@jigyasudham/veto 0.8.0

package/dist/agents/security/scanner.js

@@ -0,0 +1,288 @@
+export function plan(task, context) {
+    return {
+        agent: 'security-scanner',
+        task,
+        tier: 2,
+        approach: 'Apply OWASP Top 10 methodology: enumerate attack surface, check each category ' +
+            'systematically, prioritise critical and high findings, produce actionable remediation.',
+        steps: [
+            'Identify all entry points: HTTP endpoints, file uploads, WebSocket, CLI args',
+            'Map authentication and authorisation boundaries',
+            'A01 – Broken Access Control: ownership checks, privilege escalation paths',
+            'A02 – Cryptographic Failures: cipher strength, data-in-transit, data-at-rest',
+            'A03 – Injection: SQL, NoSQL, OS command, LDAP, template injection',
+            'A04 – Insecure Design: missing input validation, business logic flaws',
+            'A05 – Security Misconfiguration: debug flags, default creds, verbose errors',
+            'A06 – Vulnerable Components: dependency CVEs, outdated libraries',
+            'A07 – Authentication Failures: rate limiting, session management, token strength',
+            'A08 – Software Integrity: deserialization, supply-chain, CI integrity checks',
+            'A09 – Logging Failures: audit trail completeness, sensitive data in logs',
+            'A10 – SSRF: user-supplied URLs in outbound calls',
+            'Aggregate findings, calculate score, produce verdict and remediation plan',
+        ],
+        checklist: [
+            'All HTTP routes require authentication where data is user-specific',
+            'Object-level authorisation verifies ownership before returning or mutating records',
+            'No MD5 or SHA-1 used for password hashing or data integrity',
+            'TLS enforced on all external connections; HSTS header present',
+            'SQL queries use parameterised statements or ORM; no string concatenation',
+            'eval() and new Function() constructors are absent from production code',
+            'Input validated with schema library (zod/joi) at every API boundary',
+            'Error responses do not leak stack traces or internal file paths',
+            'Debug/development flags disabled in production builds',
+            'Default credentials and example secrets removed from all config files',
+            'Auth endpoints protected by rate limiting and account-lockout logic',
+            'Session tokens stored in httpOnly, Secure, SameSite=Strict cookies',
+            'Deserialisation of untrusted data avoided or performed with strict schema',
+            'Audit log written for every sensitive operation (login, delete, privilege change)',
+            'Passwords and secrets never appear in log output',
+            'Outbound HTTP requests validate/whitelist target URLs; no raw user-supplied URLs',
+            'npm audit / yarn audit run in CI with zero high/critical failure threshold',
+            'Security headers set: CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy',
+        ],
+        pitfalls: [
+            'Trusting client-supplied IDs without server-side ownership validation (IDOR)',
+            'Comparing password hashes with == instead of a constant-time function',
+            'Sending res.json(err) in Express error handlers — leaks internal details',
+            'Forgetting to validate JWT claims server-side; client-side role inflation',
+            'Server-Side Template Injection when user input is interpolated into templates',
+            'Prototype pollution through lodash merge on untrusted objects',
+            'CORS wildcard (*) combined with credentials:true',
+            'Logging req.body at DEBUG level — captures passwords in plaintext',
+        ],
+        patterns: [
+            'Parameterised queries / prepared statements for all DB access',
+            'Repository pattern isolates data access and makes auth injection consistent',
+            'Middleware chain: authenticate → authorise → validate → handle',
+            'Allow-list validation (reject unknown fields) via zod strict() mode',
+            'Centralised error handler strips internal details before response',
