@objectstack/spec 0.8.2 → 0.9.1

package/dist/hub/plugin-security.zod.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"plugin-security.zod.d.ts","sourceRoot":"","sources":["../../src/hub/plugin-security.zod.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;;;;;;;;;GAaG;AAMH;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;EAMhC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E;;GAEG;AACH,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAwEtC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEhF;;GAEG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBA6EnC,CAAC;AAEH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAE1E;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBA+F/B,CAAC;AAEH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAMlE;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;iBAoBlC,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAExE;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;iBAmCpC,CAAC;AAEH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE5E;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBA+BhC,CAAC;AAEH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE;;GAEG;AACH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;iBA4BnC,CAAC;AAEH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAE1E;;GAEG;AACH,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAiC3C,CAAC;AAEH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gCAAgC,CAAC,CAAC;AAM1F;;GAEG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;iBA4C1B,CAAC;AAEH,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAExD;;GAEG;AACH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAqCrB,CAAC;AAEH,MAAM,MAAM,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAE9C;;;GAGG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBA6EjC,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAMtE;;GAEG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;iBA8DjC,CAAC;AAEH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAMtE,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAczB,CAAC"}

package/dist/hub/plugin-security.zod.js

@@ -0,0 +1,637 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PluginSecurityProtocol = exports.PluginTrustScoreSchema = exports.PluginProvenanceSchema = exports.SBOMSchema = exports.SBOMEntrySchema = exports.DependencyResolutionResultSchema = exports.DependencyConflictSchema = exports.DependencyGraphSchema = exports.DependencyGraphNodeSchema = exports.PackageDependencySchema = exports.SecurityPolicySchema = exports.SecurityScanResultSchema = exports.SecurityVulnerabilitySchema = exports.VulnerabilitySeverity = void 0;
+const zod_1 = require("zod");
+/**
+ * # Plugin Security & Dependency Resolution Protocol
+ *
+ * Provides comprehensive security scanning, vulnerability management,
+ * and dependency resolution for the ObjectStack plugin ecosystem.
+ *
+ * Features:
+ * - CVE/vulnerability scanning
+ * - Dependency graph resolution
+ * - Semantic version conflict detection
+ * - Supply chain security
+ * - Plugin sandboxing policies
+ * - Trust and verification workflows
+ */
+// ============================================================================
+// Security Scanning
+// ============================================================================
+/**
+ * Vulnerability Severity
+ */
+exports.VulnerabilitySeverity = zod_1.z.enum([
+    'critical',
+    'high',
+    'medium',
+    'low',
+    'info',
+]);
+/**
+ * Security Vulnerability
+ */
+exports.SecurityVulnerabilitySchema = zod_1.z.object({
+    /**
+     * CVE identifier (if applicable)
+     */
+    cve: zod_1.z.string().regex(/^CVE-\d{4}-\d+$/).optional().describe('CVE identifier'),
+    /**
+     * Vulnerability identifier (GHSA, SNYK, etc.)
+     */
+    id: zod_1.z.string().describe('Vulnerability ID'),
+    /**
+     * Title
+     */
+    title: zod_1.z.string(),
+    /**
+     * Description
+     */
+    description: zod_1.z.string(),
+    /**
+     * Severity
+     */
+    severity: exports.VulnerabilitySeverity,
+    /**
+     * CVSS score (0-10)
+     */
+    cvss: zod_1.z.number().min(0).max(10).optional(),
+    /**
+     * Affected package
+     */
