bashbros 0.1.0

package/dist/chunk-ID2O2QTI.js

@@ -0,0 +1,269 @@
+#!/usr/bin/env node
+
+// src/transparency/config-parser.ts
+import { readFileSync } from "fs";
+import { parse as parseYaml } from "yaml";
+var SENSITIVE_FIELD_PATTERNS = [
+  /^api[_-]?key$/i,
+  /^apikey$/i,
+  /^secret$/i,
+  /^password$/i,
+  /^credential[s]?$/i,
+  /^token$/i,
+  /^bearer$/i,
+  /^auth$/i,
+  /^private[_-]?key$/i,
+  /_key$/i,
+  /_token$/i,
+  /_secret$/i,
+  /_password$/i,
+  /^access[_-]?token$/i,
+  /^refresh[_-]?token$/i,
+  /^client[_-]?secret$/i,
+  /^encryption[_-]?key$/i
+];
+var SENSITIVE_VALUE_PATTERNS = [
+  /^sk-[a-zA-Z0-9]{20,}$/,
+  // OpenAI API key
+  /^ghp_[a-zA-Z0-9]{36}$/,
+  // GitHub personal access token
+  /^gho_[a-zA-Z0-9]{36}$/,
+  // GitHub OAuth token
+  /^glpat-[a-zA-Z0-9\-]{20,}$/,
+  // GitLab personal access token
+  /^xoxb-[a-zA-Z0-9\-]+$/,
+  // Slack bot token
+  /^xoxp-[a-zA-Z0-9\-]+$/,
+  // Slack user token
+  /^AKIA[A-Z0-9]{16}$/,
+  // AWS access key
+  /^-----BEGIN.*PRIVATE KEY-----/,
+  // PEM private key
+  /^Bearer\s+[a-zA-Z0-9\-._~+\/]+=*$/i
+  // Bearer token
+];
+var REDACTED_MARKER = "[REDACTED]";
+function isSensitiveFieldName(name) {
+  return SENSITIVE_FIELD_PATTERNS.some((pattern) => pattern.test(name));
+}
+function isSensitiveValue(value) {
+  if (typeof value !== "string") return false;
+  return SENSITIVE_VALUE_PATTERNS.some((pattern) => pattern.test(value));
+}
+function redactSensitiveData(obj, path = "") {
+  if (obj === null || obj === void 0) {
+    return obj;
+  }
+  if (Array.isArray(obj)) {
+    return obj.map((item, index) => redactSensitiveData(item, `${path}[${index}]`));
+  }
+  if (typeof obj === "object") {
+    const result = {};
+    for (const [key, value] of Object.entries(obj)) {
+      if (isSensitiveFieldName(key)) {
+        result[key] = REDACTED_MARKER;
+      } else if (typeof value === "string" && isSensitiveValue(value)) {
+        result[key] = REDACTED_MARKER;
+      } else {
+        result[key] = redactSensitiveData(value, `${path}.${key}`);
+      }
+    }
+    return result;
+  }
+  if (typeof obj === "string" && isSensitiveValue(obj)) {
+    return REDACTED_MARKER;
+  }
+  return obj;
+}
+function parseClaudeCodeConfig(content) {
+  try {
+    const config = JSON.parse(content);
+    const result = {
+      rawRedacted: redactSensitiveData(config)
+    };
+    if (config.hooks) {
+      result.hooks = Object.keys(config.hooks);
+    }
+    if (config.security || config.permissions) {
+      result.permissions = {
+        customPolicies: redactSensitiveData(config.security || config.permissions)
+      };
+    }
+    return result;
+  } catch {
+    return {};
+  }
+}
+function parseClawdbotConfig(content) {
+  try {
+    const config = parseYaml(content, { strict: true });
+    const result = {
+      rawRedacted: redactSensitiveData(config)
+    };
+    if (config.security) {
+      result.permissions = {
+        allowedPaths: config.security.allowedPaths,
+        blockedCommands: config.security.blockedCommands,
+        securityProfile: config.security.profile,
+        customPolicies: redactSensitiveData(config.security)
+      };
+      if (config.security.riskThreshold) {
+        result.permissions.rateLimit = config.security.riskThreshold;
+      }
+    }
+    if (config.hooks) {
+      result.hooks = Object.keys(config.hooks);
+    }
+    return result;
+  } catch {
+    return {};
+  }
+}
+function parseMoltbotJsonConfig(content) {
+  try {
+    const config = JSON.parse(content);
+    const result = {
+      rawRedacted: redactSensitiveData(config)
+    };
+    const gateway = config.gateway || {};
+    const sandbox = config.agents?.defaults?.sandbox || {};
+    result.permissions = {
+      securityProfile: sandbox.mode,
+      customPolicies: {
+        gateway: redactSensitiveData(gateway),
+        sandbox: redactSensitiveData(sandbox)
+      }
+    };
+    if (config.security) {
+      result.permissions.allowedPaths = config.security.allowedPaths;
+      result.permissions.blockedCommands = config.security.blockedCommands;
+    }
+    if (config.hooks) {
