claude-permissions-manager 0.6.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 stofi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,129 @@
+# claude-permissions-manager (`cpm`)
+
+[![CI](https://github.com/stofi/claude-permissions-manager/actions/workflows/ci.yml/badge.svg)](https://github.com/stofi/claude-permissions-manager/actions/workflows/ci.yml)
+[![npm](https://img.shields.io/npm/v/claude-permissions-manager)](https://www.npmjs.com/package/claude-permissions-manager)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
+
+Discover, analyze, and manage [Claude Code](https://claude.ai/code) permissions across all your projects.
+
+## Install
+
+```bash
+npm install -g claude-permissions-manager
+# or run without installing:
+npx claude-permissions-manager
+```
+
+## Usage
+
+```bash
+cpm                         # Launch interactive TUI (when stdout is a TTY)
+cpm list                    # List all projects with their permission modes
+cpm show                    # Show permissions for current project (cwd)
+cpm show ~/my-project       # Show detailed permissions for a specific project
+cpm audit                   # Report risky permissions across all projects
+cpm diff <path1> <path2>    # Compare two projects side by side
+cpm export                  # Dump all permissions as JSON (stdout)
+cpm export --format csv     # Dump as CSV
+cpm export --output out.json  # Write to file
+```
+
+### Initialize a project
+
+```bash
+# Create a starter settings.json from a preset
+cpm init --project ~/my-project --preset node    # Node.js project
+cpm init --project ~/my-project --preset safe    # Read-only + safe git (default)
+cpm init --project ~/my-project --preset strict  # Highly restrictive
+
+# Use --scope local to create a personal settings.local.json instead
+cpm init --project ~/my-project --preset node --scope local
+```
+
+### Managing permissions
+
+```bash
+# Add rules
+cpm allow "Bash(npm run *)" --project ~/my-project --scope project
+cpm deny  "Read(**/.env)"   --project ~/my-project --scope project
+cpm ask   "Bash(git push *)" --project ~/my-project --scope project
+cpm allow "Read"            --scope user   # applies to all projects
+
+# Remove a rule
+cpm reset "Bash(npm run *)" --project ~/my-project --scope project
+
+# Clear all rules (with confirmation)
+cpm reset --all --yes --project ~/my-project --scope project
+
+# Set permission mode
+cpm mode acceptEdits --project ~/my-project --scope project
+```
+
+### Scope options
+
+| Scope | File | Applies to |
+|---|---|---|
+| `local` | `.claude/settings.local.json` | You, this project (default) |
+| `project` | `.claude/settings.json` | All collaborators (commit to git) |
+| `user` | `~/.claude/settings.json` | You, all projects |
+
+### Flags
+
+```
+--root <dir>   Override scan root (default: ~)
+--depth <n>    Max directory depth for scanning (default: 8)
+--json         Output as JSON (list, show, audit, diff, export)
+--no-global    Skip user/managed global settings (list, audit, export)
+```
+
+## Shell completion
+
+```bash
+# Bash — add to ~/.bashrc
+eval "$(cpm completion bash)"
+
+# Zsh — add to ~/.zshrc
+eval "$(cpm completion zsh)"
+```
+
+Tab-completes: commands, `--scope` values, `--format`, `--preset`, mode names, and directory paths.
+
+## Interactive TUI
+
+Run `cpm` (or `cpm ui`) for the interactive terminal UI:
+
+- `↑↓` / `j`/`k` — navigate projects
+- `Enter` — view project details
+- `a` — audit view (security issues)
+- `d` — diff two projects
+- `q` — quit
+
+In project detail (permissions tab):
+- `1` / `2` / `3` — switch tabs (permissions / MCP / warnings)
+- `j`/`k` — move cursor through rules
+- `a` — add allow rule, `d` — add deny rule, `s` — add ask rule
+- `x` — delete selected rule
+- `←` / `Esc` / `q` — back to list
+
+## What it reads
+
+- `~/.claude/settings.json` — your personal global settings
+- `.claude/settings.json` — project-level shared settings
+- `.claude/settings.local.json` — project-level personal settings
+- `/etc/claude-code/managed-settings.json` — enterprise managed settings
+- `.mcp.json` — MCP server configurations
+- `~/.claude.json` — Claude Code state (MCP approvals, per-project servers)
+
+Values from all scopes are merged. Deny rules at any scope win absolutely.
+
+## Security
+
+- Never displays environment variable values (only names)
+- Never displays MCP header values (only names)
+- Warns prominently for `bypassPermissions` mode
+- Atomic file writes (write to temp file, then rename)
+- No network access — fully local
+
+## Requirements
+
+Node.js ≥ 18

