@goplus/agentguard 1.0.14 → 1.1.3

package/dist/runtime/policy.js

@@ -0,0 +1,81 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getDefaultEffectiveRuntimePolicy = getDefaultEffectiveRuntimePolicy;
+exports.loadCachedPolicy = loadCachedPolicy;
+exports.saveCachedPolicy = saveCachedPolicy;
+exports.resolveRuntimePolicy = resolveRuntimePolicy;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+function getDefaultEffectiveRuntimePolicy() {
+    return {
+        policyVersion: 'runtime-local-v0.1',
+        mode: 'balanced',
+        decisions: {
+            destructiveCommand: 'block',
+            remoteCodeExecution: 'block',
+            dataExfiltration: 'block',
+            secretAccess: 'require_approval',
+            deployAction: 'require_approval',
+        },
+        protectedPaths: [
+            '~/.ssh/**',
+            '~/.aws/**',
+            '~/.config/**/credentials*',
+            '**/.env*',
+            '**/*private-key*',
+            '**/*seed*',
+        ],
+        blockedCommandPatterns: [
+            'rm -rf /',
+            'curl ... | bash',
+            'wget ... | sh',
+            'base64 -d | bash',
+            'git push --force',
+        ],
+        allowedCommandPatterns: [],
+        approvalActionTypes: ['file_read', 'file_write', 'deploy'],
+        network: {
+            defaultOutbound: 'warn',
+            blockedDomains: [
+                'discord.com/api/webhooks',
+                'hooks.slack.com/services',
+                'api.telegram.org/bot',
+            ],
+            approvalDomains: [],
+        },
+        updatedAt: new Date(0).toISOString(),
+    };
+}
+function loadCachedPolicy(cachePath) {
+    try {
+        if (!(0, node_fs_1.existsSync)(cachePath))
+            return null;
+        return JSON.parse((0, node_fs_1.readFileSync)(cachePath, 'utf8'));
+    }
+    catch {
+        return null;
+    }
+}
+function saveCachedPolicy(cachePath, policy) {
+    (0, node_fs_1.mkdirSync)((0, node_path_1.dirname)(cachePath), { recursive: true });
+    (0, node_fs_1.writeFileSync)(cachePath, `${JSON.stringify(policy, null, 2)}\n`);
+}
+async function resolveRuntimePolicy(options) {
+    if (options.fetchPolicy) {
+        try {
+            const cloudPolicy = await options.fetchPolicy();
+            if (cloudPolicy) {
+                saveCachedPolicy(options.cachePath, cloudPolicy);
+                return { policy: cloudPolicy, source: 'cloud' };
+            }
+        }
+        catch {
+            // Fall through to cache/default.
+        }
+    }
+    const cached = loadCachedPolicy(options.cachePath);
+    if (cached)
+        return { policy: cached, source: 'cache' };
+    return { policy: getDefaultEffectiveRuntimePolicy(), source: 'default' };
+}
+//# sourceMappingURL=policy.js.map

package/dist/runtime/policy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/runtime/policy.ts"],"names":[],"mappings":";;AAIA,4EAuCC;AAED,4CAOC;AAED,4CAGC;AAED,oDAmBC;AA9ED,qCAA6E;AAC7E,yCAAoC;AAGpC,SAAgB,gCAAgC;IAC9C,OAAO;QACL,aAAa,EAAE,oBAAoB;QACnC,IAAI,EAAE,UAAU;QAChB,SAAS,EAAE;YACT,kBAAkB,EAAE,OAAO;YAC3B,mBAAmB,EAAE,OAAO;YAC5B,gBAAgB,EAAE,OAAO;YACzB,YAAY,EAAE,kBAAkB;YAChC,YAAY,EAAE,kBAAkB;SACjC;QACD,cAAc,EAAE;YACd,WAAW;YACX,WAAW;YACX,2BAA2B;YAC3B,UAAU;YACV,kBAAkB;YAClB,WAAW;SACZ;QACD,sBAAsB,EAAE;YACtB,UAAU;YACV,iBAAiB;YACjB,eAAe;YACf,kBAAkB;YAClB,kBAAkB;SACnB;QACD,sBAAsB,EAAE,EAAE;QAC1B,mBAAmB,EAAE,CAAC,WAAW,EAAE,YAAY,EAAE,QAAQ,CAAC;QAC1D,OAAO,EAAE;YACP,eAAe,EAAE,MAAM;YACvB,cAAc,EAAE;gBACd,0BAA0B;gBAC1B,0BAA0B;gBAC1B,sBAAsB;aACvB;YACD,eAAe,EAAE,EAAE;SACpB;QACD,SAAS,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;KACrC,CAAC;AACJ,CAAC;AAED,SAAgB,gBAAgB,CAAC,SAAiB;IAChD,IAAI,CAAC;QACH,IAAI,CAAC,IAAA,oBAAU,EAAC,SAAS,CAAC;YAAE,OAAO,IAAI,CAAC;QACxC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,SAAS,EAAE,MAAM,CAAC,CAA2B,CAAC;IAC/E,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAgB,gBAAgB,CAAC,SAAiB,EAAE,MAA8B;IAChF,IAAA,mBAAS,EAAC,IAAA,mBAAO,EAAC,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,IAAA,uBAAa,EAAC,SAAS,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;AACnE,CAAC;AAEM,KAAK,UAAU,oBAAoB,CAAC,OAG1C;IACC,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;YAChD,IAAI,WAAW,EAAE,CAAC;gBAChB,gBAAgB,CAAC,OAAO,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;gBACjD,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;YAClD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,iCAAiC;QACnC,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACnD,IAAI,MAAM;QAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACvD,OAAO,EAAE,MAAM,EAAE,gCAAgC,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;AAC3E,CAAC"}

