mcp-recon 0.2.2

package/dist/bin/recon.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"recon.js","sourceRoot":"","sources":["../../src/bin/recon.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EACL,cAAc,EACd,qBAAqB,EACrB,QAAQ,EACR,WAAW,EACX,SAAS,EACT,IAAI,EACJ,UAAU,EACV,eAAe,EACf,WAAW,EACX,qBAAqB,EACrB,cAAc,EACd,IAAI,GACL,MAAM,aAAa,CAAC;AAOrB,SAAS,KAAK;IACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB;QACE,uDAAuD;QACvD,EAAE;QACF,QAAQ;QACR,qCAAqC;QACrC,wDAAwD;QACxD,4DAA4D;QAC5D,gFAAgF;QAChF,6GAA6G;QAC7G,oEAAoE;QACpE,sFAAsF;QACtF,EAAE;QACF,oBAAoB;QACpB,iEAAiE;QACjE,+DAA+D;QAC/D,EAAE;QACF,WAAW;QACX,iFAAiF;QACjF,wFAAwF;QACxF,2DAA2D;QAC3D,mEAAmE;QACnE,6HAA6H;QAC7H,sIAAsI;QACtI,EAAE;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAEpB,IAAI,CAAC,GAAG,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QAC7C,KAAK,EAAE,CAAC;IACV,CAAC;IAED,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,WAAW;YACd,OAAO,MAAM,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3C,KAAK,MAAM;YACT,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC,KAAK,UAAU;YACb,OAAO,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACpC,KAAK,QAAQ;YACX,OAAO,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAClC,KAAK,SAAS;YACZ,OAAO,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnC,KAAK,MAAM;YACT,OAAO,MAAM,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACtC;YACE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,GAAG,MAAM,CAAC,CAAC;YAC/D,KAAK,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,IAAc;IACxC,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACrB,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;QACrE,OAAO,CAAC,CAAC;IACX,CAAC;IACD,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACrC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,IAAI,OAAO,CAAC,CAAC;IAE9D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAC;QAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yBAAyB,SAAS,CAAC,KAAK,CAAC,MAAM,eAAe,SAAS,CAAC,MAAM,CAAC,IAAI,IAAI,gBAAgB,IAAI,CAC5G,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAChE,OAAO,CAAC,CAAC;IACX,CAAC;YAAS,CAAC;QACT,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,IAAc;IACnC,4EAA4E;IAC5E,IAAI,MAA0B,CAAC;IAC/B,IAAI,IAAwB,CAAC;IAC7B,IAAI,IAAwB,CAAC;IAC7B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAChC,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;YAC7D,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;gBACjE,OAAO,CAAC,CAAC;YACX,CAAC;YACD,MAAM,GAAG,CAAC,CAAC;QACb,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3D,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;gBAC/D,OAAO,CAAC,CAAC;YACX,CAAC;YACD,IAAI,GAAG,CAAC,CAAC;QACX,CAAC;aAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YACjB,IAAI,GAAG,GAAG,CAAC;QACb,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uCAAuC,GAAG,IAAI,CAAC,CAAC;YACrE,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IACD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAChE,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACrC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,IAAI,OAAO,CAAC,CAAC;IAE9D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,CAAC;QAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,sBAAsB,SAAS,CAAC,KAAK,CAAC,MAAM,kBAAkB,MAAM,IAAI,GAAG,UAAU,IAAI,IAAI,SAAS,QAAQ,CAC/G,CAAC;QACF,MAAM,IAAI,GAA+B,EAAE,CAAC;QAC5C,IAAI,MAAM,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAC/C,IAAI,IAAI,KAAK,SAAS;YAAE,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACzC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;QAEpD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC;QACxC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAClE,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC;QACjF,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;QAClF,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,cAAc,UAAU,eAAe,OAAO,mBAAmB,UAAU,kBAAkB,YAAY,IAAI,CAC9G,CAAC;QAEF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;QAC9D,OAAO,CAAC,CAAC;IACX,CAAC;YAAS,CAAC;QACT,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,IAAc;IACjC,IAAI,aAAiC,CAAC;IACtC,IAAI,QAA4B,CAAC;IACjC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;aAAM,IAAI,CAAC,aAAa,EAAE,CAAC;YAC1B,aAAa,GAAG,GAAG,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,GAAG,IAAI,CAAC,CAAC;YACzE,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IACD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACvE,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,SAAS,GAAG,QAAQ,CAAgB,aAAa,CAAC,CAAC;IACzD,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAc,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACxE,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAE7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yBAAyB,MAAM,CAAC,eAAe,CAAC,MAAM,yBAAyB,MAAM,CAAC,aAAa,KAAK,CACzG,CAAC;IACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;IAC7D,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,SAAS,CAAC,IAAc;IAC/B,IAAI,aAAiC,CAAC;IACtC,IAAI,kBAAsC,CAAC;IAC3C,IAAI,QAA4B,CAAC;IACjC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC;aAAM,IAAI,CAAC,aAAa,EAAE,CAAC;YAC1B,aAAa,GAAG,GAAG,CAAC;QACtB,CAAC;aAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC/B,kBAAkB,GAAG,GAAG,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,GAAG,IAAI,CAAC,CAAC;YACvE,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IACD,IAAI,CAAC,aAAa,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,sFAAsF,CACvF,CAAC;QACF,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,SAAS,GAAG,QAAQ,CAAgB,aAAa,CAAC,CAAC;IACzD,MAAM,cAAc,GAAG,QAAQ,CAAwB,kBAAkB,CAAC,CAAC;IAC3E,IAAI,cAAc,CAAC,MAAM,KAAK,qBAAqB,EAAE,CAAC;QACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,oDAAoD,cAAc,CAAC,MAAM,gBAAgB,qBAAqB,KAAK,CACpH,CAAC;QACF,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAc,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACxE,MAAM,EAAE,GAAG,cAAc,CACvB,QAAQ,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,cAAc,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,cAAc,EAAE,CACzF,CAAC;IACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACzB,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACnD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,QAAQ,CAAI,QAAgB;IACnC,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC/C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAM,CAAC;AAC/B,CAAC;AAED,SAAS,UAAU,CAAC,IAAc;IAChC,IAAI,kBAAsC,CAAC;IAC3C,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,KAAK,YAAY,EAAE,CAAC;YACzB,QAAQ,GAAG,IAAI,CAAC;QAClB,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACvC,QAAQ,CAAC,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAClD,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAC/C,QAAQ,CAAC,cAAc,GAAG,GAAG,CAAC,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC7C,0CAA0C;YAC1C,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;YAChC,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBACnC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gEAAgE,CAAC,CAAC;gBACvF,OAAO,CAAC,CAAC;YACX,CAAC;YACD,oEAAoE;YACpE,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;QACzC,CAAC;aAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC/B,kBAAkB,GAAG,GAAG,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0CAA0C,GAAG,IAAI,CAAC,CAAC;YACxE,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;QAC3E,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,cAAc,GAAG,QAAQ,CAAwB,kBAAkB,CAAC,CAAC;IAC3E,IAAI,cAAc,CAAC,MAAM,KAAK,qBAAqB,EAAE,CAAC;QACpD,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,qDAAqD,cAAc,CAAC,MAAM,gBAAgB,qBAAqB,KAAK,CACrH,CAAC;QACF,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,MAAM,GAAG,WAAW,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;IACrD,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,cAAc,MAAM,CAAC,OAAO,CAAC,KAAK,WAAW,MAAM,CAAC,OAAO,CAAC,KAAK,WAAW,MAAM,CAAC,OAAO,CAAC,OAAO,sBAAsB,cAAc,IAAI,CAC3I,CAAC;IACF,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,EAAE,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACzC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACzB,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,KAAK,UAAU,OAAO,CAAC,IAAc;IACnC,IAAI,IAAwB,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,MAA0B,CAAC;IAC/B,IAAI,IAAwB,CAAC;IAC7B,MAAM,QAAQ,GAAmB,EAAE,CAAC;IACpC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACvC,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;YAC7D,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;gBACjE,OAAO,CAAC,CAAC;YACX,CAAC;YACD,MAAM,GAAG,CAAC,CAAC;QACb,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC;YAC3D,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;gBACpB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;gBAC/D,OAAO,CAAC,CAAC;YACX,CAAC;YACD,IAAI,GAAG,CAAC,CAAC;QACX,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACvC,QAAQ,CAAC,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAClD,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAC/C,QAAQ,CAAC,cAAc,GAAG,GAAG,CAAC,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;QAClE,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC7C,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;YAChC,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;gBACnC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;gBACpF,OAAO,CAAC,CAAC;YACX,CAAC;YACD,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;QACzC,CAAC;aAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YACjB,IAAI,GAAG,GAAG,CAAC;QACb,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,uCAAuC,GAAG,IAAI,CAAC,CAAC;YACrE,OAAO,CAAC,CAAC;QACX,CAAC;IACH,CAAC;IAED,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAChE,OAAO,CAAC,CAAC;IACX,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAClE,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,WAAW,GACf,QAAQ,CAAC,MAAM,KAAK,SAAS;QAC7B,QAAQ,CAAC,cAAc,KAAK,SAAS;QACrC,QAAQ,CAAC,MAAM,KAAK,SAAS,CAAC;IAEhC,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IACrC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,IAAI,OAAO,CAAC,CAAC;IAE9D,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,CAAC;QACH,MAAM,IAAI,GAA+B;YACvC,MAAM;YACN,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAC3C,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACrC,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,8DAA8D,CAAC,CAAC;QACrF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAExC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QACtE,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC;QACrF,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC;QACtF,MAAM,QAAQ,GAAG,MAAM,CAAC,cAAc,CAAC,eAAe,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,yBAAyB,CACnC,CAAC,MAAM,CAAC;QAET,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,cAAc,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,WAAW,QAAQ,+BAA+B,CAC9F,CAAC;QACF,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,wBAAwB,OAAO,mBAAmB,UAAU,kBAAkB,YAAY,IAAI,CAC/F,CAAC;QACF,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3D,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,aAAa,iBAAiB,MAAM,KAAK,CAAC,CAAC;QACpF,OAAO,CAAC,CAAC;IACX,CAAC;YAAS,CAAC;QACT,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,IAAI,EAAE;KACH,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KAClC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,cAAc,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACzF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/caveats/index.d.ts

