@master4n/master-cli 3.0.2 → 3.0.4

package/README.md

@@ -1,16 +1,21 @@
 # @master4n/master-cli (`mfn`)
 
 [![CI](https://github.com/Master4Novice/master-cli/actions/workflows/ci.yml/badge.svg)](https://github.com/Master4Novice/master-cli/actions/workflows/ci.yml)
+[![CodeQL](https://github.com/Master4Novice/master-cli/actions/workflows/codeql.yml/badge.svg)](https://github.com/Master4Novice/master-cli/actions/workflows/codeql.yml)
+[![Known Vulnerabilities](https://snyk.io/test/github/Master4Novice/master-cli/badge.svg)](https://snyk.io/test/github/Master4Novice/master-cli)
+[![Socket](https://socket.dev/api/badge/npm/package/@master4n/master-cli)](https://socket.dev/npm/package/@master4n/master-cli)
 [![npm version](https://img.shields.io/npm/v/%40master4n%2Fmaster-cli)](https://www.npmjs.com/package/@master4n/master-cli)
 ![npm downloads](https://img.shields.io/npm/dm/%40master4n%2Fmaster-cli)
 ![License](https://img.shields.io/npm/l/%40master4n%2Fmaster-cli)
 ![Owner](https://img.shields.io/badge/Owner-Master4Novice-orange?style=flat)
 
-**Master CLI for developers and AI agents.** A set of headless, JSON-first
-commands that replace the boilerplate agents otherwise regenerate on every
-machine — timestamp/date conversion, JWT decoding, freeing ports, finding files,
-and directory trees. Every command runs the same for a human at a terminal and
-for an agent reading stdout.
+**Master CLI for developers and AI agents.** 51 headless, JSON-first commands in
+three families: **token savers** (extract exactly what you need — one JSON field,
+a line range, a file outline — instead of dumping whole files into context),
+**exact computation** (BigInt math, semver, cron, regex, timezones — verified
+answers instead of guesses), and **one-call actions** (free a port, wait for a
+server, bulk-replace with dry-run). Every command runs the same for a human at a
+terminal and for an agent reading stdout, in ~60ms.
 
 ## Installation
 
@@ -20,6 +25,19 @@ npm install -g @master4n/master-cli
 
 This installs the `mfn` command.
 
+### Zero-install (agents & one-off use)
+
+No global install needed — `npx` runs any command directly:
+
+```sh
+npx -y @master4n/master-cli capabilities --json   # discover every command
+npx -y @master4n/master-cli epoch 1622547800 --json
+```
+
+> **For AI agents:** run `mfn capabilities --json` (or the npx form above) to get
+> the machine-readable manifest, and read [`llms.txt`](./llms.txt) — it ships
+> inside the npm package and documents the full agent contract.
+
 ## The contract (why it's agent-friendly)
 
 - **Headless-first** — every command runs from flags/stdin. Interactive prompts
@@ -36,6 +54,27 @@ This installs the `mfn` command.
 - **Self-describing** — `mfn capabilities --json` lists every command, and
   [`llms.txt`](./llms.txt) documents the full agent contract.
 
+## MCP server (built in)
+
+For agent clients that can't run shell commands, `mfn mcp` serves the whole
+toolkit over the [Model Context Protocol](https://modelcontextprotocol.io)
+(stdio transport, zero extra dependencies):
+
+```jsonc
+// e.g. .mcp.json / claude_desktop_config.json / any MCP client
+{
+  "mcpServers": {
+    "mfn": { "command": "npx", "args": ["-y", "@master4n/master-cli", "mcp"] }
+  }
+}
+```
+
+Three tools: `mfn_capabilities` (the manifest), `mfn_run` (`{command, args[]}` —
+runs any catalogued command and returns its single JSON object, guardrails
+included), and `mfn_help` (per-command flags). `update` is deny-listed so an
+MCP-only client can never install packages. `mfn mcp --json` describes the
+server without starting it.
+
 ## Quick start
 
 ```sh
@@ -45,25 +84,69 @@ mfn -v                 # version
 mfn capabilities --json   # machine-readable manifest of all commands
 ```
 
