@praxis.guard/auditor-cli 0.0.18 → 0.0.20

package/dist/approval/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/approval/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,qBAAqB,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC;AAElF,MAAM,MAAM,qBAAqB,GAAG;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,qBAAqB,CAAC;IAC9B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,IAAI,EAAE,OAAO,GAAG,KAAK,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,GAAG,EAAE,UAAU,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/approval/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,qBAAqB,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC;AAElF,MAAM,MAAM,qBAAqB,GAAG;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,qBAAqB,CAAC;IAC9B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG,OAAO,CAAC;AAEpC,MAAM,MAAM,0BAA0B,GAAG;IACvC,IAAI,EAAE,OAAO,GAAG,KAAK,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,cAAc,CAAC,EAAE,aAAa,CAAC;CAChC,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,GAAG,EAAE,UAAU,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,gGAAgG;AAChG,MAAM,MAAM,qBAAqB,GAAG;IAClC,GAAG,EAAE,WAAW,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,OAAO,GAAG,KAAK,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACnC,CAAC"}

package/dist/bridge/execution-ticket.d.ts

@@ -0,0 +1,18 @@
+export declare const EXECUTION_TICKET_ENV = "PRAXIS_GUARD_EXECUTION_TICKET";
+export declare function executionTicketDir(storageRoot?: string): string;
+/**
+ * After redeem, persist a signed execution ticket for hook verification (dual-write with bridge).
+ */
+export declare function recordExecutionTicket(ticket: string, argv: readonly string[], opts?: {
+    storageRoot?: string;
+    kind?: "shell" | "mcp";
+}): Promise<void>;
+/**
+ * Verify a signed execution ticket locally and consume it once (env var or ticket files).
+ */
+export declare function tryConsumeExecutionTicket(argv: readonly string[], opts?: {
+    storageRoot?: string;
+    kind?: "shell" | "mcp";
+    tool_input_sha256?: string | null;
+}): Promise<boolean>;
+//# sourceMappingURL=execution-ticket.d.ts.map

package/dist/bridge/execution-ticket.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"execution-ticket.d.ts","sourceRoot":"","sources":["../../src/bridge/execution-ticket.ts"],"names":[],"mappings":"AASA,eAAO,MAAM,oBAAoB,kCAAkC,CAAC;AAEpE,wBAAgB,kBAAkB,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CAE/D;AAOD;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,IAAI,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,OAAO,GAAG,KAAK,CAAA;CAAE,GACtD,OAAO,CAAC,IAAI,CAAC,CAiBf;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,IAAI,CAAC,EAAE;IACL,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC;IACvB,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACnC,GACA,OAAO,CAAC,OAAO,CAAC,CAoDlB"}

package/dist/bridge/execution-ticket.js

@@ -0,0 +1,102 @@
+import { randomUUID } from "node:crypto";
+import { mkdir, readdir, readFile, unlink, writeFile } from "node:fs/promises";
+import path from "node:path";
+import { getInstallId } from "../cli/install-id.js";
+import { verifyExecutionTicket } from "../approval/grant.js";
+import { resolveGuardStorageRoot } from "./guard-storage-root.js";
+import { shellArgvApprovalId } from "./shell-approval-bridge.js";
+export const EXECUTION_TICKET_ENV = "PRAXIS_GUARD_EXECUTION_TICKET";
+export function executionTicketDir(storageRoot) {
+    return path.join(resolveGuardStorageRoot(storageRoot), ".cursor/guard/tickets");
+}
+function argvDeepEqual(stored, requested) {
+    if (!Array.isArray(stored) || stored.length !== requested.length)
+        return false;
+    return stored.every((v, i) => typeof v === "string" && v === requested[i]);
+}
+/**
+ * After redeem, persist a signed execution ticket for hook verification (dual-write with bridge).
+ */
+export async function recordExecutionTicket(ticket, argv, opts) {
+    const id = shellArgvApprovalId(argv);
+    const dir = executionTicketDir(opts?.storageRoot);
+    await mkdir(dir, { recursive: true });
+    const claims = verifyExecutionTicket(ticket);
+    const expMs = claims ? claims.exp * 1000 : Date.now() + 10 * 60 * 1000;
+    const file = path.join(dir, `${id}_${randomUUID()}.json`);
+    await writeFile(file, JSON.stringify({
+        exp: expMs,
+        argv: [...argv],
+        ticket,
+        kind: opts?.kind ?? claims?.kind ?? "shell",
+    }), "utf8");
+}
+/**
+ * Verify a signed execution ticket locally and consume it once (env var or ticket files).
+ */
+export async function tryConsumeExecutionTicket(argv, opts) {
+    const fromEnv = process.env[EXECUTION_TICKET_ENV]?.trim();
+    if (fromEnv && tryConsumeTicketToken(fromEnv, argv, opts)) {
+        return true;
+    }
+    const id = shellArgvApprovalId(argv);
+    const dir = executionTicketDir(opts?.storageRoot);
+    let names = [];
+    try {
+        names = await readdir(dir);
+    }
+    catch {
+        return false;
+    }
+    const now = Date.now();
+    const installId = getInstallId();
+    const candidates = names.filter((n) => n.startsWith(`${id}_`) && n.endsWith(".json"));
+    for (const name of candidates) {
+        const file = path.join(dir, name);
+        try {
+            const raw = await readFile(file, "utf8");
+            const row = JSON.parse(raw);
+            if (typeof row.exp !== "number" || row.exp < now) {
+                await unlink(file).catch(() => { });
+                continue;
+            }
+            if (!argvDeepEqual(row.argv, argv))
+                continue;
+            const ticket = typeof row.ticket === "string" ? row.ticket : "";
+            if (!ticket ||
+                !tryConsumeTicketToken(ticket, argv, {
+                    kind: opts?.kind ?? row.kind,
+                    tool_input_sha256: opts?.tool_input_sha256,
+                })) {
+                continue;
+            }
+            if (row.kind && opts?.kind && row.kind !== opts.kind)
+                continue;
+            await unlink(file);
+            return true;
+        }
+        catch {
+            continue;
+        }
+    }
+    return false;
+}
+function tryConsumeTicketToken(ticket, argv, opts) {
+    const claims = verifyExecutionTicket(ticket);
+    if (!claims)
+        return false;
+    if (claims.argv_sha256 !== shellArgvApprovalId(argv))
+        return false;
+    if (claims.install_id !== getInstallId())
+        return false;
+    if (opts?.kind && claims.kind !== opts.kind)
+        return false;
+    const expectedToolHash = opts?.tool_input_sha256?.trim() || null;
+    const claimToolHash = typeof claims.tool_input_sha256 === "string" ? claims.tool_input_sha256.trim() : null;
+    if (claimToolHash && expectedToolHash && claimToolHash !== expectedToolHash)
+        return false;
+    if (claimToolHash && !expectedToolHash)
+        return false;
+    return true;
+}
+//# sourceMappingURL=execution-ticket.js.map

