@lannguyensi/harness 0.26.0 → 0.28.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +46 -0
- package/README.md +17 -12
- package/dist/cli/apply/apply.js +12 -2
- package/dist/cli/apply/apply.js.map +1 -1
- package/dist/cli/approve/risk.d.ts +43 -0
- package/dist/cli/approve/risk.js +126 -0
- package/dist/cli/approve/risk.js.map +1 -0
- package/dist/cli/audit.js +8 -2
- package/dist/cli/audit.js.map +1 -1
- package/dist/cli/doctor/format.js +55 -0
- package/dist/cli/doctor/format.js.map +1 -1
- package/dist/cli/doctor/index.d.ts +1 -1
- package/dist/cli/doctor/index.js +89 -0
- package/dist/cli/doctor/index.js.map +1 -1
- package/dist/cli/doctor/types.d.ts +79 -0
- package/dist/cli/event-input.js +8 -7
- package/dist/cli/event-input.js.map +1 -1
- package/dist/cli/explain-policy.d.ts +54 -0
- package/dist/cli/explain-policy.js +81 -0
- package/dist/cli/explain-policy.js.map +1 -0
- package/dist/cli/explain.js +4 -0
- package/dist/cli/explain.js.map +1 -1
- package/dist/cli/index.js +70 -4
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/init/composer.js +1 -1
- package/dist/cli/init/composer.js.map +1 -1
- package/dist/cli/init/dependencies.js +10 -9
- package/dist/cli/init/dependencies.js.map +1 -1
- package/dist/cli/init/profiles.d.ts +2 -2
- package/dist/cli/init/profiles.js +2 -2
- package/dist/cli/init/templates.d.ts +1 -1
- package/dist/cli/init/templates.js +99 -1
- package/dist/cli/init/templates.js.map +1 -1
- package/dist/cli/pack/hook-codex-pre-tool-use.js +6 -3
- package/dist/cli/pack/hook-codex-pre-tool-use.js.map +1 -1
- package/dist/cli/pack/hook-pre-tool-use.js +27 -3
- package/dist/cli/pack/hook-pre-tool-use.js.map +1 -1
- package/dist/cli/pack/read-only-bash.d.ts +13 -0
- package/dist/cli/pack/read-only-bash.js +177 -0
- package/dist/cli/pack/read-only-bash.js.map +1 -0
- package/dist/cli/pack/understanding-report-schema-hint.d.ts +1 -1
- package/dist/cli/pack/understanding-report-schema-hint.js +7 -1
- package/dist/cli/pack/understanding-report-schema-hint.js.map +1 -1
- package/dist/cli/policy/intercept.d.ts +10 -0
- package/dist/cli/policy/intercept.js +34 -1
- package/dist/cli/policy/intercept.js.map +1 -1
- package/dist/cli/validate/checks.d.ts +1 -1
- package/dist/cli/validate/checks.js +31 -27
- package/dist/cli/validate/checks.js.map +1 -1
- package/dist/io/version-compare.d.ts +16 -5
- package/dist/io/version-compare.js +16 -5
- package/dist/io/version-compare.js.map +1 -1
- package/dist/policy-packs/builtin/branch-protection.d.ts +38 -0
- package/dist/policy-packs/builtin/branch-protection.js +17 -0
- package/dist/policy-packs/builtin/branch-protection.js.map +1 -1
- package/dist/policy-packs/builtin/understanding-before-execution.d.ts +147 -0
- package/dist/policy-packs/builtin/understanding-before-execution.js +72 -10
- package/dist/policy-packs/builtin/understanding-before-execution.js.map +1 -1
- package/dist/policy-packs/config-check.d.ts +31 -0
- package/dist/policy-packs/config-check.js +58 -0
- package/dist/policy-packs/config-check.js.map +1 -0
- package/dist/policy-packs/expand.js +5 -4
- package/dist/policy-packs/expand.js.map +1 -1
- package/dist/policy-packs/index.d.ts +4 -1
- package/dist/policy-packs/index.js +4 -1
- package/dist/policy-packs/index.js.map +1 -1
- package/dist/policy-packs/registry.d.ts +20 -0
- package/dist/policy-packs/registry.js +39 -2
- package/dist/policy-packs/registry.js.map +1 -1
- package/dist/policy-packs/source-check.d.ts +28 -0
- package/dist/policy-packs/source-check.js +49 -0
- package/dist/policy-packs/source-check.js.map +1 -0
- package/dist/policy-packs/version-check.d.ts +37 -0
- package/dist/policy-packs/version-check.js +89 -0
- package/dist/policy-packs/version-check.js.map +1 -0
- package/dist/probes/memory.d.ts +1 -1
- package/dist/runtime/index.d.ts +2 -1
- package/dist/runtime/index.js +2 -1
- package/dist/runtime/index.js.map +1 -1
- package/dist/runtime/intercept.d.ts +60 -3
- package/dist/runtime/intercept.js +104 -6
- package/dist/runtime/intercept.js.map +1 -1
- package/dist/runtime/ledger-record.d.ts +8 -0
- package/dist/runtime/ledger-record.js +2 -0
- package/dist/runtime/ledger-record.js.map +1 -1
- package/dist/runtime/risk-classifier.js +27 -0
- package/dist/runtime/risk-classifier.js.map +1 -1
- package/dist/runtime/when-eval.d.ts +40 -0
- package/dist/runtime/when-eval.js +134 -0
- package/dist/runtime/when-eval.js.map +1 -0
- package/dist/schema/hooks.js +6 -1
- package/dist/schema/hooks.js.map +1 -1
- package/dist/schema/index.d.ts +20 -11
- package/dist/schema/memory.js +6 -1
- package/dist/schema/memory.js.map +1 -1
- package/dist/schema/policies.d.ts +13 -13
- package/dist/schema/policies.js +20 -8
- package/dist/schema/policies.js.map +1 -1
- package/dist/schema/policy-packs.d.ts +8 -0
- package/dist/schema/policy-packs.js +17 -0
- package/dist/schema/policy-packs.js.map +1 -1
- package/dist/schema/tools.js +11 -2
- package/dist/schema/tools.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
import type { PolicyWhen } from "../schema/index.js";
|
|
2
|
+
import type { EnvironmentResolution } from "./environment-resolver.js";
|
|
3
|
+
import type { RiskProfile } from "./risk-classifier.js";
|
|
4
|
+
/** The enriched-envelope inputs a `when:` block is evaluated against. */
|
|
5
|
+
export interface WhenContext {
|
|
6
|
+
risk: RiskProfile;
|
|
7
|
+
environment: EnvironmentResolution;
|
|
8
|
+
}
|
|
9
|
+
/** The four `when:` clause keys, exactly as they appear in the manifest. */
|
|
10
|
+
export type WhenClauseKey = "risk.severity_at_least" | "risk.category_in" | "environment.name" | "action.reversible";
|
|
11
|
+
/** One declared clause's verdict, carried for explainability. */
|
|
12
|
+
export interface WhenClauseResult {
|
|
13
|
+
clause: WhenClauseKey;
|
|
14
|
+
/** Human-readable expected value, as written in the manifest. */
|
|
15
|
+
expected: string;
|
|
16
|
+
/** Human-readable observed value, from the enriched envelope. */
|
|
17
|
+
actual: string;
|
|
18
|
+
matched: boolean;
|
|
19
|
+
}
|
|
20
|
+
export interface WhenEvaluation {
|
|
21
|
+
/** AND of every declared clause. A `when:` with no clauses cannot be
|
|
22
|
+
* constructed (the schema rejects `when: {}`), so an evaluated
|
|
23
|
+
* `when:` always has at least one clause. */
|
|
24
|
+
matched: boolean;
|
|
25
|
+
/** One entry per DECLARED clause, in manifest-key order. */
|
|
26
|
+
clauses: WhenClauseResult[];
|
|
27
|
+
/** True when at least one clause matched only because the action was
|
|
28
|
+
* unclassified ("unknown is not safe"). Surfaced so `explain-policy`
|
|
29
|
+
* can tell an operator a match was fail-closed, not a real hit. */
|
|
30
|
+
unclassifiedFallback: boolean;
|
|
31
|
+
}
|
|
32
|
+
/**
|
|
33
|
+
* Evaluate a policy's `when:` block against the enriched envelope.
