localant 1.0.0

package/packages/shared/dist/net.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"net.js","sourceRoot":"","sources":["../src/net.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,UAAU,CAAC;AAE3B,iEAAiE;AACjE,SAAS,UAAU,CAAC,IAAY,EAAE,IAAY;IAC5C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE;YAC5B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,SAAiB,EACjB,IAAI,GAAG,WAAW,EAClB,OAAiB,EAAE,EACnB,QAAQ,GAAG,EAAE;IAEb,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,SAAS,GAAG,CAAC,CAAC;QAC3B,IAAI,IAAI,GAAG,KAAK;YAAE,MAAM;QACxB,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;YAAE,SAAS;QAC9B,IAAI,MAAM,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;IAChD,CAAC;IACD,MAAM,IAAI,KAAK,CACb,2BAA2B,SAAS,OAAO,IAAI,WAAW,QAAQ,KAAK;QACrE,iDAAiD,CACpD,CAAC;AACJ,CAAC"}

package/packages/shared/dist/paths.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Resolve the per-OS configuration directory.
+ * - macOS:   ~/Library/Application Support/LocalAnt
+ * - Windows: %APPDATA%/LocalAnt
+ * - Linux:   $XDG_CONFIG_HOME/LocalAnt or ~/.config/LocalAnt
+ */
+export declare function configDir(): string;
+export interface AppPaths {
+    root: string;
+    configFile: string;
+    tokenFile: string;
+    auditLog: string;
+    approvalsFile: string;
+    secretsFile: string;
+    pidFile: string;
+    runtimeFile: string;
+    skillsDir: string;
+    backupsDir: string;
+    workspaceDir: string;
+    logsDir: string;
+}
+export declare function appPaths(base?: string): AppPaths;
+export declare function defaultAllowedDirectories(): string[];
+/**
+ * Paths that must never be readable or writable regardless of allowlist.
+ * Matched as path prefixes after normalization.
+ */
+export declare function sensitiveBlocklist(): string[];
+export declare const APP_DISPLAY_NAME = "LocalAnt";
+//# sourceMappingURL=paths.d.ts.map

package/packages/shared/dist/paths.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.d.ts","sourceRoot":"","sources":["../src/paths.ts"],"names":[],"mappings":"AAKA;;;;;GAKG;AACH,wBAAgB,SAAS,IAAI,MAAM,CAYlC;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,QAAQ,CAAC,IAAI,SAAc,GAAG,QAAQ,CAerD;AAED,wBAAgB,yBAAyB,IAAI,MAAM,EAAE,CAOpD;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,EAAE,CAiB7C;AAED,eAAO,MAAM,gBAAgB,aAAW,CAAC"}

