@poping/yome 0.0.2 → 0.0.3

package/dist/loops/simple.js.map

@@ -1 +1 @@
-{"version":3,"file":"simple.js","sourceRoot":"","sources":["../../src/loops/simple.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAI1C,MAAM,cAAc,GAAG,EAAE,CAAC;AAE1B,MAAM,OAAO,eAAe;IACjB,IAAI,GAAG,QAAQ,CAAC;IAChB,WAAW,GAAG,qCAAqC,CAAC;IAE7D,KAAK,CAAC,GAAG,CACP,WAAsB,EACtB,GAAqB,EACrB,EAAsB;QAEtB,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;QAE1D,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,IAAI,WAAW,GAAG,CAAC,CAAC;QAEpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAClC,GAAG,CAAC,MAAM,EACV,GAAG,CAAC,YAAY,EAChB,GAAG,CAAC,QAAQ,EACZ,GAAG,CAAC,KAAK,EACT,CAAC,KAAK,EAAE,EAAE;oBACR,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;wBAC9C,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC7B,CAAC;gBACH,CAAC,CACF,CAAC;gBAEF,UAAU,IAAI,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC;gBAC1C,WAAW,IAAI,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC;gBAC5C,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;gBAEpE,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAC3C,CAAC,CAAC,EAA4C,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CACvE,CAAC;gBAEF,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;oBACtE,EAAE,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;oBAClE,OAAO;gBACT,CAAC;gBAED,MAAM,WAAW,GAAmB,EAAE,CAAC;gBACvC,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;oBAClC,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;oBACtC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;oBAC9D,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;oBACpC,WAAW,CAAC,IAAI,CAAC;wBACf,IAAI,EAAE,aAAa;wBACnB,WAAW,EAAE,KAAK,CAAC,EAAE;wBACrB,OAAO,EAAE,MAAM;qBAChB,CAAC,CAAC;gBACL,CAAC;gBAED,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;QACH,CAAC;QAED,EAAE,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;IACpE,CAAC;CACF"}
+{"version":3,"file":"simple.js","sourceRoot":"","sources":["../../src/loops/simple.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAG1C,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,MAAM,cAAc,GAAG,EAAE,CAAC;AAE1B,MAAM,OAAO,eAAe;IACjB,IAAI,GAAG,QAAQ,CAAC;IAChB,WAAW,GAAG,qCAAqC,CAAC;IAE7D,KAAK,CAAC,GAAG,CACP,WAAsB,EACtB,GAAqB,EACrB,EAAsB;QAEtB,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;QAE1D,IAAI,UAAU,GAAG,CAAC,CAAC;QACnB,IAAI,WAAW,GAAG,CAAC,CAAC;QAEpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,aAAa,CAClC,GAAG,CAAC,MAAM,EACV,GAAG,CAAC,YAAY,EAChB,GAAG,CAAC,QAAQ,EACZ,GAAG,CAAC,KAAK,EACT,CAAC,KAAK,EAAE,EAAE;oBACR,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;wBAC9C,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAC7B,CAAC;gBACH,CAAC,CACF,CAAC;gBAEF,UAAU,IAAI,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC;gBAC1C,WAAW,IAAI,QAAQ,CAAC,KAAK,CAAC,aAAa,CAAC;gBAC5C,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;gBAEpE,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAC3C,CAAC,CAAC,EAA4C,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,UAAU,CACvE,CAAC;gBAEF,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;oBACtE,EAAE,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;oBAClE,OAAO;gBACT,CAAC;gBAED,MAAM,WAAW,GAAmB,EAAE,CAAC;gBACvC,IAAI,YAAY,GAAG,KAAK,CAAC;gBACzB,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;oBAClC,IAAI,YAAY,EAAE,CAAC;wBACjB,mEAAmE;wBACnE,qEAAqE;wBACrE,WAAW,CAAC,IAAI,CAAC;4BACf,IAAI,EAAE,aAAa;4BACnB,WAAW,EAAE,KAAK,CAAC,EAAE;4BACrB,OAAO,EAAE,GAAG,eAAe,4DAA4D;yBACxF,CAAC,CAAC;wBACH,SAAS;oBACX,CAAC;oBACD,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;oBACtC,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;oBAC9D,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;oBACpC,WAAW,CAAC,IAAI,CAAC;wBACf,IAAI,EAAE,aAAa;wBACnB,WAAW,EAAE,KAAK,CAAC,EAAE;wBACrB,OAAO,EAAE,MAAM;qBAChB,CAAC,CAAC;oBACH,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;wBACrE,YAAY,GAAG,IAAI,CAAC;oBACtB,CAAC;gBACH,CAAC;gBAED,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;YAC5D,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAChB,OAAO;YACT,CAAC;QACH,CAAC;QAED,EAAE,CAAC,MAAM,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;IACpE,CAAC;CACF"}

package/dist/permissions/index.d.ts

@@ -1,4 +1,4 @@
 export type { PermissionMode, PermissionBehavior, PermissionRule, PermissionRuleValue, PermissionRuleSource, PermissionDecision, PermissionResult, ToolPermissionContext, PermissionRulesBySource, } from './types.js';
 export { parseRuleValue, serializeRuleValue, toolMatchesRule, contentMatchesRule } from './ruleParser.js';
-export { loadAllPermissionRules, loadDefaultMode, initializePermissionContext, addPermissionRuleToUserSettings } from './loader.js';
+export { loadAllPermissionRules, loadDefaultMode, initializePermissionContext, addPermissionRuleToUserSettings, addRuleToContext, extractBashRulePrefix, } from './loader.js';
 export { checkPermission, isContentAllowed, isContentDenied } from './checker.js';

