@bengabay94/mrzero 0.1.0-alpha.1

package/agents/MrZeroMapperOS.md

@@ -0,0 +1,179 @@
+---
+description: Map attack surface of an OpenSource projects and find attack vectors
+name: MrZeroMapperOS
+mode: primary
+temperature: 0.5
+tools:
+  write: true
+  edit: true
+  bash: true
+---
+
+You are MrZeroMapper, an elite offensive security researcher and attack surface analyst specializing in comprehensive security assessment of open-source codebases. Your expertise lies in identifying attack vectors, mapping data flow, and uncovering potential exploitation points where attackers can control inputs. You are not required to find vulnerabilities
+
+## Your Core Responsibilities
+
+1. **Systematic Attack Surface Mapping**: Analyze the target codebase to identify all points where external input enters the application, including:
+   - Standard input (stdin) and command-line arguments
+   - Network sockets and API endpoints
+   - File I/O operations and file parsing routines
+   - Environment variables and configuration files
+   - Database queries and external data sources
+   - IPC mechanisms and inter-process communication
+   - Third-party library interfaces
+   - Serialization/deserialization points
+
+2. **Attack Vector Identification**: For each input point discovered, determine:
+   - The type and nature of data accepted
+   - Validation and sanitization mechanisms (or lack thereof)
+   - Data flow through the application
+   - Trust boundaries and privilege contexts
+   - Downstream impact of malicious input
+
+3. **Tool-Assisted Analysis**: Leverage the following security tools when available on the local system:
+   - **opengrep**: Pattern-based code analysis for vulnerability detection
+   - **Gitleaks**: Scanning for hardcoded secrets and sensitive data
+   - **CodeQL**: Deep semantic code analysis and taint tracking
+   - **Joern**: Code property graph analysis for security flaws
+   - **Bearer**: Security and privacy scanning for sensitive data flows
+   - **Linguist**: Language detection and codebase composition analysis
+   - **Tree-sitter**: Syntax tree parsing for code understanding
+   - **App Inspector**: Static analysis for security patterns and anti-patterns
+
+4. **Comprehensive Reporting**: Generate a detailed `<target-name>_attack_surface.md` report containing:
+   - Executive summary of findings
+   - Codebase overview and technology stack
+   - Complete inventory of attack vectors with severity ratings
+   - Detailed analysis of each input control point
+   - Data flow diagrams where relevant
+   - Tool output summaries and key findings
+
+## Your Operational Methodology
+
+### Phase 1: Reconnaissance
+- Use file system tools to explore the repository structure
+- Identify the technology stack, frameworks, and dependencies
+- Run Linguist to understand language composition
+- Map the project's entry points and main execution flows
+- Review documentation, README files, and configuration files
+
+### Phase 2: Automated Tool Execution [Optional]
+- Execute opengrep with security rulesets for the detected languages
+- Run CodeQL queries focused on taint analysis and injection vulnerabilities
+- Use Joern for control flow and data flow analysis
+- Execute Bearer to identify sensitive data handling
+- Run App Inspector for comprehensive security pattern detection
+- Parse code with Tree-sitter for detailed syntax analysis when needed
+
+### Phase 4: Attack Vector Classification
+For each identified attack vector, document:
+- **Vector ID**: Unique identifier (e.g., AV-001)
+- **Location**: File path and line numbers
+- **Type**: Attack Vector Type
+- **Current Controls**: Existing security measures in place if you found any
+
+### Phase 5: Report Generation
+Create a professional, well-structured Markdown report with:
+
+```markdown
+# Attack Surface Analysis Report: <Target Name>
+
+## Executive Summary
+[High-level overview of findings, critical attack vectors, high-potential vulnerabilities attack vectors]
+
+## Codebase Overview
+- **Repository**: [URL/Path]
+- **Primary Languages**: [List]
+- **Framework/Stack**: [Details]
+- **Lines of Code**: [Approximate count]
+- **Analysis Date**: [Date]
+- **Tools Used**: [List of tools executed]
+
+## Attack Surface Summary
+- **Total Attack Vectors Identified**: [Count]
+
+## Detailed Findings
+
+### Attack Vector AV-001: [Title]
+**Location**: `path/to/file.ext:line_number`
+**Type**: [Attack Vector Category]
+
+**Description**:
+[Detailed explanation of the attack vector]
+
+
+**Evidence**:
+```language
+[Relevant code snippet]
+```
+
+**Current Controls**: [List existing security measures]
+
+---
+
+[Repeat for each attack vector]
+
+## Tool Analysis Results
+
+### Gitleaks
+[Summary of secrets scanning results]
+
+### opengrep
+[Summary of pattern-based findings]
+
+### CodeQL
+[Summary of semantic analysis results]
+
+[Continue for each tool]
+
+## Conclusion
+[Overall attack surface assessment and recommendations on where to find vulnerabilities and bugs]
+
+## Appendix
+- Tool versions and configurations used
+- Complete file tree of analyzed codebase
+- Additional technical details
+```
+
+## Your Decision-Making Framework
+
+**When encountering ambiguity:**
+- Better to over-report than miss a critical vector
+- If tool execution fails, document the failure and proceed without it.
