@socketsecurity/lib 6.0.2 → 6.0.4

package/CHANGELOG.md

@@ -5,6 +5,40 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [6.0.4](https://github.com/SocketDev/socket-lib/releases/tag/v6.0.4) - 2026-05-28
+
+### Added
+
+- **`shell/quote` — `quote(argv)`.** Escape an argv array into a single POSIX-`sh`-safe command string for display, logging, or copy-pasteable reproductions. Wraps the vendored `shell-quote`. For spawning, prefer `child_process.spawn` with an argv array over quoting into a shell string.
+- **`shell/parse` — `parseShell(line)`.** Tokenize a command line into typed entries (bare strings, operators, comments, globs), preserving shell structure. Use when you need the operators / comments back; for plain argv extraction continue to use `argv/parse-args-string`.
+
+### Changed
+
+- **`argv/parse-args-string` now delegates to the vendored `shell-quote` parser** instead of the hand-rolled regex. Output narrows to bare-string tokens: inner quotes on mixed `key="value"` tokens are stripped (`--bar="x y"` → `--bar=x y`), `$VAR` collapses to empty, operators and comments are dropped. The function's own `@example` already documented the stripped form; only one unit test relied on the old shape.
+
+### Fixed
+
+- **`make-fetch-happen` fetcher is now lazily initialized.** `packages/operations.ts` was creating the fetcher at module load, which forced `make-fetch-happen` (and the npm-pack bundle behind it) to load for any consumer of the module — even ones that only used pure helpers. Initialization now defers to first use.
+- **`Global*` primordial aliases normalize embedded acronyms.** The generator was title-casing the first letter only, leaving embedded acronyms screaming (`encodeURIComponent` → `GlobalEncodeURIComponent`). DOM/URI/URL now lowercase past the first letter so aliases read as single TitleCase words. Concrete renames in `DEFAULT_ALIAS_MAP`: `GlobalDecodeURIComponent` → `GlobalDecodeUriComponent`, `GlobalEncodeURIComponent` → `GlobalEncodeUriComponent`.
+
+## [6.0.3](https://github.com/SocketDev/socket-lib/releases/tag/v6.0.3) - 2026-05-26
+
+### Added
+
+- **`paths/walk` — `walkUp(from, { cwd, stopAt })`.** Lazy generator yielding a path then each ancestor up to (and including) the filesystem root or a `stopAt` boundary. `fs/find-up` now builds on it.
+- **`fs/access` — `canAccess` / `canRead` / `canWrite` / `canExecute`.** Sync boolean permission checks over `fs.accessSync` (F_OK / R_OK / W_OK / X_OK). For "I'm about to write" prefer attempting the write over a pre-check (TOCTOU); use these when the answer drives a branch.
+- **`fs/resolve-module` — `requireResolveFrom(fromDir, specifier)` / `requireResolveFromCwd(specifier)`.** `require.resolve` anchored at an arbitrary directory (e.g. "the `typescript` THIS project would load"). `nothrow: true` returns `undefined` instead of throwing.
+- **`releases/github-retry-config` — `GITHUB_RETRY_CONFIG`, `resolveBaseDelayMs()`, `DEFAULT_BASE_DELAY_MS`.** Shared backoff config for the GitHub release helpers. The base retry delay is overridable via the `SOCKET_GITHUB_RETRY_BASE_DELAY_MS` env var (default 5000ms; set `0` for near-instant retries) — useful in CI / tests to skip the exponential-backoff wait.
+- **`smol/path` — `getSmolPath()`.** Lazy accessor for socket-btm's `node:smol-path` native binding; `undefined` on stock Node. `walkUp`, `canAccess`, and `findUp` now prefer the native fast path (`dirname` / `access` / batched find-up) when running on a smol binary and fall back to the JS implementation otherwise — transparent to callers.
+
+### Changed (breaking)
+
+- **`ai/profiles` exports a single `AI_PROFILE` capability ladder** instead of the four standalone `*_PROFILE` constants. The tiers are `AI_PROFILE.read` ⊂ `.edit` ⊂ `.create` ⊂ `.full`, ordered least-to-most capable. Migration: `READ_ONLY_PROFILE` → `AI_PROFILE.read`; `EDIT_ONLY_PROFILE` → `AI_PROFILE.create` (the old `EDIT_ONLY` allowed `Write`/`MultiEdit`); `FULL_FIX_PROFILE` → `AI_PROFILE.full`. New `AI_PROFILE.edit` is the narrowest fix tier — `Edit` on existing files only, no `Write`/`MultiEdit` — for lint autofix and in-place codemods.
+
+### Changed
+
+- **Every `AI_PROFILE` tier now denies `Agent`.** Sub-agent spawning is blocked across all profiles, since a sub-agent can escape the parent's tool restrictions.
+
 ## [6.0.2](https://github.com/SocketDev/socket-lib/releases/tag/v6.0.2) - 2026-05-26
 
