npm - @devtrack-solution/codesdd - Versions diffs - 1.2.2 → 1.2.3 - Mend

@devtrack-solution/codesdd 1.2.2 → 1.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (345) hide show

package/.sdd/skills/curated/api-clean-flask-langgraph/SKILL.md +17 -17
package/.sdd/skills/curated/devtrack-api/SKILL.md +160 -28
package/.sdd/skills/curated/devtrack-api/agents/openai.yaml +1 -1
package/.sdd/skills/curated/devtrack-api/references/architecture-governance.md +8 -7
package/.sdd/skills/curated/devtrack-api/references/consumer-sync-policy.md +93 -0
package/.sdd/skills/curated/devtrack-api/references/contract-pack.yaml +317 -0
package/.sdd/skills/curated/devtrack-api/references/field-validation-protocol.md +95 -0
package/.sdd/skills/curated/devtrack-api/references/foundation-layout.md +295 -0
package/.sdd/skills/curated/devtrack-api/references/implementation-checklist.md +4 -4
package/.sdd/skills/curated/devtrack-api/references/imports-lint.md +4 -0
package/.sdd/skills/curated/devtrack-api/references/testing-validation.md +2 -2
package/LICENSE +1 -1
package/README.md +243 -51
package/bin/codesdd.js +3 -2
package/dist/cli/index.d.ts +2 -2
package/dist/cli/index.js +11 -558
package/dist/cli/program.d.ts +14 -0
package/dist/cli/program.js +645 -0
package/dist/commands/change.js +5 -5
package/dist/commands/completion.d.ts +1 -1
package/dist/commands/completion.js +9 -2
package/dist/commands/config.js +159 -20
package/dist/commands/feedback.js +1 -1
package/dist/commands/schema.d.ts +63 -0
package/dist/commands/schema.js +12 -12
package/dist/commands/sdd/backlog.d.ts +3 -0
package/dist/commands/sdd/backlog.js +54 -0
package/dist/commands/sdd/execution.js +147 -16
package/dist/commands/sdd/plugin.d.ts +3 -0
package/dist/commands/sdd/plugin.js +153 -0
package/dist/commands/sdd/shared.js +2 -23
package/dist/commands/sdd/skills.js +7 -0
package/dist/commands/sdd.js +69 -12
package/dist/commands/spec.js +9 -9
package/dist/commands/validate.js +6 -6
package/dist/commands/workflow/instructions.js +6 -6
package/dist/commands/workflow/new-change.js +3 -3
package/dist/commands/workflow/shared.d.ts +1 -1
package/dist/commands/workflow/shared.js +4 -4
package/dist/core/archive.js +15 -5
package/dist/core/artifact-graph/instruction-loader.d.ts +1 -1
package/dist/core/artifact-graph/instruction-loader.js +3 -3
package/dist/core/artifact-graph/resolver.d.ts +4 -4
package/dist/core/artifact-graph/resolver.js +6 -6
package/dist/core/branding.js +3 -3
package/dist/core/cli/command-matrix.js +10 -1
package/dist/core/cli-command-quality.d.ts +27 -0
package/dist/core/cli-command-quality.js +171 -0
package/dist/core/command-generation/adapters/costrict.d.ts +1 -1
package/dist/core/command-generation/adapters/costrict.js +2 -2
package/dist/core/command-generation/types.d.ts +1 -1
package/dist/core/completions/command-registry.d.ts +1 -1
package/dist/core/completions/command-registry.js +155 -12
package/dist/core/completions/completion-provider.d.ts +14 -1
package/dist/core/completions/completion-provider.js +29 -1
package/dist/core/completions/generators/bash-generator.d.ts +1 -1
package/dist/core/completions/generators/bash-generator.js +20 -12
package/dist/core/completions/generators/fish-generator.d.ts +9 -1
package/dist/core/completions/generators/fish-generator.js +39 -25
package/dist/core/completions/generators/powershell-generator.d.ts +1 -1
package/dist/core/completions/generators/powershell-generator.js +21 -11
package/dist/core/completions/generators/zsh-generator.d.ts +3 -6
package/dist/core/completions/generators/zsh-generator.js +21 -42
package/dist/core/completions/installers/bash-installer.js +6 -6
package/dist/core/completions/installers/fish-installer.js +1 -1
package/dist/core/completions/installers/powershell-installer.js +14 -14
package/dist/core/completions/installers/zsh-installer.d.ts +7 -1
package/dist/core/completions/installers/zsh-installer.js +36 -8
package/dist/core/completions/templates/bash-templates.d.ts +1 -1
package/dist/core/completions/templates/bash-templates.js +12 -6
package/dist/core/completions/templates/fish-templates.d.ts +2 -2
package/dist/core/completions/templates/fish-templates.js +20 -9
package/dist/core/completions/templates/powershell-templates.d.ts +1 -1
package/dist/core/completions/templates/powershell-templates.js +13 -4
package/dist/core/completions/templates/zsh-templates.d.ts +1 -1
package/dist/core/completions/templates/zsh-templates.js +18 -9
package/dist/core/config-schema.d.ts +3 -1
package/dist/core/config-schema.js +26 -1
package/dist/core/config.d.ts +3 -3
package/dist/core/config.js +4 -4
package/dist/core/global-config.d.ts +41 -12
package/dist/core/global-config.js +344 -27
package/dist/core/index.d.ts +1 -1
