@praxis.guard/auditor-cli 0.0.32 → 0.0.34

package/dist/hooks/before-mcp-argv.d.ts

@@ -0,0 +1,17 @@
+import type { BeforeMCPExecutionPayload } from "./before-mcp-types.js";
+/**
+ * When Cursor encodes MCP tools as `MCP:<server>:<tool>` (see Cursor hooks docs / preToolUse), split into
+ * server + bare tool name for policy rows under `policies.mcp.<server>.<tool>`.
+ */
+export declare function splitMcpToolName(raw: string): {
+    serverGuess: string | null;
+    tool: string;
+};
+/**
+ * Maps hook payload → argv for `policies.v1.json` under tool key `mcp`.
+ * Omits raw `tool_input` from argv tokens so JSON metacharacters do not trip shell metachar heuristics.
+ */
+export declare function mcpHookArgvFromPayload(payload: BeforeMCPExecutionPayload): string[];
+export declare function stringifyToolInput(raw: unknown): string;
+export declare function preferredHookCwd(payload: BeforeMCPExecutionPayload): string | undefined;
+//# sourceMappingURL=before-mcp-argv.d.ts.map

package/dist/hooks/before-mcp-argv.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-mcp-argv.d.ts","sourceRoot":"","sources":["../../src/hooks/before-mcp-argv.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAEvE;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAa1F;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,yBAAyB,GAAG,MAAM,EAAE,CAkBnF;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAQvD;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,yBAAyB,GAAG,MAAM,GAAG,SAAS,CASvF"}

package/dist/hooks/before-mcp-argv.js

@@ -0,0 +1,67 @@
+/**
+ * When Cursor encodes MCP tools as `MCP:<server>:<tool>` (see Cursor hooks docs / preToolUse), split into
+ * server + bare tool name for policy rows under `policies.mcp.<server>.<tool>`.
+ */
+export function splitMcpToolName(raw) {
+    const t = raw.trim();
+    if (!t)
+        return { serverGuess: null, tool: "_" };
+    if (t.startsWith("MCP:")) {
+        const body = t.slice(4).trim();
+        const idx = body.lastIndexOf(":");
+        if (idx !== -1) {
+            const serverPart = body.slice(0, idx).trim();
+            const toolPart = body.slice(idx + 1).trim();
+            if (serverPart && toolPart)
+                return { serverGuess: serverPart, tool: toolPart };
+        }
+    }
+    return { serverGuess: null, tool: t };
+}
+/**
+ * Maps hook payload → argv for `policies.v1.json` under tool key `mcp`.
+ * Omits raw `tool_input` from argv tokens so JSON metacharacters do not trip shell metachar heuristics.
+ */
+export function mcpHookArgvFromPayload(payload) {
+    const rawName = typeof payload.tool_name === "string" ? payload.tool_name.trim() : "";
+    const { serverGuess, tool } = splitMcpToolName(rawName);
+    let server = "stdio";
+    if (typeof payload.url === "string" && payload.url.trim()) {
+        const u = payload.url.trim();
+        try {
+            server = new URL(u).host || u;
+        }
+        catch {
+            server = u;
+        }
+    }
+    else if (serverGuess) {
+        server = serverGuess;
+    }
+    else if (typeof payload.command === "string" && payload.command.trim()) {
+        server = payload.command.trim().slice(0, 400);
+    }
+    return ["mcp", server, tool || "_"];
+}
+export function stringifyToolInput(raw) {
+    if (raw === undefined || raw === null)
+        return "";
+    if (typeof raw === "string")
+        return raw;
+    try {
+        return JSON.stringify(raw);
+    }
+    catch {
+        return String(raw);
+    }
+}
+export function preferredHookCwd(payload) {
+    if (typeof payload.cwd === "string")
+        return payload.cwd;
+    if (Array.isArray(payload.workspace_roots) &&
+        typeof payload.workspace_roots[0] === "string") {
+        return payload.workspace_roots[0];
+    }
+    return undefined;
+}
+//# sourceMappingURL=before-mcp-argv.js.map

package/dist/hooks/before-mcp-argv.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-mcp-argv.js","sourceRoot":"","sources":["../../src/hooks/before-mcp-argv.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IACrB,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;IAChD,IAAI,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;YACf,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5C,IAAI,UAAU,IAAI,QAAQ;gBAAE,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACjF,CAAC;IACH,CAAC;IACD,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAkC;IACvE,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACtF,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAExD,IAAI,MAAM,GAAG,OAAO,CAAC;IACrB,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1D,MAAM,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,GAAG,CAAC,CAAC;QACb,CAAC;IACH,CAAC;SAAM,IAAI,WAAW,EAAE,CAAC;QACvB,MAAM,GAAG,WAAW,CAAC;IACvB,CAAC;SAAM,IAAI,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;QACzE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,IAAI,GAAG,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,GAAY;IAC7C,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IACjD,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IACxC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IACrB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,OAAkC;IACjE,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC;IACxD,IACE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC;QACtC,OAAO,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,KAAK,QAAQ,EAC9C,CAAC;QACD,OAAO,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/dist/hooks/before-mcp-mutate.d.ts