+    package: zod_1.z.object({
+        name: zod_1.z.string(),
+        version: zod_1.z.string(),
+        ecosystem: zod_1.z.string().optional(),
+    }),
+    /**
+     * Vulnerable version range
+     */
+    vulnerableVersions: zod_1.z.string().describe('Semver range of vulnerable versions'),
+    /**
+     * Patched versions
+     */
+    patchedVersions: zod_1.z.string().optional().describe('Semver range of patched versions'),
+    /**
+     * References
+     */
+    references: zod_1.z.array(zod_1.z.object({
+        type: zod_1.z.enum(['advisory', 'article', 'report', 'web']),
+        url: zod_1.z.string().url(),
+    })).default([]),
+    /**
+     * CWE (Common Weakness Enumeration)
+     */
+    cwe: zod_1.z.array(zod_1.z.string()).default([]),
+    /**
+     * Published date
+     */
+    publishedAt: zod_1.z.string().datetime().optional(),
+    /**
+     * Mitigation advice
+     */
+    mitigation: zod_1.z.string().optional(),
+});
+/**
+ * Security Scan Result
+ */
+exports.SecurityScanResultSchema = zod_1.z.object({
+    /**
+     * Scan identifier
+     */
+    scanId: zod_1.z.string().uuid(),
+    /**
+     * Plugin being scanned
+     */
+    plugin: zod_1.z.object({
+        id: zod_1.z.string(),
+        version: zod_1.z.string(),
+    }),
+    /**
+     * Scan timestamp
+     */
+    scannedAt: zod_1.z.string().datetime(),
+    /**
+     * Scanner information
+     */
+    scanner: zod_1.z.object({
+        name: zod_1.z.string().describe('Scanner name (e.g., snyk, osv, trivy)'),
+        version: zod_1.z.string(),
+    }),
+    /**
+     * Scan status
+     */
+    status: zod_1.z.enum(['passed', 'failed', 'warning']),
+    /**
+     * Vulnerabilities found
+     */
+    vulnerabilities: zod_1.z.array(exports.SecurityVulnerabilitySchema),
+    /**
+     * Vulnerability summary
+     */
+    summary: zod_1.z.object({
+        critical: zod_1.z.number().int().min(0).default(0),
+        high: zod_1.z.number().int().min(0).default(0),
+        medium: zod_1.z.number().int().min(0).default(0),
+        low: zod_1.z.number().int().min(0).default(0),
+        info: zod_1.z.number().int().min(0).default(0),
+        total: zod_1.z.number().int().min(0).default(0),
+    }),
+    /**
+     * License compliance issues
+     */
+    licenseIssues: zod_1.z.array(zod_1.z.object({
+        package: zod_1.z.string(),
+        license: zod_1.z.string(),
+        reason: zod_1.z.string(),
+        severity: zod_1.z.enum(['error', 'warning', 'info']),
+    })).default([]),
+    /**
+     * Code quality issues
+     */
+    codeQuality: zod_1.z.object({
+        score: zod_1.z.number().min(0).max(100).optional(),
+        issues: zod_1.z.array(zod_1.z.object({
+            type: zod_1.z.enum(['security', 'quality', 'style']),
+            severity: zod_1.z.enum(['error', 'warning', 'info']),
+            message: zod_1.z.string(),
+            file: zod_1.z.string().optional(),
+            line: zod_1.z.number().int().optional(),
+        })).default([]),
+    }).optional(),
+    /**
+     * Next scan scheduled
+     */
+    nextScanAt: zod_1.z.string().datetime().optional(),
+});
+/**
+ * Security Policy
+ */
+exports.SecurityPolicySchema = zod_1.z.object({
+    /**
+     * Policy identifier
+     */
+    id: zod_1.z.string(),
+    /**
+     * Policy name
+     */
+    name: zod_1.z.string(),
+    /**
+     * Automatic scanning
+     */
+    autoScan: zod_1.z.object({
+        enabled: zod_1.z.boolean().default(true),
+        frequency: zod_1.z.enum(['on-publish', 'daily', 'weekly', 'monthly']).default('daily'),
+    }),
+    /**
+     * Vulnerability thresholds
+     */
+    thresholds: zod_1.z.object({
+        /**
+         * Block plugin if critical vulnerabilities exceed this
+         */
+        maxCritical: zod_1.z.number().int().min(0).default(0),
+        /**
+         * Block plugin if high vulnerabilities exceed this
+         */
+        maxHigh: zod_1.z.number().int().min(0).default(0),
+        /**
+         * Warn if medium vulnerabilities exceed this
+         */
+        maxMedium: zod_1.z.number().int().min(0).default(5),
+    }),
+    /**
+     * Allowed licenses
+     */