-## Commands
+## Commands (51)
+
+Run `mfn capabilities` for the grouped list, `mfn <command> --help` for flags.
+
+### OS-level — one call on macOS, Windows, and Linux
+
+| Command | What it does | Example |
+| ------- | ------------ | ------- |
+| `clip` | Read/write the system clipboard | `git diff \| mfn clip --json` |
+| `notify` | Desktop notification — ping the user when a task finishes | `mfn notify "build finished" --json` |
+| `open` | Open a file/URL in the default app (validated first) | `mfn open coverage/index.html --json` |
+| `procs` | Search processes by name: pid/cpu/mem | `mfn procs node --json` |
+| `disk` | Per-mount disk usage without df parsing | `mfn disk --json` |
+| `trash` | **Reversible** delete to the OS trash — never `rm -rf` | `mfn trash old-logs --json` |
+| `dns` | A/AAAA/CNAME/MX/TXT/NS in one call | `mfn dns github.com --json` |
+
+### Token savers — read less, extract exactly
+
+| Command | What it does | Example |
+| ------- | ------------ | ------- |
+| `json` | One value from JSON by path — don't read the document | `mfn json scripts.build -f package.json --json` |
+| `schema` | Infer JSON shape (paths + types); 10MB payload → ~20 lines | `mfn schema -f response.json --json` |
+| `count` | Lines/words/chars/bytes + **LLM token estimate** | `git diff \| mfn count --json` |
+| `lines` | Exact line range of a file (1-based), never the whole file | `mfn lines src/app.ts -s 120 -n 30 --json` |
+| `outline` | Symbols + line numbers (.ts .js .py .go .md) | `mfn outline src/app.ts --json` |
+| `diff` | Structured hunks of two files, counts first | `mfn diff old.json new.json -s --json` |
+| `freq` | Most repeated lines — log triage in one call | `mfn freq error.log -t 5 --json` |
+| `imports` | A file's imports, or who imports a module | `mfn imports --who utility --json` |
+| `repo` | Git branch/dirty/ahead-behind/commits in one object | `mfn repo --json` |
+| `sys` / `have` / `ip` | System facts · tool versions · local addresses | `mfn have node git docker --json` |
+| `size` / `ext` / `recent` | Disk usage · composition by extension · newest files | `mfn size -t 5 --json` |
+| `ports` | ALL listening TCP ports with owning processes | `mfn ports --json` |
+| `pkg` | Declared vs installed dependency versions | `mfn pkg --json` |
+| `env` / `dotenv` | Env inspection (secrets **always** redacted) · .env completeness | `mfn dotenv --json` |
+
+### Exact computation — never guess
+
+| Command | What it does | Example |
+| ------- | ------------ | ------- |
+| `calc` | BigInt-exact arithmetic — `2^53 + 1` comes out right | `mfn calc "2^53 + 1" --json` |
+| `base` | hex/dec/bin/oct conversion, BigInt-safe | `mfn base 0xff --json` |
+| `semver` | Validate/compare/sort/bump per semver.org | `mfn semver 1.10.0 1.9.2 --json` |
+| `cron` | Validate + explain + next run times | `mfn cron "*/15 9-17 * * 1-5" --json` |
+| `regex` | Test a pattern — matches with line/index/groups | `mfn regex "TODO" -f src/app.ts --json` |
+| `url` | URL → components + decoded query params | `mfn url "https://x.com/a?b=1" --json` |
+| `escape` | Context-exact escaping: shell, JSON, regex, HTML, URL | `mfn escape "it's" --json` |
+| `case` | camel/snake/kebab/pascal/… conversion | `mfn case getUserName -t snake --json` |
+| `epoch` / `date` | Epoch ↔ date (auto unit) · timezone conversion | `mfn epoch 1622547800 --json` |
+| `decode` | JWT header + payload + expiry (signature not verified) | `mfn decode -t <jwt> --json` |
+
+### Actions — do, don't script
 