package/dist/bridge/execution-ticket.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"execution-ticket.js","sourceRoot":"","sources":["../../src/bridge/execution-ticket.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAClE,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAEjE,MAAM,CAAC,MAAM,oBAAoB,GAAG,+BAA+B,CAAC;AAEpE,MAAM,UAAU,kBAAkB,CAAC,WAAoB;IACrD,OAAO,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,WAAW,CAAC,EAAE,uBAAuB,CAAC,CAAC;AAClF,CAAC;AAED,SAAS,aAAa,CAAC,MAAe,EAAE,SAA4B;IAClE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC/E,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7E,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,MAAc,EACd,IAAuB,EACvB,IAAuD;IAEvD,MAAM,EAAE,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAClD,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IACvE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,UAAU,EAAE,OAAO,CAAC,CAAC;IAC1D,MAAM,SAAS,CACb,IAAI,EACJ,IAAI,CAAC,SAAS,CAAC;QACb,GAAG,EAAE,KAAK;QACV,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QACf,MAAM;QACN,IAAI,EAAE,IAAI,EAAE,IAAI,IAAI,MAAM,EAAE,IAAI,IAAI,OAAO;KAC5C,CAAC,EACF,MAAM,CACP,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,IAAuB,EACvB,IAIC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,IAAI,EAAE,CAAC;IAC1D,IAAI,OAAO,IAAI,qBAAqB,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,EAAE,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAClD,IAAI,KAAK,GAAa,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IAEtF,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAKzB,CAAC;YACF,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;gBACjD,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;gBACnC,SAAS;YACX,CAAC;YACD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC;gBAAE,SAAS;YAC7C,MAAM,MAAM,GAAG,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,IACE,CAAC,MAAM;gBACP,CAAC,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE;oBACnC,IAAI,EAAE,IAAI,EAAE,IAAI,IAAK,GAAG,CAAC,IAAwB;oBACjD,iBAAiB,EAAE,IAAI,EAAE,iBAAiB;iBAC3C,CAAC,EACF,CAAC;gBACD,SAAS;YACX,CAAC;YACD,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,IAAI,IAAI,GAAG,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI;gBAAE,SAAS;YAC/D,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,qBAAqB,CAC5B,MAAc,EACd,IAAuB,EACvB,IAAoE;IAEpE,MAAM,MAAM,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1B,IAAI,MAAM,CAAC,WAAW,KAAK,mBAAmB,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACnE,IAAI,MAAM,CAAC,UAAU,KAAK,YAAY,EAAE;QAAE,OAAO,KAAK,CAAC;IACvD,IAAI,IAAI,EAAE,IAAI,IAAI,MAAM,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAC1D,MAAM,gBAAgB,GAAG,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,IAAI,IAAI,CAAC;IACjE,MAAM,aAAa,GACjB,OAAO,MAAM,CAAC,iBAAiB,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACxF,IAAI,aAAa,IAAI,gBAAgB,IAAI,aAAa,KAAK,gBAAgB;QAAE,OAAO,KAAK,CAAC;IAC1F,IAAI,aAAa,IAAI,CAAC,gBAAgB;QAAE,OAAO,KAAK,CAAC;IACrD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/bridge/guard-storage-root.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Resolve where `.cursor/guard/*` credentials live. Hooks and MCP redeem must use the same root
+ * (workspace), not the subprocess cwd (e.g. `packages/auditor-cli`).
+ */
+export declare function resolveGuardStorageRoot(preferredCwd?: string): string;
+//# sourceMappingURL=guard-storage-root.d.ts.map

package/dist/bridge/guard-storage-root.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"guard-storage-root.d.ts","sourceRoot":"","sources":["../../src/bridge/guard-storage-root.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,CAerE"}

package/dist/bridge/guard-storage-root.js

@@ -0,0 +1,24 @@
+import { existsSync } from "node:fs";
+import path from "node:path";
+/**
+ * Resolve where `.cursor/guard/*` credentials live. Hooks and MCP redeem must use the same root
+ * (workspace), not the subprocess cwd (e.g. `packages/auditor-cli`).
+ */
+export function resolveGuardStorageRoot(preferredCwd) {
+    const override = process.env.PRAXIS_GUARD_STORAGE_ROOT?.trim();
+    if (override)
+        return path.resolve(override);
+    let dir = preferredCwd?.trim() ? path.resolve(preferredCwd.trim()) : process.cwd();
+    const fsRoot = path.parse(dir).root;
+    while (true) {
+        if (existsSync(path.join(dir, ".cursor", "hooks.json")))
+            return dir;
+        if (existsSync(path.join(dir, ".git")))
+            return dir;
+        if (dir === fsRoot)
+            break;
+        dir = path.dirname(dir);
+    }
+    return preferredCwd?.trim() ? path.resolve(preferredCwd.trim()) : process.cwd();
+}
+//# sourceMappingURL=guard-storage-root.js.map

package/dist/bridge/guard-storage-root.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"guard-storage-root.js","sourceRoot":"","sources":["../../src/bridge/guard-storage-root.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,YAAqB;IAC3D,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,IAAI,EAAE,CAAC;IAC/D,IAAI,QAAQ;QAAE,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE5C,IAAI,GAAG,GAAG,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IACnF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;IAEpC,OAAO,IAAI,EAAE,CAAC;QACZ,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;YAAE,OAAO,GAAG,CAAC;QACpE,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAAE,OAAO,GAAG,CAAC;QACnD,IAAI,GAAG,KAAK,MAAM;YAAE,MAAM;QAC1B,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;AAClF,CAAC"}

package/dist/bridge/pending-approval-index.d.ts

@@ -0,0 +1,19 @@
+export type PendingApprovalIndexEntry = {
+    request_id: string;
+    argv_sha256: string;
+    argv: string[];
+    install_id: string;
+    open_url: string;
+    expires_at: string;
+    event_id?: string | null;
+    tool_input_sha256?: string | null;
+    kind?: "shell" | "mcp";
+    created_at: string;
+};
+export declare function writePendingApprovalIndex(entry: PendingApprovalIndexEntry, opts?: {
+    storageRoot?: string;
+}): Promise<void>;
+export declare function readPendingApprovalIndex(argvSha256: string, opts?: {
+    storageRoot?: string;
+}): Promise<PendingApprovalIndexEntry | null>;
+//# sourceMappingURL=pending-approval-index.d.ts.map

package/dist/bridge/pending-approval-index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pending-approval-index.d.ts","sourceRoot":"","sources":["../../src/bridge/pending-approval-index.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,yBAAyB,GAAG;IACtC,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,IAAI,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAMF,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,yBAAyB,EAChC,IAAI,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,GAC9B,OAAO,CAAC,IAAI,CAAC,CAOf;AAED,wBAAsB,wBAAwB,CAC5C,UAAU,EAAE,MAAM,EAClB,IAAI,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,GAC9B,OAAO,CAAC,yBAAyB,GAAG,IAAI,CAAC,CAY3C"}

