@defai.digital/guard 13.4.4 → 13.4.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/executor.d.ts +1 -0
- package/dist/executor.d.ts.map +1 -1
- package/dist/executor.js +58 -9
- package/dist/executor.js.map +1 -1
- package/dist/gates/contract-tests.d.ts.map +1 -1
- package/dist/gates/contract-tests.js +9 -3
- package/dist/gates/contract-tests.js.map +1 -1
- package/dist/gates/dependency.d.ts.map +1 -1
- package/dist/gates/dependency.js +34 -4
- package/dist/gates/dependency.js.map +1 -1
- package/dist/gates/index.d.ts +1 -0
- package/dist/gates/index.d.ts.map +1 -1
- package/dist/gates/index.js +2 -0
- package/dist/gates/index.js.map +1 -1
- package/dist/gates/path.d.ts.map +1 -1
- package/dist/gates/path.js +2 -1
- package/dist/gates/path.js.map +1 -1
- package/dist/gates/secrets.d.ts.map +1 -1
- package/dist/gates/secrets.js +24 -4
- package/dist/gates/secrets.js.map +1 -1
- package/dist/gates/task-classifier.d.ts +23 -0
- package/dist/gates/task-classifier.d.ts.map +1 -0
- package/dist/gates/task-classifier.js +233 -0
- package/dist/gates/task-classifier.js.map +1 -0
- package/package.json +3 -3
package/dist/executor.d.ts
CHANGED
|
@@ -14,6 +14,7 @@
|
|
|
14
14
|
import type { GovernanceContext, GuardResult } from './types.js';
|
|
15
15
|
/**
|
|
16
16
|
* Gets list of changed files from git
|
|
17
|
+
* INV-GUARD-SEC-001: Branch names are validated before use in shell commands
|
|
17
18
|
*/
|
|
18
19
|
export declare function getChangedFiles(baseBranch: string): Promise<string[]>;
|
|
19
20
|
/**
|
package/dist/executor.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAIH,OAAO,KAAK,EACV,iBAAiB,EAEjB,WAAW,EAGZ,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAIH,OAAO,KAAK,EACV,iBAAiB,EAEjB,WAAW,EAGZ,MAAM,YAAY,CAAC;AAuDpB;;;GAGG;AACH,wBAAsB,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CA8C3E;AAyGD;;;;;;;GAOG;AACH,wBAAsB,YAAY,CAChC,OAAO,EAAE,iBAAiB,EAC1B,YAAY,EAAE,MAAM,EAAE,GACrB,OAAO,CAAC,WAAW,CAAC,CAqEtB"}
|
package/dist/executor.js
CHANGED
|
@@ -19,6 +19,7 @@ import { dependencyGate } from './gates/dependency.js';
|
|
|
19
19
|
import { contractTestGate } from './gates/contract-tests.js';
|
|
20
20
|
import { configValidationGate, sensitiveChangeGate } from './gates/config.js';
|
|
21
21
|
import { secretsDetectionGate } from './gates/secrets.js';
|
|
22
|
+
import { taskClassifierGate } from './gates/task-classifier.js';
|
|
22
23
|
const execAsync = promisify(exec);
|
|
23
24
|
/**
|
|
24
25
|
* Agent selection gate wrapper
|
|
@@ -49,12 +50,28 @@ const GATES = {
|
|
|
49
50
|
sensitive_change: sensitiveChangeGate,
|
|
50
51
|
secrets_detection: secretsDetectionGate,
|
|
51
52
|
agent_selection: agentSelectionGateWrapper,
|
|
53
|
+
task_classifier: taskClassifierGate,
|
|
52
54
|
};
|
|
55
|
+
/**
|
|
56
|
+
* Validates a git branch name to prevent command injection
|
|
57
|
+
* INV-GUARD-SEC-001: Sanitize git branch names before shell execution
|
|
58
|
+
*/
|
|
59
|
+
function isValidGitBranchName(branch) {
|
|
60
|
+
// Git branch names cannot contain: space, ~, ^, :, ?, *, [, \, control chars
|
|
61
|
+
// Also reject shell metacharacters: ;, |, &, $, `, (, ), {, }, <, >, ', "
|
|
62
|
+
const invalidChars = /[\s~^:?*[\]\\;|&$`(){}><'"]/;
|
|
63
|
+
return branch.length > 0 && branch.length <= 255 && !invalidChars.test(branch);
|
|
64
|
+
}
|
|
53
65
|
/**
|
|
54
66
|
* Gets list of changed files from git
|
|
67
|
+
* INV-GUARD-SEC-001: Branch names are validated before use in shell commands
|
|
55
68
|
*/
|
|
56
69
|
export async function getChangedFiles(baseBranch) {
|
|
57
70
|
try {
|
|
71
|
+
// Validate branch name to prevent command injection
|
|
72
|
+
if (!isValidGitBranchName(baseBranch)) {
|
|
73
|
+
throw new Error(`Invalid branch name: "${baseBranch}"`);
|
|
74
|
+
}
|
|
58
75
|
const { stdout } = await execAsync(`git diff --name-only ${baseBranch}...HEAD`, { cwd: process.cwd() });
|
|
59
76
|
return stdout
|
|
60
77
|
.trim()
|
|
@@ -74,13 +91,21 @@ export async function getChangedFiles(baseBranch) {
|
|
|
74
91
|
}
|
|
75
92
|
catch {
|
|
76
93
|
// If that also fails, check staged files
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
94
|
+
// INV-GUARD-SEC-002: Final fallback wrapped in try-catch
|
|
95
|
+
try {
|
|
96
|
+
const { stdout } = await execAsync('git diff --name-only --cached', {
|
|
97
|
+
cwd: process.cwd(),
|
|
98
|
+
});
|
|
99
|
+
return stdout
|
|
100
|
+
.trim()
|
|
101
|
+
.split('\n')
|
|
102
|
+
.filter((f) => f.length > 0);
|
|
103
|
+
}
|
|
104
|
+
catch {
|
|
105
|
+
// Not in a git repository or git unavailable - return empty array
|
|
106
|
+
console.warn('[guard] Unable to get changed files from git - not in a git repository?');
|
|
107
|
+
return [];
|
|
108
|
+
}
|
|
84
109
|
}
|
|
85
110
|
}
|
|
86
111
|
}
|
|
@@ -170,9 +195,33 @@ function generateSuggestions(gateResults) {
|
|
|
170
195
|
export async function executeGates(context, changedFiles) {
|
|
171
196
|
// INV-GUARD-004: Order Independence - gates can be executed in parallel
|
|
172
197
|
// INV-GUARD-006: No Side Effects - parallel execution is safe
|
|
173
|
-
|
|
198
|
+
// INV-GUARD-SEC-003: Validate gate types and handle errors gracefully
|
|
199
|
+
const gateResults = await Promise.all(context.enabledGates.map(async (gateType) => {
|
|
174
200
|
const gate = GATES[gateType];
|
|
175
|
-
|
|
201
|
+
// Validate gate exists
|
|
202
|
+
if (!gate) {
|
|
203
|
+
console.warn(`[guard] Unknown gate type: "${gateType}", skipping`);
|
|
204
|
+
return {
|
|
205
|
+
gate: gateType,
|
|
206
|
+
status: 'WARN',
|
|
207
|
+
message: `Unknown gate type: ${gateType}`,
|
|
208
|
+
details: { error: 'Gate not found in registry' },
|
|
209
|
+
};
|
|
210
|
+
}
|
|
211
|
+
// Catch errors from individual gates to prevent masking other results
|
|
212
|
+
try {
|
|
213
|
+
return await gate(context, changedFiles);
|
|
214
|
+
}
|
|
215
|
+
catch (error) {
|
|
216
|
+
const errorMessage = error instanceof Error ? error.message : String(error);
|
|
217
|
+
console.error(`[guard] Gate "${gateType}" threw error: ${errorMessage}`);
|
|
218
|
+
return {
|
|
219
|
+
gate: gateType,
|
|
220
|
+
status: 'FAIL',
|
|
221
|
+
message: `Gate execution failed: ${errorMessage}`,
|
|
222
|
+
details: { error: errorMessage },
|
|
223
|
+
};
|
|
224
|
+
}
|
|
176
225
|
}));
|
|
177
226
|
// Determine overall status
|
|
178
227
|
const hasFail = gateResults.some((r) => r.status === 'FAIL');
|
