npm - @astrasyncai/verification-gateway - Versions diffs - 1.1.0 → 2.0.0 - Mend

@astrasyncai/verification-gateway 1.1.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (101) hide show

package/dist/adapter-interface/interface.d.mts +71 -0
package/dist/adapter-interface/interface.d.ts +71 -0
package/dist/adapter-interface/interface.js +36 -0
package/dist/adapter-interface/interface.js.map +1 -0
package/dist/adapter-interface/interface.mjs +10 -0
package/dist/adapter-interface/interface.mjs.map +1 -0
package/dist/adapter-interface/purpose-mapping.d.mts +28 -0
package/dist/adapter-interface/purpose-mapping.d.ts +28 -0
package/dist/adapter-interface/purpose-mapping.js +117 -0
package/dist/adapter-interface/purpose-mapping.js.map +1 -0
package/dist/adapter-interface/purpose-mapping.mjs +89 -0
package/dist/adapter-interface/purpose-mapping.mjs.map +1 -0
package/dist/adapters/express.d.mts +2 -2
package/dist/adapters/express.d.ts +2 -2
package/dist/adapters/express.js +6 -7
package/dist/adapters/express.js.map +1 -1
package/dist/adapters/express.mjs +6 -7
package/dist/adapters/express.mjs.map +1 -1
package/dist/adapters/nextjs.d.mts +2 -2
package/dist/adapters/nextjs.d.ts +2 -2
package/dist/adapters/nextjs.js +5 -7
package/dist/adapters/nextjs.js.map +1 -1
package/dist/adapters/nextjs.mjs +5 -7
package/dist/adapters/nextjs.mjs.map +1 -1
package/dist/adapters/sdk.d.mts +2 -2
package/dist/adapters/sdk.d.ts +2 -2
package/dist/adapters/sdk.js +6 -2
package/dist/adapters/sdk.js.map +1 -1
package/dist/adapters/sdk.mjs +6 -2
package/dist/adapters/sdk.mjs.map +1 -1
package/dist/agent/index.d.mts +2 -0
package/dist/agent/index.d.ts +2 -0
package/dist/agent/index.js +354 -0
package/dist/agent/index.js.map +1 -0
package/dist/agent/index.mjs +323 -0
package/dist/agent/index.mjs.map +1 -0
package/dist/browser/browser-adapter.d.mts +106 -0
package/dist/browser/browser-adapter.d.ts +106 -0
package/dist/browser/browser-adapter.js +286 -0
package/dist/browser/browser-adapter.js.map +1 -0
package/dist/browser/browser-adapter.mjs +259 -0
package/dist/browser/browser-adapter.mjs.map +1 -0
package/dist/cli/index.d.mts +241 -0
package/dist/cli/index.d.ts +241 -0
package/dist/cli/index.js +3734 -0
package/dist/cli/index.js.map +1 -0
package/dist/cli/index.mjs +3688 -0
package/dist/cli/index.mjs.map +1 -0
package/dist/cursor/cursor-adapter.d.mts +92 -0
package/dist/cursor/cursor-adapter.d.ts +92 -0
package/dist/cursor/cursor-adapter.js +273 -0
package/dist/cursor/cursor-adapter.js.map +1 -0
package/dist/cursor/cursor-adapter.mjs +246 -0
package/dist/cursor/cursor-adapter.mjs.map +1 -0
package/dist/{express-BoayLpqq.d.mts → express-Cp4eg77F.d.mts} +1 -1
package/dist/{express-BGZiLINd.d.ts → express-DIEyq1Tz.d.ts} +1 -1
package/dist/gateway/gateway.d.mts +70 -0
package/dist/gateway/gateway.d.ts +70 -0
package/dist/gateway/gateway.js +3726 -0
package/dist/gateway/gateway.js.map +1 -0
package/dist/gateway/gateway.mjs +3706 -0
package/dist/gateway/gateway.mjs.map +1 -0
package/dist/git-trigger/git-hooks.d.mts +69 -0
package/dist/git-trigger/git-hooks.d.ts +69 -0
package/dist/git-trigger/git-hooks.js +244 -0
package/dist/git-trigger/git-hooks.js.map +1 -0
package/dist/git-trigger/git-hooks.mjs +221 -0
package/dist/git-trigger/git-hooks.mjs.map +1 -0
package/dist/index-BhTbGU-o.d.mts +206 -0
package/dist/index-Bhfxq9xI.d.ts +206 -0
package/dist/index-CNkmHmpi.d.ts +89 -0
package/dist/index-CoLebmwv.d.mts +89 -0
package/dist/index.d.mts +8 -295
package/dist/index.d.ts +8 -295
package/dist/index.js +17 -16
package/dist/index.js.map +1 -1
package/dist/index.mjs +17 -16
package/dist/index.mjs.map +1 -1
package/dist/local-evaluator/evaluator.d.mts +55 -0
package/dist/local-evaluator/evaluator.d.ts +55 -0
package/dist/local-evaluator/evaluator.js +272 -0
package/dist/local-evaluator/evaluator.js.map +1 -0
package/dist/local-evaluator/evaluator.mjs +244 -0
package/dist/local-evaluator/evaluator.mjs.map +1 -0
package/dist/{nextjs-DTCS5Sw8.d.ts → nextjs-Cag7libc.d.ts} +1 -1
package/dist/{nextjs-BNbHm5Ui.d.mts → nextjs-_C_FcJY5.d.mts} +1 -1
package/dist/{sdk-9TKZzhxE.d.ts → sdk-CMPDFUjo.d.ts} +3 -1
package/dist/{sdk-VAFRmdt7.d.mts → sdk-DAJahT3p.d.mts} +3 -1
package/dist/transport/index.d.mts +2 -0
package/dist/transport/index.d.ts +2 -0
package/dist/transport/index.js +211 -0
package/dist/transport/index.js.map +1 -0
package/dist/transport/index.mjs +176 -0
package/dist/transport/index.mjs.map +1 -0
package/dist/{types-cA_xfFU7.d.mts → types-Bf8pML07.d.mts} +1 -1
package/dist/{types-cA_xfFU7.d.ts → types-Bf8pML07.d.ts} +1 -1
package/dist/types-BvpGdsv1.d.mts +153 -0
package/dist/types-Ce2mFJkO.d.ts +153 -0
package/dist/ui/index.d.mts +1 -1
package/dist/ui/index.d.ts +1 -1
package/package.json +46 -1

package/dist/git-trigger/git-hooks.d.mts ADDED Viewed

@@ -0,0 +1,69 @@
+import { AstraSyncGateway } from '../gateway/gateway.mjs';
+import { V as VerificationDecision, P as PDLSSContext } from '../types-BvpGdsv1.mjs';
+import '../types-Bf8pML07.mjs';
+/**
+ * Git Trigger — Enterprise git push / PR verification
+ *
+ * Installs git hooks that evaluate changed files against the PDLSS policy
+ * before allowing pushes to remote repositories.
