clawhatch 0.1.0

package/dist/checks/tools.js

@@ -0,0 +1,397 @@
+/**
+ * Tool Security checks (TOOLS-001 to TOOLS-020).
+ *
+ * Checks for elevated tool risks, command injection, docker exposure,
+ * missing audit trails, and tool configuration hygiene.
+ */
+import { Severity } from "../types.js";
+import { readFile } from "node:fs/promises";
+import { basename } from "node:path";
+import { readFileCapped } from "../utils.js";
+const DANGEROUS_TOOLS = ["exec", "shell", "bash", "sh", "cmd", "powershell", "terminal", "run_command"];
+const EVAL_PATTERNS = [
+    /\beval\s*\(/,
+    /\bexec\s*\(/,
+    /\bsubprocess\b/,
+    /\bchild_process\b/,
+    /\bspawn\s*\(/,
+    /new\s+Function\s*\(/,
+];
+const SUDO_PATTERNS = [
+    /\bsudo\b/,
+    /\bdoas\b/,
+    /\brunas\b/,
+];
+export async function runToolChecks(config, files) {
+    const findings = [];
+    const elevated = config.tools?.elevated ?? [];
+    // TOOLS-001: Excessive elevated tools (>5)
+    if (elevated.length > 5) {
+        findings.push({
+            id: "TOOLS-001",
+            severity: Severity.Medium,
+            confidence: "high",
+            category: "Tool Security",
+            title: "Excessive elevated tools",
+            description: `${elevated.length} tools are elevated — large attack surface`,
+            risk: "Each elevated tool bypasses sandbox restrictions and increases exposure",
+            remediation: "Reduce elevated tools to the minimum needed (ideally ≤5)",
+            autoFixable: false,
+        });
+    }
+    // TOOLS-002: Dangerous tools elevated (exec/shell/bash)
+    const dangerousElevated = elevated.filter((t) => DANGEROUS_TOOLS.some((d) => t.toLowerCase().includes(d)));
+    if (dangerousElevated.length > 0) {
+        findings.push({
+            id: "TOOLS-002",
+            severity: Severity.Critical,
+            confidence: "high",
+            category: "Tool Security",
+            title: "Dangerous tools elevated",
+            description: `Shell/exec tools elevated: ${dangerousElevated.join(", ")}`,
+            risk: "Elevated shell access allows arbitrary command execution without sandbox",
+            remediation: "Remove shell/exec from elevated tools and use specific, scoped tools instead",
+            autoFixable: false,
+        });
+    }
+    // TOOLS-003: useAccessGroups not enabled
+    if (elevated.length > 0 && config.tools?.useAccessGroups !== true) {
+        findings.push({
+            id: "TOOLS-003",
+            severity: Severity.Medium,
+            confidence: "high",
+            category: "Tool Security",
+            title: "Tool access groups not enabled",
+            description: "Tools are elevated but useAccessGroups is not enabled",
+            risk: "All users/agents get the same tool access — no role-based control",
+            remediation: "Set tools.useAccessGroups: true and define access groups per role",
+            autoFixable: false,
+        });
+    }
+    // TOOLS-004: No tool allowlist
+    if (!config.tools?.allowlist || config.tools.allowlist.length === 0) {
+        findings.push({
+            id: "TOOLS-004",
+            severity: Severity.Medium,
+            confidence: "medium",
+            category: "Tool Security",
+            title: "No tool allowlist configured",
+            description: "No explicit allowlist of permitted tools — all tools may be available",
+            risk: "Agents can use any available tool without restriction",
+            remediation: "Configure tools.allowlist with only the tools your agent needs",
+            autoFixable: false,
+        });
+    }
+    // TOOLS-005: Exec tool unrestricted
+    const hasExec = elevated.some((t) => t.toLowerCase().includes("exec"));
+    if (hasExec && !config.tools?.useAccessGroups) {
+        findings.push({
+            id: "TOOLS-005",
+            severity: Severity.High,
+            confidence: "high",
+            category: "Tool Security",
+            title: "Exec tool elevated without constraints",
+            description: "exec/run tool is elevated with no access group restrictions",
+            risk: "Any agent or user can execute arbitrary commands via the exec tool",
+            remediation: "Add access group constraints or remove exec from elevated tools",
