npm - @kb-labs/shared - Versions diffs - 1.1.0 - Mend

@kb-labs/shared 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (232) hide show

package/.cursorrules +32 -0
package/.github/workflows/ci.yml +13 -0
package/.github/workflows/deploy.yml +28 -0
package/.github/workflows/docker-build.yml +25 -0
package/.github/workflows/drift-check.yml +10 -0
package/.github/workflows/profiles-validate.yml +16 -0
package/.github/workflows/release.yml +8 -0
package/.kb/devkit/agents/devkit-maintainer/context.globs +15 -0
package/.kb/devkit/agents/devkit-maintainer/permissions.yml +17 -0
package/.kb/devkit/agents/devkit-maintainer/prompt.md +28 -0
package/.kb/devkit/agents/devkit-maintainer/runbook.md +31 -0
package/.kb/devkit/agents/docs-crafter/prompt.md +24 -0
package/.kb/devkit/agents/docs-crafter/runbook.md +18 -0
package/.kb/devkit/agents/release-manager/context.globs +7 -0
package/.kb/devkit/agents/release-manager/prompt.md +27 -0
package/.kb/devkit/agents/release-manager/runbook.md +17 -0
package/.kb/devkit/agents/test-generator/context.globs +7 -0
package/.kb/devkit/agents/test-generator/prompt.md +27 -0
package/.kb/devkit/agents/test-generator/runbook.md +18 -0
package/.vscode/settings.json +23 -0
package/CHANGELOG.md +33 -0
package/CONTRIBUTING.md +117 -0
package/LICENSE +21 -0
package/README.md +306 -0
package/docs/DECLARATIVE-FLAGS-AND-ENV.md +622 -0
package/docs/DOCUMENTATION.md +70 -0
package/docs/adr/0000-template.md +52 -0
package/docs/adr/0001-architecture-and-repository-layout.md +31 -0
package/docs/adr/0002-plugins-and-extensibility.md +44 -0
package/docs/adr/0003-package-and-module-boundaries.md +35 -0
package/docs/adr/0004-versioning-and-release-policy.md +36 -0
package/docs/adr/0005-reactive-loader-pattern.md +179 -0
package/docs/adr/0006-declarative-flags-and-env-systems.md +376 -0
package/eslint.config.js +27 -0
package/kb-labs.config.json +5 -0
package/package.json +88 -0
package/package.json.bin +25 -0
package/package.json.lib +30 -0
package/packages/shared-cli-ui/CHANGELOG.md +20 -0
package/packages/shared-cli-ui/README.md +342 -0
package/packages/shared-cli-ui/docs/ARCHITECTURE.md +105 -0
package/packages/shared-cli-ui/eslint.config.js +27 -0
package/packages/shared-cli-ui/package.json +72 -0
package/packages/shared-cli-ui/src/__tests__/artifacts-display.spec.ts +89 -0
package/packages/shared-cli-ui/src/__tests__/format.spec.ts +44 -0
package/packages/shared-cli-ui/src/__tests__/loader-json-mode.test.ts +119 -0
package/packages/shared-cli-ui/src/artifacts-display.ts +266 -0
package/packages/shared-cli-ui/src/cli-auto-discovery.ts +120 -0
package/packages/shared-cli-ui/src/colors.ts +142 -0
package/packages/shared-cli-ui/src/command-discovery.ts +72 -0
package/packages/shared-cli-ui/src/command-output.ts +153 -0
package/packages/shared-cli-ui/src/command-result.ts +267 -0
package/packages/shared-cli-ui/src/command-runner.ts +310 -0
package/packages/shared-cli-ui/src/command-suggestions.ts +204 -0
package/packages/shared-cli-ui/src/debug/components/output.ts +141 -0
package/packages/shared-cli-ui/src/debug/components/trace.ts +101 -0
package/packages/shared-cli-ui/src/debug/components/tree.ts +88 -0
package/packages/shared-cli-ui/src/debug/formatters/ai.ts +17 -0
package/packages/shared-cli-ui/src/debug/formatters/human.ts +98 -0
package/packages/shared-cli-ui/src/debug/formatters/timeline.ts +94 -0
package/packages/shared-cli-ui/src/debug/index.ts +56 -0
