@probelabs/visor 0.1.128 → 0.1.130-ee

package/dist/sdk/sdk.d.ts

@@ -64,9 +64,102 @@ interface ReviewSummary {
 }
 
 /**
- * Types for Visor configuration system
+ * Types for Docker-based sandbox execution environments
  */
 
+/**
+ * Cache configuration for sandbox volumes
+ */
+interface SandboxCacheConfig {
+    /** Liquid template for cache scope prefix (default: git branch) */
+    prefix?: string;
+    /** Fallback prefix when current prefix has no cache */
+    fallback_prefix?: string;
+    /** Paths inside the container to cache */
+    paths: string[];
+    /** Time-to-live for cache volumes (e.g., "7d", "24h") */
+    ttl?: string;
+    /** Maximum number of cache scopes to keep */
+    max_scopes?: number;
+}
+/**
+ * Resource limits for sandbox containers
+ */
+interface SandboxResourceConfig {
+    /** Memory limit (e.g., "512m", "2g") */
+    memory?: string;
+    /** CPU limit (e.g., 1.0, 0.5) */
+    cpu?: number;
+}
+/**
+ * Configuration for a single sandbox environment
+ */
+interface SandboxConfig {
+    /** Docker image to use (e.g., "node:20-alpine") */
+    image?: string;
+    /** Path to Dockerfile (relative to config file or absolute) */
+    dockerfile?: string;
+    /** Inline Dockerfile content */
+    dockerfile_inline?: string;
+    /** Path to docker-compose file */
+    compose?: string;
+    /** Service name within the compose file */
+    service?: string;
+    /** Working directory inside container (default: /workspace) */
+    workdir?: string;
+    /** Glob patterns for host env vars to forward into sandbox */
+    env_passthrough?: string[];
+    /** Enable/disable network access (default: true) */
+    network?: boolean;
+    /** Mount repo as read-only (default: false) */
+    read_only?: boolean;
+    /** Resource limits */
+    resources?: SandboxResourceConfig;
+    /** Where visor is mounted inside container (default: /opt/visor) */
+    visor_path?: string;
+    /** Cache volume configuration */
+    cache?: SandboxCacheConfig;
+}
+
+interface PolicyConfig {
+    /** Policy engine mode */
+    engine: 'local' | 'remote' | 'disabled';
+    /** Path to .rego files or .wasm bundle (local mode) */
+    rules?: string | string[];
+    /** Path to a JSON file to load as OPA data document */
+    data?: string;
+    /** OPA server URL (remote mode) */
+    url?: string;
+    /** Default decision when policy evaluation fails */
+    fallback?: 'allow' | 'deny' | 'warn';
+    /** Evaluation timeout in ms (default: 5000) */
+    timeout?: number;
+    /** Role definitions: map role names to conditions */
+    roles?: Record<string, PolicyRoleConfig>;
+}
+interface PolicyRoleConfig {
+    /** GitHub author associations that map to this role */
+    author_association?: string[];
+    /** GitHub team slugs (requires GitHub API) */
+    teams?: string[];
+    /** Explicit GitHub usernames */
+    users?: string[];
+    /** Slack user IDs (e.g., ["U0123ABC"]) */
+    slack_users?: string[];
+    /** Email addresses for identity matching (e.g., ["alice@co.com"]) */
+    emails?: string[];
+    /** Slack channel IDs — role only applies when triggered from these channels */
+    slack_channels?: string[];
+}
+interface StepPolicyOverride {
+    /** Required role(s) - any of these roles suffices */
+    require?: string | string[];
+    /** Explicit deny for roles */
+    deny?: string[];
+    /** Custom OPA rule path for this step */
+    rule?: string;
+}
+
 /**
  * Failure condition severity levels
  */
@@ -268,6 +361,8 @@ interface AIProviderConfig {
     bashConfig?: BashConfig;
     /** Completion prompt for post-completion validation/review (runs after attempt_completion) */
     completion_prompt?: string;
+    /** Enable the schedule tool for scheduling workflow executions (requires scheduler configuration) */
+    enable_scheduler?: boolean;
 }
 /**
  * Unified MCP server/tool entry - type detected by which properties are present
@@ -624,6 +719,10 @@ interface CheckConfig {
     cleanup_on_failure?: boolean;
     /** Keep worktree after workflow completion (default: false) */
     persist_worktree?: boolean;
+    /** Sandbox name to use for this check (overrides workspace-level default) */
+    sandbox?: string;
+    /** Per-step policy override (enterprise) */
+    policy?: StepPolicyOverride;
 }
 /**
  * Backoff policy for retries
@@ -666,12 +765,16 @@ interface OnFailConfig {
      */
     transitions?: TransitionRule[];
 }
+/**
+ * Success routing run item - can be step name, step with args, or workflow with args
+ */
+type OnSuccessRunItem = string | OnInitStepInvocation | OnInitWorkflowInvocation;
 /**
  * Success routing configuration per check
  */
 interface OnSuccessConfig {
-    /** Post-success steps to run */
-    run?: string[];
+    /** Post-success steps to run - can be step names or rich invocations with arguments */
+    run?: OnSuccessRunItem[];
     /** Optional jump back to ancestor step (by id) */
     goto?: string;
     /** Simulate a different event when performing goto (e.g., 'pr_updated') */
@@ -1026,6 +1129,145 @@ interface WorkflowOutput {
     /** Value using JavaScript expression (alternative to value) */
     value_js?: string;
 }
+interface SandboxDefaults {
+    /** Base env var patterns for all sandboxes (replaces hardcoded defaults when set) */
+    env_passthrough?: string[];
+}
+/**
+ * Static cron job defined in YAML configuration
+ * These are always executed by the scheduler daemon
+ */
+interface StaticCronJob {
+    /** Cron expression (e.g., "0 9 * * 1" for every Monday at 9am) */
+    schedule: string;
+    /** Workflow/check ID to run */
+    workflow: string;
+    /** Optional workflow inputs */
+    inputs?: Record<string, unknown>;
+    /** Output destination configuration */
