@clawmasons/proxy 0.1.0 → 0.1.1

package/dist/credentials.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Parse a .env file into a key-value record.
+ *
+ * Handles:
+ * - KEY=VALUE lines
+ * - Blank lines and comments (lines starting with #)
+ * - Single-quoted, double-quoted, and unquoted values
+ * - Inline comments after unquoted values
+ */
+export declare function loadEnvFile(filePath: string): Record<string, string>;
+/**
+ * Resolve `${VAR}` references in an env record.
+ *
+ * Resolution order:
+ * 1. process.env (allows runtime overrides)
+ * 2. Loaded .env values
+ *
+ * Unresolved references are left as empty strings.
+ */
+export declare function resolveEnvVars(env: Record<string, string>, loaded: Record<string, string>): Record<string, string>;
+//# sourceMappingURL=credentials.d.ts.map

package/dist/credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAEA;;;;;;;;GAQG;AACH,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAwCpE;AAED;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAC5B,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC7B,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAUxB"}

package/dist/credentials.js

@@ -0,0 +1,63 @@
+import { readFileSync, existsSync } from "node:fs";
+/**
+ * Parse a .env file into a key-value record.
+ *
+ * Handles:
+ * - KEY=VALUE lines
+ * - Blank lines and comments (lines starting with #)
+ * - Single-quoted, double-quoted, and unquoted values
+ * - Inline comments after unquoted values
+ */
+export function loadEnvFile(filePath) {
+    if (!existsSync(filePath)) {
+        return {};
+    }
+    const content = readFileSync(filePath, "utf-8");
+    const result = {};
+    for (const line of content.split("\n")) {
+        const trimmed = line.trim();
+        // Skip blank lines and comments
+        if (!trimmed || trimmed.startsWith("#"))
+            continue;
+        const eqIndex = trimmed.indexOf("=");
+        if (eqIndex === -1)
+            continue;
+        const key = trimmed.slice(0, eqIndex).trim();
+        if (!key)
+            continue;
+        let value = trimmed.slice(eqIndex + 1).trim();
+        // Handle quoted values
+        if ((value.startsWith('"') && value.endsWith('"')) ||
+            (value.startsWith("'") && value.endsWith("'"))) {
+            value = value.slice(1, -1);
+        }
+        else {
+            // Strip inline comments for unquoted values
+            const commentIndex = value.indexOf(" #");
+            if (commentIndex !== -1) {
+                value = value.slice(0, commentIndex).trim();
+            }
+        }
+        result[key] = value;
+    }
+    return result;
+}
+/**
+ * Resolve `${VAR}` references in an env record.
+ *
+ * Resolution order:
+ * 1. process.env (allows runtime overrides)
+ * 2. Loaded .env values
+ *
+ * Unresolved references are left as empty strings.
+ */
+export function resolveEnvVars(env, loaded) {
+    const result = {};
+    for (const [key, value] of Object.entries(env)) {
+        result[key] = value.replace(/\$\{([^}]+)\}/g, (_match, varName) => {
+            return process.env[varName] ?? loaded[varName] ?? "";
+        });
+    }
+    return result;
+}
+//# sourceMappingURL=credentials.js.map

package/dist/credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../src/credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAEnD;;;;;;;;GAQG;AACH,MAAM,UAAU,WAAW,CAAC,QAAgB;IAC1C,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAE5B,gCAAgC;QAChC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAE7B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7C,IAAI,CAAC,GAAG;YAAE,SAAS;QAEnB,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAE9C,uBAAuB;QACvB,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAC9C,CAAC;YACD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,4CAA4C;YAC5C,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACzC,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;gBACxB,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,IAAI,EAAE,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;IACtB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,cAAc,CAC5B,GAA2B,EAC3B,MAA8B;IAE9B,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,MAAM,EAAE,OAAe,EAAE,EAAE;YACxE,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACvD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/db.d.ts

@@ -0,0 +1,44 @@
+import Database from "better-sqlite3";
+export interface AuditLogEntry {
+    id: string;
+    agent_name: string;
+    role_name: string;
+    app_name: string;
+    tool_name: string;
+    arguments?: string;
+    result?: string;
+    status: "success" | "error" | "denied" | "timeout" | "dropped";
+    duration_ms?: number;
+    timestamp: string;
+    session_type?: string;
+    acp_client?: string;
+}
+export interface ApprovalRequest {
+    id: string;
+    agent_name: string;
+    role_name: string;
+    app_name: string;
+    tool_name: string;
+    arguments?: string;
+    status: "pending" | "approved" | "denied";
+    requested_at: string;
+    resolved_at?: string;
+    resolved_by?: string;
+    ttl_seconds: number;
+}
+export interface AuditLogFilters {
+    agent_name?: string;
+    app_name?: string;
+    tool_name?: string;
+    status?: string;
+    session_type?: string;
+    limit?: number;
+}
+export declare function openDatabase(dbPath?: string): Database.Database;
+export declare function insertAuditLog(db: Database.Database, entry: AuditLogEntry): void;
+export declare function queryAuditLog(db: Database.Database, filters?: AuditLogFilters): AuditLogEntry[];
+export declare function createApprovalRequest(db: Database.Database, req: ApprovalRequest): void;
+export declare function getApprovalRequest(db: Database.Database, id: string): ApprovalRequest | undefined;
+export declare function updateApprovalStatus(db: Database.Database, id: string, status: "approved" | "denied", resolvedBy?: string): void;
+export declare function generateId(): string;
+//# sourceMappingURL=db.d.ts.map

package/dist/db.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"db.d.ts","sourceRoot":"","sources":["../src/db.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AAQtC,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,SAAS,GAAG,OAAO,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;IAC/D,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,QAAQ,CAAC;IAC1C,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAsCD,wBAAgB,YAAY,CAAC,MAAM,GAAE,MAAwB,GAAG,QAAQ,CAAC,QAAQ,CAgBhF;AAID,wBAAgB,cAAc,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,aAAa,GAAG,IAAI,CAmBhF;AAED,wBAAgB,aAAa,CAC3B,EAAE,EAAE,QAAQ,CAAC,QAAQ,EACrB,OAAO,CAAC,EAAE,eAAe,GACxB,aAAa,EAAE,CAqCjB;AAID,wBAAgB,qBAAqB,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,eAAe,GAAG,IAAI,CAWvF;AAED,wBAAgB,kBAAkB,CAChC,EAAE,EAAE,QAAQ,CAAC,QAAQ,EACrB,EAAE,EAAE,MAAM,GACT,eAAe,GAAG,SAAS,CAG7B;AAED,wBAAgB,oBAAoB,CAClC,EAAE,EAAE,QAAQ,CAAC,QAAQ,EACrB,EAAE,EAAE,MAAM,EACV,MAAM,EAAE,UAAU,GAAG,QAAQ,EAC7B,UAAU,CAAC,EAAE,MAAM,GAClB,IAAI,CAYN;AAID,wBAAgB,UAAU,IAAI,MAAM,CAEnC"}

