@rubytech/create-maxy 1.0.774 → 1.0.776

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-maxy",
-  "version": "1.0.774",
+  "version": "1.0.776",
   "description": "Install Maxy — AI for Productive People",
   "bin": {
     "create-maxy": "./dist/index.js"

package/payload/platform/config/brand.json

@@ -9,6 +9,7 @@
   "domain": "getmaxy.com",
   "neo4jPort": 7687,
   "ttydPort": 7681,
+  "commercialMode": false,
 
   "defaultColors": {
     "primary": "#7C8C72",

package/payload/platform/lib/entitlement/PUBKEY-HASH.txt

@@ -0,0 +1 @@
+8eee6bcb33545fd13b16d3199a5735ca5db5062834c7b49dfe4f23801d99db79

package/payload/platform/lib/entitlement/dist/canonicalize.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Deterministic canonical JSON serializer for Ed25519 signing/verification.
+ *
+ * Why purpose-built and not RFC 8785 (JCS) or a vendored canonicalize lib:
+ * the entitlement payload schema is tightly controlled — flat object, primitives
+ * plus one string array (purchasedPlugins). A 30-line implementation covers it
+ * exactly and stays zero-dep, which matters because the create-maxy bundle
+ * has a hardcoded externalDeps surface that any new runtime dep must thread.
+ *
+ * Rules:
+ *   - object keys sorted lexicographically (Array.prototype.sort default)
+ *   - no whitespace
+ *   - strings JSON.stringify-escaped (handles unicode, quotes, backslashes)
+ *   - numbers in finite IEEE 754; reject NaN / Infinity / -0
+ *   - booleans + null verbatim
+ *   - arrays preserve element order (signing party owns array semantics)
+ *   - throws on unsupported value types (functions, undefined, symbols, bigint)
+ *
+ * Both sides (Rubytech signer + customer verifier) call canonicalize() before
+ * signing/verifying. Canonical bytes are UTF-8 of the returned string.
+ */
+export type CanonicalValue = string | number | boolean | null | CanonicalValue[] | {
+    [k: string]: CanonicalValue;
+};
+export declare function canonicalize(value: CanonicalValue): string;
+//# sourceMappingURL=canonicalize.d.ts.map

package/payload/platform/lib/entitlement/dist/canonicalize.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonicalize.d.ts","sourceRoot":"","sources":["../src/canonicalize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,MAAM,MAAM,cAAc,GACtB,MAAM,GACN,MAAM,GACN,OAAO,GACP,IAAI,GACJ,cAAc,EAAE,GAChB;IAAE,CAAC,CAAC,EAAE,MAAM,GAAG,cAAc,CAAA;CAAE,CAAC;AAEpC,wBAAgB,YAAY,CAAC,KAAK,EAAE,cAAc,GAAG,MAAM,CAyB1D"}

package/payload/platform/lib/entitlement/dist/canonicalize.js

@@ -0,0 +1,54 @@
+"use strict";
+/**
+ * Deterministic canonical JSON serializer for Ed25519 signing/verification.
+ *
+ * Why purpose-built and not RFC 8785 (JCS) or a vendored canonicalize lib:
+ * the entitlement payload schema is tightly controlled — flat object, primitives
+ * plus one string array (purchasedPlugins). A 30-line implementation covers it
+ * exactly and stays zero-dep, which matters because the create-maxy bundle
+ * has a hardcoded externalDeps surface that any new runtime dep must thread.
+ *
+ * Rules:
+ *   - object keys sorted lexicographically (Array.prototype.sort default)
+ *   - no whitespace
+ *   - strings JSON.stringify-escaped (handles unicode, quotes, backslashes)
+ *   - numbers in finite IEEE 754; reject NaN / Infinity / -0
+ *   - booleans + null verbatim
+ *   - arrays preserve element order (signing party owns array semantics)
+ *   - throws on unsupported value types (functions, undefined, symbols, bigint)
+ *
+ * Both sides (Rubytech signer + customer verifier) call canonicalize() before
+ * signing/verifying. Canonical bytes are UTF-8 of the returned string.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canonicalize = canonicalize;
+function canonicalize(value) {
+    if (value === null)
+        return "null";
+    if (typeof value === "boolean")
+        return value ? "true" : "false";
+    if (typeof value === "string")
+        return JSON.stringify(value);
+    if (typeof value === "number") {
+        if (!Number.isFinite(value)) {
+            throw new Error(`canonicalize: non-finite number rejected (${value})`);
+        }
+        if (Object.is(value, -0)) {
+            throw new Error("canonicalize: negative zero rejected");
+        }
+        return JSON.stringify(value);
+    }
+    if (Array.isArray(value)) {
+        return "[" + value.map(canonicalize).join(",") + "]";
+    }
+    if (typeof value === "object") {
+        const keys = Object.keys(value).sort();
+        const parts = [];
+        for (const k of keys) {
+            parts.push(JSON.stringify(k) + ":" + canonicalize(value[k]));
+        }
+        return "{" + parts.join(",") + "}";
+    }
+    throw new Error(`canonicalize: unsupported value type ${typeof value}`);
+}
+//# sourceMappingURL=canonicalize.js.map