package/dist/permissions/index.js

@@ -1,4 +1,4 @@
 export { parseRuleValue, serializeRuleValue, toolMatchesRule, contentMatchesRule } from './ruleParser.js';
-export { loadAllPermissionRules, loadDefaultMode, initializePermissionContext, addPermissionRuleToUserSettings } from './loader.js';
+export { loadAllPermissionRules, loadDefaultMode, initializePermissionContext, addPermissionRuleToUserSettings, addRuleToContext, extractBashRulePrefix, } from './loader.js';
 export { checkPermission, isContentAllowed, isContentDenied } from './checker.js';
 //# sourceMappingURL=index.js.map

package/dist/permissions/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/permissions/index.ts"],"names":[],"mappings":"AAYA,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAC1G,OAAO,EAAE,sBAAsB,EAAE,eAAe,EAAE,2BAA2B,EAAE,+BAA+B,EAAE,MAAM,aAAa,CAAC;AACpI,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/permissions/index.ts"],"names":[],"mappings":"AAYA,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAC1G,OAAO,EACL,sBAAsB,EACtB,eAAe,EACf,2BAA2B,EAC3B,+BAA+B,EAC/B,gBAAgB,EAChB,qBAAqB,GACtB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC"}

package/dist/permissions/loader.d.ts

@@ -1,4 +1,4 @@
-import type { PermissionBehavior, PermissionRule, PermissionMode, ToolPermissionContext } from './types.js';
+import type { PermissionBehavior, PermissionRule, PermissionRuleSource, PermissionMode, ToolPermissionContext } from './types.js';
 /**
  * Load all permission rules from user settings (~/.yome/settings.json)
  * and project settings (.yome/settings.json).
@@ -20,3 +20,22 @@ export declare function initializePermissionContext(opts?: {
  * Persist a new allow/deny rule to user settings.
  */
 export declare function addPermissionRuleToUserSettings(ruleString: string, behavior: PermissionBehavior): void;
+/**
+ * Return a new ToolPermissionContext with `ruleString` appended to the given
+ * source bucket under `behavior`. Pure / non-mutating — pairs naturally with
+ * the immutable `ToolPermissionContext` type.
+ *
+ * Use `source: 'session'` for "allow for this session only" (in-memory) and
+ * `source: 'userSettings'` to mirror what was just persisted to disk so the
+ * decision takes effect immediately without restarting the CLI.
+ */
+export declare function addRuleToContext(ctx: ToolPermissionContext, ruleString: string, behavior: PermissionBehavior, source: PermissionRuleSource): ToolPermissionContext;
+/**
+ * Best-effort extraction of a stable Bash command prefix to use as a permission
+ * rule. Returns the first 1-2 plain tokens (`git status`, `npm run build`)
+ * suffixed with `:*` so prefix matching catches subsequent invocations with
+ * different arguments. Falls back to `null` when the command contains shell
+ * metacharacters (pipes, &&, ;, redirects, subshells) — those should be approved
+ * verbatim rather than turned into a wildcard rule.
+ */
+export declare function extractBashRulePrefix(command: string): string | null;

package/dist/permissions/loader.js

@@ -101,4 +101,55 @@ export function addPermissionRuleToUserSettings(ruleString, behavior) {
     }
     writeFileSync(USER_SETTINGS_FILE, JSON.stringify(data, null, 2), 'utf-8');
 }
+/**
+ * Return a new ToolPermissionContext with `ruleString` appended to the given
+ * source bucket under `behavior`. Pure / non-mutating — pairs naturally with
+ * the immutable `ToolPermissionContext` type.
+ *
+ * Use `source: 'session'` for "allow for this session only" (in-memory) and
+ * `source: 'userSettings'` to mirror what was just persisted to disk so the
+ * decision takes effect immediately without restarting the CLI.
+ */
+export function addRuleToContext(ctx, ruleString, behavior, source) {
+    const bucket = behavior === 'allow' ? { ...ctx.allowRules } : { ...ctx.denyRules };
+    const existing = bucket[source] ?? [];
+    if (existing.includes(ruleString)) {
+        // No-op if duplicate — return original ref so React-style equality stays cheap.
+        return ctx;
+    }
+    bucket[source] = [...existing, ruleString];
+    return behavior === 'allow'
+        ? { ...ctx, allowRules: bucket }
+        : { ...ctx, denyRules: bucket };
+}
+/**
+ * Best-effort extraction of a stable Bash command prefix to use as a permission
+ * rule. Returns the first 1-2 plain tokens (`git status`, `npm run build`)
+ * suffixed with `:*` so prefix matching catches subsequent invocations with
+ * different arguments. Falls back to `null` when the command contains shell
+ * metacharacters (pipes, &&, ;, redirects, subshells) — those should be approved
+ * verbatim rather than turned into a wildcard rule.
+ */
+export function extractBashRulePrefix(command) {
+    const trimmed = command.trim();
+    if (!trimmed)
+        return null;
+    // Refuse compound shell — too risky to auto-derive a wildcard rule.
+    if (/[|&;`$<>(){}]/.test(trimmed))
+        return null;
+    const tokens = trimmed.split(/\s+/).filter(Boolean);
+    if (tokens.length === 0)
+        return null;
+    const first = tokens[0];
+    // Subcommand-style binaries: keep first two tokens (git status, npm run, kubectl get).
+    const SUBCOMMAND_BINS = new Set([
+        'git', 'npm', 'pnpm', 'yarn', 'bun', 'docker', 'kubectl', 'cargo', 'go', 'gh', 'brew',
+    ]);
+    if (SUBCOMMAND_BINS.has(first) && tokens.length >= 2 && /^[a-zA-Z][\w-]*$/.test(tokens[1])) {
+        return `${first} ${tokens[1]}:*`;
+    }
+    if (!/^[\w./-]+$/.test(first))
+        return null;
+    return `${first}:*`;
+}
 //# sourceMappingURL=loader.js.map

