npm - @eduardbar/drift - Versions diffs - 1.2.0 → 1.4.0 - Mend

@eduardbar/drift 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (195) hide show

package/.gga +50 -0
package/.github/actions/drift-review/README.md +60 -0
package/.github/actions/drift-review/action.yml +131 -0
package/.github/actions/drift-scan/README.md +28 -32
package/.github/actions/drift-scan/action.yml +78 -14
package/.github/workflows/publish-vscode.yml +3 -3
package/.github/workflows/publish.yml +3 -3
package/.github/workflows/review-pr.yml +94 -9
package/AGENTS.md +75 -245
package/CHANGELOG.md +28 -0
package/README.md +308 -51
package/ROADMAP.md +6 -5
package/dist/analyzer.d.ts +2 -2
package/dist/analyzer.js +420 -159
package/dist/benchmark.d.ts +2 -0
package/dist/benchmark.js +204 -0
package/dist/cli.js +693 -67
package/dist/config.js +16 -2
package/dist/diff.js +66 -10
package/dist/doctor.d.ts +5 -0
package/dist/doctor.js +133 -0
package/dist/format.d.ts +17 -0
package/dist/format.js +45 -0
package/dist/git.js +12 -0
package/dist/guard-types.d.ts +57 -0
package/dist/guard-types.js +2 -0
package/dist/guard.d.ts +14 -0
package/dist/guard.js +239 -0
package/dist/index.d.ts +12 -3
package/dist/index.js +6 -1
package/dist/init.d.ts +15 -0
package/dist/init.js +273 -0
package/dist/map-cycles.d.ts +2 -0
package/dist/map-cycles.js +34 -0
package/dist/map-svg.d.ts +19 -0
package/dist/map-svg.js +97 -0
package/dist/map.js +78 -138
package/dist/metrics.js +70 -55
package/dist/output-metadata.d.ts +13 -0
package/dist/output-metadata.js +17 -0
package/dist/plugins-capabilities.d.ts +4 -0
package/dist/plugins-capabilities.js +21 -0
package/dist/plugins-messages.d.ts +10 -0
package/dist/plugins-messages.js +16 -0
package/dist/plugins-rules.d.ts +9 -0
package/dist/plugins-rules.js +137 -0
package/dist/plugins.d.ts +2 -1
package/dist/plugins.js +80 -28
package/dist/printer.js +4 -0
package/dist/reporter-constants.d.ts +16 -0
package/dist/reporter-constants.js +39 -0
package/dist/reporter.d.ts +3 -3
package/dist/reporter.js +35 -55
package/dist/review.d.ts +2 -1
package/dist/review.js +4 -3
package/dist/rules/comments.js +2 -2
package/dist/rules/complexity.js +2 -7
package/dist/rules/nesting.js +3 -13
package/dist/rules/phase0-basic.js +10 -10
package/dist/rules/phase3-configurable.js +23 -15
package/dist/rules/shared.d.ts +2 -0
package/dist/rules/shared.js +27 -3
package/dist/saas/constants.d.ts +15 -0
package/dist/saas/constants.js +48 -0
package/dist/saas/dashboard.d.ts +8 -0
package/dist/saas/dashboard.js +132 -0
package/dist/saas/errors.d.ts +19 -0
package/dist/saas/errors.js +37 -0
package/dist/saas/helpers.d.ts +21 -0
package/dist/saas/helpers.js +110 -0
package/dist/saas/ingest.d.ts +3 -0
package/dist/saas/ingest.js +249 -0
package/dist/saas/organization.d.ts +5 -0
package/dist/saas/organization.js +82 -0
package/dist/saas/plan-change.d.ts +10 -0
package/dist/saas/plan-change.js +15 -0
package/dist/saas/store.d.ts +21 -0
package/dist/saas/store.js +159 -0
package/dist/saas/types.d.ts +191 -0
package/dist/saas/types.js +2 -0
package/dist/saas.d.ts +8 -82
package/dist/saas.js +7 -320
package/dist/sarif.d.ts +74 -0
package/dist/sarif.js +122 -0
package/dist/trust-advanced.d.ts +14 -0
package/dist/trust-advanced.js +65 -0
package/dist/trust-kpi-fs.d.ts +3 -0
package/dist/trust-kpi-fs.js +141 -0
package/dist/trust-kpi-parse.d.ts +7 -0
package/dist/trust-kpi-parse.js +186 -0
package/dist/trust-kpi-types.d.ts +16 -0
package/dist/trust-kpi-types.js +2 -0
package/dist/trust-kpi.d.ts +7 -0
package/dist/trust-kpi.js +185 -0
package/dist/trust-policy.d.ts +32 -0
package/dist/trust-policy.js +160 -0
package/dist/trust-render.d.ts +9 -0
package/dist/trust-render.js +54 -0
package/dist/trust-scoring.d.ts +9 -0
package/dist/trust-scoring.js +208 -0
package/dist/trust.d.ts +37 -0
package/dist/trust.js +168 -0
package/dist/types/app.d.ts +30 -0
package/dist/types/app.js +2 -0
package/dist/types/config.d.ts +25 -0
package/dist/types/config.js +2 -0
package/dist/types/core.d.ts +100 -0
package/dist/types/core.js +2 -0
package/dist/types/diff.d.ts +55 -0
package/dist/types/diff.js +2 -0
package/dist/types/plugin.d.ts +41 -0
package/dist/types/plugin.js +2 -0
package/dist/types/trust.d.ts +120 -0
package/dist/types/trust.js +2 -0
package/dist/types.d.ts +8 -211
package/docs/PRD.md +187 -109
package/docs/plugin-contract.md +61 -0
package/docs/release-notes-draft.md +40 -0
package/docs/rules-catalog.md +49 -0
package/docs/trust-core-release-checklist.md +87 -0
package/package.json +6 -3
package/packages/vscode-drift/src/code-actions.ts +1 -1
package/schemas/drift-ai-output.v1.json +162 -0
package/schemas/drift-report.v1.json +151 -0
package/schemas/drift-trust.v1.json +131 -0
package/scripts/smoke-repo.mjs +394 -0
package/src/analyzer.ts +484 -155
package/src/benchmark.ts +266 -0
package/src/cli.ts +840 -85
package/src/config.ts +19 -2
package/src/diff.ts +84 -10
package/src/doctor.ts +173 -0
package/src/format.ts +81 -0
package/src/git.ts +16 -0
package/src/guard-types.ts +64 -0
package/src/guard.ts +324 -0
package/src/index.ts +83 -0
package/src/init.ts +298 -0
package/src/map-cycles.ts +38 -0
package/src/map-svg.ts +124 -0
package/src/map.ts +111 -142
package/src/metrics.ts +78 -59
package/src/output-metadata.ts +30 -0
package/src/plugins-capabilities.ts +36 -0
package/src/plugins-messages.ts +35 -0
package/src/plugins-rules.ts +296 -0
package/src/plugins.ts +148 -27
package/src/printer.ts +4 -0
package/src/reporter-constants.ts +46 -0
package/src/reporter.ts +64 -65
package/src/review.ts +6 -4
package/src/rules/comments.ts +2 -2
package/src/rules/complexity.ts +2 -7
package/src/rules/nesting.ts +3 -13
package/src/rules/phase0-basic.ts +11 -12
package/src/rules/phase3-configurable.ts +39 -26
package/src/rules/shared.ts +31 -3
package/src/saas/constants.ts +56 -0
package/src/saas/dashboard.ts +172 -0
package/src/saas/errors.ts +45 -0
package/src/saas/helpers.ts +140 -0
package/src/saas/ingest.ts +278 -0
package/src/saas/organization.ts +99 -0
package/src/saas/plan-change.ts +19 -0
package/src/saas/store.ts +172 -0
package/src/saas/types.ts +216 -0
package/src/saas.ts +49 -433
package/src/sarif.ts +232 -0
package/src/trust-advanced.ts +99 -0
package/src/trust-kpi-fs.ts +169 -0
package/src/trust-kpi-parse.ts +219 -0
package/src/trust-kpi-types.ts +19 -0
package/src/trust-kpi.ts +210 -0
package/src/trust-policy.ts +246 -0
package/src/trust-render.ts +61 -0
package/src/trust-scoring.ts +231 -0
package/src/trust.ts +260 -0
package/src/types/app.ts +30 -0
package/src/types/config.ts +27 -0
package/src/types/core.ts +105 -0
package/src/types/diff.ts +61 -0
package/src/types/plugin.ts +46 -0
package/src/types/trust.ts +134 -0
package/src/types.ts +78 -238
package/tests/cli-sarif.test.ts +92 -0
package/tests/diff.test.ts +124 -0
package/tests/format.test.ts +157 -0
package/tests/new-features.test.ts +80 -1
package/tests/phase1-init-doctor-guard.test.ts +199 -0
package/tests/plugins.test.ts +219 -0
package/tests/rules.test.ts +23 -1
package/tests/saas-foundation.test.ts +358 -1
package/tests/sarif.test.ts +160 -0
package/tests/trust-kpi.test.ts +147 -0
package/tests/trust.test.ts +602 -0

