agent-gov-core 0.3.1

package/dist/jsonc.js

@@ -0,0 +1,117 @@
+import { readFileSync } from 'node:fs';
+/**
+ * Strip `//` line comments, `/* ... *\/` block comments, and trailing commas from JSONC,
+ * preserving byte offsets (replacement is space-filled, newlines preserved) so downstream
+ * line locators still match the original `text`.
+ */
+export function stripJsonComments(input) {
+    const len = input.length;
+    const out = new Array(len);
+    let i = 0;
+    let inString = null;
+    let escape = false;
+    while (i < len) {
+        const ch = input[i];
+        if (inString) {
+            out[i] = ch;
+            if (escape) {
+                escape = false;
+            }
+            else if (ch === '\\') {
+                escape = true;
+            }
+            else if (ch === inString) {
+                inString = null;
+            }
+            i++;
+            continue;
+        }
+        if (ch === '"') {
+            inString = '"';
+            out[i] = ch;
+            i++;
+            continue;
+        }
+        if (ch === '/' && i + 1 < len) {
+            const next = input[i + 1];
+            if (next === '/') {
+                // line comment until newline (exclusive)
+                let j = i;
+                while (j < len && input[j] !== '\n' && input[j] !== '\r') {
+                    out[j] = ' ';
+                    j++;
+                }
+                i = j;
+                continue;
+            }
+            if (next === '*') {
+                let j = i;
+                // replace until end of block comment (inclusive of */)
+                const end = input.indexOf('*/', i + 2);
+                const stop = end === -1 ? len : end + 2;
+                while (j < stop) {
+                    const c = input[j];
+                    out[j] = c === '\n' || c === '\r' ? c : ' ';
+                    j++;
+                }
+                i = j;
+                continue;
+            }
+        }
+        out[i] = ch;
+        i++;
+    }
+    let result = out.join('');
+    // Strip trailing commas: `,` followed by optional whitespace then `}` or `]`.
+    // Only outside strings — but at this point we've reconstructed the source character-by-character,
+    // and the only commas we want to elide are structural ones. A safe pass: walk again with string-state.
+    result = stripTrailingCommas(result);
+    return result;
+}
+function stripTrailingCommas(input) {
+    const len = input.length;
+    const out = input.split('');
+    let inString = null;
+    let escape = false;
+    for (let i = 0; i < len; i++) {
+        const ch = out[i];
+        if (inString) {
+            if (escape)
+                escape = false;
+            else if (ch === '\\')
+                escape = true;
+            else if (ch === inString)
+                inString = null;
+            continue;
+        }
+        if (ch === '"') {
+            inString = '"';
+            continue;
+        }
+        if (ch === ',') {
+            let j = i + 1;
+            while (j < len && /\s/.test(out[j]))
+                j++;
+            if (j < len && (out[j] === '}' || out[j] === ']')) {
+                out[i] = ' ';
+            }
+        }
+    }
+    return out.join('');
+}
+/**
+ * Read a JSONC file and return both the parsed value and the original text.
+ * The original text is preserved exactly so line locators can operate on it.
+ */
+export function readJsonObjectWithSource(path) {
+    const text = readFileSync(path, 'utf8');
+    try {
+        const stripped = stripJsonComments(text);
+        const json = JSON.parse(stripped);
+        return { json, text };
+    }
+    catch (err) {
+        return { json: undefined, text, parseError: err };
+    }
+}
+//# sourceMappingURL=jsonc.js.map

