sigild 0.0.1 → 0.0.3

package/dist/src/daemon/handles.d.ts

@@ -11,9 +11,16 @@ export declare class HandleLoadError extends Error {
 /**
  * In-memory registry of handle → unlocked SecretBuffer.
  *
- * The expectation is that this is constructed once at daemon startup, populated
- * via loadFromDir (or addEntry from tests), and disposed once at shutdown.
- * After dispose() any further get/list calls throw.
+ * Lifecycle inside sigil-mcp:
+ *   - Constructed empty + locked at startup.
+ *   - `sigil unlock` calls loadFromDir / addEntry → table becomes unlocked.
+ *   - `sigil lock` calls lock() → entries zeroed + cleared, table re-lockable.
+ *   - Process exit calls dispose() → final teardown, no further use.
+ *
+ * The unlocked flag is tracked separately from entry count so that an unlock
+ * with zero portals on disk still distinguishes "no portals exist" (handle
+ * lookup → PORTAL_NOT_FOUND) from "never unlocked" (handle lookup →
+ * DAEMON_LOCKED).
  */
 export declare class HandleTable {
     #private;
@@ -24,17 +31,31 @@ export declare class HandleTable {
     static handleFromFilename(filename: string): string | null;
     /**
      * Load every keyfile in `dir` named `<handle>.sigil`, decrypting each with
-     * the same passphrase. Throws HandleLoadError on any failure.
+     * the same passphrase. Throws HandleLoadError on any failure; on failure
+     * the table is left locked with any partially-loaded entries zeroized.
      *
      * Order: deterministic by sorted filename, so audit logs and list_portals
      * output are stable across restarts.
+     *
+     * Marks the table as unlocked on success — even if the directory was
+     * empty (zero portals to load). After that, sign calls see PORTAL_NOT_FOUND
+     * instead of DAEMON_LOCKED.
      */
     loadFromDir(dir: string, passphrase: Buffer): void;
     /**
      * Add a handle directly (for tests or for non-file-backed key sources).
-     * Takes ownership of the SecretBuffer; dispose() will zeroize it.
+     * Takes ownership of the SecretBuffer; lock()/dispose() will zeroize it.
+     * Does NOT flip the unlocked flag — loadFromDir does that once after a
+     * successful pass. Tests that want an unlocked table should call
+     * markUnlocked() explicitly.
      */
     addEntry(handle: string, secret: SecretBuffer): void;
+    /**
+     * Explicitly mark the table as unlocked without loading anything. Useful
+     * for tests that pre-populate via addEntry and want sign methods to
+     * succeed.
+     */
+    markUnlocked(): void;
     has(handle: string): boolean;
     /**
      * Returns the SecretBuffer for the handle. Caller must NOT dispose it —
@@ -42,8 +63,16 @@ export declare class HandleTable {
      */
     get(handle: string): SecretBuffer | undefined;
     list(): PortalInfo[];
+    isUnlocked(): boolean;
+    /**
+     * Zeroize every entry and re-lock the table. The table remains usable —
+     * a subsequent unlock can repopulate it. Idempotent.
+     */
+    lock(): void;
     /**
-     * Zeroize every key and mark the table unusable. Idempotent.
+     * Final teardown: zeroize every key and mark the table unusable. After
+     * dispose(), get/has/list/lock/markUnlocked/addEntry/loadFromDir throw.
+     * Idempotent.
      */
     dispose(): void;
     get isDisposed(): boolean;

package/dist/src/daemon/handles.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"handles.d.ts","sourceRoot":"","sources":["../../../src/daemon/handles.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,KAAK,YAAY,EAGlB,MAAM,oBAAoB,CAAC;AAQ5B,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,KAAK,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,eAAgB,SAAQ,KAAK;IACxC,SAAkB,KAAK,CAAC,EAAE,OAAO,CAAC;gBACtB,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO;CAK7C;AAED;;;;;;GAMG;AACH,qBAAa,WAAW;;IAKtB,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG;QAAE,IAAI,EAAE,KAAK,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE;IAMjE,MAAM,CAAC,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAO1D;;;;;;OAMG;IACH,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI;IAgClD;;;OAGG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,GAAG,IAAI;IAcpD,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAK5B;;;OAGG;IACH,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS;IAK7C,IAAI,IAAI,UAAU,EAAE;IAKpB;;OAEG;IACH,OAAO,IAAI,IAAI;IAOf,IAAI,UAAU,IAAI,OAAO,CAExB;CACF"}
+{"version":3,"file":"handles.d.ts","sourceRoot":"","sources":["../../../src/daemon/handles.ts"],"names":[],"mappings":"AAGA,OAAO,EACL,KAAK,YAAY,EAGlB,MAAM,oBAAoB,CAAC;AAQ5B,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,KAAK,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,eAAgB,SAAQ,KAAK;IACxC,SAAkB,KAAK,CAAC,EAAE,OAAO,CAAC;gBACtB,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO;CAK7C;AAED;;;;;;;;;;;;;GAaG;AACH,qBAAa,WAAW;;IAMtB,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG;QAAE,IAAI,EAAE,KAAK,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE;IAMjE,MAAM,CAAC,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAO1D;;;;;;;;;;;OAWG;IACH,WAAW,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI;IAyClD;;;;;;OAMG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,GAAG,IAAI;IAcpD;;;;OAIG;IACH,YAAY,IAAI,IAAI;IAKpB,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAK5B;;;OAGG;IACH,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS;IAK7C,IAAI,IAAI,UAAU,EAAE;IAKpB,UAAU,IAAI,OAAO;IAKrB;;;OAGG;IACH,IAAI,IAAI,IAAI;IAOZ;;;;OAIG;IACH,OAAO,IAAI,IAAI;IAQf,IAAI,UAAU,IAAI,OAAO,CAExB;CACF"}

