agentaos 0.2.0

package/dist/lib/config.d.ts

@@ -0,0 +1,42 @@
+import { AgentaApi, HttpClient, ThresholdSigner } from '@agentaos/sdk';
+export interface SignerConfig {
+    version: 1;
+    serverUrl: string;
+    apiKey: string;
+    apiSecret?: string;
+    network?: string;
+    signerName: string;
+    ethAddress: string;
+    signerId?: string;
+    createdAt?: string;
+}
+export declare function getConfigDir(): string;
+export declare function getSignerConfigPath(name: string): string;
+export declare function validateSignerName(name: string): string | null;
+export declare function getDefaultSignerName(): string | null;
+export declare function setDefaultSigner(name: string): void;
+export declare function listSigners(): string[];
+export declare function resolveSignerName(explicit?: string): string;
+export declare function loadSignerConfig(name?: string): SignerConfig;
+export declare function saveSignerConfig(name: string, config: SignerConfig): void;
+export interface RecoveryMeta {
+    signerName: string;
+    signerId: string;
+    ethAddress: string;
+    serverUrl: string;
+    network?: string;
+    receivedAt: string;
+}
+export declare function saveRecoveryMeta(name: string, meta: RecoveryMeta): void;
+export declare function loadRecoveryMeta(name: string): RecoveryMeta | null;
+export declare function listRecoveryMetas(): RecoveryMeta[];
+export declare function resolveApiSecret(config: SignerConfig): string;
+export declare function createClientFromConfig(config: {
+    serverUrl: string;
+    apiKey: string;
+}): {
+    client: HttpClient;
+    api: AgentaApi;
+};
+export declare function createSignerFromConfig(config: SignerConfig): Promise<ThresholdSigner>;
+//# sourceMappingURL=config.d.ts.map

package/dist/lib/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAWA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAMvE,MAAM,WAAW,YAAY;IAC5B,OAAO,EAAE,CAAC,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;CACnB;AAQD,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAExD;AAQD,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAM9D;AAMD,wBAAgB,oBAAoB,IAAI,MAAM,GAAG,IAAI,CAIpD;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAGnD;AAMD,wBAAgB,WAAW,IAAI,MAAM,EAAE,CAetC;AAED,wBAAgB,iBAAiB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAc3D;AAMD,wBAAgB,gBAAgB,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,YAAY,CAO5D;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,GAAG,IAAI,CAMzE;AAMD,MAAM,WAAW,YAAY;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACnB;AAMD,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAMvE;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI,CAQlE;AAED,wBAAgB,iBAAiB,IAAI,YAAY,EAAE,CAalD;AAMD,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,YAAY,GAAG,MAAM,CAK7D;AAMD,wBAAgB,sBAAsB,CAAC,MAAM,EAAE;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,GAAG;IACtF,MAAM,EAAE,UAAU,CAAC;IACnB,GAAG,EAAE,SAAS,CAAC;CACf,CAIA;AAED,wBAAsB,sBAAsB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC,CAO3F"}

