@trops/dash-core 0.1.501 → 0.1.503

package/dist/electron/index.js

@@ -1,40 +1,40 @@
 'use strict';
 
 var require$$0$1 = require('electron');
-var require$$1$1 = require('electron-store');
-var require$$1$2 = require('path');
+var require$$1$1 = require('path');
 var require$$0$2 = require('fs');
-var require$$6$1 = require('objects-to-csv');
-var require$$1$3 = require('readline');
+var require$$8$1 = require('objects-to-csv');
+var require$$1$2 = require('readline');
 var require$$2 = require('xtreamer');
 var require$$3$1 = require('xml2js');
 var require$$4 = require('JSONStream');
 var require$$5 = require('stream');
 var require$$6 = require('csv-parser');
 var require$$0$3 = require('quickjs-emscripten');
-var require$$8$1 = require('https');
+var require$$10 = require('https');
 var require$$0$5 = require('@modelcontextprotocol/sdk/client/index.js');
-var require$$1$4 = require('@modelcontextprotocol/sdk/client/stdio.js');
+var require$$1$3 = require('@modelcontextprotocol/sdk/client/stdio.js');
 var require$$0$4 = require('pkce-challenge');
 var require$$2$1 = require('os');
 var require$$12 = require('child_process');
+var require$$0$6 = require('electron-store');
 var require$$3$2 = require('adm-zip');
 var require$$4$1 = require('url');
 var require$$2$2 = require('vm');
-var require$$1$5 = require('croner');
+var require$$1$4 = require('croner');
 var require$$2$3 = require('algoliasearch');
 var require$$3$3 = require('node:path');
-var require$$0$6 = require('openai');
+var require$$0$7 = require('openai');
 require('live-plugin-manager');
-var require$$0$9 = require('@anthropic-ai/sdk');
+var require$$0$a = require('@anthropic-ai/sdk');
 var require$$3$4 = require('crypto');
 var require$$8$2 = require('zod');
-var require$$0$7 = require('http');
-var require$$1$6 = require('http2');
+var require$$0$8 = require('http');
+var require$$1$5 = require('http2');
 var require$$2$4 = require('node-forge');
-var require$$0$8 = require('css');
-var require$$1$7 = require('node-vibrant/node');
-var require$$0$a = require('ws');
+var require$$0$9 = require('css');
+var require$$1$6 = require('node-vibrant/node');
+var require$$0$b = require('ws');
 
 var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
 
@@ -79,11 +79,11 @@ const SECURE_STORAGE_ENCRYPT_STRING_COMPLETE =
 const SECURE_STORAGE_ENCRYPT_STRING_ERROR =
   "secure-storage-encrypt-string-error";
 
-const SECURE_STORE_GET_DATA$1 = "secure-storage-get-data";
+const SECURE_STORE_GET_DATA = "secure-storage-get-data";
 const SECURE_STORE_GET_DATA_COMPLETE = "secure-storage-get-data-complete";
 const SECURE_STORE_GET_DATA_ERROR = "secure-storage-get-data-error";
 
-const SECURE_STORE_SET_DATA$1 = "secure-storage-set-data";
+const SECURE_STORE_SET_DATA = "secure-storage-set-data";
 const SECURE_STORE_SET_DATA_COMPLETE = "secure-storage-set-data-complete";
 const SECURE_STORE_SET_DATA_ERROR = "secure-storage-set-data-error";
 
@@ -91,10 +91,10 @@ var secureStorageEvents$1 = {
   SECURE_STORE_ENCRYPTION_CHECK: SECURE_STORE_ENCRYPTION_CHECK$1,
   SECURE_STORE_ENCRYPTION_CHECK_COMPLETE,
   SECURE_STORE_ENCRYPTION_CHECK_ERROR,
-  SECURE_STORE_SET_DATA: SECURE_STORE_SET_DATA$1,
+  SECURE_STORE_SET_DATA,
   SECURE_STORE_SET_DATA_COMPLETE,
   SECURE_STORE_SET_DATA_ERROR,
-  SECURE_STORE_GET_DATA: SECURE_STORE_GET_DATA$1,
+  SECURE_STORE_GET_DATA,
   SECURE_STORE_GET_DATA_COMPLETE,
   SECURE_STORE_GET_DATA_ERROR,
   SECURE_STORAGE_ENCRYPT_STRING,
@@ -1044,22 +1044,23 @@ var dialogController$1 = {
 };
 
 /**
- * secureStore
+ * secureStoreController
+ *
+ * Thin wrapper around Electron's `safeStorage` for renderer-side
+ * encryption checks. The `saveData` / `getData` helpers that previously
+ * lived here were unwired (no IPC handler in dash-electron) and
+ * lacked per-widget scoping; they were removed alongside their
+ * widget-facing API entries. See `electron/api/secureStoreApi.js`
+ * and the regression-pin in `secureStoreApi.test.js`.
+ *
+ * Provider credential encryption uses `safeStorage.encryptString` /
+ * `decryptString` directly inside `providerController` — that's the
+ * only internal caller and stays unchanged.
  */
 
 const { safeStorage } = require$$0$1;
-const Store$2 = require$$1$1;
 const events$6 = events$8;
 
-const schema$1 = {
-  appId: {
-    type: "string",
-  },
-  apiKey: {
-    type: "string",
-  },
-};
-
 const isEncryptionAvailable$1 = (win) => {
   const result = safeStorage.isEncryptionAvailable();
   win.webContents.send(events$6.SECURE_STORE_ENCRYPTION_CHECK_COMPLETE, result);
@@ -1075,39 +1076,13 @@ const decryptString = (win, str) => {
   win.webContents.send("secure-storage-decrypt-string-complete", result);
 };
 
-const saveData$1 = (key, value) => {
-  try {
-    const store = new Store$2({ schema: schema$1 });
-    store.set(key, value);
-    return getData$1(key);
-  } catch (e) {
-    return { data: null };
-  }
-};
-
-const getData$1 = (key) => {
-  try {
-    const store = new Store$2({ schema: schema$1 });
-    const value = store.get(key);
-    if (value) {
-      return { [key]: value };
-    } else {
-      return null;
-    }
-  } catch (e) {
-    return null;
-  }
-};
-
 var secureStoreController$1 = {
   isEncryptionAvailable: isEncryptionAvailable$1,
   encryptString,
   decryptString,
-  saveData: saveData$1,
-  getData: getData$1,
 };
 
-const path$n = require$$1$2;
+const path$m = require$$1$1;
 const {
   readFileSync,
   writeFileSync: writeFileSync$4,
@@ -1122,10 +1097,10 @@ const {
   lstatSync,
 } = require$$0$2;
 
-function ensureDirectoryExistence$2(filePath) {
+function ensureDirectoryExistence$1(filePath) {
   try {
     // isDirectory
-    var dirname = path$n.dirname(filePath);
+    var dirname = path$m.dirname(filePath);
     // check if the directory exists...return true
     // if not, we can pass in the dirname as the filepath
     // and check each directory recursively.
@@ -1133,7 +1108,7 @@ function ensureDirectoryExistence$2(filePath) {
       return true;
     }
     // recursion...
-    ensureDirectoryExistence$2(dirname);
+    ensureDirectoryExistence$1(dirname);
     mkdirSync(dirname);
   } catch (e) {
     console.log("ensure directory " + e.message);
@@ -1179,7 +1154,7 @@ function checkDirectory$1(dir) {
 function getFileContents$8(filepath, defaultReturn = []) {
   try {
     // lets first make sure all is there...
-    ensureDirectoryExistence$2(filepath);
+    ensureDirectoryExistence$1(filepath);
 
     // and now lets read the file...
     let fileContents = JSON.stringify(defaultReturn);
@@ -1240,7 +1215,7 @@ function removeFilesFromDirectory(directory, excludeFiles = []) {
 
       for (const file of files) {
         if (!excludeFiles.includes(file)) {
-          unlinkSync(path$n.join(directory, file), (err) => {
+          unlinkSync(path$m.join(directory, file), (err) => {
             if (err) throw err;
           });
         }
@@ -1250,15 +1225,15 @@ function removeFilesFromDirectory(directory, excludeFiles = []) {
 }
 
 var file = {
-  ensureDirectoryExistence: ensureDirectoryExistence$2,
+  ensureDirectoryExistence: ensureDirectoryExistence$1,
   getFileContents: getFileContents$8,
   writeToFile: writeToFile$3,
   removeFilesFromDirectory,
   checkDirectory: checkDirectory$1,
 };
 
-const { app: app$f } = require$$0$1;
-const path$m = require$$1$2;
+const { app: app$e } = require$$0$1;
+const path$l = require$$1$1;
 const { writeFileSync: writeFileSync$3 } = require$$0$2;
 const { getFileContents: getFileContents$7 } = file;
 
@@ -1305,8 +1280,8 @@ const workspaceController$3 = {
   saveWorkspaceForApplication: (win, appId, workspaceObject) => {
     try {
       // filename to the pages file (live pages)
-      const filename = path$m.join(
-        app$f.getPath("userData"),
+      const filename = path$l.join(
+        app$e.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1354,8 +1329,8 @@ const workspaceController$3 = {
   saveMenuItemsForApplication: (win, appId, menuItems) => {
     try {
       // filename to the workspaces file
-      const filename = path$m.join(
-        app$f.getPath("userData"),
+      const filename = path$l.join(
+        app$e.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1403,8 +1378,8 @@ const workspaceController$3 = {
    */
   deleteWorkspaceForApplication: (win, appId, workspaceId) => {
     try {
-      const filename = path$m.join(
-        app$f.getPath("userData"),
+      const filename = path$l.join(
+        app$e.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1437,8 +1412,8 @@ const workspaceController$3 = {
 
   listWorkspacesForApplication: (win, appId) => {
     try {
-      const filename = path$m.join(
-        app$f.getPath("userData"),
+      const filename = path$l.join(
+        app$e.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1465,8 +1440,8 @@ const workspaceController$3 = {
 
   listMenuItemsForApplication: (win, appId) => {
     try {
-      const filename = path$m.join(
-        app$f.getPath("userData"),
+      const filename = path$l.join(
+        app$e.getPath("userData"),
         appName$7,
         appId,
         configFilename$5,
@@ -1509,8 +1484,8 @@ const workspaceController$3 = {
 
 var workspaceController_1 = workspaceController$3;
 
-const { app: app$e } = require$$0$1;
-const path$l = require$$1$2;
+const { app: app$d } = require$$0$1;
+const path$k = require$$1$1;
 const { writeFileSync: writeFileSync$2 } = require$$0$2;
 const { getFileContents: getFileContents$6 } = file;
 
@@ -1530,8 +1505,8 @@ const themeController$5 = {
   saveThemeForApplication: (win, appId, name, obj) => {
     try {
       // filename to the pages file (live pages)
-      const filename = path$l.join(
-        app$e.getPath("userData"),
+      const filename = path$k.join(
+        app$d.getPath("userData"),
         appName$6,
         appId,
         configFilename$4,
@@ -1576,8 +1551,8 @@ const themeController$5 = {
    */
   listThemesForApplication: (win, appId) => {
     try {
-      const filename = path$l.join(
-        app$e.getPath("userData"),
+      const filename = path$k.join(
+        app$d.getPath("userData"),
         appName$6,
         appId,
         configFilename$4,
@@ -1618,8 +1593,8 @@ const themeController$5 = {
    */
   deleteThemeForApplication: (win, appId, themeKey) => {
     try {
-      const filename = path$l.join(
-        app$e.getPath("userData"),
+      const filename = path$k.join(
+        app$d.getPath("userData"),
         appName$6,
         appId,
         configFilename$4,
@@ -1695,9 +1670,9 @@ var themeController_1 = themeController$5;
  *      `/data/`.
  */
 
-const path$k = require$$1$2;
-const fs$f = require$$0$2;
-const { app: app$d } = require$$0$1;
+const path$j = require$$1$1;
+const fs$e = require$$0$2;
+const { app: app$c } = require$$0$1;
 
 const APP_NAME = "Dashboard";
 
@@ -1706,10 +1681,10 @@ const APP_NAME = "Dashboard";
  * @returns {string[]} ordered allowed roots for that category
  */
 function getAllowedRoots$2(category) {
-  const userData = app$d.getPath("userData");
+  const userData = app$c.getPath("userData");
   switch (category) {
     case "data": {
-      const def = path$k.join(userData, APP_NAME, "data");
+      const def = path$j.join(userData, APP_NAME, "data");
       // The user can configure a custom data directory in
       // Settings → General → Data Directory. If set, that
       // location is ALSO an allowed root. We don't replace the
@@ -1719,13 +1694,13 @@ function getAllowedRoots$2(category) {
       return override ? [def, override] : [def];
     }
     case "themes":
-      return [path$k.join(userData, APP_NAME, "themes")];
+      return [path$j.join(userData, APP_NAME, "themes")];
     case "widgets":
-      return [path$k.join(userData, "widgets")];
+      return [path$j.join(userData, "widgets")];
     case "plugins":
-      return [path$k.join(userData, "plugins")];
+      return [path$j.join(userData, "plugins")];
     case "downloads":
-      return [app$d.getPath("downloads")];
+      return [app$c.getPath("downloads")];
     default:
       throw new Error("safePath: unknown allowed-roots category: " + category);
   }
@@ -1740,13 +1715,13 @@ function getAllowedRoots$2(category) {
  */
 function readDataDirectoryFromSettings() {
   try {
-    const settingsPath = path$k.join(
-      app$d.getPath("userData"),
+    const settingsPath = path$j.join(
+      app$c.getPath("userData"),
       APP_NAME,
       "settings.json",
     );
-    if (!fs$f.existsSync(settingsPath)) return undefined;
-    const raw = fs$f.readFileSync(settingsPath, "utf8");
+    if (!fs$e.existsSync(settingsPath)) return undefined;
+    const raw = fs$e.readFileSync(settingsPath, "utf8");
     const settings = JSON.parse(raw);
     const dir = settings && settings.dataDirectory;
     if (typeof dir === "string" && dir) return dir;
@@ -1772,18 +1747,18 @@ function safePath$3(requested, allowedRoots) {
     throw new Error("safePath: allowedRoots must be a non-empty array");
   }
 
-  const resolved = path$k.resolve(requested);
+  const resolved = path$j.resolve(requested);
 
   // Real-path through symlinks. If the file doesn't exist yet (a
   // create-new operation), real-path the parent so a symlink in the
   // parent chain can't trick us.
   let real = resolved;
   try {
-    real = fs$f.realpathSync(resolved);
+    real = fs$e.realpathSync(resolved);
   } catch (_e) {
     try {
-      const parent = fs$f.realpathSync(path$k.dirname(resolved));
-      real = path$k.join(parent, path$k.basename(resolved));
+      const parent = fs$e.realpathSync(path$j.dirname(resolved));
+      real = path$j.join(parent, path$j.basename(resolved));
     } catch (_e2) {
       // Parent doesn't exist either. Use the resolved-but-not-
       // real path; the caller's mkdirSync will happen inside the
@@ -1795,14 +1770,14 @@ function safePath$3(requested, allowedRoots) {
   for (const root of allowedRoots) {
     let realRoot = root;
     try {
-      if (fs$f.existsSync(root)) realRoot = fs$f.realpathSync(root);
+      if (fs$e.existsSync(root)) realRoot = fs$e.realpathSync(root);
     } catch (_e) {
       // root doesn't exist or isn't reachable — keep as-is for
       // the comparison below
     }
     // Exact match OR strictly-inside (with separator to prevent
     // /data-evil/ matching /data/).
-    if (real === realRoot || real.startsWith(realRoot + path$k.sep)) {
+    if (real === realRoot || real.startsWith(realRoot + path$j.sep)) {
       return real;
     }
   }
@@ -1823,6 +1798,795 @@ var safePath_1 = {
   getAllowedRoots: getAllowedRoots$2,
 };
 
