@goobits/sherpa 1.0.1

package/dist/commands/post.js

@@ -0,0 +1,183 @@
+/**
+ * sherpa post - PostToolUse hook that offloads large outputs to scratch files
+ */
+import { countTokens, loadConfig, readHookInput, writeHookOutput } from '@goobits/sherpa-core';
+import { createHash } from 'crypto';
+import { existsSync, mkdirSync, readdirSync, statSync, unlinkSync, writeFileSync } from 'fs';
+import { join } from 'path';
+import { DEFAULT_CONFIG } from '../types.js';
+/**
+ * Load guard config from .claude/guard.json or fallback locations
+ */
+export function loadGuardConfig() {
+    const searchPaths = [
+        join(process.cwd(), '.claude', 'guard.json'),
+        join(process.cwd(), 'guard.json')
+    ];
+    return loadConfig('guard.json', DEFAULT_CONFIG, searchPaths);
+}
+/**
+ * Clean up scratch files by age and size
+ */
+function cleanupScratch(scratchDir, maxAgeMinutes, maxSizeMB) {
+    try {
+        if (!existsSync(scratchDir)) {
+            return;
+        }
+        const files = readdirSync(scratchDir);
+        const now = Date.now();
+        const maxAge = maxAgeMinutes * 60 * 1000;
+        const maxBytes = maxSizeMB * 1024 * 1024;
+        // Collect file info
+        const fileInfos = [];
+        let totalSize = 0;
+        for (const file of files) {
+            if (!file.startsWith('out_')) {
+                continue;
+            }
+            const filepath = join(scratchDir, file);
+            try {
+                const stat = statSync(filepath);
+                fileInfos.push({
+                    path: filepath,
+                    size: stat.size,
+                    mtime: stat.mtimeMs
+                });
+                totalSize += stat.size;
+            }
+            catch {
+                // Ignore errors on individual files
+            }
+        }
+        // Delete files older than maxAge
+        for (const info of fileInfos) {
+            if (now - info.mtime > maxAge) {
+                try {
+                    unlinkSync(info.path);
+                    totalSize -= info.size;
+                }
+                catch {
+                    // Ignore
+                }
+            }
+        }
+        // If still over size limit, delete oldest files (LRU)
+        if (totalSize > maxBytes) {
+            const remaining = fileInfos
+                .filter(f => existsSync(f.path))
+                .sort((a, b) => a.mtime - b.mtime); // Oldest first
+            for (const info of remaining) {
+                if (totalSize <= maxBytes) {
+                    break;
+                }
+                try {
+                    unlinkSync(info.path);
+                    totalSize -= info.size;
+                }
+                catch {
+                    // Ignore
+                }
+            }
+        }
+    }
+    catch {
+        // Ignore if directory doesn't exist yet
+    }
+}
+/**
+ * Generate a short hash for the output
+ */
+function hashOutput(content) {
+    return createHash('md5').update(content).digest('hex').slice(0, 8);
+}
+/**
+ * Offload large output to a scratch file
+ */
+export function offloadOutput(output, exitCode, config) {
+    const tokens = countTokens(output);
+    const lines = output.split('\n');
+    // Small output: pass through
+    if (tokens <= config.maxTokens) {
+        return { modified: false, result: output };
+    }
+    // Create scratch directory
+    const scratchDir = join(process.cwd(), config.scratchDir);
+    mkdirSync(scratchDir, { recursive: true });
+    // Clean up old files and enforce size limit
+    cleanupScratch(scratchDir, config.maxAgeMinutes, config.maxScratchSizeMB);
+    // Save to scratch file
+    const hash = hashOutput(output);
+    const filename = `out_${hash}_exit${exitCode}.txt`;
+    const filepath = join(scratchDir, filename);
+    writeFileSync(filepath, output);
+    // Create preview (last N tokens worth of lines)
+    // Estimate ~4 chars per token to avoid expensive per-line token counting
+    const charsPerToken = 4;
+    const targetChars = config.previewTokens * charsPerToken;
+    const previewLines = [];
+    let charCount = 0;
+    for (let i = lines.length - 1; i >= 0 && charCount < targetChars; i--) {
+        previewLines.unshift(lines[i]);
+        charCount += lines[i].length + 1; // +1 for newline
+    }
+    const preview = previewLines.join('\n');
+    // Build pointer message
+    const sizeKB = (output.length / 1024).toFixed(1);
+    const result = [
+        `┌─ Output offloaded (${lines.length} lines, ${sizeKB}KB, ~${tokens} tokens)`,
+        `│ File: ${filepath}`,
+        `│ Hint: grep <pattern> ${filepath}`,
+        `└─ Last ${previewLines.length} lines:`,
+        preview
+    ].join('\n');
+    return { modified: true, result };
+}
+/**
+ * Main entry point for PostToolUse hook
+ */
+export function runPost() {
+    try {
+        const data = readHookInput();
+        // Only handle Bash tool
+        if (data.tool_name !== 'Bash') {
+            writeHookOutput(data);
+            return;
+        }
+        const stdout = data.tool_result?.stdout || '';
+        const stderr = data.tool_result?.stderr || '';
+        const exitCode = data.tool_result?.exit_code || 0;
+        // Load config from .claude/guard.json or defaults
+        const config = loadGuardConfig();
+        // Check stdout
+        const stdoutResult = offloadOutput(stdout, exitCode, config);
+        // Check stderr (usually smaller, but handle anyway)
+        const stderrResult = offloadOutput(stderr, exitCode, config);
+        // If nothing was modified, pass through
+        if (!stdoutResult.modified && !stderrResult.modified) {
+            writeHookOutput(data);
+            return;
+        }
+        // Return modified result
+        const result = {
+            ...data,
+            tool_result: {
+                ...data.tool_result,
+                stdout: stdoutResult.result,
+                stderr: stderrResult.modified ? stderrResult.result : stderr
+            }
+        };
+        writeHookOutput(result);
+    }
+    catch (error) {
+        // On error, try to pass through original
+        console.error('sherpa post error:', error.message);
+        try {
+            const data = readHookInput();
+            writeHookOutput(data);
+        }
+        catch {
+            // Nothing we can do
+        }
+    }
+}
+//# sourceMappingURL=post.js.map

