@trikhub/linter 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Muffles
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/dist/cli.js

@@ -0,0 +1,57 @@
+#!/usr/bin/env node
+import { resolve } from 'node:path';
+import { TrikLinter } from './linter.js';
+async function main() {
+    const args = process.argv.slice(2);
+    if (args.length === 0 || args.includes('--help') || args.includes('-h')) {
+        console.log(`
+Usage: trik-lint <trik-path> [options]
+
+Arguments:
+  trik-path    Path to the trik directory containing manifest.json
+
+Options:
+  --warnings-as-errors    Treat warnings as errors
+  --skip <rule>          Skip a specific rule (can be used multiple times)
+  --help, -h             Show this help message
+
+Rules:
+  valid-manifest         Manifest must be valid JSON and match schema
+  manifest-completeness  Check for recommended manifest fields
+  has-source-files       Trik must have TypeScript source files
+  entry-point-exists     Entry point in manifest must exist
+  no-forbidden-imports   Block dangerous Node.js modules
+  no-dynamic-code        Block eval() and Function constructor
+  undeclared-tool        Tools used must be declared in manifest
+  no-process-env         Warn on process.env access
+`);
+        process.exit(0);
+    }
+    const trikPath = resolve(args[0]);
+    const warningsAsErrors = args.includes('--warnings-as-errors');
+    const skipRules = [];
+    for (let i = 0; i < args.length; i++) {
+        if (args[i] === '--skip' && args[i + 1]) {
+            skipRules.push(args[i + 1]);
+            i++;
+        }
+    }
+    const linter = new TrikLinter({
+        warningsAsErrors,
+        skipRules,
+    });
+    console.log(`Linting trik at: ${trikPath}\n`);
+    try {
+        const results = await linter.lint(trikPath);
+        console.log(linter.formatResults(results));
+        if (linter.hasErrors(results)) {
+            process.exit(1);
+        }
+    }
+    catch (error) {
+        console.error('Error:', error instanceof Error ? error.message : error);
+        process.exit(1);
+    }
+}
+main();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACxE,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;CAoBf,CAAC,CAAC;QACC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAClC,MAAM,gBAAgB,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACrC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACxC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAC5B,CAAC,EAAE,CAAC;QACN,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC;QAC5B,gBAAgB;QAChB,SAAS;KACV,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,oBAAoB,QAAQ,IAAI,CAAC,CAAC;IAE9C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;QAE3C,IAAI,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+export { TrikLinter, type LinterConfig } from './linter.js';
+export { type LintResult, type LintSeverity, FORBIDDEN_IMPORTS, FORBIDDEN_CALLS, getImports, checkForbiddenImports, checkDynamicCodeExecution, checkUndeclaredTools, checkProcessEnvAccess, findToolUsage, ALLOWED_AGENT_STRING_FORMATS, schemaHasNoUnconstrainedStrings, checkNoFreeStringsInAgentData, extractTemplatePlaceholders, getSchemaFieldNames, checkTemplateFieldsExist, checkHasResponseTemplates, checkDefaultTemplateRecommended, } from './rules.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,EACL,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,iBAAiB,EACjB,eAAe,EACf,UAAU,EACV,qBAAqB,EACrB,yBAAyB,EACzB,oBAAoB,EACpB,qBAAqB,EACrB,aAAa,EAEb,4BAA4B,EAC5B,+BAA+B,EAC/B,6BAA6B,EAC7B,2BAA2B,EAC3B,mBAAmB,EACnB,wBAAwB,EACxB,yBAAyB,EACzB,+BAA+B,GAChC,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,5 @@
+export { TrikLinter } from './linter.js';
+export { FORBIDDEN_IMPORTS, FORBIDDEN_CALLS, getImports, checkForbiddenImports, checkDynamicCodeExecution, checkUndeclaredTools, checkProcessEnvAccess, findToolUsage, 
+// V2 rules
+ALLOWED_AGENT_STRING_FORMATS, schemaHasNoUnconstrainedStrings, checkNoFreeStringsInAgentData, extractTemplatePlaceholders, getSchemaFieldNames, checkTemplateFieldsExist, checkHasResponseTemplates, checkDefaultTemplateRecommended, } from './rules.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAqB,MAAM,aAAa,CAAC;AAC5D,OAAO,EAGL,iBAAiB,EACjB,eAAe,EACf,UAAU,EACV,qBAAqB,EACrB,yBAAyB,EACzB,oBAAoB,EACpB,qBAAqB,EACrB,aAAa;AACb,WAAW;AACX,4BAA4B,EAC5B,+BAA+B,EAC/B,6BAA6B,EAC7B,2BAA2B,EAC3B,mBAAmB,EACnB,wBAAwB,EACxB,yBAAyB,EACzB,+BAA+B,GAChC,MAAM,YAAY,CAAC"}

package/dist/linter.d.ts

@@ -0,0 +1,70 @@
+import { type LintResult } from './rules.js';
+/**
+ * Linter configuration
+ */
+export interface LinterConfig {
+    /** Additional forbidden imports */
+    forbiddenImports?: string[];
+    /** Skip certain rules */
+    skipRules?: string[];
+    /** Treat warnings as errors */
+    warningsAsErrors?: boolean;
+}
+/**
+ * Linter for trik validation
+ */
+export declare class TrikLinter {
+    private config;
+    constructor(config?: LinterConfig);
+    /**
+     * Parse a TypeScript file into a source file
+     */
+    private parseTypeScript;
+    /**
+     * Load and parse the manifest
+     */
+    private loadManifest;
+    /**
+     * Find all TypeScript files in the trik directory
+     */
+    private findSourceFiles;
+    /**
+     * Check if a rule should be skipped
+     */
+    private shouldSkipRule;
+    /**
+     * Lint only the manifest (for downloaded/compiled triks without TypeScript source)
+     *
+     * This validates:
+     * - Manifest structure and required fields
+     * - Privilege separation rules (no free strings in agentData)
+     * - Template field existence
+     * - Response templates presence
+     *
+     * This does NOT validate:
+     * - Source code (forbidden imports, eval, etc.)
