@jait/gateway 0.1.0

package/dist/security/sandbox-manager.js

@@ -0,0 +1,110 @@
+import { spawn } from "node:child_process";
+import { mkdirSync } from "node:fs";
+import { resolve } from "node:path";
+export class SandboxManager {
+    runProcess;
+    constructor(runProcess = runDockerProcess) {
+        this.runProcess = runProcess;
+    }
+    async runCommand(options) {
+        const workspaceRoot = resolve(options.workspaceRoot);
+        const mountMode = options.mountMode ?? "read-write";
+        const containerName = `jait-sb-${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 8)}`;
+        const timeoutMs = Math.max(1000, options.timeoutMs);
+        const mountArgs = this.buildMountArgs(workspaceRoot, mountMode);
+        const networkArgs = options.networkEnabled === false ? ["--network", "none"] : [];
+        const memoryArgs = options.memoryLimitMb ? ["--memory", `${options.memoryLimitMb}m`] : [];
+        const cpuArgs = options.cpuLimit ? ["--cpus", options.cpuLimit] : [];
+        const cmd = [
+            "docker",
+            "run",
+            "--rm",
+            "--name",
+            containerName,
+            ...networkArgs,
+            ...memoryArgs,
+            ...cpuArgs,
+            ...mountArgs,
+            "-w",
+            "/workspace",
+            "jait/sandbox:latest",
+            "bash",
+            "-lc",
+            options.command,
+        ];
+        const result = await this.runProcess(cmd, timeoutMs);
+        return {
+            ok: !result.timedOut && result.exitCode === 0,
+            output: result.output,
+            exitCode: result.exitCode,
+            timedOut: result.timedOut,
+            containerName,
+        };
+    }
+    async startBrowserSandbox(options) {
+        const workspaceRoot = resolve(options.workspaceRoot);
+        const novncPort = options.novncPort ?? 6080;
+        const vncPort = options.vncPort ?? 5900;
+        const mountArgs = this.buildMountArgs(workspaceRoot, options.mountMode ?? "read-only");
+        const containerName = `jait-browser-sb-${Date.now().toString(36)}`;
+        const cmd = [
+            "docker",
+            "run",
+            "-d",
+            "--rm",
+            "--name",
+            containerName,
+            "--network",
+            "none",
+            ...mountArgs,
+            "-p",
+            `${novncPort}:6080`,
+            "-p",
+            `${vncPort}:5900`,
+            "jait/sandbox-browser:latest",
+        ];
+        const result = await this.runProcess(cmd, 30_000);
+        if (result.exitCode !== 0) {
+            throw new Error(`Failed to start sandbox browser: ${result.output}`);
+        }
+        return {
+            containerName,
+            novncUrl: `http://127.0.0.1:${novncPort}/vnc.html`,
+            vncPort,
+            novncPort,
+        };
+    }
+    buildMountArgs(workspaceRoot, mode) {
+        mkdirSync(workspaceRoot, { recursive: true });
+        if (mode === "none")
+            return [];
+        const readOnly = mode === "read-only" ? ":ro" : "";
+        return ["-v", `${workspaceRoot}:/workspace${readOnly}`];
+    }
+}
+async function runDockerProcess(cmd, timeoutMs) {
+    return new Promise((resolveResult) => {
+        const child = spawn(cmd[0], cmd.slice(1), { stdio: ["ignore", "pipe", "pipe"] });
+        let output = "";
+        let timedOut = false;
+        const timer = setTimeout(() => {
+            timedOut = true;
+            child.kill("SIGKILL");
+        }, timeoutMs);
+        child.stdout.on("data", (chunk) => {
+            output += chunk.toString();
+        });
+        child.stderr.on("data", (chunk) => {
+            output += chunk.toString();
+        });
+        child.on("error", (err) => {
+            clearTimeout(timer);
+            resolveResult({ output: `${output}\n${err.message}`.trim(), exitCode: null, timedOut });
+        });
+        child.on("close", (code) => {
+            clearTimeout(timer);
+            resolveResult({ output: output.trim() || "(no output)", exitCode: code, timedOut });
+        });
+    });
+}
+//# sourceMappingURL=sandbox-manager.js.map