package/dist/commands/post.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"post.js","sourceRoot":"","sources":["../../src/commands/post.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACN,WAAW,EACX,UAAU,EAEV,aAAa,EACb,eAAe,EACf,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AACnC,OAAO,EAAE,UAAU,EAAC,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,IAAI,CAAA;AAC3F,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAE3B,OAAO,EAAE,cAAc,EAAoB,MAAM,aAAa,CAAA;AAE9D;;GAEG;AACH,MAAM,UAAU,eAAe;IAC9B,MAAM,WAAW,GAAG;QACnB,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,YAAY,CAAC;QAC5C,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,YAAY,CAAC;KACjC,CAAA;IACD,OAAO,UAAU,CAAc,YAAY,EAAE,cAAc,EAAE,WAAW,CAAC,CAAA;AAC1E,CAAC;AAQD;;GAEG;AACH,SAAS,cAAc,CAAC,UAAkB,EAAE,aAAqB,EAAE,SAAiB;IACnF,IAAI,CAAC;QACJ,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAAA,OAAM;QAAA,CAAC;QAErC,MAAM,KAAK,GAAG,WAAW,CAAC,UAAU,CAAC,CAAA;QACrC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,MAAM,GAAG,aAAa,GAAG,EAAE,GAAG,IAAI,CAAA;QACxC,MAAM,QAAQ,GAAG,SAAS,GAAG,IAAI,GAAG,IAAI,CAAA;QAExC,oBAAoB;QACpB,MAAM,SAAS,GAAe,EAAE,CAAA;QAChC,IAAI,SAAS,GAAG,CAAC,CAAA;QAEjB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YAC1B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAAA,SAAQ;YAAA,CAAC;YAExC,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAA;YACvC,IAAI,CAAC;gBACJ,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAA;gBAC/B,SAAS,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,KAAK,EAAE,IAAI,CAAC,OAAO;iBACnB,CAAC,CAAA;gBACF,SAAS,IAAI,IAAI,CAAC,IAAI,CAAA;YACvB,CAAC;YAAC,MAAM,CAAC;gBACR,oCAAoC;YACrC,CAAC;QACF,CAAC;QAED,iCAAiC;QACjC,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC9B,IAAI,GAAG,GAAG,IAAI,CAAC,KAAK,GAAG,MAAM,EAAE,CAAC;gBAC/B,IAAI,CAAC;oBACJ,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;oBACrB,SAAS,IAAI,IAAI,CAAC,IAAI,CAAA;gBACvB,CAAC;gBAAC,MAAM,CAAC;oBACR,SAAS;gBACV,CAAC;YACF,CAAC;QACF,CAAC;QAED,sDAAsD;QACtD,IAAI,SAAS,GAAG,QAAQ,EAAE,CAAC;YAC1B,MAAM,SAAS,GAAG,SAAS;iBACzB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;iBAC/B,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAA,CAAC,eAAe;YAEnD,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;gBAC9B,IAAI,SAAS,IAAI,QAAQ,EAAE,CAAC;oBAAA,MAAK;gBAAA,CAAC;gBAClC,IAAI,CAAC;oBACJ,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;oBACrB,SAAS,IAAI,IAAI,CAAC,IAAI,CAAA;gBACvB,CAAC;gBAAC,MAAM,CAAC;oBACR,SAAS;gBACV,CAAC;YACF,CAAC;QACF,CAAC;IACF,CAAC;IAAC,MAAM,CAAC;QACR,wCAAwC;IACzC,CAAC;AACF,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,OAAe;IAClC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;AACnE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAC5B,MAAc,EACd,QAAgB,EAChB,MAAmB;IAEnB,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAA;IAClC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;IAEhC,6BAA6B;IAC7B,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QAChC,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAA;IAC3C,CAAC;IAED,2BAA2B;IAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;IACzD,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IAE1C,4CAA4C;IAC5C,cAAc,CAAC,UAAU,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,gBAAgB,CAAC,CAAA;IAEzE,uBAAuB;IACvB,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,CAAA;IAC/B,MAAM,QAAQ,GAAG,OAAQ,IAAK,QAAS,QAAS,MAAM,CAAA;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAA;IAC3C,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;IAE/B,gDAAgD;IAChD,yEAAyE;IACzE,MAAM,aAAa,GAAG,CAAC,CAAA;IACvB,MAAM,WAAW,GAAG,MAAM,CAAC,aAAa,GAAG,aAAa,CAAA;IACxD,MAAM,YAAY,GAAa,EAAE,CAAA;IACjC,IAAI,SAAS,GAAG,CAAC,CAAA;IACjB,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,SAAS,GAAG,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;QACvE,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;QAC9B,SAAS,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAA,CAAC,iBAAiB;IACnD,CAAC;IACD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEvC,wBAAwB;IACxB,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAA;IAChD,MAAM,MAAM,GAAG;QACd,wBAAyB,KAAK,CAAC,MAAO,WAAY,MAAO,QAAS,MAAO,UAAU;QACnF,WAAY,QAAS,EAAE;QACvB,0BAA2B,QAAS,EAAE;QACtC,WAAY,YAAY,CAAC,MAAO,SAAS;QACzC,OAAO;KACP,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAEZ,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAA;AAClC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO;IACtB,IAAI,CAAC;QACJ,MAAM,IAAI,GAAG,aAAa,EAAkB,CAAA;QAE5C,wBAAwB;QACxB,IAAI,IAAI,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;YAC/B,eAAe,CAAC,IAAI,CAAC,CAAA;YACrB,OAAM;QACP,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;QAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,IAAI,EAAE,CAAA;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,SAAS,IAAI,CAAC,CAAA;QAEjD,kDAAkD;QAClD,MAAM,MAAM,GAAG,eAAe,EAAE,CAAA;QAEhC,eAAe;QACf,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAA;QAE5D,oDAAoD;QACpD,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAA;QAE5D,wCAAwC;QACxC,IAAI,CAAC,YAAY,CAAC,QAAQ,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC;YACtD,eAAe,CAAC,IAAI,CAAC,CAAA;YACrB,OAAM;QACP,CAAC;QAED,yBAAyB;QACzB,MAAM,MAAM,GAAG;YACd,GAAG,IAAI;YACP,WAAW,EAAE;gBACZ,GAAG,IAAI,CAAC,WAAW;gBACnB,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,MAAM,EAAE,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;aAC5D;SACD,CAAA;QAED,eAAe,CAAC,MAAM,CAAC,CAAA;IACxB,CAAC;IAAC,OAAM,KAAK,EAAE,CAAC;QACf,yCAAyC;QACzC,OAAO,CAAC,KAAK,CAAC,oBAAoB,EAAG,KAAe,CAAC,OAAO,CAAC,CAAA;QAC7D,IAAI,CAAC;YACJ,MAAM,IAAI,GAAG,aAAa,EAAkB,CAAA;YAC5C,eAAe,CAAC,IAAI,CAAC,CAAA;QACtB,CAAC;QAAC,MAAM,CAAC;YACR,oBAAoB;QACrB,CAAC;IACF,CAAC;AACF,CAAC"}

