agenshield 0.1.0

package/src/commands/setup.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Setup command
+ *
+ * Runs the interactive setup wizard to sandbox a target application.
+ * Supports presets (openclaw, custom) and configurable naming.
+ * With --ui flag, launches a web-based setup wizard.
+ */
+import { Command } from 'commander';
+/**
+ * Create the setup command
+ */
+export declare function createSetupCommand(): Command;
+//# sourceMappingURL=setup.d.ts.map

package/src/commands/setup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../../src/commands/setup.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA8HpC;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,OAAO,CA+E5C"}

package/src/commands/setup.js

@@ -0,0 +1,203 @@
+/**
+ * Setup command
+ *
+ * Runs the interactive setup wizard to sandbox a target application.
+ * Supports presets (openclaw, custom) and configurable naming.
+ * With --ui flag, launches a web-based setup wizard.
+ */
+import { Command } from 'commander';
+import React from 'react';
+import { render } from 'ink';
+import { WizardApp } from '../wizard/index.js';
+import { formatPresetList, getPreset } from '@agenshield/sandbox';
+import { createWizardEngine } from '../wizard/engine.js';
+/**
+ * Run the setup wizard (CLI/Ink mode)
+ */
+async function runSetup() {
+    const { waitUntilExit } = render(React.createElement(WizardApp));
+    await waitUntilExit();
+}
+/**
+ * Run the setup wizard in web UI mode
+ */
+async function runSetupWebUI(wizardOptions) {
+    const { createSetupServer } = await import('../setup-server/index.js');
+    console.log('');
+    console.log('  Starting Web UI Setup Wizard...');
+    console.log('');
+    // Create wizard engine and run detection phase BEFORE server starts
+    const engine = createWizardEngine(wizardOptions);
+    const detectionResult = await engine.runDetectionPhase();
+    if (!detectionResult.success) {
+        console.error(`  Detection failed: ${detectionResult.error}`);
+        process.exit(1);
+    }
+    if (engine.context.presetDetection?.found) {
+        console.log(`  Detected: ${engine.context.preset?.name ?? 'Unknown target'}`);
+    }
+    else if (engine.context.targetInstallable) {
+        console.log(`  No target found — Web UI will offer installation.`);
+    }
+    else {
+        console.error('  No supported target found. Use --target custom --entry-point <path> for custom applications.');
+        process.exit(1);
+    }
+    console.log('');
+    // Acquire sudo credentials now (in the terminal) before opening the browser,
+    // so the setup phase can use cached credentials without a TTY prompt.
+    if (!wizardOptions.dryRun) {
+        const { ensureSudoAccess } = await import('../utils/privileges.js');
+        ensureSudoAccess();
+    }
+    // Create and start the setup server on a different port than daemon (5200)
+    const server = createSetupServer(engine);
+    const port = 5200; // Setup wizard uses 5200, daemon uses 5200
+    const url = await server.start(port);
+    console.log(`  Setup wizard is running at: ${url}`);
+    console.log('');
+    console.log('  Opening browser...');
+    console.log('  (If the browser does not open, visit the URL above manually)');
+    console.log('');
+    // Open browser (macOS)
+    try {
+        const { exec } = await import('node:child_process');
+        exec(`open "${url}"`);
+    }
+    catch {
+        // Non-fatal — user can open the URL manually
+    }
+    // Wait for setup to complete or be cancelled (SIGINT/SIGTERM)
+    const completionOrSignal = Promise.race([
+        server.waitForCompletion(),
+        new Promise((resolve) => {
+            process.on('SIGINT', resolve);
+            process.on('SIGTERM', resolve);
+        }),
+    ]);
+    await completionOrSignal;
+    console.log('  Setup complete! Shutting down server...');
+    await server.stop();
+    // Stop any existing daemon first
+    console.log('  Stopping any existing daemon...');
+    const { startDaemon, stopDaemon } = await import('../utils/daemon.js');
+    await stopDaemon();
+    // Kill any process on port 5200 (daemon port)
+    try {
+        const { execSync } = await import('node:child_process');
+        execSync('lsof -i :5200 -t 2>/dev/null | xargs kill -9 2>/dev/null || true', { encoding: 'utf-8' });
+        await new Promise(r => setTimeout(r, 500));
+    }
+    catch { /* ignore */ }
+    // Start the daemon on port 5200
+    console.log('  Starting daemon...');
+    const daemonResult = await startDaemon();
+    if (daemonResult.success) {
+        console.log(`  Daemon started (PID: ${daemonResult.pid})`);
+        console.log(`  Dashboard available at: http://localhost:5200`);
+    }
+    else {
+        console.warn(`  Warning: ${daemonResult.message}`);
+    }
+    // Force exit after grace period
+    setTimeout(() => process.exit(0), 500).unref();
+}
+/**
+ * Build WizardOptions from CLI options
+ */
+function buildWizardOptions(options) {
+    const wizardOptions = {};
+    if (options['target'])
+        wizardOptions.targetPreset = options['target'];
+    if (options['entryPoint'])
+        wizardOptions.entryPoint = options['entryPoint'];
+    if (options['baseName'])
+        wizardOptions.baseName = options['baseName'];
+    if (options['prefix'])
+        wizardOptions.prefix = options['prefix'];
+    if (options['baseUid'])
+        wizardOptions.baseUid = options['baseUid'];
+    if (options['dryRun'])
+        wizardOptions.dryRun = true;
+    if (options['skipConfirm'])
+        wizardOptions.skipConfirm = true;
+    if (options['verbose'])
+        wizardOptions.verbose = true;
+    return wizardOptions;
+}
+/**
+ * Create the setup command
+ */
+export function createSetupCommand() {
+    const cmd = new Command('setup')
+        .description('Run the setup wizard to sandbox a target application')
+        .option('--target <preset>', 'Target preset to use: openclaw, custom (default: auto-detect)')
+        .option('--entry-point <path>', 'Entry point for custom target (Node.js file)')
+        .option('--base-name <name>', 'Base name for users/groups (default: agenshield)')
+        .option('--prefix <prefix>', 'Use a custom prefix for users/groups (for testing)')
+        .option('--base-uid <uid>', 'Base UID for created users', parseInt)
+        .option('--dry-run', 'Show what would be done without making changes')
+        .option('--skip-confirm', 'Skip confirmation prompts')
+        .option('-v, --verbose', 'Show verbose output')
+        .option('--list-presets', 'List available presets and exit')
+        .option('--cli', 'Use terminal/Ink UI instead of web browser')
+        .action(async (options) => {
+        // Handle --list-presets
+        if (options.listPresets) {
+            console.log(formatPresetList());
+            return;
+        }
+        // Validate --target option
+        if (options.target) {
+            const preset = getPreset(options.target);
+            if (!preset) {
+                console.error(`Error: Unknown preset '${options.target}'`);
+                console.error('');
+                console.error(formatPresetList());
+                process.exit(1);
+            }
+            // Custom preset requires --entry-point
+            if (options.target === 'custom' && !options.entryPoint) {
+                console.error('Error: --entry-point is required when using --target custom');
+                console.error('');
+                console.error('Example:');
+                console.error('  agenshield setup --target custom --entry-point /path/to/my-app/dist/index.js');
+                process.exit(1);
+            }
+        }
+        // Default to Web UI unless --cli is specified or env var opts out
+        if (!options.cli && process.env['AGENSHIELD_WEBUI_REQUESTED'] !== 'false') {
+            delete process.env['AGENSHIELD_WEBUI_REQUESTED'];
+            await runSetupWebUI(buildWizardOptions(options));
+            return;
+        }
+        // Store options in environment for wizard to pick up
+        if (options.target) {
+            process.env['AGENSHIELD_TARGET'] = options.target;
+        }
+        if (options.entryPoint) {
+            process.env['AGENSHIELD_ENTRY_POINT'] = options.entryPoint;
+        }
+        if (options.baseName) {
+            process.env['AGENSHIELD_BASE_NAME'] = options.baseName;
+        }
+        if (options.prefix) {
+            process.env['AGENSHIELD_PREFIX'] = options.prefix;
+        }
+        if (options.baseUid) {
+            process.env['AGENSHIELD_BASE_UID'] = String(options.baseUid);
+        }
+        if (options.dryRun) {
+            process.env['AGENSHIELD_DRY_RUN'] = 'true';
+        }
+        if (options.skipConfirm) {
+            process.env['AGENSHIELD_SKIP_CONFIRM'] = 'true';
+        }
+        if (options.verbose) {
+            process.env['AGENSHIELD_VERBOSE'] = 'true';
+        }
+        await runSetup();
+    });
+    return cmd;
+}
+//# sourceMappingURL=setup.js.map