package/dist/security/sandbox-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox-manager.js","sourceRoot":"","sources":["../../src/security/sandbox-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA0CpC,MAAM,OAAO,cAAc;IAEN;IADnB,YACmB,aAA2E,gBAAgB;QAA3F,eAAU,GAAV,UAAU,CAAiF;IAC3G,CAAC;IAEJ,KAAK,CAAC,UAAU,CAAC,OAA0B;QACzC,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,YAAY,CAAC;QACpD,MAAM,aAAa,GAAG,WAAW,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACrG,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QAEpD,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QAChE,MAAM,WAAW,GAAG,OAAO,CAAC,cAAc,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAClF,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE,GAAG,OAAO,CAAC,aAAa,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1F,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAErE,MAAM,GAAG,GAAG;YACV,QAAQ;YACR,KAAK;YACL,MAAM;YACN,QAAQ;YACR,aAAa;YACb,GAAG,WAAW;YACd,GAAG,UAAU;YACb,GAAG,OAAO;YACV,GAAG,SAAS;YACZ,IAAI;YACJ,YAAY;YACZ,qBAAqB;YACrB,MAAM;YACN,KAAK;YACL,OAAO,CAAC,OAAO;SAChB,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACrD,OAAO;YACL,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC;YAC7C,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,aAAa;SACd,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,OAA8B;QACtD,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC;QAC5C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC;QACxC,MAAM,SAAS,GAAG,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,OAAO,CAAC,SAAS,IAAI,WAAW,CAAC,CAAC;QAEvF,MAAM,aAAa,GAAG,mBAAmB,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;QACnE,MAAM,GAAG,GAAG;YACV,QAAQ;YACR,KAAK;YACL,IAAI;YACJ,MAAM;YACN,QAAQ;YACR,aAAa;YACb,WAAW;YACX,MAAM;YACN,GAAG,SAAS;YACZ,IAAI;YACJ,GAAG,SAAS,OAAO;YACnB,IAAI;YACJ,GAAG,OAAO,OAAO;YACjB,6BAA6B;SAC9B,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAClD,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,oCAAoC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QACvE,CAAC;QAED,OAAO;YACL,aAAa;YACb,QAAQ,EAAE,oBAAoB,SAAS,WAAW;YAClD,OAAO;YACP,SAAS;SACV,CAAC;IACJ,CAAC;IAEO,cAAc,CAAC,aAAqB,EAAE,IAAsB;QAClE,SAAS,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,IAAI,IAAI,KAAK,MAAM;YAAE,OAAO,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,IAAI,EAAE,GAAG,aAAa,cAAc,QAAQ,EAAE,CAAC,CAAC;IAC1D,CAAC;CACF;AAED,KAAK,UAAU,gBAAgB,CAAC,GAAa,EAAE,SAAiB;IAC9D,OAAO,IAAI,OAAO,CAAgB,CAAC,aAAa,EAAE,EAAE;QAClD,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAE,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAClF,IAAI,MAAM,GAAG,EAAE,CAAC;QAChB,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,QAAQ,GAAG,IAAI,CAAC;YAChB,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACxB,CAAC,EAAE,SAAS,CAAC,CAAC;QAEd,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;YAChC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC7B,CAAC,CAAC,CAAC;QACH,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;YAChC,MAAM,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACxB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,aAAa,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC1F,CAAC,CAAC,CAAC;QAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACzB,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,aAAa,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QACtF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/security/ssrf-guard.d.ts

@@ -0,0 +1,11 @@
+export interface SSRFGuardOptions {
+    allowPrivateHosts?: boolean;
+    allowedHosts?: string[];
+}
+export declare class SSRFGuard {
+    private readonly options;
+    constructor(options?: SSRFGuardOptions);
+    validate(rawUrl: string): URL;
+    private isPrivateHost;
+}
+//# sourceMappingURL=ssrf-guard.d.ts.map

package/dist/security/ssrf-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf-guard.d.ts","sourceRoot":"","sources":["../../src/security/ssrf-guard.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,qBAAa,SAAS;IACR,OAAO,CAAC,QAAQ,CAAC,OAAO;gBAAP,OAAO,GAAE,gBAAqB;IAE3D,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,GAAG;IA2B7B,OAAO,CAAC,aAAa;CAsBtB"}

