@ironbee-ai/cli 0.21.2 → 0.23.0

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 0.23.0 (2026-06-13)
+
+### Features
+
+* **auth:** add OAuth support ([#23](https://github.com/ironbee-ai/ironbee-cli/issues/23)) ([20b650c](https://github.com/ironbee-ai/ironbee-cli/commit/20b650c75ca1b8c77cf7cc21dfa06a6b9a103532))
+
+## 0.22.0 (2026-06-12)
+
+### Features
+
+* android platform support ([#25](https://github.com/ironbee-ai/ironbee-cli/issues/25)) ([f155488](https://github.com/ironbee-ai/ironbee-cli/commit/f155488bcb595895ce0b4b6383207a9e5466a41b))
+
 ## 0.21.2 (2026-06-09)
 
 ### Features

package/dist/assets/auth.html

@@ -0,0 +1,79 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <title>{{TITLE}} — IronBee</title>
+  <style>
+    *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+    body {
+      font-family: system-ui, -apple-system, sans-serif;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      min-height: 100vh;
+      background: #0f0f11;
+      color: #e5e5e5;
+    }
+    .container {
+      display: flex;
+      flex-direction: column;
+      align-items: center;
+      gap: 16px;
+      max-width: 840px;
+      padding: 2.5rem;
+      text-align: center;
+    }
+    .logo {
+      width: 288px;
+      height: 288px;
+      opacity: 0.95;
+    }
+    h1 {
+      font-size: 1.6rem;
+      font-weight: 700;
+      color: #e5e5e5;
+      letter-spacing: -0.3px;
+    }
+    p {
+      color: #888;
+      font-size: 0.9rem;
+      line-height: 1.6;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <svg class="logo" viewBox="0 0 500 500" fill="none" xmlns="http://www.w3.org/2000/svg" aria-label="IronBee">
+      <path d="M217.557 138.711C211.185 166.725 218.839 188.038 224.039 201.771L249.307 154.531L275.674 201.771C285.561 179.579 286.328 161.013 281.167 135.964C277.431 117.837 259.744 95.3889 249.307 84C241.91 92.6058 222.355 117.618 217.557 138.711Z" fill="url(#g0)"/>
+      <path d="M249.527 416C223.951 394.731 206.425 358.067 202.396 343.052L249.527 381.394L272.378 362.937L295.559 343.052C290.988 371.089 262.417 403.805 249.527 416Z" fill="url(#g1)"/>
+      <path d="M220.854 231.434L250.077 171.12L279.629 231.434L250.077 256.153L220.854 231.434Z" fill="url(#g2)"/>
+      <path d="M298.525 286.804C302.568 301.218 299.258 322.399 297.097 331.188L273.587 350.303L249.857 369.749L225.907 349.754L202.397 331.188C197.387 320.465 200.31 297.131 202.397 286.804L249.857 324.486L298.525 286.804Z" fill="url(#g3)"/>
+      <path d="M249.856 313.609L203.495 275.268C203.495 263.315 211.552 247.29 215.58 240.771L249.856 267.028L284.573 240.771C291.955 248.066 296.071 266.809 297.207 275.268L249.856 313.609Z" fill="url(#g4)"/>
+      <path d="M215.909 165.298C215.36 179.579 220.853 193.752 224.039 201.771L236.563 178.481L249.307 154.531L275.674 201.881C280.947 190.785 284.902 174.526 284.133 167.275C281.277 147.061 274.136 138.052 264.138 125.638C255.679 132.01 244.847 132.141 235.355 125.638C223.38 137.613 216.568 156.289 215.909 165.298Z" fill="url(#g5)" fill-opacity="0.7"/>
+      <path d="M249.856 347.996L202.396 286.804L249.856 324.486L298.525 286.804L249.856 347.996Z" fill="#333941" fill-opacity="0.64"/>
+      <path d="M249.527 292.296L215.58 240.771L249.857 267.028L284.573 240.771L249.527 292.296Z" fill="#333941" fill-opacity="0.35"/>
+      <path d="M249.419 404.685L202.396 343.053L249.419 381.614L295.559 343.053L249.419 404.685Z" fill="#0F0F0F" fill-opacity="0.1"/>
+      <path d="M285.482 209.139C297.06 183.136 300.205 166.929 294.24 132.4L346.304 224.989L319.38 218.541L350.314 284.253C319.826 267.918 305.852 251.479 285.482 209.139Z" fill="url(#g6)"/>
+      <path d="M214.785 209.139C203.206 183.136 200.062 166.929 206.027 132.4L153.963 224.989L180.887 218.541L149.953 284.253C180.44 267.918 194.414 251.479 214.785 209.139Z" fill="url(#g7)"/>
+      <path d="M458.055 281.287L306.25 134.086L375.851 242.958L344.516 235.599L359.745 289.281C390.46 298.849 431.254 294.285 458.055 281.287Z" fill="url(#g8)"/>
+      <path d="M42.2112 281.287L194.017 134.086L124.415 242.958L155.75 235.599L140.521 289.281C109.807 298.849 69.0124 294.285 42.2112 281.287Z" fill="url(#g9)"/>
+      <path d="M155.707 235.608C120.279 262.873 94.8569 272.188 42.5488 281.311C69.9036 294.823 110.553 298.339 140.546 289.221L155.707 235.608Z" fill="black" fill-opacity="0.16"/>
+      <path d="M344.558 235.608C380.054 262.765 405.526 272.042 457.935 281.129C430.527 294.588 389.799 298.089 359.748 289.007L344.558 235.608Z" fill="black" fill-opacity="0.16"/>
+      <defs>
+        <linearGradient id="g0" x1="248.978" y1="84" x2="248.978" y2="416" gradientUnits="userSpaceOnUse"><stop stop-color="#E5E5E5"/><stop offset="1" stop-color="#272F39"/></linearGradient>
+        <linearGradient id="g1" x1="248.978" y1="84" x2="248.978" y2="416" gradientUnits="userSpaceOnUse"><stop stop-color="#E5E5E5"/><stop offset="1" stop-color="#272F39"/></linearGradient>
+        <linearGradient id="g2" x1="250.032" y1="171.12" x2="250.032" y2="369.749" gradientUnits="userSpaceOnUse"><stop stop-color="#D9D9D9"/><stop offset="1" stop-color="#272F39"/></linearGradient>
+        <linearGradient id="g3" x1="250.032" y1="171.12" x2="250.032" y2="369.749" gradientUnits="userSpaceOnUse"><stop stop-color="#D9D9D9"/><stop offset="1" stop-color="#272F39"/></linearGradient>
+        <linearGradient id="g4" x1="250.351" y1="240.771" x2="250.351" y2="313.609" gradientUnits="userSpaceOnUse"><stop stop-color="#D9D9D9"/><stop offset="1" stop-color="#272F39"/></linearGradient>
+        <linearGradient id="g5" x1="250.05" y1="125.638" x2="250.05" y2="201.881" gradientUnits="userSpaceOnUse"><stop stop-color="#B1B1B2"/><stop offset="1" stop-color="#343B43"/></linearGradient>
+        <linearGradient id="g6" x1="315.879" y1="132.019" x2="318.569" y2="284.812" gradientUnits="userSpaceOnUse"><stop stop-color="#D9D9D9"/><stop offset="1" stop-color="#454B54"/></linearGradient>
+        <linearGradient id="g7" x1="184.387" y1="132.019" x2="181.698" y2="284.812" gradientUnits="userSpaceOnUse"><stop stop-color="#D9D9D9"/><stop offset="1" stop-color="#454B54"/></linearGradient>
+        <linearGradient id="g8" x1="380.834" y1="132.773" x2="383.683" y2="294.632" gradientUnits="userSpaceOnUse"><stop stop-color="#D9D9D9"/><stop offset="1" stop-color="#4A5159"/></linearGradient>
+        <linearGradient id="g9" x1="119.433" y1="132.773" x2="116.583" y2="294.632" gradientUnits="userSpaceOnUse"><stop stop-color="#D9D9D9"/><stop offset="1" stop-color="#4A5159"/></linearGradient>
+      </defs>
+    </svg>
+    <h1>{{TITLE}}</h1>
+    {{BODY}}
+  </div>
+</body>
+</html>

package/dist/clients/claude/agents/ironbee-verifier.md

@@ -6,7 +6,7 @@ description: >
   cycle out-of-band — it drives the devtools tools, judges the result, and records the
   verdict in the shared session, then returns a short summary. It does NOT edit code: if it
   finds problems it reports them as issues for the main agent to fix.
-tools: Bash, mcp__browser-devtools__*, mcp__node-devtools__*, mcp__backend-devtools__*
+tools: Bash, mcp__browser-devtools__*, mcp__node-devtools__*, mcp__backend-devtools__*, mcp__android-devtools__*
 ---
 
 # IronBee Verifier (delegated verification)
@@ -42,6 +42,12 @@ echo '{"status":"pass","checks":["..."]}' | ironbee hook submit-verdict
    ```
    echo '{}' | ironbee hook verification-start
    ```
+   **If the delegating prompt contains a `Mode: fix` line**, pass the intent
+   along so IronBee's completion gate enforces fix-until-pass on the main agent:
+   ```
+   echo '{}' | ironbee hook verification-start --intent fix
+   ```
+   (No declared mode → plain form as above, no flag.)
 2. Build and start the application **only if it isn't already running** (check
    `docker compose ps` / process output / config — don't guess ports). **Track whether YOU
    started it**: if it was already up, the user or main agent owns it — leave it alone.
@@ -53,7 +59,8 @@ echo '{"status":"pass","checks":["..."]}' | ironbee hook submit-verdict
    this verification*, stop it now before you return — kill the exact process/container you
    launched (e.g. the backgrounded `npm run dev`, the `docker compose up` you ran). **Never
    stop a server that was already running** (user/main-agent-owned). Also honor any
-   cycle-specific teardown (e.g. `bdt_content_stop-recording`) BEFORE submitting your verdict.
+   cycle-specific teardown noted in the platform sections (e.g. stopping an active screen
+   recording) BEFORE submitting your verdict.
 5. **Submit your verdict immediately** — do NOT wait:
    ```
    echo '<verdict-json>' | ironbee hook submit-verdict
@@ -76,3 +83,6 @@ echo '{"status":"pass","checks":["..."]}' | ironbee hook submit-verdict
 
 <!--IRONBEE:PLATFORM:backend-->
 <!--/IRONBEE:PLATFORM:backend-->
+
+<!--IRONBEE:PLATFORM:android-->
+<!--/IRONBEE:PLATFORM:android-->

package/dist/clients/claude/commands/ironbee-verify.md

@@ -1,18 +1,28 @@
 ---
-argument-hint: "[scenario text | path to scenario file]"
-description: Delegate verification of the current code changes to the ironbee-verifier sub-agent; optionally pass a custom scenario (inline text or a file path) that defines what to verify.
+argument-hint: "[fix|report] [scenario text | path to scenario file]"
+description: Delegate verification of the current code changes to the ironbee-verifier sub-agent. Default is verify-only (report the verdict and stop); a leading `fix` argument adds the fix-and-re-verify loop until pass. Optionally pass a custom scenario (inline text or a file path) that defines what to verify.
 ---
 
 # IronBee Verify
 
-Verify the current code changes by **delegating to the `ironbee-verifier` sub-agent**. It drives the verification tools out-of-band in this **shared session** and returns a verdict summary — so the heavy devtools output (DOM, console, screenshots) stays in its context, not yours. **You do not run the verification tools yourself**: you resolve the scenario (below), spawn the verifier, and relay its result. The gate still runs every active cycle and all must pass for `status: pass`.
+Verify the current code changes by **delegating to the `ironbee-verifier` sub-agent**. It drives the verification tools out-of-band in this **shared session** and returns a verdict summary — so the heavy devtools output (DOM, console, screenshots) stays in its context, not yours. **You do not run the verification tools yourself**: you resolve the mode and scenario (below), spawn the verifier, and relay its result. The gate still runs every active cycle and all must pass for `status: pass`.
+
+## Mode
+
+The FIRST whitespace-delimited token of the arguments selects the mode; everything after it is the scenario:
+
+- `fix` → **verify-and-fix**: on a fail verdict, fix the reported issues and re-delegate until the verdict passes.
+- `report` → **verify-only** (the explicit form of the default).
+- Anything else, or no arguments → **verify-only** (default), and the WHOLE argument string is the scenario.
+
+**Verify-only** means: relay the verdict and STOP — do **not** edit code, do **not** re-delegate on fail. The fail verdict is still submitted and recorded (that's the point — an honest status report). If the user wants the issues repaired, suggest `/ironbee-verify fix`. One caveat (enforce mode): if code was edited earlier in THIS turn, the Stop gate may still block on the fail verdict and demand fixes — follow the gate then; the mode token never overrides enforcement.
 