package/packages/shared-cli-ui/src/debug/types.ts +57 -0
package/packages/shared-cli-ui/src/debug/utilities.ts +203 -0
package/packages/shared-cli-ui/src/dynamic-command-discovery.ts +131 -0
package/packages/shared-cli-ui/src/format.ts +412 -0
package/packages/shared-cli-ui/src/index.ts +34 -0
package/packages/shared-cli-ui/src/loader.ts +196 -0
package/packages/shared-cli-ui/src/manifest-parser.ts +151 -0
package/packages/shared-cli-ui/src/modern-format.ts +271 -0
package/packages/shared-cli-ui/src/multi-cli-suggestions.ts +159 -0
package/packages/shared-cli-ui/src/table.ts +134 -0
package/packages/shared-cli-ui/src/timing-tracker.ts +68 -0
package/packages/shared-cli-ui/src/utils/context.ts +12 -0
package/packages/shared-cli-ui/src/utils/env.ts +164 -0
package/packages/shared-cli-ui/src/utils/flags.ts +269 -0
package/packages/shared-cli-ui/src/utils/path.ts +8 -0
package/packages/shared-cli-ui/tsconfig.build.json +15 -0
package/packages/shared-cli-ui/tsconfig.json +9 -0
package/packages/shared-cli-ui/tsup.config.ts +11 -0
package/packages/shared-cli-ui/vitest.config.ts +15 -0
package/packages/shared-command-kit/CHANGELOG.md +20 -0
package/packages/shared-command-kit/LICENSE +22 -0
package/packages/shared-command-kit/README.md +1030 -0
package/packages/shared-command-kit/docs/HIGH-LEVEL-API.md +89 -0
package/packages/shared-command-kit/docs/LOW-LEVEL-API.md +105 -0
package/packages/shared-command-kit/docs/MIGRATION-GUIDE.md +135 -0
package/packages/shared-command-kit/eslint.config.js +27 -0
package/packages/shared-command-kit/eslint.config.ts +14 -0
package/packages/shared-command-kit/package.json +76 -0
package/packages/shared-command-kit/prettierrc.json +5 -0
package/packages/shared-command-kit/src/__tests__/define-command.spec.ts +294 -0
package/packages/shared-command-kit/src/__tests__/define-route.test.ts +285 -0
package/packages/shared-command-kit/src/__tests__/define-system-command.spec.ts +508 -0
package/packages/shared-command-kit/src/__tests__/define-webhook.test.ts +156 -0
package/packages/shared-command-kit/src/__tests__/define-websocket.test.ts +316 -0
package/packages/shared-command-kit/src/__tests__/errors.spec.ts +45 -0
package/packages/shared-command-kit/src/__tests__/flags.spec.ts +353 -0
package/packages/shared-command-kit/src/__tests__/platform-api.test.ts +135 -0
package/packages/shared-command-kit/src/__tests__/plugin-context-v3.snapshot.spec.ts +240 -0
package/packages/shared-command-kit/src/__tests__/ws-types.test.ts +359 -0
package/packages/shared-command-kit/src/analytics/index.ts +6 -0
package/packages/shared-command-kit/src/analytics/with-analytics.ts +195 -0
package/packages/shared-command-kit/src/define-action.ts +100 -0
package/packages/shared-command-kit/src/define-command.ts +113 -0
package/packages/shared-command-kit/src/define-route.ts +113 -0
package/packages/shared-command-kit/src/define-system-command.ts +362 -0
package/packages/shared-command-kit/src/define-webhook.ts +115 -0
package/packages/shared-command-kit/src/define-websocket.ts +308 -0
package/packages/shared-command-kit/src/errors/factory.ts +282 -0
package/packages/shared-command-kit/src/errors/format-validation.ts +144 -0
package/packages/shared-command-kit/src/errors/format.ts +92 -0
package/packages/shared-command-kit/src/errors/index.ts +9 -0
package/packages/shared-command-kit/src/errors/types.ts +32 -0
package/packages/shared-command-kit/src/flags/define.ts +92 -0
package/packages/shared-command-kit/src/flags/index.ts +9 -0