package/packages/shared/dist/paths.js

@@ -0,0 +1,70 @@
+import os from "node:os";
+import path from "node:path";
+const APP_NAME = "LocalAnt";
+/**
+ * Resolve the per-OS configuration directory.
+ * - macOS:   ~/Library/Application Support/LocalAnt
+ * - Windows: %APPDATA%/LocalAnt
+ * - Linux:   $XDG_CONFIG_HOME/LocalAnt or ~/.config/LocalAnt
+ */
+export function configDir() {
+    const home = os.homedir();
+    switch (process.platform) {
+        case "darwin":
+            return path.join(home, "Library", "Application Support", APP_NAME);
+        case "win32":
+            return path.join(process.env.APPDATA ?? path.join(home, "AppData", "Roaming"), APP_NAME);
+        default: {
+            const xdg = process.env.XDG_CONFIG_HOME;
+            return path.join(xdg && xdg.trim() ? xdg : path.join(home, ".config"), APP_NAME);
+        }
+    }
+}
+export function appPaths(base = configDir()) {
+    return {
+        root: base,
+        configFile: path.join(base, "config.json"),
+        tokenFile: path.join(base, "token"),
+        auditLog: path.join(base, "audit", "audit.jsonl"),
+        approvalsFile: path.join(base, "approvals.json"),
+        secretsFile: path.join(base, "secrets.json"),
+        pidFile: path.join(base, "gateway.pid"),
+        runtimeFile: path.join(base, "runtime.json"),
+        skillsDir: path.join(base, "skills"),
+        backupsDir: path.join(base, "backups"),
+        workspaceDir: path.join(base, "workspace"),
+        logsDir: path.join(base, "logs"),
+    };
+}
+export function defaultAllowedDirectories() {
+    const home = os.homedir();
+    return [
+        path.join(home, "Projects"),
+        path.join(home, "Developer"),
+        path.join(home, "Documents", APP_NAME),
+    ];
+}
+/**
+ * Paths that must never be readable or writable regardless of allowlist.
+ * Matched as path prefixes after normalization.
+ */
+export function sensitiveBlocklist() {
+    const home = os.homedir();
+    const common = [
+        path.join(home, ".ssh"),
+        path.join(home, ".gnupg"),
+        path.join(home, ".aws"),
+        path.join(home, ".config", "gcloud"),
+        path.join(home, ".npmrc"),
+        path.join(home, ".netrc"),
+    ];
+    if (process.platform === "darwin") {
+        return [...common, path.join(home, "Library", "Keychains"), "/private", "/etc", "/var", "/System"];
+    }
+    if (process.platform === "win32") {
+        return [...common, "C:\\Windows", "C:\\Program Files", "C:\\Program Files (x86)"];
+    }
+    return [...common, "/etc", "/var", "/sys", "/proc", "/boot"];
+}
+export const APP_DISPLAY_NAME = APP_NAME;
+//# sourceMappingURL=paths.js.map

package/packages/shared/dist/paths.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.js","sourceRoot":"","sources":["../src/paths.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,MAAM,QAAQ,GAAG,UAAU,CAAC;AAE5B;;;;;GAKG;AACH,MAAM,UAAU,SAAS;IACvB,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1B,QAAQ,OAAO,CAAC,QAAQ,EAAE,CAAC;QACzB,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,qBAAqB,EAAE,QAAQ,CAAC,CAAC;QACrE,KAAK,OAAO;YACV,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC3F,OAAO,CAAC,CAAC,CAAC;YACR,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;YACxC,OAAO,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE,QAAQ,CAAC,CAAC;QACnF,CAAC;IACH,CAAC;AACH,CAAC;AAiBD,MAAM,UAAU,QAAQ,CAAC,IAAI,GAAG,SAAS,EAAE;IACzC,OAAO;QACL,IAAI,EAAE,IAAI;QACV,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC;QAC1C,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC;QACnC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,aAAa,CAAC;QACjD,aAAa,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,gBAAgB,CAAC;QAChD,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC;QAC5C,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC;QACvC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC;QAC5C,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC;QACpC,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC;QACtC,YAAY,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC;QAC1C,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC;KACjC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,yBAAyB;IACvC,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1B,OAAO;QACL,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC;QAC3B,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC;QAC5B,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,EAAE,QAAQ,CAAC;KACvC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB;IAChC,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1B,MAAM,MAAM,GAAG;QACb,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC;QACpC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC;KAC1B,CAAC;IACF,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAClC,OAAO,CAAC,GAAG,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,WAAW,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IACrG,CAAC;IACD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,MAAM,EAAE,aAAa,EAAE,mBAAmB,EAAE,yBAAyB,CAAC,CAAC;IACpF,CAAC;IACD,OAAO,CAAC,GAAG,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,QAAQ,CAAC"}

package/packages/shared/dist/redaction.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Secret redaction utilities. Secrets must never appear in tool responses
+ * or in the audit log. We redact both known secret values and high-entropy
+ * token-shaped strings.
+ */
+/**
+ * Redact known secret values (exact substrings) plus token-shaped strings.
+ * @param knownSecrets explicit secret values to scrub (e.g. vault contents).
+ */
+export declare function redact(input: string, knownSecrets?: string[]): string;
+/** Recursively redact strings inside an arbitrary JSON-like value. */
+export declare function redactDeep<T>(value: T, knownSecrets?: string[]): T;
+/** Truncate a string to a max length, appending a marker when cut. */
+export declare function truncate(input: string, max: number): string;
+//# sourceMappingURL=redaction.d.ts.map

