npm - @trops/dash-core - Versions diffs - 0.1.487 → 0.1.489 - Mend

@trops/dash-core 0.1.487 → 0.1.489

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/electron/index.js +494 -128
package/dist/electron/index.js.map +1 -1
package/package.json +1 -1

package/dist/electron/index.js CHANGED Viewed

@@ -17,7 +17,7 @@ var require$$0$5 = require('@modelcontextprotocol/sdk/client/index.js');
 var require$$1$4 = require('@modelcontextprotocol/sdk/client/stdio.js');
 var require$$0$4 = require('pkce-challenge');
 var require$$2$1 = require('os');
-var require$$7 = require('child_process');
+var require$$9$1 = require('child_process');
 var require$$3$2 = require('adm-zip');
 var require$$4$1 = require('url');
 var require$$2$2 = require('vm');
@@ -1107,7 +1107,7 @@ var secureStoreController$1 = {
   getData: getData$1,
 };
-const path$k = require$$1$2;
+const path$l = require$$1$2;
 const {
   readFileSync,
   writeFileSync: writeFileSync$4,
@@ -1125,7 +1125,7 @@ const {
 function ensureDirectoryExistence$2(filePath) {
   try {
     // isDirectory
-    var dirname = path$k.dirname(filePath);
+    var dirname = path$l.dirname(filePath);
     // check if the directory exists...return true
     // if not, we can pass in the dirname as the filepath
     // and check each directory recursively.
@@ -1240,7 +1240,7 @@ function removeFilesFromDirectory(directory, excludeFiles = []) {
       for (const file of files) {
         if (!excludeFiles.includes(file)) {
-          unlinkSync(path$k.join(directory, file), (err) => {
+          unlinkSync(path$l.join(directory, file), (err) => {
             if (err) throw err;
           });
         }
@@ -1257,8 +1257,8 @@ var file = {
   checkDirectory: checkDirectory$1,
 };
-const { app: app$c } = require$$0$1;
-const path$j = require$$1$2;
+const { app: app$e } = require$$0$1;
+const path$k = require$$1$2;
 const { writeFileSync: writeFileSync$3 } = require$$0$2;
 const { getFileContents: getFileContents$7 } = file;
@@ -1305,8 +1305,8 @@ const workspaceController$3 = {
   saveWorkspaceForApplication: (win, appId, workspaceObject) => {
     try {
       // filename to the pages file (live pages)
-      const filename = path$j.join(
-        app$c.getPath("userData"),
+      const filename = path$k.join(
+        app$e.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1354,8 +1354,8 @@ const workspaceController$3 = {
   saveMenuItemsForApplication: (win, appId, menuItems) => {
     try {
       // filename to the workspaces file
-      const filename = path$j.join(
-        app$c.getPath("userData"),
+      const filename = path$k.join(
+        app$e.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1403,8 +1403,8 @@ const workspaceController$3 = {
    */
   deleteWorkspaceForApplication: (win, appId, workspaceId) => {
     try {
-      const filename = path$j.join(
-        app$c.getPath("userData"),
+      const filename = path$k.join(
+        app$e.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1437,8 +1437,8 @@ const workspaceController$3 = {
   listWorkspacesForApplication: (win, appId) => {
     try {
-      const filename = path$j.join(
-        app$c.getPath("userData"),
+      const filename = path$k.join(
+        app$e.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1465,8 +1465,8 @@ const workspaceController$3 = {
   listMenuItemsForApplication: (win, appId) => {
     try {
-      const filename = path$j.join(
-        app$c.getPath("userData"),
+      const filename = path$k.join(
+        app$e.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1509,8 +1509,8 @@ const workspaceController$3 = {
 var workspaceController_1 = workspaceController$3;
-const { app: app$b } = require$$0$1;
-const path$i = require$$1$2;
+const { app: app$d } = require$$0$1;
+const path$j = require$$1$2;
 const { writeFileSync: writeFileSync$2 } = require$$0$2;
 const { getFileContents: getFileContents$6 } = file;
@@ -1530,8 +1530,8 @@ const themeController$5 = {
   saveThemeForApplication: (win, appId, name, obj) => {
     try {
       // filename to the pages file (live pages)
-      const filename = path$i.join(
-        app$b.getPath("userData"),
+      const filename = path$j.join(
+        app$d.getPath("userData"),
         appName$6,
         appId,
         configFilename$4,
@@ -1576,8 +1576,8 @@ const themeController$5 = {
    */
   listThemesForApplication: (win, appId) => {
     try {
-      const filename = path$i.join(
-        app$b.getPath("userData"),
+      const filename = path$j.join(
+        app$d.getPath("userData"),
         appName$6,
         appId,
         configFilename$4,
@@ -1618,8 +1618,8 @@ const themeController$5 = {
    */
   deleteThemeForApplication: (win, appId, themeKey) => {
     try {
-      const filename = path$i.join(
-        app$b.getPath("userData"),
+      const filename = path$j.join(
+        app$d.getPath("userData"),
         appName$6,
         appId,
         configFilename$4,
@@ -1695,9 +1695,9 @@ var themeController_1 = themeController$5;
  *      `/data/`.
