npm - @cat-factory/kernel - Versions diffs - 0.6.0 - Mend

@cat-factory/kernel 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (318) hide show

package/LICENSE +21 -0
package/dist/domain/catalog.d.ts +36 -0
package/dist/domain/catalog.d.ts.map +1 -0
package/dist/domain/catalog.js +55 -0
package/dist/domain/catalog.js.map +1 -0
package/dist/domain/errors.d.ts +57 -0
package/dist/domain/errors.d.ts.map +1 -0
package/dist/domain/errors.js +60 -0
package/dist/domain/errors.js.map +1 -0
package/dist/domain/models.d.ts +204 -0
package/dist/domain/models.d.ts.map +1 -0
package/dist/domain/models.js +522 -0
package/dist/domain/models.js.map +1 -0
package/dist/domain/pipeline-registry.d.ts +19 -0
package/dist/domain/pipeline-registry.d.ts.map +1 -0
package/dist/domain/pipeline-registry.js +48 -0
package/dist/domain/pipeline-registry.js.map +1 -0
package/dist/domain/seed.d.ts +14 -0
package/dist/domain/seed.d.ts.map +1 -0
package/dist/domain/seed.js +369 -0
package/dist/domain/seed.js.map +1 -0
package/dist/domain/service-registration.d.ts +31 -0
package/dist/domain/service-registration.d.ts.map +1 -0
package/dist/domain/service-registration.js +37 -0
package/dist/domain/service-registration.js.map +1 -0
package/dist/domain/subtasks.logic.d.ts +6 -0
package/dist/domain/subtasks.logic.d.ts.map +1 -0
package/dist/domain/subtasks.logic.js +20 -0
package/dist/domain/subtasks.logic.js.map +1 -0
package/dist/domain/types.d.ts +2 -0
package/dist/domain/types.d.ts.map +1 -0
package/dist/domain/types.js +2 -0
package/dist/domain/types.js.map +1 -0
package/dist/index.d.ts +16 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +21 -0
package/dist/index.js.map +1 -0
package/dist/ports/account-repositories.d.ts +46 -0
package/dist/ports/account-repositories.d.ts.map +1 -0
package/dist/ports/account-repositories.js +2 -0
package/dist/ports/account-repositories.js.map +1 -0
package/dist/ports/agent-executor.d.ts +361 -0
package/dist/ports/agent-executor.d.ts.map +1 -0
package/dist/ports/agent-executor.js +8 -0
package/dist/ports/agent-executor.js.map +1 -0
package/dist/ports/agent-runs.d.ts +28 -0
package/dist/ports/agent-runs.d.ts.map +1 -0
package/dist/ports/agent-runs.js +2 -0
package/dist/ports/agent-runs.js.map +1 -0
package/dist/ports/board-operations.d.ts +15 -0
package/dist/ports/board-operations.d.ts.map +1 -0
package/dist/ports/board-operations.js +2 -0
package/dist/ports/board-operations.js.map +1 -0
package/dist/ports/board-scan-repositories.d.ts +23 -0
package/dist/ports/board-scan-repositories.d.ts.map +1 -0
package/dist/ports/board-scan-repositories.js +2 -0
package/dist/ports/board-scan-repositories.js.map +1 -0
package/dist/ports/bootstrap-repositories.d.ts +71 -0
package/dist/ports/bootstrap-repositories.d.ts.map +1 -0
package/dist/ports/bootstrap-repositories.js +2 -0
package/dist/ports/bootstrap-repositories.js.map +1 -0
package/dist/ports/bootstrap-runner.d.ts +20 -0
package/dist/ports/bootstrap-runner.d.ts.map +1 -0
package/dist/ports/bootstrap-runner.js +12 -0
package/dist/ports/bootstrap-runner.js.map +1 -0
package/dist/ports/ci-status.d.ts +23 -0
package/dist/ports/ci-status.d.ts.map +1 -0
package/dist/ports/ci-status.js +8 -0
package/dist/ports/ci-status.js.map +1 -0
package/dist/ports/clarity-review-repositories.d.ts +12 -0
package/dist/ports/clarity-review-repositories.d.ts.map +1 -0
package/dist/ports/clarity-review-repositories.js +2 -0
package/dist/ports/clarity-review-repositories.js.map +1 -0
package/dist/ports/consensus-repositories.d.ts +12 -0
package/dist/ports/consensus-repositories.d.ts.map +1 -0
package/dist/ports/consensus-repositories.js +2 -0
package/dist/ports/consensus-repositories.js.map +1 -0
package/dist/ports/document-repositories.d.ts +55 -0
package/dist/ports/document-repositories.d.ts.map +1 -0
package/dist/ports/document-repositories.js +2 -0
package/dist/ports/document-repositories.js.map +1 -0
package/dist/ports/document-source.d.ts +55 -0
package/dist/ports/document-source.d.ts.map +1 -0
package/dist/ports/document-source.js +2 -0
package/dist/ports/document-source.js.map +1 -0
package/dist/ports/email-sender.d.ts +42 -0
package/dist/ports/email-sender.d.ts.map +1 -0
package/dist/ports/email-sender.js +7 -0
package/dist/ports/email-sender.js.map +1 -0
package/dist/ports/environment-provider.d.ts +67 -0
package/dist/ports/environment-provider.d.ts.map +1 -0
package/dist/ports/environment-provider.js +2 -0
package/dist/ports/environment-provider.js.map +1 -0
package/dist/ports/environment-repositories.d.ts +64 -0
package/dist/ports/environment-repositories.d.ts.map +1 -0
package/dist/ports/environment-repositories.js +2 -0
package/dist/ports/environment-repositories.js.map +1 -0
package/dist/ports/execution-events.d.ts +72 -0
package/dist/ports/execution-events.d.ts.map +1 -0
package/dist/ports/execution-events.js +16 -0
package/dist/ports/execution-events.js.map +1 -0
package/dist/ports/fragment-repositories.d.ts +65 -0
package/dist/ports/fragment-repositories.d.ts.map +1 -0
package/dist/ports/fragment-repositories.js +2 -0
package/dist/ports/fragment-repositories.js.map +1 -0
package/dist/ports/fragment-selector.d.ts +64 -0
package/dist/ports/fragment-selector.d.ts.map +1 -0
package/dist/ports/fragment-selector.js +2 -0
package/dist/ports/fragment-selector.js.map +1 -0
package/dist/ports/github-client.d.ts +226 -0
package/dist/ports/github-client.d.ts.map +1 -0
package/dist/ports/github-client.js +2 -0
package/dist/ports/github-client.js.map +1 -0
package/dist/ports/github-provisioning.d.ts +47 -0
package/dist/ports/github-provisioning.d.ts.map +1 -0
package/dist/ports/github-provisioning.js +12 -0
package/dist/ports/github-provisioning.js.map +1 -0
package/dist/ports/github-repositories.d.ts +136 -0
package/dist/ports/github-repositories.d.ts.map +1 -0
package/dist/ports/github-repositories.js +2 -0
package/dist/ports/github-repositories.js.map +1 -0
package/dist/ports/incident-enrichment.d.ts +40 -0
package/dist/ports/incident-enrichment.d.ts.map +1 -0
package/dist/ports/incident-enrichment.js +30 -0
package/dist/ports/incident-enrichment.js.map +1 -0
package/dist/ports/index.d.ts +68 -0
package/dist/ports/index.d.ts.map +1 -0
package/dist/ports/index.js +11 -0
package/dist/ports/index.js.map +1 -0
package/dist/ports/invitation-repositories.d.ts +28 -0
package/dist/ports/invitation-repositories.d.ts.map +1 -0
package/dist/ports/invitation-repositories.js +2 -0
package/dist/ports/invitation-repositories.js.map +1 -0
package/dist/ports/llm-metrics.d.ts +142 -0
package/dist/ports/llm-metrics.d.ts.map +1 -0
package/dist/ports/llm-metrics.js +16 -0
package/dist/ports/llm-metrics.js.map +1 -0
package/dist/ports/llm-trace-sink.d.ts +84 -0
package/dist/ports/llm-trace-sink.d.ts.map +1 -0
package/dist/ports/llm-trace-sink.js +55 -0
package/dist/ports/llm-trace-sink.js.map +1 -0
package/dist/ports/local-model-repositories.d.ts +29 -0
package/dist/ports/local-model-repositories.d.ts.map +1 -0
package/dist/ports/local-model-repositories.js +2 -0
package/dist/ports/local-model-repositories.js.map +1 -0
package/dist/ports/merge-preset-repositories.d.ts +14 -0
package/dist/ports/merge-preset-repositories.d.ts.map +1 -0
package/dist/ports/merge-preset-repositories.js +2 -0
package/dist/ports/merge-preset-repositories.js.map +1 -0
package/dist/ports/model-default-repositories.d.ts +9 -0
package/dist/ports/model-default-repositories.d.ts.map +1 -0
package/dist/ports/model-default-repositories.js +6 -0
package/dist/ports/model-default-repositories.js.map +1 -0
package/dist/ports/model-provider.d.ts +69 -0
package/dist/ports/model-provider.d.ts.map +1 -0
package/dist/ports/model-provider.js +16 -0
package/dist/ports/model-provider.js.map +1 -0
package/dist/ports/notification-channel.d.ts +16 -0
package/dist/ports/notification-channel.d.ts.map +1 -0
package/dist/ports/notification-channel.js +22 -0
package/dist/ports/notification-channel.js.map +1 -0
package/dist/ports/notification-repositories.d.ts +15 -0
