+        const fullPath = path7.join(skillsDir, skillName);
         const info = quarantineSkill(skillName, fullPath);
         if (info && callbacks.onQuarantined) {
           callbacks.onQuarantined(info);
@@ -2411,8 +2555,8 @@ function startSkillsWatcher(watchDir, cbs = {}, pollIntervalMs = 3e4) {
   callbacks = cbs;
   scanSkills();
   try {
-    if (fs8.existsSync(skillsDir)) {
-      watcher = fs8.watch(skillsDir, { persistent: false }, handleFsEvent);
+    if (fs7.existsSync(skillsDir)) {
+      watcher = fs7.watch(skillsDir, { persistent: false }, handleFsEvent);
       watcher.on("error", (err) => {
         console.warn("[SkillsWatcher] fs.watch error, falling back to polling:", err.message);
         watcher?.close();
@@ -2444,9 +2588,9 @@ function stopSkillsWatcher() {
 }
 function approveSkill(skillName) {
   try {
-    const quarantinedPath = path8.join(QUARANTINE_DIR, skillName);
-    const destPath = path8.join(skillsDir, skillName);
-    if (!fs8.existsSync(quarantinedPath)) {
+    const quarantinedPath = path7.join(QUARANTINE_DIR, skillName);
+    const destPath = path7.join(skillsDir, skillName);
+    if (!fs7.existsSync(quarantinedPath)) {
       return { success: false, error: `Skill "${skillName}" not found in quarantine` };
     }
     const approved = loadApprovedSkills();
@@ -2457,9 +2601,9 @@ function approveSkill(skillName) {
       });
       saveApprovedSkills(approved);
     }
-    execSync5(`mv "${quarantinedPath}" "${destPath}"`, { stdio: "pipe" });
-    execSync5(`chown -R root:wheel "${destPath}"`, { stdio: "pipe" });
-    execSync5(`chmod -R a+rX,go-w "${destPath}"`, { stdio: "pipe" });
+    execSync4(`mv "${quarantinedPath}" "${destPath}"`, { stdio: "pipe" });
+    execSync4(`chown -R root:wheel "${destPath}"`, { stdio: "pipe" });
+    execSync4(`chmod -R a+rX,go-w "${destPath}"`, { stdio: "pipe" });
     if (callbacks.onApproved) {
       callbacks.onApproved(skillName);
     }
@@ -2471,11 +2615,11 @@ function approveSkill(skillName) {
 }
 function rejectSkill(skillName) {
   try {
-    const quarantinedPath = path8.join(QUARANTINE_DIR, skillName);
-    if (!fs8.existsSync(quarantinedPath)) {
+    const quarantinedPath = path7.join(QUARANTINE_DIR, skillName);
+    if (!fs7.existsSync(quarantinedPath)) {
       return { success: false, error: `Skill "${skillName}" not found in quarantine` };
     }
-    fs8.rmSync(quarantinedPath, { recursive: true, force: true });
+    fs7.rmSync(quarantinedPath, { recursive: true, force: true });
     console.log(`[SkillsWatcher] Rejected and deleted skill: ${skillName}`);
     return { success: true };
   } catch (err) {
@@ -2487,8 +2631,8 @@ function revokeSkill(skillName) {
     const approved = loadApprovedSkills();
     const filtered = approved.filter((s) => s.name !== skillName);
     saveApprovedSkills(filtered);
-    const skillPath = path8.join(skillsDir, skillName);
-    if (fs8.existsSync(skillPath)) {
+    const skillPath = path7.join(skillsDir, skillName);
+    if (fs7.existsSync(skillPath)) {
       quarantineSkill(skillName, skillPath);
     }
     console.log(`[SkillsWatcher] Revoked approval for skill: ${skillName}`);
@@ -2500,17 +2644,17 @@ function revokeSkill(skillName) {
 function listQuarantined() {
   const results = [];
   try {
-    if (!fs8.existsSync(QUARANTINE_DIR)) {
+    if (!fs7.existsSync(QUARANTINE_DIR)) {
       return results;
     }
-    const entries = fs8.readdirSync(QUARANTINE_DIR, { withFileTypes: true });
+    const entries = fs7.readdirSync(QUARANTINE_DIR, { withFileTypes: true });
     for (const entry of entries) {
       if (entry.isDirectory()) {
-        const stat = fs8.statSync(path8.join(QUARANTINE_DIR, entry.name));
+        const stat = fs7.statSync(path7.join(QUARANTINE_DIR, entry.name));
         results.push({
           name: entry.name,
           quarantinedAt: stat.mtime.toISOString(),
-          originalPath: path8.join(skillsDir, entry.name),
+          originalPath: path7.join(skillsDir, entry.name),
           reason: "Skill not in approved list"
         });
       }
@@ -2550,15 +2694,15 @@ function removeFromApprovedList(skillName) {
 // libs/shield-daemon/src/services/integration-skills.ts
 var AGENCO_SKILL_NAME = "agenco-secure-integrations";
 function copyDirSync(src, dest) {
-  fs9.mkdirSync(dest, { recursive: true });
-  const entries = fs9.readdirSync(src, { withFileTypes: true });
+  fs8.mkdirSync(dest, { recursive: true });
+  const entries = fs8.readdirSync(src, { withFileTypes: true });
   for (const entry of entries) {
-    const srcPath = path9.join(src, entry.name);
-    const destPath = path9.join(dest, entry.name);
+    const srcPath = path8.join(src, entry.name);
+    const destPath = path8.join(dest, entry.name);
     if (entry.isDirectory()) {
       copyDirSync(srcPath, destPath);
     } else {
-      fs9.copyFileSync(srcPath, destPath);
+      fs8.copyFileSync(srcPath, destPath);
     }
   }
 }
@@ -2568,9 +2712,9 @@ async function provisionAgenCoSkill() {
     console.warn("[IntegrationSkills] Skills directory not configured \u2014 skipping provision");
     return { installed: false };
   }
-  const destDir = path9.join(skillsDir2, AGENCO_SKILL_NAME);
-  const srcDir = path9.join(BUILTIN_SKILLS_DIR, AGENCO_SKILL_NAME);
-  if (fs9.existsSync(destDir)) {
+  const destDir = path8.join(skillsDir2, AGENCO_SKILL_NAME);
