@devtrack-solution/codesdd 1.2.3 → 1.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.sdd/skills/curated/devtrack-api/SKILL.md +98 -12
- package/.sdd/skills/curated/devtrack-api/agents/claude-code.yaml +10 -0
- package/.sdd/skills/curated/devtrack-api/agents/codex.yaml +10 -0
- package/.sdd/skills/curated/devtrack-api/agents/cursor.yaml +10 -0
- package/.sdd/skills/curated/devtrack-api/agents/gemini.yaml +10 -0
- package/.sdd/skills/curated/devtrack-api/agents/kimi.yaml +10 -0
- package/.sdd/skills/curated/devtrack-api/agents/openai.yaml +5 -3
- package/.sdd/skills/curated/devtrack-api/agents/opencode.yaml +12 -0
- package/.sdd/skills/curated/devtrack-api/references/application-presentation.md +61 -5
- package/.sdd/skills/curated/devtrack-api/references/consumer-sync-policy.md +15 -3
- package/.sdd/skills/curated/devtrack-api/references/contract-pack.yaml +1951 -0
- package/.sdd/skills/curated/devtrack-api/references/domain-modeling.md +16 -14
- package/.sdd/skills/curated/devtrack-api/references/field-validation-protocol.md +40 -0
- package/.sdd/skills/curated/devtrack-api/references/foundation-layout.md +19 -2
- package/.sdd/skills/curated/devtrack-api/references/generated-artifact-invalidation.md +97 -0
- package/.sdd/skills/curated/devtrack-api/references/implementation-checklist.md +30 -1
- package/.sdd/skills/curated/devtrack-api/references/portable-agent-contract.md +42 -0
- package/.sdd/skills/curated/devtrack-api/references/testing-validation.md +22 -1
- package/.sdd/skills/curated/devtrack-api/references/typeorm-infrastructure.md +9 -7
- package/README.md +280 -29
- package/dist/applications/sdd/index.d.ts +16 -0
- package/dist/applications/sdd/index.js +16 -0
- package/dist/cli/program.js +180 -11
- package/dist/commands/config.js +197 -10
- package/dist/commands/sdd/execution.js +408 -16
- package/dist/commands/sdd/plugin.js +5 -0
- package/dist/commands/sdd/shared.d.ts +1 -0
- package/dist/commands/sdd/shared.js +10 -0
- package/dist/commands/sdd.js +157 -7
- package/dist/core/cli/command-matrix.d.ts +18 -0
- package/dist/core/cli/command-matrix.js +157 -0
- package/dist/core/cli-command-quality.js +11 -0
- package/dist/core/completions/command-registry.js +45 -0
- package/dist/core/config-schema.d.ts +31 -1
- package/dist/core/config-schema.js +79 -5
- package/dist/core/config.d.ts +1 -0
- package/dist/core/config.js +11 -0
- package/dist/core/global-config.d.ts +29 -0
- package/dist/core/init.d.ts +2 -2
- package/dist/core/init.js +13 -14
- package/dist/core/sdd/agent-binding.d.ts +19 -19
- package/dist/core/sdd/agent-runtime-contract.d.ts +204 -0
- package/dist/core/sdd/agent-runtime-contract.js +200 -0
- package/dist/core/sdd/allocator-recovery.d.ts +14 -0
- package/dist/core/sdd/allocator-recovery.js +30 -0
- package/dist/core/sdd/allocator-security.d.ts +18 -0
- package/dist/core/sdd/allocator-security.js +36 -0
- package/dist/core/sdd/api-foundation-baseline.d.ts +111 -0
- package/dist/core/sdd/api-foundation-baseline.js +151 -0
- package/dist/core/sdd/api-foundation-parity.d.ts +114 -0
- package/dist/core/sdd/api-foundation-parity.js +131 -0
- package/dist/core/sdd/api-profile-catalog.d.ts +36 -0
- package/dist/core/sdd/api-profile-catalog.js +132 -0
- package/dist/core/sdd/api-profile-dry-run-projection.d.ts +93 -0
- package/dist/core/sdd/api-profile-dry-run-projection.js +370 -0
- package/dist/core/sdd/api-profile-recipes.d.ts +82 -0
- package/dist/core/sdd/api-profile-recipes.js +484 -0
- package/dist/core/sdd/artifact-id-allocator.d.ts +368 -0
- package/dist/core/sdd/artifact-id-allocator.js +510 -0
- package/dist/core/sdd/check.d.ts +52 -1
- package/dist/core/sdd/check.js +326 -11
- package/dist/core/sdd/coordination/coordination-adapters.d.ts +15 -8
- package/dist/core/sdd/coordination/coordination-adapters.js +43 -15
- package/dist/core/sdd/coordination/index.d.ts +1 -0
- package/dist/core/sdd/coordination/index.js +1 -0
- package/dist/core/sdd/coordination/redis-runtime.d.ts +131 -0
- package/dist/core/sdd/coordination/redis-runtime.js +698 -0
- package/dist/core/sdd/deepagent-contracts.d.ts +99 -5
- package/dist/core/sdd/deepagent-contracts.js +62 -0
- package/dist/core/sdd/deepagents/reversa-subagents.d.ts +3 -3
- package/dist/core/sdd/default-bootstrap-files.d.ts +2 -2
- package/dist/core/sdd/default-bootstrap-files.js +14 -10
- package/dist/core/sdd/default-skills.js +115 -9
- package/dist/core/sdd/devtrack-api-appliance.d.ts +42 -1
- package/dist/core/sdd/devtrack-api-appliance.js +159 -32
- package/dist/core/sdd/devtrack-api-architecture.d.ts +16 -0
- package/dist/core/sdd/devtrack-api-architecture.js +86 -0
- package/dist/core/sdd/docs-sync.js +24 -18
- package/dist/core/sdd/domain/capability-diff.d.ts +63 -0
- package/dist/core/sdd/domain/capability-diff.js +200 -0
- package/dist/core/sdd/domain/change-safety-guardrails.d.ts +74 -0
- package/dist/core/sdd/domain/change-safety-guardrails.js +333 -0
- package/dist/core/sdd/domain/semantic-intent-classifier.d.ts +29 -0
- package/dist/core/sdd/domain/semantic-intent-classifier.js +117 -0
