npm - @dotsetlabs/tollgate - Versions diffs - 0.2.2 → 0.3.0 - Mend

@dotsetlabs/tollgate 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (194) hide show

package/README.md +138 -0
package/dist/analyzers/filesystem.d.ts +5 -0
package/dist/analyzers/filesystem.d.ts.map +1 -1
package/dist/analyzers/filesystem.js +61 -7
package/dist/analyzers/filesystem.js.map +1 -1
package/dist/analyzers/loader.d.ts +5 -0
package/dist/analyzers/loader.d.ts.map +1 -1
package/dist/analyzers/loader.js +112 -6
package/dist/analyzers/loader.js.map +1 -1
package/dist/analyzers/prompt-injection.d.ts +1 -0
package/dist/analyzers/prompt-injection.d.ts.map +1 -1
package/dist/analyzers/prompt-injection.js +48 -2
package/dist/analyzers/prompt-injection.js.map +1 -1
package/dist/analyzers/shell.d.ts +8 -0
package/dist/analyzers/shell.d.ts.map +1 -1
package/dist/analyzers/shell.js +109 -8
package/dist/analyzers/shell.js.map +1 -1
package/dist/analyzers/sql.d.ts.map +1 -1
package/dist/analyzers/sql.js +8 -7
package/dist/analyzers/sql.js.map +1 -1
package/dist/approval/interactive.d.ts +1 -1
package/dist/approval/interactive.d.ts.map +1 -1
package/dist/approval/interactive.js +13 -1
package/dist/approval/interactive.js.map +1 -1
package/dist/approval/rate-limiter.d.ts +115 -0
package/dist/approval/rate-limiter.d.ts.map +1 -0
package/dist/approval/rate-limiter.js +200 -0
package/dist/approval/rate-limiter.js.map +1 -0
package/dist/approval/url-validator.d.ts +51 -0
package/dist/approval/url-validator.d.ts.map +1 -0
package/dist/approval/url-validator.js +184 -0
package/dist/approval/url-validator.js.map +1 -0
package/dist/approval/webhook.d.ts +48 -0
package/dist/approval/webhook.d.ts.map +1 -1
package/dist/approval/webhook.js +89 -0
package/dist/approval/webhook.js.map +1 -1
package/dist/audit/integrity.d.ts +107 -0
package/dist/audit/integrity.d.ts.map +1 -0
package/dist/audit/integrity.js +191 -0
package/dist/audit/integrity.js.map +1 -0
package/dist/audit/logger.d.ts.map +1 -1
package/dist/audit/logger.js +6 -5
package/dist/audit/logger.js.map +1 -1
package/dist/audit/redaction.js +6 -4
package/dist/audit/redaction.js.map +1 -1
package/dist/cli/commands/guard.d.ts +97 -0
package/dist/cli/commands/guard.d.ts.map +1 -0
package/dist/cli/commands/guard.js +456 -0
package/dist/cli/commands/guard.js.map +1 -0
package/dist/cli/commands/serve.js +1 -1
package/dist/cli/commands/serve.js.map +1 -1
package/dist/cli/index.js +3 -0
package/dist/cli/index.js.map +1 -1
package/dist/cli/input-validation.d.ts +83 -0
package/dist/cli/input-validation.d.ts.map +1 -0
package/dist/cli/input-validation.js +237 -0
package/dist/cli/input-validation.js.map +1 -0
package/dist/cli/ui.js +2 -2
package/dist/cli/ui.js.map +1 -1
package/dist/guard/alternatives/index.d.ts +68 -0
package/dist/guard/alternatives/index.d.ts.map +1 -0
package/dist/guard/alternatives/index.js +224 -0
package/dist/guard/alternatives/index.js.map +1 -0
package/dist/guard/alternatives/registry.d.ts +16 -0
package/dist/guard/alternatives/registry.d.ts.map +1 -0
package/dist/guard/alternatives/registry.js +518 -0
package/dist/guard/alternatives/registry.js.map +1 -0
package/dist/guard/alternatives/types.d.ts +86 -0
package/dist/guard/alternatives/types.d.ts.map +1 -0
