npm - @hongmaple0820/scale-engine - Versions diffs - 0.25.0 → 0.27.0 - Mend

@hongmaple0820/scale-engine 0.25.0 → 0.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (171) hide show

package/LICENSE +15 -15
package/README.en.md +384 -346
package/README.md +564 -529
package/dist/adapters/AiderAdapter.js +52 -52
package/dist/adapters/AntigravityAdapter.d.ts +4 -0
package/dist/adapters/AntigravityAdapter.js +21 -0
package/dist/adapters/AntigravityAdapter.js.map +1 -0
package/dist/adapters/ClaudeCodeAdapter.d.ts +4 -1
package/dist/adapters/ClaudeCodeAdapter.js +34 -34
package/dist/adapters/ClaudeCodeAdapter.js.map +1 -1
package/dist/adapters/ClineAdapter.d.ts +4 -0
package/dist/adapters/ClineAdapter.js +20 -0
package/dist/adapters/ClineAdapter.js.map +1 -0
package/dist/adapters/CodexAdapter.js +28 -28
package/dist/adapters/CursorAdapter.js +26 -26
package/dist/adapters/DeepSeekTuiAdapter.js +97 -97
package/dist/adapters/DoubaoAdapter.js +33 -33
package/dist/adapters/GeminiAdapter.js +26 -26
package/dist/adapters/GenericProjectAgentAdapter.d.ts +29 -0
package/dist/adapters/GenericProjectAgentAdapter.js +204 -0
package/dist/adapters/GenericProjectAgentAdapter.js.map +1 -0
package/dist/adapters/HermesAdapter.js +26 -26
package/dist/adapters/JCodeAdapter.d.ts +4 -0
package/dist/adapters/JCodeAdapter.js +19 -0
package/dist/adapters/JCodeAdapter.js.map +1 -0
package/dist/adapters/KiloCodeAdapter.d.ts +4 -0
package/dist/adapters/KiloCodeAdapter.js +20 -0
package/dist/adapters/KiloCodeAdapter.js.map +1 -0
package/dist/adapters/KimiAdapter.js +32 -32
package/dist/adapters/KiroAdapter.js +26 -26
package/dist/adapters/OpenClawAdapter.js +26 -26
package/dist/adapters/OpenCodeAdapter.js +26 -26
package/dist/adapters/QCoderAdapter.js +26 -26
package/dist/adapters/QoderAdapter.d.ts +4 -0
package/dist/adapters/QoderAdapter.js +21 -0
package/dist/adapters/QoderAdapter.js.map +1 -0
package/dist/adapters/TraeAdapter.js +26 -26
package/dist/adapters/VSCAdapter.js +26 -26
package/dist/adapters/WindsurfAdapter.js +32 -32
package/dist/adapters/WorkBuddyAdapter.js +26 -26
package/dist/adapters/index.d.ts +5 -0
package/dist/adapters/index.js +15 -0
package/dist/adapters/index.js.map +1 -1
package/dist/api/cli.js +190 -56
package/dist/api/cli.js.map +1 -1
package/dist/api/doctor.js +10 -3
package/dist/api/doctor.js.map +1 -1
package/dist/api/quickstart.js +7 -1
package/dist/api/quickstart.js.map +1 -1
package/dist/artifact/sqliteStore.js +89 -89
package/dist/artifact/types.d.ts +1 -1
package/dist/cli/phaseCommands.js +53 -53
package/dist/cli/phaseCommands.js.map +1 -1
package/dist/context/AntiPatternRegistry.js +20 -20
package/dist/context/ContextBudget.d.ts +14 -0
package/dist/context/ContextBudget.js +50 -14
package/dist/context/ContextBudget.js.map +1 -1
package/dist/context/ContextBuilder.js +155 -155
package/dist/context/ContextCompiler.d.ts +34 -0
package/dist/context/ContextCompiler.js +120 -0
package/dist/context/ContextCompiler.js.map +1 -0
package/dist/eval/WorkflowEval.js +4 -6
package/dist/eval/WorkflowEval.js.map +1 -1
package/dist/evolution/EvolutionEngine.js +31 -31
package/dist/evolution/EvolutionEvaluator.d.ts +2 -0
package/dist/evolution/EvolutionEvaluator.js +7 -1
package/dist/evolution/EvolutionEvaluator.js.map +1 -1
package/dist/fsm/FSMAgentBridge.js +11 -11
package/dist/governance/GovernanceRoi.d.ts +6 -1
package/dist/governance/GovernanceRoi.js +32 -0
package/dist/governance/GovernanceRoi.js.map +1 -1
package/dist/guardrails/DependencyAuditor.js +38 -0
package/dist/guardrails/DependencyAuditor.js.map +1 -1
package/dist/hooks/HookGeneratorEnhanced.js +218 -218
package/dist/index.d.ts +2 -1
package/dist/index.js +3 -2
package/dist/index.js.map +1 -1
package/dist/knowledge/SQLiteKnowledgeBase.js +28 -28
package/dist/memory/MemoryBrain.js +52 -52
package/dist/output/GovernanceDashboard.js +44 -44
package/dist/output/HTMLArtifactLayer.js +31 -31
package/dist/prompts/VibeTemplateGallery.js +121 -121
package/dist/runtime/AiOsRuntime.d.ts +53 -0
package/dist/runtime/AiOsRuntime.js +142 -0
package/dist/runtime/AiOsRuntime.js.map +1 -0
package/dist/runtime/index.d.ts +1 -0
package/dist/runtime/index.js +1 -0
package/dist/runtime/index.js.map +1 -1
package/dist/skills/SkillDiscovery.js +12 -1
