@highflame/overwatch 1.0.0

package/dist/services/systemd.d.ts

@@ -0,0 +1,12 @@
+import { SystemService, ServiceStatus } from "./interface";
+export declare class SystemdService implements SystemService {
+    private readonly daemonPath;
+    private readonly servicePath;
+    private readonly logPath;
+    private readonly errPath;
+    constructor();
+    install(): Promise<void>;
+    uninstall(): Promise<void>;
+    getStatus(): Promise<ServiceStatus>;
+}
+//# sourceMappingURL=systemd.d.ts.map

package/dist/services/systemd.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"systemd.d.ts","sourceRoot":"","sources":["../../src/services/systemd.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE3D,qBAAa,cAAe,YAAW,aAAa;IAClD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;;IAiB3B,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IA0CxB,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;IA8B1B,SAAS,IAAI,OAAO,CAAC,aAAa,CAAC;CAwB1C"}

package/dist/services/windows.d.ts

@@ -0,0 +1,7 @@
+import { SystemService, ServiceStatus } from "./interface";
+export declare class WindowsService implements SystemService {
+    install(): Promise<void>;
+    uninstall(): Promise<void>;
+    getStatus(): Promise<ServiceStatus>;
+}
+//# sourceMappingURL=windows.d.ts.map

package/dist/services/windows.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"windows.d.ts","sourceRoot":"","sources":["../../src/services/windows.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE3D,qBAAa,cAAe,YAAW,aAAa;IAC5C,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAexB,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC;IAK1B,SAAS,IAAI,OAAO,CAAC,aAAa,CAAC;CAO1C"}

package/dist/skills/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Skills Scanner Module
+ * Exports for scanning Claude Code personal skills
+ */
+export * from "./types";
+export * from "./scanner";
+//# sourceMappingURL=index.d.ts.map

package/dist/skills/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/skills/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC"}

package/dist/skills/scanner.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Skills Scanner
+ * Stateless scanner for personal skills from:
+ * - ~/.claude/skills/ (Claude Code)
+ * - ~/.cursor/skills/ (Cursor)
+ * Backend handles change detection via contentHash
+ */
+import { SkillScanResult } from "./types";
+export declare class SkillsScanner {
+    /**
+     * Scan personal skills from both directories:
+     * - ~/.claude/skills/
+     * - ~/.cursor/skills/
+     * Returns current state
+     */
+    scan(): Promise<SkillScanResult>;
+    /**
+     * Scan skills directory
+     */
+    private scanDirectory;
+    /**
+     * Check if a path exists
+     */
+    private exists;
+    /**
+     * Read full SKILL.md content
+     */
+    private readSkillContent;
+    /**
+     * List files in skill directory (recursive)
+     */
+    private listSkillFiles;
+    /**
+     * Hash content for backend deduplication
+     */
+    private hashContent;
+    /**
+     * Scan project-level skills from:
+     * - {workspace}/.claude/skills/
+     * - {workspace}/.cursor/skills/
+     */
+    scanProjectSkills(workspace: string): Promise<SkillScanResult>;
+}
+//# sourceMappingURL=scanner.d.ts.map

package/dist/skills/scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.d.ts","sourceRoot":"","sources":["../../src/skills/scanner.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,EAAe,eAAe,EAAE,MAAM,SAAS,CAAC;AAMvD,qBAAa,aAAa;IACxB;;;;;OAKG;IACG,IAAI,IAAI,OAAO,CAAC,eAAe,CAAC;IA+BtC;;OAEG;YACW,aAAa;IA2C3B;;OAEG;YACW,MAAM;IASpB;;OAEG;YACW,gBAAgB;IAkB9B;;OAEG;YACW,cAAc;IAgC5B;;OAEG;IACH,OAAO,CAAC,WAAW;IAMnB;;;;OAIG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;CAmCrE"}

