npm - @within-7/minto - Versions diffs - 0.1.6 → 0.2.0 - Mend

@within-7/minto 0.1.6 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (487) hide show

package/cli.js +155 -37
package/dist/Tool.js +38 -0
package/dist/Tool.js.map +3 -3
package/dist/commands/agents/AgentsCommand.js +52 -26
package/dist/commands/agents/AgentsCommand.js.map +2 -2
package/dist/commands/agents/constants.js +1 -1
package/dist/commands/agents/constants.js.map +1 -1
package/dist/commands/agents/index.js +1 -1
package/dist/commands/bug.js +74 -7
package/dist/commands/bug.js.map +3 -3
package/dist/commands/clear.js +3 -0
package/dist/commands/clear.js.map +2 -2
package/dist/commands/compact.js +37 -0
package/dist/commands/compact.js.map +2 -2
package/dist/commands/context.js +84 -0
package/dist/commands/context.js.map +7 -0
package/dist/commands/ctx_viz.js +18 -10
package/dist/commands/ctx_viz.js.map +2 -2
package/dist/commands/doctor.js +158 -12
package/dist/commands/doctor.js.map +2 -2
package/dist/commands/export.js +156 -0
package/dist/commands/export.js.map +7 -0
package/dist/commands/mcp-interactive.js +21 -12
package/dist/commands/mcp-interactive.js.map +2 -2
package/dist/commands/model.js +6 -5
package/dist/commands/model.js.map +2 -2
package/dist/commands/permissions.js +86 -0
package/dist/commands/permissions.js.map +7 -0
package/dist/commands/quit.js +3 -1
package/dist/commands/quit.js.map +2 -2
package/dist/commands/sandbox.js +104 -0
package/dist/commands/sandbox.js.map +7 -0
package/dist/commands/status.js +58 -0
package/dist/commands/status.js.map +7 -0
package/dist/commands/tasks.js +108 -0
package/dist/commands/tasks.js.map +7 -0
package/dist/commands/todos.js +123 -0
package/dist/commands/todos.js.map +7 -0
package/dist/commands.js +20 -2
package/dist/commands.js.map +2 -2
package/dist/components/AgentThinkingBlock.js +10 -18
package/dist/components/AgentThinkingBlock.js.map +2 -2
package/dist/components/BackgroundTasksPanel.js +78 -29
package/dist/components/BackgroundTasksPanel.js.map +2 -2
package/dist/components/BashStreamingProgress.js +24 -0
package/dist/components/BashStreamingProgress.js.map +7 -0
package/dist/components/CollapsibleHint.js +14 -0
package/dist/components/CollapsibleHint.js.map +7 -0
package/dist/components/FileEditToolUpdatedMessage.js +1 -1
package/dist/components/FileEditToolUpdatedMessage.js.map +2 -2
package/dist/components/HotkeyHelpPanel.js +137 -0
package/dist/components/HotkeyHelpPanel.js.map +7 -0
package/dist/components/Logo.js +5 -5
package/dist/components/Logo.js.map +2 -2
package/dist/components/Message.js +23 -7
package/dist/components/Message.js.map +3 -3
package/dist/components/ModelConfig.js +16 -3
package/dist/components/ModelConfig.js.map +2 -2
package/dist/components/ModelListManager.js +3 -3
package/dist/components/ModelListManager.js.map +2 -2
package/dist/components/ModelSelector/ModelSelector.js +1 -1
package/dist/components/Onboarding.js +19 -14
package/dist/components/Onboarding.js.map +2 -2
package/dist/components/ProgressBar.js +74 -0
package/dist/components/ProgressBar.js.map +7 -0
package/dist/components/PromptInput.js +156 -46
package/dist/components/PromptInput.js.map +2 -2
package/dist/components/RequestStatusIndicator.js +194 -0
package/dist/components/RequestStatusIndicator.js.map +7 -0
package/dist/components/Spinner.js +92 -27
package/dist/components/Spinner.js.map +2 -2
package/dist/components/SpinnerSymbol.js +21 -27
package/dist/components/SpinnerSymbol.js.map +2 -2
package/dist/components/StreamingBashOutput.js +9 -8
package/dist/components/StreamingBashOutput.js.map +2 -2
package/dist/components/SubagentBlock.js +1 -1
package/dist/components/SubagentBlock.js.map +1 -1
package/dist/components/SubagentProgress.js +10 -11
package/dist/components/SubagentProgress.js.map +2 -2
package/dist/components/TaskCard.js +16 -13
package/dist/components/TaskCard.js.map +2 -2
package/dist/components/TodoChangeBlock.js +1 -1
package/dist/components/TodoChangeBlock.js.map +2 -2
package/dist/components/TodoPanel.js +120 -29
package/dist/components/TodoPanel.js.map +3 -3
package/dist/components/TokenCounter.js +74 -0
package/dist/components/TokenCounter.js.map +7 -0
package/dist/components/TokenWarning.js +2 -1
package/dist/components/TokenWarning.js.map +2 -2
package/dist/components/TreeConnector.js +25 -0
package/dist/components/TreeConnector.js.map +7 -0
package/dist/components/TurnCompletionIndicator.js +18 -0
package/dist/components/TurnCompletionIndicator.js.map +7 -0
package/dist/components/messages/AssistantTextMessage.js +5 -2
package/dist/components/messages/AssistantTextMessage.js.map +2 -2
package/dist/components/messages/AssistantThinkingMessage.js +18 -3
package/dist/components/messages/AssistantThinkingMessage.js.map +2 -2
package/dist/components/messages/AssistantToolUseMessage.js +11 -8
package/dist/components/messages/AssistantToolUseMessage.js.map +2 -2
package/dist/components/messages/GroupRenderer.js +53 -0
package/dist/components/messages/GroupRenderer.js.map +7 -0
package/dist/components/messages/NestedTasksPreview.js +12 -0
package/dist/components/messages/NestedTasksPreview.js.map +7 -0
package/dist/components/messages/ParallelTasksGroupView.js +92 -0
package/dist/components/messages/ParallelTasksGroupView.js.map +7 -0
package/dist/components/messages/TaskInModuleView.js +198 -0
package/dist/components/messages/TaskInModuleView.js.map +7 -0
package/dist/components/messages/TaskOutputContent.js +53 -0
package/dist/components/messages/TaskOutputContent.js.map +7 -0
package/dist/components/messages/UserPromptMessage.js +1 -1
package/dist/components/messages/UserPromptMessage.js.map +2 -2
package/dist/components/messages/UserToolResultMessage/UserToolSuccessMessage.js +2 -3
package/dist/components/messages/UserToolResultMessage/UserToolSuccessMessage.js.map +2 -2
package/dist/components/permissions/FallbackPermissionRequest.js +4 -4
package/dist/components/permissions/FallbackPermissionRequest.js.map +2 -2
package/dist/components/permissions/FilesystemPermissionRequest/FilesystemPermissionRequest.js +4 -4
package/dist/components/permissions/FilesystemPermissionRequest/FilesystemPermissionRequest.js.map +2 -2
package/dist/constants/colors.js +48 -0
package/dist/constants/colors.js.map +2 -2
package/dist/constants/formatRules.js +102 -0
package/dist/constants/formatRules.js.map +7 -0
package/dist/constants/prompts.js +12 -34
package/dist/constants/prompts.js.map +2 -2
package/dist/constants/symbols.js +64 -6
package/dist/constants/symbols.js.map +2 -2
package/dist/constants/timing.js +5 -0
package/dist/constants/timing.js.map +2 -2
package/dist/core/config/defaults.js +84 -0
package/dist/core/config/defaults.js.map +7 -0
package/dist/core/config/index.js +111 -0
package/dist/core/config/index.js.map +7 -0
package/dist/core/config/loader.js +221 -0
package/dist/core/config/loader.js.map +7 -0
package/dist/core/config/migrations.js +128 -0
package/dist/core/config/migrations.js.map +7 -0
package/dist/core/config/schema.js +178 -0
package/dist/core/config/schema.js.map +7 -0
package/dist/core/costTracker.js +138 -0
package/dist/core/costTracker.js.map +7 -0
package/dist/core/index.js +5 -0
package/dist/core/index.js.map +7 -0
package/dist/core/permissions/auditLog.js +204 -0
package/dist/core/permissions/auditLog.js.map +7 -0
package/dist/core/permissions/engine/index.js +3 -0
package/dist/core/permissions/engine/index.js.map +7 -0
package/dist/core/permissions/engine/permissionEngine.js +106 -0
package/dist/core/permissions/engine/permissionEngine.js.map +7 -0
package/dist/core/permissions/engine/types.js +1 -0
package/dist/core/permissions/engine/types.js.map +7 -0
package/dist/core/permissions/index.js +84 -0
package/dist/core/permissions/index.js.map +7 -0
