sigild 0.0.1 → 0.0.2

package/dist/src/hooks/install.js

@@ -0,0 +1,86 @@
+import { existsSync, mkdirSync, readFileSync, statSync, writeFileSync } from 'node:fs';
+import { dirname, join, resolve } from 'node:path';
+import { homedir } from 'node:os';
+const SIGIL_MCP_NAME = 'sigil';
+const SIGIL_HOOK_MARKER = 'sigil-hook-';
+export function settingsPath(opts) {
+    if (opts.scope === 'user') {
+        const home = opts.homeDir ?? homedir();
+        return join(home, '.claude', 'settings.json');
+    }
+    const root = opts.projectRoot ? resolve(opts.projectRoot) : process.cwd();
+    return join(root, '.claude', 'settings.json');
+}
+/**
+ * Idempotently install sigil's MCP server registration + hook config.
+ * Existing settings (other MCP servers, other hook handlers) are preserved.
+ */
+export function installInto(opts) {
+    const path = settingsPath(opts);
+    const before = readSettings(path);
+    const after = { ...before };
+    const mcpCommand = opts.mcpCommand ?? 'sigil-mcp';
+    // 1. MCP server registration — overwrite our entry; leave others alone.
+    const existingServers = after.mcpServers ?? {};
+    after.mcpServers = {
+        ...existingServers,
+        [SIGIL_MCP_NAME]: { command: mcpCommand },
+    };
+    // 2. Hooks — remove any prior sigil entries (identified by the
+    //    sigil-hook- prefix in the command path) then re-add fresh ones.
+    const stripSigil = (matchers) => {
+        if (!matchers)
+            return [];
+        return matchers
+            .map((m) => ({
+            ...m,
+            hooks: m.hooks.filter((h) => !h.command.includes(SIGIL_HOOK_MARKER)),
+        }))
+            .filter((m) => m.hooks.length > 0);
+    };
+    const hooks = { ...(after.hooks ?? {}) };
+    hooks.PreToolUse = [
+        ...stripSigil(hooks.PreToolUse),
+        {
+            matcher: 'Read|Bash',
+            hooks: [{ type: 'command', command: 'sigil-hook-pre' }],
+        },
+    ];
+    hooks.PostToolUse = [
+        ...stripSigil(hooks.PostToolUse),
+        {
+            matcher: '.*',
+            hooks: [{ type: 'command', command: 'sigil-hook-post' }],
+        },
+    ];
+    after.hooks = hooks;
+    // Bail early if no change.
+    const beforeJson = JSON.stringify(before);
+    const afterJson = JSON.stringify(after);
+    if (beforeJson === afterJson && existsSync(path)) {
+        return { settingsPath: path, changed: false };
+    }
+    mkdirSync(dirname(path), { recursive: true });
+    writeFileSync(path, JSON.stringify(after, null, 2) + '\n', { mode: 0o644 });
+    return { settingsPath: path, changed: true };
+}
+function readSettings(path) {
+    if (!existsSync(path))
+        return {};
+    try {
+        statSync(path);
+    }
+    catch {
+        return {};
+    }
+    try {
+        const text = readFileSync(path, 'utf8');
+        if (text.trim() === '')
+            return {};
+        return JSON.parse(text);
+    }
+    catch (err) {
+        throw new Error(`could not parse ${path}: ${err.message}`);
+    }
+}
+//# sourceMappingURL=install.js.map

package/dist/src/hooks/install.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"install.js","sourceRoot":"","sources":["../../../src/hooks/install.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACvF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAwDlC,MAAM,cAAc,GAAG,OAAO,CAAC;AAC/B,MAAM,iBAAiB,GAAG,aAAa,CAAC;AAExC,MAAM,UAAU,YAAY,CAAC,IAAc;IACzC,IAAI,IAAI,CAAC,KAAK,KAAK,MAAM,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IAChD,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1E,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;AAChD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,IAAc;IACxC,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,WAAW,CAAC;IAElD,wEAAwE;IACxE,MAAM,eAAe,GAAG,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;IAC/C,KAAK,CAAC,UAAU,GAAG;QACjB,GAAG,eAAe;QAClB,CAAC,cAAc,CAAC,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;KAC1C,CAAC;IAEF,+DAA+D;IAC/D,qEAAqE;IACrE,MAAM,UAAU,GAAG,CAAC,QAAmC,EAAiB,EAAE;QACxE,IAAI,CAAC,QAAQ;YAAE,OAAO,EAAE,CAAC;QACzB,OAAO,QAAQ;aACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,GAAG,CAAC;YACJ,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;SACrE,CAAC,CAAC;aACF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC;IAEF,MAAM,KAAK,GAAgB,EAAE,GAAG,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,CAAC;IACtD,KAAK,CAAC,UAAU,GAAG;QACjB,GAAG,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC;QAC/B;YACE,OAAO,EAAE,WAAW;YACpB,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC;SACxD;KACF,CAAC;IACF,KAAK,CAAC,WAAW,GAAG;QAClB,GAAG,UAAU,CAAC,KAAK,CAAC,WAAW,CAAC;QAChC;YACE,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC;SACzD;KACF,CAAC;IACF,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC;IAEpB,2BAA2B;IAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAChD,CAAC;IAED,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5E,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC/C,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC;IACjC,IAAI,CAAC;QAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,CAAC;IAAC,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACxC,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE;YAAE,OAAO,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,mBAAmB,IAAI,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACxE,CAAC;AACH,CAAC"}

