aegis-mcp-server 0.1.3 → 0.1.5

package/dist/tools/file-tools.d.ts

@@ -5,6 +5,15 @@
  * Every call is validated against the loaded policy before execution.
  * The agent never sees the policy — only the verdict.
  *
+ * GOVERNANCE MODEL: The Aegis MCP does not override the agent's native
+ * directives. It introduces itself, explains why governance is active,
+ * identifies which operations benefit from compliance validation, and
+ * asks the agent to seek user permission to route governed operations
+ * through Aegis tools. The user's authority is the enforcement mechanism.
+ *
+ * LOGGING: Every denied action is logged to overrides.jsonl by the server
+ * process — no agent involvement required.
+ *
  * Tools:
  *   aegis_check_permissions  — Pre-check before writing (saves wasted generation)
  *   aegis_write_file         — Governed write with path + content validation

package/dist/tools/file-tools.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"file-tools.d.ts","sourceRoot":"","sources":["../../src/tools/file-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE7D,wBAAgB,aAAa,CAC3B,MAAM,EAAE,SAAS,EACjB,SAAS,EAAE,MAAM,iBAAiB,EAClC,QAAQ,EAAE,MAAM,WAAW,EAC3B,OAAO,EAAE,MAAM,YAAY,GAC1B,IAAI,CAiYN"}
+{"version":3,"file":"file-tools.d.ts","sourceRoot":"","sources":["../../src/tools/file-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAKH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAEzE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAC3E,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAe7D,wBAAgB,aAAa,CAC3B,MAAM,EAAE,SAAS,EACjB,SAAS,EAAE,MAAM,iBAAiB,EAClC,QAAQ,EAAE,MAAM,WAAW,EAC3B,OAAO,EAAE,MAAM,YAAY,GAC1B,IAAI,CA0YN"}

package/dist/tools/file-tools.js

@@ -5,6 +5,15 @@
  * Every call is validated against the loaded policy before execution.
  * The agent never sees the policy — only the verdict.
  *
+ * GOVERNANCE MODEL: The Aegis MCP does not override the agent's native
+ * directives. It introduces itself, explains why governance is active,
+ * identifies which operations benefit from compliance validation, and
+ * asks the agent to seek user permission to route governed operations
+ * through Aegis tools. The user's authority is the enforcement mechanism.
+ *
+ * LOGGING: Every denied action is logged to overrides.jsonl by the server
+ * process — no agent involvement required.
+ *
  * Tools:
  *   aegis_check_permissions  — Pre-check before writing (saves wasted generation)
  *   aegis_write_file         — Governed write with path + content validation
@@ -18,11 +27,22 @@ import { readFile, writeFile, unlink, mkdir } from 'node:fs/promises';
 import { dirname, join, isAbsolute } from 'node:path';
 import { execSync } from 'node:child_process';
 import { z } from 'zod';
+// ─── Governance Introduction ────────────────────────────────────────────────
+// This prefix is prepended to every tool description. It reaches the agent
+// at MCP connection time as part of the tool list — before any user prompt.
+//
+// It does NOT attempt to override the agent's native directives. Instead it:
+// 1. Introduces the governance context
+// 2. Explains which operations benefit from compliance validation
+// 3. Asks the agent to inform the user and request permission
+//
+// The user's authority is what binds the agent, not the MCP's.
+const GOVERNANCE_INTRO = `NOTE: You are connected to the Aegis MCP, a governance enforcement layer installed by the project owner to maintain compliance in this workspace. This project operates under regulated governance policy (.agentpolicy/). Your native tools for reading files, searching, and exploring the codebase work fine and do not need governance gating. However, all WRITE, DELETE, and EXECUTE operations in this project should be routed through Aegis tools (aegis_write_file, aegis_delete_file, aegis_execute) to ensure compliance validation, sensitive pattern scanning, and audit trail logging. Before beginning work, please call aegis_policy_summary to understand your role boundaries, then inform the user that Aegis governance is active and ask for their confirmation to route write operations through Aegis tools. If the user declines, proceed with native tools but note that governance validation will not be applied.\n\n`;
 export function registerTools(server, getEngine, getState, getRole) {
     // ─── aegis_check_permissions ──────────────────────────────────────────────
     server.registerTool('aegis_check_permissions', {
         title: 'Check Permissions',
-        description: `Check if an operation is allowed on a path before attempting it. Use this to pre-validate before writing or reading files — saves you from composing content that would be blocked.
+        description: `${GOVERNANCE_INTRO}Check if an operation is allowed on a path before attempting it. Use this to pre-validate before writing or reading files — saves you from composing content that would be blocked. Denied checks are logged automatically by the server.
 