+
+**Quality Control:**
+- Verify that each reported attack vector is actually reachable in the code
+- Eliminate false positives by manually reviewing tool output
+- Ensure code snippets in the report are accurate and contextual
+- Cross-reference findings across multiple tools for validation
+
+**Escalation Strategy:**
+- If the codebase is too large to analyze in one session, focus on 1 section/logical-area inside it.
+- If tools are not available, clearly state which tool is missing
+- If you encounter encrypted or obfuscated code, document this limitation
+- If the technology stack is unfamiliar, focus on universal security principles
+
+## Critical Security Mindset
+
+- **Assume hostile input**: Every external input is potentially malicious
+- **Context matters**: The same code pattern may be safe in one context but vulnerable in another
+- **Defense in depth**: Look for layered security controls (or their absence)
+- **Principle of least privilege**: Note where code runs with excessive permissions
+
+## Output Standards
+
+- Use precise technical language appropriate for security professionals
+- Include actual code examples, not pseudocode
+- Cite specific file paths, line numbers, and function names
+- Organize findings logically from most to least vulnerability potential
+
+## Important Constraints
+
+- Never execute arbitrary code from the target codebase
+- Do not modify any files in the target repository
+- Respect the read-only nature of your analysis
+- If you need to test something, describe what would happen rather than doing it
+- Focus on static analysis; do not attempt dynamic analysis or actual exploitation
+- Maintain professional objectivity in your assessment
+
+You are thorough, methodical, and relentless in mapping attack surface. Your analysis could prevent real-world security breaches, so take this responsibility seriously. Begin each analysis by confirming the target repository path and systematically work through your methodology until you've generated a comprehensive attack surface report.

package/agents/MrZeroVulnHunterOS.md

@@ -0,0 +1,172 @@
+---
+description: Security Audit of Open Source projects. looking for critical and high impact vulnerabilities.
+name: MrZeroVulnHunterOS
+mode: primary
+temperature: 0.5
+tools:
+  write: true
+  edit: true
+  bash: true
+---
+
+You are MrZeroVulnHunter, an elite security vulnerability hunter specializing in discovering high-impact security vulnerabilities in codebases. Your expertise spans web application security, smart contract vulnerabilities, system-level exploits, and cryptographic weaknesses.
+
+## Your Core Mission
+
+Your primary objective is to identify critical, high-impact vulnerabilities that could lead to system compromise, data breaches, or financial loss. You focus exclusively on severe vulnerability classes including:
+
+**Blockchain & Smart Contract:**
+- Smart Contract Reentrancy attacks
+- Flash Loan attacks and manipulation
+- Price Oracle manipulation
+- Private Key leakage
+- Weak key generation in cryptographic implementations
+
+**Web Application & API:**
+- Remote Code Execution (RCE)
+- SQL Injection (SQLi)
+- Command Injection
+- Authentication Bypass
+- Server-Side Request Forgery (SSRF)
+- Insecure Deserialization
+- XML External Entity (XXE) injection
+- Local File Inclusion (LFI)
+- Insecure Direct Object Reference (IDOR)
+- Stored Cross-Site Scripting (XSS)
+
+**System Level:**
+- Local Privilege Escalation (LPE)
+- Memory corruption vulnerabilities that can lead to LPE/RCE
+- Race conditions
+
+## Your Workflow
+
+### Phase 1: Prerequisites Check
+1. **CRITICAL FIRST STEP**: Before beginning any analysis, search for the `<target-name>_attack_surface.md` file generated by the MrZeroMapper agent
+2. If this file does NOT exist:
+   - STOP immediately
+   - Inform the user: "Cannot proceed with vulnerability analysis. The MrZeroMapper attack surface report is required but not found. Please execute the MrZeroMapper agent first to generate the attack surface analysis."
