@vigil-guard/vge-cc-guard 0.9.0-beta.1

package/dist/shared/url-patterns.js

@@ -0,0 +1,165 @@
+import net from 'node:net';
+const HOST_LABEL = '[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?';
+const HOST_PATTERN_RE = new RegExp(`^(?:${HOST_LABEL}\\.)*${HOST_LABEL}$`);
+const SCHEME_RE = /^[a-z][a-z0-9+.-]*$/;
+const CONTROL_RE = /[\x00-\x1f\x7f]/;
+const REGEX_ONLY_RE = /[\\^$+()[\]{}]/;
+const MAX_URL_GLOB_WILDCARDS = 8;
+export function normalizeUrlHostPattern(pattern) {
+    return pattern.trim().toLowerCase().replace(/^\[([^\]]+)\]$/, '$1');
+}
+export function isValidUrlHostPattern(pattern) {
+    const normalized = normalizeUrlHostPattern(pattern);
+    if (!normalized)
+        return false;
+    if (normalized.includes('://') || normalized.includes('/') || normalized.includes('\\'))
+        return false;
+    if (normalized.includes('*') && !normalized.startsWith('*.'))
+        return false;
+    if (normalized.startsWith('*.')) {
+        const suffix = normalized.slice(2);
+        return HOST_PATTERN_RE.test(suffix) && net.isIP(suffix) === 0;
+    }
+    return HOST_PATTERN_RE.test(normalized) || net.isIP(normalized) !== 0;
+}
+export function hostnameMatchesUrlPattern(hostname, pattern) {
+    const host = normalizeUrlHostPattern(hostname);
+    const normalizedPattern = normalizeUrlHostPattern(pattern);
+    if (!isValidUrlHostPattern(normalizedPattern))
+        return false;
+    if (host === normalizedPattern)
+        return true;
+    if (!normalizedPattern.startsWith('*.'))
+        return false;
+    const suffix = normalizedPattern.slice(2);
+    return host.endsWith(`.${suffix}`);
+}
+export function normalizeUrlScheme(scheme) {
+    return scheme.trim().toLowerCase().replace(/:$/, '');
+}
+export function isValidUrlScheme(scheme) {
+    const normalized = normalizeUrlScheme(scheme);
+    return SCHEME_RE.test(normalized) && !scheme.includes('://');
+}
+export function normalizeCidr(cidr) {
+    return cidr.trim().toLowerCase().replace(/^\[([^\]]+)\](\/\d+)$/, '$1$2');
+}
+export function isValidCidr(cidr) {
+    const normalized = normalizeCidr(cidr);
+    const [address, prefixText, extra] = normalized.split('/');
+    if (!address || !prefixText || extra !== undefined)
+        return false;
+    const ipVersion = net.isIP(address);
+    if (ipVersion === 0)
+        return false;
+    const prefix = Number(prefixText);
+    if (!Number.isInteger(prefix))
+        return false;
+    return ipVersion === 4 ? prefix >= 0 && prefix <= 32 : prefix >= 0 && prefix <= 128;
+}
+export function cidrContainsIp(ip, cidr) {
+    const normalizedIp = normalizeUrlHostPattern(ip);
+    const normalizedCidr = normalizeCidr(cidr);
+    const [rangeAddress, prefixText] = normalizedCidr.split('/');
+    if (!rangeAddress || !prefixText || !isValidCidr(normalizedCidr))
+        return false;
+    const ipVersion = net.isIP(normalizedIp);
+    if (ipVersion === 0 || ipVersion !== net.isIP(rangeAddress))
+        return false;
+    const prefix = Number(prefixText);
+    if (ipVersion === 4) {
+        const ipValue = ipv4ToNumber(normalizedIp);
+        const rangeValue = ipv4ToNumber(rangeAddress);
+        const mask = prefix === 0 ? 0 : (0xffffffff << (32 - prefix)) >>> 0;
+        return (ipValue & mask) === (rangeValue & mask);
+    }
+    const ipValue = ipv6ToBigInt(normalizedIp);
+    const rangeValue = ipv6ToBigInt(rangeAddress);
+    if (ipValue === null || rangeValue === null)
+        return false;
+    const hostBits = 128n - BigInt(prefix);
+    const mask = hostBits === 128n ? 0n : ((1n << 128n) - 1n) << hostBits;
+    return (ipValue & mask) === (rangeValue & mask);
+}
+export function normalizeUrlGlobPattern(pattern) {
+    return pattern.trim();
+}
+export function isValidUrlGlobPattern(pattern) {
+    const normalized = normalizeUrlGlobPattern(pattern);
+    if (!normalized || CONTROL_RE.test(normalized))
+        return false;
+    if (REGEX_ONLY_RE.test(normalized))
+        return false;
+    if (!normalized.includes('://'))
+        return false;
+    if ((normalized.match(/\*/g)?.length ?? 0) > MAX_URL_GLOB_WILDCARDS)
+        return false;
+    try {
+        const probe = normalized.replace(/\*/g, 'x');
+        new URL(probe);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export function urlMatchesGlobPattern(rawUrl, pattern) {
+    if (!isValidUrlGlobPattern(pattern))
+        return false;
+    const normalizedUrl = normalizeUrlForPattern(rawUrl);
+    if (!normalizedUrl)
+        return false;
+    const escapedPattern = normalizeUrlGlobPattern(pattern)
+        .split('*')
+        .map(escapeRegex)
+        .join('.*');
+    return new RegExp(`^${escapedPattern}$`, 'i').test(normalizedUrl);
+}
+function ipv4ToNumber(ip) {
+    return ip.split('.').reduce((value, octet) => ((value << 8) | Number(octet)) >>> 0, 0);
+}
+function ipv6ToBigInt(ip) {
+    const pieces = expandIpv6(ip);
+    if (!pieces)
+        return null;
+    return pieces.reduce((value, piece) => (value << 16n) + BigInt(parseInt(piece, 16)), 0n);
+}
+function expandIpv6(ip) {
+    const ipv4Tail = ip.match(/(.+):(\d+\.\d+\.\d+\.\d+)$/);
+    const normalized = ipv4Tail
+        ? `${ipv4Tail[1]}:${ipv4Tail[2]
+            .split('.')
+            .reduce((parts, octet, index, octets) => {
+            if (index % 2 === 0)
+                parts.push(((Number(octet) << 8) | Number(octets[index + 1])).toString(16));
+            return parts;
+        }, [])
+            .join(':')}`
+        : ip;
+    const halves = normalized.split('::');
+    if (halves.length > 2)
+        return null;
+    const left = halves[0] ? halves[0].split(':') : [];
+    const right = halves[1] ? halves[1].split(':') : [];
+    const missing = 8 - left.length - right.length;
+    if (missing < 0)
+        return null;
+    const expanded = halves.length === 1 ? left : [...left, ...Array(missing).fill('0'), ...right];
+    if (expanded.length !== 8)
+        return null;
+    return expanded.every((piece) => /^[0-9a-f]{1,4}$/i.test(piece)) ? expanded : null;
+}
+function normalizeUrlForPattern(rawUrl) {
+    try {
+        const url = new URL(rawUrl);
+        url.hash = '';
+        return url.toString();
+    }
+    catch {
+        return null;
+    }
+}
+function escapeRegex(value) {
+    return value.replace(/[|\\{}()[\]^$+?.]/g, '\\$&');
+}
+//# sourceMappingURL=url-patterns.js.map