package/payload/platform/lib/entitlement/dist/canonicalize.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonicalize.js","sourceRoot":"","sources":["../src/canonicalize.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;;AAUH,oCAyBC;AAzBD,SAAgB,YAAY,CAAC,KAAqB;IAChD,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,MAAM,CAAC;IAClC,IAAI,OAAO,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;IAChE,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC5D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,6CAA6C,KAAK,GAAG,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACvD,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;QACvC,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;YACrB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACrC,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,wCAAwC,OAAO,KAAK,EAAE,CAAC,CAAC;AAC1E,CAAC"}

package/payload/platform/lib/entitlement/dist/index.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Entitlement verifier — single source of truth for effective tier and
+ * purchasedPlugins on a Maxy/Real-Agent install. Pre-launch security gate
+ * for paid tiers (Task 831).
+ *
+ * Doctrine: account.json is agent-writable; entitlement is not. Effective
+ * tier and purchasedPlugins derive from a Rubytech-signed Ed25519 payload,
+ * not from raw account.json values. Editing account.json directly has no
+ * runtime effect; the verifier compares disk against signed and uses signed.
+ *
+ *   ┌────────────────────────────┐
+ *   │ session start              │
+ *   └─────────────┬──────────────┘
+ *                 ▼
+ *   ┌────────────────────────────┐
+ *   │ read brand.json            │
+ *   │ commercialMode? (default   │
+ *   │ false on personal-mode)    │
+ *   └────────┬───────────────┬───┘
+ *            │false          │true
+ *            ▼               ▼
+ *   source=implicit-trust    read entitlement.json
+ *   (raw account.json)              │
+ *                                   ├─missing──▶ anonymous-fallback (lock)
+ *                                   ├─malformed─▶ anonymous-fallback
+ *                                   ├─pubkey-tampered─▶ anonymous-fallback
+ *                                   ├─bad sig──▶ anonymous-fallback
+ *                                   ├─binding mismatch─▶ anonymous-fallback
+ *                                   ├─clock skew──▶ anonymous-fallback
+ *                                   ├─expired+grace─▶ signed-grace
+ *                                   ├─expired post-grace─▶ anonymous-fallback (lock)
+ *                                   └─valid─▶ signed
+ *
+ * Threat model: this code closes the agent-self-elevation bypass and the
+ * casual operator vim-edit bypass. A determined operator with shell access
+ * who replaces the vendored pubkey AND regenerates the SHA-256 hash baked
+ * into PUBKEY_SHA256 below can still defeat the verifier — that is the
+ * accepted out-of-scope per task 831 ("raise bypass cost to break the
+ * signature, not to edit JSON"). Hardware binding is the only counter and
+ * is explicitly out of scope.
+ */
+export declare const PUBKEY_SHA256 = "8eee6bcb33545fd13b16d3199a5735ca5db5062834c7b49dfe4f23801d99db79";
+export type EntitlementSource = "signed" | "signed-grace" | "implicit-trust" | "anonymous-fallback";
+export interface ResolvedEntitlement {
+    tier: string;
+    purchasedPlugins: string[];
+    source: EntitlementSource;
+    issued: string | null;
+    expires: string | null;
+}
+export interface AccountConfigSubset {
+    accountId: string;
+    customerEmail?: string;
+    tier?: string;
+    purchasedPlugins?: string[];
+}
+export interface BrandConfigSubset {
+    /** Absolute path to ~/<configDir> where entitlement.json is delivered. */
+    configDir: string;
+    /** Absolute path to platform/ root; pubkey lives at <platformRoot>/lib/entitlement/rubytech-pubkey.pem. */
+    platformRoot: string;
+    /** True only when this brand has flipped to commercial entitlement enforcement. */
+    commercialMode?: boolean;
+}
+/**
+ * Resolve effective entitlement for the current install. Sync — Ed25519
+ * verify is a CPU-bound primitive on the order of 0.3ms; no async surface.
+ *
+ * @param brand   Brand config (read from platform/config/brand.json by caller)
+ * @param account Account config (read from data/accounts/<id>/account.json)
+ * @returns Effective entitlement plus the source tag for observability.
+ */
+export declare function resolveEntitlement(brand: BrandConfigSubset, account: AccountConfigSubset): ResolvedEntitlement;
+/** Test-only: clear the memoization cache. Not used in production. */
+export declare function _clearMemo(): void;
+//# sourceMappingURL=index.d.ts.map

