log-llm-config 1.0.26 → 1.0.30

package/dist/bootstrap_constants.js

@@ -0,0 +1,5 @@
+/**
+ * Bootstrap-level path constants — known before the API response is available.
+ * Used by auth, hook logging, and audit output. Do not add agent-specific paths here.
+ */
+export const OPT_AI_SEC_MANAGEMENT_REL = 'opt-ai-sec/management';

package/dist/cli/bash_script_generator.js

@@ -0,0 +1,83 @@
+const fileCategories = [
+    { label: 'Cursor: mcp.json', targets: ['./.cursor/mcp.json', '$HOME/.cursor/mcp.json'] },
+    { label: 'Claude: .mcp.json', targets: ['./mcp.json', './.mcp.json', '/Library/Application Support/ClaudeCode/managed-mcp.json'] },
+    { label: 'Claude: settings.json', targets: ['./.claude/settings.json', './.claude/settings.local.json', '$HOME/.claude/settings.json', '/Library/Application Support/ClaudeCode/managed-settings.json'] },
+    { label: 'Cursor: hooks.json', targets: ['./.cursor/hooks.json', '$HOME/.cursor/hooks.json', '/Library/Application Support/Cursor/hooks.json'] },
+    { label: 'Cursor: User/settings.json (user-level)', targets: ['$HOME/Library/Application Support/Cursor/User/settings.json'] },
+];
+const sqliteCategories = [
+    {
+        label: 'Cursor: state.vscdb (composerState)',
+        dbPath: '$HOME/Library/Application Support/Cursor/User/globalStorage/state.vscdb',
+        table: 'ItemTable',
+        key: 'src.vs.platform.reactivestorage.browser.reactiveStorageServiceImpl.persistentStorage.applicationUser',
+        jsonPaths: [['composerState'], []],
+    },
+];
+function buildFileCategoryLines(category) {
+    return [
+        `echo "===== ${category.label} ====="`,
+        'files=(', ...category.targets.map((t) => `  "${t}"`), ')',
+        'expanded_files=()', 'paths=()', 'display_paths=()',
+        'for f in "${files[@]}"; do',
+        '  expanded=$(eval echo "$f")',
+        '  expanded_dir=$(dirname "$expanded")', '  expanded_base=$(basename "$expanded")',
+        '  abs_dir=$(cd "$expanded_dir" 2>/dev/null && pwd || echo "$expanded_dir")',
+        '  abs_path="$abs_dir/$expanded_base"', '  expanded_files+=("$abs_path")',
+        '  relative_path="$(to_relative "$abs_path")"', '  paths+=("$relative_path")', '  display_paths+=("$relative_path")',
+        'done', 'echo ""',
+        'if [ ${#paths[@]} -gt 0 ]; then', '  echo "Paths:"',
+        '  printf "%s\\n" "${paths[@]}" | awk \'!seen[$0]++\' | while IFS= read -r dir; do', '    echo "$dir"', '  done',
+        '  echo ""', 'else', '  echo "Paths: (none)"', 'fi', 'echo ""',
+        'for idx in "${!expanded_files[@]}"; do', '  expanded="${expanded_files[$idx]}"', '  display="${display_paths[$idx]}"',
+        '  if [ -f "$expanded" ]; then',
+        `    echo "===== ${category.label}: $display ====="`, '    cat "$expanded"',
+        '  else', `    echo "===== ${category.label}: missing: $display ====="`, '  fi',
+        'done', 'echo ""',
+    ];
+}
+function buildSqliteCategoryLines(category) {
+    const jsonPathsLiteral = JSON.stringify(category.jsonPaths);
+    return [
+        `echo "===== ${category.label} ====="`, `db_path="${category.dbPath}"`,
+        'expanded=$(eval echo "$db_path")',
+        'if [ -f "$expanded" ]; then', '  if command -v sqlite3 >/dev/null 2>&1; then',
+        '    echo "===== $expanded ====="',
+        `    query_result=$(sqlite3 "$expanded" "SELECT value FROM ${category.table} WHERE key='${category.key}'")`,
+        '    if [ -n "$query_result" ]; then',
+        `      echo "===== key: ${category.key} ====="`,
+        `      LOG_CONFIG_JSON_VALUE="$query_result" python3 - <<'PY'`,
+        'import json', 'import os', '',
+        'raw = os.environ.get("LOG_CONFIG_JSON_VALUE", "")',
+        'if not raw:', '    print("{}")', '    raise SystemExit',
+        `paths = ${jsonPathsLiteral}`,
+        'try:', '    data = json.loads(raw)',
+        'except json.JSONDecodeError as exc:', '    print(f"failed to parse JSON: {exc}")', '    raise SystemExit',
+        'def walk(obj, path):', '    cur = obj',
+        '    for segment in path:', '        if isinstance(cur, dict):', '            cur = cur.get(segment)', '        else:', '            return None',
+        '    return cur',
+        'selected_value = None', 'selected_label = None',
+        'for path in paths:', '    value = walk(data, path)',
+        '    if value is not None:', '        selected_value = value', '        selected_label = ".".join(path) if path else "root"', '        break',
+        'if selected_value is None:', '    print("{}")',
+        'else:', '    print(f"[path: {selected_label}]")', '    print(json.dumps(selected_value, indent=2, sort_keys=True))',
+        'PY',
+        '    else', `      echo "===== key not found: ${category.key} ====="`, '    fi',
+        '  else', '    echo "===== sqlite3 not found; skipping ====="', '  fi',
+        'else', '    echo "===== missing: $expanded ====="', 'fi', 'echo ""',
+    ];
+}
+function renderBashScript() {
+    const scriptLines = [
+        '#!/usr/bin/env bash', 'set -euo pipefail',
+        'output_file="$(pwd)/configs.txt"', ': > "$output_file"', 'exec >"$output_file"', 'exec 2>&1', '',
+        'repo_root="$(pwd)"',
+        'to_relative() {', '  local path="$1"', '  if [[ "$path" == "$repo_root"* ]]; then',
+        '    local suffix="${path#"$repo_root"}"', '    if [ -z "$suffix" ]; then', '      echo "<project_root>"',
+        '    else', '      echo "<project_root>${suffix}"', '    fi', '  else', '    echo "$path"', '  fi', '}', '',
+        ...fileCategories.flatMap(buildFileCategoryLines),
+        ...sqliteCategories.flatMap(buildSqliteCategoryLines),
+    ];
+    return scriptLines.join('\n');
+}
+export { renderBashScript };