package/dist/permissions/loader.js.map

@@ -1 +1 @@
-{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/permissions/loader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAS7B,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEjD,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;AACjD,MAAM,kBAAkB,GAAG,IAAI,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;AAclE,SAAS,YAAY,CAAC,QAAgB;IACpC,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QACvC,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACnD,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB;IAC7B,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAyB,EAAE,MAA4B;IACpF,IAAI,CAAC,IAAI,EAAE,WAAW;QAAE,OAAO,EAAE,CAAC;IAClC,MAAM,KAAK,GAAqB,EAAE,CAAC;IACnC,MAAM,SAAS,GAAyB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1D,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,SAAS;QACtC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC;gBACT,MAAM;gBACN,YAAY,EAAE,QAAQ;gBACtB,SAAS,EAAE,cAAc,CAAC,KAAK,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB;IACpC,MAAM,KAAK,GAAqB,EAAE,CAAC;IAEnC,MAAM,QAAQ,GAAG,YAAY,CAAC,kBAAkB,CAAC,CAAC;IAClD,KAAK,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAE/D,MAAM,QAAQ,GAAG,YAAY,CAAC,sBAAsB,EAAE,CAAC,CAAC;IACxD,KAAK,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC;IAElE,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe;IAC7B,MAAM,QAAQ,GAAG,YAAY,CAAC,kBAAkB,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC;IAChD,IAAI,IAAI,KAAK,aAAa,IAAI,IAAI,KAAK,mBAAmB;QAAE,OAAO,IAAI,CAAC;IACxE,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,IAI3C;IACC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,IAAI,eAAe,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,sBAAsB,EAAE,CAAC;IAEvC,MAAM,UAAU,GAA4B,EAAE,CAAC;IAC/C,MAAM,SAAS,GAA4B,EAAE,CAAC;IAE9C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,KAAK,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;QACtE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAE,CAAC,IAAI,CACvB,IAAI,CAAC,SAAS,CAAC,WAAW;YACxB,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,WAAW,GAAG;YAC7D,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAC5B,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;QAC/B,UAAU,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,CAAC;QAClC,SAAS,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,+BAA+B,CAAC,UAAkB,EAAE,QAA4B;IAC9F,SAAS,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,YAAY,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;IACpD,IAAI,CAAC,IAAI,CAAC,WAAW;QAAE,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC;IAC7C,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;QAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;IACjE,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAa,CAAC;IACpD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IACD,aAAa,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AAC5E,CAAC"}
+{"version":3,"file":"loader.js","sourceRoot":"","sources":["../../src/permissions/loader.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAS7B,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEjD,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,OAAO,CAAC,CAAC;AACjD,MAAM,kBAAkB,GAAG,IAAI,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;AAclE,SAAS,YAAY,CAAC,QAAgB;IACpC,IAAI,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QACvC,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QACnD,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QACtB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB;IAC7B,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,EAAE,eAAe,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAyB,EAAE,MAA4B;IACpF,IAAI,CAAC,IAAI,EAAE,WAAW;QAAE,OAAO,EAAE,CAAC;IAClC,MAAM,KAAK,GAAqB,EAAE,CAAC;IACnC,MAAM,SAAS,GAAyB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC1D,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,SAAS;QACtC,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC;gBACT,MAAM;gBACN,YAAY,EAAE,QAAQ;gBACtB,SAAS,EAAE,cAAc,CAAC,KAAK,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB;IACpC,MAAM,KAAK,GAAqB,EAAE,CAAC;IAEnC,MAAM,QAAQ,GAAG,YAAY,CAAC,kBAAkB,CAAC,CAAC;IAClD,KAAK,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAE/D,MAAM,QAAQ,GAAG,YAAY,CAAC,sBAAsB,EAAE,CAAC,CAAC;IACxD,KAAK,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC,CAAC;IAElE,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe;IAC7B,MAAM,QAAQ,GAAG,YAAY,CAAC,kBAAkB,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC;IAChD,IAAI,IAAI,KAAK,aAAa,IAAI,IAAI,KAAK,mBAAmB;QAAE,OAAO,IAAI,CAAC;IACxE,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,IAI3C;IACC,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,IAAI,eAAe,EAAE,CAAC;IAC7C,MAAM,KAAK,GAAG,sBAAsB,EAAE,CAAC;IAEvC,MAAM,UAAU,GAA4B,EAAE,CAAC;IAC/C,MAAM,SAAS,GAA4B,EAAE,CAAC;IAE9C,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,KAAK,OAAO,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;QACtE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC,MAAM,CAAE,CAAC,IAAI,CACvB,IAAI,CAAC,SAAS,CAAC,WAAW;YACxB,CAAC,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,WAAW,GAAG;YAC7D,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAC5B,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;QAC/B,UAAU,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC;IAC3E,CAAC;IACD,IAAI,IAAI,EAAE,eAAe,EAAE,MAAM,EAAE,CAAC;QAClC,SAAS,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC;IAC5E,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,+BAA+B,CAAC,UAAkB,EAAE,QAA4B;IAC9F,SAAS,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,MAAM,IAAI,GAAG,YAAY,CAAC,kBAAkB,CAAC,IAAI,EAAE,CAAC;IACpD,IAAI,CAAC,IAAI,CAAC,WAAW;QAAE,IAAI,CAAC,WAAW,GAAG,EAAE,CAAC;IAC7C,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;QAAE,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;IACjE,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAa,CAAC;IACpD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACxB,CAAC;IACD,aAAa,CAAC,kBAAkB,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AAC5E,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB,CAC9B,GAA0B,EAC1B,UAAkB,EAClB,QAA4B,EAC5B,MAA4B;IAE5B,MAAM,MAAM,GAAG,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;IACnF,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACtC,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,gFAAgF;QAChF,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC3C,OAAO,QAAQ,KAAK,OAAO;QACzB,CAAC,CAAC,EAAE,GAAG,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE;QAChC,CAAC,CAAC,EAAE,GAAG,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;AACpC,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAe;IACnD,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,oEAAoE;IACpE,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/C,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACrC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAE,CAAC;IACzB,uFAAuF;IACvF,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;QAC9B,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM;KACtF,CAAC,CAAC;IACH,IAAI,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,EAAE,CAAC;QAC5F,OAAO,GAAG,KAAK,IAAI,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;IACnC,CAAC;IACD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC3C,OAAO,GAAG,KAAK,IAAI,CAAC;AACtB,CAAC"}

