@letterblack/lbe-core 1.3.0

package/dist/cli/lbe.js

@@ -0,0 +1,4274 @@
+#!/usr/bin/env node
+
+// src/cli/main.js
+import fs29 from "fs";
+import path35 from "path";
+import { fileURLToPath as fileURLToPath3 } from "url";
+
+// src/cli/parseArgs.js
+function parseArgs(argv) {
+  if (argv.length === 0) {
+    return { command: "help", opts: {} };
+  }
+  const command = argv[0];
+  const opts = {};
+  for (let i = 1; i < argv.length; i++) {
+    if (argv[i].startsWith("--")) {
+      const key = argv[i].substring(2);
+      if (key.includes("=")) {
+        const [k, v] = key.split("=");
+        opts[k] = v;
+      } else {
+        const nextArg = argv[i + 1];
+        if (!nextArg || nextArg.startsWith("-")) {
+          opts[key] = true;
+        } else {
+          opts[key] = nextArg;
+          i++;
+        }
+      }
+    } else if (argv[i].startsWith("-")) {
+      const key = argv[i].substring(1);
+      const nextArg = argv[i + 1];
+      if (!nextArg || nextArg.startsWith("-")) {
+        opts[key] = true;
+      } else {
+        opts[key] = nextArg;
+        i++;
+      }
+    }
+  }
+  return { command, opts };
+}
+function printHelp(version = "unknown") {
+  console.log(`
+\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557
+\u2551          LetterBlack Sentinel \u2014 CLI Governance            \u2551
+\u2551     Local-first execution governance SDK  v${version.padEnd(12)}\u2551
+\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D
+
+USAGE:
+  lbe [command] [options]
+
+COMMANDS:
+  init      Initialize LetterBlack Sentinel environment
+  verify    Verify a proposal (validate, don't execute)
+  dryrun    Validate and simulate execution (no changes)
+  run       Validate and execute a proposal
+  policy-sign  Sign policy and write policy signature envelope
+  policy-add   Controller-only: add a rule to lbe.policy.json
+  observe   Set project-local policy to advisory mode
+  enforce   Set project-local policy to blocking mode
+  health    Run deployment/runtime health checks
+  integrity-check  Verify controller integrity manifest
+  integrity-generate  Generate controller integrity manifest
+  audit-verify  Verify audit log hash-chain integrity
+  status    Show central state summary for this workspace
+  logs      Print recent entries from central event log
+  open-state  Open the central state directory in the file manager
+  proof     Show latest proof result (--json for raw JSON, --public for redacted)
+  help      Show this help message
+
+OPTIONS:
+  --in              Input file (JSON proposal)
+  --config          Policy config file (default: ./.lbe/config/policy.default.json)
+  --policy          Alias for --config
+  --policy-sig      Policy signature file (default: ./.lbe/config/policy.sig.json)
+  --policy-state    Policy monotonic state file (default: ./data/policy.state.json)
+  --policy-unsigned-ok  Allow unsigned policy (dev-only; default: false)
+  --policy-key-id   Signer keyId for policy-sign (default: policy-signer-v1-2026Q1)
+  --secret-key-file Secret key for policy-sign (default: ./keys/secret.key)
+  --data-dir        Data directory for health checks (default: ./data)
+  --nonce-db        Nonce DB path for health checks
+  --rate-db         Rate-limit DB path for health checks
+  --keys-store      Trusted keys store (default: ./.lbe/config/keys.json)
+  --pub-key         Public key for verification (Ed25519 base64)
+  --pub-key-file    Legacy single-key file path (fallback mode)
+  --integrity-strict  Fail verify/dryrun/run if integrity check fails
+  --integrity-manifest Integrity manifest path (default: ./.lbe/config/integrity.manifest.json)
+  --manifest        Manifest path override for integrity-check
+  --out             Output path for integrity-generate
+  --audit           Audit log file (default: ./data/audit.log.jsonl)
+  --root            Project root for local policy commands (default: cwd)
+  --effect          Local rule effect: allow or deny
+  --type            Local rule type: path or command
+  --pattern         Local rule glob/pattern
+  --from            Required human-readable rule provenance
+  --json            JSON output (default: true)
+  --fail-fast       Stop at first audit integrity error (default: true)
+  --max             Max audit entries to process (optional)
+  --version         Show version
+  --help            Show this help message
+
+EXAMPLES:
+  lbe execute --input proposal.json
+  cat proposal.json | lbe execute
+  lbe policy-sign --config ./.lbe/config/policy.default.json --policy-sig ./.lbe/config/policy.sig.json
+  lbe integrity-generate --out ./.lbe/config/integrity.manifest.json
+  lbe integrity-check --integrity-strict --manifest ./.lbe/config/integrity.manifest.json
+  lbe audit-verify --audit ./data/audit.log.jsonl
+
+For more info, visit: https://github.com/Letterblack0306/LetterBlack-LBE-Core
+`);
+}
+
+// src/cli/commands/init.js
+import fs4 from "fs";
+import path4 from "path";
+import readline from "readline";
+
+// src/core/signature.js
+import nacl from "tweetnacl";
+import { canonicalize } from "json-canonicalize";
+function bytesFromBase64(b64) {
+  return Buffer.from(b64, "base64");
+}
+function toBase64(bytes) {
+  return Buffer.from(bytes).toString("base64");
+}
+function verifyEd25519({ payloadObj, sigB64, pubKeyB64 }) {
+  try {
+    const msg = Buffer.from(canonicalize(payloadObj), "utf8");
+    const sig = bytesFromBase64(sigB64);
+    const pub = bytesFromBase64(pubKeyB64);
+    const isValid = nacl.sign.detached.verify(
+      new Uint8Array(msg),
+      new Uint8Array(sig),
+      new Uint8Array(pub)
+    );
+    return {
+      valid: isValid,
+      message: isValid ? "Signature verified" : "Signature verification failed"
+    };
+  } catch (err) {
+    return {
+      valid: false,
+      message: `Signature verification error: ${err.message}`
+    };
+  }
+}
+function generateKeyPair() {
+  const keyPair = nacl.sign.keyPair();
+  return {
+    publicKey: toBase64(keyPair.publicKey),
+    secretKey: toBase64(keyPair.secretKey)
+  };
+}
+function signEd25519({ payloadObj, secretKeyB64 }) {
+  try {
+    const msg = Buffer.from(canonicalize(payloadObj), "utf8");
+    const secretKey = bytesFromBase64(secretKeyB64);
+    const sig = nacl.sign.detached(new Uint8Array(msg), new Uint8Array(secretKey));
+    return {
+      signature: toBase64(sig),
+      error: null
+    };
+  } catch (err) {
+    return {
+      signature: null,
+      error: `Signing failed: ${err.message}`
+    };
+  }
+}
+
+// src/core/policySignature.js
+import fs2 from "fs";
+import path2 from "path";
+
+// src/core/trustedKeys.js
+import fs from "fs";
+import path from "path";
+var KEY_ID_PATTERN = /^[A-Za-z0-9:_-]{3,128}$/;
+function isValidKeyId(keyId) {
+  return typeof keyId === "string" && KEY_ID_PATTERN.test(keyId) && keyId !== "default";
+}
+function loadKeysStore(keysStorePath) {
+  const resolvedPath = path.resolve(keysStorePath);
+  if (!fs.existsSync(resolvedPath)) {
+    return {
+      ok: false,
+      reason: "KEY_STORE_MISSING",
+      message: `Key store not found: ${resolvedPath}`,
+      store: null
+    };
+  }
+  try {
+    const content = fs.readFileSync(resolvedPath, "utf-8");
+    const parsed = JSON.parse(content);
+    if (!parsed || typeof parsed !== "object" || typeof parsed.trustedKeys !== "object") {
+      return {
+        ok: false,
+        reason: "KEY_STORE_INVALID",
+        message: `Invalid key store format: ${resolvedPath}`,
+        store: null
+      };
+    }
+    return {
+      ok: true,
+      reason: null,
+      message: "Key store loaded",
+      store: parsed
+    };
+  } catch (error) {
+    return {
+      ok: false,
+      reason: "KEY_STORE_INVALID_JSON",
+      message: `Unable to parse key store: ${error.message}`,
+      store: null
+    };
+  }
+}
+function resolveTrustedPublicKey({ keyStore, keyId, requesterId, now = /* @__PURE__ */ new Date() }) {
+  if (!keyStore || typeof keyStore !== "object") {
+    return {
+      ok: false,
+      reason: "KEY_STORE_UNAVAILABLE",
+      message: "Trusted key store is not available",
+      publicKey: null
+    };
+  }
+  if (!isValidKeyId(keyId)) {
+    return {
+      ok: false,
+      reason: "KEY_ID_INVALID",
+      message: `Invalid keyId '${keyId}'. Use versioned key IDs like 'agent:gpt-v1-2026Q1'`,
+      publicKey: null
+    };
+  }
+  const keyConfig = keyStore.trustedKeys?.[keyId];
+  if (!keyConfig) {
+    return {
+      ok: false,
+      reason: "KEY_NOT_TRUSTED",
+      message: `Key '${keyId}' is not in trusted key store`,
+      publicKey: null
+    };
+  }
+  if (keyConfig.deprecated) {
+    return {
+      ok: false,
+      reason: "KEY_DEPRECATED",
+      message: `Key '${keyId}' is deprecated`,
+      publicKey: null
+    };
+  }
+  if (keyConfig.requesterId && keyConfig.requesterId !== requesterId) {
+    return {
+      ok: false,
+      reason: "KEY_REQUESTER_MISMATCH",
+      message: `Key '${keyId}' is not authorized for requester '${requesterId}'`,
+      publicKey: null
+    };
+  }
+  const notBeforeRaw = keyConfig.notBefore || keyConfig.validFrom;
+  const expiresAtRaw = keyConfig.expiresAt || keyConfig.validUntil;
+  if (typeof notBeforeRaw !== "string" || typeof expiresAtRaw !== "string") {
+    return {
+      ok: false,
+      reason: "KEY_LIFECYCLE_INVALID",
+      message: `Key '${keyId}' must define lifecycle fields 'notBefore' and 'expiresAt'`,
+      publicKey: null
+    };
+  }
+  const notBefore = new Date(notBeforeRaw);
+  const expiresAt = new Date(expiresAtRaw);
+  if (Number.isNaN(notBefore.getTime()) || Number.isNaN(expiresAt.getTime())) {
+    return {
+      ok: false,
+      reason: "KEY_LIFECYCLE_INVALID",
+      message: `Key '${keyId}' has invalid lifecycle timestamp(s)`,
+      publicKey: null
+    };
+  }
+  if (notBefore >= expiresAt) {
+    return {
+      ok: false,
+      reason: "KEY_LIFECYCLE_INVALID",
+      message: `Key '${keyId}' has notBefore >= expiresAt`,
+      publicKey: null
+    };
+  }
+  if (now < notBefore) {
+    return {
+      ok: false,
+      reason: "KEY_NOT_YET_VALID",
+      message: `Key '${keyId}' not valid until ${notBeforeRaw}`,
+      publicKey: null
+    };
+  }
+  if (now > expiresAt) {
+    return {
+      ok: false,
+      reason: "KEY_EXPIRED",
+      message: `Key '${keyId}' expired on ${expiresAtRaw}`,
+      publicKey: null
+    };
+  }
+  if (!keyConfig.publicKey || typeof keyConfig.publicKey !== "string") {
+    return {
+      ok: false,
+      reason: "KEY_CONFIG_INVALID",
+      message: `Trusted key '${keyId}' is missing publicKey`,
+      publicKey: null
+    };
+  }
+  return {
+    ok: true,
+    reason: null,
+    message: "Trusted key resolved",
+    publicKey: keyConfig.publicKey
+  };
+}
+
+// src/core/policySignature.js
+function createPolicySignatureEnvelope({ policyObj, secretKeyB64, keyId }) {
+  const signResult = signEd25519({
+    payloadObj: policyObj,
+    secretKeyB64
+  });
+  if (signResult.error) {
+    return {
+      ok: false,
+      reason: "POLICY_SIGNATURE_CREATE_FAILED",
+      message: signResult.error,
+      envelope: null
+    };
+  }
+  return {
+    ok: true,
+    reason: null,
+    message: "Policy signature created",
+    envelope: {
+      alg: "ed25519",
+      keyId,
+      sig: signResult.signature,
+      createdAt: Math.floor(Date.now() / 1e3)
+    }
+  };
+}
+function verifyPolicySignature({
+  policyObj,
+  keyStore,
+  policySigPath = "./.lbe/config/policy.sig.json",
+  allowUnsigned = false
+}) {
+  const sigPathResolved = path2.resolve(policySigPath);
+  if (!fs2.existsSync(sigPathResolved)) {
+    if (allowUnsigned) {
+      return {
+        ok: true,
+        skipped: true,
+        reason: "POLICY_SIGNATURE_SKIPPED",
+        message: `Policy signature not found: ${sigPathResolved} (allowed by flag)`
+      };
+    }
+    return {
+      ok: false,
+      skipped: false,
+      reason: "POLICY_SIGNATURE_MISSING",
+      message: `Policy signature file not found: ${sigPathResolved}`
+    };
+  }
+  let envelope;
+  try {
+    envelope = JSON.parse(fs2.readFileSync(sigPathResolved, "utf-8"));
+  } catch (error) {
+    return {
+      ok: false,
+      skipped: false,
+      reason: "POLICY_SIGNATURE_INVALID",
+      message: `Unable to parse policy signature file: ${error.message}`
+    };
+  }
+  if (!envelope || envelope.alg !== "ed25519" || typeof envelope.keyId !== "string" || typeof envelope.sig !== "string") {
+    return {
+      ok: false,
+      skipped: false,
+      reason: "POLICY_SIGNATURE_INVALID",
+      message: "Policy signature envelope must include {alg, keyId, sig}"
+    };
+  }
+  if (!keyStore) {
+    return {
+      ok: false,
+      skipped: false,
+      reason: "POLICY_SIGNER_KEY_STORE_UNAVAILABLE",
+      message: "Trusted key store is required for policy signature verification"
+    };
+  }
+  const trustedKey = resolveTrustedPublicKey({
+    keyStore,
+    keyId: envelope.keyId,
+    requesterId: void 0
+  });
+  if (!trustedKey.ok) {
+    return {
+      ok: false,
+      skipped: false,
+      reason: "POLICY_SIGNER_NOT_TRUSTED",
+      message: trustedKey.message
+    };
+  }
+  const verification = verifyEd25519({
+    payloadObj: policyObj,
+    sigB64: envelope.sig,
+    pubKeyB64: trustedKey.publicKey
+  });
+  if (!verification.valid) {
+    return {
+      ok: false,
+      skipped: false,
+      reason: "POLICY_SIGNATURE_INVALID",
+      message: verification.message
+    };
+  }
+  return {
+    ok: true,
+    skipped: false,
+    reason: null,
+    message: "Policy signature verified",
+    keyId: envelope.keyId
+  };
+}
+
+// src/core/workspaceScanner.js
+import fs3 from "fs";
+import path3 from "path";
+var PROJECT_SIGNALS = [
+  // Code types — ordered by priority for primaryType resolution
+  { file: "package.json", type: "node" },
+  { file: "pyproject.toml", type: "python" },
+  { file: "requirements.txt", type: "python" },
+  { file: "go.mod", type: "go" },
+  { file: "Cargo.toml", type: "rust" },
+  { file: "pom.xml", type: "java" },
+  { file: "build.gradle", type: "java" },
+  { file: "build.gradle.kts", type: "java" },
+  // Infrastructure types — supplementary, not primary
+  { file: "Dockerfile", type: "docker" },
+  { file: "docker-compose.yml", type: "docker" },
+  { dir: ".github/workflows", type: "ci" },
+  { file: ".gitlab-ci.yml", type: "ci" },
+  { dir: ".circleci", type: "ci" },
+  { file: "Jenkinsfile", type: "ci" },
+  { file: ".travis.yml", type: "ci" }
+];
+var CODE_TYPES = ["node", "python", "go", "rust", "java"];
+var SURFACE_MAP = {
+  source: ["src", "lib", "app", "pages", "components", "core", "api", "server", "client", "pkg", "cmd"],
+  generated: ["dist", "build", ".next", "out", "coverage", "target", ".cache", "__pycache__", ".turbo"],
+  tests: ["test", "tests", "__tests__", "spec", "e2e"],
+  docs: ["docs", "doc", "documentation"]
+};
+var SECRET_GLOBS = [".env", ".env.*", "keys/**", "secrets/**", "*.key", "*.pem", "*.p12", "*.pfx", "*.crt"];
+var ALWAYS_DENY = ["node_modules/**", ".git/**"];
+var LOCKFILES_BY_TYPE = {
+  node: ["package-lock.json", "yarn.lock", "pnpm-lock.yaml"],
+  python: ["Pipfile.lock", "poetry.lock"],
+  go: ["go.sum"],
+  rust: ["Cargo.lock"],
+  java: ["gradle/wrapper/**"],
+  docker: [],
+  ci: [],
+  generic: []
+};
+var CONFIG_FILES_BY_TYPE = {
+  node: [
+    "package.json",
+    "tsconfig*.json",
+    "jest.config.*",
+    "vite.config.*",
+    "next.config.*",
+    "webpack.config.*",
+    ".eslintrc*",
+    ".eslint.config.*",
+    ".prettierrc*",
+    "babel.config.*"
+  ],
+  python: [
+    "pyproject.toml",
+    "setup.py",
+    "setup.cfg",
+    "tox.ini",
+    "pytest.ini",
+    "mypy.ini",
+    ".flake8",
+    ".pylintrc",
+    "Pipfile"
+  ],
+  go: ["go.mod", ".golangci.yml", ".golangci.yaml"],
+  rust: ["Cargo.toml", "rust-toolchain.toml", "clippy.toml", ".rustfmt.toml"],
+  java: [
+    "pom.xml",
+    "build.gradle",
+    "build.gradle.kts",
+    "gradle.properties",
+    "settings.gradle",
+    "settings.gradle.kts"
+  ],
+  docker: ["Dockerfile", "docker-compose.yml", ".dockerignore"],
+  ci: [".gitlab-ci.yml", "Jenkinsfile", ".travis.yml"],
+  generic: ["Makefile", "CMakeLists.txt", "meson.build"]
+};
+var CONFIG_FILES_UNIVERSAL = [".editorconfig", ".nvmrc", ".node-version", ".python-version"];
+var CONFIG_DIRS_UNIVERSAL = ["config", ".github", ".gitlab", ".circleci", ".vscode"];
+var CONFIG_LABEL = {
+  node: "dependency and build config",
+  python: "package and environment config",
+  go: "module definition",
+  rust: "crate manifest",
+  java: "build definition",
+  docker: "container config",
+  ci: "pipeline definition",
+  generic: "project config"
+};
+var LOCKFILE_LABEL = {
+  node: "package manager",
+  python: "dependency resolver",
+  go: "module checksums",
+  rust: "dependency resolver",
+  java: "Gradle wrapper"
+};
+var FALLBACK_MANIFESTS = [
+  "composer.json",
+  // PHP
+  "Gemfile",
+  // Ruby
+  "mix.exs",
+  // Elixir
+  "pubspec.yaml",
+  // Dart / Flutter
+  "Package.swift",
+  // Swift
+  "project.clj",
+  // Clojure
+  "build.sbt",
+  // Scala
+  "stack.yaml",
+  // Haskell
+  "deno.json",
+  "deno.jsonc",
+  // Deno
+  "Podfile"
+  // CocoaPods (iOS/macOS)
+];
+var FALLBACK_LOCKFILES = [
+  "composer.lock",
+  // PHP
+  "Gemfile.lock",
+  // Ruby
+  "mix.lock",
+  // Elixir
+  "pubspec.lock",
+  // Dart / Flutter
+  "Package.resolved"
+  // Swift
+];
+var FALLBACK_EXTENSIONS = [".csproj", ".fsproj", ".sln", ".cabal"];
+function exists(p) {
+  return fs3.existsSync(p);
+}
+function detectDirs(root, names) {
+  return names.filter((n) => exists(path3.join(root, n))).map((n) => `${n}/**`);
+}
+function readGitignore(root) {
+  const p = path3.join(root, ".gitignore");
+  if (!exists(p)) return [];
+  return fs3.readFileSync(p, "utf8").split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#") && !l.startsWith("!")).map((l) => l.endsWith("/") ? l + "**" : l);
