@aitne/shared 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (114) hide show
  1. package/LICENSE +21 -0
  2. package/dist/advisor-models.d.ts +34 -0
  3. package/dist/advisor-models.d.ts.map +1 -0
  4. package/dist/advisor-models.js +39 -0
  5. package/dist/advisor-models.js.map +1 -0
  6. package/dist/agent-identity.d.ts +11 -0
  7. package/dist/agent-identity.d.ts.map +1 -0
  8. package/dist/agent-identity.js +29 -0
  9. package/dist/agent-identity.js.map +1 -0
  10. package/dist/alerts.d.ts +44 -0
  11. package/dist/alerts.d.ts.map +1 -0
  12. package/dist/alerts.js +12 -0
  13. package/dist/alerts.js.map +1 -0
  14. package/dist/backend-api-key-config.d.ts +337 -0
  15. package/dist/backend-api-key-config.d.ts.map +1 -0
  16. package/dist/backend-api-key-config.js +682 -0
  17. package/dist/backend-api-key-config.js.map +1 -0
  18. package/dist/backend.d.ts +93 -0
  19. package/dist/backend.d.ts.map +1 -0
  20. package/dist/backend.js +22 -0
  21. package/dist/backend.js.map +1 -0
  22. package/dist/branding.d.ts +96 -0
  23. package/dist/branding.d.ts.map +1 -0
  24. package/dist/branding.js +102 -0
  25. package/dist/branding.js.map +1 -0
  26. package/dist/chat-session-scope.d.ts +14 -0
  27. package/dist/chat-session-scope.d.ts.map +1 -0
  28. package/dist/chat-session-scope.js +18 -0
  29. package/dist/chat-session-scope.js.map +1 -0
  30. package/dist/date-utils.d.ts +80 -0
  31. package/dist/date-utils.d.ts.map +1 -0
  32. package/dist/date-utils.js +187 -0
  33. package/dist/date-utils.js.map +1 -0
  34. package/dist/docs-frontmatter.d.ts +51 -0
  35. package/dist/docs-frontmatter.d.ts.map +1 -0
  36. package/dist/docs-frontmatter.js +184 -0
  37. package/dist/docs-frontmatter.js.map +1 -0
  38. package/dist/docs-schema.d.ts +79 -0
  39. package/dist/docs-schema.d.ts.map +1 -0
  40. package/dist/docs-schema.js +135 -0
  41. package/dist/docs-schema.js.map +1 -0
  42. package/dist/editable-config-keys.d.ts +14 -0
  43. package/dist/editable-config-keys.d.ts.map +1 -0
  44. package/dist/editable-config-keys.js +157 -0
  45. package/dist/editable-config-keys.js.map +1 -0
  46. package/dist/exec-with-stdin.d.ts +14 -0
  47. package/dist/exec-with-stdin.d.ts.map +1 -0
  48. package/dist/exec-with-stdin.js +35 -0
  49. package/dist/exec-with-stdin.js.map +1 -0
  50. package/dist/index.d.ts +37 -0
  51. package/dist/index.d.ts.map +1 -0
  52. package/dist/index.js +49 -0
  53. package/dist/index.js.map +1 -0
  54. package/dist/integrations-snapshot.d.ts +183 -0
  55. package/dist/integrations-snapshot.d.ts.map +1 -0
  56. package/dist/integrations-snapshot.js +757 -0
  57. package/dist/integrations-snapshot.js.map +1 -0
  58. package/dist/integrations.d.ts +675 -0
  59. package/dist/integrations.d.ts.map +1 -0
  60. package/dist/integrations.js +1656 -0
  61. package/dist/integrations.js.map +1 -0
  62. package/dist/keychain-helper-client.d.ts +31 -0
  63. package/dist/keychain-helper-client.d.ts.map +1 -0
  64. package/dist/keychain-helper-client.js +105 -0
  65. package/dist/keychain-helper-client.js.map +1 -0
  66. package/dist/log-entry.d.ts +14 -0
  67. package/dist/log-entry.d.ts.map +1 -0
  68. package/dist/log-entry.js +2 -0
  69. package/dist/log-entry.js.map +1 -0
  70. package/dist/management-domains.d.ts +369 -0
  71. package/dist/management-domains.d.ts.map +1 -0
  72. package/dist/management-domains.js +499 -0
  73. package/dist/management-domains.js.map +1 -0
  74. package/dist/process-key.d.ts +67 -0
  75. package/dist/process-key.d.ts.map +1 -0
  76. package/dist/process-key.js +366 -0
  77. package/dist/process-key.js.map +1 -0
  78. package/dist/schemas.d.ts +267 -0
  79. package/dist/schemas.d.ts.map +1 -0
  80. package/dist/schemas.js +271 -0
  81. package/dist/schemas.js.map +1 -0
  82. package/dist/secret-client-factory.d.ts +16 -0
  83. package/dist/secret-client-factory.d.ts.map +1 -0
  84. package/dist/secret-client-factory.js +111 -0
  85. package/dist/secret-client-factory.js.map +1 -0
  86. package/dist/secret-client-file.d.ts +51 -0
  87. package/dist/secret-client-file.d.ts.map +1 -0
  88. package/dist/secret-client-file.js +160 -0
  89. package/dist/secret-client-file.js.map +1 -0
  90. package/dist/secret-client-linux.d.ts +26 -0
  91. package/dist/secret-client-linux.d.ts.map +1 -0
  92. package/dist/secret-client-linux.js +63 -0
  93. package/dist/secret-client-linux.js.map +1 -0