package/dist/src/daemon/handles.js

@@ -19,13 +19,21 @@ export class HandleLoadError extends Error {
 /**
  * In-memory registry of handle → unlocked SecretBuffer.
  *
- * The expectation is that this is constructed once at daemon startup, populated
- * via loadFromDir (or addEntry from tests), and disposed once at shutdown.
- * After dispose() any further get/list calls throw.
+ * Lifecycle inside sigil-mcp:
+ *   - Constructed empty + locked at startup.
+ *   - `sigil unlock` calls loadFromDir / addEntry → table becomes unlocked.
+ *   - `sigil lock` calls lock() → entries zeroed + cleared, table re-lockable.
+ *   - Process exit calls dispose() → final teardown, no further use.
+ *
+ * The unlocked flag is tracked separately from entry count so that an unlock
+ * with zero portals on disk still distinguishes "no portals exist" (handle
+ * lookup → PORTAL_NOT_FOUND) from "never unlocked" (handle lookup →
+ * DAEMON_LOCKED).
  */
 export class HandleTable {
     // Wrapped in a private map; not exposed.
     #entries = new Map();
+    #unlocked = false;
     #disposed = false;
     static parseHandle(handle) {
         const m = HANDLE_RE.exec(handle);
@@ -43,10 +51,15 @@ export class HandleTable {
     }
     /**
      * Load every keyfile in `dir` named `<handle>.sigil`, decrypting each with
-     * the same passphrase. Throws HandleLoadError on any failure.
+     * the same passphrase. Throws HandleLoadError on any failure; on failure
+     * the table is left locked with any partially-loaded entries zeroized.
      *
      * Order: deterministic by sorted filename, so audit logs and list_portals
      * output are stable across restarts.
+     *
+     * Marks the table as unlocked on success — even if the directory was
+     * empty (zero portals to load). After that, sign calls see PORTAL_NOT_FOUND
+     * instead of DAEMON_LOCKED.
      */
     loadFromDir(dir, passphrase) {
         if (this.#disposed)
@@ -56,38 +69,50 @@ export class HandleTable {
             entries = readdirSync(dir).sort();
         }
         catch (err) {
-            if (err.code === 'ENOENT')
+            if (err.code === 'ENOENT') {
+                this.#unlocked = true;
                 return;
+            }
             throw new HandleLoadError(`failed to read keys directory ${dir}`, err);
         }
-        for (const filename of entries) {
-            const handle = HandleTable.handleFromFilename(filename);
-            if (handle === null)
-                continue; // ignore non-keyfiles
-            const path = join(dir, filename);
-            let blob;
-            try {
-                blob = readFileSync(path);
-            }
-            catch (err) {
-                throw new HandleLoadError(`failed to read keyfile ${path}`, err);
-            }
-            let secret;
-            try {
-                secret = unsealKey(blob, passphrase);
-            }
-            catch (err) {
-                if (err instanceof WrongPassphraseError) {
-                    throw new HandleLoadError(`wrong passphrase or tampered keyfile: ${path}`, err);
+        try {
+            for (const filename of entries) {
+                const handle = HandleTable.handleFromFilename(filename);
+                if (handle === null)
+                    continue;
+                const path = join(dir, filename);
+                let blob;
+                try {
+                    blob = readFileSync(path);
                 }
-                throw new HandleLoadError(`failed to unseal keyfile ${path}`, err);
+                catch (err) {
+                    throw new HandleLoadError(`failed to read keyfile ${path}`, err);
+                }
+                let secret;
+                try {
+                    secret = unsealKey(blob, passphrase);
+                }
+                catch (err) {
+                    if (err instanceof WrongPassphraseError) {
+                        throw new HandleLoadError(`wrong passphrase or tampered keyfile: ${path}`, err);
+                    }
+                    throw new HandleLoadError(`failed to unseal keyfile ${path}`, err);
+                }
+                this.addEntry(handle, secret);
             }
-            this.addEntry(handle, secret);
+            this.#unlocked = true;
+        }
+        catch (err) {
+            this.lock();
+            throw err;
         }
     }
     /**
      * Add a handle directly (for tests or for non-file-backed key sources).
-     * Takes ownership of the SecretBuffer; dispose() will zeroize it.
+     * Takes ownership of the SecretBuffer; lock()/dispose() will zeroize it.
+     * Does NOT flip the unlocked flag — loadFromDir does that once after a
+     * successful pass. Tests that want an unlocked table should call
+     * markUnlocked() explicitly.
      */
     addEntry(handle, secret) {
         if (this.#disposed)
@@ -103,6 +128,16 @@ export class HandleTable {
             info: { handle, kind: 'eth', address },
         });
     }
+    /**
+     * Explicitly mark the table as unlocked without loading anything. Useful
+     * for tests that pre-populate via addEntry and want sign methods to
+     * succeed.
+     */
+    markUnlocked() {
+        if (this.#disposed)
+            throw new Error('HandleTable is disposed');
+        this.#unlocked = true;
+    }
     has(handle) {
         if (this.#disposed)
             throw new Error('HandleTable is disposed');
@@ -122,8 +157,27 @@ export class HandleTable {
             throw new Error('HandleTable is disposed');
         return Array.from(this.#entries.values()).map((e) => ({ ...e.info }));
     }
+    isUnlocked() {
+        if (this.#disposed)
+            return false;
+        return this.#unlocked;
+    }
+    /**
+     * Zeroize every entry and re-lock the table. The table remains usable —
+     * a subsequent unlock can repopulate it. Idempotent.
+     */
+    lock() {
+        if (this.#disposed)
+            return;
+        for (const e of this.#entries.values())
+            e.secret.dispose();
+        this.#entries.clear();
+        this.#unlocked = false;
+    }
     /**
-     * Zeroize every key and mark the table unusable. Idempotent.
+     * Final teardown: zeroize every key and mark the table unusable. After
+     * dispose(), get/has/list/lock/markUnlocked/addEntry/loadFromDir throw.
+     * Idempotent.
      */
     dispose() {
         if (this.#disposed)
@@ -131,6 +185,7 @@ export class HandleTable {
         for (const e of this.#entries.values())
             e.secret.dispose();
         this.#entries.clear();
+        this.#unlocked = false;
         this.#disposed = true;
     }
     get isDisposed() {