package/dist/redact.d.ts

@@ -0,0 +1,56 @@
+export type RedactionRule = {
+    kind: 'pii';
+    pattern: 'email' | 'phone' | 'name' | 'id';
+} | {
+    kind: 'path';
+} | {
+    kind: 'mind';
+} | {
+    kind: 'api-key';
+} | {
+    kind: 'custom';
+    id: string;
+    find: RegExp | string;
+    replaceWith: string;
+};
+export interface RuleHit {
+    /** Stable identifier for grouping/UI: `pii:email`, `api-key`, `custom:my-rule`, ... */
+    rule: string;
+    count: number;
+    /** Up to MAX_SAMPLES short examples of the original (pre-redaction) text. */
+    samples: string[];
+}
+export interface RedactionResult {
+    redacted: string;
+    hits: RuleHit[];
+}
+export interface RedactionPreview {
+    before: string;
+    after: string;
+    ruleHits: RuleHit[];
+}
+/** Default rule set per spec 9.2. */
+export declare const DEFAULT_RULES: RedactionRule[];
+/**
+ * Apply text-redacting rules to a string. `mind` rule is a no-op here (it
+ * only matters for structured value walks); everything else operates on text.
+ */
+export declare function redactText(text: string, rules?: RedactionRule[]): RedactionResult;
+interface ValueRedactionResult {
+    redacted: unknown;
+    hits: RuleHit[];
+}
+/**
+ * Deep-walk a JSON-like value, redacting strings via `redactText` and
+ * dropping `mind` fields when the `mind` rule is enabled. Arrays/objects
+ * are cloned; primitives are returned by value.
+ */
+export declare function redactValue(value: unknown, rules?: RedactionRule[]): ValueRedactionResult;
+/**
+ * Build a redaction preview for one chunk of text. Returns the original,
+ * the redacted output, and the per-rule hit summary suitable for a diff UI.
+ */
+export declare function buildPreview(text: string, rules?: RedactionRule[]): RedactionPreview;
+/** Sum hits across an array of RuleHit groups (e.g. per-message hits). */
+export declare function totalHits(perMessage: RuleHit[][]): RuleHit[];
+export {};

