@lumenflow/cli 4.20.2 → 4.21.0

package/packs/agent-runtime/.turbo/turbo-build.log

@@ -1,4 +1,4 @@
 
-> @lumenflow/packs-agent-runtime@4.20.1 build /home/tom/source/hellmai/lumenflow-dev/packages/@lumenflow/packs/agent-runtime
+> @lumenflow/packs-agent-runtime@4.21.0 build /home/runner/work/lumenflow-dev/lumenflow-dev/packages/@lumenflow/packs/agent-runtime
 > tsc
 

package/packs/agent-runtime/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lumenflow/packs-agent-runtime",
-  "version": "4.20.2",
+  "version": "4.21.0",
   "description": "Agent runtime pack scaffold for LumenFlow — governed model-turn execution, pack config, and provider capability baselines",
   "keywords": [
     "lumenflow",

package/packs/sidekick/.turbo/turbo-build.log

@@ -1,4 +1,4 @@
 
-> @lumenflow/packs-sidekick@4.20.1 build /home/tom/source/hellmai/lumenflow-dev/packages/@lumenflow/packs/sidekick
+> @lumenflow/packs-sidekick@4.21.0 build /home/runner/work/lumenflow-dev/lumenflow-dev/packages/@lumenflow/packs/sidekick
 > tsc
 

package/packs/sidekick/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lumenflow/packs-sidekick",
-  "version": "4.20.2",
+  "version": "4.21.0",
   "description": "Sidekick personal assistant pack for LumenFlow — 16 tools for task management, typed memory, channels, routines, and audit",
   "keywords": [
     "lumenflow",

package/packs/software-delivery/.turbo/turbo-build.log

@@ -1,4 +1,4 @@
 
-> @lumenflow/packs-software-delivery@4.20.1 build /home/tom/source/hellmai/lumenflow-dev/packages/@lumenflow/packs/software-delivery
+> @lumenflow/packs-software-delivery@4.21.0 build /home/runner/work/lumenflow-dev/lumenflow-dev/packages/@lumenflow/packs/software-delivery
 > tsc
 

package/packs/software-delivery/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lumenflow/packs-software-delivery",
-  "version": "4.20.2",
+  "version": "4.21.0",
   "description": "Software delivery pack for LumenFlow — work units, gates, lanes, initiatives, and agent coordination",
   "keywords": [
     "lumenflow",

package/templates/core/LUMENFLOW.md.template

@@ -369,6 +369,7 @@ For the full worktree lifecycle (parallel execution, bootstrap, isolation guaran
 | `pnpm validate`                   | Run validation checks                                 |
 | `pnpm lumenflow:pre-commit-check` | Run enforcement checks used by pre-commit and CI      |
 | `pnpm gate:co-change`             | Manage co-change gate rules (add, remove, edit, list) |
+| `pnpm gate:conditional`           | Manage conditional_commands entries (add/remove/edit/list) |
 | `pnpm format`                     | Format all files (Prettier)                           |
 | `pnpm lint`                       | Run ESLint                                            |
 | `pnpm typecheck`                  | Run TypeScript type checking                          |

package/templates/core/ai/onboarding/quick-ref-commands.md.template

@@ -218,6 +218,10 @@ without explicit human instruction.**
 | `pnpm gate:co-change --remove --name <N>`                          | Remove co-change gate rule                           |
 | `pnpm gate:co-change --edit --name <N> --severity <S>`             | Edit co-change gate rule                             |
 | `pnpm gate:co-change --list`                                       | List all co-change rules (built-in + custom)         |
+| `pnpm gate:conditional --add --name <N> --trigger <G> --command <C>` | Add conditional command                              |
+| `pnpm gate:conditional --remove --name <N>`                         | Remove conditional command                           |
+| `pnpm gate:conditional --edit --name <N> --severity <S>`            | Edit conditional command                             |
+| `pnpm gate:conditional --list [--json]`                             | List conditional commands                            |
 
 ¹ **Script aliases:** `spec:linter` and `tasks:validate` are pnpm script aliases
 for `wu:validate --all`. They are not standalone CLI commands.