+      result.hooks = Object.keys(config.hooks);
+    }
+    return result;
+  } catch {
+    return {};
+  }
+}
+function parseAiderConfig(content) {
+  try {
+    const config = parseYaml(content, { strict: true });
+    const result = {
+      rawRedacted: redactSensitiveData(config)
+    };
+    if (config.auto_commits === false || config.dirty_commits === false) {
+      result.permissions = {
+        customPolicies: {
+          autoCommits: config.auto_commits,
+          dirtyCommits: config.dirty_commits
+        }
+      };
+    }
+    return result;
+  } catch {
+    return {};
+  }
+}
+function parseGeminiCliConfig(content) {
+  try {
+    const config = JSON.parse(content);
+    const result = {
+      rawRedacted: redactSensitiveData(config)
+    };
+    if (config.safety || config.permissions) {
+      result.permissions = {
+        customPolicies: redactSensitiveData(config.safety || config.permissions)
+      };
+    }
+    return result;
+  } catch {
+    return {};
+  }
+}
+function parseOpencodeConfig(content) {
+  try {
+    const config = parseYaml(content, { strict: true });
+    const result = {
+      rawRedacted: redactSensitiveData(config)
+    };
+    if (config.security) {
+      result.permissions = {
+        allowedPaths: config.security.allowedPaths,
+        blockedCommands: config.security.blockedCommands,
+        customPolicies: redactSensitiveData(config.security)
+      };
+    }
+    return result;
+  } catch {
+    return {};
+  }
+}
+async function parseAgentConfig(agent, configPath) {
+  try {
+    const content = readFileSync(configPath, "utf-8");
+    switch (agent) {
+      case "claude-code":
+        return parseClaudeCodeConfig(content);
+      case "clawdbot":
+        if (content.trim().startsWith("{")) {
+          return parseMoltbotJsonConfig(content);
+        }
+        return parseClawdbotConfig(content);
+      case "moltbot":
+        return parseMoltbotJsonConfig(content);
+      case "aider":
+        return parseAiderConfig(content);
+      case "gemini-cli":
+        return parseGeminiCliConfig(content);
+      case "opencode":
+        return parseOpencodeConfig(content);
+      default:
+        try {
+          const config = content.trim().startsWith("{") ? JSON.parse(content) : parseYaml(content, { strict: true });
+          return {
+            rawRedacted: redactSensitiveData(config)
+          };
+        } catch {
+          return null;
+        }
+    }
+  } catch {
+    return null;
+  }
+}
+function formatRedactedConfig(config, indent = 0) {
+  const lines = [];
+  const prefix = "  ".repeat(indent);
+  for (const [key, value] of Object.entries(config)) {
+    if (value === null || value === void 0) {
+      continue;
+    }
+    if (typeof value === "object" && !Array.isArray(value)) {
+      lines.push(`${prefix}${key}:`);
+      lines.push(formatRedactedConfig(value, indent + 1));
+    } else if (Array.isArray(value)) {
+      if (value.length === 0) {
+        lines.push(`${prefix}${key}: []`);
+      } else if (typeof value[0] === "object") {
+        lines.push(`${prefix}${key}:`);
+        for (const item of value) {
+          lines.push(`${prefix}  -`);
+          lines.push(formatRedactedConfig(item, indent + 2));
+        }
+      } else {
+        lines.push(`${prefix}${key}: [${value.join(", ")}]`);
+      }
+    } else {
+      lines.push(`${prefix}${key}: ${value}`);
+    }
+  }
+  return lines.join("\n");
+}
+
+export {
+  redactSensitiveData,
+  parseAgentConfig,
+  formatRedactedConfig
+};
+//# sourceMappingURL=chunk-ID2O2QTI.js.map

