@red-codes/agentguard 1.0.0 → 1.1.2

package/dist/commands/export.js

@@ -0,0 +1,92 @@
+// CLI command: agentguard export — export a governance session to a portable JSONL file.
+// Uses SQLite storage backend.
+import { writeFileSync } from 'node:fs';
+import { resolve } from 'node:path';
+import { parseArgs } from '../args.js';
+/**
+ * Current schema version for the event/decision data shape.
+ * Bump this when the DomainEvent or GovernanceDecisionRecord structure changes.
+ */
+export const EXPORT_SCHEMA_VERSION = 1;
+// ---------------------------------------------------------------------------
+// Public command
+// ---------------------------------------------------------------------------
+export async function exportSession(args, storageConfig) {
+    const parsed = parseArgs(args, {
+        boolean: ['--last'],
+        string: ['--output', '-o'],
+        alias: { '-o': '--output' },
+    });
+    const config = storageConfig ?? { backend: 'sqlite' };
+    // Resolve runId
+    let runId;
+    if (parsed.flags.last) {
+        const { createStorageBundle } = await import('@red-codes/storage');
+        const storage = await createStorageBundle(config);
+        if (!storage.db) {
+            process.stderr.write('  Error: SQLite storage backend did not initialize database.\n');
+            process.exitCode = 1;
+            return;
+        }
+        const { getLatestRunId } = await import('@red-codes/storage');
+        const db = storage.db;
+        runId = getLatestRunId(db) ?? undefined;
+        storage.close();
+        if (!runId) {
+            process.stderr.write('\n  \x1b[31mError:\x1b[0m No runs recorded yet.\n\n');
+            process.exitCode = 1;
+            return;
+        }
+    }
+    else {
+        runId = parsed.positional[0];
+    }
+    if (!runId) {
+        process.stderr.write('\n  Usage: agentguard export <runId> [--output <file>]\n');
+        process.stderr.write('         agentguard export --last\n\n');
+        process.exitCode = 1;
+        return;
+    }
+    // Load events and decisions from SQLite
+    const { createStorageBundle } = await import('@red-codes/storage');
+    const storage = await createStorageBundle(config);
+    if (!storage.db) {
+        process.stderr.write('  Error: SQLite storage backend did not initialize database.\n');
+        process.exitCode = 1;
+        return;
+    }
+    const { loadRunEvents, loadRunDecisions } = await import('@red-codes/storage');
+    const db = storage.db;
+    const events = loadRunEvents(db, runId);
+    const decisions = loadRunDecisions(db, runId);
+    storage.close();
+    if (events.length === 0) {
+        process.stderr.write(`\n  \x1b[31mError:\x1b[0m Run "${runId}" has no events to export.\n\n`);
+        process.exitCode = 1;
+        return;
+    }
+    // Determine output path
+    const outputPath = resolve(parsed.flags.output || `${runId}.agentguard.jsonl`);
+    // Build export file: header + events + decisions
+    const header = {
+        __agentguard_export: true,
+        version: 1,
+        schemaVersion: EXPORT_SCHEMA_VERSION,
+        runId,
+        exportedAt: Date.now(),
+        eventCount: events.length,
+        decisionCount: decisions.length,
+        sourceBackend: 'sqlite',
+    };
+    const lines = [
+        JSON.stringify(header),
+        ...events.map((e) => JSON.stringify(e)),
+        ...decisions.map((d) => JSON.stringify(d)),
+    ];
+    writeFileSync(outputPath, lines.join('\n') + '\n', 'utf8');
+    process.stderr.write(`\n  \x1b[32m\u2713\x1b[0m Exported run \x1b[1m${runId}\x1b[0m\n`);
+    process.stderr.write(`    Events:    ${events.length}\n`);
+    process.stderr.write(`    Decisions: ${decisions.length}\n`);
+    process.stderr.write(`    Output:    ${outputPath}\n\n`);
+}
+//# sourceMappingURL=export.js.map