+/**
+ * grantedPermissions.js
+ *
+ * Stores the user's actual MCP permission grants per widget. This is the
+ * Slice-2 enforcement source of truth — separate from the widget's declared
+ * `dash.permissions.mcp` block (which is just a request).
+ *
+ * The runtime gate (permissionGate.gateToolCall) reads from here only.
+ * A widget with a declared manifest but no grant entry has no access:
+ * fail-closed. The user grants permissions at install time (consent modal)
+ * or later in Settings → Privacy & Security.
+ *
+ * Storage: userData/widgetMcpGrants.json. Atomic writes via tmp + rename.
+ *
+ * Shape on disk:
+ *   {
+ *     "@trops/notes-summarizer": {
+ *       "servers": {
+ *         "filesystem": {
+ *           "tools": ["read_file"],
+ *           "readPaths": ["/Users/jane/Documents/notes"],
+ *           "writePaths": []
+ *         }
+ *       }
+ *     }
+ *   }
+ *
+ * Note: paths are stored as-is (already tilde-expanded by the manifest
+ * parser before grants are written). Tests can re-expand via
+ * widgetPermissions.expandHome if they store ~ literals.
+ *
+ * Public API:
+ *   getGrant(widgetId) → grant | null
+ *   setGrant(widgetId, perms) → boolean
+ *   revokeGrant(widgetId) → boolean
+ *   revokeServer(widgetId, serverName) → boolean
+ *   listAllGrants() → [{ widgetId, granted }]
+ *   clearCache() → void   // test-only
+ */
+
+const fs$d = require$$0$2;
+const path$i = require$$1$1;
+const { app: app$b } = require$$0$1;
+
+const FILE_NAME = "widgetMcpGrants.json";
+
+// In-process cache of the entire grants file. Lazily loaded; invalidated
+// on every write.
+let _cache$1 = null;
+
+function grantsFilePath() {
+  return path$i.join(app$b.getPath("userData"), FILE_NAME);
+}
+
+function loadFromDisk() {
+  const p = grantsFilePath();
+  if (!fs$d.existsSync(p)) return {};
+  try {
+    const raw = fs$d.readFileSync(p, "utf8");
+    const parsed = JSON.parse(raw);
+    if (!parsed || typeof parsed !== "object") return {};
+    return parsed;
+  } catch (e) {
+    console.warn("[grantedPermissions] failed to read " + p + ": " + e.message);
+    return {};
+  }
+}
+
+function ensureCache() {
+  if (_cache$1 === null) _cache$1 = loadFromDisk();
+  return _cache$1;
+}
+
+function writeToDisk(data) {
+  const p = grantsFilePath();
+  const tmp = p + ".tmp";
+  // Ensure parent dir exists (userData should already, but be defensive
+  // for first-launch / freshly-cleared profile cases).
+  fs$d.mkdirSync(path$i.dirname(p), { recursive: true });
+  fs$d.writeFileSync(tmp, JSON.stringify(data, null, 2), "utf8");
+  fs$d.renameSync(tmp, p);
+}
+
+// Recognized origins for a persisted grant.
+//   "declared"   — user approved against the developer's declared
+//                  dash.permissions.mcp block at install time.
+//   "discovered" — install-time scanner produced a synthetic manifest
+//                  the user approved.
+//   "manual"     — user typed entries themselves in
+//                  Settings → Privacy & Security with no manifest backing.
+//   "live"       — user approved a just-in-time consent prompt at
+//                  runtime when a tool call hit the gate without a
+//                  matching grant.
+// Other values are dropped on persist (legacy grants stay null).
+const ALLOWED_GRANT_ORIGINS = new Set([
+  "declared",
+  "discovered",
+  "manual",
+  "live",
+]);
+
+/**
+ * Sanitize a perms object before persisting. Drops unknown keys, coerces
+ * arrays of strings, and silently ignores malformed servers. Mirrors the
+ * shape produced by parseManifestPermissions so the gate reads either
+ * declared or granted with the same code path.
+ *
+ * Optional `grantOrigin` field is preserved when it's one of the
+ * recognized values; bogus values are dropped.
+ *
+ * Phase 2 (JIT consent for non-MCP domains): also accepts a top-level
+ * `domains` block. Each known domain has its own shape — `domains.fs`
+ * has `readPaths`/`writePaths`, future domains will have their own.
+ * The `servers` block (MCP) and `domains` block coexist on the same
+ * grant; either or both may be present.
+ *
+ * Either `servers` (MCP) or any `domains.*` block is enough to make the
+ * grant non-empty. If neither is present, the grant is rejected as
+ * malformed.
+ */
+function sanitizePerms(perms) {
+  if (!perms || typeof perms !== "object") return null;
+  const rawServers =
+    perms.servers && typeof perms.servers === "object" ? perms.servers : null;
+  const rawDomains =
+    perms.domains && typeof perms.domains === "object" ? perms.domains : null;
+  if (!rawServers && !rawDomains) return null;
+
+  const out = {};
+
+  if (rawServers) {
+    const servers = {};
+    for (const [name, raw] of Object.entries(rawServers)) {
+      if (!raw || typeof raw !== "object") continue;
+      servers[name] = {
+        tools: Array.isArray(raw.tools)
+          ? raw.tools.filter((t) => typeof t === "string")
+          : [],
+        readPaths: Array.isArray(raw.readPaths)
+          ? raw.readPaths.filter((p) => typeof p === "string")
+          : [],
+        writePaths: Array.isArray(raw.writePaths)
+          ? raw.writePaths.filter((p) => typeof p === "string")
+          : [],
+      };
+    }
+    out.servers = servers;
+  } else {
+    // Always emit `servers` so consumers don't have to null-check it.
+    out.servers = {};
+  }
+
+  if (rawDomains) {
+    const domains = {};
+    for (const [name, raw] of Object.entries(rawDomains)) {
+      if (!raw || typeof raw !== "object") continue;
+      if (name === "fs") {
+        domains.fs = {
+          readPaths: Array.isArray(raw.readPaths)
+            ? raw.readPaths.filter((p) => typeof p === "string")
+            : [],
+          writePaths: Array.isArray(raw.writePaths)
+            ? raw.writePaths.filter((p) => typeof p === "string")
+            : [],
+        };
+      }
+      // Future domains plug in here. Unknown domain names are dropped.
+    }
+    if (Object.keys(domains).length > 0) {
+      out.domains = domains;
+    }
+  }
+
+  if (
+    typeof perms.grantOrigin === "string" &&
+    ALLOWED_GRANT_ORIGINS.has(perms.grantOrigin)
+  ) {
+    out.grantOrigin = perms.grantOrigin;
+  }
+  return out;
+}
+
+function getGrant$3(widgetId) {
+  if (typeof widgetId !== "string" || !widgetId) return null;
+  const all = ensureCache();
+  return all[widgetId] || null;
+}
+
+function setGrant$3(widgetId, perms) {
+  if (typeof widgetId !== "string" || !widgetId) return false;
+  const sanitized = sanitizePerms(perms);
+  if (!sanitized) return false;
+  const all = ensureCache();
+  all[widgetId] = sanitized;
+  try {
+    writeToDisk(all);
+    return true;
+  } catch (e) {
+    console.warn(
+      "[grantedPermissions] failed to write grant for " +
+        widgetId +
+        ": " +
+        e.message,
+    );
+    // Roll back the cache entry so memory matches disk.
+    _cache$1 = loadFromDisk();
+    return false;
+  }
+}
+
+function revokeGrant$1(widgetId) {
+  if (typeof widgetId !== "string" || !widgetId) return false;
+  const all = ensureCache();
+  if (!Object.prototype.hasOwnProperty.call(all, widgetId)) return false;
+  delete all[widgetId];
+  try {
+    writeToDisk(all);
+    return true;
+  } catch (e) {
+    console.warn(
+      "[grantedPermissions] failed to revoke grant for " +
+        widgetId +
+        ": " +
+        e.message,
+    );
+    _cache$1 = loadFromDisk();
+    return false;
+  }
+}
+
+function revokeServer$1(widgetId, serverName) {
+  if (typeof widgetId !== "string" || !widgetId) return false;
+  if (typeof serverName !== "string" || !serverName) return false;
+  const all = ensureCache();
+  const widgetEntry = all[widgetId];
+  if (!widgetEntry || !widgetEntry.servers) return false;
+  if (!Object.prototype.hasOwnProperty.call(widgetEntry.servers, serverName))
+    return false;
+  delete widgetEntry.servers[serverName];
+  try {
+    writeToDisk(all);
+    return true;
+  } catch (e) {
+    console.warn(
+      "[grantedPermissions] failed to revoke server " +
+        serverName +
+        " for " +
+        widgetId +
+        ": " +
+        e.message,
+    );
+    _cache$1 = loadFromDisk();
+    return false;
+  }
+}
+
+function listAllGrants$1() {
+  const all = ensureCache();
+  return Object.entries(all).map(([widgetId, granted]) => ({
+    widgetId,
+    granted,
+  }));
+}
+
+function clearCache$1() {
+  _cache$1 = null;
+}
+
+var grantedPermissions = {
+  getGrant: getGrant$3,
+  setGrant: setGrant$3,
+  revokeGrant: revokeGrant$1,
+  revokeServer: revokeServer$1,
+  listAllGrants: listAllGrants$1,
+  clearCache: clearCache$1,
+  ALLOWED_GRANT_ORIGINS,
+};
+
+/**
+ * jitConsent.js
+ *
+ * Just-in-time permission consent for widget→backend calls.
+ *
+ * When a widget hits a gate without an existing grant for the requested
+ * (domain, action, args), the gate calls `requestApproval` which:
+ *   1. Synchronously emits `widget:permission-required` to all
+ *      BrowserWindows with a unique requestId.
+ *   2. Returns a Promise that resolves on user response or rejects on
+ *      timeout.
+ *   3. Coalesces requests with the same coalescing key so a widget
+ *      bursting identical calls produces one prompt, not many.
+ *
+ * The renderer's JitConsentModal subscribes to the event, presents the
+ * user with granularity options (this once / this tool / this tool +
+ * parent dir), and replies via `widget:permission-response` with
+ * `{ requestId, decision }`. main.js wires the IPC handler back to
+ * `_handleResponse`.
+ *
+ * The module is intentionally domain-agnostic in shape — the request
+ * payload carries `domain` so future plug-ins (fs, algolia, llm) reuse
+ * the same machinery. Phase 1 only emits with `domain: "mcp"`.
+ *
+ * Public surface:
+ *   requestApproval(req, opts) → Promise<{ approve, scope?, ... }>
+ *   _handleResponse({ requestId, decision }) → void   (called from main.js IPC)
+ *   _resetForTest() → void                            (test-only)
+ */
+
+const { BrowserWindow: BrowserWindow$2, ipcMain: ipcMain$2 } = require$$0$1;
+
+const REQUEST_CHANNEL = "widget:permission-required";
+const RESPONSE_CHANNEL = "widget:permission-response";
+const DEFAULT_TIMEOUT_MS = 60_000;
+
+// requestId → { resolve, reject, timeout, coalesceKey, joinedResolvers }
+const _pending = new Map();
+// coalesceKey → requestId (so duplicate requests join the live one)
+const _coalesce = new Map();
+let _idCounter = 0;
+
+function nextRequestId() {
+  _idCounter += 1;
+  return `jit-${Date.now()}-${_idCounter}`;
+}
+
+/**
+ * Build a coalescing key from the request. Two requests share the same
+ * key iff they're "the same prompt" — same widget, same domain+action,
+ * same target server/tool. Args beyond that (e.g. exact path) DON'T
+ * differentiate; if the user is being asked about read_file already,
+ * approving handles all current paths.
+ */
+function coalesceKeyOf(req) {
+  if (req.domain === "mcp") {
+    const innerArgs = req.args || {};
+    return [
+      req.widgetId,
+      "mcp",
+      innerArgs.serverName || "",
+      innerArgs.toolName || "",
+    ].join("::");
+  }
+  // Default: domain + action + serialized top-level args
+  return [
+    req.widgetId,
+    req.domain,
+    req.action,
+    JSON.stringify(req.args || {}),
+  ].join("::");
+}
+
+function emitEvent(payload) {
+  let wins = [];
+  try {
+    wins = BrowserWindow$2.getAllWindows() || [];
+  } catch {
+    wins = [];
+  }
+  for (const w of wins) {
+    try {
+      w?.webContents?.send?.(REQUEST_CHANNEL, payload);
+    } catch {
+      // best-effort broadcast
+    }
+  }
+}
+
+function validateRequest(req) {
+  if (!req || typeof req !== "object") return "invalid request: not an object";
+  if (typeof req.widgetId !== "string" || !req.widgetId)
+    return "invalid request: widgetId required";
+  if (typeof req.domain !== "string" || !req.domain)
+    return "invalid request: domain required";
+  if (typeof req.action !== "string" || !req.action)
+    return "invalid request: action required";
+  return null;
+}
+
+/**
+ * Request user approval for an out-of-grant call. Returns a promise
+ * that resolves with the user's decision or rejects on timeout / bad
+ * input.
+ *
+ * decision shape (resolved value):
+ *   { approve: true, scope: "once" | "tool" | "parent" | "custom", ...extras }
+ *   { approve: false, reason?: string }
+ *
+ * `scope` informs the caller how to write the resulting grant.
+ */
+function requestApproval$2(req, opts = {}) {
+  const validation = validateRequest(req);
+  if (validation) {
+    return Promise.reject(new Error(validation));
+  }
+
+  const timeoutMs = Number.isFinite(opts.timeoutMs)
+    ? opts.timeoutMs
+    : DEFAULT_TIMEOUT_MS;
+
+  // If a prompt for the same coalesce key is already pending, join it.
+  const key = coalesceKeyOf(req);
+  if (_coalesce.has(key)) {
+    const existingId = _coalesce.get(key);
+    const existing = _pending.get(existingId);
+    if (existing) {
+      return new Promise((resolve, reject) => {
+        existing.joinedResolvers.push({ resolve, reject });
+      });
+    }
+    // Stale coalesce entry; drop and fall through to a fresh request.
+    _coalesce.delete(key);
+  }
+
+  return new Promise((resolve, reject) => {
+    const requestId = nextRequestId();
+    const timeout = setTimeout(() => {
+      const entry = _pending.get(requestId);
+      if (!entry) return;
+      _pending.delete(requestId);
+      _coalesce.delete(entry.coalesceKey);
+      const err = new Error(
+        `JIT consent timed out for ${req.widgetId} (${req.domain}/${req.action}) after ${timeoutMs}ms`,
+      );
+      reject(err);
+      for (const j of entry.joinedResolvers) j.reject(err);
+    }, timeoutMs);
+
+    _pending.set(requestId, {
+      resolve,
+      reject,
+      timeout,
+      coalesceKey: key,
+      joinedResolvers: [],
+    });
+    _coalesce.set(key, requestId);
+
+    emitEvent({
+      requestId,
+      widgetId: req.widgetId,
+      domain: req.domain,
+      action: req.action,
+      args: req.args || {},
+    });
+  });
+}
+
+function _handleResponse({ requestId, decision } = {}) {
+  if (!requestId || typeof requestId !== "string") return;
+  const entry = _pending.get(requestId);
+  if (!entry) return; // unknown request — drop silently
+  clearTimeout(entry.timeout);
+  _pending.delete(requestId);
+  _coalesce.delete(entry.coalesceKey);
+  const safe =
+    decision && typeof decision === "object" ? decision : { approve: false };
+  entry.resolve(safe);
+  for (const j of entry.joinedResolvers) j.resolve(safe);
+}
+
+function _resetForTest() {
+  for (const entry of _pending.values()) clearTimeout(entry.timeout);
+  _pending.clear();
+  _coalesce.clear();
+  _idCounter = 0;
+}
+
+let _handlersRegistered = false;
+/**
+ * Wire the renderer→main response IPC. Idempotent.
+ * Call once from main.js alongside other ipcMain setup.
+ */
+function setupJitConsentHandlers() {
+  if (_handlersRegistered) return;
+  if (!ipcMain$2 || typeof ipcMain$2.on !== "function") return;
+  ipcMain$2.on(RESPONSE_CHANNEL, (_event, payload) => {
+    _handleResponse(payload);
+  });
+  _handlersRegistered = true;
+}
+
+var jitConsent$1 = {
+  requestApproval: requestApproval$2,
+  setupJitConsentHandlers,
+  _handleResponse,
+  _resetForTest,
+  REQUEST_CHANNEL,
+  RESPONSE_CHANNEL,
+  DEFAULT_TIMEOUT_MS,
+};
+
+/**
+ * fsGate.js
+ *
+ * Per-widget gate for `mainApi.data.*` IPC handlers (Phase 2 of JIT
+ * consent). Same shape as `electron/mcp/permissionGate.js` but for the
+ * filesystem domain — saveToFile/readFromFile in dataController.
+ *
+ * The gate evaluates against the widget's persisted grant under
+ * `grant.domains.fs.{readPaths,writePaths}`. The existing `safePath()`
+ * containment in dataController is unchanged — that constrains paths
+ * to the userData/Dashboard/data dir; this gate adds per-widget
+ * identity scoping on top, so two widgets can't read each other's
+ * files even though both are inside the data dir.
+ *
+ * Action → read/write classification by name. Read tools may match
+ * either readPaths or writePaths (write access implies read); write
+ * tools must match writePaths only.
+ *
+ * Filename matching:
+ *   - Exact match
+ *   - "*" wildcard in the grant matches any filename (escape hatch
+ *     for users who want broad widget access; surfaced in the JIT
+ *     modal as "no path scope — risky")
+ *
+ * Path-traversal protection lives in safePath; the gate doesn't
+ * re-check it. The gate is purely an identity+filename allowlist on
+ * top of safePath's containment.
+ *
+ * JIT escalation: when the runtime calls `gateFsCallWithJit` and the
+ * gate denies for "no fs permissions granted", a permission-required
+ * IPC fires and the user's response is merged into the persisted
+ * grant. Other denial reasons (filename not in allowlist, write to a
+ * read-only entry) stay synchronous.
+ */
+
+const { getGrant: getGrant$2, setGrant: setGrant$2 } = grantedPermissions;
+const { requestApproval: requestApproval$1 } = jitConsent$1;
+
+// Action names treated as writes. Anything not in this set is a read.
+// Conservative — when in doubt, classify as a read so write-protected
+// grants don't accidentally allow writes.
+const WRITE_ACTIONS = new Set([
+  "saveToFile",
+  "saveData", // future-proof: the renderer-facing API name
+  "convertJsonToCsvFile",
+  "parseXMLStream",
+  "parseCSVStream",
+  "readDataFromURL", // writes to toFilepath despite the name
+  "transformFile",
+]);
+
+function isFsWriteAction(action) {
+  return WRITE_ACTIONS.has(action);
+}
+
+function _isNoGrantDenial$1(reason) {
+  return (
+    typeof reason === "string" && /no fs permissions granted/i.test(reason)
+  );
+}
+
+function _filenameMatches(filename, allowedList) {
+  if (!Array.isArray(allowedList) || allowedList.length === 0) return false;
+  if (allowedList.includes("*")) return true;
+  return allowedList.includes(filename);
+}
+
+/**
+ * Synchronous gate evaluation.
+ * @returns {{ allow: true } | { allow: false, reason: string }}
+ */
+function gateFsCall$1({ widgetId, action, args }) {
+  if (!widgetId) {
+    return {
+      allow: false,
+      reason: "no widgetId supplied; cannot determine fs permissions",
+    };
+  }
+
+  const filename = args && typeof args === "object" ? args.filename : null;
+  if (typeof filename !== "string" || !filename) {
+    return {
+      allow: false,
+      reason:
+        "fs gate: action '" +
+        action +
+        "' requires args.filename (got: " +
+        JSON.stringify(filename) +
+        ")",
+    };
+  }
+
+  const grant = getGrant$2(widgetId);
+  const fsPerms = grant && grant.domains && grant.domains.fs;
+  if (!fsPerms) {
+    return {
+      allow: false,
+      reason:
+        "widget '" +
+        widgetId +
+        "' has no fs permissions granted; user must approve at runtime or in Settings → Privacy & Security",
+    };
+  }
+
+  const isWrite = isFsWriteAction(action);
+
+  if (isWrite) {
+    if (!Array.isArray(fsPerms.writePaths) || fsPerms.writePaths.length === 0) {
+      return {
+        allow: false,
+        reason:
+          "fs gate: widget '" +
+          widgetId +
+          "' has no writePaths granted for action '" +
+          action +
+          "'",
+      };
+    }
+    if (!_filenameMatches(filename, fsPerms.writePaths)) {
+      return {
+        allow: false,
+        reason:
+          "fs gate: filename '" +
+          filename +
+          "' rejected — not in allowed writePaths for widget '" +
+          widgetId +
+          "'",
+      };
+    }
+    return { allow: true };
+  }
+
+  // Read action — may use readPaths OR writePaths (write implies read)
+  if (
+    _filenameMatches(filename, fsPerms.readPaths) ||
+    _filenameMatches(filename, fsPerms.writePaths)
+  ) {
+    return { allow: true };
+  }
+  return {
+    allow: false,
+    reason:
+      "fs gate: filename '" +
+      filename +
+      "' rejected — not in allowed readPaths or writePaths for widget '" +
+      widgetId +
+      "'",
+  };
+}
+
+/**
+ * Merge an approved JIT decision's grant into the widget's existing
+ * grant under domains.fs. Same shape as permissionGate._mergeGrant
+ * but scoped to fs.
+ */
+function _mergeFsGrant(current, addition) {
+  const out = {
+    grantOrigin: addition.grantOrigin || current?.grantOrigin || null,
+    servers: { ...(current?.servers || {}) },
+    domains: { ...(current?.domains || {}) },
+  };
+  const additionFs = addition?.domains?.fs;
+  if (additionFs) {
+    const existingFs = out.domains.fs || { readPaths: [], writePaths: [] };
+    out.domains.fs = {
+      readPaths: [
+        ...new Set([
+          ...(existingFs.readPaths || []),
+          ...(Array.isArray(additionFs.readPaths) ? additionFs.readPaths : []),
+        ]),
+      ],
+      writePaths: [
+        ...new Set([
+          ...(existingFs.writePaths || []),
+          ...(Array.isArray(additionFs.writePaths)
+            ? additionFs.writePaths
+            : []),
+        ]),
+      ],
+    };
+  }
+  return out;
+}
+
+/**
+ * Async gate that escalates "no fs grant" denials to a JIT consent
+ * prompt when `opts.enableJit` is true. On approval, merges the
+ * decision's grant blob into the persisted grant and re-evaluates.
+ */
+async function gateFsCallWithJit$1(req, opts = {}) {
+  const initial = gateFsCall$1(req);
+  if (initial.allow) return initial;
+  if (!opts.enableJit) return initial;
+  if (!_isNoGrantDenial$1(initial.reason)) return initial;
+
+  let decision;
+  try {
+    decision = await requestApproval$1(
+      {
+        widgetId: req.widgetId,
+        domain: "fs",
+        action: req.action,
+        args: req.args || {},
+      },
+      { timeoutMs: opts.timeoutMs },
+    );
+  } catch (e) {
+    return {
+      allow: false,
+      reason:
+        "JIT consent " +
+        (e && e.message ? e.message : "failed") +
+        "; original denial: " +
+        initial.reason,
+    };
+  }
+
+  if (!decision || decision.approve !== true) {
+    return {
+      allow: false,
+      reason:
+        "user declined JIT consent for widget '" +
+        req.widgetId +
+        "' calling fs '" +
+        req.action +
+        "'",
+    };
+  }
+
+  const filename = req.args?.filename || "*";
+  const isWrite = isFsWriteAction(req.action);
+  const addition =
+    decision.granted && typeof decision.granted === "object"
+      ? decision.granted
+      : {
+          grantOrigin: "live",
+          domains: {
+            fs: {
+              readPaths: !isWrite ? [filename] : [],
+              writePaths: isWrite ? [filename] : [],
+            },
+          },
+        };
+  addition.grantOrigin = "live";
+
+  try {
+    const current = getGrant$2(req.widgetId);
+    const merged = _mergeFsGrant(current, addition);
+    setGrant$2(req.widgetId, merged);
+  } catch (e) {
+    return {
+      allow: false,
+      reason:
+        "JIT consent: failed to persist fs grant: " +
+        (e && e.message ? e.message : String(e)),
+    };
+  }
+
+  return gateFsCall$1(req);
+}
+
+var fsGate = {
+  gateFsCall: gateFsCall$1,
+  gateFsCallWithJit: gateFsCallWithJit$1,
+  isFsWriteAction,
+  WRITE_ACTIONS,
+};
+
+/**
+ * securityFlags.js
+ *
+ * Centralized readers for the two boolean security flags that gate the
+ * MCP allowlist stack:
+ *   - security.enforceWidgetMcpPermissions
+ *   - security.enableJitConsent
+ *
+ * **Default semantics: ON.** A missing settings.json, a missing
+ * `security` block, or an undefined field all yield `true`. Only an
+ * explicit `false` opts out. This is intentional — the security stack
+ * is on by default; users have to actively disable it. The
+ * Privacy & Security panel surfaces the toggles + a confirm-on-disable
+ * dialog so the disable path is deliberate.
+ *
+ * The readers are pure functions of a settings object so the
+ * default-on semantics are pinned by unit tests without touching the
+ * filesystem. The callers in mcpController.js wrap these with
+ * settings.json IO.
+ */
+
+function readEnforceFlag$2(settings) {
+  return settings?.security?.enforceWidgetMcpPermissions !== false;
+}
+
+function readJitFlag$2(settings) {
+  return settings?.security?.enableJitConsent !== false;
+}
+
+var securityFlags = { readEnforceFlag: readEnforceFlag$2, readJitFlag: readJitFlag$2 };
+
 /**
  * safeJsExecutor.js
  *
@@ -1866,192 +2630,201 @@ var safePath_1 = {
  *     while QuickJS is executing synchronously.
  */
 