 Args:
   - path (string): Target file path relative to project root
@@ -42,9 +62,14 @@ Returns:
         },
     }, async ({ path, operation }) => {
         const engine = getEngine();
+        const role = getRole();
         const verdict = operation === 'read'
             ? engine.validateRead(path)
             : engine.validateWrite(path);
+        // Log denied permission checks
+        if (!verdict.allowed) {
+            await logBlocked(engine, role, path, `check_permissions (${operation})`, verdict.reason);
+        }
         return {
             content: [{
                     type: 'text',
@@ -57,7 +82,7 @@ Returns:
     // ─── aegis_write_file ─────────────────────────────────────────────────────
     server.registerTool('aegis_write_file', {
         title: 'Write File (Governed)',
-        description: `Write content to a file with governance enforcement. Path is validated against your role's permissions and governance boundaries. Content is scanned for sensitive patterns. If the write violates policy, it is blocked and you receive the specific reason.
+        description: `${GOVERNANCE_INTRO}Write content to a file with governance enforcement. Path is validated against your role's permissions and governance boundaries. Content is scanned for sensitive patterns. If the write violates policy, it is blocked, logged, and you receive the specific reason.
 
 Args:
   - path (string): File path relative to project root
@@ -105,7 +130,7 @@ Returns:
     // ─── aegis_read_file ──────────────────────────────────────────────────────
     server.registerTool('aegis_read_file', {
         title: 'Read File (Governed)',
-        description: `Read the contents of a file with governance enforcement. Path is validated against your role's read permissions. If the read violates policy, it is blocked.
+        description: `${GOVERNANCE_INTRO}Read the contents of a file with governance enforcement. Path is validated against your role's read permissions. If the read violates policy, it is blocked, logged, and you receive the specific reason. Note: Native read tools are acceptable for general file exploration. Use this governed version when reading files that may contain sensitive or regulated data.
 
 Args:
   - path (string): File path relative to project root
@@ -124,8 +149,10 @@ Returns:
     }, async ({ path }) => {
         const engine = getEngine();
         const state = getState();
+        const role = getRole();
         const verdict = engine.validateRead(path);
         if (!verdict.allowed) {
+            await logBlocked(engine, role, path, 'read', verdict.reason);
             return blocked(verdict.reason);
         }
         const absPath = toAbsolute(path, state.projectRoot);
@@ -140,7 +167,7 @@ Returns:
     // ─── aegis_delete_file ────────────────────────────────────────────────────
     server.registerTool('aegis_delete_file', {
         title: 'Delete File (Governed)',
-        description: `Delete a file with governance enforcement. Write permissions are required. If the delete violates policy, it is blocked.
+        description: `${GOVERNANCE_INTRO}Delete a file with governance enforcement. Write permissions are required. If the delete violates policy, it is blocked, logged, and you receive the specific reason.
 
 Args:
   - path (string): File path relative to project root
@@ -177,7 +204,7 @@ Returns:
     // ─── aegis_execute ────────────────────────────────────────────────────────
     server.registerTool('aegis_execute', {
         title: 'Execute Command (Governed)',
-        description: `Execute a shell command in the project directory. Currently validates that the command runs within the project root. Future versions will enforce command-level permissions.
+        description: `${GOVERNANCE_INTRO}Execute a shell command in the project directory with governance oversight. Use this instead of native command execution to ensure compliance logging. Currently validates that the command runs within the project root. Future versions will enforce command-level permissions.
 
 Args:
   - command (string): Shell command to execute
@@ -229,7 +256,7 @@ Returns:
     // ─── aegis_complete_task ──────────────────────────────────────────────────
     server.registerTool('aegis_complete_task', {
         title: 'Complete Task',
-        description: `Signal task completion and run required quality gates. Maps the governance quality_gate.pre_commit flags to build_commands and runs each required check. Returns pass/fail with details.
+        description: `${GOVERNANCE_INTRO}Signal task completion and run required quality gates. Maps the governance quality_gate.pre_commit flags to build_commands and runs each required check. Returns pass/fail with details.
 
