@letterblack/lbe-exec 1.2.17 → 1.2.19

package/dist/cli.js

@@ -1,2363 +1,20 @@
 #!/usr/bin/env node
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __esm = (fn, res) => function __init() {
-  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
-};
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-
-// src/core/signature.js
-import nacl from "tweetnacl";
-import { canonicalize } from "json-canonicalize";
-function bytesFromBase64(b64) {
-  return Buffer.from(b64, "base64");
-}
-function toBase64(bytes) {
-  return Buffer.from(bytes).toString("base64");
-}
-function verifyEd25519({ payloadObj, sigB64, pubKeyB64 }) {
-  try {
-    const msg = Buffer.from(canonicalize(payloadObj), "utf8");
-    const sig = bytesFromBase64(sigB64);
-    const pub = bytesFromBase64(pubKeyB64);
-    const isValid = nacl.sign.detached.verify(
-      new Uint8Array(msg),
-      new Uint8Array(sig),
-      new Uint8Array(pub)
-    );
-    return {
-      valid: isValid,
-      message: isValid ? "Signature verified" : "Signature verification failed"
-    };
-  } catch (err) {
-    return {
-      valid: false,
-      message: `Signature verification error: ${err.message}`
-    };
-  }
-}
-function generateKeyPair() {
-  const keyPair = nacl.sign.keyPair();
-  return {
-    publicKey: toBase64(keyPair.publicKey),
-    secretKey: toBase64(keyPair.secretKey)
-  };
-}
-function signEd25519({ payloadObj, secretKeyB64 }) {
-  try {
-    const msg = Buffer.from(canonicalize(payloadObj), "utf8");
-    const secretKey = bytesFromBase64(secretKeyB64);
-    const sig = nacl.sign.detached(new Uint8Array(msg), new Uint8Array(secretKey));
-    return {
-      signature: toBase64(sig),
-      error: null
-    };
-  } catch (err) {
-    return {
-      signature: null,
-      error: `Signing failed: ${err.message}`
-    };
-  }
-}
-var init_signature = __esm({
-  "src/core/signature.js"() {
-  }
-});
-
-// src/core/atomicWrite.js
-import fs5 from "fs";
-import path5 from "path";
-import crypto from "crypto";
-function _lockPathFor(targetPath) {
-  return targetPath + ".lock";
-}
-function _tryAcquire(lockPath) {
-  try {
-    const fd = fs5.openSync(lockPath, "wx");
-    fs5.writeSync(fd, `pid:${process.pid}:${Date.now()}`);
-    fs5.closeSync(fd);
-    return true;
-  } catch (err) {
-    if (err.code === "EEXIST" || err.code === "EPERM" || err.code === "EBUSY" || err.code === "EACCES") {
-      return false;
-    }
-    throw err;
-  }
-}
-function _removeIfStale(lockPath, staleMs) {
-  try {
-    const stat = fs5.statSync(lockPath);
-    const ageMs = Date.now() - stat.mtimeMs;
-    if (ageMs > staleMs) {
-      try {
-        fs5.unlinkSync(lockPath);
-      } catch {
-      }
-    }
-  } catch {
-  }
-}
-function _sleepSync(ms) {
-  const end = Date.now() + ms;
-  while (Date.now() < end) {
-    try {
-      Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, Math.max(1, end - Date.now()));
-    } catch {
-    }
-  }
-}
-function withFileLock(targetPath, optsOrFn, maybeFn) {
-  const fn = typeof optsOrFn === "function" ? optsOrFn : maybeFn;
-  const opts2 = typeof optsOrFn === "function" ? {} : optsOrFn || {};
-  const { timeoutMs, pollMs, staleMs } = { ...DEFAULT_LOCK_OPTS, ...opts2 };
-  const dir = path5.dirname(targetPath);
-  if (!fs5.existsSync(dir)) {
-    fs5.mkdirSync(dir, { recursive: true });
-  }
-  const lockPath = _lockPathFor(targetPath);
-  const deadline = Date.now() + timeoutMs;
-  let acquired = false;
-  while (!acquired) {
-    acquired = _tryAcquire(lockPath);
-    if (acquired) break;
-    if (Date.now() >= deadline) {
-      _removeIfStale(lockPath, staleMs);
-      acquired = _tryAcquire(lockPath);
-      if (acquired) break;
-      const err = new Error(`withFileLock: timeout acquiring ${lockPath} after ${timeoutMs}ms`);
-      err.code = "ELOCKTIMEOUT";
-      throw err;
-    }
-    _removeIfStale(lockPath, staleMs);
-    const jitter = Math.floor(Math.random() * pollMs);
-    _sleepSync(pollMs + jitter);
-  }
-  try {
-    return fn();
-  } finally {
-    try {
-      fs5.unlinkSync(lockPath);
-    } catch {
-    }
-  }
-}
-function atomicWriteFileSync(filePath, data, options = {}) {
-  const dir = path5.dirname(filePath);
-  if (!fs5.existsSync(dir)) {
-    fs5.mkdirSync(dir, { recursive: true });
-  }
-  const tempFile = path5.join(dir, `.tmp-${Date.now()}-${crypto.randomBytes(4).toString("hex")}`);
-  try {
-    fs5.writeFileSync(tempFile, data, options);
-    fs5.renameSync(tempFile, filePath);
-  } catch (error2) {
-    try {
-      if (fs5.existsSync(tempFile)) {
-        fs5.unlinkSync(tempFile);
-      }
-    } catch (cleanupError) {
-    }
-    throw error2;
-  }
-}
-var DEFAULT_LOCK_OPTS;
-var init_atomicWrite = __esm({
-  "src/core/atomicWrite.js"() {
-    DEFAULT_LOCK_OPTS = {
-      timeoutMs: 5e3,
-      // total wait before giving up
-      pollMs: 15,
-      // base poll interval (jittered)
-      staleMs: 3e4
-      // lock files older than this are presumed orphaned
-    };
-  }
-});
-
-// src/core/auditLog.js
-import fs6 from "fs";
-import path6 from "path";
-import crypto2 from "crypto";
-function sha256(str) {
-  return crypto2.createHash("sha256").update(str).digest("hex");
-}
-function getLastHash(logPath) {
-  try {
-    if (!fs6.existsSync(logPath)) return "GENESIS";
-    const content = fs6.readFileSync(logPath, "utf8").trim();
-    if (!content) return "GENESIS";
-    const lines = content.split("\n");
-    const lastLine = lines[lines.length - 1];
-    try {
-      const lastEntry = JSON.parse(lastLine);
-      return lastEntry.hash || "GENESIS";
-    } catch (err) {
-      return "GENESIS";
-    }
-  } catch (err) {
-    return "GENESIS";
-  }
-}
-function appendAudit(logPath, entry) {
-  const dir = path6.dirname(logPath);
-  if (!fs6.existsSync(dir)) {
-    fs6.mkdirSync(dir, { recursive: true });
-  }
-  let result;
-  withFileLock(logPath, () => {
-    const prevHash = getLastHash(logPath);
-    const record = {
-      ...entry,
-      prevHash,
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
-    };
-    delete record.hash;
-    const recordStr = JSON.stringify(record);
-    const hash = sha256(recordStr);
-    const final = JSON.stringify({ ...record, hash });
-    let existingContent = "";
-    if (fs6.existsSync(logPath)) {
-      existingContent = fs6.readFileSync(logPath, "utf8");
-    }
-    try {
-      atomicWriteFileSync(logPath, existingContent + final + "\n", { encoding: "utf8" });
-    } catch (err) {
-      throw new Error(`Audit log write failed: ${err.message}`);
-    }
-    result = {
-      success: true,
-      hash,
-      prevHash,
-      message: "Audit entry appended"
-    };
-  });
-  return result;
-}
-function verifyAuditLogIntegrity(logPath, options = {}) {
-  const failFast = options.failFast !== false;
-  const maxEntries = Number.isFinite(options.maxEntries) && options.maxEntries > 0 ? Math.floor(options.maxEntries) : null;
-  const response = {
-    ok: true,
-    file: path6.resolve(logPath),
-    entries: 0,
-    valid: true,
-    firstInvalidIndex: null,
-    reason: null,
-    errors: [],
-    message: "Audit log verified"
-  };
-  try {
-    if (!fs6.existsSync(logPath)) {
-      response.message = "Audit log file not found (treated as empty)";
-      return response;
-    }
-    const raw = fs6.readFileSync(logPath, "utf8").trim();
-    if (!raw) {
-      response.message = "Empty audit log";
-      return response;
-    }
-    const allLines = raw.split("\n");
-    const lines = maxEntries ? allLines.slice(0, maxEntries) : allLines;
-    response.entries = lines.length;
-    let expectedPrevHash = "GENESIS";
-    for (let i = 0; i < lines.length; i++) {
-      let entry;
-      try {
-        entry = JSON.parse(lines[i]);
-      } catch {
-        const errObj = {
-          index: i,
-          reason: "INVALID_JSON_LINE",
-          message: `Line ${i} is not valid JSON`
-        };
-        response.valid = false;
-        response.ok = false;
-        response.firstInvalidIndex ??= i;
-        response.reason ??= errObj.reason;
-        response.errors.push(errObj);
-        if (failFast) break;
-        continue;
-      }
-      if (entry.prevHash !== expectedPrevHash) {
-        const errObj = {
-          index: i,
-          reason: "PREV_HASH_MISMATCH",
-          message: `Expected prevHash '${expectedPrevHash}', got '${entry.prevHash}'`
-        };
-        response.valid = false;
-        response.ok = false;
-        response.firstInvalidIndex ??= i;
-        response.reason ??= errObj.reason;
-        response.errors.push(errObj);
-        if (failFast) break;
-      }
-      const recordCopy = { ...entry };
-      const recordHash = recordCopy.hash;
-      delete recordCopy.hash;
-      const expectedHash = sha256(JSON.stringify(recordCopy));
-      if (recordHash !== expectedHash) {
-        const errObj = {
-          index: i,
-          reason: "HASH_MISMATCH",
-          message: `Expected hash '${expectedHash}', got '${recordHash}'`
-        };
-        response.valid = false;
-        response.ok = false;
-        response.firstInvalidIndex ??= i;
-        response.reason ??= errObj.reason;
-        response.errors.push(errObj);
-        if (failFast) break;
-      }
-      expectedPrevHash = recordHash;
-    }
-    response.message = response.valid ? `Audit log verified: ${response.entries} entries` : `Audit log integrity failed at index ${response.firstInvalidIndex}`;
-    return response;
-  } catch (err) {
-    return {
-      ok: false,
-      file: path6.resolve(logPath),
-      entries: 0,
-      valid: false,
-      firstInvalidIndex: null,
-      reason: "AUDIT_VERIFY_ERROR",
-      errors: [{ index: null, reason: "AUDIT_VERIFY_ERROR", message: err.message }],
-      message: `Integrity check failed: ${err.message}`
-    };
-  }
-}
-var init_auditLog = __esm({
-  "src/core/auditLog.js"() {
-    init_atomicWrite();
-  }
-});
-
-// src/core/localPolicy.js
-import fs7 from "fs";
-import path7 from "path";
-import crypto3 from "crypto";
-function glob(pattern) {
-  const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&");
-  return new RegExp("^" + escaped.replace(/\*\*\//g, "(?:.*/)?").replace(/\*\*/g, ".*").replace(/\*/g, "[^/]*") + "$");
-}
-function relative(root, value) {
-  const rel = path7.relative(root, path7.resolve(value));
-  return rel.split(path7.sep).join("/");
-}
-function localPolicyPaths(rootDir) {
-  const root = path7.resolve(rootDir || process.cwd());
-  return { root, policyPath: path7.join(root, POLICY_FILE), auditPath: path7.join(root, AUDIT_FILE) };
-}
-function loadLocalPolicy(rootDir, mode = "observe") {
-  const paths = localPolicyPaths(rootDir);
-  if (!fs7.existsSync(paths.policyPath)) {
-    return { ...paths, policy: { version: 1, mode, workspace: paths.root, rules: [] } };
-  }
-  const policy = JSON.parse(fs7.readFileSync(paths.policyPath, "utf8"));
-  if (policy?.version !== 1 || !["observe", "enforce"].includes(policy.mode) || !Array.isArray(policy.rules)) {
-    throw new Error(`Invalid ${POLICY_FILE}`);
-  }
-  return { ...paths, policy };
-}
-function writeLocalPolicy(rootDir, policy) {
-  const { policyPath, root } = localPolicyPaths(rootDir);
-  const next = { ...policy, version: 1, workspace: root, rules: Array.isArray(policy.rules) ? policy.rules : [] };
-  atomicWriteFileSync(policyPath, JSON.stringify(next, null, 2) + "\n", { encoding: "utf8" });
-  return next;
-}
-function addLocalPolicyRule(rootDir, rule, mode) {
-  if (!rule || !["allow", "deny"].includes(rule.effect) || !["path", "command"].includes(rule.type) || typeof rule.pattern !== "string" || !rule.pattern || typeof rule.from !== "string" || !rule.from) {
-    throw new Error("Rule requires effect, type, pattern, and from");
-  }
-  const loaded = loadLocalPolicy(rootDir, mode);
-  const entry = {
-    id: rule.id || crypto3.randomUUID(),
-    effect: rule.effect,
-    type: rule.type,
-    pattern: rule.pattern,
-    from: rule.from,
-    at: rule.at || (/* @__PURE__ */ new Date()).toISOString()
-  };
-  writeLocalPolicy(loaded.root, { ...loaded.policy, mode: mode || loaded.policy.mode, rules: [...loaded.policy.rules, entry] });
-  return { id: entry.id, added: true, rule: entry };
-}
-function proposePolicyRule(rule) {
-  return { ...rule, proposed: true, at: (/* @__PURE__ */ new Date()).toISOString() };
-}
-function evaluateLocalPolicy(policy, rootDir, { target, command } = {}) {
-  const root = path7.resolve(rootDir);
-  const candidates = [];
-  if (target) candidates.push({ type: "path", value: relative(root, target) });
-  if (command) candidates.push({ type: "command", value: command });
-  const matched = policy.rules.filter((rule) => candidates.some((c) => c.type === rule.type && glob(rule.pattern).test(c.value)));
-  const denied = matched.filter((rule) => rule.effect === "deny");
-  return { allowed: denied.length === 0, matched, winningRules: denied.length ? denied : matched.filter((r) => r.effect === "allow"), reason: denied.length ? "LOCAL_POLICY_DENY" : null };
-}
-function auditLocalPolicy(rootDir, entry) {
-  const { auditPath } = localPolicyPaths(rootDir);
-  appendAudit(auditPath, { kind: "local_policy", timestamp: (/* @__PURE__ */ new Date()).toISOString(), ...entry });
-}
-var POLICY_FILE, AUDIT_FILE;
-var init_localPolicy = __esm({
-  "src/core/localPolicy.js"() {
-    init_auditLog();
-    init_atomicWrite();
-    POLICY_FILE = ".lbe/policy.json";
-    AUDIT_FILE = ".lbe/audit.jsonl";
-  }
-});
-
-// src/core/policyVersionGuard.js
-import fs8 from "fs";
-import path8 from "path";
-function parsePolicyVersion(version) {
-  if (typeof version === "number" && Number.isFinite(version)) {
-    return { ok: true, kind: "int", parts: [Math.floor(version)], raw: String(version) };
-  }
-  if (typeof version !== "string" || !version.trim()) {
-    return { ok: false, reason: "POLICY_VERSION_INVALID", message: "Policy version is required" };
-  }
-  const trimmed = version.trim();
-  if (/^\d+$/.test(trimmed)) {
-    return { ok: true, kind: "int", parts: [Number(trimmed)], raw: trimmed };
-  }
-  const semver = trimmed.replace(/^v/i, "");
-  if (/^\d+(\.\d+){0,2}$/.test(semver)) {
-    const parsed = semver.split(".").map((n) => Number(n));
-    while (parsed.length < 3) {
-      parsed.push(0);
-    }
-    return { ok: true, kind: "semver", parts: parsed, raw: trimmed };
-  }
-  return {
-    ok: false,
-    reason: "POLICY_VERSION_INVALID",
-    message: `Unsupported policy version format '${version}' (use integer or semver)`
-  };
-}
-function compareVersions(a, b) {
-  const len = Math.max(a.parts.length, b.parts.length);
-  for (let i = 0; i < len; i++) {
-    const av = a.parts[i] ?? 0;
-    const bv = b.parts[i] ?? 0;
-    if (av > bv) return 1;
-    if (av < bv) return -1;
-  }
-  return 0;
-}
-function parseCreatedAt(createdAt) {
-  if (typeof createdAt === "number" && Number.isFinite(createdAt)) {
-    const sec = createdAt > 1e12 ? Math.floor(createdAt / 1e3) : Math.floor(createdAt);
-    return { ok: true, epochSec: sec };
-  }
-  if (typeof createdAt !== "string" || !createdAt.trim()) {
-    return {
-      ok: false,
-      reason: "POLICY_CREATED_AT_INVALID",
-      message: "Policy createdAt is required"
-    };
-  }
-  const ts = Date.parse(createdAt);
-  if (Number.isNaN(ts)) {
-    return {
-      ok: false,
-      reason: "POLICY_CREATED_AT_INVALID",
-      message: `Invalid policy createdAt '${createdAt}'`
-    };
-  }
-  return { ok: true, epochSec: Math.floor(ts / 1e3) };
-}
-function loadPolicyState(statePath) {
-  if (!fs8.existsSync(statePath)) {
-    return {
-      schemaVersion: "1",
-      lastAccepted: null,
-      updatedAt: null
-    };
-  }
-  try {
-    const parsed = JSON.parse(fs8.readFileSync(statePath, "utf8"));
-    if (!parsed || typeof parsed !== "object") {
-      throw new Error("Policy state file has invalid structure");
-    }
-    return {
-      schemaVersion: String(parsed.schemaVersion || "1"),
-      lastAccepted: parsed.lastAccepted && typeof parsed.lastAccepted === "object" ? parsed.lastAccepted : null,
-      updatedAt: parsed.updatedAt || null
-    };
-  } catch (err) {
-    throw new Error(`Policy state at ${statePath} is corrupt or unreadable: ${err.message}`);
-  }
-}
-function savePolicyState(statePath, stateObj) {
-  const payload = JSON.stringify(stateObj, null, 2);
-  atomicWriteFileSync(statePath, payload, { encoding: "utf8" });
-}
-function validateAndUpdatePolicyVersionState({
-  policyObj,
-  statePath = path8.resolve(".lbe/data/policy.state.json"),
-  maxCreatedAtSkewSec = 31536e3,
-  nowSec = Math.floor(Date.now() / 1e3),
-  persist = true
-}) {
-  const version = parsePolicyVersion(policyObj?.version);
-  if (!version.ok) {
-    return {
-      ok: false,
-      reason: version.reason,
-      message: version.message,
-      updated: false
-    };
-  }
-  const createdAt = parseCreatedAt(policyObj?.createdAt);
-  if (!createdAt.ok) {
-    return {
-      ok: false,
-      reason: createdAt.reason,
-      message: createdAt.message,
-      updated: false
-    };
-  }
-  const skew = Math.abs(nowSec - createdAt.epochSec);
-  const allowedSkew = Number.isFinite(maxCreatedAtSkewSec) && maxCreatedAtSkewSec > 0 ? Math.floor(maxCreatedAtSkewSec) : 31536e3;
-  if (skew > allowedSkew) {
-    return {
-      ok: false,
-      reason: "POLICY_CREATED_AT_SKEW_EXCEEDED",
-      message: `Policy createdAt skew ${skew}s exceeds allowed ${allowedSkew}s`,
-      updated: false
-    };
-  }
-  let state;
-  try {
-    state = loadPolicyState(statePath);
-  } catch (err) {
-    return {
-      ok: false,
-      reason: "POLICY_STATE_CORRUPT",
-      message: err.message,
-      updated: false
-    };
-  }
-  const previous = state.lastAccepted;
-  let previousVersion = null;
-  let previousCreatedAt = null;
-  let versionCompare = 0;
-  if (previous) {
-    previousVersion = parsePolicyVersion(previous.version);
-    previousCreatedAt = parseCreatedAt(previous.createdAt);
-    if (previousVersion.ok && previousCreatedAt.ok) {
-      versionCompare = compareVersions(version, previousVersion);
-      if (versionCompare < 0) {
-        return {
-          ok: false,
-          reason: "POLICY_VERSION_REGRESSION",
-          message: `Policy version regression: current '${version.raw}' < last '${previousVersion.raw}'`,
-          updated: false
-        };
-      }
-      if (versionCompare === 0 && createdAt.epochSec < previousCreatedAt.epochSec) {
-        return {
-          ok: false,
-          reason: "POLICY_CREATED_AT_REGRESSION",
-          message: `Policy createdAt regression: current '${policyObj.createdAt}' < last '${previous.createdAt}'`,
-          updated: false
-        };
-      }
-      if (versionCompare > 0 && createdAt.epochSec < previousCreatedAt.epochSec) {
-        return {
-          ok: false,
-          reason: "POLICY_CREATED_AT_REGRESSION",
-          message: `Policy createdAt must be monotonic when version increases`,
-          updated: false
-        };
-      }
-    }
-  }
-  const shouldUpdate = !previous || !previousVersion?.ok || !previousCreatedAt?.ok || versionCompare > 0 || versionCompare === 0 && createdAt.epochSec > previousCreatedAt.epochSec;
-  if (persist && shouldUpdate) {
-    const nextState = {
-      schemaVersion: "1",
-      lastAccepted: {
-        version: policyObj.version,
-        createdAt: policyObj.createdAt,
-        environment: policyObj.environment || null
-      },
-      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-    };
-    savePolicyState(statePath, nextState);
-  }
-  return {
-    ok: true,
-    reason: null,
-    message: "Policy version guard passed",
-    updated: shouldUpdate
-  };
-}
-var init_policyVersionGuard = __esm({
-  "src/core/policyVersionGuard.js"() {
-    init_atomicWrite();
-  }
-});
-
-// runtime/engine.js
-import fs9 from "fs";
-import path9 from "path";
-import { fileURLToPath } from "url";
-function wasm() {
-  if (_instance) return _instance;
-  if (!fs9.existsSync(wasmPath)) throw new Error(`LBE engine missing: ${wasmPath}`);
-  const bytes = fs9.readFileSync(wasmPath);
-  _instance = new WebAssembly.Instance(new WebAssembly.Module(bytes), {});
-  return _instance;
-}
-function memory() {
-  return new Uint8Array(wasm().exports.memory.buffer);
-}
-function inPtr() {
-  return wasm().exports.lbe_in_ptr();
-}
-function outPtr() {
-  return wasm().exports.lbe_out_ptr();
-}
-function bufSize() {
-  return wasm().exports.lbe_buf_size();
-}
-function writeIn(str) {
-  const enc = new TextEncoder().encode(str);
-  const mem = memory();
-  const ptr = inPtr();
-  mem.set(enc, ptr);
-  mem[ptr + enc.length] = 0;
-}
-function readOut() {
-  const mem = memory();
-  const ptr = outPtr();
-  let end = ptr;
-  while (mem[end] !== 0 && end - ptr < bufSize()) end++;
