@vaultcompass/vault-guard 1.0.0

package/dist/commands/data.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Options for {@link dataStatusCommand}.
+ *
+ * `dbPath` overrides the default `~/.vault-guard/usage.sqlite` location and
+ * exists primarily for tests. Production callers should leave it undefined.
+ */
+export interface DataStatusOptions {
+    json?: boolean;
+    dbPath?: string;
+}
+/**
+ * Options for {@link dataResetCommand}.
+ *
+ * - `yes` skips the interactive `y/N` prompt. Required for non-interactive
+ *   contexts (CI, scripts).
+ * - `dryRun` reports what would be deleted without touching the filesystem.
+ * - `confirmFn` is a test seam — when omitted the command reads from stdin.
+ */
+export interface DataResetOptions {
+    yes?: boolean;
+    dryRun?: boolean;
+    json?: boolean;
+    dbPath?: string;
+    confirmFn?: () => Promise<boolean>;
+}
+/**
+ * Options for {@link dataExportCommand}. `output` is the destination path
+ * (a file; `-` is not currently supported — keeps the implementation honest
+ * about file permissions and atomic writes).
+ */
+export interface DataExportOptions {
+    output: string;
+    format?: 'json' | 'jsonl';
+    dbPath?: string;
+}
+/**
+ * Print a privacy-respecting summary of the local telemetry database.
+ *
+ * Prefers JSON when `options.json` is true. Returns the process exit code.
+ * Returns 2 (not 1) when telemetry is unavailable so callers can distinguish
+ * "expected degradation" from "real failure".
+ */
+export declare function dataStatusCommand(options?: DataStatusOptions): Promise<number>;
+/**
+ * Delete `~/.vault-guard/usage.sqlite` and its WAL/SHM/journal sidecars.
+ *
+ * Safety:
+ *   - Interactive `y/N` prompt unless `--yes`. Refuses to proceed when
+ *     stdin is not a TTY and `--yes` was not passed (prevents accidental
+ *     pipe-driven nukes in CI).
+ *   - `--dry-run` prints the plan without touching the filesystem.
+ *   - Only deletes the four expected files; never `rm -rf`s the directory.
+ *
+ * Returns the process exit code.
+ */
+export declare function dataResetCommand(options?: DataResetOptions): Promise<number>;
+/**
+ * Export the raw contents of `usage_events` and `session_events` to a file.
+ *
+ * **Privacy note:** unlike `data status`, the export includes the `cwd`
+ * column as persisted (64-char **HMAC-SHA256** digests — not plaintext paths).
+ * The user explicitly chose the output path; nothing is transmitted off-device.
+ *
+ * Returns the process exit code.
+ */
+export declare function dataExportCommand(options: DataExportOptions): Promise<number>;
+//# sourceMappingURL=data.d.ts.map

package/dist/commands/data.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"data.d.ts","sourceRoot":"","sources":["../../src/commands/data.ts"],"names":[],"mappings":"AAaA;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,gBAAgB;IAC/B,GAAG,CAAC,EAAE,OAAO,CAAC;IACd,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;CACpC;AAED;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,GAAE,iBAAsB,GAAG,OAAO,CAAC,MAAM,CAAC,CAyCxF;AA4BD;;;;;;;;;;;GAWG;AACH,wBAAsB,gBAAgB,CAAC,OAAO,GAAE,gBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC,CAgGtF;AA4BD;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,CA8CnF"}