package/dist/commands/pre.d.ts

@@ -0,0 +1,18 @@
+/**
+ * sherpa pre - PreToolUse hook that blocks dangerous bash commands
+ */
+/**
+ * Run pre-guard check on a command
+ */
+export declare function checkBashCommand(command: string): {
+    blocked: boolean;
+    rule?: {
+        name: string;
+        reason: string;
+    };
+};
+/**
+ * Main entry point for PreToolUse hook
+ */
+export declare function runPre(): void;
+//# sourceMappingURL=pre.d.ts.map

package/dist/commands/pre.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pre.d.ts","sourceRoot":"","sources":["../../src/commands/pre.ts"],"names":[],"mappings":"AAAA;;GAEG;AAsDH;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,IAAI,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAA;CAAE,CAgC/G;AAED;;GAEG;AACH,wBAAgB,MAAM,IAAI,IAAI,CAyB7B"}

package/dist/commands/pre.js

@@ -0,0 +1,102 @@
+/**
+ * sherpa pre - PreToolUse hook that blocks dangerous bash commands
+ */
+import { EXIT, readHookInput } from '@goobits/sherpa-core';
+// @ts-expect-error - bash-parser has no types
+import parse from 'bash-parser';
+import { readFileSync } from 'fs';
+import { dirname, join } from 'path';
+import { fileURLToPath } from 'url';
+import { extractCommands } from '../parser.js';
+import { checkCommand, checkPipeline } from '../rules.js';
+// Load rules from JSON config
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const rulesPath = join(__dirname, '..', '..', 'rules.json');
+const rules = JSON.parse(readFileSync(rulesPath, 'utf-8'));
+// Fast-path: commands that are always safe (skip expensive parse)
+const SAFE_COMMAND_PREFIXES = [
+    'echo ', 'echo\t', 'printf ',
+    'ls ', 'ls\t', 'ls\n', 'ls',
+    'pwd', 'date', 'whoami', 'id',
+    'cat ', 'head ', 'tail ', 'wc ',
+    'grep ', 'awk ', 'sed ',
+    'cd ', 'cd\t',
+    'true', 'false', ':'
+];
+function isFastPathSafe(command) {
+    const trimmed = command.trim();
+    // Check if command starts with a known-safe prefix
+    for (const prefix of SAFE_COMMAND_PREFIXES) {
+        if (trimmed === prefix.trim() || trimmed.startsWith(prefix)) {
+            // Quick check: no compound commands, pipes, or dangerous chars
+            if (!trimmed.includes('|') &&
+                !trimmed.includes('&&') &&
+                !trimmed.includes('||') &&
+                !trimmed.includes(';') &&
+                !trimmed.includes('$(') &&
+                !trimmed.includes('`')) {
+                return true;
+            }
+        }
+    }
+    return false;
+}
+/**
+ * Run pre-guard check on a command
+ */
+export function checkBashCommand(command) {
+    // Fast path: skip parsing for known-safe commands
+    if (isFastPathSafe(command)) {
+        return { blocked: false };
+    }
+    // Parse command into AST
+    let ast;
+    try {
+        ast = parse(command);
+    }
+    catch {
+        // If parsing fails, allow (fail open)
+        return { blocked: false };
+    }
+    // Check pipeline patterns first (curl | bash)
+    const pipeRule = checkPipeline(ast, rules);
+    if (pipeRule) {
+        return { blocked: true, rule: { name: pipeRule.name, reason: pipeRule.reason } };
+    }
+    // Extract and check each command
+    const commands = extractCommands(ast);
+    for (const cmdInfo of commands) {
+        const result = checkCommand(cmdInfo, rules);
+        if (result.blocked && result.rule) {
+            return { blocked: true, rule: { name: result.rule.name, reason: result.rule.reason } };
+        }
+    }
+    return { blocked: false };
+}
+/**
+ * Main entry point for PreToolUse hook
+ */
+export function runPre() {
+    try {
+        const data = readHookInput();
+        const command = data.tool_input?.command;
+        if (!command) {
+            process.exit(EXIT.ALLOW);
+        }
+        const result = checkBashCommand(command);
+        if (result.blocked && result.rule) {
+            console.error('BLOCKED by sherpa');
+            console.error(`  Rule: ${result.rule.name}`);
+            console.error(`  Reason: ${result.rule.reason}`);
+            console.error(`  Command: ${command}`);
+            process.exit(EXIT.BLOCK);
+        }
+        process.exit(EXIT.ALLOW);
+    }
+    catch (error) {
+        // Graceful degradation: allow on error
+        console.error('sherpa pre error:', error.message);
+        process.exit(EXIT.ALLOW);
+    }
+}
+//# sourceMappingURL=pre.js.map