package/dist/shared/url-patterns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-patterns.js","sourceRoot":"","sources":["../../src/shared/url-patterns.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,UAAU,CAAC;AAE3B,MAAM,UAAU,GAAG,sCAAsC,CAAC;AAC1D,MAAM,eAAe,GAAG,IAAI,MAAM,CAAC,OAAO,UAAU,QAAQ,UAAU,GAAG,CAAC,CAAC;AAC3E,MAAM,SAAS,GAAG,qBAAqB,CAAC;AACxC,MAAM,UAAU,GAAG,iBAAiB,CAAC;AACrC,MAAM,aAAa,GAAG,gBAAgB,CAAC;AACvC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AAEjC,MAAM,UAAU,uBAAuB,CAAC,OAAe;IACrD,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,OAAe;IACnD,MAAM,UAAU,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;IACpD,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAC9B,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACtG,IAAI,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAC3E,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACnC,OAAO,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;AACxE,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,QAAgB,EAAE,OAAe;IACzE,MAAM,IAAI,GAAG,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,iBAAiB,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;IAC3D,IAAI,CAAC,qBAAqB,CAAC,iBAAiB,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5D,IAAI,IAAI,KAAK,iBAAiB;QAAE,OAAO,IAAI,CAAC;IAC5C,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAEtD,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC1C,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,MAAc;IAC/C,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,MAAc;IAC7C,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC9C,OAAO,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,CAAC,OAAO,EAAE,UAAU,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3D,IAAI,CAAC,OAAO,IAAI,CAAC,UAAU,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IAEjE,MAAM,SAAS,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,IAAI,SAAS,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IAClC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAE5C,OAAO,SAAS,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,MAAM,IAAI,GAAG,CAAC;AACtF,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,EAAU,EAAE,IAAY;IACrD,MAAM,YAAY,GAAG,uBAAuB,CAAC,EAAE,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,CAAC,YAAY,EAAE,UAAU,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7D,IAAI,CAAC,YAAY,IAAI,CAAC,UAAU,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC;QAAE,OAAO,KAAK,CAAC;IAE/E,MAAM,SAAS,GAAG,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACzC,IAAI,SAAS,KAAK,CAAC,IAAI,SAAS,KAAK,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC;QAAE,OAAO,KAAK,CAAC;IAE1E,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC;IAClC,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,OAAO,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;QAC3C,MAAM,UAAU,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;QAC9C,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,CAAC,EAAE,GAAG,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC;QACpE,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAClD,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;IAC3C,MAAM,UAAU,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;IAC9C,IAAI,OAAO,KAAK,IAAI,IAAI,UAAU,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAC1D,MAAM,QAAQ,GAAG,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,QAAQ,CAAC;IACtE,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;AAClD,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,OAAe;IACrD,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,OAAe;IACnD,MAAM,UAAU,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;IACpD,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7D,IAAI,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC;QAAE,OAAO,KAAK,CAAC;IACjD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC9C,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,sBAAsB;QAAE,OAAO,KAAK,CAAC;IAClF,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC7C,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QACf,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,MAAc,EAAE,OAAe;IACnE,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC;QAAE,OAAO,KAAK,CAAC;IAClD,MAAM,aAAa,GAAG,sBAAsB,CAAC,MAAM,CAAC,CAAC;IACrD,IAAI,CAAC,aAAa;QAAE,OAAO,KAAK,CAAC;IAEjC,MAAM,cAAc,GAAG,uBAAuB,CAAC,OAAO,CAAC;SACpD,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,WAAW,CAAC;SAChB,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,IAAI,MAAM,CAAC,IAAI,cAAc,GAAG,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,YAAY,CAAC,EAAU;IAC9B,OAAO,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;AACzF,CAAC;AAED,SAAS,YAAY,CAAC,EAAU;IAC9B,MAAM,MAAM,GAAG,UAAU,CAAC,EAAE,CAAC,CAAC;IAC9B,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,IAAI,GAAG,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC3F,CAAC;AAED,SAAS,UAAU,CAAC,EAAU;IAC5B,MAAM,QAAQ,GAAG,EAAE,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;IACxD,MAAM,UAAU,GAAG,QAAQ;QACzB,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC;aAC1B,KAAK,CAAC,GAAG,CAAC;aACV,MAAM,CAAW,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;YAChD,IAAI,KAAK,GAAG,CAAC,KAAK,CAAC;gBAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;YACjG,OAAO,KAAK,CAAC;QACf,CAAC,EAAE,EAAE,CAAC;aACL,IAAI,CAAC,GAAG,CAAC,EAAE;QAChB,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACpD,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAC/C,IAAI,OAAO,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAE7B,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,EAAE,GAAG,KAAK,CAAS,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,KAAK,CAAC,CAAC;IACvG,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,OAAO,QAAQ,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;AACrF,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAc;IAC5C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC5B,GAAG,CAAC,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,KAAa;IAChC,OAAO,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;AACrD,CAAC"}