 | Command | What it does | Example |
 | ------- | ------------ | ------- |
-| `capabilities` | Self-describing manifest of every command | `mfn capabilities --json` |
-| `id` | Generate IDs — UUID v4, time-ordered UUID v7, or URL-safe nano | `mfn id --json` · `mfn id -t uuid7 -n 3 --json` |
-| `hash` | Hash a string, file, or stdin (md5/sha1/sha256/sha512) | `mfn hash hello --json` · `mfn hash -f ./x --json` |
-| `encode` | Encode/decode text — base64, base64url, hex, url | `mfn encode hi --json` · `mfn encode aGk= -d --json` |
-| `random` | Secure random bytes, or an unbiased password | `mfn random --json` · `mfn random -p -l 32 --json` |
-| `port` | Find a free port, or check if one is available | `mfn port --json` · `mfn port -c 3000 --json` |
-| `epoch` | Convert between epoch timestamps and dates (auto-detects s/ms/µs/ns) | `mfn epoch 1622547800 --json` · `mfn epoch --from 2021-06-01T11:43:20Z --json` |
-| `date` | Convert/format a date across timezones (defaults to now) | `mfn date 2024-07-04T15:30:30Z --tz America/New_York --json` |
-| `decode` | Decode a JWT (header + payload + expiry; signature **not** verified) | `mfn decode -t <jwt> --json` |
-| `kill` | Kill the process(es) listening on given ports | `mfn kill -p 3000 8080 -y --json` |
-| `sc` | Fuzzy-find files/folders under the current directory | `mfn sc service --json` |
-| `cts` | Print (or export) a tree of the current directory | `mfn cts --json` · `mfn cts -t png` |
-| `update` | Update the CLI (or a named package) to the latest version | `mfn update --json` |
-
-Run `mfn <command> --help` for the full flag list and more examples.
+| `replace` | Literal find/replace across files — **dry-run by default** | `mfn replace old new -g "src/**/*.ts" --json` |
+| `wait` | Block until port/URL/file is ready — no sleep loops | `mfn wait -p 3000 -t 30 --json` |
+| `kill` | Free the ports your dev server got stuck on | `mfn kill -p 3000 8080 -y --json` |
+| `http` | Probe a URL: status/headers/timing, capped body preview | `mfn http localhost:3000/health --json` |
+| `port` | Find a free port, or check one | `mfn port -c 3000 --json` |
+| `id` / `hash` / `encode` / `random` | UUID v4/v7/nano · digests · codecs · CSPRNG | `mfn id -t uuid7 -n 3 --json` |
+| `sc` / `cts` | Fuzzy file find · directory tree | `mfn sc service --json` |
+| `capabilities` / `update` | Machine-readable manifest · self-update | `mfn capabilities --json` |
+| `mcp` | Serve every command over the Model Context Protocol (stdio) | `mfn mcp` |
 