package/dist/commands/pre.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pre.js","sourceRoot":"","sources":["../../src/commands/pre.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACN,IAAI,EAEJ,aAAa,EACb,MAAM,sBAAsB,CAAA;AAC7B,8CAA8C;AAC9C,OAAO,KAAK,MAAM,aAAa,CAAA;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAA;AACjC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAA;AAEnC,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC9C,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAGzD,8BAA8B;AAC9B,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;AACzD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,CAAC,CAAA;AAC3D,MAAM,KAAK,GAAgB,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAA;AAEvE,kEAAkE;AAClE,MAAM,qBAAqB,GAAG;IAC7B,OAAO,EAAE,QAAQ,EAAE,SAAS;IAC5B,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI;IAC3B,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI;IAC7B,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK;IAC/B,OAAO,EAAE,MAAM,EAAE,MAAM;IACvB,KAAK,EAAE,MAAM;IACb,MAAM,EAAE,OAAO,EAAE,GAAG;CACpB,CAAA;AAED,SAAS,cAAc,CAAC,OAAe;IACtC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAA;IAC9B,mDAAmD;IACnD,KAAK,MAAM,MAAM,IAAI,qBAAqB,EAAE,CAAC;QAC5C,IAAI,OAAO,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7D,+DAA+D;YAC/D,IACC,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACtB,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACvB,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACvB,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;gBACtB,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACvB,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EACrB,CAAC;gBACF,OAAO,IAAI,CAAA;YACZ,CAAC;QACF,CAAC;IACF,CAAC;IACD,OAAO,KAAK,CAAA;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAe;IAC/C,kDAAkD;IAClD,IAAI,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IAC1B,CAAC;IAED,yBAAyB;IACzB,IAAI,GAAY,CAAA;IAChB,IAAI,CAAC;QACJ,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,CAAA;IACrB,CAAC;IAAC,MAAM,CAAC;QACR,sCAAsC;QACtC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IAC1B,CAAC;IAED,8CAA8C;IAC9C,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAC1C,IAAI,QAAQ,EAAE,CAAC;QACd,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAA;IACjF,CAAC;IAED,iCAAiC;IACjC,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,CAAA;IAErC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;QAC3C,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YACnC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAA;QACvF,CAAC;IACF,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,MAAM;IACrB,IAAI,CAAC;QACJ,MAAM,IAAI,GAAG,aAAa,EAAgB,CAAA;QAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,OAAO,CAAA;QAExC,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACzB,CAAC;QAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAA;QAExC,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YACnC,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;YAClC,OAAO,CAAC,KAAK,CAAC,WAAY,MAAM,CAAC,IAAI,CAAC,IAAK,EAAE,CAAC,CAAA;YAC9C,OAAO,CAAC,KAAK,CAAC,aAAc,MAAM,CAAC,IAAI,CAAC,MAAO,EAAE,CAAC,CAAA;YAClD,OAAO,CAAC,KAAK,CAAC,cAAe,OAAQ,EAAE,CAAC,CAAA;YACxC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACzB,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACzB,CAAC;IAAC,OAAM,KAAK,EAAE,CAAC;QACf,uCAAuC;QACvC,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAG,KAAe,CAAC,OAAO,CAAC,CAAA;QAC5D,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACzB,CAAC;AACF,CAAC"}

package/dist/commands/status.d.ts

@@ -0,0 +1,5 @@
+/**
+ * sherpa status - Show LLM provider status and rate limits
+ */
+export declare function runStatus(): Promise<void>;
+//# sourceMappingURL=status.d.ts.map

package/dist/commands/status.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.d.ts","sourceRoot":"","sources":["../../src/commands/status.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,wBAAsB,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,CAmD/C"}

package/dist/commands/status.js

@@ -0,0 +1,48 @@
+/**
+ * sherpa status - Show LLM provider status and rate limits
+ */
+import { checkProviderStatus, getAvailableProviders } from '@goobits/sherpa-core';
+export async function runStatus() {
+    console.log('Checking LLM providers...\n');
+    const available = getAvailableProviders();
+    if (available.length === 0) {
+        console.log('No providers configured.');
+        console.log('Set CEREBRAS_API_KEY, GROQ_API_KEY, or OPENAI_API_KEY');
+        return;
+    }
+    console.log(`Configured: ${available.join(', ')}\n`);
+    const statuses = await checkProviderStatus();
+    for (const status of statuses) {
+        const icon = status.available ? '✓' : '✗';
+        console.log(`${icon} ${status.provider.toUpperCase()}`);
+        if (status.error) {
+            console.log(`  Error: ${status.error}`);
+            continue;
+        }
+        if (status.limits) {
+            const l = status.limits;
+            // Show requests
+            if (l.requestsPerMinute && l.requestsRemainingMinute) {
+                const pct = Math.round((l.requestsRemainingMinute / l.requestsPerMinute) * 100);
+                console.log(`  Requests/min: ${l.requestsRemainingMinute.toLocaleString()}/${l.requestsPerMinute.toLocaleString()} (${pct}%)`);
+            }
+            if (l.requestsRemainingDay) {
+                const limit = l.requestsPerDay || 14400; // Cerebras free tier default
+                const used = limit - l.requestsRemainingDay;
+                console.log(`  Requests/day: ${l.requestsRemainingDay.toLocaleString()} remaining (${used.toLocaleString()} used)`);
+            }
+            // Show tokens
+            if (l.tokensPerMinute && l.tokensRemainingMinute) {
+                const pct = Math.round((l.tokensRemainingMinute / l.tokensPerMinute) * 100);
+                console.log(`  Tokens/min: ${l.tokensRemainingMinute.toLocaleString()}/${l.tokensPerMinute.toLocaleString()} (${pct}%)`);
+            }
+            if (l.tokensRemainingDay) {
+                const limit = l.tokensPerDay || 1000000; // Cerebras free tier default
+                const used = limit - l.tokensRemainingDay;
+                console.log(`  Tokens/day: ${l.tokensRemainingDay.toLocaleString()} remaining (${used.toLocaleString()} used)`);
+            }
+        }
+        console.log('');
+    }
+}
+//# sourceMappingURL=status.js.map

