npm - @hasna/machines - Versions diffs - 0.0.47 → 0.0.49 - Mend

@hasna/machines 0.0.47 → 0.0.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/README.md +19 -0
package/dist/agent/index.js +34 -12
package/dist/cli/index.js +523 -390
package/dist/commands/hosts.d.ts +2 -1
package/dist/commands/mutation-approval.d.ts +11 -0
package/dist/commands/runtime.d.ts +1 -0
package/dist/consumer.js +0 -81
package/dist/index.d.ts +57 -29
package/dist/index.js +9202 -25314
package/dist/mcp/index.js +120 -22
package/dist/remote-storage.d.ts +5 -1
package/dist/sdk-mutations.d.ts +54 -0
package/dist/storage.d.ts +18 -3
package/dist/storage.js +392 -92
package/dist/types.d.ts +7 -0
package/package.json +1 -1

package/dist/cli/index.js CHANGED Viewed

@@ -993,7 +993,7 @@ Expecting one of '${allowedValues.join("', '")}'`);
         this._exitCallback = (err) => {
           if (err.code !== "commander.executeSubCommandAsync") {
             throw err;
-          } else {}
+          }
         };
       }
       return this;
@@ -2283,6 +2283,289 @@ var init_db = __esm(() => {
   ];
 });
+// src/commands/mutation-approval.ts
+import { createHash, createHmac, randomUUID, timingSafeEqual } from "crypto";
+import { resolve as resolve2 } from "path";
+function createTrustedSdkMutationApproval() {
+  const approval = {};
+  trustedSdkMutationApprovals.add(approval);
+  return approval;
+}
+function isTrustedSdkMutationApproval(approval) {
+  return typeof approval === "object" && approval !== null && trustedSdkMutationApprovals.has(approval);
+}
+function isTruthy(value) {
+  return value === "1" || value?.toLowerCase() === "true" || value?.toLowerCase() === "yes";
+}
+function nowMs(now) {
+  if (typeof now === "number")
+    return now;
+  if (now instanceof Date)
+    return now.getTime();
+  return Date.now();
+}
+function signingSecret(env2, explicitSecret) {
+  return explicitSecret?.trim() || env2[MUTATION_APPROVAL_TOKEN_ENV]?.trim();
+}
+function hmac(payload, secret) {
+  return createHmac("sha256", secret).update(payload).digest("base64url");
+}
+function sha256Hex(payload) {
+  return createHash("sha256").update(payload).digest("hex");
+}
+function replayDbPath(env2) {
+  const configured = env2[MUTATION_APPROVAL_REPLAY_PATH_ENV]?.trim();
+  return configured ? resolve2(configured) : undefined;
+}
+function replayNonceKey(claims) {
+  return sha256Hex(JSON.stringify({ nonce: claims.nonce }));
+}
+function recordReplayNonce(env2, claims, tokenPayload, now) {
+  const dbPath = replayDbPath(env2);
+  if (!dbPath)
+    return;
+  if (!claims.nonce) {
+    return { approved: false, reason: "approval_token nonce claim is required for replay protection." };
+  }
+  try {
+    const db = getDb(dbPath);
+    db.query("DELETE FROM mutation_approval_nonces WHERE expires_at <= ?").run(now);
+    const result = db.query(`
+      INSERT OR IGNORE INTO mutation_approval_nonces (
+        nonce_sha256,
+        token_sha256,
+        surface,
+        operation,
+        caller_id,
+        run_id,
+        transport,
+        expires_at,
+        used_at
+      )
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `).run(replayNonceKey(claims), sha256Hex(tokenPayload), claims.surface, claims.operation, claims.callerId ?? "", claims.runId ?? "", claims.transport ?? "", claims.expiresAt, now);
+    if (result.changes !== 1) {
+      return { approved: false, reason: "approval_token nonce has already been used." };
+    }
+    return;
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    return { approved: false, reason: `approval_token replay store is unavailable: ${message}` };
+  }
+}
+function safeEqual(left, right) {
+  const leftBuffer = Buffer.from(left);
+  const rightBuffer = Buffer.from(right);
+  return leftBuffer.length === rightBuffer.length && timingSafeEqual(leftBuffer, rightBuffer);
+}
+function canonicalizeMutationArg(value, inArray = false) {
+  if (value === undefined)
+    return inArray ? null : undefined;
+  if (value === null || typeof value === "boolean" || typeof value === "string")
+    return value;
+  if (typeof value === "number")
+    return Number.isFinite(value) ? value : null;
+  if (Array.isArray(value)) {
+    return value.map((entry) => canonicalizeMutationArg(entry, true) ?? null);
+  }
+  if (value instanceof Date)
+    return value.toISOString();
+  if (typeof value === "object") {
+    const result = {};
+    for (const key of Object.keys(value).sort()) {
+      if (key === "approval_token" || key === "approvalToken")
+        continue;
+      const canonicalValue = canonicalizeMutationArg(value[key]);
+      if (canonicalValue !== undefined)
+        result[key] = canonicalValue;
+    }
+    return result;
+  }
+  return inArray ? null : undefined;
+}
+function canonicalMutationArgs(value) {
+  return JSON.stringify(canonicalizeMutationArg(value) ?? {});
+}
+function mutationArgsSha256(value) {
+  return sha256Hex(canonicalMutationArgs(value));
+}
+function stripPlanRuntimeFields(value) {
+  if (Array.isArray(value))
+    return value.map(stripPlanRuntimeFields);
+  if (value instanceof Date)
+    return value;
+  if (value && typeof value === "object") {
+    const result = {};
+    for (const [key, entry] of Object.entries(value)) {
+      if (key === "planDigest" || key === "plan_digest" || key === "mode" || key === "executed")
+        continue;
+      result[key] = stripPlanRuntimeFields(entry);
+    }
+    return result;
+  }
+  return value;
+}
+function mutationPlanDigest(plan) {
+  return mutationArgsSha256(stripPlanRuntimeFields(plan));
+}
+function attachMutationPlanDigest(plan) {
+  return {
+    ...plan,
+    planDigest: mutationPlanDigest(plan)
+  };
+}
+function assertMutationPlanDigest(plan, expectedPlanDigest) {
+  if (expectedPlanDigest && mutationPlanDigest(plan) !== expectedPlanDigest) {
+    throw new Error("Approved plan digest does not match the current execution plan.");
+  }
+}
+function parseToken(token) {
+  if (!token)
+    return null;
+  const parts = token.split(".");
+  if (parts.length !== 3 || parts[0] !== TOKEN_PREFIX)