package/dist/src/hooks/path-blocker.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Built-in patterns we always block. These are not user-configurable; they
+ * represent paths where a key would conventionally live and that the agent
+ * should never read.
+ */
+export declare const DEFAULT_PATH_PATTERNS: readonly string[];
+export interface BlockDecision {
+    blocked: boolean;
+    /** The pattern that matched, useful for surfacing in the error to the agent. */
+    matchedPattern?: string;
+}
+export interface BlockerOpts {
+    /** Extra glob patterns to block, in addition to the built-ins. */
+    extraPatterns?: readonly string[];
+}
+/**
+ * Decide whether to block a path read. Both the resolved absolute path AND
+ * the raw user-supplied path are checked, because attackers (or confused
+ * agents) may pass paths with `..` or symlinks that resolve to a blocked
+ * location while looking innocent.
+ *
+ * Note: this does NOT resolve symlinks itself. Symlink resolution is best
+ * left to the caller (who has filesystem access). For sigil's hook context,
+ * the agent already has filesystem access and would do the symlink read
+ * before our hook fires; the meaningful protection is preventing direct
+ * reads through obvious paths.
+ */
+export declare function isBlockedPath(path: string, opts?: BlockerOpts): BlockDecision;
+//# sourceMappingURL=path-blocker.d.ts.map

package/dist/src/hooks/path-blocker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-blocker.d.ts","sourceRoot":"","sources":["../../../src/hooks/path-blocker.ts"],"names":[],"mappings":"AAGA;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,EAAE,SAAS,MAAM,EAuBjD,CAAC;AAEH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,gFAAgF;IAChF,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,WAAW;IAC1B,kEAAkE;IAClE,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACnC;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,WAAgB,GAAG,aAAa,CAejF"}

package/dist/src/hooks/path-blocker.js

@@ -0,0 +1,59 @@
+import { basename } from 'node:path';
+import { globMatch, normalizePath } from './glob.js';
+/**
+ * Built-in patterns we always block. These are not user-configurable; they
+ * represent paths where a key would conventionally live and that the agent
+ * should never read.
+ */
+export const DEFAULT_PATH_PATTERNS = Object.freeze([
+    // sigil's own state
+    '**/.sigil/**',
+    // common key file extensions
+    '**/*.pem',
+    '**/*.key',
+    '**/*.keystore',
+    '**/*.jks',
+    '**/*.p12',
+    // SSH private key conventions
+    '**/.ssh/id_*',
+    '**/.ssh/*_rsa',
+    '**/.ssh/*_ed25519',
+    '**/.ssh/*_ecdsa',
+    // env files (no extension, dotted prefix variants like .env.local)
+    '**/.env',
+    '**/.env.*',
+    // ethereum/geth keystore directories
+    '**/keystore',
+    '**/keystore/**',
+    // GPG / pass(1) storage
+    '**/.gnupg/**',
+    '**/.password-store/**',
+]);
+/**
+ * Decide whether to block a path read. Both the resolved absolute path AND
+ * the raw user-supplied path are checked, because attackers (or confused
+ * agents) may pass paths with `..` or symlinks that resolve to a blocked
+ * location while looking innocent.
+ *
+ * Note: this does NOT resolve symlinks itself. Symlink resolution is best
+ * left to the caller (who has filesystem access). For sigil's hook context,
+ * the agent already has filesystem access and would do the symlink read
+ * before our hook fires; the meaningful protection is preventing direct
+ * reads through obvious paths.
+ */
+export function isBlockedPath(path, opts = {}) {
+    const patterns = [...DEFAULT_PATH_PATTERNS, ...(opts.extraPatterns ?? [])];
+    const normalized = normalizePath(path);
+    const base = basename(normalized);
+    for (const pattern of patterns) {
+        if (globMatch(normalized, pattern)) {
+            return { blocked: true, matchedPattern: pattern };
+        }
+        // Also test the basename so a pattern like `**/.env` catches relative `.env`.
+        if (globMatch(base, pattern.replace(/^\*\*\//, ''))) {
+            return { blocked: true, matchedPattern: pattern };
+        }
+    }
+    return { blocked: false };
+}
+//# sourceMappingURL=path-blocker.js.map