package/dist/commands/data.js

@@ -0,0 +1,294 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.dataStatusCommand = dataStatusCommand;
+exports.dataResetCommand = dataResetCommand;
+exports.dataExportCommand = dataExportCommand;
+const fs = __importStar(require("fs"));
+const readline = __importStar(require("readline/promises"));
+const process_1 = require("process");
+const vault_guard_telemetry_1 = require("@vaultcompass/vault-guard-telemetry");
+/**
+ * Print a privacy-respecting summary of the local telemetry database.
+ *
+ * Prefers JSON when `options.json` is true. Returns the process exit code.
+ * Returns 2 (not 1) when telemetry is unavailable so callers can distinguish
+ * "expected degradation" from "real failure".
+ */
+async function dataStatusCommand(options = {}) {
+    const dbPath = options.dbPath ?? (0, vault_guard_telemetry_1.getDefaultDbPath)();
+    const asJson = Boolean(options.json);
+    let store;
+    try {
+        store = new vault_guard_telemetry_1.TelemetryStore(dbPath);
+    }
+    catch (e) {
+        if (e instanceof vault_guard_telemetry_1.TelemetryUnavailableError) {
+            const payload = {
+                error: 'telemetry_unavailable',
+                message: e.message,
+                db_path: dbPath,
+            };
+            if (asJson) {
+                process.stdout.write(`${JSON.stringify(payload)}\n`);
+            }
+            else {
+                process.stderr.write(`vault-guard data status: telemetry unavailable — ${e.message}\n` +
+                    `expected db path: ${dbPath}\n`);
+            }
+            return 2;
+        }
+        throw e;
+    }
+    let status;
+    try {
+        status = store.getDataStatus(dbPath);
+    }
+    finally {
+        store.close();
+    }
+    if (asJson) {
+        process.stdout.write(`${JSON.stringify(status)}\n`);
+        return 0;
+    }
+    printStatusHuman(status);
+    return 0;
+}
+function printStatusHuman(s) {
+    const sizeKb = (s.db_size_bytes / 1024).toFixed(1);
+    const lines = [
+        'Vault Guard local telemetry status',
+        '',
+        `  db path           : ${s.db_path}`,
+        `  db exists         : ${s.db_exists ? 'yes' : 'no'}`,
+        `  db size           : ${sizeKb} KB`,
+        `  last write        : ${s.last_write_iso ?? '—'}`,
+        `  usage events      : ${s.usage_events}`,
+        `  session events    : ${s.session_events}`,
+        `  earliest event    : ${s.earliest_event_iso ?? '—'}`,
+        `  latest event      : ${s.latest_event_iso ?? '—'}`,
+        `  distinct cwd      : ${s.distinct_cwd_count} (count only — values redacted; see docs/PRIVACY.md)`,
+        `  distinct models   : ${s.distinct_model_count}`,
+        `  last model        : ${s.last_model ?? '—'}`,
+    ];
+    if (s.sidecars.length > 0) {
+        lines.push('  sidecar files     :');
+        for (const side of s.sidecars) {
+            lines.push(`    - ${side.path} (${side.size_bytes} B)`);
+        }
+    }
+    process.stdout.write(`${lines.join('\n')}\n`);
+}
+/**
+ * Delete `~/.vault-guard/usage.sqlite` and its WAL/SHM/journal sidecars.
+ *
+ * Safety:
+ *   - Interactive `y/N` prompt unless `--yes`. Refuses to proceed when
+ *     stdin is not a TTY and `--yes` was not passed (prevents accidental
+ *     pipe-driven nukes in CI).
+ *   - `--dry-run` prints the plan without touching the filesystem.
+ *   - Only deletes the four expected files; never `rm -rf`s the directory.
+ *
+ * Returns the process exit code.
+ */
+async function dataResetCommand(options = {}) {
+    const dbPath = options.dbPath ?? (0, vault_guard_telemetry_1.getDefaultDbPath)();
+    const asJson = Boolean(options.json);
+    const dryRun = Boolean(options.dryRun);
+    const candidates = [dbPath, ...(0, vault_guard_telemetry_1.getDbSidecarPaths)(dbPath)];
+    const existing = candidates.filter(p => {
+        try {
+            fs.statSync(p);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    });
+    if (existing.length === 0) {
+        const payload = {
+            action: 'reset',
+            removed: [],
+            dry_run: dryRun,
+            message: 'No telemetry files to delete.',
+            db_path: dbPath,
+        };
+        if (asJson) {
+            process.stdout.write(`${JSON.stringify(payload)}\n`);
+        }
+        else {
+            process.stdout.write(`vault-guard data reset: nothing to delete (no telemetry files at ${dbPath}).\n`);
+        }
+        return 0;
+    }
+    // Confirmation gate. Order matters: --yes wins, then dry-run is treated as
+    // implicitly confirmed (no destructive side effect), otherwise prompt.
+    if (!options.yes && !dryRun) {
+        const confirmed = await confirmReset(options.confirmFn, existing);
