proofscan 0.10.1 → 0.10.3

package/dist/popl/artifacts.js

@@ -0,0 +1,205 @@
+/**
+ * POPL Artifacts Generator (Phase 6.0)
+ *
+ * Generates sanitized artifacts for POPL entries:
+ * - status.json: Safe summary of session/connector state
+ * - logs.sanitized.jsonl: Sanitized proxy logs
+ * - rpc.sanitized.jsonl: Sanitized RPC events
+ * - validation-run.log: Validation/generation log
+ */
+import { EventsStore } from '../db/events-store.js';
+import { getEventsDb } from '../db/connection.js';
+import { sanitizeRpcEvent, hashFileContent, SANITIZER_RULESET_VERSION, } from './sanitizer.js';
+/**
+ * Calculate latency percentiles from RPC calls
+ */
+function calculateLatencyPercentiles(rpcs) {
+    const latencies = [];
+    for (const rpc of rpcs) {
+        if (rpc.request_ts && rpc.response_ts) {
+            const reqTs = new Date(rpc.request_ts).getTime();
+            const resTs = new Date(rpc.response_ts).getTime();
+            const latency = resTs - reqTs;
+            if (latency >= 0) {
+                latencies.push(latency);
+            }
+        }
+    }
+    if (latencies.length === 0) {
+        return {};
+    }
+    // Sort for percentile calculation
+    latencies.sort((a, b) => a - b);
+    const p50Index = Math.floor(latencies.length * 0.5);
+    const p95Index = Math.floor(latencies.length * 0.95);
+    return {
+        p50: latencies[p50Index],
+        p95: latencies[Math.min(p95Index, latencies.length - 1)],
+    };
+}
+/**
+ * Generate status.json artifact
+ */
+export function generateStatusArtifact(session, rpcs, events) {
+    // Calculate duration
+    let durationMs = null;
+    if (session.ended_at) {
+        const startMs = new Date(session.started_at).getTime();
+        const endMs = new Date(session.ended_at).getTime();
+        durationMs = endMs - startMs;
+    }
+    // Calculate error count
+    const errorCount = rpcs.filter((r) => r.success === 0).length;
+    // Calculate latency percentiles
+    const { p50, p95 } = calculateLatencyPercentiles(rpcs);
+    // Get unique RPC methods
+    const rpcMethods = [...new Set(rpcs.map((r) => r.method))].sort();
+    const status = {
+        generated_at: new Date().toISOString(),
+        sanitizer_version: SANITIZER_RULESET_VERSION,
+        session: {
+            session_id: session.session_id,
+            connector_id: session.connector_id,
+            started_at: session.started_at,
+            ended_at: session.ended_at,
+            exit_reason: session.exit_reason,
+            rpc_count: rpcs.length,
+            event_count: events.length,
+            duration_ms: durationMs,
+            actor_kind: session.actor_kind,
+        },
+        summary: {
+            rpc_total: rpcs.length,
+            errors: errorCount,
+            latency_ms_p50: p50,
+            latency_ms_p95: p95,
+        },
+        rpc_methods: rpcMethods,
+    };
+    const content = JSON.stringify(status, null, 2);
+    const sha256 = hashFileContent(content);
+    return {
+        artifact: {
+            name: 'status.json',
+            path: 'status.json',
+            sha256,
+        },
+        content,
+    };
+}
+/**
+ * Generate rpc.sanitized.jsonl artifact
+ */
+export function generateRpcArtifact(sessionId, configDir) {
+    const db = getEventsDb(configDir);
+    // Get all events for this session
+    const events = db
+        .prepare(`
+    SELECT * FROM events
+    WHERE session_id = ?
+    ORDER BY ts ASC
+  `)
+        .all(sessionId);
+    // Sanitize each event and write as JSONL
+    const lines = [];
+    for (const event of events) {
+        const sanitized = sanitizeRpcEvent(event);
+        lines.push(JSON.stringify(sanitized));
+    }
+    const content = lines.join('\n') + (lines.length > 0 ? '\n' : '');
+    const sha256 = hashFileContent(content);
+    return {
+        artifact: {
+            name: 'rpc.sanitized.jsonl',
+            path: 'rpc.sanitized.jsonl',
+            sha256,
+        },
+        content,
+    };
+}
+/**
+ * Generate logs.sanitized.jsonl artifact (if proxy logs exist)
+ */
+export function generateLogsArtifact(logsPath, sessionStarted, sessionEnded) {
+    // For now, return null - proxy logs are separate from session data
+    // This will be implemented when we have access to proxy logs for the session window
+    return null;
+}
+/**
+ * Generate validation-run.log artifact
+ */
+export function generateValidationArtifact(sessionId, steps) {
+    const lines = [
+        `# POPL Entry Validation Log`,
+        `# Generated: ${new Date().toISOString()}`,
+        `# Session: ${sessionId}`,
+        `# Sanitizer Version: ${SANITIZER_RULESET_VERSION}`,
+        ``,
+        `## Steps`,
+        ...steps.map((step, i) => `${i + 1}. ${step}`),
+        ``,
+        `## Result`,
+        `Entry generated successfully.`,
+    ];
+    const content = lines.join('\n') + '\n';
+    const sha256 = hashFileContent(content);
+    return {
+        artifact: {
+            name: 'validation-run.log',
+            path: 'validation-run.log',
+            sha256,
+        },
+        content,
+    };
+}
+/**
+ * Generate all artifacts for a session POPL entry
+ */
+export async function generateSessionArtifacts(sessionId, configDir) {
+    const validationSteps = [];
+    // Get session data
+    validationSteps.push(`Loading session ${sessionId}`);
+    const eventsStore = new EventsStore(configDir);
+    const session = eventsStore.getSession(sessionId);
+    if (!session) {
+        throw new Error(`Session not found: ${sessionId}`);
+    }
+    validationSteps.push(`Found session for connector: ${session.connector_id}`);
+    // Get RPC calls
+    const rpcs = eventsStore.getRpcCallsBySession(sessionId);
+    validationSteps.push(`Found ${rpcs.length} RPC calls`);
+    // Get events
+    const db = getEventsDb(configDir);
+    const events = db
+        .prepare(`SELECT * FROM events WHERE session_id = ?`)
+        .all(sessionId);
+    validationSteps.push(`Found ${events.length} events`);
+    // Generate status.json
+    validationSteps.push('Generating status.json');
+    const statusResult = generateStatusArtifact(session, rpcs, events);
+    // Generate rpc.sanitized.jsonl
+    validationSteps.push('Generating rpc.sanitized.jsonl');
+    const rpcResult = generateRpcArtifact(sessionId, configDir);
+    // Generate validation log
+    validationSteps.push('Generating validation-run.log');
+    const validationResult = generateValidationArtifact(sessionId, validationSteps);
+    // Calculate summary for POPL.yml
+    const errorCount = rpcs.filter((r) => r.success === 0).length;
+    const { p50, p95 } = calculateLatencyPercentiles(rpcs);
+    const summary = {
+        rpc_total: rpcs.length,
+        errors: errorCount,
+        latency_ms_p50: p50,
+        latency_ms_p95: p95,
+    };
+    return {
+        artifacts: {
+            status: statusResult,
+            rpc: rpcResult,
+            validation: validationResult,
+        },
+        session: session,
+        summary,
+    };
+}
+//# sourceMappingURL=artifacts.js.map

