@within-7/minto 0.1.6 → 0.2.0

package/dist/core/config/schema.js

@@ -0,0 +1,178 @@
+import { z } from "zod";
+const McpStdioServerConfigSchema = z.object({
+  type: z.literal("stdio").optional().default("stdio"),
+  command: z.string(),
+  args: z.array(z.string()),
+  env: z.record(z.string()).optional(),
+  enabled: z.boolean().optional()
+});
+const McpSSEServerConfigSchema = z.object({
+  type: z.literal("sse"),
+  url: z.string(),
+  enabled: z.boolean().optional()
+});
+const McpServerConfigSchema = z.union([
+  McpStdioServerConfigSchema,
+  McpSSEServerConfigSchema
+]);
+const AutoUpdaterStatusSchema = z.enum([
+  "disabled",
+  "enabled",
+  "no_permissions",
+  "not_configured"
+]);
+const NotificationChannelSchema = z.enum([
+  "iterm2",
+  "terminal_bell",
+  "iterm2_with_bell",
+  "notifications_disabled"
+]);
+const ProviderTypeSchema = z.enum([
+  "anthropic",
+  "openai",
+  "mistral",
+  "deepseek",
+  "kimi",
+  "qwen",
+  "glm",
+  "minimax",
+  "baidu-qianfan",
+  "siliconflow",
+  "bigdream",
+  "opendev",
+  "xai",
+  "groq",
+  "gemini",
+  "ollama",
+  "azure",
+  "custom",
+  "custom-openai"
+]);
+const CompressionModeSchema = z.enum(["business", "code"]);
+const ReasoningEffortSchema = z.enum([
+  "minimal",
+  "low",
+  "medium",
+  "high"
+]);
+const ModelProfileSchema = z.object({
+  name: z.string(),
+  provider: ProviderTypeSchema,
+  modelName: z.string(),
+  baseURL: z.string().optional(),
+  apiKey: z.string(),
+  maxTokens: z.number(),
+  contextLength: z.number(),
+  reasoningEffort: ReasoningEffortSchema.optional(),
+  isActive: z.boolean(),
+  createdAt: z.number(),
+  lastUsed: z.number().optional(),
+  isGPT5: z.boolean().optional(),
+  validationStatus: z.enum(["valid", "needs_repair", "auto_repaired"]).optional(),
+  lastValidation: z.number().optional()
+});
+const ModelPointerTypeSchema = z.enum([
+  "main",
+  "task",
+  "reasoning",
+  "quick"
+]);
+const ModelPointersSchema = z.object({
+  main: z.string(),
+  task: z.string(),
+  reasoning: z.string(),
+  quick: z.string()
+});
+const AccountInfoSchema = z.object({
+  accountUuid: z.string(),
+  emailAddress: z.string(),
+  organizationUuid: z.string().optional()
+});
+const ProjectConfigSchema = z.object({
+  allowedTools: z.array(z.string()),
+  context: z.record(z.string()),
+  contextFiles: z.array(z.string()).optional(),
+  history: z.array(z.string()),
+  dontCrawlDirectory: z.boolean().optional(),
+  enableArchitectTool: z.boolean().optional(),
+  mcpContextUris: z.array(z.string()),
+  mcpServers: z.record(McpServerConfigSchema).optional(),
+  approvedMcprcServers: z.array(z.string()).optional(),
+  rejectedMcprcServers: z.array(z.string()).optional(),
+  lastAPIDuration: z.number().optional(),
+  lastCost: z.number().optional(),
+  lastDuration: z.number().optional(),
+  lastSessionId: z.string().optional(),
+  exampleFiles: z.array(z.string()).optional(),
+  exampleFilesGeneratedAt: z.number().optional(),
+  hasTrustDialogAccepted: z.boolean().optional(),
+  hasCompletedProjectOnboarding: z.boolean().optional()
+});
+const GlobalConfigSchema = z.object({
+  projects: z.record(ProjectConfigSchema).optional(),
+  numStartups: z.number(),
+  autoUpdaterStatus: AutoUpdaterStatusSchema.optional(),
+  userID: z.string().optional(),
+  theme: z.string(),
+  hasCompletedOnboarding: z.boolean().optional(),
+  lastOnboardingVersion: z.string().optional(),
+  lastReleaseNotesSeen: z.string().optional(),
+  mcpServers: z.record(McpServerConfigSchema).optional(),
+  preferredNotifChannel: NotificationChannelSchema,
+  verbose: z.boolean(),
+  customApiKeyResponses: z.object({
+    approved: z.array(z.string()).optional(),
+    rejected: z.array(z.string()).optional()
+  }).optional(),
+  primaryProvider: ProviderTypeSchema.optional(),
+  maxTokens: z.number().optional(),
+  hasAcknowledgedCostThreshold: z.boolean().optional(),
+  oauthAccount: AccountInfoSchema.optional(),
+  iterm2KeyBindingInstalled: z.boolean().optional(),
+  shiftEnterKeyBindingInstalled: z.boolean().optional(),
+  proxy: z.string().optional(),
+  stream: z.boolean().optional(),
+  modelProfiles: z.array(ModelProfileSchema).optional(),
+  modelPointers: ModelPointersSchema.optional(),
+  defaultModelName: z.string().optional(),
+  lastDismissedUpdateVersion: z.string().optional(),
+  compressionMode: CompressionModeSchema.optional(),
+  thinking: z.boolean().optional(),
+  // Config version for migrations
+  configVersion: z.number().optional()
+});
+function validateGlobalConfig(config) {
+  return GlobalConfigSchema.parse(config);
+}
+function validateProjectConfig(config) {
+  return ProjectConfigSchema.parse(config);
+}
+function safeValidateGlobalConfig(config) {
+  const result = GlobalConfigSchema.safeParse(config);
+  return result.success ? { success: true, data: result.data } : { success: false, error: result.error };
+}
+function safeValidateProjectConfig(config) {
+  const result = ProjectConfigSchema.safeParse(config);
+  return result.success ? { success: true, data: result.data } : { success: false, error: result.error };
+}
+export {
+  AccountInfoSchema,
+  AutoUpdaterStatusSchema,
+  CompressionModeSchema,
+  GlobalConfigSchema,
+  McpSSEServerConfigSchema,
+  McpServerConfigSchema,
+  McpStdioServerConfigSchema,
+  ModelPointerTypeSchema,
+  ModelPointersSchema,
+  ModelProfileSchema,
+  NotificationChannelSchema,
+  ProjectConfigSchema,
+  ProviderTypeSchema,
+  ReasoningEffortSchema,
+  safeValidateGlobalConfig,
+  safeValidateProjectConfig,
+  validateGlobalConfig,
+  validateProjectConfig
+};
+//# sourceMappingURL=schema.js.map

