@vigil-guard/vge-cc-guard 0.9.0-beta.1

package/dist/daemon/pretool-decision-escrow.js

@@ -0,0 +1,295 @@
+import * as crypto from 'crypto';
+import { logBlockingDecisionCreated, logBlockingDecisionCapacityEvicted, logBlockingDecisionDeduped, logBlockingDecisionReaskEmitted, logBlockingDecisionResolved, logBlockingDecisionSessionLocked, logPretoolUrlAllowlistedByUser, logPretoolUrlAllowOnce, logPretoolUrlBlocked, } from './audit-logger.js';
+import { addResourceAllow, addResourceBlock, addUrlAllowOnce } from './session-state.js';
+import { blockUserPromptWithReason, branchScores, renderConversationApprovalContext, renderConversationDecisionPrompt, renderConversationDecisionReask, } from './conversation-decision-prompt.js';
+import { hasActivePostToolConversationDecision } from './posttool-decision-state.js';
+import { decisionOwnerKey, sessionDecisionOwner } from './decision-owner.js';
+import { finishPendingDecision } from './decision-transition.js';
+import { nextDecisionCreationSequence } from './active-conversation-decisions.js';
+const MAX_ESCROWS = 100;
+const byDecisionId = new Map();
+const activeByOwner = new Map();
+const activeBySession = new Map();
+const activeByDedupKey = new Map();
+function makeDecision(params) {
+    const owner = params.owner ?? sessionDecisionOwner(params.sessionId);
+    const ownerKey = decisionOwnerKey(owner);
+    const now = Date.now();
+    return {
+        decisionId: `dec_${crypto.randomUUID()}`,
+        dedupKey: `${ownerKey}:${params.resourceId}`,
+        sessionId: params.sessionId,
+        owner,
+        kind: 'pretool_url',
+        toolName: params.toolName,
+        resourceId: params.resourceId,
+        resourceLabel: params.resourceLabel,
+        reason: params.reason,
+        createdAt: now,
+        creationSequence: nextDecisionCreationSequence(),
+        expiresAt: now + params.timeoutMs,
+        status: params.status ?? 'pending',
+        vge: {
+            id: params.vgeResult.id ?? null,
+            decision: params.vgeResult.decision,
+            arbiterSignal: params.vgeResult.arbiterSignal,
+            ruleAction: params.vgeResult.ruleAction,
+            score: params.vgeResult.score,
+            categories: params.vgeResult.categories,
+            blockMessage: params.vgeResult.blockMessage,
+            branches: branchScores(params.vgeResult),
+        },
+    };
+}
+function removeRecord(decisionId) {
+    const record = byDecisionId.get(decisionId);
+    if (!record)
+        return undefined;
+    byDecisionId.delete(decisionId);
+    const ownerActive = activeByOwner.get(record.ownerKey);
+    if (ownerActive) {
+        ownerActive.delete(decisionId);
+        if (ownerActive.size === 0)
+            activeByOwner.delete(record.ownerKey);
+    }
+    const sessionActive = activeBySession.get(record.sessionId);
+    if (sessionActive) {
+        sessionActive.delete(decisionId);
+        if (sessionActive.size === 0)
+            activeBySession.delete(record.sessionId);
+    }
+    activeByDedupKey.delete(record.decision.dedupKey);
+    return record;
+}
+function addOwnerDecision(ownerKey, decisionId) {
+    const ownerActive = activeByOwner.get(ownerKey) ?? new Set();
+    ownerActive.add(decisionId);
+    activeByOwner.set(ownerKey, ownerActive);
+}
+function firstOwnerDecision(ownerKey) {
+    const ownerActive = activeByOwner.get(ownerKey);
+    return ownerActive?.values().next().value ?? null;
+}
+function evictCapacityRecord(decisionId, record) {
+    const transition = finishPendingDecision(record.decision, 'capacity_evicted');
+    if (transition.won)
+        logBlockingDecisionCapacityEvicted(record.decision);
+    removeRecord(decisionId);
+}
+function pruneExpired(now = Date.now()) {
+    void now;
+    // Conversation-native PreTool decisions wait for an explicit user decision.
