agentmask 0.1.0

package/dist/index.js

@@ -0,0 +1,410 @@
+// src/gitleaks/binary.ts
+import { existsSync, mkdirSync, chmodSync, createWriteStream, unlinkSync } from "fs";
+import { join } from "path";
+import { execSync } from "child_process";
+import { pipeline } from "stream/promises";
+import { extract } from "tar";
+var GITLEAKS_VERSION = "8.22.1";
+var CACHE_DIR = join(
+  process.env.HOME ?? process.env.USERPROFILE ?? "/tmp",
+  ".agentmask",
+  "bin"
+);
+async function getGitleaksBinary() {
+  const systemBin = findInPath();
+  if (systemBin) return systemBin;
+  const cachedBin = join(CACHE_DIR, "gitleaks");
+  if (existsSync(cachedBin)) return cachedBin;
+  console.log(`gitleaks not found. Downloading v${GITLEAKS_VERSION}...`);
+  await downloadGitleaks(cachedBin);
+  return cachedBin;
+}
+function isGitleaksAvailable() {
+  if (findInPath()) return true;
+  const cachedBin = join(CACHE_DIR, "gitleaks");
+  return existsSync(cachedBin);
+}
+function findInPath() {
+  try {
+    const path = execSync("which gitleaks", {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"]
+    }).trim();
+    if (path && existsSync(path)) return path;
+  } catch {
+  }
+  return null;
+}
+async function downloadGitleaks(destPath) {
+  const { platform, arch } = getPlatformArch();
+  const filename = `gitleaks_${GITLEAKS_VERSION}_${platform}_${arch}.tar.gz`;
+  const url = `https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/${filename}`;
+  mkdirSync(CACHE_DIR, { recursive: true });
+  const tmpTarball = join(CACHE_DIR, `gitleaks-download.tar.gz`);
+  try {
+    const response = await fetch(url, { redirect: "follow" });
+    if (!response.ok || !response.body) {
+      throw new Error(`Download failed: ${response.status} ${response.statusText}`);
+    }
+    const fileStream = createWriteStream(tmpTarball);
+    await pipeline(response.body, fileStream);
+    await extract({
+      file: tmpTarball,
+      cwd: CACHE_DIR,
+      filter: (path) => path === "gitleaks"
+    });
+    chmodSync(destPath, 493);
+    console.log(`  Downloaded gitleaks v${GITLEAKS_VERSION} \u2192 ${destPath}`);
+  } finally {
+    try {
+      unlinkSync(tmpTarball);
+    } catch {
+    }
+  }
+}
+function getPlatformArch() {
+  const platform = process.platform === "darwin" ? "darwin" : process.platform === "linux" ? "linux" : process.platform === "win32" ? "windows" : process.platform;
+  const arch = process.arch === "arm64" ? "arm64" : process.arch === "x64" ? "x64" : process.arch;
+  return { platform, arch };
+}
+
+// src/gitleaks/runner.ts
+import { execFileSync } from "child_process";
+import { readFileSync, writeFileSync, mkdirSync as mkdirSync2, unlinkSync as unlinkSync2, rmSync } from "fs";
+import { join as join2 } from "path";
+import { tmpdir } from "os";
+import { randomBytes } from "crypto";
+async function scanDir(dirPath, options) {
+  const bin = await getGitleaksBinary();
+  const reportPath = tempPath("agentmask-report", ".json");
+  try {
+    const args = [
+      "dir",
+      dirPath,
+      "--report-format",
+      "json",
+      "--report-path",
+      reportPath,
+      "--no-banner",
+      "--exit-code",
+      "0"
+    ];
+    if (options?.configPath) {
+      args.push("--config", options.configPath);
+    }
+    execFileSync(bin, args, {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"],
+      timeout: 6e4
+    });
+    return readReport(reportPath);
+  } finally {
+    tryUnlink(reportPath);
+  }
+}
+async function scanFile(filePath) {
+  const bin = await getGitleaksBinary();
+  const reportPath = tempPath("agentmask-report", ".json");
+  try {
+    execFileSync(bin, [
+      "dir",
+      filePath,
+      "--report-format",
+      "json",
+      "--report-path",
+      reportPath,
+      "--no-banner",
+      "--exit-code",
+      "0"
+    ], {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"],
+      timeout: 1e4
+    });
+    return readReport(reportPath);
+  } finally {
+    tryUnlink(reportPath);
+  }
+}
+async function scanContent(content, filename) {
+  const bin = await getGitleaksBinary();
+  const scanDir2 = join2(tmpdir(), `agentmask-scan-${randomBytes(4).toString("hex")}`);
+  const scanFile2 = join2(scanDir2, filename ?? "content.txt");
+  const reportPath = tempPath("agentmask-report", ".json");
+  try {
+    mkdirSync2(scanDir2, { recursive: true });
+    writeFileSync(scanFile2, content);
+    execFileSync(bin, [
+      "dir",
+      scanDir2,
+      "--report-format",
+      "json",
+      "--report-path",
+      reportPath,
+      "--no-banner",
+      "--exit-code",
+      "0"
+    ], {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"],
+      timeout: 1e4
+    });
+    return readReport(reportPath);
+  } finally {
+    tryUnlink(reportPath);
+    try {
+      rmSync(scanDir2, { recursive: true, force: true });
+    } catch {
+    }
+  }
+}
+async function scanStaged(cwd) {
+  const bin = await getGitleaksBinary();
+  const reportPath = tempPath("agentmask-report", ".json");
+  try {
+    execFileSync(bin, [
+      "git",
+      "--staged",
+      "--report-format",
+      "json",
+      "--report-path",
+      reportPath,
+      "--no-banner",
+      "--exit-code",
+      "0"
+    ], {
+      cwd,
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"],
+      timeout: 3e4
+    });
+    return readReport(reportPath);
+  } finally {
+    tryUnlink(reportPath);
+  }
+}
+function readReport(reportPath) {
+  try {
+    const raw = readFileSync(reportPath, "utf-8");
+    const findings = JSON.parse(raw);
+    return Array.isArray(findings) ? findings : [];
+  } catch {
+    return [];
+  }
+}
+function tempPath(prefix, ext) {
+  return join2(tmpdir(), `${prefix}-${randomBytes(4).toString("hex")}${ext}`);
+}
+function tryUnlink(path) {
+  try {
+    unlinkSync2(path);
+  } catch {
+  }
+}
+
+// src/hooks/blocklist.ts
+import { existsSync as existsSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2, mkdirSync as mkdirSync3, unlinkSync as unlinkSync3 } from "fs";
+import { join as join3, dirname, resolve } from "path";
+var BLOCKLIST_FILENAME = "agentmask-blocklist.json";
+function getBlocklistPath(cwd) {
+  return join3(cwd, ".claude", BLOCKLIST_FILENAME);
+}
+function loadBlocklist(cwd) {
+  const filePath = getBlocklistPath(cwd);
+  try {
+    if (existsSync2(filePath)) {
+      return JSON.parse(readFileSync2(filePath, "utf-8"));
+    }
+  } catch {
+  }
+  return { files: {} };
+}
+function saveBlocklist(cwd, data) {
+  const filePath = getBlocklistPath(cwd);