-  return new TextDecoder().decode(mem.slice(ptr, end));
-}
-function writePipelineInput(fields) {
-  const mem = memory();
-  const ptr = inPtr();
-  const view = new DataView(mem.buffer, ptr);
-  fields.forEach((v, i) => view.setUint32(i * 4, v >>> 0, true));
-}
-function readPipelineOutput() {
-  const mem = memory();
-  const ptr = outPtr();
-  const view = new DataView(mem.buffer, ptr);
-  return { stage: view.getUint32(0, true), code: view.getUint32(4, true) };
-}
-function runValidationPipeline(flags) {
-  writePipelineInput([
-    // Schema flags [0..24]
-    flags.hasId ? 1 : 0,
-    flags.idValid ? 1 : 0,
-    flags.hasCommandId ? 1 : 0,
-    flags.commandIdValid ? 1 : 0,
-    flags.hasRequesterId ? 1 : 0,
-    flags.requesterIdValid ? 1 : 0,
-    flags.hasSessionId ? 1 : 0,
-    flags.sessionIdValid ? 1 : 0,
-    flags.hasTimestamp ? 1 : 0,
-    flags.timestampValid ? 1 : 0,
-    flags.hasNonce ? 1 : 0,
-    flags.nonceValid ? 1 : 0,
-    flags.hasRequires ? 1 : 0,
-    flags.requiresValid ? 1 : 0,
-    flags.hasPayload ? 1 : 0,
-    flags.hasPayloadAdapter ? 1 : 0,
-    flags.payloadAdapterValid ? 1 : 0,
-    flags.hasSignature ? 1 : 0,
-    flags.hasSignatureAlg ? 1 : 0,
-    flags.signatureAlgValid ? 1 : 0,
-    flags.hasSignatureKeyId ? 1 : 0,
-    flags.hasSignatureSig ? 1 : 0,
-    flags.signatureSigValid ? 1 : 0,
-    flags.hasRisk ? 1 : 0,
-    flags.riskValid ? 1 : 0,
-    // Timestamp [25..27]
-    flags.cmdTimestamp >>> 0,
-    flags.nowSec >>> 0,
-    flags.maxClockSkewSec >>> 0,
-    // Key lifecycle [28..34]
-    flags.keyIdFormatValid ? 1 : 0,
-    flags.keyFound ? 1 : 0,
-    flags.keyNotDeprecated ? 1 : 0,
-    flags.keyRequesterMatches ? 1 : 0,
-    flags.keyNotBeforeOk ? 1 : 0,
-    flags.keyNotExpired ? 1 : 0,
-    flags.keyLifecycleFieldsPresent ? 1 : 0,
-    // Signature [35]
-    flags.signatureValid ? 1 : 0,
-    // Rate limit [36..37]
-    flags.rateLimitOk ? 1 : 0,
-    flags.rateLimitRetryAfterSec >>> 0,
-    // Nonce [38]
-    flags.nonceOk ? 1 : 0,
-    // Policy [39..48]
-    flags.policyConfigured ? 1 : 0,
-    flags.requesterConfigured ? 1 : 0,
-    flags.commandAllowed ? 1 : 0,
-    flags.adapterAllowed ? 1 : 0,
-    flags.filesystemRequired ? 1 : 0,
-    flags.filesystemRootsDefined ? 1 : 0,
-    flags.filesystemOk ? 1 : 0,
-    flags.pathDenied ? 1 : 0,
-    flags.shellRequired ? 1 : 0,
-    flags.shellCommandOk ? 1 : 0
-  ]);
-  wasm().exports.lbe_validate_pipeline();
-  const { stage, code } = readPipelineOutput();
-  const ok = stage === 255;
-  return {
-    ok,
-    stage,
-    stageLabel: PIPELINE_STAGES[stage] || "unknown",
-    code,
-    schemaError: stage === 0 ? SCHEMA_MESSAGES[code]?.error || "Schema invalid" : null,
-    keyReason: stage === 2 ? KEY_REASONS[code] || "KEY_ERROR" : null,
-    policyResult: stage === 6 ? { ...POLICY_MESSAGES[code] || POLICY_MESSAGES[1], code } : null,
-    retryAfterSec: stage === 4 ? code : 0,
-    skewSec: stage === 1 ? code : 0
-  };
-}
-function checkNonce({ ttlSec, nowSec, newKey, existingEntries }) {
-  const lines = [`${ttlSec}:${nowSec}`, newKey, ...existingEntries].join("\n") + "\n";
-  writeIn(lines);
-  const isReplay = wasm().exports.lbe_nonce_check() !== 0;
-  if (isReplay) return { ok: false, updatedEntriesText: null };
-  const out = readOut();
-  return { ok: true, updatedEntriesText: out.startsWith("OK\n") ? out.slice(3) : out };
-}
-function checkRateLimit({ windowSec, maxRequests, nowSec, requesterId, existingEntries }) {
-  const lines = [
-    `${windowSec}:${maxRequests}:${nowSec}`,
-    requesterId,
-    ...existingEntries
-  ].join("\n") + "\n";
-  writeIn(lines);
-  const exceeded = wasm().exports.lbe_rate_check() !== 0;
-  const out = readOut();
-  if (exceeded) {
-    const retryAfterSec = parseInt(out.match(/^EXCEEDED:(\d+)/)?.[1] ?? "1", 10);
-    const entriesText = out.replace(/^EXCEEDED:\d+\n/, "");
-    return { ok: false, retryAfterSec, updatedEntriesText: entriesText };
-  }
-  return { ok: true, retryAfterSec: 0, updatedEntriesText: out.startsWith("OK\n") ? out.slice(3) : out };
-}
-function classifyRisk(commandId, shellCmdIsRm = false) {
-  const typeCode = COMMAND_TYPE[commandId] ?? 0;
-  const code = wasm().exports.lbe_classify_risk(typeCode, shellCmdIsRm ? 1 : 0);
-  return RISK_LABELS[code] ?? "LOW";
-}
-var runtimeDir, wasmPath, POLICY_MESSAGES, SCHEMA_MESSAGES, KEY_REASONS, PIPELINE_STAGES, RISK_LABELS, COMMAND_TYPE, _instance;
-var init_engine = __esm({
-  "runtime/engine.js"() {
-    runtimeDir = path9.dirname(fileURLToPath(import.meta.url));
-    wasmPath = path9.join(runtimeDir, "lbe_engine.wasm");
-    POLICY_MESSAGES = {
-      0: { allowed: true, reason: null, message: "Policy check passed" },
-      1: { allowed: false, reason: "POLICY_NOT_CONFIGURED", message: "No policy configured" },
-      2: { allowed: false, reason: "REQUESTER_NOT_ALLOWED", message: "Requester not in policy" },
-      3: { allowed: false, reason: "COMMAND_NOT_ALLOWED", message: "Command not allowed for requester" },
-      4: { allowed: false, reason: "ADAPTER_NOT_ALLOWED", message: "Adapter not allowed" },
-      5: { allowed: false, reason: "NO_FILESYSTEM_ROOTS_DEFINED", message: "No filesystem roots defined for requester" },
-      6: { allowed: false, reason: "CWD_OUTSIDE_ALLOWED_ROOT", message: "Path not under allowed roots" },
-      7: { allowed: false, reason: "PATH_DENIED_BY_PATTERN", message: "Path matches deny pattern" },
-      8: { allowed: false, reason: "SHELL_CMD_DENIED", message: "Shell command not allowed" }
-    };
-    SCHEMA_MESSAGES = {
-      0: { valid: true, error: null },
-      1: { valid: false, error: "Missing required field: id" },
-      2: { valid: false, error: "Missing required field: commandId" },
-      3: { valid: false, error: "Missing required field: requesterId" },
-      4: { valid: false, error: "Missing required field: sessionId" },
-      5: { valid: false, error: "Missing required field: timestamp" },
-      6: { valid: false, error: "Missing required field: nonce" },
-      7: { valid: false, error: "Missing required field: requires" },
-      8: { valid: false, error: "Missing required field: payload" },
-      9: { valid: false, error: "Missing required field: signature" },
-      10: { valid: false, error: "Field 'id' is invalid" },
-      11: { valid: false, error: "Field 'commandId' is invalid" },
-      12: { valid: false, error: "Field 'requesterId' is invalid" },
-      13: { valid: false, error: "Field 'sessionId' is invalid" },
-      14: { valid: false, error: "Field 'timestamp' is invalid" },
-      15: { valid: false, error: "Field 'nonce' is invalid" },
-      16: { valid: false, error: "Field 'requires' is invalid" },
-      17: { valid: false, error: "payload: missing required field: adapter" },
-      18: { valid: false, error: "payload: field 'adapter' is invalid" },
-      19: { valid: false, error: "signature: missing required field: alg" },
-      20: { valid: false, error: "signature: missing required field: keyId" },
-      21: { valid: false, error: "signature: missing required field: sig" },
-      22: { valid: false, error: "signature: field 'alg' must be ed25519" },
-      23: { valid: false, error: "signature: field 'sig' is invalid" },
-      24: { valid: false, error: "Field 'risk' is invalid" }
-    };
-    KEY_REASONS = {
-      1: "KEY_ID_INVALID",
-      2: "KEY_NOT_TRUSTED",
-      3: "KEY_DEPRECATED",
-      4: "KEY_REQUESTER_MISMATCH",
-      5: "KEY_LIFECYCLE_INVALID",
-      6: "KEY_NOT_YET_VALID",
-      7: "KEY_EXPIRED"
-    };
-    PIPELINE_STAGES = {
-      0: "schema",
-      1: "timestamp",
-      2: "key",
-      3: "signature",
-      4: "rate_limit",
-      5: "nonce",
-      6: "policy",
-      255: "ok"
-    };
-    RISK_LABELS = ["LOW", "MEDIUM", "HIGH", "CRITICAL"];
-    COMMAND_TYPE = { ECHO: 0, READ_FILE: 1, WRITE_FILE: 2, PATCH_FILE: 3, DELETE_FILE: 4, RUN_SHELL: 5 };
-    _instance = null;
-  }
-});
-
-// src/core/validator.js
-import path10 from "path";
-function extractSchemaFlags(cmd2) {
-  const has = (k) => cmd2 != null && Object.prototype.hasOwnProperty.call(cmd2, k);
-  const isStr = (v) => typeof v === "string";
-  const p = cmd2?.payload;
-  const sig = cmd2?.signature;
-  return {
-    hasId: has("id"),
-    idValid: isStr(cmd2?.id) && /^[A-Z_]+$/.test(cmd2.id) && cmd2.id.length >= 1 && cmd2.id.length <= 50,
-    hasCommandId: has("commandId"),
-    commandIdValid: isStr(cmd2?.commandId) && /^[a-f0-9-]+$/.test(cmd2.commandId) && cmd2.commandId.length === 36,
-    hasRequesterId: has("requesterId"),
-    requesterIdValid: isStr(cmd2?.requesterId) && cmd2.requesterId.length >= 3 && cmd2.requesterId.length <= 100,
-    hasSessionId: has("sessionId"),
-    sessionIdValid: isStr(cmd2?.sessionId) && cmd2.sessionId.length >= 3,
-    hasTimestamp: has("timestamp"),
-    timestampValid: typeof cmd2?.timestamp === "number" && cmd2.timestamp >= 1e9,
-    hasNonce: has("nonce"),
-    nonceValid: isStr(cmd2?.nonce) && cmd2.nonce.length >= 32 && cmd2.nonce.length <= 128,
-    hasRequires: has("requires"),
-    requiresValid: Array.isArray(cmd2?.requires) && cmd2.requires.length >= 1 && cmd2.requires.every(isStr),
-    hasPayload: has("payload") && typeof p === "object" && p !== null && !Array.isArray(p),
-    hasPayloadAdapter: p != null && Object.prototype.hasOwnProperty.call(p, "adapter"),
-    payloadAdapterValid: isStr(p?.adapter),
-    hasSignature: has("signature") && typeof sig === "object" && sig !== null && !Array.isArray(sig),
-    hasSignatureAlg: sig != null && Object.prototype.hasOwnProperty.call(sig, "alg"),
-    signatureAlgValid: sig?.alg === "ed25519",
-    hasSignatureKeyId: sig != null && Object.prototype.hasOwnProperty.call(sig, "keyId"),
-    hasSignatureSig: sig != null && Object.prototype.hasOwnProperty.call(sig, "sig"),
-    signatureSigValid: isStr(sig?.sig) && sig.sig.length >= 10,
-    hasRisk: has("risk"),
-    riskValid: ["LOW", "MEDIUM", "HIGH", "CRITICAL"].includes(cmd2?.risk)
-  };
-}
-function extractPolicyFlags(policy, cmd2) {
-  const hasPolicy = !!(policy && policy.default === "DENY" && policy.requesters && typeof policy.requesters === "object");
-  const rp = policy?.requesters?.[cmd2.requesterId];
-  const cmdId = cmd2.id?.toLowerCase() ?? "";
-  const commandAllowed = !!rp?.allowCommands?.some((c) => c.toLowerCase() === cmdId);
-  const adapterAllowed = !!rp?.allowAdapters?.includes(cmd2.payload?.adapter);
-  const filesystemRequired = !!cmd2.payload?.cwd;
-  let filesystemRootsDefined = false;
-  let filesystemOk = false;
-  let pathDenied = false;
-  if (filesystemRequired) {
-    const roots = rp?.filesystem?.roots ?? [];
-    filesystemRootsDefined = roots.length > 0;
-    if (filesystemRootsDefined) {
-      const cwd = path10.resolve(cmd2.payload.cwd);
-      filesystemOk = roots.some((r) => {
-        const rr = path10.resolve(r);
-        return cwd === rr || cwd.startsWith(rr + path10.sep);
-      });
-      const denyPatterns = rp?.filesystem?.denyPatterns ?? [];
-      pathDenied = denyPatterns.some((pattern) => {
-        const re = new RegExp("^" + pattern.replace(/\./g, "\\.").replace(/\*\*/g, ".*").replace(/\*/g, "[^/]*") + "$");
-        return re.test(cwd);
-      });
-    }
-  }
-  let shellRequired = false;
-  let shellCommandOk = true;
-  if (cmd2.id === "RUN_SHELL") {
-    shellRequired = true;
-    const allowCmds = rp?.exec?.allowCmds ?? [];
-    const denyCmds = rp?.exec?.denyCmds ?? [];
-    const shellCmd = cmd2.payload?.cmd;
-    if (denyCmds.includes(shellCmd)) {
-      shellCommandOk = false;
-    } else {
-      shellCommandOk = allowCmds.length === 0 || allowCmds.includes(shellCmd);
-    }
-  }
-  return {
-    policyConfigured: hasPolicy,
-    requesterConfigured: !!rp,
-    commandAllowed,
-    adapterAllowed,
-    filesystemRequired,
-    filesystemRootsDefined,
-    filesystemOk,
-    pathDenied,
-    shellRequired,
-    shellCommandOk
-  };
-}
-function extractKeyFlags(keyStore, keyId, requesterId, now = /* @__PURE__ */ new Date()) {
-  if (!keyStore || !keyId) {
-    return {
-      keyIdFormatValid: false,
-      keyFound: false,
-      keyNotDeprecated: false,
-      keyRequesterMatches: false,
-      keyNotBeforeOk: false,
-      keyNotExpired: false,
-      keyLifecycleFieldsPresent: false,
-      publicKey: null
-    };
-  }
-  const KEY_ID_RE = /^[A-Za-z0-9:_-]{3,128}$/;
-  const keyIdFormatValid = KEY_ID_RE.test(keyId) && keyId !== "default";
-  if (!keyIdFormatValid) {
-    return {
-      keyIdFormatValid,
-      keyFound: false,
-      keyNotDeprecated: false,
-      keyRequesterMatches: false,
-      keyNotBeforeOk: false,
-      keyNotExpired: false,
-      keyLifecycleFieldsPresent: false,
-      publicKey: null
-    };
-  }
-  const entry = keyStore.trustedKeys?.[keyId];
-  const keyFound = !!entry;
-  if (!keyFound) {
-    return {
-      keyIdFormatValid,
-      keyFound,
-      keyNotDeprecated: false,
-      keyRequesterMatches: false,
-      keyNotBeforeOk: false,
-      keyNotExpired: false,
-      keyLifecycleFieldsPresent: false,
-      publicKey: null
-    };
-  }
-  const keyNotDeprecated = !entry.deprecated;
-  const keyRequesterMatches = !entry.requesterId || entry.requesterId === requesterId;
-  const notBefore = entry.notBefore || entry.validFrom;
-  const expiresAt = entry.expiresAt || entry.validUntil;
-  const keyLifecycleFieldsPresent = typeof notBefore === "string" && typeof expiresAt === "string";
-  let keyNotBeforeOk = false;
-  let keyNotExpired = false;
-  if (keyLifecycleFieldsPresent) {
-    const nb = new Date(notBefore);
-    const exp = new Date(expiresAt);
-    if (!isNaN(nb.getTime()) && !isNaN(exp.getTime()) && nb < exp) {
-      keyNotBeforeOk = now >= nb;
-      keyNotExpired = now < exp;
-    }
-  }
-  return {
-    keyIdFormatValid,
-    keyFound,
-    keyNotDeprecated,
-    keyRequesterMatches,
-    keyNotBeforeOk,
-    keyNotExpired,
-    keyLifecycleFieldsPresent,
-    publicKey: entry.publicKey ?? null
-  };
-}
-function nonceEntriesToText(db) {
-  return (db?.entries ?? []).map((e) => `${e.key}:${e.timestamp}`);
-}
-function textToNonceEntries(text) {
-  return text.split("\n").filter(Boolean).map((line) => {
-    const lastColon = line.lastIndexOf(":");
-    return {
-      key: line.slice(0, lastColon),
-      timestamp: parseInt(line.slice(lastColon + 1), 10) || 0
-    };
-  });
-}
-function rateEntriesToText(db) {
-  return (db?.entries ?? []).map((e) => `${e.requesterId}:${e.timestamp}`);
-}
-function textToRateEntries(text) {
-  return text.split("\n").filter(Boolean).map((line) => {
-    const lastColon = line.lastIndexOf(":");
-    return {
-      requesterId: line.slice(0, lastColon),
-      timestamp: parseInt(line.slice(lastColon + 1), 10) || 0
-    };
-  });
-}
-function validateCommand({
-  commandObj,
-  pubKeyB64,
-  keyStore,
-  nonceDb,
-  policy,
-  rateLimiter,
-  policyStatePath
-}) {
-  const result = {
-    valid: false,
-    commandId: commandObj?.commandId,
-    checks: {},
-    errors: []
-  };
-  const nowSec = Math.floor(Date.now() / 1e3);
-  const now = /* @__PURE__ */ new Date();
-  const maxClockSkewSec = Number.isFinite(policy?.security?.maxClockSkewSec) ? policy.security.maxClockSkewSec : 600;
-  if (policyStatePath && policy?.version !== void 0) {
-    try {
-      const vCheck = validateAndUpdatePolicyVersionState({ policyObj: policy, statePath: policyStatePath });
-      result.checks.policyVersion = vCheck.ok;
-      if (!vCheck.ok) {
-        result.errors.push({ type: "POLICY_VERSION_INVALID", message: vCheck.message });
-        return result;
-      }
-    } catch {
-      result.checks.policyVersion = true;
-    }
-  } else {
-    result.checks.policyVersion = true;
-  }
-  const schemaFlags = extractSchemaFlags(commandObj);
-  const keyId = commandObj?.signature?.keyId;
-  const keyFlags = extractKeyFlags(keyStore, keyId, commandObj?.requesterId, now);
-  let signatureValid = false;
-  let effectivePubKey = keyFlags.publicKey;
-  if (!effectivePubKey && pubKeyB64) effectivePubKey = pubKeyB64;
-  if (effectivePubKey) {
-    const bodyWithoutSig = { ...commandObj };
-    delete bodyWithoutSig.signature;
-    const sigCheck = verifyEd25519({
-      payloadObj: bodyWithoutSig,
-      sigB64: commandObj?.signature?.sig,
-      pubKeyB64: effectivePubKey
-    });
-    signatureValid = sigCheck.valid;
-  }
-  let rateLimitOk = true;
-  let rateLimitRetryAfterSec = 0;
-  if (signatureValid && rateLimiter && typeof rateLimiter.db !== "undefined") {
-    const rateCfg = policy?.requesters?.[commandObj.requesterId]?.rateLimit || {};
-    const dfltCfg = policy?.security?.defaultRateLimit || {};
-    const windowSec = rateCfg.windowSec ?? dfltCfg.windowSec ?? 60;
-    const maxRequests = rateCfg.maxRequests ?? dfltCfg.maxRequests ?? 30;
-    const rateResult = checkRateLimit({
-      windowSec,
-      maxRequests,
-      nowSec,
-      requesterId: commandObj.requesterId,
-      existingEntries: rateEntriesToText(rateLimiter.db)
-    });
-    rateLimitOk = rateResult.ok;
-    rateLimitRetryAfterSec = rateResult.retryAfterSec;
-    if (rateResult.ok) {
-      rateLimiter.db.entries = textToRateEntries(rateResult.updatedEntriesText);
-    }
-  } else if (signatureValid && rateLimiter && typeof rateLimiter.checkAndRecord === "function") {
-    const rateCfg = policy?.requesters?.[commandObj.requesterId]?.rateLimit || {};
-    const dfltCfg = policy?.security?.defaultRateLimit || {};
-    const rateCheck = rateLimiter.checkAndRecord({
-      requesterId: commandObj.requesterId,
-      nowSec,
-      windowSec: rateCfg.windowSec ?? dfltCfg.windowSec ?? 60,
-      maxRequests: rateCfg.maxRequests ?? dfltCfg.maxRequests ?? 30
-    });
-    rateLimitOk = rateCheck.ok;
-    rateLimitRetryAfterSec = rateCheck.retryAfterSec ?? 0;
-  }
-  let nonceOk = true;
-  const nonceKey = `${commandObj?.requesterId}|${commandObj?.sessionId}|${commandObj?.nonce}`;
-  const ttlSec = 3600;
-  if (signatureValid && rateLimitOk && nonceDb) {
-    if (typeof nonceDb.checkAndRecord === "function") {
-      if (nonceDb.db) {
-        const nonceResult = checkNonce({
-          ttlSec,
-          nowSec,
-          newKey: nonceKey,
-          existingEntries: nonceEntriesToText(nonceDb.db)
-        });
-        nonceOk = nonceResult.ok;
-        if (nonceResult.ok) {
-          nonceDb.db.entries = textToNonceEntries(nonceResult.updatedEntriesText);
-        }
-      } else {
-        const r = nonceDb.checkAndRecord({
-          requesterId: commandObj.requesterId,
-          sessionId: commandObj.sessionId,
-          nonce: commandObj.nonce
-        });
-        nonceOk = r.ok;
-      }
-    } else {
-      const nonceResult = checkNonce({
-        ttlSec,
-        nowSec,
-        newKey: nonceKey,
-        existingEntries: nonceEntriesToText(nonceDb)
-      });
-      nonceOk = nonceResult.ok;
-      if (nonceResult.ok) {
-        nonceDb.entries = textToNonceEntries(nonceResult.updatedEntriesText);
-      }
-    }
-  }
-  const policyFlags = extractPolicyFlags(policy, commandObj ?? {});
-  const pipeline = runValidationPipeline({
-    ...schemaFlags,
-    cmdTimestamp: commandObj?.timestamp ?? 0,
-    nowSec,
-    maxClockSkewSec,
-    ...keyFlags,
-    signatureValid,
-    rateLimitOk,
-    rateLimitRetryAfterSec,
-    nonceOk,
-    ...policyFlags
-  });
-  const s = pipeline.stage;
-  result.checks.schema = s !== 0;
-  if (s >= 1) result.checks.timestamp = s !== 1;
-  if (s >= 2) result.checks.keyId = s !== 2;
-  if (s >= 2) result.checks.signature = s !== 2 && s !== 3;
-  if (s >= 4) result.checks.rateLimit = s !== 4;
-  if (s >= 5) result.checks.nonce = s !== 5;
-  if (s >= 6 || pipeline.ok) result.checks.policy = s !== 6;
-  if (!pipeline.ok) {
-    const stage = pipeline.stageLabel;
-    if (stage === "schema") {
-      result.errors.push({ type: "SCHEMA_ERROR", message: pipeline.schemaError || "Schema invalid" });
-    } else if (stage === "timestamp") {
-      result.errors.push({ type: "TIMESTAMP_SKEW_EXCEEDED", message: `Command timestamp skew ${pipeline.skewSec}s exceeds allowed ${maxClockSkewSec}s` });
-    } else if (stage === "key") {
-      const reason = pipeline.keyReason || "KEY_ERROR";
-      const msgs = {
-        KEY_ID_INVALID: `Invalid keyId '${keyId}'`,
-        KEY_NOT_TRUSTED: `Key '${keyId}' is not in trusted key store`,
-        KEY_DEPRECATED: `Key '${keyId}' is deprecated`,
-        KEY_REQUESTER_MISMATCH: `Key '${keyId}' is not authorized for requester '${commandObj?.requesterId}'`,
-        KEY_LIFECYCLE_INVALID: `Key '${keyId}' must define notBefore and expiresAt`,
-        KEY_NOT_YET_VALID: `Key '${keyId}' is not yet valid`,
-        KEY_EXPIRED: `Key '${keyId}' has expired`
-      };
-      result.errors.push({ type: reason, message: msgs[reason] || reason });