+            'Structured logging with automatic redaction of secret fields',
+        ],
+        duration_estimate: context?.includes('large') ? '4-6 hours' : '1-2 hours',
+    };
+}
+const CHECKS = [
+    // A01 – Broken Access Control
+    {
+        regex: /req\.params\.(id|userId|user_id)\b/,
+        severity: 'high',
+        category: 'A01 Broken Access Control',
+        description: 'req.params.id used — verify ownership check exists to prevent IDOR.',
+        fix: 'Assert req.user.id === record.userId before returning or mutating the resource.',
+        cwe: 'CWE-639',
+        owasp: 'A01:2021',
+    },
+    {
+        regex: /role\s*=\s*req\.body\.role|req\.body\[['"]role['"]\]/,
+        severity: 'critical',
+        category: 'A01 Broken Access Control',
+        description: 'Role assigned directly from request body — allows privilege escalation.',
+        fix: 'Never accept role from client input. Derive roles server-side from the session.',
+        cwe: 'CWE-269',
+        owasp: 'A01:2021',
+    },
+    // A02 – Cryptographic Failures
+    {
+        regex: /createHash\s*\(\s*['"](?:md5|sha1)['"]\s*\)/i,
+        severity: 'high',
+        category: 'A02 Cryptographic Failures',
+        description: 'Weak cryptographic hash (MD5/SHA-1) detected.',
+        fix: 'Replace with SHA-256 or SHA-512 for hashing; use bcrypt/argon2 for passwords.',
+        cwe: 'CWE-327',
+        owasp: 'A02:2021',
+    },
+    {
+        regex: /createCipher\s*\(\s*['"](?:des|rc4)['"]\s*\)/i,
+        severity: 'high',
+        category: 'A02 Cryptographic Failures',
+        description: 'Broken symmetric cipher (DES/RC4) detected.',
+        fix: 'Replace with AES-256-GCM.',
+        cwe: 'CWE-327',
+        owasp: 'A02:2021',
+    },
+    {
+        regex: /http:\/\/(?!localhost|127\.0\.0\.1|0\.0\.0\.0)/,
+        severity: 'medium',
+        category: 'A02 Cryptographic Failures',
+        description: 'Plain HTTP URL detected — data transmitted without encryption.',
+        fix: 'Use HTTPS for all external URLs. Enforce HSTS in production.',
+        cwe: 'CWE-319',
+        owasp: 'A02:2021',
+    },
+    // A03 – Injection
+    {
+        regex: /['"`]\s*(?:SELECT|INSERT|UPDATE|DELETE)\b[^'"`]*\+\s*(?:req\.|params\.|body\.|query\.)\w+/i,
+        severity: 'critical',
+        category: 'A03 Injection',
+        description: 'String concatenation inside SQL query — SQL injection risk.',
+        fix: 'Use parameterised queries: db.query("SELECT ... WHERE id = $1", [id])',
+        cwe: 'CWE-89',
+        owasp: 'A03:2021',
+    },
+    {
+        regex: /\beval\s*\(|new\s+Function\s*\(/,
+        severity: 'critical',
+        category: 'A03 Injection',
+        description: 'eval() or new Function() detected — JavaScript injection vector.',
+        fix: 'Remove eval(). Use JSON.parse() for data or a dedicated expression parser.',
+        cwe: 'CWE-95',
+        owasp: 'A03:2021',
+    },
+    {
+        regex: /(?:exec|execSync|spawn)\s*\(\s*`[^`]*\$\{(?:req|params|body|query)\./,
+        severity: 'critical',
+        category: 'A03 Injection',
+        description: 'User input interpolated into shell command — OS command injection.',
+        fix: 'Use execFile() with a fixed command and an array of sanitised arguments.',
+        cwe: 'CWE-78',
+        owasp: 'A03:2021',
+    },
+    // A04 – Insecure Design
+    {
+        regex: /req\.body\.\w+\s*(?:&&|\|\||,|\))[^;]{0,120}(?:\.save\s*\(|\.create\s*\(|\.insert\s*\()/,
+        severity: 'medium',
+        category: 'A04 Insecure Design',
+        description: 'Request body values passed to persistence layer without visible validation.',
+        fix: 'Validate and sanitise all inputs with zod or joi before saving.',
+        cwe: 'CWE-20',
+        owasp: 'A04:2021',
+    },
+    // A05 – Security Misconfiguration
+    {
+        regex: /debug\s*[:=]\s*true/i,
+        severity: 'medium',
+        category: 'A05 Security Misconfiguration',
+        description: 'Debug mode flag set to true in source.',
+        fix: 'Guard debug features with NODE_ENV checks; never enable in production.',
+        cwe: 'CWE-16',
+        owasp: 'A05:2021',
+    },
+    {
+        regex: /password\s*[:=]\s*['"](?:admin|root|password|123456|secret|test|demo)['"]/i,