+    allowedLicenses: zod_1.z.array(zod_1.z.string()).default([
+        'MIT',
+        'Apache-2.0',
+        'BSD-3-Clause',
+        'BSD-2-Clause',
+        'ISC',
+    ]),
+    /**
+     * Prohibited licenses
+     */
+    prohibitedLicenses: zod_1.z.array(zod_1.z.string()).default([
+        'GPL-3.0',
+        'AGPL-3.0',
+    ]),
+    /**
+     * Code signing requirements
+     */
+    codeSigning: zod_1.z.object({
+        required: zod_1.z.boolean().default(false),
+        allowedSigners: zod_1.z.array(zod_1.z.string()).default([]),
+    }).optional(),
+    /**
+     * Sandbox restrictions
+     */
+    sandbox: zod_1.z.object({
+        /**
+         * Restrict network access
+         */
+        networkAccess: zod_1.z.enum(['none', 'localhost', 'allowlist', 'all']).default('all'),
+        /**
+         * Allowed network destinations (if allowlist)
+         */
+        allowedDestinations: zod_1.z.array(zod_1.z.string()).default([]),
+        /**
+         * File system access
+         */
+        filesystemAccess: zod_1.z.enum(['none', 'read-only', 'temp-only', 'full']).default('full'),
+        /**
+         * Maximum memory (MB)
+         */
+        maxMemoryMB: zod_1.z.number().int().positive().optional(),
+        /**
+         * Maximum CPU time (seconds)
+         */
+        maxCPUSeconds: zod_1.z.number().int().positive().optional(),
+    }).optional(),
+});
+// ============================================================================
+// Dependency Resolution
+// ============================================================================
+/**
+ * Package Dependency
+ */
+exports.PackageDependencySchema = zod_1.z.object({
+    /**
+     * Package name/ID
+     */
+    name: zod_1.z.string(),
+    /**
+     * Version constraint (semver range)
+     */
+    versionConstraint: zod_1.z.string().describe('Semver range (e.g., ^1.0.0, >=2.0.0 <3.0.0)'),
+    /**
+     * Dependency type
+     */
+    type: zod_1.z.enum(['required', 'optional', 'peer', 'dev']).default('required'),
+    /**
+     * Resolved version (filled during resolution)
+     */
+    resolvedVersion: zod_1.z.string().optional(),
+});
+/**
+ * Dependency Graph Node
+ */
+exports.DependencyGraphNodeSchema = zod_1.z.object({
+    /**
+     * Package identifier
+     */
+    id: zod_1.z.string(),
+    /**
+     * Package version
+     */
+    version: zod_1.z.string(),
+    /**
+     * Dependencies of this package
+     */
+    dependencies: zod_1.z.array(exports.PackageDependencySchema).default([]),
+    /**
+     * Depth in dependency tree
+     */
+    depth: zod_1.z.number().int().min(0),
+    /**
+     * Whether this is a direct dependency
+     */
+    isDirect: zod_1.z.boolean(),
+    /**
+     * Package metadata
+     */
+    metadata: zod_1.z.object({
+        name: zod_1.z.string(),
+        description: zod_1.z.string().optional(),
+        license: zod_1.z.string().optional(),
+        homepage: zod_1.z.string().url().optional(),
+    }).optional(),
+});
+/**
+ * Dependency Graph
+ */
+exports.DependencyGraphSchema = zod_1.z.object({
+    /**
+     * Root package
+     */
+    root: zod_1.z.object({
+        id: zod_1.z.string(),
+        version: zod_1.z.string(),
+    }),
+    /**
+     * All nodes in the graph
+     */
+    nodes: zod_1.z.array(exports.DependencyGraphNodeSchema),
+    /**
+     * Edges (dependency relationships)
+     */
+    edges: zod_1.z.array(zod_1.z.object({
+        from: zod_1.z.string().describe('Package ID'),
+        to: zod_1.z.string().describe('Package ID'),
+        constraint: zod_1.z.string().describe('Version constraint'),
+    })),
+    /**
+     * Resolution statistics
+     */
+    stats: zod_1.z.object({
+        totalDependencies: zod_1.z.number().int().min(0),
+        directDependencies: zod_1.z.number().int().min(0),
+        maxDepth: zod_1.z.number().int().min(0),
+    }),
+});
+/**
+ * Dependency Conflict
+ */
+exports.DependencyConflictSchema = zod_1.z.object({
+    /**
+     * Package with conflict
+     */
+    package: zod_1.z.string(),
+    /**
+     * Conflicting versions
+     */
+    conflicts: zod_1.z.array(zod_1.z.object({
+        version: zod_1.z.string(),
