npm - @letterblack/lbe-exec - Versions diffs - 1.2.10 → 1.2.12 - Mend

@letterblack/lbe-exec 1.2.10 → 1.2.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -1,133 +1,19 @@
 # @letterblack/lbe-exec
-**Local-first execution governance for AI agents.**
+LBE puts a local policy gate between what an AI agent proposes and what the system actually executes. Every action — file write, shell command, anything — is validated locally before it runs. No cloud service. No daemon.
-> Use `@letterblack/lbe-exec` if you want LBE to control agent actions in a workspace.
-> Use `@letterblack/lbe-sdk` if you only need validation decisions inside your own tool.
+`lbe-exec` is the full in-process controller. It handles signing, execution, and auditing for you — your agent code just calls `lbe.writeFile()` or `lbe.runShell()`.
-Every action any agent proposes — file write, shell command, anything — passes
-through a local validation gate before it can execute. One package, any agent,
-zero cloud dependency, no daemon required.
+> **Used in production:** LBE is the safety engine inside [Letterblack for After Effects](https://letterblack.net) — every AI-generated script and automation command passes through it before touching a live project.
 ---
-## The problem
+## Which package do you need?
-AI agents are capable. They can write files, invoke tools, and change state —
-and they will, the moment they are given a reason to. The host is the only
-thing standing between a plausible-looking request and irreversible damage.
-That is not enough.
-`@letterblack/lbe-exec` puts a deterministic local gate between what the agent
-proposes and what the system actually executes — fully in-process, no cloud
-dependency, no daemon required.
----
-## How every request travels
-![LBE gate sequence — Request flows through Policy, Identity, and Scope gates before reaching Action. A rejected request is routed to denial before it reaches execution.](https://unpkg.com/@letterblack/lbe-exec/assets/lbe-gates.jpg)
-Every request the agent produces enters a 7-gate pipeline. A failure at any
-gate returns a structured denial — the remaining gates are not evaluated.
-```
-[1] Schema         required fields and structural validity
-        ↓
-[2] Timestamp      permitted clock-skew window (±10 minutes)
-        ↓
-[3] Key lifecycle  trusted key, active, not expired
-        ↓
-[4] Signature      Ed25519 request authenticity (signed locally, no network)
-        ↓
-[5] Rate limit     per-requester sliding-window limit
-        ↓
-[6] Nonce          single-use replay protection
-        ↓
-[7] Policy         configured authorization (deny-wins)
-        ↓
-  allow / deny / error — structured result returned to host
-```
-The executor signs every request with a host-held key before validation.
-No key material leaves the process.
----
-## When a request is approved
-![Happy path — agent proposes action, identity confirmed, policy approved, governed write executed, audit chain extended, result returned to app.](https://unpkg.com/@letterblack/lbe-exec/assets/story-allow.jpg)
-When a request clears every gate:
-1. The agent calls a convenience method — `lbe.writeFile()`, `lbe.runShell()`, etc.
-2. The executor constructs and signs the request locally with a host-held Ed25519 key.
-3. All seven gates pass. The project policy approves the action.
-4. The write or command executes inside the configured project root.
-5. The audit chain is extended — every approved action appends a hash-linked
-   entry to `.lbe/audit.jsonl`, permanently verifiable, impossible to silently remove.
-6. A structured result returns: whether it succeeded, which rules matched, and
-   the audit entry identifier.
-The application stays in control. The executor decides whether the action was
-permitted and hands the answer back.
----
-## When a request is blocked
-![Deny path — rogue agent bypass attempt, policy gate immediate rejection, shell untouched, filesystem unchanged, immutable audit entry written, final state clean.](https://unpkg.com/@letterblack/lbe-exec/assets/story-deny.jpg)
-When a request fails any gate:
-1. The agent attempts an action — whether by mistake, misconfiguration,
-   or a deliberate bypass attempt.
-2. The policy gate closes immediately. The request is denied before any adapter
-   is reached.
-3. The shell is untouched. The filesystem is unchanged. Nothing that should not
-   have happened, happened.
-4. The denial is written to the immutable audit log — chain sealed, evidence
-   preserved.
-5. The final state is clean, verifiable, and consistent.
-No partial execution. No silent failures. Denial is a first-class outcome, not
-an error.
----
-## Policy — who writes the rules
-Only the host application writes policy. Agents may propose a rule — the
-proposal is returned as a plain object for the host to review. Until the host
-explicitly accepts and writes it, the proposal has no effect on any gate.
-This separation is intentional. An agent that can write its own policy rules
-is an agent that can grant itself permission.
----
-## What this covers
-| Threat | Gate |
+| I want… | Package |
 |---|---|
-| Agent writes outside the project root | Scope — sandbox path check |
-| Replayed or stale request | Identity — nonce and timestamp |
-| Tampered or expired key | Identity — key lifecycle |
-| Excessive requests | Identity — rate limit |
-| Action not permitted by project policy | Policy — deny-wins evaluation |
-| Unauthorized shell command | Scope — explicit command allowlist |
-| Injected payload (eval, exec, __proto__) | Content scan before pipeline |
----
-## Observer mode — start here
-Not ready to block? Start in observer mode. Every request is fully validated
-and logged exactly as it would be in enforcement — but nothing is blocked.
-Watch what the agent is doing before you decide what to deny. Your rules take
-effect the moment you switch to enforcement.
+| LBE to handle file writes and shell commands for me (full controller) | `@letterblack/lbe-exec` ← you are here |
+| Just the allow/deny decision — I'll execute it myself | `@letterblack/lbe-sdk` |
 ---
@@ -138,39 +24,36 @@ npm install @letterblack/lbe-exec
 npx lbe-exec init
 ```
-`npx lbe-exec init` scans the project, writes `lbe.policy.json` in observer
-mode, generates `CLAUDE.md` and `.github/copilot-instructions.md` so every AI
-agent automatically discovers and follows governance, and creates
-`.lbe/AGENT_CONTRACT.md` as a machine-readable contract.
+`npx lbe-exec init` creates `lbe.policy.json` in observer mode, generates `CLAUDE.md` and `.github/copilot-instructions.md` so AI agents automatically discover and follow governance, and writes `.lbe/AGENT_CONTRACT.md` as a machine-readable contract.
 Requires Node.js ≥ 20.9.0.