+        severity: 'critical',
+        category: 'A05 Security Misconfiguration',
+        description: 'Default or trivial credential detected in source.',
+        fix: 'Remove default credentials. Store only bcrypt hashes; move to env vars.',
+        cwe: 'CWE-1392',
+        owasp: 'A05:2021',
+    },
+    {
+        regex: /res\s*\.\s*(?:json|send)\s*\(\s*(?:err|error)\s*\)/,
+        severity: 'medium',
+        category: 'A05 Security Misconfiguration',
+        description: 'Raw error object sent in HTTP response — may expose internals.',
+        fix: 'Use a centralised error handler that maps errors to safe user-facing messages.',
+        cwe: 'CWE-209',
+        owasp: 'A05:2021',
+    },
+    // A06 – Vulnerable Components
+    {
+        regex: /require\s*\(\s*['"]node-serialize['"]\s*\)|from\s+['"]node-serialize['"]/,
+        severity: 'critical',
+        category: 'A06 Vulnerable Components',
+        description: 'node-serialize has a known Remote Code Execution vulnerability.',
+        fix: 'Remove node-serialize. Use JSON.parse() for safe deserialisation.',
+        cwe: 'CWE-502',
+        owasp: 'A06:2021',
+    },
+    {
+        regex: /require\s*\(\s*['"]request['"]\s*\)|from\s+['"]request['"]/,
+        severity: 'low',
+        category: 'A06 Vulnerable Components',
+        description: 'The "request" package is deprecated and unmaintained.',
+        fix: 'Replace with native fetch() (Node 18+), axios, or got.',
+        owasp: 'A06:2021',
+    },
+    // A07 – Authentication Failures
+    {
+        regex: /localStorage\s*\.\s*setItem\s*\(\s*['"][^'"]*(?:token|jwt|auth)[^'"]*['"]/i,
+        severity: 'high',
+        category: 'A07 Authentication Failures',
+        description: 'Auth token stored in localStorage — vulnerable to XSS theft.',
+        fix: 'Store tokens in httpOnly, Secure, SameSite=Strict cookies.',
+        cwe: 'CWE-922',
+        owasp: 'A07:2021',
+    },
+    {
+        regex: /router\s*\.\s*post\s*\(\s*['"]\/(?:login|signin|auth)['"]/i,
+        severity: 'high',
+        category: 'A07 Authentication Failures',
+        description: 'Auth endpoint found — verify rate limiting is applied.',
+        fix: 'Apply express-rate-limit to all auth routes to prevent brute-force attacks.',
+        cwe: 'CWE-307',
+        owasp: 'A07:2021',
+    },
+    // A08 – Software Integrity
+    {
+        regex: /JSON\.parse\s*\(\s*(?:req\.|body\.|params\.|query\.)\w+/,
+        severity: 'medium',
+        category: 'A08 Software Integrity',
+        description: 'JSON.parse on user-supplied data without visible try/catch or schema validation.',
+        fix: 'Wrap JSON.parse in try/catch and validate the result structure with zod.',
+        cwe: 'CWE-502',
+        owasp: 'A08:2021',
+    },
+    // A09 – Logging Failures
+    {
+        regex: /console\s*\.\s*log\s*\([^)]*(?:password|passwd|secret|token|apikey|api_key)[^)]*\)/i,
+        severity: 'high',
+        category: 'A09 Logging Failures',
+        description: 'Sensitive value (password/secret/token) may be written to logs.',
+        fix: 'Never log sensitive fields. Redact before passing to the logger.',
+        cwe: 'CWE-532',
+        owasp: 'A09:2021',
+    },
+    // A10 – SSRF
+    {
+        regex: /(?:fetch|axios\.get|axios\.post|http\.get)\s*\(\s*(?:req\.|body\.|params\.|query\.)\w+/,
+        severity: 'critical',
+        category: 'A10 SSRF',
+        description: 'User-supplied value passed directly to HTTP client — SSRF risk.',
+        fix: 'Validate the URL against a strict allow-list of permitted domains. Reject internal IP ranges.',
+        cwe: 'CWE-918',
+        owasp: 'A10:2021',
+    },
+];
+// ─── Public API ────────────────────────────────────────────────────────────
+export function analyze(code, context) {
+    const findings = [];
+    for (const check of CHECKS) {
+        if (check.regex.test(code)) {
+            const finding = {
+                severity: check.severity,
+                category: check.category,
+                description: check.description,
+                fix: check.fix,
+                owasp: check.owasp,
+            };
+            if (check.cwe)
+                finding.cwe = check.cwe;
+            findings.push(finding);
+        }