+}
+function dedup(arr) {
+  return arr.filter((v, i, a) => v && a.indexOf(v) === i);
+}
+function detectProjectTypes(root) {
+  const seen = /* @__PURE__ */ new Set();
+  const types = [];
+  for (const sig of PROJECT_SIGNALS) {
+    if (seen.has(sig.type)) continue;
+    const p = path3.join(root, sig.file || sig.dir);
+    if (exists(p)) {
+      seen.add(sig.type);
+      types.push(sig.type);
+    }
+  }
+  return types.length > 0 ? types : ["generic"];
+}
+function primaryType(projectTypes) {
+  return CODE_TYPES.find((t) => projectTypes.includes(t)) ?? "generic";
+}
+function scanFallbackManifests(root) {
+  const manifests = FALLBACK_MANIFESTS.filter((f) => exists(path3.join(root, f)));
+  const lockfiles = FALLBACK_LOCKFILES.filter((f) => exists(path3.join(root, f)));
+  try {
+    const entries = fs3.readdirSync(root);
+    for (const e of entries) {
+      if (FALLBACK_EXTENSIONS.some((ext) => e.endsWith(ext))) manifests.push(e);
+    }
+  } catch {
+  }
+  return { manifests, lockfiles };
+}
+function detectSurfaces(root, projectTypes) {
+  const s = {};
+  for (const [key, names] of Object.entries(SURFACE_MAP)) {
+    s[key] = detectDirs(root, names);
+  }
+  s.secrets = SECRET_GLOBS.filter((g) => {
+    const base = g.split("/")[0].replace(/\*.*/, "");
+    return base.includes("*") || exists(path3.join(root, base));
+  });
+  const typeConfigFiles = dedup(
+    projectTypes.flatMap((t) => CONFIG_FILES_BY_TYPE[t] || CONFIG_FILES_BY_TYPE.generic).concat(CONFIG_FILES_UNIVERSAL)
+  );
+  s.config = dedup([
+    ...typeConfigFiles.filter((f) => !f.includes("*") && !f.endsWith("/**") && exists(path3.join(root, f))),
+    ...typeConfigFiles.filter((f) => f.endsWith("/**") && exists(path3.join(root, f.replace("/**", "")))),
+    ...detectDirs(root, CONFIG_DIRS_UNIVERSAL)
+  ]);
+  s.lockfiles = dedup(
+    projectTypes.flatMap((t) => LOCKFILES_BY_TYPE[t] || []).filter((f) => {
+      const base = f.replace(/\*.*/, "").split("/")[0];
+      return base.includes("*") || exists(path3.join(root, base));
+    })
+  );
+  if (!projectTypes.some((t) => CODE_TYPES.includes(t))) {
+    const fb = scanFallbackManifests(root);
+    s.config = dedup([...s.config, ...fb.manifests]);
+    s.lockfiles = dedup([...s.lockfiles, ...fb.lockfiles]);
+  }
+  return s;
+}
+function buildSemantics(projectTypes, primary, surfaces) {
+  const sem = {};
+  sem.structure = "Preserve the existing folder structure. Add new files within established directories. Do not create top-level directories, reorganize, or rename existing folders.";
+  if (surfaces.source.length > 0) {
+    sem.source = `Source code lives in ${surfaces.source.join(", ")}. Make feature changes and bug fixes here only.`;
+  }
+  sem.secrets = `Never propose changes to credential or key files (${SECRET_GLOBS.slice(0, 4).join(", ")} \u2026). These are never task targets regardless of the instruction.`;
+  if (surfaces.generated.length > 0) {
+    sem.generated = `${surfaces.generated.join(", ")} contain generated output. Modify the source files that produce them; never write to generated directories directly.`;
+  }
+  if (surfaces.config.length > 0) {
+    const codeTypes = projectTypes.filter((t) => CODE_TYPES.includes(t));
+    const label = codeTypes.length === 1 ? CONFIG_LABEL[codeTypes[0]] : "project configuration";
+    const listed = surfaces.config.slice(0, 5).join(", ");
+    const trailer = surfaces.config.length > 5 ? " and related files" : "";
+    sem.config = `Treat ${listed}${trailer} as ${label} files. Do not modify them unless the task explicitly requires a configuration or dependency change.`;
+  }
+  if (surfaces.tests.length > 0) {
+    sem.tests = `Test files in ${surfaces.tests.join(", ")} validate behavior. Update them only when the behavior they cover changes.`;
+  }
+  if (surfaces.lockfiles?.length > 0) {
+    const label = LOCKFILE_LABEL[primary] || "tooling";
+    const listed = surfaces.lockfiles.slice(0, 3).join(", ");
+    sem.lockfiles = `${listed} are generated by the ${label}. Never edit them directly.`;
+  }
+  if (primary === "generic") {
+    const foundManifests = surfaces.config.filter((f) => !f.endsWith("/**"));
+    if (foundManifests.length > 0) {
+      sem.unknown = `This project uses an unrecognized toolchain. Treat ${foundManifests.slice(0, 3).join(", ")} as dependency/manifest files. Do not modify them unless the task explicitly requires a dependency change.`;
+    } else {
+      sem.unknown = "This project uses an unrecognized toolchain. Do not assume standard source layouts, dependency files, or build conventions apply. Confirm any structural assumption before acting.";
+    }
+  }
+  if (projectTypes.includes("docker")) {
+    sem.docker = "Dockerfile and docker-compose.yml define the container environment. Treat them as infrastructure config \u2014 only modify when the task explicitly involves container or environment changes.";
+  }
+  if (projectTypes.includes("ci")) {
+    sem.ci = "CI config files (.github/**, .gitlab-ci.yml, etc.) define the build and deployment pipeline. Do not modify them unless the task explicitly involves CI/CD changes.";
+  }
+  return sem;
+}
+function buildEnforcement(surfaces, gitignorePatterns) {
+  const allow = dedup([...surfaces.source, ...surfaces.docs, ...surfaces.tests]);
+  const approval = [...surfaces.config];
+  const deny = dedup([
+    ...surfaces.secrets,
+    ...surfaces.generated,
+    ...surfaces.lockfiles || [],
+    ...ALWAYS_DENY,
+    ...gitignorePatterns.filter((p) => p.endsWith("/**")).slice(0, 8)
+  ]);
+  return {
+    allow: allow.length > 0 ? allow : ["src/**"],
+    approval: approval.length > 0 ? approval : [],
+    deny
+  };
+}
+function scanWorkspace(rootDir) {
+  const root = path3.resolve(rootDir || process.cwd());
+  const projectTypes = detectProjectTypes(root);
+  const primary = primaryType(projectTypes);
+  const surfaces = detectSurfaces(root, projectTypes);
+  const gitignore = readGitignore(root);
+  const semantics = buildSemantics(projectTypes, primary, surfaces);
+  const enforcement = buildEnforcement(surfaces, gitignore);
+  return { projectTypes, primaryType: primary, surfaces, semantics, enforcement };
+}
+function formatSummary(projectTypes, semantics, enforcement) {
+  const lines = [];
+  const label = Array.isArray(projectTypes) ? projectTypes.join(" + ") : projectTypes;
+  lines.push(`Detected: ${label}`);
+  lines.push("");
+  lines.push("Agent semantics:");
+  for (const [, v] of Object.entries(semantics)) {
+    lines.push(`  - ${v}`);
+  }
+  lines.push("");
+  lines.push("Enforcement:");
+  if (enforcement.allow.length) lines.push(`  allow:    ${enforcement.allow.join(", ")}`);
+  if (enforcement.approval.length) lines.push(`  approval: ${enforcement.approval.join(", ")}`);
+  if (enforcement.deny.length) lines.push(`  deny:     ${enforcement.deny.slice(0, 6).join(", ")}${enforcement.deny.length > 6 ? " \u2026" : ""}`);
+  return lines.join("\n");
+}
+
+// src/cli/commands/init.js
+function ask(question) {
+  if (!process.stdin.isTTY) return Promise.resolve("y");
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    rl.question(question, (ans) => {
+      rl.close();
+      resolve(ans.trim().toLowerCase());
+    });
+  });
+}
+function applyStrict(enforcement) {
+  return {
+    ...enforcement,
+    deny: [.../* @__PURE__ */ new Set([...enforcement.deny, ...enforcement.approval, "*.json", "config/**"])],
+    approval: []
+  };
+}
+function applyRelaxed(enforcement) {
+  return { ...enforcement, approval: [] };
+}
+function setupCrypto(cwd) {
+  const nowIso = (/* @__PURE__ */ new Date()).toISOString();
+  const expiresAt = new Date(Date.now() + 180 * 24 * 60 * 60 * 1e3).toISOString();
+  const defaultKeyId = "agent:gpt-v1-2026Q1";
+  const signerKeyId = "policy-signer-v1-2026Q1";
+  const lbeDir = path4.join(cwd, ".lbe");
+  for (const d of ["config", "keys", "data"]) {
+    fs4.mkdirSync(path4.join(lbeDir, d), { recursive: true });
+  }
+  const dataFiles = {
+    ".lbe/data/nonce.db.json": JSON.stringify({ entries: [] }, null, 2),
+    ".lbe/data/rate-limit.db.json": JSON.stringify({ entries: [] }, null, 2),
+    ".lbe/data/policy.state.json": JSON.stringify({ schemaVersion: "1", lastAccepted: null, updatedAt: null }, null, 2),
+    ".lbe/data/audit.log.jsonl": ""
+  };
+  for (const [rel, content] of Object.entries(dataFiles)) {
+    const p = path4.join(cwd, rel);
+    if (!fs4.existsSync(p)) fs4.writeFileSync(p, content);
+  }
+  const keyDir = path4.join(lbeDir, "keys");
+  const pubPath = path4.join(keyDir, "public.key");
+  const secPath = path4.join(keyDir, "secret.key");
+  let publicKeyB64, secretKeyB64;
+  if (fs4.existsSync(pubPath) && fs4.existsSync(secPath)) {
+    publicKeyB64 = fs4.readFileSync(pubPath, "utf8").trim();
+    secretKeyB64 = fs4.readFileSync(secPath, "utf8").trim();
+  } else {
+    const kp = generateKeyPair();
+    publicKeyB64 = kp.publicKey;
+    secretKeyB64 = kp.secretKey;
+    fs4.writeFileSync(pubPath, publicKeyB64);
+    fs4.writeFileSync(secPath, secretKeyB64, { mode: 384 });
+  }
+  const keysPath = path4.join(lbeDir, "config/keys.json");
+  const keysStore = fs4.existsSync(keysPath) ? JSON.parse(fs4.readFileSync(keysPath, "utf8")) : { schemaVersion: "1", defaultKeyId, trustedKeys: {} };
+  for (const keyId of [defaultKeyId, signerKeyId]) {
+    if (!keysStore.trustedKeys[keyId]) {
+      keysStore.trustedKeys[keyId] = {
+        publicKey: publicKeyB64,
+        notBefore: nowIso,
+        expiresAt,
+        validFrom: nowIso,
+        validUntil: expiresAt,
+        deprecated: false
+      };
+    }
+  }
+  keysStore.defaultKeyId = defaultKeyId;
+  fs4.writeFileSync(keysPath, JSON.stringify(keysStore, null, 2));
+  const policyPath = path4.join(lbeDir, "config/policy.default.json");
+  let policyObj;
+  if (fs4.existsSync(policyPath)) {
+    policyObj = JSON.parse(fs4.readFileSync(policyPath, "utf8"));
+  } else {
+    policyObj = {
+      default: "DENY",
+      version: "1.0.0",
+      createdAt: nowIso,
+      security: {
+        maxClockSkewSec: 600,
+        maxPolicyCreatedAtSkewSec: 31536e3,
+        defaultRateLimit: { windowSec: 60, maxRequests: 30 }
+      },
+      requesters: {
+        "agent:gpt": {
+          allowAdapters: ["noop", "shell"],
+          allowCommands: ["RUN_SHELL"],
+          rateLimit: { windowSec: 60, maxRequests: 30 },
+          filesystem: { roots: [cwd], denyPatterns: ["**/.git/**", "**/secrets/**", "**/*.key"] },
+          exec: { allowCmds: ["ls", "node", "python", "echo"], denyCmds: ["rm", "chmod", "chown", "curl", "wget", "su", "sudo"] }
+        }
+      }
+    };
+    fs4.writeFileSync(policyPath, JSON.stringify(policyObj, null, 2));
+  }
+  const sigResult = createPolicySignatureEnvelope({ policyObj, secretKeyB64, keyId: signerKeyId });
+  if (sigResult.ok) {
+    fs4.writeFileSync(path4.join(lbeDir, "config/policy.sig.json"), JSON.stringify(sigResult.envelope, null, 2));
+  }
+  return { defaultKeyId, secretKeyB64, publicKeyB64 };
+}
+function agentContractContent() {
+  return `# LBE Governance Contract
+
+This project has LetterBlack LBE (Local-first execution Governance) active.
+
+## Your role as an agent
+
+Every file write, delete, and shell command must go through the LBE executor.
+The executor validates each action against the project policy and audits it.
+
+## How to perform actions
+
+\`\`\`js
+import { createLocalExecutor } from '@letterblack/lbe-exec';
+const lbe = createLocalExecutor({ rootDir: process.cwd() });
+
+await lbe.writeFile('output/report.md', content);
+await lbe.readFile('src/config.json');
+await lbe.patchFile('src/index.js', patch);
+await lbe.deleteFile('tmp/scratch.txt');
+await lbe.runShell('node', ['scripts/build.js']);
+\`\`\`
+
+## What you must never do
+
+- Call fs.* or child_process.* directly
+- Modify \`.lbe/policy.json\` directly \u2014 propose a rule via \`lbe.policy.proposeRule()\`
+- Attempt to bypass or disable the executor
+
+## Proposing a policy rule
+
+\`\`\`js
+const proposal = lbe.policy.proposeRule({
+  effect: 'deny', type: 'path', pattern: 'secrets/**',
+  from: 'agent: these files should never be modified'
+});
+// Return proposal to the user \u2014 never call lbe.policy.addRule() yourself.
+\`\`\`
+
+## Result shape
+
+\`{ ok: boolean, decision: 'allow' | 'deny' | 'observe', executed: boolean }\`
+
+## Files
+
+- Policy: \`.lbe/policy.json\`
+- Audit:  \`.lbe/audit.jsonl\`
+- Status: \`npx lbe-exec status\`
+`;
+}
+function writeAgentContract(cwd) {
+  const lbeDir = path4.join(cwd, ".lbe");
+  fs4.mkdirSync(lbeDir, { recursive: true });
+  fs4.writeFileSync(path4.join(lbeDir, "AGENT_CONTRACT.md"), agentContractContent());
+}
+function migrateLegacyRootFiles(cwd) {
+  const lbeDir = path4.join(cwd, ".lbe");
+  fs4.mkdirSync(lbeDir, { recursive: true });
+  const migrations = [
+    ["lbe.policy.json", ".lbe/policy.json"],
+    ["lbe.workspace.json", ".lbe/workspace.json"]
+  ];
+  const removed = [];
+  for (const [src, dest] of migrations) {
+    const srcPath = path4.join(cwd, src);
+    const destPath = path4.join(cwd, dest);
+    if (fs4.existsSync(srcPath) && !fs4.existsSync(destPath)) {
+      fs4.renameSync(srcPath, destPath);
+      removed.push(src + " \u2192 " + dest);
+    } else if (fs4.existsSync(srcPath)) {
+      fs4.unlinkSync(srcPath);
+      removed.push(src + " (removed \u2014 .lbe/ version exists)");
+    }
+  }
+  const toDelete = ["CLAUDE.md", path4.join(".github", "copilot-instructions.md")];
+  for (const rel of toDelete) {
+    const p = path4.join(cwd, rel);
+    if (fs4.existsSync(p)) {
+      const content = fs4.readFileSync(p, "utf8");
+      if (content.includes("lbe-governance") || content.includes("LetterBlack LBE")) {
+        fs4.unlinkSync(p);
+        removed.push(rel + " (removed \u2014 LBE-generated file)");
+      }
+    }
+  }
+  return removed;
+}
+async function initCommand(opts = {}) {
+  const cwd = process.cwd();
+  const yes = opts.yes || opts.y || !process.stdin.isTTY;
+  const lbeDir = path4.join(cwd, ".lbe");
+  fs4.mkdirSync(lbeDir, { recursive: true });
+  const outPath = path4.join(lbeDir, "workspace.json");
+  console.log("\nScanning workspace...\n");
+  const { projectTypes, primaryType: primaryType2, semantics, enforcement } = scanWorkspace(cwd);
+  console.log(formatSummary(projectTypes, semantics, enforcement));
+  console.log("");
+  let finalEnforcement = enforcement;
+  if (!yes) {
+    const answer = await ask("Accept? [Y = accept / s = strict / r = relaxed / n = cancel] ");
+    if (answer === "n") {
+      console.log("Cancelled.");
+      return { success: false };
+    }
+    if (answer === "s") finalEnforcement = applyStrict(enforcement);
+    if (answer === "r") finalEnforcement = applyRelaxed(enforcement);
+  }
+  const contract = {
+    lbe: true,
+    version: "0.4.0",
+    state: "local",
+    projectTypes,
+    primaryType: primaryType2,
+    semantics,
+    enforcement: finalEnforcement
+  };
+  fs4.writeFileSync(outPath, JSON.stringify(contract, null, 2));
+  console.log("\u2713 Wrote .lbe/workspace.json");
+  setupCrypto(cwd);
+  const localPolicyPath = path4.join(lbeDir, "policy.json");
+  if (!fs4.existsSync(localPolicyPath)) {
+    fs4.writeFileSync(localPolicyPath, JSON.stringify({ version: 1, mode: "observe", workspace: cwd, rules: [] }, null, 2) + "\n");
+  }
+  const localAuditPath = path4.join(lbeDir, "audit.jsonl");
+  if (!fs4.existsSync(localAuditPath)) fs4.writeFileSync(localAuditPath, "");
+  console.log("\u2713 Keys and policy ready  (.lbe/)");
+  writeAgentContract(cwd);
+  console.log("\u2713 Agent contract written  \u2192  .lbe/AGENT_CONTRACT.md");
+  const migrated = migrateLegacyRootFiles(cwd);
+  if (migrated.length) {
+    console.log("\n\u2713 Migrated legacy files:");
+    for (const m of migrated) console.log("  " + m);
+  }
+  console.log("\nDone. All LBE state is in .lbe/");
+  console.log("Run  npx lbe-exec status  to verify.\n");
+  return { success: true, contract };
+}
+
+// src/cli/commands/verify.js
+import fs9 from "fs";
+import path10 from "path";
+
+// src/core/policyVersionGuard.js
+import fs6 from "fs";
+import path6 from "path";
+
+// src/core/atomicWrite.js
+import fs5 from "fs";
+import path5 from "path";
+import crypto from "crypto";
+var DEFAULT_LOCK_OPTS = {
+  timeoutMs: 5e3,
+  // total wait before giving up
+  pollMs: 15,
+  // base poll interval (jittered)
+  staleMs: 3e4
+  // lock files older than this are presumed orphaned
+};
+function _lockPathFor(targetPath) {
+  return targetPath + ".lock";
+}
+function _tryAcquire(lockPath) {
+  try {
+    const fd = fs5.openSync(lockPath, "wx");
+    fs5.writeSync(fd, `pid:${process.pid}:${Date.now()}`);
+    fs5.closeSync(fd);
+    return true;
+  } catch (err) {
+    if (err.code === "EEXIST" || err.code === "EPERM" || err.code === "EBUSY" || err.code === "EACCES") {
+      return false;
+    }
+    throw err;
+  }
+}
+function _removeIfStale(lockPath, staleMs) {
+  try {
+    const stat = fs5.statSync(lockPath);
+    const ageMs = Date.now() - stat.mtimeMs;
+    if (ageMs > staleMs) {
+      try {
+        fs5.unlinkSync(lockPath);
+      } catch {
+      }
+    }
+  } catch {
+  }
+}
+function _sleepSync(ms) {
+  const end = Date.now() + ms;
+  while (Date.now() < end) {
+    try {
+      Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, Math.max(1, end - Date.now()));
+    } catch {
+    }
+  }
+}
+function withFileLock(targetPath, optsOrFn, maybeFn) {
+  const fn = typeof optsOrFn === "function" ? optsOrFn : maybeFn;
+  const opts = typeof optsOrFn === "function" ? {} : optsOrFn || {};
+  const { timeoutMs, pollMs, staleMs } = { ...DEFAULT_LOCK_OPTS, ...opts };
+  const dir = path5.dirname(targetPath);
+  if (!fs5.existsSync(dir)) {
+    fs5.mkdirSync(dir, { recursive: true });