- package/dist/core/sdd/enterprise-mutating-command-gate.d.ts +27 -0
- package/dist/core/sdd/enterprise-mutating-command-gate.js +104 -0
- package/dist/core/sdd/enterprise-provenance-gates.d.ts +20 -0
- package/dist/core/sdd/enterprise-provenance-gates.js +63 -0
- package/dist/core/sdd/enterprise-provisioning-policy.d.ts +26 -0
- package/dist/core/sdd/enterprise-provisioning-policy.js +104 -0
- package/dist/core/sdd/foundation-artifact-map-validator.d.ts +16 -0
- package/dist/core/sdd/foundation-artifact-map-validator.js +71 -0
- package/dist/core/sdd/foundation-layer-manifest.d.ts +24 -0
- package/dist/core/sdd/foundation-layer-manifest.js +117 -0
- package/dist/core/sdd/governance-schemas.d.ts +2 -2
- package/dist/core/sdd/governance-schemas.js +11 -2
- package/dist/core/sdd/intent-guard.d.ts +22 -0
- package/dist/core/sdd/intent-guard.js +67 -0
- package/dist/core/sdd/json-schema.js +13 -1
- package/dist/core/sdd/legacy-operations.js +169 -5
- package/dist/core/sdd/migrate-workspace.js +39 -0
- package/dist/core/sdd/package-security-gates.d.ts +21 -0
- package/dist/core/sdd/package-security-gates.js +121 -0
- package/dist/core/sdd/package-structure-gate.d.ts +85 -3
- package/dist/core/sdd/package-structure-gate.js +384 -11
- package/dist/core/sdd/parallel-feat-automation.d.ts +185 -7
- package/dist/core/sdd/parallel-feat-automation.js +212 -0
- package/dist/core/sdd/plugin-broker.d.ts +223 -4
- package/dist/core/sdd/plugin-broker.js +10 -0
- package/dist/core/sdd/plugin-cli.d.ts +30 -0
- package/dist/core/sdd/plugin-cli.js +70 -3
- package/dist/core/sdd/plugin-evidence.d.ts +73 -0
- package/dist/core/sdd/plugin-manifest.d.ts +69 -1
- package/dist/core/sdd/plugin-manifest.js +10 -0
- package/dist/core/sdd/plugin-policy-pack.d.ts +1 -1
- package/dist/core/sdd/plugin-policy.js +6 -1
- package/dist/core/sdd/plugin-registry.d.ts +138 -2
- package/dist/core/sdd/plugin-sdk-contract.d.ts +363 -0
- package/dist/core/sdd/plugin-sdk-contract.js +268 -0
- package/dist/core/sdd/plugin-skill-binding.d.ts +1 -1
- package/dist/core/sdd/quality-validation.d.ts +89 -16
- package/dist/core/sdd/release-readiness.d.ts +68 -0
- package/dist/core/sdd/release-readiness.js +767 -0
- package/dist/core/sdd/reversa-architecture-extractor.d.ts +13 -0
- package/dist/core/sdd/reversa-architecture-extractor.js +89 -0
- package/dist/core/sdd/reversa-artifact-writer.d.ts +18 -0
- package/dist/core/sdd/reversa-artifact-writer.js +40 -0
- package/dist/core/sdd/reversa-command-policy.d.ts +136 -0
- package/dist/core/sdd/reversa-command-policy.js +361 -0
- package/dist/core/sdd/reversa-data-extractor.d.ts +11 -0
- package/dist/core/sdd/reversa-data-extractor.js +73 -0
- package/dist/core/sdd/reversa-equivalence.d.ts +20 -0
- package/dist/core/sdd/reversa-equivalence.js +34 -0
- package/dist/core/sdd/reversa-evidence.d.ts +298 -0
- package/dist/core/sdd/reversa-evidence.js +118 -0
- package/dist/core/sdd/reversa-reconstruction.d.ts +29 -0
- package/dist/core/sdd/reversa-reconstruction.js +32 -0
- package/dist/core/sdd/reversa-rules-extractor.d.ts +12 -0
- package/dist/core/sdd/reversa-rules-extractor.js +86 -0
- package/dist/core/sdd/reversa-source-safety.d.ts +19 -0
- package/dist/core/sdd/reversa-source-safety.js +105 -0
- package/dist/core/sdd/reversa-surface-scout.d.ts +13 -0
- package/dist/core/sdd/reversa-surface-scout.js +85 -0
- package/dist/core/sdd/reversa-ux-mapper.d.ts +11 -0
- package/dist/core/sdd/reversa-ux-mapper.js +73 -0
- package/dist/core/sdd/runtime-boundary-contract.d.ts +45 -0
- package/dist/core/sdd/runtime-boundary-contract.js +90 -0
- package/dist/core/sdd/sdk-agent-plugin-quality-gates.d.ts +150 -0
- package/dist/core/sdd/sdk-agent-plugin-quality-gates.js +258 -0
- package/dist/core/sdd/services/agent-run.service.d.ts +38 -6
- package/dist/core/sdd/services/agent-run.service.js +73 -1
- package/dist/core/sdd/services/archive-quality-coherence.service.d.ts +17 -0
- package/dist/core/sdd/services/archive-quality-coherence.service.js +141 -0
- package/dist/core/sdd/services/capability-diff.service.d.ts +18 -0
- package/dist/core/sdd/services/capability-diff.service.js +26 -0
- package/dist/core/sdd/services/change-safety-preflight.service.d.ts +17 -0
- package/dist/core/sdd/services/change-safety-preflight.service.js +17 -0
- package/dist/core/sdd/services/context.service.d.ts +43 -340
- package/dist/core/sdd/services/context.service.js +323 -9
- package/dist/core/sdd/services/decide.service.js +1 -1
- package/dist/core/sdd/services/finalize.service.d.ts +27 -0
- package/dist/core/sdd/services/finalize.service.js +226 -18
- package/dist/core/sdd/services/frontend-impact.service.d.ts +1 -1
- package/dist/core/sdd/services/historical-quality-regression.service.d.ts +35 -0
- package/dist/core/sdd/services/historical-quality-regression.service.js +228 -0
- package/dist/core/sdd/services/ingest-deposito.service.js +1 -1
- package/dist/core/sdd/services/planning-execution-coherence.service.d.ts +45 -0
- package/dist/core/sdd/services/planning-execution-coherence.service.js +225 -0