+    }
+    const critical = findings.filter(f => f.severity === 'critical').length;
+    const high = findings.filter(f => f.severity === 'high').length;
+    const medium = findings.filter(f => f.severity === 'medium').length;
+    const low = findings.filter(f => f.severity === 'low').length;
+    const raw = 100 - (critical * 25 + high * 10 + medium * 5 + low * 2);
+    const score = Math.max(0, raw);
+    const verdict = score >= 90 ? 'approved'
+        : score >= 70 ? 'approved_with_warnings'
+            : score >= 50 ? 'needs_revision'
+                : 'rejected';
+    const subject = context ?? 'provided code';
+    const summary = findings.length === 0
+        ? `No OWASP Top 10 violations detected in ${subject}. Score: ${score}/100.`
+        : `Found ${findings.length} issue(s) in ${subject}: ${critical} critical, ${high} high, ${medium} medium, ${low} low. Score: ${score}/100 — ${verdict.replace(/_/g, ' ')}.`;
+    return {
+        agent: 'security-scanner',
+        subject,
+        findings,
+        score,
+        verdict,
+        summary,
+        critical_count: critical,
+        high_count: high,
+    };
+}
+//# sourceMappingURL=scanner.js.map

package/dist/agents/security/secrets.js

@@ -0,0 +1,212 @@
+// ─── Plan ──────────────────────────────────────────────────────────────────
+export function plan(task, _context) {
+    return {
+        agent: 'secrets',
+        task,
+        tier: 1,
+        approach: 'Systematically detect, rotate, and vault all credentials. ' +
+            'Apply defence-in-depth: scan source, enforce pre-commit hooks, ' +
+            'use a secrets manager, and never let secrets reach version control.',
+        steps: [
+            'Run static scan (this agent) across the entire codebase including .env files',
+            'Identify all credential types: API keys, DB connection strings, private keys, tokens',
+            'Rotate any exposed credentials immediately — assume they are compromised',
+            'Move all secrets to a secrets manager (AWS Secrets Manager, Vault, Doppler)',
+            'Replace hardcoded values with environment-variable references',
+            'Add .env* to .gitignore; add .env.example with placeholder values',
+            'Install a pre-commit hook (git-secrets, gitleaks) to block future commits',
+            'Configure CI/CD secret scanning (GitHub secret scanning, Trufflehog action)',
+            'Set minimum secret rotation period in policy (90 days for API keys, 30 for DB)',
+            'Document which services own which secrets in a secrets inventory',
+        ],
+        checklist: [
+            'No secrets committed to the repository (scan with gitleaks/trufflehog)',
+            '.env files listed in .gitignore at the repo root',
+            '.env.example present with only placeholder values, no real secrets',
+            'All API keys loaded from process.env at runtime, not import-time constants',
+            'AWS credentials use IAM roles / instance profiles, not access key + secret pairs',
+            'Private keys stored in a hardware security module or secrets manager',
+            'JWT_SECRET is at least 256 bits of random entropy, not a dictionary word',
+            'Database connection strings contain no credentials (use socket auth or Secrets Manager)',
+            'GitHub tokens scoped to minimal required permissions and set to expire',
+            'Secret scanning enabled in GitHub repository settings',
+            'Pre-commit hook configured to block secrets (git-secrets or gitleaks)',
+            'CI pipeline fails if any secret pattern is detected in changed files',
+            'Secrets rotated after any team-member departure or suspected exposure',
+            'Audit log maintained of who accessed each secret and when',
+        ],
+        pitfalls: [
+            'Committing .env files accidentally when .gitignore is misconfigured',
+            'Hardcoding secrets in Dockerfile ARG/ENV layers visible in image history',
+            'Logging full request headers which include Authorization bearer tokens',
+            'Storing secrets in client-side code bundled into the browser',
+            'Using short or guessable JWT secrets ("secret", "mysecret", "1234")',
