npm - @guilz-dev/belay - Versions diffs - 0.1.0 - Mend

@guilz-dev/belay 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (266) hide show

package/LICENSE +21 -0
package/README.md +268 -0
package/agent-belay-logo.png +0 -0
package/dist/adapters/claude/adapter.d.ts +7 -0
package/dist/adapters/claude/adapter.js +114 -0
package/dist/adapters/claude/hooks.d.ts +13 -0
package/dist/adapters/claude/hooks.js +49 -0
package/dist/adapters/claude/runtime-entry.d.ts +4 -0
package/dist/adapters/claude/runtime-entry.js +260 -0
package/dist/adapters/codex/adapter.d.ts +7 -0
package/dist/adapters/codex/adapter.js +73 -0
package/dist/adapters/codex/hooks.d.ts +21 -0
package/dist/adapters/codex/hooks.js +78 -0
package/dist/adapters/codex/runtime-entry.d.ts +4 -0
package/dist/adapters/codex/runtime-entry.js +237 -0
package/dist/adapters/cursor/adapter.d.ts +7 -0
package/dist/adapters/cursor/adapter.js +29 -0
package/dist/adapters/cursor/hooks.d.ts +2 -0
package/dist/adapters/cursor/hooks.js +26 -0
package/dist/adapters/cursor/runtime-entry.d.ts +4 -0
package/dist/adapters/cursor/runtime-entry.js +143 -0
package/dist/adapters/layouts/claude.d.ts +2 -0
package/dist/adapters/layouts/claude.js +40 -0
package/dist/adapters/layouts/codex.d.ts +2 -0
package/dist/adapters/layouts/codex.js +43 -0
package/dist/adapters/layouts/cursor.d.ts +2 -0
package/dist/adapters/layouts/cursor.js +40 -0
package/dist/adapters/layouts/index.d.ts +7 -0
package/dist/adapters/layouts/index.js +23 -0
package/dist/adapters/layouts/protected-paths.d.ts +3 -0
package/dist/adapters/layouts/protected-paths.js +15 -0
package/dist/adapters/layouts/scope.d.ts +19 -0
package/dist/adapters/layouts/scope.js +86 -0
package/dist/adapters/layouts/types.d.ts +14 -0
package/dist/adapters/layouts/types.js +1 -0
package/dist/adapters/registry.d.ts +4 -0
package/dist/adapters/registry.js +14 -0
package/dist/adapters/shared/gate-runtime.d.ts +51 -0
package/dist/adapters/shared/gate-runtime.js +518 -0
package/dist/adapters/shared/repo-root.d.ts +2 -0
package/dist/adapters/shared/repo-root.js +17 -0
package/dist/adapters/types.d.ts +19 -0
package/dist/adapters/types.js +1 -0
package/dist/branding.d.ts +3 -0
package/dist/branding.js +3 -0
package/dist/bundle/claude-runtime.mjs +5323 -0
package/dist/bundle/codex-runtime.mjs +5310 -0
package/dist/bundle/cursor-runtime.mjs +5208 -0
package/dist/cleanup-orphans.d.ts +7 -0
package/dist/cleanup-orphans.js +59 -0
package/dist/cli.d.ts +2 -0
package/dist/cli.js +631 -0
package/dist/commands/approve.d.ts +14 -0
package/dist/commands/approve.js +65 -0
package/dist/commands/audit.d.ts +59 -0
package/dist/commands/audit.js +132 -0
package/dist/commands/classify-for-report.d.ts +9 -0
package/dist/commands/classify-for-report.js +85 -0
package/dist/commands/doctor.d.ts +3 -0
package/dist/commands/doctor.js +366 -0
package/dist/commands/dogfood.d.ts +5 -0
package/dist/commands/dogfood.js +71 -0
package/dist/commands/explain.d.ts +3 -0
package/dist/commands/explain.js +133 -0
package/dist/commands/health-snapshot.d.ts +2 -0
package/dist/commands/health-snapshot.js +166 -0
package/dist/commands/init-wizard.d.ts +16 -0
package/dist/commands/init-wizard.js +50 -0
package/dist/commands/metrics.d.ts +7 -0
package/dist/commands/metrics.js +89 -0
package/dist/commands/recover.d.ts +3 -0
package/dist/commands/recover.js +105 -0
package/dist/commands/report.d.ts +3 -0
package/dist/commands/report.js +65 -0
package/dist/commands/revoke.d.ts +5 -0
package/dist/commands/revoke.js +22 -0
package/dist/commands/simulate.d.ts +14 -0
package/dist/commands/simulate.js +55 -0
package/dist/commands/status.d.ts +5 -0
package/dist/commands/status.js +107 -0
package/dist/config-io.d.ts +23 -0
package/dist/config-io.js +180 -0
package/dist/conformance/guarantee-table.d.ts +14 -0
package/dist/conformance/guarantee-table.js +95 -0
package/dist/conformance/types.d.ts +6 -0
package/dist/conformance/types.js +1 -0
package/dist/core/approval-service.d.ts +26 -0
package/dist/core/approval-service.js +41 -0
package/dist/core/approval-token.d.ts +11 -0
package/dist/core/approval-token.js +61 -0
package/dist/core/approval.d.ts +19 -0
package/dist/core/approval.js +58 -0
package/dist/core/audit-analysis.d.ts +10 -0
package/dist/core/audit-analysis.js +147 -0
package/dist/core/audit-metrics.d.ts +51 -0
package/dist/core/audit-metrics.js +155 -0
package/dist/core/audit-query.d.ts +11 -0
package/dist/core/audit-query.js +142 -0
package/dist/core/audit-summary.d.ts +33 -0
package/dist/core/audit-summary.js +111 -0
package/dist/core/audit-types.d.ts +65 -0
package/dist/core/audit-types.js +2 -0
package/dist/core/capability/allowlist.d.ts +10 -0
package/dist/core/capability/allowlist.js +53 -0
package/dist/core/capability/broker.d.ts +17 -0
package/dist/core/capability/broker.js +29 -0
package/dist/core/capability/index.d.ts +5 -0
package/dist/core/capability/index.js +4 -0
package/dist/core/capability/paths.d.ts +1 -0
package/dist/core/capability/paths.js +20 -0
package/dist/core/capability/reasons.d.ts +2 -0
package/dist/core/capability/reasons.js +4 -0
package/dist/core/capability/types.d.ts +10 -0
package/dist/core/capability/types.js +1 -0
package/dist/core/capability-approval.d.ts +28 -0
package/dist/core/capability-approval.js +43 -0
package/dist/core/classify-subagent.d.ts +2 -0
package/dist/core/classify-subagent.js +69 -0
package/dist/core/classify-tool.d.ts +3 -0
package/dist/core/classify-tool.js +311 -0
package/dist/core/config-layers.d.ts +23 -0
package/dist/core/config-layers.js +59 -0
package/dist/core/config.d.ts +219 -0
package/dist/core/config.js +720 -0
package/dist/core/control-plane-isolation.d.ts +10 -0
package/dist/core/control-plane-isolation.js +83 -0
package/dist/core/custom-command-match.d.ts +2 -0
package/dist/core/custom-command-match.js +8 -0
