@tankgate/cli 0.1.0

package/dist/commands/audit.d.ts

@@ -0,0 +1,14 @@
+/**
+ * tankgate audit command
+ *
+ * Shows audit history - what was allowed, blocked, and why.
+ * This is how users SEE THE VALUE of TankGate.
+ */
+export interface AuditOptions {
+    limit: number;
+    blocked: boolean;
+    json: boolean;
+    db: string;
+}
+export declare function audit(options: AuditOptions): Promise<void>;
+//# sourceMappingURL=audit.d.ts.map

package/dist/commands/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC;IACd,EAAE,EAAE,MAAM,CAAC;CACZ;AAcD,wBAAsB,KAAK,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA6ChE"}

package/dist/commands/audit.js

@@ -0,0 +1,138 @@
+/**
+ * tankgate audit command
+ *
+ * Shows audit history - what was allowed, blocked, and why.
+ * This is how users SEE THE VALUE of TankGate.
+ */
+import chalk from 'chalk';
+import { Database } from 'bun:sqlite';
+export async function audit(options) {
+    const dbPath = options.db || './.tankgate/audit.db';
+    let db;
+    try {
+        db = new Database(dbPath, { readonly: true });
+    }
+    catch {
+        console.error(chalk.red('Error: Cannot open audit database'));
+        console.log(chalk.gray(`Path: ${dbPath}`));
+        console.log(chalk.gray('Make sure TankGate is running and has processed some requests.'));
+        process.exit(1);
+    }
+    try {
+        // Get stats
+        const stats = getStats(db);
+        // Get entries
+        let query = `SELECT * FROM audit_log ORDER BY timestamp DESC LIMIT ?`;
+        if (options.blocked) {
+            query = `SELECT * FROM audit_log WHERE decision = 'blocked' OR level = 'level_4' ORDER BY timestamp DESC LIMIT ?`;
+        }
+        const entries = db.query(query).all(options.limit);
+        if (options.json) {
+            console.log(JSON.stringify({ stats, entries }, null, 2));
+            return;
+        }
+        // Print summary
+        printSummary(stats);
+        // Print entries
+        if (entries.length > 0) {
+            console.log(chalk.bold('\n📋 Recent Activity\n'));
+            entries.forEach(entry => printEntry(entry));
+        }
+        else {
+            console.log(chalk.gray('\nNo audit entries found.'));
+            console.log(chalk.gray('Use your AI agent with TankGate to see activity here.'));
+        }
+    }
+    finally {
+        db.close();
+    }
+}
+function getStats(db) {
+    const row = db.query(`
+    SELECT
+      COUNT(*) as total,
+      SUM(CASE WHEN decision = 'blocked' OR level = 'level_4' THEN 1 ELSE 0 END) as blocked,
+      SUM(CASE WHEN level = 'level_0' THEN 1 ELSE 0 END) as level_0,
+      SUM(CASE WHEN level = 'level_1' THEN 1 ELSE 0 END) as level_1,
+      SUM(CASE WHEN level = 'level_2' THEN 1 ELSE 0 END) as level_2,
+      SUM(CASE WHEN level = 'level_3' THEN 1 ELSE 0 END) as level_3,
+      SUM(CASE WHEN level = 'level_4' THEN 1 ELSE 0 END) as level_4
+    FROM audit_log
+  `).get();
+    return {
+        total: row?.total || 0,
+        blocked: row?.blocked || 0,
+        approved: 0, // Would need to track this separately
+        level_0: row?.level_0 || 0,
+        level_1: row?.level_1 || 0,
+        level_2: row?.level_2 || 0,
+        level_3: row?.level_3 || 0,
+        level_4: row?.level_4 || 0,
+    };
+}
+function printSummary(stats) {
+    console.log(chalk.bold('\n🛡️  TankGate Audit Summary\n'));
+    // Value proposition
+    if (stats.blocked > 0) {
+        console.log(chalk.green(`  ✅ Blocked ${chalk.bold(stats.blocked)} dangerous actions`));
+    }
+    else {
+        console.log(chalk.gray('  No dangerous actions blocked yet'));
+    }
+    console.log();
+    console.log(`  Total requests:  ${chalk.cyan(stats.total)}`);
+    console.log();
+    console.log('  By action level:');
+    console.log(`    ${chalk.gray('level_0')} (silent):    ${stats.level_0}`);
+    console.log(`    ${chalk.cyan('level_1')} (log):       ${stats.level_1}`);
+    console.log(`    ${chalk.yellow('level_2')} (notify):    ${stats.level_2}`);
+    console.log(`    ${chalk.magenta('level_3')} (approve):   ${stats.level_3}`);
+    console.log(`    ${chalk.red('level_4')} (block):     ${stats.level_4}`);
+}
+function printEntry(entry) {
+    const time = new Date(entry.timestamp).toLocaleTimeString();
+    const date = new Date(entry.timestamp).toLocaleDateString();
+    // Color based on level
+    let levelColor = chalk.gray;
+    let levelIcon = '○';
+    if (entry.level === 'level_1') {
+        levelColor = chalk.cyan;
+        levelIcon = '●';
+    }
+    if (entry.level === 'level_2') {
+        levelColor = chalk.yellow;
+        levelIcon = '◐';
+    }
+    if (entry.level === 'level_3') {
+        levelColor = chalk.magenta;
+        levelIcon = '◑';
+    }
+    if (entry.level === 'level_4' || entry.decision === 'blocked') {
+        levelColor = chalk.red;
+        levelIcon = '✗';
+    }
+    console.log(`  ${levelIcon} ${chalk.gray(`${date} ${time}`)} ${levelColor(entry.level || entry.decision)}`);
+    if (entry.tool && entry.action) {
+        console.log(`    ${chalk.cyan(entry.tool)}.${chalk.cyan(entry.action)}`);
+    }
+    if (entry.reason) {
+        console.log(`    ${entry.reason}`);
+    }
+    // Parse and show args if relevant
+    if (entry.args) {
+        try {
+            const args = JSON.parse(entry.args);
+            if (args.command) {
+                console.log(`    ${chalk.gray('$')} ${args.command}`);
+            }
+            if (args.path) {
+                console.log(`    ${chalk.gray('path:')} ${args.path}`);
+            }
+        }
+        catch {
+            // Ignore parse errors
+        }
+    }
+    console.log();
+}
+//# sourceMappingURL=audit.js.map