package/dist/ports/notification-repositories.d.ts.map +1 -0
package/dist/ports/notification-repositories.js +2 -0
package/dist/ports/notification-repositories.js.map +1 -0
package/dist/ports/password-hasher.d.ts +14 -0
package/dist/ports/password-hasher.d.ts.map +1 -0
package/dist/ports/password-hasher.js +9 -0
package/dist/ports/password-hasher.js.map +1 -0
package/dist/ports/personal-secret-cipher.d.ts +7 -0
package/dist/ports/personal-secret-cipher.d.ts.map +1 -0
package/dist/ports/personal-secret-cipher.js +12 -0
package/dist/ports/personal-secret-cipher.js.map +1 -0
package/dist/ports/personal-subscription-repositories.d.ts +72 -0
package/dist/ports/personal-subscription-repositories.d.ts.map +1 -0
package/dist/ports/personal-subscription-repositories.js +2 -0
package/dist/ports/personal-subscription-repositories.js.map +1 -0
package/dist/ports/pr-mergeability.d.ts +24 -0
package/dist/ports/pr-mergeability.d.ts.map +1 -0
package/dist/ports/pr-mergeability.js +7 -0
package/dist/ports/pr-mergeability.js.map +1 -0
package/dist/ports/pr-merger.d.ts +10 -0
package/dist/ports/pr-merger.d.ts.map +1 -0
package/dist/ports/pr-merger.js +8 -0
package/dist/ports/pr-merger.js.map +1 -0
package/dist/ports/provider-api-key-repositories.d.ts +71 -0
package/dist/ports/provider-api-key-repositories.d.ts.map +1 -0
package/dist/ports/provider-api-key-repositories.js +15 -0
package/dist/ports/provider-api-key-repositories.js.map +1 -0
package/dist/ports/provider-subscription-repositories.d.ts +51 -0
package/dist/ports/provider-subscription-repositories.d.ts.map +1 -0
package/dist/ports/provider-subscription-repositories.js +15 -0
package/dist/ports/provider-subscription-repositories.js.map +1 -0
package/dist/ports/recurring-repositories.d.ts +46 -0
package/dist/ports/recurring-repositories.d.ts.map +1 -0
package/dist/ports/recurring-repositories.js +2 -0
package/dist/ports/recurring-repositories.js.map +1 -0
package/dist/ports/release-health-repositories.d.ts +42 -0
package/dist/ports/release-health-repositories.d.ts.map +1 -0
package/dist/ports/release-health-repositories.js +6 -0
package/dist/ports/release-health-repositories.js.map +1 -0
package/dist/ports/release-health.d.ts +59 -0
package/dist/ports/release-health.d.ts.map +1 -0
package/dist/ports/release-health.js +8 -0
package/dist/ports/release-health.js.map +1 -0
package/dist/ports/repo-bootstrapper.d.ts +80 -0
package/dist/ports/repo-bootstrapper.d.ts.map +1 -0
package/dist/ports/repo-bootstrapper.js +2 -0
package/dist/ports/repo-bootstrapper.js.map +1 -0
package/dist/ports/repo-scanner.d.ts +22 -0
package/dist/ports/repo-scanner.d.ts.map +1 -0
package/dist/ports/repo-scanner.js +2 -0
package/dist/ports/repo-scanner.js.map +1 -0
package/dist/ports/repositories.d.ts +131 -0
package/dist/ports/repositories.d.ts.map +1 -0
package/dist/ports/repositories.js +2 -0
package/dist/ports/repositories.js.map +1 -0
package/dist/ports/requirement-review-repositories.d.ts +16 -0
package/dist/ports/requirement-review-repositories.d.ts.map +1 -0
package/dist/ports/requirement-review-repositories.js +2 -0
package/dist/ports/requirement-review-repositories.js.map +1 -0
package/dist/ports/runner-pool-provider.d.ts +25 -0
package/dist/ports/runner-pool-provider.d.ts.map +1 -0
package/dist/ports/runner-pool-provider.js +2 -0
package/dist/ports/runner-pool-provider.js.map +1 -0
package/dist/ports/runner-pool-repositories.d.ts +27 -0
package/dist/ports/runner-pool-repositories.d.ts.map +1 -0
package/dist/ports/runner-pool-repositories.js +7 -0
package/dist/ports/runner-pool-repositories.js.map +1 -0
package/dist/ports/runner-transport.d.ts +119 -0
package/dist/ports/runner-transport.d.ts.map +1 -0
package/dist/ports/runner-transport.js +2 -0
package/dist/ports/runner-transport.js.map +1 -0
package/dist/ports/runtime.d.ts +9 -0
package/dist/ports/runtime.d.ts.map +1 -0
package/dist/ports/runtime.js +5 -0
package/dist/ports/runtime.js.map +1 -0
package/dist/ports/sandbox-repositories.d.ts +39 -0
package/dist/ports/sandbox-repositories.d.ts.map +1 -0
package/dist/ports/sandbox-repositories.js +2 -0
package/dist/ports/sandbox-repositories.js.map +1 -0
package/dist/ports/secret-cipher.d.ts +7 -0
package/dist/ports/secret-cipher.d.ts.map +1 -0
package/dist/ports/secret-cipher.js +7 -0
package/dist/ports/secret-cipher.js.map +1 -0
package/dist/ports/service-fragment-default-repositories.d.ts +7 -0
package/dist/ports/service-fragment-default-repositories.d.ts.map +1 -0
package/dist/ports/service-fragment-default-repositories.js +6 -0
package/dist/ports/service-fragment-default-repositories.js.map +1 -0
package/dist/ports/service-repositories.d.ts +68 -0
package/dist/ports/service-repositories.d.ts.map +1 -0
package/dist/ports/service-repositories.js +2 -0
package/dist/ports/service-repositories.js.map +1 -0
package/dist/ports/slack-repositories.d.ts +61 -0
package/dist/ports/slack-repositories.d.ts.map +1 -0
package/dist/ports/slack-repositories.js +2 -0
package/dist/ports/slack-repositories.js.map +1 -0
package/dist/ports/task-repositories.d.ts +61 -0
package/dist/ports/task-repositories.d.ts.map +1 -0
package/dist/ports/task-repositories.js +2 -0
package/dist/ports/task-repositories.js.map +1 -0
package/dist/ports/task-source.d.ts +69 -0
package/dist/ports/task-source.d.ts.map +1 -0
package/dist/ports/task-source.js +2 -0
package/dist/ports/task-source.js.map +1 -0
package/dist/ports/ticket-tracker.d.ts +19 -0
package/dist/ports/ticket-tracker.d.ts.map +1 -0
package/dist/ports/ticket-tracker.js +8 -0
package/dist/ports/ticket-tracker.js.map +1 -0
package/dist/ports/token-usage.d.ts +37 -0
package/dist/ports/token-usage.d.ts.map +1 -0
package/dist/ports/token-usage.js +6 -0
package/dist/ports/token-usage.js.map +1 -0
package/dist/ports/tracker-settings-repositories.d.ts +6 -0
package/dist/ports/tracker-settings-repositories.d.ts.map +1 -0
package/dist/ports/tracker-settings-repositories.js +2 -0
package/dist/ports/tracker-settings-repositories.js.map +1 -0
package/dist/ports/url-safety-policy.d.ts +15 -0
package/dist/ports/url-safety-policy.d.ts.map +1 -0
package/dist/ports/url-safety-policy.js +13 -0
package/dist/ports/url-safety-policy.js.map +1 -0
package/dist/ports/user-repositories.d.ts +52 -0
package/dist/ports/user-repositories.d.ts.map +1 -0
package/dist/ports/user-repositories.js +13 -0
package/dist/ports/user-repositories.js.map +1 -0
package/dist/ports/webhook-verifier.d.ts +9 -0
package/dist/ports/webhook-verifier.d.ts.map +1 -0
package/dist/ports/webhook-verifier.js +8 -0
package/dist/ports/webhook-verifier.js.map +1 -0
package/dist/ports/work-runner.d.ts +19 -0
package/dist/ports/work-runner.d.ts.map +1 -0
package/dist/ports/work-runner.js +19 -0
package/dist/ports/work-runner.js.map +1 -0
package/dist/ports/workspace-settings-repositories.d.ts +8 -0
package/dist/ports/workspace-settings-repositories.d.ts.map +1 -0
package/dist/ports/workspace-settings-repositories.js +2 -0
package/dist/ports/workspace-settings-repositories.js.map +1 -0
package/dist/shared/atlassian.logic.d.ts +11 -0
package/dist/shared/atlassian.logic.d.ts.map +1 -0
package/dist/shared/atlassian.logic.js +148 -0
package/dist/shared/atlassian.logic.js.map +1 -0
package/dist/shared/markdown.logic.d.ts +5 -0
package/dist/shared/markdown.logic.d.ts.map +1 -0
package/dist/shared/markdown.logic.js +21 -0
package/dist/shared/markdown.logic.js.map +1 -0
package/dist/shared/source-registry.logic.d.ts +10 -0
package/dist/shared/source-registry.logic.d.ts.map +1 -0
package/dist/shared/source-registry.logic.js +17 -0
package/dist/shared/source-registry.logic.js.map +1 -0
package/dist/shared/tasks-prompt.logic.d.ts +16 -0
package/dist/shared/tasks-prompt.logic.d.ts.map +1 -0
package/dist/shared/tasks-prompt.logic.js +29 -0
package/dist/shared/tasks-prompt.logic.js.map +1 -0
package/dist/workspace-guard.d.ts +4 -0
package/dist/workspace-guard.d.ts.map +1 -0
package/dist/workspace-guard.js +5 -0
package/dist/workspace-guard.js.map +1 -0
package/package.json +32 -0

