@tankgate/cli 0.1.0

package/dist/commands/policy-edit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-edit.d.ts","sourceRoot":"","sources":["../../src/commands/policy-edit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;CACd;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CA0B1E"}

package/dist/commands/policy-edit.js

@@ -0,0 +1,34 @@
+/**
+ * tankgate policy edit command
+ *
+ * Opens policy file in user's default editor ($EDITOR or nano).
+ * This is the EASIEST way to modify policies.
+ */
+import chalk from 'chalk';
+import { $ } from 'bun';
+import { existsSync } from 'fs';
+import { resolve } from 'path';
+export async function policyEdit(options) {
+    const policyPath = resolve(options.path || '.tankgate/policies/default.yaml');
+    if (!existsSync(policyPath)) {
+        console.error(chalk.red(`Error: Policy file not found: ${policyPath}`));
+        console.log(chalk.gray('\nRun `tankgate init` to create a policy file first.'));
+        process.exit(1);
+    }
+    const editor = process.env.EDITOR || process.env.VISUAL || 'nano';
+    console.log(chalk.cyan(`Opening policy in ${editor}...`));
+    console.log(chalk.gray(`File: ${policyPath}\n`));
+    try {
+        // Use Bun's shell to run the editor
+        await $ `${editor} ${policyPath}`.quiet();
+        console.log(chalk.green('\n✓Policy file saved.'));
+        console.log(chalk.gray('Run `tankgate validate` to check for errors.'));
+    }
+    catch (error) {
+        console.error(chalk.red('Error opening editor'));
+        console.log(chalk.gray('\nYou can manually edit the file at:'));
+        console.log(chalk.white(`  ${policyPath}`));
+        process.exit(1);
+    }
+}
+//# sourceMappingURL=policy-edit.js.map

package/dist/commands/policy-edit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-edit.js","sourceRoot":"","sources":["../../src/commands/policy-edit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAChC,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAM/B,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAA0B;IACzD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,iCAAiC,CAAC,CAAC;IAE9E,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,iCAAiC,UAAU,EAAE,CAAC,CAAC,CAAC;QACxE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC,CAAC;QAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,IAAI,MAAM,CAAC;IAElE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,qBAAqB,MAAM,KAAK,CAAC,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,UAAU,IAAI,CAAC,CAAC,CAAC;IAEjD,IAAI,CAAC;QACH,oCAAoC;QACpC,MAAM,CAAC,CAAA,GAAG,MAAM,IAAI,UAAU,EAAE,CAAC,KAAK,EAAE,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC,CAAC;IAC1E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC,CAAC;QAChE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,UAAU,EAAE,CAAC,CAAC,CAAC;QAC5C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/policy-show.d.ts

@@ -0,0 +1,11 @@
+/**
+ * tankgate policy show command
+ *
+ * Displays the current policy in a readable format.
+ */
+export interface PolicyShowOptions {
+    path: string;
+    json: boolean;
+}
+export declare function policyShow(options: PolicyShowOptions): Promise<void>;
+//# sourceMappingURL=policy-show.d.ts.map

package/dist/commands/policy-show.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-show.d.ts","sourceRoot":"","sources":["../../src/commands/policy-show.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAOH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,OAAO,CAAC;CACf;AAED,wBAAsB,UAAU,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAuF1E"}