+}
+export function createPreToolDecisionEscrow(params) {
+    pruneExpired();
+    while (byDecisionId.size >= MAX_ESCROWS) {
+        const oldest = [...byDecisionId.entries()].sort((a, b) => a[1].createdAt - b[1].createdAt)[0];
+        if (!oldest)
+            break;
+        evictCapacityRecord(oldest[0], oldest[1]);
+    }
+    const owner = params.owner ?? sessionDecisionOwner(params.sessionId);
+    const ownerKey = decisionOwnerKey(owner);
+    const dedupKey = `${ownerKey}:${params.resourceId}`;
+    const existingForResource = activeByDedupKey.get(dedupKey);
+    if (existingForResource) {
+        const existing = byDecisionId.get(existingForResource);
+        if (existing) {
+            logBlockingDecisionDeduped(existing.decision);
+            return { type: 'deduped', decision: existing.decision };
+        }
+    }
+    if (hasActivePostToolConversationDecision(params.sessionId)) {
+        const decision = makeDecision({
+            ...params,
+            owner,
+            status: 'session_locked_fail_closed',
+        });
+        logBlockingDecisionSessionLocked(decision);
+        return { type: 'fail_closed', reason: 'session_locked', decision };
+    }
+    const decision = makeDecision({ ...params, owner });
+    byDecisionId.set(decision.decisionId, {
+        createdAt: Date.now(),
+        decision,
+        host: params.host,
+        ownerKey,
+        sessionId: params.sessionId,
+        urlHash: params.urlHash,
+        vgeResult: params.vgeResult,
+    });
+    addOwnerDecision(ownerKey, decision.decisionId);
+    const sessionActive = activeBySession.get(params.sessionId) ?? new Set();
+    sessionActive.add(decision.decisionId);
+    activeBySession.set(params.sessionId, sessionActive);
+    activeByDedupKey.set(dedupKey, decision.decisionId);
+    logBlockingDecisionCreated(decision, { resolverSurface: 'userprompt_text' });
+    return { type: 'created', decision };
+}
+export function renderPreToolEscrowDenyReason(decision) {
+    return renderConversationDecisionPrompt(decision);
+}
+export function renderActivePreToolDecisionReask(sessionId) {
+    pruneExpired();
+    const decisionIds = activeBySession.get(sessionId);
+    if (!decisionIds || decisionIds.size !== 1)
+        return null;
+    const record = byDecisionId.get([...decisionIds][0]);
+    if (!record)
+        return null;
+    logBlockingDecisionReaskEmitted(record.decision);
+    // Re-asking is observational only. The original expiresAt remains unchanged.
+    return renderConversationDecisionReask(record.decision);
+}
+export function renderActivePreToolDecisionReaskForOwner(owner) {
+    pruneExpired();
+    const decisionId = firstOwnerDecision(decisionOwnerKey(owner));
+    if (!decisionId)
+        return null;
+    const record = byDecisionId.get(decisionId);
+    if (!record)
+        return null;
+    logBlockingDecisionReaskEmitted(record.decision);
+    return renderConversationDecisionReask(record.decision);
+}
+export function activePreToolEscrowCountForSession(sessionId) {
+    pruneExpired();
+    return activeBySession.get(sessionId)?.size ?? 0;
+}
+export function activePreToolEscrowDecisionsForSession(sessionId) {
+    pruneExpired();
+    return [...(activeBySession.get(sessionId) ?? [])]
+        .map((decisionId) => byDecisionId.get(decisionId)?.decision ?? null)
+        .filter((decision) => decision !== null)
+        .sort((left, right) => left.createdAt - right.createdAt || left.decisionId.localeCompare(right.decisionId));
+}
+export function hasActivePreToolConversationDecision(sessionId) {
+    return activePreToolEscrowCountForSession(sessionId) > 0;
+}
+export function hasPreToolEscrowDecision(decisionId) {
+    pruneExpired();
+    return byDecisionId.has(decisionId);
+}
+export function resolvePreToolEscrowCommand(sessionId, command) {
+    pruneExpired();
+    let decisionId = command.decisionId;
+    if (!decisionId) {
+        const active = activeBySession.get(sessionId);
+        if (!active || active.size === 0) {
+            return {
+                matched: true,
+                ccOutput: blockUserPromptWithReason('VGE Agent Guard: there is no active PreTool decision to resolve.'),
+            };
+        }
+        if (active.size > 1) {
+            return {
+                matched: true,
+                ccOutput: blockUserPromptWithReason('VGE Agent Guard: multiple PreTool decisions are active. Use the full `vge block dec_...`, `vge allow dec_...`, or `vge allow-session dec_...` command shown in the decision prompt.'),
+            };
+        }
+        decisionId = [...active][0];
+    }
+    const record = byDecisionId.get(decisionId);
+    if (!record) {
+        return {
+            matched: true,
+            ccOutput: blockUserPromptWithReason(`VGE Agent Guard: decision ${decisionId} is no longer available. Re-run the tool if you still need it.`),
+        };
+    }
+    if (record.sessionId !== sessionId) {
+        return {
+            matched: true,
+            ccOutput: blockUserPromptWithReason(`VGE Agent Guard: decision ${decisionId} belongs to a different session.`),
+        };
+    }
+    const resolvedStatus = command.choice === 'allow_once'
+        ? 'resolved_allow_once'
+        : command.choice === 'allow_session'
+            ? 'resolved_allow_session'
