@two7722/sentinel-guard 1.1.0

package/dist/crypto/keys.js

@@ -0,0 +1,125 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decodeBase64 = exports.encodeBase64 = void 0;
+exports.getKeyPair = getKeyPair;
+exports.getPublicKeyBase64 = getPublicKeyBase64;
+exports.authChallenge = authChallenge;
+exports.encryptForDevice = encryptForDevice;
+exports.decryptFromDevice = decryptFromDevice;
+exports.getSentinelDir = getSentinelDir;
+const tweetnacl_1 = __importDefault(require("tweetnacl"));
+const tweetnacl_util_1 = require("tweetnacl-util");
+Object.defineProperty(exports, "encodeBase64", { enumerable: true, get: function () { return tweetnacl_util_1.encodeBase64; } });
+Object.defineProperty(exports, "decodeBase64", { enumerable: true, get: function () { return tweetnacl_util_1.decodeBase64; } });
+const crypto_1 = require("crypto");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const os_1 = require("os");
+const SENTINEL_DIR = (0, path_1.join)((0, os_1.homedir)(), '.sentinel');
+const IDENTITY_PATH = (0, path_1.join)(SENTINEL_DIR, 'identity.json');
+// ==================== Identity (Ed25519) ====================
+function ensureDir() {
+    if (!(0, fs_1.existsSync)(SENTINEL_DIR)) {
+        (0, fs_1.mkdirSync)(SENTINEL_DIR, { recursive: true, mode: 0o700 });
+    }
+}
+/**
+ * 首次运行生成 Ed25519 seed（32 随机字节），存 ~/.sentinel/identity.json
+ * 后续直接读取
+ */
+function loadOrCreateSeed() {
+    ensureDir();
+    if ((0, fs_1.existsSync)(IDENTITY_PATH)) {
+        const raw = JSON.parse((0, fs_1.readFileSync)(IDENTITY_PATH, 'utf-8'));
+        return (0, tweetnacl_util_1.decodeBase64)(raw.seed);
+    }
+    const seed = (0, crypto_1.randomBytes)(32);
+    const identity = {
+        seed: (0, tweetnacl_util_1.encodeBase64)(seed),
+        createdAt: new Date().toISOString(),
+    };
+    (0, fs_1.writeFileSync)(IDENTITY_PATH, JSON.stringify(identity, null, 2), { mode: 0o600 });
+    return seed;
+}
+let _seed = null;
+function getSeed() {
+    if (!_seed)
+        _seed = loadOrCreateSeed();
+    return _seed;
+}
+/**
+ * 获取 Ed25519 签名密钥对（从 seed 派生）
+ */
+function getKeyPair() {
+    return tweetnacl_1.default.sign.keyPair.fromSeed(getSeed());
+}
+/**
+ * 公钥 base64
+ */
+function getPublicKeyBase64() {
+    return (0, tweetnacl_util_1.encodeBase64)(getKeyPair().publicKey);
+}
+/**
+ * 生成认证 challenge：
+ * 1. 生成 32 字节随机 challenge
+ * 2. 用 Ed25519 私钥签名
+ * 3. 返回 { challenge, publicKey, signature } — 全部 base64
+ */
+function authChallenge() {
+    const kp = getKeyPair();
+    const challengeBytes = (0, crypto_1.randomBytes)(32);
+    const signature = tweetnacl_1.default.sign.detached(challengeBytes, kp.secretKey);
+    return {
+        challenge: (0, tweetnacl_util_1.encodeBase64)(challengeBytes),
+        publicKey: (0, tweetnacl_util_1.encodeBase64)(kp.publicKey),
+        signature: (0, tweetnacl_util_1.encodeBase64)(signature),
+    };
+}
+// ==================== Encryption (X25519 box) ====================
+/**
+ * 加密数据给目标设备（参考 Happy encryption.ts）：
+ *
+ * 1. 生成 ephemeral X25519 密钥对
+ * 2. 生成 24 字节随机 nonce
+ * 3. nacl.box(data, nonce, recipientPublicKey, ephemeral.secretKey)
+ * 4. 返回: ephemeralPubKey(32) + nonce(24) + encryptedData
+ */
+function encryptForDevice(data, recipientPublicKey) {
+    const ephemeral = tweetnacl_1.default.box.keyPair();
+    const nonce = (0, crypto_1.randomBytes)(24);
+    const encrypted = tweetnacl_1.default.box(data, nonce, recipientPublicKey, ephemeral.secretKey);
+    if (!encrypted)
+        throw new Error('Encryption failed');
+    // concat: ephemeralPubKey(32) + nonce(24) + encrypted
+    const bundle = new Uint8Array(32 + 24 + encrypted.length);
+    bundle.set(ephemeral.publicKey, 0);
+    bundle.set(nonce, 32);
+    bundle.set(encrypted, 56);
+    return bundle;
+}
+/**
+ * 解密来自设备的数据（反向 encryptForDevice）：
+ *
+ * 1. 提取 ephemeralPubKey(32) + nonce(24) + encryptedData
+ * 2. nacl.box.open(encryptedData, nonce, ephemeralPubKey, mySecretKey)
+ */
+function decryptFromDevice(bundle, mySecretKey) {
+    if (bundle.length < 57)
+        throw new Error('Bundle too short');
+    const ephemeralPubKey = bundle.slice(0, 32);
+    const nonce = bundle.slice(32, 56);
+    const ciphertext = bundle.slice(56);
+    const decrypted = tweetnacl_1.default.box.open(ciphertext, nonce, ephemeralPubKey, mySecretKey);
+    if (!decrypted)
+        throw new Error('Decryption failed — invalid key or corrupted data');
+    return decrypted;
+}
+// ==================== Helpers ====================
+function getSentinelDir() {
+    ensureDir();
+    return SENTINEL_DIR;
+}
+//# sourceMappingURL=keys.js.map

