@neurcode-ai/cli 0.20.12 → 0.20.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/activate.d.ts.map +1 -1
- package/dist/commands/activate.js +27 -0
- package/dist/commands/activate.js.map +1 -1
- package/dist/commands/agent.d.ts.map +1 -1
- package/dist/commands/agent.js +50 -0
- package/dist/commands/agent.js.map +1 -1
- package/dist/commands/brain.d.ts.map +1 -1
- package/dist/commands/brain.js +32 -0
- package/dist/commands/brain.js.map +1 -1
- package/dist/commands/init.d.ts.map +1 -1
- package/dist/commands/init.js +22 -0
- package/dist/commands/init.js.map +1 -1
- package/dist/commands/login.d.ts.map +1 -1
- package/dist/commands/login.js +46 -0
- package/dist/commands/login.js.map +1 -1
- package/dist/commands/onboard.d.ts.map +1 -1
- package/dist/commands/onboard.js +191 -1
- package/dist/commands/onboard.js.map +1 -1
- package/dist/commands/repo.d.ts.map +1 -1
- package/dist/commands/repo.js +47 -0
- package/dist/commands/repo.js.map +1 -1
- package/dist/commands/runtime-sync.d.ts.map +1 -1
- package/dist/commands/runtime-sync.js +9 -0
- package/dist/commands/runtime-sync.js.map +1 -1
- package/dist/commands/session-hook.d.ts.map +1 -1
- package/dist/commands/session-hook.js +27 -0
- package/dist/commands/session-hook.js.map +1 -1
- package/dist/commands/telemetry.d.ts +3 -0
- package/dist/commands/telemetry.d.ts.map +1 -0
- package/dist/commands/telemetry.js +63 -0
- package/dist/commands/telemetry.js.map +1 -0
- package/dist/index.js +38 -1
- package/dist/index.js.map +1 -1
- package/dist/runtime-build.json +5 -5
- package/dist/utils/activation-telemetry.d.ts +38 -0
- package/dist/utils/activation-telemetry.d.ts.map +1 -0
- package/dist/utils/activation-telemetry.js +271 -0
- package/dist/utils/activation-telemetry.js.map +1 -0
- package/dist/utils/enterprise-dogfood-report.d.ts +203 -0
- package/dist/utils/enterprise-dogfood-report.d.ts.map +1 -0
- package/dist/utils/enterprise-dogfood-report.js +321 -0
- package/dist/utils/enterprise-dogfood-report.js.map +1 -0
- package/dist/utils/runtime-privacy.d.ts +15 -0
- package/dist/utils/runtime-privacy.d.ts.map +1 -1
- package/dist/utils/runtime-privacy.js +181 -0
- package/dist/utils/runtime-privacy.js.map +1 -1
- package/package.json +9 -8
- package/LICENSE +0 -201
|
@@ -0,0 +1,321 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Enterprise Repo Dogfood report — pure, source-free builder (Iteration 14).
|
|
4
|
+
*
|
|
5
|
+
* Iterations 6-13 proved the runtime against fixtures, sandbox payloads, and
|
|
6
|
+
* `neurcode verify --ci` timing on real checkouts. Iteration 14 closes the loop
|
|
7
|
+
* the roadmap actually asks for: drive a *governed cross-file session* on a real,
|
|
8
|
+
* pinned third-party repository and record — honestly and source-free — whether
|
|
9
|
+
* the product was useful.
|
|
10
|
+
*
|
|
11
|
+
* This module is the deterministic, I/O-free core. It takes a single
|
|
12
|
+
* already-source-free facts object ({@link DogfoodReportInput}) gathered by the
|
|
13
|
+
* operator harness (`scripts/enterprise-repo-dogfood-v1.mjs`) and turns it into:
|
|
14
|
+
*
|
|
15
|
+
* 1. {@link buildEnterpriseDogfoodReport} — a machine-readable manifest
|
|
16
|
+
* (`neurcode.enterprise-dogfood-report.v1`) carrying repo facts, brain index
|
|
17
|
+
* metrics, the honest per-tool enforcement posture, structured session
|
|
18
|
+
* observations, source-free evidence pointers, and a seven-dimension score.
|
|
19
|
+
* 2. {@link renderEnterpriseDogfoodReportMarkdown} — the human-readable report.
|
|
20
|
+
*
|
|
21
|
+
* Hard rules (shared with utils/enterprise-eval-report.ts + utils/pilot-evidence-pack.ts):
|
|
22
|
+
* - Source-free. Only slugs, public OSS identities, paths, owners, counts,
|
|
23
|
+
* hashes, verdicts, and durations are read or emitted. We NEVER carry source,
|
|
24
|
+
* diffs, patch bodies, raw prompts, secrets, or natural-language intent /
|
|
25
|
+
* task / session prose. {@link assertEnterpriseDogfoodSourceFree} is the
|
|
26
|
+
* backstop and mirrors the CI leak gate (scripts/source-free-leak-scan.mjs).
|
|
27
|
+
* - Honest enforcement. The Enforcement dimension reports the real
|
|
28
|
+
* `integrations doctor` posture — a cooperative adapter (e.g. Cursor) is
|
|
29
|
+
* advisory, never claimed to be the Claude hook's hard pre-write deny.
|
|
30
|
+
* - Honest scope. Scores are operator judgments, each REQUIRING a source-free
|
|
31
|
+
* evidence pointer (artifact path + count / hash / duration). A score without
|
|
32
|
+
* evidence is rejected at build time.
