@letterblack/lbe-exec 1.2.17 → 1.2.19

package/dist/index.js

@@ -1,1835 +1,14 @@
-// src/exec/localExecutor.js
-import crypto5 from "crypto";
-import fs9 from "fs";
-import path10 from "path";
-
-// src/core/signature.js
-import nacl from "tweetnacl";
-import { canonicalize } from "json-canonicalize";
-function bytesFromBase64(b64) {
-  return Buffer.from(b64, "base64");
-}
-function toBase64(bytes) {
-  return Buffer.from(bytes).toString("base64");
-}
-function verifyEd25519({ payloadObj, sigB64, pubKeyB64 }) {
-  try {
-    const msg = Buffer.from(canonicalize(payloadObj), "utf8");
-    const sig = bytesFromBase64(sigB64);
-    const pub = bytesFromBase64(pubKeyB64);
-    const isValid = nacl.sign.detached.verify(
-      new Uint8Array(msg),
-      new Uint8Array(sig),
-      new Uint8Array(pub)
-    );
-    return {
-      valid: isValid,
-      message: isValid ? "Signature verified" : "Signature verification failed"
-    };
-  } catch (err) {
-    return {
-      valid: false,
-      message: `Signature verification error: ${err.message}`
-    };
-  }
-}
-function generateKeyPair() {
-  const keyPair = nacl.sign.keyPair();
-  return {
-    publicKey: toBase64(keyPair.publicKey),
-    secretKey: toBase64(keyPair.secretKey)
-  };
-}
-function signEd25519({ payloadObj, secretKeyB64 }) {
-  try {
-    const msg = Buffer.from(canonicalize(payloadObj), "utf8");
-    const secretKey = bytesFromBase64(secretKeyB64);
-    const sig = nacl.sign.detached(new Uint8Array(msg), new Uint8Array(secretKey));
-    return {
-      signature: toBase64(sig),
-      error: null
-    };
-  } catch (err) {
-    return {
-      signature: null,
-      error: `Signing failed: ${err.message}`
-    };
-  }
-}
-
-// src/core/policyVersionGuard.js
-import fs2 from "fs";
-import path2 from "path";
-
-// src/core/atomicWrite.js
-import fs from "fs";
-import path from "path";
-import crypto from "crypto";
-var DEFAULT_LOCK_OPTS = {
-  timeoutMs: 5e3,
-  // total wait before giving up
-  pollMs: 15,
-  // base poll interval (jittered)
-  staleMs: 3e4
-  // lock files older than this are presumed orphaned
-};
-function _lockPathFor(targetPath) {
-  return targetPath + ".lock";
-}
-function _tryAcquire(lockPath) {
-  try {
-    const fd = fs.openSync(lockPath, "wx");
-    fs.writeSync(fd, `pid:${process.pid}:${Date.now()}`);
-    fs.closeSync(fd);
-    return true;
-  } catch (err) {
-    if (err.code === "EEXIST" || err.code === "EPERM" || err.code === "EBUSY" || err.code === "EACCES") {
-      return false;
-    }
-    throw err;
-  }
-}
-function _removeIfStale(lockPath, staleMs) {
-  try {
-    const stat = fs.statSync(lockPath);
-    const ageMs = Date.now() - stat.mtimeMs;
-    if (ageMs > staleMs) {
-      try {
-        fs.unlinkSync(lockPath);
-      } catch {
-      }
-    }
-  } catch {
-  }
-}
-function _sleepSync(ms) {
-  const end = Date.now() + ms;
-  while (Date.now() < end) {
-    try {
-      Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, Math.max(1, end - Date.now()));
-    } catch {
-    }
-  }
-}
-function withFileLock(targetPath, optsOrFn, maybeFn) {
-  const fn = typeof optsOrFn === "function" ? optsOrFn : maybeFn;
-  const opts = typeof optsOrFn === "function" ? {} : optsOrFn || {};
-  const { timeoutMs, pollMs, staleMs } = { ...DEFAULT_LOCK_OPTS, ...opts };
-  const dir = path.dirname(targetPath);
-  if (!fs.existsSync(dir)) {
-    fs.mkdirSync(dir, { recursive: true });
-  }
-  const lockPath = _lockPathFor(targetPath);
-  const deadline = Date.now() + timeoutMs;
-  let acquired = false;
-  while (!acquired) {
-    acquired = _tryAcquire(lockPath);
-    if (acquired) break;
-    if (Date.now() >= deadline) {
-      _removeIfStale(lockPath, staleMs);
-      acquired = _tryAcquire(lockPath);
-      if (acquired) break;
-      const err = new Error(`withFileLock: timeout acquiring ${lockPath} after ${timeoutMs}ms`);
-      err.code = "ELOCKTIMEOUT";
-      throw err;
-    }
-    _removeIfStale(lockPath, staleMs);
-    const jitter = Math.floor(Math.random() * pollMs);
-    _sleepSync(pollMs + jitter);
-  }
-  try {
-    return fn();
-  } finally {
-    try {
-      fs.unlinkSync(lockPath);
-    } catch {
-    }
-  }
-}
-function atomicWriteFileSync(filePath, data, options = {}) {
-  const dir = path.dirname(filePath);
-  if (!fs.existsSync(dir)) {
-    fs.mkdirSync(dir, { recursive: true });
-  }
-  const tempFile = path.join(dir, `.tmp-${Date.now()}-${crypto.randomBytes(4).toString("hex")}`);
-  try {
-    fs.writeFileSync(tempFile, data, options);
-    fs.renameSync(tempFile, filePath);
-  } catch (error2) {
-    try {
-      if (fs.existsSync(tempFile)) {
-        fs.unlinkSync(tempFile);
-      }
-    } catch (cleanupError) {
-    }
-    throw error2;
-  }
-}
-
-// src/core/policyVersionGuard.js
-function parsePolicyVersion(version) {
-  if (typeof version === "number" && Number.isFinite(version)) {
-    return { ok: true, kind: "int", parts: [Math.floor(version)], raw: String(version) };
-  }
-  if (typeof version !== "string" || !version.trim()) {
-    return { ok: false, reason: "POLICY_VERSION_INVALID", message: "Policy version is required" };
-  }
-  const trimmed = version.trim();
-  if (/^\d+$/.test(trimmed)) {
-    return { ok: true, kind: "int", parts: [Number(trimmed)], raw: trimmed };
-  }
-  const semver = trimmed.replace(/^v/i, "");
-  if (/^\d+(\.\d+){0,2}$/.test(semver)) {
-    const parsed = semver.split(".").map((n) => Number(n));
-    while (parsed.length < 3) {
-      parsed.push(0);
-    }
-    return { ok: true, kind: "semver", parts: parsed, raw: trimmed };
-  }
-  return {
-    ok: false,
-    reason: "POLICY_VERSION_INVALID",
-    message: `Unsupported policy version format '${version}' (use integer or semver)`
-  };
-}
-function compareVersions(a, b) {
-  const len = Math.max(a.parts.length, b.parts.length);
-  for (let i = 0; i < len; i++) {
-    const av = a.parts[i] ?? 0;
-    const bv = b.parts[i] ?? 0;
-    if (av > bv) return 1;
-    if (av < bv) return -1;
-  }
-  return 0;
-}
-function parseCreatedAt(createdAt) {
-  if (typeof createdAt === "number" && Number.isFinite(createdAt)) {
-    const sec = createdAt > 1e12 ? Math.floor(createdAt / 1e3) : Math.floor(createdAt);
-    return { ok: true, epochSec: sec };
-  }
-  if (typeof createdAt !== "string" || !createdAt.trim()) {
-    return {
-      ok: false,
-      reason: "POLICY_CREATED_AT_INVALID",
-      message: "Policy createdAt is required"
-    };
-  }
-  const ts = Date.parse(createdAt);
-  if (Number.isNaN(ts)) {
-    return {
-      ok: false,
-      reason: "POLICY_CREATED_AT_INVALID",
-      message: `Invalid policy createdAt '${createdAt}'`
-    };
-  }
-  return { ok: true, epochSec: Math.floor(ts / 1e3) };
-}
-function loadPolicyState(statePath) {
-  if (!fs2.existsSync(statePath)) {
-    return {
-      schemaVersion: "1",
-      lastAccepted: null,
-      updatedAt: null
-    };
-  }
-  try {
-    const parsed = JSON.parse(fs2.readFileSync(statePath, "utf8"));
-    if (!parsed || typeof parsed !== "object") {
-      throw new Error("Policy state file has invalid structure");
-    }
-    return {
-      schemaVersion: String(parsed.schemaVersion || "1"),
-      lastAccepted: parsed.lastAccepted && typeof parsed.lastAccepted === "object" ? parsed.lastAccepted : null,
-      updatedAt: parsed.updatedAt || null
-    };
-  } catch (err) {
-    throw new Error(`Policy state at ${statePath} is corrupt or unreadable: ${err.message}`);
-  }
-}
-function savePolicyState(statePath, stateObj) {
-  const payload = JSON.stringify(stateObj, null, 2);
-  atomicWriteFileSync(statePath, payload, { encoding: "utf8" });
-}
-function validateAndUpdatePolicyVersionState({
-  policyObj,
-  statePath = path2.resolve(".lbe/data/policy.state.json"),
-  maxCreatedAtSkewSec = 31536e3,
-  nowSec = Math.floor(Date.now() / 1e3),
-  persist = true
-}) {
-  const version = parsePolicyVersion(policyObj?.version);
-  if (!version.ok) {
-    return {
-      ok: false,
-      reason: version.reason,
-      message: version.message,
-      updated: false
-    };
-  }
-  const createdAt = parseCreatedAt(policyObj?.createdAt);
-  if (!createdAt.ok) {
-    return {
-      ok: false,
-      reason: createdAt.reason,
-      message: createdAt.message,
-      updated: false
-    };
-  }
-  const skew = Math.abs(nowSec - createdAt.epochSec);
-  const allowedSkew = Number.isFinite(maxCreatedAtSkewSec) && maxCreatedAtSkewSec > 0 ? Math.floor(maxCreatedAtSkewSec) : 31536e3;
-  if (skew > allowedSkew) {
-    return {
-      ok: false,
-      reason: "POLICY_CREATED_AT_SKEW_EXCEEDED",
-      message: `Policy createdAt skew ${skew}s exceeds allowed ${allowedSkew}s`,
-      updated: false
-    };
-  }
-  let state;
-  try {
-    state = loadPolicyState(statePath);
-  } catch (err) {
-    return {
-      ok: false,
-      reason: "POLICY_STATE_CORRUPT",
-      message: err.message,
-      updated: false
-    };
-  }
-  const previous = state.lastAccepted;
-  let previousVersion = null;
-  let previousCreatedAt = null;
-  let versionCompare = 0;
-  if (previous) {
-    previousVersion = parsePolicyVersion(previous.version);
-    previousCreatedAt = parseCreatedAt(previous.createdAt);
-    if (previousVersion.ok && previousCreatedAt.ok) {
-      versionCompare = compareVersions(version, previousVersion);
-      if (versionCompare < 0) {
-        return {
-          ok: false,
-          reason: "POLICY_VERSION_REGRESSION",
-          message: `Policy version regression: current '${version.raw}' < last '${previousVersion.raw}'`,
-          updated: false
-        };
-      }
-      if (versionCompare === 0 && createdAt.epochSec < previousCreatedAt.epochSec) {
-        return {
-          ok: false,
-          reason: "POLICY_CREATED_AT_REGRESSION",
-          message: `Policy createdAt regression: current '${policyObj.createdAt}' < last '${previous.createdAt}'`,
-          updated: false
-        };
-      }
-      if (versionCompare > 0 && createdAt.epochSec < previousCreatedAt.epochSec) {
-        return {
-          ok: false,
-          reason: "POLICY_CREATED_AT_REGRESSION",
-          message: `Policy createdAt must be monotonic when version increases`,
-          updated: false
-        };
-      }
-    }
-  }
-  const shouldUpdate = !previous || !previousVersion?.ok || !previousCreatedAt?.ok || versionCompare > 0 || versionCompare === 0 && createdAt.epochSec > previousCreatedAt.epochSec;
-  if (persist && shouldUpdate) {
-    const nextState = {
-      schemaVersion: "1",
-      lastAccepted: {
-        version: policyObj.version,
-        createdAt: policyObj.createdAt,
-        environment: policyObj.environment || null
-      },
-      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-    };
-    savePolicyState(statePath, nextState);
-  }
-  return {
-    ok: true,
-    reason: null,
-    message: "Policy version guard passed",
-    updated: shouldUpdate
-  };
-}
-
-// runtime/engine.js
-import fs3 from "fs";
-import path3 from "path";
-import { fileURLToPath } from "url";
-var runtimeDir = path3.dirname(fileURLToPath(import.meta.url));
-var wasmPath = path3.join(runtimeDir, "lbe_engine.wasm");
-var POLICY_MESSAGES = {
-  0: { allowed: true, reason: null, message: "Policy check passed" },
-  1: { allowed: false, reason: "POLICY_NOT_CONFIGURED", message: "No policy configured" },
-  2: { allowed: false, reason: "REQUESTER_NOT_ALLOWED", message: "Requester not in policy" },
-  3: { allowed: false, reason: "COMMAND_NOT_ALLOWED", message: "Command not allowed for requester" },
-  4: { allowed: false, reason: "ADAPTER_NOT_ALLOWED", message: "Adapter not allowed" },
-  5: { allowed: false, reason: "NO_FILESYSTEM_ROOTS_DEFINED", message: "No filesystem roots defined for requester" },
-  6: { allowed: false, reason: "CWD_OUTSIDE_ALLOWED_ROOT", message: "Path not under allowed roots" },
-  7: { allowed: false, reason: "PATH_DENIED_BY_PATTERN", message: "Path matches deny pattern" },
-  8: { allowed: false, reason: "SHELL_CMD_DENIED", message: "Shell command not allowed" }
-};
-var SCHEMA_MESSAGES = {
-  0: { valid: true, error: null },
-  1: { valid: false, error: "Missing required field: id" },
-  2: { valid: false, error: "Missing required field: commandId" },
-  3: { valid: false, error: "Missing required field: requesterId" },
-  4: { valid: false, error: "Missing required field: sessionId" },
-  5: { valid: false, error: "Missing required field: timestamp" },
-  6: { valid: false, error: "Missing required field: nonce" },
-  7: { valid: false, error: "Missing required field: requires" },
-  8: { valid: false, error: "Missing required field: payload" },
-  9: { valid: false, error: "Missing required field: signature" },
-  10: { valid: false, error: "Field 'id' is invalid" },
-  11: { valid: false, error: "Field 'commandId' is invalid" },
-  12: { valid: false, error: "Field 'requesterId' is invalid" },
-  13: { valid: false, error: "Field 'sessionId' is invalid" },
-  14: { valid: false, error: "Field 'timestamp' is invalid" },
-  15: { valid: false, error: "Field 'nonce' is invalid" },