  94. package/dist/secret-client-windows.d.ts +37 -0
  95. package/dist/secret-client-windows.d.ts.map +1 -0
  96. package/dist/secret-client-windows.js +82 -0
  97. package/dist/secret-client-windows.js.map +1 -0
  98. package/dist/secret-redaction.d.ts +3 -0
  99. package/dist/secret-redaction.d.ts.map +1 -0
  100. package/dist/secret-redaction.js +31 -0
  101. package/dist/secret-redaction.js.map +1 -0
  102. package/dist/skill-curation/decision-language.d.ts +6 -0
  103. package/dist/skill-curation/decision-language.d.ts.map +1 -0
  104. package/dist/skill-curation/decision-language.js +38 -0
  105. package/dist/skill-curation/decision-language.js.map +1 -0
  106. package/dist/skill-curation/schemas.d.ts +461 -0
  107. package/dist/skill-curation/schemas.d.ts.map +1 -0
  108. package/dist/skill-curation/schemas.js +211 -0
  109. package/dist/skill-curation/schemas.js.map +1 -0
  110. package/dist/types.d.ts +204 -0
  111. package/dist/types.d.ts.map +1 -0
  112. package/dist/types.js +54 -0
  113. package/dist/types.js.map +1 -0
  114. package/package.json +50 -0
package/dist/secret-client-file.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"secret-client-file.js","sourceRoot":"","sources":["../src/secret-client-file.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,gBAAgB,EAChB,WAAW,EACX,MAAM,EACN,eAAe,GAChB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACnG,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAKlC,2EAA2E;AAC3E,2DAA2D;AAC3D,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAKhB,CAAC;AAErB,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,WAAW;AAClC,MAAM,SAAS,GAAG,EAAE,CAAC,CAAC,kBAAkB;AACxC,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,wBAAwB;AACjD,MAAM,WAAW,GAAG,EAAE,CAAC,CAAC,WAAW;AACnC,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,oDAAoD;AAC/E,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAC5B,MAAM,sBAAsB,GAAG,CAAC,CAAC;AA8BjC;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,OAAO,gBAAgB;IACV,UAAU,CAAS;IACnB,cAAc,CAAS;IAExC;;;OAGG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,cAAsB,EAAE,UAAmB;QAC7D,MAAM,MAAM,GAAG,IAAI,gBAAgB,CAAC,cAAc,EAAE,UAAU,CAAC,CAAC;QAChE,MAAM,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAChC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,yDAAyD;IACzD,YAAY,cAAsB,EAAE,UAAmB;QACrD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,UAAU,GAAG,UAAU,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;QAC9E,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC;IAEO,QAAQ,CAAC,UAAkB;QACjC,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,wBAAwB,UAAU,EAAE,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,UAAU,MAAM,CAAC,CAAC;IACpD,CAAC;IAEO,cAAc;QACpB,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;IAC/C,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,IAAY;QAClC,OAAO,MAAM,WAAW,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,EAAE,UAAU,EAAE;YAC9D,CAAC,EAAE,WAAW;YACd,CAAC,EAAE,iBAAiB;YACpB,CAAC,EAAE,sBAAsB;SAC1B,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,gBAAgB;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACvC,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,MAAM,MAAM,GAAmB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YAC3E,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC7C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACjD,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CACb,gGAAgG,CACjG,CAAC;YACJ,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;YACtC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACxC,MAAM,OAAO,GAAmB;gBAC9B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAC1B,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;aAC3B,CAAC;YACF,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAC3F,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAkB;QAC1B,OAAO,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAkB;QAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACvC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QAEnC,MAAM,MAAM,GAAyB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;QAC7E,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAC7C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QACzC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACnD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAEzD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACvC,MAAM,QAAQ,GAAG,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