+  const srcDir = path8.join(BUILTIN_SKILLS_DIR, AGENCO_SKILL_NAME);
+  if (fs8.existsSync(destDir)) {
     return { installed: false };
   }
   try {
@@ -2581,8 +2725,8 @@ async function provisionAgenCoSkill() {
   } catch (err) {
     console.error(`[IntegrationSkills] Failed to install "${AGENCO_SKILL_NAME}":`, err.message);
     try {
-      if (fs9.existsSync(destDir)) {
-        fs9.rmSync(destDir, { recursive: true, force: true });
+      if (fs8.existsSync(destDir)) {
+        fs8.rmSync(destDir, { recursive: true, force: true });
       }
       removeFromApprovedList(AGENCO_SKILL_NAME);
     } catch {
@@ -2597,12 +2741,12 @@ async function provisionIntegrationSkill(integrationSlug) {
     return { installed: false };
   }
   const skillName = `integration-${integrationSlug}`;
-  const destDir = path9.join(skillsDir2, skillName);
-  const srcDir = path9.join(BUILTIN_SKILLS_DIR, skillName);
-  if (fs9.existsSync(destDir)) {
+  const destDir = path8.join(skillsDir2, skillName);
+  const srcDir = path8.join(BUILTIN_SKILLS_DIR, skillName);
+  if (fs8.existsSync(destDir)) {
     return { installed: false };
   }
-  if (!fs9.existsSync(srcDir)) {
+  if (!fs8.existsSync(srcDir)) {
     return { installed: false };
   }
   try {
@@ -2613,8 +2757,8 @@ async function provisionIntegrationSkill(integrationSlug) {
   } catch (err) {
     console.error(`[IntegrationSkills] Failed to install "${skillName}":`, err.message);
     try {
-      if (fs9.existsSync(destDir)) {
-        fs9.rmSync(destDir, { recursive: true, force: true });
+      if (fs8.existsSync(destDir)) {
+        fs8.rmSync(destDir, { recursive: true, force: true });
       }
       removeFromApprovedList(skillName);
     } catch {
@@ -5137,15 +5281,15 @@ async function agencoRoutes(app) {
 }
 
 // libs/shield-daemon/src/routes/skills.ts
-import * as fs14 from "node:fs";
-import * as path14 from "node:path";
-import { execSync as execSync9 } from "node:child_process";
+import * as fs13 from "node:fs";
+import * as path13 from "node:path";
+import { execSync as execSync8 } from "node:child_process";
 import { parseSkillMd } from "@agenshield/sandbox";
 
 // libs/shield-daemon/src/services/skill-analyzer.ts
-import * as fs10 from "node:fs";
-import * as path10 from "node:path";
-import { execSync as execSync6 } from "node:child_process";
+import * as fs9 from "node:fs";
+import * as path9 from "node:path";
+import { execSync as execSync5 } from "node:child_process";
 var ANALYSIS_CACHE_PATH = "/opt/agenshield/config/skill-analyses.json";
 var COMMAND_PATTERNS = [
   // Bash-style: command at start of line or after pipe/semicolon
@@ -5206,8 +5350,8 @@ var IGNORE_WORDS = /* @__PURE__ */ new Set([
 ]);
 function loadCache() {
   try {
-    if (fs10.existsSync(ANALYSIS_CACHE_PATH)) {
-      return JSON.parse(fs10.readFileSync(ANALYSIS_CACHE_PATH, "utf-8"));
+    if (fs9.existsSync(ANALYSIS_CACHE_PATH)) {
+      return JSON.parse(fs9.readFileSync(ANALYSIS_CACHE_PATH, "utf-8"));
     }
   } catch {
   }
@@ -5215,18 +5359,18 @@ function loadCache() {
 }
 function saveCache(cache3) {
   try {
-    const dir = path10.dirname(ANALYSIS_CACHE_PATH);
-    if (!fs10.existsSync(dir)) {
-      fs10.mkdirSync(dir, { recursive: true });
+    const dir = path9.dirname(ANALYSIS_CACHE_PATH);
+    if (!fs9.existsSync(dir)) {
+      fs9.mkdirSync(dir, { recursive: true });
     }
-    fs10.writeFileSync(ANALYSIS_CACHE_PATH, JSON.stringify(cache3, null, 2) + "\n", "utf-8");
+    fs9.writeFileSync(ANALYSIS_CACHE_PATH, JSON.stringify(cache3, null, 2) + "\n", "utf-8");
   } catch (err) {
     console.error("[SkillAnalyzer] Failed to save cache:", err.message);
   }
 }
 function resolveCommand(name) {
   try {
-    const result = execSync6(`which ${name} 2>/dev/null`, { encoding: "utf-8" }).trim();
+    const result = execSync5(`which ${name} 2>/dev/null`, { encoding: "utf-8" }).trim();
     return result || void 0;
   } catch {
     return void 0;
@@ -5361,33 +5505,33 @@ function clearCachedAnalysis(skillName) {
 }
 
 // libs/shield-daemon/src/services/skill-lifecycle.ts
-import * as fs11 from "node:fs";
-import * as path11 from "node:path";
-import { execSync as execSync7 } from "node:child_process";
+import * as fs10 from "node:fs";
+import * as path10 from "node:path";
+import { execSync as execSync6 } from "node:child_process";
 function createSkillWrapper(name, binDir) {
-  if (!fs11.existsSync(binDir)) {
-    fs11.mkdirSync(binDir, { recursive: true });
+  if (!fs10.existsSync(binDir)) {
+    fs10.mkdirSync(binDir, { recursive: true });
   }
-  const wrapperPath = path11.join(binDir, name);
+  const wrapperPath = path10.join(binDir, name);
   const wrapperContent = `#!/bin/bash
 # ${name} skill wrapper - policy-enforced execution
 # Ensure accessible working directory
 if ! /bin/pwd > /dev/null 2>&1; then cd ~ 2>/dev/null || cd /; fi
 exec /opt/agenshield/bin/shield-client skill run "${name}" "$@"
 `;
-  fs11.writeFileSync(wrapperPath, wrapperContent, { mode: 493 });
+  fs10.writeFileSync(wrapperPath, wrapperContent, { mode: 493 });
   const socketGroup = process.env["AGENSHIELD_SOCKET_GROUP"] || "clawshield";
   try {
-    execSync7(`chown root:${socketGroup} "${wrapperPath}"`, { stdio: "pipe" });
-    execSync7(`chmod 755 "${wrapperPath}"`, { stdio: "pipe" });
+    execSync6(`chown root:${socketGroup} "${wrapperPath}"`, { stdio: "pipe" });