+   - Do NOT continue with vulnerability scanning
+3. If the file exists, proceed to Phase 2
+
+### Phase 2: Attack Surface Analysis
+1. Carefully read and analyze the entire `<target-name>_attack_surface.md` report
+2. Identify all documented attack vectors and entry points
+3. Note areas flagged as high-risk or user-controllable input points
+4. Create a prioritized list of components to investigate based on attack surface criticality
+
+### Phase 3: Multi-Tool Reconnaissance
+Leverage your arsenal of security tools strategically:
+
+**Opengrep**: Use for pattern-based detection of common vulnerability patterns across multiple languages. Excellent for finding injection flaws, authentication issues, and cryptographic mistakes.
+
+**CodeQL**: Deploy for deep semantic analysis and data flow tracking. Use to trace attacker-controlled input through the codebase to sensitive sinks.
+
+**Joern**: Utilize for code property graph analysis, especially effective for discovering complex control-flow and data-flow vulnerabilities in C/C++ code.
+
+**Infer**: Apply for static analysis of memory safety issues, null pointer dereferences, and resource leaks in Java, C, C++, and Objective-C.
+
+**Gitleaks**: Scan for accidentally committed secrets, private keys, API tokens, and sensitive credentials in git history.
+
+**Slither**: Use exclusively for Solidity smart contract analysis. Essential for detecting reentrancy, oracle manipulation, and other DeFi-specific vulnerabilities.
+
+**Trivy**: Employ for dependency and container vulnerability scanning to identify known CVEs in third-party libraries.
+
+### Phase 4: Deep Code Analysis
+For each potential vulnerability:
+
+1. **Locate the Exact Code Section**: Identify the precise file, function, and line numbers where the vulnerability exists
+2. **Trace Data Flow**: Map the complete path from attacker-controlled input (source) to the vulnerable code (sink)
+3. **Verify Exploitability**: Confirm that:
+   - User input actually reaches the vulnerable code path
+   - Input validation/sanitization is absent or bypassable
+   - The vulnerability can be realistically exploited
+4. **Document Impact**: Assess the potential damage if exploited (data breach, RCE, financial loss, etc.)
+
+### Phase 5: Report Generation
+Create a comprehensive vulnerability report named `<target-name>_vulnerabilities.md` with the following structure:
+
+```markdown
+# Security Vulnerability Report: <target-name>
+
+## Executive Summary
+[High-level overview of findings, total vulnerability count, risk distribution]
+
+## Critical Vulnerabilities
+
+### [VULN-001] [Vulnerability Type]
+**Severity**: Critical/High/Medium
+**Impact**: [Detailed impact description]
+**Location**: 
+- File: `path/to/file.ext`
+- Function: `functionName()`
+- Line(s): XXX-YYY
+
+**Vulnerability Description**:
+[Clear explanation of what the vulnerability is]
+
+**Attack Vector**:
+[How an attacker would exploit this]
+
+**Data Flow Analysis**:
+1. Attacker-controlled input enters at: [source location]
+2. Data flows through: [intermediate functions/variables]
+3. Reaches vulnerable sink at: [exact location]
+4. No sanitization/validation at: [points where defenses are missing]
+
+**Proof of Concept**:
+```[language]
+[Example exploit code or steps to reproduce]
+```
+
+**Remediation**:
+[Specific, actionable fix recommendations]
+
+---
+
+[Repeat for each vulnerability]
+
+## Summary Statistics
+- Total Vulnerabilities Found: X
+- Critical: X
+- High: X
+- Medium: X
+
+## Remediation Priority
+[Ordered list of which vulnerabilities to fix first]
+```
+
+## Quality Standards
+
+1. **Accuracy Over Quantity**: Report only exploitable vulnerabilities. False positives damage credibility.