package/dist/guard/alternatives/types.js +5 -0
package/dist/guard/alternatives/types.js.map +1 -0
package/dist/guard/approval/enhanced-terminal.d.ts +110 -0
package/dist/guard/approval/enhanced-terminal.d.ts.map +1 -0
package/dist/guard/approval/enhanced-terminal.js +387 -0
package/dist/guard/approval/enhanced-terminal.js.map +1 -0
package/dist/guard/config.d.ts +80 -0
package/dist/guard/config.d.ts.map +1 -0
package/dist/guard/config.js +260 -0
package/dist/guard/config.js.map +1 -0
package/dist/guard/context/directory.d.ts +35 -0
package/dist/guard/context/directory.d.ts.map +1 -0
package/dist/guard/context/directory.js +243 -0
package/dist/guard/context/directory.js.map +1 -0
package/dist/guard/context/environment.d.ts +31 -0
package/dist/guard/context/environment.d.ts.map +1 -0
package/dist/guard/context/environment.js +204 -0
package/dist/guard/context/environment.js.map +1 -0
package/dist/guard/context/git.d.ts +52 -0
package/dist/guard/context/git.d.ts.map +1 -0
package/dist/guard/context/git.js +278 -0
package/dist/guard/context/git.js.map +1 -0
package/dist/guard/context/index.d.ts +64 -0
package/dist/guard/context/index.d.ts.map +1 -0
package/dist/guard/context/index.js +227 -0
package/dist/guard/context/index.js.map +1 -0
package/dist/guard/context/project.d.ts +47 -0
package/dist/guard/context/project.d.ts.map +1 -0
package/dist/guard/context/project.js +281 -0
package/dist/guard/context/project.js.map +1 -0
package/dist/guard/context/types.d.ts +152 -0
package/dist/guard/context/types.d.ts.map +1 -0
package/dist/guard/context/types.js +7 -0
package/dist/guard/context/types.js.map +1 -0
package/dist/guard/engine.d.ts +107 -0
package/dist/guard/engine.d.ts.map +1 -0
package/dist/guard/engine.js +430 -0
package/dist/guard/engine.js.map +1 -0
package/dist/guard/enhanced-engine.d.ts +151 -0
package/dist/guard/enhanced-engine.d.ts.map +1 -0
package/dist/guard/enhanced-engine.js +622 -0
package/dist/guard/enhanced-engine.js.map +1 -0
package/dist/guard/hooks/index.d.ts +50 -0
package/dist/guard/hooks/index.d.ts.map +1 -0
package/dist/guard/hooks/index.js +325 -0
package/dist/guard/hooks/index.js.map +1 -0
package/dist/guard/index.d.ts +29 -0
package/dist/guard/index.d.ts.map +1 -0
package/dist/guard/index.js +31 -0
package/dist/guard/index.js.map +1 -0
package/dist/guard/learning/index.d.ts +136 -0
package/dist/guard/learning/index.d.ts.map +1 -0
package/dist/guard/learning/index.js +314 -0
package/dist/guard/learning/index.js.map +1 -0
package/dist/guard/learning/pattern-extractor.d.ts +50 -0
package/dist/guard/learning/pattern-extractor.d.ts.map +1 -0
package/dist/guard/learning/pattern-extractor.js +372 -0
package/dist/guard/learning/pattern-extractor.js.map +1 -0
package/dist/guard/learning/rule-suggester.d.ts +67 -0
package/dist/guard/learning/rule-suggester.d.ts.map +1 -0
package/dist/guard/learning/rule-suggester.js +345 -0
package/dist/guard/learning/rule-suggester.js.map +1 -0
package/dist/guard/learning/types.d.ts +211 -0
package/dist/guard/learning/types.d.ts.map +1 -0
package/dist/guard/learning/types.js +18 -0
package/dist/guard/learning/types.js.map +1 -0
package/dist/guard/preview/effects.d.ts +15 -0
package/dist/guard/preview/effects.d.ts.map +1 -0
package/dist/guard/preview/effects.js +413 -0