package/dist/saas/constants.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import type { SaasOperation, SaasPlan, SaasPolicy, SaasRole } from './types.js';
+export declare const STORE_VERSION = 3;
+export declare const ACTIVE_WINDOW_DAYS = 30;
+export declare const DEFAULT_ORGANIZATION_ID = "default-org";
+export declare const DASHBOARD_REPO_LIMIT = 15;
+export declare const DASHBOARD_BAR_UNIT = 8;
+export declare const DASHBOARD_BAR_MIN_WIDTH = 8;
+export declare const VALID_ROLES: SaasRole[];
+export declare const VALID_PLANS: SaasPlan[];
+export declare const ROLE_PRIORITY: Record<SaasRole, number>;
+export declare const REQUIRED_ROLE_BY_OPERATION: Record<SaasOperation, SaasRole>;
+export declare const DEFAULT_SAAS_POLICY: SaasPolicy;
+export declare function daysAgo(days: number): number;
+export declare function createRandomId(prefix: string): string;
+//# sourceMappingURL=constants.d.ts.map

package/dist/saas/constants.js ADDED Viewed

@@ -0,0 +1,48 @@
+export const STORE_VERSION = 3;
+export const ACTIVE_WINDOW_DAYS = 30;
+export const DEFAULT_ORGANIZATION_ID = 'default-org';
+const HOURS_PER_DAY = 24;
+const MINUTES_PER_HOUR = 60;
+const SECONDS_PER_MINUTE = 60;
+const MILLISECONDS_PER_SECOND = 1000;
+const RANDOM_ID_RADIX = 16;
+const RANDOM_ID_START = 2;
+const RANDOM_ID_END = 10;
+export const DASHBOARD_REPO_LIMIT = 15;
+export const DASHBOARD_BAR_UNIT = 8;
+export const DASHBOARD_BAR_MIN_WIDTH = 8;
+export const VALID_ROLES = ['owner', 'member', 'viewer'];
+export const VALID_PLANS = ['free', 'sponsor', 'team', 'business'];
+export const ROLE_PRIORITY = {
+    viewer: 1,
+    member: 2,
+    owner: 3,
+};
+export const REQUIRED_ROLE_BY_OPERATION = {
+    'snapshot:write': 'member',
+    'snapshot:read': 'viewer',
+    'summary:read': 'viewer',
+    'billing:write': 'owner',
+    'billing:read': 'viewer',
+};
+export const DEFAULT_SAAS_POLICY = {
+    freeUserThreshold: 7500,
+    maxRunsPerWorkspacePerMonth: 500,
+    maxReposPerWorkspace: 20,
+    retentionDays: 90,
+    strictActorEnforcement: false,
+    maxWorkspacesPerOrganizationByPlan: {
+        free: 20,
+        sponsor: 50,
+        team: 200,
+        business: 1000,
+    },
+};
+export function daysAgo(days) {
+    const now = Date.now();
+    return now - days * HOURS_PER_DAY * MINUTES_PER_HOUR * SECONDS_PER_MINUTE * MILLISECONDS_PER_SECOND;
+}
+export function createRandomId(prefix) {
+    return `${prefix}-${Math.random().toString(RANDOM_ID_RADIX).slice(RANDOM_ID_START, RANDOM_ID_END)}`;
+}
+//# sourceMappingURL=constants.js.map

package/dist/saas/dashboard.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { SaasPolicyOverrides, SaasQueryOptions, SaasSnapshot, SaasSummary } from './types.js';
+export declare function listSaasSnapshots(options?: SaasQueryOptions): SaasSnapshot[];
+export declare function getSaasSummary(options?: SaasQueryOptions): SaasSummary;
+export declare function generateSaasDashboardHtml(options?: {
+    storeFile?: string;
+    policy?: SaasPolicyOverrides;
+}): string;
+//# sourceMappingURL=dashboard.d.ts.map