package/dist/security/ssrf-guard.js

@@ -0,0 +1,59 @@
+import { isIP } from "node:net";
+export class SSRFGuard {
+    options;
+    constructor(options = {}) {
+        this.options = options;
+    }
+    validate(rawUrl) {
+        let parsed;
+        try {
+            parsed = new URL(rawUrl);
+        }
+        catch {
+            throw new Error(`Invalid URL: ${rawUrl}`);
+        }
+        if (!["http:", "https:"].includes(parsed.protocol)) {
+            throw new Error(`Blocked protocol: ${parsed.protocol}`);
+        }
+        const host = parsed.hostname.toLowerCase();
+        if (this.options.allowedHosts?.length) {
+            const allowed = this.options.allowedHosts.some((candidate) => candidate.toLowerCase() === host);
+            if (!allowed) {
+                throw new Error(`Host not allowlisted: ${host}`);
+            }
+        }
+        if (!this.options.allowPrivateHosts && this.isPrivateHost(host)) {
+            throw new Error(`Blocked private host: ${host}`);
+        }
+        return parsed;
+    }
+    isPrivateHost(host) {
+        if (host === "localhost" || host.endsWith(".localhost") || host === "0.0.0.0")
+            return true;
+        const ipVersion = isIP(host);
+        if (ipVersion === 4) {
+            const [a = 0, b = 0] = host.split(".").map((v) => Number(v));
+            if (a === 10)
+                return true;
+            if (a === 127)
+                return true;
+            if (a === 169 && b === 254)
+                return true;
+            if (a === 172 && b >= 16 && b <= 31)
+                return true;
+            if (a === 192 && b === 168)
+                return true;
+            return false;
+        }
+        if (ipVersion === 6) {
+            if (host === "::1")
+                return true;
+            if (host.startsWith("fc") || host.startsWith("fd"))
+                return true;
+            if (host.startsWith("fe80"))
+                return true;
+        }
+        return false;
+    }
+}
+//# sourceMappingURL=ssrf-guard.js.map

package/dist/security/ssrf-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssrf-guard.js","sourceRoot":"","sources":["../../src/security/ssrf-guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAOhC,MAAM,OAAO,SAAS;IACS;IAA7B,YAA6B,UAA4B,EAAE;QAA9B,YAAO,GAAP,OAAO,CAAuB;IAAG,CAAC;IAE/D,QAAQ,CAAC,MAAc;QACrB,IAAI,MAAW,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,gBAAgB,MAAM,EAAE,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,qBAAqB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC3C,IAAI,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,KAAK,IAAI,CAAC,CAAC;YAChG,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,aAAa,CAAC,IAAY;QAChC,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,IAAI,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;QAE3F,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7B,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;YACpB,MAAM,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7D,IAAI,CAAC,KAAK,EAAE;gBAAE,OAAO,IAAI,CAAC;YAC1B,IAAI,CAAC,KAAK,GAAG;gBAAE,OAAO,IAAI,CAAC;YAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;gBAAE,OAAO,IAAI,CAAC;YACxC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;gBAAE,OAAO,IAAI,CAAC;YACjD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;gBAAE,OAAO,IAAI,CAAC;YACxC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;YACpB,IAAI,IAAI,KAAK,KAAK;gBAAE,OAAO,IAAI,CAAC;YAChC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;gBAAE,OAAO,IAAI,CAAC;YAChE,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC3C,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}

