@goobits/sherpa 1.0.1

package/dist/rules.js

@@ -0,0 +1,165 @@
+/**
+ * Rule matching engine for guard
+ */
+import { isPathWithinAllowed, normalizePath } from './parser.js';
+// Cache compiled RegExp patterns to avoid recompilation on every check
+const regexCache = new Map();
+function getRegex(pattern) {
+    let regex = regexCache.get(pattern);
+    if (!regex) {
+        regex = new RegExp(pattern);
+        regexCache.set(pattern, regex);
+    }
+    return regex;
+}
+/**
+ * Check if command matches a block rule
+ */
+export function matchesBlockRule(cmdInfo, rule) {
+    // Check command name
+    if (rule.cmd) {
+        const cmds = Array.isArray(rule.cmd) ? rule.cmd : [rule.cmd];
+        if (!cmds.includes(cmdInfo.cmd)) {
+            return false;
+        }
+    }
+    // Check subcommand (for git, etc.)
+    if (rule.subcommand && cmdInfo.subcommand !== rule.subcommand) {
+        return false;
+    }
+    // Check flags
+    if (rule.flags) {
+        const ruleFlags = Array.isArray(rule.flags) ? rule.flags : [rule.flags];
+        const mode = rule.flagMode || 'all';
+        if (mode === 'any') {
+            const hasAnyFlag = ruleFlags.some(f => cmdInfo.flags.includes(f));
+            if (!hasAnyFlag) {
+                return false;
+            }
+        }
+        else {
+            const hasAllFlags = ruleFlags.every(f => cmdInfo.flags.includes(f));
+            if (!hasAllFlags) {
+                return false;
+            }
+        }
+    }
+    // Check path patterns (using normalized paths to catch traversal)
+    if (rule.pathPatterns) {
+        const patterns = Array.isArray(rule.pathPatterns)
+            ? rule.pathPatterns
+            : [rule.pathPatterns];
+        const pathsToCheck = cmdInfo.paths.length > 0 ? cmdInfo.paths : cmdInfo.args;
+        if (pathsToCheck.length === 0) {
+            return false;
+        }
+        const matchesPath = pathsToCheck.some(p => {
+            const pathInfo = normalizePath(p);
+            // Check both original AND normalized path for block rules
+            return patterns.some(pattern => {
+                const regex = getRegex(pattern);
+                return regex.test(pathInfo.original) || regex.test(pathInfo.normalized);
+            });
+        });
+        if (!matchesPath) {
+            return false;
+        }
+    }
+    // Check arg patterns
+    if (rule.argPatterns) {
+        const patterns = Array.isArray(rule.argPatterns)
+            ? rule.argPatterns
+            : [rule.argPatterns];
+        const rawStr = cmdInfo.raw.join(' ');
+        const matchesArg = patterns.some(pattern => getRegex(pattern).test(rawStr));
+        if (!matchesArg) {
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * Check if command matches an allow rule
+ */
+export function matchesAllowRule(cmdInfo, rule) {
+    if (rule.cmd) {
+        const cmds = Array.isArray(rule.cmd) ? rule.cmd : [rule.cmd];
+        if (!cmds.includes(cmdInfo.cmd)) {
+            return false;
+        }
+    }
+    if (rule.pathPatterns) {
+        const patterns = Array.isArray(rule.pathPatterns)
+            ? rule.pathPatterns
+            : [rule.pathPatterns];
+        const pathsToCheck = cmdInfo.paths.length > 0 ? cmdInfo.paths : cmdInfo.args;
+        if (pathsToCheck.length === 0) {
+            return false;
+        }
+        const matchesPath = pathsToCheck.some(p => {
+            const pathInfo = normalizePath(p);
+            return patterns.some(pattern => isPathWithinAllowed(pathInfo, pattern));
+        });
+        if (!matchesPath) {
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * Check pipeline for dangerous pipe patterns (curl | bash)
+ */
+export function checkPipeline(ast, rules) {
+    if (!ast || ast.type !== 'Script') {
+        return null;
+    }
+    for (const cmd of ast.commands || []) {
+        if (cmd.type !== 'Pipeline') {
+            continue;
+        }
+        const pipeCommands = (cmd.commands || [])
+            .map(c => c.name?.text)
+            .filter((t) => Boolean(t));
+        for (const rule of rules.block || []) {
+            if (!rule.pipeTo) {
+                continue;
+            }
+            const cmds = Array.isArray(rule.cmd) ? rule.cmd : [rule.cmd];
+            const pipes = Array.isArray(rule.pipeTo) ? rule.pipeTo : [rule.pipeTo];
+            // Find if source command exists in pipeline
+            for (let i = 0; i < pipeCommands.length; i++) {
+                if (cmds.includes(pipeCommands[i])) {
+                    // Check if ANY subsequent command is a dangerous target
+                    for (let j = i + 1; j < pipeCommands.length; j++) {
+                        if (pipes.includes(pipeCommands[j])) {
+                            return rule;
+                        }
+                    }
+                }
+            }
+        }
+    }
+    return null;
+}
+/**
+ * Check a command against all rules
+ */
+export function checkCommand(cmdInfo, rules) {
+    // First check allow rules
+    for (const rule of rules.allow || []) {
+        if (matchesAllowRule(cmdInfo, rule)) {
+            return { blocked: false, reason: `Allowed: ${rule.name}` };
+        }
+    }
+    // Then check block rules
+    for (const rule of rules.block || []) {
+        if (rule.pipeTo) {
+            continue;
+        } // Handled separately
+        if (matchesBlockRule(cmdInfo, rule)) {
+            return { blocked: true, rule };
+        }
+    }
+    return { blocked: false };
+}
+//# sourceMappingURL=rules.js.map