package/dist/commands/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAqBtC,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,OAAqB;IAC/C,MAAM,MAAM,GAAG,OAAO,CAAC,EAAE,IAAI,sBAAsB,CAAC;IAEpD,IAAI,EAAY,CAAC;IACjB,IAAI,CAAC;QACH,EAAE,GAAG,IAAI,QAAQ,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,MAAM,EAAE,CAAC,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC,CAAC;QAC1F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,CAAC;QACH,YAAY;QACZ,MAAM,KAAK,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC;QAE3B,cAAc;QACd,IAAI,KAAK,GAAG,yDAAyD,CAAC;QACtE,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,KAAK,GAAG,yGAAyG,CAAC;QACpH,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK,CAAuB,KAAK,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAEzE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YACzD,OAAO;QACT,CAAC;QAED,gBAAgB;QAChB,YAAY,CAAC,KAAK,CAAC,CAAC;QAEpB,gBAAgB;QAChB,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;YAClD,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC,CAAC;QACnF,CAAC;IAEH,CAAC;YAAS,CAAC;QACT,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC;AACH,CAAC;AAaD,SAAS,QAAQ,CAAC,EAAY;IAC5B,MAAM,GAAG,GAAG,EAAE,CAAC,KAAK,CAA8H;;;;;;;;;;GAUjJ,CAAC,CAAC,GAAG,EAAE,CAAC;IAET,OAAO;QACL,KAAK,EAAE,GAAG,EAAE,KAAK,IAAI,CAAC;QACtB,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,CAAC;QAC1B,QAAQ,EAAE,CAAC,EAAE,sCAAsC;QACnD,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,CAAC;QAC1B,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,CAAC;QAC1B,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,CAAC;QAC1B,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,CAAC;QAC1B,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,CAAC;KAC3B,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,KAAY;IAChC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,CAAC;IAE3D,oBAAoB;IACpB,IAAI,KAAK,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,eAAe,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACzF,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,iBAAiB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,iBAAiB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,iBAAiB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC5E,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,iBAAiB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,iBAAiB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,UAAU,CAAC,KAAiB;IACnC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,kBAAkB,EAAE,CAAC;IAC5D,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,kBAAkB,EAAE,CAAC;IAE5D,uBAAuB;IACvB,IAAI,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC;IAC5B,IAAI,SAAS,GAAG,GAAG,CAAC;IACpB,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAAC,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC;QAAC,SAAS,GAAG,GAAG,CAAC;IAAC,CAAC;IAC5E,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAAC,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC;QAAC,SAAS,GAAG,GAAG,CAAC;IAAC,CAAC;IAC9E,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAAC,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC;QAAC,SAAS,GAAG,GAAG,CAAC;IAAC,CAAC;IAC/E,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,IAAI,KAAK,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC9D,UAAU,GAAG,KAAK,CAAC,GAAG,CAAC;QACvB,SAAS,GAAG,GAAG,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,SAAS,IAAI,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAE5G,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,kCAAkC;IAClC,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;QACf,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACpC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,CAAC;YACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sBAAsB;QACxB,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC"}

package/dist/commands/config.d.ts

@@ -0,0 +1,11 @@
+/**
+ * tankgate config command
+ *
+ * Simplified configuration for common settings.
+ * No need to edit YAML - just answer questions!
+ */
+export interface ConfigOptions {
+    path: string;
+}
+export declare function config(options: ConfigOptions): Promise<void>;
+//# sourceMappingURL=config.d.ts.map

package/dist/commands/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/commands/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AASH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;CACd;AAED,wBAAsB,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAgIlE"}