package/dist/src/daemon/handles.js.map

@@ -1 +1 @@
-{"version":3,"file":"handles.js","sourceRoot":"","sources":["../../../src/daemon/handles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAEL,SAAS,EACT,oBAAoB,GACrB,MAAM,oBAAoB,CAAC;AAE5B,MAAM,WAAW,GAAG,QAAQ,CAAC;AAC7B,6EAA6E;AAC7E,uEAAuE;AACvE,gDAAgD;AAChD,MAAM,SAAS,GAAG,0BAA0B,CAAC;AAQ7C,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACtB,KAAK,CAAW;IAClC,YAAY,OAAe,EAAE,KAAe;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,IAAI,KAAK,KAAK,SAAS;YAAE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IAC9C,CAAC;CACF;AAED;;;;;;GAMG;AACH,MAAM,OAAO,WAAW;IACtB,yCAAyC;IAChC,QAAQ,GAAG,IAAI,GAAG,EAAsD,CAAC;IAClF,SAAS,GAAG,KAAK,CAAC;IAElB,MAAM,CAAC,WAAW,CAAC,MAAc;QAC/B,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjC,IAAI,CAAC,CAAC;YAAE,MAAM,IAAI,eAAe,CAAC,mBAAmB,MAAM,2BAA2B,CAAC,CAAC;QACxF,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAE,EAAE,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,kBAAkB,CAAC,QAAgB;QACxC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QACjD,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;OAMG;IACH,WAAW,CAAC,GAAW,EAAE,UAAkB;QACzC,IAAI,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/D,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACpC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ;gBAAE,OAAO;YAC7D,MAAM,IAAI,eAAe,CAAC,iCAAiC,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QACzE,CAAC;QACD,KAAK,MAAM,QAAQ,IAAI,OAAO,EAAE,CAAC;YAC/B,MAAM,MAAM,GAAG,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YACxD,IAAI,MAAM,KAAK,IAAI;gBAAE,SAAS,CAAC,sBAAsB;YACrD,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YACjC,IAAI,IAAY,CAAC;YACjB,IAAI,CAAC;gBACH,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;YAC5B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,IAAI,eAAe,CAAC,0BAA0B,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;YACnE,CAAC;YACD,IAAI,MAAoB,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;YACvC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,GAAG,YAAY,oBAAoB,EAAE,CAAC;oBACxC,MAAM,IAAI,eAAe,CAAC,yCAAyC,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;gBAClF,CAAC;gBACD,MAAM,IAAI,eAAe,CAAC,4BAA4B,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;YACrE,CAAC;YACD,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,QAAQ,CAAC,MAAc,EAAE,MAAoB;QAC3C,IAAI,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/D,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,mBAAmB;QACpD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,eAAe,CAAC,qBAAqB,MAAM,GAAG,CAAC,CAAC;QAC5D,CAAC;QACD,MAAM,OAAO,GAAG,qBAAqB,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE;YACxB,MAAM;YACN,IAAI,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;SACvC,CAAC,CAAC;IACL,CAAC;IAED,GAAG,CAAC,MAAc;QAChB,IAAI,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAED;;;OAGG;IACH,GAAG,CAAC,MAAc;QAChB,IAAI,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAC3C,CAAC;IAED,IAAI;QACF,IAAI,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/D,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO;QAC3B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE;YAAE,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAC3D,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;CACF"}
+{"version":3,"file":"handles.js","sourceRoot":"","sources":["../../../src/daemon/handles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EAEL,SAAS,EACT,oBAAoB,GACrB,MAAM,oBAAoB,CAAC;AAE5B,MAAM,WAAW,GAAG,QAAQ,CAAC;AAC7B,6EAA6E;AAC7E,uEAAuE;AACvE,gDAAgD;AAChD,MAAM,SAAS,GAAG,0BAA0B,CAAC;AAQ7C,MAAM,OAAO,eAAgB,SAAQ,KAAK;IACtB,KAAK,CAAW;IAClC,YAAY,OAAe,EAAE,KAAe;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,IAAI,KAAK,KAAK,SAAS;YAAE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IAC9C,CAAC;CACF;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,OAAO,WAAW;IACtB,yCAAyC;IAChC,QAAQ,GAAG,IAAI,GAAG,EAAsD,CAAC;IAClF,SAAS,GAAG,KAAK,CAAC;IAClB,SAAS,GAAG,KAAK,CAAC;IAElB,MAAM,CAAC,WAAW,CAAC,MAAc;QAC/B,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACjC,IAAI,CAAC,CAAC;YAAE,MAAM,IAAI,eAAe,CAAC,mBAAmB,MAAM,2BAA2B,CAAC,CAAC;QACxF,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAE,EAAE,CAAC;IAC9C,CAAC;IAED,MAAM,CAAC,kBAAkB,CAAC,QAAgB;QACxC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QACjD,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;;;;;OAWG;IACH,WAAW,CAAC,GAAW,EAAE,UAAkB;QACzC,IAAI,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/D,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACpC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACrD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;gBACtB,OAAO;YACT,CAAC;YACD,MAAM,IAAI,eAAe,CAAC,iCAAiC,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,CAAC;YACH,KAAK,MAAM,QAAQ,IAAI,OAAO,EAAE,CAAC;gBAC/B,MAAM,MAAM,GAAG,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;gBACxD,IAAI,MAAM,KAAK,IAAI;oBAAE,SAAS;gBAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;gBACjC,IAAI,IAAY,CAAC;gBACjB,IAAI,CAAC;oBACH,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;gBAC5B,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,IAAI,eAAe,CAAC,0BAA0B,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;gBACnE,CAAC;gBACD,IAAI,MAAoB,CAAC;gBACzB,IAAI,CAAC;oBACH,MAAM,GAAG,SAAS,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;gBACvC,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,IAAI,GAAG,YAAY,oBAAoB,EAAE,CAAC;wBACxC,MAAM,IAAI,eAAe,CAAC,yCAAyC,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;oBAClF,CAAC;oBACD,MAAM,IAAI,eAAe,CAAC,4BAA4B,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;gBACrE,CAAC;gBACD,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;QACxB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,IAAI,EAAE,CAAC;YACZ,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,QAAQ,CAAC,MAAc,EAAE,MAAoB;QAC3C,IAAI,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/D,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,mBAAmB;QACpD,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9B,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,IAAI,eAAe,CAAC,qBAAqB,MAAM,GAAG,CAAC,CAAC;QAC5D,CAAC;QACD,MAAM,OAAO,GAAG,qBAAqB,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QACtD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,EAAE;YACxB,MAAM;YACN,IAAI,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE;SACvC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,YAAY;QACV,IAAI,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/D,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;IAED,GAAG,CAAC,MAAc;QAChB,IAAI,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAED;;;OAGG;IACH,GAAG,CAAC,MAAc;QAChB,IAAI,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/D,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAC3C,CAAC;IAED,IAAI;QACF,IAAI,IAAI,CAAC,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/D,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACxE,CAAC;IAED,UAAU;QACR,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC;QACjC,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED;;;OAGG;IACH,IAAI;QACF,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO;QAC3B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE;YAAE,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAC3D,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACH,OAAO;QACL,IAAI,IAAI,CAAC,SAAS;YAAE,OAAO;QAC3B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE;YAAE,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAC3D,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACtB,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;QACvB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;IACxB,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;CACF"}

package/dist/src/daemon/index.d.ts

@@ -1,5 +1,4 @@
-export { type RpcId, type RpcRequest, type RpcResponse, type RpcSuccess, type RpcError, type RpcErrorObject, type ParseResult, RPC_VERSION, RPC_PARSE_ERROR, RPC_INVALID_REQUEST, RPC_METHOD_NOT_FOUND, RPC_INVALID_PARAMS, RPC_INTERNAL_ERROR, RPC_PORTAL_NOT_FOUND, RPC_POLICY_DENIED, RPC_INVALID_PAYLOAD, parseRequest, encodeResponse, encodeError, } from './rpc.js';
 export { type PortalInfo, HandleLoadError, HandleTable, } from './handles.js';
-export { type MethodContext, type MethodHandler, RpcMethodError, METHODS, dispatch, } from './methods.js';
-export { type DaemonServerOpts, type DaemonServerHandle, type LogEvent, startDaemonServer, } from './server.js';
+export { type MethodContext, type MethodHandler, RpcMethodError, RPC_INVALID_PARAMS, RPC_METHOD_NOT_FOUND, RPC_PORTAL_NOT_FOUND, RPC_POLICY_DENIED, RPC_INVALID_PAYLOAD, RPC_DAEMON_LOCKED, METHODS, dispatch, } from './methods.js';
+export { readPassphrase, type ReadPassphraseDeps } from './passphrase.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/daemon/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/daemon/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,KAAK,EACV,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,KAAK,UAAU,EACf,KAAK,QAAQ,EACb,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,WAAW,EACX,eAAe,EACf,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,EACjB,mBAAmB,EACnB,YAAY,EACZ,cAAc,EACd,WAAW,GACZ,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,KAAK,UAAU,EACf,eAAe,EACf,WAAW,GACZ,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,cAAc,EACd,OAAO,EACP,QAAQ,GACT,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,QAAQ,EACb,iBAAiB,GAClB,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/daemon/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,UAAU,EACf,eAAe,EACf,WAAW,GACZ,MAAM,cAAc,CAAC;AACtB,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,cAAc,EACd,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,iBAAiB,EACjB,mBAAmB,EACnB,iBAAiB,EACjB,OAAO,EACP,QAAQ,GACT,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAAE,KAAK,kBAAkB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/src/daemon/index.js

