npm - oversky - Versions diffs - 0.1.0 - Mend

oversky 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

package/dist/executor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"executor.js","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAClF,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAkB9C,iDAAiD;AACjD,IAAI,WAAW,GAAG,CAAC,CAAC;AAEpB,oFAAoF;AACpF,SAAS,WAAW,CAAI,OAAmB,EAAE,EAAU,EAAE,OAAe;IACtE,OAAO,IAAI,OAAO,CAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACxC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC/D,OAAO,CAAC,IAAI,CACV,CAAC,GAAG,EAAE,EAAE,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAC/C,CAAC,GAAG,EAAE,EAAE,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAC/C,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAAoB,EACpB,MAAoB,EACpB,GAAW;IAEX,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IAE9D,oBAAoB;IACpB,IAAI,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC;QACpD,OAAO;YACL,SAAS;YACT,SAAS;YACT,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,4CAA4C,MAAM,CAAC,MAAM,CAAC,kBAAkB,GAAG;YACtF,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC7B,CAAC;IACJ,CAAC;IAED,mBAAmB;IACnB,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7E,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,oBAAoB,CAAC,QAAQ,CAAC,CAAC;QAC/B,OAAO;YACL,SAAS;YACT,SAAS;YACT,MAAM,EAAE,IAAI;YACZ,KAAK,EAAE,2BAA2B;YAClC,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK;SAC7B,CAAC;IACJ,CAAC;IAED,WAAW,EAAE,CAAC;IACd,iBAAiB,CAAC,QAAQ,EAAE,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;IAE/D,IAAI,CAAC;QACH,oEAAoE;QACpE,wEAAwE;QACxE,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC5G,MAAM,SAAS,GAAG,MAAM,WAAW,CACjC,QAAQ,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,OAAO,CAAC,EAC3D,OAAO,EACP,GAAG,QAAQ,oBAAoB,OAAO,IAAI,CAC3C,CAAC;QACF,MAAM,MAAM,GAAG,eAAe,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QACpC,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;QAEzC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IACjE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QACpC,MAAM,QAAQ,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAClE,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAE1C,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;IAC3E,CAAC;YAAS,CAAC;QACT,WAAW,EAAE,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,QAAQ,CACrB,QAAgB,EAChB,SAAkC,EAClC,MAAoB,EACpB,GAAW,EACX,OAAgB;IAEhB,4DAA4D;IAC5D,sCAAsC;IACtC,QAAQ,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/B,KAAK,MAAM;YACT,OAAO,WAAW,CAChB;gBACE,OAAO,EAAE,SAAS,CAAC,OAAiB;gBACpC,GAAG,EAAE,SAAS,CAAC,GAAyB;gBACxC,OAAO,EAAE,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,WAAW;aAC9C,EACD,GAAG,EACH,MAAM,CAAC,MAAM,CAAC,WAAW,CAC1B,CAAC;QAEJ,KAAK,MAAM;YACT,OAAO,WAAW,CAChB;gBACE,SAAS,EAAE,SAAS,CAAC,SAAmB;gBACxC,MAAM,EAAE,SAAS,CAAC,MAA4B;gBAC9C,KAAK,EAAE,SAAS,CAAC,KAA2B;aAC7C,EACD,GAAG,EACH,MAAM,CAAC,MAAM,CAAC,eAAe,CAC9B,CAAC;QAEJ,KAAK,OAAO;YACV,OAAO,YAAY,CACjB;gBACE,SAAS,EAAE,SAAS,CAAC,SAAmB;gBACxC,OAAO,EAAE,SAAS,CAAC,OAAiB;aACrC,EACD,GAAG,CACJ,CAAC;QAEJ,KAAK,MAAM;YACT,OAAO,WAAW,CAChB;gBACE,SAAS,EAAE,SAAS,CAAC,SAAmB;gBACxC,UAAU,EAAE,SAAS,CAAC,UAAoB;gBAC1C,UAAU,EAAE,SAAS,CAAC,UAAoB;gBAC1C,WAAW,EAAE,SAAS,CAAC,WAAkC;aAC1D,EACD,GAAG,CACJ,CAAC;QAEJ,KAAK,MAAM;YACT,OAAO,WAAW,CAChB;gBACE,OAAO,EAAE,SAAS,CAAC,OAAiB;gBACpC,IAAI,EAAE,SAAS,CAAC,IAA0B;aAC3C,EACD,GAAG,CACJ,CAAC;QAEJ,KAAK,MAAM;YACT,OAAO,WAAW,CAChB;gBACE,OAAO,EAAE,SAAS,CAAC,OAAiB;gBACpC,IAAI,EAAE,SAAS,CAAC,IAA0B;gBAC1C,IAAI,EAAE,SAAS,CAAC,IAA0B;gBAC1C,WAAW,EAAE,SAAS,CAAC,WAAqE;gBAC5F,IAAI,EAAE,SAAS,CAAC,IAAI,CAAwB;gBAC5C,IAAI,EAAE,SAAS,CAAC,IAAI,CAAwB;gBAC5C,IAAI,EAAE,SAAS,CAAC,IAAI,CAAuB;gBAC3C,IAAI,EAAE,SAAS,CAAC,IAAI,CAAuB;gBAC3C,IAAI,EAAE,SAAS,CAAC,IAAI,CAAuB;gBAC3C,UAAU,EAAE,SAAS,CAAC,UAAgC;aACvD,EACD,GAAG,CACJ,CAAC;QAEJ;YACE,MAAM,IAAI,KAAK,CAAC,iBAAiB,QAAQ,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,QAAgB,EAAE,MAAe;IACxD,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,IAAI,MAAM,IAAI,IAAI,EAAE,CAAC;QACnB,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,CAAC,GAAG,MAAiC,CAAC;IAE5C,QAAQ,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,8CAA8C;YAC9C,IAAI,IAAI,GAAI,CAAC,CAAC,MAAiB,IAAI,EAAE,CAAC;YACtC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACf,IAAI,IAAI,uBAAuB,CAAC;YAClC,CAAC;YACD,IAAI,CAAC,CAAC,QAAQ,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,IAAI,IAAI,EAAE,CAAC;gBAC3C,IAAI,IAAI,iBAAiB,CAAC,CAAC,QAAQ,GAAG,CAAC;YACzC,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,KAAK,MAAM;YACT,kDAAkD;YAClD,OAAQ,CAAC,CAAC,OAAkB,IAAI,EAAE,CAAC;QAErC,KAAK,OAAO;YACV,6CAA6C;YAC7C,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,IAAI,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,KAAK,SAAS,CAAC;QAElF,KAAK,MAAM;YACT,qDAAqD;YACrD,OAAO,UAAU,CAAC,CAAC,SAAS,KAAK,CAAC,CAAC,YAAY,4BAA6B,CAAC,CAAC,SAA4C,EAAE,KAAK,IAAK,CAAC,CAAC,SAA4C,EAAE,GAAG,EAAE,CAAC;QAE9L,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,+BAA+B;YAC/B,MAAM,KAAK,GAAG,CAAC,CAAC,KAAiB,CAAC;YAClC,OAAO,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC;QAC7D,CAAC;QACD,KAAK,MAAM;YACT,2CAA2C;YAC3C,OAAQ,CAAC,CAAC,MAAiB,IAAI,kBAAkB,CAAC;QAEpD;YACE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC3C,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB,EAAE,SAAkC;IACxE,QAAQ,QAAQ,CAAC,WAAW,EAAE,EAAE,CAAC;QAC/B,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,MAAM,GAAG,GAAG,CAAC,SAAS,CAAC,OAAO,IAAI,EAAE,CAAW,CAAC;YAChD,OAAO,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;QAC1D,CAAC;QACD,KAAK,MAAM;YACT,OAAO,SAAS,CAAC,SAAmB,CAAC;QACvC,KAAK,OAAO;YACV,OAAO,SAAS,CAAC,SAAmB,CAAC;QACvC,KAAK,MAAM;YACT,OAAO,SAAS,CAAC,SAAmB,CAAC;QACvC,KAAK,MAAM;YACT,OAAO,SAAS,CAAC,OAAiB,CAAC;QACrC,KAAK,MAAM;YACT,OAAO,IAAI,SAAS,CAAC,OAAO,GAAG,CAAC;QAClC;YACE,OAAO,QAAQ,CAAC;IACpB,CAAC;AACH,CAAC"}

