defense-mcp-server 0.6.0

package/build/core/backup-manager.d.ts

@@ -0,0 +1,63 @@
+/**
+ * BackupManager — manages file backups with manifest tracking.
+ *
+ * Backups are stored under ~/.kali-defense/backups/ with timestamped filenames.
+ * A manifest.json tracks all backups for listing and restore operations.
+ */
+export interface BackupEntry {
+    id: string;
+    originalPath: string;
+    backupPath: string;
+    timestamp: string;
+    sizeBytes: number;
+}
+export interface BackupManifest {
+    version: 1;
+    backups: BackupEntry[];
+}
+/**
+ * Validate that a backup path is safe:
+ * 1. No `..` traversal sequences
+ * 2. Normalized via path.resolve()
+ * 3. Resolved path is within the backup base directory
+ * 4. Not a symlink (prevent symlink attacks)
+ *
+ * @param filePath The path to validate
+ * @param baseDir The backup base directory that paths must stay within
+ * @throws {Error} If the path fails validation
+ */
+export declare function validateBackupPath(filePath: string, baseDir: string): void;
+export declare class BackupManager {
+    private readonly backupDir;
+    private readonly manifestPath;
+    constructor(backupDir?: string);
+    /** Ensure backup directory exists. */
+    private ensureDir;
+    /** Read manifest from disk with migration from old format. */
+    private readManifest;
+    /** Write manifest to disk. */
+    private writeManifest;
+    /**
+     * Create a backup of a file (synchronous).
+     * @returns The BackupEntry with id and backupPath.
+     */
+    backupSync(filePath: string): BackupEntry;
+    /**
+     * Create a backup of a file.
+     * @returns The backup ID.
+     */
+    backup(filePath: string): Promise<string>;
+    /**
+     * Restore a file from backup by ID.
+     */
+    restore(backupId: string): Promise<void>;
+    /**
+     * List all backup entries.
+     */
+    listBackups(): Promise<BackupEntry[]>;
+    /**
+     * Remove backups older than the specified number of days.
+     */
+    pruneOldBackups(daysOld: number): Promise<void>;
+}
+//# sourceMappingURL=backup-manager.d.ts.map

package/build/core/backup-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"backup-manager.d.ts","sourceRoot":"","sources":["../../src/core/backup-manager.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAkBH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,CAAC,CAAC;IACX,OAAO,EAAE,WAAW,EAAE,CAAC;CACxB;AAUD;;;;;;;;;;GAUG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAmC1E;AAID,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;gBAE1B,SAAS,CAAC,EAAE,MAAM;IAK9B,sCAAsC;IACtC,OAAO,CAAC,SAAS;IAIjB,8DAA8D;IAC9D,OAAO,CAAC,YAAY;IAgBpB,8BAA8B;IAC9B,OAAO,CAAC,aAAa;IAKrB;;;OAGG;IACH,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,WAAW;IAqCzC;;;OAGG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAK/C;;OAEG;IACG,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAqB9C;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IAO3C;;OAEG;IACG,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CA+BtD"}