package/dist/core/egress/allowlist.d.ts +7 -0
package/dist/core/egress/allowlist.js +33 -0
package/dist/core/egress/env.d.ts +3 -0
package/dist/core/egress/env.js +17 -0
package/dist/core/egress/fingerprint.d.ts +3 -0
package/dist/core/egress/fingerprint.js +35 -0
package/dist/core/egress/policy.d.ts +8 -0
package/dist/core/egress/policy.js +47 -0
package/dist/core/egress/proxy-server.d.ts +21 -0
package/dist/core/egress/proxy-server.js +263 -0
package/dist/core/egress/types.d.ts +25 -0
package/dist/core/egress/types.js +1 -0
package/dist/core/egress-approval.d.ts +48 -0
package/dist/core/egress-approval.js +129 -0
package/dist/core/fingerprint.d.ts +6 -0
package/dist/core/fingerprint.js +24 -0
package/dist/core/gate-contract.d.ts +48 -0
package/dist/core/gate-contract.js +50 -0
package/dist/core/gate-engine.d.ts +20 -0
package/dist/core/gate-engine.js +172 -0
package/dist/core/glob.d.ts +1 -0
package/dist/core/glob.js +39 -0
package/dist/core/index.d.ts +19 -0
package/dist/core/index.js +15 -0
package/dist/core/integrity.d.ts +15 -0
package/dist/core/integrity.js +68 -0
package/dist/core/judge-api-key.d.ts +4 -0
package/dist/core/judge-api-key.js +11 -0
package/dist/core/judge-config.d.ts +29 -0
package/dist/core/judge-config.js +85 -0
package/dist/core/judge-doctor.d.ts +7 -0
package/dist/core/judge-doctor.js +124 -0
package/dist/core/judgment.d.ts +6 -0
package/dist/core/judgment.js +38 -0
package/dist/core/notify.d.ts +13 -0
package/dist/core/notify.js +44 -0
package/dist/core/path-utils.d.ts +12 -0
package/dist/core/path-utils.js +107 -0
package/dist/core/reclassify.d.ts +15 -0
package/dist/core/reclassify.js +82 -0
package/dist/core/recover-advice.d.ts +30 -0
package/dist/core/recover-advice.js +177 -0
package/dist/core/recover-git-probe.d.ts +8 -0
package/dist/core/recover-git-probe.js +50 -0
package/dist/core/recover-select.d.ts +10 -0
package/dist/core/recover-select.js +60 -0
package/dist/core/scrub.d.ts +3 -0
package/dist/core/scrub.js +87 -0
package/dist/core/shell-substitution.d.ts +6 -0
package/dist/core/shell-substitution.js +130 -0
package/dist/core/shell-tokenizer.d.ts +5 -0
package/dist/core/shell-tokenizer.js +129 -0
package/dist/core/shell-unparseable.d.ts +4 -0
package/dist/core/shell-unparseable.js +96 -0
package/dist/core/transactional/diff-evaluator.d.ts +2 -0
package/dist/core/transactional/diff-evaluator.js +84 -0
package/dist/core/transactional/eligibility.d.ts +4 -0
package/dist/core/transactional/eligibility.js +44 -0
package/dist/core/transactional/git-worktree.d.ts +13 -0
package/dist/core/transactional/git-worktree.js +189 -0
package/dist/core/transactional/index.d.ts +5 -0
package/dist/core/transactional/index.js +4 -0
package/dist/core/transactional/reasons.d.ts +4 -0
package/dist/core/transactional/reasons.js +8 -0
package/dist/core/transactional/runner.d.ts +2 -0
package/dist/core/transactional/runner.js +113 -0
package/dist/core/transactional/types.d.ts +46 -0
package/dist/core/transactional/types.js +1 -0
package/dist/core/types.d.ts +90 -0
package/dist/core/types.js +1 -0
package/dist/core/v2/adapter.d.ts +14 -0
package/dist/core/v2/adapter.js +118 -0
package/dist/core/v2/containment.d.ts +19 -0
package/dist/core/v2/containment.js +91 -0
package/dist/core/v2/egress-classify.d.ts +7 -0
package/dist/core/v2/egress-classify.js +216 -0
package/dist/core/v2/fingerprint.d.ts +1 -0
package/dist/core/v2/fingerprint.js +4 -0
package/dist/core/v2/index.d.ts +12 -0
package/dist/core/v2/index.js +10 -0
package/dist/core/v2/judge-audit.d.ts +2 -0
package/dist/core/v2/judge-audit.js +15 -0
package/dist/core/v2/judge-factory.d.ts +25 -0
package/dist/core/v2/judge-factory.js +75 -0
package/dist/core/v2/judge-outbound.d.ts +12 -0
package/dist/core/v2/judge-outbound.js +73 -0
package/dist/core/v2/judge.d.ts +47 -0
package/dist/core/v2/judge.js +264 -0
package/dist/core/v2/launcher-resolve.d.ts +12 -0
package/dist/core/v2/launcher-resolve.js +190 -0
package/dist/core/v2/overrides.d.ts +7 -0
package/dist/core/v2/overrides.js +37 -0
package/dist/core/v2/parser.d.ts +21 -0
package/dist/core/v2/parser.js +213 -0
package/dist/core/v2/types.d.ts +67 -0
package/dist/core/v2/types.js +1 -0
package/dist/core/v2/verdict.d.ts +2 -0
package/dist/core/v2/verdict.js +699 -0
package/dist/corpus/evaluate.d.ts +24 -0
package/dist/corpus/evaluate.js +69 -0
package/dist/defaults.d.ts +18 -0
package/dist/defaults.js +155 -0
package/dist/egress-daemon.d.ts +1 -0
package/dist/egress-daemon.js +52 -0
package/dist/index.d.ts +17 -0
package/dist/index.js +15 -0
package/dist/installer/bootstrap.d.ts +5 -0
package/dist/installer/bootstrap.js +61 -0
package/dist/installer/runtime-artifacts.d.ts +3 -0
package/dist/installer/runtime-artifacts.js +23 -0
package/dist/installer/scope-config.d.ts +8 -0
package/dist/installer/scope-config.js +25 -0
package/dist/installer.d.ts +22 -0
package/dist/installer.js +169 -0
package/dist/node-resolution.d.ts +8 -0
package/dist/node-resolution.js +237 -0
package/dist/operational-insights.d.ts +19 -0
package/dist/operational-insights.js +24 -0
package/dist/presets.d.ts +4 -0
package/dist/presets.js +95 -0
package/dist/services/egress-service.d.ts +57 -0
package/dist/services/egress-service.js +334 -0
package/dist/services/sandbox-service.d.ts +38 -0
package/dist/services/sandbox-service.js +95 -0
package/dist/templates.d.ts +7 -0
package/dist/templates.js +56 -0
package/dist/types.d.ts +230 -0
package/dist/types.js +1 -0
package/dist/version.d.ts +1 -0
package/dist/version.js +1 -0
package/package.json +65 -0
package/skills/belay/SKILL.md +52 -0
package/skills/belay/belay-approve.md +7 -0
package/skills/belay/belay-explain.md +11 -0
package/skills/belay/belay-recover.md +13 -0
package/skills/belay/belay-report.md +7 -0
package/skills/belay/belay-status.md +9 -0
package/skills/belay/belay-why.md +11 -0