package/dist/security/tool-permissions.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Tool Permission Model — Sprint 4.2
+ *
+ * Per-tool configuration: consent level, allowed/denied commands & paths.
+ * The consent level determines when user approval is required:
+ *
+ *   "none"      — always auto-execute (safe reads)
+ *   "once"      — ask once, then auto for the session
+ *   "always"    — always ask
+ *   "dangerous" — always ask + show risk warning
+ */
+export type ConsentLevel = "none" | "once" | "always" | "dangerous";
+export interface ToolPermission {
+    /** Tool name (e.g. "terminal.run") */
+    toolName: string;
+    /** Consent level for this tool */
+    consentLevel: ConsentLevel;
+    /** Risk assessment shown in consent UI */
+    risk: "low" | "medium" | "high";
+    /** Allowed shell commands (glob patterns). Empty = all allowed. */
+    allowedCommands?: string[];
+    /** Denied shell commands (glob patterns). Takes precedence over allowed. */
+    deniedCommands?: string[];
+    /** Allowed file paths (glob patterns). Empty = all within workspace. */
+    allowedPaths?: string[];
+    /** Denied file paths (glob patterns). Takes precedence over allowed. */
+    deniedPaths?: string[];
+    /** Human-readable description of what this tool does */
+    description?: string;
+}
+export interface ToolPermissionConfig {
+    permissions: Map<string, ToolPermission>;
+    /** Session-scoped set of tool names that have been approved via "once" */
+    sessionApprovals: Set<string>;
+}
+/**
+ * Check if a tool execution requires consent based on its permission config,
+ * the current trust level, and whether it's been session-approved.
+ */
+export declare function requiresConsent(permission: ToolPermission | undefined, trustLevel: number, sessionApprovals: Set<string>): boolean;
+/**
+ * Check if a command is allowed by the permission's allow/deny lists.
+ * Returns { allowed: boolean, reason?: string }.
+ */
+export declare function isCommandAllowed(command: string, permission: ToolPermission | undefined): {
+    allowed: boolean;
+    reason?: string;
+};
+/**
+ * Check if a file path is allowed by the permission's allow/deny lists.
+ */
+export declare function isPathAllowedByPermission(filePath: string, permission: ToolPermission | undefined): {
+    allowed: boolean;
+    reason?: string;
+};
+/**
+ * Simple glob matching: supports *, ?, and ** for path segments.
+ * Not a full glob implementation — covers the common cases.
+ */
+export declare function matchGlob(value: string, pattern: string): boolean;
+//# sourceMappingURL=tool-permissions.d.ts.map

package/dist/security/tool-permissions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-permissions.d.ts","sourceRoot":"","sources":["../../src/security/tool-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,MAAM,GAAG,QAAQ,GAAG,WAAW,CAAC;AAEpE,MAAM,WAAW,cAAc;IAC7B,sCAAsC;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,kCAAkC;IAClC,YAAY,EAAE,YAAY,CAAC;IAC3B,0CAA0C;IAC1C,IAAI,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,CAAC;IAChC,mEAAmE;IACnE,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,4EAA4E;IAC5E,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,wEAAwE;IACxE,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,wDAAwD;IACxD,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACzC,0EAA0E;IAC1E,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CAC/B;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,UAAU,EAAE,cAAc,GAAG,SAAS,EACtC,UAAU,EAAE,MAAM,EAClB,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,GAC5B,OAAO,CA6BT;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,cAAc,GAAG,SAAS,GACrC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAqBvC;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,cAAc,GAAG,SAAS,GACrC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAmBvC;AAID;;;GAGG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAWjE"}