+  }
+  const lockPath = _lockPathFor(targetPath);
+  const deadline = Date.now() + timeoutMs;
+  let acquired = false;
+  while (!acquired) {
+    acquired = _tryAcquire(lockPath);
+    if (acquired) break;
+    if (Date.now() >= deadline) {
+      _removeIfStale(lockPath, staleMs);
+      acquired = _tryAcquire(lockPath);
+      if (acquired) break;
+      const err = new Error(`withFileLock: timeout acquiring ${lockPath} after ${timeoutMs}ms`);
+      err.code = "ELOCKTIMEOUT";
+      throw err;
+    }
+    _removeIfStale(lockPath, staleMs);
+    const jitter = Math.floor(Math.random() * pollMs);
+    _sleepSync(pollMs + jitter);
+  }
+  try {
+    return fn();
+  } finally {
+    try {
+      fs5.unlinkSync(lockPath);
+    } catch {
+    }
+  }
+}
+function atomicWriteFileSync(filePath, data, options = {}) {
+  const dir = path5.dirname(filePath);
+  if (!fs5.existsSync(dir)) {
+    fs5.mkdirSync(dir, { recursive: true });
+  }
+  const tempFile = path5.join(dir, `.tmp-${Date.now()}-${crypto.randomBytes(4).toString("hex")}`);
+  try {
+    fs5.writeFileSync(tempFile, data, options);
+    fs5.renameSync(tempFile, filePath);
+  } catch (error) {
+    try {
+      if (fs5.existsSync(tempFile)) {
+        fs5.unlinkSync(tempFile);
+      }
+    } catch (cleanupError) {
+    }
+    throw error;
+  }
+}
+function atomicAppendFileSync(filePath, data, options = {}) {
+  const dir = path5.dirname(filePath);
+  if (!fs5.existsSync(dir)) {
+    fs5.mkdirSync(dir, { recursive: true });
+  }
+  withFileLock(filePath, () => {
+    let existingContent = "";
+    if (fs5.existsSync(filePath)) {
+      existingContent = fs5.readFileSync(filePath, options.encoding || "utf8");
+    }
+    const combinedData = existingContent + data;
+    atomicWriteFileSync(filePath, combinedData, options);
+  });
+}
+function readJSONSafe(filePath) {
+  try {
+    if (!fs5.existsSync(filePath)) {
+      return null;
+    }
+    const content = fs5.readFileSync(filePath, "utf8");
+    return JSON.parse(content);
+  } catch (e) {
+    console.error(`[atomicWrite] Failed to read JSON from ${filePath}:`, e.message);
+    return null;
+  }
+}
+
+// src/core/policyVersionGuard.js
+function parsePolicyVersion(version) {
+  if (typeof version === "number" && Number.isFinite(version)) {
+    return { ok: true, kind: "int", parts: [Math.floor(version)], raw: String(version) };
+  }
+  if (typeof version !== "string" || !version.trim()) {
+    return { ok: false, reason: "POLICY_VERSION_INVALID", message: "Policy version is required" };
+  }
+  const trimmed = version.trim();
+  if (/^\d+$/.test(trimmed)) {
+    return { ok: true, kind: "int", parts: [Number(trimmed)], raw: trimmed };
+  }
+  const semver = trimmed.replace(/^v/i, "");
+  if (/^\d+(\.\d+){0,2}$/.test(semver)) {
+    const parsed = semver.split(".").map((n) => Number(n));
+    while (parsed.length < 3) {
+      parsed.push(0);
+    }
+    return { ok: true, kind: "semver", parts: parsed, raw: trimmed };
+  }
+  return {
+    ok: false,
+    reason: "POLICY_VERSION_INVALID",
+    message: `Unsupported policy version format '${version}' (use integer or semver)`
+  };
+}
+function compareVersions(a, b) {
+  const len = Math.max(a.parts.length, b.parts.length);
+  for (let i = 0; i < len; i++) {
+    const av = a.parts[i] ?? 0;
+    const bv = b.parts[i] ?? 0;
+    if (av > bv) return 1;
+    if (av < bv) return -1;
+  }
+  return 0;
+}
+function parseCreatedAt(createdAt) {
+  if (typeof createdAt === "number" && Number.isFinite(createdAt)) {
+    const sec = createdAt > 1e12 ? Math.floor(createdAt / 1e3) : Math.floor(createdAt);
+    return { ok: true, epochSec: sec };
+  }
+  if (typeof createdAt !== "string" || !createdAt.trim()) {
+    return {
+      ok: false,
+      reason: "POLICY_CREATED_AT_INVALID",
+      message: "Policy createdAt is required"
+    };
+  }
+  const ts = Date.parse(createdAt);
+  if (Number.isNaN(ts)) {
+    return {
+      ok: false,
+      reason: "POLICY_CREATED_AT_INVALID",
+      message: `Invalid policy createdAt '${createdAt}'`
+    };
+  }
+  return { ok: true, epochSec: Math.floor(ts / 1e3) };
+}
+function loadPolicyState(statePath) {
+  if (!fs6.existsSync(statePath)) {
+    return {
+      schemaVersion: "1",
+      lastAccepted: null,
+      updatedAt: null
+    };
+  }
+  try {
+    const parsed = JSON.parse(fs6.readFileSync(statePath, "utf8"));
+    if (!parsed || typeof parsed !== "object") {
+      throw new Error("Policy state file has invalid structure");
+    }
+    return {
+      schemaVersion: String(parsed.schemaVersion || "1"),
+      lastAccepted: parsed.lastAccepted && typeof parsed.lastAccepted === "object" ? parsed.lastAccepted : null,
+      updatedAt: parsed.updatedAt || null
+    };
+  } catch (err) {
+    throw new Error(`Policy state at ${statePath} is corrupt or unreadable: ${err.message}`);
+  }
+}
+function savePolicyState(statePath, stateObj) {
+  const payload = JSON.stringify(stateObj, null, 2);
+  atomicWriteFileSync(statePath, payload, { encoding: "utf8" });
+}
+function validateAndUpdatePolicyVersionState({
+  policyObj,
+  statePath = path6.resolve(".lbe/data/policy.state.json"),
+  maxCreatedAtSkewSec = 31536e3,
+  nowSec = Math.floor(Date.now() / 1e3),
+  persist = true
+}) {
+  const version = parsePolicyVersion(policyObj?.version);
+  if (!version.ok) {
+    return {
+      ok: false,
+      reason: version.reason,
+      message: version.message,
+      updated: false
+    };
+  }
+  const createdAt = parseCreatedAt(policyObj?.createdAt);
+  if (!createdAt.ok) {
+    return {
+      ok: false,
+      reason: createdAt.reason,
+      message: createdAt.message,
+      updated: false
+    };
+  }
+  const skew = Math.abs(nowSec - createdAt.epochSec);
+  const allowedSkew = Number.isFinite(maxCreatedAtSkewSec) && maxCreatedAtSkewSec > 0 ? Math.floor(maxCreatedAtSkewSec) : 31536e3;
+  if (skew > allowedSkew) {
+    return {
+      ok: false,
+      reason: "POLICY_CREATED_AT_SKEW_EXCEEDED",
+      message: `Policy createdAt skew ${skew}s exceeds allowed ${allowedSkew}s`,
+      updated: false
+    };
+  }
+  let state;
+  try {
+    state = loadPolicyState(statePath);
+  } catch (err) {
+    return {
+      ok: false,
+      reason: "POLICY_STATE_CORRUPT",
+      message: err.message,
+      updated: false
+    };
+  }
+  const previous = state.lastAccepted;
+  let previousVersion = null;
+  let previousCreatedAt = null;
+  let versionCompare = 0;
+  if (previous) {
+    previousVersion = parsePolicyVersion(previous.version);
+    previousCreatedAt = parseCreatedAt(previous.createdAt);
+    if (previousVersion.ok && previousCreatedAt.ok) {
+      versionCompare = compareVersions(version, previousVersion);
+      if (versionCompare < 0) {
+        return {
+          ok: false,
+          reason: "POLICY_VERSION_REGRESSION",
+          message: `Policy version regression: current '${version.raw}' < last '${previousVersion.raw}'`,
+          updated: false
+        };
+      }
+      if (versionCompare === 0 && createdAt.epochSec < previousCreatedAt.epochSec) {
+        return {
+          ok: false,
+          reason: "POLICY_CREATED_AT_REGRESSION",
+          message: `Policy createdAt regression: current '${policyObj.createdAt}' < last '${previous.createdAt}'`,
+          updated: false
+        };
+      }
+      if (versionCompare > 0 && createdAt.epochSec < previousCreatedAt.epochSec) {
+        return {
+          ok: false,
+          reason: "POLICY_CREATED_AT_REGRESSION",
+          message: `Policy createdAt must be monotonic when version increases`,
+          updated: false
+        };
+      }
+    }
+  }
+  const shouldUpdate = !previous || !previousVersion?.ok || !previousCreatedAt?.ok || versionCompare > 0 || versionCompare === 0 && createdAt.epochSec > previousCreatedAt.epochSec;
+  if (persist && shouldUpdate) {
+    const nextState = {
+      schemaVersion: "1",
+      lastAccepted: {
+        version: policyObj.version,
+        createdAt: policyObj.createdAt,
+        environment: policyObj.environment || null
+      },
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    savePolicyState(statePath, nextState);
+  }
+  return {
+    ok: true,
+    reason: null,
+    message: "Policy version guard passed",
+    updated: shouldUpdate
+  };
+}
+
+// runtime/engine.js
+import fs7 from "fs";
+import path7 from "path";
+import { fileURLToPath } from "url";
+var runtimeDir = path7.dirname(fileURLToPath(import.meta.url));
+var wasmPath = path7.join(runtimeDir, "lbe_engine.wasm");
+var POLICY_MESSAGES = {
+  0: { allowed: true, reason: null, message: "Policy check passed" },
+  1: { allowed: false, reason: "POLICY_NOT_CONFIGURED", message: "No policy configured" },
+  2: { allowed: false, reason: "REQUESTER_NOT_ALLOWED", message: "Requester not in policy" },
+  3: { allowed: false, reason: "COMMAND_NOT_ALLOWED", message: "Command not allowed for requester" },
+  4: { allowed: false, reason: "ADAPTER_NOT_ALLOWED", message: "Adapter not allowed" },
+  5: { allowed: false, reason: "NO_FILESYSTEM_ROOTS_DEFINED", message: "No filesystem roots defined for requester" },
+  6: { allowed: false, reason: "CWD_OUTSIDE_ALLOWED_ROOT", message: "Path not under allowed roots" },
+  7: { allowed: false, reason: "PATH_DENIED_BY_PATTERN", message: "Path matches deny pattern" },
+  8: { allowed: false, reason: "SHELL_CMD_DENIED", message: "Shell command not allowed" }
+};
+var SCHEMA_MESSAGES = {
+  0: { valid: true, error: null },
+  1: { valid: false, error: "Missing required field: id" },
+  2: { valid: false, error: "Missing required field: commandId" },
+  3: { valid: false, error: "Missing required field: requesterId" },
+  4: { valid: false, error: "Missing required field: sessionId" },
+  5: { valid: false, error: "Missing required field: timestamp" },
+  6: { valid: false, error: "Missing required field: nonce" },
+  7: { valid: false, error: "Missing required field: requires" },
+  8: { valid: false, error: "Missing required field: payload" },
+  9: { valid: false, error: "Missing required field: signature" },
+  10: { valid: false, error: "Field 'id' is invalid" },
+  11: { valid: false, error: "Field 'commandId' is invalid" },
+  12: { valid: false, error: "Field 'requesterId' is invalid" },
+  13: { valid: false, error: "Field 'sessionId' is invalid" },
+  14: { valid: false, error: "Field 'timestamp' is invalid" },
+  15: { valid: false, error: "Field 'nonce' is invalid" },
+  16: { valid: false, error: "Field 'requires' is invalid" },
+  17: { valid: false, error: "payload: missing required field: adapter" },
+  18: { valid: false, error: "payload: field 'adapter' is invalid" },
+  19: { valid: false, error: "signature: missing required field: alg" },
+  20: { valid: false, error: "signature: missing required field: keyId" },
+  21: { valid: false, error: "signature: missing required field: sig" },
+  22: { valid: false, error: "signature: field 'alg' must be ed25519" },
+  23: { valid: false, error: "signature: field 'sig' is invalid" },
+  24: { valid: false, error: "Field 'risk' is invalid" }
+};
+var KEY_REASONS = {
+  1: "KEY_ID_INVALID",
+  2: "KEY_NOT_TRUSTED",
+  3: "KEY_DEPRECATED",
+  4: "KEY_REQUESTER_MISMATCH",
+  5: "KEY_LIFECYCLE_INVALID",
+  6: "KEY_NOT_YET_VALID",
+  7: "KEY_EXPIRED"
+};
+var PIPELINE_STAGES = {
+  0: "schema",
+  1: "timestamp",
+  2: "key",
+  3: "signature",
+  4: "rate_limit",
+  5: "nonce",
+  6: "policy",
+  255: "ok"
+};
+var RISK_LABELS = ["LOW", "MEDIUM", "HIGH", "CRITICAL"];
+var COMMAND_TYPE = { ECHO: 0, READ_FILE: 1, WRITE_FILE: 2, PATCH_FILE: 3, DELETE_FILE: 4, RUN_SHELL: 5 };
+var _instance = null;
+function wasm() {
+  if (_instance) return _instance;
+  if (!fs7.existsSync(wasmPath)) throw new Error(`LBE engine missing: ${wasmPath}`);
+  const bytes = fs7.readFileSync(wasmPath);
+  _instance = new WebAssembly.Instance(new WebAssembly.Module(bytes), {});
+  return _instance;
+}
+function memory() {
+  return new Uint8Array(wasm().exports.memory.buffer);
+}
+function inPtr() {
+  return wasm().exports.lbe_in_ptr();
+}
+function outPtr() {
+  return wasm().exports.lbe_out_ptr();
+}
+function bufSize() {
+  return wasm().exports.lbe_buf_size();
+}
+function writeIn(str) {
+  const enc = new TextEncoder().encode(str);
+  const mem = memory();
+  const ptr = inPtr();
+  mem.set(enc, ptr);
+  mem[ptr + enc.length] = 0;
+}
+function readOut() {
+  const mem = memory();
+  const ptr = outPtr();
+  let end = ptr;
+  while (mem[end] !== 0 && end - ptr < bufSize()) end++;
+  return new TextDecoder().decode(mem.slice(ptr, end));
+}
+function writePipelineInput(fields) {
+  const mem = memory();
+  const ptr = inPtr();
+  const view = new DataView(mem.buffer, ptr);
+  fields.forEach((v, i) => view.setUint32(i * 4, v >>> 0, true));
+}
+function readPipelineOutput() {
+  const mem = memory();
+  const ptr = outPtr();
+  const view = new DataView(mem.buffer, ptr);
+  return { stage: view.getUint32(0, true), code: view.getUint32(4, true) };
+}
+function runValidationPipeline(flags) {
+  writePipelineInput([
+    // Schema flags [0..24]
+    flags.hasId ? 1 : 0,
+    flags.idValid ? 1 : 0,
+    flags.hasCommandId ? 1 : 0,
+    flags.commandIdValid ? 1 : 0,
+    flags.hasRequesterId ? 1 : 0,
+    flags.requesterIdValid ? 1 : 0,
+    flags.hasSessionId ? 1 : 0,
+    flags.sessionIdValid ? 1 : 0,
+    flags.hasTimestamp ? 1 : 0,
+    flags.timestampValid ? 1 : 0,
+    flags.hasNonce ? 1 : 0,
+    flags.nonceValid ? 1 : 0,
+    flags.hasRequires ? 1 : 0,
+    flags.requiresValid ? 1 : 0,
+    flags.hasPayload ? 1 : 0,
+    flags.hasPayloadAdapter ? 1 : 0,
+    flags.payloadAdapterValid ? 1 : 0,
+    flags.hasSignature ? 1 : 0,
+    flags.hasSignatureAlg ? 1 : 0,
+    flags.signatureAlgValid ? 1 : 0,
+    flags.hasSignatureKeyId ? 1 : 0,
+    flags.hasSignatureSig ? 1 : 0,
+    flags.signatureSigValid ? 1 : 0,
+    flags.hasRisk ? 1 : 0,
+    flags.riskValid ? 1 : 0,
+    // Timestamp [25..27]
+    flags.cmdTimestamp >>> 0,
+    flags.nowSec >>> 0,
+    flags.maxClockSkewSec >>> 0,
+    // Key lifecycle [28..34]
+    flags.keyIdFormatValid ? 1 : 0,
+    flags.keyFound ? 1 : 0,
+    flags.keyNotDeprecated ? 1 : 0,
+    flags.keyRequesterMatches ? 1 : 0,
+    flags.keyNotBeforeOk ? 1 : 0,
+    flags.keyNotExpired ? 1 : 0,
+    flags.keyLifecycleFieldsPresent ? 1 : 0,
+    // Signature [35]
+    flags.signatureValid ? 1 : 0,
+    // Rate limit [36..37]
+    flags.rateLimitOk ? 1 : 0,
+    flags.rateLimitRetryAfterSec >>> 0,
+    // Nonce [38]
+    flags.nonceOk ? 1 : 0,
+    // Policy [39..48]
+    flags.policyConfigured ? 1 : 0,
+    flags.requesterConfigured ? 1 : 0,
+    flags.commandAllowed ? 1 : 0,
+    flags.adapterAllowed ? 1 : 0,
+    flags.filesystemRequired ? 1 : 0,
+    flags.filesystemRootsDefined ? 1 : 0,
+    flags.filesystemOk ? 1 : 0,
+    flags.pathDenied ? 1 : 0,
+    flags.shellRequired ? 1 : 0,
+    flags.shellCommandOk ? 1 : 0
+  ]);
+  wasm().exports.lbe_validate_pipeline();
+  const { stage, code } = readPipelineOutput();
+  const ok = stage === 255;
+  return {
+    ok,
+    stage,
+    stageLabel: PIPELINE_STAGES[stage] || "unknown",
+    code,
+    schemaError: stage === 0 ? SCHEMA_MESSAGES[code]?.error || "Schema invalid" : null,
+    keyReason: stage === 2 ? KEY_REASONS[code] || "KEY_ERROR" : null,
+    policyResult: stage === 6 ? { ...POLICY_MESSAGES[code] || POLICY_MESSAGES[1], code } : null,
+    retryAfterSec: stage === 4 ? code : 0,
+    skewSec: stage === 1 ? code : 0
+  };
+}
+function checkNonce({ ttlSec, nowSec, newKey, existingEntries }) {
+  const lines = [`${ttlSec}:${nowSec}`, newKey, ...existingEntries].join("\n") + "\n";
+  writeIn(lines);
+  const isReplay = wasm().exports.lbe_nonce_check() !== 0;
+  if (isReplay) return { ok: false, updatedEntriesText: null };
+  const out = readOut();
+  return { ok: true, updatedEntriesText: out.startsWith("OK\n") ? out.slice(3) : out };
+}
+function checkRateLimit({ windowSec, maxRequests, nowSec, requesterId, existingEntries }) {
+  const lines = [
+    `${windowSec}:${maxRequests}:${nowSec}`,
+    requesterId,
+    ...existingEntries
+  ].join("\n") + "\n";
+  writeIn(lines);
+  const exceeded = wasm().exports.lbe_rate_check() !== 0;
+  const out = readOut();
+  if (exceeded) {
+    const retryAfterSec = parseInt(out.match(/^EXCEEDED:(\d+)/)?.[1] ?? "1", 10);
+    const entriesText = out.replace(/^EXCEEDED:\d+\n/, "");
+    return { ok: false, retryAfterSec, updatedEntriesText: entriesText };
+  }
+  return { ok: true, retryAfterSec: 0, updatedEntriesText: out.startsWith("OK\n") ? out.slice(3) : out };
+}
+function classifyRisk(commandId, shellCmdIsRm = false) {
+  const typeCode = COMMAND_TYPE[commandId] ?? 0;
+  const code = wasm().exports.lbe_classify_risk(typeCode, shellCmdIsRm ? 1 : 0);
+  return RISK_LABELS[code] ?? "LOW";
+}
+
+// src/core/validator.js
+import path8 from "path";
+function extractSchemaFlags(cmd) {
+  const has = (k) => cmd != null && Object.prototype.hasOwnProperty.call(cmd, k);
+  const isStr = (v) => typeof v === "string";
+  const p = cmd?.payload;
+  const sig = cmd?.signature;
+  return {
+    hasId: has("id"),
+    idValid: isStr(cmd?.id) && /^[A-Z_]+$/.test(cmd.id) && cmd.id.length >= 1 && cmd.id.length <= 50,
+    hasCommandId: has("commandId"),
+    commandIdValid: isStr(cmd?.commandId) && /^[a-f0-9-]+$/.test(cmd.commandId) && cmd.commandId.length === 36,
+    hasRequesterId: has("requesterId"),
+    requesterIdValid: isStr(cmd?.requesterId) && cmd.requesterId.length >= 3 && cmd.requesterId.length <= 100,
+    hasSessionId: has("sessionId"),
+    sessionIdValid: isStr(cmd?.sessionId) && cmd.sessionId.length >= 3,
+    hasTimestamp: has("timestamp"),
+    timestampValid: typeof cmd?.timestamp === "number" && cmd.timestamp >= 1e9,
+    hasNonce: has("nonce"),
+    nonceValid: isStr(cmd?.nonce) && cmd.nonce.length >= 32 && cmd.nonce.length <= 128,