package/dist/core/index.js +2 -2
package/dist/core/init.d.ts +6 -1
package/dist/core/init.js +99 -77
package/dist/core/legacy-cleanup.d.ts +17 -17
package/dist/core/legacy-cleanup.js +96 -79
package/dist/core/list.js +18 -4
package/dist/core/migration.d.ts +3 -1
package/dist/core/migration.js +7 -8
package/dist/core/parsers/change-parser.js +1 -1
package/dist/core/parsers/markdown-parser.js +2 -2
package/dist/core/profile-sync-drift.d.ts +1 -1
package/dist/core/profile-sync-drift.js +13 -13
package/dist/core/project-config.d.ts +4 -4
package/dist/core/project-config.js +11 -11
package/dist/core/schemas/change.schema.d.ts +1 -1
package/dist/core/schemas/change.schema.js +1 -1
package/dist/core/schemas/spec.schema.d.ts +1 -1
package/dist/core/schemas/spec.schema.js +1 -1
package/dist/core/sdd/adr.js +23 -1
package/dist/core/sdd/agent-binding.d.ts +346 -0
package/dist/core/sdd/agent-binding.js +343 -0
package/dist/core/sdd/backlog-cli.d.ts +16 -0
package/dist/core/sdd/backlog-cli.js +146 -0
package/dist/core/sdd/backlog-conflict-policy.d.ts +58 -0
package/dist/core/sdd/backlog-conflict-policy.js +230 -0
package/dist/core/sdd/backlog-projection.d.ts +8 -0
package/dist/core/sdd/backlog-projection.js +89 -0
package/dist/core/sdd/backlog-provider-contract.d.ts +252 -0
package/dist/core/sdd/backlog-provider-contract.js +158 -0
package/dist/core/sdd/bootstrap.js +2 -2
package/dist/core/sdd/check.d.ts +42 -0
package/dist/core/sdd/check.js +22 -22
package/dist/core/sdd/contract.d.ts +13 -0
package/dist/core/sdd/contract.js +36 -0
package/dist/core/sdd/coordination/coordination-adapters.d.ts +38 -0
package/dist/core/sdd/coordination/coordination-adapters.js +139 -1
package/dist/core/sdd/deepagent-contracts.d.ts +276 -0
package/dist/core/sdd/deepagent-contracts.js +173 -0
package/dist/core/sdd/deepagents/adr-governor.d.ts +2 -0
package/dist/core/sdd/deepagents/adr-governor.js +30 -0
package/dist/core/sdd/deepagents/backend.d.ts +63 -0
package/dist/core/sdd/deepagents/backend.js +174 -0
package/dist/core/sdd/deepagents/codesdd-tools.d.ts +39 -0
package/dist/core/sdd/deepagents/codesdd-tools.js +83 -0
package/dist/core/sdd/deepagents/evidence-mapper.d.ts +86 -0
package/dist/core/sdd/deepagents/evidence-mapper.js +178 -0
package/dist/core/sdd/deepagents/model-provider.d.ts +53 -0
package/dist/core/sdd/deepagents/model-provider.js +379 -0
package/dist/core/sdd/deepagents/policy-enforcement.d.ts +30 -0
package/dist/core/sdd/deepagents/policy-enforcement.js +90 -0
package/dist/core/sdd/deepagents/policy.d.ts +75 -0
package/dist/core/sdd/deepagents/policy.js +358 -0
package/dist/core/sdd/deepagents/quality-witness.d.ts +3 -0
package/dist/core/sdd/deepagents/quality-witness.js +77 -0
package/dist/core/sdd/deepagents/reversa-subagents.d.ts +75 -0
package/dist/core/sdd/deepagents/reversa-subagents.js +182 -0
package/dist/core/sdd/deepagents/runtime-factory.d.ts +90 -0
package/dist/core/sdd/deepagents/runtime-factory.js +231 -0
package/dist/core/sdd/deepagents/runtime-loader.d.ts +16 -0
package/dist/core/sdd/deepagents/runtime-loader.js +65 -0
package/dist/core/sdd/default-bootstrap-files.d.ts +2 -2
package/dist/core/sdd/default-bootstrap-files.js +36 -2
package/dist/core/sdd/default-skills.d.ts +30 -0
package/dist/core/sdd/default-skills.js +181 -5
package/dist/core/sdd/devtrack-api-appliance.d.ts +84 -0
package/dist/core/sdd/devtrack-api-appliance.js +257 -0
package/dist/core/sdd/devtrack-api-architecture.d.ts +31 -0
package/dist/core/sdd/devtrack-api-architecture.js +608 -0
package/dist/core/sdd/devtrack-api-import-boundary.d.ts +19 -0
package/dist/core/sdd/devtrack-api-import-boundary.js +32 -0
package/dist/core/sdd/diagnose.d.ts +59 -0
package/dist/core/sdd/diagnose.js +37 -37
package/dist/core/sdd/docs-sync.js +33 -5
package/dist/core/sdd/domain/post-active-validation.d.ts +7 -0
package/dist/core/sdd/domain/post-active-validation.js +61 -0
package/dist/core/sdd/domain/transition-engine.js +1 -0
package/dist/core/sdd/entity-reference.d.ts +5 -0
package/dist/core/sdd/entity-reference.js +22 -0
package/dist/core/sdd/governance-backfill.d.ts +31 -0
package/dist/core/sdd/governance-backfill.js +359 -0
package/dist/core/sdd/governance-parser.d.ts +21 -0
package/dist/core/sdd/governance-parser.js +91 -0
package/dist/core/sdd/governance-schemas.d.ts +245 -0
package/dist/core/sdd/governance-schemas.js +143 -0
package/dist/core/sdd/{import-openspec.d.ts → import-legacy-spec.d.ts} +7 -7
package/dist/core/sdd/{import-openspec.js → import-legacy-spec.js} +21 -29
package/dist/core/sdd/init.d.ts +3 -0
package/dist/core/sdd/init.js +6 -3
package/dist/core/sdd/json-schema.js +100 -6
package/dist/core/sdd/knowledge-graph.d.ts +45 -0
package/dist/core/sdd/knowledge-graph.js +288 -0
