greprag 5.38.0 → 5.40.0

package/dist/fix-trigger.js

@@ -0,0 +1,270 @@
+"use strict";
+/** fix-trigger — repair-trigger condition interpreter (CLI MIRROR).
+ *
+ *  MIRROR of packages/core/src/fix-trigger.ts (the canonical source — the SAME
+ *  module the server validates repair rows with). The CLI ships as a
+ *  zero-dependency `tsc` artifact — greprag-hook cannot import @greprag/core
+ *  at runtime (core carries `pg`) — so, exactly like src/secret-scrubber.ts,
+ *  the pure interpreter is mirrored here. KEEP IN SYNC with core; everything
+ *  below the Grammar marker is byte-identical, and the sync guard in
+ *  tests/test-guard-dispatch.cjs fails the build on drift.
+ *
+ *  docs/mechanic-repairs.md D3/D5/D8; contracts: docs/mechanic-engine-contracts.md.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FIX_TRIGGER_OPS = void 0;
+exports.normalizePathSegments = normalizePathSegments;
+exports.compileSafeRegex = compileSafeRegex;
+exports.evaluateCondition = evaluateCondition;
+exports.validateCondition = validateCondition;
+/** The closed operator set. */
+exports.FIX_TRIGGER_OPS = [
+    'contains', 'not_contains', 'equals', 'regex',
+    'path_under', 'path_equals', 'starts_with', 'gt', 'lt',
+];
+const MAX_DEPTH = 16;
+const MAX_REGEX_LENGTH = 200;
+const ALLOWED_REGEX_FLAGS = /^[imsu]*$/;
+/** Heuristic linear-time guard: reject a quantified group that itself contains
+ *  a quantifier — the (a+)+ / (a*){2,} catastrophic-backtracking shape. Coarse
+ *  (rejects some safe patterns) but never admits the known-bad shape. */
+const NESTED_QUANTIFIER = /\((?:[^()\\]|\\.)*(?:[*+]|\{\d+(?:,\d*)?\})(?:[^()\\]|\\.)*\)\s*(?:[*+?]|\{\d+(?:,\d*)?\})/;
+// ---------- Helpers ----------------------------------------------------------
+/** Dot-path lookup into tool_input. Absent anywhere → undefined. */
+function lookupField(input, field) {
+    let cur = input;
+    for (const seg of field.split('.')) {
+        if (cur === null || typeof cur !== 'object')
+            return undefined;
+        cur = cur[seg];
+    }
+    return cur;
+}
+function asString(v) {
+    if (typeof v === 'string')
+        return v;
+    if (typeof v === 'number' || typeof v === 'boolean')
+        return String(v);
+    return null;
+}
+/** Normalize a path to lowercase forward-slash segments with '.'/'..' resolved
+ *  (no fs access — pure string work). Drive letters keep their colon segment. */
+function normalizePathSegments(p) {
+    const raw = p.replace(/\\/g, '/').toLowerCase().split('/');
+    const out = [];
+    for (const seg of raw) {
+        if (seg === '' || seg === '.')