+        if (!confirmed) {
+            const payload = {
+                action: 'reset',
+                removed: [],
+                dry_run: false,
+                cancelled: true,
+                db_path: dbPath,
+            };
+            if (asJson) {
+                process.stdout.write(`${JSON.stringify(payload)}\n`);
+            }
+            else {
+                process.stdout.write('vault-guard data reset: cancelled.\n');
+            }
+            return 0;
+        }
+    }
+    const removed = [];
+    const errors = [];
+    for (const p of existing) {
+        if (dryRun) {
+            removed.push(p);
+            continue;
+        }
+        try {
+            fs.unlinkSync(p);
+            removed.push(p);
+        }
+        catch (e) {
+            errors.push({
+                path: p,
+                message: e instanceof Error ? e.message : String(e),
+            });
+        }
+    }
+    const payload = {
+        action: 'reset',
+        removed,
+        errors,
+        dry_run: dryRun,
+        db_path: dbPath,
+    };
+    if (asJson) {
+        process.stdout.write(`${JSON.stringify(payload)}\n`);
+    }
+    else {
+        const verb = dryRun ? 'would delete' : 'deleted';
+        process.stdout.write(`vault-guard data reset: ${verb} ${removed.length} file(s):\n`);
+        for (const p of removed)
+            process.stdout.write(`  - ${p}\n`);
+        if (errors.length > 0) {
+            process.stderr.write(`vault-guard data reset: ${errors.length} error(s):\n`);
+            for (const err of errors) {
+                process.stderr.write(`  - ${err.path}: ${err.message}\n`);
+            }
+        }
+    }
+    return errors.length > 0 ? 1 : 0;
+}
+async function confirmReset(confirmFn, files) {
+    if (confirmFn) {
+        return confirmFn();
+    }
+    // Refuse to silently proceed in non-interactive contexts. The user can pass
+    // --yes if that's actually what they want.
+    if (!process_1.stdin.isTTY) {
+        process.stderr.write('vault-guard data reset: stdin is not a TTY. Re-run with --yes to confirm non-interactively.\n');
+        return false;
+    }
+    process.stdout.write('About to delete the following files:\n');
+    for (const p of files)
+        process.stdout.write(`  - ${p}\n`);
+    const rl = readline.createInterface({ input: process_1.stdin, output: process_1.stdout });
+    try {
+        const answer = await rl.question('Continue? [y/N] ');
+        return /^y(es)?$/i.test(answer.trim());
+    }
+    finally {
+        rl.close();
+    }
+}
+/**
+ * Export the raw contents of `usage_events` and `session_events` to a file.
+ *
+ * **Privacy note:** unlike `data status`, the export includes the `cwd`
+ * column as persisted (64-char **HMAC-SHA256** digests — not plaintext paths).
+ * The user explicitly chose the output path; nothing is transmitted off-device.
+ *
+ * Returns the process exit code.
+ */
+async function dataExportCommand(options) {
+    const dbPath = options.dbPath ?? (0, vault_guard_telemetry_1.getDefaultDbPath)();
+    const format = options.format ?? 'json';
+    let store;
+    try {
+        store = new vault_guard_telemetry_1.TelemetryStore(dbPath);
+    }
+    catch (e) {
+        if (e instanceof vault_guard_telemetry_1.TelemetryUnavailableError) {
+            process.stderr.write(`vault-guard data export: telemetry unavailable — ${e.message}\n`);
+            return 2;
+        }
+        throw e;
+    }
+    try {
+        const usage = store.exportUsageEvents();
+        const sessions = store.exportSessionEvents();
+        if (format === 'jsonl') {
+            const lines = [];
+            for (const r of usage)
+                lines.push(JSON.stringify({ table: 'usage_events', ...r }));
+            for (const r of sessions)
+                lines.push(JSON.stringify({ table: 'session_events', ...r }));
+            // 0o600 mode: export contains raw paths/cwd; restrict to the user.
+            fs.writeFileSync(options.output, `${lines.join('\n')}\n`, { mode: 0o600 });
+        }
+        else {
+            const payload = {
+                exported_at: new Date().toISOString(),
+                db_path: dbPath,
+                usage_events: usage,
+                session_events: sessions,
+            };
+            fs.writeFileSync(options.output, `${JSON.stringify(payload, null, 2)}\n`, {
+                mode: 0o600,
+            });
+        }
+        process.stdout.write(`vault-guard data export: wrote ${usage.length} usage row(s) and ${sessions.length} session row(s) to ${options.output}\n`);
+        return 0;
+    }
+    finally {
+        store.close();
+    }
+}
+//# sourceMappingURL=data.js.map