 ---
-## Use in agent code
+## Quick start
 ```js
 import { createLocalExecutor } from '@letterblack/lbe-exec';
 const lbe = createLocalExecutor({ rootDir: process.cwd() });
-// Every call routes through the full 7-gate pipeline
+// Every call routes through the full 7-gate pipeline automatically
 await lbe.writeFile('output/report.md', content);
 await lbe.readFile('src/config.json');
 await lbe.patchFile('src/index.js', patch);
 await lbe.deleteFile('tmp/scratch.txt');
 await lbe.runShell('node', ['scripts/build.js']);
-// Result shape
-const result = await lbe.writeFile('output/result.md', data);
+// Result shape — same for every method
 // { ok: true,  decision: 'allow', executed: true,  auditId: '...' }
 // { ok: false, decision: 'deny',  executed: false, error: { code, message } }
 ```
-No knowledge of the pipeline, request format, or policy internals required.
-All signing, validation, and auditing happens automatically.
+No knowledge of the pipeline, request format, or policy internals required. All signing, validation, and auditing happens automatically.
+---
-### Options
+## Options
 ```js
 const lbe = createLocalExecutor({
@@ -184,7 +67,11 @@ const lbe = createLocalExecutor({
 });
 ```
-### Policy management
+---
+## Policy management
+Only the host application writes policy. Agents may propose a rule — the proposal is returned as a plain object for the host to review. Until the host explicitly accepts and writes it, the proposal has no effect.
 ```js
 // Propose a rule — returns an object for the host to review, writes nothing
@@ -207,16 +94,20 @@ lbe.audit.verify();
 ---
-## CLI reference
+## Observer mode — start here
+Not ready to block? Start in observer mode. Every request is fully validated and logged exactly as it would be in enforcement — but nothing is blocked. Watch what the agent is doing before you decide what to deny.
 ```bash
 npx lbe-exec init      # create lbe.policy.json in observer mode
-npx lbe-exec status    # show mode, rule count, and audit entry count
 npx lbe-exec enforce   # switch to blocking
 npx lbe-exec observe   # switch back to advisory
-npx lbe-exec policy    # list active rules
 ```
+---
+## CLI reference
 | Command | Purpose |
 |---|---|
 | `npx lbe-exec init` | Bootstrap governance — policy, keys, agent files |
@@ -228,6 +119,74 @@ npx lbe-exec policy    # list active rules
 ---
+## How the gate pipeline works
+![LBE gate sequence — Request flows through Policy, Identity, and Scope gates before reaching Action. A rejected request is routed to denial before it reaches execution.](https://unpkg.com/@letterblack/lbe-exec/assets/lbe-gates.jpg)
+Every request enters a 7-gate pipeline. A failure at any gate returns a structured denial — the remaining gates are not evaluated.
+```
+[1] Schema         required fields and structural validity
+        ↓
+[2] Timestamp      permitted clock-skew window (±10 minutes)
+        ↓
+[3] Key lifecycle  trusted key, active, not expired
+        ↓
+[4] Signature      Ed25519 request authenticity (signed locally, no network)
+        ↓
+[5] Rate limit     per-requester sliding-window limit
+        ↓
+[6] Nonce          single-use replay protection
+        ↓
+[7] Policy         configured authorization (deny-wins)
+        ↓
+  allow / deny / error — structured result returned to host
+```
+The executor signs every request with a host-held key before validation. No key material leaves the process.
+---
+## When a request is approved
+![Happy path — agent proposes action, identity confirmed, policy approved, governed write executed, audit chain extended, result returned to app.](https://unpkg.com/@letterblack/lbe-exec/assets/story-allow.jpg)
+1. The agent calls a convenience method — `lbe.writeFile()`, `lbe.runShell()`, etc.
+2. The executor constructs and signs the request locally with a host-held Ed25519 key.
+3. All seven gates pass. The project policy approves the action.
+4. The write or command executes inside the configured project root.
+5. The audit chain is extended — every approved action appends a hash-linked entry to `.lbe/audit.jsonl`, permanently verifiable, impossible to silently remove.
+6. A structured result returns: whether it succeeded, which rules matched, and the audit entry identifier.
+---
+## When a request is blocked
+![Deny path — rogue agent bypass attempt, policy gate immediate rejection, shell untouched, filesystem unchanged, immutable audit entry written, final state clean.](https://unpkg.com/@letterblack/lbe-exec/assets/story-deny.jpg)
+1. The agent attempts an action — whether by mistake, misconfiguration, or a deliberate bypass attempt.
+2. The policy gate closes immediately. The request is denied before any adapter is reached.
+3. The shell is untouched. The filesystem is unchanged.
+4. The denial is written to the immutable audit log — chain sealed, evidence preserved.
+No partial execution. No silent failures. Denial is a first-class outcome, not an error.
+---
+## What this covers
+| Threat | Gate |
+|---|---|
+| Agent writes outside the project root | Scope — sandbox path check |
+| Replayed or stale request | Identity — nonce and timestamp |
+| Tampered or expired key | Identity — key lifecycle |
+| Excessive requests | Identity — rate limit |
+| Action not permitted by project policy | Policy — deny-wins evaluation |
+| Unauthorized shell command | Scope — explicit command allowlist |
+| Injected payload (eval, exec, __proto__) | Content scan before pipeline |
+---
 ## What ships
 ```
@@ -251,8 +210,6 @@ Source code, tests, keys, and runtime state are not included.
 ## Limits
-This package governs actions routed through its executor. It does not provide
-kernel-level process isolation, network-egress control, multi-tenant separation,
-or a hosted control plane.
+This package governs actions routed through its executor. It does not provide kernel-level process isolation, network-egress control, multi-tenant separation, or a hosted control plane.
 For the raw WASM runtime without a controller, see `@letterblack/lbe-sdk`.

