@getrift/rift 0.0.0 → 0.1.0-beta.1

package/dist/src/runtime/legacy-migration.js

@@ -0,0 +1,140 @@
+/**
+ * Hidden legacy migration. Runs once-per-boot, idempotent on re-run.
+ *
+ * Carries pre-rename state forward without ever surfacing the legacy
+ * names to a friend. Three steps live here (the ones safe to run on
+ * every daemon boot):
+ *
+ * 1. Env file:           ~/.life-brain.env       → ~/.rift.env       (mode 0600)
+ * 2. Token file:         ~/.life-brain/token     → ~/.rift/token     (mode 0600)
+ * 3. Capability map:     data/life-context.md    → data/rift-context.md
+ *
+ * Plist takeover (Slice 2 / install.sh) and MCP-client config takeover
+ * (Slice 5 / `rift mcp install`) are NOT run from the daemon — they
+ * belong to their own slices because they require root-relative paths
+ * and client-config awareness that the daemon process does not have.
+ *
+ * Output contract:
+ * - **Friend-visible stderr:** Rift-only wording. Single line per
+ *   migrated artifact (`Found a legacy env file — migrated to
+ *   ~/.rift.env.`). Never names the legacy path. Backups referenced
+ *   by opaque ID only (`Backup ID: rift-migration-<iso>-<n>`).
+ * - **Operator-only JSONL:** every migration step appends one row to
+ *   `data/observability/legacy-migration.jsonl` with the actual legacy
+ *   path, the new path, and the opaque backup ID. This artifact is
+ *   not surfaced through any CLI/HTTP/MCP path; it exists for Clem to
+ *   inspect operator-side if a friend pings for recovery.
+ *
+ * Idempotency:
+ * - Each step's precondition is "the new file does not yet exist".
+ * - On second run, all three steps no-op and emit no JSONL rows.
+ */
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+const RIFT_ENV_BASENAME = ".rift.env";
+const LEGACY_ENV_BASENAME = ".life-brain.env";
+const RIFT_TOKEN_DIR = ".rift";
+const LEGACY_TOKEN_DIR = ".life-brain";
+const TOKEN_FILE = "token";
+const RIFT_CONTEXT_BASENAME = "rift-context.md";
+const LEGACY_CONTEXT_BASENAME = "life-context.md";
+const JSONL_RELATIVE = path.join("observability", "legacy-migration.jsonl");
+export async function runLegacyMigration(opts) {
+    const homeDir = opts.homeDir ?? os.homedir();
+    const now = (opts.now ?? (() => new Date()))();
+    const stderr = opts.stderr ?? process.stderr;
+    const ts = now.toISOString();
+    // ISO timestamp with colons replaced for filesystem-safety inside backup IDs.
+    const tsToken = ts.replace(/[:.]/g, "-");
+    let backupCounter = 0;
+    const steps = [];
+    const jsonlPath = path.join(opts.dataDir, JSONL_RELATIVE);
+    function appendJsonl(row) {
+        fs.mkdirSync(path.dirname(jsonlPath), { recursive: true });
+        fs.appendFileSync(jsonlPath, JSON.stringify(row) + "\n", {
+            encoding: "utf-8",
+            mode: 0o600,
+        });
+    }
+    // --- 1. Env file ---
+    {
+        const newPath = path.join(homeDir, RIFT_ENV_BASENAME);
+        const legacyPath = path.join(homeDir, LEGACY_ENV_BASENAME);
+        if (!fs.existsSync(newPath) && fs.existsSync(legacyPath)) {
+            backupCounter += 1;
+            const backupId = `rift-migration-${tsToken}-${backupCounter}`;
+            copyFileSecure(legacyPath, newPath, 0o600);
+            stderr.write(`Found a legacy env file — migrated to ~/${RIFT_ENV_BASENAME}. (Backup ID: ${backupId}.)\n`);
+            appendJsonl({
+                ts,
+                kind: "env_file",
+                legacy_path: legacyPath,
+                new_path: newPath,
+                backup_id: backupId,
+            });
+            steps.push({ kind: "env_file", migrated: true, backupId });
+        }
+        else {
+            steps.push({ kind: "env_file", migrated: false });
+        }
+    }
+    // --- 2. Token file ---
+    {
+        const newPath = path.join(homeDir, RIFT_TOKEN_DIR, TOKEN_FILE);
+        const legacyPath = path.join(homeDir, LEGACY_TOKEN_DIR, TOKEN_FILE);
+        if (!fs.existsSync(newPath) && fs.existsSync(legacyPath)) {
+            backupCounter += 1;
+            const backupId = `rift-migration-${tsToken}-${backupCounter}`;
+            copyFileSecure(legacyPath, newPath, 0o600);
+            stderr.write(`Found a legacy token file — migrated to ~/${RIFT_TOKEN_DIR}/${TOKEN_FILE}. (Backup ID: ${backupId}.)\n`);
+            appendJsonl({
+                ts,
+                kind: "token_file",
+                legacy_path: legacyPath,
+                new_path: newPath,
+                backup_id: backupId,
+            });
+            steps.push({ kind: "token_file", migrated: true, backupId });
+        }
+        else {
+            steps.push({ kind: "token_file", migrated: false });
+        }
+    }
+    // --- 3. Capability map ---
+    {
+        const newPath = path.join(opts.dataDir, RIFT_CONTEXT_BASENAME);
+        const legacyPath = path.join(opts.dataDir, LEGACY_CONTEXT_BASENAME);
+        if (!fs.existsSync(newPath) && fs.existsSync(legacyPath)) {
+            backupCounter += 1;
+            const backupId = `rift-migration-${tsToken}-${backupCounter}`;
+            // Rename in place — we do not keep the legacy basename around.
+            fs.renameSync(legacyPath, newPath);
+            stderr.write(`Migrated legacy capability map to data/${RIFT_CONTEXT_BASENAME}. (Backup ID: ${backupId}.)\n`);
+            appendJsonl({
+                ts,
+                kind: "capability_map",
+                legacy_path: legacyPath,
+                new_path: newPath,
+                backup_id: backupId,
+            });
+            steps.push({ kind: "capability_map", migrated: true, backupId });
+        }
+        else {
+            steps.push({ kind: "capability_map", migrated: false });
+        }
+    }
+    const migratedCount = steps.filter((s) => s.migrated).length;
+    return { steps, migratedCount };
+}
+function copyFileSecure(src, dst, mode) {
+    const dir = path.dirname(dst);
+    fs.mkdirSync(dir, { recursive: true });
+    const tmp = `${dst}.tmp.${process.pid}`;
+    const data = fs.readFileSync(src);
+    fs.writeFileSync(tmp, data, { mode });
+    // chmod again — writeFileSync mode is masked by umask on some systems.
+    fs.chmodSync(tmp, mode);
+    fs.renameSync(tmp, dst);
+}
+//# sourceMappingURL=legacy-migration.js.map