+    output?: {
+        /** Output type: slack, github, webhook, or none */
+        type: 'slack' | 'github' | 'webhook' | 'none';
+        /** Target (channel name, repo, URL) */
+        target?: string;
+        /** Thread ID for threaded outputs */
+        thread_id?: string;
+    };
+    /** Description for logging/display */
+    description?: string;
+    /** Enable/disable this job (default: true) */
+    enabled?: boolean;
+    /** Timezone for schedule (default: UTC or scheduler default) */
+    timezone?: string;
+}
+/**
+ * Scheduler limits configuration
+ */
+interface SchedulerLimitsConfig {
+    /** Maximum schedules per user (default: 25) */
+    max_per_user?: number;
+    /** Maximum recurring schedules per user (default: 10) */
+    max_recurring_per_user?: number;
+    /** Maximum total schedules (default: 1000) */
+    max_global?: number;
+}
+/**
+ * Scheduler permissions for dynamic schedule creation
+ */
+interface SchedulerPermissionsConfig {
+    /** Allow personal schedules (via DM or CLI) */
+    allow_personal?: boolean;
+    /** Allow channel schedules (in Slack channels) */
+    allow_channel?: boolean;
+    /** Allow DM schedules (to specific users) */
+    allow_dm?: boolean;
+    /** List of allowed workflow patterns (glob-style, e.g., "report-*") */
+    allowed_workflows?: string[];
+    /** List of denied workflow patterns */
+    denied_workflows?: string[];
+}
+/**
+ * SSL/TLS configuration for scheduler database connections
+ */
+interface SchedulerSslConfig {
+    /** Enable SSL (default: true when SslConfig object is provided) */
+    enabled?: boolean;
+    /** Reject unauthorized certificates (default: true) */
+    reject_unauthorized?: boolean;
+    /** Path to CA certificate PEM file */
+    ca?: string;
+    /** Path to client certificate PEM file */
+    cert?: string;
+    /** Path to client key PEM file */
+    key?: string;
+}
+/**
+ * Scheduler storage connection configuration
+ */
+interface SchedulerStorageConnectionConfig {
+    /** SQLite database file path (default: '.visor/schedules.db') */
+    filename?: string;
+    /** Database host (PostgreSQL/MySQL/MSSQL) */
+    host?: string;
+    /** Database port (PostgreSQL/MySQL/MSSQL) */
+    port?: number;
+    /** Database name (PostgreSQL/MySQL/MSSQL) */
+    database?: string;
+    /** Database user (PostgreSQL/MySQL/MSSQL) */
+    user?: string;
+    /** Database password (PostgreSQL/MySQL/MSSQL) */
+    password?: string;
+    /** SSL/TLS configuration (PostgreSQL/MySQL/MSSQL) */
+    ssl?: boolean | SchedulerSslConfig;
+    /** Connection string URL (e.g., postgresql://user:pass@host/db) */
+    connection_string?: string;
+    /** Connection pool configuration */
+    pool?: {
+        min?: number;
+        max?: number;
+    };
+}
+/**
+ * Scheduler high-availability configuration
+ */
+interface SchedulerHAConfig {
+    /** Enable distributed locking for multi-node deployments (default: false) */
+    enabled?: boolean;
+    /** Unique node identifier (default: hostname-pid) */
+    node_id?: string;
+    /** Lock time-to-live in seconds (default: 60) */
+    lock_ttl?: number;
+    /** Heartbeat interval for lock renewal in seconds (default: 15) */
+    heartbeat_interval?: number;
+}
+/**
+ * Scheduler configuration for workflow scheduling
+ */
+interface SchedulerConfig {
+    /** Enable/disable the scheduler (default: true) */
+    enabled?: boolean;
+    /** Storage configuration */
+    storage?: {
+        /** Path to schedules JSON file (legacy, triggers auto-migration) */
+        path?: string;
+        /** Database driver (default: 'sqlite') */
+        driver?: 'sqlite' | 'postgresql' | 'mysql' | 'mssql';
+        /** Database connection configuration */
+        connection?: SchedulerStorageConnectionConfig;
+    };
+    /** High-availability configuration for multi-node deployments */
+    ha?: SchedulerHAConfig;
+    /** Limits for dynamic schedules */
+    limits?: SchedulerLimitsConfig;
+    /** Default timezone (IANA format, e.g., "America/New_York") */
+    default_timezone?: string;
+    /** Check interval in milliseconds (default: 60000) */
+    check_interval_ms?: number;
+    /** Permissions for dynamic schedule creation (via AI tool) */
+    permissions?: SchedulerPermissionsConfig;
+    /** Static cron jobs defined in configuration (always executed) */
+    cron?: Record<string, StaticCronJob>;
+}
 /**
  * Main Visor configuration
  */
@@ -1087,8 +1329,18 @@ interface VisorConfig {
     }>;
     /** Workspace isolation configuration for sandboxed execution */
     workspace?: WorkspaceConfig;
+    /** Workspace-level default sandbox name (all checks use this unless overridden) */
+    sandbox?: string;
+    /** Named sandbox environment definitions */
+    sandboxes?: Record<string, SandboxConfig>;
+    /** Workspace-level sandbox defaults (env allowlist, etc.) */
+    sandbox_defaults?: SandboxDefaults;
     /** Slack configuration */
     slack?: SlackConfig;
+    /** Scheduler configuration for scheduled workflow execution */
+    scheduler?: SchedulerConfig;
+    /** Enterprise policy engine configuration */
+    policy?: PolicyConfig;
 }
 /**
  * Workspace isolation configuration
@@ -1141,7 +1393,7 @@ interface CheckExecutionStats {
     failedRuns: number;
     skippedRuns: number;
     skipped: boolean;
-    skipReason?: 'if_condition' | 'fail_fast' | 'dependency_failed' | 'forEach_empty' | 'assume';
+    skipReason?: 'if_condition' | 'fail_fast' | 'dependency_failed' | 'forEach_empty' | 'assume' | 'policy_denied';
     skipCondition?: string;
     totalDuration: number;
     providerDurationMs?: number;
@@ -1250,6 +1502,27 @@ declare class EventBus {
     emit(event: AnyEvent | EventEnvelope): Promise<void>;
 }
 