package/dist/bridge/pending-approval-index.js

@@ -0,0 +1,29 @@
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import path from "node:path";
+import { resolveGuardStorageRoot } from "./guard-storage-root.js";
+function indexPath(storageRoot, argvSha256) {
+    return path.join(storageRoot, ".cursor/guard/pending", `${argvSha256}.json`);
+}
+export async function writePendingApprovalIndex(entry, opts) {
+    const root = resolveGuardStorageRoot(opts?.storageRoot);
+    const dir = path.join(root, ".cursor/guard/pending");
+    await mkdir(dir, { recursive: true });
+    await writeFile(path.join(dir, `${entry.argv_sha256}.json`), `${JSON.stringify(entry, null, 2)}\n`, {
+        mode: 0o600,
+    });
+}
+export async function readPendingApprovalIndex(argvSha256, opts) {
+    const root = resolveGuardStorageRoot(opts?.storageRoot);
+    try {
+        const raw = await readFile(indexPath(root, argvSha256), "utf8");
+        const parsed = JSON.parse(raw);
+        if (typeof parsed.expires_at === "string" && Date.parse(parsed.expires_at) < Date.now()) {
+            return null;
+        }
+        return parsed;
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=pending-approval-index.js.map

package/dist/bridge/pending-approval-index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pending-approval-index.js","sourceRoot":"","sources":["../../src/bridge/pending-approval-index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAelE,SAAS,SAAS,CAAC,WAAmB,EAAE,UAAkB;IACxD,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,uBAAuB,EAAE,GAAG,UAAU,OAAO,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,KAAgC,EAChC,IAA+B;IAE/B,MAAM,IAAI,GAAG,uBAAuB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACxD,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAC;IACrD,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,WAAW,OAAO,CAAC,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;QAClG,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,UAAkB,EAClB,IAA+B;IAE/B,MAAM,IAAI,GAAG,uBAAuB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACxD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,MAAM,CAAC,CAAC;QAChE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAA8B,CAAC;QAC5D,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACxF,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/bridge/shell-approval-bridge.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"shell-approval-bridge.d.ts","sourceRoot":"","sources":["../../src/bridge/shell-approval-bridge.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAE/C,uFAAuF;AACvF,eAAO,MAAM,2BAA2B,QAAiB,CAAC;AAE1D,wBAAgB,cAAc,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAEnD;AAED,0EAA0E;AAC1E,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,GAAG,MAAM,CAEnE;AAED;;;GAGG;AACH,wBAAsB,yBAAyB,CAC7C,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,IAAI,CAAC,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACtC,OAAO,CAAC,IAAI,CAAC,CAOf;AAED;;;GAGG;AACH,wBAAsB,6BAA6B,CACjD,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,IAAI,CAAC,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GACtB,OAAO,CAAC,OAAO,CAAC,CA2BlB;AAED,+DAA+D;AAC/D,wBAAgB,uBAAuB,CAAC,IAAI,EAAE;IAC5C,QAAQ,EAAE,OAAO,GAAG,kBAAkB,GAAG,OAAO,CAAC;IACjD,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,IAAI,CAAC;CACZ,GAAG,OAAO,CAEV"}
+{"version":3,"file":"shell-approval-bridge.d.ts","sourceRoot":"","sources":["../../src/bridge/shell-approval-bridge.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAE/C,uFAAuF;AACvF,eAAO,MAAM,2BAA2B,QAAiB,CAAC;AAE1D,wBAAgB,cAAc,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,CAEnD;AAED,0EAA0E;AAC1E,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,GAAG,MAAM,CAEnE;AAOD;;;GAGG;AACH,wBAAsB,yBAAyB,CAC7C,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,IAAI,CAAC,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACtC,OAAO,CAAC,IAAI,CAAC,CAOf;AAED;;;GAGG;AACH,wBAAsB,6BAA6B,CACjD,IAAI,EAAE,SAAS,MAAM,EAAE,EACvB,IAAI,CAAC,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GACtB,OAAO,CAAC,OAAO,CAAC,CA8BlB;AAED,+DAA+D;AAC/D,wBAAgB,uBAAuB,CAAC,IAAI,EAAE;IAC5C,QAAQ,EAAE,OAAO,GAAG,kBAAkB,GAAG,OAAO,CAAC;IACjD,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,IAAI,CAAC;CACZ,GAAG,OAAO,CAEV"}

package/dist/bridge/shell-approval-bridge.js

@@ -10,6 +10,11 @@ export function shellBridgeDir(cwd) {
 export function shellArgvApprovalId(argv) {
     return createHash("sha256").update(JSON.stringify([...argv]), "utf8").digest("hex");
 }
+function argvDeepEqual(stored, requested) {
+    if (!Array.isArray(stored) || stored.length !== requested.length)
+        return false;
+    return stored.every((v, i) => typeof v === "string" && v === requested[i]);
+}
 /**
  * After MCP `guard` returns allow for a MUTATE shell proposal, record a one-shot
  * bridge so `beforeShellExecution` can allow the matching terminal command once.
@@ -47,6 +52,9 @@ export async function tryConsumeShellApprovalBridge(argv, opts) {
                 await unlink(file).catch(() => { });
                 continue;
             }
+            if (!argvDeepEqual(row.argv, argv)) {
+                continue;
+            }
             await unlink(file);
             return true;
         }

package/dist/bridge/shell-approval-bridge.js.map

@@ -1 +1 @@
-{"version":3,"file":"shell-approval-bridge.js","sourceRoot":"","sources":["../../src/bridge/shell-approval-bridge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,IAAI,MAAM,WAAW,CAAC;AAI7B,uFAAuF;AACvF,MAAM,CAAC,MAAM,2BAA2B,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE1D,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,sBAAsB,CAAC,CAAC;AACpE,CAAC;AAED,0EAA0E;AAC1E,MAAM,UAAU,mBAAmB,CAAC,IAAuB;IACzD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACtF,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,IAAuB,EACvB,IAAuC;IAEvC,MAAM,EAAE,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACtC,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,EAAE,KAAK,IAAI,2BAA2B,CAAC,CAAC;IACtE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,UAAU,EAAE,OAAO,CAAC,CAAC;IAC1D,MAAM,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;AAC1E,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,IAAuB,EACvB,IAAuB;IAEvB,MAAM,EAAE,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACtC,IAAI,KAAK,GAAa,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IACtF,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;YAC/C,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;gBACjD,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;gBACnC,SAAS;YACX,CAAC;YACD,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,uBAAuB,CAAC,IAIvC;IACC,OAAO,IAAI,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC;AAC9E,CAAC"}
+{"version":3,"file":"shell-approval-bridge.js","sourceRoot":"","sources":["../../src/bridge/shell-approval-bridge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC/E,OAAO,IAAI,MAAM,WAAW,CAAC;AAI7B,uFAAuF;AACvF,MAAM,CAAC,MAAM,2BAA2B,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAE1D,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,EAAE,sBAAsB,CAAC,CAAC;AACpE,CAAC;AAED,0EAA0E;AAC1E,MAAM,UAAU,mBAAmB,CAAC,IAAuB;IACzD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACtF,CAAC;AAED,SAAS,aAAa,CAAC,MAAe,EAAE,SAA4B;IAClE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC/E,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7E,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,IAAuB,EACvB,IAAuC;IAEvC,MAAM,EAAE,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACtC,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,EAAE,KAAK,IAAI,2BAA2B,CAAC,CAAC;IACtE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,UAAU,EAAE,OAAO,CAAC,CAAC;IAC1D,MAAM,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;AAC1E,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,IAAuB,EACvB,IAAuB;IAEvB,MAAM,EAAE,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,GAAG,GAAG,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACtC,IAAI,KAAK,GAAa,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;IACtF,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAClC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqC,CAAC;YAChE,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;gBACjD,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;gBACnC,SAAS;YACX,CAAC;YACD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;gBACnC,SAAS;YACX,CAAC;YACD,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,uBAAuB,CAAC,IAIvC;IACC,OAAO,IAAI,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC;AAC9E,CAAC"}