package/dist/db.js

@@ -0,0 +1,146 @@
+import Database from "better-sqlite3";
+import { randomUUID } from "node:crypto";
+import { mkdirSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { homedir } from "node:os";
+// ── Schema ─────────────────────────────────────────────────────────────
+const CREATE_AUDIT_LOG = `
+CREATE TABLE IF NOT EXISTS audit_log (
+  id           TEXT PRIMARY KEY,
+  agent_name   TEXT NOT NULL,
+  role_name    TEXT NOT NULL,
+  app_name     TEXT NOT NULL,
+  tool_name    TEXT NOT NULL,
+  arguments    TEXT,
+  result       TEXT,
+  status       TEXT NOT NULL,
+  duration_ms  INTEGER,
+  timestamp    TEXT NOT NULL
+)`;
+const CREATE_APPROVAL_REQUESTS = `
+CREATE TABLE IF NOT EXISTS approval_requests (
+  id           TEXT PRIMARY KEY,
+  agent_name   TEXT NOT NULL,
+  role_name    TEXT NOT NULL,
+  app_name     TEXT NOT NULL,
+  tool_name    TEXT NOT NULL,
+  arguments    TEXT,
+  status       TEXT NOT NULL DEFAULT 'pending',
+  requested_at TEXT NOT NULL,
+  resolved_at  TEXT,
+  resolved_by  TEXT,
+  ttl_seconds  INTEGER NOT NULL DEFAULT 300
+)`;
+// ── Database ───────────────────────────────────────────────────────────
+const DEFAULT_DB_PATH = process.env.CHAPTER_DB_PATH
+    ?? join(homedir(), ".chapter", "data", "chapter.db");
+export function openDatabase(dbPath = DEFAULT_DB_PATH) {
+    if (dbPath !== ":memory:") {
+        mkdirSync(dirname(dbPath), { recursive: true });
+    }
+    const db = new Database(dbPath);
+    db.pragma("journal_mode = WAL");
+    db.exec(CREATE_AUDIT_LOG);
+    db.exec(CREATE_APPROVAL_REQUESTS);
+    // ── Schema Migrations (idempotent) ──────────────────────────────────
+    // Add ACP session columns to audit_log (nullable for backward compat)
+    try {
+        db.exec("ALTER TABLE audit_log ADD COLUMN session_type TEXT");
+    }
+    catch { /* column already exists */ }
+    try {
+        db.exec("ALTER TABLE audit_log ADD COLUMN acp_client TEXT");
+    }
+    catch { /* column already exists */ }
+    return db;
+}
+// ── Audit Log ──────────────────────────────────────────────────────────
+export function insertAuditLog(db, entry) {
+    const stmt = db.prepare(`
+    INSERT INTO audit_log (id, agent_name, role_name, app_name, tool_name, arguments, result, status, duration_ms, timestamp, session_type, acp_client)
+    VALUES (@id, @agent_name, @role_name, @app_name, @tool_name, @arguments, @result, @status, @duration_ms, @timestamp, @session_type, @acp_client)
+  `);
+    stmt.run({
+        id: entry.id,
+        agent_name: entry.agent_name,
+        role_name: entry.role_name,
+        app_name: entry.app_name,
+        tool_name: entry.tool_name,
+        arguments: entry.arguments ?? null,
+        result: entry.result ?? null,
+        status: entry.status,
+        duration_ms: entry.duration_ms ?? null,
+        timestamp: entry.timestamp,
+        session_type: entry.session_type ?? null,
+        acp_client: entry.acp_client ?? null,
+    });
+}
+export function queryAuditLog(db, filters) {
+    const conditions = [];
+    const params = {};
+    if (filters?.agent_name) {
+        conditions.push("agent_name = @agent_name");
+        params.agent_name = filters.agent_name;
+    }
+    if (filters?.app_name) {
+        conditions.push("app_name = @app_name");
+        params.app_name = filters.app_name;
+    }
+    if (filters?.tool_name) {
+        conditions.push("tool_name = @tool_name");
+        params.tool_name = filters.tool_name;
+    }
+    if (filters?.status) {
+        conditions.push("status = @status");
+        params.status = filters.status;
+    }
+    if (filters?.session_type) {
+        conditions.push("session_type = @session_type");
+        params.session_type = filters.session_type;
+    }
+    let sql = "SELECT * FROM audit_log";
+    if (conditions.length > 0) {
+        sql += " WHERE " + conditions.join(" AND ");
+    }
+    sql += " ORDER BY timestamp DESC";
+    if (filters?.limit) {
+        sql += " LIMIT @limit";
+        params.limit = filters.limit;
+    }
+    return db.prepare(sql).all(params);
+}
+// ── Approval Requests ──────────────────────────────────────────────────
+export function createApprovalRequest(db, req) {
+    const stmt = db.prepare(`
+    INSERT INTO approval_requests (id, agent_name, role_name, app_name, tool_name, arguments, status, requested_at, resolved_at, resolved_by, ttl_seconds)
+    VALUES (@id, @agent_name, @role_name, @app_name, @tool_name, @arguments, @status, @requested_at, @resolved_at, @resolved_by, @ttl_seconds)
+  `);
+    stmt.run({
+        ...req,
+        resolved_at: req.resolved_at ?? null,
+        resolved_by: req.resolved_by ?? null,
+        arguments: req.arguments ?? null,
+    });
+}
+export function getApprovalRequest(db, id) {
+    const stmt = db.prepare("SELECT * FROM approval_requests WHERE id = ?");
+    return stmt.get(id);
+}
+export function updateApprovalStatus(db, id, status, resolvedBy) {
+    const stmt = db.prepare(`
+    UPDATE approval_requests
+    SET status = @status, resolved_at = @resolved_at, resolved_by = @resolved_by
+    WHERE id = @id
+  `);
+    stmt.run({
+        id,
+        status,
+        resolved_at: new Date().toISOString(),
+        resolved_by: resolvedBy ?? null,
+    });
+}
+// ── Helpers ────────────────────────────────────────────────────────────
+export function generateId() {
+    return randomUUID();
+}
+//# sourceMappingURL=db.js.map

package/dist/db.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"db.js","sourceRoot":"","sources":["../src/db.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AA0ClC,0EAA0E;AAE1E,MAAM,gBAAgB,GAAG;;;;;;;;;;;;EAYvB,CAAC;AAEH,MAAM,wBAAwB,GAAG;;;;;;;;;;;;;EAa/B,CAAC;AAEH,0EAA0E;AAE1E,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe;OAC9C,IAAI,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,CAAC,CAAC;AAEvD,MAAM,UAAU,YAAY,CAAC,SAAiB,eAAe;IAC3D,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;QAC1B,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;IAChC,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAChC,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC1B,EAAE,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAElC,uEAAuE;IACvE,sEAAsE;IACtE,IAAI,CAAC;QAAC,EAAE,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,2BAA2B,CAAC,CAAC;IAC5G,IAAI,CAAC;QAAC,EAAE,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,2BAA2B,CAAC,CAAC;IAE1G,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,0EAA0E;AAE1E,MAAM,UAAU,cAAc,CAAC,EAAqB,EAAE,KAAoB;IACxE,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC;;;GAGvB,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC;QACP,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;QAClC,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,IAAI;QAC5B,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI;QACtC,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,YAAY,EAAE,KAAK,CAAC,YAAY,IAAI,IAAI;QACxC,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,IAAI;KACrC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,aAAa,CAC3B,EAAqB,EACrB,OAAyB;IAEzB,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,MAAM,GAAoC,EAAE,CAAC;IAEnD,IAAI,OAAO,EAAE,UAAU,EAAE,CAAC;QACxB,UAAU,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;QAC5C,MAAM,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACzC,CAAC;IACD,IAAI,OAAO,EAAE,QAAQ,EAAE,CAAC;QACtB,UAAU,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACxC,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IACrC,CAAC;IACD,IAAI,OAAO,EAAE,SAAS,EAAE,CAAC;QACvB,UAAU,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;QAC1C,MAAM,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;IACvC,CAAC;IACD,IAAI,OAAO,EAAE,MAAM,EAAE,CAAC;QACpB,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACpC,MAAM,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IACjC,CAAC;IACD,IAAI,OAAO,EAAE,YAAY,EAAE,CAAC;QAC1B,UAAU,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAChD,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC7C,CAAC;IAED,IAAI,GAAG,GAAG,yBAAyB,CAAC;IACpC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,GAAG,IAAI,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;IACD,GAAG,IAAI,0BAA0B,CAAC;IAElC,IAAI,OAAO,EAAE,KAAK,EAAE,CAAC;QACnB,GAAG,IAAI,eAAe,CAAC;QACvB,MAAM,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC/B,CAAC;IAED,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAoB,CAAC;AACxD,CAAC;AAED,0EAA0E;AAE1E,MAAM,UAAU,qBAAqB,CAAC,EAAqB,EAAE,GAAoB;IAC/E,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC;;;GAGvB,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC;QACP,GAAG,GAAG;QACN,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,IAAI;QACpC,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,IAAI;QACpC,SAAS,EAAE,GAAG,CAAC,SAAS,IAAI,IAAI;KACjC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,EAAqB,EACrB,EAAU;IAEV,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC;IACxE,OAAO,IAAI,CAAC,GAAG,CAAC,EAAE,CAAgC,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,EAAqB,EACrB,EAAU,EACV,MAA6B,EAC7B,UAAmB;IAEnB,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC;;;;GAIvB,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC;QACP,EAAE;QACF,MAAM;QACN,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,WAAW,EAAE,UAAU,IAAI,IAAI;KAChC,CAAC,CAAC;AACL,CAAC;AAED,0EAA0E;AAE1E,MAAM,UAAU,UAAU;IACxB,OAAO,UAAU,EAAE,CAAC;AACtB,CAAC"}

