chainwall 0.1.0

package/dist/commands/watch.js

@@ -0,0 +1,203 @@
+import { watch } from 'node:fs';
+import { readFile, lstat } from 'node:fs/promises';
+import { resolve, relative, basename, sep } from 'node:path';
+import chalk from 'chalk';
+import { loadConfig } from '../config.js';
+import { createRuleEngine } from '../scanner/rule-engine.js';
+import { allRules } from '../rules/index.js';
+import { scanFileForInjection } from '../scanner/injection-scanner.js';
+import { SEVERITY_COLOR } from '../reporter/shared.js';
+import { MAX_FILE_SIZE, shouldSkipExtension, isKnownText, isBinary, buildSkipSet, } from '../scanner/filesystem-scanner.js';
+const SEVERITY_TAG = {
+    critical: 'CRIT',
+    high: 'HIGH',
+    medium: 'MED ',
+    low: 'LOW ',
+};
+const DEBOUNCE_MS = 200;
+function containsSkipDir(filePath, skipSet) {
+    const segments = filePath.split(sep);
+    for (const seg of segments) {
+        if (skipSet.has(seg))
+            return true;
+    }
+    return false;
+}
+function contentHash(content) {
+    // Lightweight hash: first 64 chars + length. Not crypto, just change detection.
+    return content.slice(0, 64) + ':' + content.length;
+}
+export async function runWatch(targetDir, options) {
+    const dir = resolve(targetDir);
+    const config = loadConfig(dir);
+    const engine = createRuleEngine({ rules: allRules, config });
+    const skipSet = buildSkipSet({ extraSkipDirs: config.skipDirs });
+    // Session stats
+    let filesChecked = 0;
+    let totalFindings = 0;
+    const startTime = Date.now();
+    // Debounce timers per file
+    const timers = new Map();
+    // Content hash cache — skip re-scan if content unchanged
+    const hashCache = new Map();
+    // Per-file dedup — reset when file changes
+    const findingsDedup = new Map();
+    function formatDuration(ms) {
+        const totalSec = Math.floor(ms / 1000);
+        const min = Math.floor(totalSec / 60);
+        const sec = totalSec % 60;
+        if (min > 0)
+            return `${min}m ${sec}s`;
+        return `${sec}s`;
+    }
+    function printFinding(finding, relPath) {
+        if (options.json) {
+            const obj = {
+                severity: finding.severity,
+                ruleId: finding.ruleId,
+                file: relPath,
+                line: finding.line,
+            };
+            if (options.verbose) {
+                obj.description = finding.description;
+                obj.matchedText = finding.matchedText;
+            }
+            console.log(JSON.stringify(obj));
+            return;
+        }
+        const tag = SEVERITY_TAG[finding.severity];
+        const color = SEVERITY_COLOR[finding.severity];
+        const location = finding.line > 0 ? `${relPath}:${finding.line}` : relPath;
+        let line = color(`[${tag}]`) + ` ${finding.ruleId} \u2014 ${location}`;
+        if (options.verbose) {
+            line += `\n       ${finding.description}`;
+            line += `\n       matched: ${finding.matchedText}`;
+        }
+        console.log(line);
+    }
+    async function processFile(filePath) {
+        const relPath = relative(dir, filePath);
+        const name = basename(filePath);
+        // Skip checks
+        if (containsSkipDir(relPath, skipSet))
+            return;
+        if (shouldSkipExtension(name))
+            return;
+        let stat;
+        try {
+            stat = await lstat(filePath);
+        }
+        catch {
+            return; // File deleted or inaccessible
+        }
+        if (!stat.isFile())
+            return;
+        if (stat.size === 0 || stat.size > MAX_FILE_SIZE)
+            return;
+        // Skip binary files
+        if (!isKnownText(name) && await isBinary(filePath))
+            return;
+        let content;
+        try {
+            content = await readFile(filePath, 'utf-8');
+        }
+        catch {
+            return;
+        }
+        // Skip if content unchanged
+        const hash = contentHash(content);
+        if (hashCache.get(filePath) === hash)
+            return;
+        hashCache.set(filePath, hash);
+        // Reset dedup for this file on new content
+        findingsDedup.set(filePath, new Set());
+        filesChecked++;
+        // Run rule engine scan
+        const findings = engine.scanFile(filePath, content);
+        // Run injection scan on instruction files
+        const injectionFindings = scanFileForInjection(filePath, content);
+        const allFindings = [...findings, ...injectionFindings];
+        // Dedup within session per-file
+        const seen = findingsDedup.get(filePath);
+        for (const f of allFindings) {
+            const key = `${f.ruleId}:${f.line}`;
+            if (seen.has(key))
+                continue;
+            seen.add(key);
+            totalFindings++;
+            printFinding(f, relPath);
+        }
+    }
+    // Banner
+    if (!options.json) {
+        console.log(`${chalk.bold(`Watching ${dir} for changes...`)} (Ctrl+C to stop)`);
+        console.log(`  ${allRules.length} rules loaded\n`);
+    }
+    // Set up fs.watch
+    let watcher;
+    try {
+        watcher = watch(dir, { recursive: true }, (_event, filename) => {
+            if (!filename)
+                return;
+            const fullPath = resolve(dir, filename);
+            // Debounce per file
+            const existing = timers.get(fullPath);
+            if (existing)
+                clearTimeout(existing);
+            timers.set(fullPath, setTimeout(() => {
+                timers.delete(fullPath);
+                processFile(fullPath).catch(() => {
+                    // Silently ignore processing errors
+                });
+            }, DEBOUNCE_MS));
+        });
+    }
+    catch (err) {
+        const code = err.code;
+        if (code === 'ERR_FEATURE_UNAVAILABLE_ON_PLATFORM') {
+            // Fallback: watch without recursive (Linux < Node 19)
+            if (!options.json) {
+                console.log(chalk.yellow('Warning: Recursive watch not supported on this platform.'));
+                console.log(chalk.yellow('Only top-level directory changes will be detected.\n'));
+            }
+            watcher = watch(dir, {}, (_event, filename) => {
+                if (!filename)
+                    return;
+                const fullPath = resolve(dir, filename);
+                const existing = timers.get(fullPath);
+                if (existing)
+                    clearTimeout(existing);
+                timers.set(fullPath, setTimeout(() => {
+                    timers.delete(fullPath);
+                    processFile(fullPath).catch(() => { });
+                }, DEBOUNCE_MS));
+            });
+        }
+        else {
+            throw err;
+        }
+    }
+    watcher.on('error', (err) => {
+        if (!options.json) {
+            console.error(chalk.red(`Watch error: ${err.message}`));
+        }
+    });
+    // Clean exit on SIGINT
+    function printSummary() {
+        if (options.json)
+            return;
+        const elapsed = formatDuration(Date.now() - startTime);
+        console.log(`\n${chalk.bold('Watch ended')} \u2014 ${filesChecked} files checked, ${totalFindings} finding${totalFindings !== 1 ? 's' : ''} in ${elapsed}`);
+    }
+    process.on('SIGINT', () => {
+        watcher.close();
+        for (const t of timers.values())
+            clearTimeout(t);
+        timers.clear();
+        printSummary();
+        process.exit(0);
+    });
+    // Keep process alive
+    await new Promise(() => { });
+}
+//# sourceMappingURL=watch.js.map