package/dist/commands/config.js

@@ -0,0 +1,128 @@
+/**
+ * tankgate config command
+ *
+ * Simplified configuration for common settings.
+ * No need to edit YAML - just answer questions!
+ */
+import chalk from 'chalk';
+import { select, checkbox, confirm } from '@inquirer/prompts';
+import { writeFileSync } from 'fs';
+import { resolve } from 'path';
+import { stringify } from 'yaml';
+import { SERVICE_PRESETS, PRESETS } from '../presets';
+export async function config(options) {
+    const policyPath = resolve(options.path || '.tankgate/policies/default.yaml');
+    console.log(chalk.bold('\n⚙️ TankGate Configuration\n'));
+    console.log(chalk.gray('Answer a few questions to configure your security settings.\n'));
+    // 1. Security Level
+    const securityLevel = await select({
+        message: 'How restrictive should TankGate be?',
+        choices: [
+            { name: '🛡️  Safe - Block dangerous operations, require approval for changes', value: 'safe' },
+            { name: '⚖️  Balanced - Block dangerous, allow normal dev work', value: 'balanced' },
+            { name: '🔓 Permissive - Allow most things, just log', value: 'permissive' },
+            { name: '👁️  Read-Only - Only allow reading, no modifications', value: 'readonly' },
+        ],
+    });
+    // 2. Allowed Services (skip for readonly)
+    let allowedServices = [];
+    if (securityLevel !== 'readonly') {
+        allowedServices = await checkbox({
+            message: 'Which tools/services should OpenClaw be able to use?',
+            choices: [
+                { name: 'git - Version control (status, commit, push)', value: 'git', checked: true },
+                { name: 'npm/bun - Package management', value: 'npm', checked: true },
+                { name: 'docker - Container management', value: 'docker' },
+                { name: 'python - Python & pip', value: 'python' },
+                { name: 'all - Allow all tools', value: 'all' },
+            ],
+        });
+    }
+    // 3. Protected Paths
+    const protectSecrets = await confirm({
+        message: 'Block access to .env and secrets files?',
+        default: true,
+    });
+    // 4. Network Access
+    const blockNetwork = await confirm({
+        message: 'Block network commands (curl, wget, ssh)?',
+        default: securityLevel === 'safe',
+    });
+    // 5. Approval Channel
+    const approvalChannel = await select({
+        message: 'How should TankGate notify you about important actions?',
+        choices: [
+            { name: '📱 Telegram - Get approval requests on Telegram', value: 'telegram' },
+            { name: '📋 Log only - Just log to console', value: 'log' },
+            { name: '🚫 Block - Block anything requiring approval', value: 'block' },
+        ],
+    });
+    // Build the policy
+    const basePreset = PRESETS[securityLevel];
+    const rules = [...basePreset.rules];
+    // Add service allowlist rules
+    if (allowedServices.length > 0 && !allowedServices.includes('all')) {
+        const allowedPatterns = allowedServices
+            .flatMap(s => SERVICE_PRESETS[s] || [])
+            .join('|');
+        rules.unshift({
+            name: 'Allow approved services',
+            level: 'level_0',
+            match: { tool: 'Bash', pattern: `^(${allowedPatterns})` },
+            message: null
+        });
+    }
+    // Add network block if requested
+    if (blockNetwork && securityLevel !== 'safe') {
+        rules.push({
+            name: 'Block network commands',
+            level: 'level_4',
+            match: { tool: 'Bash', pattern: 'curl|wget|nc|ssh|scp|rsync' },
+            message: 'Network commands are blocked'
+        });
+    }
+    // Add secrets protection if requested
+    if (protectSecrets && securityLevel !== 'safe') {
+        rules.push({
+            name: 'Block secrets access',
+            level: 'level_4',
+            match: { tool: '*', pattern: '\\.env|secrets/|credentials/|\\.pem|\\.key' },
+            message: 'Access to secrets is blocked'
+        });
+    }
+    const policy = {
+        metadata: {
+            name: 'tankgate-policy',
+            version: '1.0',
+            preset: securityLevel,
+            generated: new Date().toISOString()
+        },
+        defaults: {
+            action_level: basePreset.level,
+            network_mode: 'proxy',
+            approval_channel: approvalChannel
+        },
+        rules
+    };
+    // Save
+    const yamlContent = stringify(policy, { lineWidth: 0 });
+    writeFileSync(policyPath, yamlContent);
+    console.log(chalk.green('\n✓ Configuration saved!'));
+    console.log();
+    console.log(chalk.cyan('Your settings:'));
+    console.log(`  Security: ${chalk.white(securityLevel)}`);
+    if (allowedServices.length > 0) {
+        console.log(`  Services: ${chalk.white(allowedServices.join(', '))}`);
+    }
+    console.log(`  Block secrets: ${protectSecrets ? chalk.green('Yes') : chalk.red('No')}`);
+    console.log(`  Block network: ${blockNetwork ? chalk.green('Yes') : chalk.red('No')}`);
+    console.log(`  Notifications: ${chalk.white(approvalChannel)}`);
+    console.log();
+    console.log(chalk.gray(`Policy saved to: ${policyPath}`));
+    console.log();
+    console.log(chalk.cyan('Next steps:'));
+    console.log(chalk.gray('  • tankgate policy show - View your policy'));
+    console.log(chalk.gray('  • tankgate audit - See what\'s been blocked'));
+    console.log(chalk.gray('  • tankgate config - Change settings'));
+}
+//# sourceMappingURL=config.js.map