package/dist/src/runtime/legacy-migration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"legacy-migration.js","sourceRoot":"","sources":["../../../src/runtime/legacy-migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAoC7B,MAAM,iBAAiB,GAAG,WAAW,CAAC;AACtC,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,cAAc,GAAG,OAAO,CAAC;AAC/B,MAAM,gBAAgB,GAAG,aAAa,CAAC;AACvC,MAAM,UAAU,GAAG,OAAO,CAAC;AAC3B,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AAChD,MAAM,uBAAuB,GAAG,iBAAiB,CAAC;AAClD,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,wBAAwB,CAAC,CAAC;AAE5E,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAsB;IAEtB,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;IAC7C,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;IAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAE7C,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAC7B,8EAA8E;IAC9E,MAAM,OAAO,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACzC,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,MAAM,KAAK,GAA0B,EAAE,CAAC;IACxC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IAE1D,SAAS,WAAW,CAAC,GAAa;QAChC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3D,EAAE,CAAC,cAAc,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE;YACvD,QAAQ,EAAE,OAAO;YACjB,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC;IACL,CAAC;IAED,sBAAsB;IACtB,CAAC;QACC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;QAC3D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACzD,aAAa,IAAI,CAAC,CAAC;YACnB,MAAM,QAAQ,GAAG,kBAAkB,OAAO,IAAI,aAAa,EAAE,CAAC;YAC9D,cAAc,CAAC,UAAU,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;YAC3C,MAAM,CAAC,KAAK,CACV,2CAA2C,iBAAiB,iBAAiB,QAAQ,MAAM,CAC5F,CAAC;YACF,WAAW,CAAC;gBACV,EAAE;gBACF,IAAI,EAAE,UAAU;gBAChB,WAAW,EAAE,UAAU;gBACvB,QAAQ,EAAE,OAAO;gBACjB,SAAS,EAAE,QAAQ;aACpB,CAAC,CAAC;YACH,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC7D,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,CAAC;QACC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,cAAc,EAAE,UAAU,CAAC,CAAC;QAC/D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAC;QACpE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACzD,aAAa,IAAI,CAAC,CAAC;YACnB,MAAM,QAAQ,GAAG,kBAAkB,OAAO,IAAI,aAAa,EAAE,CAAC;YAC9D,cAAc,CAAC,UAAU,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;YAC3C,MAAM,CAAC,KAAK,CACV,6CAA6C,cAAc,IAAI,UAAU,iBAAiB,QAAQ,MAAM,CACzG,CAAC;YACF,WAAW,CAAC;gBACV,EAAE;gBACF,IAAI,EAAE,YAAY;gBAClB,WAAW,EAAE,UAAU;gBACvB,QAAQ,EAAE,OAAO;gBACjB,SAAS,EAAE,QAAQ;aACpB,CAAC,CAAC;YACH,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC/D,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,CAAC;QACC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,qBAAqB,CAAC,CAAC;QAC/D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC;QACpE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACzD,aAAa,IAAI,CAAC,CAAC;YACnB,MAAM,QAAQ,GAAG,kBAAkB,OAAO,IAAI,aAAa,EAAE,CAAC;YAC9D,+DAA+D;YAC/D,EAAE,CAAC,UAAU,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;YACnC,MAAM,CAAC,KAAK,CACV,0CAA0C,qBAAqB,iBAAiB,QAAQ,MAAM,CAC/F,CAAC;YACF,WAAW,CAAC;gBACV,EAAE;gBACF,IAAI,EAAE,gBAAgB;gBACtB,WAAW,EAAE,UAAU;gBACvB,QAAQ,EAAE,OAAO;gBACjB,SAAS,EAAE,QAAQ;aACpB,CAAC,CAAC;YACH,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnE,CAAC;aAAM,CAAC;YACN,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;IAC7D,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,cAAc,CAAC,GAAW,EAAE,GAAW,EAAE,IAAY;IAC5D,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9B,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,GAAG,GAAG,QAAQ,OAAO,CAAC,GAAG,EAAE,CAAC;IACxC,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IAClC,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,uEAAuE;IACvE,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACxB,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAC1B,CAAC"}

