@ai-dossier/mcp-server 1.0.1 → 1.0.3

package/dist/tools/stepComplete.d.ts

@@ -0,0 +1,28 @@
+/**
+ * step_complete tool - Advance a journey session to the next step.
+ * Maps outputs to next step's inputs and returns the next step's dossier content.
+ */
+import type { JourneySummary } from '../orchestration/session';
+import type { StepPayload } from './startJourney';
+export interface StepCompleteInput {
+    journey_id: string;
+    outputs?: Record<string, unknown>;
+    status: 'completed' | 'failed';
+}
+export interface StepCompleteRunning {
+    status: 'running';
+    step: StepPayload;
+}
+export interface StepCompleteDone {
+    status: 'completed' | 'failed';
+    summary: JourneySummary;
+}
+export interface StepCompleteError {
+    error: {
+        type: 'not_found' | 'invalid_state' | 'unknown';
+        message: string;
+    };
+}
+export type StepCompleteOutput = StepCompleteRunning | StepCompleteDone;
+export declare function stepComplete(input: StepCompleteInput): Promise<StepCompleteOutput | StepCompleteError>;
+//# sourceMappingURL=stepComplete.d.ts.map

package/dist/tools/stepComplete.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stepComplete.d.ts","sourceRoot":"","sources":["../../src/tools/stepComplete.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,KAAK,EAAe,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAQ5E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAElD,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,MAAM,EAAE,WAAW,GAAG,QAAQ,CAAC;CAChC;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,SAAS,CAAC;IAClB,IAAI,EAAE,WAAW,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,WAAW,GAAG,QAAQ,CAAC;IAC/B,OAAO,EAAE,cAAc,CAAC;CACzB;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE;QACL,IAAI,EAAE,WAAW,GAAG,eAAe,GAAG,SAAS,CAAC;QAChD,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,MAAM,MAAM,kBAAkB,GAAG,mBAAmB,GAAG,gBAAgB,CAAC;AAkBxE,wBAAsB,YAAY,CAChC,KAAK,EAAE,iBAAiB,GACvB,OAAO,CAAC,kBAAkB,GAAG,iBAAiB,CAAC,CA2FjD"}

package/dist/tools/stepComplete.js

@@ -0,0 +1,101 @@
+"use strict";
+/**
+ * step_complete tool - Advance a journey session to the next step.
+ * Maps outputs to next step's inputs and returns the next step's dossier content.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.stepComplete = stepComplete;
+const node_fs_1 = require("node:fs");
+const core_1 = require("@ai-dossier/core");
+const session_1 = require("../orchestration/session");
+const logger_1 = require("../utils/logger");
+function fetchDossierBody(step) {
+    if (step.source === 'local' && step.path) {
+        try {
+            const raw = (0, node_fs_1.readFileSync)(step.path, 'utf8');
+            try {
+                return (0, core_1.parseDossierContent)(raw).body;
+            }
+            catch {
+                return raw;
+            }
+        }
+        catch {
+            return '';
+        }
+    }
+    return '';
+}
+async function stepComplete(input) {
+    const { journey_id, outputs, status } = input;
+    if (!journey_id) {
+        return { error: { type: 'unknown', message: 'journey_id is required' } };
+    }
+    const session = (0, session_1.getSession)(journey_id);
+    if (!session) {
+        return { error: { type: 'not_found', message: `No journey found with id: ${journey_id}` } };
+    }
+    if (session.status === 'completed' ||
+        session.status === 'cancelled' ||
+        session.status === 'failed') {
+        return {
+            error: {
+                type: 'invalid_state',
+                message: `Journey is already ${session.status}`,
+            },
+        };
+    }
+    const currentStep = session.steps[session.currentStepIndex];
+    // Record outputs and mark current step
+    if (outputs) {
+        currentStep.collectedOutputs = outputs;
+        session.outputs[currentStep.dossier] = outputs;
+    }
+    currentStep.status = status;
+    if (status === 'failed') {
+        session.status = 'failed';
+        session.completedAt = new Date();
+        (0, session_1.updateSession)(session);
+        logger_1.logger.info('Journey failed at step', {
+            journeyId: journey_id,
+            stepIndex: session.currentStepIndex,
+            dossier: currentStep.dossier,
+        });
+        return { status: 'failed', summary: (0, session_1.buildSummary)(session) };
+    }
+    // Find next step (skip optional steps that are already marked skipped)
+    const nextIndex = session.currentStepIndex + 1;
+    if (nextIndex >= session.steps.length) {
+        session.status = 'completed';
+        session.completedAt = new Date();
+        (0, session_1.updateSession)(session);
+        logger_1.logger.info('Journey completed', {
+            journeyId: journey_id,
+            totalSteps: session.steps.length,
+        });
+        return { status: 'completed', summary: (0, session_1.buildSummary)(session) };
+    }
+    // Advance to next step
+    session.currentStepIndex = nextIndex;
+    const nextStep = session.steps[nextIndex];
+    nextStep.status = 'running';
+    const context = (0, session_1.buildOutputContext)(session.outputs);
+    nextStep.injectedContext = context;
+    (0, session_1.updateSession)(session);
+    const body = fetchDossierBody(nextStep);
+    logger_1.logger.info('Journey advanced to next step', {
+        journeyId: journey_id,
+        stepIndex: nextIndex,
+        dossier: nextStep.dossier,
+    });
+    return {
+        status: 'running',
+        step: {
+            index: nextIndex,
+            dossier: nextStep.dossier,
+            body,
+            context,
+        },
+    };
+}
+//# sourceMappingURL=stepComplete.js.map