package/dist/commands/policy-show.js

@@ -0,0 +1,111 @@
+/**
+ * tankgate policy show command
+ *
+ * Displays the current policy in a readable format.
+ */
+import chalk from 'chalk';
+import { existsSync, readFileSync } from 'fs';
+import { resolve } from 'path';
+import { parse } from 'yaml';
+export async function policyShow(options) {
+    const policyPath = resolve(options.path || '.tankgate/policies/default.yaml');
+    if (!existsSync(policyPath)) {
+        console.error(chalk.red(`Error: Policy file not found: ${policyPath}`));
+        console.log(chalk.gray('\nRun `tankgate init` to create a policy file first.'));
+        process.exit(1);
+    }
+    const content = readFileSync(policyPath, 'utf-8');
+    const policy = parse(content);
+    if (options.json) {
+        console.log(JSON.stringify(policy, null, 2));
+        return;
+    }
+    console.log(chalk.bold('\n📋 TankGate Policy\n'));
+    console.log(chalk.gray(`File: ${policyPath}\n`));
+    // Show metadata
+    if (policy.metadata) {
+        console.log(chalk.cyan('Metadata:'));
+        console.log(`  Name: ${policy.metadata.name || 'unnamed'}`);
+        console.log(`  Version: ${policy.metadata.version || '1.0'}`);
+        if (policy.metadata.description) {
+            console.log(`  Description: ${policy.metadata.description}`);
+        }
+        console.log();
+    }
+    // Show defaults
+    if (policy.defaults) {
+        console.log(chalk.cyan('Defaults:'));
+        console.log(`  Action Level: ${formatLevel(policy.defaults.action_level)}`);
+        console.log(`  Network Mode: ${policy.defaults.network_mode || 'proxy'}`);
+        console.log();
+    }
+    // Show rules
+    if (policy.rules && policy.rules.length > 0) {
+        console.log(chalk.cyan(`Rules (${policy.rules.length}):`));
+        policy.rules.forEach((rule, index) => {
+            const level = formatLevel(rule.level);
+            const icon = getLevelIcon(rule.level);
+            console.log(`\n  ${icon} Rule #${index + 1}: ${chalk.white(rule.name || 'unnamed')}`);
+            console.log(`    Level: ${level}`);
+            if (rule.match) {
+                console.log(`    Match:`);
+                if (rule.match.tool)
+                    console.log(`      tool: ${rule.match.tool}`);
+                if (rule.match.action)
+                    console.log(`      action: ${rule.match.action}`);
+                if (rule.match.pattern)
+                    console.log(`      pattern: ${chalk.gray(rule.match.pattern)}`);
+            }
+            if (rule.message) {
+                console.log(`    Message: ${chalk.gray(rule.message)}`);
+            }
+        });
+        console.log();
+    }
+    // Show commands
+    if (policy.commands) {
+        console.log(chalk.cyan('Commands:'));
+        ['allowed', 'blocked', 'restricted'].forEach(category => {
+            if (policy.commands[category]?.length > 0) {
+                const color = category === 'blocked' ? chalk.red : category === 'restricted' ? chalk.yellow : chalk.green;
+                console.log(`  ${category}: ${color(policy.commands[category].join(', '))}`);
+            }
+        });
+        console.log();
+    }
+    // Show paths
+    if (policy.paths) {
+        console.log(chalk.cyan('Paths:'));
+        ['allowed', 'blocked', 'restricted'].forEach(category => {
+            if (policy.paths[category]?.length > 0) {
+                const color = category === 'blocked' ? chalk.red : category === 'restricted' ? chalk.yellow : chalk.green;
+                console.log(`  ${category}: ${color(policy.paths[category].join(', '))}`);
+            }
+        });
+        console.log();
+    }
+    console.log(chalk.gray('─'.repeat(50)));
+    console.log(chalk.gray(`Edit this policy: tankgate policy edit`));
+    console.log(chalk.gray(`Validate: tankgate validate`));
+}
+function formatLevel(level) {
+    const colors = {
+        level_0: chalk.gray,
+        level_1: chalk.cyan,
+        level_2: chalk.yellow,
+        level_3: chalk.magenta,
+        level_4: chalk.red,
+    };
+    return (colors[level] || chalk.white)(level);
+}
+function getLevelIcon(level) {
+    const icons = {
+        level_0: '○',
+        level_1: '●',
+        level_2: '◐',
+        level_3: '◑',
+        level_4: '✗',
+    };
+    return icons[level] || '○';
+}
+//# sourceMappingURL=policy-show.js.map