package/dist/popl/artifacts.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"artifacts.js","sourceRoot":"","sources":["../../src/popl/artifacts.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElD,OAAO,EAEL,gBAAgB,EAEhB,eAAe,EACf,yBAAyB,GAC1B,MAAM,gBAAgB,CAAC;AAiDxB;;GAEG;AACH,SAAS,2BAA2B,CAClC,IAAe;IAEf,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;YACjD,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,OAAO,EAAE,CAAC;YAClD,MAAM,OAAO,GAAG,KAAK,GAAG,KAAK,CAAC;YAC9B,IAAI,OAAO,IAAI,CAAC,EAAE,CAAC;gBACjB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,kCAAkC;IAClC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAEhC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAErD,OAAO;QACL,GAAG,EAAE,SAAS,CAAC,QAAQ,CAAC;QACxB,GAAG,EAAE,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;KACzD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CACpC,OAAyB,EACzB,IAAe,EACf,MAAe;IAEf,qBAAqB;IACrB,IAAI,UAAU,GAAkB,IAAI,CAAC;IACrC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE,CAAC;QACvD,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC;QACnD,UAAU,GAAG,KAAK,GAAG,OAAO,CAAC;IAC/B,CAAC;IAED,wBAAwB;IACxB,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;IAE9D,gCAAgC;IAChC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC;IAEvD,yBAAyB;IACzB,MAAM,UAAU,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAElE,MAAM,MAAM,GAAe;QACzB,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACtC,iBAAiB,EAAE,yBAAyB;QAC5C,OAAO,EAAE;YACP,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,IAAI,CAAC,MAAM;YACtB,WAAW,EAAE,MAAM,CAAC,MAAM;YAC1B,WAAW,EAAE,UAAU;YACvB,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B;QACD,OAAO,EAAE;YACP,SAAS,EAAE,IAAI,CAAC,MAAM;YACtB,MAAM,EAAE,UAAU;YAClB,cAAc,EAAE,GAAG;YACnB,cAAc,EAAE,GAAG;SACpB;QACD,WAAW,EAAE,UAAU;KACxB,CAAC;IAEF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAExC,OAAO;QACL,QAAQ,EAAE;YACR,IAAI,EAAE,aAAa;YACnB,IAAI,EAAE,aAAa;YACnB,MAAM;SACP;QACD,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,SAAiB,EACjB,SAAiB;IAEjB,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAElC,kCAAkC;IAClC,MAAM,MAAM,GAAG,EAAE;SACd,OAAO,CACN;;;;GAIH,CACE;SACA,GAAG,CAAC,SAAS,CAAY,CAAC;IAE7B,yCAAyC;IACzC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAC1C,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;IACxC,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAClE,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAExC,OAAO;QACL,QAAQ,EAAE;YACR,IAAI,EAAE,qBAAqB;YAC3B,IAAI,EAAE,qBAAqB;YAC3B,MAAM;SACP;QACD,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,QAAuB,EACvB,cAAsB,EACtB,YAA2B;IAE3B,mEAAmE;IACnE,oFAAoF;IACpF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,0BAA0B,CACxC,SAAiB,EACjB,KAAe;IAEf,MAAM,KAAK,GAAa;QACtB,6BAA6B;QAC7B,gBAAgB,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE;QAC1C,cAAc,SAAS,EAAE;QACzB,wBAAwB,yBAAyB,EAAE;QACnD,EAAE;QACF,UAAU;QACV,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9C,EAAE;QACF,WAAW;QACX,+BAA+B;KAChC,CAAC;IAEF,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IACxC,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAExC,OAAO;QACL,QAAQ,EAAE;YACR,IAAI,EAAE,oBAAoB;YAC1B,IAAI,EAAE,oBAAoB;YAC1B,MAAM;SACP;QACD,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,SAAiB,EACjB,SAAiB;IAMjB,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,mBAAmB;IACnB,eAAe,CAAC,IAAI,CAAC,mBAAmB,SAAS,EAAE,CAAC,CAAC;IACrD,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,OAAO,GAAG,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAElD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,eAAe,CAAC,IAAI,CAAC,gCAAgC,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAE7E,gBAAgB;IAChB,MAAM,IAAI,GAAG,WAAW,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;IACzD,eAAe,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM,YAAY,CAAC,CAAC;IAEvD,aAAa;IACb,MAAM,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,EAAE;SACd,OAAO,CAAC,2CAA2C,CAAC;SACpD,GAAG,CAAC,SAAS,CAAY,CAAC;IAC7B,eAAe,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,MAAM,SAAS,CAAC,CAAC;IAEtD,uBAAuB;IACvB,eAAe,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAC/C,MAAM,YAAY,GAAG,sBAAsB,CACzC,OAA2B,EAC3B,IAAI,EACJ,MAAM,CACP,CAAC;IAEF,+BAA+B;IAC/B,eAAe,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IACvD,MAAM,SAAS,GAAG,mBAAmB,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAE5D,0BAA0B;IAC1B,eAAe,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IACtD,MAAM,gBAAgB,GAAG,0BAA0B,CAAC,SAAS,EAAE,eAAe,CAAC,CAAC;IAEhF,iCAAiC;IACjC,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;IAC9D,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC;IAEvD,MAAM,OAAO,GAAuB;QAClC,SAAS,EAAE,IAAI,CAAC,MAAM;QACtB,MAAM,EAAE,UAAU;QAClB,cAAc,EAAE,GAAG;QACnB,cAAc,EAAE,GAAG;KACpB,CAAC;IAEF,OAAO;QACL,SAAS,EAAE;YACT,MAAM,EAAE,YAAY;YACpB,GAAG,EAAE,SAAS;YACd,UAAU,EAAE,gBAAgB;SAC7B;QACD,OAAO,EAAE,OAA2B;QACpC,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/popl/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * POPL Module Exports (Phase 6.0)
+ *
+ * Public Observable Proof Ledger
+ */
+export { POPL_VERSION, TRUST_LABELS, type TrustLevel, type TargetKind, type RedactionPolicy, type PoplAuthor, type PoplTrust, type PoplTargetIds, type PoplTarget, type PoplCaptureSummary, type PoplMcpClient, type PoplMcpServer, type PoplMcp, type PoplCaptureWindow, type PoplCapture, type PoplArtifact, type PoplEvidencePolicy, type PoplEvidence, type PoplEntry, type PoplDocument, type CreatePoplOptions, type CreatePoplResult, type PoplConfig, } from './types.js';
+export { SANITIZER_RULESET_VERSION, sanitize, sanitizeRpcPayload, sanitizeLogLine, sanitizeRpcEvent, hashValue, hashFileContent, type SanitizeResult, } from './sanitizer.js';
+export { generateStatusArtifact, generateRpcArtifact, generateLogsArtifact, generateValidationArtifact, generateSessionArtifacts, type SessionStatus, type StatusJson, type ArtifactResult, type GeneratedArtifacts, } from './artifacts.js';
+export { hasPoplDir, getPoplDir, getPoplEntriesDir, initPoplDir, loadPoplConfig, createSessionPoplEntry, listPoplEntries, readPoplEntry, } from './service.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/popl/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/popl/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,UAAU,EACf,KAAK,SAAS,EACd,KAAK,aAAa,EAClB,KAAK,UAAU,EACf,KAAK,kBAAkB,EACvB,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,OAAO,EACZ,KAAK,iBAAiB,EACtB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,kBAAkB,EACvB,KAAK,YAAY,EACjB,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,UAAU,GAChB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,yBAAyB,EACzB,QAAQ,EACR,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,SAAS,EACT,eAAe,EACf,KAAK,cAAc,GACpB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,0BAA0B,EAC1B,wBAAwB,EACxB,KAAK,aAAa,EAClB,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,KAAK,kBAAkB,GACxB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,UAAU,EACV,UAAU,EACV,iBAAiB,EACjB,WAAW,EACX,cAAc,EACd,sBAAsB,EACtB,eAAe,EACf,aAAa,GACd,MAAM,cAAc,CAAC"}