package/dist/commands/data.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"data.js","sourceRoot":"","sources":["../../src/commands/data.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0DA,8CAyCC;AAwCD,4CAgGC;AAqCD,8CA8CC;AA9TD,uCAAyB;AACzB,4DAA8C;AAC9C,qCAA2D;AAC3D,+EAM6C;AA0C7C;;;;;;GAMG;AACI,KAAK,UAAU,iBAAiB,CAAC,UAA6B,EAAE;IACrE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAA,wCAAgB,GAAE,CAAC;IACpD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAErC,IAAI,KAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,sCAAc,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,YAAY,iDAAyB,EAAE,CAAC;YAC3C,MAAM,OAAO,GAAG;gBACd,KAAK,EAAE,uBAAuB;gBAC9B,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,OAAO,EAAE,MAAM;aAChB,CAAC;YACF,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,oDAAoD,CAAC,CAAC,OAAO,IAAI;oBAC/D,qBAAqB,MAAM,IAAI,CAClC,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,CAAC;QACX,CAAC;QACD,MAAM,CAAC,CAAC;IACV,CAAC;IAED,IAAI,MAAsB,CAAC;IAC3B,IAAI,CAAC;QACH,MAAM,GAAG,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;YAAS,CAAC;QACT,KAAK,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACpD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACzB,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAiB;IACzC,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IACnD,MAAM,KAAK,GAAa;QACtB,oCAAoC;QACpC,EAAE;QACF,yBAAyB,CAAC,CAAC,OAAO,EAAE;QACpC,yBAAyB,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;QACrD,yBAAyB,MAAM,KAAK;QACpC,yBAAyB,CAAC,CAAC,cAAc,IAAI,GAAG,EAAE;QAClD,yBAAyB,CAAC,CAAC,YAAY,EAAE;QACzC,yBAAyB,CAAC,CAAC,cAAc,EAAE;QAC3C,yBAAyB,CAAC,CAAC,kBAAkB,IAAI,GAAG,EAAE;QACtD,yBAAyB,CAAC,CAAC,gBAAgB,IAAI,GAAG,EAAE;QACpD,yBAAyB,CAAC,CAAC,kBAAkB,sDAAsD;QACnG,yBAAyB,CAAC,CAAC,oBAAoB,EAAE;QACjD,yBAAyB,CAAC,CAAC,UAAU,IAAI,GAAG,EAAE;KAC/C,CAAC;IACF,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACpC,KAAK,MAAM,IAAI,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC9B,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,UAAU,KAAK,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChD,CAAC;AAED;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,gBAAgB,CAAC,UAA4B,EAAE;IACnE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAA,wCAAgB,GAAE,CAAC;IACpD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvC,MAAM,UAAU,GAAG,CAAC,MAAM,EAAE,GAAG,IAAA,yCAAiB,EAAC,MAAM,CAAC,CAAC,CAAC;IAC1D,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;QACrC,IAAI,CAAC;YACH,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,OAAO;YACf,OAAO,EAAE,EAAE;YACX,OAAO,EAAE,MAAM;YACf,OAAO,EAAE,+BAA+B;YACxC,OAAO,EAAE,MAAM;SAChB,CAAC;QACF,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACvD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,oEAAoE,MAAM,MAAM,CACjF,CAAC;QACJ,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED,2EAA2E;IAC3E,uEAAuE;IACvE,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;QAC5B,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAClE,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,OAAO,GAAG;gBACd,MAAM,EAAE,OAAO;gBACf,OAAO,EAAE,EAAE;gBACX,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,IAAI;gBACf,OAAO,EAAE,MAAM;aAChB,CAAC;YACF,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACvD,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sCAAsC,CAAC,CAAC;YAC/D,CAAC;YACD,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,MAAM,GAA6C,EAAE,CAAC;IAE5D,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAChB,SAAS;QACX,CAAC;QACD,IAAI,CAAC;YACH,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,CAAC;gBACP,OAAO,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;aACpD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,OAAO,GAAG;QACd,MAAM,EAAE,OAAO;QACf,OAAO;QACP,MAAM;QACN,OAAO,EAAE,MAAM;QACf,OAAO,EAAE,MAAM;KAChB,CAAC;IAEF,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;QACjD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,IAAI,IAAI,OAAO,CAAC,MAAM,aAAa,CAAC,CAAC;QACrF,KAAK,MAAM,CAAC,IAAI,OAAO;YAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC5D,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,MAAM,CAAC,MAAM,cAAc,CAAC,CAAC;YAC7E,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;gBACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,SAA+C,EAC/C,KAAwB;IAExB,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,SAAS,EAAE,CAAC;IACrB,CAAC;IACD,4EAA4E;IAC5E,2CAA2C;IAC3C,IAAI,CAAC,eAAK,CAAC,KAAK,EAAE,CAAC;QACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,+FAA+F,CAChG,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAC/D,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1D,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC,EAAE,KAAK,EAAL,eAAK,EAAE,MAAM,EAAN,gBAAM,EAAE,CAAC,CAAC;IACvD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;QACrD,OAAO,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;IACzC,CAAC;YAAS,CAAC;QACT,EAAE,CAAC,KAAK,EAAE,CAAC;IACb,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,iBAAiB,CAAC,OAA0B;IAChE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,IAAA,wCAAgB,GAAE,CAAC;IACpD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC;IAExC,IAAI,KAAqB,CAAC;IAC1B,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,sCAAc,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,YAAY,iDAAyB,EAAE,CAAC;YAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,oDAAoD,CAAC,CAAC,OAAO,IAAI,CAClE,CAAC;YACF,OAAO,CAAC,CAAC;QACX,CAAC;QACD,MAAM,CAAC,CAAC;IACV,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,iBAAiB,EAAE,CAAC;QACxC,MAAM,QAAQ,GAAG,KAAK,CAAC,mBAAmB,EAAE,CAAC;QAE7C,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;YACvB,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,KAAK,MAAM,CAAC,IAAI,KAAK;gBAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YACnF,KAAK,MAAM,CAAC,IAAI,QAAQ;gBAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YACxF,mEAAmE;YACnE,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC7E,CAAC;aAAM,CAAC;YACN,MAAM,OAAO,GAAG;gBACd,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACrC,OAAO,EAAE,MAAM;gBACf,YAAY,EAAE,KAAK;gBACnB,cAAc,EAAE,QAAQ;aACzB,CAAC;YACF,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE;gBACxE,IAAI,EAAE,KAAK;aACZ,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,kCAAkC,KAAK,CAAC,MAAM,qBAAqB,QAAQ,CAAC,MAAM,sBAAsB,OAAO,CAAC,MAAM,IAAI,CAC3H,CAAC;QACF,OAAO,CAAC,CAAC;IACX,CAAC;YAAS,CAAC;QACT,KAAK,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC;AACH,CAAC"}