-  16: { valid: false, error: "Field 'requires' is invalid" },
-  17: { valid: false, error: "payload: missing required field: adapter" },
-  18: { valid: false, error: "payload: field 'adapter' is invalid" },
-  19: { valid: false, error: "signature: missing required field: alg" },
-  20: { valid: false, error: "signature: missing required field: keyId" },
-  21: { valid: false, error: "signature: missing required field: sig" },
-  22: { valid: false, error: "signature: field 'alg' must be ed25519" },
-  23: { valid: false, error: "signature: field 'sig' is invalid" },
-  24: { valid: false, error: "Field 'risk' is invalid" }
-};
-var KEY_REASONS = {
-  1: "KEY_ID_INVALID",
-  2: "KEY_NOT_TRUSTED",
-  3: "KEY_DEPRECATED",
-  4: "KEY_REQUESTER_MISMATCH",
-  5: "KEY_LIFECYCLE_INVALID",
-  6: "KEY_NOT_YET_VALID",
-  7: "KEY_EXPIRED"
-};
-var PIPELINE_STAGES = {
-  0: "schema",
-  1: "timestamp",
-  2: "key",
-  3: "signature",
-  4: "rate_limit",
-  5: "nonce",
-  6: "policy",
-  255: "ok"
-};
-var RISK_LABELS = ["LOW", "MEDIUM", "HIGH", "CRITICAL"];
-var COMMAND_TYPE = { ECHO: 0, READ_FILE: 1, WRITE_FILE: 2, PATCH_FILE: 3, DELETE_FILE: 4, RUN_SHELL: 5 };
-var _instance = null;
-function wasm() {
-  if (_instance) return _instance;
-  if (!fs3.existsSync(wasmPath)) throw new Error(`LBE engine missing: ${wasmPath}`);
-  const bytes = fs3.readFileSync(wasmPath);
-  _instance = new WebAssembly.Instance(new WebAssembly.Module(bytes), {});
-  return _instance;
-}
-function memory() {
-  return new Uint8Array(wasm().exports.memory.buffer);
-}
-function inPtr() {
-  return wasm().exports.lbe_in_ptr();
-}
-function outPtr() {
-  return wasm().exports.lbe_out_ptr();
-}
-function bufSize() {
-  return wasm().exports.lbe_buf_size();
-}
-function writeIn(str) {
-  const enc = new TextEncoder().encode(str);
-  const mem = memory();
-  const ptr = inPtr();
-  mem.set(enc, ptr);
-  mem[ptr + enc.length] = 0;
-}
-function readOut() {
-  const mem = memory();
-  const ptr = outPtr();
-  let end = ptr;
-  while (mem[end] !== 0 && end - ptr < bufSize()) end++;
-  return new TextDecoder().decode(mem.slice(ptr, end));
-}
-function writePipelineInput(fields) {
-  const mem = memory();
-  const ptr = inPtr();
-  const view = new DataView(mem.buffer, ptr);
-  fields.forEach((v, i) => view.setUint32(i * 4, v >>> 0, true));
-}
-function readPipelineOutput() {
-  const mem = memory();
-  const ptr = outPtr();
-  const view = new DataView(mem.buffer, ptr);
-  return { stage: view.getUint32(0, true), code: view.getUint32(4, true) };
-}
-function runValidationPipeline(flags) {
-  writePipelineInput([
-    // Schema flags [0..24]
-    flags.hasId ? 1 : 0,
-    flags.idValid ? 1 : 0,
-    flags.hasCommandId ? 1 : 0,
-    flags.commandIdValid ? 1 : 0,
-    flags.hasRequesterId ? 1 : 0,
-    flags.requesterIdValid ? 1 : 0,
-    flags.hasSessionId ? 1 : 0,
-    flags.sessionIdValid ? 1 : 0,
-    flags.hasTimestamp ? 1 : 0,
-    flags.timestampValid ? 1 : 0,
-    flags.hasNonce ? 1 : 0,
-    flags.nonceValid ? 1 : 0,
-    flags.hasRequires ? 1 : 0,
-    flags.requiresValid ? 1 : 0,
-    flags.hasPayload ? 1 : 0,
-    flags.hasPayloadAdapter ? 1 : 0,
-    flags.payloadAdapterValid ? 1 : 0,
-    flags.hasSignature ? 1 : 0,
-    flags.hasSignatureAlg ? 1 : 0,
-    flags.signatureAlgValid ? 1 : 0,
-    flags.hasSignatureKeyId ? 1 : 0,
-    flags.hasSignatureSig ? 1 : 0,
-    flags.signatureSigValid ? 1 : 0,
-    flags.hasRisk ? 1 : 0,
-    flags.riskValid ? 1 : 0,
-    // Timestamp [25..27]
-    flags.cmdTimestamp >>> 0,
-    flags.nowSec >>> 0,
-    flags.maxClockSkewSec >>> 0,
-    // Key lifecycle [28..34]
-    flags.keyIdFormatValid ? 1 : 0,
-    flags.keyFound ? 1 : 0,
-    flags.keyNotDeprecated ? 1 : 0,
-    flags.keyRequesterMatches ? 1 : 0,
-    flags.keyNotBeforeOk ? 1 : 0,
-    flags.keyNotExpired ? 1 : 0,
-    flags.keyLifecycleFieldsPresent ? 1 : 0,
-    // Signature [35]
-    flags.signatureValid ? 1 : 0,
-    // Rate limit [36..37]
-    flags.rateLimitOk ? 1 : 0,
-    flags.rateLimitRetryAfterSec >>> 0,
-    // Nonce [38]
-    flags.nonceOk ? 1 : 0,
-    // Policy [39..48]
-    flags.policyConfigured ? 1 : 0,
-    flags.requesterConfigured ? 1 : 0,
-    flags.commandAllowed ? 1 : 0,
-    flags.adapterAllowed ? 1 : 0,
-    flags.filesystemRequired ? 1 : 0,
-    flags.filesystemRootsDefined ? 1 : 0,
-    flags.filesystemOk ? 1 : 0,
-    flags.pathDenied ? 1 : 0,
-    flags.shellRequired ? 1 : 0,
-    flags.shellCommandOk ? 1 : 0
-  ]);
-  wasm().exports.lbe_validate_pipeline();
-  const { stage, code } = readPipelineOutput();
-  const ok = stage === 255;
-  return {
-    ok,
-    stage,
-    stageLabel: PIPELINE_STAGES[stage] || "unknown",
-    code,
-    schemaError: stage === 0 ? SCHEMA_MESSAGES[code]?.error || "Schema invalid" : null,
-    keyReason: stage === 2 ? KEY_REASONS[code] || "KEY_ERROR" : null,
-    policyResult: stage === 6 ? { ...POLICY_MESSAGES[code] || POLICY_MESSAGES[1], code } : null,
-    retryAfterSec: stage === 4 ? code : 0,
-    skewSec: stage === 1 ? code : 0
-  };
-}
-function checkNonce({ ttlSec, nowSec, newKey, existingEntries }) {
-  const lines = [`${ttlSec}:${nowSec}`, newKey, ...existingEntries].join("\n") + "\n";
-  writeIn(lines);
-  const isReplay = wasm().exports.lbe_nonce_check() !== 0;
-  if (isReplay) return { ok: false, updatedEntriesText: null };
-  const out = readOut();
-  return { ok: true, updatedEntriesText: out.startsWith("OK\n") ? out.slice(3) : out };
-}
-function checkRateLimit({ windowSec, maxRequests, nowSec, requesterId, existingEntries }) {
-  const lines = [
-    `${windowSec}:${maxRequests}:${nowSec}`,
-    requesterId,
-    ...existingEntries
-  ].join("\n") + "\n";
-  writeIn(lines);
-  const exceeded = wasm().exports.lbe_rate_check() !== 0;
-  const out = readOut();
-  if (exceeded) {
-    const retryAfterSec = parseInt(out.match(/^EXCEEDED:(\d+)/)?.[1] ?? "1", 10);
-    const entriesText = out.replace(/^EXCEEDED:\d+\n/, "");
-    return { ok: false, retryAfterSec, updatedEntriesText: entriesText };
-  }
-  return { ok: true, retryAfterSec: 0, updatedEntriesText: out.startsWith("OK\n") ? out.slice(3) : out };
-}
-function classifyRisk(commandId, shellCmdIsRm = false) {
-  const typeCode = COMMAND_TYPE[commandId] ?? 0;
-  const code = wasm().exports.lbe_classify_risk(typeCode, shellCmdIsRm ? 1 : 0);
-  return RISK_LABELS[code] ?? "LOW";
-}
-
-// src/core/validator.js
-import path4 from "path";
-function extractSchemaFlags(cmd) {
-  const has = (k) => cmd != null && Object.prototype.hasOwnProperty.call(cmd, k);
-  const isStr = (v) => typeof v === "string";
-  const p = cmd?.payload;
-  const sig = cmd?.signature;
-  return {
-    hasId: has("id"),
-    idValid: isStr(cmd?.id) && /^[A-Z_]+$/.test(cmd.id) && cmd.id.length >= 1 && cmd.id.length <= 50,
-    hasCommandId: has("commandId"),
-    commandIdValid: isStr(cmd?.commandId) && /^[a-f0-9-]+$/.test(cmd.commandId) && cmd.commandId.length === 36,
-    hasRequesterId: has("requesterId"),
-    requesterIdValid: isStr(cmd?.requesterId) && cmd.requesterId.length >= 3 && cmd.requesterId.length <= 100,
-    hasSessionId: has("sessionId"),
-    sessionIdValid: isStr(cmd?.sessionId) && cmd.sessionId.length >= 3,
-    hasTimestamp: has("timestamp"),
-    timestampValid: typeof cmd?.timestamp === "number" && cmd.timestamp >= 1e9,
-    hasNonce: has("nonce"),
-    nonceValid: isStr(cmd?.nonce) && cmd.nonce.length >= 32 && cmd.nonce.length <= 128,
-    hasRequires: has("requires"),
-    requiresValid: Array.isArray(cmd?.requires) && cmd.requires.length >= 1 && cmd.requires.every(isStr),
-    hasPayload: has("payload") && typeof p === "object" && p !== null && !Array.isArray(p),
-    hasPayloadAdapter: p != null && Object.prototype.hasOwnProperty.call(p, "adapter"),
-    payloadAdapterValid: isStr(p?.adapter),
-    hasSignature: has("signature") && typeof sig === "object" && sig !== null && !Array.isArray(sig),
-    hasSignatureAlg: sig != null && Object.prototype.hasOwnProperty.call(sig, "alg"),
-    signatureAlgValid: sig?.alg === "ed25519",
-    hasSignatureKeyId: sig != null && Object.prototype.hasOwnProperty.call(sig, "keyId"),
-    hasSignatureSig: sig != null && Object.prototype.hasOwnProperty.call(sig, "sig"),
-    signatureSigValid: isStr(sig?.sig) && sig.sig.length >= 10,
-    hasRisk: has("risk"),
-    riskValid: ["LOW", "MEDIUM", "HIGH", "CRITICAL"].includes(cmd?.risk)
-  };
-}
-function extractPolicyFlags(policy, cmd) {
-  const hasPolicy = !!(policy && policy.default === "DENY" && policy.requesters && typeof policy.requesters === "object");
-  const rp = policy?.requesters?.[cmd.requesterId];
-  const cmdId = cmd.id?.toLowerCase() ?? "";
-  const commandAllowed = !!rp?.allowCommands?.some((c) => c.toLowerCase() === cmdId);
-  const adapterAllowed = !!rp?.allowAdapters?.includes(cmd.payload?.adapter);
-  const filesystemRequired = !!cmd.payload?.cwd;
-  let filesystemRootsDefined = false;
-  let filesystemOk = false;
-  let pathDenied = false;
-  if (filesystemRequired) {
-    const roots = rp?.filesystem?.roots ?? [];
-    filesystemRootsDefined = roots.length > 0;
-    if (filesystemRootsDefined) {
-      const cwd = path4.resolve(cmd.payload.cwd);
-      filesystemOk = roots.some((r) => {
-        const rr = path4.resolve(r);
-        return cwd === rr || cwd.startsWith(rr + path4.sep);
-      });
-      const denyPatterns = rp?.filesystem?.denyPatterns ?? [];
-      pathDenied = denyPatterns.some((pattern) => {
-        const re = new RegExp("^" + pattern.replace(/\./g, "\\.").replace(/\*\*/g, ".*").replace(/\*/g, "[^/]*") + "$");
-        return re.test(cwd);
-      });
-    }
-  }
-  let shellRequired = false;
-  let shellCommandOk = true;
-  if (cmd.id === "RUN_SHELL") {
-    shellRequired = true;
-    const allowCmds = rp?.exec?.allowCmds ?? [];
-    const denyCmds = rp?.exec?.denyCmds ?? [];
-    const shellCmd = cmd.payload?.cmd;
-    if (denyCmds.includes(shellCmd)) {
-      shellCommandOk = false;
-    } else {
-      shellCommandOk = allowCmds.length === 0 || allowCmds.includes(shellCmd);
-    }
-  }
-  return {
-    policyConfigured: hasPolicy,
-    requesterConfigured: !!rp,
-    commandAllowed,
-    adapterAllowed,
-    filesystemRequired,
-    filesystemRootsDefined,
-    filesystemOk,
-    pathDenied,
-    shellRequired,
-    shellCommandOk
-  };
-}
-function extractKeyFlags(keyStore, keyId, requesterId, now = /* @__PURE__ */ new Date()) {
-  if (!keyStore || !keyId) {
-    return {
-      keyIdFormatValid: false,
-      keyFound: false,
-      keyNotDeprecated: false,
-      keyRequesterMatches: false,
-      keyNotBeforeOk: false,
-      keyNotExpired: false,
-      keyLifecycleFieldsPresent: false,
-      publicKey: null
-    };
-  }
-  const KEY_ID_RE = /^[A-Za-z0-9:_-]{3,128}$/;
-  const keyIdFormatValid = KEY_ID_RE.test(keyId) && keyId !== "default";
-  if (!keyIdFormatValid) {
-    return {
-      keyIdFormatValid,
-      keyFound: false,
-      keyNotDeprecated: false,
-      keyRequesterMatches: false,
-      keyNotBeforeOk: false,
-      keyNotExpired: false,
-      keyLifecycleFieldsPresent: false,
-      publicKey: null
-    };
-  }
-  const entry = keyStore.trustedKeys?.[keyId];
-  const keyFound = !!entry;
-  if (!keyFound) {
-    return {
-      keyIdFormatValid,
-      keyFound,
-      keyNotDeprecated: false,
-      keyRequesterMatches: false,
-      keyNotBeforeOk: false,
-      keyNotExpired: false,
-      keyLifecycleFieldsPresent: false,
-      publicKey: null
-    };
-  }
-  const keyNotDeprecated = !entry.deprecated;
-  const keyRequesterMatches = !entry.requesterId || entry.requesterId === requesterId;
-  const notBefore = entry.notBefore || entry.validFrom;
-  const expiresAt = entry.expiresAt || entry.validUntil;
-  const keyLifecycleFieldsPresent = typeof notBefore === "string" && typeof expiresAt === "string";
-  let keyNotBeforeOk = false;
-  let keyNotExpired = false;
-  if (keyLifecycleFieldsPresent) {
-    const nb = new Date(notBefore);
-    const exp = new Date(expiresAt);
-    if (!isNaN(nb.getTime()) && !isNaN(exp.getTime()) && nb < exp) {
-      keyNotBeforeOk = now >= nb;
-      keyNotExpired = now < exp;
-    }
-  }
-  return {
-    keyIdFormatValid,
-    keyFound,
-    keyNotDeprecated,
-    keyRequesterMatches,
-    keyNotBeforeOk,
-    keyNotExpired,
-    keyLifecycleFieldsPresent,
-    publicKey: entry.publicKey ?? null
-  };
-}
-function nonceEntriesToText(db) {
-  return (db?.entries ?? []).map((e) => `${e.key}:${e.timestamp}`);
-}
-function textToNonceEntries(text) {
-  return text.split("\n").filter(Boolean).map((line) => {
-    const lastColon = line.lastIndexOf(":");
-    return {
-      key: line.slice(0, lastColon),
-      timestamp: parseInt(line.slice(lastColon + 1), 10) || 0
-    };
-  });
-}
-function rateEntriesToText(db) {
-  return (db?.entries ?? []).map((e) => `${e.requesterId}:${e.timestamp}`);
-}
-function textToRateEntries(text) {
-  return text.split("\n").filter(Boolean).map((line) => {
-    const lastColon = line.lastIndexOf(":");
-    return {