package/dist/shared/vge-url.d.ts

@@ -0,0 +1,16 @@
+export type VgeApiUrlValidation = {
+    ok: true;
+    url: string;
+} | {
+    ok: false;
+    reason: string;
+};
+export interface VgeApiUrlValidationOptions {
+    allowDevEndpoint?: boolean;
+}
+export declare function validateVgeApiUrl(candidate: string, opts?: VgeApiUrlValidationOptions): VgeApiUrlValidation;
+export declare function isSafeVgeApiUrl(candidate: string, opts?: VgeApiUrlValidationOptions): boolean;
+export declare function allowDevVgeEndpointFromEnv(): boolean;
+export declare function validateVgeApiUrlFromEnv(candidate: string): VgeApiUrlValidation;
+export declare function isSafeVgeApiUrlFromEnv(candidate: string): boolean;
+//# sourceMappingURL=vge-url.d.ts.map

package/dist/shared/vge-url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vge-url.d.ts","sourceRoot":"","sources":["../../src/shared/vge-url.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,mBAAmB,GAC3B;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GACzB;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAElC,MAAM,WAAW,0BAA0B;IACzC,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AA+CD,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,EACjB,IAAI,GAAE,0BAA+B,GACpC,mBAAmB,CAmBrB;AAED,wBAAgB,eAAe,CAC7B,SAAS,EAAE,MAAM,EACjB,IAAI,GAAE,0BAA+B,GACpC,OAAO,CAET;AAED,wBAAgB,0BAA0B,IAAI,OAAO,CAEpD;AAED,wBAAgB,wBAAwB,CAAC,SAAS,EAAE,MAAM,GAAG,mBAAmB,CAE/E;AAED,wBAAgB,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAEjE"}

package/dist/shared/vge-url.js

@@ -0,0 +1,75 @@
+function normalizedHostname(url) {
+    return url.hostname.toLowerCase().replace(/^\[|\]$/g, '').replace(/\.$/, '');
+}
+function parseIpv4(hostname) {
+    if (!/^\d{1,3}(?:\.\d{1,3}){3}$/.test(hostname))
+        return null;
+    const octets = hostname.split('.').map((part) => Number(part));
+    return octets.every((octet) => Number.isInteger(octet) && octet >= 0 && octet <= 255)
+        ? octets
+        : null;
+}
+function isRejectedIpv4(octets) {
+    const [a, b] = octets;
+    if (a === 0 ||
+        a === 10 ||
+        a === 127 ||
+        a === 100 && b >= 64 && b <= 127 ||
+        a === 169 && b === 254 ||
+        a === 192 && b === 168) {
+        return true;
+    }
+    return a === 172 && b >= 16 && b <= 31;
+}
+function isLoopbackIpv4(octets) {
+    return octets[0] === 127;
+}
+function isLocalDevHost(hostname) {
+    if (hostname === 'localhost')
+        return true;
+    const ipv4 = parseIpv4(hostname);
+    if (ipv4)
+        return isLoopbackIpv4(ipv4);
+    return false;
+}
+function isRejectedHost(hostname) {
+    if (hostname === 'localhost')
+        return true;
+    const ipv4 = parseIpv4(hostname);
+    if (ipv4)
+        return isRejectedIpv4(ipv4);
+    return hostname.includes(':');
+}
+export function validateVgeApiUrl(candidate, opts = {}) {
+    let parsed;
+    try {
+        parsed = new URL(candidate.trim());
+    }
+    catch {
+        return { ok: false, reason: 'api_url must be a valid URL' };
+    }
+    const hostname = normalizedHostname(parsed);
+    if (opts.allowDevEndpoint && parsed.protocol === 'http:' && isLocalDevHost(hostname)) {
+        return { ok: true, url: parsed.toString().replace(/\/+$/, '') };
+    }
+    if (parsed.protocol !== 'https:') {
+        return { ok: false, reason: 'api_url must use HTTPS' };
+    }
+    if (isRejectedHost(hostname)) {
+        return { ok: false, reason: 'api_url must not target localhost, loopback, private, or link-local hosts' };
+    }
+    return { ok: true, url: parsed.toString().replace(/\/+$/, '') };
+}
+export function isSafeVgeApiUrl(candidate, opts = {}) {
+    return validateVgeApiUrl(candidate, opts).ok;
+}
+export function allowDevVgeEndpointFromEnv() {
+    return process.env['VGE_ALLOW_DEV_ENDPOINT'] === '1';
+}
+export function validateVgeApiUrlFromEnv(candidate) {
+    return validateVgeApiUrl(candidate, { allowDevEndpoint: allowDevVgeEndpointFromEnv() });
+}
+export function isSafeVgeApiUrlFromEnv(candidate) {
+    return validateVgeApiUrlFromEnv(candidate).ok;
+}
+//# sourceMappingURL=vge-url.js.map

