@lannguyensi/harness 0.27.0 → 0.28.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +40 -0
- package/README.md +17 -12
- package/dist/cli/apply/apply.js +12 -2
- package/dist/cli/apply/apply.js.map +1 -1
- package/dist/cli/doctor/format.js +32 -1
- package/dist/cli/doctor/format.js.map +1 -1
- package/dist/cli/doctor/index.d.ts +1 -1
- package/dist/cli/doctor/index.js +95 -0
- package/dist/cli/doctor/index.js.map +1 -1
- package/dist/cli/doctor/types.d.ts +56 -0
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/init/composer.js +1 -1
- package/dist/cli/init/composer.js.map +1 -1
- package/dist/cli/init/dependencies.js +10 -9
- package/dist/cli/init/dependencies.js.map +1 -1
- package/dist/cli/init/profiles.d.ts +2 -2
- package/dist/cli/init/profiles.js +2 -2
- package/dist/cli/init/templates.d.ts +1 -1
- package/dist/cli/init/templates.js +1 -1
- package/dist/cli/pack/hook-codex-pre-tool-use.js +6 -3
- package/dist/cli/pack/hook-codex-pre-tool-use.js.map +1 -1
- package/dist/cli/pack/hook-pre-tool-use.js +27 -3
- package/dist/cli/pack/hook-pre-tool-use.js.map +1 -1
- package/dist/cli/pack/read-only-bash.d.ts +13 -0
- package/dist/cli/pack/read-only-bash.js +177 -0
- package/dist/cli/pack/read-only-bash.js.map +1 -0
- package/dist/cli/pack/understanding-report-schema-hint.d.ts +1 -1
- package/dist/cli/pack/understanding-report-schema-hint.js +7 -1
- package/dist/cli/pack/understanding-report-schema-hint.js.map +1 -1
- package/dist/cli/policy/intercept.js +53 -1
- package/dist/cli/policy/intercept.js.map +1 -1
- package/dist/cli/validate/checks.d.ts +1 -1
- package/dist/cli/validate/checks.js +31 -27
- package/dist/cli/validate/checks.js.map +1 -1
- package/dist/io/version-compare.d.ts +16 -5
- package/dist/io/version-compare.js +16 -5
- package/dist/io/version-compare.js.map +1 -1
- package/dist/policy-packs/builtin/branch-protection.d.ts +38 -0
- package/dist/policy-packs/builtin/branch-protection.js +17 -0
- package/dist/policy-packs/builtin/branch-protection.js.map +1 -1
- package/dist/policy-packs/builtin/understanding-before-execution.d.ts +147 -0
- package/dist/policy-packs/builtin/understanding-before-execution.js +72 -10
- package/dist/policy-packs/builtin/understanding-before-execution.js.map +1 -1
- package/dist/policy-packs/config-check.d.ts +31 -0
- package/dist/policy-packs/config-check.js +58 -0
- package/dist/policy-packs/config-check.js.map +1 -0
- package/dist/policy-packs/expand.js +5 -4
- package/dist/policy-packs/expand.js.map +1 -1
- package/dist/policy-packs/index.d.ts +4 -1
- package/dist/policy-packs/index.js +4 -1
- package/dist/policy-packs/index.js.map +1 -1
- package/dist/policy-packs/registry.d.ts +20 -0
- package/dist/policy-packs/registry.js +39 -2
- package/dist/policy-packs/registry.js.map +1 -1
- package/dist/policy-packs/source-check.d.ts +28 -0
- package/dist/policy-packs/source-check.js +49 -0
- package/dist/policy-packs/source-check.js.map +1 -0
- package/dist/policy-packs/version-check.d.ts +37 -0
- package/dist/policy-packs/version-check.js +89 -0
- package/dist/policy-packs/version-check.js.map +1 -0
- package/dist/probes/memory.d.ts +1 -1
- package/dist/schema/hooks.js +6 -1
- package/dist/schema/hooks.js.map +1 -1
- package/dist/schema/index.d.ts +9 -0
- package/dist/schema/memory.js +6 -1
- package/dist/schema/memory.js.map +1 -1
- package/dist/schema/policy-packs.d.ts +8 -0
- package/dist/schema/policy-packs.js +17 -0
- package/dist/schema/policy-packs.js.map +1 -1
- package/dist/schema/tools.js +11 -2
- package/dist/schema/tools.js.map +1 -1
- package/package.json +1 -1
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
import { queryLedgerByTag, } from "../../policies/index.js";
|
|
7
7
|
import * as os from "node:os";
|
|
8
8
|
import { intercept, recordPolicyDecision, resolveGitContext, resolveKubeContext, } from "../../runtime/index.js";
|
|
9
|
+
import { resolveGeneratedDir, writePendingApproval } from "../../runtime/pending-approval.js";
|
|
9
10
|
import { loadManifest } from "../loader.js";
|
|
10
11
|
import { checkPauseFromLoader } from "../pause-check.js";
|
|
11
12
|
async function readStdin(stream) {
|
|
@@ -149,8 +150,16 @@ export async function runInterceptCli(opts = {}) {
|
|
|
149
150
|
}
|
|
150
151
|
}
|
|
151
152
|
let manifest;
|
|
153
|
+
let manifestPath;
|
|
152
154
|
try {
|
|
153
|
-
|
|
155
|
+
if (opts.manifest) {
|
|
156
|
+
manifest = opts.manifest;
|
|
157
|
+
}
|
|
158
|
+
else {
|
|
159
|
+
const loaded = loadManifest(opts);
|
|
160
|
+
manifest = loaded.manifest;
|
|
161
|
+
manifestPath = loaded.resolved.base;
|
|
162
|
+
}
|
|
154
163
|
}
|
|
155
164
|
catch (err) {
|
|
156
165
|
process.stderr.write(`harness policy intercept: manifest load failed: ${err.message}\n`);
|
|
@@ -230,6 +239,49 @@ export async function runInterceptCli(opts = {}) {
|
|
|
230
239
|
...(gitContext.sha.length > 0 && { currentHeadSha: gitContext.sha }),
|
|
231
240
|
...(riskContext && { riskContext }),
|
|
232
241
|
});
|
|
242
|
+
// Stage the session id for a later arg-less `harness approve risk`
|
|
243
|
+
// whenever the FIRST blocking decision is `require_approval`. Mirrors
|
|
244
|
+
// the Understanding Gate hook (src/cli/pack/hook-pre-tool-use.ts):
|
|
245
|
+
// the producer side knows the live session id (it just received it on
|
|
246
|
+
// the hook event), but `harness approve risk` runs from the operator's
|
|
247
|
+
// `!`-shell where `$CLAUDE_SESSION_ID` is unset, so it has to read the
|
|
248
|
+
// marker. `deny` decisions are deliberately not staged: `harness approve
|
|
249
|
+
// risk` cannot unblock a `deny`, and writing a marker the verb cannot
|
|
250
|
+
// act on would just lie about the recoverability of the block. The
|
|
251
|
+
// "first blocking decision" check (rather than `.some()`) matters when
|
|
252
|
+
// two `when:`-bearing policies fire on the same event: the runtime's
|
|
253
|
+
// `intercept()` picks the first blocking decision (`runtime/intercept.ts:511`),
|
|
254
|
+
// so a `deny`-first / `require_approval`-second order produces an
|
|
255
|
+
// unrecoverable block; we mustn't stage in that case either.
|
|
256
|
+
//
|
|
257
|
+
// Best-effort: a staging-write failure must never escalate a gate block
|
|
258
|
+
// into a thrown hook error. `resolveGeneratedDir` is skipped (along
|
|
259
|
+
// with the write) when no manifest path could be resolved — tests
|
|
260
|
+
// exercise the policy logic with injected manifests and no on-disk
|
|
261
|
+
// path, and the test path is also the only place an empty
|
|
262
|
+
// `eventSessionId` is interesting.