package/packages/shared-command-kit/src/flags/types.ts +153 -0
package/packages/shared-command-kit/src/flags/validate.ts +358 -0
package/packages/shared-command-kit/src/helpers/context.ts +8 -0
package/packages/shared-command-kit/src/helpers/flags.ts +84 -0
package/packages/shared-command-kit/src/helpers/index.ts +42 -0
package/packages/shared-command-kit/src/helpers/patterns.ts +464 -0
package/packages/shared-command-kit/src/helpers/platform.ts +335 -0
package/packages/shared-command-kit/src/helpers/use-analytics.ts +95 -0
package/packages/shared-command-kit/src/helpers/use-cache.ts +97 -0
package/packages/shared-command-kit/src/helpers/use-config.ts +99 -0
package/packages/shared-command-kit/src/helpers/use-embeddings.ts +49 -0
package/packages/shared-command-kit/src/helpers/use-llm.ts +316 -0
package/packages/shared-command-kit/src/helpers/use-logger.ts +77 -0
package/packages/shared-command-kit/src/helpers/use-platform.ts +111 -0
package/packages/shared-command-kit/src/helpers/use-resource-broker.ts +106 -0
package/packages/shared-command-kit/src/helpers/use-storage.ts +71 -0
package/packages/shared-command-kit/src/helpers/use-vector-store.ts +49 -0
package/packages/shared-command-kit/src/helpers/validation.ts +398 -0
package/packages/shared-command-kit/src/index.ts +410 -0
package/packages/shared-command-kit/src/jobs.ts +132 -0
package/packages/shared-command-kit/src/lifecycle/define-handlers.ts +366 -0
package/packages/shared-command-kit/src/lifecycle/index.ts +6 -0
package/packages/shared-command-kit/src/manifest.ts +127 -0
package/packages/shared-command-kit/src/rest/define-handler.ts +187 -0
package/packages/shared-command-kit/src/rest/index.ts +11 -0
package/packages/shared-command-kit/src/studio/index.ts +12 -0
package/packages/shared-command-kit/src/validation/index.ts +6 -0
package/packages/shared-command-kit/src/validation/schema-builders.ts +409 -0
package/packages/shared-command-kit/src/ws-types.ts +106 -0
package/packages/shared-command-kit/tsconfig.build.json +15 -0
package/packages/shared-command-kit/tsconfig.json +9 -0
package/packages/shared-command-kit/tsup.config.ts +30 -0
package/packages/shared-command-kit/vitest.config.ts +4 -0
package/packages/shared-http/package.json +67 -0
package/packages/shared-http/src/__tests__/log-correlation.test.ts +81 -0
package/packages/shared-http/src/__tests__/operation-metrics-tracker.test.ts +55 -0
package/packages/shared-http/src/http-observability-collector.ts +363 -0
package/packages/shared-http/src/index.ts +36 -0
package/packages/shared-http/src/log-correlation.ts +89 -0
package/packages/shared-http/src/operation-metrics-tracker.ts +107 -0
package/packages/shared-http/src/register-openapi.ts +108 -0
package/packages/shared-http/src/resolve-schema-ref.ts +75 -0
package/packages/shared-http/src/schemas.ts +29 -0
package/packages/shared-http/src/service-observability.ts +63 -0
package/packages/shared-http/tsconfig.build.json +15 -0
package/packages/shared-http/tsconfig.json +9 -0
package/packages/shared-http/tsup.config.ts +23 -0
package/packages/shared-http/vitest.config.ts +13 -0
package/packages/shared-perm-presets/CHANGELOG.md +20 -0
package/packages/shared-perm-presets/README.md +78 -0
package/packages/shared-perm-presets/eslint.config.js +27 -0
package/packages/shared-perm-presets/package.json +45 -0
package/packages/shared-perm-presets/src/__tests__/combine.test.ts +403 -0
package/packages/shared-perm-presets/src/__tests__/presets.test.ts +205 -0