package/dist/executor.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"executor.js","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAQtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC9E,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"executor.js","sourceRoot":"","sources":["../src/executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAQtC,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC9E,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAEhE,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;AAElC;;;;;;;;;GASG;AACH,MAAM,yBAAyB,GAAiB,KAAK,IAAI,EAAE;IACzD,OAAO;QACL,IAAI,EAAE,iBAAiB;QACvB,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,2FAA2F;KACrG,CAAC;AACJ,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,KAAK,GAAmC;IAC5C,cAAc,EAAE,iBAAiB;IACjC,aAAa,EAAE,gBAAgB;IAC/B,UAAU,EAAE,cAAc;IAC1B,cAAc,EAAE,gBAAgB;IAChC,iBAAiB,EAAE,oBAAoB;IACvC,gBAAgB,EAAE,mBAAmB;IACrC,iBAAiB,EAAE,oBAAoB;IACvC,eAAe,EAAE,yBAAyB;IAC1C,eAAe,EAAE,kBAAkB;CACpC,CAAC;AAEF;;;GAGG;AACH,SAAS,oBAAoB,CAAC,MAAc;IAC1C,6EAA6E;IAC7E,0EAA0E;IAC1E,MAAM,YAAY,GAAG,6BAA6B,CAAC;IACnD,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACjF,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,UAAkB;IACtD,IAAI,CAAC;QACH,oDAAoD;QACpD,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,yBAAyB,UAAU,GAAG,CAAC,CAAC;QAC1D,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAChC,wBAAwB,UAAU,SAAS,EAC3C,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CACvB,CAAC;QAEF,OAAO,MAAM;aACV,IAAI,EAAE;aACN,KAAK,CAAC,IAAI,CAAC;aACX,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,+DAA+D;QAC/D,IAAI,CAAC;YACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,6BAA6B,EAAE;gBAChE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;aACnB,CAAC,CAAC;YAEH,OAAO,MAAM;iBACV,IAAI,EAAE;iBACN,KAAK,CAAC,IAAI,CAAC;iBACX,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACjC,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;YACzC,yDAAyD;YACzD,IAAI,CAAC;gBACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,SAAS,CAAC,+BAA+B,EAAE;oBAClE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;iBACnB,CAAC,CAAC;gBAEH,OAAO,MAAM;qBACV,IAAI,EAAE;qBACN,KAAK,CAAC,IAAI,CAAC;qBACX,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACjC,CAAC;YAAC,MAAM,CAAC;gBACP,kEAAkE;gBAClE,OAAO,CAAC,IAAI,CAAC,yEAAyE,CAAC,CAAC;gBACxF,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAwBD,SAAS,mBAAmB,CAAC,WAAyB;IACpD,MAAM,WAAW,GAAa,EAAE,CAAC;IAEjC,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;QACjC,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM;YAAE,SAAS;QAEvC,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;YACpB,KAAK,gBAAgB,CAAC,CAAC,CAAC;gBACtB,MAAM,OAAO,GAAG,MAAM,CAAC,OAA2C,CAAC;gBACnE,MAAM,SAAS,GAAG,OAAO,EAAE,uBAAuB,CAAC;gBACnD,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACpD,WAAW,CAAC,IAAI,CACd,sCAAsC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACzE,CAAC;gBACJ,CAAC;gBACD,MAAM,OAAO,GAAG,OAAO,EAAE,mBAAmB,CAAC;gBAC7C,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAChD,WAAW,CAAC,IAAI,CACd,0DAA0D,CAC3D,CAAC;gBACJ,CAAC;gBACD,MAAM;YACR,CAAC;YACD,KAAK,eAAe,CAAC,CAAC,CAAC;gBACrB,WAAW,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;gBAC5D,WAAW,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;gBACzD,MAAM;YACR,CAAC;YACD,KAAK,YAAY,CAAC,CAAC,CAAC;gBAClB,WAAW,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;gBACtE,WAAW,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;gBACvE,MAAM;YACR,CAAC;YACD,KAAK,gBAAgB,CAAC,CAAC,CAAC;gBACtB,MAAM,OAAO,GAAG,MAAM,CAAC,OAA0C,CAAC;gBAClE,MAAM,QAAQ,GAAG,OAAO,EAAE,iBAAiB,CAAC;gBAC5C,IAAI,QAAQ,KAAK,SAAS,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAClD,WAAW,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAC;oBAC1E,WAAW,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;gBAC7D,CAAC;qBAAM,CAAC;oBACN,WAAW,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;oBACxD,WAAW,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;gBAC9D,CAAC;gBACD,MAAM;YACR,CAAC;YACD,KAAK,mBAAmB,CAAC,CAAC,CAAC;gBACzB,WAAW,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;gBACzD,WAAW,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;gBACzE,WAAW,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;gBAC3D,MAAM;YACR,CAAC;YACD,KAAK,kBAAkB,CAAC,CAAC,CAAC;gBACxB,WAAW,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;gBACvE,WAAW,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;gBACtE,WAAW,CAAC,IAAI,CAAC,+CAA+C,CAAC,CAAC;gBAClE,MAAM;YACR,CAAC;YACD,KAAK,mBAAmB,CAAC,CAAC,CAAC;gBACzB,MAAM,OAAO,GAAG,MAAM,CAAC,OAA8C,CAAC;gBACtE,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC;gBACjC,IAAI,OAAO,KAAK,SAAS,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAChD,kCAAkC;oBAClC,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;oBACtE,WAAW,CAAC,IAAI,CAAC,kCAAkC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC7E,CAAC;gBACD,WAAW,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAC;gBACnF,WAAW,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;gBACzE,MAAM;YACR,CAAC;YACD,KAAK,iBAAiB,CAAC,CAAC,CAAC;gBACvB,WAAW,CAAC,IAAI,CAAC,oEAAoE,CAAC,CAAC;gBACvF,WAAW,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;gBACzE,WAAW,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;gBAC7D,MAAM;YACR,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,cAAc;AAClD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,OAA0B,EAC1B,YAAsB;IAEtB,wEAAwE;IACxE,8DAA8D;IAC9D,sEAAsE;IACtE,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CACnC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;QAC1C,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC7B,uBAAuB;QACvB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CAAC,+BAA+B,QAAQ,aAAa,CAAC,CAAC;YACnE,OAAO;gBACL,IAAI,EAAE,QAAQ;gBACd,MAAM,EAAE,MAAe;gBACvB,OAAO,EAAE,sBAAsB,QAAQ,EAAE;gBACzC,OAAO,EAAE,EAAE,KAAK,EAAE,4BAA4B,EAAE;aACjD,CAAC;QACJ,CAAC;QACD,sEAAsE;QACtE,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5E,OAAO,CAAC,KAAK,CAAC,iBAAiB,QAAQ,kBAAkB,YAAY,EAAE,CAAC,CAAC;YACzE,OAAO;gBACL,IAAI,EAAE,QAAQ;gBACd,MAAM,EAAE,MAAe;gBACvB,OAAO,EAAE,0BAA0B,YAAY,EAAE;gBACjD,OAAO,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE;aACjC,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IAEF,2BAA2B;IAC3B,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IAC7D,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;IAE7D,IAAI,MAAgC,CAAC;IACrC,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,GAAG,MAAM,CAAC;IAClB,CAAC;SAAM,IAAI,OAAO,EAAE,CAAC;QACnB,MAAM,GAAG,MAAM,CAAC;IAClB,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,MAAM,CAAC;IAClB,CAAC;IAED,mBAAmB;IACnB,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACrE,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IACrE,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAErE,IAAI,OAAe,CAAC;IACpB,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,GAAG,OAAO,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,2BAA2B,CAAC;IACzE,CAAC;SAAM,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QAC7B,OAAO,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,qBAAqB,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC;IAC1E,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,gBAAgB,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC;IACrE,CAAC;IAED,OAAO;QACL,MAAM;QACN,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,KAAK,EAAE,WAAW;QAClB,OAAO;QACP,WAAW,EAAE,mBAAmB,CAAC,WAAW,CAAC;QAC7C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contract-tests.d.ts","sourceRoot":"","sources":["../../src/gates/contract-tests.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"contract-tests.d.ts","sourceRoot":"","sources":["../../src/gates/contract-tests.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AA0EjE;;;;;GAKG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,iBAAiB,EAC1B,YAAY,EAAE,MAAM,EAAE,GACrB,OAAO,CAAC,UAAU,CAAC,CA4DrB"}