-// quickjs-emscripten is loaded lazily inside getModule() rather than at
-// module top. Reason: when transform.js (which lives in the same dir)
-// does require("./safeJsExecutor") and rollup-plugin-commonjs sees a
-// statically-required external (`quickjs-emscripten`) inside that file,
-// it can mark the relative import as transitive-external and then fail
-// to resolve back. Deferring the require breaks the static-analysis
-// chain so the rollup build resolves cleanly.
-const DEFAULT_TIMEOUT_MS$1 = 1000;
-const DEFAULT_MEMORY_BYTES = 32 * 1024 * 1024; // 32 MB
+var safeJsExecutor;
+var hasRequiredSafeJsExecutor;
+
+function requireSafeJsExecutor () {
+	if (hasRequiredSafeJsExecutor) return safeJsExecutor;
+	hasRequiredSafeJsExecutor = 1;
+
+	// quickjs-emscripten is loaded lazily inside getModule() rather than at
+	// module top. Reason: when transform.js (which lives in the same dir)
+	// does require("./safeJsExecutor") and rollup-plugin-commonjs sees a
+	// statically-required external (`quickjs-emscripten`) inside that file,
+	// it can mark the relative import as transitive-external and then fail
+	// to resolve back. Deferring the require breaks the static-analysis
+	// chain so the rollup build resolves cleanly.
+	const DEFAULT_TIMEOUT_MS = 1000;
+	const DEFAULT_MEMORY_BYTES = 32 * 1024 * 1024; // 32 MB
+
+	let _modulePromise = null;
+	function getModule() {
+	  if (!_modulePromise) {
+	    const { getQuickJS } = require$$0$3;
+	    _modulePromise = getQuickJS();
+	  }
+	  return _modulePromise;
+	}
 
-let _modulePromise = null;
-function getModule() {
-  if (!_modulePromise) {
-    const { getQuickJS } = require$$0$3;
-    _modulePromise = getQuickJS();
-  }
-  return _modulePromise;
-}
+	function injectInputs(vm, args, inputs) {
+	  if (!Array.isArray(args) || !Array.isArray(inputs)) {
+	    throw new Error(
+	      "safeJsExecutor: args and inputs must be arrays of equal length",
+	    );
+	  }
+	  if (args.length !== inputs.length) {
+	    throw new Error("safeJsExecutor: args.length must equal inputs.length");
+	  }
+	  for (let i = 0; i < args.length; i++) {
+	    const name = args[i];
+	    if (typeof name !== "string" || !/^[A-Za-z_$][\w$]*$/.test(name)) {
+	      throw new Error("safeJsExecutor: arg names must be valid JS identifiers");
+	    }
+	    const json = JSON.stringify(inputs[i]);
+	    // Use evalCode to materialize the JSON-typed value inside the
+	    // VM. For undefined inputs, JSON.stringify returns undefined
+	    // (not a string) — fall through to evaluating the literal
+	    // `undefined`.
+	    const literal = json === undefined ? "undefined" : json;
+	    const result = vm.evalCode(`(${literal})`);
+	    if (result.error) {
+	      const err = vm.dump(result.error);
+	      result.error.dispose();
+	      throw new Error(
+	        `safeJsExecutor: failed to inject "${name}": ${
+	          err && err.message ? err.message : err
+	        }`,
+	      );
+	    }
+	    vm.setProp(vm.global, name, result.value);
+	    result.value.dispose();
+	  }
+	}
 
-function injectInputs(vm, args, inputs) {
-  if (!Array.isArray(args) || !Array.isArray(inputs)) {
-    throw new Error(
-      "safeJsExecutor: args and inputs must be arrays of equal length",
-    );
-  }
-  if (args.length !== inputs.length) {
-    throw new Error("safeJsExecutor: args.length must equal inputs.length");
-  }
-  for (let i = 0; i < args.length; i++) {
-    const name = args[i];
-    if (typeof name !== "string" || !/^[A-Za-z_$][\w$]*$/.test(name)) {
-      throw new Error("safeJsExecutor: arg names must be valid JS identifiers");
-    }
-    const json = JSON.stringify(inputs[i]);
-    // Use evalCode to materialize the JSON-typed value inside the
-    // VM. For undefined inputs, JSON.stringify returns undefined
-    // (not a string) — fall through to evaluating the literal
-    // `undefined`.
-    const literal = json === undefined ? "undefined" : json;
-    const result = vm.evalCode(`(${literal})`);
-    if (result.error) {
-      const err = vm.dump(result.error);
-      result.error.dispose();
-      throw new Error(
-        `safeJsExecutor: failed to inject "${name}": ${
-          err && err.message ? err.message : err
-        }`,
-      );
-    }
-    vm.setProp(vm.global, name, result.value);
-    result.value.dispose();
-  }
-}
+	function setDeadline(vm, timeoutMs) {
+	  const deadline = Date.now() + Math.max(1, timeoutMs);
+	  vm.runtime.setInterruptHandler(() => Date.now() > deadline);
+	}
 
