npm - clawsec - Versions diffs - 0.0.1 - Mend

clawsec 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (361) hide show

package/README.md +560 -0
package/dist/bin/clawsec.d.ts +7 -0
package/dist/bin/clawsec.d.ts.map +1 -0
package/dist/bin/clawsec.js +12 -0
package/dist/bin/clawsec.js.map +1 -0
package/dist/src/actions/block.d.ts +22 -0
package/dist/src/actions/block.d.ts.map +1 -0
package/dist/src/actions/block.js +83 -0
package/dist/src/actions/block.js.map +1 -0
package/dist/src/actions/confirm.d.ts +35 -0
package/dist/src/actions/confirm.d.ts.map +1 -0
package/dist/src/actions/confirm.js +156 -0
package/dist/src/actions/confirm.js.map +1 -0
package/dist/src/actions/executor.d.ts +64 -0
package/dist/src/actions/executor.d.ts.map +1 -0
package/dist/src/actions/executor.js +114 -0
package/dist/src/actions/executor.js.map +1 -0
package/dist/src/actions/index.d.ts +13 -0
package/dist/src/actions/index.d.ts.map +1 -0
package/dist/src/actions/index.js +15 -0
package/dist/src/actions/index.js.map +1 -0
package/dist/src/actions/log.d.ts +19 -0
package/dist/src/actions/log.d.ts.map +1 -0
package/dist/src/actions/log.js +63 -0
package/dist/src/actions/log.js.map +1 -0
package/dist/src/actions/types.d.ts +85 -0
package/dist/src/actions/types.d.ts.map +1 -0
package/dist/src/actions/types.js +78 -0
package/dist/src/actions/types.js.map +1 -0
package/dist/src/actions/warn.d.ts +22 -0
package/dist/src/actions/warn.d.ts.map +1 -0
package/dist/src/actions/warn.js +84 -0
package/dist/src/actions/warn.js.map +1 -0
package/dist/src/approval/agent-confirm.d.ts +104 -0
package/dist/src/approval/agent-confirm.d.ts.map +1 -0
package/dist/src/approval/agent-confirm.js +173 -0
package/dist/src/approval/agent-confirm.js.map +1 -0
package/dist/src/approval/index.d.ts +14 -0
package/dist/src/approval/index.d.ts.map +1 -0
package/dist/src/approval/index.js +9 -0
package/dist/src/approval/index.js.map +1 -0
package/dist/src/approval/native.d.ts +56 -0
package/dist/src/approval/native.d.ts.map +1 -0
package/dist/src/approval/native.js +196 -0
package/dist/src/approval/native.js.map +1 -0
package/dist/src/approval/store.d.ts +88 -0
package/dist/src/approval/store.d.ts.map +1 -0
package/dist/src/approval/store.js +192 -0
package/dist/src/approval/store.js.map +1 -0
package/dist/src/approval/types.d.ts +119 -0
package/dist/src/approval/types.d.ts.map +1 -0
package/dist/src/approval/types.js +6 -0
package/dist/src/approval/types.js.map +1 -0
package/dist/src/approval/webhook.d.ts +170 -0
package/dist/src/approval/webhook.d.ts.map +1 -0
package/dist/src/approval/webhook.js +362 -0
package/dist/src/approval/webhook.js.map +1 -0
package/dist/src/cli/commands/audit.d.ts +43 -0
package/dist/src/cli/commands/audit.d.ts.map +1 -0
package/dist/src/cli/commands/audit.js +115 -0
package/dist/src/cli/commands/audit.js.map +1 -0
package/dist/src/cli/commands/feedback.d.ts +27 -0
package/dist/src/cli/commands/feedback.d.ts.map +1 -0
package/dist/src/cli/commands/feedback.js +228 -0
package/dist/src/cli/commands/feedback.js.map +1 -0
package/dist/src/cli/commands/index.d.ts +11 -0
package/dist/src/cli/commands/index.d.ts.map +1 -0
package/dist/src/cli/commands/index.js +13 -0
package/dist/src/cli/commands/index.js.map +1 -0
package/dist/src/cli/commands/status.d.ts +20 -0
package/dist/src/cli/commands/status.d.ts.map +1 -0
package/dist/src/cli/commands/status.js +122 -0
package/dist/src/cli/commands/status.js.map +1 -0
package/dist/src/cli/commands/test.d.ts +23 -0
package/dist/src/cli/commands/test.d.ts.map +1 -0
package/dist/src/cli/commands/test.js +134 -0
package/dist/src/cli/commands/test.js.map +1 -0
package/dist/src/cli/commands/types.d.ts +81 -0
package/dist/src/cli/commands/types.d.ts.map +1 -0
package/dist/src/cli/commands/types.js +6 -0
package/dist/src/cli/commands/types.js.map +1 -0
package/dist/src/cli/index.d.ts +17 -0
package/dist/src/cli/index.d.ts.map +1 -0
package/dist/src/cli/index.js +267 -0
package/dist/src/cli/index.js.map +1 -0
package/dist/src/config/defaults.d.ts +20 -0
package/dist/src/config/defaults.d.ts.map +1 -0
package/dist/src/config/defaults.js +123 -0
package/dist/src/config/defaults.js.map +1 -0
package/dist/src/config/index.d.ts +8 -0
package/dist/src/config/index.d.ts.map +1 -0
package/dist/src/config/index.js +41 -0
package/dist/src/config/index.js.map +1 -0
package/dist/src/config/loader.d.ts +99 -0
package/dist/src/config/loader.d.ts.map +1 -0
package/dist/src/config/loader.js +242 -0
package/dist/src/config/loader.js.map +1 -0
package/dist/src/config/schema.d.ts +627 -0
package/dist/src/config/schema.d.ts.map +1 -0
package/dist/src/config/schema.js +585 -0
package/dist/src/config/schema.js.map +1 -0
package/dist/src/detectors/destructive/cloud-detector.d.ts +51 -0
package/dist/src/detectors/destructive/cloud-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/cloud-detector.js +556 -0
package/dist/src/detectors/destructive/cloud-detector.js.map +1 -0
package/dist/src/detectors/destructive/code-detector.d.ts +59 -0
package/dist/src/detectors/destructive/code-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/code-detector.js +558 -0
package/dist/src/detectors/destructive/code-detector.js.map +1 -0
package/dist/src/detectors/destructive/index.d.ts +54 -0
package/dist/src/detectors/destructive/index.d.ts.map +1 -0
package/dist/src/detectors/destructive/index.js +168 -0
package/dist/src/detectors/destructive/index.js.map +1 -0
package/dist/src/detectors/destructive/shell-detector.d.ts +43 -0
package/dist/src/detectors/destructive/shell-detector.d.ts.map +1 -0
package/dist/src/detectors/destructive/shell-detector.js +302 -0
package/dist/src/detectors/destructive/shell-detector.js.map +1 -0
package/dist/src/detectors/destructive/types.d.ts +143 -0
package/dist/src/detectors/destructive/types.d.ts.map +1 -0
package/dist/src/detectors/destructive/types.js +6 -0
package/dist/src/detectors/destructive/types.js.map +1 -0
package/dist/src/detectors/exfiltration/cloud-detector.d.ts +51 -0
package/dist/src/detectors/exfiltration/cloud-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/cloud-detector.js +427 -0
package/dist/src/detectors/exfiltration/cloud-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/http-detector.d.ts +47 -0
