@agent-native/core 0.49.20 → 0.49.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/dist/cli/pr-visual-recap-workflow.d.ts +1 -1
  2. package/dist/cli/pr-visual-recap-workflow.d.ts.map +1 -1
  3. package/dist/cli/pr-visual-recap-workflow.js +1 -1
  4. package/dist/cli/pr-visual-recap-workflow.js.map +1 -1
  5. package/dist/cli/recap.d.ts +5 -2
  6. package/dist/cli/recap.d.ts.map +1 -1
  7. package/dist/cli/recap.js +106 -51
  8. package/dist/cli/recap.js.map +1 -1
  9. package/dist/client/blocks/library/annotation-rail.d.ts +17 -0
  10. package/dist/client/blocks/library/annotation-rail.d.ts.map +1 -1
  11. package/dist/client/blocks/library/annotation-rail.js +19 -6
  12. package/dist/client/blocks/library/annotation-rail.js.map +1 -1
  13. package/dist/client/blocks/library/wireframe-kit.d.ts.map +1 -1
  14. package/dist/client/blocks/library/wireframe-kit.js +4 -0
  15. package/dist/client/blocks/library/wireframe-kit.js.map +1 -1
  16. package/dist/client/db-admin/DevDatabaseLink.d.ts +4 -9
  17. package/dist/client/db-admin/DevDatabaseLink.d.ts.map +1 -1
  18. package/dist/client/db-admin/DevDatabaseLink.js +5 -19
  19. package/dist/client/db-admin/DevDatabaseLink.js.map +1 -1
  20. package/dist/styles/blocks.css +11 -0
  21. package/docs/content/template-plan.md +1 -1
  22. package/package.json +1 -1
package/dist/cli/recap.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"recap.d.ts","sourceRoot":"","sources":["../../src/cli/recap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAsDH,mEAAmE;AACnE,eAAO,MAAM,qBAAqB,EAAE,MAAM,EASzC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,mBAAmB,GAC3B;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,GACrD;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GACnC;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzD,+DAA+D;AAC/D,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;IAAE,KAAK,CAAC,EAAE,OAAO,CAAA;CAAO,GAChC,mBAAmB,CAsBrB;AAMD;;;;;;;;;;;GAWG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,eAAe,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;CACX,GACL,MAAM,CAuCR;AAKD,4EAA4E;AAC5E,wBAAgB,wCAAwC,CACtD,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;IACP,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,eAAe,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;CACX,GACL,mBAAmB,CA2BrB;AAID,KAAK,eAAe,GAAG,QAAQ,GAAG,OAAO,CAAC;AAE1C,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,OAAO,CAAC;AAI5C,eAAO,MAAM,wBAAwB,gFAI3B,CAAC;AAEX,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,UAAU,CAOzE;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,EAAE,CAKhE;AAuJD,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,UAAU,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;CAClD;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE;IACzC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;CACzB,GAAG,cAAc,CAsCjB;AAyPD,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAErD;AAED;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,CACrC,aAAa,EAAE,MAAM,GACpB,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CA0BxB;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,GAChC,OAAO,CAST;AAED,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAChB,SAAS,GAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAM,GACrC,OAAO,CAcT;AAUD,wBAAgB,2BAA2B,CACzC,KAAK,EAAE,MAAM,EACb,QAAQ,GAAE,MAAgC,GACzC,MAAM,CAyBR;AA2CD,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,GACjB,MAAM,CA8DR;AASD,wBAAgB,iBAAiB,CAAC,KAAK,EAAE;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GAAG,MAAM,CAoBT;AAoCD,wBAAgB,0BAA0B,CACxC,KAAK,GAAE;IACL,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CACX,GACL,MAAM,CAqBR;AAMD,8DAA8D;AAC9D,eAAO,MAAM,mBAAmB,SAAS,CAAC;AAE1C,oEAAoE;AACpE,eAAO,MAAM,2BAA2B,wDACe,CAAC;AAyBxD;;;;;;;;;;GAUG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;CACvB,GAAG;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,OAAO,CAAA;CAAE,CAKnC;AAED;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CA2CxD;AAED;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAU/D;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAOvD;AA4HD;;;;GAIG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GAAG,SAAS,GACxB,MAAM,CAwBR;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAU/D;AAED,KAAK,eAAe,GAAG;IACrB,EAAE,EAAE,IAAI,CAAC;IACT,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,oBAAoB,GAAG;IAC1B,EAAE,EAAE,KAAK,CAAC;IACV,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG,eAAe,GAAG,oBAAoB,CAAC;AA2JzE;;;;;;;GAOG;AACH,wBAAsB,kBAAkB,CAAC,KAAK,EAAE;IAC9C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAClC,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;CACxB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAyF/B;AAkHD;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,GAAG,GAAE,MAAsB,GAAG;