+        requestedBy: zod_1.z.array(zod_1.z.string()).describe('Packages that require this version'),
+        constraint: zod_1.z.string(),
+    })),
+    /**
+     * Suggested resolution
+     */
+    resolution: zod_1.z.object({
+        strategy: zod_1.z.enum(['pick-highest', 'pick-lowest', 'manual']),
+        version: zod_1.z.string().optional(),
+        reason: zod_1.z.string().optional(),
+    }).optional(),
+    /**
+     * Severity
+     */
+    severity: zod_1.z.enum(['error', 'warning', 'info']),
+});
+/**
+ * Dependency Resolution Result
+ */
+exports.DependencyResolutionResultSchema = zod_1.z.object({
+    /**
+     * Resolution status
+     */
+    status: zod_1.z.enum(['success', 'conflict', 'error']),
+    /**
+     * Resolved dependency graph
+     */
+    graph: exports.DependencyGraphSchema.optional(),
+    /**
+     * Conflicts detected
+     */
+    conflicts: zod_1.z.array(exports.DependencyConflictSchema).default([]),
+    /**
+     * Errors encountered
+     */
+    errors: zod_1.z.array(zod_1.z.object({
+        package: zod_1.z.string(),
+        error: zod_1.z.string(),
+    })).default([]),
+    /**
+     * Installation order (topological sort)
+     */
+    installOrder: zod_1.z.array(zod_1.z.string()).default([]),
+    /**
+     * Resolution time (ms)
+     */
+    resolvedIn: zod_1.z.number().int().min(0).optional(),
+});
+// ============================================================================
+// Supply Chain Security
+// ============================================================================
+/**
+ * SBOM (Software Bill of Materials) Entry
+ */
+exports.SBOMEntrySchema = zod_1.z.object({
+    /**
+     * Component name
+     */
+    name: zod_1.z.string(),
+    /**
+     * Component version
+     */
+    version: zod_1.z.string(),
+    /**
+     * Package URL (purl)
+     */
+    purl: zod_1.z.string().optional().describe('Package URL identifier'),
+    /**
+     * License
+     */
+    license: zod_1.z.string().optional(),
+    /**
+     * Hashes
+     */
+    hashes: zod_1.z.object({
+        sha256: zod_1.z.string().optional(),
+        sha512: zod_1.z.string().optional(),
+    }).optional(),
+    /**
+     * Supplier
+     */
+    supplier: zod_1.z.object({
+        name: zod_1.z.string(),
+        url: zod_1.z.string().url().optional(),
+    }).optional(),
+    /**
+     * External references
+     */
+    externalRefs: zod_1.z.array(zod_1.z.object({
+        type: zod_1.z.enum(['website', 'repository', 'documentation', 'issue-tracker']),
+        url: zod_1.z.string().url(),
+    })).default([]),
+});
+/**
+ * Software Bill of Materials (SBOM)
+ */
+exports.SBOMSchema = zod_1.z.object({
+    /**
+     * SBOM format
+     */
+    format: zod_1.z.enum(['spdx', 'cyclonedx']).default('cyclonedx'),
+    /**
+     * SBOM version
+     */
+    version: zod_1.z.string(),
+    /**
+     * Plugin metadata
+     */
+    plugin: zod_1.z.object({
+        id: zod_1.z.string(),
+        version: zod_1.z.string(),
+        name: zod_1.z.string(),
+    }),
+    /**
+     * Components (dependencies)
+     */
+    components: zod_1.z.array(exports.SBOMEntrySchema),
+    /**
+     * Generation timestamp
+     */
+    generatedAt: zod_1.z.string().datetime(),
+    /**
+     * Generator tool
+     */
+    generator: zod_1.z.object({
+        name: zod_1.z.string(),
+        version: zod_1.z.string(),
+    }).optional(),
+});
+/**
+ * Plugin Provenance
+ * Verifiable chain of custody for plugin artifacts
+ */
+exports.PluginProvenanceSchema = zod_1.z.object({
+    /**
+     * Plugin identifier
+     */
+    pluginId: zod_1.z.string(),
+    /**
+     * Plugin version
+     */
+    version: zod_1.z.string(),
+    /**
+     * Build information
+     */
+    build: zod_1.z.object({
+        /**
+         * Build timestamp
+         */
+        timestamp: zod_1.z.string().datetime(),
+        /**
+         * Build environment
+         */
+        environment: zod_1.z.object({
+            os: zod_1.z.string(),
+            arch: zod_1.z.string(),
+            nodeVersion: zod_1.z.string(),
+        }).optional(),
+        /**
+         * Source repository