package/dist/rules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.js","sourceRoot":"","sources":["../src/rules.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,mBAAmB,EAAC,aAAa,EAAE,MAAM,aAAa,CAAA;AAG/D,uEAAuE;AACvE,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAA;AAE5C,SAAS,QAAQ,CAAC,OAAe;IAChC,IAAI,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IACnC,IAAI,CAAC,KAAK,EAAE,CAAC;QACZ,KAAK,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,CAAA;QAC3B,UAAU,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IAC/B,CAAC;IACD,OAAO,KAAK,CAAA;AACb,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAoB,EAAE,IAAU;IAChE,qBAAqB;IACrB,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,IAAI,CAAC,GAAG,CAAE,CAAA;QAC9D,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAAA,OAAO,KAAK,CAAA;QAAA,CAAC;IAChD,CAAC;IAED,mCAAmC;IACnC,IAAI,IAAI,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,KAAK,IAAI,CAAC,UAAU,EAAE,CAAC;QAC/D,OAAO,KAAK,CAAA;IACb,CAAC;IAED,cAAc;IACd,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QAChB,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAE,IAAI,CAAC,KAAK,CAAE,CAAA;QACzE,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAA;QAEnC,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACpB,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;YACjE,IAAI,CAAC,UAAU,EAAE,CAAC;gBAAA,OAAO,KAAK,CAAA;YAAA,CAAC;QAChC,CAAC;aAAM,CAAC;YACP,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;YACnE,IAAI,CAAC,WAAW,EAAE,CAAC;gBAAA,OAAO,KAAK,CAAA;YAAA,CAAC;QACjC,CAAC;IACF,CAAC;IAED,kEAAkE;IAClE,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC;YAChD,CAAC,CAAC,IAAI,CAAC,YAAY;YACnB,CAAC,CAAC,CAAE,IAAI,CAAC,YAAY,CAAE,CAAA;QACxB,MAAM,YAAY,GACjB,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAA;QACxD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAAA,OAAO,KAAK,CAAA;QAAA,CAAC;QAE7C,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;YACzC,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAA;YACjC,0DAA0D;YAC1D,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;gBAC9B,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAA;gBAC/B,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;YACxE,CAAC,CAAC,CAAA;QACH,CAAC,CAAC,CAAA;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;YAAA,OAAO,KAAK,CAAA;QAAA,CAAC;IACjC,CAAC;IAED,qBAAqB;IACrB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACtB,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;YAC/C,CAAC,CAAC,IAAI,CAAC,WAAW;YAClB,CAAC,CAAC,CAAE,IAAI,CAAC,WAAW,CAAE,CAAA;QACvB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACpC,MAAM,UAAU,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAC1C,QAAQ,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAC9B,CAAA;QACD,IAAI,CAAC,UAAU,EAAE,CAAC;YAAA,OAAO,KAAK,CAAA;QAAA,CAAC;IAChC,CAAC;IAED,OAAO,IAAI,CAAA;AACZ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAoB,EAAE,IAAU;IAChE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,IAAI,CAAC,GAAG,CAAE,CAAA;QAC9D,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAAA,OAAO,KAAK,CAAA;QAAA,CAAC;IAChD,CAAC;IAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC;YAChD,CAAC,CAAC,IAAI,CAAC,YAAY;YACnB,CAAC,CAAC,CAAE,IAAI,CAAC,YAAY,CAAE,CAAA;QACxB,MAAM,YAAY,GACjB,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAA;QACxD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAAA,OAAO,KAAK,CAAA;QAAA,CAAC;QAE7C,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;YACzC,MAAM,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAA;YACjC,OAAO,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAA;QACxE,CAAC,CAAC,CAAA;QAEF,IAAI,CAAC,WAAW,EAAE,CAAC;YAAA,OAAO,KAAK,CAAA;QAAA,CAAC;IACjC,CAAC;IAED,OAAO,IAAI,CAAA;AACZ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,GAAY,EAAE,KAAkB;IAC7D,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAAA,OAAO,IAAI,CAAA;IAAA,CAAC;IAEhD,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;QACtC,IAAI,GAAG,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAAA,SAAQ;QAAA,CAAC;QAEvC,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;aACvC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC;aACtB,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAA;QAExC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC;YACtC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBAAA,SAAQ;YAAA,CAAC;YAE5B,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,IAAI,CAAC,GAAG,CAAE,CAAA;YAC9D,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAE,IAAI,CAAC,MAAM,CAAE,CAAA;YAExE,4CAA4C;YAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC9C,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;oBACpC,wDAAwD;oBACxD,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;wBAClD,IAAI,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;4BACrC,OAAO,IAAI,CAAA;wBACZ,CAAC;oBACF,CAAC;gBACF,CAAC;YACF,CAAC;QACF,CAAC;IACF,CAAC;IAED,OAAO,IAAI,CAAA;AACZ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAC3B,OAAoB,EACpB,KAAkB;IAElB,0BAA0B;IAC1B,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC;QACtC,IAAI,gBAAgB,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,YAAa,IAAI,CAAC,IAAK,EAAE,EAAE,CAAA;QAC7D,CAAC;IACF,CAAC;IAED,yBAAyB;IACzB,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAAA,SAAQ;QAAA,CAAC,CAAC,qBAAqB;QACjD,IAAI,gBAAgB,CAAC,OAAO,EAAE,IAAI,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;QAC/B,CAAC;IACF,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;AAC1B,CAAC"}