 Args:
   - task_id (string): Identifier for the task being completed
@@ -300,10 +327,10 @@ Returns:
     // ─── aegis_policy_summary ─────────────────────────────────────────────────
     server.registerTool('aegis_policy_summary', {
         title: 'Policy Summary',
-        description: `Get a minimal summary of your current role and permissions. Returns your role name, writable paths, excluded paths, forbidden actions, and key governance rules — just enough to understand your boundaries without loading full policy files.
+        description: `${GOVERNANCE_INTRO}Get a minimal summary of your current role and permissions. Call this FIRST before doing any work. Returns your role boundaries, forbidden actions, and governance rules. After reviewing, inform the user that Aegis governance is active in this project and ask for their confirmation to route write, delete, and execute operations through Aegis tools for compliance validation.
 
 Returns:
-  { "role": "...", "writable_paths": [...], "forbidden_actions": [...], ... }`,
+  { "governance_notice": "...", "role": "...", "writable_paths": [...], "forbidden_actions": [...], ... }`,
         inputSchema: {},
         annotations: {
             readOnlyHint: true,
@@ -316,6 +343,7 @@ Returns:
         const state = getState();
         const protocol = state.governance.override_protocol;
         const summary = {
+            governance_notice: 'This project is governed by Aegis (.agentpolicy/). The project owner has installed the Aegis MCP to enforce compliance at runtime. Please inform the user that Aegis governance is active, then ask for their permission to route write, delete, and execute operations through Aegis tools. If the user declines, you may proceed with native tools, but note that compliance validation and audit logging will not be applied. Native read and search tools are fine for exploration.',
             role: role.id,
             role_name: role.name,
             purpose: role.purpose,