+         */
+        source: zod_1.z.object({
+            repository: zod_1.z.string().url(),
+            commit: zod_1.z.string().regex(/^[a-f0-9]{40}$/),
+            branch: zod_1.z.string().optional(),
+            tag: zod_1.z.string().optional(),
+        }).optional(),
+        /**
+         * Builder identity
+         */
+        builder: zod_1.z.object({
+            name: zod_1.z.string(),
+            email: zod_1.z.string().email().optional(),
+        }).optional(),
+    }),
+    /**
+     * Artifact hashes
+     */
+    artifacts: zod_1.z.array(zod_1.z.object({
+        filename: zod_1.z.string(),
+        sha256: zod_1.z.string(),
+        size: zod_1.z.number().int().positive(),
+    })),
+    /**
+     * Signatures
+     */
+    signatures: zod_1.z.array(zod_1.z.object({
+        algorithm: zod_1.z.enum(['rsa', 'ecdsa', 'ed25519']),
+        publicKey: zod_1.z.string(),
+        signature: zod_1.z.string(),
+        signedBy: zod_1.z.string(),
+        timestamp: zod_1.z.string().datetime(),
+    })).default([]),
+    /**
+     * Attestations
+     */
+    attestations: zod_1.z.array(zod_1.z.object({
+        type: zod_1.z.enum(['code-review', 'security-scan', 'test-results', 'ci-build']),
+        status: zod_1.z.enum(['passed', 'failed']),
+        url: zod_1.z.string().url().optional(),
+        timestamp: zod_1.z.string().datetime(),
+    })).default([]),
+});
+// ============================================================================
+// Trust & Verification
+// ============================================================================
+/**
+ * Plugin Trust Score
+ */
+exports.PluginTrustScoreSchema = zod_1.z.object({
+    /**
+     * Plugin identifier
+     */
+    pluginId: zod_1.z.string(),
+    /**
+     * Overall trust score (0-100)
+     */
+    score: zod_1.z.number().min(0).max(100),
+    /**
+     * Score components
+     */
+    components: zod_1.z.object({
+        /**
+         * Vendor reputation (0-100)
+         */
+        vendorReputation: zod_1.z.number().min(0).max(100),
+        /**
+         * Security scan results (0-100)
+         */
+        securityScore: zod_1.z.number().min(0).max(100),
+        /**
+         * Code quality (0-100)
+         */
+        codeQuality: zod_1.z.number().min(0).max(100),
+        /**
+         * Community engagement (0-100)
+         */
+        communityScore: zod_1.z.number().min(0).max(100),
+        /**
+         * Update frequency (0-100)
+         */
+        maintenanceScore: zod_1.z.number().min(0).max(100),
+    }),
+    /**
+     * Trust level
+     */
+    level: zod_1.z.enum(['verified', 'trusted', 'neutral', 'untrusted', 'blocked']),
+    /**
+     * Verification badges
+     */
+    badges: zod_1.z.array(zod_1.z.enum([
+        'official', // Official ObjectStack plugin
+        'verified-vendor', // Verified vendor
+        'security-scanned', // Passed security scan
+        'code-signed', // Digitally signed
+        'open-source', // Open source
+        'popular', // High downloads
+    ])).default([]),
+    /**
+     * Last updated
+     */
+    updatedAt: zod_1.z.string().datetime(),
+});
+// ============================================================================
+// Export All
+// ============================================================================
+exports.PluginSecurityProtocol = {
+    VulnerabilitySeverity: exports.VulnerabilitySeverity,
+    SecurityVulnerability: exports.SecurityVulnerabilitySchema,
+    SecurityScanResult: exports.SecurityScanResultSchema,
+    SecurityPolicy: exports.SecurityPolicySchema,
+    PackageDependency: exports.PackageDependencySchema,
+    DependencyGraphNode: exports.DependencyGraphNodeSchema,
+    DependencyGraph: exports.DependencyGraphSchema,
+    DependencyConflict: exports.DependencyConflictSchema,
+    DependencyResolutionResult: exports.DependencyResolutionResultSchema,
+    SBOMEntry: exports.SBOMEntrySchema,
+    SBOM: exports.SBOMSchema,
+    PluginProvenance: exports.PluginProvenanceSchema,
+    PluginTrustScore: exports.PluginTrustScoreSchema,
+};

package/dist/index.d.ts

@@ -41,6 +41,7 @@ export * as Data from './data';