-function setDeadline(vm, timeoutMs) {
-  const deadline = Date.now() + Math.max(1, timeoutMs);
-  vm.runtime.setInterruptHandler(() => Date.now() > deadline);
-}
+	function buildWrappedBody(args, body) {
+	  // Wrap the user body in an IIFE so `return` works at the body level
+	  // (matching the dynamic-function-constructor semantics this is
+	  // replacing).
+	  return `(function(${args.join(",")}){${body}})(${args.join(",")})`;
+	}
 
-function buildWrappedBody(args, body) {
-  // Wrap the user body in an IIFE so `return` works at the body level
-  // (matching the dynamic-function-constructor semantics this is
-  // replacing).
-  return `(function(${args.join(",")}){${body}})(${args.join(",")})`;
-}
+	async function runOnce({
+	  body,
+	  args = [],
+	  inputs = [],
+	  timeoutMs = DEFAULT_TIMEOUT_MS,
+	  memoryBytes = DEFAULT_MEMORY_BYTES,
+	}) {
+	  if (typeof body !== "string" || !body.trim()) {
+	    return { error: "body must be a non-empty string" };
+	  }
+	  const QuickJS = await getModule();
+	  const vm = QuickJS.newContext();
+	  try {
+	    vm.runtime.setMemoryLimit(memoryBytes);
+	    vm.runtime.setMaxStackSize(1024 * 1024);
+	    setDeadline(vm, timeoutMs);
 
-async function runOnce({
-  body,
-  args = [],
-  inputs = [],
-  timeoutMs = DEFAULT_TIMEOUT_MS$1,
-  memoryBytes = DEFAULT_MEMORY_BYTES,
-}) {
-  if (typeof body !== "string" || !body.trim()) {
-    return { error: "body must be a non-empty string" };
-  }
-  const QuickJS = await getModule();
-  const vm = QuickJS.newContext();
-  try {
-    vm.runtime.setMemoryLimit(memoryBytes);
-    vm.runtime.setMaxStackSize(1024 * 1024);
-    setDeadline(vm, timeoutMs);
+	    injectInputs(vm, args, inputs);
+	    const wrapped = buildWrappedBody(args, body);
+	    const result = vm.evalCode(wrapped);
 
-    injectInputs(vm, args, inputs);
-    const wrapped = buildWrappedBody(args, body);
-    const result = vm.evalCode(wrapped);
+	    if (result.error) {
+	      const err = vm.dump(result.error);
+	      result.error.dispose();
+	      return {
+	        error:
+	          err && err.message
+	            ? String(err.message)
+	            : typeof err === "string"
+	              ? err
+	              : JSON.stringify(err),
+	      };
+	    }
+	    const value = vm.dump(result.value);
+	    result.value.dispose();
+	    return { value };
+	  } catch (e) {
+	    return { error: e && e.message ? e.message : String(e) };
+	  } finally {
+	    vm.dispose();
+	  }
+	}
 
-    if (result.error) {
-      const err = vm.dump(result.error);
-      result.error.dispose();
-      return {
-        error:
-          err && err.message
-            ? String(err.message)
-            : typeof err === "string"
-              ? err
-              : JSON.stringify(err),
-      };
-    }
-    const value = vm.dump(result.value);
-    result.value.dispose();
-    return { value };
-  } catch (e) {
-    return { error: e && e.message ? e.message : String(e) };
-  } finally {
-    vm.dispose();
-  }
-}
+	async function createCompiled({
+	  body,
+	  args = [],
+	  memoryBytes = DEFAULT_MEMORY_BYTES,
+	}) {
+	  if (typeof body !== "string" || !body.trim()) {
+	    throw new Error("body must be a non-empty string");
+	  }
+	  const QuickJS = await getModule();
+	  const vm = QuickJS.newContext();
+	  vm.runtime.setMemoryLimit(memoryBytes);
+	  vm.runtime.setMaxStackSize(1024 * 1024);
+
+	  // Define the user function once on the VM globals so subsequent
+	  // run() calls can invoke it with fresh args without re-parsing.
+	  const define = vm.evalCode(
+	    `globalThis.__userFn = function(${args.join(",")}){${body}};`,
+	  );
+	  if (define.error) {
+	    const err = vm.dump(define.error);
+	    define.error.dispose();
+	    vm.dispose();
+	    throw new Error(
+	      "safeJsExecutor: compile failed: " +
+	        (err && err.message ? err.message : JSON.stringify(err)),
+	    );
+	  }
+	  define.value.dispose();
 
-async function createCompiled({
-  body,
-  args = [],
-  memoryBytes = DEFAULT_MEMORY_BYTES,
-}) {
-  if (typeof body !== "string" || !body.trim()) {
-    throw new Error("body must be a non-empty string");
-  }
-  const QuickJS = await getModule();
-  const vm = QuickJS.newContext();
-  vm.runtime.setMemoryLimit(memoryBytes);
-  vm.runtime.setMaxStackSize(1024 * 1024);
-
-  // Define the user function once on the VM globals so subsequent
-  // run() calls can invoke it with fresh args without re-parsing.
-  const define = vm.evalCode(
-    `globalThis.__userFn = function(${args.join(",")}){${body}};`,
-  );
-  if (define.error) {
-    const err = vm.dump(define.error);
-    define.error.dispose();
-    vm.dispose();
-    throw new Error(
-      "safeJsExecutor: compile failed: " +
-        (err && err.message ? err.message : JSON.stringify(err)),
-    );
-  }
-  define.value.dispose();
+	  let disposed = false;
 
-  let disposed = false;
+	  return {
+	    run(inputs, timeoutMs = DEFAULT_TIMEOUT_MS) {
+	      if (disposed) {
+	        return { error: "executor already disposed" };
+	      }
+	      try {
+	        setDeadline(vm, timeoutMs);
+	        const argList = inputs
+	          .map((v) => (v === undefined ? "undefined" : JSON.stringify(v)))
+	          .join(",");
+	        const result = vm.evalCode(`__userFn(${argList})`);
+	        if (result.error) {
+	          const err = vm.dump(result.error);
+	          result.error.dispose();
+	          return {
+	            error:
+	              err && err.message
+	                ? String(err.message)
+	                : typeof err === "string"
+	                  ? err
+	                  : JSON.stringify(err),
+	          };
+	        }
+	        const value = vm.dump(result.value);
+	        result.value.dispose();
+	        return { value };
+	      } catch (e) {
+	        return { error: e && e.message ? e.message : String(e) };
+	      }
+	    },
+	    dispose() {
+	      if (!disposed) {
+	        disposed = true;
+	        vm.dispose();
+	      }
+	    },
+	  };
+	}
 
-  return {
-    run(inputs, timeoutMs = DEFAULT_TIMEOUT_MS$1) {
-      if (disposed) {
-        return { error: "executor already disposed" };
-      }
-      try {
-        setDeadline(vm, timeoutMs);
-        const argList = inputs
-          .map((v) => (v === undefined ? "undefined" : JSON.stringify(v)))
-          .join(",");
-        const result = vm.evalCode(`__userFn(${argList})`);
-        if (result.error) {
-          const err = vm.dump(result.error);
-          result.error.dispose();
-          return {
-            error:
-              err && err.message
-                ? String(err.message)
-                : typeof err === "string"
-                  ? err
-                  : JSON.stringify(err),
-          };
-        }
-        const value = vm.dump(result.value);
-        result.value.dispose();
-        return { value };
-      } catch (e) {
-        return { error: e && e.message ? e.message : String(e) };
-      }
-    },
-    dispose() {
-      if (!disposed) {
-        disposed = true;
-        vm.dispose();
-      }
-    },
-  };
+	safeJsExecutor = {
+	  runOnce,
+	  createCompiled,
+	  DEFAULT_TIMEOUT_MS,
+	  DEFAULT_MEMORY_BYTES,
+	};
+	return safeJsExecutor;
 }
 
-var safeJsExecutor$1 = {
-  runOnce,
-  createCompiled,
-  DEFAULT_TIMEOUT_MS: DEFAULT_TIMEOUT_MS$1,
-  DEFAULT_MEMORY_BYTES,
-};
-
 /**
  * Utils/tranaform
  * Main gial is to transform a file of data into another form (CSV -> Json for example)
@@ -2060,462 +2833,514 @@ var safeJsExecutor$1 = {
  * - CSV -> JSON
  */
 
-var fs$e = require$$0$2;
-var readline = require$$1$3;
-const xtreamer = require$$2;
-var xmlParser = require$$3$1;
-var JSONStream$1 = require$$4;
-const stream$1 = require$$5;
-var csv = require$$6;
-const path$j = require$$1$2;
-const { app: app$c } = require$$0$1;
-const { ensureDirectoryExistence: ensureDirectoryExistence$1 } = file;
-const safeJsExecutor = safeJsExecutor$1;
-
-const TRANSFORM_APP_NAME = "Dashboard";
-const MAX_MAPPING_BODY_SIZE = 10240; // 10KB limit for mapping function body
-// Per-record execution limit. Each mapping function call inside the
-// streaming transform must complete within this budget; a runaway loop
-// in the user's mapping triggers an "interrupted" error and the record
-// is skipped rather than blocking the whole stream.
-const PER_RECORD_TIMEOUT_MS = 1000;
-
-/**
- * XtreamerClientTransform
- * Custom Transform stream to parse the JSON from the XML to String operation
- */
-class XtreamerClientTransform extends stream$1.Transform {
-  _transform(value, encoding, callback) {
-    this.push(JSON.parse(value));
-    callback();
-  }
-}
-
-let Transform$1 = class Transform {
-  constructor() {
-    console.log("constructor");
-  }
-
-  /**
-   * readLinesFromFile
-   *
-   * If this is a json file we should check in and remove the newLines, and then
-   * add commas between records potentially...
-   * @param {*} win
-   * @param {*} filepath
-   * @param {*} linesCount
-   * @param {*} callbackEvent
-   * @returns
-   */
-  readLinesFromFile = (
-    win,
-    filepath,
-    linesCount = 100,
-    callbackEvent = null,
-  ) => {
-    return new Promise((resolve, reject) => {
-      try {
-        let count = 0;
-        let lines = [];
+var transform;
+var hasRequiredTransform;
+
+function requireTransform () {
+	if (hasRequiredTransform) return transform;
+	hasRequiredTransform = 1;
+	var fs = require$$0$2;
+	var readline = require$$1$2;
+	const xtreamer = require$$2;
+	var xmlParser = require$$3$1;
+	var JSONStream = require$$4;
+	const stream = require$$5;
+	var csv = require$$6;
+	const path = require$$1$1;
+	const { app } = require$$0$1;
+	const { ensureDirectoryExistence } = file;
+	const safeJsExecutor = requireSafeJsExecutor();
+
+	const TRANSFORM_APP_NAME = "Dashboard";
+	const MAX_MAPPING_BODY_SIZE = 10240; // 10KB limit for mapping function body
+	// Per-record execution limit. Each mapping function call inside the
+	// streaming transform must complete within this budget; a runaway loop
+	// in the user's mapping triggers an "interrupted" error and the record
+	// is skipped rather than blocking the whole stream.
+	const PER_RECORD_TIMEOUT_MS = 1000;
 
-        // can we aggregate potentially?
-        let lineObject = [];
+	/**
+	 * XtreamerClientTransform
+	 * Custom Transform stream to parse the JSON from the XML to String operation
+	 */
+	class XtreamerClientTransform extends stream.Transform {
+	  _transform(value, encoding, callback) {
+	    this.push(JSON.parse(value));
+	    callback();
+	  }
+	}
 
-        const readInterface = readline.createInterface({
-          input: fs$e.createReadStream(filepath),
-          output: process.stdout,
-          console: false,
-        });
+	class Transform {
+	  constructor() {
+	    console.log("constructor");
+	  }
 
-        readInterface.on("line", function (line) {
-          if (count < linesCount) {
-            //console.log(line);
-            lines.push(line);
-            count++;
-            if (callbackEvent !== null) {
-              win.webContents.send(callbackEvent, {
-                line,
-              });
-            }
-          } else {
-            readInterface.close();
-            resolve(lines);
-          }
-        });
-      } catch (e) {
-        reject(e);
-      }
-    });
-  };
+	  /**
+	   * readLinesFromFile
+	   *
+	   * If this is a json file we should check in and remove the newLines, and then
+	   * add commas between records potentially...
+	   * @param {*} win
+	   * @param {*} filepath
+	   * @param {*} linesCount
+	   * @param {*} callbackEvent
+	   * @returns
+	   */
+	  readLinesFromFile = (
+	    win,
+	    filepath,
+	    linesCount = 100,
+	    callbackEvent = null,
+	  ) => {
+	    return new Promise((resolve, reject) => {
+	      try {
+	        let count = 0;
+	        let lines = [];
 
-  readJSONFromFile = (
-    win,
-    file = "",
-    objectCount = 10,
-    callbackEvent = null,
-  ) => {
-    return new Promise((resolve, reject) => {
-      try {
-        const parser = JSONStream$1.parse("*");
-        const readStream = fs$e.createReadStream(file).pipe(parser);
+	        // can we aggregate potentially?
+	        let lineObject = [];
 
-        let count = 0;
+	        const readInterface = readline.createInterface({
+	          input: fs.createReadStream(filepath),
+	          output: process.stdout,
+	          console: false,
+	        });
 
-        readStream.on("data", (data) => {
-          //console.log(data);
-          if (callbackEvent !== null) {
-            win.webContents.send(callbackEvent, {
-              data: JSON.stringify(data),
-            });
-          }
-          if (objectCount !== null && count < objectCount) {
-            readStream.destroy();
-            resolve("complete");
-          }
-          count++;
-        });
+	        readInterface.on("line", function (line) {
+	          if (count < linesCount) {
+	            //console.log(line);
+	            lines.push(line);
+	            count++;
+	            if (callbackEvent !== null) {
+	              win.webContents.send(callbackEvent, {
+	                line,
+	              });
+	            }
+	          } else {
+	            readInterface.close();
+	            resolve(lines);
+	          }
+	        });
+	      } catch (e) {
+	        reject(e);
+	      }
+	    });
+	  };
 
-        readStream.on("error", (e) => {
-          reject(e);
-        });
+	  readJSONFromFile = (
+	    win,
+	    file = "",
+	    objectCount = 10,
+	    callbackEvent = null,
+	  ) => {
+	    return new Promise((resolve, reject) => {
+	      try {
+	        const parser = JSONStream.parse("*");
+	        const readStream = fs.createReadStream(file).pipe(parser);
 
-        readStream.on("end", (data) => {
-          resolve("Complete");
-        });
-      } catch (e) {
-        console.log("read json error ", e);
-        reject(e);
-      }
-    });
-  };
+	        let count = 0;
 
