@praxis.guard/auditor-cli 0.0.17 → 0.0.19

package/README.md

@@ -11,7 +11,29 @@ Use one built binary for **MCP stdio**, **Cursor hook**, and diagnostics:
 | **MCP** (`mcp.json`) | `auditor` + args `["mcp"]`, or `node …/auditor-cli/dist/cli.js mcp` |
 | **Hook** (`.cursor/hooks.json`) | `node …/auditor-cli/dist/cli.js hook before-shell` (or `auditor hook before-shell` if `auditor` is on `PATH`) |
 
-**`@praxis/guard-mcp`** remains as a **thin shim** (`dist/server.js` → `@praxis/auditor-cli/mcp`) for older configs that still point at `guard-mcp`.
+Legacy configs that still reference `guard-mcp` are migrated by `auditor setup all` / `auditor setup doctor`.
+
+## MUTATE human approval
+
+Hooks **enforce** (deny without bridge). MCP **`guard`** / **`guard_wait`** **coordinate**: create `approval_requests` in Cloud Functions, human approves in the Praxis app (or dev: `auditor approvals approve` with `GUARD_APPROVAL_DEV=1`), then redeem grant and write the one-shot `.cursor/guard/bridge` file.
+
+### MCP `mode`: shadow vs enforce
+
+Both tools require `mode` in the JSON payload:
+
+| `mode` | Behavior |
+|--------|----------|
+| **`shadow`** | Dry-run. Response `decision` is always `allow` (non-blocking). Field `shadow` carries the policy verdict (`allow` / `require_approval` / `block`). No approval requests are created. |
+| **`enforce`** | Coordination. Response `decision` is the real outcome (may call the approval backend for MUTATE). Field `shadow` carries the policy-only verdict (what would apply before grant redemption). |
+
+`guard_wait` always runs in **enforce** semantics (poll + redeem). Typical flow: `guard` with `mode: "enforce"` → human approves → `guard_wait` with `context.approval.request_id` and `context.wait_ms`.
+
+Smoke examples (after `pnpm -C packages/auditor-cli build`):
+
+```bash
+node scripts/guard-smoke.mjs shadow gcloud compute instances list
+node scripts/guard-smoke.mjs enforce gcloud compute instances delete example-vm
+```
 
 ## Policy source of truth
 

package/dist/approval/argv-fingerprint.d.ts

@@ -0,0 +1,2 @@
+export { shellArgvApprovalId as argvSha256 } from "../bridge/shell-approval-bridge.js";
+//# sourceMappingURL=argv-fingerprint.d.ts.map

package/dist/approval/argv-fingerprint.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"argv-fingerprint.d.ts","sourceRoot":"","sources":["../../src/approval/argv-fingerprint.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,IAAI,UAAU,EAAE,MAAM,oCAAoC,CAAC"}

package/dist/approval/argv-fingerprint.js

@@ -0,0 +1,2 @@
+export { shellArgvApprovalId as argvSha256 } from "../bridge/shell-approval-bridge.js";
+//# sourceMappingURL=argv-fingerprint.js.map

package/dist/approval/argv-fingerprint.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"argv-fingerprint.js","sourceRoot":"","sources":["../../src/approval/argv-fingerprint.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,IAAI,UAAU,EAAE,MAAM,oCAAoC,CAAC"}

package/dist/approval/client.d.ts

@@ -0,0 +1,35 @@
+import type { ApprovalRequestRecord, CreateApprovalRequestInput } from "./types.js";
+export declare function createApprovalRequest(input: CreateApprovalRequestInput): Promise<{
+    request_id: string;
+    open_url: string;
+    expires_at: string;
+}>;
+export declare function getApprovalRequest(requestId: string): Promise<ApprovalRequestRecord>;
+export declare function pollUntilApproved(requestId: string, opts?: {
+    timeoutMs?: number;
+    intervalMs?: number;
+}): Promise<ApprovalRequestRecord>;
+export declare function redeemApprovalGrant(input: {
+    request_id: string;
+    grant: string;
+    install_id: string;
+    argv: string[];
+}): Promise<{
+    redeemed: boolean;
+    approved_by: string | null;
+    execution_ticket: string | null;
+}>;
+export declare function listApprovalRequests(status?: string): Promise<Array<{
+    request_id: string;
+    status: string;
+    raw_display?: string;
+    open_url?: string;
+    expires_at?: string;
+}>>;
+export declare function issueApprovalDecision(requestId: string, decision: "approved" | "denied", opts?: {
+    idToken?: string;
+}): Promise<{
+    grant?: string;
+    status: string;
+}>;
+//# sourceMappingURL=client.d.ts.map