package/packages/shared-perm-presets/src/combine.ts +278 -0
package/packages/shared-perm-presets/src/index.ts +18 -0
package/packages/shared-perm-presets/src/presets/ci-environment.ts +34 -0
package/packages/shared-perm-presets/src/presets/full-env.ts +16 -0
package/packages/shared-perm-presets/src/presets/git-workflow.ts +40 -0
package/packages/shared-perm-presets/src/presets/index.ts +8 -0
package/packages/shared-perm-presets/src/presets/kb-platform.ts +30 -0
package/packages/shared-perm-presets/src/presets/llm-access.ts +29 -0
package/packages/shared-perm-presets/src/presets/minimal.ts +21 -0
package/packages/shared-perm-presets/src/presets/npm-publish.ts +48 -0
package/packages/shared-perm-presets/src/presets/vector-store.ts +40 -0
package/packages/shared-perm-presets/src/types.ts +192 -0
package/packages/shared-perm-presets/tsconfig.build.json +15 -0
package/packages/shared-perm-presets/tsconfig.json +9 -0
package/packages/shared-perm-presets/tsup.config.ts +8 -0
package/packages/shared-perm-presets/vitest.config.ts +9 -0
package/packages/shared-testing/CHANGELOG.md +20 -0
package/packages/shared-testing/README.md +430 -0
package/packages/shared-testing/package.json +51 -0
package/packages/shared-testing/src/__tests__/create-test-context.test.ts +199 -0
package/packages/shared-testing/src/__tests__/mock-cache.test.ts +174 -0
package/packages/shared-testing/src/__tests__/mock-llm.test.ts +212 -0
package/packages/shared-testing/src/__tests__/setup-platform.test.ts +90 -0
package/packages/shared-testing/src/__tests__/test-command.test.ts +557 -0
package/packages/shared-testing/src/create-test-context.ts +550 -0
package/packages/shared-testing/src/index.ts +77 -0
package/packages/shared-testing/src/mock-cache.ts +179 -0
package/packages/shared-testing/src/mock-llm.ts +319 -0
package/packages/shared-testing/src/mock-logger.ts +97 -0
package/packages/shared-testing/src/mock-storage.ts +108 -0
package/packages/shared-testing/src/setup-platform.ts +101 -0
package/packages/shared-testing/src/test-command.ts +288 -0
package/packages/shared-testing/tsconfig.build.json +15 -0
package/packages/shared-testing/tsconfig.json +9 -0
package/packages/shared-testing/tsup.config.ts +20 -0
package/packages/shared-testing/vitest.config.ts +3 -0
package/packages/shared-tool-kit/CHANGELOG.md +20 -0
package/packages/shared-tool-kit/package.json +47 -0
package/packages/shared-tool-kit/src/__tests__/factory.test.ts +103 -0
package/packages/shared-tool-kit/src/__tests__/mock-tool.test.ts +95 -0
package/packages/shared-tool-kit/src/factory.ts +126 -0
package/packages/shared-tool-kit/src/index.ts +32 -0
package/packages/shared-tool-kit/src/testing/index.ts +84 -0
package/packages/shared-tool-kit/tsconfig.build.json +15 -0
package/packages/shared-tool-kit/tsconfig.json +9 -0
package/packages/shared-tool-kit/tsup.config.ts +21 -0
package/pnpm-workspace.yaml +11070 -0
package/prettierrc.json +1 -0
package/scripts/devkit-sync.mjs +37 -0
package/scripts/hooks/post-push +9 -0
package/scripts/hooks/pre-commit +9 -0
package/scripts/hooks/pre-push +9 -0
package/tsconfig.base.json +9 -0
package/tsconfig.build.json +15 -0
package/tsconfig.json +9 -0
package/tsconfig.paths.json +50 -0
package/tsconfig.tools.json +18 -0
package/tsup.config.bin.ts +34 -0
package/tsup.config.cli.ts +41 -0
package/tsup.config.dual.ts +46 -0
package/tsup.config.ts +36 -0
package/tsup.external.json +104 -0
package/vitest.config.ts +48 -0