package/dist/src/hooks/path-blocker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-blocker.js","sourceRoot":"","sources":["../../../src/hooks/path-blocker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAErD;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAsB,MAAM,CAAC,MAAM,CAAC;IACpE,oBAAoB;IACpB,cAAc;IACd,6BAA6B;IAC7B,UAAU;IACV,UAAU;IACV,eAAe;IACf,UAAU;IACV,UAAU;IACV,8BAA8B;IAC9B,cAAc;IACd,eAAe;IACf,mBAAmB;IACnB,iBAAiB;IACjB,mEAAmE;IACnE,SAAS;IACT,WAAW;IACX,qCAAqC;IACrC,aAAa;IACb,gBAAgB;IAChB,wBAAwB;IACxB,cAAc;IACd,uBAAuB;CACxB,CAAC,CAAC;AAaH;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,aAAa,CAAC,IAAY,EAAE,OAAoB,EAAE;IAChE,MAAM,QAAQ,GAAG,CAAC,GAAG,qBAAqB,EAAE,GAAG,CAAC,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,CAAC;IAC3E,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,CAAC;YACnC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC;QACpD,CAAC;QACD,8EAA8E;QAC9E,IAAI,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;YACpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC;QACpD,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC5B,CAAC"}

package/dist/src/hooks/post-tool-use.d.ts

@@ -0,0 +1,13 @@
+import type { HookEnvelope, PostToolModification } from './protocol.js';
+/**
+ * Walk the tool_response field of a PostToolUse envelope, redacting every
+ * string we find. Returns the modification envelope to emit, or null if
+ * nothing changed.
+ */
+export declare function decidePostToolUse(env: HookEnvelope): PostToolModification | null;
+/**
+ * Recursively descend into objects, arrays, and strings, applying redact()
+ * to every string we encounter. Accumulates redaction counts.
+ */
+export declare function walkAndRedact(value: unknown, totals: Map<string, number>): unknown;
+//# sourceMappingURL=post-tool-use.d.ts.map

package/dist/src/hooks/post-tool-use.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"post-tool-use.d.ts","sourceRoot":"","sources":["../../../src/hooks/post-tool-use.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAExE;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,YAAY,GAAG,oBAAoB,GAAG,IAAI,CAchF;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAiBlF"}

package/dist/src/hooks/post-tool-use.js

@@ -0,0 +1,45 @@
+import { redact } from './redactor.js';
+/**
+ * Walk the tool_response field of a PostToolUse envelope, redacting every
+ * string we find. Returns the modification envelope to emit, or null if
+ * nothing changed.
+ */
+export function decidePostToolUse(env) {
+    const response = env.tool_response;
+    if (response === undefined)
+        return null;
+    const totals = new Map();
+    const redacted = walkAndRedact(response, totals);
+    if (totals.size === 0)
+        return null;
+    return {
+        hookSpecificOutput: {
+            hookEventName: 'PostToolUse',
+            updatedToolResponse: redacted,
+        },
+    };
+}
+/**
+ * Recursively descend into objects, arrays, and strings, applying redact()
+ * to every string we encounter. Accumulates redaction counts.
+ */
+export function walkAndRedact(value, totals) {
+    if (typeof value === 'string') {
+        const r = redact(value);
+        for (const s of r.redactions)
+            totals.set(s.reason, (totals.get(s.reason) ?? 0) + s.count);
+        return r.text;
+    }
+    if (Array.isArray(value)) {
+        return value.map((v) => walkAndRedact(v, totals));
+    }
+    if (value !== null && typeof value === 'object') {
+        const out = {};
+        for (const [k, v] of Object.entries(value)) {
+            out[k] = walkAndRedact(v, totals);
+        }
+        return out;
+    }
+    return value;
+}
+//# sourceMappingURL=post-tool-use.js.map