-    } else if (stage === "signature") {
-      result.errors.push({ type: "SIGNATURE_INVALID", message: effectivePubKey ? "Signature verification failed" : "No public key available" });
-    } else if (stage === "rate_limit") {
-      result.errors.push({ type: "RATE_LIMIT_EXCEEDED", message: `Rate limit exceeded. Retry after ${pipeline.retryAfterSec}s` });
-    } else if (stage === "nonce") {
-      result.errors.push({ type: "REPLAY_NONCE", message: "Nonce has already been used" });
-    } else if (stage === "policy" && pipeline.policyResult) {
-      result.errors.push({ type: pipeline.policyResult.reason, message: pipeline.policyResult.message });
-    } else {
-      result.errors.push({ type: "VALIDATION_FAILED", message: `Failed at stage: ${stage}` });
-    }
-    return result;
-  }
-  result.valid = true;
-  result.risk = classifyRisk(commandObj.id, commandObj.payload?.cmd === "rm");
-  result.message = "Command validation successful";
-  return result;
-}
-var init_validator = __esm({
-  "src/core/validator.js"() {
-    init_signature();
-    init_policyVersionGuard();
-    init_engine();
-  }
-});
-
-// src/adapters/noopAdapter.js
-async function noopAdapter(cmd2) {
-  return {
-    adapter: "noop",
-    commandId: cmd2.commandId || "unknown",
-    command: cmd2.id || "unknown",
-    status: "completed",
-    output: `[NOOP] Would execute: ${cmd2.id || "unknown"} on adapter: ${cmd2.payload?.adapter || "unknown"}`,
-    exitCode: 0,
-    timestamp: (/* @__PURE__ */ new Date()).toISOString()
-  };
-}
-var init_noopAdapter = __esm({
-  "src/adapters/noopAdapter.js"() {
-  }
-});
-
-// src/adapters/shellAdapter.js
-import { spawnSync } from "child_process";
-import path11 from "path";
-import fs10 from "fs";
-function physicalPath(candidate) {
-  try {
-    return fs10.realpathSync(path11.resolve(candidate));
-  } catch {
-    return path11.resolve(candidate);
-  }
-}
-function normalizeArgs(args) {
-  if (args === void 0) return { ok: true, args: [] };
-  if (!Array.isArray(args)) {
-    return { ok: false, error: "payload.args must be an array" };
-  }
-  const normalized = [];
-  for (const arg of args) {
-    if (typeof arg !== "string" && typeof arg !== "number" && typeof arg !== "boolean") {
-      return { ok: false, error: "payload.args may only contain string, number, or boolean values" };
-    }
-    normalized.push(String(arg));
-  }
-  return { ok: true, args: normalized };
-}
-async function shellAdapter(cmd2, policy, requester) {
-  const payload = cmd2.payload;
-  const timeout = Math.min(Math.max(Number(payload.timeoutMs) || 3e4, 1), 3e4);
-  const maxOutputSize = Math.min(Math.max(Number(payload.maxOutputBytes) || 1024 * 1024, 1024), 1024 * 1024);
-  if (payload.adapter !== "shell") {
-    return {
-      adapter: "shell",
-      commandId: cmd2.commandId,
-      status: "error",
-      error: "Adapter mismatch",
-      exitCode: 1
-    };
-  }
-  const allowedCmds = requester?.exec?.allowCmds || [];
-  const deniedCmds = requester?.exec?.denyCmds || [];
-  if (deniedCmds.includes(payload.cmd)) {
-    return {
-      adapter: "shell",
-      commandId: cmd2.commandId,
-      status: "blocked",
-      error: `Command '${payload.cmd}' is denied`,
-      exitCode: 2
-    };
-  }
-  if (allowedCmds.length > 0 && !allowedCmds.includes(payload.cmd)) {
-    return {
-      adapter: "shell",
-      commandId: cmd2.commandId,
-      status: "blocked",
-      error: `Command '${payload.cmd}' not in allowlist`,
-      exitCode: 2
-    };
-  }
-  const roots = requester?.filesystem?.roots || [];
-  const cwdAllow = roots.some((r) => {
-    const resolvedRoot = physicalPath(r);
-    const norm = physicalPath(payload.cwd);
-    return norm === resolvedRoot || norm.startsWith(resolvedRoot + path11.sep);
-  });
-  if (!cwdAllow) {
-    return {
-      adapter: "shell",
-      commandId: cmd2.commandId,
-      status: "blocked",
-      error: `CWD '${payload.cwd}' not authorized`,
-      exitCode: 2
-    };
-  }
-  const argCheck = normalizeArgs(payload.args);
-  if (!argCheck.ok) {
-    return {
-      adapter: "shell",
-      commandId: cmd2.commandId,
-      status: "blocked",
-      error: argCheck.error,
-      exitCode: 2
-    };
-  }
-  try {
-    const result = spawnSync(payload.cmd, argCheck.args, {
-      cwd: payload.cwd,
-      timeout,
-      encoding: "utf8",
-      maxBuffer: maxOutputSize,
-      stdio: ["pipe", "pipe", "pipe"],
-      shell: false
-    });
-    if (result.error) {
-      throw result.error;
-    }
-    const output = `${result.stdout || ""}${result.stderr || ""}`;
-    const exitCode = result.status ?? 1;
-    if (exitCode !== 0) {
-      return {
-        adapter: "shell",
-        commandId: cmd2.commandId,
-        command: payload.cmd,
-        status: "error",
-        error: output.substring(0, maxOutputSize) || `Command exited with code ${exitCode}`,
-        exitCode,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
-      };
-    }
-    return {
-      adapter: "shell",
-      commandId: cmd2.commandId,
-      command: payload.cmd,
-      status: "completed",
-      output: output.substring(0, maxOutputSize),
-      exitCode: 0,
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
-    };
-  } catch (err) {
-    return {
-      adapter: "shell",
-      commandId: cmd2.commandId,
-      command: payload.cmd,
-      status: "error",
-      error: err.message,
-      exitCode: err.status || 1,
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
-    };
-  }
-}
-var init_shellAdapter = __esm({
-  "src/adapters/shellAdapter.js"() {
-  }
-});
-
-// src/core/backup.js
-import fs11 from "fs";
-import path12 from "path";
-import crypto4 from "crypto";
-function createBackup(filePath, backupDir) {
-  const dir = backupDir || path12.resolve(".lbe/data/backups");
-  if (!fs11.existsSync(dir)) {
-    fs11.mkdirSync(dir, { recursive: true });
-  }
-  const target = path12.resolve(filePath);
-  const existed = fs11.existsSync(target);
-  let content = null;
-  let hash = null;
-  if (existed) {
-    content = fs11.readFileSync(target);
-    hash = crypto4.createHash("sha256").update(content).digest("hex");
-  }
-  const basename = path12.basename(target).replace(/[^a-zA-Z0-9._-]/g, "_");
-  const backupName = `${Date.now()}-${hash ? hash.slice(0, 8) : "new"}-${basename}`;
-  const backupPath = existed ? path12.join(dir, backupName) : null;
-  if (existed && content !== null) {
-    atomicWriteFileSync(backupPath, content);
-  }
-  return {
-    originalPath: target,
-    backupPath,
-    existed,
-    hash,
-    createdAt: (/* @__PURE__ */ new Date()).toISOString()
-  };
-}
-function restoreBackup(backupMeta) {
-  if (!backupMeta) return { restored: false, error: "No backup metadata" };
-  const { originalPath, backupPath, existed } = backupMeta;
-  if (!existed) {
-    try {
-      if (fs11.existsSync(originalPath)) fs11.unlinkSync(originalPath);
-      return { restored: true, action: "deleted" };
-    } catch (e) {
-      return { restored: false, error: e.message };
-    }
-  }
-  if (!backupPath || !fs11.existsSync(backupPath)) {
-    return { restored: false, error: "Backup file not found at: " + backupPath };
-  }
-  try {
-    const content = fs11.readFileSync(backupPath);
-    atomicWriteFileSync(originalPath, content);
-    return { restored: true, action: "restored" };
-  } catch (e) {
-    return { restored: false, error: e.message };
-  }
-}
-var init_backup = __esm({
-  "src/core/backup.js"() {
-    init_atomicWrite();
-  }
-});
-
-// src/adapters/fileAdapter.js
-import fs12 from "fs";
-import path13 from "path";
-function resolvedTarget(target, cwd) {
-  if (!target) return null;
-  return path13.isAbsolute(target) ? path13.resolve(target) : path13.resolve(cwd || process.cwd(), target);
-}
-function isUnderRoot(targetPath, roots) {
-  const norm = resolvePhysicalPath(targetPath);
-  return roots.some((r) => {
-    const root = resolvePhysicalPath(r);
-    return norm === root || norm.startsWith(root + path13.sep);
-  });
-}
-function resolvePhysicalPath(candidate) {
-  let current = path13.resolve(candidate);
-  const suffix = [];
-  while (!fs12.existsSync(current)) {
-    const parent = path13.dirname(current);
-    if (parent === current) break;
-    suffix.unshift(path13.basename(current));
-    current = parent;
-  }
-  try {
-    current = fs12.realpathSync(current);
-  } catch {
-  }
-  return path13.join(current, ...suffix);
-}
-function matchesDenyPattern(str, patterns) {
-  for (const pattern of patterns || []) {
-    const rx = new RegExp(
-      "^" + pattern.replace(/\./g, "\\.").replace(/\*\*/g, ".*").replace(/\*/g, "[^/\\\\]*") + "$"
-    );
-    if (rx.test(str)) return pattern;
-  }
-  return null;
-}
-function blocked(cmd2, code, message, exitCode = 2) {
-  return {
-    adapter: "file",
-    commandId: cmd2.commandId,
-    status: "blocked",
-    errorCode: code,
-    error: message,
-    exitCode
-  };
-}
-function fail(cmd2, code, message, backup = null, exitCode = 1) {
-  return {
-    adapter: "file",
-    commandId: cmd2.commandId,
-    status: "error",
-    errorCode: code,
-    error: message,
-    backup: backup ? summariseBackup(backup) : null,
-    exitCode
-  };
-}
-function summariseBackup(b) {
-  return b ? { path: b.backupPath, existed: b.existed, hash: b.hash, createdAt: b.createdAt } : null;
-}
-async function fileAdapter(cmd2, policy, requester) {
-  const payload = cmd2.payload;
-  const action = payload.action;
-  const cwd = payload.cwd || process.cwd();
-  const target = resolvedTarget(payload.target, cwd);
-  if (!action) return blocked(cmd2, "FILE_NO_ACTION", "payload.action is required");
-  if (!target && action !== "noop") return blocked(cmd2, "FILE_NO_TARGET", "payload.target is required");
-  const roots = requester?.filesystem?.roots || [];
-  if (roots.length === 0) return blocked(cmd2, "FILE_NO_ROOTS", "No filesystem roots defined for requester");
-  if (!isUnderRoot(target, roots)) return blocked(cmd2, "FILE_OUTSIDE_ROOT", `'${target}' is outside allowed roots`);
-  const denied = matchesDenyPattern(target, requester?.filesystem?.denyPatterns);
-  if (denied) return blocked(cmd2, "FILE_PATH_DENIED", `'${target}' matches deny pattern: ${denied}`);
-  switch (action) {
-    case "read":
-      return doRead(cmd2, target);
-    case "write":
-      return doWrite(cmd2, target, payload);
-    case "patch":
-      return doPatch(cmd2, target, payload);
-    case "delete":
-      return doDelete(cmd2, target);
-    default:
-      return blocked(cmd2, "FILE_UNKNOWN_ACTION", `Unknown action: '${action}'`);
-  }
-}
-function doRead(cmd2, target) {
-  if (!fs12.existsSync(target)) return fail(cmd2, "FILE_NOT_FOUND", `Not found: ${target}`);
-  try {
-    const stat = fs12.statSync(target);
-    if (stat.size > MAX_READ_BYTES) return fail(cmd2, "FILE_TOO_LARGE", "File exceeds 10 MB read limit");
-    const content = fs12.readFileSync(target, "utf8");
-    return {
-      adapter: "file",
-      action: "read",
-      commandId: cmd2.commandId,
-      status: "completed",
-      target,
-      output: content,
-      bytesRead: stat.size,
-      exitCode: 0
-    };
-  } catch (e) {
-    return fail(cmd2, "FILE_READ_ERROR", e.message);
-  }
-}
-function doWrite(cmd2, target, payload) {
-  const content = payload.content;
-  if (content === void 0 || content === null) {
-    return fail(cmd2, "FILE_MISSING_CONTENT", "payload.content is required for write");
-  }
-  const backup = tryBackup(target);
-  try {
-    atomicWriteFileSync(target, content, { encoding: "utf8" });
-    return {
-      adapter: "file",
-      action: "write",
-      commandId: cmd2.commandId,
-      status: "completed",
-      target,
-      backup: summariseBackup(backup),
-      output: `Wrote ${Buffer.byteLength(content, "utf8")} bytes to ${target}`,
-      exitCode: 0
-    };
-  } catch (e) {
-    restoreBackup(backup);
-    return fail(cmd2, "FILE_WRITE_ERROR", e.message, backup);
-  }
-}
-function doPatch(cmd2, target, payload) {
-  const content = payload.content;
-  if (content === void 0 || content === null) {
-    return fail(cmd2, "FILE_MISSING_CONTENT", "payload.content is required for patch");
-  }
-  const backup = tryBackup(target);
-  try {
-    atomicWriteFileSync(target, content, { encoding: "utf8" });
-    return {
-      adapter: "file",
-      action: "patch",
-      commandId: cmd2.commandId,
-      status: "completed",
-      target,
-      backup: summariseBackup(backup),
-      output: `Patched ${target} (${Buffer.byteLength(content, "utf8")} bytes)`,
-      exitCode: 0
-    };
-  } catch (e) {
-    restoreBackup(backup);
-    return fail(cmd2, "FILE_PATCH_ERROR", e.message, backup);
-  }
-}
-function doDelete(cmd2, target) {
-  if (!fs12.existsSync(target)) return fail(cmd2, "FILE_NOT_FOUND", `Not found: ${target}`);
-  const backup = tryBackup(target);
-  try {
-    fs12.unlinkSync(target);
-    return {
-      adapter: "file",
-      action: "delete",
-      commandId: cmd2.commandId,
-      status: "completed",
-      target,
-      backup: summariseBackup(backup),
-      output: `Deleted ${target}`,
-      exitCode: 0
-    };
-  } catch (e) {
-    restoreBackup(backup);
-    return fail(cmd2, "FILE_DELETE_ERROR", e.message, backup);
-  }
-}
-function tryBackup(target) {
-  try {
-    return createBackup(target);
-  } catch {
-    return null;
-  }
-}
-var MAX_READ_BYTES;
-var init_fileAdapter = __esm({
-  "src/adapters/fileAdapter.js"() {
-    init_atomicWrite();
-    init_backup();
-    MAX_READ_BYTES = 10 * 1024 * 1024;
-  }
-});
-
-// src/adapters/index.js
-function getAdapter(name) {
-  return ADAPTERS[name];
-}
-async function executeAdapter(adapterName, cmd2, policy, requester) {
-  const adapter = getAdapter(adapterName);
-  if (!adapter) {
-    return {
-      adapter: adapterName,
-      commandId: cmd2.commandId,
-      status: "error",
-      error: `Adapter '${adapterName}' not found`,
-      exitCode: 1
-    };
-  }
-  try {
-    return await adapter(cmd2, policy, requester);
-  } catch (err) {
-    return {
-      adapter: adapterName,
-      commandId: cmd2.commandId,
-      status: "error",
-      error: `Adapter execution failed: ${err.message}`,
-      exitCode: 9
-    };
-  }
-}
-var ADAPTERS, AVAILABLE_ADAPTERS;
-var init_adapters = __esm({
-  "src/adapters/index.js"() {
-    init_noopAdapter();
-    init_shellAdapter();
-    init_fileAdapter();
-    ADAPTERS = {
-      noop: noopAdapter,
-      shell: shellAdapter,
-      file: fileAdapter
-    };
-    AVAILABLE_ADAPTERS = Object.keys(ADAPTERS);
-  }
-});
-
-// src/exec/localExecutor.js
-var localExecutor_exports = {};
-__export(localExecutor_exports, {
-  createLocalExecutor: () => createLocalExecutor
-});
-import crypto5 from "crypto";
-import fs13 from "fs";
-import path14 from "path";
-function error(code, message, recoverable = false) {
-  return { ok: false, decision: "deny", executed: false, dryRun: false, error: { code, message, recoverable } };
-}
-function commandPolicy(rootDir, actor, shell = {}) {
-  const now = /* @__PURE__ */ new Date();
-  const expires = new Date(now.getTime() + 365 * 24 * 60 * 60 * 1e3);
-  return {
-    version: 1,
-    default: "DENY",
-    requesters: {
-      [actor]: {
-        allowCommands: Object.values(INTENTS).map((item) => item.id),
-        allowAdapters: ["file", "shell"],
-        filesystem: { roots: [rootDir], denyPatterns: [] },
-        exec: { allowCmds: shell.allowCommands || [], denyCmds: shell.denyCommands || [] },
-        rateLimit: { windowSec: 60, maxRequests: shell.maxRequests || 60 }
-      }
-    },
-    security: { maxClockSkewSec: 600, defaultRateLimit: { windowSec: 60, maxRequests: 60 } },
-    _keyWindow: { notBefore: now.toISOString(), expiresAt: expires.toISOString() }
-  };
-}
-function physicalPath2(candidate) {
-  let current = path14.resolve(candidate);
-  const suffix = [];
-  while (!fs13.existsSync(current)) {
-    const parent = path14.dirname(current);
-    if (parent === current) break;
-    suffix.unshift(path14.basename(current));
-    current = parent;
-  }
-  try {
-    current = fs13.realpathSync(current);
-  } catch {
-  }
-  return path14.join(current, ...suffix);
-}
-function underRoot(candidate, root) {
-  const target = physicalPath2(candidate);
-  const resolvedRoot = physicalPath2(root);
-  return target === resolvedRoot || target.startsWith(resolvedRoot + path14.sep);
-}
-function scanContent(value, fieldName) {
-  if (typeof value !== "string") return null;
-  for (const pattern of FORBIDDEN_CONTENT) {
-    if (pattern.test(value)) {
-      return error("PAYLOAD_CONTENT_REJECTED", `Forbidden pattern in ${fieldName}: ${pattern}`);
-    }
-  }
-  return null;
-}
-function normalize(rootDir, request, shell = {}) {
-  if (!request || typeof request !== "object") return { error: error("REQUEST_INVALID", "request must be an object") };
-  const detail = INTENTS[request.intent];
-  if (!detail) return { error: error("INTENT_UNSUPPORTED", `Unsupported intent '${request.intent}'`) };
-  const actor = typeof request.actor === "string" && request.actor ? request.actor : "agent:local";
-  let target = null;
-  if (detail.adapter === "file") {
-    if (typeof request.target !== "string" || !request.target) return { error: error("TARGET_REQUIRED", "target is required for file intents") };
-    target = path14.resolve(rootDir, request.target);
-    if (!underRoot(target, rootDir)) return { error: error("PATH_OUTSIDE_ROOT", "target is outside project root") };
-    if (["write_file", "patch_file"].includes(request.intent) && typeof request.content !== "string") {
-      return { error: error("CONTENT_REQUIRED", "content is required for write and patch") };
-    }
-    const contentScan = scanContent(request.content, "content");
-    if (contentScan) return { error: contentScan };
-  }
-  let command = null;
-  if (detail.adapter === "shell") {
-    command = request.command;
-    if (!command || typeof command.cmd !== "string" || !Array.isArray(command.args) || command.args.some((arg) => typeof arg !== "string")) {
-      return { error: error("COMMAND_INVALID", "command requires cmd and string args") };
-    }
-    const cwd = path14.resolve(rootDir, command.cwd || ".");
-    if (!underRoot(cwd, rootDir)) return { error: error("CWD_OUTSIDE_ROOT", "command cwd is outside project root") };
-    if (!Array.isArray(shell.allowCommands) || !shell.allowCommands.includes(command.cmd)) {
-      return { error: error("SHELL_NOT_ALLOWLISTED", `command '${command.cmd}' is not explicitly allowlisted`) };
-    }
-    if (shell.denyCommands?.includes(command.cmd)) return { error: error("SHELL_DENIED", `command '${command.cmd}' is denied`) };
-    command = { ...command, cwd, timeoutMs: Math.min(Math.max(command.timeoutMs || 3e4, 1), 3e4), maxOutputBytes: Math.min(Math.max(command.maxOutputBytes || 1024 * 1024, 1024), 1024 * 1024) };
-  }
-  return { actor, detail, target, command, request };
-}
-function envelope(normalized, keyId, secretKey) {
-  const { actor, detail, target, command, request } = normalized;
-  const body = {
-    id: detail.id,
-    risk: MUTATIONS.has(request.intent) ? "MEDIUM" : "LOW",
-    commandId: crypto5.randomUUID(),
-    requesterId: actor,
-    sessionId: "local-host",
-    timestamp: Math.floor(Date.now() / 1e3),
-    nonce: crypto5.randomBytes(32).toString("hex"),
-    requires: ["policy", "signature"],
-    payload: {
-      adapter: detail.adapter,
-      action: detail.action,
-      target,
-      content: request.content,
-      cmd: command?.cmd,
-      args: command?.args,
-      timeoutMs: command?.timeoutMs,
-      maxOutputBytes: command?.maxOutputBytes,
-      cwd: command?.cwd || (target ? path14.dirname(target) : process.cwd())
-    }
-  };
-  const signed = signEd25519({ payloadObj: body, secretKeyB64: secretKey });
-  if (signed.error) throw new Error(signed.error);
-  return { ...body, signature: { alg: "ed25519", keyId, sig: signed.signature } };
-}
-function createLocalExecutor(options = {}) {
-  const rootDir = path14.resolve(options.rootDir || process.cwd());
-  const keyId = options.keyId || "host:local-exec";
-  const keyPair = options.keyPair || generateKeyPair();
-  const shell = options.shell || {};
-  function prepare(request, { recordNonce = false } = {}) {
-    const normalized = normalize(rootDir, request, shell);
-    if (normalized.error) return normalized;
-    const local = loadLocalPolicy(rootDir, options.mode || "enforce");
-    const localDecision = evaluateLocalPolicy(local.policy, rootDir, { target: normalized.target, command: normalized.command?.cmd });
-    const localBlocked = local.policy.mode === "enforce" && !localDecision.allowed;
-    if (localBlocked) return { error: error("LOCAL_POLICY_DENY", `Blocked by rule(s): ${localDecision.winningRules.map((rule) => rule.id).join(", ")}`), local, localDecision, normalized };