package/dist/skills/SkillDiscovery.js.map +1 -1
package/dist/skills/routing/SkillPlanner.js +128 -40
package/dist/skills/routing/SkillPlanner.js.map +1 -1
package/dist/skills/routing/SkillRoutingTypes.d.ts +17 -0
package/dist/tools/SafeCommandRunner.d.ts +16 -0
package/dist/tools/SafeCommandRunner.js +83 -0
package/dist/tools/SafeCommandRunner.js.map +1 -0
package/dist/workflow/EngineeringStandards.js +62 -62
package/dist/workflow/GovernanceTemplatePacks.d.ts +1 -1
package/dist/workflow/GovernanceTemplatePacks.js +1990 -162
package/dist/workflow/GovernanceTemplatePacks.js.map +1 -1
package/dist/workflow/GovernanceTemplates.d.ts +2 -0
package/dist/workflow/GovernanceTemplates.js +1012 -1001
package/dist/workflow/GovernanceTemplates.js.map +1 -1
package/dist/workflow/ResourceGovernance.js +16 -16
package/dist/workflow/TaskArtifactScaffolder.js +10 -10
package/dist/workflow/UpgradeManager.d.ts +3 -2
package/dist/workflow/UpgradeManager.js +134 -49
package/dist/workflow/UpgradeManager.js.map +1 -1
package/dist/workflow/WorkspaceTopology.js +18 -15
package/dist/workflow/WorkspaceTopology.js.map +1 -1
package/dist/workflow/gates/GateSystem.js +3 -9
package/dist/workflow/gates/GateSystem.js.map +1 -1
package/docs/ACTIVE_SECURITY_VISUAL_GATES.md +87 -87
package/docs/AI_ENGINEERING_OS_POSITIONING.md +462 -0
package/docs/BACKGROUND_HUNTER.md +62 -62
package/docs/CODE_INTELLIGENCE.md +138 -138
package/docs/CONTEXT_BUDGET.md +155 -113
package/docs/DEPENDENCY_AUDIT.md +118 -89
package/docs/EVOLUTION_SHADOW_MODE.md +63 -63
package/docs/EXTERNAL_REFERENCES.md +63 -58
package/docs/GITLAB_FLOW.md +125 -125
package/docs/GOVERNANCE_DASHBOARD.md +85 -85
package/docs/MEMORY_BRAIN.md +104 -104
package/docs/MEMORY_FABRIC.md +136 -134
package/docs/README.md +102 -92
package/docs/RUNTIME_EVIDENCE.md +101 -101
package/docs/SKILL-REPOSITORY.md +57 -57
package/docs/SKILL_RADAR.md +135 -122
package/docs/THIRD_PARTY_SKILLS.md +57 -57
package/docs/WORKFLOW_EVAL.md +151 -151
package/docs/guides/DEVELOPMENT_WORKFLOW.md +80 -0
package/docs/guides/GETTING_STARTED.md +50 -0
package/docs/start/README.md +78 -72
package/docs/start/agent-governance-demo.md +107 -107
package/docs/start/quickstart.md +137 -127
package/docs/start/workflow-upgrade.md +32 -8
package/docs/workflow/README.md +67 -0
package/docs/workflow/node-library.md +52 -0
package/docs/workflow/templates/api-contract.md +29 -0
package/docs/workflow/templates/architecture-review.md +23 -0
package/docs/workflow/templates/db-change-plan.md +20 -0
package/docs/workflow/templates/docs-impact.md +17 -0
package/docs/workflow/templates/e2e-plan.md +20 -0
package/docs/workflow/templates/explore.md +16 -0
package/docs/workflow/templates/github-actions-scale-preflight.yml +32 -0
package/docs/workflow/templates/mini-prd.md +16 -0
package/docs/workflow/templates/plan.md +37 -0
package/docs/workflow/templates/pre-push-scale-preflight.sh +8 -0
package/docs/workflow/templates/product-smoke.md +61 -0
package/docs/workflow/templates/reality-check.md +28 -0
package/docs/workflow/templates/resource-cleanup.md +17 -0
package/docs/workflow/templates/resource-impact.md +25 -0
package/docs/workflow/templates/review.md +12 -0
package/docs/workflow/templates/runtime.md +23 -0
package/docs/workflow/templates/security-review.md +26 -0
package/docs/workflow/templates/skill-evidence.md +33 -0
package/docs/workflow/templates/skill-plan.md +39 -0
package/docs/workflow/templates/spec.md +17 -0
package/docs/workflow/templates/standards-impact.md +28 -0
package/docs/workflow/templates/summary.md +16 -0
package/docs/workflow/templates/tasks.md +8 -0
package/docs/workflow/templates/ui-spec.md +29 -0
package/docs/workflow/templates/verification.md +20 -0
package/docs/workflow/templates/visual-review.md +20 -0
package/examples/demo-projects/agent-governance-demo/CONTEXT.md +14 -14
package/examples/demo-projects/agent-governance-demo/README.md +48 -48
package/examples/demo-projects/agent-governance-demo/docs/CONTEXT-MAP.md +14 -14
package/examples/demo-projects/agent-governance-demo/package.json +22 -21
package/examples/demo-projects/agent-governance-demo/src/oauth-state.ts +39 -39
package/examples/demo-projects/agent-governance-demo/tests/oauth-state.test.ts +52 -52
package/package.json +95 -78