package/packages/shared-perm-presets/src/combine.ts ADDED Viewed

@@ -0,0 +1,278 @@
+import type { PermissionSpec, PermissionPreset, PresetBuilder, RuntimePermissionSpec, PlatformPermissions } from './types';
+/**
+ * Merge two string arrays, removing duplicates
+ */
+function mergeArrays(a?: string[], b?: string[]): string[] | undefined {
+  if (!a && !b) {return undefined;}
+  const set = new Set([...(a ?? []), ...(b ?? [])]);
+  return set.size > 0 ? [...set] : undefined;
+}
+/**
+ * Merge platform permissions
+ */
+function mergePlatformPermissions(
+  base?: PermissionSpec['platform'],
+  next?: PermissionSpec['platform']
+): PermissionSpec['platform'] | undefined {
+  if (!base && !next) {return undefined;}
+  if (!base) {return next;}
+  if (!next) {return base;}
+  const result: PermissionSpec['platform'] = {};
+  // Merge each platform service (second value wins for booleans, arrays are merged)
+  const keys = new Set([...Object.keys(base), ...Object.keys(next)]) as Set<keyof typeof base>;
+  for (const key of keys) {
+    const baseVal = base[key];
+    const nextVal = next[key];
+    if (nextVal === undefined) {
+      result[key] = baseVal as any;
+    } else if (Array.isArray(nextVal)) {
+      // Merge arrays (for cache namespaces, storage paths)
+      result[key] = mergeArrays(
+        Array.isArray(baseVal) ? baseVal : undefined,
+        nextVal
+      ) as any;
+    } else if (typeof nextVal === 'object' && nextVal !== null) {
+      // Merge objects (for llm.models, vectorStore.collections, etc.)
+      result[key] = { ...(typeof baseVal === 'object' ? baseVal : {}), ...nextVal } as any;
+    } else {
+      // Boolean or primitive - second value wins
+      result[key] = nextVal as any;
+    }
+  }
+  return Object.keys(result).length > 0 ? result : undefined;
+}
+/**
+ * Merge two permission specs together
+ * Arrays are merged (union), scalars use the second value
+ */
+function mergeSpecs(base: PermissionSpec, next: PermissionSpec): PermissionSpec {
+  const result: PermissionSpec = {};
+  // Merge fs
+  if (base.fs || next.fs) {
+    result.fs = {
+      // readWrite wins over read
+      mode: next.fs?.mode ?? base.fs?.mode,
+      allow: mergeArrays(base.fs?.allow, next.fs?.allow),
+    };
+    // Clean up undefined fields
+    if (result.fs.mode === undefined) {delete result.fs.mode;}
+    if (result.fs.allow === undefined) {delete result.fs.allow;}
+    if (Object.keys(result.fs).length === 0) {delete result.fs;}
+  }
+  // Merge env
+  if (base.env || next.env) {
+    result.env = {
+      read: mergeArrays(base.env?.read, next.env?.read),
+    };
+    if (result.env.read === undefined) {delete result.env.read;}
+    if (Object.keys(result.env).length === 0) {delete result.env;}
+  }
+  // Merge network
+  if (base.network || next.network) {
+    result.network = {
+      fetch: mergeArrays(base.network?.fetch, next.network?.fetch),
+    };
+    if (result.network.fetch === undefined) {delete result.network.fetch;}
+    if (Object.keys(result.network).length === 0) {delete result.network;}
+  }
+  // Merge shell
+  if (base.shell || next.shell) {
+    result.shell = {
+      allow: mergeArrays(base.shell?.allow, next.shell?.allow),
+    };
+    if (result.shell.allow === undefined) {delete result.shell.allow;}
+    if (Object.keys(result.shell).length === 0) {delete result.shell;}
+  }
+  // Merge platform
+  result.platform = mergePlatformPermissions(base.platform, next.platform);
+  // Merge quotas (second value wins)
+  if (base.quotas || next.quotas) {
+    result.quotas = {
+      timeoutMs: next.quotas?.timeoutMs ?? base.quotas?.timeoutMs,
+      memoryMb: next.quotas?.memoryMb ?? base.quotas?.memoryMb,
+      cpuMs: next.quotas?.cpuMs ?? base.quotas?.cpuMs,
+    };
+    if (result.quotas.timeoutMs === undefined) {delete result.quotas.timeoutMs;}
+    if (result.quotas.memoryMb === undefined) {delete result.quotas.memoryMb;}
+    if (result.quotas.cpuMs === undefined) {delete result.quotas.cpuMs;}
+    if (Object.keys(result.quotas).length === 0) {delete result.quotas;}
