@openape/apes 0.5.5 → 0.6.1

package/dist/chunk-G3Q2TMAI.js

@@ -0,0 +1,1331 @@
+#!/usr/bin/env node
+
+// src/config.ts
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+var CONFIG_DIR = join(homedir(), ".config", "apes");
+var AUTH_FILE = join(CONFIG_DIR, "auth.json");
+var CONFIG_FILE = join(CONFIG_DIR, "config.toml");
+function ensureDir() {
+  if (!existsSync(CONFIG_DIR)) {
+    mkdirSync(CONFIG_DIR, { recursive: true });
+  }
+}
+function loadAuth() {
+  if (!existsSync(AUTH_FILE))
+    return null;
+  try {
+    return JSON.parse(readFileSync(AUTH_FILE, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function saveAuth(data) {
+  ensureDir();
+  writeFileSync(AUTH_FILE, JSON.stringify(data, null, 2), { mode: 384 });
+}
+function clearAuth() {
+  if (existsSync(AUTH_FILE)) {
+    writeFileSync(AUTH_FILE, "", { mode: 384 });
+  }
+}
+function loadConfig() {
+  if (!existsSync(CONFIG_FILE))
+    return {};
+  try {
+    return parseTOML(readFileSync(CONFIG_FILE, "utf-8"));
+  } catch {
+    return {};
+  }
+}
+function parseTOML(content) {
+  const config = {};
+  let section = "";
+  for (const line of content.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#"))
+      continue;
+    const sectionMatch = trimmed.match(/^\[(.+)\]$/);
+    if (sectionMatch) {
+      section = sectionMatch[1];
+      continue;
+    }
+    const kvMatch = trimmed.match(/^(\w+)\s*=\s*"(.+)"$/);
+    if (kvMatch) {
+      const [, key, value] = kvMatch;
+      if (section === "defaults") {
+        config.defaults = config.defaults || {};
+        config.defaults[key] = value;
+      } else if (section === "agent") {
+        config.agent = config.agent || {};
+        config.agent[key] = value;
+      }
+    }
+  }
+  return config;
+}
+function saveConfig(config) {
+  ensureDir();
+  const lines = [];
+  if (config.defaults) {
+    lines.push("[defaults]");
+    for (const [key, value] of Object.entries(config.defaults)) {
+      if (value)
+        lines.push(`${key} = "${value}"`);
+    }
+    lines.push("");
+  }
+  if (config.agent) {
+    lines.push("[agent]");
+    for (const [key, value] of Object.entries(config.agent)) {
+      if (value)
+        lines.push(`${key} = "${value}"`);
+    }
+    lines.push("");
+  }
+  writeFileSync(CONFIG_FILE, lines.join("\n"), { mode: 384 });
+}
+function getIdpUrl(explicit) {
+  if (explicit)
+    return explicit;
+  if (process.env.APES_IDP)
+    return process.env.APES_IDP;
+  const auth = loadAuth();
+  if (auth?.idp)
+    return auth.idp;
+  const config = loadConfig();
+  if (config.defaults?.idp)
+    return config.defaults.idp;
+  return null;
+}
+function getAuthToken() {
+  const auth = loadAuth();
+  if (!auth)
+    return null;
+  if (auth.expires_at && Date.now() / 1e3 > auth.expires_at - 30) {
+    return null;
+  }
+  return auth.access_token;
+}
+function getRequesterIdentity() {
+  return loadAuth()?.email ?? null;
+}
+
+// src/http.ts
+import consola from "consola";
+var debug = process.argv.includes("--debug");
+var ApiError = class extends Error {
+  constructor(statusCode, message, problemDetails) {
+    super(message);
+    this.statusCode = statusCode;
+    this.problemDetails = problemDetails;
+    this.name = "ApiError";
+  }
+};
+var _discoveryCache = {};
+async function discoverEndpoints(idpUrl) {
+  if (_discoveryCache[idpUrl]) {
+    return _discoveryCache[idpUrl];
+  }
+  try {
+    const response = await fetch(`${idpUrl}/.well-known/openid-configuration`);
+    if (response.ok) {
+      const data = await response.json();
+      _discoveryCache[idpUrl] = data;
+      return data;
+    }
+  } catch {
+  }
+  _discoveryCache[idpUrl] = {};
+  return {};
+}
+async function getGrantsEndpoint(idpUrl) {
+  const disco = await discoverEndpoints(idpUrl);
+  return disco.openape_grants_endpoint || `${idpUrl}/api/grants`;
+}
+async function getAgentChallengeEndpoint(idpUrl) {
+  const disco = await discoverEndpoints(idpUrl);
+  return disco.ddisa_agent_challenge_endpoint || `${idpUrl}/api/agent/challenge`;
+}
+async function getAgentAuthenticateEndpoint(idpUrl) {
+  const disco = await discoverEndpoints(idpUrl);
+  return disco.ddisa_agent_authenticate_endpoint || `${idpUrl}/api/agent/authenticate`;
+}
+async function getDelegationsEndpoint(idpUrl) {
+  const disco = await discoverEndpoints(idpUrl);
+  return disco.openape_delegations_endpoint || `${idpUrl}/api/delegations`;
+}
+async function refreshAgentToken() {
+  const auth = loadAuth();
+  if (!auth)
+    return null;
+  const config = loadConfig();
+  const keyPath = config.agent?.key;
+  if (!keyPath)
+    return null;
+  try {
+    const { readFileSync: readFileSync6 } = await import("fs");
+    const { sign } = await import("crypto");
+    const { homedir: homedir7 } = await import("os");
+    const { loadEd25519PrivateKey } = await import("./ssh-key-Q7KG4K25.js");
+    const resolved = keyPath.replace(/^~/, homedir7());
+    const keyContent = readFileSync6(resolved, "utf-8");
+    const privateKey = loadEd25519PrivateKey(keyContent);
+    const challengeUrl = await getAgentChallengeEndpoint(auth.idp);
+    const challengeResp = await fetch(challengeUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ agent_id: auth.email })
+    });
+    if (!challengeResp.ok)
+      return null;
+    const { challenge } = await challengeResp.json();
+    const { Buffer: Buffer2 } = await import("buffer");
+    const signature = sign(null, Buffer2.from(challenge), privateKey).toString("base64");
+    const authenticateUrl = await getAgentAuthenticateEndpoint(auth.idp);
+    const authResp = await fetch(authenticateUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ agent_id: auth.email, challenge, signature })
+    });
+    if (!authResp.ok)