package/docs/workflow/templates/skill-plan.md ADDED Viewed

@@ -0,0 +1,39 @@
+# Skill Plan
+## Detected Intents
+| Domain | Score | Evidence |
+| --- | ---: | --- |
+|  |  |  |
+## Required Skills
+- TBD
+## Recommended Skills
+- TBD
+## Required Artifacts
+- TBD
+## Required Verification Evidence
+- TBD
+## Tool Orchestration
+| Capability | Primary Tool Or Skill | Fallback | Required Evidence |
+| --- | --- | --- | --- |
+| UI/UX design | frontend-design, ui-ux-pro-max | awesome-design-md | design-system, ui-spec.md, visual-review.md |
+| Web research or logged-in pages | web-access | agent-browser, Chrome DevTools MCP | source citations, browser evidence |
+| Browser E2E | webapp-testing, Playwright | agent-browser, web-access | screenshot, console, network evidence |
+| Desktop GUI automation | CUA/computer-use | manual verification | desktop screenshot, operator-safety notes |
+| External agent CLI | codex/gemini/opencode CLI | manual review | version check, exact command output |
+## Skipped Skills
+| Skill | Reason | Fallback Evidence |
+| --- | --- | --- |
+|  |  |  |

package/docs/workflow/templates/spec.md ADDED Viewed

@@ -0,0 +1,17 @@
+# Spec - {{TASK_ID}}
+Date: {{DATE}}
+Level: {{LEVEL}}
+## What
+## Why
+## Boundaries
+## Acceptance Criteria
+- [ ]

