@node9/proxy 0.2.1

package/dist/index.mjs

@@ -0,0 +1,576 @@
+// src/core.ts
+import chalk from "chalk";
+import { confirm } from "@inquirer/prompts";
+import fs from "fs";
+import path from "path";
+import os from "os";
+import pm from "picomatch";
+import { parse } from "sh-syntax";
+var DANGEROUS_WORDS = [
+  "delete",
+  "drop",
+  "remove",
+  "terminate",
+  "refund",
+  "write",
+  "update",
+  "destroy",
+  "rm",
+  "rmdir",
+  "purge",
+  "format"
+];
+function tokenize(toolName) {
+  return toolName.toLowerCase().split(/[_.\-\s]+/).filter(Boolean);
+}
+function containsDangerousWord(toolName, dangerousWords) {
+  const tokens = tokenize(toolName);
+  return dangerousWords.some((word) => tokens.includes(word.toLowerCase()));
+}
+function matchesPattern(text, patterns) {
+  const p = Array.isArray(patterns) ? patterns : [patterns];
+  if (p.length === 0) return false;
+  const isMatch = pm(p, { nocase: true, dot: true });
+  const target = text.toLowerCase();
+  const directMatch = isMatch(target);
+  if (directMatch) return true;
+  const withoutDotSlash = text.replace(/^\.\//, "");
+  return isMatch(withoutDotSlash) || isMatch(`./${withoutDotSlash}`);
+}
+function getNestedValue(obj, path2) {
+  if (!obj || typeof obj !== "object") return null;
+  return path2.split(".").reduce((prev, curr) => prev?.[curr], obj);
+}
+function extractShellCommand(toolName, args, toolInspection) {
+  const patterns = Object.keys(toolInspection);
+  const matchingPattern = patterns.find((p) => matchesPattern(toolName, p));
+  if (!matchingPattern) return null;
+  const fieldPath = toolInspection[matchingPattern];
+  const value = getNestedValue(args, fieldPath);
+  return typeof value === "string" ? value : null;
+}
+async function analyzeShellCommand(command) {
+  const actions = [];
+  const paths = [];
+  const allTokens = [];
+  const addToken = (token) => {
+    const lower = token.toLowerCase();
+    allTokens.push(lower);
+    if (lower.includes("/")) {
+      const segments = lower.split("/").filter(Boolean);
+      allTokens.push(...segments);
+    }
+    if (lower.startsWith("-")) {
+      allTokens.push(lower.replace(/^-+/, ""));
+    }
+  };
+  try {
+    const ast = await parse(command);
+    const walk = (node) => {
+      if (!node) return;
+      if (node.type === "CallExpr") {
+        const parts = (node.Args || []).map((arg) => {
+          return (arg.Parts || []).map((p) => p.Value || "").join("");
+        }).filter((s) => s.length > 0);
+        if (parts.length > 0) {
+          actions.push(parts[0].toLowerCase());
+          parts.forEach((p) => addToken(p));
+          parts.slice(1).forEach((p) => {
+            if (!p.startsWith("-")) paths.push(p);
+          });
+        }
+      }
+      for (const key in node) {
+        if (key === "Parent") continue;
+        const val = node[key];
+        if (Array.isArray(val)) {
+          val.forEach((child) => {
+            if (child && typeof child === "object" && "type" in child) {
+              walk(child);
+            }
+          });
+        } else if (val && typeof val === "object" && "type" in val) {
+          walk(val);
+        }
+      }
+    };
+    walk(ast);
+  } catch {
+  }
+  if (allTokens.length === 0) {
+    const normalized = command.replace(/\\(.)/g, "$1");
+    const sanitized = normalized.replace(/["'<>]/g, " ");
+    const segments = sanitized.split(/[|;&]|\$\(|\)|`/);
+    segments.forEach((segment) => {
+      const tokens = segment.trim().split(/\s+/).filter(Boolean);
+      if (tokens.length > 0) {
+        const action = tokens[0].toLowerCase();
+        if (!actions.includes(action)) actions.push(action);
+        tokens.forEach((t) => {
+          addToken(t);
