averecion-lite 1.3.0

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../cli.ts"],"names":[],"mappings":""}

package/dist/cli.js

@@ -0,0 +1,409 @@
+#!/usr/bin/env node
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const crypto = __importStar(require("crypto"));
+const readline = __importStar(require("readline"));
+const CLAWGUARD_DIR = path.join(os.homedir(), ".clawguard");
+const LITE_DIR = path.join(os.homedir(), ".averecion-lite");
+const CONFIG_FILE = path.join(CLAWGUARD_DIR, "config.json");
+const POLICY_FILE = path.join(CLAWGUARD_DIR, "policy.json");
+const AGENTS_DIR = path.join(CLAWGUARD_DIR, "agents");
+const PENDING_DIR = path.join(CLAWGUARD_DIR, "pending");
+const OPENCLAW_PATHS = [
+    "openclaw.config.ts",
+    "openclaw.config.js",
+    ".openclaw/config.ts",
+    ".openclaw/config.js",
+    "config/openclaw.ts",
+    "config/openclaw.js",
+];
+const HOOK_CODE = `
+// Averecion Lite - AI Safety for OpenClaw
+import { createOpenClawHook, initLiteAdapter } from "averecion-lite";
+await initLiteAdapter();
+openclaw.registerHook(await createOpenClawHook());
+`;
+function log(msg) { console.log(`🦞 ${msg}`); }
+function success(msg) { console.log(`✅ ${msg}`); }
+function warn(msg) { console.log(`⚠️  ${msg}`); }
+async function prompt(question) {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    return new Promise(resolve => {
+        rl.question(question, answer => { rl.close(); resolve(answer.trim()); });
+    });
+}
+function ensureDir() {
+    if (!fs.existsSync(CLAWGUARD_DIR)) {
+        fs.mkdirSync(CLAWGUARD_DIR, { recursive: true });
+    }
+    if (!fs.existsSync(AGENTS_DIR)) {
+        fs.mkdirSync(AGENTS_DIR, { recursive: true });
+    }
+    if (!fs.existsSync(PENDING_DIR)) {
+        fs.mkdirSync(PENDING_DIR, { recursive: true });
+    }
+}
+function generateSecret() {
+    return crypto.randomBytes(32).toString("hex");
+}
+function findOpenClawConfig() {
+    for (const p of OPENCLAW_PATHS) {
+        if (fs.existsSync(p))
+            return p;
+    }
+    return null;
+}
+function createDefaultPolicy() {
+    const policy = {
+        allowedSkills: ["email.send", "calendar.create", "web.get", "file.read"],
+        highRiskActions: ["shell.exec", "file.write", "network.post", "delete.*", "wallet.tx"],
+        blockUnknownSkills: true
+    };
+    fs.writeFileSync(POLICY_FILE, JSON.stringify(policy, null, 2));
+}
+async function init() {
+    console.log("");
+    console.log("╔════════════════════════════════════════╗");
+    console.log("║  🛡️  Clawguard v1.1.0                   ║");
+    console.log("║     AI Safety for ClawdBot             ║");
+    console.log("╚════════════════════════════════════════╝");
+    console.log("");
+    ensureDir();
+    // Step 1: Generate secret
+    log("Generating your secret key...");
+    const secret = generateSecret();
+    const config = { secret, createdAt: new Date().toISOString() };
+    fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2));
+    success("Secret key created and saved!");
+    console.log("");
+    // Step 2: Create default policy
+    if (!fs.existsSync(POLICY_FILE)) {
+        log("Creating default safety policy...");
+        createDefaultPolicy();
+        success("Safety policy created!");
+    }
+    else {
+        log("Using existing safety policy");
+    }
+    console.log("");
+    // Step 3: Show ClawdBot integration options
+    log("Clawguard works with all ClawdBot extension types:");
+    console.log("");
+    console.log("   • Skills     - Monitors skill executions");
+    console.log("   • Tools      - Governs MCP tool calls");
+    console.log("   • Plugins    - Tracks plugin actions");
+    console.log("   • Bash/Shell - Intercepts command execution");
+    console.log("");
+    // Step 4: Set environment variable
+    console.log("");
+    log("Add this to your shell profile (~/.bashrc or ~/.zshrc):");
+    console.log("");
+    console.log(`   export CLAWGUARD_SECRET="${secret}"`);
+    console.log("");
+    // Step 5: Done!
+    console.log("╔════════════════════════════════════════╗");
+    console.log("║  🎉 Setup complete!                    ║");
+    console.log("╚════════════════════════════════════════╝");
+    console.log("");
+    console.log("Next steps:");
+    console.log("  1. Start the dashboard: clawguard start");
+    console.log("  2. Configure your ClawdBot extensions in the dashboard");
+    console.log("  3. Open http://127.0.0.1:4321/clawguard");
+    console.log("");
+    console.log("Need help? Visit https://averecion.com/docs/clawguard");
+    console.log("");
+}
+async function start() {
+    ensureDir();