package/dist/security/tool-permissions.js

@@ -0,0 +1,105 @@
+/**
+ * Tool Permission Model — Sprint 4.2
+ *
+ * Per-tool configuration: consent level, allowed/denied commands & paths.
+ * The consent level determines when user approval is required:
+ *
+ *   "none"      — always auto-execute (safe reads)
+ *   "once"      — ask once, then auto for the session
+ *   "always"    — always ask
+ *   "dangerous" — always ask + show risk warning
+ */
+/**
+ * Check if a tool execution requires consent based on its permission config,
+ * the current trust level, and whether it's been session-approved.
+ */
+export function requiresConsent(permission, trustLevel, sessionApprovals) {
+    if (!permission) {
+        // Unknown tools always require consent
+        return true;
+    }
+    switch (permission.consentLevel) {
+        case "none":
+            return false;
+        case "once":
+            // Already approved in this session?
+            if (sessionApprovals.has(permission.toolName))
+                return false;
+            // Trust level 2+ auto-approves "once" tools
+            if (trustLevel >= 2)
+                return false;
+            return true;
+        case "always":
+            // Trust level 3 (autopilot) can bypass "always"
+            if (trustLevel >= 3)
+                return false;
+            return true;
+        case "dangerous":
+            // Always requires consent, regardless of trust level
+            return true;
+        default:
+            return true;
+    }
+}
+/**
+ * Check if a command is allowed by the permission's allow/deny lists.
+ * Returns { allowed: boolean, reason?: string }.
+ */
+export function isCommandAllowed(command, permission) {
+    if (!permission)
+        return { allowed: true };
+    // Check denied commands first (takes precedence)
+    if (permission.deniedCommands?.length) {
+        for (const pattern of permission.deniedCommands) {
+            if (matchGlob(command, pattern)) {
+                return { allowed: false, reason: `Command matches denied pattern: ${pattern}` };
+            }
+        }
+    }
+    // If allowed commands are specified, command must match at least one
+    if (permission.allowedCommands?.length) {
+        const matches = permission.allowedCommands.some((p) => matchGlob(command, p));
+        if (!matches) {
+            return { allowed: false, reason: "Command not in allowed list" };
+        }
+    }
+    return { allowed: true };
+}
+/**
+ * Check if a file path is allowed by the permission's allow/deny lists.
+ */
+export function isPathAllowedByPermission(filePath, permission) {
+    if (!permission)
+        return { allowed: true };
+    if (permission.deniedPaths?.length) {
+        for (const pattern of permission.deniedPaths) {
+            if (matchGlob(filePath, pattern)) {
+                return { allowed: false, reason: `Path matches denied pattern: ${pattern}` };
+            }
+        }
+    }
+    if (permission.allowedPaths?.length) {
+        const matches = permission.allowedPaths.some((p) => matchGlob(filePath, p));
+        if (!matches) {
+            return { allowed: false, reason: "Path not in allowed list" };
+        }
+    }
+    return { allowed: true };
+}
+// ── Simple glob matcher ──────────────────────────────────────────────
+/**
+ * Simple glob matching: supports *, ?, and ** for path segments.
+ * Not a full glob implementation — covers the common cases.
+ */
+export function matchGlob(value, pattern) {
+    // Escape regex special chars except * and ?
+    const regexStr = pattern
+        .replace(/[.+^${}()|[\]\\]/g, "\\$&")
+        .replace(/\*\*/g, "<<GLOBSTAR>>")
+        .replace(/\*/g, "[^/]*")
+        .replace(/\?/g, ".")
+        .replace(/<<GLOBSTAR>>/g, ".*");
+    const regex = new RegExp(`^${regexStr}$`, "i");
+    return regex.test(value);
+}
+//# sourceMappingURL=tool-permissions.js.map