|
|
@@ -9,10 +9,10 @@
|
|
|
9
9
|
* - INV-GUARD-TEST-002: No Test Modification - if contract test files modified, gate MUST FAIL
|
|
10
10
|
* - INV-GUARD-TEST-003: Test Isolation - contract tests run in isolation from other tests
|
|
11
11
|
*/
|
|
12
|
-
import {
|
|
12
|
+
import { execFile } from 'node:child_process';
|
|
13
13
|
import { promisify } from 'node:util';
|
|
14
14
|
import { TIMEOUT_GATE_CONTRACT_TEST } from '@defai.digital/contracts';
|
|
15
|
-
const
|
|
15
|
+
const execFileAsync = promisify(execFile);
|
|
16
16
|
/**
|
|
17
17
|
* Maps contract names to test file patterns
|
|
18
18
|
*/
|
|
@@ -39,6 +39,7 @@ function checkTestFileModifications(changedFiles, requiredContracts) {
|
|
|
39
39
|
}
|
|
40
40
|
/**
|
|
41
41
|
* Runs vitest for specific contract tests
|
|
42
|
+
* INV-GUARD-SEC-002: Use execFile with argument array to prevent command injection
|
|
42
43
|
*/
|
|
43
44
|
async function runContractTests(contracts) {
|
|
44
45
|
if (contracts.length === 0) {
|
|
@@ -51,7 +52,12 @@ async function runContractTests(contracts) {
|
|
|
51
52
|
return { passed: true, output: 'No test files found for specified contracts' };
|
|
52
53
|
}
|
|
53
54
|
try {
|
|
54
|
-
|
|
55
|
+
// Use execFile with argument array to prevent command injection
|
|
56
|
+
const args = ['vitest', 'run', ...testFiles, '--reporter=line'];
|
|
57
|
+
const { stdout } = await execFileAsync('npx', args, {
|
|
58
|
+
cwd: process.cwd(),
|
|
59
|
+
timeout: TIMEOUT_GATE_CONTRACT_TEST,
|
|
60
|
+
});
|
|
55
61
|
return { passed: true, output: stdout };
|
|
56
62
|
}
|
|
57
63
|
catch (error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contract-tests.js","sourceRoot":"","sources":["../../src/gates/contract-tests.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"contract-tests.js","sourceRoot":"","sources":["../../src/gates/contract-tests.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,0BAA0B,EAAE,MAAM,0BAA0B,CAAC;AAGtE,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C;;GAEG;AACH,MAAM,mBAAmB,GAA2B;IAClD,QAAQ,EAAE,iCAAiC;IAC3C,OAAO,EAAE,gCAAgC;IACzC,MAAM,EAAE,+BAA+B;IACvC,KAAK,EAAE,8BAA8B;IACrC,GAAG,EAAE,4BAA4B;CAClC,CAAC;AAEF;;;GAGG;AACH,SAAS,0BAA0B,CACjC,YAAsB,EACtB,iBAA2B;IAE3B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,QAAQ,IAAI,iBAAiB,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,QAAQ,KAAK,SAAS,IAAI,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9D,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,gBAAgB,CAC7B,SAAmB;IAEnB,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IAC1D,CAAC;IAED,MAAM,SAAS,GAAG,SAAS;SACxB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC;SAClC,MAAM,CAAC,CAAC,CAAC,EAAe,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;IAE/C,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,6CAA6C,EAAE,CAAC;IACjF,CAAC;IAED,IAAI,CAAC;QACH,gEAAgE;QAChE,MAAM,IAAI,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAG,SAAS,EAAE,iBAAiB,CAAC,CAAC;QAChE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE;YAClD,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;YAClB,OAAO,EAAE,0BAA0B;SACpC,CAAC,CAAC;QAEH,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC1C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;YAChD,MAAM,MAAM,GAAI,KAA4B,CAAC,MAAM,IAAI,EAAE,CAAC;YAC1D,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAC3C,CAAC;QAED,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACzE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;IACvD,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAA0B,EAC1B,YAAsB;IAEtB,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAEpD,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,iCAAiC;SAC3C,CAAC;IACJ,CAAC;IAED,yDAAyD;IACzD,MAAM,iBAAiB,GAAG,0BAA0B,CAClD,YAAY,EACZ,iBAAiB,CAClB,CAAC;IAEF,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,+CAA+C;YACxD,OAAO,EAAE;gBACP,iBAAiB;gBACjB,MAAM,EACJ,qFAAqF;aACxF;SACF,CAAC;IACJ,CAAC;IAED,yBAAyB;IACzB,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,iBAAiB,CAAC,CAAC;IAEzD,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,sCAAsC,MAAM,CAAC,KAAK,EAAE;YAC7D,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE;SACjC,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,OAAO;YACL,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,8BAA8B,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACrE,OAAO,EAAE,EAAE,SAAS,EAAE,iBAAiB,EAAE;SAC1C,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,gBAAgB;QACtB,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,8BAA8B,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;QACrE,OAAO,EAAE;YACP,SAAS,EAAE,iBAAiB;YAC5B,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,oBAAoB;SAC3D;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dependency.d.ts","sourceRoot":"","sources":["../../src/gates/dependency.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"dependency.d.ts","sourceRoot":"","sources":["../../src/gates/dependency.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAgGjE;;;;;GAKG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,iBAAiB,EAC3B,YAAY,EAAE,MAAM,EAAE,GACrB,OAAO,CAAC,UAAU,CAAC,CAuCrB"}
|
package/dist/gates/dependency.js
CHANGED
|
@@ -9,21 +9,51 @@
|
|
|
9
9
|
* - INV-GUARD-DEP-002: Existing Rules - use project's .dependency-cruiser.cjs configuration
|
|
10
10
|
* - INV-GUARD-DEP-003: New Violations Only - only report violations in changed files
|
|
11
11
|
*/
|
|
12
|
-
import {
|
|
12
|
+
import { execFile } from 'node:child_process';
|
|
13
13
|
import { promisify } from 'node:util';
|
|
14
14
|
import { TIMEOUT_GATE_DEPENDENCY } from '@defai.digital/contracts';
|
|
15
|
-
const
|
|
15
|
+
const execFileAsync = promisify(execFile);
|
|
16
|
+
/**
|
|
17
|
+
* Validates a file path to prevent command injection
|
|
18
|
+
* INV-GUARD-SEC-002: Sanitize file paths before shell execution
|
|
19
|
+
*/
|
|
20
|
+
function isValidFilePath(path) {
|
|
21
|
+
// Reject paths containing shell metacharacters
|
|
22
|
+
// Valid paths: alphanumeric, /, ., -, _, @
|
|
23
|
+
const validPattern = /^[a-zA-Z0-9/.@_-]+$/;
|
|
24
|
+
return path.length > 0 && path.length <= 500 && validPattern.test(path);
|
|
25
|
+
}
|
|
16
26
|
/**
|
|
17
27
|
* Runs dependency-cruiser and returns any violations
|
|
28
|
+
* INV-GUARD-SEC-002: Use execFile with argument array to prevent command injection
|
|
18
29
|
*/
|
|
19
30
|
async function runDependencyCruiser(files) {
|
|
20
31
|
if (files.length === 0) {
|
|
21
32
|
return { violations: [] };
|
|
22
33
|
}
|
|
34
|
+
// Validate all file paths to prevent command injection
|
|
35
|
+
const invalidFiles = files.filter((f) => !isValidFilePath(f));
|
|
36
|
+
if (invalidFiles.length > 0) {
|
|
37
|
+
return {
|
|
38
|
+
violations: [],
|
|
39
|
+
error: `Invalid file paths detected: ${invalidFiles.slice(0, 3).join(', ')}`,
|
|
40
|
+
};
|
|
41
|
+
}
|
|
23
42
|
try {
|
|
24
|
-