package/dist/ports/token-usage.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/** One metered LLM call. `costEstimate` is in the deployment's spend currency. */
+export interface TokenUsageRecord {
+    id: string;
+    workspaceId: string;
+    executionId: string | null;
+    agentKind: string;
+    provider: string;
+    model: string;
+    inputTokens: number;
+    outputTokens: number;
+    /** Estimated cost of this call, priced at record time so history is stable. */
+    costEstimate: number;
+    /** When the call was metered (epoch ms). */
+    createdAt: number;
+}
+/** Aggregated usage over a time window, used to evaluate the budget. */
+export interface TokenUsageTotals {
+    inputTokens: number;
+    outputTokens: number;
+    costEstimate: number;
+}
+export interface TokenUsageRepository {
+    /** Append a metered call. */
+    record(usage: TokenUsageRecord): Promise<void>;
+    /**
+     * Sum usage across all workspaces since `epochMs` (inclusive). The budget is
+     * org-wide, so this deliberately spans every workspace.
+     */
+    totalsSince(epochMs: number): Promise<TokenUsageTotals>;
+    /**
+     * Retention: delete rows older than `epochMs` (exclusive), returning how many
+     * were removed. The budget query only reads the current period, so pruning old
+     * history caps this append-only ledger without affecting spend gating.
+     */
+    deleteOlderThan(epochMs: number): Promise<number>;
+}
+//# sourceMappingURL=token-usage.d.ts.map

package/dist/ports/token-usage.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"token-usage.d.ts","sourceRoot":"","sources":["../../src/ports/token-usage.ts"],"names":[],"mappings":"AAKA,kFAAkF;AAClF,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAA;IACV,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,+EAA+E;IAC/E,YAAY,EAAE,MAAM,CAAA;IACpB,4CAA4C;IAC5C,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,wEAAwE;AACxE,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,YAAY,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,oBAAoB;IACnC,6BAA6B;IAC7B,MAAM,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAC9C;;;OAGG;IACH,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAA;IACvD;;;;OAIG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;CAClD"}

package/dist/ports/token-usage.js ADDED Viewed

@@ -0,0 +1,6 @@
+// Persistence port for the spend safeguard. Every LLM call's token usage is
+// recorded here; the SpendService aggregates it over the current billing period
+// to decide whether the configured budget has been exhausted. The domain
+// depends only on this interface — the worker implements it against D1.
+export {};
+//# sourceMappingURL=token-usage.js.map

package/dist/ports/token-usage.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"token-usage.js","sourceRoot":"","sources":["../../src/ports/token-usage.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,gFAAgF;AAChF,yEAAyE;AACzE,wEAAwE"}

package/dist/ports/tracker-settings-repositories.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import type { TrackerSettings } from '../domain/types.js';
+export interface TrackerSettingsRepository {
+    get(workspaceId: string): Promise<TrackerSettings | null>;
+    put(workspaceId: string, settings: TrackerSettings): Promise<void>;
+}
+//# sourceMappingURL=tracker-settings-repositories.d.ts.map