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB,CAgBA;AAED,KAAK,oBAAoB,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;AAkEvD,wBAAgB,0BAA0B,CACxC,GAAG,GAAE,MAAsB,EAC3B,IAAI,GAAE,oBAA6B,GAClC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAKlC;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;gFAC4E;IAC5E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;;;OAMG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,MAAM,CA+HT;AAcD,KAAK,oBAAoB,GAAG,OAAO,GAAG,MAAM,CAAC;AAE7C,KAAK,aAAa,GAAG;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC;CACxC,CAAC;AAiCF,wBAAsB,mBAAmB,CAAC,KAAK,EAAE;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,qDAAqD;IACrD,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;CACxB,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAoBhC;AAED,wBAAsB,aAAa,CAAC,KAAK,EAAE;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,yEAAyE;IACzE,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,qDAAqD;IACrD,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;CACxB,GAAG,OAAO,CAAC;IACV,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;IAC1C,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC,CAuCD;AAoCD,qEAAqE;AACrE,wBAAgB,gBAAgB,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,MAAM,CA+H7E;AAoFD;;;;;;;;;;GAUG;AACH,wBAAsB,uBAAuB,CAAC,KAAK,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;CACxB,GAAG,OAAO,CAAC,OAAO,CAAC,CA0BnB;AAED,iFAAiF;AACjF,wBAAsB,gBAAgB,CAAC,KAAK,EAAE;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,qDAAqD;IACrD,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;IACvB,gEAAgE;IAChE,MAAM,CAAC,EAAE,OAAO,uBAAuB,CAAC;CACzC,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA+CzB;AAYD,KAAK,gBAAgB,GAAG;IAAE,QAAQ,EAAE,OAAO,YAAY,EAAE,WAAW,CAAA;CAAE,CAAC;AAwBvE,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,MAAM,EACX,OAAO,GAAE;IAAE,KAAK,CAAC,EAAE,oBAAoB,CAAA;CAAO,GAC7C,MAAM,CAcR;AAED,wBAAsB,OAAO,CAC3B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;AACtC,kEAAkE;AAClE,gBAAgB,GAAE,MAAM,OAAO,CAAC,gBAAgB,CAA2B,GAC1E,OAAO,CAAC,IAAI,CAAC,CAiNf;AA0ED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,IAAI,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE;YAAE,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;SAAE,GAAG,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC;IAC9D,IAAI,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC;CAC/D;AAED,MAAM,WAAW,cAAc;IAC7B,8DAA8D;IAC9D,EAAE,EAAE,oBAAoB,GAAG,IAAI,CAAC;IAChC,wCAAwC;IACxC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,gCAAgC;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,iCAAiC;IACjC,YAAY,EAAE,OAAO,CAAC;IACtB,8BAA8B;IAC9B,SAAS,EAAE,OAAO,CAAC;IACnB,mEAAmE;IACnE,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,uDAAuD;IACvD,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC;IAC1B,gFAAgF;IAChF,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,kEAAkE;IAClE,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAiBD,wBAAgB,oBAAoB,CAClC,CAAC,EAAE,MAAM,EACT,OAAO,GAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAA;CAAO,GACrC,OAAO,CAiBT;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,cAAc,GAAG;IACxD,GAAG,EAAE,OAAO,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAkFA;AAiLD;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAG3E;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,GACf,MAAM,CAQR;AAOD;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAiBxE;AAED,wBAAgB,+BAA+B,CAC7C,KAAK,GAAE;IACL,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;CACZ,GACL,MAAM,CA0BR;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE;IACjD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,MAAM,CAUT;AAED,+EAA+E;AAC/E,MAAM,WAAW,sBAAsB;IACrC,gFAAgF;IAChF,MAAM,EAAE,OAAO,CAAC;IAChB,2EAA2E;IAC3E,OAAO,EAAE,MAAM,CAAC;IAChB,6DAA6D;IAC7D,MAAM,EAAE,MAAM,CAAC;IACf,6EAA6E;IAC7E,IAAI,EAAE,OAAO,CAAC;IACd,iEAAiE;IACjE,IAAI,EAAE,OAAO,CAAC;IACd,6EAA6E;IAC7E,UAAU,EAAE,OAAO,CAAC;IACpB,iFAAiF;IACjF,cAAc,EAAE,MAAM,CAAC;IACvB,wEAAwE;IACxE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,+EAA+E;IAC/E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4DAA4D;IAC5D,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,kEAAkE;AAClE,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;IAC9C,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,sBAAsB,GAC5B,iBAAiB,CAqDnB;AAgLD,UAAU,WAAW;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAwBD;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAmBnE;AA2BD;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAajE;AAsLD,wBAAsB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAqD5D"}
1