package/dist/skills/types.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Skills Scanner Types
+ * Type definitions for Claude Code skills scanning
+ */
+export interface SkillRecord {
+    /** Directory name (skill identifier) */
+    name: string;
+    /** Full path to skill directory */
+    path: string;
+    /** Full SKILL.md content (raw) */
+    content: string;
+    /** SHA256 for backend deduplication */
+    contentHash: string;
+    /** Other files in skill directory */
+    files: string[];
+}
+export interface SkillScanResult {
+    /** ISO timestamp */
+    timestamp: string;
+    /** Number of skills found */
+    totalSkills: number;
+    /** List of scanned skills */
+    skills: SkillRecord[];
+    /** Duration in milliseconds */
+    scanDurationMs: number;
+    /** Workspace path (present for project-level scans) */
+    workspace?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/skills/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/skills/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,WAAW;IAC1B,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb,mCAAmC;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,kCAAkC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,uCAAuC;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,qCAAqC;IACrC,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,oBAAoB;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,6BAA6B;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,6BAA6B;IAC7B,MAAM,EAAE,WAAW,EAAE,CAAC;IACtB,+BAA+B;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,uDAAuD;IACvD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB"}

package/dist/types/config.d.ts

@@ -0,0 +1,165 @@
+/**
+ * Supported IDE types
+ */
+export type IDEType = "cursor" | "claudecode" | "github_copilot";
+/**
+ * IDE source constants - use these instead of hard-coding strings
+ */
+export declare const IDE_SOURCES: {
+    readonly CURSOR: "cursor";
+    readonly CLAUDE_CODE: "claudecode";
+    readonly GITHUB_COPILOT: "github_copilot";
+};
+/**
+ * Operating mode
+ */
+export type OperatingMode = "inspect" | "enforce";
+/**
+ * Per-IDE configuration (no longer contains token - uses JWT from session)
+ */
+export interface IDEConfig {
+    /** Whether this IDE is enabled */
+    enabled?: boolean;
+    /** Operating mode: inspect (allow all, record) or enforce (block threats) */
+    mode: OperatingMode;
+    /** Whether hooks are installed for this IDE */
+    hooksInstalled?: boolean;
+    /** Path to hooks directory */
+    hooksPath?: string;
+}
+/**
+ * LLM configuration for MCP scanning
+ */
+export interface LLMConfig {
+    /** LLM API key for evaluation (e.g., OpenAI, Anthropic) */
+    apiKey?: string;
+    /** LLM provider (openai, anthropic, etc.) */
+    provider?: string;
+}
+/**
+ * Engine configuration
+ */
+export interface EnginesConfig {
+    /** YARA engine settings */
+    yara?: {
+        enabled?: boolean;
+        rulesDir?: string;
+    };
+    /** Cedar policy engine settings */
+    cedar?: {
+        enabled?: boolean;
+        policyFile?: string;
+    };
+    /** Javelin (Highflame) remote validation */
+    javelin?: {
+        enabled?: boolean;
+    };
+}
+/**
+ * Daemon configuration
+ */
+export interface DaemonConfig {
+    /** Auto-start daemon on boot */
+    autoStart?: boolean;
+    /** Log level */
+    logLevel?: "debug" | "info" | "warn" | "error";
+    /** Preferred ports to try (first available will be used) */
+    ports?: number[];
+}
+/**
+ * Highflame API configuration
+ */
+export interface HighflameConfig {
+    /** Highflame API base URL */
+    baseUrl?: string;
+}
+/**
+ * OAuth authentication configuration (stored in session.json)
+ */
+export interface AuthConfig {
+    /** OAuth access token (JWT) */
+    access_token: string;
+    /** OAuth refresh token for token renewal */
+    refresh_token: string;
+    /** Token expiry timestamp in milliseconds (Unix epoch) */
+    expires_at: number;
+    /** Token type (always Bearer) */
+    token_type: "Bearer";
+    /** Authenticated user information */
+    user?: {
+        email: string;
+        name?: string;
+        org_id?: string;
+        org_name?: string;
+    };
+    /** ISO timestamp when authentication occurred */
+    authenticated_at: string;
+}
+/**
+ * Admin API configuration (derived from Highflame config)
+ */
+export interface AdminConfig {
+    /** Whether admin API is enabled */
+    enabled: boolean;
+    /** Admin API base URL */
+    baseUrl: string | null;
+}
+/**
+ * Unified overwatch config file structure (~/.overwatch/config.json)
+ */
+export interface OverwatchConfig {
+    /** Config version */
+    version: string;
+    /** Config creation timestamp */
+    createdAt?: string;
+    /** Highflame API settings */
+    highflame?: HighflameConfig;
+    /** LLM configuration for MCP scanning */
+    llm?: LLMConfig;
+    /** Security engines configuration */
+    engines?: EnginesConfig;
+    /** Remote policy settings */
+    remotePolicy?: {
+        /** Whether remote policy fetching is enabled */
+        enabled?: boolean;
+        /** Poll interval in minutes for remote policy refresh */
+        pollIntervalMinutes?: number;
+    };
+    /** Per-IDE configurations */
+    ides?: {
+        cursor?: IDEConfig;
+        claudecode?: IDEConfig;
+        github_copilot?: IDEConfig;
+    };
+    /** Daemon settings */
+    daemon?: DaemonConfig;
+    /** Global enabled flag */
+    enabled?: boolean;
+}
+/**
+ * Guardian daemon configuration (runtime)
+ */
+export interface GuardianConfig {
+    /** IDE type - determines which hooks to use */
+    ide?: IDEType;
+    /** HTTP server port */
+    httpPort?: number;
+    /** Enable debug logging */
+    debug?: boolean;
+    /** Highflame API configuration */
+    javelin?: {
+        /** Javelin API base URL */
+        baseUrl?: string;
+        /** Request timeout in milliseconds */
+        timeout?: number;
+    };
+}
+/**
+ * Default configuration values
+ */
+export declare const DEFAULT_CONFIG: Required<GuardianConfig>;
+/**
+ * Default Overwatch config structure
+ */
+export declare const DEFAULT_OVERWATCH_CONFIG: OverwatchConfig;
+//# sourceMappingURL=config.d.ts.map