package/dist/commands/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/commands/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAS,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,EAA4B,aAAa,EAAE,MAAM,IAAI,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC/B,OAAO,EAAS,SAAS,EAAE,MAAM,MAAM,CAAC;AACxC,OAAO,EAAE,eAAe,EAAE,OAAO,EAAmB,MAAM,YAAY,CAAC;AAMvE,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,OAAsB;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,iCAAiC,CAAC,CAAC;IAE9E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC,CAAC;IAEzF,oBAAoB;IACpB,MAAM,aAAa,GAAG,MAAM,MAAM,CAAC;QACjC,OAAO,EAAE,qCAAqC;QAC9C,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,sEAAsE,EAAE,KAAK,EAAE,MAAM,EAAE;YAC/F,EAAE,IAAI,EAAE,uDAAuD,EAAE,KAAK,EAAE,UAAU,EAAE;YACpF,EAAE,IAAI,EAAE,6CAA6C,EAAE,KAAK,EAAE,YAAY,EAAE;YAC5E,EAAE,IAAI,EAAE,uDAAuD,EAAE,KAAK,EAAE,UAAU,EAAE;SACrF;KACF,CAAe,CAAC;IAEjB,0CAA0C;IAC1C,IAAI,eAAe,GAAa,EAAE,CAAC;IACnC,IAAI,aAAa,KAAK,UAAU,EAAE,CAAC;QACjC,eAAe,GAAG,MAAM,QAAQ,CAAC;YAC/B,OAAO,EAAE,sDAAsD;YAC/D,OAAO,EAAE;gBACP,EAAE,IAAI,EAAE,8CAA8C,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE;gBACrF,EAAE,IAAI,EAAE,8BAA8B,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE;gBACrE,EAAE,IAAI,EAAE,+BAA+B,EAAE,KAAK,EAAE,QAAQ,EAAE;gBAC1D,EAAE,IAAI,EAAE,uBAAuB,EAAE,KAAK,EAAE,QAAQ,EAAE;gBAClD,EAAE,IAAI,EAAE,uBAAuB,EAAE,KAAK,EAAE,KAAK,EAAE;aAChD;SACF,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB;IACrB,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC;QACnC,OAAO,EAAE,yCAAyC;QAClD,OAAO,EAAE,IAAI;KACd,CAAC,CAAC;IAEH,oBAAoB;IACpB,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC;QACjC,OAAO,EAAE,2CAA2C;QACpD,OAAO,EAAE,aAAa,KAAK,MAAM;KAClC,CAAC,CAAC;IAEH,sBAAsB;IACtB,MAAM,eAAe,GAAG,MAAM,MAAM,CAAC;QACnC,OAAO,EAAE,yDAAyD;QAClE,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,iDAAiD,EAAE,KAAK,EAAE,UAAU,EAAE;YAC9E,EAAE,IAAI,EAAE,mCAAmC,EAAE,KAAK,EAAE,KAAK,EAAE;YAC3D,EAAE,IAAI,EAAE,8CAA8C,EAAE,KAAK,EAAE,OAAO,EAAE;SACzE;KACF,CAAC,CAAC;IAEH,mBAAmB;IACnB,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC;IAEpC,8BAA8B;IAC9B,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACnE,MAAM,eAAe,GAAG,eAAe;aACpC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;aACtC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEb,KAAK,CAAC,OAAO,CAAC;YACZ,IAAI,EAAE,yBAAyB;YAC/B,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,eAAe,GAAG,EAAE;YACzD,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;IACL,CAAC;IAED,iCAAiC;IACjC,IAAI,YAAY,IAAI,aAAa,KAAK,MAAM,EAAE,CAAC;QAC7C,KAAK,CAAC,IAAI,CAAC;YACT,IAAI,EAAE,wBAAwB;YAC9B,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,4BAA4B,EAAE;YAC9D,OAAO,EAAE,8BAA8B;SACxC,CAAC,CAAC;IACL,CAAC;IAED,sCAAsC;IACtC,IAAI,cAAc,IAAI,aAAa,KAAK,MAAM,EAAE,CAAC;QAC/C,KAAK,CAAC,IAAI,CAAC;YACT,IAAI,EAAE,sBAAsB;YAC5B,KAAK,EAAE,SAAS;YAChB,KAAK,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,4CAA4C,EAAE;YAC3E,OAAO,EAAE,8BAA8B;SACxC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE;YACR,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,aAAa;YACrB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC;QACD,QAAQ,EAAE;YACR,YAAY,EAAE,UAAU,CAAC,KAAK;YAC9B,YAAY,EAAE,OAAO;YACrB,gBAAgB,EAAE,eAAe;SAClC;QACD,KAAK;KACN,CAAC;IAEF,OAAO;IACP,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC;IACxD,aAAa,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAEvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;IACzD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,oBAAoB,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzF,OAAO,CAAC,GAAG,CAAC,oBAAoB,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvF,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,CAAC,KAAK,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,oBAAoB,UAAU,EAAE,CAAC,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,6CAA6C,CAAC,CAAC,CAAC;IACvE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC,CAAC;IACzE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC,CAAC;AACnE,CAAC"}