package/dist/core/permissions/ruleEngine.js +259 -0
package/dist/core/permissions/ruleEngine.js.map +7 -0
package/dist/core/permissions/rules/allowedToolsRule.js +62 -0
package/dist/core/permissions/rules/allowedToolsRule.js.map +7 -0
package/dist/core/permissions/rules/autoEscalationRule.js +291 -0
package/dist/core/permissions/rules/autoEscalationRule.js.map +7 -0
package/dist/core/permissions/rules/index.js +46 -0
package/dist/core/permissions/rules/index.js.map +7 -0
package/dist/core/permissions/rules/planModeRule.js +55 -0
package/dist/core/permissions/rules/planModeRule.js.map +7 -0
package/dist/core/permissions/rules/projectBoundaryRule.js +168 -0
package/dist/core/permissions/rules/projectBoundaryRule.js.map +7 -0
package/dist/core/permissions/rules/safeModeRule.js +65 -0
package/dist/core/permissions/rules/safeModeRule.js.map +7 -0
package/dist/core/permissions/rules/sensitivePathsRule.js +340 -0
package/dist/core/permissions/rules/sensitivePathsRule.js.map +7 -0
package/dist/core/permissions/types.js +127 -0
package/dist/core/permissions/types.js.map +7 -0
package/dist/core/tools/executor.js +143 -0
package/dist/core/tools/executor.js.map +7 -0
package/dist/core/tools/index.js +15 -0
package/dist/core/tools/index.js.map +7 -0
package/dist/core/tools/registry.js +183 -0
package/dist/core/tools/registry.js.map +7 -0
package/dist/core/tools/types.js +1 -0
package/dist/core/tools/types.js.map +7 -0
package/dist/cost-tracker.js +23 -15
package/dist/cost-tracker.js.map +2 -2
package/dist/entrypoints/cli.js +43 -43
package/dist/entrypoints/cli.js.map +2 -2
package/dist/entrypoints/mcp.js +12 -4
package/dist/entrypoints/mcp.js.map +2 -2
package/dist/history.js +14 -3
package/dist/history.js.map +2 -2
package/dist/hooks/useAgentTranscripts.js +116 -0
package/dist/hooks/useAgentTranscripts.js.map +7 -0
package/dist/hooks/useAnimationSync.js +53 -0
package/dist/hooks/useAnimationSync.js.map +7 -0
package/dist/hooks/useArrowKeyHistory.js +4 -2
package/dist/hooks/useArrowKeyHistory.js.map +2 -2
package/dist/hooks/useCanUseTool.js +3 -1
package/dist/hooks/useCanUseTool.js.map +2 -2
package/dist/hooks/useCancelRequest.js +4 -1
package/dist/hooks/useCancelRequest.js.map +2 -2
package/dist/hooks/useExitOnCtrlCD.js +9 -5
package/dist/hooks/useExitOnCtrlCD.js.map +2 -2
package/dist/hooks/useHookStatus.js +40 -0
package/dist/hooks/useHookStatus.js.map +7 -0
package/dist/hooks/useLogMessages.js +17 -1
package/dist/hooks/useLogMessages.js.map +2 -2
package/dist/hooks/useMessageGroups.js +43 -0
package/dist/hooks/useMessageGroups.js.map +7 -0
package/dist/hooks/useTerminalSize.js +62 -6
package/dist/hooks/useTerminalSize.js.map +2 -2
package/dist/hooks/useUnifiedCompletion.js +69 -0
package/dist/hooks/useUnifiedCompletion.js.map +2 -2
package/dist/i18n/index.js +109 -0
package/dist/i18n/index.js.map +7 -0
package/dist/i18n/locales/en.js +347 -0
package/dist/i18n/locales/en.js.map +7 -0
package/dist/i18n/locales/index.js +7 -0
package/dist/i18n/locales/index.js.map +7 -0
package/dist/i18n/locales/zh-CN.js +347 -0
package/dist/i18n/locales/zh-CN.js.map +7 -0
package/dist/i18n/types.js +8 -0
package/dist/i18n/types.js.map +7 -0
package/dist/query.js +175 -17
package/dist/query.js.map +3 -3
package/dist/screens/REPL.js +501 -192
package/dist/screens/REPL.js.map +3 -3
package/dist/services/adapters/chatCompletions.js +3 -1
package/dist/services/adapters/chatCompletions.js.map +2 -2
package/dist/services/adapters/messageNormalizer.js +354 -0
package/dist/services/adapters/messageNormalizer.js.map +7 -0
package/dist/services/adapters/responsesAPI.js +6 -3
package/dist/services/adapters/responsesAPI.js.map +2 -2
package/dist/services/checkpointManager.js +386 -0
package/dist/services/checkpointManager.js.map +7 -0
package/dist/services/claude.js +138 -11
package/dist/services/claude.js.map +3 -3
package/dist/services/compressionService.js +50 -1
package/dist/services/compressionService.js.map +2 -2
package/dist/services/contextMonitor.js +162 -0
package/dist/services/contextMonitor.js.map +7 -0
package/dist/services/customCommands.js +60 -41
package/dist/services/customCommands.js.map +2 -2
package/dist/services/hookExecutor.js +173 -1
package/dist/services/hookExecutor.js.map +2 -2
package/dist/services/intelligentCompactor.js +281 -0
package/dist/services/intelligentCompactor.js.map +7 -0
package/dist/services/lspConfig.js +109 -0
package/dist/services/lspConfig.js.map +7 -0
package/dist/services/mcpClient.js +273 -34
package/dist/services/mcpClient.js.map +2 -2
package/dist/services/modelOrchestrator.js +310 -0
package/dist/services/modelOrchestrator.js.map +7 -0
package/dist/services/openai.js +8 -1
package/dist/services/openai.js.map +2 -2
package/dist/services/outputStyles.js +138 -0
package/dist/services/outputStyles.js.map +7 -0
package/dist/services/plugins/index.js +5 -0
package/dist/services/plugins/index.js.map +7 -0
package/dist/services/plugins/lspServers.js +188 -0
package/dist/services/plugins/lspServers.js.map +7 -0
package/dist/services/plugins/pluginRuntime.js +229 -0
package/dist/services/plugins/pluginRuntime.js.map +7 -0
package/dist/services/plugins/pluginValidation.js +219 -0
package/dist/services/plugins/pluginValidation.js.map +7 -0
package/dist/services/plugins/skillMarketplace.js +556 -0
package/dist/services/plugins/skillMarketplace.js.map +7 -0
package/dist/services/responseStateManager.js +37 -3
package/dist/services/responseStateManager.js.map +2 -2
package/dist/services/sandbox/filesystemBoundary.js +300 -0
package/dist/services/sandbox/filesystemBoundary.js.map +7 -0
package/dist/services/sandbox/index.js +14 -0
package/dist/services/sandbox/index.js.map +7 -0
package/dist/services/sandbox/networkProxy.js +293 -0
package/dist/services/sandbox/networkProxy.js.map +7 -0
package/dist/services/sandbox/sandboxController.js +574 -0
package/dist/services/sandbox/sandboxController.js.map +7 -0
package/dist/services/sandbox/types.js +50 -0
package/dist/services/sandbox/types.js.map +7 -0
package/dist/services/sessionMemory.js +266 -0
package/dist/services/sessionMemory.js.map +7 -0
package/dist/services/taskRouter.js +324 -0
package/dist/services/taskRouter.js.map +7 -0
package/dist/tools/ArchitectTool/ArchitectTool.js +10 -3
package/dist/tools/ArchitectTool/ArchitectTool.js.map +2 -2
package/dist/tools/AskExpertModelTool/AskExpertModelTool.js +3 -0
package/dist/tools/AskExpertModelTool/AskExpertModelTool.js.map +2 -2
package/dist/tools/AskUserQuestionTool/AskUserQuestionTool.js +8 -1
package/dist/tools/AskUserQuestionTool/AskUserQuestionTool.js.map +2 -2
package/dist/tools/BaseTool.js +72 -0
package/dist/tools/BaseTool.js.map +7 -0
package/dist/tools/BashOutputTool/BashOutputToolResultMessage.js +3 -0
package/dist/tools/BashOutputTool/BashOutputToolResultMessage.js.map +2 -2
package/dist/tools/BashTool/BashTool.js +60 -3
package/dist/tools/BashTool/BashTool.js.map +2 -2
package/dist/tools/BashTool/BashToolResultMessage.js +3 -0
package/dist/tools/BashTool/BashToolResultMessage.js.map +2 -2
package/dist/tools/BashTool/OutputLine.js +54 -0
package/dist/tools/BashTool/OutputLine.js.map +2 -2
package/dist/tools/BashTool/prompt.js +192 -3
package/dist/tools/BashTool/prompt.js.map +2 -2
package/dist/tools/FileEditTool/FileEditTool.js +29 -4
package/dist/tools/FileEditTool/FileEditTool.js.map +2 -2
package/dist/tools/FileReadTool/FileReadTool.js +23 -4
package/dist/tools/FileReadTool/FileReadTool.js.map +2 -2
package/dist/tools/FileWriteTool/FileWriteTool.js +5 -5
package/dist/tools/FileWriteTool/FileWriteTool.js.map +2 -2
package/dist/tools/GlobTool/GlobTool.js +14 -3
package/dist/tools/GlobTool/GlobTool.js.map +2 -2
package/dist/tools/GrepTool/GrepTool.js +41 -7
package/dist/tools/GrepTool/GrepTool.js.map +2 -2
