sigild 0.0.1 → 0.0.3

package/dist/src/hooks/glob.js

@@ -0,0 +1,98 @@
+// Tiny POSIX-style glob → regex translator. Just enough to support our
+// blocklist patterns (~/.sigil/everything, *.pem, .env at any depth, etc.).
+//
+// Supported syntax:
+//   double-star (globstar): match anything including path separators
+//   single-star            : match anything except path separators
+//   ?                      : match one char except separator
+//   [abc], [a-z]           : char class (passed through to RegExp)
+//   everything else        : literal
+//
+// `~` is expanded to the user's home directory before matching.
+// Matches are case-sensitive; paths are normalised by collapsing repeated
+// slashes and resolving `.` and `..` segments lexically.
+import { homedir } from 'node:os';
+export function expandTilde(path) {
+    if (path.startsWith('~/'))
+        return homedir() + path.slice(1);
+    if (path === '~')
+        return homedir();
+    return path;
+}
+function lexicalNormalize(path) {
+    // Collapse repeated slashes, resolve "." and ".." purely syntactically.
+    // Leading "/" preserved.
+    const isAbs = path.startsWith('/');
+    const parts = [];
+    for (const seg of path.split('/')) {
+        if (seg === '' || seg === '.')
+            continue;
+        if (seg === '..') {
+            if (parts.length > 0 && parts[parts.length - 1] !== '..')
+                parts.pop();
+            else if (!isAbs)
+                parts.push('..');
+            continue;
+        }
+        parts.push(seg);
+    }
+    return (isAbs ? '/' : '') + parts.join('/');
+}
+export function normalizePath(path) {
+    return lexicalNormalize(expandTilde(path));
+}
+/**
+ * Convert a glob pattern to a RegExp. Anchored to the full string.
+ */
+export function globToRegex(glob) {
+    const expanded = expandTilde(glob);
+    let re = '^';
+    let i = 0;
+    while (i < expanded.length) {
+        const c = expanded[i];
+        if (c === '*') {
+            if (expanded[i + 1] === '*') {
+                // ** — match anything including slashes; consume optional trailing /
+                re += '.*';
+                i += 2;
+                if (expanded[i] === '/')
+                    i++; // swallow `/` after ** so `a/**/b` matches `a/b`
+            }
+            else {
+                re += '[^/]*';
+                i++;
+            }
+        }
+        else if (c === '?') {
+            re += '[^/]';
+            i++;
+        }
+        else if (c === '[') {
+            // Pass character class through as-is; find matching ]
+            const end = expanded.indexOf(']', i + 1);
+            if (end === -1) {
+                // No close — treat literally
+                re += '\\[';
+                i++;
+            }
+            else {
+                re += expanded.slice(i, end + 1);
+                i = end + 1;
+            }
+        }
+        else if ('.+^$|()\\{}'.includes(c)) {
+            re += '\\' + c;
+            i++;
+        }
+        else {
+            re += c;
+            i++;
+        }
+    }
+    re += '$';
+    return new RegExp(re);
+}
+export function globMatch(path, pattern) {
+    return globToRegex(pattern).test(normalizePath(path));
+}
+//# sourceMappingURL=glob.js.map