package/src/commands/setup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.js","sourceRoot":"","sources":["../../../src/commands/setup.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,MAAM,EAAE,MAAM,KAAK,CAAC;AAC7B,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAGzD;;GAEG;AACH,KAAK,UAAU,QAAQ;IACrB,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC;IACjE,MAAM,aAAa,EAAE,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,aAAa,CAAC,aAA4B;IACvD,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;IAEvE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,oEAAoE;IACpE,MAAM,MAAM,GAAG,kBAAkB,CAAC,aAAa,CAAC,CAAC;IACjD,MAAM,eAAe,GAAG,MAAM,MAAM,CAAC,iBAAiB,EAAE,CAAC;IAEzD,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;QAC7B,OAAO,CAAC,KAAK,CAAC,uBAAuB,eAAe,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,EAAE,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,IAAI,gBAAgB,EAAE,CAAC,CAAC;IAChF,CAAC;SAAM,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;IACrE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,gGAAgG,CAAC,CAAC;QAChH,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,6EAA6E;IAC7E,sEAAsE;IACtE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;QAC1B,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;QACpE,gBAAgB,EAAE,CAAC;IACrB,CAAC;IAED,2EAA2E;IAC3E,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,2CAA2C;IAC9D,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAErC,OAAO,CAAC,GAAG,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,uBAAuB;IACvB,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACpD,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,6CAA6C;IAC/C,CAAC;IAED,8DAA8D;IAC9D,MAAM,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;QACtC,MAAM,CAAC,iBAAiB,EAAE;QAC1B,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;YAC5B,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAC9B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACjC,CAAC,CAAC;KACH,CAAC,CAAC;IAEH,MAAM,kBAAkB,CAAC;IACzB,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;IACzD,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC;IAEpB,iCAAiC;IACjC,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACjD,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACvE,MAAM,UAAU,EAAE,CAAC;IAEnB,8CAA8C;IAC9C,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACxD,QAAQ,CAAC,kEAAkE,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;QACpG,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IAExB,gCAAgC;IAChC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACpC,MAAM,YAAY,GAAG,MAAM,WAAW,EAAE,CAAC;IACzC,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,0BAA0B,YAAY,CAAC,GAAG,GAAG,CAAC,CAAC;QAC3D,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;IACjE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,IAAI,CAAC,cAAc,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,gCAAgC;IAChC,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,OAAgC;IAC1D,MAAM,aAAa,GAAkB,EAAE,CAAC;IACxC,IAAI,OAAO,CAAC,QAAQ,CAAC;QAAE,aAAa,CAAC,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAW,CAAC;IAChF,IAAI,OAAO,CAAC,YAAY,CAAC;QAAE,aAAa,CAAC,UAAU,GAAG,OAAO,CAAC,YAAY,CAAW,CAAC;IACtF,IAAI,OAAO,CAAC,UAAU,CAAC;QAAE,aAAa,CAAC,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAW,CAAC;IAChF,IAAI,OAAO,CAAC,QAAQ,CAAC;QAAE,aAAa,CAAC,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAW,CAAC;IAC1E,IAAI,OAAO,CAAC,SAAS,CAAC;QAAE,aAAa,CAAC,OAAO,GAAG,OAAO,CAAC,SAAS,CAAW,CAAC;IAC7E,IAAI,OAAO,CAAC,QAAQ,CAAC;QAAE,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC;IACnD,IAAI,OAAO,CAAC,aAAa,CAAC;QAAE,aAAa,CAAC,WAAW,GAAG,IAAI,CAAC;IAC7D,IAAI,OAAO,CAAC,SAAS,CAAC;QAAE,aAAa,CAAC,OAAO,GAAG,IAAI,CAAC;IACrD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,MAAM,GAAG,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC;SAC7B,WAAW,CAAC,sDAAsD,CAAC;SACnE,MAAM,CAAC,mBAAmB,EAAE,+DAA+D,CAAC;SAC5F,MAAM,CAAC,sBAAsB,EAAE,8CAA8C,CAAC;SAC9E,MAAM,CAAC,oBAAoB,EAAE,kDAAkD,CAAC;SAChF,MAAM,CAAC,mBAAmB,EAAE,oDAAoD,CAAC;SACjF,MAAM,CAAC,kBAAkB,EAAE,4BAA4B,EAAE,QAAQ,CAAC;SAClE,MAAM,CAAC,WAAW,EAAE,gDAAgD,CAAC;SACrE,MAAM,CAAC,gBAAgB,EAAE,2BAA2B,CAAC;SACrD,MAAM,CAAC,eAAe,EAAE,qBAAqB,CAAC;SAC9C,MAAM,CAAC,gBAAgB,EAAE,iCAAiC,CAAC;SAC3D,MAAM,CAAC,OAAO,EAAE,4CAA4C,CAAC;SAC7D,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,wBAAwB;QACxB,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC;YAChC,OAAO;QACT,CAAC;QAED,2BAA2B;QAC3B,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YACzC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,KAAK,CAAC,0BAA0B,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;gBAC3D,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBAClB,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;gBAClC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;YAED,uCAAuC;YACvC,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;gBACvD,OAAO,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;gBAC7E,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBAClB,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;gBAC1B,OAAO,CAAC,KAAK,CAAC,gFAAgF,CAAC,CAAC;gBAChG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAID,kEAAkE;QAClE,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,KAAK,OAAO,EAAE,CAAC;YAC1E,OAAO,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;YACjD,MAAM,aAAa,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC;YACjD,OAAO;QACT,CAAC;QAED,qDAAqD;QACrD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;QACpD,CAAC;QACD,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC;QAC7D,CAAC;QACD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,GAAG,OAAO,CAAC,QAAQ,CAAC;QACzD,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;QACpD,CAAC;QACD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,MAAM,CAAC;QAC7C,CAAC;QACD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,GAAG,MAAM,CAAC;QAClD,CAAC;QACD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,MAAM,CAAC;QAC7C,CAAC;QAED,MAAM,QAAQ,EAAE,CAAC;IACnB,CAAC,CAAC,CAAC;IAEL,OAAO,GAAG,CAAC;AACb,CAAC","sourcesContent":["/**\n * Setup command\n *\n * Runs the interactive setup wizard to sandbox a target application.\n * Supports presets (openclaw, custom) and configurable naming.\n * With --ui flag, launches a web-based setup wizard.\n */\n\nimport { Command } from 'commander';\nimport React from 'react';\nimport { render } from 'ink';\nimport { WizardApp } from '../wizard/index.js';\nimport { formatPresetList, getPreset } from '@agenshield/sandbox';\nimport { createWizardEngine } from '../wizard/engine.js';\nimport type { WizardOptions } from '../wizard/types.js';\n\n/**\n * Run the setup wizard (CLI/Ink mode)\n */\nasync function runSetup(): Promise<void> {\n  const { waitUntilExit } = render(React.createElement(WizardApp));\n  await waitUntilExit();\n}\n\n/**\n * Run the setup wizard in web UI mode\n */\nasync function runSetupWebUI(wizardOptions: WizardOptions): Promise<void> {\n  const { createSetupServer } = await import('../setup-server/index.js');\n\n  console.log('');\n  console.log('  Starting Web UI Setup Wizard...');\n  console.log('');\n\n  // Create wizard engine and run detection phase BEFORE server starts\n  const engine = createWizardEngine(wizardOptions);\n  const detectionResult = await engine.runDetectionPhase();\n\n  if (!detectionResult.success) {\n    console.error(`  Detection failed: ${detectionResult.error}`);\n    process.exit(1);\n  }\n\n  if (engine.context.presetDetection?.found) {\n    console.log(`  Detected: ${engine.context.preset?.name ?? 