-      requesterId: line.slice(0, lastColon),
-      timestamp: parseInt(line.slice(lastColon + 1), 10) || 0
-    };
-  });
-}
-function validateCommand({
-  commandObj,
-  pubKeyB64,
-  keyStore,
-  nonceDb,
-  policy,
-  rateLimiter,
-  policyStatePath
-}) {
-  const result = {
-    valid: false,
-    commandId: commandObj?.commandId,
-    checks: {},
-    errors: []
-  };
-  const nowSec = Math.floor(Date.now() / 1e3);
-  const now = /* @__PURE__ */ new Date();
-  const maxClockSkewSec = Number.isFinite(policy?.security?.maxClockSkewSec) ? policy.security.maxClockSkewSec : 600;
-  if (policyStatePath && policy?.version !== void 0) {
-    try {
-      const vCheck = validateAndUpdatePolicyVersionState({ policyObj: policy, statePath: policyStatePath });
-      result.checks.policyVersion = vCheck.ok;
-      if (!vCheck.ok) {
-        result.errors.push({ type: "POLICY_VERSION_INVALID", message: vCheck.message });
-        return result;
-      }
-    } catch {
-      result.checks.policyVersion = true;
-    }
-  } else {
-    result.checks.policyVersion = true;
-  }
-  const schemaFlags = extractSchemaFlags(commandObj);
-  const keyId = commandObj?.signature?.keyId;
-  const keyFlags = extractKeyFlags(keyStore, keyId, commandObj?.requesterId, now);
-  let signatureValid = false;
-  let effectivePubKey = keyFlags.publicKey;
-  if (!effectivePubKey && pubKeyB64) effectivePubKey = pubKeyB64;
-  if (effectivePubKey) {
-    const bodyWithoutSig = { ...commandObj };
-    delete bodyWithoutSig.signature;
-    const sigCheck = verifyEd25519({
-      payloadObj: bodyWithoutSig,
-      sigB64: commandObj?.signature?.sig,
-      pubKeyB64: effectivePubKey
-    });
-    signatureValid = sigCheck.valid;
-  }
-  let rateLimitOk = true;
-  let rateLimitRetryAfterSec = 0;
-  if (signatureValid && rateLimiter && typeof rateLimiter.db !== "undefined") {
-    const rateCfg = policy?.requesters?.[commandObj.requesterId]?.rateLimit || {};
-    const dfltCfg = policy?.security?.defaultRateLimit || {};
-    const windowSec = rateCfg.windowSec ?? dfltCfg.windowSec ?? 60;
-    const maxRequests = rateCfg.maxRequests ?? dfltCfg.maxRequests ?? 30;
-    const rateResult = checkRateLimit({
-      windowSec,
-      maxRequests,
-      nowSec,
-      requesterId: commandObj.requesterId,
-      existingEntries: rateEntriesToText(rateLimiter.db)
-    });
-    rateLimitOk = rateResult.ok;
-    rateLimitRetryAfterSec = rateResult.retryAfterSec;
-    if (rateResult.ok) {
-      rateLimiter.db.entries = textToRateEntries(rateResult.updatedEntriesText);
-    }
-  } else if (signatureValid && rateLimiter && typeof rateLimiter.checkAndRecord === "function") {
-    const rateCfg = policy?.requesters?.[commandObj.requesterId]?.rateLimit || {};
-    const dfltCfg = policy?.security?.defaultRateLimit || {};
-    const rateCheck = rateLimiter.checkAndRecord({
-      requesterId: commandObj.requesterId,
-      nowSec,
-      windowSec: rateCfg.windowSec ?? dfltCfg.windowSec ?? 60,
-      maxRequests: rateCfg.maxRequests ?? dfltCfg.maxRequests ?? 30
-    });
-    rateLimitOk = rateCheck.ok;
-    rateLimitRetryAfterSec = rateCheck.retryAfterSec ?? 0;
-  }
-  let nonceOk = true;
-  const nonceKey = `${commandObj?.requesterId}|${commandObj?.sessionId}|${commandObj?.nonce}`;
-  const ttlSec = 3600;
-  if (signatureValid && rateLimitOk && nonceDb) {
-    if (typeof nonceDb.checkAndRecord === "function") {
-      if (nonceDb.db) {
-        const nonceResult = checkNonce({
-          ttlSec,
-          nowSec,
-          newKey: nonceKey,
-          existingEntries: nonceEntriesToText(nonceDb.db)
-        });
-        nonceOk = nonceResult.ok;
-        if (nonceResult.ok) {
-          nonceDb.db.entries = textToNonceEntries(nonceResult.updatedEntriesText);
-        }
-      } else {
-        const r = nonceDb.checkAndRecord({
-          requesterId: commandObj.requesterId,
-          sessionId: commandObj.sessionId,
-          nonce: commandObj.nonce
-        });
-        nonceOk = r.ok;
-      }
-    } else {
-      const nonceResult = checkNonce({
-        ttlSec,
-        nowSec,
-        newKey: nonceKey,
-        existingEntries: nonceEntriesToText(nonceDb)
-      });
-      nonceOk = nonceResult.ok;
-      if (nonceResult.ok) {
-        nonceDb.entries = textToNonceEntries(nonceResult.updatedEntriesText);
-      }
-    }
-  }
-  const policyFlags = extractPolicyFlags(policy, commandObj ?? {});
-  const pipeline = runValidationPipeline({
-    ...schemaFlags,
-    cmdTimestamp: commandObj?.timestamp ?? 0,
-    nowSec,
-    maxClockSkewSec,
-    ...keyFlags,
-    signatureValid,
-    rateLimitOk,
-    rateLimitRetryAfterSec,
-    nonceOk,
-    ...policyFlags
-  });
-  const s = pipeline.stage;
-  result.checks.schema = s !== 0;
-  if (s >= 1) result.checks.timestamp = s !== 1;
-  if (s >= 2) result.checks.keyId = s !== 2;
-  if (s >= 2) result.checks.signature = s !== 2 && s !== 3;
-  if (s >= 4) result.checks.rateLimit = s !== 4;
-  if (s >= 5) result.checks.nonce = s !== 5;
-  if (s >= 6 || pipeline.ok) result.checks.policy = s !== 6;
-  if (!pipeline.ok) {
-    const stage = pipeline.stageLabel;
-    if (stage === "schema") {
-      result.errors.push({ type: "SCHEMA_ERROR", message: pipeline.schemaError || "Schema invalid" });
-    } else if (stage === "timestamp") {
-      result.errors.push({ type: "TIMESTAMP_SKEW_EXCEEDED", message: `Command timestamp skew ${pipeline.skewSec}s exceeds allowed ${maxClockSkewSec}s` });
-    } else if (stage === "key") {
-      const reason = pipeline.keyReason || "KEY_ERROR";
-      const msgs = {
-        KEY_ID_INVALID: `Invalid keyId '${keyId}'`,
-        KEY_NOT_TRUSTED: `Key '${keyId}' is not in trusted key store`,
-        KEY_DEPRECATED: `Key '${keyId}' is deprecated`,
-        KEY_REQUESTER_MISMATCH: `Key '${keyId}' is not authorized for requester '${commandObj?.requesterId}'`,
-        KEY_LIFECYCLE_INVALID: `Key '${keyId}' must define notBefore and expiresAt`,
-        KEY_NOT_YET_VALID: `Key '${keyId}' is not yet valid`,
-        KEY_EXPIRED: `Key '${keyId}' has expired`
-      };
-      result.errors.push({ type: reason, message: msgs[reason] || reason });
-    } else if (stage === "signature") {
-      result.errors.push({ type: "SIGNATURE_INVALID", message: effectivePubKey ? "Signature verification failed" : "No public key available" });
-    } else if (stage === "rate_limit") {
-      result.errors.push({ type: "RATE_LIMIT_EXCEEDED", message: `Rate limit exceeded. Retry after ${pipeline.retryAfterSec}s` });
-    } else if (stage === "nonce") {
-      result.errors.push({ type: "REPLAY_NONCE", message: "Nonce has already been used" });
-    } else if (stage === "policy" && pipeline.policyResult) {
-      result.errors.push({ type: pipeline.policyResult.reason, message: pipeline.policyResult.message });
-    } else {
-      result.errors.push({ type: "VALIDATION_FAILED", message: `Failed at stage: ${stage}` });
-    }
-    return result;
-  }
-  result.valid = true;
-  result.risk = classifyRisk(commandObj.id, commandObj.payload?.cmd === "rm");
-  result.message = "Command validation successful";
-  return result;
-}
-
-// src/adapters/noopAdapter.js
-async function noopAdapter(cmd) {
-  return {
-    adapter: "noop",
-    commandId: cmd.commandId || "unknown",
-    command: cmd.id || "unknown",
-    status: "completed",
-    output: `[NOOP] Would execute: ${cmd.id || "unknown"} on adapter: ${cmd.payload?.adapter || "unknown"}`,
-    exitCode: 0,
-    timestamp: (/* @__PURE__ */ new Date()).toISOString()
-  };
-}
-
-// src/adapters/shellAdapter.js
-import { spawnSync } from "child_process";
-import path5 from "path";
-import fs4 from "fs";
-function physicalPath(candidate) {
-  try {
-    return fs4.realpathSync(path5.resolve(candidate));
-  } catch {
-    return path5.resolve(candidate);
-  }
-}
-function normalizeArgs(args) {
-  if (args === void 0) return { ok: true, args: [] };
-  if (!Array.isArray(args)) {
-    return { ok: false, error: "payload.args must be an array" };
-  }
-  const normalized = [];
-  for (const arg of args) {
-    if (typeof arg !== "string" && typeof arg !== "number" && typeof arg !== "boolean") {
-      return { ok: false, error: "payload.args may only contain string, number, or boolean values" };
-    }
-    normalized.push(String(arg));
-  }
-  return { ok: true, args: normalized };
-}
-async function shellAdapter(cmd, policy, requester) {
-  const payload = cmd.payload;
-  const timeout = Math.min(Math.max(Number(payload.timeoutMs) || 3e4, 1), 3e4);
-  const maxOutputSize = Math.min(Math.max(Number(payload.maxOutputBytes) || 1024 * 1024, 1024), 1024 * 1024);
-  if (payload.adapter !== "shell") {
-    return {
-      adapter: "shell",
-      commandId: cmd.commandId,
-      status: "error",
-      error: "Adapter mismatch",
-      exitCode: 1
-    };
-  }
-  const allowedCmds = requester?.exec?.allowCmds || [];
-  const deniedCmds = requester?.exec?.denyCmds || [];
-  if (deniedCmds.includes(payload.cmd)) {
-    return {
-      adapter: "shell",
-      commandId: cmd.commandId,
-      status: "blocked",
-      error: `Command '${payload.cmd}' is denied`,
-      exitCode: 2
-    };
-  }
-  if (allowedCmds.length > 0 && !allowedCmds.includes(payload.cmd)) {
-    return {
-      adapter: "shell",
-      commandId: cmd.commandId,
-      status: "blocked",
-      error: `Command '${payload.cmd}' not in allowlist`,
-      exitCode: 2
-    };
-  }
-  const roots = requester?.filesystem?.roots || [];
-  const cwdAllow = roots.some((r) => {
-    const resolvedRoot = physicalPath(r);
-    const norm = physicalPath(payload.cwd);
-    return norm === resolvedRoot || norm.startsWith(resolvedRoot + path5.sep);
-  });
-  if (!cwdAllow) {
-    return {
-      adapter: "shell",
-      commandId: cmd.commandId,
-      status: "blocked",
-      error: `CWD '${payload.cwd}' not authorized`,
-      exitCode: 2
-    };
-  }
-  const argCheck = normalizeArgs(payload.args);
-  if (!argCheck.ok) {
-    return {
-      adapter: "shell",
-      commandId: cmd.commandId,
-      status: "blocked",
-      error: argCheck.error,
-      exitCode: 2
-    };
-  }
-  try {
-    const result = spawnSync(payload.cmd, argCheck.args, {
-      cwd: payload.cwd,
-      timeout,
-      encoding: "utf8",
-      maxBuffer: maxOutputSize,
-      stdio: ["pipe", "pipe", "pipe"],
-      shell: false
-    });
-    if (result.error) {
-      throw result.error;
-    }
-    const output = `${result.stdout || ""}${result.stderr || ""}`;
-    const exitCode = result.status ?? 1;
-    if (exitCode !== 0) {
-      return {
-        adapter: "shell",
-        commandId: cmd.commandId,
-        command: payload.cmd,
-        status: "error",
-        error: output.substring(0, maxOutputSize) || `Command exited with code ${exitCode}`,
-        exitCode,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
-      };
-    }
-    return {
-      adapter: "shell",
-      commandId: cmd.commandId,
-      command: payload.cmd,
-      status: "completed",
-      output: output.substring(0, maxOutputSize),
-      exitCode: 0,
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
-    };
-  } catch (err) {
-    return {
-      adapter: "shell",
-      commandId: cmd.commandId,
-      command: payload.cmd,
-      status: "error",
-      error: err.message,
-      exitCode: err.status || 1,
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
-    };
-  }
-}
-
-// src/adapters/fileAdapter.js
-import fs6 from "fs";
-import path7 from "path";
-
-// src/core/backup.js
-import fs5 from "fs";
-import path6 from "path";
-import crypto2 from "crypto";
-function createBackup(filePath, backupDir) {
-  const dir = backupDir || path6.resolve(".lbe/data/backups");
-  if (!fs5.existsSync(dir)) {
-    fs5.mkdirSync(dir, { recursive: true });
-  }
-  const target = path6.resolve(filePath);
-  const existed = fs5.existsSync(target);
-  let content = null;
-  let hash = null;
-  if (existed) {
-    content = fs5.readFileSync(target);
-    hash = crypto2.createHash("sha256").update(content).digest("hex");
-  }
-  const basename = path6.basename(target).replace(/[^a-zA-Z0-9._-]/g, "_");
-  const backupName = `${Date.now()}-${hash ? hash.slice(0, 8) : "new"}-${basename}`;
-  const backupPath = existed ? path6.join(dir, backupName) : null;
-  if (existed && content !== null) {
-    atomicWriteFileSync(backupPath, content);
-  }
-  return {
-    originalPath: target,
-    backupPath,
-    existed,
-    hash,
-    createdAt: (/* @__PURE__ */ new Date()).toISOString()
-  };
-}
-function restoreBackup(backupMeta) {
-  if (!backupMeta) return { restored: false, error: "No backup metadata" };
-  const { originalPath, backupPath, existed } = backupMeta;
-  if (!existed) {
-    try {
-      if (fs5.existsSync(originalPath)) fs5.unlinkSync(originalPath);
-      return { restored: true, action: "deleted" };
-    } catch (e) {
-      return { restored: false, error: e.message };
-    }
-  }
-  if (!backupPath || !fs5.existsSync(backupPath)) {
-    return { restored: false, error: "Backup file not found at: " + backupPath };