package/dist/commands/init.d.ts

@@ -0,0 +1,24 @@
+/**
+ * tankgate init command
+ *
+ * Initializes TankGate in a project by:
+ * 1. Detecting the AI agent being used
+ * 2. Running an interactive wizard (or using CLI flags)
+ * 3. Generating configuration files
+ */
+import type { AgentType } from '@tankgate/core';
+export interface InitCommandOptions {
+    path: string;
+    detect: boolean;
+    force: boolean;
+    agent?: AgentType;
+    mode?: 'contained' | 'convenience';
+    profile?: 'fast' | 'standard' | 'paranoid';
+    approval?: 'telegram' | 'none';
+    yes: boolean;
+}
+/**
+ * Run the init command
+ */
+export declare function init(options: InitCommandOptions): Promise<void>;
+//# sourceMappingURL=init.d.ts.map

package/dist/commands/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAeH,OAAO,KAAK,EAAE,SAAS,EAAe,MAAM,gBAAgB,CAAC;AAE7D,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,OAAO,CAAC;IAChB,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,IAAI,CAAC,EAAE,WAAW,GAAG,aAAa,CAAC;IACnC,OAAO,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,UAAU,CAAC;IAC3C,QAAQ,CAAC,EAAE,UAAU,GAAG,MAAM,CAAC;IAC/B,GAAG,EAAE,OAAO,CAAC;CACd;AAED;;GAEG;AACH,wBAAsB,IAAI,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CA6FrE"}

package/dist/commands/init.js

@@ -0,0 +1,125 @@
+/**
+ * tankgate init command
+ *
+ * Initializes TankGate in a project by:
+ * 1. Detecting the AI agent being used
+ * 2. Running an interactive wizard (or using CLI flags)
+ * 3. Generating configuration files
+ */
+import { mkdir, writeFile, access } from 'fs/promises';
+import { join } from 'path';
+import chalk from 'chalk';
+import ora from 'ora';
+import { detectAgent, runWizard, generateDockerCompose, generatePolicy, generateConfigYaml, generateEnvExample, mergeWithDefaults, } from '@tankgate/core';
+/**
+ * Run the init command
+ */
+export async function init(options) {
+    const projectPath = options.path || '.';
+    const spinner = ora();
+    console.log(chalk.bold('\n🛡️  TankGate Initialization\n'));
+    // Check if already initialized
+    if (!options.force) {
+        const configExists = await fileExists(join(projectPath, '.tankgate', 'config.yaml'));
+        if (configExists) {
+            console.log(chalk.yellow('TankGate is already initialized in this project.'));
+            console.log(chalk.gray('Use --force to overwrite existing configuration.'));
+            return;
+        }
+    }
+    // Step 1: Detect agent
+    let detected = null;
+    if (options.detect || !options.agent) {
+        spinner.start('Detecting AI agent...');
+        detected = await detectAgent(projectPath);
+        if (detected) {
+            spinner.succeed(`Detected ${chalk.cyan(detected.agent)} agent (${detected.confidence} confidence)`);
+            if (detected.evidence.length > 0) {
+                console.log(chalk.gray(`  Evidence: ${detected.evidence.join(', ')}`));
+            }
+        }
+        else {
+            spinner.info('No AI agent detected');
+        }
+    }
+    // Step 2: Run wizard or use defaults
+    let initOptions;
+    if (options.yes) {
+        // Non-interactive mode: use defaults + provided flags
+        initOptions = mergeWithDefaults({
+            agent: options.agent ?? detected?.agent,
+            mode: options.mode,
+            profile: options.profile,
+            approval: options.approval,
+        });
+        console.log(chalk.gray('\nUsing default configuration (non-interactive mode)'));
+    }
+    else {
+        // Interactive mode
+        console.log();
+        initOptions = await runWizard(detected?.agent ?? null, {
+            agent: options.agent,
+            mode: options.mode,
+            profile: options.profile,
+            approval: options.approval,
+        });
+    }
+    // Step 3: Generate files
+    console.log();
+    spinner.start('Creating configuration files...');
+    try {
+        // Create directories
+        await mkdir(join(projectPath, '.tankgate', 'policies'), { recursive: true });
+        // Generate config.yaml
+        await writeFile(join(projectPath, '.tankgate', 'config.yaml'), generateConfigYaml(initOptions));
+        // Generate policy file
+        await writeFile(join(projectPath, '.tankgate', 'policies', `${initOptions.agent}.yaml`), generatePolicy(initOptions.agent));
+        // Generate docker-compose
+        await writeFile(join(projectPath, 'docker-compose.tankgate.yml'), generateDockerCompose(initOptions));
+        // Generate .env.example
+        await writeFile(join(projectPath, '.env.example'), generateEnvExample(initOptions));
+        spinner.succeed('Configuration files created');
+    }
+    catch (error) {
+        spinner.fail('Failed to create configuration files');
+        throw error;
+    }
+    // Step 4: Print next steps
+    printNextSteps(initOptions);
+}
+/**
+ * Check if a file exists
+ */
+async function fileExists(path) {
+    try {
+        await access(path);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Print next steps for the user
+ */
+function printNextSteps(options) {
+    console.log(chalk.bold.green('\n✅ TankGate initialized successfully!\n'));
+    console.log(chalk.bold('Configuration files created:'));
+    console.log(chalk.gray('  .tankgate/config.yaml          - Main configuration'));
+    console.log(chalk.gray(`  .tankgate/policies/${options.agent}.yaml - Agent policy`));
+    console.log(chalk.gray('  docker-compose.tankgate.yml    - Docker configuration'));
+    console.log(chalk.gray('  .env.example                   - Environment template'));
+    console.log(chalk.bold('\nNext steps:'));
+    console.log(chalk.cyan('  1.') + ' Copy .env.example to .env and add your API keys:');
+    console.log(chalk.gray('     cp .env.example .env'));
+    if (options.approval === 'telegram') {
+        console.log(chalk.cyan('  2.') + ' Configure Telegram for approval (see .env.example)');
+    }
+    console.log(chalk.cyan('  3.') + ' Start TankGate:');
+    console.log(chalk.gray('     docker compose -f docker-compose.tankgate.yml up -d'));
+    console.log(chalk.cyan('  4.') + ' Configure your AI agent to use TankGate:');
+    console.log(chalk.gray('     export OPENAI_BASE_URL=http://localhost:8080/v1'));
+    console.log(chalk.bold('\nDocumentation: ') + chalk.blue('https://tankgate.dev/docs'));
+    console.log();
+}
+//# sourceMappingURL=init.js.map