-  async parseXMLString(data) {
-    let xmlText = data.toString().replace("\ufeff", "");
-    return new Promise((resolve, reject) => {
-      xmlParser
-        .parseStringPromise(xmlText, {
-          trim: true,
-          compact: true,
-          ignoreComment: true,
-          ignoreDoctype: true,
-        })
-        .then((data) => {
-          // resolve with the comma
-          resolve(JSON.stringify(data) + ",");
-        })
-        .catch((e) => reject(e));
-    });
-  }
+	        readStream.on("data", (data) => {
+	          //console.log(data);
+	          if (callbackEvent !== null) {
+	            win.webContents.send(callbackEvent, {
+	              data: JSON.stringify(data),
+	            });
+	          }
+	          if (objectCount !== null && count < objectCount) {
+	            readStream.destroy();
+	            resolve("complete");
+	          }
+	          count++;
+	        });
 
-  parseXMLStream = (filepath, outpath, start) => {
-    return new Promise((resolve, reject) => {
-      try {
-        const xmlFileReadStream = fs$e.createReadStream(filepath);
+	        readStream.on("error", (e) => {
+	          reject(e);
+	        });
 
-        xmlFileReadStream.on("end", () => {
-          writeStream.write("\n]");
-          resolve("Read End");
-        });
+	        readStream.on("end", (data) => {
+	          resolve("Complete");
+	        });
+	      } catch (e) {
+	        console.log("read json error ", e);
+	        reject(e);
+	      }
+	    });
+	  };
 
-        xmlFileReadStream.on("finished", () => {
-          resolve("Read Finish");
-        });
+	  async parseXMLString(data) {
+	    let xmlText = data.toString().replace("\ufeff", "");
+	    return new Promise((resolve, reject) => {
+	      xmlParser
+	        .parseStringPromise(xmlText, {
+	          trim: true,
+	          compact: true,
+	          ignoreComment: true,
+	          ignoreDoctype: true,
+	        })
+	        .then((data) => {
+	          // resolve with the comma
+	          resolve(JSON.stringify(data) + ",");
+	        })
+	        .catch((e) => reject(e));
+	    });
+	  }
 
-        const writeStream = fs$e.createWriteStream(outpath);
-        writeStream.write("[\n");
+	  parseXMLStream = (filepath, outpath, start) => {
+	    return new Promise((resolve, reject) => {
+	      try {
+	        const xmlFileReadStream = fs.createReadStream(filepath);
 
-        const options = {
-          headers: { Accept: "application/xml" },
-          resolveWithFullResponse: true,
-          json: false,
-          simple: false,
-          max_xml_size: 50000000, // 10000000
-        };
+	        xmlFileReadStream.on("end", () => {
+	          writeStream.write("\n]");
+	          resolve("Read End");
+	        });
 
-        const xtreamerTransform = xtreamer(
-          start,
-          {
-            transformer: this.parseXMLString, // returns Promise
-            max_xml_size: 50000000,
-          },
-          options,
-        ).on("error", (e) => {
-          console.log(e);
-          reject(e);
-        });
+	        xmlFileReadStream.on("finished", () => {
+	          resolve("Read Finish");
+	        });
 
-        xmlFileReadStream
-          .pipe(xtreamerTransform)
-          .pipe(new XtreamerClientTransform())
-          .pipe(writeStream)
-          .on("end", () => {
-            console.log("ended");
-          })
-          .on("finish", () => {
-            console.log("finished pipe");
-          });
-      } catch (e) {
-        console.log(e);
-        reject(e);
-      }
-    });
-  };
+	        const writeStream = fs.createWriteStream(outpath);
+	        writeStream.write("[\n");
 
-  parseCSVStream = (
-    filepath,
-    outpath,
-    delimiter = ",",
-    objectIdKey = null,
-    headers = null, // optional array of headings to grab
-    win = null,
-    callbackEvent = null,
-    limit = null,
-  ) => {
-    return new Promise((resolve, reject) => {
-      try {
-        const readStream = fs$e
-          .createReadStream(filepath)
-          .pipe(csv({ separator: delimiter }));
-        const writeStream = fs$e.createWriteStream(outpath);
-
-        let canParse = true;
+	        const options = {
+	          headers: { Accept: "application/xml" },
+	          resolveWithFullResponse: true,
+	          json: false,
+	          simple: false,
+	          max_xml_size: 50000000, // 10000000
+	        };
 
-        // separators for JSON
-        let sep = "";
-        let count = 0;
-        writeStream.write("[\n");
+	        const xtreamerTransform = xtreamer(
+	          start,
+	          {
+	            transformer: this.parseXMLString, // returns Promise
+	            max_xml_size: 50000000,
+	          },
+	          options,
+	        ).on("error", (e) => {
+	          console.log(e);
+	          reject(e);
+	        });
 
-        readStream.on("data", (item) => {
-          if (count > 0) {
-            sep = ",\n";
-          }
-          // if we have specified a limit...
-          if (limit !== null && limit <= count) {
-            canParse = false;
-            writeStream.write("]");
-            readStream.destroy();
-            resolve("Complete");
-          }
-          if (canParse === true) {
-            item["objectID"] = item[objectIdKey];
-            writeStream.write(sep + JSON.stringify(item));
-            count++;
+	        xmlFileReadStream
+	          .pipe(xtreamerTransform)
+	          .pipe(new XtreamerClientTransform())
+	          .pipe(writeStream)
+	          .on("end", () => {
+	            console.log("ended");
+	          })
+	          .on("finish", () => {
+	            console.log("finished pipe");
+	          });
+	      } catch (e) {
+	        console.log(e);
+	        reject(e);
+	      }
+	    });
+	  };
 
-            if (win !== null) {
-              //console.log("have win", count, callbackEvent);
-              win.webContents.send(callbackEvent, {
-                count,
-              });
-            }
-          }
-        });
+	  parseCSVStream = (
+	    filepath,
+	    outpath,
+	    delimiter = ",",
+	    objectIdKey = null,
+	    headers = null, // optional array of headings to grab
+	    win = null,
+	    callbackEvent = null,
+	    limit = null,
+	  ) => {
+	    return new Promise((resolve, reject) => {
+	      try {
+	        const readStream = fs
+	          .createReadStream(filepath)
+	          .pipe(csv({ separator: delimiter }));
+	        const writeStream = fs.createWriteStream(outpath);
 
-        readStream.on("end", () => {
-          writeStream.write("]");
-          readStream.destroy();
-          resolve("Complete");
-        });
-      } catch (e) {
-        reject(e);
-      }
-    });
-  };
+	        let canParse = true;
 
-  /**
-   * transformFileToFile
-   * We want to convert a format from a file into a different format
-   * based on the mapper we have provided
-   *
-   * @param {*} win
-   * @param {*} filepath
-   * @param {*} outFilepath
-   * @param {*} mapping
-   */
-  transformFileToFile = (
-    win,
-    filepath,
-    outFilepath,
-    mappingFunctionBody,
-    args = ["refObj", "index"],
-    callbackEvent = null,
-  ) => {
-    return new Promise((resolve, reject) => {
-      // Validate mappingFunctionBody is a non-empty string
-      if (
-        typeof mappingFunctionBody !== "string" ||
-        !mappingFunctionBody.trim()
-      ) {
-        return reject(
-          new Error("mappingFunctionBody must be a non-empty string"),
-        );
-      }
+	        // separators for JSON
+	        let sep = "";
+	        let count = 0;
+	        writeStream.write("[\n");
 
-      // Enforce size limit on mapping function body
-      if (mappingFunctionBody.length > MAX_MAPPING_BODY_SIZE) {
-        return reject(
-          new Error(
-            "mappingFunctionBody exceeds maximum size of " +
-              MAX_MAPPING_BODY_SIZE +
-              " bytes",
-          ),
-        );
-      }
+	        readStream.on("data", (item) => {
+	          if (count > 0) {
+	            sep = ",\n";
+	          }
+	          // if we have specified a limit...
+	          if (limit !== null && limit <= count) {
+	            canParse = false;
+	            writeStream.write("]");
+	            readStream.destroy();
+	            resolve("Complete");
+	          }
+	          if (canParse === true) {
+	            item["objectID"] = item[objectIdKey];
+	            writeStream.write(sep + JSON.stringify(item));
+	            count++;
+
+	            if (win !== null) {
+	              //console.log("have win", count, callbackEvent);
+	              win.webContents.send(callbackEvent, {
+	                count,
+	              });
+	            }
+	          }
+	        });
 
-      // Validate file paths are within app data directory
-      const appDataDir = path$j.join(app$c.getPath("userData"), TRANSFORM_APP_NAME);
-      const resolvedFilepath = path$j.resolve(filepath);
-      const resolvedOutFilepath = path$j.resolve(outFilepath);
+	        readStream.on("end", () => {
+	          writeStream.write("]");
+	          readStream.destroy();
+	          resolve("Complete");
+	        });
+	      } catch (e) {
+	        reject(e);
+	      }
+	    });
+	  };
 
-      if (!resolvedFilepath.startsWith(appDataDir + path$j.sep)) {
-        return reject(
-          new Error(
-            "Input file path must be within the application data directory",
-          ),
-        );
-      }
-      if (!resolvedOutFilepath.startsWith(appDataDir + path$j.sep)) {
-        return reject(
-          new Error(
-            "Output file path must be within the application data directory",
-          ),
-        );
-      }
+	  /**
+	   * transformFileToFile
+	   * We want to convert a format from a file into a different format
+	   * based on the mapper we have provided
+	   *
+	   * @param {*} win
+	   * @param {*} filepath
+	   * @param {*} outFilepath
+	   * @param {*} mapping
+	   */
+	  transformFileToFile = (
+	    win,
+	    filepath,
+	    outFilepath,
+	    mappingFunctionBody,
+	    args = ["refObj", "index"],
+	    callbackEvent = null,
+	  ) => {
+	    return new Promise((resolve, reject) => {
+	      // Validate mappingFunctionBody is a non-empty string
+	      if (
+	        typeof mappingFunctionBody !== "string" ||
+	        !mappingFunctionBody.trim()
+	      ) {
+	        return reject(
+	          new Error("mappingFunctionBody must be a non-empty string"),
+	        );
+	      }
 
-      // JSON parser
-      var parser = JSONStream$1.parse("*");
+	      // Enforce size limit on mapping function body
+	      if (mappingFunctionBody.length > MAX_MAPPING_BODY_SIZE) {
+	        return reject(
+	          new Error(
+	            "mappingFunctionBody exceeds maximum size of " +
+	              MAX_MAPPING_BODY_SIZE +
+	              " bytes",
+	          ),
+	        );
+	      }
 
-      if (!fs$e.existsSync(resolvedFilepath)) {
-        return reject(new Error("File doesnt exist"));
-      }
-      console.log("file exists ", resolvedFilepath);
-      // create the readStream to parse the large file (json)
-      var readStream = fs$e.createReadStream(resolvedFilepath).pipe(parser);
+	      // Validate file paths are within app data directory
+	      const appDataDir = path.join(app.getPath("userData"), TRANSFORM_APP_NAME);
+	      const resolvedFilepath = path.resolve(filepath);
+	      const resolvedOutFilepath = path.resolve(outFilepath);
 
-      ensureDirectoryExistence$1(resolvedOutFilepath);
+	      if (!resolvedFilepath.startsWith(appDataDir + path.sep)) {
+	        return reject(
+	          new Error(
+	            "Input file path must be within the application data directory",
+	          ),
+	        );
+	      }
+	      if (!resolvedOutFilepath.startsWith(appDataDir + path.sep)) {
+	        return reject(
+	          new Error(
+	            "Output file path must be within the application data directory",
+	          ),
+	        );
+	      }
 
-      var writeStream = fs$e.createWriteStream(resolvedOutFilepath);
+	      // JSON parser
+	      var parser = JSONStream.parse("*");
 
-      let sep = "";
-      let count = 0;
+	      if (!fs.existsSync(resolvedFilepath)) {
+	        return reject(new Error("File doesnt exist"));
+	      }
+	      console.log("file exists ", resolvedFilepath);
+	      // create the readStream to parse the large file (json)
+	      var readStream = fs.createReadStream(resolvedFilepath).pipe(parser);
+
+	      ensureDirectoryExistence(resolvedOutFilepath);
+
+	      var writeStream = fs.createWriteStream(resolvedOutFilepath);
+
+	      let sep = "";
+	      let count = 0;
+
+	      // Compile the user-supplied mapping function inside a QuickJS
+	      // sandbox. The previous implementation compiled the body with
+	      // full Node.js privileges (filesystem, network, process). The
+	      // sandbox gives the body a tiny pure-JS surface (Math, JSON,
+	      // Date, primitives) and no host globals — see
+	      // electron/utils/safeJsExecutor.js for full rationale.
+	      //
+	      // createCompiled is async (the WASM module must be loaded). Use
+	      // .then/.catch instead of await because we're inside a sync
+	      // Promise executor.
+	      safeJsExecutor
+	        .createCompiled({
+	          body: mappingFunctionBody,
+	          args,
+	        })
+	        .then((executor) => {
+	          startStreamingWithExecutor(executor);
+	        })
+	        .catch((e) => {
+	          reject(
+	            new Error(
+	              "mappingFunctionBody failed to compile: " +
+	                (e && e.message ? e.message : String(e)),
+	            ),
+	          );
+	        });
 
-      // Compile the user-supplied mapping function inside a QuickJS
-      // sandbox. The previous implementation compiled the body with
-      // full Node.js privileges (filesystem, network, process). The
-      // sandbox gives the body a tiny pure-JS surface (Math, JSON,
-      // Date, primitives) and no host globals — see
-      // electron/utils/safeJsExecutor.js for full rationale.
-      //
-      // createCompiled is async (the WASM module must be loaded). Use
-      // .then/.catch instead of await because we're inside a sync
-      // Promise executor.
-      safeJsExecutor
-        .createCompiled({
-          body: mappingFunctionBody,
-          args,
-        })
-        .then((executor) => {
-          startStreamingWithExecutor(executor);
-        })
-        .catch((e) => {
-          reject(
-            new Error(
-              "mappingFunctionBody failed to compile: " +
-                (e && e.message ? e.message : String(e)),
-            ),
-          );
-        });
+	      function startStreamingWithExecutor(executor) {
+	        // begin the write stream
+	        writeStream.write("[\n");
 
-      function startStreamingWithExecutor(executor) {
-        // begin the write stream
-        writeStream.write("[\n");
+	        readStream.on("data", (data) => {
+	          try {
+	            if (count > 0) {
+	              sep = ",\n";
+	            }
 
-        readStream.on("data", (data) => {
-          try {
-            if (count > 0) {
-              sep = ",\n";
-            }
-
-            if (data) {
-              const result = executor.run([data, count], PER_RECORD_TIMEOUT_MS);
-              if (result.error) {
-                // Don't block the stream on a single bad record — log,
-                // skip, continue. Matches the previous try/catch in the
-                // unsandboxed implementation.
-                console.log(
-                  "[transform] mapping error on record " +
-                    count +
-                    ": " +
-                    result.error,
-                );
-                return;
-              }
+	            if (data) {
+	              const result = executor.run([data, count], PER_RECORD_TIMEOUT_MS);
+	              if (result.error) {
+	                // Don't block the stream on a single bad record — log,
+	                // skip, continue. Matches the previous try/catch in the
+	                // unsandboxed implementation.
+	                console.log(
+	                  "[transform] mapping error on record " +
+	                    count +
+	                    ": " +
+	                    result.error,
+	                );
+	                return;
+	              }
 