+     * - Entry point existence as TypeScript
+     */
+    lintManifestOnly(trikPath: string): Promise<LintResult[]>;
+    /**
+     * Lint a trik
+     */
+    lint(trikPath: string): Promise<LintResult[]>;
+    /**
+     * Lint manifest with privilege separation rules
+     */
+    private lintManifest;
+    /**
+     * Check manifest has all recommended fields
+     */
+    private checkManifestCompleteness;
+    /**
+     * Format lint results for console output
+     */
+    formatResults(results: LintResult[]): string;
+    /**
+     * Check if lint results have any errors
+     */
+    hasErrors(results: LintResult[]): boolean;
+}
+//# sourceMappingURL=linter.d.ts.map

package/dist/linter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"linter.d.ts","sourceRoot":"","sources":["../src/linter.ts"],"names":[],"mappings":"AAOA,OAAO,EACL,KAAK,UAAU,EAUhB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,mCAAmC;IACnC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,yBAAyB;IACzB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,+BAA+B;IAC/B,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAe;gBAEjB,MAAM,GAAE,YAAiB;IAIrC;;OAEG;IACH,OAAO,CAAC,eAAe;IAIvB;;OAEG;YACW,YAAY;IAa1B;;OAEG;YACW,eAAe;IAiB7B;;OAEG;IACH,OAAO,CAAC,cAAc;IAItB;;;;;;;;;;;;OAYG;IACG,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAsC/D;;OAEG;IACG,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAwFnD;;OAEG;IACH,OAAO,CAAC,YAAY;IA0BpB;;OAEG;IACH,OAAO,CAAC,yBAAyB;IA2CjC;;OAEG;IACH,aAAa,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,MAAM;IAyB5C;;OAEG;IACH,SAAS,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,OAAO;CAG1C"}

package/dist/linter.js

@@ -0,0 +1,275 @@
+import { readFile } from 'node:fs/promises';
+import { join } from 'node:path';
+import ts from 'typescript';
+import { validateManifest, } from '@trikhub/manifest';
+import { checkForbiddenImports, checkDynamicCodeExecution, checkUndeclaredTools, checkProcessEnvAccess, 
+// Privilege separation rules
+checkNoFreeStringsInAgentData, checkTemplateFieldsExist, checkHasResponseTemplates, checkDefaultTemplateRecommended, } from './rules.js';
+/**
+ * Linter for trik validation
+ */
+export class TrikLinter {
+    config;
+    constructor(config = {}) {
+        this.config = config;
+    }
+    /**
+     * Parse a TypeScript file into a source file
+     */
+    parseTypeScript(filePath, content) {
+        return ts.createSourceFile(filePath, content, ts.ScriptTarget.ESNext, true, ts.ScriptKind.TS);
+    }
+    /**
+     * Load and parse the manifest
+     */
+    async loadManifest(trikPath) {
+        const manifestPath = join(trikPath, 'manifest.json');
+        const content = await readFile(manifestPath, 'utf-8');
+        const data = JSON.parse(content);
+        const validation = validateManifest(data);
+        if (!validation.valid) {
+            throw new Error(`Invalid manifest: ${validation.errors?.join(', ')}`);
+        }
+        return data;
+    }
+    /**
+     * Find all TypeScript files in the trik directory
+     */
+    async findSourceFiles(trikPath) {
+        const fs = await import('node:fs/promises');
+        const entries = await fs.readdir(trikPath, { withFileTypes: true });
+        const tsFiles = [];
+        for (const entry of entries) {
+            if (entry.isFile() && (entry.name.endsWith('.ts') || entry.name.endsWith('.tsx'))) {
+                // Skip test files and declaration files
+                if (!entry.name.includes('.test.') && !entry.name.includes('.spec.') && !entry.name.endsWith('.d.ts')) {
+                    tsFiles.push(join(trikPath, entry.name));
+                }
+            }
+        }
+        return tsFiles;
+    }
+    /**
+     * Check if a rule should be skipped
+     */
+    shouldSkipRule(ruleName) {
+        return this.config.skipRules?.includes(ruleName) ?? false;
+    }
+    /**
+     * Lint only the manifest (for downloaded/compiled triks without TypeScript source)
+     *
+     * This validates:
+     * - Manifest structure and required fields
+     * - Privilege separation rules (no free strings in agentData)
+     * - Template field existence
+     * - Response templates presence
+     *
+     * This does NOT validate:
+     * - Source code (forbidden imports, eval, etc.)
+     * - Entry point existence as TypeScript
+     */
+    async lintManifestOnly(trikPath) {
+        const results = [];
+        const manifestPath = join(trikPath, 'manifest.json');
+        // 1. Load and validate manifest
+        let manifest;
+        try {
+            manifest = await this.loadManifest(trikPath);
+        }
+        catch (error) {
+            results.push({
+                rule: 'valid-manifest',
+                severity: 'error',
+                message: error instanceof Error ? error.message : 'Failed to load manifest',
+                file: manifestPath,
+            });
+            return results;
+        }
+        // 2. Apply manifest-specific rules (privilege separation)
+        results.push(...this.lintManifest(manifest, manifestPath));
+        // 3. Check manifest completeness
+        if (!this.shouldSkipRule('manifest-completeness')) {
+            results.push(...this.checkManifestCompleteness(manifest, trikPath));
+        }
+        // Apply warningsAsErrors if configured
+        if (this.config.warningsAsErrors) {
+            for (const result of results) {
+                if (result.severity === 'warning') {
+                    result.severity = 'error';
+                }
+            }
+        }
+        return results;
+    }
+    /**
+     * Lint a trik
+     */
+    async lint(trikPath) {
+        const results = [];
+        const manifestPath = join(trikPath, 'manifest.json');
+        // 1. Load and validate manifest
+        let manifest;
+        try {
+            manifest = await this.loadManifest(trikPath);
+        }
+        catch (error) {
+            results.push({
+                rule: 'valid-manifest',
+                severity: 'error',
+                message: error instanceof Error ? error.message : 'Failed to load manifest',
+                file: manifestPath,
+            });
+            return results;
+        }
+        // 2. Apply manifest-specific rules (privilege separation)
+        results.push(...this.lintManifest(manifest, manifestPath));
+        // 3. Check manifest completeness
+        if (!this.shouldSkipRule('manifest-completeness')) {
+            results.push(...this.checkManifestCompleteness(manifest, trikPath));
+        }
+        // 4. Find and analyze source files
+        const sourceFiles = await this.findSourceFiles(trikPath);
+        if (sourceFiles.length === 0) {
+            results.push({
+                rule: 'has-source-files',
+                severity: 'error',
+                message: 'No TypeScript source files found in trik directory',
+                file: trikPath,
+            });
+            return results;
+        }
+        // 5. Check entry point exists
+        const entryPath = join(trikPath, manifest.entry.module.replace('.js', '.ts'));
+        if (!sourceFiles.some((f) => f.endsWith(entryPath.split('/').pop().replace('.js', '.ts')))) {
+            results.push({
+                rule: 'entry-point-exists',
+                severity: 'warning',
+                message: `Entry point "${manifest.entry.module}" not found as TypeScript source`,
+                file: trikPath,