package/dist/ports/tracker-settings-repositories.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"tracker-settings-repositories.d.ts","sourceRoot":"","sources":["../../src/ports/tracker-settings-repositories.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAMzD,MAAM,WAAW,yBAAyB;IACxC,GAAG,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAA;IACzD,GAAG,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CACnE"}

package/dist/ports/tracker-settings-repositories.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=tracker-settings-repositories.js.map

package/dist/ports/tracker-settings-repositories.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"tracker-settings-repositories.js","sourceRoot":"","sources":["../../src/ports/tracker-settings-repositories.ts"],"names":[],"mappings":""}

package/dist/ports/url-safety-policy.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+export interface UrlSafetyPolicy {
+    /** Permitted URL schemes, lowercased, without the trailing colon (e.g. ['https']). */
+    schemes: readonly string[];
+    /**
+     * Hostnames exempt from the private/internal-host block. Each entry matches the URL
+     * hostname case-insensitively: an exact match (`kargo.corp`, `10.1.2.3`), or a dot
+     * suffix when it starts with `.` (`.internal` matches `a.b.internal`). An exempt host
+     * bypasses the loopback / link-local / RFC1918 / `.internal` / `.local` checks. Empty
+     * => no exemptions (the strict default).
+     */
+    allowHosts: readonly string[];
+}
+/** The default policy: https only, no private/internal hosts, no exemptions. */
+export declare const STRICT_URL_SAFETY_POLICY: UrlSafetyPolicy;
+//# sourceMappingURL=url-safety-policy.d.ts.map

package/dist/ports/url-safety-policy.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"url-safety-policy.d.ts","sourceRoot":"","sources":["../../src/ports/url-safety-policy.ts"],"names":[],"mappings":"AAQA,MAAM,WAAW,eAAe;IAC9B,sFAAsF;IACtF,OAAO,EAAE,SAAS,MAAM,EAAE,CAAA;IAC1B;;;;;;OAMG;IACH,UAAU,EAAE,SAAS,MAAM,EAAE,CAAA;CAC9B;AAED,gFAAgF;AAChF,eAAO,MAAM,wBAAwB,EAAE,eAGtC,CAAA"}

package/dist/ports/url-safety-policy.js ADDED Viewed

@@ -0,0 +1,13 @@
+// Policy controlling which URLs an integration may fetch or expose. The default
+// (STRICT_URL_SAFETY_POLICY) forbids non-https and every private/internal host,
+// which is correct for an untrusted, manifest-described management API supplied by
+// an arbitrary workspace. An operator running a TRUSTED in-house adapter (e.g. an
+// internal ephemeral-environment platform reachable only on a private/VPN host) can
+// widen it via the facade config to permit specific schemes/hosts. Shared by the
+// environment-provisioning and runner-pool integrations.
+/** The default policy: https only, no private/internal hosts, no exemptions. */
+export const STRICT_URL_SAFETY_POLICY = {
+    schemes: ['https'],
+    allowHosts: [],
+};
+//# sourceMappingURL=url-safety-policy.js.map

package/dist/ports/url-safety-policy.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"url-safety-policy.js","sourceRoot":"","sources":["../../src/ports/url-safety-policy.ts"],"names":[],"mappings":"AAAA,gFAAgF;AAChF,gFAAgF;AAChF,mFAAmF;AACnF,kFAAkF;AAClF,oFAAoF;AACpF,iFAAiF;AACjF,yDAAyD;AAezD,gFAAgF;AAChF,MAAM,CAAC,MAAM,wBAAwB,GAAoB;IACvD,OAAO,EAAE,CAAC,OAAO,CAAC;IAClB,UAAU,EAAE,EAAE;CACf,CAAA"}

package/dist/ports/user-repositories.d.ts ADDED Viewed

@@ -0,0 +1,52 @@
+/** The login providers an identity can come from. */
+export type IdentityProvider = 'github' | 'password' | 'google';
+/** The canonical user record. */
+export interface UserRecord {
+    /** Generated `usr_*` id — the stable identity everything else references. */
+    id: string;
+    name: string | null;
+    /** Primary email (unique when present). Null for a GitHub-only user with no public email. */
+    email: string | null;
+    avatarUrl: string | null;
+    createdAt: number;
+}
+/**
+ * A linked login identity for a user. The pair `(provider, subject)` is unique —
+ * one external identity maps to exactly one user.
+ */
+export interface UserIdentityRecord {
+    userId: string;
+    provider: IdentityProvider;
+    /**
+     * The provider's stable subject: the GitHub numeric id (as a string), the Google
+     * `sub`, or the lowercased email for a `password` identity.
+     */
+    subject: string;
+    /** PHC-format password hash for `provider: 'password'`; null otherwise. */
+    secret: string | null;
+    /** Provider-specific JSON metadata (github `{login, avatarUrl}`, google `{email}`). */
+    metadata: string | null;
+    createdAt: number;
+}
+export interface UserRepository {
+    get(id: string): Promise<UserRecord | null>;
+    create(user: UserRecord): Promise<void>;
+    update(id: string, patch: Partial<Pick<UserRecord, 'name' | 'email' | 'avatarUrl'>>): Promise<void>;
+    /** The user behind a linked identity, or null. */
+    findByIdentity(provider: IdentityProvider, subject: string): Promise<UserRecord | null>;
+    /**
+     * The user owning a primary email (case-insensitive), or null. Lets a verified
+     * second login provider (or password signup) attach to / be rejected against the
+     * existing person instead of colliding on the unique email index.
+     */
+    findByEmail(email: string): Promise<UserRecord | null>;
+    /** Bulk-load users by id (the member-roster enrichment; order not guaranteed). */
+    listByIds(ids: string[]): Promise<UserRecord[]>;
+    /** The raw identity row (carries the password `secret`), or null. */
+    getIdentity(provider: IdentityProvider, subject: string): Promise<UserIdentityRecord | null>;
+    /** Link an external identity to a user (idempotent on `(provider, subject)`). */
+    linkIdentity(identity: UserIdentityRecord): Promise<void>;
+    /** Every identity linked to a user. */
+    listIdentities(userId: string): Promise<UserIdentityRecord[]>;
+}
+//# sourceMappingURL=user-repositories.d.ts.map

package/dist/ports/user-repositories.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user-repositories.d.ts","sourceRoot":"","sources":["../../src/ports/user-repositories.ts"],"names":[],"mappings":"AAYA,qDAAqD;AACrD,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,UAAU,GAAG,QAAQ,CAAA;AAE/D,iCAAiC;AACjC,MAAM,WAAW,UAAU;IACzB,6EAA6E;IAC7E,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;IACnB,6FAA6F;IAC7F,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,gBAAgB,CAAA;IAC1B;;;OAGG;IACH,OAAO,EAAE,MAAM,CAAA;IACf,2EAA2E;IAC3E,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,uFAAuF;IACvF,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAA;IAC3C,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACvC,MAAM,CACJ,EAAE,EAAE,MAAM,EACV,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,GAAG,WAAW,CAAC,CAAC,GAC/D,OAAO,CAAC,IAAI,CAAC,CAAA;IAChB,kDAAkD;IAClD,cAAc,CAAC,QAAQ,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAA;IACvF;;;;OAIG;IACH,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAA;IACtD,kFAAkF;IAClF,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAA;IAC/C,qEAAqE;IACrE,WAAW,CAAC,QAAQ,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAAA;IAC5F,iFAAiF;IACjF,YAAY,CAAC,QAAQ,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACzD,uCAAuC;IACvC,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAA;CAC9D"}