+ {"version":3,"file":"recap.d.ts","sourceRoot":"","sources":["../../src/cli/recap.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AAsDH,mEAAmE;AACnE,eAAO,MAAM,qBAAqB,EAAE,MAAM,EAUzC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,MAAM,mBAAmB,GAC3B;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,GACrD;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GACnC;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzD,+DAA+D;AAC/D,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;IAAE,KAAK,CAAC,EAAE,OAAO,CAAA;CAAO,GAChC,mBAAmB,CAsBrB;AAMD;;;;;;;;;;;GAWG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,GAAE;IACP,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,eAAe,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;CACX,GACL,MAAM,CAwCR;AAKD,4EAA4E;AAC5E,wBAAgB,wCAAwC,CACtD,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;IACP,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,eAAe,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;CACX,GACL,mBAAmB,CA2BrB;AAID,KAAK,eAAe,GAAG,QAAQ,GAAG,OAAO,CAAC;AAE1C,MAAM,MAAM,UAAU,GAAG,QAAQ,GAAG,OAAO,CAAC;AAI5C,eAAO,MAAM,wBAAwB,gFAI3B,CAAC;AAEX,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,UAAU,CAOzE;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,EAAE,CAKhE;AAuJD,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,UAAU,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;CAClD;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE;IACzC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;CACzB,GAAG,cAAc,CAsCjB;AAkQD,MAAM,MAAM,mBAAmB,GAAG,KAAK,GAAG,iBAAiB,GAAG,QAAQ,CAAC;AAEvE,wBAAgB,4BAA4B,CAC1C,KAAK,EAAE,MAAM,GAAG,SAAS,GACxB,mBAAmB,CAKrB;AAQD,wBAAgB,eAAe,CAC7B,IAAI,EAAE,MAAM,EACZ,IAAI,GAAE,mBAAuC,GAC5C,OAAO,CAET;AAED;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,CACrC,aAAa,EAAE,MAAM,GACpB,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CA0BxB;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,GAChC,OAAO,CAST;AAED,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAChB,SAAS,GAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAM,EACtC,IAAI,GAAE,mBAAuC,GAC5C,OAAO,CAeT;AAUD,wBAAgB,2BAA2B,CACzC,KAAK,EAAE,MAAM,EACb,QAAQ,GAAE,MAAgC,GACzC,MAAM,CAyBR;AA2CD,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,GACjB,MAAM,CA8DR;AASD,wBAAgB,iBAAiB,CAAC,KAAK,EAAE;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GAAG,MAAM,CAoBT;AAoCD,wBAAgB,0BAA0B,CACxC,KAAK,GAAE;IACL,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CACX,GACL,MAAM,CAqBR;AAMD,8DAA8D;AAC9D,eAAO,MAAM,mBAAmB,SAAS,CAAC;AAE1C,oEAAoE;AACpE,eAAO,MAAM,2BAA2B,wDACe,CAAC;AAyBxD;;;;;;;;;;GAUG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;CACvB,GAAG;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,OAAO,CAAA;CAAE,CAKnC;AAED;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CA2CxD;AAED;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAU/D;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAOvD;AA4HD;;;;GAIG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GAAG,SAAS,GACxB,MAAM,CAwBR;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAU/D;AAED,KAAK,eAAe,GAAG;IACrB,EAAE,EAAE,IAAI,CAAC;IACT,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,oBAAoB,GAAG;IAC1B,EAAE,EAAE,KAAK,CAAC;IACV,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG,eAAe,GAAG,oBAAoB,CAAC;AAyKzE;;;;;;;GAOG;AACH,wBAAsB,kBAAkB,CAAC,KAAK,EAAE;IAC9C,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAClC,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;CACxB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAyF/B;AAkHD;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,GAAG,GAAE,MAAsB,GAAG;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB,CAgBA;AAED,KAAK,oBAAoB,GAAG,MAAM,GAAG,QAAQ,GAAG,MAAM,CAAC;AAkEvD,wBAAgB,0BAA0B,CACxC,GAAG,GAAE,MAAsB,EAC3B,IAAI,GAAE,oBAA6B,GAClC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAKlC;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;gFAC4E;IAC5E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;;;OAMG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,MAAM,CA+HT;AAcD,KAAK,oBAAoB,GAAG,OAAO,GAAG,MAAM,CAAC;AAE7C,KAAK,aAAa,GAAG;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC;CACxC,CAAC;AAiCF,wBAAsB,mBAAmB,CAAC,KAAK,EAAE;IAC/C,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,qDAAqD;IACrD,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;CACxB,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAoBhC;AAED,wBAAsB,aAAa,CAAC,KAAK,EAAE;IACzC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,yEAAyE;IACzE,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,qDAAqD;IACrD,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;CACxB,GAAG,OAAO,CAAC;IACV,MAAM,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;IAC1C,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC,CAuCD;AAoCD,qEAAqE;AACrE,wBAAgB,gBAAgB,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,MAAM,CA0H7E;AA2FD;;;;;;;;;;GAUG;AACH,wBAAsB,uBAAuB,CAAC,KAAK,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;CACxB,GAAG,OAAO,CAAC,OAAO,CAAC,CA0BnB;AAED,iFAAiF;AACjF,wBAAsB,gBAAgB,CAAC,KAAK,EAAE;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,qDAAqD;IACrD,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;IACvB,gEAAgE;IAChE,MAAM,CAAC,EAAE,OAAO,uBAAuB,CAAC;CACzC,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA+CzB;AAYD,KAAK,gBAAgB,GAAG;IAAE,QAAQ,EAAE,OAAO,YAAY,EAAE,WAAW,CAAA;CAAE,CAAC;AAwBvE,wBAAgB,yBAAyB,CACvC,GAAG,EAAE,MAAM,EACX,OAAO,GAAE;IAAE,KAAK,CAAC,EAAE,oBAAoB,CAAA;CAAO,GAC7C,MAAM,CAcR;AAED,wBAAsB,OAAO,CAC3B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;AACtC,kEAAkE;AAClE,gBAAgB,GAAE,MAAM,OAAO,CAAC,gBAAgB,CAA2B,GAC1E,OAAO,CAAC,IAAI,CAAC,CAiNf;AA0ED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,IAAI,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE;YAAE,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;SAAE,GAAG,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC;IAC9D,IAAI,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC;CAC/D;AAED,MAAM,WAAW,cAAc;IAC7B,8DAA8D;IAC9D,EAAE,EAAE,oBAAoB,GAAG,IAAI,CAAC;IAChC,wCAAwC;IACxC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,gCAAgC;IAChC,OAAO,EAAE,OAAO,CAAC;IACjB,iCAAiC;IACjC,YAAY,EAAE,OAAO,CAAC;IACtB,8BAA8B;IAC9B,SAAS,EAAE,OAAO,CAAC;IACnB,mEAAmE;IACnE,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,uDAAuD;IACvD,KAAK,EAAE,MAAM,GAAG,SAAS,CAAC;IAC1B,gFAAgF;IAChF,WAAW,EAAE,MAAM,GAAG,SAAS,CAAC;IAChC,kEAAkE;IAClE,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAiBD,wBAAgB,oBAAoB,CAClC,CAAC,EAAE,MAAM,EACT,OAAO,GAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAA;CAAO,GACrC,OAAO,CAiBT;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,cAAc,GAAG;IACxD,GAAG,EAAE,OAAO,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CA4FA;AAgLD;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAG3E;AAED,wBAAgB,wBAAwB,IAAI,MAAM,CAMjD;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,GACf,MAAM,CAQR;AAOD;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAiBxE;AAED,wBAAgB,+BAA+B,CAC7C,KAAK,GAAE;IACL,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;CACZ,GACL,MAAM,CA0BR;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE;IACjD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,MAAM,CAUT;AAED,+EAA+E;AAC/E,MAAM,WAAW,sBAAsB;IACrC,gFAAgF;IAChF,MAAM,EAAE,OAAO,CAAC;IAChB,2EAA2E;IAC3E,OAAO,EAAE,MAAM,CAAC;IAChB,6DAA6D;IAC7D,MAAM,EAAE,MAAM,CAAC;IACf,6EAA6E;IAC7E,IAAI,EAAE,OAAO,CAAC;IACd,iEAAiE;IACjE,IAAI,EAAE,OAAO,CAAC;IACd,6EAA6E;IAC7E,UAAU,EAAE,OAAO,CAAC;IACpB,iFAAiF;IACjF,cAAc,EAAE,MAAM,CAAC;IACvB,wEAAwE;IACxE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,+EAA+E;IAC/E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4DAA4D;IAC5D,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,kEAAkE;AAClE,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;IAC9C,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,sBAAsB,GAC5B,iBAAiB,CAqDnB;AAgLD,UAAU,WAAW;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAwBD;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAmBnE;AA2BD;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAajE;AA2LD,wBAAsB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAqD5D"}
package/dist/cli/recap.js CHANGED
@@ -84,6 +84,7 @@ export const PR_VISUAL_RECAP_SETUP = [
84
84
  " OPENAI_API_KEY (secret) + VISUAL_RECAP_AGENT=codex (variable) — use Codex instead of Claude",
85
85
  " VISUAL_RECAP_MODEL / VISUAL_RECAP_REASONING (variables) — pin the model (e.g. gpt-5.5) and reasoning depth (none|minimal|low|medium|high|xhigh; Codex only)",
86
86
  " VISUAL_RECAP_SKILL_SOURCE=repo (variable) — pin CI to the repo-local visual-recap skill instead of latest bundled guidance",
87
+ " VISUAL_RECAP_SECRET_SCAN=off|high-confidence|strict (variable) — default high-confidence; strict restores generic TOKEN/SECRET assignment suppression",
87
88
  " PLAN_RECAP_APP_URL (secret) — only when self-hosting the plan app (defaults to https://plan.agent-native.com)",
88
89
  ];
89
90
  /** Write .github/workflows/pr-visual-recap.yml into a repo. */
@@ -159,6 +160,7 @@ export function buildReusableCallerWorkflow(options = {}) {
159
160
  ` model: ${modelValue}\n` +
160
161
  ` reasoning: \${{ vars.VISUAL_RECAP_REASONING || '' }}\n` +
161
162
  ` skill-source: \${{ vars.VISUAL_RECAP_SKILL_SOURCE || 'auto' }}\n` +
163
+ ` secret-scan: \${{ vars.VISUAL_RECAP_SECRET_SCAN || 'high-confidence' }}\n` +
162
164
  ` # cli-version: "latest" # pin to a specific @agent-native/core version\n` +
163
165
  ``);
164
166
  }
@@ -571,29 +573,52 @@ function runDoctor(args) {
571
573
  /* Secret scan — defense-in-depth before any LLM sees the diff */
572
574
  /* -------------------------------------------------------------------------- */
573
575
  /**
574
- * If the diff contains anything that looks like a real secret, we refuse to
575
- * build a recap at all (rather than risk echoing it into a published plan).