+            });
+        }
+        // 6. Analyze each source file
+        for (const filePath of sourceFiles) {
+            const content = await readFile(filePath, 'utf-8');
+            const sourceFile = this.parseTypeScript(filePath, content);
+            // Check forbidden imports
+            if (!this.shouldSkipRule('no-forbidden-imports')) {
+                results.push(...checkForbiddenImports(sourceFile, this.config.forbiddenImports));
+            }
+            // Check dynamic code execution
+            if (!this.shouldSkipRule('no-dynamic-code')) {
+                results.push(...checkDynamicCodeExecution(sourceFile));
+            }
+            // Check undeclared tools
+            if (!this.shouldSkipRule('undeclared-tool')) {
+                results.push(...checkUndeclaredTools(sourceFile, manifest.capabilities.tools));
+            }
+            // Check process.env access
+            if (!this.shouldSkipRule('no-process-env')) {
+                results.push(...checkProcessEnvAccess(sourceFile));
+            }
+        }
+        // Apply warningsAsErrors if configured
+        if (this.config.warningsAsErrors) {
+            for (const result of results) {
+                if (result.severity === 'warning') {
+                    result.severity = 'error';
+                }
+            }
+        }
+        return results;
+    }
+    /**
+     * Lint manifest with privilege separation rules
+     */
+    lintManifest(manifest, manifestPath) {
+        const results = [];
+        // Core security rule: no free-form strings in agentDataSchema
+        if (!this.shouldSkipRule('no-free-strings-in-agent-data')) {
+            results.push(...checkNoFreeStringsInAgentData(manifest, manifestPath));
+        }
+        // Validate template placeholders reference real fields
+        if (!this.shouldSkipRule('template-fields-exist')) {
+            results.push(...checkTemplateFieldsExist(manifest, manifestPath));
+        }
+        // Ensure actions have response templates
+        if (!this.shouldSkipRule('has-response-templates')) {
+            results.push(...checkHasResponseTemplates(manifest, manifestPath));
+        }
+        // Recommend having a default/success template
+        if (!this.shouldSkipRule('default-template-recommended')) {
+            results.push(...checkDefaultTemplateRecommended(manifest, manifestPath));
+        }
+        return results;
+    }
+    /**
+     * Check manifest has all recommended fields
+     */
+    checkManifestCompleteness(manifest, trikPath) {
+        const results = [];
+        const manifestPath = join(trikPath, 'manifest.json');
+        if (!manifest.author) {
+            results.push({
+                rule: 'manifest-completeness',
+                severity: 'info',
+                message: 'Manifest is missing optional "author" field',
+                file: manifestPath,
+            });
+        }
+        if (!manifest.repository) {
+            results.push({
+                rule: 'manifest-completeness',
+                severity: 'info',
+                message: 'Manifest is missing optional "repository" field',
+                file: manifestPath,
+            });
+        }
+        if (!manifest.license) {
+            results.push({
+                rule: 'manifest-completeness',
+                severity: 'info',
+                message: 'Manifest is missing optional "license" field',
+                file: manifestPath,
+            });
+        }
+        if (manifest.limits.maxExecutionTimeMs > 60000) {
+            results.push({
+                rule: 'manifest-completeness',
+                severity: 'warning',
+                message: 'maxExecutionTimeMs is very high (>60s) - consider reducing',
+                file: manifestPath,
+            });
+        }
+        return results;
+    }
+    /**
+     * Format lint results for console output
+     */
+    formatResults(results) {
+        if (results.length === 0) {
+            return '✓ No issues found';
+        }
+        const lines = [];
+        const errors = results.filter((r) => r.severity === 'error');
+        const warnings = results.filter((r) => r.severity === 'warning');
+        const infos = results.filter((r) => r.severity === 'info');
+        for (const result of results) {
+            const icon = result.severity === 'error' ? '✗' : result.severity === 'warning' ? '⚠' : 'ℹ';
+            const location = result.line ? `${result.file}:${result.line}:${result.column}` : result.file;
+            lines.push(`${icon} [${result.rule}] ${result.message}`);
+            if (location) {
+                lines.push(`  at ${location}`);
+            }
+        }
+        lines.push('');
+        lines.push(`${errors.length} error(s), ${warnings.length} warning(s), ${infos.length} info`);
+        return lines.join('\n');
+    }
+    /**
+     * Check if lint results have any errors
+     */
+    hasErrors(results) {
+        return results.some((r) => r.severity === 'error');
+    }
+}
+//# sourceMappingURL=linter.js.map

package/dist/linter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"linter.js","sourceRoot":"","sources":["../src/linter.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAW,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5B,OAAO,EAEL,gBAAgB,GACjB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAEL,qBAAqB,EACrB,yBAAyB,EACzB,oBAAoB,EACpB,qBAAqB;AACrB,6BAA6B;AAC7B,6BAA6B,EAC7B,wBAAwB,EACxB,yBAAyB,EACzB,+BAA+B,GAChC,MAAM,YAAY,CAAC;AAcpB;;GAEG;AACH,MAAM,OAAO,UAAU;IACb,MAAM,CAAe;IAE7B,YAAY,SAAuB,EAAE;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,QAAgB,EAAE,OAAe;QACvD,OAAO,EAAE,CAAC,gBAAgB,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAChG,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY,CAAC,QAAgB;QACzC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QACrD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACtD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEjC,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,qBAAqB,UAAU,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACxE,CAAC;QAED,OAAO,IAAoB,CAAC;IAC9B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,eAAe,CAAC,QAAgB;QAC5C,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QAC5C,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QAEpE,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;gBAClF,wCAAwC;gBACxC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC3C,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,QAAgB;QACrC,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC;IAC5D,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,gBAAgB,CAAC,QAAgB;QACrC,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QAErD,gCAAgC;QAChC,IAAI,QAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC/C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,yBAAyB;gBAC3E,IAAI,EAAE,YAAY;aACnB,CAAC,CAAC;YACH,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,0DAA0D;QAC1D,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC;QAE3D,iCAAiC;QACjC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;QACtE,CAAC;QAED,uCAAuC;QACvC,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACjC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;oBAClC,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,QAAgB;QACzB,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QAErD,gCAAgC;QAChC,IAAI,QAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC/C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,gBAAgB;gBACtB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,yBAAyB;gBAC3E,IAAI,EAAE,YAAY;aACnB,CAAC,CAAC;YACH,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,0DAA0D;QAC1D,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC;QAE3D,iCAAiC;QACjC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;QACtE,CAAC;QAED,mCAAmC;QACnC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAEzD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,kBAAkB;gBACxB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,oDAAoD;gBAC7D,IAAI,EAAE,QAAQ;aACf,CAAC,CAAC;YACH,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,8BAA8B;QAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;QAC9E,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAG,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YAC5F,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,oBAAoB;gBAC1B,QAAQ,EAAE,SAAS;gBACnB,OAAO,EAAE,gBAAgB,QAAQ,CAAC,KAAK,CAAC,MAAM,kCAAkC;gBAChF,IAAI,EAAE,QAAQ;aACf,CAAC,CAAC;QACL,CAAC;QAED,8BAA8B;QAC9B,KAAK,MAAM,QAAQ,IAAI,WAAW,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAE3D,0BAA0B;YAC1B,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,sBAAsB,CAAC,EAAE,CAAC;gBACjD,OAAO,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC;YACnF,CAAC;YAED,+BAA+B;YAC/B,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBAC5C,OAAO,CAAC,IAAI,CAAC,GAAG,yBAAyB,CAAC,UAAU,CAAC,CAAC,CAAC;YACzD,CAAC;YAED,yBAAyB;YACzB,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBAC5C,OAAO,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,UAAU,EAAE,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;YACjF,CAAC;YAED,2BAA2B;YAC3B,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC3C,OAAO,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;QAED,uCAAuC;QACvC,IAAI,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;YACjC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;gBAC7B,IAAI,MAAM,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;oBAClC,MAAM,CAAC,QAAQ,GAAG,OAAO,CAAC;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,QAAsB,EAAE,YAAoB;QAC/D,MAAM,OAAO,GAAiB,EAAE,CAAC;QAEjC,8DAA8D;QAC9D,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,+BAA+B,CAAC,EAAE,CAAC;YAC1D,OAAO,CAAC,IAAI,CAAC,GAAG,6BAA6B,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC;QACzE,CAAC;QAED,uDAAuD;QACvD,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,uBAAuB,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC;QACpE,CAAC;QAED,yCAAyC;QACzC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,wBAAwB,CAAC,EAAE,CAAC;YACnD,OAAO,CAAC,IAAI,CAAC,GAAG,yBAAyB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC;QACrE,CAAC;QAED,8CAA8C;QAC9C,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,8BAA8B,CAAC,EAAE,CAAC;YACzD,OAAO,CAAC,IAAI,CAAC,GAAG,+BAA+B,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAAC;QAC3E,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACK,yBAAyB,CAAC,QAAsB,EAAE,QAAgB;QACxE,MAAM,OAAO,GAAiB,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QAErD,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,uBAAuB;gBAC7B,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,6CAA6C;gBACtD,IAAI,EAAE,YAAY;aACnB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;YACzB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,uBAAuB;gBAC7B,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,iDAAiD;gBAC1D,IAAI,EAAE,YAAY;aACnB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,uBAAuB;gBAC7B,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,8CAA8C;gBACvD,IAAI,EAAE,YAAY;aACnB,CAAC,CAAC;QACL,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,CAAC,kBAAkB,GAAG,KAAK,EAAE,CAAC;YAC/C,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,uBAAuB;gBAC7B,QAAQ,EAAE,SAAS;gBACnB,OAAO,EAAE,4DAA4D;gBACrE,IAAI,EAAE,YAAY;aACnB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,OAAqB;QACjC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,mBAAmB,CAAC;QAC7B,CAAC;QAED,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;QAC7D,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC;QACjE,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;QAE3D,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YAC3F,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC;YAC9F,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,KAAK,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YACzD,IAAI,QAAQ,EAAE,CAAC;gBACb,KAAK,CAAC,IAAI,CAAC,QAAQ,QAAQ,EAAE,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,cAAc,QAAQ,CAAC,MAAM,gBAAgB,KAAK,CAAC,MAAM,OAAO,CAAC,CAAC;QAE7F,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,OAAqB;QAC7B,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC;IACrD,CAAC;CACF"}

package/dist/rules.d.ts

@@ -0,0 +1,87 @@
+import ts from 'typescript';
+/**
+ * Lint result severity
+ */
+export type LintSeverity = 'error' | 'warning' | 'info';
+/**
+ * A single lint result
+ */
+export interface LintResult {
+    rule: string;
+    severity: LintSeverity;
+    message: string;
+    file?: string;
+    line?: number;
+    column?: number;
+}
+/**
+ * List of forbidden Node.js core modules
+ */
+export declare const FORBIDDEN_IMPORTS: string[];
+/**
+ * List of forbidden global function calls
+ */
+export declare const FORBIDDEN_CALLS: string[];
+/**
+ * Extract all import specifiers from a source file
+ */
+export declare function getImports(sourceFile: ts.SourceFile): string[];
+/**
+ * Check for forbidden imports
+ */
+export declare function checkForbiddenImports(sourceFile: ts.SourceFile, forbiddenList?: string[]): LintResult[];
+/**
+ * Check for dynamic code execution (eval, Function constructor)
+ */
+export declare function checkDynamicCodeExecution(sourceFile: ts.SourceFile): LintResult[];
+/**
+ * Find tool usages in the source file
+ * This is a heuristic - looks for common LangGraph tool patterns
+ */
+export declare function findToolUsage(sourceFile: ts.SourceFile): string[];
+/**
+ * Check that all tools used are declared in manifest
+ */
+export declare function checkUndeclaredTools(sourceFile: ts.SourceFile, declaredTools: string[]): LintResult[];
+/**
+ * Check for process.env access (potential secret leakage)
+ */
+export declare function checkProcessEnvAccess(sourceFile: ts.SourceFile): LintResult[];
+import type { JSONSchema, TrikManifest } from '@trikhub/manifest';
+/**
+ * Allowed string formats in agentDataSchema.
+ * These are safe because they have constrained, predictable values.
+ */
+export declare const ALLOWED_AGENT_STRING_FORMATS: string[];
+/**
+ * Recursively check if a schema contains unconstrained strings.
+ * Returns array of paths where unconstrained strings are found.
+ */
+export declare function schemaHasNoUnconstrainedStrings(schema: JSONSchema, path?: string): string[];
+/**
+ * Check that agentDataSchema contains no free-form strings.
+ * This is the core security rule for type-directed privilege separation.
+ */
+export declare function checkNoFreeStringsInAgentData(manifest: TrikManifest, manifestPath: string): LintResult[];
+/**
+ * Extract placeholder names from template text.
+ * Placeholders use {{fieldName}} syntax.
+ */
+export declare function extractTemplatePlaceholders(templateText: string): string[];
+/**
+ * Get all top-level field names from a schema
+ */
+export declare function getSchemaFieldNames(schema: JSONSchema): string[];
+/**
+ * Check that all template placeholders reference fields in agentDataSchema.