package/dist/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":""}

package/dist/cli.js

@@ -0,0 +1,184 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import { listCommand } from "./commands/list.js";
+import { showCommand } from "./commands/show.js";
+import { auditCommand } from "./commands/audit.js";
+import { homeDir } from "./utils/paths.js";
+const program = new Command();
+program
+    .name("cpm")
+    .description("Claude Permissions Manager — discover and manage Claude Code permissions")
+    .version("0.6.0");
+// Default action: TUI when TTY, list otherwise
+program.action(async () => {
+    // If any non-option args were passed, they didn't match a known subcommand
+    const unknownArgs = program.args.filter((a) => !a.startsWith("-"));
+    if (unknownArgs.length > 0) {
+        process.stderr.write(`Error: Unknown command '${unknownArgs[0]}'\nRun 'cpm --help' for usage.\n`);
+        process.exit(1);
+    }
+    if (process.stdout.isTTY) {
+        const { uiCommand } = await import("./commands/ui.js");
+        await uiCommand({ root: homeDir() });
+    }
+    else {
+        await listCommand({ root: homeDir() });
+    }
+});
+program
+    .command("ui")
+    .description("Launch interactive TUI")
+    .option("--root <dir>", "Root directory to scan from", homeDir())
+    .option("--depth <n>", "Max scan depth", "8")
+    .action(async (opts) => {
+    const { uiCommand } = await import("./commands/ui.js");
+    await uiCommand({
+        root: opts.root,
+        maxDepth: parseInt(opts.depth, 10),
+    });
+});
+program
+    .command("list")
+    .description("List all discovered Claude projects and their permissions")
+    .option("--root <dir>", "Root directory to scan from", homeDir())
+    .option("--depth <n>", "Max scan depth", "8")
+    .option("--json", "Output as JSON")
+    .option("--no-global", "Skip user and managed global settings")
+    .action(async (opts) => {
+    await listCommand({
+        root: opts.root,
+        maxDepth: parseInt(opts.depth, 10),
+        json: opts.json,
+        includeGlobal: opts.global !== false,
+    });
+});
+program
+    .command("show [path]")
+    .description("Show detailed permissions for a project (default: cwd)")
+    .option("--json", "Output as JSON")
+    .action(async (path, opts) => {
+    await showCommand(path, { json: opts.json });
+});
+program
+    .command("audit")
+    .description("Report risky or suspicious permissions across all projects")
+    .option("--root <dir>", "Root directory to scan from", homeDir())
+    .option("--depth <n>", "Max scan depth", "8")
+    .option("--json", "Output as JSON")
+    .option("--no-global", "Skip user and managed global settings")
+    .action(async (opts) => {
+    await auditCommand({
+        root: opts.root,
+        maxDepth: parseInt(opts.depth, 10),
+        json: opts.json,
+        includeGlobal: opts.global !== false,
+    });
+});
+program
+    .command("diff <path1> <path2>")
+    .description("Compare effective permissions between two projects")
+    .option("--json", "Output as JSON")
+    .action(async (path1, path2, opts) => {
+    const { diffCommand } = await import("./commands/diff.js");
+    await diffCommand(path1, path2, { json: opts.json });
+});
+program
+    .command("allow <rule>")
+    .description('Add a rule to the allow list (e.g. cpm allow "Bash(npm run *)")')
+    .option("--scope <scope>", "Settings scope: local|project|user (default: local)", "local")
+    .option("--project <path>", "Project path for local/project scope (default: cwd)")
+    .action(async (rule, opts) => {
+    const { allowCommand } = await import("./commands/manage.js");
+    await allowCommand(rule, opts);
+});
+program
+    .command("deny <rule>")
+    .description('Add a rule to the deny list (e.g. cpm deny "Read(**/.env)")')
+    .option("--scope <scope>", "Settings scope: local|project|user (default: local)", "local")
+    .option("--project <path>", "Project path for local/project scope (default: cwd)")
+    .action(async (rule, opts) => {
+    const { denyCommand } = await import("./commands/manage.js");
+    await denyCommand(rule, opts);
+});
+program
+    .command("ask <rule>")
+    .description('Add a rule to the ask list (always prompt for confirmation)')
+    .option("--scope <scope>", "Settings scope: local|project|user (default: local)", "local")
+    .option("--project <path>", "Project path for local/project scope (default: cwd)")
+    .action(async (rule, opts) => {
+    const { askCommand } = await import("./commands/manage.js");
+    await askCommand(rule, opts);
+});
+program