package/dist/status-Q6Z4TFJZ.js

@@ -0,0 +1,52 @@
+import {
+  checkProviderStatus,
+  getAvailableProviders
+} from "./chunk-3CILH2TO.js";
+
+// src/commands/status.ts
+async function runStatus() {
+  console.log("Checking LLM providers...\n");
+  const available = getAvailableProviders();
+  if (available.length === 0) {
+    console.log("No providers configured.");
+    console.log("Set CEREBRAS_API_KEY, GROQ_API_KEY, or OPENAI_API_KEY");
+    return;
+  }
+  console.log(`Configured: ${available.join(", ")}
+`);
+  const statuses = await checkProviderStatus();
+  for (const status of statuses) {
+    const icon = status.available ? "\u2713" : "\u2717";
+    console.log(`${icon} ${status.provider.toUpperCase()}`);
+    if (status.error) {
+      console.log(`  Error: ${status.error}`);
+      continue;
+    }
+    if (status.limits) {
+      const l = status.limits;
+      if (l.requestsPerMinute && l.requestsRemainingMinute) {
+        const pct = Math.round(l.requestsRemainingMinute / l.requestsPerMinute * 100);
+        console.log(`  Requests/min: ${l.requestsRemainingMinute.toLocaleString()}/${l.requestsPerMinute.toLocaleString()} (${pct}%)`);
+      }
+      if (l.requestsRemainingDay) {
+        const limit = l.requestsPerDay || 14400;
+        const used = limit - l.requestsRemainingDay;
+        console.log(`  Requests/day: ${l.requestsRemainingDay.toLocaleString()} remaining (${used.toLocaleString()} used)`);
+      }
+      if (l.tokensPerMinute && l.tokensRemainingMinute) {
+        const pct = Math.round(l.tokensRemainingMinute / l.tokensPerMinute * 100);
+        console.log(`  Tokens/min: ${l.tokensRemainingMinute.toLocaleString()}/${l.tokensPerMinute.toLocaleString()} (${pct}%)`);
+      }
+      if (l.tokensRemainingDay) {
+        const limit = l.tokensPerDay || 1e6;
+        const used = limit - l.tokensRemainingDay;
+        console.log(`  Tokens/day: ${l.tokensRemainingDay.toLocaleString()} remaining (${used.toLocaleString()} used)`);
+      }
+    }
+    console.log("");
+  }
+}
+export {
+  runStatus
+};
+//# sourceMappingURL=status-Q6Z4TFJZ.js.map