- package/dist/core/sdd/services/semantic-intent-classifier.service.d.ts +6 -0
- package/dist/core/sdd/services/semantic-intent-classifier.service.js +7 -0
- package/dist/core/sdd/state.d.ts +1 -0
- package/dist/core/sdd/state.js +266 -34
- package/dist/core/sdd/store/sdd-stores.js +2 -2
- package/dist/core/sdd/structural-health.d.ts +13 -13
- package/dist/core/sdd/types.d.ts +30 -15
- package/dist/core/sdd/types.js +4 -0
- package/dist/core/sdd/views.js +17 -0
- package/dist/core/sdd/workspace-schemas.d.ts +428 -7
- package/dist/core/sdd/workspace-schemas.js +223 -70
- package/dist/core/shared/skill-generation.d.ts +2 -0
- package/dist/core/shared/skill-generation.js +19 -2
- package/dist/core/shared/tool-detection.d.ts +19 -0
- package/dist/core/shared/tool-detection.js +89 -0
- package/dist/domains/sdd/index.d.ts +6 -0
- package/dist/domains/sdd/index.js +6 -0
- package/dist/infrastructures/sdd/index.d.ts +7 -0
- package/dist/infrastructures/sdd/index.js +6 -0
- package/dist/presentations/cli/sdd/index.d.ts +3 -0
- package/dist/presentations/cli/sdd/index.js +3 -0
- package/dist/shared/sdd/index.d.ts +3 -0
- package/dist/shared/sdd/index.js +2 -0
- package/package.json +14 -10
- package/schemas/sdd/2-plan.schema.json +207 -2
- package/schemas/sdd/5-quality.schema.json +324 -25
- package/schemas/sdd/agent-runtime-command-plan.schema.json +212 -0
- package/schemas/sdd/agent-runtime-opencode-run-evidence.schema.json +270 -0
- package/schemas/sdd/codesdd-plugin.schema.json +171 -0
- package/schemas/sdd/deepagent-run-request.schema.json +316 -0
- package/schemas/sdd/parallel-feat-automation-plan.schema.json +89 -0
- package/schemas/sdd/parallel-feat-scheduler-request.schema.json +116 -0
- package/schemas/sdd/parallel-feat-scheduler-result.schema.json +404 -0
- package/schemas/sdd/plugin-artifact-manifest.schema.json +109 -0
- package/schemas/sdd/plugin-artifact-map.schema.json +223 -0
- package/schemas/sdd/plugin-evidence-manifest.schema.json +109 -0
- package/schemas/sdd/plugin-language-runtime.schema.json +103 -0
- package/schemas/sdd/plugin-package-governance.schema.json +74 -0
- package/schemas/sdd/plugin-registry.schema.json +171 -0
- package/schemas/sdd/plugin-runtime-invocation-plan.schema.json +109 -0
- package/schemas/sdd/quality-evidence-bundle.schema.json +109 -0
- package/schemas/sdd/reversa-evidence-bundle.schema.json +466 -0
- package/schemas/sdd/sdk-agent-plugin-quality-gate-input.schema.json +168 -0
- package/schemas/sdd/sdk-agent-plugin-quality-gate-report.schema.json +160 -0
- package/schemas/sdd/workspace-catalog.schema.json +5298 -1409
|
@@ -0,0 +1,200 @@
|
|
|
1
|
+
import { toJSONSchema, z } from 'zod';
|
|
2
|
+
const JSON_SCHEMA_DRAFT = 'https://json-schema.org/draft/2020-12/schema';
|
|
3
|
+
const FEATURE_REF_PATTERN = /^FEAT-\d{4}$/;
|
|
4
|
+
export const agentRuntimeProviderSchema = z.enum(['deepagents', 'codex', 'opencode']);
|
|
5
|
+
export const agentRuntimeModeSchema = z.enum(['read-only', 'plan', 'validate', 'apply-sandbox', 'apply-approved']);
|
|
6
|
+
export const agentRuntimeSandboxSchema = z.enum(['read-only', 'workspace-write', 'danger-full-access']);
|
|
7
|
+
export const agentRuntimeStatusSchema = z.enum(['planned', 'blocked']);
|
|
8
|
+
export const opencodeExecutionStatusSchema = z.enum([
|
|
9
|
+
'planned',
|
|
10
|
+
'skipped',
|
|
11
|
+
'blocked',
|
|
12
|
+
'running',
|
|
13
|
+
'completed',
|
|
14
|
+
'failed',
|
|
15
|
+
]);
|
|
16
|
+
const agentRuntimeCommandSchema = z.object({
|
|
17
|
+
executable: z.string().min(1),
|
|
18
|
+
args: z.array(z.string()).default([]),
|
|
19
|
+
stdin: z.string().optional(),
|
|
20
|
+
});
|
|
21
|
+
const agentRuntimeEvidenceArtifactSchema = z.object({
|
|
22
|
+
kind: z.string().min(1),
|
|
23
|
+
ref: z.string().min(1),
|
|
24
|
+
path: z.string().min(1).optional(),
|
|
25
|
+
sha256: z.string().min(1).optional(),
|
|
26
|
+
});
|
|
27
|
+
const agentRuntimeRiskSchema = z.object({
|
|
28
|
+
id: z.string().min(1),
|
|
29
|
+
severity: z.enum(['low', 'medium', 'high', 'critical']),
|
|
30
|
+
summary: z.string().min(1),
|
|
31
|
+
mitigation: z.string().min(1).optional(),
|
|
32
|
+
});
|
|
33
|
+
export const agentRuntimeCommandPlanRequestSchema = z.object({
|
|
34
|
+
schema_version: z.literal(1).default(1),
|
|
35
|
+
feature_ref: z.string().regex(FEATURE_REF_PATTERN),
|
|
36
|
+
provider: agentRuntimeProviderSchema,
|
|
37
|
+
mode: agentRuntimeModeSchema.default('plan'),
|
|
38
|
+
instruction: z.string().min(1),
|
|
39
|
+
cwd: z.string().min(1).default('.'),
|
|
40
|
+
model: z.string().min(1).optional(),
|
|
41
|
+
sandbox: agentRuntimeSandboxSchema.default('read-only'),
|
|
42
|
+
output_schema: z.string().min(1).optional(),
|
|
43
|
+
output_last_message: z.string().min(1).optional(),
|
|
44
|
+
agent: z.string().min(1).optional(),
|
|
45
|
+
session: z.string().min(1).optional(),
|
|
46
|
+
files: z.array(z.string().min(1)).default([]),
|
|
47
|
+
approval_grants: z.array(z.enum(['maintainer', 'architecture-board', 'security'])).default([]),
|
|
48
|
+
});
|
|
49
|
+