 ## Verification scenario
 
 A custom verification scenario may be supplied when this command is invoked — either as **inline text** or as a **path to a file** (any location, any format; read at run time).
 
-> Scenario argument: `$ARGUMENTS`
-> *(empty if none — when empty, the verifier uses its default flow)*
+> Mode + scenario argument: `$ARGUMENTS`
+> *(strip a leading `fix` / `report` mode token first — the remainder is the scenario; empty remainder → the verifier uses its default flow)*
 
 - **If a scenario is supplied, it is authoritative**: the verifier must verify exactly what it describes, exercising precisely the flows/states/endpoints it names — this **replaces** the default "exercise the changed pages/endpoints" guidance.
 - **If the scenario is (or points to) a file path**, read that file with your file-read tool yourself and pass its **contents** into the verifier's prompt (the verifier has no file-read tool). Do not assume a fixed location or format — read whatever path was given.
@@ -21,17 +31,20 @@ A custom verification scenario may be supplied when this command is invoked —
 
 ## Steps
 
-1. **Resolve the scenario**: file path → read it now; inline text → use as-is; empty → none.
-2. **Spawn the verifier** via the Agent tool with `subagent_type: "ironbee-verifier"` and a prompt that states the task plus the resolved scenario, e.g.:
+1. **Resolve the mode and scenario**: strip a leading `fix` / `report` token (see **Mode**); then file path → read it now; inline text → use as-is; empty → none.
+2. **Spawn the verifier** via the Agent tool with `subagent_type: "ironbee-verifier"` and a prompt that states the task, the mode, and the resolved scenario, e.g.:
    > Verify the current code changes.
+   > Mode: \<`fix` in fix mode — OMIT this line entirely in verify-only mode>
    > Scenario: \<the resolved scenario text, or "none — exercise the changed pages/endpoints">
-   The verifier runs `verification-start` → drives every active cycle's tools → submits the single verdict, all in this shared session. It resolves the session id from the environment, so you don't pass one.
+   The verifier runs `verification-start` (relaying the fix intent to IronBee's completion gate, which then enforces fix-until-pass on you) → drives every active cycle's tools → submits the single verdict, all in this shared session. It resolves the session id from the environment, so you don't pass one.
 3. **Relay the verifier's summary** — the verdict status and, on fail, the issues it found.
-4. **If it FAILED**: fix the issues it reported. Optionally record what you fixed so the next pass verdict can describe it:
-   ```
-   echo '{"fixes":["what you repaired"]}' | ironbee hook record-fix
-   ```
-   Then re-run `/ironbee-verify` to re-delegate. (If you skip `record-fix`, IronBee fills `fixes` from the files you changed since the fail.)
+4. **On a fail verdict, branch by mode**:
+   - **Verify-only (default)**: stop here. Report the issues clearly and suggest `/ironbee-verify fix` to repair them. Do not edit code.
+   - **Fix mode (`fix` token)**: fix the issues it reported. Optionally record what you fixed so the next pass verdict can describe it:
+     ```
+     echo '{"fixes":["what you repaired"]}' | ironbee hook record-fix
+     ```
+     Then re-run the verification by re-delegating (step 2) — repeat until the verdict passes. (If you skip `record-fix`, IronBee fills `fixes` from the files you changed since the fail.)
 
 Do NOT verify inline — always delegate, so your context stays clean. The per-cycle "how to verify" detail (which tools to drive, the verdict expectations) lives in the `ironbee-verifier` sub-agent itself — you don't need it here to delegate.
 
@@ -43,6 +56,6 @@ Do NOT verify inline — always delegate, so your context stays clean. The per-c
 - Its `checks` are specific observations (e.g. `"submitted valid credentials, redirected to /dashboard"`, `"console clean — 0 errors"`), not `"it works"`.
 
 ## Important
-- The **verifier** produces the verdict; your job is to delegate, relay it, and fix on fail.
-- A fail verdict means you must fix the issues and re-delegate — do not just report and stop.
+- The **verifier** produces the verdict; your job is to delegate, relay it, and — in fix mode — fix on fail.
+- **Fix mode only**: a fail verdict means you must fix the issues and re-delegate until pass. In verify-only mode (the default) you report and stop — fixing without the `fix` token is overstepping.
 - Never verify inline to "save a round trip" — delegation keeps your context clean and is the supported path.

package/dist/clients/claude/hooks/activity-start.js

@@ -1 +1 @@
-"use strict";var r=Object.defineProperty;var d=Object.getOwnPropertyDescriptor;var l=Object.getOwnPropertyNames;var g=Object.prototype.hasOwnProperty;var a=(t,s)=>r(t,"name",{value:s,configurable:!0});var f=(t,s)=>{for(var e in s)r(t,e,{get:s[e],enumerable:!0})},b=(t,s,e,o)=>{if(s&&typeof s=="object"||typeof s=="function")for(let i of l(s))!g.call(t,i)&&i!==e&&r(t,i,{get:()=>s[i],enumerable:!(o=d(s,i))||o.enumerable});return t};var S=t=>b(r({},"__esModule",{value:!0}),t);var C={};f(C,{run:()=>$});module.exports=S(C);var u=require("../../../hooks/core/activity"),n=require("../../../lib/logger"),p=require("../../../lib/stdin"),m=require("../../../otel/claude/daemon/ensure");async function $(t){let s;try{s=JSON.parse((0,p.readStdin)())}catch(c){n.logger.debug(`failed to parse stdin: ${c}`),process.exit(0)}const e=s.session_id??"default",o=`${t}/.ironbee/sessions/${e}`;(0,n.setLogFile)(`${o}/session.log`);const i=`${o}/actions.jsonl`;await(0,u.startActivity)({sessionDir:o,actionsFile:i,source:"user_prompt"}),await(0,m.ensureOTELCollector)(t),process.exit(0)}a($,"run");0&&(module.exports={run});
+"use strict";var r=Object.defineProperty;var f=Object.getOwnPropertyDescriptor;var g=Object.getOwnPropertyNames;var b=Object.prototype.hasOwnProperty;var a=(s,t)=>r(s,"name",{value:t,configurable:!0});var S=(s,t)=>{for(var e in t)r(s,e,{get:t[e],enumerable:!0})},$=(s,t,e,o)=>{if(t&&typeof t=="object"||typeof t=="function")for(let i of g(t))!b.call(s,i)&&i!==e&&r(s,i,{get:()=>t[i],enumerable:!(o=f(t,i))||o.enumerable});return s};var w=s=>$(r({},"__esModule",{value:!0}),s);var A={};S(A,{run:()=>y});module.exports=w(A);var p=require("../../../hooks/core/actions"),m=require("../../../hooks/core/activity"),c=require("../../../hooks/core/session-state"),n=require("../../../lib/logger"),u=require("../../../lib/stdin"),d=require("../../../otel/claude/daemon/ensure");async function y(s){let t;try{t=JSON.parse((0,u.readStdin)())}catch(l){n.logger.debug(`failed to parse stdin: ${l}`),process.exit(0)}const e=t.session_id??"default",o=`${s}/.ironbee/sessions/${e}`;(0,n.setLogFile)(`${o}/session.log`);const i=`${o}/actions.jsonl`;await(0,c.reconcileAbandonedActivity)(o,i,p.appendAction),await(0,m.startActivity)({sessionDir:o,actionsFile:i,source:"user_prompt"}),await(0,d.ensureOTELCollector)(s),process.exit(0)}a(y,"run");0&&(module.exports={run});

package/dist/clients/claude/hooks/require-verdict.js

@@ -1,7 +1,7 @@
-"use strict";var a=Object.defineProperty;var $=Object.getOwnPropertyDescriptor;var x=Object.getOwnPropertyNames;var y=Object.prototype.hasOwnProperty;var _=(e,o)=>a(e,"name",{value:o,configurable:!0});var T=(e,o)=>{for(var i in o)a(e,i,{get:o[i],enumerable:!0})},w=(e,o,i,t)=>{if(o&&typeof o=="object"||typeof o=="function")for(let s of x(o))!y.call(e,s)&&s!==i&&a(e,s,{get:()=>o[s],enumerable:!(t=$(o,s))||t.enumerable});return e};var I=e=>w(a({},"__esModule",{value:!0}),e);var E={};T(E,{run:()=>k});module.exports=I(E);var d=require("fs"),b=require("../../../hooks/core/actions"),h=require("../../../hooks/core/activity"),C=require("../../../hooks/core/tool-use-stash"),l=require("../../../lib/config"),n=require("../../../lib/logger"),v=require("../../../lib/stdin");async function k(e,o){const i=o?.soft===!0;let t;try{t=JSON.parse((0,v.readStdin)())}catch(c){n.logger.debug(`failed to parse stdin: ${c}`),process.exit(0)}const s=t.session_id??"default";(0,n.setLogFile)(`${e}/.ironbee/sessions/${s}/session.log`);const u=`${e}/.ironbee/sessions/${s}`,f=`${u}/actions.jsonl`;!i&&(0,b.hasToolCallsSinceLastVerdict)(f)&&(process.stderr.write(`BLOCKED: You used verification tools (browser-devtools / node-devtools / backend-devtools) but did not submit a verdict. You MUST submit a verdict (pass or fail) before editing code.
+"use strict";var a=Object.defineProperty;var $=Object.getOwnPropertyDescriptor;var x=Object.getOwnPropertyNames;var y=Object.prototype.hasOwnProperty;var _=(e,o)=>a(e,"name",{value:o,configurable:!0});var T=(e,o)=>{for(var i in o)a(e,i,{get:o[i],enumerable:!0})},w=(e,o,i,t)=>{if(o&&typeof o=="object"||typeof o=="function")for(let s of x(o))!y.call(e,s)&&s!==i&&a(e,s,{get:()=>o[s],enumerable:!(t=$(o,s))||t.enumerable});return e};var I=e=>w(a({},"__esModule",{value:!0}),e);var E={};T(E,{run:()=>k});module.exports=I(E);var d=require("fs"),b=require("../../../hooks/core/actions"),h=require("../../../hooks/core/activity"),v=require("../../../hooks/core/tool-use-stash"),l=require("../../../lib/config"),n=require("../../../lib/logger"),C=require("../../../lib/stdin");async function k(e,o){const i=o?.soft===!0;let t;try{t=JSON.parse((0,C.readStdin)())}catch(c){n.logger.debug(`failed to parse stdin: ${c}`),process.exit(0)}const s=t.session_id??"default";(0,n.setLogFile)(`${e}/.ironbee/sessions/${s}/session.log`);const u=`${e}/.ironbee/sessions/${s}`,f=`${u}/actions.jsonl`;!i&&(0,b.hasToolCallsSinceLastVerdict)(f)&&(process.stderr.write(`BLOCKED: You used verification tools (browser-devtools / node-devtools / backend-devtools / android-devtools) but did not submit a verdict. You MUST submit a verdict (pass or fail) before editing code.
 