|
|
34
|
+
*
|
|
35
|
+
* Every clause is optional; only declared clauses are evaluated, and
|
|
36
|
+
* `matched` is their AND. An unclassified risk profile (`classified:
|
|
37
|
+
* false`) satisfies the three risk-derived clauses by the "unknown is
|
|
38
|
+
* not safe" rule; `environment.name` is always a plain equality test.
|
|
39
|
+
*/
|
|
40
|
+
export declare function evaluateWhen(when: PolicyWhen, ctx: WhenContext): WhenEvaluation;
|
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
// Phase 7 #5 — `policy.when:` evaluator.
|
|
2
|
+
//
|
|
3
|
+
// A policy's `trigger:` decides WHICH tool calls it inspects; its
|
|
4
|
+
// optional `when:` block decides whether — given the enriched Action
|
|
5
|
+
// Envelope — the policy actually applies to this particular call. The
|
|
6
|
+
// runtime ANDs the two: a policy fires only when `trigger:` AND every
|
|
7
|
+
// declared `when:` clause hold.
|
|
8
|
+
//
|
|
9
|
+
// Pure: the risk profile (#3) + environment resolution (#4) come in, a
|
|
10
|
+
// match verdict with a per-clause breakdown comes out, no I/O. The
|
|
11
|
+
// breakdown is what `harness explain-policy` renders.
|
|
12
|
+
//
|
|
13
|
+
// "Unknown is not safe" — the load-bearing decision in this module.
|
|
14
|
+
// The Risk Classifier emits `severity: null` / `reversible: null` /
|
|
15
|
+
// `categories: []` for an action no pattern matched (`classified:
|
|
16
|
+
// false`). A null does not silently fail to satisfy a clause: an
|
|
17
|
+
// UNCLASSIFIED action satisfies every `risk.*` / `action.reversible`
|
|
18
|
+
// clause, so a risk-gating policy treats "we could not classify this"
|
|
19
|
+
// as risk-bearing rather than letting it slip the gate. A *classified*
|
|
20
|
+
// action is compared on its real values. `environment.name` needs no
|
|
21
|
+
// such rule: the resolver always returns a concrete environment, with
|
|
22
|
+
// `unknown` as the matchable no-resolver-fired case.
|
|
23
|
+
//
|
|
24
|
+
// Design source: lava-ice-logs/2026-04-30/harness-risk-gate-extension.md
|
|
25
|
+
// (design phase D); the null-handling steer is the Phase 7 #3 review
|
|
26
|
+
// note on agent-tasks task harness-phase-7-5.
|
|
27
|
+
import { RiskSeveritySchema } from "../schema/index.js";
|
|
28
|
+
// Ordered severity scale; an index is the comparison key for
|
|
29
|
+
// `severity_at_least`. Sourced from the schema enum so a reordering
|
|
30
|
+
// there flows through unchanged — same pattern as the Risk Classifier.
|
|
31
|
+
const SEVERITY_ORDER = RiskSeveritySchema.options;
|
|
32
|
+
function severityIndex(severity) {
|
|
33
|
+
return SEVERITY_ORDER.indexOf(severity);
|
|
34
|
+
}
|
|
35
|
+
/**
|
|
36
|
+
* Evaluate a policy's `when:` block against the enriched envelope.
|
|
37
|
+
*
|
|
38
|
+
* Every clause is optional; only declared clauses are evaluated, and
|
|
39
|
+
* `matched` is their AND. An unclassified risk profile (`classified:
|
|
40
|
+
* false`) satisfies the three risk-derived clauses by the "unknown is
|
|
41
|
+
* not safe" rule; `environment.name` is always a plain equality test.
|
|
42
|
+
*/
|
|
43
|
+
export function evaluateWhen(when, ctx) {
|
|
44
|
+
const clauses = [];
|
|
45
|
+
let unclassifiedFallback = false;
|
|
46
|
+
const unclassified = !ctx.risk.classified;
|
|
47
|
+
const sevAtLeast = when["risk.severity_at_least"];
|
|
48
|
+
if (sevAtLeast !== undefined) {
|
|
49
|
+
let matched;
|
|
50
|
+
let actual;
|
|
51
|
+
if (unclassified) {
|
|
52
|
+
// severity is null — treat as risk-bearing: satisfies any threshold.
|
|
53
|
+
matched = true;
|
|
54
|
+
actual = "null (unclassified)";
|
|
55
|
+
unclassifiedFallback = true;
|
|
56
|
+
}
|
|
57
|
+
else {
|
|
58
|
+
matched =
|
|
59
|
+
severityIndex(ctx.risk.severity) >= severityIndex(sevAtLeast);
|
|
60
|
+
actual = ctx.risk.severity;
|
|
61
|
+
}
|
|
62
|
+
clauses.push({
|
|
63
|
+
clause: "risk.severity_at_least",
|
|
64
|
+
expected: `>= ${sevAtLeast}`,
|
|
65
|
+
actual,
|
|
66
|
+
matched,
|
|
67
|
+
});
|
|
68
|
+
}
|
|
69
|
+
const categoryIn = when["risk.category_in"];
|
|
70
|
+
if (categoryIn !== undefined) {
|
|
71
|
+
let matched;
|
|
72
|
+
let actual;
|
|
73
|
+
if (unclassified) {
|
|
74
|
+
// categories is [] — treat as risk-bearing, consistent with the
|
|
75
|
+
// severity clause: an unclassified action satisfies every risk
|
|
76
|
+
// clause so a multi-clause `when:` cannot be slipped by one
|
|
77
|
+
// clause matching null while another fails an empty set.