+  }
+  return result;
+}
+/**
+ * Convert declarative PermissionSpec to explicit RuntimePermissionSpec
+ *
+ * Transforms:
+ *   { mode: 'readWrite', allow: ['*.json'] }
+ * Into:
+ *   { read: ['*.json'], write: ['*.json'] }
+ */
+function toRuntimeFormat(spec: PermissionSpec): RuntimePermissionSpec {
+  const result: RuntimePermissionSpec = {};
+  // Convert fs: mode + allow → read[] + write[]
+  if (spec.fs) {
+    const { mode, allow } = spec.fs;
+    result.fs = {};
+    if (allow && allow.length > 0) {
+      // read is always granted for allowed paths
+      result.fs.read = [...allow];
+      // write only if mode is 'readWrite'
+      if (mode === 'readWrite') {
+        result.fs.write = [...allow];
+      }
+    }
+    if (Object.keys(result.fs).length === 0) {delete result.fs;}
+  }
+  // env, network, shell, platform, quotas pass through unchanged
+  if (spec.env) {
+    result.env = { ...spec.env };
+  }
+  if (spec.network) {
+    result.network = { ...spec.network };
+  }
+  if (spec.shell) {
+    result.shell = { ...spec.shell };
+  }
+  if (spec.platform) {
+    result.platform = { ...spec.platform };
+  }
+  if (spec.quotas) {
+    result.quotas = { ...spec.quotas };
+  }
+  return result;
+}
+/**
+ * Create a builder for combining permission presets
+ *
+ * @example
+ * ```typescript
+ * const permissions = combine()
+ *   .with(presets.gitWorkflow)
+ *   .with(presets.npmPublish)
+ *   .withEnv(['MY_CUSTOM_VAR'])
+ *   .build();
+ * ```
+ */
+export function combine(): PresetBuilder {
+  let accumulated: PermissionSpec = {};
+  const builder: PresetBuilder = {
+    with(preset: PermissionPreset | PermissionSpec): PresetBuilder {
+      const spec = 'permissions' in preset ? preset.permissions : preset;
+      accumulated = mergeSpecs(accumulated, spec);
+      return builder;
+    },
+    withEnv(vars: string[]): PresetBuilder {
+      accumulated = mergeSpecs(accumulated, { env: { read: vars } });
+      return builder;
+    },
+    withFs(fs: PermissionSpec['fs']): PresetBuilder {
+      if (fs) {
+        accumulated = mergeSpecs(accumulated, { fs });
+      }
+      return builder;
+    },
+    withNetwork(network: PermissionSpec['network']): PresetBuilder {
+      if (network) {
+        accumulated = mergeSpecs(accumulated, { network });
+      }
+      return builder;
+    },
+    withShell(shell: PermissionSpec['shell']): PresetBuilder {
+      if (shell) {
+        accumulated = mergeSpecs(accumulated, { shell });
+      }
+      return builder;
+    },
+    withPlatform(platform: PermissionSpec['platform']): PresetBuilder {
+      if (platform) {
+        accumulated = mergeSpecs(accumulated, { platform });
+      }
+      return builder;
+    },
+    withQuotas(quotas: PermissionSpec['quotas']): PresetBuilder {
+      if (quotas) {
+        accumulated = mergeSpecs(accumulated, { quotas });
+      }
+      return builder;
+    },
+    withStorage(storage: PlatformPermissions['storage']): PresetBuilder {
+      if (storage !== undefined) {
+        accumulated = mergeSpecs(accumulated, {
+          platform: { storage },
+        });
+      }
+      return builder;
+    },
+    withDatabase(database: PlatformPermissions['database']): PresetBuilder {
+      if (database !== undefined) {
+        accumulated = mergeSpecs(accumulated, {
+          platform: { database },
+        });
+      }
+      return builder;
+    },
+    build(): RuntimePermissionSpec {
+      return toRuntimeFormat(accumulated);
+    },
+  };
+  return builder;
+}
+/**
+ * Quickly combine multiple presets into a single permission spec
+ *
+ * @example
+ * ```typescript
+ * const permissions = combinePresets(presets.gitWorkflow, presets.npmPublish);
+ * ```
+ */
+export function combinePresets(...presets: (PermissionPreset | PermissionSpec)[]): RuntimePermissionSpec {
+  let builder = combine();
+  for (const preset of presets) {
+    builder = builder.with(preset);
+  }
+  return builder.build();
+}
+/**
+ * Export toRuntimeFormat for advanced use cases
+ */
+export { toRuntimeFormat };