576
- * These patterns intentionally err toward caution and scan added, removed, and
577
- * context lines so deleting a real secret does not leak it in a split diff.
576
+ * If the diff contains a high-confidence secret shape, we refuse to build a
577
+ * recap at all (rather than risk echoing it into a published plan). The default
578
+ * deliberately avoids generic TOKEN/SECRET assignment names because code often
579
+ * contains harmless variable references like `var.webhook_token`.
578
580
  */
579
- const SECRET_PATTERNS = [
581
+ const HIGH_CONFIDENCE_SECRET_PATTERNS = [
580
582
  // Common provider key prefixes.
581
- /\b(?:sk|pk|rk)-[A-Za-z0-9]{16,}\b/,
583
+ /\bsk-(?:proj-)?[A-Za-z0-9_-]{24,}\b/,
584
+ /\b(?:sk|rk)_live_[A-Za-z0-9]{16,}\b/,
585
+ /\bSG\.[A-Za-z0-9_-]{16,}\.[A-Za-z0-9_-]{16,}\b/,
586
+ /\bGOCSPX-[A-Za-z0-9_-]{20,}\b/,
587
+ /\bbpk-[A-Za-z0-9_-]{16,}\b/,
582
588
  /\bghp_[A-Za-z0-9]{20,}\b/,
583
589
  /\bgithub_pat_[A-Za-z0-9_]{20,}\b/,
584
590
  /\bxox[baprs]-[A-Za-z0-9-]{10,}\b/,
585
591
  /\bAKIA[0-9A-Z]{16}\b/,
586
592
  /\bAIza[0-9A-Za-z_-]{20,}\b/,
587
593
  // Bearer / Authorization header values with an actual token.
588
- /authorization\s*[:=]\s*['"]?bearer\s+[A-Za-z0-9._-]{12,}/i,
594
+ /authorization\s*[:=]\s*['"]?bearer\s+[A-Za-z0-9._-]{20,}/i,
589
595
  // Private key blocks.
590
596
  /-----BEGIN (?:RSA |EC |OPENSSH |DSA |PGP )?PRIVATE KEY-----/,
591
- // `KEY=...`, `TOKEN=...`, `SECRET=...`, `PASSWORD=...` assigned a real-looking
592
- // value (long, non-placeholder).
597
+ ];
598
+ const STRICT_SECRET_PATTERNS = [
599
+ ...HIGH_CONFIDENCE_SECRET_PATTERNS,
600
+ // Strict mode only: `KEY=...`, `TOKEN=...`, `SECRET=...`, `PASSWORD=...`
601
+ // assigned a real-looking value. This is intentionally not the default; it
602
+ // has produced too many false positives on variable names and CLI flags.
593
603
  /\b[A-Z0-9_]*(?:SECRET|TOKEN|PASSWORD|API_KEY|PRIVATE_KEY|ACCESS_KEY)[A-Z0-9_]*\s*[:=]\s*['"]?(?!.*(?:your|example|placeholder|changeme|xxxx|\*\*\*|<|\$\{|process\.env|env\.|REDACTED))[A-Za-z0-9/_+=.-]{16,}/i,
594
604
  ];
595
- export function lineLooksSecret(line) {
596
- return SECRET_PATTERNS.some((re) => re.test(line));
605
+ export function normalizeRecapSecretScanMode(value) {
606
+ const mode = (value || "high-confidence").trim().toLowerCase();
607
+ if (mode === "off" || mode === "false" || mode === "disabled")
608
+ return "off";
609
+ if (mode === "strict")
610
+ return "strict";
611
+ return "high-confidence";
612
+ }
613
+ function secretPatternsForMode(mode) {
614
+ if (mode === "off")
615
+ return [];
616
+ if (mode === "strict")
617
+ return STRICT_SECRET_PATTERNS;
618
+ return HIGH_CONFIDENCE_SECRET_PATTERNS;
619
+ }
620
+ export function lineLooksSecret(line, mode = "high-confidence") {
621
+ return secretPatternsForMode(mode).some((re) => re.test(line));
597
622
  }
598
623
  /**
599
624
  * Parse a `.github/recap-scan-allowlist` file into a list of matchers.