package/dist/heartbeat.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { Socket } from 'socket.io-client';
+/**
+ * Start sending periodic heartbeats to keep the daemon's Redis slot alive.
+ * Server-side TTL is 45s, so 15s interval gives 3 chances.
+ */
+export declare function startHeartbeat(socket: Socket, daemonId: string): void;
+/**
+ * Stop the heartbeat interval.
+ */
+export declare function stopHeartbeat(): void;

package/dist/heartbeat.js ADDED Viewed

@@ -0,0 +1,27 @@
+const HEARTBEAT_INTERVAL = 15_000; // 15 seconds
+let heartbeatTimer = null;
+/**
+ * Start sending periodic heartbeats to keep the daemon's Redis slot alive.
+ * Server-side TTL is 45s, so 15s interval gives 3 chances.
+ */
+export function startHeartbeat(socket, daemonId) {
+    stopHeartbeat();
+    const send = () => {
+        if (socket.connected) {
+            socket.emit('daemon:heartbeat', { daemonId });
+        }
+    };
+    // Send immediately, then every 15s
+    send();
+    heartbeatTimer = setInterval(send, HEARTBEAT_INTERVAL);
+}
+/**
+ * Stop the heartbeat interval.
+ */
+export function stopHeartbeat() {
+    if (heartbeatTimer) {
+        clearInterval(heartbeatTimer);
+        heartbeatTimer = null;
+    }
+}
+//# sourceMappingURL=heartbeat.js.map

package/dist/heartbeat.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"heartbeat.js","sourceRoot":"","sources":["../src/heartbeat.ts"],"names":[],"mappings":"AAEA,MAAM,kBAAkB,GAAG,MAAM,CAAC,CAAC,aAAa;AAEhD,IAAI,cAAc,GAA0C,IAAI,CAAC;AAEjE;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,MAAc,EAAE,QAAgB;IAC7D,aAAa,EAAE,CAAC;IAEhB,MAAM,IAAI,GAAG,GAAG,EAAE;QAChB,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC,CAAC;IAEF,mCAAmC;IACnC,IAAI,EAAE,CAAC;IACP,cAAc,GAAG,WAAW,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,IAAI,cAAc,EAAE,CAAC;QACnB,aAAa,CAAC,cAAc,CAAC,CAAC;QAC9B,cAAc,GAAG,IAAI,CAAC;IACxB,CAAC;AACH,CAAC"}

package/dist/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ #!/usr/bin/env node
2	+ export {};