+    execSync6(`chmod 755 "${wrapperPath}"`, { stdio: "pipe" });
   } catch {
   }
 }
 function removeSkillWrapper(name, binDir) {
-  const wrapperPath = path11.join(binDir, name);
+  const wrapperPath = path10.join(binDir, name);
   try {
-    if (fs11.existsSync(wrapperPath)) {
-      fs11.unlinkSync(wrapperPath);
+    if (fs10.existsSync(wrapperPath)) {
+      fs10.unlinkSync(wrapperPath);
     }
   } catch {
   }
@@ -5420,18 +5564,18 @@ function removeSkillPolicy(name) {
 }
 
 // libs/shield-daemon/src/services/openclaw-config.ts
-import * as fs12 from "node:fs";
-import * as path12 from "node:path";
-import { execSync as execSync8 } from "node:child_process";
+import * as fs11 from "node:fs";
+import * as path11 from "node:path";
+import { execSync as execSync7 } from "node:child_process";
 function getOpenClawConfigPath() {
   const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-  return path12.join(agentHome, ".openclaw", "openclaw.json");
+  return path11.join(agentHome, ".openclaw", "openclaw.json");
 }
 function readConfig() {
   const configPath = getOpenClawConfigPath();
   try {
-    if (fs12.existsSync(configPath)) {
-      return JSON.parse(fs12.readFileSync(configPath, "utf-8"));
+    if (fs11.existsSync(configPath)) {
+      return JSON.parse(fs11.readFileSync(configPath, "utf-8"));
     }
   } catch {
     console.warn("[OpenClawConfig] Failed to read openclaw.json, starting fresh");
@@ -5440,14 +5584,14 @@ function readConfig() {
 }
 function writeConfig(config) {
   const configPath = getOpenClawConfigPath();
-  fs12.mkdirSync(path12.dirname(configPath), { recursive: true });
-  fs12.writeFileSync(configPath, JSON.stringify(config, null, 2), "utf-8");
+  fs11.mkdirSync(path11.dirname(configPath), { recursive: true });
+  fs11.writeFileSync(configPath, JSON.stringify(config, null, 2), "utf-8");
   const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-  const brokerUser = path12.basename(agentHome) + "_broker";
+  const brokerUser = path11.basename(agentHome) + "_broker";
   const socketGroup = process.env["AGENSHIELD_SOCKET_GROUP"] || "clawshield";
   try {
-    execSync8(`chown ${brokerUser}:${socketGroup} "${configPath}"`, { stdio: "pipe" });
-    execSync8(`chmod 664 "${configPath}"`, { stdio: "pipe" });
+    execSync7(`chown ${brokerUser}:${socketGroup} "${configPath}"`, { stdio: "pipe" });
+    execSync7(`chmod 664 "${configPath}"`, { stdio: "pipe" });
   } catch {
   }
 }
@@ -5476,8 +5620,8 @@ function removeSkillEntry(slug) {
 }
 
 // libs/shield-daemon/src/services/marketplace.ts
-import * as fs13 from "node:fs";
-import * as path13 from "node:path";
+import * as fs12 from "node:fs";
+import * as path12 from "node:path";
 import * as os4 from "node:os";
 import { CONFIG_DIR as CONFIG_DIR2, MARKETPLACE_DIR } from "@agenshield/ipc";
 var cache = /* @__PURE__ */ new Map();
@@ -5501,35 +5645,35 @@ var ANALYSIS_TIMEOUT = 4 * 6e4;
 var SEARCH_CACHE_TTL = 6e4;
 var DETAIL_CACHE_TTL = 5 * 6e4;
 var SHORT_TIMEOUT = 1e4;
-async function convexAction(path20, args, timeout) {
+async function convexAction(path19, args, timeout) {
   const res = await fetch(`${CONVEX_BASE}/api/action`, {
     method: "POST",
     signal: AbortSignal.timeout(timeout),
     headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ path: path20, args, format: "json" })
+    body: JSON.stringify({ path: path19, args, format: "json" })
   });
   if (!res.ok) {
-    throw new Error(`Convex action ${path20} returned ${res.status}`);
+    throw new Error(`Convex action ${path19} returned ${res.status}`);
   }
   const body = await res.json();
   if (body.status === "error") {
-    throw new Error(`Convex action ${path20}: ${body.errorMessage ?? "unknown error"}`);
+    throw new Error(`Convex action ${path19}: ${body.errorMessage ?? "unknown error"}`);
   }
   return body.value;
 }
-async function convexQuery(path20, args, timeout) {
+async function convexQuery(path19, args, timeout) {
   const res = await fetch(`${CONVEX_BASE}/api/query`, {
     method: "POST",
     signal: AbortSignal.timeout(timeout),
     headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ path: path20, args, format: "json" })
+    body: JSON.stringify({ path: path19, args, format: "json" })
   });
   if (!res.ok) {
-    throw new Error(`Convex query ${path20} returned ${res.status}`);
+    throw new Error(`Convex query ${path19} returned ${res.status}`);
   }
   const body = await res.json();
   if (body.status === "error") {
-    throw new Error(`Convex query ${path20}: ${body.errorMessage ?? "unknown error"}`);
+    throw new Error(`Convex query ${path19}: ${body.errorMessage ?? "unknown error"}`);
   }
   return body.value;
 }
@@ -5590,7 +5734,7 @@ function isImageExt(filePath) {
 }
 var MAX_IMAGE_SIZE = 5e5;
 function getMarketplaceDir() {
-  return path13.join(os4.homedir(), CONFIG_DIR2, MARKETPLACE_DIR);
+  return path12.join(os4.homedir(), CONFIG_DIR2, MARKETPLACE_DIR);
 }
 async function downloadAndExtractZip(slug) {
   const url = `${CLAWHUB_DOWNLOAD_BASE}/download?slug=${encodeURIComponent(slug)}`;
@@ -5628,39 +5772,39 @@ async function downloadAndExtractZip(slug) {
   return files;
 }
 function storeDownloadedSkill(slug, meta, files) {
-  const dir = path13.join(getMarketplaceDir(), slug);
-  const filesDir = path13.join(dir, "files");