package/dist/tools/KillShellTool/KillShellToolResultMessage.js +3 -0
package/dist/tools/KillShellTool/KillShellToolResultMessage.js.map +2 -2
package/dist/tools/ListMcpResourcesTool/ListMcpResourcesTool.js +109 -0
package/dist/tools/ListMcpResourcesTool/ListMcpResourcesTool.js.map +7 -0
package/dist/tools/ListMcpResourcesTool/prompt.js +19 -0
package/dist/tools/ListMcpResourcesTool/prompt.js.map +7 -0
package/dist/tools/LspTool/LspTool.js +664 -0
package/dist/tools/LspTool/LspTool.js.map +7 -0
package/dist/tools/LspTool/prompt.js +27 -0
package/dist/tools/LspTool/prompt.js.map +7 -0
package/dist/tools/MCPTool/MCPTool.js +11 -4
package/dist/tools/MCPTool/MCPTool.js.map +2 -2
package/dist/tools/MemoryReadTool/MemoryReadTool.js +19 -6
package/dist/tools/MemoryReadTool/MemoryReadTool.js.map +2 -2
package/dist/tools/MemoryWriteTool/MemoryWriteTool.js +6 -6
package/dist/tools/MemoryWriteTool/MemoryWriteTool.js.map +2 -2
package/dist/tools/MultiEditTool/MultiEditTool.js +19 -2
package/dist/tools/MultiEditTool/MultiEditTool.js.map +2 -2
package/dist/tools/NotebookEditTool/NotebookEditTool.js +5 -1
package/dist/tools/NotebookEditTool/NotebookEditTool.js.map +2 -2
package/dist/tools/NotebookReadTool/NotebookReadTool.js +8 -4
package/dist/tools/NotebookReadTool/NotebookReadTool.js.map +2 -2
package/dist/tools/PlanModeTool/EnterPlanModeTool.js +74 -0
package/dist/tools/PlanModeTool/EnterPlanModeTool.js.map +7 -0
package/dist/tools/PlanModeTool/ExitPlanModeTool.js +108 -0
package/dist/tools/PlanModeTool/ExitPlanModeTool.js.map +7 -0
package/dist/tools/PlanModeTool/prompt.js +94 -0
package/dist/tools/PlanModeTool/prompt.js.map +7 -0
package/dist/tools/ReadMcpResourceTool/ReadMcpResourceTool.js +130 -0
package/dist/tools/ReadMcpResourceTool/ReadMcpResourceTool.js.map +7 -0
package/dist/tools/ReadMcpResourceTool/prompt.js +17 -0
package/dist/tools/ReadMcpResourceTool/prompt.js.map +7 -0
package/dist/tools/SkillTool/SkillTool.js +14 -3
package/dist/tools/SkillTool/SkillTool.js.map +2 -2
package/dist/tools/SlashCommandTool/SlashCommandTool.js +260 -0
package/dist/tools/SlashCommandTool/SlashCommandTool.js.map +7 -0
package/dist/tools/SlashCommandTool/prompt.js +35 -0
package/dist/tools/SlashCommandTool/prompt.js.map +7 -0
package/dist/tools/TaskOutputTool/TaskOutputTool.js +189 -0
package/dist/tools/TaskOutputTool/TaskOutputTool.js.map +7 -0
package/dist/tools/TaskOutputTool/prompt.js +15 -0
package/dist/tools/TaskOutputTool/prompt.js.map +7 -0
package/dist/tools/TaskTool/TaskTool.js +321 -146
package/dist/tools/TaskTool/TaskTool.js.map +2 -2
package/dist/tools/TaskTool/prompt.js.map +2 -2
package/dist/tools/TodoWriteTool/TodoWriteTool.js +42 -73
package/dist/tools/TodoWriteTool/TodoWriteTool.js.map +2 -2
package/dist/tools/URLFetcherTool/URLFetcherTool.js +7 -1
package/dist/tools/URLFetcherTool/URLFetcherTool.js.map +2 -2
package/dist/tools/URLFetcherTool/cache.js +55 -8
package/dist/tools/URLFetcherTool/cache.js.map +2 -2
package/dist/tools/WebSearchTool/WebSearchTool.js +6 -1
package/dist/tools/WebSearchTool/WebSearchTool.js.map +2 -2
package/dist/tools.js +31 -2
package/dist/tools.js.map +2 -2
package/dist/types/hooks.js +4 -0
package/dist/types/hooks.js.map +2 -2
package/dist/types/marketplace.js.map +2 -2
package/dist/types/messageGroup.js +36 -0
package/dist/types/messageGroup.js.map +7 -0
package/dist/types/plugin.js.map +2 -2
package/dist/types/thinking.js +1 -0
package/dist/types/thinking.js.map +7 -0
package/dist/utils/BackgroundShellManager.js +136 -39
package/dist/utils/BackgroundShellManager.js.map +2 -2
package/dist/utils/MessageBatchBuffer.js +102 -0
package/dist/utils/MessageBatchBuffer.js.map +7 -0
package/dist/utils/PersistentShell.js +151 -1
package/dist/utils/PersistentShell.js.map +2 -2
package/dist/utils/agentLoader.js +1 -23
package/dist/utils/agentLoader.js.map +2 -2
package/dist/utils/agentTranscripts.js +641 -0
package/dist/utils/agentTranscripts.js.map +7 -0
package/dist/utils/animationManager.js +213 -0
package/dist/utils/animationManager.js.map +7 -0
package/dist/utils/animationSync.js +110 -0
package/dist/utils/animationSync.js.map +7 -0
package/dist/utils/asyncFile.js +215 -0
package/dist/utils/asyncFile.js.map +7 -0
package/dist/utils/backgroundAgentManager.js +231 -0
package/dist/utils/backgroundAgentManager.js.map +7 -0
package/dist/utils/config.js +63 -7
package/dist/utils/config.js.map +2 -2
package/dist/utils/conversationRecovery.js +19 -0
package/dist/utils/conversationRecovery.js.map +2 -2
package/dist/utils/exit.js +73 -0
package/dist/utils/exit.js.map +7 -0
package/dist/utils/format.js +73 -5
package/dist/utils/format.js.map +2 -2
package/dist/utils/generators.js +76 -6
package/dist/utils/generators.js.map +2 -2
package/dist/utils/globalErrorHandler.js +149 -0
package/dist/utils/globalErrorHandler.js.map +7 -0
package/dist/utils/groupHandlers/index.js +8 -0
package/dist/utils/groupHandlers/index.js.map +7 -0
package/dist/utils/groupHandlers/parallelTasksHandler.js +140 -0
package/dist/utils/groupHandlers/parallelTasksHandler.js.map +7 -0
package/dist/utils/groupHandlers/taskHandler.js +104 -0
package/dist/utils/groupHandlers/taskHandler.js.map +7 -0
package/dist/utils/groupHandlers/types.js +1 -0
package/dist/utils/groupHandlers/types.js.map +7 -0
package/dist/utils/logRotation.js +224 -0
package/dist/utils/logRotation.js.map +7 -0
package/dist/utils/marketplaceManager.js +3 -5
package/dist/utils/marketplaceManager.js.map +2 -2
package/dist/utils/memSafety.js +264 -0
package/dist/utils/memSafety.js.map +7 -0
package/dist/utils/messageGroupManager.js +274 -0
package/dist/utils/messageGroupManager.js.map +7 -0
package/dist/utils/messages.js +13 -4
package/dist/utils/messages.js.map +2 -2
package/dist/utils/model.js +119 -15
package/dist/utils/model.js.map +3 -3
package/dist/utils/permissions/filesystem.js +157 -5
package/dist/utils/permissions/filesystem.js.map +2 -2
package/dist/utils/plan/planMode.js +143 -0
package/dist/utils/plan/planMode.js.map +7 -0
package/dist/utils/pluginLoader.js +17 -21
package/dist/utils/pluginLoader.js.map +2 -2
package/dist/utils/ripgrep.js +55 -2
package/dist/utils/ripgrep.js.map +2 -2
package/dist/utils/sanitizeInput.js +32 -0
package/dist/utils/sanitizeInput.js.map +7 -0
package/dist/utils/secureKeyStorage.js +312 -0
package/dist/utils/secureKeyStorage.js.map +7 -0
package/dist/utils/session/sessionPlugins.js +67 -0
package/dist/utils/session/sessionPlugins.js.map +7 -0
package/dist/utils/taskDisplayUtils.js +257 -0
package/dist/utils/taskDisplayUtils.js.map +7 -0
package/dist/utils/teamConfig.js +2 -1
package/dist/utils/teamConfig.js.map +2 -2
package/dist/utils/todoStorage.js +92 -2
package/dist/utils/todoStorage.js.map +2 -2
package/dist/utils/toolTimeout.js +136 -0
package/dist/utils/toolTimeout.js.map +7 -0
package/dist/utils/tooling/safeRender.js +115 -0
package/dist/utils/tooling/safeRender.js.map +7 -0
package/dist/utils/userFriendlyError.js +346 -0
package/dist/utils/userFriendlyError.js.map +7 -0
package/dist/utils/vendor/ripgrep/arm64-darwin/rg +0 -0
package/dist/version.js +2 -2
package/dist/version.js.map +1 -1
package/package.json +14 -4
package/scripts/postinstall.js +128 -38
package/dist/commands/agents.js +0 -2086
package/dist/commands/agents.js.map +0 -7
package/dist/commands/build.js +0 -74
package/dist/commands/build.js.map +0 -7
package/dist/commands/compression.js +0 -57
package/dist/commands/compression.js.map +0 -7
package/dist/commands/listen.js +0 -37
package/dist/commands/listen.js.map +0 -7
package/dist/commands/login.js +0 -37
package/dist/commands/login.js.map +0 -7
package/dist/commands/logout.js +0 -33
package/dist/commands/logout.js.map +0 -7
package/dist/commands/mcp.js +0 -40
package/dist/commands/mcp.js.map +0 -7
package/dist/commands/mcp_refresh.js +0 -40
