opena2a-cli 0.1.2 → 0.3.0

package/dist/router.js.map

@@ -1 +1 @@
-{"version":3,"file":"router.js","sourceRoot":"","sources":["../src/router.ts"],"names":[],"mappings":";;AAsBA,sCA8CC;AAKD,0CAuFC;AAhKD,kDAAoD;AAEpD,sDAAgD;AAYhD;;;;;;;GAOG;AACH,SAAgB,aAAa,CAAC,IAAc;IAC1C,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IACjD,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAEtB,6BAA6B;IAC7B,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACtF,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IAC3D,CAAC;IAED,wBAAwB;IACxB,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,KAAK,GAAG,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACtF,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IAC5D,CAAC;IAED,yFAAyF;IACzF,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QACpD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IACxD,CAAC;IAED,mBAAmB;IACnB,MAAM,cAAc,GAAG;QACrB,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS;QAC/C,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS;QACnD,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO;QACnD,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,eAAe;QACnD,QAAQ,EAAE,WAAW;KACtB,CAAC;IAEF,IAAI,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IACnE,CAAC;IAED,8CAA8C;IAC9C,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpB,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IAC9D,CAAC;IAED,wCAAwC;IACxC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;AACpD,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,eAAe,CACnC,OAAe,EACf,IAAc,EACd,gBAAqC,EAAE;IAEvC,mFAAmF;IACnF,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAC3C,OAAO,IAAA,oBAAO,EAAC;YACb,SAAS;YACT,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;YAClC,OAAO,EAAE,aAAa,CAAC,OAAO,IAAI,KAAK;YACvC,EAAE,EAAE,aAAa,CAAC,EAAE,IAAI,KAAK;YAC7B,MAAM,EAAG,aAAa,CAAC,MAA0B,IAAI,MAAM;YAC3D,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC;SAC3C,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC;YACV,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE;YACnC,EAAE,EAAE,aAAa,CAAC,EAAE,IAAI,KAAK;YAC7B,MAAM,EAAG,aAAa,CAAC,MAA0B,IAAI,MAAM;YAC3D,OAAO,EAAE,aAAa,CAAC,OAAO,IAAI,KAAK;SACxC,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC;QACvC,OAAO,KAAK,CAAC;YACX,UAAU,EAAE,UAA0C;YACtD,SAAS,EAAE,OAAO,CAAC,GAAG,EAAE;YACxB,EAAE,EAAE,aAAa,CAAC,EAAE,IAAI,KAAK;YAC7B,MAAM,EAAG,aAAa,CAAC,MAA0B,IAAI,MAAM;YAC3D,OAAO,EAAE,aAAa,CAAC,OAAO,IAAI,KAAK;SACxC,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC;QACvC,OAAO,OAAO,CAAC;YACb,UAAU,EAAE,UAAkD;YAC9D,SAAS,EAAE,OAAO,CAAC,GAAG,EAAE;YACxB,EAAE,EAAE,aAAa,CAAC,EAAE,IAAI,KAAK;YAC7B,MAAM,EAAG,aAAa,CAAC,MAA0B,IAAI,MAAM;YAC3D,OAAO,EAAE,aAAa,CAAC,OAAO,IAAI,KAAK;SACxC,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,MAAM,UAAU,GAA+D;QAC7E,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,EAAE;QACnD,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,EAAE;QACpD,OAAO,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,OAAO,CAAC,EAAE;KACzD,CAAC;IAEF,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,WAAW,GAAG,MAAM,EAAE,OAAO,IAAI,OAAO,CAAC;IAC/C,MAAM,WAAW,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAErE,MAAM,OAAO,GAAG,IAAA,wBAAa,EAAC,WAAW,CAAC,CAAC;IAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,OAAO,IAAI,CAAC,CAAC;QACtD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACvE,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,sBAAsB,CAAC,CAAC;QACnE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,OAAO,CAAC,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,CAAC;QACjI,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC/B,IAAI,EAAE,WAAW;QACjB,GAAG,aAAa;QAChB,GAAG,EAAE,aAAa,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE;KACxC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC,QAAQ,CAAC;AACzB,CAAC"}
+{"version":3,"file":"router.js","sourceRoot":"","sources":["../src/router.ts"],"names":[],"mappings":";;AAsBA,sCA8CC;AAKD,0CAwFC;AAjKD,kDAAoD;AAEpD,sDAAgD;AAYhD;;;;;;;GAOG;AACH,SAAgB,aAAa,CAAC,IAAc;IAC1C,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IACjD,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAEtB,6BAA6B;IAC7B,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACtF,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IAC3D,CAAC;IAED,wBAAwB;IACxB,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,KAAK,GAAG,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACtF,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IAC5D,CAAC;IAED,yFAAyF;IACzF,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QACpD,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IACxD,CAAC;IAED,mBAAmB;IACnB,MAAM,cAAc,GAAG;QACrB,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS;QAC/C,MAAM,EAAE,SAAS,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS;QACnD,UAAU,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO;QACnD,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,eAAe;QACnD,QAAQ,EAAE,WAAW,EAAE,QAAQ;KAChC,CAAC;IAEF,IAAI,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;IACnE,CAAC;IAED,8CAA8C;IAC9C,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpB,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;IAC9D,CAAC;IAED,wCAAwC;IACxC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;AACpD,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,eAAe,CACnC,OAAe,EACf,IAAc,EACd,gBAAqC,EAAE;IAEvC,mFAAmF;IACnF,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAC3C,OAAO,IAAA,oBAAO,EAAC;YACb,SAAS;YACT,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;YAClC,OAAO,EAAE,aAAa,CAAC,OAAO,IAAI,KAAK;YACvC,EAAE,EAAE,aAAa,CAAC,EAAE,IAAI,KAAK;YAC7B,MAAM,EAAG,aAAa,CAAC,MAA0B,IAAI,MAAM;YAC3D,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC;SAC3C,CAAC,CAAC;IACL,CAAC;IAED,6CAA6C;IAC7C,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC;YACV,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,GAAG,EAAE;YACnC,EAAE,EAAE,aAAa,CAAC,EAAE,IAAI,KAAK;YAC7B,MAAM,EAAG,aAAa,CAAC,MAA0B,IAAI,MAAM;YAC3D,OAAO,EAAE,aAAa,CAAC,OAAO,IAAI,KAAK;SACxC,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC;QACvC,OAAO,KAAK,CAAC;YACX,UAAU,EAAE,UAAqD;YACjE,SAAS,EAAE,OAAO,CAAC,GAAG,EAAE;YACxB,EAAE,EAAE,aAAa,CAAC,EAAE,IAAI,KAAK;YAC7B,MAAM,EAAG,aAAa,CAAC,MAA0B,IAAI,MAAM;YAC3D,OAAO,EAAE,aAAa,CAAC,OAAO,IAAI,KAAK;YACvC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;SACpB,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC;QACvC,OAAO,OAAO,CAAC;YACb,UAAU,EAAE,UAAkD;YAC9D,SAAS,EAAE,OAAO,CAAC,GAAG,EAAE;YACxB,EAAE,EAAE,aAAa,CAAC,EAAE,IAAI,KAAK;YAC7B,MAAM,EAAG,aAAa,CAAC,MAA0B,IAAI,MAAM;YAC3D,OAAO,EAAE,aAAa,CAAC,OAAO,IAAI,KAAK;SACxC,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAClC,MAAM,UAAU,GAA+D;QAC7E,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,EAAE;QACnD,MAAM,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,EAAE;QACpD,OAAO,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC,OAAO,CAAC,EAAE;KACzD,CAAC;IAEF,MAAM,MAAM,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,WAAW,GAAG,MAAM,EAAE,OAAO,IAAI,OAAO,CAAC;IAC/C,MAAM,WAAW,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAErE,MAAM,OAAO,GAAG,IAAA,wBAAa,EAAC,WAAW,CAAC,CAAC;IAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,OAAO,IAAI,CAAC,CAAC;QACtD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACvE,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,sBAAsB,CAAC,CAAC;QACnE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,OAAO,CAAC,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,CAAC;QACjI,OAAO,CAAC,CAAC;IACX,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC/B,IAAI,EAAE,WAAW;QACjB,GAAG,aAAa;QAChB,GAAG,EAAE,aAAa,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE;KACxC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC,QAAQ,CAAC;AACzB,CAAC"}