package/dist/core/sdd/legacy-operations.js +431 -43
package/dist/core/sdd/lenses.d.ts +1 -0
package/dist/core/sdd/lenses.js +29 -1
package/dist/core/sdd/migrate-workspace.js +56 -2
package/dist/core/sdd/migrate.d.ts +1 -1
package/dist/core/sdd/migrate.js +36 -2
package/dist/core/sdd/package-structure-gate.d.ts +83 -0
package/dist/core/sdd/package-structure-gate.js +362 -0
package/dist/core/sdd/parallel-feat-automation.d.ts +152 -0
package/dist/core/sdd/parallel-feat-automation.js +212 -0
package/dist/core/sdd/plugin-broker.d.ts +558 -0
package/dist/core/sdd/plugin-broker.js +482 -0
package/dist/core/sdd/plugin-certification.d.ts +79 -0
package/dist/core/sdd/plugin-certification.js +453 -0
package/dist/core/sdd/plugin-cli.d.ts +109 -0
package/dist/core/sdd/plugin-cli.js +198 -0
package/dist/core/sdd/plugin-evidence.d.ts +275 -0
package/dist/core/sdd/plugin-evidence.js +307 -0
package/dist/core/sdd/plugin-manifest.d.ts +164 -0
package/dist/core/sdd/plugin-manifest.js +215 -0
package/dist/core/sdd/plugin-policy-pack.d.ts +88 -0
package/dist/core/sdd/plugin-policy-pack.js +236 -0
package/dist/core/sdd/plugin-policy.d.ts +68 -0
package/dist/core/sdd/plugin-policy.js +212 -0
package/dist/core/sdd/plugin-registry.d.ts +311 -0
package/dist/core/sdd/plugin-registry.js +138 -0
package/dist/core/sdd/plugin-skill-binding.d.ts +151 -0
package/dist/core/sdd/plugin-skill-binding.js +339 -0
package/dist/core/sdd/quality-artifact-manifest-validator.d.ts +28 -0
package/dist/core/sdd/quality-artifact-manifest-validator.js +167 -0
package/dist/core/sdd/quality-evidence-renderer.d.ts +65 -0
package/dist/core/sdd/quality-evidence-renderer.js +218 -0
package/dist/core/sdd/quality-scenario-runner.d.ts +42 -0
package/dist/core/sdd/quality-scenario-runner.js +613 -0
package/dist/core/sdd/quality-validation.d.ts +547 -0
package/dist/core/sdd/quality-validation.js +239 -0
package/dist/core/sdd/resolve-project-root.d.ts +2 -2
package/dist/core/sdd/resolve-project-root.js +11 -5
package/dist/core/sdd/sanitize.d.ts +30 -1
package/dist/core/sdd/sanitize.js +23 -23
package/dist/core/sdd/services/agent-run.service.d.ts +65 -0
package/dist/core/sdd/services/agent-run.service.js +189 -0
package/dist/core/sdd/services/breakdown.service.js +2 -1
package/dist/core/sdd/services/context.service.js +18 -16
package/dist/core/sdd/services/debate.service.js +15 -2
package/dist/core/sdd/services/feature-lint.service.d.ts +22 -0
package/dist/core/sdd/services/feature-lint.service.js +105 -5
package/dist/core/sdd/services/finalize.service.d.ts +80 -0
package/dist/core/sdd/services/finalize.service.js +323 -24
package/dist/core/sdd/services/frontend-gap.service.js +22 -7
package/dist/core/sdd/services/governance-control-plane-runtime-adapters.d.ts +17 -0
package/dist/core/sdd/services/governance-control-plane-runtime-adapters.js +38 -0
package/dist/core/sdd/services/governance-control-plane.service.d.ts +66 -0
package/dist/core/sdd/services/governance-control-plane.service.js +134 -0
package/dist/core/sdd/services/ingest-deposito.service.js +1 -1
package/dist/core/sdd/services/legacy-capability.service.d.ts +10 -7
package/dist/core/sdd/services/legacy-capability.service.js +38 -21
package/dist/core/sdd/services/mcp-runtime.service.d.ts +123 -8
package/dist/core/sdd/services/mcp-runtime.service.js +1085 -33
package/dist/core/sdd/services/onboard.service.js +2 -1
package/dist/core/sdd/services/rebuild.service.js +6 -1
package/dist/core/sdd/services/skills-sync.service.d.ts +17 -5
package/dist/core/sdd/services/skills-sync.service.js +55 -2
package/dist/core/sdd/services/start.service.js +6 -4
package/dist/core/sdd/skill-bundles-curation-schema.d.ts +66 -0
package/dist/core/sdd/skill-bundles-curation-schema.js +52 -0
package/dist/core/sdd/skill-evidence.d.ts +19 -0
package/dist/core/sdd/skill-evidence.js +38 -0
package/dist/core/sdd/skill-policy-pool.d.ts +46 -0
package/dist/core/sdd/skill-policy-pool.js +185 -0
package/dist/core/sdd/state.d.ts +22 -0
package/dist/core/sdd/state.js +66 -41
package/dist/core/sdd/structural-health.d.ts +42 -42
package/dist/core/sdd/types.d.ts +33 -7
package/dist/core/sdd/types.js +17 -0
package/dist/core/sdd/upgrade-to-codesdd.d.ts +45 -0
package/dist/core/sdd/upgrade-to-codesdd.js +179 -0
package/dist/core/sdd/workspace-schemas.d.ts +285 -14
package/dist/core/sdd/workspace-schemas.js +148 -0
package/dist/core/sdd/write-manifest.js +22 -4
package/dist/core/shared/skill-generation.d.ts +1 -1
package/dist/core/shared/skill-generation.js +15 -15
package/dist/core/shared/tool-detection.d.ts +3 -3
package/dist/core/shared/tool-detection.js +14 -14
package/dist/core/specs-apply.js +6 -6
package/dist/core/templates/index.d.ts +1 -1
package/dist/core/templates/index.js +1 -1