@@ -1,5 +1,4 @@
-export { RPC_VERSION, RPC_PARSE_ERROR, RPC_INVALID_REQUEST, RPC_METHOD_NOT_FOUND, RPC_INVALID_PARAMS, RPC_INTERNAL_ERROR, RPC_PORTAL_NOT_FOUND, RPC_POLICY_DENIED, RPC_INVALID_PAYLOAD, parseRequest, encodeResponse, encodeError, } from './rpc.js';
 export { HandleLoadError, HandleTable, } from './handles.js';
-export { RpcMethodError, METHODS, dispatch, } from './methods.js';
-export { startDaemonServer, } from './server.js';
+export { RpcMethodError, RPC_INVALID_PARAMS, RPC_METHOD_NOT_FOUND, RPC_PORTAL_NOT_FOUND, RPC_POLICY_DENIED, RPC_INVALID_PAYLOAD, RPC_DAEMON_LOCKED, METHODS, dispatch, } from './methods.js';
+export { readPassphrase } from './passphrase.js';
 //# sourceMappingURL=index.js.map

package/dist/src/daemon/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/daemon/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAQL,WAAW,EACX,eAAe,EACf,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,kBAAkB,EAClB,oBAAoB,EACpB,iBAAiB,EACjB,mBAAmB,EACnB,YAAY,EACZ,cAAc,EACd,WAAW,GACZ,MAAM,UAAU,CAAC;AAClB,OAAO,EAEL,eAAe,EACf,WAAW,GACZ,MAAM,cAAc,CAAC;AACtB,OAAO,EAGL,cAAc,EACd,OAAO,EACP,QAAQ,GACT,MAAM,cAAc,CAAC;AACtB,OAAO,EAIL,iBAAiB,GAClB,MAAM,aAAa,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/daemon/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,eAAe,EACf,WAAW,GACZ,MAAM,cAAc,CAAC;AACtB,OAAO,EAGL,cAAc,EACd,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,iBAAiB,EACjB,mBAAmB,EACnB,iBAAiB,EACjB,OAAO,EACP,QAAQ,GACT,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAA2B,MAAM,iBAAiB,CAAC"}

package/dist/src/daemon/methods.d.ts

@@ -1,5 +1,12 @@
 import { type AuditWriter } from '../audit/index.js';
+import { type PolicyResolver } from '../policy/index.js';
 import { type HandleTable } from './handles.js';
+export declare const RPC_INVALID_PARAMS = -32602;
+export declare const RPC_METHOD_NOT_FOUND = -32601;
+export declare const RPC_PORTAL_NOT_FOUND = -32000;
+export declare const RPC_POLICY_DENIED = -32001;
+export declare const RPC_INVALID_PAYLOAD = -32002;
+export declare const RPC_DAEMON_LOCKED = -32003;
 export declare class RpcMethodError extends Error {
     readonly code: number;
     readonly data: unknown;
@@ -8,6 +15,12 @@ export declare class RpcMethodError extends Error {
 export interface MethodContext {
     handles: HandleTable;
     audit: AuditWriter;
+    /**
+     * Resolves the per-portal policy at evaluation time. Wrapped in an
+     * interface so tests can inject a constant policy without touching the
+     * filesystem.
+     */
+    policy: PolicyResolver;
 }
 export type MethodHandler = (params: unknown, ctx: MethodContext) => unknown;
 export declare const METHODS: Readonly<Record<string, MethodHandler>>;

package/dist/src/daemon/methods.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"methods.d.ts","sourceRoot":"","sources":["../../../src/daemon/methods.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,WAAW,EACjB,MAAM,mBAAmB,CAAC;AAgB3B,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,cAAc,CAAC;AAEhD,qBAAa,cAAe,SAAQ,KAAK;IACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;gBACX,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO;CAM1D;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,WAAW,CAAC;IACrB,KAAK,EAAE,WAAW,CAAC;CACpB;AAED,MAAM,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,aAAa,KAAK,OAAO,CAAC;AA8M7E,eAAO,MAAM,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAK1D,CAAC;AAEH;;;;GAIG;AACH,wBAAgB,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,aAAa,GAAG,OAAO,CAMrF"}
+{"version":3,"file":"methods.d.ts","sourceRoot":"","sources":["../../../src/daemon/methods.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,WAAW,EACjB,MAAM,mBAAmB,CAAC;AAW3B,OAAO,EAIL,KAAK,cAAc,EACpB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,cAAc,CAAC;AAKhD,eAAO,MAAM,kBAAkB,SAAS,CAAC;AACzC,eAAO,MAAM,oBAAoB,SAAS,CAAC;AAE3C,eAAO,MAAM,oBAAoB,SAAS,CAAC;AAC3C,eAAO,MAAM,iBAAiB,SAAS,CAAC;AACxC,eAAO,MAAM,mBAAmB,SAAS,CAAC;AAC1C,eAAO,MAAM,iBAAiB,SAAS,CAAC;AAExC,qBAAa,cAAe,SAAQ,KAAK;IACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;gBACX,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO;CAM1D;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,WAAW,CAAC;IACrB,KAAK,EAAE,WAAW,CAAC;IACnB;;;;OAIG;IACH,MAAM,EAAE,cAAc,CAAC;CACxB;AAED,MAAM,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,aAAa,KAAK,OAAO,CAAC;AA4P7E,eAAO,MAAM,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAK1D,CAAC;AAEH;;;;GAIG;AACH,wBAAgB,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,aAAa,GAAG,OAAO,CAMrF"}