package/dist/runtime/protect.d.ts

@@ -0,0 +1,22 @@
+import type { AgentGuardConfig } from '../config.js';
+import type { RuntimeAgentHost, RuntimeAuditEvent, RuntimeActionType, RuntimeDecision } from './types.js';
+export interface ProtectOptions {
+    config: AgentGuardConfig;
+    rawInput?: unknown;
+    stdinText?: string;
+    agentHost?: RuntimeAgentHost;
+    actionType?: RuntimeActionType;
+    toolName?: string;
+    sessionId?: string;
+    decisionMode?: 'local-first' | 'cloud';
+}
+export interface ProtectResult {
+    decision: RuntimeDecision;
+    event: RuntimeAuditEvent;
+    approvalId?: string | null;
+    policySource: 'cloud' | 'cache' | 'default' | 'cloud-decision';
+}
+export declare function protectAction(options: ProtectOptions): Promise<ProtectResult | null>;
+export declare function formatProtectResult(result: ProtectResult, json?: boolean): string;
+export declare function exitCodeForDecision(decision: RuntimeDecision): number;
+//# sourceMappingURL=protect.d.ts.map

package/dist/runtime/protect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protect.d.ts","sourceRoot":"","sources":["../../src/runtime/protect.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAIrD,OAAO,KAAK,EAAiB,gBAAgB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAEzH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAC7B,UAAU,CAAC,EAAE,iBAAiB,CAAC;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC;CACxC;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,eAAe,CAAC;IAC1B,KAAK,EAAE,iBAAiB,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,YAAY,EAAE,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,gBAAgB,CAAC;CAChE;AAED,wBAAsB,aAAa,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAiD1F;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,aAAa,EAAE,IAAI,UAAQ,GAAG,MAAM,CA0B/E;AAED,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,eAAe,GAAG,MAAM,CAErE"}

package/dist/runtime/protect.js

@@ -0,0 +1,172 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.protectAction = protectAction;
+exports.formatProtectResult = formatProtectResult;
+exports.exitCodeForDecision = exitCodeForDecision;
+const node_process_1 = require("node:process");
+const client_js_1 = require("../cloud/client.js");
+const audit_js_1 = require("./audit.js");
+const evaluator_js_1 = require("./evaluator.js");
+const policy_js_1 = require("./policy.js");
+async function protectAction(options) {
+    const action = buildRuntimeAction(options);
+    if (!action.input)
+        return null;
+    const client = new client_js_1.AgentGuardCloudClient(options.config);
+    if (client.connected) {
+        await (0, audit_js_1.flushEventSpool)(options.config.eventSpoolPath, (events) => client.ingestEvents(events)).catch(() => undefined);
+    }
+    let decision;
+    let policySource;
+    if (options.decisionMode === 'cloud' && client.connected) {
+        decision = await client.evaluateAction(action);
+        policySource = 'cloud-decision';
+    }
+    else {
+        const { policy, source } = await (0, policy_js_1.resolveRuntimePolicy)({
+            cachePath: options.config.policyCachePath,
+            fetchPolicy: client.connected ? () => client.fetchEffectivePolicy() : undefined,
+        });
+        decision = await (0, evaluator_js_1.evaluateLocalAction)(policy, action);
+        policySource = source;
+    }
+    const event = {
+        ...action,
+        actionId: decision.actionId,
+        decision: decision.decision,
+        riskScore: decision.riskScore,
+        riskLevel: decision.riskLevel,
+        reasons: decision.reasons,
+        policyVersion: decision.policyVersion,
+        metadata: {
+            ...(action.metadata || {}),
+            evaluation: policySource === 'cloud-decision' ? 'cloud' : 'local-oss',
+            policySource,
+        },
+    };
+    (0, audit_js_1.writeAuditLog)(options.config.auditPath, event);
+    let approvalId;
+    if (client.connected && policySource !== 'cloud-decision') {
+        await client.ingestEvents([event]).catch(() => (0, audit_js_1.spoolEvent)(options.config.eventSpoolPath, event));
+    }
+    if (client.connected && decision.decision === 'require_approval') {
+        approvalId = await client.createApproval(event).catch(() => null);
+    }
+    return { decision, event, approvalId, policySource };
+}
+function formatProtectResult(result, json = false) {
+    if (json) {
+        return JSON.stringify({
+            decision: publicDecision(result.decision.decision),
+            cloudDecision: result.decision.decision,
+            actionId: result.decision.actionId,
+            riskScore: result.decision.riskScore,
+            riskLevel: result.decision.riskLevel,