+    return null;
+  try {
+    const claims = JSON.parse(Buffer.from(parts[1] ?? "", "base64url").toString("utf8"));
+    return { payload: parts[1] ?? "", signature: parts[2] ?? "", claims };
+  } catch {
+    return null;
+  }
+}
+function claimMatches(expected, actual) {
+  if (expected === undefined)
+    return actual === undefined;
+  return actual === expected;
+}
+function verifyMutationApprovalToken(options) {
+  const env2 = options.env ?? process.env;
+  const secret = signingSecret(env2);
+  if (!secret)
+    return { approved: false, reason: `${MUTATION_APPROVAL_TOKEN_ENV} is not configured.` };
+  const parsed = parseToken(options.approvalToken);
+  if (!parsed)
+    return { approved: false, reason: "approval_token is not a scoped mutation token." };
+  if (!safeEqual(hmac(parsed.payload, secret), parsed.signature)) {
+    return { approved: false, reason: "approval_token signature is invalid." };
+  }
+  const claims = parsed.claims;
+  if (claims.version !== 1)
+    return { approved: false, reason: "approval_token version is unsupported." };
+  if (!claims.callerId || !claims.runId) {
+    return { approved: false, reason: "approval_token must include caller and run claims." };
+  }
+  if (!claims.transport) {
+    return { approved: false, reason: "approval_token must include a transport claim." };
+  }
+  if (!Number.isFinite(claims.expiresAt) || claims.expiresAt <= nowMs(options.now)) {
+    return { approved: false, reason: "approval_token is expired." };
+  }
+  const now = nowMs(options.now);
+  if (!Number.isFinite(claims.issuedAt) || claims.issuedAt > now + MAX_CLOCK_SKEW_MS) {
+    return { approved: false, reason: "approval_token issue time is invalid." };
+  }
+  if (claims.expiresAt - claims.issuedAt > MAX_TOKEN_TTL_MS) {
+    return { approved: false, reason: "approval_token TTL is too long." };
+  }
+  for (const key of ["surface", "operation", "machineId", "resourceId", "transport"]) {
+    if (!claimMatches(options[key], claims[key])) {
+      return { approved: false, reason: `approval_token ${key} claim does not match this mutation.` };
+    }
+  }
+  for (const key of ["callerId", "runId"]) {
+    if (options[key] !== undefined && options[key] !== claims[key]) {
+      return { approved: false, reason: `approval_token ${key} claim does not match this mutation.` };
+    }
+  }
+  const expectedArgsSha256 = options.argsSha256 || (options.args === undefined ? undefined : mutationArgsSha256(options.args));
+  if (expectedArgsSha256 !== undefined && claims.args_sha256 !== expectedArgsSha256) {
+    return { approved: false, reason: "approval_token args_sha256 claim does not match this mutation." };
+  }
+  const replayDecision = recordReplayNonce(env2, claims, parsed.payload, now);
+  if (replayDecision)
+    return replayDecision;
+  return { approved: true, claims };
+}
+function isMutationApproved(options = {}) {
+  const env2 = options.env ?? process.env;
+  const surface = options.surface ?? "cli";
+  if (surface === "mcp") {
+    if (!options.operation)
+      return false;
+    return verifyMutationApprovalToken({
+      surface,
+      operation: options.operation,
+      machineId: options.machineId,
+      resourceId: options.resourceId,
+      callerId: options.callerId,
+      runId: options.runId,
+      transport: options.transport ?? "mcp",
+      args: options.args,
+      argsSha256: options.argsSha256,
+      approvalToken: options.approvalToken,
+      env: env2,
+      now: options.now
+    }).approved;
+  }
+  if (options.approvalToken) {
+    const decision = options.operation ? verifyMutationApprovalToken({
+      surface,
+      operation: options.operation,
+      machineId: options.machineId,
+      resourceId: options.resourceId,
+      callerId: options.callerId,
+      runId: options.runId,
+      transport: options.transport ?? surface,
+      args: options.args,
+      argsSha256: options.argsSha256,
+      approvalToken: options.approvalToken,
+      env: env2,
+      now: options.now
+    }) : { approved: false };
+    if (decision.approved)
+      return true;
+    if (env2[MUTATION_APPROVAL_TOKEN_ENV]?.trim())
+      return false;
+  }
+  return isTruthy(env2[MUTATION_APPROVAL_FLAG_ENV]) || isTruthy(env2[LEGACY_MUTATION_APPROVAL_FLAG_ENV]);
+}
+function assertMutationApproved(options) {
+  if (isMutationApproved(options)) {
+    return;
+  }
+  const env2 = options.env ?? process.env;
+  const tokenConfigured = Boolean(env2[MUTATION_APPROVAL_TOKEN_ENV]?.trim());
+  const approvalHint = options.surface === "mcp" ? `pass a scoped approval_token signed with ${MUTATION_APPROVAL_TOKEN_ENV}` : tokenConfigured ? `pass a scoped approval_token signed with ${MUTATION_APPROVAL_TOKEN_ENV} or set ${MUTATION_APPROVAL_FLAG_ENV}=1 for a trusted local session` : `set ${MUTATION_APPROVAL_FLAG_ENV}=1 for a trusted local session or configure ${MUTATION_APPROVAL_TOKEN_ENV}`;
+  throw new Error(`Fleet mutation blocked: ${options.surface}.${options.operation} requires operator approval; ${approvalHint}.`);
+}
+function assertSdkMutationApproved(scope, options = {}) {
+  if (isTrustedSdkMutationApproval(options.trustedLocalMutation))
+    return;
+  const decision = verifyMutationApprovalToken({
+    surface: "sdk",
+    operation: scope.operation,
+    machineId: scope.machineId,
+    resourceId: scope.resourceId,
+    callerId: options.callerId,
+    runId: options.runId,
+    transport: "sdk",
+    args: scope.args,
+    argsSha256: scope.argsSha256,
+    approvalToken: options.approvalToken,
+    env: process.env
+  });
+  if (decision.approved)
+    return;
+  throw new Error(`Fleet mutation blocked: sdk.${scope.operation} requires a scoped SDK approval token.`);
+}
+var MUTATION_APPROVAL_FLAG_ENV = "HASNA_MACHINES_ALLOW_MUTATIONS", LEGACY_MUTATION_APPROVAL_FLAG_ENV = "HASNA_MACHINES_MUTATION_APPROVAL", MUTATION_APPROVAL_TOKEN_ENV = "HASNA_MACHINES_MUTATION_TOKEN", MUTATION_APPROVAL_CALLER_ENV = "HASNA_MACHINES_MUTATION_CALLER_ID", MUTATION_APPROVAL_RUN_ENV = "HASNA_MACHINES_MUTATION_RUN_ID", MUTATION_APPROVAL_REPLAY_PATH_ENV = "HASNA_MACHINES_MUTATION_REPLAY_PATH", TOKEN_PREFIX = "machines-mut-v1", DEFAULT_TOKEN_TTL_MS, MAX_TOKEN_TTL_MS, MAX_CLOCK_SKEW_MS = 30000, trustedSdkMutationApprovals;