package/dist/src/detectors/exfiltration/http-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/http-detector.js +429 -0
package/dist/src/detectors/exfiltration/http-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/index.d.ts +44 -0
package/dist/src/detectors/exfiltration/index.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/index.js +118 -0
package/dist/src/detectors/exfiltration/index.js.map +1 -0
package/dist/src/detectors/exfiltration/network-detector.d.ts +55 -0
package/dist/src/detectors/exfiltration/network-detector.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/network-detector.js +504 -0
package/dist/src/detectors/exfiltration/network-detector.js.map +1 -0
package/dist/src/detectors/exfiltration/types.d.ts +139 -0
package/dist/src/detectors/exfiltration/types.d.ts.map +1 -0
package/dist/src/detectors/exfiltration/types.js +6 -0
package/dist/src/detectors/exfiltration/types.js.map +1 -0
package/dist/src/detectors/purchase/domain-detector.d.ts +44 -0
package/dist/src/detectors/purchase/domain-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/domain-detector.js +296 -0
package/dist/src/detectors/purchase/domain-detector.js.map +1 -0
package/dist/src/detectors/purchase/form-detector.d.ts +27 -0
package/dist/src/detectors/purchase/form-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/form-detector.js +344 -0
package/dist/src/detectors/purchase/form-detector.js.map +1 -0
package/dist/src/detectors/purchase/index.d.ts +65 -0
package/dist/src/detectors/purchase/index.d.ts.map +1 -0
package/dist/src/detectors/purchase/index.js +216 -0
package/dist/src/detectors/purchase/index.js.map +1 -0
package/dist/src/detectors/purchase/spend-tracker.d.ts +132 -0
package/dist/src/detectors/purchase/spend-tracker.d.ts.map +1 -0
package/dist/src/detectors/purchase/spend-tracker.js +313 -0
package/dist/src/detectors/purchase/spend-tracker.js.map +1 -0
package/dist/src/detectors/purchase/types.d.ts +139 -0
package/dist/src/detectors/purchase/types.d.ts.map +1 -0
package/dist/src/detectors/purchase/types.js +6 -0
package/dist/src/detectors/purchase/types.js.map +1 -0
package/dist/src/detectors/purchase/url-detector.d.ts +31 -0
package/dist/src/detectors/purchase/url-detector.d.ts.map +1 -0
package/dist/src/detectors/purchase/url-detector.js +292 -0
package/dist/src/detectors/purchase/url-detector.js.map +1 -0
package/dist/src/detectors/secrets/api-key-detector.d.ts +30 -0
package/dist/src/detectors/secrets/api-key-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/api-key-detector.js +297 -0
package/dist/src/detectors/secrets/api-key-detector.js.map +1 -0
package/dist/src/detectors/secrets/index.d.ts +43 -0
package/dist/src/detectors/secrets/index.d.ts.map +1 -0
package/dist/src/detectors/secrets/index.js +261 -0
package/dist/src/detectors/secrets/index.js.map +1 -0
package/dist/src/detectors/secrets/pii-detector.d.ts +54 -0
package/dist/src/detectors/secrets/pii-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/pii-detector.js +286 -0
package/dist/src/detectors/secrets/pii-detector.js.map +1 -0
package/dist/src/detectors/secrets/token-detector.d.ts +51 -0
package/dist/src/detectors/secrets/token-detector.d.ts.map +1 -0
package/dist/src/detectors/secrets/token-detector.js +233 -0
package/dist/src/detectors/secrets/token-detector.js.map +1 -0
package/dist/src/detectors/secrets/types.d.ts +157 -0
package/dist/src/detectors/secrets/types.d.ts.map +1 -0
package/dist/src/detectors/secrets/types.js +6 -0
package/dist/src/detectors/secrets/types.js.map +1 -0
package/dist/src/detectors/website/category-detector.d.ts +22 -0
package/dist/src/detectors/website/category-detector.d.ts.map +1 -0
package/dist/src/detectors/website/category-detector.js +162 -0
package/dist/src/detectors/website/category-detector.js.map +1 -0
package/dist/src/detectors/website/index.d.ts +53 -0
package/dist/src/detectors/website/index.d.ts.map +1 -0
package/dist/src/detectors/website/index.js +232 -0
package/dist/src/detectors/website/index.js.map +1 -0
package/dist/src/detectors/website/pattern-matcher.d.ts +33 -0
package/dist/src/detectors/website/pattern-matcher.d.ts.map +1 -0
package/dist/src/detectors/website/pattern-matcher.js +121 -0
package/dist/src/detectors/website/pattern-matcher.js.map +1 -0
package/dist/src/detectors/website/types.d.ts +105 -0
package/dist/src/detectors/website/types.d.ts.map +1 -0
package/dist/src/detectors/website/types.js +6 -0
package/dist/src/detectors/website/types.js.map +1 -0
package/dist/src/engine/analyzer.d.ts +87 -0
package/dist/src/engine/analyzer.d.ts.map +1 -0
package/dist/src/engine/analyzer.js +427 -0
package/dist/src/engine/analyzer.js.map +1 -0
package/dist/src/engine/cache.d.ts +80 -0
package/dist/src/engine/cache.d.ts.map +1 -0
package/dist/src/engine/cache.js +167 -0
package/dist/src/engine/cache.js.map +1 -0
package/dist/src/engine/index.d.ts +11 -0
package/dist/src/engine/index.d.ts.map +1 -0
package/dist/src/engine/index.js +11 -0
package/dist/src/engine/index.js.map +1 -0
package/dist/src/engine/llm-client.d.ts +210 -0
package/dist/src/engine/llm-client.d.ts.map +1 -0
package/dist/src/engine/llm-client.js +506 -0
package/dist/src/engine/llm-client.js.map +1 -0
package/dist/src/engine/types.d.ts +163 -0
package/dist/src/engine/types.d.ts.map +1 -0
package/dist/src/engine/types.js +21 -0
package/dist/src/engine/types.js.map +1 -0
package/dist/src/feedback/index.d.ts +9 -0
package/dist/src/feedback/index.d.ts.map +1 -0
package/dist/src/feedback/index.js +8 -0
package/dist/src/feedback/index.js.map +1 -0
package/dist/src/feedback/learner.d.ts +222 -0
package/dist/src/feedback/learner.d.ts.map +1 -0
package/dist/src/feedback/learner.js +401 -0
package/dist/src/feedback/learner.js.map +1 -0
package/dist/src/feedback/store.d.ts +113 -0
package/dist/src/feedback/store.d.ts.map +1 -0
package/dist/src/feedback/store.js +228 -0
package/dist/src/feedback/store.js.map +1 -0
package/dist/src/feedback/types.d.ts +126 -0
package/dist/src/feedback/types.d.ts.map +1 -0
package/dist/src/feedback/types.js +6 -0
package/dist/src/feedback/types.js.map +1 -0
package/dist/src/hooks/before-agent-start/handler.d.ts +37 -0