QACtD,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACjF,OAAO,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAkB,EAAE,KAAa;QACzC,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;QACtC,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;QAClC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAEvC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAClD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACjF,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,MAAM,OAAO,GAAyB;YACpC,IAAI,EAAE,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YAC1B,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;YACtB,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;YAChC,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;SACtC,CAAC;QACF,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;IAC5G,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,UAAkB;QAC7B,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACvC,IAAI,UAAU,CAAC,IAAI,CAAC;YAAE,UAAU,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,UAAmB;IAEnB,2CAA2C;IAC3C,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC;QACnC,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IACxC,CAAC;IAED,uBAAuB;IACvB,MAAM,GAAG,GAAG,UAAU,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;IACxE,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,aAAa,CAAC,CAAC;IAC7C,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC5B,wEAAwE;QACxE,uEAAuE;QACvE,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,CAAC,CAAC,IAAI,GAAG,KAAK,CAAC;QAChD,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CACb,gCAAgC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,2BAA2B;gBAC3E,uBAAuB,WAAW,EAAE,CACrC,CAAC;QACJ,CAAC;QACD,OAAO,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IACnD,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
package/dist/secret-client-linux.d.ts ADDED
@@ -0,0 +1,26 @@
1
+ import type { PersonalAgentKeychainClient } from "./keychain-helper-client.js";
2
+ /**
3
+ * Secret client backed by libsecret (`secret-tool` CLI).
4
+ *
5
+ * Uses GNOME Keyring (or KWallet via the libsecret backend) to store
6
+ * secrets in the user's login keyring. Requires `libsecret-tools`
7
+ * (`secret-tool`) to be installed.
8
+ *
9
+ * Secrets are stored with attributes:
10
+ * service = "personal-agent"
11
+ * key = <secretName>
12
+ *
13
+ * `secret-tool store` reads the value from stdin (not command args),
14
+ * preventing the secret from appearing in process listings.
15
+ * `secret-tool lookup` outputs the value to stdout.
16
+ * Both use `execFileAsync` / `execWithStdin` with argument arrays —
17
+ * no shell interpolation, injection-safe.
18
+ */
19
+ export declare class LinuxSecretClient implements PersonalAgentKeychainClient {
20
+ private validateName;
21
+ has(secretName: string): Promise<boolean>;
22
+ get(secretName: string): Promise<string | null>;
23
+ set(secretName: string, value: string): Promise<void>;
24
+ delete(secretName: string): Promise<void>;
25
+ }
26
+ //# sourceMappingURL=secret-client-linux.d.ts.map
package/dist/secret-client-linux.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"secret-client-linux.d.ts","sourceRoot":"","sources":["../src/secret-client-linux.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAC;AAK/E;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,iBAAkB,YAAW,2BAA2B;IACnE,OAAO,CAAC,YAAY;IAMd,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIzC,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAY/C,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAcrD,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAUhD"}
package/dist/secret-client-linux.js ADDED
@@ -0,0 +1,63 @@
1
+ import { execFile } from "node:child_process";
2
+ import { promisify } from "node:util";
3
+ import { execWithStdin } from "./exec-with-stdin.js";
4
+ const execFileAsync = promisify(execFile);
5
+ /**
6
+ * Secret client backed by libsecret (`secret-tool` CLI).
7
+ *
8
+ * Uses GNOME Keyring (or KWallet via the libsecret backend) to store
9
+ * secrets in the user's login keyring. Requires `libsecret-tools`
10
+ * (`secret-tool`) to be installed.
11
+ *
12
+ * Secrets are stored with attributes:
13
+ * service = "personal-agent"
14
+ * key = <secretName>
15
+ *
16
+ * `secret-tool store` reads the value from stdin (not command args),
17
+ * preventing the secret from appearing in process listings.