-  }
-  try {
-    const content = fs5.readFileSync(backupPath);
-    atomicWriteFileSync(originalPath, content);
-    return { restored: true, action: "restored" };
-  } catch (e) {
-    return { restored: false, error: e.message };
-  }
-}
-
-// src/adapters/fileAdapter.js
-var MAX_READ_BYTES = 10 * 1024 * 1024;
-function resolvedTarget(target, cwd) {
-  if (!target) return null;
-  return path7.isAbsolute(target) ? path7.resolve(target) : path7.resolve(cwd || process.cwd(), target);
-}
-function isUnderRoot(targetPath, roots) {
-  const norm = resolvePhysicalPath(targetPath);
-  return roots.some((r) => {
-    const root = resolvePhysicalPath(r);
-    return norm === root || norm.startsWith(root + path7.sep);
-  });
-}
-function resolvePhysicalPath(candidate) {
-  let current = path7.resolve(candidate);
-  const suffix = [];
-  while (!fs6.existsSync(current)) {
-    const parent = path7.dirname(current);
-    if (parent === current) break;
-    suffix.unshift(path7.basename(current));
-    current = parent;
-  }
-  try {
-    current = fs6.realpathSync(current);
-  } catch {
-  }
-  return path7.join(current, ...suffix);
-}
-function matchesDenyPattern(str, patterns) {
-  for (const pattern of patterns || []) {
-    const rx = new RegExp(
-      "^" + pattern.replace(/\./g, "\\.").replace(/\*\*/g, ".*").replace(/\*/g, "[^/\\\\]*") + "$"
-    );
-    if (rx.test(str)) return pattern;
-  }
-  return null;
-}
-function blocked(cmd, code, message, exitCode = 2) {
-  return {
-    adapter: "file",
-    commandId: cmd.commandId,
-    status: "blocked",
-    errorCode: code,
-    error: message,
-    exitCode
-  };
-}
-function fail(cmd, code, message, backup = null, exitCode = 1) {
-  return {
-    adapter: "file",
-    commandId: cmd.commandId,
-    status: "error",
-    errorCode: code,
-    error: message,
-    backup: backup ? summariseBackup(backup) : null,
-    exitCode
-  };
-}
-function summariseBackup(b) {
-  return b ? { path: b.backupPath, existed: b.existed, hash: b.hash, createdAt: b.createdAt } : null;
-}
-async function fileAdapter(cmd, policy, requester) {
-  const payload = cmd.payload;
-  const action = payload.action;
-  const cwd = payload.cwd || process.cwd();
-  const target = resolvedTarget(payload.target, cwd);
-  if (!action) return blocked(cmd, "FILE_NO_ACTION", "payload.action is required");
-  if (!target && action !== "noop") return blocked(cmd, "FILE_NO_TARGET", "payload.target is required");
-  const roots = requester?.filesystem?.roots || [];
-  if (roots.length === 0) return blocked(cmd, "FILE_NO_ROOTS", "No filesystem roots defined for requester");
-  if (!isUnderRoot(target, roots)) return blocked(cmd, "FILE_OUTSIDE_ROOT", `'${target}' is outside allowed roots`);
-  const denied = matchesDenyPattern(target, requester?.filesystem?.denyPatterns);
-  if (denied) return blocked(cmd, "FILE_PATH_DENIED", `'${target}' matches deny pattern: ${denied}`);
-  switch (action) {
-    case "read":
-      return doRead(cmd, target);
-    case "write":
-      return doWrite(cmd, target, payload);
-    case "patch":
-      return doPatch(cmd, target, payload);
-    case "delete":
-      return doDelete(cmd, target);
-    default:
-      return blocked(cmd, "FILE_UNKNOWN_ACTION", `Unknown action: '${action}'`);
-  }
-}
-function doRead(cmd, target) {
-  if (!fs6.existsSync(target)) return fail(cmd, "FILE_NOT_FOUND", `Not found: ${target}`);
-  try {
-    const stat = fs6.statSync(target);
-    if (stat.size > MAX_READ_BYTES) return fail(cmd, "FILE_TOO_LARGE", "File exceeds 10 MB read limit");
-    const content = fs6.readFileSync(target, "utf8");
-    return {
-      adapter: "file",
-      action: "read",
-      commandId: cmd.commandId,
-      status: "completed",
-      target,
-      output: content,
-      bytesRead: stat.size,
-      exitCode: 0
-    };
-  } catch (e) {
-    return fail(cmd, "FILE_READ_ERROR", e.message);
-  }
-}
-function doWrite(cmd, target, payload) {
-  const content = payload.content;
-  if (content === void 0 || content === null) {
-    return fail(cmd, "FILE_MISSING_CONTENT", "payload.content is required for write");
-  }
-  const backup = tryBackup(target);
-  try {
-    atomicWriteFileSync(target, content, { encoding: "utf8" });
-    return {
-      adapter: "file",
-      action: "write",
-      commandId: cmd.commandId,
-      status: "completed",
-      target,
-      backup: summariseBackup(backup),
-      output: `Wrote ${Buffer.byteLength(content, "utf8")} bytes to ${target}`,
-      exitCode: 0
-    };
-  } catch (e) {
-    restoreBackup(backup);
-    return fail(cmd, "FILE_WRITE_ERROR", e.message, backup);
-  }
-}
-function doPatch(cmd, target, payload) {
-  const content = payload.content;
-  if (content === void 0 || content === null) {
-    return fail(cmd, "FILE_MISSING_CONTENT", "payload.content is required for patch");
-  }
-  const backup = tryBackup(target);
-  try {
-    atomicWriteFileSync(target, content, { encoding: "utf8" });
-    return {
-      adapter: "file",
-      action: "patch",
-      commandId: cmd.commandId,
-      status: "completed",
-      target,
-      backup: summariseBackup(backup),
-      output: `Patched ${target} (${Buffer.byteLength(content, "utf8")} bytes)`,
-      exitCode: 0
-    };
-  } catch (e) {
-    restoreBackup(backup);
-    return fail(cmd, "FILE_PATCH_ERROR", e.message, backup);
-  }
-}
-function doDelete(cmd, target) {
-  if (!fs6.existsSync(target)) return fail(cmd, "FILE_NOT_FOUND", `Not found: ${target}`);
-  const backup = tryBackup(target);
-  try {
-    fs6.unlinkSync(target);
-    return {
-      adapter: "file",
-      action: "delete",
-      commandId: cmd.commandId,
-      status: "completed",
-      target,
-      backup: summariseBackup(backup),
-      output: `Deleted ${target}`,
-      exitCode: 0
-    };
-  } catch (e) {
-    restoreBackup(backup);
-    return fail(cmd, "FILE_DELETE_ERROR", e.message, backup);
-  }
-}
-function tryBackup(target) {
-  try {
-    return createBackup(target);
-  } catch {
-    return null;
-  }
-}
-
-// src/adapters/index.js
-var ADAPTERS = {
-  noop: noopAdapter,
-  shell: shellAdapter,
-  file: fileAdapter
-};
-function getAdapter(name) {
-  return ADAPTERS[name];
-}
-async function executeAdapter(adapterName, cmd, policy, requester) {
-  const adapter = getAdapter(adapterName);
-  if (!adapter) {
-    return {
-      adapter: adapterName,
-      commandId: cmd.commandId,
-      status: "error",
-      error: `Adapter '${adapterName}' not found`,
-      exitCode: 1
-    };
-  }
-  try {
-    return await adapter(cmd, policy, requester);
-  } catch (err) {
-    return {
-      adapter: adapterName,
-      commandId: cmd.commandId,
-      status: "error",
-      error: `Adapter execution failed: ${err.message}`,
-      exitCode: 9
-    };
-  }
-}
-var AVAILABLE_ADAPTERS = Object.keys(ADAPTERS);
-
-// src/core/auditLog.js
-import fs7 from "fs";
-import path8 from "path";
-import crypto3 from "crypto";
-function sha256(str) {
-  return crypto3.createHash("sha256").update(str).digest("hex");
-}
-function getLastHash(logPath) {
-  try {
-    if (!fs7.existsSync(logPath)) return "GENESIS";
-    const content = fs7.readFileSync(logPath, "utf8").trim();
-    if (!content) return "GENESIS";
-    const lines = content.split("\n");
-    const lastLine = lines[lines.length - 1];
-    try {
-      const lastEntry = JSON.parse(lastLine);
-      return lastEntry.hash || "GENESIS";
-    } catch (err) {
-      return "GENESIS";
-    }
-  } catch (err) {
-    return "GENESIS";
-  }
-}
-function appendAudit(logPath, entry) {
-  const dir = path8.dirname(logPath);
-  if (!fs7.existsSync(dir)) {
-    fs7.mkdirSync(dir, { recursive: true });
-  }
-  let result;
-  withFileLock(logPath, () => {
-    const prevHash = getLastHash(logPath);
-    const record = {
-      ...entry,
-      prevHash,
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
-    };
-    delete record.hash;
-    const recordStr = JSON.stringify(record);
-    const hash = sha256(recordStr);
-    const final = JSON.stringify({ ...record, hash });
-    let existingContent = "";
-    if (fs7.existsSync(logPath)) {
-      existingContent = fs7.readFileSync(logPath, "utf8");
-    }
-    try {
-      atomicWriteFileSync(logPath, existingContent + final + "\n", { encoding: "utf8" });
-    } catch (err) {
-      throw new Error(`Audit log write failed: ${err.message}`);
-    }
-    result = {
-      success: true,
-      hash,
-      prevHash,
-      message: "Audit entry appended"
-    };
-  });
-  return result;
-}
-function verifyAuditLogIntegrity(logPath, options = {}) {
-  const failFast = options.failFast !== false;
-  const maxEntries = Number.isFinite(options.maxEntries) && options.maxEntries > 0 ? Math.floor(options.maxEntries) : null;
-  const response = {
-    ok: true,
-    file: path8.resolve(logPath),
-    entries: 0,
-    valid: true,
-    firstInvalidIndex: null,
-    reason: null,
-    errors: [],
-    message: "Audit log verified"
-  };
-  try {
-    if (!fs7.existsSync(logPath)) {
-      response.message = "Audit log file not found (treated as empty)";
-      return response;
-    }
-    const raw = fs7.readFileSync(logPath, "utf8").trim();
-    if (!raw) {
-      response.message = "Empty audit log";
-      return response;
-    }
-    const allLines = raw.split("\n");
-    const lines = maxEntries ? allLines.slice(0, maxEntries) : allLines;
-    response.entries = lines.length;
-    let expectedPrevHash = "GENESIS";
-    for (let i = 0; i < lines.length; i++) {
-      let entry;
-      try {
-        entry = JSON.parse(lines[i]);
-      } catch {
-        const errObj = {
-          index: i,
-          reason: "INVALID_JSON_LINE",
-          message: `Line ${i} is not valid JSON`
-        };
-        response.valid = false;
-        response.ok = false;
-        response.firstInvalidIndex ??= i;
-        response.reason ??= errObj.reason;
-        response.errors.push(errObj);
-        if (failFast) break;
-        continue;
-      }
-      if (entry.prevHash !== expectedPrevHash) {
-        const errObj = {
-          index: i,
-          reason: "PREV_HASH_MISMATCH",
-          message: `Expected prevHash '${expectedPrevHash}', got '${entry.prevHash}'`
-        };
-        response.valid = false;
-        response.ok = false;
-        response.firstInvalidIndex ??= i;
-        response.reason ??= errObj.reason;
-        response.errors.push(errObj);
-        if (failFast) break;
-      }
-      const recordCopy = { ...entry };
-      const recordHash = recordCopy.hash;
-      delete recordCopy.hash;
-      const expectedHash = sha256(JSON.stringify(recordCopy));
-      if (recordHash !== expectedHash) {
-        const errObj = {
-          index: i,
-          reason: "HASH_MISMATCH",
-          message: `Expected hash '${expectedHash}', got '${recordHash}'`
-        };
-        response.valid = false;
-        response.ok = false;
-        response.firstInvalidIndex ??= i;
-        response.reason ??= errObj.reason;
-        response.errors.push(errObj);
-        if (failFast) break;
-      }
-      expectedPrevHash = recordHash;
-    }
-    response.message = response.valid ? `Audit log verified: ${response.entries} entries` : `Audit log integrity failed at index ${response.firstInvalidIndex}`;
-    return response;
-  } catch (err) {
-    return {
-      ok: false,
-      file: path8.resolve(logPath),
-      entries: 0,
-      valid: false,
-      firstInvalidIndex: null,
-      reason: "AUDIT_VERIFY_ERROR",
-      errors: [{ index: null, reason: "AUDIT_VERIFY_ERROR", message: err.message }],
-      message: `Integrity check failed: ${err.message}`
-    };
-  }
-}
-
-// src/core/localPolicy.js
-import fs8 from "fs";
-import path9 from "path";
-import crypto4 from "crypto";
-var POLICY_FILE = ".lbe/policy.json";
-var AUDIT_FILE = ".lbe/audit.jsonl";
-function glob(pattern) {
-  const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&");
-  return new RegExp("^" + escaped.replace(/\*\*\//g, "(?:.*/)?").replace(/\*\*/g, ".*").replace(/\*/g, "[^/]*") + "$");
-}
-function relative(root, value) {
-  const rel = path9.relative(root, path9.resolve(value));
-  return rel.split(path9.sep).join("/");
-}
-function localPolicyPaths(rootDir) {
-  const root = path9.resolve(rootDir || process.cwd());
-  return { root, policyPath: path9.join(root, POLICY_FILE), auditPath: path9.join(root, AUDIT_FILE) };
-}
-function loadLocalPolicy(rootDir, mode = "observe") {
-  const paths = localPolicyPaths(rootDir);
-  if (!fs8.existsSync(paths.policyPath)) {
-    return { ...paths, policy: { version: 1, mode, workspace: paths.root, rules: [] } };
-  }
-  const policy = JSON.parse(fs8.readFileSync(paths.policyPath, "utf8"));
-  if (policy?.version !== 1 || !["observe", "enforce"].includes(policy.mode) || !Array.isArray(policy.rules)) {
-    throw new Error(`Invalid ${POLICY_FILE}`);
-  }
-  return { ...paths, policy };
-}
-function writeLocalPolicy(rootDir, policy) {
-  const { policyPath, root } = localPolicyPaths(rootDir);