package/dist/security/tool-permissions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-permissions.js","sourceRoot":"","sources":["../../src/security/tool-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AA6BH;;;GAGG;AACH,MAAM,UAAU,eAAe,CAC7B,UAAsC,EACtC,UAAkB,EAClB,gBAA6B;IAE7B,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,uCAAuC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,QAAQ,UAAU,CAAC,YAAY,EAAE,CAAC;QAChC,KAAK,MAAM;YACT,OAAO,KAAK,CAAC;QAEf,KAAK,MAAM;YACT,oCAAoC;YACpC,IAAI,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC5D,4CAA4C;YAC5C,IAAI,UAAU,IAAI,CAAC;gBAAE,OAAO,KAAK,CAAC;YAClC,OAAO,IAAI,CAAC;QAEd,KAAK,QAAQ;YACX,gDAAgD;YAChD,IAAI,UAAU,IAAI,CAAC;gBAAE,OAAO,KAAK,CAAC;YAClC,OAAO,IAAI,CAAC;QAEd,KAAK,WAAW;YACd,qDAAqD;YACrD,OAAO,IAAI,CAAC;QAEd;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,OAAe,EACf,UAAsC;IAEtC,IAAI,CAAC,UAAU;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAE1C,iDAAiD;IACjD,IAAI,UAAU,CAAC,cAAc,EAAE,MAAM,EAAE,CAAC;QACtC,KAAK,MAAM,OAAO,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,CAAC;gBAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,mCAAmC,OAAO,EAAE,EAAE,CAAC;YAClF,CAAC;QACH,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,IAAI,UAAU,CAAC,eAAe,EAAE,MAAM,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,UAAU,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;QAC9E,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;QACnE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAgB,EAChB,UAAsC;IAEtC,IAAI,CAAC,UAAU;QAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAE1C,IAAI,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,CAAC;QACnC,KAAK,MAAM,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,CAAC;YAC7C,IAAI,SAAS,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;gBACjC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,OAAO,EAAE,EAAE,CAAC;YAC/E,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,YAAY,EAAE,MAAM,EAAE,CAAC;QACpC,MAAM,OAAO,GAAG,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5E,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;QAChE,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa,EAAE,OAAe;IACtD,4CAA4C;IAC5C,MAAM,QAAQ,GAAG,OAAO;SACrB,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC;SACpC,OAAO,CAAC,OAAO,EAAE,cAAc,CAAC;SAChC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC;SACvB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;IAElC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,QAAQ,GAAG,EAAE,GAAG,CAAC,CAAC;IAC/C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC"}