package/dist/commands/fix.d.ts

@@ -0,0 +1,2 @@
+export declare function fixCommand(files: string[]): Promise<number>;
+//# sourceMappingURL=fix.d.ts.map

package/dist/commands/fix.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix.d.ts","sourceRoot":"","sources":["../../src/commands/fix.ts"],"names":[],"mappings":"AAKA,wBAAsB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CA8DjE"}

package/dist/commands/fix.js

@@ -0,0 +1,80 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fixCommand = fixCommand;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const vault_guard_core_1 = require("@vaultcompass/vault-guard-core");
+const chalk_1 = __importDefault(require("chalk"));
+async function fixCommand(files) {
+    console.log(chalk_1.default.blue.bold('🔧 Secret Remediation Guide\n'));
+    console.log(chalk_1.default.gray('This command shows you exactly what needs to be fixed.'));
+    console.log(chalk_1.default.gray('Manual remediation is required for security reasons.\n'));
+    if (files.length === 0) {
+        console.log(chalk_1.default.yellow('⚠️  No files specified'));
+        console.log(chalk_1.default.gray('Usage: vault-guard fix <files...>\n'));
+        return 0; // Success (nothing to do)
+    }
+    const scanner = new vault_guard_core_1.SecretScanner();
+    let filesWithSecrets = 0;
+    let totalSecrets = 0;
+    for (const file of files) {
+        if (!fs_1.default.existsSync(file)) {
+            console.error(chalk_1.default.red('❌ Error:'), chalk_1.default.white(`File not found: ${file}\n`));
+            continue;
+        }
+        const matches = scanner.scan(file);
+        if (matches.length === 0) {
+            console.log(chalk_1.default.green('✅'), chalk_1.default.white(`${file}: No secrets found`));
+            continue;
+        }
+        filesWithSecrets++;
+        totalSecrets += matches.length;
+        const relativePath = path_1.default.relative(process.cwd(), file);
+        console.log(chalk_1.default.yellow('⚠️'), chalk_1.default.white(`${relativePath}: ${matches.length} secret${matches.length > 1 ? 's' : ''} found`));
+        console.log(chalk_1.default.gray('   Remediation steps:'));
+        for (const match of matches) {
+            console.log('');
+            console.log(chalk_1.default.gray(`   1. Open file: ${relativePath}`));
+            console.log(chalk_1.default.gray(`   2. Go to line: ${match.line}`));
+            console.log(chalk_1.default.gray(`   3. Remove: ${chalk_1.default.white(match.type)} secret`));
+            console.log(chalk_1.default.gray(`   4. Replace with: ${getReplacementSuggestion(match.type)}`));
+            // Show context (masked)
+            console.log(chalk_1.default.gray(`   Found: ${match.value}`));
+        }
+        console.log('');
+    }
+    if (filesWithSecrets === 0) {
+        console.log(chalk_1.default.green.bold('✅ All files clean!\n'));
+        return 0; // Success exit code
+    }
+    else {
+        console.log(chalk_1.default.bold('Summary:'));
+        console.log(chalk_1.default.yellow(`  ⚠️  Files with secrets: ${filesWithSecrets}`));
+        console.log(chalk_1.default.red(`  ❌ Total secrets: ${totalSecrets}`));
+        console.log('');
+        console.log(chalk_1.default.gray('Next steps:'));
+        console.log(chalk_1.default.gray('  1. Fix the secrets listed above'));
+        console.log(chalk_1.default.gray('  2. Run: vault-guard check to verify'));
+        console.log(chalk_1.default.gray('  3. Commit your changes\n'));
+        return 1; // Error exit code (secrets found)
+    }
+}
+function getReplacementSuggestion(secretType) {
+    const suggestions = {
+        'anthropic': 'Environment variable (ANTHROPIC_API_KEY)',
+        'openai': 'Environment variable (OPENAI_API_KEY)',
+        'stripe': 'Environment variable (STRIPE_SECRET_KEY)',
+        'aws-access': 'AWS IAM role or environment variable',
+        'aws-secret': 'AWS IAM role or environment variable',
+        'github-token': 'GitHub Actions secret or environment variable',
+        'jwt-token': 'Environment variable or authentication service',
+        'api-key-generic': 'Environment variable or secrets manager',
+        'secret-generic': 'Environment variable or secrets manager',
+        'password-in-code': 'Environment variable or secrets manager'
+    };
+    return suggestions[secretType] || 'Environment variable or secure vault';
+}
+//# sourceMappingURL=fix.js.map