package/dist/crypto/keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keys.js","sourceRoot":"","sources":["../../src/crypto/keys.ts"],"names":[],"mappings":";;;;;;AAsDA,gCAEC;AAKD,gDAEC;AAgBD,sCAUC;AAYD,4CAgBC;AAQD,8CAcC;AAID,wCAGC;AAlJD,0DAA6B;AAC7B,mDAA4D;AAmJnD,6FAnJA,6BAAY,OAmJA;AAAE,6FAnJA,6BAAY,OAmJA;AAlJnC,mCAAqC;AACrC,2BAAwE;AACxE,+BAA4B;AAC5B,2BAA6B;AAE7B,MAAM,YAAY,GAAG,IAAA,WAAI,EAAC,IAAA,YAAO,GAAE,EAAE,WAAW,CAAC,CAAC;AAClD,MAAM,aAAa,GAAG,IAAA,WAAI,EAAC,YAAY,EAAE,eAAe,CAAC,CAAC;AAO1D,+DAA+D;AAE/D,SAAS,SAAS;IAChB,IAAI,CAAC,IAAA,eAAU,EAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,IAAA,cAAS,EAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB;IACvB,SAAS,EAAE,CAAC;IAEZ,IAAI,IAAA,eAAU,EAAC,aAAa,CAAC,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,aAAa,EAAE,OAAO,CAAC,CAAiB,CAAC;QAC7E,OAAO,IAAA,6BAAY,EAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChC,CAAC;IAED,MAAM,IAAI,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;IAC7B,MAAM,QAAQ,GAAiB;QAC7B,IAAI,EAAE,IAAA,6BAAY,EAAC,IAAI,CAAC;QACxB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IACF,IAAA,kBAAa,EAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACjF,OAAO,IAAI,CAAC;AACd,CAAC;AAED,IAAI,KAAK,GAAsB,IAAI,CAAC;AAEpC,SAAS,OAAO;IACd,IAAI,CAAC,KAAK;QAAE,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACvC,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU;IACxB,OAAO,mBAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB;IAChC,OAAO,IAAA,6BAAY,EAAC,UAAU,EAAE,CAAC,SAAS,CAAC,CAAC;AAC9C,CAAC;AAUD;;;;;GAKG;AACH,SAAgB,aAAa;IAC3B,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,MAAM,cAAc,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,mBAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC;IAEnE,OAAO;QACL,SAAS,EAAE,IAAA,6BAAY,EAAC,cAAc,CAAC;QACvC,SAAS,EAAE,IAAA,6BAAY,EAAC,EAAE,CAAC,SAAS,CAAC;QACrC,SAAS,EAAE,IAAA,6BAAY,EAAC,SAAS,CAAC;KACnC,CAAC;AACJ,CAAC;AAED,oEAAoE;AAEpE;;;;;;;GAOG;AACH,SAAgB,gBAAgB,CAC9B,IAAgB,EAChB,kBAA8B;IAE9B,MAAM,SAAS,GAAG,mBAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC;IAE9B,MAAM,SAAS,GAAG,mBAAI,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,kBAAkB,EAAE,SAAS,CAAC,SAAS,CAAC,CAAC;IACjF,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IAErD,sDAAsD;IACtD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,GAAG,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1D,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IACnC,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACtB,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC1B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAC/B,MAAkB,EAClB,WAAuB;IAEvB,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAE5D,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAEpC,MAAM,SAAS,GAAG,mBAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,eAAe,EAAE,WAAW,CAAC,CAAC;IACjF,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IAErF,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,oDAAoD;AAEpD,SAAgB,cAAc;IAC5B,SAAS,EAAE,CAAC;IACZ,OAAO,YAAY,CAAC;AACtB,CAAC"}

package/dist/crypto/transport-encryption.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Transport encryption using NaCl secretbox (XSalsa20-Poly1305).
+ * Shared key generated on first start, stored in ~/.sentinel/transport.key.
+ * iOS receives the key during Bonjour handshake.
+ */
+/** Get or create the 32-byte shared transport key */
+export declare function getTransportKey(): Uint8Array;
+/** Encrypt a JSON message string. Returns base64(nonce + ciphertext) */
+export declare function encryptMessage(plaintext: string, key: Uint8Array): string;
+/** Decrypt a base64-encoded message. Returns the JSON string */
+export declare function decryptMessage(encoded: string, key: Uint8Array): string | null;
+/** Get transport key as base64 (for sharing with iOS during handshake) */
+export declare function getTransportKeyBase64(): string;