package/dist/ports/user-repositories.js ADDED Viewed

@@ -0,0 +1,13 @@
+// ---------------------------------------------------------------------------
+// Persistence ports for the user-identity layer. A `users` row is the canonical,
+// runtime-neutral identity (generated `usr_*` id) that everything else keys off
+// (memberships, block authorship, personal subscriptions). It is decoupled from
+// GitHub: a user may sign in with GitHub, email/password, and/or Google, and each
+// of those is a row in `user_identities` linked back to the same user.
+//
+// This is what lets a person without a GitHub account exist in the system — repo
+// access is via the GitHub *App* installation token (system-level), never the
+// user's own GitHub OAuth token, so a non-GitHub user can still read/write repos.
+// ---------------------------------------------------------------------------
+export {};
+//# sourceMappingURL=user-repositories.js.map

package/dist/ports/user-repositories.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"user-repositories.js","sourceRoot":"","sources":["../../src/ports/user-repositories.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,iFAAiF;AACjF,gFAAgF;AAChF,gFAAgF;AAChF,kFAAkF;AAClF,uEAAuE;AACvE,EAAE;AACF,iFAAiF;AACjF,8EAA8E;AAC9E,kFAAkF;AAClF,8EAA8E"}

package/dist/ports/webhook-verifier.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+export interface WebhookVerifier {
+    /**
+     * Verify `signatureHeader` (the raw `X-Hub-Signature-256` value, e.g.
+     * `sha256=...`) against the raw request body. Returns false for a missing or
+     * mismatched signature rather than throwing.
+     */
+    verify(rawBody: ArrayBuffer, signatureHeader: string | null): Promise<boolean>;
+}
+//# sourceMappingURL=webhook-verifier.d.ts.map

package/dist/ports/webhook-verifier.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"webhook-verifier.d.ts","sourceRoot":"","sources":["../../src/ports/webhook-verifier.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,eAAe;IAC9B;;;;OAIG;IACH,MAAM,CAAC,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;CAC/E"}

package/dist/ports/webhook-verifier.js ADDED Viewed

@@ -0,0 +1,8 @@
+// Port for verifying inbound GitHub webhook signatures. GitHub signs each
+// delivery with HMAC-SHA-256 over the raw request body using the App's webhook
+// secret, sending the digest in the `X-Hub-Signature-256` header. The worker
+// implements this with Web Crypto (`crypto.subtle`); modelling it as a port keeps
+// the WebhookService free of any crypto/runtime concern and lets tests toggle
+// pass/fail with a fake.
+export {};
+//# sourceMappingURL=webhook-verifier.js.map

package/dist/ports/webhook-verifier.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"webhook-verifier.js","sourceRoot":"","sources":["../../src/ports/webhook-verifier.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,+EAA+E;AAC/E,6EAA6E;AAC7E,kFAAkF;AAClF,8EAA8E;AAC9E,yBAAyB"}

package/dist/ports/work-runner.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+export interface WorkRunner {
+    /** Begin durable execution of a run. Idempotent on `executionId`. */
+    startRun(workspaceId: string, executionId: string): Promise<void>;
+    /** Signal a resolved decision to a parked run so it can continue. */
+    signalDecision(workspaceId: string, executionId: string, decisionId: string, choice: string): Promise<void>;
+    /** Best-effort cancel of the durable run. */
+    cancelRun(workspaceId: string, executionId: string): Promise<void>;
+}
+/**
+ * The default runner: it does nothing. With it wired, starting a run hands off to
+ * nobody — the integration tests rely on this and advance runs directly via
+ * `advanceInstance`.
+ */
+export declare class NoopWorkRunner implements WorkRunner {
+    startRun(): Promise<void>;
+    signalDecision(): Promise<void>;
+    cancelRun(): Promise<void>;
+}
+//# sourceMappingURL=work-runner.d.ts.map

package/dist/ports/work-runner.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"work-runner.d.ts","sourceRoot":"","sources":["../../src/ports/work-runner.ts"],"names":[],"mappings":"AASA,MAAM,WAAW,UAAU;IACzB,qEAAqE;IACrE,QAAQ,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IACjE,qEAAqE;IACrE,cAAc,CACZ,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAAA;IAChB,6CAA6C;IAC7C,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CACnE;AAED;;;;GAIG;AACH,qBAAa,cAAe,YAAW,UAAU;IACzC,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,CAAG;IAC5B,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAAG;IAClC,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,CAAG;CACpC"}

package/dist/ports/work-runner.js ADDED Viewed

@@ -0,0 +1,19 @@
+// Port for driving a run *durably* outside the request that started it. The
+// execution engine calls this to hand a run off to a background worker (in the
+// Cloudflare facade, a Workflows instance) so progress proceeds server-side
+// without a browser open. Modelling it as a port keeps the engine free of any
+// Cloudflare/Workflows concern. Concrete implementations:
+//   - NoopWorkRunner       — the default; does nothing (tests advance runs directly)
+//   - WorkflowsWorkRunner  — creates/signals a Cloudflare Workflows instance
+// All methods must be idempotent on `executionId` so a retry or replay is safe.
+/**
+ * The default runner: it does nothing. With it wired, starting a run hands off to
+ * nobody — the integration tests rely on this and advance runs directly via
+ * `advanceInstance`.
+ */
+export class NoopWorkRunner {
+    async startRun() { }
+    async signalDecision() { }
+    async cancelRun() { }
+}
+//# sourceMappingURL=work-runner.js.map

package/dist/ports/work-runner.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"work-runner.js","sourceRoot":"","sources":["../../src/ports/work-runner.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,+EAA+E;AAC/E,4EAA4E;AAC5E,8EAA8E;AAC9E,0DAA0D;AAC1D,qFAAqF;AACrF,6EAA6E;AAC7E,gFAAgF;AAgBhF;;;;GAIG;AACH,MAAM,OAAO,cAAc;IACzB,KAAK,CAAC,QAAQ,KAAmB,CAAC;IAClC,KAAK,CAAC,cAAc,KAAmB,CAAC;IACxC,KAAK,CAAC,SAAS,KAAmB,CAAC;CACpC"}

package/dist/ports/workspace-settings-repositories.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { WorkspaceSettings } from '../domain/types.js';
+export interface WorkspaceSettingsRepository {
+    /** A workspace's settings, or null if none have been persisted yet (caller seeds the default). */
+    get(workspaceId: string): Promise<WorkspaceSettings | null>;
+    /** Create or replace a workspace's settings. */
+    upsert(workspaceId: string, settings: WorkspaceSettings): Promise<void>;
+}
+//# sourceMappingURL=workspace-settings-repositories.d.ts.map

package/dist/ports/workspace-settings-repositories.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"workspace-settings-repositories.d.ts","sourceRoot":"","sources":["../../src/ports/workspace-settings-repositories.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AAO3D,MAAM,WAAW,2BAA2B;IAC1C,kGAAkG;IAClG,GAAG,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAA;IAC3D,gDAAgD;IAChD,MAAM,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;CACxE"}

package/dist/ports/workspace-settings-repositories.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=workspace-settings-repositories.js.map

package/dist/ports/workspace-settings-repositories.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"workspace-settings-repositories.js","sourceRoot":"","sources":["../../src/ports/workspace-settings-repositories.ts"],"names":[],"mappings":""}