+          if (t !== tokens[0] && !t.startsWith("-")) {
+            if (!paths.includes(t)) paths.push(t);
+          }
+        });
+      }
+    });
+  }
+  return { actions, paths, allTokens };
+}
+var DEFAULT_CONFIG = {
+  settings: { mode: "standard" },
+  policy: {
+    dangerousWords: DANGEROUS_WORDS,
+    ignoredTools: [
+      "list_*",
+      "get_*",
+      "read_*",
+      "describe_*",
+      "read",
+      "write",
+      "edit",
+      "multiedit",
+      "glob",
+      "grep",
+      "ls",
+      "notebookread",
+      "notebookedit",
+      "todoread",
+      "todowrite",
+      "webfetch",
+      "websearch",
+      "exitplanmode",
+      "askuserquestion"
+    ],
+    toolInspection: {
+      bash: "command",
+      run_shell_command: "command",
+      shell: "command",
+      "terminal.execute": "command"
+    },
+    rules: [
+      { action: "rm", allowPaths: ["**/node_modules/**", "dist/**", "build/**", ".DS_Store"] }
+    ]
+  },
+  environments: {}
+};
+var cachedConfig = null;
+function getGlobalSettings() {
+  try {
+    const globalConfigPath = path.join(os.homedir(), ".node9", "config.json");
+    if (fs.existsSync(globalConfigPath)) {
+      const parsed = JSON.parse(fs.readFileSync(globalConfigPath, "utf-8"));
+      const settings = parsed.settings || {};
+      return {
+        mode: settings.mode || "standard",
+        autoStartDaemon: settings.autoStartDaemon !== false,
+        slackEnabled: settings.slackEnabled !== false,
+        // agentMode defaults to false — user must explicitly opt in via `node9 login`
+        agentMode: settings.agentMode === true
+      };
+    }
+  } catch {
+  }
+  return { mode: "standard", autoStartDaemon: true, slackEnabled: true, agentMode: false };
+}
+function hasSlack() {
+  const creds = getCredentials();
+  if (!creds?.apiKey) return false;
+  return getGlobalSettings().slackEnabled;
+}
+function getInternalToken() {
+  try {
+    const pidFile = path.join(os.homedir(), ".node9", "daemon.pid");
+    if (!fs.existsSync(pidFile)) return null;
+    const data = JSON.parse(fs.readFileSync(pidFile, "utf-8"));
+    process.kill(data.pid, 0);
+    return data.internalToken ?? null;
+  } catch {
+    return null;
+  }
+}
+async function evaluatePolicy(toolName, args) {
+  const config = getConfig();
+  if (matchesPattern(toolName, config.policy.ignoredTools)) return "allow";
+  const shellCommand = extractShellCommand(toolName, args, config.policy.toolInspection);
+  if (shellCommand) {
+    const { actions, paths, allTokens } = await analyzeShellCommand(shellCommand);
+    const INLINE_EXEC_PATTERN = /^(python3?|bash|sh|zsh|perl|ruby|node|php|lua)\s+(-c|-e|-eval)\s/i;
+    if (INLINE_EXEC_PATTERN.test(shellCommand.trim())) return "review";
+    for (const action of actions) {
+      const basename = action.includes("/") ? action.split("/").pop() : action;
+      const rule = config.policy.rules.find(
+        (r) => r.action === action || matchesPattern(action, r.action) || basename && (r.action === basename || matchesPattern(basename, r.action))
+      );
+      if (rule) {
+        if (paths.length > 0) {
+          const anyBlocked = paths.some((p) => matchesPattern(p, rule.blockPaths || []));
+          if (anyBlocked) return "review";
+          const allAllowed = paths.every((p) => matchesPattern(p, rule.allowPaths || []));
+          if (allAllowed) return "allow";
+        }
+        return "review";
+      }
+    }
+    const isDangerous2 = allTokens.some(
+      (token) => config.policy.dangerousWords.some((word) => {
+        const w = word.toLowerCase();
+        if (token === w) return true;
+        try {
+          return new RegExp(`\\b${w}\\b`, "i").test(token);