+      return null;
+    const { token, expires_in } = await authResp.json();
+    saveAuth({
+      ...auth,
+      access_token: token,
+      expires_at: Math.floor(Date.now() / 1e3) + (expires_in || 3600)
+    });
+    if (debug) {
+      consola.debug("Token refreshed via Ed25519 challenge-response");
+    }
+    return token;
+  } catch {
+    return null;
+  }
+}
+async function apiFetch(path, options = {}) {
+  let token = options.token || getAuthToken();
+  if (!token) {
+    token = await refreshAgentToken();
+  }
+  if (!token) {
+    throw new Error("Not authenticated (token expired). Run `apes login` first.");
+  }
+  let url;
+  if (path.startsWith("http")) {
+    url = path;
+  } else {
+    const idp = options.idp || getIdpUrl();
+    if (!idp) {
+      throw new Error("No IdP URL configured. Run `apes login` first or pass --idp.");
+    }
+    url = `${idp}${path}`;
+  }
+  const method = options.method || "GET";
+  const headers = {
+    "Authorization": `Bearer ${token}`,
+    "Content-Type": "application/json"
+  };
+  if (debug) {
+    consola.debug(`${method} ${url}`);
+    consola.debug(`Token: ${token.substring(0, 20)}...${token.substring(token.length - 10)}`);
+  }
+  const response = await fetch(url, {
+    method,
+    headers,
+    body: options.body ? JSON.stringify(options.body) : void 0
+  });
+  if (debug) {
+    consola.debug(`Response: ${response.status} ${response.statusText}`);
+  }
+  if (!response.ok) {
+    const contentType = response.headers.get("content-type") || "";
+    if (contentType.includes("application/problem+json") || contentType.includes("application/json")) {
+      try {
+        const problem = await response.json();
+        const message = problem.detail || problem.title || problem.statusMessage || problem.message || `${response.status} ${response.statusText}`;
+        throw new ApiError(response.status, message, problem);
+      } catch (e) {
+        if (e instanceof ApiError)
+          throw e;
+      }
+    }
+    const text = await response.text();
+    throw new ApiError(response.status, text || `${response.status} ${response.statusText}`);
+  }
+  return response.json();
+}
+
+// src/shapes/adapters.ts
+import { createHash } from "crypto";
+import { existsSync as existsSync2, readdirSync, readFileSync as readFileSync2 } from "fs";
+import { homedir as homedir2 } from "os";
+import { basename, join as join2 } from "path";
+
+// src/shapes/toml.ts
+function parseKeyValue(line) {
+  const eqIndex = line.indexOf("=");
+  if (eqIndex === -1)
+    return null;
+  const key = line.slice(0, eqIndex).trim();
+  const value = line.slice(eqIndex + 1).trim();
+  if (!key || !value)
+    return null;
+  return { key, value };
+}
+function parseTomlValue(raw) {
+  const trimmed = raw.trim();
+  if (trimmed.startsWith('"') && trimmed.endsWith('"'))
+    return trimmed.slice(1, -1);
+  if (trimmed === "true")
+    return true;
+  if (trimmed === "false")
+    return false;
+  if (trimmed.startsWith("[") && trimmed.endsWith("]")) {
+    const inner = trimmed.slice(1, -1).trim();
+    if (!inner)
+      return [];
+    return inner.split(",").map((value) => value.trim().replace(/^"|"$/g, ""));
+  }
+  return trimmed;
+}
+function parseAdapterToml(content) {
+  const result = {};
+  const operations = [];
+  let currentSection = "root";
+  let currentEntry = {};
+  const flushOperation = () => {
+    if (currentSection === "operation" && Object.keys(currentEntry).length > 0) {
+      operations.push(currentEntry);
+      currentEntry = {};
+    }
+  };
+  for (const rawLine of content.split("\n")) {
+    const line = rawLine.trim();
+    if (!line || line.startsWith("#"))
+      continue;
+    if (line === "[cli]") {
+      flushOperation();
+      currentSection = "cli";
+      result.cli = {};
+      continue;
+    }
+    if (line === "[[operation]]") {
+      flushOperation();
+      currentSection = "operation";
+      currentEntry = {};
+      continue;
+    }
+    const kv = parseKeyValue(line);
+    if (!kv)
+      continue;
+    const value = parseTomlValue(kv.value);
+    if (currentSection === "root") {
+      ;
+      result[kv.key] = value;
+    } else if (currentSection === "cli") {
+      ;
+      result.cli[kv.key] = value;
+    } else {
+      currentEntry[kv.key] = value;
+    }
+  }
+  flushOperation();
+  result.operation = operations;
+  if (result.schema !== "openape-shapes/v1") {
+    throw new Error(`Unsupported adapter schema: ${result.schema ?? "missing"}`);
+  }
+  if (!result.cli?.id || !result.cli.executable) {
+    throw new Error("Adapter is missing cli.id or cli.executable");
+  }
+  if (!result.operation?.length) {
+    throw new Error("Adapter must define at least one [[operation]] entry");
+  }
+  return {
+    schema: result.schema,
+    cli: {
+      id: String(result.cli.id),
+      executable: String(result.cli.executable),
+      ...result.cli.audience ? { audience: String(result.cli.audience) } : {},
+      ...result.cli.version ? { version: String(result.cli.version) } : {}
+    },
+    operations: result.operation.map((operation) => {
+      if (!Array.isArray(operation.command) || operation.command.some((token) => typeof token !== "string")) {
+        throw new Error(`Operation ${String(operation.id ?? "<unknown>")} is missing command[]`);
+      }
+      if (!Array.isArray(operation.resource_chain) || operation.resource_chain.some((token) => typeof token !== "string")) {
+        throw new Error(`Operation ${String(operation.id ?? "<unknown>")} is missing resource_chain[]`);
+      }
+      if (typeof operation.id !== "string" || typeof operation.display !== "string" || typeof operation.action !== "string") {