+    .command("reset [rule]")
+    .description("Remove a rule from all lists, or --all to clear all rules")
+    .option("--scope <scope>", "Settings scope: local|project|user (default: local)", "local")
+    .option("--project <path>", "Project path for local/project scope (default: cwd)")
+    .option("--all", "Clear all permission rules")
+    .option("--yes", "Skip confirmation prompt")
+    .action(async (rule, opts) => {
+    const { resetRuleCommand, resetAllCommand } = await import("./commands/manage.js");
+    if (opts.all) {
+        await resetAllCommand(opts);
+    }
+    else if (rule) {
+        await resetRuleCommand(rule, opts);
+    }
+    else {
+        console.error("Provide a rule to remove, or --all to clear everything");
+        process.exit(1);
+    }
+});
+program
+    .command("mode <mode>")
+    .description("Set defaultMode: default|acceptEdits|plan|auto|dontAsk|bypassPermissions")
+    .option("--scope <scope>", "Settings scope: local|project|user (default: local)", "local")
+    .option("--project <path>", "Project path for local/project scope (default: cwd)")
+    .action(async (mode, opts) => {
+    const { modeCommand } = await import("./commands/manage.js");
+    await modeCommand(mode, opts);
+});
+program
+    .command("export")
+    .description("Export all permissions data (JSON or CSV)")
+    .option("--root <dir>", "Root directory to scan from", homeDir())
+    .option("--depth <n>", "Max scan depth", "8")
+    .option("--format <fmt>", "Output format: json|csv", "json")
+    .option("--output <file>", "Write to file instead of stdout")
+    .option("--no-global", "Skip user and managed global settings")
+    .action(async (opts) => {
+    const { exportCommand } = await import("./commands/export.js");
+    await exportCommand({
+        root: opts.root,
+        maxDepth: parseInt(opts.depth, 10),
+        format: opts.format,
+        output: opts.output,
+        includeGlobal: opts.global !== false,
+    });
+});
+program
+    .command("init")
+    .description("Create a starter settings.json from a preset template")
+    .option("--project <path>", "Project path (default: current directory)")
+    .option("--scope <scope>", "Settings scope: local|project|user (default: project)", "project")
+    .option("--preset <preset>", "Template preset: safe|node|strict (default: safe)", "safe")
+    .option("--mode <mode>", "Override defaultMode")
+    .option("--yes", "Overwrite existing settings without prompting")
+    .action(async (opts) => {
+    const { initCommand } = await import("./commands/init.js");
+    await initCommand(opts);
+});
+program
+    .command("completion <shell>")
+    .description("Print shell completion script (bash or zsh). Add to shell profile:")
+    .addHelpText("after", "\n  eval \"$(cpm completion bash)\"  # ~/.bashrc\n  eval \"$(cpm completion zsh)\"   # ~/.zshrc")
+    .action(async (shell) => {
+    const { completionCommand } = await import("./commands/completion.js");
+    await completionCommand(shell);
+});
+program.parseAsync().catch((err) => {
+    const msg = err instanceof Error ? err.message : String(err);
+    process.stderr.write(`\nError: ${msg}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAE3C,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,KAAK,CAAC;KACX,WAAW,CAAC,0EAA0E,CAAC;KACvF,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,+CAA+C;AAC/C,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE;IACxB,2EAA2E;IAC3E,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACnE,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,WAAW,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC;QAClG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QACzB,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;QACvD,MAAM,SAAS,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;IACvC,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;IACzC,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,OAAO;KACJ,OAAO,CAAC,IAAI,CAAC;KACb,WAAW,CAAC,wBAAwB,CAAC;KACrC,MAAM,CAAC,cAAc,EAAE,6BAA6B,EAAE,OAAO,EAAE,CAAC;KAChE,MAAM,CAAC,aAAa,EAAE,gBAAgB,EAAE,GAAG,CAAC;KAC5C,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACvD,MAAM,SAAS,CAAC;QACd,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;KACnC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,2DAA2D,CAAC;KACxE,MAAM,CAAC,cAAc,EAAE,6BAA6B,EAAE,OAAO,EAAE,CAAC;KAChE,MAAM,CAAC,aAAa,EAAE,gBAAgB,EAAE,GAAG,CAAC;KAC5C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,aAAa,EAAE,uCAAuC,CAAC;KAC9D,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,WAAW,CAAC;QAChB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