// Run dependency-cruiser on specific files
|
|
43
|
+
// Run dependency-cruiser on specific files using execFile for safety
|
|
25
44
|
// Use --output-type err to get just violations
|
|
26
|
-
const
|
|
45
|
+
const args = [
|
|
46
|
+
'dependency-cruiser',
|
|
47
|
+
...files,
|
|
48
|
+
'--config',
|
|
49
|
+
'.dependency-cruiser.cjs',
|
|
50
|
+
'--output-type',
|
|
51
|
+
'err',
|
|
52
|
+
];
|
|
53
|
+
const { stdout, stderr } = await execFileAsync('npx', args, {
|
|
54
|
+
cwd: process.cwd(),
|
|
55
|
+
timeout: TIMEOUT_GATE_DEPENDENCY,
|
|
56
|
+
});
|
|
27
57
|
// If there's output, there are violations
|
|
28
58
|
const output = (stdout + stderr).trim();
|
|
29
59
|
if (output.length === 0) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dependency.js","sourceRoot":"","sources":["../../src/gates/dependency.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"dependency.js","sourceRoot":"","sources":["../../src/gates/dependency.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AAGnE,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAE1C;;;GAGG;AACH,SAAS,eAAe,CAAC,IAAY;IACnC,+CAA+C;IAC/C,2CAA2C;IAC3C,MAAM,YAAY,GAAG,qBAAqB,CAAC;IAC3C,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,MAAM,IAAI,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1E,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,oBAAoB,CACjC,KAAe;IAEf,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC5B,CAAC;IAED,uDAAuD;IACvD,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO;YACL,UAAU,EAAE,EAAE;YACd,KAAK,EAAE,gCAAgC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;SAC7E,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,qEAAqE;QACrE,+CAA+C;QAC/C,MAAM,IAAI,GAAG;YACX,oBAAoB;YACpB,GAAG,KAAK;YACR,UAAU;YACV,yBAAyB;YACzB,eAAe;YACf,KAAK;SACN,CAAC;QACF,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE;YAC1D,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE;YAClB,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;QAEH,0CAA0C;QAC1C,MAAM,MAAM,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QACxC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAC5B,CAAC;QAED,+BAA+B;QAC/B,MAAM,UAAU,GAAG,MAAM;aACtB,KAAK,CAAC,IAAI,CAAC;aACX,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAE5C,OAAO,EAAE,UAAU,EAAE,CAAC;IACxB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,qCAAqC;QACrC,IAAI,KAAK,YAAY,KAAK,IAAI,QAAQ,IAAI,KAAK,EAAE,CAAC;YAChD,MAAM,MAAM,GAAI,KAA4B,CAAC,MAAM,IAAI,EAAE,CAAC;YAC1D,MAAM,UAAU,GAAG,MAAM;iBACtB,KAAK,CAAC,IAAI,CAAC;iBACX,MAAM,CAAC,CAAC,IAAY,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAEpD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,EAAE,UAAU,EAAE,CAAC;YACxB,CAAC;QACH,CAAC;QAED,eAAe;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;QACzE,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;IAC5C,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,KAAe;IACxC,OAAO,KAAK,CAAC,MAAM,CACjB,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;QACvB,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC;QACvB,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACrB,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAC5B,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAA2B,EAC3B,YAAsB;IAEtB,MAAM,WAAW,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAC;IAEpD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,oDAAoD;SAC9D,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,WAAW,CAAC,CAAC;IAEvD,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC/B,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,wCAAwC,MAAM,CAAC,KAAK,EAAE;YAC/D,OAAO,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE;SACjC,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO;YACL,IAAI,EAAE,YAAY;YAClB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,+BAA+B,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,UAAU;SAC7E,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,gCAAgC;QAC5E,OAAO,EAAE;YACP,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,YAAY,EAAE,WAAW;SAC1B;KACF,CAAC;AACJ,CAAC"}
|
package/dist/gates/index.d.ts
CHANGED
|
@@ -7,4 +7,5 @@ export { dependencyGate } from './dependency.js';
|
|
|
7
7
|
export { contractTestGate } from './contract-tests.js';
|
|
8
8
|
export { configValidationGate, sensitiveChangeGate, validateConfigData, isSensitivePath, getSensitivePaths, } from './config.js';
|
|
9
9
|
export { agentSelectionGate, validateSelectionPolicy, type AgentSelectionGateContext, type AgentSelectionGateConfig, } from './agent-selection.js';
|
|
10
|
+
export { taskClassifierGate } from './task-classifier.js';
|
|
10
11
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/gates/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,GAC9B,MAAM,sBAAsB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/gates/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAGvD,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,GAC9B,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC"}
|
package/dist/gates/index.js
CHANGED
|
@@ -9,4 +9,6 @@ export { contractTestGate } from './contract-tests.js';
|
|
|
9
9
|
export { configValidationGate, sensitiveChangeGate, validateConfigData, isSensitivePath, getSensitivePaths, } from './config.js';
|
|
10
10
|
// Agent selection governance gate (INV-AGT-SEL)
|
|
11
11
|
export { agentSelectionGate, validateSelectionPolicy, } from './agent-selection.js';
|
|
12
|
+
// Task classifier governance gate (INV-TC, INV-GUARD-TC)
|
|
13
|
+
export { taskClassifierGate } from './task-classifier.js';
|
|
12
14
|
//# sourceMappingURL=index.js.map
|
package/dist/gates/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/gates/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAEvD,6CAA6C;AAC7C,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAErB,gDAAgD;AAChD,OAAO,EACL,kBAAkB,EAClB,uBAAuB,GAGxB,MAAM,sBAAsB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/gates/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAEvD,6CAA6C;AAC7C,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAErB,gDAAgD;AAChD,OAAO,EACL,kBAAkB,EAClB,uBAAuB,GAGxB,MAAM,sBAAsB,CAAC;AAE9B,yDAAyD;AACzD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC"}
|
package/dist/gates/path.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"path.d.ts","sourceRoot":"","sources":["../../src/gates/path.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"path.d.ts","sourceRoot":"","sources":["../../src/gates/path.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AA2BjE;;;;GAIG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,iBAAiB,EAC1B,YAAY,EAAE,MAAM,EAAE,GACrB,OAAO,CAAC,UAAU,CAAC,CA4CrB"}
|
package/dist/gates/path.js
CHANGED
|
@@ -12,10 +12,11 @@
|
|
|
12
12
|
/**
|
|
13
13
|
* Converts a glob pattern to a regex
|
|
14
14
|
* INV-GUARD-PATH-002: ** for recursive, * for single level
|
|
15
|
+
* INV-GUARD-PATH-004: Escape all regex special chars including ?
|
|
15
16
|
*/
|
|
16
17
|
function globToRegex(pattern) {
|
|
17
18
|
const escaped = pattern
|
|
18
|
-
.replace(/[
|
|
19
|
+
.replace(/[.+?^${}()|[\]\\]/g, '\\$&') // Escape special regex chars (including ?)