@@ -0,0 +1,23 @@
+import type { Tier } from "../policy/index.js";
+import type { BeforeMCPExecutionResponse } from "./before-mcp-types.js";
+export type MutateHookPermission = {
+    permission: BeforeMCPExecutionResponse["permission"];
+    ticketConsumed: boolean;
+    inlineApproval: {
+        request_id: string;
+        open_url: string;
+    } | null;
+    approvalFlowSignal: string | null;
+    reasons: string[];
+};
+export declare function resolveMutateHookPermission(input: {
+    argv: string[];
+    tier: Tier;
+    storageRoot: string;
+    toolInputHash: string | null;
+    rawToolName: string;
+    toolInputPreview: string;
+    policyRevision: number | null;
+    initialReasons: string[];
+}): Promise<MutateHookPermission>;
+//# sourceMappingURL=before-mcp-mutate.d.ts.map

package/dist/hooks/before-mcp-mutate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-mcp-mutate.d.ts","sourceRoot":"","sources":["../../src/hooks/before-mcp-mutate.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAM/C,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AAExE,MAAM,MAAM,oBAAoB,GAAG;IACjC,UAAU,EAAE,0BAA0B,CAAC,YAAY,CAAC,CAAC;IACrD,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAChE,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC;AAEF,wBAAsB,2BAA2B,CAAC,KAAK,EAAE;IACvD,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,IAAI,EAAE,IAAI,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAmFhC"}

package/dist/hooks/before-mcp-mutate.js

@@ -0,0 +1,76 @@
+import { randomUUID } from "node:crypto";
+import { argvSha256 } from "../approval/argv-fingerprint.js";
+import { resolveMutateApproval } from "../approval/mcp-flow.js";
+import { tryHookInlineApprovalRequest } from "../approval/hook-inline-approval.js";
+import { readPendingApprovalIndex } from "../bridge/pending-approval-index.js";
+import { tryConsumeExecutionTicket } from "../bridge/execution-ticket.js";
+export async function resolveMutateHookPermission(input) {
+    const { argv, tier, storageRoot, toolInputHash, rawToolName, toolInputPreview, policyRevision, initialReasons, } = input;
+    const reasons = [...initialReasons];
+    let permission = "deny";
+    let ticketConsumed = false;
+    let approvalFlowSignal = null;
+    let inlineApproval = null;
+    if (tier !== "MUTATE") {
+        return {
+            permission: tier === "READ" ? "allow" : "deny",
+            ticketConsumed,
+            inlineApproval,
+            approvalFlowSignal,
+            reasons,
+        };
+    }
+    ticketConsumed = await tryConsumeExecutionTicket(argv, {
+        storageRoot,
+        kind: "mcp",
+        tool_input_sha256: toolInputHash,
+    });
+    if (ticketConsumed) {
+        return { permission: "allow", ticketConsumed, inlineApproval, approvalFlowSignal, reasons };
+    }
+    const hash = argvSha256(argv);
+    const pending = await readPendingApprovalIndex(hash, { storageRoot });
+    if (pending) {
+        const autoRedeem = await resolveMutateApproval({
+            argv: [...argv],
+            proposalKind: "mcp",
+            storageRoot,
+            rawDisplay: `${rawToolName} ${toolInputPreview}`,
+            eventId: randomUUID(),
+            policyRevision,
+            reasons,
+            approval: { request_id: pending.request_id },
+            waitMs: 0,
+            tool_input_sha256: toolInputHash,
+        });
+        if (autoRedeem.kind === "allow" && autoRedeem.ticketRecorded) {
+            ticketConsumed = await tryConsumeExecutionTicket(argv, {
+                storageRoot,
+                kind: "mcp",
+                tool_input_sha256: toolInputHash,
+            });
+            if (ticketConsumed) {
+                return { permission: "allow", ticketConsumed, inlineApproval, approvalFlowSignal, reasons };
+            }
+        }
+        approvalFlowSignal = "retry_without_guard_wait_resolve";
+        reasons.push("retry_without_guard_wait_resolve");
+        inlineApproval = { request_id: pending.request_id, open_url: pending.open_url };
+        return { permission: "deny", ticketConsumed, inlineApproval, approvalFlowSignal, reasons };
+    }
+    const created = await tryHookInlineApprovalRequest({
+        argv: [...argv],
+        kind: "mcp",
+        rawDisplay: `${rawToolName} ${toolInputPreview}`,
+        policyRevision,
+        reasons,
+        eventId: randomUUID(),
+        storageRoot,
+        tool_input_sha256: toolInputHash,
+    });
+    if (created) {
+        inlineApproval = { request_id: created.request_id, open_url: created.open_url };
+    }
+    return { permission: "deny", ticketConsumed, inlineApproval, approvalFlowSignal, reasons };
+}
+//# sourceMappingURL=before-mcp-mutate.js.map