package/dist/src/daemon/methods.js

@@ -1,5 +1,15 @@
 import { personalSign, signTransaction, signTypedData, } from '../eth/index.js';
-import { RPC_INVALID_PARAMS, RPC_METHOD_NOT_FOUND, RPC_PORTAL_NOT_FOUND, } from './rpc.js';
+import { evaluate, PolicyLoadError, } from '../policy/index.js';
+// Error codes — these match JSON-RPC 2.0 standard error codes plus a
+// sigil-specific range (-32000..-32099). They flow through the MCP wire
+// unchanged so the client sees the exact diagnosis.
+export const RPC_INVALID_PARAMS = -32602;
+export const RPC_METHOD_NOT_FOUND = -32601;
+// Sigil-specific:
+export const RPC_PORTAL_NOT_FOUND = -32000;
+export const RPC_POLICY_DENIED = -32001;
+export const RPC_INVALID_PAYLOAD = -32002;
+export const RPC_DAEMON_LOCKED = -32003;
 export class RpcMethodError extends Error {
     code;
     data;
@@ -33,12 +43,44 @@ function hexToBuf(s, methodName, key) {
     return Buffer.from(s.slice(2), 'hex');
 }
 function requirePortal(handles, handle) {
+    if (!handles.isUnlocked()) {
+        throw new RpcMethodError(RPC_DAEMON_LOCKED, 'sigil is locked — run "sigil unlock" in a terminal to load keys');
+    }
     const sb = handles.get(handle);
     if (!sb) {
         throw new RpcMethodError(RPC_PORTAL_NOT_FOUND, `portal "${handle}" not found`);
     }
     return sb.bytes();
 }
+/**
+ * Resolve the portal's policy and evaluate the request. On Deny — or on any
+ * PolicyLoadError (missing file, malformed TOML) — appends a deny entry to
+ * the audit log AND throws RPC_POLICY_DENIED. Returns silently on Allow.
+ *
+ * The order is: require unlocked + portal first, then policy. That way the
+ * caller's mistakes (wrong handle, daemon locked) error before we touch the
+ * policy file at all.
+ */
+function gatePolicy(ctx, handle, kind, payload, request) {
+    let reason;
+    try {
+        const policy = ctx.policy.resolve(handle);
+        const decision = evaluate(request, policy);
+        if (decision.allow)
+            return;
+        reason = decision.reason;
+    }
+    catch (err) {
+        if (err instanceof PolicyLoadError) {
+            reason = err.message;
+        }
+        else {
+            throw err;
+        }
+    }
+    ctx.audit.append({ kind, portal: handle, payload, decision: 'deny', reason });
+    throw new RpcMethodError(RPC_POLICY_DENIED, reason);
+}
 // ---------------------------------------------------------------------------
 // Methods
 // ---------------------------------------------------------------------------
@@ -51,6 +93,9 @@ const sigil_eth_sign_message = (params, ctx) => {
     const messageHex = asString(obj, 'message', 'eth_sign_message');
     const message = hexToBuf(messageHex, 'eth_sign_message', 'message');
     const priv = requirePortal(ctx.handles, portal);
+    gatePolicy(ctx, portal, 'eth_sign_message', { message: messageHex }, {
+        kind: 'message', messageBytes: message,
+    });
     const sig = personalSign(message, priv);
     const sigHex = ('0x' + sig.toString('hex'));
     ctx.audit.append({
@@ -163,6 +208,7 @@ const sigil_eth_sign_transaction = (params, ctx) => {
     }
     const tx = asTx(txObj);
     const priv = requirePortal(ctx.handles, portal);
+    gatePolicy(ctx, portal, 'eth_sign_transaction', { tx: txObj }, { kind: 'transaction', tx });
     const signed = signTransaction(tx, priv);
     ctx.audit.append({
         kind: 'eth_sign_transaction',
@@ -183,6 +229,9 @@ const sigil_eth_sign_typed_data = (params, ctx) => {
     // We trust the typed-data shape minimally — sign-typed.ts will throw
     // on missing fields; we wrap that as INVALID_PARAMS for the caller.
     const priv = requirePortal(ctx.handles, portal);
+    gatePolicy(ctx, portal, 'eth_sign_typed_data', { typedData: td }, {
+        kind: 'typed_data', typedData: td,
+    });
     let sig;
     try {
         sig = signTypedData(td, priv);