package/dist/approval/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/approval/client.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AAyBpF,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,0BAA0B,GAChC,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAAC,CAcvE;AAED,wBAAsB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAS1F;AAED,wBAAsB,iBAAiB,CACrC,SAAS,EAAE,MAAM,EACjB,IAAI,CAAC,EAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAA;CAAE,GACjD,OAAO,CAAC,qBAAqB,CAAC,CAahC;AAED,wBAAsB,mBAAmB,CAAC,KAAK,EAAE;IAC/C,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB,GAAG,OAAO,CAAC;IACV,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;CACjC,CAAC,CAeD;AAED,wBAAsB,oBAAoB,CAAC,MAAM,SAAY,GAAG,OAAO,CACrE,KAAK,CAAC;IACJ,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC,CACH,CAeA;AAED,wBAAsB,qBAAqB,CACzC,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,UAAU,GAAG,QAAQ,EAC/B,IAAI,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC1B,OAAO,CAAC;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CAqB7C"}

package/dist/approval/client.js

@@ -0,0 +1,117 @@
+import { resolveGuardToken } from "../cli/credentials.js";
+import { prodFunctionUrl } from "../cli/function-url.js";
+function approvalUrl(name) {
+    const override = process.env[`PRAXIS_GUARD_APPROVAL_${name.toUpperCase()}_URL`];
+    if (override?.trim())
+        return override.trim();
+    return prodFunctionUrl(name);
+}
+async function authFetch(url, init) {
+    const token = resolveGuardToken();
+    if (!token)
+        throw new Error("Not authenticated. Run `auditor login` or set PRAXIS_GUARD_TOKEN.");
+    return fetch(url, {
+        ...init,
+        headers: {
+            Authorization: `Bearer ${token}`,
+            "Content-Type": "application/json",
+            ...(init.headers ?? {}),
+        },
+        signal: AbortSignal.timeout(8000),
+    });
+}
+export async function createApprovalRequest(input) {
+    const res = await authFetch(approvalUrl("guardApprovalRequest"), {
+        method: "POST",
+        body: JSON.stringify(input),
+    });
+    const data = (await res.json().catch(() => ({})));
+    if (!res.ok) {
+        throw new Error(typeof data.error === "string" ? data.error : `create failed (${res.status})`);
+    }
+    return {
+        request_id: String(data.request_id),
+        open_url: String(data.open_url),
+        expires_at: String(data.expires_at),
+    };
+}
+export async function getApprovalRequest(requestId) {
+    const url = `${approvalUrl("guardApprovalGet")}?id=${encodeURIComponent(requestId)}`;
+    const res = await authFetch(url, { method: "GET" });
+    const data = (await res.json().catch(() => ({})));
+    if (!res.ok) {
+        throw new Error(typeof data.error === "string" ? data.error : `get failed (${res.status})`);
+    }
+    const req = data.request;
+    return req;
+}
+export async function pollUntilApproved(requestId, opts) {
+    const timeoutMs = opts?.timeoutMs ?? 5 * 60 * 1000;
+    const intervalMs = opts?.intervalMs ?? 2000;
+    const deadline = Date.now() + timeoutMs;
+    while (Date.now() < deadline) {
+        const row = await getApprovalRequest(requestId);
+        if (row.status === "denied")
+            throw new Error("approval_denied");
+        if (row.status === "expired")
+            throw new Error("approval_expired");
+        if (row.status === "approved")
+            return row;
+        await new Promise((r) => setTimeout(r, intervalMs));
+    }
+    throw new Error("approval_timeout");
+}
+export async function redeemApprovalGrant(input) {
+    const res = await authFetch(approvalUrl("guardApprovalRedeem"), {
+        method: "POST",
+        body: JSON.stringify(input),
+    });
+    const data = (await res.json().catch(() => ({})));
+    if (!res.ok) {
+        throw new Error(typeof data.error === "string" ? data.error : `redeem failed (${res.status})`);
+    }
+    return {
+        redeemed: Boolean(data.redeemed),
+        approved_by: typeof data.approved_by === "string" ? data.approved_by : null,
+        execution_ticket: typeof data.execution_ticket === "string" ? data.execution_ticket : null,
+    };
+}
+export async function listApprovalRequests(status = "pending") {
+    const url = `${approvalUrl("guardApprovalList")}?status=${encodeURIComponent(status)}`;
+    const res = await authFetch(url, { method: "GET" });
+    const data = (await res.json().catch(() => ({})));
+    if (!res.ok) {
+        throw new Error(typeof data.error === "string" ? data.error : `list failed (${res.status})`);
+    }
+    const raw = data.requests ?? [];
+    return raw.map((r) => ({
+        request_id: String(r.request_id),
+        status: String(r.status),
+        raw_display: typeof r.raw_display === "string" ? r.raw_display : undefined,
+        open_url: typeof r.open_url === "string" ? r.open_url : undefined,
+        expires_at: typeof r.expires_at === "string" ? r.expires_at : undefined,
+    }));
+}
+export async function issueApprovalDecision(requestId, decision, opts) {
+    const token = opts?.idToken ?? resolveGuardToken();
+    if (!token)
+        throw new Error("Not authenticated");
+    const res = await fetch(approvalUrl("guardApprovalIssue"), {
+        method: "POST",
+        headers: {
+            Authorization: `Bearer ${token}`,
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify({ request_id: requestId, decision }),
+        signal: AbortSignal.timeout(8000),
+    });
+    const data = (await res.json().catch(() => ({})));
+    if (!res.ok) {
+        throw new Error(typeof data.error === "string" ? data.error : `issue failed (${res.status})`);
+    }
+    return {
+        status: String(data.status),
+        grant: typeof data.grant === "string" ? data.grant : undefined,
+    };
+}
+//# sourceMappingURL=client.js.map