package/dist/commands/watch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"watch.js","sourceRoot":"","sources":["../../src/commands/watch.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAkB,MAAM,SAAS,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAC7D,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,oBAAoB,EAAE,MAAM,iCAAiC,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EACL,aAAa,EACb,mBAAmB,EACnB,WAAW,EACX,QAAQ,EACR,YAAY,GACb,MAAM,kCAAkC,CAAC;AAQ1C,MAAM,YAAY,GAA6B;IAC7C,QAAQ,EAAE,MAAM;IAChB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,MAAM;IACd,GAAG,EAAE,MAAM;CACZ,CAAC;AAEF,MAAM,WAAW,GAAG,GAAG,CAAC;AAExB,SAAS,eAAe,CAAC,QAAgB,EAAE,OAAoB;IAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrC,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;IACpC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,gFAAgF;IAChF,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;AACrD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,SAAiB,EAAE,OAAqB;IACrE,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,MAAM,OAAO,GAAG,YAAY,CAAC,EAAE,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IAEjE,gBAAgB;IAChB,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,2BAA2B;IAC3B,MAAM,MAAM,GAAG,IAAI,GAAG,EAAyC,CAAC;IAEhE,yDAAyD;IACzD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE5C,2CAA2C;IAC3C,MAAM,aAAa,GAAG,IAAI,GAAG,EAAuB,CAAC;IAErD,SAAS,cAAc,CAAC,EAAU;QAChC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;QACvC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,EAAE,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,QAAQ,GAAG,EAAE,CAAC;QAC1B,IAAI,GAAG,GAAG,CAAC;YAAE,OAAO,GAAG,GAAG,KAAK,GAAG,GAAG,CAAC;QACtC,OAAO,GAAG,GAAG,GAAG,CAAC;IACnB,CAAC;IAED,SAAS,YAAY,CAAC,OAAoB,EAAE,OAAe;QACzD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,MAAM,GAAG,GAA4B;gBACnC,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC;YACF,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACpB,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;gBACtC,GAAG,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;YACxC,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YACjC,OAAO;QACT,CAAC;QAED,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;QAC3E,IAAI,IAAI,GAAG,KAAK,CAAC,IAAI,GAAG,GAAG,CAAC,GAAG,IAAI,OAAO,CAAC,MAAM,WAAW,QAAQ,EAAE,CAAC;QACvE,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,IAAI,IAAI,YAAY,OAAO,CAAC,WAAW,EAAE,CAAC;YAC1C,IAAI,IAAI,qBAAqB,OAAO,CAAC,WAAW,EAAE,CAAC;QACrD,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACpB,CAAC;IAED,KAAK,UAAU,WAAW,CAAC,QAAgB;QACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QACxC,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEhC,cAAc;QACd,IAAI,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC;YAAE,OAAO;QAC9C,IAAI,mBAAmB,CAAC,IAAI,CAAC;YAAE,OAAO;QAEtC,IAAI,IAAI,CAAC;QACT,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,+BAA+B;QACzC,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;YAAE,OAAO;QAC3B,IAAI,IAAI,CAAC,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,GAAG,aAAa;YAAE,OAAO;QAEzD,oBAAoB;QACpB,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO;QAE3D,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;QAED,4BAA4B;QAC5B,MAAM,IAAI,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,IAAI;YAAE,OAAO;QAC7C,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAE9B,2CAA2C;QAC3C,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;QAEvC,YAAY,EAAE,CAAC;QAEf,uBAAuB;QACvB,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAEpD,0CAA0C;QAC1C,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAElE,MAAM,WAAW,GAAG,CAAC,GAAG,QAAQ,EAAE,GAAG,iBAAiB,CAAC,CAAC;QAExD,gCAAgC;QAChC,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC;QAC1C,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;YAC5B,MAAM,GAAG,GAAG,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,aAAa,EAAE,CAAC;YAChB,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,SAAS;IACT,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,YAAY,GAAG,iBAAiB,CAAC,mBAAmB,CAAC,CAAC;QAChF,OAAO,CAAC,GAAG,CAAC,KAAK,QAAQ,CAAC,MAAM,iBAAiB,CAAC,CAAC;IACrD,CAAC;IAED,kBAAkB;IAClB,IAAI,OAAkB,CAAC;IACvB,IAAI,CAAC;QACH,OAAO,GAAG,