+        } catch {
+          return false;
+        }
+      })
+    );
+    if (isDangerous2) return "review";
+    if (config.settings.mode === "strict") return "review";
+    return "allow";
+  }
+  const isDangerous = containsDangerousWord(toolName, config.policy.dangerousWords);
+  if (isDangerous || config.settings.mode === "strict") {
+    const envConfig = getActiveEnvironment(config);
+    if (envConfig?.requireApproval === false) return "allow";
+    return "review";
+  }
+  return "allow";
+}
+function isIgnoredTool(toolName) {
+  const config = getConfig();
+  return matchesPattern(toolName, config.policy.ignoredTools);
+}
+var DAEMON_PORT = 7391;
+var DAEMON_HOST = "127.0.0.1";
+function isDaemonRunning() {
+  try {
+    const pidFile = path.join(os.homedir(), ".node9", "daemon.pid");
+    if (!fs.existsSync(pidFile)) return false;
+    const { pid, port } = JSON.parse(fs.readFileSync(pidFile, "utf-8"));
+    if (port !== DAEMON_PORT) return false;
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function getPersistentDecision(toolName) {
+  try {
+    const file = path.join(os.homedir(), ".node9", "decisions.json");
+    if (!fs.existsSync(file)) return null;
+    const decisions = JSON.parse(fs.readFileSync(file, "utf-8"));
+    const d = decisions[toolName];
+    if (d === "allow" || d === "deny") return d;
+  } catch {
+  }
+  return null;
+}
+async function askDaemon(toolName, args, meta) {
+  const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
+  const checkRes = await fetch(`${base}/check`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ toolName, args, agent: meta?.agent, mcpServer: meta?.mcpServer }),
+    signal: AbortSignal.timeout(5e3)
+  });
+  if (!checkRes.ok) throw new Error("Daemon fail");
+  const { id } = await checkRes.json();
+  const waitRes = await fetch(`${base}/wait/${id}`, { signal: AbortSignal.timeout(12e4) });
+  if (!waitRes.ok) return "deny";
+  const { decision } = await waitRes.json();
+  if (decision === "allow") return "allow";
+  if (decision === "abandoned") return "abandoned";
+  return "deny";
+}
+async function notifyDaemonViewer(toolName, args, meta) {
+  const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
+  const res = await fetch(`${base}/check`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      toolName,
+      args,
+      slackDelegated: true,
+      agent: meta?.agent,
+      mcpServer: meta?.mcpServer
+    }),
+    signal: AbortSignal.timeout(3e3)
+  });
+  if (!res.ok) throw new Error("Daemon unreachable");
+  const { id } = await res.json();
+  return id;
+}
+async function resolveViaDaemon(id, decision, internalToken) {
+  const base = `http://${DAEMON_HOST}:${DAEMON_PORT}`;
+  await fetch(`${base}/resolve/${id}`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json", "X-Node9-Internal": internalToken },
+    body: JSON.stringify({ decision }),
+    signal: AbortSignal.timeout(3e3)
+  });
+}
+async function authorizeHeadless(toolName, args, allowTerminalFallback = false, meta) {
+  const { agentMode } = getGlobalSettings();
+  const cloudEnforced = agentMode && hasSlack();
+  if (!cloudEnforced) {
+    if (isIgnoredTool(toolName)) return { approved: true };
+    const policyDecision = await evaluatePolicy(toolName, args);
+    if (policyDecision === "allow") return { approved: true, checkedBy: "local-policy" };
+    const persistent = getPersistentDecision(toolName);
+    if (persistent === "allow") return { approved: true, checkedBy: "persistent" };
+    if (persistent === "deny")
+      return {
+        approved: false,
+        reason: `Node9: "${toolName}" is set to always deny.`,
+        blockedBy: "persistent-deny",
+        changeHint: `Open the daemon UI to manage decisions:  node9 daemon --openui`