package/dist/approval/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/approval/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAGzD,SAAS,WAAW,CAAC,IAAY;IAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAChF,IAAI,QAAQ,EAAE,IAAI,EAAE;QAAE,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC;IAC7C,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC;AAC/B,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,GAAW,EACX,IAAsC;IAEtC,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;IAClC,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;IACjG,OAAO,KAAK,CAAC,GAAG,EAAE;QAChB,GAAG,IAAI;QACP,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,KAAK,EAAE;YAChC,cAAc,EAAE,kBAAkB;YAClC,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;SACxB;QACD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;KAClC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,KAAiC;IAEjC,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,sBAAsB,CAAC,EAAE;QAC/D,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;KAC5B,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAA4B,CAAC;IAC7E,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,kBAAkB,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IACjG,CAAC;IACD,OAAO;QACL,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;QACnC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;QAC/B,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC;KACpC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,SAAiB;IACxD,MAAM,GAAG,GAAG,GAAG,WAAW,CAAC,kBAAkB,CAAC,OAAO,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;IACrF,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAA4B,CAAC;IAC7E,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,eAAe,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IAC9F,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAgC,CAAC;IAClD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,SAAiB,EACjB,IAAkD;IAElD,MAAM,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IACnD,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,IAAI,CAAC;IAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAExC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAChD,IAAI,GAAG,CAAC,MAAM,KAAK,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAChE,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAClE,IAAI,GAAG,CAAC,MAAM,KAAK,UAAU;YAAE,OAAO,GAAG,CAAC;QAC1C,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,KAKzC;IAKC,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,qBAAqB,CAAC,EAAE;QAC9D,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;KAC5B,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAA4B,CAAC;IAC7E,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,kBAAkB,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IACjG,CAAC;IACD,OAAO;QACL,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;QAChC,WAAW,EAAE,OAAO,IAAI,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI;QAC3E,gBAAgB,EACd,OAAO,IAAI,CAAC,gBAAgB,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI;KAC3E,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,MAAM,GAAG,SAAS;IAS3D,MAAM,GAAG,GAAG,GAAG,WAAW,CAAC,mBAAmB,CAAC,WAAW,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;IACvF,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAA4B,CAAC;IAC7E,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IAC/F,CAAC;IACD,MAAM,GAAG,GAAI,IAAI,CAAC,QAA2C,IAAI,EAAE,CAAC;IACpE,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC;QAChC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;QACxB,WAAW,EAAE,OAAO,CAAC,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS;QAC1E,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;QACjE,UAAU,EAAE,OAAO,CAAC,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;KACxE,CAAC,CAAC,CAAC;AACN,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,SAAiB,EACjB,QAA+B,EAC/B,IAA2B;IAE3B,MAAM,KAAK,GAAG,IAAI,EAAE,OAAO,IAAI,iBAAiB,EAAE,CAAC;IACnD,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IAEjD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,oBAAoB,CAAC,EAAE;QACzD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,KAAK,EAAE;YAChC,cAAc,EAAE,kBAAkB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QACzD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC;KAClC,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAA4B,CAAC;IAC7E,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,iBAAiB,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IAChG,CAAC;IACD,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;QAC3B,KAAK,EAAE,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KAC/D,CAAC;AACJ,CAAC"}