+    hasRequires: has("requires"),
+    requiresValid: Array.isArray(cmd?.requires) && cmd.requires.length >= 1 && cmd.requires.every(isStr),
+    hasPayload: has("payload") && typeof p === "object" && p !== null && !Array.isArray(p),
+    hasPayloadAdapter: p != null && Object.prototype.hasOwnProperty.call(p, "adapter"),
+    payloadAdapterValid: isStr(p?.adapter),
+    hasSignature: has("signature") && typeof sig === "object" && sig !== null && !Array.isArray(sig),
+    hasSignatureAlg: sig != null && Object.prototype.hasOwnProperty.call(sig, "alg"),
+    signatureAlgValid: sig?.alg === "ed25519",
+    hasSignatureKeyId: sig != null && Object.prototype.hasOwnProperty.call(sig, "keyId"),
+    hasSignatureSig: sig != null && Object.prototype.hasOwnProperty.call(sig, "sig"),
+    signatureSigValid: isStr(sig?.sig) && sig.sig.length >= 10,
+    hasRisk: has("risk"),
+    riskValid: ["LOW", "MEDIUM", "HIGH", "CRITICAL"].includes(cmd?.risk)
+  };
+}
+function extractPolicyFlags(policy, cmd) {
+  const hasPolicy = !!(policy && policy.default === "DENY" && policy.requesters && typeof policy.requesters === "object");
+  const rp = policy?.requesters?.[cmd.requesterId];
+  const cmdId = cmd.id?.toLowerCase() ?? "";
+  const commandAllowed = !!rp?.allowCommands?.some((c) => c.toLowerCase() === cmdId);
+  const adapterAllowed = !!rp?.allowAdapters?.includes(cmd.payload?.adapter);
+  const filesystemRequired = !!cmd.payload?.cwd;
+  let filesystemRootsDefined = false;
+  let filesystemOk = false;
+  let pathDenied = false;
+  if (filesystemRequired) {
+    const roots = rp?.filesystem?.roots ?? [];
+    filesystemRootsDefined = roots.length > 0;
+    if (filesystemRootsDefined) {
+      const cwd = path8.resolve(cmd.payload.cwd);
+      filesystemOk = roots.some((r) => {
+        const rr = path8.resolve(r);
+        return cwd === rr || cwd.startsWith(rr + path8.sep);
+      });
+      const denyPatterns = rp?.filesystem?.denyPatterns ?? [];
+      pathDenied = denyPatterns.some((pattern) => {
+        const re = new RegExp("^" + pattern.replace(/\./g, "\\.").replace(/\*\*/g, ".*").replace(/\*/g, "[^/]*") + "$");
+        return re.test(cwd);
+      });
+    }
+  }
+  let shellRequired = false;
+  let shellCommandOk = true;
+  if (cmd.id === "RUN_SHELL") {
+    shellRequired = true;
+    const allowCmds = rp?.exec?.allowCmds ?? [];
+    const denyCmds = rp?.exec?.denyCmds ?? [];
+    const shellCmd = cmd.payload?.cmd;
+    if (denyCmds.includes(shellCmd)) {
+      shellCommandOk = false;
+    } else {
+      shellCommandOk = allowCmds.length === 0 || allowCmds.includes(shellCmd);
+    }
+  }
+  return {
+    policyConfigured: hasPolicy,
+    requesterConfigured: !!rp,
+    commandAllowed,
+    adapterAllowed,
+    filesystemRequired,
+    filesystemRootsDefined,
+    filesystemOk,
+    pathDenied,
+    shellRequired,
+    shellCommandOk
+  };
+}
+function extractKeyFlags(keyStore, keyId, requesterId, now = /* @__PURE__ */ new Date()) {
+  if (!keyStore || !keyId) {
+    return {
+      keyIdFormatValid: false,
+      keyFound: false,
+      keyNotDeprecated: false,
+      keyRequesterMatches: false,
+      keyNotBeforeOk: false,
+      keyNotExpired: false,
+      keyLifecycleFieldsPresent: false,
+      publicKey: null
+    };
+  }
+  const KEY_ID_RE = /^[A-Za-z0-9:_-]{3,128}$/;
+  const keyIdFormatValid = KEY_ID_RE.test(keyId) && keyId !== "default";
+  if (!keyIdFormatValid) {
+    return {
+      keyIdFormatValid,
+      keyFound: false,
+      keyNotDeprecated: false,
+      keyRequesterMatches: false,
+      keyNotBeforeOk: false,
+      keyNotExpired: false,
+      keyLifecycleFieldsPresent: false,
+      publicKey: null
+    };
+  }
+  const entry = keyStore.trustedKeys?.[keyId];
+  const keyFound = !!entry;
+  if (!keyFound) {
+    return {
+      keyIdFormatValid,
+      keyFound,
+      keyNotDeprecated: false,
+      keyRequesterMatches: false,
+      keyNotBeforeOk: false,
+      keyNotExpired: false,
+      keyLifecycleFieldsPresent: false,
+      publicKey: null
+    };
+  }
+  const keyNotDeprecated = !entry.deprecated;
+  const keyRequesterMatches = !entry.requesterId || entry.requesterId === requesterId;
+  const notBefore = entry.notBefore || entry.validFrom;
+  const expiresAt = entry.expiresAt || entry.validUntil;
+  const keyLifecycleFieldsPresent = typeof notBefore === "string" && typeof expiresAt === "string";
+  let keyNotBeforeOk = false;
+  let keyNotExpired = false;
+  if (keyLifecycleFieldsPresent) {
+    const nb = new Date(notBefore);
+    const exp = new Date(expiresAt);
+    if (!isNaN(nb.getTime()) && !isNaN(exp.getTime()) && nb < exp) {
+      keyNotBeforeOk = now >= nb;
+      keyNotExpired = now < exp;
+    }
+  }
+  return {
+    keyIdFormatValid,
+    keyFound,
+    keyNotDeprecated,
+    keyRequesterMatches,
+    keyNotBeforeOk,
+    keyNotExpired,
+    keyLifecycleFieldsPresent,
+    publicKey: entry.publicKey ?? null
+  };
+}
+function nonceEntriesToText(db) {
+  return (db?.entries ?? []).map((e) => `${e.key}:${e.timestamp}`);
+}
+function textToNonceEntries(text) {
+  return text.split("\n").filter(Boolean).map((line) => {
+    const lastColon = line.lastIndexOf(":");
+    return {
+      key: line.slice(0, lastColon),
+      timestamp: parseInt(line.slice(lastColon + 1), 10) || 0
+    };
+  });
+}
+function rateEntriesToText(db) {
+  return (db?.entries ?? []).map((e) => `${e.requesterId}:${e.timestamp}`);
+}
+function textToRateEntries(text) {
+  return text.split("\n").filter(Boolean).map((line) => {
+    const lastColon = line.lastIndexOf(":");
+    return {
+      requesterId: line.slice(0, lastColon),
+      timestamp: parseInt(line.slice(lastColon + 1), 10) || 0
+    };
+  });
+}
+function validateCommand({
+  commandObj,
+  pubKeyB64,
+  keyStore,
+  nonceDb,
+  policy,
+  rateLimiter,
+  policyStatePath
+}) {
+  const result = {
+    valid: false,
+    commandId: commandObj?.commandId,
+    checks: {},
+    errors: []
+  };
+  const nowSec = Math.floor(Date.now() / 1e3);
+  const now = /* @__PURE__ */ new Date();
+  const maxClockSkewSec = Number.isFinite(policy?.security?.maxClockSkewSec) ? policy.security.maxClockSkewSec : 600;
+  if (policyStatePath && policy?.version !== void 0) {
+    try {
+      const vCheck = validateAndUpdatePolicyVersionState({ policyObj: policy, statePath: policyStatePath });
+      result.checks.policyVersion = vCheck.ok;
+      if (!vCheck.ok) {
+        result.errors.push({ type: "POLICY_VERSION_INVALID", message: vCheck.message });
+        return result;
+      }
+    } catch {
+      result.checks.policyVersion = true;
+    }
+  } else {
+    result.checks.policyVersion = true;
+  }
+  const schemaFlags = extractSchemaFlags(commandObj);
+  const keyId = commandObj?.signature?.keyId;
+  const keyFlags = extractKeyFlags(keyStore, keyId, commandObj?.requesterId, now);
+  let signatureValid = false;
+  let effectivePubKey = keyFlags.publicKey;
+  if (!effectivePubKey && pubKeyB64) effectivePubKey = pubKeyB64;
+  if (effectivePubKey) {
+    const bodyWithoutSig = { ...commandObj };
+    delete bodyWithoutSig.signature;
+    const sigCheck = verifyEd25519({
+      payloadObj: bodyWithoutSig,
+      sigB64: commandObj?.signature?.sig,
+      pubKeyB64: effectivePubKey
+    });
+    signatureValid = sigCheck.valid;
+  }
+  let rateLimitOk = true;
+  let rateLimitRetryAfterSec = 0;
+  if (signatureValid && rateLimiter && typeof rateLimiter.db !== "undefined") {
+    const rateCfg = policy?.requesters?.[commandObj.requesterId]?.rateLimit || {};
+    const dfltCfg = policy?.security?.defaultRateLimit || {};
+    const windowSec = rateCfg.windowSec ?? dfltCfg.windowSec ?? 60;
+    const maxRequests = rateCfg.maxRequests ?? dfltCfg.maxRequests ?? 30;
+    const rateResult = checkRateLimit({
+      windowSec,
+      maxRequests,
+      nowSec,
+      requesterId: commandObj.requesterId,
+      existingEntries: rateEntriesToText(rateLimiter.db)
+    });
+    rateLimitOk = rateResult.ok;
+    rateLimitRetryAfterSec = rateResult.retryAfterSec;
+    if (rateResult.ok) {
+      rateLimiter.db.entries = textToRateEntries(rateResult.updatedEntriesText);
+    }
+  } else if (signatureValid && rateLimiter && typeof rateLimiter.checkAndRecord === "function") {
+    const rateCfg = policy?.requesters?.[commandObj.requesterId]?.rateLimit || {};
+    const dfltCfg = policy?.security?.defaultRateLimit || {};
+    const rateCheck = rateLimiter.checkAndRecord({
+      requesterId: commandObj.requesterId,
+      nowSec,
+      windowSec: rateCfg.windowSec ?? dfltCfg.windowSec ?? 60,
+      maxRequests: rateCfg.maxRequests ?? dfltCfg.maxRequests ?? 30
+    });
+    rateLimitOk = rateCheck.ok;
+    rateLimitRetryAfterSec = rateCheck.retryAfterSec ?? 0;
+  }
+  let nonceOk = true;
+  const nonceKey = `${commandObj?.requesterId}|${commandObj?.sessionId}|${commandObj?.nonce}`;
+  const ttlSec = 3600;
+  if (signatureValid && rateLimitOk && nonceDb) {
+    if (typeof nonceDb.checkAndRecord === "function") {
+      if (nonceDb.db) {
+        const nonceResult = checkNonce({
+          ttlSec,
+          nowSec,
+          newKey: nonceKey,
+          existingEntries: nonceEntriesToText(nonceDb.db)
+        });
+        nonceOk = nonceResult.ok;
+        if (nonceResult.ok) {
+          nonceDb.db.entries = textToNonceEntries(nonceResult.updatedEntriesText);
+        }
+      } else {
+        const r = nonceDb.checkAndRecord({
+          requesterId: commandObj.requesterId,
+          sessionId: commandObj.sessionId,
+          nonce: commandObj.nonce
+        });
+        nonceOk = r.ok;
+      }
+    } else {
+      const nonceResult = checkNonce({
+        ttlSec,
+        nowSec,
+        newKey: nonceKey,
+        existingEntries: nonceEntriesToText(nonceDb)
+      });
+      nonceOk = nonceResult.ok;
+      if (nonceResult.ok) {
+        nonceDb.entries = textToNonceEntries(nonceResult.updatedEntriesText);
+      }
+    }
+  }
+  const policyFlags = extractPolicyFlags(policy, commandObj ?? {});
+  const pipeline = runValidationPipeline({
+    ...schemaFlags,
+    cmdTimestamp: commandObj?.timestamp ?? 0,
+    nowSec,
+    maxClockSkewSec,
+    ...keyFlags,
+    signatureValid,
+    rateLimitOk,
+    rateLimitRetryAfterSec,
+    nonceOk,
+    ...policyFlags
+  });
+  const s = pipeline.stage;
+  result.checks.schema = s !== 0;
+  if (s >= 1) result.checks.timestamp = s !== 1;
+  if (s >= 2) result.checks.keyId = s !== 2;
+  if (s >= 2) result.checks.signature = s !== 2 && s !== 3;
+  if (s >= 4) result.checks.rateLimit = s !== 4;
+  if (s >= 5) result.checks.nonce = s !== 5;
+  if (s >= 6 || pipeline.ok) result.checks.policy = s !== 6;
+  if (!pipeline.ok) {
+    const stage = pipeline.stageLabel;
+    if (stage === "schema") {
+      result.errors.push({ type: "SCHEMA_ERROR", message: pipeline.schemaError || "Schema invalid" });
+    } else if (stage === "timestamp") {
+      result.errors.push({ type: "TIMESTAMP_SKEW_EXCEEDED", message: `Command timestamp skew ${pipeline.skewSec}s exceeds allowed ${maxClockSkewSec}s` });
+    } else if (stage === "key") {
+      const reason = pipeline.keyReason || "KEY_ERROR";
+      const msgs = {
+        KEY_ID_INVALID: `Invalid keyId '${keyId}'`,
+        KEY_NOT_TRUSTED: `Key '${keyId}' is not in trusted key store`,
+        KEY_DEPRECATED: `Key '${keyId}' is deprecated`,
+        KEY_REQUESTER_MISMATCH: `Key '${keyId}' is not authorized for requester '${commandObj?.requesterId}'`,
+        KEY_LIFECYCLE_INVALID: `Key '${keyId}' must define notBefore and expiresAt`,
+        KEY_NOT_YET_VALID: `Key '${keyId}' is not yet valid`,
+        KEY_EXPIRED: `Key '${keyId}' has expired`
+      };
+      result.errors.push({ type: reason, message: msgs[reason] || reason });
+    } else if (stage === "signature") {
+      result.errors.push({ type: "SIGNATURE_INVALID", message: effectivePubKey ? "Signature verification failed" : "No public key available" });
+    } else if (stage === "rate_limit") {
+      result.errors.push({ type: "RATE_LIMIT_EXCEEDED", message: `Rate limit exceeded. Retry after ${pipeline.retryAfterSec}s` });
+    } else if (stage === "nonce") {
+      result.errors.push({ type: "REPLAY_NONCE", message: "Nonce has already been used" });
+    } else if (stage === "policy" && pipeline.policyResult) {
+      result.errors.push({ type: pipeline.policyResult.reason, message: pipeline.policyResult.message });
+    } else {
+      result.errors.push({ type: "VALIDATION_FAILED", message: `Failed at stage: ${stage}` });
+    }
+    return result;
+  }
+  result.valid = true;
+  result.risk = classifyRisk(commandObj.id, commandObj.payload?.cmd === "rm");
+  result.message = "Command validation successful";
+  return result;
+}
+
+// src/core/nonceStore.js
+import fs8 from "fs";
+import path9 from "path";
+var NonceStore = class {
+  constructor(dbPath, ttlSec = 3600) {
+    this.dbPath = dbPath;
+    this.ttlSec = ttlSec;
+    this.db = { entries: [] };
+  }
+  async load() {
+    if (!fs8.existsSync(this.dbPath)) {
+      this.db = { entries: [] };
+      return;
+    }
+    try {
+      const data = fs8.readFileSync(this.dbPath, "utf8");
+      this.db = JSON.parse(data);
+      this.prune();
+    } catch (err) {
+      throw new Error(`Nonce DB at ${this.dbPath} is corrupt or unreadable: ${err.message}`);
+    }
+  }
+  async save() {
+    try {
+      const dir = path9.dirname(this.dbPath);
+      if (!fs8.existsSync(dir)) {
+        fs8.mkdirSync(dir, { recursive: true });
+      }
+      atomicWriteFileSync(this.dbPath, JSON.stringify(this.db, null, 2), { encoding: "utf8" });
+    } catch (err) {
+      throw new Error(`Failed to save nonce DB: ${err.message}`);
+    }
+  }
+  checkAndRecord({ requesterId, sessionId, nonce }) {
+    const now = Math.floor(Date.now() / 1e3);
+    this.db.entries = this.db.entries.filter((e) => now - e.timestamp <= this.ttlSec);
+    const key = `${requesterId}|${sessionId}|${nonce}`;
+    if (this.db.entries.some((e) => e.key === key)) {
+      return {
+        ok: false,
+        reason: "REPLAY_NONCE",
+        message: "Nonce has already been used"
+      };
+    }
+    this.db.entries.push({ key, timestamp: now });
+    return {
+      ok: true,
+      reason: null,
+      message: "Nonce accepted"
+    };
+  }
+  prune() {
+    const now = Math.floor(Date.now() / 1e3);
+    const before = this.db.entries.length;
+    this.db.entries = this.db.entries.filter((e) => now - e.timestamp <= this.ttlSec);
+    const after = this.db.entries.length;
+    return {
+      prunedCount: before - after,
+      remainingCount: after
+    };
+  }
+};
+
+// src/cli/commands/verify.js
+async function verifyCommand(opts) {
+  const { in: inFile } = opts;
+  const config = opts.config || opts.policy;
+  const pubKey = opts["pub-key"];
+  const keysStorePath = opts["keys-store"] || path10.resolve(".lbe/config/keys.json");
+  const policySigPath = opts["policy-sig"] || path10.resolve(".lbe/config/policy.sig.json");
+  const policyStatePath = opts["policy-state"] || path10.resolve(".lbe/data/policy.state.json");
+  const allowUnsignedPolicy = opts["policy-unsigned-ok"] === true || String(opts["policy-unsigned-ok"]).toLowerCase() === "true";
+  if (!inFile) {
+    console.error("Error: --in <file> is required");
+    process.exit(1);
+  }
+  let proposal;
+  try {
+    const filePath = path10.resolve(inFile);
+    const content = fs9.readFileSync(filePath, "utf-8");
+    proposal = JSON.parse(content);
+  } catch (error) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "INVALID_PROPOSAL_FILE",
+      message: error.message
+    }));
+    process.exit(5);
+  }
+  let policy;
+  try {
+    const policyPath = config || path10.resolve(".lbe/config/policy.default.json");
+    if (!fs9.existsSync(policyPath)) {
+      console.error(JSON.stringify({
+        status: "error",
+        error: "MISSING_POLICY",
+        message: `Policy file not found: ${policyPath}`
+      }));
+      process.exit(1);
+    }
+    const policyContent = fs9.readFileSync(policyPath, "utf-8");
+    policy = JSON.parse(policyContent);
+  } catch (error) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "INVALID_POLICY",
+      message: error.message
+    }));
+    process.exit(1);
+  }
+  const keyStoreResult = loadKeysStore(keysStorePath);
+  const keyStore = keyStoreResult.ok ? keyStoreResult.store : null;
+  const policySigCheck = verifyPolicySignature({
+    policyObj: policy,
+    keyStore,
+    policySigPath,
+    allowUnsigned: allowUnsignedPolicy
+  });
+  if (!policySigCheck.ok) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: policySigCheck.reason,
+      message: policySigCheck.message
+    }, null, 2));
+    process.exit(8);
+  }
+  const versionCheck = validateAndUpdatePolicyVersionState({
+    policyObj: policy,
+    statePath: policyStatePath,
+    maxCreatedAtSkewSec: policy?.security?.maxPolicyCreatedAtSkewSec
+  });
+  if (!versionCheck.ok) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: versionCheck.reason,
+      message: versionCheck.message
+    }, null, 2));
+    process.exit(8);
+  }
+  const nonceDb = new NonceStore(path10.resolve(".lbe/data/nonce.db.json"));
+  await nonceDb.load();
+  if (!keyStore && !pubKey) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "MISSING_KEY_MATERIAL",
+      message: `${keyStoreResult.message}. Provide --pub-key/--pub-key-file or create .lbe/config/keys.json`
+    }));
+    process.exit(1);
+  }
+  const result = validateCommand({
+    commandObj: proposal,
+    pubKeyB64: pubKey,
+    keyStore,
+    nonceDb,
+    policy
+  });
+  const output = {
+    status: result.valid ? "valid" : "invalid",
+    commandId: proposal.commandId || "N/A",
+    checks: result.checks,
+    errors: result.errors || [],
+    risk: result.risk || "UNKNOWN"
+  };
+  console.log(JSON.stringify(output, null, 2));