+    if (!fs.existsSync(CONFIG_FILE)) {
+        warn("Not set up yet. Running setup first...");
+        await init();
+    }
+    const config = JSON.parse(fs.readFileSync(CONFIG_FILE, "utf-8"));
+    process.env.LITE_ADAPTER_SECRET = config.secret;
+    log("Starting Averecion Lite...");
+    const { initLiteAdapter } = await Promise.resolve().then(() => __importStar(require("./index")));
+    await initLiteAdapter({ enableCLIConfirm: true });
+    console.log("");
+    success("Dashboard ready at http://127.0.0.1:4321/clawguard");
+    console.log("");
+}
+async function status() {
+    ensureDir();
+    if (!fs.existsSync(CONFIG_FILE)) {
+        warn("Not set up yet. Run: npx averecion-lite init");
+        return;
+    }
+    const config = JSON.parse(fs.readFileSync(CONFIG_FILE, "utf-8"));
+    console.log("");
+    console.log("🦞 Averecion Lite Status");
+    console.log("────────────────────────");
+    console.log(`  Config: ${CONFIG_FILE}`);
+    console.log(`  Created: ${config.createdAt}`);
+    console.log(`  Secret: ${config.secret.slice(0, 8)}...`);
+    console.log("");
+}
+async function agents() {
+    if (!fs.existsSync(AGENTS_DIR)) {
+        warn("No agents registered yet.");
+        console.log("Register an agent with: clawguard agent register <manifest.json>");
+        return;
+    }
+    const files = fs.readdirSync(AGENTS_DIR).filter(f => f.endsWith(".json"));
+    if (files.length === 0) {
+        warn("No agents registered yet.");
+        return;
+    }
+    console.log("");
+    console.log("🤖 Registered Agents");
+    console.log("────────────────────");
+    for (const file of files) {
+        try {
+            const agent = JSON.parse(fs.readFileSync(path.join(AGENTS_DIR, file), "utf-8"));
+            const capCount = agent.capabilities?.length || 0;
+            const riskIndicator = capCount > 5 ? "🔴" : capCount > 3 ? "🟡" : "🟢";
+            console.log(`  ${riskIndicator} ${agent.name} (${agent.id})`);
+            console.log(`     Capabilities: ${capCount}`);
+            console.log(`     Framework: ${agent.framework || "custom"}`);
+            console.log(`     Registered: ${agent.registeredAt}`);
+            console.log("");
+        }
+        catch { }
+    }
+}
+async function registerAgentFromFile(manifestPath) {
+    if (!fs.existsSync(manifestPath)) {
+        warn(`File not found: ${manifestPath}`);
+        return;
+    }
+    const { registerAgentFromManifest } = await Promise.resolve().then(() => __importStar(require("./src/capability-manifest")));
+    const result = registerAgentFromManifest(manifestPath);
+    if (!result.success) {
+        warn(`Failed to register agent: ${result.error}`);
+        return;
+    }
+    success(`Registered agent: ${result.manifest?.name}`);
+    console.log("");
+    console.log("Risk Assessment:");
+    console.log(`  Overall Score: ${result.risk?.overallScore}/100`);
+    console.log(`  Risk Level: ${result.risk?.riskLevel?.toUpperCase()}`);
+    if (result.risk?.recommendations?.length) {
+        console.log("");
+        console.log("Recommendations:");
+        for (const rec of result.risk.recommendations) {
+            console.log(`  • ${rec}`);
+        }
+    }
+    console.log("");
+}
+async function installShellWrapper() {
+    const wrapperScript = `#!/bin/bash
+# Clawguard Shell Wrapper
+# Intercepts commands and applies governance policies
+
+CLAWGUARD_REAL_SHELL="\${CLAWGUARD_REAL_SHELL:-/bin/bash}"
+
+if [ -z "$1" ]; then
+  exec "$CLAWGUARD_REAL_SHELL"
+else
+  node "${path.join(__dirname, "src", "shell-wrapper.js")}" "$@"
+fi
+`;
+    const binDir = path.join(os.homedir(), ".local", "bin");
+    const wrapperPath = path.join(binDir, "clawguard-sh");
+    if (!fs.existsSync(binDir)) {
+        fs.mkdirSync(binDir, { recursive: true });
+    }
+    fs.writeFileSync(wrapperPath, wrapperScript);
+    fs.chmodSync(wrapperPath, "755");
+    success(`Shell wrapper installed: ${wrapperPath}`);
+    console.log("");
+    console.log("To enable for an agent, set:");
+    console.log(`  SHELL=${wrapperPath}`);
+    console.log("");
+    console.log("Or add to your profile (~/.bashrc):");
+    console.log(`  export PATH="$HOME/.local/bin:$PATH"`);
+    console.log("");
+}
+async function pending() {
+    if (!fs.existsSync(PENDING_DIR)) {
+        log("No pending approvals.");
+        return;
+    }
+    const files = fs.readdirSync(PENDING_DIR).filter(f => f.endsWith(".json"));
+    const pendingItems = files.map(f => {
+        try {
+            return JSON.parse(fs.readFileSync(path.join(PENDING_DIR, f), "utf-8"));
+        }
+        catch {