|
|
19
20
|
.replace(/\*\*/g, '{{GLOBSTAR}}') // Temp placeholder for **
|
|
20
21
|
.replace(/\*/g, '[^/]*') // * matches anything except /
|
|
21
22
|
.replace(/\{\{GLOBSTAR\}\}/g, '.*'); // ** matches anything including /
|
package/dist/gates/path.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"path.js","sourceRoot":"","sources":["../../src/gates/path.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH
|
|
1
|
+
{"version":3,"file":"path.js","sourceRoot":"","sources":["../../src/gates/path.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH;;;;GAIG;AACH,SAAS,WAAW,CAAC,OAAe;IAClC,MAAM,OAAO,GAAG,OAAO;SACpB,OAAO,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC,2CAA2C;SACjF,OAAO,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC,0BAA0B;SAC3D,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,8BAA8B;SACtD,OAAO,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAC,CAAC,kCAAkC;IAEzE,OAAO,IAAI,MAAM,CAAC,IAAI,OAAO,GAAG,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,QAAgB,EAAE,QAAkB;IAC7D,OAAO,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE;QAC/B,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC/B,OAA0B,EAC1B,YAAsB;IAEtB,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,0CAA0C;QAC1C,IAAI,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YACpD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACtB,SAAS;QACX,CAAC;QAED,oCAAoC;QACpC,IACE,OAAO,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;YAC/B,CAAC,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,YAAY,CAAC,EAC9C,CAAC;YACD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,MAAM,aAAa,GAAG,CAAC,GAAG,UAAU,EAAE,GAAG,UAAU,CAAC,CAAC;IAErD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,IAAI,EAAE,gBAAgB;YACtB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,OAAO,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,0CAA0C;SACtF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAA4B,EAAE,CAAC;IAC5C,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,uBAAuB,GAAG,UAAU,CAAC;IAC/C,CAAC;IACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,mBAAmB,GAAG,UAAU,CAAC;IAC3C,CAAC;IAED,OAAO,OAAO,CAAC,OAAO,CAAC;QACrB,IAAI,EAAE,gBAAgB;QACtB,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,GAAG,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,oCAAoC;QAC5E,OAAO;KACR,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/gates/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../src/gates/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAwL9C;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,QAAQ,EAAE,OAAO,EACjB,YAAY,EAAE,MAAM,EAAE,GACrB,OAAO,CAAC,UAAU,CAAC,CAqErB"}
|
package/dist/gates/secrets.js
CHANGED
|
@@ -50,10 +50,20 @@ function shouldIgnoreSecret(secret, ignoredPatterns) {
|
|
|
50
50
|
return true;
|
|
51
51
|
}
|
|
52
52
|
// Pattern match (simple glob: * matches anything)
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
53
|
+
// INV-GUARD-SEC-005: Escape regex special chars before converting glob to prevent ReDoS
|
|
54
|
+
if (pattern.includes('*') || pattern.includes('?')) {
|
|
55
|
+
// Escape special regex characters first, then convert glob wildcards
|
|
56
|
+
const escaped = pattern.replace(/[.+^${}()|[\]\\]/g, '\\$&');
|
|
57
|
+
const regexPattern = escaped.replace(/\*/g, '.*').replace(/\?/g, '.');
|
|
58
|
+
try {
|
|
59
|
+
const regex = new RegExp('^' + regexPattern + '$');
|
|
60
|
+
if (regex.test(secret.file)) {
|
|
61
|
+
return true;
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
catch {
|
|
65
|
+
// Invalid pattern - skip it
|
|
66
|
+
continue;
|
|
57
67
|
}
|
|
58
68
|
}
|
|
59
69
|
// File:line match (e.g., "src/config.ts:42")
|
|
@@ -103,7 +113,17 @@ async function scanFileForSecrets(filePath, cwd) {
|
|
|
103
113
|
// Reset regex state for global patterns
|
|
104
114
|
pattern.pattern.lastIndex = 0;
|
|
105
115
|
let match;
|
|
116
|
+
let lastIndex = -1;
|
|
106
117
|
while ((match = pattern.pattern.exec(line)) !== null) {
|
|
118
|
+
// INV-GUARD-SEC-006: Prevent infinite loop on zero-width matches
|
|
119
|
+
// If lastIndex hasn't advanced, force it forward
|
|
120
|
+
if (pattern.pattern.lastIndex === lastIndex) {
|
|
121
|
+
pattern.pattern.lastIndex++;
|
|
122
|
+
if (pattern.pattern.lastIndex > line.length)
|
|
123
|
+
break;
|
|
124
|
+
continue;
|
|
125
|
+
}
|
|
126
|
+
lastIndex = pattern.pattern.lastIndex;
|
|
107
127
|
secrets.push({
|
|
108
128
|
file: filePath,
|
|
109
129
|
line: lineNum + 1, // 1-indexed
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/gates/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EACL,cAAc,EACd,kBAAkB,GACnB,MAAM,gCAAgC,CAAC;AAyBxC;;;GAGG;AACH,KAAK,UAAU,iBAAiB,CAAC,GAAW;IAC1C,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;IAC1C,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAEnD,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAChC,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,gCAAgC;YAChC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnD,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wDAAwD;IAC1D,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CACzB,MAAsB,EACtB,eAA4B;IAE5B,0BAA0B;IAC1B,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,oBAAoB;QACpB,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,OAAO,EAAE,CAAC,EAAE,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kDAAkD;QAClD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../src/gates/secrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EACL,cAAc,EACd,kBAAkB,GACnB,MAAM,gCAAgC,CAAC;AAyBxC;;;GAGG;AACH,KAAK,UAAU,iBAAiB,CAAC,GAAW;IAC1C,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;IAC1C,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IAEnD,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAChC,OAAO,eAAe,CAAC;IACzB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAElC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,gCAAgC;YAChC,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnD,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wDAAwD;IAC1D,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CACzB,MAAsB,EACtB,eAA4B;IAE5B,0BAA0B;IAC1B,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,oBAAoB;QACpB,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,OAAO,EAAE,CAAC,EAAE,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kDAAkD;QAClD,wFAAwF;QACxF,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACnD,qEAAqE;YACrE,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;YAC7D,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YACtE,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,YAAY,GAAG,GAAG,CAAC,CAAC;gBACnD,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC5B,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;gBAC5B,SAAS;YACX,CAAC;QACH,CAAC;QAED,6CAA6C;QAC7C,IAAI,OAAO,KAAK,GAAG,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;YAChD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,+CAA+C;QAC/C,IAAI,OAAO,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,KAAa;IACjC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACtB,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IACD,qCAAqC;IACrC,OAAO,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;AAC3E,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,kBAAkB,CAC/B,QAAgB,EAChB,GAAW;IAEX,MAAM,OAAO,GAAqB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAErC,kCAAkC;IAClC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,uBAAuB;IACvB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAClD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,QAAQ,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAE9C,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;YACxD,MAAM,IAAI,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAElC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;gBAC/B,wCAAwC;gBACxC,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;gBAE9B,IAAI,KAA6B,CAAC;gBAClC,IAAI,SAAS,GAAG,CAAC,CAAC,CAAC;gBACnB,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBACrD,iEAAiE;oBACjE,iDAAiD;oBACjD,IAAI,OAAO,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;wBAC5C,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;wBAC5B,IAAI,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,MAAM;4BAAE,MAAM;wBACnD,SAAS;oBACX,CAAC;oBACD,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC;oBAEtC,OAAO,CAAC,IAAI,CAAC;wBACX,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,OAAO,GAAG,CAAC,EAAE,YAAY;wBAC/B,WAAW,EAAE,OAAO,CAAC,IAAI;wBACzB,WAAW,EAAE,OAAO,CAAC,WAAW;wBAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;qBAC9B,CAAC,CAAC;oBAEH,gDAAgD;oBAChD,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;wBAC5B,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;IACvC,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,QAAiB,EACjB,YAAsB;IAEtB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,MAAM,UAAU,GAAqB,EAAE,CAAC;IAExC,uBAAuB;IACvB,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAErD,yBAAyB;IACzB,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAExD,6BAA6B;QAC7B,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;YACjC,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,eAAe,CAAC,EAAE,CAAC;gBACjD,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAED,0BAA0B;IAC1B,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO;YACL,IAAI,EAAE,mBAAmB;YACzB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,WAAW,YAAY,CAAC,MAAM,+BAA+B;SACvE,CAAC;IACJ,CAAC;IAED,kCAAkC;IAClC,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC;IACrE,MAAM,IAAI,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC;IAC7D,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;IACjE,MAAM,GAAG,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC,CAAC;IAE3D,gBAAgB;IAChB,MAAM,cAAc,GAAa,EAAE,CAAC;IACpC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,cAAc,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,MAAM,WAAW,CAAC,CAAC;IAC5E,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;QAAE,cAAc,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,OAAO,CAAC,CAAC;IAChE,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,cAAc,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,SAAS,CAAC,CAAC;IACtE,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,cAAc,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,CAAC;IAE7D,MAAM,OAAO,GAAG,YAAY,UAAU,CAAC,MAAM,yBAAyB,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;IAElG,+CAA+C;IAC/C,2BAA2B;IAC3B,MAAM,iBAAiB,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;IAEjE,OAAO;QACL,IAAI,EAAE,mBAAmB;QACzB,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;QAC3C,OAAO;QACP,OAAO,EAAE;YACP,YAAY,EAAE,UAAU,CAAC,MAAM;YAC/B,OAAO,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC9B,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,CAAC,CAAC,WAAW;gBACnB,WAAW,EAAE,CAAC,CAAC,WAAW;gBAC1B,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,KAAK,EAAE,CAAC,CAAC,KAAK;aACf,CAAC,CAAC;YACH,UAAU,EAAE;gBACV,QAAQ,EAAE,QAAQ,CAAC,MAAM;gBACzB,IAAI,EAAE,IAAI,CAAC,MAAM;gBACjB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,GAAG,EAAE,GAAG,CAAC,MAAM;aAChB;SACF;KACF,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Task Classifier Gate
|
|
3
|
+
*
|
|
4
|
+
* Validates task classifier configuration and rules.