package/dist/jsonc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jsonc.js","sourceRoot":"","sources":["../src/jsonc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAWvC;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAa;IAC7C,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC;IACzB,MAAM,GAAG,GAAa,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,IAAI,QAAQ,GAAqB,IAAI,CAAC;IACtC,IAAI,MAAM,GAAG,KAAK,CAAC;IAEnB,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QAErB,IAAI,QAAQ,EAAE,CAAC;YACb,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YACZ,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,GAAG,KAAK,CAAC;YACjB,CAAC;iBAAM,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;gBACvB,MAAM,GAAG,IAAI,CAAC;YAChB,CAAC;iBAAM,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;gBAC3B,QAAQ,GAAG,IAAI,CAAC;YAClB,CAAC;YACD,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,QAAQ,GAAG,GAAG,CAAC;YACf,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YACZ,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,IAAI,EAAE,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC;YAC3B,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjB,yCAAyC;gBACzC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACV,OAAO,CAAC,GAAG,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBACzD,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;oBACb,CAAC,EAAE,CAAC;gBACN,CAAC;gBACD,CAAC,GAAG,CAAC,CAAC;gBACN,SAAS;YACX,CAAC;YACD,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBACjB,IAAI,CAAC,GAAG,CAAC,CAAC;gBACV,uDAAuD;gBACvD,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvC,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;gBACxC,OAAO,CAAC,GAAG,IAAI,EAAE,CAAC;oBAChB,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;oBACpB,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;oBAC5C,CAAC,EAAE,CAAC;gBACN,CAAC;gBACD,CAAC,GAAG,CAAC,CAAC;gBACN,SAAS;YACX,CAAC;QACH,CAAC;QAED,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QACZ,CAAC,EAAE,CAAC;IACN,CAAC;IAED,IAAI,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAE1B,8EAA8E;IAC9E,kGAAkG;IAClG,uGAAuG;IACvG,MAAM,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACrC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa;IACxC,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC;IACzB,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC5B,IAAI,QAAQ,GAAe,IAAI,CAAC;IAChC,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAE,CAAC;QACnB,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,MAAM;gBAAE,MAAM,GAAG,KAAK,CAAC;iBACtB,IAAI,EAAE,KAAK,IAAI;gBAAE,MAAM,GAAG,IAAI,CAAC;iBAC/B,IAAI,EAAE,KAAK,QAAQ;gBAAE,QAAQ,GAAG,IAAI,CAAC;YAC1C,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,QAAQ,GAAG,GAAG,CAAC;YACf,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,OAAO,CAAC,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC;gBAAE,CAAC,EAAE,CAAC;YAC1C,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,EAAE,CAAC;gBAClD,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;YACf,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACtB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB,CAAC,IAAY;IACnD,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACxC,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAY,CAAC;QAC7C,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,GAAY,EAAE,CAAC;IAC7D,CAAC;AACH,CAAC"}

package/dist/locators.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Line locators operate on the *original* source text — JSONC strip-comments
+ * is position-preserving so offsets line up.
+ *
+ * All returned line numbers are 1-based. `0` is reserved for "not found"; callers
+ * generally treat that as "fall back to file-level annotation".
+ */
+export interface ByteRange {
+    /** Inclusive start offset. */
+    start: number;
+    /** Exclusive end offset. */
+    end: number;
+}
+/** 1-based line number for the first occurrence of `"key"` followed by `:`. */
+export declare function lineOfJsonKey(text: string, key: string, scope?: ByteRange): number;
+/**
+ * 1-based line number for the first JSON string value equal to `value`.
+ * If `scope` is supplied (a byte range), only matches inside that range count —
+ * this is the fix for the multi-server-ambiguity bug.
+ */
+export declare function lineOfJsonStringValue(text: string, value: string, scope?: ByteRange): number;
+/**
+ * 1-based line number for a TOML key. Supports dotted keys (`a.b.c`) — the
+ * locator points to the line where the *leaf* key is defined, scanning forward
+ * from the line of the matching `[a.b]` table header (or the start of the file
+ * for top-level keys). Bare and quoted leaf keys are both handled.
+ */
+export declare function lineOfTomlKey(text: string, dottedKey: string): number;
+//# sourceMappingURL=locators.d.ts.map

package/dist/locators.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"locators.d.ts","sourceRoot":"","sources":["../src/locators.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,SAAS;IACxB,8BAA8B;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,4BAA4B;IAC5B,GAAG,EAAE,MAAM,CAAC;CACb;AAED,+EAA+E;AAC/E,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,SAAS,GAAG,MAAM,CAGlF;AAED;;;;GAIG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,SAAS,GAAG,MAAM,CAG5F;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAwCrE"}