package/dist/handlers/connect-agent.d.ts

@@ -0,0 +1,41 @@
+import type { IncomingMessage, ServerResponse } from "node:http";
+export type RiskLevel = "HIGH" | "MEDIUM" | "LOW";
+export interface SessionEntry {
+    sessionId: string;
+    sessionToken: string;
+    agentId: string;
+    role: string;
+    connectedAt: string;
+}
+export declare class SessionStore {
+    /** session_id → SessionEntry */
+    private sessions;
+    /** sessionToken → session_id (secondary index for O(1) token lookup) */
+    private tokenIndex;
+    /** Risk level for this proxy instance (set at construction). */
+    readonly riskLevel: RiskLevel;
+    /** Number of agent connections established through this store. */
+    private agentConnectionCount;
+    constructor(riskLevel?: RiskLevel);
+    /**
+     * Returns true if the session is locked due to risk-based connection limits.
+     * HIGH and MEDIUM risk roles only allow one agent connection per proxy instance.
+     */
+    isLocked(): boolean;
+    create(agentId: string, role: string): SessionEntry;
+    getByToken(token: string): SessionEntry | undefined;
+    getById(sessionId: string): SessionEntry | undefined;
+    get size(): number;
+    get connectionCount(): number;
+}
+/**
+ * Handle POST /connect-agent requests.
+ *
+ * Authenticates using the proxy token (MCP_PROXY_TOKEN in Authorization header),
+ * creates a new session, and returns { sessionToken, sessionId }.
+ *
+ * For HIGH and MEDIUM risk roles, only one agent connection is allowed per
+ * proxy instance. Subsequent connection attempts are rejected with 403.
+ */
+export declare function handleConnectAgent(req: IncomingMessage, res: ServerResponse, proxyToken: string, sessionStore: SessionStore, agentId?: string, role?: string): void;
+//# sourceMappingURL=connect-agent.d.ts.map

package/dist/handlers/connect-agent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"connect-agent.d.ts","sourceRoot":"","sources":["../../src/handlers/connect-agent.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAIjE,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAElD,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;CACrB;AAID,qBAAa,YAAY;IACvB,gCAAgC;IAChC,OAAO,CAAC,QAAQ,CAAmC;IACnD,wEAAwE;IACxE,OAAO,CAAC,UAAU,CAA6B;IAC/C,gEAAgE;IAChE,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAC9B,kEAAkE;IAClE,OAAO,CAAC,oBAAoB,CAAK;gBAErB,SAAS,GAAE,SAAiB;IAIxC;;;OAGG;IACH,QAAQ,IAAI,OAAO;IAKnB,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,YAAY;IAgBnD,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS;IAMnD,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS;IAIpD,IAAI,IAAI,IAAI,MAAM,CAEjB;IAED,IAAI,eAAe,IAAI,MAAM,CAE5B;CACF;AAID;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,eAAe,EACpB,GAAG,EAAE,cAAc,EACnB,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,YAAY,EAC1B,OAAO,CAAC,EAAE,MAAM,EAChB,IAAI,CAAC,EAAE,MAAM,GACZ,IAAI,CA+CN"}

package/dist/handlers/connect-agent.js

@@ -0,0 +1,101 @@
+import { randomBytes, randomUUID } from "node:crypto";
+// ── SessionStore ────────────────────────────────────────────────────────
+export class SessionStore {
+    /** session_id → SessionEntry */
+    sessions = new Map();
+    /** sessionToken → session_id (secondary index for O(1) token lookup) */
+    tokenIndex = new Map();
+    /** Risk level for this proxy instance (set at construction). */
+    riskLevel;
+    /** Number of agent connections established through this store. */
+    agentConnectionCount = 0;
+    constructor(riskLevel = "LOW") {
+        this.riskLevel = riskLevel;
+    }
+    /**
+     * Returns true if the session is locked due to risk-based connection limits.
+     * HIGH and MEDIUM risk roles only allow one agent connection per proxy instance.
+     */
+    isLocked() {
+        if (this.riskLevel === "LOW")
+            return false;
+        return this.agentConnectionCount > 0;
+    }
+    create(agentId, role) {
+        const sessionId = randomUUID();
+        const sessionToken = randomBytes(32).toString("hex");
+        const entry = {
+            sessionId,
+            sessionToken,
+            agentId,
+            role,
+            connectedAt: new Date().toISOString(),
+        };
+        this.sessions.set(sessionId, entry);
+        this.tokenIndex.set(sessionToken, sessionId);
+        this.agentConnectionCount++;
+        return entry;
+    }
+    getByToken(token) {
+        const sessionId = this.tokenIndex.get(token);
+        if (!sessionId)
+            return undefined;
+        return this.sessions.get(sessionId);
+    }
+    getById(sessionId) {
+        return this.sessions.get(sessionId);
+    }
+    get size() {
+        return this.sessions.size;
+    }
+    get connectionCount() {
+        return this.agentConnectionCount;
+    }
+}
+// ── Handler ────────────────────────────────────────────────────────────
+/**
+ * Handle POST /connect-agent requests.
+ *
+ * Authenticates using the proxy token (MCP_PROXY_TOKEN in Authorization header),
+ * creates a new session, and returns { sessionToken, sessionId }.
+ *
+ * For HIGH and MEDIUM risk roles, only one agent connection is allowed per
+ * proxy instance. Subsequent connection attempts are rejected with 403.
+ */
+export function handleConnectAgent(req, res, proxyToken, sessionStore, agentId, role) {
+    // Method check
+    if (req.method !== "POST") {
+        res.writeHead(405, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Method not allowed" }));
+        return;
+    }
+    // Auth check
+    const auth = req.headers.authorization;
+    if (!auth) {
+        res.writeHead(401, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Unauthorized" }));
+        return;
+    }
+    const [scheme, token] = auth.split(" ", 2);
+    if (scheme !== "Bearer" || token !== proxyToken) {
+        res.writeHead(401, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Unauthorized" }));
+        return;
+    }
+    // Risk-based connection limit check
+    if (sessionStore.isLocked()) {
+        res.writeHead(403, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({
+            error: `Session locked — ${sessionStore.riskLevel} risk role does not allow additional agent connections`,
+        }));
+        return;
+    }
+    // Create session
+    const session = sessionStore.create(agentId ?? "unknown", role ?? "unknown");
+    res.writeHead(200, { "Content-Type": "application/json" });
+    res.end(JSON.stringify({
+        sessionToken: session.sessionToken,
+        sessionId: session.sessionId,
+    }));
+}
+//# sourceMappingURL=connect-agent.js.map