package/dist/commands/export.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"export.js","sourceRoot":"","sources":["../../src/commands/export.ts"],"names":[],"mappings":"AAAA,yFAAyF;AACzF,+BAA+B;AAE/B,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAGvC;;;GAGG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAiBvC,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAc,EAAE,aAA6B;IAC/E,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE;QAC7B,OAAO,EAAE,CAAC,QAAQ,CAAC;QACnB,MAAM,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC;QAC1B,KAAK,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE;KAC5B,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,aAAa,IAAI,EAAE,OAAO,EAAE,QAAiB,EAAE,CAAC;IAE/D,gBAAgB;IAChB,IAAI,KAAyB,CAAC;IAC9B,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACnE,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAClD,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;YAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;YACvF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;QACD,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QAC9D,MAAM,EAAE,GAAG,OAAO,CAAC,EAAuC,CAAC;QAC3D,KAAK,GAAG,cAAc,CAAC,EAAE,CAAC,IAAI,SAAS,CAAC;QACxC,OAAO,CAAC,KAAK,EAAE,CAAC;QAEhB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;YAC5E,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;YACrB,OAAO;QACT,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC/B,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;QACjF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC9D,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,wCAAwC;IACxC,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACnE,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAClD,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;QAChB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;QACvF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IACD,MAAM,EAAE,aAAa,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC/E,MAAM,EAAE,GAAG,OAAO,CAAC,EAAuC,CAAC;IAC3D,MAAM,MAAM,GAAG,aAAa,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;IACxC,MAAM,SAAS,GAAG,gBAAgB,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;IAC9C,OAAO,CAAC,KAAK,EAAE,CAAC;IAEhB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,KAAK,gCAAgC,CAAC,CAAC;QAC9F,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,wBAAwB;IACxB,MAAM,UAAU,GAAG,OAAO,CAAE,MAAM,CAAC,KAAK,CAAC,MAAiB,IAAI,GAAG,KAAK,mBAAmB,CAAC,CAAC;IAE3F,iDAAiD;IACjD,MAAM,MAAM,GAA2B;QACrC,mBAAmB,EAAE,IAAI;QACzB,OAAO,EAAE,CAAC;QACV,aAAa,EAAE,qBAAqB;QACpC,KAAK;QACL,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;QACtB,UAAU,EAAE,MAAM,CAAC,MAAM;QACzB,aAAa,EAAE,SAAS,CAAC,MAAM;QAC/B,aAAa,EAAE,QAAQ;KACxB,CAAC;IAEF,MAAM,KAAK,GAAG;QACZ,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;QACtB,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACvC,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;KAC3C,CAAC;IAEF,aAAa,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC;IAE3D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iDAAiD,KAAK,WAAW,CAAC,CAAC;IACxF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;IAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,MAAM,IAAI,CAAC,CAAC;IAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,UAAU,MAAM,CAAC,CAAC;AAC3D,CAAC"}

package/dist/commands/guard.d.ts

@@ -0,0 +1,21 @@
+import type { RendererRegistry } from '@red-codes/renderers';
+import type { StorageConfig } from '@red-codes/storage';
+export interface GuardOptions {
+    /** Single policy path (backwards compatible) */
+    policy?: string;
+    /** Multiple policy paths for composition */
+    policies?: string[];
+    dryRun?: boolean;
+    verbose?: boolean;
+    trace?: boolean;
+    stdin?: boolean;
+    simulate?: boolean;
+    /** Optional pre-configured renderer registry (for custom renderers) */
+    renderers?: RendererRegistry;
+    /** Storage backend config */
+    store?: StorageConfig;
+    /** Skip auto-opening session viewer in browser after run */
+    noOpen?: boolean;
+}
+export declare function guard(_args: string[], options?: GuardOptions): Promise<number>;
+//# sourceMappingURL=guard.d.ts.map

package/dist/commands/guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../../src/commands/guard.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAM7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAMxD,MAAM,WAAW,YAAY;IAC3B,gDAAgD;IAChD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4CAA4C;IAC5C,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,uEAAuE;IACvE,SAAS,CAAC,EAAE,gBAAgB,CAAC;IAC7B,6BAA6B;IAC7B,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,4DAA4D;IAC5D,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,wBAAsB,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,OAAO,GAAE,YAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,CA8JxF"}