package/dist/types/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/types/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG,QAAQ,GAAG,YAAY,GAAG,gBAAgB,CAAC;AAEjE;;GAEG;AACH,eAAO,MAAM,WAAW;;;;CAId,CAAC;AAEX;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,SAAS,GAAG,SAAS,CAAC;AAElD;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,kCAAkC;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,6EAA6E;IAC7E,IAAI,EAAE,aAAa,CAAC;IAEpB,+CAA+C;IAC/C,cAAc,CAAC,EAAE,OAAO,CAAC;IAEzB,8BAA8B;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,2DAA2D;IAC3D,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,6CAA6C;IAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,IAAI,CAAC,EAAE;QACL,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IAEF,mCAAmC;IACnC,KAAK,CAAC,EAAE;QACN,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;IAEF,4CAA4C;IAC5C,OAAO,CAAC,EAAE;QACR,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,gCAAgC;IAChC,SAAS,CAAC,EAAE,OAAO,CAAC;IAEpB,gBAAgB;IAChB,QAAQ,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;IAE/C,4DAA4D;IAC5D,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,6BAA6B;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,+BAA+B;IAC/B,YAAY,EAAE,MAAM,CAAC;IAErB,4CAA4C;IAC5C,aAAa,EAAE,MAAM,CAAC;IAEtB,0DAA0D;IAC1D,UAAU,EAAE,MAAM,CAAC;IAEnB,iCAAiC;IACjC,UAAU,EAAE,QAAQ,CAAC;IAErB,qCAAqC;IACrC,IAAI,CAAC,EAAE;QACL,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IAEF,iDAAiD;IACjD,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,mCAAmC;IACnC,OAAO,EAAE,OAAO,CAAC;IAEjB,yBAAyB;IACzB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,qBAAqB;IACrB,OAAO,EAAE,MAAM,CAAC;IAEhB,gCAAgC;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,6BAA6B;IAC7B,SAAS,CAAC,EAAE,eAAe,CAAC;IAE5B,yCAAyC;IACzC,GAAG,CAAC,EAAE,SAAS,CAAC;IAEhB,qCAAqC;IACrC,OAAO,CAAC,EAAE,aAAa,CAAC;IAExB,6BAA6B;IAC7B,YAAY,CAAC,EAAE;QACb,gDAAgD;QAChD,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,yDAAyD;QACzD,mBAAmB,CAAC,EAAE,MAAM,CAAC;KAC9B,CAAC;IAEF,6BAA6B;IAC7B,IAAI,CAAC,EAAE;QACL,MAAM,CAAC,EAAE,SAAS,CAAC;QACnB,UAAU,CAAC,EAAE,SAAS,CAAC;QACvB,cAAc,CAAC,EAAE,SAAS,CAAC;KAC5B,CAAC;IAEF,sBAAsB;IACtB,MAAM,CAAC,EAAE,YAAY,CAAC;IAEtB,0BAA0B;IAC1B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,+CAA+C;IAC/C,GAAG,CAAC,EAAE,OAAO,CAAC;IAEd,uBAAuB;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,2BAA2B;IAC3B,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,kCAAkC;IAClC,OAAO,CAAC,EAAE;QACR,2BAA2B;QAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;QAEjB,sCAAsC;QACtC,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED;;GAEG;AACH,eAAO,MAAM,cAAc,EAAE,QAAQ,CAAC,cAAc,CAQnD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wBAAwB,EAAE,eAsBtC,CAAC"}