package/dist/src/hooks/before-agent-start/handler.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/handler.js +109 -0
package/dist/src/hooks/before-agent-start/handler.js.map +1 -0
package/dist/src/hooks/before-agent-start/index.d.ts +8 -0
package/dist/src/hooks/before-agent-start/index.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/index.js +7 -0
package/dist/src/hooks/before-agent-start/index.js.map +1 -0
package/dist/src/hooks/before-agent-start/prompts.d.ts +48 -0
package/dist/src/hooks/before-agent-start/prompts.d.ts.map +1 -0
package/dist/src/hooks/before-agent-start/prompts.js +103 -0
package/dist/src/hooks/before-agent-start/prompts.js.map +1 -0
package/dist/src/hooks/before-tool-call/handler.d.ts +42 -0
package/dist/src/hooks/before-tool-call/handler.d.ts.map +1 -0
package/dist/src/hooks/before-tool-call/handler.js +226 -0
package/dist/src/hooks/before-tool-call/handler.js.map +1 -0
package/dist/src/hooks/before-tool-call/index.d.ts +7 -0
package/dist/src/hooks/before-tool-call/index.d.ts.map +1 -0
package/dist/src/hooks/before-tool-call/index.js +6 -0
package/dist/src/hooks/before-tool-call/index.js.map +1 -0
package/dist/src/hooks/tool-result-persist/filter.d.ts +72 -0
package/dist/src/hooks/tool-result-persist/filter.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/filter.js +305 -0
package/dist/src/hooks/tool-result-persist/filter.js.map +1 -0
package/dist/src/hooks/tool-result-persist/handler.d.ts +49 -0
package/dist/src/hooks/tool-result-persist/handler.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/handler.js +217 -0
package/dist/src/hooks/tool-result-persist/handler.js.map +1 -0
package/dist/src/hooks/tool-result-persist/index.d.ts +11 -0
package/dist/src/hooks/tool-result-persist/index.d.ts.map +1 -0
package/dist/src/hooks/tool-result-persist/index.js +11 -0
package/dist/src/hooks/tool-result-persist/index.js.map +1 -0
package/dist/src/index.d.ts +256 -0
package/dist/src/index.d.ts.map +1 -0
package/dist/src/index.js +222 -0
package/dist/src/index.js.map +1 -0
package/dist/src/notifications/discord.d.ts +10 -0
package/dist/src/notifications/discord.d.ts.map +1 -0
package/dist/src/notifications/discord.js +218 -0
package/dist/src/notifications/discord.js.map +1 -0
package/dist/src/notifications/index.d.ts +37 -0
package/dist/src/notifications/index.d.ts.map +1 -0
package/dist/src/notifications/index.js +68 -0
package/dist/src/notifications/index.js.map +1 -0
package/dist/src/notifications/slack.d.ts +10 -0
package/dist/src/notifications/slack.d.ts.map +1 -0
package/dist/src/notifications/slack.js +218 -0
package/dist/src/notifications/slack.js.map +1 -0
package/dist/src/notifications/telegram.d.ts +10 -0
package/dist/src/notifications/telegram.d.ts.map +1 -0
package/dist/src/notifications/telegram.js +242 -0
package/dist/src/notifications/telegram.js.map +1 -0
package/dist/src/notifications/types.d.ts +119 -0
package/dist/src/notifications/types.d.ts.map +1 -0
package/dist/src/notifications/types.js +6 -0
package/dist/src/notifications/types.js.map +1 -0
package/dist/src/proxy/index.d.ts +8 -0
package/dist/src/proxy/index.d.ts.map +1 -0
package/dist/src/proxy/index.js +9 -0
package/dist/src/proxy/index.js.map +1 -0
package/dist/src/proxy/middleware.d.ts +55 -0
package/dist/src/proxy/middleware.d.ts.map +1 -0
package/dist/src/proxy/middleware.js +215 -0
package/dist/src/proxy/middleware.js.map +1 -0
package/dist/src/proxy/server.d.ts +57 -0
package/dist/src/proxy/server.d.ts.map +1 -0
package/dist/src/proxy/server.js +298 -0
package/dist/src/proxy/server.js.map +1 -0
package/dist/src/proxy/types.d.ts +136 -0
package/dist/src/proxy/types.d.ts.map +1 -0
package/dist/src/proxy/types.js +6 -0
package/dist/src/proxy/types.js.map +1 -0
package/dist/src/sanitization/index.d.ts +10 -0
package/dist/src/sanitization/index.d.ts.map +1 -0
package/dist/src/sanitization/index.js +9 -0
package/dist/src/sanitization/index.js.map +1 -0
package/dist/src/sanitization/patterns.d.ts +51 -0
package/dist/src/sanitization/patterns.d.ts.map +1 -0
package/dist/src/sanitization/patterns.js +266 -0
package/dist/src/sanitization/patterns.js.map +1 -0
package/dist/src/sanitization/scanner.d.ts +29 -0
package/dist/src/sanitization/scanner.d.ts.map +1 -0
package/dist/src/sanitization/scanner.js +328 -0
package/dist/src/sanitization/scanner.js.map +1 -0
package/dist/src/sanitization/types.d.ts +57 -0
package/dist/src/sanitization/types.d.ts.map +1 -0
package/dist/src/sanitization/types.js +5 -0
package/dist/src/sanitization/types.js.map +1 -0
package/openclaw.plugin.json +114 -0
package/package.json +63 -0
package/rules/builtin/README.md +139 -0
package/rules/builtin/ai-services.yaml +70 -0
package/rules/builtin/api-keys.yaml +64 -0
package/rules/builtin/authentication.yaml +56 -0
package/rules/builtin/aws-security.yaml +57 -0
package/rules/builtin/azure-security.yaml +58 -0
package/rules/builtin/cicd-security.yaml +64 -0
package/rules/builtin/cloud-storage.yaml +64 -0
package/rules/builtin/container-registry.yaml +55 -0
package/rules/builtin/crypto-wallets.yaml +71 -0
package/rules/builtin/database-nosql.yaml +58 -0
package/rules/builtin/database-sql.yaml +62 -0
package/rules/builtin/development-env.yaml +67 -0
package/rules/builtin/docker.yaml +57 -0
package/rules/builtin/filesystem.yaml +71 -0
package/rules/builtin/financial-pci.yaml +61 -0
package/rules/builtin/gcp-security.yaml +57 -0
package/rules/builtin/git-operations.yaml +68 -0
package/rules/builtin/healthcare-hipaa.yaml +64 -0
package/rules/builtin/kubernetes.yaml +60 -0
package/rules/builtin/messaging-services.yaml +53 -0
package/rules/builtin/minimal.yaml +47 -0
package/rules/builtin/mobile-development.yaml +61 -0
package/rules/builtin/monitoring.yaml +63 -0
package/rules/builtin/network-security.yaml +57 -0
package/rules/builtin/package-managers.yaml +74 -0
package/rules/builtin/payment-processing.yaml +66 -0
package/rules/builtin/pii-protection.yaml +48 -0
package/rules/builtin/production-strict.yaml +55 -0
package/rules/builtin/secrets-management.yaml +63 -0
package/rules/builtin/serverless.yaml +74 -0
package/rules/builtin/ssh-security.yaml +66 -0
package/rules/builtin/terraform.yaml +51 -0
package/rules/builtin/web-security.yaml +62 -0