package/dist/commands/guard.js

@@ -0,0 +1,272 @@
+// CLI command: agentguard guard — start the governed action runtime.
+// Reads stdin for action proposals (JSON), evaluates them, writes results to stdout.
+// Uses the renderer plugin system for all human-facing output.
+// Supports policy composition: multiple --policy flags merged with precedence.
+import { createKernel } from '@red-codes/kernel';
+import { createLiveRegistry } from '@red-codes/adapters';
+import { loadPolicyDefs, loadComposedPolicies, describeComposition } from '../policy-resolver.js';
+import { createSimulatorRegistry } from '@red-codes/kernel';
+import { createGitSimulator } from '@red-codes/kernel';
+import { createFilesystemSimulator } from '@red-codes/kernel';
+import { createPackageSimulator } from '@red-codes/kernel';
+import { createDependencyGraphSimulator } from '@red-codes/kernel';
+import { generateSeed, createSeededRng } from '@red-codes/core';
+import { simpleHash } from '@red-codes/core';
+import { createPluginRegistry, loadSimulatorPlugins } from '@red-codes/plugins';
+import { createRendererRegistry } from '@red-codes/renderers';
+import { createTuiRenderer } from '@red-codes/renderers';
+import { createEvent, POLICY_COMPOSED, POLICY_TRACE_RECORDED } from '@red-codes/events';
+import { createStorageBundle } from '@red-codes/storage';
+import { createCloudSinks } from '@red-codes/telemetry';
+import { loadIdentity, resolveMode } from '@red-codes/telemetry-client';
+export async function guard(_args, options = {}) {
+    // Buffer stdin immediately — async setup below can cause a race where piped
+    // input arrives (and EOF fires) before processStdin() attaches 'data' handlers.
+    // resume() switches stdin to flowing mode so Node.js buffers chunks in memory.
+    if (!process.stdin.isTTY) {
+        process.stdin.resume();
+    }
+    // Resolve policies — use composition if multiple paths provided
+    const explicitPaths = options.policies ?? (options.policy ? [options.policy] : undefined);
+    const useComposition = explicitPaths && explicitPaths.length > 1;
+    let policyDefs;
+    let policyName;
+    if (useComposition || explicitPaths) {
+        const composition = loadComposedPolicies(explicitPaths);
+        policyDefs = composition.policies;
+        policyName = describeComposition(composition);
+    }
+    else {
+        policyDefs = loadPolicyDefs(options.policy);
+        policyName = options.policy || 'default (no file)';
+    }
+    // Build simulator registry (enabled by default)
+    const simulators = createSimulatorRegistry();
+    if (options.simulate !== false) {
+        simulators.register(createGitSimulator());
+        simulators.register(createFilesystemSimulator());
+        simulators.register(createDependencyGraphSimulator());
+        simulators.register(createPackageSimulator());
+        // Load community simulator plugins from the plugin registry
+        try {
+            const pluginRegistry = createPluginRegistry();
+            await loadSimulatorPlugins(pluginRegistry, (sim) => simulators.register(sim));
+        }
+        catch {
+            // Plugin loading failures are non-fatal — built-in simulators still work
+        }
+    }
+    // Create seeded RNG — seed is stored in session metadata for deterministic replay
+    const seed = generateSeed();
+    const rng = createSeededRng(seed);
+    // Generate run ID using seeded RNG so both sinks share it
+    const runId = `run_${Date.now()}_${simpleHash(rng.random().toString())}`;
+    // Create sinks — use storage bundle
+    const storeConfig = options.store ?? { backend: 'sqlite' };
+    const storage = await createStorageBundle(storeConfig);
+    const eventSink = storage.createEventSink(runId);
+    const decisionSink = storage.createDecisionSink(runId);
+    // Cloud telemetry — anonymous by default
+    const identity = loadIdentity();
+    const telemetryMode = resolveMode(identity);
+    const apiKey = process.env.AGENTGUARD_API_KEY ?? identity?.enrollment_token;
+    const cloudSinks = await createCloudSinks({
+        mode: telemetryMode,
+        serverUrl: process.env.AGENTGUARD_TELEMETRY_URL ??
+            identity?.server_url ??
+            'https://agentguard-cloud.vercel.app',
+        runId,
+        agentId: 'cli',
+        installId: identity?.install_id,
+        apiKey,
+    });
+    // First-run telemetry notice
+    if (!identity || !identity.noticed) {
+        try {
+            process.stderr.write('\n  \x1b[2mAgentGuard sends anonymous usage data to help improve the product.\n' +
+                '  Run `agentguard telemetry off` to disable.\x1b[0m\n\n');
+            const { saveIdentity: save, generateIdentity: gen } = await import('@red-codes/telemetry-client');
+            const updated = identity ?? gen('anonymous');
+            save({ ...updated, noticed: true });
+        }
+        catch {
+            // Non-fatal
+        }
+    }
+    // Build kernel config
+    const kernelConfig = {
+        runId,
+        rng,
+        policyDefs,
+        dryRun: options.dryRun ?? false,
+        adapters: options.dryRun ? undefined : createLiveRegistry(),
+        sinks: [eventSink, cloudSinks.eventSink],
+        decisionSinks: [decisionSink, cloudSinks.decisionSink],
+        simulators: simulators.all().length > 0 ? simulators : undefined,
+    };
+    const kernel = createKernel(kernelConfig);
+    cloudSinks.registerRun();
+    // Emit PolicyComposed event when multiple policies are composed
+    if (useComposition) {
+        const composition = loadComposedPolicies(explicitPaths);
+        const composedEvent = createEvent(POLICY_COMPOSED, {
+            policyCount: composition.policies.length,
+            totalRules: composition.policies.reduce((sum, p) => sum + p.rules.length, 0),
+            sources: composition.sources.map((s) => ({
+                path: s.path,
+                layer: s.layer,
+                policyId: s.policy.id,
+                ruleCount: s.policy.rules.length,
+            })),
+            layers: composition.layers,
+        });