package/dist/crypto/transport-encryption.js

@@ -0,0 +1,62 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getTransportKey = getTransportKey;
+exports.encryptMessage = encryptMessage;
+exports.decryptMessage = decryptMessage;
+exports.getTransportKeyBase64 = getTransportKeyBase64;
+const tweetnacl_1 = __importDefault(require("tweetnacl"));
+const tweetnacl_util_1 = require("tweetnacl-util");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const keys_1 = require("./keys");
+const SHARED_KEY_PATH = (0, path_1.join)((0, keys_1.getSentinelDir)(), 'transport.key');
+/**
+ * Transport encryption using NaCl secretbox (XSalsa20-Poly1305).
+ * Shared key generated on first start, stored in ~/.sentinel/transport.key.
+ * iOS receives the key during Bonjour handshake.
+ */
+/** Get or create the 32-byte shared transport key */
+function getTransportKey() {
+    if ((0, fs_1.existsSync)(SHARED_KEY_PATH)) {
+        return (0, tweetnacl_util_1.decodeBase64)((0, fs_1.readFileSync)(SHARED_KEY_PATH, 'utf-8').trim());
+    }
+    const key = tweetnacl_1.default.randomBytes(32);
+    (0, fs_1.writeFileSync)(SHARED_KEY_PATH, (0, tweetnacl_util_1.encodeBase64)(key), { mode: 0o600 });
+    return key;
+}
+/** Encrypt a JSON message string. Returns base64(nonce + ciphertext) */
+function encryptMessage(plaintext, key) {
+    const nonce = tweetnacl_1.default.randomBytes(24);
+    const msgBytes = new TextEncoder().encode(plaintext);
+    const encrypted = tweetnacl_1.default.secretbox(msgBytes, nonce, key);
+    // Concat nonce(24) + ciphertext
+    const combined = new Uint8Array(24 + encrypted.length);
+    combined.set(nonce, 0);
+    combined.set(encrypted, 24);
+    return (0, tweetnacl_util_1.encodeBase64)(combined);
+}
+/** Decrypt a base64-encoded message. Returns the JSON string */
+function decryptMessage(encoded, key) {
+    try {
+        const combined = (0, tweetnacl_util_1.decodeBase64)(encoded);
+        if (combined.length < 25)
+            return null;
+        const nonce = combined.slice(0, 24);
+        const ciphertext = combined.slice(24);
+        const decrypted = tweetnacl_1.default.secretbox.open(ciphertext, nonce, key);
+        if (!decrypted)
+            return null;
+        return new TextDecoder().decode(decrypted);
+    }
+    catch {
+        return null;
+    }
+}
+/** Get transport key as base64 (for sharing with iOS during handshake) */
+function getTransportKeyBase64() {
+    return (0, tweetnacl_util_1.encodeBase64)(getTransportKey());
+}
+//# sourceMappingURL=transport-encryption.js.map

package/dist/crypto/transport-encryption.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transport-encryption.js","sourceRoot":"","sources":["../../src/crypto/transport-encryption.ts"],"names":[],"mappings":";;;;;AAgBA,0CAOC;AAGD,wCAWC;AAGD,wCAcC;AAGD,sDAEC;AA3DD,0DAA6B;AAC7B,mDAA4D;AAE5D,2BAA6D;AAC7D,+BAA4B;AAC5B,iCAAwC;AAExC,MAAM,eAAe,GAAG,IAAA,WAAI,EAAC,IAAA,qBAAc,GAAE,EAAE,eAAe,CAAC,CAAC;AAEhE;;;;GAIG;AAEH,qDAAqD;AACrD,SAAgB,eAAe;IAC7B,IAAI,IAAA,eAAU,EAAC,eAAe,CAAC,EAAE,CAAC;QAChC,OAAO,IAAA,6BAAY,EAAC,IAAA,iBAAY,EAAC,eAAe,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,GAAG,GAAG,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IACjC,IAAA,kBAAa,EAAC,eAAe,EAAE,IAAA,6BAAY,EAAC,GAAG,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACnE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,wEAAwE;AACxE,SAAgB,cAAc,CAAC,SAAiB,EAAE,GAAe;IAC/D,MAAM,KAAK,GAAG,mBAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,mBAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IAEvD,gCAAgC;IAChC,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IACvD,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACvB,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAE5B,OAAO,IAAA,6BAAY,EAAC,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED,gEAAgE;AAChE,SAAgB,cAAc,CAAC,OAAe,EAAE,GAAe;IAC7D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAA,6BAAY,EAAC,OAAO,CAAC,CAAC;QACvC,IAAI,QAAQ,CAAC,MAAM,GAAG,EAAE;YAAE,OAAO,IAAI,CAAC;QAEtC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACpC,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACtC,MAAM,SAAS,GAAG,mBAAI,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9D,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAE5B,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,0EAA0E;AAC1E,SAAgB,qBAAqB;IACnC,OAAO,IAAA,6BAAY,EAAC,eAAe,EAAE,CAAC,CAAC;AACzC,CAAC"}