+        throw new TypeError("Operation must define id, display, and action");
+      }
+      return {
+        id: operation.id,
+        command: operation.command,
+        ...Array.isArray(operation.positionals) ? { positionals: operation.positionals } : {},
+        ...Array.isArray(operation.required_options) ? { required_options: operation.required_options } : {},
+        display: operation.display,
+        action: operation.action,
+        risk: operation.risk || "low",
+        resource_chain: operation.resource_chain,
+        ...operation.exact_command !== void 0 ? { exact_command: Boolean(operation.exact_command) } : {}
+      };
+    })
+  };
+}
+
+// src/shapes/adapters.ts
+function digest(content) {
+  return `SHA-256:${createHash("sha256").update(content).digest("hex")}`;
+}
+function adapterDirs() {
+  return [
+    join2(process.cwd(), ".openape", "shapes", "adapters"),
+    join2(homedir2(), ".openape", "shapes", "adapters"),
+    join2("/etc", "openape", "shapes", "adapters")
+  ];
+}
+function findByExecutable(executable) {
+  for (const dir of adapterDirs()) {
+    if (!existsSync2(dir))
+      continue;
+    try {
+      const files = readdirSync(dir).filter((f) => f.endsWith(".toml"));
+      for (const file of files) {
+        const path = join2(dir, file);
+        const content = readFileSync2(path, "utf-8");
+        const match = content.match(/^\s*executable\s*=\s*"([^"]+)"/m);
+        if (match && match[1] === executable)
+          return path;
+      }
+    } catch {
+    }
+  }
+  return void 0;
+}
+function resolveAdapterPath(cliId, explicitPath) {
+  if (explicitPath) {
+    if (existsSync2(explicitPath))
+      return explicitPath;
+    throw new Error(`Adapter file not found: ${explicitPath}`);
+  }
+  const candidates = adapterDirs().map((dir) => join2(dir, `${cliId}.toml`));
+  const match = candidates.find((path) => existsSync2(path));
+  if (match)
+    return match;
+  const byExec = findByExecutable(cliId);
+  if (byExec)
+    return byExec;
+  throw new Error(`No adapter found for ${cliId}`);
+}
+function loadAdapter(cliId, explicitPath) {
+  const source = resolveAdapterPath(cliId, explicitPath);
+  const content = readFileSync2(source, "utf-8");
+  const adapter = parseAdapterToml(content);
+  const idMatch = adapter.cli.id === cliId;
+  const fileMatch = basename(source) === `${cliId}.toml`;
+  const execMatch = adapter.cli.executable === cliId;
+  if (!idMatch && !fileMatch && !execMatch)
+    throw new Error(`Adapter ${source} does not match requested CLI ${cliId}`);
+  return {
+    adapter,
+    source,
+    digest: digest(content)
+  };
+}
+function tryLoadAdapter(cliId, explicitPath) {
+  try {
+    return loadAdapter(cliId, explicitPath);
+  } catch {
+    return null;
+  }
+}
+
+// src/shapes/audit.ts
+import { appendFileSync, existsSync as existsSync3, mkdirSync as mkdirSync2 } from "fs";
+import { homedir as homedir3 } from "os";
+import { dirname, join as join3 } from "path";
+function auditPath() {
+  return join3(homedir3(), ".config", "apes", "audit.jsonl");
+}
+function appendAuditLog(entry) {
+  const full = {
+    ...entry,
+    action: entry.action,
+    timestamp: entry.timestamp ?? Date.now()
+  };
+  const path = auditPath();
+  const dir = dirname(path);
+  try {
+    if (!existsSync3(dir)) mkdirSync2(dir, { recursive: true });
+    appendFileSync(path, `${JSON.stringify(full)}
+`);
+  } catch {
+  }
+}
+
+// src/shapes/installer.ts
+import { createHash as createHash2 } from "crypto";
+import { existsSync as existsSync4, mkdirSync as mkdirSync3, readdirSync as readdirSync2, readFileSync as readFileSync3, unlinkSync, writeFileSync as writeFileSync2 } from "fs";
+import { homedir as homedir4 } from "os";
+import { join as join4 } from "path";
+function adapterDir(local) {
+  const base = local ? process.cwd() : homedir4();
+  return join4(base, ".openape", "shapes", "adapters");
+}
+function adapterPath(id, local) {
+  return join4(adapterDir(local), `${id}.toml`);
+}
+function sha256(content) {
+  return `SHA-256:${createHash2("sha256").update(content).digest("hex")}`;
+}
+async function installAdapter(entry, options = {}) {
+  const local = options.local ?? false;
+  const dest = adapterPath(entry.id, local);
+  const dir = adapterDir(local);
+  const response = await fetch(entry.download_url);
+  if (!response.ok)
+    throw new Error(`Failed to download adapter ${entry.id}: ${response.status} ${response.statusText}`);
+  const content = await response.text();
+  const digest2 = sha256(content);
+  if (digest2 !== entry.digest)
+    throw new Error(`Digest mismatch for ${entry.id}: expected ${entry.digest}, got ${digest2}`);
+  const updated = existsSync4(dest);
+  if (!existsSync4(dir))
+    mkdirSync3(dir, { recursive: true });
+  writeFileSync2(dest, content);
+  return { id: entry.id, path: dest, digest: digest2, updated };
+}
+function getInstalledDigest(id, local) {
+  const path = adapterPath(id, local);
+  if (!existsSync4(path))
+    return null;
+  const content = readFileSync3(path, "utf-8");
+  return sha256(content);
+}
+function isInstalled(id, local) {
+  return existsSync4(adapterPath(id, local));
+}
+function removeAdapter(id, local) {
+  const path = adapterPath(id, local);
+  if (!existsSync4(path))
+    return false;
+  unlinkSync(path);
+  return true;
+}
+function findConflictingAdapters(executable, excludeId) {
+  const conflicts = [];
+  const dirs = [
+    join4(process.cwd(), ".openape", "shapes", "adapters"),
+    join4(homedir4(), ".openape", "shapes", "adapters")
+  ];
+  for (const dir of dirs) {
+    if (!existsSync4(dir))
+      continue;
+    try {
+      for (const file of readdirSync2(dir).filter((f) => f.endsWith(".toml"))) {
+        const path = join4(dir, file);