@@ -0,0 +1,46 @@
+/**
+ * `caveats` — turn a classification into a v0.1 caveats document.
+ *
+ * Each tool's `recommended_caveat` from the classifier is an
+ * AND-joined natural-language predicate string with placeholder
+ * tokens (`<your-caller-id>`, `<your-sandbox-prefix>`,
+ * `<your-cap-expiry>`). This module:
+ *
+ *   1. Splits each recommended_caveat on `AND` into individual
+ *      capnagent DSL predicates (one per `Issuer.caveat(...)` call).
+ *   2. Strips trailing `// comment` and preserves it on the plan.
+ *   3. Substitutes operator-supplied bindings into the placeholders.
+ *      Missing bindings leave placeholders literal AND flag the plan.
+ *   4. Computes a `flagged` decision per plan with structured reasons.
+ *   5. Appends per-tool overrides if supplied.
+ *
+ * The output JSON is the **importable artifact** that bridges
+ * mcp-recon → capnagent without requiring operators to copy-paste
+ * caveat strings by hand. capnagent's issuer can iterate over each
+ * plan's `caveats[]` array directly:
+ *
+ *     for (const c of plan.caveats) builder = builder.caveat(c);
+ *
+ * Methodology notes:
+ *
+ *   - Flag rules are deliberately narrow. Over-flagging trains
+ *     operators to ignore flags. The four reasons in `FlagReason`
+ *     cover the structural gaps that reliably indicate a config
+ *     error; everything softer is left to operator review.
+ *   - Bindings are optional by design. Running `caveats` with no
+ *     bindings produces a "review pass" — every plan is flagged,
+ *     but the operator can scan the output and see exactly which
+ *     tools need which bindings before committing values.
+ */
+import type { ClassificationResults } from "../classify/types.js";
+import { type CaveatBindings, type CaveatsResults } from "./types.js";
+/**
+ * Build a v0.1 caveats document from a classification.
+ *
+ * @param classification - the document emitted by `mcp-recon classify`
+ * @param bindings       - operator-supplied placeholder values + per-tool overrides
+ */
+export declare function planCaveats(classification: ClassificationResults, bindings: CaveatBindings): CaveatsResults;
+export { CAVEATS_SCHEMA } from "./types.js";
+export type { CaveatBindings, CaveatPlan, CaveatsResults, FlagReason, } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/caveats/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/caveats/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClE,OAAO,EAEL,KAAK,cAAc,EAEnB,KAAK,cAAc,EAEpB,MAAM,YAAY,CAAC;AAepB;;;;;GAKG;AACH,wBAAgB,WAAW,CACzB,cAAc,EAAE,qBAAqB,EACrC,QAAQ,EAAE,cAAc,GACvB,cAAc,CAkBhB;AAuID,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,YAAY,EACV,cAAc,EACd,UAAU,EACV,cAAc,EACd,UAAU,GACX,MAAM,YAAY,CAAC"}