package/dist/types/events.d.ts

@@ -0,0 +1,225 @@
+/**
+ * Event types for Guardian
+ */
+/**
+ * Supported IDE sources
+ */
+export type IDESource = "cursor" | "claudecode" | "github_copilot" | "langgraph" | "pydantic_ai" | string;
+/**
+ * Semantic action types - high-level intent of an event
+ * These represent what the user/agent is trying to do, regardless of IDE/framework
+ *
+ * Tool-based actions are separated into:
+ * - "tool": Native IDE tools (shell, file operations, etc.)
+ * - "mcp": MCP tool calls
+ */
+export type SemanticAction = "prompt" | "tool" | "mcp" | "session";
+/**
+ * Canonical event model - normalized representation of any action
+ * This is the standardized internal model that extractors produce
+ * and security engines consume, independent of source IDE/framework
+ */
+export interface OverwatchEvent {
+    id: string;
+    type: SemanticAction;
+    content: string;
+    source: IDESource;
+    context: {
+        cwd?: string;
+        tool_name?: string;
+        mcp_server?: string;
+        mcp_tool?: string;
+        user_email?: string;
+        workspace_root?: string;
+        file_path?: string;
+        command?: string;
+        arguments?: Record<string, any>;
+    };
+    metadata: Record<string, any>;
+}
+/**
+ * Cursor hook events
+ */
+export type CursorHookEvent = "beforeSubmitPrompt" | "beforeShellExecution" | "beforeMCPExecution" | "beforeTabFileRead" | "beforeReadFile" | "afterShellExecution" | "afterMCPExecution" | "afterFileEdit" | "afterTabFileEdit" | "afterAgentResponse" | "afterAgentThought" | "stop";
+/**
+ * Claude Code hook events
+ */
+export type ClaudeCodeHookEvent = "UserPromptSubmit" | "PreToolUse" | "PostToolUse";
+/**
+ * GitHub Copilot Agent hook events
+ * See: https://docs.github.com/en/copilot/how-tos/use-copilot-agents/coding-agent/use-hooks
+ */
+export type GitHubCopilotHookEvent = "sessionStart" | "sessionEnd" | "userPromptSubmitted" | "preToolUse" | "postToolUse" | "errorOccurred";
+/**
+ * All hook events (union of all IDE hook events)
+ */
+export type HookEvent = CursorHookEvent | ClaudeCodeHookEvent | GitHubCopilotHookEvent;
+/**
+ * Hook category
+ */
+export type HookCategory = "before" | "after" | "stop";
+/**
+ * Detailed finding from a detection engine
+ */
+export interface GuardrailResult {
+    rule: string;
+    namespace?: string;
+    severity: string;
+    message: string;
+    category: string;
+    matched_content?: string;
+    matched_patterns?: string[];
+    match_location?: {
+        offset?: number;
+        length?: number;
+    };
+    recommendation?: string;
+    reference?: string;
+    confidence?: string;
+    metadata?: Record<string, unknown>;
+    tags?: string[];
+}
+/**
+ * Detection engine result (YARA, Javelin)
+ * Detection engines find threats but don't make blocking decisions
+ * from src/engine/remote.ts
+ */
+export interface DetectionResult {
+    engine: "yara-local" | "javelin-remote";
+    called: boolean;
+    duration_ms: number;
+    findings: GuardrailResult[];
+    raw_response?: unknown;
+    error?: string;
+}
+/**
+ * Policy metadata describing a Cedar policy rule
+ */
+export interface PolicyMetadata {