package/dist/security/tool-profiles.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Tool Profiles — Sprint 4.3
+ *
+ * Pre-configured permission sets for common use cases:
+ *   - minimal: read-only, no terminal, no installs
+ *   - coding:  read/write/patch files, run commands with consent
+ *   - full:    everything enabled, dangerous ops require consent
+ */
+import type { ToolPermission } from "./tool-permissions.js";
+export type ProfileName = "minimal" | "coding" | "full";
+/**
+ * Get a permission map for the given profile name.
+ */
+export declare function getProfile(name: ProfileName): Map<string, ToolPermission>;
+/**
+ * List all available profile names.
+ */
+export declare function listProfiles(): ProfileName[];
+/**
+ * Create a custom permission map by extending a base profile with overrides.
+ */
+export declare function extendProfile(baseName: ProfileName, overrides: ToolPermission[]): Map<string, ToolPermission>;
+//# sourceMappingURL=tool-profiles.d.ts.map

package/dist/security/tool-profiles.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-profiles.d.ts","sourceRoot":"","sources":["../../src/security/tool-profiles.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAgB,MAAM,uBAAuB,CAAC;AAE1E,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,QAAQ,GAAG,MAAM,CAAC;AAuFxD;;GAEG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,WAAW,GAAG,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAMzE;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,WAAW,EAAE,CAE5C;AAED;;GAEG;AACH,wBAAgB,aAAa,CAC3B,QAAQ,EAAE,WAAW,EACrB,SAAS,EAAE,cAAc,EAAE,GAC1B,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAM7B"}

package/dist/security/tool-profiles.js

@@ -0,0 +1,106 @@
+/**
+ * Tool Profiles — Sprint 4.3
+ *
+ * Pre-configured permission sets for common use cases:
+ *   - minimal: read-only, no terminal, no installs
+ *   - coding:  read/write/patch files, run commands with consent
+ *   - full:    everything enabled, dangerous ops require consent
+ */
+/** Build a permission entry shorthand */
+function perm(toolName, consentLevel, risk, extra = {}) {
+    return { toolName, consentLevel, risk, ...extra };
+}
+// ── Minimal Profile ──────────────────────────────────────────────────
+// Read-only. No terminal, no installs, no writes.
+const MINIMAL = [
+    perm("file.read", "none", "low"),
+    perm("file.list", "none", "low"),
+    perm("file.stat", "none", "low"),
+    perm("file.write", "dangerous", "high"),
+    perm("file.patch", "dangerous", "high"),
+    perm("terminal.run", "dangerous", "high"),
+    perm("terminal.stream", "dangerous", "high"),
+    perm("os.query", "once", "low"),
+    perm("os.install", "dangerous", "high"),
+    perm("surfaces.list", "none", "low"),
+    perm("surfaces.start", "always", "medium"),
+    perm("surfaces.stop", "always", "medium"),
+    perm("network.scan", "none", "low"),
+    perm("thread.control", "dangerous", "high"),
+    perm("gateway.redeploy", "always", "high"),
+];
+// ── Coding Profile ───────────────────────────────────────────────────
+// File read/write/patch auto, terminal requires consent.
+const CODING = [
+    perm("file.read", "none", "low"),
+    perm("file.list", "none", "low"),
+    perm("file.stat", "none", "low"),
+    perm("file.write", "once", "medium"),
+    perm("file.patch", "once", "medium"),
+    perm("terminal.run", "once", "medium", {
+        deniedCommands: ["rm -rf *", "del /s /q *", "format *", "mkfs*", "dd if=*"],
+    }),
+    perm("terminal.stream", "once", "medium"),
+    perm("os.query", "none", "low"),
+    perm("os.install", "always", "high"),
+    perm("surfaces.list", "none", "low"),
+    perm("surfaces.start", "once", "low"),
+    perm("surfaces.stop", "once", "low"),
+    perm("network.scan", "none", "low"),
+    perm("thread.control", "once", "high"),
+    perm("gateway.redeploy", "always", "high"),
+];
+// ── Full Profile ─────────────────────────────────────────────────────
+// Maximum capability. Dangerous ops still require consent.
+const FULL = [
+    perm("file.read", "none", "low"),
+    perm("file.list", "none", "low"),
+    perm("file.stat", "none", "low"),
+    perm("file.write", "none", "low"),
+    perm("file.patch", "none", "low"),
+    perm("terminal.run", "once", "medium", {
+        deniedCommands: ["rm -rf /", "format C:", "mkfs*", "dd if=/dev/zero*"],
+    }),
+    perm("terminal.stream", "once", "medium"),
+    perm("os.query", "none", "low"),
+    perm("os.install", "once", "high"),
+    perm("surfaces.list", "none", "low"),
+    perm("surfaces.start", "none", "low"),
+    perm("surfaces.stop", "none", "low"),
+    perm("network.scan", "none", "low"),
+    perm("thread.control", "once", "high"),
+    perm("gateway.redeploy", "always", "high"),
+];
+// ── Profile Map ──────────────────────────────────────────────────────
+const PROFILES = {
+    minimal: MINIMAL,
+    coding: CODING,
+    full: FULL,
+};
+/**
+ * Get a permission map for the given profile name.
+ */
+export function getProfile(name) {
+    const perms = PROFILES[name];
+    if (!perms) {
+        throw new Error(`Unknown profile: ${name}`);
+    }
+    return new Map(perms.map((p) => [p.toolName, p]));
+}
+/**
+ * List all available profile names.
+ */
+export function listProfiles() {
+    return Object.keys(PROFILES);
+}
+/**
+ * Create a custom permission map by extending a base profile with overrides.
+ */
+export function extendProfile(baseName, overrides) {
+    const base = getProfile(baseName);
+    for (const override of overrides) {
+        base.set(override.toolName, override);
+    }
+    return base;
+}
+//# sourceMappingURL=tool-profiles.js.map