package/dist/adapters/cursor/adapter.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { BelayAdapter } from '../types.js';
+export declare const cursorAdapter: BelayAdapter;
+export declare function cursorPaths(repoRoot: string): {
+    config: string;
+    hooks: string;
+    runtime: string;
+};

package/dist/adapters/cursor/adapter.js ADDED Viewed

@@ -0,0 +1,29 @@
+import path from 'node:path';
+import { doctorProject } from '../../commands/doctor.js';
+import { getManagedHookEntries } from '../../defaults.js';
+import { initCursorProject, upgradeCursorProject } from '../../installer.js';
+import { cursorLayout } from '../layouts/cursor.js';
+export const cursorAdapter = {
+    name: 'cursor',
+    layout: cursorLayout,
+    async install(repoRoot, options = {}) {
+        return initCursorProject({ ...options, targetDir: repoRoot });
+    },
+    async upgrade(repoRoot, options = {}) {
+        return upgradeCursorProject({ ...options, targetDir: repoRoot });
+    },
+    async doctor(options = {}) {
+        return doctorProject({ ...options, adapter: 'cursor' });
+    },
+    hookEvents() {
+        return getManagedHookEntries(process.platform);
+    },
+};
+export function cursorPaths(repoRoot) {
+    const resolved = path.resolve(repoRoot);
+    return {
+        config: cursorLayout.configPath(resolved),
+        hooks: cursorLayout.hooksSettingsPath(resolved),
+        runtime: path.join(cursorLayout.runtimeDir(resolved), 'core.mjs'),
+    };
+}