package/dist/cli.js CHANGED Viewed

@@ -1762,6 +1762,43 @@ function createLocalExecutor(options = {}) {
     if (!validation.valid) return { error: error(validation.errors[0]?.type || "VALIDATION_FAILED", validation.errors[0]?.message || "Validation failed"), local, localDecision, normalized, proposal, policy, validation };
     return { local, localDecision, normalized, proposal, policy, validation };
   }
+  function evaluateSync(action) {
+    const local = loadLocalPolicy(rootDir, options.mode || "observe");
+    const mode = local.policy.mode;
+    let target = null;
+    let command = null;
+    if (action.path) {
+      try {
+        target = path14.resolve(rootDir, action.path);
+        if (!underRoot(target, rootDir)) {
+          return { decision: "deny", deny: true, matchedRules: ["path:outside_root"], mode, enforced: mode === "enforce", reason: "PATH_OUTSIDE_ROOT" };
+        }
+      } catch (e) {
+      }
+    }
+    if (action.cmd) command = action.cmd;
+    const localDecision = evaluateLocalPolicy(local.policy, rootDir, { target, command });
+    const isDeny = !localDecision.allowed;
+    return {
+      decision: isDeny ? "deny" : "allow",
+      deny: isDeny,
+      matchedRules: localDecision.winningRules.map((r) => r.id),
+      mode,
+      enforced: mode === "enforce"
+    };
+  }
+  function auditSync(entry) {
+    const eventsPath = path14.join(rootDir, ".lbe", "events.jsonl");
+    const dir = path14.dirname(eventsPath);
+    if (!fs13.existsSync(dir)) fs13.mkdirSync(dir, { recursive: true });
+    const line = JSON.stringify({ ts: Math.floor(Date.now() / 1e3), ...entry }) + "\n";
+    const fd = fs13.openSync(eventsPath, "a");
+    try {
+      fs13.writeSync(fd, line);
+    } finally {
+      fs13.closeSync(fd);
+    }
+  }
   async function dryRun(request) {
     const prepared = prepare(request);
     if (prepared.error) return { ...prepared.error, dryRun: true };
@@ -1845,7 +1882,9 @@ function createLocalExecutor(options = {}) {
       proposeRule: proposePolicyRule,
       addRule: (rule) => addLocalPolicyRule(rootDir, rule, options.mode || "enforce")
     },
-    audit: { verify: () => verifyAuditLogIntegrity(path14.join(rootDir, ".lbe/audit.jsonl")) }
+    audit: { verify: () => verifyAuditLogIntegrity(path14.join(rootDir, ".lbe/audit.jsonl")) },
+    evaluateSync,
+    auditSync
   };
 }
 var INTENTS, MUTATIONS, FORBIDDEN_CONTENT;
@@ -1881,6 +1920,8 @@ var init_localExecutor = __esm({
 // exec/cli.js
 import fs14 from "fs";
 import path15 from "path";
+import { spawnSync as spawnSync2, spawn } from "child_process";
+import { fileURLToPath as fileURLToPath2 } from "url";
 // src/cli/commands/init.js
 init_signature();
@@ -2528,6 +2569,8 @@ var [, , cmd, ...rest] = process.argv;
 var opts = Object.fromEntries(
   rest.flatMap((v, i, a) => v.startsWith("--") ? [[v.slice(2), a[i + 1] ?? true]] : [])
 );
+var positional = rest.filter((v) => !v.startsWith("--") && rest[rest.indexOf(v) - 1]?.startsWith("--") === false);
+var __dir = path15.dirname(fileURLToPath2(import.meta.url));
 function loadPolicy() {
   const p = path15.join(process.cwd(), "lbe.policy.json");
   return fs14.existsSync(p) ? JSON.parse(fs14.readFileSync(p, "utf8")) : null;
@@ -2537,36 +2580,216 @@ function countAudit() {
   if (!fs14.existsSync(p)) return 0;
   return fs14.readFileSync(p, "utf8").split("\n").filter((l) => l.trim()).length;
 }
+function findHookPath() {
+  const candidates = [
+    path15.resolve(__dir, "../hooks/register.cjs"),
+    // npm: dist/ → ../hooks/
+    path15.resolve(__dir, "../src/hooks/register.cjs")
+    // dev: exec/ → ../src/hooks/
+  ];
+  return candidates.find((p) => fs14.existsSync(p)) || candidates[0];
+}
+function detectNodeScripts(scripts) {
+  const pattern = /(?:^|\s)node\s+(\S+)/;
+  return Object.entries(scripts || {}).filter(([name, cmd2]) => {
+    if (name.includes(":lbe") || name.startsWith("lbe")) return false;
+    return pattern.test(cmd2);
+  });
+}
+function extractNodeArgs(cmd2) {
+  const match = cmd2.match(/(?:^|\s)node\s+(.+)/);
+  return match ? match[1].trim() : null;
+}
+function injectScripts(wrapScript) {
+  const pkgPath = path15.join(process.cwd(), "package.json");
+  if (!fs14.existsSync(pkgPath)) return [];
+  const pkg = JSON.parse(fs14.readFileSync(pkgPath, "utf8"));
+  const scripts = pkg.scripts || {};
+  const added = [];
+  if (wrapScript) {
+    const original = scripts[wrapScript];
+    if (!original) {
+      console.error(`No script named "${wrapScript}" found.`);
+      return [];
+    }
+    const args = extractNodeArgs(original);
+    if (!args) {
+      console.error(`Script "${wrapScript}" does not look like a node script.`);
+      return [];
+    }
+    scripts[wrapScript] = `lbe-exec run-node --mode observe ${args}`;
+    added.push(wrapScript);
+  } else {
+    const candidates = detectNodeScripts(scripts);
+    for (const [name, scriptCmd] of candidates) {
+      const args = extractNodeArgs(scriptCmd);
+      if (!args) continue;
+      const lbeName = name + ":lbe";
+      const lbeEnforceName = name + ":lbe:enforce";
+      if (!scripts[lbeName]) {
+        scripts[lbeName] = `lbe-exec run-node --mode observe ${args}`;
+        added.push(lbeName);
+      }
+      if (!scripts[lbeEnforceName]) {
+        scripts[lbeEnforceName] = `lbe-exec run-node --mode enforce ${args}`;
+        added.push(lbeEnforceName);
+      }
+    }
+  }
+  if (!scripts["lbe:status"]) {
+    scripts["lbe:status"] = "lbe-exec status";
+    added.push("lbe:status");
+  }
+  if (!scripts["lbe:audit"]) {
+    scripts["lbe:audit"] = "lbe-exec audit";
+    added.push("lbe:audit");
+  }
+  if (added.length) {
+    pkg.scripts = scripts;
+    fs14.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + "\n");
+    for (const s of added) console.log(`  added: ${s}`);