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE;YAC7D,IAAI,CAAC,QAAQ;gBAAE,OAAO;YACtB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YAExC,oBAAoB;YACpB,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACtC,IAAI,QAAQ;gBAAE,YAAY,CAAC,QAAQ,CAAC,CAAC;YACrC,MAAM,CAAC,GAAG,CACR,QAAQ,EACR,UAAU,CAAC,GAAG,EAAE;gBACd,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;gBACxB,WAAW,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;oBAC/B,oCAAoC;gBACtC,CAAC,CAAC,CAAC;YACL,CAAC,EAAE,WAAW,CAAC,CAChB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,IAAI,GAAI,GAA6B,CAAC,IAAI,CAAC;QACjD,IAAI,IAAI,KAAK,qCAAqC,EAAE,CAAC;YACnD,sDAAsD;YACtD,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,0DAA0D,CAAC,CAAC,CAAC;gBACtF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,sDAAsD,CAAC,CAAC,CAAC;YACpF,CAAC;YACD,OAAO,GAAG,KAAK,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE;gBAC5C,IAAI,CAAC,QAAQ;oBAAE,OAAO;gBACtB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;gBACxC,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACtC,IAAI,QAAQ;oBAAE,YAAY,CAAC,QAAQ,CAAC,CAAC;gBACrC,MAAM,CAAC,GAAG,CACR,QAAQ,EACR,UAAU,CAAC,GAAG,EAAE;oBACd,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;oBACxB,WAAW,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;gBACxC,CAAC,EAAE,WAAW,CAAC,CAChB,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;QACjC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,gBAAgB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,uBAAuB;IACvB,SAAS,YAAY;QACnB,IAAI,OAAO,CAAC,IAAI;YAAE,OAAO;QACzB,MAAM,OAAO,GAAG,cAAc,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,WAAW,YAAY,mBAAmB,aAAa,WAAW,aAAa,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,OAAO,OAAO,EAAE,CAAC,CAAC;IAC9J,CAAC;IAED,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;QACxB,OAAO,CAAC,KAAK,EAAE,CAAC;QAChB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,EAAE;YAAE,YAAY,CAAC,CAAC,CAAC,CAAC;QACjD,MAAM,CAAC,KAAK,EAAE,CAAC;QACf,YAAY,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,qBAAqB;IACrB,MAAM,IAAI,OAAO,CAAO,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;AACpC,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,19 @@
+import type { Config } from './rules/types.js';
+export declare function loadConfig(projectDir?: string): Config;
+/** Write JSON atomically: write to temp file then rename (POSIX atomic). */
+export declare function atomicWriteJson(filePath: string, data: unknown): void;
+/** Returns true if real-time protection is enabled (default: true). */
+export declare function isProtectionEnabled(): boolean;
+/** Set the global protection toggle. Preserves all other config fields. */
+export declare function setProtectionEnabled(enabled: boolean): void;
+/** Add a file path to the global allowlist. Deduplicates. Rejects whitespace-only. */
+export declare function addAllowlistPath(filePath: string): void;
+/** Add a rule ID to the global allowlist (disables that rule). Deduplicates. Rejects whitespace-only. */
+export declare function disableRule(ruleId: string): void;
+/** Returns true if the user has seen the welcome screen (default: false). */
+export declare function hasSeenWelcome(): boolean;
+/** Mark the welcome screen as completed. Preserves all other config fields. */
+export declare function setWelcomeComplete(): void;
+/** Validate a config file against the Zod schema. Returns array of error messages (empty = valid). */
+export declare function validateConfig(filePath: string): string[];
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,MAAM,EAAoC,MAAM,kBAAkB,CAAC;AAwFjF,wBAAgB,UAAU,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,CA8CtD;AAID,4EAA4E;AAC5E,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,IAAI,CAMrE;AAWD,uEAAuE;AACvE,wBAAgB,mBAAmB,IAAI,OAAO,CAY7C;AAED,2EAA2E;AAC3E,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAI3D;AAED,sFAAsF;AACtF,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAavD;AAED,yGAAyG;AACzG,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAahD;AAED,6EAA6E;AAC7E,wBAAgB,cAAc,IAAI,OAAO,CAYxC;AAED,+EAA+E;AAC/E,wBAAgB,kBAAkB,IAAI,IAAI,CAIzC;AAED,sGAAsG;AACtG,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,CAazD"}