package/dist/adapters/cursor/hooks.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { HooksFile } from '../../types.js';
2	+ export declare function mergeCursorHooksFile(current: HooksFile, platform: NodeJS.Platform, hooksDir: string, repoRoot: string): HooksFile;

package/dist/adapters/cursor/hooks.js ADDED Viewed

@@ -0,0 +1,26 @@
+import { getManagedHookEntries } from '../../defaults.js';
+function entryMatches(existing, expected) {
+    return existing.command === expected.command && existing.matcher === expected.matcher;
+}
+function mergeHookEntry(current, expected, placement) {
+    const entries = Array.isArray(current) ? [...current] : [];
+    const filtered = entries.filter((entry) => !entryMatches(entry, expected));
+    if (placement === 'prepend') {
+        return [expected, ...filtered];
+    }
+    return [...filtered, expected];
+}
+export function mergeCursorHooksFile(current, platform, hooksDir, repoRoot) {
+    const next = {
+        version: current.version || 1,
+        hooks: { ...current.hooks },
+    };
+    const managedEntries = getManagedHookEntries(platform, hooksDir, repoRoot);
+    for (const { event, definition } of managedEntries) {
+        next.hooks[event] = mergeHookEntry(next.hooks[event], {
+            command: definition.command,
+            matcher: definition.matcher,
+        }, definition.placement);
+    }
+    return next;
+}

package/dist/adapters/cursor/runtime-entry.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export declare function runBeforeSubmitPromptHook(): Promise<void>;
+export declare function runShellGateHook(): Promise<void>;
+export declare function runToolGateHook(eventName: string): Promise<void>;
+export declare function runAuditHook(eventName: string): Promise<void>;

package/dist/adapters/cursor/runtime-entry.js ADDED Viewed

@@ -0,0 +1,143 @@
+import process from 'node:process';
+import { cursorLayout } from '../layouts/cursor.js';
+import { appendObservedAudit, createDefaultGateRuntimeDeps, evaluateGatedAction, gateVerdictToCursorResponse, processApprovalPrompt, resolveGateConfig, } from '../shared/gate-runtime.js';
+import { findRepoRoot } from '../shared/repo-root.js';
+async function readStdinJson() {
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+        chunks.push(typeof chunk === 'string' ? chunk : chunk.toString('utf8'));
+    }
+    const raw = chunks.join('').trim();
+    if (!raw) {
+        return {};
+    }
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        return {};
+    }
+}
+function jsonResponse(value) {
+    process.stdout.write(`${JSON.stringify(value)}\n`);
+}
+async function loadRuntimeContext(cwd) {
+    const repoRoot = findRepoRoot(cwd, cursorLayout);
+    const configPath = cursorLayout.configPath(repoRoot);
+    const deps = createDefaultGateRuntimeDeps();
+    const config = await resolveGateConfig({ layout: cursorLayout, repoRoot, configPath }, deps);
+    return { layout: cursorLayout, repoRoot, config, configPath };
+}
+function isSubagentEvent(payload, eventName) {
+    return eventName === 'subagentStart' || payload.subagent_type !== undefined;
+}
+function isFileMutationTool(toolName) {
+    return toolName === 'Write' || toolName === 'StrReplace' || toolName === 'Delete';
+}
+export async function runBeforeSubmitPromptHook() {
+    try {
+        const payload = await readStdinJson();
+        const prompt = String(payload.prompt ?? '');
+        const ctx = await loadRuntimeContext(process.cwd());
+        const deps = createDefaultGateRuntimeDeps();
+        const result = await processApprovalPrompt(ctx, deps, prompt);
+        jsonResponse({
+            continue: result.continue,
+            ...(result.user_message ? { user_message: result.user_message } : {}),
+        });
+    }
+    catch {
+        jsonResponse({
+            continue: false,
+            user_message: 'belay failed while processing approval state. Run belay doctor, then retry.',
+        });
+    }
+}
+export async function runShellGateHook() {
+    try {
+        const payload = await readStdinJson();
+        const command = String(payload.command ?? '').trim();
+        const cwd = String(payload.cwd ?? process.cwd()).trim() || process.cwd();
+        const ctx = await loadRuntimeContext(cwd);
+        const deps = createDefaultGateRuntimeDeps();
+        const verdict = await evaluateGatedAction(ctx, deps, {
+            kind: 'shell',
+            cwd,
+            command,
+        });
+        jsonResponse(gateVerdictToCursorResponse(verdict));
+    }
+    catch {
+        jsonResponse({
+            permission: 'deny',
+            user_message: 'belay failed while classifying this shell command. Run belay doctor, then retry.',
+        });
+    }
+}
+export async function runToolGateHook(eventName) {
+    try {
+        const payload = await readStdinJson();
+        const cwd = process.cwd();
+        const ctx = await loadRuntimeContext(cwd);
+        const deps = createDefaultGateRuntimeDeps();
+        const toolName = String(payload.tool_name ?? '');
+        if (isSubagentEvent(payload, eventName)) {
+            const verdict = await evaluateGatedAction(ctx, deps, {
+                kind: 'subagent',
+                cwd,
+                payload,
+            });
+            jsonResponse(gateVerdictToCursorResponse(verdict));
+            return;
+        }
+        if (toolName === 'Shell') {
+            const verdict = await evaluateGatedAction(ctx, deps, {
+                kind: 'shell',
+                cwd,
+                payload,
+                toolName,
+            });
+            jsonResponse(gateVerdictToCursorResponse(verdict));
+            return;
+        }
+        if (isFileMutationTool(toolName)) {
+            const verdict = await evaluateGatedAction(ctx, deps, {
+                kind: 'tool',
+                cwd,
+                payload,
+                toolName,
+            });
+            jsonResponse(gateVerdictToCursorResponse(verdict));
+            return;
+        }
+        if (payload.tool_name === 'Task') {
+            const verdict = await evaluateGatedAction(ctx, deps, {
+                kind: 'subagent',
+                cwd,
+                payload,
+            });
+            jsonResponse(gateVerdictToCursorResponse(verdict));
+            return;
+        }
+        jsonResponse({ permission: 'allow' });
+    }
+    catch {
+        jsonResponse({
+            permission: 'deny',
+            user_message: 'belay failed while classifying this tool action. Run belay doctor, then retry.',
+        });
+    }
+}
+export async function runAuditHook(eventName) {
+    try {
+        const payload = await readStdinJson();
+        const ctx = await loadRuntimeContext(process.cwd());
+        const deps = createDefaultGateRuntimeDeps();
+        await appendObservedAudit(ctx, deps, eventName, payload);
+        jsonResponse({});
+    }
+    catch (error) {
+        console.error('belay audit hook failed:', error instanceof Error ? error.message : String(error));
+        jsonResponse({});
+    }
+}