+var init_mutation_approval = __esm(() => {
+  init_db();
+  DEFAULT_TOKEN_TTL_MS = 5 * 60 * 1000;
+  MAX_TOKEN_TTL_MS = 5 * 60 * 1000;
+  trustedSdkMutationApprovals = new WeakSet;
+});
 // src/pg-migrations.ts
 var PG_MIGRATIONS;
 var init_pg_migrations = __esm(() => {
@@ -2354,7 +2637,18 @@ function normalizeParams(params) {
   const flat = params.length === 1 && Array.isArray(params[0]) ? params[0] : params;
   return flat.map((value) => value === undefined ? null : value);
 }
-function sslConfigFor(connectionString) {
+function envFlag(env2, name) {
+  const value = env2[name]?.trim().toLowerCase();
+  return value === "1" || value === "true" || value === "yes" || value === "on";
+}
+function isLoopbackHost(hostname6) {
+  const normalized = hostname6.replace(/^\[|\]$/g, "").toLowerCase();
+  return normalized === "localhost" || normalized === "::1" || normalized === "0:0:0:0:0:0:0:1" || /^127(?:\.\d{1,3}){3}$/.test(normalized);
+}
+function allowsLocalInsecureTls(url, env2) {
+  return isLoopbackHost(url.hostname) && envFlag(env2, MACHINES_DATABASE_ALLOW_INSECURE_TLS_ENV);
+}
+function sslConfigFor(connectionString, env2 = process.env) {
   let url;
   try {
     url = new URL(connectionString);
@@ -2363,12 +2657,21 @@ function sslConfigFor(connectionString) {
   }
   const sslMode = url.searchParams.get("sslmode")?.toLowerCase();
   const ssl = url.searchParams.get("ssl")?.toLowerCase();
-  if (sslMode === "disable" || ssl === "false")
-    return;
-  if (sslMode === "no-verify" || process.env["HASNA_MACHINES_DATABASE_SSL_REJECT_UNAUTHORIZED"] === "0") {
+  const rejectUnauthorizedOverride = env2[MACHINES_DATABASE_SSL_REJECT_UNAUTHORIZED_ENV]?.trim() === "0";
+  if (sslMode === "disable" || ssl === "false") {
+    if (allowsLocalInsecureTls(url, env2))
+      return;
+    throw new Error(`Insecure PostgreSQL TLS mode is rejected for remote storage; use sslmode=require or set ${MACHINES_DATABASE_ALLOW_INSECURE_TLS_ENV}=1 only for loopback development databases.`);
+  }
+  if (sslMode === "no-verify" || rejectUnauthorizedOverride) {
+    if (!allowsLocalInsecureTls(url, env2)) {
+      throw new Error(`PostgreSQL TLS certificate verification cannot be disabled for remote storage; set ${MACHINES_DATABASE_ALLOW_INSECURE_TLS_ENV}=1 only for loopback development databases.`);
+    }
     return { rejectUnauthorized: false };
   }
-  return sslMode || ssl === "true" ? { rejectUnauthorized: true } : undefined;
+  if (sslMode || ssl === "true")
+    return { rejectUnauthorized: true };
+  return isLoopbackHost(url.hostname) ? undefined : { rejectUnauthorized: true };
 }
 class PgAdapterAsync {
@@ -2388,6 +2691,7 @@ class PgAdapterAsync {
     await this.pool.end();
   }
 }
+var MACHINES_DATABASE_ALLOW_INSECURE_TLS_ENV = "HASNA_MACHINES_ALLOW_INSECURE_DATABASE_TLS", MACHINES_DATABASE_SSL_REJECT_UNAUTHORIZED_ENV = "HASNA_MACHINES_DATABASE_SSL_REJECT_UNAUTHORIZED";
 var init_remote_storage = () => {};
 // src/storage-sync.ts
@@ -2660,15 +2964,14 @@ var init_storage_sync = __esm(() => {
 // src/storage.ts
 var exports_storage = {};
 __export(exports_storage, {
-  storageSync: () => storageSync,
-  storagePush: () => storagePush,
-  storagePull: () => storagePull,
-  runStorageMigrations: () => runStorageMigrations,
+  storageSync: () => storageSync2,
+  storagePush: () => storagePush2,
+  storagePull: () => storagePull2,
+  runStorageMigrations: () => runStorageMigrations2,
   resolveTables: () => resolveTables,
   parseStorageTables: () => parseStorageTables,
   getSyncMetaAll: () => getSyncMetaAll,
   getStorageStatus: () => getStorageStatus,
-  getStoragePg: () => getStoragePg,
   getStorageMode: () => getStorageMode,
   getStorageDatabaseUrl: () => getStorageDatabaseUrl,
   getStorageDatabaseEnvName: () => getStorageDatabaseEnvName,
@@ -2676,7 +2979,6 @@ __export(exports_storage, {
   STORAGE_TABLES: () => STORAGE_TABLES,
   STORAGE_MODE_ENV: () => STORAGE_MODE_ENV,
   STORAGE_DATABASE_ENV: () => STORAGE_DATABASE_ENV,
-  PgAdapterAsync: () => PgAdapterAsync,
   PG_MIGRATIONS: () => PG_MIGRATIONS,
   MACHINES_STORAGE_TABLES: () => MACHINES_STORAGE_TABLES,
   MACHINES_STORAGE_MODE_FALLBACK_ENV: () => MACHINES_STORAGE_MODE_FALLBACK_ENV,
@@ -2684,10 +2986,50 @@ __export(exports_storage, {
   MACHINES_STORAGE_FALLBACK_ENV: () => MACHINES_STORAGE_FALLBACK_ENV,
   MACHINES_STORAGE_ENV: () => MACHINES_STORAGE_ENV
 });
+function storageArgs(options = {}) {
+  return {
+    tables: options.tables?.length ? [...options.tables] : null
+  };
+}
+function storageResourceId(operation, options = {}) {
+  return `storage:${operation}:${mutationArgsSha256(storageArgs(options))}`;
+}
+async function runStorageMigrations2(remote, options = {}) {
+  assertSdkMutationApproved({
+    operation: "machines_storage_migrate",
+    resourceId: "storage:migrations",
+    args: {}
+  }, options);
+  return runStorageMigrations(remote);
+}
+async function storagePush2(options = {}) {
+  assertSdkMutationApproved({
+    operation: "machines_storage_push",
+    resourceId: storageResourceId("push", options),
+    args: storageArgs(options)
+  }, options);
+  return storagePush({ tables: options.tables });
+}
+async function storagePull2(options = {}) {
+  assertSdkMutationApproved({
+    operation: "machines_storage_pull",
+    resourceId: storageResourceId("pull", options),
+    args: storageArgs(options)
+  }, options);
+  return storagePull({ tables: options.tables });
+}
+async function storageSync2(options = {}) {
+  assertSdkMutationApproved({
+    operation: "machines_storage_sync",
+    resourceId: storageResourceId("sync", options),
+    args: storageArgs(options)
+  }, options);
+  return storageSync({ tables: options.tables });
+}
 var init_storage = __esm(() => {
   init_storage_sync();
+  init_mutation_approval();
   init_pg_migrations();
-  init_remote_storage();
 });