  */
-const path$h = require$$1$2;
-const fs$c = require$$0$2;
-const { app: app$a } = require$$0$1;
+const path$i = require$$1$2;
+const fs$d = require$$0$2;
+const { app: app$c } = require$$0$1;
 const APP_NAME = "Dashboard";
@@ -1706,10 +1706,10 @@ const APP_NAME = "Dashboard";
  * @returns {string[]} ordered allowed roots for that category
  */
 function getAllowedRoots$2(category) {
-  const userData = app$a.getPath("userData");
+  const userData = app$c.getPath("userData");
   switch (category) {
     case "data": {
-      const def = path$h.join(userData, APP_NAME, "data");
+      const def = path$i.join(userData, APP_NAME, "data");
       // The user can configure a custom data directory in
       // Settings → General → Data Directory. If set, that
       // location is ALSO an allowed root. We don't replace the
@@ -1719,13 +1719,13 @@ function getAllowedRoots$2(category) {
       return override ? [def, override] : [def];
     }
     case "themes":
-      return [path$h.join(userData, APP_NAME, "themes")];
+      return [path$i.join(userData, APP_NAME, "themes")];
     case "widgets":
-      return [path$h.join(userData, "widgets")];
+      return [path$i.join(userData, "widgets")];
     case "plugins":
-      return [path$h.join(userData, "plugins")];
+      return [path$i.join(userData, "plugins")];
     case "downloads":
-      return [app$a.getPath("downloads")];
+      return [app$c.getPath("downloads")];
     default:
       throw new Error("safePath: unknown allowed-roots category: " + category);
   }
@@ -1740,13 +1740,13 @@ function getAllowedRoots$2(category) {
  */
 function readDataDirectoryFromSettings() {
   try {
-    const settingsPath = path$h.join(
-      app$a.getPath("userData"),
+    const settingsPath = path$i.join(
+      app$c.getPath("userData"),
       APP_NAME,
       "settings.json",
     );
-    if (!fs$c.existsSync(settingsPath)) return undefined;
-    const raw = fs$c.readFileSync(settingsPath, "utf8");
+    if (!fs$d.existsSync(settingsPath)) return undefined;
+    const raw = fs$d.readFileSync(settingsPath, "utf8");
     const settings = JSON.parse(raw);
     const dir = settings && settings.dataDirectory;
     if (typeof dir === "string" && dir) return dir;
@@ -1764,7 +1764,7 @@ function readDataDirectoryFromSettings() {
  * @returns {string} validated absolute real-path
  * @throws if requested is not contained within any allowed root
  */
-function safePath$2(requested, allowedRoots) {
+function safePath$3(requested, allowedRoots) {
   if (typeof requested !== "string" || !requested) {
     throw new Error("safePath: requested must be a non-empty string");
   }
@@ -1772,18 +1772,18 @@ function safePath$2(requested, allowedRoots) {
     throw new Error("safePath: allowedRoots must be a non-empty array");
   }
-  const resolved = path$h.resolve(requested);
+  const resolved = path$i.resolve(requested);
   // Real-path through symlinks. If the file doesn't exist yet (a
   // create-new operation), real-path the parent so a symlink in the
   // parent chain can't trick us.
   let real = resolved;
   try {
-    real = fs$c.realpathSync(resolved);
+    real = fs$d.realpathSync(resolved);
   } catch (_e) {
     try {
-      const parent = fs$c.realpathSync(path$h.dirname(resolved));
-      real = path$h.join(parent, path$h.basename(resolved));
+      const parent = fs$d.realpathSync(path$i.dirname(resolved));
+      real = path$i.join(parent, path$i.basename(resolved));
     } catch (_e2) {
       // Parent doesn't exist either. Use the resolved-but-not-
       // real path; the caller's mkdirSync will happen inside the
@@ -1795,14 +1795,14 @@ function safePath$2(requested, allowedRoots) {
   for (const root of allowedRoots) {
     let realRoot = root;
     try {
-      if (fs$c.existsSync(root)) realRoot = fs$c.realpathSync(root);
+      if (fs$d.existsSync(root)) realRoot = fs$d.realpathSync(root);
     } catch (_e) {
       // root doesn't exist or isn't reachable — keep as-is for
       // the comparison below
     }
     // Exact match OR strictly-inside (with separator to prevent
     // /data-evil/ matching /data/).
