@probelabs/visor 0.1.128 → 0.1.130-ee
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +54 -1
- package/defaults/.visor.yaml +420 -0
- package/dist/ai-review-service.d.ts.map +1 -1
- package/dist/cli-main.d.ts.map +1 -1
- package/dist/config.d.ts +8 -0
- package/dist/config.d.ts.map +1 -1
- package/dist/daemon.js +19 -0
- package/dist/defaults/.visor.yaml +420 -0
- package/dist/docs/author-permissions.md +20 -0
- package/dist/docs/debugging.md +133 -0
- package/dist/docs/dev-playbook.md +10 -0
- package/dist/docs/enterprise-policy.md +1325 -0
- package/dist/docs/index.md +11 -0
- package/dist/docs/scheduler-storage.md +433 -0
- package/dist/docs/scheduler.md +513 -0
- package/dist/docs/slack-integration.md +21 -0
- package/dist/docs/workflow-creation-guide.md +39 -0
- package/dist/enterprise/license/validator.d.ts +39 -0
- package/dist/enterprise/license/validator.d.ts.map +1 -0
- package/dist/enterprise/loader.d.ts +25 -0
- package/dist/enterprise/loader.d.ts.map +1 -0
- package/dist/enterprise/policy/opa-compiler.d.ts +37 -0
- package/dist/enterprise/policy/opa-compiler.d.ts.map +1 -0
- package/dist/enterprise/policy/opa-http-evaluator.d.ts +36 -0
- package/dist/enterprise/policy/opa-http-evaluator.d.ts.map +1 -0
- package/dist/enterprise/policy/opa-policy-engine.d.ts +48 -0
- package/dist/enterprise/policy/opa-policy-engine.d.ts.map +1 -0
- package/dist/enterprise/policy/opa-wasm-evaluator.d.ts +34 -0
- package/dist/enterprise/policy/opa-wasm-evaluator.d.ts.map +1 -0
- package/dist/enterprise/policy/policy-input-builder.d.ts +120 -0
- package/dist/enterprise/policy/policy-input-builder.d.ts.map +1 -0
- package/dist/enterprise/scheduler/knex-store.d.ts +41 -0
- package/dist/enterprise/scheduler/knex-store.d.ts.map +1 -0
- package/dist/examples/README.md +53 -0
- package/dist/examples/calculator-config.yaml +4 -4
- package/dist/examples/enterprise-policy/README.md +344 -0
- package/dist/examples/enterprise-policy/policies/capability_resolve.rego +29 -0
- package/dist/examples/enterprise-policy/policies/capability_resolve_test.rego +230 -0
- package/dist/examples/enterprise-policy/policies/check_execute.rego +71 -0
- package/dist/examples/enterprise-policy/policies/check_execute_test.rego +321 -0
- package/dist/examples/enterprise-policy/policies/deploy_production.rego +33 -0
- package/dist/examples/enterprise-policy/policies/deploy_production_test.rego +29 -0
- package/dist/examples/enterprise-policy/policies/slack_channel_gate.rego +17 -0
- package/dist/examples/enterprise-policy/policies/slack_tool_restrict.rego +16 -0
- package/dist/examples/enterprise-policy/policies/tool_invoke.rego +24 -0
- package/dist/examples/enterprise-policy/policies/tool_invoke_test.rego +227 -0
- package/dist/examples/enterprise-policy/visor.yaml +64 -0
- package/dist/examples/sandbox-basic.yaml +18 -0