|
|
263
|
+
const firstBlocking = result.decisions.find((d) => (d.outcome === "deny" && d.enforcement === "block") ||
|
|
264
|
+
d.outcome === "require_approval");
|
|
265
|
+
if (result.blockJson &&
|
|
266
|
+
eventSessionId !== undefined &&
|
|
267
|
+
eventSessionId.length > 0 &&
|
|
268
|
+
firstBlocking?.outcome === "require_approval") {
|
|
269
|
+
const generatedDir = opts.generatedDir
|
|
270
|
+
?? (manifestPath !== undefined
|
|
271
|
+
? resolveGeneratedDir({
|
|
272
|
+
...(opts.homeDir !== undefined ? { homeDir: opts.homeDir } : {}),
|
|
273
|
+
manifestPath,
|
|
274
|
+
})
|
|
275
|
+
: undefined);
|
|
276
|
+
if (generatedDir !== undefined) {
|
|
277
|
+
try {
|
|
278
|
+
writePendingApproval(generatedDir, eventSessionId);
|
|
279
|
+
}
|
|
280
|
+
catch {
|
|
281
|
+
/* best-effort; the block below proceeds regardless */
|
|
282
|
+
}
|
|
283
|
+
}
|
|
284
|
+
}
|
|
233
285
|
if (result.blockJson) {
|
|
234
286
|
stdout.write(`${JSON.stringify(result.blockJson)}\n`);
|
|
235
287
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"intercept.js","sourceRoot":"","sources":["../../../src/cli/policy/intercept.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,EAAE;AACF,2EAA2E;AAC3E,yEAAyE;AACzE,kEAAkE;AAElE,OAAO,EACL,gBAAgB,GAGjB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EACL,SAAS,EACT,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,GAKnB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,YAAY,EAAsB,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AA+CzD,KAAK,UAAU,SAAS,CAAC,MAA6B;IACpD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3B,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAClC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAkB;IAC1C,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,IAAI,IAAI,CAAC;AAC5E,CAAC;AAED,uEAAuE;AACvE,SAAS,MAAM,CAAC,EAAgB;IAC9B,IAAI,CAAC;QACH,OAAO,EAAE,EAAE,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,wBAAwB,CAAC,QAAwB;IACxD,MAAM,MAAM,GAAG,6BAA6B,QAAQ,CAAC,UAAU,KAAK,QAAQ,CAAC,OAAO,GAClF,QAAQ,CAAC,OAAO,KAAK,eAAe,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,EACnE,EAAE,CAAC;IACH,MAAM,KAAK,GAAa,CAAC,MAAM,CAAC,CAAC;IACjC,KAAK,CAAC,IAAI,CAAC,iBAAiB,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;IAClD,IAAI,QAAQ,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,cAAc,QAAQ,CAAC,YAAY,CAAC,YAAY,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;IACxD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAyB;IACjD,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACvC,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IACzC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAC/C,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC1C,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,0EAA0E;IAC1E,OAAO,CAAC,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AACjD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAC9B,MAAiB,EACjB,IAAyB;IAEzB,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;QAC3C,CAAC,CAAC,MAAM,CAAC,OAAO;QAChB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC;IACpC,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,IAAI,MAAM,CAAC,MAAM,EAAE,UAAU,IAAI,KAAK,CAAC;IAC7E,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,SAAS;YACzB,OAAO,gBAAgB,CAAC;gBACtB,UAAU,EAAE,OAAO;gBACnB,GAAG,CAAC,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;gBAC3B,SAAS;gBACT,SAAS;aACV,CAAC,CAAC;QACL,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS;YAC9B,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE;gBAC7D,UAAU,EAAE,OAAO;gBACnB,GAAG,CAAC,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;gBAC3B,SAAS;aACV,CAAC,CAAC;YACH,iEAAiE;YACjE,kEAAkE;YAClE,gEAAgE;YAChE,mEAAmE;YACnE,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CACV,mDAAmD;oBACjD,GAAG,QAAQ,CAAC,UAAU,KAAK,MAAM,CAAC,MAAM,IAAI,eAAe,IAAI,CAClE,CAAC;YACJ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAc;IAC1C,OAAO;QACL,KAAK,CAAC,KAAK;YACT,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;QACtC,CAAC;QACD,KAAK,CAAC,MAAM;YACV,sCAAsC;QACxC,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAA4B,EAAE;IAE9B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,KAAgB,CAAC;IACrB,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,IAAI,CAAc,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mDAAoD,GAAa,CAAC,OAAO,IAAI,CAC9E,CAAC;QACF,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACxD,CAAC;IAED,uEAAuE;IACvE,wEAAwE;IACxE,yEAAyE;IACzE,yEAAyE;IACzE,yEAAyE;IACzE,qEAAqE;IACrE,CAAC;QACC,MAAM,SAAS,GAA+C;YAC5D,UAAU,EAAE,IAAI;YAChB,SAAS,EAAE,kBAAkB;YAC7B,MAAM;SACP,CAAC;QACF,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS;YAAE,SAAS,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;QAChF,IAAI,IAAI,CAAC,GAAG,KAAK,SAAS;YAAE,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACrD,IAAI,oBAAoB,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;YAC3C,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAED,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC;IAC1D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mDAAoD,GAAa,CAAC,OAAO,IAAI,CAC9E,CAAC;QACF,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACxD,CAAC;IAED,IAAI,MAAoB,CAAC;IACzB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IACvB,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,GAAG,MAAM;YACb,CAAC,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC;YAChC,CAAC,CAAC,oBAAoB,CAAC,wCAAwC,CAAC,CAAC;IACrE,CAAC;IAED,sEAAsE;IACtE,oEAAoE;IACpE,mEAAmE;IACnE,2DAA2D;IAC3D,iEAAiE;IACjE,mEAAmE;IACnE,mEAAmE;IACnE,qEAAqE;IACrE,mEAAmE;IACnE,kEAAkE;IAClE,iEAAiE;IACjE,8DAA8D;IAC9D,uDAAuD;IACvD,sEAAsE;IACtE,mDAAmD;IACnD,MAAM,cAAc,GAAG,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;IAC3F,MAAM,gBAAgB,GAAG,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,EAAE,CAAC;IAC/E,uEAAuE;IACvE,0EAA0E;IAC1E,qEAAqE;IACrE,yEAAyE;IACzE,kEAAkE;IAClE,uDAAuD;IACvD,MAAM,GAAG,GAAG,OAAO,KAAK,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IACtE,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG;QACf,UAAU,EAAE,gBAAgB;QAC5B,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,UAAU,CAAC,IAAI;QACjD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,UAAU,CAAC,MAAM;QACvD,SAAS,EAAE,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;QACrE,GAAG,EAAE,GAAG;KACT,CAAC;IAEF,8DAA8D;IAC9D,qEAAqE;IACrE,sEAAsE;IACtE,qDAAqD;IACrD,IAAI,WAAwC,CAAC;IAC7C,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,GACR,IAAI,CAAC,WAAW,KAAK,SAAS,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS;YAChE,CAAC,CAAC;gBACE,OAAO,EAAE,IAAI,CAAC,WAAW,IAAI,EAAE;gBAC/B,SAAS,EAAE,IAAI,CAAC,aAAa,IAAI,EAAE;aACpC;YACH,CAAC,CAAC,kBAAkB,EAAE,CAAC;QAC3B,WAAW,GAAG;YACZ,GAAG,EAAE,UAAU;YACf,GAAG;YACH,IAAI,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC;YAC1C,IAAI,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC;YACjC,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG;YAC5B,WAAW,EAAE,IAAI,CAAC,OAAO;YACzB,aAAa,EAAE,IAAI,CAAC,SAAS;SAC9B,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC;QAC7B,QAAQ;QACR,KAAK;QACL,MAAM;QACN,QAAQ;QACR,GAAG,CAAC,IAAI,CAAC,eAAe,KAAK,SAAS,IAAI,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,CAAC;QACpF,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;QAClC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,cAAc,EAAE,UAAU,CAAC,GAAG,EAAE,CAAC;QACpE,GAAG,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,CAAC;KACpC,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,gEAAgE;IAChE,iEAAiE;IACjE,mEAAmE;IACnE,oEAAoE;IACpE,iEAAiE;IACjE,oEAAoE;IACpE,gEAAgE;IAChE,wCAAwC;IACxC,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClE,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,IAAI,QAAQ,CAAC,OAAO,KAAK,OAAO;gBAAE,SAAS;YAC3C,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,CAAC;QACX,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,OAAO,EAAE,MAAM,CAAC,SAAS,KAAK,IAAI;KACnC,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAgB,EAAE,QAAkB;IAC7D,MAAM,aAAa,GACjB,OAAO,KAAK,CAAC,eAAe,KAAK,QAAQ,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC;QAC3E,CAAC,CAAC,IAAI,KAAK,CAAC,eAAe,GAAG;QAC9B,CAAC,CAAC,WAAW,CAAC;IAClB,MAAM,YAAY,GAChB,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC;QAC/D,CAAC,CAAC,IAAI,KAAK,CAAC,SAAS,GAAG;QACxB,CAAC,CAAC,WAAW,CAAC;IAClB,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CACjC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CACvD,CAAC,IAAI,EAAE,CAAC;IACT,OAAO,CACL,oDAAoD;QACpD,mBAAmB,aAAa,cAAc,YAAY,GAAG;QAC7D,8BAA8B,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;QAC9D,iGAAiG,CAClG,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"intercept.js","sourceRoot":"","sources":["../../../src/cli/policy/intercept.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,EAAE;AACF,2EAA2E;AAC3E,yEAAyE;AACzE,kEAAkE;AAElE,OAAO,EACL,gBAAgB,GAGjB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,EACL,SAAS,EACT,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,GAKnB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAC9F,OAAO,EAAE,YAAY,EAAsB,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AA+CzD,KAAK,UAAU,SAAS,CAAC,MAA6B;IACpD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3B,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAClC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QACtC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAkB;IAC1C,OAAO,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,IAAI,IAAI,CAAC;AAC5E,CAAC;AAED,uEAAuE;AACvE,SAAS,MAAM,CAAC,EAAgB;IAC9B,IAAI,CAAC;QACH,OAAO,EAAE,EAAE,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,wBAAwB,CAAC,QAAwB;IACxD,MAAM,MAAM,GAAG,6BAA6B,QAAQ,CAAC,UAAU,KAAK,QAAQ,CAAC,OAAO,GAClF,QAAQ,CAAC,OAAO,KAAK,eAAe,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,EACnE,EAAE,CAAC;IACH,MAAM,KAAK,GAAa,CAAC,MAAM,CAAC,CAAC;IACjC,KAAK,CAAC,IAAI,CAAC,iBAAiB,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;IAClD,IAAI,QAAQ,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,cAAc,QAAQ,CAAC,YAAY,CAAC,YAAY,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;IACxD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IACD,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAyB;IACjD,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACvC,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK;QAAE,OAAO,KAAK,CAAC;IACzC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAC/C,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC1C,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,0EAA0E;IAC1E,OAAO,CAAC,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AACjD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB,CAC9B,MAAiB,EACjB,IAAyB;IAEzB,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;QAC3C,CAAC,CAAC,MAAM,CAAC,OAAO;QAChB,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,SAAS,CAAC;IACpC,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,IAAI,MAAM,CAAC,MAAM,EAAE,UAAU,IAAI,KAAK,CAAC;IAC7E,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,SAAS;YACzB,OAAO,gBAAgB,CAAC;gBACtB,UAAU,EAAE,OAAO;gBACnB,GAAG,CAAC,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;gBAC3B,SAAS;gBACT,SAAS;aACV,CAAC,CAAC;QACL,CAAC;QACD,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,SAAS;YAC9B,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE;gBAC7D,UAAU,EAAE,OAAO;gBACnB,GAAG,CAAC,GAAG,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;gBAC3B,SAAS;aACV,CAAC,CAAC;YACH,iEAAiE;YACjE,kEAAkE;YAClE,gEAAgE;YAChE,mEAAmE;YACnE,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CACV,mDAAmD;oBACjD,GAAG,QAAQ,CAAC,UAAU,KAAK,MAAM,CAAC,MAAM,IAAI,eAAe,IAAI,CAClE,CAAC;YACJ,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAc;IAC1C,OAAO;QACL,KAAK,CAAC,KAAK;YACT,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;QACtC,CAAC;QACD,KAAK,CAAC,MAAM;YACV,sCAAsC;QACxC,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAA4B,EAAE;IAE9B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAC7C,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,KAAgB,CAAC;IACrB,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,IAAI,CAAc,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mDAAoD,GAAa,CAAC,OAAO,IAAI,CAC9E,CAAC;QACF,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACxD,CAAC;IAED,uEAAuE;IACvE,wEAAwE;IACxE,yEAAyE;IACzE,yEAAyE;IACzE,yEAAyE;IACzE,qEAAqE;IACrE,CAAC;QACC,MAAM,SAAS,GAA+C;YAC5D,UAAU,EAAE,IAAI;YAChB,SAAS,EAAE,kBAAkB;YAC7B,MAAM;SACP,CAAC;QACF,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS;YAAE,SAAS,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;QAChF,IAAI,IAAI,CAAC,GAAG,KAAK,SAAS;YAAE,SAAS,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACrD,IAAI,oBAAoB,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;YAC3C,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAED,IAAI,QAAkB,CAAC;IACvB,IAAI,YAAgC,CAAC;IACrC,IAAI,CAAC;QACH,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;YAClC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;YAC3B,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QACtC,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,mDAAoD,GAAa,CAAC,OAAO,IAAI,CAC9E,CAAC;QACF,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACxD,CAAC;IAED,IAAI,MAAoB,CAAC;IACzB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IACvB,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,GAAG,MAAM;YACb,CAAC,CAAC,gBAAgB,CAAC,MAAM,EAAE,IAAI,CAAC;YAChC,CAAC,CAAC,oBAAoB,CAAC,wCAAwC,CAAC,CAAC;IACrE,CAAC;IAED,sEAAsE;IACtE,oEAAoE;IACpE,mEAAmE;IACnE,2DAA2D;IAC3D,iEAAiE;IACjE,mEAAmE;IACnE,mEAAmE;IACnE,qEAAqE;IACrE,mEAAmE;IACnE,kEAAkE;IAClE,iEAAiE;IACjE,8DAA8D;IAC9D,uDAAuD;IACvD,sEAAsE;IACtE,mDAAmD;IACnD,MAAM,cAAc,GAAG,OAAO,KAAK,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;IAC3F,MAAM,gBAAgB,GAAG,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,EAAE,CAAC;IAC/E,uEAAuE;IACvE,0EAA0E;IAC1E,qEAAqE;IACrE,yEAAyE;IACzE,kEAAkE;IAClE,uDAAuD;IACvD,MAAM,GAAG,GAAG,OAAO,KAAK,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;IACtE,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG;QACf,UAAU,EAAE,gBAAgB;QAC5B,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,UAAU,CAAC,IAAI;QACjD,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,UAAU,CAAC,MAAM;QACvD,SAAS,EAAE,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;QACrE,GAAG,EAAE,GAAG;KACT,CAAC;IAEF,8DAA8D;IAC9D,qEAAqE;IACrE,sEAAsE;IACtE,qDAAqD;IACrD,IAAI,WAAwC,CAAC;IAC7C,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,EAAE,CAAC;QACxD,MAAM,IAAI,GACR,IAAI,CAAC,WAAW,KAAK,SAAS,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS;YAChE,CAAC,CAAC;gBACE,OAAO,EAAE,IAAI,CAAC,WAAW,IAAI,EAAE;gBAC/B,SAAS,EAAE,IAAI,CAAC,aAAa,IAAI,EAAE;aACpC;YACH,CAAC,CAAC,kBAAkB,EAAE,CAAC;QAC3B,WAAW,GAAG;YACZ,GAAG,EAAE,UAAU;YACf,GAAG;YACH,IAAI,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC;YAC1C,IAAI,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,QAAQ,EAAE,CAAC;YACjC,GAAG,EAAE,IAAI,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG;YAC5B,WAAW,EAAE,IAAI,CAAC,OAAO;YACzB,aAAa,EAAE,IAAI,CAAC,SAAS;SAC9B,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC;QAC7B,QAAQ;QACR,KAAK;QACL,MAAM;QACN,QAAQ;QACR,GAAG,CAAC,IAAI,CAAC,eAAe,KAAK,SAAS,IAAI,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,EAAE,CAAC;QACpF,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;QAClC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,cAAc,EAAE,UAAU,CAAC,GAAG,EAAE,CAAC;QACpE,GAAG,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,CAAC;KACpC,CAAC,CAAC;IAEH,mEAAmE;IACnE,sEAAsE;IACtE,mEAAmE;IACnE,sEAAsE;IACtE,uEAAuE;IACvE,uEAAuE;IACvE,yEAAyE;IACzE,sEAAsE;IACtE,mEAAmE;IACnE,uEAAuE;IACvE,qEAAqE;IACrE,gFAAgF;IAChF,kEAAkE;IAClE,6DAA6D;IAC7D,EAAE;IACF,wEAAwE;IACxE,oEAAoE;IACpE,kEAAkE;IAClE,mEAAmE;IACnE,0DAA0D;IAC1D,mCAAmC;IACnC,MAAM,aAAa,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CACzC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,IAAI,CAAC,CAAC,WAAW,KAAK,OAAO,CAAC;QACnD,CAAC,CAAC,OAAO,KAAK,kBAAkB,CACnC,CAAC;IACF,IACE,MAAM,CAAC,SAAS;QAChB,cAAc,KAAK,SAAS;QAC5B,cAAc,CAAC,MAAM,GAAG,CAAC;QACzB,aAAa,EAAE,OAAO,KAAK,kBAAkB,EAC7C,CAAC;QACD,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY;eACjC,CAAC,YAAY,KAAK,SAAS;gBAC5B,CAAC,CAAC,mBAAmB,CAAC;oBAClB,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBAChE,YAAY;iBACb,CAAC;gBACJ,CAAC,CAAC,SAAS,CAAC,CAAC;QACjB,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC;gBACH,oBAAoB,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;YACrD,CAAC;YAAC,MAAM,CAAC;gBACP,sDAAsD;YACxD,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACxD,CAAC;IAED,gEAAgE;IAChE,iEAAiE;IACjE,mEAAmE;IACnE,oEAAoE;IACpE,iEAAiE;IACjE,oEAAoE;IACpE,gEAAgE;IAChE,wCAAwC;IACxC,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClE,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACxC,IAAI,QAAQ,CAAC,OAAO,KAAK,OAAO;gBAAE,SAAS;YAC3C,MAAM,CAAC,KAAK,CAAC,wBAAwB,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,CAAC;QACX,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,OAAO,EAAE,MAAM,CAAC,SAAS,KAAK,IAAI;KACnC,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAgB,EAAE,QAAkB;IAC7D,MAAM,aAAa,GACjB,OAAO,KAAK,CAAC,eAAe,KAAK,QAAQ,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC;QAC3E,CAAC,CAAC,IAAI,KAAK,CAAC,eAAe,GAAG;QAC9B,CAAC,CAAC,WAAW,CAAC;IAClB,MAAM,YAAY,GAChB,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,IAAI,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC;QAC/D,CAAC,CAAC,IAAI,KAAK,CAAC,SAAS,GAAG;QACxB,CAAC,CAAC,WAAW,CAAC;IAClB,MAAM,gBAAgB,GAAG,KAAK,CAAC,IAAI,CACjC,IAAI,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CACvD,CAAC,IAAI,EAAE,CAAC;IACT,OAAO,CACL,oDAAoD;QACpD,mBAAmB,aAAa,cAAc,YAAY,GAAG;QAC7D,8BAA8B,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK;QAC9D,iGAAiG,CAClG,CAAC;AACJ,CAAC"}
|
|
@@ -5,7 +5,7 @@ export interface CheckOptions {
|
|
|
5
5
|
homeDir?: string;
|
|
6
6
|
pathEnv?: string;
|
|
7
7
|
builtinRuntimeProbe?: () => string[];
|
|
8
|
-
versionProbe?: (cmd: string[]) => string | null;
|
|
8
|
+
versionProbe?: (cmd: readonly string[]) => string | null;
|
|
9
9
|
}
|
|
10
10
|
declare function isRootedPath(p: string): boolean;
|
|
11
11
|
declare function firstToken(command: string): string;
|
|
@@ -1,8 +1,7 @@
|
|
|
1
1
|
import * as fs from "node:fs";
|
|
2
2
|
import * as os from "node:os";
|
|
3
3
|
import * as path from "node:path";
|
|
4
|
-
import {
|
|
5
|
-
import { parsePackSource } from "../../policy-packs/source.js";
|
|
4
|
+
import { checkPolicyPackConfigs, checkPolicyPackSources, } from "../../policy-packs/index.js";
|
|
6
5
|
import { expandHome } from "../../runtime/expand-home.js";
|
|
7
6
|
const DEFAULT_RUNTIME_BUILTINS = [
|
|
8
7
|
"Read",
|
|
@@ -228,33 +227,37 @@ function checkPolicyGroundingMcp(manifest) {
|
|
|
228
227
|
];
|
|
229
228
|
}
|
|
230
229
|
// Phase 6 #2: surface pack-resolution problems at lint time, not at
|
|
231
|
-
// `harness apply` time.
|
|
232
|
-
//
|
|
233
|
-
//
|
|
234
|
-
//
|
|
230
|
+
// `harness apply` time. Delegates to the shared `checkPolicyPackSources`
|
|
231
|
+
// so the apply path (which now also fails loudly on these conditions)
|
|
232
|
+
// stays bit-identical with validate. `enabled: false` packs are skipped
|
|
233
|
+
// on both sides.
|
|
235
234
|
function checkPolicyPacks(manifest) {
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
}
|
|
255
|
-
|
|
235
|
+
return checkPolicyPackSources(manifest).map((issue) => ({
|
|
236
|
+
severity: "error",
|
|
237
|
+
path: `policy_packs[${issue.packIndex}].${issue.field}`,
|
|
238
|
+
message: issue.message,
|
|
239
|
+
}));
|
|
240
|
+
}
|
|
241
|
+
// Phase 6 follow-up (task d78fb3c7): per-pack `config:` shape check.
|
|
242
|
+
// Each builtin pack registers a zod `configSchema` consumed via
|
|
243
|
+
// `checkPolicyPackConfigs`; this turns the strict-mode issues into
|
|
244
|
+
// validate Diagnostics so typo'd keys (`permision_profile`) and bad
|
|
245
|
+
// enum values (`mode: "fastConfirm"`) fail loud at lint time. Runs
|
|
246
|
+
// AFTER the source / name check above; an unknown pack name has no
|
|
247
|
+
// registered schema and would be skipped silently here even without
|
|
248
|
+
// the source check, but emitting both diagnostics in one run is the
|
|
249
|
+
// point — the operator should see every issue per `validate` invocation.