package/packages/shared/dist/redaction.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redaction.d.ts","sourceRoot":"","sources":["../src/redaction.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAgBH;;;GAGG;AACH,wBAAgB,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,GAAE,MAAM,EAAO,GAAG,MAAM,CAWzE;AAED,sEAAsE;AACtE,wBAAgB,UAAU,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,YAAY,GAAE,MAAM,EAAO,GAAG,CAAC,CAetE;AAED,sEAAsE;AACtE,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAI3D"}

package/packages/shared/dist/redaction.js

@@ -0,0 +1,58 @@
+/**
+ * Secret redaction utilities. Secrets must never appear in tool responses
+ * or in the audit log. We redact both known secret values and high-entropy
+ * token-shaped strings.
+ */
+const TOKEN_PATTERNS = [
+    // Common API key / token shapes
+    /\b(sk|pk|rk)-[A-Za-z0-9_-]{16,}\b/g,
+    /\bghp_[A-Za-z0-9]{20,}\b/g,
+    /\bgithub_pat_[A-Za-z0-9_]{20,}\b/g,
+    /\bxox[baprs]-[A-Za-z0-9-]{10,}\b/g,
+    /\bAKIA[0-9A-Z]{16}\b/g,
+    /\bey[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\b/g, // JWT
+    // Authorization headers
+    /(Authorization:\s*Bearer\s+)[A-Za-z0-9._-]+/gi,
+];
+const REDACTED = "«redacted»";
+/**
+ * Redact known secret values (exact substrings) plus token-shaped strings.
+ * @param knownSecrets explicit secret values to scrub (e.g. vault contents).
+ */
+export function redact(input, knownSecrets = []) {
+    let out = input;
+    for (const secret of knownSecrets) {
+        if (secret && secret.length >= 4) {
+            out = out.split(secret).join(REDACTED);
+        }
+    }
+    for (const pattern of TOKEN_PATTERNS) {
+        out = out.replace(pattern, (m, p1) => (p1 ? `${p1}${REDACTED}` : REDACTED));
+    }
+    return out;
+}
+/** Recursively redact strings inside an arbitrary JSON-like value. */
+export function redactDeep(value, knownSecrets = []) {
+    if (typeof value === "string") {
+        return redact(value, knownSecrets);
+    }
+    if (Array.isArray(value)) {
+        return value.map((v) => redactDeep(v, knownSecrets));
+    }
+    if (value && typeof value === "object") {
+        const out = {};
+        for (const [k, v] of Object.entries(value)) {
+            out[k] = redactDeep(v, knownSecrets);
+        }
+        return out;
+    }
+    return value;
+}
+/** Truncate a string to a max length, appending a marker when cut. */
+export function truncate(input, max) {
+    if (input.length <= max)
+        return input;
+    const omitted = input.length - max;
+    return `${input.slice(0, max)}\n… [truncated ${omitted} chars]`;
+}
+//# sourceMappingURL=redaction.js.map

package/packages/shared/dist/redaction.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redaction.js","sourceRoot":"","sources":["../src/redaction.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,cAAc,GAAa;IAC/B,gCAAgC;IAChC,oCAAoC;IACpC,2BAA2B;IAC3B,mCAAmC;IACnC,mCAAmC;IACnC,uBAAuB;IACvB,mEAAmE,EAAE,MAAM;IAC3E,wBAAwB;IACxB,+CAA+C;CAChD,CAAC;AAEF,MAAM,QAAQ,GAAG,YAAY,CAAC;AAE9B;;;GAGG;AACH,MAAM,UAAU,MAAM,CAAC,KAAa,EAAE,eAAyB,EAAE;IAC/D,IAAI,GAAG,GAAG,KAAK,CAAC;IAChB,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;QAClC,IAAI,MAAM,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACjC,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IACD,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAW,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IACvF,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,UAAU,CAAI,KAAQ,EAAE,eAAyB,EAAE;IACjE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,MAAM,CAAC,KAAK,EAAE,YAAY,CAAiB,CAAC;IACrD,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,YAAY,CAAC,CAAiB,CAAC;IACvE,CAAC;IACD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,GAAG,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,GAAmB,CAAC;IAC7B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,sEAAsE;AACtE,MAAM,UAAU,QAAQ,CAAC,KAAa,EAAE,GAAW;IACjD,IAAI,KAAK,CAAC,MAAM,IAAI,GAAG;QAAE,OAAO,KAAK,CAAC;IACtC,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC;IACnC,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,kBAAkB,OAAO,SAAS,CAAC;AAClE,CAAC"}