+  }
+  return added;
+}
 switch (cmd) {
-  case "init":
-    initCommand(opts).catch((e) => {
-      console.error(e.message);
+  case "run-node": {
+    const mode = opts.mode || "observe";
+    if (!["observe", "enforce"].includes(mode)) {
+      console.error("--mode must be observe or enforce");
+      process.exit(1);
+    }
+    const scriptIdx = rest.findIndex((v, i) => !v.startsWith("--") && (i === 0 || !rest[i - 1].startsWith("--")));
+    if (scriptIdx === -1) {
+      console.error("Usage: lbe-exec run-node [--mode observe|enforce] <script> [...args]");
       process.exit(1);
+    }
+    const scriptAndArgs = rest.slice(scriptIdx);
+    const hookPath = findHookPath();
+    if (!fs14.existsSync(hookPath)) {
+      console.error("Hook not found: " + hookPath + "\nRun: npm install @letterblack/lbe-exec");
+      process.exit(1);
+    }
+    const child = spawn(process.execPath, ["--require", hookPath, ...scriptAndArgs], {
+      stdio: "inherit",
+      env: { ...process.env, LBE_MODE: mode, LBE_ROOT: process.cwd() }
     });
+    child.on("close", (code) => process.exit(code ?? 0));
     break;
-  case "observe":
-  case "enforce":
-    policyModeCommand(cmd, opts).catch((e) => {
-      console.error(e.message);
+  }
+  case "npm": {
+    console.error('[lbe] Note: Use "lbe-exec run-node" for reliable hook preload.');
+    console.error("[lbe] NODE_OPTIONS --require may not fire for all npm lifecycle hooks.\n");
+    const hookPath = findHookPath();
+    if (!fs14.existsSync(hookPath)) {
+      console.error("Hook not found: " + hookPath);
       process.exit(1);
+    }
+    const existing = process.env.NODE_OPTIONS || "";
+    const hookFlag = "--require " + hookPath;
+    const nodeOptions = existing.includes(hookFlag) ? existing : (existing + " " + hookFlag).trim();
+    const npmArgs = rest;
+    const isWindows = process.platform === "win32";
+    const child = spawn(isWindows ? "npm.cmd" : "npm", npmArgs, {
+      stdio: "inherit",
+      shell: false,
+      env: { ...process.env, NODE_OPTIONS: nodeOptions, LBE_MODE: opts.mode || "observe", LBE_ROOT: process.cwd() }
     });
+    child.on("close", (code) => process.exit(code ?? 0));
     break;
+  }
   case "status": {
     const policy = loadPolicy();
-    if (!policy) {
-      console.log("No lbe.policy.json found. Run: npx lbe init");
+    console.log("\u2500\u2500 LBE Status \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+    console.log("workspace:   " + process.cwd());
+    if (policy) {
+      console.log("mode:        " + policy.mode);
+      console.log("rules:       " + (policy.rules?.length ?? 0));
+      console.log("audit:       " + countAudit() + " entries  (.lbe/audit.jsonl)");
+    } else {
+      console.log("policy:      not found \u2014 run: npx lbe-exec init");
+    }
+    const statusFile = path15.join(process.cwd(), ".lbe", "runtime", "hook-status.json");
+    if (!fs14.existsSync(statusFile)) {
+      console.log("\nhook:        inactive \u2014 use: npx lbe-exec run-node ./agent.js");
+      break;
+    }
+    let hookStatus;
+    try {
+      hookStatus = JSON.parse(fs14.readFileSync(statusFile, "utf8"));
+    } catch (e) {
+      console.log("\nhook:        status file unreadable \u2014 " + e.message);
+      break;
+    }
+    let pidAlive = false;
+    try {
+      process.kill(hookStatus.pid, 0);
+      pidAlive = true;
+    } catch (_) {
+    }
+    console.log("\nhook:        " + (pidAlive ? "ACTIVE" : "stale (process exited)"));
+    console.log("hook pid:    " + hookStatus.pid + (pidAlive ? " (alive)" : " (gone)"));
+    console.log("hook mode:   " + hookStatus.mode);
+    console.log("hook root:   " + hookStatus.root);
+    console.log("hook start:  " + hookStatus.started_at);
+    if (hookStatus.patched) {
+      console.log("\nPatched functions:");
+      for (const [fn, active] of Object.entries(hookStatus.patched)) {
+        console.log("  " + (active ? "\u2713" : "\u2013") + " " + fn);
+      }
+    }
+    console.log("\nevents log:  .lbe/events.jsonl");
+    break;
+  }
+  case "audit": {
+    const eventsPath = path15.join(process.cwd(), ".lbe", "events.jsonl");
+    if (!fs14.existsSync(eventsPath)) {
+      console.log("No events log found. Run an agent with: npx lbe-exec run-node ./agent.js");
+      break;
+    }
+    const lines = fs14.readFileSync(eventsPath, "utf8").split("\n").filter((l) => l.trim());
+    if (!lines.length) {
+      console.log("No events recorded yet.");
       break;
     }
-    console.log(`mode:        ${policy.mode}`);
-    console.log(`rules:       ${policy.rules?.length ?? 0}`);
-    console.log(`audit:       ${countAudit()} entries`);
-    console.log(`workspace:   ${policy.workspace || process.cwd()}`);
+    console.log("\u2500\u2500 LBE Event Log (" + lines.length + " entries) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
+    for (const line of lines) {
+      try {
+        const e = JSON.parse(line);
+        const ts = new Date(e.ts * 1e3).toISOString().replace("T", " ").slice(0, 19);
+        const target = e.path || e.cmd || "?";
+        const status = e.enforced && e.decision === "deny" ? "BLOCKED" : e.decision === "deny" ? "WOULD-BLOCK" : "allowed";
+        console.log(`${ts}  [${e.mode}] ${e.action}  ${target}  \u2192 ${status}`);
+      } catch (_) {
+      }
+    }
     break;
   }
+  case "init":
+    initCommand(opts).then(() => {
+      const added = injectScripts(opts.wrap || null);
+      if (added.length) {
+        console.log("\n\u2713 Added LBE script variants to package.json");
+        console.log("  Run your agent through LBE:  npm run <name>:lbe");
+      } else {
+        console.log("\nNo node agent scripts detected in package.json.");
+        console.log("Use: npx lbe-exec run-node [--mode observe|enforce] ./your-agent.js");