package/dist/cli.js

@@ -1,76 +1,25 @@
 #!/usr/bin/env node
+import { renderBashScript } from './cli/bash_script_generator.js';
 const args = process.argv.slice(2);
 const main = async () => {
     if (args[0] === 'log_uuid') {
-        // Allow passing:
-        // - UUID:  positional or `--uuid <hardware_uuid>` / `-u <hardware_uuid>`
-        // - Git/user context: `--user`, `--repo`, `--branch`, `--agent`
-        let uuidArg;
-        let userArg;
-        let repoArg;
-        let branchArg;
-        let agentArg;
-        for (let i = 1; i < args.length; i++) {
-            const arg = args[i];
-            if (arg === '--uuid' || arg === '-u') {
-                uuidArg = args[i + 1];
-                i++;
-                continue;
-            }
-            if (arg === '--user') {
-                userArg = args[i + 1];
-                i++;
-                continue;
-            }
-            if (arg === '--repo') {
-                repoArg = args[i + 1];
-                i++;
-                continue;
-            }
-            if (arg === '--branch') {
-                branchArg = args[i + 1];
-                i++;
-                continue;
-            }
-            if (arg === '--agent') {
-                agentArg = args[i + 1];
-                i++;
-                continue;
-            }
-            // First non-flag arg as UUID if not already set
-            if (!arg.startsWith('-') && !uuidArg) {
-                uuidArg = arg;
-            }
-        }
-        if (uuidArg) {
-            process.env.OPTIMUS_HARDWARE_UUID = uuidArg;
-        }
-        if (userArg) {
-            process.env.GITHUB_USER = userArg;
-        }
-        if (repoArg) {
-            process.env.GITHUB_REPOSITORY = repoArg;
-        }
-        if (branchArg) {
-            process.env.GITHUB_REF_NAME = branchArg;
-        }
-        if (agentArg) {
-            process.env.OPTIMUS_AGENT = agentArg;
-        }
-        await import('./log_uuid.js');
+        parseAndSetLogUuidEnvVars();
+        await import('./log_uuid/index.js');
         return;
     }
     if (args[0] === 'log_config_files') {
-        const { main, logSingleFile } = await import('./log_config_files.js');
-        // Check if a file path was provided
+        const { main, logSingleFile } = await import('./log_config_files/index.js');
         const filePathArg = args.find((arg, idx) => idx > 0 && !arg.startsWith('-') && (arg.includes('/') || arg.endsWith('.json') || arg.endsWith('.md')));
         if (filePathArg) {
-            // Log single file
             const success = await logSingleFile(filePathArg);
-            process.exit(success ? 0 : 1);
+            try {
+                process.exit(success ? 0 : 1);
+            }
+            catch {
+                // process.exit may be mocked in tests (throws instead of exiting); allow process to continue
+            }
             return;
         }
-        // Otherwise, log all files
         await main();
         return;
     }
@@ -79,179 +28,49 @@ const main = async () => {
         await main();
         return;
     }
-    // If no command matched, output bash script (legacy behavior)
-    // This should only happen when running the main command without subcommands
-    if (args.length === 0 || !['log_uuid', 'log_config_files', 'log_sensitive_paths_audit'].includes(args[0])) {
-        const fileCategories = [
-            {
-                label: 'Cursor: mcp.json',
-                targets: ['./.cursor/mcp.json', '$HOME/.cursor/mcp.json']
-            },
-            {
-                label: 'Claude: .mcp.json',
-                targets: ['./mcp.json', './.mcp.json', '/Library/Application Support/ClaudeCode/managed-mcp.json']
-            },
-            {
-                label: 'Claude: settings.json',
-                targets: [
-                    './.claude/settings.json',
-                    './.claude/settings.local.json',