|
|
250
|
+
function checkPolicyPackConfigsAsDiagnostics(manifest) {
|
|
251
|
+
return checkPolicyPackConfigs(manifest).map((issue) => {
|
|
252
|
+
const path = issue.configPath.length > 0
|
|
253
|
+
? `policy_packs[${issue.packIndex}].config.${issue.configPath}`
|
|
254
|
+
: `policy_packs[${issue.packIndex}].config`;
|
|
255
|
+
return {
|
|
256
|
+
severity: "error",
|
|
257
|
+
path,
|
|
258
|
+
message: issue.message,
|
|
259
|
+
};
|
|
256
260
|
});
|
|
257
|
-
return diags;
|
|
258
261
|
}
|
|
259
262
|
export function runAssetChecks(manifest, opts = {}) {
|
|
260
263
|
const home = opts.homeDir ?? os.homedir();
|
|
@@ -266,6 +269,7 @@ export function runAssetChecks(manifest, opts = {}) {
|
|
|
266
269
|
...checkBuiltinDrift(manifest, opts),
|
|
267
270
|
...checkPolicyGroundingMcp(manifest),
|
|
268
271
|
...checkPolicyPacks(manifest),
|
|
272
|
+
...checkPolicyPackConfigsAsDiagnostics(manifest),
|
|
269
273
|
];
|
|
270
274
|
}
|
|
271
275
|
export const __testables = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"checks.js","sourceRoot":"","sources":["../../../src/cli/validate/checks.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,
|
|
1
|
+
{"version":3,"file":"checks.js","sourceRoot":"","sources":["../../../src/cli/validate/checks.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,UAAU,EAAE,MAAM,8BAA8B,CAAC;AAW1D,MAAM,wBAAwB,GAAG;IAC/B,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,OAAO;IACP,OAAO;IACP,YAAY;IACZ,MAAM;IACN,MAAM;CACP,CAAC;AAEF,SAAS,YAAY,CAAC,CAAS;IAC7B,OAAO,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;AAC/D,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AAC9C,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB;IACpC,IAAI,CAAC;QACH,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,QAAgB;IAClC,IAAI,CAAC;QACH,OAAO,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,MAAc,EAAE,OAAe;IACpD,IAAI,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IACtE,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC/D,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACzC,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,YAAY,CAAC,SAAS,CAAC;YAAE,OAAO,SAAS,CAAC;IAC5E,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,SAAS,GAAG,qBAAqB,CAAC;AAExC,SAAS,eAAe,CAAC,MAAc,EAAE,QAAgB;IACvD,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC/D,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACrB,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACrB,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAAE,OAAO,CAAC,CAAC;QACnD,IAAI,EAAE,GAAG,EAAE;YAAE,OAAO,CAAC,CAAC;QACtB,IAAI,EAAE,GAAG,EAAE;YAAE,OAAO,CAAC,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,QAAQ,CAAC,QAAkB,EAAE,IAAY;IAChD,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACjC,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1F,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9B,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC;YAAE,OAAO;QACjC,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACzC,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,aAAa,GAAG,CAAC,IAAI,WAAW;gBACtC,OAAO,EAAE,wBAAwB,QAAQ,EAAE;aAC5C,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,QAAQ,CAAC,QAAkB,EAAE,IAAkB;IACtD,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IACvD,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IAEvD,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACjC,IAAI,QAAuB,CAAC;QAC5B,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAChC,QAAQ,GAAG,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;QACvF,CAAC;aAAM,CAAC;YACN,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAChD,CAAC;QACD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;gBAC5C,IAAI,EAAE,aAAa,GAAG,CAAC,IAAI,UAAU;gBACrC,OAAO,EAAE,GAAG,CAAC,QAAQ;oBACnB,CAAC,CAAC,8BAA8B,GAAG,CAAC,MAAM,EAAE;oBAC5C,CAAC,CAAC,6BAA6B,GAAG,CAAC,MAAM,EAAE;aAC9C,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,WAAW;YAAE,OAAO;QAC7B,MAAM,cAAc,GAAG,GAAG,CAAC,eAAe,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QACtE,MAAM,MAAM,GAAG,YAAY,CAAC,cAAc,CAAC,CAAC;QAC5C,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,SAAS;gBACnB,IAAI,EAAE,aAAa,GAAG,CAAC,IAAI,eAAe;gBAC1C,OAAO,EAAE,4BAA4B,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE;aAChE,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACxB,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,SAAS;gBACnB,IAAI,EAAE,aAAa,GAAG,CAAC,IAAI,eAAe;gBAC1C,OAAO,EAAE,mCAAmC,MAAM,CAAC,IAAI,EAAE,GAAG;aAC7D,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC;YACnD,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,aAAa,GAAG,CAAC,IAAI,eAAe;gBAC1C,OAAO,EAAE,qBAAqB,KAAK,CAAC,CAAC,CAAC,0BAA0B,GAAG,CAAC,WAAW,EAAE;aAClF,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW,CAAC,QAAkB,EAAE,IAAY;IACnD,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;IACtD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,KAAK,MAAM,SAAS,IAAI,QAAQ,EAAE,CAAC;QACjC,IAAI,KAAK,GAAG,KAAK,CAAC;QAClB,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACpD,MAAM,QAAQ,GAAG,UAAU,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YACvC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;YAC7D,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC7B,KAAK,GAAG,IAAI,CAAC;gBACb,MAAM;YACR,CAAC;QACH,CAAC;QACD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,yBAAyB,SAAS,GAAG;gBAC3C,OAAO,EAAE,0DAA0D;aACpE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,UAAU,CAAC,QAAkB,EAAE,IAAY;IAClD,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;QAC9B,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC;YAAE,OAAO;QACjC,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACzC,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QAClC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,SAAS,IAAI,CAAC,IAAI,WAAW;gBACnC,OAAO,EAAE,wBAAwB,QAAQ,EAAE;aAC5C,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;YACnB,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,SAAS,IAAI,CAAC,IAAI,WAAW;gBACnC,OAAO,EAAE,uBAAuB,QAAQ,EAAE;aAC3C,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5B,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,OAAO;gBACjB,IAAI,EAAE,SAAS,IAAI,CAAC,IAAI,WAAW;gBACnC,OAAO,EAAE,8BAA8B,QAAQ,EAAE;aAClD,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAkB,EAAE,IAAkB;IAC/D,MAAM,KAAK,GAAG,IAAI,CAAC,mBAAmB,IAAI,CAAC,GAAG,EAAE,CAAC,wBAAwB,CAAC,CAAC;IAC3E,MAAM,OAAO,GAAG,KAAK,EAAE,CAAC;IACxB,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACpD,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YAClB,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,SAAS;gBACnB,IAAI,EAAE,qBAAqB;gBAC3B,OAAO,EAAE,gCAAgC,CAAC,qCAAqC;aAChF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAkB;IACjD,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,eAAe,CAAC,CAAC;IACzE,IAAI,KAAK;QAAE,OAAO,EAAE,CAAC;IACrB,OAAO;QACL;YACE,QAAQ,EAAE,SAAS;YACnB,IAAI,EAAE,UAAU;YAChB,OAAO,EACL,qIAAqI;SACxI;KACF,CAAC;AACJ,CAAC;AAED,oEAAoE;AACpE,yEAAyE;AACzE,sEAAsE;AACtE,wEAAwE;AACxE,iBAAiB;AACjB,SAAS,gBAAgB,CAAC,QAAkB;IAC1C,OAAO,sBAAsB,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACtD,QAAQ,EAAE,OAAO;QACjB,IAAI,EAAE,gBAAgB,KAAK,CAAC,SAAS,KAAK,KAAK,CAAC,KAAK,EAAE;QACvD,OAAO,EAAE,KAAK,CAAC,OAAO;KACvB,CAAC,CAAC,CAAC;AACN,CAAC;AAED,qEAAqE;AACrE,gEAAgE;AAChE,mEAAmE;AACnE,oEAAoE;AACpE,mEAAmE;AACnE,mEAAmE;AACnE,oEAAoE;AACpE,oEAAoE;AACpE,yEAAyE;AACzE,SAAS,mCAAmC,CAAC,QAAkB;IAC7D,OAAO,sBAAsB,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QACpD,MAAM,IAAI,GACR,KAAK,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC;YACzB,CAAC,CAAC,gBAAgB,KAAK,CAAC,SAAS,YAAY,KAAK,CAAC,UAAU,EAAE;YAC/D,CAAC,CAAC,gBAAgB,KAAK,CAAC,SAAS,UAAU,CAAC;QAChD,OAAO;YACL,QAAQ,EAAE,OAAO;YACjB,IAAI;YACJ,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,QAAkB,EAClB,OAAqB,EAAE;IAEvB,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1C,OAAO;QACL,GAAG,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC;QAC3B,GAAG,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC;QAC3B,GAAG,WAAW,CAAC,QAAQ,EAAE,IAAI,CAAC;QAC9B,GAAG,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC;QAC7B,GAAG,iBAAiB,CAAC,QAAQ,EAAE,IAAI,CAAC;QACpC,GAAG,uBAAuB,CAAC,QAAQ,CAAC;QACpC,GAAG,gBAAgB,CAAC,QAAQ,CAAC;QAC7B,GAAG,mCAAmC,CAAC,QAAQ,CAAC;KACjD,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,UAAU;IACV,YAAY;IACZ,UAAU;IACV,eAAe;IACf,aAAa;IACb,wBAAwB;CACzB,CAAC"}
|
|
@@ -1,13 +1,24 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Numeric semver compare for `min_version` gates in `harness doctor`.
|
|
3
|
-
* Used by the `tools.mcp[]`, `memory.router`,
|
|
4
|
-
* checks. Lives in `src/io/` (a leaf
|
|
5
|
-
* `runtime/`-, `policies/`-, and
|
|
6
|
-
* on it without re-creating the
|
|
7
|
-
* task 1272feb6 just broke.