18
+ * `secret-tool lookup` outputs the value to stdout.
19
+ * Both use `execFileAsync` / `execWithStdin` with argument arrays —
20
+ * no shell interpolation, injection-safe.
21
+ */
22
+ export class LinuxSecretClient {
23
+ validateName(secretName) {
24
+ if (/[/\\]/.test(secretName)) {
25
+ throw new Error(`Invalid secret name: ${secretName}`);
26
+ }
27
+ }
28
+ async has(secretName) {
29
+ return (await this.get(secretName)) !== null;
30
+ }
31
+ async get(secretName) {
32
+ this.validateName(secretName);
33
+ try {
34
+ const { stdout } = await execFileAsync("secret-tool", [
35
+ "lookup", "service", "personal-agent", "key", secretName,
36
+ ], { encoding: "utf8", timeout: 5_000 });
37
+ return stdout.replace(/\n$/, "");
38
+ }
39
+ catch {
40
+ return null;
41
+ }
42
+ }
43
+ async set(secretName, value) {
44
+ this.validateName(secretName);
45
+ // secret-tool store reads the password from stdin
46
+ await execWithStdin("secret-tool", [
47
+ "store", "--label", `PersonalAgent: ${secretName}`,
48
+ "service", "personal-agent", "key", secretName,
49
+ ], value, { timeout: 5_000 });
50
+ }
51
+ async delete(secretName) {
52
+ this.validateName(secretName);
53
+ try {
54
+ await execFileAsync("secret-tool", [
55
+ "clear", "service", "personal-agent", "key", secretName,
56
+ ], { encoding: "utf8", timeout: 5_000 });
57
+ }
58
+ catch {
59
+ // not found — treat as success
60
+ }
61
+ }
62
+ }
63
+ //# sourceMappingURL=secret-client-linux.js.map
package/dist/secret-client-linux.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"secret-client-linux.js","sourceRoot":"","sources":["../src/secret-client-linux.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAErD,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,iBAAiB;IACpB,YAAY,CAAC,UAAkB;QACrC,IAAI,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,wBAAwB,UAAU,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAkB;QAC1B,OAAO,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAkB;QAC1B,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,aAAa,EAAE;gBACpD,QAAQ,EAAE,SAAS,EAAE,gBAAgB,EAAE,KAAK,EAAE,UAAU;aACzD,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;YACzC,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAkB,EAAE,KAAa;QACzC,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QAC9B,kDAAkD;QAClD,MAAM,aAAa,CACjB,aAAa,EACb;YACE,OAAO,EAAE,SAAS,EAAE,kBAAkB,UAAU,EAAE;YAClD,SAAS,EAAE,gBAAgB,EAAE,KAAK,EAAE,UAAU;SAC/C,EACD,KAAK,EACL,EAAE,OAAO,EAAE,KAAK,EAAE,CACnB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,UAAkB;QAC7B,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,aAAa,EAAE;gBACjC,OAAO,EAAE,SAAS,EAAE,gBAAgB,EAAE,KAAK,EAAE,UAAU;aACxD,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QAC3C,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC;CACF"}
package/dist/secret-client-windows.d.ts ADDED
@@ -0,0 +1,37 @@
1
+ import type { PersonalAgentKeychainClient } from "./keychain-helper-client.js";
2
+ /**
3
+ * Secret client backed by Windows DPAPI (Data Protection API).
4
+ *
5
+ * Secrets are encrypted using PowerShell's `ConvertTo-SecureString` /
6
+ * `ConvertFrom-SecureString` which wraps DPAPI by default (when `-Key`
7
+ * is omitted). Each secret is stored as a `.dpapi` file containing the
8
+ * DPAPI-encrypted string.
9
+ *
10
+ * DPAPI properties:
11
+ * - Uses the current Windows user's credentials as the encryption key
12
+ * - Only the same user on the same machine can decrypt
13
+ * - No additional installs required — built into PowerShell
14
+ *
15
+ * Security: All values are passed via stdin to avoid command injection.
16
+ * The PowerShell script reads from `[System.Console]::In.ReadToEnd()`,
17
+ * never from string interpolation in the script body.
