@orbytautomation/engine 0.1.2 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/EngineConfig.d.ts +5 -0
- package/dist/core/EngineConfig.d.ts.map +1 -1
- package/dist/core/EngineConfig.js +4 -0
- package/dist/core/EngineConfig.js.map +1 -1
- package/dist/core/OrbytEngine.d.ts +207 -76
- package/dist/core/OrbytEngine.d.ts.map +1 -1
- package/dist/core/OrbytEngine.js +395 -63
- package/dist/core/OrbytEngine.js.map +1 -1
- package/dist/errors/SecurityErrors.d.ts +75 -0
- package/dist/errors/SecurityErrors.d.ts.map +1 -0
- package/dist/errors/SecurityErrors.js +145 -0
- package/dist/errors/SecurityErrors.js.map +1 -0
- package/dist/errors/index.d.ts +1 -0
- package/dist/errors/index.d.ts.map +1 -1
- package/dist/errors/index.js +1 -0
- package/dist/errors/index.js.map +1 -1
- package/dist/execution/ExecutionLimits.d.ts +116 -0
- package/dist/execution/ExecutionLimits.d.ts.map +1 -0
- package/dist/execution/ExecutionLimits.js +280 -0
- package/dist/execution/ExecutionLimits.js.map +1 -0
- package/dist/execution/ExecutionStrategyResolver.d.ts +140 -0
- package/dist/execution/ExecutionStrategyResolver.d.ts.map +1 -0
- package/dist/execution/ExecutionStrategyResolver.js +332 -0
- package/dist/execution/ExecutionStrategyResolver.js.map +1 -0
- package/dist/execution/IntentAnalyzer.d.ts +101 -0
- package/dist/execution/IntentAnalyzer.d.ts.map +1 -0
- package/dist/execution/IntentAnalyzer.js +348 -0
- package/dist/execution/IntentAnalyzer.js.map +1 -0
- package/dist/execution/InternalExecutionContext.d.ts +255 -0
- package/dist/execution/InternalExecutionContext.d.ts.map +1 -0
- package/dist/execution/InternalExecutionContext.js +175 -0
- package/dist/execution/InternalExecutionContext.js.map +1 -0
- package/dist/execution/index.d.ts +5 -0
- package/dist/execution/index.d.ts.map +1 -1
- package/dist/execution/index.js +6 -0
- package/dist/execution/index.js.map +1 -1
- package/dist/index.d.ts +5 -7
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -0
- package/dist/index.js.map +1 -1
- package/dist/loader/WorkflowLoader.d.ts +154 -0
- package/dist/loader/WorkflowLoader.d.ts.map +1 -0
- package/dist/loader/WorkflowLoader.js +239 -0
- package/dist/loader/WorkflowLoader.js.map +1 -0
- package/dist/loader/index.d.ts +10 -0
- package/dist/loader/index.d.ts.map +1 -0
- package/dist/loader/index.js +10 -0
- package/dist/loader/index.js.map +1 -0
- package/dist/parser/SchemaValidator.d.ts.map +1 -1
- package/dist/parser/SchemaValidator.js +14 -2
- package/dist/parser/SchemaValidator.js.map +1 -1
- package/dist/parser/WorkflowParser.d.ts +8 -0
- package/dist/parser/WorkflowParser.d.ts.map +1 -1
- package/dist/parser/WorkflowParser.js +6 -0
- package/dist/parser/WorkflowParser.js.map +1 -1
- package/dist/security/ReservedFields.d.ts +64 -0
- package/dist/security/ReservedFields.d.ts.map +1 -0
- package/dist/security/ReservedFields.js +253 -0
- package/dist/security/ReservedFields.js.map +1 -0
- package/dist/security/index.d.ts +1 -0
- package/dist/security/index.d.ts.map +1 -1
- package/dist/security/index.js +1 -0
- package/dist/security/index.js.map +1 -1
- package/dist/types/core-types.d.ts +59 -0
- package/dist/types/core-types.d.ts.map +1 -0
- package/dist/types/core-types.js +2 -0
- package/dist/types/core-types.js.map +1 -0
- package/package.json +1 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"WorkflowLoader.js","sourceRoot":"","sources":["../../src/loader/WorkflowLoader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAChC,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC/B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,cAAc,EAAuB,MAAM,6BAA6B,CAAC;AAwBlF;;;;;GAKG;AACH,MAAM,OAAO,cAAc;IACzB;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CAAC,KAAK,CAAC,QAAQ,CACnB,QAAgB,EAChB,UAA+B,EAAE;QAEjC,+BAA+B;QAC/B,MAAM,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;QAEvC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CACb,4BAA4B,QAAQ,oBAAoB,YAAY,EAAE,CACvE,CAAC;QACJ,CAAC;QAED,4BAA4B;QAC5B,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,QAAQ,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACxE,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,EAAE,CAAC,CAAC;QAC/D,CAAC;QAED,kCAAkC;QAClC,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACvE,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAE1C,IAAI,MAAsB,CAAC;QAE3B,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC;aAAM,IAAI,MAAM,EAAE,CAAC;YAClB,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,+DAA+D;YAC/D,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAClC,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QAED,sCAAsC;QACtC,IAAI,OAAO,CAAC,SAAS,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YACvC,MAAM,CAAC,MAAM,GAAG,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;QAC7D,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAmB;QACjC,+BAA+B;QAC/B,IAAI,YAAiB,CAAC;QACtB,IAAI,CAAC;YACH,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACzC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,QAAQ,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACxE,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,EAAE,CAAC,CAAC;QACtD,CAAC;QAED,oDAAoD;QACpD,qEAAqE;QACrE,OAAO,cAAc,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAC5C,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAmB;QACjC,+BAA+B;QAC/B,IAAI,YAAiB,CAAC;QACtB,IAAI,CAAC;YACH,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACzC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,QAAQ,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACxE,MAAM,IAAI,KAAK,CAAC,wBAAwB,QAAQ,EAAE,CAAC,CAAC;QACtD,CAAC;QAED,oDAAoD;QACpD,OAAO,cAAc,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAC5C,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,UAAU,CAAC,cAAuB;QACvC,OAAO,cAAc,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAC9C,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAwB;QAC5C,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,4BAA4B;YAC5B,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC9B,CAAC;iBAAM,CAAC;gBACN,2BAA2B;gBAC3B,IAAI,CAAC;oBACH,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACxB,CAAC;gBAAC,MAAM,CAAC;oBACP,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;gBACxB,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAC1B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,iBAAiB,CAAC,GAAW;QAClC,OAAO,CACL,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC;YACrB,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC;YACpB,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC;YACrB,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC;YACjB,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC;YAClB,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CACrB,CAAC;IACJ,CAAC;IAED;;;;;;;;;;OAUG;IACH,MAAM,CAAC,KAAK,CAAC,UAAU,CACrB,MAAc,EACd,UAA+B,EAAE;QAEjC,4CAA4C;QAC5C,IAAI,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACxC,CAAC;QAED,6BAA6B;QAC7B,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC;CACF"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/loader/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,cAAc,qBAAqB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/loader/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,cAAc,qBAAqB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SchemaValidator.d.ts","sourceRoot":"","sources":["../../src/parser/SchemaValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAuB,KAAK,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AACtF,OAAO,EAML,UAAU,EAEX,MAAM,oBAAoB,CAAC;AAE5B;;GAEG;AACH,qBAAa,eAAe;IAC1B;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,GAAG,qBAAqB;IA2B5D;;;;;;OAMG;IACH,OAAO,CAAC,MAAM,CAAC,qBAAqB;
|
|
1
|
+
{"version":3,"file":"SchemaValidator.d.ts","sourceRoot":"","sources":["../../src/parser/SchemaValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAuB,KAAK,qBAAqB,EAAE,MAAM,qBAAqB,CAAC;AACtF,OAAO,EAML,UAAU,EAEX,MAAM,oBAAoB,CAAC;AAE5B;;GAEG;AACH,qBAAa,eAAe;IAC1B;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,GAAG,qBAAqB;IA2B5D;;;;;;OAMG;IACH,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAyFpC;;;;OAIG;IACH,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAkBnC;;;;;OAKG;IACH,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAwChC;;;;;OAKG;IACH,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,GAAG,OAAO;IAS7C;;;;;OAKG;IACH,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE,OAAO,GAAG;QACtC,OAAO,EAAE,OAAO,CAAC;QACjB,IAAI,CAAC,EAAE,qBAAqB,CAAC;QAC7B,KAAK,CAAC,EAAE,UAAU,CAAC;KACpB;CAmBF"}
|
|
@@ -53,6 +53,13 @@ export class SchemaValidator {
|
|
|
53
53
|
if (!obj || typeof obj !== 'object') {
|
|
54
54
|
return;
|
|
55
55
|
}
|
|
56
|
+
// Free-form field paths - these can contain any user-defined keys
|
|
57
|
+
const FREE_FORM_PATHS = ['annotations', 'context', 'secrets', 'inputs'];
|
|
58
|
+
const isFreeFormPath = FREE_FORM_PATHS.some(fp => path === fp || path.endsWith('.' + fp));
|
|
59
|
+
// Skip validation for free-form paths (user can define any fields)
|
|
60
|
+
if (isFreeFormPath) {
|
|
61
|
+
return;
|
|
62
|
+
}
|
|
56
63
|
const validFields = getValidFields(path);
|
|
57
64
|
const actualFields = Object.keys(obj);
|
|
58
65
|
for (const field of actualFields) {
|
|
@@ -85,10 +92,15 @@ export class SchemaValidator {
|
|
|
85
92
|
});
|
|
86
93
|
}
|
|
87
94
|
// Recursively validate nested objects
|
|
95
|
+
// Skip validation for free-form fields (user-defined content)
|
|
96
|
+
const FREE_FORM_FIELDS = ['annotations', 'context', 'with', 'outputs', 'env', 'secrets', 'inputs'];
|
|
88
97
|
const value = obj[field];
|
|
89
98
|
if (value && typeof value === 'object' && !Array.isArray(value)) {
|
|
90
|
-
|
|
91
|
-
|
|
99
|
+
// Don't validate contents of free-form fields (they can contain any keys)
|
|
100
|
+
if (!FREE_FORM_FIELDS.includes(field)) {
|
|
101
|
+
const nestedPath = path === 'root' ? field : `${path}.${field}`;
|
|
102
|
+
this.validateUnknownFields(value, nestedPath);
|
|
103
|
+
}
|
|
92
104
|
}
|
|
93
105
|
// Validate array items (steps, triggers, etc.)
|
|
94
106
|
if (Array.isArray(value)) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SchemaValidator.js","sourceRoot":"","sources":["../../src/parser/SchemaValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,mBAAmB,EAA8B,MAAM,qBAAqB,CAAC;AACtF,OAAO,EACL,WAAW,EACX,WAAW,EACX,YAAY,EACZ,cAAc,EACd,YAAY,EACZ,UAAU,EACV,aAAa,GACd,MAAM,oBAAoB,CAAC;AAE5B;;GAEG;AACH,MAAM,OAAO,eAAe;IAC1B;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAoB;QAClC,IAAI,CAAC;YACH,gDAAgD;YAChD,IAAI,CAAC,qBAAqB,CAAC,WAAkC,EAAE,MAAM,CAAC,CAAC;YAEvE,+DAA+D;YAC/D,MAAM,SAAS,GAAG,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAEzD,kCAAkC;YAClC,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;YAErC,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,4CAA4C;YAC5C,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAChC,MAAM,KAAK,CAAC;YACd,CAAC;YAED,wDAAwD;YACxD,IAAI,KAAK,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAChC,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YACtC,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,MAAM,CAAC,qBAAqB,CAClC,GAAwB,EACxB,IAAY;QAEZ,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEtC,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;YACjC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,CAAC;gBAC/B,sCAAsC;gBACtC,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;gBACxE,MAAM,SAAS,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;gBAEjC,qDAAqD;gBACrD,IAAI,IAAY,CAAC;gBACjB,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC3B,IAAI,GAAG,wBAAwB,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;gBAC9E,CAAC;qBAAM,IAAI,SAAS,EAAE,CAAC;oBACrB,IAAI,GAAG,iBAAiB,SAAS,IAAI,CAAC;gBACxC,CAAC;qBAAM,CAAC;oBACN,IAAI,GAAG,mBAAmB,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1E,CAAC;gBAED,+DAA+D;gBAC/D,IAAI,SAAS,IAAI,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,CAAC;oBAChD,IAAI,GAAG,8BAA8B,SAAS,IAAI,CAAC;gBACrD,CAAC;gBAED,uCAAuC;gBACvC,MAAM,IAAI,WAAW,CAAC;oBACpB,IAAI,EAAE,WAAkB;oBACxB,OAAO,EAAE,kBAAkB,KAAK,GAAG;oBACnC,IAAI,EAAE,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE;oBAClD,IAAI;oBACJ,QAAQ,EAAE,aAAa,CAAC,KAAK;iBAC9B,CAAC,CAAC;YACL,CAAC;YAED,sCAAsC;YACtC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"SchemaValidator.js","sourceRoot":"","sources":["../../src/parser/SchemaValidator.