package/dist/adapters/layouts/claude.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { AdapterLayout } from './types.js';
2	+ export declare const claudeLayout: AdapterLayout;

package/dist/adapters/layouts/claude.js ADDED Viewed

@@ -0,0 +1,40 @@
+import path from 'node:path';
+import { DEFAULT_CONFIG_V4 } from '../../core/config.js';
+import { buildRunnerInvocation } from './scope.js';
+function runnerCommand(platform, repoRoot, hookName, ...args) {
+    const hooksDir = path.join(path.resolve(repoRoot), '.claude', 'hooks');
+    return buildRunnerInvocation(platform, hooksDir, repoRoot, hookName, ...args);
+}
+export const claudeLayout = {
+    name: 'claude',
+    configPath(repoRoot) {
+        return path.join(repoRoot, '.claude', 'belay.config.json');
+    },
+    hooksSettingsPath(repoRoot) {
+        return path.join(repoRoot, '.claude', 'settings.json');
+    },
+    hooksDir(repoRoot) {
+        return path.join(repoRoot, '.claude', 'hooks');
+    },
+    runtimeDir(repoRoot) {
+        return path.join(repoRoot, '.claude', 'belay', 'runtime');
+    },
+    repoLocalStateDir(repoRoot) {
+        return path.join(repoRoot, '.claude', 'belay');
+    },
+    defaultAuditLogPath(_repoRoot) {
+        return path.join('.claude', 'belay', 'audit.ndjson');
+    },
+    repoRootMarkers: ['.git', '.claude'],
+    runnerCommand,
+    defaultConfig(repoRoot) {
+        return {
+            ...DEFAULT_CONFIG_V4,
+            adapter: 'claude',
+            audit: {
+                ...DEFAULT_CONFIG_V4.audit,
+                logPath: claudeLayout.defaultAuditLogPath(repoRoot),
+            },
+        };
+    },
+};

package/dist/adapters/layouts/codex.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { AdapterLayout } from './types.js';
2	+ export declare const codexLayout: AdapterLayout;