package/dist/hooks/before-mcp-mutate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-mcp-mutate.js","sourceRoot":"","sources":["../../src/hooks/before-mcp-mutate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC,OAAO,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,4BAA4B,EAAE,MAAM,qCAAqC,CAAC;AACnF,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAW1E,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAAC,KASjD;IACC,MAAM,EACJ,IAAI,EACJ,IAAI,EACJ,WAAW,EACX,aAAa,EACb,WAAW,EACX,gBAAgB,EAChB,cAAc,EACd,cAAc,GACf,GAAG,KAAK,CAAC;IAEV,MAAM,OAAO,GAAG,CAAC,GAAG,cAAc,CAAC,CAAC;IACpC,IAAI,UAAU,GAA6C,MAAM,CAAC;IAClE,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,kBAAkB,GAAkB,IAAI,CAAC;IAC7C,IAAI,cAAc,GAAoD,IAAI,CAAC;IAE3E,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,OAAO;YACL,UAAU,EAAE,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;YAC9C,cAAc;YACd,cAAc;YACd,kBAAkB;YAClB,OAAO;SACR,CAAC;IACJ,CAAC;IAED,cAAc,GAAG,MAAM,yBAAyB,CAAC,IAAI,EAAE;QACrD,WAAW;QACX,IAAI,EAAE,KAAK;QACX,iBAAiB,EAAE,aAAa;KACjC,CAAC,CAAC;IACH,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC;IAC9F,CAAC;IAED,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC;IACtE,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,UAAU,GAAG,MAAM,qBAAqB,CAAC;YAC7C,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;YACf,YAAY,EAAE,KAAK;YACnB,WAAW;YACX,UAAU,EAAE,GAAG,WAAW,IAAI,gBAAgB,EAAE;YAChD,OAAO,EAAE,UAAU,EAAE;YACrB,cAAc;YACd,OAAO;YACP,QAAQ,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE;YAC5C,MAAM,EAAE,CAAC;YACT,iBAAiB,EAAE,aAAa;SACjC,CAAC,CAAC;QACH,IAAI,UAAU,CAAC,IAAI,KAAK,OAAO,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;YAC7D,cAAc,GAAG,MAAM,yBAAyB,CAAC,IAAI,EAAE;gBACrD,WAAW;gBACX,IAAI,EAAE,KAAK;gBACX,iBAAiB,EAAE,aAAa;aACjC,CAAC,CAAC;YACH,IAAI,cAAc,EAAE,CAAC;gBACnB,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC;YAC9F,CAAC;QACH,CAAC;QACD,kBAAkB,GAAG,kCAAkC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QACjD,cAAc,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC;QAChF,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC;IAC7F,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,4BAA4B,CAAC;QACjD,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QACf,IAAI,EAAE,KAAK;QACX,UAAU,EAAE,GAAG,WAAW,IAAI,gBAAgB,EAAE;QAChD,cAAc;QACd,OAAO;QACP,OAAO,EAAE,UAAU,EAAE;QACrB,WAAW;QACX,iBAAiB,EAAE,aAAa;KACjC,CAAC,CAAC;IACH,IAAI,OAAO,EAAE,CAAC;QACZ,cAAc,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC;IAClF,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC;AAC7F,CAAC"}

package/dist/hooks/before-mcp-skipped.d.ts

@@ -0,0 +1,14 @@
+import type { Tier } from "../policy/index.js";
+import type { BeforeMCPExecutionPayload } from "./before-mcp-types.js";
+export declare function handleSkippedMcpHook(input: {
+    payload: BeforeMCPExecutionPayload;
+    rawToolName: string;
+    bareTool: string;
+    argv: string[];
+    tier: Tier;
+    reasons: string[];
+    policyRevision: number | null;
+    auditLogRoot: string;
+    decisionStarted: number;
+}): Promise<void>;
+//# sourceMappingURL=before-mcp-skipped.d.ts.map

package/dist/hooks/before-mcp-skipped.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-mcp-skipped.d.ts","sourceRoot":"","sources":["../../src/hooks/before-mcp-skipped.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,KAAK,EAAE,yBAAyB,EAA8B,MAAM,uBAAuB,CAAC;AAGnG,wBAAsB,oBAAoB,CAAC,KAAK,EAAE;IAChD,OAAO,EAAE,yBAAyB,CAAC;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,IAAI,EAAE,IAAI,CAAC;IACX,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;CACzB,GAAG,OAAO,CAAC,IAAI,CAAC,CAkEhB"}

