npm - @llm-dev-ops/agentics-cli - Versions diffs - 1.4.13 → 1.4.15 - Mend

@llm-dev-ops/agentics-cli 1.4.13 → 1.4.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (116) hide show

package/dist/adapters/base-adapter.d.ts.map +1 -1
package/dist/adapters/base-adapter.js +66 -18
package/dist/adapters/base-adapter.js.map +1 -1
package/dist/agents/cli-ux-agent.d.ts +9 -3
package/dist/agents/cli-ux-agent.d.ts.map +1 -1
package/dist/agents/cli-ux-agent.js +13 -67
package/dist/agents/cli-ux-agent.js.map +1 -1
package/dist/agents/decision-event.d.ts +1 -1
package/dist/agents/decision-event.d.ts.map +1 -1
package/dist/agents/decision-event.js +12 -7
package/dist/agents/decision-event.js.map +1 -1
package/dist/auth/internal-allowlist.d.ts +19 -17
package/dist/auth/internal-allowlist.d.ts.map +1 -1
package/dist/auth/internal-allowlist.js +20 -90
package/dist/auth/internal-allowlist.js.map +1 -1
package/dist/auth/role-permissions.d.ts +23 -6
package/dist/auth/role-permissions.d.ts.map +1 -1
package/dist/auth/role-permissions.js +25 -37
package/dist/auth/role-permissions.js.map +1 -1
package/dist/cli/index.js +346 -33
package/dist/cli/index.js.map +1 -1
package/dist/commands/demo.d.ts +30 -0
package/dist/commands/demo.d.ts.map +1 -0
package/dist/commands/demo.js +393 -0
package/dist/commands/demo.js.map +1 -0
package/dist/commands/diligence.d.ts.map +1 -1
package/dist/commands/diligence.js +10 -15
package/dist/commands/diligence.js.map +1 -1
package/dist/commands/export.d.ts.map +1 -1
package/dist/commands/export.js +5 -7
package/dist/commands/export.js.map +1 -1
package/dist/commands/inspect.d.ts +17 -4
package/dist/commands/inspect.d.ts.map +1 -1
package/dist/commands/inspect.js +189 -77
package/dist/commands/inspect.js.map +1 -1
package/dist/commands/quantify.d.ts.map +1 -1
package/dist/commands/quantify.js +12 -0
package/dist/commands/quantify.js.map +1 -1
package/dist/commands/readiness.d.ts +47 -0
package/dist/commands/readiness.d.ts.map +1 -0
package/dist/commands/readiness.js +270 -0
package/dist/commands/readiness.js.map +1 -0
package/dist/commands/simulate.d.ts +6 -0
package/dist/commands/simulate.d.ts.map +1 -1
package/dist/commands/simulate.js +167 -123
package/dist/commands/simulate.js.map +1 -1
package/dist/commands/whoami.js +3 -3
package/dist/commands/whoami.js.map +1 -1
package/dist/config/endpoints.js +2 -2
package/dist/config/endpoints.js.map +1 -1
package/dist/contracts/adr-command-semantics.js +3 -3
package/dist/contracts/adr-command-semantics.js.map +1 -1
package/dist/contracts/canonical.d.ts +207 -0
package/dist/contracts/canonical.d.ts.map +1 -0
package/dist/contracts/canonical.js +191 -0
package/dist/contracts/canonical.js.map +1 -0
package/dist/contracts/index.d.ts +3 -1
package/dist/contracts/index.d.ts.map +1 -1
package/dist/contracts/index.js +2 -0
package/dist/contracts/index.js.map +1 -1
package/dist/contracts/schemas/index.d.ts +194 -5
package/dist/contracts/schemas/index.d.ts.map +1 -1
package/dist/contracts/schemas/index.js +106 -0
package/dist/contracts/schemas/index.js.map +1 -1
package/dist/contracts/validator.d.ts +1 -1
package/dist/contracts/validator.d.ts.map +1 -1
package/dist/contracts/validator.js +17 -5
package/dist/contracts/validator.js.map +1 -1
package/dist/gates/argument-guard.js +1 -1
package/dist/gates/argument-guard.js.map +1 -1
package/dist/gates/execution-gate.d.ts +24 -54
package/dist/gates/execution-gate.d.ts.map +1 -1
package/dist/gates/execution-gate.js +79 -166
package/dist/gates/execution-gate.js.map +1 -1
package/dist/gates/index.d.ts +6 -0
package/dist/gates/index.d.ts.map +1 -1
package/dist/gates/index.js +8 -0
package/dist/gates/index.js.map +1 -1
package/dist/gates/meta-simulation-detector.d.ts +48 -0
package/dist/gates/meta-simulation-detector.d.ts.map +1 -0
package/dist/gates/meta-simulation-detector.js +45 -0
package/dist/gates/meta-simulation-detector.js.map +1 -0
package/dist/gates/readiness-gate.d.ts +108 -0
package/dist/gates/readiness-gate.d.ts.map +1 -0
package/dist/gates/readiness-gate.js +194 -0
package/dist/gates/readiness-gate.js.map +1 -0
package/dist/gates/ruvector-acceptance-gate.d.ts +78 -0
package/dist/gates/ruvector-acceptance-gate.d.ts.map +1 -0
package/dist/gates/ruvector-acceptance-gate.js +191 -0
package/dist/gates/ruvector-acceptance-gate.js.map +1 -0
package/dist/modules/artifact-handoff.d.ts.map +1 -1
package/dist/modules/artifact-handoff.js +26 -0
package/dist/modules/artifact-handoff.js.map +1 -1
package/dist/modules/command-parser.d.ts +1 -1
package/dist/modules/command-parser.d.ts.map +1 -1
package/dist/modules/command-parser.js +3 -1
package/dist/modules/command-parser.js.map +1 -1
package/dist/modules/output-renderer.d.ts +13 -1
package/dist/modules/output-renderer.d.ts.map +1 -1
package/dist/modules/output-renderer.js +68 -0
package/dist/modules/output-renderer.js.map +1 -1
package/dist/runtime/claude-code-runner.d.ts.map +1 -1
package/dist/runtime/claude-code-runner.js +165 -0
package/dist/runtime/claude-code-runner.js.map +1 -1
package/dist/synthesis/dynamic-router.d.ts +80 -0
package/dist/synthesis/dynamic-router.d.ts.map +1 -0
package/dist/synthesis/dynamic-router.js +63 -0
package/dist/synthesis/dynamic-router.js.map +1 -0
package/dist/synthesis/prompts/index.d.ts.map +1 -1
package/dist/synthesis/prompts/index.js +100 -23
package/dist/synthesis/prompts/index.js.map +1 -1
package/dist/types/index.d.ts +59 -0
package/dist/types/index.d.ts.map +1 -1
package/dist/types/index.js +8 -0
package/dist/types/index.js.map +1 -1
package/package.json +1 -1