 // node_modules/commander/esm.mjs
@@ -7439,372 +7781,114 @@ function readManifestWithSource(options = {}) {
               warnings
             }
           };
-        }
-        warnings.push(`private_manifest_adapter_empty:${redactIdentifier(options.adapter.id)}`);
-      } catch (error) {
-        warnings.push(`private_manifest_adapter_failed:${redactIdentifier(options.adapter.id)}`);
-      }
-    } else {
-      warnings.push("private_manifest_ref_without_adapter");
-    }
-    const fallbackSource = fileSourceRef(path);
-    const manifest = readManifest(path);
-    return {
-      manifest,
-      info: {
-        source,
-        loadedFrom: existsSync3(path) ? "fallback" : "default",
-        fallbackSource,
-        warnings
-      }
-    };
-  }
-  return {
-    manifest: readManifest(path),
-    info: {
-      source,
-      loadedFrom: existsSync3(path) ? "file" : "default",
-      warnings
-    }
-  };
-}
-function validateManifest(path = getManifestPath()) {
-  return readManifest(path);
-}
-function writeManifest(manifest, path = getManifestPath()) {
-  ensureParentDir(path);
-  const payload = {
-    ...manifest,
-    version: 1,
-    generatedAt: new Date().toISOString(),
-    machines: normalizeMachines(manifest.machines)
-  };
-  fleetSchema.parse(payload);
-  writeFileSync(path, `${JSON.stringify(payload, null, 2)}
-`, "utf8");
-  return path;
-}
-function getManifestMachine(machineId, path = getManifestPath()) {
-  return readManifest(path).machines.find((machine) => machine.id === machineId) || null;
-}
-function detectCurrentMachineManifest() {
-  const machineId = process.env["HASNA_MACHINES_MACHINE_ID"] || hostname();
-  const user = userInfo().username;
-  const bunDir = dirname3(process.execPath);
-  return {
-    id: machineId,
-    hostname: hostname(),
-    sshAddress: `${user}@${machineId}`,
-    tailscaleName: machineId,
-    platform: normalizePlatform(),
-    connection: "local",
-    workspacePath: detectWorkspacePath(),
-    bunPath: bunDir,
-    tags: [`arch:${arch()}`],
-    packages: [],
-    files: []
-  };
-}
-// src/commands/manifest.ts
-init_paths();
-function manifestInit() {
-  return writeManifest(getDefaultManifest(), getManifestPath());
-}
-function manifestList() {
-  return readManifest();
-}
-function manifestAdd(machine) {
-  const validatedMachine = machineSchema.parse(machine);
-  const manifest = readManifest();
-  const nextMachines = manifest.machines.filter((entry) => entry.id !== validatedMachine.id);
-  nextMachines.push(validatedMachine);
-  const nextManifest = { ...manifest, machines: nextMachines };
-  writeManifest(nextManifest);
-  return nextManifest;
-}
-function manifestBootstrapCurrentMachine() {
-  return manifestAdd(detectCurrentMachineManifest());
-}
-function manifestGet(machineId) {
-  return getManifestMachine(machineId);
-}
-function manifestRemove(machineId) {
-  const manifest = readManifest();
-  const nextManifest = {
-    ...manifest,
-    machines: manifest.machines.filter((machine) => machine.id !== machineId)
-  };
-  writeManifest(nextManifest);
-  return nextManifest;
-}
-function manifestValidate() {
-  return validateManifest(getManifestPath());
-}
-// src/commands/setup.ts
-import { homedir as homedir2 } from "os";
-init_db();
-// src/commands/mutation-approval.ts
-init_db();
-import { createHash, createHmac, randomUUID, timingSafeEqual } from "crypto";
-import { resolve as resolve2 } from "path";
-var MUTATION_APPROVAL_FLAG_ENV = "HASNA_MACHINES_ALLOW_MUTATIONS";
-var LEGACY_MUTATION_APPROVAL_FLAG_ENV = "HASNA_MACHINES_MUTATION_APPROVAL";
-var MUTATION_APPROVAL_TOKEN_ENV = "HASNA_MACHINES_MUTATION_TOKEN";
-var MUTATION_APPROVAL_CALLER_ENV = "HASNA_MACHINES_MUTATION_CALLER_ID";
-var MUTATION_APPROVAL_RUN_ENV = "HASNA_MACHINES_MUTATION_RUN_ID";
-var MUTATION_APPROVAL_REPLAY_PATH_ENV = "HASNA_MACHINES_MUTATION_REPLAY_PATH";
-var TOKEN_PREFIX = "machines-mut-v1";
-var DEFAULT_TOKEN_TTL_MS = 5 * 60 * 1000;
-var MAX_TOKEN_TTL_MS = 5 * 60 * 1000;
-var MAX_CLOCK_SKEW_MS = 30000;
-function isTruthy(value) {
-  return value === "1" || value?.toLowerCase() === "true" || value?.toLowerCase() === "yes";
-}
-function nowMs(now) {
-  if (typeof now === "number")
-    return now;
-  if (now instanceof Date)
-    return now.getTime();
-  return Date.now();
-}
-function signingSecret(env2, explicitSecret) {
-  return explicitSecret?.trim() || env2[MUTATION_APPROVAL_TOKEN_ENV]?.trim();
-}
-function hmac(payload, secret) {
-  return createHmac("sha256", secret).update(payload).digest("base64url");
-}
-function sha256Hex(payload) {
-  return createHash("sha256").update(payload).digest("hex");
-}
-function replayDbPath(env2) {
-  const configured = env2[MUTATION_APPROVAL_REPLAY_PATH_ENV]?.trim();
-  return configured ? resolve2(configured) : undefined;
-}
-function replayNonceKey(claims) {
-  return sha256Hex(JSON.stringify({ nonce: claims.nonce }));
-}
-function recordReplayNonce(env2, claims, tokenPayload, now) {
-  const dbPath = replayDbPath(env2);
-  if (!dbPath)
-    return;
-  if (!claims.nonce) {
-    return { approved: false, reason: "approval_token nonce claim is required for replay protection." };
-  }
-  try {
-    const db = getDb(dbPath);
-    db.query("DELETE FROM mutation_approval_nonces WHERE expires_at <= ?").run(now);
-    const result = db.query(`
-      INSERT OR IGNORE INTO mutation_approval_nonces (
-        nonce_sha256,
-        token_sha256,
-        surface,
-        operation,
-        caller_id,
-        run_id,
-        transport,
-        expires_at,
-        used_at
-      )
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
-    `).run(replayNonceKey(claims), sha256Hex(tokenPayload), claims.surface, claims.operation, claims.callerId ?? "", claims.runId ?? "", claims.transport ?? "", claims.expiresAt, now);
-    if (result.changes !== 1) {
-      return { approved: false, reason: "approval_token nonce has already been used." };
-    }
-    return;
-  } catch (error) {
-    const message = error instanceof Error ? error.message : String(error);