package/dist/chunk-2D2VOCA4.js

@@ -1,37 +0,0 @@
-import {
-  TEST_TYPES,
-  WU_TYPES
-} from "./chunk-V6OJGLBA.js";
-
-// ../core/dist/wu-type-helpers.js
-function isNonEmptyArray(value) {
-  return Array.isArray(value) && value.length > 0;
-}
-function isDocumentationType(type) {
-  return typeof type === "string" && type === WU_TYPES.DOCUMENTATION;
-}
-function isProcessType(type) {
-  return typeof type === "string" && type === WU_TYPES.PROCESS;
-}
-function isDocsOrProcessType(type) {
-  return isDocumentationType(type) || isProcessType(type);
-}
-function hasAnyTests(tests) {
-  if (!tests || typeof tests !== "object")
-    return false;
-  const t = tests;
-  return isNonEmptyArray(t[TEST_TYPES.MANUAL]) || isNonEmptyArray(t[TEST_TYPES.UNIT]) || isNonEmptyArray(t[TEST_TYPES.E2E]) || isNonEmptyArray(t[TEST_TYPES.INTEGRATION]);
-}
-function hasManualTests(tests) {
-  if (!tests || typeof tests !== "object")
-    return false;
-  const t = tests;
-  return isNonEmptyArray(t[TEST_TYPES.MANUAL]);
-}
-
-export {
-  isDocumentationType,
-  isDocsOrProcessType,
-  hasAnyTests,
-  hasManualTests
-};