+ *
+ * Two enforcement modes (admin-configurable):
+ *   - block: non-zero exit prevents the push
+ *   - warn:  push proceeds but warning is printed
+ */
+interface GitTriggerConfig {
+    /** Block the push or just warn (default: 'warn') */
+    enforcement: 'block' | 'warn';
+    /** Which git hooks to install (default: ['pre-push']) */
+    hooks: ('pre-push' | 'pre-commit')[];
+    /** Only enforce on these branches (default: all) */
+    protectedBranches?: string[];
+    /** Custom message for blocked pushes */
+    blockMessage?: string;
+}
+/**
+ * Install git hooks into the repository.
+ * Returns the paths of installed hooks.
+ */
+declare function installGitHooks(repoRoot: string, config?: Partial<GitTriggerConfig>): {
+    installed: string[];
+    skipped: string[];
+};
+/**
+ * Remove AstraSync-managed git hooks.
+ */
+declare function uninstallGitHooks(repoRoot: string, hooks?: ('pre-push' | 'pre-commit')[]): string[];
+/**
+ * Get list of changed files for the current trigger context.
+ */
+declare function getChangedFiles(trigger: 'pre-push' | 'pre-commit', repoRoot: string): string[];
+/**
+ * Map a file change to a PDLSS context for evaluation.
+ */
+declare function fileChangeToPDLSSContext(filePath: string): PDLSSContext;
+/**
+ * Evaluate changed files against the gateway policy.
+ * Returns a summary of allow/deny/review decisions.
+ */
+declare function evaluateChangedFiles(gateway: AstraSyncGateway, files: string[], config?: Partial<GitTriggerConfig>): Promise<GitCheckResult>;
+interface GitCheckResult {
+    allowed: number;
+    blocked: number;
+    warned: number;
+    total: number;
+    shouldBlock: boolean;
+    enforcement: 'block' | 'warn';
+    results: {
+        file: string;
+        decision: VerificationDecision;
+    }[];
+    blockMessage?: string;
+}
+/**
+ * Check if the current branch is protected.
+ */
+declare function isProtectedBranch(config?: Partial<GitTriggerConfig>): boolean;
+export { type GitCheckResult, type GitTriggerConfig, evaluateChangedFiles, fileChangeToPDLSSContext, getChangedFiles, installGitHooks, isProtectedBranch, uninstallGitHooks };

package/dist/git-trigger/git-hooks.d.ts ADDED Viewed

@@ -0,0 +1,69 @@
+import { AstraSyncGateway } from '../gateway/gateway.js';
+import { V as VerificationDecision, P as PDLSSContext } from '../types-Ce2mFJkO.js';
+import '../types-Bf8pML07.js';
+/**
+ * Git Trigger — Enterprise git push / PR verification
+ *
+ * Installs git hooks that evaluate changed files against the PDLSS policy
+ * before allowing pushes to remote repositories.
+ *
+ * Two enforcement modes (admin-configurable):
+ *   - block: non-zero exit prevents the push
+ *   - warn:  push proceeds but warning is printed
+ */
+interface GitTriggerConfig {
+    /** Block the push or just warn (default: 'warn') */
+    enforcement: 'block' | 'warn';
+    /** Which git hooks to install (default: ['pre-push']) */
+    hooks: ('pre-push' | 'pre-commit')[];
+    /** Only enforce on these branches (default: all) */
+    protectedBranches?: string[];
+    /** Custom message for blocked pushes */
+    blockMessage?: string;
+}
+/**
+ * Install git hooks into the repository.
+ * Returns the paths of installed hooks.
+ */
+declare function installGitHooks(repoRoot: string, config?: Partial<GitTriggerConfig>): {
+    installed: string[];
+    skipped: string[];
+};
+/**
+ * Remove AstraSync-managed git hooks.
+ */
+declare function uninstallGitHooks(repoRoot: string, hooks?: ('pre-push' | 'pre-commit')[]): string[];
+/**
+ * Get list of changed files for the current trigger context.
+ */
+declare function getChangedFiles(trigger: 'pre-push' | 'pre-commit', repoRoot: string): string[];
+/**
+ * Map a file change to a PDLSS context for evaluation.
+ */
+declare function fileChangeToPDLSSContext(filePath: string): PDLSSContext;
+/**
+ * Evaluate changed files against the gateway policy.
+ * Returns a summary of allow/deny/review decisions.
+ */
+declare function evaluateChangedFiles(gateway: AstraSyncGateway, files: string[], config?: Partial<GitTriggerConfig>): Promise<GitCheckResult>;
+interface GitCheckResult {
+    allowed: number;
+    blocked: number;
+    warned: number;
+    total: number;
+    shouldBlock: boolean;
+    enforcement: 'block' | 'warn';
+    results: {
+        file: string;
+        decision: VerificationDecision;
+    }[];
+    blockMessage?: string;
+}
+/**
+ * Check if the current branch is protected.