+        eventSink.write(composedEvent);
+    }
+    // Set up renderer registry — use provided registry or create default with TUI
+    const renderers = options.renderers ?? createRendererRegistry();
+    if (!options.renderers) {
+        renderers.register(createTuiRenderer({ verbose: options.verbose, trace: options.trace }));
+    }
+    // Record session start in the sessions table (SQLite only)
+    const simCount = simulators.all().length;
+    if (storage.sessions) {
+        storage.sessions.start(runId, 'guard', {
+            policyFile: policyName,
+            dryRun: options.dryRun,
+            storageBackend: storeConfig.backend,
+            simulatorCount: simCount,
+        });
+    }
+    // Notify renderers: run started
+    renderers.notifyRunStarted({
+        runId,
+        policyName,
+        invariantCount: 6,
+        verbose: options.verbose,
+        dryRun: options.dryRun,
+        simulatorCount: simCount,
+        trace: options.trace,
+    });
+    if (!options.stdin) {
+        // Interactive mode prompt
+        process.stderr.write(`  ${'\x1b[2m'}Listening for actions on stdin (JSON per line)...${'\x1b[0m'}\n`);
+        process.stderr.write(`  ${'\x1b[2m'}Press Ctrl+C to stop.${'\x1b[0m'}\n\n`);
+    }
+    return processStdin(kernel, renderers, storage, cloudSinks, {
+        noOpen: options.noOpen,
+        storeConfig,
+    });
+}
+async function processStdin(kernel, renderers, storage, cloudSinks, viewerOpts) {
+    const startTime = Date.now();
+    let totalActions = 0;
+    let allowedCount = 0;
+    let deniedCount = 0;
+    let violationCount = 0;
+    return new Promise((resolvePromise) => {
+        let buffer = '';
+        process.stdin.setEncoding('utf8');
+        process.stdin.on('data', async (chunk) => {
+            buffer += chunk;
+            const lines = buffer.split('\n');
+            buffer = lines.pop() || '';
+            for (const line of lines) {
+                const trimmed = line.trim();
+                if (!trimmed)
+                    continue;
+                try {
+                    const rawAction = JSON.parse(trimmed);
+                    const result = await kernel.propose(rawAction);
+                    totalActions++;
+                    if (result.allowed)
+                        allowedCount++;
+                    else
+                        deniedCount++;
+                    violationCount += result.decision.violations.length;
+                    // Dispatch to all registered renderers
+                    renderers.notifyActionResult(result);
+                    // Dispatch policy trace events for real-time visualization
+                    for (const event of result.events) {
+                        if (event.kind === POLICY_TRACE_RECORDED) {
+                            renderers.notifyPolicyTrace(event);
+                        }
+                    }
+                    if (result.decisionRecord) {
+                        renderers.notifyDecisionRecord(result.decisionRecord);
+                    }
+                    // Write machine-readable result to stdout
+                    const output = {
+                        allowed: result.allowed,
+                        executed: result.executed,
+                        action: result.decision.intent.action,
+                        target: result.decision.intent.target,
+                        reason: result.decision.decision.reason,
+                        violations: result.decision.violations.map((v) => v.name),
+                        runId: result.runId,
+                        decisionRecordId: result.decisionRecord?.recordId,
+                    };
+                    process.stdout.write(JSON.stringify(output) + '\n');
+                }
+                catch (err) {
+                    process.stderr.write(`  \x1b[31mError:\x1b[0m Invalid JSON input: ${err.message}\n`);
+                }
+            }
+        });
+        const shutdown = async () => {
+            kernel.shutdown();
+            // Record session end in the sessions table (SQLite only)
+            if (storage.sessions) {
+                storage.sessions.end(kernel.getRunId(), {
+                    totalActions,
+                    allowed: allowedCount,
+                    denied: deniedCount,
+                    violations: violationCount,
+                    durationMs: Date.now() - startTime,
+                });
+            }
+            renderers.notifyRunEnded({
+                runId: kernel.getRunId(),
+                totalActions,
+                allowed: allowedCount,
+                denied: deniedCount,
+                violations: violationCount,
+                durationMs: Date.now() - startTime,
+            });
+            renderers.disposeAll();
+            await cloudSinks.flush();
+            cloudSinks.stop();
+            storage.close();
+        };
+        process.stdin.on('end', async () => {
+            await shutdown();
+            await openSessionViewer(viewerOpts);
+            resolvePromise(0);
+        });
+        process.on('SIGINT', async () => {
+            await shutdown();
+            process.stderr.write('\n  \x1b[33mAgentGuard stopped.\x1b[0m\n\n');
+            await openSessionViewer(viewerOpts);
+            resolvePromise(0);
+        });
+    });
+}
+async function openSessionViewer(opts) {
+    if (opts.noOpen)
+        return;
+    try {
+        const { sessionViewer } = await import('./session-viewer.js');
+        const viewerArgs = ['--last'];
+        if (opts.storeConfig.backend === 'sqlite') {
+            viewerArgs.push('--store', 'sqlite');
+            if (opts.storeConfig.dbPath) {
+                viewerArgs.push('--db-path', opts.storeConfig.dbPath);
+            }
+        }
+        await sessionViewer(viewerArgs, opts.storeConfig);
+    }
+    catch (err) {
+        // Non-fatal — session viewer is best-effort
+        process.stderr.write(`  \x1b[2mSession viewer: ${err instanceof Error ? err.message : String(err)}\x1b[0m\n`);
+    }
+}
+//# sourceMappingURL=guard.js.map

