localant 1.0.0

package/packages/gateway/dist/security/command-guard.js

@@ -0,0 +1,105 @@
+export class CommandRejectedError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "CommandRejectedError";
+    }
+}
+/**
+ * Tokenize a command for safety inspection. We split on shell control
+ * operators so that `a && rm -rf /` is inspected as two segments, defeating
+ * naive "starts with allowed command" bypasses.
+ */
+export function parseCommand(input) {
+    const normalized = input.trim().replace(/\s+/g, " ");
+    // Split on shell operators that chain/redirect commands.
+    const segments = normalized.split(/(?:\|\||&&|;|\||&|>|<|`|\$\()/g);
+    const tokens = [];
+    for (const seg of segments) {
+        for (const word of seg.trim().split(" ")) {
+            if (word)
+                tokens.push(word.toLowerCase());
+        }
+    }
+    return { normalized, tokens };
+}
+/** Detect characters/sequences indicating command substitution or chaining. */
+function hasDangerousMetachars(input) {
+    // Backticks, $(...) command substitution, and process substitution.
+    return /`|\$\(|\$\{|<\(|>\(/.test(input);
+}
+export class CommandGuard {
+    allowedCommands;
+    blockedTokens;
+    constructor(allowedCommands, blockedTokens) {
+        this.allowedCommands = allowedCommands;
+        this.blockedTokens = blockedTokens;
+    }
+    setAllowed(commands) {
+        this.allowedCommands = commands;
+    }
+    setBlocked(tokens) {
+        this.blockedTokens = tokens;
+    }
+    allowed() {
+        return [...this.allowedCommands];
+    }
+    /**
+     * Validate a command against the allowlist and blocklist. Throws on any
+     * rejection. Returns the normalized command on success.
+     *
+     * A command is allowed only if its normalized form *starts with* one of the
+     * allowlisted command prefixes AND contains no blocked tokens, no dangerous
+     * chaining/substitution metacharacters, and no piped second program.
+     */
+    assertAllowed(input) {
+        const { normalized, tokens } = parseCommand(input);
+        if (!normalized)
+            throw new CommandRejectedError("Empty command.");
+        if (hasDangerousMetachars(input)) {
+            throw new CommandRejectedError("Command rejected: command substitution / process substitution is not allowed.");
+        }
+        // Reject chaining operators outright for the allowed-command runner.
+        if (/(\|\||&&|;|\||&|>|<)/.test(input)) {
+            throw new CommandRejectedError("Command rejected: pipelines, redirection and chaining are not allowed.");
+        }
+        // Blocked tokens anywhere.
+        const blocked = this.blockedTokens.map((t) => t.toLowerCase());
+        for (const tok of tokens) {
+            if (blocked.includes(tok)) {
+                throw new CommandRejectedError(`Command rejected: '${tok}' is a blocked command.`);
+            }
+        }
+        // Special-case destructive flag combos that are not single tokens.
+        if (/\brm\b/.test(normalized) && /-[a-z]*r[a-z]*f|-[a-z]*f[a-z]*r|--recursive|--force/i.test(normalized)) {
+            throw new CommandRejectedError("Command rejected: recursive/forced 'rm' is blocked.");
+        }
+        if (/\bchmod\b\s+777/.test(normalized)) {
+            throw new CommandRejectedError("Command rejected: 'chmod 777' is blocked.");
+        }
+        // Must match an allowlisted prefix.
+        const ok = this.allowedCommands.some((cmd) => {
+            const c = cmd.trim().replace(/\s+/g, " ").toLowerCase();
+            const n = normalized.toLowerCase();
+            return n === c || n.startsWith(c + " ");
+        });
+        if (!ok) {
+            throw new CommandRejectedError(`Command rejected: '${normalized}' is not in the allowed command list. Use shell_request_command_approval to request it.`);
+        }
+        return normalized;
+    }
+    /** Looser check for an *approved* arbitrary command — still blocks the hard blocklist. */
+    assertNotBlocked(input) {
+        const { normalized, tokens } = parseCommand(input);
+        const blocked = this.blockedTokens.map((t) => t.toLowerCase());
+        for (const tok of tokens) {
+            if (blocked.includes(tok)) {
+                throw new CommandRejectedError(`Command rejected: '${tok}' is a blocked command even after approval.`);
+            }
+        }
+        if (/\brm\b/.test(normalized) && /-[a-z]*r[a-z]*f/i.test(normalized)) {
+            throw new CommandRejectedError("Command rejected: 'rm -rf' is blocked even after approval.");
+        }
+        return normalized;
+    }
+}
+//# sourceMappingURL=command-guard.js.map

