averecion-lite 1.3.0

package/dist/src/http-proxy.js

@@ -0,0 +1,266 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createProxyServer = createProxyServer;
+exports.getProxyEnvVars = getProxyEnvVars;
+const http = __importStar(require("http"));
+const https = __importStar(require("https"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const url = __importStar(require("url"));
+const CLAWGUARD_DIR = path.join(os.homedir(), ".clawguard");
+const CONFIG_FILE = path.join(CLAWGUARD_DIR, "config.json");
+const LOG_DIR = path.join(CLAWGUARD_DIR, "logs");
+const PENDING_DIR = path.join(CLAWGUARD_DIR, "pending");
+const DEFAULT_URL_POLICY = [
+    { pattern: "api\\.stripe\\.com", decision: "review", reason: "Payment API", riskScore: 80 },
+    { pattern: "api\\.paypal\\.com", decision: "review", reason: "Payment API", riskScore: 80 },
+    { pattern: "api\\.braintree", decision: "review", reason: "Payment API", riskScore: 80 },
+    { pattern: "plaid\\.com", decision: "review", reason: "Financial API", riskScore: 75 },
+    { pattern: "api\\.twilio\\.com", decision: "review", reason: "SMS/Communication API", riskScore: 60 },
+    { pattern: "api\\.sendgrid\\.com", decision: "review", reason: "Email API", riskScore: 50 },
+    { pattern: "smtp\\.", decision: "review", reason: "Email SMTP", riskScore: 50 },
+    { pattern: "api\\.github\\.com.*repos.*delete", decision: "review", reason: "GitHub repo deletion", riskScore: 90 },
+    { pattern: "api\\.github\\.com.*settings", decision: "review", reason: "GitHub settings change", riskScore: 70 },
+    { pattern: "console\\.aws\\.amazon\\.com", decision: "review", reason: "AWS Console", riskScore: 85 },
+    { pattern: "api\\.openai\\.com", decision: "allow", reason: "AI API", riskScore: 30 },
+    { pattern: "api\\.anthropic\\.com", decision: "allow", reason: "AI API", riskScore: 30 },
+    { pattern: "api\\.google\\.com", decision: "allow", reason: "Google API", riskScore: 25 },
+    { pattern: "localhost|127\\.0\\.0\\.1", decision: "allow", reason: "Local service", riskScore: 10 },
+];
+function ensureDir(dir) {
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+    }
+}
+function loadConfig() {
+    ensureDir(CLAWGUARD_DIR);
+    try {
+        if (fs.existsSync(CONFIG_FILE)) {
+            const config = JSON.parse(fs.readFileSync(CONFIG_FILE, "utf-8"));
+            return {
+                enabled: config.enabled ?? true,
+                protectionLevel: config.protectionLevel ?? "balanced",
+                port: config.proxyPort ?? 4322,
+                allowedDomains: config.allowedDomains,
+                blockedDomains: config.blockedDomains
+            };
+        }
+    }
+    catch { }
+    return {
+        enabled: true,
+        protectionLevel: "balanced",
+        port: 4322
+    };
+}
+function logRequest(method, targetUrl, allowed, reason, riskScore) {
+    ensureDir(LOG_DIR);
+    const logEntry = {
+        ts: new Date().toISOString(),
+        type: "http",
+        method,
+        url: targetUrl,
+        allowed,
+        reason,
+        riskScore
+    };
+    const logFile = path.join(LOG_DIR, `${new Date().toISOString().split("T")[0]}.jsonl`);
+    fs.appendFileSync(logFile, JSON.stringify(logEntry) + "\n");
+}
+function assessUrl(targetUrl) {
+    const config = loadConfig();
+    if (config.blockedDomains) {
+        for (const domain of config.blockedDomains) {
+            if (targetUrl.includes(domain)) {
+                return { decision: "block", reason: `Domain in blocklist: ${domain}`, riskScore: 100 };
+            }
+        }
+    }
+    if (config.allowedDomains && config.allowedDomains.length > 0) {
+        const isAllowed = config.allowedDomains.some(domain => targetUrl.includes(domain));
+        if (!isAllowed) {
+            return { decision: "block", reason: "Domain not in allowlist", riskScore: 80 };
+        }
+    }
+    for (const rule of DEFAULT_URL_POLICY) {
+        try {
+            const regex = new RegExp(rule.pattern, "i");
+            if (regex.test(targetUrl)) {
+                return {
+                    decision: rule.decision,
+                    reason: rule.reason,
+                    riskScore: rule.riskScore
+                };
+            }
+        }
+        catch { }
+    }
+    return { decision: "allow", reason: "No policy match", riskScore: 20 };
+}
+function generateApprovalId() {
+    return `${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+}
+function createPendingApproval(method, targetUrl, reason, riskScore) {
+    ensureDir(PENDING_DIR);
+    const id = generateApprovalId();
+    const approval = {
+        id,
+        type: "http",
+        method,
+        url: targetUrl,