package/dist/shield/ai-tool-config.d.ts

@@ -0,0 +1,49 @@
+/**
+ * AI Tool Configuration for Shield
+ *
+ * Adds Shield-specific security context to AI coding tool instruction files.
+ * Each tool gets its own marker so Secretless and Shield sections coexist
+ * without interfering with each other.
+ *
+ * Secretless owns:  <!-- secretless:managed -->
+ * Shield owns:      <!-- opena2a-shield:managed -->
+ */
+export interface AiToolConfigResult {
+    toolsConfigured: string[];
+    toolsSkipped: string[];
+}
+/**
+ * Configure Claude Code with Shield context.
+ * Appends to CLAUDE.md if marker is not already present.
+ */
+export declare function configureClaudeCodeForShield(targetDir: string): boolean;
+/**
+ * Configure Cursor with Shield context.
+ * Appends to .cursorrules if marker is not already present.
+ */
+export declare function configureCursorForShield(targetDir: string): boolean;
+/**
+ * Configure Windsurf with Shield context.
+ * Appends to .windsurfrules if marker is not already present.
+ */
+export declare function configureWindsurfForShield(targetDir: string): boolean;
+/**
+ * Configure GitHub Copilot with Shield context.
+ * Appends to .github/copilot-instructions.md if marker is not already present.
+ */
+export declare function configureCopilotForShield(targetDir: string): boolean;
+/**
+ * Configure Cline with Shield context.
+ * Appends to .clinerules if marker is not already present.
+ */
+export declare function configureClineForShield(targetDir: string): boolean;
+/**
+ * Check if the Shield marker exists in a file.
+ */
+export declare function hasShieldMarker(filePath: string): boolean;
+/**
+ * Configure all detected AI tools with Shield context.
+ * Only configures tools that have existing config files (except CLAUDE.md which is always created).
+ */
+export declare function configureAiTools(targetDir: string, detectedAssistants: string[]): AiToolConfigResult;
+//# sourceMappingURL=ai-tool-config.d.ts.map

package/dist/shield/ai-tool-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-tool-config.d.ts","sourceRoot":"","sources":["../../src/shield/ai-tool-config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAyBH,MAAM,WAAW,kBAAkB;IACjC,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;;GAGG;AACH,wBAAgB,4BAA4B,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAGvE;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAGnE;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAGrE;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAGpE;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAGlE;AA4BD;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAOzD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,GAAG,kBAAkB,CAgDpG"}