|
|
5
|
+
* Ensures workflow references are valid and rules are well-formed.
|
|
6
|
+
*
|
|
7
|
+
* Invariants:
|
|
8
|
+
* - INV-GUARD-TC-001: Workflow Validation - all workflow references must exist
|
|
9
|
+
* - INV-GUARD-TC-002: Pattern Validation - all regex patterns must be valid
|
|
10
|
+
* - INV-GUARD-TC-003: Priority Range - priorities must be 0-100
|
|
11
|
+
* - INV-GUARD-TC-004: Rule Uniqueness - warn on duplicate patterns
|
|
12
|
+
*/
|
|
13
|
+
import type { GovernanceContext, GateResult } from '../types.js';
|
|
14
|
+
/**
|
|
15
|
+
* Executes the task classifier gate
|
|
16
|
+
*
|
|
17
|
+
* INV-GUARD-TC-001: Workflow Validation
|
|
18
|
+
* INV-GUARD-TC-002: Pattern Validation
|
|
19
|
+
* INV-GUARD-TC-003: Priority Range
|
|
20
|
+
* INV-GUARD-TC-004: Rule Uniqueness
|
|
21
|
+
*/
|
|
22
|
+
export declare function taskClassifierGate(_context: GovernanceContext, changedFiles: string[], fileContents?: Map<string, string>): Promise<GateResult>;
|
|
23
|
+
//# sourceMappingURL=task-classifier.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"task-classifier.d.ts","sourceRoot":"","sources":["../../src/gates/task-classifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,OAAO,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAyGjE;;;;;;;GAOG;AACH,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,iBAAiB,EAC3B,YAAY,EAAE,MAAM,EAAE,EACtB,YAAY,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GACjC,OAAO,CAAC,UAAU,CAAC,CAkIrB"}
|
|
@@ -0,0 +1,233 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Task Classifier Gate
|
|
3
|
+
*
|
|
4
|
+
* Validates task classifier configuration and rules.
|
|
5
|
+
* Ensures workflow references are valid and rules are well-formed.
|
|
6
|
+
*
|
|
7
|
+
* Invariants:
|
|
8
|
+
* - INV-GUARD-TC-001: Workflow Validation - all workflow references must exist
|
|
9
|
+
* - INV-GUARD-TC-002: Pattern Validation - all regex patterns must be valid
|
|
10
|
+
* - INV-GUARD-TC-003: Priority Range - priorities must be 0-100
|
|
11
|
+
* - INV-GUARD-TC-004: Rule Uniqueness - warn on duplicate patterns
|
|
12
|
+
*/
|
|
13
|
+
import { existsSync } from 'node:fs';
|
|
14
|
+
import { join } from 'node:path';
|
|
15
|
+
/**
|
|
16
|
+
* Files related to task classifier that trigger this gate
|
|
17
|
+
*/
|
|
18
|
+
const TASK_CLASSIFIER_FILES = [
|
|
19
|
+
'packages/core/agent-domain/src/task-classifier.ts',
|
|
20
|
+
'packages/core/agent-domain/src/capability-router.ts',
|
|
21
|
+
'packages/contracts/src/agent/v1/schema.ts',
|
|
22
|
+
];
|
|
23
|
+
/**
|
|
24
|
+
* Agent config patterns that may contain taskClassifier
|
|
25
|
+
*/
|
|
26
|
+
const AGENT_CONFIG_PATTERNS = [
|
|
27
|
+
/agents\/.*\.json$/,
|
|
28
|
+
/packages\/cli\/bundled\/agents\/.*\.json$/,
|
|
29
|
+
];
|
|
30
|
+
/**
|
|
31
|
+
* Check if a file is related to task classification
|
|
32
|
+
*/
|
|
33
|
+
function isTaskClassifierRelated(file) {
|
|
34
|
+
if (TASK_CLASSIFIER_FILES.includes(file)) {
|
|
35
|
+
return true;
|
|
36
|
+
}
|
|
37
|
+
return AGENT_CONFIG_PATTERNS.some((pattern) => pattern.test(file));
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Validate a regex pattern
|
|
41
|
+
* INV-GUARD-TC-002: Pattern Validation
|
|
42
|
+
*/
|
|
43
|
+
function isValidRegexPattern(pattern) {
|
|
44
|
+
try {
|
|
45
|
+
new RegExp(pattern, 'i');
|
|
46
|
+
return { valid: true };
|
|
47
|
+
}
|
|
48
|
+
catch (e) {
|
|
49
|
+
return { valid: false, error: e instanceof Error ? e.message : 'Invalid regex' };
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
/**
|
|
53
|
+
* Validate a workflow reference exists
|
|
54
|
+
* INV-GUARD-TC-001: Workflow Validation
|
|
55
|
+
*/
|
|
56
|
+
function validateWorkflowExists(workflowRef, cwd) {
|
|
57
|
+
let resolvedPath;
|
|
58
|
+
if (workflowRef.startsWith('workflows/')) {
|
|
59
|
+
// Already a full path
|
|
60
|
+
resolvedPath = workflowRef;
|
|
61
|
+
}
|
|
62
|
+
else if (workflowRef.startsWith('std/')) {
|
|
63
|
+
// Standard workflow reference
|
|
64
|
+
resolvedPath = `workflows/${workflowRef}.yaml`;
|
|
65
|
+
}
|
|
66
|
+
else {
|
|
67
|
+
// Custom workflow
|
|
68
|
+
resolvedPath = workflowRef.endsWith('.yaml') ? workflowRef : `${workflowRef}.yaml`;
|
|
69
|
+
}
|
|
70
|
+
const fullPath = join(cwd, resolvedPath);
|
|
71
|
+
return { exists: existsSync(fullPath), resolvedPath };
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Extract workflow references from DEFAULT_CLASSIFICATION_RULES in task-classifier.ts
|
|
75
|
+
*/
|
|
76
|
+
function extractDefaultRuleWorkflows(content) {
|
|
77
|
+
const workflows = [];
|
|
78
|
+
const workflowRegex = /workflow:\s*['"]([^'"]+)['"]/g;
|
|
79
|
+
let match;
|
|
80
|
+
while ((match = workflowRegex.exec(content)) !== null) {
|
|
81
|
+
const workflow = match[1];
|
|
82
|
+
if (workflow) {
|
|
83
|
+
workflows.push(workflow);
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
return workflows;
|
|
87
|
+
}
|
|
88
|
+
/**
|
|
89
|
+
* Extract taskClassifier config from agent JSON
|
|
90
|
+
*/
|
|
91
|
+
function extractAgentTaskClassifier(content) {
|
|
92
|
+
try {
|
|
93
|
+
const parsed = JSON.parse(content);
|
|
94
|
+
if (parsed.taskClassifier?.rules) {
|
|
95
|
+
return {
|
|
96
|
+
rules: parsed.taskClassifier.rules,
|
|
97
|
+
defaultWorkflow: parsed.taskClassifier.defaultWorkflow,
|
|
98
|
+
};
|
|
99
|
+
}
|
|
100
|
+
return null;
|
|
101
|
+
}
|
|
102
|
+
catch {
|
|
103
|
+
return null;
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
/**
|
|
107
|
+
* Executes the task classifier gate
|
|
108
|
+
*
|
|
109
|
+
* INV-GUARD-TC-001: Workflow Validation
|
|
110
|
+
* INV-GUARD-TC-002: Pattern Validation