package/dist/commands/guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"guard.js","sourceRoot":"","sources":["../../src/commands/guard.ts"],"names":[],"mappings":"AAAA,qEAAqE;AACrE,qFAAqF;AACrF,+DAA+D;AAC/D,+EAA+E;AAE/E,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAClG,OAAO,EAAE,uBAAuB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,yBAAyB,EAAE,MAAM,mBAAmB,CAAC;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,8BAA8B,EAAE,MAAM,mBAAmB,CAAC;AAEnE,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAE9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAExF,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAIzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAExD,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAoBxE,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,KAAe,EAAE,UAAwB,EAAE;IACrE,4EAA4E;IAC5E,gFAAgF;IAChF,+EAA+E;IAC/E,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QACzB,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;IACzB,CAAC;IAED,gEAAgE;IAChE,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC1F,MAAM,cAAc,GAAG,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC;IAEjE,IAAI,UAAqB,CAAC;IAC1B,IAAI,UAAkB,CAAC;IAEvB,IAAI,cAAc,IAAI,aAAa,EAAE,CAAC;QACpC,MAAM,WAAW,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;QACxD,UAAU,GAAG,WAAW,CAAC,QAAQ,CAAC;QAClC,UAAU,GAAG,mBAAmB,CAAC,WAAW,CAAC,CAAC;IAChD,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,cAAc,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5C,UAAU,GAAG,OAAO,CAAC,MAAM,IAAI,mBAAmB,CAAC;IACrD,CAAC;IAED,gDAAgD;IAChD,MAAM,UAAU,GAAG,uBAAuB,EAAE,CAAC;IAC7C,IAAI,OAAO,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;QAC/B,UAAU,CAAC,QAAQ,CAAC,kBAAkB,EAAE,CAAC,CAAC;QAC1C,UAAU,CAAC,QAAQ,CAAC,yBAAyB,EAAE,CAAC,CAAC;QACjD,UAAU,CAAC,QAAQ,CAAC,8BAA8B,EAAE,CAAC,CAAC;QACtD,UAAU,CAAC,QAAQ,CAAC,sBAAsB,EAAE,CAAC,CAAC;QAE9C,4DAA4D;QAC5D,IAAI,CAAC;YACH,MAAM,cAAc,GAAG,oBAAoB,EAAE,CAAC;YAC9C,MAAM,oBAAoB,CAAC,cAAc,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QAChF,CAAC;QAAC,MAAM,CAAC;YACP,yEAAyE;QAC3E,CAAC;IACH,CAAC;IAED,kFAAkF;IAClF,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;IAC5B,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IAElC,0DAA0D;IAC1D,MAAM,KAAK,GAAG,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAC;IAEzE,oCAAoC;IACpC,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,IAAI,EAAE,OAAO,EAAE,QAAiB,EAAE,CAAC;IACpE,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,SAAS,GAAG,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IACjD,MAAM,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAEvD,yCAAyC;IACzC,MAAM,QAAQ,GAAG,YAAY,EAAE,CAAC;IAChC,MAAM,aAAa,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,QAAQ,EAAE,gBAAgB,CAAC;IAC5E,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC;QACxC,IAAI,EAAE,aAAa;QACnB,SAAS,EACP,OAAO,CAAC,GAAG,CAAC,wBAAwB;YACpC,QAAQ,EAAE,UAAU;YACpB,qCAAqC;QACvC,KAAK;QACL,OAAO,EAAE,KAAK;QACd,SAAS,EAAE,QAAQ,EAAE,UAAU;QAC/B,MAAM;KACP,CAAC,CAAC;IAEH,6BAA6B;IAC7B,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,iFAAiF;gBAC/E,yDAAyD,CAC5D,CAAC;YACF,MAAM,EAAE,YAAY,EAAE,IAAI,EAAE,gBAAgB,EAAE,GAAG,EAAE,GACjD,MAAM,MAAM,CAAC,6BAA6B,CAAC,CAAC;YAC9C,MAAM,OAAO,GAAG,QAAQ,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;YAC7C,IAAI,CAAC,EAAE,GAAG,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,CAAC;QAAC,MAAM,CAAC;YACP,YAAY;QACd,CAAC;IACH,CAAC;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAiB;QACjC,KAAK;QACL,GAAG;QACH,UAAU;QACV,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,KAAK;QAC/B,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,kBAAkB,EAAE;QAC3D,KAAK,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC;QACxC,aAAa,EAAE,CAAC,YAAY,EAAE,UAAU,CAAC,YAAY,CAAC;QACtD,UAAU,EAAE,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS;KACjE,CAAC;IAEF,MAAM,MAAM,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;IAC1C,UAAU,CAAC,WAAW,EAAE,CAAC;IAEzB,gEAAgE;IAChE,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,WAAW,GAAG,oBAAoB,CAAC,aAAa,CAAC,CAAC;QACxD,MAAM,aAAa,GAAG,WAAW,CAAC,eAAe,EAAE;YACjD,WAAW,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;YACxC,UAAU,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;YAC5E,OAAO,EAAE,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACvC,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,KAAK,EAAE,CAAC,CAAC,KAAK;gBACd,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE;gBACrB,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM;aACjC,CAAC,CAAC;YACH,MAAM,EAAE,WAAW,CAAC,MAAM;SAC3B,CAAC,CAAC;QACH,SAAS,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IACjC,CAAC;IAED,8EAA8E;IAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,sBAAsB,EAAE,CAAC;IAChE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