-  const next = { ...policy, version: 1, workspace: root, rules: Array.isArray(policy.rules) ? policy.rules : [] };
-  atomicWriteFileSync(policyPath, JSON.stringify(next, null, 2) + "\n", { encoding: "utf8" });
-  return next;
-}
-function addLocalPolicyRule(rootDir, rule, mode) {
-  if (!rule || !["allow", "deny"].includes(rule.effect) || !["path", "command"].includes(rule.type) || typeof rule.pattern !== "string" || !rule.pattern || typeof rule.from !== "string" || !rule.from) {
-    throw new Error("Rule requires effect, type, pattern, and from");
-  }
-  const loaded = loadLocalPolicy(rootDir, mode);
-  const entry = {
-    id: rule.id || crypto4.randomUUID(),
-    effect: rule.effect,
-    type: rule.type,
-    pattern: rule.pattern,
-    from: rule.from,
-    at: rule.at || (/* @__PURE__ */ new Date()).toISOString()
-  };
-  writeLocalPolicy(loaded.root, { ...loaded.policy, mode: mode || loaded.policy.mode, rules: [...loaded.policy.rules, entry] });
-  return { id: entry.id, added: true, rule: entry };
-}
-function proposePolicyRule(rule) {
-  return { ...rule, proposed: true, at: (/* @__PURE__ */ new Date()).toISOString() };
-}
-function evaluateLocalPolicy(policy, rootDir, { target, command } = {}) {
-  const root = path9.resolve(rootDir);
-  const candidates = [];
-  if (target) candidates.push({ type: "path", value: relative(root, target) });
-  if (command) candidates.push({ type: "command", value: command });
-  const matched = policy.rules.filter((rule) => candidates.some((c) => c.type === rule.type && glob(rule.pattern).test(c.value)));
-  const denied = matched.filter((rule) => rule.effect === "deny");
-  return { allowed: denied.length === 0, matched, winningRules: denied.length ? denied : matched.filter((r) => r.effect === "allow"), reason: denied.length ? "LOCAL_POLICY_DENY" : null };
-}
-function auditLocalPolicy(rootDir, entry) {
-  const { auditPath } = localPolicyPaths(rootDir);
-  appendAudit(auditPath, { kind: "local_policy", timestamp: (/* @__PURE__ */ new Date()).toISOString(), ...entry });
-}
-
-// src/exec/localExecutor.js
-var INTENTS = {
-  read_file: { id: "READ_FILE", adapter: "file", action: "read" },
-  write_file: { id: "WRITE_FILE", adapter: "file", action: "write" },
-  patch_file: { id: "PATCH_FILE", adapter: "file", action: "patch" },
-  delete_file: { id: "DELETE_FILE", adapter: "file", action: "delete" },
-  run_shell: { id: "RUN_SHELL", adapter: "shell", action: "run" }
-};
-var MUTATIONS = /* @__PURE__ */ new Set(["write_file", "patch_file", "delete_file"]);
-function error(code, message, recoverable = false) {
-  return { ok: false, decision: "deny", executed: false, dryRun: false, error: { code, message, recoverable } };
-}
-function commandPolicy(rootDir, actor, shell = {}) {
-  const now = /* @__PURE__ */ new Date();
-  const expires = new Date(now.getTime() + 365 * 24 * 60 * 60 * 1e3);
-  return {
-    version: 1,
-    default: "DENY",
-    requesters: {
-      [actor]: {
-        allowCommands: Object.values(INTENTS).map((item) => item.id),
-        allowAdapters: ["file", "shell"],
-        filesystem: { roots: [rootDir], denyPatterns: [] },
-        exec: { allowCmds: shell.allowCommands || [], denyCmds: shell.denyCommands || [] },
-        rateLimit: { windowSec: 60, maxRequests: shell.maxRequests || 60 }
-      }
-    },
-    security: { maxClockSkewSec: 600, defaultRateLimit: { windowSec: 60, maxRequests: 60 } },
-    _keyWindow: { notBefore: now.toISOString(), expiresAt: expires.toISOString() }
-  };
-}
-function physicalPath2(candidate) {
-  let current = path10.resolve(candidate);
-  const suffix = [];
-  while (!fs9.existsSync(current)) {
-    const parent = path10.dirname(current);
-    if (parent === current) break;
-    suffix.unshift(path10.basename(current));
-    current = parent;
-  }
-  try {
-    current = fs9.realpathSync(current);
-  } catch {
-  }
-  return path10.join(current, ...suffix);
-}
-function underRoot(candidate, root) {
-  const target = physicalPath2(candidate);
-  const resolvedRoot = physicalPath2(root);
-  return target === resolvedRoot || target.startsWith(resolvedRoot + path10.sep);
-}
-var FORBIDDEN_CONTENT = [
-  /\beval\s*\(/i,
-  /\bFunction\s*\(/i,
-  /\bexec\s*\(/i,
-  /\brequire\s*\(/,
-  /\bimport\s*\(/,
-  /\bchild_process\b/,
-  /\b__proto__\b/,
-  /\bconstructor\s*\[/,
-  /evalScript/i
-];
-function scanContent(value, fieldName) {
-  if (typeof value !== "string") return null;
-  for (const pattern of FORBIDDEN_CONTENT) {
-    if (pattern.test(value)) {
-      return error("PAYLOAD_CONTENT_REJECTED", `Forbidden pattern in ${fieldName}: ${pattern}`);
-    }
-  }
-  return null;
-}
-function normalize(rootDir, request, shell = {}) {
-  if (!request || typeof request !== "object") return { error: error("REQUEST_INVALID", "request must be an object") };
-  const detail = INTENTS[request.intent];
-  if (!detail) return { error: error("INTENT_UNSUPPORTED", `Unsupported intent '${request.intent}'`) };
-  const actor = typeof request.actor === "string" && request.actor ? request.actor : "agent:local";
-  let target = null;
-  if (detail.adapter === "file") {
-    if (typeof request.target !== "string" || !request.target) return { error: error("TARGET_REQUIRED", "target is required for file intents") };
-    target = path10.resolve(rootDir, request.target);
-    if (!underRoot(target, rootDir)) return { error: error("PATH_OUTSIDE_ROOT", "target is outside project root") };
-    if (["write_file", "patch_file"].includes(request.intent) && typeof request.content !== "string") {
-      return { error: error("CONTENT_REQUIRED", "content is required for write and patch") };
-    }
-    const contentScan = scanContent(request.content, "content");
-    if (contentScan) return { error: contentScan };
-  }
-  let command = null;
-  if (detail.adapter === "shell") {
-    command = request.command;
-    if (!command || typeof command.cmd !== "string" || !Array.isArray(command.args) || command.args.some((arg) => typeof arg !== "string")) {
-      return { error: error("COMMAND_INVALID", "command requires cmd and string args") };
-    }
-    const cwd = path10.resolve(rootDir, command.cwd || ".");
-    if (!underRoot(cwd, rootDir)) return { error: error("CWD_OUTSIDE_ROOT", "command cwd is outside project root") };
-    if (!Array.isArray(shell.allowCommands) || !shell.allowCommands.includes(command.cmd)) {
-      return { error: error("SHELL_NOT_ALLOWLISTED", `command '${command.cmd}' is not explicitly allowlisted`) };
-    }
-    if (shell.denyCommands?.includes(command.cmd)) return { error: error("SHELL_DENIED", `command '${command.cmd}' is denied`) };
-    command = { ...command, cwd, timeoutMs: Math.min(Math.max(command.timeoutMs || 3e4, 1), 3e4), maxOutputBytes: Math.min(Math.max(command.maxOutputBytes || 1024 * 1024, 1024), 1024 * 1024) };
-  }
-  return { actor, detail, target, command, request };
-}
-function envelope(normalized, keyId, secretKey) {
-  const { actor, detail, target, command, request } = normalized;
-  const body = {
-    id: detail.id,
-    risk: MUTATIONS.has(request.intent) ? "MEDIUM" : "LOW",
-    commandId: crypto5.randomUUID(),
-    requesterId: actor,
-    sessionId: "local-host",
-    timestamp: Math.floor(Date.now() / 1e3),
-    nonce: crypto5.randomBytes(32).toString("hex"),
-    requires: ["policy", "signature"],
-    payload: {
-      adapter: detail.adapter,
-      action: detail.action,
-      target,
-      content: request.content,
-      cmd: command?.cmd,
-      args: command?.args,
-      timeoutMs: command?.timeoutMs,
-      maxOutputBytes: command?.maxOutputBytes,
-      cwd: command?.cwd || (target ? path10.dirname(target) : process.cwd())
-    }
-  };
-  const signed = signEd25519({ payloadObj: body, secretKeyB64: secretKey });
-  if (signed.error) throw new Error(signed.error);
-  return { ...body, signature: { alg: "ed25519", keyId, sig: signed.signature } };
-}
-function createLocalExecutor(options = {}) {
-  const rootDir = path10.resolve(options.rootDir || process.cwd());
-  const keyId = options.keyId || "host:local-exec";
-  const keyPair = options.keyPair || generateKeyPair();
-  const shell = options.shell || {};
-  function prepare(request, { recordNonce = false } = {}) {
-    const normalized = normalize(rootDir, request, shell);
-    if (normalized.error) return normalized;
-    const local = loadLocalPolicy(rootDir, options.mode || "enforce");
-    const localDecision = evaluateLocalPolicy(local.policy, rootDir, { target: normalized.target, command: normalized.command?.cmd });
-    const localBlocked = local.policy.mode === "enforce" && !localDecision.allowed;
-    if (localBlocked) return { error: error("LOCAL_POLICY_DENY", `Blocked by rule(s): ${localDecision.winningRules.map((rule) => rule.id).join(", ")}`), local, localDecision, normalized };
-    const policy = commandPolicy(rootDir, normalized.actor, shell);
-    const keyStore = { defaultKeyId: keyId, trustedKeys: { [keyId]: { publicKey: keyPair.publicKey, notBefore: policy._keyWindow.notBefore, expiresAt: policy._keyWindow.expiresAt, deprecated: false } } };
-    delete policy._keyWindow;
-    const proposal = envelope(normalized, keyId, keyPair.secretKey);
-    const nonceDb = { entries: [] };
-    const validation = validateCommand({ commandObj: proposal, keyStore, nonceDb: recordNonce ? nonceDb : { entries: [] }, policy });
-    if (!validation.valid) return { error: error(validation.errors[0]?.type || "VALIDATION_FAILED", validation.errors[0]?.message || "Validation failed"), local, localDecision, normalized, proposal, policy, validation };
-    return { local, localDecision, normalized, proposal, policy, validation };
-  }
-  function evaluateSync(action) {
-    const local = loadLocalPolicy(rootDir, options.mode || "observe");
-    const mode = local.policy.mode;
-    let target = null;
-    let command = null;
-    if (action.path) {
-      try {
-        target = path10.resolve(rootDir, action.path);
-        if (!underRoot(target, rootDir)) {
-          return { decision: "deny", deny: true, matchedRules: ["path:outside_root"], mode, enforced: mode === "enforce", reason: "PATH_OUTSIDE_ROOT" };
-        }
-      } catch (e) {
-      }
-    }
-    if (action.cmd) command = action.cmd;
-    const localDecision = evaluateLocalPolicy(local.policy, rootDir, { target, command });
-    const isDeny = !localDecision.allowed;
-    return {
-      decision: isDeny ? "deny" : "allow",
-      deny: isDeny,
-      matchedRules: localDecision.winningRules.map((r) => r.id),
-      mode,
-      enforced: mode === "enforce"
-    };
-  }
-  function auditSync(entry) {
-    const eventsPath = path10.join(rootDir, ".lbe", "events.jsonl");
-    const dir = path10.dirname(eventsPath);
-    if (!fs9.existsSync(dir)) fs9.mkdirSync(dir, { recursive: true });
-    const line = JSON.stringify({ ts: Math.floor(Date.now() / 1e3), ...entry }) + "\n";
-    const fd = fs9.openSync(eventsPath, "a");
-    try {
-      fs9.writeSync(fd, line);
-    } finally {
-      fs9.closeSync(fd);
-    }
-  }
-  async function dryRun(request) {
-    const prepared = prepare(request);
-    if (prepared.error) return { ...prepared.error, dryRun: true };
-    return {
-      ok: true,
-      decision: prepared.local.policy.mode === "observe" ? "observe" : "allow",
-      executed: false,
-      dryRun: true,
-      matchedRules: prepared.localDecision.winningRules.map((rule) => rule.id),
-      rollback: { available: MUTATIONS.has(prepared.normalized.request.intent), performed: false }
-    };
-  }
-  async function execute(request) {
-    const prepared = prepare(request, { recordNonce: true });
-    if (prepared.error) {
-      auditLocalPolicy(rootDir, { action: request?.intent, actor: request?.actor || "agent:local", decision: "deny", error: prepared.error.error.code });
-      return prepared.error;
-    }
-    if (prepared.local.policy.mode === "observe") {
-      appendAudit(path10.join(rootDir, ".lbe/audit.jsonl"), {
-        kind: "local_execution",
-        commandId: prepared.proposal.commandId,
-        requesterId: prepared.normalized.actor,
-        intent: prepared.normalized.request.intent,
-        decision: "observe",
-        status: "observed"
-      });
-      return {
-        ok: true,
-        decision: "observe",
-        executed: false,
-        dryRun: false,
-        matchedRules: prepared.localDecision.winningRules.map((r) => r.id),
-        rollback: { available: false, performed: false }
-      };
-    }
-    const requester = prepared.policy.requesters[prepared.normalized.actor];
-    const adapterResult = await executeAdapter(prepared.normalized.detail.adapter, prepared.proposal, prepared.policy, requester);
-    const ok = adapterResult.status === "completed";
-    const audit = appendAudit(path10.join(rootDir, ".lbe/audit.jsonl"), {
-      kind: "local_execution",
-      commandId: prepared.proposal.commandId,
-      requesterId: prepared.normalized.actor,
-      intent: prepared.normalized.request.intent,