+            reasons: result.decision.reasons,
+            approvalId: result.approvalId,
+            policySource: result.policySource,
+        }, null, 2);
+    }
+    const reasonCount = result.decision.reasons.length;
+    if (result.decision.decision === 'block') {
+        return `BLOCKED by AgentGuard (action: ${result.decision.actionId}, risk: ${result.decision.riskScore}/100, level: ${result.decision.riskLevel}, reasons: ${reasonCount}).`;
+    }
+    if (result.decision.decision === 'require_approval') {
+        const approval = result.approvalId ? `approval: ${result.approvalId}, ` : '';
+        return `CONFIRM required by AgentGuard (${approval}action: ${result.decision.actionId}, risk: ${result.decision.riskScore}/100, level: ${result.decision.riskLevel}, reasons: ${reasonCount}).`;
+    }
+    if (result.decision.decision === 'warn') {
+        return `WARN from AgentGuard (action: ${result.decision.actionId}, risk: ${result.decision.riskScore}/100, level: ${result.decision.riskLevel}, reasons: ${reasonCount}).`;
+    }
+    return 'ALLOW by AgentGuard.';
+}
+function exitCodeForDecision(decision) {
+    return decision.decision === 'block' || decision.decision === 'require_approval' ? 2 : 0;
+}
+function publicDecision(decision) {
+    return decision === 'require_approval' ? 'confirm' : decision;
+}
+function buildRuntimeAction(options) {
+    const raw = parseRawInput(options.rawInput, options.stdinText);
+    const envActionType = process.env.AGENTGUARD_ACTION_TYPE;
+    const envAgentHost = process.env.AGENTGUARD_AGENT_HOST;
+    const toolName = options.toolName || process.env.AGENTGUARD_TOOL_NAME || pickToolName(raw);
+    const actionType = options.actionType || envActionType || mapToolToRuntimeAction(toolName, raw);
+    return {
+        sessionId: options.sessionId || process.env.AGENTGUARD_SESSION_ID || pickSessionId(raw),
+        agentHost: options.agentHost || envAgentHost || 'claude-code',
+        actionType,
+        toolName,
+        input: process.env.TOOL_INPUT || pickInput(raw, actionType),
+        cwd: pickCwd(raw),
+        sourceSkill: pickSourceSkill(raw),
+        metadata: { rawProtocol: raw ? 'stdin-json' : 'env' },
+    };
+}
+function parseRawInput(rawInput, stdinText) {
+    if (rawInput && typeof rawInput === 'object')
+        return rawInput;
+    const text = stdinText?.trim();
+    if (!text)
+        return null;
+    try {
+        const parsed = JSON.parse(text);
+        return parsed && typeof parsed === 'object' ? parsed : null;
+    }
+    catch {
+        return { content: text };
+    }
+}
+function pickToolName(raw) {
+    if (!raw)
+        return 'Tool';
+    return String(raw.tool_name || raw.toolName || raw.name || 'Tool');
+}
+function mapToolToRuntimeAction(toolName, raw) {
+    const lower = toolName.toLowerCase();
+    if (toolName === 'Bash' || lower.includes('shell') || lower.includes('exec'))
+        return 'shell';
+    if (toolName === 'Read' || lower.includes('read'))
+        return 'file_read';
+    if (['Write', 'Edit', 'MultiEdit'].includes(toolName) || lower.includes('write'))
+        return 'file_write';
+    if (lower.includes('web') || lower.includes('browser'))
+        return 'network';
+    if (raw?.actionType && typeof raw.actionType === 'string')
+        return raw.actionType;
+    return 'other';
+}
+function pickInput(raw, actionType) {
+    if (!raw)
+        return '';
+    if (typeof raw.input === 'string')
+        return raw.input;
+    if (typeof raw.content === 'string')
+        return raw.content;
+    const toolInput = (raw.tool_input || raw.toolInput || raw.params);
+    if (toolInput && typeof toolInput === 'object') {
+        if (actionType === 'shell' && typeof toolInput.command === 'string')
+            return toolInput.command;
+        const filePath = toolInput.file_path || toolInput.path;
+        if ((actionType === 'file_read' || actionType === 'file_write') && typeof filePath === 'string')
+            return filePath;
+        const url = toolInput.url || toolInput.query;
+        if (typeof url === 'string')
+            return url;
+        return JSON.stringify(toolInput);
+    }
+    return JSON.stringify(raw);
+}
+function pickSessionId(raw) {
+    const sessionId = raw?.session_id || raw?.sessionId;
+    return typeof sessionId === 'string' ? sessionId : `sess_local_${Date.now()}`;
+}
+function pickCwd(raw) {
+    const value = raw?.cwd;
+    return typeof value === 'string' ? value : (0, node_process_1.cwd)();
+}
+function pickSourceSkill(raw) {
+    const value = raw?.sourceSkill || raw?.initiating_skill;
+    return typeof value === 'string' ? value : undefined;
+}
+//# sourceMappingURL=protect.js.map