- package/dist/examples/sandbox-cache.yaml +32 -0
- package/dist/examples/sandbox-dockerfile-inline.yaml +22 -0
- package/dist/examples/sandbox-env-passthrough.yaml +26 -0
- package/dist/examples/sandbox-multi-env.yaml +27 -0
- package/dist/examples/sandbox-read-only.yaml +33 -0
- package/dist/examples/scheduler-example.yaml +118 -0
- package/dist/failure-condition-evaluator.d.ts +18 -0
- package/dist/failure-condition-evaluator.d.ts.map +1 -1
- package/dist/frontends/host.d.ts.map +1 -1
- package/dist/frontends/slack-frontend.d.ts +1 -0
- package/dist/frontends/slack-frontend.d.ts.map +1 -1
- package/dist/generated/config-schema.d.ts +320 -6
- package/dist/generated/config-schema.d.ts.map +1 -1
- package/dist/index.js +15893 -1724
- package/dist/liquid-extensions.d.ts.map +1 -1
- package/dist/mcp-server.d.ts +8 -8
- package/dist/policy/default-engine.d.ts +17 -0
- package/dist/policy/default-engine.d.ts.map +1 -0
- package/dist/policy/index.d.ts +4 -0
- package/dist/policy/index.d.ts.map +1 -0
- package/dist/policy/policy-check-command.d.ts +65 -0
- package/dist/policy/policy-check-command.d.ts.map +1 -0
- package/dist/policy/types.d.ts +81 -0
- package/dist/policy/types.d.ts.map +1 -0
- package/dist/providers/ai-check-provider.d.ts.map +1 -1
- package/dist/providers/check-provider.interface.d.ts +7 -0
- package/dist/providers/check-provider.interface.d.ts.map +1 -1
- package/dist/providers/claude-code-check-provider.d.ts.map +1 -1
- package/dist/providers/log-check-provider.d.ts.map +1 -1
- package/dist/providers/mcp-check-provider.d.ts.map +1 -1
- package/dist/providers/mcp-custom-sse-server.d.ts.map +1 -1
- package/dist/providers/workflow-check-provider.d.ts.map +1 -1
- package/dist/sandbox/cache-volume-manager.d.ts +48 -0
- package/dist/sandbox/cache-volume-manager.d.ts.map +1 -0
- package/dist/sandbox/check-runner.d.ts +25 -0
- package/dist/sandbox/check-runner.d.ts.map +1 -0
- package/dist/sandbox/docker-compose-sandbox.d.ts +25 -0
- package/dist/sandbox/docker-compose-sandbox.d.ts.map +1 -0
- package/dist/sandbox/docker-image-sandbox.d.ts +32 -0
- package/dist/sandbox/docker-image-sandbox.d.ts.map +1 -0
- package/dist/sandbox/env-filter.d.ts +19 -0
- package/dist/sandbox/env-filter.d.ts.map +1 -0
- package/dist/sandbox/index.d.ts +9 -0
- package/dist/sandbox/index.d.ts.map +1 -0
- package/dist/sandbox/sandbox-manager.d.ts +39 -0
- package/dist/sandbox/sandbox-manager.d.ts.map +1 -0
- package/dist/sandbox/sandbox-telemetry.d.ts +9 -0
- package/dist/sandbox/sandbox-telemetry.d.ts.map +1 -0
- package/dist/sandbox/trace-ingester.d.ts +19 -0
- package/dist/sandbox/trace-ingester.d.ts.map +1 -0
- package/dist/sandbox/types.d.ts +149 -0
- package/dist/sandbox/types.d.ts.map +1 -0
- package/dist/scheduler/cli-handler.d.ts +6 -0
- package/dist/scheduler/cli-handler.d.ts.map +1 -0
- package/dist/scheduler/index.d.ts +16 -0