+        const content = readFileSync3(path, "utf-8");
+        const execMatch = content.match(/^\s*executable\s*=\s*"([^"]+)"/m);
+        const idMatch = content.match(/^\s*id\s*=\s*"([^"]+)"/m);
+        if (execMatch?.[1] === executable && idMatch?.[1] !== excludeId) {
+          conflicts.push({ file, path, adapterId: idMatch?.[1] ?? file, executable });
+        }
+      }
+    } catch {
+    }
+  }
+  return conflicts;
+}
+
+// src/shapes/registry.ts
+import { existsSync as existsSync5, mkdirSync as mkdirSync4, readFileSync as readFileSync4, writeFileSync as writeFileSync3 } from "fs";
+import { homedir as homedir5 } from "os";
+import { join as join5 } from "path";
+var REGISTRY_URL = process.env.SHAPES_REGISTRY_URL ?? "https://raw.githubusercontent.com/openape-ai/shapes-registry/main/registry.json";
+var CACHE_TTL_MS = 60 * 60 * 1e3;
+function cacheDir() {
+  return join5(homedir5(), ".openape", "shapes", "cache");
+}
+function cachePath() {
+  return join5(cacheDir(), "registry.json");
+}
+function readCache() {
+  const path = cachePath();
+  if (!existsSync5(path))
+    return null;
+  try {
+    const raw = readFileSync4(path, "utf-8");
+    const stat = JSON.parse(raw);
+    if (stat._cached_at && Date.now() - stat._cached_at > CACHE_TTL_MS)
+      return null;
+    return stat;
+  } catch {
+    return null;
+  }
+}
+function writeCache(index) {
+  const dir = cacheDir();
+  if (!existsSync5(dir))
+    mkdirSync4(dir, { recursive: true });
+  writeFileSync3(cachePath(), JSON.stringify({ ...index, _cached_at: Date.now() }, null, 2));
+}
+async function fetchRegistry(forceRefresh = false) {
+  if (!forceRefresh) {
+    const cached = readCache();
+    if (cached)
+      return cached;
+  }
+  const response = await fetch(REGISTRY_URL);
+  if (!response.ok)
+    throw new Error(`Failed to fetch registry: ${response.status} ${response.statusText}`);
+  const index = await response.json();
+  writeCache(index);
+  return index;
+}
+function searchAdapters(index, query) {
+  const q = query.toLowerCase();
+  return index.adapters.filter(
+    (a) => a.id.includes(q) || a.name.toLowerCase().includes(q) || a.description.toLowerCase().includes(q) || a.tags.some((t) => t.includes(q)) || a.category.includes(q)
+  );
+}
+function findAdapter(index, id) {
+  return index.adapters.find((a) => a.id === id);
+}
+
+// src/shapes/shell-parser.ts
+import consola2 from "consola";
+import { parse as shellParse } from "shell-quote";
+var COMPOUND_OPERATORS = /* @__PURE__ */ new Set(["&&", "||", ";", "|", "&", ">", ">>", "<"]);
+function parseShellCommand(raw) {
+  const trimmed = raw.trim();
+  if (trimmed.length === 0) return null;
+  let tokens;
+  try {
+    tokens = shellParse(trimmed);
+  } catch {
+    return null;
+  }
+  const hasShellExpansion = /\$\(|`/.test(trimmed);
+  const hasOperatorToken = tokens.some((t) => typeof t === "object" && t !== null && "op" in t && COMPOUND_OPERATORS.has(t.op));
+  const isCompound = hasShellExpansion || hasOperatorToken;
+  const stringTokens = [];
+  for (const t of tokens) {
+    if (typeof t === "string") {
+      stringTokens.push(t);
+    } else {
+      break;
+    }
+  }
+  if (stringTokens.length === 0) return null;
+  return {
+    executable: stringTokens[0],
+    argv: stringTokens.slice(1),
+    isCompound,
+    raw: trimmed
+  };
+}
+function extractShellCommandString(command) {
+  if (command.length < 3) return null;
+  if (command[0] !== "bash" && command[0] !== "sh") return null;
+  if (command[1] !== "-c") return null;
+  return command.slice(2).join(" ");
+}
+async function loadOrInstallAdapter(cliId) {
+  const local = tryLoadAdapter(cliId);
+  if (local) return local;
+  try {
+    const index = await fetchRegistry();
+    const entry = findAdapter(index, cliId);
+    if (!entry) return null;
+    consola2.info(`Installing shapes adapter for ${cliId} from registry...`);
+    await installAdapter(entry, { local: false });
+    appendAuditLog({
+      action: "adapter-auto-install",
+      cli_id: cliId,
+      digest: entry.digest,
+      source: "ape-shell"
+    });
+    return tryLoadAdapter(cliId);
+  } catch (err) {
+    consola2.debug(`ape-shell adapter auto-install failed for ${cliId}:`, err);
+    return null;
+  }
+}
+
+// src/shapes/capabilities.ts
+import { canonicalizeCliPermission } from "@openape/grants";
+function parseOperationChainEntry(entry) {
+  const [resource, selectorSpec = "*"] = entry.split(":", 2);
+  if (!resource) {
+    throw new Error(`Invalid resource chain entry: ${entry}`);
+  }
+  if (selectorSpec === "*") {
+    return { resource, selectorKeys: [] };
+  }
+  const selectorKeys = selectorSpec.split(",").map((segment) => {
+    const [key] = segment.split("=", 2);
+    if (!key)
+      throw new Error(`Invalid selector segment: ${segment}`);
+    return key;
+  });
+  return { resource, selectorKeys };
+}
+function operationChain(operation) {
+  return operation.resource_chain.map(parseOperationChainEntry);
+}
+function knownSelectorKeys(operations, resource) {
+  const keys = /* @__PURE__ */ new Set();
+  for (const operation of operations) {
+    for (const entry of operationChain(operation)) {
+      if (entry.resource !== resource)
+        continue;
+      for (const key of entry.selectorKeys) {
+        keys.add(key);
+      }
+    }
+  }
+  return Array.from(keys).sort();
+}
+function parseResourceSelector(raw) {
+  const [lhs, value] = raw.split("=", 2);
+  if (!lhs || !value) {
+    throw new Error(`Invalid selector: ${raw}`);
+  }
+  const [resource, key] = lhs.split(".", 2);
+  if (!resource || !key) {
+    throw new Error(`Selectors must be in resource.key=value form: ${raw}`);
+  }
+  return { resource, key, value };
+}
+function formatSelector(selector) {