+            : 'resolved_block';
+    const transition = finishPendingDecision(record.decision, resolvedStatus);
+    if (!transition.won) {
+        return {
+            matched: true,
+            ccOutput: blockUserPromptWithReason(`VGE Agent Guard: decision ${decisionId} is no longer available. Re-run the tool if you still need it.`),
+        };
+    }
+    logBlockingDecisionResolved({
+        decision: record.decision,
+        choice: command.choice,
+        clientId: 'userprompt_escrow',
+        elapsedMs: Date.now() - record.decision.createdAt,
+        resolverSurface: 'userprompt_text',
+        originHookEvent: 'UserPromptSubmit',
+    });
+    if (command.choice === 'block') {
+        addResourceBlock(sessionId, record.decision.resourceId, decisionId);
+        logPretoolUrlBlocked({
+            sessionId,
+            toolName: record.decision.toolName,
+            resourceId: record.decision.resourceId,
+            urlHash: record.urlHash,
+            host: record.host,
+            vgeDecision: record.vgeResult.decision,
+            vgeScore: record.vgeResult.score,
+            reason: 'user_block',
+        });
+        removeRecord(decisionId);
+        return {
+            matched: true,
+            ccOutput: blockUserPromptWithReason(`VGE Agent Guard: decision ${decisionId} recorded as block. The control prompt was not sent to Claude.`),
+        };
+    }
+    if (command.choice === 'allow_session') {
+        addResourceAllow(sessionId, record.decision.resourceId, decisionId);
+        if (record.host) {
+            logPretoolUrlAllowlistedByUser({
+                sessionId,
+                toolName: record.decision.toolName,
+                resourceId: record.decision.resourceId,
+                urlHash: record.urlHash,
+                host: record.host,
+                vgeDecision: record.vgeResult.decision,
+                vgeScore: record.vgeResult.score,
+            });
+        }
+    }
+    else {
+        addUrlAllowOnce(sessionId, record.decision.resourceId, record.decision.owner);
+        logPretoolUrlAllowOnce({
+            sessionId,
+            toolName: record.decision.toolName,
+            resourceId: record.decision.resourceId,
+            urlHash: record.urlHash,
+            host: record.host,
+            vgeDecision: record.vgeResult.decision,
+            vgeScore: record.vgeResult.score,
+        });
+    }
+    removeRecord(decisionId);
+    return {
+        matched: true,
+        ccOutput: {
+            hookSpecificOutput: {
+                hookEventName: 'UserPromptSubmit',
+                additionalContext: renderConversationApprovalContext({
+                    choice: command.choice,
+                    decision: record.decision,
+                    residual: command.residual,
+                }),
+            },
+        },
+    };
+}
+export function resetPreToolDecisionEscrowForTests() {
+    byDecisionId.clear();
+    activeByOwner.clear();
+    activeBySession.clear();
+    activeByDedupKey.clear();
+}
+export function clearPreToolDecisionEscrowForSession(sessionId) {
+    const decisionIds = [...(activeBySession.get(sessionId) ?? [])];
+    for (const decisionId of decisionIds)
+        removeRecord(decisionId);
+}
+//# sourceMappingURL=pretool-decision-escrow.js.map

package/dist/daemon/pretool-decision-escrow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pretool-decision-escrow.js","sourceRoot":"","sources":["../../src/daemon/pretool-decision-escrow.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,QAAQ,CAAC;AAEjC,OAAO,EACL,0BAA0B,EAC1B,kCAAkC,EAClC,0BAA0B,EAC1B,+BAA+B,EAC/B,2BAA2B,EAC3B,gCAAgC,EAChC,8BAA8B,EAC9B,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACzF,OAAO,EACL,yBAAyB,EACzB,YAAY,EACZ,iCAAiC,EACjC,gCAAgC,EAChC,+BAA+B,GAChC,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EAAE,qCAAqC,EAAE,MAAM,8BAA8B,CAAC;AACrF,OAAO,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC7E,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAC;AAElF,MAAM,WAAW,GAAG,GAAG,CAAC;AAgCxB,MAAM,YAAY,GAAG,IAAI,GAAG,EAA+B,CAAC;AAC5D,MAAM,aAAa,GAAG,IAAI,GAAG,EAAuB,CAAC;AACrD,MAAM,eAAe,GAAG,IAAI,GAAG,EAAuB,CAAC;AACvD,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEnD,SAAS,YAAY,CAAC,MAUrB;IACC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,oBAAoB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO;QACL,UAAU,EAAE,OAAO,MAAM,CAAC,UAAU,EAAE,EAAE;QACxC,QAAQ,EAAE,GAAG,QAAQ,IAAI,MAAM,CAAC,UAAU,EAAE;QAC5C,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,KAAK;QACL,IAAI,EAAE,aAAa;QACnB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,SAAS,EAAE,GAAG;QACd,gBAAgB,EAAE,4BAA4B,EAAE;QAChD,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,SAAS;QACjC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,SAAS;QAClC,GAAG,EAAE;YACH,EAAE,EAAE,MAAM,CAAC,SAAS,CAAC,EAAE,IAAI,IAAI;YAC/B,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,QAAQ;YACnC,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,aAAa;YAC7C,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,UAAU;YACvC,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,KAAK;YAC7B,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,UAAU;YACvC,YAAY,EAAE,MAAM,CAAC,SAAS,CAAC,YAAY;YAC3C,QAAQ,EAAE,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC;SACzC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