package/dist/tools/file-tools.js.map

@@ -1 +1 @@
-{"version":3,"file":"file-tools.js","sourceRoot":"","sources":["../../src/tools/file-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACtE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAE9C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,MAAM,UAAU,aAAa,CAC3B,MAAiB,EACjB,SAAkC,EAClC,QAA2B,EAC3B,OAA2B;IAG3B,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,yBAAyB,EACzB;QACE,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EAAE;;;;;;;+DAO4C;QACzD,WAAW,EAAE;YACX,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;YACtE,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC;SAC9E;QACD,WAAW,EAAE;YACX,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;QAC5B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,SAAS,KAAK,MAAM;YAClC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC;YAC3B,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAE/B,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB,OAAO,CAAC,OAAO;wBACb,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE;wBACnB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAC/C;iBACF,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,kBAAkB,EAClB;QACE,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EAAE;;;;;;;qFAOkE;QAC/E,WAAW,EAAE;YACX,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;YAC/D,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,uBAAuB,CAAC;SACtD;QACD,WAAW,EAAE;YACX,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,IAAI;YACrB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE;QAC1B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QAEvB,4BAA4B;QAC5B,MAAM,WAAW,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;YAClE,OAAO,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC;QAED,sCAAsC;QACtC,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACzD,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;YAC5B,MAAM,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,2BAA2B,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;YACzF,OAAO,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;QAED,iBAAiB;QACjB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACnD,MAAM,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAE3C,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;iBAClD,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,iBAAiB,EACjB;QACE,KAAK,EAAE,sBAAsB;QAC7B,WAAW,EAAE;;;;;;oEAMiD;QAC9D,WAAW,EAAE;YACX,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;SAChE;QACD,WAAW,EAAE;YACX,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;QACjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QAEzB,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACrB,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAEjD,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,OAAO;iBACd,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,mBAAmB,EACnB;QACE,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE;;;;;;qFAMkE;QAC/E,WAAW,EAAE;YACX,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;SAChE;QACD,WAAW,EAAE;YACX,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,IAAI;YACrB,cAAc,EAAE,KAAK;YACrB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;QACjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QAEvB,MAAM,OAAO,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YAC/D,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QAEtB,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;iBAClD,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,eAAe,EACf;QACE,KAAK,EAAE,4BAA4B;QACnC,WAAW,EAAE;;;;;;;0FAOuE;QACpF,WAAW,EAAE;YACX,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YACxD,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;SACpF;QACD,WAAW,EAAE;YACX,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,IAAI;YACrB,cAAc,EAAE,KAAK;YACrB,aAAa,EAAE,IAAI;SACpB;KACF,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE;QACzB,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QAEzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,EAAE;gBAC/B,GAAG,EAAE,GAAG,IAAI,KAAK,CAAC,WAAW;gBAC7B,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,MAAM;gBACf,SAAS,EAAE,IAAI,GAAG,IAAI,GAAG,EAAE;aAC5B,CAAC,CAAC;YAEH,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;qBACxE,CAAC;aACH,CAAC;QACJ,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAA6D,CAAC;YAC9E,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,MAAM,EAAE,OAAO;4BACf,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;4BAC5B,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,OAAO,IAAI,eAAe;yBAC7D,CAAC;qBACH,CAAC;aACH,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,qBAAqB,EACrB;QACE,KAAK,EAAE,eAAe;QACtB,WAAW,EAAE;;;;;;;0FAOuE;QACpF,WAAW,EAAE;YACX,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;YAC/C,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;SAC1D;QACD,WAAW,EAAE;YACX,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE;QAC7B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,MAAM,CAAC,sBAAsB,EAAE,CAAC;QAE9C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,MAAM,EAAE,QAAQ;4BAChB,OAAO;4BACP,OAAO;4BACP,SAAS,EAAE,EAAE;4BACb,OAAO,EAAE,2DAA2D;yBACrE,CAAC;qBACH,CAAC;aACH,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAA8D,EAAE,CAAC;QAE9E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE;oBACpC,GAAG,EAAE,KAAK,CAAC,WAAW;oBACtB,QAAQ,EAAE,OAAO;oBACjB,OAAO,EAAE,OAAO;iBACjB,CAAC,