+  if (!result.valid) {
+    if (result.checks.schema === false) process.exit(5);
+    if (result.checks.signature === false) process.exit(3);
+    if (result.checks.nonce === false) process.exit(4);
+    if (result.checks.timestamp === false) process.exit(6);
+    if (result.checks.rateLimit === false) process.exit(7);
+    if (result.checks.policy === false) process.exit(2);
+    process.exit(9);
+  }
+  process.exit(0);
+}
+
+// src/cli/commands/dryrun.js
+import fs13 from "fs";
+import path14 from "path";
+
+// src/adapters/noopAdapter.js
+async function noopAdapter(cmd) {
+  return {
+    adapter: "noop",
+    commandId: cmd.commandId || "unknown",
+    command: cmd.id || "unknown",
+    status: "completed",
+    output: `[NOOP] Would execute: ${cmd.id || "unknown"} on adapter: ${cmd.payload?.adapter || "unknown"}`,
+    exitCode: 0,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+
+// src/adapters/shellAdapter.js
+import { spawnSync } from "child_process";
+import path11 from "path";
+import fs10 from "fs";
+function physicalPath(candidate) {
+  try {
+    return fs10.realpathSync(path11.resolve(candidate));
+  } catch {
+    return path11.resolve(candidate);
+  }
+}
+function normalizeArgs(args) {
+  if (args === void 0) return { ok: true, args: [] };
+  if (!Array.isArray(args)) {
+    return { ok: false, error: "payload.args must be an array" };
+  }
+  const normalized = [];
+  for (const arg of args) {
+    if (typeof arg !== "string" && typeof arg !== "number" && typeof arg !== "boolean") {
+      return { ok: false, error: "payload.args may only contain string, number, or boolean values" };
+    }
+    normalized.push(String(arg));
+  }
+  return { ok: true, args: normalized };
+}
+async function shellAdapter(cmd, policy, requester) {
+  const payload = cmd.payload;
+  const timeout = Math.min(Math.max(Number(payload.timeoutMs) || 3e4, 1), 3e4);
+  const maxOutputSize = Math.min(Math.max(Number(payload.maxOutputBytes) || 1024 * 1024, 1024), 1024 * 1024);
+  if (payload.adapter !== "shell") {
+    return {
+      adapter: "shell",
+      commandId: cmd.commandId,
+      status: "error",
+      error: "Adapter mismatch",
+      exitCode: 1
+    };
+  }
+  const allowedCmds = requester?.exec?.allowCmds || [];
+  const deniedCmds = requester?.exec?.denyCmds || [];
+  if (deniedCmds.includes(payload.cmd)) {
+    return {
+      adapter: "shell",
+      commandId: cmd.commandId,
+      status: "blocked",
+      error: `Command '${payload.cmd}' is denied`,
+      exitCode: 2
+    };
+  }
+  if (allowedCmds.length > 0 && !allowedCmds.includes(payload.cmd)) {
+    return {
+      adapter: "shell",
+      commandId: cmd.commandId,
+      status: "blocked",
+      error: `Command '${payload.cmd}' not in allowlist`,
+      exitCode: 2
+    };
+  }
+  const roots = requester?.filesystem?.roots || [];
+  const cwdAllow = roots.some((r) => {
+    const resolvedRoot = physicalPath(r);
+    const norm = physicalPath(payload.cwd);
+    return norm === resolvedRoot || norm.startsWith(resolvedRoot + path11.sep);
+  });
+  if (!cwdAllow) {
+    return {
+      adapter: "shell",
+      commandId: cmd.commandId,
+      status: "blocked",
+      error: `CWD '${payload.cwd}' not authorized`,
+      exitCode: 2
+    };
+  }
+  const argCheck = normalizeArgs(payload.args);
+  if (!argCheck.ok) {
+    return {
+      adapter: "shell",
+      commandId: cmd.commandId,
+      status: "blocked",
+      error: argCheck.error,
+      exitCode: 2
+    };
+  }
+  try {
+    const result = spawnSync(payload.cmd, argCheck.args, {
+      cwd: payload.cwd,
+      timeout,
+      encoding: "utf8",
+      maxBuffer: maxOutputSize,
+      stdio: ["pipe", "pipe", "pipe"],
+      shell: false
+    });
+    if (result.error) {
+      throw result.error;
+    }
+    const output = `${result.stdout || ""}${result.stderr || ""}`;
+    const exitCode = result.status ?? 1;
+    if (exitCode !== 0) {
+      return {
+        adapter: "shell",
+        commandId: cmd.commandId,
+        command: payload.cmd,
+        status: "error",
+        error: output.substring(0, maxOutputSize) || `Command exited with code ${exitCode}`,
+        exitCode,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      };
+    }
+    return {
+      adapter: "shell",
+      commandId: cmd.commandId,
+      command: payload.cmd,
+      status: "completed",
+      output: output.substring(0, maxOutputSize),
+      exitCode: 0,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  } catch (err) {
+    return {
+      adapter: "shell",
+      commandId: cmd.commandId,
+      command: payload.cmd,
+      status: "error",
+      error: err.message,
+      exitCode: err.status || 1,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  }
+}
+
+// src/adapters/fileAdapter.js
+import fs12 from "fs";
+import path13 from "path";
+
+// src/core/backup.js
+import fs11 from "fs";
+import path12 from "path";
+import crypto2 from "crypto";
+function createBackup(filePath, backupDir) {
+  const dir = backupDir || path12.resolve(".lbe/data/backups");
+  if (!fs11.existsSync(dir)) {
+    fs11.mkdirSync(dir, { recursive: true });
+  }
+  const target = path12.resolve(filePath);
+  const existed = fs11.existsSync(target);
+  let content = null;
+  let hash = null;
+  if (existed) {
+    content = fs11.readFileSync(target);
+    hash = crypto2.createHash("sha256").update(content).digest("hex");
+  }
+  const basename = path12.basename(target).replace(/[^a-zA-Z0-9._-]/g, "_");
+  const backupName = `${Date.now()}-${hash ? hash.slice(0, 8) : "new"}-${basename}`;
+  const backupPath = existed ? path12.join(dir, backupName) : null;
+  if (existed && content !== null) {
+    atomicWriteFileSync(backupPath, content);
+  }
+  return {
+    originalPath: target,
+    backupPath,
+    existed,
+    hash,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function restoreBackup(backupMeta) {
+  if (!backupMeta) return { restored: false, error: "No backup metadata" };
+  const { originalPath, backupPath, existed } = backupMeta;
+  if (!existed) {
+    try {
+      if (fs11.existsSync(originalPath)) fs11.unlinkSync(originalPath);
+      return { restored: true, action: "deleted" };
+    } catch (e) {
+      return { restored: false, error: e.message };
+    }
+  }
+  if (!backupPath || !fs11.existsSync(backupPath)) {
+    return { restored: false, error: "Backup file not found at: " + backupPath };
+  }
+  try {
+    const content = fs11.readFileSync(backupPath);
+    atomicWriteFileSync(originalPath, content);
+    return { restored: true, action: "restored" };
+  } catch (e) {
+    return { restored: false, error: e.message };
+  }
+}
+
+// src/adapters/fileAdapter.js
+var MAX_READ_BYTES = 10 * 1024 * 1024;
+function resolvedTarget(target, cwd) {
+  if (!target) return null;
+  return path13.isAbsolute(target) ? path13.resolve(target) : path13.resolve(cwd || process.cwd(), target);
+}
+function isUnderRoot(targetPath, roots) {
+  const norm = resolvePhysicalPath(targetPath);
+  return roots.some((r) => {
+    const root = resolvePhysicalPath(r);
+    return norm === root || norm.startsWith(root + path13.sep);
+  });
+}
+function resolvePhysicalPath(candidate) {
+  let current = path13.resolve(candidate);
+  const suffix = [];
+  while (!fs12.existsSync(current)) {
+    const parent = path13.dirname(current);
+    if (parent === current) break;
+    suffix.unshift(path13.basename(current));
+    current = parent;
+  }
+  try {
+    current = fs12.realpathSync(current);
+  } catch {
+  }
+  return path13.join(current, ...suffix);
+}
+function matchesDenyPattern(str, patterns) {
+  for (const pattern of patterns || []) {
+    const rx = new RegExp(
+      "^" + pattern.replace(/\./g, "\\.").replace(/\*\*/g, ".*").replace(/\*/g, "[^/\\\\]*") + "$"
+    );
+    if (rx.test(str)) return pattern;
+  }
+  return null;
+}
+function blocked(cmd, code, message, exitCode = 2) {
+  return {
+    adapter: "file",
+    commandId: cmd.commandId,
+    status: "blocked",
+    errorCode: code,
+    error: message,
+    exitCode
+  };
+}
+function fail(cmd, code, message, backup = null, exitCode = 1) {
+  return {
+    adapter: "file",
+    commandId: cmd.commandId,
+    status: "error",
+    errorCode: code,
+    error: message,
+    backup: backup ? summariseBackup(backup) : null,
+    exitCode
+  };
+}
+function summariseBackup(b) {
+  return b ? { path: b.backupPath, existed: b.existed, hash: b.hash, createdAt: b.createdAt } : null;
+}
+async function fileAdapter(cmd, policy, requester) {
+  const payload = cmd.payload;
+  const action = payload.action;
+  const cwd = payload.cwd || process.cwd();
+  const target = resolvedTarget(payload.target, cwd);
+  if (!action) return blocked(cmd, "FILE_NO_ACTION", "payload.action is required");
+  if (!target && action !== "noop") return blocked(cmd, "FILE_NO_TARGET", "payload.target is required");
+  const roots = requester?.filesystem?.roots || [];
+  if (roots.length === 0) return blocked(cmd, "FILE_NO_ROOTS", "No filesystem roots defined for requester");
+  if (!isUnderRoot(target, roots)) return blocked(cmd, "FILE_OUTSIDE_ROOT", `'${target}' is outside allowed roots`);
+  const denied = matchesDenyPattern(target, requester?.filesystem?.denyPatterns);
+  if (denied) return blocked(cmd, "FILE_PATH_DENIED", `'${target}' matches deny pattern: ${denied}`);
+  switch (action) {
+    case "read":
+      return doRead(cmd, target);
+    case "write":
+      return doWrite(cmd, target, payload);
+    case "patch":
+      return doPatch(cmd, target, payload);
+    case "delete":
+      return doDelete(cmd, target);
+    default:
+      return blocked(cmd, "FILE_UNKNOWN_ACTION", `Unknown action: '${action}'`);
+  }
+}
+function doRead(cmd, target) {
+  if (!fs12.existsSync(target)) return fail(cmd, "FILE_NOT_FOUND", `Not found: ${target}`);
+  try {
+    const stat = fs12.statSync(target);
+    if (stat.size > MAX_READ_BYTES) return fail(cmd, "FILE_TOO_LARGE", "File exceeds 10 MB read limit");
+    const content = fs12.readFileSync(target, "utf8");
+    return {
+      adapter: "file",
+      action: "read",
+      commandId: cmd.commandId,
+      status: "completed",
+      target,
+      output: content,
+      bytesRead: stat.size,
+      exitCode: 0
+    };
+  } catch (e) {
+    return fail(cmd, "FILE_READ_ERROR", e.message);
+  }
+}
+function doWrite(cmd, target, payload) {
+  const content = payload.content;
+  if (content === void 0 || content === null) {
+    return fail(cmd, "FILE_MISSING_CONTENT", "payload.content is required for write");
+  }
+  const backup = tryBackup(target);
+  try {
+    atomicWriteFileSync(target, content, { encoding: "utf8" });
+    return {
+      adapter: "file",
+      action: "write",
+      commandId: cmd.commandId,
+      status: "completed",
+      target,
+      backup: summariseBackup(backup),
+      output: `Wrote ${Buffer.byteLength(content, "utf8")} bytes to ${target}`,
+      exitCode: 0
+    };
+  } catch (e) {
+    restoreBackup(backup);
+    return fail(cmd, "FILE_WRITE_ERROR", e.message, backup);
+  }
+}
+function doPatch(cmd, target, payload) {
+  const content = payload.content;
+  if (content === void 0 || content === null) {
+    return fail(cmd, "FILE_MISSING_CONTENT", "payload.content is required for patch");
+  }
+  const backup = tryBackup(target);
+  try {
+    atomicWriteFileSync(target, content, { encoding: "utf8" });
+    return {
+      adapter: "file",
+      action: "patch",
+      commandId: cmd.commandId,
+      status: "completed",
+      target,
+      backup: summariseBackup(backup),
+      output: `Patched ${target} (${Buffer.byteLength(content, "utf8")} bytes)`,
+      exitCode: 0
+    };
+  } catch (e) {
+    restoreBackup(backup);
+    return fail(cmd, "FILE_PATCH_ERROR", e.message, backup);
+  }
+}
+function doDelete(cmd, target) {
+  if (!fs12.existsSync(target)) return fail(cmd, "FILE_NOT_FOUND", `Not found: ${target}`);
+  const backup = tryBackup(target);
+  try {
+    fs12.unlinkSync(target);
+    return {
+      adapter: "file",
+      action: "delete",
+      commandId: cmd.commandId,
+      status: "completed",
+      target,
+      backup: summariseBackup(backup),
+      output: `Deleted ${target}`,
+      exitCode: 0
+    };
+  } catch (e) {
+    restoreBackup(backup);
+    return fail(cmd, "FILE_DELETE_ERROR", e.message, backup);
+  }
+}
+function tryBackup(target) {
+  try {
+    return createBackup(target);
+  } catch {
+    return null;
+  }
+}
+
+// src/adapters/index.js
+var ADAPTERS = {
+  noop: noopAdapter,
+  shell: shellAdapter,
+  file: fileAdapter
+};
+function getAdapter(name) {
+  return ADAPTERS[name];
+}
+async function executeAdapter(adapterName, cmd, policy, requester) {
+  const adapter = getAdapter(adapterName);
+  if (!adapter) {
+    return {
+      adapter: adapterName,
+      commandId: cmd.commandId,
+      status: "error",
+      error: `Adapter '${adapterName}' not found`,
+      exitCode: 1
+    };
+  }
+  try {
+    return await adapter(cmd, policy, requester);
+  } catch (err) {
+    return {
+      adapter: adapterName,
+      commandId: cmd.commandId,
+      status: "error",
+      error: `Adapter execution failed: ${err.message}`,
+      exitCode: 9
+    };
+  }
+}
+var AVAILABLE_ADAPTERS = Object.keys(ADAPTERS);
+
+// src/cli/commands/dryrun.js
+async function dryrunCommand(opts) {
+  const { in: inFile } = opts;
+  const config = opts.config || opts.policy;
+  const pubKey = opts["pub-key"];
+  const keysStorePath = opts["keys-store"] || path14.resolve(".lbe/config/keys.json");
+  const policySigPath = opts["policy-sig"] || path14.resolve(".lbe/config/policy.sig.json");
+  const policyStatePath = opts["policy-state"] || path14.resolve(".lbe/data/policy.state.json");
+  const allowUnsignedPolicy = opts["policy-unsigned-ok"] === true || String(opts["policy-unsigned-ok"]).toLowerCase() === "true";
+  if (!inFile) {
+    console.error("Error: --in <file> is required");
+    process.exit(1);
+  }
+  let proposal;
+  try {
+    const filePath = path14.resolve(inFile);
+    const content = fs13.readFileSync(filePath, "utf-8");
+    proposal = JSON.parse(content);
+  } catch (error) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "INVALID_PROPOSAL_FILE",
+      message: error.message
+    }));
+    process.exit(5);
+  }
+  let policy;
+  try {
+    const policyPath = config || path14.resolve(".lbe/config/policy.default.json");
+    if (!fs13.existsSync(policyPath)) {
+      console.error(JSON.stringify({
+        status: "error",
+        error: "MISSING_POLICY",
+        message: `Policy file not found: ${policyPath}`
+      }));
+      process.exit(1);
+    }
+    const policyContent = fs13.readFileSync(policyPath, "utf-8");
+    policy = JSON.parse(policyContent);
+  } catch (error) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "INVALID_POLICY",
+      message: error.message
+    }));
+    process.exit(1);
+  }
+  const keyStoreResult = loadKeysStore(keysStorePath);
+  const keyStore = keyStoreResult.ok ? keyStoreResult.store : null;
+  const policySigCheck = verifyPolicySignature({
+    policyObj: policy,
+    keyStore,
+    policySigPath,
+    allowUnsigned: allowUnsignedPolicy
+  });
+  if (!policySigCheck.ok) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: policySigCheck.reason,
+      message: policySigCheck.message
+    }, null, 2));
+    process.exit(8);
+  }
+  const versionCheck = validateAndUpdatePolicyVersionState({
+    policyObj: policy,
+    statePath: policyStatePath,
+    maxCreatedAtSkewSec: policy?.security?.maxPolicyCreatedAtSkewSec
+  });
+  if (!versionCheck.ok) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: versionCheck.reason,
+      message: versionCheck.message
+    }, null, 2));
+    process.exit(8);
+  }
+  const nonceDb = new NonceStore(path14.resolve(".lbe/data/nonce.db.json"));
+  await nonceDb.load();
+  if (!keyStore && !pubKey) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "MISSING_KEY_MATERIAL",
+      message: `${keyStoreResult.message}. Provide --pub-key/--pub-key-file or create .lbe/config/keys.json`
+    }));
+    process.exit(1);
+  }
+  const validateResult = validateCommand({
+    commandObj: proposal,
+    pubKeyB64: pubKey,
+    keyStore,
+    nonceDb,
+    policy
+  });
+  if (!validateResult.valid) {
+    const output2 = {
+      status: "invalid",
+      commandId: proposal.commandId || "N/A",
+      checks: validateResult.checks,
+      errors: validateResult.errors || [],
+      executionResult: null
+    };
+    console.log(JSON.stringify(output2, null, 2));
+    if (validateResult.checks.schema === false) process.exit(5);
+    if (validateResult.checks.signature === false) process.exit(3);
+    if (validateResult.checks.nonce === false) process.exit(4);
+    if (validateResult.checks.timestamp === false) process.exit(6);
+    if (validateResult.checks.rateLimit === false) process.exit(7);
+    if (validateResult.checks.policy === false) process.exit(2);
+    process.exit(9);
+  }
+  let executionResult;
+  try {
+    const requesterPolicy = policy.requesters?.[proposal.requesterId];
+    executionResult = await executeAdapter(
+      "noop",
+      proposal,
+      policy,
+      requesterPolicy
+    );
+  } catch (error) {
+    executionResult = {
+      adapter: "noop",
+      status: "error",
+      error: error.message
+    };
+  }
+  const output = {
+    status: "valid_simulated",
+    commandId: proposal.commandId || "N/A",
+    checks: validateResult.checks,
+    risk: validateResult.risk || "UNKNOWN",
+    executionResult: {
+      adapter: executionResult.adapter,
+      status: executionResult.status,
+      output: executionResult.output || executionResult.error || "",
+      exitCode: executionResult.exitCode || 0,
+      note: "This is a simulation using noop adapter. No actual execution occurred."