-                    '$HOME/.claude/settings.json',
-                    '/Library/Application Support/ClaudeCode/managed-settings.json'
-                ]
-            },
-            {
-                label: 'Cursor: hooks.json',
-                targets: [
-                    './.cursor/hooks.json',
-                    '$HOME/.cursor/hooks.json',
-                    '/Library/Application Support/Cursor/hooks.json'
-                ]
-            },
-            {
-                label: 'Cursor: User/settings.json (user-level)',
-                targets: ['$HOME/Library/Application Support/Cursor/User/settings.json']
-            }
-        ];
-        const sqliteCategories = [
-            {
-                label: 'Cursor: state.vscdb (composerState)',
-                dbPath: '$HOME/Library/Application Support/Cursor/User/globalStorage/state.vscdb',
-                table: 'ItemTable',
-                key: 'src.vs.platform.reactivestorage.browser.reactiveStorageServiceImpl.persistentStorage.applicationUser',
-                jsonPaths: [['composerState'], []]
-            }
-        ];
-        const buildFileCategoryLines = (category) => [
-            `echo "===== ${category.label} ====="`,
-            'files=(',
-            ...category.targets.map((target) => `  "${target}"`),
-            ')',
-            'expanded_files=()',
-            'paths=()',
-            'display_paths=()',
-            'for f in "${files[@]}"; do',
-            '  expanded=$(eval echo "$f")',
-            '  expanded_dir=$(dirname "$expanded")',
-            '  expanded_base=$(basename "$expanded")',
-            '  abs_dir=$(cd "$expanded_dir" 2>/dev/null && pwd || echo "$expanded_dir")',
-            '  abs_path="$abs_dir/$expanded_base"',
-            '  expanded_files+=("$abs_path")',
-            '  relative_path="$(to_relative "$abs_path")"',
-            '  paths+=("$relative_path")',
-            '  display_paths+=("$relative_path")',
-            'done',
-            'echo ""',
-            'if [ ${#paths[@]} -gt 0 ]; then',
-            '  echo "Paths:"',
-            '  printf "%s\\n" "${paths[@]}" | awk \'!seen[$0]++\' | while IFS= read -r dir; do',
-            '    echo "$dir"',
-            '  done',
-            '  echo ""',
-            'else',
-            '  echo "Paths: (none)"',
-            'fi',
-            'echo ""',
-            'for idx in "${!expanded_files[@]}"; do',
-            '  expanded="${expanded_files[$idx]}"',
-            '  display="${display_paths[$idx]}"',
-            '  if [ -f "$expanded" ]; then',
-            `    echo "===== ${category.label}: $display ====="`,
-            '    cat "$expanded"',
-            '  else',
-            `    echo "===== ${category.label}: missing: $display ====="`,
-            '  fi',
-            'done',
-            'echo ""'
-        ];
-        const buildSqliteCategoryLines = (category) => {
-            const jsonPathsLiteral = JSON.stringify(category.jsonPaths);
-            return [
-                `echo "===== ${category.label} ====="`,
-                `db_path="${category.dbPath}"`,
-                'expanded=$(eval echo "$db_path")',
-                'if [ -f "$expanded" ]; then',
-                '  if command -v sqlite3 >/dev/null 2>&1; then',
-                '    echo "===== $expanded ====="',
-                `    query_result=$(sqlite3 "$expanded" "SELECT value FROM ${category.table} WHERE key='${category.key}'")`,
-                '    if [ -n "$query_result" ]; then',
-                `      echo "===== key: ${category.key} ====="`,
-                `      LOG_CONFIG_JSON_VALUE="$query_result" python3 - <<'PY'`,
-                'import json',
-                'import os',
-                '',
-                'raw = os.environ.get("LOG_CONFIG_JSON_VALUE", "")',
-                'if not raw:',
-                '    print("{}")',
-                '    raise SystemExit',