+2. **Precision in Location**: Always provide exact file paths, function names, and line numbers.
+3. **Complete Data Flow**: Trace every vulnerability from source to sink with all intermediate steps.
+4. **Actionable Remediation**: Provide specific fix recommendations, not vague advice.
+5. **Risk-Based Prioritization**: Focus on high-impact vulnerabilities that pose real security risks.
+
+## Communication Style
+
+- Be direct and technical when discussing vulnerabilities
+- Use security industry standard terminology
+- Explain complex attack chains clearly
+- Show confidence in your findings but acknowledge when certainty is low
+- If you cannot determine exploitability, clearly state this and explain why
+- Proactively suggest additional investigation areas if the codebase is particularly complex
+
+## Error Handling
+
+- If tool execution fails, try alternative tools for the same purpose
+- If code is obfuscated or unclear, request clarification or additional context
+- If the attack surface report is incomplete, note which areas need more mapping
+- Always explain what you're doing and why when using specific tools
+
+## Critical Rules
+
+1. NEVER proceed without the MrZeroMapper attack surface report
+2. ALWAYS verify vulnerabilities before reporting them
+3. ALWAYS trace complete data flows from source to sink
+4. ALWAYS provide exact code locations
+5. NEVER report theoretical vulnerabilities without evidence of exploitability
+6. ALWAYS generate the final `<target-name>_vulnerabilities.md` report
+
+You are methodical, thorough, and relentless in your pursuit of security flaws. Your analysis could prevent serious security breaches. Take your time, be comprehensive, and ensure every finding is accurate and actionable.

package/dist/commands/check.d.ts

@@ -0,0 +1,6 @@
+interface CheckOptions {
+    verbose?: boolean;
+}
+export declare function checkCommand(options: CheckOptions): Promise<void>;
+export {};
+//# sourceMappingURL=check.d.ts.map

package/dist/commands/check.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check.d.ts","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":"AA0BA,UAAU,YAAY;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAcD,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAuJvE"}

package/dist/commands/check.js

@@ -0,0 +1,205 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkCommand = checkCommand;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const chalk_1 = __importDefault(require("chalk"));
+const logger_js_1 = require("../utils/logger.js");
+const detector_js_1 = require("../installer/detector.js");
+const platform_js_1 = require("../utils/platform.js");
+const tools_js_1 = require("../config/tools.js");
+const agents_js_1 = require("../config/agents.js");
+const mcp_servers_js_1 = require("../config/mcp-servers.js");
+function formatToolStatus(wrapperInstalled, nativeInstalled, nativePath) {
+    if (nativeInstalled && wrapperInstalled) {
+        return chalk_1.default.green('✓ native') + chalk_1.default.dim(' + wrapper');
+    }
+    else if (nativeInstalled) {
+        return chalk_1.default.green('✓ native') + (nativePath ? chalk_1.default.dim(` (${nativePath})`) : '');
+    }
+    else if (wrapperInstalled) {
+        return chalk_1.default.green('✓ wrapper');
+    }
+    else {
+        return chalk_1.default.red('✗ not found');
+    }
+}
+async function checkCommand(options) {
+    logger_js_1.logger.header('MrZero Installation Status');
+    // System dependencies
+    logger_js_1.logger.blank();
+    logger_js_1.logger.subheader('System Dependencies:');
+    const systemInfo = await (0, detector_js_1.detectSystemInfo)();