package/dist/auth/internal-allowlist.d.ts CHANGED Viewed

@@ -1,27 +1,29 @@
 /**
- * Internal Email Allowlist
+ * Internal Email Allowlist — Deprecated (Platform-Side)
  *
- * Determines if an email address belongs to an approved internal user.
- * Internal users get `payment_status: 'paid'` automatically — no payment required.
+ * ARCHITECTURE:
+ *   Internal user classification is now a platform-side concern.
+ *   The CLI does NOT maintain email allowlists or determine who is "internal".
+ *   When the user authenticates, the platform resolves their entitlement.
  *
- * Resolution order:
- *   1. ~/.agentics/internal-allowlist.json  (file-based, operator-managed)
- *   2. AGENTICS_INTERNAL_EMAILS env var     (comma-separated emails)
- *   3. AGENTICS_INTERNAL_DOMAINS env var    (comma-separated domains)
+ * REMOVED (moved to platform):
+ *   - File-based allowlist (~/.agentics/internal-allowlist.json)
+ *   - AGENTICS_INTERNAL_EMAILS env var processing
+ *   - AGENTICS_INTERNAL_DOMAINS env var processing
+ *   - isInternalEmail() local classification
  *
- * File format (~/.agentics/internal-allowlist.json):
- *   {
- *     "emails": ["nick@company.com", "dev@company.com"],
- *     "domains": ["company.com", "internal.dev"]
- *   }
+ * WHAT REMAINS:
+ *   - Deprecated stubs for backward compatibility
  */
 /**
- * Check if an email is on the internal allowlist.
+ * @deprecated Internal email classification is now platform-side.
+ * The CLI does not determine who is "internal" — the platform does.
+ * Always returns false; the platform resolves entitlement on auth.
  */
-export declare function isInternalEmail(email: string): boolean;
+export declare function isInternalEmail(_email: string): boolean;
 /**
- * Initialize the allowlist file with the given emails/domains.
- * Creates ~/.agentics/ if needed.
+ * @deprecated Allowlist management is now platform-side.
+ * Returns empty string — no local file is written.
  */
-export declare function initAllowlist(emails: string[], domains: string[]): string;
+export declare function initAllowlist(_emails: string[], _domains: string[]): string;
 //# sourceMappingURL=internal-allowlist.d.ts.map