+  if (!selector || Object.keys(selector).length === 0)
+    return "*";
+  return Object.entries(selector).sort(([a], [b]) => a.localeCompare(b)).map(([key, value]) => `${key}=${value}`).join(",");
+}
+function summarizeDetail(detail) {
+  const chain = detail.resource_chain.map((resource) => `${resource.resource}[${formatSelector(resource.selector)}]`).join(" -> ");
+  return `Allow ${detail.action} on ${detail.cli_id} ${chain}`;
+}
+function resolveCapabilityRequest(loaded, params) {
+  if (params.resources.length === 0) {
+    throw new Error("At least one --resource is required");
+  }
+  if (params.actions.length === 0) {
+    throw new Error("At least one --action is required");
+  }
+  const selectorMap = /* @__PURE__ */ new Map();
+  for (const rawSelector of params.selectors ?? []) {
+    const { resource, key, value } = parseResourceSelector(rawSelector);
+    const current = selectorMap.get(resource) ?? {};
+    current[key] = value;
+    selectorMap.set(resource, current);
+  }
+  const resource_chain = params.resources.map((resource) => {
+    const selector = selectorMap.get(resource);
+    const knownKeys = knownSelectorKeys(loaded.adapter.operations, resource);
+    if (selector) {
+      for (const key of Object.keys(selector)) {
+        if (!knownKeys.includes(key)) {
+          throw new Error(`Unknown selector ${resource}.${key} for adapter ${loaded.adapter.cli.id}`);
+        }
+      }
+    }
+    return selector && Object.keys(selector).length > 0 ? { resource, selector } : { resource };
+  });
+  const requestedSequence = params.resources.join("\0");
+  const matchingOperations = loaded.adapter.operations.filter((operation) => {
+    const sequence = operationChain(operation).map((entry) => entry.resource).join("\0");
+    return sequence === requestedSequence || sequence.startsWith(`${requestedSequence}\0`);
+  });
+  if (matchingOperations.length === 0) {
+    throw new Error(`No adapter operation supports resource chain: ${params.resources.join(" -> ")}`);
+  }
+  const details = params.actions.map((action) => {
+    const matchingActionOps = matchingOperations.filter((operation) => operation.action === action);
+    if (matchingActionOps.length === 0) {
+      throw new Error(`Action ${action} is not valid for resource chain: ${params.resources.join(" -> ")}`);
+    }
+    const exact_command = matchingActionOps.every((operation) => operation.exact_command === true);
+    const risks = ["low", "medium", "high", "critical"];
+    const risk = matchingActionOps.reduce((current, operation) => {
+      return risks.indexOf(operation.risk) > risks.indexOf(current) ? operation.risk : current;
+    }, "low");
+    const detail = {
+      type: "openape_cli",
+      cli_id: loaded.adapter.cli.id,
+      operation_id: `capability.${action}`,
+      resource_chain,
+      action,
+      permission: "",
+      display: "",
+      risk,
+      ...exact_command ? { constraints: { exact_command: true } } : {}
+    };
+    detail.permission = canonicalizeCliPermission(detail);
+    detail.display = summarizeDetail(detail);
+    return detail;
+  });
+  return {
+    adapter: loaded.adapter,
+    source: loaded.source,
+    digest: loaded.digest,
+    executable: loaded.adapter.cli.executable,
+    details,
+    executionContext: {
+      adapter_id: loaded.adapter.cli.id,
+      adapter_version: loaded.adapter.cli.version ?? loaded.adapter.schema,
+      adapter_digest: loaded.digest,
+      resolved_executable: loaded.adapter.cli.executable,
+      context_bindings: Object.fromEntries(
+        Array.from(selectorMap.entries()).flatMap(
+          ([resource, selector]) => Object.entries(selector).map(([key, value]) => [`${resource}.${key}`, value])
+        )
+      )
+    },
+    permissions: details.map((detail) => detail.permission),
+    summary: details.map((detail) => detail.display).join("; ")
+  };
+}
+
+// src/shapes/parser.ts
+import { canonicalizeCliPermission as canonicalizeCliPermission2, computeArgvHash } from "@openape/grants";
+function parseOptionArgs(tokens, valueOptions) {
+  const options = {};
+  const positionals = [];
+  const takesValue = new Set(valueOptions ?? []);
+  for (let index = 0; index < tokens.length; index += 1) {
+    const token = tokens[index];
+    if (token.startsWith("--")) {
+      const stripped = token.slice(2);
+      const eqIndex = stripped.indexOf("=");
+      if (eqIndex >= 0) {
+        options[stripped.slice(0, eqIndex)] = stripped.slice(eqIndex + 1);
+        continue;
+      }
+      const next = tokens[index + 1];
+      if (next && !next.startsWith("-")) {
+        options[stripped] = next;
+        index += 1;
+        continue;
+      }
+      options[stripped] = "true";
+    } else if (token.startsWith("-") && token.length > 1 && !/^-\d/.test(token)) {
+      const key = token.slice(1);
+      if (key.length === 1 && !takesValue.has(key)) {
+        options[key] = "true";
+      } else {
+        const next = tokens[index + 1];
+        if (next && !next.startsWith("-")) {
+          options[key] = next;
+          index += 1;
+        } else {
+          options[key] = "true";
+        }
+      }
+    } else {
+      positionals.push(token);
+    }
+  }
+  return { options, positionals };
+}
+function resolveBindingToken(binding, bindings) {
+  const match = binding.match(/^\{([^}|]+)(?:\|([^}]+))?\}$/);
+  if (!match)
+    return binding;
+  const [, name, transform] = match;
+  const value = bindings[name];
+  if (!value)
+    throw new Error(`Missing binding: ${name}`);
+  if (!transform)
+    return value;
+  if (transform === "owner" || transform === "name") {
+    const [owner, repo] = value.split("/");
+    if (!owner || !repo)