;QAClC,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,aAAa,EAAE,IAAI,CAAC,MAAM,KAAK,KAAK;KACrC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,aAAa,CAAC;KACtB,WAAW,CAAC,wDAAwD,CAAC;KACrE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;IAC3B,MAAM,WAAW,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;AAC/C,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,4DAA4D,CAAC;KACzE,MAAM,CAAC,cAAc,EAAE,6BAA6B,EAAE,OAAO,EAAE,CAAC;KAChE,MAAM,CAAC,aAAa,EAAE,gBAAgB,EAAE,GAAG,CAAC;KAC5C,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,aAAa,EAAE,uCAAuC,CAAC;KAC9D,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,YAAY,CAAC;QACjB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;QAClC,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,aAAa,EAAE,IAAI,CAAC,MAAM,KAAK,KAAK;KACrC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,sBAAsB,CAAC;KAC/B,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,QAAQ,EAAE,gBAAgB,CAAC;KAClC,MAAM,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;IACnC,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC3D,MAAM,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,cAAc,CAAC;KACvB,WAAW,CAAC,iEAAiE,CAAC;KAC9E,MAAM,CAAC,iBAAiB,EAAE,qDAAqD,EAAE,OAAO,CAAC;KACzF,MAAM,CAAC,kBAAkB,EAAE,qDAAqD,CAAC;KACjF,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;IAC3B,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAC9D,MAAM,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AACjC,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,aAAa,CAAC;KACtB,WAAW,CAAC,6DAA6D,CAAC;KAC1E,MAAM,CAAC,iBAAiB,EAAE,qDAAqD,EAAE,OAAO,CAAC;KACzF,MAAM,CAAC,kBAAkB,EAAE,qDAAqD,CAAC;KACjF,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;IAC3B,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAC7D,MAAM,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAChC,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,YAAY,CAAC;KACrB,WAAW,CAAC,6DAA6D,CAAC;KAC1E,MAAM,CAAC,iBAAiB,EAAE,qDAAqD,EAAE,OAAO,CAAC;KACzF,MAAM,CAAC,kBAAkB,EAAE,qDAAqD,CAAC;KACjF,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;IAC3B,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAC5D,MAAM,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAC/B,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,cAAc,CAAC;KACvB,WAAW,CAAC,2DAA2D,CAAC;KACxE,MAAM,CAAC,iBAAiB,EAAE,qDAAqD,EAAE,OAAO,CAAC;KACzF,MAAM,CAAC,kBAAkB,EAAE,qDAAqD,CAAC;KACjF,MAAM,CAAC,OAAO,EAAE,4BAA4B,CAAC;KAC7C,MAAM,CAAC,OAAO,EAAE,0BAA0B,CAAC;KAC3C,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;IAC3B,MAAM,EAAE,gBAAgB,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IACnF,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;SAAM,IAAI,IAAI,EAAE,CAAC;QAChB,MAAM,gBAAgB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IACrC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,aAAa,CAAC;KACtB,WAAW,CAAC,0EAA0E,CAAC;KACvF,MAAM,CAAC,iBAAiB,EAAE,qDAAqD,EAAE,OAAO,CAAC;KACzF,MAAM,CAAC,kBAAkB,EAAE,qDAAqD,CAAC;KACjF,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;IAC3B,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAC7D,MAAM,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;AAChC,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,2CAA2C,CAAC;KACxD,MAAM,CAAC,cAAc,EAAE,6BAA6B,EAAE,OAAO,EAAE,CAAC;KAChE,MAAM,CAAC,aAAa,EAAE,gBAAgB,EAAE,GAAG,CAAC;KAC5C,MAAM,CAAC,gBAAgB,EAAE,yBAAyB,EAAE,MAAM,CAAC;KAC3D,MAAM,CAAC,iBAAiB,EAAE,iCAAiC,CAAC;KAC5D,MAAM,CAAC,aAAa,EAAE,uCAAuC,CAAC;KAC9D,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAC/D,MAAM,aAAa,CAAC;QAClB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;QAClC,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,aAAa,EAAE,IAAI,CAAC,MAAM,KAAK,KAAK;KACrC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,MAAM,CAAC;KACf,WAAW,CAAC,uDAAuD,CAAC;KACpE,MAAM,CAAC,kBAAkB,EAAE,2CAA2C,CAAC;KACvE,MAAM,CAAC,iBAAiB,EAAE,uDAAuD,EAAE,SAAS,CAAC;KAC7F,MAAM,CAAC,mBAAmB,EAAE,mDAAmD,EAAE,MAAM,CAAC;KACxF,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC;KAC/C,MAAM,CAAC,OAAO,EAAE,+CAA+C,CAAC;KAChE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;IACrB,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC3D,MAAM,WAAW,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,oBAAoB,CAAC;KAC7B,WAAW,CAAC,oEAAoE,CAAC;KACjF,WAAW,CAAC,OAAO,EAAE,iGAAiG,CAAC;KACvH,MAAM,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;IACtB,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;IACvE,MAAM,iBAAiB,CAAC,KAAK,CAAC,CAAC;AACjC,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;IAC1C,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;IAC1C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/commands/audit.d.ts