package/payload/platform/lib/entitlement/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAoBH,eAAO,MAAM,aAAa,qEAAqE,CAAC;AAMhG,MAAM,MAAM,iBAAiB,GACzB,QAAQ,GACR,cAAc,GACd,gBAAgB,GAChB,oBAAoB,CAAC;AAEzB,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,MAAM,EAAE,iBAAiB,CAAC;IAC1B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,iBAAiB;IAChC,0EAA0E;IAC1E,SAAS,EAAE,MAAM,CAAC;IAClB,2GAA2G;IAC3G,YAAY,EAAE,MAAM,CAAC;IACrB,mFAAmF;IACnF,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AA0BD;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,iBAAiB,EACxB,OAAO,EAAE,mBAAmB,GAC3B,mBAAmB,CAuBrB;AAED,sEAAsE;AACtE,wBAAgB,UAAU,IAAI,IAAI,CAEjC"}

package/payload/platform/lib/entitlement/dist/index.js

@@ -0,0 +1,293 @@
+"use strict";
+/**
+ * Entitlement verifier — single source of truth for effective tier and
+ * purchasedPlugins on a Maxy/Real-Agent install. Pre-launch security gate
+ * for paid tiers (Task 831).
+ *
+ * Doctrine: account.json is agent-writable; entitlement is not. Effective
+ * tier and purchasedPlugins derive from a Rubytech-signed Ed25519 payload,
+ * not from raw account.json values. Editing account.json directly has no
+ * runtime effect; the verifier compares disk against signed and uses signed.
+ *
+ *   ┌────────────────────────────┐
+ *   │ session start              │
+ *   └─────────────┬──────────────┘
+ *                 ▼
+ *   ┌────────────────────────────┐
+ *   │ read brand.json            │
+ *   │ commercialMode? (default   │
+ *   │ false on personal-mode)    │
+ *   └────────┬───────────────┬───┘
+ *            │false          │true
+ *            ▼               ▼
+ *   source=implicit-trust    read entitlement.json
+ *   (raw account.json)              │
+ *                                   ├─missing──▶ anonymous-fallback (lock)
+ *                                   ├─malformed─▶ anonymous-fallback
+ *                                   ├─pubkey-tampered─▶ anonymous-fallback
+ *                                   ├─bad sig──▶ anonymous-fallback
+ *                                   ├─binding mismatch─▶ anonymous-fallback
+ *                                   ├─clock skew──▶ anonymous-fallback
+ *                                   ├─expired+grace─▶ signed-grace
+ *                                   ├─expired post-grace─▶ anonymous-fallback (lock)
+ *                                   └─valid─▶ signed
+ *
+ * Threat model: this code closes the agent-self-elevation bypass and the
+ * casual operator vim-edit bypass. A determined operator with shell access
+ * who replaces the vendored pubkey AND regenerates the SHA-256 hash baked
+ * into PUBKEY_SHA256 below can still defeat the verifier — that is the
+ * accepted out-of-scope per task 831 ("raise bypass cost to break the
+ * signature, not to edit JSON"). Hardware binding is the only counter and
+ * is explicitly out of scope.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PUBKEY_SHA256 = void 0;
+exports.resolveEntitlement = resolveEntitlement;
+exports._clearMemo = _clearMemo;
+const node_crypto_1 = require("node:crypto");
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const canonicalize_js_1 = require("./canonicalize.js");
+// __dirname is undefined in pure ESM bundles (platform/ui's tsup output is
+// format: ['esm'] with no shims:true). The MCP plugin path imports the CJS
+// build (dist/) where __dirname works, but the UI server imports the TS
+// source directly and tsup-bundles it as ESM. To work in both worlds, the
+// caller passes the platform root explicitly via BrandConfigSubset.platformRoot.
+// ---------------------------------------------------------------------------
+// Vendored pubkey — shipped at platform/lib/entitlement/rubytech-pubkey.pem.
+// PUBKEY_SHA256 is the expected hex SHA-256 of the file's bytes; if the
+// on-disk file's hash diverges the verifier emits pubkey-tamper and falls
+// back to anonymous. Update both when Rubytech rotates the keypair.
+// ---------------------------------------------------------------------------
+exports.PUBKEY_SHA256 = "8eee6bcb33545fd13b16d3199a5735ca5db5062834c7b49dfe4f23801d99db79";
+const GRACE_DAYS = 7;
+const GRACE_MS = GRACE_DAYS * 24 * 60 * 60 * 1000;
+function pubkeyPath(brand) {
+    return (0, node_path_1.resolve)(brand.platformRoot, "lib", "entitlement", "rubytech-pubkey.pem");
+}
+// Memoize per-process, scoped to (mtime, accountId, customerEmail). Scoping
+// by accountId is mandatory: the binding check at verifyAndResolve runs once
+// per call, and a memo keyed on mtime alone would return account A's verified
+// result to account B's request — bypassing the per-call binding check