package/dist/src/hooks/glob.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"glob.js","sourceRoot":"","sources":["../../../src/hooks/glob.ts"],"names":[],"mappings":"AAAA,uEAAuE;AACvE,4EAA4E;AAC5E,EAAE;AACF,oBAAoB;AACpB,qEAAqE;AACrE,mEAAmE;AACnE,6DAA6D;AAC7D,mEAAmE;AACnE,qCAAqC;AACrC,EAAE;AACF,gEAAgE;AAChE,0EAA0E;AAC1E,yDAAyD;AAEzD,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5D,IAAI,IAAI,KAAK,GAAG;QAAE,OAAO,OAAO,EAAE,CAAC;IACnC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY;IACpC,wEAAwE;IACxE,yBAAyB;IACzB,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACnC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAClC,IAAI,GAAG,KAAK,EAAE,IAAI,GAAG,KAAK,GAAG;YAAE,SAAS;QACxC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACjB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,IAAI;gBAAE,KAAK,CAAC,GAAG,EAAE,CAAC;iBACjE,IAAI,CAAC,KAAK;gBAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,SAAS;QACX,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,OAAO,gBAAgB,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY;IACtC,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnC,IAAI,EAAE,GAAG,GAAG,CAAC;IACb,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC3B,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAE,CAAC;QACvB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACd,IAAI,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAC5B,qEAAqE;gBACrE,EAAE,IAAI,IAAI,CAAC;gBACX,CAAC,IAAI,CAAC,CAAC;gBACP,IAAI,QAAQ,CAAC,CAAC,CAAC,KAAK,GAAG;oBAAE,CAAC,EAAE,CAAC,CAAC,iDAAiD;YACjF,CAAC;iBAAM,CAAC;gBACN,EAAE,IAAI,OAAO,CAAC;gBACd,CAAC,EAAE,CAAC;YACN,CAAC;QACH,CAAC;aAAM,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACrB,EAAE,IAAI,MAAM,CAAC;YACb,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACrB,sDAAsD;YACtD,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;YACzC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;gBACf,6BAA6B;gBAC7B,EAAE,IAAI,KAAK,CAAC;gBACZ,CAAC,EAAE,CAAC;YACN,CAAC;iBAAM,CAAC;gBACN,EAAE,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC;gBACjC,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC;aAAM,IAAI,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;YACrC,EAAE,IAAI,IAAI,GAAG,CAAC,CAAC;YACf,CAAC,EAAE,CAAC;QACN,CAAC;aAAM,CAAC;YACN,EAAE,IAAI,CAAC,CAAC;YACR,CAAC,EAAE,CAAC;QACN,CAAC;IACH,CAAC;IACD,EAAE,IAAI,GAAG,CAAC;IACV,OAAO,IAAI,MAAM,CAAC,EAAE,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,IAAY,EAAE,OAAe;IACrD,OAAO,WAAW,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;AACxD,CAAC"}

package/dist/src/hooks/index.d.ts

@@ -0,0 +1,9 @@
+export { type BlockerOpts, type BlockDecision as PathBlockDecision, DEFAULT_PATH_PATTERNS, isBlockedPath, } from './path-blocker.js';
+export { scanBashCommand } from './command-scanner.js';
+export { type RedactionStat, type RedactionResult, redact, } from './redactor.js';
+export { type HookEnvelope, type BlockDecision, type PostToolModification, readHookEnvelope, } from './protocol.js';
+export { decidePreToolUse } from './pre-tool-use.js';
+export { decidePostToolUse, walkAndRedact } from './post-tool-use.js';
+export { type InitOpts, type InitScope, type InitResult, installInto, settingsPath, } from './install.js';
+export { expandTilde, globMatch, globToRegex, normalizePath } from './glob.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/hooks/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,WAAW,EAChB,KAAK,aAAa,IAAI,iBAAiB,EACvC,qBAAqB,EACrB,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,eAAe,EACpB,MAAM,GACP,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,oBAAoB,EACzB,gBAAgB,GACjB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACtE,OAAO,EACL,KAAK,QAAQ,EACb,KAAK,SAAS,EACd,KAAK,UAAU,EACf,WAAW,EACX,YAAY,GACb,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC"}

package/dist/src/hooks/index.js

@@ -0,0 +1,9 @@
+export { DEFAULT_PATH_PATTERNS, isBlockedPath, } from './path-blocker.js';
+export { scanBashCommand } from './command-scanner.js';
+export { redact, } from './redactor.js';
+export { readHookEnvelope, } from './protocol.js';
+export { decidePreToolUse } from './pre-tool-use.js';
+export { decidePostToolUse, walkAndRedact } from './post-tool-use.js';
+export { installInto, settingsPath, } from './install.js';
+export { expandTilde, globMatch, globToRegex, normalizePath } from './glob.js';
+//# sourceMappingURL=index.js.map

package/dist/src/hooks/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/hooks/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,qBAAqB,EACrB,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAGL,MAAM,GACP,MAAM,eAAe,CAAC;AACvB,OAAO,EAIL,gBAAgB,GACjB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACtE,OAAO,EAIL,WAAW,EACX,YAAY,GACb,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC"}