;QACvB,SAAS,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC5F,CAAC;IAED,2DAA2D;IAC3D,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC;IACzC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,EAAE;YACrC,UAAU,EAAE,UAAU;YACtB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,cAAc,EAAE,WAAW,CAAC,OAAO;YACnC,cAAc,EAAE,QAAQ;SACzB,CAAC,CAAC;IACL,CAAC;IAED,gCAAgC;IAChC,SAAS,CAAC,gBAAgB,CAAC;QACzB,KAAK;QACL,UAAU;QACV,cAAc,EAAE,CAAC;QACjB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,cAAc,EAAE,QAAQ;QACxB,KAAK,EAAE,OAAO,CAAC,KAAK;KACrB,CAAC,CAAC;IAEH,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,0BAA0B;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,KAAK,SAAS,oDAAoD,SAAS,IAAI,CAChF,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,SAAS,wBAAwB,SAAS,MAAM,CAAC,CAAC;IAC9E,CAAC;IAED,OAAO,YAAY,CAAC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,UAAU,EAAE;QAC1D,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,WAAW;KACZ,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,MAAuC,EACvC,SAA2B,EAC3B,OAAsB,EACtB,UAA2B,EAC3B,UAA4D;IAE5D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,cAAc,GAAG,CAAC,CAAC;IAEvB,OAAO,IAAI,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE;QACpC,IAAI,MAAM,GAAG,EAAE,CAAC;QAEhB,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,EAAE,KAAa,EAAE,EAAE;YAC/C,MAAM,IAAI,KAAK,CAAC;YAChB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjC,MAAM,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;YAE3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC5B,IAAI,CAAC,OAAO;oBAAE,SAAS;gBAEvB,IAAI,CAAC;oBACH,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAmB,CAAC;oBACxD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;oBAE/C,YAAY,EAAE,CAAC;oBACf,IAAI,MAAM,CAAC,OAAO;wBAAE,YAAY,EAAE,CAAC;;wBAC9B,WAAW,EAAE,CAAC;oBACnB,cAAc,IAAI,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC;oBAEpD,uCAAuC;oBACvC,SAAS,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;oBAErC,2DAA2D;oBAC3D,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;wBAClC,IAAI,KAAK,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;4BACzC,SAAS,CAAC,iBAAiB,CAAC,KAAsC,CAAC,CAAC;wBACtE,CAAC;oBACH,CAAC;oBAED,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;wBAC1B,SAAS,CAAC,oBAAoB,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;oBACxD,CAAC;oBAED,0CAA0C;oBAC1C,MAAM,MAAM,GAAG;wBACb,OAAO,EAAE,MAAM,CAAC,OAAO;wBACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;wBACzB,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM;wBACrC,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM;wBACrC,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM;wBACvC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;wBACzD,KAAK,EAAE,MAAM,CAAC,KAAK;wBACnB,gBAAgB,EAAE,MAAM,CAAC,cAAc,EAAE,QAAQ;qBAClD,CAAC;oBACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC;gBACtD,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,+CAAgD,GAAa,CAAC,OAAO,IAAI,CAC1E,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,KAAK,IAAI,EAAE;YAC1B,MAAM,CAAC,QAAQ,EAAE,CAAC;YAElB,yDAAyD;YACzD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE;oBACtC,YAAY;oBACZ,OAAO,EAAE,YAAY;oBACrB,MAAM,EAAE,WAAW;oBACnB,UAAU,EAAE,cAAc;oBAC1B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;iBACnC,CAAC,CAAC;YACL,CAAC;YAED,SAAS,CAAC,cAAc,CAAC;gBACvB,KAAK,EAAE,MAAM,CAAC,QAAQ,EAAE;gBACxB,YAAY;gBACZ,OAAO,EAAE,YAAY;gBACrB,MAAM,EAAE,WAAW;gBACnB,UAAU,EAAE,cAAc;gBAC1B,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS;aACnC,CAAC,CAAC;YACH,SAAS,CAAC,UAAU,EAAE,CAAC;YACvB,MAAM,UAAU,CAAC,KAAK,EAAE,CAAC;YACzB,UAAU,CAAC,IAAI,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,CAAC,CAAC;QAEF,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,IAAI,EAAE;YACjC,MAAM,QAAQ,EAAE,CAAC;YACjB,MAAM,iBAAiB,CAAC,UAAU,CAAC,CAAC;YACpC,cAAc,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,KAAK,IAAI,EAAE;YAC9B,MAAM,QAAQ,EAAE,CAAC;YACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;YACnE,MAAM,iBAAiB,CAAC,UAAU,CAAC,CAAC;YACpC,cAAc,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,IAGhC;IACC,IAAI,IAAI,CAAC,MAAM;QAAE,OAAO;IACxB,IAAI,CAAC;QACH,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QAC9D,MAAM,UAAU,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC9B,IAAI,IAAI,CAAC,WAAW,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC1C,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YACrC,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;gBAC5B,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;QACD,MAAM,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,4CAA4C;QAC5C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CACxF,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/commands/import.d.ts