export const agentRuntimeCommandPlanSchema = z.object({
|
|
50
|
+
schema_version: z.literal(1),
|
|
51
|
+
created_at: z.string().datetime(),
|
|
52
|
+
status: agentRuntimeStatusSchema,
|
|
53
|
+
request: agentRuntimeCommandPlanRequestSchema,
|
|
54
|
+
provider: agentRuntimeProviderSchema,
|
|
55
|
+
command: agentRuntimeCommandSchema.optional(),
|
|
56
|
+
evidence_contract: z.enum(['agent-runtime-v2/deepagents', 'agent-runtime-v2/codex-exec', 'agent-runtime-v2/opencode-run']),
|
|
57
|
+
structured_output: z.boolean(),
|
|
58
|
+
reasons: z.array(z.string()).default([]),
|
|
59
|
+
policy: z.object({
|
|
60
|
+
direct_state_write_allowed: z.literal(false),
|
|
61
|
+
requires_codesdd_finalize: z.literal(true),
|
|
62
|
+
mutating_modes_require_approval: z.literal(true),
|
|
63
|
+
}),
|
|
64
|
+
});
|
|
65
|
+
export const opencodeExecutionEvidenceSchema = z.object({
|
|
66
|
+
schema_version: z.literal(1),
|
|
67
|
+
contract: z.literal('agent-runtime-v2/opencode-run'),
|
|
68
|
+
provider: z.literal('opencode'),
|
|
69
|
+
feature_ref: z.string().regex(FEATURE_REF_PATTERN),
|
|
70
|
+
run_id: z.string().min(1),
|
|
71
|
+
created_at: z.string().datetime(),
|
|
72
|
+
mode: agentRuntimeModeSchema,
|
|
73
|
+
status: opencodeExecutionStatusSchema,
|
|
74
|
+
command: agentRuntimeCommandSchema.extend({
|
|
75
|
+
executable: z.literal('opencode'),
|
|
76
|
+
}),
|
|
77
|
+
command_plan_ref: z.string().min(1).optional(),
|
|
78
|
+
cwd: z.string().min(1).default('.'),
|
|
79
|
+
exit_code: z.number().int().nullable().default(null),
|
|
80
|
+
started_at: z.string().datetime().optional(),
|
|
81
|
+
completed_at: z.string().datetime().optional(),
|
|
82
|
+
duration_ms: z.number().int().nonnegative().optional(),
|
|
83
|
+
structured_output: z.record(z.string(), z.unknown()).default({}),
|
|
84
|
+
stdout_excerpt: z.string().max(8000).optional(),
|
|
85
|
+
stderr_excerpt: z.string().max(8000).optional(),
|
|
86
|
+
artifacts: z.array(agentRuntimeEvidenceArtifactSchema).default([]),
|
|
87
|
+
validations: z.array(z.string().min(1)).default([]),
|
|
88
|
+
redactions: z.array(z.string().min(1)).default([]),
|
|
89
|
+
risks: z.array(agentRuntimeRiskSchema).default([]),
|
|
90
|
+
policy: z.object({
|
|
91
|
+
direct_state_write_allowed: z.literal(false),
|
|
92
|
+
requires_codesdd_finalize: z.literal(true),
|
|
93
|
+
raw_secret_output_allowed: z.literal(false),
|
|
94
|
+
transcript_storage: z.enum(['forbidden', 'redacted-excerpts-only']).default('redacted-excerpts-only'),
|
|
95
|
+
}),
|
|
96
|
+
finalize_intent: z.boolean().default(false),
|
|
97
|
+
});
|
|
98
|
+
export function buildAgentRuntimeCommandPlan(request, createdAt = new Date().toISOString()) {
|
|
99
|
+
const parsed = agentRuntimeCommandPlanRequestSchema.parse(request);
|
|
100
|
+
const reasons = collectPolicyReasons(parsed);
|
|
101
|
+
const status = reasons.length > 0 ? 'blocked' : 'planned';
|
|
102
|
+
const command = status === 'planned' ? buildCommand(parsed) : undefined;
|
|
103
|
+
return agentRuntimeCommandPlanSchema.parse({
|
|
104
|
+
schema_version: 1,
|
|
105
|
+
created_at: createdAt,
|
|
106
|
+
status,
|
|
107
|
+
request: parsed,
|
|
108
|
+
provider: parsed.provider,
|
|
109
|
+
command,
|
|
110
|
+
evidence_contract: evidenceContract(parsed.provider),
|
|
111
|
+
structured_output: true,
|
|
112
|
+
reasons,
|
|
113
|
+
policy: {
|
|
114
|
+
direct_state_write_allowed: false,
|
|
115
|
+
requires_codesdd_finalize: true,
|
|
116
|
+
mutating_modes_require_approval: true,
|
|
117
|
+
},
|
|
118
|
+
});
|
|
119
|
+
}
|
|
120
|
+
export function buildOpenCodeExecutionEvidence(evidence) {
|
|
121
|
+
return opencodeExecutionEvidenceSchema.parse(evidence);
|
|
122
|
+
}
|
|
123
|
+
export function buildAgentRuntimeJsonSchemas() {
|
|
124
|
+
return {
|
|
125
|
+
'agent-runtime-command-plan.yaml': {
|
|
126
|
+
...toJSONSchema(agentRuntimeCommandPlanSchema),
|
|
127
|
+
$schema: JSON_SCHEMA_DRAFT,
|
|
128
|
+
title: 'CodeSDD Agent Runtime Command Plan',
|
|
129
|
+
description: 'Provider-normalized command plan for DeepAgents, Codex exec, and OpenCode run agent runtimes.',
|
|
130
|
+
},
|
|
131
|
+
'agent-runtime-opencode-run-evidence.yaml': {
|
|
132
|
+
...toJSONSchema(opencodeExecutionEvidenceSchema),
|
|
133
|
+
$schema: JSON_SCHEMA_DRAFT,
|
|
134
|
+
title: 'CodeSDD Agent Runtime OpenCode Run Evidence',
|
|
135
|
+
description: 'Machine-readable OpenCode run evidence with redacted excerpts, artifacts, validations, and finalize policy.',
|
|
136
|
+
},
|
|
137
|
+
};
|
|
138
|
+
}
|
|
139
|
+
function collectPolicyReasons(request) {
|
|
140
|
+
const reasons = [];
|
|
141
|
+
const mutating = request.mode === 'apply-sandbox' || request.mode === 'apply-approved';
|
|
142
|
+
if (mutating && request.approval_grants.length === 0) {
|
|
143
|
+
reasons.push(`Mode ${request.mode} requires explicit approval evidence before agent execution.`);
|
|
144
|
+
}
|
|
145
|
+
if (request.provider !== 'deepagents' && request.mode === 'apply-approved') {
|
|
146
|
+