package/dist/commands/mcp_refresh.js.map +0 -7
package/dist/commands/modelstatus.js +0 -21
package/dist/commands/modelstatus.js.map +0 -7
package/dist/commands/onboarding.js +0 -36
package/dist/commands/onboarding.js.map +0 -7
package/dist/commands/plugin-interactive.js +0 -446
package/dist/commands/plugin-interactive.js.map +0 -7
package/dist/commands/pr_comments.js +0 -61
package/dist/commands/pr_comments.js.map +0 -7
package/dist/commands/release-notes.js +0 -30
package/dist/commands/release-notes.js.map +0 -7
package/dist/commands/review.js +0 -51
package/dist/commands/review.js.map +0 -7
package/dist/components/Bug.js +0 -147
package/dist/components/Bug.js.map +0 -7
package/dist/components/ModelSelector.js +0 -2062
package/dist/components/ModelSelector.js.map +0 -7
package/dist/components/ModelStatusDisplay.js +0 -87
package/dist/components/ModelStatusDisplay.js.map +0 -7
package/dist/entrypoints/cli-wrapper.js +0 -61
package/dist/entrypoints/cli-wrapper.js.map +0 -7
package/dist/screens/Doctor.js +0 -22
package/dist/screens/Doctor.js.map +0 -7

package/dist/core/permissions/rules/safeModeRule.js ADDED Viewed

@@ -0,0 +1,65 @@
+const RESTRICTED_TOOLS = /* @__PURE__ */ new Set([
+  "Bash",
+  // Can execute arbitrary commands
+  "KillShell"
+  // Can kill processes
+]);
+const DANGEROUS_COMMAND_PATTERNS = [
+  /rm\s+-rf?\s+\//,
+  // rm -rf /
+  /sudo\s+/,
+  // sudo commands
+  /mkfs/,
+  // formatting
+  /dd\s+if=/,
+  // disk operations
+  /:\s*\(\)\s*\{\s*:\|:\s*&\s*\}/,
+  // fork bomb
+  /shutdown|reboot|poweroff/i,
+  // system control
+  /chmod\s+777/,
+  // overly permissive chmod
+  /curl.*\|\s*(bash|sh)/,
+  // piped scripts
+  /wget.*\|\s*(bash|sh)/
+  // piped scripts
+];
+const safeModeRule = {
+  name: "safe-mode",
+  description: "Restricts dangerous operations in safe mode",
+  priority: 90,
+  // High priority, but below plan mode
+  check(context) {
+    if (!context.safeMode) {
+      return { allowed: true };
+    }
+    const toolName = context.tool.name;
+    if (toolName === "Bash") {
+      const command = context.input.command;
+      if (command) {
+        for (const pattern of DANGEROUS_COMMAND_PATTERNS) {
+          if (pattern.test(command)) {
+            return {
+              allowed: false,
+              reason: `Command matches dangerous pattern in safe mode`,
+              message: `This command is blocked in safe mode for security reasons.`
+            };
+          }
+        }
+      }
+    }
+    if (RESTRICTED_TOOLS.has(toolName)) {
+      return {
+        allowed: true,
+        // Allow but mark for prompting
+        promptUser: true,
+        message: `Tool ${toolName} requires approval in safe mode`
+      };
+    }
+    return { allowed: true };
+  }
+};
+export {
+  safeModeRule
+};
+//# sourceMappingURL=safeModeRule.js.map

package/dist/core/permissions/rules/safeModeRule.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/core/permissions/rules/safeModeRule.ts"],
+  "sourcesContent": ["/**\n * Safe Mode Permission Rule\n *\n * Restricts dangerous operations when in safe mode.\n */\n\nimport type {\n  PermissionRule,\n  PermissionContext,\n  PermissionResult,\n} from '../engine/types'\n\n/**\n * Tools that are restricted in safe mode\n */\nconst RESTRICTED_TOOLS = new Set([\n  'Bash', // Can execute arbitrary commands\n  'KillShell', // Can kill processes\n])\n\n/**\n * Dangerous bash command patterns\n */\nconst DANGEROUS_COMMAND_PATTERNS = [\n  /rm\\s+-rf?\\s+\\//, // rm -rf /\n  /sudo\\s+/, // sudo commands\n  /mkfs/, // formatting\n  /dd\\s+if=/, // disk operations\n  /:\\s*\\(\\)\\s*\\{\\s*:\\|:\\s*&\\s*\\}/, // fork bomb\n  /shutdown|reboot|poweroff/i, // system control\n  /chmod\\s+777/, // overly permissive chmod\n  /curl.*\\|\\s*(bash|sh)/, // piped scripts\n  /wget.*\\|\\s*(bash|sh)/, // piped scripts\n]\n\n/**\n * Safe Mode Rule\n *\n * Restricts potentially dangerous operations.\n */\nexport const safeModeRule: PermissionRule = {\n  name: 'safe-mode',\n  description: 'Restricts dangerous operations in safe mode',\n  priority: 90, // High priority, but below plan mode\n\n  check(context: PermissionContext): PermissionResult {\n    // Skip if not in safe mode\n    if (!context.safeMode) {\n      return { allowed: true }\n    }\n\n    const toolName = context.tool.name\n\n    // Check bash commands specifically\n    if (toolName === 'Bash') {\n      const command = context.input.command as string | undefined\n      if (command) {\n        for (const pattern of DANGEROUS_COMMAND_PATTERNS) {\n          if (pattern.test(command)) {\n            return {\n              allowed: false,\n              reason: `Command matches dangerous pattern in safe mode`,\n              message: `This command is blocked in safe mode for security reasons.`,\n            }\n          }\n        }\n      }\n    }\n\n    // Restricted tools require explicit approval in safe mode\n    if (RESTRICTED_TOOLS.has(toolName)) {\n      return {\n        allowed: true, // Allow but mark for prompting\n        promptUser: true,\n        message: `Tool ${toolName} requires approval in safe mode`,\n      }\n    }\n\n    return { allowed: true }\n  },\n}\n"],
+  "mappings": "AAeA,MAAM,mBAAmB,oBAAI,IAAI;AAAA,EAC/B;AAAA;AAAA,EACA;AAAA;AACF,CAAC;AAKD,MAAM,6BAA6B;AAAA,EACjC;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAOO,MAAM,eAA+B;AAAA,EAC1C,MAAM;AAAA,EACN,aAAa;AAAA,EACb,UAAU;AAAA;AAAA,EAEV,MAAM,SAA8C;AAElD,QAAI,CAAC,QAAQ,UAAU;AACrB,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAEA,UAAM,WAAW,QAAQ,KAAK;AAG9B,QAAI,aAAa,QAAQ;AACvB,YAAM,UAAU,QAAQ,MAAM;AAC9B,UAAI,SAAS;AACX,mBAAW,WAAW,4BAA4B;AAChD,cAAI,QAAQ,KAAK,OAAO,GAAG;AACzB,mBAAO;AAAA,cACL,SAAS;AAAA,cACT,QAAQ;AAAA,cACR,SAAS;AAAA,YACX;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,QAAI,iBAAiB,IAAI,QAAQ,GAAG;AAClC,aAAO;AAAA,QACL,SAAS;AAAA;AAAA,QACT,YAAY;AAAA,QACZ,SAAS,QAAQ,QAAQ;AAAA,MAC3B;AAAA,IACF;AAEA,WAAO,EAAE,SAAS,KAAK;AAAA,EACzB;AACF;",
+  "names": []
+}

package/dist/core/permissions/rules/sensitivePathsRule.js ADDED Viewed

@@ -0,0 +1,340 @@
+import { resolve, normalize } from "path";
+import { homedir } from "os";
+const SENSITIVE_PATHS = [
+  // SSH
+  {
+    pattern: "~/.ssh/*",
+    category: "ssh",
+    description: "SSH keys and configuration",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "~/.ssh",
+    category: "ssh",
+    description: "SSH directory",
+    operations: ["write", "delete"]
+  },
+  // Credentials
+  {
+    pattern: "~/.aws/*",
+    category: "cloud",
+    description: "AWS credentials and configuration",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "~/.config/gcloud/*",
+    category: "cloud",
+    description: "Google Cloud credentials",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "~/.azure/*",
+    category: "cloud",
+    description: "Azure credentials",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "~/.config/gh/*",
+    category: "credentials",
+    description: "GitHub CLI credentials",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "~/.docker/config.json",
+    category: "credentials",
+    description: "Docker registry credentials",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "~/.npmrc",
+    category: "credentials",
+    description: "NPM credentials",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "~/.netrc",
+    category: "credentials",
+    description: "Network credentials",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "~/.gnupg/*",
+    category: "credentials",
+    description: "GPG keys and configuration",
+    operations: ["read", "write", "delete"]
+  },
+  // Development secrets
+  {
+    pattern: "**/.env",
+    category: "development",
+    description: "Environment variables file",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "**/.env.*",