+        reason,
+        riskScore,
+        createdAt: new Date().toISOString(),
+        status: "pending"
+    };
+    fs.writeFileSync(path.join(PENDING_DIR, `${id}.json`), JSON.stringify(approval, null, 2));
+    return id;
+}
+function checkApprovalStatus(id) {
+    const filePath = path.join(PENDING_DIR, `${id}.json`);
+    try {
+        if (fs.existsSync(filePath)) {
+            const approval = JSON.parse(fs.readFileSync(filePath, "utf-8"));
+            return approval.status;
+        }
+    }
+    catch { }
+    return "pending";
+}
+async function waitForApproval(id, timeoutMs = 30000) {
+    const startTime = Date.now();
+    const pollInterval = 500;
+    while (Date.now() - startTime < timeoutMs) {
+        const status = checkApprovalStatus(id);
+        if (status === "approved")
+            return true;
+        if (status === "denied")
+            return false;
+        await new Promise(resolve => setTimeout(resolve, pollInterval));
+    }
+    return false;
+}
+function proxyRequest(clientReq, clientRes, targetUrl) {
+    const parsedUrl = new url.URL(targetUrl);
+    const isHttps = parsedUrl.protocol === "https:";
+    const options = {
+        hostname: parsedUrl.hostname,
+        port: parsedUrl.port || (isHttps ? 443 : 80),
+        path: parsedUrl.pathname + parsedUrl.search,
+        method: clientReq.method,
+        headers: {
+            ...clientReq.headers,
+            host: parsedUrl.host
+        }
+    };
+    const proxyReq = (isHttps ? https : http).request(options, (proxyRes) => {
+        clientRes.writeHead(proxyRes.statusCode || 500, proxyRes.headers);
+        proxyRes.pipe(clientRes);
+    });
+    proxyReq.on("error", (err) => {
+        console.error(`Proxy error: ${err.message}`);
+        clientRes.writeHead(502);
+        clientRes.end(`Proxy Error: ${err.message}`);
+    });
+    clientReq.pipe(proxyReq);
+}
+function createProxyServer(port) {
+    const config = loadConfig();
+    const proxyPort = port ?? config.port;
+    const server = http.createServer(async (req, res) => {
+        const targetUrl = req.url || "";
+        const method = req.method || "GET";
+        if (!config.enabled) {
+            proxyRequest(req, res, targetUrl);
+            return;
+        }
+        const assessment = assessUrl(targetUrl);
+        if (assessment.decision === "allow") {
+            logRequest(method, targetUrl, true, assessment.reason, assessment.riskScore);
+            proxyRequest(req, res, targetUrl);
+            return;
+        }
+        if (assessment.decision === "block") {
+            logRequest(method, targetUrl, false, assessment.reason, assessment.riskScore);
+            res.writeHead(403, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({
+                error: "Blocked by Clawguard",
+                reason: assessment.reason,
+                riskScore: assessment.riskScore
+            }));
+            return;
+        }
+        if (assessment.decision === "review") {
+            if (config.protectionLevel === "relaxed") {
+                logRequest(method, targetUrl, true, "Relaxed mode - auto-approved", assessment.riskScore);
+                proxyRequest(req, res, targetUrl);
+                return;
+            }
+            const approvalId = createPendingApproval(method, targetUrl, assessment.reason, assessment.riskScore);
+            console.log(`🛡️ HTTP request requires approval: ${method} ${targetUrl.substring(0, 60)}...`);
+            console.log(`   Approve at: http://localhost:4321/clawguard`);
+            const approved = await waitForApproval(approvalId);
+            logRequest(method, targetUrl, approved, approved ? "Manual approval" : "Denied/timeout", assessment.riskScore);
+            if (approved) {
+                proxyRequest(req, res, targetUrl);
+            }
+            else {
+                res.writeHead(403, { "Content-Type": "application/json" });
+                res.end(JSON.stringify({
+                    error: "Request denied or timed out",
+                    reason: assessment.reason
+                }));
+            }
+        }
+    });
+    server.listen(proxyPort, () => {
+        console.log(`🛡️ Clawguard HTTP proxy listening on port ${proxyPort}`);
+        console.log(`   Set HTTP_PROXY=http://localhost:${proxyPort} to enable`);
+    });
+    return server;
+}
+function getProxyEnvVars(port) {
+    const config = loadConfig();
+    const proxyPort = port ?? config.port;
+    const proxyUrl = `http://localhost:${proxyPort}`;
+    return {
+        HTTP_PROXY: proxyUrl,
+        HTTPS_PROXY: proxyUrl,
+        http_proxy: proxyUrl,
+        https_proxy: proxyUrl
+    };
+}