+      }
+    }).catch((e) => {
+      console.error(e.message);
+      process.exit(1);
+    });
+    break;
+  case "observe":
+  case "enforce":
+    policyModeCommand(cmd, opts).catch((e) => {
+      console.error(e.message);
+      process.exit(1);
+    });
+    break;
   case "policy": {
     const policy = loadPolicy();
     if (!policy) {
-      console.log("No lbe.policy.json found. Run: npx lbe init");
+      console.log("No lbe.policy.json found. Run: npx lbe-exec init");
       break;
     }
     if (!policy.rules?.length) {
@@ -2598,17 +2821,21 @@ switch (cmd) {
     break;
   }
   default:
-    console.log("Usage: lbe <command>\n");
-    console.log("  init      Set up LBE governance in this project");
-    console.log("  status    Show mode, rule count, and audit entry count");
-    console.log("  policy    List active rules");
-    console.log("  observe   Switch to observer mode (log only, nothing blocked)");
-    console.log("  enforce   Switch to enforcement mode (violations blocked)");
-    console.log("  execute   Send a JSON request from stdin or --input file");
+    console.log("Usage: lbe-exec <command>\n");
+    console.log("  init                Bootstrap governance \u2014 policy, keys, agent files");
+    console.log("  run-node            Run a Node.js agent under LBE governance");
+    console.log("    [--mode observe|enforce] <script> [...args]");
+    console.log("  npm                 Wrap npm command with LBE hook (via NODE_OPTIONS)");
+    console.log("    [...npm-args]");
+    console.log("  status              Show workspace, mode, hook state, patched functions");
+    console.log("  audit               Show unified event log (.lbe/events.jsonl)");
+    console.log("  policy              List active policy rules");
+    console.log("  observe             Switch to observer mode (log only, nothing blocked)");
+    console.log("  enforce             Switch to enforcement mode (violations blocked)");
+    console.log("  execute             Send a JSON request from stdin or --input file");
     console.log("\nCLI: npx lbe-exec <command>");
     if (cmd && cmd !== "--help" && cmd !== "help") {
-      console.error(`
-Unknown command: ${cmd}`);
+      console.error("\nUnknown command: " + cmd);
       process.exit(1);
     }
 }

package/dist/index.js CHANGED Viewed

@@ -1705,6 +1705,43 @@ function createLocalExecutor(options = {}) {
     if (!validation.valid) return { error: error(validation.errors[0]?.type || "VALIDATION_FAILED", validation.errors[0]?.message || "Validation failed"), local, localDecision, normalized, proposal, policy, validation };
     return { local, localDecision, normalized, proposal, policy, validation };
   }
+  function evaluateSync(action) {
+    const local = loadLocalPolicy(rootDir, options.mode || "observe");
+    const mode = local.policy.mode;
+    let target = null;
+    let command = null;
+    if (action.path) {
+      try {
+        target = path10.resolve(rootDir, action.path);
+        if (!underRoot(target, rootDir)) {
+          return { decision: "deny", deny: true, matchedRules: ["path:outside_root"], mode, enforced: mode === "enforce", reason: "PATH_OUTSIDE_ROOT" };
+        }
+      } catch (e) {
+      }
+    }
+    if (action.cmd) command = action.cmd;
+    const localDecision = evaluateLocalPolicy(local.policy, rootDir, { target, command });
+    const isDeny = !localDecision.allowed;
+    return {
+      decision: isDeny ? "deny" : "allow",
+      deny: isDeny,
+      matchedRules: localDecision.winningRules.map((r) => r.id),
+      mode,
+      enforced: mode === "enforce"
+    };
+  }
+  function auditSync(entry) {
+    const eventsPath = path10.join(rootDir, ".lbe", "events.jsonl");
+    const dir = path10.dirname(eventsPath);
+    if (!fs9.existsSync(dir)) fs9.mkdirSync(dir, { recursive: true });
+    const line = JSON.stringify({ ts: Math.floor(Date.now() / 1e3), ...entry }) + "\n";
+    const fd = fs9.openSync(eventsPath, "a");
+    try {
+      fs9.writeSync(fd, line);
+    } finally {
+      fs9.closeSync(fd);
+    }
+  }
   async function dryRun(request) {
     const prepared = prepare(request);
     if (prepared.error) return { ...prepared.error, dryRun: true };
@@ -1788,7 +1825,9 @@ function createLocalExecutor(options = {}) {
       proposeRule: proposePolicyRule,
       addRule: (rule) => addLocalPolicyRule(rootDir, rule, options.mode || "enforce")
     },
-    audit: { verify: () => verifyAuditLogIntegrity(path10.join(rootDir, ".lbe/audit.jsonl")) }
+    audit: { verify: () => verifyAuditLogIntegrity(path10.join(rootDir, ".lbe/audit.jsonl")) },
+    evaluateSync,
+    auditSync
   };
 }
 export {

package/hooks/register.cjs ADDED Viewed

@@ -0,0 +1,473 @@
+'use strict';
+// LBE Agent Bridge — CJS preload hook
+// Load with: node --require @letterblack/lbe-exec/hooks/register.cjs agent.js
+// Or via:    npx lbe-exec run-node [--mode observe|enforce] agent.js
+const fs = require('fs');
+const path = require('path');
+const { EventEmitter } = require('events');
+const { Readable } = require('stream');
+const ROOT_DIR = process.env.LBE_ROOT || process.cwd();
+const MODE = process.env.LBE_MODE || 'observe';
+// ── Policy loader (inline CJS — ESM cannot be require()'d synchronously) ────
+function loadPolicy() {
+    const policyPath = path.join(ROOT_DIR, 'lbe.policy.json');
+    try {
+        if (fs.existsSync(policyPath)) {
+            return JSON.parse(fs.readFileSync(policyPath, 'utf8'));
+        }
+    } catch (e) { /* fall through to default */ }
+    return { version: 1, mode: MODE, workspace: ROOT_DIR, rules: [] };
+}
+function globToRegex(pattern) {
+    const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, '\\$&');
+    return new RegExp('^' + escaped
+        .replace(/\*\*\//g, '(?:.*/)?')