package/dist/core/config/schema.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/core/config/schema.ts"],
+  "sourcesContent": ["/**\n * Configuration Schema Definitions\n *\n * Defines all configuration types for Minto with Zod validation.\n */\n\nimport { z } from 'zod'\n\n// MCP Server Configurations\nexport const McpStdioServerConfigSchema = z.object({\n  type: z.literal('stdio').optional().default('stdio'),\n  command: z.string(),\n  args: z.array(z.string()),\n  env: z.record(z.string()).optional(),\n  enabled: z.boolean().optional(),\n})\n\nexport const McpSSEServerConfigSchema = z.object({\n  type: z.literal('sse'),\n  url: z.string(),\n  enabled: z.boolean().optional(),\n})\n\nexport const McpServerConfigSchema = z.union([\n  McpStdioServerConfigSchema,\n  McpSSEServerConfigSchema,\n])\n\n// Auto Updater Status\nexport const AutoUpdaterStatusSchema = z.enum([\n  'disabled',\n  'enabled',\n  'no_permissions',\n  'not_configured',\n])\n\n// Notification Channel\nexport const NotificationChannelSchema = z.enum([\n  'iterm2',\n  'terminal_bell',\n  'iterm2_with_bell',\n  'notifications_disabled',\n])\n\n// Provider Types\nexport const ProviderTypeSchema = z.enum([\n  'anthropic',\n  'openai',\n  'mistral',\n  'deepseek',\n  'kimi',\n  'qwen',\n  'glm',\n  'minimax',\n  'baidu-qianfan',\n  'siliconflow',\n  'bigdream',\n  'opendev',\n  'xai',\n  'groq',\n  'gemini',\n  'ollama',\n  'azure',\n  'custom',\n  'custom-openai',\n])\n\n// Compression Mode\nexport const CompressionModeSchema = z.enum(['business', 'code'])\n\n// Reasoning Effort\nexport const ReasoningEffortSchema = z.enum([\n  'minimal',\n  'low',\n  'medium',\n  'high',\n])\n\n// Model Profile\nexport const ModelProfileSchema = z.object({\n  name: z.string(),\n  provider: ProviderTypeSchema,\n  modelName: z.string(),\n  baseURL: z.string().optional(),\n  apiKey: z.string(),\n  maxTokens: z.number(),\n  contextLength: z.number(),\n  reasoningEffort: ReasoningEffortSchema.optional(),\n  isActive: z.boolean(),\n  createdAt: z.number(),\n  lastUsed: z.number().optional(),\n  isGPT5: z.boolean().optional(),\n  validationStatus: z\n    .enum(['valid', 'needs_repair', 'auto_repaired'])\n    .optional(),\n  lastValidation: z.number().optional(),\n})\n\n// Model Pointer Type\nexport const ModelPointerTypeSchema = z.enum([\n  'main',\n  'task',\n  'reasoning',\n  'quick',\n])\n\n// Model Pointers\nexport const ModelPointersSchema = z.object({\n  main: z.string(),\n  task: z.string(),\n  reasoning: z.string(),\n  quick: z.string(),\n})\n\n// Account Info\nexport const AccountInfoSchema = z.object({\n  accountUuid: z.string(),\n  emailAddress: z.string(),\n  organizationUuid: z.string().optional(),\n})\n\n// Project Configuration\nexport const ProjectConfigSchema = z.object({\n  allowedTools: z.array(z.string()),\n  context: z.record(z.string()),\n  contextFiles: z.array(z.string()).optional(),\n  history: z.array(z.string()),\n  dontCrawlDirectory: z.boolean().optional(),\n  enableArchitectTool: z.boolean().optional(),\n  mcpContextUris: z.array(z.string()),\n  mcpServers: z.record(McpServerConfigSchema).optional(),\n  approvedMcprcServers: z.array(z.string()).optional(),\n  rejectedMcprcServers: z.array(z.string()).optional(),\n  lastAPIDuration: z.number().optional(),\n  lastCost: z.number().optional(),\n  lastDuration: z.number().optional(),\n  lastSessionId: z.string().optional(),\n  exampleFiles: z.array(z.string()).optional(),\n  exampleFilesGeneratedAt: z.number().optional(),\n  hasTrustDialogAccepted: z.boolean().optional(),\n  hasCompletedProjectOnboarding: z.boolean().optional(),\n})\n\n// Global Configuration\nexport const GlobalConfigSchema = z.object({\n  projects: z.record(ProjectConfigSchema).optional(),\n  numStartups: z.number(),\n  autoUpdaterStatus: AutoUpdaterStatusSchema.optional(),\n  userID: z.string().optional(),\n  theme: z.string(),\n  hasCompletedOnboarding: z.boolean().optional(),\n  lastOnboardingVersion: z.string().optional(),\n  lastReleaseNotesSeen: z.string().optional(),\n  mcpServers: z.record(McpServerConfigSchema).optional(),\n  preferredNotifChannel: NotificationChannelSchema,\n  verbose: z.boolean(),\n  customApiKeyResponses: z\n    .object({\n      approved: z.array(z.string()).optional(),\n      rejected: z.array(z.string()).optional(),\n    })\n    .optional(),\n  primaryProvider: ProviderTypeSchema.optional(),\n  maxTokens: z.number().optional(),\n  hasAcknowledgedCostThreshold: z.boolean().optional(),\n  oauthAccount: AccountInfoSchema.optional(),\n  iterm2KeyBindingInstalled: z.boolean().optional(),\n  shiftEnterKeyBindingInstalled: z.boolean().optional(),\n  proxy: z.string().optional(),\n  stream: z.boolean().optional(),\n  modelProfiles: z.array(ModelProfileSchema).optional(),\n  modelPointers: ModelPointersSchema.optional(),\n  defaultModelName: z.string().optional(),\n  lastDismissedUpdateVersion: z.string().optional(),\n  compressionMode: CompressionModeSchema.optional(),\n  thinking: z.boolean().optional(),\n  // Config version for migrations\n  configVersion: z.number().optional(),\n})\n\n// Type exports for TypeScript usage\nexport type McpStdioServerConfig = z.infer<typeof McpStdioServerConfigSchema>\nexport type McpSSEServerConfig = z.infer<typeof McpSSEServerConfigSchema>\nexport type McpServerConfig = z.infer<typeof McpServerConfigSchema>\nexport type AutoUpdaterStatus = z.infer<typeof AutoUpdaterStatusSchema>\nexport type NotificationChannel = z.infer<typeof NotificationChannelSchema>\nexport type ProviderType = z.infer<typeof ProviderTypeSchema>\nexport type CompressionMode = z.infer<typeof CompressionModeSchema>\nexport type ReasoningEffort = z.infer<typeof ReasoningEffortSchema>\nexport type ModelProfile = z.infer<typeof