package/dist/tools/stepComplete.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stepComplete.js","sourceRoot":"","sources":["../../src/tools/stepComplete.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAuDH,oCA6FC;AAlJD,qCAAuC;AACvC,2CAAuD;AAEvD,sDAKkC;AAClC,4CAAyC;AA4BzC,SAAS,gBAAgB,CAAC,IAAiB;IACzC,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAA,sBAAY,EAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAC5C,IAAI,CAAC;gBACH,OAAO,IAAA,0BAAmB,EAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACvC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAEM,KAAK,UAAU,YAAY,CAChC,KAAwB;IAExB,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;IAE9C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,wBAAwB,EAAE,EAAE,CAAC;IAC3E,CAAC;IAED,MAAM,OAAO,GAAG,IAAA,oBAAU,EAAC,UAAU,CAAC,CAAC;IACvC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,6BAA6B,UAAU,EAAE,EAAE,EAAE,CAAC;IAC9F,CAAC;IAED,IACE,OAAO,CAAC,MAAM,KAAK,WAAW;QAC9B,OAAO,CAAC,MAAM,KAAK,WAAW;QAC9B,OAAO,CAAC,MAAM,KAAK,QAAQ,EAC3B,CAAC;QACD,OAAO;YACL,KAAK,EAAE;gBACL,IAAI,EAAE,eAAe;gBACrB,OAAO,EAAE,sBAAsB,OAAO,CAAC,MAAM,EAAE;aAChD;SACF,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAE5D,uCAAuC;IACvC,IAAI,OAAO,EAAE,CAAC;QACZ,WAAW,CAAC,gBAAgB,GAAG,OAAO,CAAC;QACvC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC;IACjD,CAAC;IACD,WAAW,CAAC,MAAM,GAAG,MAAM,CAAC;IAE5B,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;QACxB,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC;QAC1B,OAAO,CAAC,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC;QACjC,IAAA,uBAAa,EAAC,OAAO,CAAC,CAAC;QAEvB,eAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;YACpC,SAAS,EAAE,UAAU;YACrB,SAAS,EAAE,OAAO,CAAC,gBAAgB;YACnC,OAAO,EAAE,WAAW,CAAC,OAAO;SAC7B,CAAC,CAAC;QAEH,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAA,sBAAY,EAAC,OAAO,CAAC,EAAE,CAAC;IAC9D,CAAC;IAED,uEAAuE;IACvE,MAAM,SAAS,GAAG,OAAO,CAAC,gBAAgB,GAAG,CAAC,CAAC;IAE/C,IAAI,SAAS,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QACtC,OAAO,CAAC,MAAM,GAAG,WAAW,CAAC;QAC7B,OAAO,CAAC,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC;QACjC,IAAA,uBAAa,EAAC,OAAO,CAAC,CAAC;QAEvB,eAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE;YAC/B,SAAS,EAAE,UAAU;YACrB,UAAU,EAAE,OAAO,CAAC,KAAK,CAAC,MAAM;SACjC,CAAC,CAAC;QAEH,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,IAAA,sBAAY,EAAC,OAAO,CAAC,EAAE,CAAC;IACjE,CAAC;IAED,uBAAuB;IACvB,OAAO,CAAC,gBAAgB,GAAG,SAAS,CAAC;IACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC1C,QAAQ,CAAC,MAAM,GAAG,SAAS,CAAC;IAE5B,MAAM,OAAO,GAAG,IAAA,4BAAkB,EAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACpD,QAAQ,CAAC,eAAe,GAAG,OAAO,CAAC;IAEnC,IAAA,uBAAa,EAAC,OAAO,CAAC,CAAC;IAEvB,MAAM,IAAI,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAExC,eAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE;QAC3C,SAAS,EAAE,UAAU;QACrB,SAAS,EAAE,SAAS;QACpB,OAAO,EAAE,QAAQ,CAAC,OAAO;KAC1B,CAAC,CAAC;IAEH,OAAO;QACL,MAAM,EAAE,SAAS;QACjB,IAAI,EAAE;YACJ,KAAK,EAAE,SAAS;YAChB,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,IAAI;YACJ,OAAO;SACR;KACF,CAAC;AACJ,CAAC"}

package/dist/tools/verifyDossier.d.ts

@@ -1,15 +1,23 @@
 /**
  * verify_dossier tool - Security verification for dossiers
- * Verifies integrity (checksum) and authenticity (signature)
- * Returns recommendation: ALLOW, WARN, or BLOCK
+ * Thin wrapper around `ai-dossier verify --json <path>`
  */
-import { type VerificationResult } from '@ai-dossier/core';
 export interface VerifyDossierInput {
     path: string;
-    trusted_keys_path?: string;
+}
+export interface VerificationStage {
+    stage: number;
+    name: string;
+    passed?: boolean;
+    skipped?: boolean;
+    demo?: boolean;
+}
+export interface VerifyDossierOutput {
+    passed: boolean;
+    stages: VerificationStage[];
 }
 /**
- * Verify dossier security (integrity, authenticity, risk assessment)
+ * Verify dossier security via CLI
  */
-export declare function verifyDossier(input: VerifyDossierInput): Promise<VerificationResult>;
+export declare function verifyDossier(input: VerifyDossierInput): Promise<VerifyDossierOutput>;
 //# sourceMappingURL=verifyDossier.d.ts.map