package/dist/core/templates/workflows/apply-change.js +14 -14
package/dist/core/templates/workflows/archive-change.js +32 -32
package/dist/core/templates/workflows/bulk-archive-change.js +25 -25
package/dist/core/templates/workflows/continue-change.js +12 -12
package/dist/core/templates/workflows/explore.js +29 -29
package/dist/core/templates/workflows/feedback.js +6 -6
package/dist/core/templates/workflows/ff-change.js +24 -24
package/dist/core/templates/workflows/new-change.js +20 -20
package/dist/core/templates/workflows/onboard.js +33 -33
package/dist/core/templates/workflows/propose.js +23 -23
package/dist/core/templates/workflows/sdd.js +8 -8
package/dist/core/templates/workflows/sync-specs.js +19 -19
package/dist/core/templates/workflows/verify-change.js +17 -17
package/dist/core/update.d.ts +2 -2
package/dist/core/update.js +16 -15
package/dist/core/validation/constants.d.ts +1 -1
package/dist/core/validation/constants.js +1 -1
package/dist/core/view.js +11 -11
package/dist/telemetry/config.d.ts +2 -1
package/dist/telemetry/config.js +17 -8
package/dist/telemetry/index.d.ts +10 -2
package/dist/telemetry/index.js +40 -7
package/dist/ui/ascii-patterns.d.ts +2 -2
package/dist/ui/ascii-patterns.js +2 -2
package/dist/ui/welcome-screen.js +2 -2
package/dist/utils/change-metadata.d.ts +4 -4
package/dist/utils/change-metadata.js +6 -6
package/dist/utils/change-utils.d.ts +3 -3
package/dist/utils/change-utils.js +5 -5
package/dist/utils/file-system.js +1 -1
package/dist/utils/interactive.js +1 -1
package/dist/utils/item-discovery.js +4 -4
package/dist/utils/legacy-spec-compat.d.ts +2 -0
package/dist/utils/legacy-spec-compat.js +2 -0
package/dist/utils/shell-detection.d.ts +1 -0
package/dist/utils/shell-detection.js +16 -0
package/package.json +27 -17
package/schemas/sdd/1-spec.schema.json +1 -1
package/schemas/sdd/2-plan.schema.json +73 -1
package/schemas/sdd/3-tasks.schema.json +73 -1
package/schemas/sdd/4-changelog.schema.json +1 -1
package/schemas/sdd/5-quality.schema.json +442 -2
package/schemas/sdd/adr.schema.json +148 -0
package/schemas/sdd/agent-binding-adapter.schema.json +210 -0
package/schemas/sdd/agent-binding-resolution.schema.json +338 -0
package/schemas/sdd/backlog-projection-plan.schema.json +180 -0
package/schemas/sdd/backlog-provider-contract.schema.json +260 -0
package/schemas/sdd/codesdd-plugin.schema.json +474 -0
package/schemas/sdd/debate.schema.json +244 -0
package/schemas/sdd/deepagent-decision-evidence.schema.json +58 -0
package/schemas/sdd/deepagent-env-contract.schema.json +143 -0
package/schemas/sdd/deepagent-quality-evidence.schema.json +108 -0
package/schemas/sdd/deepagent-run-evidence.schema.json +192 -0
package/schemas/sdd/deepagent-run-plan.schema.json +197 -0
package/schemas/sdd/deepagent-run-request.schema.json +321 -0
package/schemas/sdd/deepagent-subagent-evidence.schema.json +110 -0
package/schemas/sdd/deepagent-tool-call-evidence.schema.json +78 -0
package/schemas/sdd/discarded.schema.json +127 -0
package/schemas/sdd/epic.schema.json +147 -0
package/schemas/sdd/insight.schema.json +136 -0
package/schemas/sdd/parallel-feat-automation-plan.schema.json +215 -0
package/schemas/sdd/parallel-feat-automation-request.schema.json +109 -0
package/schemas/sdd/plugin-artifact-manifest.schema.json +150 -0
package/schemas/sdd/plugin-compliance-index.schema.json +136 -0
package/schemas/sdd/plugin-dry-run-plan.schema.json +260 -0
package/schemas/sdd/plugin-evidence-manifest.schema.json +569 -0
package/schemas/sdd/plugin-policy-evaluation.schema.json +92 -0
package/schemas/sdd/plugin-policy-pack-evaluation.schema.json +94 -0
package/schemas/sdd/plugin-policy-pack.schema.json +196 -0
package/schemas/sdd/plugin-registry.schema.json +558 -0
package/schemas/sdd/plugin-rollback-manifest.schema.json +87 -0
package/schemas/sdd/plugin-runtime-invocation-plan.schema.json +845 -0
package/schemas/sdd/plugin-skill-binding-resolution.schema.json +305 -0
package/schemas/sdd/plugin-skill-binding.schema.json +88 -0
package/schemas/sdd/plugin-validation-manifest.schema.json +123 -0
package/schemas/sdd/quality-architecture-schema.schema.json +216 -0
package/schemas/sdd/quality-evidence-bundle.schema.json +1228 -0
package/schemas/sdd/quality-run.schema.json +197 -0
package/schemas/sdd/quality-scenario.schema.json +252 -0
package/schemas/sdd/workspace-catalog.schema.json +9841 -22
package/schemas/spec-driven/schema.yaml +4 -4
package/schemas/spec-driven/templates/proposal.md +1 -1
package/dist/utils/openspec-compat.d.ts +0 -2
package/dist/utils/openspec-compat.js +0 -2

package/dist/core/sdd/deepagents/policy.js ADDED Viewed

@@ -0,0 +1,358 @@
+import { createHash } from 'node:crypto';
+import { inferNetworkDomainsForModel, requiredCredentialEnvForModel, resolveDeepAgentsModelProvider, } from './model-provider.js';