|
|
33
|
+
*/
|
|
34
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
35
|
+
exports.DOGFOOD_DIMENSION_LABELS = exports.DOGFOOD_SCORE_DIMENSIONS = exports.ENTERPRISE_DOGFOOD_REPORT_SCHEMA_VERSION = void 0;
|
|
36
|
+
exports.assertEnterpriseDogfoodSourceFree = assertEnterpriseDogfoodSourceFree;
|
|
37
|
+
exports.rollupDogfoodVerdict = rollupDogfoodVerdict;
|
|
38
|
+
exports.buildEnterpriseDogfoodReport = buildEnterpriseDogfoodReport;
|
|
39
|
+
exports.renderEnterpriseDogfoodReportMarkdown = renderEnterpriseDogfoodReportMarkdown;
|
|
40
|
+
const enterprise_eval_report_1 = require("./enterprise-eval-report");
|
|
41
|
+
const pilot_evidence_pack_1 = require("./pilot-evidence-pack");
|
|
42
|
+
exports.ENTERPRISE_DOGFOOD_REPORT_SCHEMA_VERSION = 'neurcode.enterprise-dogfood-report.v1';
|
|
43
|
+
// ── Scoring rubric (P0-locked: pass | partial | fail per dimension) ───────────
|
|
44
|
+
/** The seven roadmap score dimensions, in canonical report order. */
|
|
45
|
+
exports.DOGFOOD_SCORE_DIMENSIONS = [
|
|
46
|
+
'intelligence',
|
|
47
|
+
'enforcement',
|
|
48
|
+
'usability',
|
|
49
|
+
'scalability',
|
|
50
|
+
'evidence',
|
|
51
|
+
'privacy',
|
|
52
|
+
'enterpriseReadiness',
|
|
53
|
+
];
|
|
54
|
+
exports.DOGFOOD_DIMENSION_LABELS = {
|
|
55
|
+
intelligence: 'Intelligence',
|
|
56
|
+
enforcement: 'Enforcement',
|
|
57
|
+
usability: 'Usability',
|
|
58
|
+
scalability: 'Scalability',
|
|
59
|
+
evidence: 'Evidence',
|
|
60
|
+
privacy: 'Privacy',
|
|
61
|
+
enterpriseReadiness: 'Enterprise readiness',
|
|
62
|
+
};
|
|
63
|
+
const DOGFOOD_REPORT_EXCLUDES = [
|
|
64
|
+
'source code',
|
|
65
|
+
'diff hunks',
|
|
66
|
+
'patch bodies',
|
|
67
|
+
'raw prompts',
|
|
68
|
+
'raw chat',
|
|
69
|
+
'natural-language intent / task text',
|
|
70
|
+
'session prose',
|
|
71
|
+
'secrets',
|
|
72
|
+
'private file contents',
|
|
73
|
+
];
|
|
74
|
+
const DEFAULT_WHAT_THIS_PROVES = [
|
|
75
|
+
'The Neurcode brain indexed a real, pinned third-party repository and produced a source-free scale / coverage projection.',
|
|
76
|
+
'A governed cross-file session ran against real code: boundary blocks, exact-path approvals, and neighbor containment were observed (counts only).',
|
|
77
|
+
'Source-free evidence (pilot evidence pack, AI Change Records, runtime risk classification) was exported with stable content hashes.',
|
|
78
|
+
];
|
|
79
|
+
const DEFAULT_WHAT_THIS_DOES_NOT_PROVE = [
|
|
80
|
+
'It does not prove the third-party source is correct, secure, or free of vulnerabilities.',
|
|
81
|
+
'It does not prove the agent "semantically understands" the repository — brain reuse / architecture signals are advisory and can be false positives.',
|
|
82
|
+
'Enforcement strength depends on the agent: a cooperative adapter (e.g. Cursor) is advisory and can be bypassed — it is NOT the Claude hook\'s hard pre-write deny.',
|
|
83
|
+
'Scores are operator judgments backed by source-free evidence pointers, not an automated benchmark.',
|
|
84
|
+
];
|
|
85
|
+
const DEFAULT_LIMITATIONS = [
|
|
86
|
+
'Single operator run on one pinned commit — not a statistical sample.',
|
|
87
|
+
'Large repositories (e.g. microsoft/TypeScript, apache/airflow) run in the operator / pre-release tier, never in hermetic CI.',
|
|
88
|
+
];
|
|
89
|
+
/**
|
|
90
|
+
* Source-like / prose key names that must never appear in a shareable dogfood
|
|
91
|
+
* artifact. Mirrors `SOURCE_LIKE_KEYS` in scripts/source-free-leak-scan.mjs and
|
|
92
|
+
* `FORBIDDEN_PROSE_KEYS` in utils/pilot-evidence-pack.ts so the builder rejects
|
|
93
|
+
* exactly what the CI leak gate (`scanJsonPayload`) would flag.
|
|
94
|
+
*/
|
|
95
|
+
const FORBIDDEN_KEYS = new Set([
|
|
96
|
+
'content',
|
|
97
|
+
'fileContent',
|
|
98
|
+
'file_content',
|
|
99
|
+
'sourceText',
|
|
100
|
+
'source_text',
|
|
101
|
+
'sourceCode',
|
|
102
|
+
'source_code',
|
|
103
|
+
'diff',
|
|
104
|
+
'diffText',
|
|
105
|
+
'diff_text',
|
|
106
|
+
'patch',
|
|
107
|
+
'before',
|
|
108
|
+
'after',
|
|
109
|
+
'raw_prompt',
|
|
110
|
+
'body',
|
|
111
|
+
'hunk',
|
|
112
|
+
'unifiedDiff',
|
|
113
|
+
'unified_diff',
|
|
114
|
+
'command_body',
|
|
115
|
+
...pilot_evidence_pack_1.FORBIDDEN_PROSE_KEYS,
|
|
116
|
+
]);
|
|
117
|
+
function findForbiddenKeys(value, path = 'root', out = []) {
|
|
118
|
+
if (Array.isArray(value)) {
|
|
119
|
+
value.forEach((item, index) => findForbiddenKeys(item, `${path}[${index}]`, out));
|
|
120
|
+
return out;
|
|
121
|
+
}
|
|
122
|
+
if (value && typeof value === 'object') {
|
|
123
|
+
for (const [key, child] of Object.entries(value)) {
|
|
124
|
+
if (FORBIDDEN_KEYS.has(key))
|
|
125
|
+
out.push(`${path}.${key}`);
|
|
126
|
+
findForbiddenKeys(child, `${path}.${key}`, out);
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
return out;
|
|
130
|
+
}
|
|
131
|
+
/** Throw if a would-be dogfood artifact carries source/diff/secret/prose shapes. */
|
|
132
|
+
function assertEnterpriseDogfoodSourceFree(value, label = 'enterprise-dogfood artifact') {
|
|
133
|
+
// 1. Shared diff / secret / key string patterns (eval + pilot backstop).
|
|
134
|
+
(0, enterprise_eval_report_1.assertEnterpriseEvalSourceFree)(value, label);
|
|
135
|
+
// 2. Source-like / prose key names anywhere in the structure (matches the gate).
|
|
136
|
+
const offending = findForbiddenKeys(value);
|
|
137
|
+
if (offending.length > 0) {
|
|
138
|
+
throw new Error(`${label} contains forbidden source/prose keys: ${offending.join(', ')}`);
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
function rollupDogfoodVerdict(scores) {
|
|
142
|
+
if (scores.some((s) => s.verdict === 'fail'))
|
|
143
|
+
return 'fail';
|
|
144
|
+
if (scores.some((s) => s.verdict === 'partial'))
|
|
145
|
+
return 'partial';
|
|
146
|
+
return 'pass';
|
|
147
|
+
}
|
|
148
|
+
function validateScores(scores) {
|
|
149
|
+
const byDimension = new Map();
|
|
150
|
+
for (const score of scores) {
|
|
151
|
+
if (!exports.DOGFOOD_SCORE_DIMENSIONS.includes(score.dimension)) {
|
|
152
|
+
throw new Error(`unknown dogfood score dimension: ${String(score.dimension)}`);
|
|
153
|
+
}
|
|
154
|
+
if (byDimension.has(score.dimension)) {
|
|
155
|
+
throw new Error(`duplicate dogfood score dimension: ${score.dimension}`);
|
|
156
|
+
}
|
|
157
|
+
if (score.verdict !== 'pass' && score.verdict !== 'partial' && score.verdict !== 'fail') {
|
|
158
|
+
throw new Error(`dimension ${score.dimension} has an invalid verdict: ${String(score.verdict)}`);
|
|
159
|
+
}
|
|
160
|
+
if (typeof score.evidence !== 'string' || score.evidence.trim().length === 0) {
|
|
161
|
+
throw new Error(`dimension ${score.dimension} is missing a source-free evidence pointer`);
|
|
162
|
+
}
|
|
163
|
+
byDimension.set(score.dimension, score);
|
|
164
|
+
}
|
|
165
|
+
const missing = exports.DOGFOOD_SCORE_DIMENSIONS.filter((d) => !byDimension.has(d));
|
|
166
|
+
if (missing.length > 0) {
|
|
167
|
+
throw new Error(`dogfood report is missing score dimension(s): ${missing.join(', ')}`);
|
|
168
|
+
}
|
|
169
|
+
// Canonical order so the report and markdown are deterministic.