package/dist/src/hooks/before-agent-start/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Before Agent Start Hook
+ * Re-exports for the before-agent-start hook
+ */
+export type { BeforeAgentStartHandlerOptions } from './handler.js';
+export { createBeforeAgentStartHandler, createDefaultBeforeAgentStartHandler, } from './handler.js';
+export { SECURITY_CONTEXT_HEADER, BASE_SECURITY_INTRO, CATEGORY_REMINDERS, BLOCKED_ACTION_INSTRUCTIONS, SECURITY_CONTEXT_FOOTER, getAgentConfirmInstructions, getEnabledCategoryReminders, buildSecurityContextPrompt, } from './prompts.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/hooks/before-agent-start/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/hooks/before-agent-start/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,YAAY,EAAE,8BAA8B,EAAE,MAAM,cAAc,CAAC;AAEnE,OAAO,EACL,6BAA6B,EAC7B,oCAAoC,GACrC,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,uBAAuB,EACvB,mBAAmB,EACnB,kBAAkB,EAClB,2BAA2B,EAC3B,uBAAuB,EACvB,2BAA2B,EAC3B,2BAA2B,EAC3B,0BAA0B,GAC3B,MAAM,cAAc,CAAC"}

package/dist/src/hooks/before-agent-start/index.js ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Before Agent Start Hook
+ * Re-exports for the before-agent-start hook
+ */
+export { createBeforeAgentStartHandler, createDefaultBeforeAgentStartHandler, } from './handler.js';
+export { SECURITY_CONTEXT_HEADER, BASE_SECURITY_INTRO, CATEGORY_REMINDERS, BLOCKED_ACTION_INSTRUCTIONS, SECURITY_CONTEXT_FOOTER, getAgentConfirmInstructions, getEnabledCategoryReminders, buildSecurityContextPrompt, } from './prompts.js';
+//# sourceMappingURL=index.js.map

package/dist/src/hooks/before-agent-start/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/hooks/before-agent-start/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EACL,6BAA6B,EAC7B,oCAAoC,GACrC,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,uBAAuB,EACvB,mBAAmB,EACnB,kBAAkB,EAClB,2BAA2B,EAC3B,uBAAuB,EACvB,2BAA2B,EAC3B,2BAA2B,EAC3B,0BAA0B,GAC3B,MAAM,cAAc,CAAC"}

package/dist/src/hooks/before-agent-start/prompts.d.ts ADDED Viewed

@@ -0,0 +1,48 @@
+/**
+ * Before Agent Start Hook - Prompt Templates
+ *
+ * Templates for security context injection into agent system prompts.
+ */
+import type { ClawsecConfig } from '../../config/schema.js';
+/**
+ * Security context header
+ */
+export declare const SECURITY_CONTEXT_HEADER = "[CLAWSEC SECURITY CONTEXT]";
+/**
+ * Base security introduction
+ */
+export declare const BASE_SECURITY_INTRO = "This session has security protections enabled:";
+/**
+ * Category-specific security reminders
+ */
+export declare const CATEGORY_REMINDERS: {
+    readonly purchase: "- Purchase Protection: Transactions require approval";
+    readonly destructive: "- Destructive Commands: Commands like rm -rf, DROP TABLE are monitored";
+    readonly secrets: "- Secrets Detection: API keys and credentials in outputs are filtered";
+    readonly website: "- Website Control: Some domains may be restricted";
+    readonly exfiltration: "- Data Exfiltration: Outbound data transfers are monitored";
+};
+/**
+ * Instructions for when actions are blocked
+ */
+export declare const BLOCKED_ACTION_INSTRUCTIONS = "If an action is blocked:\n1. You'll receive a message explaining why\n2. For confirmable actions, retry with _clawsec_confirm=\"<approval-id>\"\n3. Some actions cannot be approved and are permanently blocked";
+/**
+ * Custom agent-confirm instructions with parameter name
+ */
+export declare function getAgentConfirmInstructions(parameterName: string): string;
+/**
+ * Footer for the security context
+ */
+export declare const SECURITY_CONTEXT_FOOTER = "Work safely within these protections.";
+/**
+ * Get enabled category reminders based on config
+ */
+export declare function getEnabledCategoryReminders(config: ClawsecConfig): string[];
+/**
+ * Build the full security context prompt
+ *
+ * @param config - Clawsec configuration
+ * @returns The complete security context prompt or undefined if no protections enabled
+ */
+export declare function buildSecurityContextPrompt(config: ClawsecConfig): string | undefined;
+//# sourceMappingURL=prompts.d.ts.map

package/dist/src/hooks/before-agent-start/prompts.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"prompts.d.ts","sourceRoot":"","sources":["../../../../src/hooks/before-agent-start/prompts.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAE5D;;GAEG;AACH,eAAO,MAAM,uBAAuB,+BAA+B,CAAC;AAEpE;;GAEG;AACH,eAAO,MAAM,mBAAmB,mDAAmD,CAAC;AAEpF;;GAEG;AACH,eAAO,MAAM,kBAAkB;;;;;;CAMrB,CAAC;AAEX;;GAEG;AACH,eAAO,MAAM,2BAA2B,oNAGuB,CAAC;AAEhE;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,aAAa,EAAE,MAAM,GAAG,MAAM,CAKzE;AAED;;GAEG;AACH,eAAO,MAAM,uBAAuB,0CAA0C,CAAC;AAE/E;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM,EAAE,CAqB3E;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM,GAAG,SAAS,CAmCpF"}