package/dist/hooks/before-mcp-skipped.js

@@ -0,0 +1,56 @@
+import { appendAuditJsonl } from "../audit/jsonl.js";
+import { getInstallId } from "../cli/install-id.js";
+import { sendGuardEvent } from "../telemetry/guard-events.js";
+import { stringifyToolInput } from "./before-mcp-argv.js";
+export async function handleSkippedMcpHook(input) {
+    const { payload, rawToolName, bareTool, argv, tier, reasons, policyRevision, auditLogRoot, decisionStarted, } = input;
+    const latency_ms = performance.now() - decisionStarted;
+    const toolInputStr = stringifyToolInput(payload.tool_input);
+    try {
+        await appendAuditJsonl({
+            ts: new Date().toISOString(),
+            hook: "beforeMCPExecution",
+            tool_name: rawToolName,
+            bare_tool: bareTool,
+            tool_input: toolInputStr.slice(0, 8000),
+            argv,
+            status: "skipped",
+            skipped: true,
+            skip_reason: "mcp_policy_unmatched",
+            tier,
+            permission: "allow",
+            ticketConsumed: false,
+            reasons,
+            latency_ms,
+        }, auditLogRoot);
+    }
+    catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        process.stderr.write(`[auditor] audit log append failed: ${msg}\n`);
+    }
+    const skipResponse = { permission: "allow" };
+    process.stdout.write(JSON.stringify(skipResponse, null, 2));
+    await sendGuardEvent({
+        ts: new Date().toISOString(),
+        status: "skipped",
+        skipped: true,
+        skip_reason: "mcp_policy_unmatched",
+        tool: "auditor-hook-mcp",
+        command_path: argv[1] ?? null,
+        verb: argv[2] ?? null,
+        resource: toolInputStr ? toolInputStr.slice(0, 500) : null,
+        reason: reasons[0] ?? "mcp_policy_unmatched",
+        cmd: `${rawToolName}`,
+        tier,
+        decision: "allow",
+        latency_ms,
+        installId: getInstallId(),
+        kind: "mcp",
+        ...(policyRevision !== null ? { policy_revision: policyRevision } : {}),
+        meta: {
+            hook: "beforeMCPExecution",
+            ticketConsumed: false,
+        },
+    });
+}
+//# sourceMappingURL=before-mcp-skipped.js.map

package/dist/hooks/before-mcp-skipped.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-mcp-skipped.js","sourceRoot":"","sources":["../../src/hooks/before-mcp-skipped.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAG9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,KAU1C;IACC,MAAM,EACJ,OAAO,EACP,WAAW,EACX,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,OAAO,EACP,cAAc,EACd,YAAY,EACZ,eAAe,GAChB,GAAG,KAAK,CAAC;IAEV,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC;IACvD,MAAM,YAAY,GAAG,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAE5D,IAAI,CAAC;QACH,MAAM,gBAAgB,CACpB;YACE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YAC5B,IAAI,EAAE,oBAAoB;YAC1B,SAAS,EAAE,WAAW;YACtB,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;YACvC,IAAI;YACJ,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,sBAAsB;YACnC,IAAI;YACJ,UAAU,EAAE,OAAO;YACnB,cAAc,EAAE,KAAK;YACrB,OAAO;YACP,UAAU;SACX,EACD,YAAY,CACb,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,GAAG,IAAI,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,YAAY,GAA+B,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;IACzE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAE5D,MAAM,cAAc,CAAC;QACnB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,MAAM,EAAE,SAAS;QACjB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,sBAAsB;QACnC,IAAI,EAAE,kBAAkB;QACxB,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;QAC7B,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI;QACrB,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;QAC1D,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,sBAAsB;QAC5C,GAAG,EAAE,GAAG,WAAW,EAAE;QACrB,IAAI;QACJ,QAAQ,EAAE,OAAO;QACjB,UAAU;QACV,SAAS,EAAE,YAAY,EAAE;QACzB,IAAI,EAAE,KAAK;QACX,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,IAAI,EAAE;YACJ,IAAI,EAAE,oBAAoB;YAC1B,cAAc,EAAE,KAAK;SACtB;KACF,CAAC,CAAC;AACL,CAAC"}

package/dist/hooks/before-mcp-types.d.ts

@@ -0,0 +1,15 @@
+/** Cursor `beforeMCPExecution` stdin (see https://cursor.com/docs/hooks.md). */
+export type BeforeMCPExecutionPayload = {
+    tool_name?: unknown;
+    tool_input?: unknown;
+    url?: unknown;
+    command?: unknown;
+    cwd?: unknown;
+    workspace_roots?: unknown;
+};
+export type BeforeMCPExecutionResponse = {
+    permission: "allow" | "deny" | "ask";
+    user_message?: string;
+    agent_message?: string;
+};
+//# sourceMappingURL=before-mcp-types.d.ts.map

package/dist/hooks/before-mcp-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-mcp-types.d.ts","sourceRoot":"","sources":["../../src/hooks/before-mcp-types.ts"],"names":[],"mappings":"AAAA,gFAAgF;AAChF,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,UAAU,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IACrC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC"}

package/dist/hooks/before-mcp-types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=before-mcp-types.js.map

package/dist/hooks/before-mcp-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-mcp-types.js","sourceRoot":"","sources":["../../src/hooks/before-mcp-types.ts"],"names":[],"mappings":""}