ModelProfileSchema>\nexport type ModelPointerType = z.infer<typeof ModelPointerTypeSchema>\nexport type ModelPointers = z.infer<typeof ModelPointersSchema>\nexport type AccountInfo = z.infer<typeof AccountInfoSchema>\nexport type ProjectConfig = z.infer<typeof ProjectConfigSchema>\nexport type GlobalConfig = z.infer<typeof GlobalConfigSchema>\n\n// Validation utilities\nexport function validateGlobalConfig(config: unknown): GlobalConfig {\n  return GlobalConfigSchema.parse(config)\n}\n\nexport function validateProjectConfig(config: unknown): ProjectConfig {\n  return ProjectConfigSchema.parse(config)\n}\n\nexport function safeValidateGlobalConfig(config: unknown): {\n  success: boolean\n  data?: GlobalConfig\n  error?: z.ZodError\n} {\n  const result = GlobalConfigSchema.safeParse(config)\n  return result.success\n    ? { success: true, data: result.data }\n    : { success: false, error: result.error }\n}\n\nexport function safeValidateProjectConfig(config: unknown): {\n  success: boolean\n  data?: ProjectConfig\n  error?: z.ZodError\n} {\n  const result = ProjectConfigSchema.safeParse(config)\n  return result.success\n    ? { success: true, data: result.data }\n    : { success: false, error: result.error }\n}\n"],
+  "mappings": "AAMA,SAAS,SAAS;AAGX,MAAM,6BAA6B,EAAE,OAAO;AAAA,EACjD,MAAM,EAAE,QAAQ,OAAO,EAAE,SAAS,EAAE,QAAQ,OAAO;AAAA,EACnD,SAAS,EAAE,OAAO;AAAA,EAClB,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,EACxB,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EACnC,SAAS,EAAE,QAAQ,EAAE,SAAS;AAChC,CAAC;AAEM,MAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,MAAM,EAAE,QAAQ,KAAK;AAAA,EACrB,KAAK,EAAE,OAAO;AAAA,EACd,SAAS,EAAE,QAAQ,EAAE,SAAS;AAChC,CAAC;AAEM,MAAM,wBAAwB,EAAE,MAAM;AAAA,EAC3C;AAAA,EACA;AACF,CAAC;AAGM,MAAM,0BAA0B,EAAE,KAAK;AAAA,EAC5C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAGM,MAAM,4BAA4B,EAAE,KAAK;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAGM,MAAM,qBAAqB,EAAE,KAAK;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAGM,MAAM,wBAAwB,EAAE,KAAK,CAAC,YAAY,MAAM,CAAC;AAGzD,MAAM,wBAAwB,EAAE,KAAK;AAAA,EAC1C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAGM,MAAM,qBAAqB,EAAE,OAAO;AAAA,EACzC,MAAM,EAAE,OAAO;AAAA,EACf,UAAU;AAAA,EACV,WAAW,EAAE,OAAO;AAAA,EACpB,SAAS,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,QAAQ,EAAE,OAAO;AAAA,EACjB,WAAW,EAAE,OAAO;AAAA,EACpB,eAAe,EAAE,OAAO;AAAA,EACxB,iBAAiB,sBAAsB,SAAS;AAAA,EAChD,UAAU,EAAE,QAAQ;AAAA,EACpB,WAAW,EAAE,OAAO;AAAA,EACpB,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,QAAQ,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC7B,kBAAkB,EACf,KAAK,CAAC,SAAS,gBAAgB,eAAe,CAAC,EAC/C,SAAS;AAAA,EACZ,gBAAgB,EAAE,OAAO,EAAE,SAAS;AACtC,CAAC;AAGM,MAAM,yBAAyB,EAAE,KAAK;AAAA,EAC3C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAGM,MAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,MAAM,EAAE,OAAO;AAAA,EACf,MAAM,EAAE,OAAO;AAAA,EACf,WAAW,EAAE,OAAO;AAAA,EACpB,OAAO,EAAE,OAAO;AAClB,CAAC;AAGM,MAAM,oBAAoB,EAAE,OAAO;AAAA,EACxC,aAAa,EAAE,OAAO;AAAA,EACtB,cAAc,EAAE,OAAO;AAAA,EACvB,kBAAkB,EAAE,OAAO,EAAE,SAAS;AACxC,CAAC;AAGM,MAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,cAAc,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,EAChC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC;AAAA,EAC5B,cAAc,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EAC3C,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,EAC3B,oBAAoB,EAAE,QAAQ,EAAE,SAAS;AAAA,EACzC,qBAAqB,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC1C,gBAAgB,EAAE,MAAM,EAAE,OAAO,CAAC;AAAA,EAClC,YAAY,EAAE,OAAO,qBAAqB,EAAE,SAAS;AAAA,EACrD,sBAAsB,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EACnD,sBAAsB,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EACnD,iBAAiB,EAAE,OAAO,EAAE,SAAS;AAAA,EACrC,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,cAAc,EAAE,OAAO,EAAE,SAAS;AAAA,EAClC,eAAe,EAAE,OAAO,EAAE,SAAS;AAAA,EACnC,cAAc,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EAC3C,yBAAyB,EAAE,OAAO,EAAE,SAAS;AAAA,EAC7C,wBAAwB,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC7C,+BAA+B,EAAE,QAAQ,EAAE,SAAS;AACtD,CAAC;AAGM,MAAM,qBAAqB,EAAE,OAAO;AAAA,EACzC,UAAU,EAAE,OAAO,mBAAmB,EAAE,SAAS;AAAA,EACjD,aAAa,EAAE,OAAO;AAAA,EACtB,mBAAmB,wBAAwB,SAAS;AAAA,EACpD,QAAQ,EAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,OAAO,EAAE,OAAO;AAAA,EAChB,wBAAwB,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC7C,uBAAuB,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3C,sBAAsB,EAAE,OAAO,EAAE,SAAS;AAAA,EAC1C,YAAY,EAAE,OAAO,qBAAqB,EAAE,SAAS;AAAA,EACrD,uBAAuB;AAAA,EACvB,SAAS,EAAE,QAAQ;AAAA,EACnB,uBAAuB,EACpB,OAAO;AAAA,IACN,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,IACvC,UAAU,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EACzC,CAAC,EACA,SAAS;AAAA,EACZ,iBAAiB,mBAAmB,SAAS;AAAA,EAC7C,WAAW,EAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,8BAA8B,EAAE,QAAQ,EAAE,SAAS;AAAA,EACnD,cAAc,kBAAkB,SAAS;AAAA,EACzC,2BAA2B,EAAE,QAAQ,EAAE,SAAS;AAAA,EAChD,+BAA+B,EAAE,QAAQ,EAAE,SAAS;AAAA,EACpD,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,QAAQ,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC7B,eAAe,EAAE,MAAM,kBAAkB,EAAE,SAAS;AAAA,EACpD,eAAe,oBAAoB,SAAS;AAAA,EAC5C,kBAAkB,EAAE,OAAO,EAAE,SAAS;AAAA,EACtC,4BAA4B,EAAE,OAAO,EAAE,SAAS;AAAA,EAChD,iBAAiB,sBAAsB,SAAS;AAAA,EAChD,UAAU,EAAE,QAAQ,EAAE,SAAS;AAAA;AAAA,EAE/B,eAAe,EAAE,OAAO,EAAE,SAAS;AACrC,CAAC;AAmBM,SAAS,qBAAqB,QAA+B;AAClE,SAAO,mBAAmB,MAAM,MAAM;AACxC;AAEO,SAAS,sBAAsB,QAAgC;AACpE,SAAO,oBAAoB,MAAM,MAAM;AACzC;AAEO,SAAS,yBAAyB,QAIvC;AACA,QAAM,SAAS,mBAAmB,UAAU,MAAM;AAClD,SAAO,OAAO,UACV,EAAE,SAAS,MAAM,MAAM,OAAO,KAAK,IACnC,EAAE,SAAS,OAAO,OAAO,OAAO,MAAM;AAC5C;AAEO,SAAS,0BAA0B,QAIxC;AACA,QAAM,SAAS,oBAAoB,UAAU,MAAM;AACnD,SAAO,OAAO,UACV,EAAE,SAAS,MAAM,MAAM,OAAO,KAAK,IACnC,EAAE,SAAS,OAAO,OAAO,OAAO,MAAM;AAC5C;",
+  "names": []
+}