package/build/core/backup-manager.js

@@ -0,0 +1,189 @@
+/**
+ * BackupManager — manages file backups with manifest tracking.
+ *
+ * Backups are stored under ~/.kali-defense/backups/ with timestamped filenames.
+ * A manifest.json tracks all backups for listing and restore operations.
+ */
+import { existsSync, readFileSync, unlinkSync, statSync, lstatSync, } from "node:fs";
+import { join, basename, dirname, resolve as pathResolve } from "node:path";
+import { secureWriteFileSync, secureMkdirSync, secureCopyFileSync } from "./secure-fs.js";
+import { homedir } from "node:os";
+import { randomUUID } from "node:crypto";
+import { z } from "zod";
+// ── Zod validators ───────────────────────────────────────────────────────────
+const FilePathSchema = z.string().min(1).max(4096);
+const BackupIdSchema = z.string().uuid();
+const DaysOldSchema = z.number().int().min(1).max(3650);
+// ── SECURITY (CORE-015): Path validation helper ──────────────────────────────
+/**
+ * Validate that a backup path is safe:
+ * 1. No `..` traversal sequences
+ * 2. Normalized via path.resolve()
+ * 3. Resolved path is within the backup base directory
+ * 4. Not a symlink (prevent symlink attacks)
+ *
+ * @param filePath The path to validate
+ * @param baseDir The backup base directory that paths must stay within
+ * @throws {Error} If the path fails validation
+ */
+export function validateBackupPath(filePath, baseDir) {
+    // 1. Reject paths containing '..' traversal sequences
+    if (filePath.includes("..")) {
+        throw new Error(`SECURITY: Backup path contains '..' traversal sequence: ${filePath}`);
+    }
+    // 2. Normalize with path.resolve()
+    const resolved = pathResolve(filePath);
+    const resolvedBase = pathResolve(baseDir);
+    // 3. Verify the resolved path is within the backup base directory
+    if (!resolved.startsWith(resolvedBase + "/") && resolved !== resolvedBase) {
+        throw new Error(`SECURITY: Backup path '${resolved}' escapes base directory '${resolvedBase}'`);
+    }
+    // 4. Reject symlinks (if the path exists)
+    if (existsSync(filePath)) {
+        try {
+            const lstats = lstatSync(filePath);
+            if (lstats.isSymbolicLink()) {
+                throw new Error(`SECURITY: Backup path '${filePath}' is a symlink. Refusing to use.`);
+            }
+        }
+        catch (err) {
+            if (err instanceof Error && err.message.startsWith("SECURITY:")) {
+                throw err;
+            }
+            // lstat failure on existing path is suspicious but non-fatal for validation
+        }
+    }
+}
+// ── BackupManager ────────────────────────────────────────────────────────────
+export class BackupManager {
+    backupDir;
+    manifestPath;
+    constructor(backupDir) {
+        this.backupDir = backupDir ?? join(homedir(), ".kali-defense", "backups");
+        this.manifestPath = join(this.backupDir, "manifest.json");
+    }
+    /** Ensure backup directory exists. */
+    ensureDir() {
+        secureMkdirSync(this.backupDir);
+    }
+    /** Read manifest from disk with migration from old format. */
+    readManifest() {
+        try {
+            if (existsSync(this.manifestPath)) {
+                const raw = readFileSync(this.manifestPath, "utf-8");
+                const parsed = JSON.parse(raw);
+                if (parsed && Array.isArray(parsed.backups)) {
+                    // Migrate: ensure version field is present (old format may lack it)
+                    return { version: 1, backups: parsed.backups };
+                }
+            }
+        }
+        catch {
+            // Corrupt or missing manifest — start fresh
+        }
+        return { version: 1, backups: [] };
+    }
+    /** Write manifest to disk. */
+    writeManifest(manifest) {
+        this.ensureDir();