+            autoFixable: false,
+        });
+    }
+    // TOOLS-006: Browser relay without constraints
+    if (config.sandbox?.browser?.allowHostControl === true) {
+        findings.push({
+            id: "TOOLS-006",
+            severity: Severity.Medium,
+            confidence: "medium",
+            category: "Tool Security",
+            title: "Browser host control enabled",
+            description: "Browser relay allows host-level control without documented constraints",
+            risk: "Agent can navigate to arbitrary URLs, read cookies, or interact with authenticated sessions",
+            remediation: "Restrict browser access to specific domains or disable host control",
+            autoFixable: false,
+        });
+    }
+    // TOOLS-007: File write too broad
+    if (config.sandbox?.workspaceAccess === "rw" && !config.tools?.allowlist) {
+        findings.push({
+            id: "TOOLS-007",
+            severity: Severity.Medium,
+            confidence: "low",
+            category: "Tool Security",
+            title: "Unrestricted file write access",
+            description: "Workspace has read-write access with no tool allowlist to limit write scope",
+            risk: "Agent can modify any file in the workspace without restriction",
+            remediation: "Use a tool allowlist or restrict workspace access to read-only where possible",
+            autoFixable: false,
+        });
+    }
+    // TOOLS-008: Docker socket referenced in command files
+    for (const cmdFile of files.customCommandFiles) {
+        try {
+            const content = await readFile(cmdFile, "utf-8");
+            if (/docker\.sock/i.test(content) || /\/var\/run\/docker/i.test(content)) {
+                findings.push({
+                    id: "TOOLS-008",
+                    severity: Severity.Critical,
+                    confidence: "high",
+                    category: "Tool Security",
+                    title: "Docker socket referenced in custom command",
+                    description: `${basename(cmdFile)} references docker.sock — full host access`,
+                    risk: "Docker socket access grants root-equivalent access to the host system",
+                    remediation: "Remove docker.sock references from custom commands; use rootless Docker instead",
+                    autoFixable: false,
+                    file: cmdFile,
+                });
+                break;
+            }
+        }
+        catch {
+            // Can't read file
+        }
+    }
+    // TOOLS-009: Host network mode in custom commands
+    for (const cmdFile of files.customCommandFiles) {
+        try {
+            const content = await readFile(cmdFile, "utf-8");
+            if (/--net[=\s]+host/i.test(content) || /--network[=\s]+host/i.test(content)) {
+                findings.push({
+                    id: "TOOLS-009",
+                    severity: Severity.High,
+                    confidence: "high",
+                    category: "Tool Security",
+                    title: "Host network mode in custom command",
+                    description: `${basename(cmdFile)} uses --net=host — container shares host network`,
+                    risk: "Container can access all host network interfaces and services",
+                    remediation: "Use bridge or none network mode instead of host",
+                    autoFixable: false,
+                    file: cmdFile,
+                });
+                break;
+            }
+        }
+        catch {
+            // Can't read file
+        }
+    }
+    // TOOLS-010: Sudo/doas/runas in custom commands
+    for (const cmdFile of files.customCommandFiles) {
+        try {
+            const content = await readFile(cmdFile, "utf-8");
+            const hasSudo = SUDO_PATTERNS.some((p) => p.test(content));
+            if (hasSudo) {
+                findings.push({
+                    id: "TOOLS-010",
+                    severity: Severity.High,
+                    confidence: "high",
+                    category: "Tool Security",
+                    title: "Privilege escalation in custom command",
+                    description: `${basename(cmdFile)} contains sudo/doas/runas — escalates privileges`,