|
|
3
|
+
* Used by the `tools.mcp[]`, `tools.cli[]`, `memory.router`, `hooks[]`,
|
|
4
|
+
* and `policy_packs[]` version checks. Lives in `src/io/` (a leaf
|
|
5
|
+
* module with no domain imports) so `runtime/`-, `policies/`-, and
|
|
6
|
+
* `cli/`-side consumers can all depend on it without re-creating the
|
|
7
|
+
* runtime/policies module-init cycle that task 1272feb6 just broke.
|
|
8
8
|
*
|
|
9
9
|
* Returns +1 if `a > b`, -1 if `a < b`, 0 on equality or on any parse
|
|
10
10
|
* failure. Pads short components with zeros (`1.2` is treated as
|
|
11
11
|
* `1.2.0` for the purposes of comparison with `1.2.0`).
|
|
12
|
+
*
|
|
13
|
+
* NUMERIC_VERSION_PATTERN is the schema-level guard that ensures
|
|
14
|
+
* `min_version` values feeding this comparator are well-formed numeric
|
|
15
|
+
* semver. Without it, a malformed value (`"latest"`, `"v1.0"`,
|
|
16
|
+
* `"1.0.0-alpha"`) parses to `NaN` components below, which the NaN
|
|
17
|
+
* branch then maps to 0 (equality), silently swallowing the version
|
|
18
|
+
* floor. Schema fields that feed `compareNumericVersions` must wear
|
|
19
|
+
* this pattern, and `NUMERIC_VERSION_MESSAGE` provides a stable
|
|
20
|
+
* operator-facing error string shared across schemas.
|
|
12
21
|
*/
|
|
22
|
+
export declare const NUMERIC_VERSION_PATTERN: RegExp;
|
|
23
|
+
export declare const NUMERIC_VERSION_MESSAGE = "min_version must be numeric semver-shape: digits separated by up to three dots (e.g. \"1\", \"1.2\", \"1.2.3\", \"1.2.3.4\"). Pre-release suffixes and leading \"v\" are rejected.";
|
|
13
24
|
export declare function compareNumericVersions(a: string, b: string): number;
|
|
@@ -1,15 +1,26 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Numeric semver compare for `min_version` gates in `harness doctor`.
|
|
3
|
-
* Used by the `tools.mcp[]`, `memory.router`,
|
|
4
|
-
* checks. Lives in `src/io/` (a leaf
|
|
5
|
-
* `runtime/`-, `policies/`-, and
|
|
6
|
-
* on it without re-creating the
|
|
7
|
-
* task 1272feb6 just broke.
|
|
3
|
+
* Used by the `tools.mcp[]`, `tools.cli[]`, `memory.router`, `hooks[]`,
|
|
4
|
+
* and `policy_packs[]` version checks. Lives in `src/io/` (a leaf
|
|
5
|
+
* module with no domain imports) so `runtime/`-, `policies/`-, and
|
|
6
|
+
* `cli/`-side consumers can all depend on it without re-creating the
|
|
7
|
+
* runtime/policies module-init cycle that task 1272feb6 just broke.
|
|
8
8
|
*
|
|
9
9
|
* Returns +1 if `a > b`, -1 if `a < b`, 0 on equality or on any parse
|
|
10
10
|
* failure. Pads short components with zeros (`1.2` is treated as
|
|
11
11
|
* `1.2.0` for the purposes of comparison with `1.2.0`).
|
|
12
|
+
*
|
|
13
|
+
* NUMERIC_VERSION_PATTERN is the schema-level guard that ensures
|
|
14
|
+
* `min_version` values feeding this comparator are well-formed numeric
|
|
15
|
+
* semver. Without it, a malformed value (`"latest"`, `"v1.0"`,
|
|
16
|
+
* `"1.0.0-alpha"`) parses to `NaN` components below, which the NaN
|
|
17
|
+
* branch then maps to 0 (equality), silently swallowing the version
|
|
18
|
+
* floor. Schema fields that feed `compareNumericVersions` must wear
|
|
19
|
+
* this pattern, and `NUMERIC_VERSION_MESSAGE` provides a stable
|
|
20
|
+
* operator-facing error string shared across schemas.
|
|
12
21
|
*/
|
|
22
|
+
export const NUMERIC_VERSION_PATTERN = /^\d+(?:\.\d+){0,3}$/;
|
|
23
|
+
export const NUMERIC_VERSION_MESSAGE = 'min_version must be numeric semver-shape: digits separated by up to three dots (e.g. "1", "1.2", "1.2.3", "1.2.3.4"). Pre-release suffixes and leading "v" are rejected.';
|
|
13
24
|
export function compareNumericVersions(a, b) {
|
|
14
25
|
const aa = a.split(".").map((n) => Number.parseInt(n, 10));
|
|
15
26
|
const bb = b.split(".").map((n) => Number.parseInt(n, 10));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"version-compare.js","sourceRoot":"","sources":["../../src/io/version-compare.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"version-compare.js","sourceRoot":"","sources":["../../src/io/version-compare.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,qBAAqB,CAAC;AAE7D,MAAM,CAAC,MAAM,uBAAuB,GAClC,0KAA0K,CAAC;AAE7K,MAAM,UAAU,sBAAsB,CAAC,CAAS,EAAE,CAAS;IACzD,MAAM,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC3D,MAAM,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC;IAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACtB,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACtB,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAAE,OAAO,CAAC,CAAC;QACnD,IAAI,EAAE,GAAG,EAAE;YAAE,OAAO,CAAC,CAAC;QACtB,IAAI,EAAE,GAAG,EAAE;YAAE,OAAO,CAAC,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC"}
|
|
@@ -1,8 +1,46 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
1
2
|
import type { PolicyPack } from "../../schema/index.js";
|
|
2
3
|
import { type Runtime } from "../runtime.js";
|
|
3
4
|
import type { PackContribution } from "../types.js";
|
|
4
5
|
import { PACK_NAME } from "./branch-protection-runtime.js";
|
|
5
6
|
export { PACK_NAME };
|
|
7
|
+
/**
|
|
8
|
+
* Zod schema for this pack's `config:` block. See sibling pack
|
|
9
|
+
* `understanding-before-execution.configSchema` for rationale: strict
|
|
10
|
+
* by design so typo'd keys fail loud at lint time. `protected_branches`
|
|
11
|
+
* is the only operator-tunable key today; new keys land here first,
|
|
12
|
+
* then in `resolveProtectedBranches`.
|
|
13
|
+
*/
|
|
14
|
+
export declare const configSchema: z.ZodObject<{
|
|
15
|
+
protected_branches: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
16
|
+
ux: z.ZodOptional<z.ZodObject<{
|
|
17
|
+
cannot: z.ZodString;
|
|
18
|
+
required: z.ZodArray<z.ZodString, "many">;
|
|
19
|
+
run: z.ZodArray<z.ZodString, "many">;
|
|
20
|
+
}, "strict", z.ZodTypeAny, {
|
|
21
|
+
cannot: string;
|
|
22
|
+
required: string[];
|
|
23
|
+
run: string[];
|
|
24
|
+
}, {
|
|
25
|
+
cannot: string;
|
|
26
|
+
required: string[];
|
|
27
|
+
run: string[];
|
|
28
|
+
}>>;
|
|
29
|
+
}, "strict", z.ZodTypeAny, {
|
|
30
|
+
ux?: {
|
|
31
|
+
cannot: string;
|
|
32
|
+
required: string[];
|
|
33
|
+
run: string[];
|
|
34
|
+
} | undefined;
|
|
35
|
+
protected_branches?: string[] | undefined;
|
|
36
|
+
}, {
|
|
37
|
+
ux?: {
|
|
38
|
+
cannot: string;
|
|
39
|
+
required: string[];
|
|
40
|
+
run: string[];
|
|
41
|
+
} | undefined;
|
|
42
|
+
protected_branches?: string[] | undefined;
|
|
43
|
+
}>;
|
|
6
44
|
export declare function resolve(pack: PolicyPack, runtime?: Runtime): {
|
|
7
45
|
contribution: PackContribution;
|
|
8
46
|
warnings: string[];
|
|
@@ -28,9 +28,26 @@
|
|
|
28
28
|
// Pack is OFF by default: it must be enabled per-installation via
|
|
29
29
|
// `harness pack add branch-protection`. The `full` init template does
|
|
30
30
|
// NOT wire it (revisit after one cycle of operator feedback).