package/dist/handlers/connect-agent.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"connect-agent.js","sourceRoot":"","sources":["../../src/handlers/connect-agent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAetD,2EAA2E;AAE3E,MAAM,OAAO,YAAY;IACvB,gCAAgC;IACxB,QAAQ,GAAG,IAAI,GAAG,EAAwB,CAAC;IACnD,wEAAwE;IAChE,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC/C,gEAAgE;IACvD,SAAS,CAAY;IAC9B,kEAAkE;IAC1D,oBAAoB,GAAG,CAAC,CAAC;IAEjC,YAAY,YAAuB,KAAK;QACtC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7B,CAAC;IAED;;;OAGG;IACH,QAAQ;QACN,IAAI,IAAI,CAAC,SAAS,KAAK,KAAK;YAAE,OAAO,KAAK,CAAC;QAC3C,OAAO,IAAI,CAAC,oBAAoB,GAAG,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,CAAC,OAAe,EAAE,IAAY;QAClC,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAC/B,MAAM,YAAY,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACrD,MAAM,KAAK,GAAiB;YAC1B,SAAS;YACT,YAAY;YACZ,OAAO;YACP,IAAI;YACJ,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACtC,CAAC;QACF,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACpC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAC7C,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,UAAU,CAAC,KAAa;QACtB,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,CAAC,SAAS;YAAE,OAAO,SAAS,CAAC;QACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAED,OAAO,CAAC,SAAiB;QACvB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC;IAC5B,CAAC;IAED,IAAI,eAAe;QACjB,OAAO,IAAI,CAAC,oBAAoB,CAAC;IACnC,CAAC;CACF;AAED,0EAA0E;AAE1E;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAChC,GAAoB,EACpB,GAAmB,EACnB,UAAkB,EAClB,YAA0B,EAC1B,OAAgB,EAChB,IAAa;IAEb,eAAe;IACf,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC1B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC;QACzD,OAAO;IACT,CAAC;IAED,aAAa;IACb,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IACvC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;QACnD,OAAO;IACT,CAAC;IAED,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAC3C,IAAI,MAAM,KAAK,QAAQ,IAAI,KAAK,KAAK,UAAU,EAAE,CAAC;QAChD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC;QACnD,OAAO;IACT,CAAC;IAED,oCAAoC;IACpC,IAAI,YAAY,CAAC,QAAQ,EAAE,EAAE,CAAC;QAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;YACb,KAAK,EAAE,oBAAoB,YAAY,CAAC,SAAS,wDAAwD;SAC1G,CAAC,CACH,CAAC;QACF,OAAO;IACT,CAAC;IAED,iBAAiB;IACjB,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CACjC,OAAO,IAAI,SAAS,EACpB,IAAI,IAAI,SAAS,CAClB,CAAC;IAEF,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,GAAG,CACL,IAAI,CAAC,SAAS,CAAC;QACb,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,SAAS,EAAE,OAAO,CAAC,SAAS;KAC7B,CAAC,CACH,CAAC;AACJ,CAAC"}

package/dist/handlers/credential-relay.d.ts

@@ -0,0 +1,52 @@
+import type { IncomingMessage } from "node:http";
+import { WebSocket } from "ws";
+import type { SessionStore } from "./connect-agent.js";
+export interface CredentialRelayConfig {
+    /** Token the credential service uses to authenticate its WebSocket connection. */
+    credentialProxyToken: string;
+    /** Timeout for credential requests in milliseconds. Default: 30000. */
+    requestTimeoutMs?: number;
+}
+export interface CredentialToolResult {
+    key: string;
+    value?: string;
+    error?: string;
+    source?: string;
+}
+/**
+ * Manages the WebSocket connection from the credential service and
+ * handles credential_request tool calls from agents.
+ */
+export declare class CredentialRelay {
+    private readonly credentialProxyToken;
+    private readonly requestTimeoutMs;
+    private credentialServiceWs;
+    private pendingRequests;
+    private wss;
+    constructor(config: CredentialRelayConfig);
+    /**
+     * Handle an HTTP upgrade request for the /ws/credentials endpoint.
+     * Authenticates the credential service and accepts the WebSocket connection.
+     */
+    handleUpgrade(req: IncomingMessage, socket: import("node:stream").Duplex, head: Buffer): void;
+    /**
+     * Accept a credential service WebSocket connection.
+     * If a previous connection exists, it is closed.
+     */
+    acceptCredentialService(ws: WebSocket): void;
+    /**
+     * Handle a credential_request tool call from an agent.
+     *
+     * Validates the session token, forwards the request to the credential service
+     * over WebSocket, and returns the response.
+     */
+    handleCredentialRequest(sessionStore: SessionStore, key: string, sessionToken: string, declaredCredentials?: string[]): Promise<CredentialToolResult>;
+    /** Whether the credential service is currently connected. */
+    get isCredentialServiceConnected(): boolean;
+    /** Number of in-flight credential requests. */
+    get pendingRequestCount(): number;
+    /** Close the WebSocket server and any active connection. */
+    close(): void;
+    private handleResponse;
+}
+//# sourceMappingURL=credential-relay.d.ts.map

package/dist/handlers/credential-relay.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-relay.d.ts","sourceRoot":"","sources":["../../src/handlers/credential-relay.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AACjD,OAAO,EAAmB,SAAS,EAAE,MAAM,IAAI,CAAC;AAChD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAIvD,MAAM,WAAW,qBAAqB;IACpC,kFAAkF;IAClF,oBAAoB,EAAE,MAAM,CAAC;IAC7B,uEAAuE;IACvE,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,oBAAoB;IACnC,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AASD;;;GAGG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAS;IAC9C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,mBAAmB,CAA0B;IACrD,OAAO,CAAC,eAAe,CAAqC;IAC5D,OAAO,CAAC,GAAG,CAAkB;gBAEjB,MAAM,EAAE,qBAAqB;IAMzC;;;OAGG;IACH,aAAa,CAAC,GAAG,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,aAAa,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI;IAqB7F;;;OAGG;IACH,uBAAuB,CAAC,EAAE,EAAE,SAAS,GAAG,IAAI;IA0B5C;;;;;OAKG;IACG,uBAAuB,CAC3B,YAAY,EAAE,YAAY,EAC1B,GAAG,EAAE,MAAM,EACX,YAAY,EAAE,MAAM,EACpB,mBAAmB,CAAC,EAAE,MAAM,EAAE,GAC7B,OAAO,CAAC,oBAAoB,CAAC;IAgDhC,6DAA6D;IAC7D,IAAI,4BAA4B,IAAI,OAAO,CAE1C;IAED,+CAA+C;IAC/C,IAAI,mBAAmB,IAAI,MAAM,CAEhC;IAED,4DAA4D;IAC5D,KAAK,IAAI,IAAI;IAkBb,OAAO,CAAC,cAAc;CA+BvB"}