 Submit your verdict first:
   echo '{"session_id":"${s}","status":"fail","checks":["..."],"issues":["describe what failed"]}' | ironbee hook submit-verdict
 
 Then you can edit code to fix the issues.
-`),process.exit(2));const r=t.tool_input?.file_path;if(r&&t.tool_use_id){const c=(0,l.loadConfig)(e),p=(0,l.getCaptureFileChangeset)(c),g=(0,d.existsSync)(r);if(t.tool_name==="Write"||t.tool_name==="Edit"&&p){const m={file_existed:g};if(p&&g)try{m.prior_content=(0,d.readFileSync)(r,"utf-8")}catch(S){n.logger.debug(`failed to pre-read ${r} for changeset capture: ${S}`)}(0,C.stashToolUseData)(s,t.tool_use_id,m)}}await(0,h.startActivity)({sessionDir:u,actionsFile:f,source:"pre_tool_use"}),process.exit(0)}_(k,"run");0&&(module.exports={run});
+`),process.exit(2));const r=t.tool_input?.file_path;if(r&&t.tool_use_id){const c=(0,l.loadConfig)(e),p=(0,l.getCaptureFileChangeset)(c),g=(0,d.existsSync)(r);if(t.tool_name==="Write"||t.tool_name==="Edit"&&p){const m={file_existed:g};if(p&&g)try{m.prior_content=(0,d.readFileSync)(r,"utf-8")}catch(S){n.logger.debug(`failed to pre-read ${r} for changeset capture: ${S}`)}(0,v.stashToolUseData)(s,t.tool_use_id,m)}}await(0,h.startActivity)({sessionDir:u,actionsFile:f,source:"pre_tool_use"}),process.exit(0)}_(k,"run");0&&(module.exports={run});

package/dist/clients/claude/hooks/require-verification.js

@@ -1,17 +1,17 @@
-"use strict";var l=Object.defineProperty;var V=Object.getOwnPropertyDescriptor;var K=Object.getOwnPropertyNames;var B=Object.prototype.hasOwnProperty;var S=(t,o)=>l(t,"name",{value:o,configurable:!0});var F=(t,o)=>{for(var s in o)l(t,s,{get:o[s],enumerable:!0})},L=(t,o,s,n)=>{if(o&&typeof o=="object"||typeof o=="function")for(let e of K(o))!B.call(t,e)&&e!==s&&l(t,e,{get:()=>o[e],enumerable:!(n=V(o,e))||n.enumerable});return t};var j=t=>L(l({},"__esModule",{value:!0}),t);var W={};F(W,{run:()=>M});module.exports=j(W);var R=require("crypto"),i=require("../../../hooks/core/session-state"),k=require("../../../hooks/core/actions"),y=require("../../../hooks/core/activity"),E=require("../../../hooks/core/verification-lifecycle"),O=require("../../../hooks/core/verification-context"),U=require("../../../lib/config"),u=require("../../../lib/logger"),T=require("../util"),$=require("../../../lib/stdin");const D="browser-devtools";async function M(t,o){const s=o?.soft===!0;let n;try{n=JSON.parse((0,$.readStdin)())}catch(C){u.logger.debug(`failed to parse stdin: ${C}`),process.exit(0)}const e=n.session_id??"default",r=`${t}/.ironbee/sessions/${e}`;(0,u.setLogFile)(`${r}/session.log`);const m=`${r}/actions.jsonl`,_=(0,i.getActiveVerificationId)(r);!_&&!s&&(process.stderr.write(`BLOCKED: You must start a verification cycle before using devtools tools (browser-devtools / node-devtools / backend-devtools).
+"use strict";var u=Object.defineProperty;var V=Object.getOwnPropertyDescriptor;var F=Object.getOwnPropertyNames;var K=Object.prototype.hasOwnProperty;var S=(o,t)=>u(o,"name",{value:t,configurable:!0});var L=(o,t)=>{for(var s in t)u(o,s,{get:t[s],enumerable:!0})},j=(o,t,s,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let e of F(t))!K.call(o,e)&&e!==s&&u(o,e,{get:()=>t[e],enumerable:!(n=V(t,e))||n.enumerable});return o};var B=o=>j(u({},"__esModule",{value:!0}),o);var q={};L(q,{run:()=>M});module.exports=B(q);var w=require("crypto"),i=require("../../../hooks/core/session-state"),R=require("../../../hooks/core/actions"),$=require("../../../hooks/core/activity"),O=require("../../../hooks/core/verification-lifecycle"),E=require("../../../hooks/core/verification-context"),U=require("../../../lib/config"),A=require("../../../lib/recording-tools"),f=require("../../../lib/logger"),v=require("../util"),x=require("../../../lib/stdin");const D="browser-devtools";async function M(o,t){const s=t?.soft===!0;let n;try{n=JSON.parse((0,x.readStdin)())}catch(y){f.logger.debug(`failed to parse stdin: ${y}`),process.exit(0)}const e=n.session_id??"default",r=`${o}/.ironbee/sessions/${e}`;(0,f.setLogFile)(`${r}/session.log`);const _=`${r}/actions.jsonl`,h=(0,i.getActiveVerificationId)(r);!h&&!s&&(process.stderr.write(`BLOCKED: You must start a verification cycle before using devtools tools (browser-devtools / node-devtools / backend-devtools / android-devtools).
 
 Start verification first:
   echo '{"session_id":"${e}"}' | ironbee hook verification-start
 
-Then use the verification tools for the active cycle(s) \u2014 bdt_* for browser, ndt_* for node, bedt_* for backend.
-`),process.exit(2));const v=n.tool_name??"",x=v.startsWith("mcp__browser-devtools__"),A=v.endsWith("bdt_content_start-recording");!s&&x&&(0,i.isRecordingRequired)(r)&&!(0,i.isRecordingActive)(r)&&!A&&(process.stderr.write(`BLOCKED: Recording is required but not started.
+Then use the verification tools for the active cycle(s) \u2014 bdt_* for browser, ndt_* for node, bedt_* for backend, adt_* for android.
+`),process.exit(2));const b=n.tool_name??"",l=(0,A.recordingToolsForServer)((0,v.extractMcpServerName)(b));!s&&l!==null&&(0,i.isRecordingRequired)(r)&&!(0,i.isRecordingActive)(r)&&!b.endsWith(l.startTool)&&(process.stderr.write(`BLOCKED: Recording is required but not started.
 
 1. Start recording NOW:
-     Use mcp__browser-devtools__bdt_content_start-recording
+     Use mcp__${l.server}__${l.startTool}
 
-2. Run the verification (navigate, screenshot, aria, console, etc.)
+2. Run the verification flow for the active cycle(s)
 
 3. **Stop recording BEFORE submitting verdict:**
-     Use mcp__browser-devtools__bdt_content_stop-recording
+     Use mcp__${l.server}__${l.stopTool}
    submit-verdict will reject with "recording is still active" if you skip this.
-`),process.exit(2)),await(0,y.startActivity)({sessionDir:r,actionsFile:m,source:"pre_tool_use"});let c=_;s&&!c&&(c=(await(0,E.startVerification)({sessionId:e,sessionDir:r,actionsFile:m,recordingEnabled:!1})).verificationId);const N=(0,i.getActiveTraceId)(r),f=(0,i.getActiveActivityId)(r),b=(0,k.resolveProjectName)(t),p=[`prj:${b}`,`sid:${e}`];f&&p.push(`aid:${f}`),c&&p.push(`vid:${c}`);const P=`ironbee=${p.join(";")}`,d=(0,U.loadConfig)(t),h={...n.tool_input??{}},a={projectName:b,sessionId:e,activityId:f,verificationId:c,traceId:N,traceState:P,toolCallId:(0,R.randomUUID)()};n.tool_use_id&&(a.toolUseId=n.tool_use_id),a.mcpServer=(0,T.extractMcpServerName)(n.tool_name)??D;const w=(0,i.getUserEmail)(r);w&&(a.userEmail=w),d.collector?.url&&(a.collectorUrl=d.collector.url),d.collector?.apiKey&&(a.collectorApiKey=d.collector.apiKey),h._metadata=a;const g={hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:"allow",updatedInput:h}},I=(0,O.buildVerificationContextOnceForCycle)({projectDir:t,sessionId:e,sessionDir:r,activeVerificationId:c,config:d});I.length>0&&g.hookSpecificOutput&&(g.hookSpecificOutput.additionalContext=I),process.stdout.write(JSON.stringify(g)),process.exit(0)}S(M,"run");0&&(module.exports={run});
+`),process.exit(2)),await(0,$.startActivity)({sessionDir:r,actionsFile:_,source:"pre_tool_use"});let d=h;s&&!d&&(d=(await(0,O.startVerification)({sessionId:e,sessionDir:r,actionsFile:_,recordingEnabled:!1})).verificationId);const N=(0,i.getActiveTraceId)(r),p=(0,i.getActiveActivityId)(r),C=(0,R.resolveProjectName)(o),g=[`prj:${C}`,`sid:${e}`];p&&g.push(`aid:${p}`),d&&g.push(`vid:${d}`);const P=`ironbee=${g.join(";")}`,c=(0,U.loadConfig)(o),I={...n.tool_input??{}},a={projectName:C,sessionId:e,activityId:p,verificationId:d,traceId:N,traceState:P,toolCallId:(0,w.randomUUID)()};n.tool_use_id&&(a.toolUseId=n.tool_use_id),a.mcpServer=(0,v.extractMcpServerName)(n.tool_name)??D;const T=(0,i.getUserEmail)(r);T&&(a.userEmail=T),c.collector?.url&&(a.collectorUrl=c.collector.url),c.collector?.oauthToken?a.collectorOAuthToken=c.collector.oauthToken:c.collector?.apiKey&&(a.collectorApiKey=c.collector.apiKey),I._metadata=a;const m={hookSpecificOutput:{hookEventName:"PreToolUse",permissionDecision:"allow",updatedInput:I}},k=(0,E.buildVerificationContextOnceForCycle)({projectDir:o,sessionId:e,sessionDir:r,activeVerificationId:d,config:c});k.length>0&&m.hookSpecificOutput&&(m.hookSpecificOutput.additionalContext=k),process.stdout.write(JSON.stringify(m)),process.exit(0)}S(M,"run");0&&(module.exports={run});

