compact-agent 1.18.0 → 1.19.0

package/dist/execpolicy.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Execpolicy DSL — a lightweight command-intent allowlist that gates
+ * bash commands BEFORE the existing ask/auto/yolo permission flow.
+ *
+ * Inspired by codex-rs/execpolicy/. Three decisions per rule:
+ *   allow      — skip the permission prompt (treat as yolo for this cmd)
+ *   prompt     — force the prompt even in `auto` mode
+ *   forbidden  — block outright, don't even prompt; print reason
+ *
+ * First matching rule wins. If no rule matches, the original
+ * permission mode is honored (so the default is "no change to behavior").
+ *
+ * The DEFAULT_RULES below codify the most-common safety intents the
+ * Codex execpolicy ships, condensed to what's portable across Win/
+ * macOS/Linux. Users can override at runtime via /perm-policy and the
+ * config field `execpolicy` (TODO in v1.20).
+ *
+ * Real OS-native sandboxing (Seatbelt/landlock/ACL) is intentionally
+ * out of scope for this layer — it's an evening's work in TS for an
+ * intent gate, vs weeks for proper sandboxing. This is the audit's
+ * pragmatic recommendation.
+ */
+export type Decision = 'allow' | 'prompt' | 'forbidden';
+export interface ExecRule {
+    /** Command prefix or regex. String values are treated as `^<value>`. */
+    pattern: RegExp | string;
+    decision: Decision;
+    /** Optional: only match if this also tests true */
+    match?: RegExp | string;
+    /** Optional: only match if this tests FALSE */
+    notMatch?: RegExp | string;
+    /** Shown to the user when decision != 'allow' */
+    reason?: string;
+    /** Human-readable rule name for logging / debugging */
+    id?: string;
+}
+export interface PolicyResult {
+    decision: Decision;
+    reason?: string;
+    ruleId?: string;
+}
+/**
+ * Built-in policy. Ordered: most-specific dangerous patterns first
+ * so they fire before broader category rules. Allows come last so
+ * a dangerous variant of "git" hits the prompt rule before the
+ * "git read ops" allow.
+ */
+export declare const DEFAULT_RULES: ExecRule[];
+/**
+ * Evaluate a bash command against the policy. Returns the FIRST
+ * matching rule's decision. If nothing matches, returns
+ * { decision: 'prompt' } so the user's configured permission mode
+ * decides — i.e. a no-op for `auto` (non-destructive tools pass)
+ * and a single prompt for `ask`.
+ */
+export declare function evaluateCommand(cmd: string, rules?: ExecRule[]): PolicyResult;

package/dist/execpolicy.js

@@ -0,0 +1,209 @@
+/**
+ * Execpolicy DSL — a lightweight command-intent allowlist that gates
+ * bash commands BEFORE the existing ask/auto/yolo permission flow.
+ *
+ * Inspired by codex-rs/execpolicy/. Three decisions per rule:
+ *   allow      — skip the permission prompt (treat as yolo for this cmd)
+ *   prompt     — force the prompt even in `auto` mode
+ *   forbidden  — block outright, don't even prompt; print reason
+ *
+ * First matching rule wins. If no rule matches, the original
+ * permission mode is honored (so the default is "no change to behavior").
+ *
+ * The DEFAULT_RULES below codify the most-common safety intents the
+ * Codex execpolicy ships, condensed to what's portable across Win/
+ * macOS/Linux. Users can override at runtime via /perm-policy and the
+ * config field `execpolicy` (TODO in v1.20).
+ *
+ * Real OS-native sandboxing (Seatbelt/landlock/ACL) is intentionally
+ * out of scope for this layer — it's an evening's work in TS for an
+ * intent gate, vs weeks for proper sandboxing. This is the audit's
+ * pragmatic recommendation.
+ */
+/**
+ * Built-in policy. Ordered: most-specific dangerous patterns first
+ * so they fire before broader category rules. Allows come last so
+ * a dangerous variant of "git" hits the prompt rule before the
+ * "git read ops" allow.