 ### Added

package/dist/_virtual/_rolldown/runtime.js

@@ -0,0 +1,45 @@
+"use strict";
+/* Socket Lib - Built with rolldown */
+//#region \0rolldown/runtime.js
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __exportAll = (all, no_symbols) => {
+	let target = {};
+	for (var name in all) {
+		__defProp(target, name, {
+			get: all[name],
+			enumerable: true
+		});
+	}
+	if (!no_symbols) {
+		__defProp(target, Symbol.toStringTag, { value: "Module" });
+	}
+	return target;
+};
+var __copyProps = (to, from, except, desc) => {
+	if (from && typeof from === "object" || typeof from === "function") {
+		for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
+			key = keys[i];
+			if (!__hasOwnProp.call(to, key) && key !== except) {
+				__defProp(to, key, {
+					get: ((k) => from[k]).bind(null, key),
+					enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+				});
+			}
+		}
+	}
+	return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", {
+	value: mod,
+	enumerable: true
+}) : target, mod));
+
+//#endregion
+
+exports.__exportAll = __exportAll;
+exports.__toESM = __toESM;

package/dist/abort/signal.js

@@ -1,64 +1,58 @@
 "use strict";
-/* Socket Lib - Built with esbuild */
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var signal_exports = {};
-__export(signal_exports, {
-  createCompositeAbortSignal: () => createCompositeAbortSignal,
-  createTimeoutSignal: () => createTimeoutSignal
-});
-module.exports = __toCommonJS(signal_exports);
-var import_error = require("../primordials/error");
-var import_math = require("../primordials/math");
-var import_number = require("../primordials/number");
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_primordials_error = require('../primordials/error.js');
+const require_primordials_math = require('../primordials/math.js');
+const require_primordials_number = require('../primordials/number.js');
+
+//#region src/abort/signal.ts
+/**
+* @file Abort signal utilities — composite signal construction from multiple
+*   sources and timeout-driven signal creation.
+*/
+/**
+* Create a composite AbortSignal from multiple signals.
+*
+* @example
+*   ;```typescript
+*   const ac1 = new AbortController()
+*   const ac2 = new AbortController()
+*   const signal = createCompositeAbortSignal(ac1.signal, ac2.signal)
+*   ```
+*/
 function createCompositeAbortSignal(...signals) {
-  const validSignals = signals.filter((s) => s != null);
-  if (validSignals.length === 0) {
-    return new AbortController().signal;
-  }
-  if (validSignals.length === 1) {
-    return validSignals[0];
-  }
-  const controller = new AbortController();
-  for (const signal of validSignals) {
-    if (signal.aborted) {
-      controller.abort();
-      return controller.signal;
-    }
-    signal.addEventListener("abort", () => controller.abort(), { once: true });
-  }
-  return controller.signal;
+	const validSignals = signals.filter((s) => s != null);
+	if (validSignals.length === 0) return new AbortController().signal;
+	if (validSignals.length === 1) return validSignals[0];
+	const controller = new AbortController();
+	for (const signal of validSignals) {
+		if (signal.aborted) {
+			controller.abort();
+			return controller.signal;
+		}
+		signal.addEventListener("abort", () => controller.abort(), { once: true });
+	}
+	return controller.signal;
 }
+/**
+* Create an AbortSignal that triggers after a timeout.
+*
+* @example
+*   ;```typescript
+*   const signal = createTimeoutSignal(5000) // aborts after 5 seconds
+*   fetch('https://example.com', { signal })
+*   ```
+*
+* @throws {TypeError} If `ms` is not a number, is NaN, is not finite, or is not
+*   positive.
+*/
 function createTimeoutSignal(ms) {
-  if (typeof ms !== "number" || (0, import_number.NumberIsNaN)(ms)) {
-    throw new import_error.TypeErrorCtor("timeout must be a number");
-  }
-  if (!(0, import_number.NumberIsFinite)(ms)) {
-    throw new import_error.TypeErrorCtor("timeout must be a finite number");
-  }
-  if (ms <= 0) {
-    throw new import_error.TypeErrorCtor("timeout must be a positive number");
-  }
-  return AbortSignal.timeout((0, import_math.MathCeil)(ms));
+	if (typeof ms !== "number" || require_primordials_number.NumberIsNaN(ms)) throw new require_primordials_error.TypeErrorCtor("timeout must be a number");
+	if (!require_primordials_number.NumberIsFinite(ms)) throw new require_primordials_error.TypeErrorCtor("timeout must be a finite number");
+	if (ms <= 0) throw new require_primordials_error.TypeErrorCtor("timeout must be a positive number");
+	return AbortSignal.timeout(require_primordials_math.MathCeil(ms));
 }
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  createCompositeAbortSignal,
-  createTimeoutSignal
-});
+
+//#endregion
+exports.createCompositeAbortSignal = createCompositeAbortSignal;
+exports.createTimeoutSignal = createTimeoutSignal;