package/dist/src/runtime/legacy-name-guard.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Defensive validators for operator-supplied display strings that flow into
+ * friend-visible surfaces. The forbidden-name gate (`pnpm check:rename`)
+ * holds the static codebase free of legacy product names; this module
+ * enforces the same contract at runtime against config values that may have
+ * been hand-edited, copy-pasted, or shipped from an older version.
+ *
+ * Allowlisted at file level — every reference here exists *only* to defend
+ * against legacy strings landing in the friend's terminal.
+ */
+/**
+ * Validator for `voyage.project_label` — the only operator-supplied string
+ * embedded in /status/friend. Anything that violates the contract is dropped
+ * to `null` rather than echoed back: the friend never sees a label
+ * containing a path, a key-like token, or a forbidden legacy name.
+ *
+ * Rules:
+ *   - must be a non-empty trimmed string, at most 32 chars
+ *   - charset is `[A-Za-z0-9_-]` only (blocks `/`, `~`, spaces, dots, quotes)
+ *   - rejects any forbidden-name substring (life-brain / lifebrain /
+ *     second-brain / `life_*`)
+ *   - rejects known secret prefixes (Voyage `pa-`, OpenAI `sk-`, Stripe
+ *     `pk-`/`rk-`, GitHub `ghp_`/`gho_`/`ghs_`/`ghu_`/`ghr_`, Slack `xox?-`,
+ *     bearer-/token- shaped tokens) — matched at the start regardless of
+ *     casing or hyphen-vs-underscore
+ *   - rejects a label whose longest alphanumeric chunk (between `-`/`_`
+ *     separators) is ≥20 chars; catches segmented keys like
+ *     `pa-AbCd…22chars…` after the prefix gate, and uninterrupted opaque
+ *     runs in one shot
+ *
+ * Plan §Slice 0 expects shapes like `rift-beta-<handle>`; this sanitizer
+ * permits exactly that and rejects everything else.
+ */
+export declare function sanitizeProjectLabel(raw: unknown): string | null;
+//# sourceMappingURL=legacy-name-guard.d.ts.map

package/dist/src/runtime/legacy-name-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"legacy-name-guard.d.ts","sourceRoot":"","sources":["../../../src/runtime/legacy-name-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAWhE"}