package/dist/saas/dashboard.js ADDED Viewed

@@ -0,0 +1,132 @@
+import { resolve } from 'node:path';
+import { DASHBOARD_BAR_MIN_WIDTH, DASHBOARD_BAR_UNIT, DASHBOARD_REPO_LIMIT } from './constants.js';
+import { assertPermissionInStore, defaultSaasStorePath, loadStoreInternal, saveStore } from './store.js';
+import { DEFAULT_ORGANIZATION_ID, computeRunsPerMonth, computeUsersRegistered, escapeHtml, isRepoActive, isWorkspaceActive, matchesRepoScope, matchesTenantScope, matchesWorkspaceScope, } from './helpers.js';
+function assertSummaryReadPermission(store, options) {
+    const shouldEnforceActorForScope = store.policy.strictActorEnforcement && Boolean(options?.organizationId || options?.workspaceId);
+    if (!options?.actorUserId && !shouldEnforceActorForScope)
+        return;
+    const organizationId = options?.organizationId ?? DEFAULT_ORGANIZATION_ID;
+    assertPermissionInStore(store, {
+        operation: 'summary:read',
+        organizationId,
+        workspaceId: options?.workspaceId,
+        actorUserId: options?.actorUserId,
+    });
+}
+function buildWorkspaceStats(store) {
+    return Object.values(store.workspaces)
+        .map((workspace) => {
+        const snapshots = store.snapshots.filter((snapshot) => snapshot.organizationId === workspace.organizationId && snapshot.workspaceId === workspace.id);
+        const runs = snapshots.length;
+        const avgScore = runs === 0 ? 0 : Math.round(snapshots.reduce((sum, snapshot) => sum + snapshot.totalScore, 0) / runs);
+        const lastRun = snapshots.sort((a, b) => b.createdAt.localeCompare(a.createdAt))[0]?.createdAt ?? 'n/a';
+        return {
+            organizationId: workspace.organizationId,
+            id: workspace.id,
+            runs,
+            avgScore,
+            lastRun,
+        };
+    })
+        .sort((a, b) => b.avgScore - a.avgScore);
+}
+function buildRepoStats(store) {
+    return Object.values(store.repos)
+        .map((repo) => {
+        const snapshots = store.snapshots.filter((snapshot) => snapshot.repoId === repo.id);
+        const runs = snapshots.length;
+        const avgScore = runs === 0 ? 0 : Math.round(snapshots.reduce((sum, snapshot) => sum + snapshot.totalScore, 0) / runs);
+        return {
+            workspaceId: repo.workspaceId,
+            name: repo.name,
+            runs,
+            avgScore,
+        };
+    })
+        .sort((a, b) => b.avgScore - a.avgScore)
+        .slice(0, DASHBOARD_REPO_LIMIT);
+}
+function buildRunsRows(summary) {
+    return Object.entries(summary.runsPerMonth)
+        .sort(([a], [b]) => a.localeCompare(b))
+        .map(([month, count]) => {
+        const width = Math.max(DASHBOARD_BAR_MIN_WIDTH, count * DASHBOARD_BAR_UNIT);
+        return `<tr><td>${escapeHtml(month)}</td><td>${count}</td><td><div class="bar" style="width:${width}px"></div></td></tr>`;
+    })
+        .join('');
+}
+function buildWorkspaceRows(workspaceStats) {
+    return workspaceStats
+        .map((workspace) => `<tr><td>${escapeHtml(workspace.organizationId)}</td><td>${escapeHtml(workspace.id)}</td><td>${workspace.runs}</td><td>${workspace.avgScore}</td><td>${escapeHtml(workspace.lastRun)}</td></tr>`)
+        .join('');
+}
+function buildRepoRows(repoStats) {
+    return repoStats
+        .map((repo) => `<tr><td>${escapeHtml(repo.workspaceId)}</td><td>${escapeHtml(repo.name)}</td><td>${repo.runs}</td><td>${repo.avgScore}</td></tr>`)
+        .join('');
+}
+function renderDashboardHtmlDocument(input) {
+    return `<!doctype html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>drift cloud dashboard</title><style>:root { color-scheme: light; } body { margin: 0; font-family: "Segoe UI", Arial, sans-serif; background: #f4f7fb; color: #0f172a; } main { max-width: 980px; margin: 0 auto; padding: 24px; } h1 { margin: 0 0 6px; } p.meta { margin: 0 0 20px; color: #475569; } .cards { display: grid; grid-template-columns: repeat(auto-fit, minmax(180px, 1fr)); gap: 12px; margin-bottom: 18px; } .card { background: #ffffff; border-radius: 10px; padding: 14px; border: 1px solid #dbe3ef; } .card .label { font-size: 12px; color: #64748b; text-transform: uppercase; letter-spacing: 0.08em; } .card .value { font-size: 26px; font-weight: 700; margin-top: 4px; } table { width: 100%; border-collapse: collapse; margin-top: 10px; background: #ffffff; border: 1px solid #dbe3ef; border-radius: 10px; overflow: hidden; } th, td { padding: 10px; border-bottom: 1px solid #e2e8f0; text-align: left; font-size: 14px; } th { background: #eef2f9; } .section { margin-top: 18px; } .bar { height: 10px; background: linear-gradient(90deg, #0ea5e9, #22c55e); border-radius: 999px; } .pill { display: inline-block; border-radius: 999px; padding: 4px 10px; font-size: 12px; font-weight: 