package/dist/src/hooks/install.d.ts

@@ -0,0 +1,29 @@
+/**
+ * `sigil init` writes the hook config + MCP server registration into
+ * .claude/settings.json. Idempotent: re-running merges with whatever is
+ * there, preserving the user's unrelated settings.
+ */
+export type InitScope = 'project' | 'user';
+export interface InitOpts {
+    scope: InitScope;
+    /** Root for project-scoped install (where .claude/ goes). Defaults to CWD. */
+    projectRoot?: string;
+    /** Home dir for user-scoped install. Defaults to os.homedir(). */
+    homeDir?: string;
+    /**
+     * Path to the sigil-mcp binary to register. Defaults to looking up
+     * "sigil-mcp" on $PATH (which works if sigil was installed globally).
+     */
+    mcpCommand?: string;
+}
+export interface InitResult {
+    settingsPath: string;
+    changed: boolean;
+}
+export declare function settingsPath(opts: InitOpts): string;
+/**
+ * Idempotently install sigil's MCP server registration + hook config.
+ * Existing settings (other MCP servers, other hook handlers) are preserved.
+ */
+export declare function installInto(opts: InitOpts): InitResult;
+//# sourceMappingURL=install.d.ts.map

package/dist/src/hooks/install.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"install.d.ts","sourceRoot":"","sources":["../../../src/hooks/install.ts"],"names":[],"mappings":"AAIA;;;;GAIG;AAEH,MAAM,MAAM,SAAS,GAAG,SAAS,GAAG,MAAM,CAAC;AAE3C,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,SAAS,CAAC;IACjB,8EAA8E;IAC9E,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;CAClB;AAiCD,wBAAgB,YAAY,CAAC,IAAI,EAAE,QAAQ,GAAG,MAAM,CAOnD;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,QAAQ,GAAG,UAAU,CAoDtD"}

package/dist/src/hooks/install.js

@@ -0,0 +1,86 @@
+import { existsSync, mkdirSync, readFileSync, statSync, writeFileSync } from 'node:fs';
+import { dirname, join, resolve } from 'node:path';
+import { homedir } from 'node:os';
+const SIGIL_MCP_NAME = 'sigil';
+const SIGIL_HOOK_MARKER = 'sigil-hook-';
+export function settingsPath(opts) {
+    if (opts.scope === 'user') {
+        const home = opts.homeDir ?? homedir();
+        return join(home, '.claude', 'settings.json');
+    }
+    const root = opts.projectRoot ? resolve(opts.projectRoot) : process.cwd();
+    return join(root, '.claude', 'settings.json');
+}
+/**
+ * Idempotently install sigil's MCP server registration + hook config.
+ * Existing settings (other MCP servers, other hook handlers) are preserved.
+ */
+export function installInto(opts) {
+    const path = settingsPath(opts);
+    const before = readSettings(path);
+    const after = { ...before };
+    const mcpCommand = opts.mcpCommand ?? 'sigil-mcp';
+    // 1. MCP server registration — overwrite our entry; leave others alone.
+    const existingServers = after.mcpServers ?? {};
+    after.mcpServers = {
+        ...existingServers,
+        [SIGIL_MCP_NAME]: { command: mcpCommand },
+    };
+    // 2. Hooks — remove any prior sigil entries (identified by the
+    //    sigil-hook- prefix in the command path) then re-add fresh ones.
+    const stripSigil = (matchers) => {
+        if (!matchers)
+            return [];
+        return matchers
+            .map((m) => ({
+            ...m,
+            hooks: m.hooks.filter((h) => !h.command.includes(SIGIL_HOOK_MARKER)),
+        }))
+            .filter((m) => m.hooks.length > 0);
+    };
+    const hooks = { ...(after.hooks ?? {}) };
+    hooks.PreToolUse = [
+        ...stripSigil(hooks.PreToolUse),
+        {
+            matcher: 'Read|Bash',
+            hooks: [{ type: 'command', command: 'sigil-hook-pre' }],
+        },
+    ];
+    hooks.PostToolUse = [
+        ...stripSigil(hooks.PostToolUse),
+        {
+            matcher: '.*',
+            hooks: [{ type: 'command', command: 'sigil-hook-post' }],
+        },
+    ];
+    after.hooks = hooks;
+    // Bail early if no change.
+    const beforeJson = JSON.stringify(before);
+    const afterJson = JSON.stringify(after);
+    if (beforeJson === afterJson && existsSync(path)) {
+        return { settingsPath: path, changed: false };
+    }
+    mkdirSync(dirname(path), { recursive: true });
+    writeFileSync(path, JSON.stringify(after, null, 2) + '\n', { mode: 0o644 });
+    return { settingsPath: path, changed: true };
+}
+function readSettings(path) {
+    if (!existsSync(path))
+        return {};
+    try {
+        statSync(path);
+    }
+    catch {
+        return {};
+    }
+    try {
+        const text = readFileSync(path, 'utf8');
+        if (text.trim() === '')
+            return {};
+        return JSON.parse(text);
+    }
+    catch (err) {
+        throw new Error(`could not parse ${path}: ${err.message}`);
+    }
+}
+//# sourceMappingURL=install.js.map