package/dist/hooks/before-shell-io.d.ts

@@ -0,0 +1,3 @@
+export declare function readStdinJson<T>(): Promise<T>;
+export declare function tryAppendAuditEvent(evt: Record<string, unknown>, auditLogRoot?: string): Promise<void>;
+//# sourceMappingURL=before-shell-io.d.ts.map

package/dist/hooks/before-shell-io.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-shell-io.d.ts","sourceRoot":"","sources":["../../src/hooks/before-shell-io.ts"],"names":[],"mappings":"AAEA,wBAAsB,aAAa,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,CAanD;AAED,wBAAsB,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,YAAY,CAAC,EAAE,MAAM,iBAO5F"}

package/dist/hooks/before-shell-io.js

@@ -0,0 +1,26 @@
+import { appendAuditJsonl } from "../audit/jsonl.js";
+export async function readStdinJson() {
+    return await new Promise((resolve, reject) => {
+        let data = "";
+        process.stdin.setEncoding("utf8");
+        process.stdin.on("data", (chunk) => (data += chunk));
+        process.stdin.on("end", () => {
+            try {
+                resolve(JSON.parse(data));
+            }
+            catch (e) {
+                reject(e);
+            }
+        });
+    });
+}
+export async function tryAppendAuditEvent(evt, auditLogRoot) {
+    try {
+        await appendAuditJsonl(evt, auditLogRoot);
+    }
+    catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        process.stderr.write(`[auditor] audit log append failed: ${msg}\n`);
+    }
+}
+//# sourceMappingURL=before-shell-io.js.map

package/dist/hooks/before-shell-io.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-shell-io.js","sourceRoot":"","sources":["../../src/hooks/before-shell-io.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAErD,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC3C,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC;QACrD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;YAC3B,IAAI,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,CAAC,CAAC,CAAC,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAA4B,EAAE,YAAqB;IAC3F,IAAI,CAAC;QACH,MAAM,gBAAgB,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,GAAG,IAAI,CAAC,CAAC;IACtE,CAAC;AACH,CAAC"}

package/dist/hooks/before-shell-mutate.d.ts

@@ -0,0 +1,23 @@
+import type { Tier } from "../policy/index.js";
+import type { ShellAnalysis } from "../shell/analyze-command.js";
+import type { BeforeShellExecutionResponse } from "./before-shell-types.js";
+export type ShellMutateHookPermission = {
+    permission: BeforeShellExecutionResponse["permission"];
+    ticketConsumed: boolean;
+    inlineApproval: {
+        request_id: string;
+        open_url: string;
+    } | null;
+    approvalFlowSignal: string | null;
+    reasons: string[];
+};
+export declare function resolveShellMutateHookPermission(input: {
+    tier: Tier;
+    argv: string[];
+    analysis: ShellAnalysis;
+    storageRoot: string;
+    rawDisplay: string;
+    policyRevision: number | null;
+    initialReasons: string[];
+}): Promise<ShellMutateHookPermission>;
+//# sourceMappingURL=before-shell-mutate.d.ts.map

package/dist/hooks/before-shell-mutate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-shell-mutate.d.ts","sourceRoot":"","sources":["../../src/hooks/before-shell-mutate.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAM/C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,yBAAyB,CAAC;AAE5E,MAAM,MAAM,yBAAyB,GAAG;IACtC,UAAU,EAAE,4BAA4B,CAAC,YAAY,CAAC,CAAC;IACvD,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAChE,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC;AAEF,wBAAsB,gCAAgC,CAAC,KAAK,EAAE;IAC5D,IAAI,EAAE,IAAI,CAAC;IACX,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,QAAQ,EAAE,aAAa,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B,GAAG,OAAO,CAAC,yBAAyB,CAAC,CAyErC"}