package/dist/commands/policy-show.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-show.js","sourceRoot":"","sources":["../../src/commands/policy-show.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC/B,OAAO,EAAE,KAAK,EAAE,MAAM,MAAM,CAAC;AAO7B,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,OAA0B;IACzD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,iCAAiC,CAAC,CAAC;IAE9E,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,iCAAiC,UAAU,EAAE,CAAC,CAAC,CAAC;QACxE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC,CAAC;QAChF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;IAE9B,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,UAAU,IAAI,CAAC,CAAC,CAAC;IAEjD,gBAAgB;IAChB,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,WAAW,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,SAAS,EAAE,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,cAAc,MAAM,CAAC,QAAQ,CAAC,OAAO,IAAI,KAAK,EAAE,CAAC,CAAC;QAC9D,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;YAChC,OAAO,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QAC/D,CAAC;QACD,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,gBAAgB;IAChB,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QAC5E,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,QAAQ,CAAC,YAAY,IAAI,OAAO,EAAE,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,aAAa;IACb,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC;QAC3D,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAS,EAAE,KAAa,EAAE,EAAE;YAChD,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACtC,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACtC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,UAAU,KAAK,GAAG,CAAC,KAAK,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,IAAI,SAAS,CAAC,EAAE,CAAC,CAAC;YACtF,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,EAAE,CAAC,CAAC;YACnC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;gBAC1B,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI;oBAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;gBACnE,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM;oBAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;gBACzE,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO;oBAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC1F,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,gBAAgB;IAChB,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QACrC,CAAC,SAAS,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;YACtD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1C,MAAM,KAAK,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC;gBAC1G,OAAO,CAAC,GAAG,CAAC,KAAK,QAAQ,KAAK,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;YAC/E,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,aAAa;IACb,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAClC,CAAC,SAAS,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;YACtD,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvC,MAAM,KAAK,GAAG,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC;gBAC1G,OAAO,CAAC,GAAG,CAAC,KAAK,QAAQ,KAAK,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;YAC5E,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,EAAE,CAAC;IAChB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACxC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,WAAW,CAAC,KAAa;IAChC,MAAM,MAAM,GAA0C;QACpD,OAAO,EAAE,KAAK,CAAC,IAAI;QACnB,OAAO,EAAE,KAAK,CAAC,IAAI;QACnB,OAAO,EAAE,KAAK,CAAC,MAAM;QACrB,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,OAAO,EAAE,KAAK,CAAC,GAAG;KACnB,CAAC;IACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,KAAK,GAA2B;QACpC,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,GAAG;KACb,CAAC;IACF,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC;AAC7B,CAAC"}

package/dist/commands/preset.d.ts

@@ -0,0 +1,14 @@
+/**
+ * tankgate preset command
+ *
+ * Quick way to switch between security presets.
+ * No need to understand the policy DSL - just pick a preset!
+ */
+import { type PresetName } from '../presets';
+export interface PresetOptions {
+    path: string;
+    list: boolean;
+}
+export declare function preset(options: PresetOptions): Promise<void>;
+export declare function applyPreset(name: PresetName, policyPath: string): Promise<void>;
+//# sourceMappingURL=preset.d.ts.map

package/dist/commands/preset.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"preset.d.ts","sourceRoot":"","sources":["../../src/commands/preset.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,OAAO,EAAmC,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAE9E,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,OAAO,CAAC;CACf;AAED,wBAAsB,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CA6FlE;AAGD,wBAAsB,WAAW,CAAC,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAsBrF"}