|
|
78
|
+
matched = true;
|
|
79
|
+
actual = "[] (unclassified)";
|
|
80
|
+
unclassifiedFallback = true;
|
|
81
|
+
}
|
|
82
|
+
else {
|
|
83
|
+
matched = categoryIn.some((c) => ctx.risk.categories.includes(c));
|
|
84
|
+
actual =
|
|
85
|
+
ctx.risk.categories.length > 0
|
|
86
|
+
? `[${ctx.risk.categories.join(", ")}]`
|
|
87
|
+
: "[]";
|
|
88
|
+
}
|
|
89
|
+
clauses.push({
|
|
90
|
+
clause: "risk.category_in",
|
|
91
|
+
expected: `any of [${categoryIn.join(", ")}]`,
|
|
92
|
+
actual,
|
|
93
|
+
matched,
|
|
94
|
+
});
|
|
95
|
+
}
|
|
96
|
+
const envName = when["environment.name"];
|
|
97
|
+
if (envName !== undefined) {
|
|
98
|
+
clauses.push({
|
|
99
|
+
clause: "environment.name",
|
|
100
|
+
expected: envName,
|
|
101
|
+
actual: ctx.environment.name,
|
|
102
|
+
matched: ctx.environment.name === envName,
|
|
103
|
+
});
|
|
104
|
+
}
|
|
105
|
+
const reversible = when["action.reversible"];
|
|
106
|
+
if (reversible !== undefined) {
|
|
107
|
+
let matched;
|
|
108
|
+
let actual;
|
|
109
|
+
if (unclassified) {
|
|
110
|
+
// reversible is null — reversibility unknown. "Unknown is not
|
|
111
|
+
// safe": the clause matches whichever value the policy gates on,
|
|
112
|
+
// so an unclassified action never escapes a reversibility gate.
|
|
113
|
+
matched = true;
|
|
114
|
+
actual = "null (unclassified)";
|
|
115
|
+
unclassifiedFallback = true;
|
|
116
|
+
}
|
|
117
|
+
else {
|
|
118
|
+
matched = ctx.risk.reversible === reversible;
|
|
119
|
+
actual = String(ctx.risk.reversible);
|
|
120
|
+
}
|
|
121
|
+
clauses.push({
|
|
122
|
+
clause: "action.reversible",
|
|
123
|
+
expected: String(reversible),
|
|
124
|
+
actual,
|
|
125
|
+
matched,
|
|
126
|
+
});
|
|
127
|
+
}
|
|
128
|
+
return {
|
|
129
|
+
matched: clauses.every((c) => c.matched),
|
|
130
|
+
clauses,
|
|
131
|
+
unclassifiedFallback,
|
|
132
|
+
};
|
|
133
|
+
}
|
|
134
|
+
//# sourceMappingURL=when-eval.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"when-eval.js","sourceRoot":"","sources":["../../src/runtime/when-eval.ts"],"names":[],"mappings":"AAAA,yCAAyC;AACzC,EAAE;AACF,kEAAkE;AAClE,qEAAqE;AACrE,sEAAsE;AACtE,sEAAsE;AACtE,gCAAgC;AAChC,EAAE;AACF,uEAAuE;AACvE,mEAAmE;AACnE,sDAAsD;AACtD,EAAE;AACF,oEAAoE;AACpE,oEAAoE;AACpE,kEAAkE;AAClE,iEAAiE;AACjE,qEAAqE;AACrE,sEAAsE;AACtE,uEAAuE;AACvE,qEAAqE;AACrE,sEAAsE;AACtE,qDAAqD;AACrD,EAAE;AACF,yEAAyE;AACzE,qEAAqE;AACrE,8CAA8C;AAG9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAIxD,6DAA6D;AAC7D,oEAAoE;AACpE,uEAAuE;AACvE,MAAM,cAAc,GAAsB,kBAAkB,CAAC,OAAO,CAAC;AAsCrE,SAAS,aAAa,CAAC,QAAgB;IACrC,OAAO,cAAc,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,IAAgB,EAChB,GAAgB;IAEhB,MAAM,OAAO,GAAuB,EAAE,CAAC;IACvC,IAAI,oBAAoB,GAAG,KAAK,CAAC;IACjC,MAAM,YAAY,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;IAE1C,MAAM,UAAU,GAAG,IAAI,CAAC,wBAAwB,CAAC,CAAC;IAClD,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,IAAI,OAAgB,CAAC;QACrB,IAAI,MAAc,CAAC;QACnB,IAAI,YAAY,EAAE,CAAC;YACjB,qEAAqE;YACrE,OAAO,GAAG,IAAI,CAAC;YACf,MAAM,GAAG,qBAAqB,CAAC;YAC/B,oBAAoB,GAAG,IAAI,CAAC;QAC9B,CAAC;aAAM,CAAC;YACN,OAAO;gBACL,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,QAAS,CAAC,IAAI,aAAa,CAAC,UAAU,CAAC,CAAC;YACjE,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,QAAS,CAAC;QAC9B,CAAC;QACD,OAAO,CAAC,IAAI,CAAC;YACX,MAAM,EAAE,wBAAwB;YAChC,QAAQ,EAAE,MAAM,UAAU,EAAE;YAC5B,MAAM;YACN,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC5C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,IAAI,OAAgB,CAAC;QACrB,IAAI,MAAc,CAAC;QACnB,IAAI,YAAY,EAAE,CAAC;YACjB,gEAAgE;YAChE,+DAA+D;YAC/D,4DAA4D;YAC5D,yDAAyD;YACzD,OAAO,GAAG,IAAI,CAAC;YACf,MAAM,GAAG,mBAAmB,CAAC;YAC7B,oBAAoB,GAAG,IAAI,CAAC;QAC9B,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,MAAM;gBACJ,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;oBAC5B,CAAC,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;oBACvC,CAAC,CAAC,IAAI,CAAC;QACb,CAAC;QACD,OAAO,CAAC,IAAI,CAAC;YACX,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,WAAW,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YAC7C,MAAM;YACN,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACzC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,CAAC,IAAI,CAAC;YACX,MAAM,EAAE,kBAAkB;YAC1B,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE,GAAG,CAAC,WAAW,CAAC,IAAI;YAC5B,OAAO,EAAE,GAAG,CAAC,WAAW,CAAC,IAAI,KAAK,OAAO;SAC1C,CAAC,CAAC;IACL,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC7C,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,IAAI,OAAgB,CAAC;QACrB,IAAI,MAAc,CAAC;QACnB,IAAI,YAAY,EAAE,CAAC;YACjB,8DAA8D;YAC9D,iEAAiE;YACjE,gEAAgE;YAChE,OAAO,GAAG,IAAI,CAAC;YACf,MAAM,GAAG,qBAAqB,CAAC;YAC/B,oBAAoB,GAAG,IAAI,CAAC;QAC9B,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,UAAU,KAAK,UAAU,CAAC;YAC7C,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvC,CAAC;QACD,OAAO,CAAC,IAAI,CAAC;YACX,MAAM,EAAE,mBAAmB;YAC3B,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAC;YAC5B,MAAM;YACN,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;QACxC,OAAO;QACP,oBAAoB;KACrB,CAAC;AACJ,CAAC"}
|
package/dist/schema/hooks.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { z } from "zod";
|
|
2
|
+
import { NUMERIC_VERSION_MESSAGE, NUMERIC_VERSION_PATTERN } from "../io/version-compare.js";
|
|
2
3
|
export const HookEventSchema = z.enum([
|
|
3
4
|
"SessionStart",
|
|
4
5
|
"UserPromptSubmit",
|
|
@@ -31,7 +32,11 @@ export const HookSchema = z
|
|
|
31
32
|
// `~/.claude/hooks/foo.sh`), so there is no useful default for
|
|
32
33
|
// `version_command` and a min_version-without-command is treated as a
|
|
33
34
|
// config error.