package/dist/approval/grant.d.ts

@@ -0,0 +1,6 @@
+import type { ApprovalGrantClaims, ExecutionTicketClaims } from "./types.js";
+/** Verify a server-issued approval grant JWT (HS256). */
+export declare function verifyApprovalGrant(token: string): ApprovalGrantClaims | null;
+/** Verify a server-issued execution ticket JWT (HS256) for hook one-shot allow. */
+export declare function verifyExecutionTicket(token: string): ExecutionTicketClaims | null;
+//# sourceMappingURL=grant.d.ts.map

package/dist/approval/grant.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grant.d.ts","sourceRoot":"","sources":["../../src/approval/grant.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,mBAAmB,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAoB7E,yDAAyD;AACzD,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,mBAAmB,GAAG,IAAI,CAkB7E;AAED,mFAAmF;AACnF,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,qBAAqB,GAAG,IAAI,CAqBjF"}

package/dist/approval/grant.js

@@ -0,0 +1,78 @@
+import { createHmac, timingSafeEqual } from "node:crypto";
+function base64urlDecodeJson(segment) {
+    try {
+        const raw = Buffer.from(segment, "base64url").toString("utf8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}
+function approvalJwtSecret() {
+    const fromEnv = process.env.GUARD_APPROVAL_JWT_SECRET?.trim();
+    if (fromEnv)
+        return fromEnv;
+    if (process.env.PRAXIS_FIREBASE_FUNCTIONS_EMULATOR_HOST?.trim()) {
+        return "praxis-guard-approval-dev-secret";
+    }
+    return null;
+}
+/** Verify a server-issued approval grant JWT (HS256). */
+export function verifyApprovalGrant(token) {
+    const parts = token.split(".");
+    if (parts.length !== 3)
+        return null;
+    const secret = approvalJwtSecret();
+    if (!secret)
+        return null;
+    const [header, body, sig] = parts;
+    const expected = createHmac("sha256", secret).update(`${header}.${body}`).digest("base64url");
+    try {
+        const a = Buffer.from(sig, "utf8");
+        const b = Buffer.from(expected, "utf8");
+        if (a.length !== b.length || !timingSafeEqual(a, b))
+            return null;
+    }
+    catch {
+        return null;
+    }
+    const payload = base64urlDecodeJson(body);
+    if (!payload || payload.typ !== "approval")
+        return null;
+    if (typeof payload.exp !== "number" || payload.exp * 1000 < Date.now())
+        return null;
+    return payload;
+}
+/** Verify a server-issued execution ticket JWT (HS256) for hook one-shot allow. */
+export function verifyExecutionTicket(token) {
+    const parts = token.split(".");
+    if (parts.length !== 3)
+        return null;
+    const secret = approvalJwtSecret();
+    if (!secret)
+        return null;
+    const [header, body, sig] = parts;
+    const expected = createHmac("sha256", secret).update(`${header}.${body}`).digest("base64url");
+    try {
+        const a = Buffer.from(sig, "utf8");
+        const b = Buffer.from(expected, "utf8");
+        if (a.length !== b.length || !timingSafeEqual(a, b))
+            return null;
+    }
+    catch {
+        return null;
+    }
+    const payload = base64urlDecodeJson(body);
+    if (!payload || payload.typ !== "execution")
+        return null;
+    if (typeof payload.exp !== "number" || payload.exp * 1000 < Date.now())
+        return null;
+    if (payload.kind !== "shell" && payload.kind !== "mcp")
+        return null;
+    if (typeof payload.request_id !== "string" || typeof payload.argv_sha256 !== "string")
+        return null;
+    if (typeof payload.install_id !== "string" || typeof payload.jti !== "string")
+        return null;
+    return payload;
+}
+//# sourceMappingURL=grant.js.map

package/dist/approval/grant.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"grant.js","sourceRoot":"","sources":["../../src/approval/grant.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAI1D,SAAS,mBAAmB,CAAI,OAAe;IAC7C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAM,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,IAAI,EAAE,CAAC;IAC9D,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAC5B,IAAI,OAAO,CAAC,GAAG,CAAC,uCAAuC,EAAE,IAAI,EAAE,EAAE,CAAC;QAChE,OAAO,kCAAkC,CAAC;IAC5C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,yDAAyD;AACzD,MAAM,UAAU,mBAAmB,CAAC,KAAa;IAC/C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;IACnC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;IAClC,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC9F,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACxC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,OAAO,GAAG,mBAAmB,CAAsB,IAAI,CAAC,CAAC;IAC/D,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,KAAK,UAAU;QAAE,OAAO,IAAI,CAAC;IACxD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,IAAI,CAAC;IACpF,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,qBAAqB,CAAC,KAAa;IACjD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,MAAM,GAAG,iBAAiB,EAAE,CAAC;IACnC,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC;IAClC,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC9F,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACxC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,OAAO,GAAG,mBAAmB,CAAwB,IAAI,CAAC,CAAC;IACjE,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,KAAK,WAAW;QAAE,OAAO,IAAI,CAAC;IACzD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,IAAI,CAAC;IACpF,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IACpE,IAAI,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ,IAAI,OAAO,OAAO,CAAC,WAAW,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACnG,IAAI,OAAO,OAAO,CAAC,UAAU,KAAK,QAAQ,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3F,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/approval/mcp-flow.d.ts