+            'Checking in AWS credentials profile files (~/.aws/credentials) via CI runners',
+            'Embedding secrets in CI/CD YAML files instead of using encrypted variables',
+        ],
+        patterns: [
+            'Twelve-Factor App: config via environment variables',
+            'Secrets manager pattern: centralised vault with short-lived leases',
+            'Secret rotation pattern: automated rotation with zero-downtime swap',
+            'Pre-commit hook pattern: block secrets before they enter git history',
+        ],
+        duration_estimate: '2-4 hours for full secrets audit and remediation',
+    };
+}
+const PATTERNS = [
+    {
+        type: 'AWS Access Key',
+        regex: /AKIA[0-9A-Z]{16}/,
+        severity: 'critical',
+        fix: 'Immediately revoke this AWS access key in the IAM console. Use IAM roles or instance profiles instead.',
+    },
+    {
+        type: 'AWS Secret Access Key',
+        regex: /aws_secret_access_key\s*=\s*['"]?[A-Za-z0-9/+]{40}['"]?/i,
+        severity: 'critical',
+        fix: 'Rotate the AWS secret access key immediately. Store credentials in AWS Secrets Manager or via instance role.',
+    },
+    {
+        type: 'GitHub Token (ghp_)',
+        regex: /ghp_[a-zA-Z0-9]{36}/,
+        severity: 'critical',
+        fix: 'Revoke this GitHub personal access token immediately. Use short-lived tokens with minimal scopes.',
+    },
+    {
+        type: 'GitHub Token (env var)',
+        regex: /github_token\s*=\s*['"][a-zA-Z0-9_]{20,}['"]/i,
+        severity: 'high',
+        fix: 'Move the GitHub token to a CI/CD secret variable. Never hardcode tokens.',
+    },
+    {
+        type: 'RSA Private Key',
+        regex: /-----BEGIN RSA PRIVATE KEY-----/,
+        severity: 'critical',
+        fix: 'Remove the private key from source. Store in a secrets manager or HSM. Rotate the key pair immediately.',
+    },
+    {
+        type: 'EC Private Key',
+        regex: /-----BEGIN EC PRIVATE KEY-----/,
+        severity: 'critical',
+        fix: 'Remove the private key from source. Store in a secrets manager or HSM. Rotate the key pair immediately.',
+    },
+    {
+        type: 'OpenSSH Private Key',
+        regex: /-----BEGIN OPENSSH PRIVATE KEY-----/,
+        severity: 'critical',
+        fix: 'Remove the private key from source. Store in a secrets manager or HSM. Rotate the key pair immediately.',
+    },
+    {
+        type: 'API Key (generic)',
+        regex: /(?:api_key|apikey|api-key)\s*[:=]\s*['"][a-zA-Z0-9_\-]{20,}['"]/i,
+        severity: 'high',
+        fix: 'Move the API key to an environment variable. Load via process.env.API_KEY at runtime.',
+    },
+    {
+        type: 'JWT Secret',
+        regex: /jwt_secret\s*[:=]\s*['"][^'"]{8,}['"]/i,
+        severity: 'high',
+        fix: 'Move JWT_SECRET to an environment variable. Use at least 256 bits of random entropy.',
+    },
+    {
+        type: 'Hardcoded Password',
+        regex: /password\s*[:=]\s*['"][^'"]{4,}['"]/i,
+        severity: 'high',
+        fix: 'Remove hardcoded password. Store in environment variable and load at runtime.',
+    },
+    {
+        type: 'MongoDB Connection String',
+        regex: /mongodb(?:\+srv)?:\/\/[^:]+:[^@]+@/,
+        severity: 'critical',
+        fix: 'Rotate MongoDB credentials immediately. Use environment variable MONGODB_URI with no credentials in source.',
+    },
+    {
+        type: 'PostgreSQL Connection String',
+        regex: /postgres(?:ql)?:\/\/[^:]+:[^@]+@/,
+        severity: 'critical',
+        fix: 'Rotate PostgreSQL credentials immediately. Use DATABASE_URL environment variable.',
+    },
+    {
+        type: 'MySQL Connection String',
+        regex: /mysql:\/\/[^:]+:[^@]+@/,
+        severity: 'critical',
+        fix: 'Rotate MySQL credentials immediately. Use DATABASE_URL environment variable.',
+    },
+    {
+        type: 'Slack Token',
+        regex: /xox[baprs]-[0-9A-Za-z\-]{10,}/,
+        severity: 'high',
+        fix: 'Revoke this Slack token immediately. Store in a secrets manager.',
+    },
+    {
+        type: 'Generic High-Entropy Secret',
+        regex: /(?:secret|token|key|passwd)\s*[:=]\s*['"][A-Za-z0-9+/=_\-]{32,}['"]/i,
+        severity: 'medium',