package/dist/commands/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../src/commands/init.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,EACL,WAAW,EACX,SAAS,EACT,qBAAqB,EACrB,cAAc,EACd,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AAcxB;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,OAA2B;IACpD,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,IAAI,GAAG,CAAC;IACxC,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC;IAEtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,CAAC;IAE5D,+BAA+B;IAC/B,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC,CAAC;QACrF,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,kDAAkD,CAAC,CAAC,CAAC;YAC9E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC,CAAC;YAC5E,OAAO;QACT,CAAC;IACH,CAAC;IAED,uBAAuB;IACvB,IAAI,QAAQ,GAAwE,IAAI,CAAC;IACzF,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACrC,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QACvC,QAAQ,GAAG,MAAM,WAAW,CAAC,WAAW,CAAC,CAAC;QAC1C,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,CAAC,OAAO,CAAC,YAAY,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,WAAW,QAAQ,CAAC,UAAU,cAAc,CAAC,CAAC;YACpG,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,IAAI,WAAwB,CAAC;IAC7B,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,sDAAsD;QACtD,WAAW,GAAG,iBAAiB,CAAC;YAC9B,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,QAAQ,EAAE,KAAK;YACvC,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC,CAAC;IAClF,CAAC;SAAM,CAAC;QACN,mBAAmB;QACnB,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,WAAW,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE,KAAK,IAAI,IAAI,EAAE;YACrD,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC,CAAC;IACL,CAAC;IAED,yBAAyB;IACzB,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;IAEjD,IAAI,CAAC;QACH,qBAAqB;QACrB,MAAM,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,EAAE,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE7E,uBAAuB;QACvB,MAAM,SAAS,CACb,IAAI,CAAC,WAAW,EAAE,WAAW,EAAE,aAAa,CAAC,EAC7C,kBAAkB,CAAC,WAAW,CAAC,CAChC,CAAC;QAEF,uBAAuB;QACvB,MAAM,SAAS,CACb,IAAI,CAAC,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,WAAW,CAAC,KAAK,OAAO,CAAC,EACvE,cAAc,CAAC,WAAW,CAAC,KAAK,CAAC,CAClC,CAAC;QAEF,0BAA0B;QAC1B,MAAM,SAAS,CACb,IAAI,CAAC,WAAW,EAAE,6BAA6B,CAAC,EAChD,qBAAqB,CAAC,WAAW,CAAC,CACnC,CAAC;QAEF,wBAAwB;QACxB,MAAM,SAAS,CACb,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,EACjC,kBAAkB,CAAC,WAAW,CAAC,CAChC,CAAC;QAEF,OAAO,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACrD,MAAM,KAAK,CAAC;IACd,CAAC;IAED,2BAA2B;IAC3B,cAAc,CAAC,WAAW,CAAC,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,UAAU,CAAC,IAAY;IACpC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,OAAoB;IAC1C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;IAE1E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC,CAAC;IACjF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,OAAO,CAAC,KAAK,sBAAsB,CAAC,CAAC,CAAC;IACrF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC,CAAC;IACnF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC,CAAC;IAEnF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,mDAAmD,CAAC,CAAC;IACtF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;IAErD,IAAI,OAAO,CAAC,QAAQ,KAAK,UAAU,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,qDAAqD,CAAC,CAAC;IAC1F,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,kBAAkB,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC,CAAC;IAEpF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,2CAA2C,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC,CAAC;IAEhF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;IACvF,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC"}

package/dist/commands/policy-add-rule.d.ts

@@ -0,0 +1,16 @@
+/**
+ * tankgate policy add-rule command
+ *
+ * Interactively add a new rule to the policy.
+ * This is the EASIEST way to add rules without editing YAML.
+ */
+export interface PolicyAddRuleOptions {
+    path: string;
+    tool?: string;
+    action?: string;
+    level?: string;
+    pattern?: string;
+    name?: string;
+}
+export declare function policyAddRule(options: PolicyAddRuleOptions): Promise<void>;
+//# sourceMappingURL=policy-add-rule.d.ts.map