package/dist/src/risk-engine.d.ts

@@ -0,0 +1,43 @@
+export interface AgentCapability {
+    name: string;
+    type: "shell" | "http" | "filesystem" | "process" | "network" | "code" | "custom";
+    description?: string;
+    permissions?: string[];
+    riskWeight: number;
+}
+export interface AgentManifest {
+    id: string;
+    name: string;
+    version?: string;
+    framework?: string;
+    capabilities: AgentCapability[];
+    registeredAt: string;
+    lastSeen?: string;
+}
+export interface RiskAssessment {
+    overallScore: number;
+    riskLevel: "low" | "medium" | "high" | "critical";
+    breakdown: {
+        capability: string;
+        score: number;
+        reason: string;
+    }[];
+    recommendations: string[];
+}
+export declare function registerAgent(manifest: Omit<AgentManifest, "registeredAt">): AgentManifest;
+export declare function getAgent(id: string): AgentManifest | null;
+export declare function listAgents(): AgentManifest[];
+export declare function updateAgentLastSeen(id: string): void;
+export declare function assessAgentRisk(manifest: AgentManifest): RiskAssessment;
+export declare function assessActionRisk(action: {
+    type: string;
+    tool?: string;
+    command?: string;
+    url?: string;
+    path?: string;
+}, agentId?: string): {
+    score: number;
+    level: "low" | "medium" | "high" | "critical";
+    reason: string;
+};
+//# sourceMappingURL=risk-engine.d.ts.map

package/dist/src/risk-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk-engine.d.ts","sourceRoot":"","sources":["../../src/risk-engine.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,OAAO,GAAG,MAAM,GAAG,YAAY,GAAG,SAAS,GAAG,SAAS,GAAG,MAAM,GAAG,QAAQ,CAAC;IAClF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,eAAe,EAAE,CAAC;IAChC,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAClD,SAAS,EAAE;QACT,UAAU,EAAE,MAAM,CAAC;QACnB,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;KAChB,EAAE,CAAC;IACJ,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAmCD,wBAAgB,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,EAAE,cAAc,CAAC,GAAG,aAAa,CAa1F;AAED,wBAAgB,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAQzD;AAED,wBAAgB,UAAU,IAAI,aAAa,EAAE,CAe5C;AAED,wBAAgB,mBAAmB,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,CAOpD;AAED,wBAAgB,eAAe,CAAC,QAAQ,EAAE,aAAa,GAAG,cAAc,CA6DvE;AAED,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,EACtF,OAAO,CAAC,EAAE,MAAM,GACf;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAuFlF"}