package/dist/core/costTracker.js

@@ -0,0 +1,138 @@
+import chalk from "chalk";
+import { useEffect } from "react";
+import signalExit from "signal-exit";
+import { formatDuration } from "../utils/format.js";
+import {
+  getCurrentProjectConfig,
+  saveCurrentProjectConfig
+} from "../utils/config.js";
+import { SESSION_ID } from "../utils/log.js";
+const STATE = {
+  totalCost: 0,
+  totalAPIDuration: 0,
+  startTime: Date.now(),
+  inputTokens: 0,
+  outputTokens: 0,
+  cacheCreationTokens: 0,
+  cacheReadTokens: 0,
+  requestCount: 0
+};
+function addToTotalCost(cost, duration) {
+  STATE.totalCost += cost;
+  STATE.totalAPIDuration += duration;
+  STATE.requestCount += 1;
+}
+function addTokenUsage(inputTokens, outputTokens, cacheCreationTokens, cacheReadTokens) {
+  STATE.inputTokens += inputTokens;
+  STATE.outputTokens += outputTokens;
+  if (cacheCreationTokens) STATE.cacheCreationTokens += cacheCreationTokens;
+  if (cacheReadTokens) STATE.cacheReadTokens += cacheReadTokens;
+}
+function getTotalCost() {
+  return STATE.totalCost;
+}
+function getTotalDuration() {
+  return Date.now() - STATE.startTime;
+}
+function getTotalAPIDuration() {
+  return STATE.totalAPIDuration;
+}
+function getTokenCounts() {
+  return {
+    input: STATE.inputTokens,
+    output: STATE.outputTokens,
+    cacheCreation: STATE.cacheCreationTokens,
+    cacheRead: STATE.cacheReadTokens,
+    total: STATE.inputTokens + STATE.outputTokens
+  };
+}
+function getRequestCount() {
+  return STATE.requestCount;
+}
+function getCostSummary() {
+  return {
+    cost: STATE.totalCost,
+    apiDuration: STATE.totalAPIDuration,
+    wallDuration: getTotalDuration(),
+    tokens: getTokenCounts(),
+    requests: STATE.requestCount
+  };
+}
+function formatCost(cost) {
+  return `$${cost > 0.5 ? round(cost, 100).toFixed(2) : cost.toFixed(4)}`;
+}
+function round(number, precision) {
+  return Math.round(number * precision) / precision;
+}
+function formatTotalCost() {
+  return chalk.grey(
+    `Total cost: ${formatCost(STATE.totalCost)}
+Total duration (API): ${formatDuration(STATE.totalAPIDuration)}
+Total duration (wall): ${formatDuration(getTotalDuration())}`
+  );
+}
+function formatDetailedCost() {
+  const tokens = getTokenCounts();
+  return chalk.grey(
+    `Total cost: ${formatCost(STATE.totalCost)}
+Total duration (API): ${formatDuration(STATE.totalAPIDuration)}
+Total duration (wall): ${formatDuration(getTotalDuration())}
+Tokens: ${tokens.input.toLocaleString()} in / ${tokens.output.toLocaleString()} out
+Cache: ${tokens.cacheCreation.toLocaleString()} created / ${tokens.cacheRead.toLocaleString()} read
+Requests: ${STATE.requestCount}`
+  );
+}
+let exitHandlerRegistered = false;
+function useCostSummary() {
+  useEffect(() => {
+    if (exitHandlerRegistered) {
+      return;
+    }
+    exitHandlerRegistered = true;
+    signalExit(
+      () => {
+        process.stdout.write("\n" + formatTotalCost() + "\n");
+        try {
+          const projectConfig = getCurrentProjectConfig();
+          saveCurrentProjectConfig({
+            ...projectConfig,
+            lastCost: STATE.totalCost,
+            lastAPIDuration: STATE.totalAPIDuration,
+            lastDuration: getTotalDuration(),
+            lastSessionId: SESSION_ID
+          });
+        } catch {
+        }
+      },
+      { alwaysLast: true }
+    );
+  }, []);
+}
+function resetStateForTests() {
+  if (process.env.NODE_ENV !== "test") {
+    throw new Error("resetStateForTests can only be called in tests");
+  }
+  STATE.startTime = Date.now();
+  STATE.totalCost = 0;
+  STATE.totalAPIDuration = 0;
+  STATE.inputTokens = 0;
+  STATE.outputTokens = 0;
+  STATE.cacheCreationTokens = 0;
+  STATE.cacheReadTokens = 0;
+  STATE.requestCount = 0;
+}
+export {
+  addToTotalCost,
+  addTokenUsage,
+  formatDetailedCost,
+  formatTotalCost,
+  getCostSummary,
+  getRequestCount,
+  getTokenCounts,
+  getTotalAPIDuration,
+  getTotalCost,
+  getTotalDuration,
+  resetStateForTests,
+  useCostSummary
+};
+//# sourceMappingURL=costTracker.js.map