-  fs13.mkdirSync(filesDir, { recursive: true });
+  const dir = path12.join(getMarketplaceDir(), slug);
+  const filesDir = path12.join(dir, "files");
+  fs12.mkdirSync(filesDir, { recursive: true });
   const fullMeta = { ...meta, downloadedAt: (/* @__PURE__ */ new Date()).toISOString() };
-  fs13.writeFileSync(path13.join(dir, "metadata.json"), JSON.stringify(fullMeta, null, 2), "utf-8");
+  fs12.writeFileSync(path12.join(dir, "metadata.json"), JSON.stringify(fullMeta, null, 2), "utf-8");
   for (const file of files) {
-    const filePath = path13.join(filesDir, file.name);
-    fs13.mkdirSync(path13.dirname(filePath), { recursive: true });
-    fs13.writeFileSync(filePath, file.content, "utf-8");
+    const filePath = path12.join(filesDir, file.name);
+    fs12.mkdirSync(path12.dirname(filePath), { recursive: true });
+    fs12.writeFileSync(filePath, file.content, "utf-8");
   }
   console.log(`[Marketplace] Stored ${files.length} files for ${slug}`);
 }
 function updateDownloadedAnalysis(slug, analysis) {
-  const metaPath = path13.join(getMarketplaceDir(), slug, "metadata.json");
+  const metaPath = path12.join(getMarketplaceDir(), slug, "metadata.json");
   try {
-    if (!fs13.existsSync(metaPath)) return;
-    const meta = JSON.parse(fs13.readFileSync(metaPath, "utf-8"));
+    if (!fs12.existsSync(metaPath)) return;
+    const meta = JSON.parse(fs12.readFileSync(metaPath, "utf-8"));
     meta.analysis = analysis;
-    fs13.writeFileSync(metaPath, JSON.stringify(meta, null, 2), "utf-8");
+    fs12.writeFileSync(metaPath, JSON.stringify(meta, null, 2), "utf-8");
   } catch {
   }
 }
 function listDownloadedSkills() {
   const baseDir = getMarketplaceDir();
-  if (!fs13.existsSync(baseDir)) return [];
+  if (!fs12.existsSync(baseDir)) return [];
   const results = [];
   try {
-    const entries = fs13.readdirSync(baseDir, { withFileTypes: true });
+    const entries = fs12.readdirSync(baseDir, { withFileTypes: true });
     for (const entry of entries) {
       if (!entry.isDirectory()) continue;
-      const metaPath = path13.join(baseDir, entry.name, "metadata.json");
+      const metaPath = path12.join(baseDir, entry.name, "metadata.json");
       try {
-        const meta = JSON.parse(fs13.readFileSync(metaPath, "utf-8"));
+        const meta = JSON.parse(fs12.readFileSync(metaPath, "utf-8"));
         results.push({
           slug: meta.slug,
           name: meta.name,
@@ -5677,17 +5821,17 @@ function listDownloadedSkills() {
   return results;
 }
 function getDownloadedSkillFiles(slug) {
-  const filesDir = path13.join(getMarketplaceDir(), slug, "files");
-  if (!fs13.existsSync(filesDir)) return [];
+  const filesDir = path12.join(getMarketplaceDir(), slug, "files");
+  if (!fs12.existsSync(filesDir)) return [];
   const files = [];
   function walk(dir, prefix) {
-    const entries = fs13.readdirSync(dir, { withFileTypes: true });
+    const entries = fs12.readdirSync(dir, { withFileTypes: true });
     for (const entry of entries) {
       const rel = prefix ? `${prefix}/${entry.name}` : entry.name;
       if (entry.isDirectory()) {
-        walk(path13.join(dir, entry.name), rel);
+        walk(path12.join(dir, entry.name), rel);
       } else {
-        const content = fs13.readFileSync(path13.join(dir, entry.name), "utf-8");
+        const content = fs12.readFileSync(path12.join(dir, entry.name), "utf-8");
         files.push({ name: rel, type: guessContentType(entry.name), content });
       }
     }
@@ -5696,10 +5840,10 @@ function getDownloadedSkillFiles(slug) {
   return files;
 }
 function getDownloadedSkillMeta(slug) {
-  const metaPath = path13.join(getMarketplaceDir(), slug, "metadata.json");
+  const metaPath = path12.join(getMarketplaceDir(), slug, "metadata.json");
   try {
-    if (fs13.existsSync(metaPath)) {
-      return JSON.parse(fs13.readFileSync(metaPath, "utf-8"));
+    if (fs12.existsSync(metaPath)) {
+      return JSON.parse(fs12.readFileSync(metaPath, "utf-8"));
     }
   } catch {
   }
@@ -6236,13 +6380,13 @@ function findSkillMdRecursive(dir, depth = 0) {
   if (depth > 3) return null;
   try {
     for (const name of ["SKILL.md", "skill.md", "README.md", "readme.md"]) {
-      const candidate = path14.join(dir, name);
-      if (fs14.existsSync(candidate)) return candidate;
+      const candidate = path13.join(dir, name);
+      if (fs13.existsSync(candidate)) return candidate;
     }
-    const entries = fs14.readdirSync(dir, { withFileTypes: true });
+    const entries = fs13.readdirSync(dir, { withFileTypes: true });
     for (const entry of entries) {
       if (!entry.isDirectory()) continue;
-      const found = findSkillMdRecursive(path14.join(dir, entry.name), depth + 1);
+      const found = findSkillMdRecursive(path13.join(dir, entry.name), depth + 1);
       if (found) return found;
     }
   } catch {
@@ -6253,7 +6397,7 @@ function readSkillDescription(skillDir) {
   try {
     const mdPath = findSkillMdRecursive(skillDir);
     if (!mdPath) return void 0;
-    const content = fs14.readFileSync(mdPath, "utf-8");
+    const content = fs13.readFileSync(mdPath, "utf-8");
     const parsed = parseSkillMd(content);
     return parsed?.metadata?.description ?? void 0;
   } catch {
@@ -6272,7 +6416,7 @@ async function skillsRoutes(app) {
     let onDiskNames = [];
     if (skillsDir2) {
       try {