,UAAkB;IACtC,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAC9B,YAAY,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAChC,MAAM,WAAW,GAAG,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvD,IAAI,WAAW,EAAE,CAAC;QAChB,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC/B,IAAI,WAAW,CAAC,IAAI,KAAK,CAAC;YAAE,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,aAAa,GAAG,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC5D,IAAI,aAAa,EAAE,CAAC;QAClB,aAAa,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QACjC,IAAI,aAAa,CAAC,IAAI,KAAK,CAAC;YAAE,eAAe,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACzE,CAAC;IACD,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAClD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB,EAAE,UAAkB;IAC5D,MAAM,WAAW,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,GAAG,EAAU,CAAC;IACrE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC5B,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,kBAAkB,CAAC,QAAgB;IAC1C,MAAM,WAAW,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAChD,OAAO,WAAW,EAAE,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,IAAI,IAAI,CAAC;AACpD,CAAC;AAED,SAAS,mBAAmB,CAAC,UAAkB,EAAE,MAA2B;IAC1E,MAAM,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC;IAC9E,IAAI,UAAU,CAAC,GAAG;QAAE,kCAAkC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACxE,YAAY,CAAC,UAAU,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,YAAY,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE;IACpC,KAAK,GAAG,CAAC;IACT,4EAA4E;AAC9E,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,MAW3C;IACC,YAAY,EAAE,CAAC;IACf,OAAO,YAAY,CAAC,IAAI,IAAI,WAAW,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,CAAC,GAAG,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9F,IAAI,CAAC,MAAM;YAAE,MAAM;QACnB,mBAAmB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,oBAAoB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IACzC,MAAM,QAAQ,GAAG,GAAG,QAAQ,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;IACpD,MAAM,mBAAmB,GAAG,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAC3D,IAAI,mBAAmB,EAAE,CAAC;QACxB,MAAM,QAAQ,GAAG,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QACvD,IAAI,QAAQ,EAAE,CAAC;YACb,0BAA0B,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC9C,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,IAAI,qCAAqC,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5D,MAAM,QAAQ,GAAG,YAAY,CAAC;YAC5B,GAAG,MAAM;YACT,KAAK;YACL,MAAM,EAAE,4BAA4B;SACrC,CAAC,CAAC;QACH,gCAAgC,CAAC,QAAQ,CAAC,CAAC;QAC3C,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE,CAAC;IACrE,CAAC;IAED,MAAM,QAAQ,GAAG,YAAY,CAAC,EAAE,GAAG,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAEpD,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,EAAE;QACpC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,QAAQ;QACR,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,QAAQ;QACR,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,SAAS,EAAE,MAAM,CAAC,SAAS;KAC5B,CAAC,CAAC;IACH,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;IAChD,MAAM,aAAa,GAAG,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,IAAI,GAAG,EAAU,CAAC;IACjF,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACvC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IACrD,gBAAgB,CAAC,GAAG,CAAC,QAAQ,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;IACpD,0BAA0B,CAAC,QAAQ,EAAE,EAAE,eAAe,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAC7E,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,6BAA6B,CAAC,QAA0B;IACtE,OAAO,gCAAgC,CAAC,QAAQ,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,gCAAgC,CAAC,SAAiB;IAChE,YAAY,EAAE,CAAC;IACf,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACnD,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACxD,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACrD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,+BAA+B,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjD,6EAA6E;IAC7E,OAAO,+BAA+B,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AAC1D,CAAC;AAED,MAAM,UAAU,wCAAwC,CAAC,KAAoB;IAC3E,YAAY,EAAE,CAAC;IACf,MAAM,UAAU,GAAG,kBAAkB,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC;IAC/D,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,+BAA+B,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjD,OAAO,+BAA+B,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AAC1D,CAAC;AAED,MAAM,UAAU,kCAAkC,CAAC,SAAiB;IAClE,YAAY,EAAE,CAAC;IACf,OAAO,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,IAAI,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,UAAU,sCAAsC,CAAC,SAAiB;IACtE,YAAY,EAAE,CAAC;IACf,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;SAC/C,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,QAAQ,IAAI,IAAI,CAAC;SACnE,MAAM,CAAC,CAAC,QAAQ,EAAgC,EAAE,CAAC,QAAQ,KAAK,IAAI,CAAC;SACrE,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,SAAS,IAAI,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;AAChH,CAAC;AAED,MAAM,UAAU,oCAAoC,CAAC,SAAiB;IACpE,OAAO,kCAAkC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;AAC3D,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,UAAkB;IACzD,YAAY,EAAE,CAAC;IACf,OAAO,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,UAAU,2BAA2B,CACzC,SAAiB,EACjB,OAAwF;IAExF,YAAY,EAAE,CAAC;IACf,IAAI,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACpC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YACjC,