package/dist/redact.js

@@ -0,0 +1,191 @@
+// cli/src/redact.ts — Yome ThreadRedactor (spec 9, CLI side).
+//
+// Local-side redaction of an agent thread before it is shared as a "case"
+// to a skill's GitHub repo. Runs entirely on-device — the hub's optional
+// re-check is a backstop, never a replacement.
+//
+// Pipeline:
+//   text → applyRules(text, rules)  →  { redacted, ruleHits }
+//   structured value → redactValue (deep walk) → redacted clone
+//
+// Default rules (per spec 9.2): email | phone | api-key | mind | path.
+// `mind` only applies to structured payloads (it drops fields whose key is
+// `mind` or that look like a mind block). `path` rewrites `/Users/<name>/`
+// to `/Users/{user}/`. The rest are pure regex substitutions on text.
+//
+// Determinism: same input + same rule set → same output. No randomness.
+const MAX_SAMPLES = 3;
+const SAMPLE_MAX_LEN = 80;
+/** Default rule set per spec 9.2. */
+export const DEFAULT_RULES = [
+    { kind: 'pii', pattern: 'email' },
+    { kind: 'pii', pattern: 'phone' },
+    { kind: 'api-key' },
+    { kind: 'path' },
+    { kind: 'mind' },
+];
+// ── Built-in patterns ───────────────────────────────────────────────────────
+/** RFC 5322-lite — covers the realistic 99%, not pathological corner cases. */
+const EMAIL_RE = /([A-Za-z0-9._%+-]+)@([A-Za-z0-9.-]+\.[A-Za-z]{2,})/g;
+/**
+ * Phone: international (+CC...) and CN mobile (1[3-9]\d{9}).
+ * NB: avoid eating arbitrary 10-digit numbers; require + or 1[3-9] anchor.
+ */
+const PHONE_RE = /(\+\d{1,3}[ -]?\d{1,4}([ -]?\d{2,4}){2,4}|\b1[3-9]\d{9}\b)/g;
+/**
+ * API keys we know the prefix for. Anchored to whole "word" to avoid eating
+ * random hex blobs. Add new patterns here as we discover them in the wild.
+ */
+const API_KEY_RES = [
+    // Anthropic must come BEFORE openai because `sk-ant-...` would otherwise
+    // be eaten by the openai pattern (`sk-` + alphanum).
+    { id: 'anthropic', re: /\bsk-ant-(?:api03-)?[A-Za-z0-9_-]{20,}\b/g },
+    { id: 'openai', re: /\bsk-(?!ant-)(?:proj-)?[A-Za-z0-9_-]{20,}\b/g },
+    { id: 'github', re: /\bgh[pousr]_[A-Za-z0-9_]{20,}\b/g },
+    { id: 'aws', re: /\bAKIA[0-9A-Z]{16}\b/g },
+    { id: 'google', re: /\bAIza[0-9A-Za-z_-]{35}\b/g },
+    { id: 'slack', re: /\bxox[abposr]-[A-Za-z0-9-]{10,}\b/g },
+    { id: 'jwt', re: /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b/g },
+    { id: 'generic-bearer', re: /\bBearer\s+[A-Za-z0-9._-]{20,}\b/g },
+];
+/** Match `/Users/<username>/...` (macOS) and `/home/<username>/...` (Linux). */
+const PATH_RE = /(\/Users|\/home)\/([^/\s"'<>]+)/g;
+// ── Helpers ─────────────────────────────────────────────────────────────────
+function pushHit(hits, ruleId, sample) {
+    let hit = hits.get(ruleId);
+    if (!hit) {
+        hit = { rule: ruleId, count: 0, samples: [] };
+        hits.set(ruleId, hit);
+    }
+    hit.count++;
+    if (hit.samples.length < MAX_SAMPLES) {
+        const trimmed = sample.length > SAMPLE_MAX_LEN ? sample.slice(0, SAMPLE_MAX_LEN) + '…' : sample;
+        if (!hit.samples.includes(trimmed))
+            hit.samples.push(trimmed);
+    }
+}
+function applyRegex(text, re, ruleId, hits, replacer) {
+    // RegExp must be /g — clone if a caller passed one without the flag.
+    const safeRe = re.flags.includes('g') ? re : new RegExp(re.source, re.flags + 'g');
+    return text.replace(safeRe, (match, ...args) => {
+        pushHit(hits, ruleId, match);
+        // groups are everything but the last two args (offset, full string)
+        const groups = args.slice(0, -2);
+        return replacer(match, ...groups);
+    });
+}
+// ── Text-level rule application ─────────────────────────────────────────────
+/**
+ * Apply text-redacting rules to a string. `mind` rule is a no-op here (it
+ * only matters for structured value walks); everything else operates on text.
+ */
+export function redactText(text, rules = DEFAULT_RULES) {
+    const hits = new Map();
+    let out = text;
+    for (const rule of rules) {
+        if (rule.kind === 'pii') {
+            switch (rule.pattern) {
+                case 'email':
+                    out = applyRegex(out, EMAIL_RE, 'pii:email', hits, (_m, local, domain) => `${(local || '').slice(0, 1)}***@${domain}`);
+                    break;
+                case 'phone':
+                    out = applyRegex(out, PHONE_RE, 'pii:phone', hits, () => '[REDACTED_PHONE]');
+                    break;
+                case 'name':
+                    // Name detection without a model is high-FP; for v0.1 this is an
+                    // opt-in that does nothing unless paired with a custom rule.
+                    break;
+                case 'id':
+                    // Reserved for future use (national ID, SSN). v0.1 no-op.
+                    break;
+            }
+        }
+        else if (rule.kind === 'api-key') {
+            for (const { id, re } of API_KEY_RES) {
+                out = applyRegex(out, re, `api-key:${id}`, hits, () => `[REDACTED_${id.toUpperCase()}_KEY]`);
+            }
+        }
+        else if (rule.kind === 'path') {
+            out = applyRegex(out, PATH_RE, 'path', hits, (_m, root) => `${root}/{user}`);
+        }
+        else if (rule.kind === 'custom') {
+            const re = typeof rule.find === 'string'
+                ? new RegExp(rule.find.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'), 'g')
+                : rule.find;
+            out = applyRegex(out, re, `custom:${rule.id}`, hits, () => rule.replaceWith);
+        }
+        // `mind` is value-walk-only (see redactValue)
+    }
+    return { redacted: out, hits: Array.from(hits.values()) };
+}
+// ── Structured value walk (for thread.json / trace.json) ────────────────────
+const MIND_KEY_RE = /^(mind|user_?mind|private_?mind)$/i;
+function isPlainObject(v) {
+    return typeof v === 'object' && v !== null && !Array.isArray(v);
+}
+function mergeHits(into, from) {
+    for (const h of from) {
+        const existing = into.get(h.rule);
+        if (!existing) {
+            into.set(h.rule, { rule: h.rule, count: h.count, samples: [...h.samples] });
+        }
+        else {
+            existing.count += h.count;
+            for (const s of h.samples) {
+                if (existing.samples.length >= MAX_SAMPLES)
+                    break;
+                if (!existing.samples.includes(s))
+                    existing.samples.push(s);
+            }
+        }
+    }
+}
+/**
+ * Deep-walk a JSON-like value, redacting strings via `redactText` and
+ * dropping `mind` fields when the `mind` rule is enabled. Arrays/objects
+ * are cloned; primitives are returned by value.
+ */
+export function redactValue(value, rules = DEFAULT_RULES) {
+    const dropMind = rules.some(r => r.kind === 'mind');
+    const allHits = new Map();
+    function walk(v) {
+        if (typeof v === 'string') {
+            const r = redactText(v, rules);
+            mergeHits(allHits, r.hits);
+            return r.redacted;
+        }
+        if (Array.isArray(v))
+            return v.map(walk);
+        if (isPlainObject(v)) {
+            const out = {};
+            for (const [k, child] of Object.entries(v)) {
+                if (dropMind && MIND_KEY_RE.test(k)) {
+                    pushHit(allHits, 'mind', `<dropped field "${k}">`);
+                    continue;
+                }
+                out[k] = walk(child);
+            }
+            return out;
+        }
+        return v;
+    }
+    const redacted = walk(value);
+    return { redacted, hits: Array.from(allHits.values()) };
+}
+// ── Diff preview helper ─────────────────────────────────────────────────────
+/**
+ * Build a redaction preview for one chunk of text. Returns the original,
+ * the redacted output, and the per-rule hit summary suitable for a diff UI.
+ */
+export function buildPreview(text, rules = DEFAULT_RULES) {
+    const { redacted, hits } = redactText(text, rules);
+    return { before: text, after: redacted, ruleHits: hits };
+}
+/** Sum hits across an array of RuleHit groups (e.g. per-message hits). */
+export function totalHits(perMessage) {
+    const merged = new Map();
+    for (const group of perMessage)
+        mergeHits(merged, group);
+    return Array.from(merged.values()).sort((a, b) => b.count - a.count);
+}
+//# sourceMappingURL=redact.js.map