+        fix: 'Review this value. If it is a secret, move it to an environment variable or secrets manager.',
+    },
+];
+// ─── Helper: mask value ────────────────────────────────────────────────────
+function maskValue(raw) {
+    const match = raw.match(/['"]([^'"]+)['"]/);
+    const secret = match ? match[1] : raw.replace(/.*[:=]\s*/, '');
+    return secret.length >= 4 ? `${secret.slice(0, 4)}****` : '****';
+}
+// ─── Public API ────────────────────────────────────────────────────────────
+export function scan(text) {
+    const findings = [];
+    const lines = text.split('\n');
+    for (let lineIndex = 0; lineIndex < lines.length; lineIndex++) {
+        const line = lines[lineIndex];
+        for (const pattern of PATTERNS) {
+            const match = line.match(pattern.regex);
+            if (match) {
+                findings.push({
+                    type: pattern.type,
+                    value: maskValue(match[0]),
+                    line: lineIndex + 1,
+                    severity: pattern.severity,
+                    fix: pattern.fix,
+                });
+                break; // one finding per pattern per line
+            }
+        }
+    }
+    return findings;
+}
+export function analyze(code, context) {
+    const secretFindings = scan(code);
+    const findings = secretFindings.map(sf => ({
+        severity: sf.severity,
+        category: 'Credential Exposure',
+        description: `${sf.type} detected at line ${sf.line} (value: ${sf.value})`,
+        fix: sf.fix,
+        location: `line ${sf.line}`,
+        cwe: 'CWE-798',
+        owasp: 'A02:2021',
+    }));
+    const critical = findings.filter(f => f.severity === 'critical').length;
+    const high = findings.filter(f => f.severity === 'high').length;
+    const medium = findings.filter(f => f.severity === 'medium').length;
+    const low = findings.filter(f => f.severity === 'low').length;
+    const raw = 100 - (critical * 25 + high * 10 + medium * 5 + low * 2);
+    const score = Math.max(0, raw);
+    const verdict = score >= 90 ? 'approved'
+        : score >= 70 ? 'approved_with_warnings'
+            : score >= 50 ? 'needs_revision'
+                : 'rejected';
+    const subject = context ?? 'provided code';
+    const summary = findings.length === 0
+        ? `No credentials or secrets detected in ${subject}. Score: ${score}/100.`
+        : `Found ${findings.length} credential(s) in ${subject}: ${critical} critical, ${high} high, ${medium} medium. Score: ${score}/100 — ${verdict.replace(/_/g, ' ')}.`;
+    return {
+        agent: 'secrets',
+        subject,
+        findings,
+        score,
+        verdict,
+        summary,
+        critical_count: critical,
+        high_count: high,
+    };
+}
+//# sourceMappingURL=secrets.js.map

package/dist/agents/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/agents/workflow/automation.js

@@ -0,0 +1,56 @@
+export function plan(task, context) {
+    const t = (task + ' ' + (context ?? '')).toLowerCase();
+    const isCron = t.includes('cron') || t.includes('schedule') || t.includes('recurring') || t.includes('daily') || t.includes('weekly');
+    const isPipeline = t.includes('pipeline') || t.includes('ci') || t.includes('workflow') || t.includes('trigger') || t.includes('webhook');
+    const isScript = t.includes('script') || t.includes('automat') || t.includes('batch') || t.includes('bulk');
+    const approach = isCron
+        ? 'Design the cron job with three safety properties: idempotency (running it twice should be safe), observability (every run logs start/end/result), and alerting (failed runs must page someone). The most common cron bug is silent failure — the job stops running and nobody notices for weeks.'
+        : isPipeline
+            ? 'Design the pipeline with exactly-once execution semantics where possible. Each stage should be independently retryable. Every stage logs its input and output. The pipeline must have a dead-letter mechanism for events that fail after max retries.'
+            : isScript
+                ? 'Write the automation script as a dry-run first: add a --dry-run flag that shows what would happen without doing it. Test the dry-run output before removing the flag. Automation that cannot be previewed should not exist.'