package/dist/src/hooks/install.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"install.js","sourceRoot":"","sources":["../../../src/hooks/install.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACvF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAwDlC,MAAM,cAAc,GAAG,OAAO,CAAC;AAC/B,MAAM,iBAAiB,GAAG,aAAa,CAAC;AAExC,MAAM,UAAU,YAAY,CAAC,IAAc;IACzC,IAAI,IAAI,CAAC,KAAK,KAAK,MAAM,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;IAChD,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1E,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;AAChD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,IAAc;IACxC,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAChC,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,EAAE,GAAG,MAAM,EAAE,CAAC;IAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,WAAW,CAAC;IAElD,wEAAwE;IACxE,MAAM,eAAe,GAAG,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;IAC/C,KAAK,CAAC,UAAU,GAAG;QACjB,GAAG,eAAe;QAClB,CAAC,cAAc,CAAC,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE;KAC1C,CAAC;IAEF,+DAA+D;IAC/D,qEAAqE;IACrE,MAAM,UAAU,GAAG,CAAC,QAAmC,EAAiB,EAAE;QACxE,IAAI,CAAC,QAAQ;YAAE,OAAO,EAAE,CAAC;QACzB,OAAO,QAAQ;aACZ,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACX,GAAG,CAAC;YACJ,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;SACrE,CAAC,CAAC;aACF,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC;IAEF,MAAM,KAAK,GAAgB,EAAE,GAAG,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,CAAC;IACtD,KAAK,CAAC,UAAU,GAAG;QACjB,GAAG,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC;QAC/B;YACE,OAAO,EAAE,WAAW;YACpB,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC;SACxD;KACF,CAAC;IACF,KAAK,CAAC,WAAW,GAAG;QAClB,GAAG,UAAU,CAAC,KAAK,CAAC,WAAW,CAAC;QAChC;YACE,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC;SACzD;KACF,CAAC;IACF,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC;IAEpB,2BAA2B;IAC3B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAChD,CAAC;IAED,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9C,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5E,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC/C,CAAC;AAED,SAAS,YAAY,CAAC,IAAY;IAChC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,CAAC;IACjC,IAAI,CAAC;QAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC;QAAC,OAAO,EAAE,CAAC;IAAC,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QACxC,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE;YAAE,OAAO,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,mBAAmB,IAAI,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACxE,CAAC;AACH,CAAC"}

package/dist/src/hooks/path-blocker.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Built-in patterns we always block. These are not user-configurable; they
+ * represent paths where a key would conventionally live and that the agent
+ * should never read.
+ */
+export declare const DEFAULT_PATH_PATTERNS: readonly string[];
+export interface BlockDecision {
+    blocked: boolean;
+    /** The pattern that matched, useful for surfacing in the error to the agent. */
+    matchedPattern?: string;
+}
+export interface BlockerOpts {
+    /** Extra glob patterns to block, in addition to the built-ins. */
+    extraPatterns?: readonly string[];
+}
+/**
+ * Decide whether to block a path read. Both the resolved absolute path AND
+ * the raw user-supplied path are checked, because attackers (or confused
+ * agents) may pass paths with `..` or symlinks that resolve to a blocked
+ * location while looking innocent.
+ *
+ * Note: this does NOT resolve symlinks itself. Symlink resolution is best
+ * left to the caller (who has filesystem access). For sigil's hook context,
+ * the agent already has filesystem access and would do the symlink read
+ * before our hook fires; the meaningful protection is preventing direct
+ * reads through obvious paths.
+ */
+export declare function isBlockedPath(path: string, opts?: BlockerOpts): BlockDecision;
+//# sourceMappingURL=path-blocker.d.ts.map