package/dist/src/hooks/post-tool-use.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"post-tool-use.js","sourceRoot":"","sources":["../../../src/hooks/post-tool-use.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAwB,MAAM,eAAe,CAAC;AAG7D;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAiB;IACjD,MAAM,QAAQ,GAAG,GAAG,CAAC,aAAa,CAAC;IACnC,IAAI,QAAQ,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAExC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IACzC,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACjD,IAAI,MAAM,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnC,OAAO;QACL,kBAAkB,EAAE;YAClB,aAAa,EAAE,aAAa;YAC5B,mBAAmB,EAAE,QAA4C;SAClE;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,KAAc,EAAE,MAA2B;IACvE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAoB,MAAM,CAAC,KAAK,CAAC,CAAC;QACzC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,UAAU;YAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QAC1F,OAAO,CAAC,CAAC,IAAI,CAAC;IAChB,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/src/hooks/pre-tool-use.d.ts

@@ -0,0 +1,8 @@
+import { type BlockerOpts } from './path-blocker.js';
+import type { BlockDecision, HookEnvelope } from './protocol.js';
+/**
+ * Decide whether a PreToolUse event should be blocked. Pure function; the
+ * bin entrypoint wraps this with stdin/stdout handling.
+ */
+export declare function decidePreToolUse(env: HookEnvelope, opts?: BlockerOpts): BlockDecision | null;
+//# sourceMappingURL=pre-tool-use.d.ts.map

package/dist/src/hooks/pre-tool-use.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pre-tool-use.d.ts","sourceRoot":"","sources":["../../../src/hooks/pre-tool-use.ts"],"names":[],"mappings":"AACA,OAAO,EAAiB,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACpE,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAEjE;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,GAAE,WAAgB,GAAG,aAAa,GAAG,IAAI,CA+BhG"}

package/dist/src/hooks/pre-tool-use.js

@@ -0,0 +1,38 @@
+import { scanBashCommand } from './command-scanner.js';
+import { isBlockedPath } from './path-blocker.js';
+/**
+ * Decide whether a PreToolUse event should be blocked. Pure function; the
+ * bin entrypoint wraps this with stdin/stdout handling.
+ */
+export function decidePreToolUse(env, opts = {}) {
+    const toolName = env.tool_name;
+    const input = env.tool_input ?? {};
+    if (toolName === 'Read') {
+        const path = typeof input['file_path'] === 'string' ? input['file_path'] : undefined;
+        if (path === undefined)
+            return null;
+        const d = isBlockedPath(path, opts);
+        if (d.blocked) {
+            return {
+                decision: 'block',
+                reason: `sigil ward: ${path} matches blocked pattern ${d.matchedPattern}. This path is on sigil's wardlist (~/.sigil/wards.toml + built-in defaults). If you need to read a file like this, edit the wardlist.`,
+            };
+        }
+        return null;
+    }
+    if (toolName === 'Bash') {
+        const cmd = typeof input['command'] === 'string' ? input['command'] : undefined;
+        if (cmd === undefined)
+            return null;
+        const d = scanBashCommand(cmd, opts);
+        if (d.blocked) {
+            return {
+                decision: 'block',
+                reason: `sigil ward: bash command blocked — ${d.reason ?? 'matched blocked pattern'}.`,
+            };
+        }
+        return null;
+    }
+    return null; // not a tool we ward
+}
+//# sourceMappingURL=pre-tool-use.js.map

package/dist/src/hooks/pre-tool-use.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pre-tool-use.js","sourceRoot":"","sources":["../../../src/hooks/pre-tool-use.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAoB,MAAM,mBAAmB,CAAC;AAGpE;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAiB,EAAE,OAAoB,EAAE;IACxE,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC;IAC/B,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;IAEnC,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,OAAO,KAAK,CAAC,WAAW,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACrF,IAAI,IAAI,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;QACpC,MAAM,CAAC,GAAG,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACpC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YACd,OAAO;gBACL,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,eAAe,IAAI,4BAA4B,CAAC,CAAC,cAAc,wIAAwI;aAChN,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,MAAM,GAAG,GAAG,OAAO,KAAK,CAAC,SAAS,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAChF,IAAI,GAAG,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;QACnC,MAAM,CAAC,GAAG,eAAe,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACrC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YACd,OAAO;gBACL,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,sCAAsC,CAAC,CAAC,MAAM,IAAI,yBAAyB,GAAG;aACvF,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,qBAAqB;AACpC,CAAC"}