 ### Examples
 

package/SECURITY.md

@@ -0,0 +1,90 @@
+# Security Policy
+
+## Reporting a vulnerability
+
+Please open a private report via
+[GitHub Security Advisories](https://github.com/Master4Novice/master-cli/security/advisories/new)
+rather than a public issue. You should receive a response within a week.
+
+## Threat model & design guarantees
+
+`mfn` is a local developer tool. It is designed so that untrusted *input*
+(strings, tokens, file contents, port numbers) can never escalate into code
+execution or unintended process termination:
+
+- **No shell interpolation.** Every external process (`npm`, `lsof`, `netstat`,
+  `kill`, `taskkill`) is spawned with `execFile` — arguments are passed as an
+  array, never interpolated into a shell string. A crafted package name or port
+  value cannot inject commands.
+- **Strict input validation.** Ports must be integers in 1..65535; counts,
+  sizes, and byte lengths have hard upper bounds; PIDs parsed from `lsof`/
+  `netstat` output must be strictly numeric before being passed to `kill`.
+- **JWTs are decoded, never verified or transmitted.** `mfn decode` performs
+  local base64url decoding only; the token never leaves the machine, and the
+  output explicitly states the signature is not verified.
+- **Crypto uses Node's CSPRNG.** `random` and `id` use `node:crypto`
+  (`randomBytes`, `randomUUID`) with rejection sampling — no `Math.random`, no
+  modulo bias.
+- **Local cache is private.** `~/.mfn/cache` (recent ports, ignore lists) is
+  created with mode `0700`.
+- **No network calls** except `mfn update`, which delegates to `npm` itself.
+- **No telemetry.** Nothing is collected or sent anywhere.
+
+## Guardrails (active, no override flags)
+
+`mfn` is built to be safe to hand to an AI agent. These guardrails are always
+on — there are deliberately **no bypass flags**, because an agent will find and
+use any flag that exists:
+
+| Guardrail | Commands | What it prevents |
+| --------- | -------- | ---------------- |
+| **Sensitive-path refusal** (`SensitivePath`, exit 2) | `lines` `json` `schema` `diff` `freq` `regex -f` `hash -f` | Returning the CONTENT of credential stores: `~/.ssh`, `~/.aws`, `~/.gnupg`, `~/.kube`, `.env*`, `*.pem`, `*.key`, `id_rsa*`, `.npmrc`, `.netrc`, `shadow`, … An agent's context window is a log that never rotates. `hash -f` is included because a digest of a low-entropy secrets file can be brute-forced offline. |
+| **Clipboard secret redaction** | `clip` (read) | Passwords/tokens pasted through the clipboard (password managers). Secret-shaped content (private-key blocks, JWTs, AWS/GitHub/Slack/Google/npm/`sk-` tokens) is withheld with `redacted:true`. |
+| **Env value scanning** | `env` | Redacts by NAME pattern (key/token/secret/…) **and** by VALUE shape — an innocently named variable holding a JWT is still redacted. `mfn env` with no names lists names only. |
+| **Dotenv never reads values** | `dotenv` | Compares KEY presence between `.env` and `.env.example`; values are never parsed, stored, or returned. |
+| **Cloud-metadata block** (`BlockedTarget`, exit 2) | `http` `wait -u` | SSRF credential theft via `169.254.169.254`, `metadata.google.internal`, Alibaba/AWS v6 endpoints. Localhost stays allowed — probing your own dev server is the point. |
+| **Session-cookie redaction** | `http` | `set-cookie` response headers are replaced with `[redacted: session cookie]`. |
+| **Scheme allow-list** | `open` | Only http(s) URLs or existing local paths; `javascript:`, `file:`, and custom protocol handlers are refused. |
+| **Reversible delete only** | `trash` | Moves to the OS trash (never unlink); refuses `/`, home, cwd, and any parent of cwd — compared by realpath so symlinks can't fool it. |
+| **PID floor + numeric check** | `kill` | A parsing surprise can never become `kill -9 0/1/-1`; ports validated 1..65535. |
+| **Tool-name charset** | `have` | Probed names must be plain command names — no paths, no metacharacters. |
+| **Dry-run by default** | `replace` | File modification requires explicit `--write`; scope is bounded to cwd. |
+| **Body/range caps everywhere** | `http` (2KB preview) `lines` (2000) `diff` (20k lines) `clip` (1MB) … | One call can never flood a context window or memory. |
+
+## Guardrail scope & known limits (honest)
+
+The credential guardrail is **defense-in-depth, not a security boundary**. It is
+two layers:
+
+1. **Path layer** — refuses sensitive paths, resolving symlinks via realpath so
+   an innocently named symlink can't smuggle a secret file's content out.
+2. **Content layer** — masks secret-*shaped* substrings (private-key blocks,
+   JWTs, AWS/GitHub/Slack/Google/npm/`sk-` tokens) in the content that
+   `lines`/`freq`/`regex`/`json` echo, **including content piped via stdin**
+   where there is no path to vet.
+
+Known limits, stated plainly:
+
+- **Hardlinks** to a sensitive file are not detected at the path layer (a
+  hardlink shares the file's inode but has no distinguishable path). The content
+  layer still masks recognised token shapes; and creating a hardlink requires
+  the same read access as reading the original, so it grants no new capability.
+- The content layer matches **known token shapes**, not arbitrary `KEY=value`
+  secrets — over-broad redaction would break legitimate config/log processing.
+- An agent that already has shell access can read any file directly with `cat`.
+  These guardrails reduce *accidental* exposure through `mfn`'s own output
+  (the common path by which secrets leak into an agent's context window); they
+  are not a sandbox and do not claim to be.
+
+## Scope notes
+
+- `mfn hash` supports `md5`/`sha1` for checksum interop with legacy systems —
+  they are not suitable for security purposes; use `sha256`/`sha512`.
+- `mfn kill` sends `SIGKILL` to processes the invoking user owns; it cannot
+  affect other users' processes beyond what the OS already permits.
+- `mfn update <package>` installs a named package globally via npm — only point
+  it at packages you trust, exactly as with `npm install -g`.
+
+## Supported versions
+
+Only the latest published major (3.x) receives security fixes.