package/dist/guard/preview/effects.js.map +1 -0
package/dist/guard/preview/index.d.ts +49 -0
package/dist/guard/preview/index.d.ts.map +1 -0
package/dist/guard/preview/index.js +196 -0
package/dist/guard/preview/index.js.map +1 -0
package/dist/guard/preview/parser.d.ts +34 -0
package/dist/guard/preview/parser.d.ts.map +1 -0
package/dist/guard/preview/parser.js +292 -0
package/dist/guard/preview/parser.js.map +1 -0
package/dist/guard/preview/types.d.ts +140 -0
package/dist/guard/preview/types.d.ts.map +1 -0
package/dist/guard/preview/types.js +5 -0
package/dist/guard/preview/types.js.map +1 -0
package/dist/guard/reversibility/index.d.ts +88 -0
package/dist/guard/reversibility/index.d.ts.map +1 -0
package/dist/guard/reversibility/index.js +310 -0
package/dist/guard/reversibility/index.js.map +1 -0
package/dist/guard/types.d.ts +192 -0
package/dist/guard/types.d.ts.map +1 -0
package/dist/guard/types.js +8 -0
package/dist/guard/types.js.map +1 -0
package/dist/index.d.ts +10 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +24 -0
package/dist/index.js.map +1 -1
package/dist/orchestrator/manager.d.ts.map +1 -1
package/dist/orchestrator/manager.js +6 -1
package/dist/orchestrator/manager.js.map +1 -1
package/dist/policy/engine.d.ts.map +1 -1
package/dist/policy/engine.js +11 -3
package/dist/policy/engine.js.map +1 -1
package/dist/policy/parser.d.ts.map +1 -1
package/dist/policy/parser.js +3 -0
package/dist/policy/parser.js.map +1 -1
package/dist/proxy/server.d.ts.map +1 -1
package/dist/proxy/server.js +8 -6
package/dist/proxy/server.js.map +1 -1
package/dist/session/manager.d.ts +2 -2
package/dist/session/manager.d.ts.map +1 -1
package/dist/session/manager.js +106 -88
package/dist/session/manager.js.map +1 -1
package/dist/session/signing.d.ts +88 -0
package/dist/session/signing.d.ts.map +1 -0
package/dist/session/signing.js +166 -0
package/dist/session/signing.js.map +1 -0
package/dist/session/types.d.ts +2 -0
package/dist/session/types.d.ts.map +1 -1
package/dist/session/types.js.map +1 -1
package/dist/utils/security-logger.d.ts +146 -0
package/dist/utils/security-logger.d.ts.map +1 -0
package/dist/utils/security-logger.js +222 -0
package/dist/utils/security-logger.js.map +1 -0
package/dist/wizard.d.ts.map +1 -1
package/dist/wizard.js +7 -1
package/dist/wizard.js.map +1 -1
package/package.json +3 -2

package/dist/guard/context/types.d.ts ADDED Viewed

@@ -0,0 +1,152 @@
+/**
+ * Enhanced Context Types for Shell Guardian
+ *
+ * Rich context information for intelligent command risk assessment.
+ */
+/**
+ * Enhanced guard context with project, git, and environment information.
+ */
+export interface EnhancedGuardContext {
+    /** The shell command to evaluate */
+    command: string;
+    /** Shell type (bash, zsh, fish) */
+    shell?: string;
+    /** Current working directory */
+    cwd?: string;
+    /** Dry run mode - analyze without prompting */
+    dryRun?: boolean;
+    /** Detected project information */
+    project?: ProjectContext;
+    /** Git repository status */
+    git?: GitContext;
+    /** Directory sensitivity information */
+    directory?: DirectoryContext;
+    /** Environment detection (dev/prod/CI) */
+    environment?: EnvironmentContext;
+}
+/**
+ * Detected project type.