package/dist/chunk-ID2O2QTI.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/transparency/config-parser.ts"],"sourcesContent":["/**\r\n * Agent Config Parser with Sensitive Data Redaction\r\n * Parses YAML/JSON configs and redacts sensitive fields\r\n */\r\n\r\nimport { readFileSync } from 'fs'\r\nimport { parse as parseYaml } from 'yaml'\r\nimport type { AgentType, AgentPermissions } from '../types.js'\r\n\r\n// Patterns for sensitive field names that should be redacted\r\nconst SENSITIVE_FIELD_PATTERNS = [\r\n  /^api[_-]?key$/i,\r\n  /^apikey$/i,\r\n  /^secret$/i,\r\n  /^password$/i,\r\n  /^credential[s]?$/i,\r\n  /^token$/i,\r\n  /^bearer$/i,\r\n  /^auth$/i,\r\n  /^private[_-]?key$/i,\r\n  /_key$/i,\r\n  /_token$/i,\r\n  /_secret$/i,\r\n  /_password$/i,\r\n  /^access[_-]?token$/i,\r\n  /^refresh[_-]?token$/i,\r\n  /^client[_-]?secret$/i,\r\n  /^encryption[_-]?key$/i\r\n]\r\n\r\n// Value patterns that look like secrets (even if field name doesn't match)\r\nconst SENSITIVE_VALUE_PATTERNS = [\r\n  /^sk-[a-zA-Z0-9]{20,}$/,           // OpenAI API key\r\n  /^ghp_[a-zA-Z0-9]{36}$/,           // GitHub personal access token\r\n  /^gho_[a-zA-Z0-9]{36}$/,           // GitHub OAuth token\r\n  /^glpat-[a-zA-Z0-9\\-]{20,}$/,      // GitLab personal access token\r\n  /^xoxb-[a-zA-Z0-9\\-]+$/,           // Slack bot token\r\n  /^xoxp-[a-zA-Z0-9\\-]+$/,           // Slack user token\r\n  /^AKIA[A-Z0-9]{16}$/,              // AWS access key\r\n  /^-----BEGIN.*PRIVATE KEY-----/,   // PEM private key\r\n  /^Bearer\\s+[a-zA-Z0-9\\-._~+\\/]+=*$/i  // Bearer token\r\n]\r\n\r\nconst REDACTED_MARKER = '[REDACTED]'\r\n\r\ninterface ParsedAgentConfig {\r\n  permissions?: AgentPermissions\r\n  hooks?: string[]\r\n  rawRedacted?: Record<string, unknown>\r\n}\r\n\r\n/**\r\n * Check if a field name looks sensitive\r\n */\r\nfunction isSensitiveFieldName(name: string): boolean {\r\n  return SENSITIVE_FIELD_PATTERNS.some(pattern => pattern.test(name))\r\n}\r\n\r\n/**\r\n * Check if a value looks like a secret\r\n */\r\nfunction isSensitiveValue(value: unknown): boolean {\r\n  if (typeof value !== 'string') return false\r\n  return SENSITIVE_VALUE_PATTERNS.some(pattern => pattern.test(value))\r\n}\r\n\r\n/**\r\n * Recursively redact sensitive fields from an object\r\n */\r\nexport function redactSensitiveData(obj: unknown, path = ''): unknown {\r\n  if (obj === null || obj === undefined) {\r\n    return obj\r\n  }\r\n\r\n  if (Array.isArray(obj)) {\r\n    return obj.map((item, index) => redactSensitiveData(item, `${path}[${index}]`))\r\n  }\r\n\r\n  if (typeof obj === 'object') {\r\n    const result: Record<string, unknown> = {}\r\n\r\n    for (const [key, value] of Object.entries(obj as Record<string, unknown>)) {\r\n      if (isSensitiveFieldName(key)) {\r\n        result[key] = REDACTED_MARKER\r\n      } else if (typeof value === 'string' && isSensitiveValue(value)) {\r\n        result[key] = REDACTED_MARKER\r\n      } else {\r\n        result[key] = redactSensitiveData(value, `${path}.${key}`)\r\n      }\r\n    }\r\n\r\n    return result\r\n  }\r\n\r\n  // For primitive values, check if they look like secrets\r\n  if (typeof obj === 'string' && isSensitiveValue(obj)) {\r\n    return REDACTED_MARKER\r\n  }\r\n\r\n  return obj\r\n}\r\n\r\n/**\r\n * Parse Claude Code settings.json\r\n */\r\nfunction parseClaudeCodeConfig(content: string): ParsedAgentConfig {\r\n  try {\r\n    const config = JSON.parse(content)\r\n    const result: ParsedAgentConfig = {\r\n      rawRedacted: redactSensitiveData(config) as Record<string, unknown>\r\n    }\r\n\r\n    // Extract hooks\r\n    if (config.hooks) {\r\n      result.hooks = Object.keys(config.hooks)\r\n    }\r\n\r\n    // Claude Code doesn't have traditional permissions in config\r\n    // but we can extract any security-related settings\r\n    if (config.security || config.permissions) {\r\n      result.permissions = {\r\n        customPolicies: redactSensitiveData(config.security || config.permissions) as Record<string, unknown>\r\n      }\r\n    }\r\n\r\n    return result\r\n  } catch {\r\n    return {}\r\n  }\r\n}\r\n\r\n/**\r\n * Parse Clawdbot config.yml (legacy YAML format)\r\n */\r\nfunction parseClawdbotConfig(content: string): ParsedAgentConfig {\r\n  try {\r\n    const config = parseYaml(content, { strict: true })\r\n    const result: ParsedAgentConfig = {\r\n      rawRedacted: redactSensitiveData(config) as Record<string, unknown>\r\n    }\r\n\r\n    // Extract permissions from security section\r\n    if (config.security) {\r\n      result.permissions = {\r\n        allowedPaths: config.security.allowedPaths,\r\n        blockedCommands: config.security.blockedCommands,\r\n        securityProfile: config.security.profile,\r\n        customPolicies: redactSensitiveData(config.security) as Record<string, unknown>\r\n      }\r\n\r\n      if (config.security.riskThreshold) {\r\n        result.permissions.rateLimit = config.security.riskThreshold\r\n      }\r\n    }\r\n\r\n    // Extract hooks\r\n    if (config.hooks) {\r\n      result.hooks = Object.keys(config.hooks)\r\n    }\r\n\r\n    return result\r\n  } catch {\r\n    return {}\r\n  }\r\n}\r\n\r\n/**\r\n * Parse Moltbot moltbot.json (new JSON format)\r\n */\r\nfunction parseMoltbotJsonConfig(content: string): ParsedAgentConfig {\r\n  try {\r\n    const config = JSON.parse(content)\r\n    const result: ParsedAgentConfig = {\r\n      rawRedacted: redactSensitiveData(config) as Record<string, unknown>\r\n    }\r\n\r\n    // Extract gateway settings\r\n    const gateway = config.gateway || {}\r\n\r\n    // Extract security settings from agents.defaults.sandbox\r\n    const sandbox = config.agents?.defaults?.sandbox || {}\r\n\r\n    // Build permissions object\r\n    result.permissions = {\r\n      securityProfile: sandbox.mode,\r\n      customPolicies: {\r\n        gateway: redactSensitiveData(gateway) as Record<string, unknown>,\r\n        sandbox: redactSensitiveData(sandbox) as Record<string, unknown>\r\n      }\r\n    }\r\n\r\n    // Extract allowed/blocked from security config if present\r\n    if (config.security) {\r\n      result.permissions.allowedPaths = config.security.allowedPaths\r\n      result.permissions.blockedCommands = config.security.blockedCommands\r\n    }\r\n\r\n    // Extract hooks\r\n    if (config.hooks) {\r\n      result.hooks = Object.keys(config.hooks)\r\n    }\r\n\r\n    return result\r\n  } catch {\r\n    return {}\r\n  }\r\n}\r\n\r\n/**\r\n * Parse Aider config\r\n */\r\nfunction parseAiderConfig(content: string): ParsedAgentConfig {\r\n  try {\r\n    const config = parseYaml(content, { strict: true })\r\n    const result: ParsedAgentConfig = {\r\n      rawRedacted: redactSensitiveData(config) as Record<string, unknown>\r\n    }\r\n\r\n    // Aider has different config structure\r\n    // Extract relevant security settings if present\r\n    if (config.auto_commits === false || config.dirty_commits === false) {\r\n      result.permissions = {\r\n        customPolicies: {\r\n          autoCommits: config.auto_commits,\r\n          dirtyCommits: config.dirty_commits\r\n        }\r\n      }\r\n    }\r\n\r\n    return result\r\n  } catch {\r\n    return {}\r\n  }\r\n}\r\n\r\n/**\r\n * Parse Gemini CLI config\r\n */\r\nfunction parseGeminiCliConfig(content: string): ParsedAgentConfig {\r\n  try {\r\n    const config = JSON.parse(content)\r\n    const result: ParsedAgentConfig = {\r\n      rawRedacted: redactSensitiveData(config) as Record<string, unknown>\r\n    }\r\n\r\n    // Extract any security/permission settings\r\n    if (config.safety || config.permissions) {\r\n      result.permissions = {\r\n        customPolicies: redactSensitiveData(config.safety || config.permissions) as Record<string, unknown>\r\n      }\r\n    }\r\n\r\n    return result\r\n  } catch {\r\n    return {}\r\n  }\r\n}\r\n\r\n/**\r\n * Parse OpenCode config\r\n */\r\nfunction parseOpencodeConfig(content: string): ParsedAgentConfig {\r\n  try {\r\n    const config = parseYaml(content, { strict: true })\r\n    const result: ParsedAgentConfig = {\r\n      rawRedacted: redactSensitiveData(config) as Record<string, unknown>\r\n    }\r\n\r\n    // Extract security settings\r\n    if (config.security) {\r\n      result.permissions = {\r\n        allowedPaths: config.security.allowedPaths,\r\n        blockedCommands: config.security.blockedCommands,\r\n        customPolicies: redactSensitiveData(config.security) as Record<string, unknown>\r\n      }\r\n    }\r\n\r\n    return result\r\n  } catch {\r\n    return {}\r\n  }\r\n}\r\n\r\n/**\r\n * Parse agent configuration file\r\n */\r\nexport async function parseAgentConfig(\r\n  agent: AgentType,\r\n  configPath: string\r\n): Promise<ParsedAgentConfig | null> {\r\n  try {\r\n    const content = readFileSync(configPath, 