package/dist/locators.js

@@ -0,0 +1,127 @@
+/**
+ * Line locators operate on the *original* source text — JSONC strip-comments
+ * is position-preserving so offsets line up.
+ *
+ * All returned line numbers are 1-based. `0` is reserved for "not found"; callers
+ * generally treat that as "fall back to file-level annotation".
+ */
+/** 1-based line number for the first occurrence of `"key"` followed by `:`. */
+export function lineOfJsonKey(text, key, scope) {
+    const needle = `"${escapeForRegex(key)}"\\s*:`;
+    return findLineByRegex(text, new RegExp(needle), scope);
+}
+/**
+ * 1-based line number for the first JSON string value equal to `value`.
+ * If `scope` is supplied (a byte range), only matches inside that range count —
+ * this is the fix for the multi-server-ambiguity bug.
+ */
+export function lineOfJsonStringValue(text, value, scope) {
+    const needle = `"${escapeForRegex(value)}"`;
+    return findLineByRegex(text, new RegExp(needle), scope);
+}
+/**
+ * 1-based line number for a TOML key. Supports dotted keys (`a.b.c`) — the
+ * locator points to the line where the *leaf* key is defined, scanning forward
+ * from the line of the matching `[a.b]` table header (or the start of the file
+ * for top-level keys). Bare and quoted leaf keys are both handled.
+ */
+export function lineOfTomlKey(text, dottedKey) {
+    const parts = splitTomlDottedKey(dottedKey);
+    if (parts.length === 0)
+        return 0;
+    const leaf = parts[parts.length - 1];
+    const prefix = parts.slice(0, -1);
+    const lines = text.split(/\r?\n/);
+    // Find header range we're inside of.
+    let inTargetTable = prefix.length === 0;
+    let currentTable = [];
+    const targetHeader = prefix.join('.');
+    for (let i = 0; i < lines.length; i++) {
+        const raw = lines[i];
+        const trimmed = raw.trim();
+        const headerMatch = /^\[\[?\s*([^\]]+?)\s*\]\]?\s*(#.*)?$/.exec(trimmed);
+        if (headerMatch) {
+            currentTable = splitTomlDottedKey(headerMatch[1]);
+            inTargetTable = currentTable.join('.') === targetHeader;
+            continue;
+        }
+        if (!inTargetTable)
+            continue;
+        if (trimmed === '' || trimmed.startsWith('#'))
+            continue;
+        // Match leaf key at start of line: bare, "quoted", or 'literal'
+        const leafPattern = new RegExp(`^\\s*(?:${escapeForRegex(leaf)}|"${escapeForRegex(leaf)}"|'${escapeForRegex(leaf)}')\\s*(?:\\.|=)`);
+        if (leafPattern.test(raw))
+            return i + 1;
+        // Also: dotted key like `prefix.leaf = ...` defined at top-level
+        if (prefix.length > 0 && currentTable.length === 0) {
+            const dottedPattern = new RegExp(`^\\s*${escapeForRegex(dottedKey)}\\s*=`);
+            if (dottedPattern.test(raw))
+                return i + 1;
+        }
+    }
+    return 0;
+}
+function findLineByRegex(text, regex, scope) {
+    const haystack = scope ? text.slice(scope.start, scope.end) : text;
+    const m = regex.exec(haystack);
+    if (!m)
+        return 0;
+    const offset = (scope ? scope.start : 0) + m.index;
+    return lineOfOffset(text, offset);
+}
+function lineOfOffset(text, offset) {
+    let line = 1;
+    for (let i = 0; i < offset && i < text.length; i++) {
+        if (text[i] === '\n')
+            line++;
+    }
+    return line;
+}
+function escapeForRegex(s) {
+    return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+/** Split a TOML dotted key, honoring "quoted" and 'literal' parts. */
+function splitTomlDottedKey(input) {
+    const parts = [];
+    let i = 0;
+    const len = input.length;
+    while (i < len) {
+        while (i < len && (input[i] === ' ' || input[i] === '\t'))
+            i++;
+        if (i >= len)
+            break;
+        const c = input[i];
+        if (c === '"') {
+            i++;
+            const start = i;
+            while (i < len && input[i] !== '"') {
+                if (input[i] === '\\')
+                    i++;
+                i++;
+            }
+            parts.push(input.slice(start, i));
+            i++;
+        }
+        else if (c === "'") {
+            i++;
+            const start = i;
+            while (i < len && input[i] !== "'")
+                i++;
+            parts.push(input.slice(start, i));
+            i++;
+        }
+        else {
+            const start = i;
+            while (i < len && input[i] !== '.' && input[i] !== ' ' && input[i] !== '\t')
+                i++;
+            parts.push(input.slice(start, i));
+        }
+        while (i < len && (input[i] === ' ' || input[i] === '\t'))
+            i++;
+        if (i < len && input[i] === '.')
+            i++;
+    }
+    return parts;
+}
+//# sourceMappingURL=locators.js.map