package/docs/workflow/templates/standards-impact.md ADDED Viewed

@@ -0,0 +1,28 @@
+# Standards Impact
+## Standards Checked
+- [ ] Logging and redaction
+- [ ] Architecture boundaries
+- [ ] ORM/database access
+- [ ] Framework/component conventions
+- [ ] UI/UX acceptance where user-facing
+- [ ] Test and verification rigor
+- [ ] Security-sensitive inputs and outputs
+## Findings
+| Severity | Rule | Path | Decision |
+| --- | --- | --- | --- |
+| TBD | TBD | TBD | fix/accept/escalate |
+## Policy Updates
+- [ ] .scale/engineering-standards.json
+- [ ] .scale/frameworks.json
+- [ ] docs/standards/
+## Settlement
+- Standards scan:
+- Standards doctor:

package/docs/workflow/templates/summary.md ADDED Viewed

@@ -0,0 +1,16 @@
+# Summary - {{TASK_ID}}
+Date: {{DATE}}
+Level: {{LEVEL}}
+## What Changed
+- TBD
+## Verification Result
+- TBD
+## Follow-up
+- TBD

package/docs/workflow/templates/tasks.md ADDED Viewed

@@ -0,0 +1,8 @@
+# Tasks - {{TASK_ID}}
+Date: {{DATE}}
+Level: {{LEVEL}}
+## Task List
+- [ ]

package/docs/workflow/templates/ui-spec.md ADDED Viewed

@@ -0,0 +1,29 @@
+# UI Spec
+## User Goal
+TBD
+## Primary Flow
+TBD
+## Interaction States
+- Default:
+- Loading:
+- Empty:
+- Error:
+- Success:
+## Responsive Behavior
+TBD
+## Accessibility Requirements
+TBD
+## Acceptance Criteria
+- [ ] TBD

package/docs/workflow/templates/verification.md ADDED Viewed

@@ -0,0 +1,20 @@
+# Verification - {{TASK_ID}}
+Date: {{DATE}}
+Level: {{LEVEL}}
+## Commands Run
+- TBD
+## Passed
+- TBD
+## Failed / Blocked
+- TBD
+## Not Run
+- TBD

package/docs/workflow/templates/visual-review.md ADDED Viewed

@@ -0,0 +1,20 @@
+# Visual Review
+## Screenshots Or Evidence
+TBD
+## Layout And Responsiveness
+TBD
+## Text Fit And Overlap
+TBD
+## Accessibility Notes
+TBD
+## Final Verdict
+TBD

package/examples/demo-projects/agent-governance-demo/CONTEXT.md CHANGED Viewed

@@ -1,14 +1,14 @@
-# CONTEXT.md
-Project: Agent Governance Demo
-| Term | Definition | Examples | Aliases | Source |
-|------|------------|----------|---------|--------|
-| OAuth state | One-time callback correlation value that binds authorization return traffic to a user session | `state-123` | callback state | `src/oauth-state.ts` |
-| Consumed state | A state record that has already been used and must not be accepted again | `consumedAt: 900` | replayed state | `tests/oauth-state.test.ts` |
-| Evidence | A command result or artifact that proves what was verified | `npm test`, eval report, dashboard | verification proof | SCALE workflow |
-## Rejected Meanings
-- Do not treat an expired state as recoverable without a new authorization flow.
-- Do not treat a dashboard or eval report as a substitute for the business test.
+# CONTEXT.md
+Project: Agent Governance Demo
+| Term | Definition | Examples | Aliases | Source |
+|------|------------|----------|---------|--------|
+| OAuth state | One-time callback correlation value that binds authorization return traffic to a user session | `state-123` | callback state | `src/oauth-state.ts` |
+| Consumed state | A state record that has already been used and must not be accepted again | `consumedAt: 900` | replayed state | `tests/oauth-state.test.ts` |
+| Evidence | A command result or artifact that proves what was verified | `npm test`, eval report, dashboard | verification proof | SCALE workflow |
+## Rejected Meanings
+- Do not treat an expired state as recoverable without a new authorization flow.
+- Do not treat a dashboard or eval report as a substitute for the business test.