+/** Bot transport types (trimmed for Slack v1) */
+type BotTransportType = 'slack' | string;
+interface NormalizedMessage {
+    role: 'user' | 'bot';
+    text: string;
+    timestamp: string;
+    origin?: string;
+    /** Optional user identifier (e.g., Slack user id, GitHub login) */
+    user?: string;
+}
+interface ConversationContext {
+    transport: BotTransportType;
+    thread: {
+        id: string;
+        url?: string;
+    };
+    messages: NormalizedMessage[];
+    current: NormalizedMessage;
+    attributes: Record<string, string>;
+}
+
 /**
  * Execution context passed to check providers
  */
@@ -1259,6 +1532,8 @@ interface ExecutionContext {
     reuseSession?: boolean;
     /** CLI message value (from --message argument) */
     cliMessage?: string;
+    /** Conversation context - unified access to user message across transports (CLI, Slack, etc.) */
+    conversation?: ConversationContext;
     /**
      * Stage-local baseline of output history lengths per check name.
      * When present, providers should expose an `outputs_history_stage` object in
@@ -1316,6 +1591,11 @@ interface ExecutionContext {
         webhookData?: Map<string, unknown>;
         eventType?: string;
     };
+    /**
+     * Callback for capturing AI responses - used by scheduler to store previousResponse
+     * for recurring reminders. The text passed is the AI response before mrkdwn formatting.
+     */
+    responseCapture?: (text: string) => void;
 }
 
 interface VisorOptions {