+const DEFAULT_ENV_ALLOWLIST = [
+    'CI',
+    'CODESDD_AGENT_PROVIDER',
+    'CODESDD_DEEPAGENTS_RUNTIME',
+    'CODESDD_DEEPAGENTS_DEFAULT_MODE',
+];
+const SECRET_ENV_TOKENS = ['KEY', 'SECRET', 'TOKEN', 'PASSWORD', 'CREDENTIAL', 'PRIVATE', 'AUTH'];
+const HIGH_RISK_OPERATIONS = new Set([
+    'write',
+    'execute',
+    'network',
+    'plugin-apply',
+    'finalize',
+    'dependency-change',
+    'process-spawn',
+]);
+export function createDeepAgentsPolicySnapshot(env = process.env) {
+    const envAllowlist = normalizeEnvNames([
+        ...DEFAULT_ENV_ALLOWLIST,
+        ...parseCsv(env.CODESDD_AGENT_ENV_ALLOWLIST),
+    ]);
+    const allowedDomains = normalizeDomains(parseCsv(env.CODESDD_AGENT_ALLOWED_DOMAINS));
+    const snapshot = {
+        provider: (env.CODESDD_AGENT_PROVIDER || 'deepagents').trim() || 'deepagents',
+        enabled: parseBooleanFlag(env.CODESDD_DEEPAGENTS_ENABLED, false),
+        runtime: parseRuntimeMode(env.CODESDD_DEEPAGENTS_RUNTIME),
+        defaultMode: parseDefaultMode(env.CODESDD_DEEPAGENTS_DEFAULT_MODE),
+        requireHitl: parseBooleanFlag(env.CODESDD_DEEPAGENTS_REQUIRE_HITL, true),
+        networkPolicy: parseNetworkPolicy(env.CODESDD_AGENT_NETWORK_POLICY),
+        envAllowlist,
+        allowedDomains,
+        writeScope: parseCsv(env.CODESDD_AGENT_WRITE_SCOPE),
+        model: safeTrim(env.CODESDD_DEEPAGENTS_MODEL),
+        plannerModel: safeTrim(env.CODESDD_DEEPAGENTS_PLANNER_MODEL),
+        reviewerModel: safeTrim(env.CODESDD_DEEPAGENTS_REVIEWER_MODEL),
+        coderModel: safeTrim(env.CODESDD_DEEPAGENTS_CODER_MODEL),
+        maxIterations: parsePositiveInteger(env.CODESDD_DEEPAGENTS_MAX_ITERATIONS),
+        maxSubagents: parsePositiveInteger(env.CODESDD_DEEPAGENTS_MAX_SUBAGENTS),
+        maxParallel: parsePositiveInteger(env.CODESDD_DEEPAGENTS_MAX_PARALLEL),
+        sandboxRoot: safeTrim(env.CODESDD_DEEPAGENTS_SANDBOX_ROOT),
+        worktreeRoot: safeTrim(env.CODESDD_AGENT_WORKTREE_ROOT),
+    };
+    return {
+        ...snapshot,
+        configFingerprint: buildDeepAgentsConfigFingerprint(snapshot),
+    };
+}
+export function evaluateDeepAgentsRuntimeReadiness(snapshot, env = process.env) {
+    if (!snapshot.enabled || snapshot.runtime === 'disabled') {
+        return {
+            status: 'disabled',
+            runtime: snapshot.runtime,
+            model: snapshot.model,
+            credentialPresent: false,
+            reasons: ['DeepAgents runtime is disabled by policy.'],
+        };
+    }
+    if (snapshot.provider.trim().toLowerCase() !== 'deepagents') {
+        return {
+            status: 'blocked',
+            runtime: snapshot.runtime,
+            model: snapshot.model,
+            credentialPresent: false,
+            reasons: ['CODESDD_AGENT_PROVIDER must be deepagents when DeepAgents runtime is enabled.'],
+        };
+    }
+    if (snapshot.runtime === 'fake') {
+        return {
+            status: 'ready',
+            runtime: snapshot.runtime,
+            model: snapshot.model,
+            credentialPresent: false,
+            reasons: [],
+        };
+    }
+    const reasons = [];
+    if (!snapshot.model) {
+        reasons.push('CODESDD_DEEPAGENTS_MODEL is required when runtime is deepagents-js.');
+    }
+    const providerResolution = resolveDeepAgentsModelProvider(snapshot.model, env);
+    reasons.push(...providerResolution.reasons);
+    const credentialEnv = providerResolution.credential.credentialEnv;
+    const credentialPresent = providerResolution.credential.credentialPresent;
+    return {
+        status: reasons.length > 0 ? 'blocked' : 'ready',
+        runtime: snapshot.runtime,
+        model: snapshot.model,
+        provider: providerResolution.profile?.provider ?? providerResolution.modelRef?.provider,
+        credentialEnv,
+        credentialPresent,
+        endpointEnv: providerResolution.endpoint.endpointEnv,
+        endpointPresent: providerResolution.endpoint.endpointPresent,
+        reasons,
+    };
+}
+export function buildDeepAgentsOperationalPreflight(snapshot, env = process.env) {
+    const readiness = evaluateDeepAgentsRuntimeReadiness(snapshot, env);
+    const checks = [];
+    const reasons = [...readiness.reasons];
+    const requiredEnv = new Set();
+    const missingEnv = new Set();
+    const inferredDomains = inferNetworkDomainsForModel(snapshot.model, env);
+    const providerOk = snapshot.provider.trim().toLowerCase() === 'deepagents';
+    checks.push({
+        id: 'provider',
+        status: readiness.status === 'disabled' ? 'skip' : providerOk ? 'pass' : 'fail',
+        message: providerOk
+            ? 'Provider deepagents configurado.'