-    if (real === realRoot || real.startsWith(realRoot + path$h.sep)) {
+    if (real === realRoot || real.startsWith(realRoot + path$i.sep)) {
       return real;
     }
   }
@@ -1819,7 +1819,7 @@ function safePath$2(requested, allowedRoots) {
 }
 var safePath_1 = {
-  safePath: safePath$2,
+  safePath: safePath$3,
   getAllowedRoots: getAllowedRoots$2,
 };
@@ -2060,15 +2060,15 @@ var safeJsExecutor$1 = {
  * - CSV -> JSON
  */
-var fs$b = require$$0$2;
+var fs$c = require$$0$2;
 var readline = require$$1$3;
 const xtreamer = require$$2;
 var xmlParser = require$$3$1;
 var JSONStream$1 = require$$4;
 const stream$1 = require$$5;
 var csv = require$$6;
-const path$g = require$$1$2;
-const { app: app$9 } = require$$0$1;
+const path$h = require$$1$2;
+const { app: app$b } = require$$0$1;
 const { ensureDirectoryExistence: ensureDirectoryExistence$1 } = file;
 const safeJsExecutor = safeJsExecutor$1;
@@ -2122,7 +2122,7 @@ let Transform$1 = class Transform {
         let lineObject = [];
         const readInterface = readline.createInterface({
-          input: fs$b.createReadStream(filepath),
+          input: fs$c.createReadStream(filepath),
           output: process.stdout,
           console: false,
         });
@@ -2157,7 +2157,7 @@ let Transform$1 = class Transform {
     return new Promise((resolve, reject) => {
       try {
         const parser = JSONStream$1.parse("*");
-        const readStream = fs$b.createReadStream(file).pipe(parser);
+        const readStream = fs$c.createReadStream(file).pipe(parser);
         let count = 0;
@@ -2210,7 +2210,7 @@ let Transform$1 = class Transform {
   parseXMLStream = (filepath, outpath, start) => {
     return new Promise((resolve, reject) => {
       try {
-        const xmlFileReadStream = fs$b.createReadStream(filepath);
+        const xmlFileReadStream = fs$c.createReadStream(filepath);
         xmlFileReadStream.on("end", () => {
           writeStream.write("\n]");
@@ -2221,7 +2221,7 @@ let Transform$1 = class Transform {
           resolve("Read Finish");
         });
-        const writeStream = fs$b.createWriteStream(outpath);
+        const writeStream = fs$c.createWriteStream(outpath);
         writeStream.write("[\n");
         const options = {
@@ -2273,10 +2273,10 @@ let Transform$1 = class Transform {
   ) => {
     return new Promise((resolve, reject) => {
       try {
-        const readStream = fs$b
+        const readStream = fs$c
           .createReadStream(filepath)
           .pipe(csv({ separator: delimiter }));
-        const writeStream = fs$b.createWriteStream(outpath);
+        const writeStream = fs$c.createWriteStream(outpath);
         let canParse = true;
@@ -2362,18 +2362,18 @@ let Transform$1 = class Transform {
       }
       // Validate file paths are within app data directory
-      const appDataDir = path$g.join(app$9.getPath("userData"), TRANSFORM_APP_NAME);
-      const resolvedFilepath = path$g.resolve(filepath);
-      const resolvedOutFilepath = path$g.resolve(outFilepath);
+      const appDataDir = path$h.join(app$b.getPath("userData"), TRANSFORM_APP_NAME);
+      const resolvedFilepath = path$h.resolve(filepath);
+      const resolvedOutFilepath = path$h.resolve(outFilepath);
-      if (!resolvedFilepath.startsWith(appDataDir + path$g.sep)) {
+      if (!resolvedFilepath.startsWith(appDataDir + path$h.sep)) {
         return reject(
           new Error(
             "Input file path must be within the application data directory",
           ),
         );
       }
-      if (!resolvedOutFilepath.startsWith(appDataDir + path$g.sep)) {
+      if (!resolvedOutFilepath.startsWith(appDataDir + path$h.sep)) {
         return reject(
           new Error(
             "Output file path must be within the application data directory",
@@ -2384,16 +2384,16 @@ let Transform$1 = class Transform {
       // JSON parser
       var parser = JSONStream$1.parse("*");
-      if (!fs$b.existsSync(resolvedFilepath)) {
+      if (!fs$c.existsSync(resolvedFilepath)) {
         return reject(new Error("File doesnt exist"));
       }
       console.log("file exists ", resolvedFilepath);
       // create the readStream to parse the large file (json)
-      var readStream = fs$b.createReadStream(resolvedFilepath).pipe(parser);
+      var readStream = fs$c.createReadStream(resolvedFilepath).pipe(parser);
       ensureDirectoryExistence$1(resolvedOutFilepath);
-      var writeStream = fs$b.createWriteStream(resolvedOutFilepath);
+      var writeStream = fs$c.createWriteStream(resolvedOutFilepath);
       let sep = "";
       let count = 0;
@@ -2505,12 +2505,12 @@ let Transform$1 = class Transform {
 var transform = Transform$1;
-const { app: app$8 } = require$$0$1;
-var fs$a = require$$0$2;
-const path$f = require$$1$2;
+const { app: app$a } = require$$0$1;
+var fs$b = require$$0$2;
+const path$g = require$$1$2;
 const events$5 = events$8;
 const { getFileContents: getFileContents$5, writeToFile: writeToFile$2 } = file;
-const { safePath: safePath$1, getAllowedRoots: getAllowedRoots$1 } = safePath_1;
+const { safePath: safePath$2, getAllowedRoots: getAllowedRoots$1 } = safePath_1;
 // Convert Json to Csv
 const ObjectsToCsv = require$$6$1;
@@ -2532,8 +2532,8 @@ const dataController$1 = {
       // Validate the renderer-supplied filename is contained within
       // the data directory. path.join doesn't reject `..` segments;
       // safePath does.