package/dist/install/setup.d.ts

@@ -0,0 +1,2 @@
+export declare function installHook(port?: number): void;
+export declare function uninstallHook(port?: number): void;

package/dist/install/setup.js

@@ -0,0 +1,80 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.installHook = installHook;
+exports.uninstallHook = uninstallHook;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const os_1 = require("os");
+const logger_1 = require("../lib/logger");
+const CLAUDE_DIR = (0, path_1.join)((0, os_1.homedir)(), '.claude');
+const SETTINGS_PATH = (0, path_1.join)(CLAUDE_DIR, 'settings.json');
+const HOOK_TYPES = ['PreToolUse', 'PostToolUse', 'Notification', 'Stop'];
+function makeHookEntry(port, endpoint) {
+    return {
+        hooks: [{
+                type: 'command',
+                command: `curl -s -X POST http://localhost:${port}${endpoint} -H 'Content-Type: application/json' -d @-`,
+            }],
+    };
+}
+function installHook(port = 7749) {
+    if (!(0, fs_1.existsSync)(CLAUDE_DIR)) {
+        (0, fs_1.mkdirSync)(CLAUDE_DIR, { recursive: true });
+    }
+    let settings = {};
+    if ((0, fs_1.existsSync)(SETTINGS_PATH)) {
+        try {
+            settings = JSON.parse((0, fs_1.readFileSync)(SETTINGS_PATH, 'utf-8'));
+        }
+        catch { }
+    }
+    // Check if already installed
+    const existing = JSON.stringify(settings.hooks ?? {});
+    if (existing.includes(`localhost:${port}/hook`)) {
+        logger_1.log.info('Sentinel hooks already installed');
+        return;
+    }
+    if (!settings.hooks)
+        settings.hooks = {};
+    // PreToolUse → /hook (approval), others → /event (fire-and-forget)
+    const hookMap = {
+        PreToolUse: '/hook',
+        PostToolUse: '/event',
+        Notification: '/event',
+        Stop: '/event',
+    };
+    for (const [hookType, endpoint] of Object.entries(hookMap)) {
+        if (!Array.isArray(settings.hooks[hookType])) {
+            settings.hooks[hookType] = [];
+        }
+        settings.hooks[hookType].push(makeHookEntry(port, endpoint));
+    }
+    (0, fs_1.writeFileSync)(SETTINGS_PATH, JSON.stringify(settings, null, 2));
+    logger_1.log.success('Hooks installed (PreToolUse, PostToolUse, Notification, Stop)');
+    logger_1.log.dim(`  Config: ${SETTINGS_PATH}`);
+}
+function uninstallHook(port = 7749) {
+    if (!(0, fs_1.existsSync)(SETTINGS_PATH))
+        return;
+    try {
+        const settings = JSON.parse((0, fs_1.readFileSync)(SETTINGS_PATH, 'utf-8'));
+        if (!settings.hooks)
+            return;
+        for (const hookType of Object.keys(settings.hooks)) {
+            if (Array.isArray(settings.hooks[hookType])) {
+                settings.hooks[hookType] = settings.hooks[hookType].filter((entry) => {
+                    const hooks = entry?.hooks;
+                    if (!Array.isArray(hooks))
+                        return true;
+                    return !hooks.some((h) => h.type === 'command' && typeof h.command === 'string' && h.command.includes(`localhost:${port}`));
+                });
+            }
+        }
+        (0, fs_1.writeFileSync)(SETTINGS_PATH, JSON.stringify(settings, null, 2));
+        logger_1.log.success('All Sentinel hooks removed');
+    }
+    catch {
+        logger_1.log.warn('Could not update settings.json');
+    }
+}
+//# sourceMappingURL=setup.js.map