package/dist/src/runtime/legacy-name-guard.js

@@ -0,0 +1,58 @@
+/**
+ * Defensive validators for operator-supplied display strings that flow into
+ * friend-visible surfaces. The forbidden-name gate (`pnpm check:rename`)
+ * holds the static codebase free of legacy product names; this module
+ * enforces the same contract at runtime against config values that may have
+ * been hand-edited, copy-pasted, or shipped from an older version.
+ *
+ * Allowlisted at file level — every reference here exists *only* to defend
+ * against legacy strings landing in the friend's terminal.
+ */
+/**
+ * Validator for `voyage.project_label` — the only operator-supplied string
+ * embedded in /status/friend. Anything that violates the contract is dropped
+ * to `null` rather than echoed back: the friend never sees a label
+ * containing a path, a key-like token, or a forbidden legacy name.
+ *
+ * Rules:
+ *   - must be a non-empty trimmed string, at most 32 chars
+ *   - charset is `[A-Za-z0-9_-]` only (blocks `/`, `~`, spaces, dots, quotes)
+ *   - rejects any forbidden-name substring (life-brain / lifebrain /
+ *     second-brain / `life_*`)
+ *   - rejects known secret prefixes (Voyage `pa-`, OpenAI `sk-`, Stripe
+ *     `pk-`/`rk-`, GitHub `ghp_`/`gho_`/`ghs_`/`ghu_`/`ghr_`, Slack `xox?-`,
+ *     bearer-/token- shaped tokens) — matched at the start regardless of
+ *     casing or hyphen-vs-underscore
+ *   - rejects a label whose longest alphanumeric chunk (between `-`/`_`
+ *     separators) is ≥20 chars; catches segmented keys like
+ *     `pa-AbCd…22chars…` after the prefix gate, and uninterrupted opaque
+ *     runs in one shot
+ *
+ * Plan §Slice 0 expects shapes like `rift-beta-<handle>`; this sanitizer
+ * permits exactly that and rejects everything else.
+ */
+export function sanitizeProjectLabel(raw) {
+    if (typeof raw !== "string")
+        return null;
+    const trimmed = raw.trim();
+    if (trimmed.length === 0 || trimmed.length > 32)
+        return null;
+    if (!/^[A-Za-z0-9_-]+$/.test(trimmed))
+        return null;
+    if (LEGACY_NAME_RE.test(trimmed))
+        return null;
+    if (SECRET_PREFIX_RE.test(trimmed))
+        return null;
+    for (const chunk of trimmed.split(/[-_]/)) {
+        if (chunk.length >= 20)
+            return null;
+    }
+    return trimmed;
+}
+const LEGACY_NAME_RE = /life-brain|lifebrain|second-brain|\blife_[a-z0-9_]+\b/i;
+// Anchored at start; matches both `pa-` and `pa_` shapes case-insensitively.
+// Covers Voyage (`pa-`/`pat-`), OpenAI (`sk-`), Stripe (`pk-`/`rk-`), GitHub
+// (`ghp_`/`gho_`/`ghs_`/`ghu_`/`ghr_`), Slack (`xoxb-`/`xoxp-`/`xoxa-`/`xoxs-`),
+// and generic bearer/token-prefixed pastes.
+const SECRET_PREFIX_RE = /^(pat?|sk|pk|rk|gh[posur]|xox[abps]|bearer|token)[-_]/i;
+//# sourceMappingURL=legacy-name-guard.js.map

package/dist/src/runtime/legacy-name-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"legacy-name-guard.js","sourceRoot":"","sources":["../../../src/runtime/legacy-name-guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAY;IAC/C,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACzC,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IAC3B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE;QAAE,OAAO,IAAI,CAAC;IAC7D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAChD,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1C,IAAI,KAAK,CAAC,MAAM,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC;IACtC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,cAAc,GAAG,wDAAwD,CAAC;AAEhF,6EAA6E;AAC7E,6EAA6E;AAC7E,iFAAiF;AACjF,4CAA4C;AAC5C,MAAM,gBAAgB,GACpB,wDAAwD,CAAC"}

package/dist/src/runtime/rift-env.d.ts

@@ -0,0 +1,14 @@
+export interface LoadRiftEnvOptions {
+    env?: NodeJS.ProcessEnv;
+    filePath?: string;
+    overrideExisting?: boolean;
+    allowedKeys?: readonly string[];
+}
+export interface LoadRiftEnvResult {
+    filePath: string;
+    loadedKeys: string[];
+    existed: boolean;
+}
+export declare function defaultRiftEnvPath(homeDir?: string): string;
+export declare function loadRiftEnv(opts?: LoadRiftEnvOptions): LoadRiftEnvResult;
+//# sourceMappingURL=rift-env.d.ts.map

package/dist/src/runtime/rift-env.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rift-env.d.ts","sourceRoot":"","sources":["../../../src/runtime/rift-env.ts"],"names":[],"mappings":"AAUA,MAAM,WAAW,kBAAkB;IACjC,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACjC;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,wBAAgB,kBAAkB,CAAC,OAAO,SAAe,GAAG,MAAM,CAEjE;AASD,wBAAgB,WAAW,CACzB,IAAI,GAAE,kBAAuB,GAC5B,iBAAiB,CAuBnB"}