package/packages/shared-perm-presets/src/index.ts ADDED Viewed

@@ -0,0 +1,18 @@
+// Types
+export type { PermissionSpec, PermissionPreset, PresetBuilder, RuntimePermissionSpec } from './types';
+// Presets
+export { minimal } from './presets/minimal';
+export { gitWorkflow } from './presets/git-workflow';
+export { npmPublish } from './presets/npm-publish';
+export { fullEnv } from './presets/full-env';
+export { kbPlatform } from './presets/kb-platform';
+export { llmAccess } from './presets/llm-access';
+export { vectorStore } from './presets/vector-store';
+export { ciEnvironment } from './presets/ci-environment';
+// Re-export all presets as a namespace
+export * as presets from './presets/index.js';
+// Builder
+export { combine, combinePresets, toRuntimeFormat } from './combine';

package/packages/shared-perm-presets/src/presets/ci-environment.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import type { PermissionPreset } from '../types';
+/**
+ * CI Environment preset - for plugins running in CI/CD
+ * Includes GitHub Actions, GitLab CI, and common CI variables
+ */
+export const ciEnvironment: PermissionPreset = {
+  id: 'ci-environment',
+  description: 'CI/CD environment - GitHub Actions, GitLab CI tokens and vars',
+  permissions: {
+    env: {
+      read: [
+        // Common CI
+        'CI',
+        'CI_*',
+        'CONTINUOUS_INTEGRATION',
+        // GitHub Actions
+        'GITHUB_TOKEN',
+        'GITHUB_*',
+        'GH_TOKEN',
+        // GitLab CI
+        'GITLAB_*',
+        'CI_JOB_TOKEN',
+        // Jenkins
+        'JENKINS_*',
+        'BUILD_*',
+        // Generic
+        'BRANCH_NAME',
+        'TAG_NAME',
+        'COMMIT_SHA',
+      ],
+    },
+  },
+};

package/packages/shared-perm-presets/src/presets/full-env.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { PermissionPreset } from '../types';
+/**
+ * Full environment preset - access to all environment variables
+ * Use for trusted plugins that need full system access
+ * WARNING: This bypasses env filtering entirely
+ */
+export const fullEnv: PermissionPreset = {
+  id: 'full-env',
+  description: 'Full environment access - all env vars available (trusted plugins only)',
+  permissions: {
+    env: {
+      read: ['*'], // Wildcard - all env vars
+    },
+  },
+};

package/packages/shared-perm-presets/src/presets/git-workflow.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import type { PermissionPreset } from '../types';
+/**
+ * Git workflow preset - for plugins that use git (simple-git, etc.)
+ * Includes HOME for ~/.gitconfig, USER for author info
+ */
+export const gitWorkflow: PermissionPreset = {
+  id: 'git-workflow',
+  description: 'Git operations - includes HOME, USER, and git config access',
+  permissions: {
+    env: {
+      read: [
+        // System (required for git to find config)
+        'HOME',
+        'USER',
+        'PATH',
+        'SHELL',
+        'TERM',
+        'LANG',
+        'LC_ALL',
+        'TZ',
+        'TMPDIR',
+        // Git-specific
+        'GIT_*',           // All git env vars (GIT_AUTHOR_NAME, GIT_DIR, etc.)
+        'SSH_AUTH_SOCK',   // For SSH key auth
+        'SSH_AGENT_PID',
+        // Node
+        'NODE_ENV',
+      ],
+    },
+    fs: {
+      mode: 'readWrite',
+      allow: [
+        '**/.git/**',      // Git directory
+        '**/.gitignore',
+        '**/.gitattributes',
+      ],
+    },
+  },
+};

package/packages/shared-perm-presets/src/presets/index.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export { minimal } from './minimal';
+export { gitWorkflow } from './git-workflow';
+export { npmPublish } from './npm-publish';
+export { fullEnv } from './full-env';
+export { kbPlatform } from './kb-platform';
+export { llmAccess } from './llm-access';
+export { vectorStore } from './vector-store';
+export { ciEnvironment } from './ci-environment';

package/packages/shared-perm-presets/src/presets/kb-platform.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import type { PermissionPreset } from '../types';
+/**
+ * KB Platform preset - for KB Labs internal plugins
+ * Includes KB_* env vars and .kb/ directory access
+ */
+export const kbPlatform: PermissionPreset = {
+  id: 'kb-platform',
+  description: 'KB Labs platform access - KB_* env vars and .kb/ directory',
+  permissions: {
+    env: {
+      read: [
+        // System basics
+        'HOME',
+        'USER',
+        'PATH',
+        'TMPDIR',
+        'NODE_ENV',
+        // KB Labs specific
+        'KB_*',            // All KB env vars
+      ],
+    },
+    fs: {
+      mode: 'readWrite',
+      allow: [
+        '.kb/**',          // KB Labs config directory
+      ],
+    },
+  },
+};