|
|
34
|
-
min_version: z
|
|
35
|
+
min_version: z
|
|
36
|
+
.string()
|
|
37
|
+
.min(1)
|
|
38
|
+
.regex(NUMERIC_VERSION_PATTERN, NUMERIC_VERSION_MESSAGE)
|
|
39
|
+
.optional(),
|
|
35
40
|
version_command: z.array(z.string().min(1)).min(1).optional(),
|
|
36
41
|
})
|
|
37
42
|
.strict()
|
package/dist/schema/hooks.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hooks.js","sourceRoot":"","sources":["../../src/schema/hooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,IAAI,CAAC;IACpC,cAAc;IACd,kBAAkB;IAClB,YAAY;IACZ,aAAa;IACb,MAAM;IACN,cAAc;IACd,YAAY;CACb,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC;IACxC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAChB,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACjB,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC;KACxB,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,eAAe;IACtB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxC,QAAQ,EAAE,kBAAkB;IAC5B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACrD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,yEAAyE;IACzE,wEAAwE;IACxE,qEAAqE;IACrE,mDAAmD;IACnD,+DAA+D;IAC/D,sEAAsE;IACtE,gBAAgB;IAChB,WAAW,EAAE,CAAC,
|
|
1
|
+
{"version":3,"file":"hooks.js","sourceRoot":"","sources":["../../src/schema/hooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AAE5F,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,IAAI,CAAC;IACpC,cAAc;IACd,kBAAkB;IAClB,YAAY;IACZ,aAAa;IACb,MAAM;IACN,cAAc;IACd,YAAY;CACb,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC;IACxC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAChB,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACjB,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;CAClB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC;KACxB,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,eAAe;IACtB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxC,QAAQ,EAAE,kBAAkB;IAC5B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACrD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,yEAAyE;IACzE,wEAAwE;IACxE,qEAAqE;IACrE,mDAAmD;IACnD,+DAA+D;IAC/D,sEAAsE;IACtE,gBAAgB;IAChB,WAAW,EAAE,CAAC;SACX,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,KAAK,CAAC,uBAAuB,EAAE,uBAAuB,CAAC;SACvD,QAAQ,EAAE;IACb,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC9D,CAAC;KACD,MAAM,EAAE;KACR,MAAM,CACL,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,CAAC,eAAe,KAAK,SAAS,EACrE;IACE,OAAO,EAAE,sDAAsD;IAC/D,IAAI,EAAE,CAAC,iBAAiB,CAAC;CAC1B,CACF,CAAC;AAEJ,mEAAmE;AACnE,wEAAwE;AACxE,0EAA0E;AAC1E,wEAAwE;AACxE,uEAAuE;AACvE,EAAE;AACF,0EAA0E;AAC1E,yEAAyE;AACzE,sEAAsE;AACtE,MAAM,2BAA2B,GAA0B,CAAC,SAAS,CAAC,CAAC;AAEvE,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,WAAW,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;IACxE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACrB,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC;gBACjB,OAAO,EAAE,wBAAwB,CAAC,CAAC,IAAI,EAAE;aAC1C,CAAC,CAAC;QACL,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACjB,KAAK,MAAM,MAAM,IAAI,2BAA2B,EAAE,CAAC;YACjD,IAAI,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9B,GAAG,CAAC,QAAQ,CAAC;oBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;oBAC3B,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC;oBACjB,OAAO,EACL,cAAc,CAAC,CAAC,IAAI,2BAA2B,MAAM,IAAI;wBACzD,2DAA2D;wBAC3D,uDAAuD;wBACvD,8DAA8D;iBACjE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
package/dist/schema/index.d.ts
CHANGED
|
@@ -514,7 +514,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
514
514
|
at_head?: boolean | undefined;
|
|
515
515
|
}>;
|
|
516
516
|
hook: z.ZodString;
|
|
517
|
-
enforcement: z.ZodEnum<["block", "warn"]>;
|
|
517
|
+
enforcement: z.ZodEnum<["block", "warn", "require_approval"]>;
|
|
518
518
|
producers: z.ZodOptional<z.ZodArray<z.ZodDiscriminatedUnion<"kind", [z.ZodObject<{
|
|
519
519
|
kind: z.ZodLiteral<"bash">;
|
|
520
520
|
command: z.ZodString;
|
|
@@ -615,7 +615,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
615
615
|
at_head?: boolean | undefined;
|
|
616
616
|
};
|
|
617
617
|
hook: string;
|
|
618
|
-
enforcement: "warn" | "block";
|
|
618
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
619
619
|
producers?: ({
|
|
620
620
|
command: string;
|
|
621
621
|
description: string;
|
|
@@ -662,7 +662,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
662
662
|
at_head?: boolean | undefined;
|
|
663
663
|
};
|
|
664
664
|
hook: string;
|
|
665
|
-
enforcement: "warn" | "block";
|
|
665
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
666
666
|
producers?: ({
|
|
667
667
|
command: string;
|
|
668
668
|
description: string;
|
|
@@ -709,7 +709,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
709
709
|
at_head?: boolean | undefined;
|
|
710
710
|
};
|
|
711
711
|
hook: string;
|
|
712
|
-
enforcement: "warn" | "block";
|
|
712
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
713
713
|
producers?: ({
|
|
714
714
|
command: string;
|
|
715
715
|
description: string;
|
|
@@ -756,7 +756,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
756
756
|
at_head?: boolean | undefined;
|
|
757
757
|