package/dist/src/hooks/before-agent-start/prompts.js ADDED Viewed

@@ -0,0 +1,103 @@
+/**
+ * Before Agent Start Hook - Prompt Templates
+ *
+ * Templates for security context injection into agent system prompts.
+ */
+/**
+ * Security context header
+ */
+export const SECURITY_CONTEXT_HEADER = '[CLAWSEC SECURITY CONTEXT]';
+/**
+ * Base security introduction
+ */
+export const BASE_SECURITY_INTRO = 'This session has security protections enabled:';
+/**
+ * Category-specific security reminders
+ */
+export const CATEGORY_REMINDERS = {
+    purchase: '- Purchase Protection: Transactions require approval',
+    destructive: '- Destructive Commands: Commands like rm -rf, DROP TABLE are monitored',
+    secrets: '- Secrets Detection: API keys and credentials in outputs are filtered',
+    website: '- Website Control: Some domains may be restricted',
+    exfiltration: '- Data Exfiltration: Outbound data transfers are monitored',
+};
+/**
+ * Instructions for when actions are blocked
+ */
+export const BLOCKED_ACTION_INSTRUCTIONS = `If an action is blocked:
+1. You'll receive a message explaining why
+2. For confirmable actions, retry with _clawsec_confirm="<approval-id>"
+3. Some actions cannot be approved and are permanently blocked`;
+/**
+ * Custom agent-confirm instructions with parameter name
+ */
+export function getAgentConfirmInstructions(parameterName) {
+    return `If an action is blocked:
+1. You'll receive a message explaining why
+2. For confirmable actions, retry with ${parameterName}="<approval-id>"
+3. Some actions cannot be approved and are permanently blocked`;
+}
+/**
+ * Footer for the security context
+ */
+export const SECURITY_CONTEXT_FOOTER = 'Work safely within these protections.';
+/**
+ * Get enabled category reminders based on config
+ */
+export function getEnabledCategoryReminders(config) {
+    const reminders = [];
+    const rules = config.rules;
+    if (rules?.purchase?.enabled) {
+        reminders.push(CATEGORY_REMINDERS.purchase);
+    }
+    if (rules?.destructive?.enabled) {
+        reminders.push(CATEGORY_REMINDERS.destructive);
+    }
+    if (rules?.secrets?.enabled) {
+        reminders.push(CATEGORY_REMINDERS.secrets);
+    }
+    if (rules?.website?.enabled) {
+        reminders.push(CATEGORY_REMINDERS.website);
+    }
+    if (rules?.exfiltration?.enabled) {
+        reminders.push(CATEGORY_REMINDERS.exfiltration);
+    }
+    return reminders;
+}
+/**
+ * Build the full security context prompt
+ *
+ * @param config - Clawsec configuration
+ * @returns The complete security context prompt or undefined if no protections enabled
+ */
+export function buildSecurityContextPrompt(config) {
+    // Check if plugin is globally enabled
+    if (config.global?.enabled === false) {
+        return undefined;
+    }
+    // Get enabled category reminders
+    const reminders = getEnabledCategoryReminders(config);
+    // If no categories are enabled, return undefined
+    if (reminders.length === 0) {
+        return undefined;
+    }
+    // Build the prompt sections
+    const sections = [
+        SECURITY_CONTEXT_HEADER,
+        '',
+        BASE_SECURITY_INTRO,
+        '',
+        ...reminders,
+    ];
+    // Add agent-confirm instructions if enabled
+    if (config.approval?.agentConfirm?.enabled !== false) {
+        const parameterName = config.approval?.agentConfirm?.parameterName ?? '_clawsec_confirm';
+        sections.push('');
+        sections.push(getAgentConfirmInstructions(parameterName));
+    }
+    // Add footer
+    sections.push('');
+    sections.push(SECURITY_CONTEXT_FOOTER);
+    return sections.join('\n');
+}
+//# sourceMappingURL=prompts.js.map

package/dist/src/hooks/before-agent-start/prompts.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../../../src/hooks/before-agent-start/prompts.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,4BAA4B,CAAC;AAEpE;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,gDAAgD,CAAC;AAEpF;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,QAAQ,EAAE,sDAAsD;IAChE,WAAW,EAAE,wEAAwE;IACrF,OAAO,EAAE,uEAAuE;IAChF,OAAO,EAAE,mDAAmD;IAC5D,YAAY,EAAE,4DAA4D;CAClE,CAAC;AAEX;;GAEG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG;;;+DAGoB,CAAC;AAEhE;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,aAAqB;IAC/D,OAAO;;yCAEgC,aAAa;+DACS,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,uCAAuC,CAAC;AAE/E;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,MAAqB;IAC/D,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IAE3B,IAAI,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;QAC7B,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC;QAChC,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC;IACD,IAAI,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;QAC5B,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;QAC5B,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;IAC7C,CAAC;IACD,IAAI,KAAK,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC;QACjC,SAAS,CAAC,IAAI,CAAC,kBAAkB,CAAC,YAAY,CAAC,CAAC;IAClD,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,MAAqB;IAC9D,sCAAsC;IACtC,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,iCAAiC;IACjC,MAAM,SAAS,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;IAEtD,iDAAiD;IACjD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,4BAA4B;IAC5B,MAAM,QAAQ,GAAa;QACzB,uBAAuB;QACvB,EAAE;QACF,mBAAmB;QACnB,EAAE;QACF,GAAG,SAAS;KACb,CAAC;IAEF,4CAA4C;IAC5C,IAAI,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;QACrD,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa,IAAI,kBAAkB,CAAC;QACzF,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAClB,QAAQ,CAAC,IAAI,CAAC,2BAA2B,CAAC,aAAa,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,aAAa;IACb,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAClB,QAAQ,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAEvC,OAAO,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC"}

package/dist/src/hooks/before-tool-call/handler.d.ts ADDED Viewed

@@ -0,0 +1,42 @@
+/**
+ * Before Tool Call Hook Handler
+ *
+ * Main hook handler that intercepts tool calls, runs detection,
+ * and blocks/confirms dangerous actions.
+ */
+import type { BeforeToolCallHandler } from '../../index.js';
+import type { Analyzer } from '../../engine/types.js';
+import type { ActionExecutor } from '../../actions/types.js';
+import type { ClawsecConfig } from '../../config/schema.js';
+import type { AgentConfirmHandler } from '../../approval/agent-confirm.js';
+/**
+ * Options for creating a before-tool-call handler
+ */
+export interface BeforeToolCallHandlerOptions {
+    /** Custom analyzer instance */
+    analyzer?: Analyzer;
+    /** Custom action executor instance */
+    executor?: ActionExecutor;
+    /** Custom agent confirm handler instance */
+    agentConfirm?: AgentConfirmHandler;
+}
+/**
+ * Create the before-tool-call handler
+ *
+ * Flow:
+ * 1. Check if plugin is enabled
+ * 2. Check for agent-confirm parameter -> validate and allow if valid
+ * 3. Run HybridAnalyzer on tool call context
+ * 4. Execute action based on analysis result
+ * 5. Return appropriate BeforeToolCallResult
+ *
+ * @param config - Clawsec configuration
+ * @param options - Optional custom components
+ * @returns BeforeToolCallHandler function
+ */
+export declare function createBeforeToolCallHandler(config: ClawsecConfig, options?: BeforeToolCallHandlerOptions): BeforeToolCallHandler;
+/**
+ * Create a default before-tool-call handler with default configuration
+ */
+export declare function createDefaultBeforeToolCallHandler(): BeforeToolCallHandler;
+//# sourceMappingURL=handler.d.ts.map