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,yBAAyB,CAAC,kEAAkE,CAAC;aACxG,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACpB,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,yBAAyB,CACjC,qLAAqL,CACtL;aACF,CAAC;QACJ,CAAC;QACD,UAAU,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO;YACL,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,yBAAyB,CAAC,6BAA6B,UAAU,gEAAgE,CAAC;SAC7I,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACnC,OAAO;YACL,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,yBAAyB,CAAC,6BAA6B,UAAU,kCAAkC,CAAC;SAC/G,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAClB,OAAO,CAAC,MAAM,KAAK,YAAY;QAC7B,CAAC,CAAC,qBAAqB;QACvB,CAAC,CAAC,OAAO,CAAC,MAAM,KAAK,eAAe;YAClC,CAAC,CAAC,wBAAwB;YAC1B,CAAC,CAAC,gBAAgB,CAAC;IACzB,MAAM,UAAU,GAAG,qBAAqB,CAAC,MAAM,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC1E,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC;QACpB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,yBAAyB,CAAC,6BAA6B,UAAU,gEAAgE,CAAC;SAC7I,CAAC;IACJ,CAAC;IACD,2BAA2B,CAAC;QAC1B,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,QAAQ,EAAE,mBAAmB;QAC7B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,SAAS;QACjD,eAAe,EAAE,iBAAiB;QAClC,eAAe,EAAE,kBAAkB;KACpC,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC/B,gBAAgB,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACpE,oBAAoB,CAAC;YACnB,SAAS;YACT,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;YAClC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU;YACtC,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,QAAQ;YACtC,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,KAAK;YAChC,MAAM,EAAE,YAAY;SACrB,CAAC,CAAC;QACH,YAAY,CAAC,UAAU,CAAC,CAAC;QACzB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,yBAAyB,CAAC,6BAA6B,UAAU,gEAAgE,CAAC;SAC7I,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,eAAe,EAAE,CAAC;QACvC,gBAAgB,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACpE,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;YAChB,8BAA8B,CAAC;gBAC7B,SAAS;gBACT,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;gBAClC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU;gBACtC,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,QAAQ;gBACtC,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,KAAK;aACjC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;SAAM,CAAC;QACN,eAAe,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC9E,sBAAsB,CAAC;YACrB,SAAS;YACT,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,QAAQ;YAClC,UAAU,EAAE,MAAM,CAAC,QAAQ,CAAC,UAAU;YACtC,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,WAAW,EAAE,MAAM,CAAC,SAAS,CAAC,QAAQ;YACtC,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,KAAK;SACjC,CAAC,CAAC;IACL,CAAC;IAED,YAAY,CAAC,UAAU,CAAC,CAAC;IACzB,OAAO;QACL,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE;YACR,kBAAkB,EAAE;gBAClB,aAAa,EAAE,kBAAkB;gBACjC,iBAAiB,EAAE,iCAAiC,CAAC;oBACnD,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,QAAQ,EAAE,OAAO,CAAC,QAAQ;iBAC3B,CAAC;aACH;SACF;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kCAAkC;IAChD,YAAY,CAAC,KAAK,EAAE,CAAC;IACrB,aAAa,CAAC,KAAK,EAAE,CAAC;IACtB,eAAe,CAAC,KAAK,EAAE,CAAC;IACxB,gBAAgB,CAAC,KAAK,EAAE,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,oCAAoC,CAAC,SAAiB;IACpE,MAAM,WAAW,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAChE,KAAK,MAAM,UAAU,IAAI,WAAW;QAAE,YAAY,CAAC,UAAU,CAAC,CAAC;AACjE,CAAC"}

package/dist/daemon/pretool-url-gate.d.ts

@@ -0,0 +1,17 @@
+import type { CCPreToolPayload, SessionData } from '../shared/types.js';
+import type { Config } from '../shared/config-schema.js';
+export type PretoolUrlGateResult = {
+    action: 'continue';
+} | {
+    action: 'deny';
+    reason: string;
+    auditReason?: string;
+    logBlocked?: boolean;
+};
+export declare function resetPretoolUrlFailureCircuitForTests(): void;
+export declare function evaluatePretoolUrlGate(params: {
+    payload: CCPreToolPayload;
+    session: SessionData;
+    config: Config;
+}): Promise<PretoolUrlGateResult>;
+//# sourceMappingURL=pretool-url-gate.d.ts.map

package/dist/daemon/pretool-url-gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pretool-url-gate.d.ts","sourceRoot":"","sources":["../../src/daemon/pretool-url-gate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,WAAW,EACZ,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAczD,MAAM,MAAM,oBAAoB,GAC5B;IAAE,MAAM,EAAE,UAAU,CAAA;CAAE,GACtB;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC;AAEnF,wBAAgB,qCAAqC,IAAI,IAAI,CAE5D;AAOD,wBAAsB,sBAAsB,CAAC,MAAM,EAAE;IACnD,OAAO,EAAE,gBAAgB,CAAC;IAC1B,OAAO,EAAE,WAAW,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;CAChB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAgDhC"}

package/dist/daemon/pretool-url-gate.js

@@ -0,0 +1,60 @@
+import { extractUrlsFromToolInput } from './url-extractor.js';
+import { isResourceBlocked } from './session-state.js';
+import { logPretoolUrlBlocked, logPretoolUrlDenylistBlocked, } from './audit-logger.js';
+import { urlHashFromResourceId, urlResourceKey, } from './url-block-decisions.js';
+import { sanitizeUrlLabel } from './conversation-decision-prompt.js';
+import { evaluateUrlAccessBaseline } from './url-access-baseline.js';
+export function resetPretoolUrlFailureCircuitForTests() {
+    // Kept for older tests and reset helpers; PRD_14 removes the runtime circuit.