-      decision: ok ? "allow" : "deny",
-      status: adapterResult.status
-    });
-    return {
-      ok,
-      decision: ok ? "allow" : "deny",
-      executed: ok,
-      dryRun: false,
-      matchedRules: prepared.localDecision.winningRules.map((rule) => rule.id),
-      auditId: audit.hash,
-      rollback: { available: MUTATIONS.has(prepared.normalized.request.intent), performed: false, backupId: adapterResult.backup?.hash },
-      ...ok ? {} : { error: { code: adapterResult.errorCode || "EXECUTION_FAILED", message: adapterResult.error || "Execution failed", recoverable: true } }
-    };
-  }
-  const writeFile = (target, content) => execute({ intent: "write_file", target, content });
-  const readFile = (target) => execute({ intent: "read_file", target });
-  const patchFile = (target, content) => execute({ intent: "patch_file", target, content });
-  const deleteFile = (target) => execute({ intent: "delete_file", target });
-  const runShell = (cmd, args = [], opts = {}) => execute({ intent: "run_shell", command: { cmd, args, ...opts } });
-  return {
-    rootDir,
-    // High-level API — use these
-    writeFile,
-    readFile,
-    patchFile,
-    deleteFile,
-    runShell,
-    // Low-level API — for advanced use
-    validate: async (request) => {
-      const preview = await dryRun(request);
-      return { ...preview, dryRun: false, executed: false };
-    },
-    dryRun,
-    execute,
-    policy: {
-      read: () => loadLocalPolicy(rootDir, options.mode || "enforce").policy,
-      proposeRule: proposePolicyRule,
-      addRule: (rule) => addLocalPolicyRule(rootDir, rule, options.mode || "enforce")
-    },
-    audit: { verify: () => verifyAuditLogIntegrity(path10.join(rootDir, ".lbe/audit.jsonl")) },
-    evaluateSync,
-    auditSync
-  };
-}
-export {
-  createLocalExecutor
-};
+import je from"crypto";import q from"fs";import A from"path";import J from"tweetnacl";import{canonicalize as ce}from"json-canonicalize";function z(e){return Buffer.from(e,"base64")}function G(e){return Buffer.from(e).toString("base64")}function le({payloadObj:e,sigB64:t,pubKeyB64:r}){try{let n=Buffer.from(ce(e),"utf8"),o=z(t),i=z(r),s=J.sign.detached.verify(new Uint8Array(n),new Uint8Array(o),new Uint8Array(i));return{valid:s,message:s?"Signature verified":"Signature verification failed"}}catch(n){return{valid:!1,message:`Signature verification error: ${n.message}`}}}function de(){let e=J.sign.keyPair();return{publicKey:G(e.publicKey),secretKey:G(e.secretKey)}}function ue({payloadObj:e,secretKeyB64:t}){try{let r=Buffer.from(ce(e),"utf8"),n=z(t),o=J.sign.detached(new Uint8Array(r),new Uint8Array(n));return{signature:G(o),error:null}}catch(r){return{signature:null,error:`Signing failed: ${r.message}`}}}import ye from"fs";import tt from"path";import R from"fs";import X from"path";import Xe from"crypto";var Qe={timeoutMs:5e3,pollMs:15,staleMs:3e4};function Ze(e){return e+".lock"}function fe(e){try{let t=R.openSync(e,"wx");return R.writeSync(t,`pid:${process.pid}:${Date.now()}`),R.closeSync(t),!0}catch(t){if(t.code==="EEXIST"||t.code==="EPERM"||t.code==="EBUSY"||t.code==="EACCES")return!1;throw t}}function pe(e,t){try{let r=R.statSync(e);if(Date.now()-r.mtimeMs>t)try{R.unlinkSync(e)}catch{}}catch{}}function et(e){let t=Date.now()+e;for(;Date.now()<t;)try{Atomics.wait(new Int32Array(new SharedArrayBuffer(4)),0,0,Math.max(1,t-Date.now()))}catch{}}function me(e,t,r){let n=typeof t=="function"?t:r,o=typeof t=="function"?{}:t||{},{timeoutMs:i,pollMs:s,staleMs:a}={...Qe,...o},d=X.dirname(e);R.existsSync(d)||R.mkdirSync(d,{recursive:!0});let l=Ze(e),I=Date.now()+i,f=!1;for(;!f&&(f=fe(l),!f);){if(Date.now()>=I){if(pe(l,a),f=fe(l),f)break;let m=new Error(`withFileLock: timeout acquiring ${l} after ${i}ms`);throw m.code="ELOCKTIMEOUT",m}pe(l,a);let p=Math.floor(Math.random()*s);et(s+p)}try{return n()}finally{try{R.unlinkSync(l)}catch{}}}function v(e,t,r={}){let n=X.dirname(e);R.existsSync(n)||R.mkdirSync(n,{recursive:!0});let o=X.join(n,`.tmp-${Date.now()}-${Xe.randomBytes(4).toString("hex")}`);try{R.writeFileSync(o,t,r),R.renameSync(o,e)}catch(i){try{R.existsSync(o)&&R.unlinkSync(o)}catch{}throw i}}function he(e){if(typeof e=="number"&&Number.isFinite(e))return{ok:!0,kind:"int",parts:[Math.floor(e)],raw:String(e)};if(typeof e!="string"||!e.trim())return{ok:!1,reason:"POLICY_VERSION_INVALID",message:"Policy version is required"};let t=e.trim();if(/^\d+$/.test(t))return{ok:!0,kind:"int",parts:[Number(t)],raw:t};let r=t.replace(/^v/i,"");if(/^\d+(\.\d+){0,2}$/.test(r)){let n=r.split(".").map(o=>Number(o));for(;n.length<3;)n.push(0);return{ok:!0,kind:"semver",parts:n,raw:t}}return{ok:!1,reason:"POLICY_VERSION_INVALID",message:`Unsupported policy version format '${e}' (use integer or semver)`}}function rt(e,t){let r=Math.max(e.parts.length,t.parts.length);for(let n=0;n<r;n++){let o=e.parts[n]??0,i=t.parts[n]??0;if(o>i)return 1;if(o<i)return-1}return 0}function Ie(e){if(typeof e=="number"&&Number.isFinite(e))return{ok:!0,epochSec:e>1e12?Math.floor(e/1e3):Math.floor(e)};if(typeof e!="string"||!e.trim())return{ok:!1,reason:"POLICY_CREATED_AT_INVALID",message:"Policy createdAt is required"};let t=Date.parse(e);return Number.isNaN(t)?{ok:!1,reason:"POLICY_CREATED_AT_INVALID",message:`Invalid policy createdAt '${e}'`}:{ok:!0,epochSec:Math.floor(t/1e3)}}function nt(e){if(!ye.existsSync(e))return{schemaVersion:"1",lastAccepted:null,updatedAt:null};try{let t=JSON.parse(ye.readFileSync(e,"utf8"));if(!t||typeof t!="object")throw new Error("Policy state file has invalid structure");return{schemaVersion:String(t.schemaVersion||"1"),lastAccepted:t.lastAccepted&&typeof t.lastAccepted=="object"?t.lastAccepted:null,updatedAt:t.updatedAt||null}}catch(t){throw new Error(`Policy state at ${e} is corrupt or unreadable: ${t.message}`)}}function ot(e,t){let r=JSON.stringify(t,null,2);v(e,r,{encoding:"utf8"})}function Ee({policyObj:e,statePath:t=tt.resolve(".lbe/data/policy.state.json"),maxCreatedAtSkewSec:r=31536e3,nowSec:n=Math.floor(Date.now()/1e3),persist:o=!0}){let i=he(e?.version);if(!i.ok)return{ok:!1,reason:i.reason,message:i.message,updated:!1};let s=Ie(e?.createdAt);if(!s.ok)return{ok:!1,reason:s.reason,message:s.message,updated:!1};let a=Math.abs(n-s.epochSec),d=Number.isFinite(r)&&r>0?Math.floor(r):31536e3;if(a>d)return{ok:!1,reason:"POLICY_CREATED_AT_SKEW_EXCEEDED",message:`Policy createdAt skew ${a}s exceeds allowed ${d}s`,updated:!1};let l;try{l=nt(t)}catch(u){return{ok:!1,reason:"POLICY_STATE_CORRUPT",message:u.message,updated:!1}}let I=l.lastAccepted,f=null,p=null,m=0;if(I&&(f=he(I.version),p=Ie(I.createdAt),f.ok&&p.ok)){if(m=rt(i,f),m<0)return{ok:!1,reason:"POLICY_VERSION_REGRESSION",message:`Policy version regression: current '${i.raw}' < last '${f.raw}'`,updated:!1};if(m===0&&s.epochSec<p.epochSec)return{ok:!1,reason:"POLICY_CREATED_AT_REGRESSION",message:`Policy createdAt regression: current '${e.createdAt}' < last '${I.createdAt}'`,updated:!1};if(m>0&&s.epochSec<p.epochSec)return{ok:!1,reason:"POLICY_CREATED_AT_REGRESSION",message:"Policy createdAt must be monotonic when version increases",updated:!1}}let E=!I||!f?.ok||!p?.ok||m>0||m===0&&s.epochSec>p.epochSec;if(o&&E){let u={schemaVersion:"1",lastAccepted:{version:e.version,createdAt:e.createdAt,environment:e.environment||null},updatedAt:new Date().toISOString()};ot(t,u)}return{ok:!0,reason:null,message:"Policy version guard passed",updated:E}}import ge from"fs";import ke from"path";import{fileURLToPath as st}from"url";var it=ke.dirname(st(import.meta.url)),Q=ke.join(it,"lbe_engine.wasm"),Se={0:{allowed:!0,reason:null,message:"Policy check passed"},1:{allowed:!1,reason:"POLICY_NOT_CONFIGURED",message:"No policy configured"},2:{allowed:!1,reason:"REQUESTER_NOT_ALLOWED",message:"Requester not in policy"},3:{allowed:!1,reason:"COMMAND_NOT_ALLOWED",message:"Command not allowed for requester"},4:{allowed:!1,reason:"ADAPTER_NOT_ALLOWED",message:"Adapter not allowed"},5:{allowed:!1,reason:"NO_FILESYSTEM_ROOTS_DEFINED",message:"No filesystem roots defined for requester"},6:{allowed:!1,reason:"CWD_OUTSIDE_ALLOWED_ROOT",message:"Path not under allowed roots"},7:{allowed:!1,reason:"PATH_DENIED_BY_PATTERN",message:"Path matches deny pattern"},8:{allowed:!1,reason:"SHELL_CMD_DENIED",message:"Shell command not allowed"}},at={0:{valid:!0,error:null},1:{valid:!1,error:"Missing required field: id"},2:{valid:!1,error:"Missing required field: commandId"},3:{valid:!1,error:"Missing required field: requesterId"},4:{valid:!1,error:"Missing required field: sessionId"},5:{valid:!1,error:"Missing required field: timestamp"},6:{valid:!1,error:"Missing required field: nonce"},7:{valid:!1,error:"Missing required field: requires"},8:{valid:!1,error:"Missing required field: payload"},9:{valid:!1,error:"Missing required field: signature"},10:{valid:!1,error:"Field 'id' is invalid"},11:{valid:!1,error:"Field 'commandId' is invalid"},12:{valid:!1,error:"Field 'requesterId' is invalid"},13:{valid:!1,error:"Field 'sessionId' is invalid"},14:{valid:!1,error:"Field 'timestamp' is invalid"},15:{valid:!1,error:"Field 'nonce' is invalid"},16:{valid:!1,error:"Field 'requires' is invalid"},17:{valid:!1,error:"payload: missing required field: adapter"},18:{valid:!1,error:"payload: field 'adapter' is invalid"},19:{valid:!1,error:"signature: missing required field: alg"},20:{valid:!1,error:"signature: missing required field: keyId"},21:{valid:!1,error:"signature: missing required field: sig"},22:{valid:!1,error:"signature: field 'alg' must be ed25519"},23:{valid:!1,error:"signature: field 'sig' is invalid"},24:{valid:!1,error:"Field 'risk' is invalid"}},ct={1:"KEY_ID_INVALID",2:"KEY_NOT_TRUSTED",3:"KEY_DEPRECATED",4:"KEY_REQUESTER_MISMATCH",5:"KEY_LIFECYCLE_INVALID",6:"KEY_NOT_YET_VALID",7:"KEY_EXPIRED"},lt={0:"schema",1:"timestamp",2:"key",3:"signature",4:"rate_limit",5:"nonce",6:"policy",255:"ok"},dt=["LOW","MEDIUM","HIGH","CRITICAL"],ut={ECHO:0,READ_FILE:1,WRITE_FILE:2,PATCH_FILE:3,DELETE_FILE:4,RUN_SHELL:5},B=null;function C(){if(B)return B;if(!ge.existsSync(Q))throw new Error(`LBE engine missing: ${Q}`);let e=ge.readFileSync(Q);return B=new WebAssembly.Instance(new WebAssembly.Module(e),{}),B}function Y(){return new Uint8Array(C().exports.memory.buffer)}function we(){return C().exports.lbe_in_ptr()}function _e(){return C().exports.lbe_out_ptr()}function ft(){return C().exports.lbe_buf_size()}function xe(e){let t=new TextEncoder().encode(e),r=Y(),n=we();r.set(t,n),r[n+t.length]=0}function Ae(){let e=Y(),t=_e(),r=t;for(;e[r]!==0&&r-t<ft();)r++;return new TextDecoder().decode(e.slice(t,r))}function pt(e){let t=Y(),r=we(),n=new DataView(t.buffer,r);e.forEach((o,i)=>n.setUint32(i*4,o>>>0,!0))}function mt(){let e=Y(),t=_e(),r=new DataView(e.buffer,t);return{stage:r.getUint32(0,!0),code:r.getUint32(4,!0)}}function Re(e){pt([e.hasId?1:0,e.idValid?1:0,e.hasCommandId?1:0,e.commandIdValid?1:0,e.hasRequesterId?1:0,e.requesterIdValid?1:0,e.hasSessionId?1:0,e.sessionIdValid?1:0,e.hasTimestamp?1:0,e.timestampValid?1:0,e.hasNonce?1:0,e.nonceValid?1:0,e.hasRequires?1:0,e.requiresValid?1:0,e.hasPayload?1:0,e.hasPayloadAdapter?1:0,e.payloadAdapterValid?1:0,e.hasSignature?1:0,e.hasSignatureAlg?1:0,e.signatureAlgValid?1:0,e.hasSignatureKeyId?1:0,e.hasSignatureSig?1:0,e.signatureSigValid?1:0,e.hasRisk?1:0,e.riskValid?1:0,e.cmdTimestamp>>>0,e.nowSec>>>0,e.maxClockSkewSec>>>0,e.keyIdFormatValid?1:0,e.keyFound?1:0,e.keyNotDeprecated?1:0,e.keyRequesterMatches?1:0,e.keyNotBeforeOk?1:0,e.keyNotExpired?1:0,e.keyLifecycleFieldsPresent?1:0,e.signatureValid?1:0,e.rateLimitOk?1:0,e.rateLimitRetryAfterSec>>>0,e.nonceOk?1:0,e.policyConfigured?1:0,e.requesterConfigured?1:0,e.commandAllowed?1:0,e.adapterAllowed?1:0,e.filesystemRequired?1:0,e.filesystemRootsDefined?1:0,e.filesystemOk?1:0,e.pathDenied?1:0,e.shellRequired?1:0,e.shellCommandOk?1:0]),C().exports.lbe_validate_pipeline();let{stage:t,code:r}=mt();return{ok:t===255,stage:t,stageLabel:lt[t]||"unknown",code:r,schemaError:t===0?at[r]?.error||"Schema invalid":null,keyReason:t===2?ct[r]||"KEY_ERROR":null,policyResult:t===6?{...Se[r]||Se[1],code:r}:null,retryAfterSec:t===4?r:0,skewSec:t===1?r:0}}function Z({ttlSec:e,nowSec:t,newKey:r,existingEntries:n}){let o=[`${e}:${t}`,r,...n].join(`
+`)+`
+`;if(xe(o),C().exports.lbe_nonce_check()!==0)return{ok:!1,updatedEntriesText:null};let s=Ae();return{ok:!0,updatedEntriesText:s.startsWith(`OK
+`)?s.slice(3):s}}function ve({windowSec:e,maxRequests:t,nowSec:r,requesterId:n,existingEntries:o}){let i=[`${e}:${t}:${r}`,n,...o].join(`
+`)+`
+`;xe(i);let s=C().exports.lbe_rate_check()!==0,a=Ae();if(s){let d=parseInt(a.match(/^EXCEEDED:(\d+)/)?.[1]??"1",10),l=a.replace(/^EXCEEDED:\d+\n/,"");return{ok:!1,retryAfterSec:d,updatedEntriesText:l}}return{ok:!0,retryAfterSec:0,updatedEntriesText:a.startsWith(`OK