+ */
+export type ProjectType = 'nodejs' | 'python' | 'go' | 'rust' | 'ruby' | 'java' | 'dotnet' | 'php' | 'unknown';
+/**
+ * Project context information.
+ */
+export interface ProjectContext {
+    /** Detected project type */
+    type: ProjectType;
+    /** Project root directory */
+    root: string;
+    /** Path to manifest file (package.json, go.mod, etc.) */
+    manifestPath?: string;
+    /** Path to lock file if present */
+    lockfilePath?: string;
+    /** Directories that can be safely deleted and regenerated */
+    regenerableDirs: string[];
+    /** Directories containing source code */
+    sourceDirs: string[];
+    /** Project name from manifest */
+    name?: string;
+}
+/**
+ * Git repository context.
+ */
+export interface GitContext {
+    /** Whether this is a git repository */
+    isRepo: boolean;
+    /** Git repository root */
+    root?: string;
+    /** Current branch name */
+    branch?: string;
+    /** Whether there are uncommitted changes */
+    hasUncommittedChanges: boolean;
+    /** List of untracked files */
+    untrackedFiles: string[];
+    /** List of modified (unstaged) files */
+    modifiedFiles: string[];
+    /** List of staged files */
+    stagedFiles: string[];
+    /** Files that would be affected by the command and are tracked */
+    affectedTrackedFiles?: string[];
+    /** Whether HEAD is detached */
+    isDetached?: boolean;
+    /** Number of commits ahead of remote */
+    ahead?: number;
+    /** Number of commits behind remote */
+    behind?: number;
+}
+/**
+ * Directory sensitivity context.
+ */
+export interface DirectoryContext {
+    /** Sensitivity score from 0 (safe) to 100 (critical) */
+    sensitivity: number;
+    /** Reasons for the sensitivity score */
+    sensitivityReasons: string[];
+    /** Whether inside user's home directory */
+    isHome: boolean;
+    /** Whether this is a system directory */
+    isSystem: boolean;
+    /** Whether inside the detected project */
+    isInProject: boolean;
+    /** Whether this is a temporary directory */
+    isTemp: boolean;
+    /** Specific sensitive paths that would be affected */
+    sensitivePaths?: string[];
+}
+/**
+ * Environment context.
+ */
+export interface EnvironmentContext {
+    /** Detected environment type */
+    type: 'development' | 'ci' | 'production' | 'unknown';
+    /** Machine hostname */
+    hostname: string;
+    /** Whether running in a container */
+    isContainer: boolean;
+    /** Whether connected via SSH */
+    isSSH: boolean;
+    /** Whether running as root */
+    isRoot: boolean;
+    /** Indicators that led to environment detection */
+    indicators: string[];
+}
+/**
+ * Project signature for detection.
+ */
+export interface ProjectSignature {
+    /** Files that indicate this project type */
+    manifestFiles: string[];
+    /** Lock files for this project type */
+    lockFiles: string[];
+    /** Directories that can be regenerated */
+    regenerableDirs: string[];
+    /** Common source directories */
+    sourceDirs: string[];
+    /** Command to regenerate dependencies */
+    regenerateCommand?: string;
+}
+/**
+ * Context provider options.
+ */
+export interface ContextProviderOptions {
+    /** Maximum depth to search for project root */
+    maxProjectSearchDepth?: number;
+    /** Whether to include git context */
+    includeGit?: boolean;
+    /** Whether to include environment context */
+    includeEnvironment?: boolean;
+    /** Custom sensitive paths to check */
+    customSensitivePaths?: string[];
+}
+/**
+ * Result of context enhancement.