package/dist/status-Q6Z4TFJZ.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../src/commands/status.ts"],
+  "sourcesContent": ["/**\n * sherpa status - Show LLM provider status and rate limits\n */\n\nimport { checkProviderStatus, getAvailableProviders } from '@goobits/sherpa-core'\n\nexport async function runStatus(): Promise<void> {\n\tconsole.log('Checking LLM providers...\\n')\n\n\tconst available = getAvailableProviders()\n\n\tif (available.length === 0) {\n\t\tconsole.log('No providers configured.')\n\t\tconsole.log('Set CEREBRAS_API_KEY, GROQ_API_KEY, or OPENAI_API_KEY')\n\t\treturn\n\t}\n\n\tconsole.log(`Configured: ${ available.join(', ') }\\n`)\n\n\tconst statuses = await checkProviderStatus()\n\n\tfor (const status of statuses) {\n\t\tconst icon = status.available ? '\u2713' : '\u2717'\n\t\tconsole.log(`${ icon } ${ status.provider.toUpperCase() }`)\n\n\t\tif (status.error) {\n\t\t\tconsole.log(`  Error: ${ status.error }`)\n\t\t\tcontinue\n\t\t}\n\n\t\tif (status.limits) {\n\t\t\tconst l = status.limits\n\n\t\t\t// Show requests\n\t\t\tif (l.requestsPerMinute && l.requestsRemainingMinute) {\n\t\t\t\tconst pct = Math.round((l.requestsRemainingMinute / l.requestsPerMinute) * 100)\n\t\t\t\tconsole.log(`  Requests/min: ${ l.requestsRemainingMinute.toLocaleString() }/${ l.requestsPerMinute.toLocaleString() } (${ pct }%)`)\n\t\t\t}\n\t\t\tif (l.requestsRemainingDay) {\n\t\t\t\tconst limit = l.requestsPerDay || 14400 // Cerebras free tier default\n\t\t\t\tconst used = limit - l.requestsRemainingDay\n\t\t\t\tconsole.log(`  Requests/day: ${ l.requestsRemainingDay.toLocaleString() } remaining (${ used.toLocaleString() } used)`)\n\t\t\t}\n\n\t\t\t// Show tokens\n\t\t\tif (l.tokensPerMinute && l.tokensRemainingMinute) {\n\t\t\t\tconst pct = Math.round((l.tokensRemainingMinute / l.tokensPerMinute) * 100)\n\t\t\t\tconsole.log(`  Tokens/min: ${ l.tokensRemainingMinute.toLocaleString() }/${ l.tokensPerMinute.toLocaleString() } (${ pct }%)`)\n\t\t\t}\n\t\t\tif (l.tokensRemainingDay) {\n\t\t\t\tconst limit = l.tokensPerDay || 1000000 // Cerebras free tier default\n\t\t\t\tconst used = limit - l.tokensRemainingDay\n\t\t\t\tconsole.log(`  Tokens/day: ${ l.tokensRemainingDay.toLocaleString() } remaining (${ used.toLocaleString() } used)`)\n\t\t\t}\n\t\t}\n\t\tconsole.log('')\n\t}\n}\n"],
+  "mappings": ";;;;;;AAMA,eAAsB,YAA2B;AAChD,UAAQ,IAAI,6BAA6B;AAEzC,QAAM,YAAY,sBAAsB;AAExC,MAAI,UAAU,WAAW,GAAG;AAC3B,YAAQ,IAAI,0BAA0B;AACtC,YAAQ,IAAI,uDAAuD;AACnE;AAAA,EACD;AAEA,UAAQ,IAAI,eAAgB,UAAU,KAAK,IAAI,CAAE;AAAA,CAAI;AAErD,QAAM,WAAW,MAAM,oBAAoB;AAE3C,aAAW,UAAU,UAAU;AAC9B,UAAM,OAAO,OAAO,YAAY,WAAM;AACtC,YAAQ,IAAI,GAAI,IAAK,IAAK,OAAO,SAAS,YAAY,CAAE,EAAE;AAE1D,QAAI,OAAO,OAAO;AACjB,cAAQ,IAAI,YAAa,OAAO,KAAM,EAAE;AACxC;AAAA,IACD;AAEA,QAAI,OAAO,QAAQ;AAClB,YAAM,IAAI,OAAO;AAGjB,UAAI,EAAE,qBAAqB,EAAE,yBAAyB;AACrD,cAAM,MAAM,KAAK,MAAO,EAAE,0BAA0B,EAAE,oBAAqB,GAAG;AAC9E,gBAAQ,IAAI,mBAAoB,EAAE,wBAAwB,eAAe,CAAE,IAAK,EAAE,kBAAkB,eAAe,CAAE,KAAM,GAAI,IAAI;AAAA,MACpI;AACA,UAAI,EAAE,sBAAsB;AAC3B,cAAM,QAAQ,EAAE,kBAAkB;AAClC,cAAM,OAAO,QAAQ,EAAE;AACvB,gBAAQ,IAAI,mBAAoB,EAAE,qBAAqB,eAAe,CAAE,eAAgB,KAAK,eAAe,CAAE,QAAQ;AAAA,MACvH;AAGA,UAAI,EAAE,mBAAmB,EAAE,uBAAuB;AACjD,cAAM,MAAM,KAAK,MAAO,EAAE,wBAAwB,EAAE,kBAAmB,GAAG;AAC1E,gBAAQ,IAAI,iBAAkB,EAAE,sBAAsB,eAAe,CAAE,IAAK,EAAE,gBAAgB,eAAe,CAAE,KAAM,GAAI,IAAI;AAAA,MAC9H;AACA,UAAI,EAAE,oBAAoB;AACzB,cAAM,QAAQ,EAAE,gBAAgB;AAChC,cAAM,OAAO,QAAQ,EAAE;AACvB,gBAAQ,IAAI,iBAAkB,EAAE,mBAAmB,eAAe,CAAE,eAAgB,KAAK,eAAe,CAAE,QAAQ;AAAA,MACnH;AAAA,IACD;AACA,YAAQ,IAAI,EAAE;AAAA,EACf;AACD;",
+  "names": []
+}