-        onDiskNames = fs14.readdirSync(skillsDir2, { withFileTypes: true }).filter((d) => d.isDirectory()).map((d) => d.name);
+        onDiskNames = fs13.readdirSync(skillsDir2, { withFileTypes: true }).filter((d) => d.isDirectory()).map((d) => d.name);
       } catch {
       }
     }
@@ -6285,9 +6429,9 @@ async function skillsRoutes(app) {
         name: a.name,
         source: "user",
         status: "active",
-        path: path14.join(skillsDir2 ?? "", a.name),
+        path: path13.join(skillsDir2 ?? "", a.name),
         publisher: a.publisher,
-        description: skillsDir2 ? readSkillDescription(path14.join(skillsDir2, a.name)) : void 0
+        description: skillsDir2 ? readSkillDescription(path13.join(skillsDir2, a.name)) : void 0
       })),
       // Quarantined
       ...quarantined.map((q) => ({
@@ -6302,8 +6446,8 @@ async function skillsRoutes(app) {
         name,
         source: "workspace",
         status: "workspace",
-        path: path14.join(skillsDir2 ?? "", name),
-        description: skillsDir2 ? readSkillDescription(path14.join(skillsDir2, name)) : void 0
+        path: path13.join(skillsDir2 ?? "", name),
+        description: skillsDir2 ? readSkillDescription(path13.join(skillsDir2, name)) : void 0
       })),
       // Downloaded (not installed) → available
       ...availableDownloads.map((d) => ({
@@ -6344,20 +6488,20 @@ async function skillsRoutes(app) {
       } else if (entry) {
         source = "user";
         status = "active";
-        skillPath = skillsDir2 ? path14.join(skillsDir2, name) : "";
+        skillPath = skillsDir2 ? path13.join(skillsDir2, name) : "";
       } else if (skillsDir2) {
         source = "workspace";
         status = "workspace";
-        skillPath = path14.join(skillsDir2, name);
+        skillPath = path13.join(skillsDir2, name);
       }
       let content = "";
       let metadata;
-      const dirToRead = skillPath || (skillsDir2 ? path14.join(skillsDir2, name) : "");
+      const dirToRead = skillPath || (skillsDir2 ? path13.join(skillsDir2, name) : "");
       if (dirToRead) {
         try {
           const mdPath = findSkillMdRecursive(dirToRead);
           if (mdPath) {
-            content = fs14.readFileSync(mdPath, "utf-8");
+            content = fs13.readFileSync(mdPath, "utf-8");
             const parsed = parseSkillMd(content);
             metadata = parsed?.metadata;
           }
@@ -6486,10 +6630,10 @@ async function skillsRoutes(app) {
         return reply.code(500).send({ error: "Skills directory not configured" });
       }
       const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-      const binDir = path14.join(agentHome, "bin");
+      const binDir = path13.join(agentHome, "bin");
       const socketGroup = process.env["AGENSHIELD_SOCKET_GROUP"] || "clawshield";
-      const skillDir = path14.join(skillsDir2, name);
-      const isInstalled = fs14.existsSync(skillDir);
+      const skillDir = path13.join(skillsDir2, name);
+      const isInstalled = fs13.existsSync(skillDir);
       if (isInstalled) {
         try {
           const brokerAvailable = await isBrokerAvailable();
@@ -6499,7 +6643,7 @@ async function skillsRoutes(app) {
               agentHome
             });
           } else {
-            fs14.rmSync(skillDir, { recursive: true, force: true });
+            fs13.rmSync(skillDir, { recursive: true, force: true });
             removeSkillWrapper(name, binDir);
           }
           removeSkillEntry(name);
@@ -6533,15 +6677,15 @@ async function skillsRoutes(app) {
               throw new Error("Broker failed to install skill files");
             }
           } else {
-            fs14.mkdirSync(skillDir, { recursive: true });
+            fs13.mkdirSync(skillDir, { recursive: true });
             for (const file of files) {
-              const filePath = path14.join(skillDir, file.name);
-              fs14.mkdirSync(path14.dirname(filePath), { recursive: true });
-              fs14.writeFileSync(filePath, file.content, "utf-8");
+              const filePath = path13.join(skillDir, file.name);
+              fs13.mkdirSync(path13.dirname(filePath), { recursive: true });
+              fs13.writeFileSync(filePath, file.content, "utf-8");
             }
             try {
-              execSync9(`chown -R root:${socketGroup} "${skillDir}"`, { stdio: "pipe" });
-              execSync9(`chmod -R a+rX,go-w "${skillDir}"`, { stdio: "pipe" });
+              execSync8(`chown -R root:${socketGroup} "${skillDir}"`, { stdio: "pipe" });
+              execSync8(`chmod -R a+rX,go-w "${skillDir}"`, { stdio: "pipe" });
             } catch {
             }
             createSkillWrapper(name, binDir);
@@ -6552,8 +6696,8 @@ async function skillsRoutes(app) {
           return reply.send({ success: true, action: "enabled", name });
         } catch (err) {
           try {
-            if (fs14.existsSync(skillDir)) {
-              fs14.rmSync(skillDir, { recursive: true, force: true });
+            if (fs13.existsSync(skillDir)) {
+              fs13.rmSync(skillDir, { recursive: true, force: true });
             }
             removeFromApprovedList(name);
           } catch {
@@ -6591,20 +6735,20 @@ async function skillsRoutes(app) {
         return reply.code(500).send({ error: "Skills directory not configured" });
       }