package/dist/commands/preset.js

@@ -0,0 +1,115 @@
+/**
+ * tankgate preset command
+ *
+ * Quick way to switch between security presets.
+ * No need to understand the policy DSL - just pick a preset!
+ */
+import chalk from 'chalk';
+import { select, confirm } from '@inquirer/prompts';
+import { existsSync, writeFileSync, mkdirSync } from 'fs';
+import { resolve, dirname } from 'path';
+import { stringify } from 'yaml';
+import { getPreset, listPresets } from '../presets';
+export async function preset(options) {
+    if (options.list) {
+        console.log(chalk.bold('\n🔒 TankGate Security Presets\n'));
+        console.log('Choose a preset based on your trust level:\n');
+        const presets = listPresets();
+        presets.forEach(p => {
+            const icon = p.name === 'safe' ? '🛡️' :
+                p.name === 'balanced' ? '⚖️ ' :
+                    p.name === 'permissive' ? '🔓' : '👁️';
+            console.log(`  ${icon} ${chalk.cyan(p.name.padEnd(12))} - ${p.description}`);
+        });
+        console.log(chalk.gray('\nUsage: tankgate preset safe'));
+        console.log(chalk.gray('       tankgate preset balanced'));
+        return;
+    }
+    const policyPath = resolve(options.path || '.tankgate/policies/default.yaml');
+    // Interactive preset selection
+    const presetName = await select({
+        message: 'Choose your security level:',
+        choices: [
+            { name: '🛡️  safe - Maximum security, blocks dangerous ops, requires approval', value: 'safe' },
+            { name: '⚖️  balanced - Good security, blocks dangerous, logs others', value: 'balanced' },
+            { name: '🔓 permissive - Minimal restrictions, logs only', value: 'permissive' },
+            { name: '👁️  readonly - Can only read, no modifications allowed', value: 'readonly' },
+        ],
+    });
+    const selectedPreset = getPreset(presetName);
+    console.log(chalk.bold(`\n🔒 ${selectedPreset.name}\n`));
+    console.log(chalk.gray(selectedPreset.description));
+    console.log();
+    // Show what this preset does
+    console.log(chalk.cyan('What this preset does:'));
+    selectedPreset.rules.slice(0, 5).forEach(rule => {
+        const levelIcon = rule.level === 'level_4' ? '✗' :
+            rule.level === 'level_3' ? '◑' :
+                rule.level === 'level_2' ? '◐' :
+                    rule.level === 'level_1' ? '●' : '○';
+        console.log(`  ${levelIcon} ${rule.name}`);
+    });
+    if (selectedPreset.rules.length > 5) {
+        console.log(chalk.gray(`  ... and ${selectedPreset.rules.length - 5} more rules`));
+    }
+    console.log();
+    const apply = await confirm({
+        message: 'Apply this preset?',
+        default: true,
+    });
+    if (!apply) {
+        console.log(chalk.gray('Cancelled.'));
+        return;
+    }
+    // Build policy YAML
+    const policy = {
+        metadata: {
+            name: 'tankgate-policy',
+            version: '1.0',
+            preset: presetName,
+            description: selectedPreset.description
+        },
+        defaults: {
+            action_level: selectedPreset.level,
+            network_mode: 'proxy'
+        },
+        rules: selectedPreset.rules
+    };
+    // Ensure directory exists
+    const dir = dirname(policyPath);
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+    // Write policy
+    const yamlContent = stringify(policy, { lineWidth: 0 });
+    writeFileSync(policyPath, yamlContent);
+    console.log(chalk.green('\n✓ Preset applied!'));
+    console.log(chalk.gray(`Policy saved to: ${policyPath}`));
+    console.log();
+    console.log(chalk.cyan('Next steps:'));
+    console.log(chalk.gray('  • View your policy: tankgate policy show'));
+    console.log(chalk.gray('  • Add custom rules: tankgate policy add-rule'));
+    console.log(chalk.gray('  • See what\'s blocked: tankgate audit'));
+}
+// Non-interactive version for CLI args
+export async function applyPreset(name, policyPath) {
+    const preset = getPreset(name);
+    const policy = {
+        metadata: {
+            name: 'tankgate-policy',
+            version: '1.0',
+            preset: name,
+            description: preset.description
+        },
+        defaults: {
+            action_level: preset.level,
+            network_mode: 'proxy'
+        },
+        rules: preset.rules
+    };
+    const yamlContent = stringify(policy, { lineWidth: 0 });
+    writeFileSync(policyPath, yamlContent);
+    console.log(chalk.green(`✓ Applied ${chalk.bold(name)} preset`));
+    console.log(chalk.gray(`  ${preset.description}`));
+}
+//# sourceMappingURL=preset.js.map