+            return null;
+        }
+    }).filter(p => p && p.status === "pending");
+    if (pendingItems.length === 0) {
+        log("No pending approvals.");
+        return;
+    }
+    console.log("");
+    console.log("⏳ Pending Approvals");
+    console.log("────────────────────");
+    for (const item of pendingItems) {
+        console.log(`  ID: ${item.id}`);
+        console.log(`  Type: ${item.type}`);
+        if (item.command)
+            console.log(`  Command: ${item.command.substring(0, 60)}${item.command.length > 60 ? "..." : ""}`);
+        if (item.url)
+            console.log(`  URL: ${item.url.substring(0, 60)}${item.url.length > 60 ? "..." : ""}`);
+        console.log(`  Risk: ${item.riskScore}/100`);
+        console.log(`  Created: ${item.createdAt}`);
+        console.log("");
+    }
+    console.log("To approve: clawguard approve <id>");
+    console.log("To deny:    clawguard deny <id>");
+    console.log("");
+}
+async function approve(id) {
+    const filePath = path.join(PENDING_DIR, `${id}.json`);
+    if (!fs.existsSync(filePath)) {
+        warn(`Approval not found: ${id}`);
+        return;
+    }
+    const approval = JSON.parse(fs.readFileSync(filePath, "utf-8"));
+    approval.status = "approved";
+    approval.resolvedAt = new Date().toISOString();
+    fs.writeFileSync(filePath, JSON.stringify(approval, null, 2));
+    success(`Approved: ${id}`);
+}
+async function deny(id) {
+    const filePath = path.join(PENDING_DIR, `${id}.json`);
+    if (!fs.existsSync(filePath)) {
+        warn(`Approval not found: ${id}`);
+        return;
+    }
+    const approval = JSON.parse(fs.readFileSync(filePath, "utf-8"));
+    approval.status = "denied";
+    approval.resolvedAt = new Date().toISOString();
+    fs.writeFileSync(filePath, JSON.stringify(approval, null, 2));
+    success(`Denied: ${id}`);
+}
+function showHelp() {
+    console.log("");
+    console.log("🛡️ Clawguard - Agent-Agnostic AI Governance");
+    console.log("");
+    console.log("Usage: clawguard <command> [options]");
+    console.log("");
+    console.log("Commands:");
+    console.log("  start           Start the dashboard server (default)");
+    console.log("  init            Set up Clawguard for the first time");
+    console.log("  status          Check current configuration");
+    console.log("");
+    console.log("Agent Management:");
+    console.log("  agents          List registered agents");
+    console.log("  agent register <manifest.json>  Register an agent from manifest");
+    console.log("");
+    console.log("Approval Workflow:");
+    console.log("  pending         Show pending approvals");
+    console.log("  approve <id>    Approve a pending action");
+    console.log("  deny <id>       Deny a pending action");
+    console.log("");
+    console.log("Shell Interception:");
+    console.log("  install-shell   Install the shell wrapper");
+    console.log("");
+    console.log("Examples:");
+    console.log("  clawguard start");
+    console.log("  clawguard agent register ./my-agent.json");
+    console.log("  clawguard approve 1234567890-abc123");
+    console.log("");
+}
+// CLI entry point
+const command = process.argv[2] || "start";
+const subcommand = process.argv[3];
+const arg = process.argv[4];
+switch (command) {
+    case "init":
+    case "setup":
+        init().catch(console.error);
+        break;
+    case "start":
+    case "run":
+        start().catch(console.error);
+        break;
+    case "status":
+        status().catch(console.error);
+        break;
+    case "agents":
+        agents().catch(console.error);
+        break;
+    case "agent":
+        if (subcommand === "register" && arg) {
+            registerAgentFromFile(arg).catch(console.error);
+        }
+        else {
+            console.log("Usage: clawguard agent register <manifest.json>");
+        }
+        break;
+    case "pending":
+        pending().catch(console.error);
+        break;
+    case "approve":
+        if (subcommand) {
+            approve(subcommand).catch(console.error);
+        }
+        else {
+            console.log("Usage: clawguard approve <id>");
+        }
+        break;
+    case "deny":
+        if (subcommand) {
+            deny(subcommand).catch(console.error);
+        }
+        else {
+            console.log("Usage: clawguard deny <id>");
+        }
+        break;
+    case "install-shell":
+        installShellWrapper().catch(console.error);
+        break;
+    case "help":
+    case "--help":
+    case "-h":
+        showHelp();
+        break;
+    default:
+        showHelp();
+}