package/packages/gateway/dist/security/command-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-guard.js","sourceRoot":"","sources":["../../src/security/command-guard.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC7C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AASD;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa;IACxC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrD,yDAAyD;IACzD,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpE,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YACzC,IAAI,IAAI;gBAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IACD,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;AAChC,CAAC;AAED,+EAA+E;AAC/E,SAAS,qBAAqB,CAAC,KAAa;IAC1C,oEAAoE;IACpE,OAAO,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,OAAO,YAAY;IAEb;IACA;IAFV,YACU,eAAyB,EACzB,aAAuB;QADvB,oBAAe,GAAf,eAAe,CAAU;QACzB,kBAAa,GAAb,aAAa,CAAU;IAC9B,CAAC;IAEJ,UAAU,CAAC,QAAkB;QAC3B,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAC;IAClC,CAAC;IACD,UAAU,CAAC,MAAgB;QACzB,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC;IAC9B,CAAC;IACD,OAAO;QACL,OAAO,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC;IACnC,CAAC;IAED;;;;;;;OAOG;IACH,aAAa,CAAC,KAAa;QACzB,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,oBAAoB,CAAC,gBAAgB,CAAC,CAAC;QAElE,IAAI,qBAAqB,CAAC,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,oBAAoB,CAAC,+EAA+E,CAAC,CAAC;QAClH,CAAC;QAED,qEAAqE;QACrE,IAAI,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,oBAAoB,CAAC,wEAAwE,CAAC,CAAC;QAC3G,CAAC;QAED,2BAA2B;QAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC/D,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACzB,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,MAAM,IAAI,oBAAoB,CAAC,sBAAsB,GAAG,yBAAyB,CAAC,CAAC;YACrF,CAAC;QACH,CAAC;QACD,mEAAmE;QACnE,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,sDAAsD,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YACzG,MAAM,IAAI,oBAAoB,CAAC,qDAAqD,CAAC,CAAC;QACxF,CAAC;QACD,IAAI,iBAAiB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,oBAAoB,CAAC,2CAA2C,CAAC,CAAC;QAC9E,CAAC;QAED,oCAAoC;QACpC,MAAM,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;YAC3C,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;YACxD,MAAM,CAAC,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;YACnC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,IAAI,oBAAoB,CAC5B,sBAAsB,UAAU,yFAAyF,CAC1H,CAAC;QACJ,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,0FAA0F;IAC1F,gBAAgB,CAAC,KAAa;QAC5B,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;QACnD,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QAC/D,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;YACzB,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,MAAM,IAAI,oBAAoB,CAAC,sBAAsB,GAAG,6CAA6C,CAAC,CAAC;YACzG,CAAC;QACH,CAAC;QACD,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,oBAAoB,CAAC,4DAA4D,CAAC,CAAC;QAC/F,CAAC;QACD,OAAO,UAAU,CAAC;IACpB,CAAC;CACF"}

package/packages/gateway/dist/security/path-guard.d.ts

@@ -0,0 +1,31 @@
+export declare class PathAccessError extends Error {
+    constructor(message: string);
+}
+/**
+ * Resolves and validates a requested path against the allowed directories and
+ * the sensitive blocklist. Defends against:
+ *  - path traversal (`../`)
+ *  - symlink traversal (realpath of every existing ancestor is re-checked)
+ *  - access to sensitive system/credential paths
+ */
+export declare class PathGuard {
+    private allowedDirs;
+    private readonly blocklist;
+    constructor(allowedDirs: string[]);
+    setAllowedDirectories(dirs: string[]): void;
+    allowed(): string[];
+    private inBlocklist;
+    private inAllowlist;
+    /**
+     * Resolve the realpath of the deepest existing ancestor and re-check it.
+     * This catches a symlink anywhere along the path that points outside the
+     * allowlist (e.g. `~/Projects/evil -> /etc`).
+     */
+    private resolveRealAncestor;
+    /**
+     * Validate a path for the requested mode. Returns the normalized absolute
+     * path. Throws PathAccessError on any violation.
+     */
+    assertAccess(requested: string, mode: "read" | "write"): string;
+}
+//# sourceMappingURL=path-guard.d.ts.map

package/packages/gateway/dist/security/path-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-guard.d.ts","sourceRoot":"","sources":["../../src/security/path-guard.ts"],"names":[],"mappings":"AAKA,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM;CAI5B;AAkBD;;;;;;GAMG;AACH,qBAAa,SAAS;IAGR,OAAO,CAAC,WAAW;IAF/B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAW;gBAEjB,WAAW,EAAE,MAAM,EAAE;IAIzC,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI;IAI3C,OAAO,IAAI,MAAM,EAAE;IAInB,OAAO,CAAC,WAAW;IAInB,OAAO,CAAC,WAAW;IAInB;;;;OAIG;IACH,OAAO,CAAC,mBAAmB;IAmB3B;;;OAGG;IACH,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,MAAM;CAwBhE"}