+    id: string;
+    description: string;
+    severity: string;
+    category: string;
+    frameworks?: string[];
+}
+/**
+ * Cedar request context - the principal, action, and resource evaluated
+ */
+export interface CedarRequestContext {
+    principal: {
+        type: string;
+        id: string;
+    };
+    action: string;
+    resource: {
+        type: string;
+        id: string;
+    };
+}
+/**
+ * Policy decision from Cedar
+ * Decision engine determines allow/deny based on policy + threat context
+ */
+export interface PolicyDecision {
+    engine: "cedar-policy";
+    called: boolean;
+    duration_ms: number;
+    effect: "allow" | "deny";
+    reason: string;
+    determining_policies: string[];
+    policy_details?: Record<string, PolicyMetadata>;
+    request_context?: CedarRequestContext;
+    context_used: {
+        threats_detected: number;
+        highest_severity: string;
+        categories: string[];
+    };
+    error?: string;
+}
+/**
+ * Individual threat detail in threat summary
+ */
+export interface ThreatDetail {
+    rule: string;
+    severity: string;
+    category: string;
+    source: "yara-local" | "javelin-remote";
+    message: string;
+    matched_content?: string;
+    matched_patterns?: string[];
+    match_location?: {
+        offset?: number;
+        length?: number;
+    };
+    reference?: string;
+}
+/**
+ * Aggregated threat summary from all detection engines
+ */
+export interface ThreatSummary {
+    total_count: number;
+    by_severity: {
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+    };
+    by_category: Record<string, number>;
+    by_source: {
+        yara_local: number;
+        javelin_remote: number;
+    };
+    highest_severity: "critical" | "high" | "medium" | "low" | "none";
+    threat_list: ThreatDetail[];
+}
+/**
+ * @deprecated Use DetectionResult for detection engines, PolicyDecision for Cedar
+ */
+export interface EvaluationRecord {
+    engine: "javelin-remote" | "yara-local" | "cedar-policy";
+    called: boolean;
+    duration_ms: number;
+    decision: "allow" | "deny" | "monitor";
+    findings: GuardrailResult[];
+    error?: string;
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Hook event record for storage/analytics
+ */
+export interface HookEventRecord {
+    id: string;
+    timestamp: string;
+    source: IDESource;
+    event: string;
+    hook_category: HookCategory;
+    user_id?: string;
+    user_email?: string;
+    workspace?: string;
+    ide_version?: string;
+    model?: string;
+    is_mcp_call?: boolean;
+    mcp_server_name?: string;
+    mcp_tool_name?: string;
+    input: Record<string, unknown>;
+    evaluations: DetectionResult[];
+    threat_summary: ThreatSummary;
+    decision: PolicyDecision;
+    allowed: boolean;
+    response: Record<string, unknown>;
+    total_duration_ms: number;
+    content_length?: number;
+}
+/**
+ * MCP scan record for storage/analytics
+ */
+export interface ScanRecord {
+    id: string;
+    timestamp: string;
+    source: IDESource;
+    total_servers: number;
+    total_issues: number;
+    max_severity?: string;
+    raw: Record<string, unknown>;
+}
+//# sourceMappingURL=events.d.ts.map