package/dist/src/daemon/methods.js.map

@@ -1 +1 @@
-{"version":3,"file":"methods.js","sourceRoot":"","sources":["../../../src/daemon/methods.ts"],"names":[],"mappings":"AAGA,OAAO,EAIL,YAAY,EAEZ,eAAe,EACf,aAAa,GAEd,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,UAAU,CAAC;AAGlB,MAAM,OAAO,cAAe,SAAQ,KAAK;IAC9B,IAAI,CAAS;IACb,IAAI,CAAU;IACvB,YAAY,IAAY,EAAE,OAAe,EAAE,IAAc;QACvD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;QAC7B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AASD,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,QAAQ,CAAC,MAAe,EAAE,UAAkB;IACnD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,GAAG,UAAU,4BAA4B,CAAC,CAAC;IAC1F,CAAC;IACD,OAAO,MAAiC,CAAC;AAC3C,CAAC;AAED,SAAS,QAAQ,CAAC,GAA4B,EAAE,GAAW,EAAE,UAAkB;IAC7E,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACnB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1B,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,GAAG,UAAU,KAAK,GAAG,mBAAmB,CAAC,CAAC;IACzF,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,UAAkB,EAAE,GAAW;IAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,GAAG,UAAU,KAAK,GAAG,0BAA0B,CAAC,CAAC;IAChG,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,aAAa,CAAC,OAAoB,EAAE,MAAc;IACzD,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/B,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,cAAc,CAAC,oBAAoB,EAAE,WAAW,MAAM,aAAa,CAAC,CAAC;IACjF,CAAC;IACD,OAAO,EAAE,CAAC,KAAK,EAAE,CAAC;AACpB,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,MAAM,kBAAkB,GAAkB,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE;IACzD,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AACzC,CAAC,CAAC;AAEF,MAAM,sBAAsB,GAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;IAC5D,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,kBAAkB,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,EAAE,SAAS,EAAE,kBAAkB,CAAC,CAAC;IAChE,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,EAAE,kBAAkB,EAAE,SAAS,CAAC,CAAC;IACpE,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAQ,CAAC;IACnD,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC;QACf,IAAI,EAAE,kBAAkB;QACxB,MAAM;QACN,OAAO,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;QAChC,QAAQ,EAAE,OAAO;QACjB,GAAG,EAAE,MAAM;KACZ,CAAC,CAAC;IACH,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;AAC/B,CAAC,CAAC;AAEF,SAAS,IAAI,CAAC,GAA4B;IACxC,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IACzB,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,wCAAwC,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,GAAG,GAAG,CAAC,GAAW,EAAU,EAAE;QAClC,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACnB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,IAAI,CAAC;gBACH,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;YACnB,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,OAAO,GAAG,4BAA4B,CAAC,CAAC;YACvF,CAAC;QACH,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,OAAO,GAAG,iCAAiC,CAAC,CAAC;YAC5F,CAAC;YACD,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;QACD,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,OAAO,GAAG,mCAAmC,CAAC,CAAC;IAC9F,CAAC,CAAC;IAEF,MAAM,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;IACrB,IAAI,EAAE,KAAK,IAAI,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,mCAAmC,CAAC,CAAC;IACpF,CAAC;IACD,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QAC9D,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,4CAA4C,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IACzB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,kCAAkC,CAAC,CAAC;IACnF,CAAC;IAED,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,MAAM,EAAE,GAAa;YACnB,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC;YACvB,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC;YACnB,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAC;YACzB,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAC;YACzB,EAAE,EAAE,EAA0B;YAC9B,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC;YACnB,IAAI,EAAE,IAAqB;SAC5B,CAAC;QACF,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,UAAU;IACV,MAAM,aAAa,GAAG,GAAG,CAAC,YAAY,CAAC,CAAC;IACxC,IAAI,UAAmC,CAAC;IACxC,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,UAAU,GAAG,EAAE,CAAC;IAClB,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;QACxC,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;YACzC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrE,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;YACtF,CAAC;YACD,MAAM,EAAE,GAAG,IAA+B,CAAC;YAC3C,MAAM,IAAI,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;YAC3B,MAAM,IAAI,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC;YAC/B,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClE,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,WAAW,CAAC,CAAC;YAC/E,CAAC;YACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,6BAA6B,CAAC,CAAC;YACjG,CAAC;YACD,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;gBACrB,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5D,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;gBACtF,CAAC;YACH,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,IAAqB,EAAE,WAAW,EAAE,IAAuB,EAAE,CAAC;QAClF,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,yCAAyC,CAAC,CAAC;IAC1F,CAAC;IACD,MAAM,EAAE,GAAc;QACpB,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC;QACvB,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC;QACnB,oBAAoB,EAAE,GAAG,CAAC,sBAAsB,CAAC;QACjD,YAAY,EAAE,GAAG,CAAC,cAAc,CAAC;QACjC,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAC;QACzB,EAAE,EAAE,EAA0B;QAC9B,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC;QACnB,IAAI,EAAE,IAAqB;QAC3B,UAAU;KACX,CAAC;IACF,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,0BAA0B,GAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;IAChE,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC;IACrD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,sBAAsB,CAAC,CAAC;IAC/D,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;IACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,4CAA4C,CAAC,CAAC;IAC7F,CAAC;IACD,MAAM,EAAE,GAAG,IAAI,CAAC,KAAgC,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC;QACf,IAAI,EAAE,sBAAsB;QAC5B,MAAM;QACN,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE;QACtB,QAAQ,EAAE,OAAO;QACjB,GAAG,EAAE,MAAM;KACZ,CAAC,CAAC;IACH,OAAO,EAAE,MAAM,EAAE,CAAC;AACpB,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;IAC/D,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IAC9D,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,CAAC,CAAC;IAC5B,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,+CAA+C,CAAC,CAAC;IAChG,CAAC;IACD,qEAAqE;IACrE,oEAAoE;IACpE,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,aAAa,CAAC,EAAe,EAAE,IAAI,CAAC,CAAC;IAC7C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,cAAc,CACtB,kBAAkB,EAClB,wBAAyB,GAAa,CAAC,OAAO,EAAE,CACjD,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAQ,CAAC;IACnD,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC;QACf,IAAI,EAAE,qBAAqB;QAC3B,MAAM;QACN,OAAO,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE;QAC1B,QAAQ,EAAE,OAAO;QACjB,GAAG,EAAE,MAAM;KACZ,CAAC,CAAC;IACH,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;AAC/B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAA4C,MAAM,CAAC,MAAM,CAAC;IAC5E,kBAAkB;IAClB,sBAAsB;IACtB,0BAA0B;IAC1B,yBAAyB;CAC1B,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,UAAU,QAAQ,CAAC,MAAc,EAAE,MAAe,EAAE,GAAkB;IAC1E,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,cAAc,CAAC,oBAAoB,EAAE,qBAAqB,MAAM,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,OAAO,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAC9B,CAAC"}