+ */
+export interface ContextEnhancementResult {
+    /** The enhanced context */
+    context: EnhancedGuardContext;
+    /** Time taken to gather context in ms */
+    gatherTimeMs: number;
+    /** Any warnings during context gathering */
+    warnings?: string[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/guard/context/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/guard/context/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,oCAAoC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gCAAgC;IAChC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,+CAA+C;IAC/C,MAAM,CAAC,EAAE,OAAO,CAAC;IAGjB,mCAAmC;IACnC,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,4BAA4B;IAC5B,GAAG,CAAC,EAAE,UAAU,CAAC;IACjB,wCAAwC;IACxC,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAC7B,0CAA0C;IAC1C,WAAW,CAAC,EAAE,kBAAkB,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,MAAM,WAAW,GACnB,QAAQ,GACR,QAAQ,GACR,IAAI,GACJ,MAAM,GACN,MAAM,GACN,MAAM,GACN,QAAQ,GACR,KAAK,GACL,SAAS,CAAC;AAEd;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,4BAA4B;IAC5B,IAAI,EAAE,WAAW,CAAC;IAClB,6BAA6B;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,yDAAyD;IACzD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mCAAmC;IACnC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,6DAA6D;IAC7D,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,yCAAyC;IACzC,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,iCAAiC;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,uCAAuC;IACvC,MAAM,EAAE,OAAO,CAAC;IAChB,0BAA0B;IAC1B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,0BAA0B;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4CAA4C;IAC5C,qBAAqB,EAAE,OAAO,CAAC;IAC/B,8BAA8B;IAC9B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,wCAAwC;IACxC,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,2BAA2B;IAC3B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,kEAAkE;IAClE,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;IAChC,+BAA+B;IAC/B,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,wCAAwC;IACxC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sCAAsC;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,wDAAwD;IACxD,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,2CAA2C;IAC3C,MAAM,EAAE,OAAO,CAAC;IAChB,yCAAyC;IACzC,QAAQ,EAAE,OAAO,CAAC;IAClB,0CAA0C;IAC1C,WAAW,EAAE,OAAO,CAAC;IACrB,4CAA4C;IAC5C,MAAM,EAAE,OAAO,CAAC;IAChB,sDAAsD;IACtD,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,gCAAgC;IAChC,IAAI,EAAE,aAAa,GAAG,IAAI,GAAG,YAAY,GAAG,SAAS,CAAC;IACtD,uBAAuB;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,qCAAqC;IACrC,WAAW,EAAE,OAAO,CAAC;IACrB,gCAAgC;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,8BAA8B;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,mDAAmD;IACnD,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,4CAA4C;IAC5C,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,uCAAuC;IACvC,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,0CAA0C;IAC1C,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,gCAAgC;IAChC,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,yCAAyC;IACzC,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,+CAA+C;IAC/C,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,qCAAqC;IACrC,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,6CAA6C;IAC7C,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,sCAAsC;IACtC,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,2BAA2B;IAC3B,OAAO,EAAE,oBAAoB,CAAC;IAC9B,yCAAyC;IACzC,YAAY,EAAE,MAAM,CAAC;IACrB,4CAA4C;IAC5C,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB"}

package/dist/guard/context/types.js ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Enhanced Context Types for Shell Guardian
+ *
+ * Rich context information for intelligent command risk assessment.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/guard/context/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/guard/context/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/guard/engine.d.ts ADDED Viewed

@@ -0,0 +1,107 @@
+/**
+ * Guard Engine - Core orchestrator for AI Shell Guardian
+ *
+ * The GuardEngine evaluates shell commands through multiple stages:
+ * 1. Fast path - Skip analysis for known-safe commands
+ * 2. Allowlist - Exact match bypass
+ * 3. Denylist - Pattern-based blocking
+ * 4. Analysis - Risk classification via ShellAnalyzer
+ * 5. Custom rules - Pattern-based policy overrides
+ * 6. Session grants - Check for existing approvals
+ * 7. Risk policy - Map risk level to action
+ * 8. Approval - Prompt user if needed
+ *
+ * @example
+ * ```typescript
+ * const engine = new GuardEngine({ config: loadGuardConfig() });
+ * const result = await engine.evaluate({ command: 'rm -rf node_modules' });
+ *
+ * if (result.allowed) {
+ *   // Execute the command
+ * } else {
+ *   console.log(`Blocked: ${result.reason}`);
+ * }
+ * ```
+ */
+import type { AnalysisResult } from '../analyzers/types.js';
+import { SessionManager } from '../session/manager.js';
+import { AuditLogger } from '../audit/logger.js';
+import type { GuardConfig, GuardContext, GuardResult, GuardEngineOptions } from './types.js';
+/**
+ * GuardEngine orchestrates command validation and approval.