package/dist/hooks.d.ts

@@ -0,0 +1,25 @@
+export interface ActionPayload {
+    tool: string;
+    plan?: string;
+    args: Record<string, unknown>;
+    egress?: string[];
+    inputTokens?: number;
+    outputTokens?: number;
+    estimatedUSD?: number;
+}
+export interface BeforeActionResult {
+    allowed: boolean;
+    decision: "approved" | "blocked";
+    reason: string;
+    injectionDetected?: boolean;
+}
+type ConfirmHandler = (req: {
+    tool: string;
+    reason: string;
+    payload: Record<string, unknown>;
+}) => Promise<boolean>;
+export declare function setConfirmHandler(h: ConfirmHandler): void;
+export declare function beforeAction(payload: ActionPayload): Promise<BeforeActionResult>;
+export declare function afterAction(payload: ActionPayload, result: BeforeActionResult): Promise<void>;
+export {};
+//# sourceMappingURL=hooks.d.ts.map

package/dist/hooks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hooks.d.ts","sourceRoot":"","sources":["../hooks.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,aAAa;IAAG,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAAE;AACrL,MAAM,WAAW,kBAAkB;IAAG,OAAO,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,UAAU,GAAG,SAAS,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAAE;AAExI,KAAK,cAAc,GAAG,CAAC,GAAG,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpH,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,cAAc,QAAyB;AAe5E,wBAAsB,YAAY,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CA8BtF;AAED,wBAAsB,WAAW,CAAC,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,kBAAkB,iBAKnF"}