'utf-8')\r\n\r\n    switch (agent) {\r\n      case 'claude-code':\r\n        return parseClaudeCodeConfig(content)\r\n      case 'clawdbot':\r\n        // Check if it's JSON (moltbot.json) or YAML (config.yml)\r\n        if (content.trim().startsWith('{')) {\r\n          return parseMoltbotJsonConfig(content)\r\n        }\r\n        return parseClawdbotConfig(content)\r\n      case 'moltbot':\r\n        return parseMoltbotJsonConfig(content)\r\n      case 'aider':\r\n        return parseAiderConfig(content)\r\n      case 'gemini-cli':\r\n        return parseGeminiCliConfig(content)\r\n      case 'opencode':\r\n        return parseOpencodeConfig(content)\r\n      default:\r\n        // Generic YAML/JSON parser\r\n        try {\r\n          const config = content.trim().startsWith('{')\r\n            ? JSON.parse(content)\r\n            : parseYaml(content, { strict: true })\r\n\r\n          return {\r\n            rawRedacted: redactSensitiveData(config) as Record<string, unknown>\r\n          }\r\n        } catch {\r\n          return null\r\n        }\r\n    }\r\n  } catch {\r\n    return null\r\n  }\r\n}\r\n\r\n/**\r\n * Get a safe string representation of config for display\r\n */\r\nexport function formatRedactedConfig(\r\n  config: Record<string, unknown>,\r\n  indent = 0\r\n): string {\r\n  const lines: string[] = []\r\n  const prefix = '  '.repeat(indent)\r\n\r\n  for (const [key, value] of Object.entries(config)) {\r\n    if (value === null || value === undefined) {\r\n      continue\r\n    }\r\n\r\n    if (typeof value === 'object' && !Array.isArray(value)) {\r\n      lines.push(`${prefix}${key}:`)\r\n      lines.push(formatRedactedConfig(value as Record<string, unknown>, indent + 1))\r\n    } else if (Array.isArray(value)) {\r\n      if (value.length === 0) {\r\n        lines.push(`${prefix}${key}: []`)\r\n      } else if (typeof value[0] === 'object') {\r\n        lines.push(`${prefix}${key}:`)\r\n        for (const item of value) {\r\n          lines.push(`${prefix}  -`)\r\n          lines.push(formatRedactedConfig(item as Record<string, unknown>, indent + 2))\r\n        }\r\n      } else {\r\n        lines.push(`${prefix}${key}: [${value.join(', ')}]`)\r\n      }\r\n    } else {\r\n      lines.push(`${prefix}${key}: ${value}`)\r\n    }\r\n  }\r\n\r\n  return lines.join('\\n')\r\n}\r\n"],"mappings":";;;AAKA,SAAS,oBAAoB;AAC7B,SAAS,SAAS,iBAAiB;AAInC,IAAM,2BAA2B;AAAA,EAC/B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGA,IAAM,2BAA2B;AAAA,EAC/B;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF;AAEA,IAAM,kBAAkB;AAWxB,SAAS,qBAAqB,MAAuB;AACnD,SAAO,yBAAyB,KAAK,aAAW,QAAQ,KAAK,IAAI,CAAC;AACpE;AAKA,SAAS,iBAAiB,OAAyB;AACjD,MAAI,OAAO,UAAU,SAAU,QAAO;AACtC,SAAO,yBAAyB,KAAK,aAAW,QAAQ,KAAK,KAAK,CAAC;AACrE;AAKO,SAAS,oBAAoB,KAAc,OAAO,IAAa;AACpE,MAAI,QAAQ,QAAQ,QAAQ,QAAW;AACrC,WAAO;AAAA,EACT;AAEA,MAAI,MAAM,QAAQ,GAAG,GAAG;AACtB,WAAO,IAAI,IAAI,CAAC,MAAM,UAAU,oBAAoB,MAAM,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC;AAAA,EAChF;AAEA,MAAI,OAAO,QAAQ,UAAU;AAC3B,UAAM,SAAkC,CAAC;AAEzC,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,GAA8B,GAAG;AACzE,UAAI,qBAAqB,GAAG,GAAG;AAC7B,eAAO,GAAG,IAAI;AAAA,MAChB,WAAW,OAAO,UAAU,YAAY,iBAAiB,KAAK,GAAG;AAC/D,eAAO,GAAG,IAAI;AAAA,MAChB,OAAO;AACL,eAAO,GAAG,IAAI,oBAAoB,OAAO,GAAG,IAAI,IAAI,GAAG,EAAE;AAAA,MAC3D;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAGA,MAAI,OAAO,QAAQ,YAAY,iBAAiB,GAAG,GAAG;AACpD,WAAO;AAAA,EACT;AAEA,SAAO;AACT;AAKA,SAAS,sBAAsB,SAAoC;AACjE,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,OAAO;AACjC,UAAM,SAA4B;AAAA,MAChC,aAAa,oBAAoB,MAAM;AAAA,IACzC;AAGA,QAAI,OAAO,OAAO;AAChB,aAAO,QAAQ,OAAO,KAAK,OAAO,KAAK;AAAA,IACzC;AAIA,QAAI,OAAO,YAAY,OAAO,aAAa;AACzC,aAAO,cAAc;AAAA,QACnB,gBAAgB,oBAAoB,OAAO,YAAY,OAAO,WAAW;AAAA,MAC3E;AAAA,IACF;AAEA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAKA,SAAS,oBAAoB,SAAoC;AAC/D,MAAI;AACF,UAAM,SAAS,UAAU,SAAS,EAAE,QAAQ,KAAK,CAAC;AAClD,UAAM,SAA4B;AAAA,MAChC,aAAa,oBAAoB,MAAM;AAAA,IACzC;AAGA,QAAI,OAAO,UAAU;AACnB,aAAO,cAAc;AAAA,QACnB,cAAc,OAAO,SAAS;AAAA,QAC9B,iBAAiB,OAAO,SAAS;AAAA,QACjC,iBAAiB,OAAO,SAAS;AAAA,QACjC,gBAAgB,oBAAoB,OAAO,QAAQ;AAAA,MACrD;AAEA,UAAI,