package/dist/src/hooks/path-blocker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-blocker.d.ts","sourceRoot":"","sources":["../../../src/hooks/path-blocker.ts"],"names":[],"mappings":"AAGA;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,EAAE,SAAS,MAAM,EAuBjD,CAAC;AAEH,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,gFAAgF;IAChF,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,WAAW;IAC1B,kEAAkE;IAClE,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACnC;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,WAAgB,GAAG,aAAa,CAejF"}

package/dist/src/hooks/path-blocker.js

@@ -0,0 +1,59 @@
+import { basename } from 'node:path';
+import { globMatch, normalizePath } from './glob.js';
+/**
+ * Built-in patterns we always block. These are not user-configurable; they
+ * represent paths where a key would conventionally live and that the agent
+ * should never read.
+ */
+export const DEFAULT_PATH_PATTERNS = Object.freeze([
+    // sigil's own state
+    '**/.sigil/**',
+    // common key file extensions
+    '**/*.pem',
+    '**/*.key',
+    '**/*.keystore',
+    '**/*.jks',
+    '**/*.p12',
+    // SSH private key conventions
+    '**/.ssh/id_*',
+    '**/.ssh/*_rsa',
+    '**/.ssh/*_ed25519',
+    '**/.ssh/*_ecdsa',
+    // env files (no extension, dotted prefix variants like .env.local)
+    '**/.env',
+    '**/.env.*',
+    // ethereum/geth keystore directories
+    '**/keystore',
+    '**/keystore/**',
+    // GPG / pass(1) storage
+    '**/.gnupg/**',
+    '**/.password-store/**',
+]);
+/**
+ * Decide whether to block a path read. Both the resolved absolute path AND
+ * the raw user-supplied path are checked, because attackers (or confused
+ * agents) may pass paths with `..` or symlinks that resolve to a blocked
+ * location while looking innocent.
+ *
+ * Note: this does NOT resolve symlinks itself. Symlink resolution is best
+ * left to the caller (who has filesystem access). For sigil's hook context,
+ * the agent already has filesystem access and would do the symlink read
+ * before our hook fires; the meaningful protection is preventing direct
+ * reads through obvious paths.
+ */
+export function isBlockedPath(path, opts = {}) {
+    const patterns = [...DEFAULT_PATH_PATTERNS, ...(opts.extraPatterns ?? [])];
+    const normalized = normalizePath(path);
+    const base = basename(normalized);
+    for (const pattern of patterns) {
+        if (globMatch(normalized, pattern)) {
+            return { blocked: true, matchedPattern: pattern };
+        }
+        // Also test the basename so a pattern like `**/.env` catches relative `.env`.
+        if (globMatch(base, pattern.replace(/^\*\*\//, ''))) {
+            return { blocked: true, matchedPattern: pattern };
+        }
+    }
+    return { blocked: false };
+}
+//# sourceMappingURL=path-blocker.js.map