package/dist/shield/ai-tool-config.js

@@ -0,0 +1,169 @@
+"use strict";
+/**
+ * AI Tool Configuration for Shield
+ *
+ * Adds Shield-specific security context to AI coding tool instruction files.
+ * Each tool gets its own marker so Secretless and Shield sections coexist
+ * without interfering with each other.
+ *
+ * Secretless owns:  <!-- secretless:managed -->
+ * Shield owns:      <!-- opena2a-shield:managed -->
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configureClaudeCodeForShield = configureClaudeCodeForShield;
+exports.configureCursorForShield = configureCursorForShield;
+exports.configureWindsurfForShield = configureWindsurfForShield;
+exports.configureCopilotForShield = configureCopilotForShield;
+exports.configureClineForShield = configureClineForShield;
+exports.hasShieldMarker = hasShieldMarker;
+exports.configureAiTools = configureAiTools;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const SHIELD_MARKER = '<!-- opena2a-shield:managed -->';
+const SHIELD_SECTION = `${SHIELD_MARKER}
+## Shield Security Context
+
+This project is protected by OpenA2A Shield.
+
+**Security posture:**
+- \`opena2a shield status\` -- view protection status
+- \`opena2a shield log\` -- query security event log
+- \`opena2a shield selfcheck\` -- verify integrity
+
+**Config file changes:**
+- Run \`opena2a guard resign\` after intentional config modifications
+- Config integrity is monitored -- unauthorized changes trigger alerts
+
+**Agent identity:**
+- This session has a local Ed25519 identity (view: \`opena2a shield session\`)
+`;
+/**
+ * Configure Claude Code with Shield context.
+ * Appends to CLAUDE.md if marker is not already present.
+ */
+function configureClaudeCodeForShield(targetDir) {
+    const claudeMdPath = (0, node_path_1.join)(targetDir, 'CLAUDE.md');
+    return appendShieldSection(claudeMdPath);
+}
+/**
+ * Configure Cursor with Shield context.
+ * Appends to .cursorrules if marker is not already present.
+ */
+function configureCursorForShield(targetDir) {
+    const cursorPath = (0, node_path_1.join)(targetDir, '.cursorrules');
+    return appendShieldSection(cursorPath);
+}
+/**
+ * Configure Windsurf with Shield context.
+ * Appends to .windsurfrules if marker is not already present.
+ */
+function configureWindsurfForShield(targetDir) {
+    const windsurfPath = (0, node_path_1.join)(targetDir, '.windsurfrules');
+    return appendShieldSection(windsurfPath);
+}
+/**
+ * Configure GitHub Copilot with Shield context.
+ * Appends to .github/copilot-instructions.md if marker is not already present.
+ */
+function configureCopilotForShield(targetDir) {
+    const copilotPath = (0, node_path_1.join)(targetDir, '.github', 'copilot-instructions.md');
+    return appendShieldSection(copilotPath);
+}
+/**
+ * Configure Cline with Shield context.
+ * Appends to .clinerules if marker is not already present.
+ */
+function configureClineForShield(targetDir) {
+    const clinePath = (0, node_path_1.join)(targetDir, '.clinerules');
+    return appendShieldSection(clinePath);
+}
+/**
+ * Append the Shield section to a file if the marker is not already present.
+ * Creates the file if it doesn't exist.
+ * Returns true if the section was added, false if already present.
+ */
+function appendShieldSection(filePath) {
+    if ((0, node_fs_1.existsSync)(filePath)) {
+        const content = (0, node_fs_1.readFileSync)(filePath, 'utf-8');
+        if (content.includes(SHIELD_MARKER)) {
+            return false; // Already configured
+        }
+        // Append to existing file
+        const separator = content.endsWith('\n') ? '\n' : '\n\n';
+        (0, node_fs_1.writeFileSync)(filePath, content + separator + SHIELD_SECTION, { mode: 0o600 });
+        return true;
+    }
+    // Create new file with shield section
+    const dir = (0, node_path_1.dirname)(filePath);
+    if (!(0, node_fs_1.existsSync)(dir)) {
+        (0, node_fs_1.mkdirSync)(dir, { recursive: true });
+    }
+    (0, node_fs_1.writeFileSync)(filePath, SHIELD_SECTION, { mode: 0o600 });
+    return true;
+}
+/**
+ * Check if the Shield marker exists in a file.
+ */
+function hasShieldMarker(filePath) {
+    if (!(0, node_fs_1.existsSync)(filePath))
+        return false;
+    try {
+        return (0, node_fs_1.readFileSync)(filePath, 'utf-8').includes(SHIELD_MARKER);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Configure all detected AI tools with Shield context.
+ * Only configures tools that have existing config files (except CLAUDE.md which is always created).
+ */
+function configureAiTools(targetDir, detectedAssistants) {
+    const toolsConfigured = [];
+    const toolsSkipped = [];
+    // Always configure Claude Code (it's the primary target)
+    if (configureClaudeCodeForShield(targetDir)) {
+        toolsConfigured.push('Claude Code (CLAUDE.md)');
+    }
+    else {
+        toolsSkipped.push('Claude Code (already configured)');
+    }
+    // Configure Cursor if detected or .cursorrules exists
+    if (detectedAssistants.includes('Cursor') || (0, node_fs_1.existsSync)((0, node_path_1.join)(targetDir, '.cursorrules'))) {
+        if (configureCursorForShield(targetDir)) {
+            toolsConfigured.push('Cursor (.cursorrules)');
+        }
+        else {
+            toolsSkipped.push('Cursor (already configured)');
+        }
+    }
+    // Configure Windsurf if detected or .windsurfrules exists
+    if (detectedAssistants.includes('Windsurf') || (0, node_fs_1.existsSync)((0, node_path_1.join)(targetDir, '.windsurfrules'))) {
+        if (configureWindsurfForShield(targetDir)) {
+            toolsConfigured.push('Windsurf (.windsurfrules)');
+        }
+        else {
+            toolsSkipped.push('Windsurf (already configured)');
+        }
+    }
+    // Configure Copilot if .github/copilot-instructions.md exists
+    if ((0, node_fs_1.existsSync)((0, node_path_1.join)(targetDir, '.github', 'copilot-instructions.md'))) {
+        if (configureCopilotForShield(targetDir)) {
+            toolsConfigured.push('GitHub Copilot (.github/copilot-instructions.md)');
+        }
+        else {
+            toolsSkipped.push('GitHub Copilot (already configured)');
+        }
+    }
+    // Configure Cline if detected or .clinerules exists
+    if (detectedAssistants.includes('Cline') || (0, node_fs_1.existsSync)((0, node_path_1.join)(targetDir, '.clinerules'))) {
+        if (configureClineForShield(targetDir)) {
+            toolsConfigured.push('Cline (.clinerules)');
+        }
+        else {
+            toolsSkipped.push('Cline (already configured)');
+        }
+    }
+    return { toolsConfigured, toolsSkipped };
+}
+//# sourceMappingURL=ai-tool-config.js.map