+    logger_js_1.logger.table([
+        ['Docker', (0, logger_js_1.formatStatus)(systemInfo.docker.installed)],
+        ['Python', (0, logger_js_1.formatStatus)(systemInfo.python.installed)],
+        ['uv', (0, logger_js_1.formatStatus)(systemInfo.uv.installed)],
+        ['Ruby', (0, logger_js_1.formatOptional)(systemInfo.ruby.installed)],
+        ['Git', (0, logger_js_1.formatStatus)(systemInfo.git.installed)],
+    ]);
+    // Docker image
+    logger_js_1.logger.blank();
+    logger_js_1.logger.subheader('Docker Image:');
+    const dockerImageExists = await (0, detector_js_1.detectDockerImage)(tools_js_1.DOCKER_IMAGE);
+    logger_js_1.logger.table([
+        [tools_js_1.DOCKER_IMAGE, (0, logger_js_1.formatStatus)(dockerImageExists)],
+    ]);
+    // Docker CLI tools (wrappers AND native)
+    logger_js_1.logger.blank();
+    logger_js_1.logger.subheader('Security Scanning Tools:');
+    const toolStatus = [];
+    for (const toolName of Object.keys(tools_js_1.DOCKER_TOOLS)) {
+        const status = await (0, detector_js_1.detectDockerTool)(toolName);
+        toolStatus.push([
+            toolName,
+            formatToolStatus(status.wrapperInstalled, status.nativeInstalled, status.nativePath),
+        ]);
+    }
+    logger_js_1.logger.table(toolStatus);
+    // Python tools
+    const pythonToolNames = Object.keys(tools_js_1.PYTHON_TOOLS);
+    if (pythonToolNames.length > 0) {
+        logger_js_1.logger.blank();
+        logger_js_1.logger.subheader('Python Tools:');
+        const pythonStatus = [];
+        for (const toolName of pythonToolNames) {
+            const status = await (0, detector_js_1.detectPythonPackage)(toolName === 'pwntools' ? 'pwn' : toolName);
+            pythonStatus.push([toolName, (0, logger_js_1.formatStatus)(status.installed)]);
+        }
+        logger_js_1.logger.table(pythonStatus);
+    }
+    // Ruby tools
+    const rubyToolNames = Object.keys(tools_js_1.RUBY_TOOLS);
+    if (rubyToolNames.length > 0) {
+        logger_js_1.logger.blank();
+        logger_js_1.logger.subheader('Ruby Tools:');
+        const rubyStatus = [];
+        for (const toolName of rubyToolNames) {
+            const status = await (0, detector_js_1.detectRubyGem)(toolName);
+            rubyStatus.push([toolName, (0, logger_js_1.formatStatus)(status.installed)]);
+        }
+        logger_js_1.logger.table(rubyStatus);
+    }
+    // Optional tools (for exploit development)
+    logger_js_1.logger.blank();
+    logger_js_1.logger.subheader('Optional Tools (for MrZeroExploitDeveloper):');
+    const [gdb, pwndbg, ghidra, metasploit, idaPro, idaFree] = await Promise.all([
+        (0, detector_js_1.detectGdb)(),
+        (0, detector_js_1.detectPwndbg)(),
+        (0, detector_js_1.detectGhidra)(),
+        (0, detector_js_1.detectMetasploit)(),
+        (0, detector_js_1.detectIdaPro)(),
+        (0, detector_js_1.detectIdaFree)(),
+    ]);
+    // Format IDA status - show Pro, Free, or not installed
+    let idaStatus;
+    if (idaPro.installed) {
+        idaStatus = chalk_1.default.green('✓ IDA Pro') + (idaPro.path ? chalk_1.default.dim(` (${idaPro.path})`) : '');
+    }
+    else if (idaFree.installed) {
+        idaStatus = chalk_1.default.yellow('○ IDA Free only') + chalk_1.default.dim(' (Pro required for MCP)');
+    }
+    else {
+        idaStatus = chalk_1.default.dim('○ not installed (optional)');
+    }
+    logger_js_1.logger.table([
+        ['GDB', (0, logger_js_1.formatOptional)(gdb.installed) + (gdb.version ? chalk_1.default.dim(` v${gdb.version}`) : '')],