package/dist/src/hooks/path-blocker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-blocker.js","sourceRoot":"","sources":["../../../src/hooks/path-blocker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACrC,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAErD;;;;GAIG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAsB,MAAM,CAAC,MAAM,CAAC;IACpE,oBAAoB;IACpB,cAAc;IACd,6BAA6B;IAC7B,UAAU;IACV,UAAU;IACV,eAAe;IACf,UAAU;IACV,UAAU;IACV,8BAA8B;IAC9B,cAAc;IACd,eAAe;IACf,mBAAmB;IACnB,iBAAiB;IACjB,mEAAmE;IACnE,SAAS;IACT,WAAW;IACX,qCAAqC;IACrC,aAAa;IACb,gBAAgB;IAChB,wBAAwB;IACxB,cAAc;IACd,uBAAuB;CACxB,CAAC,CAAC;AAaH;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,aAAa,CAAC,IAAY,EAAE,OAAoB,EAAE;IAChE,MAAM,QAAQ,GAAG,CAAC,GAAG,qBAAqB,EAAE,GAAG,CAAC,IAAI,CAAC,aAAa,IAAI,EAAE,CAAC,CAAC,CAAC;IAC3E,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC;IAElC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,SAAS,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,CAAC;YACnC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC;QACpD,CAAC;QACD,8EAA8E;QAC9E,IAAI,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;YACpD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC;QACpD,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC5B,CAAC"}

package/dist/src/hooks/post-tool-use.d.ts

@@ -0,0 +1,13 @@
+import type { HookEnvelope, PostToolModification } from './protocol.js';
+/**
+ * Walk the tool_response field of a PostToolUse envelope, redacting every
+ * string we find. Returns the modification envelope to emit, or null if
+ * nothing changed.
+ */
+export declare function decidePostToolUse(env: HookEnvelope): PostToolModification | null;
+/**
+ * Recursively descend into objects, arrays, and strings, applying redact()
+ * to every string we encounter. Accumulates redaction counts.
+ */
+export declare function walkAndRedact(value: unknown, totals: Map<string, number>): unknown;
+//# sourceMappingURL=post-tool-use.d.ts.map

package/dist/src/hooks/post-tool-use.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"post-tool-use.d.ts","sourceRoot":"","sources":["../../../src/hooks/post-tool-use.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAExE;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,YAAY,GAAG,oBAAoB,GAAG,IAAI,CAchF;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,OAAO,CAiBlF"}

package/dist/src/hooks/post-tool-use.js

@@ -0,0 +1,45 @@
+import { redact } from './redactor.js';
+/**
+ * Walk the tool_response field of a PostToolUse envelope, redacting every
+ * string we find. Returns the modification envelope to emit, or null if
+ * nothing changed.
+ */
+export function decidePostToolUse(env) {
+    const response = env.tool_response;
+    if (response === undefined)
+        return null;
+    const totals = new Map();
+    const redacted = walkAndRedact(response, totals);
+    if (totals.size === 0)
+        return null;
+    return {
+        hookSpecificOutput: {
+            hookEventName: 'PostToolUse',
+            updatedToolResponse: redacted,
+        },
+    };
+}
+/**
+ * Recursively descend into objects, arrays, and strings, applying redact()
+ * to every string we encounter. Accumulates redaction counts.
+ */
+export function walkAndRedact(value, totals) {
+    if (typeof value === 'string') {
+        const r = redact(value);
+        for (const s of r.redactions)
+            totals.set(s.reason, (totals.get(s.reason) ?? 0) + s.count);
+        return r.text;
+    }
+    if (Array.isArray(value)) {
+        return value.map((v) => walkAndRedact(v, totals));
+    }
+    if (value !== null && typeof value === 'object') {
+        const out = {};
+        for (const [k, v] of Object.entries(value)) {
+            out[k] = walkAndRedact(v, totals);
+        }
+        return out;
+    }
+    return value;
+}
+//# sourceMappingURL=post-tool-use.js.map

package/dist/src/hooks/post-tool-use.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"post-tool-use.js","sourceRoot":"","sources":["../../../src/hooks/post-tool-use.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAwB,MAAM,eAAe,CAAC;AAG7D;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAiB;IACjD,MAAM,QAAQ,GAAG,GAAG,CAAC,aAAa,CAAC;IACnC,IAAI,QAAQ,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAExC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IACzC,MAAM,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACjD,IAAI,MAAM,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnC,OAAO;QACL,kBAAkB,EAAE;YAClB,aAAa,EAAE,aAAa;YAC5B,mBAAmB,EAAE,QAA4C;SAClE;KACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,KAAc,EAAE,MAA2B;IACvE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAoB,MAAM,CAAC,KAAK,CAAC,CAAC;QACzC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,UAAU;YAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QAC1F,OAAO,CAAC,CAAC,IAAI,CAAC;IAChB,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/src/hooks/pre-tool-use.d.ts