+ */
+declare function isProtectedBranch(config?: Partial<GitTriggerConfig>): boolean;
+export { type GitCheckResult, type GitTriggerConfig, evaluateChangedFiles, fileChangeToPDLSSContext, getChangedFiles, installGitHooks, isProtectedBranch, uninstallGitHooks };

package/dist/git-trigger/git-hooks.js ADDED Viewed

@@ -0,0 +1,244 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/git-trigger/git-hooks.ts
+var git_hooks_exports = {};
+__export(git_hooks_exports, {
+  evaluateChangedFiles: () => evaluateChangedFiles,
+  fileChangeToPDLSSContext: () => fileChangeToPDLSSContext,
+  getChangedFiles: () => getChangedFiles,
+  installGitHooks: () => installGitHooks,
+  isProtectedBranch: () => isProtectedBranch,
+  uninstallGitHooks: () => uninstallGitHooks
+});
+module.exports = __toCommonJS(git_hooks_exports);
+var import_fs = require("fs");
+var import_path = require("path");
+var import_child_process = require("child_process");
+// src/adapter-interface/purpose-mapping.ts
+var TOOL_PURPOSE_MAP = {
+  // Shell
+  shell_exec: "shell.exec",
+  run_command: "shell.exec",
+  execute: "shell.exec",
+  terminal_exec: "shell.exec",
+  run_terminal_command: "shell.exec",
+  // File read
+  file_read: "file.read",
+  read_file: "file.read",
+  // File write
+  file_write: "file.write",
+  write_file: "file.write",
+  create_file: "file.write",
+  edit_file: "file.write",
+  // File delete
+  file_delete: "file.delete",
+  delete_file: "file.delete",
+  // Network
+  http_request: "network.request",
+  fetch: "network.request",
+  web_request: "network.request",
+  // Email
+  send_email: "email.send",
+  read_email: "email.read",
+  // Calendar
+  create_event: "calendar.create",
+  // Database
+  query_database: "database.query",
+  write_database: "database.write",
+  // Payment
+  payment_execute: "payment.execute"
+};
+function mapToolToPurpose(toolName) {
+  return TOOL_PURPOSE_MAP[toolName] || `tool.${toolName}`;
+}
+function extractTarget(toolName, args) {
+  const purpose = mapToolToPurpose(toolName);
+  if (purpose.startsWith("shell.")) {
+    return String(args.command || args.cmd || args.script || "");
+  }
+  if (purpose.startsWith("file.")) {
+    return String(args.path || args.file || args.filename || args.file_path || "");
+  }
+  if (purpose.startsWith("network.")) {
+    return String(args.url || args.endpoint || args.uri || "");
+  }
+  if (purpose.startsWith("email.")) {
+    return String(args.to || args.recipient || args.address || "");
+  }
+  if (purpose.startsWith("database.")) {
+    return String(args.query || args.table || "");
+  }
+  if (purpose.startsWith("payment.")) {
+    return String(args.description || args.merchant || args.amount || "");
+  }
+  if (args.command) return String(args.command);
+  if (args.path) return String(args.path);
+  if (args.url) return String(args.url);
+  for (const val of Object.values(args)) {
+    if (typeof val === "string" && val.length > 0) return val;
+  }
+  return toolName;
+}
+// src/git-trigger/git-hooks.ts
+var DEFAULT_CONFIG = {
+  enforcement: "warn",
+  hooks: ["pre-push"]
+};
+var HOOK_MARKER = "# AstraSync Local Guard \u2014 managed hook";
+function makeHookScript(hookType) {
+  return `#!/bin/sh
+${HOOK_MARKER}
+# Runs AstraSync verification on changed files before ${hookType === "pre-push" ? "push" : "commit"}.
+# Installed by: astrasync guard install-hooks
+# To remove: delete this file or run astrasync guard uninstall-hooks
+npx astrasync guard check --trigger=${hookType} "$@"
+exit $?
+`;
+}
+function installGitHooks(repoRoot, config = {}) {
+  const merged = { ...DEFAULT_CONFIG, ...config };
+  const hooksDir = (0, import_path.join)(repoRoot, ".git", "hooks");
+  const installed = [];
+  const skipped = [];
+  if (!(0, import_fs.existsSync)((0, import_path.join)(repoRoot, ".git"))) {
+    throw new Error(`Not a git repository: ${repoRoot}`);
+  }
+  if (!(0, import_fs.existsSync)(hooksDir)) {
+    (0, import_fs.mkdirSync)(hooksDir, { recursive: true });
+  }
+  for (const hookType of merged.hooks) {
+    const hookPath = (0, import_path.join)(hooksDir, hookType);
+    if ((0, import_fs.existsSync)(hookPath)) {
+      const content = (0, import_fs.readFileSync)(hookPath, "utf-8");
+      if (!content.includes(HOOK_MARKER)) {
+        skipped.push(hookPath);
+        continue;
+      }
+    }
+    (0, import_fs.writeFileSync)(hookPath, makeHookScript(hookType), "utf-8");
+    (0, import_fs.chmodSync)(hookPath, 493);
+    installed.push(hookPath);
+  }
+  return { installed, skipped };
+}
+function uninstallGitHooks(repoRoot, hooks = ["pre-push"]) {
+  const hooksDir = (0, import_path.join)(repoRoot, ".git", "hooks");
+  const removed = [];
+  for (const hookType of hooks) {
+    const hookPath = (0, import_path.join)(hooksDir, hookType);
+    if ((0, import_fs.existsSync)(hookPath)) {
+      const content = (0, import_fs.readFileSync)(hookPath, "utf-8");
+      if (content.includes(HOOK_MARKER)) {
+        const { unlinkSync } = require("fs");
+        unlinkSync(hookPath);
+        removed.push(hookPath);
+      }
+    }
+  }
+  return removed;
+}
+function getChangedFiles(trigger, repoRoot) {
+  try {
+    let output;