'Unknown target'}`);\n  } else if (engine.context.targetInstallable) {\n    console.log(`  No target found — Web UI will offer installation.`);\n  } else {\n    console.error('  No supported target found. Use --target custom --entry-point <path> for custom applications.');\n    process.exit(1);\n  }\n  console.log('');\n\n  // Acquire sudo credentials now (in the terminal) before opening the browser,\n  // so the setup phase can use cached credentials without a TTY prompt.\n  if (!wizardOptions.dryRun) {\n    const { ensureSudoAccess } = await import('../utils/privileges.js');\n    ensureSudoAccess();\n  }\n\n  // Create and start the setup server on a different port than daemon (5200)\n  const server = createSetupServer(engine);\n  const port = 5200; // Setup wizard uses 5200, daemon uses 5200\n  const url = await server.start(port);\n\n  console.log(`  Setup wizard is running at: ${url}`);\n  console.log('');\n  console.log('  Opening browser...');\n  console.log('  (If the browser does not open, visit the URL above manually)');\n  console.log('');\n\n  // Open browser (macOS)\n  try {\n    const { exec } = await import('node:child_process');\n    exec(`open \"${url}\"`);\n  } catch {\n    // Non-fatal — user can open the URL manually\n  }\n\n  // Wait for setup to complete or be cancelled (SIGINT/SIGTERM)\n  const completionOrSignal = Promise.race([\n    server.waitForCompletion(),\n    new Promise<void>((resolve) => {\n      process.on('SIGINT', resolve);\n      process.on('SIGTERM', resolve);\n    }),\n  ]);\n\n  await completionOrSignal;\n  console.log('  Setup complete! Shutting down server...');\n  await server.stop();\n\n  // Stop any existing daemon first\n  console.log('  Stopping any existing daemon...');\n  const { startDaemon, stopDaemon } = await import('../utils/daemon.js');\n  await stopDaemon();\n\n  // Kill any process on port 5200 (daemon port)\n  try {\n    const { execSync } = await import('node:child_process');\n    execSync('lsof -i :5200 -t 2>/dev/null | xargs kill -9 2>/dev/null || true', { encoding: 'utf-8' });\n    await new Promise(r => setTimeout(r, 500));\n  } catch { /* ignore */ }\n\n  // Start the daemon on port 5200\n  console.log('  Starting daemon...');\n  const daemonResult = await startDaemon();\n  if (daemonResult.success) {\n    console.log(`  Daemon started (PID: ${daemonResult.pid})`);\n    console.log(`  Dashboard available at: http://localhost:5200`);\n  } else {\n    console.warn(`  Warning: ${daemonResult.message}`);\n  }\n\n  // Force exit after grace period\n  setTimeout(() => process.exit(0), 500).unref();\n}\n\n/**\n * Build WizardOptions from CLI options\n */\nfunction buildWizardOptions(options: Record<string, unknown>): WizardOptions {\n  const wizardOptions: WizardOptions = {};\n  if (options['target']) wizardOptions.targetPreset = options['target'] as string;\n  if (options['entryPoint']) wizardOptions.entryPoint = options['entryPoint'] as string;\n  if (options['baseName']) wizardOptions.baseName = options['baseName'] as string;\n  if (options['prefix']) wizardOptions.prefix = options['prefix'] as string;\n  if (options['baseUid']) wizardOptions.baseUid = options['baseUid'] as number;\n  if (options['dryRun']) wizardOptions.dryRun = true;\n  if (options['skipConfirm']) wizardOptions.skipConfirm = true;\n  if (options['verbose']) wizardOptions.verbose = true;\n  return wizardOptions;\n}\n\n/**\n * Create the setup command\n */\nexport function createSetupCommand(): Command {\n  const cmd = new Command('setup')\n    .description('Run the setup wizard to sandbox a target application')\n    .option('--target <preset>', 'Target preset to use: openclaw, custom (default: auto-detect)')\n    .option('--entry-point <path>', 'Entry point for custom target (Node.js file)')\n    .option('--base-name <name>', 'Base name for users/groups (default: agenshield)')\n    .option('--prefix <prefix>', 'Use a custom prefix for users/groups (for testing)')\n    .option('--base-uid <uid>', 'Base UID for created users', parseInt)\n    .option('--dry-run', 'Show what would be done without making changes')\n    .option('--skip-confirm', 'Skip confirmation prompts')\n    .option('-v, --verbose', 'Show verbose output')\n    .option('--list-presets', 'List available presets and exit')\n    .option('--cli', 'Use terminal/Ink UI instead of web browser')\n    .action(async (options) => {\n      // Handle --list-presets\n      if (options.listPresets) {\n        console.log(formatPresetList());\n        return;\n      }\n\n      // Validate --target option\n      if (options.target) {\n        const preset = getPreset(options.target);\n        if (!preset) {\n          console.error(`Error: Unknown preset '${options.target}'`);\n          console.error('');\n          console.error(formatPresetList());\n          process.exit(1);\n        }\n\n        // Custom preset requires --entry-point\n        if (options.target === 'custom' && !options.entryPoint) {\n          console.error('Error: --entry-point is required when using --target custom');\n          console.error('');\n          console.error('Example:');\n          console.error('  agenshield setup --target custom --entry-point /path/to/my-app/dist/index.js');\n          process.exit(1);\n        }\n      }\n\n\n\n      // Default to Web UI unless --cli is specified or env var opts out\n      if (!options.cli && process.env['AGENSHIELD_WEBUI_REQUESTED'] !== 'false') {\n        delete process.env['AGENSHIELD_WEBUI_REQUESTED'];\n        await runSetupWebUI(buildWizardOptions(options));\n        return;\n      }\n\n      // Store options in environment for wizard to pick up\n      if (options.target) {\n        process.env['AGENSHIELD_TARGET'] = options.target;\n      }\n      if (options.entryPoint) {\n        process.env['AGENSHIELD_ENTRY_POINT'] = options.entryPoint;\n      }\n      if (options.baseName) {\n        process.env['AGENSHIELD_BASE_NAME'] = options.baseName;\n      }\n      if (options.prefix) {\n        process.env['AGENSHIELD_PREFIX'] = options.prefix;\n      }\n      if (options.baseUid) {\n        process.env['AGENSHIELD_BASE_UID'] = String(options.baseUid);\n      }\n      if (options.dryRun) {\n        process.env['AGENSHIELD_DRY_RUN'] = 'true';\n      }\n      if (options.skipConfirm) {\n        process.env['AGENSHIELD_SKIP_CONFIRM'] = 'true';\n      }\n      if (options.verbose) {\n        process.env['AGENSHIELD_VERBOSE'] = 'true';\n      }\n\n      await runSetup();\n    });\n\n  return cmd;\n}\n"]}