+    category: "development",
+    description: "Environment variables file",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "**/credentials.json",
+    category: "development",
+    description: "Credentials file",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "**/secrets.json",
+    category: "development",
+    description: "Secrets file",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "**/secrets.yaml",
+    category: "development",
+    description: "Secrets file",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "**/secrets.yml",
+    category: "development",
+    description: "Secrets file",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "**/*.pem",
+    category: "credentials",
+    description: "Private key file",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "**/*.key",
+    category: "credentials",
+    description: "Private key file",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "**/id_rsa",
+    category: "ssh",
+    description: "SSH private key",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "**/id_ed25519",
+    category: "ssh",
+    description: "SSH private key",
+    operations: ["read", "write", "delete"]
+  },
+  // Browser data
+  {
+    pattern: "~/Library/Application Support/Google/Chrome/*",
+    category: "browser",
+    description: "Chrome browser data",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "~/Library/Application Support/Firefox/*",
+    category: "browser",
+    description: "Firefox browser data",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "~/.config/google-chrome/*",
+    category: "browser",
+    description: "Chrome browser data (Linux)",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "~/.mozilla/firefox/*",
+    category: "browser",
+    description: "Firefox browser data (Linux)",
+    operations: ["read", "write", "delete"]
+  },
+  // System configuration
+  {
+    pattern: "/etc/passwd",
+    category: "system",
+    description: "System user database",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "/etc/shadow",
+    category: "system",
+    description: "System password hashes",
+    alwaysBlock: true,
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "/etc/sudoers",
+    category: "system",
+    description: "Sudo configuration",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "/etc/hosts",
+    category: "system",
+    description: "Host file",
+    operations: ["write", "delete"]
+  },
+  // Cryptocurrency wallets
+  {
+    pattern: "~/.bitcoin/*",
+    category: "wallet",
+    description: "Bitcoin wallet",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "~/.ethereum/*",
+    category: "wallet",
+    description: "Ethereum wallet",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "**/*wallet*.json",
+    category: "wallet",
+    description: "Wallet file",
+    operations: ["read", "write", "delete"]
+  },
+  {
+    pattern: "**/*keystore*",
+    category: "wallet",
+    description: "Keystore file",
+    operations: ["read", "write", "delete"]
+  },
+  // Minto/Claude configuration (protect our own config)
+  {
+    pattern: "~/.minto.json",
+    category: "credentials",
+    description: "Minto global configuration (may contain API keys)",
+    operations: ["delete"]
+    // Only protect delete, read/write allowed for config
+  }
+];
+function expandPath(pattern) {
+  const home = homedir();
+  let expanded = pattern.replace(/^~/, home);
+  return normalize(expanded);
+}
+function patternToRegex(pattern) {
+  const expanded = expandPath(pattern);
+  let regex = expanded.replace(/[.+?^${}()|[\]\\]/g, "\\$&").replace(/\*\*/g, "<<<DOUBLESTAR>>>").replace(/\*/g, "[^/]*").replace(/<<<DOUBLESTAR>>>/g, ".*");
+  return new RegExp(`^${regex}$`, "i");
+}
+function matchesSensitivePath(filePath, sensitivePath) {
+  const normalizedPath = normalize(resolve(filePath));
+  const regex = patternToRegex(sensitivePath.pattern);
+  return regex.test(normalizedPath);
+}
+function getOperationType(toolName, input) {
+  switch (toolName) {
+    case "Read":
+    case "FileRead":
+    case "Glob":
+    case "Grep":
+      return "read";
+    case "Write":
+    case "FileWrite":
+    case "Edit":
+    case "FileEdit":
+    case "MultiEdit":
+    case "NotebookEdit":
+      return "write";
+    case "Bash": {
+      const command = input.command || "";
+      if (/\b(rm|del|rmdir|unlink)\b/.test(command)) {
+        return "delete";
+      }
+      if (/\b(mv|cp|touch|mkdir|echo\s+.*>|cat\s+.*>|tee)\b/.test(command)) {
+        return "write";
+      }
+      if (/\b(cat|head|tail|less|more|grep|find|ls)\b/.test(command)) {
+        return "read";
+      }
+      return "execute";
+    }
+    default:
+      return null;
+  }
+}
+function extractFilePath(toolName, input) {
+  if (input.file_path) return input.file_path;
+  if (input.filePath) return input.filePath;
+  if (input.path) return input.path;
+  if (toolName === "Bash") {
+    const command = input.command || "";
+    const pathMatch = command.match(
+      /(?:cat|rm|mv|cp|head|tail|less|more|touch|mkdir)\s+["']?([^\s"'|&;>]+)/
+    );
+    if (pathMatch) {
+      return pathMatch[1] || null;
+    }
+  }
+  return null;
+}
+function findMatchingSensitivePaths(filePath, operation) {
+  return SENSITIVE_PATHS.filter((sp) => {
+    if (sp.operations && !sp.operations.includes(operation)) {
+      return false;
+    }
+    return matchesSensitivePath(filePath, sp);
+  });
+}
+const sensitivePathsRule = {
+  name: "sensitive-paths",
+  description: "Protects sensitive paths from unauthorized access",
+  priority: 100,
+  // Highest priority - checked before all other rules
+  check(context) {
+    const toolName = context.tool.name;
+    const input = context.input;
+    const operation = getOperationType(toolName, input);
+    if (!operation) {
+      return { allowed: true };
+    }
+    const filePath = extractFilePath(toolName, input);
+    if (!filePath) {
+      return { allowed: true };
+    }
+    const matches = findMatchingSensitivePaths(filePath, operation);
+    if (matches.length === 0) {
+      return { allowed: true };
+    }
+    const blocked = matches.find((m) => m.alwaysBlock);
+    if (blocked) {
+      return {
+        allowed: false,
+        reason: `Access to ${blocked.description} is blocked for security`,
+        message: `\u{1F512} Access denied: ${blocked.description} (${blocked.category})`
+      };
+    }
+    const categories = [...new Set(matches.map((m) => m.category))];
+    const descriptions = matches.map((m) => m.description).join(", ");
+    return {
+      allowed: false,
+      promptUser: true,
+      reason: `Sensitive path access requires confirmation`,
+      message: `\u26A0\uFE0F Sensitive ${operation} operation on: ${descriptions}
+Categories: ${categories.join(", ")}`,
+      permissionKey: `SensitivePath(${operation}:${filePath})`
+    };
+  }
+};
+function isSensitivePath(filePath, operation = "read") {
+  return findMatchingSensitivePaths(filePath, operation).length > 0;
+}
+function getSensitivePathInfo(filePath) {
+  for (const sp of SENSITIVE_PATHS) {
+    if (matchesSensitivePath(filePath, sp)) {
+      return sp;
+    }
+  }
+  return null;
+}
+export {
+  SENSITIVE_PATHS,
+  findMatchingSensitivePaths,
+  getSensitivePathInfo,
+  isSensitivePath,
+  matchesSensitivePath,
+  sensitivePathsRule
+};
+//# sourceMappingURL=sensitivePathsRule.js.map

package/dist/core/permissions/rules/sensitivePathsRule.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../../src/core/permissions/rules/sensitivePathsRule.ts"],