18
+ */
19
+ export declare class WindowsDpapiSecretClient implements PersonalAgentKeychainClient {
20
+ private readonly secretsDir;
21
+ private readonly psBinary;
22
+ /**
23
+ * @param secretsDir Override for `~/.personal-agent/secrets` (tests).
24
+ * @param psBinary PowerShell executable name. Defaults to
25
+ * `powershell.exe` (Windows PowerShell 5.1, ships with every modern
26
+ * Windows). The factory may pass `pwsh.exe` when 5.1 is unavailable
27
+ * (PowerShell-Core-only setups, Windows Server Core). Both expose the
28
+ * `ConvertTo-SecureString` / DPAPI surface this client relies on.
29
+ */
30
+ constructor(secretsDir?: string, psBinary?: string);
31
+ private filePath;
32
+ has(secretName: string): Promise<boolean>;
33
+ get(secretName: string): Promise<string | null>;
34
+ set(secretName: string, value: string): Promise<void>;
35
+ delete(secretName: string): Promise<void>;
36
+ }
37
+ //# sourceMappingURL=secret-client-windows.d.ts.map
package/dist/secret-client-windows.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"secret-client-windows.d.ts","sourceRoot":"","sources":["../src/secret-client-windows.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,6BAA6B,CAAC;AAG/E;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,wBAAyB,YAAW,2BAA2B;IAC1E,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAElC;;;;;;;OAOG;gBACS,UAAU,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM;IAMlD,OAAO,CAAC,QAAQ;IAOV,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIzC,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAyB/C,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAoBrD,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAIhD"}
package/dist/secret-client-windows.js ADDED
@@ -0,0 +1,82 @@
1
+ import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from "node:fs";
2
+ import { join } from "node:path";
3
+ import { homedir } from "node:os";
4
+ import { execWithStdin } from "./exec-with-stdin.js";
5
+ /**
6
+ * Secret client backed by Windows DPAPI (Data Protection API).
7
+ *
8
+ * Secrets are encrypted using PowerShell's `ConvertTo-SecureString` /
9
+ * `ConvertFrom-SecureString` which wraps DPAPI by default (when `-Key`
10
+ * is omitted). Each secret is stored as a `.dpapi` file containing the
11
+ * DPAPI-encrypted string.
12
+ *
13
+ * DPAPI properties:
14
+ * - Uses the current Windows user's credentials as the encryption key
15
+ * - Only the same user on the same machine can decrypt
16
+ * - No additional installs required — built into PowerShell
17
+ *
18
+ * Security: All values are passed via stdin to avoid command injection.
19
+ * The PowerShell script reads from `[System.Console]::In.ReadToEnd()`,
20
+ * never from string interpolation in the script body.
21
+ */
22
+ export class WindowsDpapiSecretClient {
23
+ secretsDir;
24
+ psBinary;
25
+ /**
26
+ * @param secretsDir Override for `~/.personal-agent/secrets` (tests).
27
+ * @param psBinary PowerShell executable name. Defaults to
28
+ * `powershell.exe` (Windows PowerShell 5.1, ships with every modern
29
+ * Windows). The factory may pass `pwsh.exe` when 5.1 is unavailable
30
+ * (PowerShell-Core-only setups, Windows Server Core). Both expose the
31
+ * `ConvertTo-SecureString` / DPAPI surface this client relies on.