+            continue;
+        if (seg === '..') {
+            out.pop();
+            continue;
+        }
+        out.push(seg);
+    }
+    return out;
+}
+function isAbsoluteLike(p) {
+    return /^([a-zA-Z]:[\\/]|[\\/])/.test(p);
+}
+/** path_under: absolute value → normalized segment-prefix test; relative value
+ *  → its segments appear contiguously anywhere in the path ("under any
+ *  node_modules dir"). Normalization happens on both sides — no `../` escape. */
+function pathUnder(pathValue, underValue) {
+    const pathSegs = normalizePathSegments(pathValue);
+    const underSegs = normalizePathSegments(underValue);
+    if (underSegs.length === 0)
+        return false;
+    if (isAbsoluteLike(underValue)) {
+        if (underSegs.length > pathSegs.length)
+            return false;
+        return underSegs.every((s, i) => pathSegs[i] === s);
+    }
+    outer: for (let i = 0; i + underSegs.length <= pathSegs.length; i++) {
+        for (let j = 0; j < underSegs.length; j++) {
+            if (pathSegs[i + j] !== underSegs[j])
+                continue outer;
+        }
+        return true;
+    }
+    return false;
+}
+/** Compile a regex under the safety rails; null when rejected. */
+function compileSafeRegex(pattern, flags, log) {
+    if (pattern.length > MAX_REGEX_LENGTH) {
+        log?.('fix-trigger: regex rejected (length cap)', { length: pattern.length });
+        return null;
+    }
+    const f = flags ?? '';
+    if (!ALLOWED_REGEX_FLAGS.test(f)) {
+        log?.('fix-trigger: regex rejected (flags)', { flags: f });
+        return null;
+    }
+    if (NESTED_QUANTIFIER.test(pattern)) {
+        log?.('fix-trigger: regex rejected (nested quantifier)', { pattern });
+        return null;
+    }
+    try {
+        return new RegExp(pattern, f);
+    }
+    catch {
+        log?.('fix-trigger: regex rejected (syntax)', { pattern });
+        return null;
+    }
+}
+// ---------- Evaluation -------------------------------------------------------
+function evalClause(clause, input, log) {
+    const raw = lookupField(input, clause.field);
+    if (raw === undefined || raw === null)
+        return false; // absent field = false
+    switch (clause.op) {
+        case 'contains': {
+            const s = asString(raw);
+            const v = asString(clause.value);
+            return s !== null && v !== null && s.includes(v);
+        }
+        case 'not_contains': {
+            const s = asString(raw);
+            const v = asString(clause.value);
+            return s !== null && v !== null && !s.includes(v);
+        }
+        case 'equals': {
+            const s = asString(raw);
+            const v = asString(clause.value);
+            return s !== null && v !== null && s === v;
+        }
+        case 'starts_with': {
+            const s = asString(raw);
+            const v = asString(clause.value);
+            return s !== null && v !== null && s.startsWith(v);
+        }
+        case 'regex': {
+            const s = asString(raw);
+            const v = asString(clause.value);
+            if (s === null || v === null)
+                return false;
+            const re = compileSafeRegex(v, clause.flags, log);
+            return re !== null && re.test(s);
+        }
+        case 'path_under': {
+            const s = asString(raw);
+            const v = asString(clause.value);
+            return s !== null && v !== null && pathUnder(s, v);
+        }
+        case 'path_equals': {
+            const s = asString(raw);
+            const v = asString(clause.value);
+            if (s === null || v === null)
+                return false;
+            return normalizePathSegments(s).join('/') === normalizePathSegments(v).join('/');
+        }
+        case 'gt':
+        case 'lt': {
+            const n = typeof raw === 'number' ? raw : Number(asString(raw));
+            const v = typeof clause.value === 'number' ? clause.value : Number(asString(clause.value));
+            if (!Number.isFinite(n) || !Number.isFinite(v))
+                return false;
+            return clause.op === 'gt' ? n > v : n < v;
+        }
+        default:
+            log?.('fix-trigger: unknown operator (clause = false)', { op: clause.op });
+            return false;
+    }
+}
+/** Tri-state inner walk: `invalid` means "malformed/over-deep — never fire".