package/dist/shared/atlassian.logic.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/** Drop a trailing slash and a trailing `/wiki` so we can build paths uniformly. */
+export declare function normalizeAtlassianBaseUrl(baseUrl: string): string;
+/**
+ * Validate a (normalized) Atlassian base URL before it is stored and later
+ * fetched. Requires `https`, forbids embedded credentials, and rejects
+ * internal/private hosts. Throws {@link ValidationError} on anything unsafe.
+ *
+ * Parsed by hand (no `URL` global) so this stays in the platform-agnostic core.
+ */
+export declare function assertSafeAtlassianBaseUrl(baseUrl: string): void;
+//# sourceMappingURL=atlassian.logic.d.ts.map

package/dist/shared/atlassian.logic.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"atlassian.logic.d.ts","sourceRoot":"","sources":["../../src/shared/atlassian.logic.ts"],"names":[],"mappings":"AAQA,oFAAoF;AACpF,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAKjE;AA2FD;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAyBhE"}

package/dist/shared/atlassian.logic.js ADDED Viewed

@@ -0,0 +1,148 @@
+import { ValidationError } from '../domain/errors.js';
+// Shared, source-agnostic handling of an Atlassian Cloud site base URL, used by
+// every provider that fetches `${baseUrl}/...` with a workspace's Basic-auth
+// credentials (Confluence pages, Jira issues, …). Normalizing and SSRF-guarding
+// the stored base URL lives here so each provider's pure logic delegates to one
+// vetted implementation rather than copying it.
+/** Drop a trailing slash and a trailing `/wiki` so we can build paths uniformly. */
+export function normalizeAtlassianBaseUrl(baseUrl) {
+    return baseUrl
+        .trim()
+        .replace(/\/+$/, '')
+        .replace(/\/wiki$/i, '');
+}
+/** Whether a decoded IPv4 address is loopback / link-local (metadata) / RFC1918. */
+function isPrivateV4(parts) {
+    const [a, b] = parts;
+    if (a === 127 || a === 0 || a === 10)
+        return true;
+    if (a === 169 && b === 254)
+        return true;
+    if (a === 192 && b === 168)
+        return true;
+    if (a === 172 && b >= 16 && b <= 31)
+        return true;
+    return false;
+}
+/** Parse a plain dotted-decimal IPv4 literal (each octet 0-255), or null. */
+function decimalV4(host) {
+    const m = host.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+    if (!m)
+        return null;
+    const a = Number(m[1]);
+    const b = Number(m[2]);
+    const c = Number(m[3]);
+    const d = Number(m[4]);
+    if (a > 255 || b > 255 || c > 255 || d > 255)
+        return null;
+    return [a, b, c, d];
+}
+/** Extract the embedded IPv4 of an IPv4-mapped IPv6 literal (`::ffff:…`), or null. */
+function mappedV4(host) {
+    // ::ffff:a.b.c.d
+    const dotted = host.match(/^::ffff:(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+    if (dotted) {
+        const a = Number(dotted[1]);
+        const b = Number(dotted[2]);
+        const c = Number(dotted[3]);
+        const d = Number(dotted[4]);
+        if (a > 255 || b > 255 || c > 255 || d > 255)
+            return null;
+        return [a, b, c, d];
+    }
+    // ::ffff:hhhh:hhhh
+    const hex = host.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/);
+    if (hex) {
+        const hi = parseInt(hex[1] ?? '0', 16);
+        const lo = parseInt(hex[2] ?? '0', 16);
+        return [(hi >> 8) & 0xff, hi & 0xff, (lo >> 8) & 0xff, lo & 0xff];
+    }
+    return null;
+}
+/**
+ * Reject hostnames that point at the worker's own network rather than a public
+ * Atlassian Cloud site. A provider fetches `${baseUrl}/...` with the workspace's
+ * Basic-auth credentials, so an unvalidated base URL turns the worker into an
+ * SSRF proxy (and leaks the API token to an internal host). This is host-literal
+ * defence-in-depth — it does not stop DNS rebinding, but blocks the obvious
+ * internal targets (loopback, link-local/metadata, RFC1918) including the
+ * obfuscated encodings (bare integer, hex/octal octets, IPv4-mapped IPv6) that
+ * trivially bypass a naive dotted-decimal match.
+ */
+function isBlockedAtlassianHost(hostname) {
+    const host = hostname.toLowerCase().replace(/^\[|\]$/g, '');
+    if (host === '')
+        return true;
+    if (host === 'localhost' || host.endsWith('.localhost'))
+        return true;
+    if (host.endsWith('.internal') || host.endsWith('.local'))
+        return true;
+    // IPv6 loopback / link-local / unique-local, plus IPv4-mapped IPv6.
+    if (host.includes(':')) {
+        if (host === '::1' || host === '::')
+            return true;
+        if (host.startsWith('fe80:') || host.startsWith('fc') || host.startsWith('fd'))
+            return true;
+        const mapped = mappedV4(host);
+        if (mapped)
+            return isPrivateV4(mapped);
+        return false;
+    }
+    // Obfuscated numeric IPv4 forms are never a legitimate public hostname.
+    // Bare integer (e.g. 2130706433 === 127.0.0.1).
+    if (/^\d+$/.test(host))
+        return true;
+    const labels = host.split('.');
+    for (const label of labels) {
+        if (/^0x[0-9a-f]+$/.test(label))
+            return true; // hex octet (0x7f)
+        if (/^0[0-9]+$/.test(label))
+            return true; // octal / leading-zero octet (0177)
+    }
+    // Standard dotted-decimal IPv4: public addresses pass, private ones blocked.
+    const v4 = decimalV4(host);
+    if (v4)
+        return isPrivateV4(v4);
+    // A purely numeric dotted host that is not a valid public dotted-decimal IPv4
+    // is some other IP encoding we cannot vouch for — reject when in doubt.
+    if (labels.length > 1 && labels.every((l) => /^\d+$/.test(l)))
+        return true;
+    return false;
+}
+/**
+ * Validate a (normalized) Atlassian base URL before it is stored and later
+ * fetched. Requires `https`, forbids embedded credentials, and rejects
+ * internal/private hosts. Throws {@link ValidationError} on anything unsafe.
+ *
+ * Parsed by hand (no `URL` global) so this stays in the platform-agnostic core.
+ */
+export function assertSafeAtlassianBaseUrl(baseUrl) {
+    const invalid = () => new ValidationError(`Atlassian base URL is not a valid URL: '${baseUrl}'`);
+    const match = baseUrl.match(/^([a-zA-Z][a-zA-Z0-9+.-]*):\/\/([^/?#]*)/);
+    if (!match)
+        throw invalid();
+    if (match[1].toLowerCase() !== 'https') {
+        throw new ValidationError('Atlassian base URL must use https');
+    }
+    const authority = match[2];
+    if (authority.includes('@')) {
+        throw new ValidationError('Atlassian base URL must not contain credentials');
+    }
+    // Drop an optional `:port`, handling a bracketed IPv6 literal (`[::1]:8443`).
+    let host;
+    if (authority.startsWith('[')) {
+        const end = authority.indexOf(']');
+        if (end === -1)
+            throw invalid();
+        host = authority.slice(1, end);
+    }
+    else {
+        host = authority.split(':')[0];
+    }
+    if (host === '')
+        throw invalid();
+    if (isBlockedAtlassianHost(host)) {
+        throw new ValidationError('Atlassian base URL must be a public host');
+    }
+}
+//# sourceMappingURL=atlassian.logic.js.map