-              writeStream.write(sep + JSON.stringify(result.value));
+	              writeStream.write(sep + JSON.stringify(result.value));
 
-              if (callbackEvent !== null && win !== null) {
-                win.webContents.send(callbackEvent, { count });
-              }
+	              if (callbackEvent !== null && win !== null) {
+	                win.webContents.send(callbackEvent, { count });
+	              }
 
-              count++;
-            }
-          } catch (e) {
-            console.log(e.message);
-          }
-        });
+	              count++;
+	            }
+	          } catch (e) {
+	            console.log(e.message);
+	          }
+	        });
 
-        readStream.on("end", () => {
-          writeStream.write("\n]");
-          writeStream.close();
-          executor.dispose();
-          resolve("Complete: wrote " + count + " objects");
-        });
+	        readStream.on("end", () => {
+	          writeStream.write("\n]");
+	          writeStream.close();
+	          executor.dispose();
+	          resolve("Complete: wrote " + count + " objects");
+	        });
 
-        readStream.on("error", (err) => {
-          console.log("read stream error transform ", err.message);
-          executor.dispose();
-          reject(err);
-        });
-      } // end startStreamingWithExecutor
-    });
-  };
+	        readStream.on("error", (err) => {
+	          console.log("read stream error transform ", err.message);
+	          executor.dispose();
+	          reject(err);
+	        });
+	      } // end startStreamingWithExecutor
+	    });
+	  };
 
-  /**
-   * sanitizeLine (line of file)
-   * @param {String} line JSON data that we wish to sanitize
-   * @returns String the sanitized String
-   */
-  sanitizeLine = (line) => {
-    try {
-      let newLine = line;
+	  /**
+	   * sanitizeLine (line of file)
+	   * @param {String} line JSON data that we wish to sanitize
+	   * @returns String the sanitized String
+	   */
+	  sanitizeLine = (line) => {
+	    try {
+	      let newLine = line;
 
-      if (line.slice(-1) === ",") {
-        newLine = newLine.slice(0, -1);
-      }
+	      if (line.slice(-1) === ",") {
+	        newLine = newLine.slice(0, -1);
+	      }
 
-      if (line.slice(0, 1) === "[") {
-        newLine = newLine.slice(1);
-      }
+	      if (line.slice(0, 1) === "[") {
+	        newLine = newLine.slice(1);
+	      }
 
-      return newLine;
-    } catch (e) {
-      return line;
-    }
-  };
-};
+	      return newLine;
+	    } catch (e) {
+	      return line;
+	    }
+	  };
+	}
 
-var transform = Transform$1;
+	transform = Transform;
+	return transform;
+}
 
-const { app: app$b } = require$$0$1;
-var fs$d = require$$0$2;
-const path$i = require$$1$2;
+const { app: app$a } = require$$0$1;
+var fs$c = require$$0$2;
+const path$h = require$$1$1;
 const events$5 = events$8;
 const { getFileContents: getFileContents$5, writeToFile: writeToFile$2 } = file;
 const { safePath: safePath$2, getAllowedRoots: getAllowedRoots$1 } = safePath_1;
+const { gateFsCall, gateFsCallWithJit } = fsGate;
+const { readEnforceFlag: readEnforceFlag$1, readJitFlag: readJitFlag$1 } = securityFlags;
+
+// Reads the enforcement + JIT flags from settings.json. Mirrors the
+// helper in mcpController. The flag is shared across MCP and fs domains
+// — see Phase 2 plan for rationale (the cosmetic rename to a
+// domain-neutral name is a separate slice).
+function _loadFlags() {
+  try {
+    const settingsPath = path$h.join(
+      app$a.getPath("userData"),
+      appName$5,
+      "settings.json",
+    );
+    if (!fs$c.existsSync(settingsPath)) return null;
+    return JSON.parse(fs$c.readFileSync(settingsPath, "utf8"));
+  } catch (_e) {
+    return null;
+  }
+}
+
+/**
+ * Run the fs gate before a dataController handler does its work.
+ * On deny, sends an error event to the renderer and returns false so
+ * the caller can early-out. On allow, returns true.
+ *
+ * @returns {Promise<boolean>}
+ */
+async function _runFsGate(win, action, widgetId, args, errorEvent) {
+  const settings = _loadFlags();
+  if (!readEnforceFlag$1(settings)) return true; // gate disabled
+  if (!widgetId) return true; // legacy callers without widgetId — see plan
+  const gate = readJitFlag$1(settings)
+    ? await gateFsCallWithJit({ widgetId, action, args }, { enableJit: true })
+    : gateFsCall({ widgetId, action, args });
+  if (gate.allow) return true;
+  if (win && errorEvent) {
+    win.webContents.send(errorEvent, {
+      success: false,
+      message: "fs permission gate: " + gate.reason,
+    });
+  }
+  return false;
+}
 
 // Convert Json to Csv
-const ObjectsToCsv = require$$6$1;
-const Transform = transform;
-const https$3 = require$$8$1;
+const ObjectsToCsv = require$$8$1;
+const Transform = requireTransform();
+const https$3 = require$$10;
 const appName$5 = "Dashboard";
 
 const dataController$1 = {
@@ -2532,8 +3357,8 @@ const dataController$1 = {
       // Validate the renderer-supplied filename is contained within
       // the data directory. path.join doesn't reject `..` segments;
       // safePath does.
-      const candidate = path$i.join(
-        app$b.getPath("userData"),
+      const candidate = path$h.join(
+        app$a.getPath("userData"),
         appName$5,
         appId,
         "data",
@@ -2691,7 +3516,7 @@ const dataController$1 = {
       // intent, plus realpath/symlink protection.
       const resolvedFilepath = safePath$2(toFilepath, getAllowedRoots$1("data"));
 
-      const writeStream = fs$d.createWriteStream(resolvedFilepath);
+      const writeStream = fs$c.createWriteStream(resolvedFilepath);
 
       https$3
         .get(url, (resp) => {
@@ -2850,13 +3675,31 @@ const dataController$1 = {
    * @param {*} append
    * @param {*} returnEmpty
    */
-  saveToFile: (win, data, filename, append, returnEmpty = {}) => {
+  saveToFile: async (
+    win,
+    data,
+    filename,
+    append,
+    returnEmpty = {},
+    widgetId = null,
+  ) => {
+    // Phase 2 fs gate. Runs before safePath containment so JIT can
+    // prompt the user without leaking path-shape information through
+    // error timing. See electron/security/fsGate.js.
+    const gateOk = await _runFsGate(
+      win,
+      "saveToFile",
+      widgetId,
+      { filename },
+      events$5.DATA_SAVE_TO_FILE_ERROR,
+    );
+    if (!gateOk) return;
     try {
       if (data) {
         // Validate filename is contained within the data directory.
         // path.join doesn't reject `..` segments; safePath does.
-        const candidate = path$i.join(
-          app$b.getPath("userData"),
+        const candidate = path$h.join(
+          app$a.getPath("userData"),
           appName$5,
           "data",
           filename,
@@ -2944,12 +3787,21 @@ const dataController$1 = {
     }
   },
 
-  readFromFile: (win, filename, returnIfEmpty = {}) => {
+  readFromFile: async (win, filename, returnIfEmpty = {}, widgetId = null) => {
+    // Phase 2 fs gate — same as saveToFile.
+    const gateOk = await _runFsGate(
+      win,
+      "readFromFile",
+      widgetId,
+      { filename },
+      events$5.DATA_READ_FROM_FILE_ERROR,
+    );
+    if (!gateOk) return;
     try {
       if (filename) {
         // filename to the pages file (live pages)
-        const fromFilename = path$i.join(
-          app$b.getPath("userData"),
+        const fromFilename = path$h.join(
+          app$a.getPath("userData"),
           appName$5,
           "data",
           filename,
@@ -3029,9 +3881,9 @@ var dataController_1 = dataController$1;
  * settingsController
  */
 
-const { app: app$a } = require$$0$1;
-const path$h = require$$1$2;
-const fs$c = require$$0$2;
+const { app: app$9 } = require$$0$1;
+const path$g = require$$1$1;
+const fs$b = require$$0$2;
 const { getFileContents: getFileContents$4, writeToFile: writeToFile$1 } = file;
 
 const configFilename$3 = "settings.json";
@@ -3039,15 +3891,15 @@ const appName$4 = "Dashboard";
 
 // Helper function to recursively copy directory
 function copyDirectory(source, destination) {
-  if (!fs$c.existsSync(destination)) {
-    fs$c.mkdirSync(destination, { recursive: true });
+  if (!fs$b.existsSync(destination)) {
+    fs$b.mkdirSync(destination, { recursive: true });
   }
 
-  const files = fs$c.readdirSync(source);
+  const files = fs$b.readdirSync(source);
   for (const file of files) {
-    const srcPath = path$h.join(source, file);
-    const destPath = path$h.join(destination, file);
-    const stat = fs$c.lstatSync(srcPath);
+    const srcPath = path$g.join(source, file);
+    const destPath = path$g.join(destination, file);
+    const stat = fs$b.lstatSync(srcPath);
 
     // Skip symlinks to prevent following links to sensitive files
     if (stat.isSymbolicLink()) {
@@ -3058,7 +3910,7 @@ function copyDirectory(source, destination) {
     if (stat.isDirectory()) {
       copyDirectory(srcPath, destPath);
     } else {
-      fs$c.copyFileSync(srcPath, destPath);
+      fs$b.copyFileSync(srcPath, destPath);
     }
   }
 }
@@ -3074,8 +3926,8 @@ const settingsController$4 = {
     try {
       if (data) {
         // <appId>/settings.json
-        const filename = path$h.join(
-          app$a.getPath("userData"),
+        const filename = path$g.join(
+          app$9.getPath("userData"),
           appName$4,
           configFilename$3,
         );
@@ -3110,8 +3962,8 @@ const settingsController$4 = {
   getSettingsForApplication: (win) => {
     try {
       // <appId>/settings.json
-      const filename = path$h.join(
-        app$a.getPath("userData"),
+      const filename = path$g.join(
+        app$9.getPath("userData"),
         appName$4,
         configFilename$3,
       );
@@ -3141,15 +3993,15 @@ const settingsController$4 = {
    */
   getDataDirectory: (win) => {
     try {
-      const settingsPath = path$h.join(
-        app$a.getPath("userData"),
+      const settingsPath = path$g.join(
+        app$9.getPath("userData"),
         appName$4,
         configFilename$3,
       );
       const settings = getFileContents$4(settingsPath, {});
       const userDataDir =
         settings.userDataDirectory ||
-        path$h.join(app$a.getPath("userData"), appName$4);
+        path$g.join(app$9.getPath("userData"), appName$4);
 
       console.log("[settingsController] Data directory retrieved successfully");
       // Return the data for ipcMain.handle() - modern promise-based approach
@@ -3176,18 +4028,18 @@ const settingsController$4 = {
   setDataDirectory: (win, newPath) => {
     try {
       // Validate the path exists and is a directory
-      if (!fs$c.existsSync(newPath)) {
-        fs$c.mkdirSync(newPath, { recursive: true });
+      if (!fs$b.existsSync(newPath)) {
+        fs$b.mkdirSync(newPath, { recursive: true });
       }
 
-      const stats = fs$c.statSync(newPath);
+      const stats = fs$b.statSync(newPath);
       if (!stats.isDirectory()) {
         throw new Error("Path is not a directory");
       }
 
       // Update settings
-      const settingsPath = path$h.join(
-        app$a.getPath("userData"),
+      const settingsPath = path$g.join(
+        app$9.getPath("userData"),
         appName$4,
         configFilename$3,
       );
@@ -3220,20 +4072,20 @@ const settingsController$4 = {
   migrateDataDirectory: (win, oldPath, newPath) => {
     try {
       // Resolve paths to prevent traversal
-      const resolvedOldPath = path$h.resolve(oldPath);
-      const resolvedNewPath = path$h.resolve(newPath);
+      const resolvedOldPath = path$g.resolve(oldPath);
+      const resolvedNewPath = path$g.resolve(newPath);
 
       // Validate oldPath is the current configured data directory
-      const settingsCheckPath = path$h.join(
-        app$a.getPath("userData"),
+      const settingsCheckPath = path$g.join(
+        app$9.getPath("userData"),
         appName$4,
         configFilename$3,
       );
       const currentSettings = getFileContents$4(settingsCheckPath, {});
       const currentDataDir =
         currentSettings.userDataDirectory ||
-        path$h.join(app$a.getPath("userData"), appName$4);
-      if (resolvedOldPath !== path$h.resolve(currentDataDir)) {
+        path$g.join(app$9.getPath("userData"), appName$4);
+      if (resolvedOldPath !== path$g.resolve(currentDataDir)) {
         throw new Error("Source path must be the current data directory");
       }
 
@@ -3257,20 +4109,20 @@ const settingsController$4 = {
       }
 
       // Validate paths
-      if (!fs$c.existsSync(resolvedOldPath)) {
+      if (!fs$b.existsSync(resolvedOldPath)) {
         throw new Error("Source directory does not exist");
       }
 
-      if (!fs$c.existsSync(resolvedNewPath)) {
-        fs$c.mkdirSync(resolvedNewPath, { recursive: true });
+      if (!fs$b.existsSync(resolvedNewPath)) {
+        fs$b.mkdirSync(resolvedNewPath, { recursive: true });
       }
 
       // Copy files
       copyDirectory(resolvedOldPath, resolvedNewPath);
 
       // Update settings to use new path
-      const settingsPath = path$h.join(
-        app$a.getPath("userData"),
+      const settingsPath = path$g.join(
+        app$9.getPath("userData"),
         appName$4,
         configFilename$3,
       );
@@ -3553,7 +4405,7 @@ function requireProviderController () {
 	if (hasRequiredProviderController) return providerController_1;
 	hasRequiredProviderController = 1;
 	const { app, safeStorage } = require$$0$1;
-	const path = require$$1$2;
+	const path = require$$1$1;
 	const { writeFileSync, readFileSync, existsSync } = require$$0$2;
 	const {
 	  ensureDirectoryExistence,
@@ -3934,8 +4786,8 @@ function requireProviderController () {
 	return providerController_1;
 }
 
-const { app: app$9 } = require$$0$1;
-const path$g = require$$1$2;
+const { app: app$8 } = require$$0$1;
+const path$f = require$$1$1;
 const { writeFileSync: writeFileSync$1 } = require$$0$2;
 const events$4 = events$8;
 const { getFileContents: getFileContents$3 } = file;
@@ -3955,8 +4807,8 @@ const layoutController$1 = {
   saveLayoutForApplication: (win, appId, layoutObject) => {
     try {
       // filename to the pages file (live pages)
-      const filename = path$g.join(
-        app$9.getPath("userData"),
+      const filename = path$f.join(
+        app$8.getPath("userData"),
         appName$3,
         appId,
         configFilename$2,
@@ -3988,8 +4840,8 @@ const layoutController$1 = {
    */
   listLayoutsForApplication: (win, appId) => {
     try {
-      const filename = path$g.join(
-        app$9.getPath("userData"),
+      const filename = path$f.join(
+        app$8.getPath("userData"),
         appName$3,
         appId,
         configFilename$2,
@@ -21152,455 +22004,6 @@ let StreamableHTTPClientTransport$1 = class StreamableHTTPClientTransport {
 };
 streamableHttp$1.StreamableHTTPClientTransport = StreamableHTTPClientTransport$1;
 