-    const policy = commandPolicy(rootDir, normalized.actor, shell);
-    const keyStore = { defaultKeyId: keyId, trustedKeys: { [keyId]: { publicKey: keyPair.publicKey, notBefore: policy._keyWindow.notBefore, expiresAt: policy._keyWindow.expiresAt, deprecated: false } } };
-    delete policy._keyWindow;
-    const proposal = envelope(normalized, keyId, keyPair.secretKey);
-    const nonceDb = { entries: [] };
-    const validation = validateCommand({ commandObj: proposal, keyStore, nonceDb: recordNonce ? nonceDb : { entries: [] }, policy });
-    if (!validation.valid) return { error: error(validation.errors[0]?.type || "VALIDATION_FAILED", validation.errors[0]?.message || "Validation failed"), local, localDecision, normalized, proposal, policy, validation };
-    return { local, localDecision, normalized, proposal, policy, validation };
-  }
-  function evaluateSync(action) {
-    const local = loadLocalPolicy(rootDir, options.mode || "observe");
-    const mode = local.policy.mode;
-    let target = null;
-    let command = null;
-    if (action.path) {
-      try {
-        target = path14.resolve(rootDir, action.path);
-        if (!underRoot(target, rootDir)) {
-          return { decision: "deny", deny: true, matchedRules: ["path:outside_root"], mode, enforced: mode === "enforce", reason: "PATH_OUTSIDE_ROOT" };
-        }
-      } catch (e) {
-      }
-    }
-    if (action.cmd) command = action.cmd;
-    const localDecision = evaluateLocalPolicy(local.policy, rootDir, { target, command });
-    const isDeny = !localDecision.allowed;
-    return {
-      decision: isDeny ? "deny" : "allow",
-      deny: isDeny,
-      matchedRules: localDecision.winningRules.map((r) => r.id),
-      mode,
-      enforced: mode === "enforce"
-    };
-  }
-  function auditSync(entry) {
-    const eventsPath = path14.join(rootDir, ".lbe", "events.jsonl");
-    const dir = path14.dirname(eventsPath);
-    if (!fs13.existsSync(dir)) fs13.mkdirSync(dir, { recursive: true });
-    const line = JSON.stringify({ ts: Math.floor(Date.now() / 1e3), ...entry }) + "\n";
-    const fd = fs13.openSync(eventsPath, "a");
-    try {
-      fs13.writeSync(fd, line);
-    } finally {
-      fs13.closeSync(fd);
-    }
-  }
-  async function dryRun(request) {
-    const prepared = prepare(request);
-    if (prepared.error) return { ...prepared.error, dryRun: true };
-    return {
-      ok: true,
-      decision: prepared.local.policy.mode === "observe" ? "observe" : "allow",
-      executed: false,
-      dryRun: true,
-      matchedRules: prepared.localDecision.winningRules.map((rule) => rule.id),
-      rollback: { available: MUTATIONS.has(prepared.normalized.request.intent), performed: false }
-    };
-  }
-  async function execute(request) {
-    const prepared = prepare(request, { recordNonce: true });
-    if (prepared.error) {
-      auditLocalPolicy(rootDir, { action: request?.intent, actor: request?.actor || "agent:local", decision: "deny", error: prepared.error.error.code });
-      return prepared.error;
-    }
-    if (prepared.local.policy.mode === "observe") {
-      appendAudit(path14.join(rootDir, ".lbe/audit.jsonl"), {
-        kind: "local_execution",
-        commandId: prepared.proposal.commandId,
-        requesterId: prepared.normalized.actor,
-        intent: prepared.normalized.request.intent,
-        decision: "observe",
-        status: "observed"
-      });
-      return {
-        ok: true,
-        decision: "observe",
-        executed: false,
-        dryRun: false,
-        matchedRules: prepared.localDecision.winningRules.map((r) => r.id),
-        rollback: { available: false, performed: false }
-      };
-    }
-    const requester = prepared.policy.requesters[prepared.normalized.actor];
-    const adapterResult = await executeAdapter(prepared.normalized.detail.adapter, prepared.proposal, prepared.policy, requester);
-    const ok = adapterResult.status === "completed";
-    const audit = appendAudit(path14.join(rootDir, ".lbe/audit.jsonl"), {
-      kind: "local_execution",
-      commandId: prepared.proposal.commandId,
-      requesterId: prepared.normalized.actor,
-      intent: prepared.normalized.request.intent,
-      decision: ok ? "allow" : "deny",
-      status: adapterResult.status
-    });
-    return {
-      ok,
-      decision: ok ? "allow" : "deny",
-      executed: ok,
-      dryRun: false,
-      matchedRules: prepared.localDecision.winningRules.map((rule) => rule.id),
-      auditId: audit.hash,
-      rollback: { available: MUTATIONS.has(prepared.normalized.request.intent), performed: false, backupId: adapterResult.backup?.hash },
-      ...ok ? {} : { error: { code: adapterResult.errorCode || "EXECUTION_FAILED", message: adapterResult.error || "Execution failed", recoverable: true } }
-    };
-  }
-  const writeFile = (target, content) => execute({ intent: "write_file", target, content });
-  const readFile = (target) => execute({ intent: "read_file", target });
-  const patchFile = (target, content) => execute({ intent: "patch_file", target, content });
-  const deleteFile = (target) => execute({ intent: "delete_file", target });
-  const runShell = (cmd2, args = [], opts2 = {}) => execute({ intent: "run_shell", command: { cmd: cmd2, args, ...opts2 } });
-  return {
-    rootDir,
-    // High-level API — use these
-    writeFile,
-    readFile,
-    patchFile,
-    deleteFile,
-    runShell,
-    // Low-level API — for advanced use
-    validate: async (request) => {
-      const preview = await dryRun(request);
-      return { ...preview, dryRun: false, executed: false };
-    },
-    dryRun,
-    execute,
-    policy: {
-      read: () => loadLocalPolicy(rootDir, options.mode || "enforce").policy,
-      proposeRule: proposePolicyRule,
-      addRule: (rule) => addLocalPolicyRule(rootDir, rule, options.mode || "enforce")
-    },
-    audit: { verify: () => verifyAuditLogIntegrity(path14.join(rootDir, ".lbe/audit.jsonl")) },
-    evaluateSync,
-    auditSync
-  };
-}
-var INTENTS, MUTATIONS, FORBIDDEN_CONTENT;
-var init_localExecutor = __esm({
-  "src/exec/localExecutor.js"() {
-    init_signature();
-    init_validator();
-    init_adapters();
-    init_auditLog();
-    init_localPolicy();
-    INTENTS = {
-      read_file: { id: "READ_FILE", adapter: "file", action: "read" },
-      write_file: { id: "WRITE_FILE", adapter: "file", action: "write" },
-      patch_file: { id: "PATCH_FILE", adapter: "file", action: "patch" },
-      delete_file: { id: "DELETE_FILE", adapter: "file", action: "delete" },
-      run_shell: { id: "RUN_SHELL", adapter: "shell", action: "run" }
-    };
-    MUTATIONS = /* @__PURE__ */ new Set(["write_file", "patch_file", "delete_file"]);
-    FORBIDDEN_CONTENT = [
-      /\beval\s*\(/i,
-      /\bFunction\s*\(/i,
-      /\bexec\s*\(/i,
-      /\brequire\s*\(/,
-      /\bimport\s*\(/,
-      /\bchild_process\b/,
-      /\b__proto__\b/,
-      /\bconstructor\s*\[/,
-      /evalScript/i
-    ];
-  }
-});
-
-// exec/cli.js
-import fs14 from "fs";
-import path15 from "path";
-import { spawnSync as spawnSync2, spawn } from "child_process";
-import { fileURLToPath as fileURLToPath2 } from "url";
-
-// src/cli/commands/init.js
-init_signature();
-import fs4 from "fs";
-import path4 from "path";
-import readline from "readline";
-
-// src/core/policySignature.js
-init_signature();
-import fs2 from "fs";
-import path2 from "path";
-
-// src/core/trustedKeys.js
-import fs from "fs";
-import path from "path";
-
-// src/core/policySignature.js
-function createPolicySignatureEnvelope({ policyObj, secretKeyB64, keyId }) {
-  const signResult = signEd25519({
-    payloadObj: policyObj,
-    secretKeyB64
-  });
-  if (signResult.error) {
-    return {
-      ok: false,
-      reason: "POLICY_SIGNATURE_CREATE_FAILED",
-      message: signResult.error,
-      envelope: null
-    };
-  }
-  return {
-    ok: true,
-    reason: null,
-    message: "Policy signature created",
-    envelope: {
-      alg: "ed25519",
-      keyId,
-      sig: signResult.signature,
-      createdAt: Math.floor(Date.now() / 1e3)
-    }
-  };
-}
-
-// src/core/workspaceScanner.js
-import fs3 from "fs";
-import path3 from "path";
-var PROJECT_SIGNALS = [
-  // Code types — ordered by priority for primaryType resolution
-  { file: "package.json", type: "node" },
-  { file: "pyproject.toml", type: "python" },
-  { file: "requirements.txt", type: "python" },
-  { file: "go.mod", type: "go" },
-  { file: "Cargo.toml", type: "rust" },
-  { file: "pom.xml", type: "java" },
-  { file: "build.gradle", type: "java" },
-  { file: "build.gradle.kts", type: "java" },
-  // Infrastructure types — supplementary, not primary
-  { file: "Dockerfile", type: "docker" },
-  { file: "docker-compose.yml", type: "docker" },
-  { dir: ".github/workflows", type: "ci" },
-  { file: ".gitlab-ci.yml", type: "ci" },
-  { dir: ".circleci", type: "ci" },
-  { file: "Jenkinsfile", type: "ci" },
-  { file: ".travis.yml", type: "ci" }
-];
-var CODE_TYPES = ["node", "python", "go", "rust", "java"];
-var SURFACE_MAP = {
-  source: ["src", "lib", "app", "pages", "components", "core", "api", "server", "client", "pkg", "cmd"],
-  generated: ["dist", "build", ".next", "out", "coverage", "target", ".cache", "__pycache__", ".turbo"],
-  tests: ["test", "tests", "__tests__", "spec", "e2e"],
-  docs: ["docs", "doc", "documentation"]
-};
-var SECRET_GLOBS = [".env", ".env.*", "keys/**", "secrets/**", "*.key", "*.pem", "*.p12", "*.pfx", "*.crt"];
-var ALWAYS_DENY = ["node_modules/**", ".git/**"];
-var LOCKFILES_BY_TYPE = {
-  node: ["package-lock.json", "yarn.lock", "pnpm-lock.yaml"],
-  python: ["Pipfile.lock", "poetry.lock"],
-  go: ["go.sum"],
-  rust: ["Cargo.lock"],
-  java: ["gradle/wrapper/**"],
-  docker: [],
-  ci: [],
-  generic: []
-};
-var CONFIG_FILES_BY_TYPE = {
-  node: [
-    "package.json",
-    "tsconfig*.json",
-    "jest.config.*",
-    "vite.config.*",
-    "next.config.*",
-    "webpack.config.*",
-    ".eslintrc*",
-    ".eslint.config.*",
-    ".prettierrc*",
-    "babel.config.*"
-  ],
-  python: [
-    "pyproject.toml",
-    "setup.py",
-    "setup.cfg",
-    "tox.ini",
-    "pytest.ini",
-    "mypy.ini",
-    ".flake8",
-    ".pylintrc",
-    "Pipfile"
-  ],
-  go: ["go.mod", ".golangci.yml", ".golangci.yaml"],
-  rust: ["Cargo.toml", "rust-toolchain.toml", "clippy.toml", ".rustfmt.toml"],
-  java: [
-    "pom.xml",
-    "build.gradle",
-    "build.gradle.kts",
-    "gradle.properties",
-    "settings.gradle",
-    "settings.gradle.kts"
-  ],
-  docker: ["Dockerfile", "docker-compose.yml", ".dockerignore"],
-  ci: [".gitlab-ci.yml", "Jenkinsfile", ".travis.yml"],
-  generic: ["Makefile", "CMakeLists.txt", "meson.build"]
-};
-var CONFIG_FILES_UNIVERSAL = [".editorconfig", ".nvmrc", ".node-version", ".python-version"];
-var CONFIG_DIRS_UNIVERSAL = ["config", ".github", ".gitlab", ".circleci", ".vscode"];
-var CONFIG_LABEL = {
-  node: "dependency and build config",
-  python: "package and environment config",
-  go: "module definition",
-  rust: "crate manifest",
-  java: "build definition",
-  docker: "container config",
-  ci: "pipeline definition",
-  generic: "project config"
-};
-var LOCKFILE_LABEL = {
-  node: "package manager",
-  python: "dependency resolver",
-  go: "module checksums",
-  rust: "dependency resolver",
-  java: "Gradle wrapper"
-};
-var FALLBACK_MANIFESTS = [
-  "composer.json",
-  // PHP
-  "Gemfile",
-  // Ruby
-  "mix.exs",
-  // Elixir
-  "pubspec.yaml",
-  // Dart / Flutter
-  "Package.swift",
-  // Swift
-  "project.clj",
-  // Clojure
-  "build.sbt",
-  // Scala
-  "stack.yaml",
-  // Haskell
-  "deno.json",
-  "deno.jsonc",
-  // Deno
-  "Podfile"
-  // CocoaPods (iOS/macOS)
-];
-var FALLBACK_LOCKFILES = [
-  "composer.lock",
-  // PHP
-  "Gemfile.lock",
-  // Ruby
-  "mix.lock",
-  // Elixir
-  "pubspec.lock",
-  // Dart / Flutter
-  "Package.resolved"
-  // Swift
-];
-var FALLBACK_EXTENSIONS = [".csproj", ".fsproj", ".sln", ".cabal"];
-function exists(p) {
-  return fs3.existsSync(p);
-}
-function detectDirs(root, names) {
-  return names.filter((n) => exists(path3.join(root, n))).map((n) => `${n}/**`);
-}
-function readGitignore(root) {
-  const p = path3.join(root, ".gitignore");
-  if (!exists(p)) return [];
-  return fs3.readFileSync(p, "utf8").split("\n").map((l) => l.trim()).filter((l) => l && !l.startsWith("#") && !l.startsWith("!")).map((l) => l.endsWith("/") ? l + "**" : l);
-}
-function dedup(arr) {
-  return arr.filter((v, i, a) => v && a.indexOf(v) === i);
-}
-function detectProjectTypes(root) {
-  const seen = /* @__PURE__ */ new Set();
-  const types = [];
-  for (const sig of PROJECT_SIGNALS) {
-    if (seen.has(sig.type)) continue;
-    const p = path3.join(root, sig.file || sig.dir);
-    if (exists(p)) {
-      seen.add(sig.type);
-      types.push(sig.type);
-    }
-  }
-  return types.length > 0 ? types : ["generic"];
-}
-function primaryType(projectTypes) {
-  return CODE_TYPES.find((t) => projectTypes.includes(t)) ?? "generic";
-}
-function scanFallbackManifests(root) {
-  const manifests = FALLBACK_MANIFESTS.filter((f) => exists(path3.join(root, f)));
-  const lockfiles = FALLBACK_LOCKFILES.filter((f) => exists(path3.join(root, f)));
-  try {
-    const entries = fs3.readdirSync(root);
-    for (const e of entries) {
-      if (FALLBACK_EXTENSIONS.some((ext) => e.endsWith(ext))) manifests.push(e);
-    }
-  } catch {
-  }
-  return { manifests, lockfiles };
-}
-function detectSurfaces(root, projectTypes) {
-  const s = {};
-  for (const [key, names] of Object.entries(SURFACE_MAP)) {
-    s[key] = detectDirs(root, names);
-  }
-  s.secrets = SECRET_GLOBS.filter((g) => {
-    const base = g.split("/")[0].replace(/\*.*/, "");
-    return base.includes("*") || exists(path3.join(root, base));
-  });
-  const typeConfigFiles = dedup(
-    projectTypes.flatMap((t) => CONFIG_FILES_BY_TYPE[t] || CONFIG_FILES_BY_TYPE.generic).concat(CONFIG_FILES_UNIVERSAL)
-  );
-  s.config = dedup([
-    ...typeConfigFiles.filter((f) => !f.includes("*") && !f.endsWith("/**") && exists(path3.join(root, f))),
-    ...typeConfigFiles.filter((f) => f.endsWith("/**") && exists(path3.join(root, f.replace("/**", "")))),
-    ...detectDirs(root, CONFIG_DIRS_UNIVERSAL)
-  ]);
-  s.lockfiles = dedup(
-    projectTypes.flatMap((t) => LOCKFILES_BY_TYPE[t] || []).filter((f) => {
-      const base = f.replace(/\*.*/, "").split("/")[0];
-      return base.includes("*") || exists(path3.join(root, base));
-    })
-  );
-  if (!projectTypes.some((t) => CODE_TYPES.includes(t))) {
-    const fb = scanFallbackManifests(root);
-    s.config = dedup([...s.config, ...fb.manifests]);
-    s.lockfiles = dedup([...s.lockfiles, ...fb.lockfiles]);
-  }
-  return s;
-}
-function buildSemantics(projectTypes, primary, surfaces) {
-  const sem = {};
-  sem.structure = "Preserve the existing folder structure. Add new files within established directories. Do not create top-level directories, reorganize, or rename existing folders.";
-  if (surfaces.source.length > 0) {
-    sem.source = `Source code lives in ${surfaces.source.join(", ")}. Make feature changes and bug fixes here only.`;
-  }
-  sem.secrets = `Never propose changes to credential or key files (${SECRET_GLOBS.slice(0, 4).join(", ")} \u2026). These are never task targets regardless of the instruction.`;
-  if (surfaces.generated.length > 0) {
-    sem.generated = `${surfaces.generated.join(", ")} contain generated output. Modify the source files that produce them; never write to generated directories directly.`;
-  }
-  if (surfaces.config.length > 0) {
-    const codeTypes = projectTypes.filter((t) => CODE_TYPES.includes(t));
-    const label = codeTypes.length === 1 ? CONFIG_LABEL[codeTypes[0]] : "project configuration";
-    const listed = surfaces.config.slice(0, 5).join(", ");
-    const trailer = surfaces.config.length > 5 ? " and related files" : "";
-    sem.config = `Treat ${listed}${trailer} as ${label} files. Do not modify them unless the task explicitly requires a configuration or dependency change.`;
-  }
-  if (surfaces.tests.length > 0) {
-    sem.tests = `Test files in ${surfaces.tests.join(", ")} validate behavior. Update them only when the behavior they cover changes.`;
-  }
-  if (surfaces.lockfiles?.length > 0) {
-    const label = LOCKFILE_LABEL[primary] || "tooling";
-    const listed = surfaces.lockfiles.slice(0, 3).join(", ");
-    sem.lockfiles = `${listed} are generated by the ${label}. Never edit them directly.`;
-  }
-  if (primary === "generic") {
-    const foundManifests = surfaces.config.filter((f) => !f.endsWith("/**"));
-    if (foundManifests.length > 0) {
-      sem.unknown = `This project uses an unrecognized toolchain. Treat ${foundManifests.slice(0, 3).join(", ")} as dependency/manifest files. Do not modify them unless the task explicitly requires a dependency change.`;
-    } else {
-      sem.unknown = "This project uses an unrecognized toolchain. Do not assume standard source layouts, dependency files, or build conventions apply. Confirm any structural assumption before acting.";
-    }
-  }
-  if (projectTypes.includes("docker")) {
-    sem.docker = "Dockerfile and docker-compose.yml define the container environment. Treat them as infrastructure config \u2014 only modify when the task explicitly involves container or environment changes.";
-  }
-  if (projectTypes.includes("ci")) {
-    sem.ci = "CI config files (.github/**, .gitlab-ci.yml, etc.) define the build and deployment pipeline. Do not modify them unless the task explicitly involves CI/CD changes.";
-  }
-  return sem;
-}
-function buildEnforcement(surfaces, gitignorePatterns) {
-  const allow = dedup([...surfaces.source, ...surfaces.docs, ...surfaces.tests]);
-  const approval = [...surfaces.config];
-  const deny = dedup([
-    ...surfaces.secrets,
-    ...surfaces.generated,
-    ...surfaces.lockfiles || [],
-    ...ALWAYS_DENY,
-    ...gitignorePatterns.filter((p) => p.endsWith("/**")).slice(0, 8)
-  ]);
-  return {
-    allow: allow.length > 0 ? allow : ["src/**"],
-    approval: approval.length > 0 ? approval : [],
-    deny
-  };
-}
-function scanWorkspace(rootDir) {
-  const root = path3.resolve(rootDir || process.cwd());
-  const projectTypes = detectProjectTypes(root);
-  const primary = primaryType(projectTypes);
-  const surfaces = detectSurfaces(root, projectTypes);
-  const gitignore = readGitignore(root);
-  const semantics = buildSemantics(projectTypes, primary, surfaces);
-  const enforcement = buildEnforcement(surfaces, gitignore);
-  return { projectTypes, primaryType: primary, surfaces, semantics, enforcement };
-}
-function formatSummary(projectTypes, semantics, enforcement) {
-  const lines = [];
-  const label = Array.isArray(projectTypes) ? projectTypes.join(" + ") : projectTypes;
-  lines.push(`Detected: ${label}`);
-  lines.push("");
-  lines.push("Agent semantics:");
-  for (const [, v] of Object.entries(semantics)) {
-    lines.push(`  - ${v}`);
-  }
-  lines.push("");
-  lines.push("Enforcement:");
-  if (enforcement.allow.length) lines.push(`  allow:    ${enforcement.allow.join(", ")}`);
-  if (enforcement.approval.length) lines.push(`  approval: ${enforcement.approval.join(", ")}`);
-  if (enforcement.deny.length) lines.push(`  deny:     ${enforcement.deny.slice(0, 6).join(", ")}${enforcement.deny.length > 6 ? " \u2026" : ""}`);
-  return lines.join("\n");
-}
-
-// src/cli/commands/init.js
-function ask(question) {
-  if (!process.stdin.isTTY) return Promise.resolve("y");
-  return new Promise((resolve) => {
-    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-    rl.question(question, (ans) => {
-      rl.close();
-      resolve(ans.trim().toLowerCase());
-    });
-  });
-}
-function applyStrict(enforcement) {
-  return {
-    ...enforcement,
-    deny: [.../* @__PURE__ */ new Set([...enforcement.deny, ...enforcement.approval, "*.json", "config/**"])],
-    approval: []
-  };
-}
-function applyRelaxed(enforcement) {
-  return { ...enforcement, approval: [] };
-}
-function setupCrypto(cwd) {
-  const nowIso = (/* @__PURE__ */ new Date()).toISOString();
-  const expiresAt = new Date(Date.now() + 180 * 24 * 60 * 60 * 1e3).toISOString();
-  const defaultKeyId = "agent:gpt-v1-2026Q1";
-  const signerKeyId = "policy-signer-v1-2026Q1";
-  const lbeDir = path4.join(cwd, ".lbe");
-  for (const d of ["config", "keys", "data"]) {
-    fs4.mkdirSync(path4.join(lbeDir, d), { recursive: true });
-  }
-  const dataFiles = {
-    ".lbe/data/nonce.db.json": JSON.stringify({ entries: [] }, null, 2),
-    ".lbe/data/rate-limit.db.json": JSON.stringify({ entries: [] }, null, 2),
-    ".lbe/data/policy.state.json": JSON.stringify({ schemaVersion: "1", lastAccepted: null, updatedAt: null }, null, 2),