+        .replace(/\*\*/g, '.*')
+        .replace(/\*/g, '[^/]*') + '$');
+}
+function evaluatePolicy(action) {
+    const policy = loadPolicy();
+    const mode = policy.mode || MODE;
+    const rules = Array.isArray(policy.rules) ? policy.rules : [];
+    if (action.path) {
+        try {
+            const abs = path.resolve(ROOT_DIR, action.path);
+            const sep = path.sep;
+            if (!abs.startsWith(ROOT_DIR + sep) && abs !== ROOT_DIR) {
+                return { decision: 'deny', deny: true, reason: 'PATH_OUTSIDE_ROOT', matchedRules: ['path:outside_root'], mode, enforced: mode === 'enforce' };
+            }
+            const rel = path.relative(ROOT_DIR, abs).split(sep).join('/');
+            const matched = rules.filter(r => r.type === 'path' && globToRegex(r.pattern).test(rel));
+            const denied = matched.filter(r => r.effect === 'deny');
+            const isDeny = denied.length > 0;
+            return {
+                decision: isDeny ? 'deny' : 'allow', deny: isDeny,
+                matchedRules: (isDeny ? denied : matched.filter(r => r.effect === 'allow')).map(r => r.id),
+                mode, enforced: mode === 'enforce',
+            };
+        } catch (e) {
+            if (mode === 'enforce') {
+                return { decision: 'deny', deny: true, reason: 'PATH_RESOLUTION_ERROR', matchedRules: [], mode, enforced: true };
+            }
+        }
+    }
+    if (action.cmd) {
+        const matched = rules.filter(r => r.type === 'command' && globToRegex(r.pattern).test(String(action.cmd)));
+        const denied = matched.filter(r => r.effect === 'deny');
+        const isDeny = denied.length > 0;
+        return {
+            decision: isDeny ? 'deny' : 'allow', deny: isDeny,
+            matchedRules: (isDeny ? denied : matched.filter(r => r.effect === 'allow')).map(r => r.id),
+            mode, enforced: mode === 'enforce',
+        };
+    }
+    return { decision: 'allow', deny: false, matchedRules: [], mode, enforced: mode === 'enforce' };
+}
+// ── Audit writer ──────────────────────────────────────────────────────────────
+// fs.appendFileSync → fs.writeFileSync (Node.js internal) → would recurse.
+// fs.openSync/writeSync/closeSync are low-level bindings — never call back into JS.
+// Re-entrant guard prevents recursion from any code path we missed.
+var _auditInFlight = false;
+function auditEvent(entry) {
+    if (_auditInFlight) return;
+    _auditInFlight = true;
+    try {
+        var eventsPath = path.join(ROOT_DIR, '.lbe', 'events.jsonl');
+        var dir = path.dirname(eventsPath);
+        if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+        var line = JSON.stringify({ ts: Math.floor(Date.now() / 1000), ...entry }) + '\n';
+        // Use open/write/close directly — bypasses all JS wrappers including writeFileSync
+        var fd = fs.openSync(eventsPath, 'a');
+        try { fs.writeSync(fd, line); } finally { fs.closeSync(fd); }
+    } catch (e) {
+        console.warn('[lbe] audit write failed:', e.message);
+    } finally {
+        _auditInFlight = false;
+    }
+}
+class LBEPermissionError extends Error {
+    constructor(decision, action) {
+        const target = action.path || action.cmd || 'unknown';
+        super('[LBE:' + decision.mode + '] DENIED ' + action.action + ' on ' + target);
+        this.name = 'LBEPermissionError';
+        this.code = 'LBE_PERMISSION_DENIED';
+        this.lbeDecision = decision;
+    }
+}
+// ── Originals — captured BEFORE any patch is applied ────────────────────────
+const origFs = {
+    writeFile:     fs.writeFile.bind(fs),
+    writeFileSync: fs.writeFileSync.bind(fs),
+    rm:            fs.rm     ? fs.rm.bind(fs)     : null,
+    rmSync:        fs.rmSync ? fs.rmSync.bind(fs) : null,
+    unlink:        fs.unlink.bind(fs),
+    unlinkSync:    fs.unlinkSync.bind(fs),
+    rename:        fs.rename.bind(fs),
+    renameSync:    fs.renameSync.bind(fs),
+};
+const origPromises = {
+    writeFile: fs.promises.writeFile.bind(fs.promises),
+    rm:        fs.promises.rm     ? fs.promises.rm.bind(fs.promises)     : null,
+    unlink:    fs.promises.unlink.bind(fs.promises),
+    rename:    fs.promises.rename.bind(fs.promises),
+};
+const cp = require('child_process');
+const origCp = {
+    spawn:     cp.spawn.bind(cp),
+    spawnSync: cp.spawnSync.bind(cp),
+    exec:      cp.exec.bind(cp),
+    execSync:  cp.execSync.bind(cp),
+};
+// ── Denied spawn stub — EventEmitter-compatible ───────────────────────────────
+function makeFailedChildProcess(err) {
+    const emitter = new EventEmitter();
+    emitter.pid        = null;
+    emitter.killed     = false;
+    emitter.exitCode   = 1;
+    emitter.signalCode = null;
+    emitter.stdout     = new Readable({ read() {} });
+    emitter.stderr     = new Readable({ read() {} });
+    emitter.stdin      = { write() { return false; }, end() {}, destroy() {} };
+    emitter.kill       = () => false;
+    emitter.ref        = () => emitter;
+    emitter.unref      = () => emitter;
+    process.nextTick(function () {
+        emitter.stdout.push(null);
+        emitter.stderr.push(null);
+        emitter.emit('error', err);
+        emitter.emit('close', 1, null);
+        emitter.emit('exit', 1, null);
+    });
+    return emitter;
+}
+// ── Decision + pre-block audit ────────────────────────────────────────────────
+function decide(action) {
+    var decision;
+    try {
+        decision = evaluatePolicy(action);
+    } catch (e) {
+        if (MODE === 'enforce') {
+            var failErr = new LBEPermissionError({ mode: 'enforce', enforced: true }, action);
+            try { auditEvent({ action: action.action, path: action.path, cmd: action.cmd, actor: 'agent:lbe-hooks', decision: 'deny', mode: 'enforce', enforced: true, executed: false, matched_rules: [], error: e.message }); } catch (_) {}
+            return { blocked: true, error: failErr };
+        }
+        console.warn('[lbe] policy evaluation failed (observe mode, allowing):', e.message);
+        return { blocked: false, decision: { decision: 'allow', deny: false, matchedRules: [], mode: 'observe', enforced: false } };
+    }
+    if (decision.deny && decision.enforced) {
+        var err = new LBEPermissionError(decision, action);
+        try { auditEvent({ action: action.action, path: action.path, cmd: action.cmd, actor: 'agent:lbe-hooks', decision: 'deny', mode: decision.mode, enforced: true, executed: false, matched_rules: decision.matchedRules }); } catch (_) {}