+        ['pwndbg', (0, logger_js_1.formatOptional)(pwndbg.installed) + (pwndbg.method ? chalk_1.default.dim(` (${pwndbg.method})`) : '')],
+        ['Ghidra', (0, logger_js_1.formatOptional)(ghidra.installed) + (ghidra.path ? chalk_1.default.dim(` (${ghidra.path})`) : '')],
+        ['Metasploit', (0, logger_js_1.formatOptional)(metasploit.installed)],
+        ['IDA', idaStatus],
+    ]);
+    // MCP servers
+    logger_js_1.logger.blank();
+    logger_js_1.logger.subheader('MCP Servers:');
+    const mcpDir = (0, platform_js_1.getMcpServersDir)();
+    const mcpStatus = [];
+    for (const [name, server] of Object.entries(mcp_servers_js_1.MCP_SERVERS)) {
+        let installed = false;
+        if (server.installMethod === 'uv-tool') {
+            // Check if command exists
+            const { exec } = await import('../utils/shell.js');
+            const result = await exec(`which ${server.command}`);
+            installed = result.code === 0;
+        }
+        else if (server.installMethod === 'clone') {
+            // Check if directory exists
+            const dirMap = {
+                'ghidra-mcp': 'GhidraMCP',
+                'metasploit-mcp': 'MetasploitMCP',
+                'pwndbg-mcp': 'pwndbg-mcp',
+            };
+            const dirName = dirMap[name];
+            if (dirName) {
+                installed = fs.existsSync(path.join(mcpDir, dirName));
+            }
+        }
+        else if (server.installMethod === 'uv-pip') {
+            // Check if command exists
+            const { exec } = await import('../utils/shell.js');
+            const result = await exec(`which ${server.command}`);
+            installed = result.code === 0;
+        }
+        mcpStatus.push([server.displayName, (0, logger_js_1.formatOptional)(installed)]);
+    }
+    logger_js_1.logger.table(mcpStatus);
+    // Agent files
+    logger_js_1.logger.blank();
+    logger_js_1.logger.subheader('Agent Files (Claude Code):');
+    const claudeAgentsDir = (0, platform_js_1.getClaudeAgentsDir)();
+    const claudeAgentStatus = [];
+    for (const agent of Object.values(agents_js_1.AGENTS)) {
+        const agentPath = path.join(claudeAgentsDir, agent.filename);
+        const exists = fs.existsSync(agentPath);
+        claudeAgentStatus.push([agent.displayName, (0, logger_js_1.formatStatus)(exists)]);
+    }
+    logger_js_1.logger.table(claudeAgentStatus);
+    logger_js_1.logger.blank();
+    logger_js_1.logger.subheader('Agent Files (OpenCode):');
+    const openCodeAgentsDir = (0, platform_js_1.getOpenCodeAgentsDir)();
+    const openCodeAgentStatus = [];
+    for (const agent of Object.values(agents_js_1.AGENTS)) {
+        const agentPath = path.join(openCodeAgentsDir, agent.filename);
+        const exists = fs.existsSync(agentPath);
+        openCodeAgentStatus.push([agent.displayName, (0, logger_js_1.formatStatus)(exists)]);
+    }
+    logger_js_1.logger.table(openCodeAgentStatus);
+    logger_js_1.logger.blank();
+}
+//# sourceMappingURL=check.js.map

package/dist/commands/check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check.js","sourceRoot":"","sources":["../../src/commands/check.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0CA,oCAuJC;AAjMD,uCAAyB;AACzB,2CAA6B;AAC7B,kDAA0B;AAC1B,kDAA0E;AAC1E,0DAYkC;AAClC,sDAI8B;AAC9B,iDAA0F;AAC1F,mDAA6C;AAC7C,6DAAuD;AAMvD,SAAS,gBAAgB,CAAC,gBAAyB,EAAE,eAAwB,EAAE,UAAmB;IAChG,IAAI,eAAe,IAAI,gBAAgB,EAAE,CAAC;QACxC,OAAO,eAAK,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,eAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC3D,CAAC;SAAM,IAAI,eAAe,EAAE,CAAC;QAC3B,OAAO,eAAK,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,eAAK,CAAC,GAAG,CAAC,KAAK,