+}
+function denyReason(url, match) {
+    const label = sanitizeUrlLabel(url);
+    return `VGE Agent Guard: URL denied by local URL access baseline (${match.reason}): ${label}`;
+}
+export async function evaluatePretoolUrlGate(params) {
+    const extractedUrls = extractUrlsFromToolInput(params.payload.tool_name, params.payload.tool_input);
+    if (extractedUrls.length === 0)
+        return { action: 'continue' };
+    for (const extracted of extractedUrls) {
+        const resourceId = urlResourceKey(extracted.url);
+        const urlHash = urlHashFromResourceId(resourceId);
+        if (isResourceBlocked(params.session, resourceId)) {
+            logPretoolUrlBlocked({
+                sessionId: params.payload.session_id,
+                toolName: params.payload.tool_name,
+                resourceId,
+                urlHash,
+                host: extracted.host,
+                vgeDecision: 'USER_BLOCKED',
+                vgeScore: 0,
+                reason: 'user_block',
+            });
+            return {
+                action: 'deny',
+                reason: `VGE Agent Guard: URL was blocked by user decision: ${sanitizeUrlLabel(extracted.url)}`,
+                auditReason: 'user_block',
+            };
+        }
+        const match = evaluateUrlAccessBaseline(extracted.url, params.config);
+        if (!match)
+            continue;
+        logPretoolUrlDenylistBlocked({
+            sessionId: params.payload.session_id,
+            toolName: params.payload.tool_name,
+            resourceId,
+            urlHash,
+            host: match.host,
+            reason: match.reason,
+            preset: match.preset,
+            matchedRule: match.matchedRule,
+        });
+        return {
+            action: 'deny',
+            reason: denyReason(extracted.url, match),
+            auditReason: match.reason,
+            logBlocked: false,
+        };
+    }
+    return { action: 'continue' };
+}
+//# sourceMappingURL=pretool-url-gate.js.map

package/dist/daemon/pretool-url-gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pretool-url-gate.js","sourceRoot":"","sources":["../../src/daemon/pretool-url-gate.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EACL,oBAAoB,EACpB,4BAA4B,GAC7B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,qBAAqB,EACrB,cAAc,GACf,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,yBAAyB,EAA+B,MAAM,0BAA0B,CAAC;AAMlG,MAAM,UAAU,qCAAqC;IACnD,8EAA8E;AAChF,CAAC;AAED,SAAS,UAAU,CAAC,GAAW,EAAE,KAA6B;IAC5D,MAAM,KAAK,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACpC,OAAO,6DAA6D,KAAK,CAAC,MAAM,MAAM,KAAK,EAAE,CAAC;AAChG,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,MAI5C;IACC,MAAM,aAAa,GAAG,wBAAwB,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACpG,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;IAE9D,KAAK,MAAM,SAAS,IAAI,aAAa,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,cAAc,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACjD,MAAM,OAAO,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;QAElD,IAAI,iBAAiB,CAAC,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,CAAC;YAClD,oBAAoB,CAAC;gBACnB,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU;gBACpC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS;gBAClC,UAAU;gBACV,OAAO;gBACP,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,WAAW,EAAE,cAAc;gBAC3B,QAAQ,EAAE,CAAC;gBACX,MAAM,EAAE,YAAY;aACrB,CAAC,CAAC;YACH,OAAO;gBACL,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,sDAAsD,gBAAgB,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;gBAC/F,WAAW,EAAE,YAAY;aAC1B,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,yBAAyB,CAAC,SAAS,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACtE,IAAI,CAAC,KAAK;YAAE,SAAS;QAErB,4BAA4B,CAAC;YAC3B,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,UAAU;YACpC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS;YAClC,UAAU;YACV,OAAO;YACP,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,WAAW,EAAE,KAAK,CAAC,WAAW;SAC/B,CAAC,CAAC;QACH,OAAO;YACL,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC;YACxC,WAAW,EAAE,KAAK,CAAC,MAAM;YACzB,UAAU,EAAE,KAAK;SAClB,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;AAChC,CAAC"}

package/dist/daemon/prompt-input-enforcement.d.ts

@@ -0,0 +1,18 @@
+import type { CCUserPromptPayload } from '../shared/types.js';
+import type { Config } from '../shared/config-schema.js';
+import { type UserPromptBlockOutput } from './conversation-decision-prompt.js';
+export type PromptEnforcementResult = {
+    blocked: false;
+} | {
+    blocked: true;
+    ccOutput: UserPromptBlockOutput;
+};
+export declare function promptInputIdentity(sessionId: string, prompt: string): {
+    promptHash: string;
+    promptSizeBytes: number;
+    promptChars: number;
+    resourceId: string;
+    resourceLabel: string;
+};
+export declare function enforcePromptInput(payload: CCUserPromptPayload, config: Config): Promise<PromptEnforcementResult>;
+//# sourceMappingURL=prompt-input-enforcement.d.ts.map

package/dist/daemon/prompt-input-enforcement.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prompt-input-enforcement.d.ts","sourceRoot":"","sources":["../../src/daemon/prompt-input-enforcement.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAuB,MAAM,oBAAoB,CAAC;AACnF,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAYzD,OAAO,EAA2C,KAAK,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAiBxH,MAAM,MAAM,uBAAuB,GAC/B;IAAE,OAAO,EAAE,KAAK,CAAA;CAAE,GAClB;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,QAAQ,EAAE,qBAAqB,CAAA;CAAE,CAAC;AAMvD,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG;IACtE,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;CACvB,CASA;AAmDD,wBAAsB,kBAAkB,CACtC,OAAO,EAAE,mBAAmB,EAC5B,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,uBAAuB,CAAC,CA4LlC"}