@@ -651,14 +676,16 @@ export function lineMatchesAllowlist(line, allowlist) {
651
676
  }
652
677
  return false;
653
678
  }
654
- export function diffContainsSecret(diffText, allowlist = []) {
679
+ export function diffContainsSecret(diffText, allowlist = [], mode = "high-confidence") {
680
+ if (mode === "off")
681
+ return false;
655
682
  for (const line of diffText.split("\n")) {
656
683
  if (line.startsWith("+") ||
657
684
  line.startsWith("-") ||
658
685
  line.startsWith(" ") ||
659
686
  line.startsWith("+++") ||
660
687
  line.startsWith("---")) {
661
- if (lineLooksSecret(line) && !lineMatchesAllowlist(line, allowlist))
688
+ if (lineLooksSecret(line, mode) && !lineMatchesAllowlist(line, allowlist))
662
689
  return true;
663
690
  }
664
691
  }
@@ -1129,6 +1156,15 @@ export function buildRecapCodexMcpConfig(appUrl) {
1129
1156
  'bearer_token_env_var = "PLAN_RECAP_TOKEN"\n' +
1130
1157
  'http_headers = { "X-Agent-Native-MCP-Client" = "agent-native-pr-visual-recap", "X-Agent-Native-MCP-Full-Catalog" = "1" }\n');
1131
1158
  }
1159
+ /**
1160
+ * Per-attempt timeout for the non-mutating MCP smoke probe. Short enough that
1161
+ * the workflow's 3-attempt retry loop can recover from a cold-start hang within
1162
+ * the job budget, long enough not to flake on a warm-but-slow response. The
1163
+ * plan app is serverless and intermittently 404s / stalls during a cold start
1164
+ * or mid-deploy; without a bound, undici's multi-minute default header/body
1165
+ * timeout would burn the whole job on a single stuck attempt.
1166
+ */
1167
+ const RECAP_MCP_SMOKE_TIMEOUT_MS = 15_000;
1132
1168
  function recapMcpUrl(appUrl) {
1133
1169
  return appUrl.replace(/\/$/, "") + "/_agent-native/mcp";
1134
1170
  }
@@ -1191,6 +1227,10 @@ async function postRecapMcpRpc(input) {
1191
1227
  method: input.method,
1192
1228
  params: input.params ?? {},
1193
1229
  }),
1230
+ // Bound each attempt so a cold-start hang fails fast and the workflow's
1231
+ // smoke retry loop can re-probe a (by-then warm) endpoint, instead of
1232
+ // blocking on undici's multi-minute default timeout.
1233
+ signal: AbortSignal.timeout(RECAP_MCP_SMOKE_TIMEOUT_MS),
1194
1234
  });
1195
1235
  const raw = await response.text().catch((err) => String(err));
1196
1236
  if (!response.ok) {
@@ -1704,7 +1744,7 @@ export function buildCommentBody(env = process.env) {
1704
1744
  // transient failure does not orphan the plan.
1705
1745
  const prevPlanId = (env.PREV_PLAN_ID || "").trim() || null;
1706
1746
  if (env.SUPPRESSED === "true") {
1707
- let reason = "potential secret in diff";
1747
+ let reason = "high-confidence secret in diff";
1708
1748
  try {
1709
1749
  const parsed = JSON.parse(env.SUPPRESSED_JSON || "{}");
1710
1750
  if (parsed && typeof parsed.reason === "string")
@@ -1722,9 +1762,9 @@ export function buildCommentBody(env = process.env) {
1722
1762
  lines.push("", `<!-- plan-id: ${prevPlanId} -->`);
1723
1763
  return lines.join("\n");
1724
1764
  }
1725
- // Tiny diffs aren't worth a recap. Refresh an existing sticky comment to this
1726
- // state (the workflow only updates, never creates, on tiny) so stale recap
1727
- // links do not linger on no-op changes.
1765
+ // Tiny diffs aren't worth a recap. The workflow upserts this state as a sticky
1766
+ // comment (created or updated) so the too-small outcome is explained and stale
1767
+ // recap links do not linger on no-op changes.
1728
1768
  if (env.DIFF_TINY === "true") {
1729
1769
  lines.push("### Visual recap — skipped (diff too small)");
1730
1770
  lines.push("");
@@ -1783,21 +1823,17 @@ export function buildCommentBody(env = process.env) {
1783
1823
  const fallbackImageUrl = lightImageUrl || darkImageUrl;
1784
1824
  lines.push(`Here's a [visual recap](${safeUrl}) of what changed:`);
1785
1825
  lines.push("");
1786
- lines.push("_Access note: private-repo recaps are org-gated. Sign in to Agent-Native Plans with access to this org if the link does not open._");
1787
- lines.push("");
1788
- if (lightImageUrl && darkImageUrl) {
1826
+ if (fallbackImageUrl) {
1789
1827
  lines.push(`<a href="${safeUrl}">`);
1790
1828
  lines.push(`<picture>`);
1791
- lines.push(` <source media="(prefers-color-scheme: dark)" srcset="${darkImageUrl}">`);
1792
- lines.push(` <img alt="Visual recap" src="${lightImageUrl}">`);
1829
+ if (lightImageUrl && darkImageUrl) {
1830
+ lines.push(` <source media="(prefers-color-scheme: dark)" srcset="${darkImageUrl}">`);
1831
+ }
1832
+ lines.push(` <img alt="Visual recap" src="${fallbackImageUrl}">`);
1793
1833
  lines.push(`</picture>`);
1794
1834
  lines.push(`</a>`);
1795
1835
  lines.push("");
1796
1836
  }
1797
- else if (fallbackImageUrl) {
1798
- lines.push(`[![Visual recap](${fallbackImageUrl})](${safeUrl})`);
1799
- lines.push("");
1800
- }
1801
1837
  lines.push(`**[Open the full interactive recap](${safeUrl})**`);
1802
1838
  if (env.DIFF_HUGE === "true") {
1803
1839
  lines.push("");
@@ -1812,15 +1848,19 @@ export function buildCommentBody(env = process.env) {
1812
1848
  function runScan(args) {
1813
1849
  const diffPath = stringArg(args, "diff");
1814
1850
  const diffText = fs.readFileSync(path.resolve(diffPath), "utf8");
1851
+ const mode = normalizeRecapSecretScanMode(optionalArg(args, "mode") ?? process.env.VISUAL_RECAP_SECRET_SCAN);
1815
1852
  // Load the optional consumer-repo allowlist to suppress known false positives.