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,mBAAmB,EAA8B,MAAM,qBAAqB,CAAC;AACtF,OAAO,EACL,WAAW,EACX,WAAW,EACX,YAAY,EACZ,cAAc,EACd,YAAY,EACZ,UAAU,EACV,aAAa,GACd,MAAM,oBAAoB,CAAC;AAE5B;;GAEG;AACH,MAAM,OAAO,eAAe;IAC1B;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAoB;QAClC,IAAI,CAAC;YACH,gDAAgD;YAChD,IAAI,CAAC,qBAAqB,CAAC,WAAkC,EAAE,MAAM,CAAC,CAAC;YAEvE,+DAA+D;YAC/D,MAAM,SAAS,GAAG,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAEzD,kCAAkC;YAClC,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;YAErC,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,4CAA4C;YAC5C,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAChC,MAAM,KAAK,CAAC;YACd,CAAC;YAED,wDAAwD;YACxD,IAAI,KAAK,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAChC,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;YACtC,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,MAAM,CAAC,qBAAqB,CAClC,GAAwB,EACxB,IAAY;QAEZ,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO;QACT,CAAC;QAED,kEAAkE;QAClE,MAAM,eAAe,GAAG,CAAC,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;QACxE,MAAM,cAAc,GAAG,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC,IAAI,KAAK,EAAE,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC;QAE1F,mEAAmE;QACnE,IAAI,cAAc,EAAE,CAAC;YACnB,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEtC,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;YACjC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,CAAC;gBAC/B,sCAAsC;gBACtC,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;gBACxE,MAAM,SAAS,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;gBAEjC,qDAAqD;gBACrD,IAAI,IAAY,CAAC;gBACjB,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBAC3B,IAAI,GAAG,wBAAwB,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;gBAC9E,CAAC;qBAAM,IAAI,SAAS,EAAE,CAAC;oBACrB,IAAI,GAAG,iBAAiB,SAAS,IAAI,CAAC;gBACxC,CAAC;qBAAM,CAAC;oBACN,IAAI,GAAG,mBAAmB,IAAI,KAAK,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1E,CAAC;gBAED,+DAA+D;gBAC/D,IAAI,SAAS,IAAI,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,CAAC;oBAChD,IAAI,GAAG,8BAA8B,SAAS,IAAI,CAAC;gBACrD,CAAC;gBAED,uCAAuC;gBACvC,MAAM,IAAI,WAAW,CAAC;oBACpB,IAAI,EAAE,WAAkB;oBACxB,OAAO,EAAE,kBAAkB,KAAK,GAAG;oBACnC,IAAI,EAAE,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE;oBAClD,IAAI;oBACJ,QAAQ,EAAE,aAAa,CAAC,KAAK;iBAC9B,CAAC,CAAC;YACL,CAAC;YAED,sCAAsC;YACtC,8DAA8D;YAC9D,MAAM,gBAAgB,GAAG,CAAC,aAAa,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YACnG,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC;YAEzB,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChE,0EAA0E;gBAC1E,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACtC,MAAM,UAAU,GAAG,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC;oBAChE,IAAI,CAAC,qBAAqB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;YAED,+CAA+C;YAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,IAAI,KAAK,KAAK,OAAO,EAAE,CAAC;oBACtB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;wBAC5B,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;4BACrC,IAAI,CAAC,qBAAqB,CACxB,IAAI,EACJ,kBAAkB,KAAK,GAAG,CAC3B,CAAC;wBACJ,CAAC;oBACH,CAAC,CAAC,CAAC;gBACL,CAAC;qBAAM,IAAI,KAAK,KAAK,UAAU,EAAE,CAAC;oBAChC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;wBAC5B,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;4BACrC,IAAI,CAAC,qBAAqB,CACxB,IAAI,EACJ,YAAY,KAAK,GAAG,CACrB,CAAC;wBACJ,CAAC;oBACH,CAAC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,oBAAoB,CAAC,QAA+B;QACjE,gCAAgC;QAChC,IAAI,CAAC,QAAQ,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;YACnD,MAAM,WAAW,CAAC,YAAY,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;QAC/D,CAAC;QAED,oCAAoC;QACpC,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,WAAW,CAAC;gBACpB,IAAI,EAAE,WAAkB;gBACxB,OAAO,EAAE,yCAAyC;gBAClD,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,wCAAwC;gBAC9C,QAAQ,EAAE,OAAc;aACzB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,MAAM,CAAC,iBAAiB,CAAC,KAAiB;QAChD,+DAA+D;QAC/D,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEvC,oDAAoD;QACpD,QAAQ,UAAU,CAAC,IAAI,EAAE,CAAC;YACxB,KAAK,cAAc;gBACjB,qDAAqD;gBACrD,MAAM,YAAY,GAAI,UAAkB,CAAC,QAAQ,IAAI,SAAS,CAAC;gBAC/D,MAAM,YAAY,GAAI,UAAkB,CAAC,QAAQ,IAAI,SAAS,CAAC;gBAC/D,OAAO,WAAW,CAAC,WAAW,CAC5B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,SAAS,EAClC,YAAY,EACZ,MAAM,CAAC,YAAY,CAAC,EACpB,IAAI,CACL,CAAC;YAEJ,KAAK,eAAe;gBAClB,gCAAgC;gBAChC,OAAO,IAAI,WAAW,CAAC;oBACrB,IAAI,EAAE,WAAkB;oBACxB,OAAO,EAAE,UAAU,CAAC,OAAO;oBAC3B,IAAI;oBACJ,IAAI,EAAE,gEAAgE;oBACtE,QAAQ,EAAE,aAAa,CAAC,KAAK;iBAC9B,CAAC,CAAC;YAEL;gBACE,uBAAuB;gBACvB,OAAO,IAAI,WAAW,CAAC;oBACrB,IAAI,EAAE,WAAkB;oBACxB,OAAO,EAAE,UAAU,CAAC,OAAO;oBAC3B,IAAI;oBACJ,IAAI,EAAE,0CAA0C;oBAChD,QAAQ,EAAE,aAAa,CAAC,KAAK;iBAC9B,CAAC,CAAC;QACP,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,OAAO,CAAC,WAAoB;QACjC,IAAI,CAAC;YACH,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,SAAS,CAAC,WAAoB;QAKnC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YACxC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;gBAChC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;YACnC,CAAC;YACD,yBAAyB;YACzB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI,WAAW,CAAC;oBACrB,IAAI,EAAE,WAAkB;oBACxB,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;oBACjE,QAAQ,EAAE,OAAc;iBACzB,CAAC;aACH,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}
|
|
@@ -28,6 +28,13 @@ export interface ParsedWorkflow {
|
|
|
28
28
|
createdAt?: string;
|
|
29
29
|
updatedAt?: string;
|
|
30
30
|
};
|
|
31
|
+
/** Annotations for AI and UI hints */
|
|
32
|
+
annotations?: {
|
|
33
|
+
'ai.intent'?: string;
|
|
34
|
+
'ui.group'?: string;
|
|
35
|
+
'ui.icon'?: string;
|
|
36
|
+
[key: string]: any;
|
|
37
|
+
};
|
|
31
38
|
/** Workflow steps */
|
|
32
39
|
steps: ParsedStep[];
|
|
33
40
|
/** Global workflow inputs */
|
|
@@ -76,6 +83,7 @@ export declare class WorkflowParser {
|
|
|
76
83
|
*
|
|
77
84
|
* @param rawWorkflow - Raw workflow object
|
|
78
85
|
* @returns Parsed workflow ready for execution
|
|
86
|
+
* @throws {SecurityError} If reserved fields are detected
|
|
79
87
|
*/
|
|
80
88
|
static parse(rawWorkflow: unknown): ParsedWorkflow;
|
|
81
89