@@ -0,0 +1,8 @@
+import { type BlockerOpts } from './path-blocker.js';
+import type { BlockDecision, HookEnvelope } from './protocol.js';
+/**
+ * Decide whether a PreToolUse event should be blocked. Pure function; the
+ * bin entrypoint wraps this with stdin/stdout handling.
+ */
+export declare function decidePreToolUse(env: HookEnvelope, opts?: BlockerOpts): BlockDecision | null;
+//# sourceMappingURL=pre-tool-use.d.ts.map

package/dist/src/hooks/pre-tool-use.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pre-tool-use.d.ts","sourceRoot":"","sources":["../../../src/hooks/pre-tool-use.ts"],"names":[],"mappings":"AACA,OAAO,EAAiB,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACpE,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAEjE;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,GAAE,WAAgB,GAAG,aAAa,GAAG,IAAI,CA+BhG"}

package/dist/src/hooks/pre-tool-use.js

@@ -0,0 +1,38 @@
+import { scanBashCommand } from './command-scanner.js';
+import { isBlockedPath } from './path-blocker.js';
+/**
+ * Decide whether a PreToolUse event should be blocked. Pure function; the
+ * bin entrypoint wraps this with stdin/stdout handling.
+ */
+export function decidePreToolUse(env, opts = {}) {
+    const toolName = env.tool_name;
+    const input = env.tool_input ?? {};
+    if (toolName === 'Read') {
+        const path = typeof input['file_path'] === 'string' ? input['file_path'] : undefined;
+        if (path === undefined)
+            return null;
+        const d = isBlockedPath(path, opts);
+        if (d.blocked) {
+            return {
+                decision: 'block',
+                reason: `sigil ward: ${path} matches blocked pattern ${d.matchedPattern}. This path is on sigil's wardlist (~/.sigil/wards.toml + built-in defaults). If you need to read a file like this, edit the wardlist.`,
+            };
+        }
+        return null;
+    }
+    if (toolName === 'Bash') {
+        const cmd = typeof input['command'] === 'string' ? input['command'] : undefined;
+        if (cmd === undefined)
+            return null;
+        const d = scanBashCommand(cmd, opts);
+        if (d.blocked) {
+            return {
+                decision: 'block',
+                reason: `sigil ward: bash command blocked — ${d.reason ?? 'matched blocked pattern'}.`,
+            };
+        }
+        return null;
+    }
+    return null; // not a tool we ward
+}
+//# sourceMappingURL=pre-tool-use.js.map

package/dist/src/hooks/pre-tool-use.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pre-tool-use.js","sourceRoot":"","sources":["../../../src/hooks/pre-tool-use.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAoB,MAAM,mBAAmB,CAAC;AAGpE;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAiB,EAAE,OAAoB,EAAE;IACxE,MAAM,QAAQ,GAAG,GAAG,CAAC,SAAS,CAAC;IAC/B,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;IAEnC,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,OAAO,KAAK,CAAC,WAAW,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QACrF,IAAI,IAAI,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;QACpC,MAAM,CAAC,GAAG,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACpC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YACd,OAAO;gBACL,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,eAAe,IAAI,4BAA4B,CAAC,CAAC,cAAc,wIAAwI;aAChN,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QACxB,MAAM,GAAG,GAAG,OAAO,KAAK,CAAC,SAAS,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAChF,IAAI,GAAG,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;QACnC,MAAM,CAAC,GAAG,eAAe,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACrC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;YACd,OAAO;gBACL,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE,sCAAsC,CAAC,CAAC,MAAM,IAAI,yBAAyB,GAAG;aACvF,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,IAAI,CAAC,CAAC,qBAAqB;AACpC,CAAC"}