-    return { approved: false, reason: `approval_token replay store is unavailable: ${message}` };
-  }
-}
-function safeEqual(left, right) {
-  const leftBuffer = Buffer.from(left);
-  const rightBuffer = Buffer.from(right);
-  return leftBuffer.length === rightBuffer.length && timingSafeEqual(leftBuffer, rightBuffer);
-}
-function canonicalizeMutationArg(value, inArray = false) {
-  if (value === undefined)
-    return inArray ? null : undefined;
-  if (value === null || typeof value === "boolean" || typeof value === "string")
-    return value;
-  if (typeof value === "number")
-    return Number.isFinite(value) ? value : null;
-  if (Array.isArray(value)) {
-    return value.map((entry) => canonicalizeMutationArg(entry, true) ?? null);
-  }
-  if (value instanceof Date)
-    return value.toISOString();
-  if (typeof value === "object") {
-    const result = {};
-    for (const key of Object.keys(value).sort()) {
-      if (key === "approval_token" || key === "approvalToken")
-        continue;
-      const canonicalValue = canonicalizeMutationArg(value[key]);
-      if (canonicalValue !== undefined)
-        result[key] = canonicalValue;
+        }
+        warnings.push(`private_manifest_adapter_empty:${redactIdentifier(options.adapter.id)}`);
+      } catch (error) {
+        warnings.push(`private_manifest_adapter_failed:${redactIdentifier(options.adapter.id)}`);
+      }
+    } else {
+      warnings.push("private_manifest_ref_without_adapter");
     }
-    return result;
+    const fallbackSource = fileSourceRef(path);
+    const manifest = readManifest(path);
+    return {
+      manifest,
+      info: {
+        source,
+        loadedFrom: existsSync3(path) ? "fallback" : "default",
+        fallbackSource,
+        warnings
+      }
+    };
   }
-  return inArray ? null : undefined;
-}
-function canonicalMutationArgs(value) {
-  return JSON.stringify(canonicalizeMutationArg(value) ?? {});
+  return {
+    manifest: readManifest(path),
+    info: {
+      source,
+      loadedFrom: existsSync3(path) ? "file" : "default",
+      warnings
+    }
+  };
 }
-function mutationArgsSha256(value) {
-  return sha256Hex(canonicalMutationArgs(value));
+function validateManifest(path = getManifestPath()) {
+  return readManifest(path);
 }
-function stripPlanRuntimeFields(value) {
-  if (Array.isArray(value))
-    return value.map(stripPlanRuntimeFields);
-  if (value instanceof Date)
-    return value;
-  if (value && typeof value === "object") {
-    const result = {};
-    for (const [key, entry] of Object.entries(value)) {
-      if (key === "planDigest" || key === "plan_digest" || key === "mode" || key === "executed")
-        continue;
-      result[key] = stripPlanRuntimeFields(entry);
-    }
-    return result;
-  }
-  return value;
+function writeManifest(manifest, path = getManifestPath()) {
+  ensureParentDir(path);
+  const payload = {
+    ...manifest,
+    version: 1,
+    generatedAt: new Date().toISOString(),
+    machines: normalizeMachines(manifest.machines)
+  };
+  fleetSchema.parse(payload);
+  writeFileSync(path, `${JSON.stringify(payload, null, 2)}
+`, "utf8");
+  return path;
 }
-function mutationPlanDigest(plan) {
-  return mutationArgsSha256(stripPlanRuntimeFields(plan));
+function getManifestMachine(machineId, path = getManifestPath()) {
+  return readManifest(path).machines.find((machine) => machine.id === machineId) || null;
 }
-function attachMutationPlanDigest(plan) {
+function detectCurrentMachineManifest() {
+  const machineId = process.env["HASNA_MACHINES_MACHINE_ID"] || hostname();
+  const user = userInfo().username;
+  const bunDir = dirname3(process.execPath);
   return {
-    ...plan,
-    planDigest: mutationPlanDigest(plan)
+    id: machineId,
+    hostname: hostname(),
+    sshAddress: `${user}@${machineId}`,
+    tailscaleName: machineId,
+    platform: normalizePlatform(),
+    connection: "local",
+    workspacePath: detectWorkspacePath(),
+    bunPath: bunDir,
+    tags: [`arch:${arch()}`],
+    packages: [],
+    files: []
   };
 }
-function assertMutationPlanDigest(plan, expectedPlanDigest) {
-  if (expectedPlanDigest && mutationPlanDigest(plan) !== expectedPlanDigest) {
-    throw new Error("Approved plan digest does not match the current execution plan.");
-  }
+// src/commands/manifest.ts
+init_paths();
+function manifestInit() {
+  return writeManifest(getDefaultManifest(), getManifestPath());
 }
-function parseToken(token) {
-  if (!token)
-    return null;
-  const parts = token.split(".");
-  if (parts.length !== 3 || parts[0] !== TOKEN_PREFIX)
-    return null;
-  try {
-    const claims = JSON.parse(Buffer.from(parts[1] ?? "", "base64url").toString("utf8"));
-    return { payload: parts[1] ?? "", signature: parts[2] ?? "", claims };
-  } catch {
-    return null;
-  }
+function manifestList() {
+  return readManifest();
 }
-function claimMatches(expected, actual) {
-  if (expected === undefined)
-    return actual === undefined;
-  return actual === expected;
+function manifestAdd(machine) {
+  const validatedMachine = machineSchema.parse(machine);
+  const manifest = readManifest();
+  const nextMachines = manifest.machines.filter((entry) => entry.id !== validatedMachine.id);
+  nextMachines.push(validatedMachine);
+  const nextManifest = { ...manifest, machines: nextMachines };
+  writeManifest(nextManifest);
+  return nextManifest;
 }
-function verifyMutationApprovalToken(options) {
-  const env2 = options.env ?? process.env;
-  const secret = signingSecret(env2);
-  if (!secret)
-    return { approved: false, reason: `${MUTATION_APPROVAL_TOKEN_ENV} is not configured.` };
-  const parsed = parseToken(options.approvalToken);
-  if (!parsed)
-    return { approved: false, reason: "approval_token is not a scoped mutation token." };
-  if (!safeEqual(hmac(parsed.payload, secret), parsed.signature)) {
-    return { approved: false, reason: "approval_token signature is invalid." };
-  }
-  const claims = parsed.claims;
-  if (claims.version !== 1)
-    return { approved: false, reason: "approval_token version is unsupported." };