+        secureWriteFileSync(this.manifestPath, JSON.stringify(manifest, null, 2), "utf-8");
+    }
+    /**
+     * Create a backup of a file (synchronous).
+     * @returns The BackupEntry with id and backupPath.
+     */
+    backupSync(filePath) {
+        const validated = FilePathSchema.parse(filePath);
+        this.ensureDir();
+        if (!existsSync(validated)) {
+            throw new Error(`Source file does not exist: ${validated}`);
+        }
+        const id = randomUUID();
+        const now = new Date();
+        const ts = now.toISOString().replace(/[:.]/g, "-");
+        const name = basename(validated);
+        const backupName = `${ts}_${name}`;
+        const backupPath = join(this.backupDir, backupName);
+        // SECURITY (CORE-015): Validate the backup destination path
+        validateBackupPath(backupPath, this.backupDir);
+        secureCopyFileSync(validated, backupPath);
+        const stat = statSync(backupPath);
+        const entry = {
+            id,
+            originalPath: validated,
+            backupPath,
+            timestamp: now.toISOString(),
+            sizeBytes: stat.size,
+        };
+        const manifest = this.readManifest();
+        manifest.backups.push(entry);
+        this.writeManifest(manifest);
+        console.error(`[backup-manager] Backed up ${validated} → ${backupPath} (id: ${id})`);
+        return entry;
+    }
+    /**
+     * Create a backup of a file.
+     * @returns The backup ID.
+     */
+    async backup(filePath) {
+        const entry = this.backupSync(filePath);
+        return entry.id;
+    }
+    /**
+     * Restore a file from backup by ID.
+     */
+    async restore(backupId) {
+        const validated = BackupIdSchema.parse(backupId);
+        const manifest = this.readManifest();
+        const entry = manifest.backups.find((b) => b.id === validated);
+        if (!entry) {
+            throw new Error(`Backup not found: ${validated}`);
+        }
+        if (!existsSync(entry.backupPath)) {
+            throw new Error(`Backup file missing on disk: ${entry.backupPath}`);
+        }
+        // SECURITY (CORE-015): Validate the backup source path before restore
+        validateBackupPath(entry.backupPath, this.backupDir);
+        secureMkdirSync(dirname(entry.originalPath));
+        secureCopyFileSync(entry.backupPath, entry.originalPath);
+        console.error(`[backup-manager] Restored ${entry.backupPath} → ${entry.originalPath}`);
+    }
+    /**
+     * List all backup entries.
+     */
+    async listBackups() {
+        const manifest = this.readManifest();
+        return manifest.backups.sort((a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime());
+    }
+    /**
+     * Remove backups older than the specified number of days.
+     */
+    async pruneOldBackups(daysOld) {
+        const days = DaysOldSchema.parse(daysOld);
+        const cutoff = Date.now() - days * 24 * 60 * 60 * 1000;
+        const manifest = this.readManifest();
+        const keep = [];
+        const remove = [];
+        for (const entry of manifest.backups) {
+            if (new Date(entry.timestamp).getTime() < cutoff) {
+                remove.push(entry);
+            }
+            else {
+                keep.push(entry);
+            }
+        }
+        for (const entry of remove) {
+            try {
+                if (existsSync(entry.backupPath)) {
+                    unlinkSync(entry.backupPath);
+                }
+            }
+            catch (err) {
+                console.error(`[backup-manager] Failed to delete ${entry.backupPath}: ${err instanceof Error ? err.message : String(err)}`);
+            }
+        }
+        manifest.backups = keep;
+        this.writeManifest(manifest);
+        console.error(`[backup-manager] Pruned ${remove.length} backup(s) older than ${days} day(s)`);
+    }
+}