package/dist/commands/fix.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix.js","sourceRoot":"","sources":["../../src/commands/fix.ts"],"names":[],"mappings":";;;;;AAKA,gCA8DC;AAnED,4CAAoB;AACpB,gDAAwB;AACxB,qEAA+D;AAC/D,kDAA0B;AAEnB,KAAK,UAAU,UAAU,CAAC,KAAe;IAC9C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC,CAAC;IAClF,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC,CAAC;IAElF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC,CAAC;QAC/D,OAAO,CAAC,CAAC,CAAC,0BAA0B;IACtC,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,gCAAa,EAAE,CAAC;IACpC,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,YAAE,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,eAAK,CAAC,KAAK,CAAC,mBAAmB,IAAI,IAAI,CAAC,CAAC,CAAC;YAC/E,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,eAAK,CAAC,KAAK,CAAC,GAAG,IAAI,oBAAoB,CAAC,CAAC,CAAC;YACxE,SAAS;QACX,CAAC;QAED,gBAAgB,EAAE,CAAC;QACnB,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;QAE/B,MAAM,YAAY,GAAG,cAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,eAAK,CAAC,KAAK,CAAC,GAAG,YAAY,KAAK,OAAO,CAAC,MAAM,UAAU,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QAChI,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC;QAEjD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,oBAAoB,YAAY,EAAE,CAAC,CAAC,CAAC;YAC5D,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,qBAAqB,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,iBAAiB,eAAK,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;YAC3E,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,uBAAuB,wBAAwB,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAEvF,wBAAwB;YACxB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,aAAa,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,gBAAgB,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC;QACtD,OAAO,CAAC,CAAC,CAAC,oBAAoB;IAChC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,6BAA6B,gBAAgB,EAAE,CAAC,CAAC,CAAC;QAC3E,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,sBAAsB,YAAY,EAAE,CAAC,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QACvC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC;QAEtD,OAAO,CAAC,CAAC,CAAC,kCAAkC;IAC9C,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,UAAkB;IAClD,MAAM,WAAW,GAA2B;QAC1C,WAAW,EAAE,0CAA0C;QACvD,QAAQ,EAAE,uCAAuC;QACjD,QAAQ,EAAE,0CAA0C;QACpD,YAAY,EAAE,sCAAsC;QACpD,YAAY,EAAE,sCAAsC;QACpD,cAAc,EAAE,+CAA+C;QAC/D,WAAW,EAAE,gDAAgD;QAC7D,iBAAiB,EAAE,yCAAyC;QAC5D,gBAAgB,EAAE,yCAAyC;QAC3D,kBAAkB,EAAE,yCAAyC;KAC9D,CAAC;IAEF,OAAO,WAAW,CAAC,UAAU,CAAC,IAAI,sCAAsC,CAAC;AAC3E,CAAC"}