package/packages/shared/dist/risk.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Risk levels assigned to every tool. Higher = more dangerous.
+ *
+ *  0: read only
+ *  1: safe write draft (no existing data destroyed)
+ *  2: file modification
+ *  3: shell / agent / network write
+ *  4: destructive / publish / deploy / external irreversible action
+ */
+export type RiskLevel = 0 | 1 | 2 | 3 | 4;
+export declare const RISK_LABELS: Record<RiskLevel, string>;
+export type ApprovalRequirement = "none" | "single" | "double";
+export interface RiskPolicy {
+    /** Require approval for risk level 1 tools. Default false. */
+    approveRisk1: boolean;
+}
+export declare const DEFAULT_RISK_POLICY: RiskPolicy;
+/**
+ * Determine whether a tool invocation requires local approval and how strong.
+ * ChatGPT-side confirmation is never trusted on its own.
+ */
+export declare function approvalFor(risk: RiskLevel, policy?: RiskPolicy): ApprovalRequirement;
+//# sourceMappingURL=risk.d.ts.map

package/packages/shared/dist/risk.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk.d.ts","sourceRoot":"","sources":["../src/risk.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,MAAM,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAE1C,eAAO,MAAM,WAAW,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAMjD,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAE/D,MAAM,WAAW,UAAU;IACzB,8DAA8D;IAC9D,YAAY,EAAE,OAAO,CAAC;CACvB;AAED,eAAO,MAAM,mBAAmB,EAAE,UAAoC,CAAC;AAEvE;;;GAGG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,GAAE,UAAgC,GAAG,mBAAmB,CAc1G"}

package/packages/shared/dist/risk.js

@@ -0,0 +1,28 @@
+export const RISK_LABELS = {
+    0: "read-only",
+    1: "safe-write-draft",
+    2: "file-modification",
+    3: "shell/agent/network-write",
+    4: "destructive/publish/deploy",
+};
+export const DEFAULT_RISK_POLICY = { approveRisk1: false };
+/**
+ * Determine whether a tool invocation requires local approval and how strong.
+ * ChatGPT-side confirmation is never trusted on its own.
+ */
+export function approvalFor(risk, policy = DEFAULT_RISK_POLICY) {
+    switch (risk) {
+        case 0:
+            return "none";
+        case 1:
+            return policy.approveRisk1 ? "single" : "none";
+        case 2:
+        case 3:
+            return "single";
+        case 4:
+            return "double";
+        default:
+            return "double";
+    }
+}
+//# sourceMappingURL=risk.js.map

package/packages/shared/dist/risk.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"risk.js","sourceRoot":"","sources":["../src/risk.ts"],"names":[],"mappings":"AAWA,MAAM,CAAC,MAAM,WAAW,GAA8B;IACpD,CAAC,EAAE,WAAW;IACd,CAAC,EAAE,kBAAkB;IACrB,CAAC,EAAE,mBAAmB;IACtB,CAAC,EAAE,2BAA2B;IAC9B,CAAC,EAAE,4BAA4B;CAChC,CAAC;AASF,MAAM,CAAC,MAAM,mBAAmB,GAAe,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;AAEvE;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,IAAe,EAAE,SAAqB,mBAAmB;IACnF,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,CAAC;YACJ,OAAO,MAAM,CAAC;QAChB,KAAK,CAAC;YACJ,OAAO,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC;QACjD,KAAK,CAAC,CAAC;QACP,KAAK,CAAC;YACJ,OAAO,QAAQ,CAAC;QAClB,KAAK,CAAC;YACJ,OAAO,QAAQ,CAAC;QAClB;YACE,OAAO,QAAQ,CAAC;IACpB,CAAC;AACH,CAAC"}