package/dist/runtime/protect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protect.js","sourceRoot":"","sources":["../../src/runtime/protect.ts"],"names":[],"mappings":";;AA0BA,sCAiDC;AAED,kDA0BC;AAED,kDAEC;AA3GD,+CAAmC;AACnC,kDAA2D;AAE3D,yCAAwE;AACxE,iDAAqD;AACrD,2CAAmD;AAqB5C,KAAK,UAAU,aAAa,CAAC,OAAuB;IACzD,MAAM,MAAM,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC3C,IAAI,CAAC,MAAM,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAE/B,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACzD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,IAAA,0BAAe,EAAC,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;IACvH,CAAC;IAED,IAAI,QAAyB,CAAC;IAC9B,IAAI,YAA2C,CAAC;IAChD,IAAI,OAAO,CAAC,YAAY,KAAK,OAAO,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACzD,QAAQ,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAC/C,YAAY,GAAG,gBAAgB,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAA,gCAAoB,EAAC;YACpD,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,eAAe;YACzC,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC,CAAC,CAAC,SAAS;SAChF,CAAC,CAAC;QACH,QAAQ,GAAG,MAAM,IAAA,kCAAmB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrD,YAAY,GAAG,MAAM,CAAC;IACxB,CAAC;IAED,MAAM,KAAK,GAAsB;QAC/B,GAAG,MAAM;QACT,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,OAAO,EAAE,QAAQ,CAAC,OAAO;QACzB,aAAa,EAAE,QAAQ,CAAC,aAAa;QACrC,QAAQ,EAAE;YACR,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;YAC1B,UAAU,EAAE,YAAY,KAAK,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW;YACrE,YAAY;SACb;KACF,CAAC;IAEF,IAAA,wBAAa,EAAC,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAE/C,IAAI,UAAqC,CAAC;IAC1C,IAAI,MAAM,CAAC,SAAS,IAAI,YAAY,KAAK,gBAAgB,EAAE,CAAC;QAC1D,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAA,qBAAU,EAAC,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC,CAAC;IACnG,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,IAAI,QAAQ,CAAC,QAAQ,KAAK,kBAAkB,EAAE,CAAC;QACjE,UAAU,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,CAAC;AACvD,CAAC;AAED,SAAgB,mBAAmB,CAAC,MAAqB,EAAE,IAAI,GAAG,KAAK;IACrE,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,QAAQ,EAAE,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAClD,aAAa,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;YACvC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;YAClC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,SAAS;YACpC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,SAAS;YACpC,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,OAAO;YAChC,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,YAAY,EAAE,MAAM,CAAC,YAAY;SAClC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACd,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;IACnD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzC,OAAO,kCAAkC,MAAM,CAAC,QAAQ,CAAC,QAAQ,WAAW,MAAM,CAAC,QAAQ,CAAC,SAAS,gBAAgB,MAAM,CAAC,QAAQ,CAAC,SAAS,cAAc,WAAW,IAAI,CAAC;IAC9K,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,kBAAkB,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,UAAU,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7E,OAAO,mCAAmC,QAAQ,WAAW,MAAM,CAAC,QAAQ,CAAC,QAAQ,WAAW,MAAM,CAAC,QAAQ,CAAC,SAAS,gBAAgB,MAAM,CAAC,QAAQ,CAAC,SAAS,cAAc,WAAW,IAAI,CAAC;IAClM,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxC,OAAO,iCAAiC,MAAM,CAAC,QAAQ,CAAC,QAAQ,WAAW,MAAM,CAAC,QAAQ,CAAC,SAAS,gBAAgB,MAAM,CAAC,QAAQ,CAAC,SAAS,cAAc,WAAW,IAAI,CAAC;IAC7K,CAAC;IACD,OAAO,sBAAsB,CAAC;AAChC,CAAC;AAED,SAAgB,mBAAmB,CAAC,QAAyB;IAC3D,OAAO,QAAQ,CAAC,QAAQ,KAAK,OAAO,IAAI,QAAQ,CAAC,QAAQ,KAAK,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3F,CAAC;AAED,SAAS,cAAc,CAAC,QAAqC;IAC3D,OAAO,QAAQ,KAAK,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;AAChE,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAuB;IACjD,MAAM,GAAG,GAAG,aAAa,CAAC,OAAO,CAAC,QAAQ,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAC/D,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAuD,CAAC;IAC1F,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqD,CAAC;IACvF,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC;IAC3F,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,aAAa,IAAI,sBAAsB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAEhG,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,aAAa,CAAC,GAAG,CAAC;QACvF,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,YAAY,IAAI,aAAa;QAC7D,UAAU;QACV,QAAQ;QACR,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC;QAC3D,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC;QACjB,WAAW,EAAE,eAAe,CAAC,GAAG,CAAC;QACjC,QAAQ,EAAE,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,EAAE;KACtD,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,QAAiB,EAAE,SAAkB;IAC1D,IAAI,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ;QAAE,OAAO,QAAmC,CAAC;IACzF,MAAM,IAAI,GAAG,SAAS,EAAE,IAAI,EAAE,CAAC;IAC/B,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAY,CAAC;QAC3C,OAAO,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAiC,CAAC,CAAC,CAAC,IAAI,CAAC;IACzF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,GAAmC;IACvD,IAAI,CAAC,GAAG;QAAE,OAAO,MAAM,CAAC;IACxB,OAAO,MAAM,CAAC,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,IAAI,IAAI,MAAM,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,sBAAsB,CAAC,QAAgB,EAAE,GAAmC;IACnF,MAAM,KAAK,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IACrC,IAAI,QAAQ,KAAK,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,OAAO,CAAC;IAC7F,IAAI,QAAQ,KAAK,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,WAAW,CAAC;IACtE,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,YAAY,CAAC;IACtG,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IACzE,IAAI,GAAG,EAAE,UAAU,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC,UAA+B,CAAC;IACtG,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,SAAS,CAAC,GAAmC,EAAE,UAA6B;IACnF,IAAI,CAAC,GAAG;QAAE,OAAO,EAAE,CAAC;IACpB,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC;IACpD,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC,OAAO,CAAC;IACxD,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,MAAM,CAAwC,CAAC;IACzG,IAAI,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC/C,IAAI,UAAU,KAAK,OAAO,IAAI,OAAO,SAAS,CAAC,OAAO,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC,OAAO,CAAC;QAC9F,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,CAAC;QACvD,IAAI,CAAC,UAAU,KAAK,WAAW,IAAI,UAAU,KAAK,YAAY,CAAC,IAAI,OAAO,QAAQ,KAAK,QAAQ;YAAE,OAAO,QAAQ,CAAC;QACjH,MAAM,GAAG,GAAG,SAAS,CAAC,GAAG,IAAI,SAAS,CAAC,KAAK,CAAC;QAC7C,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,GAAG,CAAC;QACxC,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,aAAa,CAAC,GAAmC;IACxD,MAAM,SAAS,GAAG,GAAG,EAAE,UAAU,IAAI,GAAG,EAAE,SAAS,CAAC;IACpD,OAAO,OAAO,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,cAAc,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;AAChF,CAAC;AAED,SAAS,OAAO,CAAC,GAAmC;IAClD,MAAM,KAAK,GAAG,GAAG,EAAE,GAAG,CAAC;IACvB,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAA,kBAAG,GAAE,CAAC;AACnD,CAAC;AAED,SAAS,eAAe,CAAC,GAAmC;IAC1D,MAAM,KAAK,GAAG,GAAG,EAAE,WAAW,IAAI,GAAG,EAAE,gBAAgB,CAAC;IACxD,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC"}