-  if (!claims.callerId || !claims.runId) {
-    return { approved: false, reason: "approval_token must include caller and run claims." };
-  }
-  if (!claims.transport) {
-    return { approved: false, reason: "approval_token must include a transport claim." };
-  }
-  if (!Number.isFinite(claims.expiresAt) || claims.expiresAt <= nowMs(options.now)) {
-    return { approved: false, reason: "approval_token is expired." };
-  }
-  const now = nowMs(options.now);
-  if (!Number.isFinite(claims.issuedAt) || claims.issuedAt > now + MAX_CLOCK_SKEW_MS) {
-    return { approved: false, reason: "approval_token issue time is invalid." };
-  }
-  if (claims.expiresAt - claims.issuedAt > MAX_TOKEN_TTL_MS) {
-    return { approved: false, reason: "approval_token TTL is too long." };
-  }
-  for (const key of ["surface", "operation", "machineId", "resourceId", "transport"]) {
-    if (!claimMatches(options[key], claims[key])) {
-      return { approved: false, reason: `approval_token ${key} claim does not match this mutation.` };
-    }
-  }
-  for (const key of ["callerId", "runId"]) {
-    if (options[key] !== undefined && options[key] !== claims[key]) {
-      return { approved: false, reason: `approval_token ${key} claim does not match this mutation.` };
-    }
-  }
-  const expectedArgsSha256 = options.argsSha256 || (options.args === undefined ? undefined : mutationArgsSha256(options.args));
-  if (expectedArgsSha256 !== undefined && claims.args_sha256 !== expectedArgsSha256) {
-    return { approved: false, reason: "approval_token args_sha256 claim does not match this mutation." };
-  }
-  const replayDecision = recordReplayNonce(env2, claims, parsed.payload, now);
-  if (replayDecision)
-    return replayDecision;
-  return { approved: true, claims };
+function manifestBootstrapCurrentMachine() {
+  return manifestAdd(detectCurrentMachineManifest());
 }
-function isMutationApproved(options = {}) {
-  const env2 = options.env ?? process.env;
-  const surface = options.surface ?? "cli";
-  if (surface === "mcp") {
-    if (!options.operation)
-      return false;
-    return verifyMutationApprovalToken({
-      surface,
-      operation: options.operation,
-      machineId: options.machineId,
-      resourceId: options.resourceId,
-      callerId: options.callerId,
-      runId: options.runId,
-      transport: options.transport ?? "mcp",
-      args: options.args,
-      argsSha256: options.argsSha256,
-      approvalToken: options.approvalToken,
-      env: env2,
-      now: options.now
-    }).approved;
-  }
-  if (options.approvalToken) {
-    const decision = options.operation ? verifyMutationApprovalToken({
-      surface,
-      operation: options.operation,
-      machineId: options.machineId,
-      resourceId: options.resourceId,
-      callerId: options.callerId,
-      runId: options.runId,
-      transport: options.transport ?? surface,
-      args: options.args,
-      argsSha256: options.argsSha256,
-      approvalToken: options.approvalToken,
-      env: env2,
-      now: options.now
-    }) : { approved: false };
-    if (decision.approved)
-      return true;
-    if (env2[MUTATION_APPROVAL_TOKEN_ENV]?.trim())
-      return false;
-  }
-  return isTruthy(env2[MUTATION_APPROVAL_FLAG_ENV]) || isTruthy(env2[LEGACY_MUTATION_APPROVAL_FLAG_ENV]);
+function manifestGet(machineId) {
+  return getManifestMachine(machineId);
 }
-function assertMutationApproved(options) {
-  if (isMutationApproved(options)) {
-    return;
-  }
-  const env2 = options.env ?? process.env;
-  const tokenConfigured = Boolean(env2[MUTATION_APPROVAL_TOKEN_ENV]?.trim());
-  const approvalHint = options.surface === "mcp" ? `pass a scoped approval_token signed with ${MUTATION_APPROVAL_TOKEN_ENV}` : tokenConfigured ? `pass a scoped approval_token signed with ${MUTATION_APPROVAL_TOKEN_ENV} or set ${MUTATION_APPROVAL_FLAG_ENV}=1 for a trusted local session` : `set ${MUTATION_APPROVAL_FLAG_ENV}=1 for a trusted local session or configure ${MUTATION_APPROVAL_TOKEN_ENV}`;
-  throw new Error(`Fleet mutation blocked: ${options.surface}.${options.operation} requires operator approval; ${approvalHint}.`);
+function manifestRemove(machineId) {
+  const manifest = readManifest();
+  const nextManifest = {
+    ...manifest,
+    machines: manifest.machines.filter((machine) => machine.id !== machineId)
+  };
+  writeManifest(nextManifest);
+  return nextManifest;
+}
+function manifestValidate() {
+  return validateManifest(getManifestPath());
 }
+// src/commands/setup.ts
+import { homedir as homedir2 } from "os";
+init_db();
+init_mutation_approval();
 // src/remote.ts
 init_db();
 import { spawnSync as spawnSync2 } from "child_process";
@@ -9660,12 +9744,13 @@ ${after}` : `
   return `${prefix}${block}
 `;
 }
-function loadTailscale(runner, warnings) {
-  if (runner("command -v tailscale >/dev/null 2>&1").exitCode !== 0) {
-    warnings.push("tailscale_not_available");
+function loadTailscaleStatus(runner, binary, warnings) {
+  if (!binary) {
+    if (!warnings.includes("tailscale_not_available"))
+      warnings.push("tailscale_not_available");
     return null;
   }
-  const result = runner("tailscale status --json");
+  const result = runner(`"${binary}" status --json`);
   if (result.exitCode !== 0) {
     warnings.push("tailscale_status_failed");
     return null;
@@ -9694,9 +9779,23 @@ function collectPingTargets(tailscale, localSubnets) {
   }
   return targets;
 }
-function warmDirectPaths(runner, targets, timeoutSeconds = 2) {
+var TAILSCALE_CANDIDATES = [
+  "tailscale",
+  "/usr/local/bin/tailscale",
+  "/opt/homebrew/bin/tailscale",
+  "/Applications/Tailscale.app/Contents/MacOS/Tailscale"
+];
+function resolveTailscaleBinary(runner) {
+  for (const candidate of TAILSCALE_CANDIDATES) {
+    const check = candidate.includes("/") ? `test -x "${candidate}"` : `command -v ${candidate} >/dev/null 2>&1`;
+    if (runner(check).exitCode === 0)
+      return candidate;
+  }
+  return null;
+}
+function warmDirectPaths(runner, targets, binary, timeoutSeconds = 2) {