package/dist/core/costTracker.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/core/costTracker.ts"],
+  "sourcesContent": ["/**\n * Cost Tracker\n *\n * Tracks API costs and usage metrics for the session.\n * This is the core implementation; the original cost-tracker.ts\n * re-exports from this module for backwards compatibility.\n */\n\nimport chalk from 'chalk'\nimport { useEffect } from 'react'\nimport signalExit from 'signal-exit'\nimport { formatDuration } from '../utils/format'\nimport {\n  getCurrentProjectConfig,\n  saveCurrentProjectConfig,\n} from '../utils/config'\nimport { SESSION_ID } from '../utils/log'\n\n/**\n * Cost tracking state\n */\ninterface CostState {\n  /** Total cost in dollars */\n  totalCost: number\n\n  /** Total API call duration in milliseconds */\n  totalAPIDuration: number\n\n  /** Session start timestamp */\n  startTime: number\n\n  /** Token counts */\n  inputTokens: number\n  outputTokens: number\n\n  /** Cache stats */\n  cacheCreationTokens: number\n  cacheReadTokens: number\n\n  /** Request count */\n  requestCount: number\n}\n\n// Global state\nconst STATE: CostState = {\n  totalCost: 0,\n  totalAPIDuration: 0,\n  startTime: Date.now(),\n  inputTokens: 0,\n  outputTokens: 0,\n  cacheCreationTokens: 0,\n  cacheReadTokens: 0,\n  requestCount: 0,\n}\n\n/**\n * Add to total cost\n */\nexport function addToTotalCost(cost: number, duration: number): void {\n  STATE.totalCost += cost\n  STATE.totalAPIDuration += duration\n  STATE.requestCount += 1\n}\n\n/**\n * Add token usage\n */\nexport function addTokenUsage(\n  inputTokens: number,\n  outputTokens: number,\n  cacheCreationTokens?: number,\n  cacheReadTokens?: number,\n): void {\n  STATE.inputTokens += inputTokens\n  STATE.outputTokens += outputTokens\n  if (cacheCreationTokens) STATE.cacheCreationTokens += cacheCreationTokens\n  if (cacheReadTokens) STATE.cacheReadTokens += cacheReadTokens\n}\n\n/**\n * Get total cost\n */\nexport function getTotalCost(): number {\n  return STATE.totalCost\n}\n\n/**\n * Get total duration (wall clock time)\n */\nexport function getTotalDuration(): number {\n  return Date.now() - STATE.startTime\n}\n\n/**\n * Get total API duration\n */\nexport function getTotalAPIDuration(): number {\n  return STATE.totalAPIDuration\n}\n\n/**\n * Get token counts\n */\nexport function getTokenCounts(): {\n  input: number\n  output: number\n  cacheCreation: number\n  cacheRead: number\n  total: number\n} {\n  return {\n    input: STATE.inputTokens,\n    output: STATE.outputTokens,\n    cacheCreation: STATE.cacheCreationTokens,\n    cacheRead: STATE.cacheReadTokens,\n    total: STATE.inputTokens + STATE.outputTokens,\n  }\n}\n\n/**\n * Get request count\n */\nexport function getRequestCount(): number {\n  return STATE.requestCount\n}\n\n/**\n * Get full cost summary\n */\nexport function getCostSummary(): {\n  cost: number\n  apiDuration: number\n  wallDuration: number\n  tokens: ReturnType<typeof getTokenCounts>\n  requests: number\n} {\n  return {\n    cost: STATE.totalCost,\n    apiDuration: STATE.totalAPIDuration,\n    wallDuration: getTotalDuration(),\n    tokens: getTokenCounts(),\n    requests: STATE.requestCount,\n  }\n}\n\n/**\n * Format cost for display\n */\nfunction formatCost(cost: number): string {\n  return `$${cost > 0.5 ? round(cost, 100).toFixed(2) : cost.toFixed(4)}`\n}\n\n/**\n * Round to precision\n */\nfunction round(number: number, precision: number): number {\n  return Math.round(number * precision) / precision\n}\n\n/**\n * Format total cost for display\n */\nexport function formatTotalCost(): string {\n  return chalk.grey(\n    `Total cost: ${formatCost(STATE.totalCost)}\nTotal duration (API): ${formatDuration(STATE.totalAPIDuration)}\nTotal duration (wall): ${formatDuration(getTotalDuration())}`,\n  )\n}\n\n/**\n * Format detailed cost summary\n */\nexport function formatDetailedCost(): string {\n  const tokens = getTokenCounts()\n  return chalk.grey(\n    `Total cost: ${formatCost(STATE.totalCost)}\nTotal duration (API): ${formatDuration(STATE.totalAPIDuration)}\nTotal duration (wall): ${formatDuration(getTotalDuration())}\nTokens: ${tokens.input.toLocaleString()} in / ${tokens.output.toLocaleString()} out\nCache: ${tokens.cacheCreation.toLocaleString()} created / ${tokens.cacheRead.toLocaleString()} read\nRequests: ${STATE.requestCount}`,\n  )\n}\n\n// Flag to ensure we only register once and never unregister\nlet exitHandlerRegistered = false\n\n/**\n * React hook for cost summary on exit\n *\n * CRITICAL FIX: Use signal-exit with alwaysLast: true\n *\n * The problem was that Ink also uses signal-exit (with alwaysLast: false)\n * to clean up on exit. During Ink's cleanup, it may:\n * 1. Call onRender() one last time\n * 2. Use ansiEscapes.eraseLines() to clear previous output\n * 3. Or even call clearTerminal if output height >= terminal rows\n *\n * By using signal-exit with alwaysLast: true, we ensure our handler\n * runs AFTER Ink's cleanup, so our statistics are the last thing printed.\n */\nexport function useCostSummary(): void {\n  useEffect(() => {\n    // Only register ONCE, and NEVER unregister\n    if (exitHandlerRegistered) {\n      return\n    }\n    exitHandlerRegistered = true\n\n    // Use signal-exit with alwaysLast: true to run AFTER Ink's cleanup\n    signalExit(\n      () => {\n        // Write statistics to stdout\n        process.stdout.write('\\n' + formatTotalCost() + '\\n')\n\n        // Save last cost and duration to project config\n        try {\n          const projectConfig = getCurrentProjectConfig()\n          saveCurrentProjectConfig({\n            ...projectConfig,\n            lastCost: STATE.totalCost,\n            lastAPIDuration: STATE.totalAPIDuration,\n            lastDuration: getTotalDuration(),\n            lastSessionId: SESSION_ID,\n          })\n        } catch {\n          // Ignore errors during exit - config save is best-effort\n        }\n      },\n      { alwaysLast: true },\n    )\n\n    // NO cleanup - never unregister the exit handler\n  }, [])\n}\n\n/**\n * Reset state (for testing only)\n */\nexport function resetStateForTests(): void {\n  if (process.env.NODE_ENV !== 'test') {\n    throw new Error('resetStateForTests can only be called in tests')\n  }\n  STATE.startTime = Date.now()\n  STATE.totalCost = 0\n  STATE.totalAPIDuration = 0\n  STATE.inputTokens = 0\n  STATE.outputTokens = 0\n  STATE.cacheCreationTokens = 0\n  STATE.cacheReadTokens = 0\n  STATE.requestCount = 0\n}\n"],
+  "mappings": "AAQA,OAAO,WAAW;AAClB,SAAS,iBAAiB;AAC1B,OAAO,gBAAgB;AACvB,SAAS,sBAAsB;AAC/B;AAAA,EACE;AAAA,EACA;AAAA,OACK;AACP,SAAS,kBAAkB;AA4B3B,MAAM,QAAmB;AAAA,EACvB,WAAW;AAAA,EACX,kBAAkB;AAAA,EAClB,WAAW,KAAK,IAAI;AAAA,EACpB,aAAa;AAAA,EACb,cAAc;AAAA,EACd,qBAAqB;AAAA,EACrB,iBAAiB;AAAA,EACjB,cAAc;AAChB;AAKO,SAAS,eAAe,MAAc,UAAwB;AACnE,QAAM,aAAa;AACnB,QAAM,oBAAoB;AAC1B,QAAM,gBAAgB;AACxB;AAKO,SAAS,cACd,aACA,cACA,qBACA,iBACM;AACN,QAAM,eAAe;AACrB,QAAM,gBAAgB;AACtB,MAAI,oBAAqB,OAAM,uBAAuB;AACtD,MAAI,gBAAiB,OAAM,mBAAmB;AAChD;AAKO,SAAS,eAAuB;AACrC,SAAO,MAAM;AACf;AAKO,SAAS,mBAA2B;AACzC,SAAO,KAAK,IAAI,IAAI,MAAM;AAC5B;AAKO,SAAS,sBAA8B;AAC5C,SAAO,MAAM;AACf;AAKO,SAAS,iBAMd;AACA,SAAO;AAAA,IACL,OAAO,MAAM;AAAA,IACb,QAAQ,MAAM;AAAA,IACd,eAAe,MAAM;AAAA,IACrB,WAAW,MAAM;AAAA,IACjB,OAAO,MAAM,cAAc,MAAM;AAAA,EACnC;AACF;AAKO,SAAS,kBAA0B;AACxC,SAAO,MAAM;AACf;AAKO,SAAS,iBAMd;AACA,SAAO;AAAA,IACL,MAAM,MAAM;AAAA,IACZ,aAAa,MAAM;AAAA,IACnB,cAAc,iBAAiB;AAAA,IAC/B,QAAQ,eAAe;AAAA,IACvB,UAAU,MAAM;AAAA,EAClB;AACF;AAKA,SAAS,WAAW,MAAsB;AACxC,SAAO,IAAI,OAAO,MAAM,MAAM,MAAM,GAAG,EAAE,QAAQ,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;AACvE;AAKA,SAAS,MAAM,QAAgB,WAA2B;AACxD,SAAO,KAAK,MAAM,SAAS,SAAS,IAAI;AAC1C;AAKO,SAAS,kBAA0B;AACxC,SAAO,MAAM;AAAA,IACX,eAAe,WAAW,MAAM,SAAS,CAAC;AAAA,wBACtB,eAAe,MAAM,gBAAgB,CAAC;AAAA,yBACrC,eAAe,iBAAiB,CAAC,CAAC;AAAA,EACzD;AACF;AAKO,SAAS,qBAA6B;AAC3C,QAAM,SAAS,eAAe;AAC9B,SAAO,MAAM;AAAA,IACX,eAAe,WAAW,MAAM,SAAS,CAAC;AAAA,wBACtB,eAAe,MAAM,gBAAgB,CAAC;AAAA,yBACrC,eAAe,iBAAiB,CAAC,CAAC;AAAA,UACjD,OAAO,MAAM,eAAe,CAAC,SAAS,OAAO,OAAO,eAAe,CAAC;AAAA,SACrE,OAAO,cAAc,eAAe,CAAC,cAAc,OAAO,UAAU,eAAe,CAAC;AAAA,YACjF,MAAM,YAAY;AAAA,EAC5B;AACF;AAGA,IAAI,wBAAwB;AAgBrB,SAAS,iBAAuB;AACrC,YAAU,MAAM;AAEd,QAAI,uBAAuB;AACzB;AAAA,IACF;AACA,4BAAwB;AAGxB;AAAA,MACE,MAAM;AAEJ,gBAAQ,OAAO,MAAM,OAAO,gBAAgB,IAAI,IAAI;AAGpD,YAAI;AACF,gBAAM,gBAAgB,wBAAwB;AAC9C,mCAAyB;AAAA,YACvB,GAAG;AAAA,YACH,UAAU,MAAM;AAAA,YAChB,iBAAiB,MAAM;AAAA,YACvB,cAAc,iBAAiB;AAAA,YAC/B,eAAe;AAAA,UACjB,CAAC;AAAA,QACH,QAAQ;AAAA,QAER;AAAA,MACF;AAAA,MACA,EAAE,YAAY,KAAK;AAAA,IACrB;AAAA,EAGF,GAAG,CAAC,CAAC;AACP;AAKO,SAAS,qBAA2B;AACzC,MAAI,QAAQ,IAAI,aAAa,QAAQ;AACnC,UAAM,IAAI,MAAM,gDAAgD;AAAA,EAClE;AACA,QAAM,YAAY,KAAK,IAAI;AAC3B,QAAM,YAAY;AAClB,QAAM,mBAAmB;AACzB,QAAM,cAAc;AACpB,QAAM,eAAe;AACrB,QAAM,sBAAsB;AAC5B,QAAM,kBAAkB;AACxB,QAAM,eAAe;AACvB;",
+  "names": []
+}