+    }
+  };
+  console.log(JSON.stringify(output, null, 2));
+  process.exit(0);
+}
+
+// src/cli/commands/run.js
+import fs17 from "fs";
+import path19 from "path";
+import crypto6 from "crypto";
+
+// src/core/auditLog.js
+import fs14 from "fs";
+import path15 from "path";
+import crypto3 from "crypto";
+function sha256(str) {
+  return crypto3.createHash("sha256").update(str).digest("hex");
+}
+function getLastHash(logPath) {
+  try {
+    if (!fs14.existsSync(logPath)) return "GENESIS";
+    const content = fs14.readFileSync(logPath, "utf8").trim();
+    if (!content) return "GENESIS";
+    const lines = content.split("\n");
+    const lastLine = lines[lines.length - 1];
+    try {
+      const lastEntry = JSON.parse(lastLine);
+      return lastEntry.hash || "GENESIS";
+    } catch (err) {
+      return "GENESIS";
+    }
+  } catch (err) {
+    return "GENESIS";
+  }
+}
+function appendAudit(logPath, entry) {
+  const dir = path15.dirname(logPath);
+  if (!fs14.existsSync(dir)) {
+    fs14.mkdirSync(dir, { recursive: true });
+  }
+  let result;
+  withFileLock(logPath, () => {
+    const prevHash = getLastHash(logPath);
+    const record = {
+      ...entry,
+      prevHash,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    delete record.hash;
+    const recordStr = JSON.stringify(record);
+    const hash = sha256(recordStr);
+    const final = JSON.stringify({ ...record, hash });
+    let existingContent = "";
+    if (fs14.existsSync(logPath)) {
+      existingContent = fs14.readFileSync(logPath, "utf8");
+    }
+    try {
+      atomicWriteFileSync(logPath, existingContent + final + "\n", { encoding: "utf8" });
+    } catch (err) {
+      throw new Error(`Audit log write failed: ${err.message}`);
+    }
+    result = {
+      success: true,
+      hash,
+      prevHash,
+      message: "Audit entry appended"
+    };
+  });
+  return result;
+}
+function verifyAuditLogIntegrity(logPath, options = {}) {
+  const failFast = options.failFast !== false;
+  const maxEntries = Number.isFinite(options.maxEntries) && options.maxEntries > 0 ? Math.floor(options.maxEntries) : null;
+  const response = {
+    ok: true,
+    file: path15.resolve(logPath),
+    entries: 0,
+    valid: true,
+    firstInvalidIndex: null,
+    reason: null,
+    errors: [],
+    message: "Audit log verified"
+  };
+  try {
+    if (!fs14.existsSync(logPath)) {
+      response.message = "Audit log file not found (treated as empty)";
+      return response;
+    }
+    const raw = fs14.readFileSync(logPath, "utf8").trim();
+    if (!raw) {
+      response.message = "Empty audit log";
+      return response;
+    }
+    const allLines = raw.split("\n");
+    const lines = maxEntries ? allLines.slice(0, maxEntries) : allLines;
+    response.entries = lines.length;
+    let expectedPrevHash = "GENESIS";
+    for (let i = 0; i < lines.length; i++) {
+      let entry;
+      try {
+        entry = JSON.parse(lines[i]);
+      } catch {
+        const errObj = {
+          index: i,
+          reason: "INVALID_JSON_LINE",
+          message: `Line ${i} is not valid JSON`
+        };
+        response.valid = false;
+        response.ok = false;
+        response.firstInvalidIndex ??= i;
+        response.reason ??= errObj.reason;
+        response.errors.push(errObj);
+        if (failFast) break;
+        continue;
+      }
+      if (entry.prevHash !== expectedPrevHash) {
+        const errObj = {
+          index: i,
+          reason: "PREV_HASH_MISMATCH",
+          message: `Expected prevHash '${expectedPrevHash}', got '${entry.prevHash}'`
+        };
+        response.valid = false;
+        response.ok = false;
+        response.firstInvalidIndex ??= i;
+        response.reason ??= errObj.reason;
+        response.errors.push(errObj);
+        if (failFast) break;
+      }
+      const recordCopy = { ...entry };
+      const recordHash = recordCopy.hash;
+      delete recordCopy.hash;
+      const expectedHash = sha256(JSON.stringify(recordCopy));
+      if (recordHash !== expectedHash) {
+        const errObj = {
+          index: i,
+          reason: "HASH_MISMATCH",
+          message: `Expected hash '${expectedHash}', got '${recordHash}'`
+        };
+        response.valid = false;
+        response.ok = false;
+        response.firstInvalidIndex ??= i;
+        response.reason ??= errObj.reason;
+        response.errors.push(errObj);
+        if (failFast) break;
+      }
+      expectedPrevHash = recordHash;
+    }
+    response.message = response.valid ? `Audit log verified: ${response.entries} entries` : `Audit log integrity failed at index ${response.firstInvalidIndex}`;
+    return response;
+  } catch (err) {
+    return {
+      ok: false,
+      file: path15.resolve(logPath),
+      entries: 0,
+      valid: false,
+      firstInvalidIndex: null,
+      reason: "AUDIT_VERIFY_ERROR",
+      errors: [{ index: null, reason: "AUDIT_VERIFY_ERROR", message: err.message }],
+      message: `Integrity check failed: ${err.message}`
+    };
+  }
+}
+
+// src/core/requestRateLimiter.js
+import fs15 from "fs";
+import path16 from "path";
+var RequestRateLimiter = class {
+  constructor(dbPath) {
+    this.dbPath = dbPath;
+    this.db = { entries: [] };
+  }
+  async load() {
+    try {
+      if (!fs15.existsSync(this.dbPath)) {
+        this.db = { entries: [] };
+        return;
+      }
+      const data = fs15.readFileSync(this.dbPath, "utf8");
+      this.db = JSON.parse(data);
+      if (!Array.isArray(this.db.entries)) {
+        this.db = { entries: [] };
+      }
+    } catch {
+      this.db = { entries: [] };
+    }
+  }
+  async save() {
+    const dir = path16.dirname(this.dbPath);
+    if (!fs15.existsSync(dir)) {
+      fs15.mkdirSync(dir, { recursive: true });
+    }
+    atomicWriteFileSync(this.dbPath, JSON.stringify(this.db, null, 2), { encoding: "utf8" });
+  }
+  checkAndRecord({ requesterId, nowSec, windowSec, maxRequests }) {
+    const now = Number.isFinite(nowSec) ? nowSec : Math.floor(Date.now() / 1e3);
+    const window = Number.isFinite(windowSec) && windowSec > 0 ? windowSec : 60;
+    const limit = Number.isFinite(maxRequests) && maxRequests > 0 ? maxRequests : 30;
+    const cutoff = now - window;
+    this.db.entries = this.db.entries.filter((entry) => entry.timestamp >= cutoff);
+    const requesterEntries = this.db.entries.filter((entry) => entry.requesterId === requesterId);
+    if (requesterEntries.length >= limit) {
+      const oldest = requesterEntries.sort((a, b) => a.timestamp - b.timestamp)[0];
+      const retryAfterSec = Math.max(1, window - (now - oldest.timestamp));
+      return {
+        ok: false,
+        reason: "RATE_LIMIT_EXCEEDED",
+        message: `Rate limit exceeded for '${requesterId}' (${limit}/${window}s)`,
+        retryAfterSec
+      };
+    }
+    this.db.entries.push({ requesterId, timestamp: now });
+    return {
+      ok: true,
+      reason: null,
+      message: "Rate limit check passed",
+      retryAfterSec: 0
+    };
+  }
+};
+
+// src/core/approval-token.js
+import crypto4 from "crypto";
+
+// src/core/checkpoint-store.js
+import path17 from "path";
+var CheckpointStore = class {
+  constructor(dbPath) {
+    this.dbPath = dbPath || path17.resolve(".lbe/data/checkpoints.db.json");
+    this.store = { checkpoints: {}, tokens: {} };
+    this._load();
+  }
+  _load() {
+    const data = readJSONSafe(this.dbPath);
+    if (data) {
+      this.store = data;
+      this.store.checkpoints = this.store.checkpoints || {};
+      this.store.tokens = this.store.tokens || {};
+    }
+  }
+  _save() {
+    const jsonStr = JSON.stringify(this.store, null, 2);
+    atomicWriteFileSync(this.dbPath, jsonStr, { encoding: "utf8" });
+  }
+  // --- Checkpoint Management ---
+  saveCheckpoint(jobId, state) {
+    this.store.checkpoints[jobId] = {
+      jobId,
+      ...state,
+      updatedAt: Date.now()
+    };
+    this._save();
+  }
+  getCheckpoint(jobId) {
+    return this.store.checkpoints[jobId] || null;
+  }
+  getAllCheckpoints() {
+    return Object.values(this.store.checkpoints);
+  }
+  removeCheckpoint(jobId) {
+    if (this.store.checkpoints[jobId]) {
+      delete this.store.checkpoints[jobId];
+      this._save();
+      return true;
+    }
+    return false;
+  }
+  // --- Approval Token Management ---
+  saveToken(tokenId, tokenData) {
+    this.store.tokens[tokenId] = {
+      tokenId,
+      ...tokenData,
+      createdAt: Date.now()
+    };
+    this._save();
+  }
+  getToken(tokenId) {
+    return this.store.tokens[tokenId] || null;
+  }
+  getAllTokens() {
+    return Object.values(this.store.tokens);
+  }
+  removeToken(tokenId) {
+    if (this.store.tokens[tokenId]) {
+      delete this.store.tokens[tokenId];
+      this._save();
+      return true;
+    }
+    return false;
+  }
+};
+var instance = null;
+function getCheckpointStore(dbPath) {
+  if (!instance) {
+    instance = new CheckpointStore(dbPath);
+  }
+  return instance;
+}
+
+// src/core/approval-token.js
+var ApprovalManager = class {
+  constructor(storePath) {
+    this.store = getCheckpointStore(storePath);
+    this._pendingResolvers = /* @__PURE__ */ new Map();
+  }
+  /**
+   * Create a new approval token and persist it
+   * @param {string} jobId The workflow or job ID awaiting approval
+   * @param {object} context Contextual data for the approver
+   */
+  createToken(jobId, context = {}) {
+    const tokenId = crypto4.randomBytes(16).toString("hex");
+    const tokenData = {
+      jobId,
+      context,
+      status: "pending",
+      expiresAt: Date.now() + 24 * 60 * 60 * 1e3
+      // 24 hours
+    };
+    this.store.saveToken(tokenId, tokenData);
+    return tokenId;
+  }
+  /**
+   * Rehydrate an approval wait into memory.
+   * This allows a resumed workflow to await a previously created token.
+   * @param {string} tokenId The token to await
+   * @returns {Promise} Resolves when approved, rejects when denied or expired
+   */
+  awaitApproval(tokenId) {
+    const token = this.store.getToken(tokenId);
+    if (!token) {
+      return Promise.reject(new Error(`Approval token ${tokenId} not found`));
+    }
+    if (token.status !== "pending") {
+      return Promise.reject(new Error(`Approval token ${tokenId} is no longer pending (status: ${token.status})`));
+    }
+    if (Date.now() > token.expiresAt) {
+      this.store.removeToken(tokenId);
+      return Promise.reject(new Error(`Approval token ${tokenId} expired`));
+    }
+    return new Promise((resolve, reject) => {
+      this._pendingResolvers.set(tokenId, { resolve, reject });
+    });
+  }
+  /**
+   * Approve a pending token
+   */
+  approve(tokenId, approverData = {}) {
+    const token = this.store.getToken(tokenId);
+    if (!token) throw new Error("Token not found");
+    if (token.status !== "pending") throw new Error("Token not pending");
+    this.store.saveToken(tokenId, { ...token, status: "approved", approverData, resolvedAt: Date.now() });
+    const resolver = this._pendingResolvers.get(tokenId);
+    if (resolver) {
+      resolver.resolve({ approved: true, approverData });
+      this._pendingResolvers.delete(tokenId);
+    }
+    return true;
+  }
+  /**
+   * Deny a pending token
+   */
+  deny(tokenId, reason = "Manually denied") {
+    const token = this.store.getToken(tokenId);
+    if (!token) throw new Error("Token not found");
+    if (token.status !== "pending") throw new Error("Token not pending");
+    this.store.saveToken(tokenId, { ...token, status: "denied", reason, resolvedAt: Date.now() });
+    const resolver = this._pendingResolvers.get(tokenId);
+    if (resolver) {
+      resolver.reject(new Error(`Approval denied: ${reason}`));
+      this._pendingResolvers.delete(tokenId);
+    }
+    return true;
+  }
+};
+var instance2 = null;
+function getApprovalManager(storePath) {
+  if (!instance2) {
+    instance2 = new ApprovalManager(storePath);
+  }
+  return instance2;
+}
+
+// src/core/localPolicy.js
+import fs16 from "fs";
+import path18 from "path";
+import crypto5 from "crypto";
+var POLICY_FILE = ".lbe/policy.json";
+var AUDIT_FILE = ".lbe/audit.jsonl";
+function glob(pattern) {
+  const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&");
+  return new RegExp("^" + escaped.replace(/\*\*\//g, "(?:.*/)?").replace(/\*\*/g, ".*").replace(/\*/g, "[^/]*") + "$");
+}
+function relative(root, value) {
+  const rel = path18.relative(root, path18.resolve(value));
+  return rel.split(path18.sep).join("/");
+}
+function localPolicyPaths(rootDir) {
+  const root = path18.resolve(rootDir || process.cwd());
+  return { root, policyPath: path18.join(root, POLICY_FILE), auditPath: path18.join(root, AUDIT_FILE) };
+}
+function loadLocalPolicy(rootDir, mode = "observe") {
+  const paths = localPolicyPaths(rootDir);
+  if (!fs16.existsSync(paths.policyPath)) {
+    return { ...paths, policy: { version: 1, mode, workspace: paths.root, rules: [] } };
+  }
+  const policy = JSON.parse(fs16.readFileSync(paths.policyPath, "utf8"));
+  if (policy?.version !== 1 || !["observe", "enforce"].includes(policy.mode) || !Array.isArray(policy.rules)) {
+    throw new Error(`Invalid ${POLICY_FILE}`);
+  }
+  return { ...paths, policy };
+}
+function writeLocalPolicy(rootDir, policy) {
+  const { policyPath, root } = localPolicyPaths(rootDir);
+  const next = { ...policy, version: 1, workspace: root, rules: Array.isArray(policy.rules) ? policy.rules : [] };
+  atomicWriteFileSync(policyPath, JSON.stringify(next, null, 2) + "\n", { encoding: "utf8" });
+  return next;
+}
+function addLocalPolicyRule(rootDir, rule, mode) {
+  if (!rule || !["allow", "deny"].includes(rule.effect) || !["path", "command"].includes(rule.type) || typeof rule.pattern !== "string" || !rule.pattern || typeof rule.from !== "string" || !rule.from) {
+    throw new Error("Rule requires effect, type, pattern, and from");
+  }
+  const loaded = loadLocalPolicy(rootDir, mode);
+  const entry = {
+    id: rule.id || crypto5.randomUUID(),
+    effect: rule.effect,
+    type: rule.type,
+    pattern: rule.pattern,
+    from: rule.from,
+    at: rule.at || (/* @__PURE__ */ new Date()).toISOString()
+  };
+  writeLocalPolicy(loaded.root, { ...loaded.policy, mode: mode || loaded.policy.mode, rules: [...loaded.policy.rules, entry] });
+  return { id: entry.id, added: true, rule: entry };
+}
+function evaluateLocalPolicy(policy, rootDir, { target, command } = {}) {
+  const root = path18.resolve(rootDir);
+  const candidates = [];
+  if (target) candidates.push({ type: "path", value: relative(root, target) });
+  if (command) candidates.push({ type: "command", value: command });
+  const matched = policy.rules.filter((rule) => candidates.some((c) => c.type === rule.type && glob(rule.pattern).test(c.value)));
+  const denied = matched.filter((rule) => rule.effect === "deny");
+  return { allowed: denied.length === 0, matched, winningRules: denied.length ? denied : matched.filter((r) => r.effect === "allow"), reason: denied.length ? "LOCAL_POLICY_DENY" : null };
+}
+function auditLocalPolicy(rootDir, entry) {
+  const { auditPath } = localPolicyPaths(rootDir);
+  appendAudit(auditPath, { kind: "local_policy", timestamp: (/* @__PURE__ */ new Date()).toISOString(), ...entry });
+}
+
+// src/cli/commands/run.js
+function sha2562(obj) {
+  return crypto6.createHash("sha256").update(JSON.stringify(obj)).digest("hex");
+}
+async function runCommand(opts) {
+  const { in: inFile } = opts;
+  const config = opts.config || opts.policy;
+  const pubKey = opts["pub-key"];
+  const keysStorePath = opts["keys-store"] || path19.resolve(".lbe/config/keys.json");
+  const policySigPath = opts["policy-sig"] || path19.resolve(".lbe/config/policy.sig.json");
+  const policyStatePath = opts["policy-state"] || path19.resolve(".lbe/data/policy.state.json");
+  const allowUnsignedPolicy = opts["policy-unsigned-ok"] === true || String(opts["policy-unsigned-ok"]).toLowerCase() === "true";
+  if (!inFile) {
+    console.error("Error: --in <file> is required");
+    process.exit(1);
+  }
+  let proposal;
+  try {
+    const filePath = path19.resolve(inFile);
+    const content = fs17.readFileSync(filePath, "utf-8");
+    proposal = JSON.parse(content);
+  } catch (error) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "INVALID_PROPOSAL_FILE",
+      message: error.message
+    }));
+    process.exit(5);
+  }
+  let policy;
+  try {
+    const policyPath = config || path19.resolve(".lbe/config/policy.default.json");
+    if (!fs17.existsSync(policyPath)) {
+      console.error(JSON.stringify({
+        status: "error",
+        error: "MISSING_POLICY",
+        message: `Policy file not found: ${policyPath}`
+      }));
+      process.exit(1);
+    }
+    const policyContent = fs17.readFileSync(policyPath, "utf-8");
+    policy = JSON.parse(policyContent);
+  } catch (error) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "INVALID_POLICY",
+      message: error.message
+    }));
+    process.exit(1);
+  }
+  const rootDir = process.cwd();
+  let localPolicy;
+  try {
+    localPolicy = loadLocalPolicy(rootDir);
+  } catch (error) {
+    console.error(JSON.stringify({ status: "error", error: "LOCAL_POLICY_INVALID", message: error.message }));
+    process.exit(1);
+  }
+  const localDecision = evaluateLocalPolicy(localPolicy.policy, rootDir, {
+    target: proposal.payload?.target,
+    command: proposal.payload?.cmd
+  });
+  const localBlocked = localPolicy.policy.mode === "enforce" && !localDecision.allowed;
+  auditLocalPolicy(rootDir, {
+    commandId: proposal.commandId || "N/A",
+    requesterId: proposal.requesterId || "unknown",
+    mode: localPolicy.policy.mode,
+    decision: localBlocked ? "deny" : "allow",
+    wouldDeny: !localDecision.allowed,
+    ruleIds: localDecision.winningRules.map((rule) => rule.id)
+  });
+  if (localBlocked) {
+    console.error(JSON.stringify({ status: "blocked", error: "LOCAL_POLICY_DENY", ruleIds: localDecision.winningRules.map((rule) => rule.id) }, null, 2));
+    process.exit(2);
+  }
+  const keyStoreResult = loadKeysStore(keysStorePath);
+  const keyStore = keyStoreResult.ok ? keyStoreResult.store : null;
+  const policySigCheck = verifyPolicySignature({
+    policyObj: policy,
+    keyStore,
+    policySigPath,
+    allowUnsigned: allowUnsignedPolicy
+  });
+  if (!policySigCheck.ok) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: policySigCheck.reason,
+      message: policySigCheck.message
+    }, null, 2));
+    process.exit(8);
+  }
+  const versionCheck = validateAndUpdatePolicyVersionState({
+    policyObj: policy,
+    statePath: policyStatePath,
+    maxCreatedAtSkewSec: policy?.security?.maxPolicyCreatedAtSkewSec
+  });
+  if (!versionCheck.ok) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: versionCheck.reason,
+      message: versionCheck.message
+    }, null, 2));
+    process.exit(8);
+  }
+  const nonceDb = new NonceStore(path19.resolve(".lbe/data/nonce.db.json"));
+  await nonceDb.load();
+  if (!keyStore && !pubKey) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "MISSING_KEY_MATERIAL",
+      message: `${keyStoreResult.message}. Provide --pub-key/--pub-key-file or create .lbe/config/keys.json`
+    }));
+    process.exit(1);
+  }
+  const rateLimiter = new RequestRateLimiter(path19.resolve(".lbe/data/rate-limit.db.json"));
+  await rateLimiter.load();
+  const validateResult = validateCommand({
+    commandObj: proposal,
+    pubKeyB64: pubKey,
+    keyStore,
+    nonceDb,
+    policy,
+    rateLimiter
+  });
+  if (!validateResult.valid) {
+    try {
+      await nonceDb.save();
+      await rateLimiter.save();
+    } catch {
+    }
+    const output2 = {
+      status: "invalid",
+      commandId: proposal.commandId || "N/A",
+      checks: validateResult.checks,
+      errors: validateResult.errors || [],
+      executionResult: null
+    };
+    console.error(JSON.stringify(output2, null, 2));
+    const auditPath2 = path19.resolve(".lbe/data/audit.log.jsonl");