package/dist/lib/config.js

@@ -0,0 +1,163 @@
+import { existsSync, mkdirSync, readFileSync, readdirSync, renameSync, writeFileSync, } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { CGGMP24Scheme } from '@agentaos/engine';
+import { AgentaApi, HttpClient, ThresholdSigner } from '@agentaos/sdk';
+// ---------------------------------------------------------------------------
+// Paths
+// ---------------------------------------------------------------------------
+const CONFIG_DIR = join(homedir(), '.agenta');
+export function getConfigDir() {
+    return CONFIG_DIR;
+}
+export function getSignerConfigPath(name) {
+    return join(CONFIG_DIR, 'signers', `${name}.json`);
+}
+// ---------------------------------------------------------------------------
+// Name validation
+// ---------------------------------------------------------------------------
+const VALID_NAME_RE = /^[a-zA-Z0-9][a-zA-Z0-9_-]{0,63}$/;
+export function validateSignerName(name) {
+    if (!name)
+        return 'Account name cannot be empty';
+    if (!VALID_NAME_RE.test(name)) {
+        return 'Must be 1-64 chars: letters, numbers, hyphens, underscores. Start with alphanumeric.';
+    }
+    return null;
+}
+// ---------------------------------------------------------------------------
+// Default signer
+// ---------------------------------------------------------------------------
+export function getDefaultSignerName() {
+    const p = join(CONFIG_DIR, '.default');
+    if (!existsSync(p))
+        return null;
+    return readFileSync(p, 'utf-8').trim() || null;
+}
+export function setDefaultSigner(name) {
+    ensureDir(CONFIG_DIR);
+    writeFileSync(join(CONFIG_DIR, '.default'), `${name}\n`, { mode: 0o600 });
+}
+// ---------------------------------------------------------------------------
+// List / resolve signers
+// ---------------------------------------------------------------------------
+export function listSigners() {
+    const dir = join(CONFIG_DIR, 'signers');
+    if (!existsSync(dir))
+        return [];
+    return readdirSync(dir)
+        .filter((f) => f.endsWith('.json') && !f.endsWith('.recovery.json'))
+        .map((f) => f.replace(/\.json$/, ''))
+        .filter((name) => {
+        try {
+            const raw = readFileSync(getSignerConfigPath(name), 'utf-8');
+            const config = JSON.parse(raw);
+            return typeof config.serverUrl === 'string' && typeof config.apiKey === 'string';
+        }
+        catch {
+            return false;
+        }
+    });
+}
+export function resolveSignerName(explicit) {
+    if (explicit)
+        return explicit;
+    const defaultName = getDefaultSignerName();
+    if (defaultName)
+        return defaultName;
+    const signers = listSigners();
+    if (signers.length === 1)
+        return signers[0];
+    if (signers.length === 0) {
+        throw new Error('No accounts configured. Run `agenta init` first.');
+    }
+    throw new Error(`Multiple accounts found: ${signers.join(', ')}.\nUse --signer <name> or run \`agenta init\` to set a default.`);
+}
+// ---------------------------------------------------------------------------
+// Signer config I/O
+// ---------------------------------------------------------------------------
+export function loadSignerConfig(name) {
+    const signerName = resolveSignerName(name);
+    const p = getSignerConfigPath(signerName);
+    if (!existsSync(p)) {
+        throw new Error(`Account "${signerName}" not found. Run \`agenta init\` first.`);
+    }
+    return JSON.parse(readFileSync(p, 'utf-8'));
+}
+export function saveSignerConfig(name, config) {
+    ensureDir(join(CONFIG_DIR, 'signers'));
+    const p = getSignerConfigPath(name);
+    const tmp = `${p}.tmp`;
+    writeFileSync(tmp, JSON.stringify(config, null, '\t'), { mode: 0o600 });
+    renameSync(tmp, p);
+}
+function getRecoveryMetaPath(name) {
+    return join(CONFIG_DIR, 'signers', `${name}.recovery.json`);
+}
+export function saveRecoveryMeta(name, meta) {
+    ensureDir(join(CONFIG_DIR, 'signers'));
+    const p = getRecoveryMetaPath(name);
+    const tmp = `${p}.tmp`;
+    writeFileSync(tmp, JSON.stringify(meta, null, '\t'), { mode: 0o600 });
+    renameSync(tmp, p);
+}
+export function loadRecoveryMeta(name) {
+    const p = getRecoveryMetaPath(name);
+    if (!existsSync(p))
+        return null;
+    try {
+        return JSON.parse(readFileSync(p, 'utf-8'));
+    }
+    catch {
+        return null;
+    }
+}
+export function listRecoveryMetas() {
+    const dir = join(CONFIG_DIR, 'signers');
+    if (!existsSync(dir))
+        return [];
+    return readdirSync(dir)
+        .filter((f) => f.endsWith('.recovery.json'))
+        .map((f) => {
+        try {
+            return JSON.parse(readFileSync(join(dir, f), 'utf-8'));
+        }
+        catch {
+            return null;
+        }
+    })
+        .filter((m) => m !== null);
+}
+// ---------------------------------------------------------------------------
+// Secret resolution
+// ---------------------------------------------------------------------------
+export function resolveApiSecret(config) {
+    if (config.apiSecret)
+        return config.apiSecret;
+    throw new Error('No API secret found in config. Run `agenta init` to reconfigure with your API Secret from AgentaOS.');
+}
+// ---------------------------------------------------------------------------
+// Factories
+// ---------------------------------------------------------------------------
+export function createClientFromConfig(config) {
+    const client = new HttpClient({ baseUrl: config.serverUrl, apiKey: config.apiKey });
+    const api = new AgentaApi(client);
+    return { client, api };
+}
+export async function createSignerFromConfig(config) {
+    return ThresholdSigner.fromSecret({
+        apiSecret: resolveApiSecret(config),
+        serverUrl: config.serverUrl,
+        apiKey: config.apiKey,
+        scheme: new CGGMP24Scheme(),
+    });
+}
+// ---------------------------------------------------------------------------
+// Internal
+// ---------------------------------------------------------------------------
+function ensureDir(dir) {
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true, mode: 0o700 });
+    }
+}
+//# sourceMappingURL=config.js.map