+  mkdirSync3(dirname(filePath), { recursive: true });
+  writeFileSync2(filePath, JSON.stringify(data, null, 2) + "\n");
+}
+function isInBlocklist(filePath, cwd) {
+  const data = loadBlocklist(cwd);
+  const normalized = filePath.replace(/\\/g, "/");
+  if (data.files[normalized]) return data.files[normalized];
+  const resolved = resolve(cwd, filePath).replace(/\\/g, "/");
+  const cwdNorm = cwd.replace(/\\/g, "/");
+  const relative = resolved.startsWith(cwdNorm + "/") ? resolved.slice(cwdNorm.length + 1) : null;
+  if (relative && data.files[relative]) return data.files[relative];
+  for (const [blockedPath, entry] of Object.entries(data.files)) {
+    if (normalized.endsWith("/" + blockedPath) || normalized === blockedPath) {
+      return entry;
+    }
+    if (resolved.endsWith("/" + blockedPath) || resolved === blockedPath) {
+      return entry;
+    }
+  }
+  return void 0;
+}
+function addToBlocklist(filePath, secretDescriptions, cwd) {
+  const data = loadBlocklist(cwd);
+  const normalized = filePath.replace(/\\/g, "/");
+  const resolved = resolve(cwd, normalized).replace(/\\/g, "/");
+  const cwdNorm = cwd.replace(/\\/g, "/");
+  const key = resolved.startsWith(cwdNorm + "/") ? resolved.slice(cwdNorm.length + 1) : normalized;
+  const existing = data.files[key];
+  if (existing) {
+    const newSecrets = secretDescriptions.filter(
+      (s) => !existing.secrets.includes(s)
+    );
+    existing.secrets.push(...newSecrets);
+    existing.addedAt = (/* @__PURE__ */ new Date()).toISOString();
+  } else {
+    data.files[key] = {
+      secrets: secretDescriptions,
+      addedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+  }
+  saveBlocklist(cwd, data);
+}
+function removeFromBlocklist(filePath, cwd) {
+  const data = loadBlocklist(cwd);
+  const normalized = filePath.replace(/\\/g, "/");
+  if (data.files[normalized]) {
+    delete data.files[normalized];
+    saveBlocklist(cwd, data);
+    return true;
+  }
+  const resolved = resolve(cwd, filePath).replace(/\\/g, "/");
+  const cwdNorm = cwd.replace(/\\/g, "/");
+  const relative = resolved.startsWith(cwdNorm + "/") ? resolved.slice(cwdNorm.length + 1) : null;
+  if (relative && data.files[relative]) {
+    delete data.files[relative];
+    saveBlocklist(cwd, data);
+    return true;
+  }
+  for (const key of Object.keys(data.files)) {
+    if (normalized.endsWith("/" + key) || normalized === key) {
+      delete data.files[key];
+      saveBlocklist(cwd, data);
+      return true;
+    }
+  }
+  return false;
+}
+
+// src/scanner/file-patterns.ts
+import { minimatch } from "minimatch";
+import { basename } from "path";
+var DEFAULT_BLOCKED_PATTERNS = [
+  // Environment files
+  ".env",
+  ".env.*",
+  "**/.env",
+  "**/.env.*",
+  // Credential files
+  "**/credentials.json",
+  "**/serviceAccountKey.json",
+  "**/service-account*.json",
+  // Key files
+  "**/*.pem",
+  "**/*.key",
+  "**/*.p12",
+  "**/*.pfx",
+  // SSH keys
+  "**/id_rsa",
+  "**/id_ed25519",
+  "**/id_ecdsa",
+  "**/id_dsa",
+  // Auth config files
+  "**/.netrc",
+  "**/.npmrc",
+  "**/.pypirc",
+  "**/.docker/config.json",
+  "**/.kube/config",
+  "**/kubeconfig",
+  // Cloud provider credentials
+  "**/.aws/credentials",
+  "**/.aws/config",
+  "**/.azure/credentials",
+  "**/.gcloud/*.json",
+  // Other
+  "**/.htpasswd",
+  "**/secrets.yml",
+  "**/secrets.yaml",
+  "**/secrets.json"
+];
+function isBlockedPath(filePath, blockedPatterns = DEFAULT_BLOCKED_PATTERNS) {
+  const normalized = filePath.replace(/\\/g, "/");
+  const base = basename(normalized);
+  for (const pattern of blockedPatterns) {
+    if (minimatch(normalized, pattern, { dot: true })) return true;
+    if (minimatch(base, pattern, { dot: true })) return true;
+  }
+  return false;
+}
+function isAllowlistedPath(filePath, allowlistPatterns) {
+  if (allowlistPatterns.length === 0) return false;
+  const normalized = filePath.replace(/\\/g, "/");
+  for (const pattern of allowlistPatterns) {
+    if (minimatch(normalized, pattern, { dot: true })) return true;
+  }
+  return false;
+}
+
+// src/config/loader.ts
+import { readFile } from "fs/promises";
+import { join as join4 } from "path";
+import { parse as parseTOML } from "smol-toml";
+var CONFIG_FILENAMES = [".agentmask.toml", "agentmask.toml"];
+async function loadConfig(projectDir) {
+  const projectConfig = await loadConfigFrom(projectDir);
+  const homeConfig = await loadConfigFrom(
+    join4(process.env.HOME ?? "~", ".config", "agentmask")
+  );
+  return mergeConfigs(homeConfig, projectConfig);
+}
+async function loadConfigFrom(dir) {
+  for (const filename of CONFIG_FILENAMES) {
+    try {
+      const content = await readFile(join4(dir, filename), "utf-8");
+      return parseTOML(content);
+    } catch {
+    }
+  }
+  return {};
+}
+function mergeConfigs(base, override) {
+  return {
+    scan: {
+      blocked_paths: [
+        ...base.scan?.blocked_paths ?? [],
+        ...override.scan?.blocked_paths ?? []
+      ]
+    },
+    rules: [...base.rules ?? [], ...override.rules ?? []],
+    allowlists: [...base.allowlists ?? [], ...override.allowlists ?? []]
+  };
+}
+function getAllowlistedPaths(config) {
+  return (config.allowlists ?? []).flatMap((a) => a.paths ?? []);
+}
+function getStopwords(config) {
+  return (config.allowlists ?? []).flatMap((a) => a.stopwords ?? []);
+}
+export {
+  DEFAULT_BLOCKED_PATTERNS,
+  addToBlocklist,
+  getAllowlistedPaths,
+  getGitleaksBinary,
+  getStopwords,
+  isAllowlistedPath,
+  isBlockedPath,
+  isGitleaksAvailable,
+  isInBlocklist,
+  loadBlocklist,
+  loadConfig,
+  removeFromBlocklist,
+  saveBlocklist,
+  scanContent,
+  scanDir,
+  scanFile,
+  scanStaged