package/dist/adapters/layouts/codex.js ADDED Viewed

@@ -0,0 +1,43 @@
+import path from 'node:path';
+import { DEFAULT_CONFIG_V4 } from '../../core/config.js';
+import { buildRunnerInvocation } from './scope.js';
+function runnerCommand(platform, repoRoot, hookName, ...args) {
+    const hooksDir = path.join(path.resolve(repoRoot), '.codex', 'hooks');
+    return buildRunnerInvocation(platform, hooksDir, repoRoot, hookName, ...args);
+}
+// Codex hook config lives in `.codex/config.toml` (TOML `[[hooks.*]]`), distinct from
+// Claude's JSON `settings.json`. belay's own config stays JSON at `.codex/belay.config.json`.
+export const codexLayout = {
+    name: 'codex',
+    configPath(repoRoot) {
+        return path.join(repoRoot, '.codex', 'belay.config.json');
+    },
+    // Codex reads lifecycle hooks from `.codex/config.toml` (project layer).
+    hooksSettingsPath(repoRoot) {
+        return path.join(repoRoot, '.codex', 'config.toml');
+    },
+    hooksDir(repoRoot) {
+        return path.join(repoRoot, '.codex', 'hooks');
+    },
+    runtimeDir(repoRoot) {
+        return path.join(repoRoot, '.codex', 'belay', 'runtime');
+    },
+    repoLocalStateDir(repoRoot) {
+        return path.join(repoRoot, '.codex', 'belay');
+    },
+    defaultAuditLogPath(_repoRoot) {
+        return path.join('.codex', 'belay', 'audit.ndjson');
+    },
+    repoRootMarkers: ['.git', '.codex'],
+    runnerCommand,
+    defaultConfig(repoRoot) {
+        return {
+            ...DEFAULT_CONFIG_V4,
+            adapter: 'codex',
+            audit: {
+                ...DEFAULT_CONFIG_V4.audit,
+                logPath: codexLayout.defaultAuditLogPath(repoRoot),
+            },
+        };
+    },
+};

package/dist/adapters/layouts/cursor.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { AdapterLayout } from './types.js';
2	+ export declare const cursorLayout: AdapterLayout;

package/dist/adapters/layouts/cursor.js ADDED Viewed

@@ -0,0 +1,40 @@
+import path from 'node:path';
+import { DEFAULT_CONFIG_V4 } from '../../core/config.js';
+import { buildRunnerInvocation } from './scope.js';
+function runnerCommand(platform, repoRoot, hookName, ...args) {
+    const hooksDir = path.join(path.resolve(repoRoot), '.cursor', 'hooks');
+    return buildRunnerInvocation(platform, hooksDir, repoRoot, hookName, ...args);
+}
+export const cursorLayout = {
+    name: 'cursor',
+    configPath(repoRoot) {
+        return path.join(repoRoot, '.cursor', 'belay.config.json');
+    },
+    hooksSettingsPath(repoRoot) {
+        return path.join(repoRoot, '.cursor', 'hooks.json');
+    },
+    hooksDir(repoRoot) {
+        return path.join(repoRoot, '.cursor', 'hooks');
+    },
+    runtimeDir(repoRoot) {
+        return path.join(repoRoot, '.cursor', 'belay', 'runtime');
+    },
+    repoLocalStateDir(repoRoot) {
+        return path.join(repoRoot, '.cursor', 'belay');
+    },
+    defaultAuditLogPath(_repoRoot) {
+        return path.join('.cursor', 'belay', 'audit.ndjson');
+    },
+    repoRootMarkers: ['.git', '.cursor'],
+    runnerCommand,
+    defaultConfig(repoRoot) {
+        return {
+            ...DEFAULT_CONFIG_V4,
+            adapter: 'cursor',
+            audit: {
+                ...DEFAULT_CONFIG_V4.audit,
+                logPath: cursorLayout.defaultAuditLogPath(repoRoot),
+            },
+        };
+    },
+};

package/dist/adapters/layouts/index.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { AdapterLayout, AdapterName } from './types.js';
+export { claudeLayout } from './claude.js';
+export { codexLayout } from './codex.js';
+export { cursorLayout } from './cursor.js';
+export type { AdapterLayout, AdapterName } from './types.js';
+export declare function getAdapterLayout(name?: AdapterName): AdapterLayout;
+export declare function detectAdapterLayout(repoRoot: string, existsSync: (path: string) => boolean): AdapterLayout;

package/dist/adapters/layouts/index.js ADDED Viewed

@@ -0,0 +1,23 @@
+import { claudeLayout } from './claude.js';
+import { codexLayout } from './codex.js';
+import { cursorLayout } from './cursor.js';
+export { claudeLayout } from './claude.js';
+export { codexLayout } from './codex.js';
+export { cursorLayout } from './cursor.js';
+const layouts = {
+    cursor: cursorLayout,
+    claude: claudeLayout,
+    codex: codexLayout,
+};
+export function getAdapterLayout(name = 'cursor') {
+    return layouts[name];
+}
+export function detectAdapterLayout(repoRoot, existsSync) {
+    if (existsSync(claudeLayout.configPath(repoRoot))) {
+        return claudeLayout;
+    }
+    if (existsSync(codexLayout.configPath(repoRoot))) {
+        return codexLayout;
+    }
+    return cursorLayout;
+}

package/dist/adapters/layouts/protected-paths.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { AdapterLayout } from './types.js';
+/** Repo-local and optional out-of-repo paths that must never be mutated via overrides. */
+export declare function protectedArtifactRoots(layout: AdapterLayout, repoRoot: string, controlPlaneDir?: string | null): string[];

package/dist/adapters/layouts/protected-paths.js ADDED Viewed

@@ -0,0 +1,15 @@
+import path from 'node:path';
+/** Repo-local and optional out-of-repo paths that must never be mutated via overrides. */
+export function protectedArtifactRoots(layout, repoRoot, controlPlaneDir) {
+    const roots = [
+        layout.configPath(repoRoot),
+        layout.hooksSettingsPath(repoRoot),
+        layout.hooksDir(repoRoot),
+        layout.repoLocalStateDir(repoRoot),
+        layout.runtimeDir(repoRoot),
+    ];
+    if (controlPlaneDir) {
+        roots.push(controlPlaneDir);
+    }
+    return roots.map((entry) => path.resolve(entry));
+}