package/dist/handlers/credential-relay.js

@@ -0,0 +1,169 @@
+import { randomUUID } from "node:crypto";
+import { WebSocketServer, WebSocket } from "ws";
+// ── CredentialRelay ────────────────────────────────────────────────────
+/**
+ * Manages the WebSocket connection from the credential service and
+ * handles credential_request tool calls from agents.
+ */
+export class CredentialRelay {
+    credentialProxyToken;
+    requestTimeoutMs;
+    credentialServiceWs = null;
+    pendingRequests = new Map();
+    wss;
+    constructor(config) {
+        this.credentialProxyToken = config.credentialProxyToken;
+        this.requestTimeoutMs = config.requestTimeoutMs ?? 30_000;
+        this.wss = new WebSocketServer({ noServer: true });
+    }
+    /**
+     * Handle an HTTP upgrade request for the /ws/credentials endpoint.
+     * Authenticates the credential service and accepts the WebSocket connection.
+     */
+    handleUpgrade(req, socket, head) {
+        // Authenticate
+        const auth = req.headers.authorization;
+        if (!auth) {
+            socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
+            socket.destroy();
+            return;
+        }
+        const [scheme, token] = auth.split(" ", 2);
+        if (scheme !== "Bearer" || token !== this.credentialProxyToken) {
+            socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
+            socket.destroy();
+            return;
+        }
+        this.wss.handleUpgrade(req, socket, head, (ws) => {
+            this.acceptCredentialService(ws);
+        });
+    }
+    /**
+     * Accept a credential service WebSocket connection.
+     * If a previous connection exists, it is closed.
+     */
+    acceptCredentialService(ws) {
+        // Close previous connection if any
+        if (this.credentialServiceWs && this.credentialServiceWs.readyState === WebSocket.OPEN) {
+            this.credentialServiceWs.close(1000, "Replaced by new connection");
+        }
+        this.credentialServiceWs = ws;
+        ws.on("message", (data) => {
+            this.handleResponse(data);
+        });
+        ws.on("close", () => {
+            if (this.credentialServiceWs === ws) {
+                this.credentialServiceWs = null;
+            }
+        });
+        ws.on("error", () => {
+            // Error handler to prevent unhandled rejection
+            if (this.credentialServiceWs === ws) {
+                this.credentialServiceWs = null;
+            }
+        });
+    }
+    /**
+     * Handle a credential_request tool call from an agent.
+     *
+     * Validates the session token, forwards the request to the credential service
+     * over WebSocket, and returns the response.
+     */
+    async handleCredentialRequest(sessionStore, key, sessionToken, declaredCredentials) {
+        // Validate session token
+        const session = sessionStore.getByToken(sessionToken);
+        if (!session) {
+            return { key, error: "Invalid session token" };
+        }
+        // Check credential service is connected
+        if (!this.credentialServiceWs || this.credentialServiceWs.readyState !== WebSocket.OPEN) {
+            return { key, error: "Credential service not connected" };
+        }
+        // Forward request to credential service
+        const requestId = randomUUID();
+        const request = {
+            id: requestId,
+            key,
+            agentId: session.agentId,
+            role: session.role,
+            sessionId: session.sessionId,
+            declaredCredentials: declaredCredentials ?? [],
+        };
+        return new Promise((resolve) => {
+            const timer = setTimeout(() => {
+                this.pendingRequests.delete(requestId);
+                resolve({ key, error: "Credential request timed out" });
+            }, this.requestTimeoutMs);
+            this.pendingRequests.set(requestId, { resolve, timer });
+            const ws = this.credentialServiceWs;
+            if (!ws) {
+                clearTimeout(timer);
+                this.pendingRequests.delete(requestId);
+                resolve({ key, error: "Credential service disconnected" });
+                return;
+            }
+            ws.send(JSON.stringify(request), (err) => {
+                if (err) {
+                    clearTimeout(timer);
+                    this.pendingRequests.delete(requestId);
+                    resolve({ key, error: `Failed to send request: ${err.message}` });
+                }
+            });
+        });
+    }
+    /** Whether the credential service is currently connected. */
+    get isCredentialServiceConnected() {
+        return this.credentialServiceWs !== null && this.credentialServiceWs.readyState === WebSocket.OPEN;
+    }
+    /** Number of in-flight credential requests. */
+    get pendingRequestCount() {
+        return this.pendingRequests.size;
+    }
+    /** Close the WebSocket server and any active connection. */
+    close() {
+        // Reject all pending requests
+        for (const [id, pending] of this.pendingRequests) {
+            clearTimeout(pending.timer);
+            pending.resolve({ key: "unknown", error: "Relay shutting down" });
+            this.pendingRequests.delete(id);
+        }
+        if (this.credentialServiceWs) {
+            this.credentialServiceWs.close(1000, "Proxy shutting down");
+            this.credentialServiceWs = null;
+        }
+        this.wss.close();
+    }
+    // ── Private ──────────────────────────────────────────────────────────
+    handleResponse(data) {
+        let parsed;
+        try {
+            parsed = JSON.parse(String(data));
+        }
+        catch {
+            return;
+        }
+        const id = parsed.id;
+        if (!id)
+            return;
+        const pending = this.pendingRequests.get(id);
+        if (!pending)
+            return;
+        clearTimeout(pending.timer);
+        this.pendingRequests.delete(id);
+        // Check if it's an error response
+        if ("error" in parsed) {
+            pending.resolve({
+                key: parsed.key ?? "unknown",
+                error: parsed.error,
+            });
+        }
+        else {
+            pending.resolve({
+                key: parsed.key ?? "unknown",
+                value: parsed.value,
+                source: parsed.source,
+            });
+        }
+    }
+}
+//# sourceMappingURL=credential-relay.js.map