package/dist/src/hooks/protocol.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Claude Code hook I/O protocol. Hooks are spawned as subprocesses; they
+ * receive a JSON envelope on stdin and may write a JSON decision on stdout.
+ *
+ * Reference: https://docs.claude.com/en/docs/claude-code/hooks (subject to
+ * change; the fields below are what sigil's hooks read and write).
+ */
+export interface HookEnvelope {
+    session_id?: string;
+    transcript_path?: string;
+    hook_event_name?: string;
+    tool_name?: string;
+    tool_input?: Record<string, unknown>;
+    tool_response?: Record<string, unknown> | string;
+    [key: string]: unknown;
+}
+/**
+ * Decision emitted by a PreToolUse hook. Returning `{ decision: "block" }`
+ * stops the tool call and surfaces `reason` to the model.
+ */
+export interface BlockDecision {
+    decision: 'block';
+    reason: string;
+}
+/**
+ * Output from a PostToolUse hook that wants to modify the tool's response
+ * (e.g., redact secrets). The exact shape Claude Code accepts is in flux;
+ * we emit a structure that has been stable in recent versions.
+ */
+export interface PostToolModification {
+    hookSpecificOutput: {
+        hookEventName: 'PostToolUse';
+        updatedToolResponse: Record<string, unknown> | string;
+    };
+}
+/**
+ * Read the entire stdin stream and parse it as JSON. Returns an empty
+ * object if stdin closes without data.
+ */
+export declare function readHookEnvelope(stdin?: NodeJS.ReadableStream): Promise<HookEnvelope>;
+//# sourceMappingURL=protocol.d.ts.map

package/dist/src/hooks/protocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.d.ts","sourceRoot":"","sources":["../../../src/hooks/protocol.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,YAAY;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC;IAEjD,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,kBAAkB,EAAE;QAClB,aAAa,EAAE,aAAa,CAAC;QAC7B,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC;KACvD,CAAC;CACH;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CAAC,KAAK,GAAE,MAAM,CAAC,cAA8B,GAAG,OAAO,CAAC,YAAY,CAAC,CAY1G"}

package/dist/src/hooks/protocol.js

@@ -0,0 +1,27 @@
+/**
+ * Claude Code hook I/O protocol. Hooks are spawned as subprocesses; they
+ * receive a JSON envelope on stdin and may write a JSON decision on stdout.
+ *
+ * Reference: https://docs.claude.com/en/docs/claude-code/hooks (subject to
+ * change; the fields below are what sigil's hooks read and write).
+ */
+/**
+ * Read the entire stdin stream and parse it as JSON. Returns an empty
+ * object if stdin closes without data.
+ */
+export async function readHookEnvelope(stdin = process.stdin) {
+    const chunks = [];
+    for await (const c of stdin) {
+        chunks.push(typeof c === 'string' ? Buffer.from(c, 'utf8') : c);
+    }
+    const text = Buffer.concat(chunks).toString('utf8').trim();
+    if (text.length === 0)
+        return {};
+    try {
+        return JSON.parse(text);
+    }
+    catch (err) {
+        throw new Error(`hook stdin was not valid JSON: ${err.message}`);
+    }
+}
+//# sourceMappingURL=protocol.js.map

package/dist/src/hooks/protocol.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.js","sourceRoot":"","sources":["../../../src/hooks/protocol.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAkCH;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,QAA+B,OAAO,CAAC,KAAK;IACjF,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,EAAE,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAW,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IAC3D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACjC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,kCAAmC,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC"}

package/dist/src/hooks/redactor.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Output redactor — the second line of defence behind the path blocker.
+ * If a key somehow ends up in tool output (because the agent read a file
+ * the blocker missed, or coaxed a key out of an API), redact it before it
+ * reaches the model's context.
+ *
+ * The rules are deliberately strict — false positives are tolerable
+ * (redacted noise in tool output is annoying; an exfiltrated key is fatal).
+ */
+export interface RedactionStat {
+    reason: string;
+    count: number;
+}
+export interface RedactionResult {
+    text: string;
+    redactions: RedactionStat[];
+}
+export declare function redact(text: string): RedactionResult;
+//# sourceMappingURL=redactor.d.ts.map

package/dist/src/hooks/redactor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redactor.d.ts","sourceRoot":"","sources":["../../../src/hooks/redactor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,aAAa,EAAE,CAAC;CAC7B;AAuDD,wBAAgB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,CAYpD"}