+ *  Invalid must NOT be inverted by `not` (a broken subtree can't become a
+ *  reason to fire), so it propagates as invalid through every combinator. */
+function evalNode(condition, toolInput, log, depth) {
+    if (condition === true)
+        return true;
+    if (depth > MAX_DEPTH) {
+        log?.('fix-trigger: condition too deep (= false)', { depth });
+        return 'invalid';
+    }
+    if (condition === null || typeof condition !== 'object' || Array.isArray(condition)) {
+        log?.('fix-trigger: malformed condition (= false)');
+        return 'invalid';
+    }
+    const c = condition;
+    if (Array.isArray(c.all)) {
+        if (c.all.length === 0)
+            return false;
+        let result = true;
+        for (const sub of c.all) {
+            const r = evalNode(sub, toolInput, log, depth + 1);
+            if (r === 'invalid')
+                return 'invalid';
+            result = result && r;
+        }
+        return result;
+    }
+    if (Array.isArray(c.any)) {
+        let sawInvalid = false;
+        for (const sub of c.any) {
+            const r = evalNode(sub, toolInput, log, depth + 1);
+            if (r === 'invalid') {
+                sawInvalid = true;
+                continue;
+            }
+            if (r)
+                return true;
+        }
+        return sawInvalid ? 'invalid' : false;
+    }
+    if ('not' in c) {
+        const r = evalNode(c.not, toolInput, log, depth + 1);
+        return r === 'invalid' ? 'invalid' : !r;
+    }
+    if (typeof c.field === 'string' && typeof c.op === 'string') {
+        return evalClause(c, toolInput, log);
+    }
+    log?.('fix-trigger: unrecognized condition shape (= false)');
+    return 'invalid';
+}
+/** Evaluate a condition against one event's tool_input. Pure, never throws:
+ *  every malformed shape evaluates false (and logs via the optional logger). */
+function evaluateCondition(condition, toolInput, log, depth = 0) {
+    return evalNode(condition, toolInput, log, depth) === true;
+}
+/** Authoring-time validation: is this a well-formed condition the interpreter
+ *  will honor? Returns the list of problems (empty = valid). Used server-side
+ *  before a repair row is stored, so a row can't be born unevaluable. */
+function validateCondition(condition, depth = 0) {
+    if (condition === true)
+        return [];
+    if (depth > MAX_DEPTH)
+        return [`condition nesting exceeds ${MAX_DEPTH}`];
+    if (condition === null || typeof condition !== 'object' || Array.isArray(condition)) {
+        return ['condition must be true, a field clause, or all/any/not'];
+    }
+    const c = condition;
+    if (Array.isArray(c.all)) {
+        if (c.all.length === 0)
+            return ['all: must be non-empty'];
+        return c.all.flatMap(sub => validateCondition(sub, depth + 1));
+    }
+    if (Array.isArray(c.any)) {
+        if (c.any.length === 0)
+            return ['any: must be non-empty'];
+        return c.any.flatMap(sub => validateCondition(sub, depth + 1));
+    }
+    if ('not' in c)
+        return validateCondition(c.not, depth + 1);
+    if (typeof c.field !== 'string' || c.field.length === 0)
+        return ['clause missing field'];
+    if (typeof c.op !== 'string')
+        return ['clause missing op'];
+    if (!exports.FIX_TRIGGER_OPS.includes(c.op)) {
+        return [`unknown op '${c.op}'`];
+    }
+    if (c.op === 'regex') {
+        const v = typeof c.value === 'string' ? c.value : '';
+        if (compileSafeRegex(v, typeof c.flags === 'string' ? c.flags : undefined) === null) {
+            return [`regex rejected: '${v}'`];
+        }
+    }
+    else if (c.value === undefined) {
+        return [`op '${c.op}' requires a value`];
+    }
+    return [];
+}
+//# sourceMappingURL=fix-trigger.js.map