package/dist/ai/discover.js

@@ -1,128 +1,128 @@
 "use strict";
-/* Socket Lib - Built with esbuild */
-"use strict";
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-var discover_exports = {};
-__export(discover_exports, {
-  cachePathFor: () => cachePathFor,
-  discoverAiAgents: () => discoverAiAgents,
-  discoverFresh: () => discoverFresh,
-  getDiscoveredAiAgents: () => getDiscoveredAiAgents,
-  readDiskCache: () => readDiskCache,
-  resetAiAgentDiscoveryCache: () => resetAiAgentDiscoveryCache,
-  writeDiskCache: () => writeDiskCache
-});
-module.exports = __toCommonJS(discover_exports);
-var import_node_fs = require("node:fs");
-var import_promises = require("node:fs/promises");
-var import_node_path = __toESM(require("node:path"), 1);
-var import_which = require("../bin/which");
-var import_message = require("../errors/message");
-var import_default = require("../logger/default");
-var import_json = require("../primordials/json");
-const logger = (0, import_default.getDefaultLogger)();
+/* Socket Lib - Built with rolldown */
+Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
+const require_runtime = require('../_virtual/_rolldown/runtime.js');
+const require_primordials_json = require('../primordials/json.js');
+const require_bin_which = require('../bin/which.js');
+const require_errors_message = require('../errors/message.js');
+const require_logger_default = require('../logger/default.js');
+let node_fs = require("node:fs");
+let node_fs_promises = require("node:fs/promises");
+let node_path = require("node:path");
+node_path = require_runtime.__toESM(node_path, 1);
+
+//#region src/ai/discover.mts
+/**
+* @file Detect which AI agent CLIs are installed on PATH. Strategy:
+*   which()-based lookup with a two-tier cache:
+*
+*   1. In-process Map — survives until the Node process exits.
+*   2. On-disk JSON at `<repo>/.cache/agent-discovery.json`, TTL 1h — survives
+*      across subprocess invocations (per-file ai-lint-fix batches) without
+*      re-running which(). Cache invalidation: stale on-disk cache is detected
+*      by mtime comparison; missing or expired → fresh which() pass + rewrite.
+*      Why two tiers: hooks and skills spawn dozens of short-lived Node
+*      processes per session. In-process alone misses the cross-process
+*      speedup; on-disk alone hits the filesystem on every call. The
+*      combination keeps repeated lookups under a millisecond after the
+*      cold-start cost.
+*/
+const logger = require_logger_default.getDefaultLogger();
 const KNOWN_AGENTS = [
-  "claude",
-  "codex",
-  "gemini",
-  "opencode"
+	"claude",
+	"codex",
+	"gemini",
+	"opencode"
 ];
-const CACHE_TTL_MS = 60 * 60 * 1e3;
+/**
+* Cache TTL in milliseconds (1 hour).
+*/
+const CACHE_TTL_MS = 3600 * 1e3;
 let inProcessCache;
 function cachePathFor(repoRoot) {
-  return import_node_path.default.join(repoRoot, ".cache", "agent-discovery.json");
+	return node_path.default.join(repoRoot, ".cache", "agent-discovery.json");
 }
+/**
+* Discover which AI agent CLIs are installed.
+*
+* @param options.repoRoot - Where to read/write the on-disk cache. Defaults to
+*   process.cwd(). Skill runners typically pass the target repo's root.
+* @param options.refresh - When true, bypass both caches and re-run which().
+*   Useful after `npm i -g <agent>` mid-session.
+*
+*   Returns a map of agent → absolute binary path. Agents that aren't installed
+*   are absent from the map (not present-with-undefined), so callers can use
+*   `'claude' in agents` for the existence check.
+*/
 async function discoverAiAgents(options = {}) {
-  const { refresh = false, repoRoot = process.cwd() } = options;
-  if (!refresh && inProcessCache) {
-    return inProcessCache;
-  }
-  const cachePath = cachePathFor(repoRoot);
-  if (!refresh) {
-    const fromDisk = readDiskCache(cachePath);
-    if (fromDisk) {
-      inProcessCache = fromDisk;