package/dist/commands/index.d.ts

@@ -0,0 +1,11 @@
+export { scanCommand } from './scan';
+export { configValidateCommand } from './config';
+export { installHookCommand } from './install-hook';
+export { tokensCommand } from './tokens';
+export { fixCommand } from './fix';
+export { checkCommand } from './check';
+export { statuslineCommand } from './statusline';
+export { suggestModelCommand } from './suggest-model';
+export { proxyCommand } from './proxy';
+export { dataStatusCommand, dataResetCommand, dataExportCommand, type DataStatusOptions, type DataResetOptions, type DataExportOptions, } from './data';
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AACjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,OAAO,CAAC;AACnC,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACjD,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,iBAAiB,EACjB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,GACvB,MAAM,QAAQ,CAAC"}

package/dist/commands/index.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.dataExportCommand = exports.dataResetCommand = exports.dataStatusCommand = exports.proxyCommand = exports.suggestModelCommand = exports.statuslineCommand = exports.checkCommand = exports.fixCommand = exports.tokensCommand = exports.installHookCommand = exports.configValidateCommand = exports.scanCommand = void 0;
+var scan_1 = require("./scan");
+Object.defineProperty(exports, "scanCommand", { enumerable: true, get: function () { return scan_1.scanCommand; } });
+var config_1 = require("./config");
+Object.defineProperty(exports, "configValidateCommand", { enumerable: true, get: function () { return config_1.configValidateCommand; } });
+var install_hook_1 = require("./install-hook");
+Object.defineProperty(exports, "installHookCommand", { enumerable: true, get: function () { return install_hook_1.installHookCommand; } });
+var tokens_1 = require("./tokens");
+Object.defineProperty(exports, "tokensCommand", { enumerable: true, get: function () { return tokens_1.tokensCommand; } });
+var fix_1 = require("./fix");
+Object.defineProperty(exports, "fixCommand", { enumerable: true, get: function () { return fix_1.fixCommand; } });
+var check_1 = require("./check");
+Object.defineProperty(exports, "checkCommand", { enumerable: true, get: function () { return check_1.checkCommand; } });
+var statusline_1 = require("./statusline");
+Object.defineProperty(exports, "statuslineCommand", { enumerable: true, get: function () { return statusline_1.statuslineCommand; } });
+var suggest_model_1 = require("./suggest-model");
+Object.defineProperty(exports, "suggestModelCommand", { enumerable: true, get: function () { return suggest_model_1.suggestModelCommand; } });
+var proxy_1 = require("./proxy");
+Object.defineProperty(exports, "proxyCommand", { enumerable: true, get: function () { return proxy_1.proxyCommand; } });
+var data_1 = require("./data");
+Object.defineProperty(exports, "dataStatusCommand", { enumerable: true, get: function () { return data_1.dataStatusCommand; } });
+Object.defineProperty(exports, "dataResetCommand", { enumerable: true, get: function () { return data_1.dataResetCommand; } });
+Object.defineProperty(exports, "dataExportCommand", { enumerable: true, get: function () { return data_1.dataExportCommand; } });
+//# sourceMappingURL=index.js.map

package/dist/commands/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/commands/index.ts"],"names":[],"mappings":";;;AAAA,+BAAqC;AAA5B,mGAAA,WAAW,OAAA;AACpB,mCAAiD;AAAxC,+GAAA,qBAAqB,OAAA;AAC9B,+CAAoD;AAA3C,kHAAA,kBAAkB,OAAA;AAC3B,mCAAyC;AAAhC,uGAAA,aAAa,OAAA;AACtB,6BAAmC;AAA1B,iGAAA,UAAU,OAAA;AACnB,iCAAuC;AAA9B,qGAAA,YAAY,OAAA;AACrB,2CAAiD;AAAxC,+GAAA,iBAAiB,OAAA;AAC1B,iDAAsD;AAA7C,oHAAA,mBAAmB,OAAA;AAC5B,iCAAuC;AAA9B,qGAAA,YAAY,OAAA;AACrB,+BAOgB;AANd,yGAAA,iBAAiB,OAAA;AACjB,wGAAA,gBAAgB,OAAA;AAChB,yGAAA,iBAAiB,OAAA"}

package/dist/commands/install-hook.d.ts

@@ -0,0 +1,3 @@
+import { type HookManager } from '@vaultcompass/vault-guard-core';
+export declare function installHookCommand(manager?: HookManager): Promise<void>;
+//# sourceMappingURL=install-hook.d.ts.map