package/dist/caveats/index.js

@@ -0,0 +1,186 @@
+/**
+ * `caveats` — turn a classification into a v0.1 caveats document.
+ *
+ * Each tool's `recommended_caveat` from the classifier is an
+ * AND-joined natural-language predicate string with placeholder
+ * tokens (`<your-caller-id>`, `<your-sandbox-prefix>`,
+ * `<your-cap-expiry>`). This module:
+ *
+ *   1. Splits each recommended_caveat on `AND` into individual
+ *      capnagent DSL predicates (one per `Issuer.caveat(...)` call).
+ *   2. Strips trailing `// comment` and preserves it on the plan.
+ *   3. Substitutes operator-supplied bindings into the placeholders.
+ *      Missing bindings leave placeholders literal AND flag the plan.
+ *   4. Computes a `flagged` decision per plan with structured reasons.
+ *   5. Appends per-tool overrides if supplied.
+ *
+ * The output JSON is the **importable artifact** that bridges
+ * mcp-recon → capnagent without requiring operators to copy-paste
+ * caveat strings by hand. capnagent's issuer can iterate over each
+ * plan's `caveats[]` array directly:
+ *
+ *     for (const c of plan.caveats) builder = builder.caveat(c);
+ *
+ * Methodology notes:
+ *
+ *   - Flag rules are deliberately narrow. Over-flagging trains
+ *     operators to ignore flags. The four reasons in `FlagReason`
+ *     cover the structural gaps that reliably indicate a config
+ *     error; everything softer is left to operator review.
+ *   - Bindings are optional by design. Running `caveats` with no
+ *     bindings produces a "review pass" — every plan is flagged,
+ *     but the operator can scan the output and see exactly which
+ *     tools need which bindings before committing values.
+ */
+import { CAVEATS_SCHEMA, } from "./types.js";
+/** Confidence threshold below which classifications are flagged. */
+const LOW_CONFIDENCE_THRESHOLD = 0.5;
+const COMMENT_SPLIT = /\s*\/\/\s*/;
+const PLACEHOLDER_REMAINING = /<your-[a-z-]+>/i;
+const ARG_CONSTRAINT = /\barg\./i;
+const PLACEHOLDER_PATTERNS = {
+    caller: /<your-caller-id>/g,
+    sandbox: /<your-sandbox-prefix>/g,
+    expiry: /<your-cap-expiry>/g,
+};
+/**
+ * Build a v0.1 caveats document from a classification.
+ *
+ * @param classification - the document emitted by `mcp-recon classify`
+ * @param bindings       - operator-supplied placeholder values + per-tool overrides
+ */
+export function planCaveats(classification, bindings) {
+    const plans = classification.classifications.map((entry) => planOne(entry, bindings));
+    const ready = plans.filter((p) => !p.flagged).length;
+    const flagged = plans.length - ready;
+    return {
+        schema: CAVEATS_SCHEMA,
+        scanned_at: new Date().toISOString(),
+        server: classification.server,
+        bindings,
+        plans,
+        summary: {
+            total: plans.length,
+            ready,
+            flagged,
+        },
+    };
+}
+function planOne(entry, bindings) {
+    const { caveats: rawCaveats, comment } = parseRecommendedCaveat(entry.recommended_caveat);
+    const substituted = rawCaveats.map((c) => substitute(c, bindings));
+    const overrides = bindings.per_tool_overrides?.[entry.tool] ?? [];
+    const all_caveats = [...substituted, ...overrides];
+    const flag_reasons = [];
+    if (entry.data_class === "unknown") {
+        flag_reasons.push("classification_unknown");
+    }
+    if (entry.confidence < LOW_CONFIDENCE_THRESHOLD) {
+        flag_reasons.push("low_confidence");
+    }
+    if (entry.confused_deputy_candidate && !hasArgConstraint(all_caveats)) {
+        flag_reasons.push("cdc_without_arg_constraint");
+    }
+    if (all_caveats.some((c) => PLACEHOLDER_REMAINING.test(c))) {
+        flag_reasons.push("unsubstituted_placeholder");
+    }
+    const purpose = purposeFromEntry(entry);
+    return {
+        tool: entry.tool,
+        data_class: entry.data_class,
+        authority_level: entry.authority_level,
+        confused_deputy_candidate: entry.confused_deputy_candidate,
+        purpose,
+        caveats: all_caveats,
+        flagged: flag_reasons.length > 0,
+        flag_reasons,
+        ...(comment !== undefined ? { comment } : {}),
+    };
+}
+function parseRecommendedCaveat(raw) {
+    const parts = raw.split(COMMENT_SPLIT);
+    const predicates_raw = parts[0] ?? "";
+    const comment = parts[1]?.trim();
+    const caveats = splitOnUnquotedAnd(predicates_raw)
+        .map((s) => s.trim())
+        .filter((s) => s.length > 0);
+    return comment ? { caveats, comment } : { caveats };
+}
+/**
+ * Split on ` AND ` only when not inside a double-quoted string literal.
+ *
+ * The naive `string.split(/\s+AND\s+/i)` mis-splits when a tool name
+ * (or other string-literal value) contains the word `AND` — e.g.
+ *
+ *     tool == "foo AND bar" AND caller == "x"
+ *
+ * would split into three fragments and break the tool predicate.
+ * Tool names propagate from the upstream MCP server, so a malicious
+ * server can synthesise this. This walker tracks an `inQuotes` flag
+ * and only treats ` AND ` as a separator when outside quotes.
+ *
+ * Pinned by `caveats.adversarial.test.ts` — cases 1 and 2.
+ */
+function splitOnUnquotedAnd(input) {
+    const out = [];
+    let buf = "";
+    let inQuotes = false;
+    let i = 0;
+    while (i < input.length) {
+        const ch = input[i];
+        if (ch === '"') {
+            inQuotes = !inQuotes;
+            buf += ch;
+            i++;
+            continue;
+        }
+        if (!inQuotes &&
+            /\s/.test(ch ?? "") &&
+            input.slice(i).match(/^\s+AND\s+/i)) {
+            const m = input.slice(i).match(/^\s+AND\s+/i);
+            out.push(buf);
+            buf = "";
+            i += m[0].length;
+            continue;
+        }
+        buf += ch;
+        i++;
+    }
+    out.push(buf);
+    return out;
+}
+/**
+ * Substitute placeholders. Important: mcp-recon's recommended_caveat
+ * already wraps placeholder tokens in surrounding quotes where they
+ * need to be string-literal-shaped:
+ *
+ *     caller == "<your-caller-id>"
+ *     arg.path starts_with "<your-sandbox-prefix>/"
+ *     now <= @<your-cap-expiry>
+ *
+ * So we substitute the RAW value; the surrounding quotes from the
+ * source preserve the string-literal shape. Adding JSON.stringify()
+ * here would double-quote the result.
+ */
+function substitute(caveat, bindings) {
+    let out = caveat;
+    if (bindings.caller !== undefined) {
+        out = out.replaceAll(PLACEHOLDER_PATTERNS.caller, bindings.caller);
+    }
+    if (bindings.sandbox_prefix !== undefined) {
+        out = out.replaceAll(PLACEHOLDER_PATTERNS.sandbox, bindings.sandbox_prefix);
+    }
+    if (bindings.expiry !== undefined) {
+        out = out.replaceAll(PLACEHOLDER_PATTERNS.expiry, bindings.expiry);
+    }
+    return out;
+}
+function hasArgConstraint(caveats) {
+    return caveats.some((c) => ARG_CONSTRAINT.test(c));
+}
+function purposeFromEntry(entry) {
+    const tag = entry.confused_deputy_candidate ? "cdc" : entry.authority_level;
+    return `${entry.data_class}.${tag}.${entry.tool}`;
+}
+export { CAVEATS_SCHEMA } from "./types.js";
+//# sourceMappingURL=index.js.map