+                : 'Design the automation with four properties: idempotent (safe to re-run), observable (logs start/end/result), alertable (failures surface immediately), and reversible (can undo if wrong).';
+    return {
+        agent: 'automation',
+        task,
+        tier: 2,
+        approach,
+        steps: [
+            'Define the trigger: what starts this automation? (schedule, event, webhook, manual)',
+            'Define the idempotency strategy: what prevents duplicate execution from causing harm?',
+            'Define the happy path: what are the exact steps in order?',
+            'Define the failure modes: what can go wrong at each step?',
+            'Design retry logic: how many retries, with what backoff, before giving up?',
+            'Design the dead-letter path: what happens to items that fail after max retries?',
+            'Add structured logging: every run logs start (with input), each step result, and end (with outcome)',
+            'Add alerting: failed runs must produce an alert, not just a log entry',
+            'Add a dry-run mode for scripts that modify data',
+            'Test the failure path explicitly — do not assume the happy path covers everything',
+        ],
+        checklist: [
+            '[ ] Trigger defined and documented',
+            '[ ] Idempotency strategy implemented',
+            '[ ] Retry logic with bounded backoff',
+            '[ ] Dead-letter mechanism for permanent failures',
+            '[ ] Structured logging on every run',
+            '[ ] Alert on failure (not just log)',
+            '[ ] Dry-run mode for destructive operations',
+            '[ ] Failure path tested explicitly',
+        ],
+        pitfalls: [
+            'Silent failure — cron jobs that fail without alerting are the most dangerous automation',
+            'No idempotency — running the job twice sends duplicate emails, charges customers twice',
+            'Unbounded retries — a failing job retries forever and blocks the queue',
+            'No dry-run — automation that modifies data cannot be safely previewed before running',
+            'Logging only on failure — you cannot diagnose why it failed without knowing what it was doing',
+        ],
+        patterns: [
+            'IDOA framework: Idempotent → Observable → Alertable → Dry-run-capable',
+            'Dead-letter queue: every event that fails max retries goes here, never silently dropped',
+            'Structured run log: { job, run_id, started_at, input_count, success_count, error_count, ended_at }',
+            'Failure-first testing: write the test for the failure path before the happy path',
+        ],
+        duration_estimate: '2-6 hours',
+    };
+}
+//# sourceMappingURL=automation.js.map

package/dist/agents/workflow/file-manager.js

@@ -0,0 +1,49 @@
+export function plan(task, context) {
+    const t = (task + ' ' + (context ?? '')).toLowerCase();
+    const isCreate = t.includes('creat') || t.includes('scaffold') || t.includes('new file') || t.includes('add');
+    const isDelete = t.includes('delet') || t.includes('remov') || t.includes('clean') || t.includes('purge');
+    const isMove = t.includes('mov') || t.includes('renam') || t.includes('restructur') || t.includes('reorgan');
+    const approach = isDelete
+        ? 'Before deleting: verify nothing imports the file (grep for the filename and all its exports). Check git log to understand why it was created. If it is safe to delete, remove it and fix all broken imports. Never delete without checking references first.'
+        : isMove
+            ? 'Before moving: map all import paths that reference this file. Update every import after moving. Run the build to confirm no broken imports remain. Update any barrel index files that re-export the moved module.'
+            : isCreate
+                ? 'Create files in the right location: match the existing directory conventions. Add the new file to any relevant barrel index. Do not create a new directory when an existing one fits. Name the file to match its primary export.'
+                : 'Execute the file operation safely. For any destructive operation (delete, overwrite): verify the operation is correct before running it. For moves and renames: update all references atomically.';
+    return {
+        agent: 'file-manager',
+        task,
+        tier: 1,
+        approach,
+        steps: [
+            'Identify the exact files to create, modify, move, or delete',
+            'For deletes: grep for all imports/references to the file before touching it',
+            'For moves: list all files that import from the source path',
+            'Execute the operation',
+            'Update all import paths that reference moved or deleted files',
+            'Update barrel index files (index.ts) if the file is re-exported',
+            'Run the TypeScript build to confirm no broken imports',
+            'Update the project map via veto_project_map_update',
+        ],
+        checklist: [
+            '[ ] References checked before any delete or rename',
+            '[ ] All import paths updated after move/rename',
+            '[ ] Barrel indexes updated',
+            '[ ] Build passes after operation',
+            '[ ] Project map updated via veto_project_map_update',
+        ],
+        pitfalls: [
+            'Deleting a file without checking what imports it — silent build breakage',
+            'Moving a file without updating all import paths — TypeScript will error',
+            'Creating a new directory when an existing one is the right home',
+            'Forgetting to update barrel index files after adding/removing a module',
+        ],
+        patterns: [
+            'Reference-before-delete: always grep for imports before deleting a file',
+            'Atomic rename: update the file and all its references in a single operation',
+            'Barrel maintenance: every add/remove in a directory requires checking the index.ts',
+        ],
+        duration_estimate: '15-60 minutes',
+    };
+}
+//# sourceMappingURL=file-manager.js.map