package/src/commands/status.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Status command
+ *
+ * Shows the current AgenShield installation and security status.
+ */
+import { Command } from 'commander';
+/**
+ * Create the status command
+ */
+export declare function createStatusCommand(): Command;
+//# sourceMappingURL=status.d.ts.map

package/src/commands/status.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.d.ts","sourceRoot":"","sources":["../../../src/commands/status.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAiDpC;;GAEG;AACH,wBAAgB,mBAAmB,IAAI,OAAO,CAgB7C"}

package/src/commands/status.js

@@ -0,0 +1,63 @@
+/**
+ * Status command
+ *
+ * Shows the current AgenShield installation and security status.
+ */
+import { Command } from 'commander';
+import { getEffectiveEnvForScanning } from '../utils/sudo-env.js';
+/**
+ * Show the current status
+ */
+async function showStatus() {
+    console.log('AgenShield Status');
+    console.log('=================\n');
+    const { detectOpenClaw, checkSecurityStatus } = await import('@agenshield/sandbox');
+    const detection = detectOpenClaw();
+    const security = checkSecurityStatus({ env: getEffectiveEnvForScanning() });
+    // Quick status indicators
+    const indicators = {
+        openclaw: detection.installation.found ? '✓' : '✗',
+        sandbox: security.sandboxUserExists ? '✓' : '○',
+        isolated: security.isIsolated ? '✓' : '○',
+        secrets: security.exposedSecrets.length === 0 ? '✓' : '⚠',
+    };
+    console.log(`OpenClaw:     ${indicators.openclaw} ${detection.installation.found ? `v${detection.installation.version || 'unknown'} (${detection.installation.method})` : 'Not installed'}`);
+    console.log(`Sandbox User: ${indicators.sandbox} ${security.sandboxUserExists ? 'Created' : 'Not created'}`);
+    console.log(`Isolation:    ${indicators.isolated} ${security.isIsolated ? 'Active' : 'Not active'}`);
+    console.log(`Secrets:      ${indicators.secrets} ${security.exposedSecrets.length === 0 ? 'Protected' : `${security.exposedSecrets.length} exposed`}`);
+    // Overall status
+    console.log('\n─────────────────────');
+    if (security.critical.length > 0) {
+        console.log('Status: ⛔ CRITICAL - Immediate action required');
+    }
+    else if (security.isIsolated) {
+        console.log('Status: ✅ SECURE');
+    }
+    else if (security.sandboxUserExists) {
+        console.log('Status: ⚠ PARTIAL - OpenClaw not running in sandbox');
+    }
+    else {
+        console.log('Status: ⚠ UNPROTECTED - Run "agenshield setup"');
+    }
+}
+/**
+ * Create the status command
+ */
+export function createStatusCommand() {
+    const cmd = new Command('status')
+        .description('Show current AgenShield status')
+        .option('-j, --json', 'Output as JSON')
+        .action(async (options) => {
+        if (options.json) {
+            const { detectOpenClaw, checkSecurityStatus } = await import('@agenshield/sandbox');
+            const detection = detectOpenClaw();
+            const security = checkSecurityStatus({ env: getEffectiveEnvForScanning() });
+            console.log(JSON.stringify({ detection, security }, null, 2));
+        }
+        else {
+            await showStatus();
+        }
+    });
+    return cmd;
+}
+//# sourceMappingURL=status.js.map