+`)?a.slice(3):a}}function De(e,t=!1){let r=ut[e]??0,n=C().exports.lbe_classify_risk(r,t?1:0);return dt[n]??"LOW"}import ee from"path";function yt(e){let t=i=>e!=null&&Object.prototype.hasOwnProperty.call(e,i),r=i=>typeof i=="string",n=e?.payload,o=e?.signature;return{hasId:t("id"),idValid:r(e?.id)&&/^[A-Z_]+$/.test(e.id)&&e.id.length>=1&&e.id.length<=50,hasCommandId:t("commandId"),commandIdValid:r(e?.commandId)&&/^[a-f0-9-]+$/.test(e.commandId)&&e.commandId.length===36,hasRequesterId:t("requesterId"),requesterIdValid:r(e?.requesterId)&&e.requesterId.length>=3&&e.requesterId.length<=100,hasSessionId:t("sessionId"),sessionIdValid:r(e?.sessionId)&&e.sessionId.length>=3,hasTimestamp:t("timestamp"),timestampValid:typeof e?.timestamp=="number"&&e.timestamp>=1e9,hasNonce:t("nonce"),nonceValid:r(e?.nonce)&&e.nonce.length>=32&&e.nonce.length<=128,hasRequires:t("requires"),requiresValid:Array.isArray(e?.requires)&&e.requires.length>=1&&e.requires.every(r),hasPayload:t("payload")&&typeof n=="object"&&n!==null&&!Array.isArray(n),hasPayloadAdapter:n!=null&&Object.prototype.hasOwnProperty.call(n,"adapter"),payloadAdapterValid:r(n?.adapter),hasSignature:t("signature")&&typeof o=="object"&&o!==null&&!Array.isArray(o),hasSignatureAlg:o!=null&&Object.prototype.hasOwnProperty.call(o,"alg"),signatureAlgValid:o?.alg==="ed25519",hasSignatureKeyId:o!=null&&Object.prototype.hasOwnProperty.call(o,"keyId"),hasSignatureSig:o!=null&&Object.prototype.hasOwnProperty.call(o,"sig"),signatureSigValid:r(o?.sig)&&o.sig.length>=10,hasRisk:t("risk"),riskValid:["LOW","MEDIUM","HIGH","CRITICAL"].includes(e?.risk)}}function ht(e,t){let r=!!(e&&e.default==="DENY"&&e.requesters&&typeof e.requesters=="object"),n=e?.requesters?.[t.requesterId],o=t.id?.toLowerCase()??"",i=!!n?.allowCommands?.some(m=>m.toLowerCase()===o),s=!!n?.allowAdapters?.includes(t.payload?.adapter),a=!!t.payload?.cwd,d=!1,l=!1,I=!1;if(a){let m=n?.filesystem?.roots??[];if(d=m.length>0,d){let E=ee.resolve(t.payload.cwd);l=m.some(c=>{let y=ee.resolve(c);return E===y||E.startsWith(y+ee.sep)}),I=(n?.filesystem?.denyPatterns??[]).some(c=>new RegExp("^"+c.replace(/\./g,"\\.").replace(/\*\*/g,".*").replace(/\*/g,"[^/]*")+"$").test(E))}}let f=!1,p=!0;if(t.id==="RUN_SHELL"){f=!0;let m=n?.exec?.allowCmds??[],E=n?.exec?.denyCmds??[],u=t.payload?.cmd;E.includes(u)?p=!1:p=m.length===0||m.includes(u)}return{policyConfigured:r,requesterConfigured:!!n,commandAllowed:i,adapterAllowed:s,filesystemRequired:a,filesystemRootsDefined:d,filesystemOk:l,pathDenied:I,shellRequired:f,shellCommandOk:p}}function It(e,t,r,n=new Date){if(!e||!t)return{keyIdFormatValid:!1,keyFound:!1,keyNotDeprecated:!1,keyRequesterMatches:!1,keyNotBeforeOk:!1,keyNotExpired:!1,keyLifecycleFieldsPresent:!1,publicKey:null};let i=/^[A-Za-z0-9:_-]{3,128}$/.test(t)&&t!=="default";if(!i)return{keyIdFormatValid:i,keyFound:!1,keyNotDeprecated:!1,keyRequesterMatches:!1,keyNotBeforeOk:!1,keyNotExpired:!1,keyLifecycleFieldsPresent:!1,publicKey:null};let s=e.trustedKeys?.[t],a=!!s;if(!a)return{keyIdFormatValid:i,keyFound:a,keyNotDeprecated:!1,keyRequesterMatches:!1,keyNotBeforeOk:!1,keyNotExpired:!1,keyLifecycleFieldsPresent:!1,publicKey:null};let d=!s.deprecated,l=!s.requesterId||s.requesterId===r,I=s.notBefore||s.validFrom,f=s.expiresAt||s.validUntil,p=typeof I=="string"&&typeof f=="string",m=!1,E=!1;if(p){let u=new Date(I),c=new Date(f);!isNaN(u.getTime())&&!isNaN(c.getTime())&&u<c&&(m=n>=u,E=n<c)}return{keyIdFormatValid:i,keyFound:a,keyNotDeprecated:d,keyRequesterMatches:l,keyNotBeforeOk:m,keyNotExpired:E,keyLifecycleFieldsPresent:p,publicKey:s.publicKey??null}}function Oe(e){return(e?.entries??[]).map(t=>`${t.key}:${t.timestamp}`)}function Ne(e){return e.split(`
+`).filter(Boolean).map(t=>{let r=t.lastIndexOf(":");return{key:t.slice(0,r),timestamp:parseInt(t.slice(r+1),10)||0}})}function Et(e){return(e?.entries??[]).map(t=>`${t.requesterId}:${t.timestamp}`)}function gt(e){return e.split(`
+`).filter(Boolean).map(t=>{let r=t.lastIndexOf(":");return{requesterId:t.slice(0,r),timestamp:parseInt(t.slice(r+1),10)||0}})}function Le({commandObj:e,pubKeyB64:t,keyStore:r,nonceDb:n,policy:o,rateLimiter:i,policyStatePath:s}){let a={valid:!1,commandId:e?.commandId,checks:{},errors:[]},d=Math.floor(Date.now()/1e3),l=new Date,I=Number.isFinite(o?.security?.maxClockSkewSec)?o.security.maxClockSkewSec:600;if(s&&o?.version!==void 0)try{let h=Ee({policyObj:o,statePath:s});if(a.checks.policyVersion=h.ok,!h.ok)return a.errors.push({type:"POLICY_VERSION_INVALID",message:h.message}),a}catch{a.checks.policyVersion=!0}else a.checks.policyVersion=!0;let f=yt(e),p=e?.signature?.keyId,m=It(r,p,e?.requesterId,l),E=!1,u=m.publicKey;if(!u&&t&&(u=t),u){let h={...e};delete h.signature,E=le({payloadObj:h,sigB64:e?.signature?.sig,pubKeyB64:u}).valid}let c=!0,y=0;if(E&&i&&typeof i.db<"u"){let h=o?.requesters?.[e.requesterId]?.rateLimit||{},_=o?.security?.defaultRateLimit||{},L=h.windowSec??_.windowSec??60,Je=h.maxRequests??_.maxRequests??30,U=ve({windowSec:L,maxRequests:Je,nowSec:d,requesterId:e.requesterId,existingEntries:Et(i.db)});c=U.ok,y=U.retryAfterSec,U.ok&&(i.db.entries=gt(U.updatedEntriesText))}else if(E&&i&&typeof i.checkAndRecord=="function"){let h=o?.requesters?.[e.requesterId]?.rateLimit||{},_=o?.security?.defaultRateLimit||{},L=i.checkAndRecord({requesterId:e.requesterId,nowSec:d,windowSec:h.windowSec??_.windowSec??60,maxRequests:h.maxRequests??_.maxRequests??30});c=L.ok,y=L.retryAfterSec??0}let g=!0,S=`${e?.requesterId}|${e?.sessionId}|${e?.nonce}`,N=3600;if(E&&c&&n)if(typeof n.checkAndRecord=="function")if(n.db){let h=Z({ttlSec:N,nowSec:d,newKey:S,existingEntries:Oe(n.db)});g=h.ok,h.ok&&(n.db.entries=Ne(h.updatedEntriesText))}else g=n.checkAndRecord({requesterId:e.requesterId,sessionId:e.sessionId,nonce:e.nonce}).ok;else{let h=Z({ttlSec:N,nowSec:d,newKey:S,existingEntries:Oe(n)});g=h.ok,h.ok&&(n.entries=Ne(h.updatedEntriesText))}let x=ht(o,e??{}),w=Re({...f,cmdTimestamp:e?.timestamp??0,nowSec:d,maxClockSkewSec:I,...m,signatureValid:E,rateLimitOk:c,rateLimitRetryAfterSec:y,nonceOk:g,...x}),k=w.stage;if(a.checks.schema=k!==0,k>=1&&(a.checks.timestamp=k!==1),k>=2&&(a.checks.keyId=k!==2),k>=2&&(a.checks.signature=k!==2&&k!==3),k>=4&&(a.checks.rateLimit=k!==4),k>=5&&(a.checks.nonce=k!==5),(k>=6||w.ok)&&(a.checks.policy=k!==6),!w.ok){let h=w.stageLabel;if(h==="schema")a.errors.push({type:"SCHEMA_ERROR",message:w.schemaError||"Schema invalid"});else if(h==="timestamp")a.errors.push({type:"TIMESTAMP_SKEW_EXCEEDED",message:`Command timestamp skew ${w.skewSec}s exceeds allowed ${I}s`});else if(h==="key"){let _=w.keyReason||"KEY_ERROR",L={KEY_ID_INVALID:`Invalid keyId '${p}'`,KEY_NOT_TRUSTED:`Key '${p}' is not in trusted key store`,KEY_DEPRECATED:`Key '${p}' is deprecated`,KEY_REQUESTER_MISMATCH:`Key '${p}' is not authorized for requester '${e?.requesterId}'`,KEY_LIFECYCLE_INVALID:`Key '${p}' must define notBefore and expiresAt`,KEY_NOT_YET_VALID:`Key '${p}' is not yet valid`,KEY_EXPIRED:`Key '${p}' has expired`};a.errors.push({type:_,message:L[_]||_})}else h==="signature"?a.errors.push({type:"SIGNATURE_INVALID",message:u?"Signature verification failed":"No public key available"}):h==="rate_limit"?a.errors.push({type:"RATE_LIMIT_EXCEEDED",message:`Rate limit exceeded. Retry after ${w.retryAfterSec}s`}):h==="nonce"?a.errors.push({type:"REPLAY_NONCE",message:"Nonce has already been used"}):h==="policy"&&w.policyResult?a.errors.push({type:w.policyResult.reason,message:w.policyResult.message}):a.errors.push({type:"VALIDATION_FAILED",message:`Failed at stage: ${h}`});return a}return a.valid=!0,a.risk=De(e.id,e.payload?.cmd==="rm"),a.message="Command validation successful",a}async function Ce(e){return{adapter:"noop",commandId:e.commandId||"unknown",command:e.id||"unknown",status:"completed",output:`[NOOP] Would execute: ${e.id||"unknown"} on adapter: ${e.payload?.adapter||"unknown"}`,exitCode:0,timestamp:new Date().toISOString()}}import{spawnSync as St}from"child_process";import te from"path";import kt from"fs";function Te(e){try{return kt.realpathSync(te.resolve(e))}catch{return te.resolve(e)}}function wt(e){if(e===void 0)return{ok:!0,args:[]};if(!Array.isArray(e))return{ok:!1,error:"payload.args must be an array"};let t=[];for(let r of e){if(typeof r!="string"&&typeof r!="number"&&typeof r!="boolean")return{ok:!1,error:"payload.args may only contain string, number, or boolean values"};t.push(String(r))}return{ok:!0,args:t}}async function be(e,t,r){let n=e.payload,o=Math.min(Math.max(Number(n.timeoutMs)||3e4,1),3e4),i=Math.min(Math.max(Number(n.maxOutputBytes)||1024*1024,1024),1024*1024);if(n.adapter!=="shell")return{adapter:"shell",commandId:e.commandId,status:"error",error:"Adapter mismatch",exitCode:1};let s=r?.exec?.allowCmds||[];if((r?.exec?.denyCmds||[]).includes(n.cmd))return{adapter:"shell",commandId:e.commandId,status:"blocked",error:`Command '${n.cmd}' is denied`,exitCode:2};if(s.length>0&&!s.includes(n.cmd))return{adapter:"shell",commandId:e.commandId,status:"blocked",error:`Command '${n.cmd}' not in allowlist`,exitCode:2};if(!(r?.filesystem?.roots||[]).some(f=>{let p=Te(f),m=Te(n.cwd);return m===p||m.startsWith(p+te.sep)}))return{adapter:"shell",commandId:e.commandId,status:"blocked",error:`CWD '${n.cwd}' not authorized`,exitCode:2};let I=wt(n.args);if(!I.ok)return{adapter:"shell",commandId:e.commandId,status:"blocked",error:I.error,exitCode:2};try{let f=St(n.cmd,I.args,{cwd:n.cwd,timeout:o,encoding:"utf8",maxBuffer:i,stdio:["pipe","pipe","pipe"],shell:!1});if(f.error)throw f.error;let p=`${f.stdout||""}${f.stderr||""}`,m=f.status??1;return m!==0?{adapter:"shell",commandId:e.commandId,command:n.cmd,status:"error",error:p.substring(0,i)||`Command exited with code ${m}`,exitCode:m,timestamp:new Date().toISOString()}:{adapter:"shell",commandId:e.commandId,command:n.cmd,status:"completed",output:p.substring(0,i),exitCode:0,timestamp:new Date().toISOString()}}catch(f){return{adapter:"shell",commandId:e.commandId,command:n.cmd,status:"error",error:f.message,exitCode:f.status||1,timestamp:new Date().toISOString()}}}import F from"fs";import b from"path";import T from"fs";import W from"path";import _t from"crypto";function Pe(e,t){let r=t||W.resolve(".lbe/data/backups");T.existsSync(r)||T.mkdirSync(r,{recursive:!0});let n=W.resolve(e),o=T.existsSync(n),i=null,s=null;o&&(i=T.readFileSync(n),s=_t.createHash("sha256").update(i).digest("hex"));let a=W.basename(n).replace(/[^a-zA-Z0-9._-]/g,"_"),d=`${Date.now()}-${s?s.slice(0,8):"new"}-${a}`,l=o?W.join(r,d):null;return o&&i!==null&&v(l,i),{originalPath:n,backupPath:l,existed:o,hash:s,createdAt:new Date().toISOString()}}function H(e){if(!e)return{restored:!1,error:"No backup metadata"};let{originalPath:t,backupPath:r,existed:n}=e;if(!n)try{return T.existsSync(t)&&T.unlinkSync(t),{restored:!0,action:"deleted"}}catch(o){return{restored:!1,error:o.message}}if(!r||!T.existsSync(r))return{restored:!1,error:"Backup file not found at: "+r};try{let o=T.readFileSync(r);return v(t,o),{restored:!0,action:"restored"}}catch(o){return{restored:!1,error:o.message}}}var xt=10*1024*1024;function At(e,t){return e?b.isAbsolute(e)?b.resolve(e):b.resolve(t||process.cwd(),e):null}function Rt(e,t){let r=Fe(e);return t.some(n=>{let o=Fe(n);return r===o||r.startsWith(o+b.sep)})}function Fe(e){let t=b.resolve(e),r=[];for(;!F.existsSync(t);){let n=b.dirname(t);if(n===t)break;r.unshift(b.basename(t)),t=n}try{t=F.realpathSync(t)}catch{}return b.join(t,...r)}function vt(e,t){for(let r of t||[])if(new RegExp("^"+r.replace(/\./g,"\\.").replace(/\*\*/g,".*").replace(/\*/g,"[^/\\\\]*")+"$").test(e))return r;return null}function M(e,t,r,n=2){return{adapter:"file",commandId:e.commandId,status:"blocked",errorCode:t,error:r,exitCode:n}}function O(e,t,r,n=null,o=1){return{adapter:"file",commandId:e.commandId,status:"error",errorCode:t,error:r,backup:n?j(n):null,exitCode:o}}function j(e){return e?{path:e.backupPath,existed:e.existed,hash:e.hash,createdAt:e.createdAt}:null}async function $e(e,t,r){let n=e.payload,o=n.action,i=n.cwd||process.cwd(),s=At(n.target,i);if(!o)return M(e,"FILE_NO_ACTION","payload.action is required");if(!s&&o!=="noop")return M(e,"FILE_NO_TARGET","payload.target is required");let a=r?.filesystem?.roots||[];if(a.length===0)return M(e,"FILE_NO_ROOTS","No filesystem roots defined for requester");if(!Rt(s,a))return M(e,"FILE_OUTSIDE_ROOT",`'${s}' is outside allowed roots`);let d=vt(s,r?.filesystem?.denyPatterns);if(d)return M(e,"FILE_PATH_DENIED",`'${s}' matches deny pattern: ${d}`);switch(o){case"read":return Dt(e,s);case"write":return Ot(e,s,n);case"patch":return Nt(e,s,n);case"delete":return Lt(e,s);default:return M(e,"FILE_UNKNOWN_ACTION",`Unknown action: '${o}'`)}}function Dt(e,t){if(!F.existsSync(t))return O(e,"FILE_NOT_FOUND",`Not found: ${t}`);try{let r=F.statSync(t);if(r.size>xt)return O(e,"FILE_TOO_LARGE","File exceeds 10 MB read limit");let n=F.readFileSync(t,"utf8");return{adapter:"file",action:"read",commandId:e.commandId,status:"completed",target:t,output:n,bytesRead:r.size,exitCode:0}}catch(r){return O(e,"FILE_READ_ERROR",r.message)}}function Ot(e,t,r){let n=r.content;if(n==null)return O(e,"FILE_MISSING_CONTENT","payload.content is required for write");let o=re(t);try{return v(t,n,{encoding:"utf8"}),{adapter:"file",action:"write",commandId:e.commandId,status:"completed",target:t,backup:j(o),output:`Wrote ${Buffer.byteLength(n,"utf8")} bytes to ${t}`,exitCode:0}}catch(i){return H(o),O(e,"FILE_WRITE_ERROR",i.message,o)}}function Nt(e,t,r){let n=r.content;if(n==null)return O(e,"FILE_MISSING_CONTENT","payload.content is required for patch");let o=re(t);try{return v(t,n,{encoding:"utf8"}),{adapter:"file",action:"patch",commandId:e.commandId,status:"completed",target:t,backup:j(o),output:`Patched ${t} (${Buffer.byteLength(n,"utf8")} bytes)`,exitCode:0}}catch(i){return H(o),O(e,"FILE_PATCH_ERROR",i.message,o)}}function Lt(e,t){if(!F.existsSync(t))return O(e,"FILE_NOT_FOUND",`Not found: ${t}`);let r=re(t);try{return F.unlinkSync(t),{adapter:"file",action:"delete",commandId:e.commandId,status:"completed",target:t,backup:j(r),output:`Deleted ${t}`,exitCode:0}}catch(n){return H(r),O(e,"FILE_DELETE_ERROR",n.message,r)}}function re(e){try{return Pe(e)}catch{return null}}var qe={noop:Ce,shell:be,file:$e};function Ct(e){return qe[e]}async function Me(e,t,r,n){let o=Ct(e);if(!o)return{adapter:e,commandId:t.commandId,status:"error",error:`Adapter '${e}' not found`,exitCode:1};try{return await o(t,r,n)}catch(i){return{adapter:e,commandId:t.commandId,status:"error",error:`Adapter execution failed: ${i.message}`,exitCode:9}}}var Nr=Object.keys(qe);import P from"fs";import ne from"path";import Tt from"crypto";function Ve(e){return Tt.createHash("sha256").update(e).digest("hex")}function bt(e){try{if(!P.existsSync(e))return"GENESIS";let t=P.readFileSync(e,"utf8").trim();if(!t)return"GENESIS";let r=t.split(`