package/dist/clients/claude/hooks/track-action.js

@@ -1 +1 @@
-"use strict";var y=Object.defineProperty;var F=Object.getOwnPropertyDescriptor;var V=Object.getOwnPropertyNames;var J=Object.prototype.hasOwnProperty;var c=(o,t)=>y(o,"name",{value:t,configurable:!0});var U=(o,t)=>{for(var i in t)y(o,i,{get:t[i],enumerable:!0})},z=(o,t,i,e)=>{if(t&&typeof t=="object"||typeof t=="function")for(let n of V(t))!J.call(o,n)&&n!==i&&y(o,n,{get:()=>t[n],enumerable:!(e=F(t,n))||e.enumerable});return o};var M=o=>z(y({},"__esModule",{value:!0}),o);var ot={};U(ot,{run:()=>Z});module.exports=M(ot);var _=require("../../../hooks/core/actions"),l=require("../../../hooks/core/session-state"),h=require("../../../import/ids"),I=require("../../../lib/config"),s=require("../../../lib/logger"),x=require("../../../lib/stdin"),f=require("../../../queue"),E=require("../util");const k=/callTool\(\s*['"]([^'"]+)['"]/g,N="mcp__browser-devtools__",O="bdt_",W="browser-devtools",X="node-devtools",G="backend-devtools",K=`${O}execute`,Q=`${O}content_start-recording`,Y=`${O}content_stop-recording`;function j(o){return o.startsWith(N)?o:`${N}${o}`}c(j,"toFullName");function q(o,t){if(o[t]!=="{")return;let i=0;for(let e=t;e<o.length;e++)if(o[e]==="{")i++;else if(o[e]==="}"&&(i--,i===0))return o.slice(t,e+1)}c(q,"extractBalancedBraces");function H(o){const t=typeof o=="string"?o:JSON.stringify(o??""),i=[],e=new Set;let n=k.exec(t);for(;n!==null;){const a=j(n[1]);if(!e.has(a)){e.add(a);let d;const g=n.index+n[0].length,p=t.slice(g).trimStart();if(p.startsWith(",")){const m=p.slice(1).trimStart();if(m.startsWith("{")){const u=q(m,0);if(u)try{d=JSON.parse(u)}catch{d=u}}}i.push({name:a,args:d})}n=k.exec(t)}return i}c(H,"extractNestedToolCalls");async function Z(o){let t;try{t=JSON.parse((0,x.readStdin)())}catch(v){s.logger.debug(`failed to parse stdin: ${v}`),process.exit(0)}const i=t.session_id??"default",e=`${o}/.ironbee/sessions/${i}`,n=`${e}/actions.jsonl`;(0,s.setLogFile)(`${e}/session.log`);const a=t.tool_name??"unknown",d=Date.now(),g=t.tool_input&&typeof t.tool_input=="object"&&!Array.isArray(t.tool_input)?{...t.tool_input,_metadata:void 0}:t.tool_input,p=(0,l.getActiveActivityId)(e),m=(0,l.getActiveVerificationId)(e),u=(0,l.getActiveTraceId)(e),r=(0,E.classifyTool)(a,t.tool_input),w=r.tool_type==="mcp"&&r.mcp_server===W,L=r.tool_type==="mcp"&&r.mcp_server===X,B=r.tool_type==="mcp"&&r.mcp_server===G,S=w||L||B,P=S?g:(0,E.extractClaudeToolInput)(a,g),C=typeof t.error=="string"&&t.error.length>0?t.error:void 0,T=C?t.is_interrupt?`interrupted: ${C}`:C:void 0,R={...(0,_.baseFields)(n),type:"tool_call",timestamp:d,tool_name:r.tool_name,tool_type:r.tool_type,tool_use_id:t.tool_use_id,tool_input:P,tool_input_size:$(g),tool_response:T?void 0:t.tool_response,tool_response_size:$(T?void 0:t.tool_response),activity_id:p,verification_id:m,trace_id:u,duration:typeof t.duration_ms=="number"?t.duration_ms:null,mcp_server:r.mcp_server,error:T};if(t.tool_use_id!==void 0&&t.tool_use_id.length>0&&(R.id=(0,h.deriveToolCallEventIdFromToolUseId)(i,t.tool_use_id)),S?(await(0,_.appendAction)(n,R),w&&(r.tool_name===Q?((0,l.setRecordingActive)(e,!0),s.logger.debug("track-action: recording started")):r.tool_name===Y&&((0,l.setRecordingActive)(e,!1),s.logger.debug("track-action: recording stopped")))):tt(o,i,R),s.logger.debug(`track-action: ${a}${T?" (failed)":""}`),w&&r.tool_name===K&&!T){const v=H(t.tool_input);for(const b of v){const A=(0,E.classifyTool)(b.name,b.args),D={...(0,_.baseFields)(n),type:"tool_call",timestamp:d,tool_name:A.tool_name,tool_type:A.tool_type,tool_input:b.args,activity_id:p,verification_id:m,trace_id:u,duration:null,mcp_server:A.mcp_server};await(0,_.appendAction)(n,D),s.logger.debug(`track-action (nested): ${b.name}`)}}process.exit(0)}c(Z,"run");function tt(o,t,i){if(!(0,I.isJobQueueEnabled)(o))return;const e={...i};delete e.tool_response;try{(0,f.submit)(o,t,f.SEND_EVENT_TYPE,e)}catch(n){if(n instanceof f.JobTooLargeError){s.logger.debug(`track-action: wire event too large for ${i.tool_name}; dropping`);return}s.logger.debug(`track-action: failed to submit ${i.tool_name}: ${n instanceof Error?n.message:n}`)}}c(tt,"submitEvent");function $(o){if(o==null)return 0;try{const t=typeof o=="string"?o:JSON.stringify(o);return t===void 0?0:Buffer.byteLength(t,"utf-8")}catch{return 0}}c($,"byteSize");0&&(module.exports={run});
+"use strict";var v=Object.defineProperty;var B=Object.getOwnPropertyDescriptor;var J=Object.getOwnPropertyNames;var U=Object.prototype.hasOwnProperty;var d=(t,o)=>v(t,"name",{value:o,configurable:!0});var z=(t,o)=>{for(var i in o)v(t,i,{get:o[i],enumerable:!0})},M=(t,o,i,e)=>{if(o&&typeof o=="object"||typeof o=="function")for(let n of J(o))!U.call(t,n)&&n!==i&&v(t,n,{get:()=>o[n],enumerable:!(e=B(o,n))||e.enumerable});return t};var W=t=>M(v({},"__esModule",{value:!0}),t);var eo={};z(eo,{run:()=>oo});module.exports=W(eo);var f=require("../../../hooks/core/actions"),c=require("../../../hooks/core/session-state"),$=require("../../../import/ids"),h=require("../../../lib/config"),s=require("../../../lib/logger"),I=require("../../../lib/recording-tools"),L=require("../../../lib/stdin"),g=require("../../../queue"),y=require("../util");const k=/callTool\(\s*['"]([^'"]+)['"]/g,A="mcp__browser-devtools__",X="bdt_",K="browser-devtools",Q="node-devtools",Y="backend-devtools",j="android-devtools",q=`${X}execute`;function G(t){return t.startsWith(A)?t:`${A}${t}`}d(G,"toFullName");function H(t,o){if(t[o]!=="{")return;let i=0;for(let e=o;e<t.length;e++)if(t[e]==="{")i++;else if(t[e]==="}"&&(i--,i===0))return t.slice(o,e+1)}d(H,"extractBalancedBraces");function Z(t){const o=typeof t=="string"?t:JSON.stringify(t??""),i=[],e=new Set;let n=k.exec(o);for(;n!==null;){const a=G(n[1]);if(!e.has(a)){e.add(a);let u;const p=n.index+n[0].length,m=o.slice(p).trimStart();if(m.startsWith(",")){const T=m.slice(1).trimStart();if(T.startsWith("{")){const _=H(T,0);if(_)try{u=JSON.parse(_)}catch{u=_}}}i.push({name:a,args:u})}n=k.exec(o)}return i}d(Z,"extractNestedToolCalls");async function oo(t){let o;try{o=JSON.parse((0,L.readStdin)())}catch(l){s.logger.debug(`failed to parse stdin: ${l}`),process.exit(0)}const i=o.session_id??"default",e=`${t}/.ironbee/sessions/${i}`,n=`${e}/actions.jsonl`;(0,s.setLogFile)(`${e}/session.log`);const a=o.tool_name??"unknown",u=Date.now(),p=o.tool_input&&typeof o.tool_input=="object"&&!Array.isArray(o.tool_input)?{...o.tool_input,_metadata:void 0}:o.tool_input,m=(0,c.getActiveActivityId)(e),T=(0,c.getActiveVerificationId)(e),_=(0,c.getActiveTraceId)(e),r=(0,y.classifyTool)(a,o.tool_input),S=r.tool_type==="mcp"&&r.mcp_server===K,x=r.tool_type==="mcp"&&r.mcp_server===Q,D=r.tool_type==="mcp"&&r.mcp_server===Y,V=r.tool_type==="mcp"&&r.mcp_server===j,O=S||x||D||V,F=O?p:(0,y.extractClaudeToolInput)(a,p),w=typeof o.error=="string"&&o.error.length>0?o.error:void 0,E=w?o.is_interrupt?`interrupted: ${w}`:w:void 0,C={...(0,f.baseFields)(n),type:"tool_call",timestamp:u,tool_name:r.tool_name,tool_type:r.tool_type,tool_use_id:o.tool_use_id,tool_input:F,tool_input_size:N(p),tool_response:E?void 0:o.tool_response,tool_response_size:N(E?void 0:o.tool_response),activity_id:m,verification_id:T,trace_id:_,duration:typeof o.duration_ms=="number"?o.duration_ms:null,mcp_server:r.mcp_server,error:E};if(o.tool_use_id!==void 0&&o.tool_use_id.length>0&&(C.id=(0,$.deriveToolCallEventIdFromToolUseId)(i,o.tool_use_id)),O){await(0,f.appendAction)(n,C);const l=(0,I.recordingToolsForServer)(r.mcp_server);l!==null&&(r.tool_name===l.startTool?((0,c.setRecordingActive)(e,!0),s.logger.debug(`track-action: recording started (${l.cycle})`)):r.tool_name===l.stopTool&&((0,c.setRecordingActive)(e,!1),s.logger.debug(`track-action: recording stopped (${l.cycle})`)))}else to(t,i,C);if(s.logger.debug(`track-action: ${a}${E?" (failed)":""}`),S&&r.tool_name===q&&!E){const l=Z(o.tool_input);for(const b of l){const R=(0,y.classifyTool)(b.name,b.args),P={...(0,f.baseFields)(n),type:"tool_call",timestamp:u,tool_name:R.tool_name,tool_type:R.tool_type,tool_input:b.args,activity_id:m,verification_id:T,trace_id:_,duration:null,mcp_server:R.mcp_server};await(0,f.appendAction)(n,P),s.logger.debug(`track-action (nested): ${b.name}`)}}process.exit(0)}d(oo,"run");function to(t,o,i){if(!(0,h.isJobQueueEnabled)(t))return;const e={...i};delete e.tool_response;try{(0,g.submit)(t,o,g.SEND_EVENT_TYPE,e)}catch(n){if(n instanceof g.JobTooLargeError){s.logger.debug(`track-action: wire event too large for ${i.tool_name}; dropping`);return}s.logger.debug(`track-action: failed to submit ${i.tool_name}: ${n instanceof Error?n.message:n}`)}}d(to,"submitEvent");function N(t){if(t==null)return 0;try{const o=typeof t=="string"?t:JSON.stringify(t);return o===void 0?0:Buffer.byteLength(o,"utf-8")}catch{return 0}}d(N,"byteSize");0&&(module.exports={run});