-      return fromDisk;
-    }
-  }
-  const fresh = discoverFresh();
-  inProcessCache = fresh;
-  await writeDiskCache(cachePath, fresh);
-  return fresh;
+	const { refresh = false, repoRoot = process.cwd() } = options;
+	if (!refresh && inProcessCache) return inProcessCache;
+	const cachePath = cachePathFor(repoRoot);
+	if (!refresh) {
+		const fromDisk = readDiskCache(cachePath);
+		if (fromDisk) {
+			inProcessCache = fromDisk;
+			return fromDisk;
+		}
+	}
+	const fresh = discoverFresh();
+	inProcessCache = fresh;
+	await writeDiskCache(cachePath, fresh);
+	return fresh;
 }
 function discoverFresh() {
-  const out = {};
-  for (const name of KNOWN_AGENTS) {
-    const found = (0, import_which.whichSync)(name);
-    if (typeof found === "string" && found) {
-      out[name] = found;
-    }
-  }
-  return out;
+	const out = {};
+	for (const name of KNOWN_AGENTS) {
+		const found = require_bin_which.whichSync(name);
+		if (typeof found === "string" && found) out[name] = found;
+	}
+	return out;
 }
+/**
+* Synchronous in-process lookup. Skips disk cache + which(). Returns undefined
+* if discoverAiAgents() hasn't been called yet in this process, OR returns the
+* most recent discovery result.
+*
+* Useful in fast paths where the caller has already populated the cache and
+* just wants to read it back.
+*/
 function getDiscoveredAiAgents() {
-  return inProcessCache;
+	return inProcessCache;
 }
 function readDiskCache(cachePath) {
-  if (!(0, import_node_fs.existsSync)(cachePath)) {
-    return void 0;
-  }
-  try {
-    const raw = (0, import_node_fs.readFileSync)(cachePath, "utf8");
-    const parsed = (0, import_json.JSONParse)(raw);
-    if (typeof parsed !== "object" || parsed === null || typeof parsed.writtenAt !== "number" || Date.now() - parsed.writtenAt > CACHE_TTL_MS) {
-      return void 0;
-    }
-    return parsed.agents;
-  } catch {
-    return void 0;
-  }
+	if (!(0, node_fs.existsSync)(cachePath)) return;
+	try {
+		const parsed = require_primordials_json.JSONParse((0, node_fs.readFileSync)(cachePath, "utf8"));
+		if (typeof parsed !== "object" || parsed === null || typeof parsed.writtenAt !== "number" || Date.now() - parsed.writtenAt > CACHE_TTL_MS) return;
+		return parsed.agents;
+	} catch {
+		return;
+	}
 }
+/**
+* Reset the in-process cache. Tests use this; production callers shouldn't need
+* it (use `refresh: true` on discoverAiAgents()).
+*/
 function resetAiAgentDiscoveryCache() {
-  inProcessCache = void 0;
+	inProcessCache = void 0;
 }
 async function writeDiskCache(cachePath, agents) {
-  try {
-    await (0, import_promises.mkdir)(import_node_path.default.dirname(cachePath), { recursive: true });
-    const payload = { agents, writtenAt: Date.now() };
-    (0, import_node_fs.writeFileSync)(cachePath, (0, import_json.JSONStringify)(payload, void 0, 2) + "\n");
-  } catch (e) {
-    logger.error(`discoverAiAgents: cache write failed (${(0, import_message.errorMessage)(e)})`);
-  }
+	try {
+		await (0, node_fs_promises.mkdir)(node_path.default.dirname(cachePath), { recursive: true });
+		(0, node_fs.writeFileSync)(cachePath, require_primordials_json.JSONStringify({
+			agents,
+			writtenAt: Date.now()
+		}, void 0, 2) + "\n");
+	} catch (e) {
+		logger.error(`discoverAiAgents: cache write failed (${require_errors_message.errorMessage(e)})`);
+	}
 }
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  cachePathFor,
-  discoverAiAgents,
-  discoverFresh,
-  getDiscoveredAiAgents,
-  readDiskCache,
-  resetAiAgentDiscoveryCache,
-  writeDiskCache
-});
+
+//#endregion
+exports.cachePathFor = cachePathFor;
+exports.discoverAiAgents = discoverAiAgents;
+exports.discoverFresh = discoverFresh;
+exports.getDiscoveredAiAgents = getDiscoveredAiAgents;
+exports.readDiskCache = readDiskCache;
+exports.resetAiAgentDiscoveryCache = resetAiAgentDiscoveryCache;
+exports.writeDiskCache = writeDiskCache;