-      const candidate = path$f.join(
-        app$8.getPath("userData"),
+      const candidate = path$g.join(
+        app$a.getPath("userData"),
         appName$5,
         appId,
         "data",
@@ -2541,7 +2541,7 @@ const dataController$1 = {
       );
       let filename;
       try {
-        filename = safePath$1(candidate, getAllowedRoots$1("data"));
+        filename = safePath$2(candidate, getAllowedRoots$1("data"));
       } catch (pathErr) {
         win.webContents.send(events$5.DATA_JSON_TO_CSV_FILE_ERROR, {
           error: pathErr.message,
@@ -2607,7 +2607,7 @@ const dataController$1 = {
     try {
       let validated;
       try {
-        validated = safePath$1(filepath, getAllowedRoots$1("data"));
+        validated = safePath$2(filepath, getAllowedRoots$1("data"));
       } catch (pathErr) {
         win.webContents.send(events$5.READ_LINES_ERROR, {
           error: pathErr.message,
@@ -2641,7 +2641,7 @@ const dataController$1 = {
     try {
       let validated;
       try {
-        validated = safePath$1(filepath, getAllowedRoots$1("data"));
+        validated = safePath$2(filepath, getAllowedRoots$1("data"));
       } catch (pathErr) {
         win.webContents.send(events$5.READ_JSON_ERROR, {
           error: pathErr.message,
@@ -2689,9 +2689,9 @@ const dataController$1 = {
       // Validate toFilepath is within the app data directory.
       // safePath replaces the previous inline check; same containment
       // intent, plus realpath/symlink protection.
-      const resolvedFilepath = safePath$1(toFilepath, getAllowedRoots$1("data"));
+      const resolvedFilepath = safePath$2(toFilepath, getAllowedRoots$1("data"));
-      const writeStream = fs$a.createWriteStream(resolvedFilepath);
+      const writeStream = fs$b.createWriteStream(resolvedFilepath);
       https$3
         .get(url, (resp) => {
@@ -2739,8 +2739,8 @@ const dataController$1 = {
       let validatedIn, validatedOut;
       try {
         const roots = getAllowedRoots$1("data");
-        validatedIn = safePath$1(filepath, roots);
-        validatedOut = safePath$1(outpath, roots);
+        validatedIn = safePath$2(filepath, roots);
+        validatedOut = safePath$2(outpath, roots);
       } catch (pathErr) {
         win.webContents.send(events$5.PARSE_XML_STREAM_ERROR, {
           error: pathErr.message,
@@ -2799,8 +2799,8 @@ const dataController$1 = {
       let validatedIn, validatedOut;
       try {
         const roots = getAllowedRoots$1("data");
-        validatedIn = safePath$1(filepath, roots);
-        validatedOut = safePath$1(outpath, roots);
+        validatedIn = safePath$2(filepath, roots);
+        validatedOut = safePath$2(outpath, roots);
       } catch (pathErr) {
         win.webContents.send(events$5.PARSE_CSV_STREAM_ERROR, {
           error: pathErr.message,
@@ -2855,15 +2855,15 @@ const dataController$1 = {
       if (data) {
         // Validate filename is contained within the data directory.
         // path.join doesn't reject `..` segments; safePath does.
-        const candidate = path$f.join(
-          app$8.getPath("userData"),
+        const candidate = path$g.join(
+          app$a.getPath("userData"),
           appName$5,
           "data",
           filename,
         );
         let toFilename;
         try {
-          toFilename = safePath$1(candidate, getAllowedRoots$1("data"));
+          toFilename = safePath$2(candidate, getAllowedRoots$1("data"));
         } catch (pathErr) {
           win.webContents.send(events$5.DATA_SAVE_TO_FILE_ERROR, {
             success: false,
@@ -2948,8 +2948,8 @@ const dataController$1 = {
     try {
       if (filename) {
         // filename to the pages file (live pages)
-        const fromFilename = path$f.join(
-          app$8.getPath("userData"),
+        const fromFilename = path$g.join(
+          app$a.getPath("userData"),
           appName$5,
           "data",
           filename,
@@ -3029,9 +3029,9 @@ var dataController_1 = dataController$1;
  * settingsController
  */
-const { app: app$7 } = require$$0$1;
-const path$e = require$$1$2;
-const fs$9 = require$$0$2;
+const { app: app$9 } = require$$0$1;
+const path$f = require$$1$2;
+const fs$a = require$$0$2;
 const { getFileContents: getFileContents$4, writeToFile: writeToFile$1 } = file;
 const configFilename$3 = "settings.json";
@@ -3039,15 +3039,15 @@ const appName$4 = "Dashboard";
 // Helper function to recursively copy directory
 function copyDirectory(source, destination) {
-  if (!fs$9.existsSync(destination)) {
-    fs$9.mkdirSync(destination, { recursive: true });
+  if (!fs$a.existsSync(destination)) {
+    fs$a.mkdirSync(destination, { recursive: true });
   }
-  const files = fs$9.readdirSync(source);
+  const files = fs$a.readdirSync(source);
   for (const file of files) {
-    const srcPath = path$e.join(source, file);
-    const destPath = path$e.join(destination, file);
-    const stat = fs$9.lstatSync(srcPath);
+    const srcPath = path$f.join(source, file);
+    const destPath = path$f.join(destination, file);
+    const stat = fs$a.lstatSync(srcPath);
     // Skip symlinks to prevent following links to sensitive files
     if (stat.isSymbolicLink()) {
@@ -3058,7 +3058,7 @@ function copyDirectory(source, destination) {
     if (stat.isDirectory()) {
       copyDirectory(srcPath, destPath);
     } else {
-      fs$9.copyFileSync(srcPath, destPath);
+      fs$a.copyFileSync(srcPath, destPath);
     }
   }
 }
@@ -3074,8 +3074,8 @@ const settingsController$4 = {