OAAO,SAAS,eAAe;AACjC,eAAO,YAAY,YAAY,OAAO,SAAS;AAAA,MACjD;AAAA,IACF;AAGA,QAAI,OAAO,OAAO;AAChB,aAAO,QAAQ,OAAO,KAAK,OAAO,KAAK;AAAA,IACzC;AAEA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAKA,SAAS,uBAAuB,SAAoC;AAClE,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,OAAO;AACjC,UAAM,SAA4B;AAAA,MAChC,aAAa,oBAAoB,MAAM;AAAA,IACzC;AAGA,UAAM,UAAU,OAAO,WAAW,CAAC;AAGnC,UAAM,UAAU,OAAO,QAAQ,UAAU,WAAW,CAAC;AAGrD,WAAO,cAAc;AAAA,MACnB,iBAAiB,QAAQ;AAAA,MACzB,gBAAgB;AAAA,QACd,SAAS,oBAAoB,OAAO;AAAA,QACpC,SAAS,oBAAoB,OAAO;AAAA,MACtC;AAAA,IACF;AAGA,QAAI,OAAO,UAAU;AACnB,aAAO,YAAY,eAAe,OAAO,SAAS;AAClD,aAAO,YAAY,kBAAkB,OAAO,SAAS;AAAA,IACvD;AAGA,QAAI,OAAO,OAAO;AAChB,aAAO,QAAQ,OAAO,KAAK,OAAO,KAAK;AAAA,IACzC;AAEA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAKA,SAAS,iBAAiB,SAAoC;AAC5D,MAAI;AACF,UAAM,SAAS,UAAU,SAAS,EAAE,QAAQ,KAAK,CAAC;AAClD,UAAM,SAA4B;AAAA,MAChC,aAAa,oBAAoB,MAAM;AAAA,IACzC;AAIA,QAAI,OAAO,iBAAiB,SAAS,OAAO,kBAAkB,OAAO;AACnE,aAAO,cAAc;AAAA,QACnB,gBAAgB;AAAA,UACd,aAAa,OAAO;AAAA,UACpB,cAAc,OAAO;AAAA,QACvB;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAKA,SAAS,qBAAqB,SAAoC;AAChE,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,OAAO;AACjC,UAAM,SAA4B;AAAA,MAChC,aAAa,oBAAoB,MAAM;AAAA,IACzC;AAGA,QAAI,OAAO,UAAU,OAAO,aAAa;AACvC,aAAO,cAAc;AAAA,QACnB,gBAAgB,oBAAoB,OAAO,UAAU,OAAO,WAAW;AAAA,MACzE;AAAA,IACF;AAEA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAKA,SAAS,oBAAoB,SAAoC;AAC/D,MAAI;AACF,UAAM,SAAS,UAAU,SAAS,EAAE,QAAQ,KAAK,CAAC;AAClD,UAAM,SAA4B;AAAA,MAChC,aAAa,oBAAoB,MAAM;AAAA,IACzC;AAGA,QAAI,OAAO,UAAU;AACnB,aAAO,cAAc;AAAA,QACnB,cAAc,OAAO,SAAS;AAAA,QAC9B,iBAAiB,OAAO,SAAS;AAAA,QACjC,gBAAgB,oBAAoB,OAAO,QAAQ;AAAA,MACrD;AAAA,IACF;AAEA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO,CAAC;AAAA,EACV;AACF;AAKA,eAAsB,iBACpB,OACA,YACmC;AACnC,MAAI;AACF,UAAM,UAAU,aAAa,YAAY,OAAO;AAEhD,YAAQ,OAAO;AAAA,MACb,KAAK;AACH,eAAO,sBAAsB,OAAO;AAAA,MACtC,KAAK;AAEH,YAAI,QAAQ,KAAK,EAAE,WAAW,GAAG,GAAG;AAClC,iBAAO,uBAAuB,OAAO;AAAA,QACvC;AACA,eAAO,oBAAoB,OAAO;AAAA,MACpC,KAAK;AACH,eAAO,uBAAuB,OAAO;AAAA,MACvC,KAAK;AACH,eAAO,iBAAiB,OAAO;AAAA,MACjC,KAAK;AACH,eAAO,qBAAqB,OAAO;AAAA,MACrC,KAAK;AACH,eAAO,oBAAoB,OAAO;AAAA,MACpC;AAEE,YAAI;AACF,gBAAM,SAAS,QAAQ,KAAK,EAAE,WAAW,GAAG,IACxC,KAAK,MAAM,OAAO,IAClB,UAAU,SAAS,EAAE,QAAQ,KAAK,CAAC;AAEvC,iBAAO;AAAA,YACL,aAAa,oBAAoB,MAAM;AAAA,UACzC;AAAA,QACF,QAAQ;AACN,iBAAO;AAAA,QACT;AAAA,IACJ;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAKO,SAAS,qBACd,QACA,SAAS,GACD;AACR,QAAM,QAAkB,CAAC;AACzB,QAAM,SAAS,KAAK,OAAO,MAAM;AAEjC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,MAAM,GAAG;AACjD,QAAI,UAAU,QAAQ,UAAU,QAAW;AACzC;AAAA,IACF;AAEA,QAAI,OAAO,UAAU,YAAY,CAAC,MAAM,QAAQ,KAAK,GAAG;AACtD,YAAM,KAAK,GAAG,MAAM,GAAG,GAAG,GAAG;AAC7B,YAAM,KAAK,qBAAqB,OAAkC,SAAS,CAAC,CAAC;AAAA,IAC/E,WAAW,MAAM,QAAQ,KAAK,GAAG;AAC/B,UAAI,MAAM,WAAW,GAAG;AACtB,cAAM,KAAK,GAAG,MAAM,GAAG,GAAG,MAAM;AAAA,MAClC,WAAW,OAAO,MAAM,CAAC,MAAM,UAAU;AACvC,cAAM,KAAK,GAAG,MAAM,GAAG,GAAG,GAAG;AAC7B,mBAAW,QAAQ,OAAO;AACxB,gBAAM,KAAK,GAAG,MAAM,KAAK;AACzB,gBAAM,KAAK,qBAAqB,MAAiC,SAAS,CAAC,CAAC;AAAA,QAC9E;AAAA,MACF,OAAO;AACL,cAAM,KAAK,GAAG,MAAM,GAAG,GAAG,MAAM,MAAM,KAAK,IAAI,CAAC,GAAG;AAAA,MACrD;AAAA,IACF,OAAO;AACL,YAAM,KAAK,GAAG,MAAM,GAAG,GAAG,KAAK,KAAK,EAAE;AAAA,IACxC;AAAA,EACF;AAEA,SAAO,MAAM,KAAK,IAAI;AACxB;","names":[]}

package/dist/chunk-J37RHCFJ.js

@@ -0,0 +1,357 @@
+#!/usr/bin/env node
+
+// src/hooks/moltbot.ts
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import { execFileSync } from "child_process";
+var CONFIG_PATHS = [
+  join(homedir(), ".moltbot", "config.json"),
+  join(homedir(), ".clawdbot", "moltbot.json"),
+  join(homedir(), ".config", "moltbot", "config.json")
+];
+var MOLTBOT_DIR = join(homedir(), ".moltbot");
+var CLAWDBOT_DIR = join(homedir(), ".clawdbot");
+var BASHBROS_HOOK_MARKER = "# bashbros-managed";
+var DEFAULT_GATEWAY_PORT = 18789;
+var MoltbotHooks = class {
+  /**
+   * Check if moltbot command is installed
+   */
+  static isMoltbotInstalled() {
+    try {
+      const cmd = process.platform === "win32" ? "where" : "which";
+      execFileSync(cmd, ["moltbot"], { stdio: "pipe", timeout: 3e3 });
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Check if clawdbot command is installed (legacy)