package/dist/cli/approvals.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"approvals.d.ts","sourceRoot":"","sources":["../../src/cli/approvals.ts"],"names":[],"mappings":"AAUA,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA4EhE"}
+{"version":3,"file":"approvals.d.ts","sourceRoot":"","sources":["../../src/cli/approvals.ts"],"names":[],"mappings":"AAWA,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAuFhE"}

package/dist/cli/approvals.js

@@ -1,4 +1,5 @@
 import process from "node:process";
+import { resolveGuardStorageRoot } from "../bridge/guard-storage-root.js";
 import { getApprovalRequest, issueApprovalDecision, listApprovalRequests, } from "../approval/client.js";
 import { pollUntilApproved } from "../approval/client.js";
 import { redeemApprovalAndRecordBridge } from "../approval/redeem.js";
@@ -54,23 +55,30 @@ export async function runApprovals(argv) {
     if (sub === "watch") {
         const id = rest[0];
         if (!id)
-            throw new Error("Usage: auditor approvals watch <request_id> [--argv-json '[]']");
-        let argvJson = '["mcp","stdio","_"]';
+            throw new Error("Usage: auditor approvals watch <request_id> [--storage-root path]");
+        let storageRoot;
         for (let i = 1; i < rest.length; i++) {
-            if (rest[i] === "--argv-json" && rest[i + 1]) {
-                argvJson = rest[i + 1];
+            if (rest[i] === "--storage-root" && rest[i + 1]) {
+                storageRoot = rest[i + 1];
                 break;
             }
+            if (rest[i] === "--argv-json" && rest[i + 1]) {
+                process.stderr.write("Note: --argv-json is deprecated; argv/kind are loaded from the approval record.\n");
+            }
         }
-        const argv = JSON.parse(argvJson);
-        process.stdout.write(`Watching ${id} until approved…\n`);
+        const row = await getApprovalRequest(id);
+        const hookArgv = Array.isArray(row.argv) && row.argv.length > 0 ? row.argv : ["mcp", "stdio", "_"];
+        const kind = row.kind === "mcp" ? "mcp" : "shell";
+        const root = resolveGuardStorageRoot(storageRoot);
+        process.stdout.write(`Watching ${id} until approved (storage: ${root})…\n`);
         await pollUntilApproved(id, { timeoutMs: 30 * 60 * 1000 });
         const redeem = await redeemApprovalAndRecordBridge({
             request_id: id,
-            argv,
-            kind: "shell",
+            argv: hookArgv,
+            kind,
+            storageRoot: root,
         });
-        process.stdout.write(`Redeemed (bridge=${redeem.bridgeRecorded ? "yes" : "no"}). Retry the blocked command.\n`);
+        process.stdout.write(`Redeemed (ticket=${redeem.ticketRecorded ? "yes" : "no"}). Retry the blocked command once.\n`);
         return;
     }
     throw new Error(`Unknown approvals command: ${sub ?? "(missing)"}. Try list, open, approve, deny, watch.`);

package/dist/cli/approvals.js.map

@@ -1 +1 @@
-{"version":3,"file":"approvals.js","sourceRoot":"","sources":["../../src/cli/approvals.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,GACrB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,6BAA6B,EAAE,MAAM,uBAAuB,CAAC;AAEtE,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAc;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE3B,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACzE,MAAM,IAAI,GAAG,MAAM,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,MAAM,uBAAuB,CAAC,CAAC;YAC1D,OAAO;QACT,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,WAAW,IAAI,EAAE,IAAI,CAAC,CAAC;YACrF,IAAI,GAAG,CAAC,QAAQ;gBAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,QAAQ,IAAI,CAAC,CAAC;QAChE,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QACvE,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;QAC/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;QACjC,OAAO;IACT,CAAC;IAED,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAC1E,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,GAAG,CAAC;QACnD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qFAAqF;gBACnF,6CAA6C,CAChD,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;QAC3D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,YAAY,MAAM,CAAC,MAAM,MAAM,CAAC,CAAC;QACpE,IAAI,MAAM,CAAC,KAAK;YAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAC1D,OAAO;IACT,CAAC;IAED,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QACvE,MAAM,qBAAqB,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACxC,OAAO;IACT,CAAC;IAED,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;QAC3F,IAAI,QAAQ,GAAG,qBAAqB,CAAC;QACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,aAAa,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC7C,QAAQ,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvB,MAAM;YACR,CAAC;QACH,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAa,CAAC;QAC9C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;QACzD,MAAM,iBAAiB,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,6BAA6B,CAAC;YACjD,UAAU,EAAE,EAAE;YACd,IAAI;YACJ,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,oBAAoB,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,iCAAiC,CAC1F,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,IAAI,WAAW,yCAAyC,CAAC,CAAC;AAC7G,CAAC"}
+{"version":3,"file":"approvals.js","sourceRoot":"","sources":["../../src/cli/approvals.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAC1E,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,GACrB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,6BAA6B,EAAE,MAAM,uBAAuB,CAAC;AAEtE,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAc;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE3B,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,MAAM,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACzE,MAAM,IAAI,GAAG,MAAM,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAChD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,MAAM,uBAAuB,CAAC,CAAC;YAC1D,OAAO;QACT,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,UAAU,KAAK,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,WAAW,IAAI,EAAE,IAAI,CAAC,CAAC;YACrF,IAAI,GAAG,CAAC,QAAQ;gBAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,QAAQ,IAAI,CAAC,CAAC;QAChE,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QACvE,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;QAC/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;QACjC,OAAO;IACT,CAAC;IAED,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QAC1E,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,GAAG,CAAC;QACnD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qFAAqF;gBACnF,6CAA6C,CAChD,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;QAC3D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,YAAY,MAAM,CAAC,MAAM,MAAM,CAAC,CAAC;QACpE,IAAI,MAAM,CAAC,KAAK;YAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAC1D,OAAO;IACT,CAAC;IAED,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;QACnB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QACvE,MAAM,qBAAqB,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACxC,OAAO;IACT,CAAC;IAED,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACnB,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;QAC9F,IAAI,WAA+B,CAAC;QACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,gBAAgB,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAChD,WAAW,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC1B,MAAM;YACR,CAAC;YACD,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,aAAa,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mFAAmF,CACpF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC;QACnG,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC;QAClD,MAAM,IAAI,GAAG,uBAAuB,CAAC,WAAW,CAAC,CAAC;QAElD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,6BAA6B,IAAI,MAAM,CAAC,CAAC;QAC5E,MAAM,iBAAiB,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,MAAM,6BAA6B,CAAC;YACjD,UAAU,EAAE,EAAE;YACd,IAAI,EAAE,QAAQ;YACd,IAAI;YACJ,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;QACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,oBAAoB,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,sCAAsC,CAC/F,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,IAAI,WAAW,yCAAyC,CAAC,CAAC;AAC7G,CAAC"}