 export * as Permission from './permission';
 export * as UI from './ui';
 export * as System from './system';
+export * as QA from './qa';
 export * as Auth from './auth';
 export * as Hub from './hub';
 export * as AI from './ai';

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAOH,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AACnC,OAAO,KAAK,IAAI,MAAM,QAAQ,CAAC;AAC/B,OAAO,KAAK,UAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,KAAK,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AACnC,OAAO,KAAK,IAAI,MAAM,QAAQ,CAAC;AAC/B,OAAO,KAAK,GAAG,MAAM,OAAO,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,KAAK,GAAG,MAAM,OAAO,CAAC;AAC7B,OAAO,KAAK,UAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,KAAK,WAAW,MAAM,eAAe,CAAC;AAC7C,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AAEzC,OAAO,EACL,WAAW,EACX,2BAA2B,EAC3B,iBAAiB,EACjB,6BAA6B,EAC7B,0BAA0B,EAC1B,0BAA0B,EAC1B,0BAA0B,EAC3B,MAAM,aAAa,CAAC;AAErB,cAAc,aAAa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAOH,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AACnC,OAAO,KAAK,IAAI,MAAM,QAAQ,CAAC;AAC/B,OAAO,KAAK,UAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,KAAK,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AACnC,OAAO,KAAK,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,KAAK,IAAI,MAAM,QAAQ,CAAC;AAC/B,OAAO,KAAK,GAAG,MAAM,OAAO,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,MAAM,CAAC;AAC3B,OAAO,KAAK,GAAG,MAAM,OAAO,CAAC;AAC7B,OAAO,KAAK,UAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,KAAK,WAAW,MAAM,eAAe,CAAC;AAC7C,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AAEzC,OAAO,EACL,WAAW,EACX,2BAA2B,EAC3B,iBAAiB,EACjB,6BAA6B,EAC7B,0BAA0B,EAC1B,0BAA0B,EAC1B,0BAA0B,EAC3B,MAAM,aAAa,CAAC;AAErB,cAAc,aAAa,CAAC"}

package/dist/index.js

@@ -74,7 +74,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ObjectOSCapabilitiesSchema = exports.ObjectUICapabilitiesSchema = exports.ObjectQLCapabilitiesSchema = exports.ObjectStackCapabilitiesSchema = exports.ObjectStackSchema = exports.ObjectStackDefinitionSchema = exports.defineStack = exports.Contracts = exports.Integration = exports.Automation = exports.API = exports.AI = exports.Hub = exports.Auth = exports.System = exports.UI = exports.Permission = exports.Data = exports.Shared = void 0;
+exports.ObjectOSCapabilitiesSchema = exports.ObjectUICapabilitiesSchema = exports.ObjectQLCapabilitiesSchema = exports.ObjectStackCapabilitiesSchema = exports.ObjectStackSchema = exports.ObjectStackDefinitionSchema = exports.defineStack = exports.Contracts = exports.Integration = exports.Automation = exports.API = exports.AI = exports.Hub = exports.Auth = exports.QA = exports.System = exports.UI = exports.Permission = exports.Data = exports.Shared = void 0;
 // ============================================================================
 // NAMESPACE EXPORTS
 // ============================================================================
@@ -85,6 +85,7 @@ exports.Data = __importStar(require("./data"));
 exports.Permission = __importStar(require("./permission"));
 exports.UI = __importStar(require("./ui"));
 exports.System = __importStar(require("./system"));
+exports.QA = __importStar(require("./qa"));
 exports.Auth = __importStar(require("./auth"));
 exports.Hub = __importStar(require("./hub"));
 exports.AI = __importStar(require("./ai"));

package/dist/integration/connector/vercel.zod.d.ts

@@ -261,8 +261,8 @@ export declare const VercelMonitoringSchema: z.ZodObject<{
         headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
         sources: z.ZodOptional<z.ZodArray<z.ZodEnum<{
             static: "static";
-            lambda: "lambda";
             edge: "edge";
+            lambda: "lambda";
         }>>>;
     }, z.core.$strip>>>;
 }, z.core.$strip>;
@@ -625,8 +625,8 @@ export declare const VercelConnectorSchema: z.ZodObject<{
             headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
             sources: z.ZodOptional<z.ZodArray<z.ZodEnum<{
                 static: "static";
-                lambda: "lambda";
                 edge: "edge";
+                lambda: "lambda";
             }>>>;
         }, z.core.$strip>>>;
     }, z.core.$strip>>;