package/dist/adapters/layouts/scope.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import type { AdapterLayout } from './types.js';
+export type InstallScope = 'project' | 'global' | 'managed';
+export interface ScopedPaths {
+    scope: InstallScope;
+    repoRoot: string;
+    configPath: string;
+    hooksSettingsPath: string;
+    hooksDir: string;
+    runtimeDir: string;
+    repoLocalStateDir: string;
+    skillsDir: string;
+    commandsDir?: string;
+}
+export declare function isPathInside(child: string, parent: string): boolean;
+export declare function buildRunnerInvocation(platform: NodeJS.Platform, hooksDir: string, repoRoot: string, hookScript: string, ...args: string[]): string;
+export declare function resolveScopedPaths(layout: AdapterLayout, scope: InstallScope, repoRoot: string): ScopedPaths;
+export declare function resolveInstallScope(options: {
+    scope?: InstallScope;
+}, persisted?: 'project' | 'global', fallback?: 'project' | 'global'): 'project' | 'global';

package/dist/adapters/layouts/scope.js ADDED Viewed

@@ -0,0 +1,86 @@
+import os from 'node:os';
+import path from 'node:path';
+function agentHomeDir(adapter) {
+    const home = os.homedir();
+    if (adapter === 'cursor') {
+        return path.join(home, '.cursor');
+    }
+    if (adapter === 'claude') {
+        return path.join(home, '.claude');
+    }
+    return path.join(home, '.codex');
+}
+function projectAgentDir(adapter, repoRoot) {
+    if (adapter === 'cursor') {
+        return path.join(repoRoot, '.cursor');
+    }
+    if (adapter === 'claude') {
+        return path.join(repoRoot, '.claude');
+    }
+    return path.join(repoRoot, '.codex');
+}
+export function isPathInside(child, parent) {
+    const resolvedChild = path.resolve(child);
+    const resolvedParent = path.resolve(parent);
+    const relative = path.relative(resolvedParent, resolvedChild);
+    return relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative));
+}
+export function buildRunnerInvocation(platform, hooksDir, repoRoot, hookScript, ...args) {
+    const runnerFile = platform === 'win32' ? 'belay-runner.cmd' : 'belay-runner';
+    const runnerAbs = path.resolve(hooksDir, runnerFile);
+    const relative = path.relative(path.resolve(repoRoot), runnerAbs);
+    const useRelative = relative.length > 0 && !relative.startsWith('..') && !path.isAbsolute(relative);
+    const runnerRef = useRelative
+        ? platform === 'win32'
+            ? `.\\${relative.split(path.sep).join('\\')}`
+            : `./${relative.split(path.sep).join('/')}`
+        : runnerAbs;
+    return [runnerRef, hookScript, ...args].join(' ');
+}
+export function resolveScopedPaths(layout, scope, repoRoot) {
+    const resolvedRepo = path.resolve(repoRoot);
+    const adapter = layout.name;
+    if (scope === 'managed') {
+        throw new Error('managed install scope is not implemented yet. Use --scope project (default) or --scope global.');
+    }
+    const projectAgent = projectAgentDir(adapter, resolvedRepo);
+    const project = {
+        scope: 'project',
+        repoRoot: resolvedRepo,
+        configPath: layout.configPath(resolvedRepo),
+        hooksSettingsPath: layout.hooksSettingsPath(resolvedRepo),
+        hooksDir: layout.hooksDir(resolvedRepo),
+        runtimeDir: layout.runtimeDir(resolvedRepo),
+        repoLocalStateDir: layout.repoLocalStateDir(resolvedRepo),
+        skillsDir: path.join(projectAgent, 'skills', 'belay'),
+        commandsDir: adapter === 'cursor' ? path.join(projectAgent, 'commands') : undefined,
+    };
+    if (scope === 'project') {
+        return project;
+    }
+    const globalAgent = agentHomeDir(adapter);
+    return {
+        scope: 'global',
+        repoRoot: resolvedRepo,
+        configPath: project.configPath,
+        hooksSettingsPath: adapter === 'cursor'
+            ? path.join(globalAgent, 'hooks.json')
+            : adapter === 'claude'
+                ? path.join(globalAgent, 'settings.json')
+                : path.join(globalAgent, 'config.toml'),
+        hooksDir: path.join(globalAgent, 'hooks'),
+        runtimeDir: path.join(globalAgent, 'belay', 'runtime'),
+        repoLocalStateDir: project.repoLocalStateDir,
+        skillsDir: path.join(globalAgent, 'skills', 'belay'),
+        commandsDir: adapter === 'cursor' ? path.join(globalAgent, 'commands') : undefined,
+    };
+}
+export function resolveInstallScope(options, persisted, fallback = 'project') {
+    if (options.scope === 'managed') {
+        throw new Error('managed install scope is not implemented yet. Use --scope project (default) or --scope global.');
+    }
+    if (options.scope === 'global' || options.scope === 'project') {
+        return options.scope;
+    }
+    return persisted ?? fallback;
+}