package/dist/shared/vge-url.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vge-url.js","sourceRoot":"","sources":["../../src/shared/vge-url.ts"],"names":[],"mappings":"AAQA,SAAS,kBAAkB,CAAC,GAAQ;IAClC,OAAO,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB;IACjC,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAC7D,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,KAAK,IAAI,GAAG,CAAC;QACnF,CAAC,CAAC,MAAM;QACR,CAAC,CAAC,IAAI,CAAC;AACX,CAAC;AAED,SAAS,cAAc,CAAC,MAAgB;IACtC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC;IACtB,IACE,CAAC,KAAK,CAAC;QACP,CAAC,KAAK,EAAE;QACR,CAAC,KAAK,GAAG;QACT,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,GAAG;QAChC,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QACtB,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,EACtB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;AACzC,CAAC;AAED,SAAS,cAAc,CAAC,MAAgB;IACtC,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC;AAC3B,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,IAAI,QAAQ,KAAK,WAAW;QAAE,OAAO,IAAI,CAAC;IAC1C,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IACjC,IAAI,IAAI;QAAE,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,IAAI,QAAQ,KAAK,WAAW;QAAE,OAAO,IAAI,CAAC;IAC1C,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IACjC,IAAI,IAAI;QAAE,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,OAAO,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,SAAiB,EACjB,OAAmC,EAAE;IAErC,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;IACrC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;IAC9D,CAAC;IAED,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC5C,IAAI,IAAI,CAAC,gBAAgB,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC;IAClE,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;IACzD,CAAC;IACD,IAAI,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,2EAA2E,EAAE,CAAC;IAC5G,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC;AAClE,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,SAAiB,EACjB,OAAmC,EAAE;IAErC,OAAO,iBAAiB,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,0BAA0B;IACxC,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,KAAK,GAAG,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,SAAiB;IACxD,OAAO,iBAAiB,CAAC,SAAS,EAAE,EAAE,gBAAgB,EAAE,0BAA0B,EAAE,EAAE,CAAC,CAAC;AAC1F,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,SAAiB;IACtD,OAAO,wBAAwB,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;AAChD,CAAC"}

package/dist/shared/vge-verification.d.ts

@@ -0,0 +1,18 @@
+import type { Config } from './config-schema.js';
+export interface VgeVerificationValues {
+    apiUrl: string;
+    apiKeyInput: string;
+    apiKeyOutput: string | null;
+}
+export interface VgeVerificationMetadata {
+    verified_at: string;
+    verified_api_url: string;
+    verified_input_key_fingerprint: string | null;
+    verified_output_key_fingerprint: string | null;
+}
+export declare function vgeKeyFingerprint(key: string | null): string | null;
+export declare function buildVgeVerificationMetadata(input: VgeVerificationValues & {
+    verifiedAt: string;
+}): VgeVerificationMetadata;
+export declare function isVgeVerificationCurrent(config: Config): boolean;
+//# sourceMappingURL=vge-verification.d.ts.map

package/dist/shared/vge-verification.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"vge-verification.d.ts","sourceRoot":"","sources":["../../src/shared/vge-verification.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAEjD,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,8BAA8B,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9C,+BAA+B,EAAE,MAAM,GAAG,IAAI,CAAC;CAChD;AAED,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,GAAG,IAAI,CAGnE;AAED,wBAAgB,4BAA4B,CAC1C,KAAK,EAAE,qBAAqB,GAAG;IAAE,UAAU,EAAE,MAAM,CAAA;CAAE,GACpD,uBAAuB,CAOzB;AAED,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAQhE"}