package/dist/shield/ai-tool-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai-tool-config.js","sourceRoot":"","sources":["../../src/shield/ai-tool-config.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;AAkCH,oEAGC;AAMD,4DAGC;AAMD,gEAGC;AAMD,8DAGC;AAMD,0DAGC;AA+BD,0CAOC;AAMD,4CAgDC;AAnKD,qCAA6E;AAC7E,yCAA0C;AAE1C,MAAM,aAAa,GAAG,iCAAiC,CAAC;AAExD,MAAM,cAAc,GAAG,GAAG,aAAa;;;;;;;;;;;;;;;;CAgBtC,CAAC;AAOF;;;GAGG;AACH,SAAgB,4BAA4B,CAAC,SAAiB;IAC5D,MAAM,YAAY,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAClD,OAAO,mBAAmB,CAAC,YAAY,CAAC,CAAC;AAC3C,CAAC;AAED;;;GAGG;AACH,SAAgB,wBAAwB,CAAC,SAAiB;IACxD,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,cAAc,CAAC,CAAC;IACnD,OAAO,mBAAmB,CAAC,UAAU,CAAC,CAAC;AACzC,CAAC;AAED;;;GAGG;AACH,SAAgB,0BAA0B,CAAC,SAAiB;IAC1D,MAAM,YAAY,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;IACvD,OAAO,mBAAmB,CAAC,YAAY,CAAC,CAAC;AAC3C,CAAC;AAED;;;GAGG;AACH,SAAgB,yBAAyB,CAAC,SAAiB;IACzD,MAAM,WAAW,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,SAAS,EAAE,yBAAyB,CAAC,CAAC;IAC1E,OAAO,mBAAmB,CAAC,WAAW,CAAC,CAAC;AAC1C,CAAC;AAED;;;GAGG;AACH,SAAgB,uBAAuB,CAAC,SAAiB;IACvD,MAAM,SAAS,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,aAAa,CAAC,CAAC;IACjD,OAAO,mBAAmB,CAAC,SAAS,CAAC,CAAC;AACxC,CAAC;AAED;;;;GAIG;AACH,SAAS,mBAAmB,CAAC,QAAgB;IAC3C,IAAI,IAAA,oBAAU,EAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,IAAA,sBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,IAAI,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC,CAAC,qBAAqB;QACrC,CAAC;QACD,0BAA0B;QAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC;QACzD,IAAA,uBAAa,EAAC,QAAQ,EAAE,OAAO,GAAG,SAAS,GAAG,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,sCAAsC;IACtC,MAAM,GAAG,GAAG,IAAA,mBAAO,EAAC,QAAQ,CAAC,CAAC;IAC9B,IAAI,CAAC,IAAA,oBAAU,EAAC,GAAG,CAAC,EAAE,CAAC;QACrB,IAAA,mBAAS,EAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtC,CAAC;IACD,IAAA,uBAAa,EAAC,QAAQ,EAAE,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,QAAgB;IAC9C,IAAI,CAAC,IAAA,oBAAU,EAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,CAAC;QACH,OAAO,IAAA,sBAAY,EAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,gBAAgB,CAAC,SAAiB,EAAE,kBAA4B;IAC9E,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,MAAM,YAAY,GAAa,EAAE,CAAC;IAElC,yDAAyD;IACzD,IAAI,4BAA4B,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5C,eAAe,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;IAClD,CAAC;SAAM,CAAC;QACN,YAAY,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;IACxD,CAAC;IAED,sDAAsD;IACtD,IAAI,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAA,oBAAU,EAAC,IAAA,gBAAI,EAAC,SAAS,EAAE,cAAc,CAAC,CAAC,EAAE,CAAC;QACzF,IAAI,wBAAwB,CAAC,SAAS,CAAC,EAAE,CAAC;YACxC,eAAe,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,0DAA0D;IAC1D,IAAI,kBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,IAAA,oBAAU,EAAC,IAAA,gBAAI,EAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC,EAAE,CAAC;QAC7F,IAAI,0BAA0B,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1C,eAAe,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,8DAA8D;IAC9D,IAAI,IAAA,oBAAU,EAAC,IAAA,gBAAI,EAAC,SAAS,EAAE,SAAS,EAAE,yBAAyB,CAAC,CAAC,EAAE,CAAC;QACtE,IAAI,yBAAyB,CAAC,SAAS,CAAC,EAAE,CAAC;YACzC,eAAe,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QAC3E,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,IAAI,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAA,oBAAU,EAAC,IAAA,gBAAI,EAAC,SAAS,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC;QACvF,IAAI,uBAAuB,CAAC,SAAS,CAAC,EAAE,CAAC;YACvC,eAAe,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,CAAC;AAC3C,CAAC"}