@@ -0,0 +1,3 @@
+import type { StorageConfig } from '@red-codes/storage';
+export declare function importSession(args: string[], storageConfig?: StorageConfig): Promise<void>;
+//# sourceMappingURL=import.d.ts.map

package/dist/commands/import.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"import.d.ts","sourceRoot":"","sources":["../../src/commands/import.ts"],"names":[],"mappings":"AAWA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAExD,wBAAsB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,aAAa,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CA4HhG"}

package/dist/{cli/commands → commands}/import.js

@@ -1,17 +1,11 @@
 // CLI command: agentguard import — import a governance session from a portable JSONL file.
-import { readFileSync, appendFileSync, existsSync, mkdirSync } from 'node:fs';
-import { join, resolve } from 'node:path';
+// Uses SQLite storage backend.
+import { readFileSync, existsSync } from 'node:fs';
+import { resolve } from 'node:path';
 import { parseArgs } from '../args.js';
-import { getEventFilePath } from '../../events/jsonl.js';
-import { getDecisionFilePath } from '../../events/decision-jsonl.js';
-import { validateEvent } from '../../events/schema.js';
-const BASE_DIR = '.agentguard';
-function ensureDir(dirPath) {
-    if (!existsSync(dirPath)) {
-        mkdirSync(dirPath, { recursive: true });
-    }
-}
-export async function importSession(args) {
+import { validateEvent } from '@red-codes/events';
+import { EXPORT_SCHEMA_VERSION } from './export.js';
+export async function importSession(args, storageConfig) {
     const parsed = parseArgs(args, {
         string: ['--as'],
     });
@@ -50,6 +44,14 @@ export async function importSession(args) {
         process.exitCode = 1;
         return;
     }
+    // Validate schema version (backward-compatible: missing schemaVersion treated as 1)
+    const schemaVersion = header.schemaVersion ?? 1;
+    if (schemaVersion > EXPORT_SCHEMA_VERSION) {
+        process.stderr.write(`\n  \x1b[31mError:\x1b[0m Export uses schema version ${schemaVersion} but this version of AgentGuard only supports up to ${EXPORT_SCHEMA_VERSION}.\n` +
+            '  Please upgrade AgentGuard to import this file.\n\n');
+        process.exitCode = 1;
+        return;
+    }
     const runId = parsed.flags.as || header.runId;
     if (!runId) {
         process.stderr.write('\n  \x1b[31mError:\x1b[0m No runId found in export header and none provided via --as.\n\n');
@@ -91,22 +93,19 @@ export async function importSession(args) {
         process.exitCode = 1;
         return;
     }
-    // Check if run already exists
-    const eventFilePath = getEventFilePath(runId);
-    if (existsSync(eventFilePath)) {
-        process.stderr.write(`\n  \x1b[33m\u26A0\x1b[0m Run "${runId}" already exists. Events will be appended.\n`);
+    // Write to SQLite via storage sinks
+    const config = storageConfig ?? { backend: 'sqlite' };
+    const { createStorageBundle } = await import('@red-codes/storage');
+    const storage = await createStorageBundle(config);
+    const eventSink = storage.createEventSink(runId);
+    const decisionSink = storage.createDecisionSink(runId);
+    for (const event of events) {
+        eventSink.write(event);
     }
-    // Write events
-    ensureDir(join(BASE_DIR, 'events'));
-    const eventData = events.map((e) => JSON.stringify(e)).join('\n') + '\n';
-    appendFileSync(eventFilePath, eventData, 'utf8');
-    // Write decisions (if any)
-    if (decisions.length > 0) {
-        ensureDir(join(BASE_DIR, 'decisions'));
-        const decisionFilePath = getDecisionFilePath(runId);
-        const decisionData = decisions.map((d) => JSON.stringify(d)).join('\n') + '\n';
-        appendFileSync(decisionFilePath, decisionData, 'utf8');
+    for (const decision of decisions) {
+        decisionSink.write(decision);
     }
+    storage.close();
     process.stderr.write(`\n  \x1b[32m\u2713\x1b[0m Imported run \x1b[1m${runId}\x1b[0m\n`);
     process.stderr.write(`    Events:    ${events.length}\n`);
     process.stderr.write(`    Decisions: ${decisions.length}\n`);