package/packages/gateway/dist/security/path-guard.js

@@ -0,0 +1,101 @@
+import fs from "node:fs";
+import path from "node:path";
+import os from "node:os";
+import { sensitiveBlocklist } from "@localant/shared";
+export class PathAccessError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "PathAccessError";
+    }
+}
+function expandHome(p) {
+    if (p === "~")
+        return os.homedir();
+    if (p.startsWith("~/") || p.startsWith("~\\"))
+        return path.join(os.homedir(), p.slice(2));
+    return p;
+}
+function normalizeAbs(p) {
+    return path.resolve(expandHome(p));
+}
+/** True if `child` is `parent` or nested under it (prefix check on segments). */
+function isWithin(parent, child) {
+    const rel = path.relative(parent, child);
+    return rel === "" || (!rel.startsWith("..") && !path.isAbsolute(rel));
+}
+/**
+ * Resolves and validates a requested path against the allowed directories and
+ * the sensitive blocklist. Defends against:
+ *  - path traversal (`../`)
+ *  - symlink traversal (realpath of every existing ancestor is re-checked)
+ *  - access to sensitive system/credential paths
+ */
+export class PathGuard {
+    allowedDirs;
+    blocklist;
+    constructor(allowedDirs) {
+        this.allowedDirs = allowedDirs;
+        this.blocklist = sensitiveBlocklist().map(normalizeAbs);
+    }
+    setAllowedDirectories(dirs) {
+        this.allowedDirs = dirs;
+    }
+    allowed() {
+        return this.allowedDirs.map(normalizeAbs);
+    }
+    inBlocklist(resolved) {
+        return this.blocklist.some((b) => isWithin(b, resolved));
+    }
+    inAllowlist(resolved) {
+        return this.allowed().some((dir) => isWithin(dir, resolved));
+    }
+    /**
+     * Resolve the realpath of the deepest existing ancestor and re-check it.
+     * This catches a symlink anywhere along the path that points outside the
+     * allowlist (e.g. `~/Projects/evil -> /etc`).
+     */
+    resolveRealAncestor(resolved) {
+        let current = resolved;
+        const tail = [];
+        // Walk up until we find a path that exists on disk.
+        while (!fs.existsSync(current)) {
+            const parent = path.dirname(current);
+            if (parent === current)
+                break;
+            tail.unshift(path.basename(current));
+            current = parent;
+        }
+        let real;
+        try {
+            real = fs.realpathSync(current);
+        }
+        catch {
+            real = current;
+        }
+        return tail.length ? path.join(real, ...tail) : real;
+    }
+    /**
+     * Validate a path for the requested mode. Returns the normalized absolute
+     * path. Throws PathAccessError on any violation.
+     */
+    assertAccess(requested, mode) {
+        const resolved = normalizeAbs(requested);
+        if (this.inBlocklist(resolved)) {
+            throw new PathAccessError(`Access denied: '${requested}' is in the sensitive blocklist.`);
+        }
+        if (!this.inAllowlist(resolved)) {
+            throw new PathAccessError(`Access denied: '${requested}' is outside the allowed directories. Add it with fs_add_allowed_directory.`);
+        }
+        // Re-check after resolving symlinks on existing ancestors.
+        const real = this.resolveRealAncestor(resolved);
+        if (this.inBlocklist(real)) {
+            throw new PathAccessError(`Access denied: '${requested}' resolves (via symlink) into a sensitive path.`);
+        }
+        if (!this.inAllowlist(real)) {
+            throw new PathAccessError(`Access denied: '${requested}' resolves (via symlink) outside allowed directories.`);
+        }
+        void mode; // mode-specific policy is enforced by callers / permission engine.
+        return resolved;
+    }
+}
+//# sourceMappingURL=path-guard.js.map