package/dist/config.js

@@ -0,0 +1,235 @@
+import { readFileSync, writeFileSync, mkdirSync, existsSync, renameSync } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { homedir } from 'node:os';
+import { z } from 'zod';
+const AllowlistSchema = z.object({
+    paths: z.array(z.string()).optional().default([]),
+    patterns: z.array(z.string()).optional().default([]),
+    rules: z.array(z.string()).optional().default([]),
+}).optional().default(() => ({ paths: [], patterns: [], rules: [] }));
+const BlocklistSchema = z.object({
+    paths: z.array(z.string()).optional().default([]),
+    patterns: z.array(z.string()).optional().default([]),
+}).optional().default(() => ({ paths: [], patterns: [] }));
+const ConfigSchema = z.object({
+    enabled: z.boolean().optional(),
+    allowlist: AllowlistSchema,
+    blocklist: BlocklistSchema,
+    skipDirs: z.array(z.string()).optional(),
+}).passthrough();
+const EMPTY_CONFIG = {
+    allowlist: { paths: [], patterns: [], rules: [] },
+    blocklist: { paths: [], patterns: [] },
+};
+function toStringArray(value) {
+    if (!Array.isArray(value))
+        return [];
+    return value.filter((v) => typeof v === 'string');
+}
+function parseAllowlist(raw) {
+    if (!raw || typeof raw !== 'object')
+        return {};
+    const obj = raw;
+    return {
+        paths: toStringArray(obj.paths),
+        patterns: toStringArray(obj.patterns),
+        rules: toStringArray(obj.rules),
+    };
+}
+function parseBlocklist(raw) {
+    if (!raw || typeof raw !== 'object')
+        return {};
+    const obj = raw;
+    return {
+        paths: toStringArray(obj.paths),
+        patterns: toStringArray(obj.patterns),
+    };
+}
+function readConfigFile(filePath) {
+    try {
+        const raw = readFileSync(filePath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        if (!parsed || typeof parsed !== 'object')
+            return null;
+        const obj = parsed;
+        const result = {
+            allowlist: parseAllowlist(obj.allowlist),
+            blocklist: parseBlocklist(obj.blocklist),
+        };
+        if (typeof obj.enabled === 'boolean') {
+            result.enabled = obj.enabled;
+        }
+        const skipDirs = toStringArray(obj.skipDirs);
+        if (skipDirs.length > 0) {
+            result.skipDirs = skipDirs;
+        }
+        return result;
+    }
+    catch {
+        // Missing file or invalid JSON — caller merges with defaults
+        return null;
+    }
+}
+function mergeAllowlists(a, b) {
+    return {
+        paths: [...(a.paths ?? []), ...(b.paths ?? [])],
+        patterns: [...(a.patterns ?? []), ...(b.patterns ?? [])],
+        rules: [...(a.rules ?? []), ...(b.rules ?? [])],
+    };
+}
+function mergeBlocklists(a, b) {
+    return {
+        paths: [...(a.paths ?? []), ...(b.paths ?? [])],
+        patterns: [...(a.patterns ?? []), ...(b.patterns ?? [])],
+    };
+}
+export function loadConfig(projectDir) {
+    const globalPath = join(homedir(), '.llm-av', 'config.json');
+    const projectPath = projectDir
+        ? join(projectDir, '.llm-av', 'config.json')
+        : join(process.cwd(), '.llm-av', 'config.json');
+    const globalConfig = readConfigFile(globalPath);
+    const projectConfig = readConfigFile(projectPath);
+    if (!globalConfig && !projectConfig) {
+        return EMPTY_CONFIG;
+    }
+    // Validate config files and log warnings (non-breaking)
+    for (const path of [globalPath, projectPath]) {
+        const errors = validateConfig(path);
+        if (errors.length > 0) {
+            for (const err of errors) {
+                process.stderr.write(`chainwall: config warning (${path}): ${err}\n`);
+            }
+        }
+    }
+    const baseAllowlist = globalConfig?.allowlist ?? {};
+    const projAllowlist = projectConfig?.allowlist ?? {};
+    const baseBlocklist = globalConfig?.blocklist ?? {};
+    const projBlocklist = projectConfig?.blocklist ?? {};
+    const config = {
+        allowlist: mergeAllowlists(baseAllowlist, projAllowlist),
+        blocklist: mergeBlocklists(baseBlocklist, projBlocklist),
+    };
+    // enabled is global-only (per-project would let malicious repos disable protection)
+    if (typeof globalConfig?.enabled === 'boolean') {
+        config.enabled = globalConfig.enabled;
+    }
+    // skipDirs: merge global + project (both trusted, similar to allowlist)
+    const globalSkip = globalConfig?.skipDirs ?? [];
+    const projectSkip = projectConfig?.skipDirs ?? [];
+    if (globalSkip.length > 0 || projectSkip.length > 0) {
+        config.skipDirs = [...globalSkip, ...projectSkip];
+    }
+    return config;
+}
+const globalConfigPath = join(homedir(), '.llm-av', 'config.json');
+/** Write JSON atomically: write to temp file then rename (POSIX atomic). */
+export function atomicWriteJson(filePath, data) {
+    const dir = dirname(filePath);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
+    const tmpPath = filePath + '.tmp.' + process.pid;
+    writeFileSync(tmpPath, JSON.stringify(data, null, 2) + '\n');
+    renameSync(tmpPath, filePath);
+}
+/** Read and parse global config JSON. Returns empty object on error. */
+function readGlobalConfigJson() {
+    try {
+        return JSON.parse(readFileSync(globalConfigPath, 'utf-8'));
+    }
+    catch {
+        return {};
+    }
+}