reasons.push('Codex and OpenCode apply-approved execution is not enabled until plugin evidence ingestion is complete.');
|
|
147
|
+
}
|
|
148
|
+
if (request.provider === 'codex' && request.sandbox === 'danger-full-access') {
|
|
149
|
+
reasons.push('Codex danger-full-access sandbox is forbidden by the default CodeSDD agent runtime contract.');
|
|
150
|
+
}
|
|
151
|
+
return reasons;
|
|
152
|
+
}
|
|
153
|
+
function buildCommand(request) {
|
|
154
|
+
if (request.provider === 'deepagents') {
|
|
155
|
+
return {
|
|
156
|
+
executable: 'codesdd',
|
|
157
|
+
args: ['sdd', 'agent', 'run', request.feature_ref, '--provider', 'deepagents', '--mode', request.mode],
|
|
158
|
+
};
|
|
159
|
+
}
|
|
160
|
+
if (request.provider === 'codex') {
|
|
161
|
+
const args = ['exec', '--json', '--cd', request.cwd, '--sandbox', request.sandbox];
|
|
162
|
+
if (request.model)
|
|
163
|
+
args.push('--model', request.model);
|
|
164
|
+
if (request.output_schema)
|
|
165
|
+
args.push('--output-schema', request.output_schema);
|
|
166
|
+
if (request.output_last_message)
|
|
167
|
+
args.push('--output-last-message', request.output_last_message);
|
|
168
|
+
for (const file of request.files) {
|
|
169
|
+
args.push('--image', file);
|
|
170
|
+
}
|
|
171
|
+
args.push(request.instruction);
|
|
172
|
+
return {
|
|
173
|
+
executable: 'codex',
|
|
174
|
+
args,
|
|
175
|
+
};
|
|
176
|
+
}
|
|
177
|
+
const args = ['run', '--format', 'json', '--dir', request.cwd];
|
|
178
|
+
if (request.model)
|
|
179
|
+
args.push('--model', request.model);
|
|
180
|
+
if (request.agent)
|
|
181
|
+
args.push('--agent', request.agent);
|
|
182
|
+
if (request.session)
|
|
183
|
+
args.push('--session', request.session);
|
|
184
|
+
for (const file of request.files) {
|
|
185
|
+
args.push('--file', file);
|
|
186
|
+
}
|
|
187
|
+
args.push(request.instruction);
|
|
188
|
+
return {
|
|
189
|
+
executable: 'opencode',
|
|
190
|
+
args,
|
|
191
|
+
};
|
|
192
|
+
}
|
|
193
|
+
function evidenceContract(provider) {
|
|
194
|
+
if (provider === 'codex')
|
|
195
|
+
return 'agent-runtime-v2/codex-exec';
|
|
196
|
+
if (provider === 'opencode')
|
|
197
|
+
return 'agent-runtime-v2/opencode-run';
|
|
198
|
+
return 'agent-runtime-v2/deepagents';
|
|
199
|
+
}
|
|
200
|
+
//# sourceMappingURL=agent-runtime-contract.js.map
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import type { ArtifactIdAllocatorState, ArtifactIdAllocatorType } from './artifact-id-allocator.js';
|
|
2
|
+
export interface AllocatorRecoveryFinding {
|
|
3
|
+
code: 'counter-behind-reservations' | 'branch-lag';
|
|
4
|
+
message: string;
|
|
5
|
+
ref?: string;
|
|
6
|
+
}
|
|
7
|
+
export interface AllocatorRecoveryPlan {
|
|
8
|
+
recovered_counters: Partial<Record<ArtifactIdAllocatorType, number>>;
|
|
9
|
+
findings: AllocatorRecoveryFinding[];
|
|
10
|
+
}
|
|
11
|
+
export declare function buildAllocatorRecoveryPlan(state: ArtifactIdAllocatorState, options?: {
|
|
12
|
+
local_revisions?: Record<string, number>;
|
|
13
|
+
}): AllocatorRecoveryPlan;
|
|
14
|
+
//# sourceMappingURL=allocator-recovery.d.ts.map
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
export function buildAllocatorRecoveryPlan(state, options = {}) {
|
|
2
|
+
const recovered = { ...state.counters };
|
|
3
|
+
const findings = [];
|
|
4
|
+
for (const reservation of state.reservations) {
|
|
5
|
+
const current = recovered[reservation.artifact_type] ?? 0;
|
|
6
|
+
if (reservation.sequence > current) {
|
|
7
|
+
recovered[reservation.artifact_type] = reservation.sequence;
|
|
8
|
+
findings.push({
|
|
9
|
+
code: 'counter-behind-reservations',
|
|
10
|
+
message: `${reservation.artifact_type} counter recovered from ${current} to ${reservation.sequence}.`,
|
|
11
|
+
ref: reservation.artifact_id,
|
|
12
|
+
});
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
for (const [artifactId, remoteRevision] of Object.entries(state.canonical_revisions)) {
|
|
16
|
+
const localRevision = options.local_revisions?.[artifactId] ?? remoteRevision;
|
|
17
|
+
if (localRevision < remoteRevision) {
|
|
18
|
+
findings.push({
|
|
19
|
+
code: 'branch-lag',
|
|
20
|
+
message: `${artifactId} local revision ${localRevision} is behind canonical revision ${remoteRevision}.`,
|
|
21
|
+
ref: artifactId,
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
return {
|
|
26
|
+
recovered_counters: recovered,
|
|
27
|
+
findings,
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
//# sourceMappingURL=allocator-recovery.js.map
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import type { ArtifactIdAllocatorState, ArtifactIdAllocatorType } from './artifact-id-allocator.js';
|
|
2
|
+
export interface AllocatorSecurityPolicy {
|
|
3
|
+
max_reservations_per_tenant?: number;
|
|
4
|
+
max_reservations_per_type?: Partial<Record<ArtifactIdAllocatorType, number>>;
|
|
5
|
+
replay_window_ms?: number;
|
|
6
|
+
}
|
|
7
|
+
export interface AllocatorSecurityDecision {
|
|
8
|
+
allowed: boolean;
|
|
9
|
+
code: 'allowed' | 'tenant-quota-exceeded' | 'type-quota-exceeded' | 'replay-window-expired';
|