|
|
170
|
+
return exports.DOGFOOD_SCORE_DIMENSIONS.map((d) => byDimension.get(d));
|
|
171
|
+
}
|
|
172
|
+
function buildEnterpriseDogfoodReport(input) {
|
|
173
|
+
const scores = validateScores(input.scores);
|
|
174
|
+
const scoreSummary = {
|
|
175
|
+
pass: scores.filter((s) => s.verdict === 'pass').length,
|
|
176
|
+
partial: scores.filter((s) => s.verdict === 'partial').length,
|
|
177
|
+
fail: scores.filter((s) => s.verdict === 'fail').length,
|
|
178
|
+
overall: rollupDogfoodVerdict(scores),
|
|
179
|
+
};
|
|
180
|
+
return {
|
|
181
|
+
schemaVersion: exports.ENTERPRISE_DOGFOOD_REPORT_SCHEMA_VERSION,
|
|
182
|
+
generatedAt: input.generatedAt,
|
|
183
|
+
cliVersion: input.cliVersion ?? null,
|
|
184
|
+
operator: input.operator ?? null,
|
|
185
|
+
repo: input.repo,
|
|
186
|
+
brain: input.brain,
|
|
187
|
+
enforcement: input.enforcement,
|
|
188
|
+
session: input.session,
|
|
189
|
+
artifacts: input.artifacts,
|
|
190
|
+
commandsRun: input.commandsRun,
|
|
191
|
+
durations: input.durations,
|
|
192
|
+
scores,
|
|
193
|
+
scoreSummary,
|
|
194
|
+
whatThisProves: input.whatThisProves?.length ? input.whatThisProves : DEFAULT_WHAT_THIS_PROVES,
|
|
195
|
+
whatThisDoesNotProve: input.whatThisDoesNotProve?.length
|
|
196
|
+
? input.whatThisDoesNotProve
|
|
197
|
+
: DEFAULT_WHAT_THIS_DOES_NOT_PROVE,
|
|
198
|
+
limitations: input.limitations?.length ? input.limitations : DEFAULT_LIMITATIONS,
|
|
199
|
+
privacy: { sourceFree: true, excludes: DOGFOOD_REPORT_EXCLUDES },
|
|
200
|
+
};
|
|
201
|
+
}
|
|
202
|
+
// ── Markdown renderer (source-free) ───────────────────────────────────────────
|
|
203
|
+
const VERDICT_GLYPH = {
|
|
204
|
+
pass: '✓',
|
|
205
|
+
partial: '~',
|
|
206
|
+
fail: '✗',
|
|
207
|
+
};
|
|
208
|
+
function formatBytes(bytes) {
|
|
209
|
+
if (bytes == null)
|
|
210
|
+
return 'n/a';
|
|
211
|
+
if (bytes < 1024)
|
|
212
|
+
return `${bytes} B`;
|
|
213
|
+
const units = ['KB', 'MB', 'GB', 'TB'];
|
|
214
|
+
let value = bytes / 1024;
|
|
215
|
+
let unit = 0;
|
|
216
|
+
while (value >= 1024 && unit < units.length - 1) {
|
|
217
|
+
value /= 1024;
|
|
218
|
+
unit += 1;
|
|
219
|
+
}
|
|
220
|
+
return `${value.toFixed(1)} ${units[unit]}`;
|
|
221
|
+
}
|
|
222
|
+
function formatMs(ms) {
|
|
223
|
+
if (ms == null)
|
|
224
|
+
return 'n/a';
|
|
225
|
+
if (ms < 1000)
|
|
226
|
+
return `${ms} ms`;
|
|
227
|
+
return `${(ms / 1000).toFixed(1)} s`;
|
|
228
|
+
}
|
|
229
|
+
function renderEnterpriseDogfoodReportMarkdown(report) {
|
|
230
|
+
const lines = [];
|
|
231
|
+
lines.push('# Enterprise Repo Dogfood — Report');
|
|
232
|
+
lines.push('');
|
|
233
|
+
lines.push(`Generated: ${report.generatedAt}`);
|
|
234
|
+
lines.push(`CLI: ${report.cliVersion ?? 'n/a'}${report.operator ? ` · Operator: ${report.operator}` : ''}`);
|
|
235
|
+
lines.push(`Repo: ${report.repo.name} @ ${report.repo.pinnedCommit}${report.repo.ref ? ` (${report.repo.ref})` : ''} · Language: ${report.repo.language} · CI tier: ${report.repo.ciTier}`);
|
|
236
|
+
lines.push(`Scale: ${report.repo.filesTracked ?? 'n/a'} tracked file(s), ${formatBytes(report.repo.diskBytes)} on disk`);
|
|
237
|
+
lines.push(`Score: ${report.scoreSummary.pass} pass · ${report.scoreSummary.partial} partial · ${report.scoreSummary.fail} fail — overall ${report.scoreSummary.overall}`);
|
|
238
|
+
lines.push('');
|
|
239
|
+
lines.push('## Scores (pass / partial / fail with source-free evidence)');
|
|
240
|
+
lines.push('');
|
|
241
|
+
lines.push('| | Dimension | Verdict | Evidence (paths / counts / hashes / durations) |');
|
|
242
|
+
lines.push('|---|---|---|---|');
|
|
243
|
+
for (const score of report.scores) {
|
|
244
|
+
lines.push(`| ${VERDICT_GLYPH[score.verdict]} | ${exports.DOGFOOD_DIMENSION_LABELS[score.dimension]} | ${score.verdict} | ${score.evidence} |`);
|
|
245
|
+
}
|
|
246
|
+
lines.push('');
|
|
247
|
+
lines.push('## Brain index');
|
|
248
|
+
lines.push('');
|
|
249
|
+
if (!report.brain.indexed) {
|
|
250
|
+
lines.push('- Not indexed in this run.');
|
|
251
|
+
}
|
|
252
|
+
else {
|
|
253
|
+
lines.push(`- Files indexed: ${report.brain.filesIndexed ?? 'n/a'} (scanned ${report.brain.filesScanned ?? 'n/a'})`);
|
|
254
|
+
lines.push(`- Index duration: ${formatMs(report.brain.indexDurationMs)} · readiness ${formatMs(report.brain.readinessDurationMs)}`);
|
|
255
|
+
lines.push(`- Scale status: ${report.brain.scaleStatus ?? 'n/a'}`);
|
|
256
|
+
lines.push(`- Storage: ${report.brain.storageBackend ?? 'n/a'}${report.brain.storageFallback ? ' (fallback engaged)' : ''}`);
|
|
257
|
+
if (report.brain.languageMatrix.length > 0) {
|
|
258
|
+
lines.push(`- Language matrix: ${report.brain.languageMatrix
|
|
259
|
+
.map((m) => `${m.language} ${m.files} file(s) [${m.coverageTier}]`)
|
|
260
|
+
.join('; ')}`);
|
|
261
|
+
}
|
|
262
|
+
}
|
|
263
|
+
lines.push('');
|
|
264
|
+
lines.push('## Enforcement posture (from `integrations doctor`)');
|
|
265
|
+
lines.push('');
|
|
266
|
+
lines.push(`- Agent / adapter: ${report.enforcement.agent}${report.enforcement.adapter ? ` / ${report.enforcement.adapter}` : ''}`);
|
|
267
|
+
lines.push(`- Guarantee: ${report.enforcement.guaranteeLabel}`);
|
|
268
|
+
lines.push(`- Enforceable hard deny: ${report.enforcement.enforceable ? 'yes' : 'no'} · Advisory-only (bypassable): ${report.enforcement.advisoryOnly ? 'yes' : 'no'}`);
|
|
269
|
+
lines.push(`- Method: ${report.enforcement.method}`);
|
|
270
|
+
lines.push(`- integrations doctor status: ${report.enforcement.integrationsDoctorStatus ?? 'n/a'}`);
|
|
271
|
+
lines.push('');
|
|
272
|
+
lines.push('## Governed cross-file session');
|
|
273
|
+
lines.push('');
|
|
274
|
+
lines.push(`- Task: ${report.session.task.id} — ${report.session.task.title}`);
|
|
275
|
+
lines.push(`- Cross-file: ${report.session.task.crossFile ? 'yes' : 'no'} · Expected files: ${report.session.task.expectedFiles ?? 'n/a'} · Governed: ${report.session.governed ? 'yes' : 'no'}`);
|
|
276
|
+
lines.push(`- Blocks observed: ${report.session.blocksObserved} · Exact approvals: ${report.session.exactApprovals} · Neighbor contained: ${report.session.neighborContained == null ? 'n/a' : report.session.neighborContained ? 'yes' : 'no'}`);
|
|
277
|
+