package/dist/src/runtime/rift-env.js

@@ -0,0 +1,79 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+const DEFAULT_KEYS = [
+    "VOYAGE_API_KEY",
+    "ANTHROPIC_API_KEY",
+    "HUBSPOT_ACCESS_TOKEN",
+];
+export function defaultRiftEnvPath(homeDir = os.homedir()) {
+    return path.join(homeDir, ".rift.env");
+}
+// Legacy fallback path. Read silently when ~/.rift.env is absent so a
+// machine carrying state from before the rename keeps working until
+// Slice 1.5 migrates the file. Not for friend use; not documented.
+function legacyEnvPath(homeDir = os.homedir()) {
+    return path.join(homeDir, ".life-brain.env");
+}
+export function loadRiftEnv(opts = {}) {
+    const env = opts.env ?? process.env;
+    const filePath = opts.filePath ?? resolveDefaultPath();
+    const overrideExisting = opts.overrideExisting ?? true;
+    const allowedKeys = new Set(opts.allowedKeys ?? DEFAULT_KEYS);
+    if (!fs.existsSync(filePath)) {
+        return { filePath, loadedKeys: [], existed: false };
+    }
+    const loadedKeys = [];
+    const raw = fs.readFileSync(filePath, "utf8");
+    for (const entry of parseEnvFile(raw)) {
+        if (!allowedKeys.has(entry.key))
+            continue;
+        const current = env[entry.key];
+        if (!overrideExisting && typeof current === "string" && current.length > 0) {
+            continue;
+        }
+        env[entry.key] = entry.value;
+        loadedKeys.push(entry.key);
+    }
+    return { filePath, loadedKeys, existed: true };
+}
+function resolveDefaultPath() {
+    const rift = defaultRiftEnvPath();
+    if (fs.existsSync(rift))
+        return rift;
+    const legacy = legacyEnvPath();
+    if (fs.existsSync(legacy))
+        return legacy;
+    return rift;
+}
+function parseEnvFile(raw) {
+    const entries = [];
+    for (const line of raw.split(/\r?\n/)) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("#"))
+            continue;
+        const withoutExport = trimmed.startsWith("export ")
+            ? trimmed.slice("export ".length).trim()
+            : trimmed;
+        const separator = withoutExport.indexOf("=");
+        if (separator <= 0)
+            continue;
+        const key = withoutExport.slice(0, separator).trim();
+        if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(key))
+            continue;
+        const value = stripWrappingQuotes(withoutExport.slice(separator + 1).trim());
+        entries.push({ key, value });
+    }
+    return entries;
+}
+function stripWrappingQuotes(value) {
+    if (value.length < 2)
+        return value;
+    const first = value[0];
+    const last = value[value.length - 1];
+    if ((first === "\"" || first === "'") && first === last) {
+        return value.slice(1, -1);
+    }
+    return value;
+}
+//# sourceMappingURL=rift-env.js.map

package/dist/src/runtime/rift-env.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rift-env.js","sourceRoot":"","sources":["../../../src/runtime/rift-env.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,MAAM,YAAY,GAAG;IACnB,gBAAgB;IAChB,mBAAmB;IACnB,sBAAsB;CACd,CAAC;AAeX,MAAM,UAAU,kBAAkB,CAAC,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE;IACvD,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;AACzC,CAAC;AAED,sEAAsE;AACtE,oEAAoE;AACpE,mEAAmE;AACnE,SAAS,aAAa,CAAC,OAAO,GAAG,EAAE,CAAC,OAAO,EAAE;IAC3C,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,OAA2B,EAAE;IAE7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,kBAAkB,EAAE,CAAC;IACvD,MAAM,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC;IACvD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,IAAI,YAAY,CAAC,CAAC;IAE9D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACtD,CAAC;IAED,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC9C,KAAK,MAAM,KAAK,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;QACtC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;YAAE,SAAS;QAC1C,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,gBAAgB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3E,SAAS;QACX,CAAC;QACD,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC;QAC7B,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AACjD,CAAC;AAED,SAAS,kBAAkB;IACzB,MAAM,IAAI,GAAG,kBAAkB,EAAE,CAAC;IAClC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACrC,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;IAC/B,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IACzC,OAAO,IAAI,CAAC;AACd,CAAC;AAOD,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,MAAM,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;YACjD,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE;YACxC,CAAC,CAAC,OAAO,CAAC;QACZ,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,SAAS,IAAI,CAAC;YAAE,SAAS;QAE7B,MAAM,GAAG,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;QACrD,IAAI,CAAC,0BAA0B,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,SAAS;QAEpD,MAAM,KAAK,GAAG,mBAAmB,CAAC,aAAa,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7E,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/B,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa;IACxC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACrC,IAAI,CAAC,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,GAAG,CAAC,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACxD,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC5B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/src/runtime/watcher-startup.d.ts

@@ -0,0 +1,2 @@
+export declare function watcherStartupDisabled(env?: NodeJS.ProcessEnv): boolean;
+//# sourceMappingURL=watcher-startup.d.ts.map

package/dist/src/runtime/watcher-startup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"watcher-startup.d.ts","sourceRoot":"","sources":["../../../src/runtime/watcher-startup.ts"],"names":[],"mappings":"AAAA,wBAAgB,sBAAsB,CACpC,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,OAAO,CAET"}

package/dist/src/runtime/watcher-startup.js

@@ -0,0 +1,4 @@
+export function watcherStartupDisabled(env = process.env) {
+    return env["RIFT_DISABLE_WATCHERS"] === "1";
+}
+//# sourceMappingURL=watcher-startup.js.map

package/dist/src/runtime/watcher-startup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"watcher-startup.js","sourceRoot":"","sources":["../../../src/runtime/watcher-startup.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,sBAAsB,CACpC,MAAyB,OAAO,CAAC,GAAG;IAEpC,OAAO,GAAG,CAAC,uBAAuB,CAAC,KAAK,GAAG,CAAC;AAC9C,CAAC"}