+ */
+export const DEFAULT_RULES = [
+    // ── FORBIDDEN (block outright) ────────────────────────
+    {
+        id: 'rm-rf-root',
+        pattern: /\brm\s/,
+        match: /-r[a-z]*f|-f[a-z]*r/,
+        notMatch: /^[\s\S]*?\srm\s.*\s\.\.?\/?$/, // allow rm -rf . or ..
+        decision: 'forbidden',
+        reason: 'rm with recursive force flag; require explicit user approval',
+    },
+    {
+        id: 'rm-system-path',
+        pattern: /\brm\s.*\s(\/|C:\\?|\/usr|\/etc|\/bin|\/sbin|\/var|\/boot)\b/,
+        decision: 'forbidden',
+        reason: 'targeting a system path',
+    },
+    {
+        id: 'shutdown',
+        pattern: /^(shutdown|reboot|halt|poweroff)\b/,
+        decision: 'forbidden',
+        reason: 'system shutdown / reboot',
+    },
+    {
+        id: 'dd-disk',
+        pattern: /^dd\s/,
+        match: /of=\/dev\/(sd|nvme|hd|disk)/,
+        decision: 'forbidden',
+        reason: 'dd writing to raw disk device',
+    },
+    {
+        id: 'format-disk',
+        pattern: /^(format|mkfs|diskpart)\b/,
+        decision: 'forbidden',
+        reason: 'disk formatting',
+    },
+    // ── PROMPT (force prompt even in auto mode) ───────────
+    {
+        id: 'sudo',
+        pattern: /^sudo\b/,
+        decision: 'prompt',
+        reason: 'requires elevated privileges',
+    },
+    {
+        id: 'rm-recursive',
+        pattern: /\brm\s/,
+        match: /-r/,
+        decision: 'prompt',
+        reason: 'recursive removal',
+    },
+    {
+        id: 'curl-pipe-shell',
+        pattern: /\bcurl\b/,
+        match: /\|\s*(sh|bash|zsh|fish)\b/,
+        decision: 'prompt',
+        reason: 'piping curl output directly to shell',
+    },
+    {
+        id: 'wget-pipe-shell',
+        pattern: /\bwget\b/,
+        match: /\|\s*(sh|bash|zsh|fish)\b/,
+        decision: 'prompt',
+        reason: 'piping wget output directly to shell',
+    },
+    {
+        id: 'git-force-push',
+        pattern: /^git\s+push\b/,
+        match: /--force(?!-with-lease)|--mirror|\+/,
+        decision: 'prompt',
+        reason: 'force-push (rewrites remote history)',
+    },
+    {
+        id: 'git-reset-hard',
+        pattern: /^git\s+reset\b/,
+        match: /--hard/,
+        decision: 'prompt',
+        reason: 'hard reset discards uncommitted work',
+    },
+    {
+        id: 'git-clean-force',
+        pattern: /^git\s+clean\b/,
+        match: /-f/,
+        decision: 'prompt',
+        reason: 'git clean -f deletes untracked files',
+    },
+    {
+        id: 'npm-mutate-registry',
+        pattern: /^npm\s+(unpublish|deprecate)\b/,
+        decision: 'prompt',
+        reason: 'mutating the npm registry',
+    },
+    {
+        id: 'pip-uninstall',
+        pattern: /^pip(3)?\s+uninstall\b/,
+        decision: 'prompt',
+        reason: 'pip uninstall',
+    },
+    {
+        id: 'docker-rm-volume',
+        pattern: /^docker\s+(volume\s+rm|system\s+prune|rm\s+--force|kill)\b/,
+        decision: 'prompt',
+        reason: 'docker destructive operation',
+    },
+    // ── ALLOW (skip prompt entirely) ──────────────────────
+    // Pure read / inspection ops — safe to auto-approve even in `ask` mode
+    { id: 'cat', pattern: /^cat\s/, decision: 'allow' },
+    { id: 'less', pattern: /^less\s/, decision: 'allow' },
+    { id: 'more', pattern: /^more\s/, decision: 'allow' },
+    { id: 'head', pattern: /^head\s/, decision: 'allow' },
+    { id: 'tail', pattern: /^tail\s/, decision: 'allow' },