package/dist/fix-trigger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fix-trigger.js","sourceRoot":"","sources":["../src/fix-trigger.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AA0DH,sDASC;AA2BD,4CAwBC;AA2GD,8CAOC;AAKD,8CA8BC;AAtPD,+BAA+B;AAClB,QAAA,eAAe,GAAG;IAC7B,UAAU,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO;IAC7C,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,IAAI,EAAE,IAAI;CAC9C,CAAC;AAEX,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,MAAM,mBAAmB,GAAG,WAAW,CAAC;AAExC;;yEAEyE;AACzE,MAAM,iBAAiB,GAAG,4FAA4F,CAAC;AAIvH,gFAAgF;AAEhF,oEAAoE;AACpE,SAAS,WAAW,CAAC,KAA8B,EAAE,KAAa;IAChE,IAAI,GAAG,GAAY,KAAK,CAAC;IACzB,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QAC9D,GAAG,GAAI,GAA+B,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,QAAQ,CAAC,CAAU;IAC1B,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC;IACpC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;IACtE,OAAO,IAAI,CAAC;AACd,CAAC;AAED;iFACiF;AACjF,SAAgB,qBAAqB,CAAC,CAAS;IAC7C,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,KAAK,MAAM,GAAG,IAAI,GAAG,EAAE,CAAC;QACtB,IAAI,GAAG,KAAK,EAAE,IAAI,GAAG,KAAK,GAAG;YAAE,SAAS;QACxC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YAAC,SAAS;QAAC,CAAC;QAC1C,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAChB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,cAAc,CAAC,CAAS;IAC/B,OAAO,yBAAyB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED;;iFAEiF;AACjF,SAAS,SAAS,CAAC,SAAiB,EAAE,UAAkB;IACtD,MAAM,QAAQ,GAAG,qBAAqB,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;IACpD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACzC,IAAI,cAAc,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,IAAI,SAAS,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACrD,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;IACtD,CAAC;IACD,KAAK,EAAE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC;gBAAE,SAAS,KAAK,CAAC;QACvD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,kEAAkE;AAClE,SAAgB,gBAAgB,CAC9B,OAAe,EACf,KAAyB,EACzB,GAAmB;IAEnB,IAAI,OAAO,CAAC,MAAM,GAAG,gBAAgB,EAAE,CAAC;QACtC,GAAG,EAAE,CAAC,0CAA0C,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9E,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,CAAC,GAAG,KAAK,IAAI,EAAE,CAAC;IACtB,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACjC,GAAG,EAAE,CAAC,qCAAqC,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACpC,GAAG,EAAE,CAAC,iDAAiD,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,OAAO,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,EAAE,CAAC,sCAAsC,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,gFAAgF;AAEhF,SAAS,UAAU,CACjB,MAAsB,EACtB,KAA8B,EAC9B,GAAmB;IAEnB,MAAM,GAAG,GAAG,WAAW,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7C,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC,CAAC,uBAAuB;IAE5E,QAAQ,MAAM,CAAC,EAAE,EAAE,CAAC;QAClB,KAAK,UAAU,CAAC,CAAC,CAAC;YAChB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;YAAC,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1D,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC;QACD,KAAK,cAAc,CAAC,CAAC,CAAC;YACpB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;YAAC,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1D,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;YAAC,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1D,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7C,CAAC;QACD,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;YAAC,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1D,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QACrD,CAAC;QACD,KAAK,OAAO,CAAC,CAAC,CAAC;YACb,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;YAAC,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1D,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,GAAG,gBAAgB,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAClD,OAAO,EAAE,KAAK,IAAI,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC;QACD,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;YAAC,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1D,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACrD,CAAC;QACD,KAAK,aAAa,CAAC,CAAC,CAAC;YACnB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;YAAC,MAAM,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC1D,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI;gBAAE,OAAO,KAAK,CAAC;YAC3C,OAAO,qBAAqB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,qBAAqB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACnF,CAAC;QACD,KAAK,IAAI,CAAC;QAAC,KAAK,IAAI,CAAC,CAAC,CAAC;YACrB,MAAM,CAAC,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;YAChE,MAAM,CAAC,GAAG,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3F,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC7D,OAAO,MAAM,CAAC,EAAE,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC5C,CAAC;QACD;YACE,GAAG,EAAE,CAAC,gDAAgD,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;IACjB,CAAC;AACH,CAAC;AAED;;6EAE6E;AAC7E,SAAS,QAAQ,CACf,SAAkB,EAClB,SAAkC,EAClC,GAA8B,EAC9B,KAAa;IAEb,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,KAAK,GAAG,SAAS,EAAE,CAAC;QACtB,GAAG,EAAE,CAAC,2CAA2C,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,SAAS,KAAK,IAAI,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACpF,GAAG,EAAE,CAAC,4CAA4C,CAAC,CAAC;QACpD,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,CAAC,GAAG,SAAoC,CAAC;IAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QACrC,IAAI,MAAM,GAAG,IAAI,CAAC;QAClB,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;YACxB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YACnD,IAAI,CAAC,KAAK,SAAS;gBAAE,OAAO,SAAS,CAAC;YACtC,MAAM,GAAG,MAAM,IAAI,CAAC,CAAC;QACvB,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,IAAI,UAAU,GAAG,KAAK,CAAC;QACvB,KAAK,MAAM,GAAG,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;YACxB,MAAM,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YACnD,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBAAC,UAAU,GAAG,IAAI,CAAC;gBAAC,SAAS;YAAC,CAAC;YACrD,IAAI,CAAC;gBAAE,OAAO,IAAI,CAAC;QACrB,CAAC;QACD,OAAO,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC;IACxC,CAAC;IACD,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;QACf,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;QACrD,OAAO,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,OAAO,CAAC,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO,UAAU,CAAC,CAA8B,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IACpE,CAAC;IACD,GAAG,EAAE,CAAC,qDAAqD,CAAC,CAAC;IAC7D,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;gFACgF;AAChF,SAAgB,iBAAiB,CAC/B,SAAkB,EAClB,SAAkC,EAClC,GAAmB,EACnB,KAAK,GAAG,CAAC;IAET,OAAO,QAAQ,CAAC,SAAS,EAAE,SAAS,EAAE,GAAG,EAAE,KAAK,CAAC,KAAK,IAAI,CAAC;AAC7D,CAAC;AAED;;yEAEyE;AACzE,SAAgB,iBAAiB,CAAC,SAAkB,EAAE,KAAK,GAAG,CAAC;IAC7D,IAAI,SAAS,KAAK,IAAI;QAAE,OAAO,EAAE,CAAC;IAClC,IAAI,KAAK,GAAG,SAAS;QAAE,OAAO,CAAC,6BAA6B,SAAS,EAAE,CAAC,CAAC;IACzE,IAAI,SAAS,KAAK,IAAI,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACpF,OAAO,CAAC,wDAAwD,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,CAAC,GAAG,SAAoC,CAAC;IAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,CAAC,wBAAwB,CAAC,CAAC;QAC1D,OAAO,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,CAAC,wBAAwB,CAAC,CAAC;QAC1D,OAAO,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,iBAAiB,CAAC,GAAG,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,IAAI,KAAK,IAAI,CAAC;QAAE,OAAO,iBAAiB,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;IAC3D,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACzF,IAAI,OAAO,CAAC,CAAC,EAAE,KAAK,QAAQ;QAAE,OAAO,CAAC,mBAAmB,CAAC,CAAC;IAC3D,IAAI,CAAE,uBAAqC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QAC3D,OAAO,CAAC,eAAe,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAClC,CAAC;IACD,IAAI,CAAC,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,IAAI,gBAAgB,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,IAAI,EAAE,CAAC;YACpF,OAAO,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;SAAM,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QACjC,OAAO,CAAC,OAAO,CAAC,CAAC,EAAE,oBAAoB,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/guard.d.ts

@@ -0,0 +1,92 @@
+/** guard — the PreToolUse repair dispatcher (Chip B, docs/mechanic-repairs.md
+ *  D1/D2/D5/D8; contracts: docs/mechanic-engine-contracts.md).