package/dist/hooks.js

@@ -0,0 +1,68 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setConfirmHandler = setConfirmHandler;
+exports.beforeAction = beforeAction;
+exports.afterAction = afterAction;
+const policy_1 = require("./policy");
+const injectionGuard_1 = require("./injectionGuard");
+const storage_1 = require("./storage");
+const metrics_1 = require("./metrics");
+let confirmHandler = null;
+function setConfirmHandler(h) { confirmHandler = h; }
+async function confirm(tool, reason, args) {
+    if (!confirmHandler) {
+        console.log(`[Averecion Lite] Confirmation required for ${tool}: ${reason}. Auto-denying.`);
+        return false;
+    }
+    try {
+        return await Promise.race([confirmHandler({ tool, reason, payload: args }), new Promise((_, rej) => setTimeout(() => rej(), 30000))]);
+    }
+    catch {
+        return false;
+    }
+}
+function extractEgress(payload) {
+    const hosts = [...(payload.egress || [])];
+    const match = JSON.stringify(payload.args).matchAll(/https?:\/\/([^\/\s"']+)/g);
+    for (const m of match)
+        if (!hosts.includes(m[1]))
+            hosts.push(m[1]);
+    return hosts;
+}
+async function beforeAction(payload) {
+    const { tool, plan = "", args } = payload;
+    const egress = extractEgress(payload);
+    const inj = (0, injectionGuard_1.scanPlanAndArgs)(plan, args);
+    if (inj.detected) {
+        (0, metrics_1.incrementMetric)("promptInjectionDetected");
+        (0, metrics_1.incrementMetric)("highRiskIntercepts");
+        if (!await confirm(tool, `Prompt injection: ${inj.matches.join(", ")}`, args)) {
+            (0, metrics_1.incrementMetric)("blocked");
+            (0, storage_1.appendEvent)({ ts: new Date().toISOString(), tool, decision: "blocked", reason: `promptInjection: ${inj.matches.join(", ")}`, egress, inputTokens: payload.inputTokens, outputTokens: payload.outputTokens, estimatedUSD: payload.estimatedUSD });
+            return { allowed: false, decision: "blocked", reason: "promptInjection", injectionDetected: true };
+        }
+        (0, metrics_1.incrementMetric)("manualApproved");
+    }
+    const cls = (0, policy_1.classifyAction)(tool);
+    if (cls.decision === "approved")
+        return { allowed: true, decision: "approved", reason: cls.reason };
+    if (cls.decision === "blocked") {
+        (0, metrics_1.incrementMetric)("blocked");
+        (0, storage_1.appendEvent)({ ts: new Date().toISOString(), tool, decision: "blocked", reason: cls.reason, egress, inputTokens: payload.inputTokens, outputTokens: payload.outputTokens, estimatedUSD: payload.estimatedUSD });
+        return { allowed: false, decision: "blocked", reason: cls.reason };
+    }
+    (0, metrics_1.incrementMetric)("highRiskIntercepts");
+    if (!await confirm(tool, cls.reason, args)) {
+        (0, metrics_1.incrementMetric)("blocked");
+        (0, storage_1.appendEvent)({ ts: new Date().toISOString(), tool, decision: "blocked", reason: "manualDenied", egress, inputTokens: payload.inputTokens, outputTokens: payload.outputTokens, estimatedUSD: payload.estimatedUSD });
+        return { allowed: false, decision: "blocked", reason: "manualDenied" };
+    }
+    (0, metrics_1.incrementMetric)("manualApproved");
+    return { allowed: true, decision: "approved", reason: "manualApproval" };
+}
+async function afterAction(payload, result) {
+    if (result.allowed) {
+        (0, metrics_1.incrementMetric)("approved");
+        (0, storage_1.appendEvent)({ ts: new Date().toISOString(), tool: payload.tool, decision: result.reason === "manualApproval" ? "manual" : "approved", reason: result.reason, egress: extractEgress(payload), inputTokens: payload.inputTokens, outputTokens: payload.outputTokens, estimatedUSD: payload.estimatedUSD });
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,34 @@
+import { ActionPayload, BeforeActionResult } from "./hooks";
+export { beforeAction, afterAction, setConfirmHandler } from "./hooks";
+export { loadPolicy, classifyAction } from "./policy";
+export { scanForInjection, scanPlanAndArgs } from "./injectionGuard";
+export { appendEvent, getEvents, getLastEvents } from "./storage";
+export { getMetrics, incrementMetric } from "./metrics";
+export { startServer, stopServer } from "./server";
+export type { ActionPayload, BeforeActionResult } from "./hooks";
+export type { LitePolicy } from "./policy";
+export type { LiteMetrics } from "./metrics";
+export type { ActionEvent } from "./storage";
+export interface LiteAdapterConfig {
+    port?: number;
+    host?: string;
+    enableCLIConfirm?: boolean;
+    policyPath?: string;
+}
+export declare function initLiteAdapter(config?: LiteAdapterConfig): Promise<void>;
+export declare function createOpenClawHook(hookSecret?: string): Promise<{
+    name: string;
+    beforeToolCall(tool: string, args: Record<string, unknown>, ctx?: {
+        plan?: string;
+        secret?: string;
+    }): Promise<{
+        proceed: boolean;
+        payload: ActionPayload;
+        result: BeforeActionResult;
+    }>;
+    afterToolCall(data: {
+        payload: ActionPayload;
+        result: BeforeActionResult;
+    }): Promise<void>;
+}>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAAA,OAAO,EAA6B,aAAa,EAAE,kBAAkB,EAAqB,MAAM,SAAS,CAAC;AAI1G,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AACvE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AACtD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AACnD,YAAY,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AACjE,YAAY,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAC3C,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAC7C,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAE7C,MAAM,WAAW,iBAAiB;IAAG,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAC;CAAE;AAGrH,wBAAsB,eAAe,CAAC,MAAM,GAAE,iBAAsB,iBAgBnE;AAED,wBAAsB,kBAAkB,CAAC,UAAU,CAAC,EAAE,MAAM;;yBAI7B,MAAM,QAAQ,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;;;;;wBAOhF;QAAE,OAAO,EAAE,aAAa,CAAC;QAAC,MAAM,EAAE,kBAAkB,CAAA;KAAE;GAEnF"}