+                    risk: "Custom commands running as root bypass all sandbox protections",
+                    remediation: "Remove privilege escalation from custom commands; run with least privilege",
+                    autoFixable: false,
+                    file: cmdFile,
+                });
+                break;
+            }
+        }
+        catch {
+            // Can't read file
+        }
+    }
+    // TOOLS-011: Eval/exec in skill files
+    for (const skillFile of files.skillFiles) {
+        try {
+            const content = await readFile(skillFile, "utf-8");
+            const hasEval = EVAL_PATTERNS.some((p) => p.test(content));
+            if (hasEval) {
+                findings.push({
+                    id: "TOOLS-011",
+                    severity: Severity.High,
+                    confidence: "high",
+                    category: "Tool Security",
+                    title: "Dynamic code execution in skill",
+                    description: `${basename(skillFile)} uses eval/exec/subprocess — code injection risk`,
+                    risk: "Skills with dynamic execution can run arbitrary code",
+                    remediation: "Replace eval/exec with static, validated alternatives",
+                    autoFixable: false,
+                    file: skillFile,
+                });
+                break;
+            }
+        }
+        catch {
+            // Can't read file
+        }
+    }
+    // TOOLS-012: Custom tool override risk
+    if (files.customCommandFiles.length > 0 && files.skillFiles.length > 0) {
+        findings.push({
+            id: "TOOLS-012",
+            severity: Severity.Medium,
+            confidence: "medium",
+            category: "Tool Security",
+            title: "Workspace tools may override managed tools",
+            description: `${files.customCommandFiles.length} custom commands alongside ${files.skillFiles.length} skill files`,
+            risk: "Custom workspace tools can shadow managed tools, changing behavior unexpectedly",
+            remediation: "Review custom commands for naming conflicts with managed tools",
+            autoFixable: false,
+        });
+    }
+    // TOOLS-013: Missing tool documentation
+    if (elevated.length > 0) {
+        const hasClaudeMd = files.workspaceMarkdownFiles.some((f) => basename(f).toUpperCase() === "CLAUDE.MD");
+        if (!hasClaudeMd) {
+            findings.push({
+                id: "TOOLS-013",
+                severity: Severity.Low,
+                confidence: "low",
+                category: "Tool Security",
+                title: "Elevated tools lack documentation",
+                description: "No CLAUDE.md found to document elevated tool usage and constraints",
+                risk: "Undocumented tool access makes security review difficult",
+                remediation: "Create a CLAUDE.md that documents which tools are elevated and why",
+                autoFixable: false,
+            });
+        }
+    }
+    // TOOLS-014: Tool version pinning
+    if (files.skillPackageFiles.length > 0) {
+        for (const pkgFile of files.skillPackageFiles.slice(0, 5)) {
+            try {
+                const content = await readFile(pkgFile, "utf-8");
+                if (content.includes('"*"') || /"\^/.test(content) || /"~/.test(content)) {
+                    findings.push({
+                        id: "TOOLS-014",
+                        severity: Severity.Low,
+                        confidence: "low",
+                        category: "Tool Security",
+                        title: "Skill dependencies not version-pinned",
+                        description: `${basename(pkgFile)} uses loose version ranges (^, ~, *)`,
+                        risk: "Unpinned dependencies can introduce supply-chain vulnerabilities",
+                        remediation: "Pin exact versions in skill package.json dependencies",
+                        autoFixable: false,
+                        file: pkgFile,
+                    });
+                    break;
+                }
+            }
+            catch {
+                // Can't read
+            }
+        }
+    }
+    // TOOLS-015: Shell command history in session logs