+/** Returns true if real-time protection is enabled (default: true). */
+export function isProtectionEnabled() {
+    try {
+        const raw = readFileSync(globalConfigPath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        if (parsed && typeof parsed === 'object') {
+            const obj = parsed;
+            if (typeof obj.enabled === 'boolean')
+                return obj.enabled;
+        }
+    }
+    catch {
+        // no config file = default enabled
+    }
+    return true;
+}
+/** Set the global protection toggle. Preserves all other config fields. */
+export function setProtectionEnabled(enabled) {
+    const existing = readGlobalConfigJson();
+    existing.enabled = enabled;
+    atomicWriteJson(globalConfigPath, existing);
+}
+/** Add a file path to the global allowlist. Deduplicates. Rejects whitespace-only. */
+export function addAllowlistPath(filePath) {
+    const trimmed = filePath.trim();
+    if (!trimmed)
+        throw new Error('Path cannot be empty');
+    const existing = readGlobalConfigJson();
+    const allowlist = (existing.allowlist ?? {});
+    const paths = Array.isArray(allowlist.paths) ? allowlist.paths : [];
+    if (!paths.includes(trimmed)) {
+        paths.push(trimmed);
+    }
+    allowlist.paths = paths;
+    existing.allowlist = allowlist;
+    atomicWriteJson(globalConfigPath, existing);
+}
+/** Add a rule ID to the global allowlist (disables that rule). Deduplicates. Rejects whitespace-only. */
+export function disableRule(ruleId) {
+    const trimmed = ruleId.trim();
+    if (!trimmed)
+        throw new Error('Rule ID cannot be empty');
+    const existing = readGlobalConfigJson();
+    const allowlist = (existing.allowlist ?? {});
+    const rules = Array.isArray(allowlist.rules) ? allowlist.rules : [];
+    if (!rules.includes(trimmed)) {
+        rules.push(trimmed);
+    }
+    allowlist.rules = rules;
+    existing.allowlist = allowlist;
+    atomicWriteJson(globalConfigPath, existing);
+}
+/** Returns true if the user has seen the welcome screen (default: false). */
+export function hasSeenWelcome() {
+    try {
+        const raw = readFileSync(globalConfigPath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        if (parsed && typeof parsed === 'object') {
+            const obj = parsed;
+            if (typeof obj.hasSeenWelcome === 'boolean')
+                return obj.hasSeenWelcome;
+        }
+    }
+    catch {
+        // no config file = never seen
+    }
+    return false;
+}
+/** Mark the welcome screen as completed. Preserves all other config fields. */
+export function setWelcomeComplete() {
+    const existing = readGlobalConfigJson();
+    existing.hasSeenWelcome = true;
+    atomicWriteJson(globalConfigPath, existing);
+}
+/** Validate a config file against the Zod schema. Returns array of error messages (empty = valid). */
+export function validateConfig(filePath) {
+    try {
+        const raw = readFileSync(filePath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        const result = ConfigSchema.safeParse(parsed);
+        if (!result.success) {
+            return result.error.issues.map(i => `${i.path.join('.')}: ${i.message}`);
+        }
+        return [];
+    }
+    catch (err) {
+        if (err instanceof SyntaxError)
+            return [`Invalid JSON: ${err.message}`];
+        return [];
+    }
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACzF,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACjD,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACpD,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAClD,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;AAEtE,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;IACjD,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CACrD,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;AAE3D,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,SAAS,EAAE,eAAe;IAC1B,SAAS,EAAE,eAAe;IAC1B,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC,WAAW,EAAE,CAAC;AAEjB,MAAM,YAAY,GAAW;IAC3B,SAAS,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;IACjD,SAAS,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE;CACvC,CAAC;AAEF,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACrC,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,cAAc,CAAC,GAAY;IAClC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAC/C,MAAM,GAAG,GAAG,GAA8B,CAAC;IAC3C,OAAO;QACL,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC;QAC/B,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC;QACrC,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC;KAChC,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,GAAY;IAClC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IAC/C,MAAM,GAAG,GAAG,GAA8B,CAAC;IAC3C,OAAO;QACL,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC;QAC/B,QAAQ,EAAE,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC;KACtC,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QACvD,MAAM,GAAG,GAAG,MAAiC,CAAC;QAC9C,MAAM,MAAM,GAAoB;YAC9B,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC;YACxC,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC;SACzC,CAAC;QACF,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YACrC,MAAM,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;QAC/B,CAAC;QACD,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,6DAA6D;QAC7D,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