package/dist/commands/status.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.js","sourceRoot":"","sources":["../../src/commands/status.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAA;AAEjF,MAAM,CAAC,KAAK,UAAU,SAAS;IAC9B,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAA;IAE1C,MAAM,SAAS,GAAG,qBAAqB,EAAE,CAAA;IAEzC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAA;QACvC,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAA;QACpE,OAAM;IACP,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,eAAgB,SAAS,CAAC,IAAI,CAAC,IAAI,CAAE,IAAI,CAAC,CAAA;IAEtD,MAAM,QAAQ,GAAG,MAAM,mBAAmB,EAAE,CAAA;IAE5C,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAA;QACzC,OAAO,CAAC,GAAG,CAAC,GAAI,IAAK,IAAK,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAG,EAAE,CAAC,CAAA;QAE3D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,YAAa,MAAM,CAAC,KAAM,EAAE,CAAC,CAAA;YACzC,SAAQ;QACT,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAA;YAEvB,gBAAgB;YAChB,IAAI,CAAC,CAAC,iBAAiB,IAAI,CAAC,CAAC,uBAAuB,EAAE,CAAC;gBACtD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,uBAAuB,GAAG,CAAC,CAAC,iBAAiB,CAAC,GAAG,GAAG,CAAC,CAAA;gBAC/E,OAAO,CAAC,GAAG,CAAC,mBAAoB,CAAC,CAAC,uBAAuB,CAAC,cAAc,EAAG,IAAK,CAAC,CAAC,iBAAiB,CAAC,cAAc,EAAG,KAAM,GAAI,IAAI,CAAC,CAAA;YACrI,CAAC;YACD,IAAI,CAAC,CAAC,oBAAoB,EAAE,CAAC;gBAC5B,MAAM,KAAK,GAAG,CAAC,CAAC,cAAc,IAAI,KAAK,CAAA,CAAC,6BAA6B;gBACrE,MAAM,IAAI,GAAG,KAAK,GAAG,CAAC,CAAC,oBAAoB,CAAA;gBAC3C,OAAO,CAAC,GAAG,CAAC,mBAAoB,CAAC,CAAC,oBAAoB,CAAC,cAAc,EAAG,eAAgB,IAAI,CAAC,cAAc,EAAG,QAAQ,CAAC,CAAA;YACxH,CAAC;YAED,cAAc;YACd,IAAI,CAAC,CAAC,eAAe,IAAI,CAAC,CAAC,qBAAqB,EAAE,CAAC;gBAClD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,qBAAqB,GAAG,CAAC,CAAC,eAAe,CAAC,GAAG,GAAG,CAAC,CAAA;gBAC3E,OAAO,CAAC,GAAG,CAAC,iBAAkB,CAAC,CAAC,qBAAqB,CAAC,cAAc,EAAG,IAAK,CAAC,CAAC,eAAe,CAAC,cAAc,EAAG,KAAM,GAAI,IAAI,CAAC,CAAA;YAC/H,CAAC;YACD,IAAI,CAAC,CAAC,kBAAkB,EAAE,CAAC;gBAC1B,MAAM,KAAK,GAAG,CAAC,CAAC,YAAY,IAAI,OAAO,CAAA,CAAC,6BAA6B;gBACrE,MAAM,IAAI,GAAG,KAAK,GAAG,CAAC,CAAC,kBAAkB,CAAA;gBACzC,OAAO,CAAC,GAAG,CAAC,iBAAkB,CAAC,CAAC,kBAAkB,CAAC,cAAc,EAAG,eAAgB,IAAI,CAAC,cAAc,EAAG,QAAQ,CAAC,CAAA;YACpH,CAAC;QACF,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAChB,CAAC;AACF,CAAC"}

package/dist/daemon-V2QDZTUB.js

@@ -0,0 +1,89 @@
+#!/usr/bin/env node
+import {
+  DEFAULT_CONFIG,
+  checkBashCommand,
+  offloadOutput
+} from "./chunk-5NF3BSD6.js";
+import {
+  loadConfig
+} from "./chunk-3CILH2TO.js";
+
+// src/daemon.ts
+import { existsSync, unlinkSync } from "fs";
+import { createServer } from "net";
+var config = loadConfig("config.json", DEFAULT_CONFIG);
+var socketPath = config.socketPath;
+function handleConnection(socket) {
+  let buffer = "";
+  socket.on("data", (chunk) => {
+    buffer += chunk.toString();
+    if (buffer.length > 10 * 1024 * 1024) {
+      socket.write(JSON.stringify({ error: "Request too large" }));
+      socket.end();
+      return;
+    }
+    try {
+      const request = JSON.parse(buffer);
+      buffer = "";
+      let response;
+      if (request.type === "pre") {
+        const { command } = request.data;
+        const result = checkBashCommand(command);
+        response = result;
+      } else if (request.type === "post") {
+        const { stdout, stderr, exit_code } = request.data;
+        const stdoutResult = offloadOutput(stdout, exit_code, config);
+        const stderrResult = offloadOutput(stderr, exit_code, config);
+        response = {
+          stdout: stdoutResult.result,
+          stderr: stderrResult.result,
+          modified: stdoutResult.modified || stderrResult.modified
+        };
+      } else {
+        response = { error: "Unknown request type" };
+      }
+      socket.write(JSON.stringify(response));
+      socket.end();
+    } catch (err) {
+      if (err instanceof SyntaxError && !err.message.includes("end of JSON")) {
+        buffer = "";
+        socket.write(JSON.stringify({ error: "Invalid JSON" }));
+        socket.end();
+      }
+    }
+  });
+  socket.on("error", (err) => {
+    console.error("Socket error:", err.message);
+  });
+}
+function cleanup() {
+  try {
+    if (existsSync(socketPath)) {
+      unlinkSync(socketPath);
+    }
+  } catch {
+  }
+  process.exit(0);
+}
+function main() {
+  if (existsSync(socketPath)) {
+    unlinkSync(socketPath);
+  }
+  const server = createServer(handleConnection);
+  process.on("SIGTERM", cleanup);
+  process.on("SIGINT", cleanup);
+  process.on("SIGHUP", cleanup);
+  process.on("uncaughtException", (err) => {
+    console.error("Uncaught exception:", err);
+    cleanup();
+  });
+  server.listen(socketPath, () => {
+    console.error(`Guard daemon listening on ${socketPath}`);
+  });
+  server.on("error", (err) => {
+    console.error("Server error:", err);
+    cleanup();
+  });
+}
+main();
+//# sourceMappingURL=daemon-V2QDZTUB.js.map