package/dist/caveats/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/caveats/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAGH,OAAO,EACL,cAAc,GAKf,MAAM,YAAY,CAAC;AAEpB,oEAAoE;AACpE,MAAM,wBAAwB,GAAG,GAAG,CAAC;AAErC,MAAM,aAAa,GAAG,YAAY,CAAC;AACnC,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AAChD,MAAM,cAAc,GAAG,UAAU,CAAC;AAElC,MAAM,oBAAoB,GAAG;IAC3B,MAAM,EAAE,mBAAmB;IAC3B,OAAO,EAAE,wBAAwB;IACjC,MAAM,EAAE,oBAAoB;CACpB,CAAC;AAEX;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CACzB,cAAqC,EACrC,QAAwB;IAExB,MAAM,KAAK,GAAG,cAAc,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;IAEtF,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IACrD,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,GAAG,KAAK,CAAC;IAErC,OAAO;QACL,MAAM,EAAE,cAAc;QACtB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,MAAM,EAAE,cAAc,CAAC,MAAM;QAC7B,QAAQ;QACR,KAAK;QACL,OAAO,EAAE;YACP,KAAK,EAAE,KAAK,CAAC,MAAM;YACnB,KAAK;YACL,OAAO;SACR;KACF,CAAC;AACJ,CAAC;AAED,SAAS,OAAO,CACd,KAAuD,EACvD,QAAwB;IAExB,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,sBAAsB,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC1F,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;IAEnE,MAAM,SAAS,GAAG,QAAQ,CAAC,kBAAkB,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IAClE,MAAM,WAAW,GAAG,CAAC,GAAG,WAAW,EAAE,GAAG,SAAS,CAAC,CAAC;IAEnD,MAAM,YAAY,GAAiB,EAAE,CAAC;IACtC,IAAI,KAAK,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACnC,YAAY,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,KAAK,CAAC,UAAU,GAAG,wBAAwB,EAAE,CAAC;QAChD,YAAY,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,KAAK,CAAC,yBAAyB,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,EAAE,CAAC;QACtE,YAAY,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAClD,CAAC;IACD,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3D,YAAY,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IACjD,CAAC;IAED,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAExC,OAAO;QACL,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,eAAe,EAAE,KAAK,CAAC,eAAe;QACtC,yBAAyB,EAAE,KAAK,CAAC,yBAAyB;QAC1D,OAAO;QACP,OAAO,EAAE,WAAW;QACpB,OAAO,EAAE,YAAY,CAAC,MAAM,GAAG,CAAC;QAChC,YAAY;QACZ,GAAG,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9C,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,GAAW;IACzC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;IACvC,MAAM,cAAc,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACtC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,kBAAkB,CAAC,cAAc,CAAC;SAC/C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC/B,OAAO,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC;AACtD,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,SAAS,kBAAkB,CAAC,KAAa;IACvC,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QACxB,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACpB,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,QAAQ,GAAG,CAAC,QAAQ,CAAC;YACrB,GAAG,IAAI,EAAE,CAAC;YACV,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QACD,IACE,CAAC,QAAQ;YACT,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC;YACnB,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,EACnC,CAAC;YACD,MAAM,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAE,CAAC;YAC/C,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACd,GAAG,GAAG,EAAE,CAAC;YACT,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACjB,SAAS;QACX,CAAC;QACD,GAAG,IAAI,EAAE,CAAC;QACV,CAAC,EAAE,CAAC;IACN,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACd,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,UAAU,CAAC,MAAc,EAAE,QAAwB;IAC1D,IAAI,GAAG,GAAG,MAAM,CAAC;IACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAClC,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,QAAQ,CAAC,cAAc,KAAK,SAAS,EAAE,CAAC;QAC1C,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,OAAO,EAAE,QAAQ,CAAC,cAAc,CAAC,CAAC;IAC9E,CAAC;IACD,IAAI,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAClC,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,oBAAoB,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IACrE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,gBAAgB,CAAC,OAA0B;IAClD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,gBAAgB,CACvB,KAAuD;IAEvD,MAAM,GAAG,GAAG,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC;IAC5E,OAAO,GAAG,KAAK,CAAC,UAAU,IAAI,GAAG,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;AACpD,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC"}

package/dist/caveats/render.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Markdown renderer for the v0.1 caveats document.
+ *
+ * Where `report.renderMarkdown` turns an inventory + classification
+ * into a security-reviewer threat profile, this module turns a
+ * caveats document into an **operator-facing issuance plan**:
+ *
+ *   1. Heading + generated-at + server identity
+ *   2. Bindings block — caller / sandbox prefix / expiry, with an
+ *      explicit `<unbound>` marker for any binding the operator
+ *      didn't supply (so the review pass is loud about gaps).
+ *   3. Summary stats (total / ready / flagged)
+ *   4. ⚠ Flagged plans — each with classification, flag-reason
+ *      bullets, the caveats in a fenced code block, and the
+ *      preserved `// comment` if present.
+ *   5. Plans ready to issue — same shape minus flag reasons.
+ *
+ * Sections without entries are omitted entirely so a 100%-ready run
+ * doesn't print an empty "Flagged" heading and a 100%-flagged dry
+ * run doesn't print an empty "Ready" heading.
+ */
+import type { CaveatsResults } from "./types.js";
+/** Render a Markdown issuance plan. Pure function — no I/O. */
+export declare function renderCaveatsMarkdown(results: CaveatsResults): string;
+//# sourceMappingURL=render.d.ts.map