@@ -0,0 +1,41 @@
+import { argvSha256 } from "./argv-fingerprint.js";
+export type McpApprovalContext = {
+    request_id?: string | null;
+    grant?: string | null;
+};
+export type McpApprovalOutcome = {
+    kind: "require_approval";
+    request_id: string;
+    open_url: string;
+    expires_at: string;
+} | {
+    kind: "allow";
+    redeemed: boolean;
+    approved_by: string | null;
+    bridgeRecorded: boolean;
+    ticketRecorded: boolean;
+    request_id: string;
+} | {
+    kind: "credential_not_recorded";
+    request_id: string;
+    message: string;
+} | {
+    kind: "backend_unavailable";
+    message: string;
+};
+export declare function resolveMutateApproval(input: {
+    argv: string[];
+    proposalKind: "shell" | "mcp";
+    cwd?: string;
+    rawDisplay?: string;
+    eventId: string;
+    policyRevision: number | null;
+    reasons: unknown[];
+    sessionId?: string | null;
+    environment?: string | null;
+    approval?: McpApprovalContext | null;
+    waitMs?: number | null;
+}): Promise<McpApprovalOutcome>;
+export declare function argvFingerprint(argv: readonly string[]): string;
+export { argvSha256 };
+//# sourceMappingURL=mcp-flow.d.ts.map

package/dist/approval/mcp-flow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-flow.d.ts","sourceRoot":"","sources":["../../src/approval/mcp-flow.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AASnD,MAAM,MAAM,kBAAkB,GAAG;IAC/B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAC1B;IACE,IAAI,EAAE,kBAAkB,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB,GACD;IACE,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;CACpB,GACD;IACE,IAAI,EAAE,yBAAyB,CAAC;IAChC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;CACjB,GACD;IAAE,IAAI,EAAE,qBAAqB,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAMrD,wBAAsB,qBAAqB,CAAC,KAAK,EAAE;IACjD,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,YAAY,EAAE,OAAO,GAAG,KAAK,CAAC;IAC9B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,OAAO,EAAE,OAAO,EAAE,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,QAAQ,CAAC,EAAE,kBAAkB,GAAG,IAAI,CAAC;IACrC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAiH9B;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,GAAG,MAAM,CAE/D;AAED,OAAO,EAAE,UAAU,EAAE,CAAC"}