package/dist/commands/install-hook.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"install-hook.d.ts","sourceRoot":"","sources":["../../src/commands/install-hook.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,KAAK,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAGjF,wBAAsB,kBAAkB,CAAC,OAAO,GAAE,WAAsB,GAAG,OAAO,CAAC,IAAI,CAAC,CAyBvF"}

package/dist/commands/install-hook.js

@@ -0,0 +1,31 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.installHookCommand = installHookCommand;
+const vault_guard_core_1 = require("@vaultcompass/vault-guard-core");
+const chalk_1 = __importDefault(require("chalk"));
+async function installHookCommand(manager = 'native') {
+    console.log(chalk_1.default.blue('🪝 Installing pre-commit hook\n'));
+    console.log(chalk_1.default.gray(`   Manager: ${manager}\n`));
+    const hook = new vault_guard_core_1.PreCommitHook();
+    const result = hook.install({ manager });
+    if (result.success) {
+        console.log(chalk_1.default.green.bold('✅ SUCCESS:'), chalk_1.default.white(result.message));
+        if (result.hookPath) {
+            console.log(chalk_1.default.gray(`   Path: ${result.hookPath}`));
+        }
+        console.log(chalk_1.default.gray('\nThe hook runs `vault-guard scan --staged` before each commit (staged files only).\n'));
+    }
+    else {
+        console.error(chalk_1.default.red('❌ Error:'), chalk_1.default.white(result.message));
+        if (result.message.includes('git repository')) {
+            console.log(chalk_1.default.gray('💡 Hint: Run'), chalk_1.default.cyan('git init'), chalk_1.default.gray('first\n'));
+        }
+        else {
+            console.log(chalk_1.default.gray('💡 Hint: Check file permissions or merge the snippet shown above.\n'));
+        }
+    }
+}
+//# sourceMappingURL=install-hook.js.map

package/dist/commands/install-hook.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"install-hook.js","sourceRoot":"","sources":["../../src/commands/install-hook.ts"],"names":[],"mappings":";;;;;AAGA,gDAyBC;AA5BD,qEAAiF;AACjF,kDAA0B;AAEnB,KAAK,UAAU,kBAAkB,CAAC,UAAuB,QAAQ;IACtE,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,eAAe,OAAO,IAAI,CAAC,CAAC,CAAC;IAEpD,MAAM,IAAI,GAAG,IAAI,gCAAa,EAAE,CAAC;IACjC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;IAEzC,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,eAAK,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QACzE,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,YAAY,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACzD,CAAC;QACD,OAAO,CAAC,GAAG,CACT,eAAK,CAAC,IAAI,CACR,uFAAuF,CACxF,CACF,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,eAAK,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAClE,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,cAAc,CAAC,EAAE,eAAK,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,eAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;QACzF,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAC,CAAC;QACjG,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/commands/monitor.d.ts

@@ -0,0 +1,2 @@
+export declare function monitorCommand(): Promise<void>;
+//# sourceMappingURL=monitor.d.ts.map

package/dist/commands/monitor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"monitor.d.ts","sourceRoot":"","sources":["../../src/commands/monitor.ts"],"names":[],"mappings":"AAEA,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAgBpD"}

package/dist/commands/monitor.js

@@ -0,0 +1,23 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.monitorCommand = monitorCommand;
+const chalk_1 = __importDefault(require("chalk"));
+async function monitorCommand() {
+    console.log(chalk_1.default.blue.bold('📊 Status Monitor\n'));
+    // TODO: Implement real-time status monitor
+    // This will display:
+    // - Current token usage
+    // - Session savings
+    // - Active AI sessions
+    // - Security status
+    console.log(chalk_1.default.gray('Status monitor coming soon'));
+    console.log(chalk_1.default.gray('Will display:'));
+    console.log(chalk_1.default.gray('  • Real-time token usage'));
+    console.log(chalk_1.default.gray('  • Session savings %'));
+    console.log(chalk_1.default.gray('  • Active AI sessions'));
+    console.log(chalk_1.default.gray('  • Security scan status\n'));
+}
+//# sourceMappingURL=monitor.js.map

package/dist/commands/monitor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"monitor.js","sourceRoot":"","sources":["../../src/commands/monitor.ts"],"names":[],"mappings":";;;;;AAEA,wCAgBC;AAlBD,kDAA0B;AAEnB,KAAK,UAAU,cAAc;IAClC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC;IAEpD,2CAA2C;IAC3C,qBAAqB;IACrB,wBAAwB;IACxB,oBAAoB;IACpB,uBAAuB;IACvB,oBAAoB;IAEpB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;IAClD,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,CAAC;AACxD,CAAC"}