package/dist/popl/index.js

@@ -0,0 +1,14 @@
+/**
+ * POPL Module Exports (Phase 6.0)
+ *
+ * Public Observable Proof Ledger
+ */
+// Types
+export { POPL_VERSION, TRUST_LABELS, } from './types.js';
+// Sanitizer
+export { SANITIZER_RULESET_VERSION, sanitize, sanitizeRpcPayload, sanitizeLogLine, sanitizeRpcEvent, hashValue, hashFileContent, } from './sanitizer.js';
+// Artifacts
+export { generateStatusArtifact, generateRpcArtifact, generateLogsArtifact, generateValidationArtifact, generateSessionArtifacts, } from './artifacts.js';
+// Service
+export { hasPoplDir, getPoplDir, getPoplEntriesDir, initPoplDir, loadPoplConfig, createSessionPoplEntry, listPoplEntries, readPoplEntry, } from './service.js';
+//# sourceMappingURL=index.js.map

package/dist/popl/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/popl/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,QAAQ;AACR,OAAO,EACL,YAAY,EACZ,YAAY,GAsBb,MAAM,YAAY,CAAC;AAEpB,YAAY;AACZ,OAAO,EACL,yBAAyB,EACzB,QAAQ,EACR,kBAAkB,EAClB,eAAe,EACf,gBAAgB,EAChB,SAAS,EACT,eAAe,GAEhB,MAAM,gBAAgB,CAAC;AAExB,YAAY;AACZ,OAAO,EACL,sBAAsB,EACtB,mBAAmB,EACnB,oBAAoB,EACpB,0BAA0B,EAC1B,wBAAwB,GAKzB,MAAM,gBAAgB,CAAC;AAExB,UAAU;AACV,OAAO,EACL,UAAU,EACV,UAAU,EACV,iBAAiB,EACjB,WAAW,EACX,cAAc,EACd,sBAAsB,EACtB,eAAe,EACf,aAAa,GACd,MAAM,cAAc,CAAC"}

package/dist/popl/sanitizer.d.ts

@@ -0,0 +1,86 @@
+/**
+ * POPL Sanitizer (Phase 6.0)
+ *
+ * Sanitization ruleset v1 for public disclosure safety.
+ *
+ * Rules:
+ * 1. Path removal - Windows and POSIX absolute paths
+ * 2. Secret token removal - Authorization, Bearer, api_key, token, secret
+ * 3. RPC payload handling - Replace values with hashes, keep key structure
+ */
+/** Current sanitization ruleset version */
+export declare const SANITIZER_RULESET_VERSION = 1;
+/**
+ * Result of sanitization
+ */
+export interface SanitizeResult {
+    /** Sanitized value */
+    value: unknown;
+    /** Number of items redacted */
+    redactedCount: number;
+    /** Categories of redactions made */
+    redactedCategories: Set<'path' | 'secret' | 'value'>;
+}
+/**
+ * Compute SHA-256 hash of a value (first 16 chars)
+ */
+export declare function hashValue(value: unknown): string;
+/**
+ * Sanitize a JSON-like value for public disclosure.
+ *
+ * @param value - Any JSON-serializable value
+ * @param options - Sanitization options
+ * @returns Sanitized value and statistics
+ */
+export declare function sanitize(value: unknown, options?: {
+    deep?: boolean;
+    context?: {
+        key?: string;
+    };
+}): SanitizeResult;
+/**
+ * Sanitize RPC payload for public disclosure.
+ *
+ * This is more aggressive than general sanitization:
+ * - Replaces all argument values with hashes
+ * - Keeps key structure for auditability
+ * - Stores original hash for verification
+ *
+ * @param payload - RPC arguments or result
+ * @returns Sanitized structure with hashes
+ */
+export declare function sanitizeRpcPayload(payload: Record<string, unknown> | null | undefined): {
+    sanitized: Record<string, unknown> | null;
+    payload_sha256: string;
+    keys: string[];
+};
+/**
+ * Sanitize a log line for public disclosure.
+ *
+ * @param line - Log line object
+ * @returns Sanitized log line
+ */
+export declare function sanitizeLogLine(line: Record<string, unknown>): Record<string, unknown>;
+/**
+ * Sanitize RPC event for public disclosure.
+ *
+ * @param event - RPC event object from events.db
+ * @returns Sanitized event
+ */
+export declare function sanitizeRpcEvent(event: {
+    event_id: string;
+    session_id: string;
+    rpc_id: string | null;
+    direction: string;
+    kind: string;
+    ts: string;
+    seq: number | null;
+    summary: string | null;
+    payload_hash: string | null;
+    raw_json: string | null;
+}): Record<string, unknown>;
+/**
+ * Compute SHA-256 hash of file contents
+ */
+export declare function hashFileContent(content: string | Buffer): string;
+//# sourceMappingURL=sanitizer.d.ts.map