   for (const target of targets) {
-    runner(`tailscale ping --c 1 --timeout ${timeoutSeconds}s ${target} >/dev/null 2>&1 || true`);
+    runner(`"${binary}" ping --c 1 --timeout ${timeoutSeconds}s ${target} >/dev/null 2>&1 || true`);
   }
 }
 function resolveLocalMachineId(tailscale, explicit) {
@@ -9707,14 +9806,15 @@ function resolveLocalMachineId(tailscale, explicit) {
 function planFleetHosts(options = {}) {
   const runner = options.runner ?? defaultRunner2;
   const warnings = [];
-  let tailscale = loadTailscale(runner, warnings);
+  const binary = resolveTailscaleBinary(runner);
+  let tailscale = loadTailscaleStatus(runner, binary, warnings);
   const manifest = readManifest();
   const localSubnets = options.localSubnets ?? localPrivateSubnets();
-  if (options.warm !== false && tailscale && localSubnets.length > 0) {
+  if (options.warm !== false && tailscale && binary && localSubnets.length > 0) {
     const targets = collectPingTargets(tailscale, localSubnets);
     if (targets.length > 0) {
-      warmDirectPaths(runner, targets, options.warmTimeoutSeconds);
-      tailscale = loadTailscale(runner, warnings) ?? tailscale;
+      warmDirectPaths(runner, targets, binary, options.warmTimeoutSeconds);
+      tailscale = loadTailscaleStatus(runner, binary, warnings) ?? tailscale;
     }
   }
   const localMachineId = resolveLocalMachineId(tailscale, options.localMachineId);
@@ -9794,6 +9894,7 @@ function diffMachines(leftMachineId, rightMachineId) {
 }
 // src/commands/apps.ts
+init_mutation_approval();
 function getPackageName(app) {
   return app.packageName || app.name;
 }
@@ -9934,6 +10035,7 @@ function runAppsPlan(plan, options = {}, runner = runMachineCommand) {
 }
 // src/commands/install-claude.ts
+init_mutation_approval();
 var AI_CLI_PACKAGES = {
   claude: "@anthropic-ai/claude-code",
   codex: "@openai/codex",
@@ -10041,6 +10143,7 @@ function runClaudeInstallPlan(plan, options = {}, runner = runMachineCommand) {
 }
 // src/commands/install-tailscale.ts
+init_mutation_approval();
 function buildInstallSteps2(machine) {
   if (machine.platform === "macos") {
     return [
@@ -10108,6 +10211,7 @@ function runTailscaleInstallPlan(plan, options = {}, runner = runMachineCommand)
 import { accessSync, constants, existsSync as existsSync8, readFileSync as readFileSync6, writeFileSync as writeFileSync4 } from "fs";
 import { delimiter, isAbsolute, join as join7 } from "path";
 init_paths();
+init_mutation_approval();
 var notificationChannelSchema = exports_external.object({
   id: exports_external.string(),
   type: exports_external.enum(["email", "webhook", "command"]),
@@ -10451,9 +10555,20 @@ import { EventsClient } from "@hasna/events";
 function shellQuote5(value) {
   return `'${value.replace(/'/g, "'\\''")}'`;
 }
+function commandBasename(command) {
+  const withoutArgs = command.trim().split(/\s+/, 1)[0] ?? "";
+  return withoutArgs.split(/[\\/]/).filter(Boolean).at(-1) ?? withoutArgs;
+}
+function assertMachinesCommandSafe(command) {
+  const basename = commandBasename(command);
+  if (basename === "events" || basename === "hasna-events") {
+    throw new Error("tmux-hook-plan machines command must invoke the machines CLI, not dependency-owned @hasna/events bins.");
+  }
+}
 function buildTmuxPaneDiedHookPlan(options = {}) {
   const tmuxCommand = options.tmuxCommand ?? process.env["HASNA_MACHINES_TMUX_BIN"] ?? "tmux";
   const machinesCommand = options.machinesCommand ?? "machines";
+  assertMachinesCommandSafe(machinesCommand);
   const deliver = options.deliver === true;
   const approvalToken = options.approvalToken?.trim();
   const trustedLocalMutation = approvalToken ? false : options.trustedLocalMutation === true;
@@ -10694,6 +10809,7 @@ import { existsSync as existsSync9, lstatSync, readFileSync as readFileSync7, sy
 import { homedir as homedir5 } from "os";
 init_paths();
 init_db();
+init_mutation_approval();
 function quote4(value) {
   return `'${value.replace(/'/g, `'\\''`)}'`;
 }
@@ -11478,6 +11594,9 @@ function runDoctor(machineId, options = {}) {
   };
 }
+// src/cli/index.ts
+init_mutation_approval();
 // src/commands/daemon.ts
 import { execFileSync } from "child_process";
 import { chmodSync, existsSync as existsSync10, readFileSync as readFileSync8, statSync, mkdirSync as mkdirSync2, writeFileSync as writeFileSync5 } from "fs";
@@ -12037,6 +12156,7 @@ function getAgentStatus(machineId, options = {}) {
 }
 // src/commands/serve.ts
+init_mutation_approval();
 function escapeHtml(value) {
   return value.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;").replaceAll('"', "&quot;").replaceAll("'", "&#39;");
 }
@@ -12496,6 +12616,16 @@ function startDashboardServer(options = {}) {
 function check(id, status, summary, detail) {
   return { id, status, summary, detail };
 }
+function summarize(checks) {
+  const counts = checks.reduce((acc, entry) => {
+    acc[entry.status] += 1;
+    return acc;
+  }, { ok: 0, warn: 0, fail: 0 });
+  return {
+    overall: counts.fail > 0 ? "fail" : counts.warn > 0 ? "warn" : "ok",
+    counts
+  };
+}
 function runSelfTest() {
   const version = getPackageVersion();
   const status = getStatus();
@@ -12507,19 +12637,21 @@ function runSelfTest() {
   const apps = listApps(machineId);
   const appsDiff = diffApps(machineId);
   const cliPlan = buildClaudeInstallPlan(machineId);
+  const checks = [
+    check("package-version", version === "0.0.0" ? "fail" : "ok", "Package version resolves", version),
+    check("status", "ok", "Status loads", JSON.stringify({ machines: status.manifestMachineCount, heartbeats: status.heartbeatCount })),
+    check("doctor", doctor.checks.some((entry) => entry.status === "fail") ? "warn" : "ok", "Doctor completed", `${doctor.checks.length} checks`),
+    check("serve-info", "ok", "Dashboard info renders", `${serveInfo.url} routes=${serveInfo.routes.length}`),
+    check("dashboard-html", html.includes("Machines Dashboard") ? "ok" : "fail", "Dashboard HTML renders", html.slice(0, 80)),
+    check("notifications", "ok", "Notifications config loads", `${notifications.channels.length} channels`),