package/dist/approval/mcp-flow.js

@@ -0,0 +1,116 @@
+import { getInstallId } from "../cli/install-id.js";
+import { argvSha256 } from "./argv-fingerprint.js";
+import { createApprovalRequest, getApprovalRequest, pollUntilApproved, } from "./client.js";
+import { redeemApprovalAndRecordBridge } from "./redeem.js";
+import { verifyApprovalGrant } from "./grant.js";
+function defaultAppUrl() {
+    return process.env.PRAXIS_APP_URL?.trim() || "https://app.usepraxis.tech";
+}
+export async function resolveMutateApproval(input) {
+    const installId = getInstallId();
+    const requestId = input.approval?.request_id?.trim() || null;
+    const grant = input.approval?.grant?.trim() || null;
+    try {
+        if (requestId) {
+            if (grant) {
+                const claims = verifyApprovalGrant(grant);
+                if (!claims || claims.request_id !== requestId) {
+                    return { kind: "backend_unavailable", message: "invalid_grant" };
+                }
+            }
+            const row = grant ? null : await getApprovalRequest(requestId);
+            const status = grant ? "approved" : row?.status;
+            if (status === "pending" && input.waitMs && input.waitMs > 0) {
+                await pollUntilApproved(requestId, { timeoutMs: input.waitMs });
+            }
+            else if (status === "pending") {
+                return {
+                    kind: "require_approval",
+                    request_id: requestId,
+                    open_url: row?.open_url ?? `${defaultAppUrl().replace(/\/$/, "")}/app/approvals/${requestId}`,
+                    expires_at: row?.expires_at ?? new Date(Date.now() + 30 * 60 * 1000).toISOString(),
+                };
+            }
+            if (status === "denied") {
+                return { kind: "backend_unavailable", message: "approval_denied" };
+            }
+            const redeem = await redeemApprovalAndRecordBridge({
+                request_id: requestId,
+                argv: input.argv,
+                kind: input.proposalKind,
+                cwd: input.cwd,
+                grant,
+                environment: input.environment,
+                session_id: input.sessionId,
+            });
+            if (!redeem.bridgeRecorded && !redeem.ticketRecorded) {
+                return {
+                    kind: "credential_not_recorded",
+                    request_id: requestId,
+                    message: "Approval redeemed but no hook credential was written (bridge and execution ticket both failed).",
+                };
+            }
+            return {
+                kind: "allow",
+                redeemed: redeem.redeemed,
+                approved_by: redeem.approved_by,
+                bridgeRecorded: redeem.bridgeRecorded,
+                ticketRecorded: redeem.ticketRecorded,
+                request_id: requestId,
+            };
+        }
+        const created = await createApprovalRequest({
+            kind: input.proposalKind,
+            tier: "MUTATE",
+            argv: [...input.argv],
+            install_id: installId,
+            session_id: input.sessionId ?? null,
+            environment: input.environment ?? null,
+            raw_display: input.rawDisplay ?? input.argv.join(" "),
+            event_id: input.eventId,
+            policy_revision: input.policyRevision,
+            reasons: input.reasons,
+        });
+        if (input.waitMs && input.waitMs > 0) {
+            await pollUntilApproved(created.request_id, { timeoutMs: input.waitMs });
+            const redeem = await redeemApprovalAndRecordBridge({
+                request_id: created.request_id,
+                argv: input.argv,
+                kind: input.proposalKind,
+                cwd: input.cwd,
+                environment: input.environment,
+                session_id: input.sessionId,
+            });
+            if (!redeem.bridgeRecorded && !redeem.ticketRecorded) {
+                return {
+                    kind: "credential_not_recorded",
+                    request_id: created.request_id,
+                    message: "Approval redeemed but no hook credential was written (bridge and execution ticket both failed).",
+                };
+            }
+            return {
+                kind: "allow",
+                redeemed: redeem.redeemed,
+                approved_by: redeem.approved_by,
+                bridgeRecorded: redeem.bridgeRecorded,
+                ticketRecorded: redeem.ticketRecorded,
+                request_id: created.request_id,
+            };
+        }
+        return {
+            kind: "require_approval",
+            request_id: created.request_id,
+            open_url: created.open_url,
+            expires_at: created.expires_at,
+        };
+    }
+    catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        return { kind: "backend_unavailable", message: msg };
+    }
+}
+export function argvFingerprint(argv) {
+    return JSON.stringify(argv);
+}
+export { argvSha256 };
+//# sourceMappingURL=mcp-flow.js.map

package/dist/approval/mcp-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-flow.js","sourceRoot":"","sources":["../../src/approval/mcp-flow.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EACL,qBAAqB,EACrB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,6BAA6B,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AA6BjD,SAAS,aAAa;IACpB,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,EAAE,IAAI,4BAA4B,CAAC;AAC5E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,KAY3C;IACC,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,SAAS,GAAG,KAAK,CAAC,QAAQ,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAC7D,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAEpD,IAAI,CAAC;QACH,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;gBAC1C,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;oBAC/C,OAAO,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC;gBACnE,CAAC;YACH,CAAC;YAED,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,kBAAkB,CAAC,SAAS,CAAC,CAAC;YAC/D,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,EAAE,MAAM,CAAC;YAEhD,IAAI,MAAM,KAAK,SAAS,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7D,MAAM,iBAAiB,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;YAClE,CAAC;iBAAM,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBAChC,OAAO;oBACL,IAAI,EAAE,kBAAkB;oBACxB,UAAU,EAAE,SAAS;oBACrB,QAAQ,EAAE,GAAG,EAAE,QAAQ,IAAI,GAAG,aAAa,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,kBAAkB,SAAS,EAAE;oBAC7F,UAAU,EAAE,GAAG,EAAE,UAAU,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;iBACnF,CAAC;YACJ,CAAC;YAED,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACxB,OAAO,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC;YACrE,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,6BAA6B,CAAC;gBACjD,UAAU,EAAE,SAAS;gBACrB,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,IAAI,EAAE,KAAK,CAAC,YAAY;gBACxB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,KAAK;gBACL,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,UAAU,EAAE,KAAK,CAAC,SAAS;aAC5B,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;gBACrD,OAAO;oBACL,IAAI,EAAE,yBAAyB;oBAC/B,UAAU,EAAE,SAAS;oBACrB,OAAO,EACL,iGAAiG;iBACpG,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,UAAU,EAAE,SAAS;aACtB,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,qBAAqB,CAAC;YAC1C,IAAI,EAAE,KAAK,CAAC,YAAY;YACxB,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC;YACrB,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;YACnC,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,IAAI;YACtC,WAAW,EAAE,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YACrD,QAAQ,EAAE,KAAK,CAAC,OAAO;YACvB,eAAe,EAAE,KAAK,CAAC,cAAc;YACrC,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC,CAAC;QAEH,IAAI,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,iBAAiB,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;YACzE,MAAM,MAAM,GAAG,MAAM,6BAA6B,CAAC;gBACjD,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,IAAI,EAAE,KAAK,CAAC,YAAY;gBACxB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,UAAU,EAAE,KAAK,CAAC,SAAS;aAC5B,CAAC,CAAC;YACH,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;gBACrD,OAAO;oBACL,IAAI,EAAE,yBAAyB;oBAC/B,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,OAAO,EACL,iGAAiG;iBACpG,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,IAAI,EAAE,OAAO;gBACb,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,cAAc,EAAE,MAAM,CAAC,cAAc;gBACrC,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,kBAAkB;YACxB,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;IACvD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAuB;IACrD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,OAAO,EAAE,UAAU,EAAE,CAAC"}