package/dist/cli/doctor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"doctor.d.ts","sourceRoot":"","sources":["../../src/cli/doctor.ts"],"names":[],"mappings":"AAqBA,wBAAsB,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,CA2G/C"}
+{"version":3,"file":"doctor.d.ts","sourceRoot":"","sources":["../../src/cli/doctor.ts"],"names":[],"mappings":"AAsBA,wBAAsB,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,CA4G/C"}

package/dist/cli/doctor.js

@@ -2,6 +2,7 @@ import path from "node:path";
 import process from "node:process";
 import { existsSync } from "node:fs";
 import { defaultPoliciesMetaPath, defaultPoliciesV1Path } from "../policy/index.js";
+import { executionTicketDir } from "../bridge/execution-ticket.js";
 import { shellBridgeDir } from "../bridge/shell-approval-bridge.js";
 import { fetchJson } from "./http-fetch.js";
 import { credentialsPath, readCredentialsFileMode, resolveGuardToken } from "./credentials.js";
@@ -34,6 +35,7 @@ export async function runDoctor() {
             ? `  Local synced revision: ${meta.revision}${meta.syncedAt ? ` (at ${meta.syncedAt})` : ""}`
             : `  Local synced revision: (no meta file — run "auditor policies sync")`,
         `Bridge dir: ${shellBridgeDir(cwd)}`,
+        `Execution tickets dir: ${executionTicketDir(cwd)}`,
         `Audit log: ${auditPath}`,
         `PRAXIS_GUARD_AUDIT_LOG: ${process.env.PRAXIS_GUARD_AUDIT_LOG ?? "(unset; default above)"}`,
     ];

package/dist/cli/doctor.js.map

@@ -1 +1 @@
-{"version":3,"file":"doctor.js","sourceRoot":"","sources":["../../src/cli/doctor.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,OAAO,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAEpF,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC/F,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,iBAAiB,EACjB,yBAAyB,EACzB,wBAAwB,EACxB,0BAA0B,GAC3B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE1D,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,MAAM,SAAS,GACb,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,2BAA2B,CAAC,CAAC;IAEvF,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,EAAE,IAAI,qBAAqB,EAAE,CAAC;IAC1F,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,IAAI,EAAE,IAAI,uBAAuB,EAAE,CAAC;IAC5F,MAAM,IAAI,GAAG,MAAM,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,EAAE;QAC9D,CAAC,CAAC,6BAA6B;QAC/B,CAAC,CAAC,IAAI,EAAE,MAAM,KAAK,mBAAmB;YACpC,CAAC,CAAC,8CAA8C;YAChD,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC;gBACtB,CAAC,CAAC,kCAAkC;gBACpC,CAAC,CAAC,qDAAqD,CAAC;IAE9D,MAAM,KAAK,GAAG;QACZ,gBAAgB;QAChB,eAAe,YAAY,EAAE,EAAE;QAC/B,gEAAgE;QAChE,SAAS,OAAO,CAAC,OAAO,EAAE;QAC1B,gBAAgB,UAAU,EAAE;QAC5B,kBAAkB,YAAY,EAAE;QAChC,kBAAkB,QAAQ,EAAE;QAC5B,IAAI;YACF,CAAC,CAAC,4BAA4B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7F,CAAC,CAAC,uEAAuE;QAC3E,eAAe,cAAc,CAAC,GAAG,CAAC,EAAE;QACpC,cAAc,SAAS,EAAE;QACzB,2BAA2B,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,wBAAwB,EAAE;KAC5F,CAAC;IAEF,MAAM,cAAc,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IACxE,MAAM,uBAAuB,GAAG,MAAM,2BAA2B,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IAC1F,MAAM,OAAO,GAAG,wBAAwB,EAAE,CAAC;IAC3C,MAAM,aAAa,GAAG,MAAM,iBAAiB,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IACnE,KAAK,CAAC,IAAI,CACR,eAAe,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,sCAAsC,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,oBAAoB,CAAC,GAAG,CACrI,CAAC;IACF,KAAK,CAAC,IAAI,CACR,mBAAmB,uBAAuB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,sFAAsF,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,oBAAoB,CAAC,GAAG,CAClM,CAAC;IACF,KAAK,CAAC,IAAI,CACR,cAAc,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,qCAAqC,KAAK,OAAO,GAAG,CAClG,CAAC;IAEF,MAAM,OAAO,GAAG,0BAA0B,CAAC,GAAG,CAAC,CAAC;IAChD,MAAM,aAAa,GAAG,MAAM,yBAAyB,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IAC9E,KAAK,CAAC,IAAI,CACR,sBAAsB,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,uCAAuC,KAAK,OAAO,GAAG,CAC5G,CAAC;IAEF,MAAM,KAAK,GAAG,iBAAiB,EAAE,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC;IAClF,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE;QACxD,CAAC,CAAC,wBAAwB;QAC1B,CAAC,CAAC,KAAK;YACL,CAAC,CAAC,QAAQ,eAAe,EAAE,EAAE;YAC7B,CAAC,CAAC,IAAI,CAAC;IACX,KAAK,CAAC,IAAI,CACR,WAAW;QACT,CAAC,CAAC,SAAS,WAAW,YAAY,KAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,KAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG;QAC7E,CAAC,CAAC,oCAAoC,CACzC,CAAC;IACF,MAAM,SAAS,GAAG,uBAAuB,EAAE,CAAC;IAC5C,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CACR,SAAS,KAAK,KAAK;YACjB,CAAC,CAAC,sBAAsB,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;YAC/C,CAAC,CAAC,sBAAsB,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAClE,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,gBAAgB,CAAC,yBAAyB,CAAC,CAAC;IAEpE,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,SAAS,CAAuB;gBAChD,GAAG,EAAE,eAAe;gBACpB,WAAW,EAAE,KAAK;aACnB,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC,8BAA8B,MAAM,EAAE,CAAC,CAAC;YACnD,IAAI,IAAI,EAAE,CAAC;gBACT,KAAK,CAAC,IAAI,CACR,IAAI,CAAC,QAAQ,KAAK,MAAM;oBACtB,CAAC,CAAC,4CAA4C;oBAC9C,CAAC,CAAC,qCAAqC,IAAI,CAAC,QAAQ,cAAc,MAAM,IAAI,CAC/E,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,6BAA6B,MAAM,wBAAwB,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,KAAK,CAAC,IAAI,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,IAAI,aAAa,CAAC;IACnD,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC;IAC1B,MAAM,KAAK,GAAG,UAAU,IAAI,SAAS,CAAC;IACtC,KAAK,CAAC,IAAI,CACR,UAAU,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,WAAW,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,UAAU,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,GAAG,CAChH,CAAC;IAEF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChD,CAAC"}
+{"version":3,"file":"doctor.js","sourceRoot":"","sources":["../../src/cli/doctor.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,OAAO,MAAM,cAAc,CAAC;AACnC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAEpF,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,EAAE,cAAc,EAAE,MAAM,oCAAoC,CAAC;AACpE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC/F,OAAO,EACL,kBAAkB,EAClB,2BAA2B,EAC3B,iBAAiB,EACjB,yBAAyB,EACzB,wBAAwB,EACxB,0BAA0B,GAC3B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE1D,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,MAAM,SAAS,GACb,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,2BAA2B,CAAC,CAAC;IAEvF,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,EAAE,IAAI,qBAAqB,EAAE,CAAC;IAC1F,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,IAAI,EAAE,IAAI,uBAAuB,EAAE,CAAC;IAC5F,MAAM,IAAI,GAAG,MAAM,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,EAAE;QAC9D,CAAC,CAAC,6BAA6B;QAC/B,CAAC,CAAC,IAAI,EAAE,MAAM,KAAK,mBAAmB;YACpC,CAAC,CAAC,8CAA8C;YAChD,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC;gBACtB,CAAC,CAAC,kCAAkC;gBACpC,CAAC,CAAC,qDAAqD,CAAC;IAE9D,MAAM,KAAK,GAAG;QACZ,gBAAgB;QAChB,eAAe,YAAY,EAAE,EAAE;QAC/B,gEAAgE;QAChE,SAAS,OAAO,CAAC,OAAO,EAAE;QAC1B,gBAAgB,UAAU,EAAE;QAC5B,kBAAkB,YAAY,EAAE;QAChC,kBAAkB,QAAQ,EAAE;QAC5B,IAAI;YACF,CAAC,CAAC,4BAA4B,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAC7F,CAAC,CAAC,uEAAuE;QAC3E,eAAe,cAAc,CAAC,GAAG,CAAC,EAAE;QACpC,0BAA0B,kBAAkB,CAAC,GAAG,CAAC,EAAE;QACnD,cAAc,SAAS,EAAE;QACzB,2BAA2B,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,wBAAwB,EAAE;KAC5F,CAAC;IAEF,MAAM,cAAc,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IACxE,MAAM,uBAAuB,GAAG,MAAM,2BAA2B,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IAC1F,MAAM,OAAO,GAAG,wBAAwB,EAAE,CAAC;IAC3C,MAAM,aAAa,GAAG,MAAM,iBAAiB,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IACnE,KAAK,CAAC,IAAI,CACR,eAAe,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,sCAAsC,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,oBAAoB,CAAC,GAAG,CACrI,CAAC;IACF,KAAK,CAAC,IAAI,CACR,mBAAmB,uBAAuB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,sFAAsF,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,oBAAoB,CAAC,GAAG,CAClM,CAAC;IACF,KAAK,CAAC,IAAI,CACR,cAAc,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,qCAAqC,KAAK,OAAO,GAAG,CAClG,CAAC;IAEF,MAAM,OAAO,GAAG,0BAA0B,CAAC,GAAG,CAAC,CAAC;IAChD,MAAM,aAAa,GAAG,MAAM,yBAAyB,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IAC9E,KAAK,CAAC,IAAI,CACR,sBAAsB,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,uCAAuC,KAAK,OAAO,GAAG,CAC5G,CAAC;IAEF,MAAM,KAAK,GAAG,iBAAiB,EAAE,IAAI,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE,CAAC;IAClF,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,EAAE;QACxD,CAAC,CAAC,wBAAwB;QAC1B,CAAC,CAAC,KAAK;YACL,CAAC,CAAC,QAAQ,eAAe,EAAE,EAAE;YAC7B,CAAC,CAAC,IAAI,CAAC;IACX,KAAK,CAAC,IAAI,CACR,WAAW;QACT,CAAC,CAAC,SAAS,WAAW,YAAY,KAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,KAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG;QAC7E,CAAC,CAAC,oCAAoC,CACzC,CAAC;IACF,MAAM,SAAS,GAAG,uBAAuB,EAAE,CAAC;IAC5C,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CACR,SAAS,KAAK,KAAK;YACjB,CAAC,CAAC,sBAAsB,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;YAC/C,CAAC,CAAC,sBAAsB,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAClE,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,gBAAgB,CAAC,yBAAyB,CAAC,CAAC;IAEpE,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,SAAS,CAAuB;gBAChD,GAAG,EAAE,eAAe;gBACpB,WAAW,EAAE,KAAK;aACnB,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC,8BAA8B,MAAM,EAAE,CAAC,CAAC;YACnD,IAAI,IAAI,EAAE,CAAC;gBACT,KAAK,CAAC,IAAI,CACR,IAAI,CAAC,QAAQ,KAAK,MAAM;oBACtB,CAAC,CAAC,4CAA4C;oBAC9C,CAAC,CAAC,qCAAqC,IAAI,CAAC,QAAQ,cAAc,MAAM,IAAI,CAC/E,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,IAAI,CAAC,6BAA6B,MAAM,wBAAwB,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,KAAK,CAAC,IAAI,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,UAAU,GAAG,cAAc,IAAI,aAAa,CAAC;IACnD,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC;IAC1B,MAAM,KAAK,GAAG,UAAU,IAAI,SAAS,CAAC;IACtC,KAAK,CAAC,IAAI,CACR,UAAU,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,WAAW,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,UAAU,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,GAAG,CAChH,CAAC;IAEF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChD,CAAC"}