- package/dist/scheduler/index.d.ts.map +1 -0
- package/dist/scheduler/schedule-parser.d.ts +34 -0
- package/dist/scheduler/schedule-parser.d.ts.map +1 -0
- package/dist/scheduler/schedule-store.d.ts +156 -0
- package/dist/scheduler/schedule-store.d.ts.map +1 -0
- package/dist/scheduler/schedule-tool.d.ts +137 -0
- package/dist/scheduler/schedule-tool.d.ts.map +1 -0
- package/dist/scheduler/scheduler.d.ts +216 -0
- package/dist/scheduler/scheduler.d.ts.map +1 -0
- package/dist/scheduler/store/index.d.ts +7 -0
- package/dist/scheduler/store/index.d.ts.map +1 -0
- package/dist/scheduler/store/json-migrator.d.ts +10 -0
- package/dist/scheduler/store/json-migrator.d.ts.map +1 -0
- package/dist/scheduler/store/sqlite-store.d.ts +32 -0
- package/dist/scheduler/store/sqlite-store.d.ts.map +1 -0
- package/dist/scheduler/store/types.d.ts +127 -0
- package/dist/scheduler/store/types.d.ts.map +1 -0
- package/dist/sdk/check-provider-registry-PANIXYRB.mjs +28 -0
- package/dist/sdk/check-provider-registry-S7DKTEM6.mjs +28 -0
- package/dist/sdk/{chunk-N7IVCCGH.mjs → chunk-DIND4ZCV.mjs} +2 -2
- package/dist/sdk/{chunk-SIMCSNXO.mjs → chunk-GEW6LS32.mjs} +2 -2
- package/dist/sdk/chunk-H5BOW5CR.mjs +91 -0
- package/dist/sdk/chunk-H5BOW5CR.mjs.map +1 -0
- package/dist/sdk/{chunk-UKG5UP5U.mjs → chunk-HOKQOO3G.mjs} +12 -7
- package/dist/sdk/chunk-HOKQOO3G.mjs.map +1 -0
- package/dist/sdk/{chunk-YCUWMIV5.mjs → chunk-JL7JXCET.mjs} +2 -2
- package/dist/sdk/{chunk-QRXSDDYN.mjs → chunk-LG4AUKHB.mjs} +2 -2
- package/dist/sdk/{chunk-UPKHRMUA.mjs → chunk-S6CD7GFM.mjs} +33449 -28837
- package/dist/sdk/chunk-S6CD7GFM.mjs.map +1 -0
- package/dist/sdk/{chunk-P6YFV6N2.mjs → chunk-SZXICFQ3.mjs} +2 -2
- package/dist/sdk/{chunk-V7RIRPO7.mjs → chunk-TQ4D3YOF.mjs} +33449 -28837
- package/dist/sdk/chunk-TQ4D3YOF.mjs.map +1 -0
- package/dist/sdk/{chunk-4HVFUUNB.mjs → chunk-UCMJJ3IM.mjs} +84 -3
- package/dist/sdk/{chunk-4HVFUUNB.mjs.map → chunk-UCMJJ3IM.mjs.map} +1 -1
- package/dist/sdk/{chunk-D55IQCUP.mjs → chunk-UCNT3PDT.mjs} +677 -12
- package/dist/sdk/chunk-UCNT3PDT.mjs.map +1 -0
- package/dist/sdk/{chunk-LMJSJQPP.mjs → chunk-V2IV3ILA.mjs} +8 -6
- package/dist/sdk/chunk-V2IV3ILA.mjs.map +1 -0
- package/dist/sdk/{chunk-EJN6Q4D3.mjs → chunk-VF6XIUE4.mjs} +6 -4
- package/dist/sdk/{chunk-EJN6Q4D3.mjs.map → chunk-VF6XIUE4.mjs.map} +1 -1
- package/dist/sdk/{chunk-VEROLBCD.mjs → chunk-VMLORODQ.mjs} +108 -21
- package/dist/sdk/chunk-VMLORODQ.mjs.map +1 -0
- package/dist/sdk/{chunk-UEWXVJ6C.mjs → chunk-VPC3QSPW.mjs} +2 -2
- package/dist/sdk/{chunk-WVNQ56DO.mjs → chunk-YJRBN3XS.mjs} +13 -2
- package/dist/sdk/{chunk-WVNQ56DO.mjs.map → chunk-YJRBN3XS.mjs.map} +1 -1
- package/dist/sdk/{command-executor-C4DGIQ4Q.mjs → command-executor-TOYBBE7S.mjs} +4 -4
- package/dist/sdk/{config-GYTBTHRZ.mjs → config-OGOS4ZU4.mjs} +5 -5