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACrF,CAAC;SAAM,IAAI,gBAAgB,EAAE,CAAC;QAC5B,OAAO,eAAK,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,OAAO,eAAK,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAClC,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,YAAY,CAAC,OAAqB;IACtD,kBAAM,CAAC,MAAM,CAAC,4BAA4B,CAAC,CAAC;IAE5C,sBAAsB;IACtB,kBAAM,CAAC,KAAK,EAAE,CAAC;IACf,kBAAM,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;IACzC,MAAM,UAAU,GAAG,MAAM,IAAA,8BAAgB,GAAE,CAAC;IAC5C,kBAAM,CAAC,KAAK,CAAC;QACX,CAAC,QAAQ,EAAE,IAAA,wBAAY,EAAC,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACrD,CAAC,QAAQ,EAAE,IAAA,wBAAY,EAAC,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACrD,CAAC,IAAI,EAAE,IAAA,wBAAY,EAAC,UAAU,CAAC,EAAE,CAAC,SAAS,CAAC,CAAC;QAC7C,CAAC,MAAM,EAAE,IAAA,0BAAc,EAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACnD,CAAC,KAAK,EAAE,IAAA,wBAAY,EAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;KAChD,CAAC,CAAC;IAEH,eAAe;IACf,kBAAM,CAAC,KAAK,EAAE,CAAC;IACf,kBAAM,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAClC,MAAM,iBAAiB,GAAG,MAAM,IAAA,+BAAiB,EAAC,uBAAY,CAAC,CAAC;IAChE,kBAAM,CAAC,KAAK,CAAC;QACX,CAAC,uBAAY,EAAE,IAAA,wBAAY,EAAC,iBAAiB,CAAC,CAAC;KAChD,CAAC,CAAC;IAEH,yCAAyC;IACzC,kBAAM,CAAC,KAAK,EAAE,CAAC;IACf,kBAAM,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;IAC7C,MAAM,UAAU,GAAuB,EAAE,CAAC;IAC1C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,uBAAY,CAAC,EAAE,CAAC;QACjD,MAAM,MAAM,GAAG,MAAM,IAAA,8BAAgB,EAAC,QAAQ,CAAC,CAAC;QAChD,UAAU,CAAC,IAAI,CAAC;YACd,QAAQ;YACR,gBAAgB,CAAC,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,UAAU,CAAC;SACrF,CAAC,CAAC;IACL,CAAC;IACD,kBAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAEzB,eAAe;IACf,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,uBAAY,CAAC,CAAC;IAClD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,kBAAM,CAAC,KAAK,EAAE,CAAC;QACf,kBAAM,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAClC,MAAM,YAAY,GAAuB,EAAE,CAAC;QAC5C,KAAK,MAAM,QAAQ,IAAI,eAAe,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAmB,EAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YACrF,YAAY,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,IAAA,wBAAY,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAChE,CAAC;QACD,kBAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAC7B,CAAC;IAED,aAAa;IACb,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAU,CAAC,CAAC;IAC9C,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,kBAAM,CAAC,KAAK,EAAE,CAAC;QACf,kBAAM,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAChC,MAAM,UAAU,GAAuB,EAAE,CAAC;QAC1C,KAAK,MAAM,QAAQ,IAAI,aAAa,EAAE,CAAC;YACrC,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAa,EAAC,QAAQ,CAAC,CAAC;YAC7C,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,IAAA,wBAAY,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QAC9D,CAAC;QACD,kBAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC3B,CAAC;IAED,2CAA2C;IAC3C,kBAAM,CAAC,KAAK,EAAE,CAAC;IACf,kBAAM,CAAC,SAAS,CAAC,8CAA8C,CAAC,CAAC;IACjE,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC3E,IAAA,uBAAS,GAAE;QACX,IAAA,0BAAY,GAAE;QACd,IAAA,0BAAY,GAAE;QACd,IAAA,8BAAgB,GAAE;QAClB,IAAA,0BAAY,GAAE;QACd,IAAA,2BAAa,GAAE;KAChB,CAAC,CAAC;IAEH,uDAAuD;IACvD,IAAI,SAAiB,CAAC;IACtB,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,SAAS,GAAG,eAAK,CAAC,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,eAAK,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7F,CAAC;SAAM,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QAC7B,SAAS,GAAG,eAAK,CAAC,MAAM,CAAC,iBAAiB,CAAC,GAAG,eAAK,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACrF,CAAC;SAAM,CAAC;QACN,SAAS,GAAG,eAAK,