+      throw new Error(`Binding ${name} must be in owner/name form`);
+    return transform === "owner" ? owner : repo;
+  }
+  throw new Error(`Unsupported binding transform: ${transform}`);
+}
+function renderTemplate(template, bindings) {
+  return template.replace(/\{([^}]+)\}/g, (_, expression) => resolveBindingToken(`{${expression}}`, bindings));
+}
+function parseResourceChain(chain, bindings) {
+  return chain.map((entry) => {
+    const [resource, selectorSpec = "*"] = entry.split(":", 2);
+    if (!resource)
+      throw new Error(`Invalid resource chain entry: ${entry}`);
+    if (selectorSpec === "*") {
+      return { resource };
+    }
+    const selector = Object.fromEntries(
+      selectorSpec.split(",").map((segment) => {
+        const [key, rawValue] = segment.split("=", 2);
+        if (!key || !rawValue)
+          throw new Error(`Invalid selector segment: ${segment}`);
+        return [key, renderTemplate(rawValue, bindings)];
+      })
+    );
+    return { resource, selector };
+  });
+}
+function matchOperation(operation, argv) {
+  if (argv.length < operation.command.length)
+    return null;
+  const prefix = argv.slice(0, operation.command.length);
+  if (prefix.join("\0") !== operation.command.join("\0"))
+    return null;
+  const remainder = argv.slice(operation.command.length);
+  const { options, positionals } = parseOptionArgs(remainder, operation.required_options);
+  const expectedPositionals = operation.positionals ?? [];
+  if (positionals.length !== expectedPositionals.length)
+    return null;
+  for (const option of operation.required_options ?? []) {
+    if (!options[option])
+      return null;
+  }
+  const bindings = { ...options };
+  expectedPositionals.forEach((name, index) => {
+    bindings[name] = positionals[index];
+  });
+  return bindings;
+}
+function expandCombinedFlags(argv) {
+  return argv.flatMap((token) => {
+    if (token.startsWith("-") && !token.startsWith("--") && token.length > 2 && /^-[a-z]+$/i.test(token)) {
+      return Array.from(token.slice(1), (c) => `-${c}`);
+    }
+    return [token];
+  });
+}
+function tryMatch(operations, argv) {
+  return operations.flatMap((operation) => {
+    try {
+      const bindings = matchOperation(operation, argv);
+      return bindings ? [{ operation, bindings }] : [];
+    } catch {
+      return [];
+    }
+  });
+}
+async function resolveCommand(loaded, fullArgv) {
+  const [executable, ...commandArgv] = fullArgv;
+  if (!executable) {
+    throw new Error("Missing wrapped command");
+  }
+  if (executable !== loaded.adapter.cli.executable) {
+    throw new Error(`Adapter ${loaded.adapter.cli.id} expects executable ${loaded.adapter.cli.executable}, got ${executable}`);
+  }
+  let matches = tryMatch(loaded.adapter.operations, commandArgv);
+  if (matches.length === 0) {
+    const expanded = expandCombinedFlags(commandArgv);
+    if (expanded.length !== commandArgv.length) {
+      matches = tryMatch(loaded.adapter.operations, expanded);
+    }
+  }
+  if (matches.length === 0) {
+    throw new Error(`No adapter operation matched: ${fullArgv.join(" ")}`);
+  }
+  if (matches.length > 1) {
+    matches.sort((a, b) => b.operation.command.length - a.operation.command.length);
+    matches = [matches[0]];
+  }
+  const { operation, bindings } = matches[0];
+  const resource_chain = parseResourceChain(operation.resource_chain, bindings);
+  const detail = {
+    type: "openape_cli",
+    cli_id: loaded.adapter.cli.id,
+    operation_id: operation.id,
+    resource_chain,
+    action: operation.action,
+    permission: "",
+    display: renderTemplate(operation.display, bindings),
+    risk: operation.risk,
+    ...operation.exact_command ? { constraints: { exact_command: true } } : {}
+  };
+  detail.permission = canonicalizeCliPermission2(detail);
+  return {
+    adapter: loaded.adapter,
+    source: loaded.source,
+    digest: loaded.digest,
+    executable,
+    commandArgv,
+    bindings,
+    detail,
+    executionContext: {
+      argv: fullArgv,
+      argv_hash: await computeArgvHash(fullArgv),
+      adapter_id: loaded.adapter.cli.id,
+      adapter_version: loaded.adapter.cli.version ?? loaded.adapter.schema,
+      adapter_digest: loaded.digest,
+      resolved_executable: executable,
+      context_bindings: bindings
+    },
+    permission: detail.permission
+  };
+}
+
+// src/shapes/commands/explain.ts
+import { defineCommand } from "citty";
+var explainCommand = defineCommand({
+  meta: {
+    name: "explain",
+    description: "Show what permission a wrapped command would need"
+  },
+  args: {
+    adapter: {
+      type: "string",
+      description: "Explicit path to adapter TOML file"
+    },
+    _: {
+      type: "positional",
+      description: "Wrapped command (after --)",
+      required: false
+    }
+  },
+  async run({ rawArgs }) {
+    const command = extractWrappedCommand(rawArgs ?? []);
+    if (command.length === 0)
+      throw new Error("Missing wrapped command. Usage: shapes explain [--adapter <file>] -- <cli> ...");
+    const adapterOpt = extractOption(rawArgs ?? [], "adapter");
+    const loaded = loadAdapter(command[0], adapterOpt);
+    const resolved = await resolveCommand(loaded, command);
+    process.stdout.write(`${JSON.stringify({
+      adapter: resolved.adapter.cli.id,
+      source: resolved.source,
+      operation: resolved.detail.operation_id,
+      display: resolved.detail.display,
+      permission: resolved.permission,
+      resource_chain: resolved.detail.resource_chain,
+      exact_command: resolved.detail.constraints?.exact_command ?? false,
+      adapter_digest: resolved.digest
+    }, null, 2)}
+`);
+  }
+});
+function extractWrappedCommand(args) {
+  const delimiter = args.indexOf("--");