+  "sourcesContent": ["/**\n * Sensitive Paths Protection Rule\n *\n * Always requires explicit authorization for operations on sensitive paths,\n * regardless of other permissions. These paths contain sensitive data that\n * should never be accessed without user awareness.\n */\n\nimport type {\n  PermissionRule,\n  PermissionContext,\n  PermissionResult,\n} from '../engine/types'\nimport { resolve, normalize } from 'path'\nimport { homedir } from 'os'\n\n/**\n * Categories of sensitive paths with different protection levels\n */\nexport type SensitivePathCategory =\n  | 'credentials' // API keys, passwords, tokens\n  | 'ssh' // SSH keys and config\n  | 'system' // System configuration files\n  | 'browser' // Browser data (cookies, history, passwords)\n  | 'cloud' // Cloud provider credentials\n  | 'development' // Development secrets (env files, etc.)\n  | 'wallet' // Cryptocurrency wallets\n\n/**\n * Sensitive path definition\n */\nexport interface SensitivePath {\n  /** Pattern to match (supports * wildcards) */\n  pattern: string\n  /** Category of sensitive data */\n  category: SensitivePathCategory\n  /** Human-readable description */\n  description: string\n  /** Whether this path is always blocked (vs requiring confirmation) */\n  alwaysBlock?: boolean\n  /** Applicable operations (read, write, delete, execute) */\n  operations?: ('read' | 'write' | 'delete' | 'execute')[]\n}\n\n/**\n * Default sensitive paths list\n */\nexport const SENSITIVE_PATHS: SensitivePath[] = [\n  // SSH\n  {\n    pattern: '~/.ssh/*',\n    category: 'ssh',\n    description: 'SSH keys and configuration',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '~/.ssh',\n    category: 'ssh',\n    description: 'SSH directory',\n    operations: ['write', 'delete'],\n  },\n\n  // Credentials\n  {\n    pattern: '~/.aws/*',\n    category: 'cloud',\n    description: 'AWS credentials and configuration',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '~/.config/gcloud/*',\n    category: 'cloud',\n    description: 'Google Cloud credentials',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '~/.azure/*',\n    category: 'cloud',\n    description: 'Azure credentials',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '~/.config/gh/*',\n    category: 'credentials',\n    description: 'GitHub CLI credentials',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '~/.docker/config.json',\n    category: 'credentials',\n    description: 'Docker registry credentials',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '~/.npmrc',\n    category: 'credentials',\n    description: 'NPM credentials',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '~/.netrc',\n    category: 'credentials',\n    description: 'Network credentials',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '~/.gnupg/*',\n    category: 'credentials',\n    description: 'GPG keys and configuration',\n    operations: ['read', 'write', 'delete'],\n  },\n\n  // Development secrets\n  {\n    pattern: '**/.env',\n    category: 'development',\n    description: 'Environment variables file',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '**/.env.*',\n    category: 'development',\n    description: 'Environment variables file',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '**/credentials.json',\n    category: 'development',\n    description: 'Credentials file',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '**/secrets.json',\n    category: 'development',\n    description: 'Secrets file',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '**/secrets.yaml',\n    category: 'development',\n    description: 'Secrets file',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '**/secrets.yml',\n    category: 'development',\n    description: 'Secrets file',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '**/*.pem',\n    category: 'credentials',\n    description: 'Private key file',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '**/*.key',\n    category: 'credentials',\n    description: 'Private key file',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '**/id_rsa',\n    category: 'ssh',\n    description: 'SSH private key',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '**/id_ed25519',\n    category: 'ssh',\n    description: 'SSH private key',\n    operations: ['read', 'write', 'delete'],\n  },\n\n  // Browser data\n  {\n    pattern: '~/Library/Application Support/Google/Chrome/*',\n    category: 'browser',\n    description: 'Chrome browser data',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '~/Library/Application Support/Firefox/*',\n    category: 'browser',\n    description: 'Firefox browser data',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '~/.config/google-chrome/*',\n    category: 'browser',\n    description: 'Chrome browser data (Linux)',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '~/.mozilla/firefox/*',\n    category: 'browser',\n    description: 'Firefox browser data (Linux)',\n    operations: ['read', 'write', 'delete'],\n  },\n\n  // System configuration\n  {\n    pattern: '/etc/passwd',\n    category: 'system',\n    description: 'System user database',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '/etc/shadow',\n    category: 'system',\n    description: 'System password hashes',\n    alwaysBlock: true,\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '/etc/sudoers',\n    category: 'system',\n    description: 'Sudo configuration',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '/etc/hosts',\n    category: 'system',\n    description: 'Host file',\n    operations: ['write', 'delete'],\n  },\n\n  // Cryptocurrency wallets\n  {\n    pattern: '~/.bitcoin/*',\n    category: 'wallet',\n    description: 'Bitcoin wallet',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '~/.ethereum/*',\n    category: 'wallet',\n    description: 'Ethereum wallet',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '**/*wallet*.json',\n    category: 'wallet',\n    description: 'Wallet file',\n    operations: ['read', 'write', 'delete'],\n  },\n  {\n    pattern: '**/*keystore*',\n    category: 'wallet',\n    description: 'Keystore file',\n    operations: ['read', 'write', 'delete'],\n  },\n\n  // Minto/Claude configuration (protect our own config)\n  {\n    pattern: '~/.minto.json',\n    category: 'credentials',\n    description: 'Minto global configuration (may contain API keys)',\n    operations: ['delete'], // Only protect delete, read/write allowed for config\n  },\n]\n\n/**\n * Expand ~ to home directory and normalize path\n */\nfunction expandPath(pattern: string): string {\n  const home = homedir()\n  let expanded = pattern.replace(/^~/, home)\n  return normalize(expanded)\n}\n\n/**\n * Convert glob pattern to regex\n */\nfunction patternToRegex(pattern: string): RegExp {\n  const expanded = expandPath(pattern)\n  // Escape special regex characters except * and **\n  let regex = expanded\n    .replace(/[.+?^${}()|[\\]\\\\]/g, '\\\\$&')\n    .replace(/\\*\\*/g, '<<<DOUBLESTAR>>>')\n    .replace(/\\*/g, '[^/]*')\n    .replace(/<<<DOUBLESTAR>>>/g, '.*')\n\n  return new RegExp(`^${regex}$`, 'i')\n}\n\n/**\n * Check if a path matches a sensitive path pattern\n */\nexport function matchesSensitivePath(\n  filePath: string,\n  sensitivePath: SensitivePath,\n): boolean {\n  const normalizedPath = normalize(resolve(filePath))\n  const regex = patternToRegex(sensitivePath.pattern)\n  return regex.test(normalizedPath)\n}\n\n/**\n * Get operation type from tool name and input\n */\nfunction getOperationType(\n  toolName: string,\n  input: Record<string, unknown>,\n): 'read' | 'write' | 'delete' | 'execute' | null {\n  switch (toolName) {\n    case 'Read':\n    case 'FileRead':\n    case 'Glob':\n    case 'Grep':\n      return 'read'\n    case 'Write':\n    case 'FileWrite':\n    case 'Edit':\n    case 'FileEdit':\n    case 'MultiEdit':\n    case 'NotebookEdit':\n      return 'write'\n    case 'Bash': {\n      const command = (input.command as string) || ''\n      // Check for delete commands\n      if (/\\b(rm|del|rmdir|unlink)\\b/.test(command)) {\n        return 'delete'\n      }\n      // Check for write commands\n      if (/\\b(mv|cp|touch|mkdir|echo\\s+.