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/gitleaks/binary.ts","../src/gitleaks/runner.ts","../src/hooks/blocklist.ts","../src/scanner/file-patterns.ts","../src/config/loader.ts"],"sourcesContent":["import { existsSync, mkdirSync, chmodSync, createWriteStream, unlinkSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport { execSync } from \"node:child_process\";\nimport { pipeline } from \"node:stream/promises\";\nimport { createGunzip } from \"node:zlib\";\nimport { extract } from \"tar\";\n\n/**\n * Pinned gitleaks version. Update this when testing against a new release.\n */\nconst GITLEAKS_VERSION = \"8.22.1\";\n\n/**\n * Where we cache the downloaded binary.\n */\nconst CACHE_DIR = join(\n  process.env.HOME ?? process.env.USERPROFILE ?? \"/tmp\",\n  \".agentmask\",\n  \"bin\",\n);\n\n/**\n * Find the gitleaks binary. Checks in order:\n * 1. System PATH (user already has it installed)\n * 2. Our cache directory (previously downloaded)\n * 3. Downloads it automatically\n */\nexport async function getGitleaksBinary(): Promise<string> {\n  // 1. Check system PATH\n  const systemBin = findInPath();\n  if (systemBin) return systemBin;\n\n  // 2. Check cache\n  const cachedBin = join(CACHE_DIR, \"gitleaks\");\n  if (existsSync(cachedBin)) return cachedBin;\n\n  // 3. Download\n  console.log(`gitleaks not found. Downloading v${GITLEAKS_VERSION}...`);\n  await downloadGitleaks(cachedBin);\n  return cachedBin;\n}\n\n/**\n * Check if gitleaks is available without downloading.\n */\nexport function isGitleaksAvailable(): boolean {\n  if (findInPath()) return true;\n  const cachedBin = join(CACHE_DIR, \"gitleaks\");\n  return existsSync(cachedBin);\n}\n\nfunction findInPath(): string | null {\n  try {\n    const path = execSync(\"which gitleaks\", {\n      encoding: \"utf-8\",\n      stdio: [\"pipe\", \"pipe\", \"pipe\"],\n    }).trim();\n    if (path && existsSync(path)) return path;\n  } catch {\n    // not in PATH\n  }\n  return null;\n}\n\nasync function downloadGitleaks(destPath: string): Promise<void> {\n  const { platform, arch } = getPlatformArch();\n  const filename = `gitleaks_${GITLEAKS_VERSION}_${platform}_${arch}.tar.gz`;\n  const url = `https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/${filename}`;\n\n  mkdirSync(CACHE_DIR, { recursive: true });\n\n  // Download to temp file\n  const tmpTarball = join(CACHE_DIR, `gitleaks-download.tar.gz`);\n\n  try {\n    const response = await fetch(url, { redirect: \"follow\" });\n    if (!response.ok || !response.body) {\n      throw new Error(`Download failed: ${response.status} ${response.statusText}`);\n    }\n\n    // Write tarball to disk\n    const fileStream = createWriteStream(tmpTarball);\n    // @ts-ignore - Node.js ReadableStream from fetch is compatible\n    await pipeline(response.body, fileStream);\n\n    // Extract the gitleaks binary from the tarball\n    await extract({\n      file: tmpTarball,\n      cwd: CACHE_DIR,\n      filter: (path) => path === \"gitleaks\",\n    });\n\n    // Make executable\n    chmodSync(destPath, 0o755);\n\n    console.log(`  Downloaded gitleaks v${GITLEAKS_VERSION} → ${destPath}`);\n  } finally {\n    // Clean up tarball\n    try {\n      unlinkSync(tmpTarball);\n    } catch {}\n  }\n}\n\nfunction getPlatformArch(): { platform: string; arch: string } {\n  const platform =\n    process.platform === \"darwin\"\n      ? \"darwin\"\n      : process.platform === \"linux\"\n        ? \"linux\"\n        : process.platform === \"win32\"\n          ? \"windows\"\n          : process.platform;\n\n  const arch =\n    process.arch === \"arm64\"\n      ? \"arm64\"\n      : process.arch === \"x64\"\n        ? \"x64\"\n        : process.arch;\n\n  return { platform, arch };\n}\n","import { execSync, execFileSync } from \"node:child_process\";\nimport { readFileSync, writeFileSync, mkdirSync, unlinkSync, rmSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport { tmpdir } from \"node:os\";\nimport { randomBytes } from \"node:crypto\";\nimport { getGitleaksBinary } from \"./binary.js\";\n\n/**\n * A single finding from gitleaks JSON output.\n */\nexport interface GitleaksFinding {\n  RuleID: string;\n  Description: string;\n  StartLine: number;\n  EndLine: number;\n  StartColumn: number;\n  EndColumn: number;\n  Match: string;\n  Secret: string;\n  File: string;\n  Entropy: number;\n  Fingerprint: string;\n}\n\n/**\n * Scan a directory for secrets.\n */\nexport async function scanDir(\n  dirPath: string,\n  options?: { configPath?: string },\n): Promise<GitleaksFinding[]> {\n  const bin = await getGitleaksBinary();\n  const reportPath = tempPath(\"agentmask-report\", \".json\");\n\n  try {\n    const args = [\n      \"dir\",\n      dirPath,\n      \"--report-format\", \"json\",\n      \"--report-path\", reportPath,\n      \"--no-banner\",\n      \"--exit-code\", \"0\",\n    ];\n    if (options?.configPath) {\n      args.push(\"--config\", options.configPath);\n    }\n\n    execFileSync(bin, args, {\n      encoding: \"utf-8\",\n      stdio: [\"pipe\", \"pipe\", \"pipe\"],\n      timeout: 60_000,\n    });\n\n    return readReport(reportPath);\n  } finally {\n    tryUnlink(reportPath);\n  }\n}\n\n/**\n * Scan a single file for secrets.\n */\nexport async function scanFile(filePath: string): Promise<GitleaksFinding[]> {\n  const bin = await getGitleaksBinary();\n  const reportPath = tempPath(\"agentmask-report\", \".json\");\n\n  try {\n    execFileSync(bin, [\n      \"dir\",\n      filePath,\n      \"--report-format\", \"json\",\n      \"--report-path\", reportPath,\n      \"--no-banner\",\n      \"--exit-code\", \"0\",\n    ], {\n      encoding: \"utf-8\",\n      stdio: [\"pipe\", \"pipe\", \"pipe\"],\n      timeout: 10_000,\n    });\n\n    return readReport(reportPath);\n  } finally {\n    tryUnlink(reportPath);\n  }\n}\n\n/**\n * Scan arbitrary content by writing to a temp file.\n * Used by pre-write hook (scan content before it's written)\n * and post-scan hook (scan tool output).\n */\nexport async function scanContent(\n  content: string,\n  filename?: string,\n): Promise<GitleaksFinding[]> {\n  const bin = await getGitleaksBinary();\n  const scanDir = join(tmpdir(), `agentmask-scan-${randomBytes(4).toString(\"hex\")}`);\n  const scanFile = join(scanDir, filename ?? \"content.txt\");\n  const reportPath = tempPath(\"agentmask-report\", \".json\");\n\n  try {\n    mkdirSync(scanDir, { recursive: true });\n    writeFileSync(scanFile, content);\n\n    execFileSync(bin, [\n      \"dir\",\n      scanDir,\n      \"--report-format\", \"json\",\n      \"--report-path\", reportPath,\n      \"--no-banner\",\n      \"--exit-code\", \"0\",\n    ], {\n      encoding: \"utf-8\",\n      stdio: [\"pipe\", \"pipe\", \"pipe\"],\n      timeout: 10_000,\n    });\n\n    return readReport(reportPath);\n  } finally {\n    tryUnlink(reportPath);\n    try { rmSync(scanDir, { recursive: true, force: true }); } catch {}\n  }\n}\n\n/**\n * Scan git staged files for secrets.