package/dist/auth/internal-allowlist.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"internal-allowlist.d.ts","sourceRoot":"","sources":["../../src/auth/internal-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;~~AA0DH;;GAEG~~;AACH,wBAAgB,eAAe,CAAC,~~KAAK~~,EAAE,MAAM,GAAG,OAAO,~~CAkBtD~~;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,~~MAAM~~,EAAE,MAAM,EAAE,EAAE,~~OAAO~~,EAAE,MAAM,EAAE,GAAG,MAAM,~~CAezE~~"}
1	+ {"version":3,"file":"internal-allowlist.d.ts","sourceRoot":"","sources":["../../src/auth/internal-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAEvD;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,MAAM,CAE3E"}

package/dist/auth/internal-allowlist.js CHANGED Viewed

@@ -1,103 +1,33 @@
 /**
- * Internal Email Allowlist
+ * Internal Email Allowlist — Deprecated (Platform-Side)
  *
- * Determines if an email address belongs to an approved internal user.
- * Internal users get `payment_status: 'paid'` automatically — no payment required.
+ * ARCHITECTURE:
+ *   Internal user classification is now a platform-side concern.
+ *   The CLI does NOT maintain email allowlists or determine who is "internal".
+ *   When the user authenticates, the platform resolves their entitlement.
  *
- * Resolution order:
- *   1. ~/.agentics/internal-allowlist.json  (file-based, operator-managed)
- *   2. AGENTICS_INTERNAL_EMAILS env var     (comma-separated emails)
- *   3. AGENTICS_INTERNAL_DOMAINS env var    (comma-separated domains)
+ * REMOVED (moved to platform):
+ *   - File-based allowlist (~/.agentics/internal-allowlist.json)
+ *   - AGENTICS_INTERNAL_EMAILS env var processing
+ *   - AGENTICS_INTERNAL_DOMAINS env var processing
+ *   - isInternalEmail() local classification
  *
- * File format (~/.agentics/internal-allowlist.json):
- *   {
- *     "emails": ["nick@company.com", "dev@company.com"],
- *     "domains": ["company.com", "internal.dev"]
- *   }
+ * WHAT REMAINS:
+ *   - Deprecated stubs for backward compatibility
  */
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import * as os from 'node:os';
-const ALLOWLIST_PATH = path.join(os.homedir(), '.agentics', 'internal-allowlist.json');
 /**
- * Load the allowlist from file + env vars.
+ * @deprecated Internal email classification is now platform-side.
+ * The CLI does not determine who is "internal" — the platform does.
+ * Always returns false; the platform resolves entitlement on auth.
  */
-function loadAllowlist() {
-    const emails = new Set();
-    const domains = new Set();
-    // Source 1: File
-    try {
-        const raw = fs.readFileSync(ALLOWLIST_PATH, 'utf-8');
-        const config = JSON.parse(raw);
-        if (Array.isArray(config.emails)) {
-            for (const e of config.emails)
-                emails.add(e.toLowerCase().trim());
-        }
-        if (Array.isArray(config.domains)) {
-            for (const d of config.domains)
-                domains.add(d.toLowerCase().trim());
-        }
-    }
-    catch {
-        // File doesn't exist or is invalid — that's fine
-    }
-    // Source 2: AGENTICS_INTERNAL_EMAILS env var
-    const envEmails = process.env['AGENTICS_INTERNAL_EMAILS'];
-    if (envEmails) {
-        for (const e of envEmails.split(',')) {
-            const trimmed = e.toLowerCase().trim();
-            if (trimmed)
-                emails.add(trimmed);
-        }
-    }
-    // Source 3: AGENTICS_INTERNAL_DOMAINS env var
-    const envDomains = process.env['AGENTICS_INTERNAL_DOMAINS'];
-    if (envDomains) {
-        for (const d of envDomains.split(',')) {
-            const trimmed = d.toLowerCase().trim();
-            if (trimmed)
-                domains.add(trimmed);
-        }
-    }
-    return {
-        emails: [...emails],
-        domains: [...domains],
-    };
-}
-/**
- * Check if an email is on the internal allowlist.
- */
-export function isInternalEmail(email) {
-    if (!email)
-        return false;
-    const normalized = email.toLowerCase().trim();
-    const allowlist = loadAllowlist();
-    // Exact email match
-    if (allowlist.emails?.includes(normalized)) {
-        return true;
-    }
-    // Domain match
-    const domain = normalized.split('@')[1];
-    if (domain && allowlist.domains?.includes(domain)) {
-        return true;
-    }
+export function isInternalEmail(_email) {
     return false;
 }
 /**
- * Initialize the allowlist file with the given emails/domains.
- * Creates ~/.agentics/ if needed.
+ * @deprecated Allowlist management is now platform-side.
+ * Returns empty string — no local file is written.
  */
-export function initAllowlist(emails, domains) {
-    const dir = path.dirname(ALLOWLIST_PATH);
-    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
-    const config = {
-        emails: emails.map(e => e.toLowerCase().trim()),
-        domains: domains.map(d => d.toLowerCase().trim()),
-    };
-    fs.writeFileSync(ALLOWLIST_PATH, JSON.stringify(config, null, 2), {
-        encoding: 'utf-8',
-        mode: 0o600,
-    });
-    return ALLOWLIST_PATH;
+export function initAllowlist(_emails, _domains) {
+    return '';
 }
 //# sourceMappingURL=internal-allowlist.js.map