package/dist/src/hooks/protocol.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Claude Code hook I/O protocol. Hooks are spawned as subprocesses; they
+ * receive a JSON envelope on stdin and may write a JSON decision on stdout.
+ *
+ * Reference: https://docs.claude.com/en/docs/claude-code/hooks (subject to
+ * change; the fields below are what sigil's hooks read and write).
+ */
+export interface HookEnvelope {
+    session_id?: string;
+    transcript_path?: string;
+    hook_event_name?: string;
+    tool_name?: string;
+    tool_input?: Record<string, unknown>;
+    tool_response?: Record<string, unknown> | string;
+    [key: string]: unknown;
+}
+/**
+ * Decision emitted by a PreToolUse hook. Returning `{ decision: "block" }`
+ * stops the tool call and surfaces `reason` to the model.
+ */
+export interface BlockDecision {
+    decision: 'block';
+    reason: string;
+}
+/**
+ * Output from a PostToolUse hook that wants to modify the tool's response
+ * (e.g., redact secrets). The exact shape Claude Code accepts is in flux;
+ * we emit a structure that has been stable in recent versions.
+ */
+export interface PostToolModification {
+    hookSpecificOutput: {
+        hookEventName: 'PostToolUse';
+        updatedToolResponse: Record<string, unknown> | string;
+    };
+}
+/**
+ * Read the entire stdin stream and parse it as JSON. Returns an empty
+ * object if stdin closes without data.
+ */
+export declare function readHookEnvelope(stdin?: NodeJS.ReadableStream): Promise<HookEnvelope>;
+//# sourceMappingURL=protocol.d.ts.map

package/dist/src/hooks/protocol.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.d.ts","sourceRoot":"","sources":["../../../src/hooks/protocol.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,WAAW,YAAY;IAC3B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC;IAEjD,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,kBAAkB,EAAE;QAClB,aAAa,EAAE,aAAa,CAAC;QAC7B,mBAAmB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC;KACvD,CAAC;CACH;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CAAC,KAAK,GAAE,MAAM,CAAC,cAA8B,GAAG,OAAO,CAAC,YAAY,CAAC,CAY1G"}

package/dist/src/hooks/protocol.js

@@ -0,0 +1,27 @@
+/**
+ * Claude Code hook I/O protocol. Hooks are spawned as subprocesses; they
+ * receive a JSON envelope on stdin and may write a JSON decision on stdout.
+ *
+ * Reference: https://docs.claude.com/en/docs/claude-code/hooks (subject to
+ * change; the fields below are what sigil's hooks read and write).
+ */
+/**
+ * Read the entire stdin stream and parse it as JSON. Returns an empty
+ * object if stdin closes without data.
+ */
+export async function readHookEnvelope(stdin = process.stdin) {
+    const chunks = [];
+    for await (const c of stdin) {
+        chunks.push(typeof c === 'string' ? Buffer.from(c, 'utf8') : c);
+    }
+    const text = Buffer.concat(chunks).toString('utf8').trim();
+    if (text.length === 0)
+        return {};
+    try {
+        return JSON.parse(text);
+    }
+    catch (err) {
+        throw new Error(`hook stdin was not valid JSON: ${err.message}`);
+    }
+}
+//# sourceMappingURL=protocol.js.map

package/dist/src/hooks/protocol.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol.js","sourceRoot":"","sources":["../../../src/hooks/protocol.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAkCH;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,QAA+B,OAAO,CAAC,KAAK;IACjF,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,KAAK,EAAE,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAW,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IAC3D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACjC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,kCAAmC,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9E,CAAC;AACH,CAAC"}

package/dist/src/hooks/redactor.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Output redactor — the second line of defence behind the path blocker.
+ * If a key somehow ends up in tool output (because the agent read a file
+ * the blocker missed, or coaxed a key out of an API), redact it before it
+ * reaches the model's context.
+ *
+ * The rules are deliberately strict — false positives are tolerable
+ * (redacted noise in tool output is annoying; an exfiltrated key is fatal).
+ */
+export interface RedactionStat {
+    reason: string;
+    count: number;
+}
+export interface RedactionResult {
+    text: string;
+    redactions: RedactionStat[];
+}
+export declare function redact(text: string): RedactionResult;
+//# sourceMappingURL=redactor.d.ts.map

package/dist/src/hooks/redactor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redactor.d.ts","sourceRoot":"","sources":["../../../src/hooks/redactor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,aAAa,EAAE,CAAC;CAC7B;AAuDD,wBAAgB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,CAYpD"}