|
|
31
|
+
import { z } from "zod";
|
|
32
|
+
import { PolicyUxSchema } from "../../schema/policies.js";
|
|
31
33
|
import { DEFAULT_RUNTIME } from "../runtime.js";
|
|
32
34
|
import { ACK_TAG_PREFIX, DEFAULT_PROTECTED_BRANCHES, NON_PROTECTED_TAG_PREFIX, PACK_NAME, PRODUCER_FRESHNESS_MS, resolveProtectedBranches, } from "./branch-protection-runtime.js";
|
|
33
35
|
export { PACK_NAME };
|
|
36
|
+
/**
|
|
37
|
+
* Zod schema for this pack's `config:` block. See sibling pack
|
|
38
|
+
* `understanding-before-execution.configSchema` for rationale: strict
|
|
39
|
+
* by design so typo'd keys fail loud at lint time. `protected_branches`
|
|
40
|
+
* is the only operator-tunable key today; new keys land here first,
|
|
41
|
+
* then in `resolveProtectedBranches`.
|
|
42
|
+
*/
|
|
43
|
+
export const configSchema = z
|
|
44
|
+
.object({
|
|
45
|
+
protected_branches: z.array(z.string().min(1)).optional(),
|
|
46
|
+
// `ux` is consumed by the PreToolUse blocker to render an
|
|
47
|
+
// agent-facing remediation block when the gate trips.
|
|
48
|
+
ux: PolicyUxSchema.optional(),
|
|
49
|
+
})
|
|
50
|
+
.strict();
|
|
34
51
|
const HOOK_NAME_PREFIX = `policy-pack:${PACK_NAME}`;
|
|
35
52
|
const PRE_TOOL_USE_MATCH_CLAUDE = "Write|Edit";
|
|
36
53
|
const PRE_TOOL_USE_MATCH_CODEX = "apply_patch";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"branch-protection.js","sourceRoot":"","sources":["../../../src/policy-packs/builtin/branch-protection.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,EAAE;AACF,sEAAsE;AACtE,uEAAuE;AACvE,sEAAsE;AACtE,wEAAwE;AACxE,EAAE;AACF,yDAAyD;AACzD,EAAE;AACF,0EAA0E;AAC1E,oEAAoE;AACpE,qEAAqE;AACrE,uCAAuC;AACvC,EAAE;AACF,kEAAkE;AAClE,sEAAsE;AACtE,wDAAwD;AACxD,+DAA+D;AAC/D,oEAAoE;AACpE,0EAA0E;AAC1E,mDAAmD;AACnD,EAAE;AACF,wEAAwE;AACxE,sEAAsE;AACtE,iEAAiE;AACjE,WAAW;AACX,EAAE;AACF,kEAAkE;AAClE,sEAAsE;AACtE,8DAA8D;
|
|
1
|
+
{"version":3,"file":"branch-protection.js","sourceRoot":"","sources":["../../../src/policy-packs/builtin/branch-protection.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,EAAE;AACF,sEAAsE;AACtE,uEAAuE;AACvE,sEAAsE;AACtE,wEAAwE;AACxE,EAAE;AACF,yDAAyD;AACzD,EAAE;AACF,0EAA0E;AAC1E,oEAAoE;AACpE,qEAAqE;AACrE,uCAAuC;AACvC,EAAE;AACF,kEAAkE;AAClE,sEAAsE;AACtE,wDAAwD;AACxD,+DAA+D;AAC/D,oEAAoE;AACpE,0EAA0E;AAC1E,mDAAmD;AACnD,EAAE;AACF,wEAAwE;AACxE,sEAAsE;AACtE,iEAAiE;AACjE,WAAW;AACX,EAAE;AACF,kEAAkE;AAClE,sEAAsE;AACtE,8DAA8D;AAE9D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAE1D,OAAO,EAAE,eAAe,EAAgB,MAAM,eAAe,CAAC;AAE9D,OAAO,EACL,cAAc,EACd,0BAA0B,EAC1B,wBAAwB,EACxB,SAAS,EACT,qBAAqB,EACrB,wBAAwB,GACzB,MAAM,gCAAgC,CAAC;AAExC,OAAO,EAAE,SAAS,EAAE,CAAC;AAErB;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,kBAAkB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACzD,0DAA0D;IAC1D,sDAAsD;IACtD,EAAE,EAAE,cAAc,CAAC,QAAQ,EAAE;CAC9B,CAAC;KACD,MAAM,EAAE,CAAC;AAEZ,MAAM,gBAAgB,GAAG,eAAe,SAAS,EAAE,CAAC;AAEpD,MAAM,yBAAyB,GAAG,YAAY,CAAC;AAC/C,MAAM,wBAAwB,GAAG,aAAa,CAAC;AAE/C,MAAM,gBAAgB,GAAG,oCAAoC,CAAC;AAC9D,MAAM,eAAe,GAAG,qCAAqC,CAAC;AAE9D,SAAS,UAAU,CAAC,OAAgB;IAClC,MAAM,OAAO,GAAG,OAAO,KAAK,OAAO,CAAC;IACpC,MAAM,YAAY,GAAG,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,yBAAyB,CAAC;IACpF,OAAO;QACL;YACE,IAAI,EAAE,GAAG,gBAAgB,gBAAgB;YACzC,KAAK,EAAE,cAAc;YACrB,OAAO,EAAE,gBAAgB;YACzB,QAAQ,EAAE,KAAK;YACf,SAAS,EAAE,IAAI;YACf,WAAW,EACT,wKAAwK;SAC3K;QACD;YACE,IAAI,EAAE,GAAG,gBAAgB,eAAe;YACxC,KAAK,EAAE,YAAY;YACnB,KAAK,EAAE,YAAY;YACnB,OAAO,EAAE,eAAe;YACxB,QAAQ,EAAE,MAAM;YAChB,SAAS,EAAE,IAAI;YACf,WAAW,EAAE,iBAAiB,YAAY,0HAA0H;SACrK;KACF,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAgB,EAAE,QAA2B,EAAE,OAAgB;IACxF,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACnD,MAAM,OAAO,GAAG,OAAO,KAAK,OAAO,CAAC;IACpC,MAAM,YAAY,GAAG,OAAO,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,yBAAyB,CAAC;IACpF,MAAM,gBAAgB,GAAG,OAAO;QAC9B,CAAC,CAAC,uCAAuC;QACzC,CAAC,CAAC,iCAAiC,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,GAAG,KAAK,CAAC,CAAC;IAC1D,OAAO,kBAAkB,SAAS;;;;;;;;EAQlC,OAAO;;;;EAIP,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;uDAMS,gBAAgB;;kCAErC,gBAAgB;;oBAE9B,wBAAwB;;;+BAGb,eAAe;OACvC,YAAY;WACR,wBAAwB;uBACZ,OAAO;WACnB,cAAc;;;;;oCAKW,gBAAgB;;;;;;gBAMpC,cAAc;;;;;;;;;;;;;;;EAe5B,WAAW,CAAC,CAAC,CAAC,OAAO,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE;;YAEtD,SAAS;eACN,OAAO;cACR,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC;CAClD,CAAC;AACF,CAAC;AAED,MAAM,UAAU,OAAO,CACrB,IAAgB,EAChB,UAAmB,eAAe;IAElC,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAC7D,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IAClC,MAAM,KAAK,GAA2B;QACpC;YACE,YAAY,EAAE,gBAAgB,SAAS,kBAAkB;YACzD,OAAO,EAAE,iBAAiB,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC;SACpD;KACF,CAAC;IACF,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,IAAI,OAAO;QAAE,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACpC,OAAO,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,CAAC;AACtD,CAAC"}
|
|
@@ -1,10 +1,157 @@
|
|
|
1
|
+
import { z } from "zod";
|
|
1
2
|
import type { PolicyPack } from "../../schema/index.js";
|
|
2
3
|
import { type Runtime } from "../runtime.js";
|
|
3
4
|
import type { PackContribution } from "../types.js";
|
|
4
5
|
export declare const PACK_NAME = "understanding-before-execution";
|
|
6
|
+
export declare const VERSION_COMMAND: readonly [string, string];
|
|
5
7
|
export type Mode = "fast_confirm" | "grill_me" | "strict";
|
|
6
8
|
export declare const DEFAULT_MODE: Mode;
|
|
7
9
|
export declare function isMode(value: unknown): value is Mode;
|
|
10
|
+
/**
|
|
11
|
+
* Zod schema for this pack's `config:` block. Surfaced via
|
|
12
|
+
* `resolveBuiltinConfigSchema()` and consumed by `harness validate` /
|
|
13
|
+
* `harness doctor` so typo'd keys (e.g. `permision_profile`) or values
|
|
14
|
+
* (e.g. `mode: fastConfirm`) fail loud at lint time instead of falling
|
|
15
|
+
* through to the runtime fallback. Each shape mirrors what the pack's
|
|
16
|
+
* own resolvers (`resolveMode`, `resolveExpireOnToolMatch`,
|
|
17
|
+
* `resolvePermissionProfile`) accept — the schema is a typo guard, not
|
|
18
|
+
* a replacement parser; the resolvers still own defaults + warnings for
|
|
19
|
+
* borderline cases the schema lets through.