package/dist/clients/claude/index.js

@@ -1,7 +1,7 @@
-"use strict";var Z=Object.create;var b=Object.defineProperty;var ee=Object.getOwnPropertyDescriptor;var ne=Object.getOwnPropertyNames;var oe=Object.getPrototypeOf,re=Object.prototype.hasOwnProperty;var k=(t,e)=>b(t,"name",{value:e,configurable:!0});var ie=(t,e)=>{for(var n in e)b(t,n,{get:e[n],enumerable:!0})},T=(t,e,n,o)=>{if(e&&typeof e=="object"||typeof e=="function")for(let r of ne(e))!re.call(t,r)&&r!==n&&b(t,r,{get:()=>e[r],enumerable:!(o=ee(e,r))||o.enumerable});return t};var se=(t,e,n)=>(n=t!=null?Z(oe(t)):{},T(e||!t||!t.__esModule?b(n,"default",{value:t,enumerable:!0}):n,t)),te=t=>T(b({},"__esModule",{value:!0}),t);var Se={};ie(Se,{ClaudeClient:()=>ve,prepareIronBeeDir:()=>ye});module.exports=te(Se);var s=require("fs"),l=require("path"),p=require("../../lib/logger"),a=require("../../lib/output"),L=require("../../lib/gitignore"),A=require("../../lib/fs-prune"),P=require("./hooks/verify-gate"),M=require("./hooks/clear-verdict"),N=require("./hooks/track-action"),I=require("./hooks/track-action-monitor"),B=require("./hooks/session-start"),H=require("./hooks/require-verdict"),U=require("./hooks/require-verification"),j=require("./hooks/activity-start"),J=require("./hooks/activity-end"),V=require("./hooks/session-end"),d=require("../../lib/config"),D=require("../../hooks/core/actions"),F=require("../../lib/platform-section"),v=require("../../lib/install-snapshots"),w=require("./hooks/session-status");const y="browser-devtools",S="node-devtools",h="backend-devtools",ce="ironbee",ae="ironbee hook session-status";function le(t){return(0,l.join)(__dirname,"..",t,"platforms")}k(le,"platformsDirFor");function _(t,e,n){return e?(t.includes(n)||t.push(n),t):t.filter(o=>o!==n)}k(_,"syncCyclePermission");function R(t){const e=Object.keys(t);if(e.length===0)return!0;if(e.length===1&&e[0]==="mcpServers"){const n=t.mcpServers;return n===void 0||Object.keys(n).length===0}return!1}k(R,"isMcpConfigEmpty");function ue(t,e){const n=[`  - ${t}:`];!("type"in e)&&"command"in e&&n.push("      type: stdio");for(const[o,r]of Object.entries(e))if(r!==void 0)if(r!==null&&typeof r=="object"&&!Array.isArray(r)){const i=Object.entries(r);if(i.length===0)n.push(`      ${o}: {}`);else{n.push(`      ${o}:`);for(const[c,f]of i)n.push(`        ${c}: ${JSON.stringify(f)}`)}}else n.push(`      ${o}: ${JSON.stringify(r)}`);return n}k(ue,"renderInlineMcpServerYaml");function de(t,e){const n=[];if((0,d.isCycleEnabled)(e,"browser")&&n.push({key:y,entry:(0,d.getMcpServerEntry)(t)}),(0,d.isCycleEnabled)(e,"node")&&n.push({key:S,entry:(0,d.getNodeDevToolsMcpEntry)(t)}),(0,d.isCycleEnabled)(e,"backend")&&n.push({key:h,entry:(0,d.getBackendDevToolsMcpEntry)(t)}),n.length===0)return"";const o=["mcpServers:"];for(const{key:r,entry:i}of n)o.push(...ue(r,i));return o.join(`
-`)}k(de,"buildVerifierMcpServersBlock");function me(t,e){if(e.length===0)return t;const n=t.split(`
+"use strict";var ee=Object.create;var _=Object.defineProperty;var ne=Object.getOwnPropertyDescriptor;var oe=Object.getOwnPropertyNames;var re=Object.getPrototypeOf,ie=Object.prototype.hasOwnProperty;var v=(t,e)=>_(t,"name",{value:e,configurable:!0});var se=(t,e)=>{for(var n in e)_(t,n,{get:e[n],enumerable:!0})},C=(t,e,n,o)=>{if(e&&typeof e=="object"||typeof e=="function")for(let r of oe(e))!ie.call(t,r)&&r!==n&&_(t,r,{get:()=>e[r],enumerable:!(o=ne(e,r))||o.enumerable});return t};var te=(t,e,n)=>(n=t!=null?ee(re(t)):{},C(e||!t||!t.__esModule?_(n,"default",{value:t,enumerable:!0}):n,t)),ce=t=>C(_({},"__esModule",{value:!0}),t);var he={};se(he,{ClaudeClient:()=>ye,prepareIronBeeDir:()=>Se});module.exports=ce(he);var s=require("fs"),l=require("path"),k=require("../../lib/logger"),a=require("../../lib/output"),M=require("../../lib/gitignore"),P=require("../../lib/fs-prune"),N=require("./hooks/verify-gate"),I=require("./hooks/clear-verdict"),B=require("./hooks/track-action"),H=require("./hooks/track-action-monitor"),U=require("./hooks/session-start"),J=require("./hooks/require-verdict"),V=require("./hooks/require-verification"),j=require("./hooks/activity-start"),D=require("./hooks/activity-end"),F=require("./hooks/session-end"),u=require("../../lib/config"),X=require("../../hooks/core/actions"),x=require("../../lib/platform-section"),y=require("../../lib/install-snapshots"),$=require("./hooks/session-status");const S="browser-devtools",h="node-devtools",b="backend-devtools",E="android-devtools",ae="ironbee",le="ironbee hook session-status";function ue(t){return(0,l.join)(__dirname,"..",t,"platforms")}v(ue,"platformsDirFor");function w(t,e,n){return e?(t.includes(n)||t.push(n),t):t.filter(o=>o!==n)}v(w,"syncCyclePermission");function L(t){const e=Object.keys(t);if(e.length===0)return!0;if(e.length===1&&e[0]==="mcpServers"){const n=t.mcpServers;return n===void 0||Object.keys(n).length===0}return!1}v(L,"isMcpConfigEmpty");function de(t,e){const n=[`  - ${t}:`];!("type"in e)&&"command"in e&&n.push("      type: stdio");for(const[o,r]of Object.entries(e))if(r!==void 0)if(r!==null&&typeof r=="object"&&!Array.isArray(r)){const i=Object.entries(r);if(i.length===0)n.push(`      ${o}: {}`);else{n.push(`      ${o}:`);for(const[c,m]of i)n.push(`        ${c}: ${JSON.stringify(m)}`)}}else n.push(`      ${o}: ${JSON.stringify(r)}`);return n}v(de,"renderInlineMcpServerYaml");function me(t,e){const n=[];if((0,u.isCycleEnabled)(e,"browser")&&n.push({key:S,entry:(0,u.getMcpServerEntry)(t)}),(0,u.isCycleEnabled)(e,"node")&&n.push({key:h,entry:(0,u.getNodeDevToolsMcpEntry)(t)}),(0,u.isCycleEnabled)(e,"backend")&&n.push({key:b,entry:(0,u.getBackendDevToolsMcpEntry)(t)}),(0,u.isCycleEnabled)(e,"android")&&n.push({key:E,entry:(0,u.getAndroidDevToolsMcpEntry)(t)}),n.length===0)return"";const o=["mcpServers:"];for(const{key:r,entry:i}of n)o.push(...de(r,i));return o.join(`
+`)}v(me,"buildVerifierMcpServersBlock");function fe(t,e){if(e.length===0)return t;const n=t.split(`
 `);if(n[0]!=="---")return t;let o=-1;for(let c=1;c<n.length;c++)if(n[c]==="---"){o=c;break}if(o<0)return t;const r=n.slice(0,o),i=n.slice(o);return[...r,...e.split(`
 `),...i].join(`
-`)}k(me,"injectVerifierMcpServers");function fe(t,e){if(!e)return t;const n=t.split(`
+`)}v(fe,"injectVerifierMcpServers");function ge(t,e){if(!e)return t;const n=t.split(`
 `);if(n[0]!=="---")return t;let o=-1;for(let c=1;c<n.length;c++)if(n[c]==="---"){o=c;break}if(o<0)return t;const r=n.slice(0,o);if(r.some(c=>/^model\s*:/.test(c)))return t;const i=n.slice(o);return[...r,`model: ${e}`,...i].join(`
-`)}k(fe,"injectVerifierModel");function ge(t){const e=new Set(["hooks","permissions"]);for(const n of Object.keys(t))if(!e.has(n))return!1;if(t.hooks!==void 0&&Object.keys(t.hooks).length>0)return!1;if(t.permissions!==void 0){const n=t.permissions.allow??[],o=t.permissions.deny??[];if(n.length>0||o.length>0)return!1}return!0}k(ge,"isClaudeSettingsEmpty");const pe=["CLAUDE_CODE_ENABLE_TELEMETRY","OTEL_LOGS_EXPORTER","OTEL_METRICS_EXPORTER","OTEL_EXPORTER_OTLP_PROTOCOL","OTEL_EXPORTER_OTLP_ENDPOINT","OTEL_LOG_RAW_API_BODIES","OTEL_RESOURCE_ATTRIBUTES","OTEL_LOGS_EXPORT_INTERVAL"];function C(t){const e=t.OTEL_RESOURCE_ATTRIBUTES;return typeof e=="string"&&e.includes("ironbee.project_name")}k(C,"otelEnvOwnedByUs");function ke(t){return t.replace(/[,=\s]+/g,"-").replace(/^-+|-+$/g,"")||"project"}k(ke,"sanitizeResourceValue");class ve{constructor(){this.name="claude";this.supportsVerifierModel=!0}static{k(this,"ClaudeClient")}detect(e){return(0,s.existsSync)((0,l.join)(e,".claude"))}resolveProjectDir(){return process.env.CLAUDE_PROJECT_DIR??process.cwd()}resolveAgentSessionId(e,n){const o=process.env.CLAUDE_CODE_SESSION_ID;return typeof o=="string"&&o.length>0?o:void 0}async runSessionStatus(){const{runSessionStatus:e}=await Promise.resolve().then(()=>se(require("./hooks/session-status")));await e()}install(e,n){const o=n??(0,d.loadConfig)(e),r=(0,d.getVerificationMode)(o),i=r!=="monitor";this.cleanupArtifacts(e);const c=(0,l.join)(e,".claude"),f=(0,l.join)(c,"skills"),m=(0,l.join)(c,"rules"),g=(0,l.join)(c,"commands");(0,s.mkdirSync)(f,{recursive:!0}),(0,s.mkdirSync)(m,{recursive:!0}),(0,s.mkdirSync)(g,{recursive:!0});const u=(0,l.join)(c,"settings.json");if(this.mergeHooksConfig(u,r),this.writePermissions(u,i,e),(0,d.isOTELEnabled)(o)&&this.writeOTELEnv(u,e,o),this.installStatusLine(e,o),i){if(r==="enforce"){const K=(0,l.join)(f,"ironbee-verification.md"),W=(0,s.readFileSync)((0,l.join)(__dirname,"skills","ironbee-verification.md"),"utf-8");(0,s.writeFileSync)(K,W);const Y=(0,l.join)(m,"ironbee-verification.md"),Q=(0,s.readFileSync)((0,l.join)(__dirname,"rules","ironbee-verification.md"),"utf-8");(0,s.writeFileSync)(Y,Q)}const E=(0,l.join)(g,"ironbee-verify.md"),X=(0,s.readFileSync)((0,l.join)(__dirname,"commands","ironbee-verify.md"),"utf-8");(0,s.writeFileSync)(E,X);const O=(0,l.join)(c,"agents");(0,s.mkdirSync)(O,{recursive:!0});const x=(0,l.join)(O,"ironbee-verifier.md"),G=(0,s.readFileSync)((0,l.join)(__dirname,"agents","ironbee-verifier.md"),"utf-8"),z=me(G,de(e,o)),q=fe(z,(0,d.getVerificationModel)(o,"claude"));(0,s.writeFileSync)(x,q);const $=(0,l.join)(e,".mcp.json");this.writeMcpConfig($,e),(0,F.syncPlatformSectionsToConfig)(e,le),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} settings ${a.pc.dim("\u2192")} ${a.pc.dim(u)}`),r==="enforce"?(console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} skills   ${a.pc.dim("\u2192")} ${a.pc.dim(f)}`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} rule     ${a.pc.dim("\u2192")} ${a.pc.dim(m)}`)):console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} ${a.pc.yellow("assist mode")} (verification.auto: false) \u2014 manual /ironbee-verify only, no enforcement`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} commands ${a.pc.dim("\u2192")} ${a.pc.dim(g)}`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} agents   ${a.pc.dim("\u2192")} ${a.pc.dim((0,l.join)(c,"agents"))}`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} mcp      ${a.pc.dim("\u2192")} ${a.pc.dim($)}`)}else console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} ${a.pc.yellow("monitoring-only mode")} (verification.enable: false)`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} settings ${a.pc.dim("\u2192")} ${a.pc.dim(u)}`)}uninstall(e){this.cleanupArtifacts(e),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} removed hooks, skill, rule, command, MCP, and permissions`)}cleanupArtifacts(e){const n=(0,l.join)(e,".claude"),o=(0,l.join)(n,"skills","ironbee-verification.md"),r=(0,l.join)(n,"skills","ironbee-analyze.md"),i=(0,l.join)(n,"rules","ironbee-verification.md"),c=(0,l.join)(n,"commands","ironbee-analyze.md"),f=(0,l.join)(n,"commands","ironbee-verify.md"),m=(0,l.join)(n,"agents","ironbee-verifier.md");this.removeFile(o),this.removeFile(r),this.removeFile(i),this.removeFile(c),this.removeFile(f),this.removeFile(m);const g=(0,l.join)(n,"settings.json");this.removeIronBeeHooks(g),this.removePermission(g),this.removeOTELEnv(g),this.maybeDeleteEmptySettings(g);const u=(0,l.join)(e,".mcp.json");this.removeMcpServer(u),this.uninstallStatusLine(e),(0,A.pruneEmptyDirs)(n)}installStatusLine(e,n){if(!(0,d.isSessionStatusEnabled)(n))return;const o=(0,l.join)(e,".claude","settings.local.json"),r=this.readStatusLineBlock(o);r&&!(0,w.isIronbeeStatusLine)(r.command)&&(0,v.readStatusLineSnapshot)(e,"claude")===void 0&&(0,v.upsertStatusLineSnapshot)(e,"claude",r);const i={type:"command",command:ae},c=(0,d.getStatusLineRefreshInterval)(n);c!