package/dist/tools/verifyDossier.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"verifyDossier.d.ts","sourceRoot":"","sources":["../../src/tools/verifyDossier.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAKL,KAAK,kBAAkB,EAExB,MAAM,kBAAkB,CAAC;AAI1B,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CA0G1F"}
+{"version":3,"file":"verifyDossier.d.ts","sourceRoot":"","sources":["../../src/tools/verifyDossier.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,EAAE,iBAAiB,EAAE,CAAC;CAC7B;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAuB3F"}

package/dist/tools/verifyDossier.js

@@ -1,107 +1,34 @@
 "use strict";
 /**
  * verify_dossier tool - Security verification for dossiers
- * Verifies integrity (checksum) and authenticity (signature)
- * Returns recommendation: ALLOW, WARN, or BLOCK
+ * Thin wrapper around `ai-dossier verify --json <path>`
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifyDossier = verifyDossier;
-const core_1 = require("@ai-dossier/core");
-const signatureVerifier_1 = require("../parsers/signatureVerifier");
+const cli_wrapper_1 = require("../utils/cli-wrapper");
 const logger_1 = require("../utils/logger");
 /**
- * Verify dossier security (integrity, authenticity, risk assessment)
+ * Verify dossier security via CLI
  */
 async function verifyDossier(input) {
-    const { path, trusted_keys_path } = input;
-    logger_1.logger.info('Starting dossier verification', { dossierFile: path });
-    const result = (0, core_1.createDefaultVerificationResult)(path);
+    const { path } = input;
+    logger_1.logger.info('Starting dossier verification via CLI', { dossierFile: path });
     try {
-        // 1. Parse dossier
-        const parsed = (0, core_1.parseDossierFile)(path);
-        const { frontmatter, body } = parsed;
-        // 2. INTEGRITY CHECK (checksum)
-        const checksumHash = frontmatter.checksum?.hash;
-        result.integrity = (0, core_1.verifyIntegrity)(body, checksumHash);
-        if (result.integrity.status === 'missing') {
-            result.errors.push('Missing checksum - cannot verify integrity');
-            result.recommendation = 'BLOCK';
-            result.message = 'DO NOT EXECUTE - No checksum found';
-            logger_1.logger.error('Verification FAILED - missing checksum', { dossierFile: path });
-            return result;
-        }
-        if (result.integrity.status === 'invalid') {
-            result.errors.push('Checksum verification FAILED - do not execute!');
-            result.recommendation = 'BLOCK';
-            result.message = 'DO NOT EXECUTE - Dossier has been tampered with!';
-            result.authenticity.status = 'error';
-            result.authenticity.message = 'Cannot verify signature - integrity check failed';
-            logger_1.logger.error('Verification FAILED - checksum mismatch', { dossierFile: path });
-            return result;
-        }
-        // 3. AUTHENTICITY CHECK (signature)
-        result.authenticity = await (0, signatureVerifier_1.verifyAuthenticity)(body, frontmatter, trusted_keys_path);
-        if (result.authenticity.status === 'invalid') {
-            result.errors.push('Signature verification FAILED - do not execute!');
-            result.recommendation = 'BLOCK';
-            result.message = 'DO NOT EXECUTE - Invalid signature!';
-            logger_1.logger.error('Verification FAILED - invalid signature', { dossierFile: path });
-            return result;
-        }
-        // 4. RISK ASSESSMENT
-        result.riskAssessment = {
-            riskLevel: frontmatter.risk_level || 'unknown',
-            riskFactors: frontmatter.risk_factors || [],
-            destructiveOperations: frontmatter.destructive_operations || [],
-            requiresApproval: frontmatter.requires_approval !== false, // default true
-        };
-        // 5. RECOMMENDATION LOGIC
-        // Note: integrity 'invalid' and authenticity 'invalid' already handled above with early return
-        if (result.authenticity.status === 'verified' && result.riskAssessment.riskLevel === 'low') {
-            result.recommendation = 'ALLOW';
-            result.message = 'Verified dossier from trusted source with low risk. Safe to execute.';
-        }
-        else if (result.authenticity.status === 'unsigned' ||
-            result.authenticity.status === 'signed_unknown' ||
-            result.riskAssessment.riskLevel === 'high' ||
-            result.riskAssessment.riskLevel === 'critical') {
-            result.recommendation = 'WARN';
-            // Build warning message
-            const warnings = [];
-            if (result.authenticity.status === 'unsigned') {
-                warnings.push('Dossier is not signed (cannot verify author)');
-            }
-            if (result.authenticity.status === 'signed_unknown') {
-                warnings.push('Signature is valid but signer is not in your trusted keys list');
-            }
-            if (result.riskAssessment.riskLevel === 'high' ||
-                result.riskAssessment.riskLevel === 'critical') {
-                warnings.push(`High risk level: ${result.riskAssessment.riskLevel}`);
-            }
-            result.message = `WARNING: ${warnings.join('. ')}. Review before execution.`;
-        }
-        else {
-            result.recommendation = 'WARN';
-            result.message = 'Unsigned dossier with medium risk. Verify source before execution.';
-        }
+        const result = await (0, cli_wrapper_1.execCli)('verify', [path, '--json']);
         logger_1.logger.info('Verification completed', {
             dossierFile: path,
-            recommendation: result.recommendation,
-            integrity: result.integrity.status,
-            authenticity: result.authenticity.status,
-            riskLevel: result.riskAssessment.riskLevel,
+            passed: result.passed,
         });
+        return result;
     }
-    catch (err) {
-        result.errors.push(`Verification error: ${(0, core_1.getErrorMessage)(err)}`);
-        result.recommendation = 'BLOCK';
-        result.message = `DO NOT EXECUTE - Verification failed: ${(0, core_1.getErrorMessage)(err)}`;
-        logger_1.logger.error('Verification FAILED with exception', {
-            dossierFile: path,
-            error: (0, core_1.getErrorMessage)(err),
-            stack: (0, core_1.getErrorStack)(err),
-        });
+    catch (error) {
+        if (error instanceof cli_wrapper_1.CliNotFoundError) {
+            return {
+                passed: false,
+                stages: [{ stage: 0, name: 'CLI Check', passed: false }],
+            };
+        }
+        throw error;
     }
-    return result;
 }
 //# sourceMappingURL=verifyDossier.js.map