32
+ */
33
+ constructor(secretsDir, psBinary) {
34
+ this.secretsDir = secretsDir ?? join(homedir(), ".personal-agent", "secrets");
35
+ this.psBinary = psBinary ?? "powershell.exe";
36
+ mkdirSync(this.secretsDir, { recursive: true });
37
+ }
38
+ filePath(name) {
39
+ if (/[/\\]/.test(name)) {
40
+ throw new Error(`Invalid secret name: ${name}`);
41
+ }
42
+ return join(this.secretsDir, `${name}.dpapi`);
43
+ }
44
+ async has(secretName) {
45
+ return existsSync(this.filePath(secretName));
46
+ }
47
+ async get(secretName) {
48
+ const path = this.filePath(secretName);
49
+ if (!existsSync(path))
50
+ return null;
51
+ const encrypted = readFileSync(path, "utf-8").trim();
52
+ // DPAPI decrypt: ConvertTo-SecureString → Marshal to plaintext
53
+ // Value is passed via stdin to avoid injection
54
+ const script = [
55
+ "$enc = [System.Console]::In.ReadToEnd().Trim()",
56
+ "$ss = ConvertTo-SecureString $enc",
57
+ "$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($ss)",
58
+ "try { [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) }",
59
+ "finally { [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr) }",
60
+ ].join("; ");
61
+ const { stdout } = await execWithStdin(this.psBinary, ["-NoProfile", "-NonInteractive", "-Command", script], encrypted, { timeout: 10_000 });
62
+ return stdout.trimEnd();
63
+ }
64
+ async set(secretName, value) {
65
+ // Validate early — filePath() checks path traversal but is called late
66
+ const outPath = this.filePath(secretName);
67
+ // DPAPI encrypt: stdin → SecureString → encrypted string
68
+ const script = [
69
+ "$plain = [System.Console]::In.ReadToEnd()",
70
+ "$ss = ConvertTo-SecureString $plain -AsPlainText -Force",
71
+ "ConvertFrom-SecureString $ss",
72
+ ].join("; ");
73
+ const { stdout } = await execWithStdin(this.psBinary, ["-NoProfile", "-NonInteractive", "-Command", script], value, { timeout: 10_000 });
74
+ writeFileSync(outPath, stdout.trim(), "utf-8");
75
+ }
76
+ async delete(secretName) {
77
+ const path = this.filePath(secretName);
78
+ if (existsSync(path))
79
+ unlinkSync(path);
80
+ }
81
+ }
82
+ //# sourceMappingURL=secret-client-windows.js.map
package/dist/secret-client-windows.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"secret-client-windows.js","sourceRoot":"","sources":["../src/secret-client-windows.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACzF,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAErD;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,wBAAwB;IAClB,UAAU,CAAS;IACnB,QAAQ,CAAS;IAElC;;;;;;;OAOG;IACH,YAAY,UAAmB,EAAE,QAAiB;QAChD,IAAI,CAAC,UAAU,GAAG,UAAU,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC;QAC9E,IAAI,CAAC,QAAQ,GAAG,QAAQ,IAAI,gBAAgB,CAAC;QAC7C,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC;IAEO,QAAQ,CAAC,IAAY;QAC3B,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC;QAClD,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAkB;QAC1B,OAAO,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAkB;QAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACvC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QAEnC,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAErD,+DAA+D;QAC/D,+CAA+C;QAC/C,MAAM,MAAM,GAAG;YACb,gDAAgD;YAChD,mCAAmC;YACnC,2EAA2E;YAC3E,0EAA0E;YAC1E,2EAA2E;SAC5E,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CACpC,IAAI,CAAC,QAAQ,EACb,CAAC,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,CAAC,EACrD,SAAS,EACT,EAAE,OAAO,EAAE,MAAM,EAAE,CACpB,CAAC;QACF,OAAO,MAAM,CAAC,OAAO,EAAE,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,UAAkB,EAAE,KAAa;QACzC,uEAAuE;QACvE,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAE1C,yDAAyD;QACzD,MAAM,MAAM,GAAG;YACb,2CAA2C;YAC3C,yDAAyD;YACzD,8BAA8B;SAC/B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEb,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CACpC,IAAI,CAAC,QAAQ,EACb,CAAC,YAAY,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,CAAC,EACrD,KAAK,EACL,EAAE,OAAO,EAAE,MAAM,EAAE,CACpB,CAAC;QACF,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,EAAE,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,UAAkB;QAC7B,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACvC,IAAI,UAAU,CAAC,IAAI,CAAC;YAAE,UAAU,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;CACF"}
package/dist/secret-redaction.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ export declare const SENSITIVE_KEY_PATTERN: RegExp;
2
+ export declare function redactSensitiveString(input: string, replacement?: string): string;
3
+ //# sourceMappingURL=secret-redaction.d.ts.map
package/dist/secret-redaction.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"secret-redaction.d.ts","sourceRoot":"","sources":["../src/secret-redaction.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,qBAAqB,QAAwG,CAAC;AAwB3I,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,MAAM,EACb,WAAW,SAAe,GACzB,MAAM,CAMR"}
package/dist/secret-redaction.js ADDED
@@ -0,0 +1,31 @@
1
+ export const SENSITIVE_KEY_PATTERN = /(token|secret|password|apikey|api_key|authorization|bearer|credentials|refresh_token|access_token)/i;
2
+ const SECRET_VALUE_PATTERNS = [
3
+ /\bsk-ant-[A-Za-z0-9\-_]+\b/g,
4
+ // OpenAI-style sk-* keys (sk-, sk-proj-, sk-svcacct-).