- package/dist/sdk/event-bus-5K3Y2FCS.mjs +43 -0
- package/dist/sdk/{event-bus-XV2TOQFU.mjs.map → event-bus-5K3Y2FCS.mjs.map} +1 -1
- package/dist/sdk/failure-condition-evaluator-HC3M5377.mjs +17 -0
- package/dist/sdk/git-repository-analyzer-QFMW6WIS.mjs +471 -0
- package/dist/sdk/git-repository-analyzer-QFMW6WIS.mjs.map +1 -0
- package/dist/sdk/{github-frontend-UC326PMS.mjs → github-frontend-E2KJSC3Y.mjs} +517 -585
- package/dist/sdk/github-frontend-E2KJSC3Y.mjs.map +1 -0
- package/dist/sdk/host-EE6EJ2FM.mjs +63 -0
- package/dist/sdk/host-EE6EJ2FM.mjs.map +1 -0
- package/dist/sdk/host-OUSD2OIQ.mjs +63 -0
- package/dist/sdk/host-OUSD2OIQ.mjs.map +1 -0
- package/dist/sdk/knex-store-HPXJILBL.mjs +411 -0
- package/dist/sdk/knex-store-HPXJILBL.mjs.map +1 -0
- package/dist/sdk/lazy-otel-5NH4ZJJM.mjs +24 -0
- package/dist/sdk/{liquid-extensions-WJAC7QKG.mjs → liquid-extensions-E4EUOCES.mjs} +6 -6
- package/dist/sdk/loader-ID5LMXOW.mjs +89 -0
- package/dist/sdk/loader-ID5LMXOW.mjs.map +1 -0
- package/dist/sdk/memory-store-AAPL2MTE.mjs +12 -0
- package/dist/sdk/{metrics-CSBGJEWW.mjs → metrics-I6A7IHG4.mjs} +3 -3
- package/dist/sdk/ndjson-sink-FD2PSXGD.mjs +52 -0
- package/dist/sdk/{ndjson-sink-JQ2INHTS.mjs.map → ndjson-sink-FD2PSXGD.mjs.map} +1 -1
- package/dist/sdk/opa-policy-engine-UUPFN5CL.mjs +655 -0
- package/dist/sdk/opa-policy-engine-UUPFN5CL.mjs.map +1 -0
- package/dist/sdk/{prompt-state-X2WDGSEM.mjs → prompt-state-VAKKC773.mjs} +4 -4
- package/dist/sdk/{renderer-schema-FRCLA6KH.mjs → renderer-schema-HXEW6BRJ.mjs} +3 -3
- package/dist/sdk/routing-OZQWAGAI.mjs +25 -0
- package/dist/sdk/schedule-tool-handler-B7TMSG6A.mjs +38 -0
- package/dist/sdk/schedule-tool-handler-EBNKDUJC.mjs +38 -0
- package/dist/sdk/sdk.d.mts +284 -4
- package/dist/sdk/sdk.d.ts +284 -4
- package/dist/sdk/sdk.js +8247 -2417
- package/dist/sdk/sdk.js.map +1 -1
- package/dist/sdk/sdk.mjs +20 -1348
- package/dist/sdk/sdk.mjs.map +1 -1
- package/dist/sdk/slack-frontend-LAY45IBR.mjs +989 -0
- package/dist/sdk/slack-frontend-LAY45IBR.mjs.map +1 -0
- package/dist/sdk/{trace-helpers-LUCR52GY.mjs → trace-helpers-PP3YHTAM.mjs} +3 -3
- package/dist/sdk/tui-frontend-T56PZB67.mjs +290 -0
- package/dist/sdk/tui-frontend-T56PZB67.mjs.map +1 -0
- package/dist/sdk/validator-XTZJZZJH.mjs +134 -0
- package/dist/sdk/validator-XTZJZZJH.mjs.map +1 -0
- package/dist/sdk/workflow-check-provider-E7YPEZ45.mjs +28 -0
- package/dist/sdk/workflow-check-provider-E7YPEZ45.mjs.map +1 -0
- package/dist/sdk/workflow-check-provider-HB4XTD4Z.mjs +28 -0
- package/dist/sdk/workflow-check-provider-HB4XTD4Z.mjs.map +1 -0
- package/dist/sdk/workflow-registry-AAD37XKZ.mjs +12 -0
- package/dist/sdk/workflow-registry-AAD37XKZ.mjs.map +1 -0
- package/dist/slack/client.d.ts +40 -0
- package/dist/slack/client.d.ts.map +1 -1
- package/dist/slack/schedule-tool-handler.d.ts +46 -0