|
|
20
|
+
*
|
|
21
|
+
* `.strict()` is intentional: this pack already documents every
|
|
22
|
+
* supported key, and an unknown key in the operator's manifest is far
|
|
23
|
+
* more likely to be a typo than forward-compat. New keys added in a
|
|
24
|
+
* future harness version land in this schema first, then in the pack.
|
|
25
|
+
*/
|
|
26
|
+
export declare const configSchema: z.ZodObject<{
|
|
27
|
+
mode: z.ZodOptional<z.ZodEnum<[Mode, ...Mode[]]>>;
|
|
28
|
+
permission_profile: z.ZodOptional<z.ZodEnum<[string, ...string[]]>>;
|
|
29
|
+
approval_lifecycle: z.ZodOptional<z.ZodObject<{
|
|
30
|
+
mode: z.ZodOptional<z.ZodLiteral<"session">>;
|
|
31
|
+
expire_on_tool_match: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
32
|
+
expire_on_bash_match: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
|
|
33
|
+
max_age: z.ZodOptional<z.ZodString>;
|
|
34
|
+
}, "strict", z.ZodTypeAny, {
|
|
35
|
+
mode?: "session" | undefined;
|
|
36
|
+
expire_on_tool_match?: string[] | undefined;
|
|
37
|
+
expire_on_bash_match?: string[] | undefined;
|
|
38
|
+
max_age?: string | undefined;
|
|
39
|
+
}, {
|
|
40
|
+
mode?: "session" | undefined;
|
|
41
|
+
expire_on_tool_match?: string[] | undefined;
|
|
42
|
+
expire_on_bash_match?: string[] | undefined;
|
|
43
|
+
max_age?: string | undefined;
|
|
44
|
+
}>>;
|
|
45
|
+
ux: z.ZodOptional<z.ZodObject<{
|
|
46
|
+
cannot: z.ZodString;
|
|
47
|
+
required: z.ZodArray<z.ZodString, "many">;
|
|
48
|
+
run: z.ZodArray<z.ZodString, "many">;
|
|
49
|
+
}, "strict", z.ZodTypeAny, {
|
|
50
|
+
cannot: string;
|
|
51
|
+
required: string[];
|
|
52
|
+
run: string[];
|
|
53
|
+
}, {
|
|
54
|
+
cannot: string;
|
|
55
|
+
required: string[];
|
|
56
|
+
run: string[];
|
|
57
|
+
}>>;
|
|
58
|
+
producers: z.ZodOptional<z.ZodArray<z.ZodDiscriminatedUnion<"kind", [z.ZodObject<{
|
|
59
|
+
kind: z.ZodLiteral<"bash">;
|
|
60
|
+
command: z.ZodString;
|
|
61
|
+
description: z.ZodString;
|
|
62
|
+
}, "strict", z.ZodTypeAny, {
|
|
63
|
+
command: string;
|
|
64
|
+
description: string;
|
|
65
|
+
kind: "bash";
|
|
66
|
+
}, {
|
|
67
|
+
command: string;
|
|
68
|
+
description: string;
|
|
69
|
+
kind: "bash";
|
|
70
|
+
}>, z.ZodObject<{
|
|
71
|
+
kind: z.ZodLiteral<"mcp">;
|
|
72
|
+
verb: z.ZodString;
|
|
73
|
+
example: z.ZodString;
|
|
74
|
+
description: z.ZodString;
|
|
75
|
+
}, "strict", z.ZodTypeAny, {
|
|
76
|
+
description: string;
|
|
77
|
+
kind: "mcp";
|
|
78
|
+
verb: string;
|
|
79
|
+
example: string;
|
|
80
|
+
}, {
|
|
81
|
+
description: string;
|
|
82
|
+
kind: "mcp";
|
|
83
|
+
verb: string;
|
|
84
|
+
example: string;
|
|
85
|
+
}>, z.ZodObject<{
|
|
86
|
+
kind: z.ZodLiteral<"ask">;
|
|
87
|
+
command: z.ZodString;
|
|
88
|
+
description: z.ZodString;
|
|
89
|
+
}, "strict", z.ZodTypeAny, {
|
|
90
|
+
command: string;
|
|
91
|
+
description: string;
|
|
92
|
+
kind: "ask";
|
|
93
|
+
}, {
|
|
94
|
+
command: string;
|
|
95
|
+
description: string;
|
|
96
|
+
kind: "ask";
|
|
97
|
+
}>]>, "many">>;
|
|
98
|
+
}, "strict", z.ZodTypeAny, {
|
|
99
|
+
producers?: ({
|
|
100
|
+
command: string;
|
|
101
|
+
description: string;
|
|
102
|
+
kind: "bash";
|
|
103
|
+
} | {
|
|
104
|
+
description: string;
|
|
105
|
+
kind: "mcp";
|
|
106
|
+
verb: string;
|
|
107
|
+
example: string;
|
|
108
|
+
} | {
|
|
109
|
+
command: string;
|
|
110
|
+
description: string;
|
|
111
|
+
kind: "ask";
|
|
112
|
+
})[] | undefined;
|
|
113
|
+
ux?: {
|
|
114
|
+
cannot: string;
|
|
115
|
+
required: string[];
|
|
116
|
+
run: string[];
|
|
117
|
+
} | undefined;
|
|
118
|
+
mode?: Mode | undefined;
|
|
119
|
+
permission_profile?: string | undefined;
|
|
120
|
+
approval_lifecycle?: {
|
|
121
|
+
mode?: "session" | undefined;
|
|
122
|
+
expire_on_tool_match?: string[] | undefined;
|
|
123
|
+
expire_on_bash_match?: string[] | undefined;
|
|
124
|
+
max_age?: string | undefined;
|
|
125
|
+
} | undefined;
|
|
126
|
+
}, {
|
|
127
|
+
producers?: ({
|
|
128
|
+
command: string;
|
|
129
|
+
description: string;
|
|
130
|
+
kind: "bash";
|
|
131
|
+
} | {
|
|
132
|
+
description: string;
|
|
133
|
+
kind: "mcp";
|
|
134
|
+
verb: string;
|
|
135
|
+
example: string;
|
|
136
|
+
} | {
|
|
137
|
+
command: string;
|
|
138
|
+
description: string;
|
|
139
|
+
kind: "ask";
|
|
140
|
+
})[] | undefined;
|
|
141
|
+
ux?: {
|
|
142
|
+
cannot: string;
|
|
143
|
+
required: string[];
|
|
144
|
+
run: string[];
|
|
145
|
+
} | undefined;
|
|
146
|
+
mode?: Mode | undefined;
|
|
147
|
+
permission_profile?: string | undefined;
|
|
148
|
+
approval_lifecycle?: {
|
|
149
|
+
mode?: "session" | undefined;
|
|
150
|
+
expire_on_tool_match?: string[] | undefined;
|
|
151
|
+
expire_on_bash_match?: string[] | undefined;
|
|
152
|
+
max_age?: string | undefined;
|
|
153
|
+
} | undefined;
|
|
154
|
+
}>;
|
|
8
155
|
export interface ResolvePackOptions {
|
|
9
156
|
/**
|
|
10
157
|
* Absolute path to the persisted-report directory the pack's hooks
|