package/dist/auth/internal-allowlist.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"internal-allowlist.js","sourceRoot":"","sources":["../../src/auth/internal-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH~~,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC~~;~~AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAO9B,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,yBAAyB,CAAC,CAAC;AAEvF;;GAEG;~~AACH,~~SAAS,aAAa;IACpB,~~MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAElC,iBAAiB;IACjB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,CAAC;QAClD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YACjC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM;gBAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAClC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO;gBAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,iDAAiD;IACnD,CAAC;IAED,6CAA6C;IAC7C,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAC1D,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YACrC,MAAM,OAAO,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;YACvC,IAAI,OAAO;gBAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;IAC5D,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,MAAM,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YACtC,MAAM,OAAO,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;YACvC,IAAI,OAAO;gBAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACpC,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE,CAAC,GAAG,MAAM,CAAC;QACnB,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC;KACtB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,~~KAAa~~;~~IAC3C~~,~~IAAI,CAAC,KAAK;QAAE,~~OAAO,KAAK,CAAC;IAEzB,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAC9C,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;IAElC,oBAAoB;IACpB,IAAI,SAAS,CAAC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,eAAe;IACf,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,IAAI,MAAM,IAAI,SAAS,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAClD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,~~MAAgB,EAAE,~~OAAiB~~;IAC/D~~,~~MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IACzC,~~EAAE,~~CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC~~;~~IAEpD~~,~~MAAM,MAAM,GAAoB;QAC9B,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;QAC/C,~~OAAO,EAAE,~~OAAO,~~CAAC~~,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC~~;~~KAClD~~,CAAC~~;IAEF,EAAE,CAAC,aAAa,CAAC,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;QAChE,QAAQ,EAAE,OAAO;QACjB,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;IAEH,OAAO,cAAc,CAAC;AACxB,CAAC~~"}
1	+ {"version":3,"file":"internal-allowlist.js","sourceRoot":"","sources":["../../src/auth/internal-allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;;;;GAIG;AACH,MAAM,UAAU,eAAe,CAAC,MAAc;IAC5C,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,OAAiB,EAAE,QAAkB;IACjE,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/auth/role-permissions.d.ts CHANGED Viewed