       const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-      const binDir = path14.join(agentHome, "bin");
+      const binDir = path13.join(agentHome, "bin");
       const socketGroup = process.env["AGENSHIELD_SOCKET_GROUP"] || "clawshield";
-      const skillDir = path14.join(skillsDir2, name);
+      const skillDir = path13.join(skillsDir2, name);
       try {
         addToApprovedList(name, publisher);
-        fs14.mkdirSync(skillDir, { recursive: true });
+        fs13.mkdirSync(skillDir, { recursive: true });
         for (const file of files) {
-          const filePath = path14.join(skillDir, file.name);
-          fs14.mkdirSync(path14.dirname(filePath), { recursive: true });
-          fs14.writeFileSync(filePath, file.content, "utf-8");
+          const filePath = path13.join(skillDir, file.name);
+          fs13.mkdirSync(path13.dirname(filePath), { recursive: true });
+          fs13.writeFileSync(filePath, file.content, "utf-8");
         }
         try {
-          execSync9(`chown -R root:${socketGroup} "${skillDir}"`, { stdio: "pipe" });
-          execSync9(`chmod -R a+rX,go-w "${skillDir}"`, { stdio: "pipe" });
+          execSync8(`chown -R root:${socketGroup} "${skillDir}"`, { stdio: "pipe" });
+          execSync8(`chmod -R a+rX,go-w "${skillDir}"`, { stdio: "pipe" });
         } catch {
         }
         createSkillWrapper(name, binDir);
@@ -6612,8 +6756,8 @@ async function skillsRoutes(app) {
         return reply.send({ success: true, name, analysis });
       } catch (err) {
         try {
-          if (fs14.existsSync(skillDir)) {
-            fs14.rmSync(skillDir, { recursive: true, force: true });
+          if (fs13.existsSync(skillDir)) {
+            fs13.rmSync(skillDir, { recursive: true, force: true });
           }
           removeFromApprovedList(name);
         } catch {
@@ -6628,8 +6772,8 @@ async function skillsRoutes(app) {
 }
 
 // libs/shield-daemon/src/routes/exec.ts
-import * as fs15 from "node:fs";
-import * as path15 from "node:path";
+import * as fs14 from "node:fs";
+import * as path14 from "node:path";
 var ALLOWED_COMMANDS_PATH2 = "/opt/agenshield/config/allowed-commands.json";
 var BIN_DIRS = [
   "/usr/bin",
@@ -6642,22 +6786,22 @@ var binCache = null;
 var BIN_CACHE_TTL = 6e4;
 var VALID_NAME = /^[a-zA-Z0-9_-]+$/;
 function loadConfig2() {
-  if (!fs15.existsSync(ALLOWED_COMMANDS_PATH2)) {
+  if (!fs14.existsSync(ALLOWED_COMMANDS_PATH2)) {
     return { version: "1.0.0", commands: [] };
   }
   try {
-    const content = fs15.readFileSync(ALLOWED_COMMANDS_PATH2, "utf-8");
+    const content = fs14.readFileSync(ALLOWED_COMMANDS_PATH2, "utf-8");
     return JSON.parse(content);
   } catch {
     return { version: "1.0.0", commands: [] };
   }
 }
 function saveConfig2(config) {
-  const dir = path15.dirname(ALLOWED_COMMANDS_PATH2);
-  if (!fs15.existsSync(dir)) {
-    fs15.mkdirSync(dir, { recursive: true });
+  const dir = path14.dirname(ALLOWED_COMMANDS_PATH2);
+  if (!fs14.existsSync(dir)) {
+    fs14.mkdirSync(dir, { recursive: true });
   }
-  fs15.writeFileSync(ALLOWED_COMMANDS_PATH2, JSON.stringify(config, null, 2) + "\n", "utf-8");
+  fs14.writeFileSync(ALLOWED_COMMANDS_PATH2, JSON.stringify(config, null, 2) + "\n", "utf-8");
 }
 function scanSystemBins() {
   const pathDirs = (process.env.PATH ?? "").split(":").filter(Boolean);
@@ -6666,13 +6810,13 @@ function scanSystemBins() {
   const results = [];
   for (const dir of allDirs) {
     try {
-      if (!fs15.existsSync(dir)) continue;
-      const entries = fs15.readdirSync(dir);
+      if (!fs14.existsSync(dir)) continue;
+      const entries = fs14.readdirSync(dir);
       for (const entry of entries) {
         if (seen.has(entry)) continue;
-        const fullPath = path15.join(dir, entry);
+        const fullPath = path14.join(dir, entry);
         try {
-          const stat = fs15.statSync(fullPath);
+          const stat = fs14.statSync(fullPath);
           if (stat.isFile() && (stat.mode & 73) !== 0) {
             seen.add(entry);
             results.push({ name: entry, path: fullPath });
@@ -6725,7 +6869,7 @@ async function execRoutes(app) {
       };
     }
     for (const p of paths) {
-      if (!path15.isAbsolute(p)) {
+      if (!path14.isAbsolute(p)) {
         return {
           success: false,
           error: {
@@ -7152,8 +7296,8 @@ async function secretsRoutes(app) {
 }
 
 // libs/shield-daemon/src/routes/marketplace.ts
-import * as fs16 from "node:fs";
-import * as path16 from "node:path";
+import * as fs15 from "node:fs";
+import * as path15 from "node:path";
 async function marketplaceRoutes(app) {
   app.get(
     "/marketplace/search",
@@ -7349,9 +7493,9 @@ async function marketplaceRoutes(app) {
           return reply.code(500).send({ error: "Skills directory not configured" });
         }
         const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
-        const binDir = path16.join(agentHome, "bin");
+        const binDir = path15.join(agentHome, "bin");
         const socketGroup = process.env["AGENSHIELD_SOCKET_GROUP"] || "clawshield";
-        skillDir = path16.join(skillsDir2, slug);
+        skillDir = path15.join(skillsDir2, slug);
         emitSkillInstallProgress(slug, "approve", "Pre-approving skill");
         addToApprovedList(slug, publisher);
         logs.push("Skill pre-approved");
@@ -7394,8 +7538,8 @@ async function marketplaceRoutes(app) {