package/dist/index.js ADDED Viewed

@@ -0,0 +1,172 @@
+#!/usr/bin/env node
+import { Command } from 'commander';
+import chalk from 'chalk';
+import { readFileSync } from 'node:fs';
+import { fileURLToPath } from 'node:url';
+import { dirname, join } from 'node:path';
+import { loadConfig, saveConfig } from './config.js';
+import { getToken, loginFlow, loginPrompt, loginWithCredentials, loginWithUrl, removeToken } from './auth.js';
+import { generateDaemonId } from './registry.js';
+import { connectDaemon } from './connection.js';
+import { setSkipPermissions } from './permissions.js';
+import { showHeader, showError } from './ui.js';
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const pkg = JSON.parse(readFileSync(join(__dirname, '..', 'package.json'), 'utf-8'));
+const program = new Command();
+program
+    .name('oversky')
+    .description('OverSky — run AI agents directly on your machine')
+    .version(pkg.version);
+program
+    .command('start')
+    .description('Start the daemon and connect to the OverSky server')
+    .option('-s, --server <url>', 'Server URL')
+    .option('-c, --cwd <path>', 'Working directory', process.cwd())
+    .option('--dangerously-skip-permissions', 'Skip all permission prompts')
+    .action(async (options) => {
+    const config = loadConfig();
+    const serverUrl = options.server || config.serverUrl;
+    const cwd = options.cwd;
+    if (options.dangerouslySkipPermissions) {
+        setSkipPermissions(true);
+        console.log(chalk.yellow('  WARNING: Permission prompts disabled'));
+    }
+    // Get or prompt for auth token
+    let token = getToken();
+    if (!token) {
+        console.log(chalk.yellow('  No authentication token found. Log in to continue.\n'));
+        try {
+            token = await loginWithUrl(serverUrl);
+        }
+        catch (err) {
+            console.log(chalk.dim(`  URL login failed: ${err instanceof Error ? err.message : err}`));
+            console.log(chalk.dim('  Falling back to email/password login.\n'));
+            try {
+                token = await loginWithCredentials(serverUrl);
+            }
+            catch (credErr) {
+                console.log(chalk.dim(`  Credential login failed: ${credErr instanceof Error ? credErr.message : credErr}`));
+                console.log(chalk.dim('  Falling back to manual token entry.'));
+                token = await loginPrompt();
+            }
+        }
+        if (!token) {
+            showError('No token provided. Run "oversky login" first.');
+            process.exit(1);
+        }
+    }
+    const daemonId = generateDaemonId(cwd);
+    showHeader(serverUrl, cwd, daemonId);
+    const { disconnect } = connectDaemon(serverUrl, token, cwd, config);
+    // Handle graceful shutdown
+    const shutdown = () => {
+        console.log(chalk.dim('\n  Shutting down...'));
+        disconnect();
+        process.exit(0);
+    };
+    process.on('SIGINT', shutdown);
+    process.on('SIGTERM', shutdown);
+});
+program
+    .command('login')
+    .description('Authenticate with the OverSky server')
+    .option('-s, --server <url>', 'Server URL')
+    .option('--password', 'Use email/password instead of browser login')
+    .option('--browser', 'Use browser OAuth callback flow')
+    .option('--token', 'Paste a token manually')
+    .action(async (options) => {
+    const config = loadConfig();
+    const serverUrl = options.server || config.serverUrl;
+    try {
+        let token;
+        if (options.token) {
+            token = await loginPrompt();
+        }
+        else if (options.browser) {
+            token = await loginFlow(serverUrl);
+        }
+        else if (options.password) {
+            token = await loginWithCredentials(serverUrl);
+        }
+        else {
+            // Default: device code flow — opens URL in browser
+            token = await loginWithUrl(serverUrl);
+        }
+        if (token) {
+            console.log(chalk.green('\n  Login successful! Token saved.'));
+        }
+        else {
+            showError('No token received.');
+            process.exit(1);
+        }
+    }
+    catch (err) {
+        showError(err instanceof Error ? err.message : String(err));
+        process.exit(1);
+    }
+});
+program
+    .command('logout')
+    .description('Remove saved authentication token')
+    .action(() => {
+    removeToken();
+    console.log(chalk.green('  Logged out. Token removed.'));
+});
+program
+    .command('status')
+    .description('Show daemon configuration and connection status')
+    .option('-c, --cwd <path>', 'Working directory', process.cwd())
+    .action((options) => {
+    const config = loadConfig();
+    const token = getToken();
+    const daemonId = generateDaemonId(options.cwd);
+    console.log('');
+    console.log(chalk.bold('  Daemon Status'));
+    console.log(chalk.dim(`  Server:      ${config.serverUrl}`));
+    console.log(chalk.dim(`  CWD:         ${options.cwd}`));
+    console.log(chalk.dim(`  Daemon ID:   ${daemonId}`));
+    console.log(`  Auth:        ${token ? chalk.green('Token saved') : chalk.yellow('Not authenticated')}`);
+    console.log('');
+    console.log(chalk.bold('  Permissions'));
+    console.log(chalk.dim(`  Auto-approve reads:  ${config.permissions.autoApproveReads}`));
+    console.log(chalk.dim(`  Auto-approve writes: ${config.permissions.autoApproveWrites}`));
+    console.log(chalk.dim(`  Auto-approve bash:   ${config.permissions.autoApproveBash}`));
+    console.log(chalk.dim(`  Blocked paths:       ${config.permissions.blockedPaths.join(', ')}`));
+    console.log('');
+    console.log(chalk.bold('  Limits'));
+    console.log(chalk.dim(`  Max file read:       ${config.limits.maxFileReadSize} bytes`));
+    console.log(chalk.dim(`  Bash timeout:        ${config.limits.bashTimeout}ms`));
+    console.log(chalk.dim(`  Max concurrent:      ${config.limits.maxConcurrentTools}`));
+    console.log('');
+});
+program
+    .command('config')
+    .description('Update daemon configuration')
+    .option('-s, --server <url>', 'Set server URL')
+    .option('--auto-approve-reads <bool>', 'Auto-approve read operations')
+    .option('--auto-approve-writes <bool>', 'Auto-approve write operations')
+    .option('--auto-approve-bash <bool>', 'Auto-approve bash commands')
+    .action((options) => {
+    const config = loadConfig();
+    if (options.server) {
+        config.serverUrl = options.server;
+    }
+    if (options.autoApproveReads !== undefined) {
+        config.permissions.autoApproveReads = options.autoApproveReads === 'true';
+    }
+    if (options.autoApproveWrites !== undefined) {
+        config.permissions.autoApproveWrites = options.autoApproveWrites === 'true';
+    }
+    if (options.autoApproveBash !== undefined) {
+        config.permissions.autoApproveBash = options.autoApproveBash === 'true';
+    }
+    saveConfig(config);
+    console.log(chalk.green('  Configuration saved.'));
+});
+// Default to 'start' if no command is given
+program.action(async () => {
+    // Run start command with defaults
+    await program.commands.find((c) => c.name() === 'start')?.parseAsync(['', '', 'start']);