600; } .pill.free { background: #dcfce7; color: #166534; } .pill.paid { background: #fee2e2; color: #991b1b; }</style></head><body><main><h1>drift cloud dashboard</h1><p class="meta">Store: ${escapeHtml(input.storeFile)}</p><div class="cards"><div class="card"><div class="label">Plan Phase</div><div class="value"><span class="pill ${input.summary.phase}">${input.summary.phase.toUpperCase()}</span></div></div><div class="card"><div class="label">Users</div><div class="value">${input.summary.usersRegistered}</div></div><div class="card"><div class="label">Active Workspaces</div><div class="value">${input.summary.workspacesActive}</div></div><div class="card"><div class="label">Active Repos</div><div class="value">${input.summary.reposActive}</div></div><div class="card"><div class="label">Snapshots</div><div class="value">${input.summary.totalSnapshots}</div></div><div class="card"><div class="label">Free Seats Left</div><div class="value">${input.summary.freeUsersRemaining}</div></div></div><section class="section"><h2>Runs Per Month</h2><table><thead><tr><th>Month</th><th>Runs</th><th>Trend</th></tr></thead><tbody>${input.runsRows || '<tr><td colspan="3">No runs yet</td></tr>'}</tbody></table></section><section class="section"><h2>Workspace Hotspots</h2><table><thead><tr><th>Organization</th><th>Workspace</th><th>Runs</th><th>Avg Score</th><th>Last Run</th></tr></thead><tbody>${input.workspaceRows || '<tr><td colspan="5">No workspace data</td></tr>'}</tbody></table></section><section class="section"><h2>Repo Hotspots</h2><table><thead><tr><th>Workspace</th><th>Repo</th><th>Runs</th><th>Avg Score</th></tr></thead><tbody>${input.repoRows || '<tr><td colspan="4">No repo data</td></tr>'}</tbody></table></section></main></body></html>`;
+}
+export function listSaasSnapshots(options) {
+    const storeFile = resolve(options?.storeFile ?? defaultSaasStorePath());
+    const store = loadStoreInternal(storeFile, options?.policy);
+    const shouldEnforceActorForScope = store.policy.strictActorEnforcement && Boolean(options?.organizationId || options?.workspaceId);
+    if (options?.actorUserId || shouldEnforceActorForScope) {
+        const organizationId = options?.organizationId ?? DEFAULT_ORGANIZATION_ID;
+        assertPermissionInStore(store, {
+            operation: 'snapshot:read',
+            organizationId,
+            workspaceId: options?.workspaceId,
+            actorUserId: options?.actorUserId,
+        });
+    }
+    saveStore(storeFile, store);
+    return store.snapshots
+        .filter((snapshot) => matchesTenantScope(snapshot, options))
+        .sort((a, b) => b.createdAt.localeCompare(a.createdAt));
+}
+export function getSaasSummary(options) {
+    const storeFile = resolve(options?.storeFile ?? defaultSaasStorePath());
+    const store = loadStoreInternal(storeFile, options?.policy);
+    assertSummaryReadPermission(store, options);
+    saveStore(storeFile, store);
+    const scopedSnapshots = store.snapshots.filter((snapshot) => matchesTenantScope(snapshot, options));
+    const scopedWorkspaces = Object.values(store.workspaces).filter((workspace) => matchesWorkspaceScope(workspace, options));
+    const scopedRepos = Object.values(store.repos).filter((repo) => matchesRepoScope(repo, options));
+    const usersRegistered = computeUsersRegistered(store, scopedSnapshots, options);
+    const workspacesActive = scopedWorkspaces.filter((workspace) => isWorkspaceActive(workspace)).length;
+    const reposActive = scopedRepos.filter((repo) => isRepoActive(repo)).length;
+    const runsPerMonth = computeRunsPerMonth(scopedSnapshots);
+    const thresholdReached = usersRegistered >= store.policy.freeUserThreshold;
+    return {
+        policy: store.policy,
+        usersRegistered,
+        workspacesActive,
+        reposActive,
+        runsPerMonth,
+        totalSnapshots: scopedSnapshots.length,
+        phase: thresholdReached ? 'paid' : 'free',
+        thresholdReached,
+        freeUsersRemaining: Math.max(0, store.policy.freeUserThreshold - usersRegistered),
+    };
+}
+export function generateSaasDashboardHtml(options) {
+    const storeFile = resolve(options?.storeFile ?? defaultSaasStorePath());
+    const store = loadStoreInternal(storeFile, options?.policy);
+    const summary = getSaasSummary(options);
+    const workspaceStats = buildWorkspaceStats(store);
+    const repoStats = buildRepoStats(store);
+    const runsRows = buildRunsRows(summary);
+    const workspaceRows = buildWorkspaceRows(workspaceStats);
+    const repoRows = buildRepoRows(repoStats);
+    return renderDashboardHtmlDocument({
+        storeFile,
+        summary,
+        runsRows,
+        workspaceRows,
+        repoRows,
+    });
+}
+//# sourceMappingURL=dashboard.js.map