};
|
|
758
758
|
hook: string;
|
|
759
|
-
enforcement: "warn" | "block";
|
|
759
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
760
760
|
producers?: ({
|
|
761
761
|
command: string;
|
|
762
762
|
description: string;
|
|
@@ -803,7 +803,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
803
803
|
at_head?: boolean | undefined;
|
|
804
804
|
};
|
|
805
805
|
hook: string;
|
|
806
|
-
enforcement: "warn" | "block";
|
|
806
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
807
807
|
producers?: ({
|
|
808
808
|
command: string;
|
|
809
809
|
description: string;
|
|
@@ -850,7 +850,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
850
850
|
at_head?: boolean | undefined;
|
|
851
851
|
};
|
|
852
852
|
hook: string;
|
|
853
|
-
enforcement: "warn" | "block";
|
|
853
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
854
854
|
producers?: ({
|
|
855
855
|
command: string;
|
|
856
856
|
description: string;
|
|
@@ -883,15 +883,18 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
883
883
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
884
884
|
description: z.ZodOptional<z.ZodString>;
|
|
885
885
|
config: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
886
|
+
min_version: z.ZodOptional<z.ZodString>;
|
|
886
887
|
}, "strict", z.ZodTypeAny, {
|
|
887
888
|
name: string;
|
|
888
889
|
enabled: boolean;
|
|
889
890
|
source: string;
|
|
890
891
|
config: Record<string, unknown>;
|
|
891
892
|
description?: string | undefined;
|
|
893
|
+
min_version?: string | undefined;
|
|
892
894
|
}, {
|
|
893
895
|
name: string;
|
|
894
896
|
description?: string | undefined;
|
|
897
|
+
min_version?: string | undefined;
|
|
895
898
|
enabled?: boolean | undefined;
|
|
896
899
|
source?: string | undefined;
|
|
897
900
|
config?: Record<string, unknown> | undefined;
|
|
@@ -901,9 +904,11 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
901
904
|
source: string;
|
|
902
905
|
config: Record<string, unknown>;
|
|
903
906
|
description?: string | undefined;
|
|
907
|
+
min_version?: string | undefined;
|
|
904
908
|
}[], {
|
|
905
909
|
name: string;
|
|
906
910
|
description?: string | undefined;
|
|
911
|
+
min_version?: string | undefined;
|
|
907
912
|
enabled?: boolean | undefined;
|
|
908
913
|
source?: string | undefined;
|
|
909
914
|
config?: Record<string, unknown> | undefined;
|
|
@@ -2575,7 +2580,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2575
2580
|
at_head?: boolean | undefined;
|
|
2576
2581
|
};
|
|
2577
2582
|
hook: string;
|
|
2578
|
-
enforcement: "warn" | "block";
|
|
2583
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
2579
2584
|
producers?: ({
|
|
2580
2585
|
command: string;
|
|
2581
2586
|
description: string;
|
|
@@ -2608,6 +2613,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2608
2613
|
source: string;
|
|
2609
2614
|
config: Record<string, unknown>;
|
|
2610
2615
|
description?: string | undefined;
|
|
2616
|
+
min_version?: string | undefined;
|
|
2611
2617
|
}[];
|
|
2612
2618
|
risk: {
|
|
2613
2619
|
classifiers: {
|
|
@@ -2870,7 +2876,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2870
2876
|
at_head?: boolean | undefined;
|
|
2871
2877
|
};
|
|
2872
2878
|
hook: string;
|
|
2873
|
-
enforcement: "warn" | "block";
|
|
2879
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
2874
2880
|
producers?: ({
|
|
2875
2881
|
command: string;
|
|
2876
2882
|
description: string;
|
|
@@ -2900,6 +2906,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
2900
2906
|
policy_packs?: {
|
|
2901
2907
|
name: string;
|
|
2902
2908
|
description?: string | undefined;
|
|
2909
|
+
min_version?: string | undefined;
|
|
2903
2910
|
enabled?: boolean | undefined;
|
|
2904
2911
|
source?: string | undefined;
|
|
2905
2912
|
config?: Record<string, unknown> | undefined;
|
|
@@ -3165,7 +3172,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
3165
3172
|
at_head?: boolean | undefined;
|
|
3166
3173
|
};
|
|
3167
3174
|
hook: string;
|
|
3168
|
-
enforcement: "warn" | "block";
|
|
3175
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
3169
3176
|
producers?: ({
|
|
3170
3177
|
command: string;
|
|
3171
3178
|
description: string;
|
|
@@ -3198,6 +3205,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
3198
3205
|
source: string;
|
|
3199
3206
|
config: Record<string, unknown>;
|
|
3200
3207
|
description?: string | undefined;
|
|
3208
|
+
min_version?: string | undefined;
|
|
3201
3209
|
}[];
|
|
3202
3210
|
risk: {
|
|
3203
3211
|
classifiers: {
|
|
@@ -3460,7 +3468,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
3460
3468
|
at_head?: boolean | undefined;
|
|
3461
3469
|
};
|
|
3462
3470
|
hook: string;
|
|
3463
|
-
enforcement: "warn" | "block";
|
|
3471
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
3464
3472
|
producers?: ({
|
|
3465
3473
|
command: string;
|
|
3466
3474
|
description: string;
|
|
@@ -3490,6 +3498,7 @@ export declare const ManifestSchema: z.ZodEffects<z.ZodObject<{
|
|
|
3490
3498
|
policy_packs?: {
|
|
3491
3499
|
name: string;
|
|
3492
3500
|
description?: string | undefined;
|
|
3501
|
+