+      };
+  }
+  if (cloudEnforced) {
+    const creds = getCredentials();
+    const envConfig = getActiveEnvironment(getConfig());
+    let viewerId = null;
+    const internalToken = getInternalToken();
+    if (isDaemonRunning() && internalToken) {
+      viewerId = await notifyDaemonViewer(toolName, args, meta).catch(() => null);
+    }
+    const approved = await callNode9SaaS(toolName, args, creds, envConfig?.slackChannel, meta);
+    if (viewerId && internalToken) {
+      resolveViaDaemon(viewerId, approved ? "allow" : "deny", internalToken).catch(() => null);
+    }
+    return {
+      approved,
+      checkedBy: approved ? "cloud" : void 0,
+      blockedBy: approved ? void 0 : "team-policy",
+      changeHint: approved ? void 0 : `Visit your Node9 dashboard \u2192 Policy Studio to change this rule`
+    };
+  }
+  if (isDaemonRunning()) {
+    console.error(chalk.yellow("\n\u{1F6E1}\uFE0F  Node9: Action suspended \u2014 waiting for your approval."));
+    console.error(chalk.cyan(`   Browser UI \u2192 http://${DAEMON_HOST}:${DAEMON_PORT}/
+`));
+    try {
+      const daemonDecision = await askDaemon(toolName, args, meta);
+      if (daemonDecision === "abandoned") {
+        console.error(chalk.yellow("\n\u26A0\uFE0F  Browser closed without a decision. Falling back..."));
+      } else {
+        return {
+          approved: daemonDecision === "allow",
+          reason: daemonDecision === "deny" ? `Node9 blocked "${toolName}" \u2014 denied in browser.` : void 0,
+          checkedBy: daemonDecision === "allow" ? "daemon" : void 0,
+          blockedBy: daemonDecision === "deny" ? "local-decision" : void 0,
+          changeHint: daemonDecision === "deny" ? `Open the daemon UI to change:  node9 daemon --openui` : void 0
+        };
+      }
+    } catch {
+    }
+  }
+  if (allowTerminalFallback && process.stdout.isTTY) {
+    console.log(chalk.bgRed.white.bold(` \u{1F6D1} NODE9 INTERCEPTOR `));
+    console.log(`${chalk.bold("Action:")} ${chalk.red(toolName)}`);
+    const argsPreview = JSON.stringify(args, null, 2);
+    console.log(
+      `${chalk.bold("Args:")}
+${chalk.gray(argsPreview.length > 500 ? argsPreview.slice(0, 500) + "..." : argsPreview)}`
+    );
+    const controller = new AbortController();
+    const TIMEOUT_MS = 3e4;
+    const timer = setTimeout(() => controller.abort(), TIMEOUT_MS);
+    try {
+      const approved = await confirm(
+        { message: `Authorize? (auto-deny in ${TIMEOUT_MS / 1e3}s)`, default: false },
+        { signal: controller.signal }
+      );
+      clearTimeout(timer);
+      return { approved };
+    } catch {
+      clearTimeout(timer);
+      console.error(chalk.yellow("\n\u23F1  Prompt timed out \u2014 action denied by default."));
+      return { approved: false };
+    }
+  }
+  return {
+    approved: false,
+    noApprovalMechanism: true,
+    reason: `Node9 blocked "${toolName}". No approval mechanism is active.`,
+    blockedBy: "no-approval-mechanism",
+    changeHint: `Start the approval daemon:  node9 daemon --background
+   Or connect to your team:   node9 login <apiKey>`
+  };
+}
+function getConfig() {
+  if (cachedConfig) return cachedConfig;
+  const projectConfig = tryLoadConfig(path.join(process.cwd(), "node9.config.json"));
+  if (projectConfig) {
+    cachedConfig = buildConfig(projectConfig);
+    return cachedConfig;
+  }
+  const globalConfig = tryLoadConfig(path.join(os.homedir(), ".node9", "config.json"));
+  if (globalConfig) {
+    cachedConfig = buildConfig(globalConfig);
+    return cachedConfig;
+  }
+  cachedConfig = DEFAULT_CONFIG;
+  return cachedConfig;
+}
+function tryLoadConfig(filePath) {
+  if (!fs.existsSync(filePath)) return null;