package/dist/daemon-V2QDZTUB.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../src/daemon.ts"],
+  "sourcesContent": ["#!/usr/bin/env node\n/**\n * Guard daemon - persistent server for fast hook responses\n *\n * Keeps bash-parser and rules loaded in memory.\n * Communicates via Unix socket for sub-5ms response times.\n */\n\nimport { loadConfig } from '@goobits/sherpa-core'\nimport { existsSync, unlinkSync } from 'fs'\nimport { createServer, type Socket } from 'net'\n\nimport { offloadOutput } from './commands/post.js'\nimport { checkBashCommand } from './commands/pre.js'\nimport { DEFAULT_CONFIG, type GuardConfig } from './types.js'\n\n// Load config\nconst config = loadConfig<GuardConfig>('config.json', DEFAULT_CONFIG)\nconst socketPath = config.socketPath\n\ninterface DaemonRequest {\n\ttype: 'pre' | 'post';\n\tdata: unknown;\n}\n\ninterface PreRequest {\n\tcommand: string;\n}\n\ninterface PostRequest {\n\tstdout: string;\n\tstderr: string;\n\texit_code: number;\n}\n\n/**\n * Handle a client connection\n */\nfunction handleConnection(socket: Socket): void {\n\tlet buffer = ''\n\n\tsocket.on('data', chunk => {\n\t\tbuffer += chunk.toString()\n\n\t\t// Limit buffer size to prevent DoS\n\t\tif (buffer.length > 10 * 1024 * 1024) {\n\t\t\tsocket.write(JSON.stringify({ error: 'Request too large' }))\n\t\t\tsocket.end()\n\t\t\treturn\n\t\t}\n\n\t\t// Try to parse complete JSON\n\t\ttry {\n\t\t\tconst request: DaemonRequest = JSON.parse(buffer)\n\t\t\tbuffer = ''\n\n\t\t\tlet response: unknown\n\n\t\t\tif (request.type === 'pre') {\n\t\t\t\tconst { command } = request.data as PreRequest\n\t\t\t\tconst result = checkBashCommand(command)\n\t\t\t\tresponse = result\n\t\t\t} else if (request.type === 'post') {\n\t\t\t\tconst { stdout, stderr, exit_code } = request.data as PostRequest\n\t\t\t\tconst stdoutResult = offloadOutput(stdout, exit_code, config)\n\t\t\t\tconst stderrResult = offloadOutput(stderr, exit_code, config)\n\t\t\t\tresponse = {\n\t\t\t\t\tstdout: stdoutResult.result,\n\t\t\t\t\tstderr: stderrResult.result,\n\t\t\t\t\tmodified: stdoutResult.modified || stderrResult.modified\n\t\t\t\t}\n\t\t\t} else {\n\t\t\t\tresponse = { error: 'Unknown request type' }\n\t\t\t}\n\n\t\t\tsocket.write(JSON.stringify(response))\n\t\t\tsocket.end()\n\t\t} catch(err) {\n\t\t\t// Check if it's a syntax error (invalid JSON) vs incomplete JSON\n\t\t\tif (err instanceof SyntaxError && !err.message.includes('end of JSON')) {\n\t\t\t\t// Invalid JSON structure - reset buffer and report error\n\t\t\t\tbuffer = ''\n\t\t\t\tsocket.write(JSON.stringify({ error: 'Invalid JSON' }))\n\t\t\t\tsocket.end()\n\t\t\t}\n\t\t\t// Otherwise incomplete JSON, wait for more data\n\t\t}\n\t})\n\n\tsocket.on('error', err => {\n\t\tconsole.error('Socket error:', err.message)\n\t})\n}\n\n/**\n * Cleanup socket file on exit\n */\nfunction cleanup(): void {\n\ttry {\n\t\tif (existsSync(socketPath)) {\n\t\t\tunlinkSync(socketPath)\n\t\t}\n\t} catch {\n\t\t// Ignore cleanup errors\n\t}\n\tprocess.exit(0)\n}\n\n/**\n * Start the daemon\n */\nfunction main(): void {\n\t// Remove stale socket file\n\tif (existsSync(socketPath)) {\n\t\tunlinkSync(socketPath)\n\t}\n\n\tconst server = createServer(handleConnection)\n\n\t// Handle shutdown signals\n\tprocess.on('SIGTERM', cleanup)\n\tprocess.on('SIGINT', cleanup)\n\tprocess.on('SIGHUP', cleanup)\n\n\t// Handle uncaught errors\n\tprocess.on('uncaughtException', err => {\n\t\tconsole.error('Uncaught exception:', err)\n\t\tcleanup()\n\t})\n\n\tserver.listen(socketPath, () => {\n\t\tconsole.error(`Guard daemon listening on ${ socketPath }`)\n\t})\n\n\tserver.on('error', err => {\n\t\tconsole.error('Server error:', err)\n\t\tcleanup()\n\t})\n}\n\nmain()\n"],
+  "mappings": ";;;;;;;;;;;AASA,SAAS,YAAY,kBAAkB;AACvC,SAAS,oBAAiC;AAO1C,IAAM,SAAS,WAAwB,eAAe,cAAc;AACpE,IAAM,aAAa,OAAO;AAoB1B,SAAS,iBAAiB,QAAsB;AAC/C,MAAI,SAAS;AAEb,SAAO,GAAG,QAAQ,WAAS;AAC1B,cAAU,MAAM,SAAS;AAGzB,QAAI,OAAO,SAAS,KAAK,OAAO,MAAM;AACrC,aAAO,MAAM,KAAK,UAAU,EAAE,OAAO,oBAAoB,CAAC,CAAC;AAC3D,aAAO,IAAI;AACX;AAAA,IACD;AAGA,QAAI;AACH,YAAM,UAAyB,KAAK,MAAM,MAAM;AAChD,eAAS;AAET,UAAI;AAEJ,UAAI,QAAQ,SAAS,OAAO;AAC3B,cAAM,EAAE,QAAQ,IAAI,QAAQ;AAC5B,cAAM,SAAS,iBAAiB,OAAO;AACvC,mBAAW;AAAA,MACZ,WAAW,QAAQ,SAAS,QAAQ;AACnC,cAAM,EAAE,QAAQ,QAAQ,UAAU,IAAI,QAAQ;AAC9C,cAAM,eAAe,cAAc,QAAQ,WAAW,MAAM;AAC5D,cAAM,eAAe,cAAc,QAAQ,WAAW,MAAM;AAC5D,mBAAW;AAAA,UACV,QAAQ,aAAa;AAAA,UACrB,QAAQ,aAAa;AAAA,UACrB,UAAU,aAAa,YAAY,aAAa;AAAA,QACjD;AAAA,MACD,OAAO;AACN,mBAAW,EAAE,OAAO,uBAAuB;AAAA,MAC5C;AAEA,aAAO,MAAM,KAAK,UAAU,QAAQ,CAAC;AACrC,aAAO,IAAI;AAAA,IACZ,SAAQ,KAAK;AAEZ,UAAI,eAAe,eAAe,CAAC,IAAI,QAAQ,SAAS,aAAa,GAAG;AAEvE,iBAAS;AACT,eAAO,MAAM,KAAK,UAAU,EAAE,OAAO,eAAe,CAAC,CAAC;AACtD,eAAO,IAAI;AAAA,MACZ;AAAA,IAED;AAAA,EACD,CAAC;AAED,SAAO,GAAG,SAAS,SAAO;AACzB,YAAQ,MAAM,iBAAiB,IAAI,OAAO;AAAA,EAC3C,CAAC;AACF;AAKA,SAAS,UAAgB;AACxB,MAAI;AACH,QAAI,WAAW,UAAU,GAAG;AAC3B,iBAAW,UAAU;AAAA,IACtB;AAAA,EACD,QAAQ;AAAA,EAER;AACA,UAAQ,KAAK,CAAC;AACf;AAKA,SAAS,OAAa;AAErB,MAAI,WAAW,UAAU,GAAG;AAC3B,eAAW,UAAU;AAAA,EACtB;AAEA,QAAM,SAAS,aAAa,gBAAgB;AAG5C,UAAQ,GAAG,WAAW,OAAO;AAC7B,UAAQ,GAAG,UAAU,OAAO;AAC5B,UAAQ,GAAG,UAAU,OAAO;AAG5B,UAAQ,GAAG,qBAAqB,SAAO;AACtC,YAAQ,MAAM,uBAAuB,GAAG;AACxC,YAAQ;AAAA,EACT,CAAC;AAED,SAAO,OAAO,YAAY,MAAM;AAC/B,YAAQ,MAAM,6BAA8B,UAAW,EAAE;AAAA,EAC1D,CAAC;AAED,SAAO,GAAG,SAAS,SAAO;AACzB,YAAQ,MAAM,iBAAiB,GAAG;AAClC,YAAQ;AAAA,EACT,CAAC;AACF;AAEA,KAAK;",
+  "names": []
+}