package/dist/security/tool-profiles.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-profiles.js","sourceRoot":"","sources":["../../src/security/tool-profiles.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,yCAAyC;AACzC,SAAS,IAAI,CACX,QAAgB,EAChB,YAA0B,EAC1B,IAA4B,EAC5B,QAAiC,EAAE;IAEnC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,GAAG,KAAK,EAAE,CAAC;AACpD,CAAC;AAED,wEAAwE;AACxE,kDAAkD;AAElD,MAAM,OAAO,GAAqB;IAChC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC;IAChC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC;IAChC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC;IAChC,IAAI,CAAC,YAAY,EAAE,WAAW,EAAE,MAAM,CAAC;IACvC,IAAI,CAAC,YAAY,EAAE,WAAW,EAAE,MAAM,CAAC;IACvC,IAAI,CAAC,cAAc,EAAE,WAAW,EAAE,MAAM,CAAC;IACzC,IAAI,CAAC,iBAAiB,EAAE,WAAW,EAAE,MAAM,CAAC;IAC5C,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC;IAC/B,IAAI,CAAC,YAAY,EAAE,WAAW,EAAE,MAAM,CAAC;IACvC,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,KAAK,CAAC;IACpC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,CAAC;IAC1C,IAAI,CAAC,eAAe,EAAE,QAAQ,EAAE,QAAQ,CAAC;IACzC,IAAI,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,CAAC;IACnC,IAAI,CAAC,gBAAgB,EAAE,WAAW,EAAE,MAAM,CAAC;IAC3C,IAAI,CAAC,kBAAkB,EAAE,QAAQ,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,wEAAwE;AACxE,yDAAyD;AAEzD,MAAM,MAAM,GAAqB;IAC/B,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC;IAChC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC;IAChC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC;IAChC,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,QAAQ,CAAC;IACpC,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,QAAQ,CAAC;IACpC,IAAI,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;QACrC,cAAc,EAAE,CAAC,UAAU,EAAE,aAAa,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,CAAC;KAC5E,CAAC;IACF,IAAI,CAAC,iBAAiB,EAAE,MAAM,EAAE,QAAQ,CAAC;IACzC,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC;IAC/B,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,MAAM,CAAC;IACpC,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,KAAK,CAAC;IACpC,IAAI,CAAC,gBAAgB,EAAE,MAAM,EAAE,KAAK,CAAC;IACrC,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,KAAK,CAAC;IACpC,IAAI,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,CAAC;IACnC,IAAI,CAAC,gBAAgB,EAAE,MAAM,EAAE,MAAM,CAAC;IACtC,IAAI,CAAC,kBAAkB,EAAE,QAAQ,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,wEAAwE;AACxE,2DAA2D;AAE3D,MAAM,IAAI,GAAqB;IAC7B,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC;IAChC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC;IAChC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC;IAChC,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,KAAK,CAAC;IACjC,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,KAAK,CAAC;IACjC,IAAI,CAAC,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE;QACrC,cAAc,EAAE,CAAC,UAAU,EAAE,WAAW,EAAE,OAAO,EAAE,kBAAkB,CAAC;KACvE,CAAC;IACF,IAAI,CAAC,iBAAiB,EAAE,MAAM,EAAE,QAAQ,CAAC;IACzC,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,CAAC;IAC/B,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC;IAClC,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,KAAK,CAAC;IACpC,IAAI,CAAC,gBAAgB,EAAE,MAAM,EAAE,KAAK,CAAC;IACrC,IAAI,CAAC,eAAe,EAAE,MAAM,EAAE,KAAK,CAAC;IACpC,IAAI,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,CAAC;IACnC,IAAI,CAAC,gBAAgB,EAAE,MAAM,EAAE,MAAM,CAAC;IACtC,IAAI,CAAC,kBAAkB,EAAE,QAAQ,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,wEAAwE;AAExE,MAAM,QAAQ,GAA0C;IACtD,OAAO,EAAE,OAAO;IAChB,MAAM,EAAE,MAAM;IACd,IAAI,EAAE,IAAI;CACX,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,IAAiB;IAC1C,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAkB,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAC3B,QAAqB,EACrB,SAA2B;IAE3B,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAClC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACxC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/security/trust-engine.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Trust Level Engine — Sprint 4.4
+ *
+ * Tracks per-action-type trust progression Level 0→3:
+ *
+ *   Level 0 — Observer:   everything requires consent
+ *   Level 1 — Assisted:   low-risk ops auto-execute
+ *   Level 2 — Trusted:    "once" consent ops auto-execute after first approval
+ *   Level 3 — Autopilot:  "always" consent ops also auto-execute
+ *
+ * Trust increases after consecutive successful approved actions.
+ * Trust decreases (revert) when actions are rolled back or fail dangerously.
+ *
+ * Thresholds:
+ *   Level 0 → 1:  3 approved actions
+ *   Level 1 → 2:  10 approved actions (cumulative)
+ *   Level 2 → 3:  25 approved actions (cumulative)
+ *
+ * Any revert drops one level and resets the revert counter.
+ */
+import type { JaitDB } from "../db/connection.js";
+import type { TrustLevel } from "./contracts.js";
+export interface TrustState {
+    actionType: string;
+    approvedCount: number;
+    revertedCount: number;
+    currentLevel: TrustLevel;
+}
+export declare class TrustEngine {
+    private readonly db?;
+    private cache;
+    constructor(db?: JaitDB | undefined);
+    /**
+     * Get the current trust level for an action type.
+     */
+    getLevel(actionType: string): TrustLevel;
+    /**
+     * Get the full trust state for an action type.
+     */
+    getState(actionType: string): TrustState;
+    /**
+     * Record a successful approved action. May increase trust level.
+     * Returns the new trust state.
+     */
+    recordApproval(actionType: string): TrustState;
+    /**
+     * Record a revert / dangerous failure. Drops one level.
+     * Returns the new trust state.
+     */
+    recordRevert(actionType: string): TrustState;
+    /**
+     * Reset trust for an action type back to Level 0.
+     */
+    reset(actionType: string): TrustState;
+    /**
+     * Get all tracked trust states.
+     */
+    listAll(): TrustState[];
+    private persist;
+}
+//# sourceMappingURL=trust-engine.d.ts.map

package/dist/security/trust-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trust-engine.d.ts","sourceRoot":"","sources":["../../src/security/trust-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAGlD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAajD,MAAM,WAAW,UAAU;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,UAAU,CAAC;CAC1B;AAID,qBAAa,WAAW;IAGV,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;IAFhC,OAAO,CAAC,KAAK,CAAiC;gBAEjB,EAAE,CAAC,EAAE,MAAM,YAAA;IAExC;;OAEG;IACH,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU;IAIxC;;OAEG;IACH,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU;IAoCxC;;;OAGG;IACH,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU;IAc9C;;;OAGG;IACH,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU;IAa5C;;OAEG;IACH,KAAK,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU;IAYrC;;OAEG;IACH,OAAO,IAAI,UAAU,EAAE;IAcvB,OAAO,CAAC,OAAO;CAmChB"}