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WorkflowParser.d.ts","sourceRoot":"","sources":["../../src/parser/WorkflowParser.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAc,KAAK,UAAU,EAAE,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"WorkflowParser.d.ts","sourceRoot":"","sources":["../../src/parser/WorkflowParser.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,EAAc,KAAK,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAI9D;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,wBAAwB;IACxB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,+CAA+C;IAC/C,QAAQ,CAAC,EAAE;QACT,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IAEF,sCAAsC;IACtC,WAAW,CAAC,EAAE;QACZ,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KACpB,CAAC;IAEF,qBAAqB;IACrB,KAAK,EAAE,UAAU,EAAE,CAAC;IAEpB,6BAA6B;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE7B,mCAAmC;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE9B,wBAAwB;IACxB,OAAO,CAAC,EAAE;QACR,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC/B,CAAC;IAEF,4BAA4B;IAC5B,QAAQ,CAAC,EAAE,KAAK,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;QACb,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KACpB,CAAC,CAAC;IAEH,eAAe;IACf,QAAQ,CAAC,EAAE;QACT,KAAK,CAAC,EAAE;YACN,GAAG,EAAE,MAAM,CAAC;YACZ,OAAO,CAAC,EAAE,QAAQ,GAAG,aAAa,CAAC;YACnC,KAAK,CAAC,EAAE,MAAM,CAAC;SAChB,CAAC;QACF,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IAEF,eAAe;IACf,QAAQ,CAAC,EAAE;QACT,OAAO,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAAC;QAC1C,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;KACvC,CAAC;IAEF,kBAAkB;IAClB,WAAW,CAAC,EAAE,GAAG,CAAC;IAElB,gBAAgB;IAChB,SAAS,CAAC,EAAE,GAAG,CAAC;IAEhB,cAAc;IACd,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,qBAAa,cAAc;IACzB;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,OAAO,GAAG,cAAc;IAoClD;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,cAAc;IAYpD;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,cAAc;IAYpD;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,cAAc;IAmBnE;;;;;OAKG;IACH,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,GAAG,OAAO;IAS7C;;;;;OAKG;IACH,MAAM,CAAC,WAAW,CAAC,WAAW,EAAE,OAAO,GAAG;QACxC,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;KACnB;CAWF"}
|
|
@@ -9,6 +9,7 @@
|
|
|
9
9
|
import YAML from 'yaml';
|
|
10
10
|
import { SchemaValidator } from './SchemaValidator.js';
|
|
11
11
|
import { StepParser } from './StepParser.js';
|
|
12
|
+
import { validateWorkflowSecurity } from '../security/ReservedFields.js';
|
|
12
13
|
/**
|
|
13
14
|
* Main workflow parser class
|
|
14
15
|
*/
|
|
@@ -18,8 +19,13 @@ export class WorkflowParser {
|
|
|
18
19
|
*
|
|
19
20
|
* @param rawWorkflow - Raw workflow object
|
|
20
21
|
* @returns Parsed workflow ready for execution
|
|
22
|
+
* @throws {SecurityError} If reserved fields are detected
|
|
21
23
|
*/
|
|
22
24
|
static parse(rawWorkflow) {
|
|
25
|
+
// Step 0: SECURITY CHECK - Validate NO reserved fields present
|
|
26
|
+
// This runs BEFORE any other validation to prevent internal field manipulation
|
|
27
|
+
// Throws SecurityError with structured error codes if violations found
|
|
28
|
+
validateWorkflowSecurity(rawWorkflow);
|
|
23
29
|
// Step 1: Validate against schema (with enhanced diagnostics)
|
|
24
30
|
const validated = SchemaValidator.validate(rawWorkflow);
|
|
25
31
|
// Step 2: Parse steps from nested workflow.steps
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"WorkflowParser.js","sourceRoot":"","sources":["../../src/parser/WorkflowParser.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAmB,MAAM,iBAAiB,CAAC;
|
|
1
|
+
{"version":3,"file":"WorkflowParser.js","sourceRoot":"","sources":["../../src/parser/WorkflowParser.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,UAAU,EAAmB,MAAM,iBAAiB,CAAC;AAC9D,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAmFzE;;GAEG;AACH,MAAM,OAAO,cAAc;IACzB;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,CAAC,WAAoB;QAC/B,+DAA+D;QAC/D,+EAA+E;QAC/E,uEAAuE;QACvE,wBAAwB,CAAC,WAAW,CAAC,CAAC;QAEtC,8DAA8D;QAC9D,MAAM,SAAS,GAA0B,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE/E,iDAAiD;QACjD,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE5D,6CAA6C;QAC7C,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAE9B,gCAAgC;QAChC,MAAM,MAAM,GAAmB;YAC7B,IAAI,EAAE,SAAS,CAAC,QAAQ,EAAE,IAAI;YAC9B,WAAW,EAAE,SAAS,CAAC,QAAQ,EAAE,WAAW;YAC5C,OAAO,EAAE,SAAS,CAAC,OAAO;YAC1B,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,KAAK;YACL,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,OAAO,EAAE,SAAS,CAAC,OAAO;YAC1B,OAAO,EAAE,SAAS,CAAC,OAAO;YAC1B,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,QAAQ,EAAE,SAAS,CAAC,QAAQ;YAC5B,WAAW,EAAE,SAAS,CAAC,WAAW;YAClC,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,OAAO,EAAE,SAAS,CAAC,OAAO;SAC3B,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAmB;QACjC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YACvC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,wBAAwB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3D,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,QAAQ,CAAC,WAAmB;QACjC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YACvC,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,wBAAwB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3D,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,QAAQ,CAAC,OAAe,EAAE,QAAiB;QAChD,qCAAqC;QACrC,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC5D,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAChC,CAAC;YACD,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC/B,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAED,uDAAuD;QACvD,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,OAAO,CAAC,WAAoB;QACjC,IAAI,CAAC;YACH,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,WAAW,CAAC,WAAoB;QAOrC,MAAM,SAAS,GAA0B,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAE/E,OAAO;YACL,IAAI,EAAE,SAAS,CAAC,QAAQ,EAAE,IAAI;YAC9B,WAAW,EAAE,SAAS,CAAC,QAAQ,EAAE,WAAW;YAC5C,OAAO,EAAE,SAAS,CAAC,OAAO;YAC1B,IAAI,EAAE,SAAS,CAAC,IAAI;YACpB,SAAS,EAAE,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM;SAC3C,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Reserved Field Security
|
|
3
|
+
*
|
|
4
|
+
* CRITICAL SECURITY MODULE
|
|
5
|
+
*
|
|
6
|
+
* Defines and guards internal/reserved fields that users MUST NEVER control.
|
|
7
|
+
* These fields are engine-controlled for billing, security, and audit purposes.
|
|
8
|
+
*
|
|
9
|
+
* ANY attempt to set these fields in user YAML will be REJECTED at parse time
|
|
10
|
+
* with explicit structured errors.