package/dist/runtime/redaction.d.ts

@@ -0,0 +1,6 @@
+import type { PolicyReason } from './types.js';
+export declare function redactText(value: unknown): string;
+export declare function redactPreview(value: unknown, maxLength?: number): string;
+export declare function redactReasons(reasons: PolicyReason[]): PolicyReason[];
+export declare function redactMetadata(value: Record<string, unknown> | undefined, maxKeys?: number): Record<string, unknown>;
+//# sourceMappingURL=redaction.d.ts.map

package/dist/runtime/redaction.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redaction.d.ts","sourceRoot":"","sources":["../../src/runtime/redaction.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AA2B/C,wBAAgB,UAAU,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAMjD;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,SAAS,SAAO,GAAG,MAAM,CAEtE;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,YAAY,EAAE,CASrE;AAED,wBAAgB,cAAc,CAC5B,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,EAC1C,OAAO,SAAK,GACX,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CASzB"}

package/dist/runtime/redaction.js

@@ -0,0 +1,103 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.redactText = redactText;
+exports.redactPreview = redactPreview;
+exports.redactReasons = redactReasons;
+exports.redactMetadata = redactMetadata;
+const REDACTED = '[REDACTED]';
+const SECRET_VALUE_PATTERN = /(?:token|api[_-]?key|secret|password|passwd|authorization|access[_-]?key|client[_-]?secret)=([^&\s'"`]+)/gi;
+const SENSITIVE_KEY_PATTERN = /(?:token|api[_-]?key|secret|password|passwd|authorization|access[_-]?key|client[_-]?secret|signature|sig)/i;
+const REDACTION_PATTERNS = [
+    [/\bag_live_[A-Za-z0-9_-]{12,}\b/g, () => REDACTED],
+    [/\bsk-or-v1-[A-Za-z0-9_-]{12,}\b/g, () => REDACTED],
+    [/\bsk-[A-Za-z0-9_-]{12,}\b/g, () => REDACTED],
+    [/\bBearer\s+[A-Za-z0-9._~+/=-]{12,}\b/gi, () => `Bearer ${REDACTED}`],
+    [
+        /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g,
+        () => REDACTED,
+    ],
+    [
+        SECRET_VALUE_PATTERN,
+        (match) => {
+            const [key] = match.split('=');
+            return `${key}=${REDACTED}`;
+        },
+    ],
+];
+function redactText(value) {
+    let redacted = String(value ?? '');
+    for (const [pattern, replacement] of REDACTION_PATTERNS) {
+        redacted = redacted.replace(pattern, replacement);
+    }
+    return redactUrlSecrets(redacted);
+}
+function redactPreview(value, maxLength = 2000) {
+    return redactText(value).slice(0, maxLength);
+}
+function redactReasons(reasons) {
+    return reasons.map((reason) => ({
+        ...reason,
+        code: redactPreview(reason.code, 120),
+        title: redactPreview(reason.title, 240),
+        description: redactPreview(reason.description, 500),
+        evidence: reason.evidence ? redactPreview(reason.evidence, 240) : reason.evidence,
+        remediation: reason.remediation ? redactPreview(reason.remediation, 500) : reason.remediation,
+    }));
+}
+function redactMetadata(value, maxKeys = 25) {
+    if (!value)
+        return {};
+    const result = {};
+    for (const [key, item] of Object.entries(value).slice(0, maxKeys)) {
+        result[redactPreview(key, 120)] = SENSITIVE_KEY_PATTERN.test(key)
+            ? REDACTED
+            : redactUnknown(item, 0);
+    }
+    return result;
+}
+function redactUnknown(value, depth) {
+    if (value === null || value === undefined)
+        return value;
+    if (typeof value === 'string')
+        return redactPreview(value, 500);
+    if (typeof value === 'number' || typeof value === 'boolean')
+        return value;
+    if (Array.isArray(value)) {
+        if (depth >= 2)
+            return '[REDACTED_OBJECT]';
+        return value.slice(0, 25).map((item) => redactUnknown(item, depth + 1));
+    }
+    if (typeof value === 'object') {
+        if (depth >= 2)
+            return '[REDACTED_OBJECT]';
+        const result = {};
+        for (const [key, item] of Object.entries(value).slice(0, 25)) {
+            result[redactPreview(key, 120)] = SENSITIVE_KEY_PATTERN.test(key)
+                ? REDACTED
+                : redactUnknown(item, depth + 1);
+        }
+        return result;
+    }
+    return redactPreview(String(value), 500);
+}
+function redactUrlSecrets(value) {
+    return value.replace(/https?:\/\/[^\s'"`<>]+/gi, (rawUrl) => {
+        try {
+            const url = new URL(rawUrl);
+            for (const key of [...url.searchParams.keys()]) {
+                if (SENSITIVE_KEY_PATTERN.test(key)) {
+                    url.searchParams.set(key, REDACTED);
+                }
+            }
+            if (url.username)
+                url.username = REDACTED;
+            if (url.password)
+                url.password = REDACTED;
+            return url.toString();
+        }
+        catch {
+            return rawUrl;
+        }
+    });
+}
+//# sourceMappingURL=redaction.js.map

package/dist/runtime/redaction.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redaction.js","sourceRoot":"","sources":["../../src/runtime/redaction.ts"],"names":[],"mappings":";;AA2BA,gCAMC;AAED,sCAEC;AAED,sCASC;AAED,wCAYC;AA5DD,MAAM,QAAQ,GAAG,YAAY,CAAC;AAE9B,MAAM,oBAAoB,GACxB,4GAA4G,CAAC;AAC/G,MAAM,qBAAqB,GACzB,4GAA4G,CAAC;AAE/G,MAAM,kBAAkB,GAA+C;IACrE,CAAC,iCAAiC,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC;IACnD,CAAC,kCAAkC,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC;IACpD,CAAC,4BAA4B,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC;IAC9C,CAAC,wCAAwC,EAAE,GAAG,EAAE,CAAC,UAAU,QAAQ,EAAE,CAAC;IACtE;QACE,6EAA6E;QAC7E,GAAG,EAAE,CAAC,QAAQ;KACf;IACD;QACE,oBAAoB;QACpB,CAAC,KAAK,EAAE,EAAE;YACR,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,OAAO,GAAG,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC9B,CAAC;KACF;CACF,CAAC;AAEF,SAAgB,UAAU,CAAC,KAAc;IACvC,IAAI,QAAQ,GAAG,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IACnC,KAAK,MAAM,CAAC,OAAO,EAAE,WAAW,CAAC,IAAI,kBAAkB,EAAE,CAAC;QACxD,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACpD,CAAC;IACD,OAAO,gBAAgB,CAAC,QAAQ,CAAC,CAAC;AACpC,CAAC;AAED,SAAgB,aAAa,CAAC,KAAc,EAAE,SAAS,GAAG,IAAI;IAC5D,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,aAAa,CAAC,OAAuB;IACnD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC9B,GAAG,MAAM;QACT,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC;QACrC,KAAK,EAAE,aAAa,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC;QACvC,WAAW,EAAE,aAAa,CAAC,MAAM,CAAC,WAAW,EAAE,GAAG,CAAC;QACnD,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ;QACjF,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW;KAC9F,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAgB,cAAc,CAC5B,KAA0C,EAC1C,OAAO,GAAG,EAAE;IAEZ,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,CAAC;QAClE,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC;YAC/D,CAAC,CAAC,QAAQ;YACV,CAAC,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,aAAa,CAAC,KAAc,EAAE,KAAa;IAClD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IACxD,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAChE,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAC1E,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,IAAI,KAAK,IAAI,CAAC;YAAE,OAAO,mBAAmB,CAAC;QAC3C,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,KAAK,IAAI,CAAC;YAAE,OAAO,mBAAmB,CAAC;QAC3C,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;YACxF,MAAM,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC;gBAC/D,CAAC,CAAC,QAAQ;gBACV,CAAC,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QACrC,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,OAAO,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IACrC,OAAO,KAAK,CAAC,OAAO,CAAC,0BAA0B,EAAE,CAAC,MAAM,EAAE,EAAE;QAC1D,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;YAC5B,KAAK,MAAM,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;gBAC/C,IAAI,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;oBACpC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC;YACD,IAAI,GAAG,CAAC,QAAQ;gBAAE,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAC1C,IAAI,GAAG,CAAC,QAAQ;gBAAE,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC;YAC1C,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/runtime/types.d.ts