package/dist/install/setup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.js","sourceRoot":"","sources":["../../src/install/setup.ts"],"names":[],"mappings":";;AAmBA,kCAqCC;AAED,sCA0BC;AApFD,2BAAwE;AACxE,+BAA4B;AAC5B,2BAA6B;AAC7B,0CAAoC;AAEpC,MAAM,UAAU,GAAG,IAAA,WAAI,EAAC,IAAA,YAAO,GAAE,EAAE,SAAS,CAAC,CAAC;AAC9C,MAAM,aAAa,GAAG,IAAA,WAAI,EAAC,UAAU,EAAE,eAAe,CAAC,CAAC;AAExD,MAAM,UAAU,GAAG,CAAC,YAAY,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,CAAU,CAAC;AAElF,SAAS,aAAa,CAAC,IAAY,EAAE,QAAgB;IACnD,OAAO;QACL,KAAK,EAAE,CAAC;gBACN,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,oCAAoC,IAAI,GAAG,QAAQ,4CAA4C;aACzG,CAAC;KACH,CAAC;AACJ,CAAC;AAED,SAAgB,WAAW,CAAC,OAAe,IAAI;IAC7C,IAAI,CAAC,IAAA,eAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,IAAA,cAAS,EAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,QAAQ,GAAwB,EAAE,CAAC;IACvC,IAAI,IAAA,eAAU,EAAC,aAAa,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC;YAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IAC/E,CAAC;IAED,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IACtD,IAAI,QAAQ,CAAC,QAAQ,CAAC,aAAa,IAAI,OAAO,CAAC,EAAE,CAAC;QAChD,YAAG,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,IAAI,CAAC,QAAQ,CAAC,KAAK;QAAE,QAAQ,CAAC,KAAK,GAAG,EAAE,CAAC;IAEzC,mEAAmE;IACnE,MAAM,OAAO,GAA2B;QACtC,UAAU,EAAE,OAAO;QACnB,WAAW,EAAE,QAAQ;QACrB,YAAY,EAAE,QAAQ;QACtB,IAAI,EAAE,QAAQ;KACf,CAAC;IAEF,KAAK,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAC7C,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;QAChC,CAAC;QACD,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED,IAAA,kBAAa,EAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAChE,YAAG,CAAC,OAAO,CAAC,+DAA+D,CAAC,CAAC;IAC7E,YAAG,CAAC,GAAG,CAAC,aAAa,aAAa,EAAE,CAAC,CAAC;AACxC,CAAC;AAED,SAAgB,aAAa,CAAC,OAAe,IAAI;IAC/C,IAAI,CAAC,IAAA,eAAU,EAAC,aAAa,CAAC;QAAE,OAAO;IAEvC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC;QAClE,IAAI,CAAC,QAAQ,CAAC,KAAK;YAAE,OAAO;QAE5B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACnD,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;gBAC5C,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,MAAM,CACxD,CAAC,KAAU,EAAE,EAAE;oBACb,MAAM,KAAK,GAAG,KAAK,EAAE,KAAK,CAAC;oBAC3B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;wBAAE,OAAO,IAAI,CAAC;oBACvC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAC5B,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa,IAAI,EAAE,CAAC,CACjG,CAAC;gBACJ,CAAC,CACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAA,kBAAa,EAAC,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAChE,YAAG,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,YAAG,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC"}

package/dist/lib/budget.d.ts

@@ -0,0 +1,14 @@
+export declare function setBudgetLimit(amount: number): void;
+export declare function getBudgetLimit(): number;
+export declare function getTodaySpend(): number;
+/** Estimate cost for a specific tool call */
+export declare function estimateToolCost(toolName: string): number;
+export declare function isOverBudget(): boolean;
+export declare function getBudgetStatus(): {
+    limit: number;
+    spent: number;
+    remaining: number;
+    overBudget: boolean;
+    calls: number;
+};
+export declare function resetTodayBudget(): void;

package/dist/lib/budget.js

@@ -0,0 +1,93 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setBudgetLimit = setBudgetLimit;
+exports.getBudgetLimit = getBudgetLimit;
+exports.getTodaySpend = getTodaySpend;
+exports.estimateToolCost = estimateToolCost;
+exports.isOverBudget = isOverBudget;
+exports.getBudgetStatus = getBudgetStatus;
+exports.resetTodayBudget = resetTodayBudget;
+const fs_1 = require("fs");
+const path_1 = require("path");
+const keys_1 = require("../crypto/keys");
+const history_1 = require("./history");
+const BUDGET_PATH = (0, path_1.join)((0, keys_1.getSentinelDir)(), 'budget.json');
+// Per-tool cost estimation (input + output tokens)
+// Based on typical Claude Sonnet usage patterns
+const TOOL_COST_ESTIMATES = {
+    Bash: { input: 800, output: 500 }, // commands + output
+    Write: { input: 600, output: 300 }, // file content
+    Edit: { input: 500, output: 200 }, // partial edits
+    Read: { input: 200, output: 800 }, // small request, large file
+    Glob: { input: 200, output: 300 },
+    Grep: { input: 300, output: 400 },
+};
+const DEFAULT_TOOL_ESTIMATE = { input: 500, output: 200 };
+function estimateCost(toolName, config) {
+    const est = TOOL_COST_ESTIMATES[toolName] ?? DEFAULT_TOOL_ESTIMATE;
+    return (est.input / 1_000_000) * config.inputCostPerM +
+        (est.output / 1_000_000) * config.outputCostPerM;
+}
+const DEFAULT_CONFIG = {
+    dailyLimit: 5.0,
+    currency: 'USD',
+    inputCostPerM: 3.0, // Claude Sonnet
+    outputCostPerM: 15.0, // Claude Sonnet
+};
+function loadBudget() {
+    if (!(0, fs_1.existsSync)(BUDGET_PATH))
+        return { ...DEFAULT_CONFIG };
+    try {
+        const saved = JSON.parse((0, fs_1.readFileSync)(BUDGET_PATH, 'utf-8'));
+        return { ...DEFAULT_CONFIG, ...saved };
+    }
+    catch {
+        return { ...DEFAULT_CONFIG };
+    }
+}
+function saveBudget(config) {
+    (0, fs_1.writeFileSync)(BUDGET_PATH, JSON.stringify(config, null, 2), { mode: 0o600 });
+}
+function setBudgetLimit(amount) {
+    const config = loadBudget();
+    config.dailyLimit = amount;
+    saveBudget(config);
+}
+function getBudgetLimit() {
+    return loadBudget().dailyLimit;
+}
+function getTodaySpend() {
+    const stats = (0, history_1.getTodayStats)();
+    const config = loadBudget();
+    // Use a weighted average estimate per call
+    const avgCost = estimateCost('_average', config);
+    const calls = stats.allowed + stats.autoAllow;
+    return calls * avgCost;
+}
+/** Estimate cost for a specific tool call */
+function estimateToolCost(toolName) {
+    const config = loadBudget();
+    return estimateCost(toolName, config);
+}
+function isOverBudget() {
+    return getTodaySpend() >= getBudgetLimit();
+}
+function getBudgetStatus() {
+    const limit = getBudgetLimit();
+    const spent = getTodaySpend();
+    const stats = (0, history_1.getTodayStats)();
+    return {
+        limit,
+        spent,
+        remaining: Math.max(0, limit - spent),
+        overBudget: spent >= limit,
+        calls: stats.allowed + stats.autoAllow,
+    };
+}
+function resetTodayBudget() {
+    // Budget reset = just info, actual history stays
+    // The stats are derived from history which filters by today's date
+    // So "reset" means clearing today's history entries
+    // For simplicity, we just note the reset — actual cost tracking continues
+}
+//# sourceMappingURL=budget.js.map