+  try {
+    const config = JSON.parse(fs.readFileSync(filePath, "utf-8"));
+    validateConfig(config, filePath);
+    return config;
+  } catch {
+    return null;
+  }
+}
+function validateConfig(config, path2) {
+  const allowedTopLevel = ["version", "settings", "policy", "environments", "apiKey", "apiUrl"];
+  Object.keys(config).forEach((key) => {
+    if (!allowedTopLevel.includes(key))
+      console.warn(chalk.yellow(`\u26A0\uFE0F  Node9: Unknown top-level key "${key}" in ${path2}`));
+  });
+}
+function buildConfig(parsed) {
+  const p = parsed.policy || {};
+  const s = parsed.settings || {};
+  return {
+    settings: {
+      mode: s.mode ?? DEFAULT_CONFIG.settings.mode,
+      autoStartDaemon: s.autoStartDaemon ?? DEFAULT_CONFIG.settings.autoStartDaemon
+    },
+    policy: {
+      dangerousWords: p.dangerousWords ?? DEFAULT_CONFIG.policy.dangerousWords,
+      ignoredTools: p.ignoredTools ?? DEFAULT_CONFIG.policy.ignoredTools,
+      toolInspection: p.toolInspection ?? DEFAULT_CONFIG.policy.toolInspection,
+      rules: p.rules ?? DEFAULT_CONFIG.policy.rules
+    },
+    environments: parsed.environments || {}
+  };
+}
+function getActiveEnvironment(config) {
+  const env = process.env.NODE_ENV || "development";
+  return config.environments[env] ?? null;
+}
+function getCredentials() {
+  const DEFAULT_API_URL = "https://api.node9.ai/api/v1/intercept";
+  if (process.env.NODE9_API_KEY)
+    return {
+      apiKey: process.env.NODE9_API_KEY,
+      apiUrl: process.env.NODE9_API_URL || DEFAULT_API_URL
+    };
+  try {
+    const projectConfigPath = path.join(process.cwd(), "node9.config.json");
+    if (fs.existsSync(projectConfigPath)) {
+      const projectConfig = JSON.parse(fs.readFileSync(projectConfigPath, "utf-8"));
+      if (typeof projectConfig.apiKey === "string" && projectConfig.apiKey) {
+        return {
+          apiKey: projectConfig.apiKey,
+          apiUrl: typeof projectConfig.apiUrl === "string" && projectConfig.apiUrl || DEFAULT_API_URL
+        };
+      }
+    }
+  } catch {
+  }
+  try {
+    const credPath = path.join(os.homedir(), ".node9", "credentials.json");
+    if (fs.existsSync(credPath)) {
+      const creds = JSON.parse(fs.readFileSync(credPath, "utf-8"));
+      const profileName = process.env.NODE9_PROFILE || "default";
+      const profile = creds[profileName];
+      if (profile?.apiKey) {
+        return {
+          apiKey: profile.apiKey,
+          apiUrl: profile.apiUrl || DEFAULT_API_URL
+        };
+      }
+      if (creds.apiKey) {
+        return {
+          apiKey: creds.apiKey,
+          apiUrl: creds.apiUrl || DEFAULT_API_URL
+        };
+      }
+    }
+  } catch {
+  }
+  return null;
+}
+async function authorizeAction(toolName, args) {
+  const result = await authorizeHeadless(toolName, args, true);
+  return result.approved;
+}
+async function callNode9SaaS(toolName, args, creds, slackChannel, meta) {
+  try {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 35e3);
+    const response = await fetch(creds.apiUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json", Authorization: `Bearer ${creds.apiKey}` },
+      body: JSON.stringify({
+        toolName,
+        args,
+        slackChannel,
+        context: {
+          agent: meta?.agent,
+          mcpServer: meta?.mcpServer,
+          hostname: os.hostname(),
+          cwd: process.cwd(),
+          platform: os.platform()
+        }
+      }),
+      signal: controller.signal
+    });
+    clearTimeout(timeout);
+    if (!response.ok) throw new Error("API fail");
+    const data = await response.json();
+    if (!data.pending) return data.approved;
+    if (!data.requestId) return false;