==void 0&&(i.refreshInterval=c),this.writeStatusLineBlock(o,i),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} statusline ${a.pc.dim("\u2192")} ${a.pc.dim(o)}`)}uninstallStatusLine(e){const n=(0,l.join)(e,".claude","settings.local.json"),o=(0,v.readStatusLineSnapshot)(e,"claude");if(o){this.writeStatusLineBlock(n,o),(0,v.clearStatusLineSnapshot)(e,"claude");return}const r=this.readStatusLineBlock(n);r&&(0,w.isIronbeeStatusLine)(r.command)&&this.removeStatusLineBlock(n)}readStatusLineBlock(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8"));if(n===null||typeof n!="object")return;const o=n.statusLine;if(o===null||typeof o!="object")return;const r=o.command;if(typeof r!="string"||r.length===0)return;const i=o.padding,c=o.refreshInterval,f={type:"command",command:r};return typeof i=="number"&&(f.padding=i),typeof c=="number"&&(f.refreshInterval=c),f}catch(n){p.logger.debug(`failed to read statusLine from ${e}: ${n}`);return}}writeStatusLineBlock(e,n){let o={};if((0,s.existsSync)(e))try{const r=JSON.parse((0,s.readFileSync)(e,"utf-8"));r!==null&&typeof r=="object"&&!Array.isArray(r)&&(o=r)}catch(r){p.logger.debug(`failed to read ${e} for statusLine write: ${r}`)}else(0,s.mkdirSync)((0,l.join)(e,".."),{recursive:!0});o.statusLine=n,(0,s.writeFileSync)(e,JSON.stringify(o,null,2))}removeStatusLineBlock(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8"));if(n===null||typeof n!="object"||Array.isArray(n))return;const o=n;delete o.statusLine,Object.keys(o).length===0?(0,s.unlinkSync)(e):(0,s.writeFileSync)(e,JSON.stringify(o,null,2))}catch(n){p.logger.debug(`failed to remove statusLine from ${e}: ${n}`)}}writeOTELEnv(e,n,o){let r={};if((0,s.existsSync)(e))try{const u=JSON.parse((0,s.readFileSync)(e,"utf-8"));u!==null&&typeof u=="object"&&!Array.isArray(u)&&(r=u)}catch(u){p.logger.debug(`failed to read ${e} for otel env write: ${u}`)}else(0,s.mkdirSync)((0,l.join)(e,".."),{recursive:!0});const i=r.env,c=i!==null&&typeof i=="object"&&!Array.isArray(i)?i:{},f=c.OTEL_EXPORTER_OTLP_ENDPOINT;if(typeof f=="string"&&f.length>0&&!C(c)){console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} ${a.pc.yellow("existing OTEL telemetry env detected \u2014 left untouched (session_context not wired for this project)")}`);return}const m=(0,d.getOTELPort)(o),g=ke((0,D.resolveProjectName)(n));c.CLAUDE_CODE_ENABLE_TELEMETRY="1",c.OTEL_LOGS_EXPORTER="otlp",c.OTEL_METRICS_EXPORTER="none",c.OTEL_EXPORTER_OTLP_PROTOCOL="http/json",c.OTEL_EXPORTER_OTLP_ENDPOINT=`http://127.0.0.1:${m}`,c.OTEL_LOG_RAW_API_BODIES="file:.ironbee/otel",c.OTEL_RESOURCE_ATTRIBUTES=`ironbee.project_name=${g}`,c.OTEL_LOGS_EXPORT_INTERVAL="5000",r.env=c,(0,s.writeFileSync)(e,JSON.stringify(r,null,2)),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} otel env ${a.pc.dim("\u2192")} ${a.pc.dim(`${e} (127.0.0.1:${m})`)}`)}removeOTELEnv(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8"));if(n===null||typeof n!="object"||Array.isArray(n))return;const o=n,r=o.env;if(r===null||typeof r!="object"||Array.isArray(r))return;const i=r;if(!C(i))return;for(const c of pe)delete i[c];Object.keys(i).length===0&&delete o.env,(0,s.writeFileSync)(e,JSON.stringify(o,null,2))}catch(n){p.logger.debug(`failed to remove otel env from ${e}: ${n}`)}}maybeDeleteEmptySettings(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8"));ge(n)&&(0,s.unlinkSync)(e)}catch(n){p.logger.debug(`failed to inspect ${e} for emptiness: ${n}`)}}async runVerifyGate(e){await(0,P.run)(e)}async runClearVerdict(e){await(0,M.run)(e)}async runTrackAction(e){await(0,N.run)(e)}async runSessionStart(e){await(0,B.run)(e)}async runRequireVerdict(e,n){await(0,H.run)(e,n)}async runRequireVerification(e,n){await(0,U.run)(e,n)}async runActivityStart(e){await(0,j.run)(e)}async runActivityEnd(e){await(0,J.run)(e)}async runTrackActionMonitor(e){await(0,I.run)(e)}async runSessionEnd(e){await(0,V.run)(e)}async runTrackActionPre(e){}isIronBeeHook(e){return e.hooks.some(n=>n.command.includes(ce))}mergeHooksConfig(e,n){const o=n!=="monitor",r=n==="assist"?" --soft":"";let i={};if((0,s.existsSync)(e))try{i=JSON.parse((0,s.readFileSync)(e,"utf-8"))}catch(m){p.logger.debug(`failed to parse ${e}: ${m}`),i={}}i.hooks||(i.hooks={});for(const m of Object.keys(i.hooks)){const g=i.hooks[m].filter(u=>!this.isIronBeeHook(u));g.length===0?delete i.hooks[m]:i.hooks[m]=g}i.hooks.SessionStart||(i.hooks.SessionStart=[]),i.hooks.SessionStart.push({matcher:"",hooks:[{type:"command",command:"ironbee hook session-start --client claude"}]}),i.hooks.UserPromptSubmit||(i.hooks.UserPromptSubmit=[]),i.hooks.UserPromptSubmit.push({matcher:"",hooks:[{type:"command",command:"ironbee hook activity-start --client claude"}]}),o&&(i.hooks.PreToolUse||(i.hooks.PreToolUse=[]),i.hooks.PreToolUse.push({matcher:"mcp__browser-devtools__.*|mcp__node-devtools__.*|mcp__backend-devtools__.*",hooks:[{type:"command",command:`ironbee hook require-verification --client claude${r}`}]}),i.hooks.PreToolUse.push({matcher:"Write|Edit",hooks:[{type:"command",command:`ironbee hook require-verdict --client claude${r}`}]}),i.hooks.PostToolUse||(i.hooks.PostToolUse=[]),i.hooks.PostToolUse.push({matcher:"Write|Edit",hooks:[{type:"command",command:"ironbee hook clear-verdict --client claude"}]})),i.hooks.PostToolUse||(i.hooks.PostToolUse=[]);const c=o?"ironbee hook track-action --client claude":"ironbee hook track-action-monitor --client claude";i.hooks.PostToolUse.push({matcher:"",hooks:[{type:"command",command:c}]}),i.hooks.PostToolUseFailure||(i.hooks.PostToolUseFailure=[]),i.hooks.PostToolUseFailure.push({matcher:"",hooks:[{type:"command",command:c}]}),i.hooks.Stop||(i.hooks.Stop=[]);const f=n==="enforce"?"ironbee hook verify-gate --client claude":"ironbee hook activity-end --client claude";i.hooks.Stop.push({matcher:"",hooks:[{type:"command",command:f}]}),i.hooks.SessionEnd||(i.hooks.SessionEnd=[]),i.hooks.SessionEnd.push({matcher:"",hooks:[{type:"command",command:"ironbee hook session-end --client claude"}]}),(0,s.writeFileSync)(e,JSON.stringify(i,null,2))}removeIronBeeHooks(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8"));if(!n.hooks)return;for(const o of Object.keys(n.hooks)){const r=n.hooks[o].filter(i=>!this.isIronBeeHook(i));r.length===0?delete n.hooks[o]:n.hooks[o]=r}(0,s.writeFileSync)(e,JSON.stringify(n,null,2))}catch(n){p.logger.debug(`failed to remove hooks from ${e}: ${n}`)}}removeMcpServer(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8"));let o=!1;n.mcpServers&&n.mcpServers[y]&&(delete n.mcpServers[y],o=!0),n.mcpServers&&n.mcpServers[S]&&(delete n.mcpServers[S],o=!0),n.mcpServers&&n.mcpServers[h]&&(delete n.mcpServers[h],o=!0),R(n)?(0,s.unlinkSync)(e):o&&(0,s.writeFileSync)(e,JSON.stringify(n,null,2))}catch(n){p.logger.debug(`failed to remove MCP server from ${e}: ${n}`)}}removePermission(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8")),o=`mcp__${y}__*`,r=`mcp__${S}__*`,i=`mcp__${h}__*`,c="Bash(ironbee *)",f="Bash(ironbee analyze)";n.permissions?.allow&&(n.permissions.allow=n.permissions.allow.filter(m=>m!==o&&m!==r&&m!==i&&m!==c&&m!==f),(0,s.writeFileSync)(e,JSON.stringify(n,null,2)))}catch(n){p.logger.debug(`failed to remove permission from ${e}: ${n}`)}}removeFile(e){(0,s.existsSync)(e)&&(0,s.unlinkSync)(e)}writeMcpConfig(e,n){let o={mcpServers:{}};if((0,s.existsSync)(e))try{o=JSON.parse((0,s.readFileSync)(e,"utf-8")),o.mcpServers||(o.mcpServers={})}catch(r){p.logger.debug(`failed to parse ${e}: ${r}`),o={mcpServers:{}}}if(delete o.mcpServers[y],delete o.mcpServers[S],delete o.mcpServers[h],R(o)){try{(0,s.rmSync)(e,{force:!0})}catch(r){p.logger.debug(`failed to remove empty ${e}: ${r}`)}return}(0,s.writeFileSync)(e,JSON.stringify(o,null,2))}writePermissions(e,n,o){let r={};if((0,s.existsSync)(e))try{r=JSON.parse((0,s.readFileSync)(e,"utf-8"))}catch(u){p.logger.debug(`failed to parse ${e}: ${u}`),r={}}r.permissions||(r.permissions={allow:[],deny:[]}),r.permissions.allow||(r.permissions.allow=[]);const i=`mcp__${y}__*`,c=`mcp__${S}__*`,f=`mcp__${h}__*`,m="Bash(ironbee *)",g="Bash(ironbee analyze)";if(n){const u=(0,d.loadConfig)(o);r.permissions.allow=_(r.permissions.allow,(0,d.isCycleEnabled)(u,"browser"),i),r.permissions.allow=_(r.permissions.allow,(0,d.isCycleEnabled)(u,"node"),c),r.permissions.allow=_(r.permissions.allow,(0,d.isCycleEnabled)(u,"backend"),f),r.permissions.allow=r.permissions.allow.filter(E=>E!==g),r.permissions.allow.includes(m)||r.permissions.allow.push(m)}else r.permissions.allow=r.permissions.allow.filter(u=>u!==i&&u!==c&&u!==f&&u!==m&&u!==g);(0,s.writeFileSync)(e,JSON.stringify(r,null,2))}}function ye(t){(0,s.mkdirSync)((0,l.join)(t,".ironbee"),{recursive:!0}),(0,L.ensureIronBeeGitignored)(t)}k(ye,"prepareIronBeeDir");0&&(module.exports={ClaudeClient,prepareIronBeeDir});
+`)}v(ge,"injectVerifierModel");function pe(t){const e=new Set(["hooks","permissions"]);for(const n of Object.keys(t))if(!e.has(n))return!1;if(t.hooks!==void 0&&Object.keys(t.hooks).length>0)return!1;if(t.permissions!==void 0){const n=t.permissions.allow??[],o=t.permissions.deny??[];if(n.length>0||o.length>0)return!1}return!0}v(pe,"isClaudeSettingsEmpty");const ke=["CLAUDE_CODE_ENABLE_TELEMETRY","OTEL_LOGS_EXPORTER","OTEL_METRICS_EXPORTER","OTEL_EXPORTER_OTLP_PROTOCOL","OTEL_EXPORTER_OTLP_ENDPOINT","OTEL_LOG_RAW_API_BODIES","OTEL_RESOURCE_ATTRIBUTES","OTEL_LOGS_EXPORT_INTERVAL"];function A(t){const e=t.OTEL_RESOURCE_ATTRIBUTES;return typeof e=="string"&&e.includes("ironbee.project_name")}v(A,"otelEnvOwnedByUs");function ve(t){return t.replace(/[,=\s]+/g,"-").replace(/^-+|-+$/g,"")||"project"}v(ve,"sanitizeResourceValue");class ye{constructor(){this.name="claude";this.supportsVerifierModel=!0}static{v(this,"ClaudeClient")}detect(e){return(0,s.existsSync)((0,l.join)(e,".claude"))}resolveProjectDir(){return process.env.CLAUDE_PROJECT_DIR??process.cwd()}resolveAgentSessionId(e,n){const o=process.env.CLAUDE_CODE_SESSION_ID;return typeof o=="string"&&o.length>0?o:void 0}async runSessionStatus(){const{runSessionStatus:e}=await Promise.resolve().then(()=>te(require("./hooks/session-status")));await e()}install(e,n){const o=n??(0,u.loadConfig)(e),r=(0,u.getVerificationMode)(o),i=r!=="monitor";this.cleanupArtifacts(e);const c=(0,l.join)(e,".claude"),m=(0,l.join)(c,"skills"),f=(0,l.join)(c,"rules"),d=(0,l.join)(c,"commands");(0,s.mkdirSync)(m,{recursive:!0}),(0,s.mkdirSync)(f,{recursive:!0}),(0,s.mkdirSync)(d,{recursive:!0});const g=(0,l.join)(c,"settings.json");if(this.mergeHooksConfig(g,r),this.writePermissions(g,i,e),(0,u.isOTELEnabled)(o)&&this.writeOTELEnv(g,e,o),this.installStatusLine(e,o),i){if(r==="enforce"){const W=(0,l.join)(m,"ironbee-verification.md"),Y=(0,s.readFileSync)((0,l.join)(__dirname,"skills","ironbee-verification.md"),"utf-8");(0,s.writeFileSync)(W,Y);const Q=(0,l.join)(f,"ironbee-verification.md"),Z=(0,s.readFileSync)((0,l.join)(__dirname,"rules","ironbee-verification.md"),"utf-8");(0,s.writeFileSync)(Q,Z)}const p=(0,l.join)(d,"ironbee-verify.md"),O=(0,s.readFileSync)((0,l.join)(__dirname,"commands","ironbee-verify.md"),"utf-8");(0,s.writeFileSync)(p,O);const T=(0,l.join)(c,"agents");(0,s.mkdirSync)(T,{recursive:!0});const G=(0,l.join)(T,"ironbee-verifier.md"),z=(0,s.readFileSync)((0,l.join)(__dirname,"agents","ironbee-verifier.md"),"utf-8"),q=fe(z,me(e,o)),K=ge(q,(0,u.getVerificationModel)(o,"claude"));(0,s.writeFileSync)(G,K);const R=(0,l.join)(e,".mcp.json");this.writeMcpConfig(R,e),(0,x.syncPlatformSectionsToConfig)(e,ue),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} settings ${a.pc.dim("\u2192")} ${a.pc.dim(g)}`),r==="enforce"?