+// (account isolation doctrine, feedback_account_isolation_absolute).
+let memo = null;
+function memoKey(mtimeMs, account) {
+    // Coarse 60-second time bucket ensures the memo invalidates around the
+    // expires/grace boundary even when entitlement.json mtime never changes
+    // (long-running UI server, no file refresh until Task 832 ships).
+    const bucket = Math.floor(Date.now() / 60000);
+    return `${mtimeMs}:${bucket}:${account.accountId}:${account.customerEmail ?? ""}`;
+}
+const VALID_TIERS = new Set(["solo", "family", "pro"]);
+/**
+ * Resolve effective entitlement for the current install. Sync — Ed25519
+ * verify is a CPU-bound primitive on the order of 0.3ms; no async surface.
+ *
+ * @param brand   Brand config (read from platform/config/brand.json by caller)
+ * @param account Account config (read from data/accounts/<id>/account.json)
+ * @returns Effective entitlement plus the source tag for observability.
+ */
+function resolveEntitlement(brand, account) {
+    // Personal mode (commercialMode !== true): always implicit-trust. A stray
+    // entitlement.json (backup-restore, dev artefact) must NOT lock out a
+    // personal-mode user — verification only runs when the brand is commercial.
+    if (brand.commercialMode !== true) {
+        return logResolved(implicitTrust(account), null);
+    }
+    const entitlementPath = (0, node_path_1.resolve)(brand.configDir, "entitlement.json");
+    if (!(0, node_fs_1.existsSync)(entitlementPath)) {
+        return logResolved(anonymousFallback("missing"), { reason: "missing" });
+    }
+    // (mtime, time-bucket, accountId, customerEmail)-keyed memoization
+    const stat = (0, node_fs_1.statSync)(entitlementPath);
+    const key = memoKey(stat.mtimeMs, account);
+    if (memo && memo.key === key) {
+        return memo.result;
+    }
+    const result = verifyAndResolve(brand, entitlementPath, account);
+    memo = { key, result };
+    return result;
+}
+/** Test-only: clear the memoization cache. Not used in production. */
+function _clearMemo() {
+    memo = null;
+}
+// ---------------------------------------------------------------------------
+// Internals
+// ---------------------------------------------------------------------------
+function verifyAndResolve(brand, entitlementPath, account) {
+    // Step 1: pubkey integrity. If the vendored pubkey has been swapped on
+    // disk, refuse to use it — emit verify-failed and degrade.
+    let pubkeyPem;
+    try {
+        pubkeyPem = (0, node_fs_1.readFileSync)(pubkeyPath(brand), "utf-8");
+    }
+    catch (err) {
+        return logResolved(anonymousFallback("pubkey-missing"), {
+            reason: "pubkey-missing",
+        });
+    }
+    const pubkeyHash = (0, node_crypto_1.createHash)("sha256").update(pubkeyPem).digest("hex");
+    if (pubkeyHash !== exports.PUBKEY_SHA256) {
+        return logResolved(anonymousFallback("pubkey-tamper"), {
+            reason: "pubkey-tamper",
+        });
+    }
+    // Step 2: parse the entitlement envelope.
+    let envelope;
+    try {
+        envelope = JSON.parse((0, node_fs_1.readFileSync)(entitlementPath, "utf-8"));
+    }
+    catch {
+        return logResolved(anonymousFallback("malformed"), { reason: "malformed" });
+    }
+    if (typeof envelope !== "object" ||
+        envelope === null ||
+        typeof envelope.signature !== "string" ||
+        typeof envelope.payload !== "object" ||
+        envelope.payload === null) {
+        return logResolved(anonymousFallback("malformed"), { reason: "malformed" });
+    }
+    const payload = envelope.payload;
+    const signatureB64 = envelope.signature;
+    // Step 3: signature verification over canonical bytes.
+    let pubkey;
+    try {
+        pubkey = (0, node_crypto_1.createPublicKey)(pubkeyPem);
+    }
+    catch {
+        return logResolved(anonymousFallback("pubkey-malformed"), {
+            reason: "pubkey-malformed",
+        });
+    }
+    let canonical;
+    try {
+        canonical = (0, canonicalize_js_1.canonicalize)(payload);
+    }
+    catch {
+        return logResolved(anonymousFallback("payload-shape"), {
+            reason: "payload-shape",
+        });
+    }
+    let sigBuf;
+    try {
+        sigBuf = Buffer.from(signatureB64, "base64");
+    }
+    catch {
+        return logResolved(anonymousFallback("signature-encoding"), {
+            reason: "signature-encoding",
+        });
+    }
+    const ok = (0, node_crypto_1.verify)(null, Buffer.from(canonical, "utf-8"), pubkey, sigBuf);
+    if (!ok) {
+        return logResolved(anonymousFallback("signature"), { reason: "signature" });