@@ -1,12 +1,29 @@
 /**
- * Role Permissions
+ * Role Permissions — Deprecated (Platform-Side)
  *
- * Lookup table for role-based access control.
- * Three roles: owner, admin, member.
- * Permissions enforced server-side.
+ * ARCHITECTURE:
+ *   Role-based access control is a platform-side concern.
+ *   The CLI does NOT enforce permissions — it sends the request
+ *   with credentials, and the platform returns 403 if unauthorized.
+ *
+ * REMOVED (moved to platform):
+ *   - ROLE_PERMISSIONS matrix (owner/admin/member mappings)
+ *   - hasPermission() local enforcement
+ *
+ * WHAT REMAINS:
+ *   - Type definitions (for contract compatibility)
+ *   - Deprecated stubs
  */
 import type { OrgRole } from '../types/index.js';
 export type Permission = 'plan:read' | 'plan:create' | 'plan:delete' | 'plan:approve' | 'simulate:read' | 'simulate:create' | 'simulate:run' | 'simulate:delete' | 'deploy:read' | 'deploy:create' | 'deploy:run' | 'deploy:rollback' | 'export:read' | 'export:create' | 'policy:read' | 'policy:create' | 'policy:edit' | 'policy:delete' | 'org:read' | 'org:manage' | 'usage:read' | 'usage:reset';
-export declare function hasPermission(role: OrgRole, permission: Permission): boolean;
-export declare function getPermissions(role: OrgRole): ReadonlySet<Permission>;
+/**
+ * @deprecated Permission checks are now platform-side.
+ * The CLI does not enforce RBAC — the platform does.
+ * Always returns true; the platform will reject unauthorized requests.
+ */
+export declare function hasPermission(_role: OrgRole, _permission: Permission): boolean;
+/**
+ * @deprecated Permission lookups are now platform-side.
+ */
+export declare function getPermissions(_role: OrgRole): ReadonlySet<Permission>;
 //# sourceMappingURL=role-permissions.d.ts.map

package/dist/auth/role-permissions.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"role-permissions.d.ts","sourceRoot":"","sources":["../../src/auth/role-permissions.ts"],"names":[],"mappings":"AAAA~~;;;;;;GAMG~~;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAEjD,MAAM,MAAM,UAAU,GAClB,WAAW,GAAG,aAAa,GAAG,aAAa,GAAG,cAAc,GAC5D,eAAe,GAAG,iBAAiB,GAAG,cAAc,GAAG,iBAAiB,GACxE,aAAa,GAAG,eAAe,GAAG,YAAY,GAAG,iBAAiB,GAClE,aAAa,GAAG,eAAe,GAC/B,aAAa,GAAG,eAAe,GAAG,aAAa,GAAG,eAAe,GACjE,UAAU,GAAG,YAAY,GACzB,YAAY,GAAG,aAAa,CAAC;~~AAgCjC~~,wBAAgB,aAAa,CAAC,~~IAAI~~,EAAE,OAAO,EAAE,~~UAAU~~,EAAE,UAAU,GAAG,OAAO,~~CAE5E~~;AAED,wBAAgB,cAAc,CAAC,~~IAAI~~,EAAE,OAAO,GAAG,WAAW,CAAC,UAAU,CAAC,~~CAErE~~"}
1	+ {"version":3,"file":"role-permissions.d.ts","sourceRoot":"","sources":["../../src/auth/role-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAEjD,MAAM,MAAM,UAAU,GAClB,WAAW,GAAG,aAAa,GAAG,aAAa,GAAG,cAAc,GAC5D,eAAe,GAAG,iBAAiB,GAAG,cAAc,GAAG,iBAAiB,GACxE,aAAa,GAAG,eAAe,GAAG,YAAY,GAAG,iBAAiB,GAClE,aAAa,GAAG,eAAe,GAC/B,aAAa,GAAG,eAAe,GAAG,aAAa,GAAG,eAAe,GACjE,UAAU,GAAG,YAAY,GACzB,YAAY,GAAG,aAAa,CAAC;AAEjC;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,UAAU,GAAG,OAAO,CAE9E;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,OAAO,GAAG,WAAW,CAAC,UAAU,CAAC,CAEtE"}