package/dist/daemon/prompt-input-enforcement.js

@@ -0,0 +1,248 @@
+import * as crypto from 'crypto';
+import { consumePromptAllowOnce, createSession, getSession, grantPromptAllowOnce, isResourceAllowed, isResourceBlocked, } from './session-state.js';
+import { scanPromptInput } from './vge-client.js';
+import { buildConversationFromTranscript } from './conversation-context.js';
+import { describeVgeBlockReason, isExplicitVgeBlock } from './blocking-decision-triggers.js';
+import { blockUserPromptWithReason, branchScores } from './conversation-decision-prompt.js';
+import { logPromptTextInputAnalyzed, logPromptTextInputScanFailedOpen, logPromptTextInputScanFailedToHitl, } from './audit-logger.js';
+import { createUserPromptDecisionEscrow, renderUserPromptEscrowStopReason, } from './userprompt-decision-escrow.js';
+import { conversationDecisionTimeoutMs } from './decision-timeout.js';
+import { recordVgeScanFailure } from './decision-metrics.js';
+import { isFailOpenEligibleVgeFailure } from './vge-scan-failure-policy.js';
+const MAX_PROMPT_CHARS = 100_000;
+const MAX_PROMPT_BYTES = 200_000;
+function sha256(value) {
+    return crypto.createHash('sha256').update(value).digest('hex');
+}
+export function promptInputIdentity(sessionId, prompt) {
+    const promptHash = sha256(prompt);
+    return {
+        promptHash,
+        promptSizeBytes: Buffer.byteLength(prompt, 'utf8'),
+        promptChars: prompt.length,
+        resourceId: `prompt:${sha256(`${sessionId}\n${promptHash}`)}`,
+        resourceLabel: `Prompt input: sha256:${promptHash.slice(0, 16)}`,
+    };
+}
+function syntheticBlock(reason) {
+    return {
+        decision: 'BLOCKED',
+        arbiterSignal: 'BLOCK',
+        ruleAction: 'BLOCK',
+        score: 0,
+        branches: {},
+        blockMessage: reason,
+        localFallbackReason: reason,
+    };
+}
+function failureReason(reason) {
+    if (reason === 'missing_api_key')
+        return 'prompt_scan_missing_api_key';
+    if (reason === 'timeout')
+        return 'prompt_scan_timeout';
+    return 'prompt_scan_failed';
+}
+function createHitl(params) {
+    const decision = createUserPromptDecisionEscrow({
+        contentBytes: params.identity.promptSizeBytes,
+        contentHash: params.identity.promptHash,
+        grantAllowOnce: grantPromptAllowOnce,
+        kind: 'prompt_input',
+        originalPrompt: params.originalPrompt,
+        reason: params.reason,
+        resourceId: params.identity.resourceId,
+        resourceLabel: params.identity.resourceLabel,
+        sessionId: params.sessionId,
+        timeoutMs: params.timeoutMs,
+        vgeResult: params.vgeResult,
+    });
+    return {
+        decisionId: decision.decisionId,
+        result: {
+            blocked: true,
+            ccOutput: blockUserPromptWithReason(renderUserPromptEscrowStopReason(decision)),
+        },
+    };
+}
+export async function enforcePromptInput(payload, config) {
+    const session = getSession(payload.session_id) ?? createSession(payload.session_id, null);
+    const identity = promptInputIdentity(payload.session_id, payload.prompt);
+    const enforceDecisions = config.policy.prompt_text_analysis !== 'off';
+    if (enforceDecisions) {
+        if (isResourceBlocked(session, identity.resourceId)) {
+            return {
+                blocked: true,
+                ccOutput: blockUserPromptWithReason('VGE Agent Guard: this prompt was blocked by user decision.'),
+            };
+        }
+        if (consumePromptAllowOnce(payload.session_id, identity.resourceId))
+            return { blocked: false };
+        if (isResourceAllowed(session, identity.resourceId))
+            return { blocked: false };
+    }
+    if (identity.promptChars > MAX_PROMPT_CHARS || identity.promptSizeBytes > MAX_PROMPT_BYTES) {
+        if (!enforceDecisions) {
+            logPromptTextInputScanFailedOpen({
+                sessionId: payload.session_id,
+                promptHash: identity.promptHash,
+                promptSizeBytes: identity.promptSizeBytes,
+                promptChars: identity.promptChars,
+                resourceId: identity.resourceId,
+                reason: 'prompt_too_large_for_full_scan',
+            });
+            return { blocked: false };
+        }
+        const hitl = createHitl({
+            identity,
+            originalPrompt: payload.prompt,
+            reason: 'prompt_too_large_for_full_scan',
+            sessionId: payload.session_id,
+            timeoutMs: conversationDecisionTimeoutMs(config),
+            vgeResult: syntheticBlock('prompt_too_large_for_full_scan'),
+        });
+        logPromptTextInputScanFailedToHitl({
+            sessionId: payload.session_id,
+            promptHash: identity.promptHash,
+            promptSizeBytes: identity.promptSizeBytes,
+            promptChars: identity.promptChars,
+            resourceId: identity.resourceId,
+            decisionId: hitl.decisionId,
+            reason: 'prompt_too_large_for_full_scan',
+        });
+        return hitl.result;