package/dist/types/events.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.d.ts","sourceRoot":"","sources":["../../src/types/events.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,MAAM,SAAS,GACnB,QAAQ,GACR,YAAY,GACZ,gBAAgB,GAChB,WAAW,GACX,aAAa,GACb,MAAM,CAAC;AAET;;;;;;;GAOG;AACH,MAAM,MAAM,cAAc,GACtB,QAAQ,GACR,MAAM,GACN,KAAK,GACL,SAAS,CAAC;AAEd;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAE7B,EAAE,EAAE,MAAM,CAAC;IAGX,IAAI,EAAE,cAAc,CAAC;IAIrB,OAAO,EAAE,MAAM,CAAC;IAGhB,MAAM,EAAE,SAAS,CAAC;IAGlB,OAAO,EAAE;QACP,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,SAAS,CAAC,EAAE,MAAM,CAAC;QAEnB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;KACjC,CAAC;IAGF,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,MAAM,eAAe,GACvB,oBAAoB,GACpB,sBAAsB,GACtB,oBAAoB,GACpB,mBAAmB,GACnB,gBAAgB,GAChB,qBAAqB,GACrB,mBAAmB,GACnB,eAAe,GACf,kBAAkB,GAClB,oBAAoB,GACpB,mBAAmB,GACnB,MAAM,CAAC;AAEX;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAC3B,kBAAkB,GAClB,YAAY,GACZ,aAAa,CAAC;AAElB;;;GAGG;AACH,MAAM,MAAM,sBAAsB,GAC9B,cAAc,GACd,YAAY,GACZ,qBAAqB,GACrB,YAAY,GACZ,aAAa,GACb,eAAe,CAAC;AAEpB;;GAEG;AACH,MAAM,MAAM,SAAS,GACjB,eAAe,GACf,mBAAmB,GACnB,sBAAsB,CAAC;AAE3B;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,OAAO,GAAG,MAAM,CAAC;AAEvD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IAGjB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,cAAc,CAAC,EAAE;QAEf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,YAAY,GAAG,gBAAgB,CAAC;IACxC,MAAM,EAAE,OAAO,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,EAAE,EAAE,MAAM,CAAC;KACZ,CAAC;IACF,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,EAAE,EAAE,MAAM,CAAC;KACZ,CAAC;CACH;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,cAAc,CAAC;IACvB,MAAM,EAAE,OAAO,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,OAAO,GAAG,MAAM,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAChD,eAAe,CAAC,EAAE,mBAAmB,CAAC;IACtC,YAAY,EAAE;QAEZ,gBAAgB,EAAE,MAAM,CAAC;QACzB,gBAAgB,EAAE,MAAM,CAAC;QACzB,UAAU,EAAE,MAAM,EAAE,CAAC;KACtB,CAAC;IACF,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,YAAY,GAAG,gBAAgB,CAAC;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,cAAc,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACtD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE;QACX,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;KACb,CAAC;IACF,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpC,SAAS,EAAE;QACT,UAAU,EAAE,MAAM,CAAC;QACnB,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;IACF,gBAAgB,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;IAClE,WAAW,EAAE,YAAY,EAAE,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,gBAAgB,GAAG,YAAY,GAAG,cAAc,CAAC;IACzD,MAAM,EAAE,OAAO,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAAC;IACvC,QAAQ,EAAE,eAAe,EAAE,CAAC;IAC5B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAGlB,MAAM,EAAE,SAAS,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,YAAY,CAAC;IAG5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IAGf,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;IAGvB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAG/B,WAAW,EAAE,eAAe,EAAE,CAAC;IAG/B,cAAc,EAAE,aAAa,CAAC;IAG9B,QAAQ,EAAE,cAAc,CAAC;IAGzB,OAAO,EAAE,OAAO,CAAC;IAGjB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAGlC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,SAAS,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B"}