+    { id: 'ls', pattern: /^ls\b/, decision: 'allow' },
+    { id: 'dir', pattern: /^dir\b/, decision: 'allow' },
+    { id: 'pwd', pattern: /^pwd\s*$/, decision: 'allow' },
+    { id: 'echo', pattern: /^echo\s/, decision: 'allow' },
+    { id: 'which', pattern: /^which\s/, decision: 'allow' },
+    { id: 'where', pattern: /^where\s/, decision: 'allow' },
+    { id: 'whoami', pattern: /^whoami\s*$/, decision: 'allow' },
+    { id: 'env', pattern: /^env\s*$|^env\s+\|\s/, decision: 'allow' },
+    { id: 'date', pattern: /^date\s*$|^date\s+\+/, decision: 'allow' },
+    { id: 'uname', pattern: /^uname\b/, decision: 'allow' },
+    { id: 'file', pattern: /^file\s/, decision: 'allow' },
+    { id: 'wc', pattern: /^wc\s/, decision: 'allow' },
+    { id: 'stat', pattern: /^stat\s/, decision: 'allow' },
+    // Git read ops
+    {
+        id: 'git-read',
+        pattern: /^git\s+(status|log|diff|show|branch|tag|remote(\s+-v)?|stash\s+list|config\s+--get|reflog|describe|blame|rev-parse|ls-files)\b/,
+        decision: 'allow',
+    },
+    // npm/pnpm/yarn read ops
+    {
+        id: 'npm-read',
+        pattern: /^(npm|pnpm|yarn)\s+(list|ls|view|info|outdated|audit|why|exec|run\s+--list)\b/,
+        decision: 'allow',
+    },
+    // pip / python read ops
+    {
+        id: 'pip-read',
+        pattern: /^(pip|pip3)\s+(list|show|freeze|check|search)\b/,
+        decision: 'allow',
+    },
+    // Process listing
+    {
+        id: 'process-list',
+        pattern: /^(ps|top|htop|tasklist|jobs)\b/,
+        decision: 'allow',
+    },
+];
+function compileMatcher(p, anchor) {
+    if (p instanceof RegExp)
+        return p;
+    return new RegExp(anchor ? `^${p}` : p);
+}
+function applyRule(cmd, rule) {
+    if (!compileMatcher(rule.pattern, true).test(cmd))
+        return false;
+    if (rule.match && !compileMatcher(rule.match, false).test(cmd))
+        return false;
+    if (rule.notMatch && compileMatcher(rule.notMatch, false).test(cmd))
+        return false;
+    return true;
+}
+/**
+ * Evaluate a bash command against the policy. Returns the FIRST
+ * matching rule's decision. If nothing matches, returns
+ * { decision: 'prompt' } so the user's configured permission mode
+ * decides — i.e. a no-op for `auto` (non-destructive tools pass)
+ * and a single prompt for `ask`.
+ */
+export function evaluateCommand(cmd, rules = DEFAULT_RULES) {
+    const c = cmd.trim();
+    if (!c)
+        return { decision: 'prompt' };
+    for (const r of rules) {
+        if (applyRule(c, r)) {
+            return { decision: r.decision, reason: r.reason, ruleId: r.id };
+        }
+    }
+    // No rule matched — defer to the normal permission flow
+    return { decision: 'prompt' };
+}
+//# sourceMappingURL=execpolicy.js.map

package/dist/execpolicy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"execpolicy.js","sourceRoot":"","sources":["../src/execpolicy.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAwBH;;;;;GAKG;AACH,MAAM,CAAC,MAAM,aAAa,GAAe;IACvC,yDAAyD;IACzD;QACE,EAAE,EAAE,YAAY;QAChB,OAAO,EAAE,QAAQ;QACjB,KAAK,EAAE,qBAAqB;QAC5B,QAAQ,EAAE,8BAA8B,EAAG,uBAAuB;QAClE,QAAQ,EAAE,WAAW;QACrB,MAAM,EAAE,8DAA8D;KACvE;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,OAAO,EAAE,8DAA8D;QACvE,QAAQ,EAAE,WAAW;QACrB,MAAM,EAAE,yBAAyB;KAClC;IACD;QACE,EAAE,EAAE,UAAU;QACd,OAAO,EAAE,oCAAoC;QAC7C,QAAQ,EAAE,WAAW;QACrB,MAAM,EAAE,0BAA0B;KACnC;IACD;QACE,EAAE,EAAE,SAAS;QACb,OAAO,EAAE,OAAO;QAChB,KAAK,EAAE,6BAA6B;QACpC,QAAQ,EAAE,WAAW;QACrB,MAAM,EAAE,+