(console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} skills   ${a.pc.dim("\u2192")} ${a.pc.dim(m)}`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} rule     ${a.pc.dim("\u2192")} ${a.pc.dim(f)}`)):console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} ${a.pc.yellow("assist mode")} (verification.auto: false) \u2014 manual /ironbee-verify only, no enforcement`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} commands ${a.pc.dim("\u2192")} ${a.pc.dim(d)}`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} agents   ${a.pc.dim("\u2192")} ${a.pc.dim((0,l.join)(c,"agents"))}`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} mcp      ${a.pc.dim("\u2192")} ${a.pc.dim(R)}`)}else console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} ${a.pc.yellow("monitoring-only mode")} (verification.enable: false)`),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} settings ${a.pc.dim("\u2192")} ${a.pc.dim(g)}`)}uninstall(e){this.cleanupArtifacts(e),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} removed hooks, skill, rule, command, MCP, and permissions`)}cleanupArtifacts(e){const n=(0,l.join)(e,".claude"),o=(0,l.join)(n,"skills","ironbee-verification.md"),r=(0,l.join)(n,"skills","ironbee-analyze.md"),i=(0,l.join)(n,"rules","ironbee-verification.md"),c=(0,l.join)(n,"commands","ironbee-analyze.md"),m=(0,l.join)(n,"commands","ironbee-verify.md"),f=(0,l.join)(n,"agents","ironbee-verifier.md");this.removeFile(o),this.removeFile(r),this.removeFile(i),this.removeFile(c),this.removeFile(m),this.removeFile(f);const d=(0,l.join)(n,"settings.json");this.removeIronBeeHooks(d),this.removePermission(d),this.removeOTELEnv(d),this.maybeDeleteEmptySettings(d);const g=(0,l.join)(e,".mcp.json");this.removeMcpServer(g),this.uninstallStatusLine(e),(0,P.pruneEmptyDirs)(n)}installStatusLine(e,n){if(!(0,u.isSessionStatusEnabled)(n))return;const o=(0,l.join)(e,".claude","settings.local.json"),r=this.readStatusLineBlock(o);r&&!(0,$.isIronbeeStatusLine)(r.command)&&(0,y.readStatusLineSnapshot)(e,"claude")===void 0&&(0,y.upsertStatusLineSnapshot)(e,"claude",r);const i={type:"command",command:le},c=(0,u.getStatusLineRefreshInterval)(n);c!==void 0&&(i.refreshInterval=c),this.writeStatusLineBlock(o,i),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} statusline ${a.pc.dim("\u2192")} ${a.pc.dim(o)}`)}uninstallStatusLine(e){const n=(0,l.join)(e,".claude","settings.local.json"),o=(0,y.readStatusLineSnapshot)(e,"claude");if(o){this.writeStatusLineBlock(n,o),(0,y.clearStatusLineSnapshot)(e,"claude");return}const r=this.readStatusLineBlock(n);r&&(0,$.isIronbeeStatusLine)(r.command)&&this.removeStatusLineBlock(n)}readStatusLineBlock(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8"));if(n===null||typeof n!="object")return;const o=n.statusLine;if(o===null||typeof o!="object")return;const r=o.command;if(typeof r!="string"||r.length===0)return;const i=o.padding,c=o.refreshInterval,m={type:"command",command:r};return typeof i=="number"&&(m.padding=i),typeof c=="number"&&(m.refreshInterval=c),m}catch(n){k.logger.debug(`failed to read statusLine from ${e}: ${n}`);return}}writeStatusLineBlock(e,n){let o={};if((0,s.existsSync)(e))try{const r=JSON.parse((0,s.readFileSync)(e,"utf-8"));r!==null&&typeof r=="object"&&!Array.isArray(r)&&(o=r)}catch(r){k.logger.debug(`failed to read ${e} for statusLine write: ${r}`)}else(0,s.mkdirSync)((0,l.join)(e,".."),{recursive:!0});o.statusLine=n,(0,s.writeFileSync)(e,JSON.stringify(o,null,2))}removeStatusLineBlock(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8"));if(n===null||typeof n!="object"||Array.isArray(n))return;const o=n;delete o.statusLine,Object.keys(o).length===0?(0,s.unlinkSync)(e):(0,s.writeFileSync)(e,JSON.stringify(o,null,2))}catch(n){k.logger.debug(`failed to remove statusLine from ${e}: ${n}`)}}writeOTELEnv(e,n,o){let r={};if((0,s.existsSync)(e))try{const g=JSON.parse((0,s.readFileSync)(e,"utf-8"));g!==null&&typeof g=="object"&&!Array.isArray(g)&&(r=g)}catch(g){k.logger.debug(`failed to read ${e} for otel env write: ${g}`)}else(0,s.mkdirSync)((0,l.join)(e,".."),{recursive:!0});const i=r.env,c=i!==null&&typeof i=="object"&&!Array.isArray(i)?i:{},m=c.OTEL_EXPORTER_OTLP_ENDPOINT;if(typeof m=="string"&&m.length>0&&!A(c)){console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} ${a.pc.yellow("existing OTEL telemetry env detected \u2014 left untouched (session_context not wired for this project)")}`);return}const f=(0,u.getOTELPort)(o),d=ve((0,X.resolveProjectName)(n));c.CLAUDE_CODE_ENABLE_TELEMETRY="1",c.OTEL_LOGS_EXPORTER="otlp",c.OTEL_METRICS_EXPORTER="none",c.OTEL_EXPORTER_OTLP_PROTOCOL="http/json",c.OTEL_EXPORTER_OTLP_ENDPOINT=`http://127.0.0.1:${f}`,c.OTEL_LOG_RAW_API_BODIES="file:.ironbee/otel",c.OTEL_RESOURCE_ATTRIBUTES=`ironbee.project_name=${d}`,c.OTEL_LOGS_EXPORT_INTERVAL="5000",r.env=c,(0,s.writeFileSync)(e,JSON.stringify(r,null,2)),console.log(`  ${a.pc.dim("\u2192")} ${(0,a.orange)("[claude]")} otel env ${a.pc.dim("\u2192")} ${a.pc.dim(`${e} (127.0.0.1:${f})`)}`)}removeOTELEnv(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8"));if(n===null||typeof n!="object"||Array.isArray(n))return;const o=n,r=o.env;if(r===null||typeof r!="object"||Array.isArray(r))return;const i=r;if(!A(i))return;for(const c of ke)delete i[c];Object.keys(i).length===0&&delete o.env,(0,s.writeFileSync)(e,JSON.stringify(o,null,2))}catch(n){k.logger.debug(`failed to remove otel env from ${e}: ${n}`)}}maybeDeleteEmptySettings(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8"));pe(n)&&(0,s.unlinkSync)(e)}catch(n){k.logger.debug(`failed to inspect ${e} for emptiness: ${n}`)}}async runVerifyGate(e){await(0,N.run)(e)}async runClearVerdict(e){await(0,I.run)(e)}async runTrackAction(e){await(0,B.run)(e)}async runSessionStart(e){await(0,U.run)(e)}async runRequireVerdict(e,n){await(0,J.run)(e,n)}async runRequireVerification(e,n){await(0,V.run)(e,n)}async runActivityStart(e){await(0,j.run)(e)}async runActivityEnd(e){await(0,D.run)(e)}async runTrackActionMonitor(e){await(0,H.run)(e)}async runSessionEnd(e){await(0,F.run)(e)}async runTrackActionPre(e){}isIronBeeHook(e){return e.hooks.some(n=>n.command.includes(ae))}mergeHooksConfig(e,n){const o=n!=="monitor",r=n==="assist"?" --soft":"";let i={};if((0,s.existsSync)(e))try{i=JSON.parse((0,s.readFileSync)(e,"utf-8"))}catch(f){k.logger.debug(`failed to parse ${e}: ${f}`),i={}}i.hooks||(i.hooks={});for(const f of Object.keys(i.hooks)){const d=i.hooks[f].filter(g=>!this.isIronBeeHook(g));d.length===0?delete i.hooks[f]:i.hooks[f]=d}i.hooks.SessionStart||(i.hooks.SessionStart=[]),i.hooks.SessionStart.push({matcher:"",hooks:[{type:"command",command:"ironbee hook session-start --client claude"}]}),i.hooks.UserPromptSubmit||(i.hooks.UserPromptSubmit=[]),i.hooks.UserPromptSubmit.push({matcher:"",hooks:[{type:"command",command:"ironbee hook activity-start --client claude"}]}),o&&(i.hooks.PreToolUse||(i.hooks.PreToolUse=[]),i.hooks.PreToolUse.push({matcher:"mcp__browser-devtools__.*|mcp__node-devtools__.*|mcp__backend-devtools__.*|mcp__android-devtools__.*",hooks:[{type:"command",command:`ironbee hook require-verification --client claude${r}`}]}),i.hooks.PreToolUse.push({matcher:"Write|Edit",hooks:[{type:"command",command:`ironbee hook require-verdict --client claude${r}`}]}),i.hooks.PostToolUse||(i.hooks.PostToolUse=[]),i.hooks.PostToolUse.push({matcher:"Write|Edit",hooks:[{type:"command",command:"ironbee hook clear-verdict --client claude"}]})),i.hooks.PostToolUse||(i.hooks.PostToolUse=[]);const c=o?"ironbee hook track-action --client claude":"ironbee hook track-action-monitor --client claude";i.hooks.PostToolUse.push({matcher:"",hooks:[{type:"command",command:c}]}),i.hooks.PostToolUseFailure||(i.hooks.PostToolUseFailure=[]),i.hooks.PostToolUseFailure.push({matcher:"",hooks:[{type:"command",command:c}]}),i.hooks.Stop||(i.hooks.Stop=[]);const m=n==="enforce"?"ironbee hook verify-gate --client claude":"ironbee hook activity-end --client claude";i.hooks.Stop.push({matcher:"",hooks:[{type:"command",command:m}]}),i.hooks.SessionEnd||(i.hooks.SessionEnd=[]),i.hooks.SessionEnd.push({matcher:"",hooks:[{type:"command",command:"ironbee hook session-end --client claude"}]}),(0,s.writeFileSync)(e,JSON.stringify(i,null,2))}removeIronBeeHooks(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8"));if(!n.hooks)return;for(const o of Object.keys(n.hooks)){const r=n.hooks[o].filter(i=>!this.isIronBeeHook(i));r.length===0?delete n.hooks[o]:n.hooks[o]=r}(0,s.writeFileSync)(e,JSON.stringify(n,null,2))}catch(n){k.logger.debug(`failed to remove hooks from ${e}: ${n}`)}}removeMcpServer(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8"));let o=!1;n.mcpServers&&n.mcpServers[S]&&(delete n.mcpServers[S],o=!0),n.mcpServers&&n.mcpServers[h]&&(delete n.mcpServers[h],o=!0),n.mcpServers&&n.mcpServers[b]&&(delete n.mcpServers[b],o=!0),n.mcpServers&&n.mcpServers[E]&&(delete n.mcpServers[E],o=!0),L(n)?(0,s.unlinkSync)(e):o&&(0,s.writeFileSync)(e,JSON.stringify(n,null,2))}catch(n){k.logger.debug(`failed to remove MCP server from ${e}: ${n}`)}}removePermission(e){if((0,s.existsSync)(e))try{const n=JSON.parse((0,s.readFileSync)(e,"utf-8")),o=`mcp__${S}__*`,r=`mcp__${h}__*`,i=`mcp__${b}__*`,c=`mcp__${E}__*`,m="Bash(ironbee *)",f="Bash(ironbee analyze)";n.permissions?.allow&&(n.permissions.allow=n.permissions.allow.filter(d=>d!==o&&d!==r&&d!==i&&d!==c&&d!==m&&d!==f),(0,s.writeFileSync)(e,JSON.stringify(n,null,2)))}catch(n){k.logger.debug(`failed to remove permission from ${e}: ${n}`)}}removeFile(e){(0,s.existsSync)(e)&&(0,s.unlinkSync)(e)}writeMcpConfig(e,n){let o={mcpServers:{}};if((0,s.existsSync)(e))try{o=JSON.parse((0,s.readFileSync)(e,"utf-8")),o.mcpServers||(o.mcpServers={})}catch(r){k.logger.debug(`failed to parse ${e}: ${r}`),o={mcpServers:{}}}if(delete o.mcpServers[S],delete o.mcpServers[h],delete o.mcpServers[b],delete o.mcpServers[E],L(o)){try{(0,s.rmSync)(e,{force:!0})}catch(r){k.logger.debug(`failed to remove empty ${e}: ${r}`)}return}(0,s.writeFileSync)(e,JSON.stringify(o,null,2))}writePermissions(e,n,o){let r={};if((0,s.existsSync)(e))try{r=JSON.parse((0,s.readFileSync)(e,"utf-8"))}catch(p){k.logger.debug(`failed to parse ${e}: ${p}`),r={}}r.permissions||(r.permissions={allow:[],deny:[]}),r.permissions.allow||(r.permissions.allow=[]);const i=`mcp__${S}__*`,c=`mcp__${h}__*`,m=`mcp__${b}__*`,f=`mcp__${E}__*`,d="Bash(ironbee *)",g="Bash(ironbee analyze)";if(n){const p=(0,u.loadConfig)(o);r.permissions.allow=w(r.permissions.allow,(0,u.isCycleEnabled)(p,"browser"),i),r.permissions.allow=w(r.permissions.allow,(0,u.isCycleEnabled)(p,"node"),c),r.permissions.allow=w(r.permissions.allow,(0,u.isCycleEnabled)(p,"backend"),m),r.permissions.allow=w(r.permissions.allow,(0,u.isCycleEnabled)(p,"android"),f),r.permissions.allow=r.permissions.allow.filter(O=>O!==g),r.permissions.allow.includes(d)||r.permissions.allow.push(d)}else r.permissions.allow=r.permissions.allow.filter(p=>p!==i&&p!==c&&p!==m&&p!==f&&p!==d&&p!==g);(0,s.writeFileSync)(e,JSON.stringify(r,null,2))}}function Se(t){(0,s.mkdirSync)((0,l.join)(t,".ironbee"),{recursive:!0}),(0,M.ensureIronBeeGitignored)(t)}v(Se,"prepareIronBeeDir");0&&(module.exports={ClaudeClient,prepareIronBeeDir});