package/dist/approval/redeem.d.ts

@@ -0,0 +1,21 @@
+export type RedeemAndBridgeInput = {
+    request_id: string;
+    argv: string[];
+    kind: "shell" | "mcp";
+    cwd?: string;
+    grant?: string | null;
+    environment?: string | null;
+    session_id?: string | null;
+};
+export type RedeemAndBridgeResult = {
+    redeemed: boolean;
+    approved_by: string | null;
+    bridgeRecorded: boolean;
+    ticketRecorded: boolean;
+    execution_ticket: string | null;
+};
+/**
+ * After backend status is `approved`, redeem the one-shot grant and record the local bridge.
+ */
+export declare function redeemApprovalAndRecordBridge(input: RedeemAndBridgeInput): Promise<RedeemAndBridgeResult>;
+//# sourceMappingURL=redeem.d.ts.map

package/dist/approval/redeem.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redeem.d.ts","sourceRoot":"","sources":["../../src/approval/redeem.ts"],"names":[],"mappings":"AAOA,MAAM,MAAM,oBAAoB,GAAG;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,IAAI,EAAE,OAAO,GAAG,KAAK,CAAC;IACtB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;CACjC,CAAC;AAEF;;GAEG;AACH,wBAAsB,6BAA6B,CACjD,KAAK,EAAE,oBAAoB,GAC1B,OAAO,CAAC,qBAAqB,CAAC,CAuDhC"}

package/dist/approval/redeem.js

@@ -0,0 +1,67 @@
+import { getInstallId } from "../cli/install-id.js";
+import { recordExecutionTicket } from "../bridge/execution-ticket.js";
+import { recordShellApprovalBridge } from "../bridge/shell-approval-bridge.js";
+import { argvSha256 } from "./argv-fingerprint.js";
+import { getApprovalRequest, redeemApprovalGrant } from "./client.js";
+import { verifyApprovalGrant } from "./grant.js";
+/**
+ * After backend status is `approved`, redeem the one-shot grant and record the local bridge.
+ */
+export async function redeemApprovalAndRecordBridge(input) {
+    const installId = getInstallId();
+    const hash = argvSha256(input.argv);
+    let grant = input.grant?.trim() || null;
+    if (grant) {
+        const claims = verifyApprovalGrant(grant);
+        if (!claims)
+            throw new Error("invalid_grant");
+        if (claims.request_id !== input.request_id)
+            throw new Error("request_id_mismatch");
+        if (claims.argv_sha256 !== hash)
+            throw new Error("argv_mismatch");
+        if (claims.install_id !== installId)
+            throw new Error("install_id_mismatch");
+    }
+    else {
+        const row = await getApprovalRequest(input.request_id);
+        if (row.status !== "approved") {
+            throw new Error(`approval_not_ready:${row.status}`);
+        }
+    }
+    const redeem = await redeemApprovalGrant({
+        request_id: input.request_id,
+        grant: grant ?? "pending",
+        install_id: installId,
+        argv: [...input.argv],
+    });
+    let bridgeRecorded = false;
+    let ticketRecorded = false;
+    const executionTicket = redeem.execution_ticket;
+    if (executionTicket) {
+        try {
+            await recordExecutionTicket(executionTicket, input.argv, {
+                cwd: input.cwd,
+                kind: input.kind,
+            });
+            ticketRecorded = true;
+        }
+        catch {
+            ticketRecorded = false;
+        }
+    }
+    try {
+        await recordShellApprovalBridge(input.argv, { cwd: input.cwd });
+        bridgeRecorded = true;
+    }
+    catch {
+        bridgeRecorded = false;
+    }
+    return {
+        redeemed: redeem.redeemed,
+        approved_by: redeem.approved_by,
+        bridgeRecorded,
+        ticketRecorded,
+        execution_ticket: executionTicket,
+    };
+}
+//# sourceMappingURL=redeem.js.map