+   */
+  static isClawdbotInstalled() {
+    try {
+      const cmd = process.platform === "win32" ? "where" : "which";
+      execFileSync(cmd, ["clawdbot"], { stdio: "pipe", timeout: 3e3 });
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Find the config file path
+   */
+  static findConfigPath() {
+    const envPath = process.env.CLAWDBOT_CONFIG_PATH;
+    if (envPath && existsSync(envPath)) {
+      return envPath;
+    }
+    for (const configPath of CONFIG_PATHS) {
+      if (existsSync(configPath)) {
+        return configPath;
+      }
+    }
+    return null;
+  }
+  /**
+   * Get the config directory (creating if needed)
+   */
+  static getConfigDir() {
+    if (this.isMoltbotInstalled() || existsSync(MOLTBOT_DIR)) {
+      return MOLTBOT_DIR;
+    }
+    return CLAWDBOT_DIR;
+  }
+  /**
+   * Load current moltbot settings
+   */
+  static loadSettings() {
+    const configPath = this.findConfigPath();
+    if (!configPath) {
+      return {};
+    }
+    try {
+      const content = readFileSync(configPath, "utf-8");
+      return JSON.parse(content);
+    } catch {
+      return {};
+    }
+  }
+  /**
+   * Save moltbot settings
+   */
+  static saveSettings(settings) {
+    const configDir = this.getConfigDir();
+    if (!existsSync(configDir)) {
+      mkdirSync(configDir, { recursive: true });
+    }
+    const configPath = join(configDir, this.isMoltbotInstalled() ? "config.json" : "moltbot.json");
+    writeFileSync(configPath, JSON.stringify(settings, null, 2), "utf-8");
+  }
+  /**
+   * Install BashBros hooks into moltbot
+   */
+  static install() {
+    if (!this.isMoltbotInstalled() && !this.isClawdbotInstalled()) {
+      return {
+        success: false,
+        message: "Neither moltbot nor clawdbot found. Install moltbot first."
+      };
+    }
+    const settings = this.loadSettings();
+    if (this.isInstalled(settings)) {
+      return {
+        success: true,
+        message: "BashBros hooks already installed."
+      };
+    }
+    if (!settings.hooks) {
+      settings.hooks = {};
+    }
+    const preBashHook = {
+      command: `bashbros gate "$COMMAND" ${BASHBROS_HOOK_MARKER}`
+    };
+    const postBashHook = {
+      command: `bashbros record "$COMMAND" ${BASHBROS_HOOK_MARKER}`
+    };
+    const sessionEndHook = {
+      command: `bashbros session-end ${BASHBROS_HOOK_MARKER}`
+    };
+    settings.hooks.preBash = [
+      ...settings.hooks.preBash || [],
+      preBashHook
+    ];
+    settings.hooks.postBash = [
+      ...settings.hooks.postBash || [],
+      postBashHook
+    ];
+    settings.hooks.sessionEnd = [
+      ...settings.hooks.sessionEnd || [],
+      sessionEndHook
+    ];
+    this.saveSettings(settings);
+    return {
+      success: true,
+      message: "BashBros hooks installed successfully."
+    };
+  }
+  /**
+   * Uninstall BashBros hooks from moltbot
+   */
+  static uninstall() {
+    const configPath = this.findConfigPath();
+    if (!configPath) {
+      return {
+        success: true,
+        message: "No moltbot config found. Nothing to uninstall."
+      };
+    }
+    const settings = this.loadSettings();
+    if (!settings.hooks) {
+      return {
+        success: true,
+        message: "No hooks to uninstall."
+      };
+    }
+    const filterHooks = (hooks) => {
+      if (!hooks) return [];
+      return hooks.filter((h) => !h.command.includes(BASHBROS_HOOK_MARKER));
+    };
+    settings.hooks.preBash = filterHooks(settings.hooks.preBash);
+    settings.hooks.postBash = filterHooks(settings.hooks.postBash);
+    settings.hooks.sessionEnd = filterHooks(settings.hooks.sessionEnd);
+    if (settings.hooks.preBash?.length === 0) delete settings.hooks.preBash;
+    if (settings.hooks.postBash?.length === 0) delete settings.hooks.postBash;
+    if (settings.hooks.sessionEnd?.length === 0) delete settings.hooks.sessionEnd;
+    if (Object.keys(settings.hooks).length === 0) delete settings.hooks;
+    this.saveSettings(settings);
+    return {
+      success: true,
+      message: "BashBros hooks uninstalled successfully."