package/packages/shared/dist/types.d.ts

@@ -0,0 +1,94 @@
+import type { RiskLevel } from "./risk.js";
+import type { SkillPermissions } from "./config.js";
+export interface AuditEntry {
+    id: string;
+    timestamp: string;
+    tool: string;
+    caller: string;
+    risk: RiskLevel;
+    inputSummary: string;
+    outputSummary: string;
+    approval: "not-required" | "approved" | "denied" | "auto";
+    durationMs: number;
+    error?: string;
+}
+export type ApprovalStatus = "pending" | "approved" | "denied" | "expired";
+export type ApprovalScope = "once" | "session";
+export interface ApprovalRequest {
+    id: string;
+    createdAt: string;
+    resolvedAt?: string;
+    status: ApprovalStatus;
+    tool: string;
+    risk: RiskLevel;
+    /** "single" or "double" — double requires two approvals. */
+    requirement: "single" | "double";
+    approvalsGiven: number;
+    reason: string;
+    summary: string;
+    caller: string;
+    sessionId?: string;
+    scope?: ApprovalScope;
+}
+export interface ProjectRecord {
+    id: string;
+    name: string;
+    path: string;
+    validateCommand?: string;
+    testCommand?: string;
+    defaultAgent?: string;
+    defaultBranch?: string;
+    stack?: string[];
+    registeredAt: string;
+}
+export interface ToolManifestEntry {
+    name: string;
+    description: string;
+    riskLevel: RiskLevel;
+    inputSchema: Record<string, unknown>;
+}
+export interface SkillManifest {
+    name: string;
+    displayName?: string;
+    version: string;
+    description: string;
+    author?: string;
+    license?: string;
+    entry: string;
+    riskLevel: RiskLevel;
+    permissions: SkillPermissions;
+    tools: ToolManifestEntry[];
+}
+export interface SkillState {
+    manifest: SkillManifest;
+    dir: string;
+    enabled: boolean;
+    generated: boolean;
+    installedAt: string;
+    source?: string;
+    valid: boolean;
+    validationErrors: string[];
+}
+export interface RuntimeInfo {
+    startedAt: string;
+    gatewayUrl: string;
+    dashboardUrl?: string;
+    mcpEndpoint?: string;
+    tunnelUrl?: string;
+    tunnelProvider?: string;
+    pid: number;
+}
+export interface CodingTask {
+    id: string;
+    agent: string;
+    projectId: string;
+    mode: "plan" | "execute";
+    task: string;
+    status: "queued" | "running" | "completed" | "failed" | "stopped";
+    branch?: string;
+    createdAt: string;
+    finishedAt?: string;
+    exitCode?: number;
+    approvedPlanId?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/packages/shared/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAEpD,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,SAAS,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,cAAc,GAAG,UAAU,GAAG,QAAQ,GAAG,MAAM,CAAC;IAC1D,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC;AAC3E,MAAM,MAAM,aAAa,GAAG,MAAM,GAAG,SAAS,CAAC;AAE/C,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,cAAc,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,SAAS,CAAC;IAChB,4DAA4D;IAC5D,WAAW,EAAE,QAAQ,GAAG,QAAQ,CAAC;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,aAAa,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,SAAS,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,SAAS,CAAC;IACrB,WAAW,EAAE,gBAAgB,CAAC;IAC9B,KAAK,EAAE,iBAAiB,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,aAAa,CAAC;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,OAAO,CAAC;IACf,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,QAAQ,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,GAAG,SAAS,CAAC;IAClE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB"}

package/packages/shared/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/packages/shared/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/packages/shared/package.json