package/dist/tools/verifyDossier.js.map

@@ -1 +1 @@
-{"version":3,"file":"verifyDossier.js","sourceRoot":"","sources":["../../src/tools/verifyDossier.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAqBH,sCA0GC;AA7HD,2CAO0B;AAC1B,oEAAkE;AAClE,4CAAyC;AAOzC;;GAEG;AACI,KAAK,UAAU,aAAa,CAAC,KAAyB;IAC3D,MAAM,EAAE,IAAI,EAAE,iBAAiB,EAAE,GAAG,KAAK,CAAC;IAE1C,eAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;IAEpE,MAAM,MAAM,GAAuB,IAAA,sCAA+B,EAAC,IAAI,CAAC,CAAC;IAEzE,IAAI,CAAC;QACH,mBAAmB;QACnB,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,IAAI,CAAC,CAAC;QACtC,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,MAAM,CAAC;QAErC,gCAAgC;QAChC,MAAM,YAAY,GAAG,WAAW,CAAC,QAAQ,EAAE,IAAI,CAAC;QAChD,MAAM,CAAC,SAAS,GAAG,IAAA,sBAAe,EAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QAEvD,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC1C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;YACjE,MAAM,CAAC,cAAc,GAAG,OAAO,CAAC;YAChC,MAAM,CAAC,OAAO,GAAG,oCAAoC,CAAC;YACtD,eAAM,CAAC,KAAK,CAAC,wCAAwC,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YAC9E,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC1C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;YACrE,MAAM,CAAC,cAAc,GAAG,OAAO,CAAC;YAChC,MAAM,CAAC,OAAO,GAAG,kDAAkD,CAAC;YACpE,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,OAAO,CAAC;YACrC,MAAM,CAAC,YAAY,CAAC,OAAO,GAAG,kDAAkD,CAAC;YACjF,eAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/E,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,oCAAoC;QACpC,MAAM,CAAC,YAAY,GAAG,MAAM,IAAA,sCAAkB,EAAC,IAAI,EAAE,WAAW,EAAE,iBAAiB,CAAC,CAAC;QAErF,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC7C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAC;YACtE,MAAM,CAAC,cAAc,GAAG,OAAO,CAAC;YAChC,MAAM,CAAC,OAAO,GAAG,qCAAqC,CAAC;YACvD,eAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;YAC/E,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,qBAAqB;QACrB,MAAM,CAAC,cAAc,GAAG;YACtB,SAAS,EAAE,WAAW,CAAC,UAAU,IAAI,SAAS;YAC9C,WAAW,EAAE,WAAW,CAAC,YAAY,IAAI,EAAE;YAC3C,qBAAqB,EAAE,WAAW,CAAC,sBAAsB,IAAI,EAAE;YAC/D,gBAAgB,EAAE,WAAW,CAAC,iBAAiB,KAAK,KAAK,EAAE,eAAe;SAC3E,CAAC;QAEF,0BAA0B;QAC1B,+FAA+F;QAC/F,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,UAAU,IAAI,MAAM,CAAC,cAAc,CAAC,SAAS,KAAK,KAAK,EAAE,CAAC;YAC3F,MAAM,CAAC,cAAc,GAAG,OAAO,CAAC;YAChC,MAAM,CAAC,OAAO,GAAG,sEAAsE,CAAC;QAC1F,CAAC;aAAM,IACL,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,UAAU;YACzC,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,gBAAgB;YAC/C,MAAM,CAAC,cAAc,CAAC,SAAS,KAAK,MAAM;YAC1C,MAAM,CAAC,cAAc,CAAC,SAAS,KAAK,UAAU,EAC9C,CAAC;YACD,MAAM,CAAC,cAAc,GAAG,MAAM,CAAC;YAE/B,wBAAwB;YACxB,MAAM,QAAQ,GAAa,EAAE,CAAC;YAC9B,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;gBAC9C,QAAQ,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;YAChE,CAAC;YACD,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,KAAK,gBAAgB,EAAE,CAAC;gBACpD,QAAQ,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;YAClF,CAAC;YACD,IACE,MAAM,CAAC,cAAc,CAAC,SAAS,KAAK,MAAM;gBAC1C,MAAM,CAAC,cAAc,CAAC,SAAS,KAAK,UAAU,EAC9C,CAAC;gBACD,QAAQ,CAAC,IAAI,CAAC,oBAAoB,MAAM,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,CAAC,OAAO,GAAG,YAAY,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,4BAA4B,CAAC;QAC/E,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,cAAc,GAAG,MAAM,CAAC;YAC/B,MAAM,CAAC,OAAO,GAAG,oEAAoE,CAAC;QACxF,CAAC;QAED,eAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;YACpC,WAAW,EAAE,IAAI;YACjB,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM;YAClC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,MAAM;YACxC,SAAS,EAAE,MAAM,CAAC,cAAc,CAAC,SAAS;SAC3C,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,uBAAuB,IAAA,sBAAe,EAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClE,MAAM,CAAC,cAAc,GAAG,OAAO,CAAC;QAChC,MAAM,CAAC,OAAO,GAAG,yCAAyC,IAAA,sBAAe,EAAC,GAAG,CAAC,EAAE,CAAC;QACjF,eAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE;YACjD,WAAW,EAAE,IAAI;YACjB,KAAK,EAAE,IAAA,sBAAe,EAAC,GAAG,CAAC;YAC3B,KAAK,EAAE,IAAA,oBAAa,EAAC,GAAG,CAAC;SAC1B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"verifyDossier.js","sourceRoot":"","sources":["../../src/tools/verifyDossier.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAyBH,sCAuBC;AA9CD,sDAAiE;AACjE,4CAAyC;AAmBzC;;GAEG;AACI,KAAK,UAAU,aAAa,CAAC,KAAyB;IAC3D,MAAM,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC;IAEvB,eAAM,CAAC,IAAI,CAAC,uCAAuC,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;IAE5E,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAO,EAAsB,QAAQ,EAAE,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;QAE9E,eAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE;YACpC,WAAW,EAAE,IAAI;YACjB,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,8BAAgB,EAAE,CAAC;YACtC,OAAO;gBACL,MAAM,EAAE,KAAK;gBACb,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;aACzD,CAAC;QACJ,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/tools/verifyGraph.d.ts