+    }
+    // Step 4: bindings — accountId and customerEmail must match local truth.
+    if (typeof payload.accountId !== "string" || payload.accountId !== account.accountId) {
+        return logResolved(anonymousFallback("binding-account"), {
+            reason: "binding-account",
+        });
+    }
+    // customerEmail binding: enforce when EITHER side has a value. Skipping when
+    // only the local side is empty would let an attacker forge an account.json
+    // without customerEmail to silently bypass the email binding while keeping
+    // the matching accountId. Symmetric: signed has it OR local has it → must match.
+    const signedEmail = typeof payload.customerEmail === "string" ? payload.customerEmail : undefined;
+    if (signedEmail !== undefined || account.customerEmail !== undefined) {
+        if (signedEmail !== account.customerEmail) {
+            return logResolved(anonymousFallback("binding-email"), {
+                reason: "binding-email",
+            });
+        }
+    }
+    // Step 5: temporal checks.
+    const issuedRaw = payload.issued;
+    const expiresRaw = payload.expires;
+    if (typeof issuedRaw !== "string" || typeof expiresRaw !== "string") {
+        return logResolved(anonymousFallback("temporal-shape"), {
+            reason: "temporal-shape",
+        });
+    }
+    const issued = Date.parse(issuedRaw);
+    const expires = Date.parse(expiresRaw);
+    const now = Date.now();
+    if (Number.isNaN(issued) || Number.isNaN(expires)) {
+        return logResolved(anonymousFallback("temporal-shape"), {
+            reason: "temporal-shape",
+        });
+    }
+    if (issued > now) {
+        return logResolved(anonymousFallback("clock-skew"), {
+            reason: "clock-skew",
+        });
+    }
+    // Reject empty/unknown tier. An empty string passing through here would
+    // hit `MAX_ADMINS_BY_TIER[""] ?? MAX_ADMINS_DEFAULT` at admin-add and
+    // silently grant pro-tier admin slots — a signing-side bug becoming a
+    // privilege grant. Strict allowlist closes the gap.
+    const tier = typeof payload.tier === "string" ? payload.tier : "";
+    if (!VALID_TIERS.has(tier)) {
+        return logResolved(anonymousFallback("tier-shape"), { reason: "tier-shape" });
+    }
+    const purchased = Array.isArray(payload.purchasedPlugins)
+        ? payload.purchasedPlugins.filter((s) => typeof s === "string")
+        : [];
+    // Step 6: expiry gate.
+    if (now <= expires) {
+        return logResolved({
+            tier,
+            purchasedPlugins: purchased,
+            source: "signed",
+            issued: issuedRaw,
+            expires: expiresRaw,
+        }, maybeTamperLine(account, tier));
+    }
+    if (now <= expires + GRACE_MS) {
+        return logResolved({
+            tier,
+            purchasedPlugins: purchased,
+            source: "signed-grace",
+            issued: issuedRaw,
+            expires: expiresRaw,
+        }, maybeTamperLine(account, tier));
+    }
+    return logResolved(anonymousFallback("expired"), { reason: "expired" });
+}
+function implicitTrust(account) {
+    const tier = typeof account.tier === "string" ? account.tier : "";
+    const purchased = Array.isArray(account.purchasedPlugins) ? account.purchasedPlugins : [];
+    return {
+        tier,
+        purchasedPlugins: purchased,
+        source: "implicit-trust",
+        issued: null,
+        expires: null,
+    };
+}
+function anonymousFallback(_reason) {
+    return {
+        tier: "solo",
+        purchasedPlugins: [],
+        source: "anonymous-fallback",
+        issued: null,
+        expires: null,
+    };
+}
+function maybeTamperLine(account, signedTier) {
+    if (typeof account.tier === "string" && account.tier !== signedTier) {
+        return { reason: "tampered", diskTier: account.tier, signedTier };
+    }
+    return null;
+}
+function logResolved(result, detail) {
+    console.error(`[entitlement] resolved: tier=${result.tier} plugins=${result.purchasedPlugins.length} source=${result.source} issued=${result.issued ?? "-"} expires=${result.expires ?? "-"}`);
+    if (detail && "diskTier" in detail) {
+        console.error(`[entitlement] tampered: tier-on-disk=${detail.diskTier} signed=${detail.signedTier} action=using-signed`);
+    }
+    else if (detail && result.source === "anonymous-fallback") {
+        const action = detail.reason === "expired" || detail.reason === "missing" ? "lock" : "degrade";
+        console.error(`[entitlement] verify-failed: reason=${detail.reason} action=${action}`);
+    }
+    return result;
+}
+//# sourceMappingURL=index.js.map