package/dist/src/risk-engine.js

@@ -0,0 +1,258 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerAgent = registerAgent;
+exports.getAgent = getAgent;
+exports.listAgents = listAgents;
+exports.updateAgentLastSeen = updateAgentLastSeen;
+exports.assessAgentRisk = assessAgentRisk;
+exports.assessActionRisk = assessActionRisk;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const CLAWGUARD_DIR = path.join(os.homedir(), ".clawguard");
+const AGENTS_DIR = path.join(CLAWGUARD_DIR, "agents");
+const CAPABILITY_RISK_WEIGHTS = {
+    "shell.execute": 80,
+    "shell.sudo": 100,
+    "filesystem.read": 20,
+    "filesystem.write": 50,
+    "filesystem.delete": 70,
+    "filesystem.chmod": 60,
+    "network.http": 30,
+    "network.https": 25,
+    "network.tcp": 50,
+    "network.udp": 50,
+    "process.spawn": 60,
+    "process.kill": 70,
+    "database.read": 30,
+    "database.write": 50,
+    "database.admin": 80,
+    "secrets.read": 90,
+    "secrets.write": 95,
+    "email.send": 40,
+    "sms.send": 50,
+    "payment.charge": 90,
+    "code.execute": 85,
+    "browser.navigate": 40,
+    "browser.screenshot": 30,
+    "mcp.callTool": 50,
+};
+function ensureDir(dir) {
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true });
+    }
+}
+function registerAgent(manifest) {
+    ensureDir(AGENTS_DIR);
+    const fullManifest = {
+        ...manifest,
+        registeredAt: new Date().toISOString(),
+        lastSeen: new Date().toISOString()
+    };
+    const filePath = path.join(AGENTS_DIR, `${manifest.id}.json`);
+    fs.writeFileSync(filePath, JSON.stringify(fullManifest, null, 2));
+    return fullManifest;
+}
+function getAgent(id) {
+    const filePath = path.join(AGENTS_DIR, `${id}.json`);
+    try {
+        if (fs.existsSync(filePath)) {
+            return JSON.parse(fs.readFileSync(filePath, "utf-8"));
+        }
+    }
+    catch { }
+    return null;
+}
+function listAgents() {
+    ensureDir(AGENTS_DIR);
+    const agents = [];
+    try {
+        const files = fs.readdirSync(AGENTS_DIR).filter(f => f.endsWith(".json"));
+        for (const file of files) {
+            try {
+                const content = fs.readFileSync(path.join(AGENTS_DIR, file), "utf-8");
+                agents.push(JSON.parse(content));
+            }
+            catch { }
+        }
+    }
+    catch { }
+    return agents;
+}
+function updateAgentLastSeen(id) {
+    const agent = getAgent(id);
+    if (agent) {
+        agent.lastSeen = new Date().toISOString();
+        const filePath = path.join(AGENTS_DIR, `${id}.json`);
+        fs.writeFileSync(filePath, JSON.stringify(agent, null, 2));
+    }
+}
+function assessAgentRisk(manifest) {
+    const breakdown = [];
+    let totalScore = 0;
+    let maxPossibleScore = 0;
+    for (const capability of manifest.capabilities) {
+        const capabilityKey = `${capability.type}.${capability.name}`;
+        const weight = CAPABILITY_RISK_WEIGHTS[capabilityKey] ??
+            CAPABILITY_RISK_WEIGHTS[capability.type] ??
+            capability.riskWeight ?? 50;
+        breakdown.push({
+            capability: capability.name,
+            score: weight,
+            reason: capability.description ?? `${capability.type} capability`
+        });
+        totalScore += weight;
+        maxPossibleScore += 100;
+    }
+    const normalizedScore = maxPossibleScore > 0
+        ? Math.round((totalScore / maxPossibleScore) * 100)
+        : 0;
+    let riskLevel;
+    if (normalizedScore >= 80) {
+        riskLevel = "critical";
+    }
+    else if (normalizedScore >= 60) {
+        riskLevel = "high";
+    }
+    else if (normalizedScore >= 40) {
+        riskLevel = "medium";
+    }
+    else {
+        riskLevel = "low";
+    }
+    const recommendations = [];
+    const hasShellExecute = manifest.capabilities.some(c => c.type === "shell");
+    const hasSecrets = manifest.capabilities.some(c => c.name.includes("secret") || c.name.includes("credential"));
+    const hasPayment = manifest.capabilities.some(c => c.name.includes("payment") || c.name.includes("charge"));
+    if (hasShellExecute) {