-    ".lbe/data/audit.log.jsonl": ""
-  };
-  for (const [rel, content] of Object.entries(dataFiles)) {
-    const p = path4.join(cwd, rel);
-    if (!fs4.existsSync(p)) fs4.writeFileSync(p, content);
-  }
-  const keyDir = path4.join(lbeDir, "keys");
-  const pubPath = path4.join(keyDir, "public.key");
-  const secPath = path4.join(keyDir, "secret.key");
-  let publicKeyB64, secretKeyB64;
-  if (fs4.existsSync(pubPath) && fs4.existsSync(secPath)) {
-    publicKeyB64 = fs4.readFileSync(pubPath, "utf8").trim();
-    secretKeyB64 = fs4.readFileSync(secPath, "utf8").trim();
-  } else {
-    const kp = generateKeyPair();
-    publicKeyB64 = kp.publicKey;
-    secretKeyB64 = kp.secretKey;
-    fs4.writeFileSync(pubPath, publicKeyB64);
-    fs4.writeFileSync(secPath, secretKeyB64, { mode: 384 });
-  }
-  const keysPath = path4.join(lbeDir, "config/keys.json");
-  const keysStore = fs4.existsSync(keysPath) ? JSON.parse(fs4.readFileSync(keysPath, "utf8")) : { schemaVersion: "1", defaultKeyId, trustedKeys: {} };
-  for (const keyId of [defaultKeyId, signerKeyId]) {
-    if (!keysStore.trustedKeys[keyId]) {
-      keysStore.trustedKeys[keyId] = {
-        publicKey: publicKeyB64,
-        notBefore: nowIso,
-        expiresAt,
-        validFrom: nowIso,
-        validUntil: expiresAt,
-        deprecated: false
-      };
-    }
-  }
-  keysStore.defaultKeyId = defaultKeyId;
-  fs4.writeFileSync(keysPath, JSON.stringify(keysStore, null, 2));
-  const policyPath = path4.join(lbeDir, "config/policy.default.json");
-  let policyObj;
-  if (fs4.existsSync(policyPath)) {
-    policyObj = JSON.parse(fs4.readFileSync(policyPath, "utf8"));
-  } else {
-    policyObj = {
-      default: "DENY",
-      version: "1.0.0",
-      createdAt: nowIso,
-      security: {
-        maxClockSkewSec: 600,
-        maxPolicyCreatedAtSkewSec: 31536e3,
-        defaultRateLimit: { windowSec: 60, maxRequests: 30 }
-      },
-      requesters: {
-        "agent:gpt": {
-          allowAdapters: ["noop", "shell"],
-          allowCommands: ["RUN_SHELL"],
-          rateLimit: { windowSec: 60, maxRequests: 30 },
-          filesystem: { roots: [cwd], denyPatterns: ["**/.git/**", "**/secrets/**", "**/*.key"] },
-          exec: { allowCmds: ["ls", "node", "python", "echo"], denyCmds: ["rm", "chmod", "chown", "curl", "wget", "su", "sudo"] }
-        }
-      }
-    };
-    fs4.writeFileSync(policyPath, JSON.stringify(policyObj, null, 2));
-  }
-  const sigResult = createPolicySignatureEnvelope({ policyObj, secretKeyB64, keyId: signerKeyId });
-  if (sigResult.ok) {
-    fs4.writeFileSync(path4.join(lbeDir, "config/policy.sig.json"), JSON.stringify(sigResult.envelope, null, 2));
-  }
-  return { defaultKeyId, secretKeyB64, publicKeyB64 };
-}
-function agentContractContent() {
-  return `# LBE Governance Contract
+var jt=Object.defineProperty;var L=(e,t)=>()=>(e&&(t=e(e=0)),t);var $t=(e,t)=>{for(var o in t)jt(e,o,{get:t[o],enumerable:!0})};import pe from"tweetnacl";import{canonicalize as Le}from"json-canonicalize";function ue(e){return Buffer.from(e,"base64")}function fe(e){return Buffer.from(e).toString("base64")}function me({payloadObj:e,sigB64:t,pubKeyB64:o}){try{let n=Buffer.from(Le(e),"utf8"),r=ue(t),s=ue(o),i=pe.sign.detached.verify(new Uint8Array(n),new Uint8Array(r),new Uint8Array(s));return{valid:i,message:i?"Signature verified":"Signature verification failed"}}catch(n){return{valid:!1,message:`Signature verification error: ${n.message}`}}}function ne(){let e=pe.sign.keyPair();return{publicKey:fe(e.publicKey),secretKey:fe(e.secretKey)}}function re({payloadObj:e,secretKeyB64:t}){try{let o=Buffer.from(Le(e),"utf8"),n=ue(t),r=pe.sign.detached(new Uint8Array(o),new Uint8Array(n));return{signature:fe(r),error:null}}catch(o){return{signature:null,error:`Signing failed: ${o.message}`}}}var Z=L(()=>{});import R from"fs";import he from"path";import fo from"crypto";function mo(e){return e+".lock"}function Ke(e){try{let t=R.openSync(e,"wx");return R.writeSync(t,`pid:${process.pid}:${Date.now()}`),R.closeSync(t),!0}catch(t){if(t.code==="EEXIST"||t.code==="EPERM"||t.code==="EBUSY"||t.code==="EACCES")return!1;throw t}}function qe(e,t){try{let o=R.statSync(e);if(Date.now()-o.mtimeMs>t)try{R.unlinkSync(e)}catch{}}catch{}}function yo(e){let t=Date.now()+e;for(;Date.now()<t;)try{Atomics.wait(new Int32Array(new SharedArrayBuffer(4)),0,0,Math.max(1,t-Date.now()))}catch{}}function Me(e,t,o){let n=typeof t=="function"?t:o,r=typeof t=="function"?{}:t||{},{timeoutMs:s,pollMs:i,staleMs:a}={...po,...r},c=he.dirname(e);R.existsSync(c)||R.mkdirSync(c,{recursive:!0});let l=mo(e),p=Date.now()+s,f=!1;for(;!f&&(f=Ke(l),!f);){if(Date.now()>=p){if(qe(l,a),f=Ke(l),f)break;let y=new Error(`withFileLock: timeout acquiring ${l} after ${s}ms`);throw y.code="ELOCKTIMEOUT",y}qe(l,a);let m=Math.floor(Math.random()*i);yo(i+m)}try{return n()}finally{try{R.unlinkSync(l)}catch{}}}function D(e,t,o={}){let n=he.dirname(e);R.existsSync(n)||R.mkdirSync(n,{recursive:!0});let r=he.join(n,`.tmp-${Date.now()}-${fo.randomBytes(4).toString("hex")}`);try{R.writeFileSync(r,t,o),R.renameSync(r,e)}catch(s){try{R.existsSync(r)&&R.unlinkSync(r)}catch{}throw s}}var po,z=L(()=>{po={timeoutMs:5e3,pollMs:15,staleMs:3e4}});import q from"fs";import Se from"path";import go from"crypto";function Ve(e){return go.createHash("sha256").update(e).digest("hex")}function ho(e){try{if(!q.existsSync(e))return"GENESIS";let t=q.readFileSync(e,"utf8").trim();if(!t)return"GENESIS";let o=t.split(`
+`),n=o[o.length-1];try{return JSON.parse(n).hash||"GENESIS"}catch{return"GENESIS"}}catch{return"GENESIS"}}function ee(e,t){let o=Se.dirname(e);q.existsSync(o)||q.mkdirSync(o,{recursive:!0});let n;return Me(e,()=>{let r=ho(e),s={...t,prevHash:r,timestamp:new Date().toISOString()};delete s.hash;let i=JSON.stringify(s),a=Ve(i),c=JSON.stringify({...s,hash:a}),l="";q.existsSync(e)&&(l=q.readFileSync(e,"utf8"));try{D(e,l+c+`
+`,{encoding:"utf8"})}catch(p){throw new Error(`Audit log write failed: ${p.message}`)}n={success:!0,hash:a,prevHash:r,message:"Audit entry appended"}}),n}function Be(e,t={}){let o=t.failFast!==!1,n=Number.isFinite(t.maxEntries)&&t.maxEntries>0?Math.floor(t.maxEntries):null,r={ok:!0,file:Se.resolve(e),entries:0,valid:!0,firstInvalidIndex:null,reason:null,errors:[],message:"Audit log verified"};try{if(!q.existsSync(e))return r.message="Audit log file not found (treated as empty)",r;let s=q.readFileSync(e,"utf8").trim();if(!s)return r.message="Empty audit log",r;let i=s.split(`
+`),a=n?i.slice(0,n):i;r.entries=a.length;let c="GENESIS";for(let l=0;l<a.length;l++){let p;try{p=JSON.parse(a[l])}catch{let h={index:l,reason:"INVALID_JSON_LINE",message:`Line ${l} is not valid JSON`};if(r.valid=!1,r.ok=!1,r.firstInvalidIndex??=l,r.reason??=h.reason,r.errors.push(h),o)break;continue}if(p.prevHash!==c){let h={index:l,reason:"PREV_HASH_MISMATCH",message:`Expected prevHash '${c}', got '${p.prevHash}'`};if(r.valid=!1,r.ok=!1,r.firstInvalidIndex??=l,r.reason??=h.reason,r.errors.push(h),o)break}let f={...p},m=f.hash;delete f.hash;let y=Ve(JSON.stringify(f));if(m!==y){let h={index:l,reason:"HASH_MISMATCH",message:`Expected hash '${y}', got '${m}'`};if(r.valid=!1,r.ok=!1,r.firstInvalidIndex??=l,r.reason??=h.reason,r.errors.push(h),o)break}c=m}return r.message=r.valid?`Audit log verified: ${r.entries} entries`:`Audit log integrity failed at index ${r.firstInvalidIndex}`,r}catch(s){return{ok:!1,file:Se.resolve(e),entries:0,valid:!1,firstInvalidIndex:null,reason:"AUDIT_VERIFY_ERROR",errors:[{index:null,reason:"AUDIT_VERIFY_ERROR",message:s.message}],message:`Integrity check failed: ${s.message}`}}}var ke=L(()=>{z()});import Ye from"fs";import W from"path";import So from"crypto";function Eo(e){let t=e.replace(/[.+^${}()|[\]\\]/g,"\\$&");return new RegExp("^"+t.replace(/\*\*\//g,"(?:.*/)?").replace(/\*\*/g,".*").replace(/\*/g,"[^/]*")+"$")}function Io(e,t){return W.relative(e,W.resolve(t)).split(W.sep).join("/")}function Ee(e){let t=W.resolve(e||process.cwd());return{root:t,policyPath:W.join(t,Ue),auditPath:W.join(t,ko)}}function G(e,t="observe"){let o=Ee(e);if(!Ye.existsSync(o.policyPath))return{...o,policy:{version:1,mode:t,workspace:o.root,rules:[]}};let n=JSON.parse(Ye.readFileSync(o.policyPath,"utf8"));if(n?.version!==1||!["observe","enforce"].includes(n.mode)||!Array.isArray(n.rules))throw new Error(`Invalid ${Ue}`);return{...o,policy:n}}function Ie(e,t){let{policyPath:o,root:n}=Ee(e),r={...t,version:1,workspace:n,rules:Array.isArray(t.rules)?t.rules:[]};return D(o,JSON.stringify(r,null,2)+`
+`,{encoding:"utf8"}),r}function We(e,t,o){if(!t||!["allow","deny"].includes(t.effect)||!["path","command"].includes(t.type)||typeof t.pattern!="string"||!t.pattern||typeof t.from!="string"||!t.from)throw new Error("Rule requires effect, type, pattern, and from");let n=G(e,o),r={id:t.id||So.randomUUID(),effect:t.effect,type:t.type,pattern:t.pattern,from:t.from,at:t.at||new Date().toISOString()};return Ie(n.root,{...n.policy,mode:o||n.policy.mode,rules:[...n.policy.rules,r]}),{id:r.id,added:!0,rule:r}}function Ge(e){return{...e,proposed:!0,at:new Date().toISOString()}}function be(e,t,{target:o,command:n}={}){let r=W.resolve(t),s=[];o&&s.push({type:"path",value:Io(r,o)}),n&&s.push({type:"command",value:n});let i=e.rules.filter(c=>s.some(l=>l.type===c.type&&Eo(c.pattern).test(l.value))),a=i.filter(c=>c.effect==="deny");return{allowed:a.length===0,matched:i,winningRules:a.length?a:i.filter(c=>c.effect==="allow"),reason:a.length?"LOCAL_POLICY_DENY":null}}function He(e,t){let{auditPath:o}=Ee(e);ee(o,{kind:"local_policy",timestamp:new Date().toISOString(),...t})}var Ue,ko,ve=L(()=>{ke();z();Ue=".lbe/policy.json",ko=".lbe/audit.jsonl"});import ze from"fs";import bo from"path";function Xe(e){if(typeof e=="number"&&Number.isFinite(e))return{ok:!0,kind:"int",parts:[Math.floor(e)],raw:String(e)};if(typeof e!="string"||!e.trim())return{ok:!1,reason:"POLICY_VERSION_INVALID",message:"Policy version is required"};let t=e.trim();if(/^\d+$/.test(t))return{ok:!0,kind:"int",parts:[Number(t)],raw:t};let o=t.replace(/^v/i,"");if(/^\d+(\.\d+){0,2}$/.test(o)){let n=o.split(".").map(r=>Number(r));for(;n.length<3;)n.push(0);return{ok:!0,kind:"semver",parts:n,raw:t}}return{ok:!1,reason:"POLICY_VERSION_INVALID",message:`Unsupported policy version format '${e}' (use integer or semver)`}}function vo(e,t){let o=Math.max(e.parts.length,t.parts.length);for(let n=0;n<o;n++){let r=e.parts[n]??0,s=t.parts[n]??0;if(r>s)return 1;if(r<s)return-1}return 0}function Qe(e){if(typeof e=="number"&&Number.isFinite(e))return{ok:!0,epochSec:e>1e12?Math.floor(e/1e3):Math.floor(e)};if(typeof e!="string"||!e.trim())return{ok:!1,reason:"POLICY_CREATED_AT_INVALID",message:"Policy createdAt is required"};let t=Date.parse(e);return Number.isNaN(t)?{ok:!1,reason:"POLICY_CREATED_AT_INVALID",message:`Invalid policy createdAt '${e}'`}:{ok:!0,epochSec:Math.floor(t/1e3)}}function xo(e){if(!ze.existsSync(e))return{schemaVersion:"1",lastAccepted:null,updatedAt:null};try{let t=JSON.parse(ze.readFileSync(e,"utf8"));if(!t||typeof t!="object")throw new Error("Policy state file has invalid structure");return{schemaVersion:String(t.schemaVersion||"1"),lastAccepted:t.lastAccepted&&typeof t.lastAccepted=="object"?t.lastAccepted:null,updatedAt:t.updatedAt||null}}catch(t){throw new Error(`Policy state at ${e} is corrupt or unreadable: ${t.message}`)}}function wo(e,t){let o=JSON.stringify(t,null,2);D(e,o,{encoding:"utf8"})}function Ze({policyObj:e,statePath:t=bo.resolve(".lbe/data/policy.state.json"),maxCreatedAtSkewSec:o=31536e3,nowSec:n=Math.floor(Date.now()/1e3),persist:r=!0}){let s=Xe(e?.version);if(!s.ok)return{ok:!1,reason:s.reason,message:s.message,updated:!1};let i=Qe(e?.createdAt);if(!i.ok)return{ok:!1,reason:i.reason,message:i.message,updated:!1};let a=Math.abs(n-i.epochSec),c=Number.isFinite(o)&&o>0?Math.floor(o):31536e3;if(a>c)return{ok:!1,reason:"POLICY_CREATED_AT_SKEW_EXCEEDED",message:`Policy createdAt skew ${a}s exceeds allowed ${c}s`,updated:!1};let l;try{l=xo(t)}catch(u){return{ok:!1,reason:"POLICY_STATE_CORRUPT",message:u.message,updated:!1}}let p=l.lastAccepted,f=null,m=null,y=0;if(p&&(f=Xe(p.version),m=Qe(p.createdAt),f.ok&&m.ok)){if(y=vo(s,f),y<0)return{ok:!1,reason:"POLICY_VERSION_REGRESSION",message:`Policy version regression: current '${s.raw}' < last '${f.raw}'`,updated:!1};if(y===0&&i.epochSec<m.epochSec)return{ok:!1,reason:"POLICY_CREATED_AT_REGRESSION",message:`Policy createdAt regression: current '${e.createdAt}' < last '${p.createdAt}'`,updated:!1};if(y>0&&i.epochSec<m.epochSec)return{ok:!1,reason:"POLICY_CREATED_AT_REGRESSION",message:"Policy createdAt must be monotonic when version increases",updated:!1}}let h=!p||!f?.ok||!m?.ok||y>0||y===0&&i.epochSec>m.epochSec;if(r&&h){let u={schemaVersion:"1",lastAccepted:{version:e.version,createdAt:e.createdAt,environment:e.environment||null},updatedAt:new Date().toISOString()};wo(t,u)}return{ok:!0,reason:null,message:"Policy version guard passed",updated:h}}var et=L(()=>{z()});import tt from"fs";import nt from"path";import{fileURLToPath as _o}from"url";function M(){if(se)return se;if(!tt.existsSync(xe))throw new Error(`LBE engine missing: ${xe}`);let e=tt.readFileSync(xe);return se=new WebAssembly.Instance(new WebAssembly.Module(e),{}),se}function ie(){return new Uint8Array(M().exports.memory.buffer)}function rt(){return M().exports.lbe_in_ptr()}function st(){return M().exports.lbe_out_ptr()}function To(){return M().exports.lbe_buf_size()}function it(e){let t=new TextEncoder().encode(e),o=ie(),n=rt();o.set(t,n),o[n+t.length]=0}function at(){let e=ie(),t=st(),o=t;for(;e[o]!==0&&o-t<To();)o++;return new TextDecoder().decode(e.slice(t,o))}function Co(e){let t=ie(),o=rt(),n=new DataView(t.buffer,o);e.forEach((r,s)=>n.setUint32(s*4,r>>>0,!0))}function Po(){let e=ie(),t=st(),o=new DataView(e.buffer,t);return{stage:o.getUint32(0,!0),code:o.getUint32(4,!0)}}function ct(e){Co([e.hasId?1:0,e.idValid?1:0,e.hasCommandId?1:0,e.commandIdValid?1:0,e.hasRequesterId?1:0,e.requesterIdValid?1:0,e.hasSessionId?1:0,e.sessionIdValid?1:0,e.hasTimestamp?1:0,e.timestampValid?1:0,e.hasNonce?1:0,e.nonceValid?1:0,e.hasRequires?1:0,e.requiresValid?1:0,e.hasPayload?1:0,e.hasPayloadAdapter?1:0,e.payloadAdapterValid?1:0,e.hasSignature?1:0,e.hasSignatureAlg?1:0,e.signatureAlgValid?1:0,e.hasSignatureKeyId?1:0,e.hasSignatureSig?1:0,e.signatureSigValid?1:0,e.hasRisk?1:0,e.riskValid?1:0,e.cmdTimestamp>>>0,e.nowSec>>>0,e.maxClockSkewSec>>>0,e.keyIdFormatValid?1:0,e.keyFound?1:0,e.keyNotDeprecated?1:0,e.keyRequesterMatches?1:0,e.keyNotBeforeOk?1:0,e.keyNotExpired?1:0,e.keyLifecycleFieldsPresent?1:0,e.signatureValid?1:0,e.rateLimitOk?1:0,e.rateLimitRetryAfterSec>>>0,e.nonceOk?1:0,e.policyConfigured?1:0,e.requesterConfigured?1:0,e.commandAllowed?1:0,e.adapterAllowed?1:0,e.filesystemRequired?1:0,e.filesystemRootsDefined?1:0,e.filesystemOk?1:0,e.pathDenied?1:0,e.shellRequired?1:0,e.shellCommandOk?1:0]),M().exports.lbe_validate_pipeline();let{stage:t,code:o}=Po();return{ok:t===255,stage:t,stageLabel:Ro[t]||"unknown",code:o,schemaError:t===0?Oo[o]?.error||"Schema invalid":null,keyReason:t===2?No[o]||"KEY_ERROR":null,policyResult:t===6?{...ot[o]||ot[1],code:o}:null,retryAfterSec:t===4?o:0,skewSec:t===1?o:0}}function we({ttlSec:e,nowSec:t,newKey:o,existingEntries:n}){let r=[`${e}:${t}`,o,...n].join(`
+`)+`
+`;if(it(r),M().exports.lbe_nonce_check()!==0)return{ok:!1,updatedEntriesText:null};let i=at();return{ok:!0,updatedEntriesText:i.startsWith(`OK
+`)?i.slice(3):i}}function lt({windowSec:e,maxRequests:t,nowSec:o,requesterId:n,existingEntries:r}){let s=[`${e}:${t}:${o}`,n,...r].join(`
+`)+`
+`;it(s);let i=M().exports.lbe_rate_check()!==0,a=at();if(i){let c=parseInt(a.match(/^EXCEEDED:(\d+)/)?.[1]??"1",10),l=a.replace(/^EXCEEDED:\d+\n/,"");return{ok:!1,retryAfterSec:c,updatedEntriesText:l}}return{ok:!0,retryAfterSec:0,updatedEntriesText:a.startsWith(`OK
+`)?a.slice(3):a}}function dt(e,t=!1){let o=Do[e]??0,n=M().exports.lbe_classify_risk(o,t?1:0);return Lo[n]??"LOW"}var Ao,xe,ot,Oo,No,Ro,Lo,Do,se,ut=L(()=>{Ao=nt.dirname(_o(import.meta.url)),xe=nt.join(Ao,"lbe_engine.wasm"),ot={0:{allowed:!0,reason:null,message:"Policy check passed"},1:{allowed:!1,reason:"POLICY_NOT_CONFIGURED",message:"No policy configured"},2:{allowed:!1,reason:"REQUESTER_NOT_ALLOWED",message:"Requester not in policy"},3:{allowed:!1,reason:"COMMAND_NOT_ALLOWED",message:"Command not allowed for requester"},4:{allowed:!1,reason:"ADAPTER_NOT_ALLOWED",message:"Adapter not allowed"},5:{allowed:!1,reason:"NO_FILESYSTEM_ROOTS_DEFINED",message:"No filesystem roots defined for requester"},6:{allowed:!1,reason:"CWD_OUTSIDE_ALLOWED_ROOT",message:"Path not under allowed roots"},7:{allowed:!1,reason:"PATH_DENIED_BY_PATTERN",message:"Path matches deny pattern"},8:{allowed:!1,reason:"SHELL_CMD_DENIED",message:"Shell command not allowed"}},Oo={0:{valid:!0,error:null},1:{valid:!1,error:"Missing required field: id"},2:{valid:!1,error:"Missing required field: commandId"},3:{valid:!1,error:"Missing required field: requesterId"},4:{valid:!1,error:"Missing required field: sessionId"},5:{valid:!1,error:"Missing required field: timestamp"},6:{valid:!1,error:"Missing required field: nonce"},7:{valid:!1,error:"Missing required field: requires"},8:{valid:!1,error:"Missing required field: payload"},9:{valid:!1,error:"Missing required field: signature"},10:{valid:!1,error:"Field 'id' is invalid"},11:{valid:!1,error:"Field 'commandId' is invalid"},12:{valid:!1,error:"Field 'requesterId' is invalid"},13:{valid:!1,error:"Field 'sessionId' is invalid"},14:{valid:!1,error:"Field 'timestamp' is invalid"},15:{valid:!1,error:"Field 'nonce' is invalid"},16:{valid:!1,error:"Field 'requires' is invalid"},17:{valid:!1,error:"payload: missing required field: adapter"},18:{valid:!1,error:"payload: field 'adapter' is invalid"},19:{valid:!1,error:"signature: missing required field: alg"},20:{valid:!1,error:"signature: missing required field: keyId"},21:{valid:!1,error:"signature: missing required field: sig"},22:{valid:!1,error:"signature: field 'alg' must be ed25519"},23:{valid:!1,error:"signature: field 'sig' is invalid"},24:{valid:!1,error:"Field 'risk' is invalid"}},No={1:"KEY_ID_INVALID",2:"KEY_NOT_TRUSTED",3:"KEY_DEPRECATED",4:"KEY_REQUESTER_MISMATCH",5:"KEY_LIFECYCLE_INVALID",6:"KEY_NOT_YET_VALID",7:"KEY_EXPIRED"},Ro={0:"schema",1:"timestamp",2:"key",3:"signature",4:"rate_limit",5:"nonce",6:"policy",255:"ok"},Lo=["LOW","MEDIUM","HIGH","CRITICAL"],Do={ECHO:0,READ_FILE:1,WRITE_FILE:2,PATCH_FILE:3,DELETE_FILE:4,RUN_SHELL:5},se=null});import _e from"path";function Fo(e){let t=s=>e!=null&&Object.prototype.hasOwnProperty.call(e,s),o=s=>typeof s=="string",n=e?.payload,r=e?.signature;return{hasId:t("id"),idValid:o(e?.id)&&/^[A-Z_]+$/.test(e.id)&&e.id.length>=1&&e.id.length<=50,hasCommandId:t("commandId"),commandIdValid:o(e?.commandId)&&/^[a-f0-9-]+$/.test(e.commandId)&&e.commandId.length===36,hasRequesterId:t("requesterId"),requesterIdValid:o(e?.requesterId)&&e.requesterId.length>=3&&e.requesterId.length<=100,hasSessionId:t("sessionId"),sessionIdValid:o(e?.sessionId)&&e.sessionId.length>=3,hasTimestamp:t("timestamp"),timestampValid:typeof e?.timestamp=="number"&&e.timestamp>=1e9,hasNonce:t("nonce"),nonceValid:o(e?.nonce)&&e.nonce.length>=32&&e.nonce.length<=128,hasRequires:t("requires"),requiresValid:Array.isArray(e?.requires)&&e.requires.length>=1&&e.requires.every(o),hasPayload:t("payload")&&typeof n=="object"&&n!==null&&!Array.isArray(n),hasPayloadAdapter:n!=null&&Object.prototype.hasOwnProperty.call(n,"adapter"),payloadAdapterValid:o(n?.adapter),hasSignature:t("signature")&&typeof r=="object"&&r!==null&&!Array.isArray(r),hasSignatureAlg:r!=null&&Object.prototype.hasOwnProperty.call(r,"alg"),signatureAlgValid:r?.alg==="ed25519",hasSignatureKeyId:r!=null&&Object.prototype.hasOwnProperty.call(r,"keyId"),hasSignatureSig:r!=null&&Object.prototype.hasOwnProperty.call(r,"sig"),signatureSigValid:o(r?.sig)&&r.sig.length>=10,hasRisk:t("risk"),riskValid:["LOW","MEDIUM","HIGH","CRITICAL"].includes(e?.risk)}}function jo(e,t){let o=!!(e&&e.default==="DENY"&&e.requesters&&typeof e.requesters=="object"),n=e?.requesters?.[t.requesterId],r=t.id?.toLowerCase()??"",s=!!n?.allowCommands?.some(y=>y.toLowerCase()===r),i=!!n?.allowAdapters?.includes(t.payload?.adapter),a=!!t.payload?.cwd,c=!1,l=!1,p=!1;if(a){let y=n?.filesystem?.roots??[];if(c=y.length>0,c){let h=_e.resolve(t.payload.cwd);l=y.some(d=>{let g=_e.resolve(d);return h===g||h.startsWith(g+_e.sep)}),p=(n?.filesystem?.denyPatterns??[]).some(d=>new RegExp("^"+d.replace(/\./g,"\\.").replace(/\*\*/g,".*").replace(/\*/g,"[^/]*")+"$").test(h))}}let f=!1,m=!0;if(t.id==="RUN_SHELL"){f=!0;let y=n?.exec?.allowCmds??[],h=n?.exec?.denyCmds??[],u=t.payload?.cmd;h.includes(u)?m=!1:m=y.length===0||y.includes(u)}return{policyConfigured:o,requesterConfigured:!!n,commandAllowed:s,adapterAllowed:i,filesystemRequired:a,filesystemRootsDefined:c,filesystemOk:l,pathDenied:p,shellRequired:f,shellCommandOk:m}}function $o(e,t,o,n=new Date){if(!e||!t)return{keyIdFormatValid:!1,keyFound:!1,keyNotDeprecated:!1,keyRequesterMatches:!1,keyNotBeforeOk:!1,keyNotExpired:!1,keyLifecycleFieldsPresent:!1,publicKey:null};let s=/^[A-Za-z0-9:_-]{3,128}$/.test(t)&&t!=="default";if(!s)return{keyIdFormatValid:s,keyFound:!1,keyNotDeprecated:!1,keyRequesterMatches:!1,keyNotBeforeOk:!1,keyNotExpired:!1,keyLifecycleFieldsPresent:!1,publicKey:null};let i=e.trustedKeys?.[t],a=!!i;if(!a)return{keyIdFormatValid:s,keyFound:a,keyNotDeprecated:!1,keyRequesterMatches:!1,keyNotBeforeOk:!1,keyNotExpired:!1,keyLifecycleFieldsPresent:!1,publicKey:null};let c=!i.deprecated,l=!i.requesterId||i.requesterId===o,p=i.notBefore||i.validFrom,f=i.expiresAt||i.validUntil,m=typeof p=="string"&&typeof f=="string",y=!1,h=!1;if(m){let u=new Date(p),d=new Date(f);!isNaN(u.getTime())&&!isNaN(d.getTime())&&u<d&&(y=n>=u,h=n<d)}return{keyIdFormatValid:s,keyFound:a,keyNotDeprecated:c,keyRequesterMatches:l,keyNotBeforeOk:y,keyNotExpired:h,keyLifecycleFieldsPresent:m,publicKey:i.publicKey??null}}function ft(e){return(e?.entries??[]).map(t=>`${t.key}:${t.timestamp}`)}function pt(e){return e.split(`