package/dist/approval/redeem.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redeem.js","sourceRoot":"","sources":["../../src/approval/redeem.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAC/E,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AACtE,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAoBjD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,KAA2B;IAE3B,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACpC,IAAI,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IAExC,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QAC9C,IAAI,MAAM,CAAC,UAAU,KAAK,KAAK,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACnF,IAAI,MAAM,CAAC,WAAW,KAAK,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QAClE,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAC9E,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACvD,IAAI,GAAG,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,sBAAsB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC;QACvC,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,KAAK,EAAE,KAAK,IAAI,SAAS;QACzB,UAAU,EAAE,SAAS;QACrB,IAAI,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC;KACtB,CAAC,CAAC;IAEH,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,MAAM,eAAe,GAAG,MAAM,CAAC,gBAAgB,CAAC;IAEhD,IAAI,eAAe,EAAE,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,qBAAqB,CAAC,eAAe,EAAE,KAAK,CAAC,IAAI,EAAE;gBACvD,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,IAAI,EAAE,KAAK,CAAC,IAAI;aACjB,CAAC,CAAC;YACH,cAAc,GAAG,IAAI,CAAC;QACxB,CAAC;QAAC,MAAM,CAAC;YACP,cAAc,GAAG,KAAK,CAAC;QACzB,CAAC;IACH,CAAC;IAED,IAAI,CAAC;QACH,MAAM,yBAAyB,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QAChE,cAAc,GAAG,IAAI,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,cAAc,GAAG,KAAK,CAAC;IACzB,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,cAAc;QACd,cAAc;QACd,gBAAgB,EAAE,eAAe;KAClC,CAAC;AACJ,CAAC"}

package/dist/approval/types.d.ts

@@ -0,0 +1,53 @@
+export type ApprovalRequestStatus = "pending" | "approved" | "denied" | "expired";
+export type ApprovalRequestRecord = {
+    request_id: string;
+    status: ApprovalRequestStatus;
+    tier?: string | null;
+    kind?: string | null;
+    argv?: string[] | null;
+    argv_sha256?: string | null;
+    raw_display?: string | null;
+    install_id?: string | null;
+    session_id?: string | null;
+    environment?: string | null;
+    expires_at?: string | null;
+    approved_by?: string | null;
+    approved_at?: string | null;
+    open_url?: string | null;
+    event_id?: string | null;
+};
+export type CreateApprovalRequestInput = {
+    kind: "shell" | "mcp";
+    tier: string;
+    argv: string[];
+    install_id: string;
+    session_id?: string | null;
+    environment?: string | null;
+    raw_display?: string;
+    event_id?: string;
+    policy_revision?: number | null;
+    reasons?: unknown;
+};
+export type ApprovalGrantClaims = {
+    typ: "approval";
+    sub: string;
+    argv_sha256: string;
+    install_id: string;
+    session_id: string | null;
+    env: string | null;
+    request_id: string;
+    exp: number;
+    jti: string;
+};
+/** Short-lived hook credential minted on guardApprovalRedeem (distinct from approval grant). */
+export type ExecutionTicketClaims = {
+    typ: "execution";
+    request_id: string;
+    argv_sha256: string;
+    install_id: string;
+    kind: "shell" | "mcp";
+    jti: string;
+    exp: number;
+    env: string | null;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/approval/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/approval/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,qBAAqB,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC;AAElF,MAAM,MAAM,qBAAqB,GAAG;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,qBAAqB,CAAC;IAC9B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,IAAI,EAAE,OAAO,GAAG,KAAK,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,GAAG,EAAE,UAAU,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,gGAAgG;AAChG,MAAM,MAAM,qBAAqB,GAAG;IAClC,GAAG,EAAE,WAAW,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,OAAO,GAAG,KAAK,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;CACpB,CAAC"}