package/dist/chunk-2D5KFYGX.js

@@ -1,284 +0,0 @@
-import {
-  DomainPackManifestSchema,
-  PACK_MANIFEST_FILE_NAME,
-  UTF8_ENCODING,
-  computeDeterministicPackHash,
-  isBroadWildcardScopePattern,
-  resolvePackToolEntryPath,
-  validateDomainPackToolSafety,
-  validatePackImportBoundaries
-} from "./chunk-HANJXVKW.js";
-import {
-  WU_OPTIONS,
-  createWUParser,
-  runCLI
-} from "./chunk-2GXVIN57.js";
-
-// src/pack-validate.ts
-import { readFile } from "fs/promises";
-import { join, resolve } from "path";
-import YAML from "yaml";
-var LOG_PREFIX = "[pack:validate]";
-var DEFAULT_PACKS_ROOT = "packages/@lumenflow/packs";
-var HTTPS_PROTOCOL = "https:";
-var NETWORK_URL_PROPERTY = "url";
-var SECURITY_LINT_ERROR = {
-  PERMISSION_SCOPE_READ_WRITE: "permission/scope mismatch: read-permission tool cannot request write path access.",
-  PERMISSION_SCOPE_WRITE_MISSING: "permission/scope mismatch: write-permission tool must include at least one write path scope.",
-  WILDCARD_WRITE: "forbidden wildcard write scope. Replace with constrained path pattern (for example reports/**/*.md).",
-  NETWORK_URL_REQUIRED: "network-scoped tools must constrain input_schema.properties.url via const/enum https URL allow-list.",
-  NETWORK_URL_INVALID: "network-scoped tool has invalid URL in input_schema.properties.url.",
-  NETWORK_URL_SCHEME: "network-scoped tool URL must use https:// in input_schema.properties.url."
-};
-async function validatePack(options) {
-  const { packRoot, hashExclusions } = options;
-  const absolutePackRoot = resolve(packRoot);
-  let manifest;
-  const manifestResult = await validateManifest(absolutePackRoot);
-  if (manifestResult.status === "pass" && manifestResult.manifest) {
-    manifest = manifestResult.manifest;
-  }
-  const toolEntriesResult = manifest ? validateToolEntries(absolutePackRoot, manifest) : { status: "skip", error: "Skipped: manifest validation failed" };
-  const importBoundariesResult = await checkImportBoundaries(absolutePackRoot, hashExclusions);
-  const securityLintResult = manifest ? runSecurityLint(manifest) : { status: "skip", error: "Skipped: manifest validation failed" };
-  const integrityResult = await computeIntegrity(absolutePackRoot, hashExclusions);
-  const allPassed = manifestResult.status === "pass" && toolEntriesResult.status === "pass" && importBoundariesResult.status === "pass" && securityLintResult.status === "pass" && integrityResult.status === "pass";
-  return {
-    manifest: manifestResult,
-    importBoundaries: importBoundariesResult,
-    toolEntries: toolEntriesResult,
-    securityLint: securityLintResult,
-    integrity: integrityResult,
-    allPassed
-  };
-}
-async function validateManifest(packRoot) {
-  try {
-    const manifestPath = join(packRoot, PACK_MANIFEST_FILE_NAME);
-    const manifestRaw = await readFile(manifestPath, UTF8_ENCODING);
-    const parsed = YAML.parse(manifestRaw);
-    const manifest = DomainPackManifestSchema.parse(parsed);
-    return { status: "pass", manifest };
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    return { status: "fail", error: message };
-  }
-}
-function validateToolEntries(packRoot, manifest) {
-  try {
-    for (const tool of manifest.tools) {
-      resolvePackToolEntryPath(packRoot, tool.entry);
-    }
-    return { status: "pass" };
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    return { status: "fail", error: message };
-  }
-}
-async function checkImportBoundaries(packRoot, hashExclusions) {
-  try {
-    await validatePackImportBoundaries(packRoot, hashExclusions);
-    return { status: "pass" };
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    return { status: "fail", error: message };
-  }
-}
-async function computeIntegrity(packRoot, hashExclusions) {
-  try {
-    const hash = await computeDeterministicPackHash({
-      packRoot,
-      exclusions: hashExclusions
-    });
-    return { status: "pass", hash };
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    return { status: "fail", error: message };
-  }
-}
-function isObjectRecord(value) {
-  return typeof value === "object" && value !== null;
-}
-function extractNetworkUrls(tool) {
-  const inputSchema = tool.input_schema;
-  if (!isObjectRecord(inputSchema)) {
-    return [];
-  }
-  const properties = inputSchema.properties;
-  if (!isObjectRecord(properties)) {
-    return [];
-  }
-  const urlSchema = properties[NETWORK_URL_PROPERTY];
-  if (!isObjectRecord(urlSchema)) {
-    return [];
-  }
-  if (typeof urlSchema.const === "string") {
-    return [urlSchema.const];
-  }
-  if (!Array.isArray(urlSchema.enum)) {
-    return [];
-  }
-  return urlSchema.enum.filter((candidate) => typeof candidate === "string");
-}
-function lintPermissionScopeConsistency(tool) {
-  const pathScopes = tool.required_scopes.filter(
-    (scope) => scope.type === "path"
-  );
-  const hasWritePathScope = pathScopes.some((scope) => scope.access === "write");