*>|cat\\s+.*>|tee)\\b/.test(command)) {\n        return 'write'\n      }\n      // Check for read commands\n      if (/\\b(cat|head|tail|less|more|grep|find|ls)\\b/.test(command)) {\n        return 'read'\n      }\n      return 'execute'\n    }\n    default:\n      return null\n  }\n}\n\n/**\n * Extract file path from tool input\n */\nfunction extractFilePath(\n  toolName: string,\n  input: Record<string, unknown>,\n): string | null {\n  // Direct file path tools\n  if (input.file_path) return input.file_path as string\n  if (input.filePath) return input.filePath as string\n  if (input.path) return input.path as string\n\n  // For Bash commands, try to extract file paths\n  if (toolName === 'Bash') {\n    const command = (input.command as string) || ''\n    // Simple extraction - look for paths after common commands\n    const pathMatch = command.match(\n      /(?:cat|rm|mv|cp|head|tail|less|more|touch|mkdir)\\s+[\"']?([^\\s\"'|&;>]+)/,\n    )\n    if (pathMatch) {\n      return pathMatch[1] || null\n    }\n  }\n\n  return null\n}\n\n/**\n * Find matching sensitive paths for a given file path and operation\n */\nexport function findMatchingSensitivePaths(\n  filePath: string,\n  operation: 'read' | 'write' | 'delete' | 'execute',\n): SensitivePath[] {\n  return SENSITIVE_PATHS.filter(sp => {\n    // Check if operation is applicable\n    if (sp.operations && !sp.operations.includes(operation)) {\n      return false\n    }\n    return matchesSensitivePath(filePath, sp)\n  })\n}\n\n/**\n * Sensitive Paths Rule\n *\n * Always prompts for sensitive paths, even if other permissions are granted.\n */\nexport const sensitivePathsRule: PermissionRule = {\n  name: 'sensitive-paths',\n  description: 'Protects sensitive paths from unauthorized access',\n  priority: 100, // Highest priority - checked before all other rules\n\n  check(context: PermissionContext): PermissionResult {\n    const toolName = context.tool.name\n    const input = context.input\n\n    // Get operation type\n    const operation = getOperationType(toolName, input)\n    if (!operation) {\n      return { allowed: true }\n    }\n\n    // Extract file path\n    const filePath = extractFilePath(toolName, input)\n    if (!filePath) {\n      return { allowed: true }\n    }\n\n    // Find matching sensitive paths\n    const matches = findMatchingSensitivePaths(filePath, operation)\n    if (matches.length === 0) {\n      return { allowed: true }\n    }\n\n    // Check if any match is always blocked\n    const blocked = matches.find(m => m.alwaysBlock)\n    if (blocked) {\n      return {\n        allowed: false,\n        reason: `Access to ${blocked.description} is blocked for security`,\n        message: `\uD83D\uDD12 Access denied: ${blocked.description} (${blocked.category})`,\n      }\n    }\n\n    // Require explicit user confirmation for sensitive paths\n    const categories = [...new Set(matches.map(m => m.category))]\n    const descriptions = matches.map(m => m.description).join(', ')\n\n    return {\n      allowed: false,\n      promptUser: true,\n      reason: `Sensitive path access requires confirmation`,\n      message: `\u26A0\uFE0F Sensitive ${operation} operation on: ${descriptions}\\nCategories: ${categories.join(', ')}`,\n      permissionKey: `SensitivePath(${operation}:${filePath})`,\n    }\n  },\n}\n\n/**\n * Check if a path is sensitive (utility function for external use)\n */\nexport function isSensitivePath(\n  filePath: string,\n  operation: 'read' | 'write' | 'delete' | 'execute' = 'read',\n): boolean {\n  return findMatchingSensitivePaths(filePath, operation).length > 0\n}\n\n/**\n * Get sensitive path info for a file\n */\nexport function getSensitivePathInfo(filePath: string): SensitivePath | null {\n  for (const sp of SENSITIVE_PATHS) {\n    if (matchesSensitivePath(filePath, sp)) {\n      return sp\n    }\n  }\n  return null\n}\n"],
+  "mappings": "AAaA,SAAS,SAAS,iBAAiB;AACnC,SAAS,eAAe;AAiCjB,MAAM,kBAAmC;AAAA;AAAA,EAE9C;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,SAAS,QAAQ;AAAA,EAChC;AAAA;AAAA,EAGA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA;AAAA,EAGA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA;AAAA,EAGA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA;AAAA,EAGA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,SAAS,QAAQ;AAAA,EAChC;AAAA;AAAA,EAGA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA,EACA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ,SAAS,QAAQ;AAAA,EACxC;AAAA;AAAA,EAGA;AAAA,IACE,SAAS;AAAA,IACT,UAAU;AAAA,IACV,aAAa;AAAA,IACb,YAAY,CAAC,QAAQ;AAAA;AAAA,EACvB;AACF;AAKA,SAAS,WAAW,SAAyB;AAC3C,QAAM,OAAO,QAAQ;AACrB,MAAI,WAAW,QAAQ,QAAQ,MAAM,IAAI;AACzC,SAAO,UAAU,QAAQ;AAC3B;AAKA,SAAS,eAAe,SAAyB;AAC/C,QAAM,WAAW,WAAW,OAAO;AAEnC,MAAI,QAAQ,SACT,QAAQ,sBAAsB,MAAM,EACpC,QAAQ,SAAS,kBAAkB,EACnC,QAAQ,OAAO,OAAO,EACtB,QAAQ,qBAAqB,IAAI;AAEpC,SAAO,IAAI,OAAO,IAAI,KAAK,KAAK,GAAG;AACrC;AAKO,SAAS,qBACd,UACA,eACS;AACT,QAAM,iBAAiB,UAAU,QAAQ,QAAQ,CAAC;AAClD,QAAM,QAAQ,eAAe,cAAc,OAAO;AAClD,SAAO,MAAM,KAAK,cAAc;AAClC;AAKA,SAAS,iBACP,UACA,OACgD;AAChD,UAAQ,UAAU;AAAA,IAChB,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,IACT,KAAK,QAAQ;AACX,YAAM,UAAW,MAAM,WAAsB;AAE7C,UAAI,4BAA4B,KAAK,OAAO,GAAG;AAC7C,eAAO;AAAA,MACT;AAEA,UAAI,mDAAmD,KAAK,OAAO,GAAG;AACpE,eAAO;AAAA,MACT;AAEA,UAAI,6CAA6C,KAAK,OAAO,GAAG;AAC9D,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT;AAAA,IACA;AACE,aAAO;AAAA,EACX;AACF;AAKA,SAAS,gBACP,UACA,OACe;AAEf,MAAI,MAAM,UAAW,QAAO,MAAM;AAClC,MAAI,MAAM,SAAU,QAAO,MAAM;AACjC,MAAI,MAAM,KAAM,QAAO,MAAM;AAG7B,MAAI,aAAa,QAAQ;AACvB,UAAM,UAAW,MAAM,WAAsB;AAE7C,UAAM,YAAY,QAAQ;AAAA,MACxB;AAAA,IACF;AACA,QAAI,WAAW;AACb,aAAO,UAAU,CAAC,KAAK;AAAA,IACzB;AAAA,EACF;AAEA,SAAO;AACT;AAKO,SAAS,2BACd,UACA,WACiB;AACjB,SAAO,gBAAgB,OAAO,QAAM;AAElC,QAAI,GAAG,cAAc,CAAC,GAAG,WAAW,SAAS,SAAS,GAAG;AACvD,aAAO;AAAA,IACT;AACA,WAAO,qBAAqB,UAAU,EAAE;AAAA,EAC1C,CAAC;AACH;AAOO,MAAM,qBAAqC;AAAA,EAChD,MAAM;AAAA,EACN,aAAa;AAAA,EACb,UAAU;AAAA;AAAA,EAEV,MAAM,SAA8C;AAClD,UAAM,WAAW,QAAQ,KAAK;AAC9B,UAAM,QAAQ,QAAQ;AAGtB,UAAM,YAAY,iBAAiB,UAAU,KAAK;AAClD,QAAI,CAAC,WAAW;AACd,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAGA,UAAM,WAAW,gBAAgB,UAAU,KAAK;AAChD,QAAI,CAAC,UAAU;AACb,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAGA,UAAM,UAAU,2BAA2B,UAAU,SAAS;AAC9D,QAAI,QAAQ,WAAW,GAAG;AACxB,aAAO,EAAE,SAAS,KAAK;AAAA,IACzB;AAGA,UAAM,UAAU,QAAQ,KAAK,OAAK,EAAE,WAAW;AAC/C,QAAI,SAAS;AACX,aAAO;AAAA,QACL,SAAS;AAAA,QACT,QAAQ,aAAa,QAAQ,WAAW;AAAA,QACxC,SAAS,4BAAqB,QAAQ,WAAW,KAAK,QAAQ,QAAQ;AAAA,MACxE;AAAA,IACF;AAGA,UAAM,aAAa,CAAC,GAAG,IAAI,IAAI,QAAQ,IAAI,OAAK,EAAE,QAAQ,CAAC,CAAC;AAC5D,UAAM,eAAe,QAAQ,IAAI,OAAK,EAAE,WAAW,EAAE,KAAK,IAAI;AAE9D,WAAO;AAAA,MACL,SAAS;AAAA,MACT,YAAY;AAAA,MACZ,QAAQ;AAAA,MACR,SAAS,0BAAgB,SAAS,kBAAkB,YAAY;AAAA,cAAiB,WAAW,KAAK,IAAI,CAAC;AAAA,MACtG,eAAe,iBAAiB,SAAS,IAAI,QAAQ;AAAA,IACvD;AAAA,EACF;AACF;AAKO,SAAS,gBACd,UACA,YAAqD,QAC5C;AACT,SAAO,2BAA2B,UAAU,SAAS,EAAE,SAAS;AAClE;AAKO,SAAS,qBAAqB,UAAwC;AAC3E,aAAW,MAAM,iBAAiB;AAChC,QAAI,qBAAqB,UAAU,EAAE,GAAG;AACtC,aAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;",
+  "names": []
+}

package/dist/core/permissions/types.js ADDED Viewed

@@ -0,0 +1,127 @@
+const DEFAULT_PERMISSION_RULES = [
+  // Deny dangerous operations
+  {
+    id: "deny-rm-rf",
+    pattern: "Bash(rm -rf*)",
+    decision: "deny",
+    scope: "global",
+    priority: 1,
+    description: "Block recursive force delete"
+  },
+  {
+    id: "deny-rm-force",
+    pattern: "Bash(rm -f*)",
+    decision: "deny",
+    scope: "global",
+    priority: 1,
+    description: "Block force delete"
+  },
+  {
+    id: "deny-env-files",