package/dist/lib/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/lib/config.ts"],"names":[],"mappings":"AAAA,OAAO,EACN,UAAU,EACV,SAAS,EACT,YAAY,EACZ,WAAW,EACX,UAAU,EACV,aAAa,GACb,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAkBvE,8EAA8E;AAC9E,QAAQ;AACR,8EAA8E;AAE9E,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;AAE9C,MAAM,UAAU,YAAY;IAC3B,OAAO,UAAU,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC/C,OAAO,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC;AACpD,CAAC;AAED,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,MAAM,aAAa,GAAG,kCAAkC,CAAC;AAEzD,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC9C,IAAI,CAAC,IAAI;QAAE,OAAO,8BAA8B,CAAC;IACjD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/B,OAAO,sFAAsF,CAAC;IAC/F,CAAC;IACD,OAAO,IAAI,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,MAAM,UAAU,oBAAoB;IACnC,MAAM,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IACvC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,IAAI,IAAI,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC5C,SAAS,CAAC,UAAU,CAAC,CAAC;IACtB,aAAa,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,GAAG,IAAI,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E,MAAM,UAAU,WAAW;IAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACxC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IAChC,OAAO,WAAW,CAAC,GAAG,CAAC;SACrB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;SACnE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;SACpC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE;QAChB,IAAI,CAAC;YACJ,MAAM,GAAG,GAAG,YAAY,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;YAC7D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,OAAO,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC;QAClF,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,KAAK,CAAC;QACd,CAAC;IACF,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,QAAiB;IAClD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,WAAW,GAAG,oBAAoB,EAAE,CAAC;IAC3C,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC;IAEpC,MAAM,OAAO,GAAG,WAAW,EAAE,CAAC;IAC9B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,OAAO,CAAC,CAAC,CAAW,CAAC;IACtD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACrE,CAAC;IACD,MAAM,IAAI,KAAK,CACd,4BAA4B,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,iEAAiE,CAC/G,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,MAAM,UAAU,gBAAgB,CAAC,IAAa;IAC7C,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IAC3C,MAAM,CAAC,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC1C,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,YAAY,UAAU,yCAAyC,CAAC,CAAC;IAClF,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAiB,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,MAAoB;IAClE,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;IACvC,MAAM,CAAC,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;IACvB,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACxE,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;AACpB,CAAC;AAeD,SAAS,mBAAmB,CAAC,IAAY;IACxC,OAAO,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,GAAG,IAAI,gBAAgB,CAAC,CAAC;AAC7D,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,IAAkB;IAChE,SAAS,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;IACvC,MAAM,CAAC,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACpC,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;IACvB,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtE,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC5C,MAAM,CAAC,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACpC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAChC,IAAI,CAAC;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAiB,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;AACF,CAAC;AAED,MAAM,UAAU,iBAAiB;IAChC,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACxC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IAChC,OAAO,WAAW,CAAC,GAAG,CAAC;SACrB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;SAC3C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACV,IAAI,CAAC;YACJ,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAiB,CAAC;QACxE,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,IAAI,CAAC;QACb,CAAC;IACF,CAAC,CAAC;SACD,MAAM,CAAC,CAAC,CAAC,EAAqB,EAAE,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;AAChD,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,MAAM,UAAU,gBAAgB,CAAC,MAAoB;IACpD,IAAI,MAAM,CAAC,SAAS;QAAE,OAAO,MAAM,CAAC,SAAS,CAAC;IAC9C,MAAM,IAAI,KAAK,CACd,qGAAqG,CACrG,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,YAAY;AACZ,8EAA8E;AAE9E,MAAM,UAAU,sBAAsB,CAAC,MAA6C;IAInF,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACpF,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,MAAoB;IAChE,OAAO,eAAe,CAAC,UAAU,CAAC;QACjC,SAAS,EAAE,gBAAgB,CAAC,MAAM,CAAC;QACnC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,MAAM,EAAE,IAAI,aAAa,EAAE;KAC3B,CAAC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,WAAW;AACX,8EAA8E;AAE9E,SAAS,SAAS,CAAC,GAAW;IAC7B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAClD,CAAC;AACF,CAAC"}