\n */\nexport async function scanStaged(cwd: string): Promise<GitleaksFinding[]> {\n  const bin = await getGitleaksBinary();\n  const reportPath = tempPath(\"agentmask-report\", \".json\");\n\n  try {\n    execFileSync(bin, [\n      \"git\",\n      \"--staged\",\n      \"--report-format\", \"json\",\n      \"--report-path\", reportPath,\n      \"--no-banner\",\n      \"--exit-code\", \"0\",\n    ], {\n      cwd,\n      encoding: \"utf-8\",\n      stdio: [\"pipe\", \"pipe\", \"pipe\"],\n      timeout: 30_000,\n    });\n\n    return readReport(reportPath);\n  } finally {\n    tryUnlink(reportPath);\n  }\n}\n\nfunction readReport(reportPath: string): GitleaksFinding[] {\n  try {\n    const raw = readFileSync(reportPath, \"utf-8\");\n    const findings = JSON.parse(raw);\n    return Array.isArray(findings) ? findings : [];\n  } catch {\n    return [];\n  }\n}\n\nfunction tempPath(prefix: string, ext: string): string {\n  return join(tmpdir(), `${prefix}-${randomBytes(4).toString(\"hex\")}${ext}`);\n}\n\nfunction tryUnlink(path: string): void {\n  try { unlinkSync(path); } catch {}\n}\n","import { existsSync, readFileSync, writeFileSync, mkdirSync, unlinkSync } from \"node:fs\";\nimport { join, dirname, resolve } from \"node:path\";\n\n/**\n * Dynamic blocklist — files where secrets have been detected.\n *\n * Built at init time by scanning the entire repo (Tier 1 rules only).\n * Updated at runtime by post-scan when secrets are found in new files.\n * Checked by pre-read to block files before they enter context.\n */\n\nexport interface BlocklistEntry {\n  secrets: string[];\n  addedAt: string;\n}\n\nexport interface BlocklistData {\n  /** Map of relative file path → entry */\n  files: Record<string, BlocklistEntry>;\n}\n\nconst BLOCKLIST_FILENAME = \"agentmask-blocklist.json\";\n\nexport function getBlocklistPath(cwd: string): string {\n  return join(cwd, \".claude\", BLOCKLIST_FILENAME);\n}\n\nexport function loadBlocklist(cwd: string): BlocklistData {\n  const filePath = getBlocklistPath(cwd);\n  try {\n    if (existsSync(filePath)) {\n      return JSON.parse(readFileSync(filePath, \"utf-8\"));\n    }\n  } catch {\n    // Corrupted — start fresh\n  }\n  return { files: {} };\n}\n\nexport function saveBlocklist(cwd: string, data: BlocklistData): void {\n  const filePath = getBlocklistPath(cwd);\n  mkdirSync(dirname(filePath), { recursive: true });\n  writeFileSync(filePath, JSON.stringify(data, null, 2) + \"\\n\");\n}\n\n/**\n * Check if a file path is in the dynamic blocklist.\n * Matches by exact relative path or by filename suffix.\n */\nexport function isInBlocklist(\n  filePath: string,\n  cwd: string,\n): BlocklistEntry | undefined {\n  const data = loadBlocklist(cwd);\n  const normalized = filePath.replace(/\\\\/g, \"/\");\n\n  // Try exact match\n  if (data.files[normalized]) return data.files[normalized];\n\n  // Try relative to cwd\n  const resolved = resolve(cwd, filePath).replace(/\\\\/g, \"/\");\n  const cwdNorm = cwd.replace(/\\\\/g, \"/\");\n  const relative = resolved.startsWith(cwdNorm + \"/\")\n    ? resolved.slice(cwdNorm.length + 1)\n    : null;\n  if (relative && data.files[relative]) return data.files[relative];\n\n  // Try matching by suffix (handles absolute vs relative path differences)\n  for (const [blockedPath, entry] of Object.entries(data.files)) {\n    if (normalized.endsWith(\"/\" + blockedPath) || normalized === blockedPath) {\n      return entry;\n    }\n    if (resolved.endsWith(\"/\" + blockedPath) || resolved === blockedPath) {\n      return entry;\n    }\n  }\n\n  return undefined;\n}\n\n/**\n * Add a file to the blocklist.\n */\nexport function addToBlocklist(\n  filePath: string,\n  secretDescriptions: string[],\n  cwd: string,\n): void {\n  const data = loadBlocklist(cwd);\n  const normalized = filePath.replace(/\\\\/g, \"/\");\n\n  // Make path relative to cwd if possible\n  const resolved = resolve(cwd, normalized).replace(/\\\\/g, \"/\");\n  const cwdNorm = cwd.replace(/\\\\/g, \"/\");\n  const key = resolved.startsWith(cwdNorm + \"/\")\n    ? resolved.slice(cwdNorm.length + 1)\n    : normalized;\n\n  const existing = data.files[key];\n  if (existing) {\n    const newSecrets = secretDescriptions.filter(\n      (s) => !existing.secrets.includes(s),\n    );\n    existing.secrets.push(...newSecrets);\n    existing.addedAt = new Date().toISOString();\n  } else {\n    data.files[key] = {\n      secrets: secretDescriptions,\n      addedAt: new Date().toISOString(),\n    };\n  }\n\n  saveBlocklist(cwd, data);\n}\n\n/**\n * Remove a file from the blocklist.\n */\nexport function removeFromBlocklist(filePath: string, cwd: string): boolean {\n  const data = loadBlocklist(cwd);\n  const normalized = filePath.replace(/\\\\/g, \"/\");\n\n  // Try exact key\n  if (data.files[normalized]) {\n    delete data.files[normalized];\n    saveBlocklist(cwd, data);\n    return true;\n  }\n\n  // Try relative resolution\n  const resolved = resolve(cwd, filePath).replace(/\\\\/g, \"/\");\n  const cwdNorm = cwd.replace(/\\\\/g, \"/\");\n  const relative = resolved.startsWith(cwdNorm + \"/\")\n    ? resolved.slice(cwdNorm.length + 1)\n    : null;\n  if (relative && data.files[relative]) {\n    delete data.files[relative];\n    saveBlocklist(cwd, data);\n    return true;\n  }\n\n  // Try suffix match\n  for (const key of Object.keys(data.files)) {\n    if (normalized.endsWith(\"/\" + key) || normalized === key) {\n      delete data.files[key];\n      saveBlocklist(cwd, data);\n      return true;\n    }\n  }\n\n  return false;\n}\n\n/**\n * Delete the blocklist file entirely.\n */\nexport function deleteBlocklist(cwd: string): boolean {\n  const filePath = getBlocklistPath(cwd);\n  if (existsSync(filePath)) {\n    unlinkSync(filePath);\n    return true;\n  }\n  return false;\n}\n","import { minimatch } from \"minimatch\";\nimport { basename, resolve } from \"node:path\";\n\n/**\n * Default file patterns that should always be blocked from direct reading.\n * These files are known to contain secrets.\n */\nexport const DEFAULT_BLOCKED_PATTERNS: string[] = [\n  // Environment files\n  \".env\",\n  \".env.*\",\n  \"**/.env\",\n  \"**/.env.*\",\n\n  // Credential files\n  \"**/credentials.json\",\n  \"**/serviceAccountKey.json\",\n  \"**/service-account*.json\",\n\n  // Key files\n  \"**/*.pem\",\n  \"**/*.key\",\n  \"**/*.p12\",\n  \"**/*.pfx\",\n\n  // SSH keys\n  \"**/id_rsa\",\n  \"**/id_ed25519\",\n  \"**/id_ecdsa\",\n  \"**/id_dsa\",\n\n  // Auth config files\n  \"**/.netrc\",\n  \"**/.npmrc\",\n  \"**/.pypirc\",\n  \"**/.docker/config.json\",\n  \"**/.kube/config\",\n  \"**/kubeconfig\",\n\n  // Cloud provider credentials\n  \"**/.aws/credentials\",\n  \"**/.aws/config\",\n  \"**/.azure/credentials\",\n  \"**/.gcloud/*.json\",\n\n  // Other\n  \"**/.htpasswd\",\n  \"**/secrets.yml\",\n  \"**/secrets.yaml\",\n  \"**/secrets.json\",\n];\n\n/**\n * Check if a file path matches any of the blocked patterns.