package/dist/src/hooks/before-tool-call/handler.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../../src/hooks/before-tool-call/handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAGV,qBAAqB,EAGtB,MAAM,gBAAgB,CAAC;AACxB,OAAO,KAAK,EACV,QAAQ,EAGT,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAE,cAAc,EAA+B,MAAM,wBAAwB,CAAC;AAC1F,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAM3E;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C,+BAA+B;IAC/B,QAAQ,CAAC,EAAE,QAAQ,CAAC;IACpB,sCAAsC;IACtC,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,4CAA4C;IAC5C,YAAY,CAAC,EAAE,mBAAmB,CAAC;CACpC;AAiGD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,aAAa,EACrB,OAAO,CAAC,EAAE,4BAA4B,GACrC,qBAAqB,CAsEvB;AAED;;GAEG;AACH,wBAAgB,kCAAkC,IAAI,qBAAqB,CAmE1E"}

package/dist/src/hooks/before-tool-call/handler.js ADDED Viewed

@@ -0,0 +1,226 @@
+/**
+ * Before Tool Call Hook Handler
+ *
+ * Main hook handler that intercepts tool calls, runs detection,
+ * and blocks/confirms dangerous actions.
+ */
+import { createAnalyzer } from '../../engine/analyzer.js';
+import { createActionExecutor } from '../../actions/executor.js';
+import { createAgentConfirmHandler } from '../../approval/agent-confirm.js';
+import { getDefaultApprovalStore } from '../../approval/store.js';
+/**
+ * Convert hook ToolCallContext to engine ToolCallContext
+ * The engine context has a slightly different shape
+ */
+function toEngineContext(hookContext) {
+    return {
+        toolName: hookContext.toolName,
+        toolInput: hookContext.toolInput,
+        // url can be extracted from toolInput if present
+        url: typeof hookContext.toolInput.url === 'string' ? hookContext.toolInput.url : undefined,
+    };
+}
+/**
+ * Convert analysis result and action result to BeforeToolCallResult
+ */
+function toBeforeToolCallResult(actionResult, detection) {
+    const result = {
+        allow: actionResult.allowed,
+    };
+    // Add block message if not allowed
+    if (!actionResult.allowed && actionResult.message) {
+        result.blockMessage = actionResult.message;
+    }
+    // Add metadata from primary detection
+    if (detection) {
+        result.metadata = {
+            category: detection.category,
+            severity: detection.severity,
+            reason: detection.reason,
+        };
+        // Add rule if present in detection metadata
+        if (detection.metadata?.rule && typeof detection.metadata.rule === 'string') {
+            result.metadata.rule = detection.metadata.rule;
+        }
+    }
+    // Add pending approval instructions to block message if present
+    if (actionResult.pendingApproval) {
+        const approvalInfo = `\n\nApproval ID: ${actionResult.pendingApproval.id}\nTimeout: ${actionResult.pendingApproval.timeout}s\nMethods: ${actionResult.pendingApproval.methods.join(', ')}`;
+        result.blockMessage = (result.blockMessage || 'Approval required') + approvalInfo;
+    }
+    return result;
+}
+/**
+ * Create the allow result for when no threats are detected
+ */
+function createAllowResult() {
+    return {
+        allow: true,
+    };
+}
+/**
+ * Create a result for valid agent-confirm flow
+ */
+function createAgentConfirmAllowResult(strippedInput) {
+    return {
+        allow: true,
+        modifiedInput: strippedInput,
+    };
+}
+/**
+ * Create a result for invalid agent-confirm flow
+ */
+function createAgentConfirmInvalidResult(error) {
+    return {
+        allow: false,
+        blockMessage: error || 'Invalid or expired approval confirmation',
+        metadata: {
+            reason: 'Agent confirmation parameter was present but invalid',
+        },
+    };
+}
+/**
+ * Create a result for disabled plugin
+ */
+function createDisabledResult() {
+    return {
+        allow: true,
+    };
+}
+/**
+ * Create the before-tool-call handler
+ *
+ * Flow:
+ * 1. Check if plugin is enabled
+ * 2. Check for agent-confirm parameter -> validate and allow if valid
+ * 3. Run HybridAnalyzer on tool call context
+ * 4. Execute action based on analysis result
+ * 5. Return appropriate BeforeToolCallResult
+ *
+ * @param config - Clawsec configuration
+ * @param options - Optional custom components
+ * @returns BeforeToolCallHandler function
+ */
+export function createBeforeToolCallHandler(config, options) {
+    // Create or use provided components
+    const analyzer = options?.analyzer ?? createAnalyzer(config);
+    const executor = options?.executor ?? createActionExecutor();
+    const agentConfirm = options?.agentConfirm ??
+        createAgentConfirmHandler({
+            enabled: config.approval?.agentConfirm?.enabled ?? true,
+            parameterName: config.approval?.agentConfirm?.parameterName,
+            store: getDefaultApprovalStore(),
+        });
+    // Get the parameter name from config
+    const confirmParamName = config.approval?.agentConfirm?.parameterName ?? '_clawsec_confirm';
+    return async (context) => {
+        // 1. Check if plugin is disabled
+        if (config.global?.enabled === false) {
+            return createDisabledResult();
+        }
+        // 2. Check for agent-confirm parameter
+        if (config.approval?.agentConfirm?.enabled !== false) {
+            const confirmResult = agentConfirm.checkConfirmation(context.toolInput, confirmParamName);
+            if (confirmResult.confirmed) {
+                // Agent is trying to confirm a previous action
+                const processResult = agentConfirm.processConfirmation(context.toolInput, confirmParamName);
+                if (processResult.valid) {
+                    // Valid confirmation - strip the parameter and allow
+                    const strippedInput = agentConfirm.stripConfirmParameter(context.toolInput, confirmParamName);
+                    return createAgentConfirmAllowResult(strippedInput);
+                }
+                else {
+                    // Invalid confirmation - block
+                    return createAgentConfirmInvalidResult(processResult.error);
+                }
+            }
+        }
+        // 3. Run the analyzer
+        const engineContext = toEngineContext(context);
+        const analysis = await analyzer.analyze(engineContext);
+        // 4. If no detections or action is allow/log/warn, handle appropriately
+        if (analysis.action === 'allow') {
+            return createAllowResult();
+        }
+        // 5. Execute the action
+        const actionContext = {
+            analysis,
+            toolCall: engineContext,
+            config,
+        };
+        const actionResult = await executor.execute(actionContext);
+        // 6. Convert to BeforeToolCallResult
+        return toBeforeToolCallResult(actionResult, analysis.primaryDetection);
+    };
+}
+/**
+ * Create a default before-tool-call handler with default configuration
+ */
+export function createDefaultBeforeToolCallHandler() {
+    const defaultConfig = {
+        version: '1.0',
+        global: {
+            enabled: true,
+            logLevel: 'info',
+        },
+        llm: {
+            enabled: true,
+            model: null,
+        },
+        rules: {
+            purchase: {
+                enabled: true,
+                severity: 'critical',
+                action: 'block',
+                spendLimits: { perTransaction: 100, daily: 500 },
+                domains: { mode: 'blocklist', blocklist: [] },
+            },
+            website: {
+                enabled: true,
+                mode: 'blocklist',
+                severity: 'high',
+                action: 'block',
+                blocklist: [],
+                allowlist: [],
+            },
+            destructive: {
+                enabled: true,
+                severity: 'critical',
+                action: 'confirm',
+                shell: { enabled: true },
+                cloud: { enabled: true },
+                code: { enabled: true },
+            },
+            secrets: {
+                enabled: true,
+                severity: 'critical',
+                action: 'block',
+            },
+            exfiltration: {
+                enabled: true,
+                severity: 'high',
+                action: 'block',
+            },
+            sanitization: {
+                enabled: true,
+                severity: 'high',
+                action: 'block',
+                minConfidence: 0.5,
+                redactMatches: false,
+                categories: {
+                    instructionOverride: true,
+                    systemLeak: true,
+                    jailbreak: true,
+                    encodedPayload: true,
+                },
+            },
+        },
+        approval: {
+            native: { enabled: true, timeout: 300 },
+            agentConfirm: { enabled: true, parameterName: '_clawsec_confirm' },
+            webhook: { enabled: false, url: undefined, timeout: 30, headers: {} },
+        },
+    };
+    return createBeforeToolCallHandler(defaultConfig);
+}
+//# sourceMappingURL=handler.js.map