package/examples/demo-projects/agent-governance-demo/README.md CHANGED Viewed

@@ -1,48 +1,48 @@
-# Agent Governance Demo
-这是 SCALE Engine 的最小官方 demo 项目，用一个 OAuth state 校验场景展示 Agent 工程治理如何落到真实代码、测试、证据和报告里。
-业务目标很小：OAuth callback 必须拒绝缺失、过期、已消费或不匹配的 state。
-治理目标更重要：Agent 不能只说“我完成了”，必须留下可验证证据。
-## 快速运行
-```bash
-npm install
-npm test
-```
-## 一键治理烟测
-```bash
-npm run workflow:smoke
-```
-这个命令会依次运行：
-- `npm test`：验证业务行为。
-- `scale eval run --dir .`：运行工作流基线评测。
-- `scale context budget --dir .`：检查上下文预算，避免无节制读取。
-- `scale artifact dashboard --dir . --lang zh`：生成本地治理 HTML 看板。
-## 适合演示的 SCALE 命令
-```bash
-scale governance mode --task "修复 OAuth state 校验绕过问题" --files "src/oauth-state.ts,tests/oauth-state.test.ts"
-scale skill radar --dir . --task "修复 OAuth state 校验绕过问题" --phase verify --level M --files "src/oauth-state.ts,tests/oauth-state.test.ts"
-scale codegraph status --dir .
-scale eval run --dir .
-scale artifact dashboard --dir . --lang zh
-```
-## 观察点
-- `src/oauth-state.ts` 保持很小，便于核对 Agent 是否过度设计。
-- `tests/oauth-state.test.ts` 覆盖成功、缺失、过期、已消费和不匹配 state。
-- `CONTEXT.md` 和 `docs/CONTEXT-MAP.md` 只提供必要上下文，避免 demo 自己变成 token 污染源。
-- `.scale/evals/suites/workflow-baseline.json` 可由 `scale eval init --dir .` 重新生成。
-## 这不是业务模板
-这个 demo 不是 OAuth 产品模板，而是治理闭环模板。真实项目接入时，应保留 SCALE 的证据、评测、上下文预算和看板机制，再替换成自己的业务代码、服务矩阵和验证脚本。
+# Agent Governance Demo
+这是 SCALE Engine 的最小官方 demo 项目，用一个 OAuth state 校验场景展示 Agent 工程治理如何落到真实代码、测试、证据和报告里。
+业务目标很小：OAuth callback 必须拒绝缺失、过期、已消费或不匹配的 state。
+治理目标更重要：Agent 不能只说“我完成了”，必须留下可验证证据。
+## 快速运行
+```bash
+npm install
+npm test
+```
+## 一键治理烟测
+```bash
+npm run workflow:smoke
+```
+这个命令会依次运行：
+- `npm test`：验证业务行为。
+- `scale eval run --dir .`：运行工作流基线评测。
+- `scale context budget --dir .`：检查上下文预算，避免无节制读取。
+- `scale artifact dashboard --dir . --lang zh`：生成本地治理 HTML 看板。
+## 适合演示的 SCALE 命令
+```bash
+scale governance mode --task "修复 OAuth state 校验绕过问题" --files "src/oauth-state.ts,tests/oauth-state.test.ts"
+scale skill radar --dir . --task "修复 OAuth state 校验绕过问题" --phase verify --level M --files "src/oauth-state.ts,tests/oauth-state.test.ts"
+scale codegraph status --dir .
+scale eval run --dir .
+scale artifact dashboard --dir . --lang zh
+```
+## 观察点
+- `src/oauth-state.ts` 保持很小，便于核对 Agent 是否过度设计。
+- `tests/oauth-state.test.ts` 覆盖成功、缺失、过期、已消费和不匹配 state。
+- `CONTEXT.md` 和 `docs/CONTEXT-MAP.md` 只提供必要上下文，避免 demo 自己变成 token 污染源。
+- `.scale/evals/suites/workflow-baseline.json` 可由 `scale eval init --dir .` 重新生成。
+## 这不是业务模板
+这个 demo 不是 OAuth 产品模板，而是治理闭环模板。真实项目接入时，应保留 SCALE 的证据、评测、上下文预算和看板机制，再替换成自己的业务代码、服务矩阵和验证脚本。

package/examples/demo-projects/agent-governance-demo/docs/CONTEXT-MAP.md CHANGED Viewed