lines.push(`- Finish verdict: ${report.session.finishVerdict ?? 'n/a'}`);
|
|
278
|
+
lines.push(`- Where it helped: ${report.session.helps.map((h) => `${h.label} (${h.count})`).join('; ') || 'none recorded'}`);
|
|
279
|
+
lines.push(`- Incorrect blocks (false positives): ${report.session.falseBlocks
|
|
280
|
+
.map((b) => `${b.label} (${b.count}) [${b.pathGlobs.join(', ') || 'no globs'}]`)
|
|
281
|
+
.join('; ') || 'none recorded'}`);
|
|
282
|
+
lines.push(`- Developer friction: ${report.session.friction.map((f) => `${f.label} [${f.severity}] (${f.count})`).join('; ') || 'none recorded'}`);
|
|
283
|
+
lines.push('');
|
|
284
|
+
lines.push('## Evidence artifacts (source-free pointers)');
|
|
285
|
+
lines.push('');
|
|
286
|
+
lines.push(`- Pilot evidence pack: ${report.artifacts.pilotEvidencePack.relativePath ?? 'none'} (hash ${report.artifacts.pilotEvidencePack.contentHash ?? 'n/a'}, ${report.artifacts.pilotEvidencePack.sessionCount ?? 'n/a'} session(s))`);
|
|
287
|
+
lines.push(`- Brain readiness: ${report.artifacts.brainReadiness.relativePath ?? 'none'} (hash ${report.artifacts.brainReadiness.contentHash ?? 'n/a'})`);
|
|
288
|
+
lines.push(`- Runtime risk doctor: ${report.artifacts.runtimeRiskDoctor.relativePath ?? 'none'} (verdict ${report.artifacts.runtimeRiskDoctor.verdict ?? 'n/a'}, ${report.artifacts.runtimeRiskDoctor.classifiedPaths ?? 'n/a'} classified path(s))`);
|
|
289
|
+
lines.push(`- AI Change Records: ${report.artifacts.aiChangeRecords ?? 'n/a'}`);
|
|
290
|
+
lines.push('');
|
|
291
|
+
lines.push('## Durations');
|
|
292
|
+
lines.push('');
|
|
293
|
+
lines.push(`- Total: ${formatMs(report.durations.totalMs)} · Clone: ${formatMs(report.durations.cloneMs)} · Index: ${formatMs(report.durations.indexMs)} · Session: ${formatMs(report.durations.sessionMs)}`);
|
|
294
|
+
lines.push('');
|
|
295
|
+
lines.push('## What this proves');
|
|
296
|
+
lines.push('');
|
|
297
|
+
for (const item of report.whatThisProves)
|
|
298
|
+
lines.push(`- ${item}`);
|
|
299
|
+
lines.push('');
|
|
300
|
+
lines.push('## What this does NOT prove');
|
|
301
|
+
lines.push('');
|
|
302
|
+
for (const item of report.whatThisDoesNotProve)
|
|
303
|
+
lines.push(`- ${item}`);
|
|
304
|
+
lines.push('');
|
|
305
|
+
lines.push('## Limitations');
|
|
306
|
+
lines.push('');
|
|
307
|
+
for (const item of report.limitations)
|
|
308
|
+
lines.push(`- ${item}`);
|
|
309
|
+
lines.push('');
|
|
310
|
+
lines.push('## Commands that were run');
|
|
311
|
+
lines.push('');
|
|
312
|
+
lines.push('```');
|
|
313
|
+
for (const cmd of report.commandsRun)
|
|
314
|
+
lines.push(cmd);
|
|
315
|
+
lines.push('```');
|
|
316
|
+
lines.push('');
|
|
317
|
+
lines.push(`_Source-free: slugs, public OSS identities, paths, owners, counts, hashes, verdicts, and durations only. Excludes: ${report.privacy.excludes.join(', ')}._`);
|
|
318
|
+
lines.push('');
|
|
319
|
+
return lines.join('\n');
|
|
320
|
+
}
|
|
321
|
+
//# sourceMappingURL=enterprise-dogfood-report.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"enterprise-dogfood-report.js","sourceRoot":"","sources":["../../src/utils/enterprise-dogfood-report.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;;;AAyRH,8EAWC;AAED,oDAIC;AA2BD,oEA8BC;AA6BD,sFA6IC;AA3gBD,qEAA0E;AAC1E,+DAA6D;AAEhD,QAAA,wCAAwC,GAAG,uCAAgD,CAAC;AAEzG,iFAAiF;AAEjF,qEAAqE;AACxD,QAAA,wBAAwB,GAAG;IACtC,cAAc;IACd,aAAa;IACb,WAAW;IACX,aAAa;IACb,UAAU;IACV,SAAS;IACT,qBAAqB;CACb,CAAC;AAME,QAAA,wBAAwB,GAA0C;IAC7E,YAAY,EAAE,cAAc;IAC5B,WAAW,EAAE,aAAa;IAC1B,SAAS,EAAE,WAAW;IACtB,WAAW,EAAE,aAAa;IAC1B,QAAQ,EAAE,UAAU;IACpB,OAAO,EAAE,SAAS;IAClB,mBAAmB,EAAE,sBAAsB;CAC5C,CAAC;AA+KF,MAAM,uBAAuB,GAAG;IAC9B,aAAa;IACb,YAAY;IACZ,cAAc;IACd,aAAa;IACb,UAAU;IACV,qCAAqC;IACrC,eAAe;IACf,SAAS;IACT,uBAAuB;CACxB,CAAC;AAEF,MAAM,wBAAwB,GAAG;IAC/B,0HAA0H;IAC1H,mJAAmJ;IACnJ,qIAAqI;CACtI,CAAC;AAEF,MAAM,gCAAgC,GAAG;IACvC,0FAA0F;IAC1F,qJAAqJ;IACrJ,oKAAoK;IACpK,oGAAoG;CACrG,CAAC;AAEF,MAAM,mBAAmB,GAAG;IAC1B,sEAAsE;IACtE,8HAA8H;CAC/H,CAAC;AAEF;;;;;GAKG;AACH,MAAM,cAAc,GAAwB,IAAI,GAAG,CAAS;IAC1D,SAAS;IACT,aAAa;IACb,cAAc;IACd,YAAY;IACZ,aAAa;IACb,YAAY;IACZ,aAAa;IACb,MAAM;IACN,UAAU;IACV,WAAW;IACX,OAAO;IACP,QAAQ;IACR,OAAO;IACP,YAAY;IACZ,MAAM;IACN,MAAM;IACN,aAAa;IACb,cAAc;IACd,cAAc;IACd,GAAG,0CAAoB;CACxB,CAAC,CAAC;AAEH,SAAS,iBAAiB,CAAC,KAAc,EAAE,IAAI,GAAG,MAAM,EAAE,MAAgB,EAAE;IAC1E,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,EAAE,GAAG,IAAI,IAAI,KAAK,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QAClF,OAAO,GAAG,CAAC;IACb,CAAC;IACD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAgC,CAAC,EAAE,CAAC;YAC5E,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,GAAG,CAAC,IAAI,CAAC,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC;YACxD,iBAAiB,CAAC,KAAK,EAAE,GAAG,IAAI,IAAI,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,oFAAoF;AACpF,SAAgB,iCAAiC,CAC/C,KAAc,EACd,KAAK,GAAG,6BAA6B;IAErC,yEAAyE;IACzE,IAAA,uDAA8B,EAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC7C,iFAAiF;IACjF,MAAM,SAAS,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC3C,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,0CAA0C,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5F,CAAC;AACH,CAAC;AAED,SAAgB,oBAAoB,CAAC,MAAsB;IACzD,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IAC5D,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,SAAS,CAAC;QAAE,OAAO,SAAS,CAAC;IAClE,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,cAAc,CAAC,MAAsB;IAC5C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAuC,CAAC;IACnE,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,IAAI,CAAE,gCAA8C,CAAC,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/E,MAAM,IAAI,KAAK,CAAC,oCAAoC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACjF,CAAC;QACD,IAAI,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,sCAAsC,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;QAC3E,CAAC;QACD,IAAI,KAAK,CAAC,OAAO,KAAK,MAAM,IAAI,KAAK,CAAC,OAAO,KAAK,SAAS,IAAI,KAAK,CAAC,OAAO,KAAK,MAAM,EAAE,CAAC;YACxF,MAAM,IAAI,KAAK,CAAC,aAAa,KAAK,CAAC,SAAS,4BAA4B,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACnG,CAAC;QACD,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7E,MAAM,IAAI,KAAK,CAAC,aAAa,KAAK,CAAC,SAAS,4CAA4C,CAAC,CAAC;QAC5F,CAAC;QACD,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