+ */
+export declare class GuardEngine {
+    private readonly config;
+    private readonly analyzer;
+    private readonly sessionManager;
+    private readonly approvalHandler;
+    private readonly auditLogger;
+    private readonly compiledRules;
+    private readonly compiledDenylist;
+    private readonly fastPathPrefixes;
+    constructor(options: GuardEngineOptions);
+    /**
+     * Evaluate a command and determine if it should be allowed to execute.
+     *
+     * @param context - The command context to evaluate
+     * @returns Result indicating whether command is allowed and why
+     */
+    evaluate(context: GuardContext): Promise<GuardResult>;
+    /**
+     * Analyze a command without prompting (for preview/display).
+     */
+    analyze(command: string): AnalysisResult;
+    /**
+     * Check if command matches fast path prefixes.
+     */
+    private matchesFastPath;
+    /**
+     * Check if command is in the allowlist.
+     */
+    private isAllowlisted;
+    /**
+     * Check if command matches any denylist pattern.
+     */
+    private matchesDenylist;
+    /**
+     * Check if command matches any custom rule.
+     */
+    private matchCustomRule;
+    /**
+     * Extract the primary command for session scoping.
+     */
+    private extractCommandCategory;
+    /**
+     * Prompt user for approval.
+     */
+    private promptApproval;
+    /**
+     * Create a GuardResult with consistent structure.
+     */
+    private createResult;
+    /**
+     * Log a guard decision to the audit log.
+     */
+    private logDecision;
+    /**
+     * Get session manager for external access (e.g., CLI commands).
+     */
+    getSessionManager(): SessionManager;
+    /**
+     * Get audit logger for external access (e.g., CLI commands).
+     */
+    getAuditLogger(): AuditLogger | null;
+    /**
+     * Get current configuration.
+     */
+    getConfig(): GuardConfig;
+    /**
+     * Clean up resources.
+     */
+    close(): void;
+}
+/**
+ * Create a GuardEngine with default configuration.
+ */
+export declare function createGuardEngine(options?: Partial<GuardEngineOptions>): GuardEngine;
+//# sourceMappingURL=engine.d.ts.map

package/dist/guard/engine.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../../src/guard/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAIH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAwB,MAAM,uBAAuB,CAAC;AAI7E,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EACV,WAAW,EACX,YAAY,EACZ,WAAW,EACX,kBAAkB,EACnB,MAAM,YAAY,CAAC;AAYpB;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;IACrC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAgB;IACzC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAiB;IAChD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAkB;IAClD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IAGjD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAiB;IAC/C,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAwB;IAGzD,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAc;gBAEnC,OAAO,EAAE,kBAAkB;IAmCvC;;;;;OAKG;IACG,QAAQ,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC;IA0M3D;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,GAAG,cAAc;IAIxC;;OAEG;IACH,OAAO,CAAC,eAAe;IAevB;;OAEG;IACH,OAAO,CAAC,aAAa;IAIrB;;OAEG;IACH,OAAO,CAAC,eAAe;IASvB;;OAEG;IACH,OAAO,CAAC,eAAe;IASvB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAc9B;;OAEG;YACW,cAAc;IAkC5B;;OAEG;IACH,OAAO,CAAC,YAAY;IAYpB;;OAEG;YACW,WAAW;IAyCzB;;OAEG;IACH,iBAAiB,IAAI,cAAc;IAInC;;OAEG;IACH,cAAc,IAAI,WAAW,GAAG,IAAI;IAIpC;;OAEG;IACH,SAAS,IAAI,WAAW;IAIxB;;OAEG;IACH,KAAK,IAAI,IAAI;CAKd;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,kBAAkB,CAAC,GAAG,WAAW,CAQpF"}