     try {
       if (data) {
         // <appId>/settings.json
-        const filename = path$e.join(
-          app$7.getPath("userData"),
+        const filename = path$f.join(
+          app$9.getPath("userData"),
           appName$4,
           configFilename$3,
         );
@@ -3110,8 +3110,8 @@ const settingsController$4 = {
   getSettingsForApplication: (win) => {
     try {
       // <appId>/settings.json
-      const filename = path$e.join(
-        app$7.getPath("userData"),
+      const filename = path$f.join(
+        app$9.getPath("userData"),
         appName$4,
         configFilename$3,
       );
@@ -3141,15 +3141,15 @@ const settingsController$4 = {
    */
   getDataDirectory: (win) => {
     try {
-      const settingsPath = path$e.join(
-        app$7.getPath("userData"),
+      const settingsPath = path$f.join(
+        app$9.getPath("userData"),
         appName$4,
         configFilename$3,
       );
       const settings = getFileContents$4(settingsPath, {});
       const userDataDir =
         settings.userDataDirectory ||
-        path$e.join(app$7.getPath("userData"), appName$4);
+        path$f.join(app$9.getPath("userData"), appName$4);
       console.log("[settingsController] Data directory retrieved successfully");
       // Return the data for ipcMain.handle() - modern promise-based approach
@@ -3176,18 +3176,18 @@ const settingsController$4 = {
   setDataDirectory: (win, newPath) => {
     try {
       // Validate the path exists and is a directory
-      if (!fs$9.existsSync(newPath)) {
-        fs$9.mkdirSync(newPath, { recursive: true });
+      if (!fs$a.existsSync(newPath)) {
+        fs$a.mkdirSync(newPath, { recursive: true });
       }
-      const stats = fs$9.statSync(newPath);
+      const stats = fs$a.statSync(newPath);
       if (!stats.isDirectory()) {
         throw new Error("Path is not a directory");
       }
       // Update settings
-      const settingsPath = path$e.join(
-        app$7.getPath("userData"),
+      const settingsPath = path$f.join(
+        app$9.getPath("userData"),
         appName$4,
         configFilename$3,
       );
@@ -3220,20 +3220,20 @@ const settingsController$4 = {
   migrateDataDirectory: (win, oldPath, newPath) => {
     try {
       // Resolve paths to prevent traversal
-      const resolvedOldPath = path$e.resolve(oldPath);
-      const resolvedNewPath = path$e.resolve(newPath);
+      const resolvedOldPath = path$f.resolve(oldPath);
+      const resolvedNewPath = path$f.resolve(newPath);
       // Validate oldPath is the current configured data directory
-      const settingsCheckPath = path$e.join(
-        app$7.getPath("userData"),
+      const settingsCheckPath = path$f.join(
+        app$9.getPath("userData"),
         appName$4,
         configFilename$3,
       );
       const currentSettings = getFileContents$4(settingsCheckPath, {});
       const currentDataDir =
         currentSettings.userDataDirectory ||
-        path$e.join(app$7.getPath("userData"), appName$4);
-      if (resolvedOldPath !== path$e.resolve(currentDataDir)) {
+        path$f.join(app$9.getPath("userData"), appName$4);
+      if (resolvedOldPath !== path$f.resolve(currentDataDir)) {
         throw new Error("Source path must be the current data directory");
       }
@@ -3257,20 +3257,20 @@ const settingsController$4 = {
       }
       // Validate paths
-      if (!fs$9.existsSync(resolvedOldPath)) {
+      if (!fs$a.existsSync(resolvedOldPath)) {
         throw new Error("Source directory does not exist");
       }
-      if (!fs$9.existsSync(resolvedNewPath)) {
-        fs$9.mkdirSync(resolvedNewPath, { recursive: true });
+      if (!fs$a.existsSync(resolvedNewPath)) {
+        fs$a.mkdirSync(resolvedNewPath, { recursive: true });
       }
       // Copy files
       copyDirectory(resolvedOldPath, resolvedNewPath);
       // Update settings to use new path
-      const settingsPath = path$e.join(
-        app$7.getPath("userData"),
+      const settingsPath = path$f.join(
+        app$9.getPath("userData"),
         appName$4,
         configFilename$3,
       );
@@ -3934,8 +3934,8 @@ function requireProviderController () {
 	return providerController_1;
 }
-const { app: app$6 } = require$$0$1;
-const path$d = require$$1$2;
+const { app: app$8 } = require$$0$1;
+const path$e = require$$1$2;
 const { writeFileSync: writeFileSync$1 } = require$$0$2;
 const events$4 = events$8;
 const { getFileContents: getFileContents$3 } = file;
@@ -3955,8 +3955,8 @@ const layoutController$1 = {
   saveLayoutForApplication: (win, appId, layoutObject) => {
     try {
       // filename to the pages file (live pages)
-      const filename = path$d.join(
-        app$6.getPath("userData"),
+      const filename = path$e.join(
+        app$8.getPath("userData"),
         appName$3,
         appId,
         configFilename$2,
@@ -3988,8 +3988,8 @@ const layoutController$1 = {
    */
   listLayoutsForApplication: (win, appId) => {
     try {
-      const filename = path$d.join(
-        app$6.getPath("userData"),
+      const filename = path$e.join(
+        app$8.getPath("userData"),
         appName$3,
         appId,
         configFilename$2,
@@ -21152,6 +21152,311 @@ let StreamableHTTPClientTransport$1 = class StreamableHTTPClientTransport {
 };
 streamableHttp$1.StreamableHTTPClientTransport = StreamableHTTPClientTransport$1;
+/**
+ * widgetPermissions.js
+ *
+ * Read and parse the `dash.permissions.mcp` block from an installed
+ * widget's package.json.