+            : 'CODESDD_AGENT_PROVIDER deve ser deepagents quando runtime estiver habilitado.',
+    });
+    checks.push({
+        id: 'runtime',
+        status: readiness.status === 'disabled'
+            ? 'skip'
+            : snapshot.runtime === 'fake' || snapshot.runtime === 'deepagents-js'
+                ? 'pass'
+                : 'fail',
+        message: readiness.status === 'disabled'
+            ? 'Runtime DeepAgents desabilitado.'
+            : `Runtime configurado: ${snapshot.runtime}.`,
+    });
+    if (readiness.status !== 'disabled' && snapshot.runtime === 'deepagents-js') {
+        checks.push({
+            id: 'model',
+            status: snapshot.model ? 'pass' : 'fail',
+            message: snapshot.model
+                ? `Modelo selecionado: ${snapshot.model}.`
+                : 'CODESDD_DEEPAGENTS_MODEL e obrigatorio para runtime deepagents-js.',
+        });
+    }
+    else {
+        checks.push({
+            id: 'model',
+            status: 'skip',
+            message: 'Modelo nao obrigatorio para runtime desabilitado/fake.',
+        });
+    }
+    if (readiness.credentialEnv) {
+        requiredEnv.add(readiness.credentialEnv);
+        if (!readiness.credentialPresent) {
+            missingEnv.add(readiness.credentialEnv);
+        }
+    }
+    checks.push({
+        id: 'credential',
+        status: readiness.status === 'disabled'
+            ? 'skip'
+            : readiness.credentialEnv
+                ? readiness.credentialPresent
+                    ? 'pass'
+                    : 'fail'
+                : 'skip',
+        message: readiness.credentialEnv
+            ? readiness.credentialPresent
+                ? `${readiness.credentialEnv} presente.`
+                : `${readiness.credentialEnv} ausente.`
+            : 'Credencial nao requerida para o perfil atual.',
+    });
+    if (readiness.endpointEnv) {
+        requiredEnv.add(readiness.endpointEnv);
+        if (!readiness.endpointPresent) {
+            missingEnv.add(readiness.endpointEnv);
+        }
+    }
+    checks.push({
+        id: 'endpoint',
+        status: readiness.status === 'disabled'
+            ? 'skip'
+            : readiness.endpointEnv
+                ? readiness.endpointPresent
+                    ? 'pass'
+                    : 'fail'
+                : 'skip',
+        message: readiness.endpointEnv
+            ? readiness.endpointPresent
+                ? `${readiness.endpointEnv} presente.`
+                : `${readiness.endpointEnv} ausente.`
+            : 'Endpoint nao obrigatorio para o perfil atual.',
+    });
+    const networkDecision = evaluateNetworkAccess(inferredDomains, snapshot.networkPolicy, snapshot.allowedDomains);
+    if (networkDecision.blocked.length > 0) {
+        reasons.push(`Network policy ${snapshot.networkPolicy} bloqueia dominios inferidos: ${networkDecision.blocked.join(', ')}.`);
+    }
+    checks.push({
+        id: 'network',
+        status: readiness.status === 'disabled'
+            ? 'skip'
+            : networkDecision.blocked.length === 0
+                ? 'pass'
+                : 'fail',
+        message: networkDecision.blocked.length === 0
+            ? 'Politica de rede cobre os dominios inferidos do provider.'
+            : `Dominios bloqueados: ${networkDecision.blocked.join(', ')}.`,
+    });
+    const status = readiness.status === 'disabled'
+        ? 'disabled'
+        : reasons.length > 0
+            ? 'blocked'
+            : 'ready';
+    return {
+        status,
+        provider: snapshot.provider,
+        runtime: snapshot.runtime,
+        model: snapshot.model,
+        reasons,
+        checks,
+        required_env: Array.from(requiredEnv).sort(),
+        missing_env: Array.from(missingEnv).sort(),
+        allowed_domains: [...snapshot.allowedDomains],
+        inferred_domains: inferredDomains,
+    };
+}
+export function evaluateEnvPassThrough(requestedEnv, allowlist) {
+    const allowedSet = new Set(normalizeEnvNames(allowlist));
+    const normalizedRequested = normalizeEnvNames(requestedEnv);
+    const allowed = [];
+    const blocked = [];
+    for (const envName of normalizedRequested) {
+        if (isSecretEnvName(envName)) {
+            blocked.push({ env: envName, reason: 'SECRET_ENV_BLOCKED' });
+            continue;
+        }
+        if (!allowedSet.has(envName)) {
+            blocked.push({ env: envName, reason: 'ENV_NOT_ALLOWLISTED' });
+            continue;
+        }
+        allowed.push(envName);
+    }
+    return { allowed, blocked };
+}
+export function evaluateNetworkAccess(requestedDomains, policy, allowlist) {
+    const requested = normalizeDomains(requestedDomains);
+    const approved = normalizeDomains(allowlist);
+    if (requested.length === 0) {
+        return { allowed: [], blocked: [], policy };
+    }
+    if (policy === 'disabled') {
+        return { allowed: [], blocked: requested, policy };
+    }
+    if (policy === 'enabled') {
+        return { allowed: requested, blocked: [], policy };
+    }
+    const allowed = [];
+    const blocked = [];
+    for (const domain of requested) {
+        const approvedDomain = approved.some((candidate) => domain === candidate || domain.endsWith(`.${candidate}`));
+        if (approvedDomain) {
+            allowed.push(domain);
+            continue;
+        }
+        blocked.push(domain);