package/dist/hooks/before-shell-mutate.js

@@ -0,0 +1,74 @@
+import { randomUUID } from "node:crypto";
+import { resolveShellApprovalHash } from "../approval/argv-fingerprint.js";
+import { tryHookInlineApprovalRequest } from "../approval/hook-inline-approval.js";
+import { resolveMutateApproval } from "../approval/mcp-flow.js";
+import { readPendingApprovalIndex } from "../bridge/pending-approval-index.js";
+import { tryConsumeExecutionTicket } from "../bridge/execution-ticket.js";
+export async function resolveShellMutateHookPermission(input) {
+    const { tier, argv, analysis, storageRoot, rawDisplay, policyRevision, initialReasons } = input;
+    const reasons = [...initialReasons];
+    let permission = tier === "READ" ? "allow" : "deny";
+    let ticketConsumed = false;
+    let approvalFlowSignal = null;
+    let inlineApproval = null;
+    if (tier !== "MUTATE") {
+        return { permission, ticketConsumed, inlineApproval, approvalFlowSignal, reasons };
+    }
+    const approvalHash = resolveShellApprovalHash({
+        kind: "shell",
+        argv,
+        approval_fingerprint: analysis.approval_fingerprint_payload,
+    });
+    ticketConsumed = await tryConsumeExecutionTicket(argv, {
+        storageRoot,
+        kind: "shell",
+        approval_fingerprint: analysis.approval_fingerprint_payload,
+    });
+    if (ticketConsumed) {
+        return { permission: "allow", ticketConsumed, inlineApproval, approvalFlowSignal, reasons };
+    }
+    const pending = await readPendingApprovalIndex(approvalHash, { storageRoot });
+    if (pending) {
+        const autoRedeem = await resolveMutateApproval({
+            argv: [...argv],
+            proposalKind: "shell",
+            storageRoot,
+            rawDisplay,
+            eventId: randomUUID(),
+            policyRevision,
+            reasons,
+            approval: { request_id: pending.request_id },
+            waitMs: 0,
+            approval_fingerprint: analysis.approval_fingerprint_payload,
+        });
+        if (autoRedeem.kind === "allow" && autoRedeem.ticketRecorded) {
+            ticketConsumed = await tryConsumeExecutionTicket(argv, {
+                storageRoot,
+                kind: "shell",
+                approval_fingerprint: analysis.approval_fingerprint_payload,
+            });
+            if (ticketConsumed) {
+                return { permission: "allow", ticketConsumed, inlineApproval, approvalFlowSignal, reasons };
+            }
+        }
+        approvalFlowSignal = "retry_without_guard_wait_resolve";
+        reasons.push("retry_without_guard_wait_resolve");
+        inlineApproval = { request_id: pending.request_id, open_url: pending.open_url };
+        return { permission: "deny", ticketConsumed, inlineApproval, approvalFlowSignal, reasons };
+    }
+    const created = await tryHookInlineApprovalRequest({
+        argv: [...argv],
+        kind: "shell",
+        rawDisplay,
+        policyRevision,
+        reasons,
+        eventId: randomUUID(),
+        storageRoot,
+        approval_fingerprint: analysis.approval_fingerprint_payload,
+    });
+    if (created) {
+        inlineApproval = { request_id: created.request_id, open_url: created.open_url };
+    }
+    return { permission: "deny", ticketConsumed, inlineApproval, approvalFlowSignal, reasons };
+}
+//# sourceMappingURL=before-shell-mutate.js.map

package/dist/hooks/before-shell-mutate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-shell-mutate.js","sourceRoot":"","sources":["../../src/hooks/before-shell-mutate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC,OAAO,EAAE,wBAAwB,EAAE,MAAM,iCAAiC,CAAC;AAC3E,OAAO,EAAE,4BAA4B,EAAE,MAAM,qCAAqC,CAAC;AACnF,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAY1E,MAAM,CAAC,KAAK,UAAU,gCAAgC,CAAC,KAQtD;IACC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,cAAc,EAAE,cAAc,EAAE,GAAG,KAAK,CAAC;IAEhG,MAAM,OAAO,GAAG,CAAC,GAAG,cAAc,CAAC,CAAC;IACpC,IAAI,UAAU,GAA+C,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;IAChG,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,kBAAkB,GAAkB,IAAI,CAAC;IAC7C,IAAI,cAAc,GAAoD,IAAI,CAAC;IAE3E,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,cAAc,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC;IACrF,CAAC;IAED,MAAM,YAAY,GAAG,wBAAwB,CAAC;QAC5C,IAAI,EAAE,OAAO;QACb,IAAI;QACJ,oBAAoB,EAAE,QAAQ,CAAC,4BAA4B;KAC5D,CAAC,CAAC;IAEH,cAAc,GAAG,MAAM,yBAAyB,CAAC,IAAI,EAAE;QACrD,WAAW;QACX,IAAI,EAAE,OAAO;QACb,oBAAoB,EAAE,QAAQ,CAAC,4BAA4B;KAC5D,CAAC,CAAC;IACH,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC;IAC9F,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,YAAY,EAAE,EAAE,WAAW,EAAE,CAAC,CAAC;IAC9E,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,UAAU,GAAG,MAAM,qBAAqB,CAAC;YAC7C,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;YACf,YAAY,EAAE,OAAO;YACrB,WAAW;YACX,UAAU;YACV,OAAO,EAAE,UAAU,EAAE;YACrB,cAAc;YACd,OAAO;YACP,QAAQ,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE;YAC5C,MAAM,EAAE,CAAC;YACT,oBAAoB,EAAE,QAAQ,CAAC,4BAA4B;SAC5D,CAAC,CAAC;QACH,IAAI,UAAU,CAAC,IAAI,KAAK,OAAO,IAAI,UAAU,CAAC,cAAc,EAAE,CAAC;YAC7D,cAAc,GAAG,MAAM,yBAAyB,CAAC,IAAI,EAAE;gBACrD,WAAW;gBACX,IAAI,EAAE,OAAO;gBACb,oBAAoB,EAAE,QAAQ,CAAC,4BAA4B;aAC5D,CAAC,CAAC;YACH,IAAI,cAAc,EAAE,CAAC;gBACnB,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC;YAC9F,CAAC;QACH,CAAC;QACD,kBAAkB,GAAG,kCAAkC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QACjD,cAAc,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC;QAChF,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC;IAC7F,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,4BAA4B,CAAC;QACjD,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QACf,IAAI,EAAE,OAAO;QACb,UAAU;QACV,cAAc;QACd,OAAO;QACP,OAAO,EAAE,UAAU,EAAE;QACrB,WAAW;QACX,oBAAoB,EAAE,QAAQ,CAAC,4BAA4B;KAC5D,CAAC,CAAC;IACH,IAAI,OAAO,EAAE,CAAC;QACZ,cAAc,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC;IAClF,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,cAAc,EAAE,cAAc,EAAE,kBAAkB,EAAE,OAAO,EAAE,CAAC;AAC7F,CAAC"}