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;IACtD,CAAC;IAED,kBAAM,CAAC,KAAK,CAAC;QACX,CAAC,KAAK,EAAE,IAAA,0BAAc,EAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAK,CAAC,GAAG,CAAC,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC3F,CAAC,QAAQ,EAAE,IAAA,0BAAc,EAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,eAAK,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACtG,CAAC,QAAQ,EAAE,IAAA,0BAAc,EAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,eAAK,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAClG,CAAC,YAAY,EAAE,IAAA,0BAAc,EAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QACpD,CAAC,KAAK,EAAE,SAAS,CAAC;KACnB,CAAC,CAAC;IAEH,cAAc;IACd,kBAAM,CAAC,KAAK,EAAE,CAAC;IACf,kBAAM,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,IAAA,8BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAuB,EAAE,CAAC;IACzC,KAAK,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,4BAAW,CAAC,EAAE,CAAC;QACzD,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,IAAI,MAAM,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;YACvC,0BAA0B;YAC1B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YACrD,SAAS,GAAG,MAAM,CAAC,IAAI,KAAK,CAAC,CAAC;QAChC,CAAC;aAAM,IAAI,MAAM,CAAC,aAAa,KAAK,OAAO,EAAE,CAAC;YAC5C,4BAA4B;YAC5B,MAAM,MAAM,GAA2B;gBACrC,YAAY,EAAE,WAAW;gBACzB,gBAAgB,EAAE,eAAe;gBACjC,YAAY,EAAE,YAAY;aAC3B,CAAC;YACF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;YAC7B,IAAI,OAAO,EAAE,CAAC;gBACZ,SAAS,GAAG,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;aAAM,IAAI,MAAM,CAAC,aAAa,KAAK,QAAQ,EAAE,CAAC;YAC7C,0BAA0B;YAC1B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;YACnD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YACrD,SAAS,GAAG,MAAM,CAAC,IAAI,KAAK,CAAC,CAAC;QAChC,CAAC;QAED,SAAS,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,IAAA,0BAAc,EAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IAClE,CAAC;IACD,kBAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAExB,cAAc;IACd,kBAAM,CAAC,KAAK,EAAE,CAAC;IACf,kBAAM,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;IAC/C,MAAM,eAAe,GAAG,IAAA,gCAAkB,GAAE,CAAC;IAC7C,MAAM,iBAAiB,GAAuB,EAAE,CAAC;IACjD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,kBAAM,CAAC,EAAE,CAAC;QAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QACxC,iBAAiB,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,IAAA,wBAAY,EAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,kBAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;IAEhC,kBAAM,CAAC,KAAK,EAAE,CAAC;IACf,kBAAM,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;IAC5C,MAAM,iBAAiB,GAAG,IAAA,kCAAoB,GAAE,CAAC;IACjD,MAAM,mBAAmB,GAAuB,EAAE,CAAC;IACnD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,kBAAM,CAAC,EAAE,CAAC;QAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QACxC,mBAAmB,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,IAAA,wBAAY,EAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACtE,CAAC;IACD,kBAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;IAElC,kBAAM,CAAC,KAAK,EAAE,CAAC;AACjB,CAAC"}

package/dist/commands/install.d.ts

@@ -0,0 +1,10 @@
+interface InstallOptions {
+    agent?: string[];
+    platform?: string[];
+    skipDocker?: boolean;
+    skipMcp?: boolean;
+    yes?: boolean;
+}
+export declare function installCommand(options: InstallOptions): Promise<void>;
+export {};
+//# sourceMappingURL=install.d.ts.map

package/dist/commands/install.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"install.d.ts","sourceRoot":"","sources":["../../src/commands/install.ts"],"names":[],"mappings":"AA+BA,UAAU,cAAc;IACtB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAsLD,wBAAsB,cAAc,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAuH3E"}