+{"version":3,"file":"methods.js","sourceRoot":"","sources":["../../../src/daemon/methods.ts"],"names":[],"mappings":"AAGA,OAAO,EAIL,YAAY,EAEZ,eAAe,EACf,aAAa,GAEd,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,QAAQ,EACR,eAAe,GAGhB,MAAM,oBAAoB,CAAC;AAG5B,qEAAqE;AACrE,wEAAwE;AACxE,oDAAoD;AACpD,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,KAAK,CAAC;AACzC,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,KAAK,CAAC;AAC3C,kBAAkB;AAClB,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,KAAK,CAAC;AAC3C,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,KAAK,CAAC;AACxC,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,KAAK,CAAC;AAC1C,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,KAAK,CAAC;AAExC,MAAM,OAAO,cAAe,SAAQ,KAAK;IAC9B,IAAI,CAAS;IACb,IAAI,CAAU;IACvB,YAAY,IAAY,EAAE,OAAe,EAAE,IAAc;QACvD,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;QAC7B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAeD,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,QAAQ,CAAC,MAAe,EAAE,UAAkB;IACnD,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,GAAG,UAAU,4BAA4B,CAAC,CAAC;IAC1F,CAAC;IACD,OAAO,MAAiC,CAAC;AAC3C,CAAC;AAED,SAAS,QAAQ,CAAC,GAA4B,EAAE,GAAW,EAAE,UAAkB;IAC7E,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IACnB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;QAC1B,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,GAAG,UAAU,KAAK,GAAG,mBAAmB,CAAC,CAAC;IACzF,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,QAAQ,CAAC,CAAS,EAAE,UAAkB,EAAE,GAAW;IAC1D,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,GAAG,UAAU,KAAK,GAAG,0BAA0B,CAAC,CAAC;IAChG,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,aAAa,CAAC,OAAoB,EAAE,MAAc;IACzD,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;QAC1B,MAAM,IAAI,cAAc,CACtB,iBAAiB,EACjB,iEAAiE,CAClE,CAAC;IACJ,CAAC;IACD,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/B,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,cAAc,CAAC,oBAAoB,EAAE,WAAW,MAAM,aAAa,CAAC,CAAC;IACjF,CAAC;IACD,OAAO,EAAE,CAAC,KAAK,EAAE,CAAC;AACpB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,UAAU,CACjB,GAAkB,EAClB,MAAc,EACd,IAAY,EACZ,OAAgB,EAChB,OAAsB;IAEtB,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC3C,IAAI,QAAQ,CAAC,KAAK;YAAE,OAAO;QAC3B,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,eAAe,EAAE,CAAC;YACnC,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC;QACvB,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IACD,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAC9E,MAAM,IAAI,cAAc,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC;AACtD,CAAC;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,MAAM,kBAAkB,GAAkB,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE;IACzD,OAAO,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AACzC,CAAC,CAAC;AAEF,MAAM,sBAAsB,GAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;IAC5D,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,kBAAkB,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,EAAE,SAAS,EAAE,kBAAkB,CAAC,CAAC;IAChE,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,EAAE,kBAAkB,EAAE,SAAS,CAAC,CAAC;IACpE,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,kBAAkB,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE;QACnE,IAAI,EAAE,SAAS,EAAE,YAAY,EAAE,OAAO;KACvC,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAQ,CAAC;IACnD,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC;QACf,IAAI,EAAE,kBAAkB;QACxB,MAAM;QACN,OAAO,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;QAChC,QAAQ,EAAE,OAAO;QACjB,GAAG,EAAE,MAAM;KACZ,CAAC,CAAC;IACH,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;AAC/B,CAAC,CAAC;AAEF,SAAS,IAAI,CAAC,GAA4B;IACxC,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IACzB,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5C,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,wCAAwC,CAAC,CAAC;IACzF,CAAC;IAED,MAAM,GAAG,GAAG,CAAC,GAAW,EAAU,EAAE;QAClC,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;QACnB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,IAAI,CAAC;gBACH,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;YACnB,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,OAAO,GAAG,4BAA4B,CAAC,CAAC;YACvF,CAAC;QACH,CAAC;QACD,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,OAAO,GAAG,iCAAiC,CAAC,CAAC;YAC5F,CAAC;YACD,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC;QACD,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,OAAO,GAAG,mCAAmC,CAAC,CAAC;IAC9F,CAAC,CAAC;IAEF,MAAM,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;IACrB,IAAI,EAAE,KAAK,IAAI,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC1C,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,mCAAmC,CAAC,CAAC;IACpF,CAAC;IACD,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;QAC9D,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,4CAA4C,CAAC,CAAC;IAC7F,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IACzB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,kCAAkC,CAAC,CAAC;IACnF,CAAC;IAED,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,MAAM,EAAE,GAAa;YACnB,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC;YACvB,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC;YACnB,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAC;YACzB,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAC;YACzB,EAAE,EAAE,EAA0B;YAC9B,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC;YACnB,IAAI,EAAE,IAAqB;SAC5B,CAAC;QACF,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,UAAU;IACV,MAAM,aAAa,GAAG,GAAG,CAAC,YAAY,CAAC,CAAC;IACxC,IAAI,UAAmC,CAAC;IACxC,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;QAChC,UAAU,GAAG,EAAE,CAAC;IAClB,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;QACxC,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;YACzC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrE,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;YACtF,CAAC;YACD,MAAM,EAAE,GAAG,IAA+B,CAAC;YAC3C,MAAM,IAAI,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;YAC3B,MAAM,IAAI,GAAG,EAAE,CAAC,aAAa,CAAC,CAAC;YAC/B,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClE,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,WAAW,CAAC,CAAC;YAC/E,CAAC;YACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,6BAA6B,CAAC,CAAC;YACjG,CAAC;YACD,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;gBACrB,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC5D,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,kBAAkB,CAAC,CAAC;gBACtF,CAAC;YACH,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,IAAqB,EAAE,WAAW,EAAE,IAAuB,EAAE,CAAC;QAClF,CAAC,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,yCAAyC,CAAC,CAAC;IAC1F,CAAC;IACD,MAAM,EAAE,GAAc;QACpB,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,GAAG,CAAC,SAAS,CAAC;QACvB,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC;QACnB,oBAAoB,EAAE,GAAG,CAAC,sBAAsB,CAAC;QACjD,YAAY,EAAE,GAAG,CAAC,cAAc,CAAC;QACjC,QAAQ,EAAE,GAAG,CAAC,UAAU,CAAC;QACzB,EAAE,EAAE,EAA0B;QAC9B,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC;QACnB,IAAI,EAAE,IAAqB;QAC3B,UAAU;KACX,CAAC;IACF,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,0BAA0B,GAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;IAChE,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC;IACrD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,sBAAsB,CAAC,CAAC;IAC/D,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC;IACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,4CAA4C,CAAC,CAAC;IAC7F,CAAC;IACD,MAAM,EAAE,GAAG,IAAI,CAAC,KAAgC,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,sBAAsB,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC,CAAC;IAC5F,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IACzC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC;QACf,IAAI,EAAE,sBAAsB;QAC5B,MAAM;QACN,OAAO,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE;QACtB,QAAQ,EAAE,OAAO;QACjB,GAAG,EAAE,MAAM;KACZ,CAAC,CAAC;IACH,OAAO,EAAE,MAAM,EAAE,CAAC;AACpB,CAAC,CAAC;AAEF,MAAM,yBAAyB,GAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;IAC/D,MAAM,GAAG,GAAG,QAAQ,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IAC9D,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,CAAC,CAAC;IAC5B,IAAI,OAAO,EAAE,KAAK,QAAQ,IAAI,EAAE,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,cAAc,CAAC,kBAAkB,EAAE,+CAA+C,CAAC,CAAC;IAChG,CAAC;IACD,qEAAqE;IACrE,oEAAoE;IACpE,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,qBAAqB,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE;QAChE,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,EAAe;KAC/C,CAAC,CAAC;IACH,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,aAAa,CAAC,EAAe,EAAE,IAAI,CAAC,CAAC;IAC7C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,cAAc,CACtB,kBAAkB,EAClB,wBAAyB,GAAa,CAAC,OAAO,EAAE,CACjD,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAQ,CAAC;IACnD,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC;QACf,IAAI,EAAE,qBAAqB;QAC3B,MAAM;QACN,OAAO,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE;QAC1B,QAAQ,EAAE,OAAO;QACjB,GAAG,EAAE,MAAM;KACZ,CAAC,CAAC;IACH,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC;AAC/B,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAA4C,MAAM,CAAC,MAAM,CAAC;IAC5E,kBAAkB;IAClB,sBAAsB;IACtB,0BAA0B;IAC1B,yBAAyB;CAC1B,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,UAAU,QAAQ,CAAC,MAAc,EAAE,MAAe,EAAE,GAAkB;IAC1E,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,cAAc,CAAC,oBAAoB,EAAE,qBAAqB,MAAM,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,OAAO,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAC9B,CAAC"}