@@ -0,0 +1,62 @@
+export type CloudPolicyDecision = 'allow' | 'warn' | 'require_approval' | 'block';
+export type RuntimeRiskLevel = 'safe' | 'low' | 'medium' | 'high' | 'critical';
+export type RuntimeSeverity = 'info' | 'low' | 'medium' | 'high' | 'critical';
+export type RuntimeActionType = 'shell' | 'file_read' | 'file_write' | 'network' | 'mcp_tool' | 'browser' | 'skill_install' | 'deploy' | 'other';
+export type RuntimeAgentHost = 'claude-code' | 'codex' | 'openclaw' | 'cursor' | 'gemini' | 'copilot' | 'other';
+export interface PolicyReason {
+    code: string;
+    severity: RuntimeSeverity;
+    title: string;
+    description: string;
+    evidence?: string;
+    remediation?: string;
+}
+export interface EffectiveRuntimePolicy {
+    policyVersion: string;
+    mode: 'observe' | 'balanced' | 'strict';
+    decisions: {
+        destructiveCommand: CloudPolicyDecision;
+        remoteCodeExecution: CloudPolicyDecision;
+        dataExfiltration: CloudPolicyDecision;
+        secretAccess: CloudPolicyDecision;
+        deployAction: CloudPolicyDecision;
+    };
+    protectedPaths: string[];
+    blockedCommandPatterns: string[];
+    allowedCommandPatterns: string[];
+    approvalActionTypes: RuntimeActionType[];
+    network: {
+        defaultOutbound: CloudPolicyDecision;
+        blockedDomains: string[];
+        approvalDomains: string[];
+    };
+    updatedAt: string;
+}
+export interface RuntimeAction {
+    sessionId: string;
+    agentHost: RuntimeAgentHost;
+    actionType: RuntimeActionType;
+    toolName: string;
+    input: string;
+    cwd?: string;
+    sourceSkill?: string;
+    metadata?: Record<string, unknown>;
+}
+export interface RuntimeDecision {
+    actionId: string;
+    decision: CloudPolicyDecision;
+    riskScore: number;
+    riskLevel: RuntimeRiskLevel;
+    reasons: PolicyReason[];
+    policyVersion: string;
+    expiresAt?: string;
+}
+export interface RuntimeAuditEvent extends RuntimeAction {
+    actionId: string;
+    decision: CloudPolicyDecision;
+    riskScore: number;
+    riskLevel: RuntimeRiskLevel;
+    reasons: PolicyReason[];
+    policyVersion: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/runtime/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/runtime/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,mBAAmB,GAAG,OAAO,GAAG,MAAM,GAAG,kBAAkB,GAAG,OAAO,CAAC;AAClF,MAAM,MAAM,gBAAgB,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAC/E,MAAM,MAAM,eAAe,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;AAE9E,MAAM,MAAM,iBAAiB,GACzB,OAAO,GACP,WAAW,GACX,YAAY,GACZ,SAAS,GACT,UAAU,GACV,SAAS,GACT,eAAe,GACf,QAAQ,GACR,OAAO,CAAC;AAEZ,MAAM,MAAM,gBAAgB,GACxB,aAAa,GACb,OAAO,GACP,UAAU,GACV,QAAQ,GACR,QAAQ,GACR,SAAS,GACT,OAAO,CAAC;AAEZ,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,eAAe,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,sBAAsB;IACrC,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,EAAE,SAAS,GAAG,UAAU,GAAG,QAAQ,CAAC;IACxC,SAAS,EAAE;QACT,kBAAkB,EAAE,mBAAmB,CAAC;QACxC,mBAAmB,EAAE,mBAAmB,CAAC;QACzC,gBAAgB,EAAE,mBAAmB,CAAC;QACtC,YAAY,EAAE,mBAAmB,CAAC;QAClC,YAAY,EAAE,mBAAmB,CAAC;KACnC,CAAC;IACF,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,sBAAsB,EAAE,MAAM,EAAE,CAAC;IACjC,mBAAmB,EAAE,iBAAiB,EAAE,CAAC;IACzC,OAAO,EAAE;QACP,eAAe,EAAE,mBAAmB,CAAC;QACrC,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,eAAe,EAAE,MAAM,EAAE,CAAC;KAC3B,CAAC;IACF,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,gBAAgB,CAAC;IAC5B,UAAU,EAAE,iBAAiB,CAAC;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,mBAAmB,CAAC;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,gBAAgB,CAAC;IAC5B,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,iBAAkB,SAAQ,aAAa;IACtD,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,mBAAmB,CAAC;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,gBAAgB,CAAC;IAC5B,OAAO,EAAE,YAAY,EAAE,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;CACvB"}

package/dist/runtime/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/runtime/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/runtime/types.ts"],"names":[],"mappings":""}

package/dist/scanner/rules/trojan.js

@@ -81,7 +81,7 @@ exports.TROJAN_RULES = [
     {
         id: 'SOCIAL_ENGINEERING',
         description: 'Detects social engineering pressure language in skill instructions',
-        severity: 'medium',
+        severity: 'high',
         file_patterns: ['*.md'],
         patterns: [
             /CRITICAL\s+REQUIREMENT/i,