package/packages/shared-perm-presets/src/presets/llm-access.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import type { PermissionPreset } from '../types';
+/**
+ * LLM Access preset - for plugins that use LLM APIs
+ * Includes OpenAI and Anthropic API keys and network access
+ */
+export const llmAccess: PermissionPreset = {
+  id: 'llm-access',
+  description: 'LLM API access - OpenAI, Anthropic keys and network',
+  permissions: {
+    env: {
+      read: [
+        'OPENAI_API_KEY',
+        'OPENAI_ORG_ID',
+        'OPENAI_BASE_URL',
+        'ANTHROPIC_API_KEY',
+        'AZURE_OPENAI_*',     // Azure OpenAI
+        'LLM_*',              // Generic LLM config
+      ],
+    },
+    network: {
+      fetch: [
+        'api.openai.com',
+        'api.anthropic.com',
+        '*.openai.azure.com', // Azure OpenAI
+      ],
+    },
+  },
+};

package/packages/shared-perm-presets/src/presets/minimal.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import type { PermissionPreset } from '../types';
+/**
+ * Minimal preset - only basic Node.js environment
+ * Use when plugin doesn't need any external access
+ */
+export const minimal: PermissionPreset = {
+  id: 'minimal',
+  description: 'Minimal permissions - basic Node.js environment only',
+  permissions: {
+    env: {
+      read: [
+        'NODE_ENV',
+        'PATH',
+        'LANG',
+        'LC_ALL',
+        'TZ',
+      ],
+    },
+  },
+};

package/packages/shared-perm-presets/src/presets/npm-publish.ts ADDED Viewed

@@ -0,0 +1,48 @@
+import type { PermissionPreset } from '../types';
+/**
+ * NPM publish preset - for plugins that publish to npm
+ * Includes HOME for ~/.npmrc, npm auth tokens
+ */
+export const npmPublish: PermissionPreset = {
+  id: 'npm-publish',
+  description: 'NPM operations - includes HOME, npm tokens, and registry access',
+  permissions: {
+    env: {
+      read: [
+        // System (required for npm to find config)
+        'HOME',
+        'USER',
+        'PATH',
+        'TMPDIR',
+        'LANG',
+        'LC_ALL',
+        'TZ',
+        // NPM-specific
+        'NPM_TOKEN',
+        'NPM_AUTH_TOKEN',
+        'NODE_AUTH_TOKEN',
+        'npm_*',           // All npm env vars
+        // Node
+        'NODE_ENV',
+        'NODE_OPTIONS',
+      ],
+    },
+    fs: {
+      mode: 'readWrite',
+      allow: [
+        '**/package.json',
+        '**/package-lock.json',
+        '**/pnpm-lock.yaml',
+        '**/.npmrc',
+        '**/.npmignore',
+      ],
+    },
+    network: {
+      fetch: [
+        'registry.npmjs.org',
+        'npm.pkg.github.com',
+      ],
+    },
+  },
+};

package/packages/shared-perm-presets/src/presets/vector-store.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import type { PermissionPreset } from '../types';
+/**
+ * Vector Store preset - for plugins that use vector databases
+ * Includes Qdrant, Pinecone, Weaviate access
+ */
+export const vectorStore: PermissionPreset = {
+  id: 'vector-store',
+  description: 'Vector database access - Qdrant, Pinecone, Weaviate',
+  permissions: {
+    env: {
+      read: [
+        // Qdrant
+        'QDRANT_URL',
+        'QDRANT_API_KEY',
+        'QDRANT_*',
+        // Pinecone
+        'PINECONE_API_KEY',
+        'PINECONE_ENVIRONMENT',
+        'PINECONE_*',
+        // Weaviate
+        'WEAVIATE_URL',
+        'WEAVIATE_API_KEY',
+        'WEAVIATE_*',
+        // Generic
+        'VECTOR_STORE_*',
+        'EMBEDDING_*',
+      ],
+    },
+    network: {
+      fetch: [
+        'localhost',
+        '127.0.0.1',
+        '*.qdrant.io',
+        '*.pinecone.io',
+        '*.weaviate.io',
+      ],
+    },
+  },
+};