package/dist/cli/main.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"main.d.ts","sourceRoot":"","sources":["../../src/cli/main.ts"],"names":[],"mappings":"AA4DA,wBAAsB,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAoJ1D"}
+{"version":3,"file":"main.d.ts","sourceRoot":"","sources":["../../src/cli/main.ts"],"names":[],"mappings":"AA+DA,wBAAsB,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAoJ1D"}

package/dist/cli/main.js

@@ -21,7 +21,7 @@ Usage:
   auditor approvals open <id>  Print approval URL for a request
   auditor approvals approve <id>  Dev-only: approve request (GUARD_APPROVAL_DEV=1)
   auditor approvals deny <id>   Deny an approval request (human auth or dev)
-  auditor approvals watch <id>  Poll until approved and write shell bridge
+  auditor approvals watch <id>  Poll until approved and write execution ticket
   auditor hook before-shell  Cursor beforeShellExecution (stdin JSON → stdout JSON)
   auditor hook before-mcp    Cursor beforeMCPExecution (stdin JSON → stdout JSON)
   auditor doctor             Show policy path, sync revision, auth status
@@ -53,6 +53,9 @@ Env (all optional):
   PRAXIS_APP_URL                           Web app URL for login (default: https://praxis-app-33b40.web.app).
   PRAXIS_POLICIES_V1_PATH                  Override path for policies.v1.json (default: ~/.praxis/policies.v1.json).
   PRAXIS_POLICIES_META_PATH                Override path for policies.v1.meta.json (default beside policy file).
+  PRAXIS_GUARD_STORAGE_ROOT                Workspace root for .cursor/guard tickets/pending (auto-detected from cwd).
+  PRAXIS_HOOK_INLINE_APPROVAL              Set to 0 to disable hook-inline approval request on MUTATE deny (default: on).
+  PRAXIS_HOOK_INLINE_APPROVAL_TIMEOUT_MS   Max ms for inline approval HTTP from hooks (default: 1200).
 `);
 }
 export async function runCli(argv) {