+    for (const logFile of files.sessionLogFiles.slice(0, 3)) {
+        try {
+            // FIX: Use capped read to avoid OOM on large session logs
+            const content = await readFileCapped(logFile, 512 * 1024);
+            const hasShellSecrets = /(?:password|token|secret|key)\s*[=:]\s*\S+/i.test(content) &&
+                /(?:bash|shell|exec|run_command)/i.test(content);
+            if (hasShellSecrets) {
+                findings.push({
+                    id: "TOOLS-015",
+                    severity: Severity.Medium,
+                    confidence: "medium",
+                    category: "Tool Security",
+                    title: "Shell commands may contain secrets in logs",
+                    description: `Session log ${basename(logFile)} contains shell commands with potential secret values`,
+                    risk: "Shell command history in logs may expose passwords, tokens, or API keys",
+                    remediation: "Use environment variables instead of inline secrets in shell commands",
+                    autoFixable: false,
+                    file: logFile,
+                });
+                break;
+            }
+        }
+        catch {
+            // Can't read
+        }
+    }
+    // TOOLS-016: Unrestricted file deletion
+    if (config.sandbox?.workspaceAccess === "rw" && !config.tools?.auditLog) {
+        findings.push({
+            id: "TOOLS-016",
+            severity: Severity.Low,
+            confidence: "low",
+            category: "Tool Security",
+            title: "File deletions not audited",
+            description: "Workspace is read-write but no audit log is configured for file operations",
+            risk: "Deleted files cannot be traced back to the action that removed them",
+            remediation: "Enable tools.auditLog to track file modifications and deletions",
+            autoFixable: false,
+        });
+    }
+    // TOOLS-017: No command audit trail
+    // Only fire if elevated tools are configured or exec/shell tools are present
+    // (no point flagging audit trail if there are no risky tools to audit)
+    const hasRiskyTools = elevated.length > 0 ||
+        dangerousElevated.length > 0 ||
+        config.sandbox?.workspaceAccess === "rw";
+    if (!config.tools?.auditLog && hasRiskyTools) {
+        findings.push({
+            id: "TOOLS-017",
+            severity: Severity.Medium,
+            confidence: "low",
+            category: "Tool Security",
+            title: "No command audit trail",
+            description: "Tool audit logging is not enabled — tool invocations are not tracked",
+            risk: "Cannot trace which tools were called, when, or with what parameters",
+            remediation: "Set tools.auditLog: true to enable tool invocation logging",
+            autoFixable: false,
+        });
+    }
+    // TOOLS-018: Dynamic tool loading from arbitrary paths
+    for (const cmdFile of files.customCommandFiles) {
+        try {
+            const content = await readFile(cmdFile, "utf-8");
+            if (/require\s*\(|import\s*\(|loadModule|dynamicImport/i.test(content)) {
+                findings.push({
+                    id: "TOOLS-018",
+                    severity: Severity.Medium,
+                    confidence: "medium",
+                    category: "Tool Security",
+                    title: "Dynamic tool loading detected",
+                    description: `${basename(cmdFile)} dynamically loads modules at runtime`,
+                    risk: "Dynamically loaded tools can be swapped or injected by modifying the load path",
+                    remediation: "Use static imports and pin tool sources to known, trusted locations",
+                    autoFixable: false,
+                    file: cmdFile,
+                });
+                break;
+            }
+        }
+        catch {
+            // Can't read
+        }
+    }
+    // TOOLS-019: Tool timeout missing
+    if (!config.tools?.timeout) {
+        findings.push({
+            id: "TOOLS-019",
+            severity: Severity.Low,
+            confidence: "low",
+            category: "Tool Security",
+            title: "No tool timeout configured",
+            description: "No timeout set for tool execution — tools can run indefinitely",