min_version?: string | undefined;
|
|
3493
3502
|
enabled?: boolean | undefined;
|
|
3494
3503
|
source?: string | undefined;
|
|
3495
3504
|
config?: Record<string, unknown> | undefined;
|
package/dist/schema/memory.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { z } from "zod";
|
|
2
|
+
import { NUMERIC_VERSION_MESSAGE, NUMERIC_VERSION_PATTERN } from "../io/version-compare.js";
|
|
2
3
|
export const MemoryScopeSchema = z.enum(["project", "user"]);
|
|
3
4
|
export const MemoryDirectorySchema = z
|
|
4
5
|
.object({
|
|
@@ -10,7 +11,11 @@ export const MemoryRouterSchema = z
|
|
|
10
11
|
.object({
|
|
11
12
|
command: z.array(z.string().min(1)).min(1),
|
|
12
13
|
enabled: z.boolean().default(true),
|
|
13
|
-
min_version: z
|
|
14
|
+
min_version: z
|
|
15
|
+
.string()
|
|
16
|
+
.min(1)
|
|
17
|
+
.regex(NUMERIC_VERSION_PATTERN, NUMERIC_VERSION_MESSAGE)
|
|
18
|
+
.optional(),
|
|
14
19
|
version_command: z.array(z.string().min(1)).min(1).optional(),
|
|
15
20
|
})
|
|
16
21
|
.strict();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"memory.js","sourceRoot":"","sources":["../../src/schema/memory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;AAE7D,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC;KACnC,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,iBAAiB;CACzB,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC;KAChC,MAAM,CAAC;IACN,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1C,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,WAAW,EAAE,CAAC,
|
|
1
|
+
{"version":3,"file":"memory.js","sourceRoot":"","sources":["../../src/schema/memory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AAE5F,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;AAE7D,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC;KACnC,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,KAAK,EAAE,iBAAiB;CACzB,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC;KAChC,MAAM,CAAC;IACN,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1C,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,WAAW,EAAE,CAAC;SACX,MAAM,EAAE;SACR,GAAG,CAAC,CAAC,CAAC;SACN,KAAK,CAAC,uBAAuB,EAAE,uBAAuB,CAAC;SACvD,QAAQ,EAAE;IACb,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC9D,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC;KACnC,MAAM,CAAC;IACN,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IACxD,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;CACjE,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC;KAChC,MAAM,CAAC;IACN,OAAO,EAAE,iBAAiB,CAAC,OAAO,CAAC,SAAS,CAAC;IAC7C,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC;CAChE,CAAC;KACD,MAAM,EAAE;KACR,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;IAC5C,OAAO,EAAE,4DAA4D;CACtE,CAAC,CAAC;AAEL,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,WAAW,EAAE,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IACvD,MAAM,EAAE,kBAAkB,CAAC,QAAQ,EAAE;IACrC,SAAS,EAAE,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;IAC5C,MAAM,EAAE,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC;CACvC,CAAC;KACD,MAAM,EAAE,CAAC"}
|
|
@@ -18,7 +18,7 @@ export declare const PolicyTriggerSchema: z.ZodObject<{
|
|
|
18
18
|
bash_match?: string | undefined;
|
|
19
19
|
extract?: Record<string, string> | undefined;
|
|
20
20
|
}>;
|
|
21
|
-
export declare const PolicyEnforcementSchema: z.ZodEnum<["block", "warn"]>;
|
|
21
|
+
export declare const PolicyEnforcementSchema: z.ZodEnum<["block", "warn", "require_approval"]>;
|
|
22
22
|
export declare const ProducerSchema: z.ZodDiscriminatedUnion<"kind", [z.ZodObject<{
|
|
23
23
|
kind: z.ZodLiteral<"bash">;
|
|
24
24
|
command: z.ZodString;
|
|
@@ -189,7 +189,7 @@ export declare const PolicySchema: z.ZodEffects<z.ZodObject<{
|
|
|
189
189
|
at_head?: boolean | undefined;
|
|
190
190
|
}>;
|
|
191
191
|
hook: z.ZodString;
|
|
192
|
-
enforcement: z.ZodEnum<["block", "warn"]>;
|
|
192
|
+
enforcement: z.ZodEnum<["block", "warn", "require_approval"]>;
|
|
193
193
|
producers: z.ZodOptional<z.ZodArray<z.ZodDiscriminatedUnion<"kind", [z.ZodObject<{
|
|
194
194
|
kind: z.ZodLiteral<"bash">;
|
|
195
195
|
command: z.ZodString;
|
|
@@ -290,7 +290,7 @@ export declare const PolicySchema: z.ZodEffects<z.ZodObject<{
|
|
|
290
290
|
at_head?: boolean | undefined;
|
|
291
291
|
};
|
|
292
292
|
hook: string;
|
|
293
|
-
enforcement: "warn" | "block";
|
|
293
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
294
294
|
producers?: ({
|
|
295
295
|
command: string;
|
|
296
296
|
description: string;
|
|
@@ -337,7 +337,7 @@ export declare const PolicySchema: z.ZodEffects<z.ZodObject<{
|
|
|
337
337
|
at_head?: boolean | undefined;
|
|
338
338
|
};
|
|
339
339
|
hook: string;
|
|
340
|
-
enforcement: "warn" | "block";
|
|
340
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
341
341
|
producers?: ({
|
|
342
342
|
command: string;
|
|
343
343
|
description: string;
|
|
@@ -384,7 +384,7 @@ export declare const PolicySchema: z.ZodEffects<z.ZodObject<{
|
|
|
384
384
|
at_head?: boolean | undefined;
|
|
385
385
|
};
|
|
386
386
|
hook: string;
|
|
387
|
-
enforcement: "warn" | "block";
|
|
387