BAA+B;KACxC;IACD;QACE,EAAE,EAAE,aAAa;QACjB,OAAO,EAAE,2BAA2B;QACpC,QAAQ,EAAE,WAAW;QACrB,MAAM,EAAE,iBAAiB;KAC1B;IAED,yDAAyD;IACzD;QACE,EAAE,EAAE,MAAM;QACV,OAAO,EAAE,SAAS;QAClB,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,8BAA8B;KACvC;IACD;QACE,EAAE,EAAE,cAAc;QAClB,OAAO,EAAE,QAAQ;QACjB,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,mBAAmB;KAC5B;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,2BAA2B;QAClC,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,sCAAsC;KAC/C;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,OAAO,EAAE,UAAU;QACnB,KAAK,EAAE,2BAA2B;QAClC,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,sCAAsC;KAC/C;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,OAAO,EAAE,eAAe;QACxB,KAAK,EAAE,oCAAoC;QAC3C,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,sCAAsC;KAC/C;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,OAAO,EAAE,gBAAgB;QACzB,KAAK,EAAE,QAAQ;QACf,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,sCAAsC;KAC/C;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,OAAO,EAAE,gBAAgB;QACzB,KAAK,EAAE,IAAI;QACX,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,sCAAsC;KAC/C;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,2BAA2B;KACpC;IACD;QACE,EAAE,EAAE,eAAe;QACnB,OAAO,EAAE,wBAAwB;QACjC,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,eAAe;KACxB;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,8BAA8B;KACvC;IAED,yDAAyD;IACzD,uEAAuE;IACvE,EAAE,EAAE,EAAE,KAAK,EAAM,OAAO,EAAE,QAAQ,EAAK,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,MAAM,EAAK,OAAO,EAAE,SAAS,EAAI,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,MAAM,EAAK,OAAO,EAAE,SAAS,EAAI,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,MAAM,EAAK,OAAO,EAAE,SAAS,EAAI,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,MAAM,EAAK,OAAO,EAAE,SAAS,EAAI,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,IAAI,EAAO,OAAO,EAAE,OAAO,EAAM,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,KAAK,EAAM,OAAO,EAAE,QAAQ,EAAK,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,KAAK,EAAM,OAAO,EAAE,UAAU,EAAG,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,MAAM,EAAK,OAAO,EAAE,SAAS,EAAI,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,OAAO,EAAI,OAAO,EAAE,UAAU,EAAG,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,OAAO,EAAI,OAAO,EAAE,UAAU,EAAG,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,QAAQ,EAAG,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAE;IAC5D,EAAE,EAAE,EAAE,KAAK,EAAM,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,OAAO,EAAE;IACrE,EAAE,EAAE,EAAE,MAAM,EAAK,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,OAAO,EAAE;IACrE,EAAE,EAAE,EAAE,OAAO,EAAI,OAAO,EAAE,UAAU,EAAG,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,MAAM,EAAK,OAAO,EAAE,SAAS,EAAI,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,IAAI,EAAO,OAAO,EAAE,OAAO,EAAM,QAAQ,EAAE,OAAO,EAAE;IAC1D,EAAE,EAAE,EAAE,MAAM,EAAK,OAAO,EAAE,SAAS,EAAI,QAAQ,EAAE,OAAO,EAAE;IAC1D,eAAe;IACf;QACE,EAAE,EAAE,UAAU;QACd,OAAO,EAAE,gIAAgI;QACzI,QAAQ,EAAE,OAAO;KAClB;IACD,yBAAyB;IACzB;QACE,EAAE,EAAE,UAAU;QACd,OAAO,EAAE,+EAA+E;QACxF,QAAQ,EAAE,OAAO;KAClB;IACD,wBAAwB;IACxB;QACE,EAAE,EAAE,UAAU;QACd,OAAO,EAAE,iDAAiD;QAC1D,QAAQ,EAAE,OAAO;KAClB;IACD,kBAAkB;IAClB;QACE,EAAE,EAAE,cAAc;QAClB,OAAO,EAAE,gCAAgC;QACzC,QAAQ,EAAE,OAAO;KAClB;CACF,CAAC;AAEF,SAAS,cAAc,CAAC,CAAkB,EAAE,MAAe;IACzD,IAAI,CAAC,YAAY,MAAM;QAAE,OAAO,CAAC,CAAC;IAClC,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1C,CAAC;AAED,SAAS,SAAS,CAAC,GAAW,EAAE,IAAc;IAC5C,