+    try {
+      appendAudit(auditPath2, {
+        commandId: proposal.commandId || "N/A",
+        status: "rejected",
+        requesterId: proposal.requesterId || "unknown",
+        payloadHash: sha2562(proposal),
+        reason: validateResult.checks,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    } catch (auditErr) {
+      console.error(JSON.stringify({
+        status: "error",
+        error: "AUDIT_WRITE_FAILED",
+        message: auditErr.message
+      }));
+      process.exit(10);
+    }
+    if (validateResult.checks.schema === false) process.exit(5);
+    if (validateResult.checks.signature === false) process.exit(3);
+    if (validateResult.checks.nonce === false) process.exit(4);
+    if (validateResult.checks.timestamp === false) process.exit(6);
+    if (validateResult.checks.rateLimit === false) process.exit(7);
+    if (validateResult.checks.policy === false) process.exit(2);
+    process.exit(9);
+  }
+  const risk = validateResult.risk || "LOW";
+  const adapterName = proposal.payload.adapter || "shell";
+  const requesterPolicy = policy.requesters?.[proposal.requesterId];
+  const approvalRule = requesterPolicy?.requireApproval;
+  const approvalRequired = approvalRule === true || Array.isArray(approvalRule) && (approvalRule.includes(risk) || approvalRule.includes("*") || ["HIGH", "CRITICAL"].includes(risk) && approvalRule.includes("HIGH+"));
+  if (approvalRequired) {
+    const mgr = getApprovalManager();
+    const tokenId = mgr.createToken(proposal.commandId, {
+      requesterId: proposal.requesterId,
+      adapter: adapterName,
+      risk
+    });
+    await nonceDb.save().catch(() => {
+    });
+    await rateLimiter.save().catch(() => {
+    });
+    console.log(JSON.stringify({
+      status: "approval_required",
+      commandId: proposal.commandId || "N/A",
+      risk,
+      approvalToken: tokenId,
+      message: `${risk} risk operation requires operator approval. Approve with: lbe approve --token ${tokenId}`
+    }, null, 2));
+    process.exit(11);
+  }
+  let backup = null;
+  const shouldBackup = opts.backup === true || adapterName === "file";
+  if (shouldBackup && proposal.payload.target) {
+    try {
+      backup = createBackup(path19.resolve(proposal.payload.target));
+    } catch {
+    }
+  }
+  let executionResult;
+  try {
+    executionResult = await executeAdapter(adapterName, proposal, policy, requesterPolicy);
+  } catch (error) {
+    executionResult = {
+      adapter: adapterName,
+      status: "error",
+      error: error.message,
+      exitCode: 1
+    };
+  }
+  const executionFailed = executionResult.status === "error" || executionResult.exitCode !== 0;
+  let rollbackResult = null;
+  if (executionFailed && backup && opts["rollback-on-failure"] !== false) {
+    try {
+      rollbackResult = restoreBackup(backup);
+    } catch (e) {
+      rollbackResult = { restored: false, error: e.message };
+    }
+  }
+  let postValidation = null;
+  if (!executionFailed && proposal.payload.target) {
+    const writeActions = ["write", "patch"];
+    if (writeActions.includes(proposal.payload.action)) {
+      const exists2 = fs17.existsSync(path19.resolve(proposal.payload.target));
+      postValidation = { ok: exists2, check: "target_exists", target: proposal.payload.target };
+      if (!exists2 && backup) {
+        rollbackResult = restoreBackup(backup);
+        executionResult.status = "error";
+      }
+    }
+  }
+  const auditPath = path19.resolve(".lbe/data/audit.log.jsonl");
+  try {
+    appendAudit(auditPath, {
+      commandId: proposal.commandId || "N/A",
+      status: rollbackResult?.restored ? "rolled_back" : executionResult.status || "completed",
+      requesterId: proposal.requesterId || "unknown",
+      payloadHash: sha2562(proposal),
+      executionHash: sha2562(executionResult),
+      adapter: executionResult.adapter,
+      riskLevel: risk,
+      exitCode: executionResult.exitCode || 0,
+      rolledBack: rollbackResult?.restored || false,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString()
+    });
+  } catch (auditErr) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "AUDIT_WRITE_FAILED",
+      message: auditErr.message
+    }));
+    process.exit(10);
+  }
+  await nonceDb.save();
+  await rateLimiter.save();
+  const output = {
+    status: executionFailed || postValidation && !postValidation.ok ? "failed" : "executed",
+    commandId: proposal.commandId || "N/A",
+    risk,
+    checks: validateResult.checks,
+    executionResult: {
+      adapter: executionResult.adapter,
+      status: executionResult.status || "completed",
+      output: executionResult.output || executionResult.error || "",
+      exitCode: executionResult.exitCode || 0
+    },
+    backup: backup ? { path: backup.backupPath, existed: backup.existed, hash: backup.hash } : null,
+    rollback: rollbackResult,
+    postValidation
+  };
+  console.log(JSON.stringify(output, null, 2));
+  process.exit(executionResult.exitCode || 0);
+}
+
+// src/cli/commands/auditVerify.js
+import path20 from "path";
+function toBoolean(value, defaultValue) {
+  if (value === void 0) return defaultValue;
+  if (value === true || value === false) return value;
+  const normalized = String(value).trim().toLowerCase();
+  if (normalized === "true" || normalized === "1" || normalized === "yes") return true;
+  if (normalized === "false" || normalized === "0" || normalized === "no") return false;
+  return defaultValue;
+}
+async function auditVerifyCommand(opts) {
+  const auditPath = opts.audit ? path20.resolve(opts.audit) : path20.resolve(".lbe/data/audit.log.jsonl");
+  const failFast = toBoolean(opts["fail-fast"], true);
+  const jsonOutput = toBoolean(opts.json, true);
+  const maxEntries = Number.isFinite(Number(opts.max)) ? Number(opts.max) : void 0;
+  const result = verifyAuditLogIntegrity(auditPath, { failFast, maxEntries });
+  if (jsonOutput) {
+    console.log(JSON.stringify(result, null, 2));
+  } else if (result.valid) {
+    console.log(`OK: ${result.file}`);
+    console.log(`Entries: ${result.entries}`);
+  } else {
+    console.log(`FAIL: ${result.file}`);
+    console.log(`First invalid index: ${result.firstInvalidIndex}`);
+    console.log(`Reason: ${result.reason}`);
+  }
+  process.exit(result.valid ? 0 : 8);
+}
+
+// src/cli/commands/integrityCheck.js
+import path22 from "path";
+
+// src/core/integrity.js
+import fs18 from "fs";
+import path21 from "path";
+import crypto7 from "crypto";
+import { fileURLToPath as fileURLToPath2 } from "url";
+var __dirname = path21.dirname(fileURLToPath2(import.meta.url));
+function sha256File(filePath) {
+  try {
+    const content = fs18.readFileSync(filePath);
+    return crypto7.createHash("sha256").update(content).digest("hex");
+  } catch (err) {
+    return null;
+  }
+}
+function generateIntegrityManifest(rootDir = path21.join(__dirname, "../..")) {
+  const manifest = {};
+  const criticalFiles = [
+    "src/core/signature.js",
+    "src/core/validator.js",
+    "src/core/policyEngine.js",
+    "src/core/nonceStore.js",
+    "src/core/auditLog.js",
+    "src/core/schema.js",
+    "bin/lbe.js"
+  ];
+  for (const file of criticalFiles) {
+    const filePath = path21.join(rootDir, file);
+    const hash = sha256File(filePath);
+    if (hash) {
+      manifest[file] = hash;
+    }
+  }
+  return manifest;
+}
+function verifyIntegrity(manifest, rootDir = path21.join(__dirname, "../..")) {
+  const results = {
+    valid: true,
+    mismatches: [],
+    missing: [],
+    checkedFiles: 0
+  };
+  for (const [file, expectedHash] of Object.entries(manifest)) {
+    const filePath = path21.join(rootDir, file);
+    if (!fs18.existsSync(filePath)) {
+      results.valid = false;
+      results.missing.push(file);
+      continue;
+    }
+    const actualHash = sha256File(filePath);
+    results.checkedFiles++;
+    if (actualHash !== expectedHash) {
+      results.valid = false;
+      results.mismatches.push({
+        file,
+        expected: expectedHash,
+        actual: actualHash
+      });
+    }
+  }
+  return results;
+}
+async function performIntegrityCheck(options = {}) {
+  const opts = typeof options === "string" || options === null ? { manifestPath: options } : options;
+  const rootDir = opts.rootDir || path21.join(__dirname, "../..");
+  const strict = opts.strict === true;
+  const manifestPath = opts.manifestPath || path21.join(rootDir, ".lbe/config/integrity.manifest.json");
+  if (!fs18.existsSync(manifestPath)) {
+    if (strict) {
+      return {
+        valid: false,
+        skipped: false,
+        reason: "INTEGRITY_MANIFEST_MISSING",
+        message: `Integrity manifest not found: ${manifestPath}`,
+        checkedFiles: 0,
+        mismatches: [],
+        missing: []
+      };
+    }
+    return {
+      valid: true,
+      skipped: true,
+      reason: null,
+      message: "Integrity manifest not found - check skipped",
+      checkedFiles: 0,
+      mismatches: [],
+      missing: []
+    };
+  }
+  try {
+    const manifestContent = fs18.readFileSync(manifestPath, "utf8");
+    const manifest = JSON.parse(manifestContent);
+    const result = verifyIntegrity(manifest, rootDir);
+    return {
+      ...result,
+      skipped: false,
+      reason: result.valid ? null : "INTEGRITY_CHECK_FAILED",
+      message: result.valid ? `Integrity check passed (${result.checkedFiles} files verified)` : "Runtime integrity check failed - system may be tampered"
+    };
+  } catch (err) {
+    return {
+      valid: false,
+      skipped: false,
+      reason: "INTEGRITY_CHECK_ERROR",
+      message: `Integrity check error: ${err.message}`,
+      checkedFiles: 0,
+      mismatches: [],
+      missing: []
+    };
+  }
+}
+function writeIntegrityManifest({
+  outputPath = path21.join(__dirname, "../../.lbe/config/integrity.manifest.json"),
+  rootDir = path21.join(__dirname, "../..")
+} = {}) {
+  const manifest = generateIntegrityManifest(rootDir);
+  const output = JSON.stringify(manifest, null, 2);
+  const outDir = path21.dirname(outputPath);
+  if (!fs18.existsSync(outDir)) {
+    fs18.mkdirSync(outDir, { recursive: true });
+  }
+  fs18.writeFileSync(outputPath, output);
+  return {
+    outputPath,
+    fileCount: Object.keys(manifest).length,
+    manifest
+  };
+}
+
+// src/cli/commands/integrityCheck.js
+function toBoolean2(value, defaultValue = false) {
+  if (value === void 0) return defaultValue;
+  if (value === true || value === false) return value;
+  const normalized = String(value).trim().toLowerCase();
+  if (normalized === "true" || normalized === "1" || normalized === "yes") return true;
+  if (normalized === "false" || normalized === "0" || normalized === "no") return false;
+  return defaultValue;
+}
+async function integrityCheckCommand(opts) {
+  const strict = toBoolean2(opts.strict, false) || toBoolean2(opts["integrity-strict"], false);
+  const manifestPath = opts.manifest ? path22.resolve(opts.manifest) : path22.resolve(opts["integrity-manifest"] || ".lbe/config/integrity.manifest.json");
+  const jsonOutput = toBoolean2(opts.json, true);
+  const result = await performIntegrityCheck({
+    manifestPath,
+    strict
+  });
+  if (jsonOutput) {
+    console.log(JSON.stringify({
+      ok: result.valid,
+      valid: result.valid,
+      skipped: result.skipped === true,
+      strict,
+      manifestPath,
+      checkedFiles: result.checkedFiles,
+      mismatches: result.mismatches || [],
+      missing: result.missing || [],
+      reason: result.reason || null,
+      message: result.message
+    }, null, 2));
+  } else {
+    console.log(result.message);
+  }
+  process.exit(result.valid ? 0 : 8);
+}
+async function integrityGenerateCommand(opts) {
+  const outputPath = path22.resolve(opts.out || opts.output || opts.manifest || ".lbe/config/integrity.manifest.json");
+  const result = writeIntegrityManifest({ outputPath });
+  console.log(JSON.stringify({
+    ok: true,
+    outputPath: result.outputPath,
+    fileCount: result.fileCount
+  }, null, 2));
+  process.exit(0);
+}
+
+// src/cli/commands/policySign.js
+import fs19 from "fs";
+import path23 from "path";
+async function policySignCommand(opts) {
+  const policyPath = path23.resolve(opts.config || opts.policy || ".lbe/config/policy.default.json");
+  const sigPath = path23.resolve(opts["policy-sig"] || ".lbe/config/policy.sig.json");
+  const secretKeyPath = path23.resolve(opts["secret-key-file"] || ".lbe/keys/secret.key");
+  const keyId = String(opts["policy-key-id"] || "policy-signer-v1-2026Q1");
+  if (!fs19.existsSync(policyPath)) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "POLICY_FILE_MISSING",
+      message: `Policy file not found: ${policyPath}`
+    }, null, 2));
+    process.exit(1);
+  }
+  if (!fs19.existsSync(secretKeyPath)) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "SECRET_KEY_MISSING",
+      message: `Secret key file not found: ${secretKeyPath}`
+    }, null, 2));
+    process.exit(1);
+  }
+  const policyObj = JSON.parse(fs19.readFileSync(policyPath, "utf8"));
+  if (typeof policyObj.version === "undefined" || typeof policyObj.createdAt === "undefined") {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "POLICY_VERSION_METADATA_MISSING",
+      message: "Policy must include version and createdAt before signing"
+    }, null, 2));
+    process.exit(8);
+  }
+  const secretKeyB64 = fs19.readFileSync(secretKeyPath, "utf8").trim();
+  const signResult = createPolicySignatureEnvelope({
+    policyObj,
+    secretKeyB64,
+    keyId
+  });
+  if (!signResult.ok) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: signResult.reason || "POLICY_SIGN_FAILED",
+      message: signResult.message
+    }, null, 2));
+    process.exit(8);
+  }
+  const outDir = path23.dirname(sigPath);
+  if (!fs19.existsSync(outDir)) {
+    fs19.mkdirSync(outDir, { recursive: true });
+  }
+  fs19.writeFileSync(sigPath, JSON.stringify(signResult.envelope, null, 2));
+  console.log(JSON.stringify({
+    status: "ok",
+    message: "Policy signature written",
+    policy: policyPath,
+    policySig: sigPath,
+    keyId
+  }, null, 2));
+  process.exit(0);
+}
+
+// src/cli/commands/health.js
+import fs20 from "fs";
+import path24 from "path";
+function toBoolean3(value, defaultValue) {
+  if (value === void 0) return defaultValue;
+  if (value === true || value === false) return value;
+  const normalized = String(value).trim().toLowerCase();
+  if (normalized === "true" || normalized === "1" || normalized === "yes") return true;
+  if (normalized === "false" || normalized === "0" || normalized === "no") return false;
+  return defaultValue;
+}
+function addCheck(checks, name, ok, message) {
+  checks[name] = { ok, message };
+}
+function canReadFile(filePath) {
+  try {
+    fs20.accessSync(filePath, fs20.constants.R_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function checkDataWritable(dataDir) {
+  const marker = path24.join(dataDir, `.healthcheck-${Date.now()}`);
+  try {
+    fs20.mkdirSync(dataDir, { recursive: true });
+    fs20.writeFileSync(marker, "ok", "utf8");
+    fs20.unlinkSync(marker);
+    return { ok: true, message: "Data directory writable" };
+  } catch (error) {
+    return { ok: false, message: `Data directory not writable: ${error.message}` };
+  }
+}
+async function healthCommand(opts) {
+  const jsonOutput = toBoolean3(opts.json, true);
+  const policyPath = path24.resolve(opts.config || opts.policy || ".lbe/config/policy.default.json");
+  const policySigPath = path24.resolve(opts["policy-sig"] || ".lbe/config/policy.sig.json");
+  const keysStorePath = path24.resolve(opts["keys-store"] || ".lbe/config/keys.json");
+  const dataDir = path24.resolve(opts["data-dir"] || ".lbe/data");
+  const auditPath = path24.resolve(opts.audit || path24.join(dataDir, "audit.log.jsonl"));
+  const noncePath = path24.resolve(opts["nonce-db"] || path24.join(dataDir, "nonce.db.json"));
+  const ratePath = path24.resolve(opts["rate-db"] || path24.join(dataDir, "rate-limit.db.json"));
+  const policyStatePath = path24.resolve(opts["policy-state"] || path24.join(dataDir, "policy.state.json"));
+  const integrityStrict = toBoolean3(opts["integrity-strict"], false);
+  const integrityManifestPath = path24.resolve(opts["integrity-manifest"] || ".lbe/config/integrity.manifest.json");
+  const checks = {};
+  addCheck(
+    checks,
+    "policy",
+    fs20.existsSync(policyPath) && canReadFile(policyPath),
+    fs20.existsSync(policyPath) ? `Policy file readable: ${policyPath}` : `Policy file missing: ${policyPath}`
+  );
+  addCheck(
+    checks,
+    "policySignature",
+    fs20.existsSync(policySigPath) && canReadFile(policySigPath),
+    fs20.existsSync(policySigPath) ? `Policy signature readable: ${policySigPath}` : `Policy signature missing: ${policySigPath}`
+  );
+  addCheck(
+    checks,
+    "trustedKeys",
+    fs20.existsSync(keysStorePath) && canReadFile(keysStorePath),
+    fs20.existsSync(keysStorePath) ? `Trusted keys readable: ${keysStorePath}` : `Trusted keys missing: ${keysStorePath}`
+  );
+  addCheck(
+    checks,
+    "auditLog",
+    fs20.existsSync(auditPath) && canReadFile(auditPath),
+    fs20.existsSync(auditPath) ? `Audit log readable: ${auditPath}` : `Audit log missing: ${auditPath}`
+  );
+  addCheck(
+    checks,
+    "nonceDb",
+    fs20.existsSync(noncePath) && canReadFile(noncePath),
+    fs20.existsSync(noncePath) ? `Nonce DB readable: ${noncePath}` : `Nonce DB missing: ${noncePath}`
+  );
+  addCheck(
+    checks,
+    "rateLimitDb",
+    fs20.existsSync(ratePath) && canReadFile(ratePath),
+    fs20.existsSync(ratePath) ? `Rate-limit DB readable: ${ratePath}` : `Rate-limit DB missing: ${ratePath}`
+  );
+  addCheck(
+    checks,
+    "policyState",
+    fs20.existsSync(policyStatePath) && canReadFile(policyStatePath),
+    fs20.existsSync(policyStatePath) ? `Policy state readable: ${policyStatePath}` : `Policy state missing: ${policyStatePath}`
+  );
+  const writable = checkDataWritable(dataDir);
+  addCheck(checks, "dataWritable", writable.ok, writable.message);
+  if (integrityStrict) {
+    const integrity = await performIntegrityCheck({
+      strict: true,
+      manifestPath: integrityManifestPath
+    });
+    addCheck(
+      checks,
+      "integrity",
+      integrity.valid,
+      integrity.valid ? integrity.message : `${integrity.reason}: ${integrity.message}`
+    );
+  }
+  const allOk = Object.values(checks).every((c) => c.ok === true);
+  const output = {
+    ok: allOk,
+    status: allOk ? "healthy" : "unhealthy",
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    checks
+  };
+  if (jsonOutput) {
+    console.log(JSON.stringify(output, null, 2));
+  } else {
+    console.log(`${output.status.toUpperCase()}: ${Object.keys(checks).length} checks`);
+  }
+  process.exit(allOk ? 0 : 8);
+}
+
+// src/cli/commands/policyAdd.js
+async function policyAddCommand(opts = {}) {
+  const result = addLocalPolicyRule(opts.root || process.cwd(), {
+    effect: opts.effect,
+    type: opts.type,
+    pattern: opts.pattern,
+    from: opts.from
+  }, opts.mode);
+  console.log(JSON.stringify(result, null, 2));
+}
+
+// src/cli/commands/policyMode.js
+async function policyModeCommand(mode, opts = {}) {
+  const loaded = loadLocalPolicy(opts.root || process.cwd(), mode);
+  writeLocalPolicy(loaded.root, { ...loaded.policy, mode });
+  console.log(JSON.stringify({ mode, policy: loaded.policyPath }, null, 2));
+}
+
+// src/cli/commands/status.js
+import fs25 from "node:fs";
+import path30 from "node:path";
+
+// src/state/index.js
+import fs24 from "node:fs";
+import path29 from "node:path";
+
+// src/state/workspaceId.js
+import crypto8 from "node:crypto";
+import fs21 from "node:fs";
+import path25 from "node:path";
+function canonicalWorkspacePath(workspaceRoot) {
+  let resolved;
+  try {
+    resolved = fs21.realpathSync.native(workspaceRoot);
+  } catch (_) {
+    resolved = path25.resolve(workspaceRoot);
+  }