@@ -0,0 +1,5 @@
+import type { ScanOptions } from "../core/discovery.js";
+export declare function auditCommand(options: ScanOptions & {
+    json?: boolean;
+}): Promise<void>;
+//# sourceMappingURL=audit.d.ts.map

package/dist/commands/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAExD,wBAAsB,YAAY,CAAC,OAAO,EAAE,WAAW,GAAG;IAAE,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAmD3F"}

package/dist/commands/audit.js

@@ -0,0 +1,46 @@
+import chalk from "chalk";
+import { scan } from "../core/discovery.js";
+import { collapseHome } from "../utils/paths.js";
+export async function auditCommand(options) {
+    process.stderr.write(chalk.gray("Scanning for Claude projects...\n"));
+    const result = await scan(options);
+    const allIssues = [];
+    for (const project of result.projects) {
+        for (const w of project.effectivePermissions.warnings) {
+            allIssues.push({
+                project: project.rootPath,
+                severity: w.severity,
+                message: w.message,
+                rule: w.rule,
+            });
+        }
+    }
+    if (options.json) {
+        console.log(JSON.stringify({ issues: allIssues, errors: result.errors }, null, 2));
+        return;
+    }
+    if (allIssues.length === 0) {
+        console.log(chalk.green(`\n✓ No issues found across ${result.projects.length} project(s).`));
+        return;
+    }
+    const bySeverity = {
+        critical: allIssues.filter((i) => i.severity === "critical"),
+        high: allIssues.filter((i) => i.severity === "high"),
+        medium: allIssues.filter((i) => i.severity === "medium"),
+        low: allIssues.filter((i) => i.severity === "low"),
+    };
+    console.log(`\nFound ${chalk.bold(allIssues.length)} issue(s) across ${result.projects.length} project(s):\n`);
+    for (const [severity, issues] of Object.entries(bySeverity)) {
+        if (issues.length === 0)
+            continue;
+        console.log(chalk.bold(`${severity.toUpperCase()} (${issues.length})`));
+        for (const issue of issues) {
+            console.log(`  ${chalk.dim(collapseHome(issue.project))}`);
+            console.log(`    ${issue.message}`);
+            if (issue.rule)
+                console.log(`    Rule: ${chalk.italic(issue.rule)}`);
+        }
+        console.log("");
+    }
+}
+//# sourceMappingURL=audit.js.map

package/dist/commands/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/commands/audit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAGjD,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAyC;IAC1E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;IAEnC,MAAM,SAAS,GAKV,EAAE,CAAC;IAER,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,oBAAoB,CAAC,QAAQ,EAAE,CAAC;YACtD,SAAS,CAAC,IAAI,CAAC;gBACb,OAAO,EAAE,OAAO,CAAC,QAAQ;gBACzB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,IAAI,EAAE,CAAC,CAAC,IAAI;aACb,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACnF,OAAO;IACT,CAAC;IAED,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,8BAA8B,MAAM,CAAC,QAAQ,CAAC,MAAM,cAAc,CAAC,CAAC,CAAC;QAC7F,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC;QAC5D,IAAI,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC;QACpD,MAAM,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;QACxD,GAAG,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC;KACnD,CAAC;IAEF,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,oBAAoB,MAAM,CAAC,QAAQ,CAAC,MAAM,gBAAgB,CAAC,CAAC;IAE/G,KAAK,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5D,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAClC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACxE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;YAC3D,OAAO,CAAC,GAAG,CAAC,OAAO,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YACpC,IAAI,KAAK,CAAC,IAAI;gBAAE,OAAO,CAAC,GAAG,CAAC,aAAa,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACvE,CAAC;QACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;AACH,CAAC"}

package/dist/commands/completion.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Shell completion for cpm.
+ *
+ * Usage:
+ *   eval "$(cpm completion bash)"   # add to ~/.bashrc
+ *   eval "$(cpm completion zsh)"    # add to ~/.zshrc
+ */
+export declare function completionCommand(shell: string): Promise<void>;
+//# sourceMappingURL=completion.d.ts.map

package/dist/commands/completion.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"completion.d.ts","sourceRoot":"","sources":["../../src/commands/completion.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAkQH,wBAAsB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CASpE"}