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
388
388
|
producers?: ({
|
|
389
389
|
command: string;
|
|
390
390
|
description: string;
|
|
@@ -431,7 +431,7 @@ export declare const PolicySchema: z.ZodEffects<z.ZodObject<{
|
|
|
431
431
|
at_head?: boolean | undefined;
|
|
432
432
|
};
|
|
433
433
|
hook: string;
|
|
434
|
-
enforcement: "warn" | "block";
|
|
434
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
435
435
|
producers?: ({
|
|
436
436
|
command: string;
|
|
437
437
|
description: string;
|
|
@@ -549,7 +549,7 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
549
549
|
at_head?: boolean | undefined;
|
|
550
550
|
}>;
|
|
551
551
|
hook: z.ZodString;
|
|
552
|
-
enforcement: z.ZodEnum<["block", "warn"]>;
|
|
552
|
+
enforcement: z.ZodEnum<["block", "warn", "require_approval"]>;
|
|
553
553
|
producers: z.ZodOptional<z.ZodArray<z.ZodDiscriminatedUnion<"kind", [z.ZodObject<{
|
|
554
554
|
kind: z.ZodLiteral<"bash">;
|
|
555
555
|
command: z.ZodString;
|
|
@@ -650,7 +650,7 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
650
650
|
at_head?: boolean | undefined;
|
|
651
651
|
};
|
|
652
652
|
hook: string;
|
|
653
|
-
enforcement: "warn" | "block";
|
|
653
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
654
654
|
producers?: ({
|
|
655
655
|
command: string;
|
|
656
656
|
description: string;
|
|
@@ -697,7 +697,7 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
697
697
|
at_head?: boolean | undefined;
|
|
698
698
|
};
|
|
699
699
|
hook: string;
|
|
700
|
-
enforcement: "warn" | "block";
|
|
700
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
701
701
|
producers?: ({
|
|
702
702
|
command: string;
|
|
703
703
|
description: string;
|
|
@@ -744,7 +744,7 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
744
744
|
at_head?: boolean | undefined;
|
|
745
745
|
};
|
|
746
746
|
hook: string;
|
|
747
|
-
enforcement: "warn" | "block";
|
|
747
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
748
748
|
producers?: ({
|
|
749
749
|
command: string;
|
|
750
750
|
description: string;
|
|
@@ -791,7 +791,7 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
791
791
|
at_head?: boolean | undefined;
|
|
792
792
|
};
|
|
793
793
|
hook: string;
|
|
794
|
-
enforcement: "warn" | "block";
|
|
794
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
795
795
|
producers?: ({
|
|
796
796
|
command: string;
|
|
797
797
|
description: string;
|
|
@@ -838,7 +838,7 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
838
838
|
at_head?: boolean | undefined;
|
|
839
839
|
};
|
|
840
840
|
hook: string;
|
|
841
|
-
enforcement: "warn" | "block";
|
|
841
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
842
842
|
producers?: ({
|
|
843
843
|
command: string;
|
|
844
844
|
description: string;
|
|
@@ -885,7 +885,7 @@ export declare const PoliciesSchema: z.ZodEffects<z.ZodArray<z.ZodEffects<z.ZodO
|
|
|
885
885
|
at_head?: boolean | undefined;
|
|
886
886
|
};
|
|
887
887
|
hook: string;
|
|
888
|
-
enforcement: "warn" | "block";
|
|
888
|
+
enforcement: "warn" | "block" | "require_approval";
|
|
889
889
|
producers?: ({
|
|
890
890
|
command: string;
|
|
891
891
|
description: string;
|
package/dist/schema/policies.js
CHANGED
|
@@ -13,7 +13,19 @@ export const PolicyTriggerSchema = z
|
|
|
13
13
|
extract: ExtractMapSchema.optional(),
|
|
14
14
|
})
|
|
15
15
|
.strict();
|
|
16
|
-
|
|
16
|
+
// How a policy acts when its `requires:` evidence is absent:
|
|
17
|
+
// block — deny the tool call.
|
|
18
|
+
// warn — let the call proceed, record + surface a warning.
|
|
19
|
+
// require_approval — Phase 7 #5. The evaluator returns a first-class
|
|
20
|
+
// `require_approval` outcome, distinct from `deny`
|
|
21
|
+
// and `warn`; Phase 7 #6 makes it actually block
|
|
22
|
+
// until matching approval evidence exists in the
|
|
23
|
+
// ledger. A `block` / `warn` policy is unchanged.
|
|
24
|
+
export const PolicyEnforcementSchema = z.enum([
|
|
25
|
+
"block",
|
|
26
|
+
"warn",
|
|
27
|
+
"require_approval",
|
|
28
|
+
]);
|
|
17
29
|
// `producers:` is the structured remediation hint the policy engine
|
|
18
30
|
// appends to the deny envelope. Each entry tells the agent ONE concrete
|
|
19
31
|
// way to produce the ledger evidence that would unblock the gate.
|
|
@@ -81,14 +93,14 @@ export const PolicyUxSchema = z
|
|
|
81
93
|
run: z.array(z.string().min(1)).min(1),
|
|
82
94
|
})
|
|
83
95
|
.strict();
|
|
84
|
-
// `when:` —
|
|
96
|
+
// `when:` — the risk/environment-aware match layer.
|
|
85
97
|
//
|
|
86
|
-
// STATUS:
|
|
87
|
-
//
|
|
88
|
-
//
|
|
89
|
-
//
|
|
90
|
-
//
|
|
91
|
-
//
|
|
98
|
+
// STATUS: live as of Phase 7 #5. `harness policy intercept` ANDs a
|
|
99
|
+
// declared `when:` onto the policy's `trigger:` match, evaluating it
|
|
100
|
+
// against the Action Envelope enriched by the Risk Classifier (#3) and
|
|
101
|
+
// Context Resolver (#4). A policy with no `when:` matches on `trigger:`
|
|
102
|
+
// alone, exactly as in Phase 4. See src/runtime/when-eval.ts for the
|
|
103
|
+
// evaluator and docs/risk-gate.md for the clause semantics.