,OAAO,GAAG,gCAAwB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,iDAAiD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACzF,CAAC;IACD,gEAAgE;IAChE,OAAO,gCAAwB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAiB,CAAC,CAAC;AACjF,CAAC;AAED,SAAgB,4BAA4B,CAAC,KAAyB;IACpE,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5C,MAAM,YAAY,GAAG;QACnB,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,MAAM;QACvD,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,MAAM;QAC7D,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,MAAM;QACvD,OAAO,EAAE,oBAAoB,CAAC,MAAM,CAAC;KACtC,CAAC;IAEF,OAAO;QACL,aAAa,EAAE,gDAAwC;QACvD,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,UAAU,EAAE,KAAK,CAAC,UAAU,IAAI,IAAI;QACpC,QAAQ,EAAE,KAAK,CAAC,QAAQ,IAAI,IAAI;QAChC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,MAAM;QACN,YAAY;QACZ,cAAc,EAAE,KAAK,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,wBAAwB;QAC9F,oBAAoB,EAAE,KAAK,CAAC,oBAAoB,EAAE,MAAM;YACtD,CAAC,CAAC,KAAK,CAAC,oBAAoB;YAC5B,CAAC,CAAC,gCAAgC;QACpC,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,mBAAmB;QAChF,OAAO,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,uBAAuB,EAAE;KACjE,CAAC;AACJ,CAAC;AAED,iFAAiF;AAEjF,MAAM,aAAa,GAAwC;IACzD,IAAI,EAAE,GAAG;IACT,OAAO,EAAE,GAAG;IACZ,IAAI,EAAE,GAAG;CACV,CAAC;AAEF,SAAS,WAAW,CAAC,KAAoB;IACvC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,KAAK,CAAC;IAChC,IAAI,KAAK,GAAG,IAAI;QAAE,OAAO,GAAG,KAAK,IAAI,CAAC;IACtC,MAAM,KAAK,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IACvC,IAAI,KAAK,GAAG,KAAK,GAAG,IAAI,CAAC;IACzB,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,OAAO,KAAK,IAAI,IAAI,IAAI,IAAI,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChD,KAAK,IAAI,IAAI,CAAC;QACd,IAAI,IAAI,CAAC,CAAC;IACZ,CAAC;IACD,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,SAAS,QAAQ,CAAC,EAAiB;IACjC,IAAI,EAAE,IAAI,IAAI;QAAE,OAAO,KAAK,CAAC;IAC7B,IAAI,EAAE,GAAG,IAAI;QAAE,OAAO,GAAG,EAAE,KAAK,CAAC;IACjC,OAAO,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;AACvC,CAAC;AAED,SAAgB,qCAAqC,CAAC,MAA+B;IACnF,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,oCAAoC,CAAC,CAAC;IACjD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IAC/C,KAAK,CAAC,IAAI,CAAC,QAAQ,MAAM,CAAC,UAAU,IAAI,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,gBAAgB,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5G,KAAK,CAAC,IAAI,CACR,SAAS,MAAM,CAAC,IAAI,CAAC,IAAI,MAAM,MAAM,CAAC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,gBAAgB,MAAM,CAAC,IAAI,CAAC,QAAQ,eAAe,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAChL,CAAC;IACF,KAAK,CAAC,IAAI,CACR,UAAU,MAAM,CAAC,IAAI,CAAC,YAAY,IAAI,KAAK,qBAAqB,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAC7G,CAAC;IACF,KAAK,CAAC,IAAI,CACR,UAAU,MAAM,CAAC,YAAY,CAAC,IAAI,WAAW,MAAM,CAAC,YAAY,CAAC,OAAO,cAAc,MAAM,CAAC,YAAY,CAAC,IAAI,mBAAmB,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,CAC/J,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;IAC1E,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,4EAA4E,CAAC,CAAC;IACzF,KAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAChC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CACR,KAAK,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,gCAAwB,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,OAAO,MAAM,KAAK,CAAC,QAAQ,IAAI,CAC5H,CAAC;IACJ,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,oBAAoB,MAAM,CAAC,KAAK,CAAC,YAAY,IAAI,KAAK,aAAa,MAAM,CAAC,KAAK,CAAC,YAAY,IAAI,KAAK,GAAG,CAAC,CAAC;QACrH,KAAK,CAAC,IAAI,CAAC,qBAAqB,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,gBAAgB,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE,CAAC,CAAC;QACpI,KAAK,CAAC,IAAI,CAAC,mBAAmB,MAAM,CAAC,KAAK,CAAC,WAAW,IAAI,KAAK,EAAE,CAAC,CAAC;QACnE,KAAK,CAAC,IAAI,CACR,cAAc,MAAM,CAAC,KAAK,CAAC,cAAc,IAAI,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE,EAAE,CACjH,CAAC;QACF,IAAI,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3C,KAAK,CAAC,IAAI,CACR,sBAAsB,MAAM,CAAC,KAAK,CAAC,cAAc;iBAC9C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,YAAY,GAAG,CAAC;iBAClE,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAC;QACJ,CAAC;IACH,CAAC;IACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;IAClE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,WAAW,CAAC,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACpI,KAAK,CAAC,IAAI,CAAC,gBAAgB,MAAM,CAAC,WAAW,CAAC,cAAc,EAAE,CAAC,CAAC;IAChE,KAAK,CAAC,IAAI,CACR,4BAA4B,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,kCAAkC,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAC5J,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,aAAa,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;IACrD,KAAK,CAAC,IAAI,CAAC,iCAAiC,MAAM,CAAC,WAAW,CAAC,wBAAwB,IAAI,KAAK,EAAE,CAAC,CAAC;IACpG,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAC7C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/E,KAAK,CAAC,IAAI,CACR,iBAAiB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,sBAAsB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,IAAI,KAAK,gBAAgB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CACtL,CAAC;IACF,KAAK,CAAC,IAAI,CACR,sBAAsB,MAAM,CAAC,OAAO,CAAC,cAAc,uBAAuB,MAAM,CAAC,OAAO,CAAC,cAAc,0BACrG,MAAM,CAAC,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAChG,EAAE,CACH,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,qBAAqB,MAAM,CAAC,OAAO,CAAC,aAAa,IAAI,KAAK,EAAE,CAAC,CAAC;IACzE,KAAK,CAAC,IAAI,CACR,sBAAsB,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,eAAe,EAAE,CACjH,CAAC;IACF,KAAK,CAAC,IAAI,CACR,yCACE,MAAM,CAAC,OAAO,CAAC,WAAW;SACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,UAAU,GAAG,CAAC;SAC/E,IAAI,CAAC,IAAI,CAAC,IAAI,eACnB,EAAE,CACH,CAAC;IACF,KAAK,CAAC,IAAI,CACR,yBACE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,QAAQ,MAAM,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,eAC9F,EAAE,CACH,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;IAC3D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,0BAA0B,MAAM,CAAC,SAAS,CAAC,iBAAiB,CAAC,YAAY,IAAI,MAAM,UACjF,MAAM,CAAC,SAAS,CAAC,iBAAiB,CAAC,WAAW,IAAI,KACpD,KAAK,MAAM,CAAC,SAAS,CAAC,iBAAiB,CAAC,YAAY,IAAI,KAAK,cAAc,CAC5E,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,sBAAsB,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,YAAY,IAAI,MAAM,UAAU,