package/dist/saas/errors.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import type { SaasOperation, SaasPermissionContext, SaasRole } from './types.js';
+export declare class SaasPermissionError extends Error {
+    readonly code = "SAAS_PERMISSION_DENIED";
+    readonly operation: SaasOperation;
+    readonly organizationId: string;
+    readonly workspaceId?: string;
+    readonly actorUserId?: string;
+    readonly requiredRole: SaasRole;
+    readonly actorRole?: SaasRole;
+    constructor(context: SaasPermissionContext, requiredRole: SaasRole, actorRole?: SaasRole);
+}
+export declare class SaasActorRequiredError extends Error {
+    readonly code = "SAAS_ACTOR_REQUIRED";
+    readonly operation: SaasOperation;
+    readonly organizationId: string;
+    readonly workspaceId?: string;
+    constructor(context: SaasPermissionContext);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/saas/errors.js ADDED Viewed

@@ -0,0 +1,37 @@
+export class SaasPermissionError extends Error {
+    code = 'SAAS_PERMISSION_DENIED';
+    operation;
+    organizationId;
+    workspaceId;
+    actorUserId;
+    requiredRole;
+    actorRole;
+    constructor(context, requiredRole, actorRole) {
+        const actor = context.actorUserId ?? 'unknown-actor';
+        const workspaceSuffix = context.workspaceId ? ` workspace='${context.workspaceId}'` : '';
+        const actualRole = actorRole ?? 'none';
+        super(`Permission denied for operation '${context.operation}'. actor='${actor}' organization='${context.organizationId}'${workspaceSuffix} requiredRole='${requiredRole}' actualRole='${actualRole}'.`);
+        this.name = 'SaasPermissionError';
+        this.operation = context.operation;
+        this.organizationId = context.organizationId;
+        this.workspaceId = context.workspaceId;
+        this.actorUserId = context.actorUserId;
+        this.requiredRole = requiredRole;
+        this.actorRole = actorRole;
+    }
+}
+export class SaasActorRequiredError extends Error {
+    code = 'SAAS_ACTOR_REQUIRED';
+    operation;
+    organizationId;
+    workspaceId;
+    constructor(context) {
+        const workspaceSuffix = context.workspaceId ? ` workspace='${context.workspaceId}'` : '';
+        super(`Actor is required for operation '${context.operation}'. organization='${context.organizationId}'${workspaceSuffix}.`);
+        this.name = 'SaasActorRequiredError';
+        this.operation = context.operation;
+        this.organizationId = context.organizationId;
+        this.workspaceId = context.workspaceId;
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/saas/helpers.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import type { IngestOptions, SaasPlan, SaasPolicy, SaasPolicyInput, SaasPolicyOverrides, SaasQueryOptions, SaasRepo, SaasRole, SaasSnapshot, SaasStore, SaasWorkspace, ScopedIdentity } from './types.js';
+import { DEFAULT_ORGANIZATION_ID } from './constants.js';
+export declare function resolveSaasPolicy(policy?: SaasPolicyInput): SaasPolicy;
+export declare function normalizePlan(plan?: string): SaasPlan;
+export declare function normalizeRole(role?: string): SaasRole;
+export declare function hasRoleAtLeast(role: SaasRole | undefined, requiredRole: SaasRole): boolean;
+export declare function workspaceKey(organizationId: string, workspaceId: string): string;
+export declare function membershipKey(organizationId: string, workspaceId: string, userId: string): string;
+export declare function monthKey(isoDate: string): string;
+export declare function resolveScopedIdentity(options: IngestOptions): ScopedIdentity;
+export declare function isWorkspaceActive(workspace: SaasWorkspace): boolean;
+export declare function isRepoActive(repo: SaasRepo): boolean;
+export declare function matchesTenantScope(snapshot: SaasSnapshot, options?: SaasQueryOptions): boolean;
+export declare function matchesWorkspaceScope(workspace: SaasWorkspace, options?: SaasQueryOptions): boolean;
+export declare function matchesRepoScope(repo: SaasRepo, options?: SaasQueryOptions): boolean;
+export declare function computeRunsPerMonth(snapshots: SaasSnapshot[]): Record<string, number>;
+export declare function computeUsersRegistered(store: SaasStore, snapshots: SaasSnapshot[], options?: SaasQueryOptions): number;
+export declare function escapeHtml(value: string): string;
+export declare function mergePolicy(policy: SaasPolicyOverrides | undefined, base: SaasStore['policy']): SaasPolicy;
+export { DEFAULT_ORGANIZATION_ID };
+//# sourceMappingURL=helpers.d.ts.map