@@ -0,0 +1,33 @@
+/**
+ * verify_graph tool - Batch verification for dossier dependency graphs.
+ * Verifies all dossiers in a resolved graph and returns an aggregate security report.
+ */
+export interface VerifyGraphInput {
+    graph_id?: string;
+    dossier?: string;
+}
+export type Recommendation = 'ALLOW' | 'WARN' | 'BLOCK';
+export interface DossierVerificationResult {
+    name: string;
+    recommendation: Recommendation;
+    risk: string;
+    passed: boolean;
+    error?: string;
+}
+export interface VerifyGraphOutput {
+    overall_recommendation: Recommendation;
+    summary: string;
+    blockers: string[];
+    dossiers: DossierVerificationResult[];
+}
+export interface VerifyGraphError {
+    error: {
+        type: 'validation' | 'resolve' | 'not_found';
+        message: string;
+    };
+}
+/**
+ * Verify all dossiers in a dependency graph and return an aggregate security report.
+ */
+export declare function verifyGraph(input: VerifyGraphInput): Promise<VerifyGraphOutput | VerifyGraphError>;
+//# sourceMappingURL=verifyGraph.d.ts.map

package/dist/tools/verifyGraph.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifyGraph.d.ts","sourceRoot":"","sources":["../../src/tools/verifyGraph.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAWH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,MAAM,cAAc,GAAG,OAAO,GAAG,MAAM,GAAG,OAAO,CAAC;AAExD,MAAM,WAAW,yBAAyB;IACxC,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,cAAc,CAAC;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,sBAAsB,EAAE,cAAc,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,EAAE,yBAAyB,EAAE,CAAC;CACvC;AAED,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE;QACL,IAAI,EAAE,YAAY,GAAG,SAAS,GAAG,WAAW,CAAC;QAC7C,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAiGD;;GAEG;AACH,wBAAsB,WAAW,CAC/B,KAAK,EAAE,gBAAgB,GACtB,OAAO,CAAC,iBAAiB,GAAG,gBAAgB,CAAC,CAuE/C"}