package/dist/core/index.js

@@ -0,0 +1,5 @@
+export * from "./config/index.js";
+export * from "./permissions/index.js";
+export * from "./tools/index.js";
+export * from "./costTracker.js";
+//# sourceMappingURL=index.js.map

package/dist/core/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/core/index.ts"],
+  "sourcesContent": ["/**\n * Core Module\n *\n * Centralized exports for core system functionality.\n */\n\n// Configuration\nexport * from './config'\n\n// Permissions\nexport * from './permissions'\n\n// Tools\nexport * from './tools'\n\n// Cost Tracking\nexport * from './costTracker'\n"],
+  "mappings": "AAOA,cAAc;AAGd,cAAc;AAGd,cAAc;AAGd,cAAc;",
+  "names": []
+}

package/dist/core/permissions/auditLog.js

@@ -0,0 +1,204 @@
+import { appendFileSync, existsSync, mkdirSync, readFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import { getOriginalCwd } from "../../utils/state.js";
+let sessionLog = [];
+let sessionId = generateSessionId();
+function generateSessionId() {
+  return `session_${Date.now()}_${Math.random().toString(36).substring(2, 8)}`;
+}
+function generateEntryId() {
+  return `audit_${Date.now()}_${Math.random().toString(36).substring(2, 6)}`;
+}
+function getAuditLogDir() {
+  return join(homedir(), ".minto", "audit");
+}
+function getAuditLogFilePath() {
+  const dir = getAuditLogDir();
+  const date = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+  return join(dir, `audit-${date}.jsonl`);
+}
+function ensureAuditLogDir() {
+  const dir = getAuditLogDir();
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+}
+function persistEntry(entry) {
+  try {
+    ensureAuditLogDir();
+    const filePath = getAuditLogFilePath();
+    const line = JSON.stringify(entry) + "\n";
+    appendFileSync(filePath, line, "utf-8");
+  } catch (error) {
+    console.error("[Audit] Failed to persist log entry:", error);
+  }
+}
+function logSecurityEvent(params) {
+  const entry = {
+    id: generateEntryId(),
+    timestamp: Date.now(),
+    eventType: params.eventType,
+    toolName: params.toolName,
+    operation: params.operation,
+    target: params.target,
+    outcome: params.outcome,
+    riskLevel: params.riskLevel,
+    context: params.context,
+    projectDir: getOriginalCwd(),
+    userDecision: params.userDecision,
+    triggeredRule: params.triggeredRule,
+    sessionId
+  };
+  sessionLog.push(entry);
+  persistEntry(entry);
+  return entry;
+}
+function logPermissionGranted(toolName, operation, target, userDecision = "approved", context) {
+  return logSecurityEvent({
+    eventType: "permission_granted",
+    toolName,
+    operation,
+    target,
+    outcome: "allowed",
+    userDecision,
+    context
+  });
+}
+function logPermissionDenied(toolName, operation, target, triggeredRule, context) {
+  return logSecurityEvent({
+    eventType: "permission_denied",
+    toolName,
+    operation,
+    target,
+    outcome: "denied",
+    userDecision: "rejected",
+    triggeredRule,
+    context
+  });
+}
+function logOperationBlocked(toolName, operation, target, triggeredRule, riskLevel, context) {
+  return logSecurityEvent({
+    eventType: "permission_blocked",
+    toolName,
+    operation,
+    target,
+    outcome: "blocked",
+    riskLevel,
+    triggeredRule,
+    context
+  });
+}
+function logSensitivePathAccess(toolName, operation, target, category, outcome, userDecision) {
+  return logSecurityEvent({
+    eventType: "sensitive_path_access",
+    toolName,
+    operation,
+    target,
+    outcome,
+    riskLevel: "high",
+    userDecision,
+    context: { category }
+  });
+}
+function logExternalOperation(toolName, operation, target, riskLevel, outcome, userDecision) {
+  return logSecurityEvent({
+    eventType: "external_operation",
+    toolName,
+    operation,
+    target,
+    outcome,
+    riskLevel,
+    userDecision
+  });
+}
+function logDangerousCommand(command, outcome, pattern, userDecision) {
+  return logSecurityEvent({
+    eventType: "dangerous_command",
+    toolName: "Bash",
+    operation: "execute",
+    target: command,
+    outcome,
+    riskLevel: "high",
+    userDecision,
+    context: pattern ? { matchedPattern: pattern } : void 0
+  });
+}
+function getSessionLog() {
+  return [...sessionLog];
+}
+function getEntriesByType(eventType) {
+  return sessionLog.filter((entry) => entry.eventType === eventType);
+}
+function getEntriesByOutcome(outcome) {
+  return sessionLog.filter((entry) => entry.outcome === outcome);
+}
+function getSessionSecuritySummary() {
+  return {
+    totalEvents: sessionLog.length,
+    allowed: sessionLog.filter((e) => e.outcome === "allowed").length,
+    denied: sessionLog.filter((e) => e.outcome === "denied").length,
+    blocked: sessionLog.filter((e) => e.outcome === "blocked").length,
+    sensitiveAccesses: sessionLog.filter(
+      (e) => e.eventType === "sensitive_path_access"
+    ).length,
+    externalOperations: sessionLog.filter(
+      (e) => e.eventType === "external_operation"
+    ).length,
+    dangerousCommands: sessionLog.filter(
+      (e) => e.eventType === "dangerous_command"
+    ).length,
+    highRiskEvents: sessionLog.filter(
+      (e) => e.riskLevel === "high" || e.riskLevel === "critical"
+    ).length
+  };
+}
+function clearSessionLog() {
+  sessionLog = [];
+}
+function resetSession() {
+  sessionId = generateSessionId();
+  sessionLog = [];
+}
+function readAuditLog(date) {
+  const targetDate = date || (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
+  const filePath = join(getAuditLogDir(), `audit-${targetDate}.jsonl`);
+  if (!existsSync(filePath)) {
+    return [];
+  }
+  try {
+    const content = readFileSync(filePath, "utf-8");
+    return content.split("\n").filter((line) => line.trim()).map((line) => JSON.parse(line));
+  } catch (error) {
+    console.error("[Audit] Failed to read audit log:", error);
+    return [];
+  }
+}
+function getRecentSecurityEvents(count = 10) {
+  return sessionLog.slice(-count);
+}
+function formatAuditEntry(entry) {
+  const timestamp = new Date(entry.timestamp).toISOString();
+  const icon = entry.outcome === "allowed" ? "\u2705" : entry.outcome === "denied" ? "\u274C" : "\u{1F6AB}";
+  const risk = entry.riskLevel ? ` [${entry.riskLevel.toUpperCase()}]` : "";
+  return `${icon} [${timestamp}]${risk} ${entry.eventType}: ${entry.toolName} ${entry.operation} \u2192 ${entry.target}`;
+}
+export {
+  clearSessionLog,
+  formatAuditEntry,
+  getEntriesByOutcome,
+  getEntriesByType,
+  getRecentSecurityEvents,
+  getSessionLog,
+  getSessionSecuritySummary,
+  logDangerousCommand,
+  logExternalOperation,
+  logOperationBlocked,
+  logPermissionDenied,
+  logPermissionGranted,
+  logSecurityEvent,
+  logSensitivePathAccess,
+  readAuditLog,
+  resetSession
+};
+//# sourceMappingURL=auditLog.js.map