-/**
- * grantedPermissions.js
- *
- * Stores the user's actual MCP permission grants per widget. This is the
- * Slice-2 enforcement source of truth — separate from the widget's declared
- * `dash.permissions.mcp` block (which is just a request).
- *
- * The runtime gate (permissionGate.gateToolCall) reads from here only.
- * A widget with a declared manifest but no grant entry has no access:
- * fail-closed. The user grants permissions at install time (consent modal)
- * or later in Settings → Privacy & Security.
- *
- * Storage: userData/widgetMcpGrants.json. Atomic writes via tmp + rename.
- *
- * Shape on disk:
- *   {
- *     "@trops/notes-summarizer": {
- *       "servers": {
- *         "filesystem": {
- *           "tools": ["read_file"],
- *           "readPaths": ["/Users/jane/Documents/notes"],
- *           "writePaths": []
- *         }
- *       }
- *     }
- *   }
- *
- * Note: paths are stored as-is (already tilde-expanded by the manifest
- * parser before grants are written). Tests can re-expand via
- * widgetPermissions.expandHome if they store ~ literals.
- *
- * Public API:
- *   getGrant(widgetId) → grant | null
- *   setGrant(widgetId, perms) → boolean
- *   revokeGrant(widgetId) → boolean
- *   revokeServer(widgetId, serverName) → boolean
- *   listAllGrants() → [{ widgetId, granted }]
- *   clearCache() → void   // test-only
- */
-
-const fs$b = require$$0$2;
-const path$f = require$$1$2;
-const { app: app$8 } = require$$0$1;
-
-const FILE_NAME = "widgetMcpGrants.json";
-
-// In-process cache of the entire grants file. Lazily loaded; invalidated
-// on every write.
-let _cache$1 = null;
-
-function grantsFilePath() {
-  return path$f.join(app$8.getPath("userData"), FILE_NAME);
-}
-
-function loadFromDisk() {
-  const p = grantsFilePath();
-  if (!fs$b.existsSync(p)) return {};
-  try {
-    const raw = fs$b.readFileSync(p, "utf8");
-    const parsed = JSON.parse(raw);
-    if (!parsed || typeof parsed !== "object") return {};
-    return parsed;
-  } catch (e) {
-    console.warn("[grantedPermissions] failed to read " + p + ": " + e.message);
-    return {};
-  }
-}
-
-function ensureCache() {
-  if (_cache$1 === null) _cache$1 = loadFromDisk();
-  return _cache$1;
-}
-
-function writeToDisk(data) {
-  const p = grantsFilePath();
-  const tmp = p + ".tmp";
-  // Ensure parent dir exists (userData should already, but be defensive
-  // for first-launch / freshly-cleared profile cases).
-  fs$b.mkdirSync(path$f.dirname(p), { recursive: true });
-  fs$b.writeFileSync(tmp, JSON.stringify(data, null, 2), "utf8");
-  fs$b.renameSync(tmp, p);
-}
-
-// Recognized origins for a persisted grant.
-//   "declared"   — user approved against the developer's declared
-//                  dash.permissions.mcp block at install time.
-//   "discovered" — install-time scanner produced a synthetic manifest
-//                  the user approved.
-//   "manual"     — user typed entries themselves in
-//                  Settings → Privacy & Security with no manifest backing.
-//   "live"       — user approved a just-in-time consent prompt at
-//                  runtime when a tool call hit the gate without a
-//                  matching grant.
-// Other values are dropped on persist (legacy grants stay null).
-const ALLOWED_GRANT_ORIGINS = new Set([
-  "declared",
-  "discovered",
-  "manual",
-  "live",
-]);
-
-/**
- * Sanitize a perms object before persisting. Drops unknown keys, coerces
- * arrays of strings, and silently ignores malformed servers. Mirrors the
- * shape produced by parseManifestPermissions so the gate reads either
- * declared or granted with the same code path.
- *
- * Optional `grantOrigin` field is preserved when it's one of the
- * recognized values; bogus values are dropped.
- */
-function sanitizePerms(perms) {
-  if (!perms || typeof perms !== "object") return null;
-  const rawServers =
-    perms.servers && typeof perms.servers === "object" ? perms.servers : null;
-  if (!rawServers) return null;
-
-  const servers = {};
-  for (const [name, raw] of Object.entries(rawServers)) {
-    if (!raw || typeof raw !== "object") continue;
-    servers[name] = {
-      tools: Array.isArray(raw.tools)
-        ? raw.tools.filter((t) => typeof t === "string")
-        : [],
-      readPaths: Array.isArray(raw.readPaths)
-        ? raw.readPaths.filter((p) => typeof p === "string")
-        : [],
-      writePaths: Array.isArray(raw.writePaths)
-        ? raw.writePaths.filter((p) => typeof p === "string")
-        : [],
-    };
-  }
-  const out = { servers };
-  if (
-    typeof perms.grantOrigin === "string" &&
-    ALLOWED_GRANT_ORIGINS.has(perms.grantOrigin)
-  ) {
-    out.grantOrigin = perms.grantOrigin;
-  }
-  return out;
-}
-
-function getGrant$2(widgetId) {
-  if (typeof widgetId !== "string" || !widgetId) return null;
-  const all = ensureCache();
-  return all[widgetId] || null;
-}
-
-function setGrant$2(widgetId, perms) {
-  if (typeof widgetId !== "string" || !widgetId) return false;
-  const sanitized = sanitizePerms(perms);
-  if (!sanitized) return false;
-  const all = ensureCache();
-  all[widgetId] = sanitized;
-  try {
-    writeToDisk(all);
-    return true;
-  } catch (e) {
-    console.warn(
-      "[grantedPermissions] failed to write grant for " +
-        widgetId +
-        ": " +
-        e.message,
-    );
-    // Roll back the cache entry so memory matches disk.
-    _cache$1 = loadFromDisk();
-    return false;
-  }
-}
-
-function revokeGrant$1(widgetId) {
-  if (typeof widgetId !== "string" || !widgetId) return false;
-  const all = ensureCache();
-  if (!Object.prototype.hasOwnProperty.call(all, widgetId)) return false;
-  delete all[widgetId];
-  try {
-    writeToDisk(all);
-    return true;
-  } catch (e) {
-    console.warn(
-      "[grantedPermissions] failed to revoke grant for " +
-        widgetId +
-        ": " +
-        e.message,
-    );
-    _cache$1 = loadFromDisk();
-    return false;
-  }
-}
-
-function revokeServer$1(widgetId, serverName) {
-  if (typeof widgetId !== "string" || !widgetId) return false;
-  if (typeof serverName !== "string" || !serverName) return false;
-  const all = ensureCache();
-  const widgetEntry = all[widgetId];
-  if (!widgetEntry || !widgetEntry.servers) return false;
-  if (!Object.prototype.hasOwnProperty.call(widgetEntry.servers, serverName))
-    return false;
-  delete widgetEntry.servers[serverName];
-  try {
-    writeToDisk(all);
-    return true;
-  } catch (e) {
-    console.warn(
-      "[grantedPermissions] failed to revoke server " +
-        serverName +
-        " for " +
-        widgetId +
-        ": " +
-        e.message,
-    );
-    _cache$1 = loadFromDisk();
-    return false;
-  }
-}
-
-function listAllGrants$1() {
-  const all = ensureCache();
-  return Object.entries(all).map(([widgetId, granted]) => ({
-    widgetId,
-    granted,
-  }));
-}
-
-function clearCache$1() {
-  _cache$1 = null;
-}
-
-var grantedPermissions = {
-  getGrant: getGrant$2,
-  setGrant: setGrant$2,
-  revokeGrant: revokeGrant$1,
-  revokeServer: revokeServer$1,
-  listAllGrants: listAllGrants$1,
-  clearCache: clearCache$1,
-  ALLOWED_GRANT_ORIGINS,
-};
-
-/**
- * jitConsent.js
- *
- * Just-in-time permission consent for widget→backend calls.
- *
- * When a widget hits a gate without an existing grant for the requested
- * (domain, action, args), the gate calls `requestApproval` which:
- *   1. Synchronously emits `widget:permission-required` to all
- *      BrowserWindows with a unique requestId.
- *   2. Returns a Promise that resolves on user response or rejects on
- *      timeout.
- *   3. Coalesces requests with the same coalescing key so a widget
- *      bursting identical calls produces one prompt, not many.
- *
- * The renderer's JitConsentModal subscribes to the event, presents the
- * user with granularity options (this once / this tool / this tool +
- * parent dir), and replies via `widget:permission-response` with
- * `{ requestId, decision }`. main.js wires the IPC handler back to
- * `_handleResponse`.
- *
- * The module is intentionally domain-agnostic in shape — the request
- * payload carries `domain` so future plug-ins (fs, algolia, llm) reuse
- * the same machinery. Phase 1 only emits with `domain: "mcp"`.
- *
- * Public surface:
- *   requestApproval(req, opts) → Promise<{ approve, scope?, ... }>
- *   _handleResponse({ requestId, decision }) → void   (called from main.js IPC)
- *   _resetForTest() → void                            (test-only)
- */
-
-const { BrowserWindow: BrowserWindow$2, ipcMain: ipcMain$2 } = require$$0$1;
-
-const REQUEST_CHANNEL = "widget:permission-required";
-const RESPONSE_CHANNEL = "widget:permission-response";
-const DEFAULT_TIMEOUT_MS = 60_000;
-
-// requestId → { resolve, reject, timeout, coalesceKey, joinedResolvers }
-const _pending = new Map();
-// coalesceKey → requestId (so duplicate requests join the live one)
-const _coalesce = new Map();
-let _idCounter = 0;
-
-function nextRequestId() {
-  _idCounter += 1;
-  return `jit-${Date.now()}-${_idCounter}`;
-}
-
-/**
- * Build a coalescing key from the request. Two requests share the same
- * key iff they're "the same prompt" — same widget, same domain+action,
- * same target server/tool. Args beyond that (e.g. exact path) DON'T
- * differentiate; if the user is being asked about read_file already,
- * approving handles all current paths.
- */
-function coalesceKeyOf(req) {
-  if (req.domain === "mcp") {
-    const innerArgs = req.args || {};
-    return [
-      req.widgetId,
-      "mcp",
-      innerArgs.serverName || "",
-      innerArgs.toolName || "",
-    ].join("::");
-  }
-  // Default: domain + action + serialized top-level args
-  return [
-    req.widgetId,
-    req.domain,
-    req.action,
-    JSON.stringify(req.args || {}),
-  ].join("::");
-}
-
-function emitEvent(payload) {
-  let wins = [];
-  try {
-    wins = BrowserWindow$2.getAllWindows() || [];
-  } catch {
-    wins = [];
-  }
-  for (const w of wins) {
-    try {
-      w?.webContents?.send?.(REQUEST_CHANNEL, payload);
-    } catch {
-      // best-effort broadcast
-    }
-  }
-}
-
-function validateRequest(req) {
-  if (!req || typeof req !== "object") return "invalid request: not an object";
-  if (typeof req.widgetId !== "string" || !req.widgetId)
-    return "invalid request: widgetId required";
-  if (typeof req.domain !== "string" || !req.domain)
-    return "invalid request: domain required";
-  if (typeof req.action !== "string" || !req.action)
-    return "invalid request: action required";
-  return null;
-}
-
-/**
- * Request user approval for an out-of-grant call. Returns a promise
- * that resolves with the user's decision or rejects on timeout / bad
- * input.
- *
- * decision shape (resolved value):
- *   { approve: true, scope: "once" | "tool" | "parent" | "custom", ...extras }
- *   { approve: false, reason?: string }
- *
- * `scope` informs the caller how to write the resulting grant.
- */
-function requestApproval$1(req, opts = {}) {
-  const validation = validateRequest(req);
-  if (validation) {
-    return Promise.reject(new Error(validation));
-  }
-
-  const timeoutMs = Number.isFinite(opts.timeoutMs)
-    ? opts.timeoutMs
-    : DEFAULT_TIMEOUT_MS;
-
-  // If a prompt for the same coalesce key is already pending, join it.
-  const key = coalesceKeyOf(req);
-  if (_coalesce.has(key)) {
-    const existingId = _coalesce.get(key);
-    const existing = _pending.get(existingId);
-    if (existing) {
-      return new Promise((resolve, reject) => {
-        existing.joinedResolvers.push({ resolve, reject });
-      });
-    }
-    // Stale coalesce entry; drop and fall through to a fresh request.
-    _coalesce.delete(key);
-  }
-
-  return new Promise((resolve, reject) => {
-    const requestId = nextRequestId();
-    const timeout = setTimeout(() => {
-      const entry = _pending.get(requestId);
-      if (!entry) return;
-      _pending.delete(requestId);
-      _coalesce.delete(entry.coalesceKey);
-      const err = new Error(
-        `JIT consent timed out for ${req.widgetId} (${req.domain}/${req.action}) after ${timeoutMs}ms`,
-      );
-      reject(err);
-      for (const j of entry.joinedResolvers) j.reject(err);
-    }, timeoutMs);
-
-    _pending.set(requestId, {
-      resolve,
-      reject,
-      timeout,
-      coalesceKey: key,
-      joinedResolvers: [],
-    });
-    _coalesce.set(key, requestId);
-
-    emitEvent({
-      requestId,
-      widgetId: req.widgetId,
-      domain: req.domain,
-      action: req.action,
-      args: req.args || {},
-    });
-  });
-}
-
-function _handleResponse({ requestId, decision } = {}) {
-  if (!requestId || typeof requestId !== "string") return;
-  const entry = _pending.get(requestId);
-  if (!entry) return; // unknown request — drop silently
-  clearTimeout(entry.timeout);
-  _pending.delete(requestId);
-  _coalesce.delete(entry.coalesceKey);
-  const safe =
-    decision && typeof decision === "object" ? decision : { approve: false };
-  entry.resolve(safe);
-  for (const j of entry.joinedResolvers) j.resolve(safe);
-}
-
-function _resetForTest() {
-  for (const entry of _pending.values()) clearTimeout(entry.timeout);
-  _pending.clear();
-  _coalesce.clear();
-  _idCounter = 0;
-}
-
-let _handlersRegistered = false;
-/**
- * Wire the renderer→main response IPC. Idempotent.
- * Call once from main.js alongside other ipcMain setup.
- */
-function setupJitConsentHandlers() {
-  if (_handlersRegistered) return;
-  if (!ipcMain$2 || typeof ipcMain$2.on !== "function") return;
-  ipcMain$2.on(RESPONSE_CHANNEL, (_event, payload) => {
-    _handleResponse(payload);
-  });
-  _handlersRegistered = true;
-}
-
-var jitConsent$1 = {
-  requestApproval: requestApproval$1,
-  setupJitConsentHandlers,
-  _handleResponse,
-  _resetForTest,
-  REQUEST_CHANNEL,
-  RESPONSE_CHANNEL,
-  DEFAULT_TIMEOUT_MS,
-};
-
 /**
  * permissionGate.js
  *
@@ -22081,37 +22484,6 @@ var mcpScopeResolver = {
   applyPathScopeToCredentials: applyPathScopeToCredentials$1,
 };
 