+            risk: "Runaway tool executions can consume resources or hang the agent",
+            remediation: "Set tools.timeout to a reasonable value (e.g., 30000ms)",
+            autoFixable: false,
+        });
+    }
+    // TOOLS-020: No rate limiting on tools
+    if (!config.tools?.rateLimit) {
+        findings.push({
+            id: "TOOLS-020",
+            severity: Severity.Low,
+            confidence: "low",
+            category: "Tool Security",
+            title: "No rate limiting on tools",
+            description: "No rate limit configured for tool invocations",
+            risk: "Agent can invoke tools at unlimited rate, risking API abuse or resource exhaustion",
+            remediation: "Set tools.rateLimit to limit invocations per minute",
+            autoFixable: false,
+        });
+    }
+    return findings;
+}
+//# sourceMappingURL=tools.js.map

package/dist/checks/tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tools.js","sourceRoot":"","sources":["../../src/checks/tools.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAA2D,MAAM,aAAa,CAAC;AAChG,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C,MAAM,eAAe,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;AAExG,MAAM,aAAa,GAAG;IACpB,aAAa;IACb,aAAa;IACb,gBAAgB;IAChB,mBAAmB;IACnB,cAAc;IACd,qBAAqB;CACtB,CAAC;AAEF,MAAM,aAAa,GAAG;IACpB,UAAU;IACV,UAAU;IACV,WAAW;CACZ,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAsB,EACtB,KAAsB;IAEtB,MAAM,QAAQ,GAAc,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,EAAE,QAAQ,IAAI,EAAE,CAAC;IAE9C,2CAA2C;IAC3C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,WAAW;YACf,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,UAAU,EAAE,MAAM;YAClB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,0BAA0B;YACjC,WAAW,EAAE,GAAG,QAAQ,CAAC,MAAM,4CAA4C;YAC3E,IAAI,EAAE,yEAAyE;YAC/E,WAAW,EAAE,0DAA0D;YACvE,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,wDAAwD;IACxD,MAAM,iBAAiB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9C,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CACzD,CAAC;IACF,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,WAAW;YACf,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,UAAU,EAAE,MAAM;YAClB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,0BAA0B;YACjC,WAAW,EAAE,8BAA8B,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACzE,IAAI,EAAE,0EAA0E;YAChF,WAAW,EAAE,8EAA8E;YAC3F,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,yCAAyC;IACzC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,EAAE,CAAC;QAClE,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,WAAW;YACf,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,UAAU,EAAE,MAAM;YAClB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,gCAAgC;YACvC,WAAW,EAAE,uDAAuD;YACpE,IAAI,EAAE,mEAAmE;YACzE,WAAW,EAAE,mEAAmE;YAChF,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,+BAA+B;IAC/B,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpE,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,WAAW;YACf,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,UAAU,EAAE,QAAQ;YACpB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,8BAA8B;YACrC,WAAW,EAAE,uEAAuE;YACpF,IAAI,EAAE,uDAAuD;YAC7D,WAAW,EAAE,gEAAgE;YAC7E,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,oCAAoC;IACpC,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACvE,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,eAAe,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,WAAW;YACf,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,UAAU,EAAE,MAAM;YAClB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,6DAA6D;YAC1E,IAAI,EAAE,oEAAoE;YAC1E,WAAW,EAAE,iEAAiE;YAC9E,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,+CAA+C;IAC/C,IAAI,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,gBAAgB,KAAK,IAAI,EAAE,CAAC;QACvD,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,WAAW;YACf,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,UAAU,EAAE,QAAQ;YACpB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,8BAA8B;YACrC,WAAW,EAAE,wEAAwE;YACrF,IAAI,EAAE,6FAA6F;YACnG,WAAW,EAAE,qEAAqE;YAClF,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,IAAI,MAAM,CAAC,OAAO,EAAE,eAAe,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC;QACzE,