package/dist/handlers/credential-relay.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-relay.js","sourceRoot":"","sources":["../../src/handlers/credential-relay.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AAwBhD,0EAA0E;AAE1E;;;GAGG;AACH,MAAM,OAAO,eAAe;IACT,oBAAoB,CAAS;IAC7B,gBAAgB,CAAS;IAClC,mBAAmB,GAAqB,IAAI,CAAC;IAC7C,eAAe,GAAG,IAAI,GAAG,EAA0B,CAAC;IACpD,GAAG,CAAkB;IAE7B,YAAY,MAA6B;QACvC,IAAI,CAAC,oBAAoB,GAAG,MAAM,CAAC,oBAAoB,CAAC;QACxD,IAAI,CAAC,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,IAAI,MAAM,CAAC;QAC1D,IAAI,CAAC,GAAG,GAAG,IAAI,eAAe,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IACrD,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,GAAoB,EAAE,MAAoC,EAAE,IAAY;QACpF,eAAe;QACf,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QACvC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;YAClD,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QAED,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC3C,IAAI,MAAM,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC/D,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;YAClD,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE;YAC/C,IAAI,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,uBAAuB,CAAC,EAAa;QACnC,mCAAmC;QACnC,IAAI,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,mBAAmB,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,EAAE,CAAC;YACvF,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,IAAI,EAAE,4BAA4B,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,CAAC,mBAAmB,GAAG,EAAE,CAAC;QAE9B,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YAClB,IAAI,IAAI,CAAC,mBAAmB,KAAK,EAAE,EAAE,CAAC;gBACpC,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;YAClC,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YAClB,+CAA+C;YAC/C,IAAI,IAAI,CAAC,mBAAmB,KAAK,EAAE,EAAE,CAAC;gBACpC,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;YAClC,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,uBAAuB,CAC3B,YAA0B,EAC1B,GAAW,EACX,YAAoB,EACpB,mBAA8B;QAE9B,yBAAyB;QACzB,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;QACtD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC;QACjD,CAAC;QAED,wCAAwC;QACxC,IAAI,CAAC,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,mBAAmB,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,EAAE,CAAC;YACxF,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,kCAAkC,EAAE,CAAC;QAC5D,CAAC;QAED,wCAAwC;QACxC,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG;YACd,EAAE,EAAE,SAAS;YACb,GAAG;YACH,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,mBAAmB,EAAE,mBAAmB,IAAI,EAAE;SAC/C,CAAC;QAEF,OAAO,IAAI,OAAO,CAAuB,CAAC,OAAO,EAAE,EAAE;YACnD,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBACvC,OAAO,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;YAC1D,CAAC,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAE1B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;YAExD,MAAM,EAAE,GAAG,IAAI,CAAC,mBAAmB,CAAC;YACpC,IAAI,CAAC,EAAE,EAAE,CAAC;gBACR,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBACvC,OAAO,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,iCAAiC,EAAE,CAAC,CAAC;gBAC3D,OAAO;YACT,CAAC;YACD,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE;gBACvC,IAAI,GAAG,EAAE,CAAC;oBACR,YAAY,CAAC,KAAK,CAAC,CAAC;oBACpB,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;oBACvC,OAAO,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,2BAA2B,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBACpE,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,6DAA6D;IAC7D,IAAI,4BAA4B;QAC9B,OAAO,IAAI,CAAC,mBAAmB,KAAK,IAAI,IAAI,IAAI,CAAC,mBAAmB,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,CAAC;IACrG,CAAC;IAED,+CAA+C;IAC/C,IAAI,mBAAmB;QACrB,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC;IACnC,CAAC;IAED,4DAA4D;IAC5D,KAAK;QACH,8BAA8B;QAC9B,KAAK,MAAM,CAAC,EAAE,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACjD,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC5B,OAAO,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;YAClE,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAClC,CAAC;QAED,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC7B,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;YAC5D,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;QAClC,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;IAED,wEAAwE;IAEhE,cAAc,CAAC,IAAa;QAClC,IAAI,MAA+B,CAAC;QACpC,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAA4B,CAAC;QAC/D,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QAED,MAAM,EAAE,GAAG,MAAM,CAAC,EAAwB,CAAC;QAC3C,IAAI,CAAC,EAAE;YAAE,OAAO;QAEhB,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO;YAAE,OAAO;QAErB,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC5B,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAEhC,kCAAkC;QAClC,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;YACtB,OAAO,CAAC,OAAO,CAAC;gBACd,GAAG,EAAG,MAAM,CAAC,GAAc,IAAI,SAAS;gBACxC,KAAK,EAAE,MAAM,CAAC,KAAe;aAC9B,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,OAAO,CAAC;gBACd,GAAG,EAAG,MAAM,CAAC,GAAc,IAAI,SAAS;gBACxC,KAAK,EAAE,MAAM,CAAC,KAAe;gBAC7B,MAAM,EAAE,MAAM,CAAC,MAA4B;aAC5C,CAAC,CAAC;QACL,CAAC;IACH,CAAC;CACF"}

package/dist/hooks/approval.d.ts

@@ -0,0 +1,17 @@
+import type Database from "better-sqlite3";
+import type { HookContext } from "./audit.js";
+export interface ApprovalOptions {
+    ttlSeconds?: number;
+    pollIntervalMs?: number;
+}
+/**
+ * Returns true if prefixedToolName matches any of the glob patterns.
+ * Patterns support `*` as a wildcard matching any sequence of characters.
+ */
+export declare function matchesApprovalPattern(prefixedToolName: string, patterns: string[]): boolean;
+/**
+ * Creates a pending approval request and polls until resolved or TTL expires.
+ * Returns "approved", "denied", or "timeout".
+ */
+export declare function requestApproval(context: HookContext, db: Database.Database, options?: ApprovalOptions): Promise<"approved" | "denied" | "timeout">;
+//# sourceMappingURL=approval.d.ts.map

package/dist/hooks/approval.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approval.d.ts","sourceRoot":"","sources":["../../src/hooks/approval.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAQ3C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAI9C,MAAM,WAAW,eAAe;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAID;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,gBAAgB,EAAE,MAAM,EACxB,QAAQ,EAAE,MAAM,EAAE,GACjB,OAAO,CAMT;AAWD;;;GAGG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,WAAW,EACpB,EAAE,EAAE,QAAQ,CAAC,QAAQ,EACrB,OAAO,CAAC,EAAE,eAAe,GACxB,OAAO,CAAC,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC,CA+D5C"}

package/dist/hooks/approval.js

@@ -0,0 +1,84 @@
+import { generateId, createApprovalRequest, getApprovalRequest, updateApprovalStatus, } from "../db.js";
+// ── Pattern Matching ────────────────────────────────────────────────────
+/**
+ * Returns true if prefixedToolName matches any of the glob patterns.
+ * Patterns support `*` as a wildcard matching any sequence of characters.
+ */
+export function matchesApprovalPattern(prefixedToolName, patterns) {
+    return patterns.some((pattern) => {
+        const escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&");
+        const regex = new RegExp("^" + escaped.replace(/\*/g, ".*") + "$");
+        return regex.test(prefixedToolName);
+    });
+}
+// ── Approval Flow ───────────────────────────────────────────────────────
+const DEFAULT_TTL_SECONDS = 300;
+const DEFAULT_POLL_INTERVAL_MS = 1000;
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/**
+ * Creates a pending approval request and polls until resolved or TTL expires.
+ * Returns "approved", "denied", or "timeout".
+ */
+export async function requestApproval(context, db, options) {
+    const ttlSeconds = options?.ttlSeconds ?? DEFAULT_TTL_SECONDS;
+    const pollIntervalMs = options?.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS;
+    const id = generateId();
+    const req = {
+        id,
+        agent_name: context.agentName,
+        role_name: context.roleName,
+        app_name: context.appName,
+        tool_name: context.prefixedToolName,
+        arguments: context.arguments != null ? JSON.stringify(context.arguments) : undefined,
+        status: "pending",
+        requested_at: new Date().toISOString(),
+        ttl_seconds: ttlSeconds,
+    };
+    try {
+        createApprovalRequest(db, req);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`[chapter] approval request creation failed: ${message}`);
+        return "denied";
+    }
+    const deadline = Date.now() + ttlSeconds * 1000;
+    while (Date.now() < deadline) {
+        await sleep(pollIntervalMs);
+        try {
+            const current = getApprovalRequest(db, id);
+            if (!current) {
+                console.error(`[chapter] approval request ${id} disappeared from database`);
+                return "denied";
+            }
+            if (current.status === "approved") {
+                return "approved";
+            }
+            if (current.status === "denied") {
+                return "denied";
+            }
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            console.error(`[chapter] approval request poll failed: ${message}`);
+            return "denied";
+        }
+    }
+    // TTL expired — auto-deny
+    try {
+        // Check one final time to avoid race with external approval
+        const final = getApprovalRequest(db, id);
+        if (final && final.status !== "pending") {
+            return final.status;
+        }
+        updateApprovalStatus(db, id, "denied", "auto-timeout");
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`[chapter] approval auto-timeout update failed: ${message}`);
+    }
+    return "timeout";
+}
+//# sourceMappingURL=approval.js.map