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAChE,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7E,IAAI,IAAI,CAAC,QAAQ,IAAI,cAAc,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAClF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW,EAAE,QAAoB,aAAa;IAC5E,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IACrB,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;IACtC,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,IAAI,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACpB,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC;QAClE,CAAC;IACH,CAAC;IACD,wDAAwD;IACxD,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;AAChC,CAAC"}

package/dist/permissions.js

@@ -1,5 +1,6 @@
 import chalk from 'chalk';
 import { saveConfig } from './config.js';
+import { evaluateCommand } from './execpolicy.js';
 /**
  * Check if a tool call is allowed under the current permission mode.
  * Returns true if allowed, false if denied.
@@ -11,7 +12,28 @@ import { saveConfig } from './config.js';
  * @returns True if the tool call is allowed, false if denied
  */
 export async function checkPermission(tool, input, config, rl) {
-    // yolo mode = everything allowed
+    // ── Execpolicy intent-gate (runs BEFORE other checks) ──
+    // For bash commands, evaluate the static-policy DSL first. This lets
+    // us auto-approve obviously-safe ops (cat, ls, git log) AND block
+    // obviously-dangerous ones (rm -rf system path, shutdown) without
+    // burning a user prompt either way. Only fires for the `bash` tool.
+    if (tool.name === 'bash') {
+        const cmd = String(input.command || '');
+        const policy = evaluateCommand(cmd);
+        if (policy.decision === 'forbidden') {
+            console.log(chalk.red(`\n  ✗ Blocked by execpolicy${policy.ruleId ? ` (${policy.ruleId})` : ''}: ${policy.reason || 'command not permitted'}`));
+            console.log(chalk.dim(`    $ ${cmd.slice(0, 120)}`));
+            return false;
+        }
+        if (policy.decision === 'allow') {
+            // Skip the full permission flow — policy says this is safe
+            return true;
+        }
+        // policy.decision === 'prompt' → fall through to the usual flow
+        // (alwaysAllowedTools check, mode check, ask if needed)
+    }
+    // yolo mode = everything allowed (execpolicy 'forbidden' still wins,
+    // applied above; allow + prompt both pass through yolo)
     if (config.permissionMode === 'yolo')
         return true;
     // Read-only tools always allowed

package/dist/permissions.js.map

@@ -1 +1 @@
-{"version":3,"file":"permissions.js","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,MAAM,OAAO,CAAC;AAG1B,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAU,EACV,KAA8B,EAC9B,MAAuB,EACvB,EAAsB;IAEtB,iCAAiC;IACjC,IAAI,MAAM,CAAC,cAAc,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAElD,iCAAiC;IACjC,IAAI,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAEjC,kEAAkE;IAClE,sEAAsE;IACtE,oEAAoE;IACpE,qEAAqE;IACrE,uEAAuE;IACvE,mCAAmC;IACnC,IAAI,MAAM,CAAC,kBAAkB,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhE,yDAAyD;IACzD,IAAI,MAAM,CAAC,cAAc,KAAK,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IAEzE,qDAAqD;IACrD,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IAE7B,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,CAAC;IACvE,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAEtC,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;QACnB,wEAAwE;QACxE,sEAAsE;QACtE,kEAAkE;QAClE,MAAM,CAAC,kBAAkB,GAAG,MAAM,CAAC,kBAAkB,IAAI,EAAE,CAAC;QAC5D,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,CAAC;QACD,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,sBAAsB,IAAI,CAAC,IAAI,iEAAiE,CAAC,CAAC,CAAC;QACzH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,KAAK,CAAC;AAC9C,CAAC;AAED,SAAS,cAAc,CAAC,IAAU,EAAE,KAA8B;IAChE,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,MAAM;YACT,OAAO,OAAO,KAAK,CAAC,OAAO,EAAE,CAAC;QAChC,KAAK,YAAY;YACf,OAAO,eAAe,KAAK,CAAC,SAAS,KAAK,CAAE,KAAK,CAAC,OAAkB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,SAAS,CAAC;QAC1G,KAAK,WAAW;YACd,OAAO,WAAW,KAAK,CAAC,SAAS,EAAE,CAAC;QACtC;YACE,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;IACtD,CAAC;AACH,CAAC"}
+{"version":3,"file":"permissions.js","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,MAAM,OAAO,CAAC;AAG1B,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAU,EACV,KAA8B,EAC9B,MAAuB,EACvB,EAAsB;IAEtB,0DAA0D;IAC1D,qEAAqE;IACrE,kEAAkE;IAClE,kEAAkE;IAClE,oEAAoE;IACpE,IAAI,IAAI,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,8BAA8B,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,MAAM,IAAI,uBAAuB,EAAE,CAAC,CAAC,CAAC;YAChJ,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YACrD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAChC,2DAA2D;YAC3D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,gEAAgE;QAChE,wDAAwD;IAC1D,CAAC;IAED,qEAAqE;IACrE,wDAAwD;IACxD,IAAI,MAAM,CAAC,cAAc,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IAElD,iCAAiC;IACjC,IAAI,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAEjC,kEAAkE;IAClE,sEAAsE;IACtE,oEAAoE;IACpE,qEAAqE;IACrE,uEAAuE;IACvE,mCAAmC;IACnC,IAAI,MAAM,CAAC,kBAAkB,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhE,yDAAyD;IACzD,IAAI,MAAM,CAAC,cAAc,KAAK,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IAEzE,qDAAqD;IACrD,MAAM,IAAI,GAAG,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IAE7B,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,CAAC;IACvE,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAEtC,IAAI,CAAC,KAAK,QAAQ,EAAE,CAAC;QACnB,wEAAwE;QACxE,sEAAsE;QACtE,kEAAkE;QAClE,MAAM,CAAC,kBAAkB,GAAG,MAAM,CAAC,kBAAkB,IAAI,EAAE,CAAC;QAC5D,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,CAAC;QACD,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,sBAAsB,IAAI,CAAC,IAAI,iEAAiE,CAAC,CAAC,CAAC;QACzH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,KAAK,CAAC;AAC9C,CAAC;AAED,SAAS,cAAc,CAAC,IAAU,EAAE,KAA8B;IAChE,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,MAAM;YACT,OAAO,OAAO,KAAK,CAAC,OAAO,EAAE,CAAC;QAChC,KAAK,YAAY;YACf,OAAO,eAAe,KAAK,CAAC,SAAS,KAAK,CAAE,KAAK,CAAC,OAAkB,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,SAAS,CAAC;QAC1G,KAAK,WAAW;YACd,OAAO,WAAW,KAAK,CAAC,SAAS,EAAE,CAAC;QACtC;YACE,OAAO,KAAK,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;IACtD,CAAC;AACH,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "compact-agent",
-  "version": "1.18.0",
+  "version": "1.19.0",
   "description": "A dense, feature-rich AI coding agent for the terminal. Built-in voice dictation (Whisper) + TTS readout (ElevenLabs) + screen-reader mode for blind / low-vision users. 80+ slash commands, 9 modes including Hermes self-improving loop, multi-agent orchestration, bundled everything-claude-code skills library, learning system, and observable LLM transport. Works with OpenRouter, OpenAI, Anthropic-compatible, Ollama, LM Studio, DeepSeek, or any OpenAI-compatible API.",
   "type": "module",
   "license": "MIT",