@@ -1,14 +1,14 @@
-# CONTEXT-MAP.md
-Project: Agent Governance Demo
-| Module | Owner | Product Doc | Architecture Doc |
-| --- | --- | --- | --- |
-| OAuth state verifier | SCALE demo | `README.md` | `src/oauth-state.ts` |
-| Workflow evidence | SCALE demo | `README.md` | `.scale/evals/suites/workflow-baseline.json` |
-## Cross-Module Rules
-- Behavior changes in `src/oauth-state.ts` must update `tests/oauth-state.test.ts`.
-- Workflow command changes must update `README.md`.
-- Generated reports under `.scale/reports/` are review artifacts, not source of truth.
+# CONTEXT-MAP.md
+Project: Agent Governance Demo
+| Module | Owner | Product Doc | Architecture Doc |
+| --- | --- | --- | --- |
+| OAuth state verifier | SCALE demo | `README.md` | `src/oauth-state.ts` |
+| Workflow evidence | SCALE demo | `README.md` | `.scale/evals/suites/workflow-baseline.json` |
+## Cross-Module Rules
+- Behavior changes in `src/oauth-state.ts` must update `tests/oauth-state.test.ts`.
+- Workflow command changes must update `README.md`.
+- Generated reports under `.scale/reports/` are review artifacts, not source of truth.

package/examples/demo-projects/agent-governance-demo/package.json CHANGED Viewed

@@ -1,21 +1,22 @@
-{
-  "name": "scale-agent-governance-demo",
-  "version": "0.1.0",
-  "private": true,
-  "type": "module",
-  "scripts": {
-    "build": "tsc --noEmit --module NodeNext --moduleResolution NodeNext --target ES2022 src/oauth-state.ts tests/oauth-state.test.ts",
-    "lint": "tsc --noEmit --module NodeNext --moduleResolution NodeNext --target ES2022 src/oauth-state.ts tests/oauth-state.test.ts",
-    "test": "vitest run",
-    "scale:eval": "scale eval run --dir .",
-    "scale:budget": "scale context budget --dir .",
-    "scale:dashboard": "scale artifact dashboard --dir . --lang zh",
-    "workflow:smoke": "npm test && npm run scale:eval && npm run scale:budget && npm run scale:dashboard"
-  },
-  "devDependencies": {
-    "@hongmaple0820/scale-engine": "^0.20.0",
-    "typescript": "^5.5.0",
-    "vitest": "^2.1.9"
-  }
-}
+{
+  "name": "scale-agent-governance-demo",
+  "version": "0.1.0",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "build": "tsc --noEmit --module NodeNext --moduleResolution NodeNext --target ES2022 src/oauth-state.ts tests/oauth-state.test.ts",
+    "lint": "tsc --noEmit --module NodeNext --moduleResolution NodeNext --target ES2022 src/oauth-state.ts tests/oauth-state.test.ts",
+    "test": "vitest run",
+    "scale:eval": "scale eval run --dir .",
+    "scale:budget": "scale context budget --dir .",
+    "scale:dashboard": "scale artifact dashboard --dir . --lang zh",
+    "workflow:smoke": "npm test && npm run scale:eval && npm run scale:budget && npm run scale:dashboard"
+  },
+  "devDependencies": {
+    "@hongmaple0820/scale-engine": "^0.20.0",
+    "@types/node": "^20.14.0",
+    "typescript": "^5.5.0",
+    "vitest": "^2.1.9"
+  }
+}

package/examples/demo-projects/agent-governance-demo/src/oauth-state.ts CHANGED Viewed