|
|
111
|
+
* INV-GUARD-TC-003: Priority Range
|
|
112
|
+
* INV-GUARD-TC-004: Rule Uniqueness
|
|
113
|
+
*/
|
|
114
|
+
export async function taskClassifierGate(_context, changedFiles, fileContents) {
|
|
115
|
+
// Check if any task classifier related files were changed
|
|
116
|
+
const relevantFiles = changedFiles.filter(isTaskClassifierRelated);
|
|
117
|
+
if (relevantFiles.length === 0) {
|
|
118
|
+
return {
|
|
119
|
+
gate: 'task_classifier',
|
|
120
|
+
status: 'PASS',
|
|
121
|
+
message: 'No task classifier files modified',
|
|
122
|
+
};
|
|
123
|
+
}
|
|
124
|
+
const cwd = process.cwd();
|
|
125
|
+
const issues = [];
|
|
126
|
+
const warnings = [];
|
|
127
|
+
// If we have file contents, validate them
|
|
128
|
+
if (fileContents) {
|
|
129
|
+
for (const [file, content] of fileContents) {
|
|
130
|
+
if (!isTaskClassifierRelated(file))
|
|
131
|
+
continue;
|
|
132
|
+
// Check task-classifier.ts for DEFAULT_CLASSIFICATION_RULES
|
|
133
|
+
if (file.endsWith('task-classifier.ts')) {
|
|
134
|
+
const workflows = extractDefaultRuleWorkflows(content);
|
|
135
|
+
for (const workflow of workflows) {
|
|
136
|
+
const { exists, resolvedPath } = validateWorkflowExists(workflow, cwd);
|
|
137
|
+
if (!exists) {
|
|
138
|
+
issues.push(`Missing workflow: ${resolvedPath} (referenced in DEFAULT_CLASSIFICATION_RULES)`);
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
// Check agent JSON files for taskClassifier config
|
|
143
|
+
if (file.endsWith('.json') && AGENT_CONFIG_PATTERNS.some((p) => p.test(file))) {
|
|
144
|
+
const config = extractAgentTaskClassifier(content);
|
|
145
|
+
if (config) {
|
|
146
|
+
const seenPatterns = new Set();
|
|
147
|
+
for (const rule of config.rules) {
|
|
148
|
+
// INV-GUARD-TC-002: Validate regex pattern
|
|
149
|
+
const patternCheck = isValidRegexPattern(rule.pattern);
|
|
150
|
+
if (!patternCheck.valid) {
|
|
151
|
+
issues.push(`Invalid regex in ${file}: "${rule.pattern}" - ${patternCheck.error}`);
|
|
152
|
+
}
|
|
153
|
+
// INV-GUARD-TC-001: Validate workflow exists
|
|
154
|
+
const { exists, resolvedPath } = validateWorkflowExists(rule.workflow, cwd);
|
|
155
|
+
if (!exists) {
|
|
156
|
+
issues.push(`Missing workflow in ${file}: ${resolvedPath}`);
|
|
157
|
+
}
|
|
158
|
+
// INV-GUARD-TC-003: Validate priority range
|
|
159
|
+
if (rule.priority !== undefined && (rule.priority < 0 || rule.priority > 100)) {
|
|
160
|
+
issues.push(`Invalid priority in ${file}: ${rule.priority} (must be 0-100)`);
|
|
161
|
+
}
|
|
162
|
+
// INV-GUARD-TC-004: Check for duplicate patterns
|
|
163
|
+
if (seenPatterns.has(rule.pattern)) {
|
|
164
|
+
warnings.push(`Duplicate pattern in ${file}: "${rule.pattern}"`);
|
|
165
|
+
}
|
|
166
|
+
seenPatterns.add(rule.pattern);
|
|
167
|
+
}
|
|
168
|
+
// Check default workflow
|
|
169
|
+
if (config.defaultWorkflow) {
|
|
170
|
+
const { exists, resolvedPath } = validateWorkflowExists(config.defaultWorkflow, cwd);
|
|
171
|
+
if (!exists) {
|
|
172
|
+
issues.push(`Missing default workflow in ${file}: ${resolvedPath}`);
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
else {
|
|
180
|
+
// No file contents provided - do basic validation by checking workflow files exist
|
|
181
|
+
// This is a lighter check when full file contents aren't available
|
|
182
|
+
const stdWorkflows = [
|
|
183
|
+
'workflows/std/code-review.yaml',
|
|
184
|
+
'workflows/std/debugging.yaml',
|
|
185
|
+
'workflows/std/testing.yaml',
|
|
186
|
+
'workflows/std/refactoring.yaml',
|
|
187
|
+
'workflows/std/documentation.yaml',
|
|
188
|
+
'workflows/std/analysis.yaml',
|
|
189
|
+
'workflows/std/research.yaml',
|
|
190
|
+
'workflows/std/deployment.yaml',
|
|
191
|
+
'workflows/std/implementation.yaml',
|
|
192
|
+
];
|
|
193
|
+
for (const workflow of stdWorkflows) {
|
|
194
|
+
const fullPath = join(cwd, workflow);
|
|
195
|
+
if (!existsSync(fullPath)) {
|
|
196
|
+
issues.push(`Missing standard workflow: ${workflow}`);
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
// Return result based on issues found
|
|
201
|
+
if (issues.length > 0) {
|
|
202
|
+
return {
|
|
203
|
+
gate: 'task_classifier',
|
|
204
|
+
status: 'FAIL',
|
|
205
|
+
message: `Task classifier validation failed: ${issues.length} issue(s) found`,
|
|
206
|
+
details: {
|
|
207
|
+
issues,
|
|
208
|
+
warnings: warnings.length > 0 ? warnings : undefined,
|
|
209
|
+
relevantFiles,
|
|
210
|
+
},
|
|
211
|
+
};
|
|
212
|
+
}
|
|
213
|
+
if (warnings.length > 0) {
|
|
214
|
+
return {
|
|
215
|
+
gate: 'task_classifier',
|
|
216
|
+
status: 'WARN',
|
|
217
|
+
message: `Task classifier validation passed with ${warnings.length} warning(s)`,
|
|
218
|
+
details: {
|
|
219
|
+
warnings,
|
|
220
|
+
relevantFiles,
|
|
221
|
+
},
|
|
222
|
+
};
|
|
223
|
+
}
|
|
224
|
+
return {
|
|
225
|
+
gate: 'task_classifier',
|
|
226
|
+
status: 'PASS',
|
|
227
|
+
message: `Task classifier validation passed for ${relevantFiles.length} file(s)`,
|
|
228
|
+
details: {
|
|
229
|
+
relevantFiles,
|
|
230
|
+
},
|
|
231
|
+
};
|
|
232
|
+
}
|
|
233
|
+