+`),n=r[r.length-1];try{return JSON.parse(n).hash||"GENESIS"}catch{return"GENESIS"}}catch{return"GENESIS"}}function V(e,t){let r=ne.dirname(e);P.existsSync(r)||P.mkdirSync(r,{recursive:!0});let n;return me(e,()=>{let o=bt(e),i={...t,prevHash:o,timestamp:new Date().toISOString()};delete i.hash;let s=JSON.stringify(i),a=Ve(s),d=JSON.stringify({...i,hash:a}),l="";P.existsSync(e)&&(l=P.readFileSync(e,"utf8"));try{v(e,l+d+`
+`,{encoding:"utf8"})}catch(I){throw new Error(`Audit log write failed: ${I.message}`)}n={success:!0,hash:a,prevHash:o,message:"Audit entry appended"}}),n}function Ke(e,t={}){let r=t.failFast!==!1,n=Number.isFinite(t.maxEntries)&&t.maxEntries>0?Math.floor(t.maxEntries):null,o={ok:!0,file:ne.resolve(e),entries:0,valid:!0,firstInvalidIndex:null,reason:null,errors:[],message:"Audit log verified"};try{if(!P.existsSync(e))return o.message="Audit log file not found (treated as empty)",o;let i=P.readFileSync(e,"utf8").trim();if(!i)return o.message="Empty audit log",o;let s=i.split(`
+`),a=n?s.slice(0,n):s;o.entries=a.length;let d="GENESIS";for(let l=0;l<a.length;l++){let I;try{I=JSON.parse(a[l])}catch{let E={index:l,reason:"INVALID_JSON_LINE",message:`Line ${l} is not valid JSON`};if(o.valid=!1,o.ok=!1,o.firstInvalidIndex??=l,o.reason??=E.reason,o.errors.push(E),r)break;continue}if(I.prevHash!==d){let E={index:l,reason:"PREV_HASH_MISMATCH",message:`Expected prevHash '${d}', got '${I.prevHash}'`};if(o.valid=!1,o.ok=!1,o.firstInvalidIndex??=l,o.reason??=E.reason,o.errors.push(E),r)break}let f={...I},p=f.hash;delete f.hash;let m=Ve(JSON.stringify(f));if(p!==m){let E={index:l,reason:"HASH_MISMATCH",message:`Expected hash '${m}', got '${p}'`};if(o.valid=!1,o.ok=!1,o.firstInvalidIndex??=l,o.reason??=E.reason,o.errors.push(E),r)break}d=p}return o.message=o.valid?`Audit log verified: ${o.entries} entries`:`Audit log integrity failed at index ${o.firstInvalidIndex}`,o}catch(i){return{ok:!1,file:ne.resolve(e),entries:0,valid:!1,firstInvalidIndex:null,reason:"AUDIT_VERIFY_ERROR",errors:[{index:null,reason:"AUDIT_VERIFY_ERROR",message:i.message}],message:`Integrity check failed: ${i.message}`}}}import Ue from"fs";import $ from"path";import Pt from"crypto";var Be=".lbe/policy.json",Ft=".lbe/audit.jsonl";function $t(e){let t=e.replace(/[.+^${}()|[\]\\]/g,"\\$&");return new RegExp("^"+t.replace(/\*\*\//g,"(?:.*/)?").replace(/\*\*/g,".*").replace(/\*/g,"[^/]*")+"$")}function qt(e,t){return $.relative(e,$.resolve(t)).split($.sep).join("/")}function oe(e){let t=$.resolve(e||process.cwd());return{root:t,policyPath:$.join(t,Be),auditPath:$.join(t,Ft)}}function K(e,t="observe"){let r=oe(e);if(!Ue.existsSync(r.policyPath))return{...r,policy:{version:1,mode:t,workspace:r.root,rules:[]}};let n=JSON.parse(Ue.readFileSync(r.policyPath,"utf8"));if(n?.version!==1||!["observe","enforce"].includes(n.mode)||!Array.isArray(n.rules))throw new Error(`Invalid ${Be}`);return{...r,policy:n}}function Mt(e,t){let{policyPath:r,root:n}=oe(e),o={...t,version:1,workspace:n,rules:Array.isArray(t.rules)?t.rules:[]};return v(r,JSON.stringify(o,null,2)+`
+`,{encoding:"utf8"}),o}function Ye(e,t,r){if(!t||!["allow","deny"].includes(t.effect)||!["path","command"].includes(t.type)||typeof t.pattern!="string"||!t.pattern||typeof t.from!="string"||!t.from)throw new Error("Rule requires effect, type, pattern, and from");let n=K(e,r),o={id:t.id||Pt.randomUUID(),effect:t.effect,type:t.type,pattern:t.pattern,from:t.from,at:t.at||new Date().toISOString()};return Mt(n.root,{...n.policy,mode:r||n.policy.mode,rules:[...n.policy.rules,o]}),{id:o.id,added:!0,rule:o}}function We(e){return{...e,proposed:!0,at:new Date().toISOString()}}function se(e,t,{target:r,command:n}={}){let o=$.resolve(t),i=[];r&&i.push({type:"path",value:qt(o,r)}),n&&i.push({type:"command",value:n});let s=e.rules.filter(d=>i.some(l=>l.type===d.type&&$t(d.pattern).test(l.value))),a=s.filter(d=>d.effect==="deny");return{allowed:a.length===0,matched:s,winningRules:a.length?a:s.filter(d=>d.effect==="allow"),reason:a.length?"LOCAL_POLICY_DENY":null}}function He(e,t){let{auditPath:r}=oe(e);V(r,{kind:"local_policy",timestamp:new Date().toISOString(),...t})}var Ge={read_file:{id:"READ_FILE",adapter:"file",action:"read"},write_file:{id:"WRITE_FILE",adapter:"file",action:"write"},patch_file:{id:"PATCH_FILE",adapter:"file",action:"patch"},delete_file:{id:"DELETE_FILE",adapter:"file",action:"delete"},run_shell:{id:"RUN_SHELL",adapter:"shell",action:"run"}},ie=new Set(["write_file","patch_file","delete_file"]);function D(e,t,r=!1){return{ok:!1,decision:"deny",executed:!1,dryRun:!1,error:{code:e,message:t,recoverable:r}}}function Vt(e,t,r={}){let n=new Date,o=new Date(n.getTime()+365*24*60*60*1e3);return{version:1,default:"DENY",requesters:{[t]:{allowCommands:Object.values(Ge).map(i=>i.id),allowAdapters:["file","shell"],filesystem:{roots:[e],denyPatterns:[]},exec:{allowCmds:r.allowCommands||[],denyCmds:r.denyCommands||[]},rateLimit:{windowSec:60,maxRequests:r.maxRequests||60}}},security:{maxClockSkewSec:600,defaultRateLimit:{windowSec:60,maxRequests:60}},_keyWindow:{notBefore:n.toISOString(),expiresAt:o.toISOString()}}}function ze(e){let t=A.resolve(e),r=[];for(;!q.existsSync(t);){let n=A.dirname(t);if(n===t)break;r.unshift(A.basename(t)),t=n}try{t=q.realpathSync(t)}catch{}return A.join(t,...r)}function ae(e,t){let r=ze(e),n=ze(t);return r===n||r.startsWith(n+A.sep)}var Kt=[/\beval\s*\(/i,/\bFunction\s*\(/i,/\bexec\s*\(/i,/\brequire\s*\(/,/\bimport\s*\(/,/\bchild_process\b/,/\b__proto__\b/,/\bconstructor\s*\[/,/evalScript/i];function Ut(e,t){if(typeof e!="string")return null;for(let r of Kt)if(r.test(e))return D("PAYLOAD_CONTENT_REJECTED",`Forbidden pattern in ${t}: ${r}`);return null}function Bt(e,t,r={}){if(!t||typeof t!="object")return{error:D("REQUEST_INVALID","request must be an object")};let n=Ge[t.intent];if(!n)return{error:D("INTENT_UNSUPPORTED",`Unsupported intent '${t.intent}'`)};let o=typeof t.actor=="string"&&t.actor?t.actor:"agent:local",i=null;if(n.adapter==="file"){if(typeof t.target!="string"||!t.target)return{error:D("TARGET_REQUIRED","target is required for file intents")};if(i=A.resolve(e,t.target),!ae(i,e))return{error:D("PATH_OUTSIDE_ROOT","target is outside project root")};if(["write_file","patch_file"].includes(t.intent)&&typeof t.content!="string")return{error:D("CONTENT_REQUIRED","content is required for write and patch")};let a=Ut(t.content,"content");if(a)return{error:a}}let s=null;if(n.adapter==="shell"){if(s=t.command,!s||typeof s.cmd!="string"||!Array.isArray(s.args)||s.args.some(d=>typeof d!="string"))return{error:D("COMMAND_INVALID","command requires cmd and string args")};let a=A.resolve(e,s.cwd||".");if(!ae(a,e))return{error:D("CWD_OUTSIDE_ROOT","command cwd is outside project root")};if(!Array.isArray(r.allowCommands)||!r.allowCommands.includes(s.cmd))return{error:D("SHELL_NOT_ALLOWLISTED",`command '${s.cmd}' is not explicitly allowlisted`)};if(r.denyCommands?.includes(s.cmd))return{error:D("SHELL_DENIED",`command '${s.cmd}' is denied`)};s={...s,cwd:a,timeoutMs:Math.min(Math.max(s.timeoutMs||3e4,1),3e4),maxOutputBytes:Math.min(Math.max(s.maxOutputBytes||1024*1024,1024),1024*1024)}}return{actor:o,detail:n,target:i,command:s,request:t}}function Yt(e,t,r){let{actor:n,detail:o,target:i,command:s,request:a}=e,d={id:o.id,risk:ie.has(a.intent)?"MEDIUM":"LOW",commandId:je.randomUUID(),requesterId:n,sessionId:"local-host",timestamp:Math.floor(Date.now()/1e3),nonce:je.randomBytes(32).toString("hex"),requires:["policy","signature"],payload:{adapter:o.adapter,action:o.action,target:i,content:a.content,cmd:s?.cmd,args:s?.args,timeoutMs:s?.timeoutMs,maxOutputBytes:s?.maxOutputBytes,cwd:s?.cwd||(i?A.dirname(i):process.cwd())}},l=ue({payloadObj:d,secretKeyB64:r});if(l.error)throw new Error(l.error);return{...d,signature:{alg:"ed25519",keyId:t,sig:l.signature}}}function Wt(e={}){let t=A.resolve(e.rootDir||process.cwd()),r=e.keyId||"host:local-exec",n=e.keyPair||de(),o=e.shell||{};function i(u,{recordNonce:c=!1}={}){let y=Bt(t,u,o);if(y.error)return y;let g=K(t,e.mode||"enforce"),S=se(g.policy,t,{target:y.target,command:y.command?.cmd});if(g.policy.mode==="enforce"&&!S.allowed)return{error:D("LOCAL_POLICY_DENY",`Blocked by rule(s): ${S.winningRules.map(L=>L.id).join(", ")}`),local:g,localDecision:S,normalized:y};let x=Vt(t,y.actor,o),w={defaultKeyId:r,trustedKeys:{[r]:{publicKey:n.publicKey,notBefore:x._keyWindow.notBefore,expiresAt:x._keyWindow.expiresAt,deprecated:!1}}};delete x._keyWindow;let k=Yt(y,r,n.secretKey),_=Le({commandObj:k,keyStore:w,nonceDb:c?{entries:[]}:{entries:[]},policy:x});return _.valid?{local:g,localDecision:S,normalized:y,proposal:k,policy:x,validation:_}:{error:D(_.errors[0]?.type||"VALIDATION_FAILED",_.errors[0]?.message||"Validation failed"),local:g,localDecision:S,normalized:y,proposal:k,policy:x,validation:_}}function s(u){let c=K(t,e.mode||"observe"),y=c.policy.mode,g=null,S=null;if(u.path)try{if(g=A.resolve(t,u.path),!ae(g,t))return{decision:"deny",deny:!0,matchedRules:["path:outside_root"],mode:y,enforced:y==="enforce",reason:"PATH_OUTSIDE_ROOT"}}catch{}u.cmd&&(S=u.cmd);let N=se(c.policy,t,{target:g,command:S}),x=!N.allowed;return{decision:x?"deny":"allow",deny:x,matchedRules:N.winningRules.map(w=>w.id),mode:y,enforced:y==="enforce"}}function a(u){let c=A.join(t,".lbe","events.jsonl"),y=A.dirname(c);q.existsSync(y)||q.mkdirSync(y,{recursive:!0});let g=JSON.stringify({ts:Math.floor(Date.now()/1e3),...u})+`
+`,S=q.openSync(c,"a");try{q.writeSync(S,g)}finally{q.closeSync(S)}}async function d(u){let c=i(u);return c.error?{...c.error,dryRun:!0}:{ok:!0,decision:c.local.policy.mode==="observe"?"observe":"allow",executed:!1,dryRun:!0,matchedRules:c.localDecision.winningRules.map(y=>y.id),rollback:{available:ie.has(c.normalized.request.intent),performed:!1}}}async function l(u){let c=i(u,{recordNonce:!0});if(c.error)return He(t,{action:u?.intent,actor:u?.actor||"agent:local",decision:"deny",error:c.error.error.code}),c.error;if(c.local.policy.mode==="observe")return V(A.join(t,".lbe/audit.jsonl"),{kind:"local_execution",commandId:c.proposal.commandId,requesterId:c.normalized.actor,intent:c.normalized.request.intent,decision:"observe",status:"observed"}),{ok:!0,decision:"observe",executed:!1,dryRun:!1,matchedRules:c.localDecision.winningRules.map(x=>x.id),rollback:{available:!1,performed:!1}};let y=c.policy.requesters[c.normalized.actor],g=await Me(c.normalized.detail.adapter,c.proposal,c.policy,y),S=g.status==="completed",N=V(A.join(t,".lbe/audit.jsonl"),{kind:"local_execution",commandId:c.proposal.commandId,requesterId:c.normalized.actor,intent:c.normalized.request.intent,decision:S?"allow":"deny",status:g.status});return{ok:S,decision:S?"allow":"deny",executed:S,dryRun:!1,matchedRules:c.localDecision.winningRules.map(x=>x.id),auditId:N.hash,rollback:{available:ie.has(c.normalized.request.intent),performed:!1,backupId:g.backup?.hash},...S?{}:{error:{code:g.errorCode||"EXECUTION_FAILED",message:g.error||"Execution failed",recoverable:!0}}}}return{rootDir:t,writeFile:(u,c)=>l({intent:"write_file",target:u,content:c}),readFile:u=>l({intent:"read_file",target:u}),patchFile:(u,c)=>l({intent:"patch_file",target:u,content:c}),deleteFile:u=>l({intent:"delete_file",target:u}),runShell:(u,c=[],y={})=>l({intent:"run_shell",command:{cmd:u,args:c,...y}}),validate:async u=>({...await d(u),dryRun:!1,executed:!1}),dryRun:d,execute:l,policy:{read:()=>K(t,e.mode||"enforce").policy,proposeRule:We,addRule:u=>Ye(t,u,e.mode||"enforce")},audit:{verify:()=>Ke(A.join(t,".lbe/audit.jsonl"))},evaluateSync:s,auditSync:a}}export{Wt as createLocalExecutor};