package/dist/redact.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redact.js","sourceRoot":"","sources":["../src/redact.ts"],"names":[],"mappings":"AAAA,8DAA8D;AAC9D,EAAE;AACF,0EAA0E;AAC1E,yEAAyE;AACzE,+CAA+C;AAC/C,EAAE;AACF,YAAY;AACZ,8DAA8D;AAC9D,gEAAgE;AAChE,EAAE;AACF,uEAAuE;AACvE,2EAA2E;AAC3E,2EAA2E;AAC3E,sEAAsE;AACtE,EAAE;AACF,wEAAwE;AA4BxE,MAAM,WAAW,GAAG,CAAC,CAAC;AACtB,MAAM,cAAc,GAAG,EAAE,CAAC;AAE1B,qCAAqC;AACrC,MAAM,CAAC,MAAM,aAAa,GAAoB;IAC5C,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE;IACjC,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE;IACjC,EAAE,IAAI,EAAE,SAAS,EAAE;IACnB,EAAE,IAAI,EAAE,MAAM,EAAE;IAChB,EAAE,IAAI,EAAE,MAAM,EAAE;CACjB,CAAC;AAEF,+EAA+E;AAE/E,+EAA+E;AAC/E,MAAM,QAAQ,GAAG,qDAAqD,CAAC;AAEvE;;;GAGG;AACH,MAAM,QAAQ,GAAG,6DAA6D,CAAC;AAE/E;;;GAGG;AACH,MAAM,WAAW,GAAiC;IAChD,yEAAyE;IACzE,qDAAqD;IACrD,EAAE,EAAE,EAAE,WAAW,EAAG,EAAE,EAAE,2CAA2C,EAAE;IACrE,EAAE,EAAE,EAAE,QAAQ,EAAM,EAAE,EAAE,8CAA8C,EAAE;IACxE,EAAE,EAAE,EAAE,QAAQ,EAAM,EAAE,EAAE,kCAAkC,EAAE;IAC5D,EAAE,EAAE,EAAE,KAAK,EAAS,EAAE,EAAE,uBAAuB,EAAE;IACjD,EAAE,EAAE,EAAE,QAAQ,EAAM,EAAE,EAAE,4BAA4B,EAAE;IACtD,EAAE,EAAE,EAAE,OAAO,EAAO,EAAE,EAAE,oCAAoC,EAAE;IAC9D,EAAE,EAAE,EAAE,KAAK,EAAS,EAAE,EAAE,oEAAoE,EAAE;IAC9F,EAAE,EAAE,EAAE,gBAAgB,EAAE,EAAE,EAAE,mCAAmC,EAAE;CAClE,CAAC;AAEF,gFAAgF;AAChF,MAAM,OAAO,GAAG,kCAAkC,CAAC;AAEnD,+EAA+E;AAE/E,SAAS,OAAO,CAAC,IAA0B,EAAE,MAAc,EAAE,MAAc;IACzE,IAAI,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC3B,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,GAAG,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;QAC9C,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACxB,CAAC;IACD,GAAG,CAAC,KAAK,EAAE,CAAC;IACZ,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,WAAW,EAAE,CAAC;QACrC,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,GAAG,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC;QAChG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAChE,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CACjB,IAAY,EACZ,EAAU,EACV,MAAc,EACd,IAA0B,EAC1B,QAAwD;IAExD,qEAAqE;IACrE,MAAM,MAAM,GAAG,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC;IACnF,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,GAAG,IAAe,EAAE,EAAE;QAChE,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7B,oEAAoE;QACpE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAa,CAAC;QAC7C,OAAO,QAAQ,CAAC,KAAK,EAAE,GAAG,MAAM,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,UAAU,CAAC,IAAY,EAAE,QAAyB,aAAa;IAC7E,MAAM,IAAI,GAAG,IAAI,GAAG,EAAmB,CAAC;IACxC,IAAI,GAAG,GAAG,IAAI,CAAC;IAEf,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,IAAI,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YACxB,QAAQ,IAAI,CAAC,OAAO,EAAE,CAAC;gBACrB,KAAK,OAAO;oBACV,GAAG,GAAG,UAAU,CAAC,GAAG,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,EAC/C,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,MAAM,EAAE,CAAC,CAAC;oBACtE,MAAM;gBACR,KAAK,OAAO;oBACV,GAAG,GAAG,UAAU,CAAC,GAAG,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,kBAAkB,CAAC,CAAC;oBAC7E,MAAM;gBACR,KAAK,MAAM;oBACT,iEAAiE;oBACjE,6DAA6D;oBAC7D,MAAM;gBACR,KAAK,IAAI;oBACP,0DAA0D;oBAC1D,MAAM;YACV,CAAC;QACH,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnC,KAAK,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,WAAW,EAAE,CAAC;gBACrC,GAAG,GAAG,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,aAAa,EAAE,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;YAC/F,CAAC;QACH,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAChC,GAAG,GAAG,UAAU,CAAC,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,IAAI,SAAS,CAAC,CAAC;QAC/E,CAAC;aAAM,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAClC,MAAM,EAAE,GAAG,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ;gBACtC,CAAC,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,EAAE,GAAG,CAAC;gBACnE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YACd,GAAG,GAAG,UAAU,CAAC,GAAG,EAAE,EAAE,EAAE,UAAU,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC/E,CAAC;QACD,8CAA8C;IAChD,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;AAC5D,CAAC;AAED,+EAA+E;AAE/E,MAAM,WAAW,GAAG,oCAAoC,CAAC;AAEzD,SAAS,aAAa,CAAC,CAAU;IAC/B,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,SAAS,CAAC,IAA0B,EAAE,IAAe;IAC5D,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC9E,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,KAAK,IAAI,CAAC,CAAC,KAAK,CAAC;YAC1B,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;gBAC1B,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,IAAI,WAAW;oBAAE,MAAM;gBAClD,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAAE,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAOD;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,KAAc,EAAE,QAAyB,aAAa;IAChF,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAmB,CAAC;IAE3C,SAAS,IAAI,CAAC,CAAU;QACtB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,MAAM,CAAC,GAAG,UAAU,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YAC/B,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;YAC3B,OAAO,CAAC,CAAC,QAAQ,CAAC;QACpB,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACzC,IAAI,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;YACrB,MAAM,GAAG,GAA4B,EAAE,CAAC;YACxC,KAAK,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3C,IAAI,QAAQ,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBACpC,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,mBAAmB,CAAC,IAAI,CAAC,CAAC;oBACnD,SAAS;gBACX,CAAC;gBACD,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;YACvB,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;AAC1D,CAAC;AAED,+EAA+E;AAE/E;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,QAAyB,aAAa;IAC/E,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACnD,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AAC3D,CAAC;AAED,0EAA0E;AAC1E,MAAM,UAAU,SAAS,CAAC,UAAuB;IAC/C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAmB,CAAC;IAC1C,KAAK,MAAM,KAAK,IAAI,UAAU;QAAE,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACzD,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;AACvE,CAAC"}