+});
+program.parse();
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,oBAAoB,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAC9G,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAEhD,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,cAAc,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;AAErF,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,SAAS,CAAC;KACf,WAAW,CAAC,kDAAkD,CAAC;KAC/D,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AAExB,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,oDAAoD,CAAC;KACjE,MAAM,CAAC,oBAAoB,EAAE,YAAY,CAAC;KAC1C,MAAM,CAAC,kBAAkB,EAAE,mBAAmB,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;KAC9D,MAAM,CAAC,gCAAgC,EAAE,6BAA6B,CAAC;KACvE,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,CAAC;IACrD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;IAExB,IAAI,OAAO,CAAC,0BAA0B,EAAE,CAAC;QACvC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,wCAAwC,CAAC,CAAC,CAAC;IACtE,CAAC;IAED,+BAA+B;IAC/B,IAAI,KAAK,GAAG,QAAQ,EAAE,CAAC;IACvB,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,wDAAwD,CAAC,CAAC,CAAC;QACpF,IAAI,CAAC;YACH,KAAK,GAAG,MAAM,YAAY,CAAC,SAAS,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,uBAAuB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YAC1F,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC,CAAC;YACpE,IAAI,CAAC;gBACH,KAAK,GAAG,MAAM,oBAAoB,CAAC,SAAS,CAAC,CAAC;YAChD,CAAC;YAAC,OAAO,OAAO,EAAE,CAAC;gBACjB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,8BAA8B,OAAO,YAAY,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;gBAC7G,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC,CAAC;gBAChE,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;QACD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,SAAS,CAAC,+CAA+C,CAAC,CAAC;YAC3D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACvC,UAAU,CAAC,SAAS,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAErC,MAAM,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,CAAC,CAAC;IAEpE,2BAA2B;IAC3B,MAAM,QAAQ,GAAG,GAAG,EAAE;QACpB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC,CAAC;QAC/C,UAAU,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC/B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AAClC,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,OAAO,CAAC;KAChB,WAAW,CAAC,sCAAsC,CAAC;KACnD,MAAM,CAAC,oBAAoB,EAAE,YAAY,CAAC;KAC1C,MAAM,CAAC,YAAY,EAAE,6CAA6C,CAAC;KACnE,MAAM,CAAC,WAAW,EAAE,iCAAiC,CAAC;KACtD,MAAM,CAAC,SAAS,EAAE,wBAAwB,CAAC;KAC3C,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,IAAI,MAAM,CAAC,SAAS,CAAC;IAErD,IAAI,CAAC;QACH,IAAI,KAAa,CAAC;QAClB,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;QAC9B,CAAC;aAAM,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAC3B,KAAK,GAAG,MAAM,SAAS,CAAC,SAAS,CAAC,CAAC;QACrC,CAAC;aAAM,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YAC5B,KAAK,GAAG,MAAM,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,mDAAmD;YACnD,KAAK,GAAG,MAAM,YAAY,CAAC,SAAS,CAAC,CAAC;QACxC,CAAC;QAED,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC,CAAC;QACjE,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,oBAAoB,CAAC,CAAC;YAChC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,SAAS,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,GAAG,EAAE;IACX,WAAW,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC,CAAC;AAC3D,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,iDAAiD,CAAC;KAC9D,MAAM,CAAC,kBAAkB,EAAE,mBAAmB,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;KAC9D,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE;IAClB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC;IACzB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE/C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,kBAAkB,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;IAC7D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,kBAAkB,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,kBAAkB,QAAQ,EAAE,CAAC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CACT,kBAAkB,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,mBAAmB,CAAC,EAAE,CAC3F,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;IACzC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,0BAA0B,MAAM,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,0BAA0B,MAAM,CAAC,WAAW,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC;IACzF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,0BAA0B,MAAM,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC;IACvF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,0BAA0B,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/F,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IACpC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,0BAA0B,MAAM,CAAC,MAAM,CAAC,eAAe,QAAQ,CAAC,CAAC,CAAC;IACxF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,0BAA0B,MAAM,CAAC,MAAM,CAAC,WAAW,IAAI,CAAC,CAAC,CAAC;IAChF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,0BAA0B,MAAM,CAAC,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC;IACrF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEL,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,6BAA6B,CAAC;KAC1C,MAAM,CAAC,oBAAoB,EAAE,gBAAgB,CAAC;KAC9C,MAAM,CAAC,6BAA6B,EAAE,8BAA8B,CAAC;KACrE,MAAM,CAAC,8BAA8B,EAAE,+BAA+B,CAAC;KACvE,MAAM,CAAC,4BAA4B,EAAE,4BAA4B,CAAC;KAClE,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE;IAClB,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAE5B,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,MAAM,CAAC,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC;IACpC,CAAC;IACD,IAAI,OAAO,CAAC,gBAAgB,KAAK,SAAS,EAAE,CAAC;QAC3C,MAAM,CAAC,WAAW,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,KAAK,MAAM,CAAC;IAC5E,CAAC;IACD,IAAI,OAAO,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,CAAC,WAAW,CAAC,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,KAAK,MAAM,CAAC;IAC9E,CAAC;IACD,IAAI,OAAO,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;QAC1C,MAAM,CAAC,WAAW,CAAC,eAAe,GAAG,OAAO,CAAC,eAAe,KAAK,MAAM,CAAC;IAC1E,CAAC;IAED,UAAU,CAAC,MAAM,CAAC,CAAC;IACnB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;AACrD,CAAC,CAAC,CAAC;AAEL,4CAA4C;AAC5C,OAAO,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE;IACxB,kCAAkC;IAClC,MAAM,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,OAAO,CAAC,EAAE,UAAU,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC,CAAC;AAC1F,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/permissions.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { type DaemonConfig } from './config.js';
+export type PermissionDecision = 'allow' | 'deny';
+interface ToolRequest {
+    toolName: string;
+    toolInput: Record<string, unknown>;
+}
+export declare function setSkipPermissions(skip: boolean): void;
+/**
+ * Check if a tool request should be allowed or denied.
+ *
+ * Permission approval now happens in the browser UI via PermissionDialog.
+ * By the time a tool request reaches the daemon, the server has already
+ * obtained user consent. The daemon only enforces security guardrails
+ * (sensitive files, dangerous bash patterns, path traversal).
+ */
+export declare function checkPermission(request: ToolRequest, config: DaemonConfig, cwd: string): Promise<PermissionDecision>;
+export {};