package/dist/types.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Type definitions for guard
+ */
+/** Parsed command info extracted from AST */
+export interface CommandInfo {
+    cmd: string;
+    args: string[];
+    flags: string[];
+    paths: string[];
+    raw: string[];
+    subcommand?: string;
+    subArgs?: string[];
+}
+/** Normalized path info for traversal detection */
+export interface PathInfo {
+    original: string;
+    normalized: string;
+    hasTraversal: boolean;
+    isAbsolute: boolean;
+}
+/** Rule definition for blocking/allowing commands */
+export interface Rule {
+    name: string;
+    cmd?: string | string[];
+    subcommand?: string;
+    flags?: string | string[];
+    flagMode?: 'all' | 'any';
+    pathPatterns?: string | string[];
+    argPatterns?: string | string[];
+    pipeTo?: string | string[];
+    reason: string;
+}
+/** Rules configuration */
+export interface RulesConfig {
+    block: Rule[];
+    allow: Rule[];
+}
+/** Check result */
+export interface CheckResult {
+    blocked: boolean;
+    rule?: Rule;
+    reason?: string;
+}
+/** Bash parser AST node types */
+export interface ASTNode {
+    type: string;
+    commands?: ASTNode[];
+    left?: ASTNode;
+    right?: ASTNode;
+    list?: ASTNode[];
+    name?: {
+        text: string;
+    };
+    suffix?: Array<{
+        text: string;
+    }>;
+}
+/** Guard configuration */
+export interface GuardConfig {
+    maxTokens: number;
+    previewTokens: number;
+    scratchDir: string;
+    maxAgeMinutes: number;
+    maxScratchSizeMB: number;
+    socketPath: string;
+}
+/** Default guard configuration */
+export declare const DEFAULT_CONFIG: GuardConfig;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,6CAA6C;AAC7C,MAAM,WAAW,WAAW;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,mDAAmD;AACnD,MAAM,WAAW,QAAQ;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,UAAU,EAAE,OAAO,CAAC;CACpB;AAED,qDAAqD;AACrD,MAAM,WAAW,IAAI;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC1B,QAAQ,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACjC,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAChC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;CACf;AAED,0BAA0B;AAC1B,MAAM,WAAW,WAAW;IAC3B,KAAK,EAAE,IAAI,EAAE,CAAC;IACd,KAAK,EAAE,IAAI,EAAE,CAAC;CACd;AAED,mBAAmB;AACnB,MAAM,WAAW,WAAW;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,IAAI,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,iCAAiC;AACjC,MAAM,WAAW,OAAO;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,OAAO,EAAE,CAAC;IACrB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC;IACjB,IAAI,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACxB,MAAM,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACjC;AAED,0BAA0B;AAC1B,MAAM,WAAW,WAAW;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED,kCAAkC;AAClC,eAAO,MAAM,cAAc,EAAE,WAO5B,CAAA"}

package/dist/types.js

@@ -0,0 +1,13 @@
+/**
+ * Type definitions for guard
+ */
+/** Default guard configuration */
+export const DEFAULT_CONFIG = {
+    maxTokens: 2000,
+    previewTokens: 500,
+    scratchDir: '.claude/scratch',
+    maxAgeMinutes: 60,
+    maxScratchSizeMB: 50,
+    socketPath: '/tmp/mcp-guard.sock'
+};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAoEH,kCAAkC;AAClC,MAAM,CAAC,MAAM,cAAc,GAAgB;IAC1C,SAAS,EAAE,IAAI;IACf,aAAa,EAAE,GAAG;IAClB,UAAU,EAAE,iBAAiB;IAC7B,aAAa,EAAE,EAAE;IACjB,gBAAgB,EAAE,EAAE;IACpB,UAAU,EAAE,qBAAqB;CACjC,CAAA"}

package/package.json

@@ -0,0 +1,52 @@
+{
+  "name": "@goobits/sherpa",
+  "version": "1.0.1",
+  "description": "CLI guard for safer AI coding - blocks dangerous bash commands and manages output context",
+  "type": "module",
+  "bin": {
+    "sherpa": "dist/cli.js"
+  },
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc --emitDeclarationOnly && node scripts/build.mjs",
+    "dev": "tsc --watch",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "prepublishOnly": "npm run build && npm run test"
+  },
+  "keywords": [
+    "claude",
+    "claude-code",
+    "mcp",
+    "ai",
+    "coding",
+    "safety",
+    "hooks",
+    "bash",
+    "guard"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/goobits/sherpa.git",
+    "directory": "packages/sherpa"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "bash-parser": "^0.5.0",
+    "glob": "^10.4.0",
+    "ignore": "^5.3.0",
+    "openai": "^4.77.0",
+    "tiktoken": "^1.0.0"
+  },
+  "devDependencies": {
+    "@goobits/sherpa-core": "workspace:*",
+    "esbuild": "^0.23.0",
+    "vitest": "^2.0.0"
+  }
+}