         });
       } catch (err) {
         try {
-          if (skillDir && fs16.existsSync(skillDir)) {
-            fs16.rmSync(skillDir, { recursive: true, force: true });
+          if (skillDir && fs15.existsSync(skillDir)) {
+            fs15.rmSync(skillDir, { recursive: true, force: true });
           }
           removeFromApprovedList(slug);
         } catch {
@@ -7418,18 +7562,18 @@ async function marketplaceRoutes(app) {
 }
 
 // libs/shield-daemon/src/routes/fs.ts
-import * as fs17 from "node:fs";
-import * as path17 from "node:path";
+import * as fs16 from "node:fs";
+import * as path16 from "node:path";
 import * as os5 from "node:os";
 var MAX_ENTRIES = 200;
 async function fsRoutes(app) {
   app.get("/fs/browse", async (request) => {
     const dirPath = request.query.path || os5.homedir();
     const showHidden = request.query.showHidden === "true";
-    const resolvedPath = path17.resolve(dirPath);
+    const resolvedPath = path16.resolve(dirPath);
     let dirents;
     try {
-      dirents = fs17.readdirSync(resolvedPath, { withFileTypes: true });
+      dirents = fs16.readdirSync(resolvedPath, { withFileTypes: true });
     } catch {
       return { success: true, data: { entries: [] } };
     }
@@ -7438,7 +7582,7 @@ async function fsRoutes(app) {
       if (!showHidden && dirent.name.startsWith(".")) continue;
       entries.push({
         name: dirent.name,
-        path: path17.join(resolvedPath, dirent.name),
+        path: path16.join(resolvedPath, dirent.name),
         type: dirent.isDirectory() ? "directory" : "file"
       });
       if (entries.length >= MAX_ENTRIES) break;
@@ -7452,8 +7596,9 @@ async function fsRoutes(app) {
 }
 
 // libs/shield-daemon/src/services/activity-log.ts
-import * as fs18 from "node:fs";
-import * as path18 from "node:path";
+import * as fs17 from "node:fs";
+import * as path17 from "node:path";
+init_paths();
 var ACTIVITY_FILE = "activity.jsonl";
 var MAX_SIZE_BYTES = 100 * 1024 * 1024;
 var MAX_AGE_MS = 24 * 60 * 60 * 1e3;
@@ -7470,12 +7615,12 @@ var ActivityLog = class {
   writeCount = 0;
   unsubscribe;
   constructor() {
-    this.filePath = path18.join(getConfigDir(), ACTIVITY_FILE);
+    this.filePath = path17.join(getConfigDir(), ACTIVITY_FILE);
   }
   /** Read historical events from the JSONL file, newest first */
   getHistory(limit = 500) {
-    if (!fs18.existsSync(this.filePath)) return [];
-    const content = fs18.readFileSync(this.filePath, "utf-8");
+    if (!fs17.existsSync(this.filePath)) return [];
+    const content = fs17.readFileSync(this.filePath, "utf-8");
     const lines = content.split("\n").filter(Boolean);
     const events = [];
     for (const line of lines) {
@@ -7500,7 +7645,7 @@ var ActivityLog = class {
   }
   append(event) {
     const line = JSON.stringify(event) + "\n";
-    fs18.appendFileSync(this.filePath, line, "utf-8");
+    fs17.appendFileSync(this.filePath, line, "utf-8");
     this.writeCount++;
     if (this.writeCount % PRUNE_INTERVAL === 0) {
       this.rotate();
@@ -7508,7 +7653,7 @@ var ActivityLog = class {
   }
   rotate() {
     try {
-      const stat = fs18.statSync(this.filePath);
+      const stat = fs17.statSync(this.filePath);
       if (stat.size > MAX_SIZE_BYTES) {
         this.truncateBySize();
       }
@@ -7518,15 +7663,15 @@ var ActivityLog = class {
   }
   /** Keep newest half of lines when file exceeds size limit */
   truncateBySize() {
-    const content = fs18.readFileSync(this.filePath, "utf-8");
+    const content = fs17.readFileSync(this.filePath, "utf-8");
     const lines = content.split("\n").filter(Boolean);
     const keep = lines.slice(Math.floor(lines.length / 2));
-    fs18.writeFileSync(this.filePath, keep.join("\n") + "\n", "utf-8");
+    fs17.writeFileSync(this.filePath, keep.join("\n") + "\n", "utf-8");
   }
   /** Remove entries older than 24 hours */
   pruneOldEntries() {
-    if (!fs18.existsSync(this.filePath)) return;
-    const content = fs18.readFileSync(this.filePath, "utf-8");
+    if (!fs17.existsSync(this.filePath)) return;
+    const content = fs17.readFileSync(this.filePath, "utf-8");
     const lines = content.split("\n").filter(Boolean);
     const cutoff = Date.now() - MAX_AGE_MS;
     const kept = lines.filter((line) => {
@@ -7538,7 +7683,7 @@ var ActivityLog = class {
       }
     });
     if (kept.length < lines.length) {
-      fs18.writeFileSync(this.filePath, kept.join("\n") + "\n", "utf-8");
+      fs17.writeFileSync(this.filePath, kept.join("\n") + "\n", "utf-8");
     }
   }
 };
@@ -7570,26 +7715,31 @@ function globToRegex(pattern) {
   const regexPattern = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*\*/g, "{{GLOBSTAR}}").replace(/\*/g, "[^/]*").replace(/\?/g, ".").replace(/{{GLOBSTAR}}/g, ".*");
   return new RegExp(`^${regexPattern}$`, "i");
 }
-function normalizeUrlPattern(pattern) {
+function normalizeUrlBase(pattern) {
   let p = pattern.trim();
   p = p.replace(/\/+$/, "");
   if (!p.match(/^(\*|https?):\/\//i)) {
     p = `https://${p}`;
   }
-  if (!p.endsWith("*")) {
-    p = `${p}/**`;
-  }
   return p;
 }
+function matchUrlPattern(pattern, target) {
+  const base = normalizeUrlBase(pattern);
+  const trimmed = pattern.trim().replace(/\/+$/, "");
+  if (trimmed.endsWith("*")) {
+    return globToRegex(base).test(target);
+  }