+    if (trigger === "pre-push") {
+      output = (0, import_child_process.execSync)("git diff --name-only @{push}.. 2>/dev/null || git diff --name-only HEAD~1", {
+        cwd: repoRoot,
+        encoding: "utf-8"
+      });
+    } else {
+      output = (0, import_child_process.execSync)("git diff --cached --name-only", {
+        cwd: repoRoot,
+        encoding: "utf-8"
+      });
+    }
+    return output.split("\n").filter((f) => f.trim().length > 0);
+  } catch {
+    return [];
+  }
+}
+function fileChangeToPDLSSContext(filePath) {
+  const purpose = mapToolToPurpose("file_write");
+  const target = extractTarget("file_write", { path: filePath });
+  return {
+    purpose,
+    action: "file_write",
+    target,
+    dataAccess: ["write"],
+    resourceType: "file"
+  };
+}
+async function evaluateChangedFiles(gateway, files, config = {}) {
+  const merged = { ...DEFAULT_CONFIG, ...config };
+  const results = [];
+  let blocked = 0;
+  let warned = 0;
+  let allowed = 0;
+  for (const file of files) {
+    const context = fileChangeToPDLSSContext(file);
+    const decision = await gateway.evaluate(context);
+    results.push({ file, decision });
+    if (decision.recommendation === "DENY") {
+      blocked++;
+    } else if (decision.recommendation === "MANUAL_REVIEW") {
+      warned++;
+    } else {
+      allowed++;
+    }
+  }
+  const shouldBlock = merged.enforcement === "block" && blocked > 0;
+  return {
+    allowed,
+    blocked,
+    warned,
+    total: files.length,
+    shouldBlock,
+    enforcement: merged.enforcement,
+    results,
+    blockMessage: shouldBlock ? merged.blockMessage || `AstraSync blocked push: ${blocked} file(s) denied by policy` : void 0
+  };
+}
+function isProtectedBranch(config = {}) {
+  if (!config.protectedBranches || config.protectedBranches.length === 0) {
+    return true;
+  }
+  try {
+    const branch = (0, import_child_process.execSync)("git rev-parse --abbrev-ref HEAD", { encoding: "utf-8" }).trim();
+    return config.protectedBranches.some((pattern) => {
+      if (pattern === branch) return true;
+      if (pattern.endsWith("*") && branch.startsWith(pattern.slice(0, -1))) return true;
+      return false;
+    });
+  } catch {
+    return true;
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  evaluateChangedFiles,
+  fileChangeToPDLSSContext,
+  getChangedFiles,
+  installGitHooks,
+  isProtectedBranch,
+  uninstallGitHooks
+});
+//# sourceMappingURL=git-hooks.js.map

package/dist/git-trigger/git-hooks.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/git-trigger/git-hooks.ts","../../src/adapter-interface/purpose-mapping.ts"],"sourcesContent":["/**\n * Git Trigger — Enterprise git push / PR verification\n *\n * Installs git hooks that evaluate changed files against the PDLSS policy\n * before allowing pushes to remote repositories.\n *\n * Two enforcement modes (admin-configurable):\n * - block: non-zero exit prevents the push\n * - warn: push proceeds but warning is printed\n */\n\nimport { existsSync, mkdirSync, writeFileSync, readFileSync, chmodSync } from 'fs';\nimport { join } from 'path';\nimport { execSync } from 'child_process';\nimport type { AstraSyncGateway } from '../gateway/gateway';\nimport { mapToolToPurpose, extractTarget, extractNetworkDomains } from '../adapter-interface/purpose-mapping';\nimport type { PDLSSContext, VerificationDecision } from '../gateway/types';\n\n// -----------------------------------------------------------------------\n// Configuration\n// -----------------------------------------------------------------------\n\nexport interface GitTriggerConfig {\n /** Block the push or just warn (default: 'warn') */\n enforcement: 'block' | 'warn';\n /** Which git hooks to install (default: ['pre-push']) */\n hooks: ('pre-push' | 'pre-commit')[];\n /** Only enforce on these branches (default: all) */\n protectedBranches?: string[];\n /** Custom message for blocked pushes */\n blockMessage?: string;\n}\n\nconst DEFAULT_CONFIG: GitTriggerConfig = {\n enforcement: 'warn',\n hooks: ['pre-push'],\n};\n\n// -----------------------------------------------------------------------\n// Hook script content\n// -----------------------------------------------------------------------\n\nconst HOOK_MARKER = '# AstraSync Local Guard — managed hook';\n\nfunction makeHookScript(hookType: 'pre-push' | 'pre-commit'): string {\n return `#!/bin/sh\n${HOOK_MARKER}\n# Runs AstraSync verification on changed files before ${hookType === 'pre-push' ? 'push' : 'commit'}.\n# Installed by: astrasync guard install-hooks\n# To remove: delete this file or run astrasync guard uninstall-hooks\n\nnpx astrasync guard check --trigger=${hookType} \"$@\"\nexit $?\n`;\n}\n\n// -----------------------------------------------------------------------\n// Hook installer\n// -----------------------------------------------------------------------\n\n/**\n * Install git hooks into the repository.\n * Returns the paths of installed hooks.