package/dist/popl/sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizer.d.ts","sourceRoot":"","sources":["../../src/popl/sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,2CAA2C;AAC3C,eAAO,MAAM,yBAAyB,IAAI,CAAC;AAqE3C;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,sBAAsB;IACtB,KAAK,EAAE,OAAO,CAAC;IACf,+BAA+B;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,oCAAoC;IACpC,kBAAkB,EAAE,GAAG,CAAC,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC,CAAC;CACtD;AAsCD;;GAEG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAIhD;AAED;;;;;;GAMG;AACH,wBAAgB,QAAQ,CACtB,KAAK,EAAE,OAAO,EACd,OAAO,GAAE;IAAE,IAAI,CAAC,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;CAAO,GAC3D,cAAc,CAwDhB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,GAAG,SAAS,GAClD;IACD,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC1C,cAAc,EAAE,MAAM,CAAC;IACvB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB,CAyBA;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAC7B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC5B,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAGzB;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAoD1B;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAEhE"}

package/dist/popl/sanitizer.js

@@ -0,0 +1,271 @@
+/**
+ * POPL Sanitizer (Phase 6.0)
+ *
+ * Sanitization ruleset v1 for public disclosure safety.
+ *
+ * Rules:
+ * 1. Path removal - Windows and POSIX absolute paths
+ * 2. Secret token removal - Authorization, Bearer, api_key, token, secret
+ * 3. RPC payload handling - Replace values with hashes, keep key structure
+ */
+import { createHash } from 'crypto';
+/** Current sanitization ruleset version */
+export const SANITIZER_RULESET_VERSION = 1;
+/** Maximum string length to process with regex (ReDoS prevention) */
+const MAX_REGEX_INPUT_LENGTH = 1000;
+/** Redacted placeholder for paths */
+const REDACTED_PATH = '<redacted:path>';
+/** Redacted placeholder for secrets */
+const REDACTED_SECRET = '<redacted:secret>';
+/** Redacted placeholder for values (RPC payloads) */
+const REDACTED_VALUE = '<redacted:value>';
+/**
+ * Patterns for detecting absolute paths
+ */
+const PATH_PATTERNS = [
+    // Windows: C:\Users\... or D:\...
+    /^[A-Za-z]:\\[^\s"']+/,
+    // Windows: \\server\share
+    /^\\\\[^\s"']+/,
+    // POSIX: /home/... /Users/... /var/... etc.
+    /^\/(?:home|Users|var|tmp|etc|opt|usr|root|mnt|media|srv|private)[^\s"']*/,
+    // Generic POSIX paths starting with / followed by word chars
+    /^\/[a-zA-Z0-9_-]+(?:\/[^\s"']*)?/,
+];
+/**
+ * Patterns for detecting secret-like keys
+ */
+const SECRET_KEY_PATTERNS = [
+    /^api[_-]?key$/i,
+    /^auth(?:orization)?$/i,
+    /^bearer$/i,
+    /^token$/i,
+    /^secret$/i,
+    /^password$/i,
+    /^passwd$/i,
+    /^credential/i,
+    /^private[_-]?key$/i,
+    /^access[_-]?token$/i,
+    /^refresh[_-]?token$/i,
+    /^session[_-]?(?:id|token)$/i,
+    /^cookie$/i,
+    /^x-api-key$/i,
+    /^x-auth/i,
+];
+/**
+ * Patterns for detecting secret-like values
+ */
+const SECRET_VALUE_PATTERNS = [
+    // Bearer tokens
+    /^Bearer\s+[A-Za-z0-9._-]+/i,
+    // Authorization header
+    /^Basic\s+[A-Za-z0-9+/=]+/i,
+    // JWT-like tokens (three base64 sections)
+    /^eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/,
+    // API keys (long alphanumeric strings)
+    /^[a-zA-Z0-9_-]{32,}$/,
+    // Hedera keys
+    /^302[a-fA-F0-9]{64,}/,
+    // secret:// references (not already masked)
+    /^secret:\/\/(?!\*\*\*$)/,
+    // dpapi: references
+    /^dpapi:[a-zA-Z0-9_-]+$/,
+];
+/**
+ * Check if a string looks like an absolute path
+ * Includes length check to prevent ReDoS attacks
+ */
+function isAbsolutePath(value) {
+    // Skip long strings to prevent ReDoS
+    if (value.length > MAX_REGEX_INPUT_LENGTH) {
+        return false;
+    }
+    return PATH_PATTERNS.some((pattern) => pattern.test(value));
+}
+/**
+ * Check if a key name suggests it contains a secret
+ * Includes length check to prevent ReDoS attacks
+ */
+function isSecretKey(key) {
+    // Skip long strings to prevent ReDoS
+    if (key.length > MAX_REGEX_INPUT_LENGTH) {
+        return false;
+    }
+    return SECRET_KEY_PATTERNS.some((pattern) => pattern.test(key));
+}
+/**
+ * Check if a value looks like a secret
+ * Includes length check to prevent ReDoS attacks
+ */
+function isSecretValue(value) {
+    // Skip long strings to prevent ReDoS
+    if (value.length > MAX_REGEX_INPUT_LENGTH) {
+        return false;
+    }
+    return SECRET_VALUE_PATTERNS.some((pattern) => pattern.test(value));
+}
+/**
+ * Compute SHA-256 hash of a value (first 16 chars)
+ */
+export function hashValue(value) {
+    const str = typeof value === 'string' ? value : JSON.stringify(value);
+    const hash = createHash('sha256').update(str, 'utf8').digest('hex');
+    return hash.slice(0, 16);
+}
+/**
+ * Sanitize a JSON-like value for public disclosure.
+ *
+ * @param value - Any JSON-serializable value
+ * @param options - Sanitization options
+ * @returns Sanitized value and statistics
+ */