package/dist/shared/atlassian.logic.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"atlassian.logic.js","sourceRoot":"","sources":["../../src/shared/atlassian.logic.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAA;AAErD,gFAAgF;AAChF,6EAA6E;AAC7E,gFAAgF;AAChF,gFAAgF;AAChF,gDAAgD;AAEhD,oFAAoF;AACpF,MAAM,UAAU,yBAAyB,CAAC,OAAe;IACvD,OAAO,OAAO;SACX,IAAI,EAAE;SACN,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;SACnB,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAA;AAC5B,CAAC;AAED,oFAAoF;AACpF,SAAS,WAAW,CAAC,KAAuC;IAC1D,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAA;IACpB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAA;IACjD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAA;IACvC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAA;IACvC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAA;IAChD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,6EAA6E;AAC7E,SAAS,SAAS,CAAC,IAAY;IAC7B,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAA;IACpE,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IACnB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACtB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACtB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACtB,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACtB,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG;QAAE,OAAO,IAAI,CAAA;IACzD,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA;AACrB,CAAC;AAED,sFAAsF;AACtF,SAAS,QAAQ,CAAC,IAAY;IAC5B,iBAAiB;IACjB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAA;IAChF,IAAI,MAAM,EAAE,CAAC;QACX,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3B,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3B,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3B,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;QAC3B,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG;YAAE,OAAO,IAAI,CAAA;QACzD,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA;IACrB,CAAC;IACD,mBAAmB;IACnB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAA;IAClE,IAAI,GAAG,EAAE,CAAC;QACR,MAAM,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAA;QACtC,MAAM,EAAE,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAA;QACtC,OAAO,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,IAAI,EAAE,EAAE,GAAG,IAAI,CAAC,CAAA;IACnE,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,sBAAsB,CAAC,QAAgB;IAC9C,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAA;IAC3D,IAAI,IAAI,KAAK,EAAE;QAAE,OAAO,IAAI,CAAA;IAC5B,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAA;IACpE,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAA;IAEtE,oEAAoE;IACpE,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,IAAI,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,IAAI;YAAE,OAAO,IAAI,CAAA;QAChD,IAAI,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAA;QAC3F,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAA;QAC7B,IAAI,MAAM;YAAE,OAAO,WAAW,CAAC,MAAM,CAAC,CAAA;QACtC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,wEAAwE;IACxE,gDAAgD;IAChD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAA;IACnC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC9B,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA,CAAC,mBAAmB;QAChE,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAA,CAAC,oCAAoC;IAC/E,CAAC;IAED,6EAA6E;IAC7E,MAAM,EAAE,GAAG,SAAS,CAAC,IAAI,CAAC,CAAA;IAC1B,IAAI,EAAE;QAAE,OAAO,WAAW,CAAC,EAAE,CAAC,CAAA;IAE9B,8EAA8E;IAC9E,wEAAwE;IACxE,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IAE1E,OAAO,KAAK,CAAA;AACd,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,0BAA0B,CAAC,OAAe;IACxD,MAAM,OAAO,GAAG,GAAG,EAAE,CAAC,IAAI,eAAe,CAAC,2CAA2C,OAAO,GAAG,CAAC,CAAA;IAChG,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAA;IACvE,IAAI,CAAC,KAAK;QAAE,MAAM,OAAO,EAAE,CAAA;IAE3B,IAAI,KAAK,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,KAAK,OAAO,EAAE,CAAC;QACxC,MAAM,IAAI,eAAe,CAAC,mCAAmC,CAAC,CAAA;IAChE,CAAC;IACD,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAE,CAAA;IAC3B,IAAI,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,eAAe,CAAC,iDAAiD,CAAC,CAAA;IAC9E,CAAC;IACD,8EAA8E;IAC9E,IAAI,IAAY,CAAA;IAChB,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAClC,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,MAAM,OAAO,EAAE,CAAA;QAC/B,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAA;IAChC,CAAC;SAAM,CAAC;QACN,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAA;IACjC,CAAC;IACD,IAAI,IAAI,KAAK,EAAE;QAAE,MAAM,OAAO,EAAE,CAAA;IAChC,IAAI,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,eAAe,CAAC,0CAA0C,CAAC,CAAA;IACvE,CAAC;AACH,CAAC"}

package/dist/shared/markdown.logic.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+/** Strip lightweight Markdown markers into collapsed plain text. */
+export declare function markdownToText(markdown: string): string;
+/** A short plain-text excerpt of a Markdown body, for list/preview rendering. */
+export declare function buildExcerpt(markdown: string, max?: number): string;
+//# sourceMappingURL=markdown.logic.d.ts.map

package/dist/shared/markdown.logic.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"markdown.logic.d.ts","sourceRoot":"","sources":["../../src/shared/markdown.logic.ts"],"names":[],"mappings":"AAKA,oEAAoE;AACpE,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CASvD;AAED,iFAAiF;AACjF,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,SAAM,GAAG,MAAM,CAGhE"}

package/dist/shared/markdown.logic.js ADDED Viewed

@@ -0,0 +1,21 @@
+// Source-agnostic Markdown helpers shared by the integrations that normalize an
+// external body to lightweight Markdown (document sources, task sources, …):
+// collapsing the markers into plain text and deriving a short excerpt. Kept pure
+// so they stay trivially testable and reusable across modules.
+/** Strip lightweight Markdown markers into collapsed plain text. */
+export function markdownToText(markdown) {
+    return markdown
+        .replace(/`{1,3}/g, '')
+        .replace(/^[ \t]*#{1,6}[ \t]+/gm, '')
+        .replace(/^[ \t]*[-*+][ \t]+/gm, '')
+        .replace(/[*_~>]/g, '')
+        .replace(/\[([^\]]*)\]\([^)]*\)/g, '$1')
+        .replace(/\s+/g, ' ')
+        .trim();
+}
+/** A short plain-text excerpt of a Markdown body, for list/preview rendering. */
+export function buildExcerpt(markdown, max = 280) {
+    const text = markdownToText(markdown);
+    return text.length > max ? `${text.slice(0, max - 1).trimEnd()}…` : text;
+}
+//# sourceMappingURL=markdown.logic.js.map

package/dist/shared/markdown.logic.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"markdown.logic.js","sourceRoot":"","sources":["../../src/shared/markdown.logic.ts"],"names":[],"mappings":"AAAA,gFAAgF;AAChF,6EAA6E;AAC7E,iFAAiF;AACjF,+DAA+D;AAE/D,oEAAoE;AACpE,MAAM,UAAU,cAAc,CAAC,QAAgB;IAC7C,OAAO,QAAQ;SACZ,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC;SACtB,OAAO,CAAC,uBAAuB,EAAE,EAAE,CAAC;SACpC,OAAO,CAAC,sBAAsB,EAAE,EAAE,CAAC;SACnC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC;SACtB,OAAO,CAAC,wBAAwB,EAAE,IAAI,CAAC;SACvC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC;SACpB,IAAI,EAAE,CAAA;AACX,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,YAAY,CAAC,QAAgB,EAAE,GAAG,GAAG,GAAG;IACtD,MAAM,IAAI,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAA;IACrC,OAAO,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAA;AAC1E,CAAC"}