package/dist/shared/vge-verification.js

@@ -0,0 +1,24 @@
+import { createHash } from 'node:crypto';
+export function vgeKeyFingerprint(key) {
+    if (!key || key.length === 0)
+        return null;
+    return `sha256:${createHash('sha256').update(key).digest('hex')}`;
+}
+export function buildVgeVerificationMetadata(input) {
+    return {
+        verified_at: input.verifiedAt,
+        verified_api_url: input.apiUrl,
+        verified_input_key_fingerprint: vgeKeyFingerprint(input.apiKeyInput),
+        verified_output_key_fingerprint: vgeKeyFingerprint(input.apiKeyOutput),
+    };
+}
+export function isVgeVerificationCurrent(config) {
+    const vge = config.vge;
+    if (!vge.verified_at)
+        return false;
+    if (vge.verified_api_url !== vge.api_url)
+        return false;
+    return (vge.verified_input_key_fingerprint === vgeKeyFingerprint(vge.api_key_input) &&
+        vge.verified_output_key_fingerprint === vgeKeyFingerprint(vge.api_key_output));
+}
+//# sourceMappingURL=vge-verification.js.map

package/dist/shared/vge-verification.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vge-verification.js","sourceRoot":"","sources":["../../src/shared/vge-verification.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAgBzC,MAAM,UAAU,iBAAiB,CAAC,GAAkB;IAClD,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1C,OAAO,UAAU,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,KAAqD;IAErD,OAAO;QACL,WAAW,EAAE,KAAK,CAAC,UAAU;QAC7B,gBAAgB,EAAE,KAAK,CAAC,MAAM;QAC9B,8BAA8B,EAAE,iBAAiB,CAAC,KAAK,CAAC,WAAW,CAAC;QACpE,+BAA+B,EAAE,iBAAiB,CAAC,KAAK,CAAC,YAAY,CAAC;KACvE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,MAAc;IACrD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;IACvB,IAAI,CAAC,GAAG,CAAC,WAAW;QAAE,OAAO,KAAK,CAAC;IACnC,IAAI,GAAG,CAAC,gBAAgB,KAAK,GAAG,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IACvD,OAAO,CACL,GAAG,CAAC,8BAA8B,KAAK,iBAAiB,CAAC,GAAG,CAAC,aAAa,CAAC;QAC3E,GAAG,CAAC,+BAA+B,KAAK,iBAAiB,CAAC,GAAG,CAAC,cAAc,CAAC,CAC9E,CAAC;AACJ,CAAC"}

package/dist/shim/daemon-start-lock.d.ts

@@ -0,0 +1,13 @@
+import { type RuntimeLockAcquireResult, type RuntimeLockOwner } from '../shared/runtime-lock.js';
+export interface DaemonStartOwner extends RuntimeLockOwner {
+    purpose: 'daemon-start';
+    socketPath: string;
+    binaryPath: string;
+    binarySha256: string;
+}
+export declare function resolveDaemonStartLockDir(configDir?: string): string;
+export declare function acquireDaemonStartLock(args: {
+    socketPath: string;
+    binaryPath: string;
+}): RuntimeLockAcquireResult<DaemonStartOwner>;
+//# sourceMappingURL=daemon-start-lock.d.ts.map

package/dist/shim/daemon-start-lock.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"daemon-start-lock.d.ts","sourceRoot":"","sources":["../../src/shim/daemon-start-lock.ts"],"names":[],"mappings":"AAIA,OAAO,EAEL,KAAK,wBAAwB,EAC7B,KAAK,gBAAgB,EACtB,MAAM,2BAA2B,CAAC;AAEnC,MAAM,WAAW,gBAAiB,SAAQ,gBAAgB;IACxD,OAAO,EAAE,cAAc,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,wBAAgB,yBAAyB,CAAC,SAAS,SAAqB,GAAG,MAAM,CAEhF;AAED,wBAAgB,sBAAsB,CAAC,IAAI,EAAE;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB,GAAG,wBAAwB,CAAC,gBAAgB,CAAC,CAa7C"}

package/dist/shim/daemon-start-lock.js

@@ -0,0 +1,26 @@
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import { currentBuildStamp } from '../shared/build-stamp.js';
+import { acquireRuntimeLock, } from '../shared/runtime-lock.js';
+export function resolveDaemonStartLockDir(configDir = resolveConfigDir()) {
+    return path.join(configDir, 'daemon-start.lock');
+}
+export function acquireDaemonStartLock(args) {
+    const configDir = resolveConfigDir();
+    fs.mkdirSync(configDir, { recursive: true });
+    const stamp = currentBuildStamp(args.binaryPath);
+    return acquireRuntimeLock(resolveDaemonStartLockDir(configDir), {
+        schemaVersion: 1,
+        purpose: 'daemon-start',
+        pid: process.pid,
+        createdAt: new Date().toISOString(),
+        socketPath: args.socketPath,
+        binaryPath: stamp.binaryPath,
+        binarySha256: stamp.binarySha256,
+    });
+}
+function resolveConfigDir() {
+    return process.env['VGE_CC_GUARD_CONFIG_DIR'] ?? path.join(os.homedir(), '.vge-cc-guard');
+}
+//# sourceMappingURL=daemon-start-lock.js.map