-                `paths = ${jsonPathsLiteral}`,
-                'try:',
-                '    data = json.loads(raw)',
-                'except json.JSONDecodeError as exc:',
-                '    print(f"failed to parse JSON: {exc}")',
-                '    raise SystemExit',
-                'def walk(obj, path):',
-                '    cur = obj',
-                '    for segment in path:',
-                '        if isinstance(cur, dict):',
-                '            cur = cur.get(segment)',
-                '        else:',
-                '            return None',
-                '    return cur',
-                'selected_value = None',
-                'selected_label = None',
-                'for path in paths:',
-                '    value = walk(data, path)',
-                '    if value is not None:',
-                '        selected_value = value',
-                '        selected_label = ".".join(path) if path else "root"',
-                '        break',
-                'if selected_value is None:',
-                '    print("{}")',
-                'else:',
-                '    print(f"[path: {selected_label}]")',
-                '    print(json.dumps(selected_value, indent=2, sort_keys=True))',
-                'PY',
-                '    else',
-                `      echo "===== key not found: ${category.key} ====="`,
-                '    fi',
-                '  else',
-                '    echo "===== sqlite3 not found; skipping ====="',
-                '  fi',
-                'else',
-                '    echo "===== missing: $expanded ====="',
-                'fi',
-                'echo ""'
-            ];
-        };
-        const scriptLines = [
-            '#!/usr/bin/env bash',
-            'set -euo pipefail',
-            'output_file="$(pwd)/configs.txt"',
-            ': > "$output_file"',
-            'exec >"$output_file"',
-            'exec 2>&1',
-            '',
-            'repo_root="$(pwd)"',
-            'to_relative() {',
-            '  local path="$1"',
-            '  if [[ "$path" == "$repo_root"* ]]; then',
-            '    local suffix="${path#"$repo_root"}"',
-            '    if [ -z "$suffix" ]; then',
-            '      echo "<project_root>"',
-            '    else',
-            '      echo "<project_root>${suffix}"',
-            '    fi',
-            '  else',
-            '    echo "$path"',
-            '  fi',
-            '}',
-            '',
-            ...fileCategories.flatMap(buildFileCategoryLines),
-            ...sqliteCategories.flatMap(buildSqliteCategoryLines)
-        ];
-        console.log(scriptLines.join('\n'));
-    }
+    // No command matched — output legacy bash script
+    console.log(renderBashScript());
 };
+function parseAndSetLogUuidEnvVars() {
+    let uuidArg;
+    let userArg;
+    let repoArg;
+    let branchArg;
+    let agentArg;
+    for (let i = 1; i < args.length; i++) {
+        const arg = args[i];
+        if (arg === '--uuid' || arg === '-u') {
+            uuidArg = args[++i];
+            continue;
+        }
+        if (arg === '--user') {
+            userArg = args[++i];
+            continue;
+        }
+        if (arg === '--repo') {
+            repoArg = args[++i];
+            continue;
+        }
+        if (arg === '--branch') {
+            branchArg = args[++i];
+            continue;
+        }
+        if (arg === '--agent') {
+            agentArg = args[++i];
+            continue;
+        }
+        if (!arg.startsWith('-') && !uuidArg)
+            uuidArg = arg;
+    }
+    if (uuidArg)
+        process.env.OPTIMUS_HARDWARE_UUID = uuidArg;
+    if (userArg)
+        process.env.GITHUB_USER = userArg;
+    if (repoArg)
+        process.env.GITHUB_REPOSITORY = repoArg;
+    if (branchArg)
+        process.env.GITHUB_REF_NAME = branchArg;
+    if (agentArg)
+        process.env.OPTIMUS_AGENT = agentArg;
+}
 void main();
-export {};