\n */\nexport function installGitHooks(\n repoRoot: string,\n config: Partial<GitTriggerConfig> = {},\n): { installed: string[]; skipped: string[] } {\n const merged = { ...DEFAULT_CONFIG, ...config };\n const hooksDir = join(repoRoot, '.git', 'hooks');\n const installed: string[] = [];\n const skipped: string[] = [];\n\n if (!existsSync(join(repoRoot, '.git'))) {\n throw new Error(`Not a git repository: ${repoRoot}`);\n }\n\n if (!existsSync(hooksDir)) {\n mkdirSync(hooksDir, { recursive: true });\n }\n\n for (const hookType of merged.hooks) {\n const hookPath = join(hooksDir, hookType);\n\n // Don't overwrite non-AstraSync hooks\n if (existsSync(hookPath)) {\n const content = readFileSync(hookPath, 'utf-8');\n if (!content.includes(HOOK_MARKER)) {\n skipped.push(hookPath);\n continue;\n }\n }\n\n writeFileSync(hookPath, makeHookScript(hookType), 'utf-8');\n chmodSync(hookPath, 0o755);\n installed.push(hookPath);\n }\n\n return { installed, skipped };\n}\n\n/**\n * Remove AstraSync-managed git hooks.\n */\nexport function uninstallGitHooks(\n repoRoot: string,\n hooks: ('pre-push' | 'pre-commit')[] = ['pre-push'],\n): string[] {\n const hooksDir = join(repoRoot, '.git', 'hooks');\n const removed: string[] = [];\n\n for (const hookType of hooks) {\n const hookPath = join(hooksDir, hookType);\n if (existsSync(hookPath)) {\n const content = readFileSync(hookPath, 'utf-8');\n if (content.includes(HOOK_MARKER)) {\n const { unlinkSync } = require('fs');\n unlinkSync(hookPath);\n removed.push(hookPath);\n }\n }\n }\n\n return removed;\n}\n\n// -----------------------------------------------------------------------\n// Evaluation logic\n// -----------------------------------------------------------------------\n\n/**\n * Get list of changed files for the current trigger context.\n */\nexport function getChangedFiles(trigger: 'pre-push' | 'pre-commit', repoRoot: string): string[] {\n try {\n let output: string;\n if (trigger === 'pre-push') {\n // Files changed between HEAD and remote tracking branch\n output = execSync('git diff --name-only @{push}.. 2>/dev/null || git diff --name-only HEAD~1', {\n cwd: repoRoot,\n encoding: 'utf-8',\n });\n } else {\n // Files staged for commit\n output = execSync('git diff --cached --name-only', {\n cwd: repoRoot,\n encoding: 'utf-8',\n });\n }\n return output.split('\\n').filter(f => f.trim().length > 0);\n } catch {\n return [];\n }\n}\n\n/**\n * Map a file change to a PDLSS context for evaluation.\n */\nexport function fileChangeToPDLSSContext(filePath: string): PDLSSContext {\n const purpose = mapToolToPurpose('file_write');\n const target = extractTarget('file_write', { path: filePath });\n\n return {\n purpose,\n action: 'file_write',\n target,\n dataAccess: ['write'],\n resourceType: 'file',\n };\n}\n\n/**\n * Evaluate changed files against the gateway policy.\n * Returns a summary of allow/deny/review decisions.\n */\nexport async function evaluateChangedFiles(\n gateway: AstraSyncGateway,\n files: string[],\n config: Partial<GitTriggerConfig> = {},\n): Promise<GitCheckResult> {\n const merged = { ...DEFAULT_CONFIG, ...config };\n const results: { file: string; decision: VerificationDecision }[] = [];\n let blocked = 0;\n let warned = 0;\n let allowed = 0;\n\n for (const file of files) {\n const context = fileChangeToPDLSSContext(file);\n const decision = await gateway.evaluate(context);\n\n results.push({ file, decision });\n\n if (decision.recommendation === 'DENY') {\n blocked++;\n } else if (decision.recommendation === 'MANUAL_REVIEW') {\n warned++;\n } else {\n allowed++;\n }\n }\n\n const shouldBlock = merged.enforcement === 'block' && (blocked > 0);\n\n return {\n allowed,\n blocked,\n warned,\n total: files.length,\n shouldBlock,\n enforcement: merged.enforcement,\n results,\n blockMessage: shouldBlock\n ? (merged.blockMessage || `AstraSync blocked push: ${blocked} file(s) denied by policy`)\n : undefined,\n };\n}\n\nexport interface GitCheckResult {\n allowed: number;\n blocked: number;\n warned: number;\n total: number;\n shouldBlock: boolean;\n enforcement: 'block' | 'warn';\n results: { file: string; decision: VerificationDecision }[];\n blockMessage?: string;\n}\n\n/**\n * Check if the current branch is protected.\n */\nexport function isProtectedBranch(config: Partial<GitTriggerConfig> = {}): boolean {\n if (!config.protectedBranches || config.protectedBranches.length === 0) {\n return true; // All branches protected by default\n }\n\n try {\n const branch = execSync('git rev-parse --abbrev-ref HEAD', { encoding: 'utf-8' }).trim();\n return config.protectedBranches.some(pattern => {\n if (pattern === branch) return true;\n if (pattern.endsWith('*') && branch.startsWith(pattern.slice(0, -1))) return true;\n return false;\n });\n } catch {\n return true; // Can't determine branch, assume protected\n }\n}\n","/**\n * Shared purpose mapping utilities for Layer 4 platform adapters.\n *\n * Maps platform-native action names to PDLSS purpose categories.\n * Used by OpenClaw CLI, Cursor, browser, and future adapters.