package/packages/gateway/dist/security/path-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-guard.js","sourceRoot":"","sources":["../../src/security/path-guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAEtD,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACxC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;IAChC,CAAC;CACF;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,EAAE,CAAC,OAAO,EAAE,CAAC;IACnC,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1F,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,iFAAiF;AACjF,SAAS,QAAQ,CAAC,MAAc,EAAE,KAAa;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IACzC,OAAO,GAAG,KAAK,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;AACxE,CAAC;AAED;;;;;;GAMG;AACH,MAAM,OAAO,SAAS;IAGA;IAFH,SAAS,CAAW;IAErC,YAAoB,WAAqB;QAArB,gBAAW,GAAX,WAAW,CAAU;QACvC,IAAI,CAAC,SAAS,GAAG,kBAAkB,EAAE,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC1D,CAAC;IAED,qBAAqB,CAAC,IAAc;QAClC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;IAC1B,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAC5C,CAAC;IAEO,WAAW,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC3D,CAAC;IAEO,WAAW,CAAC,QAAgB;QAClC,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC/D,CAAC;IAED;;;;OAIG;IACK,mBAAmB,CAAC,QAAgB;QAC1C,IAAI,OAAO,GAAG,QAAQ,CAAC;QACvB,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,oDAAoD;QACpD,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACrC,IAAI,MAAM,KAAK,OAAO;gBAAE,MAAM;YAC9B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACrC,OAAO,GAAG,MAAM,CAAC;QACnB,CAAC;QACD,IAAI,IAAY,CAAC;QACjB,IAAI,CAAC;YACH,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,GAAG,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACvD,CAAC;IAED;;;OAGG;IACH,YAAY,CAAC,SAAiB,EAAE,IAAsB;QACpD,MAAM,QAAQ,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;QAEzC,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,eAAe,CAAC,mBAAmB,SAAS,kCAAkC,CAAC,CAAC;QAC5F,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YAChC,MAAM,IAAI,eAAe,CACvB,mBAAmB,SAAS,6EAA6E,CAC1G,CAAC;QACJ,CAAC;QAED,2DAA2D;QAC3D,MAAM,IAAI,GAAG,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAChD,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,eAAe,CAAC,mBAAmB,SAAS,iDAAiD,CAAC,CAAC;QAC3G,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,eAAe,CAAC,mBAAmB,SAAS,uDAAuD,CAAC,CAAC;QACjH,CAAC;QAED,KAAK,IAAI,CAAC,CAAC,mEAAmE;QAC9E,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/packages/gateway/dist/skill-runner.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=skill-runner.d.ts.map

package/packages/gateway/dist/skill-runner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-runner.d.ts","sourceRoot":"","sources":["../src/skill-runner.ts"],"names":[],"mappings":""}

package/packages/gateway/dist/skill-runner.js

@@ -0,0 +1,38 @@
+/**
+ * Isolated skill execution entry point. Reads a JSON payload from stdin,
+ * dynamically imports the skill entry (Node strips TS types on v22.18+),
+ * validates input against the tool's Zod schema, runs the handler with a
+ * restricted context, and prints a single JSON result line to stdout.
+ *
+ * The skill only receives the secret values it is permitted to access; the
+ * vault itself is never exposed to the subprocess.
+ */
+import { pathToFileURL } from "node:url";
+async function readStdin() {
+    const chunks = [];
+    for await (const chunk of process.stdin)
+        chunks.push(chunk);
+    return Buffer.concat(chunks).toString("utf8");
+}
+async function main() {
+    const payload = JSON.parse(await readStdin());
+    const mod = await import(pathToFileURL(payload.entry).href);
+    const skill = mod.default;
+    if (!skill || !skill.tools || !skill.tools[payload.tool]) {
+        throw new Error(`Tool '${payload.tool}' not found in skill.`);
+    }
+    const tool = skill.tools[payload.tool];
+    const parsed = tool.inputSchema ? tool.inputSchema.parse(payload.input) : payload.input;
+    const ctx = {
+        getSecret: async (name) => payload.secrets[name],
+        workspaceDir: payload.workspaceDir,
+        log: (msg) => process.stderr.write(`[skill] ${msg}\n`),
+    };
+    const result = await tool.handler(parsed, ctx);
+    process.stdout.write(JSON.stringify({ ok: true, result }) + "\n");
+}
+main().catch((err) => {
+    process.stdout.write(JSON.stringify({ ok: false, error: err instanceof Error ? err.message : String(err) }) + "\n");
+    process.exitCode = 1;
+});
+//# sourceMappingURL=skill-runner.js.map

package/packages/gateway/dist/skill-runner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skill-runner.js","sourceRoot":"","sources":["../src/skill-runner.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAUzC,KAAK,UAAU,SAAS;IACtB,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,OAAO,CAAC,KAAK;QAAE,MAAM,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC;IACtE,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAChD,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,SAAS,EAAE,CAAY,CAAC;IACzD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC;IAC5D,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC;IAC1B,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,SAAS,OAAO,CAAC,IAAI,uBAAuB,CAAC,CAAC;IAChE,CAAC;IACD,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IACxF,MAAM,GAAG,GAAG;QACV,SAAS,EAAE,KAAK,EAAE,IAAY,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC;QACxD,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,GAAG,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,GAAG,IAAI,CAAC;KAC/D,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC/C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;AACpE,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;IAC5B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;IACpH,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}