package/dist/tools/verifyGraph.js

@@ -0,0 +1,175 @@
+"use strict";
+/**
+ * verify_graph tool - Batch verification for dossier dependency graphs.
+ * Verifies all dossiers in a resolved graph and returns an aggregate security report.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyGraph = verifyGraph;
+const node_path_1 = require("node:path");
+const graph_1 = require("../orchestration/graph");
+const resolver_1 = require("../orchestration/resolver");
+const cli_wrapper_1 = require("../utils/cli-wrapper");
+const graphStore_1 = require("../utils/graphStore");
+const logger_1 = require("../utils/logger");
+/**
+ * Extract all unique dossiers from an execution plan.
+ */
+function extractDossiers(plan) {
+    const seen = new Set();
+    const dossiers = [];
+    for (const phase of plan.phases) {
+        for (const entry of phase.dossiers) {
+            if (!seen.has(entry.name)) {
+                seen.add(entry.name);
+                dossiers.push(entry);
+            }
+        }
+    }
+    return dossiers;
+}
+/**
+ * Determine recommendation based on verification result and risk level.
+ */
+function getRecommendation(result, riskLevel) {
+    if (!result.passed) {
+        // Check if integrity stage specifically failed (stage 1 is typically integrity/checksum)
+        const integrityFailed = result.stages.some((s) => s.passed === false &&
+            (s.name.toLowerCase().includes('integrity') || s.name.toLowerCase().includes('checksum')));
+        if (integrityFailed)
+            return 'BLOCK';
+        return 'WARN';
+    }
+    // Even if verification passed, high risk dossiers get a WARN
+    if (riskLevel === 'critical' || riskLevel === 'high')
+        return 'WARN';
+    return 'ALLOW';
+}
+/**
+ * Compute the worst-case recommendation across all results.
+ */
+function worstCase(recommendations) {
+    if (recommendations.includes('BLOCK'))
+        return 'BLOCK';
+    if (recommendations.includes('WARN'))
+        return 'WARN';
+    return 'ALLOW';
+}
+/**
+ * Verify a single dossier entry, returning its verification result.
+ */
+async function verifySingleDossier(entry) {
+    const identifier = entry.path ?? entry.name;
+    try {
+        const result = await (0, cli_wrapper_1.execCli)('verify', [identifier, '--json']);
+        const risk = entry.riskLevel ?? 'unknown';
+        const recommendation = getRecommendation(result, risk);
+        return {
+            name: entry.name,
+            recommendation,
+            risk,
+            passed: result.passed,
+        };
+    }
+    catch (error) {
+        if (error instanceof cli_wrapper_1.CliNotFoundError) {
+            return {
+                name: entry.name,
+                recommendation: 'BLOCK',
+                risk: entry.riskLevel ?? 'unknown',
+                passed: false,
+                error: error.message,
+            };
+        }
+        const message = error instanceof Error ? error.message : String(error);
+        return {
+            name: entry.name,
+            recommendation: 'BLOCK',
+            risk: entry.riskLevel ?? 'unknown',
+            passed: false,
+            error: message,
+        };
+    }
+}
+/**
+ * Resolve a dossier reference into an execution plan (same logic as resolveGraph tool).
+ */
+async function resolvePlan(dossierRef) {
+    const resolver = new resolver_1.DossierResolver();
+    const isPath = dossierRef.includes('/') || dossierRef.endsWith('.ds.md');
+    const entryDossier = isPath
+        ? await resolver.resolveFromPath((0, node_path_1.resolve)(dossierRef))
+        : await resolver.resolve(dossierRef);
+    const nodes = await resolver.resolveGraph(entryDossier);
+    const graph = (0, graph_1.buildGraph)(nodes);
+    return (0, graph_1.buildExecutionPlan)(graph, entryDossier.name);
+}
+/**
+ * Verify all dossiers in a dependency graph and return an aggregate security report.
+ */
+async function verifyGraph(input) {
+    const { graph_id, dossier } = input;
+    if (!graph_id && !dossier) {
+        return {
+            error: {
+                type: 'validation',
+                message: 'Either graph_id or dossier parameter is required',
+            },
+        };
+    }
+    let plan;
+    if (graph_id) {
+        const stored = (0, graphStore_1.getGraph)(graph_id);
+        if (!stored) {
+            return {
+                error: {
+                    type: 'not_found',
+                    message: `No graph found with id: ${graph_id}`,
+                },
+            };
+        }
+        plan = stored;
+        logger_1.logger.info('Verifying graph from store', { graphId: graph_id });
+    }
+    else {
+        logger_1.logger.info('Resolving and verifying graph', { dossier });
+        try {
+            plan = await resolvePlan(dossier);
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            logger_1.logger.error('Graph resolution failed during verify', { dossier, error: message });
+            return {
+                error: { type: 'resolve', message },
+            };
+        }
+    }
+    const entries = extractDossiers(plan);
+    logger_1.logger.info('Starting batch verification', { totalDossiers: entries.length });
+    // Verify all dossiers in parallel
+    const results = await Promise.all(entries.map(verifySingleDossier));
+    const blockers = results.filter((r) => r.recommendation === 'BLOCK').map((r) => r.name);
+    const overall = worstCase(results.map((r) => r.recommendation));
+    const counts = { ALLOW: 0, WARN: 0, BLOCK: 0 };
+    for (const r of results)
+        counts[r.recommendation]++;
+    const parts = [`${results.length} dossiers verified`];
+    if (counts.ALLOW > 0)
+        parts.push(`${counts.ALLOW} passed`);
+    if (counts.WARN > 0)
+        parts.push(`${counts.WARN} warnings`);
+    if (counts.BLOCK > 0)
+        parts.push(`${counts.BLOCK} blocked`);
+    const output = {
+        overall_recommendation: overall,
+        summary: parts.join(', '),
+        blockers,
+        dossiers: results,
+    };
+    logger_1.logger.info('Batch verification complete', {
+        overall,
+        total: results.length,
+        blockers: blockers.length,
+    });
+    return output;
+}
+//# sourceMappingURL=verifyGraph.js.map