\n */\n\n// -----------------------------------------------------------------------\n// Tool → Purpose mapping\n// -----------------------------------------------------------------------\n\n/** Standard tool name → PDLSS purpose mapping used by all adapters */\nconst TOOL_PURPOSE_MAP: Record<string, string> = {\n // Shell\n shell_exec: 'shell.exec',\n run_command: 'shell.exec',\n execute: 'shell.exec',\n terminal_exec: 'shell.exec',\n run_terminal_command: 'shell.exec',\n\n // File read\n file_read: 'file.read',\n read_file: 'file.read',\n\n // File write\n file_write: 'file.write',\n write_file: 'file.write',\n create_file: 'file.write',\n edit_file: 'file.write',\n\n // File delete\n file_delete: 'file.delete',\n delete_file: 'file.delete',\n\n // Network\n http_request: 'network.request',\n fetch: 'network.request',\n web_request: 'network.request',\n\n // Email\n send_email: 'email.send',\n read_email: 'email.read',\n\n // Calendar\n create_event: 'calendar.create',\n\n // Database\n query_database: 'database.query',\n write_database: 'database.write',\n\n // Payment\n payment_execute: 'payment.execute',\n};\n\n/**\n * Map a tool/action name to a PDLSS purpose category.\n * Returns `tool.<name>` for unmapped tools (denied by default).\n */\nexport function mapToolToPurpose(toolName: string): string {\n return TOOL_PURPOSE_MAP[toolName] || `tool.${toolName}`;\n}\n\n/**\n * Register additional tool → purpose mappings (e.g. from a platform adapter).\n * Does not overwrite existing mappings.\n */\nexport function registerToolMappings(mappings: Record<string, string>): void {\n for (const [tool, purpose] of Object.entries(mappings)) {\n if (!(tool in TOOL_PURPOSE_MAP)) {\n TOOL_PURPOSE_MAP[tool] = purpose;\n }\n }\n}\n\n// -----------------------------------------------------------------------\n// Target extraction\n// -----------------------------------------------------------------------\n\n/**\n * Extract the meaningful target string from tool arguments.\n * Uses the purpose category to determine which argument field is relevant.\n */\nexport function extractTarget(toolName: string, args: Record<string, unknown>): string {\n const purpose = mapToolToPurpose(toolName);\n\n if (purpose.startsWith('shell.')) {\n return String(args.command || args.cmd || args.script || '');\n }\n\n if (purpose.startsWith('file.')) {\n return String(args.path || args.file || args.filename || args.file_path || '');\n }\n\n if (purpose.startsWith('network.')) {\n return String(args.url || args.endpoint || args.uri || '');\n }\n\n if (purpose.startsWith('email.')) {\n return String(args.to || args.recipient || args.address || '');\n }\n\n if (purpose.startsWith('database.')) {\n return String(args.query || args.table || '');\n }\n\n if (purpose.startsWith('payment.')) {\n return String(args.description || args.merchant || args.amount || '');\n }\n\n // Fallback: try common field names\n if (args.command) return String(args.command);\n if (args.path) return String(args.path);\n if (args.url) return String(args.url);\n\n // Default: use first non-empty string argument or tool name\n for (const val of Object.values(args)) {\n if (typeof val === 'string' && val.length > 0) return val;\n }\n return toolName;\n}\n\n// -----------------------------------------------------------------------\n// Network domain extraction\n// -----------------------------------------------------------------------\n\n/**\n * Extract network domains from a URL target.\n * Returns undefined if the target is not a URL.\n */\nexport function extractNetworkDomains(target: string): string[] | undefined {\n try {\n if (target.startsWith('http://') || target.startsWith('https://')) {\n const url = new URL(target);\n return [url.hostname];\n }\n } catch {\n // Not a URL\n }\n return undefined;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAWA,gBAA8E;AAC9E,kBAAqB;AACrB,2BAAyB;;;ACDzB,IAAM,mBAA2C;AAAA;AAAA,EAE/C,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,SAAS;AAAA,EACT,eAAe;AAAA,EACf,sBAAsB;AAAA;AAAA,EAGtB,WAAW;AAAA,EACX,WAAW;AAAA;AAAA,EAGX,YAAY;AAAA,EACZ,YAAY;AAAA,EACZ,aAAa;AAAA,EACb,WAAW;AAAA;AAAA,EAGX,aAAa;AAAA,EACb,aAAa;AAAA;AAAA,EAGb,cAAc;AAAA,EACd,OAAO;AAAA,EACP,aAAa;AAAA;AAAA,EAGb,YAAY;AAAA,EACZ,YAAY;AAAA;AAAA,EAGZ,cAAc;AAAA;AAAA,EAGd,gBAAgB;AAAA,EAChB,gBAAgB;AAAA;AAAA,EAGhB,iBAAiB;AACnB;AAMO,SAAS,iBAAiB,UAA0B;AACzD,SAAO,iBAAiB,QAAQ,KAAK,QAAQ,QAAQ;AACvD;AAsBO,SAAS,cAAc,UAAkB,MAAuC;AACrF,QAAM,UAAU,iBAAiB,QAAQ;AAEzC,MAAI,QAAQ,WAAW,QAAQ,GAAG;AAChC,WAAO,OAAO,KAAK,WAAW,KAAK,OAAO,KAAK,UAAU,EAAE;AAAA,EAC7D;AAEA,MAAI,QAAQ,WAAW,OAAO,GAAG;AAC/B,WAAO,OAAO,KAAK,QAAQ,KAAK,QAAQ,KAAK,YAAY,KAAK,aAAa,EAAE;AAAA,EAC/E;AAEA,MAAI,QAAQ,WAAW,UAAU,GAAG;AAClC,WAAO,OAAO,KAAK,OAAO,KAAK,YAAY,KAAK,OAAO,EAAE;AAAA,EAC3D;AAEA,MAAI,QAAQ,WAAW,QAAQ,GAAG;AAChC,WAAO,OAAO,KAAK,MAAM,KAAK,aAAa,KAAK,WAAW,EAAE;AAAA,EAC/D;AAEA,MAAI,QAAQ,WAAW,WAAW,GAAG;AACnC,WAAO,OAAO,KAAK,SAAS,KAAK,SAAS,EAAE;AAAA,EAC9C;AAEA,MAAI,QAAQ,WAAW,UAAU,GAAG;AAClC,WAAO,OAAO,KAAK,eAAe,KAAK,YAAY,KAAK,UAAU,EAAE;AAAA,EACtE;AAGA,MAAI,KAAK,QAAS,QAAO,OAAO,KAAK,OAAO;AAC5C,MAAI,KAAK,KAAM,QAAO,OAAO,KAAK,IAAI;AACtC,MAAI,KAAK,IAAK,QAAO,OAAO,KAAK,GAAG;AAGpC,aAAW,OAAO,OAAO,OAAO,IAAI,GAAG;AACrC,QAAI,OAAO,QAAQ,YAAY,IAAI,SAAS,EAAG,QAAO;AAAA,EACxD;AACA,SAAO;AACT;;;ADtFA,IAAM,iBAAmC;AAAA,EACvC,aAAa;AAAA,EACb,OAAO,CAAC,UAAU;AACpB;AAMA,IAAM,cAAc;AAEpB,SAAS,eAAe,UAA6C;AACnE,SAAO;AAAA,EACP,WAAW;AAAA,wDAC2C,aAAa,aAAa,SAAS,QAAQ;AAAA;AAAA;AAAA;AAAA,sCAI7D,QAAQ;AAAA;AAAA;AAG9C;AAUO,SAAS,gBACd,UACA,SAAoC,CAAC,GACO;AAC5C,QAAM,SAAS,EAAE,GAAG,gBAAgB,GAAG,OAAO;AAC9C,QAAM,eAAW,kBAAK,UAAU,QAAQ,OAAO;AAC/C,QAAM,YAAsB,CAAC;AAC7B,QAAM,UAAoB,CAAC;AAE3B,MAAI,KAAC,0BAAW,kBAAK,UAAU,MAAM,CAAC,GAAG;AACvC,UAAM,IAAI,MAAM,yBAAyB,QAAQ,EAAE;AAAA,EACrD;AAEA,MAAI,KAAC,sBAAW,QAAQ,GAAG;AACzB,6BAAU,UAAU,EAAE,WAAW,KAAK,CAAC;AAAA,EACzC;AAEA,aAAW,YAAY,OAAO,OAAO;AACnC,UAAM,eAAW,kBAAK,UAAU,QAAQ;AAGxC,YAAI,sBAAW,QAAQ,GAAG;AACxB,YAAM,cAAU,wBAAa,UAAU,OAAO;AAC9C,UAAI,CAAC,QAAQ,SAAS,WAAW,GAAG;AAClC,gBAAQ,KAAK,QAAQ;AACrB;AAAA,MACF;AAAA,IACF;AAEA,iCAAc,UAAU,eAAe,QAAQ,GAAG,OAAO;AACzD,6BAAU,UAAU,GAAK;AACzB,cAAU,KAAK,QAAQ;AAAA,EACzB;AAEA,SAAO,EAAE,WAAW,QAAQ;AAC9B;AAKO,SAAS,kBACd,UACA,QAAuC,CAAC,UAAU,GACxC;AACV,QAAM,eAAW,kBAAK,UAAU,QAAQ,OAAO;AAC/C,QAAM,UAAoB,CAAC;AAE3B,aAAW,YAAY,OAAO;AAC5B,UAAM,eAAW,kBAAK,UAAU,QAAQ;AACxC,YAAI,sBAAW,QAAQ,GAAG;AACxB,YAAM,cAAU,wBAAa,UAAU,OAAO;AAC9C,UAAI,QAAQ,SAAS,WAAW,GAAG;AACjC,cAAM,EAAE,WAAW,IAAI,QAAQ,IAAI;AACnC,mBAAW,QAAQ;AACnB,gBAAQ,KAAK,QAAQ;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;AASO,SAAS,gBAAgB,SAAoC,UAA4B;AAC9F,MAAI;AACF,QAAI;AACJ,QAAI,YAAY,YAAY;AAE1B,mBAAS,+BAAS,6EAA6E;AAAA,QAC7F,KAAK;AAAA,QACL,UAAU;AAAA,MACZ,CAAC;AAAA,IACH,OAAO;AAEL,mBAAS,+BAAS,iCAAiC;AAAA,QACjD,KAAK;AAAA,QACL,UAAU;AAAA,MACZ,CAAC;AAAA,IACH;AACA,WAAO,OAAO,MAAM,IAAI,EAAE,OAAO,OAAK,EAAE,KAAK,EAAE,SAAS,CAAC;AAAA,EAC3D,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAKO,SAAS,yBAAyB,UAAgC;AACvE,QAAM,UAAU,iBAAiB,YAAY;AAC7C,QAAM,SAAS,cAAc,cAAc,EAAE,MAAM,SAAS,CAAC;AAE7D,SAAO;AAAA,IACL;AAAA,IACA,QAAQ;AAAA,IACR;AAAA,IACA,YAAY,CAAC,OAAO;AAAA,IACpB,cAAc;AAAA,EAChB;AACF;AAMA,eAAsB,qBACpB,SACA,OACA,SAAoC,CAAC,GACZ;AACzB,QAAM,SAAS,EAAE,GAAG,gBAAgB,GAAG,OAAO;AAC9C,QAAM,UAA8D,CAAC;AACrE,MAAI,UAAU;AACd,MAAI,SAAS;AACb,MAAI,UAAU;AAEd,aAAW,QAAQ,OAAO;AACxB,UAAM,UAAU,yBAAyB,IAAI;AAC7C,UAAM,WAAW,MAAM,QAAQ,SAAS,OAAO;AAE/C,YAAQ,KAAK,EAAE,MAAM,SAAS,CAAC;AAE/B,QAAI,SAAS,mBAAmB,QAAQ;AACtC;AAAA,IACF,WAAW,SAAS,mBAAmB,iBAAiB;AACtD;AAAA,IACF,OAAO;AACL;AAAA,IACF;AAAA,EACF;AAEA,QAAM,cAAc,OAAO,gBAAgB,WAAY,UAAU;AAEjE,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAO,MAAM;AAAA,IACb;AAAA,IACA,aAAa,OAAO;AAAA,IACpB;AAAA,IACA,cAAc,cACT,OAAO,gBAAgB,2BAA2B,OAAO,8BAC1D;AAAA,EACN;AACF;AAgBO,SAAS,kBAAkB,SAAoC,CAAC,GAAY;AACjF,MAAI,CAAC,OAAO,qBAAqB,OAAO,kBAAkB,WAAW,GAAG;AACtE,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,aAAS,+BAAS,mCAAmC,EAAE,UAAU,QAAQ,CAAC,EAAE,KAAK;AACvF,WAAO,OAAO,kBAAkB,KAAK,aAAW;AAC9C,UAAI,YAAY,OAAQ,QAAO;AAC/B,UAAI,QAAQ,SAAS,GAAG,KAAK,OAAO,WAAW,QAAQ,MAAM,GAAG,EAAE,CAAC,EAAG,QAAO;AAC7E,aAAO;AAAA,IACT,CAAC;AAAA,EACH,QAAQ;AACN,WAAO;AAAA,EACT;AACF;","names":[]}

package/dist/git-trigger/git-hooks.mjs ADDED Viewed

@@ -0,0 +1,221 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+// src/git-trigger/git-hooks.ts
+import { existsSync, mkdirSync, writeFileSync, readFileSync, chmodSync } from "fs";
+import { join } from "path";
+import { execSync } from "child_process";
+// src/adapter-interface/purpose-mapping.ts
+var TOOL_PURPOSE_MAP = {
+  // Shell
+  shell_exec: "shell.exec",
+  run_command: "shell.exec",
+  execute: "shell.exec",
+  terminal_exec: "shell.exec",
+  run_terminal_command: "shell.exec",
+  // File read
+  file_read: "file.read",
+  read_file: "file.read",
+  // File write
+  file_write: "file.write",
+  write_file: "file.write",
+  create_file: "file.write",
+  edit_file: "file.write",
+  // File delete
+  file_delete: "file.delete",
+  delete_file: "file.delete",
+  // Network
+  http_request: "network.request",
+  fetch: "network.request",
+  web_request: "network.request",
+  // Email
+  send_email: "email.send",
+  read_email: "email.read",
+  // Calendar
+  create_event: "calendar.create",
+  // Database
+  query_database: "database.query",
+  write_database: "database.write",
+  // Payment
+  payment_execute: "payment.execute"
+};
+function mapToolToPurpose(toolName) {
+  return TOOL_PURPOSE_MAP[toolName] || `tool.${toolName}`;
+}
+function extractTarget(toolName, args) {
+  const purpose = mapToolToPurpose(toolName);
+  if (purpose.startsWith("shell.")) {
+    return String(args.command || args.cmd || args.script || "");
+  }
+  if (purpose.startsWith("file.")) {
+    return String(args.path || args.file || args.filename || args.file_path || "");
+  }
+  if (purpose.startsWith("network.")) {
+    return String(args.url || args.endpoint || args.uri || "");
+  }
+  if (purpose.startsWith("email.")) {
+    return String(args.to || args.recipient || args.address || "");
+  }
+  if (purpose.startsWith("database.")) {
+    return String(args.query || args.table || "");
+  }
+  if (purpose.startsWith("payment.")) {
+    return String(args.description || args.merchant || args.amount || "");
+  }
+  if (args.command) return String(args.command);
+  if (args.path) return String(args.path);
+  if (args.url) return String(args.url);
+  for (const val of Object.values(args)) {
+    if (typeof val === "string" && val.length > 0) return val;
+  }
+  return toolName;
+}
+// src/git-trigger/git-hooks.ts
+var DEFAULT_CONFIG = {
+  enforcement: "warn",
+  hooks: ["pre-push"]
+};
+var HOOK_MARKER = "# AstraSync Local Guard \u2014 managed hook";
+function makeHookScript(hookType) {
+  return `#!/bin/sh
+${HOOK_MARKER}
+# Runs AstraSync verification on changed files before ${hookType === "pre-push" ? "push" : "commit"}.