package/dist/lib/erc20-abi.d.ts

@@ -0,0 +1,43 @@
+export declare const ERC20_ABI: readonly [{
+    readonly name: "transfer";
+    readonly type: "function";
+    readonly inputs: readonly [{
+        readonly name: "to";
+        readonly type: "address";
+    }, {
+        readonly name: "amount";
+        readonly type: "uint256";
+    }];
+    readonly outputs: readonly [{
+        readonly type: "bool";
+    }];
+    readonly stateMutability: "nonpayable";
+}, {
+    readonly name: "balanceOf";
+    readonly type: "function";
+    readonly inputs: readonly [{
+        readonly name: "account";
+        readonly type: "address";
+    }];
+    readonly outputs: readonly [{
+        readonly type: "uint256";
+    }];
+    readonly stateMutability: "view";
+}, {
+    readonly name: "decimals";
+    readonly type: "function";
+    readonly inputs: readonly [];
+    readonly outputs: readonly [{
+        readonly type: "uint8";
+    }];
+    readonly stateMutability: "view";
+}, {
+    readonly name: "symbol";
+    readonly type: "function";
+    readonly inputs: readonly [];
+    readonly outputs: readonly [{
+        readonly type: "string";
+    }];
+    readonly stateMutability: "view";
+}];
+//# sourceMappingURL=erc20-abi.d.ts.map

package/dist/lib/erc20-abi.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"erc20-abi.d.ts","sourceRoot":"","sources":["../../src/lib/erc20-abi.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgCZ,CAAC"}

package/dist/lib/erc20-abi.js

@@ -0,0 +1,34 @@
+export const ERC20_ABI = [
+    {
+        name: 'transfer',
+        type: 'function',
+        inputs: [
+            { name: 'to', type: 'address' },
+            { name: 'amount', type: 'uint256' },
+        ],
+        outputs: [{ type: 'bool' }],
+        stateMutability: 'nonpayable',
+    },
+    {
+        name: 'balanceOf',
+        type: 'function',
+        inputs: [{ name: 'account', type: 'address' }],
+        outputs: [{ type: 'uint256' }],
+        stateMutability: 'view',
+    },
+    {
+        name: 'decimals',
+        type: 'function',
+        inputs: [],
+        outputs: [{ type: 'uint8' }],
+        stateMutability: 'view',
+    },
+    {
+        name: 'symbol',
+        type: 'function',
+        inputs: [],
+        outputs: [{ type: 'string' }],
+        stateMutability: 'view',
+    },
+];
+//# sourceMappingURL=erc20-abi.js.map

package/dist/lib/erc20-abi.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"erc20-abi.js","sourceRoot":"","sources":["../../src/lib/erc20-abi.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,SAAS,GAAG;IACxB;QACC,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE;YACP,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE;YAC/B,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE;SACnC;QACD,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC3B,eAAe,EAAE,YAAY;KAC7B;IACD;QACC,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAC9C,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAC9B,eAAe,EAAE,MAAM;KACvB;IACD;QACC,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,EAAE;QACV,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC5B,eAAe,EAAE,MAAM;KACvB;IACD;QACC,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,EAAE;QACV,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC7B,eAAe,EAAE,MAAM;KACvB;CACQ,CAAC"}

package/dist/lib/errors.d.ts

@@ -0,0 +1,12 @@
+/** Matches MCP SDK's CallToolResult — index signature required by the Zod schema. */
+interface ToolResult {
+    [key: string]: unknown;
+    content: Array<{
+        type: 'text';
+        text: string;
+    }>;
+    isError?: boolean;
+}
+export declare function formatError(error: unknown, prefix: string): ToolResult;
+export {};
+//# sourceMappingURL=errors.d.ts.map

package/dist/lib/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../src/lib/errors.ts"],"names":[],"mappings":"AAOA,qFAAqF;AACrF,UAAU,UAAU;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IACvB,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/C,OAAO,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,GAAG,UAAU,CAoBtE"}

package/dist/lib/errors.js

@@ -0,0 +1,23 @@
+import { HttpClientError } from '@agentaos/sdk';
+export function formatError(error, prefix) {
+    if (error instanceof HttpClientError && error.statusCode === 403) {
+        const lines = [`${prefix}: policy violation`];
+        try {
+            const body = JSON.parse(error.body);
+            if (body.violations?.length) {
+                lines.push('');
+                lines.push('Policy violations:');
+                for (const v of body.violations) {
+                    lines.push(`  - [${v.type}] ${v.reason}`);
+                }
+            }
+        }
+        catch {
+            lines.push(error.body);
+        }
+        return { content: [{ type: 'text', text: lines.join('\n') }], isError: true };
+    }
+    const msg = error instanceof Error ? error.message : String(error);
+    return { content: [{ type: 'text', text: `${prefix}: ${msg}` }], isError: true };
+}
+//# sourceMappingURL=errors.js.map