package/dist/clients/claude/platforms/skill.android.md

@@ -0,0 +1,65 @@
+<!-- Android mobile verification is ENABLED for this project. The Stop hook
+     enforces an android cycle whenever an edited file matches
+     `android.verifyPatterns`. -->
+
+## ⚠️ CRITICAL: when NOT to use android-devtools
+
+**`android-devtools` is ONLY for Android apps** (native Kotlin/Java + React Native / Expo with an Android target). Do **NOT** call `adt_*` tools for projects that do not have an Android target.
+
+**How to tell whether the project targets Android:**
+- `android/` directory at the project root (React Native, Expo)
+- `app/build.gradle` or `build.gradle.kts` with `com.android.application`
+- `AndroidManifest.xml` present under `android/` or `app/src/main/`
+
+If you see only `ios/`, `web/`, or no mobile directories — the project does NOT target Android. Do NOT call any `adt_*` tools.
+
+**Misconfiguration recovery.** If this cycle activated but the project isn't an Android project, the operator enabled the android cycle by mistake. The Stop hook will keep blocking with `incomplete_tools` until `maxRetries` is exhausted. Don't attempt a device connection. Stop and tell the user clearly: the project does not target Android; ask them to run `ironbee android disable` to unblock the gate.
+
+## Android flow
+
+> **Recording (only when `recording.enable` is on in config):** the gate blocks every other android tool until you first call `mcp__android-devtools__adt_content_start-recording`, and `submit-verdict` rejects with `"recording is still active"` unless you call `mcp__android-devtools__adt_content_stop-recording` after the steps below. **Treat start/stop as bookends around steps 1-3.** The recording ships to the collector as verification evidence.
+
+1. **Connect to a running device or emulator**: `mcp__android-devtools__adt_device_connect` (list available targets first with `mcp__android-devtools__adt_device_list-targets` if needed).
+   - For an emulator, the device is usually `emulator-5554`.
+   - For a physical device with USB debugging on, it will appear in the target list.
+2. **Ensure the app is running** on the target device: `mcp__android-devtools__adt_device_launch-app` with the package name.
+3. **Pick an evidence path** per changed code area:
+   - **Device-evidence path** (UI interaction confirms the change is live):
+     - Drive the app UI to exercise the changed code: `mcp__android-devtools__adt_interaction_tap`, `mcp__android-devtools__adt_interaction_input-text`, `mcp__android-devtools__adt_interaction_swipe`, `mcp__android-devtools__adt_interaction_scroll` as needed (use `mcp__android-devtools__adt_a11y_find-element` to locate elements).
+     - Take a screenshot: `mcp__android-devtools__adt_content_take-screenshot` — then STOP and visually analyze it (readability, layout, cut-off content, expected state rendered). The screenshot tells you what the user actually sees.
+     - Take a UI snapshot: `mcp__android-devtools__adt_a11y_take-ui-snapshot` — verify the view hierarchy / labels / structure match the change.
+     - Screenshot AND UI snapshot are BOTH MANDATORY on this path (the Stop hook checks each) — visual + structural evidence, like the browser cycle's screenshot + aria-snapshot pair.
+   - **Log-evidence path** (device logs confirm the changed code path executed):
+     - Read Logcat output for the tag(s) relevant to the changed code: `mcp__android-devtools__adt_o11y_log-read` or `mcp__android-devtools__adt_o11y_log-follow` (drain a follow with `mcp__android-devtools__adt_o11y_log-get-followed`, stop it with `mcp__android-devtools__adt_o11y_log-stop-follow`).
+     - Confirm expected log lines appear AND no unexpected crashes (FATAL / E/ entries for the app package).
+
+### Verdict fields
+The verdict is platform-agnostic — submit only semantic judgment:
+
+```json
+{
+  "session_id": "<sid>",
+  "status": "pass",
+  "checks": ["LoginActivity renders correctly after auth change", "no crash in Logcat"]
+}
+```
+
+On fail, include `issues`. On pass after a previous fail, include `fixes`.
+
+Android-cycle pass criteria:
+- **Device-evidence**: at least one UI interaction tool fired AND a screenshot was taken AND a UI snapshot was taken AND both show the expected UI state/structure.
+- **Log-evidence**: Logcat was read AND the expected log lines are present AND no crash (FATAL / unhandled exception) from the app's package.
+
+## Multi-cycle (browser + android simultaneously)
+
+When you edit both a web frontend file (browser-cycle) and an Android source file (android-cycle) in the same task, both cycles activate. **Single** `verification-start`, **single** `verdict.json`, **single** retry counter cover both. One platform-agnostic verdict regardless of how many cycles ran:
+
+```json
+{
+  "session_id": "<sid>",
+  "status": "pass",
+  "checks": ["web checkout form renders", "Android app shows order confirmation screen"]
+}
+```
+
+For a multi-cycle `pass`, ALL active cycles' pass criteria must hold.

package/dist/clients/codex/agents/ironbee-verifier.md

@@ -34,6 +34,12 @@ echo '{"status":"pass","checks":["..."]}' | ironbee hook submit-verdict
    ```
    echo '{}' | ironbee hook verification-start
    ```
+   **If the delegating prompt contains a `Mode: fix` line**, pass the intent
+   along so IronBee's completion gate enforces fix-until-pass on the main agent:
+   ```
+   echo '{}' | ironbee hook verification-start --intent fix
+   ```
+   (No declared mode → plain form as above, no flag.)
 2. Build and start the application **only if it isn't already running** (check
    `docker compose ps` / process output / config — don't guess ports). **Track whether YOU
    started it**: if it was already up, the user or main agent owns it — leave it alone.
@@ -43,7 +49,8 @@ echo '{"status":"pass","checks":["..."]}' | ironbee hook submit-verdict
 4. **Teardown — shut down ONLY what you started, every run.** If in step 2 YOU started the
    app / dev server *for this verification*, stop it now before you return. **Never stop a
    server that was already running** (user/main-agent-owned). Honor any cycle-specific
-   teardown (e.g. `bdt_content_stop-recording`) BEFORE submitting your verdict.
+   teardown noted in the platform sections (e.g. stopping an active screen recording)
+   BEFORE submitting your verdict.
 5. **Submit your verdict immediately** — do NOT wait:
    ```
    echo '<verdict-json>' | ironbee hook submit-verdict
@@ -65,3 +72,6 @@ echo '{"status":"pass","checks":["..."]}' | ironbee hook submit-verdict
 
 <!--IRONBEE:PLATFORM:backend-->
 <!--/IRONBEE:PLATFORM:backend-->
+
+<!--IRONBEE:PLATFORM:android-->
+<!--/IRONBEE:PLATFORM:android-->