package/packages/gateway/dist/stores/approval-store.d.ts

@@ -0,0 +1,34 @@
+import type { AppPaths, ApprovalRequest, RiskLevel } from "@localant/shared";
+/**
+ * Persistent approval queue. Approvals can be granted via the CLI, the
+ * dashboard, or MCP approval tools — ChatGPT-side confirmation is never
+ * trusted alone.
+ */
+export declare class ApprovalStore {
+    private readonly file;
+    /** session id -> set of tool names approved for the whole session. */
+    private readonly sessionGrants;
+    constructor(paths: AppPaths);
+    private read;
+    private write;
+    create(input: {
+        tool: string;
+        risk: RiskLevel;
+        requirement: "single" | "double";
+        reason: string;
+        summary: string;
+        caller: string;
+        sessionId?: string;
+    }): ApprovalRequest;
+    get(id: string): ApprovalRequest | undefined;
+    listPending(): ApprovalRequest[];
+    list(limit?: number): ApprovalRequest[];
+    approve(id: string, scope?: "once" | "session"): ApprovalRequest | undefined;
+    deny(id: string): ApprovalRequest | undefined;
+    hasSessionGrant(sessionId: string | undefined, tool: string): boolean;
+    /** Find an approved-but-unconsumed once-approval for a tool. */
+    findApprovedForTool(tool: string): ApprovalRequest | undefined;
+    /** Mark a once-approval as consumed so it cannot be reused. */
+    consume(id: string): void;
+}
+//# sourceMappingURL=approval-store.d.ts.map

package/packages/gateway/dist/stores/approval-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approval-store.d.ts","sourceRoot":"","sources":["../../src/stores/approval-store.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAE7E;;;;GAIG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,sEAAsE;IACtE,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAkC;gBAEpD,KAAK,EAAE,QAAQ;IAI3B,OAAO,CAAC,IAAI;IAQZ,OAAO,CAAC,KAAK;IAIb,MAAM,CAAC,KAAK,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,SAAS,CAAC;QAChB,WAAW,EAAE,QAAQ,GAAG,QAAQ,CAAC;QACjC,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GAAG,eAAe;IAcnB,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;IAI5C,WAAW,IAAI,eAAe,EAAE;IAIhC,IAAI,CAAC,KAAK,SAAM,GAAG,eAAe,EAAE;IAIpC,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,GAAE,MAAM,GAAG,SAAkB,GAAG,eAAe,GAAG,SAAS;IA0BpF,IAAI,CAAC,EAAE,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;IAc7C,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,SAAS,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO;IAKrE,gEAAgE;IAChE,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;IAI9D,+DAA+D;IAC/D,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI;CAO1B"}

package/packages/gateway/dist/stores/approval-store.js

@@ -0,0 +1,108 @@
+import fs from "node:fs";
+import { nanoid } from "nanoid";
+/**
+ * Persistent approval queue. Approvals can be granted via the CLI, the
+ * dashboard, or MCP approval tools — ChatGPT-side confirmation is never
+ * trusted alone.
+ */
+export class ApprovalStore {
+    file;
+    /** session id -> set of tool names approved for the whole session. */
+    sessionGrants = new Map();
+    constructor(paths) {
+        this.file = paths.approvalsFile;
+    }
+    read() {
+        try {
+            return JSON.parse(fs.readFileSync(this.file, "utf8"));
+        }
+        catch {
+            return [];
+        }
+    }
+    write(items) {
+        fs.writeFileSync(this.file, JSON.stringify(items, null, 2), { mode: 0o600 });
+    }
+    create(input) {
+        const req = {
+            id: nanoid(10),
+            createdAt: new Date().toISOString(),
+            status: "pending",
+            approvalsGiven: 0,
+            ...input,
+        };
+        const items = this.read();
+        items.push(req);
+        this.write(items);
+        return req;
+    }
+    get(id) {
+        return this.read().find((r) => r.id === id);
+    }
+    listPending() {
+        return this.read().filter((r) => r.status === "pending");
+    }
+    list(limit = 100) {
+        return this.read().slice(-limit).reverse();
+    }
+    approve(id, scope = "once") {
+        const items = this.read();
+        const idx = items.findIndex((r) => r.id === id);
+        if (idx === -1)
+            return undefined;
+        const req = items[idx];
+        if (req.status !== "pending")
+            return req;
+        const given = req.approvalsGiven + 1;
+        const needed = req.requirement === "double" ? 2 : 1;
+        const updated = {
+            ...req,
+            approvalsGiven: given,
+            scope,
+            ...(given >= needed
+                ? { status: "approved", resolvedAt: new Date().toISOString() }
+                : {}),
+        };
+        items[idx] = updated;
+        this.write(items);
+        if (updated.status === "approved" && scope === "session" && req.sessionId) {
+            const set = this.sessionGrants.get(req.sessionId) ?? new Set();
+            set.add(req.tool);
+            this.sessionGrants.set(req.sessionId, set);
+        }
+        return updated;
+    }
+    deny(id) {
+        const items = this.read();
+        const idx = items.findIndex((r) => r.id === id);
+        if (idx === -1)
+            return undefined;
+        const updated = {
+            ...items[idx],
+            status: "denied",
+            resolvedAt: new Date().toISOString(),
+        };
+        items[idx] = updated;
+        this.write(items);
+        return updated;
+    }
+    hasSessionGrant(sessionId, tool) {
+        if (!sessionId)
+            return false;
+        return this.sessionGrants.get(sessionId)?.has(tool) ?? false;
+    }
+    /** Find an approved-but-unconsumed once-approval for a tool. */
+    findApprovedForTool(tool) {
+        return this.read().find((r) => r.tool === tool && r.status === "approved" && r.scope !== "session");
+    }
+    /** Mark a once-approval as consumed so it cannot be reused. */
+    consume(id) {
+        const items = this.read();
+        const idx = items.findIndex((r) => r.id === id);
+        if (idx === -1)
+            return;
+        items[idx] = { ...items[idx], status: "expired", resolvedAt: new Date().toISOString() };
+        this.write(items);
+    }
+}
+//# sourceMappingURL=approval-store.js.map