|
|
11
|
+
*
|
|
12
|
+
* @module security
|
|
13
|
+
*/
|
|
14
|
+
/**
|
|
15
|
+
* Reserved top-level workflow fields
|
|
16
|
+
* These are NEVER user-controlled, always engine-injected
|
|
17
|
+
*/
|
|
18
|
+
export declare const RESERVED_WORKFLOW_FIELDS: readonly ["_internal", "_identity", "_ownership", "_billing", "_usage", "_audit", "_system", "_engine", "_execution", "_runtime", "_security", "_metadata"];
|
|
19
|
+
/**
|
|
20
|
+
* Reserved context field names
|
|
21
|
+
* Users cannot set these in workflow context
|
|
22
|
+
*/
|
|
23
|
+
export declare const RESERVED_CONTEXT_FIELDS: readonly ["_internal", "_identity", "_ownership", "_billing", "_usage", "_audit", "_system", "_engine", "_security", "executionId", "runId", "traceId", "userId", "workspaceId", "subscriptionId", "subscriptionTier", "billingId", "billingMode", "pricingTier", "pricingModel", "billingSnapshot"];
|
|
24
|
+
/**
|
|
25
|
+
* Reserved step field names
|
|
26
|
+
* Users cannot set these in step definitions
|
|
27
|
+
*/
|
|
28
|
+
export declare const RESERVED_STEP_FIELDS: readonly ["_internal", "_billing", "_usage", "_audit", "executionId", "runId", "stepExecutionId"];
|
|
29
|
+
/**
|
|
30
|
+
* Reserved annotation prefixes
|
|
31
|
+
* These annotation namespaces are reserved for engine use
|
|
32
|
+
*/
|
|
33
|
+
export declare const RESERVED_ANNOTATION_PREFIXES: readonly ["engine.", "system.", "internal.", "billing.", "audit.", "security."];
|
|
34
|
+
/**
|
|
35
|
+
* Check if a field name is reserved
|
|
36
|
+
*/
|
|
37
|
+
export declare function isReservedWorkflowField(fieldName: string): boolean;
|
|
38
|
+
/**
|
|
39
|
+
* Check if a context field name is reserved
|
|
40
|
+
*/
|
|
41
|
+
export declare function isReservedContextField(fieldName: string): boolean;
|
|
42
|
+
/**
|
|
43
|
+
* Check if a step field name is reserved
|
|
44
|
+
*/
|
|
45
|
+
export declare function isReservedStepField(fieldName: string): boolean;
|
|
46
|
+
/**
|
|
47
|
+
* Check if an annotation key uses a reserved prefix
|
|
48
|
+
*/
|
|
49
|
+
export declare function isReservedAnnotation(annotationKey: string): boolean;
|
|
50
|
+
/**
|
|
51
|
+
* Scan an object for reserved field names
|
|
52
|
+
* Returns array of found reserved fields
|
|
53
|
+
*/
|
|
54
|
+
export declare function findReservedFields(obj: Record<string, any>, reservedList: readonly string[], checkPrefix?: boolean): string[];
|
|
55
|
+
/**
|
|
56
|
+
* Validate workflow for reserved field violations
|
|
57
|
+
*
|
|
58
|
+
* SECURITY CRITICAL: This runs BEFORE any workflow execution
|
|
59
|
+
* Rejects workflows that attempt to control internal fields
|
|
60
|
+
*
|
|
61
|
+
* @throws {SecurityError} If reserved fields are found
|
|
62
|
+
*/
|
|
63
|
+
export declare function validateWorkflowSecurity(workflow: any): void;
|
|
64
|
+
//# sourceMappingURL=ReservedFields.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ReservedFields.d.ts","sourceRoot":"","sources":["../../src/security/ReservedFields.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAQH;;;GAGG;AACH,eAAO,MAAM,wBAAwB,6JAa3B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,uBAAuB,sSAsB1B,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,oBAAoB,mGAQvB,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,4BAA4B,iFAO/B,CAAC;AAEX;;GAEG;AACH,wBAAgB,uBAAuB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAElE;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAEjE;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE9D;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAEnE;AAsED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACxB,YAAY,EAAE,SAAS,MAAM,EAAE,EAC/B,WAAW,UAAO,GACjB,MAAM,EAAE,CAeV;AAED;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,GAAG,GAAG,IAAI,CAoE5D"}
|
|
@@ -0,0 +1,253 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Reserved Field Security
|
|
3
|
+
*
|
|
4
|
+
* CRITICAL SECURITY MODULE
|
|
5
|
+
*
|
|
6
|
+
* Defines and guards internal/reserved fields that users MUST NEVER control.
|
|
7
|
+
* These fields are engine-controlled for billing, security, and audit purposes.
|
|
8
|
+
*
|
|
9
|
+
* ANY attempt to set these fields in user YAML will be REJECTED at parse time
|
|
10
|
+
* with explicit structured errors.
|
|
11
|
+
*
|
|
12
|
+
* @module security
|
|
13
|
+
*/
|
|
14
|
+
import { SecurityError, SecurityErrorCode } from '../errors/SecurityErrors.js';
|
|
15
|
+
/**
|
|
16
|
+
* Reserved top-level workflow fields
|
|
17
|
+
* These are NEVER user-controlled, always engine-injected
|
|
18
|
+
*/
|
|
19
|
+
export const RESERVED_WORKFLOW_FIELDS = [
|
|
20
|
+
'_internal', // Internal execution context
|
|
21
|
+
'_identity', // Execution identity
|
|
22
|
+
'_ownership', // Ownership context
|
|
23
|
+
'_billing', // Billing context
|
|
24
|
+
'_usage', // Usage tracking
|
|
25
|
+
'_audit', // Audit trail
|
|
26
|
+
'_system', // System fields
|
|
27
|
+
'_engine', // Engine metadata
|
|
28
|
+
'_execution', // Execution context (internal)
|
|
29
|
+
'_runtime', // Runtime context (internal)
|
|
30
|
+
'_security', // Security context
|
|
31
|
+
'_metadata', // Internal metadata
|
|
32
|
+
];
|
|
33
|
+
/**
|
|
34
|
+
* Reserved context field names
|
|
35
|
+
* Users cannot set these in workflow context
|
|
36
|
+
*/
|
|
37
|
+
export const RESERVED_CONTEXT_FIELDS = [
|
|
38
|
+
'_internal',
|
|
39
|
+
'_identity',
|
|
40
|
+
'_ownership',
|
|
41
|
+
'_billing',
|
|
42
|
+
'_usage',
|
|
43
|
+
'_audit',
|
|
44
|
+
'_system',
|
|
45
|
+
'_engine',
|
|
46
|
+
'_security',
|
|
47
|
+
'executionId',
|
|
48
|
+
'runId',
|
|
49
|
+
'traceId',
|
|
50
|
+
'userId',
|
|
51
|
+
'workspaceId',
|
|
52
|
+
'subscriptionId',
|
|
53
|
+
'subscriptionTier',
|
|
54
|
+
'billingId',
|
|
55
|
+
'billingMode',
|
|
56
|
+
'pricingTier',
|
|
57
|
+
'pricingModel',
|
|
58
|
+
'billingSnapshot',
|
|
59
|
+
];
|
|
60
|