|
10
|
+
reason: string;
|
|
11
|
+
}
|
|
12
|
+
export declare function evaluateAllocatorSecurityPolicy(state: ArtifactIdAllocatorState, input: {
|
|
13
|
+
tenant_id?: string;
|
|
14
|
+
artifact_type: ArtifactIdAllocatorType;
|
|
15
|
+
idempotency_key: string;
|
|
16
|
+
now: string;
|
|
17
|
+
}, policy: AllocatorSecurityPolicy): AllocatorSecurityDecision;
|
|
18
|
+
//# sourceMappingURL=allocator-security.d.ts.map
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
export function evaluateAllocatorSecurityPolicy(state, input, policy) {
|
|
2
|
+
if (policy.max_reservations_per_tenant !== undefined && input.tenant_id) {
|
|
3
|
+
const tenantReservations = state.reservations.filter((reservation) => reservation.tenant_id === input.tenant_id).length;
|
|
4
|
+
if (tenantReservations >= policy.max_reservations_per_tenant) {
|
|
5
|
+
return {
|
|
6
|
+
allowed: false,
|
|
7
|
+
code: 'tenant-quota-exceeded',
|
|
8
|
+
reason: `Tenant ${input.tenant_id} has reached reservation quota ${policy.max_reservations_per_tenant}.`,
|
|
9
|
+
};
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
const typeQuota = policy.max_reservations_per_type?.[input.artifact_type];
|
|
13
|
+
if (typeQuota !== undefined && (state.counters[input.artifact_type] ?? 0) >= typeQuota) {
|
|
14
|
+
return {
|
|
15
|
+
allowed: false,
|
|
16
|
+
code: 'type-quota-exceeded',
|
|
17
|
+
reason: `${input.artifact_type} reservation quota ${typeQuota} has been reached.`,
|
|
18
|
+
};
|
|
19
|
+
}
|
|
20
|
+
if (policy.replay_window_ms !== undefined) {
|
|
21
|
+
const existing = state.reservations.find((reservation) => reservation.idempotency_key === input.idempotency_key);
|
|
22
|
+
if (existing && new Date(input.now).getTime() - new Date(existing.reserved_at).getTime() > policy.replay_window_ms) {
|
|
23
|
+
return {
|
|
24
|
+
allowed: false,
|
|
25
|
+
code: 'replay-window-expired',
|
|
26
|
+
reason: `Idempotency key ${input.idempotency_key} is outside the replay window.`,
|
|
27
|
+
};
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
return {
|
|
31
|
+
allowed: true,
|
|
32
|
+
code: 'allowed',
|
|
33
|
+
reason: 'Allocator security policy allows the request.',
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
//# sourceMappingURL=allocator-security.js.map
|
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
export declare const CODESDD_API_FOUNDATION_SHARED_BASELINE: {
|
|
2
|
+
readonly id: "foundation-api-shared-baseline";
|
|
3
|
+
readonly version: 1;
|
|
4
|
+
readonly foundation_reference: "devtrack-foundation-api";
|
|
5
|
+
};
|
|
6
|
+
export declare const CODESDD_API_SHARED_BASELINE_REQUIREMENTS: readonly ["openapi-swagger-docs", "env-example", "package-json-scripts", "application-usecase-boundary", "dto-validation", "structured-api-errors", "auth-authz-planning", "route-and-usecase-tests"];
|
|
7
|
+
export declare const CODESDD_API_SHARED_BASELINE_QUALITY_GATES: readonly ["openapi-docs-required", "env-example-required", "package-scripts-required", "application-usecase-route-boundary", "dto-validation-required", "structured-error-contract-required", "authz-planning-required", "route-usecase-tests-required"];
|
|
8
|
+
export type CodeSddApiSharedBaselineRequirementId = (typeof CODESDD_API_SHARED_BASELINE_REQUIREMENTS)[number];
|
|
9
|
+
export interface CodeSddApiSharedBaselineRequirement {
|
|
10
|
+
id: CodeSddApiSharedBaselineRequirementId;
|
|
11
|
+
title: string;
|
|
12
|
+
foundation_reference: typeof CODESDD_API_FOUNDATION_SHARED_BASELINE.foundation_reference;
|
|
13
|
+
severity: 'P0';
|
|
14
|
+
phase: 'planning' | 'scaffold' | 'implementation' | 'validation';
|
|
15
|
+
quality_gate: (typeof CODESDD_API_SHARED_BASELINE_QUALITY_GATES)[number];
|
|
16
|
+
contract_rule_refs: readonly string[];
|
|
17
|
+
required_artifacts: readonly string[];
|
|
18
|
+
required_evidence: readonly string[];
|
|
19
|
+
}
|
|
20
|
+
export declare const CODESDD_API_SHARED_BASELINE_REQUIREMENT_DEFINITIONS: {
|
|
21
|
+
'openapi-swagger-docs': {
|
|
22
|
+
id: "openapi-swagger-docs";
|
|
23
|
+
title: string;
|
|
24
|
+
foundation_reference: "devtrack-foundation-api";
|
|
25
|
+
severity: "P0";
|
|
26
|
+
phase: "scaffold";
|
|
27
|
+
quality_gate: "openapi-docs-required";
|
|
28
|
+
contract_rule_refs: string[];
|
|
29
|
+
required_artifacts: string[];
|
|
30
|
+
required_evidence: string[];
|
|
31
|
+
};
|
|
32
|
+
'env-example': {
|
|
33
|
+
id: "env-example";
|
|
34
|
+
title: string;
|
|
35
|
+
foundation_reference: "devtrack-foundation-api";
|
|
36
|
+
severity: "P0";
|
|
37
|
+
phase: "scaffold";
|
|
38
|
+
quality_gate: "env-example-required";
|
|
39
|
+
contract_rule_refs: string[];
|
|
40
|
+
required_artifacts: string[];
|
|
41
|
+
required_evidence: string[];
|
|
42
|
+
};
|
|
43
|
+
'package-json-scripts': {
|
|
44
|
+
id: "package-json-scripts";
|
|
45
|
+
title: string;
|
|
46
|
+
foundation_reference: "devtrack-foundation-api";
|
|
47
|
+
severity: "P0";
|
|
48
|
+
phase: "scaffold";
|
|
49
|
+
quality_gate: "package-scripts-required";
|
|
50
|
+
contract_rule_refs: string[];