+  return delimiter >= 0 ? args.slice(delimiter + 1) : [];
+}
+function extractOption(args, name) {
+  const delimiter = args.indexOf("--");
+  const optionArgs = delimiter >= 0 ? args.slice(0, delimiter) : args;
+  const index = optionArgs.indexOf(`--${name}`);
+  if (index >= 0 && index + 1 < optionArgs.length)
+    return optionArgs[index + 1];
+  return void 0;
+}
+
+// src/shapes/grants.ts
+import { computeCmdHash } from "@openape/core";
+import { cliAuthorizationDetailCovers, verifyAuthzJWT } from "@openape/grants";
+import { execFileSync } from "child_process";
+import { hostname } from "os";
+import consola3 from "consola";
+
+// src/shapes/config.ts
+import { existsSync as existsSync6, readFileSync as readFileSync5 } from "fs";
+import { homedir as homedir6 } from "os";
+import { join as join6 } from "path";
+var AUTH_FILE2 = join6(homedir6(), ".config", "apes", "auth.json");
+function loadAuth2() {
+  if (!existsSync6(AUTH_FILE2))
+    return null;
+  try {
+    return JSON.parse(readFileSync5(AUTH_FILE2, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+function getIdpUrl2(explicit) {
+  if (explicit)
+    return explicit;
+  if (process.env.APES_IDP)
+    return process.env.APES_IDP;
+  if (process.env.SHAPES_IDP)
+    return process.env.SHAPES_IDP;
+  return loadAuth2()?.idp ?? null;
+}
+function getAuthToken2() {
+  const auth = loadAuth2();
+  if (!auth)
+    return null;
+  if (auth.expires_at && Date.now() / 1e3 > auth.expires_at - 30)
+    return null;
+  return auth.access_token;
+}
+function getRequesterIdentity2() {
+  return loadAuth2()?.email ?? null;
+}
+
+// src/shapes/http.ts
+async function discoverEndpoints2(idpUrl) {
+  const response = await fetch(`${idpUrl}/.well-known/openid-configuration`);
+  if (!response.ok)
+    return {};
+  return response.json();
+}
+async function getGrantsEndpoint2(idpUrl) {
+  const discovery = await discoverEndpoints2(idpUrl);
+  return String(discovery.openape_grants_endpoint ?? `${idpUrl}/api/grants`);
+}
+async function apiFetch2(path, options = {}) {
+  const token = options.token ?? getAuthToken2();
+  if (!token)
+    throw new Error("Not authenticated. Run `apes login` first.");
+  const idp = options.idp ?? getIdpUrl2();
+  if (!path.startsWith("http") && !idp)
+    throw new Error("No IdP URL configured. Use --idp or log in with apes.");
+  const url = path.startsWith("http") ? path : `${idp}${path}`;
+  const response = await fetch(url, {
+    method: options.method ?? "GET",
+    headers: {
+      Authorization: `Bearer ${token}`,
+      "Content-Type": "application/json"
+    },
+    body: options.body ? JSON.stringify(options.body) : void 0
+  });
+  if (!response.ok) {
+    const text = await response.text();
+    throw new Error(text || `${response.status} ${response.statusText}`);
+  }
+  return response.json();
+}
+
+// src/shapes/grants.ts
+function decodePayload(token) {
+  const [, payload] = token.split(".");
+  if (!payload)
+    throw new Error("Invalid JWT");
+  return JSON.parse(Buffer.from(payload, "base64url").toString("utf-8"));
+}
+async function createShapesGrant(resolved, params) {
+  const grantsEndpoint = await getGrantsEndpoint2(params.idp);
+  const requester = getRequesterIdentity2();
+  if (!requester) {
+    throw new Error("No requester identity available. Run `apes login` first.");
+  }
+  return apiFetch2(grantsEndpoint, {
+    method: "POST",
+    idp: params.idp,
+    body: {
+      requester,
+      target_host: hostname(),
+      audience: resolved.adapter.cli.audience ?? "shapes",
+      grant_type: params.approval,
+      command: resolved.executionContext.argv,
+      reason: params.reason ?? resolved.detail.display,
+      permissions: [resolved.permission],
+      authorization_details: [resolved.detail],
+      execution_context: resolved.executionContext
+    }
+  });
+}
+async function waitForGrantStatus(idp, grantId) {
+  const grantsEndpoint = await getGrantsEndpoint2(idp);
+  const deadline = Date.now() + 3e5;
+  while (Date.now() < deadline) {
+    const grant = await apiFetch2(`${grantsEndpoint}/${grantId}`, { idp });
+    if (grant.status === "approved" || grant.status === "denied" || grant.status === "revoked")
+      return grant.status;
+    await new Promise((resolve) => setTimeout(resolve, 3e3));
+  }
+  throw new Error("Timed out waiting for grant approval");
+}
+async function fetchGrantToken(idp, grantId) {
+  const grantsEndpoint = await getGrantsEndpoint2(idp);
+  const response = await apiFetch2(`${grantsEndpoint}/${grantId}/token`, {
+    method: "POST",
+    idp
+  });
+  return response.authz_jwt;
+}
+function grantedCliDetails(claims) {
+  const details = claims.authorization_details;
+  if (!Array.isArray(details))
+    return [];
+  return details.filter(
+    (detail) => typeof detail === "object" && detail !== null && detail.type === "openape_cli"
+  );
+}
+function hasStructuredCliGrant(claims) {
+  return grantedCliDetails(claims).length > 0;
+}
+async function verifyAndExecute(token, resolved) {
+  const payload = decodePayload(token);
+  const issuer = String(payload.iss ?? "");
+  if (!issuer)
+    throw new Error("Grant token is missing issuer");
+  const discovery = await discoverEndpoints2(issuer);
+  const jwksUri = String(discovery.jwks_uri ?? `${issuer}/.well-known/jwks.json`);
+  const result = await verifyAuthzJWT(token, {
+    expectedIss: issuer,
+    expectedAud: resolved.adapter.cli.audience ?? "shapes",
+    jwksUri
+  });
+  if (!result.valid || !result.claims) {
+    throw new Error(result.error ?? "Grant verification failed");
+  }
+  const claims = result.claims;
+  const details = grantedCliDetails(claims);
+  if (claims.execution_context?.adapter_digest && claims.execution_context.adapter_digest !== resolved.digest) {