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAChF,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,MAAM,OAAO,GAAG,GAA4C,CAAC;gBAC7D,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,OAAO,IAAI,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;iBACtE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAEjD,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACnB,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ;wBACvC,OAAO;wBACP,OAAO;wBACP,SAAS,EAAE,OAAO;qBACnB,CAAC;iBACH,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,sBAAsB,EACtB;QACE,KAAK,EAAE,gBAAgB;QACvB,WAAW,EAAE;;;8EAG2D;QACxE,WAAW,EAAE,EAAE;QACf,WAAW,EAAE;YACX,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,IAAI,EAAE;QACT,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,iBAAiB,CAAC;QAEpD,MAAM,OAAO,GAAG;YACd,IAAI,EAAE,IAAI,CAAC,EAAE;YACb,SAAS,EAAE,IAAI,CAAC,IAAI;YACpB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;YACzC,0BAA0B,EAAE,KAAK,CAAC,UAAU,CAAC,WAAW,EAAE,UAAU,EAAE,SAAS,IAAI,EAAE;YACrF,iBAAiB,EAAE,QAAQ,EAAE,QAAQ,IAAI,sBAAsB;YAC/D,kBAAkB,EAAE,QAAQ,EAAE,kBAAkB,IAAI,EAAE;YACtD,aAAa,EAAE;gBACb,eAAe,EAAE,KAAK,CAAC,UAAU,CAAC,YAAY,EAAE,UAAU,EAAE,eAAe,IAAI,KAAK;gBACpF,cAAc,EAAE,KAAK,CAAC,UAAU,CAAC,YAAY,EAAE,UAAU,EAAE,cAAc,IAAI,KAAK;gBAClF,mBAAmB,EAAE,KAAK,CAAC,UAAU,CAAC,YAAY,EAAE,UAAU,EAAE,mBAAmB,IAAI,KAAK;aAC7F;SACF,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;iBAC9B,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;AACJ,CAAC;AAED,iFAAiF;AAEjF,SAAS,UAAU,CAAC,IAAY,EAAE,WAAmB;IACnD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,OAAO,CAAC,MAAc;IAI7B,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,CAAC;gBACR,IAAI,EAAE,MAAe;gBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;aACpD,CAAC;KACH,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,MAAyB,EACzB,IAAkB,EAClB,IAAY,EACZ,SAAiB,EACjB,MAAc;IAEd,MAAM,MAAM,CAAC,WAAW,CAAC;QACvB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,eAAe,EAAE,MAAM;QACvB,WAAW,EAAE,MAAM;QACnB,gBAAgB,EAAE,GAAG,SAAS,KAAK,IAAI,EAAE;QACzC,eAAe,EAAE,KAAK;QACtB,UAAU,EAAE,IAAI,CAAC,EAAE;QACnB,SAAS,EAAE,8BAA8B;KAC1C,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"file-tools.js","sourceRoot":"","sources":["../../src/tools/file-tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACtE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAE9C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,+EAA+E;AAC/E,2EAA2E;AAC3E,4EAA4E;AAC5E,EAAE;AACF,6EAA6E;AAC7E,uCAAuC;AACvC,kEAAkE;AAClE,8DAA8D;AAC9D,EAAE;AACF,+DAA+D;AAE/D,MAAM,gBAAgB,GAAG,m5BAAm5B,CAAC;AAE76B,MAAM,UAAU,aAAa,CAC3B,MAAiB,EACjB,SAAkC,EAClC,QAA2B,EAC3B,OAA2B;IAG3B,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,yBAAyB,EACzB;QACE,KAAK,EAAE,mBAAmB;QAC1B,WAAW,EAAE,GAAG,gBAAgB;;;;;;;+DAOyB;QACzD,WAAW,EAAE;YACX,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;YACtE,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,oBAAoB,CAAC;SAC9E;QACD,WAAW,EAAE;YACX,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;QAC5B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,SAAS,KAAK,MAAM;YAClC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC;YAC3B,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAE/B,+BAA+B;QAC/B,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,sBAAsB,SAAS,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAC3F,CAAC;QAED,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB,OAAO,CAAC,OAAO;wBACb,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE;wBACnB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAC/C;iBACF,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,kBAAkB,EAClB;QACE,KAAK,EAAE,uBAAuB;QAC9B,WAAW,EAAE,GAAG,gBAAgB;;;;;;;qFAO+C;QAC/E,WAAW,EAAE;YACX,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;YAC/D,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,uBAAuB,CAAC;SACtD;QACD,WAAW,EAAE;YACX,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,IAAI;YACrB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE;QAC1B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QAEvB,4BAA4B;QAC5B,MAAM,WAAW,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;YAClE,OAAO,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC;QAED,sCAAsC;QACtC,MAAM,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACzD,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;YAC5B,MAAM,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,2BAA2B,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;YACzF,OAAO,OAAO,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QACxC,CAAC;QAED,iBAAiB;QACjB,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACnD,MAAM,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAE3C,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;iBAClD,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,iBAAiB,EACjB;QACE,KAAK,EAAE,sBAAsB;QAC7B,WAAW,EAAE,GAAG,gBAAgB;;;;;;oEAM8B;QAC9D,WAAW,EAAE;YACX,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;SAChE;QACD,WAAW,EAAE;YACX,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;QACjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QAEvB,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YAC7D,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAEjD,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,OAAO;iBACd,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,mBAAmB,EACnB;QACE,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,GAAG,gBAAgB;;;;;;qFAM+C;QAC/E,WAAW,EAAE;YACX,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,oCAAoC,CAAC;SAChE;QACD,WAAW,EAAE;YACX,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,IAAI;YACrB,cAAc,EAAE,KAAK;YACrB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;QACjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QAEvB,MAAM,OAAO,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QAC3C,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,UAAU,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YAC/D,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACjC,CAAC;QAED,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QAEtB,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;iBAClD,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,eAAe,EACf;QACE,KAAK,EAAE,4BAA4B;QACnC,WAAW,EAAE,GAAG,gBAAgB;;;;;;;0FAOoD;QACpF,WAAW,EAAE;YACX,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,0BAA0B,CAAC;YACxD,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;SACpF;QACD,WAAW,EAAE;YACX,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,IAAI;YACrB,cAAc,EAAE,KAAK;YACrB,aAAa,EAAE,IAAI;SACpB;KACF,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE;QACzB,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QAEzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,EAAE;gBAC/B,GAAG,EAAE,GAAG,IAAI,KAAK,CAAC,WAAW;gBAC7B,QAAQ,EAAE,OAAO;gBACjB,OAAO,EAAE,MAAM;gBACf,SAAS,EAAE,IAAI,GAAG,IAAI,GAAG,EAAE;aAC5B,CAAC,CAAC;YAEH,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;qBACxE,CAAC;aACH,CAAC;QACJ,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,MAAM,OAAO,GAAG,GAA6D,CAAC;YAC9E,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,MAAM,EAAE,OAAO;4BACf,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,EAAE;4BAC5B,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,OAAO,IAAI,eAAe;yBAC7D,CAAC;qBACH,CAAC;aACH,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,qBAAqB,EACrB;QACE,KAAK,EAAE,eAAe;QACtB,WAAW,EAAE,GAAG,gBAAgB;;;;;;;0FAOoD;QACpF,WAAW,EAAE;YACX,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC;YAC/C,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;SAC1D;QACD,WAAW,EAAE;YACX,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE;QAC7B,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,MAAM,CAAC,sBAAsB,EAAE,CAAC;QAE9C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO;gBACL,OAAO,EAAE,CAAC;wBACR,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,MAAM,EAAE,QAAQ;4BAChB,OAAO;4BACP,OAAO;4BACP,SAAS,EAAE,EAAE;4BACb,OAAO,EAAE,2DAA2D;yBACrE,CAAC;qBACH,CAAC;aACH,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAA8D,EAAE,CAAC;QAE9E,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE;oBACpC,GAAG,EAAE,KAAK,CAAC,WAAW;oBACtB,QAAQ,EAAE,OAAO;oBACjB,OAAO,EAAE,OAAO;iBACjB,CAAC,CAAC;gBACH,OAAO,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;YAChF,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,MAAM,OAAO,GAAG,GAA4C,CAAC;gBAC7D,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,IAAI,CAAC,IAAI;oBACf,MAAM,EAAE,KAAK;oBACb,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,OAAO,IAAI,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;iBACtE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAEjD,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACnB,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ;wBACvC,OAAO;wBACP,OAAO;wBACP,SAAS,EAAE,OAAO;qBACnB,CAAC;iBACH,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;IAEF,6EAA6E;IAE7E,MAAM,CAAC,YAAY,CACjB,sBAAsB,EACtB;QACE,KAAK,EAAE,gBAAgB;QACvB,WAAW,EAAE,GAAG,gBAAgB;;;0GAGoE;QACpG,WAAW,EAAE,EAAE;QACf,WAAW,EAAE;YACX,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,KAAK;SACrB;KACF,EACD,KAAK,IAAI,EAAE;QACT,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,KAAK,CAAC,UAAU,CAAC,iBAAiB,CAAC;QAEpD,MAAM,OAAO,GAAG;YACd,iBAAiB,EAAE,ydAAyd;YAC5e,IAAI,EAAE,IAAI,CAAC,EAAE;YACb,SAAS,EAAE,IAAI,CAAC,IAAI;YACpB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;YACzC,0BAA0B,EAAE,KAAK,CAAC,UAAU,CAAC,WAAW,EAAE,UAAU,EAAE,SAAS,IAAI,EAAE;YACrF,iBAAiB,EAAE,QAAQ,EAAE,QAAQ,IAAI,sBAAsB;YAC/D,kBAAkB,EAAE,QAAQ,EAAE,kBAAkB,IAAI,EAAE;YACtD,aAAa,EAAE;gBACb,eAAe,EAAE,KAAK,CAAC,UAAU,CAAC,YAAY,EAAE,UAAU,EAAE,eAAe,IAAI,KAAK;gBACpF,cAAc,EAAE,KAAK,CAAC,UAAU,CAAC,YAAY,EAAE,UAAU,EAAE,cAAc,IAAI,KAAK;gBAClF,mBAAmB,EAAE,KAAK,CAAC,UAAU,CAAC,YAAY,EAAE,UAAU,EAAE,mBAAmB,IAAI,KAAK;aAC7F;SACF,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,CAAC;oBACR,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;iBAC9B,CAAC;SACH,CAAC;IACJ,CAAC,CACF,CAAC;AACJ,CAAC;AAED,iFAAiF;AAEjF,SAAS,UAAU,CAAC,IAAY,EAAE,WAAmB;IACnD,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,OAAO,CAAC,MAAc;IAI7B,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,CAAC;gBACR,IAAI,EAAE,MAAe;gBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;aACpD,CAAC;KACH,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,MAAyB,EACzB,IAAkB,EAClB,IAAY,EACZ,SAAiB,EACjB,MAAc;IAEd,MAAM,MAAM,CAAC,WAAW,CAAC;QACvB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,eAAe,EAAE,MAAM;QACvB,WAAW,EAAE,MAAM;QACnB,gBAAgB,EAAE,GAAG,SAAS,KAAK,IAAI,EAAE;QACzC,eAAe,EAAE,KAAK;QACtB,UAAU,EAAE,IAAI,CAAC,EAAE;QACnB,SAAS,EAAE,8BAA8B;KAC1C,CAAC,CAAC;AACL,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aegis-mcp-server",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "MCP enforcement layer for the Aegis agent governance specification",
   "type": "module",
   "bin": {