package/dist/lib/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/lib/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAchD,MAAM,UAAU,WAAW,CAAC,KAAc,EAAE,MAAc;IACzD,IAAI,KAAK,YAAY,eAAe,IAAI,KAAK,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAClE,MAAM,KAAK,GAAG,CAAC,GAAG,MAAM,oBAAoB,CAAC,CAAC;QAC9C,IAAI,CAAC;YACJ,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAuC,CAAC;YAC1E,IAAI,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC;gBAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACf,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;gBACjC,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;oBACjC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC3C,CAAC;YACF,CAAC;QACF,CAAC;QAAC,MAAM,CAAC;YACR,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxB,CAAC;QACD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC/E,CAAC;IAED,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACnE,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,KAAK,GAAG,EAAE,EAAE,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAClF,CAAC"}

package/dist/lib/keychain.d.ts

@@ -0,0 +1,11 @@
+export declare function storeSession(token: string, serverUrl?: string, refreshToken?: string): Promise<void>;
+export declare function getSession(): Promise<string | null>;
+export declare function getRefreshToken(): Promise<string | null>;
+export declare function deleteSession(): Promise<boolean>;
+export declare function storeUserShare(signerName: string, shareBase64: string, target?: 'keychain' | 'file'): Promise<void>;
+export declare function getUserShare(signerName: string): Promise<string | null>;
+export declare function deleteUserShare(signerName: string): Promise<boolean>;
+export declare function isKeychainAvailable(): Promise<boolean>;
+/** Read the server URL stored alongside the session token (if present). */
+export declare function getSessionServerUrl(): Promise<string | null>;
+//# sourceMappingURL=keychain.d.ts.map

package/dist/lib/keychain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keychain.d.ts","sourceRoot":"","sources":["../../src/lib/keychain.ts"],"names":[],"mappings":"AAyCA,wBAAsB,YAAY,CACjC,KAAK,EAAE,MAAM,EACb,SAAS,CAAC,EAAE,MAAM,EAClB,YAAY,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,IAAI,CAAC,CAEf;AAED,wBAAsB,UAAU,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAEzD;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAE9D;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,OAAO,CAAC,CAEtD;AAMD,wBAAsB,cAAc,CACnC,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,MAAM,GAAE,UAAU,GAAG,MAAmB,GACtC,OAAO,CAAC,IAAI,CAAC,CAMf;AAED,wBAAsB,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAS7E;AAED,wBAAsB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAU1E;AAED,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,OAAO,CAAC,CAQ5D;AA8HD,2EAA2E;AAC3E,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CASlE"}