-  const issues = [];
-  if (tool.permission === "read" && hasWritePathScope) {
-    issues.push(SECURITY_LINT_ERROR.PERMISSION_SCOPE_READ_WRITE);
-  }
-  if (tool.permission === "write" && pathScopes.length > 0 && !hasWritePathScope) {
-    issues.push(SECURITY_LINT_ERROR.PERMISSION_SCOPE_WRITE_MISSING);
-  }
-  return issues;
-}
-function runSecurityLint(manifest) {
-  const issues = /* @__PURE__ */ new Set();
-  for (const tool of manifest.tools) {
-    for (const issue of lintPermissionScopeConsistency(tool)) {
-      issues.add(`Tool "${tool.name}": ${issue}`);
-    }
-    for (const issue of validateDomainPackToolSafety(tool)) {
-      issues.add(`Tool "${tool.name}": ${issue}`);
-    }
-    const hasNetworkScope = tool.required_scopes.some((scope) => scope.type === "network");
-    for (const scope of tool.required_scopes) {
-      if (scope.type !== "path") {
-        continue;
-      }
-      if ((tool.permission === "write" || tool.permission === "admin") && scope.access === "write" && isBroadWildcardScopePattern(scope.pattern)) {
-        issues.add(`Tool "${tool.name}": ${SECURITY_LINT_ERROR.WILDCARD_WRITE}`);
-      }
-    }
-    if (!hasNetworkScope) {
-      continue;
-    }
-    const allowedUrls = extractNetworkUrls(tool);
-    if (allowedUrls.length === 0) {
-      issues.add(`Tool "${tool.name}": ${SECURITY_LINT_ERROR.NETWORK_URL_REQUIRED}`);
-      continue;
-    }
-    for (const allowedUrl of allowedUrls) {
-      let parsedUrl;
-      try {
-        parsedUrl = new URL(allowedUrl);
-      } catch {
-        issues.add(
-          `Tool "${tool.name}" URL "${allowedUrl}": ${SECURITY_LINT_ERROR.NETWORK_URL_INVALID}`
-        );
-        continue;
-      }
-      if (parsedUrl.protocol !== HTTPS_PROTOCOL) {
-        issues.add(
-          `Tool "${tool.name}" URL "${allowedUrl}": ${SECURITY_LINT_ERROR.NETWORK_URL_SCHEME}`
-        );
-      }
-    }
-  }
-  if (issues.size > 0) {
-    return {
-      status: "fail",
-      error: [...issues].join("\n")
-    };
-  }
-  return { status: "pass" };
-}
-var CHECK_LABELS = {
-  manifest: "Manifest schema",
-  importBoundaries: "Import boundaries",
-  toolEntries: "Tool entry resolution",
-  securityLint: "Security lint",
-  integrity: "Integrity hash"
-};
-var STATUS_INDICATORS = {
-  pass: "PASS",
-  fail: "FAIL",
-  skip: "SKIP"
-};
-function formatValidationReport(result) {
-  const lines = [];
-  lines.push("Pack Validation Report");
-  lines.push("=====================");
-  lines.push("");
-  const checks = [
-    ["manifest", result.manifest],
-    ["importBoundaries", result.importBoundaries],
-    ["toolEntries", result.toolEntries],
-    ["securityLint", result.securityLint],
-    ["integrity", result.integrity]
-  ];
-  for (const [key, check] of checks) {
-    const label = CHECK_LABELS[key];
-    const indicator = STATUS_INDICATORS[check.status];
-    lines.push(`  [${indicator}] ${label}`);
-    if (check.status === "fail" && check.error) {
-      lines.push(`         Error: ${check.error}`);
-    }
-    if (key === "integrity" && "hash" in check && check.hash) {
-      lines.push(`         Hash: sha256:${check.hash}`);
-    }
-  }
-  lines.push("");
-  lines.push(`Result: ${result.allPassed ? "ALL CHECKS PASSED" : "VALIDATION FAILED"}`);
-  return lines.join("\n");
-}
-var PACK_VALIDATE_OPTIONS = {
-  packId: {
-    name: "id",
-    flags: "--id <packId>",
-    description: "Pack ID to validate (resolves under --packs-root)"
-  },
-  packsRoot: {
-    name: "packsRoot",
-    flags: "--packs-root <dir>",
-    description: `Root directory containing packs (default: "${DEFAULT_PACKS_ROOT}")`
-  },
-  packRoot: {
-    name: "packRoot",
-    flags: "--pack-root <dir>",
-    description: "Direct path to pack directory (overrides --id and --packs-root)"
-  }
-};
-async function main() {
-  const opts = createWUParser({
-    name: "pack-validate",
-    description: "Validate a LumenFlow domain pack for integrity",
-    options: [
-      PACK_VALIDATE_OPTIONS.packId,
-      PACK_VALIDATE_OPTIONS.packsRoot,
-      PACK_VALIDATE_OPTIONS.packRoot,
-      WU_OPTIONS.force
-    ]
-  });
-  const packId = opts.id;
-  const packsRoot = opts.packsRoot ?? DEFAULT_PACKS_ROOT;
-  const directPackRoot = opts.packRoot;
-  let resolvedPackRoot;
-  if (directPackRoot) {
-    resolvedPackRoot = resolve(directPackRoot);
-  } else if (packId) {
-    resolvedPackRoot = resolve(packsRoot, packId);
-  } else {
-    console.error(`${LOG_PREFIX} Error: Provide --id <packId> or --pack-root <dir>`);
-    process.exit(1);
-  }
-  console.log(`${LOG_PREFIX} Validating pack at: ${resolvedPackRoot}`);
-  const result = await validatePack({ packRoot: resolvedPackRoot });
-  const report = formatValidationReport(result);
-  console.log(report);
-  if (!result.allPassed) {
-    process.exit(1);
-  }
-}
-if (import.meta.main) {
-  void runCLI(main);
-}
-
-export {
-  LOG_PREFIX,
-  validatePack,
-  formatValidationReport,
-  main
-};