package/dist/lib/budget.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"budget.js","sourceRoot":"","sources":["../../src/lib/budget.ts"],"names":[],"mappings":";;AAsDA,wCAIC;AAED,wCAEC;AAED,sCAOC;AAGD,4CAGC;AAED,oCAEC;AAED,0CAWC;AAED,4CAKC;AArGD,2BAA6D;AAC7D,+BAA4B;AAC5B,yCAAgD;AAChD,uCAA0C;AAE1C,MAAM,WAAW,GAAG,IAAA,WAAI,EAAC,IAAA,qBAAc,GAAE,EAAE,aAAa,CAAC,CAAC;AAE1D,mDAAmD;AACnD,gDAAgD;AAChD,MAAM,mBAAmB,GAAsD;IAC7E,IAAI,EAAG,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,EAAI,oBAAoB;IAC1D,KAAK,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,EAAI,eAAe;IACrD,IAAI,EAAG,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,EAAI,gBAAgB;IACtD,IAAI,EAAG,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,EAAI,4BAA4B;IAClE,IAAI,EAAG,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE;IAClC,IAAI,EAAG,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE;CACnC,CAAC;AACF,MAAM,qBAAqB,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AAU1D,SAAS,YAAY,CAAC,QAAgB,EAAE,MAAoB;IAC1D,MAAM,GAAG,GAAG,mBAAmB,CAAC,QAAQ,CAAC,IAAI,qBAAqB,CAAC;IACnE,OAAO,CAAC,GAAG,CAAC,KAAK,GAAG,SAAS,CAAC,GAAG,MAAM,CAAC,aAAa;QAC9C,CAAC,GAAG,CAAC,MAAM,GAAG,SAAS,CAAC,GAAG,MAAM,CAAC,cAAc,CAAC;AAC1D,CAAC;AAED,MAAM,cAAc,GAAiB;IACnC,UAAU,EAAE,GAAG;IACf,QAAQ,EAAE,KAAK;IACf,aAAa,EAAE,GAAG,EAAK,gBAAgB;IACvC,cAAc,EAAE,IAAI,EAAG,gBAAgB;CACxC,CAAC;AAEF,SAAS,UAAU;IACjB,IAAI,CAAC,IAAA,eAAU,EAAC,WAAW,CAAC;QAAE,OAAO,EAAE,GAAG,cAAc,EAAE,CAAC;IAC3D,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,iBAAY,EAAC,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;QAC7D,OAAO,EAAE,GAAG,cAAc,EAAE,GAAG,KAAK,EAAE,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,GAAG,cAAc,EAAE,CAAC;IAC/B,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,MAAoB;IACtC,IAAA,kBAAa,EAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAgB,cAAc,CAAC,MAAc;IAC3C,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,CAAC,UAAU,GAAG,MAAM,CAAC;IAC3B,UAAU,CAAC,MAAM,CAAC,CAAC;AACrB,CAAC;AAED,SAAgB,cAAc;IAC5B,OAAO,UAAU,EAAE,CAAC,UAAU,CAAC;AACjC,CAAC;AAED,SAAgB,aAAa;IAC3B,MAAM,KAAK,GAAG,IAAA,uBAAa,GAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,2CAA2C;IAC3C,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACjD,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC;IAC9C,OAAO,KAAK,GAAG,OAAO,CAAC;AACzB,CAAC;AAED,6CAA6C;AAC7C,SAAgB,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,OAAO,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AACxC,CAAC;AAED,SAAgB,YAAY;IAC1B,OAAO,aAAa,EAAE,IAAI,cAAc,EAAE,CAAC;AAC7C,CAAC;AAED,SAAgB,eAAe;IAC7B,MAAM,KAAK,GAAG,cAAc,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,KAAK,GAAG,IAAA,uBAAa,GAAE,CAAC;IAC9B,OAAO;QACL,KAAK;QACL,KAAK;QACL,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC;QACrC,UAAU,EAAE,KAAK,IAAI,KAAK;QAC1B,KAAK,EAAE,KAAK,CAAC,OAAO,GAAG,KAAK,CAAC,SAAS;KACvC,CAAC;AACJ,CAAC;AAED,SAAgB,gBAAgB;IAC9B,iDAAiD;IACjD,mEAAmE;IACnE,oDAAoD;IACpD,0EAA0E;AAC5E,CAAC"}