package/dist/saas/helpers.js ADDED Viewed

@@ -0,0 +1,110 @@
+import { ACTIVE_WINDOW_DAYS, DEFAULT_ORGANIZATION_ID, DEFAULT_SAAS_POLICY, ROLE_PRIORITY, VALID_PLANS, VALID_ROLES, daysAgo, } from './constants.js';
+export function resolveSaasPolicy(policy) {
+    const customPlanLimits = (policy && 'maxWorkspacesPerOrganizationByPlan' in policy)
+        ? (policy.maxWorkspacesPerOrganizationByPlan ?? {})
+        : {};
+    return {
+        ...DEFAULT_SAAS_POLICY,
+        ...(policy ?? {}),
+        maxWorkspacesPerOrganizationByPlan: {
+            ...DEFAULT_SAAS_POLICY.maxWorkspacesPerOrganizationByPlan,
+            ...customPlanLimits,
+        },
+    };
+}
+export function normalizePlan(plan) {
+    if (!plan)
+        return 'free';
+    return VALID_PLANS.includes(plan) ? plan : 'free';
+}
+export function normalizeRole(role) {
+    if (!role)
+        return 'member';
+    return VALID_ROLES.includes(role) ? role : 'member';
+}
+export function hasRoleAtLeast(role, requiredRole) {
+    if (!role)
+        return false;
+    return ROLE_PRIORITY[role] >= ROLE_PRIORITY[requiredRole];
+}
+export function workspaceKey(organizationId, workspaceId) {
+    return `${organizationId}:${workspaceId}`;
+}
+function repoKey(organizationId, workspaceId, repoName) {
+    return `${workspaceKey(organizationId, workspaceId)}:${repoName}`;
+}
+export function membershipKey(organizationId, workspaceId, userId) {
+    return `${workspaceKey(organizationId, workspaceId)}:${userId}`;
+}
+export function monthKey(isoDate) {
+    const date = new Date(isoDate);
+    const month = String(date.getUTCMonth() + 1).padStart(2, '0');
+    return `${date.getUTCFullYear()}-${month}`;
+}
+export function resolveScopedIdentity(options) {
+    const organizationId = options.organizationId ?? DEFAULT_ORGANIZATION_ID;
+    const workspaceId = options.workspaceId;
+    const repoName = options.repoName ?? 'default';
+    return {
+        organizationId,
+        workspaceId,
+        workspaceKey: workspaceKey(organizationId, workspaceId),
+        repoName,
+        repoId: repoKey(organizationId, workspaceId, repoName),
+    };
+}
+export function isWorkspaceActive(workspace) {
+    return new Date(workspace.lastSeenAt).getTime() >= daysAgo(ACTIVE_WINDOW_DAYS);
+}
+export function isRepoActive(repo) {
+    return new Date(repo.lastSeenAt).getTime() >= daysAgo(ACTIVE_WINDOW_DAYS);
+}
+export function matchesTenantScope(snapshot, options) {
+    if (!options?.organizationId && !options?.workspaceId)
+        return true;
+    if (options.organizationId && snapshot.organizationId !== options.organizationId)
+        return false;
+    if (options.workspaceId && snapshot.workspaceId !== options.workspaceId)
+        return false;
+    return true;
+}
+export function matchesWorkspaceScope(workspace, options) {
+    if (options?.organizationId && workspace.organizationId !== options.organizationId)
+        return false;
+    if (options?.workspaceId && workspace.id !== options.workspaceId)
+        return false;
+    return true;
+}
+export function matchesRepoScope(repo, options) {
+    if (options?.organizationId && repo.organizationId !== options.organizationId)
+        return false;
+    if (options?.workspaceId && repo.workspaceId !== options.workspaceId)
+        return false;
+    return true;
+}
+export function computeRunsPerMonth(snapshots) {
+    const runsPerMonth = {};
+    for (const snapshot of snapshots) {
+        const key = monthKey(snapshot.createdAt);
+        runsPerMonth[key] = (runsPerMonth[key] ?? 0) + 1;
+    }
+    return runsPerMonth;
+}
+export function computeUsersRegistered(store, snapshots, options) {
+    if (!options?.organizationId && !options?.workspaceId)
+        return Object.keys(store.users).length;
+    return new Set(snapshots.map((snapshot) => snapshot.userId)).size;
+}
+export function escapeHtml(value) {
+    return value
+        .replaceAll('&', '&amp;')
+        .replaceAll('<', '&lt;')
+        .replaceAll('>', '&gt;')
+        .replaceAll('"', '&quot;')
+        .replaceAll("'", '&#39;');
+}
+export function mergePolicy(policy, base) {
+    return resolveSaasPolicy({ ...base, ...(policy ?? {}) });
+}
+export { DEFAULT_ORGANIZATION_ID };
+//# sourceMappingURL=helpers.js.map

package/dist/saas/ingest.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { DriftReportInput, IngestOptions, SaasSnapshot } from './types.js';
+export declare function ingestSnapshotFromReport(report: DriftReportInput, options: IngestOptions): SaasSnapshot;
+//# sourceMappingURL=ingest.d.ts.map