package/dist/shield/arp-bridge.d.ts

@@ -0,0 +1,62 @@
+/**
+ * ARP-Shield Event Bridge
+ *
+ * Translates ARP (Agent Runtime Protection) events into Shield's
+ * tamper-evident hash chain. Supports both bulk import of existing
+ * ARP event logs and live bridging during ARP monitoring.
+ *
+ * ARP events live in .opena2a/arp/events.jsonl (ARP native format).
+ * Shield events live in ~/.opena2a/shield/events.jsonl (hash-chained).
+ */
+import type { ShieldEvent } from './types.js';
+export interface ARPEvent {
+    id: string;
+    timestamp: string;
+    source: string;
+    category: string;
+    severity: string;
+    description: string;
+    data: Record<string, unknown>;
+    classifiedBy?: string;
+    llmAssessment?: {
+        consistent: boolean;
+        confidence: number;
+        reasoning: string;
+        recommendation: string;
+    };
+}
+/**
+ * Translate a single ARP event into a Shield writeEvent partial.
+ * This does NOT write the event -- caller decides when to persist.
+ */
+export declare function translateARPEvent(arp: ARPEvent, agentName?: string): Omit<ShieldEvent, 'id' | 'timestamp' | 'version' | 'prevHash' | 'eventHash'>;
+/**
+ * Read ARP events from .opena2a/arp/events.jsonl and import them into
+ * Shield's tamper-evident event log. Skips events that have already been
+ * imported (checks for matching arpEventId in existing Shield events).
+ *
+ * Returns the count of newly imported events.
+ */
+export declare function importARPEvents(targetDir: string, agentName?: string): {
+    imported: number;
+    skipped: number;
+    errors: number;
+    total: number;
+};
+export interface ARPStats {
+    totalEvents: number;
+    anomalies: number;
+    violations: number;
+    threats: number;
+    processEvents: number;
+    networkEvents: number;
+    filesystemEvents: number;
+    promptEvents: number;
+    enforcements: number;
+}
+/**
+ * Compute stats from ARP events in Shield's log (source === 'arp').
+ * Used by shield report to populate runtimeProtection section.
+ */
+export declare function getARPStats(since?: string): ARPStats;
+//# sourceMappingURL=arp-bridge.d.ts.map

package/dist/shield/arp-bridge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"arp-bridge.d.ts","sourceRoot":"","sources":["../../src/shield/arp-bridge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAkD,MAAM,YAAY,CAAC;AAM9F,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE;QACd,UAAU,EAAE,OAAO,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;CACH;AAkDD;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,GAAG,EAAE,QAAQ,EACb,SAAS,CAAC,EAAE,MAAM,GACjB,IAAI,CAAC,WAAW,EAAE,IAAI,GAAG,WAAW,GAAG,SAAS,GAAG,UAAU,GAAG,WAAW,CAAC,CAuB9E;AAMD;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG;IACtE,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf,CAmDA;AAMD,MAAM,WAAW,QAAQ;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,QAAQ,CAgCpD"}