+    check("apps", "ok", "Apps manifest loads", `${apps.apps.length} apps`),
+    check("apps-diff", appsDiff.missing.length === 0 ? "ok" : "warn", "Apps diff computed", `missing=${appsDiff.missing.length} installed=${appsDiff.installed.length}`),
+    check("install-claude-plan", cliPlan.steps.length > 0 ? "ok" : "warn", "Install plan renders", `${cliPlan.steps.length} steps`)
+  ];
   return {
     machineId,
-    checks: [
-      check("package-version", version === "0.0.0" ? "fail" : "ok", "Package version resolves", version),
-      check("status", "ok", "Status loads", JSON.stringify({ machines: status.manifestMachineCount, heartbeats: status.heartbeatCount })),
-      check("doctor", doctor.checks.some((entry) => entry.status === "fail") ? "warn" : "ok", "Doctor completed", `${doctor.checks.length} checks`),
-      check("serve-info", "ok", "Dashboard info renders", `${serveInfo.url} routes=${serveInfo.routes.length}`),
-      check("dashboard-html", html.includes("Machines Dashboard") ? "ok" : "fail", "Dashboard HTML renders", html.slice(0, 80)),
-      check("notifications", "ok", "Notifications config loads", `${notifications.channels.length} channels`),
-      check("apps", "ok", "Apps manifest loads", `${apps.apps.length} apps`),
-      check("apps-diff", appsDiff.missing.length === 0 ? "ok" : "warn", "Apps diff computed", `missing=${appsDiff.missing.length} installed=${appsDiff.installed.length}`),
-      check("install-claude-plan", cliPlan.steps.length > 0 ? "ok" : "warn", "Install plan renders", `${cliPlan.steps.length} steps`)
-    ]
+    ...summarize(checks),
+    checks
   };
 }
@@ -13616,6 +13748,7 @@ function renderDoctorResult(report) {
 function renderSelfTestResult(result) {
   return [
     `machine: ${result.machineId}`,
+    `overall: ${result.overall} ok=${result.counts.ok} warn=${result.counts.warn} fail=${result.counts.fail}`,
     ...result.checks.map((check2) => {
       const status = check2.status === "ok" ? source_default.green(check2.status) : check2.status === "warn" ? source_default.yellow(check2.status) : source_default.red(check2.status);
       return `${check2.id.padEnd(20)} ${status} ${check2.detail}`;
@@ -14749,10 +14882,10 @@ storageCommand.command("status").description("Show storage sync status").option(
 });
 storageCommand.command("push").description("Push local machine runtime data to storage PostgreSQL").option("--tables <tables>", "Comma-separated table names").option("--approval-token <token>", "Scoped mutation approval token").option("-j, --json", "Print JSON output", false).action(async (options) => {
   try {
-    const { parseStorageTables: parseStorageTables2, resolveTables: resolveTables2, storagePush: storagePush2 } = await Promise.resolve().then(() => (init_storage(), exports_storage));
+    const { parseStorageTables: parseStorageTables2, resolveTables: resolveTables2, storagePush: storagePush3 } = await Promise.resolve().then(() => (init_storage(), exports_storage));
     const tables = resolveTables2(parseStorageTables2(options.tables));
     requireCliMutation("storage_push", options.approvalToken, { resourceId: cliResourceId("storage-push", tables.join(",")), args: { tables } });
-    const results = await storagePush2({ tables });
+    const results = await storagePush3({ tables, trustedLocalMutation: createTrustedSdkMutationApproval() });
     printStorageResults(results, options.json);
   } catch (error) {
     printStorageError(error);
@@ -14760,10 +14893,10 @@ storageCommand.command("push").description("Push local machine runtime data to s
 });
 storageCommand.command("pull").description("Pull machine runtime data from storage PostgreSQL to local SQLite").option("--tables <tables>", "Comma-separated table names").option("--approval-token <token>", "Scoped mutation approval token").option("-j, --json", "Print JSON output", false).action(async (options) => {
   try {
-    const { parseStorageTables: parseStorageTables2, resolveTables: resolveTables2, storagePull: storagePull2 } = await Promise.resolve().then(() => (init_storage(), exports_storage));
+    const { parseStorageTables: parseStorageTables2, resolveTables: resolveTables2, storagePull: storagePull3 } = await Promise.resolve().then(() => (init_storage(), exports_storage));
     const tables = resolveTables2(parseStorageTables2(options.tables));
     requireCliMutation("storage_pull", options.approvalToken, { resourceId: cliResourceId("storage-pull", tables.join(",")), args: { tables } });
-    const results = await storagePull2({ tables });
+    const results = await storagePull3({ tables, trustedLocalMutation: createTrustedSdkMutationApproval() });
     printStorageResults(results, options.json);
   } catch (error) {
     printStorageError(error);
@@ -14771,10 +14904,10 @@ storageCommand.command("pull").description("Pull machine runtime data from stora
 });
 storageCommand.command("sync").description("Bidirectional storage sync: pull then push").option("--tables <tables>", "Comma-separated table names").option("--approval-token <token>", "Scoped mutation approval token").option("-j, --json", "Print JSON output", false).action(async (options) => {
   try {
-    const { parseStorageTables: parseStorageTables2, resolveTables: resolveTables2, storageSync: storageSync2 } = await Promise.resolve().then(() => (init_storage(), exports_storage));
+    const { parseStorageTables: parseStorageTables2, resolveTables: resolveTables2, storageSync: storageSync3 } = await Promise.resolve().then(() => (init_storage(), exports_storage));
     const tables = resolveTables2(parseStorageTables2(options.tables));
     requireCliMutation("storage_sync", options.approvalToken, { resourceId: cliResourceId("storage-sync", tables.join(",")), args: { tables } });
-    const result = await storageSync2({ tables });
+    const result = await storageSync3({ tables, trustedLocalMutation: createTrustedSdkMutationApproval() });
     if (options.json) {
       console.log(JSON.stringify(result, null, 2));
       return;