@@ -0,0 +1,13 @@
+{
+  "name": "@localant/shared",
+  "version": "1.0.0",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": "./dist/index.js"
+  },
+  "dependencies": {
+    "zod": "^3.24.1"
+  }
+}

package/packages/skill-sdk/dist/index.d.ts

@@ -0,0 +1,36 @@
+import { z } from "zod";
+import type { RiskLevel } from "@localant/shared";
+export { z };
+export type { RiskLevel };
+/** Context handed to every skill tool handler at runtime. */
+export interface SkillContext {
+    /** Resolve a named secret the skill is permitted to access. */
+    getSecret(name: string): Promise<string | undefined>;
+    /** Workspace directory the skill may use for scratch files. */
+    workspaceDir: string;
+    /** Structured logger scoped to the skill. */
+    log: (msg: string, extra?: unknown) => void;
+}
+export interface SkillToolDefinition<I = unknown, O = unknown> {
+    description: string;
+    riskLevel?: RiskLevel;
+    inputSchema: z.ZodType<I>;
+    handler: (input: I, ctx: SkillContext) => Promise<O> | O;
+}
+export interface SkillDefinition {
+    name: string;
+    displayName?: string;
+    description?: string;
+    version?: string;
+    tools: Record<string, SkillToolDefinition>;
+}
+/**
+ * Define a local skill. The returned object is consumed by the gateway skill
+ * runtime; authors should `export default defineSkill({...})`.
+ */
+export declare function defineSkill(def: SkillDefinition): SkillDefinition;
+/** Helper to convert a Zod schema to a JSON-schema-ish object for manifests. */
+export declare function describeTool(tool: SkillToolDefinition): {
+    riskLevel: RiskLevel;
+};
+//# sourceMappingURL=index.d.ts.map

package/packages/skill-sdk/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,CAAC,EAAE,CAAC;AACb,YAAY,EAAE,SAAS,EAAE,CAAC;AAE1B,6DAA6D;AAC7D,MAAM,WAAW,YAAY;IAC3B,+DAA+D;IAC/D,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;IACrD,+DAA+D;IAC/D,YAAY,EAAE,MAAM,CAAC;IACrB,6CAA6C;IAC7C,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CAC7C;AAED,MAAM,WAAW,mBAAmB,CAAC,CAAC,GAAG,OAAO,EAAE,CAAC,GAAG,OAAO;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,WAAW,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAC1B,OAAO,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,GAAG,EAAE,YAAY,KAAK,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;CAC1D;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;CAC5C;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,eAAe,GAAG,eAAe,CAQjE;AAED,gFAAgF;AAChF,wBAAgB,YAAY,CAAC,IAAI,EAAE,mBAAmB,GAAG;IAAE,SAAS,EAAE,SAAS,CAAA;CAAE,CAEhF"}

package/packages/skill-sdk/dist/index.js

@@ -0,0 +1,20 @@
+import { z } from "zod";
+export { z };
+/**
+ * Define a local skill. The returned object is consumed by the gateway skill
+ * runtime; authors should `export default defineSkill({...})`.
+ */
+export function defineSkill(def) {
+    if (!def.name || !/^[a-z0-9][a-z0-9-]*$/.test(def.name)) {
+        throw new Error(`Invalid skill name: ${def.name}. Use lowercase kebab-case.`);
+    }
+    if (!def.tools || Object.keys(def.tools).length === 0) {
+        throw new Error(`Skill ${def.name} must define at least one tool.`);
+    }
+    return def;
+}
+/** Helper to convert a Zod schema to a JSON-schema-ish object for manifests. */
+export function describeTool(tool) {
+    return { riskLevel: tool.riskLevel ?? 0 };
+}
+//# sourceMappingURL=index.js.map

package/packages/skill-sdk/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,CAAC,EAAE,CAAC;AA4Bb;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,GAAoB;IAC9C,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,CAAC,IAAI,6BAA6B,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,IAAI,iCAAiC,CAAC,CAAC;IACtE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,gFAAgF;AAChF,MAAM,UAAU,YAAY,CAAC,IAAyB;IACpD,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,CAAC,EAAE,CAAC;AAC5C,CAAC"}

package/packages/skill-sdk/package.json

@@ -0,0 +1,14 @@
+{
+  "name": "@localant/skill-sdk",
+  "version": "1.0.0",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": "./dist/index.js"
+  },
+  "dependencies": {
+    "@localant/shared": "workspace:*",
+    "zod": "^3.24.1"
+  }
+}