package/dist/scanner/rules/trojan.js.map

@@ -1 +1 @@
-{"version":3,"file":"trojan.js","sourceRoot":"","sources":["../../../src/scanner/rules/trojan.ts"],"names":[],"mappings":";;;AAEA;;GAEG;AACU,QAAA,YAAY,GAAe;IACtC;QACE,EAAE,EAAE,qBAAqB;QACzB,WAAW,EAAE,iFAAiF;QAC9F,QAAQ,EAAE,UAAU;QACpB,aAAa,EAAE,CAAC,MAAM,CAAC;QACvB,QAAQ,EAAE;YACR,gDAAgD;YAChD,qDAAqD;YACrD,gDAAgD;YAChD,oCAAoC;YACpC,8BAA8B;YAC9B,wCAAwC;YACxC,qCAAqC;YACrC,eAAe;SAChB;QACD,SAAS,EAAE,CAAC,OAAe,EAAE,EAAE;YAC7B,uEAAuE;YACvE,MAAM,WAAW,GAAG,8DAA8D,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACjG,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,4CAA4C,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC9E,MAAM,OAAO,GAAG,CAAC,WAAW,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;YAC9E,OAAO,OAAO,IAAI,CAAC,CAAC;QACtB,CAAC;KACF;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,WAAW,EAAE,wDAAwD;QACrE,QAAQ,EAAE,MAAM;QAChB,aAAa,EAAE,CAAC,GAAG,CAAC;QACpB,QAAQ,EAAE;YACR,uBAAuB;YACvB,kBAAkB;YAClB,kBAAkB;YAClB,cAAc;YACd,gBAAgB;YAChB,eAAe;YACf,kBAAkB;YAClB,eAAe;SAChB;KACF;IACD;QACE,EAAE,EAAE,eAAe;QACnB,WAAW,EAAE,uCAAuC;QACpD,QAAQ,EAAE,QAAQ;QAClB,aAAa,EAAE,CAAC,GAAG,CAAC;QACpB,QAAQ,EAAE;YACR,gEAAgE;YAChE,0CAA0C;SAC3C;QACD,SAAS,EAAE,CAAC,OAAe,EAAE,KAAuB,EAAE,EAAE;YACtD,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACxC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,+BAA+B;YAC/B,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,OAAO,KAAK,CAAC,CAAE,WAAW;YAChD,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC,CAAI,UAAU;YAC/C,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE;gBAAE,OAAO,KAAK,CAAC,CAAG,WAAW;YAChD,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;gBAAE,OAAO,KAAK,CAAC,CAAC,gBAAgB;YACxF,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,OAAO,KAAK,CAAC,CAAC,cAAc;YACtE,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,OAAO,KAAK,CAAC,CAAC,aAAa;YACrE,+DAA+D;YAC/D,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YACrE,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,QAAQ;QAClB,aAAa,EAAE,CAAC,MAAM,CAAC;QACvB,QAAQ,EAAE;YACR,yBAAyB;YACzB,8BAA8B;YAC9B,8CAA8C;YAC9C,sDAAsD;YACtD,qDAAqD;YACrD,+BAA+B;SAChC;QACD,SAAS,EAAE,CAAC,OAAe,EAAE,EAAE;YAC7B,mEAAmE;YACnE,OAAO,qDAAqD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC7E,CAAC;KACF;CACF,CAAC"}
+{"version":3,"file":"trojan.js","sourceRoot":"","sources":["../../../src/scanner/rules/trojan.ts"],"names":[],"mappings":";;;AAEA;;GAEG;AACU,QAAA,YAAY,GAAe;IACtC;QACE,EAAE,EAAE,qBAAqB;QACzB,WAAW,EAAE,iFAAiF;QAC9F,QAAQ,EAAE,UAAU;QACpB,aAAa,EAAE,CAAC,MAAM,CAAC;QACvB,QAAQ,EAAE;YACR,gDAAgD;YAChD,qDAAqD;YACrD,gDAAgD;YAChD,oCAAoC;YACpC,8BAA8B;YAC9B,wCAAwC;YACxC,qCAAqC;YACrC,eAAe;SAChB;QACD,SAAS,EAAE,CAAC,OAAe,EAAE,EAAE;YAC7B,uEAAuE;YACvE,MAAM,WAAW,GAAG,8DAA8D,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACjG,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,4CAA4C,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC9E,MAAM,OAAO,GAAG,CAAC,WAAW,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;YAC9E,OAAO,OAAO,IAAI,CAAC,CAAC;QACtB,CAAC;KACF;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,WAAW,EAAE,wDAAwD;QACrE,QAAQ,EAAE,MAAM;QAChB,aAAa,EAAE,CAAC,GAAG,CAAC;QACpB,QAAQ,EAAE;YACR,uBAAuB;YACvB,kBAAkB;YAClB,kBAAkB;YAClB,cAAc;YACd,gBAAgB;YAChB,eAAe;YACf,kBAAkB;YAClB,eAAe;SAChB;KACF;IACD;QACE,EAAE,EAAE,eAAe;QACnB,WAAW,EAAE,uCAAuC;QACpD,QAAQ,EAAE,QAAQ;QAClB,aAAa,EAAE,CAAC,GAAG,CAAC;QACpB,QAAQ,EAAE;YACR,gEAAgE;YAChE,0CAA0C;SAC3C;QACD,SAAS,EAAE,CAAC,OAAe,EAAE,KAAuB,EAAE,EAAE;YACtD,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;YAChC,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACxC,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,+BAA+B;YAC/B,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,OAAO,KAAK,CAAC,CAAE,WAAW;YAChD,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC,CAAI,UAAU;YAC/C,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE;gBAAE,OAAO,KAAK,CAAC,CAAG,WAAW;YAChD,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;gBAAE,OAAO,KAAK,CAAC,CAAC,gBAAgB;YACxF,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,OAAO,KAAK,CAAC,CAAC,cAAc;YACtE,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,OAAO,KAAK,CAAC,CAAC,aAAa;YACrE,+DAA+D;YAC/D,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YACrE,OAAO,IAAI,CAAC;QACd,CAAC;KACF;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,aAAa,EAAE,CAAC,MAAM,CAAC;QACvB,QAAQ,EAAE;YACR,yBAAyB;YACzB,8BAA8B;YAC9B,8CAA8C;YAC9C,sDAAsD;YACtD,qDAAqD;YACrD,+BAA+B;SAChC;QACD,SAAS,EAAE,CAAC,OAAe,EAAE,EAAE;YAC7B,mEAAmE;YACnE,OAAO,qDAAqD,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC7E,CAAC;KACF;CACF,CAAC"}