+    }
+    const transcriptPath = typeof payload.transcript_path === 'string' ? payload.transcript_path : '';
+    const conversation = transcriptPath ? buildConversationFromTranscript(transcriptPath) : [];
+    const scan = await scanPromptInput(payload.prompt, {
+        sessionId: payload.session_id,
+        resourceId: identity.resourceId,
+        timeoutMs: config.vge.userprompt_text_budget_ms,
+        conversation,
+    });
+    if (!scan.result) {
+        const rawReason = scan.failureReason ?? 'vge_error';
+        const reason = failureReason(rawReason);
+        if (!enforceDecisions) {
+            recordVgeScanFailure({
+                stage: 'prompt_text',
+                failureReason: rawReason,
+                actionTaken: 'fail_open',
+            });
+            logPromptTextInputScanFailedOpen({
+                sessionId: payload.session_id,
+                promptHash: identity.promptHash,
+                promptSizeBytes: identity.promptSizeBytes,
+                promptChars: identity.promptChars,
+                resourceId: identity.resourceId,
+                reason,
+                failureReason: rawReason,
+                httpStatus: scan.httpStatus,
+                elapsedMs: scan.elapsedMs,
+                localRequestId: scan.localRequestId,
+                attempt: scan.attempt,
+                retryAfterMs: scan.retryAfterMs,
+            });
+            return { blocked: false };
+        }
+        if (config.policy.vge_failure_mode.prompt_text === 'fail_open' &&
+            isFailOpenEligibleVgeFailure({ failureReason: rawReason, httpStatus: scan.httpStatus })) {
+            recordVgeScanFailure({
+                stage: 'prompt_text',
+                failureReason: rawReason,
+                actionTaken: 'fail_open',
+            });
+            logPromptTextInputScanFailedOpen({
+                sessionId: payload.session_id,
+                promptHash: identity.promptHash,
+                promptSizeBytes: identity.promptSizeBytes,
+                promptChars: identity.promptChars,
+                resourceId: identity.resourceId,
+                reason,
+                failureReason: rawReason,
+                httpStatus: scan.httpStatus,
+                elapsedMs: scan.elapsedMs,
+                localRequestId: scan.localRequestId,
+                attempt: scan.attempt,
+                retryAfterMs: scan.retryAfterMs,
+            });
+            return { blocked: false };
+        }
+        recordVgeScanFailure({
+            stage: 'prompt_text',
+            failureReason: rawReason,
+            actionTaken: 'fail_closed',
+        });
+        const hitl = createHitl({
+            identity,
+            originalPrompt: payload.prompt,
+            reason,
+            sessionId: payload.session_id,
+            timeoutMs: conversationDecisionTimeoutMs(config),
+            vgeResult: syntheticBlock(reason),
+        });
+        logPromptTextInputScanFailedToHitl({
+            sessionId: payload.session_id,
+            promptHash: identity.promptHash,
+            promptSizeBytes: identity.promptSizeBytes,
+            promptChars: identity.promptChars,
+            resourceId: identity.resourceId,
+            decisionId: hitl.decisionId,
+            reason,
+        });
+        return hitl.result;
+    }
+    const branches = branchScores(scan.result);
+    if (!enforceDecisions) {
+        logPromptTextInputAnalyzed({
+            sessionId: payload.session_id,
+            promptHash: identity.promptHash,
+            promptSizeBytes: identity.promptSizeBytes,
+            promptChars: identity.promptChars,
+            resourceId: identity.resourceId,
+            vgeDecision: scan.result.decision,
+            vgeScore: scan.result.score,
+            vgeCategories: scan.result.categories,
+            branches,
+            enforcementTaken: 'none',
+        });
+        return { blocked: false };
+    }
+    if (isExplicitVgeBlock(scan.result)) {
+        const hitl = createHitl({
+            identity,
+            originalPrompt: payload.prompt,
+            reason: describeVgeBlockReason(scan.result),
+            sessionId: payload.session_id,
+            timeoutMs: conversationDecisionTimeoutMs(config),
+            vgeResult: scan.result,
+        });
+        logPromptTextInputAnalyzed({
+            sessionId: payload.session_id,
+            promptHash: identity.promptHash,
+            promptSizeBytes: identity.promptSizeBytes,
+            promptChars: identity.promptChars,
+            resourceId: identity.resourceId,
+            decisionId: hitl.decisionId,
+            vgeDecision: scan.result.decision,
+            vgeScore: scan.result.score,
+            vgeCategories: scan.result.categories,
+            branches,
+            enforcementTaken: 'hitl',
+        });
+        return hitl.result;
+    }
+    logPromptTextInputAnalyzed({
+        sessionId: payload.session_id,
+        promptHash: identity.promptHash,
+        promptSizeBytes: identity.promptSizeBytes,
+        promptChars: identity.promptChars,
+        resourceId: identity.resourceId,
+        vgeDecision: scan.result.decision,
+        vgeScore: scan.result.score,
+        vgeCategories: scan.result.categories,
+        branches,
+        enforcementTaken: 'none',
+    });
+    return { blocked: false };
+}
+//# sourceMappingURL=prompt-input-enforcement.js.map