package/dist/shield/arp-bridge.js

@@ -0,0 +1,198 @@
+"use strict";
+/**
+ * ARP-Shield Event Bridge
+ *
+ * Translates ARP (Agent Runtime Protection) events into Shield's
+ * tamper-evident hash chain. Supports both bulk import of existing
+ * ARP event logs and live bridging during ARP monitoring.
+ *
+ * ARP events live in .opena2a/arp/events.jsonl (ARP native format).
+ * Shield events live in ~/.opena2a/shield/events.jsonl (hash-chained).
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.translateARPEvent = translateARPEvent;
+exports.importARPEvents = importARPEvents;
+exports.getARPStats = getARPStats;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const events_js_1 = require("./events.js");
+// ---------------------------------------------------------------------------
+// Translation
+// ---------------------------------------------------------------------------
+/** Map ARP category to Shield outcome. */
+function mapOutcome(arpCategory, enforcement) {
+    if (enforcement === 'kill' || enforcement === 'pause')
+        return 'blocked';
+    if (arpCategory === 'violation' || arpCategory === 'threat')
+        return 'blocked';
+    if (arpCategory === 'anomaly')
+        return 'monitored';
+    return 'allowed';
+}
+/** Map ARP severity to Shield severity. */
+function mapSeverity(arpSeverity) {
+    const map = {
+        info: 'info',
+        low: 'low',
+        medium: 'medium',
+        high: 'high',
+        critical: 'critical',
+    };
+    return map[arpSeverity] ?? 'info';
+}
+/** Build a human-readable action string from ARP event data. */
+function buildAction(arp) {
+    const src = arp.source;
+    const cat = arp.category;
+    if (src === 'process')
+        return `process.${cat === 'normal' ? 'spawn' : cat}`;
+    if (src === 'network')
+        return `network.${cat === 'normal' ? 'connection' : cat}`;
+    if (src === 'filesystem')
+        return `filesystem.${cat === 'normal' ? 'access' : cat}`;
+    if (src === 'prompt')
+        return `prompt.${cat}`;
+    if (src === 'mcp-protocol')
+        return `mcp.${cat}`;
+    if (src === 'a2a-protocol')
+        return `a2a.${cat}`;
+    return `${src}.${cat}`;
+}
+/** Build a target string from ARP event data. */
+function buildTarget(arp) {
+    const data = arp.data ?? {};
+    if (data.command)
+        return String(data.command);
+    if (data.host)
+        return String(data.host);
+    if (data.path)
+        return String(data.path);
+    if (data.name)
+        return String(data.name);
+    if (data.pid)
+        return `pid:${data.pid}`;
+    return arp.description?.slice(0, 80) ?? 'unknown';
+}
+/**
+ * Translate a single ARP event into a Shield writeEvent partial.
+ * This does NOT write the event -- caller decides when to persist.
+ */
+function translateARPEvent(arp, agentName) {
+    return {
+        source: 'arp',
+        category: `arp.${arp.source}`,
+        severity: mapSeverity(arp.severity),
+        agent: agentName ?? arp.data?.agentName ?? null,
+        sessionId: null,
+        action: buildAction(arp),
+        target: buildTarget(arp),
+        outcome: mapOutcome(arp.category, arp.llmAssessment?.recommendation),
+        detail: {
+            arpEventId: arp.id,
+            arpSource: arp.source,
+            arpCategory: arp.category,
+            classifiedBy: arp.classifiedBy ?? 'L0-rules',
+            description: arp.description,
+            data: arp.data,
+            ...(arp.llmAssessment ? { llmAssessment: arp.llmAssessment } : {}),
+        },
+        orgId: null,
+        managed: false,
+        agentId: null,
+    };
+}
+// ---------------------------------------------------------------------------
+// Bulk import
+// ---------------------------------------------------------------------------
+/**
+ * Read ARP events from .opena2a/arp/events.jsonl and import them into
+ * Shield's tamper-evident event log. Skips events that have already been
+ * imported (checks for matching arpEventId in existing Shield events).
+ *
+ * Returns the count of newly imported events.
+ */
+function importARPEvents(targetDir, agentName) {
+    const arpEventsPath = (0, node_path_1.join)(targetDir, '.opena2a', 'arp', 'events.jsonl');
+    if (!(0, node_fs_1.existsSync)(arpEventsPath)) {
+        return { imported: 0, skipped: 0, errors: 0, total: 0 };
+    }
+    let content;
+    try {
+        content = (0, node_fs_1.readFileSync)(arpEventsPath, 'utf-8');
+    }
+    catch {
+        return { imported: 0, skipped: 0, errors: 0, total: 0 };
+    }
+    const lines = content.trim().split('\n').filter(Boolean);
+    // Build set of already-imported ARP event IDs
+    const existingEvents = (0, events_js_1.readEvents)({ count: 10000, source: 'arp' });
+    const importedIds = new Set();
+    for (const event of existingEvents) {
+        const detail = event.detail;
+        if (detail?.arpEventId) {
+            importedIds.add(String(detail.arpEventId));
+        }
+    }
+    let imported = 0;
+    let skipped = 0;
+    let errors = 0;
+    for (const line of lines) {
+        let arpEvent;
+        try {
+            arpEvent = JSON.parse(line);
+        }
+        catch {
+            errors++;
+            continue;
+        }
+        // Skip already-imported events
+        if (importedIds.has(arpEvent.id)) {
+            skipped++;
+            continue;
+        }
+        const partial = translateARPEvent(arpEvent, agentName);
+        (0, events_js_1.writeEvent)(partial);
+        imported++;
+    }
+    return { imported, skipped, errors, total: lines.length };
+}
+/**
+ * Compute stats from ARP events in Shield's log (source === 'arp').
+ * Used by shield report to populate runtimeProtection section.
+ */
+function getARPStats(since) {
+    const events = (0, events_js_1.readEvents)({ source: 'arp', since, count: 10000 });
+    const stats = {
+        totalEvents: events.length,
+        anomalies: 0,
+        violations: 0,
+        threats: 0,
+        processEvents: 0,
+        networkEvents: 0,
+        filesystemEvents: 0,
+        promptEvents: 0,
+        enforcements: 0,
+    };
+    for (const event of events) {
+        const detail = event.detail;
+        const arpCategory = String(detail?.arpCategory ?? '');
+        if (arpCategory === 'anomaly')
+            stats.anomalies++;
+        if (arpCategory === 'violation')
+            stats.violations++;
+        if (arpCategory === 'threat')
+            stats.threats++;
+        if (event.category === 'arp.process')
+            stats.processEvents++;
+        if (event.category === 'arp.network')
+            stats.networkEvents++;
+        if (event.category === 'arp.filesystem')
+            stats.filesystemEvents++;
+        if (event.category === 'arp.prompt')
+            stats.promptEvents++;
+        if (event.outcome === 'blocked')
+            stats.enforcements++;
+    }
+    return stats;
+}
+//# sourceMappingURL=arp-bridge.js.map