1816
1853
  const allowlistPath = optionalArg(args, "allowlist") ??
1817
1854
  path.join(process.cwd(), ".github", "recap-scan-allowlist");
1818
1855
  const allowlist = parseRecapScanAllowlist(allowlistPath);
1819
- if (diffContainsSecret(diffText, allowlist)) {
1820
- process.stdout.write(`${JSON.stringify({ suppressed: true, reason: "potential secret in diff" })}\n`);
1856
+ if (diffContainsSecret(diffText, allowlist, mode)) {
1857
+ const reason = mode === "strict"
1858
+ ? "strict secret-pattern match in diff"
1859
+ : "high-confidence secret in diff";
1860
+ process.stdout.write(`${JSON.stringify({ suppressed: true, reason, mode })}\n`);
1821
1861
  }
1822
1862
  else {
1823
- process.stdout.write(`${JSON.stringify({ suppressed: false })}\n`);
1863
+ process.stdout.write(`${JSON.stringify({ suppressed: false, mode })}\n`);
1824
1864
  }
1825
1865
  }
1826
1866
  function runBuildPrompt(args) {
@@ -2297,11 +2337,17 @@ export function evaluateRecapGate(input) {
2297
2337
  reasons.push("no pull_request payload");
2298
2338
  if (pr && pr.draft)
2299
2339
  reasons.push("draft PR");
2300
- // Fork PRs: head repo differs from this repo. Plain pull_request runs fork
2301
- // code with NO secrets, so publishing would fail anyway skip.
2340
+ // Fork PRs only receive repo secrets when the org/repo opts into GitHub's
2341
+ // "Send secrets to workflows from pull requests" setting (common in private
2342
+ // orgs that use forks heavily). The real gate is therefore secret
2343
+ // availability, not fork-ness: run on forks that have the publish token, and
2344
+ // skip — with an actionable hint — those that don't. The recap never executes
2345
+ // PR-head code and adds a prompt-injection note for fork diffs, so a trusted
2346
+ // same-org fork is no riskier than a same-org branch PR.
2302
2347
  const headRepo = pr && pr.head && pr.head.repo && pr.head.repo.full_name;
2303
- if (pr && headRepo && headRepo !== input.repository) {
2304
- reasons.push(`fork PR (${headRepo})`);
2348
+ const isFork = Boolean(pr && headRepo && headRepo !== input.repository);
2349
+ if (isFork && !input.hasPlan) {
2350
+ reasons.push(`fork PR (${headRepo}) without secret access — enable "Send secrets to workflows from pull requests" (and write tokens) in the repo/org Actions settings to run recaps on forks`);
2305
2351
  }
2306
2352
  // Skip noisy automated authors.
2307
2353
  const login = ((pr && pr.user && pr.user.login) || "").toLowerCase();
@@ -2316,8 +2362,9 @@ export function evaluateRecapGate(input) {
2316
2362
  if (pr && pr.user && pr.user.type === "Bot")
2317
2363
  reasons.push("bot author (type=Bot)");
2318
2364
  // Publish secret must be configured — otherwise this is a no-op so the
2319
- // workflow can be merged before secrets exist.
2320
- if (!input.hasPlan)
2365
+ // workflow can be merged before secrets exist. Forks get the fork-specific
2366
+ // hint above instead of this generic one.
2367
+ if (!isFork && !input.hasPlan)
2321
2368
  reasons.push("PLAN_RECAP_TOKEN not configured");
2322
2369
  // The chosen backend's API key must be present. Normalize the agent value once
2323
2370
  // here and validate it: an unknown or mis-cased value (e.g. "Claude", "gpt")
@@ -2466,9 +2513,8 @@ async function runGate() {
2466
2513
  console.log(run
2467
2514
  ? `Visual recap will run (${decision.agent}).`
2468
2515
  : `Visual recap skipped: ${reasons.join("; ")}`);
2469
- // When gate skips, refresh an EXISTING sticky comment with a short skip line
2470
- // so it doesn't silently go stale. Do NOT create a new comment when none
2471
- // exists (no spam for repos where the recap has never run).