package/dist/hooks/approval.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"approval.js","sourceRoot":"","sources":["../../src/hooks/approval.ts"],"names":[],"mappings":"AACA,OAAO,EACL,UAAU,EACV,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAWlB,2EAA2E;AAE3E;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CACpC,gBAAwB,EACxB,QAAkB;IAElB,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QAC/B,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;QAC9D,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;QACnE,OAAO,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,2EAA2E;AAE3E,MAAM,mBAAmB,GAAG,GAAG,CAAC;AAChC,MAAM,wBAAwB,GAAG,IAAI,CAAC;AAEtC,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAoB,EACpB,EAAqB,EACrB,OAAyB;IAEzB,MAAM,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,mBAAmB,CAAC;IAC9D,MAAM,cAAc,GAAG,OAAO,EAAE,cAAc,IAAI,wBAAwB,CAAC;IAE3E,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,MAAM,GAAG,GAAoB;QAC3B,EAAE;QACF,UAAU,EAAE,OAAO,CAAC,SAAS;QAC7B,SAAS,EAAE,OAAO,CAAC,QAAQ;QAC3B,QAAQ,EAAE,OAAO,CAAC,OAAO;QACzB,SAAS,EAAE,OAAO,CAAC,gBAAgB;QACnC,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;QACpF,MAAM,EAAE,SAAS;QACjB,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACtC,WAAW,EAAE,UAAU;KACxB,CAAC;IAEF,IAAI,CAAC;QACH,qBAAqB,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,+CAA+C,OAAO,EAAE,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,GAAG,IAAI,CAAC;IAEhD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,MAAM,KAAK,CAAC,cAAc,CAAC,CAAC;QAE5B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,kBAAkB,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;YAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,4BAA4B,CAAC,CAAC;gBAC5E,OAAO,QAAQ,CAAC;YAClB,CAAC;YACD,IAAI,OAAO,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;gBAClC,OAAO,UAAU,CAAC;YACpB,CAAC;YACD,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAChC,OAAO,QAAQ,CAAC;YAClB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,CAAC,KAAK,CAAC,2CAA2C,OAAO,EAAE,CAAC,CAAC;YACpE,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,IAAI,CAAC;QACH,4DAA4D;QAC5D,MAAM,KAAK,GAAG,kBAAkB,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACzC,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC,MAA+B,CAAC;QAC/C,CAAC;QACD,oBAAoB,CAAC,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IACzD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,kDAAkD,OAAO,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/hooks/audit.d.ts

@@ -0,0 +1,30 @@
+import type Database from "better-sqlite3";
+import type { AuditLogEntry } from "../db.js";
+export interface HookContext {
+    agentName: string;
+    roleName: string;
+    appName: string;
+    toolName: string;
+    prefixedToolName: string;
+    arguments: unknown;
+    sessionType?: string;
+    acpClient?: string;
+}
+export interface AuditPreHookResult {
+    id: string;
+    startTime: number;
+}
+export declare function auditPreHook(context: HookContext): AuditPreHookResult;
+export declare function auditPostHook(context: HookContext, preResult: AuditPreHookResult, callResult: unknown, status: AuditLogEntry["status"], db: Database.Database): void;
+export interface DroppedServer {
+    name: string;
+    reason: string;
+}
+/**
+ * Log each dropped (unmatched) MCP server as an audit entry with status "dropped".
+ *
+ * Called during ACP session setup when MCP servers from the ACP client
+ * don't match any chapter App.
+ */
+export declare function logDroppedServers(db: Database.Database, unmatched: DroppedServer[], agentName: string, roleName: string, acpClient?: string): void;
+//# sourceMappingURL=audit.d.ts.map

package/dist/hooks/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/hooks/audit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAE3C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAI9C,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,wBAAgB,YAAY,CAAC,OAAO,EAAE,WAAW,GAAG,kBAAkB,CAMrE;AAID,wBAAgB,aAAa,CAC3B,OAAO,EAAE,WAAW,EACpB,SAAS,EAAE,kBAAkB,EAC7B,UAAU,EAAE,OAAO,EACnB,MAAM,EAAE,aAAa,CAAC,QAAQ,CAAC,EAC/B,EAAE,EAAE,QAAQ,CAAC,QAAQ,GACpB,IAAI,CAwBN;AAID,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,EAAE,EAAE,QAAQ,CAAC,QAAQ,EACrB,SAAS,EAAE,aAAa,EAAE,EAC1B,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,GACjB,IAAI,CAwBN"}

package/dist/hooks/audit.js

@@ -0,0 +1,66 @@
+import { generateId, insertAuditLog } from "../db.js";
+// ── Pre-Hook ───────────────────────────────────────────────────────────
+export function auditPreHook(context) {
+    void context;
+    return {
+        id: generateId(),
+        startTime: Date.now(),
+    };
+}
+// ── Post-Hook ──────────────────────────────────────────────────────────
+export function auditPostHook(context, preResult, callResult, status, db) {
+    const durationMs = Date.now() - preResult.startTime;
+    const entry = {
+        id: preResult.id,
+        agent_name: context.agentName,
+        role_name: context.roleName,
+        app_name: context.appName,
+        tool_name: context.toolName,
+        arguments: context.arguments != null ? JSON.stringify(context.arguments) : undefined,
+        result: callResult != null ? JSON.stringify(callResult) : undefined,
+        status,
+        duration_ms: durationMs,
+        timestamp: new Date().toISOString(),
+        session_type: context.sessionType,
+        acp_client: context.acpClient,
+    };
+    try {
+        insertAuditLog(db, entry);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`[chapter] audit log write failed: ${message}`);
+    }
+}
+/**
+ * Log each dropped (unmatched) MCP server as an audit entry with status "dropped".
+ *
+ * Called during ACP session setup when MCP servers from the ACP client
+ * don't match any chapter App.
+ */
+export function logDroppedServers(db, unmatched, agentName, roleName, acpClient) {
+    for (const server of unmatched) {
+        const entry = {
+            id: generateId(),
+            agent_name: agentName,
+            role_name: roleName,
+            app_name: server.name,
+            tool_name: server.name,
+            arguments: undefined,
+            result: JSON.stringify(server.reason),
+            status: "dropped",
+            duration_ms: 0,
+            timestamp: new Date().toISOString(),
+            session_type: "acp",
+            acp_client: acpClient,
+        };
+        try {
+            insertAuditLog(db, entry);
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : String(err);
+            console.error(`[chapter] audit log write failed (dropped server "${server.name}"): ${message}`);
+        }
+    }
+}
+//# sourceMappingURL=audit.js.map