package/dist/src/security/archive.d.ts

@@ -0,0 +1,23 @@
+export interface ExtractedFile {
+    /** Relative path within the archive (or filename for single files). */
+    path: string;
+    /** File contents. */
+    data: Buffer;
+}
+export interface ExtractionResult {
+    files: ExtractedFile[];
+}
+export declare class ArchiveSecurityError extends Error {
+    readonly code: "PATH_TRAVERSAL" | "SYMLINK" | "TOO_MANY_FILES" | "TOO_LARGE" | "UNSUPPORTED_FORMAT";
+    constructor(message: string, code: "PATH_TRAVERSAL" | "SYMLINK" | "TOO_MANY_FILES" | "TOO_LARGE" | "UNSUPPORTED_FORMAT");
+}
+/**
+ * Extract an uploaded archive or single file with full security checks.
+ *
+ * @param buffer - Raw uploaded file content
+ * @param originalName - Original filename (used for format detection)
+ * @returns Extracted files
+ * @throws ArchiveSecurityError on any security violation
+ */
+export declare function extractArchive(buffer: Buffer, originalName: string): ExtractionResult;
+//# sourceMappingURL=archive.d.ts.map

package/dist/src/security/archive.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"archive.d.ts","sourceRoot":"","sources":["../../../src/security/archive.ts"],"names":[],"mappings":"AAwBA,MAAM,WAAW,aAAa;IAC5B,uEAAuE;IACvE,IAAI,EAAE,MAAM,CAAC;IACb,qBAAqB;IACrB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,aAAa,EAAE,CAAC;CACxB;AAED,qBAAa,oBAAqB,SAAQ,KAAK;aAG3B,IAAI,EAChB,gBAAgB,GAChB,SAAS,GACT,gBAAgB,GAChB,WAAW,GACX,oBAAoB;gBANxB,OAAO,EAAE,MAAM,EACC,IAAI,EAChB,gBAAgB,GAChB,SAAS,GACT,gBAAgB,GAChB,WAAW,GACX,oBAAoB;CAK3B;AAwJD;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,GACnB,gBAAgB,CAkBlB"}