package/dist/saas/ingest.js ADDED Viewed

@@ -0,0 +1,249 @@
+import { resolve } from 'node:path';
+import { createRandomId } from './constants.js';
+import { SaasActorRequiredError } from './errors.js';
+import { applyRetentionPolicy, assertPermissionInStore, defaultSaasStorePath, loadStoreInternal, saveStore } from './store.js';
+import { membershipKey, monthKey, normalizePlan, normalizeRole, resolveScopedIdentity } from './helpers.js';
+import { appendPlanChange } from './plan-change.js';
+function assertWorkspaceLimit(store, scoped, effectivePlan) {
+    const organization = store.organizations[scoped.organizationId];
+    const workspaceLimit = store.policy.maxWorkspacesPerOrganizationByPlan[effectivePlan];
+    const workspaceExists = Boolean(store.workspaces[scoped.workspaceKey]);
+    const workspaceCount = organization?.workspaceIds.length ?? 0;
+    if (!workspaceExists && workspaceCount >= workspaceLimit) {
+        throw new Error(`Organization '${scoped.organizationId}' on plan '${effectivePlan}' reached max workspaces (${workspaceLimit}).`);
+    }
+}
+function assertFreeThresholdLimit(store, userId) {
+    const usersRegistered = Object.keys(store.users).length;
+    const isFreePhase = usersRegistered < store.policy.freeUserThreshold;
+    if (!isFreePhase)
+        return;
+    if (!store.users[userId] && usersRegistered + 1 > store.policy.freeUserThreshold) {
+        throw new Error(`Free threshold reached (${store.policy.freeUserThreshold} users).`);
+    }
+}
+function assertRepoLimit(store, scoped) {
+    const workspace = store.workspaces[scoped.workspaceKey];
+    const repoExists = Boolean(store.repos[scoped.repoId]);
+    const repoCount = workspace?.repoIds.length ?? 0;
+    if (!repoExists && repoCount >= store.policy.maxReposPerWorkspace) {
+        throw new Error(`Workspace '${scoped.workspaceId}' reached max repos (${store.policy.maxReposPerWorkspace}).`);
+    }
+}
+function countWorkspaceRunsThisMonth(store, scoped, currentMonth) {
+    return store.snapshots.filter((snapshot) => {
+        return snapshot.organizationId === scoped.organizationId
+            && snapshot.workspaceId === scoped.workspaceId
+            && monthKey(snapshot.createdAt) === currentMonth;
+    }).length;
+}
+function assertGuardrails(store, options, nowIso) {
+    const scoped = resolveScopedIdentity(options);
+    const organization = store.organizations[scoped.organizationId];
+    const effectivePlan = normalizePlan(options.plan ?? organization?.plan);
+    assertWorkspaceLimit(store, scoped, effectivePlan);
+    assertFreeThresholdLimit(store, options.userId);
+    assertRepoLimit(store, scoped);
+    const currentMonth = monthKey(nowIso);
+    const runsThisMonth = countWorkspaceRunsThisMonth(store, scoped, currentMonth);
+    if (runsThisMonth >= store.policy.maxRunsPerWorkspacePerMonth) {
+        throw new Error(`Workspace '${scoped.workspaceId}' reached max monthly runs (${store.policy.maxRunsPerWorkspacePerMonth}).`);
+    }
+}
+function upsertUser(store, userId, nowIso) {
+    const user = store.users[userId];
+    if (user) {
+        user.lastSeenAt = nowIso;
+        return;
+    }
+    store.users[userId] = {
+        id: userId,
+        createdAt: nowIso,
+        lastSeenAt: nowIso,
+    };
+}
+function maybeUpdateOrganizationPlanFromIngest(context) {
+    const { store, scoped, requestedPlan, options, nowIso } = context;
+    const existingOrg = store.organizations[scoped.organizationId];
+    if (!existingOrg || !options.plan || existingOrg.plan === requestedPlan)
+        return;
+    if (options.actorUserId) {
+        assertPermissionInStore(store, {
+            operation: 'billing:write',
+            organizationId: scoped.organizationId,
+            actorUserId: options.actorUserId,
+        });
+    }
+    const previousPlan = existingOrg.plan;
+    existingOrg.plan = requestedPlan;
+    appendPlanChange(store, {
+        organizationId: scoped.organizationId,
+        fromPlan: previousPlan,
+        toPlan: requestedPlan,
+        changedAt: nowIso,
+        changedByUserId: options.actorUserId ?? options.userId,
+        reason: 'ingest-option-plan-change',
+    });
+}
+function ensureOrganizationForIngest(context) {
+    const { store, scoped, requestedPlan, nowIso } = context;
+    const existingOrg = store.organizations[scoped.organizationId];
+    if (existingOrg) {
+        existingOrg.lastSeenAt = nowIso;
+        maybeUpdateOrganizationPlanFromIngest(context);
+        return;
+    }
+    store.organizations[scoped.organizationId] = {
+        id: scoped.organizationId,
+        plan: requestedPlan,
+        createdAt: nowIso,
+        lastSeenAt: nowIso,
+        workspaceIds: [],
+    };
+}
+function upsertWorkspaceForIngest(store, scoped, userId, nowIso) {
+    const workspace = store.workspaces[scoped.workspaceKey];
+    if (workspace) {
+        workspace.lastSeenAt = nowIso;
+        if (!workspace.userIds.includes(userId))
+            workspace.userIds.push(userId);
+        return { wasCreated: false };
+    }
+    store.workspaces[scoped.workspaceKey] = {
+        id: scoped.workspaceId,
+        organizationId: scoped.organizationId,
+        createdAt: nowIso,
+        lastSeenAt: nowIso,
+        userIds: [userId],
+        repoIds: [],
+    };
+    const org = store.organizations[scoped.organizationId];
+    if (!org.workspaceIds.includes(scoped.workspaceId))