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,WAAW,IAAI,KAAK,GAAG,CAAC,CAAC;IAC1J,KAAK,CAAC,IAAI,CACR,0BAA0B,MAAM,CAAC,SAAS,CAAC,iBAAiB,CAAC,YAAY,IAAI,MAAM,aACjF,MAAM,CAAC,SAAS,CAAC,iBAAiB,CAAC,OAAO,IAAI,KAChD,KAAK,MAAM,CAAC,SAAS,CAAC,iBAAiB,CAAC,eAAe,IAAI,KAAK,sBAAsB,CACvF,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,wBAAwB,MAAM,CAAC,SAAS,CAAC,eAAe,IAAI,KAAK,EAAE,CAAC,CAAC;IAChF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC3B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CACR,YAAY,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,aAAa,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,aAAa,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAClM,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAClC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,cAAc;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IAClE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,6BAA6B,CAAC,CAAC;IAC1C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,oBAAoB;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IACxE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAC7B,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,WAAW;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IAC/D,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IACxC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,WAAW;QAAE,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACtD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEf,KAAK,CAAC,IAAI,CACR,sHAAsH,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAChJ,IAAI,CACL,IAAI,CACN,CAAC;IACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -1,8 +1,23 @@
|
|
|
1
1
|
import { type GovernanceSession, type IntentRedactionReasonCode, type IntentSummaryV1 } from '@neurcode-ai/governance-runtime';
|
|
2
|
+
import { type RepoIntelligenceEvidence } from '@neurcode-ai/contracts';
|
|
2
3
|
export declare const RUNTIME_CLOUD_SESSION_SCHEMA_VERSION: "neurcode.runtime-cloud-session.v1";
|
|
3
4
|
export declare const RUNTIME_LIVE_SESSION_SCHEMA_VERSION: "neurcode.runtime-live-session.v3";
|
|
4
5
|
type UnknownRecord = Record<string, unknown>;
|
|
5
6
|
export declare function buildRuntimeIntentSummary(session: GovernanceSession, classification?: 'cloud_safe' | 'shareable'): IntentSummaryV1;
|
|
7
|
+
/**
|
|
8
|
+
* Project a local `RepoIntelligenceEvidence` object into a source-free, depth-bounded form
|
|
9
|
+
* safe to attach at the SESSION level of a cloud runtime payload. Returns null when the input
|
|
10
|
+
* is not valid evidence or the bounded projection would still fail the cloud privacy gate —
|
|
11
|
+
* in that case the session uploads WITHOUT repo-intelligence rather than failing the whole
|
|
12
|
+
* upload (fail-safe: omit, never leak, never block other evidence).
|
|
13
|
+
*
|
|
14
|
+
* Source-freeness is structural (the producer already emits no source). This projection
|
|
15
|
+
* additionally drops the deep `matchedFacts`/`related` arrays (depth 9+ even at session
|
|
16
|
+
* level, and they carry path/symbol labels) and bounds every array/string. `graph.summary`
|
|
17
|
+
* (languages, package/service names, counts) IS retained — it is depth-safe at session level
|
|
18
|
+
* and powers the dashboard's language-coverage and graph-posture panels.
|
|
19
|
+
*/
|
|
20
|
+
export declare function projectRepoIntelligenceForCloud(value: unknown): RepoIntelligenceEvidence | null;
|
|
6
21
|
export declare function buildCloudSafeRuntimeSession(session: GovernanceSession): UnknownRecord;
|
|
7
22
|
export declare function projectRuntimePayloadForCloud(payload: UnknownRecord): UnknownRecord;
|
|
8
23
|
export declare function runtimePrivacySchemaVersions(): string[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime-privacy.d.ts","sourceRoot":"","sources":["../../src/utils/runtime-privacy.ts"],"names":[],"mappings":"AAAA,OAAO,
|
|
1
|
+
{"version":3,"file":"runtime-privacy.d.ts","sourceRoot":"","sources":["../../src/utils/runtime-privacy.ts"],"names":[],"mappings":"AAAA,OAAO,EAQL,KAAK,iBAAiB,EAEtB,KAAK,yBAAyB,EAC9B,KAAK,eAAe,EAErB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAGL,KAAK,wBAAwB,EAC9B,MAAM,wBAAwB,CAAC;AAEhC,eAAO,MAAM,oCAAoC,EAAG,mCAA4C,CAAC;AACjG,eAAO,MAAM,mCAAmC,EAAG,kCAA2C,CAAC;AAE/F,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AA+F7C,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,iBAAiB,EAC1B,cAAc,GAAE,YAAY,GAAG,WAA0B,GACxD,eAAe,CAqBjB;AA2CD;;;;;;;;;;;;GAYG;AACH,wBAAgB,+BAA+B,CAAC,KAAK,EAAE,OAAO,GAAG,wBAAwB,GAAG,IAAI,CA6G/F;AA0HD,wBAAgB,4BAA4B,CAAC,OAAO,EAAE,iBAAiB,GAAG,aAAa,CA+DtF;AA8BD,wBAAgB,6BAA6B,CAAC,OAAO,EAAE,aAAa,GAAG,aAAa,CAwBnF;AAED,wBAAgB,4BAA4B,IAAI,MAAM,EAAE,CAOvD;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,GAAG,yBAAyB,EAAE,CA2BvF"}
|
|
@@ -2,11 +2,13 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.RUNTIME_LIVE_SESSION_SCHEMA_VERSION = exports.RUNTIME_CLOUD_SESSION_SCHEMA_VERSION = void 0;
|
|
4
4
|
exports.buildRuntimeIntentSummary = buildRuntimeIntentSummary;
|
|
5
|
+
exports.projectRepoIntelligenceForCloud = projectRepoIntelligenceForCloud;
|
|
5
6
|
exports.buildCloudSafeRuntimeSession = buildCloudSafeRuntimeSession;
|
|
6
7
|
exports.projectRuntimePayloadForCloud = projectRuntimePayloadForCloud;
|
|
7
8
|
exports.runtimePrivacySchemaVersions = runtimePrivacySchemaVersions;
|
|
8
9
|
exports.privacyReasonCodesFromError = privacyReasonCodesFromError;
|
|
9
10
|
const governance_runtime_1 = require("@neurcode-ai/governance-runtime");
|
|
11
|
+
const contracts_1 = require("@neurcode-ai/contracts");
|
|
10
12
|
exports.RUNTIME_CLOUD_SESSION_SCHEMA_VERSION = 'neurcode.runtime-cloud-session.v1';
|
|
11
13
|
exports.RUNTIME_LIVE_SESSION_SCHEMA_VERSION = 'neurcode.runtime-live-session.v3';
|
|
12
14
|
function asRecord(value) {
|
|
@@ -134,6 +136,162 @@ function eventReasonCodes(event) {
|
|
|
134
136
|
reasons.add(blockType);
|
|
135
137
|
return Array.from(reasons).sort((left, right) => left.localeCompare(right)).slice(0, 12);
|
|
136
138
|
}
|
|
139
|
+
// Bounds for one session-level cloud repo-intelligence projection. One evidence object per
|
|
140
|
+
// session (the latest) is node-cheap, so these caps exist for tidy payloads rather than to
|
|
141
|
+
// fit the aggregate node budget.