package/dist/commands/preset.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"preset.js","sourceRoot":"","sources":["../../src/commands/preset.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAgB,aAAa,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AACxC,OAAO,EAAS,SAAS,EAAE,MAAM,MAAM,CAAC;AACxC,OAAO,EAAW,SAAS,EAAE,WAAW,EAAmB,MAAM,YAAY,CAAC;AAO9E,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,OAAsB;IACjD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;QAE5D,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;QAC9B,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;YAClB,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBAC3B,CAAC,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;oBAC/B,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC;YACpD,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,CAAC;QAC3D,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,IAAI,iCAAiC,CAAC,CAAC;IAE9E,+BAA+B;IAC/B,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC;QAC9B,OAAO,EAAE,6BAA6B;QACtC,OAAO,EAAE;YACP,EAAE,IAAI,EAAE,uEAAuE,EAAE,KAAK,EAAE,MAAM,EAAE;YAChG,EAAE,IAAI,EAAE,6DAA6D,EAAE,KAAK,EAAE,UAAU,EAAE;YAC1F,EAAE,IAAI,EAAE,iDAAiD,EAAE,KAAK,EAAE,YAAY,EAAE;YAChF,EAAE,IAAI,EAAE,yDAAyD,EAAE,KAAK,EAAE,UAAU,EAAE;SACvF;KACF,CAAe,CAAC;IAEjB,MAAM,cAAc,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IAE7C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,cAAc,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;IACzD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,6BAA6B;IAC7B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;IAClD,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;QAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBAChC,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;oBAChC,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,KAAK,SAAS,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IACH,IAAI,cAAc,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,cAAc,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACrF,CAAC;IACD,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC;QAC1B,OAAO,EAAE,oBAAoB;QAC7B,OAAO,EAAE,IAAI;KACd,CAAC,CAAC;IAEH,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QACtC,OAAO;IACT,CAAC;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE;YACR,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,UAAU;YAClB,WAAW,EAAE,cAAc,CAAC,WAAW;SACxC;QACD,QAAQ,EAAE;YACR,YAAY,EAAE,cAAc,CAAC,KAAK;YAClC,YAAY,EAAE,OAAO;SACtB;QACD,KAAK,EAAE,cAAc,CAAC,KAAK;KAC5B,CAAC;IAEF,0BAA0B;IAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAChC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,eAAe;IACf,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC;IACxD,aAAa,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAEvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,oBAAoB,UAAU,EAAE,CAAC,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC,CAAC;IAC1E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,uCAAuC;AACvC,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAAgB,EAAE,UAAkB;IACpE,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAE/B,MAAM,MAAM,GAAG;QACb,QAAQ,EAAE;YACR,IAAI,EAAE,iBAAiB;YACvB,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,IAAI;YACZ,WAAW,EAAE,MAAM,CAAC,WAAW;SAChC;QACD,QAAQ,EAAE;YACR,YAAY,EAAE,MAAM,CAAC,KAAK;YAC1B,YAAY,EAAE,OAAO;SACtB;QACD,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC;IAEF,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC;IACxD,aAAa,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAEvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;AACrD,CAAC"}

package/dist/commands/status.d.ts

@@ -0,0 +1,11 @@
+/**
+ * tankgate status command
+ *
+ * Shows the current status of TankGate by calling the /health endpoint.
+ */
+export interface StatusOptions {
+    json: boolean;
+    url: string;
+}
+export declare function status(options: StatusOptions): Promise<void>;
+//# sourceMappingURL=status.d.ts.map

package/dist/commands/status.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.d.ts","sourceRoot":"","sources":["../../src/commands/status.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,OAAO,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;CACb;AAkBD,wBAAsB,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CA0BlE"}

package/dist/commands/status.js

@@ -0,0 +1,52 @@
+/**
+ * tankgate status command
+ *
+ * Shows the current status of TankGate by calling the /health endpoint.
+ */
+import chalk from 'chalk';
+export async function status(options) {
+    try {
+        const response = await fetch(`${options.url}/health`);
+        if (!response.ok) {
+            console.error(chalk.red(`Error: TankGate returned status ${response.status}`));
+            process.exit(1);
+        }
+        const health = (await response.json());
+        if (options.json) {
+            console.log(JSON.stringify(health, null, 2));
+            return;
+        }
+        printStatusTable(health);
+    }
+    catch (error) {
+        if (error instanceof Error && error.message.includes('fetch')) {
+            console.error(chalk.red('Error: Cannot connect to TankGate'));
+            console.log(chalk.gray(`Make sure TankGate is running at ${options.url}`));
+        }
+        else {
+            throw error;
+        }
+        process.exit(1);
+    }
+}
+function printStatusTable(health) {
+    console.log(chalk.bold('\n🛡️  TankGate Status\n'));
+    // Status
+    const statusColor = health.status === 'ok' ? chalk.green : chalk.red;
+    console.log(`  Status:     ${statusColor(health.status)}`);
+    // Policy
+    console.log(`  Policy:     ${chalk.cyan(health.policy)} (${health.rules} rules)`);
+    // Scanner
+    console.log('\n  Scanner:');
+    console.log(`    Profile:  ${chalk.cyan(health.scanner.profile)}`);
+    console.log(`    Backend:  ${chalk.cyan(health.scanner.backend)}`);
+    console.log(`    Fast:     ${health.scanner.fast ? chalk.green('✓') : chalk.red('✗')}`);
+    console.log(`    ML:       ${health.scanner.ml ? chalk.green('✓') : chalk.gray('✗')}`);
+    // Approval
+    console.log('\n  Approval:');
+    console.log(`    Channel:  ${chalk.cyan(health.approval.channel)}`);
+    const healthyStatus = health.approval.healthy ? chalk.green('✓') : chalk.red('✗');
+    console.log(`    Healthy:  ${healthyStatus}`);
+    console.log();
+}
+//# sourceMappingURL=status.js.map