package/dist/locators.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"locators.js","sourceRoot":"","sources":["../src/locators.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH,+EAA+E;AAC/E,MAAM,UAAU,aAAa,CAAC,IAAY,EAAE,GAAW,EAAE,KAAiB;IACxE,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC;IAC/C,OAAO,eAAe,CAAC,IAAI,EAAE,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;AAC1D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAY,EAAE,KAAa,EAAE,KAAiB;IAClF,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC;IAC5C,OAAO,eAAe,CAAC,IAAI,EAAE,IAAI,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,IAAY,EAAE,SAAiB;IAC3D,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAC5C,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;IACtC,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAElC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAElC,qCAAqC;IACrC,IAAI,aAAa,GAAG,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;IACxC,IAAI,YAAY,GAAa,EAAE,CAAC;IAChC,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACtB,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QAC3B,MAAM,WAAW,GAAG,sCAAsC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzE,IAAI,WAAW,EAAE,CAAC;YAChB,YAAY,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC,CAAC;YACnD,aAAa,GAAG,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,YAAY,CAAC;YACxD,SAAS;QACX,CAAC;QACD,IAAI,CAAC,aAAa;YAAE,SAAS;QAC7B,IAAI,OAAO,KAAK,EAAE,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAExD,gEAAgE;QAChE,MAAM,WAAW,GAAG,IAAI,MAAM,CAC5B,WAAW,cAAc,CAAC,IAAI,CAAC,KAAK,cAAc,CAAC,IAAI,CAAC,MAAM,cAAc,CAAC,IAAI,CAAC,iBAAiB,CACpG,CAAC;QACF,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAExC,iEAAiE;QACjE,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnD,MAAM,aAAa,GAAG,IAAI,MAAM,CAC9B,QAAQ,cAAc,CAAC,SAAS,CAAC,OAAO,CACzC,CAAC;YACF,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC;gBAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,KAAa,EAAE,KAAiB;IACrE,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACnE,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC/B,IAAI,CAAC,CAAC;QAAE,OAAO,CAAC,CAAC;IACjB,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;IACnD,OAAO,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,YAAY,CAAC,IAAY,EAAE,MAAc;IAChD,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnD,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI;YAAE,IAAI,EAAE,CAAC;IAC/B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,cAAc,CAAC,CAAS;IAC/B,OAAO,CAAC,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AAClD,CAAC;AAED,sEAAsE;AACtE,SAAS,kBAAkB,CAAC,KAAa;IACvC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC;IACzB,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;YAAE,CAAC,EAAE,CAAC;QAC/D,IAAI,CAAC,IAAI,GAAG;YAAE,MAAM;QACpB,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACpB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACd,CAAC,EAAE,CAAC;YACJ,MAAM,KAAK,GAAG,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACnC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI;oBAAE,CAAC,EAAE,CAAC;gBAC3B,CAAC,EAAE,CAAC;YACN,CAAC;YACD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;YAClC,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACrB,CAAC,EAAE,CAAC;YACJ,MAAM,KAAK,GAAG,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,CAAC,EAAE,CAAC;YACxC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;YAClC,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,CAAC;YACN,MAAM,KAAK,GAAG,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI;gBAAE,CAAC,EAAE,CAAC;YACjF,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;YAAE,CAAC,EAAE,CAAC;QAC/D,IAAI,CAAC,GAAG,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;YAAE,CAAC,EAAE,CAAC;IACvC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/mcp.d.ts

@@ -0,0 +1,32 @@
+export interface McpCommandSpec {
+    command?: string;
+    args?: readonly string[];
+    /** Some configs use a URL (SSE/remote MCP). */
+    url?: string;
+    env?: Readonly<Record<string, string>>;
+    cwd?: string;
+}
+/**
+ * Returns a canonical identity string for an MCP server command.
+ *
+ * Goals:
+ *  - Two specs that differ only in cosmetic ways (flag reordering, `.cmd`/`.exe`
+ *    on Windows, equivalent env var ordering) hash the same.
+ *  - Specs that differ in anything *load-bearing* (the executable, the URL, the
+ *    cwd, any env value, any non-neutral arg) hash differently.
+ *
+ * Non-goals:
+ *  - Understanding tool semantics. Two truly-different `--flag value` pairs hash
+ *    differently even if the tool would treat them equivalently.
+ *
+ * @example
+ * normalizeMcpCommand({ command: 'npx.cmd', args: ['-y', 'mcp-foo', '--token', 'abc'] });
+ * normalizeMcpCommand({ command: 'npx',     args: ['mcp-foo', '--token', 'abc']      });
+ * // → both produce the same canonical string
+ *
+ * @example
+ * normalizeMcpCommand({ url: 'https://example.com/mcp/' });
+ * // → 'url=https://example.com/mcp\nargs='
+ */
+export declare function normalizeMcpCommand(spec: McpCommandSpec): string;
+//# sourceMappingURL=mcp.d.ts.map