package/packages/gateway/dist/stores/approval-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"approval-store.js","sourceRoot":"","sources":["../../src/stores/approval-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAGhC;;;;GAIG;AACH,MAAM,OAAO,aAAa;IACP,IAAI,CAAS;IAC9B,sEAAsE;IACrD,aAAa,GAAG,IAAI,GAAG,EAAuB,CAAC;IAEhE,YAAY,KAAe;QACzB,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,aAAa,CAAC;IAClC,CAAC;IAEO,IAAI;QACV,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAsB,CAAC;QAC7E,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,KAAwB;QACpC,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,MAAM,CAAC,KAQN;QACC,MAAM,GAAG,GAAoB;YAC3B,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC;YACd,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,MAAM,EAAE,SAAS;YACjB,cAAc,EAAE,CAAC;YACjB,GAAG,KAAK;SACT,CAAC;QACF,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAChB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAClB,OAAO,GAAG,CAAC;IACb,CAAC;IAED,GAAG,CAAC,EAAU;QACZ,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,WAAW;QACT,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;IAC3D,CAAC;IAED,IAAI,CAAC,KAAK,GAAG,GAAG;QACd,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;IAC7C,CAAC;IAED,OAAO,CAAC,EAAU,EAAE,QAA4B,MAAM;QACpD,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAChD,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,OAAO,SAAS,CAAC;QACjC,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAE,CAAC;QACxB,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS;YAAE,OAAO,GAAG,CAAC;QACzC,MAAM,KAAK,GAAG,GAAG,CAAC,cAAc,GAAG,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,GAAG,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,OAAO,GAAoB;YAC/B,GAAG,GAAG;YACN,cAAc,EAAE,KAAK;YACrB,KAAK;YACL,GAAG,CAAC,KAAK,IAAI,MAAM;gBACjB,CAAC,CAAC,EAAE,MAAM,EAAE,UAAmB,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;gBACvE,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;QACF,KAAK,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC;QACrB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAClB,IAAI,OAAO,CAAC,MAAM,KAAK,UAAU,IAAI,KAAK,KAAK,SAAS,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YAC1E,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,IAAI,GAAG,EAAE,CAAC;YAC/D,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAClB,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QAC7C,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,CAAC,EAAU;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAChD,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,OAAO,SAAS,CAAC;QACjC,MAAM,OAAO,GAAoB;YAC/B,GAAG,KAAK,CAAC,GAAG,CAAE;YACd,MAAM,EAAE,QAAQ;YAChB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACrC,CAAC;QACF,KAAK,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC;QACrB,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAClB,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,eAAe,CAAC,SAA6B,EAAE,IAAY;QACzD,IAAI,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC;QAC7B,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC;IAC/D,CAAC;IAED,gEAAgE;IAChE,mBAAmB,CAAC,IAAY;QAC9B,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,UAAU,IAAI,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC;IACtG,CAAC;IAED,+DAA+D;IAC/D,OAAO,CAAC,EAAU;QAChB,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAChD,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,OAAO;QACvB,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,GAAG,CAAE,EAAE,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;QACzF,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACpB,CAAC;CACF"}

package/packages/gateway/dist/stores/audit-log.d.ts

@@ -0,0 +1,23 @@
+import { type AppPaths, type AuditEntry, type RiskLevel } from "@localant/shared";
+/** Append-only audit log backed by a JSONL file. Secrets are redacted. */
+export declare class AuditLog {
+    private readonly file;
+    private secretsProvider;
+    constructor(paths: AppPaths);
+    setSecretsProvider(fn: () => string[]): void;
+    record(entry: {
+        tool: string;
+        caller: string;
+        risk: RiskLevel;
+        input: unknown;
+        output: unknown;
+        approval: AuditEntry["approval"];
+        durationMs: number;
+        error?: string;
+    }): AuditEntry;
+    list(limit?: number, offset?: number): AuditEntry[];
+    get(id: string): AuditEntry | undefined;
+    search(query: string, limit?: number): AuditEntry[];
+    readAll(): AuditEntry[];
+}
+//# sourceMappingURL=audit-log.d.ts.map