+ *
+ * Manifest format (declared by widget authors in their package.json):
+ *
+ *   {
+ *     "name": "@trops/notes-summarizer",
+ *     "dash": {
+ *       "permissions": {
+ *         "mcp": {
+ *           "filesystem": {
+ *             "tools": ["read_file", "list_directory"],
+ *             "readPaths": ["~/Documents/notes"],
+ *             "writePaths": []
+ *           },
+ *           "github": {
+ *             "tools": ["search_repositories", "get_file_contents"]
+ *           }
+ *         }
+ *       }
+ *     }
+ *   }
+ *
+ * Path strings beginning with `~` are expanded to the user's home
+ * directory at parse time. Tool-only servers (no path I/O, e.g.
+ * github) omit the `readPaths`/`writePaths` keys.
+ *
+ * Public API:
+ *
+ *   getWidgetMcpPermissions(widgetId) → permissions | null
+ *     Returns the parsed permissions for a widget, or null if the
+ *     widget is unmanifested. Cached per process.
+ *
+ *   parseManifestPermissions(packageJson) → permissions | null
+ *     Pure function — exposed for tests.
+ *
+ *   clearCache() → void
+ *     Test-only. Drops the in-process cache so tests can re-read.
+ */
+const fs$9 = require$$0$2;
+const path$d = require$$1$2;
+const os$2 = require$$2$1;
+const { app: app$7 } = require$$0$1;
+// Cache: widgetId → permissions | null. Populated lazily on first
+// lookup; invalidated when a widget is installed/uninstalled (the
+// install/uninstall paths call clearCache()).
+const _cache = new Map();
+/**
+ * Expand a leading "~" to the user's home directory. Other paths are
+ * returned as-is.
+ */
+function expandHome(p) {
+  if (typeof p !== "string" || !p) return p;
+  if (p === "~") return os$2.homedir();
+  if (p.startsWith("~/") || p.startsWith("~\\")) {
+    return path$d.join(os$2.homedir(), p.slice(2));
+  }
+  return p;
+}
+/**
+ * Parse a widget's package.json contents into a normalized permissions
+ * object. Returns null if no `dash.permissions.mcp` block exists.
+ */
+function parseManifestPermissions(packageJson) {
+  if (!packageJson || typeof packageJson !== "object") return null;
+  const mcp = packageJson?.dash?.permissions?.mcp;
+  if (!mcp || typeof mcp !== "object") return null;
+  const servers = {};
+  for (const [serverName, raw] of Object.entries(mcp)) {
+    if (!raw || typeof raw !== "object") continue;
+    const tools = Array.isArray(raw.tools)
+      ? raw.tools.filter((t) => typeof t === "string")
+      : [];
+    const readPaths = Array.isArray(raw.readPaths)
+      ? raw.readPaths.filter((p) => typeof p === "string").map(expandHome)
+      : [];
+    const writePaths = Array.isArray(raw.writePaths)
+      ? raw.writePaths.filter((p) => typeof p === "string").map(expandHome)
+      : [];
+    servers[serverName] = { tools, readPaths, writePaths };
+  }
+  return { servers };
+}
+/**
+ * Find a widget's installed package.json on disk. Widgets live under
+ * userData/widgets/<scope>/<name>/ for scoped packages or
+ * userData/widgets/<name>/ for unscoped. The widgetId is the npm
+ * package name (e.g. "@trops/notes-summarizer" or "notes-summarizer").
+ */
+function resolveWidgetPackagePath(widgetId) {
+  if (typeof widgetId !== "string" || !widgetId) return null;
+  const widgetsRoot = path$d.join(app$7.getPath("userData"), "widgets");
+  // Split scope from name for "@scope/name" form.
+  const parts = widgetId.startsWith("@") ? widgetId.split("/") : [widgetId];
+  return path$d.join(widgetsRoot, ...parts, "package.json");
+}
+/**
+ * Read and parse a widget's MCP permissions. Returns null if:
+ *   - the widget directory doesn't exist
+ *   - package.json is unreadable / malformed
+ *   - the widget hasn't declared dash.permissions.mcp
+ *
+ * Result is cached per widgetId for the lifetime of this process.