+    const statusUrl = `${creds.apiUrl}/status/${data.requestId}`;
+    console.error(chalk.yellow("\n\u{1F6E1}\uFE0F  Node9: Action suspended \u2014 waiting for your approval."));
+    if (isDaemonRunning()) {
+      console.error(
+        chalk.cyan("   Browser UI \u2192 ") + chalk.bold(`http://${DAEMON_HOST}:${DAEMON_PORT}/`)
+      );
+    }
+    console.error(chalk.cyan("   Dashboard  \u2192 ") + chalk.bold("Mission Control > Flows"));
+    console.error(chalk.gray("   Agent is paused. Approve or deny to continue.\n"));
+    const POLL_INTERVAL_MS = 3e3;
+    const POLL_DEADLINE = Date.now() + 5 * 60 * 1e3;
+    while (Date.now() < POLL_DEADLINE) {
+      await new Promise((r) => setTimeout(r, POLL_INTERVAL_MS));
+      try {
+        const statusRes = await fetch(statusUrl, {
+          headers: { Authorization: `Bearer ${creds.apiKey}` },
+          signal: AbortSignal.timeout(5e3)
+        });
+        if (!statusRes.ok) continue;
+        const { status } = await statusRes.json();
+        if (status === "APPROVED") {
+          console.error(chalk.green("\u2705  Approved \u2014 continuing.\n"));
+          return true;
+        }
+        if (status === "DENIED" || status === "AUTO_BLOCKED" || status === "TIMED_OUT") {
+          console.error(chalk.red("\u274C  Denied \u2014 action blocked.\n"));
+          return false;
+        }
+      } catch {
+      }
+    }
+    console.error(chalk.yellow("\u23F1  Timed out waiting for approval \u2014 action blocked.\n"));
+    return false;
+  } catch {
+    return false;
+  }
+}
+
+// src/index.ts
+function protect(toolName, fn) {
+  return async (...args) => {
+    const isAuthorized = await authorizeAction(toolName, args);
+    if (!isAuthorized) {
+      throw new Error(`Node9: Execution of ${toolName} was denied by the user.`);
+    }
+    return await fn(...args);
+  };
+}
+export {
+  protect
+};

package/package.json

@@ -0,0 +1,87 @@
+{
+  "name": "@node9/proxy",
+  "version": "0.2.1",
+  "description": "The Sudo Command for AI Agents. Execution Security for Claude Code & MCP.",
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "bin": {
+    "node9": "./dist/cli.js"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/nadav-node9/node9-proxy.git"
+  },
+  "bugs": {
+    "url": "https://github.com/nadav-node9/node9-proxy/issues"
+  },
+  "homepage": "https://github.com/nadav-node9/node9-proxy#readme",
+  "keywords": [
+    "ai-security",
+    "mcp",
+    "mcp-proxy",
+    "claude-code",
+    "gemini-cli",
+    "cursor",
+    "agentic-ai",
+    "agent-security",
+    "sudo",
+    "security-proxy",
+    "human-in-the-loop",
+    "hitl"
+  ],
+  "author": "Nadav <nadav@node9.ai>",
+  "license": "MIT",
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "demo": "tsx examples/demo.ts",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint .",
+    "lint:fix": "eslint . --fix",
+    "format": "prettier --write .",
+    "format:check": "prettier --check .",
+    "fix": "npm run format && npm run lint:fix",
+    "validate": "npm run format && npm run lint && npm run typecheck && npm run test && npm run test:e2e && npm run build",
+    "test:e2e": "bash scripts/e2e.sh",
+    "prepublishOnly": "npm run validate"
+  },
+  "dependencies": {
+    "@inquirer/prompts": "^8.3.0",
+    "chalk": "^4.1.2",
+    "commander": "^14.0.3",
+    "execa": "^9.6.1",
+    "picomatch": "^4.0.3",
+    "sh-syntax": "^0.5.8"
+  },
+  "devDependencies": {
+    "@types/node": "^25.3.1",
+    "@types/picomatch": "^4.0.2",
+    "prettier": "^3.4.2",
+    "tsup": "^8.5.1",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3",
+    "typescript-eslint": "^8.20.0",
+    "vitest": "^4.0.18"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}