package/dist/src/hooks/redactor.js

@@ -0,0 +1,71 @@
+/**
+ * Output redactor — the second line of defence behind the path blocker.
+ * If a key somehow ends up in tool output (because the agent read a file
+ * the blocker missed, or coaxed a key out of an API), redact it before it
+ * reaches the model's context.
+ *
+ * The rules are deliberately strict — false positives are tolerable
+ * (redacted noise in tool output is annoying; an exfiltrated key is fatal).
+ */
+const RULES = Object.freeze([
+    // PEM-encoded private key blocks. Matched first so the inner base64 isn't
+    // also caught by the hex/JWT rules.
+    {
+        reason: 'pem-private-key',
+        regex: /-----BEGIN [A-Z0-9 ]*PRIVATE KEY[A-Z0-9 ]*-----[\s\S]+?-----END [A-Z0-9 ]*PRIVATE KEY[A-Z0-9 ]*-----/g,
+    },
+    // Generic PEM block — second-line check for "BEGIN ... KEY ...END ... KEY"
+    // that didn't say PRIVATE explicitly (some tools emit just "KEY").
+    {
+        reason: 'pem-key-block',
+        regex: /-----BEGIN [A-Z0-9 ]*KEY[A-Z0-9 ]*-----[\s\S]+?-----END [A-Z0-9 ]*KEY[A-Z0-9 ]*-----/g,
+    },
+    // 32-byte raw private keys as 0x-prefixed hex (most common Ethereum form).
+    // Word boundary on both sides so we don't grab a 0x... that happens to be
+    // a longer hash and continue past it.
+    {
+        reason: 'hex-private-key',
+        regex: /\b0x[0-9a-fA-F]{64}(?![0-9a-fA-F])/g,
+    },
+    // JWT (header.payload.signature where header starts with eyJ — base64url
+    // of {"...). Three url-safe-base64 sections separated by dots.
+    {
+        reason: 'jwt',
+        regex: /\beyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/g,
+    },
+    // npm tokens (npm_ + ~36 chars) — same pattern they're emitted in.
+    {
+        reason: 'npm-token',
+        regex: /\bnpm_[A-Za-z0-9]{36,}\b/g,
+    },
+    // Anthropic / Claude API keys (sk-ant-...).
+    {
+        reason: 'anthropic-api-key',
+        regex: /\bsk-ant-[A-Za-z0-9_-]{20,}\b/g,
+    },
+    // OpenAI keys.
+    {
+        reason: 'openai-api-key',
+        regex: /\bsk-[A-Za-z0-9]{32,}\b/g,
+    },
+    // AWS access key IDs (AKIA + 16 chars) and secret access keys (40 base64-ish chars).
+    {
+        reason: 'aws-access-key-id',
+        regex: /\bAKIA[0-9A-Z]{16}\b/g,
+    },
+]);
+export function redact(text) {
+    const counts = new Map();
+    let out = text;
+    for (const rule of RULES) {
+        out = out.replace(rule.regex, () => {
+            counts.set(rule.reason, (counts.get(rule.reason) ?? 0) + 1);
+            return `<REDACTED:${rule.reason}>`;
+        });
+    }
+    const redactions = [];
+    for (const [reason, count] of counts)
+        redactions.push({ reason, count });
+    return { text: out, redactions };
+}
+//# sourceMappingURL=redactor.js.map

package/dist/src/hooks/redactor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redactor.js","sourceRoot":"","sources":["../../../src/hooks/redactor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAiBH,MAAM,KAAK,GAAoB,MAAM,CAAC,MAAM,CAAC;IAC3C,0EAA0E;IAC1E,oCAAoC;IACpC;QACE,MAAM,EAAE,iBAAiB;QACzB,KAAK,EAAE,uGAAuG;KAC/G;IACD,2EAA2E;IAC3E,mEAAmE;IACnE;QACE,MAAM,EAAE,eAAe;QACvB,KAAK,EAAE,uFAAuF;KAC/F;IACD,2EAA2E;IAC3E,0EAA0E;IAC1E,sCAAsC;IACtC;QACE,MAAM,EAAE,iBAAiB;QACzB,KAAK,EAAE,qCAAqC;KAC7C;IACD,yEAAyE;IACzE,+DAA+D;IAC/D;QACE,MAAM,EAAE,KAAK;QACb,KAAK,EAAE,wDAAwD;KAChE;IACD,mEAAmE;IACnE;QACE,MAAM,EAAE,WAAW;QACnB,KAAK,EAAE,2BAA2B;KACnC;IACD,4CAA4C;IAC5C;QACE,MAAM,EAAE,mBAAmB;QAC3B,KAAK,EAAE,gCAAgC;KACxC;IACD,eAAe;IACf;QACE,MAAM,EAAE,gBAAgB;QACxB,KAAK,EAAE,0BAA0B;KAClC;IACD,qFAAqF;IACrF;QACE,MAAM,EAAE,mBAAmB;QAC3B,KAAK,EAAE,uBAAuB;KAC/B;CACF,CAAC,CAAC;AAEH,MAAM,UAAU,MAAM,CAAC,IAAY;IACjC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IACzC,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE;YACjC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5D,OAAO,aAAa,IAAI,CAAC,MAAM,GAAG,CAAC;QACrC,CAAC,CAAC,CAAC;IACL,CAAC;IACD,MAAM,UAAU,GAAoB,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,MAAM;QAAE,UAAU,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACzE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;AACnC,CAAC"}