+        return { blocked: true, error: err };
+    }
+    return { blocked: false, decision: decision };
+}
+function postAudit(action, decision, executed, extra) {
+    try {
+        auditEvent(Object.assign({ action: action.action, path: action.path, cmd: action.cmd, actor: 'agent:lbe-hooks', decision: decision.decision, mode: decision.mode, enforced: decision.enforced, executed: executed, matched_rules: decision.matchedRules }, extra || {}));
+    } catch (e) {
+        console.warn('[lbe] post-action audit failed (result unaffected):', e.message);
+    }
+}
+// ── Patch fs callbacks ────────────────────────────────────────────────────────
+fs.writeFile = function lbeWriteFile(filePath, data, options, callback) {
+    if (typeof options === 'function') { callback = options; options = undefined; }
+    var action = { action: 'file_write', path: String(filePath) };
+    var check = decide(action);
+    if (check.blocked) { process.nextTick(function () { callback(check.error); }); return; }
+    function done(err) {
+        postAudit(action, check.decision, !err, err ? { error: err.message } : null);
+        callback(err);
+    }
+    if (options !== undefined) { origFs.writeFile(filePath, data, options, done); }
+    else { origFs.writeFile(filePath, data, done); }
+};
+fs.writeFileSync = function lbeWriteFileSync(filePath, data, options) {
+    var action = { action: 'file_write', path: String(filePath) };
+    var check = decide(action);
+    if (check.blocked) { throw check.error; }
+    try {
+        var result = options !== undefined ? origFs.writeFileSync(filePath, data, options) : origFs.writeFileSync(filePath, data);
+        postAudit(action, check.decision, true);
+        return result;
+    } catch (e) {
+        postAudit(action, check.decision, false, { error: e.message });
+        throw e;
+    }
+};
+if (origFs.rm) {
+    fs.rm = function lbeRm(filePath, options, callback) {
+        if (typeof options === 'function') { callback = options; options = undefined; }
+        var action = { action: 'file_delete', path: String(filePath) };
+        var check = decide(action);
+        if (check.blocked) { process.nextTick(function () { callback(check.error); }); return; }
+        function done(err) {
+            postAudit(action, check.decision, !err, err ? { error: err.message } : null);
+            callback(err);
+        }
+        if (options !== undefined) { origFs.rm(filePath, options, done); }
+        else { origFs.rm(filePath, done); }
+    };
+}
+if (origFs.rmSync) {
+    fs.rmSync = function lbeRmSync(filePath, options) {
+        var action = { action: 'file_delete', path: String(filePath) };
+        var check = decide(action);
+        if (check.blocked) { throw check.error; }
+        try {
+            var result = options !== undefined ? origFs.rmSync(filePath, options) : origFs.rmSync(filePath);
+            postAudit(action, check.decision, true);
+            return result;
+        } catch (e) {
+            postAudit(action, check.decision, false, { error: e.message });
+            throw e;
+        }
+    };
+}
+fs.unlink = function lbeUnlink(filePath, options, callback) {
+    if (typeof options === 'function') { callback = options; options = undefined; }
+    var action = { action: 'file_delete', path: String(filePath) };
+    var check = decide(action);
+    if (check.blocked) { process.nextTick(function () { callback(check.error); }); return; }
+    origFs.unlink(filePath, function done(err) {
+        postAudit(action, check.decision, !err, err ? { error: err.message } : null);
+        callback(err);
+    });
+};
+fs.unlinkSync = function lbeUnlinkSync(filePath) {
+    var action = { action: 'file_delete', path: String(filePath) };
+    var check = decide(action);
+    if (check.blocked) { throw check.error; }
+    try {
+        var result = origFs.unlinkSync(filePath);
+        postAudit(action, check.decision, true);
+        return result;
+    } catch (e) {
+        postAudit(action, check.decision, false, { error: e.message });
+        throw e;
+    }
+};
+fs.rename = function lbeRename(oldPath, newPath, options, callback) {
+    if (typeof options === 'function') { callback = options; options = undefined; }
+    var action = { action: 'file_rename', path: String(oldPath), dest: String(newPath) };
+    var check = decide(action);
+    if (check.blocked) { process.nextTick(function () { callback(check.error); }); return; }
+    origFs.rename(oldPath, newPath, function done(err) {
+        postAudit(action, check.decision, !err, err ? { error: err.message } : null);
+        callback(err);
+    });
+};
+fs.renameSync = function lbeRenameSync(oldPath, newPath) {
+    var action = { action: 'file_rename', path: String(oldPath), dest: String(newPath) };
+    var check = decide(action);
+    if (check.blocked) { throw check.error; }
+    try {
+        var result = origFs.renameSync(oldPath, newPath);
+        postAudit(action, check.decision, true);
+        return result;
+    } catch (e) {
+        postAudit(action, check.decision, false, { error: e.message });
+        throw e;
+    }
+};
+// ── Patch fs.promises ─────────────────────────────────────────────────────────
+fs.promises.writeFile = async function lbePromisesWriteFile(filePath, data, options) {
+    var action = { action: 'file_write', path: String(filePath) };
+    var check = decide(action);
+    if (check.blocked) { throw check.error; }
+    try {
+        var result = options !== undefined
+            ? await origPromises.writeFile(filePath, data, options)
+            : await origPromises.writeFile(filePath, data);
+        postAudit(action, check.decision, true);
+        return result;
+    } catch (e) {
+        postAudit(action, check.decision, false, { error: e.message });
+        throw e;
+    }
+};
+if (origPromises.rm) {
+    fs.promises.rm = async function lbePromisesRm(filePath, options) {
+        var action = { action: 'file_delete', path: String(filePath) };
+        var check = decide(action);
+        if (check.blocked) { throw check.error; }
+        try {
+            var result = options !== undefined
+                ? await origPromises.rm(filePath, options)
+                : await origPromises.rm(filePath);
+            postAudit(action, check.decision, true);