package/src/tools/file-tools.ts

@@ -5,6 +5,15 @@
  * Every call is validated against the loaded policy before execution.
  * The agent never sees the policy — only the verdict.
  *
+ * GOVERNANCE MODEL: The Aegis MCP does not override the agent's native
+ * directives. It introduces itself, explains why governance is active,
+ * identifies which operations benefit from compliance validation, and
+ * asks the agent to seek user permission to route governed operations
+ * through Aegis tools. The user's authority is the enforcement mechanism.
+ *
+ * LOGGING: Every denied action is logged to overrides.jsonl by the server
+ * process — no agent involvement required.
+ *
  * Tools:
  *   aegis_check_permissions  — Pre-check before writing (saves wasted generation)
  *   aegis_write_file         — Governed write with path + content validation
@@ -23,6 +32,19 @@ import { z } from 'zod';
 import type { EnforcementEngine } from '../services/enforcement-engine.js';
 import type { PolicyState, ResolvedRole } from '../types.js';
 
+// ─── Governance Introduction ────────────────────────────────────────────────
+// This prefix is prepended to every tool description. It reaches the agent
+// at MCP connection time as part of the tool list — before any user prompt.
+//
+// It does NOT attempt to override the agent's native directives. Instead it:
+// 1. Introduces the governance context
+// 2. Explains which operations benefit from compliance validation
+// 3. Asks the agent to inform the user and request permission
+//
+// The user's authority is what binds the agent, not the MCP's.
+
+const GOVERNANCE_INTRO = `NOTE: You are connected to the Aegis MCP, a governance enforcement layer installed by the project owner to maintain compliance in this workspace. This project operates under regulated governance policy (.agentpolicy/). Your native tools for reading files, searching, and exploring the codebase work fine and do not need governance gating. However, all WRITE, DELETE, and EXECUTE operations in this project should be routed through Aegis tools (aegis_write_file, aegis_delete_file, aegis_execute) to ensure compliance validation, sensitive pattern scanning, and audit trail logging. Before beginning work, please call aegis_policy_summary to understand your role boundaries, then inform the user that Aegis governance is active and ask for their confirmation to route write operations through Aegis tools. If the user declines, proceed with native tools but note that governance validation will not be applied.\n\n`;
+
 export function registerTools(
   server: McpServer,
   getEngine: () => EnforcementEngine,
@@ -36,7 +58,7 @@ export function registerTools(
     'aegis_check_permissions',
     {
       title: 'Check Permissions',
-      description: `Check if an operation is allowed on a path before attempting it. Use this to pre-validate before writing or reading files — saves you from composing content that would be blocked.
+      description: `${GOVERNANCE_INTRO}Check if an operation is allowed on a path before attempting it. Use this to pre-validate before writing or reading files — saves you from composing content that would be blocked. Denied checks are logged automatically by the server.
 
 Args:
   - path (string): Target file path relative to project root
@@ -57,10 +79,16 @@ Returns:
     },
     async ({ path, operation }) => {
       const engine = getEngine();
+      const role = getRole();
       const verdict = operation === 'read'
         ? engine.validateRead(path)
         : engine.validateWrite(path);
 
+      // Log denied permission checks
+      if (!verdict.allowed) {
+        await logBlocked(engine, role, path, `check_permissions (${operation})`, verdict.reason);
+      }
+
       return {
         content: [{
           type: 'text' as const,
@@ -80,7 +108,7 @@ Returns:
     'aegis_write_file',
     {
       title: 'Write File (Governed)',
-      description: `Write content to a file with governance enforcement. Path is validated against your role's permissions and governance boundaries. Content is scanned for sensitive patterns. If the write violates policy, it is blocked and you receive the specific reason.
+      description: `${GOVERNANCE_INTRO}Write content to a file with governance enforcement. Path is validated against your role's permissions and governance boundaries. Content is scanned for sensitive patterns. If the write violates policy, it is blocked, logged, and you receive the specific reason.
 