+    }
+    return { allowed, blocked, policy };
+}
+export function requiresHumanApproval(mode, operation, requireHitl) {
+    if (!requireHitl) {
+        return false;
+    }
+    if (mode === 'apply-sandbox' || mode === 'apply-approved') {
+        return true;
+    }
+    return HIGH_RISK_OPERATIONS.has(operation);
+}
+export function buildDeepAgentsConfigFingerprint(config) {
+    const normalized = normalizeForFingerprint(config);
+    const payload = JSON.stringify(normalized);
+    return createHash('sha256').update(payload).digest('hex');
+}
+function parseDefaultMode(mode) {
+    const candidate = (mode || '').trim().toLowerCase();
+    switch (candidate) {
+        case 'read-only':
+        case 'plan':
+        case 'validate':
+        case 'apply-sandbox':
+        case 'apply-approved':
+            return candidate;
+        default:
+            return 'plan';
+    }
+}
+function parseRuntimeMode(value) {
+    const normalized = (value || '').trim().toLowerCase();
+    if (normalized === 'fake' || normalized === 'deepagents-js') {
+        return normalized;
+    }
+    return 'disabled';
+}
+function parseNetworkPolicy(value) {
+    const normalized = (value || '').trim().toLowerCase();
+    if (normalized === 'restricted' || normalized === 'enabled') {
+        return normalized;
+    }
+    return 'disabled';
+}
+function parseBooleanFlag(value, fallback) {
+    if (typeof value !== 'string') {
+        return fallback;
+    }
+    const normalized = value.trim().toLowerCase();
+    if (normalized === '1' || normalized === 'true' || normalized === 'yes') {
+        return true;
+    }
+    if (normalized === '0' || normalized === 'false' || normalized === 'no') {
+        return false;
+    }
+    return fallback;
+}
+function parseCsv(value) {
+    return (value || '')
+        .split(',')
+        .map((entry) => entry.trim())
+        .filter(Boolean);
+}
+function normalizeEnvNames(values) {
+    return Array.from(new Set(values.map((value) => value.trim().toUpperCase()).filter(Boolean))).sort();
+}
+function normalizeDomains(values) {
+    return Array.from(new Set(values
+        .map((value) => value.trim().toLowerCase())
+        .filter(Boolean)
+        .map((value) => value.replace(/^https?:\/\//u, '').replace(/\/.*$/u, '')))).sort();
+}
+function isSecretEnvName(value) {
+    return SECRET_ENV_TOKENS.some((token) => value.includes(token));
+}
+function safeTrim(value) {
+    const trimmed = (value || '').trim();
+    return trimmed || undefined;
+}
+function parsePositiveInteger(value) {
+    const trimmed = safeTrim(value);
+    if (!trimmed) {
+        return undefined;
+    }
+    const parsed = Number.parseInt(trimmed, 10);
+    return Number.isSafeInteger(parsed) && parsed > 0 ? parsed : undefined;
+}
+function normalizeForFingerprint(value) {
+    if (Array.isArray(value)) {
+        return value.map((entry) => normalizeForFingerprint(entry));
+    }
+    if (!value || typeof value !== 'object') {
+        return value;
+    }
+    const entries = Object.entries(value)
+        .filter(([, entryValue]) => typeof entryValue !== 'undefined')
+        .sort(([left], [right]) => left.localeCompare(right));
+    const normalized = {};
+    for (const [key, entryValue] of entries) {
+        normalized[key] = normalizeForFingerprint(entryValue);
+    }
+    return normalized;
+}
+export { inferNetworkDomainsForModel, requiredCredentialEnvForModel, resolveDeepAgentsModelProvider };
+//# sourceMappingURL=policy.js.map

package/dist/core/sdd/deepagents/quality-witness.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { WorkspaceQualityDocument } from '../workspace-schemas.js';
+export declare function evaluateQualityWitnessMatrix(document: WorkspaceQualityDocument): string[];
+//# sourceMappingURL=quality-witness.d.ts.map

package/dist/core/sdd/deepagents/quality-witness.js ADDED Viewed

@@ -0,0 +1,77 @@
+const PLACEHOLDER_TOKENS = ['tbd', 'todo', 'pending', 'to define', 'na', 'n/a'];
+const FUTURE_TENSE_COMPLETION_PATTERNS = [
+    /\bwill\s+(?:verify|validate|run|execute|confirm|check|ensure)\b/iu,
+    /\bwill\s+be\s+(?:verified|validated|run|executed|confirmed|checked|ensured)\b/iu,
+];
+function isPlaceholderValue(value) {
+    const normalized = value.trim().toLowerCase();
+    return PLACEHOLDER_TOKENS.some((token) => normalized === token || normalized.includes(`${token} `));
+}
+function hasPlaceholderValues(values) {
+    return values.some((value) => isPlaceholderValue(value));
+}
+function hasFutureTenseCompletionClaim(value) {
+    return FUTURE_TENSE_COMPLETION_PATTERNS.some((pattern) => pattern.test(value));
+}
+function collectFutureTenseCompletionClaims(document) {
+    const claims = [];
+    for (const entry of document.evidence_log) {
+        if (hasFutureTenseCompletionClaim(entry.result)) {
+            claims.push(`evidence_log entry "${entry.kind}" uses future-tense completion evidence`);
+        }
+    }
+    for (const entry of document.acceptance_matrix) {
+        if (hasFutureTenseCompletionClaim(entry.evidence)) {
+            claims.push(`acceptance_matrix criterion "${entry.criterion}" uses future-tense completion evidence`);
+        }
+    }
+    for (const row of document.requirement_validation_evidence_risk_matrix ?? []) {
+        if (hasPlaceholderValues(row.evidence_refs)) {
+            continue;
+        }