|
|
142
|
+
const MAX_CLOUD_FINDINGS = 25;
|
|
143
|
+
const MAX_CLOUD_ADVISORY = 25;
|
|
144
|
+
const MAX_CLOUD_RULE_IDS = 64;
|
|
145
|
+
const MAX_CLOUD_SUMMARY_ITEMS = 100;
|
|
146
|
+
const MAX_EVIDENCE_TEXT = 280;
|
|
147
|
+
function boundedStringList(value, maxItems, maxLength = 160) {
|
|
148
|
+
if (!Array.isArray(value))
|
|
149
|
+
return [];
|
|
150
|
+
const out = [];
|
|
151
|
+
for (const item of value) {
|
|
152
|
+
const cleaned = stringValue(item, maxLength);
|
|
153
|
+
if (cleaned)
|
|
154
|
+
out.push(cleaned);
|
|
155
|
+
if (out.length >= maxItems)
|
|
156
|
+
break;
|
|
157
|
+
}
|
|
158
|
+
return out;
|
|
159
|
+
}
|
|
160
|
+
const ABSOLUTE_PATH_VALUE = /(?:^|[^A-Za-z0-9_-])(?:\/(?:Users|home|private|tmp|var|etc|root|Volumes|opt|usr|workspace|app)\/[^\s"'`)]+|[A-Za-z]:[\\/][^\s"'`)]+|\\\\[A-Za-z0-9._-]+[\\/][^\s"'`)]+)/;
|
|
161
|
+
function hasAbsolutePathValue(value) {
|
|
162
|
+
if (typeof value === 'string')
|
|
163
|
+
return ABSOLUTE_PATH_VALUE.test(value.normalize('NFKC'));
|
|
164
|
+
if (Array.isArray(value))
|
|
165
|
+
return value.some((item) => hasAbsolutePathValue(item));
|
|
166
|
+
if (!value || typeof value !== 'object')
|
|
167
|
+
return false;
|
|
168
|
+
return Object.values(value).some((child) => hasAbsolutePathValue(child));
|
|
169
|
+
}
|
|
170
|
+
/**
|
|
171
|
+
* Project a local `RepoIntelligenceEvidence` object into a source-free, depth-bounded form
|
|
172
|
+
* safe to attach at the SESSION level of a cloud runtime payload. Returns null when the input
|
|
173
|
+
* is not valid evidence or the bounded projection would still fail the cloud privacy gate —
|
|
174
|
+
* in that case the session uploads WITHOUT repo-intelligence rather than failing the whole
|
|
175
|
+
* upload (fail-safe: omit, never leak, never block other evidence).
|
|
176
|
+
*
|
|
177
|
+
* Source-freeness is structural (the producer already emits no source). This projection
|
|
178
|
+
* additionally drops the deep `matchedFacts`/`related` arrays (depth 9+ even at session
|
|
179
|
+
* level, and they carry path/symbol labels) and bounds every array/string. `graph.summary`
|
|
180
|
+
* (languages, package/service names, counts) IS retained — it is depth-safe at session level
|
|
181
|
+
* and powers the dashboard's language-coverage and graph-posture panels.
|
|
182
|
+
*/
|
|
183
|
+
function projectRepoIntelligenceForCloud(value) {
|
|
184
|
+
if (!(0, contracts_1.isRepoIntelligenceEvidence)(value))
|
|
185
|
+
return null;
|
|
186
|
+
const evidence = value;
|
|
187
|
+
const graph = evidence.graph;
|
|
188
|
+
const freshness = graph.freshness;
|
|
189
|
+
const projected = {
|
|
190
|
+
schemaVersion: evidence.schemaVersion,
|
|
191
|
+
evidenceId: stringValue(evidence.evidenceId, 200) ?? evidence.evidenceId,
|
|
192
|
+
generatedAt: evidence.generatedAt,
|
|
193
|
+
classification: evidence.classification,
|
|
194
|
+
verdict: evidence.verdict,
|
|
195
|
+
enforcement: {
|
|
196
|
+
adapterId: stringValue(evidence.enforcement.adapterId, 120) ?? evidence.enforcement.adapterId,
|
|
197
|
+
capability: evidence.enforcement.capability,
|
|
198
|
+
timing: evidence.enforcement.timing,
|
|
199
|
+
decisionBinding: evidence.enforcement.decisionBinding,
|
|
200
|
+
},
|
|
201
|
+
graph: {
|
|
202
|
+
graphId: graph.graphId,
|
|
203
|
+
schemaVersion: graph.schemaVersion,
|
|
204
|
+
...(graph.canonicalModel ? { canonicalModel: graph.canonicalModel } : {}),
|
|
205
|
+
storageSchemaVersion: graph.storageSchemaVersion ?? null,
|
|
206
|
+
freshness: {
|
|
207
|
+
state: freshness.state,
|
|
208
|
+
...(freshness.posture ? { posture: freshness.posture } : {}),
|
|
209
|
+
indexedAt: freshness.indexedAt,
|
|
210
|
+
gitHead: freshness.gitHead,
|
|
211
|
+
workingTreeHash: freshness.workingTreeHash,
|
|
212
|
+
staleFileCount: freshness.staleFileCount,
|
|
213
|
+
unsupportedFileCount: freshness.unsupportedFileCount,
|
|
214
|
+
reasonCodes: boundedStringList(freshness.reasonCodes, 32, 128),
|
|
215
|
+
},
|
|
216
|
+
lastSuccessfulIndexAt: graph.lastSuccessfulIndexAt ?? null,
|
|
217
|
+
lastAttemptedIndexAt: graph.lastAttemptedIndexAt ?? null,
|
|
218
|
+
unsupportedPercent: graph.unsupportedPercent,
|
|
219
|
+
coverage: graph.coverage ?? null,
|
|
220
|
+
...(graph.deterministicEvidenceEligible !== undefined
|
|
221
|
+
? { deterministicEvidenceEligible: graph.deterministicEvidenceEligible } : {}),
|
|
222
|
+
...(graph.deterministicEnforcementEligible !== undefined
|
|
223
|
+
? { deterministicEnforcementEligible: graph.deterministicEnforcementEligible } : {}),
|
|
224
|
+
enforcementIneligibilityReasons: boundedStringList(graph.enforcementIneligibilityReasons, 64, 128),
|
|
225
|
+
...(graph.recoveryCommand ? { recoveryCommand: graph.recoveryCommand } : {}),
|
|
226
|
+
...(graph.runtimeCompatibility ? { runtimeCompatibility: graph.runtimeCompatibility } : {}),
|
|
227
|
+
...(graph.summary ? {
|
|
228
|
+
summary: {
|
|
229
|
+
languages: graph.summary.languages.slice(0, 64).map((language) => ({
|
|
230
|
+
language: language.language,
|
|
231
|
+
depth: language.depth,
|
|
232
|
+
filesSeen: language.filesSeen,
|
|
233
|
+
filesAnalyzed: language.filesAnalyzed,
|
|
234
|
+
filesUnsupported: language.filesUnsupported,
|
|
235
|
+
})),
|
|
236
|
+
packages: boundedStringList(graph.summary.packages, MAX_CLOUD_SUMMARY_ITEMS, 200),
|
|
237
|
+
services: boundedStringList(graph.summary.services, MAX_CLOUD_SUMMARY_ITEMS, 200),
|
|
238
|
+
ownershipZoneCount: graph.summary.ownershipZoneCount,
|
|
239
|
+
sensitiveSurfaceCount: graph.summary.sensitiveSurfaceCount,
|
|
240
|
+
},
|
|
241
|
+
} : {}),
|
|
242
|
+
// DROP graph.coverageAuthority and graph.relationshipAuthority (unbounded nested depth,
|
|
243
|
+
// not read by the cloud API or dashboard).