package/payload/platform/lib/entitlement/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;;;AAwFH,gDA0BC;AAGD,gCAEC;AArHD,6CAAkF;AAClF,qCAA6D;AAC7D,yCAAoC;AACpC,uDAAsE;AAEtE,2EAA2E;AAC3E,2EAA2E;AAC3E,wEAAwE;AACxE,0EAA0E;AAC1E,iFAAiF;AAEjF,8EAA8E;AAC9E,6EAA6E;AAC7E,wEAAwE;AACxE,0EAA0E;AAC1E,oEAAoE;AACpE,8EAA8E;AAEjE,QAAA,aAAa,GAAG,kEAAkE,CAAC;AAoChG,MAAM,UAAU,GAAG,CAAC,CAAC;AACrB,MAAM,QAAQ,GAAG,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAElD,SAAS,UAAU,CAAC,KAAwB;IAC1C,OAAO,IAAA,mBAAO,EAAC,KAAK,CAAC,YAAY,EAAE,KAAK,EAAE,aAAa,EAAE,qBAAqB,CAAC,CAAC;AAClF,CAAC;AAED,4EAA4E;AAC5E,6EAA6E;AAC7E,8EAA8E;AAC9E,uEAAuE;AACvE,qEAAqE;AACrE,IAAI,IAAI,GAAwD,IAAI,CAAC;AAErE,SAAS,OAAO,CAAC,OAAe,EAAE,OAA4B;IAC5D,uEAAuE;IACvE,wEAAwE;IACxE,kEAAkE;IAClE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;IAC9C,OAAO,GAAG,OAAO,IAAI,MAAM,IAAI,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,aAAa,IAAI,EAAE,EAAE,CAAC;AACpF,CAAC;AAED,MAAM,WAAW,GAAwB,IAAI,GAAG,CAAC,CAAC,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;AAE5E;;;;;;;GAOG;AACH,SAAgB,kBAAkB,CAChC,KAAwB,EACxB,OAA4B;IAE5B,0EAA0E;IAC1E,sEAAsE;IACtE,4EAA4E;IAC5E,IAAI,KAAK,CAAC,cAAc,KAAK,IAAI,EAAE,CAAC;QAClC,OAAO,WAAW,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,eAAe,GAAG,IAAA,mBAAO,EAAC,KAAK,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;IACrE,IAAI,CAAC,IAAA,oBAAU,EAAC,eAAe,CAAC,EAAE,CAAC;QACjC,OAAO,WAAW,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,mEAAmE;IACnE,MAAM,IAAI,GAAG,IAAA,kBAAQ,EAAC,eAAe,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC3C,IAAI,IAAI,IAAI,IAAI,CAAC,GAAG,KAAK,GAAG,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;IACjE,IAAI,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;IACvB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,sEAAsE;AACtE,SAAgB,UAAU;IACxB,IAAI,GAAG,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,SAAS,gBAAgB,CACvB,KAAwB,EACxB,eAAuB,EACvB,OAA4B;IAE5B,uEAAuE;IACvE,2DAA2D;IAC3D,IAAI,SAAiB,CAAC;IACtB,IAAI,CAAC;QACH,SAAS,GAAG,IAAA,sBAAY,EAAC,UAAU,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,WAAW,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE;YACtD,MAAM,EAAE,gBAAgB;SACzB,CAAC,CAAC;IACL,CAAC;IACD,MAAM,UAAU,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACxE,IAAI,UAAU,KAAK,qBAAa,EAAE,CAAC;QACjC,OAAO,WAAW,CAAC,iBAAiB,CAAC,eAAe,CAAC,EAAE;YACrD,MAAM,EAAE,eAAe;SACxB,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,IAAI,QAAoD,CAAC;IACzD,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,WAAW,CAAC,iBAAiB,CAAC,WAAW,CAAC,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,IACE,OAAO,QAAQ,KAAK,QAAQ;QAC5B,QAAQ,KAAK,IAAI;QACjB,OAAO,QAAQ,CAAC,SAAS,KAAK,QAAQ;QACtC,OAAO,QAAQ,CAAC,OAAO,KAAK,QAAQ;QACpC,QAAQ,CAAC,OAAO,KAAK,IAAI,EACzB,CAAC;QACD,OAAO,WAAW,CAAC,iBAAiB,CAAC,WAAW,CAAC,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAkC,CAAC;IAC5D,MAAM,YAAY,GAAG,QAAQ,CAAC,SAAS,CAAC;IAExC,uDAAuD;IACvD,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,IAAA,6BAAe,EAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,WAAW,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,EAAE;YACxD,MAAM,EAAE,kBAAkB;SAC3B,CAAC,CAAC;IACL,CAAC;IAED,IAAI,SAAiB,CAAC;IACtB,IAAI,CAAC;QACH,SAAS,GAAG,IAAA,8BAAY,EAAC,OAAyB,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,WAAW,CAAC,iBAAiB,CAAC,eAAe,CAAC,EAAE;YACrD,MAAM,EAAE,eAAe;SACxB,CAAC,CAAC;IACL,CAAC;IAED,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC/C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,WAAW,CAAC,iBAAiB,CAAC,oBAAoB,CAAC,EAAE;YAC1D,MAAM,EAAE,oBAAoB;SAC7B,CAAC,CAAC;IACL,CAAC;IAED,MAAM,EAAE,GAAG,IAAA,oBAAY,EAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/E,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,WAAW,CAAC,