+`).filter(Boolean).map(t=>{let o=t.lastIndexOf(":");return{key:t.slice(0,o),timestamp:parseInt(t.slice(o+1),10)||0}})}function Ko(e){return(e?.entries??[]).map(t=>`${t.requesterId}:${t.timestamp}`)}function qo(e){return e.split(`
+`).filter(Boolean).map(t=>{let o=t.lastIndexOf(":");return{requesterId:t.slice(0,o),timestamp:parseInt(t.slice(o+1),10)||0}})}function mt({commandObj:e,pubKeyB64:t,keyStore:o,nonceDb:n,policy:r,rateLimiter:s,policyStatePath:i}){let a={valid:!1,commandId:e?.commandId,checks:{},errors:[]},c=Math.floor(Date.now()/1e3),l=new Date,p=Number.isFinite(r?.security?.maxClockSkewSec)?r.security.maxClockSkewSec:600;if(i&&r?.version!==void 0)try{let k=Ze({policyObj:r,statePath:i});if(a.checks.policyVersion=k.ok,!k.ok)return a.errors.push({type:"POLICY_VERSION_INVALID",message:k.message}),a}catch{a.checks.policyVersion=!0}else a.checks.policyVersion=!0;let f=Fo(e),m=e?.signature?.keyId,y=$o(o,m,e?.requesterId,l),h=!1,u=y.publicKey;if(!u&&t&&(u=t),u){let k={...e};delete k.signature,h=me({payloadObj:k,sigB64:e?.signature?.sig,pubKeyB64:u}).valid}let d=!0,g=0;if(h&&s&&typeof s.db<"u"){let k=r?.requesters?.[e.requesterId]?.rateLimit||{},_=r?.security?.defaultRateLimit||{},K=k.windowSec??_.windowSec??60,Ft=k.maxRequests??_.maxRequests??30,oe=lt({windowSec:K,maxRequests:Ft,nowSec:c,requesterId:e.requesterId,existingEntries:Ko(s.db)});d=oe.ok,g=oe.retryAfterSec,oe.ok&&(s.db.entries=qo(oe.updatedEntriesText))}else if(h&&s&&typeof s.checkAndRecord=="function"){let k=r?.requesters?.[e.requesterId]?.rateLimit||{},_=r?.security?.defaultRateLimit||{},K=s.checkAndRecord({requesterId:e.requesterId,nowSec:c,windowSec:k.windowSec??_.windowSec??60,maxRequests:k.maxRequests??_.maxRequests??30});d=K.ok,g=K.retryAfterSec??0}let I=!0,b=`${e?.requesterId}|${e?.sessionId}|${e?.nonce}`,$=3600;if(h&&d&&n)if(typeof n.checkAndRecord=="function")if(n.db){let k=we({ttlSec:$,nowSec:c,newKey:b,existingEntries:ft(n.db)});I=k.ok,k.ok&&(n.db.entries=pt(k.updatedEntriesText))}else I=n.checkAndRecord({requesterId:e.requesterId,sessionId:e.sessionId,nonce:e.nonce}).ok;else{let k=we({ttlSec:$,nowSec:c,newKey:b,existingEntries:ft(n)});I=k.ok,k.ok&&(n.entries=pt(k.updatedEntriesText))}let O=jo(r,e??{}),w=ct({...f,cmdTimestamp:e?.timestamp??0,nowSec:c,maxClockSkewSec:p,...y,signatureValid:h,rateLimitOk:d,rateLimitRetryAfterSec:g,nonceOk:I,...O}),x=w.stage;if(a.checks.schema=x!==0,x>=1&&(a.checks.timestamp=x!==1),x>=2&&(a.checks.keyId=x!==2),x>=2&&(a.checks.signature=x!==2&&x!==3),x>=4&&(a.checks.rateLimit=x!==4),x>=5&&(a.checks.nonce=x!==5),(x>=6||w.ok)&&(a.checks.policy=x!==6),!w.ok){let k=w.stageLabel;if(k==="schema")a.errors.push({type:"SCHEMA_ERROR",message:w.schemaError||"Schema invalid"});else if(k==="timestamp")a.errors.push({type:"TIMESTAMP_SKEW_EXCEEDED",message:`Command timestamp skew ${w.skewSec}s exceeds allowed ${p}s`});else if(k==="key"){let _=w.keyReason||"KEY_ERROR",K={KEY_ID_INVALID:`Invalid keyId '${m}'`,KEY_NOT_TRUSTED:`Key '${m}' is not in trusted key store`,KEY_DEPRECATED:`Key '${m}' is deprecated`,KEY_REQUESTER_MISMATCH:`Key '${m}' is not authorized for requester '${e?.requesterId}'`,KEY_LIFECYCLE_INVALID:`Key '${m}' must define notBefore and expiresAt`,KEY_NOT_YET_VALID:`Key '${m}' is not yet valid`,KEY_EXPIRED:`Key '${m}' has expired`};a.errors.push({type:_,message:K[_]||_})}else k==="signature"?a.errors.push({type:"SIGNATURE_INVALID",message:u?"Signature verification failed":"No public key available"}):k==="rate_limit"?a.errors.push({type:"RATE_LIMIT_EXCEEDED",message:`Rate limit exceeded. Retry after ${w.retryAfterSec}s`}):k==="nonce"?a.errors.push({type:"REPLAY_NONCE",message:"Nonce has already been used"}):k==="policy"&&w.policyResult?a.errors.push({type:w.policyResult.reason,message:w.policyResult.message}):a.errors.push({type:"VALIDATION_FAILED",message:`Failed at stage: ${k}`});return a}return a.valid=!0,a.risk=dt(e.id,e.payload?.cmd==="rm"),a.message="Command validation successful",a}var yt=L(()=>{Z();et();ut()});async function gt(e){return{adapter:"noop",commandId:e.commandId||"unknown",command:e.id||"unknown",status:"completed",output:`[NOOP] Would execute: ${e.id||"unknown"} on adapter: ${e.payload?.adapter||"unknown"}`,exitCode:0,timestamp:new Date().toISOString()}}var ht=L(()=>{});import{spawnSync as Mo}from"child_process";import Ae from"path";import Vo from"fs";function St(e){try{return Vo.realpathSync(Ae.resolve(e))}catch{return Ae.resolve(e)}}function Bo(e){if(e===void 0)return{ok:!0,args:[]};if(!Array.isArray(e))return{ok:!1,error:"payload.args must be an array"};let t=[];for(let o of e){if(typeof o!="string"&&typeof o!="number"&&typeof o!="boolean")return{ok:!1,error:"payload.args may only contain string, number, or boolean values"};t.push(String(o))}return{ok:!0,args:t}}async function kt(e,t,o){let n=e.payload,r=Math.min(Math.max(Number(n.timeoutMs)||3e4,1),3e4),s=Math.min(Math.max(Number(n.maxOutputBytes)||1024*1024,1024),1024*1024);if(n.adapter!=="shell")return{adapter:"shell",commandId:e.commandId,status:"error",error:"Adapter mismatch",exitCode:1};let i=o?.exec?.allowCmds||[];if((o?.exec?.denyCmds||[]).includes(n.cmd))return{adapter:"shell",commandId:e.commandId,status:"blocked",error:`Command '${n.cmd}' is denied`,exitCode:2};if(i.length>0&&!i.includes(n.cmd))return{adapter:"shell",commandId:e.commandId,status:"blocked",error:`Command '${n.cmd}' not in allowlist`,exitCode:2};if(!(o?.filesystem?.roots||[]).some(f=>{let m=St(f),y=St(n.cwd);return y===m||y.startsWith(m+Ae.sep)}))return{adapter:"shell",commandId:e.commandId,status:"blocked",error:`CWD '${n.cwd}' not authorized`,exitCode:2};let p=Bo(n.args);if(!p.ok)return{adapter:"shell",commandId:e.commandId,status:"blocked",error:p.error,exitCode:2};try{let f=Mo(n.cmd,p.args,{cwd:n.cwd,timeout:r,encoding:"utf8",maxBuffer:s,stdio:["pipe","pipe","pipe"],shell:!1});if(f.error)throw f.error;let m=`${f.stdout||""}${f.stderr||""}`,y=f.status??1;return y!==0?{adapter:"shell",commandId:e.commandId,command:n.cmd,status:"error",error:m.substring(0,s)||`Command exited with code ${y}`,exitCode:y,timestamp:new Date().toISOString()}:{adapter:"shell",commandId:e.commandId,command:n.cmd,status:"completed",output:m.substring(0,s),exitCode:0,timestamp:new Date().toISOString()}}catch(f){return{adapter:"shell",commandId:e.commandId,command:n.cmd,status:"error",error:f.message,exitCode:f.status||1,timestamp:new Date().toISOString()}}}var Et=L(()=>{});import V from"fs";import ae from"path";import Yo from"crypto";function It(e,t){let o=t||ae.resolve(".lbe/data/backups");V.existsSync(o)||V.mkdirSync(o,{recursive:!0});let n=ae.resolve(e),r=V.existsSync(n),s=null,i=null;r&&(s=V.readFileSync(n),i=Yo.createHash("sha256").update(s).digest("hex"));let a=ae.basename(n).replace(/[^a-zA-Z0-9._-]/g,"_"),c=`${Date.now()}-${i?i.slice(0,8):"new"}-${a}`,l=r?ae.join(o,c):null;return r&&s!==null&&D(l,s),{originalPath:n,backupPath:l,existed:r,hash:i,createdAt:new Date().toISOString()}}function ce(e){if(!e)return{restored:!1,error:"No backup metadata"};let{originalPath:t,backupPath:o,existed:n}=e;if(!n)try{return V.existsSync(t)&&V.unlinkSync(t),{restored:!0,action:"deleted"}}catch(r){return{restored:!1,error:r.message}}if(!o||!V.existsSync(o))return{restored:!1,error:"Backup file not found at: "+o};try{let r=V.readFileSync(o);return D(t,r),{restored:!0,action:"restored"}}catch(r){return{restored:!1,error:r.message}}}var bt=L(()=>{z()});import H from"fs";import B from"path";function Wo(e,t){return e?B.isAbsolute(e)?B.resolve(e):B.resolve(t||process.cwd(),e):null}function Go(e,t){let o=vt(e);return t.some(n=>{let r=vt(n);return o===r||o.startsWith(r+B.sep)})}function vt(e){let t=B.resolve(e),o=[];for(;!H.existsSync(t);){let n=B.dirname(t);if(n===t)break;o.unshift(B.basename(t)),t=n}try{t=H.realpathSync(t)}catch{}return B.join(t,...o)}function Ho(e,t){for(let o of t||[])if(new RegExp("^"+o.replace(/\./g,"\\.").replace(/\*\*/g,".*").replace(/\*/g,"[^/\\\\]*")+"$").test(e))return o;return null}function X(e,t,o,n=2){return{adapter:"file",commandId:e.commandId,status:"blocked",errorCode:t,error:o,exitCode:n}}function j(e,t,o,n=null,r=1){return{adapter:"file",commandId:e.commandId,status:"error",errorCode:t,error:o,backup:n?le(n):null,exitCode:r}}function le(e){return e?{path:e.backupPath,existed:e.existed,hash:e.hash,createdAt:e.createdAt}:null}async function xt(e,t,o){let n=e.payload,r=n.action,s=n.cwd||process.cwd(),i=Wo(n.target,s);if(!r)return X(e,"FILE_NO_ACTION","payload.action is required");if(!i&&r!=="noop")return X(e,"FILE_NO_TARGET","payload.target is required");let a=o?.filesystem?.roots||[];if(a.length===0)return X(e,"FILE_NO_ROOTS","No filesystem roots defined for requester");if(!Go(i,a))return X(e,"FILE_OUTSIDE_ROOT",`'${i}' is outside allowed roots`);let c=Ho(i,o?.filesystem?.denyPatterns);if(c)return X(e,"FILE_PATH_DENIED",`'${i}' matches deny pattern: ${c}`);switch(r){case"read":return Jo(e,i);case"write":return zo(e,i,n);case"patch":return Xo(e,i,n);case"delete":return Qo(e,i);default:return X(e,"FILE_UNKNOWN_ACTION",`Unknown action: '${r}'`)}}function Jo(e,t){if(!H.existsSync(t))return j(e,"FILE_NOT_FOUND",`Not found: ${t}`);try{let o=H.statSync(t);if(o.size>Uo)return j(e,"FILE_TOO_LARGE","File exceeds 10 MB read limit");let n=H.readFileSync(t,"utf8");return{adapter:"file",action:"read",commandId:e.commandId,status:"completed",target:t,output:n,bytesRead:o.size,exitCode:0}}catch(o){return j(e,"FILE_READ_ERROR",o.message)}}function zo(e,t,o){let n=o.content;if(n==null)return j(e,"FILE_MISSING_CONTENT","payload.content is required for write");let r=Oe(t);try{return D(t,n,{encoding:"utf8"}),{adapter:"file",action:"write",commandId:e.commandId,status:"completed",target:t,backup:le(r),output:`Wrote ${Buffer.byteLength(n,"utf8")} bytes to ${t}`,exitCode:0}}catch(s){return ce(r),j(e,"FILE_WRITE_ERROR",s.message,r)}}function Xo(e,t,o){let n=o.content;if(n==null)return j(e,"FILE_MISSING_CONTENT","payload.content is required for patch");let r=Oe(t);try{return D(t,n,{encoding:"utf8"}),{adapter:"file",action:"patch",commandId:e.commandId,status:"completed",target:t,backup:le(r),output:`Patched ${t} (${Buffer.byteLength(n,"utf8")} bytes)`,exitCode:0}}catch(s){return ce(r),j(e,"FILE_PATCH_ERROR",s.message,r)}}function Qo(e,t){if(!H.existsSync(t))return j(e,"FILE_NOT_FOUND",`Not found: ${t}`);let o=Oe(t);try{return H.unlinkSync(t),{adapter:"file",action:"delete",commandId:e.commandId,status:"completed",target:t,backup:le(o),output:`Deleted ${t}`,exitCode:0}}catch(n){return ce(o),j(e,"FILE_DELETE_ERROR",n.message,o)}}function Oe(e){try{return It(e)}catch{return null}}var Uo,wt=L(()=>{z();bt();Uo=10*1024*1024});function Zo(e){return _t[e]}async function At(e,t,o,n){let r=Zo(e);if(!r)return{adapter:e,commandId:t.commandId,status:"error",error:`Adapter '${e}' not found`,exitCode:1};try{return await r(t,o,n)}catch(s){return{adapter:e,commandId:t.commandId,status:"error",error:`Adapter execution failed: ${s.message}`,exitCode:9}}}var _t,Dr,Ot=L(()=>{ht();Et();wt();_t={noop:gt,shell:kt,file:xt};Dr=Object.keys(_t)});var Dt={};$t(Dt,{createLocalExecutor:()=>sn});import Nt from"crypto";import J from"fs";import N from"path";function T(e,t,o=!1){return{ok:!1,decision:"deny",executed:!1,dryRun:!1,error:{code:e,message:t,recoverable:o}}}function en(e,t,o={}){let n=new Date,r=new Date(n.getTime()+365*24*60*60*1e3);return{version:1,default:"DENY",requesters:{[t]:{allowCommands:Object.values(Lt).map(s=>s.id),allowAdapters:["file","shell"],filesystem:{roots:[e],denyPatterns:[]},exec:{allowCmds:o.allowCommands||[],denyCmds:o.denyCommands||[]},rateLimit:{windowSec:60,maxRequests:o.maxRequests||60}}},security:{maxClockSkewSec:600,defaultRateLimit:{windowSec:60,maxRequests:60}},_keyWindow:{notBefore:n.toISOString(),expiresAt:r.toISOString()}}}function Rt(e){let t=N.resolve(e),o=[];for(;!J.existsSync(t);){let n=N.dirname(t);if(n===t)break;o.unshift(N.basename(t)),t=n}try{t=J.realpathSync(t)}catch{}return N.join(t,...o)}function Re(e,t){let o=Rt(e),n=Rt(t);return o===n||o.startsWith(n+N.sep)}function on(e,t){if(typeof e!="string")return null;for(let o of tn)if(o.test(e))return T("PAYLOAD_CONTENT_REJECTED",`Forbidden pattern in ${t}: ${o}`);return null}function nn(e,t,o={}){if(!t||typeof t!="object")return{error:T("REQUEST_INVALID","request must be an object")};let n=Lt[t.intent];if(!n)return{error:T("INTENT_UNSUPPORTED",`Unsupported intent '${t.intent}'`)};let r=typeof t.actor=="string"&&t.actor?t.actor:"agent:local",s=null;if(n.adapter==="file"){if(typeof t.target!="string"||!t.target)return{error:T("TARGET_REQUIRED","target is required for file intents")};if(s=N.resolve(e,t.target),!Re(s,e))return{error:T("PATH_OUTSIDE_ROOT","target is outside project root")};if(["write_file","patch_file"].includes(t.intent)&&typeof t.content!="string")return{error:T("CONTENT_REQUIRED","content is required for write and patch")};let a=on(t.content,"content");if(a)return{error:a}}let i=null;if(n.adapter==="shell"){if(i=t.command,!i||typeof i.cmd!="string"||!Array.isArray(i.args)||i.args.some(c=>typeof c!="string"))return{error:T("COMMAND_INVALID","command requires cmd and string args")};let a=N.resolve(e,i.cwd||".");if(!Re(a,e))return{error:T("CWD_OUTSIDE_ROOT","command cwd is outside project root")};if(!Array.isArray(o.allowCommands)||!o.allowCommands.includes(i.cmd))return{error:T("SHELL_NOT_ALLOWLISTED",`command '${i.cmd}' is not explicitly allowlisted`)};if(o.denyCommands?.includes(i.cmd))return{error:T("SHELL_DENIED",`command '${i.cmd}' is denied`)};i={...i,cwd:a,timeoutMs:Math.min(Math.max(i.timeoutMs||3e4,1),3e4),maxOutputBytes:Math.min(Math.max(i.maxOutputBytes||1024*1024,1024),1024*1024)}}return{actor:r,detail:n,target:s,command:i,request:t}}function rn(e,t,o){let{actor:n,detail:r,target:s,command:i,request:a}=e,c={id:r.id,risk:Ne.has(a.intent)?"MEDIUM":"LOW",commandId:Nt.randomUUID(),requesterId:n,sessionId:"local-host",timestamp:Math.floor(Date.now()/1e3),nonce:Nt.randomBytes(32).toString("hex"),requires:["policy","signature"],payload:{adapter:r.adapter,action:r.action,target:s,content:a.content,cmd:i?.cmd,args:i?.args,timeoutMs:i?.timeoutMs,maxOutputBytes:i?.maxOutputBytes,cwd:i?.cwd||(s?N.dirname(s):process.cwd())}},l=re({payloadObj:c,secretKeyB64:o});if(l.error)throw new Error(l.error);return{...c,signature:{alg:"ed25519",keyId:t,sig:l.signature}}}function sn(e={}){let t=N.resolve(e.rootDir||process.cwd()),o=e.keyId||"host:local-exec",n=e.keyPair||ne(),r=e.shell||{};function s(u,{recordNonce:d=!1}={}){let g=nn(t,u,r);if(g.error)return g;let I=G(t,e.mode||"enforce"),b=be(I.policy,t,{target:g.target,command:g.command?.cmd});if(I.policy.mode==="enforce"&&!b.allowed)return{error:T("LOCAL_POLICY_DENY",`Blocked by rule(s): ${b.winningRules.map(K=>K.id).join(", ")}`),local:I,localDecision:b,normalized:g};let O=en(t,g.actor,r),w={defaultKeyId:o,trustedKeys:{[o]:{publicKey:n.publicKey,notBefore:O._keyWindow.notBefore,expiresAt:O._keyWindow.expiresAt,deprecated:!1}}};delete O._keyWindow;let x=rn(g,o,n.secretKey),_=mt({commandObj:x,keyStore:w,nonceDb:d?{entries:[]}:{entries:[]},policy:O});return _.valid?{local:I,localDecision:b,normalized:g,proposal:x,policy:O,validation:_}:{error:T(_.errors[0]?.type||"VALIDATION_FAILED",_.errors[0]?.message||"Validation failed"),local:I,localDecision:b,normalized:g,proposal:x,policy:O,validation:_}}function i(u){let d=G(t,e.mode||"observe"),g=d.policy.mode,I=null,b=null;if(u.path)try{if(I=N.resolve(t,u.path),!Re(I,t))return{decision:"deny",deny:!0,matchedRules:["path:outside_root"],mode:g,enforced:g==="enforce",reason:"PATH_OUTSIDE_ROOT"}}catch{}u.cmd&&(b=u.cmd);let $=be(d.policy,t,{target:I,command:b}),O=!$.allowed;return{decision:O?"deny":"allow",deny:O,matchedRules:$.winningRules.map(w=>w.id),mode:g,enforced:g==="enforce"}}function a(u){let d=N.join(t,".lbe","events.jsonl"),g=N.dirname(d);J.existsSync(g)||J.mkdirSync(g,{recursive:!0});let I=JSON.stringify({ts:Math.floor(Date.now()/1e3),...u})+`
+`,b=J.openSync(d,"a");try{J.writeSync(b,I)}finally{J.closeSync(b)}}async function c(u){let d=s(u);return d.error?{...d.error,dryRun:!0}:{ok:!0,decision:d.local.policy.mode==="observe"?"observe":"allow",executed:!1,dryRun:!0,matchedRules:d.localDecision.winningRules.map(g=>g.id),rollback:{available:Ne.has(d.normalized.request.intent),performed:!1}}}async function l(u){let d=s(u,{recordNonce:!0});if(d.error)return He(t,{action:u?.intent,actor:u?.actor||"agent:local",decision:"deny",error:d.error.error.code}),d.error;if(d.local.policy.mode==="observe")return ee(N.join(t,".lbe/audit.jsonl"),{kind:"local_execution",commandId:d.proposal.commandId,requesterId:d.normalized.actor,intent:d.normalized.request.intent,decision:"observe",status:"observed"}),{ok:!0,decision:"observe",executed:!1,dryRun:!1,matchedRules:d.localDecision.winningRules.map(O=>O.id),rollback:{available:!1,performed:!1}};let g=d.policy.requesters[d.normalized.actor],I=await At(d.normalized.detail.adapter,d.proposal,d.policy,g),b=I.status==="completed",$=ee(N.join(t,".lbe/audit.jsonl"),{kind:"local_execution",commandId:d.proposal.commandId,requesterId:d.normalized.actor,intent:d.normalized.request.intent,decision:b?"allow":"deny",status:I.status});return{ok:b,decision:b?"allow":"deny",executed:b,dryRun:!1,matchedRules:d.localDecision.winningRules.map(O=>O.id),auditId:$.hash,rollback:{available:Ne.has(d.normalized.request.intent),performed:!1,backupId:I.backup?.hash},...b?{}:{error:{code:I.errorCode||"EXECUTION_FAILED",message:I.error||"Execution failed",recoverable:!0}}}}return{rootDir:t,writeFile:(u,d)=>l({intent:"write_file",target:u,content:d}),readFile:u=>l({intent:"read_file",target:u}),patchFile:(u,d)=>l({intent:"patch_file",target:u,content:d}),deleteFile:u=>l({intent:"delete_file",target:u}),runShell:(u,d=[],g={})=>l({intent:"run_shell",command:{cmd:u,args:d,...g}}),validate:async u=>({...await c(u),dryRun:!1,executed:!1}),dryRun:c,execute:l,policy:{read:()=>G(t,e.mode||"enforce").policy,proposeRule:Ge,addRule:u=>We(t,u,e.mode||"enforce")},audit:{verify:()=>Be(N.join(t,".lbe/audit.jsonl"))},evaluateSync:i,auditSync:a}}var Lt,Ne,tn,Tt=L(()=>{Z();yt();Ot();ke();ve();Lt={read_file:{id:"READ_FILE",adapter:"file",action:"read"},write_file:{id:"WRITE_FILE",adapter:"file",action:"write"},patch_file:{id:"PATCH_FILE",adapter:"file",action:"patch"},delete_file:{id:"DELETE_FILE",adapter:"file",action:"delete"},run_shell:{id:"RUN_SHELL",adapter:"shell",action:"run"}},Ne=new Set(["write_file","patch_file","delete_file"]);tn=[/\beval\s*\(/i,/\bFunction\s*\(/i,/\bexec\s*\(/i,/\brequire\s*\(/,/\bimport\s*\(/,/\bchild_process\b/,/\b__proto__\b/,/\bconstructor\s*\[/,/evalScript/i]});import E from"fs";import A from"path";import{spawn as de}from"child_process";import{fileURLToPath as an}from"url";Z();import S from"fs";import v from"path";import no from"readline";Z();import bn from"fs";import xn from"path";import gn from"fs";import Sn from"path";function De({policyObj:e,secretKeyB64:t,keyId:o}){let n=re({payloadObj:e,secretKeyB64:t});return n.error?{ok:!1,reason:"POLICY_SIGNATURE_CREATE_FAILED",message:n.error,envelope:null}:{ok:!0,reason:null,message:"Policy signature created",envelope:{alg:"ed25519",keyId:o,sig:n.signature,createdAt:Math.floor(Date.now()/1e3)}}}import ye from"fs";import C from"path";var Kt=[{file:"package.json",type:"node"},{file:"pyproject.toml",type:"python"},{file:"requirements.txt",type:"python"},{file:"go.mod",type:"go"},{file:"Cargo.toml",type:"rust"},{file:"pom.xml",type:"java"},{file:"build.gradle",type:"java"},{file:"build.gradle.kts",type:"java"},{file:"Dockerfile",type:"docker"},{file:"docker-compose.yml",type:"docker"},{dir:".github/workflows",type:"ci"},{file:".gitlab-ci.yml",type:"ci"},{dir:".circleci",type:"ci"},{file:"Jenkinsfile",type:"ci"},{file:".travis.yml",type:"ci"}],ge=["node","python","go","rust","java"],qt={source:["src","lib","app","pages","components","core","api","server","client","pkg","cmd"],generated:["dist","build",".next","out","coverage","target",".cache","__pycache__",".turbo"],tests:["test","tests","__tests__","spec","e2e"],docs:["docs","doc","documentation"]},Pe=[".env",".env.*","keys/**","secrets/**","*.key","*.pem","*.p12","*.pfx","*.crt"],Mt=["node_modules/**",".git/**"],Vt={node:["package-lock.json","yarn.lock","pnpm-lock.yaml"],python:["Pipfile.lock","poetry.lock"],go:["go.sum"],rust:["Cargo.lock"],java:["gradle/wrapper/**"],docker:[],ci:[],generic:[]},Te={node:["package.json","tsconfig*.json","jest.config.*","vite.config.*","next.config.*","webpack.config.*",".eslintrc*",".eslint.config.*",".prettierrc*","babel.config.*"],python:["pyproject.toml","setup.py","setup.cfg","tox.ini","pytest.ini","mypy.ini",".flake8",".pylintrc","Pipfile"],go:["go.mod",".golangci.yml",".golangci.yaml"],rust:["Cargo.toml","rust-toolchain.toml","clippy.toml",".rustfmt.toml"],java:["pom.xml","build.gradle","build.gradle.kts","gradle.properties","settings.gradle","settings.gradle.kts"],docker:["Dockerfile","docker-compose.yml",".dockerignore"],ci:[".gitlab-ci.yml","Jenkinsfile",".travis.yml"],generic:["Makefile","CMakeLists.txt","meson.build"]},Bt=[".editorconfig",".nvmrc",".node-version",".python-version"],Yt=["config",".github",".gitlab",".circleci",".vscode"],Ut={node:"dependency and build config",python:"package and environment config",go:"module definition",rust:"crate manifest",java:"build definition",docker:"container config",ci:"pipeline definition",generic:"project config"},Wt={node:"package manager",python:"dependency resolver",go:"module checksums",rust:"dependency resolver",java:"Gradle wrapper"},Gt=["composer.json","Gemfile","mix.exs","pubspec.yaml","Package.swift","project.clj","build.sbt","stack.yaml","deno.json","deno.jsonc","Podfile"],Ht=["composer.lock","Gemfile.lock","mix.lock","pubspec.lock","Package.resolved"],Jt=[".csproj",".fsproj",".sln",".cabal"];function F(e){return ye.existsSync(e)}function Ce(e,t){return t.filter(o=>F(C.join(e,o))).map(o=>`${o}/**`)}function zt(e){let t=C.join(e,".gitignore");return F(t)?ye.readFileSync(t,"utf8").split(`