package/dist/shared/source-registry.logic.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/** Generic by-kind provider registry: look a provider up by its `kind`, or list them all. */
+export declare class MapSourceRegistry<K, P extends {
+    kind: K;
+}> {
+    private readonly byKind;
+    constructor(providers: P[]);
+    get(kind: K): P | undefined;
+    list(): P[];
+}
+//# sourceMappingURL=source-registry.logic.d.ts.map

package/dist/shared/source-registry.logic.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"source-registry.logic.d.ts","sourceRoot":"","sources":["../../src/shared/source-registry.logic.ts"],"names":[],"mappings":"AAIA,6FAA6F;AAC7F,qBAAa,iBAAiB,CAAC,CAAC,EAAE,CAAC,SAAS;IAAE,IAAI,EAAE,CAAC,CAAA;CAAE;IACrD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAW;IAElC,YAAY,SAAS,EAAE,CAAC,EAAE,EAEzB;IAED,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,GAAG,SAAS,CAE1B;IAED,IAAI,IAAI,CAAC,EAAE,CAEV;CACF"}

package/dist/shared/source-registry.logic.js ADDED Viewed

@@ -0,0 +1,17 @@
+// A trivial in-memory provider registry built from the wired providers, keyed by
+// each provider's `kind`. Shared by the document- and task-source integrations,
+// which only differ in the provider/kind types they carry.
+/** Generic by-kind provider registry: look a provider up by its `kind`, or list them all. */
+export class MapSourceRegistry {
+    byKind;
+    constructor(providers) {
+        this.byKind = new Map(providers.map((p) => [p.kind, p]));
+    }
+    get(kind) {
+        return this.byKind.get(kind);
+    }
+    list() {
+        return [...this.byKind.values()];
+    }
+}
+//# sourceMappingURL=source-registry.logic.js.map

package/dist/shared/source-registry.logic.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"source-registry.logic.js","sourceRoot":"","sources":["../../src/shared/source-registry.logic.ts"],"names":[],"mappings":"AAAA,iFAAiF;AACjF,gFAAgF;AAChF,2DAA2D;AAE3D,6FAA6F;AAC7F,MAAM,OAAO,iBAAiB;IACX,MAAM,CAAW;IAElC,YAAY,SAAc;QACxB,IAAI,CAAC,MAAM,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;IAC1D,CAAC;IAED,GAAG,CAAC,IAAO;QACT,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;IAC9B,CAAC;IAED,IAAI;QACF,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAA;IAClC,CAAC;CACF"}

package/dist/shared/tasks-prompt.logic.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { TaskComment } from '../domain/types.js';
+/** The plain shape the prompt renderer consumes (decoupled from the ports). */
+export interface TaskContextView {
+    key: string;
+    url: string;
+    title: string;
+    status: string;
+    type: string;
+    assignee: string | null;
+    priority: string | null;
+    labels: string[];
+    description: string;
+    comments: TaskComment[];
+}
+export declare function renderTaskContext(view: TaskContextView): string;
+//# sourceMappingURL=tasks-prompt.logic.d.ts.map

package/dist/shared/tasks-prompt.logic.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tasks-prompt.logic.d.ts","sourceRoot":"","sources":["../../src/shared/tasks-prompt.logic.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAKrD,+EAA+E;AAC/E,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,WAAW,EAAE,CAAA;CACxB;AAUD,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,eAAe,GAAG,MAAM,CAc/D"}

package/dist/shared/tasks-prompt.logic.js ADDED Viewed

@@ -0,0 +1,29 @@
+import { buildExcerpt } from './markdown.logic.js';
+const MAX_CONTEXT_COMMENTS = 5;
+function metadataLine(view) {
+    const parts = [`Status: ${view.status || '(unknown)'}`, `Type: ${view.type || '(unknown)'}`];
+    if (view.assignee)
+        parts.push(`Assignee: ${view.assignee}`);
+    if (view.priority)
+        parts.push(`Priority: ${view.priority}`);
+    if (view.labels.length)
+        parts.push(`Labels: ${view.labels.join(', ')}`);
+    return parts.join(' · ');
+}
+export function renderTaskContext(view) {
+    const lines = [`### [${view.key}] ${view.title} (${view.url})`, metadataLine(view)];
+    const description = view.description.trim();
+    if (description)
+        lines.push('', description);
+    const recent = view.comments.slice(-MAX_CONTEXT_COMMENTS);
+    if (recent.length) {
+        lines.push('', 'Recent comments:');
+        for (const c of recent) {
+            const who = c.author || 'unknown';
+            const when = c.createdAt ? ` (${c.createdAt.slice(0, 10)})` : '';
+            lines.push(`- ${who}${when}: ${buildExcerpt(c.body, 200)}`);
+        }
+    }
+    return lines.join('\n');
+}
+//# sourceMappingURL=tasks-prompt.logic.js.map

package/dist/shared/tasks-prompt.logic.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tasks-prompt.logic.js","sourceRoot":"","sources":["../../src/shared/tasks-prompt.logic.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAA;AAElD,MAAM,oBAAoB,GAAG,CAAC,CAAA;AAgB9B,SAAS,YAAY,CAAC,IAAqB;IACzC,MAAM,KAAK,GAAG,CAAC,WAAW,IAAI,CAAC,MAAM,IAAI,WAAW,EAAE,EAAE,SAAS,IAAI,CAAC,IAAI,IAAI,WAAW,EAAE,CAAC,CAAA;IAC5F,IAAI,IAAI,CAAC,QAAQ;QAAE,KAAK,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC3D,IAAI,IAAI,CAAC,QAAQ;QAAE,KAAK,CAAC,IAAI,CAAC,aAAa,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAA;IAC3D,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IACvE,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAqB;IACrD,MAAM,KAAK,GAAG,CAAC,QAAQ,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,GAAG,GAAG,EAAE,YAAY,CAAC,IAAI,CAAC,CAAC,CAAA;IACnF,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAA;IAC3C,IAAI,WAAW;QAAE,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,WAAW,CAAC,CAAA;IAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,oBAAoB,CAAC,CAAA;IACzD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE,kBAAkB,CAAC,CAAA;QAClC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;YACvB,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,IAAI,SAAS,CAAA;YACjC,MAAM,IAAI,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAA;YAChE,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,GAAG,IAAI,KAAK,YAAY,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC,CAAA;QAC7D,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACzB,CAAC"}

package/dist/workspace-guard.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type { WorkspaceRepository } from './ports/repositories.js';
+import type { Workspace } from './domain/types.js';
+export declare function requireWorkspace(repository: WorkspaceRepository, id: string): Promise<Workspace>;
+//# sourceMappingURL=workspace-guard.d.ts.map

package/dist/workspace-guard.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"workspace-guard.d.ts","sourceRoot":"","sources":["../src/workspace-guard.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAA;AAClE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAElD,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,mBAAmB,EAC/B,EAAE,EAAE,MAAM,GACT,OAAO,CAAC,SAAS,CAAC,CAEpB"}

package/dist/workspace-guard.js ADDED Viewed

@@ -0,0 +1,5 @@
+import { assertFound } from './domain/errors.js';
+export async function requireWorkspace(repository, id) {
+    return assertFound(await repository.get(id), 'Workspace', id);
+}
+//# sourceMappingURL=workspace-guard.js.map

package/dist/workspace-guard.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"workspace-guard.js","sourceRoot":"","sources":["../src/workspace-guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAIhD,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,UAA+B,EAC/B,EAAU;IAEV,OAAO,WAAW,CAAC,MAAM,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,WAAW,EAAE,EAAE,CAAC,CAAA;AAC/D,CAAC"}