package/dist/src/hooks/command-scanner.d.ts

@@ -0,0 +1,5 @@
+import { type BlockerOpts, type BlockDecision } from './path-blocker.js';
+export declare function scanBashCommand(command: string, opts?: BlockerOpts): BlockDecision & {
+    reason?: string;
+};
+//# sourceMappingURL=command-scanner.d.ts.map

package/dist/src/hooks/command-scanner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-scanner.d.ts","sourceRoot":"","sources":["../../../src/hooks/command-scanner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,KAAK,WAAW,EAAE,KAAK,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAwBxF,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,GAAE,WAAgB,GAAG,aAAa,GAAG;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CA+B5G"}

package/dist/src/hooks/command-scanner.js

@@ -0,0 +1,117 @@
+import { isBlockedPath } from './path-blocker.js';
+/**
+ * Scan a bash command for attempts to read a blocked path. Best-effort:
+ * a determined shell can always obfuscate, but we catch the obvious cases
+ * that a confused agent (or basic prompt injection) would produce.
+ *
+ * Approach:
+ *  1. Tokenize the command crudely on whitespace and shell metacharacters.
+ *  2. Skip the first token of each statement (the program name itself).
+ *  3. Check each remaining token against the path blocker.
+ *  4. Also detect a few "always block" reader commands when they appear at
+ *     a position that suggests they're targeting a key (e.g. `gpg
+ *     --export-secret-keys`).
+ */
+const COMMAND_SEPARATORS = /[;&|]|\$\(|`/;
+const ALWAYS_BLOCK_COMMAND_PATTERNS = Object.freeze([
+    { regex: /\bgpg\b[^|;]*--export-secret-keys?/i, reason: 'gpg --export-secret-keys reads private GPG key material' },
+    { regex: /\bssh-keygen\b[^|;]*-y\b/i, reason: 'ssh-keygen -y reads a private SSH key to derive the public key' },
+    { regex: /\bopenssl\b[^|;]*(pkey|rsa|ec)\b[^|;]*-(in|noout)/i, reason: 'openssl key dump' },
+]);
+export function scanBashCommand(command, opts = {}) {
+    // Check always-block patterns first; they're command-shape based.
+    for (const { regex, reason } of ALWAYS_BLOCK_COMMAND_PATTERNS) {
+        if (regex.test(command)) {
+            return { blocked: true, reason };
+        }
+    }
+    // Tokenize the command. Split on statement separators first so we treat
+    // each statement's program name separately.
+    const statements = command.split(COMMAND_SEPARATORS);
+    for (const stmt of statements) {
+        const tokens = tokenize(stmt);
+        if (tokens.length === 0)
+            continue;
+        // Skip the first token (program name) — we don't want to block on a path
+        // that happens to coincide with the script being executed. Args follow.
+        for (let i = 1; i < tokens.length; i++) {
+            const tok = stripShellQuoting(tokens[i]);
+            if (looksLikePath(tok)) {
+                const decision = isBlockedPath(tok, opts);
+                if (decision.blocked) {
+                    return {
+                        blocked: true,
+                        ...(decision.matchedPattern ? { matchedPattern: decision.matchedPattern } : {}),
+                        reason: `command argument "${tok}" matches blocked pattern ${decision.matchedPattern}`,
+                    };
+                }
+            }
+        }
+    }
+    return { blocked: false };
+}
+/**
+ * Very crude tokenization: split on whitespace but respect quoted strings.
+ * Good enough for the obvious-read-attempt detection we're going for.
+ */
+function tokenize(s) {
+    const tokens = [];
+    let cur = '';
+    let inSingle = false;
+    let inDouble = false;
+    for (let i = 0; i < s.length; i++) {
+        const c = s[i];
+        if (c === '\\' && i + 1 < s.length) {
+            cur += c + s[i + 1];
+            i++;
+            continue;
+        }
+        if (c === "'" && !inDouble) {
+            inSingle = !inSingle;
+            cur += c;
+            continue;
+        }
+        if (c === '"' && !inSingle) {
+            inDouble = !inDouble;
+            cur += c;
+            continue;
+        }
+        if (/\s/.test(c) && !inSingle && !inDouble) {
+            if (cur.length > 0) {
+                tokens.push(cur);
+                cur = '';
+            }
+            continue;
+        }
+        cur += c;
+    }
+    if (cur.length > 0)
+        tokens.push(cur);
+    return tokens;
+}
+function stripShellQuoting(tok) {
+    // Strip outer matching quotes; leave backslash escapes for the FS layer.
+    if (tok.length >= 2) {
+        const first = tok[0];
+        const last = tok[tok.length - 1];
+        if ((first === '"' && last === '"') || (first === "'" && last === "'")) {
+            return tok.slice(1, -1);
+        }
+    }
+    return tok;
+}
+function looksLikePath(tok) {
+    // Flags don't look like paths.
+    if (tok.startsWith('-'))
+        return false;
+    // Heuristic: contains a slash, OR starts with a dot (e.g. ".env"),
+    // OR is a bare filename ending in a key-ish extension.
+    if (tok.includes('/'))
+        return true;
+    if (tok.startsWith('.'))
+        return true;
+    if (/\.(pem|key|keystore|jks|p12)$/i.test(tok))
+        return true;
+    return false;
+}
+//# sourceMappingURL=command-scanner.js.map

package/dist/src/hooks/command-scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-scanner.js","sourceRoot":"","sources":["../../../src/hooks/command-scanner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAwC,MAAM,mBAAmB,CAAC;AAExF;;;;;;;;;;;;GAYG;AAEH,MAAM,kBAAkB,GAAG,cAAc,CAAC;AAE1C,MAAM,6BAA6B,GAAiD,MAAM,CAAC,MAAM,CAAC;IAChG,EAAE,KAAK,EAAE,qCAAqC,EAAE,MAAM,EAAE,yDAAyD,EAAE;IACnH,EAAE,KAAK,EAAE,2BAA2B,EAAE,MAAM,EAAE,gEAAgE,EAAE;IAChH,EAAE,KAAK,EAAE,oDAAoD,EAAE,MAAM,EAAE,kBAAkB,EAAE;CAC5F,CAAC,CAAC;AAEH,MAAM,UAAU,eAAe,CAAC,OAAe,EAAE,OAAoB,EAAE;IACrE,kEAAkE;IAClE,KAAK,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,6BAA6B,EAAE,CAAC;QAC9D,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACxB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QACnC,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,4CAA4C;IAC5C,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACrD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAClC,yEAAyE;QACzE,wEAAwE;QACxE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,MAAM,GAAG,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,CAAC;YAC1C,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;gBACvB,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;gBAC1C,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;oBACrB,OAAO;wBACL,OAAO,EAAE,IAAI;wBACb,GAAG,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,QAAQ,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;wBAC/E,MAAM,EAAE,qBAAqB,GAAG,6BAA6B,QAAQ,CAAC,cAAc,EAAE;qBACvF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC5B,CAAC;AAED;;;GAGG;AACH,SAAS,QAAQ,CAAC,CAAS;IACzB,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;QAChB,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;YACnC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACpB,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3B,QAAQ,GAAG,CAAC,QAAQ,CAAC;YACrB,GAAG,IAAI,CAAC,CAAC;YACT,SAAS;QACX,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3B,QAAQ,GAAG,CAAC,QAAQ,CAAC;YACrB,GAAG,IAAI,CAAC,CAAC;YACT,SAAS;QACX,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3C,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACnB,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACjB,GAAG,GAAG,EAAE,CAAC;YACX,CAAC;YACD,SAAS;QACX,CAAC;QACD,GAAG,IAAI,CAAC,CAAC;IACX,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACrC,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,yEAAyE;IACzE,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACpB,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAE,CAAC;QACtB,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;QAClC,IAAI,CAAC,KAAK,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACvE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,+BAA+B;IAC/B,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,mEAAmE;IACnE,uDAAuD;IACvD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACrC,IAAI,gCAAgC,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAC5D,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/src/hooks/glob.d.ts

@@ -0,0 +1,8 @@
+export declare function expandTilde(path: string): string;
+export declare function normalizePath(path: string): string;
+/**
+ * Convert a glob pattern to a RegExp. Anchored to the full string.
+ */
+export declare function globToRegex(glob: string): RegExp;
+export declare function globMatch(path: string, pattern: string): boolean;
+//# sourceMappingURL=glob.d.ts.map

package/dist/src/hooks/glob.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"glob.d.ts","sourceRoot":"","sources":["../../../src/hooks/glob.ts"],"names":[],"mappings":"AAgBA,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAIhD;AAmBD,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAElD;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAwChD;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAEhE"}