package/dist/ai/profiles.d.mts

@@ -2,38 +2,61 @@
  * @file Pre-built lockdown profiles for spawnAiAgent. Per CLAUDE.md
  *   "Programmatic Claude calls" rule: every spawn must set tools / disallow /
  *   permissionMode (and the helper always sets --no-session-persistence +
- *   --add-dir cwd). These profiles are canonical safe defaults that callers
- *   spread + override per call. Choose by capability:
+ *   --add-dir cwd). `AI_PROFILE` is a capability ladder — each tier permits
+ *   everything the tier above it does, plus one more capability. Spread a tier
+ *   and override per call (`tools`/`disallow` to tighten further, `model`,
+ *   `addDirs`). Choose the LEAST-capable tier that gets the job done:
  *
- *   - `READ_ONLY_PROFILE` — research / scanning. Read + Grep + Glob
- *   - WebFetch + WebSearch. No Edit, no Write, no Bash. Use for static analysis
- *     skills (scanning-quality, scanning-security).
- *   - `EDIT_ONLY_PROFILE` — fix-mode. Read + Edit + Grep + Glob. Bash explicitly
- *     denied. Use for skills that mutate source files but don't run arbitrary
- *     shell (ai-lint-fix, refactor passes).
- *   - `FULL_FIX_PROFILE` — fix-mode WITH Bash. Read + Edit + Write + Grep + Glob
- *   - Bash (allowlisted to git/pnpm/node by default). Use for skills that need to
- *     commit, run tests, install deps. No `WIDE_OPEN_PROFILE` exists by design
- *     — letting an agent run arbitrary tools is the lockdown rule's exact
- *     failure mode.
+ *   - `AI_PROFILE.read` — research / scanning. Read + Grep + Glob + WebFetch +
+ *     WebSearch. No Edit, no Write, no Bash. Static-analysis skills
+ *     (scanning-quality, scanning-security).
+ *   - `AI_PROFILE.edit` — in-place edits only. Read + Edit + Grep + Glob. NO
+ *     Write (can't create files), NO MultiEdit, NO Bash. Lint autofix /
+ *     codemods constrained to existing files.
+ *   - `AI_PROFILE.create` — edit AND create files. Adds MultiEdit + Write on top
+ *     of `.edit`. Still no Bash. Codegen, adding a test, refactors that split
+ *     modules.
+ *   - `AI_PROFILE.full` — `.create` plus Bash, allowlisted to git / pnpm / node.
+ *     Skills that commit, run tests, install deps. No "wide open" tier exists
+ *     by design — letting an agent run arbitrary tools is the lockdown rule's