+export function sanitize(value, options = {}) {
+    let redactedCount = 0;
+    const redactedCategories = new Set();
+    function process(val, key) {
+        // Null/undefined pass through
+        if (val === null || val === undefined) {
+            return val;
+        }
+        // String processing
+        if (typeof val === 'string') {
+            // Check for paths
+            if (isAbsolutePath(val)) {
+                redactedCount++;
+                redactedCategories.add('path');
+                return REDACTED_PATH;
+            }
+            // Check for secret values
+            if (isSecretValue(val)) {
+                redactedCount++;
+                redactedCategories.add('secret');
+                return REDACTED_SECRET;
+            }
+            // Check if key suggests secret
+            if (key && isSecretKey(key) && val.length > 0) {
+                redactedCount++;
+                redactedCategories.add('secret');
+                return REDACTED_SECRET;
+            }
+            return val;
+        }
+        // Array processing
+        if (Array.isArray(val)) {
+            return val.map((item, i) => process(item, String(i)));
+        }
+        // Object processing
+        if (typeof val === 'object') {
+            const result = {};
+            for (const [k, v] of Object.entries(val)) {
+                result[k] = process(v, k);
+            }
+            return result;
+        }
+        // Primitives (number, boolean) pass through
+        return val;
+    }
+    const sanitized = process(value, options.context?.key);
+    return { value: sanitized, redactedCount, redactedCategories };
+}
+/**
+ * Sanitize RPC payload for public disclosure.
+ *
+ * This is more aggressive than general sanitization:
+ * - Replaces all argument values with hashes
+ * - Keeps key structure for auditability
+ * - Stores original hash for verification
+ *
+ * @param payload - RPC arguments or result
+ * @returns Sanitized structure with hashes
+ */
+export function sanitizeRpcPayload(payload) {
+    if (payload === null || payload === undefined) {
+        return {
+            sanitized: null,
+            payload_sha256: hashValue(null),
+            keys: [],
+        };
+    }
+    // Get original hash before any processing
+    const payload_sha256 = hashValue(payload);
+    // Extract keys
+    const keys = Object.keys(payload);
+    // Create sanitized version with value hashes
+    const sanitized = {};
+    for (const [key, value] of Object.entries(payload)) {
+        sanitized[key] = {
+            _type: typeof value,
+            _hash: hashValue(value),
+        };
+    }
+    return { sanitized, payload_sha256, keys };
+}
+/**
+ * Sanitize a log line for public disclosure.
+ *
+ * @param line - Log line object
+ * @returns Sanitized log line
+ */
+export function sanitizeLogLine(line) {
+    const result = sanitize(line);
+    return result.value;
+}
+/**
+ * Sanitize RPC event for public disclosure.
+ *
+ * @param event - RPC event object from events.db
+ * @returns Sanitized event
+ */
+export function sanitizeRpcEvent(event) {
+    // Basic fields (safe to include)
+    const sanitized = {
+        event_id: event.event_id,
+        session_id: event.session_id,
+        rpc_id: event.rpc_id,
+        direction: event.direction,
+        kind: event.kind,
+        ts: event.ts,
+        seq: event.seq,
+        summary: event.summary ? sanitize(event.summary).value : null,
+        payload_hash: event.payload_hash,
+    };
+    // Process raw_json if present
+    if (event.raw_json) {
+        try {
+            const parsed = JSON.parse(event.raw_json);
+            // For request/response, sanitize params/result
+            if (parsed.params) {
+                const { sanitized: sanParams, payload_sha256, keys } = sanitizeRpcPayload(parsed.params);
+                sanitized.params_keys = keys;
+                sanitized.params_sha256 = payload_sha256;
+                // Don't include sanitized params - just keys and hash
+            }
+            if (parsed.result !== undefined) {
+                const resultHash = hashValue(parsed.result);
+                sanitized.result_sha256 = resultHash;
+                sanitized.result_type = typeof parsed.result;
+            }
+            if (parsed.error) {
+                // Error codes/messages are generally safe
+                sanitized.error_code = parsed.error.code;
+                sanitized.error_message = sanitize(parsed.error.message).value;
+            }
+            // Method name is safe
+            if (parsed.method) {
+                sanitized.method = parsed.method;
+            }
+        }
+        catch {
+            // If parsing fails, just note that
+            sanitized.raw_json_parse_error = true;
+        }
+    }
+    return sanitized;
+}
+/**
+ * Compute SHA-256 hash of file contents
+ */
+export function hashFileContent(content) {
+    return createHash('sha256').update(content).digest('hex');
+}
+//# sourceMappingURL=sanitizer.js.map