|
|
51
|
+
required_artifacts: string[];
|
|
52
|
+
required_evidence: string[];
|
|
53
|
+
};
|
|
54
|
+
'application-usecase-boundary': {
|
|
55
|
+
id: "application-usecase-boundary";
|
|
56
|
+
title: string;
|
|
57
|
+
foundation_reference: "devtrack-foundation-api";
|
|
58
|
+
severity: "P0";
|
|
59
|
+
phase: "implementation";
|
|
60
|
+
quality_gate: "application-usecase-route-boundary";
|
|
61
|
+
contract_rule_refs: string[];
|
|
62
|
+
required_artifacts: string[];
|
|
63
|
+
required_evidence: string[];
|
|
64
|
+
};
|
|
65
|
+
'dto-validation': {
|
|
66
|
+
id: "dto-validation";
|
|
67
|
+
title: string;
|
|
68
|
+
foundation_reference: "devtrack-foundation-api";
|
|
69
|
+
severity: "P0";
|
|
70
|
+
phase: "implementation";
|
|
71
|
+
quality_gate: "dto-validation-required";
|
|
72
|
+
contract_rule_refs: string[];
|
|
73
|
+
required_artifacts: string[];
|
|
74
|
+
required_evidence: string[];
|
|
75
|
+
};
|
|
76
|
+
'structured-api-errors': {
|
|
77
|
+
id: "structured-api-errors";
|
|
78
|
+
title: string;
|
|
79
|
+
foundation_reference: "devtrack-foundation-api";
|
|
80
|
+
severity: "P0";
|
|
81
|
+
phase: "implementation";
|
|
82
|
+
quality_gate: "structured-error-contract-required";
|
|
83
|
+
contract_rule_refs: string[];
|
|
84
|
+
required_artifacts: string[];
|
|
85
|
+
required_evidence: string[];
|
|
86
|
+
};
|
|
87
|
+
'auth-authz-planning': {
|
|
88
|
+
id: "auth-authz-planning";
|
|
89
|
+
title: string;
|
|
90
|
+
foundation_reference: "devtrack-foundation-api";
|
|
91
|
+
severity: "P0";
|
|
92
|
+
phase: "planning";
|
|
93
|
+
quality_gate: "authz-planning-required";
|
|
94
|
+
contract_rule_refs: string[];
|
|
95
|
+
required_artifacts: string[];
|
|
96
|
+
required_evidence: string[];
|
|
97
|
+
};
|
|
98
|
+
'route-and-usecase-tests': {
|
|
99
|
+
id: "route-and-usecase-tests";
|
|
100
|
+
title: string;
|
|
101
|
+
foundation_reference: "devtrack-foundation-api";
|
|
102
|
+
severity: "P0";
|
|
103
|
+
phase: "validation";
|
|
104
|
+
quality_gate: "route-usecase-tests-required";
|
|
105
|
+
contract_rule_refs: string[];
|
|
106
|
+
required_artifacts: string[];
|
|
107
|
+
required_evidence: string[];
|
|
108
|
+
};
|
|
109
|
+
};
|
|
110
|
+
export declare function getCodeSddApiSharedBaselineRequirements(): CodeSddApiSharedBaselineRequirement[];
|
|
111
|
+
//# sourceMappingURL=api-foundation-baseline.d.ts.map
|
|
@@ -0,0 +1,151 @@
|
|
|
1
|
+
export const CODESDD_API_FOUNDATION_SHARED_BASELINE = {
|
|
2
|
+
id: 'foundation-api-shared-baseline',
|
|
3
|
+
version: 1,
|
|
4
|
+
foundation_reference: 'devtrack-foundation-api',
|
|
5
|
+
};
|
|
6
|
+
export const CODESDD_API_SHARED_BASELINE_REQUIREMENTS = [
|
|
7
|
+
'openapi-swagger-docs',
|
|
8
|
+
'env-example',
|
|
9
|
+
'package-json-scripts',
|
|
10
|
+
'application-usecase-boundary',
|
|
11
|
+
'dto-validation',
|
|
12
|
+
'structured-api-errors',
|
|
13
|
+
'auth-authz-planning',
|
|
14
|
+
'route-and-usecase-tests',
|
|
15
|
+
];
|
|
16
|
+
export const CODESDD_API_SHARED_BASELINE_QUALITY_GATES = [
|
|
17
|
+
'openapi-docs-required',
|
|
18
|
+
'env-example-required',
|
|
19
|
+
'package-scripts-required',
|
|
20
|
+
'application-usecase-route-boundary',
|
|
21
|
+
'dto-validation-required',
|
|
22
|
+
'structured-error-contract-required',
|
|
23
|
+
'authz-planning-required',
|
|
24
|
+
'route-usecase-tests-required',
|
|
25
|
+
];
|
|
26
|
+
export const CODESDD_API_SHARED_BASELINE_REQUIREMENT_DEFINITIONS = {
|
|
27
|
+
'openapi-swagger-docs': {
|
|
28
|
+
id: 'openapi-swagger-docs',
|
|
29
|
+
title: 'Swagger/OpenAPI documentation',
|
|
30
|
+
foundation_reference: 'devtrack-foundation-api',
|
|
31
|
+
severity: 'P0',
|
|
32
|
+
phase: 'scaffold',
|
|
33
|
+
quality_gate: 'openapi-docs-required',
|
|
34
|
+
contract_rule_refs: ['DTAPI-P0-SHARED-BASELINE-001', 'DTAPI-P0-OPENAPI-001', 'DTAPI-P0-TOOL-BASELINE-001'],
|
|
35
|
+
required_artifacts: ['package.json', '.env.example', 'src/main.ts', 'src/presentation/**'],
|
|
36
|
+
required_evidence: [
|
|
37
|
+
'@nestjs/swagger dependency is present',
|
|
38
|
+
'DocumentBuilder and SwaggerModule bootstrap /docs',
|
|
39
|
+
'controllers and DTOs include Swagger decorators',
|
|
40
|
+
],
|
|
41
|
+
},
|
|
42
|
+
'env-example': {
|
|
43
|
+
id: 'env-example',
|
|
44
|
+
title: '.env.example placeholder contract',
|
|
45
|
+
foundation_reference: 'devtrack-foundation-api',
|
|
46
|
+
severity: 'P0',
|
|
47
|
+
phase: 'scaffold',
|
|
48
|
+
quality_gate: 'env-example-required',
|
|
49
|
+
contract_rule_refs: ['DTAPI-P0-SHARED-BASELINE-001', 'DTAPI-P0-TOOL-BASELINE-001'],
|
|
50
|
+
required_artifacts: ['.env.example'],
|
|
51
|
+
required_evidence: [
|
|
52
|
+
'runtime variables have placeholder values',
|
|
53
|
+
'Swagger server settings are represented when OpenAPI is enabled',
|
|
54
|
+
'no secret or credential values are emitted',
|
|
55
|
+
],
|
|
56
|
+
},
|
|
57
|
+
'package-json-scripts': {
|
|
58
|
+
id: 'package-json-scripts',
|
|
59
|
+
title: 'Operational package scripts and runtime bootstrap',
|