package/packages/gateway/dist/stores/audit-log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-log.d.ts","sourceRoot":"","sources":["../../src/stores/audit-log.ts"],"names":[],"mappings":"AAEA,OAAO,EAAoB,KAAK,QAAQ,EAAE,KAAK,UAAU,EAAE,KAAK,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAEpG,0EAA0E;AAC1E,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,eAAe,CAA4B;gBAEvC,KAAK,EAAE,QAAQ;IAI3B,kBAAkB,CAAC,EAAE,EAAE,MAAM,MAAM,EAAE,GAAG,IAAI;IAI5C,MAAM,CAAC,KAAK,EAAE;QACZ,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,SAAS,CAAC;QAChB,KAAK,EAAE,OAAO,CAAC;QACf,MAAM,EAAE,OAAO,CAAC;QAChB,QAAQ,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC;QACjC,UAAU,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,UAAU;IAkBd,IAAI,CAAC,KAAK,SAAM,EAAE,MAAM,SAAI,GAAG,UAAU,EAAE;IAK3C,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS;IAIvC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,SAAM,GAAG,UAAU,EAAE;IAahD,OAAO,IAAI,UAAU,EAAE;CAWxB"}

package/packages/gateway/dist/stores/audit-log.js

@@ -0,0 +1,70 @@
+import fs from "node:fs";
+import { nanoid } from "nanoid";
+import { redact, truncate } from "@localant/shared";
+/** Append-only audit log backed by a JSONL file. Secrets are redacted. */
+export class AuditLog {
+    file;
+    secretsProvider = () => [];
+    constructor(paths) {
+        this.file = paths.auditLog;
+    }
+    setSecretsProvider(fn) {
+        this.secretsProvider = fn;
+    }
+    record(entry) {
+        const secrets = this.secretsProvider();
+        const full = {
+            id: nanoid(12),
+            timestamp: new Date().toISOString(),
+            tool: entry.tool,
+            caller: entry.caller,
+            risk: entry.risk,
+            inputSummary: truncate(redact(safeStringify(entry.input), secrets), 500),
+            outputSummary: truncate(redact(safeStringify(entry.output), secrets), 500),
+            approval: entry.approval,
+            durationMs: entry.durationMs,
+            ...(entry.error ? { error: truncate(redact(entry.error, secrets), 500) } : {}),
+        };
+        fs.appendFileSync(this.file, JSON.stringify(full) + "\n");
+        return full;
+    }
+    list(limit = 100, offset = 0) {
+        const all = this.readAll();
+        return all.slice(Math.max(0, all.length - offset - limit), all.length - offset).reverse();
+    }
+    get(id) {
+        return this.readAll().find((e) => e.id === id);
+    }
+    search(query, limit = 100) {
+        const q = query.toLowerCase();
+        return this.readAll()
+            .filter((e) => e.tool.toLowerCase().includes(q) ||
+            e.inputSummary.toLowerCase().includes(q) ||
+            (e.error ?? "").toLowerCase().includes(q))
+            .reverse()
+            .slice(0, limit);
+    }
+    readAll() {
+        try {
+            return fs
+                .readFileSync(this.file, "utf8")
+                .split("\n")
+                .filter((l) => l.trim())
+                .map((l) => JSON.parse(l));
+        }
+        catch {
+            return [];
+        }
+    }
+}
+function safeStringify(value) {
+    if (typeof value === "string")
+        return value;
+    try {
+        return JSON.stringify(value);
+    }
+    catch {
+        return String(value);
+    }
+}
+//# sourceMappingURL=audit-log.js.map