package/dist/shim/daemon-start-lock.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"daemon-start-lock.js","sourceRoot":"","sources":["../../src/shim/daemon-start-lock.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EACL,kBAAkB,GAGnB,MAAM,2BAA2B,CAAC;AASnC,MAAM,UAAU,yBAAyB,CAAC,SAAS,GAAG,gBAAgB,EAAE;IACtE,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,IAGtC;IACC,MAAM,SAAS,GAAG,gBAAgB,EAAE,CAAC;IACrC,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACjD,OAAO,kBAAkB,CAAC,yBAAyB,CAAC,SAAS,CAAC,EAAE;QAC9D,aAAa,EAAE,CAAC;QAChB,OAAO,EAAE,cAAc;QACvB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,YAAY,EAAE,KAAK,CAAC,YAAY;KACjC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB;IACvB,OAAO,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,eAAe,CAAC,CAAC;AAC5F,CAAC"}

package/dist/shim/index.d.ts

@@ -0,0 +1,17 @@
+export declare function shouldStartInlineResolver(event: string, envValue?: string | undefined): boolean;
+export declare function resolveRequestTimeoutMs(envValue?: string | undefined): number;
+export interface SocketResult {
+    body: string;
+    status: number;
+}
+interface RetryOptions {
+    retryBudgetMs?: number;
+    backoffMs?: number[];
+    sleep?: (ms: number) => Promise<void>;
+    send?: () => Promise<SocketResult | null>;
+}
+export declare function sendToSocketWithRetry(socketPath: string, event: string, payload: unknown, opts?: RetryOptions): Promise<SocketResult | null>;
+export declare function main(): Promise<void>;
+export declare function daemonFailureExitCode(event: string): number;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/shim/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/shim/index.ts"],"names":[],"mappings":"AAYA,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,MAAM,EACb,QAAQ,qBAA8C,GACrD,OAAO,CAET;AAED,wBAAgB,uBAAuB,CAAC,QAAQ,qBAA8C,GAAG,MAAM,CAKtG;AAeD,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,UAAU,YAAY;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,KAAK,CAAC,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,EAAE,MAAM,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;CAC3C;AAqCD,wBAAsB,qBAAqB,CACzC,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,OAAO,EAChB,IAAI,GAAE,YAAiB,GACtB,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAmB9B;AA+CD,wBAAsB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAsD1C;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE3D"}