package/dist/mcp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp.d.ts","sourceRoot":"","sources":["../src/mcp.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACzB,+CAA+C;IAC/C,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACvC,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,cAAc,GAAG,MAAM,CA0BhE"}

package/dist/mcp.js

@@ -0,0 +1,120 @@
+/**
+ * Returns a canonical identity string for an MCP server command.
+ *
+ * Goals:
+ *  - Two specs that differ only in cosmetic ways (flag reordering, `.cmd`/`.exe`
+ *    on Windows, equivalent env var ordering) hash the same.
+ *  - Specs that differ in anything *load-bearing* (the executable, the URL, the
+ *    cwd, any env value, any non-neutral arg) hash differently.
+ *
+ * Non-goals:
+ *  - Understanding tool semantics. Two truly-different `--flag value` pairs hash
+ *    differently even if the tool would treat them equivalently.
+ *
+ * @example
+ * normalizeMcpCommand({ command: 'npx.cmd', args: ['-y', 'mcp-foo', '--token', 'abc'] });
+ * normalizeMcpCommand({ command: 'npx',     args: ['mcp-foo', '--token', 'abc']      });
+ * // → both produce the same canonical string
+ *
+ * @example
+ * normalizeMcpCommand({ url: 'https://example.com/mcp/' });
+ * // → 'url=https://example.com/mcp\nargs='
+ */
+export function normalizeMcpCommand(spec) {
+    const parts = [];
+    if (spec.url) {
+        parts.push(`url=${spec.url.trim().replace(/\/$/, '')}`);
+    }
+    if (spec.command) {
+        parts.push(`cmd=${normalizeExecutable(spec.command)}`);
+    }
+    const args = spec.args ?? [];
+    parts.push(`args=${canonicalizeArgs(args).join(' ')}`);
+    if (spec.cwd) {
+        parts.push(`cwd=${normalizePath(spec.cwd)}`);
+    }
+    if (spec.env) {
+        const env = Object.entries(spec.env)
+            .map(([k, v]) => `${k}=${v}`)
+            .sort();
+        parts.push(`env=${env.join('|')}`);
+    }
+    return parts.join('\n');
+}
+/** Strip `.cmd`/`.exe`/`.bat`/`.ps1` suffix and lowercase on Windows-style paths. */
+function normalizeExecutable(cmd) {
+    const trimmed = cmd.trim();
+    const base = trimmed.replace(/\\/g, '/');
+    const withoutSuffix = base.replace(/\.(cmd|exe|bat|ps1)$/i, '');
+    return withoutSuffix;
+}
+function normalizePath(p) {
+    return p.trim().replace(/\\/g, '/').replace(/\/+$/, '');
+}
+/**
+ * Boolean flags that don't change *what* runs, just confirmation/verbosity.
+ * Dropped before canonicalization so e.g. `npx -y foo@1.2.3` and `npx foo@1.2.3`
+ * normalize identically. Keep this list conservative — only flags whose presence
+ * vs. absence is provably neutral across the runners that show up in MCP configs
+ * (npx, uvx, pipx, node).
+ */
+const NEUTRAL_BOOLEAN_FLAGS = new Set(['-y', '--yes']);
+/**
+ * Sort *neutral* flag/value pairs so reordering doesn't change identity, but
+ * preserve the order of positional arguments (which are usually load-bearing —
+ * e.g. `npx <package> <subcommand>`).
+ *
+ * Heuristic: an argument starting with `-` is a flag. A flag followed by a
+ * non-flag is treated as `--flag value` and the pair is sorted together. We
+ * keep them in two buckets: positional (order-preserved) and flag-pairs (sorted).
+ *
+ * Neutral boolean flags (see NEUTRAL_BOOLEAN_FLAGS) are dropped entirely so they
+ * never absorb a trailing positional as a fake `--flag value` pair.
+ */
+function canonicalizeArgs(args) {
+    const filtered = args.filter((a) => !NEUTRAL_BOOLEAN_FLAGS.has(a));
+    const positional = [];
+    const flagPairs = [];
+    let sawFlag = false;
+    for (let i = 0; i < filtered.length; i++) {
+        const a = filtered[i];
+        if (a.startsWith('-')) {
+            sawFlag = true;
+            // `--key=value`
+            const eq = a.indexOf('=');
+            if (eq !== -1) {
+                flagPairs.push([a.slice(0, eq), a.slice(eq + 1)]);
+                continue;
+            }
+            const next = filtered[i + 1];
+            if (next !== undefined && !next.startsWith('-')) {
+                flagPairs.push([a, next]);
+                i++;
+            }
+            else {
+                flagPairs.push([a, null]);
+            }
+            continue;
+        }
+        if (sawFlag) {
+            // After flags have started, an unattached positional gets a deterministic position
+            // — push it into the sorted-pair bucket as a value-only entry keyed by itself.
+            flagPairs.push([`__pos__${a}`, null]);
+        }
+        else {
+            positional.push(a);
+        }
+    }
+    flagPairs.sort(([a], [b]) => (a < b ? -1 : a > b ? 1 : 0));
+    const out = [...positional];
+    for (const [k, v] of flagPairs) {
+        if (k.startsWith('__pos__'))
+            out.push(k.slice('__pos__'.length));
+        else if (v === null)
+            out.push(k);
+        else
+            out.push(`${k}=${v}`);
+    }
+    return out;
+}
+//# sourceMappingURL=mcp.js.map