+ */
+export declare function checkTemplateFieldsExist(manifest: TrikManifest, manifestPath: string): LintResult[];
+/**
+ * Check that template mode V2 actions have at least one response template.
+ */
+export declare function checkHasResponseTemplates(manifest: TrikManifest, manifestPath: string): LintResult[];
+/**
+ * Check that template mode V2 actions have a "default" or commonly expected template.
+ */
+export declare function checkDefaultTemplateRecommended(manifest: TrikManifest, manifestPath: string): LintResult[];
+//# sourceMappingURL=rules.d.ts.map

package/dist/rules.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.d.ts","sourceRoot":"","sources":["../src/rules.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,YAAY,CAAC;AAE5B;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;AAExD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,YAAY,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,UAc7B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,eAAe,UAAuB,CAAC;AAEpD;;GAEG;AACH,wBAAgB,UAAU,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,GAAG,MAAM,EAAE,CAwB9D;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,EAAE,CAAC,UAAU,EACzB,aAAa,GAAE,MAAM,EAAsB,GAC1C,UAAU,EAAE,CAmBd;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,GAAG,UAAU,EAAE,CAyCjF;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,GAAG,MAAM,EAAE,CA8CjE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,UAAU,EAAE,EAAE,CAAC,UAAU,EACzB,aAAa,EAAE,MAAM,EAAE,GACtB,UAAU,EAAE,CAgBd;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,GAAG,UAAU,EAAE,CA8B7E;AAMD,OAAO,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAElE;;;GAGG;AACH,eAAO,MAAM,4BAA4B,UAAsD,CAAC;AAEhG;;;GAGG;AACH,wBAAgB,+BAA+B,CAC7C,MAAM,EAAE,UAAU,EAClB,IAAI,GAAE,MAAe,GACpB,MAAM,EAAE,CA6CV;AA6BD;;;GAGG;AACH,wBAAgB,6BAA6B,CAC3C,QAAQ,EAAE,YAAY,EACtB,YAAY,EAAE,MAAM,GACnB,UAAU,EAAE,CAwBd;AAED;;;GAGG;AACH,wBAAgB,2BAA2B,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,EAAE,CAU1E;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,EAAE,CAQhE;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,YAAY,EACtB,YAAY,EAAE,MAAM,GACnB,UAAU,EAAE,CA6Bd;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CACvC,QAAQ,EAAE,YAAY,EACtB,YAAY,EAAE,MAAM,GACnB,UAAU,EAAE,CAuBd;AAED;;GAEG;AACH,wBAAgB,+BAA+B,CAC7C,QAAQ,EAAE,YAAY,EACtB,YAAY,EAAE,MAAM,GACnB,UAAU,EAAE,CAyBd"}

package/dist/rules.js

@@ -0,0 +1,397 @@
+import ts from 'typescript';
+/**
+ * List of forbidden Node.js core modules
+ */
+export const FORBIDDEN_IMPORTS = [
+    'fs',
+    'fs/promises',
+    'child_process',
+    'net',
+    'http',
+    'https',
+    'dgram',
+    'dns',
+    'tls',
+    'cluster',
+    'worker_threads',
+    'vm',
+    'process',
+];
+/**
+ * List of forbidden global function calls
+ */
+export const FORBIDDEN_CALLS = ['eval', 'Function'];
+/**
+ * Extract all import specifiers from a source file
+ */
+export function getImports(sourceFile) {
+    const imports = [];
+    function visit(node) {
+        if (ts.isImportDeclaration(node)) {
+            const moduleSpecifier = node.moduleSpecifier;
+            if (ts.isStringLiteral(moduleSpecifier)) {
+                imports.push(moduleSpecifier.text);
+            }
+        }
+        // Also check for dynamic imports
+        if (ts.isCallExpression(node)) {
+            if (node.expression.kind === ts.SyntaxKind.ImportKeyword) {
+                const arg = node.arguments[0];
+                if (arg && ts.isStringLiteral(arg)) {
+                    imports.push(arg.text);
+                }
+            }
+        }
+        ts.forEachChild(node, visit);
+    }
+    visit(sourceFile);
+    return imports;
+}
+/**
+ * Check for forbidden imports
+ */
+export function checkForbiddenImports(sourceFile, forbiddenList = FORBIDDEN_IMPORTS) {
+    const results = [];
+    const imports = getImports(sourceFile);
+    for (const imp of imports) {
+        // Check direct matches and node: prefix
+        const normalizedImport = imp.startsWith('node:') ? imp.slice(5) : imp;
+        if (forbiddenList.includes(normalizedImport)) {
+            results.push({
+                rule: 'no-forbidden-imports',
+                severity: 'error',
+                message: `Forbidden import: "${imp}" - triks cannot use this module`,
+                file: sourceFile.fileName,
+            });
+        }
+    }
+    return results;
+}
+/**
+ * Check for dynamic code execution (eval, Function constructor)
+ */
+export function checkDynamicCodeExecution(sourceFile) {
+    const results = [];
+    function visit(node) {
+        // Check for eval()
+        if (ts.isCallExpression(node)) {
+            const callee = node.expression;
+            if (ts.isIdentifier(callee) && callee.text === 'eval') {
+                const { line, character } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+                results.push({
+                    rule: 'no-dynamic-code',
+                    severity: 'error',
+                    message: 'Use of eval() is forbidden in triks',
+                    file: sourceFile.fileName,
+                    line: line + 1,
+                    column: character + 1,
+                });
+            }
+        }
+        // Check for new Function()
+        if (ts.isNewExpression(node)) {
+            const expression = node.expression;
+            if (ts.isIdentifier(expression) && expression.text === 'Function') {
+                const { line, character } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+                results.push({
+                    rule: 'no-dynamic-code',
+                    severity: 'error',
+                    message: 'Use of Function constructor is forbidden in triks',
+                    file: sourceFile.fileName,
+                    line: line + 1,
+                    column: character + 1,
+                });
+            }
+        }
+        ts.forEachChild(node, visit);
+    }
+    visit(sourceFile);
+    return results;
+}
+/**
+ * Find tool usages in the source file
+ * This is a heuristic - looks for common LangGraph tool patterns
+ */
+export function findToolUsage(sourceFile) {
+    const tools = [];
+    function visit(node) {
+        // Look for @tool decorator or tool() calls
+        if (ts.isCallExpression(node)) {
+            const callee = node.expression;
+            if (ts.isIdentifier(callee) && callee.text === 'tool') {
+                // tool("name", ...) pattern
+                const firstArg = node.arguments[0];
+                if (firstArg && ts.isStringLiteral(firstArg)) {
+                    tools.push(firstArg.text);
+                }
+            }
+        }
+        // Look for StructuredTool class definitions
+        if (ts.isClassDeclaration(node)) {
+            const heritage = node.heritageClauses;
+            if (heritage) {
+                for (const clause of heritage) {
+                    for (const type of clause.types) {