-/**
- * securityFlags.js
- *
- * Centralized readers for the two boolean security flags that gate the
- * MCP allowlist stack:
- *   - security.enforceWidgetMcpPermissions
- *   - security.enableJitConsent
- *
- * **Default semantics: ON.** A missing settings.json, a missing
- * `security` block, or an undefined field all yield `true`. Only an
- * explicit `false` opts out. This is intentional — the security stack
- * is on by default; users have to actively disable it. The
- * Privacy & Security panel surfaces the toggles + a confirm-on-disable
- * dialog so the disable path is deliberate.
- *
- * The readers are pure functions of a settings object so the
- * default-on semantics are pinned by unit tests without touching the
- * filesystem. The callers in mcpController.js wrap these with
- * settings.json IO.
- */
-
-function readEnforceFlag$1(settings) {
-  return settings?.security?.enforceWidgetMcpPermissions !== false;
-}
-
-function readJitFlag$1(settings) {
-  return settings?.security?.enableJitConsent !== false;
-}
-
-var securityFlags = { readEnforceFlag: readEnforceFlag$1, readJitFlag: readJitFlag$1 };
-
 /**
  * mcpController.js
  *
@@ -22128,11 +22500,11 @@ var securityFlags = { readEnforceFlag: readEnforceFlag$1, readJitFlag: readJitFl
 const { Client } = require$$0$5;
 const {
   StdioClientTransport,
-} = require$$1$4;
+} = require$$1$3;
 const {
   StreamableHTTPClientTransport,
 } = streamableHttp$1;
-const path$e = require$$1$2;
+const path$e = require$$1$1;
 const fs$a = require$$0$2;
 const os$2 = require$$2$1;
 const responseCache$2 = responseCache_1;
@@ -22491,7 +22863,7 @@ async function refreshGoogleOAuthToken(tokenRefresh) {
 
   console.log("[mcpController] Refreshing Google OAuth token...");
 
-  const https = require$$8$1;
+  const https = require$$10;
   const postData = [
     `client_id=${encodeURIComponent(keyData.client_id)}`,
     `client_secret=${encodeURIComponent(keyData.client_secret)}`,
@@ -23288,7 +23660,7 @@ const mcpController$3 = {
       const sourcePath = credentials?.[from];
       if (sourcePath) {
         const destPath = to.replace(/^~/, os$2.homedir());
-        const destDir = require$$1$2.dirname(destPath);
+        const destDir = require$$1$1.dirname(destPath);
         try {
           fs$a.mkdirSync(destDir, { recursive: true });
           fs$a.copyFileSync(sourcePath, destPath);
@@ -23508,7 +23880,7 @@ const REGISTRY_BASE_URL$1 =
 let store$3 = null;
 function getStore$1() {
   if (!store$3) {
-    const Store = require$$1$1;
+    const Store = require$$0$6;
     store$3 = new Store({
       name: "dash-registry-auth",
       encryptionKey: "dash-registry-v1",
@@ -23876,7 +24248,7 @@ function commonjsRequire(path) {
  */
 
 const fs$9 = require$$0$2;
-const path$d = require$$1$2;
+const path$d = require$$1$1;
 
 /**
  * Structured error thrown by compileWidget() when the underlying
@@ -24193,7 +24565,7 @@ var widgetCompiler$1 = {
  */
 
 const fs$8 = require$$0$2;
-const path$c = require$$1$2;
+const path$c = require$$1$1;
 const vm = require$$2$2;
 const { findWidgetsDir: findWidgetsDir$1 } = widgetCompiler$1;
 
@@ -24484,7 +24856,7 @@ var dynamicWidgetLoaderExports = dynamicWidgetLoader$3.exports;
  */
 
 const fs$7 = require$$0$2;
-const path$b = require$$1$2;
+const path$b = require$$1$1;
 const os$1 = require$$2$1;
 const { app: app$6 } = require$$0$1;
 
@@ -24613,7 +24985,7 @@ var widgetPermissions = {
  */
 
 const fs$6 = require$$0$2;
-const path$a = require$$1$2;
+const path$a = require$$1$1;
 
 const SOURCE_EXTENSIONS = new Set([
   ".js",
@@ -24793,8 +25165,8 @@ var manifestScanner = {
  * and dispatching task-fired events to renderer windows.
  */
 
-const Store$1 = require$$1$1;
-const { Cron } = require$$1$5;
+const Store$1 = require$$0$6;
+const { Cron } = require$$1$4;
 
 const store$2 = new Store$1({ name: "dash-scheduler" });
 
@@ -25316,7 +25688,7 @@ var schedulerController_1 = schedulerController$2;
 
 (function (module) {
 	const fs = require$$0$2;
-	const path = require$$1$2;
+	const path = require$$1$1;
 	const os = require$$2$1;
 	const AdmZip = require$$3$2;
 	const { fileURLToPath } = require$$4$1;
@@ -26839,7 +27211,7 @@ var widgetRegistryExports = widgetRegistry$1.exports;
  * - Support two-level browsing: packages (bundles) and widgets within packages
  */
 
-const path$9 = require$$1$2;
+const path$9 = require$$1$1;
 const fs$5 = require$$0$2;
 const os = require$$2$1;
 const { toPackageId } = packageId;
@@ -28009,7 +28381,7 @@ const algoliaController$1 = {
 
 var algoliaController_1 = algoliaController$1;
 
-const OpenAI = require$$0$6;
+const OpenAI = require$$0$7;
 const events$2 = events$8;
 
 const openaiController$1 = {
@@ -28113,7 +28485,7 @@ function upsertMenuItem$1(items, menuItem) {
 var upsertMenuItem_1 = { upsertMenuItem: upsertMenuItem$1 };
 
 const { app: app$5 } = require$$0$1;
-const path$7 = require$$1$2;
+const path$7 = require$$1$1;
 const { writeFileSync } = require$$0$2;
 const { getFileContents: getFileContents$2 } = file;
 const { upsertMenuItem } = upsertMenuItem_1;
@@ -28169,7 +28541,7 @@ const menuItemsController$1 = {
 
 var menuItemsController_1 = menuItemsController$1;
 
-const path$6 = require$$1$2;
+const path$6 = require$$1$1;
 const { app: app$4 } = require$$0$1;
 
 const pluginController$1 = {
@@ -46388,13 +46760,13 @@ __export(src_exports, {
 var dist = __toCommonJS(src_exports);
 
 // src/server.ts
-var import_node_http = require$$0$7;
+var import_node_http = require$$0$8;
 
 // src/listener.ts
-var import_node_http22 = require$$1$6;
+var import_node_http22 = require$$1$5;
 
 // src/request.ts
-var import_node_http2 = require$$1$6;
+var import_node_http2 = require$$1$5;
 var import_node_stream = require$$5;
 var RequestError = class extends Error {
   constructor(message, options) {
@@ -47972,7 +48344,7 @@ streamableHttp.StreamableHTTPServerTransport = StreamableHTTPServerTransport$1;
  */
 
 const fs$2 = require$$0$2;
-const path$5 = require$$1$2;
+const path$5 = require$$1$1;
 const forge = require$$2$4;
 
 /**
@@ -48166,7 +48538,7 @@ var jsonSchemaToZod_1 = { jsonSchemaToZod: jsonSchemaToZod$1, jsonSchemaProperty
  *   - Rate limiting via token bucket (60 req/min)
  */
 
-const https$1 = require$$8$1;
+const https$1 = require$$10;
 const { randomUUID } = require$$3$4;
 const { BrowserWindow: BrowserWindow$1 } = require$$0$1;
 const { McpServer } = mcp;
@@ -48371,7 +48743,7 @@ function saveMcpServerSettings(win, mcpSettings) {
 function resolveAppId() {
   const { app } = require$$0$1;
   const fs = require$$0$2;
-  const path = require$$1$2;
+  const path = require$$1$1;
   const dashboardDir = path.join(app.getPath("userData"), "Dashboard");
   try {
     const entries = fs.readdirSync(dashboardDir, { withFileTypes: true });
@@ -49973,10 +50345,10 @@ var themeFromUrlErrors$1 = {
  * computed styles, and favicon/logo images (via node-vibrant).
  */
 
-const css = require$$0$8;
-const { Vibrant } = require$$1$7;
-const https = require$$8$1;
-const http = require$$0$7;
+const css = require$$0$9;
+const { Vibrant } = require$$1$6;
+const https = require$$10;
+const http = require$$0$8;
 const { URL: URL$1 } = require$$4$1;
 const {
   UrlUnreachableError,
@@ -54536,7 +54908,7 @@ var toolHandlers$1 = {
  * per-request, receiving the full messages array each time.
  */
 
-const Anthropic = require$$0$9;
+const Anthropic = require$$0$a;
 const mcpController$2 = mcpControllerExports;
 const cliController$1 = cliController_1;
 const toolDefinitions = toolDefinitions$1;
@@ -56717,7 +57089,7 @@ var dashboardConfigUtils$1 = {
  */
 
 const fs$1 = require$$0$2;
-const path$4 = require$$1$2;
+const path$4 = require$$1$1;
 const { getStoredToken: getStoredToken$2 } = registryAuthController$2;
 
 const REGISTRY_BASE_URL =
@@ -56992,7 +57364,7 @@ function requireWidgetPublishManifest () {
  * Mirrors dashboardConfigController patterns for ZIP creation, manifest generation,
  * and registry interaction.
  */
-const path$3 = require$$1$2;
+const path$3 = require$$1$1;
 const { app: app$3, dialog: dialog$1 } = require$$0$1;
 const AdmZip$2 = require$$3$2;
 
@@ -57732,7 +58104,7 @@ var themeRegistryController$1 = {
  */
 
 const { app: app$2, dialog } = require$$0$1;
-const path$2 = require$$1$2;
+const path$2 = require$$1$1;
 const AdmZip$1 = require$$3$2;
 const { getFileContents: getFileContents$1 } = file;
 const {
@@ -59701,7 +60073,7 @@ var dashboardConfigController$1 = {
  */
 
 const { Notification } = require$$0$1;
-const Store = require$$1$1;
+const Store = require$$0$6;
 
 const store$1 = new Store({ name: "dash-notifications" });
 
@@ -59954,7 +60326,7 @@ var notificationController_1 = notificationController$2;
  * Multiple widgets referencing the same provider share a single socket.
  */
 
-const WebSocket = require$$0$a;
+const WebSocket = require$$0$b;
 
 /**
  * Active WebSocket connections
@@ -60944,7 +61316,7 @@ clientCache$1.registerFactory("algolia", (credentials) => {
 
 // --- OpenAI ---
 clientCache$1.registerFactory("openai", (credentials) => {
-  const OpenAI = require$$0$6;
+  const OpenAI = require$$0$7;
   return new OpenAI({ apiKey: credentials.apiKey });
 });
 
@@ -60963,7 +61335,7 @@ const MAX_RECENTS = 20;
 let store = null;
 function getStore() {
   if (!store) {
-    const Store = require$$1$1;
+    const Store = require$$0$6;
     store = new Store({ name: "dash-session" });
   }
   return store;
@@ -61148,7 +61520,7 @@ var dashboardRatingsUtils = {
  */
 
 const { app: app$1 } = require$$0$1;
-const path$1 = require$$1$2;
+const path$1 = require$$1$1;
 const { getFileContents, writeToFile } = file;
 const {
   validateAndBuildRating,
@@ -61252,7 +61624,7 @@ var dashboardRatingsController = {
  */
 
 const fs = require$$0$2;
-const path = require$$1$2;
+const path = require$$1$1;
 const AdmZip = require$$3$2;
 const { app } = require$$0$1;
 
@@ -62057,11 +62429,7 @@ var widgetRegistryController = {
  */
 
 const { showDialog, fileChosenError } = dialogController$1;
-const {
-  isEncryptionAvailable,
-  saveData,
-  getData,
-} = secureStoreController$1;
+const { isEncryptionAvailable } = secureStoreController$1;
 const {
   listWorkspacesForApplication,
   saveWorkspaceForApplication,
@@ -62179,8 +62547,6 @@ var controller = {
   showDialog,
   fileChosenError,
   isEncryptionAvailable,
-  saveData,
-  getData,
   listWorkspacesForApplication,
   saveWorkspaceForApplication,
   deleteWorkspaceForApplication,
@@ -62266,21 +62632,28 @@ var controller = {
 };
 
 const { ipcRenderer: ipcRenderer$q } = require$$0$1;
-const {
-  SECURE_STORE_ENCRYPTION_CHECK,
-  SECURE_STORE_SET_DATA,
-  SECURE_STORE_GET_DATA,
-} = events$8;
+const { SECURE_STORE_ENCRYPTION_CHECK } = events$8;
 /**
  * secureStoreApi
- * - for Apple, keychain methods
+ *
+ * Renderer-facing wrapper for the secure-store IPC channels. Currently
+ * exposes only `isEncryptionAvailable` because that's the only channel
+ * with a wired handler in dash-electron's main process.
+ *
+ * `saveData` / `getData` were removed in this slice — the IPC handlers
+ * for `SECURE_STORE_SET_DATA` / `SECURE_STORE_GET_DATA` were never
+ * registered, so the methods silently no-op'd. Worse, they appeared
+ * usable on `mainApi.secureStore` but had no widgetId scoping, so
+ * adding handlers later would have given every widget unscoped access
+ * to every other widget's keys. If you need a widget-facing storage
+ * API in the future, add a `widgetId` parameter and plumb it through a
+ * per-widget gate (see `electron/security/fsGate.js` for the pattern).
+ * The pin in `secureStoreApi.test.js` will fail loudly if the
+ * unscoped methods reappear without a gate.
  */
 const secureStoreApi$2 = {
   isEncryptionAvailable: () =>
     ipcRenderer$q.invoke(SECURE_STORE_ENCRYPTION_CHECK, {}),
-  saveData: (key, value) =>
-    ipcRenderer$q.invoke(SECURE_STORE_SET_DATA, { key, value }),
-  getData: (key) => ipcRenderer$q.invoke(SECURE_STORE_GET_DATA, { key }),
 };
 
 var secureStoreApi_1 = secureStoreApi$2;
@@ -62431,20 +62804,30 @@ const dataApi$2 = {
    * @param {object} options { filename, extension }
    * @param {object} returnEmpty the return empty object
    */
-  saveData: (data, filename, append, returnEmpty, uuid) =>
+  saveData: (data, filename, append, returnEmpty, widgetId = null) =>
     ipcRenderer$n.invoke(DATA_SAVE_TO_FILE, {
       data,
       filename,
       append,
       returnEmpty,
+      widgetId,
     }),
 
   /*
    * readData
    * @param {string} filename the filename to read (not path)
+   * @param {string|null} widgetId Phase 2 JIT consent — the widget's
+   *   package name (e.g. "@trops/notes-summarizer"). Used by the fs
+   *   gate to scope per-widget read access. Null disables the gate
+   *   for legacy callers (`enforceWidgetMcpPermissions` flag still
+   *   gates the gate itself).
    */
-  readData: (filename, returnEmpty = []) =>
-    ipcRenderer$n.invoke(DATA_READ_FROM_FILE, { filename, returnEmpty }),
+  readData: (filename, returnEmpty = [], widgetId = null) =>
+    ipcRenderer$n.invoke(DATA_READ_FROM_FILE, {
+      filename,
+      returnEmpty,
+      widgetId,
+    }),
 
   /**
    * transformFile