package/build/core/changelog.d.ts

@@ -0,0 +1,75 @@
+/**
+ * A single changelog entry recording a defensive action taken.
+ */
+export interface ChangeEntry {
+    /** Unique identifier (UUID v4) */
+    id: string;
+    /** ISO 8601 timestamp */
+    timestamp: string;
+    /** Tool that performed the action */
+    tool: string;
+    /** Description of the action */
+    action: string;
+    /** Target of the action (file, service, etc.) */
+    target: string;
+    /** State before the change */
+    before?: string;
+    /** State after the change */
+    after?: string;
+    /** Path to backup file if one was created */
+    backupPath?: string;
+    /** Whether this was a dry-run (no actual changes) */
+    dryRun: boolean;
+    /** Whether the action succeeded */
+    success: boolean;
+    /** Error message if the action failed */
+    error?: string;
+    /** Command to undo this change */
+    rollbackCommand?: string;
+    /** OS username who made the change (auto-populated) */
+    user?: string;
+    /** MCP session identifier (if available) */
+    sessionId?: string;
+}
+/**
+ * Versioned changelog state file format.
+ * Old files stored a bare array; new files use this envelope.
+ */
+export interface ChangelogState {
+    version: 1;
+    entries: ChangeEntry[];
+}
+/**
+ * Creates a new ChangeEntry with auto-generated id and timestamp.
+ */
+export declare function createChangeEntry(partial: Omit<ChangeEntry, "id" | "timestamp" | "user">): ChangeEntry;
+/**
+ * Appends a change entry to the changelog JSON file.
+ * Creates the file and parent directories if they don't exist.
+ * Rotates old entries when the file exceeds MAX_CHANGELOG_ENTRIES.
+ * Fails silently (logs to stderr) to avoid disrupting tool execution.
+ */
+export declare function logChange(entry: ChangeEntry): void;
+/**
+ * Reads changelog entries, newest first.
+ * Returns empty array on any error.
+ *
+ * @param limit Maximum number of entries to return (default: all)
+ */
+export declare function getChangelog(limit?: number): ChangeEntry[];
+/**
+ * Creates a backup copy of a file using the unified BackupManager.
+ * The backup is tracked in the manifest at ~/.kali-defense/backups/manifest.json.
+ *
+ * @param filePath Absolute path to the file to back up
+ * @returns Path to the backup file
+ */
+export declare function backupFile(filePath: string): string;
+/**
+ * Restores a file from a backup.
+ *
+ * @param backupPath Path to the backup file
+ * @param originalPath Path to restore the file to
+ */
+export declare function restoreFile(backupPath: string, originalPath: string): void;
+//# sourceMappingURL=changelog.d.ts.map