+                        if (ts.isIdentifier(type.expression) && type.expression.text === 'StructuredTool') {
+                            // Get the name property
+                            for (const member of node.members) {
+                                if (ts.isPropertyDeclaration(member)) {
+                                    const name = member.name;
+                                    if (ts.isIdentifier(name) && name.text === 'name') {
+                                        const initializer = member.initializer;
+                                        if (initializer && ts.isStringLiteral(initializer)) {
+                                            tools.push(initializer.text);
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        ts.forEachChild(node, visit);
+    }
+    visit(sourceFile);
+    return tools;
+}
+/**
+ * Check that all tools used are declared in manifest
+ */
+export function checkUndeclaredTools(sourceFile, declaredTools) {
+    const results = [];
+    const usedTools = findToolUsage(sourceFile);
+    for (const tool of usedTools) {
+        if (!declaredTools.includes(tool)) {
+            results.push({
+                rule: 'undeclared-tool',
+                severity: 'error',
+                message: `Tool "${tool}" is used but not declared in manifest.capabilities.tools`,
+                file: sourceFile.fileName,
+            });
+        }
+    }
+    return results;
+}
+/**
+ * Check for process.env access (potential secret leakage)
+ */
+export function checkProcessEnvAccess(sourceFile) {
+    const results = [];
+    function visit(node) {
+        if (ts.isPropertyAccessExpression(node)) {
+            // Check for process.env
+            if (ts.isPropertyAccessExpression(node.expression) &&
+                ts.isIdentifier(node.expression.expression) &&
+                node.expression.expression.text === 'process' &&
+                ts.isIdentifier(node.expression.name) &&
+                node.expression.name.text === 'env') {
+                const { line, character } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+                results.push({
+                    rule: 'no-process-env',
+                    severity: 'warning',
+                    message: 'Accessing process.env - ensure no secrets are leaked in trik output',
+                    file: sourceFile.fileName,
+                    line: line + 1,
+                    column: character + 1,
+                });
+            }
+        }
+        ts.forEachChild(node, visit);
+    }
+    visit(sourceFile);
+    return results;
+}
+/**
+ * Allowed string formats in agentDataSchema.
+ * These are safe because they have constrained, predictable values.
+ */
+export const ALLOWED_AGENT_STRING_FORMATS = ['id', 'date', 'date-time', 'uuid', 'email', 'url'];
+/**
+ * Recursively check if a schema contains unconstrained strings.
+ * Returns array of paths where unconstrained strings are found.
+ */
+export function schemaHasNoUnconstrainedStrings(schema, path = 'root') {
+    const violations = [];
+    // Handle array type
+    if (Array.isArray(schema.type)) {
+        if (schema.type.includes('string')) {
+            // String is one of the allowed types - check if constrained
+            if (!isConstrainedString(schema)) {
+                violations.push(path);
+            }
+        }
+    }
+    else if (schema.type === 'string') {
+        // Direct string type - must be constrained
+        if (!isConstrainedString(schema)) {
+            violations.push(path);
+        }
+    }
+    // Recursively check properties
+    if (schema.properties) {
+        for (const [key, propSchema] of Object.entries(schema.properties)) {
+            violations.push(...schemaHasNoUnconstrainedStrings(propSchema, `${path}.${key}`));
+        }
+    }
+    // Recursively check array items
+    if (schema.items) {
+        violations.push(...schemaHasNoUnconstrainedStrings(schema.items, `${path}[]`));
+    }
+    // Check additionalProperties if it's a schema
+    if (schema.additionalProperties && typeof schema.additionalProperties === 'object') {
+        violations.push(...schemaHasNoUnconstrainedStrings(schema.additionalProperties, `${path}[additionalProperties]`));
+    }
+    // Check $defs
+    if (schema.$defs) {
+        for (const [key, defSchema] of Object.entries(schema.$defs)) {
+            violations.push(...schemaHasNoUnconstrainedStrings(defSchema, `${path}.$defs.${key}`));
+        }
+    }
+    return violations;
+}
+/**
+ * Check if a string schema is properly constrained
+ */
+function isConstrainedString(schema) {
+    // Has enum constraint
+    if (schema.enum && Array.isArray(schema.enum) && schema.enum.length > 0) {
+        return true;
+    }
+    // Has const constraint
+    if (schema.const !== undefined) {
+        return true;
+    }
+    // Has pattern constraint
+    if (schema.pattern && typeof schema.pattern === 'string') {
+        return true;
+    }
+    // Has allowed format constraint
+    if (schema.format && ALLOWED_AGENT_STRING_FORMATS.includes(schema.format)) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Check that agentDataSchema contains no free-form strings.
+ * This is the core security rule for type-directed privilege separation.
+ */
+export function checkNoFreeStringsInAgentData(manifest, manifestPath) {
+    const results = [];
+    for (const [actionName, action] of Object.entries(manifest.actions)) {
+        // Only check agentDataSchema for template mode actions
+        if (action.responseMode === 'template' && action.agentDataSchema) {
+            const violations = schemaHasNoUnconstrainedStrings(action.agentDataSchema, `actions.${actionName}.agentDataSchema`);
+            for (const violationPath of violations) {
+                results.push({
+                    rule: 'no-free-strings-in-agent-data',
+                    severity: 'error',
+                    message: `Unconstrained string found at ${violationPath}. ` +
+                        `Strings in agentDataSchema must have: enum, const, pattern, or format (${ALLOWED_AGENT_STRING_FORMATS.join(', ')})`,
+                    file: manifestPath,
+                });
+            }
+        }
+    }
+    return results;
+}
+/**
+ * Extract placeholder names from template text.
+ * Placeholders use {{fieldName}} syntax.
+ */
+export function extractTemplatePlaceholders(templateText) {
+    const regex = /\{\{(\w+)\}\}/g;
+    const placeholders = [];
+    let match;
+    while ((match = regex.exec(templateText)) !== null) {
+        placeholders.push(match[1]);
+    }
+    return placeholders;
+}
+/**
+ * Get all top-level field names from a schema
+ */
+export function getSchemaFieldNames(schema) {
+    const fields = [];
+    if (schema.properties) {
+        fields.push(...Object.keys(schema.properties));
+    }
+    return fields;
+}
+/**
+ * Check that all template placeholders reference fields in agentDataSchema.