2516
+ // When gate skips, post or refresh a sticky comment with a short skip line so
2517
+ // users are not left guessing whether the recap job ran.
2472
2518
  if (!run) {
2473
2519
  const ghToken = process.env.GH_TOKEN || process.env.GITHUB_TOKEN || "";
2474
2520
  const prNumber = process.env.PR_NUMBER ||
@@ -2488,17 +2534,14 @@ async function runGate() {
2488
2534
  repo,
2489
2535
  issue: prNumber,
2490
2536
  });
2491
- if (existing) {
2492
- const updatedBody = appendGateSkipLine(existing.body ?? "", skipLine);
2493
- await upsertComment({
2494
- token: ghToken,
2495
- owner,
2496
- repo,
2497
- issue: prNumber,
2498
- body: updatedBody,
2499
- updateOnly: true,
2500
- });
2501
- }
2537
+ const updatedBody = appendGateSkipLine(existing?.body ?? buildGateSkipCommentBody(), skipLine);
2538
+ await upsertComment({
2539
+ token: ghToken,
2540
+ owner,
2541
+ repo,
2542
+ issue: prNumber,
2543
+ body: updatedBody,
2544
+ });
2502
2545
  }
2503
2546
  catch {
2504
2547
  // Best-effort — never fail the gate step over a comment update.
@@ -2517,6 +2560,13 @@ export function buildGateSkipLine(reason, headShort) {
2517
2560
  const shaRef = headShort ? `\`${headShort}\`` : "latest push";
2518
2561
  return `_Recap skipped for ${shaRef}: ${reason}._`;
2519
2562
  }
2563
+ export function buildGateSkipCommentBody() {
2564
+ return [
2565
+ "### Visual recap — skipped",
2566
+ "",
2567
+ "The visual recap job did not run for this pull request. This is informational only and does **not** block the PR.",
2568
+ ].join("\n");
2569
+ }
2520
2570
  /**
2521
2571
  * Append (or replace the last gate-skip line in) a sticky comment body.
2522
2572
  * Idempotent: calling it twice with different skip lines replaces the old one.
@@ -2652,7 +2702,7 @@ export function recapCheckOutcome(input) {
2652
2702
  text = "";
2653
2703
  }
2654
2704
  else if (input.suppressed) {
2655
- let reason = "potential secret in diff";
2705
+ let reason = "high-confidence secret in diff";
2656
2706
  try {
2657
2707
  const parsed = JSON.parse(input.suppressedJson || "{}");
2658
2708
  if (parsed && typeof parsed.reason === "string")
@@ -3015,7 +3065,7 @@ Usage:
3015
3065
  npx @agent-native/core@latest recap collect-diff --base <baseSha> --head <headSha> [--out recap.diff] [--stat recap.stat]
3016
3066
  npx @agent-native/core@latest recap mcp-config --agent claude|codex --app-url <url> [--out <path>]
3017
3067
  npx @agent-native/core@latest recap mcp-smoke [--app-url <url>] [--token <planToken>]
3018
- npx @agent-native/core@latest recap scan --diff <path>
3068
+ npx @agent-native/core@latest recap scan --diff <path> [--mode off|high-confidence|strict]
3019
3069
  npx @agent-native/core@latest recap build-prompt --pr <n> [--repo owner/name] [--head <sha>] [--app-url <url>] [--diff <path>] [--stat <path>] [--prev-plan-id <id>] [--huge] [--local-files] [--local-dir <folder>] [--skill-source auto|latest|repo] [--out <path>]
3020
3070
  npx @agent-native/core@latest recap shot --url <planUrl> [--token <planToken>] [--app-url <url>] [--out recap.png] [--theme light|dark]
3021
3071
  npx @agent-native/core@latest recap usage --plan-url <planUrl> --result-file <path> --app-url <url> --token <planToken> [--agent claude|codex] [--model <id>]
@@ -3048,6 +3098,11 @@ Usage:
3048
3098
  Read the captured Claude/Codex result file and write a sanitized one-line
3049
3099
  summary to stdout and $GITHUB_OUTPUT (summary). Used only when no plan URL
3050
3100
  was produced, so PR comments/checks explain the actual failure.
3101
+ npx @agent-native/core@latest recap scan
3102
+ Default mode is high-confidence. It suppresses only obvious credential
3103
+ shapes such as private key blocks and known provider token prefixes. Set
3104
+ VISUAL_RECAP_SECRET_SCAN=strict, or pass --mode strict, to restore generic
3105
+ TOKEN/SECRET assignment suppression; set off to disable this preflight.
3051
3106
  npx @agent-native/core@latest recap mcp-smoke
3052
3107
  Non-mutating Plan MCP JSON-RPC smoke test. Calls initialize + tools/list
3053
3108
  against PLAN_RECAP_APP_URL / PLAN_RECAP_TOKEN and requires get-plan-blocks,