package/dist/mcp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp.js","sourceRoot":"","sources":["../src/mcp.ts"],"names":[],"mappings":"AASA;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAoB;IACtD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACjB,KAAK,CAAC,IAAI,CAAC,OAAO,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,QAAQ,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEvD,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,KAAK,CAAC,IAAI,CAAC,OAAO,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;aACjC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;aAC5B,IAAI,EAAE,CAAC;QACV,KAAK,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,qFAAqF;AACrF,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IAC3B,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACzC,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC;IAChE,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;AAEvD;;;;;;;;;;;GAWG;AACH,SAAS,gBAAgB,CAAC,IAAuB;IAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACnE,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,SAAS,GAAmC,EAAE,CAAC;IAErD,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACzC,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAE,CAAC;QACvB,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,OAAO,GAAG,IAAI,CAAC;YACf,gBAAgB;YAChB,MAAM,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC1B,IAAI,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC;gBACd,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClD,SAAS;YACX,CAAC;YACD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC7B,IAAI,IAAI,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChD,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;gBAC1B,CAAC,EAAE,CAAC;YACN,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;YAC5B,CAAC;YACD,SAAS;QACX,CAAC;QACD,IAAI,OAAO,EAAE,CAAC;YACZ,mFAAmF;YACnF,+EAA+E;YAC/E,SAAS,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC;QACxC,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IAED,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3D,MAAM,GAAG,GAAa,CAAC,GAAG,UAAU,CAAC,CAAC;IACtC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,SAAS,EAAE,CAAC;QAC/B,IAAI,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC;YAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;aAC5D,IAAI,CAAC,KAAK,IAAI;YAAE,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;;YAC5B,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/shell.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Quote-aware split of a shell command into subcommands on `;`, `|`, `&&`, `||`.
+ * Does NOT execute the shell. Designed for static detection: SessionTrail's
+ * shell detector and future per-line CapabilityEcho rules call this to identify
+ * suspicious subcommands hidden behind chaining and basic obfuscation.
+ *
+ * @example
+ * tokenizeShell('echo hi && curl https://x.com/install.sh | bash');
+ * // → ['echo hi', 'curl https://x.com/install.sh', 'bash']
+ *
+ * tokenizeShell('echo "; not a separator"');
+ * // → ['echo "; not a separator"']
+ */
+export declare function tokenizeShell(command: string): string[];
+/**
+ * Returns the resolved command verb for a subcommand string. Strips wrapping
+ * quotes, escape backslashes, and the inert-double-quote obfuscation
+ * (`c""url` → `curl`, `c\\url` → `curl`).
+ *
+ * Returns an empty string if the input has no recognizable command head.
+ *
+ * @example
+ * getCommandHead('FOO=bar sudo curl -fsSL https://x.com');
+ * // → 'curl'
+ *
+ * getCommandHead('c""url -X POST');
+ * // → 'curl'
+ *
+ * getCommandHead('"/usr/bin/env" python3 -c "..."');
+ * // → '/usr/bin/env'
+ */
+export declare function getCommandHead(subcommand: string): string;
+//# sourceMappingURL=shell.d.ts.map

package/dist/shell.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shell.d.ts","sourceRoot":"","sources":["../src/shell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAuFvD;AAOD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAiBzD"}