iBAAiB,CAAC,WAAW,CAAC,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,yEAAyE;IACzE,IAAI,OAAO,OAAO,CAAC,SAAS,KAAK,QAAQ,IAAI,OAAO,CAAC,SAAS,KAAK,OAAO,CAAC,SAAS,EAAE,CAAC;QACrF,OAAO,WAAW,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,EAAE;YACvD,MAAM,EAAE,iBAAiB;SAC1B,CAAC,CAAC;IACL,CAAC;IACD,6EAA6E;IAC7E,2EAA2E;IAC3E,2EAA2E;IAC3E,iFAAiF;IACjF,MAAM,WAAW,GAAG,OAAO,OAAO,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;IAClG,IAAI,WAAW,KAAK,SAAS,IAAI,OAAO,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;QACrE,IAAI,WAAW,KAAK,OAAO,CAAC,aAAa,EAAE,CAAC;YAC1C,OAAO,WAAW,CAAC,iBAAiB,CAAC,eAAe,CAAC,EAAE;gBACrD,MAAM,EAAE,eAAe;aACxB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,2BAA2B;IAC3B,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC;IACjC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC;IACnC,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;QACpE,OAAO,WAAW,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE;YACtD,MAAM,EAAE,gBAAgB;SACzB,CAAC,CAAC;IACL,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAClD,OAAO,WAAW,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,EAAE;YACtD,MAAM,EAAE,gBAAgB;SACzB,CAAC,CAAC;IACL,CAAC;IACD,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;QACjB,OAAO,WAAW,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE;YAClD,MAAM,EAAE,YAAY;SACrB,CAAC,CAAC;IACL,CAAC;IAED,wEAAwE;IACxE,sEAAsE;IACtE,sEAAsE;IACtE,oDAAoD;IACpD,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IAClE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,OAAO,WAAW,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC;QACvD,CAAC,CAAE,OAAO,CAAC,gBAA8B,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;QAC3F,CAAC,CAAC,EAAE,CAAC;IAEP,uBAAuB;IACvB,IAAI,GAAG,IAAI,OAAO,EAAE,CAAC;QACnB,OAAO,WAAW,CAChB;YACE,IAAI;YACJ,gBAAgB,EAAE,SAAS;YAC3B,MAAM,EAAE,QAAQ;YAChB,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,UAAU;SACpB,EACD,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,CAC/B,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,IAAI,OAAO,GAAG,QAAQ,EAAE,CAAC;QAC9B,OAAO,WAAW,CAChB;YACE,IAAI;YACJ,gBAAgB,EAAE,SAAS;YAC3B,MAAM,EAAE,cAAc;YACtB,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,UAAU;SACpB,EACD,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,CAC/B,CAAC;IACJ,CAAC;IACD,OAAO,WAAW,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,aAAa,CAAC,OAA4B;IACjD,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IAClE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1F,OAAO;QACL,IAAI;QACJ,gBAAgB,EAAE,SAAS;QAC3B,MAAM,EAAE,gBAAgB;QACxB,MAAM,EAAE,IAAI;QACZ,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAe;IACxC,OAAO;QACL,IAAI,EAAE,MAAM;QACZ,gBAAgB,EAAE,EAAE;QACpB,MAAM,EAAE,oBAAoB;QAC5B,MAAM,EAAE,IAAI;QACZ,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CACtB,OAA4B,EAC5B,UAAkB;IAElB,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACpE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,CAAC;IACpE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,WAAW,CAClB,MAA2B,EAC3B,MAGQ;IAER,OAAO,CAAC,KAAK,CACX,gCAAgC,MAAM,CAAC,IAAI,YAAY,MAAM,CAAC,gBAAgB,CAAC,MAAM,WAAW,MAAM,CAAC,MAAM,WAAW,MAAM,CAAC,MAAM,IAAI,GAAG,YAAY,MAAM,CAAC,OAAO,IAAI,GAAG,EAAE,CAChL,CAAC;IACF,IAAI,MAAM,IAAI,UAAU,IAAI,MAAM,EAAE,CAAC;QACnC,OAAO,CAAC,KAAK,CACX,wCAAwC,MAAM,CAAC,QAAQ,WAAW,MAAM,CAAC,UAAU,sBAAsB,CAC1G,CAAC;IACJ,CAAC;SAAM,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,oBAAoB,EAAE,CAAC;QAC5D,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,KAAK,SAAS,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;QAC/F,OAAO,CAAC,KAAK,CACX,uCAAuC,MAAM,CAAC,MAAM,WAAW,MAAM,EAAE,CACxE,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/payload/platform/lib/entitlement/rubytech-pubkey.pem