@@ -1,39 +1,39 @@
-export type OAuthStateFailure = 'missing-record' | 'state-mismatch' | 'state-expired' | 'state-consumed'
-export interface OAuthStateRecord {
-  state: string
-  userId: string
-  expiresAt: number
-  consumedAt?: number
-}
-export interface OAuthStateVerification {
-  ok: boolean
-  userId?: string
-  reason?: OAuthStateFailure
-}
-export function verifyOAuthState(
-  record: OAuthStateRecord | undefined,
-  providedState: string,
-  now: number = Date.now()
-): OAuthStateVerification {
-  if (!record) {
-    return { ok: false, reason: 'missing-record' }
-  }
-  if (record.state !== providedState) {
-    return { ok: false, reason: 'state-mismatch' }
-  }
-  if (record.expiresAt <= now) {
-    return { ok: false, reason: 'state-expired' }
-  }
-  if (record.consumedAt !== undefined) {
-    return { ok: false, reason: 'state-consumed' }
-  }
-  return { ok: true, userId: record.userId }
-}
+export type OAuthStateFailure = 'missing-record' | 'state-mismatch' | 'state-expired' | 'state-consumed'
+export interface OAuthStateRecord {
+  state: string
+  userId: string
+  expiresAt: number
+  consumedAt?: number
+}
+export interface OAuthStateVerification {
+  ok: boolean
+  userId?: string
+  reason?: OAuthStateFailure
+}
+export function verifyOAuthState(
+  record: OAuthStateRecord | undefined,
+  providedState: string,
+  now: number = Date.now()
+): OAuthStateVerification {
+  if (!record) {
+    return { ok: false, reason: 'missing-record' }
+  }
+  if (record.state !== providedState) {
+    return { ok: false, reason: 'state-mismatch' }
+  }
+  if (record.expiresAt <= now) {
+    return { ok: false, reason: 'state-expired' }
+  }
+  if (record.consumedAt !== undefined) {
+    return { ok: false, reason: 'state-consumed' }
+  }
+  return { ok: true, userId: record.userId }
+}

package/examples/demo-projects/agent-governance-demo/tests/oauth-state.test.ts CHANGED Viewed

@@ -1,52 +1,52 @@
-import { describe, expect, it } from 'vitest'
-import { verifyOAuthState, type OAuthStateRecord } from '../src/oauth-state.js'
-const future = 2_000
-const now = 1_000
-function record(overrides: Partial<OAuthStateRecord> = {}): OAuthStateRecord {
-  return {
-    state: 'state-123',
-    userId: 'user-1',
-    expiresAt: future,
-    ...overrides
-  }
-}
-describe('verifyOAuthState', () => {
-  it('accepts a valid unexpired state', () => {
-    expect(verifyOAuthState(record(), 'state-123', now)).toEqual({
-      ok: true,
-      userId: 'user-1'
-    })
-  })
-  it('rejects a missing record', () => {
-    expect(verifyOAuthState(undefined, 'state-123', now)).toEqual({
-      ok: false,
-      reason: 'missing-record'
-    })
-  })
-  it('rejects a mismatched state', () => {
-    expect(verifyOAuthState(record(), 'other-state', now)).toEqual({
-      ok: false,
-      reason: 'state-mismatch'
-    })
-  })
-  it('rejects an expired state', () => {
-    expect(verifyOAuthState(record({ expiresAt: now }), 'state-123', now)).toEqual({
-      ok: false,
-      reason: 'state-expired'
-    })
-  })
-  it('rejects a consumed state', () => {
-    expect(verifyOAuthState(record({ consumedAt: 900 }), 'state-123', now)).toEqual({
-      ok: false,
-      reason: 'state-consumed'
-    })
-  })
-})
+import { describe, expect, it } from 'vitest'
+import { verifyOAuthState, type OAuthStateRecord } from '../src/oauth-state.js'
+const future = 2_000
+const now = 1_000
+function record(overrides: Partial<OAuthStateRecord> = {}): OAuthStateRecord {
+  return {
+    state: 'state-123',
+    userId: 'user-1',
+    expiresAt: future,
+    ...overrides
+  }
+}
+describe('verifyOAuthState', () => {
+  it('accepts a valid unexpired state', () => {
+    expect(verifyOAuthState(record(), 'state-123', now)).toEqual({
+      ok: true,
+      userId: 'user-1'
+    })
+  })
+  it('rejects a missing record', () => {
+    expect(verifyOAuthState(undefined, 'state-123', now)).toEqual({
+      ok: false,
+      reason: 'missing-record'
+    })
+  })
+  it('rejects a mismatched state', () => {
+    expect(verifyOAuthState(record(), 'other-state', now)).toEqual({
+      ok: false,
+      reason: 'state-mismatch'
+    })
+  })
+  it('rejects an expired state', () => {
+    expect(verifyOAuthState(record({ expiresAt: now }), 'state-123', now)).toEqual({
+      ok: false,
+      reason: 'state-expired'
+    })
+  })
+  it('rejects a consumed state', () => {
+    expect(verifyOAuthState(record({ consumedAt: 900 }), 'state-123', now)).toEqual({
+      ok: false,
+      reason: 'state-consumed'
+    })
+  })
+})