package/dist/types/index.d.ts

@@ -0,0 +1,6 @@
+export * from "./config";
+export * from "./requests";
+export * from "./responses";
+export * from "./events";
+export * from "./remote-policy";
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/types/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,UAAU,CAAC;AACzB,cAAc,iBAAiB,CAAC"}

package/dist/types/remote-policy.d.ts

@@ -0,0 +1,129 @@
+/**
+ * Remote policy types for Guardian
+ *
+ * These types support fetching and managing Cedar policies from the
+ * highflame-admin backend, enabling IDE-specific policy configuration.
+ */
+/**
+ * Remote policy configuration
+ */
+export interface RemotePolicyConfig {
+    /** Enable remote policy fetching */
+    enabled: boolean;
+    /** Polling interval in milliseconds (default: 5 minutes) */
+    pollIntervalMs: number;
+}
+/**
+ * Application from admin API (code_agent type)
+ */
+export interface CodeAgentApplication {
+    /** Application UUID */
+    uuid: string;
+    /** Application name (e.g., "cursor-guardian") */
+    name: string;
+    /** Application type (should be "code_agent") */
+    type: string;
+    /** IDE type this application is for */
+    ide_type?: string;
+    /** Whether the application is active */
+    is_active: boolean;
+    /** Application description */
+    description?: string;
+    /** Application configuration */
+    config?: Record<string, unknown>;
+}
+/**
+ * Cedar policy from admin API
+ */
+export interface RemoteCedarPolicy {
+    /** Policy UUID */
+    uuid: string;
+    /** Policy name */
+    name: string;
+    /** Cedar policy content (the actual policy text) */
+    policy_content: string;
+    /** Associated application ID */
+    application_id?: string;
+    /** IDE type this policy is for */
+    ide_type?: string;
+    /** Policy version */
+    version?: string;
+    /** Last updated timestamp */
+    updated_at: string;
+}
+/**
+ * Installation event payload sent to admin API
+ */
+export interface InstallationEvent {
+    /** User identifier */
+    user_id: string;
+    /** User email address */
+    user_email: string;
+    /** IDE type (cursor, claudecode, github_copilot) */
+    ide_type: string;
+    /** Guardian version */
+    version: string;
+    /** Event timestamp (ISO string) */
+    timestamp: string;
+}
+/**
+ * Policy mapping for IDE-specific policies
+ * Uses index signature to allow any IDESource string key
+ */
+export interface PolicyMapping {
+    cursor?: PolicyMappingEntry;
+    claudecode?: PolicyMappingEntry;
+    github_copilot?: PolicyMappingEntry;
+    [ide: string]: PolicyMappingEntry | undefined;
+}
+/**
+ * Single policy mapping entry
+ */
+export interface PolicyMappingEntry {
+    /** Associated application ID */
+    applicationId: string;
+    /** Cedar policy content */
+    policyContent: string;
+    /** Last updated timestamp */
+    lastUpdated: string;
+    /** Policy version */
+    version?: string;
+}
+/**
+ * Admin API response for applications
+ */
+export interface ApplicationsResponse {
+    applications: CodeAgentApplication[];
+    total: number;
+}
+/**
+ * Admin API response for policies
+ */
+export interface PoliciesResponse {
+    policies: RemoteCedarPolicy[];
+    total: number;
+}
+/**
+ * Admin API response for installations
+ */
+export interface InstallationsResponse {
+    installations: InstallationInfo[];
+    total: number;
+}
+/**
+ * Installation info from admin API
+ */
+export interface InstallationInfo {
+    id: string;
+    user_id: string;
+    user_email: string;
+    ide_type: string;
+    version: string;
+    first_seen_at: string;
+    last_seen_at: string;
+}
+/**
+ * Default remote policy configuration
+ */
+export declare const DEFAULT_REMOTE_POLICY_CONFIG: RemotePolicyConfig;
+//# sourceMappingURL=remote-policy.d.ts.map

package/dist/types/remote-policy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"remote-policy.d.ts","sourceRoot":"","sources":["../../src/types/remote-policy.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,oCAAoC;IACpC,OAAO,EAAE,OAAO,CAAC;IAEjB,4DAA4D;IAC5D,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,uBAAuB;IACvB,IAAI,EAAE,MAAM,CAAC;IAEb,iDAAiD;IACjD,IAAI,EAAE,MAAM,CAAC;IAEb,gDAAgD;IAChD,IAAI,EAAE,MAAM,CAAC;IAEb,uCAAuC;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,wCAAwC;IACxC,SAAS,EAAE,OAAO,CAAC;IAEnB,8BAA8B;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB,gCAAgC;IAChC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IAEb,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IAEb,oDAAoD;IACpD,cAAc,EAAE,MAAM,CAAC;IAEvB,gCAAgC;IAChC,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,kCAAkC;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,qBAAqB;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,sBAAsB;IACtB,OAAO,EAAE,MAAM,CAAC;IAEhB,yBAAyB;IACzB,UAAU,EAAE,MAAM,CAAC;IAEnB,oDAAoD;IACpD,QAAQ,EAAE,MAAM,CAAC;IAEjB,uBAAuB;IACvB,OAAO,EAAE,MAAM,CAAC;IAEhB,mCAAmC;IACnC,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,kBAAkB,CAAC;IAC5B,UAAU,CAAC,EAAE,kBAAkB,CAAC;IAChC,cAAc,CAAC,EAAE,kBAAkB,CAAC;IACpC,CAAC,GAAG,EAAE,MAAM,GAAG,kBAAkB,GAAG,SAAS,CAAC;CAC/C;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,gCAAgC;IAChC,aAAa,EAAE,MAAM,CAAC;IAEtB,2BAA2B;IAC3B,aAAa,EAAE,MAAM,CAAC;IAEtB,6BAA6B;IAC7B,WAAW,EAAE,MAAM,CAAC;IAEpB,qBAAqB;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,YAAY,EAAE,oBAAoB,EAAE,CAAC;IACrC,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,aAAa,EAAE,gBAAgB,EAAE,CAAC;IAClC,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,eAAO,MAAM,4BAA4B,EAAE,kBAG1C,CAAC"}