package/bin/catalog.agent.d.ts

@@ -0,0 +1,3 @@
+import type { CommandInfo } from './catalog';
+/** Agent generation 1: token savers and deterministic ground-truth commands. */
+export declare const AGENT_COMMANDS: readonly CommandInfo[];

package/bin/catalog.classic.d.ts

@@ -0,0 +1,3 @@
+import type { CommandInfo } from './catalog';
+/** The original toolkit: discovery, time, crypto primitives, OS/filesystem. */
+export declare const CLASSIC_COMMANDS: readonly CommandInfo[];

package/bin/catalog.d.ts

@@ -1,14 +1,18 @@
 /**
  * Single source of truth for the command catalogue — consumed by the welcome
  * banner (the "tools" line) and by `mfn capabilities` (the agent-facing
- * manifest). Keep this in sync when adding a command.
+ * manifest). Add new commands to the matching catalog.*.ts data module.
  */
 export interface CommandInfo {
     /** Invocation name, e.g. `epoch`. */
     name: string;
+    /** Functional grouping an agent can filter on. */
+    category: 'discovery' | 'time' | 'crypto' | 'text' | 'data' | 'code' | 'net' | 'system';
     /** One-line human summary. */
     summary: string;
     /** Copy-paste examples (headless, agent-friendly). */
     examples: string[];
 }
 export declare const COMMANDS: readonly CommandInfo[];
+/** Distinct categories in catalogue order (for grouped rendering). */
+export declare const CATEGORIES: readonly string[];

package/bin/catalog.os.d.ts

@@ -0,0 +1,7 @@
+import type { CommandInfo } from './catalog';
+/**
+ * Agent generation 3: OS-level commands — the things an agent normally needs
+ * platform-specific incantations (or a human's hands) for, made one-call and
+ * safe-by-default on macOS, Windows, and Linux.
+ */
+export declare const OS_COMMANDS: readonly CommandInfo[];

package/bin/catalog.power.d.ts

@@ -0,0 +1,7 @@
+import type { CommandInfo } from './catalog';
+/**
+ * Agent generation 2: the commands an AI coding agent reaches for constantly —
+ * code navigation, dependency tracing, bulk edits, readiness waits, and
+ * environment drift checks.
+ */
+export declare const POWER_COMMANDS: readonly CommandInfo[];