package/dist/caveats/render.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"render.d.ts","sourceRoot":"","sources":["../../src/caveats/render.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAc,cAAc,EAAE,MAAM,YAAY,CAAC;AAE7D,+DAA+D;AAC/D,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,cAAc,GAAG,MAAM,CAmDrE"}

package/dist/caveats/render.js

@@ -0,0 +1,100 @@
+/**
+ * Markdown renderer for the v0.1 caveats document.
+ *
+ * Where `report.renderMarkdown` turns an inventory + classification
+ * into a security-reviewer threat profile, this module turns a
+ * caveats document into an **operator-facing issuance plan**:
+ *
+ *   1. Heading + generated-at + server identity
+ *   2. Bindings block — caller / sandbox prefix / expiry, with an
+ *      explicit `<unbound>` marker for any binding the operator
+ *      didn't supply (so the review pass is loud about gaps).
+ *   3. Summary stats (total / ready / flagged)
+ *   4. ⚠ Flagged plans — each with classification, flag-reason
+ *      bullets, the caveats in a fenced code block, and the
+ *      preserved `// comment` if present.
+ *   5. Plans ready to issue — same shape minus flag reasons.
+ *
+ * Sections without entries are omitted entirely so a 100%-ready run
+ * doesn't print an empty "Flagged" heading and a 100%-flagged dry
+ * run doesn't print an empty "Ready" heading.
+ */
+/** Render a Markdown issuance plan. Pure function — no I/O. */
+export function renderCaveatsMarkdown(results) {
+    const out = [];
+    const serverLabel = `${results.server.name ?? "(unnamed server)"} v${results.server.version ?? "?"}`;
+    out.push("# capnagent issuance plan");
+    out.push("");
+    out.push(`> Generated by [mcp-recon](https://github.com/euanmcrosson-dotcom/mcp-recon) at ${results.scanned_at}.`);
+    out.push(`> Source server: **${serverLabel}**`);
+    out.push("");
+    // Bindings block — shows operator inputs verbatim, with explicit
+    // `<unbound>` for any missing field (matching the JSON document's
+    // "review pass" semantics).
+    out.push("## Bindings");
+    out.push("");
+    out.push(`- **caller:** ${formatBinding(results.bindings.caller)}`);
+    out.push(`- **sandbox_prefix:** ${formatBinding(results.bindings.sandbox_prefix)}`);
+    out.push(`- **expiry:** ${formatBinding(results.bindings.expiry)}`);
+    out.push("");
+    // Summary
+    out.push("## Summary");
+    out.push("");
+    out.push(`- **Total plans:** ${results.summary.total}`);
+    out.push(`- **Ready to issue:** ${results.summary.ready}`);
+    out.push(`- **Flagged for review:** ${results.summary.flagged}`);
+    out.push("");
+    const flaggedPlans = results.plans.filter((p) => p.flagged);
+    const readyPlans = results.plans.filter((p) => !p.flagged);
+    if (flaggedPlans.length > 0) {
+        out.push("## ⚠ Flagged plans (review before issuing)");
+        out.push("");
+        for (const plan of flaggedPlans) {
+            out.push(...renderPlan(plan, /* showFlagReasons */ true));
+            out.push("");
+        }
+    }
+    if (readyPlans.length > 0) {
+        out.push("## Plans ready to issue");
+        out.push("");
+        for (const plan of readyPlans) {
+            out.push(...renderPlan(plan, /* showFlagReasons */ false));
+            out.push("");
+        }
+    }
+    return out.join("\n");
+}
+function renderPlan(plan, showFlagReasons) {
+    const out = [];
+    const cdc = plan.confused_deputy_candidate ? " · ⚠️ confused-deputy candidate" : "";
+    out.push(`### ${plan.tool}`);
+    out.push("");
+    out.push(`**Class:** \`${plan.data_class}\` · **Authority:** \`${plan.authority_level}\`${cdc}`);
+    out.push("");
+    out.push(`**Purpose:** \`${plan.purpose}\``);
+    if (showFlagReasons && plan.flag_reasons.length > 0) {
+        out.push("");
+        out.push(`**Flag reasons:**`);
+        out.push("");
+        for (const reason of plan.flag_reasons) {
+            out.push(`- \`${reason}\``);
+        }
+    }
+    out.push("");
+    out.push(`**Caveats:**`);
+    out.push("");
+    out.push("```");
+    for (const c of plan.caveats) {
+        out.push(c);
+    }
+    out.push("```");
+    if (plan.comment !== undefined) {
+        out.push("");
+        out.push(`**Comment:** ${plan.comment}`);
+    }
+    return out;
+}
+function formatBinding(value) {
+    return value === undefined ? "`<unbound>`" : `\`${value}\``;
+}
+//# sourceMappingURL=render.js.map