package/build/core/changelog.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"changelog.d.ts","sourceRoot":"","sources":["../../src/core/changelog.ts"],"names":[],"mappings":"AAQA;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,kCAAkC;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,qCAAqC;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,gCAAgC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,iDAAiD;IACjD,MAAM,EAAE,MAAM,CAAC;IACf,8BAA8B;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,6BAA6B;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,MAAM,EAAE,OAAO,CAAC;IAChB,mCAAmC;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kCAAkC;IAClC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,uDAAuD;IACvD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,CAAC,CAAC;IACX,OAAO,EAAE,WAAW,EAAE,CAAC;CACxB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,GAAG,WAAW,GAAG,MAAM,CAAC,GACtD,WAAW,CAOb;AA2BD;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,WAAW,GAAG,IAAI,CA0BlD;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,WAAW,EAAE,CAmB1D;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAKnD;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,CAU1E"}

package/build/core/changelog.js

@@ -0,0 +1,123 @@
+import { readFileSync } from "node:fs";
+import { dirname } from "node:path";
+import { userInfo } from "node:os";
+import { secureWriteFileSync, secureMkdirSync, secureCopyFileSync } from "./secure-fs.js";
+import { randomUUID } from "node:crypto";
+import { getConfig } from "./config.js";
+import { BackupManager } from "./backup-manager.js";
+/**
+ * Creates a new ChangeEntry with auto-generated id and timestamp.
+ */
+export function createChangeEntry(partial) {
+    return {
+        id: randomUUID(),
+        timestamp: new Date().toISOString(),
+        user: (() => { try {
+            return userInfo().username;
+        }
+        catch {
+            return undefined;
+        } })(),
+        ...partial,
+    };
+}
+/** Maximum number of changelog entries to retain. Older entries beyond this
+ *  limit are discarded during writes to prevent unbounded file growth. */
+const MAX_CHANGELOG_ENTRIES = 10_000;
+/**
+ * Load changelog state from disk, migrating old bare-array format if needed.
+ */
+function loadChangelogState(changelogPath) {
+    try {
+        const raw = readFileSync(changelogPath, "utf-8");
+        const parsed = JSON.parse(raw);
+        // Handle old format (bare array)
+        if (Array.isArray(parsed)) {
+            return { version: 1, entries: parsed };
+        }
+        // Handle versioned format
+        if (parsed && typeof parsed === "object" && Array.isArray(parsed.entries)) {
+            return { version: 1, entries: parsed.entries };
+        }
+    }
+    catch {
+        // File doesn't exist or is invalid - start fresh
+    }
+    return { version: 1, entries: [] };
+}
+/**
+ * Appends a change entry to the changelog JSON file.
+ * Creates the file and parent directories if they don't exist.
+ * Rotates old entries when the file exceeds MAX_CHANGELOG_ENTRIES.
+ * Fails silently (logs to stderr) to avoid disrupting tool execution.
+ */
+export function logChange(entry) {
+    try {
+        const config = getConfig();
+        const changelogPath = config.changelogPath;
+        const dir = dirname(changelogPath);
+        // Ensure directory exists
+        secureMkdirSync(dir);
+        // Read existing entries (with migration)
+        const state = loadChangelogState(changelogPath);
+        // Append new entry
+        state.entries.push(entry);
+        // Rotate: keep only the most recent entries to prevent unbounded growth
+        if (state.entries.length > MAX_CHANGELOG_ENTRIES) {
+            state.entries = state.entries.slice(-MAX_CHANGELOG_ENTRIES);
+        }
+        // Write back in versioned format
+        secureWriteFileSync(changelogPath, JSON.stringify(state, null, 2), "utf-8");
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        console.error(`[changelog] Failed to log change: ${message}`);
+    }
+}
+/**
+ * Reads changelog entries, newest first.
+ * Returns empty array on any error.
+ *
+ * @param limit Maximum number of entries to return (default: all)
+ */
+export function getChangelog(limit) {
+    try {
+        const config = getConfig();
+        const state = loadChangelogState(config.changelogPath);
+        // Sort newest first
+        const sorted = state.entries.sort((a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime());
+        if (limit !== undefined && limit > 0) {
+            return sorted.slice(0, limit);
+        }
+        return sorted;
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * Creates a backup copy of a file using the unified BackupManager.
+ * The backup is tracked in the manifest at ~/.kali-defense/backups/manifest.json.
+ *
+ * @param filePath Absolute path to the file to back up
+ * @returns Path to the backup file
+ */
+export function backupFile(filePath) {
+    const config = getConfig();
+    const manager = new BackupManager(config.backupDir);
+    const entry = manager.backupSync(filePath);
+    return entry.backupPath;
+}
+/**
+ * Restores a file from a backup.
+ *
+ * @param backupPath Path to the backup file
+ * @param originalPath Path to restore the file to
+ */
+export function restoreFile(backupPath, originalPath) {
+    // Ensure target directory exists
+    const targetDir = dirname(originalPath);
+    secureMkdirSync(targetDir);
+    secureCopyFileSync(backupPath, originalPath);
+    console.error(`[changelog] Restored ${backupPath} → ${originalPath}`);
+}