\n */\nexport function isBlockedPath(\n  filePath: string,\n  blockedPatterns: string[] = DEFAULT_BLOCKED_PATTERNS,\n): boolean {\n  const normalized = filePath.replace(/\\\\/g, \"/\");\n  const base = basename(normalized);\n\n  for (const pattern of blockedPatterns) {\n    // Check against full path\n    if (minimatch(normalized, pattern, { dot: true })) return true;\n    // Check against just the filename (for patterns like \".env\")\n    if (minimatch(base, pattern, { dot: true })) return true;\n  }\n\n  return false;\n}\n\n/**\n * Check if a file path is in an allowlisted path.\n */\nexport function isAllowlistedPath(\n  filePath: string,\n  allowlistPatterns: string[],\n): boolean {\n  if (allowlistPatterns.length === 0) return false;\n  const normalized = filePath.replace(/\\\\/g, \"/\");\n\n  for (const pattern of allowlistPatterns) {\n    if (minimatch(normalized, pattern, { dot: true })) return true;\n  }\n\n  return false;\n}\n\n/**\n * Check if a file is likely binary (should be skipped during scanning).\n */\nexport function isBinaryFile(filePath: string): boolean {\n  const ext = filePath.split(\".\").pop()?.toLowerCase();\n  return BINARY_EXTENSIONS.has(ext ?? \"\");\n}\n\nconst BINARY_EXTENSIONS = new Set([\n  \"png\", \"jpg\", \"jpeg\", \"gif\", \"bmp\", \"ico\", \"webp\", \"svg\",\n  \"mp3\", \"mp4\", \"avi\", \"mov\", \"mkv\", \"wav\", \"flac\",\n  \"zip\", \"tar\", \"gz\", \"bz2\", \"xz\", \"7z\", \"rar\",\n  \"exe\", \"dll\", \"so\", \"dylib\", \"bin\",\n  \"pdf\", \"doc\", \"docx\", \"xls\", \"xlsx\",\n  \"woff\", \"woff2\", \"ttf\", \"eot\", \"otf\",\n  \"pyc\", \"pyo\", \"class\", \"o\", \"obj\",\n  \"sqlite\", \"db\", \"sqlite3\",\n]);\n","import { readFile } from \"node:fs/promises\";\nimport { join } from \"node:path\";\nimport { parse as parseTOML } from \"smol-toml\";\nimport type { AgentmaskConfig, AllowlistEntry } from \"../scanner/types.js\";\n\nconst CONFIG_FILENAMES = [\".agentmask.toml\", \"agentmask.toml\"];\n\n/**\n * Load and merge configuration from project root and user home.\n */\nexport async function loadConfig(\n  projectDir: string,\n): Promise<AgentmaskConfig> {\n  const projectConfig = await loadConfigFrom(projectDir);\n  const homeConfig = await loadConfigFrom(\n    join(process.env.HOME ?? \"~\", \".config\", \"agentmask\"),\n  );\n\n  return mergeConfigs(homeConfig, projectConfig);\n}\n\nasync function loadConfigFrom(dir: string): Promise<AgentmaskConfig> {\n  for (const filename of CONFIG_FILENAMES) {\n    try {\n      const content = await readFile(join(dir, filename), \"utf-8\");\n      return parseTOML(content) as unknown as AgentmaskConfig;\n    } catch {\n      // File doesn't exist or isn't valid TOML — skip\n    }\n  }\n  return {};\n}\n\nfunction mergeConfigs(\n  base: AgentmaskConfig,\n  override: AgentmaskConfig,\n): AgentmaskConfig {\n  return {\n    scan: {\n      blocked_paths: [\n        ...(base.scan?.blocked_paths ?? []),\n        ...(override.scan?.blocked_paths ?? []),\n      ],\n    },\n    rules: [...(base.rules ?? []), ...(override.rules ?? [])],\n    allowlists: [...(base.allowlists ?? []), ...(override.allowlists ?? [])],\n  };\n}\n\n/**\n * Get all allowlisted paths from config.\n */\nexport function getAllowlistedPaths(config: AgentmaskConfig): string[] {\n  return (config.allowlists ?? []).flatMap((a: AllowlistEntry) => a.paths ?? []);\n}\n\n/**\n * Get all stopwords from config.\n */\nexport function getStopwords(config: AgentmaskConfig): string[] {\n  return (config.allowlists ?? []).flatMap((a: AllowlistEntry) => a.stopwords ?? []);\n}\n"],"mappings":";AAAA,SAAS,YAAY,WAAW,WAAW,mBAAmB,kBAAkB;AAChF,SAAS,YAAY;AACrB,SAAS,gBAAgB;AACzB,SAAS,gBAAgB;AAEzB,SAAS,eAAe;AAKxB,IAAM,mBAAmB;AAKzB,IAAM,YAAY;AAAA,EAChB,QAAQ,IAAI,QAAQ,QAAQ,IAAI,eAAe;AAAA,EAC/C;AAAA,EACA;AACF;AAQA,eAAsB,oBAAqC;AAEzD,QAAM,YAAY,WAAW;AAC7B,MAAI,UAAW,QAAO;AAGtB,QAAM,YAAY,KAAK,WAAW,UAAU;AAC5C,MAAI,WAAW,SAAS,EAAG,QAAO;AAGlC,UAAQ,IAAI,oCAAoC,gBAAgB,KAAK;AACrE,QAAM,iBAAiB,SAAS;AAChC,SAAO;AACT;AAKO,SAAS,sBAA+B;AAC7C,MAAI,WAAW,EAAG,QAAO;AACzB,QAAM,YAAY,KAAK,WAAW,UAAU;AAC5C,SAAO,WAAW,SAAS;AAC7B;AAEA,SAAS,aAA4B;AACnC,MAAI;AACF,UAAM,OAAO,SAAS,kBAAkB;AAAA,MACtC,UAAU;AAAA,MACV,OAAO,CAAC,QAAQ,QAAQ,MAAM;AAAA,IAChC,CAAC,EAAE,KAAK;AACR,QAAI,QAAQ,WAAW,IAAI,EAAG,QAAO;AAAA,EACvC,QAAQ;AAAA,EAER;AACA,SAAO;AACT;AAEA,eAAe,iBAAiB,UAAiC;AAC/D,QAAM,EAAE,UAAU,KAAK,IAAI,gBAAgB;AAC3C,QAAM,WAAW,YAAY,gBAAgB,IAAI,QAAQ,IAAI,IAAI;AACjE,QAAM,MAAM,2DAA2D,gBAAgB,IAAI,QAAQ;AAEnG,YAAU,WAAW,EAAE,WAAW,KAAK,CAAC;AAGxC,QAAM,aAAa,KAAK,WAAW,0BAA0B;AAE7D,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,KAAK,EAAE,UAAU,SAAS,CAAC;AACxD,QAAI,CAAC,SAAS,MAAM,CAAC,SAAS,MAAM;AAClC,YAAM,IAAI,MAAM,oBAAoB,SAAS,MAAM,IAAI,SAAS,UAAU,EAAE;AAAA,IAC9E;AAGA,UAAM,aAAa,kBAAkB,UAAU;AAE/C,UAAM,SAAS,SAAS,MAAM,UAAU;AAGxC,UAAM,QAAQ;AAAA,MACZ,MAAM;AAAA,MACN,KAAK;AAAA,MACL,QAAQ,CAAC,SAAS,SAAS;AAAA,IAC7B,CAAC;AAGD,cAAU,UAAU,GAAK;AAEzB,YAAQ,IAAI,0BAA0B,gBAAgB,WAAM,QAAQ,EAAE;AAAA,EACxE,UAAE;AAEA,QAAI;AACF,iBAAW,UAAU;AAAA,IACvB,QAAQ;AAAA,IAAC;AAAA,EACX;AACF;AAEA,SAAS,kBAAsD;AAC7D,QAAM,WACJ,QAAQ,aAAa,WACjB,WACA,QAAQ,aAAa,UACnB,UACA,QAAQ,aAAa,UACnB,YACA,QAAQ;AAElB,QAAM,OACJ,QAAQ,SAAS,UACb,UACA,QAAQ,SAAS,QACf,QACA,QAAQ;AAEhB,SAAO,EAAE,UAAU,KAAK;AAC1B;;;AC1HA,SAAmB,oBAAoB;AACvC,SAAS,cAAc,eAAe,aAAAA,YAAW,cAAAC,aAAY,cAAc;AAC3E,SAAS,QAAAC,aAAY;AACrB,SAAS,cAAc;AACvB,SAAS,mBAAmB;AAuB5B,eAAsB,QACpB,SACA,SAC4B;AAC5B,QAAM,MAAM,MAAM,kBAAkB;AACpC,QAAM,aAAa,SAAS,oBAAoB,OAAO;AAEvD,MAAI;AACF,UAAM,OAAO;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MAAmB;AAAA,MACnB;AAAA,MAAiB;AAAA,MACjB;AAAA,MACA;AAAA,MAAe;AAAA,IACjB;AACA,QAAI,SAAS,YAAY;AACvB,WAAK,KAAK,YAAY,QAAQ,UAAU;AAAA,IAC1C;AAEA,iBAAa,KAAK,MAAM;AAAA,MACtB,UAAU;AAAA,MACV,OAAO,CAAC,QAAQ,QAAQ,MAAM;AAAA,MAC9B,SAAS;AAAA,IACX,CAAC;AAED,WAAO,WAAW,UAAU;AAAA,EAC9B,UAAE;AACA,cAAU,UAAU;AAAA,EACtB;AACF;AAKA,eAAsB,SAAS,UAA8C;AAC3E,QAAM,MAAM,MAAM,kBAAkB;AACpC,QAAM,aAAa,SAAS,oBAAoB,OAAO;AAEvD,MAAI;AACF,iBAAa,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,MAAmB;AAAA,MACnB;AAAA,MAAiB;AAAA,MACjB;AAAA,MACA;AAAA,MAAe;AAAA,IACjB,GAAG;AAAA,MACD,UAAU;AAAA,MACV,OAAO,CAAC,QAAQ,QAAQ,MAAM;AAAA,MAC9B,SAAS;AAAA,IACX,CAAC;AAED,WAAO,WAAW,UAAU;AAAA,EAC9B,UAAE;AACA,cAAU,UAAU;AAAA,EACtB;AACF;AAOA,eAAsB,YACpB,SACA,UAC4B;AAC5B,QAAM,MAAM,MAAM,kBAAkB;AACpC,QAAMC,WAAUC,MAAK,OAAO,GAAG,kBAAkB,YAAY,CAAC,EAAE,SAAS,KAAK,CAAC,EAAE;AACjF,QAAMC,YAAWD,MAAKD,UAAS,YAAY,aAAa;AACxD,QAAM,aAAa,SAAS,oBAAoB,OAAO;AAEvD,MAAI;AACF,IAAAG,WAAUH,UAAS,EAAE,WAAW,KAAK,CAAC;AACtC,kBAAcE,WAAU,OAAO;AAE/B,iBAAa,KAAK;AAAA,MAChB;AAAA,MACAF;AAAA,MACA;AAAA,MAAmB;AAAA,MACnB;AAAA,MAAiB;AAAA,MACjB;AAAA,MACA;AAAA,MAAe;AAAA,IACjB,GAAG;AAAA,MACD,UAAU;AAAA,MACV,OAAO,CAAC,QAAQ,QAAQ,MAAM;AAAA,MAC9B,SAAS;AAAA,IACX,CAAC;AAED,WAAO,WAAW,UAAU;AAAA,EAC9B,UAAE;AACA,cAAU,UAAU;AACpB,QAAI;AAAE,aAAOA,UAAS,EAAE,WAAW,MAAM,OAAO,KAAK,CAAC;AAAA,IAAG,QAAQ;AAAA,IAAC;AAAA,EACpE;AACF;AAKA,eAAsB,WAAW,KAAyC;AACxE,QAAM,MAAM,MAAM,kBAAkB;AACpC,QAAM,aAAa,SAAS,oBAAoB,OAAO;AAEvD,MAAI;AACF,iBAAa,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,MAAmB;AAAA,MACnB;AAAA,MAAiB;AAAA,MACjB;AAAA,MACA;AAAA,MAAe;AAAA,IACjB,GAAG;AAAA,MACD;AAAA,MACA,UAAU;AAAA,MACV,OAAO,CAAC,QAAQ,QAAQ,MAAM;AAAA,MAC9B,SAAS;AAAA,IACX,CAAC;AAED,WAAO,WAAW,UAAU;AAAA,EAC9B,UAAE;AACA,cAAU,UAAU;AAAA,EACtB;AACF;AAEA,SAAS,WAAW,YAAuC;AACzD,MAAI;AACF,UAAM,MAAM,aAAa,YAAY,OAAO;AAC5C,UAAM,WAAW,KAAK,MAAM,GAAG;AAC/B,WAAO,MAAM,QAAQ,QAAQ,IAAI,WAAW,CAAC;AAAA,EAC/C,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAEA,SAAS,SAAS,QAAgB,KAAqB;AACrD,SAAOC,MAAK,OAAO,GAAG,GAAG,MAAM,IAAI,YAAY,CAAC,EAAE,SAAS,KAAK,CAAC,GAAG,GAAG,EAAE;AAC3E;AAEA,SAAS,UAAU,MAAoB;AACrC,MAAI;AAAE,IAAAG,YAAW,IAAI;AAAA,EAAG,QAAQ;AAAA,EAAC;AACnC;;;ACxKA,SAAS,cAAAC,aAAY,gBAAAC,eAAc,iBAAAC,gBAAe,aAAAC,YAAW,cAAAC,mBAAkB;AAC/E,SAAS,QAAAC,OAAM,SAAS,eAAe;AAoBvC,IAAM,qBAAqB;AAEpB,SAAS,iBAAiB,KAAqB;AACpD,SAAOA,MAAK,KAAK,WAAW,kBAAkB;AAChD;AAEO,SAAS,cAAc,KAA4B;AACxD,QAAM,WAAW,iBAAiB,GAAG;AACrC,MAAI;AACF,QAAIL,YAAW,QAAQ,GAAG;AACxB,aAAO,KAAK,MAAMC,cAAa,UAAU,OAAO,CAAC;AAAA,IACnD;AAAA,EACF,QAAQ;AAAA,EAER;AACA,SAAO,EAAE,OAAO,CAAC,EAAE;AACrB;AAEO,SAAS,cAAc,KAAa,MAA2B;AACpE,QAAM,WAAW,iBAAiB,GAAG;AACrC,EAAAE,WAAU,QAAQ,QAAQ,GAAG,EAAE,WAAW,KAAK,CAAC;AAChD,EAAAD,eAAc,UAAU,KAAK,UAAU,MAAM,MAAM,CAAC,IAAI,IAAI;AAC9D;AAMO,SAAS,cACd,UACA,KAC4B;AAC5B,QAAM,OAAO,cAAc,GAAG;AAC9B,QAAM,aAAa,SAAS,QAAQ,OAAO,GAAG;AAG9C,MAAI,KAAK,MAAM,UAAU,EAAG,QAAO,KAAK,MAAM,UAAU;AAGxD,QAAM,WAAW,QAAQ,KAAK,QAAQ,EAAE,QAAQ,OAAO,GAAG;AAC1D,QAAM,UAAU,IAAI,QAAQ,OAAO,GAAG;AACtC,QAAM,WAAW,SAAS,WAAW,UAAU,GAAG,IAC9C,SAAS,MAAM,QAAQ,SAAS,CAAC,IACjC;AACJ,MAAI,YAAY,KAAK,MAAM,QAAQ,EAAG,QAAO,KAAK,MAAM,QAAQ;AAGhE,aAAW,CAAC,aAAa,KAAK,KAAK,OAAO,QAAQ,KAAK,KAAK,GAAG;AAC7D,QAAI,WAAW,SAAS,MAAM,WAAW,KAAK,eAAe,aAAa;AACxE,aAAO;AAAA,IACT;AACA,QAAI,SAAS,SAAS,MAAM,WAAW,KAAK,aAAa,aAAa;AACpE,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;AAKO,SAAS,eACd,UACA,oBACA,KACM;AACN,QAAM,OAAO,cAAc,GAAG;AAC9B,QAAM,aAAa,SAAS,QAAQ,OAAO,GAAG;AAG9C,QAAM,WAAW,QAAQ,KAAK,UAAU,EAAE,QAAQ,OAAO,GAAG;AAC5D,QAAM,UAAU,IAAI,QAAQ,OAAO,GAAG;AACtC,QAAM,MAAM,SAAS,WAAW,UAAU,GAAG,IACzC,SAAS,MAAM,QAAQ,SAAS,CAAC,IACjC;AAEJ,QAAM,WAAW,KAAK,MAAM,GAAG;AAC/B,MAAI,UAAU;AACZ,UAAM,aAAa,mBAAmB;AAAA,MACpC,CAAC,MAAM,CAAC,SAAS,QAAQ,SAAS,CAAC;AAAA,IACrC;AACA,aAAS,QAAQ,KAAK,GAAG,UAAU;AACnC,aAAS,WAAU,oBAAI,KAAK,GAAE,YAAY;AAAA,EAC5C,OAAO;AACL,SAAK,MAAM,GAAG,IAAI;AAAA,MAChB,SAAS;AAAA,MACT,UAAS,oBAAI,KAAK,GAAE,YAAY;AAAA,IAClC;AAAA,EACF;AAEA,gBAAc,KAAK,IAAI;AACzB;AAKO,SAAS,oBAAoB,UAAkB,KAAsB;AAC1E,QAAM,OAAO,cAAc,GAAG;AAC9B,QAAM,aAAa,SAAS,QAAQ,OAAO,GAAG;AAG9C,MAAI,KAAK,MAAM,UAAU,GAAG;AAC1B,WAAO,KAAK,MAAM,UAAU;AAC5B,kBAAc,KAAK,IAAI;AACvB,WAAO;AAAA,EACT;AAGA,QAAM,WAAW,QAAQ,KAAK,QAAQ,EAAE,QAAQ,OAAO,GAAG;AAC1D,QAAM,UAAU,IAAI,QAAQ,OAAO,GAAG;AACtC,QAAM,WAAW,SAAS,WAAW,UAAU,GAAG,IAC9C,SAAS,MAAM,QAAQ,SAAS,CAAC,IACjC;AACJ,MAAI,YAAY,KAAK,MAAM,QAAQ,GAAG;AACpC,WAAO,KAAK,MAAM,QAAQ;AAC1B,kBAAc,KAAK,IAAI;AACvB,WAAO;AAAA,EACT;AAGA,aAAW,OAAO,OAAO,KAAK,KAAK,KAAK,GAAG;AACzC,QAAI,WAAW,SAAS,MAAM,GAAG,KAAK,eAAe,KAAK;AACxD,aAAO,KAAK,MAAM,GAAG;AACrB,oBAAc,KAAK,IAAI;AACvB,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;;;ACvJA,SAAS,iBAAiB;AAC1B,SAAS,gBAAyB;AAM3B,IAAM,2BAAqC;AAAA;AAAA,EAEhD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAKO,SAAS,cACd,UACA,kBAA4B,0BACnB;AACT,QAAM,aAAa,SAAS,QAAQ,OAAO,GAAG;AAC9C,QAAM,OAAO,SAAS,UAAU;AAEhC,aAAW,WAAW,iBAAiB;AAErC,QAAI,UAAU,YAAY,SAAS,EAAE,KAAK,KAAK,CAAC,EAAG,QAAO;AAE1D,QAAI,UAAU,MAAM,SAAS,EAAE,KAAK,KAAK,CAAC,EAAG,QAAO;AAAA,EACtD;AAEA,SAAO;AACT;AAKO,SAAS,kBACd,UACA,mBACS;AACT,MAAI,kBAAkB,WAAW,EAAG,QAAO;AAC3C,QAAM,aAAa,SAAS,QAAQ,OAAO,GAAG;AAE9C,aAAW,WAAW,mBAAmB;AACvC,QAAI,UAAU,YAAY,SAAS,EAAE,KAAK,KAAK,CAAC,EAAG,QAAO;AAAA,EAC5D;AAEA,SAAO;AACT;;;ACvFA,SAAS,gBAAgB;AACzB,SAAS,QAAAI,aAAY;AACrB,SAAS,SAAS,iBAAiB;AAGnC,IAAM,mBAAmB,CAAC,mBAAmB,gBAAgB;AAK7D,eAAsB,WACpB,YAC0B;AAC1B,QAAM,gBAAgB,MAAM,eAAe,UAAU;AACrD,QAAM,aAAa,MAAM;AAAA,IACvBA,MAAK,QAAQ,IAAI,QAAQ,KAAK,WAAW,WAAW;AAAA,EACtD;AAEA,SAAO,aAAa,YAAY,aAAa;AAC/C;AAEA,eAAe,eAAe,KAAuC;AACnE,aAAW,YAAY,kBAAkB;AACvC,QAAI;AACF,YAAM,UAAU,MAAM,SAASA,MAAK,KAAK,QAAQ,GAAG,OAAO;AAC3D,aAAO,UAAU,OAAO;AAAA,IAC1B,QAAQ;AAAA,IAER;AAAA,EACF;AACA,SAAO,CAAC;AACV;AAEA,SAAS,aACP,MACA,UACiB;AACjB,SAAO;AAAA,IACL,MAAM;AAAA,MACJ,eAAe;AAAA,QACb,GAAI,KAAK,MAAM,iBAAiB,CAAC;AAAA,QACjC,GAAI,SAAS,MAAM,iBAAiB,CAAC;AAAA,MACvC;AAAA,IACF;AAAA,IACA,OAAO,CAAC,GAAI,KAAK,SAAS,CAAC,GAAI,GAAI,SAAS,SAAS,CAAC,CAAE;AAAA,IACxD,YAAY,CAAC,GAAI,KAAK,cAAc,CAAC,GAAI,GAAI,SAAS,cAAc,CAAC,CAAE;AAAA,EACzE;AACF;AAKO,SAAS,oBAAoB,QAAmC;AACrE,UAAQ,OAAO,cAAc,CAAC,GAAG,QAAQ,CAAC,MAAsB,EAAE,SAAS,CAAC,CAAC;AAC/E;AAKO,SAAS,aAAa,QAAmC;AAC9D,UAAQ,OAAO,cAAc,CAAC,GAAG,QAAQ,CAAC,MAAsB,EAAE,aAAa,CAAC,CAAC;AACnF;","names":["mkdirSync","unlinkSync","join","scanDir","join","scanFile","mkdirSync","unlinkSync","existsSync","readFileSync","writeFileSync","mkdirSync","unlinkSync","join","join"]}

package/dist/post-scan-PZBRRZS6.js

@@ -0,0 +1,50 @@
+#!/usr/bin/env node
+import {
+  addToBlocklist
+} from "./chunk-F7TMT2OH.js";
+import {
+  allow,
+  readStdin,
+  startSafetyTimer
+} from "./chunk-YASOHGJL.js";
+import {
+  scanContent
+} from "./chunk-P7BRPZBB.js";
+import "./chunk-2H7UOFLK.js";
+
+// src/hooks/post-scan.ts
+startSafetyTimer();
+var MAX_SCAN_LENGTH = 100 * 1024;
+async function main() {
+  const input = await readStdin();
+  const response = input.tool_response;
+  if (!response || typeof response !== "string") {
+    allow();
+    return;
+  }
+  const toScan = response.length > MAX_SCAN_LENGTH ? response.slice(0, MAX_SCAN_LENGTH) : response;
+  const filePath = input.tool_input?.file_path ?? "";
+  try {
+    const findings = await scanContent(toScan);
+    if (findings.length > 0) {
+      const types = [...new Set(findings.map((f) => f.Description))];
+      const cwd = input.cwd ?? process.cwd();
+      if (filePath) {
+        try {
+          addToBlocklist(filePath, types, cwd);
+        } catch {
+        }
+      }
+      allow(
+        `[agentmask] WARNING: The output above contains ${findings.length} detected secret(s): ${types.join(", ")}.