package/dist/permissions.js ADDED Viewed

@@ -0,0 +1,60 @@
+import path from 'node:path';
+import { isBashBlocked, isSensitivePath, validatePath } from './security.js';
+let skipPermissions = false;
+export function setSkipPermissions(skip) {
+    skipPermissions = skip;
+}
+/**
+ * Check if a tool request should be allowed or denied.
+ *
+ * Permission approval now happens in the browser UI via PermissionDialog.
+ * By the time a tool request reaches the daemon, the server has already
+ * obtained user consent. The daemon only enforces security guardrails
+ * (sensitive files, dangerous bash patterns, path traversal).
+ */
+export async function checkPermission(request, config, cwd) {
+    if (skipPermissions) {
+        return 'allow';
+    }
+    const toolName = request.toolName.toLowerCase();
+    const { toolInput } = request;
+    // Security: validate file paths stay within cwd
+    const filePath = (toolInput.file_path || toolInput.path || '');
+    if (filePath) {
+        try {
+            await validatePath(filePath, cwd);
+        }
+        catch {
+            return 'deny';
+        }
+        const relativePath = path.relative(cwd, path.resolve(cwd, filePath));
+        if (isSensitivePath(relativePath, config.permissions)) {
+            return 'deny';
+        }
+    }
+    // Security: block dangerous bash patterns and validate Bash cwd override
+    if (toolName === 'bash') {
+        const command = (toolInput.command || '');
+        const blockReason = isBashBlocked(command);
+        if (blockReason) {
+            return 'deny';
+        }
+        // Validate Bash cwd override stays within daemon working directory
+        const bashCwd = (toolInput.cwd || '');
+        if (bashCwd) {
+            try {
+                await validatePath(bashCwd, cwd);
+            }
+            catch {
+                return 'deny';
+            }
+            const relativeBashCwd = path.relative(cwd, path.resolve(cwd, bashCwd));
+            if (isSensitivePath(relativeBashCwd, config.permissions)) {
+                return 'deny';
+            }
+        }
+    }
+    // All other checks pass — server already obtained user consent via browser
+    return 'allow';
+}
+//# sourceMappingURL=permissions.js.map