5
+ /\bsk-[A-Za-z0-9_\-]{30,}\b/g,
6
+ // Stripe (sk_live_*, sk_test_*, pk_live_*, pk_test_*, rk_*, restricted keys).
7
+ /\b[srp]k_(?:live|test)_[A-Za-z0-9]{20,}\b/g,
8
+ // Google API keys: AIza prefix, 39 chars total.
9
+ /\bAIza[0-9A-Za-z_-]{35}\b/g,
10
+ /\bxoxb-[A-Za-z0-9\-]+\b/g,
11
+ /\bxapp-[A-Za-z0-9\-]+\b/g,
12
+ // Slack user tokens (xoxp-) — not all redactors carry this; explicit.
13
+ /\bxoxp-[A-Za-z0-9\-]+\b/g,
14
+ /\bgh[pous]_[A-Za-z0-9]+\b/g,
15
+ /\bX-Read-Token:\s*[A-Za-z0-9_-]{20,}\b/gi,
16
+ /\bBearer\s+[A-Za-z0-9_\-]{20,}\b/g,
17
+ /\b[A-Fa-f0-9]{32,}\b/g,
18
+ // Ordering matters: base64-with-padding must run BEFORE the generic
19
+ // 32+ word-char pattern, otherwise the word-char match consumes the
20
+ // alphabetic portion and leaves a trailing `=` visible.
21
+ /\b[A-Za-z0-9+/]{40,}={0,2}(?![A-Za-z0-9+/=])/g,
22
+ /\b[A-Za-z0-9_-]{32,}(?![A-Za-z0-9_-])/g,
23
+ ];
24
+ export function redactSensitiveString(input, replacement = "[REDACTED]") {
25
+ let output = input;
26
+ for (const pattern of SECRET_VALUE_PATTERNS) {
27
+ output = output.replace(pattern, replacement);
28
+ }
29
+ return output;
30
+ }
31
+ //# sourceMappingURL=secret-redaction.js.map
package/dist/secret-redaction.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"secret-redaction.js","sourceRoot":"","sources":["../src/secret-redaction.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,qBAAqB,GAAG,qGAAqG,CAAC;AAC3I,MAAM,qBAAqB,GAAG;IAC5B,6BAA6B;IAC7B,uDAAuD;IACvD,6BAA6B;IAC7B,8EAA8E;IAC9E,4CAA4C;IAC5C,gDAAgD;IAChD,4BAA4B;IAC5B,0BAA0B;IAC1B,0BAA0B;IAC1B,sEAAsE;IACtE,0BAA0B;IAC1B,4BAA4B;IAC5B,0CAA0C;IAC1C,mCAAmC;IACnC,uBAAuB;IACvB,oEAAoE;IACpE,oEAAoE;IACpE,wDAAwD;IACxD,+CAA+C;IAC/C,wCAAwC;CAChC,CAAC;AAEX,MAAM,UAAU,qBAAqB,CACnC,KAAa,EACb,WAAW,GAAG,YAAY;IAE1B,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,MAAM,OAAO,IAAI,qBAAqB,EAAE,CAAC;QAC5C,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}
package/dist/skill-curation/decision-language.d.ts ADDED
@@ -0,0 +1,6 @@
1
+ export declare function containsDecisionLanguage(value: string): boolean;
2
+ export declare function noDecisionLanguage(value: string): boolean;
3
+ export declare function noEmbeddedMarkers(value: string): boolean;
4
+ export declare const DECISION_LANGUAGE_MESSAGE = "convention rules cannot use imperative decision language (when/if/must/always/never). Restate as a description of the convention, not an instruction.";
5
+ export declare const EMBEDDED_MARKER_MESSAGE = "free-text fields cannot embed CURATION/safety/integration_modes/mode markers";
6
+ //# sourceMappingURL=decision-language.d.ts.map
package/dist/skill-curation/decision-language.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"decision-language.d.ts","sourceRoot":"","sources":["../../src/skill-curation/decision-language.ts"],"names":[],"mappings":"AAsBA,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAE/D;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAEzD;AAUD,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAExD;AAED,eAAO,MAAM,yBAAyB,0JACmH,CAAC;AAE1J,eAAO,MAAM,uBAAuB,iFAC4C,CAAC"}
package/dist/skill-curation/decision-language.js ADDED
@@ -0,0 +1,38 @@
1
+ // Decision-language linter (P22 §1.3, §1.4, §2.3 `decision_language_clean`).