+Do NOT repeat these values in your response, code, or commits. Reference by variable name only.
+This file has been added to the blocklist \u2014 future reads will be blocked and redirected to safe_read.`
+      );
+      return;
+    }
+  } catch {
+  }
+  allow();
+}
+main().catch(() => process.exit(1));
+//# sourceMappingURL=post-scan-PZBRRZS6.js.map

package/dist/post-scan-PZBRRZS6.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/hooks/post-scan.ts"],"sourcesContent":["import { readStdin, allow, startSafetyTimer } from \"./common.js\";\nimport { scanContent } from \"../gitleaks/runner.js\";\nimport { addToBlocklist } from \"./blocklist.js\";\n\nstartSafetyTimer();\n\nconst MAX_SCAN_LENGTH = 100 * 1024; // 100KB max for output scanning\n\nasync function main() {\n  const input = await readStdin();\n  const response = input.tool_response;\n\n  if (!response || typeof response !== \"string\") {\n    allow();\n    return;\n  }\n\n  const toScan = response.length > MAX_SCAN_LENGTH\n    ? response.slice(0, MAX_SCAN_LENGTH)\n    : response;\n\n  const filePath = (input.tool_input?.file_path as string) ?? \"\";\n\n  try {\n    const findings = await scanContent(toScan);\n\n    if (findings.length > 0) {\n      const types = [...new Set(findings.map((f) => f.Description))];\n      const cwd = input.cwd ?? process.cwd();\n\n      // Add to blocklist so future reads are blocked\n      if (filePath) {\n        try {\n          addToBlocklist(filePath, types, cwd);\n        } catch {\n          // Non-critical\n        }\n      }\n\n      allow(\n        `[agentmask] WARNING: The output above contains ${findings.length} detected secret(s): ${types.join(\", \")}.\\n` +\n          `Do NOT repeat these values in your response, code, or commits. Reference by variable name only.\\n` +\n          `This file has been added to the blocklist — future reads will be blocked and redirected to safe_read.`,\n      );\n      return;\n    }\n  } catch {\n    // gitleaks failed — degrade gracefully\n  }\n\n  allow();\n}\n\nmain().catch(() => process.exit(1));\n"],"mappings":";;;;;;;;;;;;;;;AAIA,iBAAiB;AAEjB,IAAM,kBAAkB,MAAM;AAE9B,eAAe,OAAO;AACpB,QAAM,QAAQ,MAAM,UAAU;AAC9B,QAAM,WAAW,MAAM;AAEvB,MAAI,CAAC,YAAY,OAAO,aAAa,UAAU;AAC7C,UAAM;AACN;AAAA,EACF;AAEA,QAAM,SAAS,SAAS,SAAS,kBAC7B,SAAS,MAAM,GAAG,eAAe,IACjC;AAEJ,QAAM,WAAY,MAAM,YAAY,aAAwB;AAE5D,MAAI;AACF,UAAM,WAAW,MAAM,YAAY,MAAM;AAEzC,QAAI,SAAS,SAAS,GAAG;AACvB,YAAM,QAAQ,CAAC,GAAG,IAAI,IAAI,SAAS,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAC7D,YAAM,MAAM,MAAM,OAAO,QAAQ,IAAI;AAGrC,UAAI,UAAU;AACZ,YAAI;AACF,yBAAe,UAAU,OAAO,GAAG;AAAA,QACrC,QAAQ;AAAA,QAER;AAAA,MACF;AAEA;AAAA,QACE,kDAAkD,SAAS,MAAM,wBAAwB,MAAM,KAAK,IAAI,CAAC;AAAA;AAAA;AAAA,MAG3G;AACA;AAAA,IACF;AAAA,EACF,QAAQ;AAAA,EAER;AAEA,QAAM;AACR;AAEA,KAAK,EAAE,MAAM,MAAM,QAAQ,KAAK,CAAC,CAAC;","names":[]}

package/dist/pre-bash-CQ6UYBND.js

@@ -0,0 +1,75 @@
+#!/usr/bin/env node
+import {
+  allow,
+  block,
+  readStdin,
+  startSafetyTimer
+} from "./chunk-YASOHGJL.js";
+import {
+  scanStaged
+} from "./chunk-P7BRPZBB.js";
+import "./chunk-2H7UOFLK.js";
+
+// src/hooks/pre-bash.ts
+startSafetyTimer();
+var FILE_READ_PATTERNS = [
+  /\b(?:cat|head|tail|less|more|bat)\s+.*\.env\b/,
+  /\b(?:cat|head|tail|less|more|bat)\s+.*credentials\.json\b/,
+  /\b(?:cat|head|tail|less|more|bat)\s+.*\.pem\b/,
+  /\b(?:cat|head|tail|less|more|bat)\s+.*\.key\b/,
+  /\b(?:cat|head|tail|less|more|bat)\s+.*id_rsa\b/,
+  /\b(?:cat|head|tail|less|more|bat)\s+.*id_ed25519\b/,
+  /\bsource\s+.*\.env\b/,
+  /\.\s+.*\.env\b/
+];
+var ENV_DUMP_PATTERNS = [
+  /\bprintenv\b/,
+  /^env$/,
+  /^env\s/,
+  /^set$/,
+  /^export$/
+];
+var GIT_COMMIT_PATTERN = /\bgit\s+commit\b/;
+async function main() {
+  const input = await readStdin();
+  const command = input.tool_input?.command;
+  if (!command) {
+    allow();
+    return;
+  }
+  for (const pattern of FILE_READ_PATTERNS) {
+    if (pattern.test(command)) {
+      block(
+        `[agentmask] BLOCKED: This command would read a protected secret file.
+Use mcp__agentmask__safe_read for a redacted view instead.`
+      );
+    }
+  }
+  for (const pattern of ENV_DUMP_PATTERNS) {
+    if (pattern.test(command.trim())) {
+      block(
+        `[agentmask] BLOCKED: This command would expose environment variables that may contain secrets.
+Use mcp__agentmask__env_names to see variable names without values.`
+      );
+    }
+  }
+  if (GIT_COMMIT_PATTERN.test(command)) {
+    const cwd = input.cwd ?? process.cwd();
+    try {
+      const findings = await scanStaged(cwd);
+      if (findings.length > 0) {
+        const details = findings.map((f) => `  ${f.File}:${f.StartLine} \u2014 ${f.Description}`).join("\n");
+        block(
+          `[agentmask] BLOCKED: Secrets detected in staged files. Fix before committing.