+        org.workspaceIds.push(scoped.workspaceId);
+    return { wasCreated: true };
+}
+function upsertMembershipForIngest(context, workspaceWasCreated) {
+    const { store, scoped, options, nowIso } = context;
+    const membershipId = membershipKey(scoped.organizationId, scoped.workspaceId, options.userId);
+    const membership = store.memberships[membershipId];
+    let role = normalizeRole(options.role);
+    if (!membership && workspaceWasCreated)
+        role = 'owner';
+    if (membership) {
+        membership.lastSeenAt = nowIso;
+        if (options.role)
+            membership.role = normalizeRole(options.role);
+        return membership.role;
+    }
+    store.memberships[membershipId] = {
+        id: membershipId,
+        organizationId: scoped.organizationId,
+        workspaceId: scoped.workspaceId,
+        userId: options.userId,
+        role,
+        createdAt: nowIso,
+        lastSeenAt: nowIso,
+    };
+    return role;
+}
+function upsertRepoForIngest(store, scoped, nowIso) {
+    const repo = store.repos[scoped.repoId];
+    if (repo) {
+        repo.lastSeenAt = nowIso;
+        return;
+    }
+    store.repos[scoped.repoId] = {
+        id: scoped.repoId,
+        organizationId: scoped.organizationId,
+        workspaceId: scoped.workspaceId,
+        name: scoped.repoName,
+        createdAt: nowIso,
+        lastSeenAt: nowIso,
+    };
+    const workspace = store.workspaces[scoped.workspaceKey];
+    if (!workspace.repoIds.includes(scoped.repoId))
+        workspace.repoIds.push(scoped.repoId);
+}
+function createSnapshotFromReport(report, context, role) {
+    const { store, scoped, options, nowIso, requestedPlan } = context;
+    return {
+        id: createRandomId(String(Date.now())),
+        createdAt: nowIso,
+        scannedAt: report.scannedAt,
+        organizationId: scoped.organizationId,
+        workspaceId: scoped.workspaceId,
+        userId: options.userId,
+        role,
+        plan: normalizePlan(store.organizations[scoped.organizationId]?.plan ?? requestedPlan),
+        repoId: scoped.repoId,
+        repoName: scoped.repoName,
+        targetPath: report.targetPath,
+        totalScore: report.totalScore,
+        totalIssues: report.totalIssues,
+        totalFiles: report.totalFiles,
+        summary: {
+            errors: report.summary.errors,
+            warnings: report.summary.warnings,
+            infos: report.summary.infos,
+        },
+    };
+}
+function assertIngestActorRequirement(options, scoped, store) {
+    if (!store.policy.strictActorEnforcement || options.actorUserId)
+        return;
+    throw new SaasActorRequiredError({
+        operation: 'snapshot:write',
+        organizationId: scoped.organizationId,
+        workspaceId: scoped.workspaceId,
+    });
+}
+function assertIngestPermissionForActor(store, scoped, actorUserId) {
+    if (!actorUserId)
+        return;
+    const workspaceExists = Boolean(store.workspaces[scoped.workspaceKey]);
+    const organizationExists = Boolean(store.organizations[scoped.organizationId]);
+    if (workspaceExists) {
+        assertPermissionInStore(store, {
+            operation: 'snapshot:write',
+            organizationId: scoped.organizationId,
+            workspaceId: scoped.workspaceId,
+            actorUserId,
+        });
+        return;
+    }
+    if (organizationExists) {
+        assertPermissionInStore(store, {
+            operation: 'billing:write',
+            organizationId: scoped.organizationId,
+            actorUserId,
+        });
+    }
+}
+export function ingestSnapshotFromReport(report, options) {
+    const storeFile = resolve(options.storeFile ?? defaultSaasStorePath());
+    const store = loadStoreInternal(storeFile, options.policy);
+    const nowIso = new Date().toISOString();
+    const scoped = resolveScopedIdentity(options);
+    const requestedPlan = normalizePlan(options.plan);
+    const context = {
+        store,
+        scoped,
+        options,
+        nowIso,
+        requestedPlan,
+    };
+    assertIngestActorRequirement(options, scoped, store);
+    assertIngestPermissionForActor(store, scoped, options.actorUserId);
+    assertGuardrails(store, options, nowIso);
+    upsertUser(store, options.userId, nowIso);
+    ensureOrganizationForIngest(context);
+    const workspaceState = upsertWorkspaceForIngest(store, scoped, options.userId, nowIso);
+    const role = upsertMembershipForIngest(context, workspaceState.wasCreated);
+    upsertRepoForIngest(store, scoped, nowIso);
+    const snapshot = createSnapshotFromReport(report, context, role);
+    store.snapshots.push(snapshot);
+    applyRetentionPolicy(store);
+    saveStore(storeFile, store);
+    return snapshot;
+}
+//# sourceMappingURL=ingest.js.map

package/dist/saas/organization.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import type { ChangeOrganizationPlanOptions, SaasOrganizationUsageSnapshot, SaasPlanChange, SaasPlanChangeQueryOptions, SaasUsageQueryOptions } from './types.js';
+export declare function changeOrganizationPlan(options: ChangeOrganizationPlanOptions): SaasPlanChange;
+export declare function listOrganizationPlanChanges(options: SaasPlanChangeQueryOptions): SaasPlanChange[];
+export declare function getOrganizationUsageSnapshot(options: SaasUsageQueryOptions): SaasOrganizationUsageSnapshot;
+//# sourceMappingURL=organization.d.ts.map