2
+ //
3
+ // The optimizer agent submits typed JSON payloads describing knowledge
4
+ // cartography (file layouts, routing tables, conventions). It MUST NOT
5
+ // smuggle behavioural decision logic ("when X then Y", "must always do Z")
6
+ // into free-text fields — those belong in framework code, not in
7
+ // auto-curated skill content. Three layers of defence enforce this:
8
+ //
9
+ // 1. Zod refines on every free-text field at submission time.
10
+ // 2. Smoke-test re-check on the rendered markdown.
11
+ // 3. The optimizer-only skill body coaches paraphrase at proposal time.
12
+ //
13
+ // Patterns are intentionally narrow: descriptive prose like
14
+ // "All entries follow the [YYYY-MM-DD] prefix" must pass.
15
+ const DECISION_LANGUAGE_PATTERNS = [
16
+ /\bwhen\s+[a-z]+.*\bthen\b/i,
17
+ /\bif\s+[a-z]+.*\b(do|then|then\s+do)\b/i,
18
+ /\bbefore\s+[a-z]+.*\byou\s+(should|must|need)\b/i,
19
+ /\b(must|always|never)\b/i,
20
+ ];
21
+ export function containsDecisionLanguage(value) {
22
+ return DECISION_LANGUAGE_PATTERNS.some((re) => re.test(value));
23
+ }
24
+ export function noDecisionLanguage(value) {
25
+ return !containsDecisionLanguage(value);
26
+ }
27
+ /** Embedded markers/anchors that the renderer would otherwise have to escape.
28
+ * Reject at the API edge so a renderer regression cannot silently pass them
29
+ * through into materialized SKILL.md (defence-in-depth). The first form
30
+ * catches HTML comments that the daemon parses; the second catches the
31
+ * `<integration_modes>` placeholder tag the SkillsCompiler substitutes. */
32
+ const EMBEDDED_MARKER_PATTERN = /(<!--\s*(?:CURATION|safety|integration_modes|mode:|today_write_lock_id))|(<\s*integration_modes\b)/i;
33
+ export function noEmbeddedMarkers(value) {
34
+ return !EMBEDDED_MARKER_PATTERN.test(value);
35
+ }
36
+ export const DECISION_LANGUAGE_MESSAGE = "convention rules cannot use imperative decision language (when/if/must/always/never). Restate as a description of the convention, not an instruction.";
37
+ export const EMBEDDED_MARKER_MESSAGE = "free-text fields cannot embed CURATION/safety/integration_modes/mode markers";
38
+ //# sourceMappingURL=decision-language.js.map
package/dist/skill-curation/decision-language.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"decision-language.js","sourceRoot":"","sources":["../../src/skill-curation/decision-language.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAC7E,EAAE;AACF,uEAAuE;AACvE,uEAAuE;AACvE,2EAA2E;AAC3E,iEAAiE;AACjE,oEAAoE;AACpE,EAAE;AACF,gEAAgE;AAChE,qDAAqD;AACrD,0EAA0E;AAC1E,EAAE;AACF,4DAA4D;AAC5D,0DAA0D;AAE1D,MAAM,0BAA0B,GAA0B;IACxD,4BAA4B;IAC5B,yCAAyC;IACzC,kDAAkD;IAClD,0BAA0B;CAC3B,CAAC;AAEF,MAAM,UAAU,wBAAwB,CAAC,KAAa;IACpD,OAAO,0BAA0B,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,OAAO,CAAC,wBAAwB,CAAC,KAAK,CAAC,CAAC;AAC1C,CAAC;AAED;;;;4EAI4E;AAC5E,MAAM,uBAAuB,GAC3B,qGAAqG,CAAC;AAExG,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,OAAO,CAAC,uBAAuB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,CAAC,MAAM,yBAAyB,GACpC,uJAAuJ,CAAC;AAE1J,MAAM,CAAC,MAAM,uBAAuB,GAClC,8EAA8E,CAAC"}