package/dist/endpoint_client/http_transport.js

@@ -0,0 +1,88 @@
+import http from 'node:http';
+import https from 'node:https';
+import { URL } from 'node:url';
+/** Normalize localhost/::1 to 127.0.0.1 to avoid IPv6 resolution issues. */
+function resolveHostname(raw) {
+    return raw === 'localhost' || raw === '::1' ? '127.0.0.1' : raw;
+}
+function buildGetOptions(url, timeoutMs) {
+    const isHttps = url.protocol === 'https:';
+    return {
+        hostname: resolveHostname(url.hostname),
+        port: url.port || (isHttps ? 443 : 80),
+        path: url.pathname + url.search,
+        method: 'GET',
+        timeout: timeoutMs,
+    };
+}
+function buildBodyOptions(url, payload, method, timeoutMs) {
+    const isHttps = url.protocol === 'https:';
+    return {
+        hostname: resolveHostname(url.hostname),
+        port: url.port || (isHttps ? 443 : 80),
+        path: `${url.pathname}${url.search}`,
+        method,
+        headers: {
+            'Content-Type': 'application/json',
+            'Content-Length': Buffer.byteLength(payload).toString(),
+        },
+        timeout: timeoutMs,
+    };
+}
+/** Execute a GET request. Returns statusCode=0 and empty body on network/timeout failure. */
+export function executeGet(urlStr, timeoutMs) {
+    const url = new URL(urlStr);
+    const options = buildGetOptions(url, timeoutMs);
+    const transport = url.protocol === 'https:' ? https.request : http.request;
+    return new Promise((resolve) => {
+        const req = transport(options, (res) => {
+            let body = '';
+            res.setEncoding('utf8');
+            res.on('data', (chunk) => { body += chunk; });
+            res.on('end', () => resolve({ statusCode: res.statusCode ?? 0, body }));
+        });
+        req.on('error', () => resolve({ statusCode: 0, body: '' }));
+        req.on('timeout', () => { req.destroy(); resolve({ statusCode: 0, body: '' }); });
+        req.end();
+    });
+}
+/** Execute a POST/PATCH request. Rejects on network error or timeout. */
+export function executeBody(urlStr, method, payload, timeoutMs) {
+    const url = new URL(urlStr);
+    const options = buildBodyOptions(url, payload, method, timeoutMs);
+    const transport = url.protocol === 'https:' ? https.request : http.request;
+    return new Promise((resolve, reject) => {
+        let done = false;
+        const timer = setTimeout(() => {
+            if (!done) {
+                done = true;
+                req.destroy();
+                reject(new Error(`Request timeout after ${timeoutMs}ms`));
+            }
+        }, timeoutMs);
+        const req = transport(options, (res) => {
+            let body = '';
+            res.setEncoding('utf8');
+            res.on('data', (chunk) => { body += chunk; });
+            res.on('end', () => {
+                done = true;
+                clearTimeout(timer);
+                resolve({ statusCode: res.statusCode ?? 0, statusMessage: res.statusMessage ?? '', headers: res.headers, body });
+            });
+        });
+        req.on('error', (err) => {
+            done = true;
+            clearTimeout(timer);
+            console.error('Request error:', err.message, err.code);
+            reject(err);
+        });
+        req.on('timeout', () => {
+            done = true;
+            clearTimeout(timer);
+            req.destroy();
+            reject(new Error(`Request timeout after ${timeoutMs}ms`));
+        });
+        req.write(payload);
+        req.end();
+    });
+}

package/dist/endpoint_client/index.js

@@ -0,0 +1,3 @@
+export { FILE_PATH_REGISTRY_FILE_PATTERNS_PATH, FILE_PATH_REGISTRY_SENSITIVE_PATHS_PATH, } from './types.js';
+export { getFileCollectionPatterns, getSensitivePathsAuditCandidates } from './registry_api.js';
+export { postStartupPayload, patchPayload, classifyEndpointResponse } from './startup_api.js';