+  const normalised = path25.normalize(resolved);
+  return process.platform === "win32" ? normalised.toLowerCase() : normalised;
+}
+function workspaceId(workspaceRoot) {
+  return crypto8.createHash("sha256").update(canonicalWorkspacePath(workspaceRoot)).digest("hex");
+}
+function workspaceStateDir(stateRoot2, id) {
+  return path25.join(stateRoot2, "workspaces", id.slice(0, 2), id.slice(2, 4), id.slice(4, 6), id);
+}
+
+// src/state/stateRoot.js
+import path26 from "node:path";
+import os from "node:os";
+function stateRoot() {
+  const home = os.homedir();
+  if (process.platform === "win32") {
+    const localAppData = process.env.LOCALAPPDATA || path26.join(home, "AppData", "Local");
+    return path26.join(localAppData, "LetterBlack", "Sentinel");
+  }
+  if (process.platform === "darwin") {
+    const appSupport = process.env.HOME ? path26.join(process.env.HOME, "Library", "Application Support") : path26.join(home, "Library", "Application Support");
+    return path26.join(appSupport, "LetterBlack", "Sentinel");
+  }
+  const xdgData = process.env.XDG_DATA_HOME || path26.join(home, ".local", "share");
+  return path26.join(xdgData, "LetterBlack", "Sentinel");
+}
+
+// src/state/workspaceRegistry.js
+import fs22 from "node:fs";
+import path27 from "node:path";
+var FORMAT = 1;
+function emptyRegistry() {
+  return { format: FORMAT, workspaces: {} };
+}
+function readRegistry(registryPath) {
+  if (!fs22.existsSync(registryPath)) return { registry: emptyRegistry(), readable: true };
+  try {
+    const registry = JSON.parse(fs22.readFileSync(registryPath, "utf8"));
+    if (!registry || typeof registry !== "object" || Array.isArray(registry) || registry.format !== FORMAT || !registry.workspaces || typeof registry.workspaces !== "object" || Array.isArray(registry.workspaces)) {
+      return { registry: null, readable: false };
+    }
+    return { registry, readable: true };
+  } catch (_) {
+    return { registry: null, readable: false };
+  }
+}
+function registerWorkspace(registryPath, workspaceId2, workspacePath) {
+  return withFileLock(registryPath, () => {
+    const { registry, readable } = readRegistry(registryPath);
+    if (!readable) return null;
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const existing = registry.workspaces[workspaceId2];
+    registry.workspaces[workspaceId2] = {
+      path: workspacePath,
+      alias: existing?.alias || path27.basename(workspacePath),
+      first_seen: existing?.first_seen || now,
+      last_active: now
+    };
+    atomicWriteFileSync(registryPath, JSON.stringify(registry, null, 2) + "\n", "utf8");
+    return registry.workspaces[workspaceId2];
+  });
+}
+function listWorkspaces(registryPath) {
+  const { registry, readable } = readRegistry(registryPath);
+  if (!readable) return [];
+  return Object.entries(registry.workspaces).map(([workspaceId2, workspace]) => ({
+    workspaceId: workspaceId2,
+    ...workspace
+  }));
+}
+function isWorkspaceRegistryReadable(registryPath) {
+  return readRegistry(registryPath).readable;
+}
+
+// src/state/migration.js
+import crypto9 from "node:crypto";
+import fs23 from "node:fs";
+import path28 from "node:path";
+var SOURCE = ".lbe/events.jsonl";
+function sha2563(data) {
+  return crypto9.createHash("sha256").update(data).digest("hex");
+}
+function readMarker(markerPath) {
+  try {
+    return JSON.parse(fs23.readFileSync(markerPath, "utf8"));
+  } catch (_) {
+    return null;
+  }
+}
+function readCentralLines(eventsPath) {
+  try {
+    return new Set(fs23.readFileSync(eventsPath, "utf8").split(/\r?\n/).filter(Boolean));
+  } catch (_) {
+    return /* @__PURE__ */ new Set();
+  }
+}
+function migrateLegacyEvents(workspaceRoot, stateDir) {
+  const sourcePath = path28.join(workspaceRoot, ".lbe", "events.jsonl");
+  const migrationDir = path28.join(stateDir, "migration");
+  const markerPath = path28.join(migrationDir, "events-v1.json");
+  const invalidPath = path28.join(migrationDir, "migration-invalid.jsonl");
+  const result = {
+    attempted: false,
+    imported_count: 0,
+    skipped_duplicate_count: 0,
+    invalid_count: 0,
+    markerPath,
+    invalidPath
+  };
+  let source;
+  try {
+    if (!fs23.existsSync(sourcePath)) return result;
+    source = fs23.readFileSync(sourcePath, "utf8");
+  } catch (_) {
+    return result;
+  }
+  result.attempted = true;
+  const sourceSha256 = sha2563(source);
+  const marker = readMarker(markerPath);
+  if (marker?.format === 1 && marker.source_sha256 === sourceSha256) return result;
+  const validLines = [];
+  const invalidLines = [];
+  for (const [index, rawLine] of source.split(/\r?\n/).entries()) {
+    const line = rawLine.trim();
+    if (!line) continue;
+    try {
+      JSON.parse(line);
+      validLines.push(line);
+    } catch (_) {
+      invalidLines.push({ source: SOURCE, line_number: index + 1, line, source_sha256: sourceSha256 });
+    }
+  }
+  const eventsPath = path28.join(stateDir, "lbe-events.jsonl");
+  try {
+    withFileLock(eventsPath, () => {
+      const centralLines = readCentralLines(eventsPath);
+      const imported = [];
+      for (const line of validLines) {
+        if (centralLines.has(line)) {
+          result.skipped_duplicate_count++;
+          continue;
+        }
+        centralLines.add(line);
+        imported.push(line);
+        result.imported_count++;
+      }
+      if (imported.length > 0) {
+        const existing = fs23.existsSync(eventsPath) ? fs23.readFileSync(eventsPath, "utf8") : "";
+        atomicWriteFileSync(eventsPath, existing + (existing && !existing.endsWith("\n") ? "\n" : "") + imported.join("\n") + "\n", "utf8");
+      }
+    });
+    if (invalidLines.length > 0) {
+      atomicAppendFileSync(invalidPath, invalidLines.map((line) => JSON.stringify(line) + "\n").join(""), { encoding: "utf8" });
+      result.invalid_count = invalidLines.length;
+    }
+    fs23.mkdirSync(migrationDir, { recursive: true });
+    atomicWriteFileSync(markerPath, JSON.stringify({
+      format: 1,
+      source: SOURCE,
+      source_sha256: sourceSha256,
+      migrated_at: (/* @__PURE__ */ new Date()).toISOString(),
+      imported_count: result.imported_count,
+      skipped_duplicate_count: result.skipped_duplicate_count,
+      invalid_count: result.invalid_count
+    }, null, 2) + "\n", "utf8");
+  } catch (_) {
+  }
+  return result;
+}
+
+// src/state/index.js
+function resolveWorkspaceState(workspaceRoot) {
+  const root = stateRoot();
+  const id = workspaceId(workspaceRoot);
+  const dir = workspaceStateDir(root, id);
+  fs24.mkdirSync(dir, { recursive: true });
+  fs24.mkdirSync(path29.join(dir, "file-index"), { recursive: true });
+  fs24.mkdirSync(path29.join(dir, "proof"), { recursive: true });
+  registerWorkspace(path29.join(root, "registry.json"), id, workspaceRoot);
+  migrateLegacyEvents(workspaceRoot, dir);
+  return {
+    stateDir: dir,
+    workspaceId: id,
+    paths: buildPaths(dir)
+  };
+}
+function buildPaths(dir) {
+  return {
+    workspace: path29.join(dir, "workspace.json"),
+    events: path29.join(dir, "lbe-events.jsonl"),
+    intent: path29.join(dir, "intent.jsonl"),
+    targetRegistry: path29.join(dir, "target_registry.jsonl"),
+    fileIndexDir: path29.join(dir, "file-index"),
+    fileIndexBefore: path29.join(dir, "file-index", "before.json"),
+    fileIndexAfter: path29.join(dir, "file-index", "after.json"),
+    proofDir: path29.join(dir, "proof"),
+    proofLatest: path29.join(dir, "proof", "latest.json")
+  };
+}
+
+// src/cli/commands/status.js
+async function statusCommand(opts) {
+  if (opts.all) {
+    const registryPath = opts.registryPath || path30.join(stateRoot(), "registry.json");
+    if (!isWorkspaceRegistryReadable(registryPath)) {
+      console.log("Workspace registry unreadable");
+      return { workspaces: [], registryReadable: false };
+    }
+    const workspaces = listWorkspaces(registryPath);
+    if (workspaces.length === 0) {
+      console.log("No known workspaces yet");
+      return { workspaces, registryReadable: true };
+    }
+    console.log("\nKnown LBE workspaces");
+    for (const workspace of workspaces) {
+      console.log(`  ${workspace.alias}`);
+      console.log(`    workspace_id ${workspace.workspaceId}`);
+      console.log(`    path         ${workspace.path}`);
+      console.log(`    last_active  ${workspace.last_active}`);
+    }
+    console.log("");
+    return { workspaces, registryReadable: true };
+  }
+  const workspaceRoot = path30.resolve(opts.root || process.cwd());
+  const { stateDir, workspaceId: workspaceId2, paths } = resolveWorkspaceState(workspaceRoot);
+  const policyPath = path30.join(workspaceRoot, ".lbe", "policy.json");
+  let policySource = "not found";
+  let policyMode = "unknown";
+  if (fs25.existsSync(policyPath)) {
+    try {
+      const policy = JSON.parse(fs25.readFileSync(policyPath, "utf8"));
+      policyMode = policy.mode || "unknown";
+      policySource = policyPath;
+    } catch (_) {
+      policySource = policyPath + " (unreadable)";
+    }
+  }
+  const hasProof = fs25.existsSync(paths.proofLatest);
+  const hasEvents = fs25.existsSync(paths.events);
+  console.log(`
+LBE Central State \u2014 ${workspaceRoot}`);
+  console.log(`  workspace_id  ${workspaceId2}`);
+  console.log(`  state_dir     ${stateDir}`);
+  console.log(`  policy_source ${policySource}`);
+  console.log(`  policy_mode   ${policyMode}`);
+  console.log(`  central_proof ${hasProof ? paths.proofLatest : "No central proof yet"}`);
+  console.log(`  central_logs  ${hasEvents ? paths.events : "No central logs yet. Hook dual-write not enabled."}`);
+  console.log("");
+  return { workspaceId: workspaceId2, stateDir, policySource, policyMode, hasProof, hasEvents };
+}
+
+// src/cli/commands/logs.js
+import fs26 from "node:fs";
+import path31 from "node:path";
+var DEFAULT_LIMIT = 20;
+async function logsCommand(opts) {
+  const workspaceRoot = path31.resolve(opts.root || process.cwd());
+  const { paths } = resolveWorkspaceState(workspaceRoot);
+  const limit = opts.limit ? parseInt(opts.limit, 10) : DEFAULT_LIMIT;
+  if (!fs26.existsSync(paths.events)) {
+    console.log("\nLBE Central Logs");
+    console.log("  No central logs yet. Hook dual-write not enabled.");
+    console.log(`  Expected at: ${paths.events}`);
+    console.log("");
+    return { eventsPath: paths.events, count: 0, entries: [], missing: true };
+  }
+  const raw = fs26.readFileSync(paths.events, "utf8").trim();
+  const lines = raw ? raw.split("\n") : [];
+  const entries = lines.map((line) => {
+    try {
+      return JSON.parse(line);
+    } catch (_) {
+      return null;
+    }
+  }).filter(Boolean);
+  const tail = entries.slice(-limit);
+  console.log(`
+LBE Central Logs \u2014 last ${tail.length} of ${entries.length} entries`);
+  console.log(`  source: ${paths.events}
+`);
+  for (const entry of tail) {
+    const ts = entry.ts ? new Date(entry.ts * 1e3).toISOString() : "?";
+    const action = entry.action || "?";
+    const dec = entry.decision || "?";
+    const target = entry.path || entry.cmd || "";
+    console.log(`  [${ts}] ${dec.toUpperCase().padEnd(5)} ${action} ${target}`);
+  }
+  console.log("");
+  return { eventsPath: paths.events, count: entries.length, entries: tail, missing: false };
+}
+
+// src/cli/commands/openState.js
+import { spawnSync as spawnSync2 } from "node:child_process";
+import path32 from "node:path";
+async function openStateCommand(opts) {
+  const workspaceRoot = path32.resolve(opts.root || process.cwd());
+  const { stateDir } = resolveWorkspaceState(workspaceRoot);
+  console.log(`
+LBE Central State Directory`);
+  console.log(`  ${stateDir}
+`);
+  if (process.env.LBE_NO_OPEN === "1") {
+    return { stateDir, opened: false };
+  }
+  let opened = false;
+  try {
+    if (process.platform === "win32") {
+      spawnSync2("explorer.exe", [stateDir], { detached: true, stdio: "ignore" });
+      opened = true;
+    } else if (process.platform === "darwin") {
+      spawnSync2("open", [stateDir], { detached: true, stdio: "ignore" });
+      opened = true;
+    } else {
+      spawnSync2("xdg-open", [stateDir], { detached: true, stdio: "ignore" });
+      opened = true;
+    }
+  } catch (_) {
+  }
+  return { stateDir, opened };
+}
+
+// src/cli/commands/proof.js
+import fs28 from "node:fs";
+import path34 from "node:path";
+import os2 from "node:os";
+
+// src/state/proofRunner.js
+import fs27 from "node:fs";
+import path33 from "node:path";
+function loadJson(filePath) {
+  if (!filePath || !fs27.existsSync(filePath)) return null;
+  try {
+    return JSON.parse(fs27.readFileSync(filePath, "utf8"));
+  } catch (_) {
+    return null;
+  }
+}
+function loadLatestProof(stateDir) {
+  return loadJson(path33.join(stateDir, "proof", "latest.json"));
+}
+
+// src/cli/commands/proof.js
+function buildPublicProof(proof, targets) {
+  const lastTarget = Array.isArray(targets) && targets.length > 0 ? targets[targets.length - 1] : null;
+  const pub = {
+    result: proof.result,
+    profile: proof.profile,
+    checks: proof.checks_run || [],
+    allow_deny: proof.failures && proof.failures.length > 0 ? "deny" : "allow"
+  };
+  if (lastTarget) {
+    pub.target_type = lastTarget.kind || null;
+    pub.target_label = lastTarget.label || null;
+    pub.target_file = lastTarget.component_file || null;
+  }
+  if (proof.failures && proof.failures.length > 0) {
+    pub.failure_reasons = proof.failures.map((f) => ({ check: f.check, reason: f.reason }));
+  }
+  return pub;
+}
+async function proofCommand(opts) {
+  const workspaceRoot = path34.resolve(opts.root || process.cwd());
+  const { stateDir, workspaceId: workspaceId2, paths } = resolveWorkspaceState(workspaceRoot);
+  const proof = loadLatestProof(stateDir);
+  const isPublic = opts.public === true || opts.public === "true";
+  const isJson = opts.json === true || opts.json === "true" || isPublic;
+  if (!proof) {
+    if (isJson) {
+      console.log(JSON.stringify({ found: false, message: "No proof record found. Run lbe proof after using the hook." }, null, 2));
+    } else {
+      console.log("\nNo proof record found.");
+      console.log("Use the hook-protected workflow and then run: lbe proof\n");
+    }
+    return { found: false };
+  }
+  let targets = [];
+  if (isPublic) {
+    const targetPath = path34.join(stateDir, "target_registry.jsonl");
+    if (fs28.existsSync(targetPath)) {
+      const raw = fs28.readFileSync(targetPath, "utf8").trim();
+      targets = raw ? raw.split("\n").reduce((acc, l) => {
+        try {
+          acc.push(JSON.parse(l));
+        } catch (_) {
+        }
+        return acc;
+      }, []) : [];
+    }
+  }
+  if (isPublic) {
+    const pub = buildPublicProof(proof, targets);
+    console.log(JSON.stringify(pub, null, 2));
+    return { found: true, result: proof.result, profile: proof.profile, public: true };
+  }
+  if (isJson) {
+    console.log(JSON.stringify(proof, null, 2));
+    return { found: true, result: proof.result, profile: proof.profile };
+  }
+  const resultMark = proof.result === "PASS" ? "\u2713" : proof.result === "WEAK_PROOF" ? "\u26A0" : "\u2717";
+  const workspace = path34.basename(workspaceRoot);
+  console.log(`
+LBE Proof \u2014 ${workspace}`);
+  console.log(`  Result         ${resultMark} ${proof.result}`);
+  console.log(`  Profile        ${proof.profile}`);
+  console.log(`  Changed files  ${(proof.files_changed || []).length}`);
+  console.log(`  Checks run     ${(proof.checks_run || []).join(", ")}`);
+  if (proof.failures && proof.failures.length > 0) {
+    console.log(`  Failures       ${proof.failures.length}`);
+    for (const f of proof.failures) {
+      console.log(`    \u2022 [${f.check}] ${f.reason}${f.file ? ": " + f.file : ""}`);
+    }
+  }
+  console.log(`  Recorded at    ${proof.ts}`);
+  console.log("");
+  return { found: true, result: proof.result, profile: proof.profile };
+}
+
+// src/cli/main.js
+function toBoolean4(value, defaultValue = false) {
+  if (value === void 0) return defaultValue;
+  if (value === true || value === false) return value;
+  const normalized = String(value).trim().toLowerCase();
+  if (normalized === "true" || normalized === "1" || normalized === "yes") return true;
+  if (normalized === "false" || normalized === "0" || normalized === "no") return false;
+  return defaultValue;
+}
+var __dirname2 = path35.dirname(fileURLToPath3(import.meta.url));
+var packageJsonPath = path35.join(__dirname2, "../../package.json");
+var packageJson = JSON.parse(fs29.readFileSync(packageJsonPath, "utf-8"));
+async function main() {
+  const argv = process.argv.slice(2);
+  if (argv.includes("--version")) {
+    console.log(`LetterBlack Sentinel v${packageJson.version}`);
+    process.exit(0);
+  }
+  if (argv.length === 0 || argv.includes("--help") || argv.includes("-h")) {
+    printHelp(packageJson.version);
+    process.exit(0);
+  }
+  const { command, opts } = parseArgs(argv);
+  if (opts.version) {
+    console.log(`LetterBlack Sentinel v${packageJson.version}`);
+    process.exit(0);
+  }
+  if (opts.help || !command || command === "help") {
+    printHelp(packageJson.version);
+    process.exit(0);
+  }
+  try {
+    if (opts["pub-key-file"]) {
+      try {
+        opts["pub-key"] = fs29.readFileSync(path35.resolve(opts["pub-key-file"]), "utf-8").trim();
+      } catch (error) {
+        console.error(`Error reading public key file: ${error.message}`);
+        process.exit(1);
+      }
+    }
+    if (["verify", "dryrun", "run"].includes(command)) {
+      const integrityStrict = toBoolean4(opts["integrity-strict"], false);
+      const integrityManifestPath = path35.resolve(opts["integrity-manifest"] || ".lbe/config/integrity.manifest.json");
+      const integrityResult = await performIntegrityCheck({
+        strict: integrityStrict,
+        manifestPath: integrityManifestPath
+      });
+      if (!integrityResult.valid) {
+        console.error(JSON.stringify({
+          status: "error",
+          error: integrityResult.reason || "INTEGRITY_CHECK_FAILED",
+          message: integrityResult.message
+        }, null, 2));
+        process.exit(8);
+      }
+    }
+    switch (command) {
+      case "init":
+        await initCommand(opts);
+        break;
+      case "verify":
+        await verifyCommand(opts);
+        break;
+      case "dryrun":
+        await dryrunCommand(opts);
+        break;
+      case "run":
+        await runCommand(opts);
+        break;
+      case "audit-verify":
+        await auditVerifyCommand(opts);
+        break;
+      case "integrity-check":
+        await integrityCheckCommand(opts);
+        break;
+      case "integrity-generate":
+        await integrityGenerateCommand(opts);
+        break;
+      case "policy-sign":
+        await policySignCommand(opts);
+        break;
+      case "health":
+        await healthCommand(opts);
+        break;
+      case "policy-add":
+        await policyAddCommand(opts);
+        break;
+      case "observe":
+      case "enforce":
+        await policyModeCommand(command, opts);
+        break;
+      case "status":
+        await statusCommand(opts);
+        break;
+      case "logs":
+        await logsCommand(opts);
+        break;
+      case "open-state":
+        await openStateCommand(opts);
+        break;
+      case "proof":
+        await proofCommand(opts);
+        break;
+      default:
+        console.error(`Unknown command: ${command}`);
+        printHelp(packageJson.version);
+        process.exit(1);
+    }
+  } catch (error) {
+    console.error(JSON.stringify({
+      status: "error",
+      error: "INTERNAL_ERROR",
+      message: error.message,
+      stack: process.env.DEBUG ? error.stack : void 0
+    }));
+    process.exit(9);
+  }
+}
+main().catch((error) => {
+  console.error(JSON.stringify({
+    status: "error",
+    error: "FATAL_ERROR",
+    message: error.message
+  }));
+  process.exit(9);
+});
+export {
+  main
+};