package/src/commands/status.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.js","sourceRoot":"","sources":["../../../src/commands/status.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,0BAA0B,EAAE,MAAM,sBAAsB,CAAC;AAElE;;GAEG;AACH,KAAK,UAAU,UAAU;IACvB,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAEnC,MAAM,EAAE,cAAc,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAEpF,MAAM,SAAS,GAAG,cAAc,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,mBAAmB,CAAC,EAAE,GAAG,EAAE,0BAA0B,EAAE,EAAE,CAAC,CAAC;IAE5E,0BAA0B;IAC1B,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;QAClD,OAAO,EAAE,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;QAC/C,QAAQ,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;QACzC,OAAO,EAAE,QAAQ,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;KAC1D,CAAC;IAEF,OAAO,CAAC,GAAG,CACT,iBAAiB,UAAU,CAAC,QAAQ,IAAI,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC,YAAY,CAAC,OAAO,IAAI,SAAS,KAAK,SAAS,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,eAAe,EAAE,CAChL,CAAC;IACF,OAAO,CAAC,GAAG,CACT,iBAAiB,UAAU,CAAC,OAAO,IAAI,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,aAAa,EAAE,CAChG,CAAC;IACF,OAAO,CAAC,GAAG,CACT,iBAAiB,UAAU,CAAC,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,YAAY,EAAE,CACxF,CAAC;IACF,OAAO,CAAC,GAAG,CACT,iBAAiB,UAAU,CAAC,OAAO,IAAI,QAAQ,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,cAAc,CAAC,MAAM,UAAU,EAAE,CAC1I,CAAC;IAEF,iBAAiB;IACjB,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;IACvC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IAChE,CAAC;SAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IAClC,CAAC;SAAM,IAAI,QAAQ,CAAC,iBAAiB,EAAE,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;IACrE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IAChE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,GAAG,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC;SAC9B,WAAW,CAAC,gCAAgC,CAAC;SAC7C,MAAM,CAAC,YAAY,EAAE,gBAAgB,CAAC;SACtC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,EAAE,cAAc,EAAE,mBAAmB,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;YACpF,MAAM,SAAS,GAAG,cAAc,EAAE,CAAC;YACnC,MAAM,QAAQ,GAAG,mBAAmB,CAAC,EAAE,GAAG,EAAE,0BAA0B,EAAE,EAAE,CAAC,CAAC;YAC5E,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QAChE,CAAC;aAAM,CAAC;YACN,MAAM,UAAU,EAAE,CAAC;QACrB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,OAAO,GAAG,CAAC;AACb,CAAC","sourcesContent":["/**\n * Status command\n *\n * Shows the current AgenShield installation and security status.\n */\n\nimport { Command } from 'commander';\nimport { getEffectiveEnvForScanning } from '../utils/sudo-env.js';\n\n/**\n * Show the current status\n */\nasync function showStatus(): Promise<void> {\n  console.log('AgenShield Status');\n  console.log('=================\\n');\n\n  const { detectOpenClaw, checkSecurityStatus } = await import('@agenshield/sandbox');\n\n  const detection = detectOpenClaw();\n  const security = checkSecurityStatus({ env: getEffectiveEnvForScanning() });\n\n  // Quick status indicators\n  const indicators = {\n    openclaw: detection.installation.found ? '✓' : '✗',\n    sandbox: security.sandboxUserExists ? '✓' : '○',\n    isolated: security.isIsolated ? '✓' : '○',\n    secrets: security.exposedSecrets.length === 0 ? '✓' : '⚠',\n  };\n\n  console.log(\n    `OpenClaw:     ${indicators.openclaw} ${detection.installation.found ? `v${detection.installation.version || 'unknown'} (${detection.installation.method})` : 'Not installed'}`\n  );\n  console.log(\n    `Sandbox User: ${indicators.sandbox} ${security.sandboxUserExists ? 'Created' : 'Not created'}`\n  );\n  console.log(\n    `Isolation:    ${indicators.isolated} ${security.isIsolated ? 'Active' : 'Not active'}`\n  );\n  console.log(\n    `Secrets:      ${indicators.secrets} ${security.exposedSecrets.length === 0 ? 'Protected' : `${security.exposedSecrets.length} exposed`}`\n  );\n\n  // Overall status\n  console.log('\\n─────────────────────');\n  if (security.critical.length > 0) {\n    console.log('Status: ⛔ CRITICAL - Immediate action required');\n  } else if (security.isIsolated) {\n    console.log('Status: ✅ SECURE');\n  } else if (security.sandboxUserExists) {\n    console.log('Status: ⚠ PARTIAL - OpenClaw not running in sandbox');\n  } else {\n    console.log('Status: ⚠ UNPROTECTED - Run \"agenshield setup\"');\n  }\n}\n\n/**\n * Create the status command\n */\nexport function createStatusCommand(): Command {\n  const cmd = new Command('status')\n    .description('Show current AgenShield status')\n    .option('-j, --json', 'Output as JSON')\n    .action(async (options) => {\n      if (options.json) {\n        const { detectOpenClaw, checkSecurityStatus } = await import('@agenshield/sandbox');\n        const detection = detectOpenClaw();\n        const security = checkSecurityStatus({ env: getEffectiveEnvForScanning() });\n        console.log(JSON.stringify({ detection, security }, null, 2));\n      } else {\n        await showStatus();\n      }\n    });\n\n  return cmd;\n}\n"]}

package/src/commands/uninstall.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Uninstall command
+ *
+ * Reverses the AgenShield installation and restores OpenClaw to its original state.
+ */
+import { Command } from 'commander';
+/**
+ * Create the uninstall command
+ */
+export declare function createUninstallCommand(): Command;
+//# sourceMappingURL=uninstall.d.ts.map

package/src/commands/uninstall.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"uninstall.d.ts","sourceRoot":"","sources":["../../../src/commands/uninstall.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAyKpC;;GAEG;AACH,wBAAgB,sBAAsB,IAAI,OAAO,CAWhD"}