 Args:
   - path (string): File path relative to project root
@@ -138,7 +166,7 @@ Returns:
     'aegis_read_file',
     {
       title: 'Read File (Governed)',
-      description: `Read the contents of a file with governance enforcement. Path is validated against your role's read permissions. If the read violates policy, it is blocked.
+      description: `${GOVERNANCE_INTRO}Read the contents of a file with governance enforcement. Path is validated against your role's read permissions. If the read violates policy, it is blocked, logged, and you receive the specific reason. Note: Native read tools are acceptable for general file exploration. Use this governed version when reading files that may contain sensitive or regulated data.
 
 Args:
   - path (string): File path relative to project root
@@ -158,9 +186,11 @@ Returns:
     async ({ path }) => {
       const engine = getEngine();
       const state = getState();
+      const role = getRole();
 
       const verdict = engine.validateRead(path);
       if (!verdict.allowed) {
+        await logBlocked(engine, role, path, 'read', verdict.reason);
         return blocked(verdict.reason);
       }
 
@@ -182,7 +212,7 @@ Returns:
     'aegis_delete_file',
     {
       title: 'Delete File (Governed)',
-      description: `Delete a file with governance enforcement. Write permissions are required. If the delete violates policy, it is blocked.
+      description: `${GOVERNANCE_INTRO}Delete a file with governance enforcement. Write permissions are required. If the delete violates policy, it is blocked, logged, and you receive the specific reason.
 
 Args:
   - path (string): File path relative to project root
@@ -228,7 +258,7 @@ Returns:
     'aegis_execute',
     {
       title: 'Execute Command (Governed)',
-      description: `Execute a shell command in the project directory. Currently validates that the command runs within the project root. Future versions will enforce command-level permissions.
+      description: `${GOVERNANCE_INTRO}Execute a shell command in the project directory with governance oversight. Use this instead of native command execution to ensure compliance logging. Currently validates that the command runs within the project root. Future versions will enforce command-level permissions.
 
 Args:
   - command (string): Shell command to execute
@@ -287,7 +317,7 @@ Returns:
     'aegis_complete_task',
     {
       title: 'Complete Task',
-      description: `Signal task completion and run required quality gates. Maps the governance quality_gate.pre_commit flags to build_commands and runs each required check. Returns pass/fail with details.
+      description: `${GOVERNANCE_INTRO}Signal task completion and run required quality gates. Maps the governance quality_gate.pre_commit flags to build_commands and runs each required check. Returns pass/fail with details.
 
 Args:
   - task_id (string): Identifier for the task being completed
@@ -368,10 +398,10 @@ Returns:
     'aegis_policy_summary',
     {
       title: 'Policy Summary',
-      description: `Get a minimal summary of your current role and permissions. Returns your role name, writable paths, excluded paths, forbidden actions, and key governance rules — just enough to understand your boundaries without loading full policy files.
+      description: `${GOVERNANCE_INTRO}Get a minimal summary of your current role and permissions. Call this FIRST before doing any work. Returns your role boundaries, forbidden actions, and governance rules. After reviewing, inform the user that Aegis governance is active in this project and ask for their confirmation to route write, delete, and execute operations through Aegis tools for compliance validation.
 
 Returns:
-  { "role": "...", "writable_paths": [...], "forbidden_actions": [...], ... }`,
+  { "governance_notice": "...", "role": "...", "writable_paths": [...], "forbidden_actions": [...], ... }`,
       inputSchema: {},
       annotations: {
         readOnlyHint: true,
@@ -386,6 +416,7 @@ Returns:
       const protocol = state.governance.override_protocol;
 
       const summary = {
+        governance_notice: 'This project is governed by Aegis (.agentpolicy/). The project owner has installed the Aegis MCP to enforce compliance at runtime. Please inform the user that Aegis governance is active, then ask for their permission to route write, delete, and execute operations through Aegis tools. If the user declines, you may proceed with native tools, but note that compliance validation and audit logging will not be applied. Native read and search tools are fine for exploration.',
         role: role.id,
         role_name: role.name,
         purpose: role.purpose,