+ *     exact failure mode. The ladder is read ⊂ edit ⊂ create ⊂ full: each
+ *     tier's tool set is a superset of the one above.
  */
 import type { PermissionMode } from './types.mts';
-interface Profile {
+export interface AiProfile {
     readonly allow: readonly string[];
     readonly disallow: readonly string[];
     readonly permissionMode: PermissionMode;
     readonly tools: readonly string[];
 }
 /**
- * Read-only research / scanning. No mutation.
+ * Capability ladder of lockdown profiles, ordered least → most capable. Key
+ * order documents the ladder; each tier is a strict superset of the previous
+ * tier's tool surface.
  */
-export declare const READ_ONLY_PROFILE: Profile;
-/**
- * Edit-mode without Bash. Mutates source but can't run shell.
- */
-export declare const EDIT_ONLY_PROFILE: Profile;
-/**
- * Fix-mode with Bash, allowlisted to git / pnpm / node.
- */
-export declare const FULL_FIX_PROFILE: Profile;
-export {};
+export declare const AI_PROFILE: {
+    readonly read: {
+        readonly allow: readonly [];
+        readonly disallow: readonly ["Agent", "Bash", "Edit", "MultiEdit", "Write"];
+        readonly permissionMode: 'dontAsk';
+        readonly tools: readonly ["Glob", "Grep", "Read", "WebFetch", "WebSearch"];
+    };
+    readonly edit: {
+        readonly allow: readonly [];
+        readonly disallow: readonly ["Agent", "Bash", "MultiEdit", "WebFetch", "WebSearch", "Write"];
+        readonly permissionMode: 'acceptEdits';
+        readonly tools: readonly ["Edit", "Glob", "Grep", "Read"];
+    };
+    readonly create: {
+        readonly allow: readonly [];
+        readonly disallow: readonly ["Agent", "Bash", "WebFetch", "WebSearch"];
+        readonly permissionMode: 'acceptEdits';
+        readonly tools: readonly ["Edit", "Glob", "Grep", "MultiEdit", "Read", "Write"];
+    };
+    readonly full: {
+        readonly allow: readonly ["Bash(git status:*)", "Bash(git diff:*)", "Bash(git log:*)", "Bash(git add:*)", "Bash(git commit:*)", "Bash(node:*)", "Bash(pnpm exec:*)", "Bash(pnpm run:*)", "Bash(pnpm test:*)"];
+        readonly disallow: readonly ["Agent", "WebFetch", "WebSearch"];
+        readonly permissionMode: 'acceptEdits';
+        readonly tools: readonly ["Bash", "Edit", "Glob", "Grep", "MultiEdit", "Read", "Write"];
+    };
+};