+ *
+ *  The ad-blocker model (D5): rules live server-side; each session pulls its
+ *  matchset at SessionStart into a local cache; every PreToolUse check runs
+ *  locally in microseconds; fire tallies sync back async via a detached child
+ *  process and NEVER block the tool call. Total guard posture: local-only on
+ *  the critical path, any error → fail-open (emit nothing, exit 0).
+ *
+ *  Latch journal placement (documented per contract): latches live INSIDE the
+ *  matchset cache file under the `latchState` key — one file to read on the
+ *  hot path, and a refetch preserves it (fetchAndCacheMatchset merges the old
+ *  latchState into the fresh server body).
+ *
+ *  Cadence `cooldown:N` is interpreted as N MINUTES since lastFired (the local
+ *  journal stores timestamps, not turn counters; the server-side row keeps the
+ *  authoritative turn-based view).
+ */
+export declare function killSwitchPath(): string;
+export declare function matchsetCachePath(projectId: string): string;
+export declare function tallySpoolPath(projectId: string): string;
+interface RepairTrigger {
+    event?: string;
+    matcher?: string;
+    condition?: unknown;
+    action?: string;
+    mode?: string;
+}
+interface RepairObj {
+    verb?: string;
+    status?: string;
+    trigger?: RepairTrigger;
+    cadence?: string;
+    resetScope?: string;
+    failMode?: string;
+}
+export interface MatchsetRepair {
+    id: string;
+    nodeId: string;
+    text: string;
+    scope?: string;
+    trust?: string;
+    repair: RepairObj;
+}
+export interface MatchsetCacheFile {
+    triggersVersion: string;
+    repairs: MatchsetRepair[];
+    /** When the cache was last written from the server. */
+    fetchedAt?: string;
+    /** Local latch journal: nodeId → latch key (sessionId or "project") → ISO. */
+    latchState?: Record<string, Record<string, string>>;
+}
+export interface GuardInput {
+    hook_event_name?: string;
+    tool_name?: string;
+    tool_input?: Record<string, unknown>;
+    session_id?: string;
+    cwd?: string;
+}
+export interface GuardOutput {
+    hookSpecificOutput: {
+        hookEventName: string;
+        additionalContext?: string;
+        permissionDecision?: string;
+        permissionDecisionReason?: string;
+    };
+}
+/** D8 transform denylist (sensitive fields) — kept for the local refusal leg.
+ *  v1 refuses ALL transforms locally regardless; the list documents the rail
+ *  the server enforces at authoring time. */
+export declare const TRANSFORM_SENSITIVE_FIELDS: string[];
+/** D8 injection envelope — repair text always lands wrapped as a standing note
+ *  (data, not a user instruction). */
+export declare function wrapStandingNote(text: string): string;
+export declare function readMatchsetCache(projectId: string): MatchsetCacheFile | null;
+/** Run the dispatcher over one PreToolUse event. Pure given the cache contents
+ *  read from disk; mutates only local state files (cache latchState + spool).
+ *  Returns the hook output to emit, or null for silence. NO network — tallies
+ *  flush via a detached child (spawnTallyFlush). */
+export declare function runGuard(input: GuardInput, projectId: string): GuardOutput | null;
+/** Flush every tally spool in the state dir to the server. Runs in the
+ *  detached child (guard-flush) — hard 5s timeout per POST; failure keeps the
+ *  spool for the next flush. */
+export declare function flushTallySpools(apiUrl: string, apiKey: string): Promise<void>;
+/** GET the matchset and write the cache, preserving the local latch journal.
+ *  Hard 3s timeout; any failure leaves the existing cache untouched. */
+export declare function fetchAndCacheMatchset(apiUrl: string, apiKey: string, projectId: string): Promise<string | null>;
+/** UserPromptSubmit freshness leg: when the cache is stale (>2 min since last
+ *  server contact), spawn a detached `guard-refresh` child that re-fetches and
+ *  rewrites the cache iff triggersVersion changed. Never blocks the turn. */
+export declare function maybeSpawnGuardRefresh(cwd: string, projectId: string): void;
+export {};