//# sourceMappingURL=task-classifier.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"task-classifier.js","sourceRoot":"","sources":["../../src/gates/task-classifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAGjC;;GAEG;AACH,MAAM,qBAAqB,GAAG;IAC5B,mDAAmD;IACnD,qDAAqD;IACrD,2CAA2C;CAC5C,CAAC;AAEF;;GAEG;AACH,MAAM,qBAAqB,GAAG;IAC5B,mBAAmB;IACnB,2CAA2C;CAC5C,CAAC;AAEF;;GAEG;AACH,SAAS,uBAAuB,CAAC,IAAY;IAC3C,IAAI,qBAAqB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,qBAAqB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACrE,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,OAAe;IAC1C,IAAI,CAAC;QACH,IAAI,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACzB,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC;IACnF,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,sBAAsB,CAC7B,WAAmB,EACnB,GAAW;IAEX,IAAI,YAAoB,CAAC;IAEzB,IAAI,WAAW,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACzC,sBAAsB;QACtB,YAAY,GAAG,WAAW,CAAC;IAC7B,CAAC;SAAM,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1C,8BAA8B;QAC9B,YAAY,GAAG,aAAa,WAAW,OAAO,CAAC;IACjD,CAAC;SAAM,CAAC;QACN,kBAAkB;QAClB,YAAY,GAAG,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,GAAG,WAAW,OAAO,CAAC;IACrF,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;IACzC,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,YAAY,EAAE,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,SAAS,2BAA2B,CAAC,OAAe;IAClD,MAAM,SAAS,GAAa,EAAE,CAAC;IAC/B,MAAM,aAAa,GAAG,+BAA+B,CAAC;IACtD,IAAI,KAAK,CAAC;IAEV,OAAO,CAAC,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACtD,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC1B,IAAI,QAAQ,EAAE,CAAC;YACb,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,0BAA0B,CACjC,OAAe;IAEf,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,IAAI,MAAM,CAAC,cAAc,EAAE,KAAK,EAAE,CAAC;YACjC,OAAO;gBACL,KAAK,EAAE,MAAM,CAAC,cAAc,CAAC,KAAK;gBAClC,eAAe,EAAE,MAAM,CAAC,cAAc,CAAC,eAAe;aACvD,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,QAA2B,EAC3B,YAAsB,EACtB,YAAkC;IAElC,0DAA0D;IAC1D,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC;IAEnE,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO;YACL,IAAI,EAAE,iBAAiB;YACvB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,mCAAmC;SAC7C,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC1B,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,0CAA0C;IAC1C,IAAI,YAAY,EAAE,CAAC;QACjB,KAAK,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,YAAY,EAAE,CAAC;YAC3C,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC;gBAAE,SAAS;YAE7C,4DAA4D;YAC5D,IAAI,IAAI,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;gBACxC,MAAM,SAAS,GAAG,2BAA2B,CAAC,OAAO,CAAC,CAAC;gBACvD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;oBACjC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,sBAAsB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;oBACvE,IAAI,CAAC,MAAM,EAAE,CAAC;wBACZ,MAAM,CAAC,IAAI,CAAC,qBAAqB,YAAY,+CAA+C,CAAC,CAAC;oBAChG,CAAC;gBACH,CAAC;YACH,CAAC;YAED,mDAAmD;YACnD,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;gBAC9E,MAAM,MAAM,GAAG,0BAA0B,CAAC,OAAO,CAAC,CAAC;gBACnD,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;oBAEvC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;wBAChC,2CAA2C;wBAC3C,MAAM,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;wBACvD,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;4BACxB,MAAM,CAAC,IAAI,CAAC,oBAAoB,IAAI,MAAM,IAAI,CAAC,OAAO,OAAO,YAAY,CAAC,KAAK,EAAE,CAAC,CAAC;wBACrF,CAAC;wBAED,6CAA6C;wBAC7C,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,sBAAsB,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;wBAC5E,IAAI,CAAC,MAAM,EAAE,CAAC;4BACZ,MAAM,CAAC,IAAI,CAAC,uBAAuB,IAAI,KAAK,YAAY,EAAE,CAAC,CAAC;wBAC9D,CAAC;wBAED,4CAA4C;wBAC5C,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAG,CAAC,IAAI,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,EAAE,CAAC;4BAC9E,MAAM,CAAC,IAAI,CAAC,uBAAuB,IAAI,KAAK,IAAI,CAAC,QAAQ,kBAAkB,CAAC,CAAC;wBAC/E,CAAC;wBAED,iDAAiD;wBACjD,IAAI,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;4BACnC,QAAQ,CAAC,IAAI,CAAC,wBAAwB,IAAI,MAAM,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC;wBACnE,CAAC;wBACD,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;oBACjC,CAAC;oBAED,yBAAyB;oBACzB,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;wBAC3B,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,GAAG,sBAAsB,CAAC,MAAM,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;wBACrF,IAAI,CAAC,MAAM,EAAE,CAAC;4BACZ,MAAM,CAAC,IAAI,CAAC,+BAA+B,IAAI,KAAK,YAAY,EAAE,CAAC,CAAC;wBACtE,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,mFAAmF;QACnF,mEAAmE;QACnE,MAAM,YAAY,GAAG;YACnB,gCAAgC;YAChC,8BAA8B;YAC9B,4BAA4B;YAC5B,gCAAgC;YAChC,kCAAkC;YAClC,6BAA6B;YAC7B,6BAA6B;YAC7B,+BAA+B;YAC/B,mCAAmC;SACpC,CAAC;QAEF,KAAK,MAAM,QAAQ,IAAI,YAAY,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;YACrC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,8BAA8B,QAAQ,EAAE,CAAC,CAAC;YACxD,CAAC;QACH,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO;YACL,IAAI,EAAE,iBAAiB;YACvB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,sCAAsC,MAAM,CAAC,MAAM,iBAAiB;YAC7E,OAAO,EAAE;gBACP,MAAM;gBACN,QAAQ,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;gBACpD,aAAa;aACd;SACF,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO;YACL,IAAI,EAAE,iBAAiB;YACvB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,0CAA0C,QAAQ,CAAC,MAAM,aAAa;YAC/E,OAAO,EAAE;gBACP,QAAQ;gBACR,aAAa;aACd;SACF,CAAC;IACJ,CAAC;IAED,OAAO;QACL,IAAI,EAAE,iBAAiB;QACvB,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,yCAAyC,aAAa,CAAC,MAAM,UAAU;QAChF,OAAO,EAAE;YACP,aAAa;SACd;KACF,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@defai.digital/guard",
|
|
3
|
-
"version": "13.4.
|
|
3
|
+
"version": "13.4.7",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "Post-check AI coding governance engine for AutomatosX",
|
|
6
6
|
"license": "BUSL-1.1",
|
|
@@ -32,8 +32,8 @@
|
|
|
32
32
|
"access": "public"
|
|
33
33
|
},
|
|
34
34
|
"dependencies": {
|
|
35
|
-
"@defai.digital/contracts": "13.4.
|
|
36
|
-
"@defai.digital/trace-domain": "13.4.
|
|
35
|
+
"@defai.digital/contracts": "13.4.7",
|
|
36
|
+
"@defai.digital/trace-domain": "13.4.7"
|
|
37
37
|
},
|
|
38
38
|
"scripts": {
|
|
39
39
|
"build": "tsc --build",
|