package/dist/index.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.stopServer = exports.startServer = exports.incrementMetric = exports.getMetrics = exports.getLastEvents = exports.getEvents = exports.appendEvent = exports.scanPlanAndArgs = exports.scanForInjection = exports.classifyAction = exports.loadPolicy = exports.setConfirmHandler = exports.afterAction = exports.beforeAction = void 0;
+exports.initLiteAdapter = initLiteAdapter;
+exports.createOpenClawHook = createOpenClawHook;
+const hooks_1 = require("./hooks");
+const policy_1 = require("./policy");
+const server_1 = require("./server");
+var hooks_2 = require("./hooks");
+Object.defineProperty(exports, "beforeAction", { enumerable: true, get: function () { return hooks_2.beforeAction; } });
+Object.defineProperty(exports, "afterAction", { enumerable: true, get: function () { return hooks_2.afterAction; } });
+Object.defineProperty(exports, "setConfirmHandler", { enumerable: true, get: function () { return hooks_2.setConfirmHandler; } });
+var policy_2 = require("./policy");
+Object.defineProperty(exports, "loadPolicy", { enumerable: true, get: function () { return policy_2.loadPolicy; } });
+Object.defineProperty(exports, "classifyAction", { enumerable: true, get: function () { return policy_2.classifyAction; } });
+var injectionGuard_1 = require("./injectionGuard");
+Object.defineProperty(exports, "scanForInjection", { enumerable: true, get: function () { return injectionGuard_1.scanForInjection; } });
+Object.defineProperty(exports, "scanPlanAndArgs", { enumerable: true, get: function () { return injectionGuard_1.scanPlanAndArgs; } });
+var storage_1 = require("./storage");
+Object.defineProperty(exports, "appendEvent", { enumerable: true, get: function () { return storage_1.appendEvent; } });
+Object.defineProperty(exports, "getEvents", { enumerable: true, get: function () { return storage_1.getEvents; } });
+Object.defineProperty(exports, "getLastEvents", { enumerable: true, get: function () { return storage_1.getLastEvents; } });
+var metrics_1 = require("./metrics");
+Object.defineProperty(exports, "getMetrics", { enumerable: true, get: function () { return metrics_1.getMetrics; } });
+Object.defineProperty(exports, "incrementMetric", { enumerable: true, get: function () { return metrics_1.incrementMetric; } });
+var server_2 = require("./server");
+Object.defineProperty(exports, "startServer", { enumerable: true, get: function () { return server_2.startServer; } });
+Object.defineProperty(exports, "stopServer", { enumerable: true, get: function () { return server_2.stopServer; } });
+let initialized = false;
+async function initLiteAdapter(config = {}) {
+    if (initialized)
+        return;
+    if (!process.env.LITE_ADAPTER_SECRET)
+        console.error("[Averecion Lite] WARNING: LITE_ADAPTER_SECRET not set");
+    (0, policy_1.loadPolicy)(config.policyPath);
+    if (config.enableCLIConfirm) {
+        const readline = require("readline");
+        (0, hooks_1.setConfirmHandler)(async (req) => {
+            const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+            return new Promise(resolve => {
+                console.log(`\n[Confirm] ${req.tool}: ${req.reason}`);
+                rl.question("Approve? (y/n): ", (a) => { rl.close(); resolve(a.toLowerCase() === "y"); });
+            });
+        });
+    }
+    await (0, server_1.startServer)(config.port || 4321, config.host || "127.0.0.1");
+    initialized = true;
+}
+async function createOpenClawHook(hookSecret) {
+    const expected = hookSecret || process.env.LITE_ADAPTER_SECRET;
+    return {
+        name: "averecion-lite",
+        async beforeToolCall(tool, args, ctx) {
+            if (expected && ctx?.secret !== expected)
+                throw new Error("[Averecion Lite] Invalid hook secret");
+            const payload = { tool, plan: ctx?.plan || "", args };
+            const result = await (0, hooks_1.beforeAction)(payload);
+            if (!result.allowed)
+                throw new Error(`[Averecion Lite] Blocked: ${result.reason}`);
+            return { proceed: true, payload, result };
+        },
+        async afterToolCall(data) { await (0, hooks_1.afterAction)(data.payload, data.result); }
+    };
+}