+ */
+export function checkTemplateFieldsExist(manifest, manifestPath) {
+    const results = [];
+    for (const [actionName, action] of Object.entries(manifest.actions)) {
+        // Only check template fields for template mode actions with schemas and templates
+        if (action.responseMode !== 'template' || !action.agentDataSchema || !action.responseTemplates) {
+            continue;
+        }
+        const schemaFields = getSchemaFieldNames(action.agentDataSchema);
+        for (const [templateId, template] of Object.entries(action.responseTemplates)) {
+            const placeholders = extractTemplatePlaceholders(template.text);
+            for (const placeholder of placeholders) {
+                if (!schemaFields.includes(placeholder)) {
+                    results.push({
+                        rule: 'template-fields-exist',
+                        severity: 'error',
+                        message: `Template "${templateId}" in action "${actionName}" references field "{{${placeholder}}}" ` +
+                            `which does not exist in agentDataSchema. Available fields: ${schemaFields.join(', ') || 'none'}`,
+                        file: manifestPath,
+                    });
+                }
+            }
+        }
+    }
+    return results;
+}
+/**
+ * Check that template mode V2 actions have at least one response template.
+ */
+export function checkHasResponseTemplates(manifest, manifestPath) {
+    const results = [];
+    for (const [actionName, action] of Object.entries(manifest.actions)) {
+        // Only check template mode actions
+        if (action.responseMode !== 'template') {
+            continue;
+        }
+        const templateCount = action.responseTemplates ? Object.keys(action.responseTemplates).length : 0;
+        if (templateCount === 0) {
+            results.push({
+                rule: 'has-response-templates',
+                severity: 'error',
+                message: `Template mode action "${actionName}" has no response templates. ` +
+                    `Template mode actions must define at least one response template.`,
+                file: manifestPath,
+            });
+        }
+    }
+    return results;
+}
+/**
+ * Check that template mode V2 actions have a "default" or commonly expected template.
+ */
+export function checkDefaultTemplateRecommended(manifest, manifestPath) {
+    const results = [];
+    const commonTemplates = ['default', 'success', 'result'];
+    for (const [actionName, action] of Object.entries(manifest.actions)) {
+        // Only check template mode actions with templates
+        if (action.responseMode !== 'template' || !action.responseTemplates) {
+            continue;
+        }
+        const templateIds = Object.keys(action.responseTemplates);
+        const hasCommon = templateIds.some((id) => commonTemplates.includes(id));
+        if (!hasCommon && templateIds.length > 0) {
+            results.push({
+                rule: 'default-template-recommended',
+                severity: 'warning',
+                message: `Action "${actionName}" has no common template (${commonTemplates.join(', ')}). ` +
+                    `Consider adding a "success" or "default" template for clarity.`,
+                file: manifestPath,
+            });
+        }
+    }
+    return results;
+}
+//# sourceMappingURL=rules.js.map

package/dist/rules.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rules.js","sourceRoot":"","sources":["../src/rules.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,YAAY,CAAC;AAmB5B;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,IAAI;IACJ,aAAa;IACb,eAAe;IACf,KAAK;IACL,MAAM;IACN,OAAO;IACP,OAAO;IACP,KAAK;IACL,KAAK;IACL,SAAS;IACT,gBAAgB;IAChB,IAAI;IACJ,SAAS;CACV,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;AAEpD;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,UAAyB;IAClD,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,SAAS,KAAK,CAAC,IAAa;QAC1B,IAAI,EAAE,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC;YAC7C,IAAI,EAAE,CAAC,eAAe,CAAC,eAAe,CAAC,EAAE,CAAC;gBACxC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QACD,iCAAiC;QACjC,IAAI,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,KAAK,EAAE,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC;gBACzD,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBAC9B,IAAI,GAAG,IAAI,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;oBACnC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC;QACH,CAAC;QACD,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,CAAC;IAClB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,UAAyB,EACzB,gBAA0B,iBAAiB;IAE3C,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;IAEvC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;QAC1B,wCAAwC;QACxC,MAAM,gBAAgB,GAAG,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAEtE,IAAI,aAAa,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC7C,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,sBAAsB;gBAC5B,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,sBAAsB,GAAG,kCAAkC;gBACpE,IAAI,EAAE,UAAU,CAAC,QAAQ;aAC1B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,UAAyB;IACjE,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,SAAS,KAAK,CAAC,IAAa;QAC1B,mBAAmB;QACnB,IAAI,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC;YAC/B,IAAI,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBACtD,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,UAAU,CAAC,6BAA6B,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACtF,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,iBAAiB;oBACvB,QAAQ,EAAE,OAAO;oBACjB,OAAO,EAAE,qCAAqC;oBAC9C,IAAI,EAAE,UAAU,CAAC,QAAQ;oBACzB,IAAI,EAAE,IAAI,GAAG,CAAC;oBACd,MAAM,EAAE,SAAS,GAAG,CAAC;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,2BAA2B;QAC3B,IAAI,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;YACnC,IAAI,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,IAAI,UAAU,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;gBAClE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,UAAU,CAAC,6BAA6B,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACtF,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,iBAAiB;oBACvB,QAAQ,EAAE,OAAO;oBACjB,OAAO,EAAE,mDAAmD;oBAC5D,IAAI,EAAE,UAAU,CAAC,QAAQ;oBACzB,IAAI,EAAE,IAAI,GAAG,CAAC;oBACd,MAAM,EAAE,SAAS,GAAG,CAAC;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,CAAC;IAClB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,UAAyB;IACrD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,SAAS,KAAK,CAAC,IAAa;QAC1B,2CAA2C;QAC3C,IAAI,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC;YAC/B,IAAI,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;gBACtD,4BAA4B;gBAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;gBACnC,IAAI,QAAQ,IAAI,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC7C,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAC5B,CAAC;YACH,CAAC;QACH,CAAC;QAED,4CAA4C;QAC5C,IAAI,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC;YAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,CAAC;YACtC,IAAI,QAAQ,EAAE,CAAC;gBACb,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;oBAC9B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;wBAChC,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;4BAClF,wBAAwB;4BACxB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gCAClC,IAAI,EAAE,CAAC,qBAAqB,CAAC,MAAM,CAAC,EAAE,CAAC;oCACrC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;oCACzB,IAAI,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