|
60
|
+
foundation_reference: 'devtrack-foundation-api',
|
|
61
|
+
severity: 'P0',
|
|
62
|
+
phase: 'scaffold',
|
|
63
|
+
quality_gate: 'package-scripts-required',
|
|
64
|
+
contract_rule_refs: ['DTAPI-P0-SHARED-BASELINE-001', 'DTAPI-P0-TOOL-BASELINE-001', 'DTAPI-P0-RUNTIME-SCRIPTS-001'],
|
|
65
|
+
required_artifacts: ['package.json', 'scripts/cleanup.sh', 'scripts/kill-port.js'],
|
|
66
|
+
required_evidence: [
|
|
67
|
+
'build, start, start:dev, start:prod, lint, test, coverage, e2e, cleanup, and cleanup:install scripts are present',
|
|
68
|
+
'cleanup removes dependency installs, build outputs, caches, lockfiles, and compilation residue unless an ADR preserves a canonical lockfile',
|
|
69
|
+
'start and start:dev run a configured-port preflight that terminates the listener before Nest starts',
|
|
70
|
+
'scripts can be invoked with npm or pnpm, while nested package-script calls use npm run/npm install so Docker images do not require pnpm',
|
|
71
|
+
'migration scripts are present when persistence is included',
|
|
72
|
+
],
|
|
73
|
+
},
|
|
74
|
+
'application-usecase-boundary': {
|
|
75
|
+
id: 'application-usecase-boundary',
|
|
76
|
+
title: 'Application use-case and input-port boundary',
|
|
77
|
+
foundation_reference: 'devtrack-foundation-api',
|
|
78
|
+
severity: 'P0',
|
|
79
|
+
phase: 'implementation',
|
|
80
|
+
quality_gate: 'application-usecase-route-boundary',
|
|
81
|
+
contract_rule_refs: ['DTAPI-P0-SHARED-BASELINE-001', 'DTAPI-P0-USECASE-001', 'DTAPI-P0-TOOL-BASELINE-001'],
|
|
82
|
+
required_artifacts: ['src/application/**', 'src/presentation/**'],
|
|
83
|
+
required_evidence: [
|
|
84
|
+
'each user-facing route calls an application input port',
|
|
85
|
+
'each input port delegates business orchestration to a use case',
|
|
86
|
+
],
|
|
87
|
+
},
|
|
88
|
+
'dto-validation': {
|
|
89
|
+
id: 'dto-validation',
|
|
90
|
+
title: 'DTO validation and documented request shape',
|
|
91
|
+
foundation_reference: 'devtrack-foundation-api',
|
|
92
|
+
severity: 'P0',
|
|
93
|
+
phase: 'implementation',
|
|
94
|
+
quality_gate: 'dto-validation-required',
|
|
95
|
+
contract_rule_refs: ['DTAPI-P0-SHARED-BASELINE-001', 'DTAPI-P0-OPENAPI-001'],
|
|
96
|
+
required_artifacts: ['src/main.ts', 'src/presentation/**/dtos/**'],
|
|
97
|
+
required_evidence: [
|
|
98
|
+
'global validation pipe is configured',
|
|
99
|
+
'request DTOs use class-validator decorators',
|
|
100
|
+
'DTOs include Swagger property metadata',
|
|
101
|
+
],
|
|
102
|
+
},
|
|
103
|
+
'structured-api-errors': {
|
|
104
|
+
id: 'structured-api-errors',
|
|
105
|
+
title: 'Structured API error responses',
|
|
106
|
+
foundation_reference: 'devtrack-foundation-api',
|
|
107
|
+
severity: 'P0',
|
|
108
|
+
phase: 'implementation',
|
|
109
|
+
quality_gate: 'structured-error-contract-required',
|
|
110
|
+
contract_rule_refs: ['DTAPI-P0-SHARED-BASELINE-001', 'DTAPI-P0-TOOL-BASELINE-001'],
|
|
111
|
+
required_artifacts: ['src/presentation/dtos/api-error-response.dto.ts', 'src/presentation/**'],
|
|
112
|
+
required_evidence: [
|
|
113
|
+
'controllers document error responses',
|
|
114
|
+
'error DTO avoids leaking internal provider or secret data',
|
|
115
|
+
],
|
|
116
|
+
},
|
|
117
|
+
'auth-authz-planning': {
|
|
118
|
+
id: 'auth-authz-planning',
|
|
119
|
+
title: 'Authentication and authorization planning',
|
|
120
|
+
foundation_reference: 'devtrack-foundation-api',
|
|
121
|
+
severity: 'P0',
|
|
122
|
+
phase: 'planning',
|
|
123
|
+
quality_gate: 'authz-planning-required',
|
|
124
|
+
contract_rule_refs: ['DTAPI-P0-SHARED-BASELINE-001', 'DTAPI-P0-AUTH-PLAN-001', 'DTAPI-P0-TOOL-BASELINE-001'],
|
|
125
|
+
required_artifacts: ['FEAT quality evidence', 'src/presentation/**/guards/**'],
|
|
126
|
+
required_evidence: [
|
|
127
|
+
'route public/protected decision is recorded',
|
|
128
|
+
'guard, decorator, role, permission, or policy choice is recorded',
|
|
129
|
+
'Swagger security scheme is documented for protected routes',
|
|
130
|
+
],
|
|
131
|
+
},
|
|
132
|
+
'route-and-usecase-tests': {
|
|
133
|
+
id: 'route-and-usecase-tests',
|
|
134
|
+
title: 'Route and use-case test evidence',
|
|
135
|
+
foundation_reference: 'devtrack-foundation-api',
|
|
136
|
+
severity: 'P0',
|
|
137
|
+
phase: 'validation',
|
|
138
|
+
quality_gate: 'route-usecase-tests-required',
|
|
139
|
+
contract_rule_refs: ['DTAPI-P0-SHARED-BASELINE-001', 'DTAPI-P1-EVIDENCE-001'],
|
|
140
|
+
required_artifacts: ['test/**', 'coverage/**'],
|
|
141
|
+
required_evidence: [
|
|
142
|
+
'route/controller behavior is covered',
|
|
143
|
+
'application use-case behavior is covered',
|
|
144
|
+
'validation evidence is recorded in the FEAT quality artifact',
|
|
145
|
+
],
|
|
146
|
+
},
|
|
147
|
+
};
|
|
148
|
+
export function getCodeSddApiSharedBaselineRequirements() {
|
|
149
|
+
return CODESDD_API_SHARED_BASELINE_REQUIREMENTS.map((requirementId) => CODESDD_API_SHARED_BASELINE_REQUIREMENT_DEFINITIONS[requirementId]);
|
|
150
|
+
}
|
|
151
|
+
//# sourceMappingURL=api-foundation-baseline.js.map
|