package/dist/core/permissions/auditLog.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/core/permissions/auditLog.ts"],
+  "sourcesContent": ["/**\n * Security Audit Log\n *\n * Records all security-sensitive operations for accountability and debugging.\n * Logs are stored both in memory (for current session) and optionally on disk.\n */\n\nimport { appendFileSync, existsSync, mkdirSync, readFileSync } from 'fs'\nimport { join } from 'path'\nimport { homedir } from 'os'\nimport { getOriginalCwd } from '@utils/state'\n\n/**\n * Audit log entry type\n */\nexport type AuditEventType =\n  | 'permission_granted' // User granted permission\n  | 'permission_denied' // Permission was denied (user or rule)\n  | 'permission_blocked' // Operation was blocked by security rule\n  | 'sensitive_path_access' // Access to sensitive path\n  | 'external_operation' // Operation outside project directory\n  | 'dangerous_command' // Dangerous command execution\n  | 'security_warning' // Security warning issued\n\n/**\n * Audit log entry\n */\nexport interface AuditLogEntry {\n  /** Unique entry ID */\n  id: string\n  /** Timestamp */\n  timestamp: number\n  /** Event type */\n  eventType: AuditEventType\n  /** Tool name */\n  toolName: string\n  /** Operation details */\n  operation: string\n  /** Target path or command */\n  target: string\n  /** Outcome: allowed, denied, blocked */\n  outcome: 'allowed' | 'denied' | 'blocked'\n  /** Risk level if applicable */\n  riskLevel?: 'low' | 'medium' | 'high' | 'critical'\n  /** Additional context */\n  context?: Record<string, unknown>\n  /** Project directory */\n  projectDir: string\n  /** User decision (if applicable) */\n  userDecision?: 'approved' | 'rejected' | 'auto'\n  /** Rule that triggered (if applicable) */\n  triggeredRule?: string\n  /** Session ID */\n  sessionId: string\n}\n\n/**\n * In-memory audit log for current session\n */\nlet sessionLog: AuditLogEntry[] = []\nlet sessionId: string = generateSessionId()\n\n/**\n * Generate a unique session ID\n */\nfunction generateSessionId(): string {\n  return `session_${Date.now()}_${Math.random().toString(36).substring(2, 8)}`\n}\n\n/**\n * Generate a unique entry ID\n */\nfunction generateEntryId(): string {\n  return `audit_${Date.now()}_${Math.random().toString(36).substring(2, 6)}`\n}\n\n/**\n * Get the audit log directory\n */\nfunction getAuditLogDir(): string {\n  return join(homedir(), '.minto', 'audit')\n}\n\n/**\n * Get the current day's audit log file path\n */\nfunction getAuditLogFilePath(): string {\n  const dir = getAuditLogDir()\n  const date = new Date().toISOString().split('T')[0] // YYYY-MM-DD\n  return join(dir, `audit-${date}.jsonl`)\n}\n\n/**\n * Ensure audit log directory exists\n */\nfunction ensureAuditLogDir(): void {\n  const dir = getAuditLogDir()\n  if (!existsSync(dir)) {\n    mkdirSync(dir, { recursive: true })\n  }\n}\n\n/**\n * Write entry to disk\n */\nfunction persistEntry(entry: AuditLogEntry): void {\n  try {\n    ensureAuditLogDir()\n    const filePath = getAuditLogFilePath()\n    const line = JSON.stringify(entry) + '\\n'\n    appendFileSync(filePath, line, 'utf-8')\n  } catch (error) {\n    // Silently fail - audit logging should not break the application\n    console.error('[Audit] Failed to persist log entry:', error)\n  }\n}\n\n/**\n * Log a security event\n */\nexport function logSecurityEvent(params: {\n  eventType: AuditEventType\n  toolName: string\n  operation: string\n  target: string\n  outcome: 'allowed' | 'denied' | 'blocked'\n  riskLevel?: 'low' | 'medium' | 'high' | 'critical'\n  context?: Record<string, unknown>\n  userDecision?: 'approved' | 'rejected' | 'auto'\n  triggeredRule?: string\n}): AuditLogEntry {\n  const entry: AuditLogEntry = {\n    id: generateEntryId(),\n    timestamp: Date.now(),\n    eventType: params.eventType,\n    toolName: params.toolName,\n    operation: params.operation,\n    target: params.target,\n    outcome: params.outcome,\n    riskLevel: params.riskLevel,\n    context: params.context,\n    projectDir: getOriginalCwd(),\n    userDecision: params.userDecision,\n    triggeredRule: params.triggeredRule,\n    sessionId,\n  }\n\n  // Add to in-memory log\n  sessionLog.push(entry)\n\n  // Persist to disk\n  persistEntry(entry)\n\n  return entry\n}\n\n/**\n * Log permission granted event\n */\nexport function logPermissionGranted(\n  toolName: string,\n  operation: string,\n  target: string,\n  userDecision: 'approved' | 'auto' = 'approved',\n  context?: Record<string, unknown>,\n): AuditLogEntry {\n  return logSecurityEvent({\n    eventType: 'permission_granted',\n    toolName,\n    operation,\n    target,\n    outcome: 'allowed',\n    userDecision,\n    context,\n  })\n}\n\n/**\n * Log permission denied event\n */\nexport function logPermissionDenied(\n  toolName: string,\n  operation: string,\n  target: string,\n  triggeredRule?: string,\n  context?: Record<string, unknown>,\n): AuditLogEntry {\n  return logSecurityEvent({\n    eventType: 'permission_denied',\n    toolName,\n    operation,\n    target,\n    outcome: 'denied',\n    userDecision: 'rejected',\n    triggeredRule,\n    context,\n  })\n}\n\n/**\n * Log operation blocked by security rule\n */\nexport function logOperationBlocked(\n  toolName: string,\n  operation: string,\n  target: string,\n  triggeredRule: string,\n  riskLevel: 'low' | 'medium' | 'high' | 'critical',\n  context?: Record<string, unknown>,\n): AuditLogEntry {\n  return logSecurityEvent({\n    eventType: 'permission_blocked',\n    toolName,\n    operation,\n    target,\n    outcome: 'blocked',\n    riskLevel,\n    triggeredRule,\n    context,\n  })\n}\n\n/**\n * Log sensitive path access\n */\nexport function logSensitivePathAccess(\n  toolName: string,\n  operation: string,\n  target: string,\n  category: string,\n  outcome: 'allowed' | 'denied' | 'blocked',\n  userDecision?: 'approved' | 'rejected',\n): AuditLogEntry {\n  return logSecurityEvent({\n    eventType: 'sensitive_path_access',\n    toolName,\n    operation,\n    target,\n    outcome,\n    riskLevel: 'high',\n    userDecision,\n    context: { category },\n  })\n}\n\n/**\n * Log external operation (outside project directory)\n */\nexport function logExternalOperation(\n  toolName: string,\n  operation: string,\n  target: string,\n  riskLevel: 'low' | 'medium' | 'high' | 'critical',\n  outcome: 'allowed' | 'denied' | 'blocked',\n  userDecision?: 'approved' | 'rejected',\n): AuditLogEntry {\n  return logSecurityEvent({\n    eventType: 'external_operation',\n    toolName,\n    operation,\n    target,\n    outcome,\n    riskLevel,\n    userDecision,\n  })\n}\n\n/**\n * Log dangerous command execution\n */\nexport function logDangerousCommand(\n  command: string,\n  outcome: 'allowed' | 'denied' | 'blocked',\n  pattern?: string,\n  userDecision?: 'approved' | 'rejected',\n): AuditLogEntry {\n  return logSecurityEvent({\n    eventType: 'dangerous_command',\n    toolName: 'Bash',\n    operation: 'execute',\n    target: command,\n    outcome,\n    riskLevel: 'high',\n    userDecision,\n    context: pattern ? { matchedPattern: pattern } : undefined,\n  })\n}\n\n/**\n * Get all entries from current session\n */\nexport function getSessionLog(): AuditLogEntry[] {\n  return [...sessionLog]\n}\n\n/**\n * Get entries filtered by event