@@ -0,0 +1,3 @@
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAJ3AEVtAbYcVOpFcyKUan4I7JURaztHwwX4dx52ZE414=
+-----END PUBLIC KEY-----

package/payload/platform/package.json

@@ -6,8 +6,8 @@
     "plugins/*/mcp"
   ],
   "scripts": {
-    "build": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p plugins/whatsapp-import/lib/tsconfig.json && NODE_OPTIONS='--max-old-space-size=8192' tsc -b plugins/*/mcp/tsconfig.json",
-    "build:lib": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p plugins/whatsapp-import/lib/tsconfig.json",
+    "build": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p plugins/whatsapp-import/lib/tsconfig.json && NODE_OPTIONS='--max-old-space-size=8192' tsc -b plugins/*/mcp/tsconfig.json",
+    "build:lib": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p plugins/whatsapp-import/lib/tsconfig.json",
     "build:memory": "tsc -p plugins/memory/mcp/tsconfig.json",
     "build:contacts": "tsc -p plugins/contacts/mcp/tsconfig.json",
     "build:telegram": "tsc -p plugins/telegram/mcp/tsconfig.json",

package/payload/platform/plugins/admin/hooks/pre-tool-use.sh

@@ -36,6 +36,26 @@ if [ "$AGENT_TYPE" = "admin" ]; then
           echo "Blocked: Admin agent cannot modify platform code at $FILE_PATH" >&2
           exit 2
           ;;
+        # Entitlement library (Task 831) — verifier source, compiled output, vendored
+        # pubkey, hash file, and any signed entitlement.json. Tampering here is the
+        # agent path to revenue bypass; the legitimate write path is the Rubytech
+        # issuance endpoint, never the agent's filesystem.
+        # Patterns intentionally cover both absolute (*/...) and relative
+        # (no leading slash) paths so an agent can't bypass via cwd-relative writes.
+        */platform/lib/entitlement/*|platform/lib/entitlement/*|*/entitlement.json|entitlement.json)
+          echo "Blocked: Admin agent cannot modify entitlement files at $FILE_PATH (Task 831). Effective tier and purchasedPlugins derive from a Rubytech-signed payload." >&2
+          echo "[entitlement] tool-deny: tool=${TOOL_NAME} path=${FILE_PATH} field=entitlement-file" >&2
+          exit 2
+          ;;
+        # account.json (Task 831) — agent must use the account-update MCP tool
+        # (or plugin-toggle-enabled for enabledPlugins changes), which whitelists
+        # editable fields server-side. Direct Edit/Write bypasses that whitelist;
+        # deny unconditionally including cwd-relative paths.
+        */data/accounts/*/account.json|*/config/accounts/*/account.json|data/accounts/*/account.json|config/accounts/*/account.json|account.json)
+          echo "Blocked: Admin agent cannot edit account.json directly. Use the account-update or plugin-toggle-enabled MCP tools — they whitelist editable fields server-side and exclude tier and purchasedPlugins by design." >&2
+          echo "[entitlement] tool-deny: tool=${TOOL_NAME} path=${FILE_PATH} field=account-json" >&2
+          exit 2
+          ;;
         # Pending action queue — only the hook and MCP tools may write here
         */pending-actions/*)
           echo "Blocked: Admin agent cannot modify pending action files directly" >&2
@@ -50,6 +70,18 @@ if [ "$AGENT_TYPE" = "admin" ]; then
           echo "Blocked: Admin agent cannot run shell commands against code directories" >&2
           exit 2
           ;;
+        # Entitlement files via shell (Task 831) — same surface, blocked symmetrically
+        *"platform/lib/entitlement/"*|*"entitlement.json"*)
+          echo "Blocked: Admin agent cannot reference entitlement files via shell (Task 831)." >&2
+          echo "[entitlement] tool-deny: tool=Bash path=entitlement-file field=entitlement-file" >&2
+          exit 2
+          ;;
+        # account.json via shell (Task 831) — same rationale as Edit/Write block
+        *"data/accounts/"*"account.json"*|*"config/accounts/"*"account.json"*)
+          echo "Blocked: Admin agent cannot edit account.json via shell. Use the account-update MCP tool." >&2
+          echo "[entitlement] tool-deny: tool=Bash path=account-json field=account-json" >&2
+          exit 2
+          ;;
         *"pending-actions/"*)
           echo "Blocked: Admin agent cannot modify pending action files via shell" >&2
           exit 2