package/dist/endpoint_client/registry_api.js

@@ -0,0 +1,37 @@
+import { executeGet } from './http_transport.js';
+import { FILE_PATH_REGISTRY_FILE_PATTERNS_PATH, FILE_PATH_REGISTRY_SENSITIVE_PATHS_PATH, } from './types.js';
+function buildApiUrl(base, path) {
+    return `${base.replace(/\/+$/, '')}${path}`.replace(/([^/])\/+/g, '$1/');
+}
+/**
+ * GET file collection patterns from the backend (what to look for).
+ * No auth required. Returns the complete list of path + type + file_type.
+ */
+export const getFileCollectionPatterns = async (apiBaseUrl, timeoutMs = 5000) => {
+    const { statusCode, body } = await executeGet(buildApiUrl(apiBaseUrl, FILE_PATH_REGISTRY_FILE_PATTERNS_PATH), timeoutMs);
+    if (statusCode !== 200 || !body)
+        return null;
+    try {
+        const parsed = JSON.parse(body);
+        return Array.isArray(parsed.patterns) && typeof parsed.count === 'number' ? parsed : null;
+    }
+    catch {
+        return null;
+    }
+};
+/**
+ * GET sensitive path audit candidates from the backend (concrete paths to check for existence).
+ * No auth required. Returns path templates (~ = home). Client checks existence only, never sends contents.
+ */
+export const getSensitivePathsAuditCandidates = async (apiBaseUrl, timeoutMs = 5000) => {
+    const { statusCode, body } = await executeGet(buildApiUrl(apiBaseUrl, FILE_PATH_REGISTRY_SENSITIVE_PATHS_PATH), timeoutMs);
+    if (statusCode !== 200 || !body)
+        return null;
+    try {
+        const parsed = JSON.parse(body);
+        return Array.isArray(parsed.paths) ? parsed : null;
+    }
+    catch {
+        return null;
+    }
+};

package/dist/endpoint_client/startup_api.js

@@ -0,0 +1,47 @@
+import { executeBody } from './http_transport.js';
+export const postStartupPayload = async (endpointUrl, body, timeoutMs = 5000) => {
+    const payload = JSON.stringify(body);
+    console.log('Sending payload to endpoint:', endpointUrl, payload);
+    const { statusCode, statusMessage, headers, body: responseBody } = await executeBody(endpointUrl, 'POST', payload, timeoutMs);
+    console.log(`HTTP ${statusCode} ${statusMessage}`);
+    console.log('Response headers:', headers);
+    if (statusCode >= 400) {
+        const msg = statusCode === 413
+            ? `413 Request Entity Too Large: ${responseBody.substring(0, 200)}`
+            : `HTTP ${statusCode} ${statusMessage}: ${responseBody.substring(0, 200)}`;
+        throw new Error(msg);
+    }
+    if (!responseBody)
+        return { status: 'error', message: 'Empty response from endpoint' };
+    console.log('Raw endpoint response body:', responseBody);
+    try {
+        return JSON.parse(responseBody);
+    }
+    catch (error) {
+        throw new Error(`Failed to parse endpoint response (${error.message}): ${responseBody}`);
+    }
+};
+export const patchPayload = async (endpointUrl, body, timeoutMs = 10000) => {
+    const payload = JSON.stringify(body);
+    const { body: responseBody } = await executeBody(endpointUrl, 'PATCH', payload, timeoutMs);
+    if (!responseBody)
+        return { status: 'error', error: 'empty_response' };
+    try {
+        return JSON.parse(responseBody);
+    }
+    catch {
+        throw new Error(`Invalid JSON: ${responseBody.slice(0, 200)}`);
+    }
+};
+export const classifyEndpointResponse = (response) => {
+    if (response.status === 'key_issued' && response.key) {
+        return { branch: 'key_issued', message: 'Server issued a new symmetric key; store it for future signatures.', key: response.key, keyId: response.key_id };
+    }
+    if (response.status === 'accepted' && response.signature_valid) {
+        return { branch: 'accepted', message: 'Startup payload accepted and signature verified.' };
+    }
+    if (response.status === 'error' && response.error) {
+        return { branch: 'error', message: response.error };
+    }
+    return { branch: 'error', message: response.message || 'Endpoint returned an unexpected response.' };
+};

package/dist/endpoint_client/types.js

@@ -0,0 +1,4 @@
+/** Path suffix for file collection patterns (backend: api/file-path-registry/file-patterns/). */
+export const FILE_PATH_REGISTRY_FILE_PATTERNS_PATH = '/api/file-path-registry/file-patterns/';
+/** Path suffix for sensitive paths audit candidates (backend: api/file-path-registry/sensitive-paths-audit-candidates/). */
+export const FILE_PATH_REGISTRY_SENSITIVE_PATHS_PATH = '/api/file-path-registry/sensitive-paths-audit-candidates/';