package/dist/adapters/layouts/types.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import type { BelayConfigV3 } from '../../core/config.js';
+export type AdapterName = 'cursor' | 'claude' | 'codex';
+export interface AdapterLayout {
+    name: AdapterName;
+    configPath(repoRoot: string): string;
+    hooksSettingsPath(repoRoot: string): string;
+    hooksDir(repoRoot: string): string;
+    runtimeDir(repoRoot: string): string;
+    repoLocalStateDir(repoRoot: string): string;
+    defaultAuditLogPath(repoRoot: string): string;
+    repoRootMarkers: string[];
+    runnerCommand(platform: NodeJS.Platform, repoRoot: string, hookName: string, ...args: string[]): string;
+    defaultConfig(repoRoot: string): Partial<BelayConfigV3>;
+}

package/dist/adapters/layouts/types.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/adapters/registry.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type { AdapterName } from './layouts/types.js';
+import type { BelayAdapter } from './types.js';
+export declare function getAdapter(name?: AdapterName): BelayAdapter;
+export declare function listAdapters(): AdapterName[];

package/dist/adapters/registry.js ADDED Viewed

@@ -0,0 +1,14 @@
+import { claudeAdapter } from './claude/adapter.js';
+import { codexAdapter } from './codex/adapter.js';
+import { cursorAdapter } from './cursor/adapter.js';
+const adapters = {
+    cursor: cursorAdapter,
+    claude: claudeAdapter,
+    codex: codexAdapter,
+};
+export function getAdapter(name = 'cursor') {
+    return adapters[name];
+}
+export function listAdapters() {
+    return Object.keys(adapters);
+}

package/dist/adapters/shared/gate-runtime.d.ts ADDED Viewed

@@ -0,0 +1,51 @@
+import type { GatedActionKind } from '../../core/gate-contract.js';
+import { type GatePermissionResponse, type GateVerdict } from '../../core/gate-contract.js';
+import { GateNormalizationError } from '../../core/gate-engine.js';
+import { type ApprovalStateFile, type BelayConfigV3 } from '../../core/index.js';
+import type { ClassifierOptions } from '../../core/types.js';
+import type { AdapterLayout } from '../layouts/types.js';
+export interface GateRuntimeContext {
+    layout: AdapterLayout;
+    repoRoot: string;
+    config: BelayConfigV3;
+    configPath: string;
+}
+export interface GateRuntimeDeps {
+    readConfig: (configPath: string) => Promise<unknown>;
+    appendAudit: (ctx: GateRuntimeContext, event: Record<string, unknown>) => Promise<void>;
+    loadApprovals: (ctx: GateRuntimeContext, fileName: 'pending-approvals.json' | 'approved-approvals.json') => Promise<{
+        filePath: string;
+        state: ApprovalStateFile;
+    }>;
+    writeApprovals: (filePath: string, state: ApprovalStateFile) => Promise<void>;
+}
+export declare function createDefaultGateRuntimeDeps(): GateRuntimeDeps;
+export declare function resolveGateConfig(ctx: Pick<GateRuntimeContext, 'layout' | 'repoRoot' | 'configPath'>, deps: GateRuntimeDeps): Promise<BelayConfigV3>;
+export declare function repoShellClassifierOptions(config: BelayConfigV3, repoRoot: string, layout: AdapterLayout, extras?: ClassifierOptions): ClassifierOptions;
+export declare function runtimeClassifierOptions(ctx: GateRuntimeContext, config: BelayConfigV3): ClassifierOptions;
+export declare function evaluateGatedAction(ctx: GateRuntimeContext, deps: GateRuntimeDeps, params: {
+    kind: GatedActionKind;
+    cwd: string;
+    command?: string;
+    payload?: Record<string, unknown>;
+    toolName?: string;
+}): Promise<GateVerdict>;
+/** R39: unmapped Codex tools ask via pending approval — not hard deny without approval path. */
+export declare function gateUnmappedToolVerdict(ctx: GateRuntimeContext, deps: GateRuntimeDeps, toolName: string, payload: Record<string, unknown>): Promise<GateVerdict>;
+export declare function processApprovalPrompt(ctx: GateRuntimeContext, deps: GateRuntimeDeps, prompt: string): Promise<{
+    continue: boolean;
+    user_message?: string;
+}>;
+export declare function gateVerdictToCursorResponse(verdict: GateVerdict): GatePermissionResponse;
+export declare function gateVerdictToClaudePreToolUseResponse(verdict: GateVerdict): Record<string, unknown>;
+export declare function gateVerdictToClaudeUserPromptResponse(verdict: {
+    continue: boolean;
+    user_message?: string;
+}): Record<string, unknown>;
+export declare function gateVerdictToCodexPreToolUseResponse(verdict: GateVerdict): Record<string, unknown>;
+export declare function gateVerdictToCodexUserPromptResponse(verdict: {
+    continue: boolean;
+    user_message?: string;
+}): Record<string, unknown>;
+export declare function appendObservedAudit(ctx: GateRuntimeContext, deps: GateRuntimeDeps, eventName: string, payload: Record<string, unknown>): Promise<void>;
+export { GateNormalizationError };