package/dist/tools/verifyGraph.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verifyGraph.js","sourceRoot":"","sources":["../../src/tools/verifyGraph.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AA0IH,kCAyEC;AAjND,yCAAoC;AACpC,kDAAwE;AACxE,wDAA4D;AAE5D,sDAAiE;AACjE,oDAA+C;AAC/C,4CAAyC;AAgCzC;;GAEG;AACH,SAAS,eAAe,CAAC,IAAmB;IAC1C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,QAAQ,GAAiB,EAAE,CAAC;IAClC,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChC,KAAK,MAAM,KAAK,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;YACnC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;gBACrB,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACvB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,MAA2B,EAAE,SAAiB;IACvE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACnB,yFAAyF;QACzF,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CACxC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,MAAM,KAAK,KAAK;YAClB,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAC5F,CAAC;QACF,IAAI,eAAe;YAAE,OAAO,OAAO,CAAC;QACpC,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,6DAA6D;IAC7D,IAAI,SAAS,KAAK,UAAU,IAAI,SAAS,KAAK,MAAM;QAAE,OAAO,MAAM,CAAC;IACpE,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAS,SAAS,CAAC,eAAiC;IAClD,IAAI,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IACtD,IAAI,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IACpD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,mBAAmB,CAAC,KAAiB;IAClD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAA,qBAAO,EAAsB,QAAQ,EAAE,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;QACpF,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,IAAI,SAAS,CAAC;QAC1C,MAAM,cAAc,GAAG,iBAAiB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACvD,OAAO;YACL,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,cAAc;YACd,IAAI;YACJ,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,8BAAgB,EAAE,CAAC;YACtC,OAAO;gBACL,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,cAAc,EAAE,OAAO;gBACvB,IAAI,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS;gBAClC,MAAM,EAAE,KAAK;gBACb,KAAK,EAAE,KAAK,CAAC,OAAO;aACrB,CAAC;QACJ,CAAC;QACD,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,OAAO;YACL,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,cAAc,EAAE,OAAO;YACvB,IAAI,EAAE,KAAK,CAAC,SAAS,IAAI,SAAS;YAClC,MAAM,EAAE,KAAK;YACb,KAAK,EAAE,OAAO;SACf,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,WAAW,CAAC,UAAkB;IAC3C,MAAM,QAAQ,GAAG,IAAI,0BAAe,EAAE,CAAC;IACvC,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzE,MAAM,YAAY,GAAG,MAAM;QACzB,CAAC,CAAC,MAAM,QAAQ,CAAC,eAAe,CAAC,IAAA,mBAAO,EAAC,UAAU,CAAC,CAAC;QACrD,CAAC,CAAC,MAAM,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACvC,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;IACxD,MAAM,KAAK,GAAG,IAAA,kBAAU,EAAC,KAAK,CAAC,CAAC;IAChC,OAAO,IAAA,0BAAkB,EAAC,KAAK,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC;AACtD,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,WAAW,CAC/B,KAAuB;IAEvB,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC;IAEpC,IAAI,CAAC,QAAQ,IAAI,CAAC,OAAO,EAAE,CAAC;QAC1B,OAAO;YACL,KAAK,EAAE;gBACL,IAAI,EAAE,YAAY;gBAClB,OAAO,EAAE,kDAAkD;aAC5D;SACF,CAAC;IACJ,CAAC;IAED,IAAI,IAAmB,CAAC;IAExB,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,IAAA,qBAAQ,EAAC,QAAQ,CAAC,CAAC;QAClC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;gBACL,KAAK,EAAE;oBACL,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,2BAA2B,QAAQ,EAAE;iBAC/C;aACF,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,MAAM,CAAC;QACd,eAAM,CAAC,IAAI,CAAC,4BAA4B,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC;IACnE,CAAC;SAAM,CAAC;QACN,eAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAC1D,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,WAAW,CAAC,OAAQ,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,eAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YACnF,OAAO;gBACL,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE;aACpC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IAEtC,eAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,aAAa,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAE9E,kCAAkC;IAClC,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC;IAEpE,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,KAAK,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACxF,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;IAEhE,MAAM,MAAM,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAC/C,KAAK,MAAM,CAAC,IAAI,OAAO;QAAE,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,EAAE,CAAC;IAEpD,MAAM,KAAK,GAAa,CAAC,GAAG,OAAO,CAAC,MAAM,oBAAoB,CAAC,CAAC;IAChE,IAAI,MAAM,CAAC,KAAK,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,SAAS,CAAC,CAAC;IAC3D,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,WAAW,CAAC,CAAC;IAC3D,IAAI,MAAM,CAAC,KAAK,GAAG,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,UAAU,CAAC,CAAC;IAE5D,MAAM,MAAM,GAAsB;QAChC,sBAAsB,EAAE,OAAO;QAC/B,OAAO,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC;QACzB,QAAQ;QACR,QAAQ,EAAE,OAAO;KAClB,CAAC;IAEF,eAAM,CAAC,IAAI,CAAC,6BAA6B,EAAE;QACzC,OAAO;QACP,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,QAAQ,EAAE,QAAQ,CAAC,MAAM;KAC1B,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/utils/cli-wrapper.d.ts