+# Installed by: astrasync guard install-hooks
+# To remove: delete this file or run astrasync guard uninstall-hooks
+npx astrasync guard check --trigger=${hookType} "$@"
+exit $?
+`;
+}
+function installGitHooks(repoRoot, config = {}) {
+  const merged = { ...DEFAULT_CONFIG, ...config };
+  const hooksDir = join(repoRoot, ".git", "hooks");
+  const installed = [];
+  const skipped = [];
+  if (!existsSync(join(repoRoot, ".git"))) {
+    throw new Error(`Not a git repository: ${repoRoot}`);
+  }
+  if (!existsSync(hooksDir)) {
+    mkdirSync(hooksDir, { recursive: true });
+  }
+  for (const hookType of merged.hooks) {
+    const hookPath = join(hooksDir, hookType);
+    if (existsSync(hookPath)) {
+      const content = readFileSync(hookPath, "utf-8");
+      if (!content.includes(HOOK_MARKER)) {
+        skipped.push(hookPath);
+        continue;
+      }
+    }
+    writeFileSync(hookPath, makeHookScript(hookType), "utf-8");
+    chmodSync(hookPath, 493);
+    installed.push(hookPath);
+  }
+  return { installed, skipped };
+}
+function uninstallGitHooks(repoRoot, hooks = ["pre-push"]) {
+  const hooksDir = join(repoRoot, ".git", "hooks");
+  const removed = [];
+  for (const hookType of hooks) {
+    const hookPath = join(hooksDir, hookType);
+    if (existsSync(hookPath)) {
+      const content = readFileSync(hookPath, "utf-8");
+      if (content.includes(HOOK_MARKER)) {
+        const { unlinkSync } = __require("fs");
+        unlinkSync(hookPath);
+        removed.push(hookPath);
+      }
+    }
+  }
+  return removed;
+}
+function getChangedFiles(trigger, repoRoot) {
+  try {
+    let output;
+    if (trigger === "pre-push") {
+      output = execSync("git diff --name-only @{push}.. 2>/dev/null || git diff --name-only HEAD~1", {
+        cwd: repoRoot,
+        encoding: "utf-8"
+      });
+    } else {
+      output = execSync("git diff --cached --name-only", {
+        cwd: repoRoot,
+        encoding: "utf-8"
+      });
+    }
+    return output.split("\n").filter((f) => f.trim().length > 0);
+  } catch {
+    return [];
+  }
+}
+function fileChangeToPDLSSContext(filePath) {
+  const purpose = mapToolToPurpose("file_write");
+  const target = extractTarget("file_write", { path: filePath });
+  return {
+    purpose,
+    action: "file_write",
+    target,
+    dataAccess: ["write"],
+    resourceType: "file"
+  };
+}
+async function evaluateChangedFiles(gateway, files, config = {}) {
+  const merged = { ...DEFAULT_CONFIG, ...config };
+  const results = [];
+  let blocked = 0;
+  let warned = 0;
+  let allowed = 0;
+  for (const file of files) {
+    const context = fileChangeToPDLSSContext(file);
+    const decision = await gateway.evaluate(context);
+    results.push({ file, decision });
+    if (decision.recommendation === "DENY") {
+      blocked++;
+    } else if (decision.recommendation === "MANUAL_REVIEW") {
+      warned++;
+    } else {
+      allowed++;
+    }
+  }
+  const shouldBlock = merged.enforcement === "block" && blocked > 0;
+  return {
+    allowed,
+    blocked,
+    warned,
+    total: files.length,
+    shouldBlock,
+    enforcement: merged.enforcement,
+    results,
+    blockMessage: shouldBlock ? merged.blockMessage || `AstraSync blocked push: ${blocked} file(s) denied by policy` : void 0
+  };
+}
+function isProtectedBranch(config = {}) {
+  if (!config.protectedBranches || config.protectedBranches.length === 0) {
+    return true;
+  }
+  try {
+    const branch = execSync("git rev-parse --abbrev-ref HEAD", { encoding: "utf-8" }).trim();
+    return config.protectedBranches.some((pattern) => {
+      if (pattern === branch) return true;
+      if (pattern.endsWith("*") && branch.startsWith(pattern.slice(0, -1))) return true;
+      return false;
+    });
+  } catch {
+    return true;
+  }
+}
+export {
+  evaluateChangedFiles,
+  fileChangeToPDLSSContext,
+  getChangedFiles,
+  installGitHooks,
+  isProtectedBranch,
+  uninstallGitHooks
+};
+//# sourceMappingURL=git-hooks.mjs.map