package/dist/cli/main.js.map

@@ -1 +1 @@
-{"version":3,"file":"main.js","sourceRoot":"","sources":["../../src/cli/main.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,SAAS,SAAS;IAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiDtB,CAAC,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,IAAc;IACzC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACnB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAEnB,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,MAAM,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC3D,SAAS,EAAE,CAAC;QACZ,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,OAAO,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QAC7D,IAAI,CAAC;YACH,MAAM,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;QACnB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QAChD,IAAI,CAAC;YACH,MAAM,QAAQ,EAAE,CAAC;QACnB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3B,IAAI,CAAC;YACH,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gBAClB,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBACvD,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;gBACxB,OAAO;YACT,CAAC;YACD,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;gBACnB,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;gBACzD,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;gBACzB,OAAO;YACT,CAAC;YACD,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gBAClB,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBACvD,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;gBACxB,OAAO;YACT,CAAC;YACD,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;gBACpB,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;gBAC3D,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC;gBAC1B,OAAO;YACT,CAAC;YACD,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACrB,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;gBAC7D,MAAM,cAAc,CAAC,IAAI,CAAC,CAAC;gBAC3B,OAAO;YACT,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,IAAI,WAAW,EAAE,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;IACH,CAAC;IAED,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QACpB,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QACpB,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,SAAS,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,WAAW,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;QAC1D,UAAU,EAAE,CAAC;QACb,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QACpB,MAAM,SAAS,EAAE,CAAC;QAClB,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,UAAU,IAAI,EAAE,KAAK,MAAM,EAAE,CAAC;QACvC,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QAC/D,IAAI,CAAC;YACH,MAAM,eAAe,EAAE,CAAC;QAC1B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,KAAK,EAAE,CAAC;QACjB,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAC/D,MAAM,iBAAiB,EAAE,CAAC;QAC1B,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,MAAM,IAAI,EAAE,KAAK,cAAc,EAAE,CAAC;QAC3C,MAAM,2BAA2B,EAAE,CAAC;QACpC,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,MAAM,IAAI,EAAE,KAAK,YAAY,EAAE,CAAC;QACzC,MAAM,yBAAyB,EAAE,CAAC;QAClC,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,WAAW,EAAE,CAAC;QACvB,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QACxD,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/D,SAAS,EAAE,CAAC;IACZ,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC"}
+{"version":3,"file":"main.js","sourceRoot":"","sources":["../../src/cli/main.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,2BAA2B,EAAE,MAAM,8BAA8B,CAAC;AAC3E,OAAO,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,SAAS,SAAS;IAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAoDtB,CAAC,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,IAAc;IACzC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACnB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAEnB,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,MAAM,IAAI,EAAE,KAAK,IAAI,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC3D,SAAS,EAAE,CAAC;QACZ,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,OAAO,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QAC7D,IAAI,CAAC;YACH,MAAM,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;QACnB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QAChD,IAAI,CAAC;YACH,MAAM,QAAQ,EAAE,CAAC;QACnB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3B,IAAI,CAAC;YACH,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gBAClB,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBACvD,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;gBACxB,OAAO;YACT,CAAC;YACD,IAAI,GAAG,KAAK,MAAM,EAAE,CAAC;gBACnB,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;gBACzD,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;gBACzB,OAAO;YACT,CAAC;YACD,IAAI,GAAG,KAAK,KAAK,EAAE,CAAC;gBAClB,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBACvD,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;gBACxB,OAAO;YACT,CAAC;YACD,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;gBACpB,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;gBAC3D,MAAM,aAAa,CAAC,IAAI,CAAC,CAAC;gBAC1B,OAAO;YACT,CAAC;YACD,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACrB,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;gBAC7D,MAAM,cAAc,CAAC,IAAI,CAAC,CAAC;gBAC3B,OAAO;YACT,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,IAAI,WAAW,EAAE,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;IACH,CAAC;IAED,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QACpB,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QACpB,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAClD,IAAI,CAAC;YACH,MAAM,SAAS,EAAE,CAAC;QACpB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,KAAK,WAAW,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;QAC1D,UAAU,EAAE,CAAC;QACb,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;QACpB,MAAM,SAAS,EAAE,CAAC;QAClB,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,UAAU,IAAI,EAAE,KAAK,MAAM,EAAE,CAAC;QACvC,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QAC/D,IAAI,CAAC;YACH,MAAM,eAAe,EAAE,CAAC;QAC1B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,KAAK,EAAE,CAAC;QACjB,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAC/D,MAAM,iBAAiB,EAAE,CAAC;QAC1B,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,MAAM,IAAI,EAAE,KAAK,cAAc,EAAE,CAAC;QAC3C,MAAM,2BAA2B,EAAE,CAAC;QACpC,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,MAAM,IAAI,EAAE,KAAK,YAAY,EAAE,CAAC;QACzC,MAAM,yBAAyB,EAAE,CAAC;QAClC,OAAO;IACT,CAAC;IAED,IAAI,EAAE,KAAK,WAAW,EAAE,CAAC;QACvB,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QACxD,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;YACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YACjC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;QACD,OAAO;IACT,CAAC;IAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/D,SAAS,EAAE,CAAC;IACZ,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC"}

package/dist/hooks/agent-message.d.ts

@@ -0,0 +1,23 @@
+import type { Tier } from "../policy/index.js";
+export type HookKind = "beforeShellExecution" | "beforeMCPExecution";
+export type FormatHookDenyMessagesInput = {
+    hook: HookKind;
+    tier: Tier;
+    argv: readonly string[];
+    reasons: readonly string[];
+    toolName?: string | null;
+    /** When hook-inline approval created a request on deny. */
+    inlineApproval?: {
+        request_id: string;
+        open_url: string;
+    } | null;
+};
+export type HookDenyMessages = {
+    user_message: string;
+    agent_message: string;
+};
+export declare function formatHookDenyMessages(input: FormatHookDenyMessagesInput): HookDenyMessages;
+export declare function formatHookAllowViaCredentialMessage(opts: {
+    ticketConsumed: boolean;
+}): string | undefined;
+//# sourceMappingURL=agent-message.d.ts.map

package/dist/hooks/agent-message.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-message.d.ts","sourceRoot":"","sources":["../../src/hooks/agent-message.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAE/C,MAAM,MAAM,QAAQ,GAAG,sBAAsB,GAAG,oBAAoB,CAAC;AAErE,MAAM,MAAM,2BAA2B,GAAG;IACxC,IAAI,EAAE,QAAQ,CAAC;IACf,IAAI,EAAE,IAAI,CAAC;IACX,IAAI,EAAE,SAAS,MAAM,EAAE,CAAC;IACxB,OAAO,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,2DAA2D;IAC3D,cAAc,CAAC,EAAE;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,EAAE,MAAM,CAAC;KAClB,GAAG,IAAI,CAAC;CACV,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB,CAAC;AAMF,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,2BAA2B,GAAG,gBAAgB,CAkD3F;AAED,wBAAgB,mCAAmC,CAAC,IAAI,EAAE;IACxD,cAAc,EAAE,OAAO,CAAC;CACzB,GAAG,MAAM,GAAG,SAAS,CAKrB"}