@@ -0,0 +1,25 @@
+/**
+ * CLI wrapper utility - executes `ai-dossier` CLI commands and parses JSON output.
+ * This is the single integration point between the MCP server and CLI.
+ */
+export interface CliResult<T = unknown> {
+    data: T;
+}
+export declare class CliNotFoundError extends Error {
+    constructor();
+}
+export declare class CliExecutionError extends Error {
+    readonly command: string;
+    readonly exitCode: number | null;
+    readonly stderr: string;
+    constructor(command: string, exitCode: number | null, stderr: string);
+}
+/**
+ * Execute a CLI command and return parsed JSON output.
+ *
+ * @param command - The CLI subcommand (e.g. "verify", "info", "list", "search")
+ * @param args - Arguments to pass to the command
+ * @returns Parsed JSON output from the CLI
+ */
+export declare function execCli<T = unknown>(command: string, args: string[]): Promise<T>;
+//# sourceMappingURL=cli-wrapper.d.ts.map

package/dist/utils/cli-wrapper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-wrapper.d.ts","sourceRoot":"","sources":["../../src/utils/cli-wrapper.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAOH,MAAM,WAAW,SAAS,CAAC,CAAC,GAAG,OAAO;IACpC,IAAI,EAAE,CAAC,CAAC;CACT;AAED,qBAAa,gBAAiB,SAAQ,KAAK;;CAK1C;AAED,qBAAa,iBAAkB,SAAQ,KAAK;aAExB,OAAO,EAAE,MAAM;aACf,QAAQ,EAAE,MAAM,GAAG,IAAI;aACvB,MAAM,EAAE,MAAM;gBAFd,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,GAAG,IAAI,EACvB,MAAM,EAAE,MAAM;CAKjC;AAUD;;;;;;GAMG;AACH,wBAAgB,OAAO,CAAC,CAAC,GAAG,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,CAsDhF"}

package/dist/utils/cli-wrapper.js

@@ -0,0 +1,83 @@
+"use strict";
+/**
+ * CLI wrapper utility - executes `ai-dossier` CLI commands and parses JSON output.
+ * This is the single integration point between the MCP server and CLI.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CliExecutionError = exports.CliNotFoundError = void 0;
+exports.execCli = execCli;
+const node_child_process_1 = require("node:child_process");
+const logger_1 = require("./logger");
+const CLI_TIMEOUT_MS = 30_000;
+class CliNotFoundError extends Error {
+    constructor() {
+        super('ai-dossier CLI not found. Install it with: npm install -g @ai-dossier/cli');
+        this.name = 'CliNotFoundError';
+    }
+}
+exports.CliNotFoundError = CliNotFoundError;
+class CliExecutionError extends Error {
+    command;
+    exitCode;
+    stderr;
+    constructor(command, exitCode, stderr) {
+        super(`CLI command failed: ai-dossier ${command} (exit code ${exitCode})`);
+        this.command = command;
+        this.exitCode = exitCode;
+        this.stderr = stderr;
+        this.name = 'CliExecutionError';
+    }
+}
+exports.CliExecutionError = CliExecutionError;
+/**
+ * Find the ai-dossier binary path.
+ * Tries the global binary first, then falls back to npx.
+ */
+function findCliBinary() {
+    return { cmd: 'ai-dossier', prefixArgs: [] };
+}
+/**
+ * Execute a CLI command and return parsed JSON output.
+ *
+ * @param command - The CLI subcommand (e.g. "verify", "info", "list", "search")
+ * @param args - Arguments to pass to the command
+ * @returns Parsed JSON output from the CLI
+ */
+function execCli(command, args) {
+    const { cmd, prefixArgs } = findCliBinary();
+    const fullArgs = [...prefixArgs, command, ...args];
+    logger_1.logger.debug('Executing CLI command', { cmd, args: fullArgs });
+    return new Promise((resolve, reject) => {
+        (0, node_child_process_1.execFile)(cmd, fullArgs, { timeout: CLI_TIMEOUT_MS, maxBuffer: 10 * 1024 * 1024 }, (error, stdout, stderr) => {
+            if (error) {
+                // Check if the binary was not found
+                if ('code' in error && error.code === 'ENOENT') {
+                    reject(new CliNotFoundError());
+                    return;
+                }
+                // For verify, a non-zero exit code with JSON on stdout is still valid
+                // (verification failed but output is structured)
+                if (stdout.trim()) {
+                    try {
+                        const parsed = JSON.parse(stdout);
+                        resolve(parsed);
+                        return;
+                    }
+                    catch {
+                        // Not valid JSON, fall through to error
+                    }
+                }
+                reject(new CliExecutionError(command, error.code !== undefined ? Number(error.code) : null, stderr));
+                return;
+            }
+            try {
+                const parsed = JSON.parse(stdout);
+                resolve(parsed);
+            }
+            catch {
+                reject(new Error(`Failed to parse CLI JSON output for "ai-dossier ${command}": ${stdout.slice(0, 200)}`));
+            }
+        });
+    });
+}
+//# sourceMappingURL=cli-wrapper.js.map