;wCAClD,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;wCACvC,IAAI,WAAW,IAAI,EAAE,CAAC,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC;4CACnD,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;wCAC/B,CAAC;oCACH,CAAC;gCACH,CAAC;4BACH,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,CAAC;IAClB,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,UAAyB,EACzB,aAAuB;IAEvB,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,SAAS,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;IAE5C,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,SAAS,IAAI,2DAA2D;gBACjF,IAAI,EAAE,UAAU,CAAC,QAAQ;aAC1B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAyB;IAC7D,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,SAAS,KAAK,CAAC,IAAa;QAC1B,IAAI,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,wBAAwB;YACxB,IACE,EAAE,CAAC,0BAA0B,CAAC,IAAI,CAAC,UAAU,CAAC;gBAC9C,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;gBAC3C,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,KAAK,SAAS;gBAC7C,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;gBACrC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,KAAK,EACnC,CAAC;gBACD,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,UAAU,CAAC,6BAA6B,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACtF,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,gBAAgB;oBACtB,QAAQ,EAAE,SAAS;oBACnB,OAAO,EAAE,qEAAqE;oBAC9E,IAAI,EAAE,UAAU,CAAC,QAAQ;oBACzB,IAAI,EAAE,IAAI,GAAG,CAAC;oBACd,MAAM,EAAE,SAAS,GAAG,CAAC;iBACtB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,EAAE,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,CAAC;IAClB,OAAO,OAAO,CAAC;AACjB,CAAC;AAQD;;;GAGG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;AAEhG;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAC7C,MAAkB,EAClB,OAAe,MAAM;IAErB,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,oBAAoB;IACpB,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,4DAA4D;YAC5D,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,CAAC;gBACjC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACpC,2CAA2C;QAC3C,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACtB,KAAK,MAAM,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;YAClE,UAAU,CAAC,IAAI,CAAC,GAAG,+BAA+B,CAAC,UAAU,EAAE,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC;QACpF,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,UAAU,CAAC,IAAI,CAAC,GAAG,+BAA+B,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC;IACjF,CAAC;IAED,8CAA8C;IAC9C,IAAI,MAAM,CAAC,oBAAoB,IAAI,OAAO,MAAM,CAAC,oBAAoB,KAAK,QAAQ,EAAE,CAAC;QACnF,UAAU,CAAC,IAAI,CACb,GAAG,+BAA+B,CAAC,MAAM,CAAC,oBAAoB,EAAE,GAAG,IAAI,wBAAwB,CAAC,CACjG,CAAC;IACJ,CAAC;IAED,cAAc;IACd,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,KAAK,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5D,UAAU,CAAC,IAAI,CAAC,GAAG,+BAA+B,CAAC,SAAS,EAAE,GAAG,IAAI,UAAU,GAAG,EAAE,CAAC,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,MAAkB;IAC7C,sBAAsB;IACtB,IAAI,MAAM,CAAC,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uBAAuB;IACvB,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yBAAyB;IACzB,IAAI,MAAM,CAAC,OAAO,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gCAAgC;IAChC,IAAI,MAAM,CAAC,MAAM,IAAI,4BAA4B,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,6BAA6B,CAC3C,QAAsB,EACtB,YAAoB;IAEpB,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,KAAK,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACpE,uDAAuD;QACvD,IAAI,MAAM,CAAC,YAAY,KAAK,UAAU,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YACjE,MAAM,UAAU,GAAG,+BAA+B,CAChD,MAAM,CAAC,eAAe,EACtB,WAAW,UAAU,kBAAkB,CACxC,CAAC;YAEF,KAAK,MAAM,aAAa,IAAI,UAAU,EAAE,CAAC;gBACvC,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,+BAA+B;oBACrC,QAAQ,EAAE,OAAO;oBACjB,OAAO,EAAE,iCAAiC,aAAa,IAAI;wBACzD,0EAA0E,4BAA4B,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;oBACtH,IAAI,EAAE,YAAY;iBACnB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,2BAA2B,CAAC,YAAoB;IAC9D,MAAM,KAAK,GAAG,gBAAgB,CAAC;IAC/B,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,IAAI,KAAK,CAAC;IAEV,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnD,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAkB;IACpD,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QACtB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CACtC,QAAsB,EACtB,YAAoB;IAEpB,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,KAAK,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACpE,kFAAkF;QAClF,IAAI,MAAM,CAAC,YAAY,KAAK,UAAU,IAAI,CAAC,MAAM,CAAC,eAAe,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YAC/F,SAAS;QACX,CAAC;QAED,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAEjE,KAAK,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,EAAE,CAAC;YAC9E,MAAM,YAAY,GAAG,2BAA2B,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAEhE,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;gBACvC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;oBACxC,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,uBAAuB;wBAC7B,QAAQ,EAAE,OAAO;wBACjB,OAAO,EAAE,aAAa,UAAU,gBAAgB,UAAU,yBAAyB,WAAW,MAAM;4BAClG,8DAA8D,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,EAAE;wBACnG,IAAI,EAAE,YAAY;qBACnB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAsB,EACtB,YAAoB;IAEpB,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,KAAK,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACpE,mCAAmC;QACnC,IAAI,MAAM,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;YACvC,SAAS;QACX,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,CAAC,iBAAiB,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAElG,IAAI,aAAa,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,wBAAwB;gBAC9B,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,yBAAyB,UAAU,+BAA+B;oBACzE,mEAAmE;gBACrE,IAAI,EAAE,YAAY;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,+BAA+B,CAC7C,QAAsB,EACtB,YAAoB;IAEpB,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,eAAe,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEzD,KAAK,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACpE,kDAAkD;QAClD,IAAI,MAAM,CAAC,YAAY,KAAK,UAAU,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC;YACpE,SAAS;QACX,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;QAC1D,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QAEzE,IAAI,CAAC,SAAS,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,8BAA8B;gBACpC,QAAQ,EAAE,SAAS;gBACnB,OAAO,EAAE,WAAW,UAAU,6BAA6B,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;oBACxF,gEAAgE;gBAClE,IAAI,EAAE,YAAY;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/package.json

@@ -0,0 +1,57 @@
+{
+  "name": "@trikhub/linter",
+  "version": "0.1.0",
+  "description": "Linter and validator for trik manifests and handlers",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "bin": {
+    "trik-lint": "./dist/cli.js"
+  },
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "keywords": [
+    "ai",
+    "agent",
+    "trik",
+    "linter",
+    "validator",
+    "cli",
+    "typescript",
+    "trikhub"
+  ],
+  "author": "Muffles",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Muffles/trikhub.git",
+    "directory": "packages/trik-linter"
+  },
+  "bugs": {
+    "url": "https://github.com/Muffles/trikhub/issues"
+  },
+  "homepage": "https://github.com/Muffles/trikhub/tree/main/packages/trik-linter#readme",
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "typescript": "^5.5.0",
+    "@trikhub/manifest": "0.1.0"
+  },
+  "scripts": {
+    "build": "tsc",
+    "clean": "rm -rf dist *.tsbuildinfo"
+  }
+}