package/dist/src/hooks/before-tool-call/handler.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"handler.js","sourceRoot":"","sources":["../../../../src/hooks/before-tool-call/handler.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAiBH,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,yBAAyB,EAAE,MAAM,iCAAiC,CAAC;AAC5E,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAclE;;;GAGG;AACH,SAAS,eAAe,CAAC,WAAgC;IACvD,OAAO;QACL,QAAQ,EAAE,WAAW,CAAC,QAAQ;QAC9B,SAAS,EAAE,WAAW,CAAC,SAAS;QAChC,iDAAiD;QACjD,GAAG,EAAE,OAAO,WAAW,CAAC,SAAS,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;KAC3F,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAC7B,YAA0B,EAC1B,SAAqB;IAErB,MAAM,MAAM,GAAyB;QACnC,KAAK,EAAE,YAAY,CAAC,OAAO;KAC5B,CAAC;IAEF,mCAAmC;IACnC,IAAI,CAAC,YAAY,CAAC,OAAO,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QAClD,MAAM,CAAC,YAAY,GAAG,YAAY,CAAC,OAAO,CAAC;IAC7C,CAAC;IAED,sCAAsC;IACtC,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,CAAC,QAAQ,GAAG;YAChB,QAAQ,EAAE,SAAS,CAAC,QAA0B;YAC9C,QAAQ,EAAE,SAAS,CAAC,QAAoB;YACxC,MAAM,EAAE,SAAS,CAAC,MAAM;SACzB,CAAC;QAEF,4CAA4C;QAC5C,IAAI,SAAS,CAAC,QAAQ,EAAE,IAAI,IAAI,OAAO,SAAS,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC5E,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC;QACjD,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,IAAI,YAAY,CAAC,eAAe,EAAE,CAAC;QACjC,MAAM,YAAY,GAAG,oBAAoB,YAAY,CAAC,eAAe,CAAC,EAAE,cAAc,YAAY,CAAC,eAAe,CAAC,OAAO,eAAe,YAAY,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3L,MAAM,CAAC,YAAY,GAAG,CAAC,MAAM,CAAC,YAAY,IAAI,mBAAmB,CAAC,GAAG,YAAY,CAAC;IACpF,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB;IACxB,OAAO;QACL,KAAK,EAAE,IAAI;KACZ,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,6BAA6B,CACpC,aAAsC;IAEtC,OAAO;QACL,KAAK,EAAE,IAAI;QACX,aAAa,EAAE,aAAa;KAC7B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,+BAA+B,CAAC,KAAc;IACrD,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,YAAY,EAAE,KAAK,IAAI,0CAA0C;QACjE,QAAQ,EAAE;YACR,MAAM,EAAE,sDAAsD;SAC/D;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,oBAAoB;IAC3B,OAAO;QACL,KAAK,EAAE,IAAI;KACZ,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,2BAA2B,CACzC,MAAqB,EACrB,OAAsC;IAEtC,oCAAoC;IACpC,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;IAC7D,MAAM,QAAQ,GAAG,OAAO,EAAE,QAAQ,IAAI,oBAAoB,EAAE,CAAC;IAC7D,MAAM,YAAY,GAChB,OAAO,EAAE,YAAY;QACrB,yBAAyB,CAAC;YACxB,OAAO,EAAE,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,IAAI,IAAI;YACvD,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa;YAC3D,KAAK,EAAE,uBAAuB,EAAE;SACjC,CAAC,CAAC;IAEL,qCAAqC;IACrC,MAAM,gBAAgB,GAAG,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,aAAa,IAAI,kBAAkB,CAAC;IAE5F,OAAO,KAAK,EAAE,OAA4B,EAAiC,EAAE;QAC3E,iCAAiC;QACjC,IAAI,MAAM,CAAC,MAAM,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YACrC,OAAO,oBAAoB,EAAE,CAAC;QAChC,CAAC;QAED,uCAAuC;QACvC,IAAI,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,OAAO,KAAK,KAAK,EAAE,CAAC;YACrD,MAAM,aAAa,GAAG,YAAY,CAAC,iBAAiB,CAClD,OAAO,CAAC,SAAS,EACjB,gBAAgB,CACjB,CAAC;YAEF,IAAI,aAAa,CAAC,SAAS,EAAE,CAAC;gBAC5B,+CAA+C;gBAC/C,MAAM,aAAa,GAAG,YAAY,CAAC,mBAAmB,CACpD,OAAO,CAAC,SAAS,EACjB,gBAAgB,CACjB,CAAC;gBAEF,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;oBACxB,qDAAqD;oBACrD,MAAM,aAAa,GAAG,YAAY,CAAC,qBAAqB,CACtD,OAAO,CAAC,SAAS,EACjB,gBAAgB,CACjB,CAAC;oBACF,OAAO,6BAA6B,CAAC,aAAa,CAAC,CAAC;gBACtD,CAAC;qBAAM,CAAC;oBACN,+BAA+B;oBAC/B,OAAO,+BAA+B,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;gBAC9D,CAAC;YACH,CAAC;QACH,CAAC;QAED,sBAAsB;QACtB,MAAM,aAAa,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAEvD,wEAAwE;QACxE,IAAI,QAAQ,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YAChC,OAAO,iBAAiB,EAAE,CAAC;QAC7B,CAAC;QAED,wBAAwB;QACxB,MAAM,aAAa,GAAkB;YACnC,QAAQ;YACR,QAAQ,EAAE,aAAa;YACvB,MAAM;SACP,CAAC;QAEF,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAE3D,qCAAqC;QACrC,OAAO,sBAAsB,CAAC,YAAY,EAAE,QAAQ,CAAC,gBAAgB,CAAC,CAAC;IACzE,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kCAAkC;IAChD,MAAM,aAAa,GAAkB;QACnC,OAAO,EAAE,KAAK;QACd,MAAM,EAAE;YACN,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,MAAM;SACjB;QACD,GAAG,EAAE;YACH,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,IAAI;SACZ;QACD,KAAK,EAAE;YACL,QAAQ,EAAE;gBACR,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,OAAO;gBACf,WAAW,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE;gBAChD,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,EAAE;aAC9C;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE,EAAE;gBACb,SAAS,EAAE,EAAE;aACd;YACD,WAAW,EAAE;gBACX,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,SAAS;gBACjB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBACxB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;gBACxB,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;aACxB;YACD,OAAO,EAAE;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,UAAU;gBACpB,MAAM,EAAE,OAAO;aAChB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;aAChB;YACD,YAAY,EAAE;gBACZ,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE,MAAM;gBAChB,MAAM,EAAE,OAAO;gBACf,aAAa,EAAE,GAAG;gBAClB,aAAa,EAAE,KAAK;gBACpB,UAAU,EAAE;oBACV,mBAAmB,EAAE,IAAI;oBACzB,UAAU,EAAE,IAAI;oBAChB,SAAS,EAAE,IAAI;oBACf,cAAc,EAAE,IAAI;iBACrB;aACF;SACF;QACD,QAAQ,EAAE;YACR,MAAM,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE;YACvC,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,kBAAkB,EAAE;YAClE,OAAO,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE;SACtE;KACF,CAAC;IAEF,OAAO,2BAA2B,CAAC,aAAa,CAAC,CAAC;AACpD,CAAC"}