package/dist/skills/runner/applescript.d.ts

@@ -0,0 +1,49 @@
+export interface AppleScriptResult {
+    ok: boolean;
+    stdout: string;
+    stderr: string;
+    /** osascript exit code (0 on success). -1 on launch failure. */
+    exitCode: number;
+}
+/**
+ * Run an AppleScript source string via `osascript -e`.
+ *
+ * The Swift sibling does some preflight automation-permission checks via
+ * AEDeterminePermissionToAutomateTarget. CLI doesn't have a UI to drive
+ * the system prompt, so we just let osascript surface error -1743 — the
+ * caller can decide whether to message the user.
+ */
+export declare function runOsascript(source: string, opts?: {
+    timeoutMs?: number;
+}): AppleScriptResult;
+/**
+ * Same as `runOsascript`, but reads the script from a file path instead
+ * of inline `-e`. Useful for very long scripts or when keeping a single
+ * authoritative `.applescript` file in the skill bundle.
+ */
+export declare function runOsascriptFile(path: string, opts?: {
+    timeoutMs?: number;
+}): AppleScriptResult;
+/**
+ * Open a file via macOS Launch Services (`/usr/bin/open -a`) so the
+ * receiving app gets sandbox-implicit access without us having to fight
+ * automation prompts, then poll an AppleScript until the file shows up
+ * inside that app.
+ *
+ * Returns the poll script's last output on success, or null on timeout.
+ */
+export declare function openViaLaunchServices(args: {
+    filePath: string;
+    appName: string;
+    pollScript: string;
+    maxWaitSec?: number;
+    pollIntervalMs?: number;
+}): {
+    ok: boolean;
+    stdout: string;
+    stderr: string;
+};
+/** Quote a string so it's safe to embed inside an AppleScript string literal. */
+export declare function asString(s: string): string;
+/** Quote a POSIX path for AppleScript ("POSIX file" wrapping is the caller's job). */
+export declare function asPosixPath(p: string): string;

package/dist/skills/runner/applescript.js

@@ -0,0 +1,100 @@
+// cli/src/skills/runner/applescript.ts
+//
+// Spawn /usr/bin/osascript and friends. Mirror of Yome/macOS/Bridge/
+// AppleScriptRunner.swift so the CLI gets the same execution semantics
+// the macOS app uses (including the Launch Services trick that bypasses
+// app-sandbox prompts for opening files).
+import { spawnSync } from 'node:child_process';
+/**
+ * Run an AppleScript source string via `osascript -e`.
+ *
+ * The Swift sibling does some preflight automation-permission checks via
+ * AEDeterminePermissionToAutomateTarget. CLI doesn't have a UI to drive
+ * the system prompt, so we just let osascript surface error -1743 — the
+ * caller can decide whether to message the user.
+ */
+export function runOsascript(source, opts = {}) {
+    const r = spawnSync('/usr/bin/osascript', ['-e', source], {
+        encoding: 'utf-8',
+        timeout: opts.timeoutMs ?? 30_000,
+        maxBuffer: 10 * 1024 * 1024,
+    });
+    if (r.error) {
+        return { ok: false, stdout: '', stderr: String(r.error.message), exitCode: -1 };
+    }
+    const code = r.status ?? -1;
+    return {
+        ok: code === 0,
+        stdout: (r.stdout ?? '').replace(/\n+$/, ''),
+        stderr: (r.stderr ?? '').trim(),
+        exitCode: code,
+    };
+}
+/**
+ * Same as `runOsascript`, but reads the script from a file path instead
+ * of inline `-e`. Useful for very long scripts or when keeping a single
+ * authoritative `.applescript` file in the skill bundle.
+ */
+export function runOsascriptFile(path, opts = {}) {
+    const r = spawnSync('/usr/bin/osascript', [path], {
+        encoding: 'utf-8',
+        timeout: opts.timeoutMs ?? 30_000,
+        maxBuffer: 10 * 1024 * 1024,
+    });
+    if (r.error) {
+        return { ok: false, stdout: '', stderr: String(r.error.message), exitCode: -1 };
+    }
+    const code = r.status ?? -1;
+    return {
+        ok: code === 0,
+        stdout: (r.stdout ?? '').replace(/\n+$/, ''),
+        stderr: (r.stderr ?? '').trim(),
+        exitCode: code,
+    };
+}
+/**
+ * Open a file via macOS Launch Services (`/usr/bin/open -a`) so the
+ * receiving app gets sandbox-implicit access without us having to fight
+ * automation prompts, then poll an AppleScript until the file shows up
+ * inside that app.
+ *
+ * Returns the poll script's last output on success, or null on timeout.
+ */
+export function openViaLaunchServices(args) {
+    const open = spawnSync('/usr/bin/open', ['-a', args.appName, args.filePath], { encoding: 'utf-8' });
+    if (open.status !== 0) {
+        return {
+            ok: false,
+            stdout: '',
+            stderr: open.stderr || `open -a "${args.appName}" exited ${open.status}`,
+        };
+    }
+    const max = args.maxWaitSec ?? 30;
+    const interval = args.pollIntervalMs ?? 1000;
+    for (let i = 0; i < max; i++) {
+        sleepSync(interval);
+        const r = runOsascript(args.pollScript);
+        if (r.ok && r.stdout.trim().length > 0) {
+            return { ok: true, stdout: r.stdout, stderr: '' };
+        }
+    }
+    return { ok: false, stdout: '', stderr: `timed out waiting for ${args.appName} to load ${args.filePath}` };
+}
+/** Quote a string so it's safe to embed inside an AppleScript string literal. */
+export function asString(s) {
+    return '"' + s.replace(/\\/g, '\\\\').replace(/"/g, '\\"') + '"';
+}
+/** Quote a POSIX path for AppleScript ("POSIX file" wrapping is the caller's job). */
+export function asPosixPath(p) {
+    return asString(p);
+}
+function sleepSync(ms) {
+    const end = Date.now() + ms;
+    // Atomics-based sleep — works in Node ≥16 without spawning a child.
+    const sab = new SharedArrayBuffer(4);
+    const view = new Int32Array(sab);
+    while (Date.now() < end) {
+        Atomics.wait(view, 0, 0, Math.max(1, end - Date.now()));
+    }
+}
+//# sourceMappingURL=applescript.js.map