+    pattern: "Read(.env*)",
+    decision: "deny",
+    scope: "global",
+    priority: 1,
+    description: "Block reading .env files"
+  },
+  {
+    id: "deny-ssh-keys",
+    pattern: "Read(*.ssh*)",
+    decision: "deny",
+    scope: "global",
+    priority: 1,
+    description: "Block reading SSH keys"
+  },
+  {
+    id: "deny-credentials",
+    pattern: "Read(*credentials*)",
+    decision: "deny",
+    scope: "global",
+    priority: 1,
+    description: "Block reading credential files"
+  },
+  // Allow safe operations
+  {
+    id: "allow-git-status",
+    pattern: "Bash(git status*)",
+    decision: "allow",
+    scope: "global",
+    priority: 10,
+    description: "Allow git status"
+  },
+  {
+    id: "allow-git-diff",
+    pattern: "Bash(git diff*)",
+    decision: "allow",
+    scope: "global",
+    priority: 10,
+    description: "Allow git diff"
+  },
+  {
+    id: "allow-git-log",
+    pattern: "Bash(git log*)",
+    decision: "allow",
+    scope: "global",
+    priority: 10,
+    description: "Allow git log"
+  },
+  {
+    id: "allow-git-branch",
+    pattern: "Bash(git branch*)",
+    decision: "allow",
+    scope: "global",
+    priority: 10,
+    description: "Allow git branch"
+  },
+  {
+    id: "allow-ls",
+    pattern: "Bash(ls *)",
+    decision: "allow",
+    scope: "global",
+    priority: 10,
+    description: "Allow ls command"
+  },
+  {
+    id: "allow-npm-install",
+    pattern: "Bash(npm install*)",
+    decision: "allow",
+    scope: "global",
+    priority: 10,
+    description: "Allow npm install"
+  },
+  {
+    id: "allow-bun-install",
+    pattern: "Bash(bun install*)",
+    decision: "allow",
+    scope: "global",
+    priority: 10,
+    description: "Allow bun install"
+  },
+  // Ask for potentially dangerous operations
+  {
+    id: "ask-git-push",
+    pattern: "Bash(git push*)",
+    decision: "ask",
+    scope: "global",
+    priority: 20,
+    description: "Ask before git push"
+  },
+  {
+    id: "ask-git-commit",
+    pattern: "Bash(git commit*)",
+    decision: "ask",
+    scope: "global",
+    priority: 20,
+    description: "Ask before git commit"
+  }
+];
+const DEFAULT_PERMISSION_CONFIG = {
+  rules: DEFAULT_PERMISSION_RULES,
+  defaultDecision: "ask",
+  debug: false
+};
+export {
+  DEFAULT_PERMISSION_CONFIG,
+  DEFAULT_PERMISSION_RULES
+};
+//# sourceMappingURL=types.js.map

package/dist/core/permissions/types.js.map ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../../src/core/permissions/types.ts"],
+  "sourcesContent": ["/**\n * Permission Rule Engine Types\n *\n * Defines the types for the enhanced permission rules system with\n * pattern matching and rule priorities.\n */\n\n/**\n * Decision type for permission rules\n */\nexport type PermissionDecision = 'allow' | 'deny' | 'ask'\n\n/**\n * Scope for permission rules\n */\nexport type PermissionScope = 'global' | 'project'\n\n/**\n * Permission rule definition\n */\nexport interface PermissionRule {\n  /** Unique identifier for the rule */\n  id: string\n  /** Pattern to match tool use, supports wildcards */\n  pattern: string\n  /** Decision when pattern matches */\n  decision: PermissionDecision\n  /** Scope of the rule */\n  scope: PermissionScope\n  /** Priority (lower number = higher priority) */\n  priority: number\n  /** Optional description */\n  description?: string\n  /** When the rule was created */\n  createdAt?: number\n  /** Optional expiration timestamp */\n  expiresAt?: number\n}\n\n/**\n * Result of evaluating a permission rule\n */\nexport interface PermissionEvaluationResult {\n  /** The final decision */\n  decision: PermissionDecision\n  /** The rule that matched (null if default) */\n  matchedRule: PermissionRule | null\n  /** Debug info about the evaluation */\n  evaluationPath?: string[]\n}\n\n/**\n * Configuration for the permission rule engine\n */\nexport interface PermissionRulesConfig {\n  /** List of permission rules */\n  rules: PermissionRule[]\n  /** Default decision when no rule matches */\n  defaultDecision: PermissionDecision\n  /** Whether to enable rule evaluation debugging */\n  debug?: boolean\n}\n\n/**\n * Default permission rules configuration\n *\n * Pattern format:\n * - \"ToolName\" - matches any use of the tool\n * - \"ToolName(*)\" - matches any params (explicit)\n * - \"ToolName(exact)\" - matches exact param\n * - \"ToolName(prefix*)\" - matches prefix with any suffix\n *\n * For Bash, the param is the first two words of the command.\n * For Read/Edit, the param is the file path.\n */\nexport const DEFAULT_PERMISSION_RULES: PermissionRule[] = [\n  // Deny dangerous operations\n  {\n    id: 'deny-rm-rf',\n    pattern: 'Bash(rm -rf*)',\n    decision: 'deny',\n    scope: 'global',\n    priority: 1,\n    description: 'Block recursive force delete',\n  },\n  {\n    id: 'deny-rm-force',\n    pattern: 'Bash(rm -f*)',\n    decision: 'deny',\n    scope: 'global',\n    priority: 1,\n    description: 'Block force delete',\n  },\n  {\n    id: 'deny-env-files',\n    pattern: 'Read(.env*)',\n    decision: 'deny',\n    scope: 'global',\n    priority: 1,\n    description: 'Block reading .env files',\n  },\n  {\n    id: 'deny-ssh-keys',\n    pattern: 'Read(*.ssh*)',\n    decision: 'deny',\n    scope: 'global',\n    priority: 1,\n    description: 'Block reading SSH keys',\n  },\n  {\n    id: 'deny-credentials',\n    pattern: 'Read(*credentials*)',\n    decision: 'deny',\n    scope: 'global',\n    priority: 1,\n    description: 'Block reading credential files',\n  },\n  // Allow safe operations\n  {\n    id: 'allow-git-status',\n    pattern: 'Bash(git status*)',\n    decision: 'allow',\n    scope: 'global',\n    priority: 10,\n    description: 'Allow git status',\n  },\n  {\n    id: 'allow-git-diff',\n    pattern: 'Bash(git diff*)',\n    decision: 'allow',\n    scope: 'global',\n    priority: 10,\n    description: 'Allow git diff',\n  },\n  {\n    id: 'allow-git-log',\n    pattern: 'Bash(git log*)',\n    decision: 'allow',\n    scope: 'global',\n    priority: 10,\n    description: 'Allow git log',\n  },\n  {\n    id: 'allow-git-branch',\n    pattern: 'Bash(git branch*)',\n    decision: 'allow',\n    scope: 'global',\n    priority: 10,\n    description: 'Allow git branch',\n  },\n  {\n    id: 'allow-ls',\n    pattern: 'Bash(ls *)',\n    decision: 'allow',\n    scope: 'global',\n    priority: 10,\n    description: 'Allow ls command',\n  },\n  {\n    id: 'allow-npm-install',\n    pattern: 'Bash(npm install*)',\n    decision: 'allow',\n    scope: 'global',\n    priority: 10,\n    description: 'Allow npm install',\n  },\n  {\n    id: 'allow-bun-install',\n    pattern: 'Bash(bun install*)',\n    decision: 'allow',\n    scope: 'global',\n    priority: 10,\n    description: 'Allow bun install',\n  },\n  // Ask for potentially dangerous operations\n  {\n    id: 'ask-git-push',\n    pattern: 'Bash(git push*)',\n    decision: 'ask',\n    scope: 'global',\n    priority: 20,\n    description: 'Ask before git push',\n  },\n  {\n    id: 'ask-git-commit',\n    pattern: 'Bash(git commit*)',\n    decision: 'ask',\n    scope: 'global',\n    priority: 20,\n    description: 'Ask before git commit',\n  },\n]\n\n/**\n * Default permission configuration\n */\nexport const DEFAULT_PERMISSION_CONFIG: PermissionRulesConfig = {\n  rules: DEFAULT_PERMISSION_RULES,\n  defaultDecision: 'ask',\n  debug: false,\n}\n"],
+  "mappings": "AA2EO,MAAM,2BAA6C;AAAA;AAAA,EAExD;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA;AAAA,EAEA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA;AAAA,EAEA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,UAAU;AAAA,IACV,OAAO;AAAA,IACP,UAAU;AAAA,IACV,aAAa;AAAA,EACf;AACF;AAKO,MAAM,4BAAmD;AAAA,EAC9D,OAAO;AAAA,EACP,iBAAiB;AAAA,EACjB,OAAO;AACT;",
+  "names": []
+}