package/bin/commands/base.d.ts

@@ -0,0 +1,7 @@
+declare const base: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => undefined;
+};
+export default base;

package/bin/commands/calc.d.ts

@@ -0,0 +1,7 @@
+declare const calc: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => undefined;
+};
+export default calc;

package/bin/commands/case.d.ts

@@ -0,0 +1,7 @@
+declare const caseCmd: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<void>;
+};
+export default caseCmd;

package/bin/commands/clip.d.ts

@@ -0,0 +1,7 @@
+declare const clip: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<void>;
+};
+export default clip;

package/bin/commands/count.d.ts

@@ -0,0 +1,7 @@
+declare const count: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<undefined>;
+};
+export default count;

package/bin/commands/cron.d.ts

@@ -0,0 +1,7 @@
+declare const cron: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => undefined;
+};
+export default cron;

package/bin/commands/cron.engine.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Minimal, dependency-free 5-field cron engine (minute hour day-of-month month
+ * day-of-week). Supports * , - / lists, ranges, and steps. Standard semantics:
+ * when BOTH dom and dow are restricted, a date matches if EITHER matches (Vixie
+ * cron rule).
+ */
+export interface CronFields {
+    minute: Set<number>;
+    hour: Set<number>;
+    dayOfMonth: Set<number>;
+    month: Set<number>;
+    dayOfWeek: Set<number>;
+    domRestricted: boolean;
+    dowRestricted: boolean;
+}
+export declare function parseCron(expression: string): CronFields;
+/** Next `count` run times strictly after `from` (local time), bounded to 5 years. */
+export declare function nextRuns(f: CronFields, from: Date, count: number): Date[];

package/bin/commands/diff.d.ts

@@ -0,0 +1,7 @@
+declare const diff: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<undefined>;
+};
+export default diff;

package/bin/commands/disk.d.ts

@@ -0,0 +1,7 @@
+declare const disk: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<undefined>;
+};
+export default disk;

package/bin/commands/dns.d.ts

@@ -0,0 +1,7 @@
+declare const dns: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<void>;
+};
+export default dns;

package/bin/commands/dotenv.d.ts

@@ -0,0 +1,7 @@
+declare const dotenv: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => undefined;
+};
+export default dotenv;

package/bin/commands/env.d.ts

@@ -0,0 +1,7 @@
+declare const env: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => void;
+};
+export default env;

package/bin/commands/epoch.interactive.d.ts

@@ -0,0 +1,6 @@
+/**
+ * TTY-only fallback for `mfn epoch` when no flags/positional are supplied.
+ * Lives in its own module to keep epoch.ts focused on the headless paths
+ * (and under the 150-line file budget).
+ */
+export declare function epochInteractive(argv: any, epochToDate: (argv: any, value: number) => void, dateToEpoch: (argv: any, input: string, format?: string, tz?: string) => void): Promise<void>;

package/bin/commands/escape.d.ts

@@ -0,0 +1,7 @@
+declare const escapeCmd: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<undefined>;
+};
+export default escapeCmd;

package/bin/commands/ext.d.ts

@@ -0,0 +1,7 @@
+declare const ext: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => undefined;
+};
+export default ext;

package/bin/commands/freq.d.ts

@@ -0,0 +1,7 @@
+declare const freq: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<undefined>;
+};
+export default freq;

package/bin/commands/have.d.ts

@@ -0,0 +1,7 @@
+declare const have: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<undefined>;
+};
+export default have;

package/bin/commands/http.d.ts

@@ -0,0 +1,7 @@
+declare const http: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<undefined>;
+};
+export default http;

package/bin/commands/imports.d.ts

@@ -0,0 +1,7 @@
+declare const imports: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<void>;
+};
+export default imports;