,CAAkB,EAAE,CAAkB;IAC7D,OAAO;QACL,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAC/C,QAAQ,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;QACxD,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;KAChD,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,CAAkB,EAAE,CAAkB;IAC7D,OAAO;QACL,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAC/C,QAAQ,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;KACzD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,UAAmB;IAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;IAC7D,MAAM,WAAW,GAAG,UAAU;QAC5B,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,aAAa,CAAC;QAC5C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;IAElD,MAAM,YAAY,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;IAChD,MAAM,aAAa,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;IAElD,IAAI,CAAC,YAAY,IAAI,CAAC,aAAa,EAAE,CAAC;QACpC,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,wDAAwD;IACxD,KAAK,MAAM,IAAI,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,CAAC;QAC7C,MAAM,MAAM,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QACpC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;gBACzB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8BAA8B,IAAI,MAAM,GAAG,IAAI,CAAC,CAAC;YACxE,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,YAAY,EAAE,SAAS,IAAI,EAAE,CAAC;IACpD,MAAM,aAAa,GAAG,aAAa,EAAE,SAAS,IAAI,EAAE,CAAC;IACrD,MAAM,aAAa,GAAG,YAAY,EAAE,SAAS,IAAI,EAAE,CAAC;IACpD,MAAM,aAAa,GAAG,aAAa,EAAE,SAAS,IAAI,EAAE,CAAC;IAErD,MAAM,MAAM,GAAW;QACrB,SAAS,EAAE,eAAe,CAAC,aAAa,EAAE,aAAa,CAAC;QACxD,SAAS,EAAE,eAAe,CAAC,aAAa,EAAE,aAAa,CAAC;KACzD,CAAC;IAEF,oFAAoF;IACpF,IAAI,OAAO,YAAY,EAAE,OAAO,KAAK,SAAS,EAAE,CAAC;QAC/C,MAAM,CAAC,OAAO,GAAG,YAAY,CAAC,OAAO,CAAC;IACxC,CAAC;IAED,wEAAwE;IACxE,MAAM,UAAU,GAAG,YAAY,EAAE,QAAQ,IAAI,EAAE,CAAC;IAChD,MAAM,WAAW,GAAG,aAAa,EAAE,QAAQ,IAAI,EAAE,CAAC;IAClD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,MAAM,CAAC,QAAQ,GAAG,CAAC,GAAG,UAAU,EAAE,GAAG,WAAW,CAAC,CAAC;IACpD,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;AAEnE,4EAA4E;AAC5E,MAAM,UAAU,eAAe,CAAC,QAAgB,EAAE,IAAa;IAC7D,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC9B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG,QAAQ,GAAG,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC;IACjD,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC7D,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;AAChC,CAAC;AAED,wEAAwE;AACxE,SAAS,oBAAoB;IAC3B,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAA4B,CAAC;IACxF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,mBAAmB;IACjC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QACpD,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,MAAiC,CAAC;YAC9C,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,SAAS;gBAAE,OAAO,GAAG,CAAC,OAAO,CAAC;QAC3D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mCAAmC;IACrC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,oBAAoB,CAAC,OAAgB;IACnD,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAC;IACxC,QAAQ,CAAC,OAAO,GAAG,OAAO,CAAC;IAC3B,eAAe,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;AAC9C,CAAC;AAED,sFAAsF;AACtF,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;IAChC,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAEtD,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAC;IACxC,MAAM,SAAS,GAAG,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAA4B,CAAC;IACxE,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAE,SAAS,CAAC,KAAkB,CAAC,CAAC,CAAC,EAAE,CAAC;IAClF,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtB,CAAC;IACD,SAAS,CAAC,KAAK,GAAG,KAAK,CAAC;IACxB,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC;IAC/B,eAAe,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;AAC9C,CAAC;AAED,yGAAyG;AACzG,MAAM,UAAU,WAAW,CAAC,MAAc;IACxC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;IAC9B,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAEzD,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAC;IACxC,MAAM,SAAS,GAAG,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAA4B,CAAC;IACxE,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAE,SAAS,CAAC,KAAkB,CAAC,CAAC,CAAC,EAAE,CAAC;IAClF,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtB,CAAC;IACD,SAAS,CAAC,KAAK,GAAG,KAAK,CAAC;IACxB,QAAQ,CAAC,SAAS,GAAG,SAAS,CAAC;IAC/B,eAAe,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;AAC9C,CAAC;AAED,6EAA6E;AAC7E,MAAM,UAAU,cAAc;IAC5B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QACpD,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACxC,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,MAAiC,CAAC;YAC9C,IAAI,OAAO,GAAG,CAAC,cAAc,KAAK,SAAS;gBAAE,OAAO,GAAG,CAAC,cAAc,CAAC;QACzE,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,8BAA8B;IAChC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,+EAA+E;AAC/E,MAAM,UAAU,kBAAkB;IAChC,MAAM,QAAQ,GAAG,oBAAoB,EAAE,CAAC;IACxC,QAAQ,CAAC,cAAc,GAAG,IAAI,CAAC;IAC/B,eAAe,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;AAC9C,CAAC;AAED,sGAAsG;AACtG,MAAM,UAAU,cAAc,CAAC,QAAgB;IAC7C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,WAAW;YAAE,OAAO,CAAC,iBAAiB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACxE,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/mcp-server/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export declare function startMCPServer(): Promise<void>;
+//# sourceMappingURL=index.d.ts.map