package/dist/src/hooks/before-tool-call/index.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Before Tool Call Hook
+ * Re-exports for the before-tool-call hook
+ */
+export type { BeforeToolCallHandlerOptions } from './handler.js';
+export { createBeforeToolCallHandler, createDefaultBeforeToolCallHandler, } from './handler.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/hooks/before-tool-call/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/hooks/before-tool-call/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,YAAY,EAAE,4BAA4B,EAAE,MAAM,cAAc,CAAC;AAEjE,OAAO,EACL,2BAA2B,EAC3B,kCAAkC,GACnC,MAAM,cAAc,CAAC"}

package/dist/src/hooks/before-tool-call/index.js ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Before Tool Call Hook
+ * Re-exports for the before-tool-call hook
+ */
+export { createBeforeToolCallHandler, createDefaultBeforeToolCallHandler, } from './handler.js';
+//# sourceMappingURL=index.js.map

package/dist/src/hooks/before-tool-call/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/hooks/before-tool-call/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EACL,2BAA2B,EAC3B,kCAAkC,GACnC,MAAM,cAAc,CAAC"}

package/dist/src/hooks/tool-result-persist/filter.d.ts ADDED Viewed

@@ -0,0 +1,72 @@
+/**
+ * Output Filtering Logic for Tool Result Persist Hook
+ *
+ * Scans tool outputs for secrets/PII and redacts sensitive data
+ * before it's persisted.
+ */
+import type { SecretsDetectionResult } from '../../detectors/secrets/types.js';
+/**
+ * Represents a single redaction made to the output
+ */
+export interface Redaction {
+    /** Type of secret that was redacted (e.g., 'openai-api-key', 'ssn', 'jwt') */
+    type: string;
+    /** Human-readable description of what was redacted */
+    description: string;
+}
+/**
+ * Result of filtering an output
+ */
+export interface FilterResult {
+    /** The filtered output with secrets redacted */
+    filteredOutput: unknown;
+    /** List of redactions made */
+    redactions: Redaction[];
+    /** Whether any redactions were made */
+    wasRedacted: boolean;
+}
+/**
+ * Redact a single string value using pattern matching
+ *
+ * @param text - The text to scan and redact
+ * @returns FilterResult with redacted text and list of redactions
+ */
+export declare function redactString(text: string): FilterResult;
+/**
+ * Recursively filter an object, redacting secrets in string values
+ *
+ * @param obj - The object to filter
+ * @returns FilterResult with filtered object and aggregated redactions
+ */
+export declare function redactObject(obj: Record<string, unknown>): FilterResult;
+/**
+ * Recursively filter an array, redacting secrets in string values
+ *
+ * @param arr - The array to filter
+ * @returns FilterResult with filtered array and aggregated redactions
+ */
+export declare function redactArray(arr: unknown[]): FilterResult;
+/**
+ * Filter any value, dispatching to the appropriate handler based on type
+ *
+ * @param value - The value to filter (can be any type)
+ * @returns FilterResult with filtered value and redactions
+ */
+export declare function filterValue(value: unknown): FilterResult;
+/**
+ * Convert secrets detection results to redactions
+ *
+ * @param detections - Array of detection results from the secrets detector
+ * @returns Array of redactions based on the detections
+ */
+export declare function detectionsToRedactions(detections: SecretsDetectionResult[]): Redaction[];
+/**
+ * Main filter function that combines pattern-based filtering
+ * with detection-based redaction info
+ *
+ * @param output - The tool output to filter
+ * @param detections - Optional array of detection results for more accurate redaction types
+ * @returns FilterResult with filtered output and redactions
+ */
+export declare function filterOutput(output: unknown, detections?: SecretsDetectionResult[]): FilterResult;
+//# sourceMappingURL=filter.d.ts.map

package/dist/src/hooks/tool-result-persist/filter.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"filter.d.ts","sourceRoot":"","sources":["../../../../src/hooks/tool-result-persist/filter.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,kCAAkC,CAAC;AAE/E;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,8EAA8E;IAC9E,IAAI,EAAE,MAAM,CAAC;IACb,sDAAsD;IACtD,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,gDAAgD;IAChD,cAAc,EAAE,OAAO,CAAC;IACxB,8BAA8B;IAC9B,UAAU,EAAE,SAAS,EAAE,CAAC;IACxB,uCAAuC;IACvC,WAAW,EAAE,OAAO,CAAC;CACtB;AAqID;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,YAAY,CAoCvD;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,YAAY,CAuBvE;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,YAAY,CAuBxD;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,OAAO,GAAG,YAAY,CA+BxD;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,sBAAsB,EAAE,GACnC,SAAS,EAAE,CA4Bb;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAC1B,MAAM,EAAE,OAAO,EACf,UAAU,CAAC,EAAE,sBAAsB,EAAE,GACpC,YAAY,CAoBd"}