package/dist/lib/claude-process.d.ts

@@ -0,0 +1,16 @@
+export declare function isClaudeRunning(): boolean;
+/**
+ * Spawn Claude Code as a managed child process.
+ * stdio: 'inherit' so Claude gets a real TTY and runs in interactive mode.
+ * SIGINT can be sent via interruptClaude() to stop mid-task.
+ * On exit (unless shutting down), auto-restarts with --continue.
+ * @param args Extra args passed to `claude` on first launch
+ */
+export declare function startClaude(args?: string[]): void;
+/**
+ * Send SIGINT to the running Claude process (equivalent to Ctrl+C).
+ * Returns false if Claude is not running.
+ */
+export declare function interruptClaude(): boolean;
+/** Kill Claude process on sentinel shutdown. */
+export declare function stopClaude(): void;

package/dist/lib/claude-process.js

@@ -0,0 +1,98 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isClaudeRunning = isClaudeRunning;
+exports.startClaude = startClaude;
+exports.interruptClaude = interruptClaude;
+exports.stopClaude = stopClaude;
+// packages/sentinel-cli/src/lib/claude-process.ts
+const child_process_1 = require("child_process");
+const logger_1 = require("./logger");
+let child = null;
+let shuttingDown = false;
+let spawnCwd = process.cwd();
+let restartCount = 0;
+let lastExitTime = 0;
+function isClaudeRunning() {
+    return child !== null && !child.killed && child.exitCode === null;
+}
+/**
+ * Spawn Claude Code as a managed child process.
+ * stdio: 'inherit' so Claude gets a real TTY and runs in interactive mode.
+ * SIGINT can be sent via interruptClaude() to stop mid-task.
+ * On exit (unless shutting down), auto-restarts with --continue.
+ * @param args Extra args passed to `claude` on first launch
+ */
+function startClaude(args = []) {
+    if (isClaudeRunning()) {
+        logger_1.log.warn('[claude-process] Already running — ignoring startClaude call');
+        return;
+    }
+    shuttingDown = false;
+    restartCount = 0;
+    lastExitTime = 0;
+    spawnCwd = process.cwd();
+    spawnClaude(args);
+}
+function spawnClaude(args) {
+    (0, logger_1.silenceForClaude)(); // suppress sentinel logs while Claude TUI is active
+    logger_1.log.info(`[claude-process] Spawning: claude ${args.join(' ')}`);
+    child = (0, child_process_1.spawn)('claude', args, {
+        stdio: 'inherit',
+        cwd: spawnCwd,
+        env: { ...process.env },
+    });
+    child.on('exit', (code) => {
+        (0, logger_1.unsilence)(); // restore terminal logs between Claude sessions
+        logger_1.log.info(`[claude-process] Exited with code ${code}`);
+        child = null;
+        if (!shuttingDown) {
+            const now = Date.now();
+            const elapsed = now - lastExitTime;
+            lastExitTime = now;
+            // Reset counter if Claude ran for more than 10 seconds
+            if (elapsed > 10_000) {
+                restartCount = 0;
+            }
+            else {
+                restartCount++;
+            }
+            // Exponential backoff: 500ms, 1s, 2s, 4s... max 30s
+            const delay = Math.min(500 * Math.pow(2, restartCount - 1), 30_000);
+            if (restartCount > 1) {
+                logger_1.log.warn(`[claude-process] Fast exit detected (${restartCount}x). Restarting in ${delay}ms...`);
+            }
+            setTimeout(() => {
+                if (!shuttingDown) {
+                    logger_1.log.info('[claude-process] Restarting with --continue...');
+                    spawnClaude(['--continue']);
+                }
+            }, delay);
+        }
+    });
+    child.on('error', (err) => {
+        logger_1.log.error(`[claude-process] Spawn error: ${err.message}`);
+        child = null;
+    });
+}
+/**
+ * Send SIGINT to the running Claude process (equivalent to Ctrl+C).
+ * Returns false if Claude is not running.
+ */
+function interruptClaude() {
+    if (!isClaudeRunning()) {
+        logger_1.log.warn('[claude-process] interruptClaude called but no process running');
+        return false;
+    }
+    logger_1.log.info('[claude-process] Sending SIGINT to Claude');
+    child.kill('SIGINT');
+    return true;
+}
+/** Kill Claude process on sentinel shutdown. */
+function stopClaude() {
+    shuttingDown = true;
+    if (child && !child.killed) {
+        child.kill('SIGTERM');
+        child = null;
+    }
+}
+//# sourceMappingURL=claude-process.js.map