package/dist/popl/sanitizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizer.js","sourceRoot":"","sources":["../../src/popl/sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEpC,2CAA2C;AAC3C,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC;AAE3C,qEAAqE;AACrE,MAAM,sBAAsB,GAAG,IAAI,CAAC;AAEpC,qCAAqC;AACrC,MAAM,aAAa,GAAG,iBAAiB,CAAC;AAExC,uCAAuC;AACvC,MAAM,eAAe,GAAG,mBAAmB,CAAC;AAE5C,qDAAqD;AACrD,MAAM,cAAc,GAAG,kBAAkB,CAAC;AAE1C;;GAEG;AACH,MAAM,aAAa,GAAG;IACpB,kCAAkC;IAClC,sBAAsB;IACtB,0BAA0B;IAC1B,eAAe;IACf,4CAA4C;IAC5C,0EAA0E;IAC1E,6DAA6D;IAC7D,kCAAkC;CACnC,CAAC;AAEF;;GAEG;AACH,MAAM,mBAAmB,GAAG;IAC1B,gBAAgB;IAChB,uBAAuB;IACvB,WAAW;IACX,UAAU;IACV,WAAW;IACX,aAAa;IACb,WAAW;IACX,cAAc;IACd,oBAAoB;IACpB,qBAAqB;IACrB,sBAAsB;IACtB,6BAA6B;IAC7B,WAAW;IACX,cAAc;IACd,UAAU;CACX,CAAC;AAEF;;GAEG;AACH,MAAM,qBAAqB,GAAG;IAC5B,gBAAgB;IAChB,4BAA4B;IAC5B,uBAAuB;IACvB,2BAA2B;IAC3B,0CAA0C;IAC1C,wDAAwD;IACxD,uCAAuC;IACvC,sBAAsB;IACtB,cAAc;IACd,sBAAsB;IACtB,4CAA4C;IAC5C,yBAAyB;IACzB,oBAAoB;IACpB,wBAAwB;CACzB,CAAC;AAcF;;;GAGG;AACH,SAAS,cAAc,CAAC,KAAa;IACnC,qCAAqC;IACrC,IAAI,KAAK,CAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,GAAW;IAC9B,qCAAqC;IACrC,IAAI,GAAG,CAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC;QACxC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAClE,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,KAAa;IAClC,qCAAqC;IACrC,IAAI,KAAK,CAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,qBAAqB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AACtE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,KAAc;IACtC,MAAM,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACtE,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACpE,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC3B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,QAAQ,CACtB,KAAc,EACd,UAA0D,EAAE;IAE5D,IAAI,aAAa,GAAG,CAAC,CAAC;IACtB,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAA+B,CAAC;IAElE,SAAS,OAAO,CAAC,GAAY,EAAE,GAAY;QACzC,8BAA8B;QAC9B,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtC,OAAO,GAAG,CAAC;QACb,CAAC;QAED,oBAAoB;QACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,kBAAkB;YAClB,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,aAAa,EAAE,CAAC;gBAChB,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC/B,OAAO,aAAa,CAAC;YACvB,CAAC;YAED,0BAA0B;YAC1B,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvB,aAAa,EAAE,CAAC;gBAChB,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACjC,OAAO,eAAe,CAAC;YACzB,CAAC;YAED,+BAA+B;YAC/B,IAAI,GAAG,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9C,aAAa,EAAE,CAAC;gBAChB,kBAAkB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBACjC,OAAO,eAAe,CAAC;YACzB,CAAC;YAED,OAAO,GAAG,CAAC;QACb,CAAC;QAED,mBAAmB;QACnB,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,oBAAoB;QACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,MAAM,GAA4B,EAAE,CAAC;YAC3C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;gBACzC,MAAM,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC5B,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,4CAA4C;QAC5C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACvD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,aAAa,EAAE,kBAAkB,EAAE,CAAC;AACjE,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAmD;IAMnD,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC9C,OAAO;YACL,SAAS,EAAE,IAAI;YACf,cAAc,EAAE,SAAS,CAAC,IAAI,CAAC;YAC/B,IAAI,EAAE,EAAE;SACT,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,MAAM,cAAc,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IAE1C,eAAe;IACf,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAElC,6CAA6C;IAC7C,MAAM,SAAS,GAA4B,EAAE,CAAC;IAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,SAAS,CAAC,GAAG,CAAC,GAAG;YACf,KAAK,EAAE,OAAO,KAAK;YACnB,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC;SACxB,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAC7B,IAA6B;IAE7B,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC9B,OAAO,MAAM,CAAC,KAAgC,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAWhC;IACC,iCAAiC;IACjC,MAAM,SAAS,GAA4B;QACzC,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,GAAG,EAAE,KAAK,CAAC,GAAG;QACd,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI;QAC7D,YAAY,EAAE,KAAK,CAAC,YAAY;KACjC,CAAC;IAEF,8BAA8B;IAC9B,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAE1C,+CAA+C;YAC/C,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,cAAc,EAAE,IAAI,EAAE,GAAG,kBAAkB,CACvE,MAAM,CAAC,MAAiC,CACzC,CAAC;gBACF,SAAS,CAAC,WAAW,GAAG,IAAI,CAAC;gBAC7B,SAAS,CAAC,aAAa,GAAG,cAAc,CAAC;gBACzC,sDAAsD;YACxD,CAAC;YAED,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAChC,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBAC5C,SAAS,CAAC,aAAa,GAAG,UAAU,CAAC;gBACrC,SAAS,CAAC,WAAW,GAAG,OAAO,MAAM,CAAC,MAAM,CAAC;YAC/C,CAAC;YAED,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,0CAA0C;gBAC1C,SAAS,CAAC,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC;gBACzC,SAAS,CAAC,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC;YACjE,CAAC;YAED,sBAAsB;YACtB,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,SAAS,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;YACnC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,mCAAmC;YACnC,SAAS,CAAC,oBAAoB,GAAG,IAAI,CAAC;QACxC,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,OAAwB;IACtD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC5D,CAAC"}