package/dist/hooks/before-shell-skipped.d.ts

@@ -0,0 +1,11 @@
+import type { ShellAnalysis } from "../shell/analyze-command.js";
+import type { BeforeShellExecutionPayload } from "./before-shell-types.js";
+export declare function handleSkippedShellHook(input: {
+    payload: BeforeShellExecutionPayload;
+    skipReason: string;
+    policyRevision: number | null;
+    auditLogRoot: string;
+    decisionStarted: number;
+    analysis?: ShellAnalysis;
+}): Promise<void>;
+//# sourceMappingURL=before-shell-skipped.d.ts.map

package/dist/hooks/before-shell-skipped.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-shell-skipped.d.ts","sourceRoot":"","sources":["../../src/hooks/before-shell-skipped.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAEjE,OAAO,KAAK,EAAE,2BAA2B,EAAgC,MAAM,yBAAyB,CAAC;AAEzG,wBAAsB,sBAAsB,CAAC,KAAK,EAAE;IAClD,OAAO,EAAE,2BAA2B,CAAC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,aAAa,CAAC;CAC1B,GAAG,OAAO,CAAC,IAAI,CAAC,CAkDhB"}

package/dist/hooks/before-shell-skipped.js

@@ -0,0 +1,49 @@
+import { getInstallId } from "../cli/install-id.js";
+import { sendGuardEvent } from "../telemetry/guard-events.js";
+import { tryAppendAuditEvent } from "./before-shell-io.js";
+export async function handleSkippedShellHook(input) {
+    const { payload, skipReason, policyRevision, auditLogRoot, decisionStarted, analysis } = input;
+    const latency_ms = performance.now() - decisionStarted;
+    await tryAppendAuditEvent({
+        ts: new Date().toISOString(),
+        hook: "beforeShellExecution",
+        cwd: payload.cwd,
+        command: payload.command,
+        ...(analysis
+            ? { segments: analysis.segments }
+            : {}),
+        status: "skipped",
+        skipped: true,
+        skip_reason: skipReason,
+        tier: "READ",
+        permission: "allow",
+        ticketConsumed: false,
+        reasons: [`${skipReason}(policy_not_evaluated)`],
+        latency_ms,
+    }, auditLogRoot);
+    const response = { permission: "allow" };
+    process.stdout.write(JSON.stringify(response, null, 2));
+    await sendGuardEvent({
+        ts: new Date().toISOString(),
+        status: "skipped",
+        skipped: true,
+        skip_reason: skipReason,
+        tool: "auditor-hook",
+        command_path: null,
+        verb: null,
+        resource: null,
+        reason: skipReason,
+        cmd: payload.command,
+        tier: "READ",
+        decision: "allow",
+        latency_ms,
+        installId: getInstallId(),
+        kind: "shell",
+        ...(policyRevision !== null ? { policy_revision: policyRevision } : {}),
+        meta: {
+            hook: "beforeShellExecution",
+            ticketConsumed: false,
+        },
+    });
+}
+//# sourceMappingURL=before-shell-skipped.js.map

package/dist/hooks/before-shell-skipped.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-shell-skipped.js","sourceRoot":"","sources":["../../src/hooks/before-shell-skipped.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAE9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAG3D,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,KAO5C;IACC,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;IAC/F,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC;IAEvD,MAAM,mBAAmB,CACvB;QACE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,IAAI,EAAE,sBAAsB;QAC5B,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,GAAG,CAAC,QAAQ;YACV,CAAC,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE;YACjC,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,EAAE,SAAS;QACjB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,UAAU;QACvB,IAAI,EAAE,MAAM;QACZ,UAAU,EAAE,OAAO;QACnB,cAAc,EAAE,KAAK;QACrB,OAAO,EAAE,CAAC,GAAG,UAAU,wBAAwB,CAAC;QAChD,UAAU;KACX,EACD,YAAY,CACb,CAAC;IAEF,MAAM,QAAQ,GAAiC,EAAE,UAAU,EAAE,OAAO,EAAE,CAAC;IACvE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAExD,MAAM,cAAc,CAAC;QACnB,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC5B,MAAM,EAAE,SAAS;QACjB,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,UAAU;QACvB,IAAI,EAAE,cAAc;QACpB,YAAY,EAAE,IAAI;QAClB,IAAI,EAAE,IAAI;QACV,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,UAAU;QAClB,GAAG,EAAE,OAAO,CAAC,OAAO;QACpB,IAAI,EAAE,MAAM;QACZ,QAAQ,EAAE,OAAO;QACjB,UAAU;QACV,SAAS,EAAE,YAAY,EAAE;QACzB,IAAI,EAAE,OAAO;QACb,GAAG,CAAC,cAAc,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,IAAI,EAAE;YACJ,IAAI,EAAE,sBAAsB;YAC5B,cAAc,EAAE,KAAK;SACtB;KACF,CAAC,CAAC;AACL,CAAC"}