package/src/commands/uninstall.js

@@ -0,0 +1,164 @@
+/**
+ * Uninstall command
+ *
+ * Reverses the AgenShield installation and restores OpenClaw to its original state.
+ */
+import { Command } from 'commander';
+import * as fs from 'node:fs';
+import * as os from 'node:os';
+import * as path from 'node:path';
+import * as readline from 'node:readline';
+import { ensureSudoAccess } from '../utils/privileges.js';
+import { stopDaemon } from '../utils/daemon.js';
+/**
+ * Run the uninstall process
+ */
+async function runUninstall(options) {
+    ensureSudoAccess();
+    const { canUninstall, restoreInstallation, forceUninstall } = await import('@agenshield/sandbox');
+    // Check if backup exists
+    const check = canUninstall();
+    // Handle --skip-backup flag for force uninstall without backup
+    if (options.skipBackup) {
+        console.log('\x1b[33mForce Uninstall (No Backup)\x1b[0m');
+        console.log('============================\n');
+        console.log('This will:');
+        console.log('  \x1b[33m->\x1b[0m Stop and remove agenshield daemon');
+        console.log('  \x1b[33m->\x1b[0m Delete any discovered sandbox users (ash_*)');
+        console.log('  \x1b[33m->\x1b[0m Delete any discovered workspace groups (ash_*_workspace)');
+        console.log('  \x1b[33m->\x1b[0m Remove guarded shell');
+        console.log('  \x1b[33m->\x1b[0m Delete /etc/agenshield configuration');
+        console.log('');
+        console.log('\x1b[31mWARNING: This will NOT restore OpenClaw to its original state!\x1b[0m');
+        console.log('');
+        if (!options.force) {
+            const rl = readline.createInterface({
+                input: process.stdin,
+                output: process.stdout,
+            });
+            const answer = await new Promise((resolve) => {
+                rl.question('Type FORCE to confirm: ', (answer) => {
+                    rl.close();
+                    resolve(answer);
+                });
+            });
+            if (answer !== 'FORCE') {
+                console.log('\nUninstall cancelled.');
+                process.exit(0);
+            }
+        }
+        console.log('\nForce uninstalling...\n');
+        const result = forceUninstall((progress) => {
+            const icon = progress.success ? '\x1b[32m✓\x1b[0m' : '\x1b[31m✗\x1b[0m';
+            console.log(`${icon} ${progress.step}: ${progress.message || progress.error || ''}`);
+        });
+        console.log('');
+        if (result.success) {
+            console.log('\x1b[32mForce uninstall complete!\x1b[0m');
+            console.log('AgenShield artifacts have been removed.');
+        }
+        else {
+            console.log('\x1b[31mForce uninstall failed!\x1b[0m');
+            console.log(result.error || 'Unknown error');
+            process.exit(1);
+        }
+        return;
+    }
+    if (!check.canUninstall || !check.backup) {
+        console.log('\x1b[31mNo backup found.\x1b[0m');
+        console.log('Cannot safely uninstall without a backup.');
+        console.log('The backup is created during "agenshield setup".');
+        console.log('');
+        console.log('To force uninstall without a backup, use:');
+        console.log('  \x1b[36msudo agenshield uninstall --skip-backup\x1b[0m');
+        process.exit(1);
+    }
+    const backup = check.backup;
+    // Show warning
+    console.log('\x1b[31mAgenShield Uninstall\x1b[0m');
+    console.log('====================\n');
+    console.log('This will:');
+    console.log('  \x1b[33m->\x1b[0m Stop and remove agenshield daemon');
+    console.log('  \x1b[33m->\x1b[0m Restore OpenClaw to original location');
+    console.log(`  \x1b[33m->\x1b[0m Delete sandbox user "${backup.sandboxUser.username}"`);
+    console.log('  \x1b[33m->\x1b[0m Remove guarded shell');
+    console.log('  \x1b[33m->\x1b[0m Delete /etc/agenshield configuration');
+    console.log('');
+    console.log(`Backup found: ${backup.timestamp}`);
+    console.log('');
+    console.log('\x1b[31mWARNING: This action cannot be undone!\x1b[0m');
+    console.log('');
+    // Skip confirmation if --force
+    if (!options.force) {
+        // Prompt for confirmation
+        const rl = readline.createInterface({
+            input: process.stdin,
+            output: process.stdout,
+        });
+        const answer = await new Promise((resolve) => {
+            rl.question('Type UNINSTALL to confirm: ', (answer) => {
+                rl.close();
+                resolve(answer);
+            });
+        });
+        if (answer !== 'UNINSTALL') {
+            console.log('\nUninstall cancelled.');
+            process.exit(0);
+        }
+    }
+    console.log('\nUninstalling...\n');
+    // Stop daemon first (handles launchctl, PID, port fallback)
+    console.log('Stopping daemon...');
+    const stopResult = await stopDaemon();
+    const stopIcon = stopResult.success ? '\x1b[32m✓\x1b[0m' : '\x1b[33m!\x1b[0m';
+    console.log(`${stopIcon} stop-daemon: ${stopResult.message}`);
+    console.log('');
+    // Run the uninstall process
+    const result = restoreInstallation(backup, (progress) => {
+        const icon = progress.success ? '\x1b[32m✓\x1b[0m' : '\x1b[31m✗\x1b[0m';
+        console.log(`${icon} ${progress.step}: ${progress.message || progress.error || ''}`);
+    });
+    console.log('');
+    if (result.success) {
+        console.log('\x1b[32mUninstall complete!\x1b[0m');
+        console.log('OpenClaw has been restored to its original location.');
+        console.log('Run "openclaw --version" to verify.');
+        // Offer to delete ~/.agenshield data directory
+        const agenshieldDir = path.join(os.homedir(), '.agenshield');
+        if (!options.force && fs.existsSync(agenshieldDir)) {
+            console.log('');
+            const rl2 = readline.createInterface({ input: process.stdin, output: process.stdout });
+            const deleteData = await new Promise((resolve) => {
+                rl2.question(`Delete ${agenshieldDir} to remove all data (config, vault, logs)? [y/N] `, (answer) => { rl2.close(); resolve(answer); });
+            });
+            if (deleteData.toLowerCase() === 'y' || deleteData.toLowerCase() === 'yes') {
+                fs.rmSync(agenshieldDir, { recursive: true, force: true });
+                console.log(`\x1b[32m✓\x1b[0m Deleted ${agenshieldDir}`);
+            }
+            else {
+                console.log(`Kept ${agenshieldDir} (contains config, vault, activity logs)`);
+            }
+        }
+    }
+    else {
+        console.log('\x1b[31mUninstall failed!\x1b[0m');
+        console.log(result.error || 'Unknown error');
+        console.log('Please check the errors above and try again.');
+        process.exit(1);
+    }
+}
+/**
+ * Create the uninstall command
+ */
+export function createUninstallCommand() {
+    const cmd = new Command('uninstall')
+        .description('Reverse isolation and restore OpenClaw')
+        .option('-f, --force', 'Skip confirmation prompt')
+        .option('--prefix <prefix>', 'Uninstall a specific prefixed installation')
+        .option('--skip-backup', 'Force uninstall without a backup (will not restore OpenClaw)')
+        .action(async (options) => {
+        await runUninstall(options);
+    });
+    return cmd;
+}
+//# sourceMappingURL=uninstall.js.map