package/dist/popl/service.d.ts

@@ -0,0 +1,46 @@
+/**
+ * POPL Service Layer (Phase 6.0)
+ *
+ * Core service for POPL entry generation.
+ * Shared by CLI and shell - neither knows about @references.
+ */
+import { type PoplDocument, type PoplConfig, type CreatePoplOptions, type CreatePoplResult } from './types.js';
+/**
+ * Check if .popl directory exists
+ */
+export declare function hasPoplDir(root: string): boolean;
+/**
+ * Get path to .popl directory
+ */
+export declare function getPoplDir(root: string): string;
+/**
+ * Get path to popl_entries directory
+ */
+export declare function getPoplEntriesDir(root: string): string;
+/**
+ * Initialize .popl directory structure
+ */
+export declare function initPoplDir(root: string): Promise<void>;
+/**
+ * Load POPL config from .popl/config.json
+ * Returns empty config with warning on parse error.
+ */
+export declare function loadPoplConfig(root: string): Promise<PoplConfig>;
+/**
+ * Create a POPL entry for a session
+ *
+ * This is the core service function called by both CLI and shell.
+ */
+export declare function createSessionPoplEntry(sessionId: string, configDir: string, options: Omit<CreatePoplOptions, 'kind' | 'ids'>): Promise<CreatePoplResult>;
+/**
+ * List existing POPL entries
+ */
+export declare function listPoplEntries(root: string): Promise<{
+    id: string;
+    path: string;
+}[]>;
+/**
+ * Read a POPL entry document
+ */
+export declare function readPoplEntry(entryPath: string): Promise<PoplDocument | null>;
+//# sourceMappingURL=service.d.ts.map

package/dist/popl/service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"service.d.ts","sourceRoot":"","sources":["../../src/popl/service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAQH,OAAO,EAGL,KAAK,YAAY,EAEjB,KAAK,UAAU,EACf,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EAGtB,MAAM,YAAY,CAAC;AAapB;;GAEG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEhD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAkB7D;AAED;;;GAGG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAiBtE;AA8BD;;;;GAIG;AACH,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,IAAI,CAAC,iBAAiB,EAAE,MAAM,GAAG,KAAK,CAAC,GAC/C,OAAO,CAAC,gBAAgB,CAAC,CA2G3B;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,IAAI,EAAE,MAAM,GACX,OAAO,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,EAAE,CAAC,CAgBzC;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAanF"}