package/packages/gateway/dist/stores/audit-log.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-log.js","sourceRoot":"","sources":["../../src/stores/audit-log.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAChC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAkD,MAAM,kBAAkB,CAAC;AAEpG,0EAA0E;AAC1E,MAAM,OAAO,QAAQ;IACF,IAAI,CAAS;IACtB,eAAe,GAAmB,GAAG,EAAE,CAAC,EAAE,CAAC;IAEnD,YAAY,KAAe;QACzB,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,QAAQ,CAAC;IAC7B,CAAC;IAED,kBAAkB,CAAC,EAAkB;QACnC,IAAI,CAAC,eAAe,GAAG,EAAE,CAAC;IAC5B,CAAC;IAED,MAAM,CAAC,KASN;QACC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QACvC,MAAM,IAAI,GAAe;YACvB,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC;YACd,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,YAAY,EAAE,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC;YACxE,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC;YAC1E,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC/E,CAAC;QACF,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,KAAK,GAAG,GAAG,EAAE,MAAM,GAAG,CAAC;QAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAC3B,OAAO,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,MAAM,GAAG,KAAK,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC;IAC5F,CAAC;IAED,GAAG,CAAC,EAAU;QACZ,OAAO,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,CAAC,KAAa,EAAE,KAAK,GAAG,GAAG;QAC/B,MAAM,CAAC,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC,OAAO,EAAE;aAClB,MAAM,CACL,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;YAChC,CAAC,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;YACxC,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAC5C;aACA,OAAO,EAAE;aACT,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACrB,CAAC;IAED,OAAO;QACL,IAAI,CAAC;YACH,OAAO,EAAE;iBACN,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC;iBAC/B,KAAK,CAAC,IAAI,CAAC;iBACX,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAe,CAAC,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CACF;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC;AACH,CAAC"}

package/packages/gateway/dist/stores/config-store.d.ts

@@ -0,0 +1,14 @@
+import { type Config, type AppPaths } from "@localant/shared";
+/** Loads, persists and initializes on-disk configuration and identity files. */
+export declare class ConfigStore {
+    readonly paths: AppPaths;
+    constructor(base?: string);
+    /** Create config dir tree and default files if missing. Idempotent. */
+    ensureInitialized(): void;
+    load(): Config;
+    save(config: Config): Config;
+    /** Immutably merge a partial patch into config and persist. */
+    update(patch: Partial<Config>): Config;
+    getToken(): string;
+}
+//# sourceMappingURL=config-store.d.ts.map

package/packages/gateway/dist/stores/config-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-store.d.ts","sourceRoot":"","sources":["../../src/stores/config-store.ts"],"names":[],"mappings":"AAGA,OAAO,EAAgB,KAAK,MAAM,EAA2B,KAAK,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAErG,gFAAgF;AAChF,qBAAa,WAAW;IACtB,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC;gBAEb,IAAI,CAAC,EAAE,MAAM;IAIzB,uEAAuE;IACvE,iBAAiB,IAAI,IAAI;IAuBzB,IAAI,IAAI,MAAM;IASd,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;IAM5B,+DAA+D;IAC/D,MAAM,CAAC,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM;IAKtC,QAAQ,IAAI,MAAM;CAGnB"}

package/packages/gateway/dist/stores/config-store.js

@@ -0,0 +1,57 @@
+import fs from "node:fs";
+import path from "node:path";
+import crypto from "node:crypto";
+import { ConfigSchema, defaultConfig, appPaths } from "@localant/shared";
+/** Loads, persists and initializes on-disk configuration and identity files. */
+export class ConfigStore {
+    paths;
+    constructor(base) {
+        this.paths = appPaths(base);
+    }
+    /** Create config dir tree and default files if missing. Idempotent. */
+    ensureInitialized() {
+        const p = this.paths;
+        for (const dir of [p.root, path.dirname(p.auditLog), p.skillsDir, p.backupsDir, p.workspaceDir, p.logsDir]) {
+            fs.mkdirSync(dir, { recursive: true });
+        }
+        if (!fs.existsSync(p.configFile)) {
+            this.save(defaultConfig());
+        }
+        if (!fs.existsSync(p.tokenFile)) {
+            const token = crypto.randomBytes(32).toString("base64url");
+            fs.writeFileSync(p.tokenFile, token, { mode: 0o600 });
+        }
+        if (!fs.existsSync(p.secretsFile)) {
+            fs.writeFileSync(p.secretsFile, JSON.stringify({}), { mode: 0o600 });
+        }
+        if (!fs.existsSync(p.approvalsFile)) {
+            fs.writeFileSync(p.approvalsFile, JSON.stringify([]), { mode: 0o600 });
+        }
+        if (!fs.existsSync(p.auditLog)) {
+            fs.writeFileSync(p.auditLog, "", { mode: 0o600 });
+        }
+    }
+    load() {
+        try {
+            const raw = JSON.parse(fs.readFileSync(this.paths.configFile, "utf8"));
+            return ConfigSchema.parse(raw);
+        }
+        catch {
+            return defaultConfig();
+        }
+    }
+    save(config) {
+        const parsed = ConfigSchema.parse(config);
+        fs.writeFileSync(this.paths.configFile, JSON.stringify(parsed, null, 2), { mode: 0o600 });
+        return parsed;
+    }
+    /** Immutably merge a partial patch into config and persist. */
+    update(patch) {
+        const current = this.load();
+        return this.save({ ...current, ...patch });
+    }
+    getToken() {
+        return fs.readFileSync(this.paths.tokenFile, "utf8").trim();
+    }
+}
+//# sourceMappingURL=config-store.js.map