package/dist/permissions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permissions.js","sourceRoot":"","sources":["../src/permissions.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAS7E,IAAI,eAAe,GAAG,KAAK,CAAC;AAE5B,MAAM,UAAU,kBAAkB,CAAC,IAAa;IAC9C,eAAe,GAAG,IAAI,CAAC;AACzB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAoB,EACpB,MAAoB,EACpB,GAAW;IAEX,IAAI,eAAe,EAAE,CAAC;QACpB,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IAChD,MAAM,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IAE9B,gDAAgD;IAChD,MAAM,QAAQ,GAAG,CAAC,SAAS,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,IAAI,EAAE,CAAW,CAAC;IACzE,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC;QACrE,IAAI,eAAe,CAAC,YAAY,EAAE,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;YACtD,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,MAAM,OAAO,GAAG,CAAC,SAAS,CAAC,OAAO,IAAI,EAAE,CAAW,CAAC;QACpD,MAAM,WAAW,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QAC3C,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,mEAAmE;QACnE,MAAM,OAAO,GAAG,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,CAAW,CAAC;QAChD,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,MAAM,YAAY,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACnC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,MAAM,eAAe,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;YACvE,IAAI,eAAe,CAAC,eAAe,EAAE,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzD,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/registry.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Generate a stable daemon ID based on hostname, username, and cwd.
+ * Same project on the same machine always produces the same ID,
+ * so reconnections map to the same slot.
+ */
+export declare function generateDaemonId(cwd: string): string;
+/**
+ * Get a human-readable device name.
+ */
+export declare function getDeviceName(): string;

package/dist/registry.js ADDED Viewed

@@ -0,0 +1,23 @@
+import crypto from 'node:crypto';
+import os from 'node:os';
+/**
+ * Generate a stable daemon ID based on hostname, username, and cwd.
+ * Same project on the same machine always produces the same ID,
+ * so reconnections map to the same slot.
+ */
+export function generateDaemonId(cwd) {
+    const hostname = os.hostname();
+    const username = os.userInfo().username;
+    const input = `${hostname}:${username}:${cwd}`;
+    const hash = crypto.createHash('sha256').update(input).digest('hex').slice(0, 12);
+    return `daemon_${hash}`;
+}
+/**
+ * Get a human-readable device name.
+ */
+export function getDeviceName() {
+    const hostname = os.hostname().replace(/\.local$/, '');
+    const username = os.userInfo().username;
+    return `${username}@${hostname}`;
+}
+//# sourceMappingURL=registry.js.map

package/dist/registry.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"registry.js","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC;IACxC,MAAM,KAAK,GAAG,GAAG,QAAQ,IAAI,QAAQ,IAAI,GAAG,EAAE,CAAC;IAC/C,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAClF,OAAO,UAAU,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IACvD,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC;IACxC,OAAO,GAAG,QAAQ,IAAI,QAAQ,EAAE,CAAC;AACnC,CAAC"}

package/dist/security.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import { type PermissionsConfig } from './config.js';
+/**
+ * Validate that a resolved file path stays within the daemon's working directory.
+ * Uses realpath to resolve symlinks, preventing symlink escape.
+ */
+export declare function validatePath(filePath: string, cwd: string): Promise<string>;
+/**
+ * Check if a file path matches any sensitive file patterns.
+ */
+export declare function isSensitivePath(filePath: string, config: PermissionsConfig): boolean;
+/**
+ * Check if a bash command is blocked.
+ */
+export declare function isBashBlocked(command: string): string | null;
+/**
+ * Check if a bash command is considered safe.
+ */
+export declare function isBashSafe(command: string): boolean;