+ */
+function getWidgetMcpPermissions$1(widgetId) {
+  if (_cache.has(widgetId)) return _cache.get(widgetId);
+  const pkgPath = resolveWidgetPackagePath(widgetId);
+  if (!pkgPath || !fs$9.existsSync(pkgPath)) {
+    _cache.set(widgetId, null);
+    return null;
+  }
+  try {
+    const raw = fs$9.readFileSync(pkgPath, "utf8");
+    const pkg = JSON.parse(raw);
+    const perms = parseManifestPermissions(pkg);
+    _cache.set(widgetId, perms);
+    return perms;
+  } catch (e) {
+    console.warn(
+      "[widgetPermissions] failed to read package.json for " +
+        widgetId +
+        ": " +
+        e.message,
+    );
+    _cache.set(widgetId, null);
+    return null;
+  }
+}
+function clearCache() {
+  _cache.clear();
+}
+var widgetPermissions = {
+  getWidgetMcpPermissions: getWidgetMcpPermissions$1,
+  parseManifestPermissions,
+  expandHome,
+  clearCache,
+};
+/**
+ * permissionGate.js
+ *
+ * Per-widget gating for MCP tool calls.
+ *
+ * When `gateToolCall` is invoked with a widget identity, server name,
+ * tool name, and tool arguments, it consults the widget's installed
+ * permission manifest (electron/mcp/widgetPermissions.js) and either
+ * permits the call or returns a clear denial reason.
+ *
+ * Two layers:
+ *
+ *   1. **Tool-name allowlist** — the manifest's `tools[]` array for the
+ *      target server determines which tool names this widget may
+ *      invoke. Anything outside the list is rejected.
+ *
+ *   2. **Path-argument containment** — for tools whose arguments
+ *      include a path-shaped key (`path`, `uri`, `filepath`, `file`,
+ *      `directory`), the supplied path is validated with safePath()
+ *      against the widget's declared `readPaths` or `writePaths` for
+ *      the target server. The read/write distinction is heuristic
+ *      based on the tool name (e.g. `write_file` is treated as a
+ *      write).
+ *
+ * This is the runtime enforcement layer. Install-time consent UI and
+ * per-dashboard MCP-server scope reconfiguration are separate plans
+ * (Slices 2 and 3). When the feature flag is OFF (default), this gate
+ * is bypassed entirely; mcpController behaves as before. When ON,
+ * every callTool dispatch goes through this gate.
+ */
+const { getWidgetMcpPermissions } = widgetPermissions;
+const { safePath: safePath$1 } = safePath_1;
+// Argument keys that look like paths. Different MCP servers use
+// different conventions; this list covers the common filesystem-style
+// servers. Extensible — add as new patterns surface.
+const PATH_ARG_KEYS = ["path", "uri", "filepath", "file", "directory"];
+// Heuristic: tool names matching this regex are treated as writes for
+// purposes of choosing readPaths vs writePaths. The match is intentionally
+// broad — we'd rather treat an ambiguous tool as a write (stricter) than
+// as a read.
+const WRITE_TOOL_PATTERN =
+  /(^|_)(write|create|edit|delete|remove|append|move|rename|chmod|chown|mkdir)/i;
+function isWriteTool(toolName) {
+  if (typeof toolName !== "string") return false;
+  return WRITE_TOOL_PATTERN.test(toolName);
+}
+/**
+ * @returns {{ allow: true } | { allow: false, reason: string }}
+ */
+function gateToolCall$1({ widgetId, serverName, toolName, args }) {
+  if (!widgetId) {
+    return {
+      allow: false,
+      reason: "no widgetId supplied; cannot determine permissions",
+    };
+  }
+  const perms = getWidgetMcpPermissions(widgetId);
+  if (!perms) {
+    return {
+      allow: false,
+      reason:
+        "widget '" +
+        widgetId +
+        "' has no MCP permission manifest; declare dash.permissions.mcp in its package.json to grant access",
+    };
+  }
+  const serverPerms = perms.servers[serverName];
+  if (!serverPerms) {
+    return {
+      allow: false,
+      reason:
+        "widget '" +
+        widgetId +
+        "' is not authorized to call '" +
+        serverName +
+        "'",
+    };
+  }
+  if (!serverPerms.tools.includes(toolName)) {
+    return {
+      allow: false,
+      reason:
+        "tool '" +
+        toolName +
+        "' is not in the allowlist for widget '" +
+        widgetId +
+        "' on server '" +
+        serverName +
+        "'",
+    };
+  }
+  // Path-argument containment. Only checked when the tool's args
+  // include a path-shaped key.
+  const isWrite = isWriteTool(toolName);
+  // Write tools must use writePaths; read tools may use either
+  // readPaths or writePaths (write access implies read access).
+  const allowedPaths = isWrite
+    ? serverPerms.writePaths
+    : [...serverPerms.readPaths, ...serverPerms.writePaths];
+  if (args && typeof args === "object") {
+    for (const key of PATH_ARG_KEYS) {
+      const v = args[key];
+      if (typeof v !== "string" || !v) continue;
+      if (allowedPaths.length === 0) {
+        return {
+          allow: false,
+          reason:
+            "tool '" +
+            toolName +
+            "' uses path argument '" +
+            key +
+            "' but widget '" +
+            widgetId +
+            "' has no " +
+            (isWrite ? "writePaths" : "readPaths or writePaths") +
+            " declared for server '" +
+            serverName +
+            "'",
+        };
+      }
+      try {
+        safePath$1(v, allowedPaths);
+      } catch (e) {
+        return {
+          allow: false,
+          reason:
+            "path argument '" +
+            key +
+            "' rejected: " +
+            (e && e.message ? e.message : String(e)),
+        };
+      }
+    }
+  }
+  return { allow: true };
+}
+var permissionGate = {
+  gateToolCall: gateToolCall$1,
+  isWriteTool,
+  PATH_ARG_KEYS,
+};
 /**
  * mcpController.js
  *
@@ -21176,6 +21481,28 @@ const path$c = require$$1$2;
 const fs$8 = require$$0$2;
 const os$1 = require$$2$1;
 const responseCache$2 = responseCache_1;
+const { gateToolCall } = permissionGate;
+const { app: app$6 } = require$$0$1;
+// Read the widget-MCP-enforcement feature flag from settings.json.