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,WAAW;YACf,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,gCAAgC;YACvC,WAAW,EAAE,6EAA6E;YAC1F,IAAI,EAAE,gEAAgE;YACtE,WAAW,EAAE,+EAA+E;YAC5F,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,kBAAkB,EAAE,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACjD,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,qBAAqB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACzE,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,WAAW;oBACf,QAAQ,EAAE,QAAQ,CAAC,QAAQ;oBAC3B,UAAU,EAAE,MAAM;oBAClB,QAAQ,EAAE,eAAe;oBACzB,KAAK,EAAE,4CAA4C;oBACnD,WAAW,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,4CAA4C;oBAC7E,IAAI,EAAE,uEAAuE;oBAC7E,WAAW,EAAE,iFAAiF;oBAC9F,WAAW,EAAE,KAAK;oBAClB,IAAI,EAAE,OAAO;iBACd,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,kBAAkB;QACpB,CAAC;IACH,CAAC;IAED,kDAAkD;IAClD,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,kBAAkB,EAAE,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACjD,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,sBAAsB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC7E,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,WAAW;oBACf,QAAQ,EAAE,QAAQ,CAAC,IAAI;oBACvB,UAAU,EAAE,MAAM;oBAClB,QAAQ,EAAE,eAAe;oBACzB,KAAK,EAAE,qCAAqC;oBAC5C,WAAW,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,kDAAkD;oBACnF,IAAI,EAAE,+DAA+D;oBACrE,WAAW,EAAE,iDAAiD;oBAC9D,WAAW,EAAE,KAAK;oBAClB,IAAI,EAAE,OAAO;iBACd,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,kBAAkB;QACpB,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,kBAAkB,EAAE,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACjD,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;YAC3D,IAAI,OAAO,EAAE,CAAC;gBACZ,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,WAAW;oBACf,QAAQ,EAAE,QAAQ,CAAC,IAAI;oBACvB,UAAU,EAAE,MAAM;oBAClB,QAAQ,EAAE,eAAe;oBACzB,KAAK,EAAE,wCAAwC;oBAC/C,WAAW,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,kDAAkD;oBACnF,IAAI,EAAE,gEAAgE;oBACtE,WAAW,EAAE,4EAA4E;oBACzF,WAAW,EAAE,KAAK;oBAClB,IAAI,EAAE,OAAO;iBACd,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,kBAAkB;QACpB,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,KAAK,MAAM,SAAS,IAAI,KAAK,CAAC,UAAU,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACnD,MAAM,OAAO,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;YAC3D,IAAI,OAAO,EAAE,CAAC;gBACZ,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,WAAW;oBACf,QAAQ,EAAE,QAAQ,CAAC,IAAI;oBACvB,UAAU,EAAE,MAAM;oBAClB,QAAQ,EAAE,eAAe;oBACzB,KAAK,EAAE,iCAAiC;oBACxC,WAAW,EAAE,GAAG,QAAQ,CAAC,SAAS,CAAC,kDAAkD;oBACrF,IAAI,EAAE,sDAAsD;oBAC5D,WAAW,EAAE,uDAAuD;oBACpE,WAAW,EAAE,KAAK;oBAClB,IAAI,EAAE,SAAS;iBAChB,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,kBAAkB;QACpB,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,IAAI,KAAK,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvE,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,WAAW;YACf,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,UAAU,EAAE,QAAQ;YACpB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,4CAA4C;YACnD,WAAW,EAAE,GAAG,KAAK,CAAC,kBAAkB,CAAC,MAAM,8BAA8B,KAAK,CAAC,UAAU,CAAC,MAAM,cAAc;YAClH,IAAI,EAAE,iFAAiF;YACvF,WAAW,EAAE,gEAAgE;YAC7E,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,WAAW,GAAG,KAAK,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1D,QAAQ,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,WAAW,CAC1C,CAAC;QACF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,QAAQ,CAAC,IAAI,CAAC;gBACZ,EAAE,EAAE,WAAW;gBACf,QAAQ,EAAE,QAAQ,CAAC,GAAG;gBACtB,UAAU,EAAE,KAAK;gBACjB,QAAQ,EAAE,eAAe;gBACzB,KAAK,EAAE,mCAAmC;gBAC1C,WAAW,EAAE,oEAAoE;gBACjF,IAAI,EAAE,0DAA0D;gBAChE,WAAW,EAAE,oEAAoE;gBACjF,WAAW,EAAE,KAAK;aACnB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,KAAK,CAAC,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvC,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YAC1D,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;gBACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBACzE,QAAQ,CAAC,IAAI,CAAC;wBACZ,EAAE,EAAE,WAAW;wBACf,QAAQ,EAAE,QAAQ,CAAC,GAAG;wBACtB,UAAU,EAAE,KAAK;wBACjB,QAAQ,EAAE,eAAe;wBACzB,KAAK,EAAE,uCAAuC;wBAC9C,WAAW,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,sCAAsC;wBACvE,IAAI,EAAE,kEAAkE;wBACxE,WAAW,EAAE,uDAAuD;wBACpE,WAAW,EAAE,KAAK;wBAClB,IAAI,EAAE,OAAO;qBACd,CAAC,CAAC;oBACH,MAAM;gBACR,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,aAAa;YACf,CAAC;QACH,CAAC;IACH,CAAC;IAED,mDAAmD;IACnD,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;QACxD,IAAI,CAAC;YACH,0DAA0D;YAC1D,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,GAAG,GAAG,IAAI,CAAC,CAAC;YAC1D,MAAM,eAAe,GAAG,6CAA6C,CAAC,IAAI,CAAC,OAAO,CAAC;gBACjF,kCAAkC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACnD,IAAI,eAAe,EAAE,CAAC;gBACpB,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,WAAW;oBACf,QAAQ,EAAE,QAAQ,CAAC,MAAM;oBACzB,UAAU,EAAE,QAAQ;oBACpB,QAAQ,EAAE,eAAe;oBACzB,KAAK,EAAE,4CAA4C;oBACnD,WAAW,EAAE,eAAe,QAAQ,CAAC,OAAO,CAAC,uDAAuD;oBACpG,IAAI,EAAE,yEAAyE;oBAC/E,WAAW,EAAE,uEAAuE;oBACpF,WAAW,EAAE,KAAK;oBAClB,IAAI,EAAE,OAAO;iBACd,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,aAAa;QACf,CAAC;IACH,CAAC;IAED,wCAAwC;IACxC,IAAI,MAAM,CAAC,OAAO,EAAE,eAAe,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC;QACxE,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,WAAW;YACf,QAAQ,EAAE,QAAQ,CAAC,GAAG;YACtB,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,4BAA4B;YACnC,WAAW,EAAE,4EAA4E;YACzF,IAAI,EAAE,qEAAqE;YAC3E,WAAW,EAAE,iEAAiE;YAC9E,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,oCAAoC;IACpC,6EAA6E;IAC7E,uEAAuE;IACvE,MAAM,aAAa,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC;QACvC,iBAAiB,CAAC,MAAM,GAAG,CAAC;QAC5B,MAAM,CAAC,OAAO,EAAE,eAAe,KAAK,IAAI,CAAC;IAE3C,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,QAAQ,IAAI,aAAa,EAAE,CAAC;QAC7C,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,WAAW;YACf,QAAQ,EAAE,QAAQ,CAAC,MAAM;YACzB,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,wBAAwB;YAC/B,WAAW,EAAE,sEAAsE;YACnF,IAAI,EAAE,qEAAqE;YAC3E,WAAW,EAAE,4DAA4D;YACzE,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,uDAAuD;IACvD,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,kBAAkB,EAAE,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACjD,IAAI,oDAAoD,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvE,QAAQ,CAAC,IAAI,CAAC;oBACZ,EAAE,EAAE,WAAW;oBACf,QAAQ,EAAE,QAAQ,CAAC,MAAM;oBACzB,UAAU,EAAE,QAAQ;oBACpB,QAAQ,EAAE,eAAe;oBACzB,KAAK,EAAE,+BAA+B;oBACtC,WAAW,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,uCAAuC;oBACxE,IAAI,EAAE,gFAAgF;oBACtF,WAAW,EAAE,qEAAqE;oBAClF,WAAW,EAAE,KAAK;oBAClB,IAAI,EAAE,OAAO;iBACd,CAAC,CAAC;gBACH,MAAM;YACR,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,aAAa;QACf,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;QAC3B,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,WAAW;YACf,QAAQ,EAAE,QAAQ,CAAC,GAAG;YACtB,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,4BAA4B;YACnC,WAAW,EAAE,gEAAgE;YAC7E,IAAI,EAAE,iEAAiE;YACvE,WAAW,EAAE,yDAAyD;YACtE,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,uCAAuC;IACvC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,WAAW;YACf,QAAQ,EAAE,QAAQ,CAAC,GAAG;YACtB,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,eAAe;YACzB,KAAK,EAAE,2BAA2B;YAClC,WAAW,EAAE,+CAA+C;YAC5D,IAAI,EAAE,oFAAoF;YAC1F,WAAW,EAAE,qDAAqD;YAClE,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/discover.d.ts

@@ -0,0 +1,22 @@
+/**
+ * File discovery for OpenClaw installations.
+ *
+ * Finds all relevant files to scan, handling:
+ * - Default and custom paths
+ * - Symlink detection and boundary checking
+ * - Windows/macOS/Linux path differences
+ * - Graceful missing-file handling
+ */
+import type { DiscoveredFiles } from "./types.js";
+/**
+ * Auto-detect OpenClaw installation path.
+ */
+export declare function findOpenClawDir(customPath?: string): Promise<string | null>;
+/**
+ * Discover all scannable files in an OpenClaw installation.
+ */
+export declare function discoverFiles(openclawDir: string, workspaceDir: string | null): Promise<{
+    files: DiscoveredFiles;
+    symlinkWarnings: string[];
+}>;
+//# sourceMappingURL=discover.d.ts.map

package/dist/discover.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"discover.d.ts","sourceRoot":"","sources":["../src/discover.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAsDlD;;GAEG;AACH,wBAAsB,eAAe,CACnC,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAqBxB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,GAAG,IAAI,GAC1B,OAAO,CAAC;IAAE,KAAK,EAAE,eAAe,CAAC;IAAC,eAAe,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CAqMhE"}