package/dist/src/mcp/index.d.ts

@@ -0,0 +1,4 @@
+export { type McpId, type McpRequest, type McpNotification, type McpResponse, type McpSuccess, type McpError, type McpErrorBody, type ParseResult, type ToolInputSchema, type ToolDefinition, type ToolContent, type ToolResult, PROTOCOL_VERSION, SERVER_INFO, MCP_PARSE_ERROR, MCP_INVALID_REQUEST, MCP_METHOD_NOT_FOUND, MCP_INVALID_PARAMS, MCP_INTERNAL_ERROR, parseMessage, encodeSuccess, encodeError, } from './protocol.js';
+export { type Tool, type ToolHandler, type ToolHandlerCtx, ToolError, TOOLS, findTool, } from './tools.js';
+export { type McpServerOpts, type McpStdioOpts, type McpLogEvent, handleLine, runMcpStdio, } from './server.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/mcp/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/mcp/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,KAAK,EACV,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,UAAU,EACf,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,YAAY,EACZ,aAAa,EACb,WAAW,GACZ,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,KAAK,IAAI,EACT,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,SAAS,EACT,KAAK,EACL,QAAQ,GACT,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,WAAW,EAChB,UAAU,EACV,WAAW,GACZ,MAAM,aAAa,CAAC"}

package/dist/src/mcp/index.js

@@ -0,0 +1,4 @@
+export { PROTOCOL_VERSION, SERVER_INFO, MCP_PARSE_ERROR, MCP_INVALID_REQUEST, MCP_METHOD_NOT_FOUND, MCP_INVALID_PARAMS, MCP_INTERNAL_ERROR, parseMessage, encodeSuccess, encodeError, } from './protocol.js';
+export { ToolError, TOOLS, findTool, } from './tools.js';
+export { handleLine, runMcpStdio, } from './server.js';
+//# sourceMappingURL=index.js.map

package/dist/src/mcp/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/mcp/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAaL,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,YAAY,EACZ,aAAa,EACb,WAAW,GACZ,MAAM,eAAe,CAAC;AACvB,OAAO,EAIL,SAAS,EACT,KAAK,EACL,QAAQ,GACT,MAAM,YAAY,CAAC;AACpB,OAAO,EAIL,UAAU,EACV,WAAW,GACZ,MAAM,aAAa,CAAC"}