package/bin/commands/index.d.ts

@@ -11,4 +11,42 @@ import hash from './hash';
 import encode from './encode';
 import random from './random';
 import port from './port';
-export { cts, sc, deco, date, epoch, killProcess, update, capabilities, id, hash, encode, random, port, };
+import jsonCmd from './json';
+import count from './count';
+import lines from './lines';
+import have from './have';
+import sys from './sys';
+import repo from './repo';
+import calc from './calc';
+import semver from './semver';
+import caseCmd from './case';
+import cron from './cron';
+import diff from './diff';
+import env from './env';
+import size from './size';
+import ext from './ext';
+import freq from './freq';
+import regex from './regex';
+import url from './url';
+import ip from './ip';
+import escapeCmd from './escape';
+import schema from './schema';
+import outlineCmd from './outline';
+import imports from './imports';
+import replace from './replace';
+import recent from './recent';
+import pkgCmd from './pkg';
+import dotenv from './dotenv';
+import wait from './wait';
+import ports from './ports';
+import http from './http';
+import base from './base';
+import clip from './clip';
+import notify from './notify';
+import openCmd from './open';
+import procs from './procs';
+import disk from './disk';
+import trash from './trash';
+import dns from './dns';
+import mcp from './mcp';
+export { cts, sc, deco, date, epoch, killProcess, update, capabilities, mcp, id, hash, encode, random, port, jsonCmd, count, lines, have, sys, repo, calc, semver, caseCmd, cron, diff, env, size, ext, freq, regex, url, ip, escapeCmd, schema, outlineCmd, imports, replace, recent, pkgCmd, dotenv, wait, ports, http, base, clip, notify, openCmd, procs, disk, trash, dns, };

package/bin/commands/ip.d.ts

@@ -0,0 +1,7 @@
+declare const ip: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => void;
+};
+export default ip;

package/bin/commands/json.d.ts

@@ -0,0 +1,7 @@
+declare const jsonCmd: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<void>;
+};
+export default jsonCmd;

package/bin/commands/lines.d.ts

@@ -0,0 +1,7 @@
+declare const lines: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<undefined>;
+};
+export default lines;

package/bin/commands/mcp.d.ts

@@ -0,0 +1,7 @@
+declare const mcp: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<void>;
+};
+export default mcp;

package/bin/commands/notify.d.ts

@@ -0,0 +1,7 @@
+declare const notify: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<undefined>;
+};
+export default notify;

package/bin/commands/open.d.ts

@@ -0,0 +1,7 @@
+declare const openCmd: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<undefined>;
+};
+export default openCmd;

package/bin/commands/outline.d.ts

@@ -0,0 +1,7 @@
+declare const outlineCmd: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<undefined>;
+};
+export default outlineCmd;

package/bin/commands/outline.engine.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Regex-based source outliner. Not a real parser — it's the 95% answer in
+ * ~zero time: top-level symbols with line numbers, so an agent can read a
+ * 50-token outline and then fetch only the lines it needs (`mfn lines`).
+ */
+export interface Symbol {
+    line: number;
+    kind: string;
+    name: string;
+    exported: boolean;
+}
+export declare const SUPPORTED_EXTENSIONS: string[];
+export declare function outline(text: string, extension: string): Symbol[];

package/bin/commands/pkg.d.ts

@@ -0,0 +1,7 @@
+declare const pkgCmd: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => undefined;
+};
+export default pkgCmd;

package/bin/commands/ports.d.ts

@@ -0,0 +1,7 @@
+declare const ports: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<undefined>;
+};
+export default ports;

package/bin/commands/procs.d.ts

@@ -0,0 +1,7 @@
+declare const procs: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => Promise<undefined>;
+};
+export default procs;

package/bin/commands/recent.d.ts

@@ -0,0 +1,7 @@
+declare const recent: {
+    command: string;
+    describe: string;
+    builder: (yargs: any) => any;
+    handler: (argv: any) => undefined;
+};
+export default recent;