package/dist/caveats/render.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"render.js","sourceRoot":"","sources":["../../src/caveats/render.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAIH,+DAA+D;AAC/D,MAAM,UAAU,qBAAqB,CAAC,OAAuB;IAC3D,MAAM,GAAG,GAAa,EAAE,CAAC;IAEzB,MAAM,WAAW,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,kBAAkB,KAAK,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,GAAG,EAAE,CAAC;IAErG,GAAG,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IACtC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,GAAG,CAAC,IAAI,CAAC,mFAAmF,OAAO,CAAC,UAAU,GAAG,CAAC,CAAC;IACnH,GAAG,CAAC,IAAI,CAAC,sBAAsB,WAAW,IAAI,CAAC,CAAC;IAChD,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEb,iEAAiE;IACjE,kEAAkE;IAClE,4BAA4B;IAC5B,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACxB,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,GAAG,CAAC,IAAI,CAAC,iBAAiB,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACpE,GAAG,CAAC,IAAI,CAAC,yBAAyB,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;IACpF,GAAG,CAAC,IAAI,CAAC,iBAAiB,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACpE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEb,UAAU;IACV,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACvB,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,GAAG,CAAC,IAAI,CAAC,sBAAsB,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IACxD,GAAG,CAAC,IAAI,CAAC,yBAAyB,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,IAAI,CAAC,6BAA6B,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACjE,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEb,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAE3D,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,GAAG,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;QACvD,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;YAChC,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,IAAI,EAAE,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;YAC1D,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,GAAG,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QACpC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,IAAI,EAAE,qBAAqB,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3D,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,UAAU,CAAC,IAAgB,EAAE,eAAwB;IAC5D,MAAM,GAAG,GAAa,EAAE,CAAC;IAEzB,MAAM,GAAG,GAAG,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC,iCAAiC,CAAC,CAAC,CAAC,EAAE,CAAC;IACpF,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7B,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,GAAG,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,UAAU,yBAAyB,IAAI,CAAC,eAAe,KAAK,GAAG,EAAE,CAAC,CAAC;IACjG,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,GAAG,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,OAAO,IAAI,CAAC,CAAC;IAE7C,IAAI,eAAe,IAAI,IAAI,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpD,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAC9B,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACvC,GAAG,CAAC,IAAI,CAAC,OAAO,MAAM,IAAI,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACzB,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAChB,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QAC7B,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAEhB,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC/B,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,GAAG,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,aAAa,CAAC,KAAyB;IAC9C,OAAO,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC;AAC9D,CAAC"}

package/dist/caveats/types.d.ts

@@ -0,0 +1,94 @@
+/**
+ * Wire-format types for the v0.1 caveats document.
+ *
+ * Schema tag: `mcp-recon/v0.1/caveats`. The caveats document is the
+ * **importable artifact** that closes the bridge to capnagent: a
+ * structured JSON document of capnagent-ready caveat plans, with
+ * placeholder substitution applied (or flagged for review when
+ * substitutions are missing).
+ *
+ * This is downstream of `mcp-recon/v0.1/classification` — every plan
+ * traces back to one classification entry. The `recommended_caveat`
+ * string in classifications is human-readable; the plans here are
+ * machine-readable and feed into a capnagent issuer directly.
+ */
+import type { AuthorityLevel, DataClass } from "../classify/types.js";
+/** Schema-version tag for caveats documents. */
+export declare const CAVEATS_SCHEMA: "mcp-recon/v0.1/caveats";
+/**
+ * Operator-supplied bindings for placeholder tokens in the
+ * classifier's `recommended_caveat` strings. Any binding may be
+ * omitted; omitted bindings leave their placeholders unsubstituted
+ * AND flag the plan for review. This lets operators run
+ * `mcp-recon caveats classification.json` without bindings to see
+ * exactly what they need to bind before issuance.
+ */
+export interface CaveatBindings {
+    /** Substitutes `<your-caller-id>`. */
+    caller?: string;
+    /** Substitutes `<your-sandbox-prefix>`. */
+    sandbox_prefix?: string;
+    /** Substitutes `<your-cap-expiry>`. ISO-8601 string. */
+    expiry?: string;
+    /**
+     * Optional per-tool caveat overrides. Each entry's caveats are
+     * appended after the substituted ones — useful for tightening
+     * confused-deputy candidates the classifier didn't constrain.
+     */
+    per_tool_overrides?: Record<string, string[]>;
+}
+/** Why a plan was flagged (zero or more reasons). */
+export type FlagReason = 
+/** Classifier returned `unknown` for this tool — operator must classify by hand. */
+"classification_unknown"
+/** Classifier confidence < 0.5 — review before trusting. */
+ | "low_confidence"
+/** Tool is a confused-deputy candidate but no `arg.*` constraint after substitution. */
+ | "cdc_without_arg_constraint"
+/** A `<your-...>` placeholder remains in at least one caveat. */
+ | "unsubstituted_placeholder";
+/** One issuance plan per classified tool. */
+export interface CaveatPlan {
+    /** Tool name from the classification. */
+    tool: string;
+    /** Pass-through from classification. */
+    data_class: DataClass;
+    /** Pass-through from classification. */
+    authority_level: AuthorityLevel;
+    /** Pass-through from classification. */
+    confused_deputy_candidate: boolean;
+    /** Operator-readable purpose string for the issuer. */
+    purpose: string;
+    /** Caveats to apply to the issuer, one DSL predicate per array entry. */
+    caveats: string[];
+    /** True if the plan needs review before issuance. */
+    flagged: boolean;
+    /** Specific flag reasons, when flagged. */
+    flag_reasons: FlagReason[];
+    /**
+     * Free-form trailing comment from the classifier's
+     * `recommended_caveat` (e.g. "READ filesystem; bound the sandbox
+     * prefix tightly"). Preserved for operator review.
+     */
+    comment?: string;
+}
+/** Top-level caveats document. */
+export interface CaveatsResults {
+    schema: typeof CAVEATS_SCHEMA;
+    scanned_at: string;
+    server: {
+        name?: string;
+        version?: string;
+    };
+    bindings: CaveatBindings;
+    plans: CaveatPlan[];
+    summary: {
+        /** Total plans (one per classified tool). */
+        total: number;
+        /** Plans with `flagged === false` — directly issuable. */
+        ready: number;
+        /** Plans with `flagged === true` — review required. */
+        flagged: number;
+    };
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/caveats/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/caveats/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AAEtE,gDAAgD;AAChD,eAAO,MAAM,cAAc,EAAG,wBAAiC,CAAC;AAEhE;;;;;;;GAOG;AACH,MAAM,WAAW,cAAc;IAC7B,sCAAsC;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,2CAA2C;IAC3C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,wDAAwD;IACxD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;CAC/C;AAED,qDAAqD;AACrD,MAAM,MAAM,UAAU;AACpB,oFAAoF;AAClF,wBAAwB;AAC1B,4DAA4D;GAC1D,gBAAgB;AAClB,wFAAwF;GACtF,4BAA4B;AAC9B,iEAAiE;GAC/D,2BAA2B,CAAC;AAEhC,6CAA6C;AAC7C,MAAM,WAAW,UAAU;IACzB,yCAAyC;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,wCAAwC;IACxC,UAAU,EAAE,SAAS,CAAC;IACtB,wCAAwC;IACxC,eAAe,EAAE,cAAc,CAAC;IAChC,wCAAwC;IACxC,yBAAyB,EAAE,OAAO,CAAC;IACnC,uDAAuD;IACvD,OAAO,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,qDAAqD;IACrD,OAAO,EAAE,OAAO,CAAC;IACjB,2CAA2C;IAC3C,YAAY,EAAE,UAAU,EAAE,CAAC;IAC3B;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,kCAAkC;AAClC,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,OAAO,cAAc,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5C,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,OAAO,EAAE;QACP,6CAA6C;QAC7C,KAAK,EAAE,MAAM,CAAC;QACd,0DAA0D;QAC1D,KAAK,EAAE,MAAM,CAAC;QACd,uDAAuD;QACvD,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH"}