package/dist/src/security/archive.js

@@ -0,0 +1,163 @@
+/**
+ * Archive extraction with security protections — Slice 12.
+ *
+ * Supports:
+ *   - zip archives (multiple entries)
+ *   - single JSON files (passthrough)
+ *
+ * Blocks:
+ *   - Zip-slip via path traversal (../ in entry names)
+ *   - Symlink entries in zip archives
+ *   - Archive bombs (>10,000 files or >1 GB uncompressed)
+ *   - Markdown and other non-JSON/zip formats — there is no parser
+ *     for raw markdown for any web conversation source, so accepting
+ *     it would either silently no-op (parser skips non-JSON) or fail
+ *     deep in the pipeline. Rejecting at this boundary makes the
+ *     contract honest.
+ */
+import path from "node:path";
+import AdmZip from "adm-zip";
+// --- Limits (PRD Section 3.4) ---
+const MAX_FILES = 10_000;
+const MAX_UNCOMPRESSED_BYTES = 1_073_741_824; // 1 GB
+export class ArchiveSecurityError extends Error {
+    code;
+    constructor(message, code) {
+        super(message);
+        this.code = code;
+        this.name = "ArchiveSecurityError";
+    }
+}
+/**
+ * Detect format from buffer magic bytes and original filename.
+ *
+ * Markdown (.md/.markdown) is explicitly rejected: no web-conversation
+ * parser handles raw markdown, so accepting it here would only enable
+ * silent no-op ingests downstream.
+ */
+function detectFormat(buffer, originalName) {
+    // ZIP magic: PK\x03\x04
+    if (buffer.length >= 4 &&
+        buffer[0] === 0x50 &&
+        buffer[1] === 0x4b &&
+        buffer[2] === 0x03 &&
+        buffer[3] === 0x04) {
+        return "zip";
+    }
+    const lower = originalName.toLowerCase();
+    if (lower.endsWith(".md") || lower.endsWith(".markdown")) {
+        throw new ArchiveSecurityError(`Unsupported file format: ${originalName} (markdown is not a supported ingest format)`, "UNSUPPORTED_FORMAT");
+    }
+    if (lower.endsWith(".json"))
+        return "json";
+    // Try content sniffing: if it starts with { or [, treat as JSON
+    const trimmed = buffer.toString("utf8", 0, Math.min(buffer.length, 64)).trimStart();
+    if (trimmed.startsWith("{") || trimmed.startsWith("["))
+        return "json";
+    throw new ArchiveSecurityError(`Unsupported file format: ${originalName}`, "UNSUPPORTED_FORMAT");
+}
+/**
+ * Validate that a zip entry name is safe (no path traversal).
+ */
+function validateEntryPath(entryName) {
+    // Normalize to forward slashes for consistency
+    const normalized = entryName.replace(/\\/g, "/");
+    // Reject absolute paths
+    if (path.isAbsolute(normalized) || normalized.startsWith("/")) {
+        throw new ArchiveSecurityError(`Zip-slip: absolute path in archive entry: ${entryName}`, "PATH_TRAVERSAL");
+    }
+    // Reject any path component that is ".."
+    const segments = normalized.split("/");
+    for (const seg of segments) {
+        if (seg === "..") {
+            throw new ArchiveSecurityError(`Zip-slip: path traversal in archive entry: ${entryName}`, "PATH_TRAVERSAL");
+        }
+    }
+    // Double-check: resolved path must not escape a hypothetical root
+    const resolved = path.resolve("/safe-root", normalized);
+    if (!resolved.startsWith("/safe-root/") && resolved !== "/safe-root") {
+        throw new ArchiveSecurityError(`Zip-slip: path escapes extraction root: ${entryName}`, "PATH_TRAVERSAL");
+    }
+}
+/**
+ * Extract a zip buffer with security checks.
+ */
+function extractZip(buffer) {
+    const zip = new AdmZip(buffer);
+    const entries = zip.getEntries();
+    // --- Archive bomb: file count ---
+    const fileEntries = entries.filter((e) => !e.isDirectory);
+    if (fileEntries.length > MAX_FILES) {
+        throw new ArchiveSecurityError(`Archive bomb: ${fileEntries.length} files exceeds limit of ${MAX_FILES}`, "TOO_MANY_FILES");
+    }
+    // --- Pre-scan all entries for security violations ---
+    let totalUncompressed = 0;
+    for (const entry of entries) {
+        // Reject symlinks (external attributes bit 0120000 in Unix)
+        // AdmZip stores the Unix file attributes in the upper 16 bits of attr
+        const unixAttr = (entry.header.attr >>> 16) & 0xffff;
+        const isSymlink = (unixAttr & 0o170000) === 0o120000;
+        if (isSymlink) {
+            throw new ArchiveSecurityError(`Symlink in archive: ${entry.entryName}`, "SYMLINK");
+        }
+        // Validate path (zip-slip)
+        validateEntryPath(entry.entryName);
+        // Accumulate uncompressed size
+        if (!entry.isDirectory) {
+            totalUncompressed += entry.header.size;
+            if (totalUncompressed > MAX_UNCOMPRESSED_BYTES) {
+                throw new ArchiveSecurityError(`Archive bomb: uncompressed size exceeds ${MAX_UNCOMPRESSED_BYTES} bytes (1 GB)`, "TOO_LARGE");
+            }
+        }
+    }
+    // --- Extract files ---
+    const files = [];
+    for (const entry of fileEntries) {
+        files.push({
+            path: entry.entryName.replace(/\\/g, "/"),
+            data: entry.getData(),
+        });
+    }
+    return { files };
+}
+/**
+ * Sanitize a single-file upload name.
+ *
+ * Applies the same path-traversal checks used for zip entries, then
+ * strips to the basename so the returned path is always a plain
+ * filename with no directory component.
+ */
+function sanitizeSingleFileName(originalName) {
+    // Run the zip-entry validator — it rejects ../, absolute paths, etc.
+    validateEntryPath(originalName);
+    // Even if validation passes (e.g. "subdir/file.json"), strip to basename
+    // so the caller cannot influence the storage directory.
+    const normalized = originalName.replace(/\\/g, "/");
+    const base = normalized.split("/").pop() ?? originalName;
+    return base;
+}
+/**
+ * Extract an uploaded archive or single file with full security checks.
+ *
+ * @param buffer - Raw uploaded file content
+ * @param originalName - Original filename (used for format detection)
+ * @returns Extracted files
+ * @throws ArchiveSecurityError on any security violation
+ */
+export function extractArchive(buffer, originalName) {
+    const format = detectFormat(buffer, originalName);
+    if (format === "zip") {
+        return extractZip(buffer);
+    }
+    // Single JSON passthrough — sanitize the name
+    const safeName = sanitizeSingleFileName(originalName);
+    return {
+        files: [
+            {
+                path: safeName,
+                data: buffer,
+            },
+        ],
+    };
+}
+//# sourceMappingURL=archive.js.map