package/src/commands/uninstall.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"uninstall.js","sourceRoot":"","sources":["../../../src/commands/uninstall.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD;;GAEG;AACH,KAAK,UAAU,YAAY,CAAC,OAAmE;IAC7F,gBAAgB,EAAE,CAAC;IAEnB,MAAM,EAAE,YAAY,EAAE,mBAAmB,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAElG,yBAAyB;IACzB,MAAM,KAAK,GAAG,YAAY,EAAE,CAAC;IAE7B,+DAA+D;IAC/D,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACvB,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;QACrE,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;QAC/E,OAAO,CAAC,GAAG,CAAC,8EAA8E,CAAC,CAAC;QAC5F,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;QACxE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,+EAA+E,CAAC,CAAC;QAC7F,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACnB,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;gBAClC,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;gBACnD,EAAE,CAAC,QAAQ,CAAC,yBAAyB,EAAE,CAAC,MAAM,EAAE,EAAE;oBAChD,EAAE,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO,CAAC,MAAM,CAAC,CAAC;gBAClB,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;gBACvB,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;QAEzC,MAAM,MAAM,GAAG,cAAc,CAAC,CAAC,QAAQ,EAAE,EAAE;YACzC,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,kBAAkB,CAAC;YACxE,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC,CAAC;QACvF,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEhB,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;YACxD,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;QACzD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,eAAe,CAAC,CAAC;YAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO;IACT,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,YAAY,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QACzC,OAAO,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,kDAAkD,CAAC,CAAC;QAChE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAE5B,eAAe;IACf,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACtC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC1B,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,2DAA2D,CAAC,CAAC;IACzE,OAAO,CAAC,GAAG,CAAC,4CAA4C,MAAM,CAAC,WAAW,CAAC,QAAQ,GAAG,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,iBAAiB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;IACrE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,+BAA+B;IAC/B,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,0BAA0B;QAC1B,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;YAClC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;YACnD,EAAE,CAAC,QAAQ,CAAC,6BAA6B,EAAE,CAAC,MAAM,EAAE,EAAE;gBACpD,EAAE,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,IAAI,MAAM,KAAK,WAAW,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;YACtC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAEnC,4DAA4D;IAC5D,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAClC,MAAM,UAAU,GAAG,MAAM,UAAU,EAAE,CAAC;IACtC,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,kBAAkB,CAAC;IAC9E,OAAO,CAAC,GAAG,CAAC,GAAG,QAAQ,iBAAiB,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,4BAA4B;IAC5B,MAAM,MAAM,GAAG,mBAAmB,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE;QACtD,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,kBAAkB,CAAC;QACxE,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,QAAQ,CAAC,OAAO,IAAI,QAAQ,CAAC,KAAK,IAAI,EAAE,EAAE,CAAC,CAAC;IACvF,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;QACpE,OAAO,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;QAEnD,+CAA+C;QAC/C,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,aAAa,CAAC,CAAC;QAC7D,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACnD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,MAAM,GAAG,GAAG,QAAQ,CAAC,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YACvF,MAAM,UAAU,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,EAAE;gBACvD,GAAG,CAAC,QAAQ,CACV,UAAU,aAAa,mDAAmD,EAC1E,CAAC,MAAM,EAAE,EAAE,GAAG,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAC9C,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,UAAU,CAAC,WAAW,EAAE,KAAK,GAAG,IAAI,UAAU,CAAC,WAAW,EAAE,KAAK,KAAK,EAAE,CAAC;gBAC3E,EAAE,CAAC,MAAM,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC3D,OAAO,CAAC,GAAG,CAAC,4BAA4B,aAAa,EAAE,CAAC,CAAC;YAC3D,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,QAAQ,aAAa,0CAA0C,CAAC,CAAC;YAC/E,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,eAAe,CAAC,CAAC;QAC7C,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;QAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,MAAM,GAAG,GAAG,IAAI,OAAO,CAAC,WAAW,CAAC;SACjC,WAAW,CAAC,wCAAwC,CAAC;SACrD,MAAM,CAAC,aAAa,EAAE,0BAA0B,CAAC;SACjD,MAAM,CAAC,mBAAmB,EAAE,4CAA4C,CAAC;SACzE,MAAM,CAAC,eAAe,EAAE,8DAA8D,CAAC;SACvF,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACxB,MAAM,YAAY,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEL,OAAO,GAAG,CAAC;AACb,CAAC","sourcesContent":["/**\n * Uninstall command\n *\n * Reverses the AgenShield installation and restores OpenClaw to its original state.\n */\n\nimport { Command } from 'commander';\nimport * as fs from 'node:fs';\nimport * as os from 'node:os';\nimport * as path from 'node:path';\nimport * as readline from 'node:readline';\nimport { ensureSudoAccess } from '../utils/privileges.js';\nimport { stopDaemon } from '../utils/daemon.js';\n\n/**\n * Run the uninstall process\n */\nasync function runUninstall(options: { force?: boolean; prefix?: string; skipBackup?: boolean }): Promise<void> {\n  ensureSudoAccess();\n\n  const { canUninstall, restoreInstallation, forceUninstall } = await import('@agenshield/sandbox');\n\n  // Check if backup exists\n  const check = canUninstall();\n\n  // Handle --skip-backup flag for force uninstall without backup\n  if (options.skipBackup) {\n    console.log('\\x1b[33mForce Uninstall (No Backup)\\x1b[0m');\n    console.log('============================\\n');\n    console.log('This will:');\n    console.log('  \\x1b[33m->\\x1b[0m Stop and remove agenshield daemon');\n    console.log('  \\x1b[33m->\\x1b[0m Delete any discovered sandbox users (ash_*)');\n    console.log('  \\x1b[33m->\\x1b[0m Delete any discovered workspace groups (ash_*_workspace)');\n    console.log('  \\x1b[33m->\\x1b[0m Remove guarded shell');\n    console.log('  \\x1b[33m->\\x1b[0m Delete /etc/agenshield configuration');\n    console.log('');\n    console.log('\\x1b[31mWARNING: This will NOT restore OpenClaw to its original state!\\x1b[0m');\n    console.log('');\n\n    if (!options.force) {\n      const rl = readline.createInterface({\n        input: process.stdin,\n        output: process.stdout,\n      });\n\n      const answer = await new Promise<string>((resolve) => {\n        rl.question('Type FORCE to confirm: ', (answer) => {\n          rl.close();\n          resolve(answer);\n        });\n      });\n\n      if (answer !== 'FORCE') {\n        console.log('\\nUninstall cancelled.');\n        process.exit(0);\n      }\n    }\n\n    console.log('\\nForce uninstalling...\\n');\n\n    const result = forceUninstall((progress) => {\n      const icon = progress.success ? '\\x1b[32m✓\\x1b[0m' : '\\x1b[31m✗\\x1b[0m';\n      console.log(`${icon} ${progress.step}: ${progress.message || progress.error || ''}`);\n    });\n\n    console.log('');\n\n    if (result.success) {\n      console.log('\\x1b[32mForce uninstall complete!\\x1b[0m');\n      console.log('AgenShield artifacts have been removed.');\n    } else {\n      console.log('\\x1b[31mForce uninstall failed!\\x1b[0m');\n      console.log(result.error || 'Unknown error');\n      process.exit(1);\n    }\n    return;\n  }\n\n  if (!check.canUninstall || !check.backup) {\n    console.log('\\x1b[31mNo backup found.\\x1b[0m');\n    console.log('Cannot safely uninstall without a backup.');\n    console.log('The backup is created during \"agenshield setup\".');\n    console.log('');\n    console.log('To force uninstall without a backup, use:');\n    console.log('  \\x1b[36msudo agenshield uninstall --skip-backup\\x1b[0m');\n    process.exit(1);\n  }\n\n  const backup = check.backup;\n\n  // Show warning\n  console.log('\\x1b[31mAgenShield Uninstall\\x1b[0m');\n  console.log('====================\\n');\n  console.log('This will:');\n  console.log('  \\x1b[33m->\\x1b[0m Stop and remove agenshield daemon');\n  console.log('  \\x1b[33m->\\x1b[0m Restore OpenClaw to original location');\n  console.log(`  \\x1b[33m->\\x1b[0m Delete sandbox user \"${backup.sandboxUser.username}\"`);\n  console.log('  \\x1b[33m->\\x1b[0m Remove guarded shell');\n  console.log('  \\x1b[33m->\\x1b[0m Delete /etc/agenshield configuration');\n  console.log('');\n  console.log(`Backup found: ${backup.timestamp}`);\n  console.log('');\n  console.log('\\x1b[31mWARNING: This action cannot be undone!\\x1b[0m');\n  console.log('');\n\n  // Skip confirmation if --force\n  if (!options.force) {\n    // Prompt for confirmation\n    const rl = readline.createInterface({\n      input: process.stdin,\n      output: process.stdout,\n    });\n\n    const answer = await new Promise<string>((resolve) => {\n      rl.question('Type UNINSTALL to confirm: ', (answer) => {\n        rl.close();\n        resolve(answer);\n      });\n    });\n\n    if (answer !== 'UNINSTALL') {\n      console.log('\\nUninstall cancelled.');\n      process.exit(0);\n    }\n  }\n\n  console.log('\\nUninstalling...\\n');\n\n  // Stop daemon first (handles launchctl, PID, port fallback)\n  console.log('Stopping daemon...');\n  const stopResult = await stopDaemon();\n  const stopIcon = stopResult.success ? '\\x1b[32m✓\\x1b[0m' : '\\x1b[33m!\\x1b[0m';\n  console.log(`${stopIcon} stop-daemon: ${stopResult.message}`);\n  console.log('');\n\n  // Run the uninstall process\n  const result = restoreInstallation(backup, (progress) => {\n    const icon = progress.success ? '\\x1b[32m✓\\x1b[0m' : '\\x1b[31m✗\\x1b[0m';\n    console.log(`${icon} ${progress.step}: ${progress.message || progress.error || ''}`);\n  });\n\n  console.log('');\n\n  if (result.success) {\n    console.log('\\x1b[32mUninstall complete!\\x1b[0m');\n    console.log('OpenClaw has been restored to its original location.');\n    console.log('Run \"openclaw --version\" to verify.');\n\n    // Offer to delete ~/.agenshield data directory\n    const agenshieldDir = path.join(os.homedir(), '.agenshield');\n    if (!options.force && fs.existsSync(agenshieldDir)) {\n      console.log('');\n      const rl2 = readline.createInterface({ input: process.stdin, output: process.stdout });\n      const deleteData = await new Promise<string>((resolve) => {\n        rl2.question(\n          `Delete ${agenshieldDir} to remove all data (config, vault, logs)? [y/N] `,\n          (answer) => { rl2.close(); resolve(answer); }\n        );\n      });\n\n      if (deleteData.toLowerCase() === 'y' || deleteData.toLowerCase() === 'yes') {\n        fs.rmSync(agenshieldDir, { recursive: true, force: true });\n        console.log(`\\x1b[32m✓\\x1b[0m Deleted ${agenshieldDir}`);\n      } else {\n        console.log(`Kept ${agenshieldDir} (contains config, vault, activity logs)`);\n      }\n    }\n  } else {\n    console.log('\\x1b[31mUninstall failed!\\x1b[0m');\n    console.log(result.error || 'Unknown error');\n    console.log('Please check the errors above and try again.');\n    process.exit(1);\n  }\n}\n\n/**\n * Create the uninstall command\n */\nexport function createUninstallCommand(): Command {\n  const cmd = new Command('uninstall')\n    .description('Reverse isolation and restore OpenClaw')\n    .option('-f, --force', 'Skip confirmation prompt')\n    .option('--prefix <prefix>', 'Uninstall a specific prefixed installation')\n    .option('--skip-backup', 'Force uninstall without a backup (will not restore OpenClaw)')\n    .action(async (options) => {\n      await runUninstall(options);\n    });\n\n  return cmd;\n}\n"]}