package/dist/commands/policy-add-rule.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-add-rule.d.ts","sourceRoot":"","sources":["../../src/commands/policy-add-rule.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,wBAAsB,aAAa,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,IAAI,CAAC,CAoHhF"}

package/dist/commands/policy-add-rule.js

@@ -0,0 +1,125 @@
+/**
+ * tankgate policy add-rule command
+ *
+ * Interactively add a new rule to the policy.
+ * This is the EASIEST way to add rules without editing YAML.
+ */
+import chalk from 'chalk';
+import { select, input } from '@inquirer/prompts';
+import { existsSync, readFileSync, writeFileSync } from 'fs';
+import { resolve } from 'path';
+import { parse, stringify } from 'yaml';
+export async function policyAddRule(options) {
+    const policyPath = resolve(options.path || '.tankgate/policies/default.yaml');
+    if (!existsSync(policyPath)) {
+        console.error(chalk.red(`Error: Policy file not found: ${policyPath}`));
+        console.log(chalk.gray('\nRun `tankgate init` to create a policy file first.'));
+        process.exit(1);
+    }
+    const content = readFileSync(policyPath, 'utf-8');
+    const policy = parse(content);
+    // Initialize rules array if not exists
+    if (!policy.rules) {
+        policy.rules = [];
+    }
+    console.log(chalk.bold('\n➕ Add New Policy Rule\n'));
+    // Get rule details (interactive or from options)
+    const name = options.name || await input({
+        message: 'Rule name (e.g., "Block production access"):',
+        default: `Rule ${policy.rules.length + 1}`,
+    });
+    const tool = options.tool || await select({
+        message: 'Which tool does this rule apply to?',
+        choices: [
+            { name: 'Bash - Shell commands', value: 'Bash' },
+            { name: 'Read - File reading', value: 'Read' },
+            { name: 'Write - File writing', value: 'Write' },
+            { name: 'Edit - File editing', value: 'Edit' },
+            { name: 'WebSearch - Web searches', value: 'WebSearch' },
+            { name: '* - All tools', value: '*' },
+        ],
+    });
+    const action = options.action || await select({
+        message: 'Which action?',
+        choices: tool === '*' || tool === 'WebSearch'
+            ? [{ name: '* - All actions', value: '*' }]
+            : [
+                { name: '* - All actions', value: '*' },
+                { name: 'read - Reading', value: 'read' },
+                { name: 'write - Writing', value: 'write' },
+                { name: 'execute - Executing', value: 'execute' },
+            ],
+    });
+    const level = options.level || await select({
+        message: 'What should happen when this rule matches?',
+        choices: [
+            { name: '○ level_0 - Silent allow (no logging)', value: 'level_0' },
+            { name: '● level_1 - Log only', value: 'level_1' },
+            { name: '◐ level_2 - Notify (Telegram)', value: 'level_2' },
+            { name: '◑ level_3 - Require approval', value: 'level_3' },
+            { name: '✗ level_4 - Block completely', value: 'level_4' },
+        ],
+    });
+    let pattern = options.pattern;
+    if (!pattern && tool === 'Bash') {
+        pattern = await input({
+            message: 'Command pattern (regex, e.g., "rm -rf|sudo|npm publish"):',
+            default: '.*',
+        });
+    }
+    else if (!pattern && (tool === 'Read' || tool === 'Write' || tool === 'Edit')) {
+        pattern = await input({
+            message: 'Path pattern (regex, e.g., "\\.env|secrets/|credentials"):',
+            default: '.*',
+        });
+    }
+    const message = await input({
+        message: 'Custom message (shown when rule matches):',
+        default: '',
+    });
+    // Build the rule
+    const rule = {
+        name,
+        level,
+        match: {
+            tool,
+            action,
+        },
+    };
+    if (pattern && pattern !== '.*') {
+        rule.match.pattern = pattern;
+    }
+    if (message) {
+        rule.message = message;
+    }
+    // Add to policy
+    policy.rules.push(rule);
+    // Write back
+    const yamlContent = stringify(policy, { lineWidth: 0 });
+    writeFileSync(policyPath, yamlContent);
+    console.log(chalk.green('\n✓ Rule added successfully!\n'));
+    console.log(chalk.gray('Rule details:'));
+    console.log(`  Name: ${chalk.white(name)}`);
+    console.log(`  Tool: ${chalk.cyan(tool)}`);
+    console.log(`  Action: ${chalk.cyan(action)}`);
+    console.log(`  Level: ${formatLevel(level)}`);
+    if (pattern)
+        console.log(`  Pattern: ${chalk.gray(pattern)}`);
+    if (message)
+        console.log(`  Message: ${chalk.gray(message)}`);
+    console.log(chalk.gray('\n─'.repeat(50)));
+    console.log(chalk.gray('View all rules: tankgate policy show'));
+    console.log(chalk.gray('Edit manually: tankgate policy edit'));
+    console.log(chalk.gray('Validate: tankgate validate'));
+}
+function formatLevel(level) {
+    const colors = {
+        level_0: chalk.gray,
+        level_1: chalk.cyan,
+        level_2: chalk.yellow,
+        level_3: chalk.magenta,
+        level_4: chalk.red,
+    };
+    return (colors[level] || chalk.white)(level);
+}
+//# sourceMappingURL=policy-add-rule.js.map