package/dist/commands/import.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"import.js","sourceRoot":"","sources":["../../src/commands/import.ts"],"names":[],"mappings":"AAAA,2FAA2F;AAC3F,+BAA+B;AAE/B,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAGlD,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAIpD,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAc,EAAE,aAA6B;IAC/E,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE;QAC7B,MAAM,EAAE,CAAC,MAAM,CAAC;KACjB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACvC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC/E,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACxC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6CAA6C,YAAY,MAAM,CAAC,CAAC;QACtF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,0BAA0B;IAC1B,MAAM,OAAO,GAAG,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAE1D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;QAC5E,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,4BAA4B;IAC5B,IAAI,MAA8B,CAAC;IACnC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAA2B,CAAC;IAC1D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uEAAuE,CAAC,CAAC;QAC9F,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,IAAI,MAAM,CAAC,mBAAmB,KAAK,IAAI,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;QAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,0FAA0F,CAC3F,CAAC;QACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,oFAAoF;IACpF,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,IAAI,CAAC,CAAC;IAChD,IAAI,aAAa,GAAG,qBAAqB,EAAE,CAAC;QAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,wDAAwD,aAAa,uDAAuD,qBAAqB,KAAK;YACpJ,sDAAsD,CACzD,CAAC;QACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAI,MAAM,CAAC,KAAK,CAAC,EAAa,IAAI,MAAM,CAAC,KAAK,CAAC;IAC1D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,2FAA2F,CAC5F,CAAC;QACF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,uDAAuD;IACvD,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IACzD,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IAEzD,4BAA4B;IAC5B,MAAM,MAAM,GAAkB,EAAE,CAAC;IACjC,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;YAC3D,MAAM,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC,MAAM,CAAqB,CAAC;YAC5D,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,CAAC,MAAgC,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,MAAM,SAAS,GAA+B,EAAE,CAAC;IACjD,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA6B,CAAC;YAC5D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACzB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,uBAAuB;QACzB,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qEAAqE,CAAC,CAAC;QAC5F,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACrB,OAAO;IACT,CAAC;IAED,oCAAoC;IACpC,MAAM,MAAM,GAAG,aAAa,IAAI,EAAE,OAAO,EAAE,QAAiB,EAAE,CAAC;IAC/D,MAAM,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACnE,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,OAAO,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IACjD,MAAM,YAAY,GAAG,OAAO,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAEvD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED,OAAO,CAAC,KAAK,EAAE,CAAC;IAEhB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iDAAiD,KAAK,WAAW,CAAC,CAAC;IACxF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;IAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,MAAM,IAAI,CAAC,CAAC;IAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAkB,YAAY,MAAM,CAAC,CAAC;AAC7D,CAAC"}

package/dist/commands/init.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Main init command handler.
+ */
+export declare function init(args: string[]): Promise<number>;
+//# sourceMappingURL=init.d.ts.map

package/dist/commands/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAyCA;;GAEG;AACH,wBAAsB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAqF1D"}