+    throw new Error("Adapter digest mismatch");
+  }
+  if (!hasStructuredCliGrant(claims)) {
+    const argv = resolved.executionContext.argv;
+    if (!argv?.length) {
+      throw new Error("Resolved command is missing argv");
+    }
+    const expectedCmdHash = await computeCmdHash(argv.join(" "));
+    if (claims.command?.join("\0") !== argv.join("\0")) {
+      throw new Error("Granted command does not match current argv");
+    }
+    if (claims.cmd_hash && claims.cmd_hash !== expectedCmdHash) {
+      throw new Error("Granted command does not match current argv");
+    }
+    if (!claims.command?.length && !claims.cmd_hash) {
+      throw new Error("Grant is not a structured CLI grant and is missing command binding");
+    }
+  } else {
+    if (!details.some((detail) => cliAuthorizationDetailCovers(detail, resolved.detail))) {
+      throw new Error(`Grant does not cover required permission: ${resolved.permission}`);
+    }
+    const exactRequired = details.some(
+      (detail) => cliAuthorizationDetailCovers(detail, resolved.detail) && detail.constraints?.exact_command
+    );
+    const isOnce = claims.grant_type === "once" || claims.approval === "once";
+    const enforceArgvHash = exactRequired || isOnce && !!claims.execution_context?.argv_hash;
+    if (enforceArgvHash && claims.execution_context?.argv_hash !== resolved.executionContext.argv_hash) {
+      throw new Error("Granted command does not match current argv");
+    }
+  }
+  const grantsEndpoint = await getGrantsEndpoint2(issuer);
+  const consume = await fetch(`${grantsEndpoint}/${claims.grant_id}/consume`, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${token}`
+    }
+  });
+  if (!consume.ok) {
+    throw new Error(`Consume failed: ${consume.status} ${consume.statusText}`);
+  }
+  const consumeResult = await consume.json();
+  if (consumeResult.error) {
+    throw new Error(`Grant rejected at consume step: ${consumeResult.error}`);
+  }
+  consola3.info(`Executing ${(resolved.executionContext.argv ?? [resolved.executable, ...resolved.commandArgv]).join(" ")}`);
+  execFileSync(resolved.executable, resolved.commandArgv, { stdio: "inherit" });
+}
+async function findExistingGrant(resolved, idp) {
+  const grantsEndpoint = await getGrantsEndpoint2(idp);
+  const response = await apiFetch2(
+    `${grantsEndpoint}?status=approved`,
+    { idp }
+  );
+  const now = Math.floor(Date.now() / 1e3);
+  const expectedAudience = resolved.adapter.cli.audience ?? "shapes";
+  for (const grant of response.data) {
+    const req = grant.request;
+    if (req.grant_type === "once")
+      continue;
+    if (req.grant_type === "timed" && grant.expires_at && grant.expires_at <= now)
+      continue;
+    if (req.audience !== expectedAudience)
+      continue;
+    if (req.execution_context?.adapter_digest && req.execution_context.adapter_digest !== resolved.digest)
+      continue;
+    const cliDetails = (req.authorization_details ?? []).filter(
+      (d) => d.type === "openape_cli"
+    );
+    if (cliDetails.length > 0) {
+      if (cliDetails.some((detail) => cliAuthorizationDetailCovers(detail, resolved.detail)))
+        return grant.id;
+    } else if (req.permissions?.includes(resolved.permission)) {
+      return grant.id;
+    }
+  }
+  return null;
+}
+
+// src/shapes/request-builders.ts
+import { computeCmdHash as computeCmdHash2 } from "@openape/core";
+async function buildExactCommandGrantRequest(command, options) {
+  return {
+    request: {
+      requester: options.requester,
+      target_host: options.target_host,
+      audience: options.audience,
+      grant_type: options.grant_type,
+      command,
+      cmd_hash: await computeCmdHash2(command.join(" ")),
+      ...options.reason ? { reason: options.reason } : {},
+      ...options.run_as ? { run_as: options.run_as } : {}
+    }
+  };
+}
+async function buildStructuredCliGrantRequest(resolved, options) {
+  const details = "detail" in resolved ? [resolved.detail] : resolved.details;
+  const permissions = "permission" in resolved ? [resolved.permission] : resolved.permissions;
+  const command = "executionContext" in resolved && resolved.executionContext.argv?.length ? resolved.executionContext.argv : void 0;
+  return {
+    request: {
+      requester: options.requester,
+      target_host: options.target_host,
+      audience: resolved.adapter.cli.audience ?? "shapes",
+      grant_type: options.grant_type,
+      permissions,
+      authorization_details: details,
+      execution_context: resolved.executionContext,
+      ...command ? { command } : {},
+      ...options.reason ? { reason: options.reason } : { reason: "summary" in resolved ? resolved.summary : details[0]?.display },
+      ...options.run_as ? { run_as: options.run_as } : {}
+    }
+  };
+}
+
+export {
+  loadAuth,
+  saveAuth,
+  clearAuth,
+  loadConfig,
+  saveConfig,
+  getIdpUrl,
+  getAuthToken,
+  getRequesterIdentity,
+  ApiError,
+  discoverEndpoints,
+  getGrantsEndpoint,
+  getAgentChallengeEndpoint,
+  getAgentAuthenticateEndpoint,
+  getDelegationsEndpoint,
+  apiFetch,
+  resolveAdapterPath,
+  loadAdapter,
+  tryLoadAdapter,
+  appendAuditLog,
+  installAdapter,
+  getInstalledDigest,
+  isInstalled,
+  removeAdapter,
+  findConflictingAdapters,
+  fetchRegistry,
+  searchAdapters,
+  findAdapter,
+  parseShellCommand,
+  extractShellCommandString,
+  loadOrInstallAdapter,
+  resolveCapabilityRequest,
+  resolveCommand,
+  extractWrappedCommand,
+  extractOption,
+  createShapesGrant,
+  waitForGrantStatus,
+  fetchGrantToken,
+  verifyAndExecute,
+  findExistingGrant,
+  buildExactCommandGrantRequest,
+  buildStructuredCliGrantRequest
+};
+//# sourceMappingURL=chunk-G3Q2TMAI.js.map