package/build/core/command-allowlist.d.ts

@@ -0,0 +1,129 @@
+/**
+ * Command Allowlist — security control that restricts which binaries the
+ * MCP server may execute.
+ *
+ * Every command passed to `executeCommand()` (and the bypass modules that
+ * use `execFileSync` / `spawn` directly) MUST be present in this allowlist.
+ * Bare command names are resolved to absolute paths at startup, eliminating
+ * PATH-manipulation attacks when running under sudo.
+ *
+ * Design constraints:
+ *   - **No circular dependencies**: only imports from `node:fs` (no executor,
+ *     no sudo-session, no tool-registry).
+ *   - Uses `fs.existsSync` for path resolution — never shells out to `which`.
+ *   - Candidate paths are checked in order; the first match wins.
+ *   - Unresolvable binaries are logged as warnings but don't block startup
+ *     (not every system has every tool installed).
+ *
+ * @module command-allowlist
+ */
+export interface AllowlistEntry {
+    /** Bare binary name, e.g. "iptables" */
+    binary: string;
+    /** Ordered candidate absolute paths on Linux */
+    candidates: string[];
+    /** Filled at startup after resolution; `undefined` if not found on disk */
+    resolvedPath?: string;
+    /** Which distro package should own this binary (for integrity verification) */
+    expectedPackage?: string;
+    /** Inode number recorded at startup for TOCTOU detection (CORE-007) */
+    resolvedInode?: number;
+}
+/** Result of a binary ownership verification check */
+export interface BinaryVerificationResult {
+    binary: string;
+    path: string;
+    verified: boolean;
+    owner?: string;
+    message: string;
+}
+/**
+ * Initialize the allowlist by resolving candidate paths on the current system.
+ *
+ * For each allowlisted binary, checks which candidate paths actually exist
+ * on disk and caches the first match. This should be called once at server
+ * startup, before any tool registration.
+ *
+ * Binaries that cannot be found are logged as warnings but do not prevent
+ * startup — not every system has every tool installed.
+ */
+export declare function initializeAllowlist(): void;
+/**
+ * Resolve a bare command name to its absolute path via the allowlist.
+ *
+ * @param command - Bare binary name (e.g. `"iptables"`)
+ * @returns The absolute path to the binary (e.g. `"/usr/sbin/iptables"`)
+ * @throws {Error} If the command is not in the allowlist or cannot be found
+ */
+export declare function resolveCommand(command: string): string;
+/**
+ * Check whether a bare command name is in the allowlist (without resolving).
+ *
+ * @param command - Bare binary name or absolute path
+ * @returns `true` if the command is allowlisted
+ */
+export declare function isAllowlisted(command: string): boolean;
+/**
+ * Resolve a sudo command and its target binary.
+ *
+ * When `command` is `"sudo"`, this function:
+ * 1. Resolves `sudo` itself to its absolute path
+ * 2. Finds the actual binary in the args array (skipping sudo flags like `-S`, `-p`, `-A`, `-k`, `-n`, `-v`)
+ * 3. Resolves that binary against the allowlist
+ * 4. Returns the resolved sudo path, the index of the target binary in args, and its resolved path
+ *
+ * @param args - The args array passed to sudo
+ * @returns Object with resolved paths and the index of the target command in args
+ * @throws {Error} If sudo or the target command is not allowlisted
+ */
+export declare function resolveSudoCommand(args: string[]): {
+    sudoPath: string;
+    targetIndex: number;
+    targetPath: string;
+};
+/**
+ * Returns the full allowlist for inspection/debugging.
+ * Each entry includes resolution status.
+ */
+export declare function getAllowlistEntries(): ReadonlyArray<Readonly<AllowlistEntry>>;
+/**
+ * Returns whether the allowlist has been initialized.
+ */
+export declare function isInitialized(): boolean;
+/**
+ * Returns whether runtime path verification is currently enabled.
+ */
+export declare function isRuntimePathVerificationEnabled(): boolean;
+/**
+ * Enable or disable runtime path verification.
+ * Useful for testing or performance-sensitive environments.
+ */
+export declare function setRuntimePathVerification(enabled: boolean): void;
+/**
+ * Returns the critical binary package mappings for inspection/testing.
+ */
+export declare function getCriticalBinaryPackages(): Readonly<Record<string, string[]>>;
+/**
+ * Verify that a resolved binary is owned by its expected system package.
+ *
+ * Uses `dpkg -S` on Debian/Ubuntu, `rpm -qf` on RHEL/Fedora,
+ * or `pacman -Qo` on Arch to determine the owning package.
+ *
+ * @param binaryPath - Absolute path to the binary
+ * @param expectedPackage - Optional expected package name; if omitted, only ownership is checked
+ * @returns Verification result with owner info and status
+ */
+export declare function verifyBinaryOwnership(binaryPath: string, expectedPackage?: string): BinaryVerificationResult;
+/**
+ * Verify all resolved critical binaries against their expected packages.
+ *
+ * Runs after `initializeAllowlist()` and logs warnings for any binaries
+ * that can't be verified or are owned by unexpected packages.
+ *
+ * All verifications run in parallel for faster startup.
+ * This is best-effort — it never throws or blocks startup.
+ *
+ * @returns Array of verification results for all critical binaries that were resolved
+ */
+export declare function verifyAllBinaries(): Promise<BinaryVerificationResult[]>;
+//# sourceMappingURL=command-allowlist.d.ts.map

package/build/core/command-allowlist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-allowlist.d.ts","sourceRoot":"","sources":["../../src/core/command-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAeH,MAAM,WAAW,cAAc;IAC7B,wCAAwC;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,gDAAgD;IAChD,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,2EAA2E;IAC3E,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,+EAA+E;IAC/E,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,uEAAuE;IACvE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,sDAAsD;AACtD,MAAM,WAAW,wBAAwB;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB;AA8WD;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,IAAI,IAAI,CAkD1C;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAsDtD;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CActD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB,CA6CA;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,aAAa,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAE7E;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED;;GAEG;AACH,wBAAgB,gCAAgC,IAAI,OAAO,CAE1D;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAEjE;AA8CD;;GAEG;AACH,wBAAgB,yBAAyB,IAAI,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAE9E;AAeD;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,MAAM,EAClB,eAAe,CAAC,EAAE,MAAM,GACvB,wBAAwB,CA6G1B;AAiHD;;;;;;;;;;GAUG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,wBAAwB,EAAE,CAAC,CA6C7E"}