package/dist/injectionGuard.d.ts

@@ -0,0 +1,9 @@
+export declare function scanForInjection(text: string): {
+    detected: boolean;
+    matches: string[];
+};
+export declare function scanPlanAndArgs(plan: string, args: Record<string, unknown>): {
+    detected: boolean;
+    matches: string[];
+};
+//# sourceMappingURL=injectionGuard.d.ts.map

package/dist/injectionGuard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"injectionGuard.d.ts","sourceRoot":"","sources":["../injectionGuard.ts"],"names":[],"mappings":"AAMA,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,EAAE,CAAA;CAAE,CAGvF;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;cALf,OAAO;aAAW,MAAM,EAAE;EAOrF"}

package/dist/injectionGuard.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanForInjection = scanForInjection;
+exports.scanPlanAndArgs = scanPlanAndArgs;
+const PATTERNS = [
+    /ignore\s+(previous|prior|all)\s+instructions/i, /exfiltrate/i, /upload\s+(secrets?|keys?|credentials?)/i,
+    /send\s+(all\s+)?(api\s*keys?|secrets?)\s+to/i, /curl\s+http/i, /wget\s+http/i, /rm\s+-rf/i,
+    /drop\s+(table|database)/i, /reverse\s*shell/i, /nc\s+-e/i, /bash\s+-i/i
+];
+function scanForInjection(text) {
+    const matches = PATTERNS.map(p => text.match(p)?.[0]).filter(Boolean);
+    return { detected: matches.length > 0, matches };
+}
+function scanPlanAndArgs(plan, args) {
+    return scanForInjection(plan + " " + JSON.stringify(args));
+}

package/dist/log-watcher.d.ts

@@ -0,0 +1,26 @@
+import { EventEmitter } from "events";
+export declare class LogWatcher extends EventEmitter {
+    private watchedFile;
+    private watcher;
+    private filePosition;
+    private activeRuns;
+    private pollInterval;
+    constructor();
+    start(): void;
+    stop(): void;
+    private getCurrentLogFile;
+    private checkForLogFile;
+    private watchFile;
+    private scheduleRewatch;
+    private readNewLines;
+    private processLine;
+    private parseLogLine;
+    private extractToolArgs;
+    private handleToolEvent;
+    private analyzeDanger;
+    private analyzeInjection;
+}
+export declare function startLogWatcher(): LogWatcher;
+export declare function stopLogWatcher(): void;
+export declare function getLogWatcher(): LogWatcher | null;
+//# sourceMappingURL=log-watcher.d.ts.map