package/dist/security.js ADDED Viewed

@@ -0,0 +1,181 @@
+import fs from 'node:fs';
+import path from 'node:path';
+/**
+ * Sensitive file patterns that should never be read or written.
+ */
+const SENSITIVE_PATTERNS = [
+    /^\.env$/,
+    /^\.env\..+$/,
+    /\.pem$/,
+    /\.key$/,
+    /^\.ssh\//,
+    /^credentials\./,
+    /^\.git\/config$/,
+    /^\.npmrc$/,
+    /^\.docker\/config\.json$/,
+    /id_rsa/,
+    /id_ed25519/,
+];
+/**
+ * Bash commands/patterns that are always blocked.
+ */
+const BASH_BLOCKLIST = [
+    /:\(\)\{\s*:\|:&\s*\};:/, // Fork bomb
+    /dd\s+if=\/dev\/zero/, // Disk wipe
+    />\s*\/dev\/sd[a-z]/, // Direct device write
+    /mkfs\./, // Format filesystem
+    /rm\s+-rf\s+\//, // Delete root
+    /nc\s+-[el]/, // Reverse shell (netcat listen)
+    /bash\s+-i\s+>&\s*\/dev\/tcp/, // Bash reverse shell
+    /python.*socket.*connect/, // Python reverse shell
+    /curl.*\|\s*bash/, // Pipe curl to bash
+    /wget.*\|\s*bash/, // Pipe wget to bash
+    /eval\s*\$\(curl/, // Eval remote code
+    /chmod\s+[+]?[ugo]*s/, // Setuid/setgid
+    /chattr\s+\+i/, // Immutable attribute
+    /shutdown|reboot|halt|poweroff/, // System control
+    /iptables|ufw/, // Firewall modification
+];
+/**
+ * Bash commands considered safe (auto-approved when configured).
+ */
+const SAFE_BASH_COMMANDS = [
+    /^ls(\s|$)/,
+    /^cat\s/,
+    /^head\s/,
+    /^tail\s/,
+    /^wc\s/,
+    /^file\s/,
+    /^stat\s/,
+    /^which\s/,
+    /^type\s/,
+    /^echo\s/,
+    /^printf\s/,
+    /^date(\s|$)/,
+    /^whoami(\s|$)/,
+    /^pwd(\s|$)/,
+    /^env(\s|$)/,
+    /^printenv(\s|$)/,
+    /^git\s+(status|log|diff|branch|show|rev-parse|remote|tag)/,
+    /^node\s+(-v|--version)$/,
+    /^npm\s+(ls|list|view|info|outdated|pack\s)/,
+    /^rg\s/,
+    /^grep\s/,
+    /^find\s/,
+    /^tree(\s|$)/,
+    /^du\s/,
+    /^df(\s|$)/,
+    /^uname(\s|$)/,
+];
+/**
+ * Check if `child` is contained within `parent` directory.
+ * Uses trailing separator to prevent prefix collisions
+ * (e.g., /home/user/projects-evil would NOT match /home/user/projects).
+ */
+function isContainedIn(child, parent) {
+    return child === parent || child.startsWith(parent + path.sep);
+}
+/**
+ * Walk up the directory tree from `target` until we find an existing ancestor.
+ * Returns the realpath of that ancestor so we can verify containment.
+ */
+function findExistingAncestor(target) {
+    let current = target;
+    // eslint-disable-next-line no-constant-condition
+    while (true) {
+        if (fs.existsSync(current)) {
+            return fs.realpathSync(current);
+        }
+        const parent = path.dirname(current);
+        if (parent === current) {
+            // Reached filesystem root — return it
+            return parent;
+        }
+        current = parent;
+    }
+}
+/**
+ * Validate that a resolved file path stays within the daemon's working directory.
+ * Uses realpath to resolve symlinks, preventing symlink escape.
+ */
+export async function validatePath(filePath, cwd) {
+    const resolved = path.resolve(cwd, filePath);
+    // Resolve symlinks in cwd
+    let realCwd;
+    try {
+        realCwd = fs.realpathSync(cwd);
+    }
+    catch {
+        realCwd = cwd;
+    }
+    // If the file exists, check its real path directly
+    if (fs.existsSync(resolved)) {
+        const realResolved = fs.realpathSync(resolved);
+        if (!isContainedIn(realResolved, realCwd)) {
+            throw new Error(`Path escapes working directory: ${filePath}`);
+        }
+        return realResolved;
+    }
+    // File doesn't exist — walk up to find the nearest existing ancestor
+    // and verify containment. This prevents writes to arbitrary locations
+    // when both the file and its immediate parent don't exist.
+    const realAncestor = findExistingAncestor(path.dirname(resolved));
+    if (!isContainedIn(realAncestor, realCwd)) {
+        throw new Error(`Path escapes working directory: ${filePath}`);
+    }
+    return resolved;
+}
+/**
+ * Check if a file path matches any sensitive file patterns.
+ */
+export function isSensitivePath(filePath, config) {
+    const basename = path.basename(filePath);
+    const relativeFromCwd = filePath;
+    // Check built-in patterns against both basename and relative path
+    for (const pattern of SENSITIVE_PATTERNS) {
+        if (pattern.test(basename) || pattern.test(relativeFromCwd)) {
+            return true;
+        }
+    }
+    // Check config blocked paths
+    for (const blocked of config.blockedPaths) {
+        if (matchGlobSimple(blocked, basename) || matchGlobSimple(blocked, relativeFromCwd)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Check if a bash command is blocked.
+ */
+export function isBashBlocked(command) {
+    const trimmed = command.trim();
+    for (const pattern of BASH_BLOCKLIST) {
+        if (pattern.test(trimmed)) {
+            return `Blocked dangerous command pattern: ${pattern.source}`;
+        }
+    }
+    return null;
+}
+/**
+ * Check if a bash command is considered safe.
+ */
+export function isBashSafe(command) {
+    const trimmed = command.trim();
+    return SAFE_BASH_COMMANDS.some((pattern) => pattern.test(trimmed));
+}
+/**
+ * Simple glob matching for config patterns.
+ * Supports: * (any chars), ** (any path), ? (single char)
+ */
+function matchGlobSimple(pattern, filepath) {
+    const regexStr = pattern
+        .replace(/[.+^${}()|[\]\\]/g, '\\$&')
+        .replace(/\*\*/g, '{{DOUBLESTAR}}')
+        .replace(/\*/g, '[^/]*')
+        .replace(/\?/g, '[^/]')
+        .replace(/\{\{DOUBLESTAR\}\}/g, '.*');
+    const regex = new RegExp(`^${regexStr}$`);
+    return regex.test(filepath);
+}
+//# sourceMappingURL=security.js.map