+        recommendations.push("Consider restricting shell access to specific commands only");
+    }
+    if (hasSecrets) {
+        recommendations.push("Enable strict mode for secret access operations");
+    }
+    if (hasPayment) {
+        recommendations.push("Require manual approval for all payment operations");
+    }
+    if (riskLevel === "critical") {
+        recommendations.push("This agent has critical risk level - review all capabilities carefully");
+    }
+    return {
+        overallScore: normalizedScore,
+        riskLevel,
+        breakdown: breakdown.sort((a, b) => b.score - a.score),
+        recommendations
+    };
+}
+function assessActionRisk(action, agentId) {
+    let score = 0;
+    let reason = "Unknown action";
+    if (action.type === "shell" && action.command) {
+        const dangerousPatterns = [
+            { pattern: /rm\s+(-rf|--force)/i, score: 90, reason: "Force delete command" },
+            { pattern: /sudo/i, score: 70, reason: "Privileged command" },
+            { pattern: /curl.*\|\s*sh/i, score: 95, reason: "Remote code execution" },
+            { pattern: /chmod\s+777/i, score: 60, reason: "Permissive file permissions" },
+            { pattern: /ssh|scp|rsync/i, score: 50, reason: "Remote access" },
+            { pattern: /docker|podman/i, score: 50, reason: "Container operation" },
+            { pattern: /npm|pip|gem|cargo/i, score: 40, reason: "Package management" },
+            { pattern: /git\s+push/i, score: 40, reason: "Code push" },
+        ];
+        for (const { pattern, score: s, reason: r } of dangerousPatterns) {
+            if (pattern.test(action.command)) {
+                if (s > score) {
+                    score = s;
+                    reason = r;
+                }
+            }
+        }
+        if (score === 0) {
+            score = 20;
+            reason = "Standard shell command";
+        }
+    }
+    if (action.type === "http" && action.url) {
+        const sensitivePatterns = [
+            { pattern: /api\.stripe\.com/i, score: 80, reason: "Payment API" },
+            { pattern: /api\.openai\.com/i, score: 50, reason: "AI API call" },
+            { pattern: /github\.com.*api/i, score: 40, reason: "GitHub API" },
+            { pattern: /localhost|127\.0\.0\.1/i, score: 30, reason: "Local service" },
+        ];
+        for (const { pattern, score: s, reason: r } of sensitivePatterns) {
+            if (pattern.test(action.url)) {
+                score = s;
+                reason = r;
+                break;
+            }
+        }
+        if (score === 0) {
+            score = 25;
+            reason = "HTTP request";
+        }
+    }
+    if (action.type === "filesystem" && action.path) {
+        const sensitivePatterns = [
+            { pattern: /\.(env|pem|key|crt|ssh)/i, score: 90, reason: "Sensitive file access" },
+            { pattern: /\/etc\/(passwd|shadow|sudoers)/i, score: 95, reason: "System file access" },
+            { pattern: /~\/\.(bash|zsh|ssh|gnupg)/i, score: 80, reason: "User config access" },
+            { pattern: /node_modules|vendor|packages/i, score: 20, reason: "Dependency access" },
+        ];
+        for (const { pattern, score: s, reason: r } of sensitivePatterns) {
+            if (pattern.test(action.path)) {
+                score = s;
+                reason = r;
+                break;
+            }
+        }
+        if (score === 0) {
+            score = 15;
+            reason = "File access";
+        }
+    }
+    let level;
+    if (score >= 80) {
+        level = "critical";
+    }
+    else if (score >= 60) {
+        level = "high";
+    }
+    else if (score >= 40) {
+        level = "medium";
+    }
+    else {
+        level = "low";
+    }
+    return { score, level, reason };
+}

package/dist/src/shell-wrapper.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=shell-wrapper.d.ts.map

package/dist/src/shell-wrapper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shell-wrapper.d.ts","sourceRoot":"","sources":["../../src/shell-wrapper.ts"],"names":[],"mappings":""}