package/dist/daemon.d.ts

@@ -0,0 +1,9 @@
+#!/usr/bin/env node
+/**
+ * Guard daemon - persistent server for fast hook responses
+ *
+ * Keeps bash-parser and rules loaded in memory.
+ * Communicates via Unix socket for sub-5ms response times.
+ */
+export {};
+//# sourceMappingURL=daemon.d.ts.map

package/dist/daemon.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"daemon.d.ts","sourceRoot":"","sources":["../src/daemon.ts"],"names":[],"mappings":";AACA;;;;;GAKG"}

package/dist/daemon.js

@@ -0,0 +1,112 @@
+#!/usr/bin/env node
+/**
+ * Guard daemon - persistent server for fast hook responses
+ *
+ * Keeps bash-parser and rules loaded in memory.
+ * Communicates via Unix socket for sub-5ms response times.
+ */
+import { loadConfig } from '@goobits/sherpa-core';
+import { existsSync, unlinkSync } from 'fs';
+import { createServer } from 'net';
+import { offloadOutput } from './commands/post.js';
+import { checkBashCommand } from './commands/pre.js';
+import { DEFAULT_CONFIG } from './types.js';
+// Load config
+const config = loadConfig('config.json', DEFAULT_CONFIG);
+const socketPath = config.socketPath;
+/**
+ * Handle a client connection
+ */
+function handleConnection(socket) {
+    let buffer = '';
+    socket.on('data', chunk => {
+        buffer += chunk.toString();
+        // Limit buffer size to prevent DoS
+        if (buffer.length > 10 * 1024 * 1024) {
+            socket.write(JSON.stringify({ error: 'Request too large' }));
+            socket.end();
+            return;
+        }
+        // Try to parse complete JSON
+        try {
+            const request = JSON.parse(buffer);
+            buffer = '';
+            let response;
+            if (request.type === 'pre') {
+                const { command } = request.data;
+                const result = checkBashCommand(command);
+                response = result;
+            }
+            else if (request.type === 'post') {
+                const { stdout, stderr, exit_code } = request.data;
+                const stdoutResult = offloadOutput(stdout, exit_code, config);
+                const stderrResult = offloadOutput(stderr, exit_code, config);
+                response = {
+                    stdout: stdoutResult.result,
+                    stderr: stderrResult.result,
+                    modified: stdoutResult.modified || stderrResult.modified
+                };
+            }
+            else {
+                response = { error: 'Unknown request type' };
+            }
+            socket.write(JSON.stringify(response));
+            socket.end();
+        }
+        catch (err) {
+            // Check if it's a syntax error (invalid JSON) vs incomplete JSON
+            if (err instanceof SyntaxError && !err.message.includes('end of JSON')) {
+                // Invalid JSON structure - reset buffer and report error
+                buffer = '';
+                socket.write(JSON.stringify({ error: 'Invalid JSON' }));
+                socket.end();
+            }
+            // Otherwise incomplete JSON, wait for more data
+        }
+    });
+    socket.on('error', err => {
+        console.error('Socket error:', err.message);
+    });
+}
+/**
+ * Cleanup socket file on exit
+ */
+function cleanup() {
+    try {
+        if (existsSync(socketPath)) {
+            unlinkSync(socketPath);
+        }
+    }
+    catch {
+        // Ignore cleanup errors
+    }
+    process.exit(0);
+}
+/**
+ * Start the daemon
+ */
+function main() {
+    // Remove stale socket file
+    if (existsSync(socketPath)) {
+        unlinkSync(socketPath);
+    }
+    const server = createServer(handleConnection);
+    // Handle shutdown signals
+    process.on('SIGTERM', cleanup);
+    process.on('SIGINT', cleanup);
+    process.on('SIGHUP', cleanup);
+    // Handle uncaught errors
+    process.on('uncaughtException', err => {
+        console.error('Uncaught exception:', err);
+        cleanup();
+    });
+    server.listen(socketPath, () => {
+        console.error(`Guard daemon listening on ${socketPath}`);
+    });
+    server.on('error', err => {
+        console.error('Server error:', err);
+        cleanup();
+    });
+}
+main();
+//# sourceMappingURL=daemon.js.map