+
/**
|
|
61
|
+
* Reserved step field names
|
|
62
|
+
* Users cannot set these in step definitions
|
|
63
|
+
*/
|
|
64
|
+
export const RESERVED_STEP_FIELDS = [
|
|
65
|
+
'_internal',
|
|
66
|
+
'_billing',
|
|
67
|
+
'_usage',
|
|
68
|
+
'_audit',
|
|
69
|
+
'executionId',
|
|
70
|
+
'runId',
|
|
71
|
+
'stepExecutionId',
|
|
72
|
+
];
|
|
73
|
+
/**
|
|
74
|
+
* Reserved annotation prefixes
|
|
75
|
+
* These annotation namespaces are reserved for engine use
|
|
76
|
+
*/
|
|
77
|
+
export const RESERVED_ANNOTATION_PREFIXES = [
|
|
78
|
+
'engine.',
|
|
79
|
+
'system.',
|
|
80
|
+
'internal.',
|
|
81
|
+
'billing.',
|
|
82
|
+
'audit.',
|
|
83
|
+
'security.',
|
|
84
|
+
];
|
|
85
|
+
/**
|
|
86
|
+
* Check if a field name is reserved
|
|
87
|
+
*/
|
|
88
|
+
export function isReservedWorkflowField(fieldName) {
|
|
89
|
+
return RESERVED_WORKFLOW_FIELDS.includes(fieldName) || fieldName.startsWith('_');
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* Check if a context field name is reserved
|
|
93
|
+
*/
|
|
94
|
+
export function isReservedContextField(fieldName) {
|
|
95
|
+
return RESERVED_CONTEXT_FIELDS.includes(fieldName) || fieldName.startsWith('_');
|
|
96
|
+
}
|
|
97
|
+
/**
|
|
98
|
+
* Check if a step field name is reserved
|
|
99
|
+
*/
|
|
100
|
+
export function isReservedStepField(fieldName) {
|
|
101
|
+
return RESERVED_STEP_FIELDS.includes(fieldName);
|
|
102
|
+
}
|
|
103
|
+
/**
|
|
104
|
+
* Check if an annotation key uses a reserved prefix
|
|
105
|
+
*/
|
|
106
|
+
export function isReservedAnnotation(annotationKey) {
|
|
107
|
+
return RESERVED_ANNOTATION_PREFIXES.some(prefix => annotationKey.startsWith(prefix));
|
|
108
|
+
}
|
|
109
|
+
/**
|
|
110
|
+
* Determine the appropriate error code for a reserved field
|
|
111
|
+
*/
|
|
112
|
+
function determineErrorCode(field) {
|
|
113
|
+
// Billing-related fields
|
|
114
|
+
if (field.includes('billing') || field.includes('pricing') || field.includes('cost') || field.includes('subscription')) {
|
|
115
|
+
return SecurityErrorCode.BILLING_FIELD_OVERRIDE;
|
|
116
|
+
}
|
|
117
|
+
// Identity fields
|
|
118
|
+
if (field.includes('executionId') || field.includes('runId') || field.includes('traceId')) {
|
|
119
|
+
return SecurityErrorCode.IDENTITY_FIELD_OVERRIDE;
|
|
120
|
+
}
|
|
121
|
+
// Ownership fields
|
|
122
|
+
if (field.includes('userId') || field.includes('workspaceId') || field.includes('subscriptionId')) {
|
|
123
|
+
return SecurityErrorCode.OWNERSHIP_FIELD_OVERRIDE;
|
|
124
|
+
}
|
|
125
|
+
// Usage counter fields
|
|
126
|
+
if (field.includes('usage') || field.includes('count') || field.includes('duration')) {
|
|
127
|
+
return SecurityErrorCode.USAGE_COUNTER_OVERRIDE;
|
|
128
|
+
}
|
|
129
|
+
// Internal state fields (anything starting with _)
|
|
130
|
+
if (field.startsWith('_')) {
|
|
131
|
+
return SecurityErrorCode.INTERNAL_STATE_OVERRIDE;
|
|
132
|
+
}
|
|
133
|
+
// Default to reserved field override
|
|
134
|
+
return SecurityErrorCode.RESERVED_FIELD_OVERRIDE;
|
|
135
|
+
}
|
|
136
|
+
/**
|
|
137
|
+
* Get human-readable reason for why a field is protected
|
|
138
|
+
*/
|
|
139
|
+
function getFieldReason(field) {
|
|
140
|
+
if (field.startsWith('_billing') || field.includes('billing')) {
|
|
141
|
+
return 'Billing fields control pricing and cost calculation. User manipulation would compromise revenue integrity.';
|
|
142
|
+
}
|
|
143
|
+
if (field.startsWith('_internal')) {
|
|
144
|
+
return 'Internal fields contain engine state. User manipulation would break execution and audit tracking.';
|
|
145
|
+
}
|
|
146
|
+
if (field.startsWith('_identity')) {
|
|
147
|
+
return 'Identity fields link execution to audit trail. User manipulation would compromise compliance.';
|
|
148
|
+
}
|
|
149
|
+
if (field.startsWith('_ownership')) {
|
|
150
|
+
return 'Ownership fields determine access rights. User manipulation would be a security violation.';
|
|
151
|
+
}
|
|
152
|
+
if (field.startsWith('_usage')) {
|
|
153
|
+
return 'Usage counters track resource consumption. User manipulation would compromise billing and quotas.';
|
|
154
|
+
}
|
|
155
|
+
if (field.includes('executionId') || field.includes('runId')) {
|
|
156
|
+
return 'Execution identifiers must be engine-generated for audit integrity and traceability.';
|
|
157
|
+
}
|
|
158
|
+
if (field.startsWith('_')) {
|
|
159
|
+
return 'Fields starting with "_" are reserved for engine internals and cannot be user-controlled.';
|
|
160
|
+
}
|
|
161
|
+
return 'This field is reserved for engine control to ensure system integrity.';
|
|
162
|
+
}
|
|
163
|
+
/**
|
|
164
|
+
* Scan an object for reserved field names
|
|
165
|
+
* Returns array of found reserved fields
|
|
166
|
+
*/
|
|
167
|
+
export function findReservedFields(obj, reservedList, checkPrefix = true) {
|
|
168
|
+
const found = [];
|
|
169
|
+
for (const key of Object.keys(obj)) {
|
|
170
|
+
// Check against reserved list
|
|
171
|
+
if (reservedList.includes(key)) {
|
|
172
|
+
found.push(key);
|
|
173
|
+
}
|
|
174
|
+
// Check for underscore prefix (internal convention)
|
|
175
|
+
else if (checkPrefix && key.startsWith('_')) {
|
|
176
|
+
found.push(key);
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
return found;
|
|
180
|
+
}
|
|
181
|
+
/**
|
|
182
|
+
* Validate workflow for reserved field violations
|
|
183
|
+
*
|
|
184
|
+
* SECURITY CRITICAL: This runs BEFORE any workflow execution
|
|
185
|
+
* Rejects workflows that attempt to control internal fields
|
|
186
|
+
*
|
|
187
|
+
* @throws {SecurityError} If reserved fields are found
|
|
188
|
+
*/
|
|
189
|
+
export function validateWorkflowSecurity(workflow) {
|
|
190
|
+
const violations = [];
|
|
191
|
+
// 1. Check top-level workflow fields
|
|
192
|
+
const topLevelViolations = findReservedFields(workflow, RESERVED_WORKFLOW_FIELDS);
|
|
193
|
+