package/dist/shim/index.js

@@ -0,0 +1,180 @@
+import * as http from 'http';
+import { ensureDaemonRunning } from './lazy-start.js';
+import { sessionIdFromHookPayload, startInlineResolver } from './inline-resolver.js';
+import { getIpcAddress } from '../shared/ipc-address.js';
+import { readDaemonToken, tokenHeader } from '../shared/daemon-token.js';
+const DEFAULT_REQUEST_TIMEOUT_MS = 125_000;
+const MAX_REQUEST_TIMEOUT_MS = 125_000;
+const CLAUDE_CODE_COMMAND_TIMEOUT_MS = 600_000;
+const DEFAULT_RESTART_RETRY_BUDGET_MS = 1_000;
+const DEFAULT_RESTART_BACKOFF_MS = [50, 100, 200, 400];
+export function shouldStartInlineResolver(event, envValue = process.env['VGE_CC_GUARD_INLINE_RESOLVER']) {
+    return envValue === '1' && (event === 'pretool' || event === 'posttool');
+}
+export function resolveRequestTimeoutMs(envValue = process.env['VGE_CC_GUARD_HOOK_TIMEOUT_MS']) {
+    if (envValue === undefined || envValue.trim() === '')
+        return DEFAULT_REQUEST_TIMEOUT_MS;
+    const parsed = Number(envValue);
+    if (!Number.isInteger(parsed) || parsed <= 0)
+        return DEFAULT_REQUEST_TIMEOUT_MS;
+    return Math.min(parsed, MAX_REQUEST_TIMEOUT_MS, CLAUDE_CODE_COMMAND_TIMEOUT_MS - 1);
+}
+function readStdin() {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        process.stdin.on('data', (chunk) => chunks.push(chunk));
+        process.stdin.on('end', () => resolve(Buffer.concat(chunks).toString('utf8')));
+        process.stdin.on('error', reject);
+    });
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function sendToSocket(socketPath, event, payload) {
+    return new Promise((resolve) => {
+        // Daemon routes expect the CC payload directly; event name is conveyed via URL path.
+        const body = JSON.stringify(payload);
+        const token = readDaemonToken();
+        const req = http.request({
+            socketPath,
+            path: `/v1/hooks/${event}`,
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Content-Length': Buffer.byteLength(body),
+                ...(token ? tokenHeader(token) : {}),
+            },
+            timeout: resolveRequestTimeoutMs(),
+        }, (res) => {
+            const chunks = [];
+            res.on('data', (c) => chunks.push(c));
+            res.on('end', () => resolve({ body: Buffer.concat(chunks).toString('utf8'), status: res.statusCode ?? 0 }));
+        });
+        req.on('error', () => resolve(null));
+        req.on('timeout', () => {
+            req.destroy();
+            resolve(null);
+        });
+        req.write(body);
+        req.end();
+    });
+}
+export async function sendToSocketWithRetry(socketPath, event, payload, opts = {}) {
+    const retryBudgetMs = opts.retryBudgetMs ?? DEFAULT_RESTART_RETRY_BUDGET_MS;
+    const backoffMs = opts.backoffMs ?? DEFAULT_RESTART_BACKOFF_MS;
+    const sleepFor = opts.sleep ?? sleep;
+    const send = opts.send ?? (() => sendToSocket(socketPath, event, payload));
+    let spentMs = 0;
+    let attempt = 0;
+    for (;;) {
+        const result = await send();
+        if (!shouldRetryDaemonRequest(result))
+            return result;
+        const delayMs = backoffMs[Math.min(attempt, backoffMs.length - 1)] ?? retryBudgetMs;
+        if (spentMs + delayMs > retryBudgetMs)
+            return result;
+        await sleepFor(delayMs);
+        spentMs += Math.max(delayMs, 1);
+        attempt += 1;
+    }
+}
+function shouldRetryDaemonRequest(result) {
+    if (result === null)
+        return true;
+    if (result.status === 401)
+        return true;
+    if (result.status === 503 && responseError(result.body) === 'daemon_draining')
+        return false;
+    return false;
+}
+function responseError(body) {
+    try {
+        const parsed = JSON.parse(body);
+        return typeof parsed.error === 'string' ? parsed.error : null;
+    }
+    catch {
+        return null;
+    }
+}
+// Returns true iff the response was successfully forwarded to stdout in the
+// shape Claude Code expects. False signals a malformed/non-JSON daemon response —
+// caller decides exit code (fail-closed for pretool, fail-open otherwise).
+function writeResponse(event, responseText) {
+    let parsed;
+    try {
+        parsed = JSON.parse(responseText);
+    }
+    catch {
+        return false;
+    }
+    if (event === 'pretool') {
+        // Daemon for pretool returns CC-ready { hookSpecificOutput: {...} }.
+        // Verify the shape before claiming success — otherwise CC sees nothing
+        // and defaults to allow (fail-open). PR-review C2.
+        const hso = parsed.hookSpecificOutput;
+        if (!hso || typeof hso.permissionDecision !== 'string')
+            return false;
+        process.stdout.write(responseText.trimEnd() + '\n');
+        return true;
+    }
+    // Non-PreTool hook routes return { ccOutput: ... } and write nothing when it is null.
+    const wrapped = parsed;
+    if (wrapped.ccOutput != null) {
+        process.stdout.write(JSON.stringify(wrapped.ccOutput) + '\n');
+    }
+    return true;
+}
+export async function main() {
+    const event = process.argv[3];
+    if (!event) {
+        process.stderr.write('vge-cc-guard hook: missing event name\n');
+        process.exit(1);
+    }
+    let rawInput;
+    try {
+        rawInput = await readStdin();
+    }
+    catch {
+        process.stderr.write('vge-cc-guard hook: failed to read stdin\n');
+        process.exit(event === 'pretool' ? 2 : 0);
+    }
+    let payload;
+    try {
+        payload = JSON.parse(rawInput);
+    }
+    catch {
+        process.stderr.write('vge-cc-guard hook: invalid JSON on stdin\n');
+        process.exit(2);
+    }
+    await ensureDaemonRunning();
+    const socketPath = getIpcAddress();
+    const inlineResolver = shouldStartInlineResolver(event)
+        ? startInlineResolver(socketPath, sessionIdFromHookPayload(event, payload))
+        : null;
+    let result;
+    try {
+        await inlineResolver?.ready;
+        result = await sendToSocketWithRetry(socketPath, event, payload);
+    }
+    finally {
+        inlineResolver?.stop();
+    }
+    if (result === null) {
+        process.exit(event === 'pretool' ? 2 : 0);
+    }
+    // Non-2xx from daemon → unparseable shape almost always; fail-closed for pretool.
+    if (result.status < 200 || result.status >= 300) {
+        process.stderr.write(`vge-cc-guard hook: daemon returned status ${result.status}\n`);
+        process.exit(event === 'pretool' ? 2 : 0);
+    }
+    const ok = writeResponse(event, result.body);
+    if (!ok) {
+        process.stderr.write('vge-cc-guard hook: malformed daemon response\n');
+        process.exit(daemonFailureExitCode(event));
+    }
+    process.exit(0);
+}
+export function daemonFailureExitCode(event) {
+    return event === 'pretool' ? 2 : 0;
+}
+//# sourceMappingURL=index.js.map