package/dist/lib/claude-process.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"claude-process.js","sourceRoot":"","sources":["../../src/lib/claude-process.ts"],"names":[],"mappings":";;AAUA,0CAEC;AASD,kCAWC;AAsDD,0CAQC;AAGD,gCAMC;AAvGD,kDAAkD;AAClD,iDAAyD;AACzD,qCAA4D;AAE5D,IAAI,KAAK,GAAwB,IAAI,CAAC;AACtC,IAAI,YAAY,GAAG,KAAK,CAAC;AACzB,IAAI,QAAQ,GAAW,OAAO,CAAC,GAAG,EAAE,CAAC;AACrC,IAAI,YAAY,GAAG,CAAC,CAAC;AACrB,IAAI,YAAY,GAAG,CAAC,CAAC;AAErB,SAAgB,eAAe;IAC7B,OAAO,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,QAAQ,KAAK,IAAI,CAAC;AACpE,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,WAAW,CAAC,OAAiB,EAAE;IAC7C,IAAI,eAAe,EAAE,EAAE,CAAC;QACtB,YAAG,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAC;QACzE,OAAO;IACT,CAAC;IAED,YAAY,GAAG,KAAK,CAAC;IACrB,YAAY,GAAG,CAAC,CAAC;IACjB,YAAY,GAAG,CAAC,CAAC;IACjB,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IACzB,WAAW,CAAC,IAAI,CAAC,CAAC;AACpB,CAAC;AAED,SAAS,WAAW,CAAC,IAAc;IACjC,IAAA,yBAAgB,GAAE,CAAC,CAAC,oDAAoD;IACxE,YAAG,CAAC,IAAI,CAAC,qCAAqC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhE,KAAK,GAAG,IAAA,qBAAK,EAAC,QAAQ,EAAE,IAAI,EAAE;QAC5B,KAAK,EAAE,SAAS;QAChB,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE;KACxB,CAAC,CAAC;IAEH,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;QACxB,IAAA,kBAAS,GAAE,CAAC,CAAC,gDAAgD;QAC7D,YAAG,CAAC,IAAI,CAAC,qCAAqC,IAAI,EAAE,CAAC,CAAC;QACtD,KAAK,GAAG,IAAI,CAAC;QAEb,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,GAAG,GAAG,YAAY,CAAC;YACnC,YAAY,GAAG,GAAG,CAAC;YAEnB,uDAAuD;YACvD,IAAI,OAAO,GAAG,MAAM,EAAE,CAAC;gBACrB,YAAY,GAAG,CAAC,CAAC;YACnB,CAAC;iBAAM,CAAC;gBACN,YAAY,EAAE,CAAC;YACjB,CAAC;YAED,oDAAoD;YACpD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,YAAY,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;YACpE,IAAI,YAAY,GAAG,CAAC,EAAE,CAAC;gBACrB,YAAG,CAAC,IAAI,CAAC,wCAAwC,YAAY,qBAAqB,KAAK,OAAO,CAAC,CAAC;YAClG,CAAC;YAED,UAAU,CAAC,GAAG,EAAE;gBACd,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,YAAG,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;oBAC3D,WAAW,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;gBAC9B,CAAC;YACH,CAAC,EAAE,KAAK,CAAC,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;QACxB,YAAG,CAAC,KAAK,CAAC,iCAAiC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QAC1D,KAAK,GAAG,IAAI,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,SAAgB,eAAe;IAC7B,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;QACvB,YAAG,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;QAC3E,OAAO,KAAK,CAAC;IACf,CAAC;IACD,YAAG,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IACtD,KAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,gDAAgD;AAChD,SAAgB,UAAU;IACxB,YAAY,GAAG,IAAI,CAAC;IACpB,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACtB,KAAK,GAAG,IAAI,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/lib/daemon.d.ts

@@ -0,0 +1,6 @@
+export declare function daemonStart(mode: string, port: number, serverUrl?: string): void;
+export declare function daemonStop(): void;
+export declare function daemonStatus(): Promise<void>;
+export declare function daemonRestart(mode: string, port: number, serverUrl?: string): void;
+/** Generate macOS launchd plist for auto-start */
+export declare function daemonInstallLaunchd(mode: string, port: number): void;