package/dist/mcp-server/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/mcp-server/index.ts"],"names":[],"mappings":";AA4CA,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAsBpD"}

package/dist/mcp-server/index.js

@@ -0,0 +1,69 @@
+#!/usr/bin/env node
+import { statSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { createRuleEngine } from '../scanner/rule-engine.js';
+import { allRules } from '../rules/index.js';
+import { loadConfig } from '../config.js';
+import { scanFileTool } from './tools/scan-file.js';
+import { scanContentTool } from './tools/scan-content.js';
+import { checkCommandTool } from './tools/check-command.js';
+import { auditStatusTool } from './tools/audit-status.js';
+import { createRequire } from 'node:module';
+const require = createRequire(import.meta.url);
+const pkg = require('../../package.json');
+/** Config-aware engine that reloads when config file changes. */
+function createRefreshableEngine() {
+    const configPath = join(homedir(), '.llm-av', 'config.json');
+    let lastMtime = 0;
+    let engine = createRuleEngine({ rules: allRules, config: loadConfig(process.cwd()) });
+    function getEngine() {
+        try {
+            const mtime = statSync(configPath).mtimeMs;
+            if (mtime !== lastMtime) {
+                lastMtime = mtime;
+                engine = createRuleEngine({ rules: allRules, config: loadConfig(process.cwd()) });
+            }
+        }
+        catch {
+            // Config file doesn't exist or can't be read — keep current engine
+        }
+        return engine;
+    }
+    // Initialize mtime
+    try {
+        lastMtime = statSync(configPath).mtimeMs;
+    }
+    catch { /* no config */ }
+    return { getEngine };
+}
+export async function startMCPServer() {
+    const { getEngine } = createRefreshableEngine();
+    // Wrap engine so each call checks for config refresh
+    const engineProxy = {
+        scanFile(path, content) {
+            return getEngine().scanFile(path, content);
+        },
+    };
+    const server = new McpServer({
+        name: 'chainwall',
+        version: pkg.version,
+    });
+    scanFileTool(server, engineProxy);
+    scanContentTool(server, engineProxy);
+    checkCommandTool(server, engineProxy);
+    auditStatusTool(server);
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}
+// Allow direct execution as MCP server binary
+const isDirectExecution = process.argv[1]?.endsWith('mcp-server/index.js');
+if (isDirectExecution) {
+    startMCPServer().catch((err) => {
+        console.error(`Fatal: ${err.message}`);
+        process.exitCode = 1;
+    });
+}
+//# sourceMappingURL=index.js.map