for (const field of topLevelViolations) {
|
|
194
|
+
violations.push({
|
|
195
|
+
code: determineErrorCode(field),
|
|
196
|
+
location: 'workflow (root level)',
|
|
197
|
+
field,
|
|
198
|
+
attemptedValue: workflow[field],
|
|
199
|
+
reason: getFieldReason(field),
|
|
200
|
+
suggestion: `Remove '${field}' from your workflow YAML. The engine will inject this field automatically during execution.`,
|
|
201
|
+
});
|
|
202
|
+
}
|
|
203
|
+
// 2. Check workflow.context for reserved fields
|
|
204
|
+
if (workflow.context && typeof workflow.context === 'object') {
|
|
205
|
+
const contextViolations = findReservedFields(workflow.context, RESERVED_CONTEXT_FIELDS);
|
|
206
|
+
for (const field of contextViolations) {
|
|
207
|
+
violations.push({
|
|
208
|
+
code: determineErrorCode(field),
|
|
209
|
+
location: 'workflow.context',
|
|
210
|
+
field,
|
|
211
|
+
attemptedValue: workflow.context[field],
|
|
212
|
+
reason: getFieldReason(field),
|
|
213
|
+
suggestion: `Remove '${field}' from workflow.context. Use custom field names like 'myContext' or 'customData' instead.`,
|
|
214
|
+
});
|
|
215
|
+
}
|
|
216
|
+
}
|
|
217
|
+
// 3. Check annotations for reserved prefixes
|
|
218
|
+
if (workflow.annotations && typeof workflow.annotations === 'object') {
|
|
219
|
+
for (const key of Object.keys(workflow.annotations)) {
|
|
220
|
+
if (isReservedAnnotation(key)) {
|
|
221
|
+
violations.push({
|
|
222
|
+
code: SecurityErrorCode.RESERVED_ANNOTATION_NAMESPACE,
|
|
223
|
+
location: 'workflow.annotations',
|
|
224
|
+
field: key,
|
|
225
|
+
attemptedValue: workflow.annotations[key],
|
|
226
|
+
reason: `Annotation namespace '${key.split('.')[0]}.' is reserved for engine use.`,
|
|
227
|
+
suggestion: `Use a custom prefix like 'custom.${key}' or 'my.${key}' instead.`,
|
|
228
|
+
});
|
|
229
|
+
}
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
// 4. Check steps for reserved fields
|
|
233
|
+
if (workflow.workflow?.steps && Array.isArray(workflow.workflow.steps)) {
|
|
234
|
+
workflow.workflow.steps.forEach((step, index) => {
|
|
235
|
+
const stepViolations = findReservedFields(step, RESERVED_STEP_FIELDS);
|
|
236
|
+
for (const field of stepViolations) {
|
|
237
|
+
violations.push({
|
|
238
|
+
code: determineErrorCode(field),
|
|
239
|
+
location: `workflow.steps[${index}] (${step.id || 'unnamed'})`,
|
|
240
|
+
field,
|
|
241
|
+
attemptedValue: step[field],
|
|
242
|
+
reason: getFieldReason(field),
|
|
243
|
+
suggestion: `Remove '${field}' from step definition. The engine tracks execution state internally.`,
|
|
244
|
+
});
|
|
245
|
+
}
|
|
246
|
+
});
|
|
247
|
+
}
|
|
248
|
+
// If violations found, throw SecurityError
|
|
249
|
+
if (violations.length > 0) {
|
|
250
|
+
throw new SecurityError(violations);
|
|
251
|
+
}
|
|
252
|
+
}
|
|
253
|
+
//# sourceMappingURL=ReservedFields.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ReservedFields.js","sourceRoot":"","sources":["../../src/security/ReservedFields.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EACL,aAAa,EACb,iBAAiB,EAElB,MAAM,6BAA6B,CAAC;AAErC;;;GAGG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,WAAW,EAAY,6BAA6B;IACpD,WAAW,EAAY,qBAAqB;IAC5C,YAAY,EAAW,oBAAoB;IAC3C,UAAU,EAAa,kBAAkB;IACzC,QAAQ,EAAe,iBAAiB;IACxC,QAAQ,EAAe,cAAc;IACrC,SAAS,EAAc,gBAAgB;IACvC,SAAS,EAAc,kBAAkB;IACzC,YAAY,EAAW,+BAA+B;IACtD,UAAU,EAAa,6BAA6B;IACpD,WAAW,EAAY,mBAAmB;IAC1C,WAAW,EAAY,oBAAoB;CACnC,CAAC;AAEX;;;GAGG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,WAAW;IACX,WAAW;IACX,YAAY;IACZ,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,SAAS;IACT,SAAS;IACT,WAAW;IACX,aAAa;IACb,OAAO;IACP,SAAS;IACT,QAAQ;IACR,aAAa;IACb,gBAAgB;IAChB,kBAAkB;IAClB,WAAW;IACX,aAAa;IACb,aAAa;IACb,cAAc;IACd,iBAAiB;CACT,CAAC;AAEX;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC,WAAW;IACX,UAAU;IACV,QAAQ;IACR,QAAQ;IACR,aAAa;IACb,OAAO;IACP,iBAAiB;CACT,CAAC;AAEX;;;GAGG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG;IAC1C,SAAS;IACT,SAAS;IACT,WAAW;IACX,UAAU;IACV,QAAQ;IACR,WAAW;CACH,CAAC;AAEX;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,SAAiB;IACvD,OAAO,wBAAwB,CAAC,QAAQ,CAAC,SAAgB,CAAC,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;AAC1F,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,SAAiB;IACtD,OAAO,uBAAuB,CAAC,QAAQ,CAAC,SAAgB,CAAC,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;AACzF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,SAAiB;IACnD,OAAO,oBAAoB,CAAC,QAAQ,CAAC,SAAgB,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,aAAqB;IACxD,OAAO,4BAA4B,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,aAAa,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AACvF,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,KAAa;IACvC,yBAAyB;IACzB,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACvH,OAAO,iBAAiB,CAAC,sBAAsB,CAAC;IAClD,CAAC;IAED,kBAAkB;IAClB,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1F,OAAO,iBAAiB,CAAC,uBAAuB,CAAC;IACnD,CAAC;IAED,mBAAmB;IACnB,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClG,OAAO,iBAAiB,CAAC,wBAAwB,CAAC;IACpD,CAAC;IAED,uBAAuB;IACvB,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QACrF,OAAO,iBAAiB,CAAC,sBAAsB,CAAC;IAClD,CAAC;IAED,mDAAmD;IACnD,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,iBAAiB,CAAC,uBAAuB,CAAC;IACnD,CAAC;IAED,qCAAqC;IACrC,OAAO,iBAAiB,CAAC,uBAAuB,CAAC;AACnD,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,KAAK,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9D,OAAO,4GAA4G,CAAC;IACtH,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAClC,OAAO,mGAAmG,CAAC;IAC7G,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAClC,OAAO,+FAA+F,CAAC;IACzG,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACnC,OAAO,4FAA4F,CAAC;IACtG,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,OAAO,mGAAmG,CAAC;IAC7G,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7D,OAAO,sFAAsF,CAAC;IAChG,CAAC;IAED,