package/dist/skills/runner/applescript.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"applescript.js","sourceRoot":"","sources":["../../../src/skills/runner/applescript.ts"],"names":[],"mappings":"AAAA,uCAAuC;AACvC,EAAE;AACF,qEAAqE;AACrE,uEAAuE;AACvE,wEAAwE;AACxE,0CAA0C;AAE1C,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAU/C;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,MAAc,EAAE,OAA+B,EAAE;IAC5E,MAAM,CAAC,GAAG,SAAS,CAAC,oBAAoB,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE;QACxD,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,IAAI,CAAC,SAAS,IAAI,MAAM;QACjC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;KAC5B,CAAC,CAAC;IACH,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QACZ,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,EAAE,CAAC;IAClF,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC;IAC5B,OAAO;QACL,EAAE,EAAE,IAAI,KAAK,CAAC;QACd,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;QAC5C,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;QAC/B,QAAQ,EAAE,IAAI;KACf,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,OAA+B,EAAE;IAC9E,MAAM,CAAC,GAAG,SAAS,CAAC,oBAAoB,EAAE,CAAC,IAAI,CAAC,EAAE;QAChD,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,IAAI,CAAC,SAAS,IAAI,MAAM;QACjC,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;KAC5B,CAAC,CAAC;IACH,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;QACZ,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,EAAE,CAAC;IAClF,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC;IAC5B,OAAO;QACL,EAAE,EAAE,IAAI,KAAK,CAAC;QACd,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;QAC5C,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;QAC/B,QAAQ,EAAE,IAAI;KACf,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAMrC;IACC,MAAM,IAAI,GAAG,SAAS,CAAC,eAAe,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IACpG,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,EAAE;YACV,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,YAAY,IAAI,CAAC,OAAO,YAAY,IAAI,CAAC,MAAM,EAAE;SACzE,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,IAAI,EAAE,CAAC;IAClC,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,SAAS,CAAC,QAAQ,CAAC,CAAC;QACpB,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACxC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;QACpD,CAAC;IACH,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,yBAAyB,IAAI,CAAC,OAAO,YAAY,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC;AAC7G,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,QAAQ,CAAC,CAAS;IAChC,OAAO,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,GAAG,CAAC;AACnE,CAAC;AAED,sFAAsF;AACtF,MAAM,UAAU,WAAW,CAAC,CAAS;IACnC,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,SAAS,CAAC,EAAU;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;IAC5B,oEAAoE;IACpE,MAAM,GAAG,GAAG,IAAI,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IACjC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC;QACxB,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC"}

package/dist/skills/runner/dispatcher.d.ts

@@ -0,0 +1,57 @@
+export interface BackendArgSpec {
+    name: string;
+    from: string;
+    type?: 'string' | 'bool' | 'number';
+    default?: string | boolean | number;
+    required?: boolean;
+}
+export interface BackendActionSpec {
+    script: string;
+    args?: BackendArgSpec[];
+    openViaLaunchServices?: boolean;
+    pollScript?: string;
+    uses?: string[];
+    /** Per-action timeout override in ms. */
+    timeoutMs?: number;
+}
+export interface MacosBackendManifest {
+    appBundleId?: string;
+    appName?: string;
+    actions: Record<string, BackendActionSpec>;
+}
+export interface SkillCall {
+    positionals: string[];
+    flags: Record<string, string | boolean | number | undefined>;
+}
+export interface DispatchResult {
+    ok: boolean;
+    stdout: string;
+    stderr: string;
+    exitCode: number;
+}
+/**
+ * Parse `red` | `#003366` | `003366` | `0, 51, 102` into an AppleScript
+ * RGB literal `{r, g, b}`. Returns null if the input doesn't match any of
+ * those three forms — callers should treat null as "user gave a bad color".
+ */
+export declare function parseColorToAppleScriptRGB(input: string): string | null;
+/**
+ * `--align` parser → AppleScript `paragraph align ...` enum.
+ * Defaults silently to `paragraph align left` for unknown values; that
+ * matches the Swift bridge behaviour and avoids breaking the script render.
+ */
+export declare function parseAlignToAppleScript(input: string): string;
+export declare function loadMacosBackend(skillDir: string): MacosBackendManifest | null;
+/**
+ * Run an action on a macOS-backed skill. Returns the osascript outcome
+ * verbatim (caller decides how to render).
+ */
+export declare function dispatchMacos(skillDir: string, action: string, call: SkillCall): DispatchResult;
+export interface MergedBatchEntry {
+    action: string;
+    call: SkillCall;
+}
+export interface MergedBatchOptions {
+    keepGoing: boolean;
+}
+export declare function dispatchMacosBatchMerged(skillDir: string, entries: MergedBatchEntry[], opts: MergedBatchOptions): Promise<DispatchResult>;