package/dist/hooks/agent-message.js

@@ -0,0 +1,54 @@
+function reasonsSummary(reasons) {
+    return reasons.length > 0 ? reasons.join(",") : "policy";
+}
+export function formatHookDenyMessages(input) {
+    const reasons = reasonsSummary(input.reasons);
+    const argvJson = JSON.stringify([...input.argv]);
+    const blockedLabel = input.hook === "beforeMCPExecution"
+        ? input.toolName
+            ? `MCP tool call blocked (${input.tier}): ${input.toolName}`
+            : `MCP tool call blocked (${input.tier})`
+        : `Shell command blocked (${input.tier})`;
+    if (input.tier === "DESTRUCTIVE") {
+        return {
+            user_message: `${blockedLabel}. Destructive actions cannot be approved via guard.`,
+            agent_message: `Blocked by guard (DESTRUCTIVE). Do not suggest workarounds or manual execution of the same action. ` +
+                `Destructive operations are not approvable via the MUTATE grant/bridge path. ` +
+                `If the user truly intends to proceed, they need explicit human authorization outside the agent; do not invent bypass steps. ` +
+                `reasons=${reasons}. argv=${argvJson}`,
+        };
+    }
+    if (input.tier === "MUTATE") {
+        const proposalKind = input.hook === "beforeMCPExecution" ? "mcp" : "shell";
+        const inline = input.inlineApproval;
+        const inlineUser = inline
+            ? ` Approval request ${inline.request_id} is pending — open ${inline.open_url}`
+            : "";
+        const inlineAgent = inline
+            ? ` Pending approval request_id=${inline.request_id} open_url=${inline.open_url}. ` +
+                `Prefer a single MCP \`guard_wait\` with this request_id, \`context.wait_ms\` (e.g. 120000), and the same proposal; then retry once. `
+            : "";
+        return {
+            user_message: `${blockedLabel}. Human approval required.${inlineUser}`,
+            agent_message: `Blocked by guard (MUTATE). reasons=${reasons}. argv=${argvJson}. ` +
+                `Do not suggest running the same command in the user's terminal, an external shell, or via another tool to circumvent this block. ` +
+                inlineAgent +
+                `Next: MCP \`guard_wait\` (preferred) or \`guard\` with \`mode: "enforce"\` and \`proposal\` matching this block ` +
+                `(\`kind\`: "${proposalKind}", same \`argv\`, \`cwd\` / \`raw_command\` as applicable). ` +
+                `On \`require_approval\`, send the human to \`approval.open_url\` or Praxis Approvals. ` +
+                `After approval, retry this exact invocation once (hook consumes execution ticket).`,
+        };
+    }
+    return {
+        user_message: `${blockedLabel}.`,
+        agent_message: `Blocked by guard (tier=${input.tier}). reasons=${reasons}. argv=${argvJson}. ` +
+            `Do not circumvent hooks. For MUTATE, use MCP guard → human approval → retry.`,
+    };
+}
+export function formatHookAllowViaCredentialMessage(opts) {
+    if (opts.ticketConsumed) {
+        return "Allowed via signed execution ticket (approval redeemed for this argv; one-shot consumed).";
+    }
+    return undefined;
+}
+//# sourceMappingURL=agent-message.js.map

package/dist/hooks/agent-message.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agent-message.js","sourceRoot":"","sources":["../../src/hooks/agent-message.ts"],"names":[],"mappings":"AAsBA,SAAS,cAAc,CAAC,OAA0B;IAChD,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,KAAkC;IACvE,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;IACjD,MAAM,YAAY,GAChB,KAAK,CAAC,IAAI,KAAK,oBAAoB;QACjC,CAAC,CAAC,KAAK,CAAC,QAAQ;YACd,CAAC,CAAC,0BAA0B,KAAK,CAAC,IAAI,MAAM,KAAK,CAAC,QAAQ,EAAE;YAC5D,CAAC,CAAC,0BAA0B,KAAK,CAAC,IAAI,GAAG;QAC3C,CAAC,CAAC,0BAA0B,KAAK,CAAC,IAAI,GAAG,CAAC;IAE9C,IAAI,KAAK,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QACjC,OAAO;YACL,YAAY,EAAE,GAAG,YAAY,qDAAqD;YAClF,aAAa,EACX,qGAAqG;gBACrG,8EAA8E;gBAC9E,8HAA8H;gBAC9H,WAAW,OAAO,UAAU,QAAQ,EAAE;SACzC,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,KAAK,oBAAoB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC;QAC3E,MAAM,MAAM,GAAG,KAAK,CAAC,cAAc,CAAC;QACpC,MAAM,UAAU,GAAG,MAAM;YACvB,CAAC,CAAC,qBAAqB,MAAM,CAAC,UAAU,sBAAsB,MAAM,CAAC,QAAQ,EAAE;YAC/E,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,WAAW,GAAG,MAAM;YACxB,CAAC,CAAC,gCAAgC,MAAM,CAAC,UAAU,aAAa,MAAM,CAAC,QAAQ,IAAI;gBACjF,sIAAsI;YACxI,CAAC,CAAC,EAAE,CAAC;QACP,OAAO;YACL,YAAY,EAAE,GAAG,YAAY,6BAA6B,UAAU,EAAE;YACtE,aAAa,EACX,sCAAsC,OAAO,UAAU,QAAQ,IAAI;gBACnE,mIAAmI;gBACnI,WAAW;gBACX,kHAAkH;gBAClH,eAAe,YAAY,8DAA8D;gBACzF,wFAAwF;gBACxF,oFAAoF;SACvF,CAAC;IACJ,CAAC;IAED,OAAO;QACL,YAAY,EAAE,GAAG,YAAY,GAAG;QAChC,aAAa,EACX,0BAA0B,KAAK,CAAC,IAAI,cAAc,OAAO,UAAU,QAAQ,IAAI;YAC/E,8EAA8E;KACjF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mCAAmC,CAAC,IAEnD;IACC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;QACxB,OAAO,2FAA2F,CAAC;IACrG,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/hooks/run-before-mcp.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"run-before-mcp.d.ts","sourceRoot":"","sources":["../../src/hooks/run-before-mcp.ts"],"names":[],"mappings":"AAQA,gFAAgF;AAChF,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,UAAU,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IACrC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAiBF;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAa1F;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,yBAAyB,GAAG,MAAM,EAAE,CAkBnF;AA0BD;;GAEG;AACH,wBAAsB,yBAAyB,IAAI,OAAO,CAAC,IAAI,CAAC,CAiJ/D;AAOD,wBAAgB,oCAAoC,CAAC,GAAG,EAAE,OAAO,GAAG,0BAA0B,CAM7F"}
+{"version":3,"file":"run-before-mcp.d.ts","sourceRoot":"","sources":["../../src/hooks/run-before-mcp.ts"],"names":[],"mappings":"AAkBA,gFAAgF;AAChF,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,UAAU,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IACrC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAiBF;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAa1F;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,yBAAyB,GAAG,MAAM,EAAE,CAkBnF;AA0BD;;GAEG;AACH,wBAAsB,yBAAyB,IAAI,OAAO,CAAC,IAAI,CAAC,CAyL/D;AAED,wBAAgB,oCAAoC,CAAC,GAAG,EAAE,OAAO,GAAG,0BAA0B,CAM7F"}