+  return globToRegex(base).test(target) || globToRegex(`${base}/**`).test(target);
+}
 function normalizeUrlTarget(url) {
   const trimmed = url.trim();
   try {
     const parsed = new URL(trimmed);
-    let path20 = parsed.pathname;
-    if (path20.length > 1) {
-      path20 = path20.replace(/\/+$/, "");
+    let path19 = parsed.pathname;
+    if (path19.length > 1) {
+      path19 = path19.replace(/\/+$/, "");
     }
-    return `${parsed.protocol}//${parsed.host}${path20}${parsed.search}`;
+    return `${parsed.protocol}//${parsed.host}${path19}${parsed.search}`;
   } catch {
     return trimmed.replace(/\/+$/, "");
   }
@@ -7621,10 +7771,8 @@ function evaluatePolicyCheck(operation, target) {
       if (policy.target !== "url" || policy.action !== "allow") continue;
       for (const pattern of policy.patterns) {
         if (!pattern.match(/^http:\/\//i)) continue;
-        const effectivePattern = normalizeUrlPattern(pattern);
         const effectiveTarget = normalizeUrlTarget(target);
-        const regex = globToRegex(effectivePattern);
-        if (regex.test(effectiveTarget)) {
+        if (matchUrlPattern(pattern, effectiveTarget)) {
           explicitHttpAllow = true;
           break;
         }
@@ -7646,11 +7794,15 @@ function evaluatePolicyCheck(operation, target) {
     }
     console.log("[policy_check] checking policy:", policy.name, "target:", policy.target, "action:", policy.action);
     for (const pattern of policy.patterns) {
-      const effectivePattern = targetType === "url" ? normalizeUrlPattern(pattern) : pattern;
       const effectiveTarget = targetType === "url" ? normalizeUrlTarget(target) : target;
-      const regex = globToRegex(effectivePattern);
-      const matches = regex.test(effectiveTarget);
-      console.log("[policy_check]   pattern:", pattern, "-> normalized:", effectivePattern, "| target:", effectiveTarget, "| matches:", matches);
+      let matches;
+      if (targetType === "url") {
+        matches = matchUrlPattern(pattern, effectiveTarget);
+      } else {
+        const regex = globToRegex(pattern);
+        matches = regex.test(effectiveTarget);
+      }
+      console.log("[policy_check]   pattern:", pattern, "-> base:", targetType === "url" ? normalizeUrlBase(pattern) : pattern, "| target:", effectiveTarget, "| matches:", matches);
       if (matches) {
         console.log("[policy_check] MATCHED policy:", policy.name, "action:", policy.action);
         return {
@@ -7823,22 +7975,22 @@ async function registerRoutes(app) {
 }
 
 // libs/shield-daemon/src/static.ts
-import * as fs19 from "node:fs";
-import * as path19 from "node:path";
+import * as fs18 from "node:fs";
+import * as path18 from "node:path";
 import { fileURLToPath as fileURLToPath2 } from "node:url";
 var __filename = fileURLToPath2(import.meta.url);
-var __dirname = path19.dirname(__filename);
+var __dirname = path18.dirname(__filename);
 function getUiAssetsPath() {
-  const pkgRootPath = path19.join(__dirname, "..", "ui-assets");
-  if (fs19.existsSync(pkgRootPath)) {
+  const pkgRootPath = path18.join(__dirname, "..", "ui-assets");
+  if (fs18.existsSync(pkgRootPath)) {
     return pkgRootPath;
   }
-  const bundledPath = path19.join(__dirname, "ui-assets");
-  if (fs19.existsSync(bundledPath)) {
+  const bundledPath = path18.join(__dirname, "ui-assets");
+  if (fs18.existsSync(bundledPath)) {
     return bundledPath;
   }
-  const devPath = path19.join(__dirname, "..", "..", "..", "dist", "apps", "shield-ui");
-  if (fs19.existsSync(devPath)) {
+  const devPath = path18.join(__dirname, "..", "..", "..", "dist", "apps", "shield-ui");
+  if (fs18.existsSync(devPath)) {
     return devPath;
   }
   return null;
@@ -7927,8 +8079,8 @@ async function startServer(config) {
   startSecurityWatcher(1e4);
   const agentHome = process.env["AGENSHIELD_AGENT_HOME"] || "/Users/ash_default_agent";
   const skillsDir2 = `${agentHome}/.openclaw/skills`;
-  if (!fs20.existsSync(skillsDir2)) {
-    fs20.mkdirSync(skillsDir2, { recursive: true, mode: 493 });
+  if (!fs19.existsSync(skillsDir2)) {
+    fs19.mkdirSync(skillsDir2, { recursive: true, mode: 493 });
     console.log(`[Daemon] Created skills directory: ${skillsDir2}`);
   }
   startSkillsWatcher(skillsDir2, {
@@ -7937,6 +8089,17 @@ async function startServer(config) {
   }, 3e4);
   const activityLog = getActivityLog();
   activityLog.start();
+  try {
+    const { loadConfig: loadDaemonConfig } = await Promise.resolve().then(() => (init_loader(), loader_exports));
+    const { loadState: loadState2 } = await Promise.resolve().then(() => (init_state(), state_exports));
+    const { syncCommandPoliciesAndWrappers: syncCommandPoliciesAndWrappers2 } = await Promise.resolve().then(() => (init_command_sync(), command_sync_exports));
+    const cfg = loadDaemonConfig();
+    const st = loadState2();
+    syncCommandPoliciesAndWrappers2(cfg.policies, st, app.log);
+    app.log.info("[startup] boot-time command-sync completed");
+  } catch (err) {
+    app.log.warn(`[startup] boot-time command-sync failed: ${err.message}`);
+  }
   try {
     const vault = getVault();
     const agenco = await vault.get("agenco");
@@ -7958,6 +8121,11 @@ async function startServer(config) {
   });
   return app;
 }
+
+// libs/shield-daemon/src/index.ts
+init_paths();
+init_defaults();
+init_state();
 export {
   VERSION,
   Vault,