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,2FAA2F,CAAC;IACrG,CAAC;IAED,OAAO,uEAAuE,CAAC;AACjF,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,GAAwB,EACxB,YAA+B,EAC/B,WAAW,GAAG,IAAI;IAElB,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,8BAA8B;QAC9B,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAU,CAAC,EAAE,CAAC;YACtC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClB,CAAC;QACD,oDAAoD;aAC/C,IAAI,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5C,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CAAC,QAAa;IACpD,MAAM,UAAU,GAA+B,EAAE,CAAC;IAElD,qCAAqC;IACrC,MAAM,kBAAkB,GAAG,kBAAkB,CAAC,QAAQ,EAAE,wBAAwB,CAAC,CAAC;IAClF,KAAK,MAAM,KAAK,IAAI,kBAAkB,EAAE,CAAC;QACvC,UAAU,CAAC,IAAI,CAAC;YACd,IAAI,EAAE,kBAAkB,CAAC,KAAK,CAAC;YAC/B,QAAQ,EAAE,uBAAuB;YACjC,KAAK;YACL,cAAc,EAAE,QAAQ,CAAC,KAAK,CAAC;YAC/B,MAAM,EAAE,cAAc,CAAC,KAAK,CAAC;YAC7B,UAAU,EAAE,WAAW,KAAK,8FAA8F;SAC3H,CAAC,CAAC;IACL,CAAC;IAED,gDAAgD;IAChD,IAAI,QAAQ,CAAC,OAAO,IAAI,OAAO,QAAQ,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC7D,MAAM,iBAAiB,GAAG,kBAAkB,CAAC,QAAQ,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC;QACxF,KAAK,MAAM,KAAK,IAAI,iBAAiB,EAAE,CAAC;YACtC,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI,EAAE,kBAAkB,CAAC,KAAK,CAAC;gBAC/B,QAAQ,EAAE,kBAAkB;gBAC5B,KAAK;gBACL,cAAc,EAAE,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC;gBACvC,MAAM,EAAE,cAAc,CAAC,KAAK,CAAC;gBAC7B,UAAU,EAAE,WAAW,KAAK,2FAA2F;aACxH,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,IAAI,QAAQ,CAAC,WAAW,IAAI,OAAO,QAAQ,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;QACrE,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACpD,IAAI,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,iBAAiB,CAAC,6BAA6B;oBACrD,QAAQ,EAAE,sBAAsB;oBAChC,KAAK,EAAE,GAAG;oBACV,cAAc,EAAE,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC;oBACzC,MAAM,EAAE,yBAAyB,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,gCAAgC;oBAClF,UAAU,EAAE,oCAAoC,GAAG,YAAY,GAAG,YAAY;iBAC/E,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,IAAI,QAAQ,CAAC,QAAQ,EAAE,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACvE,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAS,EAAE,KAAa,EAAE,EAAE;YAC3D,MAAM,cAAc,GAAG,kBAAkB,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;YACtE,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;gBACnC,UAAU,CAAC,IAAI,CAAC;oBACd,IAAI,EAAE,kBAAkB,CAAC,KAAK,CAAC;oBAC/B,QAAQ,EAAE,kBAAkB,KAAK,MAAM,IAAI,CAAC,EAAE,IAAI,SAAS,GAAG;oBAC9D,KAAK;oBACL,cAAc,EAAE,IAAI,CAAC,KAAK,CAAC;oBAC3B,MAAM,EAAE,cAAc,CAAC,KAAK,CAAC;oBAC7B,UAAU,EAAE,WAAW,KAAK,uEAAuE;iBACpG,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,aAAa,CAAC,UAAU,CAAC,CAAC;IACtC,CAAC;AACH,CAAC"}
|
package/dist/security/index.d.ts
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,cAAc,uBAAuB,CAAC;AACtC,cAAc,qBAAqB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,cAAc,uBAAuB,CAAC;AACtC,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC"}
|
package/dist/security/index.js
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,cAAc,uBAAuB,CAAC;AACtC,cAAc,qBAAqB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,cAAc,uBAAuB,CAAC;AACtC,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC"}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { OwnershipContext } from "../execution/InternalExecutionContext.js";
|
|
2
|
+
/**
|
|
3
|
+
* Workflow run options
|
|
4
|
+
* User-friendly options for running a workflow
|
|
5
|
+
*/
|
|
6
|
+
export interface WorkflowRunOptions {
|
|
7
|
+
/**
|
|
8
|
+
* Workflow input variables
|
|
9
|
+
*/
|
|
10
|
+
variables?: Record<string, any>;
|
|
11
|
+
/**
|
|
12
|
+
* Environment variables for workflow execution
|
|
13
|
+
*/
|
|
14
|
+
env?: Record<string, any>;
|
|
15
|
+
/**
|
|
16
|
+
* Secrets (will not be logged)
|
|
17
|
+
*/
|
|
18
|
+
secrets?: Record<string, any>;
|
|
19
|
+
/**
|
|
20
|
+
* Additional execution context
|
|
21
|
+
*/
|
|
22
|
+
context?: Record<string, any>;
|
|
23
|
+
/**
|
|
24
|
+
* Execution timeout in milliseconds
|
|
25
|
+
*/
|
|
26
|
+
timeout?: number;
|
|
27
|
+
/**
|
|
28
|
+
* Continue execution even if steps fail
|
|
29
|
+
*/
|
|
30
|
+
continueOnError?: boolean;
|
|
31
|
+
/**
|
|
32
|
+
* Dry run mode - validate and plan but don't execute
|
|
33
|
+
*/
|
|
34
|
+
dryRun?: boolean;
|
|
35
|
+
/**
|
|
36
|
+
* Who/what triggered this execution
|
|
37
|
+
*/
|
|
38
|
+
triggeredBy?: string;
|
|
39
|
+
/**
|
|
40
|
+
* Ownership context (from bridge/API)
|
|
41
|
+
* INTERNAL USE: Not for user workflows
|
|
42
|
+
*/
|
|
43
|
+
_ownershipContext?: Partial<OwnershipContext>;
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Workflow load options
|
|
47
|
+
* Options for loading a workflow from file
|
|
48
|
+
*/
|
|
49
|
+
export interface WorkflowLoadOptions {
|
|
50
|
+
/**
|
|
51
|
+
* Base directory for resolving relative paths
|
|
52
|
+
*/
|
|
53
|
+
baseDir?: string;
|
|
54
|
+
/**
|
|
55
|
+
* Variables to inject during parsing
|
|
56
|
+
*/
|
|
57
|
+
variables?: Record<string, any>;
|
|
58
|
+
}
|
|
59
|
+
//# sourceMappingURL=core-types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"core-types.d.ts","sourceRoot":"","sources":["../../src/types/core-types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,0CAA0C,CAAC;AAE5E;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAEhC;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE1B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE9B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAE9B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;IAE1B;;OAEG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IAEjB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC;CAC/C;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CACjC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"core-types.js","sourceRoot":"","sources":["../../src/types/core-types.ts"],"names":[],"mappings":""}
|