package/dist/shield/arp-bridge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"arp-bridge.js","sourceRoot":"","sources":["../../src/shield/arp-bridge.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;AAiFH,8CA0BC;AAaD,0CAwDC;AAsBD,kCAgCC;AApOD,qCAAmD;AACnD,yCAAiC;AAEjC,2CAAqD;AAwBrD,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E,0CAA0C;AAC1C,SAAS,UAAU,CAAC,WAAmB,EAAE,WAAoB;IAC3D,IAAI,WAAW,KAAK,MAAM,IAAI,WAAW,KAAK,OAAO;QAAE,OAAO,SAAS,CAAC;IACxE,IAAI,WAAW,KAAK,WAAW,IAAI,WAAW,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAC9E,IAAI,WAAW,KAAK,SAAS;QAAE,OAAO,WAAW,CAAC;IAClD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,2CAA2C;AAC3C,SAAS,WAAW,CAAC,WAAmB;IACtC,MAAM,GAAG,GAAkC;QACzC,IAAI,EAAE,MAAM;QACZ,GAAG,EAAE,KAAK;QACV,MAAM,EAAE,QAAQ;QAChB,IAAI,EAAE,MAAM;QACZ,QAAQ,EAAE,UAAU;KACrB,CAAC;IACF,OAAO,GAAG,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC;AACpC,CAAC;AAED,gEAAgE;AAChE,SAAS,WAAW,CAAC,GAAa;IAChC,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;IACvB,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC;IACzB,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,WAAW,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;IAC5E,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,WAAW,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;IACjF,IAAI,GAAG,KAAK,YAAY;QAAE,OAAO,cAAc,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;IACnF,IAAI,GAAG,KAAK,QAAQ;QAAE,OAAO,UAAU,GAAG,EAAE,CAAC;IAC7C,IAAI,GAAG,KAAK,cAAc;QAAE,OAAO,OAAO,GAAG,EAAE,CAAC;IAChD,IAAI,GAAG,KAAK,cAAc;QAAE,OAAO,OAAO,GAAG,EAAE,CAAC;IAChD,OAAO,GAAG,GAAG,IAAI,GAAG,EAAE,CAAC;AACzB,CAAC;AAED,iDAAiD;AACjD,SAAS,WAAW,CAAC,GAAa;IAChC,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IAC5B,IAAI,IAAI,CAAC,OAAO;QAAE,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC9C,IAAI,IAAI,CAAC,IAAI;QAAE,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,IAAI;QAAE,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,IAAI;QAAE,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,GAAG;QAAE,OAAO,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC;IACvC,OAAO,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,SAAS,CAAC;AACpD,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB,CAC/B,GAAa,EACb,SAAkB;IAElB,OAAO;QACL,MAAM,EAAE,KAA0B;QAClC,QAAQ,EAAE,OAAO,GAAG,CAAC,MAAM,EAAE;QAC7B,QAAQ,EAAE,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC;QACnC,KAAK,EAAE,SAAS,IAAK,GAAG,CAAC,IAAI,EAAE,SAAoB,IAAI,IAAI;QAC3D,SAAS,EAAE,IAAI;QACf,MAAM,EAAE,WAAW,CAAC,GAAG,CAAC;QACxB,MAAM,EAAE,WAAW,CAAC,GAAG,CAAC;QACxB,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,aAAa,EAAE,cAAc,CAAC;QACpE,MAAM,EAAE;YACN,UAAU,EAAE,GAAG,CAAC,EAAE;YAClB,SAAS,EAAE,GAAG,CAAC,MAAM;YACrB,WAAW,EAAE,GAAG,CAAC,QAAQ;YACzB,YAAY,EAAE,GAAG,CAAC,YAAY,IAAI,UAAU;YAC5C,WAAW,EAAE,GAAG,CAAC,WAAW;YAC5B,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACnE;QACD,KAAK,EAAE,IAAI;QACX,OAAO,EAAE,KAAK;QACd,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,cAAc;AACd,8EAA8E;AAE9E;;;;;;GAMG;AACH,SAAgB,eAAe,CAAC,SAAiB,EAAE,SAAkB;IAMnE,MAAM,aAAa,GAAG,IAAA,gBAAI,EAAC,SAAS,EAAE,UAAU,EAAE,KAAK,EAAE,cAAc,CAAC,CAAC;IAEzE,IAAI,CAAC,IAAA,oBAAU,EAAC,aAAa,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,IAAA,sBAAY,EAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;IAC1D,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEzD,8CAA8C;IAC9C,MAAM,cAAc,GAAG,IAAA,sBAAU,EAAC,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACnE,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU,CAAC;IACtC,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,KAAK,CAAC,MAAiC,CAAC;QACvD,IAAI,MAAM,EAAE,UAAU,EAAE,CAAC;YACvB,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,IAAI,MAAM,GAAG,CAAC,CAAC;IAEf,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,EAAE,CAAC;YACT,SAAS;QACX,CAAC;QAED,+BAA+B;QAC/B,IAAI,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;YACjC,OAAO,EAAE,CAAC;YACV,SAAS;QACX,CAAC;QAED,MAAM,OAAO,GAAG,iBAAiB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACvD,IAAA,sBAAU,EAAC,OAAO,CAAC,CAAC;QACpB,QAAQ,EAAE,CAAC;IACb,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;AAC5D,CAAC;AAkBD;;;GAGG;AACH,SAAgB,WAAW,CAAC,KAAc;IACxC,MAAM,MAAM,GAAG,IAAA,sBAAU,EAAC,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;IAElE,MAAM,KAAK,GAAa;QACtB,WAAW,EAAE,MAAM,CAAC,MAAM;QAC1B,SAAS,EAAE,CAAC;QACZ,UAAU,EAAE,CAAC;QACb,OAAO,EAAE,CAAC;QACV,aAAa,EAAE,CAAC;QAChB,aAAa,EAAE,CAAC;QAChB,gBAAgB,EAAE,CAAC;QACnB,YAAY,EAAE,CAAC;QACf,YAAY,EAAE,CAAC;KAChB,CAAC;IAEF,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,KAAK,CAAC,MAAiC,CAAC;QACvD,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,WAAW,IAAI,EAAE,CAAC,CAAC;QAEtD,IAAI,WAAW,KAAK,SAAS;YAAE,KAAK,CAAC,SAAS,EAAE,CAAC;QACjD,IAAI,WAAW,KAAK,WAAW;YAAE,KAAK,CAAC,UAAU,EAAE,CAAC;QACpD,IAAI,WAAW,KAAK,QAAQ;YAAE,KAAK,CAAC,OAAO,EAAE,CAAC;QAE9C,IAAI,KAAK,CAAC,QAAQ,KAAK,aAAa;YAAE,KAAK,CAAC,aAAa,EAAE,CAAC;QAC5D,IAAI,KAAK,CAAC,QAAQ,KAAK,aAAa;YAAE,KAAK,CAAC,aAAa,EAAE,CAAC;QAC5D,IAAI,KAAK,CAAC,QAAQ,KAAK,gBAAgB;YAAE,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAClE,IAAI,KAAK,CAAC,QAAQ,KAAK,YAAY;YAAE,KAAK,CAAC,YAAY,EAAE,CAAC;QAE1D,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS;YAAE,KAAK,CAAC,YAAY,EAAE,CAAC;IACxD,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/shield/baselines.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Shield adaptive baselines: learn / suggest / protect enforcement flow.
+ *
+ * Baselines track observed agent behavior over time.  The stability
+ * algorithm determines when behavior has settled enough to recommend
+ * a policy.  The developer must explicitly approve before Shield
+ * starts enforcing.
+ *
+ * Storage: ~/.opena2a/shield/baselines/{agent}.json  (mode 0o600)
+ */
+import type { AgentBaseline } from './types.js';
+/**
+ * Get or create a baseline for an agent.
+ *
+ * Checks the in-memory cache first, then disk, and finally creates
+ * a new baseline if none exists.
+ */
+export declare function getBaseline(agent: string): AgentBaseline;
+/** List all persisted baselines (loads from disk). */
+export declare function listBaselines(): AgentBaseline[];
+/**
+ * Record an observed action from an agent into their baseline.
+ *
+ * This is the primary entry point for the adaptive enforcement loop.
+ * It handles session tracking, new-behavior detection, and stability
+ * recomputation.
+ */
+export declare function recordAction(agent: string, category: string, target: string): void;
+/**
+ * Compute a stability score between 0.0 and 1.0.
+ *
+ * Stability measures the fraction of recent sessions that had no new
+ * behavior (no previously unseen processes, credentials, etc.).
+ *
+ * Returns 0 until minimum action and session thresholds are met.
+ */
+export declare function computeStability(baseline: AgentBaseline): number;
+/**
+ * Check whether a baseline should transition phases.
+ *
+ * - learn -> suggest: stability >= STABILITY_THRESHOLD
+ * - suggest -> protect: manual approval only (approvePolicy)
+ */
+export declare function checkPhaseTransition(baseline: AgentBaseline): {
+    shouldTransition: boolean;
+    nextPhase: string;
+    reason: string;
+};
+/**
+ * Approve the recommended policy for an agent, transitioning
+ * from suggest to protect phase.
+ */
+export declare function approvePolicy(agent: string): AgentBaseline;
+/** Save a baseline to disk at ~/.opena2a/shield/baselines/{agent}.json. */
+export declare function saveBaseline(baseline: AgentBaseline): void;
+/** Load a baseline from disk. Returns null if not found or corrupted. */
+export declare function loadBaseline(agent: string): AgentBaseline | null;
+//# sourceMappingURL=baselines.d.ts.map

package/dist/shield/baselines.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"baselines.d.ts","sourceRoot":"","sources":["../../src/shield/baselines.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAaH,OAAO,KAAK,EAAE,aAAa,EAAe,MAAM,YAAY,CAAC;AAmF7D;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,CAaxD;AAED,sDAAsD;AACtD,wBAAgB,aAAa,IAAI,aAAa,EAAE,CAmB/C;AA6BD;;;;;;GAMG;AACH,wBAAgB,YAAY,CAC1B,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,GACb,IAAI,CAkEN;AAMD;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,aAAa,GAAG,MAAM,CAuBhE;AAMD;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,aAAa,GAAG;IAC7D,gBAAgB,EAAE,OAAO,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB,CA8CA;AAMD;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,CAsB1D;AAuCD,2EAA2E;AAC3E,wBAAgB,YAAY,CAAC,QAAQ,EAAE,aAAa,GAAG,IAAI,CAW1D;AAED,yEAAyE;AACzE,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CAkBhE"}