package/dist/security.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"security.js","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAG7B;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,SAAS;IACT,aAAa;IACb,QAAQ;IACR,QAAQ;IACR,UAAU;IACV,gBAAgB;IAChB,iBAAiB;IACjB,WAAW;IACX,0BAA0B;IAC1B,QAAQ;IACR,YAAY;CACb,CAAC;AAEF;;GAEG;AACH,MAAM,cAAc,GAAG;IACrB,wBAAwB,EAAY,YAAY;IAChD,qBAAqB,EAAgB,YAAY;IACjD,oBAAoB,EAAiB,sBAAsB;IAC3D,QAAQ,EAA6B,oBAAoB;IACzD,eAAe,EAAsB,cAAc;IACnD,YAAY,EAAyB,gCAAgC;IACrE,6BAA6B,EAAQ,qBAAqB;IAC1D,yBAAyB,EAAY,uBAAuB;IAC5D,iBAAiB,EAAoB,oBAAoB;IACzD,iBAAiB,EAAoB,oBAAoB;IACzD,iBAAiB,EAAoB,mBAAmB;IACxD,qBAAqB,EAAe,gBAAgB;IACpD,cAAc,EAAsB,sBAAsB;IAC1D,+BAA+B,EAAM,iBAAiB;IACtD,cAAc,EAAsB,wBAAwB;CAC7D,CAAC;AAEF;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,WAAW;IACX,QAAQ;IACR,SAAS;IACT,SAAS;IACT,OAAO;IACP,SAAS;IACT,SAAS;IACT,UAAU;IACV,SAAS;IACT,SAAS;IACT,WAAW;IACX,aAAa;IACb,eAAe;IACf,YAAY;IACZ,YAAY;IACZ,iBAAiB;IACjB,2DAA2D;IAC3D,yBAAyB;IACzB,4CAA4C;IAC5C,OAAO;IACP,SAAS;IACT,SAAS;IACT,aAAa;IACb,OAAO;IACP,WAAW;IACX,cAAc;CACf,CAAC;AAEF;;;;GAIG;AACH,SAAS,aAAa,CAAC,KAAa,EAAE,MAAc;IAClD,OAAO,KAAK,KAAK,MAAM,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;AACjE,CAAC;AAED;;;GAGG;AACH,SAAS,oBAAoB,CAAC,MAAc;IAC1C,IAAI,OAAO,GAAG,MAAM,CAAC;IACrB,iDAAiD;IACjD,OAAO,IAAI,EAAE,CAAC;QACZ,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3B,OAAO,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;YACvB,sCAAsC;YACtC,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,OAAO,GAAG,MAAM,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAAgB,EAAE,GAAW;IAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAE7C,0BAA0B;IAC1B,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,GAAG,CAAC;IAChB,CAAC;IAED,mDAAmD;IACnD,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,OAAO,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,mCAAmC,QAAQ,EAAE,CAAC,CAAC;QACjE,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,qEAAqE;IACrE,sEAAsE;IACtE,2DAA2D;IAC3D,MAAM,YAAY,GAAG,oBAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC;IAClE,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,OAAO,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,mCAAmC,QAAQ,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB,EAAE,MAAyB;IACzE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACzC,MAAM,eAAe,GAAG,QAAQ,CAAC;IAEjC,kEAAkE;IAClE,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC5D,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,6BAA6B;IAC7B,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QAC1C,IAAI,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,IAAI,eAAe,CAAC,OAAO,EAAE,eAAe,CAAC,EAAE,CAAC;YACpF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,OAAe;IAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO,sCAAsC,OAAO,CAAC,MAAM,EAAE,CAAC;QAChE,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,OAAe;IACxC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;AACrE,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,OAAe,EAAE,QAAgB;IACxD,MAAM,QAAQ,GAAG,OAAO;SACrB,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC;SACpC,OAAO,CAAC,OAAO,EAAE,gBAAgB,CAAC;SAClC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC;SACvB,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC;SACtB,OAAO,CAAC,qBAAqB,EAAE,IAAI,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,QAAQ,GAAG,CAAC,CAAC;IAC1C,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC9B,CAAC"}

package/dist/tools/bash.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+export interface BashInput {
+    command: string;
+    cwd?: string;
+    timeout?: number;
+}
+export interface BashOutput {
+    output: string;
+    exitCode: number | null;
+    timedOut?: boolean;
+}
+/**
+ * Execute a bash command using the user's shell.
+ * Inherits PATH, HOME, and other environment variables.
+ */
+export declare function executeBash(input: BashInput, daemonCwd: string, defaultTimeout: number): Promise<BashOutput>;

package/dist/tools/bash.js ADDED Viewed

@@ -0,0 +1,58 @@
+import { spawn } from 'node:child_process';
+import { validatePath } from '../security.js';
+/**
+ * Execute a bash command using the user's shell.
+ * Inherits PATH, HOME, and other environment variables.
+ */
+export async function executeBash(input, daemonCwd, defaultTimeout) {
+    const shell = process.env.SHELL || '/bin/bash';
+    const timeout = input.timeout || defaultTimeout;
+    // Validate cwd if provided
+    let cwd = daemonCwd;
+    if (input.cwd) {
+        cwd = await validatePath(input.cwd, daemonCwd);
+    }
+    return new Promise((resolve) => {
+        const chunks = [];
+        let timedOut = false;
+        const child = spawn(shell, ['-c', input.command], {
+            cwd,
+            env: { ...process.env },
+            stdio: ['ignore', 'pipe', 'pipe'],
+        });
+        const timer = setTimeout(() => {
+            timedOut = true;
+            child.kill('SIGTERM');
+            // Force kill after 5s grace period
+            setTimeout(() => {
+                if (!child.killed) {
+                    child.kill('SIGKILL');
+                }
+            }, 5000);
+        }, timeout);
+        child.stdout.on('data', (data) => chunks.push(data));
+        child.stderr.on('data', (data) => chunks.push(data));
+        child.on('close', (code) => {
+            clearTimeout(timer);
+            const output = Buffer.concat(chunks).toString('utf-8');
+            // Cap output to 1MB
+            const maxOutput = 1024 * 1024;
+            const truncated = output.length > maxOutput
+                ? output.slice(0, maxOutput) + '\n[output truncated at 1MB]'
+                : output;
+            resolve({
+                output: truncated,
+                exitCode: code,
+                ...(timedOut && { timedOut: true }),
+            });
+        });
+        child.on('error', (err) => {
+            clearTimeout(timer);
+            resolve({
+                output: `Error: ${err.message}`,
+                exitCode: 1,
+            });
+        });
+    });
+}
+//# sourceMappingURL=bash.js.map