package/dist/caveats/types.js

@@ -0,0 +1,17 @@
+/**
+ * Wire-format types for the v0.1 caveats document.
+ *
+ * Schema tag: `mcp-recon/v0.1/caveats`. The caveats document is the
+ * **importable artifact** that closes the bridge to capnagent: a
+ * structured JSON document of capnagent-ready caveat plans, with
+ * placeholder substitution applied (or flagged for review when
+ * substitutions are missing).
+ *
+ * This is downstream of `mcp-recon/v0.1/classification` — every plan
+ * traces back to one classification entry. The `recommended_caveat`
+ * string in classifications is human-readable; the plans here are
+ * machine-readable and feed into a capnagent issuer directly.
+ */
+/** Schema-version tag for caveats documents. */
+export const CAVEATS_SCHEMA = "mcp-recon/v0.1/caveats";
+//# sourceMappingURL=types.js.map

package/dist/caveats/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/caveats/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,gDAAgD;AAChD,MAAM,CAAC,MAAM,cAAc,GAAG,wBAAiC,CAAC"}

package/dist/classify/caveat.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Caveat synthesizer — the bridge from mcp-recon to capnagent.
+ *
+ * For each classified tool, generate a copy-pasteable capnagent
+ * caveat string that bounds the tool's authority to the smallest
+ * surface that preserves utility. The caveat is always a *suggestion*;
+ * the operator should review and tighten further to fit their
+ * deployment.
+ *
+ * Convention: every suggestion is a single DSL predicate that can be
+ * passed to `Issuer.issue(...).caveat(...)` or `cap.attenuate(...)`.
+ * The caveat language is documented in capnagent's
+ * `caveat_dsl.rs`.
+ */
+import type { ToolFacts } from "../fuzz/schema.js";
+import type { AuthorityLevel, DataClass } from "./types.js";
+export interface CaveatInput {
+    tool: string;
+    data_class: DataClass;
+    authority_level: AuthorityLevel;
+    facts: ToolFacts;
+}
+/**
+ * Suggest a capnagent caveat for the given classification + facts.
+ * The suggestion places `<placeholder>` markers where the operator
+ * must substitute deployment-specific values.
+ */
+export declare function synthesizeCaveat(input: CaveatInput): string;
+//# sourceMappingURL=caveat.d.ts.map

package/dist/classify/caveat.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"caveat.d.ts","sourceRoot":"","sources":["../../src/classify/caveat.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,KAAK,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5D,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,SAAS,CAAC;IACtB,eAAe,EAAE,cAAc,CAAC;IAChC,KAAK,EAAE,SAAS,CAAC;CAClB;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,CAkC3D"}