package/dist/commands/status.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.js","sourceRoot":"","sources":["../../src/commands/status.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,MAAM,OAAO,CAAC;AAuB1B,MAAM,CAAC,KAAK,UAAU,MAAM,CAAC,OAAsB;IACjD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,OAAO,CAAC,GAAG,SAAS,CAAC,CAAC;QAEtD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,mCAAmC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YAC/E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmB,CAAC;QAEzD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7C,OAAO;QACT,CAAC;QAED,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9D,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC,CAAC;YAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,oCAAoC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC7E,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,CAAC;QACd,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAsB;IAC9C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,CAAC;IAEpD,SAAS;IACT,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,iBAAiB,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAE3D,SAAS;IACT,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC,KAAK,SAAS,CAAC,CAAC;IAElF,UAAU;IACV,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC5B,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEvF,WAAW;IACX,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAC7B,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACpE,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAClF,OAAO,CAAC,GAAG,CAAC,iBAAiB,aAAa,EAAE,CAAC,CAAC;IAE9C,OAAO,CAAC,GAAG,EAAE,CAAC;AAChB,CAAC"}

package/dist/commands/validate.d.ts

@@ -0,0 +1,10 @@
+/**
+ * tankgate validate command
+ *
+ * Validates TankGate configuration files.
+ */
+export interface ValidateOptions {
+    path: string;
+}
+export declare function validate(options: ValidateOptions): Promise<void>;
+//# sourceMappingURL=validate.d.ts.map

package/dist/commands/validate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../src/commands/validate.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAOH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;CACd;AAQD,wBAAsB,QAAQ,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAqEtE"}

package/dist/commands/validate.js

@@ -0,0 +1,123 @@
+/**
+ * tankgate validate command
+ *
+ * Validates TankGate configuration files.
+ */
+import { access, readdir } from 'fs/promises';
+import { join } from 'path';
+import chalk from 'chalk';
+import { parse } from 'yaml';
+export async function validate(options) {
+    console.log(chalk.bold('\n🔍 Validating TankGate configuration\n'));
+    const results = {
+        valid: true,
+        errors: [],
+        warnings: [],
+    };
+    const configDir = options.path;
+    // Check config.yaml
+    await validateFile(join(configDir, 'config.yaml'), 'config.yaml', results, validateConfigYaml);
+    // Check policy files
+    const policiesDir = join(configDir, 'policies');
+    try {
+        const files = await readdir(policiesDir);
+        const yamlFiles = files.filter((f) => f.endsWith('.yaml') || f.endsWith('.yml'));
+        if (yamlFiles.length === 0) {
+            results.warnings.push('No policy files found in .tankgate/policies/');
+        }
+        for (const file of yamlFiles) {
+            await validateFile(join(policiesDir, file), `policies/${file}`, results, validatePolicyYaml);
+        }
+    }
+    catch {
+        results.errors.push('Policies directory not found: .tankgate/policies/');
+        results.valid = false;
+    }
+    // Check docker-compose file
+    await validateFile('docker-compose.tankgate.yml', 'docker-compose.tankgate.yml', results, validateDockerCompose);
+    // Print results
+    if (results.valid && results.errors.length === 0) {
+        console.log(chalk.green('✓ All configurations valid\n'));
+    }
+    else {
+        console.log(chalk.red('✗ Validation failed\n'));
+    }
+    if (results.errors.length > 0) {
+        console.log(chalk.red('Errors:'));
+        for (const error of results.errors) {
+            console.log(chalk.red(`  ✗ ${error}`));
+        }
+    }
+    if (results.warnings.length > 0) {
+        console.log(chalk.yellow('Warnings:'));
+        for (const warning of results.warnings) {
+            console.log(chalk.yellow(`  ⚠ ${warning}`));
+        }
+    }
+    if (!results.valid) {
+        process.exit(1);
+    }
+}
+async function validateFile(path, name, results, validator) {
+    try {
+        await access(path);
+        // Read and validate content
+        const content = await Bun.file(path).text();
+        const error = validator(content);
+        if (error) {
+            results.errors.push(`${name}: ${error}`);
+            results.valid = false;
+        }
+        else {
+            console.log(chalk.green(`  ✓ ${name}`));
+        }
+    }
+    catch {
+        results.errors.push(`${name}: File not found`);
+        results.valid = false;
+        console.log(chalk.red(`  ✗ ${name}: File not found`));
+    }
+}
+function validateConfigYaml(content) {
+    try {
+        const parsed = parse(content);
+        if (!parsed.agent || !parsed.scanner || !parsed.approval) {
+            return 'Missing required sections (agent, scanner, approval)';
+        }
+        return null;
+    }
+    catch (e) {
+        return `Invalid YAML: ${e instanceof Error ? e.message : 'Unknown error'}`;
+    }
+}
+function validatePolicyYaml(content) {
+    try {
+        const parsed = parse(content);
+        if (!parsed.apiVersion || !parsed.kind || !parsed.metadata) {
+            return 'Missing required fields (apiVersion, kind, metadata)';
+        }
+        if (parsed.apiVersion !== 'tankgate.dev/v1') {
+            return `Invalid apiVersion: ${parsed.apiVersion}`;
+        }
+        if (parsed.kind !== 'AgentPolicy') {
+            return `Invalid kind: ${parsed.kind}`;
+        }
+        return null;
+    }
+    catch (e) {
+        return `Invalid YAML: ${e instanceof Error ? e.message : 'Unknown error'}`;
+    }
+}
+function validateDockerCompose(content) {
+    try {
+        const parsed = parse(content);
+        if (!parsed.services || !parsed.services.tankgate) {
+            return 'Missing tankgate service';
+        }
+        return null;
+    }
+    catch (e) {
+        return `Invalid YAML: ${e instanceof Error ? e.message : 'Unknown error'}`;
+    }
+}
+//# sourceMappingURL=validate.js.map