package/dist/mcp-server/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/mcp-server/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAE1D,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,oBAAoB,CAAwB,CAAC;AAEjE,iEAAiE;AACjE,SAAS,uBAAuB;IAC9B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;IAC7D,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,MAAM,GAAG,gBAAgB,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;IAEtF,SAAS,SAAS;QAChB,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC;YAC3C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;gBACxB,SAAS,GAAG,KAAK,CAAC;gBAClB,MAAM,GAAG,gBAAgB,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,mEAAmE;QACrE,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,mBAAmB;IACnB,IAAI,CAAC;QAAC,SAAS,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,OAAO,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;IAE3E,OAAO,EAAE,SAAS,EAAE,CAAC;AACvB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,EAAE,SAAS,EAAE,GAAG,uBAAuB,EAAE,CAAC;IAEhD,qDAAqD;IACrD,MAAM,WAAW,GAAG;QAClB,QAAQ,CAAC,IAAY,EAAE,OAAe;YACpC,OAAO,SAAS,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC7C,CAAC;KACF,CAAC;IAEF,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;QAC3B,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,GAAG,CAAC,OAAO;KACrB,CAAC,CAAC;IAEH,YAAY,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAClC,eAAe,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC,gBAAgB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACtC,eAAe,CAAC,MAAM,CAAC,CAAC;IAExB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC;AAED,8CAA8C;AAC9C,MAAM,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,qBAAqB,CAAC,CAAC;AAC3E,IAAI,iBAAiB,EAAE,CAAC;IACtB,cAAc,EAAE,CAAC,KAAK,CAAC,CAAC,GAAU,EAAE,EAAE;QACpC,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACvC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/mcp-server/schemas.d.ts

@@ -0,0 +1,13 @@
+import { z } from 'zod';
+export declare const ScanFileSchema: {
+    path: z.ZodString;
+};
+export declare const ScanContentSchema: {
+    content: z.ZodString;
+    filename: z.ZodOptional<z.ZodString>;
+};
+export declare const CheckCommandSchema: {
+    command: z.ZodString;
+};
+export declare const AuditStatusSchema: {};
+//# sourceMappingURL=schemas.d.ts.map

package/dist/mcp-server/schemas.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../../src/mcp-server/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,cAAc;;CAE1B,CAAC;AAEF,eAAO,MAAM,iBAAiB;;;CAG7B,CAAC;AAEF,eAAO,MAAM,kBAAkB;;CAE9B,CAAC;AAEF,eAAO,MAAM,iBAAiB,IAAK,CAAC"}

package/dist/mcp-server/schemas.js

@@ -0,0 +1,13 @@
+import { z } from 'zod';
+export const ScanFileSchema = {
+    path: z.string().min(1).describe('Absolute path to the file to scan'),
+};
+export const ScanContentSchema = {
+    content: z.string().max(10_000_000).describe('Text content to scan for security findings'),
+    filename: z.string().optional().describe('Optional filename for context (enables filename rules)'),
+};
+export const CheckCommandSchema = {
+    command: z.string().describe('Shell command to check for safety'),
+};
+export const AuditStatusSchema = {};
+//# sourceMappingURL=schemas.js.map

package/dist/mcp-server/schemas.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schemas.js","sourceRoot":"","sources":["../../src/mcp-server/schemas.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,mCAAmC,CAAC;CACtE,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IAC1F,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wDAAwD,CAAC;CACnG,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;CAClE,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,EAAE,CAAC"}

package/dist/mcp-server/tools/audit-status.d.ts

@@ -0,0 +1,3 @@
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+export declare function auditStatusTool(server: McpServer): void;
+//# sourceMappingURL=audit-status.d.ts.map

package/dist/mcp-server/tools/audit-status.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-status.d.ts","sourceRoot":"","sources":["../../../src/mcp-server/tools/audit-status.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAGzE,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAgDvD"}