type\n */\nexport function getEntriesByType(eventType: AuditEventType): AuditLogEntry[] {\n  return sessionLog.filter(entry => entry.eventType === eventType)\n}\n\n/**\n * Get entries filtered by outcome\n */\nexport function getEntriesByOutcome(\n  outcome: 'allowed' | 'denied' | 'blocked',\n): AuditLogEntry[] {\n  return sessionLog.filter(entry => entry.outcome === outcome)\n}\n\n/**\n * Get security summary for current session\n */\nexport function getSessionSecuritySummary(): {\n  totalEvents: number\n  allowed: number\n  denied: number\n  blocked: number\n  sensitiveAccesses: number\n  externalOperations: number\n  dangerousCommands: number\n  highRiskEvents: number\n} {\n  return {\n    totalEvents: sessionLog.length,\n    allowed: sessionLog.filter(e => e.outcome === 'allowed').length,\n    denied: sessionLog.filter(e => e.outcome === 'denied').length,\n    blocked: sessionLog.filter(e => e.outcome === 'blocked').length,\n    sensitiveAccesses: sessionLog.filter(\n      e => e.eventType === 'sensitive_path_access',\n    ).length,\n    externalOperations: sessionLog.filter(\n      e => e.eventType === 'external_operation',\n    ).length,\n    dangerousCommands: sessionLog.filter(\n      e => e.eventType === 'dangerous_command',\n    ).length,\n    highRiskEvents: sessionLog.filter(\n      e => e.riskLevel === 'high' || e.riskLevel === 'critical',\n    ).length,\n  }\n}\n\n/**\n * Clear session log (for testing)\n */\nexport function clearSessionLog(): void {\n  sessionLog = []\n}\n\n/**\n * Reset session (generates new session ID)\n */\nexport function resetSession(): void {\n  sessionId = generateSessionId()\n  sessionLog = []\n}\n\n/**\n * Read audit log entries from disk for a specific date\n */\nexport function readAuditLog(date?: string): AuditLogEntry[] {\n  const targetDate = date || new Date().toISOString().split('T')[0]\n  const filePath = join(getAuditLogDir(), `audit-${targetDate}.jsonl`)\n\n  if (!existsSync(filePath)) {\n    return []\n  }\n\n  try {\n    const content = readFileSync(filePath, 'utf-8')\n    return content\n      .split('\\n')\n      .filter(line => line.trim())\n      .map(line => JSON.parse(line) as AuditLogEntry)\n  } catch (error) {\n    console.error('[Audit] Failed to read audit log:', error)\n    return []\n  }\n}\n\n/**\n * Get recent security events (last N entries)\n */\nexport function getRecentSecurityEvents(count: number = 10): AuditLogEntry[] {\n  return sessionLog.slice(-count)\n}\n\n/**\n * Format audit entry for display\n */\nexport function formatAuditEntry(entry: AuditLogEntry): string {\n  const timestamp = new Date(entry.timestamp).toISOString()\n  const icon =\n    entry.outcome === 'allowed'\n      ? '\u2705'\n      : entry.outcome === 'denied'\n        ? '\u274C'\n        : '\uD83D\uDEAB'\n  const risk = entry.riskLevel ? ` [${entry.riskLevel.toUpperCase()}]` : ''\n\n  return `${icon} [${timestamp}]${risk} ${entry.eventType}: ${entry.toolName} ${entry.operation} \u2192 ${entry.target}`\n}\n"],
+  "mappings": "AAOA,SAAS,gBAAgB,YAAY,WAAW,oBAAoB;AACpE,SAAS,YAAY;AACrB,SAAS,eAAe;AACxB,SAAS,sBAAsB;AAiD/B,IAAI,aAA8B,CAAC;AACnC,IAAI,YAAoB,kBAAkB;AAK1C,SAAS,oBAA4B;AACnC,SAAO,WAAW,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,UAAU,GAAG,CAAC,CAAC;AAC5E;AAKA,SAAS,kBAA0B;AACjC,SAAO,SAAS,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,UAAU,GAAG,CAAC,CAAC;AAC1E;AAKA,SAAS,iBAAyB;AAChC,SAAO,KAAK,QAAQ,GAAG,UAAU,OAAO;AAC1C;AAKA,SAAS,sBAA8B;AACrC,QAAM,MAAM,eAAe;AAC3B,QAAM,QAAO,oBAAI,KAAK,GAAE,YAAY,EAAE,MAAM,GAAG,EAAE,CAAC;AAClD,SAAO,KAAK,KAAK,SAAS,IAAI,QAAQ;AACxC;AAKA,SAAS,oBAA0B;AACjC,QAAM,MAAM,eAAe;AAC3B,MAAI,CAAC,WAAW,GAAG,GAAG;AACpB,cAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AAAA,EACpC;AACF;AAKA,SAAS,aAAa,OAA4B;AAChD,MAAI;AACF,sBAAkB;AAClB,UAAM,WAAW,oBAAoB;AACrC,UAAM,OAAO,KAAK,UAAU,KAAK,IAAI;AACrC,mBAAe,UAAU,MAAM,OAAO;AAAA,EACxC,SAAS,OAAO;AAEd,YAAQ,MAAM,wCAAwC,KAAK;AAAA,EAC7D;AACF;AAKO,SAAS,iBAAiB,QAUf;AAChB,QAAM,QAAuB;AAAA,IAC3B,IAAI,gBAAgB;AAAA,IACpB,WAAW,KAAK,IAAI;AAAA,IACpB,WAAW,OAAO;AAAA,IAClB,UAAU,OAAO;AAAA,IACjB,WAAW,OAAO;AAAA,IAClB,QAAQ,OAAO;AAAA,IACf,SAAS,OAAO;AAAA,IAChB,WAAW,OAAO;AAAA,IAClB,SAAS,OAAO;AAAA,IAChB,YAAY,eAAe;AAAA,IAC3B,cAAc,OAAO;AAAA,IACrB,eAAe,OAAO;AAAA,IACtB;AAAA,EACF;AAGA,aAAW,KAAK,KAAK;AAGrB,eAAa,KAAK;AAElB,SAAO;AACT;AAKO,SAAS,qBACd,UACA,WACA,QACA,eAAoC,YACpC,SACe;AACf,SAAO,iBAAiB;AAAA,IACtB,WAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAKO,SAAS,oBACd,UACA,WACA,QACA,eACA,SACe;AACf,SAAO,iBAAiB;AAAA,IACtB,WAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT,cAAc;AAAA,IACd;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAKO,SAAS,oBACd,UACA,WACA,QACA,eACA,WACA,SACe;AACf,SAAO,iBAAiB;AAAA,IACtB,WAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAKO,SAAS,uBACd,UACA,WACA,QACA,UACA,SACA,cACe;AACf,SAAO,iBAAiB;AAAA,IACtB,WAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW;AAAA,IACX;AAAA,IACA,SAAS,EAAE,SAAS;AAAA,EACtB,CAAC;AACH;AAKO,SAAS,qBACd,UACA,WACA,QACA,WACA,SACA,cACe;AACf,SAAO,iBAAiB;AAAA,IACtB,WAAW;AAAA,IACX;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAKO,SAAS,oBACd,SACA,SACA,SACA,cACe;AACf,SAAO,iBAAiB;AAAA,IACtB,WAAW;AAAA,IACX,UAAU;AAAA,IACV,WAAW;AAAA,IACX,QAAQ;AAAA,IACR;AAAA,IACA,WAAW;AAAA,IACX;AAAA,IACA,SAAS,UAAU,EAAE,gBAAgB,QAAQ,IAAI;AAAA,EACnD,CAAC;AACH;AAKO,SAAS,gBAAiC;AAC/C,SAAO,CAAC,GAAG,UAAU;AACvB;AAKO,SAAS,iBAAiB,WAA4C;AAC3E,SAAO,WAAW,OAAO,WAAS,MAAM,cAAc,SAAS;AACjE;AAKO,SAAS,oBACd,SACiB;AACjB,SAAO,WAAW,OAAO,WAAS,MAAM,YAAY,OAAO;AAC7D;AAKO,SAAS,4BASd;AACA,SAAO;AAAA,IACL,aAAa,WAAW;AAAA,IACxB,SAAS,WAAW,OAAO,OAAK,EAAE,YAAY,SAAS,EAAE;AAAA,IACzD,QAAQ,WAAW,OAAO,OAAK,EAAE,YAAY,QAAQ,EAAE;AAAA,IACvD,SAAS,WAAW,OAAO,OAAK,EAAE,YAAY,SAAS,EAAE;AAAA,IACzD,mBAAmB,WAAW;AAAA,MAC5B,OAAK,EAAE,cAAc;AAAA,IACvB,EAAE;AAAA,IACF,oBAAoB,WAAW;AAAA,MAC7B,OAAK,EAAE,cAAc;AAAA,IACvB,EAAE;AAAA,IACF,mBAAmB,WAAW;AAAA,MAC5B,OAAK,EAAE,cAAc;AAAA,IACvB,EAAE;AAAA,IACF,gBAAgB,WAAW;AAAA,MACzB,OAAK,EAAE,cAAc,UAAU,EAAE,cAAc;AAAA,IACjD,EAAE;AAAA,EACJ;AACF;AAKO,SAAS,kBAAwB;AACtC,eAAa,CAAC;AAChB;AAKO,SAAS,eAAqB;AACnC,cAAY,kBAAkB;AAC9B,eAAa,CAAC;AAChB;AAKO,SAAS,aAAa,MAAgC;AAC3D,QAAM,aAAa,SAAQ,oBAAI,KAAK,GAAE,YAAY,EAAE,MAAM,GAAG,EAAE,CAAC;AAChE,QAAM,WAAW,KAAK,eAAe,GAAG,SAAS,UAAU,QAAQ;AAEnE,MAAI,CAAC,WAAW,QAAQ,GAAG;AACzB,WAAO,CAAC;AAAA,EACV;AAEA,MAAI;AACF,UAAM,UAAU,aAAa,UAAU,OAAO;AAC9C,WAAO,QACJ,MAAM,IAAI,EACV,OAAO,UAAQ,KAAK,KAAK,CAAC,EAC1B,IAAI,UAAQ,KAAK,MAAM,IAAI,CAAkB;AAAA,EAClD,SAAS,OAAO;AACd,YAAQ,MAAM,qCAAqC,KAAK;AACxD,WAAO,CAAC;AAAA,EACV;AACF;AAKO,SAAS,wBAAwB,QAAgB,IAAqB;AAC3E,SAAO,WAAW,MAAM,CAAC,KAAK;AAChC;AAKO,SAAS,iBAAiB,OAA8B;AAC7D,QAAM,YAAY,IAAI,KAAK,MAAM,SAAS,EAAE,YAAY;AACxD,QAAM,OACJ,MAAM,YAAY,YACd,WACA,MAAM,YAAY,WAChB,WACA;AACR,QAAM,OAAO,MAAM,YAAY,KAAK,MAAM,UAAU,YAAY,CAAC,MAAM;AAEvE,SAAO,GAAG,IAAI,KAAK,SAAS,IAAI,IAAI,IAAI,MAAM,SAAS,KAAK,MAAM,QAAQ,IAAI,MAAM,SAAS,WAAM,MAAM,MAAM;AACjH;",
+  "names": []
+}

package/dist/core/permissions/engine/index.js

@@ -0,0 +1,3 @@
+export * from "./types.js";
+export * from "./permissionEngine.js";
+//# sourceMappingURL=index.js.map

package/dist/core/permissions/engine/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/core/permissions/engine/index.ts"],
+  "sourcesContent": ["/**\n * Permission Engine Index\n */\n\nexport * from './types'\nexport * from './permissionEngine'\n"],
+  "mappings": "AAIA,cAAc;AACd,cAAc;",
+  "names": []
+}