package/dist/commands/validate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../src/commands/validate.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,KAAK,EAAE,MAAM,MAAM,CAAC;AAY7B,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,OAAwB;IACrD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC,CAAC;IAEpE,MAAM,OAAO,GAAqB;QAChC,KAAK,EAAE,IAAI;QACX,MAAM,EAAE,EAAE;QACV,QAAQ,EAAE,EAAE;KACb,CAAC;IAEF,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;IAE/B,oBAAoB;IACpB,MAAM,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,kBAAkB,CAAC,CAAC;IAE/F,qBAAqB;IACrB,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAChD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;QACzC,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QAEjF,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;QACxE,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,MAAM,YAAY,CAChB,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,EACvB,YAAY,IAAI,EAAE,EAClB,OAAO,EACP,kBAAkB,CACnB,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;QACzE,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC;IACxB,CAAC;IAED,4BAA4B;IAC5B,MAAM,YAAY,CAChB,6BAA6B,EAC7B,6BAA6B,EAC7B,OAAO,EACP,qBAAqB,CACtB,CAAC;IAEF,gBAAgB;IAChB,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC,CAAC;IAC3D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;QAClC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;QACvC,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,OAAO,EAAE,CAAC,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,IAAY,EACZ,IAAY,EACZ,OAAyB,EACzB,SAA6C;IAE7C,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;QAEnB,4BAA4B;QAC5B,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;QAEjC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,KAAK,KAAK,EAAE,CAAC,CAAC;YACzC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC;QACxB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,IAAI,kBAAkB,CAAC,CAAC;QAC/C,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC;QACtB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,IAAI,kBAAkB,CAAC,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACzD,OAAO,sDAAsD,CAAC;QAChE,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,iBAAiB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;IAC7E,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,OAAe;IACzC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC3D,OAAO,sDAAsD,CAAC;QAChE,CAAC;QAED,IAAI,MAAM,CAAC,UAAU,KAAK,iBAAiB,EAAE,CAAC;YAC5C,OAAO,uBAAuB,MAAM,CAAC,UAAU,EAAE,CAAC;QACpD,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YAClC,OAAO,iBAAiB,MAAM,CAAC,IAAI,EAAE,CAAC;QACxC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,iBAAiB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;IAC7E,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAe;IAC5C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAClD,OAAO,0BAA0B,CAAC;QACpC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,iBAAiB,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;IAC7E,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,13 @@
+#!/usr/bin/env node
+/**
+ * TankGate CLI
+ *
+ * Runtime policy and containment layer for AI coding agents.
+ *
+ * Quick Start:
+ *   tankgate init --preset safe    # Initialize with safe preset
+ *   tankgate config                # Interactive configuration
+ *   tankgate audit                 # See what's been blocked
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;GASG"}