|
|
92
104
|
//
|
|
93
105
|
// Each clause is optional and keyed by the envelope path it tests:
|
|
94
106
|
// risk.severity_at_least — envelope risk severity at or above this
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policies.js","sourceRoot":"","sources":["../../src/schema/policies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACvF,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAEnE,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,MAAM,CAAC;IACN,KAAK,EAAE,eAAe;IACtB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxC,OAAO,EAAE,gBAAgB,CAAC,QAAQ,EAAE;CACrC,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"policies.js","sourceRoot":"","sources":["../../src/schema/policies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,0BAA0B,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACvF,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAEnE,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC;KACjC,MAAM,CAAC;IACN,KAAK,EAAE,eAAe;IACtB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACxC,OAAO,EAAE,gBAAgB,CAAC,QAAQ,EAAE;CACrC,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,6DAA6D;AAC7D,2CAA2C;AAC3C,yEAAyE;AACzE,wEAAwE;AACxE,yEAAyE;AACzE,uEAAuE;AACvE,uEAAuE;AACvE,wEAAwE;AACxE,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,IAAI,CAAC;IAC5C,OAAO;IACP,MAAM;IACN,kBAAkB;CACnB,CAAC,CAAC;AAEH,oEAAoE;AACpE,wEAAwE;AACxE,kEAAkE;AAClE,qBAAqB;AACrB,qEAAqE;AACrE,kEAAkE;AAClE,wGAAwG;AACxG,mEAAmE;AACnE,0EAA0E;AAC1E,0DAA0D;AAC1D,EAAE;AACF,uEAAuE;AACvE,wEAAwE;AACxE,oEAAoE;AACpE,6BAA6B;AAC7B,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,kBAAkB,CAAC,MAAM,EAAE;IACzD,CAAC;SACE,MAAM,CAAC;QACN,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;QACvB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;KAC/B,CAAC;SACD,MAAM,EAAE;IACX,CAAC;SACE,MAAM,CAAC;QACN,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;QACtB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACvB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;KAC/B,CAAC;SACD,MAAM,EAAE;IACX,CAAC;SACE,MAAM,CAAC;QACN,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;QACtB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;KAC/B,CAAC;SACD,MAAM,EAAE;CACZ,CAAC,CAAC;AAEH,qEAAqE;AACrE,EAAE;AACF,oEAAoE;AACpE,8DAA8D;AAC9D,sEAAsE;AACtE,uEAAuE;AACvE,wDAAwD;AACxD,kEAAkE;AAClE,EAAE;AACF,qEAAqE;AACrE,sEAAsE;AACtE,mEAAmE;AACnE,sEAAsE;AACtE,oEAAoE;AACpE,EAAE;AACF,sEAAsE;AACtE,sEAAsE;AACtE,qEAAqE;AACrE,cAAc;AACd,8DAA8D;AAC9D,oEAAoE;AACpE,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC;KAC5B,MAAM,CAAC;IACN,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3C,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;CACvC,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,oDAAoD;AACpD,EAAE;AACF,mEAAmE;AACnE,qEAAqE;AACrE,uEAAuE;AACvE,wEAAwE;AACxE,qEAAqE;AACrE,4DAA4D;AAC5D,EAAE;AACF,mEAAmE;AACnE,qEAAqE;AACrE,wDAAwD;AACxD,gEAAgE;AAChE,yCAAyC;AACzC,mEAAmE;AACnE,qEAAqE;AACrE,oCAAoC;AACpC,iEAAiE;AACjE,+DAA+D;AAC/D,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC;KAC9B,MAAM,CAAC;IACN,wBAAwB,EAAE,kBAAkB,CAAC,QAAQ,EAAE;IACvD,kBAAkB,EAAE,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACjE,kBAAkB,EAAE,0BAA0B,CAAC,QAAQ,EAAE;IACzD,mBAAmB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC5C,CAAC;KACD,MAAM,EAAE;KACR,WAAW,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACzB,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,GAAG,CAAC,QAAQ,CAAC;YACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;YAC3B,IAAI,EAAE,EAAE;YACR,OAAO,EACL,mFAAmF;SACtF,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9B,OAAO,EAAE,mBAAmB;IAC5B,QAAQ,EAAE,cAAc;IACxB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,WAAW,EAAE,uBAAuB;IACpC,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACpD,EAAE,EAAE,cAAc,CAAC,QAAQ,EAAE;IAC7B,IAAI,EAAE,gBAAgB,CAAC,QAAQ,EAAE;CAClC,CAAC;KACD,MAAM,EAAE;KACR,WAAW,CAAC,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;IAC3B,MAAM,IAAI,GAAG,mBAAmB,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC7D,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IACpE,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,IAAI,iBAAiB,CAAC,CAAC,CAAC;YAAE,SAAS;QACnC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACrB,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,IAAI,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC;gBAChC,OAAO,EAAE,qCAAqC,CAAC,sDAAsD;aACtG,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,KAAK,CAAC,CAAC;QAC9D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,IAAI,EAAE,CAAC,WAAW,CAAC;gBACnB,OAAO,EACL,2HAA2H;aAC9H,CAAC,CAAC;QACL,CAAC;IACH,CAAC;AACH,CAAC,CAAC,CAAC;AAEL,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,CAAC,CAAC,QAAQ,EAAE,GAAG,EAAE,EAAE;IAChF,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACxB,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,GAAG,CAAC,QAAQ,CAAC;gBACX,IAAI,EAAE,CAAC,CAAC,YAAY,CAAC,MAAM;gBAC3B,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC;gBACjB,OAAO,EAAE,0BAA0B,CAAC,CAAC,IAAI,EAAE;aAC5C,CAAC,CAAC;QACL,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -5,15 +5,18 @@ export declare const PolicyPackSchema: z.ZodObject<{
|
|
|
5
5
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
6
6
|
description: z.ZodOptional<z.ZodString>;
|
|
7
7
|
config: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
8
|
+
min_version: z.ZodOptional<z.ZodString>;
|
|
8
9
|
}, "strict", z.ZodTypeAny, {
|
|
9
10
|
name: string;
|
|
10
11
|
enabled: boolean;
|
|
11
12
|
source: string;
|
|
12
13
|
config: Record<string, unknown>;
|
|
13
14
|
description?: string | undefined;
|
|
15
|
+
min_version?: string | undefined;
|
|
14
16
|
}, {
|
|
15
17
|
name: string;
|
|
16
18
|
description?: string | undefined;
|
|
19
|
+
min_version?: string | undefined;
|
|
17
20
|
enabled?: boolean | undefined;
|
|
18
21
|
source?: string | undefined;
|
|
19
22
|
config?: Record<string, unknown> | undefined;
|
|
@@ -24,15 +27,18 @@ export declare const PolicyPacksSchema: z.ZodEffects<z.ZodArray<z.ZodObject<{
|
|
|
24
27
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
25
28
|
description: z.ZodOptional<z.ZodString>;
|
|
26
29
|
config: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
30
|
+
min_version: z.ZodOptional<z.ZodString>;
|
|
27
31
|
}, "strict", z.ZodTypeAny, {
|
|
28
32
|
name: string;
|
|
29
33
|
enabled: boolean;
|
|
30
34
|
source: string;
|
|
31
35
|
config: Record<string, unknown>;
|
|
32
36
|
description?: string | undefined;
|
|
37
|
+
min_version?: string | undefined;
|
|
33
38
|
}, {
|
|
34
39
|
name: string;
|
|
35
40
|
description?: string | undefined;
|
|
41
|
+
min_version?: string | undefined;
|
|
36
42
|
enabled?: boolean | undefined;
|
|
37
43
|
source?: string | undefined;
|
|
38
44
|
config?: Record<string, unknown> | undefined;
|
|
@@ -42,9 +48,11 @@ export declare const PolicyPacksSchema: z.ZodEffects<z.ZodArray<z.ZodObject<{
|
|
|
42
48
|
source: string;
|
|
43
49
|
config: Record<string, unknown>;
|
|
44
50
|
description?: string | undefined;
|
|
51
|
+
min_version?: string | undefined;
|
|
45
52
|
}[], {
|
|
46
53
|
name: string;
|
|
47
54
|
description?: string | undefined;
|
|
55
|
+
min_version?: string | undefined;
|
|
48
56
|
enabled?: boolean | undefined;
|
|
49
57
|
source?: string | undefined;
|
|
50
58
|
config?: Record<string, unknown> | undefined;
|