+`).map(o=>o.trim()).filter(o=>o&&!o.startsWith("#")&&!o.startsWith("!")).map(o=>o.endsWith("/")?o+"**":o):[]}function U(e){return e.filter((t,o,n)=>t&&n.indexOf(t)===o)}function Xt(e){let t=new Set,o=[];for(let n of Kt){if(t.has(n.type))continue;let r=C.join(e,n.file||n.dir);F(r)&&(t.add(n.type),o.push(n.type))}return o.length>0?o:["generic"]}function Qt(e){return ge.find(t=>e.includes(t))??"generic"}function Zt(e){let t=Gt.filter(n=>F(C.join(e,n))),o=Ht.filter(n=>F(C.join(e,n)));try{let n=ye.readdirSync(e);for(let r of n)Jt.some(s=>r.endsWith(s))&&t.push(r)}catch{}return{manifests:t,lockfiles:o}}function eo(e,t){let o={};for(let[r,s]of Object.entries(qt))o[r]=Ce(e,s);o.secrets=Pe.filter(r=>{let s=r.split("/")[0].replace(/\*.*/,"");return s.includes("*")||F(C.join(e,s))});let n=U(t.flatMap(r=>Te[r]||Te.generic).concat(Bt));if(o.config=U([...n.filter(r=>!r.includes("*")&&!r.endsWith("/**")&&F(C.join(e,r))),...n.filter(r=>r.endsWith("/**")&&F(C.join(e,r.replace("/**","")))),...Ce(e,Yt)]),o.lockfiles=U(t.flatMap(r=>Vt[r]||[]).filter(r=>{let s=r.replace(/\*.*/,"").split("/")[0];return s.includes("*")||F(C.join(e,s))})),!t.some(r=>ge.includes(r))){let r=Zt(e);o.config=U([...o.config,...r.manifests]),o.lockfiles=U([...o.lockfiles,...r.lockfiles])}return o}function to(e,t,o){let n={};if(n.structure="Preserve the existing folder structure. Add new files within established directories. Do not create top-level directories, reorganize, or rename existing folders.",o.source.length>0&&(n.source=`Source code lives in ${o.source.join(", ")}. Make feature changes and bug fixes here only.`),n.secrets=`Never propose changes to credential or key files (${Pe.slice(0,4).join(", ")} \u2026). These are never task targets regardless of the instruction.`,o.generated.length>0&&(n.generated=`${o.generated.join(", ")} contain generated output. Modify the source files that produce them; never write to generated directories directly.`),o.config.length>0){let r=e.filter(c=>ge.includes(c)),s=r.length===1?Ut[r[0]]:"project configuration",i=o.config.slice(0,5).join(", "),a=o.config.length>5?" and related files":"";n.config=`Treat ${i}${a} as ${s} files. Do not modify them unless the task explicitly requires a configuration or dependency change.`}if(o.tests.length>0&&(n.tests=`Test files in ${o.tests.join(", ")} validate behavior. Update them only when the behavior they cover changes.`),o.lockfiles?.length>0){let r=Wt[t]||"tooling",s=o.lockfiles.slice(0,3).join(", ");n.lockfiles=`${s} are generated by the ${r}. Never edit them directly.`}if(t==="generic"){let r=o.config.filter(s=>!s.endsWith("/**"));r.length>0?n.unknown=`This project uses an unrecognized toolchain. Treat ${r.slice(0,3).join(", ")} as dependency/manifest files. Do not modify them unless the task explicitly requires a dependency change.`:n.unknown="This project uses an unrecognized toolchain. Do not assume standard source layouts, dependency files, or build conventions apply. Confirm any structural assumption before acting."}return e.includes("docker")&&(n.docker="Dockerfile and docker-compose.yml define the container environment. Treat them as infrastructure config \u2014 only modify when the task explicitly involves container or environment changes."),e.includes("ci")&&(n.ci="CI config files (.github/**, .gitlab-ci.yml, etc.) define the build and deployment pipeline. Do not modify them unless the task explicitly involves CI/CD changes."),n}function oo(e,t){let o=U([...e.source,...e.docs,...e.tests]),n=[...e.config],r=U([...e.secrets,...e.generated,...e.lockfiles||[],...Mt,...t.filter(s=>s.endsWith("/**")).slice(0,8)]);return{allow:o.length>0?o:["src/**"],approval:n.length>0?n:[],deny:r}}function Fe(e){let t=C.resolve(e||process.cwd()),o=Xt(t),n=Qt(o),r=eo(t,o),s=zt(t),i=to(o,n,r),a=oo(r,s);return{projectTypes:o,primaryType:n,surfaces:r,semantics:i,enforcement:a}}function je(e,t,o){let n=[],r=Array.isArray(e)?e.join(" + "):e;n.push(`Detected: ${r}`),n.push(""),n.push("Agent semantics:");for(let[,s]of Object.entries(t))n.push(`  - ${s}`);return n.push(""),n.push("Enforcement:"),o.allow.length&&n.push(`  allow:    ${o.allow.join(", ")}`),o.approval.length&&n.push(`  approval: ${o.approval.join(", ")}`),o.deny.length&&n.push(`  deny:     ${o.deny.slice(0,6).join(", ")}${o.deny.length>6?" \u2026":""}`),n.join(`
+`)}function ro(e){return process.stdin.isTTY?new Promise(t=>{let o=no.createInterface({input:process.stdin,output:process.stdout});o.question(e,n=>{o.close(),t(n.trim().toLowerCase())})}):Promise.resolve("y")}function so(e){return{...e,deny:[...new Set([...e.deny,...e.approval,"*.json","config/**"])],approval:[]}}function io(e){return{...e,approval:[]}}function ao(e){let t=new Date().toISOString(),o=new Date(Date.now()+4320*60*60*1e3).toISOString(),n="agent:gpt-v1-2026Q1",r="policy-signer-v1-2026Q1",s=v.join(e,".lbe");for(let g of["config","keys","data"])S.mkdirSync(v.join(s,g),{recursive:!0});let i={".lbe/data/nonce.db.json":JSON.stringify({entries:[]},null,2),".lbe/data/rate-limit.db.json":JSON.stringify({entries:[]},null,2),".lbe/data/policy.state.json":JSON.stringify({schemaVersion:"1",lastAccepted:null,updatedAt:null},null,2),".lbe/data/audit.log.jsonl":""};for(let[g,I]of Object.entries(i)){let b=v.join(e,g);S.existsSync(b)||S.writeFileSync(b,I)}let a=v.join(s,"keys"),c=v.join(a,"public.key"),l=v.join(a,"secret.key"),p,f;if(S.existsSync(c)&&S.existsSync(l))p=S.readFileSync(c,"utf8").trim(),f=S.readFileSync(l,"utf8").trim();else{let g=ne();p=g.publicKey,f=g.secretKey,S.writeFileSync(c,p),S.writeFileSync(l,f,{mode:384})}let m=v.join(s,"config/keys.json"),y=S.existsSync(m)?JSON.parse(S.readFileSync(m,"utf8")):{schemaVersion:"1",defaultKeyId:n,trustedKeys:{}};for(let g of[n,r])y.trustedKeys[g]||(y.trustedKeys[g]={publicKey:p,notBefore:t,expiresAt:o,validFrom:t,validUntil:o,deprecated:!1});y.defaultKeyId=n,S.writeFileSync(m,JSON.stringify(y,null,2));let h=v.join(s,"config/policy.default.json"),u;S.existsSync(h)?u=JSON.parse(S.readFileSync(h,"utf8")):(u={default:"DENY",version:"1.0.0",createdAt:t,security:{maxClockSkewSec:600,maxPolicyCreatedAtSkewSec:31536e3,defaultRateLimit:{windowSec:60,maxRequests:30}},requesters:{"agent:gpt":{allowAdapters:["noop","shell"],allowCommands:["RUN_SHELL"],rateLimit:{windowSec:60,maxRequests:30},filesystem:{roots:[e],denyPatterns:["**/.git/**","**/secrets/**","**/*.key"]},exec:{allowCmds:["ls","node","python","echo"],denyCmds:["rm","chmod","chown","curl","wget","su","sudo"]}}}},S.writeFileSync(h,JSON.stringify(u,null,2)));let d=De({policyObj:u,secretKeyB64:f,keyId:r});return d.ok&&S.writeFileSync(v.join(s,"config/policy.sig.json"),JSON.stringify(d.envelope,null,2)),{defaultKeyId:n,secretKeyB64:f,publicKeyB64:p}}function co(){return`# LBE Governance Contract
 
 This project has LetterBlack LBE (Local-first execution Governance) active.
 
@@ -2404,489 +61,28 @@ const proposal = lbe.policy.proposeRule({
 - Policy: \`.lbe/policy.json\`
 - Audit:  \`.lbe/audit.jsonl\`
 - Status: \`npx lbe-exec status\`
-`;
-}
-function writeAgentContract(cwd) {
-  const lbeDir = path4.join(cwd, ".lbe");
-  fs4.mkdirSync(lbeDir, { recursive: true });
-  fs4.writeFileSync(path4.join(lbeDir, "AGENT_CONTRACT.md"), agentContractContent());
-}
-function migrateLegacyRootFiles(cwd) {
-  const lbeDir = path4.join(cwd, ".lbe");
-  fs4.mkdirSync(lbeDir, { recursive: true });
-  const migrations = [
-    ["lbe.policy.json", ".lbe/policy.json"],
-    ["lbe.workspace.json", ".lbe/workspace.json"]
-  ];
-  const removed = [];
-  for (const [src, dest] of migrations) {
-    const srcPath = path4.join(cwd, src);
-    const destPath = path4.join(cwd, dest);
-    if (fs4.existsSync(srcPath) && !fs4.existsSync(destPath)) {
-      fs4.renameSync(srcPath, destPath);
-      removed.push(src + " \u2192 " + dest);
-    } else if (fs4.existsSync(srcPath)) {
-      fs4.unlinkSync(srcPath);
-      removed.push(src + " (removed \u2014 .lbe/ version exists)");
-    }
-  }
-  const toDelete = ["CLAUDE.md", path4.join(".github", "copilot-instructions.md")];
-  for (const rel of toDelete) {
-    const p = path4.join(cwd, rel);
-    if (fs4.existsSync(p)) {
-      const content = fs4.readFileSync(p, "utf8");
-      if (content.includes("lbe-governance") || content.includes("LetterBlack LBE")) {
-        fs4.unlinkSync(p);
-        removed.push(rel + " (removed \u2014 LBE-generated file)");
-      }
-    }
-  }
-  return removed;
-}
-async function initCommand(opts2 = {}) {
-  const cwd = process.cwd();
-  const yes = opts2.yes || opts2.y || !process.stdin.isTTY;
-  const lbeDir = path4.join(cwd, ".lbe");
-  fs4.mkdirSync(lbeDir, { recursive: true });
-  const outPath = path4.join(lbeDir, "workspace.json");
-  console.log("\nScanning workspace...\n");
-  const { projectTypes, primaryType: primaryType2, semantics, enforcement } = scanWorkspace(cwd);
-  console.log(formatSummary(projectTypes, semantics, enforcement));
-  console.log("");
-  let finalEnforcement = enforcement;
-  if (!yes) {
-    const answer = await ask("Accept? [Y = accept / s = strict / r = relaxed / n = cancel] ");
-    if (answer === "n") {
-      console.log("Cancelled.");
-      return { success: false };
-    }
-    if (answer === "s") finalEnforcement = applyStrict(enforcement);
-    if (answer === "r") finalEnforcement = applyRelaxed(enforcement);
-  }
-  const contract = {
-    lbe: true,
-    version: "0.4.0",
-    state: "local",
-    projectTypes,
-    primaryType: primaryType2,
-    semantics,
-    enforcement: finalEnforcement
-  };
-  fs4.writeFileSync(outPath, JSON.stringify(contract, null, 2));
-  console.log("\u2713 Wrote .lbe/workspace.json");
-  setupCrypto(cwd);
-  const localPolicyPath = path4.join(lbeDir, "policy.json");
-  if (!fs4.existsSync(localPolicyPath)) {
-    fs4.writeFileSync(localPolicyPath, JSON.stringify({ version: 1, mode: "observe", workspace: cwd, rules: [] }, null, 2) + "\n");
-  }
-  const localAuditPath = path4.join(lbeDir, "audit.jsonl");
-  if (!fs4.existsSync(localAuditPath)) fs4.writeFileSync(localAuditPath, "");
-  console.log("\u2713 Keys and policy ready  (.lbe/)");
-  writeAgentContract(cwd);
-  console.log("\u2713 Agent contract written  \u2192  .lbe/AGENT_CONTRACT.md");
-  const migrated = migrateLegacyRootFiles(cwd);
-  if (migrated.length) {
-    console.log("\n\u2713 Migrated legacy files:");
-    for (const m of migrated) console.log("  " + m);
-  }
-  console.log("\nDone. All LBE state is in .lbe/");
-  console.log("Run  npx lbe-exec status  to verify.\n");
-  return { success: true, contract };
-}
-
-// src/cli/commands/policyMode.js
-init_localPolicy();
-async function policyModeCommand(mode, opts2 = {}) {
-  const loaded = loadLocalPolicy(opts2.root || process.cwd(), mode);
-  writeLocalPolicy(loaded.root, { ...loaded.policy, mode });
-  console.log(JSON.stringify({ mode, policy: loaded.policyPath }, null, 2));
-}
-
-// exec/cli.js
-var [, , cmd, ...rest] = process.argv;
-var opts = Object.fromEntries(
-  rest.flatMap((v, i, a) => v.startsWith("--") ? [[v.slice(2), a[i + 1] ?? true]] : [])
-);
-var positional = rest.filter((v) => !v.startsWith("--") && rest[rest.indexOf(v) - 1]?.startsWith("--") === false);
-var __dir = path15.dirname(fileURLToPath2(import.meta.url));
-function loadPolicy() {
-  const cwd = process.cwd();
-  const p = fs14.existsSync(path15.join(cwd, ".lbe", "policy.json")) ? path15.join(cwd, ".lbe", "policy.json") : path15.join(cwd, "lbe.policy.json");
-  return fs14.existsSync(p) ? JSON.parse(fs14.readFileSync(p, "utf8")) : null;
-}
-function findHookPath() {
-  const candidates = [
-    path15.resolve(__dir, "../hooks/register.cjs"),
-    // npm: dist/ → ../hooks/
-    path15.resolve(__dir, "../src/hooks/register.cjs")
-    // dev: exec/ → ../src/hooks/
-  ];
-  return candidates.find((p) => fs14.existsSync(p)) || candidates[0];
-}
-function detectNodeScripts(scripts) {
-  const pattern = /(?:^|\s)node\s+(\S+)/;
-  return Object.entries(scripts || {}).filter(([name, cmd2]) => {
-    if (name.includes(":lbe") || name.startsWith("lbe")) return false;
-    return pattern.test(cmd2);
-  });
-}
-function extractNodeArgs(cmd2) {
-  const match = cmd2.match(/(?:^|\s)node\s+(.+)/);
-  return match ? match[1].trim() : null;
-}
-function injectScripts(wrapScript) {
-  const pkgPath = path15.join(process.cwd(), "package.json");
-  if (!fs14.existsSync(pkgPath)) return [];
-  const pkg = JSON.parse(fs14.readFileSync(pkgPath, "utf8"));
-  const scripts = pkg.scripts || {};
-  const added = [];
-  if (wrapScript) {
-    const original = scripts[wrapScript];
-    if (!original) {
-      console.error(`No script named "${wrapScript}" found.`);
-      return [];
-    }
-    const args = extractNodeArgs(original);
-    if (!args) {
-      console.error(`Script "${wrapScript}" does not look like a node script.`);
-      return [];
-    }
-    scripts[wrapScript] = `lbe-exec run-node --mode observe ${args}`;
-    added.push(wrapScript);
-  } else {
-    const candidates = detectNodeScripts(scripts);
-    for (const [name, scriptCmd] of candidates) {
-      const args = extractNodeArgs(scriptCmd);
-      if (!args) continue;
-      const lbeName = name + ":lbe";
-      const lbeEnforceName = name + ":lbe:enforce";
-      if (!scripts[lbeName]) {
-        scripts[lbeName] = `lbe-exec run-node --mode observe ${args}`;
-        added.push(lbeName);
-      }
-      if (!scripts[lbeEnforceName]) {
-        scripts[lbeEnforceName] = `lbe-exec run-node --mode enforce ${args}`;
-        added.push(lbeEnforceName);
-      }
-    }
-  }
-  if (!scripts["lbe:status"]) {
-    scripts["lbe:status"] = "lbe-exec status";
-    added.push("lbe:status");
-  }
-  if (!scripts["lbe:audit"]) {
-    scripts["lbe:audit"] = "lbe-exec audit";
-    added.push("lbe:audit");
-  }
-  if (added.length) {
-    pkg.scripts = scripts;
-    fs14.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + "\n");
-    for (const s of added) console.log(`  added: ${s}`);
-  }
-  return added;
-}
-switch (cmd) {
-  case "run-node": {
-    const mode = opts.mode || "observe";
-    if (!["observe", "enforce"].includes(mode)) {
-      console.error("--mode must be observe or enforce");
-      process.exit(1);
-    }
-    const scriptIdx = rest.findIndex((v, i) => !v.startsWith("--") && (i === 0 || !rest[i - 1].startsWith("--")));
-    if (scriptIdx === -1) {
-      console.error("Usage: lbe-exec run-node [--mode observe|enforce] <script> [...args]");
-      process.exit(1);
-    }
-    const scriptAndArgs = rest.slice(scriptIdx);
-    const hookPath = findHookPath();
-    if (!fs14.existsSync(hookPath)) {
-      console.error("Hook not found: " + hookPath + "\nRun: npm install @letterblack/lbe-exec");
-      process.exit(1);
-    }
-    const child = spawn(process.execPath, ["--require", hookPath, ...scriptAndArgs], {
-      stdio: "inherit",
-      env: { ...process.env, LBE_MODE: mode, LBE_ROOT: process.cwd() }
-    });
-    child.on("close", (code) => process.exit(code ?? 0));
-    break;
-  }
-  case "npm": {
-    console.error('[lbe] Note: Use "lbe-exec run-node" for reliable hook preload.');
-    console.error("[lbe] NODE_OPTIONS --require may not fire for all npm lifecycle hooks.\n");
-    const hookPath = findHookPath();
-    if (!fs14.existsSync(hookPath)) {
-      console.error("Hook not found: " + hookPath);
-      process.exit(1);
-    }
-    const existing = process.env.NODE_OPTIONS || "";
-    const hookPathFwd = hookPath.replace(/\\/g, "/");
-    const hookFlag = '--require "' + hookPathFwd + '"';
-    const nodeOptions = existing.includes(hookPathFwd) ? existing : (existing + " " + hookFlag).trim();
-    const npmArgs = rest.filter((v) => !v.startsWith("--mode") && v !== opts.mode);
-    const child = spawn("npm", npmArgs, {
-      stdio: "inherit",
-      shell: true,
-      env: { ...process.env, NODE_OPTIONS: nodeOptions, LBE_MODE: opts.mode || "observe", LBE_ROOT: process.cwd() }
-    });
-    child.on("close", (code) => process.exit(code ?? 0));
-    break;
-  }
-  case "status": {
-    const root = process.cwd();
-    console.log("\u2500\u2500 LBE Status \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
-    console.log("workspace:   " + root);
-    const hookPath = findHookPath();
-    console.log("hook file:   " + hookPath + (fs14.existsSync(hookPath) ? " (found)" : " (MISSING)"));
-    const lbeRoot = process.env.LBE_ROOT || "";
-    console.log("LBE_ROOT:    " + (lbeRoot || "(not set)"));
-    const nodeOpts = process.env.NODE_OPTIONS || "";
-    const hookInPath = nodeOpts.includes("register.cjs");
-    console.log("NODE_OPTIONS contains hook: " + (hookInPath ? "yes" : "no"));
-    const eventsFile = path15.join(root, ".lbe", "events.jsonl");
-    const auditExists = fs14.existsSync(eventsFile);
-    console.log("audit log:   " + (auditExists ? eventsFile : "(none yet)"));
-    if (auditExists) {
-      try {
-        const lines = fs14.readFileSync(eventsFile, "utf8").split("\n").filter((l) => l.trim());
-        if (lines.length) {
-          const last = JSON.parse(lines[lines.length - 1]);
-          const ts = new Date((last.ts || 0) * 1e3).toISOString().replace("T", " ").slice(0, 19);
-          const target = last.path || last.cmd || "?";
-          console.log("last event:  " + ts + "  " + last.action + "  " + target + "  \u2192 " + (last.decision || "?"));
-        } else {
-          console.log("last event:  (none)");
-        }
-      } catch (_) {
-        console.log("last event:  (unreadable)");
-      }
-    }
-    const statusFile = path15.join(root, ".lbe", "runtime", "hook-status.json");
-    if (fs14.existsSync(statusFile)) {
-      let h;
-      try {
-        h = JSON.parse(fs14.readFileSync(statusFile, "utf8"));
-      } catch (_) {
-      }
-      if (h) {
-        let pidAlive = false;
-        try {
-          process.kill(h.pid, 0);
-          pidAlive = true;
-        } catch (_) {
-        }
-        console.log("\nhook process: " + (pidAlive ? "ACTIVE" : "stale (process exited)"));
-        console.log("hook pid:     " + h.pid + (pidAlive ? " (alive)" : " (gone)"));
-        console.log("hook mode:    " + h.mode);
-        console.log("hook started: " + h.started_at);
-        if (h.patched) {
-          console.log("\nPatched functions:");
-          for (const [fn, active] of Object.entries(h.patched)) {
-            console.log("  " + (active ? "\u2713" : "\u2013") + " " + fn);