package/dist/tests/cloud-live.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=cloud-live.test.d.ts.map

package/dist/tests/cloud-live.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloud-live.test.d.ts","sourceRoot":"","sources":["../../src/tests/cloud-live.test.ts"],"names":[],"mappings":""}

package/dist/tests/cloud-live.test.js

@@ -0,0 +1,68 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_test_1 = require("node:test");
+const strict_1 = __importDefault(require("node:assert/strict"));
+const client_js_1 = require("../cloud/client.js");
+const apiKey = process.env.AGENTGUARD_API_KEY;
+const cloudUrl = process.env.AGENTGUARD_CLOUD_URL || 'https://agentguard.gopluslabs.io';
+const runLive = Boolean(apiKey);
+(0, node_test_1.describe)('Cloud live integration', { skip: !runLive }, () => {
+    const config = {
+        version: 1,
+        level: 'balanced',
+        cloudUrl,
+        apiKey,
+        policyCachePath: '',
+        auditPath: '',
+        eventSpoolPath: '',
+    };
+    const client = new client_js_1.AgentGuardCloudClient(config);
+    (0, node_test_1.it)('fetches effective policy from the configured Cloud', async () => {
+        const policy = await client.fetchEffectivePolicy();
+        strict_1.default.ok(policy.policyVersion);
+        strict_1.default.ok(policy.decisions);
+    });
+    (0, node_test_1.it)('ingests a redacted runtime audit event', async () => {
+        const event = sampleEvent('warn');
+        event.input = 'echo safe --api_key=live-secret-that-must-be-redacted';
+        await client.ingestEvents([event]);
+    });
+    (0, node_test_1.it)('creates a Cloud approval request', async () => {
+        const event = sampleEvent('require_approval');
+        event.input = '/tmp/.env?token=live-secret-that-must-be-redacted';
+        event.riskScore = 55;
+        event.riskLevel = 'high';
+        event.reasons = [
+            {
+                code: 'SECRET_ACCESS',
+                severity: 'high',
+                title: 'Live test protected path access',
+                description: 'Live integration test verifies approval creation.',
+                evidence: '/tmp/.env?token=live-secret-that-must-be-redacted',
+            },
+        ];
+        const approvalId = await client.createApproval(event);
+        strict_1.default.ok(approvalId);
+    });
+});
+function sampleEvent(decision) {
+    const suffix = `${Date.now()}_${Math.random().toString(36).slice(2)}`;
+    return {
+        actionId: `act_live_${suffix}`,
+        sessionId: `sess_live_${suffix}`,
+        agentHost: 'codex',
+        actionType: 'shell',
+        toolName: 'Bash',
+        input: 'echo safe',
+        decision,
+        riskScore: decision === 'allow' ? 0 : 20,
+        riskLevel: decision === 'allow' ? 'safe' : 'medium',
+        reasons: [],
+        policyVersion: 'live-test',
+        metadata: { test: 'cloud-live' },
+    };
+}
+//# sourceMappingURL=cloud-live.test.js.map

package/dist/tests/cloud-live.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cloud-live.test.js","sourceRoot":"","sources":["../../src/tests/cloud-live.test.ts"],"names":[],"mappings":";;;;;AAAA,yCAAyC;AACzC,gEAAwC;AACxC,kDAA2D;AAI3D,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;AAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,kCAAkC,CAAC;AACxF,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;AAEhC,IAAA,oBAAQ,EAAC,wBAAwB,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,GAAG,EAAE;IAC1D,MAAM,MAAM,GAAqB;QAC/B,OAAO,EAAE,CAAC;QACV,KAAK,EAAE,UAAU;QACjB,QAAQ;QACR,MAAM;QACN,eAAe,EAAE,EAAE;QACnB,SAAS,EAAE,EAAE;QACb,cAAc,EAAE,EAAE;KACnB,CAAC;IACF,MAAM,MAAM,GAAG,IAAI,iCAAqB,CAAC,MAAM,CAAC,CAAC;IAEjD,IAAA,cAAE,EAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,oBAAoB,EAAE,CAAC;QACnD,gBAAM,CAAC,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QAChC,gBAAM,CAAC,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,KAAK,CAAC,KAAK,GAAG,uDAAuD,CAAC;QAEtE,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,IAAA,cAAE,EAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,KAAK,GAAG,WAAW,CAAC,kBAAkB,CAAC,CAAC;QAC9C,KAAK,CAAC,KAAK,GAAG,mDAAmD,CAAC;QAClE,KAAK,CAAC,SAAS,GAAG,EAAE,CAAC;QACrB,KAAK,CAAC,SAAS,GAAG,MAAM,CAAC;QACzB,KAAK,CAAC,OAAO,GAAG;YACd;gBACE,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,MAAM;gBAChB,KAAK,EAAE,iCAAiC;gBACxC,WAAW,EAAE,mDAAmD;gBAChE,QAAQ,EAAE,mDAAmD;aAC9D;SACF,CAAC;QAEF,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QACtD,gBAAM,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,SAAS,WAAW,CAAC,QAAuC;IAC1D,MAAM,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IACtE,OAAO;QACL,QAAQ,EAAE,YAAY,MAAM,EAAE;QAC9B,SAAS,EAAE,aAAa,MAAM,EAAE;QAChC,SAAS,EAAE,OAAO;QAClB,UAAU,EAAE,OAAO;QACnB,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,WAAW;QAClB,QAAQ;QACR,SAAS,EAAE,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;QACxC,SAAS,EAAE,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;QACnD,OAAO,EAAE,EAAE;QACX,aAAa,EAAE,WAAW;QAC1B,QAAQ,EAAE,EAAE,IAAI,EAAE,YAAY,EAAE;KACjC,CAAC;AACJ,CAAC"}

package/dist/tests/installer.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=installer.test.d.ts.map

package/dist/tests/installer.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"installer.test.d.ts","sourceRoot":"","sources":["../../src/tests/installer.test.ts"],"names":[],"mappings":""}