@letterblack/lbe-exec 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/LICENSE +1 -0
  2. package/README.md +26 -0
  3. package/dist/index.js +1762 -0
  4. package/dist/lbe_engine.wasm +0 -0
  5. package/dist/wasm.lock.json +4 -0
  6. package/package.json +28 -0
  7. package/types.d.ts +19 -0
package/LICENSE ADDED
@@ -0,0 +1 @@
1
+ SEE LICENSE IN LICENSE
package/README.md ADDED
@@ -0,0 +1,26 @@
1
+ # @letterblack/lbe-exec
2
+
3
+ Local host-signed execution for LetterBlack LBE.
4
+
5
+ This package is the trusted, in-process controller layer. It accepts simple
6
+ requests, creates the timestamp/nonce/signature envelope locally, validates it
7
+ through the bundled WASM runtime, and executes approved file or allowlisted
8
+ shell operations inside the configured project root.
9
+
10
+ ```js
11
+ import { createLocalExecutor } from '@letterblack/lbe-exec';
12
+
13
+ const lbe = createLocalExecutor({ rootDir: process.cwd() });
14
+ const preview = await lbe.dryRun({ intent: 'write_file', target: 'report.md', content: 'draft' });
15
+ const result = await lbe.execute({ intent: 'write_file', target: 'report.md', content: 'approved' });
16
+ ```
17
+
18
+ `dryRun()` is strictly non-mutating: it does not create backups, write audit
19
+ records, execute commands, modify files, or change policy.
20
+
21
+ Shell execution is denied unless its command is explicitly listed in
22
+ `shell.allowCommands`. File operations are constrained to `rootDir`, including
23
+ against traversal and symlink escapes.
24
+
25
+ Agents may call `policy.proposeRule()`. Only the trusted host/controller should
26
+ call `policy.addRule()`.