+    };
+  }
+  /**
+   * Check if BashBros hooks are installed
+   */
+  static isInstalled(settings) {
+    const s = settings || this.loadSettings();
+    if (!s.hooks) return false;
+    const hasMarker = (hooks) => {
+      if (!hooks) return false;
+      return hooks.some((h) => h.command.includes(BASHBROS_HOOK_MARKER));
+    };
+    return hasMarker(s.hooks.preBash) || hasMarker(s.hooks.postBash) || hasMarker(s.hooks.sessionEnd);
+  }
+  /**
+   * Check if moltbot gateway is running
+   */
+  static async isGatewayRunning() {
+    const settings = this.loadSettings();
+    const port = settings.gateway?.port || DEFAULT_GATEWAY_PORT;
+    const host = settings.gateway?.host || "localhost";
+    try {
+      const controller = new AbortController();
+      const timeout = setTimeout(() => controller.abort(), 2e3);
+      const response = await fetch(`http://${host}:${port}/health`, {
+        method: "GET",
+        signal: controller.signal
+      });
+      clearTimeout(timeout);
+      return response.ok;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Get gateway status
+   */
+  static async getGatewayStatus() {
+    const settings = this.loadSettings();
+    const port = settings.gateway?.port || DEFAULT_GATEWAY_PORT;
+    const host = settings.gateway?.host || "localhost";
+    const sandboxMode = settings.agents?.defaults?.sandbox?.mode === "strict";
+    const running = await this.isGatewayRunning();
+    return {
+      running,
+      port,
+      host,
+      sandboxMode,
+      error: running ? void 0 : "Gateway not responding"
+    };
+  }
+  /**
+   * Get gateway info (for type system)
+   */
+  static async getGatewayInfo() {
+    const status = await this.getGatewayStatus();
+    if (!status.running) return null;
+    return {
+      port: status.port,
+      host: status.host,
+      sandboxMode: status.sandboxMode,
+      authToken: !!this.loadSettings().gateway?.auth
+    };
+  }
+  /**
+   * Run security audit using moltbot CLI
+   */
+  static async runSecurityAudit() {
+    const findings = [];
+    const timestamp = /* @__PURE__ */ new Date();
+    if (!this.isMoltbotInstalled() && !this.isClawdbotInstalled()) {
+      return {
+        passed: false,
+        findings: [{
+          severity: "critical",
+          category: "installation",
+          message: "Moltbot/clawdbot not installed",
+          recommendation: "Install moltbot to enable security auditing"
+        }],
+        timestamp
+      };
+    }
+    try {
+      const cmd = this.isMoltbotInstalled() ? "moltbot" : "clawdbot";
+      const output = execFileSync(cmd, ["security", "audit", "--deep", "--json"], {
+        encoding: "utf-8",
+        timeout: 3e4,
+        stdio: ["pipe", "pipe", "pipe"]
+      });
+      const auditResult = JSON.parse(output);
+      if (auditResult.findings && Array.isArray(auditResult.findings)) {
+        for (const finding of auditResult.findings) {
+          findings.push({
+            severity: finding.severity || "info",
+            category: finding.category || "general",
+            message: finding.message || "Unknown finding",
+            recommendation: finding.recommendation
+          });
+        }
+      }
+      return {
+        passed: findings.filter((f) => f.severity === "critical").length === 0,
+        findings,
+        timestamp
+      };
+    } catch (error) {
+      return this.runBasicSecurityChecks();
+    }
+  }
+  /**
+   * Run basic security checks when moltbot audit is not available
+   */
+  static runBasicSecurityChecks() {
+    const findings = [];
+    const settings = this.loadSettings();
+    if (!this.isInstalled(settings)) {
+      findings.push({
+        severity: "warning",
+        category: "hooks",
+        message: "BashBros hooks not installed",
+        recommendation: 'Run "bashbros moltbot install" to enable command gating'
+      });
+    }
+    const sandboxMode = settings.agents?.defaults?.sandbox?.mode;
+    if (!sandboxMode || sandboxMode === "off") {
+      findings.push({
+        severity: "warning",
+        category: "sandbox",
+        message: "Sandbox mode is disabled",
+        recommendation: "Enable sandbox mode in moltbot config for additional protection"
+      });
+    }
+    if (settings.gateway) {
+      if (!settings.gateway.auth) {
+        findings.push({
+          severity: "info",
+          category: "gateway",
+          message: "Gateway authentication not configured",
+          recommendation: "Consider enabling gateway authentication for multi-user environments"
+        });
+      }
+    }
+    return {
+      passed: findings.filter((f) => f.severity === "critical").length === 0,
+      findings,
+      timestamp: /* @__PURE__ */ new Date()
+    };
+  }
+  /**
+   * Get comprehensive hook status
+   */
+  static getStatus() {
+    const moltbotInstalled = this.isMoltbotInstalled();
+    const clawdbotInstalled = this.isClawdbotInstalled();
+    const configPath = this.findConfigPath();
+    const settings = this.loadSettings();
+    const hooksInstalled = this.isInstalled(settings);
+    const hooks = [];
+    if (settings.hooks?.preBash) hooks.push("preBash (gate)");
+    if (settings.hooks?.postBash) hooks.push("postBash (record)");
+    if (settings.hooks?.sessionEnd) hooks.push("sessionEnd (report)");
+    const sandboxMode = settings.agents?.defaults?.sandbox?.mode || null;
+    let gatewayRunning = false;
+    if (settings.gateway?.port) {
+      gatewayRunning = true;
+    }
+    return {
+      moltbotInstalled,
+      clawdbotInstalled,
+      hooksInstalled,
+      hooks,
+      configPath,
+      gatewayRunning,
+      sandboxMode
+    };
+  }
+};
+function getMoltbotHooks() {
+  return MoltbotHooks;
+}
+
+export {
+  MoltbotHooks,
+  getMoltbotHooks
+};
+//# sourceMappingURL=chunk-J37RHCFJ.js.map