package/dist/auth/role-permissions.js CHANGED Viewed

@@ -1,43 +1,31 @@
 /**
- * Role Permissions
+ * Role Permissions — Deprecated (Platform-Side)
  *
- * Lookup table for role-based access control.
- * Three roles: owner, admin, member.
- * Permissions enforced server-side.
+ * ARCHITECTURE:
+ *   Role-based access control is a platform-side concern.
+ *   The CLI does NOT enforce permissions — it sends the request
+ *   with credentials, and the platform returns 403 if unauthorized.
+ *
+ * REMOVED (moved to platform):
+ *   - ROLE_PERMISSIONS matrix (owner/admin/member mappings)
+ *   - hasPermission() local enforcement
+ *
+ * WHAT REMAINS:
+ *   - Type definitions (for contract compatibility)
+ *   - Deprecated stubs
+ */
+/**
+ * @deprecated Permission checks are now platform-side.
+ * The CLI does not enforce RBAC — the platform does.
+ * Always returns true; the platform will reject unauthorized requests.
  */
-const ROLE_PERMISSIONS = {
-    owner: new Set([
-        'plan:read', 'plan:create', 'plan:delete', 'plan:approve',
-        'simulate:read', 'simulate:create', 'simulate:run', 'simulate:delete',
-        'deploy:read', 'deploy:create', 'deploy:run', 'deploy:rollback',
-        'export:read', 'export:create',
-        'policy:read', 'policy:create', 'policy:edit', 'policy:delete',
-        'org:read', 'org:manage',
-        'usage:read', 'usage:reset',
-    ]),
-    admin: new Set([
-        'plan:read', 'plan:create', 'plan:delete', 'plan:approve',
-        'simulate:read', 'simulate:create', 'simulate:run', 'simulate:delete',
-        'deploy:read', 'deploy:create', 'deploy:run', 'deploy:rollback',
-        'export:read', 'export:create',
-        'policy:read', 'policy:create', 'policy:edit', 'policy:delete',
-        'org:read',
-        'usage:read',
-    ]),
-    member: new Set([
-        'plan:read', 'plan:create',
-        'simulate:read', 'simulate:create', 'simulate:run',
-        'deploy:read',
-        'export:read', 'export:create',
-        'policy:read',
-        'org:read',
-        'usage:read',
-    ]),
-};
-export function hasPermission(role, permission) {
-    return ROLE_PERMISSIONS[role]?.has(permission) ?? false;
+export function hasPermission(_role, _permission) {
+    return true;
 }
-export function getPermissions(role) {
-    return ROLE_PERMISSIONS[role] ?? new Set();
+/**
+ * @deprecated Permission lookups are now platform-side.
+ */
+export function getPermissions(_role) {
+    return new Set();
 }
 //# sourceMappingURL=role-permissions.js.map

package/dist/auth/role-permissions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"role-permissions.js","sourceRoot":"","sources":["../../src/auth/role-permissions.ts"],"names":[],"mappings":"AAAA~~;;;;;;GAMG~~;AAaH~~,MAAM,gBAAgB,GAA6C~~;~~IACjE~~,KAAK,EAAE,IAAI,GAAG,CAAa;QACzB,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc;QACzD,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,iBAAiB;QACrE,aAAa,EAAE,eAAe,EAAE,YAAY,EAAE,iBAAiB;QAC/D,aAAa,EAAE,eAAe;QAC9B,aAAa,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe;QAC9D,UAAU,EAAE,YAAY;QACxB,YAAY,EAAE,aAAa;KAC5B,CAAC;IACF,KAAK,EAAE,IAAI,GAAG,CAAa;QACzB,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc;QACzD,eAAe,EAAE,iBAAiB,EAAE,cAAc,EAAE,iBAAiB;QACrE,aAAa,EAAE,eAAe,EAAE,YAAY,EAAE,iBAAiB;QAC/D,aAAa,EAAE,eAAe;QAC9B,aAAa,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe;QAC9D,UAAU;QACV,YAAY;KACb,CAAC;IACF,MAAM,~~EAAE,IAAI,GAAG,CAAa;QAC1B,WAAW,EAAE,aAAa;QAC1B,eAAe,EAAE,iBAAiB,EAAE,cAAc;QAClD,aAAa;QACb,aAAa,EAAE,eAAe;QAC9B,aAAa;QACb,~~UAAU~~;QACV~~,~~YAAY;KACb,CAAC;CACH,CAAC;AAEF,MAAM,UAAU,~~aAAa,CAAC,~~IAAa~~,EAAE,~~UAAsB~~;~~IACjE~~,OAAO,~~gBAAgB,CAAC,~~IAAI,CAAC~~,EAAE,GAAG,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC~~;~~AAC1D~~,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,~~IAAa~~;~~IAC1C~~,OAAO,~~gBAAgB,CAAC,~~IAAI,~~CAAC,IAAI,IAAI,~~GAAG,EAAE,CAAC;~~AAC7C~~,CAAC"}
1	+ {"version":3,"file":"role-permissions.js","sourceRoot":"","sources":["../../src/auth/role-permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAaH;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,KAAc,EAAE,WAAuB;IACnE,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,KAAc;IAC3C,OAAO,IAAI,GAAG,EAAE,CAAC;AACnB,CAAC"}