+// Default is OFF — flipping ON activates per-widget gating in
+// permissionGate.gateToolCall(). See docs/security/ipc-filesystem-audit.md
+// and electron/mcp/permissionGate.js for context.
+function isWidgetPermissionEnforcementEnabled() {
+  try {
+    const settingsPath = path$c.join(
+      app$6.getPath("userData"),
+      "Dashboard",
+      "settings.json",
+    );
+    if (!fs$8.existsSync(settingsPath)) return false;
+    const raw = fs$8.readFileSync(settingsPath, "utf8");
+    const settings = JSON.parse(raw);
+    return Boolean(settings?.security?.enforceWidgetMcpPermissions);
+  } catch (_e) {
+    return false;
+  }
+}
 /**
  * Tool name prefixes considered safe to cache (read-only).
@@ -21311,7 +21638,7 @@ function getShellPath$1() {
     return _shellPath$1;
   }
-  const { execSync } = require$$7;
+  const { execSync } = require$$9$1;
   const fallbackDirs = ["/usr/local/bin", "/opt/homebrew/bin"];
   // Scan nvm versions, tracking both latest and best compatible version
@@ -21880,14 +22207,41 @@ const mcpController$3 = {
    * @param {Array<string>} allowedTools optional whitelist of allowed tool names
    * @returns {{ result } | { error, message }}
    */
-  callTool: async (win, serverName, toolName, args, allowedTools = null) => {
+  callTool: async (
+    win,
+    serverName,
+    toolName,
+    args,
+    allowedTools = null,
+    widgetId = null,
+  ) => {
     try {
       const server = activeServers.get(serverName);
       if (!server || !server.client) {
         throw new Error(`Server not connected: ${serverName}`);
       }
-      // Enforce tool scoping if allowedTools is specified
+      // Per-widget manifest gate. Activated by the
+      // security.enforceWidgetMcpPermissions setting. When enabled
+      // and a widgetId is supplied, the widget's installed
+      // package.json's dash.permissions.mcp block determines what
+      // tools and paths are allowed.
+      if (isWidgetPermissionEnforcementEnabled() && widgetId) {
+        const gate = gateToolCall({
+          widgetId,
+          serverName,
+          toolName,
+          args,
+        });
+        if (!gate.allow) {
+          throw new Error(`Widget permission gate: ${gate.reason}`);
+        }
+      }
+      // Legacy renderer-supplied allowedTools whitelist. Kept for
+      // backward compatibility with callers that pre-date the
+      // manifest-based gate. Once the manifest gate is enforced
+      // everywhere, this can be removed.
       if (allowedTools && !allowedTools.includes(toolName)) {
         throw new Error(
           `Tool "${toolName}" is not in the allowed tools list for this widget. Allowed: ${allowedTools.join(
@@ -22184,7 +22538,7 @@ const mcpController$3 = {
    * @returns {{ success } | { error, message }}
    */
   runAuth: async (win, mcpConfig, credentials, authCommand) => {
-    const { spawn } = require$$7;
+    const { spawn } = require$$9$1;
     const env = cleanEnvForChildProcess();
@@ -47133,7 +47487,7 @@ var mcpDashServerController_1 = mcpDashServerController$4;
  * can use the Chat widget without a separate API key.
  */
-const { spawn, execSync } = require$$7;
+const { spawn, execSync } = require$$9$1;
 const {
   LLM_STREAM_DELTA: LLM_STREAM_DELTA$2,
   LLM_STREAM_TOOL_CALL: LLM_STREAM_TOOL_CALL$2,
@@ -61470,15 +61824,27 @@ const mcpApi$2 = {
    * @param {string} serverName the server name
    * @param {string} toolName the tool to call
    * @param {object} args tool arguments
-   * @param {Array<string>} allowedTools optional whitelist of allowed tool names
+   * @param {Array<string>} allowedTools optional whitelist of allowed tool names (legacy — prefer per-widget manifest)
+   * @param {string} widgetId optional widget identity. When the
+   *   security.enforceWidgetMcpPermissions setting is enabled, this is
+   *   used to look up the widget's MCP permission manifest and gate
+   *   the call accordingly. Should be the npm package name of the
+   *   calling widget (e.g. "@trops/notes-summarizer").
    * @returns {Promise<{ result } | { error, message }>}
    */
-  callTool: (serverName, toolName, args, allowedTools = null) =>
+  callTool: (
+    serverName,
+    toolName,
+    args,
+    allowedTools = null,
+    widgetId = null,
+  ) =>
     ipcRenderer$i.invoke(MCP_CALL_TOOL, {
       serverName,
       toolName,
       args,
       allowedTools,
+      widgetId,
     }),
   /**