+        for (const evidenceRef of row.evidence_refs) {
+            if (hasFutureTenseCompletionClaim(evidenceRef)) {
+                claims.push(`${row.requirement_ref} evidence_refs use future-tense completion evidence`);
+            }
+        }
+    }
+    return claims;
+}
+export function evaluateQualityWitnessMatrix(document) {
+    const matrix = document.requirement_validation_evidence_risk_matrix ?? [];
+    const reasons = [];
+    reasons.push(...collectFutureTenseCompletionClaims(document));
+    if (matrix.length === 0) {
+        reasons.push('requirement_validation_evidence_risk_matrix is required and cannot be empty before finalize');
+        return reasons;
+    }
+    const traceabilityRequirements = new Set((document.traceability?.requirements ?? [])
+        .map((entry) => (entry.requirement_ref || '').trim())
+        .filter(Boolean));
+    const matrixRequirements = new Set();
+    for (const row of matrix) {
+        const requirementRef = row.requirement_ref.trim();
+        if (!requirementRef) {
+            reasons.push('matrix row has empty requirement_ref');
+            continue;
+        }
+        matrixRequirements.add(requirementRef);
+        if (row.validation_refs.length === 0 || hasPlaceholderValues(row.validation_refs)) {
+            reasons.push(`${requirementRef} must declare concrete validation_refs`);
+        }
+        if (row.evidence_refs.length === 0 || hasPlaceholderValues(row.evidence_refs)) {
+            reasons.push(`${requirementRef} must declare concrete evidence_refs`);
+        }
+        const residualRisk = (row.residual_risk || '').trim();
+        if (residualRisk.length < 10 || isPlaceholderValue(residualRisk)) {
+            reasons.push(`${requirementRef} must declare a concrete residual_risk`);
+        }
+    }
+    for (const requirementRef of traceabilityRequirements) {
+        if (!matrixRequirements.has(requirementRef)) {
+            reasons.push(`traceability requirement ${requirementRef} is missing from requirement_validation_evidence_risk_matrix`);
+        }
+    }
+    return Array.from(new Set(reasons));
+}
+//# sourceMappingURL=quality-witness.js.map

package/dist/core/sdd/deepagents/reversa-subagents.d.ts ADDED Viewed

@@ -0,0 +1,75 @@
+import { z } from 'zod';
+export declare const reversaDomainSchema: z.ZodEnum<{
+    specs: "specs";
+    architecture: "architecture";
+    rules: "rules";
+    data: "data";
+    migration: "migration";
+    "legacy-analysis": "legacy-analysis";
+    screens: "screens";
+    microservices: "microservices";
+    "equivalence-validation": "equivalence-validation";
+}>;
+export declare const deepAgentsReversaRequestSchema: z.ZodObject<{
+    feature_ref: z.ZodString;
+    domains: z.ZodDefault<z.ZodArray<z.ZodEnum<{
+        specs: "specs";
+        architecture: "architecture";
+        rules: "rules";
+        data: "data";
+        migration: "migration";
+        "legacy-analysis": "legacy-analysis";
+        screens: "screens";
+        microservices: "microservices";
+        "equivalence-validation": "equivalence-validation";
+    }>>>;
+    legacy_sources: z.ZodDefault<z.ZodArray<z.ZodString>>;
+}, z.core.$strip>;
+export declare const deepAgentsReversaPlanSchema: z.ZodObject<{
+    schema_version: z.ZodLiteral<1>;
+    feature_ref: z.ZodString;
+    runtime_provider: z.ZodLiteral<"deepagents">;
+    status: z.ZodEnum<{
+        ready: "ready";
+        blocked: "blocked";
+    }>;
+    fail_closed: z.ZodLiteral<true>;
+    reasons: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    canonical_authority: z.ZodObject<{
+        governance_system: z.ZodLiteral<"CodeSDD">;
+        canonical_state_path: z.ZodLiteral<".sdd/state/**">;
+        direct_state_mutation_allowed: z.ZodLiteral<false>;
+    }, z.core.$strip>;
+    legacy_input_policy: z.ZodObject<{
+        trust_model: z.ZodLiteral<"untrusted">;
+        source_attestation_required: z.ZodLiteral<true>;
+        accepted_sources: z.ZodDefault<z.ZodArray<z.ZodString>>;
+        rejected_sources: z.ZodDefault<z.ZodArray<z.ZodObject<{
+            path: z.ZodString;
+            reason: z.ZodString;
+        }, z.core.$strip>>>;
+    }, z.core.$strip>;
+    routes: z.ZodDefault<z.ZodArray<z.ZodObject<{
+        domain: z.ZodEnum<{
+            specs: "specs";
+            architecture: "architecture";
+            rules: "rules";
+            data: "data";
+            migration: "migration";
+            "legacy-analysis": "legacy-analysis";
+            screens: "screens";
+            microservices: "microservices";
+            "equivalence-validation": "equivalence-validation";
+        }>;
+        subagent_id: z.ZodString;
+        skill_ref: z.ZodString;
+        legacy_input_refs: z.ZodDefault<z.ZodArray<z.ZodString>>;
+        evidence_refs: z.ZodDefault<z.ZodArray<z.ZodString>>;
+        quality_refs: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    }, z.core.$strip>>>;
+}, z.core.$strip>;
+export type ReversaDomain = z.infer<typeof reversaDomainSchema>;
+export type DeepAgentsReversaPlanRequest = z.infer<typeof deepAgentsReversaRequestSchema>;
+export type DeepAgentsReversaPlan = z.infer<typeof deepAgentsReversaPlanSchema>;
+export declare function planDeepAgentsReversaSubagents(request: DeepAgentsReversaPlanRequest): DeepAgentsReversaPlan;
+//# sourceMappingURL=reversa-subagents.d.ts.map