|
|
244
|
+
},
|
|
245
|
+
policy: {
|
|
246
|
+
evaluatedRuleIds: boundedStringList(evidence.policy.evaluatedRuleIds, MAX_CLOUD_RULE_IDS, 200),
|
|
247
|
+
notEvaluatedRuleIds: boundedStringList(evidence.policy.notEvaluatedRuleIds, MAX_CLOUD_RULE_IDS, 200),
|
|
248
|
+
findings: evidence.policy.findings.slice(0, MAX_CLOUD_FINDINGS).map((finding) => ({
|
|
249
|
+
findingId: stringValue(finding.findingId, 160) ?? finding.findingId,
|
|
250
|
+
ruleId: stringValue(finding.ruleId, 200) ?? finding.ruleId,
|
|
251
|
+
family: finding.family,
|
|
252
|
+
verdict: finding.verdict,
|
|
253
|
+
truth: finding.truth,
|
|
254
|
+
// matchedFacts carry repo-relative path + symbol labels and nest to depth 9 even at
|
|
255
|
+
// session level. Drop the contents; the rule id + explanation/remediation remain.
|
|
256
|
+
matchedFacts: [],
|
|
257
|
+
explanation: stringValue(finding.explanation, MAX_EVIDENCE_TEXT) ?? '',
|
|
258
|
+
remediation: stringValue(finding.remediation, MAX_EVIDENCE_TEXT) ?? '',
|
|
259
|
+
})),
|
|
260
|
+
},
|
|
261
|
+
advisory: evidence.advisory.slice(0, MAX_CLOUD_ADVISORY).map((finding) => ({
|
|
262
|
+
schemaVersion: finding.schemaVersion,
|
|
263
|
+
findingId: stringValue(finding.findingId, 160) ?? finding.findingId,
|
|
264
|
+
providerId: stringValue(finding.providerId, 120) ?? finding.providerId,
|
|
265
|
+
category: finding.category,
|
|
266
|
+
truth: finding.truth,
|
|
267
|
+
confidence: finding.confidence,
|
|
268
|
+
rationaleCategories: boundedStringList(finding.rationaleCategories, 16, 80),
|
|
269
|
+
// related[] carries path/symbol labels + extra depth; drop for the cloud projection.
|
|
270
|
+
related: [],
|
|
271
|
+
limitations: boundedStringList(finding.limitations, 16, 160),
|
|
272
|
+
suppressed: finding.suppressed,
|
|
273
|
+
cacheKey: stringValue(finding.cacheKey, 120) ?? finding.cacheKey,
|
|
274
|
+
})),
|
|
275
|
+
signature: {
|
|
276
|
+
trust: evidence.signature.trust,
|
|
277
|
+
receiptId: evidence.signature.receiptId,
|
|
278
|
+
recordHash: evidence.signature.recordHash,
|
|
279
|
+
},
|
|
280
|
+
privacy: (0, contracts_1.sourceFreePrivacyContract)(),
|
|
281
|
+
};
|
|
282
|
+
// The projection must independently satisfy the shape contract and the cloud privacy gate
|
|
283
|
+
// at the DEEPEST real nesting (`body.sessions[i].repoIntelligence`, the bulk evidence
|
|
284
|
+
// upload). If either fails, omit it so a single oversized evaluation never fail-closes the
|
|
285
|
+
// whole session upload.
|
|
286
|
+
if (!(0, contracts_1.isRepoIntelligenceEvidence)(projected))
|
|
287
|
+
return null;
|
|
288
|
+
const gate = (0, governance_runtime_1.validatePrivacySafeCloudPayload)({ sessions: [{ repoIntelligence: projected }] });
|
|
289
|
+
if (!gate.ok)
|
|
290
|
+
return null;
|
|
291
|
+
if (hasAbsolutePathValue(projected))
|
|
292
|
+
return null;
|
|
293
|
+
return projected;
|
|
294
|
+
}
|
|
137
295
|
function cloudSafeEvent(event) {
|
|
138
296
|
const detail = asRecord(event.detail);
|
|
139
297
|
const approvalContext = asRecord(detail?.approvalContext);
|
|
@@ -169,6 +327,24 @@ function cloudSafeEvent(event) {
|
|
|
169
327
|
result.detail = compactDetail;
|
|
170
328
|
return result;
|
|
171
329
|
}
|
|
330
|
+
/**
|
|
331
|
+
* The most recent source-free repo-intelligence evidence produced during the session, as a
|
|
332
|
+
* bounded cloud projection. Attached at the SESSION level (not per-event) because the cloud
|
|
333
|
+
* privacy gate's depth budget (MAX_CLOUD_DEPTH) cannot accommodate a structured evidence
|
|
334
|
+
* object nested under `sessions[i].events[j].detail`. The cloud ingestion re-associates this
|
|
335
|
+
* with the latest governed check event so the per-event evidence query still resolves it.
|
|
336
|
+
*/
|
|
337
|
+
function latestCloudRepoIntelligence(session) {
|
|
338
|
+
for (let index = session.events.length - 1; index >= 0; index -= 1) {
|
|
339
|
+
const candidate = asRecord(asRecord(session.events[index].detail)?.repoIntelligence);
|
|
340
|
+
if (!candidate)
|
|
341
|
+
continue;
|
|
342
|
+
const projected = projectRepoIntelligenceForCloud(candidate);
|
|
343
|
+
if (projected)
|
|
344
|
+
return projected;
|
|
345
|
+
}
|
|
346
|
+
return null;
|
|
347
|
+
}
|
|
172
348
|
function architectureSummary(session) {
|
|
173
349
|
const obligations = session.contract.architectureObligations ?? [];
|
|
174
350
|
return {
|
|
@@ -231,6 +407,7 @@ function scopeAuthoritySummary(session) {
|
|
|
231
407
|
}
|
|
232
408
|
function buildCloudSafeRuntimeSession(session) {
|
|
233
409
|
const events = session.events.slice(-80).map(cloudSafeEvent);
|
|
410
|
+
const repoIntelligence = latestCloudRepoIntelligence(session);
|
|
234
411
|
const safe = {
|
|
235
412
|
schemaVersion: session.schemaVersion,
|
|
236
413
|
cloudSchemaVersion: exports.RUNTIME_CLOUD_SESSION_SCHEMA_VERSION,
|
|
@@ -258,6 +435,10 @@ function buildCloudSafeRuntimeSession(session) {
|
|
|
258
435
|
ruleIds: Array.from(new Set(session.contract.architectureObligations?.map((item) => item.id).filter(Boolean) ?? [])).sort().slice(0, 64),
|
|
259
436
|
},
|
|
260
437
|
events,
|
|
438
|
+
// Source-free latest repo-intelligence evidence for this session, if any. Session-level
|
|
439
|
+
// placement keeps it within the cloud privacy depth budget; the cloud ingestion attaches
|
|
440
|
+
// it to the latest governed check event so the per-event evidence query resolves it.
|
|
441
|
+
...(repoIntelligence ? { repoIntelligence } : {}),
|
|
261
442
|
livePayload: {
|
|
262
443
|
schemaVersion: exports.RUNTIME_LIVE_SESSION_SCHEMA_VERSION,
|
|
263
444
|
compacted: true,
|