package/dist/daemon.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"daemon.js","sourceRoot":"","sources":["../src/daemon.ts"],"names":[],"mappings":";AACA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAA;AACjD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,IAAI,CAAA;AAC3C,OAAO,EAAE,YAAY,EAAe,MAAM,KAAK,CAAA;AAE/C,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAA;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AACpD,OAAO,EAAE,cAAc,EAAoB,MAAM,YAAY,CAAA;AAE7D,cAAc;AACd,MAAM,MAAM,GAAG,UAAU,CAAc,aAAa,EAAE,cAAc,CAAC,CAAA;AACrE,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAA;AAiBpC;;GAEG;AACH,SAAS,gBAAgB,CAAC,MAAc;IACvC,IAAI,MAAM,GAAG,EAAE,CAAA;IAEf,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE;QACzB,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAA;QAE1B,mCAAmC;QACnC,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;YACtC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAA;YAC5D,MAAM,CAAC,GAAG,EAAE,CAAA;YACZ,OAAM;QACP,CAAC;QAED,6BAA6B;QAC7B,IAAI,CAAC;YACJ,MAAM,OAAO,GAAkB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;YACjD,MAAM,GAAG,EAAE,CAAA;YAEX,IAAI,QAAiB,CAAA;YAErB,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;gBAC5B,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,IAAkB,CAAA;gBAC9C,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAA;gBACxC,QAAQ,GAAG,MAAM,CAAA;YAClB,CAAC;iBAAM,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBACpC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,IAAmB,CAAA;gBACjE,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,CAAA;gBAC7D,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,CAAA;gBAC7D,QAAQ,GAAG;oBACV,MAAM,EAAE,YAAY,CAAC,MAAM;oBAC3B,MAAM,EAAE,YAAY,CAAC,MAAM;oBAC3B,QAAQ,EAAE,YAAY,CAAC,QAAQ,IAAI,YAAY,CAAC,QAAQ;iBACxD,CAAA;YACF,CAAC;iBAAM,CAAC;gBACP,QAAQ,GAAG,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAA;YAC7C,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAA;YACtC,MAAM,CAAC,GAAG,EAAE,CAAA;QACb,CAAC;QAAC,OAAM,GAAG,EAAE,CAAC;YACb,iEAAiE;YACjE,IAAI,GAAG,YAAY,WAAW,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;gBACxE,yDAAyD;gBACzD,MAAM,GAAG,EAAE,CAAA;gBACX,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC,CAAA;gBACvD,MAAM,CAAC,GAAG,EAAE,CAAA;YACb,CAAC;YACD,gDAAgD;QACjD,CAAC;IACF,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;QACxB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,CAAC,OAAO,CAAC,CAAA;IAC5C,CAAC,CAAC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAS,OAAO;IACf,IAAI,CAAC;QACJ,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,UAAU,CAAC,UAAU,CAAC,CAAA;QACvB,CAAC;IACF,CAAC;IAAC,MAAM,CAAC;QACR,wBAAwB;IACzB,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,IAAI;IACZ,2BAA2B;IAC3B,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,UAAU,CAAC,UAAU,CAAC,CAAA;IACvB,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAA;IAE7C,0BAA0B;IAC1B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;IAC9B,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IAC7B,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAA;IAE7B,yBAAyB;IACzB,OAAO,CAAC,EAAE,CAAC,mBAAmB,EAAE,GAAG,CAAC,EAAE;QACrC,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,GAAG,CAAC,CAAA;QACzC,OAAO,EAAE,CAAA;IACV,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,GAAG,EAAE;QAC9B,OAAO,CAAC,KAAK,CAAC,6BAA8B,UAAW,EAAE,CAAC,CAAA;IAC3D,CAAC,CAAC,CAAA;IAEF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE;QACxB,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,CAAC,CAAA;QACnC,OAAO,EAAE,CAAA;IACV,CAAC,CAAC,CAAA;AACH,CAAC;AAED,IAAI,EAAE,CAAA"}

package/dist/index.d.ts

@@ -0,0 +1,15 @@
+/**
+ * @goobits/sherpa - MCP hooks and repo setup for safer AI coding
+ *
+ * CLI commands:
+ *   sherpa init  - Set up repo (husky, lint-staged, gitleaks, claude hooks)
+ *   sherpa pre   - PreToolUse hook (blocks dangerous commands)
+ *   sherpa post  - PostToolUse hook (offloads large output)
+ */
+export { runInit } from './commands/init.js';
+export { offloadOutput, runPost } from './commands/post.js';
+export { checkBashCommand, runPre } from './commands/pre.js';
+export * from './parser.js';
+export * from './rules.js';
+export * from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AAC5C,OAAO,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAA;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAA;AAC5D,cAAc,aAAa,CAAA;AAC3B,cAAc,YAAY,CAAA;AAC1B,cAAc,YAAY,CAAA"}