package/dist/hooks/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/hooks/audit.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAqBtD,0EAA0E;AAE1E,MAAM,UAAU,YAAY,CAAC,OAAoB;IAC/C,KAAK,OAAO,CAAC;IACb,OAAO;QACL,EAAE,EAAE,UAAU,EAAE;QAChB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC;AACJ,CAAC;AAED,0EAA0E;AAE1E,MAAM,UAAU,aAAa,CAC3B,OAAoB,EACpB,SAA6B,EAC7B,UAAmB,EACnB,MAA+B,EAC/B,EAAqB;IAErB,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,SAAS,CAAC;IAEpD,MAAM,KAAK,GAAkB;QAC3B,EAAE,EAAE,SAAS,CAAC,EAAE;QAChB,UAAU,EAAE,OAAO,CAAC,SAAS;QAC7B,SAAS,EAAE,OAAO,CAAC,QAAQ;QAC3B,QAAQ,EAAE,OAAO,CAAC,OAAO;QACzB,SAAS,EAAE,OAAO,CAAC,QAAQ;QAC3B,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;QACpF,MAAM,EAAE,UAAU,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;QACnE,MAAM;QACN,WAAW,EAAE,UAAU;QACvB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,YAAY,EAAE,OAAO,CAAC,WAAW;QACjC,UAAU,EAAE,OAAO,CAAC,SAAS;KAC9B,CAAC;IAEF,IAAI,CAAC;QACH,cAAc,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,CAAC,KAAK,CAAC,qCAAqC,OAAO,EAAE,CAAC,CAAC;IAChE,CAAC;AACH,CAAC;AASD;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAC/B,EAAqB,EACrB,SAA0B,EAC1B,SAAiB,EACjB,QAAgB,EAChB,SAAkB;IAElB,KAAK,MAAM,MAAM,IAAI,SAAS,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAkB;YAC3B,EAAE,EAAE,UAAU,EAAE;YAChB,UAAU,EAAE,SAAS;YACrB,SAAS,EAAE,QAAQ;YACnB,QAAQ,EAAE,MAAM,CAAC,IAAI;YACrB,SAAS,EAAE,MAAM,CAAC,IAAI;YACtB,SAAS,EAAE,SAAS;YACpB,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC;YACrC,MAAM,EAAE,SAAS;YACjB,WAAW,EAAE,CAAC;YACd,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,YAAY,EAAE,KAAK;YACnB,UAAU,EAAE,SAAS;SACtB,CAAC;QAEF,IAAI,CAAC;YACH,cAAc,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAC5B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,CAAC,KAAK,CAAC,qDAAqD,MAAM,CAAC,IAAI,OAAO,OAAO,EAAE,CAAC,CAAC;QAClG,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,18 @@
+export { ChapterProxyServer } from "./server.js";
+export type { ChapterProxyServerConfig } from "./server.js";
+export { ToolRouter, ResourceRouter, PromptRouter } from "./router.js";
+export type { RouteEntry, ResourceRouteEntry, PromptRouteEntry } from "./router.js";
+export { UpstreamManager, createTransport } from "./upstream.js";
+export type { UpstreamAppConfig } from "./upstream.js";
+export { loadEnvFile, resolveEnvVars } from "./credentials.js";
+export { openDatabase, insertAuditLog, queryAuditLog, createApprovalRequest, getApprovalRequest, updateApprovalStatus, generateId, } from "./db.js";
+export type { AuditLogEntry, ApprovalRequest, AuditLogFilters } from "./db.js";
+export { auditPreHook, auditPostHook, logDroppedServers } from "./hooks/audit.js";
+export type { HookContext, AuditPreHookResult, DroppedServer } from "./hooks/audit.js";
+export { matchesApprovalPattern, requestApproval } from "./hooks/approval.js";
+export type { ApprovalOptions } from "./hooks/approval.js";
+export { SessionStore, handleConnectAgent } from "./handlers/connect-agent.js";
+export type { SessionEntry, RiskLevel } from "./handlers/connect-agent.js";
+export { CredentialRelay } from "./handlers/credential-relay.js";
+export type { CredentialRelayConfig, CredentialToolResult } from "./handlers/credential-relay.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/router.d.ts

@@ -0,0 +1,62 @@
+import type { Tool, Resource, Prompt } from "@modelcontextprotocol/sdk/types.js";
+import type { ToolFilter } from "@clawmasons/shared";
+export interface RouteEntry {
+    /** Full package name, e.g., "@clawmasons/app-github". */
+    appName: string;
+    /** Short name derived from package name, e.g., "github". */
+    appShortName: string;
+    /** Original upstream tool name, e.g., "create_pr". */
+    originalToolName: string;
+    /** Prefixed tool name exposed downstream, e.g., "github_create_pr". */
+    prefixedToolName: string;
+    /** MCP Tool object with name rewritten to the prefixed form. */
+    tool: Tool;
+}
+export declare class ToolRouter {
+    private routes;
+    constructor(upstreamTools: Map<string, Tool[]>, toolFilters: Map<string, ToolFilter>);
+    /** Returns all prefixed, filtered MCP Tool objects. */
+    listTools(): Tool[];
+    /** Resolves a prefixed tool name to its route entry, or null if unknown/filtered. */
+    resolve(prefixedName: string): RouteEntry | null;
+    /** Prefix a tool name with an app short name. */
+    static prefixName(appShortName: string, toolName: string): string;
+    /** Strip the app short name prefix from a prefixed tool name. */
+    static unprefixName(appShortName: string, prefixedName: string): string;
+}
+export interface ResourceRouteEntry {
+    appName: string;
+    appShortName: string;
+    originalName: string;
+    prefixedName: string;
+    originalUri: string;
+    resource: Resource;
+}
+export declare class ResourceRouter {
+    private entries;
+    private uriMap;
+    constructor(upstreamResources: Map<string, Resource[]>);
+    /** Returns all prefixed MCP Resource objects. */
+    listResources(): Resource[];
+    /** Resolves a resource URI to its upstream app and original URI, or null if unknown. */
+    resolveUri(uri: string): {
+        appName: string;
+        originalUri: string;
+    } | null;
+}
+export interface PromptRouteEntry {
+    appName: string;
+    appShortName: string;
+    originalName: string;
+    prefixedName: string;
+    prompt: Prompt;
+}
+export declare class PromptRouter {
+    private routes;
+    constructor(upstreamPrompts: Map<string, Prompt[]>);
+    /** Returns all prefixed MCP Prompt objects. */
+    listPrompts(): Prompt[];
+    /** Resolves a prefixed prompt name to its route entry, or null if unknown. */
+    resolve(prefixedName: string): PromptRouteEntry | null;
+}
+//# sourceMappingURL=router.d.ts.map

package/dist/upstream.d.ts

@@ -0,0 +1,30 @@
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import { type Tool, type Resource, type Prompt, type CallToolResult, type ReadResourceResult, type GetPromptResult } from "@modelcontextprotocol/sdk/types.js";
+import type { ResolvedApp } from "@clawmasons/shared";
+export interface UpstreamAppConfig {
+    /** Full package name, e.g., "@clawmasons/app-github". Used as lookup key. */
+    name: string;
+    app: ResolvedApp;
+    env?: Record<string, string>;
+    /** Working directory for stdio transport child processes. */
+    cwd?: string;
+}
+export declare class UpstreamManager {
+    private configs;
+    private clients;
+    private initialized;
+    constructor(apps: UpstreamAppConfig[]);
+    initialize(timeoutMs?: number): Promise<void>;
+    getTools(appName: string): Promise<Tool[]>;
+    getResources(appName: string): Promise<Resource[]>;
+    getPrompts(appName: string): Promise<Prompt[]>;
+    callTool(appName: string, toolName: string, args?: Record<string, unknown>): Promise<CallToolResult>;
+    readResource(appName: string, uri: string): Promise<ReadResourceResult>;
+    getPrompt(appName: string, name: string, args?: Record<string, string>): Promise<GetPromptResult>;
+    shutdown(): Promise<void>;
+    private requireClient;
+}
+export declare function createTransport(config: UpstreamAppConfig): StdioClientTransport | SSEClientTransport | StreamableHTTPClientTransport;
+//# sourceMappingURL=upstream.d.ts.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@clawmasons/proxy",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Clawmasons Chapter MCP proxy server",
   "type": "module",
   "main": "./dist/index.js",
@@ -20,7 +20,7 @@
   ],
   "license": "MIT",
   "dependencies": {
-    "@clawmasons/shared": "0.1.0",
+    "@clawmasons/shared": "^0.1.1",
     "@modelcontextprotocol/sdk": "^1.27.1",
     "better-sqlite3": "^12.6.2",
     "ws": "^8.19.0"