package/dist/src/security/archive.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"archive.js","sourceRoot":"","sources":["../../../src/security/archive.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,MAAM,MAAM,SAAS,CAAC;AAE7B,mCAAmC;AACnC,MAAM,SAAS,GAAG,MAAM,CAAC;AACzB,MAAM,sBAAsB,GAAG,aAAa,CAAC,CAAC,OAAO;AAarD,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAG3B;IAFlB,YACE,OAAe,EACC,IAKQ;QAExB,KAAK,CAAC,OAAO,CAAC,CAAC;QAPC,SAAI,GAAJ,IAAI,CAKI;QAGxB,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAED;;;;;;GAMG;AACH,SAAS,YAAY,CAAC,MAAc,EAAE,YAAoB;IACxD,wBAAwB;IACxB,IACE,MAAM,CAAC,MAAM,IAAI,CAAC;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI;QAClB,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,EAClB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,CAAC,WAAW,EAAE,CAAC;IACzC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,oBAAoB,CAC5B,4BAA4B,YAAY,8CAA8C,EACtF,oBAAoB,CACrB,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,MAAM,CAAC;IAE3C,gEAAgE;IAChE,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;IACpF,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC;IAEtE,MAAM,IAAI,oBAAoB,CAC5B,4BAA4B,YAAY,EAAE,EAC1C,oBAAoB,CACrB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,SAAiB;IAC1C,+CAA+C;IAC/C,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAEjD,wBAAwB;IACxB,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9D,MAAM,IAAI,oBAAoB,CAC5B,6CAA6C,SAAS,EAAE,EACxD,gBAAgB,CACjB,CAAC;IACJ,CAAC;IAED,yCAAyC;IACzC,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACjB,MAAM,IAAI,oBAAoB,CAC5B,8CAA8C,SAAS,EAAE,EACzD,gBAAgB,CACjB,CAAC;QACJ,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IACxD,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,IAAI,QAAQ,KAAK,YAAY,EAAE,CAAC;QACrE,MAAM,IAAI,oBAAoB,CAC5B,2CAA2C,SAAS,EAAE,EACtD,gBAAgB,CACjB,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,MAAc;IAChC,MAAM,GAAG,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/B,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,EAAE,CAAC;IAEjC,mCAAmC;IACnC,MAAM,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;IAC1D,IAAI,WAAW,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;QACnC,MAAM,IAAI,oBAAoB,CAC5B,iBAAiB,WAAW,CAAC,MAAM,2BAA2B,SAAS,EAAE,EACzE,gBAAgB,CACjB,CAAC;IACJ,CAAC;IAED,uDAAuD;IACvD,IAAI,iBAAiB,GAAG,CAAC,CAAC;IAE1B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,4DAA4D;QAC5D,sEAAsE;QACtE,MAAM,QAAQ,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC,GAAG,MAAM,CAAC;QACrD,MAAM,SAAS,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC,KAAK,QAAQ,CAAC;QACrD,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,IAAI,oBAAoB,CAC5B,uBAAuB,KAAK,CAAC,SAAS,EAAE,EACxC,SAAS,CACV,CAAC;QACJ,CAAC;QAED,2BAA2B;QAC3B,iBAAiB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAEnC,+BAA+B;QAC/B,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;YACvB,iBAAiB,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC;YACvC,IAAI,iBAAiB,GAAG,sBAAsB,EAAE,CAAC;gBAC/C,MAAM,IAAI,oBAAoB,CAC5B,2CAA2C,sBAAsB,eAAe,EAChF,WAAW,CACZ,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,MAAM,KAAK,GAAoB,EAAE,CAAC;IAClC,KAAK,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC;YACT,IAAI,EAAE,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;YACzC,IAAI,EAAE,KAAK,CAAC,OAAO,EAAE;SACtB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,CAAC;AACnB,CAAC;AAED;;;;;;GAMG;AACH,SAAS,sBAAsB,CAAC,YAAoB;IAClD,qEAAqE;IACrE,iBAAiB,CAAC,YAAY,CAAC,CAAC;IAEhC,yEAAyE;IACzE,wDAAwD;IACxD,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,YAAY,CAAC;IACzD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAC5B,MAAc,EACd,YAAoB;IAEpB,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAElD,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;QACrB,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC;IAC5B,CAAC;IAED,8CAA8C;IAC9C,MAAM,QAAQ,GAAG,sBAAsB,CAAC,YAAY,CAAC,CAAC;IAEtD,OAAO;QACL,KAAK,EAAE;YACL;gBACE,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,MAAM;aACb;SACF;KACF,CAAC;AACJ,CAAC"}

package/dist/src/security/paths.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Validate and canonicalize a file path against allowed source roots.
+ *
+ * 1. Resolves the path to absolute.
+ * 2. Resolves symlinks via realpath.
+ * 3. Confirms the canonical path falls under at least one allowed root.
+ *
+ * @returns The canonical (symlink-resolved) absolute path.
+ * @throws If the path is outside all allowed roots, unresolvable, or inaccessible.
+ */
+export declare function validatePath(filePath: string, allowedRoots: readonly string[]): string;
+/**
+ * Validate a path for an unlink event (file already deleted).
+ *
+ * Since the file no longer exists, we cannot resolve symlinks.
+ * We fall back to path.resolve() and prefix-check only.
+ * This is safe because: the path was validated on add/change,
+ * and unlink only removes existing rows — it cannot insert data.
+ */
+export declare function validateUnlinkPath(filePath: string, allowedRoots: readonly string[]): string;
+//# sourceMappingURL=paths.d.ts.map

package/dist/src/security/paths.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.d.ts","sourceRoot":"","sources":["../../../src/security/paths.ts"],"names":[],"mappings":"AAUA;;;;;;;;;GASG;AACH,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,SAAS,MAAM,EAAE,GAAG,MAAM,CA4BtF;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,SAAS,MAAM,EAAE,GAAG,MAAM,CAe5F"}