package/dist/lib/keychain.js

@@ -0,0 +1,216 @@
+import { execFileSync } from 'node:child_process';
+import { existsSync, mkdirSync, readFileSync, renameSync, unlinkSync, writeFileSync, } from 'node:fs';
+import { platform } from 'node:os';
+import { join } from 'node:path';
+import { getConfigDir } from './config.js';
+// ---------------------------------------------------------------------------
+// macOS login keychain via `security` CLI
+//
+// Same pattern as: gh (GitHub CLI), aws-vault, docker credential helper.
+// Uses the default (login) keychain — auto-unlocked on user login.
+//
+// We store with -T '' (empty trusted-app list) so macOS prompts the user
+// on every keychain read. On Macs with Touch ID this triggers biometric;
+// on Mac Mini / headless it shows a password dialog.
+//
+// If the keychain read fails (headless SSH without GUI, locked keychain),
+// getUserShare() falls through to the .user-share file fallback.
+// During `agenta init`, headless users should pick "Local file" storage.
+//
+// For SSH sessions: `security unlock-keychain` once per session, then
+// the approval dialog still fires per-item access (because -T '').
+// ---------------------------------------------------------------------------
+const SERVICE_NAME = 'agenta';
+// ---------------------------------------------------------------------------
+// Session (JWT) storage
+// ---------------------------------------------------------------------------
+// Session tokens use file storage only (~/.agenta/session.json, 0600).
+// No keychain — a short-lived JWT doesn't need biometric protection,
+// and keychain prompts add unnecessary friction for admin ops.
+export async function storeSession(token, serverUrl, refreshToken) {
+    storeSessionToFile(token, serverUrl, refreshToken);
+}
+export async function getSession() {
+    return loadSessionFromFile();
+}
+export async function getRefreshToken() {
+    return loadRefreshTokenFromFile();
+}
+export async function deleteSession() {
+    return deleteSessionFile();
+}
+// ---------------------------------------------------------------------------
+// Public API — User Shares
+// ---------------------------------------------------------------------------
+export async function storeUserShare(signerName, shareBase64, target = 'keychain') {
+    if (target === 'keychain') {
+        macKeychainSet(signerName, shareBase64);
+        return;
+    }
+    storeUserShareToFile(signerName, shareBase64);
+}
+export async function getUserShare(signerName) {
+    if (isMacOS()) {
+        try {
+            return macKeychainGet(signerName);
+        }
+        catch {
+            // Keychain locked, headless, or user denied → fall through to file
+        }
+    }
+    return loadUserShareFromFile(signerName);
+}
+export async function deleteUserShare(signerName) {
+    if (isMacOS()) {
+        try {
+            macKeychainDelete(signerName);
+            return true;
+        }
+        catch {
+            // fall through to file
+        }
+    }
+    return deleteUserShareFile(signerName);
+}
+export async function isKeychainAvailable() {
+    if (!isMacOS())
+        return false;
+    try {
+        execFileSync('security', ['help'], { stdio: 'ignore' });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+// ---------------------------------------------------------------------------
+// macOS Keychain
+// ---------------------------------------------------------------------------
+function isMacOS() {
+    return platform() === 'darwin';
+}
+function macKeychainSet(account, secret) {
+    // -U     = upsert (update if exists, add if not). Atomic, no delete-then-add race.
+    // -T ''  = empty trusted-app list → forces Touch ID / password on every read.
+    //          Used for user shares (signing keys) — biometric gate for fund movement.
+    // -j     = comment shown in Keychain Access.app for user clarity.
+    execFileSync('security', [
+        'add-generic-password',
+        '-U',
+        '-s',
+        SERVICE_NAME,
+        '-a',
+        account,
+        '-w',
+        secret,
+        '-T',
+        '',
+        '-j',
+        'AgentaOS signing key',
+    ], { stdio: 'ignore' });
+}
+function macKeychainGet(account) {
+    try {
+        const result = execFileSync('security', ['find-generic-password', '-s', SERVICE_NAME, '-a', account, '-w'], { encoding: 'utf-8' });
+        return result.trim() || null;
+    }
+    catch {
+        return null;
+    }
+}
+function macKeychainDelete(account) {
+    execFileSync('security', ['delete-generic-password', '-s', SERVICE_NAME, '-a', account], {
+        stdio: 'ignore',
+    });
+}
+// ---------------------------------------------------------------------------
+// File-based fallback (Linux / Windows / CI / headless SSH)
+// ---------------------------------------------------------------------------
+function getUserShareFilePath(signerName) {
+    return join(getConfigDir(), 'signers', `${signerName}.user-share`);
+}
+function storeUserShareToFile(signerName, shareBase64) {
+    const p = getUserShareFilePath(signerName);
+    const tmpPath = `${p}.tmp`;
+    writeFileSync(tmpPath, shareBase64, { mode: 0o600 });
+    renameSync(tmpPath, p);
+}
+function loadUserShareFromFile(signerName) {
+    const p = getUserShareFilePath(signerName);
+    if (!existsSync(p))
+        return null;
+    return readFileSync(p, 'utf-8').trim();
+}
+function deleteUserShareFile(signerName) {
+    const p = getUserShareFilePath(signerName);
+    if (!existsSync(p))
+        return false;
+    unlinkSync(p);
+    return true;
+}
+// ---------------------------------------------------------------------------
+// File-based session fallback
+// ---------------------------------------------------------------------------
+function getSessionFilePath() {
+    return join(getConfigDir(), 'session.json');
+}
+function storeSessionToFile(token, serverUrl, refreshToken) {
+    const dir = getConfigDir();
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true, mode: 0o700 });
+    }
+    const p = getSessionFilePath();
+    const tmpPath = `${p}.tmp`;
+    const payload = { token, createdAt: new Date().toISOString() };
+    if (serverUrl)
+        payload.serverUrl = serverUrl;
+    if (refreshToken)
+        payload.refreshToken = refreshToken;
+    writeFileSync(tmpPath, JSON.stringify(payload), { mode: 0o600 });
+    renameSync(tmpPath, p);
+}
+function loadSessionFromFile() {
+    const p = getSessionFilePath();
+    if (!existsSync(p))
+        return null;
+    try {
+        const data = JSON.parse(readFileSync(p, 'utf-8'));
+        return data.token ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+function loadRefreshTokenFromFile() {
+    const p = getSessionFilePath();
+    if (!existsSync(p))
+        return null;
+    try {
+        const data = JSON.parse(readFileSync(p, 'utf-8'));
+        return data.refreshToken ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+/** Read the server URL stored alongside the session token (if present). */
+export async function getSessionServerUrl() {
+    const p = getSessionFilePath();
+    if (!existsSync(p))
+        return null;
+    try {
+        const data = JSON.parse(readFileSync(p, 'utf-8'));
+        return data.serverUrl ?? null;
+    }
+    catch {
+        return null;
+    }
+}
+function deleteSessionFile() {
+    const p = getSessionFilePath();
+    if (!existsSync(p))
+        return false;
+    unlinkSync(p);
+    return true;
+}
+//# sourceMappingURL=keychain.js.map