package/dist/hooks/before-shell-types.d.ts

@@ -0,0 +1,12 @@
+/** Cursor `beforeShellExecution` stdin (see https://cursor.com/docs/hooks.md). */
+export type BeforeShellExecutionPayload = {
+    command: string;
+    cwd?: string;
+    sandbox?: boolean;
+};
+export type BeforeShellExecutionResponse = {
+    permission: "allow" | "deny" | "ask";
+    user_message?: string;
+    agent_message?: string;
+};
+//# sourceMappingURL=before-shell-types.d.ts.map

package/dist/hooks/before-shell-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-shell-types.d.ts","sourceRoot":"","sources":["../../src/hooks/before-shell-types.ts"],"names":[],"mappings":"AAAA,kFAAkF;AAClF,MAAM,MAAM,2BAA2B,GAAG;IACxC,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,UAAU,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IACrC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC"}

package/dist/hooks/before-shell-types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=before-shell-types.js.map

package/dist/hooks/before-shell-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"before-shell-types.js","sourceRoot":"","sources":["../../src/hooks/before-shell-types.ts"],"names":[],"mappings":""}

package/dist/hooks/run-before-mcp.d.ts

@@ -1,30 +1,6 @@
-/** Cursor `beforeMCPExecution` stdin (see https://cursor.com/docs/hooks.md). */
-export type BeforeMCPExecutionPayload = {
-    tool_name?: unknown;
-    tool_input?: unknown;
-    url?: unknown;
-    command?: unknown;
-    cwd?: unknown;
-    workspace_roots?: unknown;
-};
-export type BeforeMCPExecutionResponse = {
-    permission: "allow" | "deny" | "ask";
-    user_message?: string;
-    agent_message?: string;
-};
-/**
- * When Cursor encodes MCP tools as `MCP:<server>:<tool>` (see Cursor hooks docs / preToolUse), split into
- * server + bare tool name for policy rows under `policies.mcp.<server>.<tool>`.
- */
-export declare function splitMcpToolName(raw: string): {
-    serverGuess: string | null;
-    tool: string;
-};
-/**
- * Maps hook payload → argv for `policies.v1.json` under tool key `mcp`.
- * Omits raw `tool_input` from argv tokens so JSON metacharacters do not trip shell metachar heuristics.
- */
-export declare function mcpHookArgvFromPayload(payload: BeforeMCPExecutionPayload): string[];
+import type { BeforeMCPExecutionResponse } from "./before-mcp-types.js";
+export type { BeforeMCPExecutionPayload, BeforeMCPExecutionResponse } from "./before-mcp-types.js";
+export { mcpHookArgvFromPayload, splitMcpToolName } from "./before-mcp-argv.js";
 /**
  * Cursor `beforeMCPExecution`: stdin JSON → stdout JSON (`permission` only contract).
  */

package/dist/hooks/run-before-mcp.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"run-before-mcp.d.ts","sourceRoot":"","sources":["../../src/hooks/run-before-mcp.ts"],"names":[],"mappings":"AAmBA,gFAAgF;AAChF,MAAM,MAAM,yBAAyB,GAAG;IACtC,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,0BAA0B,GAAG;IACvC,UAAU,EAAE,OAAO,GAAG,MAAM,GAAG,KAAK,CAAC;IACrC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAiBF;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAa1F;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,yBAAyB,GAAG,MAAM,EAAE,CAkBnF;AA0BD;;GAEG;AACH,wBAAsB,yBAAyB,IAAI,OAAO,CAAC,IAAI,CAAC,CA6N/D;AAED,wBAAgB,oCAAoC,CAAC,GAAG,EAAE,OAAO,GAAG,0BAA0B,CAM7F"}
+{"version":3,"file":"run-before-mcp.d.ts","sourceRoot":"","sources":["../../src/hooks/run-before-mcp.ts"],"names":[],"mappings":"AAoBA,OAAO,KAAK,EAEV,0BAA0B,EAC3B,MAAM,uBAAuB,CAAC;AAE/B,YAAY,EAAE,yBAAyB,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AACnG,OAAO,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAsBhF;;GAEG;AACH,wBAAsB,yBAAyB,IAAI,OAAO,CAAC,IAAI,CAAC,CAkJ/D;AAED,wBAAgB,oCAAoC,CAAC,GAAG,EAAE,OAAO,GAAG,0BAA0B,CAM7F"}