package/src/detect/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * OpenClaw detection module
+ *
+ * Re-exports from @agenshield/sandbox for backwards compatibility.
+ * The detection logic has been moved to shield-sandbox so it can
+ * be shared between the CLI and daemon.
+ */
+export { type InstallMethod, type OpenClawInstallation, type DetectionResult, type PrerequisitesResult, type SecurityStatus, detectOpenClaw, checkPrerequisites, checkSecurityStatus, } from '@agenshield/sandbox';
+//# sourceMappingURL=index.d.ts.map

package/src/detect/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/detect/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,oBAAoB,EACzB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,cAAc,EACnB,cAAc,EACd,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC"}

package/src/detect/index.js

@@ -0,0 +1,9 @@
+/**
+ * OpenClaw detection module
+ *
+ * Re-exports from @agenshield/sandbox for backwards compatibility.
+ * The detection logic has been moved to shield-sandbox so it can
+ * be shared between the CLI and daemon.
+ */
+export { detectOpenClaw, checkPrerequisites, checkSecurityStatus, } from '@agenshield/sandbox';
+//# sourceMappingURL=index.js.map

package/src/detect/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/detect/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAML,cAAc,EACd,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC","sourcesContent":["/**\n * OpenClaw detection module\n *\n * Re-exports from @agenshield/sandbox for backwards compatibility.\n * The detection logic has been moved to shield-sandbox so it can\n * be shared between the CLI and daemon.\n */\n\nexport {\n  type InstallMethod,\n  type OpenClawInstallation,\n  type DetectionResult,\n  type PrerequisitesResult,\n  type SecurityStatus,\n  detectOpenClaw,\n  checkPrerequisites,\n  checkSecurityStatus,\n} from '@agenshield/sandbox';\n"]}

package/src/dev-tui/DevApp.d.ts

@@ -0,0 +1,13 @@
+/**
+ * DevApp - Root TUI component for dev mode.
+ *
+ * Manages phase-driven rendering: ready → prompting → running_action → viewing_logs.
+ */
+import React from 'react';
+import type { DevState } from './state.js';
+interface DevAppProps {
+    devState: DevState;
+}
+export declare function DevApp({ devState }: DevAppProps): React.JSX.Element;
+export {};
+//# sourceMappingURL=DevApp.d.ts.map

package/src/dev-tui/DevApp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DevApp.d.ts","sourceRoot":"","sources":["../../../src/dev-tui/DevApp.tsx"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAA2C,MAAM,OAAO,CAAC;AAUhE,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAM3C,UAAU,WAAW;IACnB,QAAQ,EAAE,QAAQ,CAAC;CACpB;AAED,wBAAgB,MAAM,CAAC,EAAE,QAAQ,EAAE,EAAE,WAAW,qBA8I/C"}