package/dist/lib/keychain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keychain.js","sourceRoot":"","sources":["../../src/lib/keychain.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EACN,UAAU,EACV,SAAS,EACT,YAAY,EACZ,UAAU,EACV,UAAU,EACV,aAAa,GACb,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,8EAA8E;AAC9E,0CAA0C;AAC1C,EAAE;AACF,yEAAyE;AACzE,mEAAmE;AACnE,EAAE;AACF,yEAAyE;AACzE,yEAAyE;AACzE,qDAAqD;AACrD,EAAE;AACF,0EAA0E;AAC1E,iEAAiE;AACjE,yEAAyE;AACzE,EAAE;AACF,sEAAsE;AACtE,mEAAmE;AACnE,8EAA8E;AAE9E,MAAM,YAAY,GAAG,QAAQ,CAAC;AAE9B,8EAA8E;AAC9E,wBAAwB;AACxB,8EAA8E;AAE9E,uEAAuE;AACvE,qEAAqE;AACrE,+DAA+D;AAE/D,MAAM,CAAC,KAAK,UAAU,YAAY,CACjC,KAAa,EACb,SAAkB,EAClB,YAAqB;IAErB,kBAAkB,CAAC,KAAK,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU;IAC/B,OAAO,mBAAmB,EAAE,CAAC;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACpC,OAAO,wBAAwB,EAAE,CAAC;AACnC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa;IAClC,OAAO,iBAAiB,EAAE,CAAC;AAC5B,CAAC;AAED,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E,MAAM,CAAC,KAAK,UAAU,cAAc,CACnC,UAAkB,EAClB,WAAmB,EACnB,SAA8B,UAAU;IAExC,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;QAC3B,cAAc,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QACxC,OAAO;IACR,CAAC;IACD,oBAAoB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AAC/C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,UAAkB;IACpD,IAAI,OAAO,EAAE,EAAE,CAAC;QACf,IAAI,CAAC;YACJ,OAAO,cAAc,CAAC,UAAU,CAAC,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACR,mEAAmE;QACpE,CAAC;IACF,CAAC;IACD,OAAO,qBAAqB,CAAC,UAAU,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,UAAkB;IACvD,IAAI,OAAO,EAAE,EAAE,CAAC;QACf,IAAI,CAAC;YACJ,iBAAiB,CAAC,UAAU,CAAC,CAAC;YAC9B,OAAO,IAAI,CAAC;QACb,CAAC;QAAC,MAAM,CAAC;YACR,uBAAuB;QACxB,CAAC;IACF,CAAC;IACD,OAAO,mBAAmB,CAAC,UAAU,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACxC,IAAI,CAAC,OAAO,EAAE;QAAE,OAAO,KAAK,CAAC;IAC7B,IAAI,CAAC;QACJ,YAAY,CAAC,UAAU,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC;IACb,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,KAAK,CAAC;IACd,CAAC;AACF,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,SAAS,OAAO;IACf,OAAO,QAAQ,EAAE,KAAK,QAAQ,CAAC;AAChC,CAAC;AAED,SAAS,cAAc,CAAC,OAAe,EAAE,MAAc;IACtD,mFAAmF;IACnF,8EAA8E;IAC9E,mFAAmF;IACnF,kEAAkE;IAClE,YAAY,CACX,UAAU,EACV;QACC,sBAAsB;QACtB,IAAI;QACJ,IAAI;QACJ,YAAY;QACZ,IAAI;QACJ,OAAO;QACP,IAAI;QACJ,MAAM;QACN,IAAI;QACJ,EAAE;QACF,IAAI;QACJ,sBAAsB;KACtB,EACD,EAAE,KAAK,EAAE,QAAQ,EAAE,CACnB,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,OAAe;IACtC,IAAI,CAAC;QACJ,MAAM,MAAM,GAAG,YAAY,CAC1B,UAAU,EACV,CAAC,uBAAuB,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,EAClE,EAAE,QAAQ,EAAE,OAAO,EAAE,CACrB,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,EAAE,IAAI,IAAI,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;AACF,CAAC;AAED,SAAS,iBAAiB,CAAC,OAAe;IACzC,YAAY,CAAC,UAAU,EAAE,CAAC,yBAAyB,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,CAAC,EAAE;QACxF,KAAK,EAAE,QAAQ;KACf,CAAC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,4DAA4D;AAC5D,8EAA8E;AAE9E,SAAS,oBAAoB,CAAC,UAAkB;IAC/C,OAAO,IAAI,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,GAAG,UAAU,aAAa,CAAC,CAAC;AACpE,CAAC;AAED,SAAS,oBAAoB,CAAC,UAAkB,EAAE,WAAmB;IACpE,MAAM,CAAC,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC;IAC3B,aAAa,CAAC,OAAO,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACrD,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,qBAAqB,CAAC,UAAkB;IAChD,MAAM,CAAC,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,mBAAmB,CAAC,UAAkB;IAC9C,MAAM,CAAC,GAAG,oBAAoB,CAAC,UAAU,CAAC,CAAC;IAC3C,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IACjC,UAAU,CAAC,CAAC,CAAC,CAAC;IACd,OAAO,IAAI,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,8BAA8B;AAC9B,8EAA8E;AAE9E,SAAS,kBAAkB;IAC1B,OAAO,IAAI,CAAC,YAAY,EAAE,EAAE,cAAc,CAAC,CAAC;AAC7C,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAa,EAAE,SAAkB,EAAE,YAAqB;IACnF,MAAM,GAAG,GAAG,YAAY,EAAE,CAAC;IAC3B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAClD,CAAC;IACD,MAAM,CAAC,GAAG,kBAAkB,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC;IAC3B,MAAM,OAAO,GAA2B,EAAE,KAAK,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;IACvF,IAAI,SAAS;QAAE,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC;IAC7C,IAAI,YAAY;QAAE,OAAO,CAAC,YAAY,GAAG,YAAY,CAAC;IACtD,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACjE,UAAU,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,mBAAmB;IAC3B,MAAM,CAAC,GAAG,kBAAkB,EAAE,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAChC,IAAI,CAAC;QACJ,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAuB,CAAC;QACxE,OAAO,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;AACF,CAAC;AAED,SAAS,wBAAwB;IAChC,MAAM,CAAC,GAAG,kBAAkB,EAAE,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAChC,IAAI,CAAC;QACJ,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAA8B,CAAC;QAC/E,OAAO,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;AACF,CAAC;AAED,2EAA2E;AAC3E,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACxC,MAAM,CAAC,GAAG,kBAAkB,EAAE,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAChC,IAAI,CAAC;QACJ,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAA2B,CAAC;QAC5E,OAAO,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;AACF,CAAC;AAED,SAAS,iBAAiB;IACzB,MAAM,CAAC,GAAG,kBAAkB,EAAE,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IACjC,UAAU,CAAC,CAAC,CAAC,CAAC;IACd,OAAO,IAAI,CAAC;AACb,CAAC"}

package/dist/lib/policy-conversions.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Policy conversion utilities for the CLI.
+ * Mirrors the app's policy-builder/conversions.ts but for CLI use.
+ */
+export type FormValues = Record<string, Record<string, unknown>>;
+export type EnabledMap = Record<string, boolean>;
+/**
+ * Convert form state → PolicyRule[] for the API.
+ * Reject rules first, then one accept rule with all AND'd criteria.
+ */
+export declare function buildRules(values: FormValues, enabled: EnabledMap): Record<string, unknown>[];
+/**
+ * Parse a PolicyRule[] back to form state.
+ */
+export declare function parseFormValues(rules: Record<string, unknown>[]): {
+    values: FormValues;
+    enabled: EnabledMap;
+};
+//# sourceMappingURL=policy-conversions.d.ts.map

package/dist/lib/policy-conversions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policy-conversions.d.ts","sourceRoot":"","sources":["../../src/lib/policy-conversions.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAKH,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AACjE,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAEjD;;;GAGG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,CA4B7F;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG;IAClE,MAAM,EAAE,UAAU,CAAC;IACnB,OAAO,EAAE,UAAU,CAAC;CACpB,CA2BA"}