package/dist/commands/policy-add-rule.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-add-rule.js","sourceRoot":"","sources":["../../src/commands/policy-add-rule.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,MAAM,EAAE,KAAK,EAAW,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,IAAI,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC/B,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAWxC,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAA6B;IAC/D,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,iCAAiC,CAAC,CAAC;IAE9E,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,iCAAiC,UAAU,EAAE,CAAC,CAAC,CAAC;QACxE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC,CAAC;QAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;IAE9B,uCAAuC;IACvC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,CAAC,KAAK,GAAG,EAAE,CAAC;IACpB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;IAErD,iDAAiD;IACjD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,MAAM,KAAK,CAAC;QACvC,OAAO,EAAE,8CAA8C;QACvD,OAAO,EAAE,QAAQ,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;KAC3C,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,MAAM,MAAM,CAAC;QACxC,OAAO,EAAE,qCAAqC;QAC9C,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,uBAAuB,EAAE,KAAK,EAAE,MAAM,EAAE;YAChD,EAAE,IAAI,EAAE,qBAAqB,EAAE,KAAK,EAAE,MAAM,EAAE;YAC9C,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,OAAO,EAAE;YAChD,EAAE,IAAI,EAAE,qBAAqB,EAAE,KAAK,EAAE,MAAM,EAAE;YAC9C,EAAE,IAAI,EAAE,0BAA0B,EAAE,KAAK,EAAE,WAAW,EAAE;YACxD,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,GAAG,EAAE;SACtC;KACF,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,MAAM,MAAM,CAAC;QAC5C,OAAO,EAAE,eAAe;QACxB,OAAO,EAAE,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,WAAW;YAC3C,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;YAC3C,CAAC,CAAC;gBACA,EAAE,IAAI,EAAE,iBAAiB,EAAE,KAAK,EAAE,GAAG,EAAE;gBACvC,EAAE,IAAI,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,EAAE;gBACzC,EAAE,IAAI,EAAE,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE;gBAC3C,EAAE,IAAI,EAAE,qBAAqB,EAAE,KAAK,EAAE,SAAS,EAAE;aAClD;KACJ,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,MAAM,MAAM,CAAC;QAC1C,OAAO,EAAE,4CAA4C;QACrD,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,uCAAuC,EAAE,KAAK,EAAE,SAAS,EAAE;YACnE,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,SAAS,EAAE;YAClD,EAAE,IAAI,EAAE,+BAA+B,EAAE,KAAK,EAAE,SAAS,EAAE;YAC3D,EAAE,IAAI,EAAE,8BAA8B,EAAE,KAAK,EAAE,SAAS,EAAE;YAC1D,EAAE,IAAI,EAAE,8BAA8B,EAAE,KAAK,EAAE,SAAS,EAAE;SAC3D;KACF,CAAC,CAAC;IAEH,IAAI,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAC9B,IAAI,CAAC,OAAO,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QAChC,OAAO,GAAG,MAAM,KAAK,CAAC;YACpB,OAAO,EAAE,2DAA2D;YACpE,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,MAAM,CAAC,EAAE,CAAC;QAChF,OAAO,GAAG,MAAM,KAAK,CAAC;YACpB,OAAO,EAAE,4DAA4D;YACrE,OAAO,EAAE,IAAI;SACd,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC;QAC1B,OAAO,EAAE,2CAA2C;QACpD,OAAO,EAAE,EAAE;KACZ,CAAC,CAAC;IAEH,iBAAiB;IACjB,MAAM,IAAI,GAAQ;QAChB,IAAI;QACJ,KAAK;QACL,KAAK,EAAE;YACL,IAAI;YACJ,MAAM;SACP;KACF,CAAC;IAEF,IAAI,OAAO,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QAChC,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,OAAO,CAAC;IAC/B,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,gBAAgB;IAChB,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAExB,aAAa;IACb,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC;IACxD,aAAa,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAEvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC/C,OAAO,CAAC,GAAG,CAAC,YAAY,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC9C,IAAI,OAAO;QAAE,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC9D,IAAI,OAAO;QAAE,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAE9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC1C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC,CAAC;IAChE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,WAAW,CAAC,KAAa;IAChC,MAAM,MAAM,GAA0C;QACpD,OAAO,EAAE,KAAK,CAAC,IAAI;QACnB,OAAO,EAAE,KAAK,CAAC,IAAI;QACnB,OAAO,EAAE,KAAK,CAAC,MAAM;QACrB,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,OAAO,EAAE,KAAK,CAAC,GAAG;KACnB,CAAC;IACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;AAC/C,CAAC"}

package/dist/commands/policy-edit.d.ts

@@ -0,0 +1,11 @@
+/**
+ * tankgate policy edit command
+ *
+ * Opens policy file in user's default editor ($EDITOR or nano).
+ * This is the EASIEST way to modify policies.
+ */
+export interface PolicyEditOptions {
+    path: string;
+}
+export declare function policyEdit(options: PolicyEditOptions): Promise<void>;
+//# sourceMappingURL=policy-edit.d.ts.map