+            return result;
+        } catch (e) {
+            postAudit(action, check.decision, false, { error: e.message });
+            throw e;
+        }
+    };
+}
+fs.promises.unlink = async function lbePromisesUnlink(filePath) {
+    var action = { action: 'file_delete', path: String(filePath) };
+    var check = decide(action);
+    if (check.blocked) { throw check.error; }
+    try {
+        var result = await origPromises.unlink(filePath);
+        postAudit(action, check.decision, true);
+        return result;
+    } catch (e) {
+        postAudit(action, check.decision, false, { error: e.message });
+        throw e;
+    }
+};
+fs.promises.rename = async function lbePromisesRename(oldPath, newPath) {
+    var action = { action: 'file_rename', path: String(oldPath), dest: String(newPath) };
+    var check = decide(action);
+    if (check.blocked) { throw check.error; }
+    try {
+        var result = await origPromises.rename(oldPath, newPath);
+        postAudit(action, check.decision, true);
+        return result;
+    } catch (e) {
+        postAudit(action, check.decision, false, { error: e.message });
+        throw e;
+    }
+};
+// ── Patch child_process ───────────────────────────────────────────────────────
+cp.spawn = function lbeSpawn(cmd, args, options) {
+    if (args && !Array.isArray(args)) { options = args; args = []; }
+    var cwd = options && options.cwd ? String(options.cwd) : ROOT_DIR;
+    var shell = !!(options && options.shell);
+    var action = { action: 'run_shell', cmd: String(cmd), args: args || [], cwd: cwd, shell: shell };
+    var check = decide(action);
+    if (check.blocked) { return makeFailedChildProcess(check.error); }
+    var child = origCp.spawn(cmd, args || [], options || {});
+    child.on('close', function (code) { postAudit(action, check.decision, code === 0, { exit_code: code }); });
+    return child;
+};
+cp.spawnSync = function lbeSpawnSync(cmd, args, options) {
+    if (args && !Array.isArray(args)) { options = args; args = []; }
+    var cwd = options && options.cwd ? String(options.cwd) : ROOT_DIR;
+    var shell = !!(options && options.shell);
+    var action = { action: 'run_shell', cmd: String(cmd), args: args || [], cwd: cwd, shell: shell };
+    var check = decide(action);
+    if (check.blocked) {
+        return { pid: 0, output: [null, Buffer.alloc(0), Buffer.alloc(0)], stdout: Buffer.alloc(0), stderr: Buffer.alloc(0), status: 1, signal: null, error: check.error };
+    }
+    var result = origCp.spawnSync(cmd, args || [], options || {});
+    postAudit(action, check.decision, result.status === 0, { exit_code: result.status });
+    return result;
+};
+cp.exec = function lbeExec(command, options, callback) {
+    if (typeof options === 'function') { callback = options; options = undefined; }
+    var cwd = options && options.cwd ? String(options.cwd) : ROOT_DIR;
+    var action = { action: 'run_shell', cmd: String(command), args: [], cwd: cwd, shell: true };
+    var check = decide(action);
+    if (check.blocked) {
+        process.nextTick(function () { if (callback) callback(check.error, '', ''); });
+        return makeFailedChildProcess(check.error);
+    }
+    var cb = function done(err, stdout, stderr) {
+        postAudit(action, check.decision, !err, err ? { error: err.message } : null);
+        if (callback) callback(err, stdout, stderr);
+    };
+    return options !== undefined ? origCp.exec(command, options, cb) : origCp.exec(command, cb);
+};
+cp.execSync = function lbeExecSync(command, options) {
+    var cwd = options && options.cwd ? String(options.cwd) : ROOT_DIR;
+    var action = { action: 'run_shell', cmd: String(command), args: [], cwd: cwd, shell: true };
+    var check = decide(action);
+    if (check.blocked) { throw check.error; }
+    try {
+        var result = options !== undefined ? origCp.execSync(command, options) : origCp.execSync(command);
+        postAudit(action, check.decision, true);
+        return result;
+    } catch (e) {
+        postAudit(action, check.decision, false, { error: e.message });
+        throw e;
+    }
+};
+// ── Write hook-status.json (uses origFs — captured before patching) ───────────
+process.env.LBE_HOOK_ACTIVE = '1';
+try {
+    var statusDir = path.join(ROOT_DIR, '.lbe', 'runtime');
+    if (!fs.existsSync(statusDir)) fs.mkdirSync(statusDir, { recursive: true });
+    var status = {
+        active: true,
+        pid: process.pid,
+        started_at: new Date().toISOString(),
+        mode: MODE,
+        root: ROOT_DIR,
+        patched: {
+            'fs.writeFile': true,
+            'fs.writeFileSync': true,
+            'fs.rm': !!origFs.rm,
+            'fs.rmSync': !!origFs.rmSync,
+            'fs.unlink': true,
+            'fs.unlinkSync': true,
+            'fs.rename': true,
+            'fs.renameSync': true,
+            'fs.promises.writeFile': true,
+            'fs.promises.rm': !!origPromises.rm,
+            'fs.promises.unlink': true,
+            'fs.promises.rename': true,
+            'child_process.spawn': true,
+            'child_process.spawnSync': true,
+            'child_process.exec': true,
+            'child_process.execSync': true,
+        }
+    };
+    // Use original writeFileSync (pre-patch) to avoid triggering our own hook
+    origFs.writeFileSync(path.join(statusDir, 'hook-status.json'), JSON.stringify(status, null, 2) + '\n', 'utf8');
+} catch (e) {
+    console.warn('[lbe] could not write hook-status.json:', e.message);
+}
+// ── Banner ────────────────────────────────────────────────────────────────────
+if (MODE === 'observe') {
+    process.stderr.write('[lbe] OBSERVE mode — no actions blocked, all writes logged to .lbe/events.jsonl\n');
+} else if (MODE === 'enforce') {
+    process.stderr.write('[lbe] ENFORCE mode — policy denials will block execution\n');
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@letterblack/lbe-exec",
-  "version": "1.2.10",
+  "version": "1.2.12",
   "description": "Local host-signed execution layer for LetterBlack LBE.",
   "type": "module",
   "main": "dist/index.js",
@@ -9,13 +9,15 @@
     ".": {
       "types": "./types.d.ts",
       "default": "./dist/index.js"
-    }
+    },
+    "./hooks/register.cjs": "./hooks/register.cjs"
   },
   "bin": {
     "lbe-exec": "dist/cli.js"
   },
   "files": [
     "dist/",
+    "hooks/",
     "assets/",
     "README.md",
     "types.d.ts",