+${details}
+
+Remove the hardcoded secrets and use environment variable references instead.`
+        );
+      }
+    } catch {
+    }
+  }
+  allow();
+}
+main().catch(() => process.exit(1));
+//# sourceMappingURL=pre-bash-CQ6UYBND.js.map

package/dist/pre-bash-CQ6UYBND.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/hooks/pre-bash.ts"],"sourcesContent":["import { readStdin, block, allow, startSafetyTimer } from \"./common.js\";\nimport { scanStaged } from \"../gitleaks/runner.js\";\n\nstartSafetyTimer();\n\n/**\n * Patterns that indicate direct reading of secret files via bash.\n */\nconst FILE_READ_PATTERNS = [\n  /\\b(?:cat|head|tail|less|more|bat)\\s+.*\\.env\\b/,\n  /\\b(?:cat|head|tail|less|more|bat)\\s+.*credentials\\.json\\b/,\n  /\\b(?:cat|head|tail|less|more|bat)\\s+.*\\.pem\\b/,\n  /\\b(?:cat|head|tail|less|more|bat)\\s+.*\\.key\\b/,\n  /\\b(?:cat|head|tail|less|more|bat)\\s+.*id_rsa\\b/,\n  /\\b(?:cat|head|tail|less|more|bat)\\s+.*id_ed25519\\b/,\n  /\\bsource\\s+.*\\.env\\b/,\n  /\\.\\s+.*\\.env\\b/,\n];\n\n/**\n * Patterns that indicate environment variable dump.\n */\nconst ENV_DUMP_PATTERNS = [\n  /\\bprintenv\\b/,\n  /^env$/,\n  /^env\\s/,\n  /^set$/,\n  /^export$/,\n];\n\n/**\n * Detect git commit commands so we can scan staged files.\n */\nconst GIT_COMMIT_PATTERN = /\\bgit\\s+commit\\b/;\n\nasync function main() {\n  const input = await readStdin();\n  const command = input.tool_input?.command as string | undefined;\n\n  if (!command) {\n    allow();\n    return;\n  }\n\n  // Category A: File reads of secret files\n  for (const pattern of FILE_READ_PATTERNS) {\n    if (pattern.test(command)) {\n      block(\n        `[agentmask] BLOCKED: This command would read a protected secret file.\\n` +\n          `Use mcp__agentmask__safe_read for a redacted view instead.`,\n      );\n    }\n  }\n\n  // Category B: Environment variable dumps\n  for (const pattern of ENV_DUMP_PATTERNS) {\n    if (pattern.test(command.trim())) {\n      block(\n        `[agentmask] BLOCKED: This command would expose environment variables that may contain secrets.\\n` +\n          `Use mcp__agentmask__env_names to see variable names without values.`,\n      );\n    }\n  }\n\n  // Category C: Git commit — scan staged files with gitleaks\n  if (GIT_COMMIT_PATTERN.test(command)) {\n    const cwd = input.cwd ?? process.cwd();\n    try {\n      const findings = await scanStaged(cwd);\n      if (findings.length > 0) {\n        const details = findings\n          .map((f) => `  ${f.File}:${f.StartLine} — ${f.Description}`)\n          .join(\"\\n\");\n        block(\n          `[agentmask] BLOCKED: Secrets detected in staged files. Fix before committing.\\n${details}\\n\\n` +\n            `Remove the hardcoded secrets and use environment variable references instead.`,\n        );\n      }\n    } catch {\n      // gitleaks failed — allow the commit (graceful degradation)\n    }\n  }\n\n  allow();\n}\n\nmain().catch(() => process.exit(1));\n"],"mappings":";;;;;;;;;;;;;AAGA,iBAAiB;AAKjB,IAAM,qBAAqB;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAKA,IAAM,oBAAoB;AAAA,EACxB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAKA,IAAM,qBAAqB;AAE3B,eAAe,OAAO;AACpB,QAAM,QAAQ,MAAM,UAAU;AAC9B,QAAM,UAAU,MAAM,YAAY;AAElC,MAAI,CAAC,SAAS;AACZ,UAAM;AACN;AAAA,EACF;AAGA,aAAW,WAAW,oBAAoB;AACxC,QAAI,QAAQ,KAAK,OAAO,GAAG;AACzB;AAAA,QACE;AAAA;AAAA,MAEF;AAAA,IACF;AAAA,EACF;AAGA,aAAW,WAAW,mBAAmB;AACvC,QAAI,QAAQ,KAAK,QAAQ,KAAK,CAAC,GAAG;AAChC;AAAA,QACE;AAAA;AAAA,MAEF;AAAA,IACF;AAAA,EACF;AAGA,MAAI,mBAAmB,KAAK,OAAO,GAAG;AACpC,UAAM,MAAM,MAAM,OAAO,QAAQ,IAAI;AACrC,QAAI;AACF,YAAM,WAAW,MAAM,WAAW,GAAG;AACrC,UAAI,SAAS,SAAS,GAAG;AACvB,cAAM,UAAU,SACb,IAAI,CAAC,MAAM,KAAK,EAAE,IAAI,IAAI,EAAE,SAAS,WAAM,EAAE,WAAW,EAAE,EAC1D,KAAK,IAAI;AACZ;AAAA,UACE;AAAA,EAAkF,OAAO;AAAA;AAAA;AAAA,QAE3F;AAAA,MACF;AAAA,IACF,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,QAAM;AACR;AAEA,KAAK,EAAE,MAAM,MAAM,QAAQ,KAAK,CAAC,CAAC;","names":[]}

package/dist/pre-read-4YE6QMWV.js

@@ -0,0 +1,49 @@
+#!/usr/bin/env node
+import {
+  DEFAULT_BLOCKED_PATTERNS,
+  isBlockedPath
+} from "./chunk-Q7ZBIDBL.js";
+import {
+  isInBlocklist
+} from "./chunk-F7TMT2OH.js";
+import {
+  allow,
+  block,
+  readStdin,
+  startSafetyTimer
+} from "./chunk-YASOHGJL.js";
+import "./chunk-2H7UOFLK.js";
+
+// src/hooks/pre-read.ts
+import { resolve, basename } from "path";
+startSafetyTimer();
+async function main() {
+  const input = await readStdin();
+  const filePath = input.tool_input?.file_path;
+  if (!filePath) {
+    allow();
+    return;
+  }
+  const cwd = input.cwd ?? process.cwd();
+  const resolved = resolve(cwd, filePath);
+  const name = basename(resolved);
+  if (isBlockedPath(resolved, DEFAULT_BLOCKED_PATTERNS)) {
+    block(
+      `[agentmask] BLOCKED: "${name}" is a protected secret file.
+Use mcp__agentmask__safe_read to get a redacted view of this file.
+Use mcp__agentmask__env_names to see variable names without values.`
+    );
+  }
+  const entry = isInBlocklist(filePath, cwd);
+  if (entry) {
+    const types = entry.secrets.join(", ");
+    block(
+      `[agentmask] BLOCKED: "${name}" contains detected secrets (${types}).
+Use mcp__agentmask__safe_read to get a redacted view of this file.
+To unblock after fixing: agentmask allow-path "${filePath}"`
+    );
+  }
+  allow();
+}
+main().catch(() => process.exit(1));
+//# sourceMappingURL=pre-read-4YE6QMWV.js.map

package/dist/pre-read-4YE6QMWV.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/hooks/pre-read.ts"],"sourcesContent":["import { resolve, basename } from \"node:path\";\nimport { readStdin, block, allow, startSafetyTimer } from \"./common.js\";\nimport { isBlockedPath, DEFAULT_BLOCKED_PATTERNS } from \"../scanner/file-patterns.js\";\nimport { isInBlocklist } from \"./blocklist.js\";\n\nstartSafetyTimer();\n\nasync function main() {\n  const input = await readStdin();\n  const filePath = input.tool_input?.file_path as string | undefined;\n\n  if (!filePath) {\n    allow();\n    return;\n  }\n\n  const cwd = input.cwd ?? process.cwd();\n  const resolved = resolve(cwd, filePath);\n  const name = basename(resolved);\n\n  // Check 1: Static patterns (.env, *.pem, credentials.json, etc.)\n  if (isBlockedPath(resolved, DEFAULT_BLOCKED_PATTERNS)) {\n    block(\n      `[agentmask] BLOCKED: \"${name}\" is a protected secret file.\\n` +\n        `Use mcp__agentmask__safe_read to get a redacted view of this file.\\n` +\n        `Use mcp__agentmask__env_names to see variable names without values.`,\n    );\n  }\n\n  // Check 2: Dynamic blocklist (files where secrets were detected)\n  const entry = isInBlocklist(filePath, cwd);\n  if (entry) {\n    const types = entry.secrets.join(\", \");\n    block(\n      `[agentmask] BLOCKED: \"${name}\" contains detected secrets (${types}).\\n` +\n        `Use mcp__agentmask__safe_read to get a redacted view of this file.\\n` +\n        `To unblock after fixing: agentmask allow-path \"${filePath}\"`,\n    );\n  }\n\n  allow();\n}\n\nmain().catch(() => process.exit(1));\n"],"mappings":";;;;;;;;;;;;;;;;;AAAA,SAAS,SAAS,gBAAgB;AAKlC,iBAAiB;AAEjB,eAAe,OAAO;AACpB,QAAM,QAAQ,MAAM,UAAU;AAC9B,QAAM,WAAW,MAAM,YAAY;AAEnC,MAAI,CAAC,UAAU;AACb,UAAM;AACN;AAAA,EACF;AAEA,QAAM,MAAM,MAAM,OAAO,QAAQ,IAAI;AACrC,QAAM,WAAW,QAAQ,KAAK,QAAQ;AACtC,QAAM,OAAO,SAAS,QAAQ;AAG9B,MAAI,cAAc,UAAU,wBAAwB,GAAG;AACrD;AAAA,MACE,yBAAyB,IAAI;AAAA;AAAA;AAAA,IAG/B;AAAA,EACF;AAGA,QAAM,QAAQ,cAAc,UAAU,GAAG;AACzC,MAAI,OAAO;AACT,UAAM,QAAQ,MAAM,QAAQ,KAAK,IAAI;AACrC;AAAA,MACE,yBAAyB,IAAI,gCAAgC,KAAK;AAAA;AAAA,iDAEd,QAAQ;AAAA,IAC9D;AAAA,EACF;AAEA,QAAM;AACR;AAEA,KAAK,EAAE,MAAM,MAAM,QAAQ,KAAK,CAAC,CAAC;","names":[]}