-          }
-        }
-      }
-    } else {
-      console.log("\nhook process: inactive \u2014 run: lbe-exec run-node ./agent.js");
-      console.log("              or: lbe-exec activate  then  lbe-exec shell");
-    }
-    break;
-  }
-  case "audit": {
-    const eventsPath = path15.join(process.cwd(), ".lbe", "events.jsonl");
-    if (!fs14.existsSync(eventsPath)) {
-      console.log("No events log found. Run an agent with: npx lbe-exec run-node ./agent.js");
-      break;
-    }
-    const lines = fs14.readFileSync(eventsPath, "utf8").split("\n").filter((l) => l.trim());
-    if (!lines.length) {
-      console.log("No events recorded yet.");
-      break;
-    }
-    console.log("\u2500\u2500 LBE Event Log (" + lines.length + " entries) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
-    for (const line of lines) {
-      try {
-        const e = JSON.parse(line);
-        const ts = new Date(e.ts * 1e3).toISOString().replace("T", " ").slice(0, 19);
-        const target = e.path || e.cmd || "?";
-        const status = e.enforced && e.decision === "deny" ? "BLOCKED" : e.decision === "deny" ? "WOULD-BLOCK" : "allowed";
-        console.log(`${ts}  [${e.mode}] ${e.action}  ${target}  \u2192 ${status}`);
-      } catch (_) {
-      }
-    }
-    break;
-  }
-  case "init":
-    initCommand(opts).then(() => {
-      const added = injectScripts(opts.wrap || null);
-      if (added.length) {
-        console.log("\n\u2713 Added LBE script variants to package.json");
-        console.log("  Run your agent through LBE:  npm run <name>:lbe");
-      } else {
-        console.log("\nNo node agent scripts detected in package.json.");
-        console.log("Use: npx lbe-exec run-node [--mode observe|enforce] ./your-agent.js");
-      }
-    }).catch((e) => {
-      console.error(e.message);
-      process.exit(1);
-    });
-    break;
-  case "activate": {
-    const hookPath = findHookPath();
-    if (!fs14.existsSync(hookPath)) {
-      console.error("Hook not found: " + hookPath);
-      console.error("Run: npm install @letterblack/lbe-exec");
-      process.exit(1);
-    }
-    const mode = opts.mode || "observe";
-    const root = process.cwd();
-    const lbeDir = path15.join(root, ".lbe");
-    fs14.mkdirSync(lbeDir, { recursive: true });
-    fs14.writeFileSync(path15.join(lbeDir, "activation.json"), JSON.stringify({
-      activated: true,
-      activatedAt: (/* @__PURE__ */ new Date()).toISOString(),
-      hookPath,
-      mode,
-      root
-    }, null, 2) + "\n");
-    console.log("\u2500\u2500 LBE workspace activated \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
-    console.log("workspace: " + root);
-    console.log("hook:      " + hookPath);
-    console.log("mode:      " + mode);
-    console.log("\nNext: open a governed shell session:");
-    console.log("  lbe-exec shell");
-    console.log("\nAny Node.js agent run inside that shell is intercepted.");
-    console.log("Python, Go, native binaries, and PowerShell are NOT governed.");
-    break;
-  }
-  case "shell": {
-    const activationFile = path15.join(process.cwd(), ".lbe", "activation.json");
-    let activation = null;
-    if (fs14.existsSync(activationFile)) {
-      try {
-        activation = JSON.parse(fs14.readFileSync(activationFile, "utf8"));
-      } catch (_) {
-      }
-    }
-    const hookPath = activation && activation.hookPath || findHookPath();
-    if (!fs14.existsSync(hookPath)) {
-      console.error("Hook not found. Run: lbe-exec activate");
-      process.exit(1);
-    }
-    const mode = opts.mode || activation && activation.mode || "observe";
-    const root = activation && activation.root || process.cwd();
-    const hookPathFwd = hookPath.replace(/\\/g, "/");
-    const nodeOpts = '--require "' + hookPathFwd + '"';
-    const shellEnv = { ...process.env, NODE_OPTIONS: nodeOpts, LBE_ROOT: root, LBE_MODE: mode };
-    console.log("[lbe] Opening governed shell \u2014 mode: " + mode);
-    console.log("[lbe] NODE_OPTIONS set. Node.js agents are intercepted.");
-    console.log("[lbe] Python / Go / native binaries are NOT governed.");
-    console.log('[lbe] Type "exit" to close.\n');
-    let shellProc;
-    if (process.platform === "win32") {
-      const banner = [
-        `$env:NODE_OPTIONS='--require "${hookPathFwd}"'`,
-        `$env:LBE_ROOT='${root}'`,
-        `$env:LBE_MODE='${mode}'`,
-        `Write-Host '[lbe] Shell armed \u2014 mode: ${mode}' -ForegroundColor Green`
-      ].join("; ");
-      shellProc = spawn(
-        "powershell.exe",
-        ["-NoExit", "-Command", banner],
-        { stdio: "inherit", env: shellEnv }
-      );
-    } else {
-      const sh = process.env.SHELL || "/bin/bash";
-      shellProc = spawn(sh, [], { stdio: "inherit", env: shellEnv });
-    }
-    shellProc.on("close", (code) => {
-      console.log("\n[lbe] Governed shell closed.");
-      process.exit(code ?? 0);
-    });
-    break;
-  }
-  case "deactivate": {
-    const root = process.cwd();
-    const files = [
-      path15.join(root, ".lbe", "activation.json"),
-      path15.join(root, ".lbe", "runtime", "hook-status.json")
-    ];
-    let removed = 0;
-    for (const f of files) {
-      if (fs14.existsSync(f)) {
-        fs14.unlinkSync(f);
-        removed++;
-      }
-    }
-    if (removed) {
-      console.log("\u2713 LBE deactivated \u2014 workspace activation files removed.");
-    } else {
-      console.log("Nothing to deactivate (workspace was not activated).");
-    }
-    console.log('Close any open "lbe-exec shell" sessions to fully disarm.');
-    break;
-  }
-  case "observe":
-  case "enforce":
-    policyModeCommand(cmd, opts).catch((e) => {
-      console.error(e.message);
-      process.exit(1);
-    });
-    break;
-  case "policy": {
-    const policy = loadPolicy();
-    if (!policy) {
-      console.log("No policy found. Run: npx lbe-exec init");
-      break;
-    }
-    if (!policy.rules?.length) {
-      console.log("No rules defined.");
-      break;
-    }
-    for (const r of policy.rules) {
-      console.log(`[${r.effect.toUpperCase()}] ${r.type}:${r.pattern}  \u2014 ${r.from || ""}  (${r.id || "?"})`);
-    }
-    break;
-  }
-  case "execute": {
-    Promise.resolve().then(() => (init_localExecutor(), localExecutor_exports)).then(async ({ createLocalExecutor: createLocalExecutor2 }) => {
-      const lbe = createLocalExecutor2({ rootDir: process.cwd() });
-      let raw = "";
-      if (opts.input) {
-        raw = fs14.readFileSync(path15.resolve(opts.input), "utf8");
-      } else {
-        for await (const chunk of process.stdin) raw += chunk;
-      }
-      const request = JSON.parse(raw);
-      const result = await lbe.execute(request);
-      console.log(JSON.stringify(result, null, 2));
-      process.exit(result.ok ? 0 : result.decision === "deny" ? 1 : 2);
-    }).catch((e) => {
-      console.error(e.message);
-      process.exit(2);
-    });
-    break;
-  }
-  default:
-    console.log("Usage: lbe-exec <command>\n");
-    console.log("  init                Bootstrap governance \u2014 policy, keys, agent files");
-    console.log("  run-node            Run a Node.js agent under LBE governance");
-    console.log("    [--mode observe|enforce] <script> [...args]");
-    console.log("  npm                 Wrap npm command with LBE hook (via NODE_OPTIONS)");
-    console.log("    [...npm-args]");
-    console.log("  status              Show workspace, mode, hook state, patched functions");
-    console.log("  audit               Show unified event log (.lbe/events.jsonl)");
-    console.log("  policy              List active policy rules");
-    console.log("  activate            Write workspace activation record (Node.js only)");
-    console.log("    [--mode observe|enforce]");
-    console.log("  shell               Open a governed terminal (NODE_OPTIONS pre-set)");
-    console.log("    [--mode observe|enforce]");
-    console.log("  deactivate          Remove workspace activation files");
-    console.log("  observe             Switch to observer mode (log only, nothing blocked)");
-    console.log("  enforce             Switch to enforcement mode (violations blocked)");
-    console.log("  execute             Send a JSON request from stdin or --input file");
-    console.log("\nCLI: npx lbe-exec <command>");
-    if (cmd && cmd !== "--help" && cmd !== "help") {
-      console.error("\nUnknown command: " + cmd);
-      process.exit(1);
-    }
-}
+`}function lo(e){let t=v.join(e,".lbe");S.mkdirSync(t,{recursive:!0}),S.writeFileSync(v.join(t,"AGENT_CONTRACT.md"),co())}function uo(e){let t=v.join(e,".lbe");S.mkdirSync(t,{recursive:!0});let o=[["lbe.policy.json",".lbe/policy.json"],["lbe.workspace.json",".lbe/workspace.json"]],n=[];for(let[s,i]of o){let a=v.join(e,s),c=v.join(e,i);S.existsSync(a)&&!S.existsSync(c)?(S.renameSync(a,c),n.push(s+" \u2192 "+i)):S.existsSync(a)&&(S.unlinkSync(a),n.push(s+" (removed \u2014 .lbe/ version exists)"))}let r=["CLAUDE.md",v.join(".github","copilot-instructions.md")];for(let s of r){let i=v.join(e,s);if(S.existsSync(i)){let a=S.readFileSync(i,"utf8");(a.includes("lbe-governance")||a.includes("LetterBlack LBE"))&&(S.unlinkSync(i),n.push(s+" (removed \u2014 LBE-generated file)"))}}return n}async function $e(e={}){let t=process.cwd(),o=e.yes||e.y||!process.stdin.isTTY,n=v.join(t,".lbe");S.mkdirSync(n,{recursive:!0});let r=v.join(n,"workspace.json");console.log(`
+Scanning workspace...
+`);let{projectTypes:s,primaryType:i,semantics:a,enforcement:c}=Fe(t);console.log(je(s,a,c)),console.log("");let l=c;if(!o){let h=await ro("Accept? [Y = accept / s = strict / r = relaxed / n = cancel] ");if(h==="n")return console.log("Cancelled."),{success:!1};h==="s"&&(l=so(c)),h==="r"&&(l=io(c))}let p={lbe:!0,version:"0.4.0",state:"local",projectTypes:s,primaryType:i,semantics:a,enforcement:l};S.writeFileSync(r,JSON.stringify(p,null,2)),console.log("\u2713 Wrote .lbe/workspace.json"),ao(t);let f=v.join(n,"policy.json");S.existsSync(f)||S.writeFileSync(f,JSON.stringify({version:1,mode:"observe",workspace:t,rules:[]},null,2)+`
+`);let m=v.join(n,"audit.jsonl");S.existsSync(m)||S.writeFileSync(m,""),console.log("\u2713 Keys and policy ready  (.lbe/)"),lo(t),console.log("\u2713 Agent contract written  \u2192  .lbe/AGENT_CONTRACT.md");let y=uo(t);if(y.length){console.log(`
+\u2713 Migrated legacy files:`);for(let h of y)console.log("  "+h)}return console.log(`
+Done. All LBE state is in .lbe/`),console.log(`Run  npx lbe-exec status  to verify.
+`),{success:!0,contract:p}}ve();async function Je(e,t={}){let o=G(t.root||process.cwd(),e);Ie(o.root,{...o.policy,mode:e}),console.log(JSON.stringify({mode:e,policy:o.policyPath},null,2))}var[,,Q,...Y]=process.argv,P=Object.fromEntries(Y.flatMap((e,t,o)=>e.startsWith("--")?[[e.slice(2),o[t+1]??!0]]:[])),Jr=Y.filter(e=>!e.startsWith("--")&&Y[Y.indexOf(e)-1]?.startsWith("--")===!1),Ct=A.dirname(an(import.meta.url));function cn(){let e=process.cwd(),t=E.existsSync(A.join(e,".lbe","policy.json"))?A.join(e,".lbe","policy.json"):A.join(e,"lbe.policy.json");return E.existsSync(t)?JSON.parse(E.readFileSync(t,"utf8")):null}function te(){let e=[A.resolve(Ct,"../hooks/register.cjs"),A.resolve(Ct,"../src/hooks/register.cjs")];return e.find(t=>E.existsSync(t))||e[0]}function ln(e){let t=/(?:^|\s)node\s+(\S+)/;return Object.entries(e||{}).filter(([o,n])=>o.includes(":lbe")||o.startsWith("lbe")?!1:t.test(n))}function Pt(e){let t=e.match(/(?:^|\s)node\s+(.+)/);return t?t[1].trim():null}function dn(e){let t=A.join(process.cwd(),"package.json");if(!E.existsSync(t))return[];let o=JSON.parse(E.readFileSync(t,"utf8")),n=o.scripts||{},r=[];if(e){let s=n[e];if(!s)return console.error(`No script named "${e}" found.`),[];let i=Pt(s);if(!i)return console.error(`Script "${e}" does not look like a node script.`),[];n[e]=`lbe-exec run-node --mode observe ${i}`,r.push(e)}else{let s=ln(n);for(let[i,a]of s){let c=Pt(a);if(!c)continue;let l=i+":lbe",p=i+":lbe:enforce";n[l]||(n[l]=`lbe-exec run-node --mode observe ${c}`,r.push(l)),n[p]||(n[p]=`lbe-exec run-node --mode enforce ${c}`,r.push(p))}}if(n["lbe:status"]||(n["lbe:status"]="lbe-exec status",r.push("lbe:status")),n["lbe:audit"]||(n["lbe:audit"]="lbe-exec audit",r.push("lbe:audit")),r.length){o.scripts=n,E.writeFileSync(t,JSON.stringify(o,null,2)+`
+`);for(let s of r)console.log(`  added: ${s}`)}return r}switch(Q){case"run-node":{let e=P.mode||"observe";["observe","enforce"].includes(e)||(console.error("--mode must be observe or enforce"),process.exit(1));let t=Y.findIndex((s,i)=>!s.startsWith("--")&&(i===0||!Y[i-1].startsWith("--")));t===-1&&(console.error("Usage: lbe-exec run-node [--mode observe|enforce] <script> [...args]"),process.exit(1));let o=Y.slice(t),n=te();E.existsSync(n)||(console.error("Hook not found: "+n+`
+Run: npm install @letterblack/lbe-exec`),process.exit(1)),de(process.execPath,["--require",n,...o],{stdio:"inherit",env:{...process.env,LBE_MODE:e,LBE_ROOT:process.cwd()}}).on("close",s=>process.exit(s??0));break}case"npm":{console.error('[lbe] Note: Use "lbe-exec run-node" for reliable hook preload.'),console.error(`[lbe] NODE_OPTIONS --require may not fire for all npm lifecycle hooks.
+`);let e=te();E.existsSync(e)||(console.error("Hook not found: "+e),process.exit(1));let t=process.env.NODE_OPTIONS||"",o=e.replace(/\\/g,"/"),n='--require "'+o+'"',r=t.includes(o)?t:(t+" "+n).trim(),s=Y.filter(a=>!a.startsWith("--mode")&&a!==P.mode);de("npm",s,{stdio:"inherit",shell:!0,env:{...process.env,NODE_OPTIONS:r,LBE_MODE:P.mode||"observe",LBE_ROOT:process.cwd()}}).on("close",a=>process.exit(a??0));break}case"status":{let e=process.cwd();console.log("\u2500\u2500 LBE Status \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"),console.log("workspace:   "+e);let t=te();console.log("hook file:   "+t+(E.existsSync(t)?" (found)":" (MISSING)"));let o=process.env.LBE_ROOT||"";console.log("LBE_ROOT:    "+(o||"(not set)"));let r=(process.env.NODE_OPTIONS||"").includes("register.cjs");console.log("NODE_OPTIONS contains hook: "+(r?"yes":"no"));let s=A.join(e,".lbe","events.jsonl"),i=E.existsSync(s);if(console.log("audit log:   "+(i?s:"(none yet)")),i)try{let c=E.readFileSync(s,"utf8").split(`
+`).filter(l=>l.trim());if(c.length){let l=JSON.parse(c[c.length-1]),p=new Date((l.ts||0)*1e3).toISOString().replace("T"," ").slice(0,19),f=l.path||l.cmd||"?";console.log("last event:  "+p+"  "+l.action+"  "+f+"  \u2192 "+(l.decision||"?"))}else console.log("last event:  (none)")}catch{console.log("last event:  (unreadable)")}let a=A.join(e,".lbe","runtime","hook-status.json");if(E.existsSync(a)){let c;try{c=JSON.parse(E.readFileSync(a,"utf8"))}catch{}if(c){let l=!1;try{process.kill(c.pid,0),l=!0}catch{}if(console.log(`
+hook process: `+(l?"ACTIVE":"stale (process exited)")),console.log("hook pid:     "+c.pid+(l?" (alive)":" (gone)")),console.log("hook mode:    "+c.mode),console.log("hook started: "+c.started_at),c.patched){console.log(`
+Patched functions:`);for(let[p,f]of Object.entries(c.patched))console.log("  "+(f?"\u2713":"\u2013")+" "+p)}}}else console.log(`
+hook process: inactive \u2014 run: lbe-exec run-node ./agent.js`),console.log("              or: lbe-exec activate  then  lbe-exec shell");break}case"audit":{let e=A.join(process.cwd(),".lbe","events.jsonl");if(!E.existsSync(e)){console.log("No events log found. Run an agent with: npx lbe-exec run-node ./agent.js");break}let t=E.readFileSync(e,"utf8").split(`
+`).filter(o=>o.trim());if(!t.length){console.log("No events recorded yet.");break}console.log("\u2500\u2500 LBE Event Log ("+t.length+" entries) \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");for(let o of t)try{let n=JSON.parse(o),r=new Date(n.ts*1e3).toISOString().replace("T"," ").slice(0,19),s=n.path||n.cmd||"?",i=n.enforced&&n.decision==="deny"?"BLOCKED":n.decision==="deny"?"WOULD-BLOCK":"allowed";console.log(`${r}  [${n.mode}] ${n.action}  ${s}  \u2192 ${i}`)}catch{}break}case"init":$e(P).then(()=>{dn(P.wrap||null).length?(console.log(`
+\u2713 Added LBE script variants to package.json`),console.log("  Run your agent through LBE:  npm run <name>:lbe")):(console.log(`
+No node agent scripts detected in package.json.`),console.log("Use: npx lbe-exec run-node [--mode observe|enforce] ./your-agent.js"))}).catch(e=>{console.error(e.message),process.exit(1)});break;case"activate":{let e=te();E.existsSync(e)||(console.error("Hook not found: "+e),console.error("Run: npm install @letterblack/lbe-exec"),process.exit(1));let t=P.mode||"observe",o=process.cwd(),n=A.join(o,".lbe");E.mkdirSync(n,{recursive:!0}),E.writeFileSync(A.join(n,"activation.json"),JSON.stringify({activated:!0,activatedAt:new Date().toISOString(),hookPath:e,mode:t,root:o},null,2)+`
+`),console.log("\u2500\u2500 LBE workspace activated \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500"),console.log("workspace: "+o),console.log("hook:      "+e),console.log("mode:      "+t),console.log(`
+Next: open a governed shell session:`),console.log("  lbe-exec shell"),console.log(`
+Any Node.js agent run inside that shell is intercepted.`),console.log("Python, Go, native binaries, and PowerShell are NOT governed.");break}case"shell":{let e=A.join(process.cwd(),".lbe","activation.json"),t=null;if(E.existsSync(e))try{t=JSON.parse(E.readFileSync(e,"utf8"))}catch{}let o=t&&t.hookPath||te();E.existsSync(o)||(console.error("Hook not found. Run: lbe-exec activate"),process.exit(1));let n=P.mode||t&&t.mode||"observe",r=t&&t.root||process.cwd(),s=o.replace(/\\/g,"/"),i='--require "'+s+'"',a={...process.env,NODE_OPTIONS:i,LBE_ROOT:r,LBE_MODE:n};console.log("[lbe] Opening governed shell \u2014 mode: "+n),console.log("[lbe] NODE_OPTIONS set. Node.js agents are intercepted."),console.log("[lbe] Python / Go / native binaries are NOT governed."),console.log(`[lbe] Type "exit" to close.
+`);let c;if(process.platform==="win32"){let l=[`$env:NODE_OPTIONS='--require "${s}"'`,`$env:LBE_ROOT='${r}'`,`$env:LBE_MODE='${n}'`,`Write-Host '[lbe] Shell armed \u2014 mode: ${n}' -ForegroundColor Green`].join("; ");c=de("powershell.exe",["-NoExit","-Command",l],{stdio:"inherit",env:a})}else{let l=process.env.SHELL||"/bin/bash";c=de(l,[],{stdio:"inherit",env:a})}c.on("close",l=>{console.log(`
+[lbe] Governed shell closed.`),process.exit(l??0)});break}case"deactivate":{let e=process.cwd(),t=[A.join(e,".lbe","activation.json"),A.join(e,".lbe","runtime","hook-status.json")],o=0;for(let n of t)E.existsSync(n)&&(E.unlinkSync(n),o++);console.log(o?"\u2713 LBE deactivated \u2014 workspace activation files removed.":"Nothing to deactivate (workspace was not activated)."),console.log('Close any open "lbe-exec shell" sessions to fully disarm.');break}case"observe":case"enforce":Je(Q,P).catch(e=>{console.error(e.message),process.exit(1)});break;case"policy":{let e=cn();if(!e){console.log("No policy found. Run: npx lbe-exec init");break}if(!e.rules?.length){console.log("No rules defined.");break}for(let t of e.rules)console.log(`[${t.effect.toUpperCase()}] ${t.type}:${t.pattern}  \u2014 ${t.from||""}  (${t.id||"?"})`);break}case"execute":{Promise.resolve().then(()=>(Tt(),Dt)).then(async({createLocalExecutor:e})=>{let t=e({rootDir:process.cwd()}),o="";if(P.input)o=E.readFileSync(A.resolve(P.input),"utf8");else for await(let s of process.stdin)o+=s;let n=JSON.parse(o),r=await t.execute(n);console.log(JSON.stringify(r,null,2)),process.exit(r.ok?0:r.decision==="deny"?1:2)}).catch(e=>{console.error(e.message),process.exit(2)});break}default:console.log(`Usage: lbe-exec <command>
+`),console.log("  init                Bootstrap governance \u2014 policy, keys, agent files"),console.log("  run-node            Run a Node.js agent under LBE governance"),console.log("    [--mode observe|enforce] <script> [...args]"),console.log("  npm                 Wrap npm command with LBE hook (via NODE_OPTIONS)"),console.log("    [...npm-args]"),console.log("  status              Show workspace, mode, hook state, patched functions"),console.log("  audit               Show unified event log (.lbe/events.jsonl)"),console.log("  policy              List active policy rules"),console.log("  activate            Write workspace activation record (Node.js only)"),console.log("    [--mode observe|enforce]"),console.log("  shell               Open a governed terminal (NODE_OPTIONS pre-set)"),console.log("    [--mode observe|enforce]"),console.log("  deactivate          Remove workspace activation files"),console.log("  observe             Switch to observer mode (log only, nothing blocked)"),console.log("  enforce             Switch to enforcement mode (violations blocked)"),console.log("  execute             Send a JSON request from stdin or --input file"),console.log(`
+CLI: npx lbe-exec <command>`),Q&&Q!=="--help"&&Q!=="help"&&(console.error(`
+Unknown command: `+Q),process.exit(1))}