package/dist/src/mcp/protocol.d.ts

@@ -0,0 +1,98 @@
+/**
+ * Minimal subset of the Model Context Protocol (MCP) wire format that sigil
+ * needs to act as a stdio tool server for Claude Code (and any other MCP
+ * client). MCP rides on JSON-RPC 2.0; this module defines the request,
+ * response, and notification shapes plus helpers for encoding.
+ *
+ * Spec reference: https://modelcontextprotocol.io/specification
+ *
+ * We implement: initialize, notifications/initialized, tools/list, tools/call.
+ * Everything else (resources, prompts, sampling, completions, logging,
+ * pagination cursors) is intentionally omitted.
+ */
+export declare const PROTOCOL_VERSION = "2025-06-18";
+export declare const SERVER_INFO: {
+    readonly name: "sigil-mcp";
+    readonly version: "0.0.1";
+};
+export type McpId = string | number | null;
+export interface McpRequest {
+    jsonrpc: '2.0';
+    id: McpId;
+    method: string;
+    params?: unknown;
+}
+export interface McpNotification {
+    jsonrpc: '2.0';
+    method: string;
+    params?: unknown;
+}
+export interface McpSuccess {
+    jsonrpc: '2.0';
+    id: McpId;
+    result: unknown;
+}
+export interface McpErrorBody {
+    code: number;
+    message: string;
+    data?: unknown;
+}
+export interface McpError {
+    jsonrpc: '2.0';
+    id: McpId;
+    error: McpErrorBody;
+}
+export type McpResponse = McpSuccess | McpError;
+export declare const MCP_PARSE_ERROR = -32700;
+export declare const MCP_INVALID_REQUEST = -32600;
+export declare const MCP_METHOD_NOT_FOUND = -32601;
+export declare const MCP_INVALID_PARAMS = -32602;
+export declare const MCP_INTERNAL_ERROR = -32603;
+export interface ToolInputSchema {
+    type: 'object';
+    properties: Record<string, unknown>;
+    required?: string[];
+    additionalProperties?: boolean;
+}
+export interface ToolDefinition {
+    name: string;
+    description: string;
+    inputSchema: ToolInputSchema;
+}
+export type ToolContent = {
+    type: 'text';
+    text: string;
+};
+export interface ToolResult {
+    content: ToolContent[];
+    /** When omitted, treated as false. */
+    isError?: boolean;
+    /** Structured payload for clients that want typed access; supplemental to content. */
+    structuredContent?: unknown;
+}
+/**
+ * Parse a single NDJSON line into an MCP envelope.
+ *
+ * Returns:
+ *  - `{ kind: 'request', request }` for an incoming request (has id + method)
+ *  - `{ kind: 'notification', notification }` for an incoming notification (method, no id)
+ *  - `{ kind: 'parse_error' }` for non-JSON
+ *  - `{ kind: 'invalid', id, reason }` for a JSON object that isn't a valid envelope
+ */
+export type ParseResult = {
+    kind: 'request';
+    request: McpRequest;
+} | {
+    kind: 'notification';
+    notification: McpNotification;
+} | {
+    kind: 'parse_error';
+} | {
+    kind: 'invalid';
+    id: McpId;
+    reason: string;
+};
+export declare function parseMessage(line: string): ParseResult;
+export declare function encodeSuccess(id: McpId, result: unknown): string;
+export declare function encodeError(id: McpId, code: number, message: string, data?: unknown): string;
+//# sourceMappingURL=protocol.d.ts.map

package/dist/src/mcp/protocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.d.ts","sourceRoot":"","sources":["../../../src/mcp/protocol.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,eAAO,MAAM,gBAAgB,eAAe,CAAC;AAE7C,eAAO,MAAM,WAAW;;;CAGd,CAAC;AAEX,MAAM,MAAM,KAAK,GAAG,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;AAE3C,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,KAAK,CAAC;IACf,EAAE,EAAE,KAAK,CAAC;IACV,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,KAAK,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,KAAK,CAAC;IACf,EAAE,EAAE,KAAK,CAAC;IACV,MAAM,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,QAAQ;IACvB,OAAO,EAAE,KAAK,CAAC;IACf,EAAE,EAAE,KAAK,CAAC;IACV,KAAK,EAAE,YAAY,CAAC;CACrB;AAED,MAAM,MAAM,WAAW,GAAG,UAAU,GAAG,QAAQ,CAAC;AAGhD,eAAO,MAAM,eAAe,SAAS,CAAC;AACtC,eAAO,MAAM,mBAAmB,SAAS,CAAC;AAC1C,eAAO,MAAM,oBAAoB,SAAS,CAAC;AAC3C,eAAO,MAAM,kBAAkB,SAAS,CAAC;AACzC,eAAO,MAAM,kBAAkB,SAAS,CAAC;AAEzC,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,QAAQ,CAAC;IACf,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,eAAe,CAAC;CAC9B;AAED,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC;AAEnC,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,sCAAsC;IACtC,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,sFAAsF;IACtF,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,WAAW,GACnB;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,UAAU,CAAA;CAAE,GACxC;IAAE,IAAI,EAAE,cAAc,CAAC;IAAC,YAAY,EAAE,eAAe,CAAA;CAAE,GACvD;IAAE,IAAI,EAAE,aAAa,CAAA;CAAE,GACvB;IAAE,IAAI,EAAE,SAAS,CAAC;IAAC,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAEnD,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,WAAW,CAyCtD;AAMD,wBAAgB,aAAa,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,GAAG,MAAM,CAGhE;AAED,wBAAgB,WAAW,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,MAAM,CAI5F"}