package/dist/shim/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/shim/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,wBAAwB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACrF,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAEzE,MAAM,0BAA0B,GAAG,OAAO,CAAC;AAC3C,MAAM,sBAAsB,GAAG,OAAO,CAAC;AACvC,MAAM,8BAA8B,GAAG,OAAO,CAAC;AAC/C,MAAM,+BAA+B,GAAG,KAAK,CAAC;AAC9C,MAAM,0BAA0B,GAAG,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;AAEvD,MAAM,UAAU,yBAAyB,CACvC,KAAa,EACb,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC;IAEtD,OAAO,QAAQ,KAAK,GAAG,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,UAAU,CAAC,CAAC;AAC3E,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC;IAC5F,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE;QAAE,OAAO,0BAA0B,CAAC;IACxF,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IAChC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC;QAAE,OAAO,0BAA0B,CAAC;IAChF,OAAO,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,sBAAsB,EAAE,8BAA8B,GAAG,CAAC,CAAC,CAAC;AACtF,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAChE,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAC/E,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAcD,SAAS,YAAY,CAAC,UAAkB,EAAE,KAAa,EAAE,OAAgB;IACvE,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,qFAAqF;QACrF,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;QAChC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CACtB;YACE,UAAU;YACV,IAAI,EAAE,aAAa,KAAK,EAAE;YAC1B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;gBACzC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;aACrC;YACD,OAAO,EAAE,uBAAuB,EAAE;SACnC,EACD,CAAC,GAAG,EAAE,EAAE;YACN,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9C,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CACjB,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,UAAU,IAAI,CAAC,EAAE,CAAC,CACvF,CAAC;QACJ,CAAC,CACF,CAAC;QACF,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACrC,GAAG,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YACrB,GAAG,CAAC,OAAO,EAAE,CAAC;YACd,OAAO,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAChB,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,UAAkB,EAClB,KAAa,EACb,OAAgB,EAChB,OAAqB,EAAE;IAEvB,MAAM,aAAa,GAAG,IAAI,CAAC,aAAa,IAAI,+BAA+B,CAAC;IAC5E,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,0BAA0B,CAAC;IAC/D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;IACrC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;IAC3E,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,SAAS,CAAC;QACR,MAAM,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC;YAAE,OAAO,MAAM,CAAC;QAErD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,IAAI,aAAa,CAAC;QACpF,IAAI,OAAO,GAAG,OAAO,GAAG,aAAa;YAAE,OAAO,MAAM,CAAC;QAErD,MAAM,QAAQ,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,MAA2B;IAC3D,IAAI,MAAM,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACjC,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACvC,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,IAAI,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,iBAAiB;QAAE,OAAO,KAAK,CAAC;IAC5F,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAwB,CAAC;QACvD,OAAO,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,4EAA4E;AAC5E,kFAAkF;AAClF,2EAA2E;AAC3E,SAAS,aAAa,CAAC,KAAa,EAAE,YAAoB;IACxD,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,qEAAqE;QACrE,uEAAuE;QACvE,mDAAmD;QACnD,MAAM,GAAG,GAAI,MAAmE,CAAC,kBAAkB,CAAC;QACpG,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,CAAC,kBAAkB,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QACrE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sFAAsF;IACtF,MAAM,OAAO,GAAG,MAAgC,CAAC;IACjD,IAAI,OAAO,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAC;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,IAAI;IACxB,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,SAAS,EAAE,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAClE,OAAO,CAAC,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,OAAgC,CAAC;IACrC,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAA4B,CAAC;IAC5D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,mBAAmB,EAAE,CAAC;IAE5B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IACnC,MAAM,cAAc,GAAG,yBAAyB,CAAC,KAAK,CAAC;QACrD,CAAC,CAAC,mBAAmB,CAAC,UAAU,EAAE,wBAAwB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC3E,CAAC,CAAC,IAAI,CAAC;IACT,IAAI,MAA2B,CAAC;IAChC,IAAI,CAAC;QACH,MAAM,cAAc,EAAE,KAAK,CAAC;QAC5B,MAAM,GAAG,MAAM,qBAAqB,CAAC,UAAU,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;YAAS,CAAC;QACT,cAAc,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,OAAO,CAAC,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,kFAAkF;IAClF,IAAI,MAAM,CAAC,MAAM,GAAG,GAAG,IAAI,MAAM,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;QAChD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6CAA6C,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;QACrF,OAAO,CAAC,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,EAAE,GAAG,aAAa,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAC7C,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACvE,OAAO,CAAC,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAAa;IACjD,OAAO,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC"}

package/dist/shim/inline-resolver-terminal.d.ts

@@ -0,0 +1,12 @@
+import type { BlockingDecision, BlockingDecisionChoice } from '../shared/types.js';
+interface RenderState {
+    status: string;
+    selected?: BlockingDecisionChoice;
+    invalid?: boolean;
+}
+export declare function ttyAvailable(ttyPath?: string): boolean;
+export declare function choiceFromInlineInput(input: string): BlockingDecisionChoice | null;
+export declare function formatInlineDecisionPrompt(decision: BlockingDecision, width?: number, state?: RenderState): string;
+export declare function promptBlockingDecisionOnTty(decision: BlockingDecision, signal: AbortSignal, ttyPath?: string): Promise<BlockingDecisionChoice | null>;
+export {};
+//# sourceMappingURL=inline-resolver-terminal.d.ts.map

package/dist/shim/inline-resolver-terminal.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"inline-resolver-terminal.d.ts","sourceRoot":"","sources":["../../src/shim/inline-resolver-terminal.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,oBAAoB,CAAC;AAenF,UAAU,WAAW;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,sBAAsB,CAAC;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED,wBAAgB,YAAY,CAAC,OAAO,SAAW,GAAG,OAAO,CAUxD;AAMD,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,sBAAsB,GAAG,IAAI,CAQlF;AAuED,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,gBAAgB,EAAE,KAAK,SAAM,EAAE,KAAK,CAAC,EAAE,WAAW,GAAG,MAAM,CA6B/G;AAED,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,gBAAgB,EAC1B,MAAM,EAAE,WAAW,EACnB,OAAO,SAAW,GACjB,OAAO,CAAC,sBAAsB,GAAG,IAAI,CAAC,CAiExC"}