- package/dist/slack/schedule-tool-handler.d.ts.map +1 -0
- package/dist/slack/slack-output-adapter.d.ts +44 -0
- package/dist/slack/slack-output-adapter.d.ts.map +1 -0
- package/dist/slack/socket-runner.d.ts +22 -0
- package/dist/slack/socket-runner.d.ts.map +1 -1
- package/dist/state-machine/dispatch/execution-invoker.d.ts.map +1 -1
- package/dist/state-machine/dispatch/foreach-processor.d.ts.map +1 -1
- package/dist/state-machine/dispatch/policy-gate.d.ts +28 -0
- package/dist/state-machine/dispatch/policy-gate.d.ts.map +1 -0
- package/dist/state-machine/dispatch/sandbox-routing.d.ts +21 -0
- package/dist/state-machine/dispatch/sandbox-routing.d.ts.map +1 -0
- package/dist/state-machine/states/level-dispatch.d.ts.map +1 -1
- package/dist/state-machine/states/routing.d.ts.map +1 -1
- package/dist/state-machine/states/wave-planning.d.ts.map +1 -1
- package/dist/state-machine-execution-engine.d.ts.map +1 -1
- package/dist/test-runner/core/flow-stage.d.ts.map +1 -1
- package/dist/test-runner/index.d.ts.map +1 -1
- package/dist/test-runner/validator.d.ts.map +1 -1
- package/dist/tui/chat-runner.d.ts +39 -0
- package/dist/tui/chat-runner.d.ts.map +1 -0
- package/dist/tui/chat-state.d.ts +57 -0
- package/dist/tui/chat-state.d.ts.map +1 -0
- package/dist/tui/chat-tui.d.ts +70 -0
- package/dist/tui/chat-tui.d.ts.map +1 -0
- package/dist/tui/components/chat-box.d.ts +42 -0
- package/dist/tui/components/chat-box.d.ts.map +1 -0
- package/dist/tui/components/input-bar.d.ts +67 -0
- package/dist/tui/components/input-bar.d.ts.map +1 -0
- package/dist/tui/components/status-bar.d.ts +34 -0
- package/dist/tui/components/status-bar.d.ts.map +1 -0
- package/dist/tui/components/trace-viewer.d.ts +74 -0
- package/dist/tui/components/trace-viewer.d.ts.map +1 -0
- package/dist/tui/index.d.ts +14 -0
- package/dist/tui/index.d.ts.map +1 -0
- package/dist/tui/tui-frontend.d.ts +29 -0
- package/dist/tui/tui-frontend.d.ts.map +1 -0
- package/dist/types/bot.d.ts +35 -0
- package/dist/types/bot.d.ts.map +1 -1
- package/dist/types/config.d.ts +197 -2
- package/dist/types/config.d.ts.map +1 -1
- package/dist/types/engine.d.ts +8 -0
- package/dist/types/engine.d.ts.map +1 -1
- package/dist/types/execution.d.ts +1 -1
- package/dist/types/execution.d.ts.map +1 -1
- package/dist/utils/sandbox.d.ts.map +1 -1
- package/package.json +17 -5
- package/dist/docs/NPM_USAGE.md +0 -281
- package/dist/generated/config-schema.json +0 -2209
- package/dist/output/traces/run-2026-02-05T13-36-03-279Z.ndjson +0 -138
- package/dist/output/traces/run-2026-02-05T13-36-48-767Z.ndjson +0 -1137
- package/dist/output/traces/run-2026-02-05T13-36-58-960Z.ndjson +0 -17
- package/dist/output/traces/run-2026-02-05T13-37-00-184Z.ndjson +0 -205
- package/dist/sdk/check-provider-registry-OB5FEBJU.mjs +0 -28
- package/dist/sdk/check-provider-registry-UC2LPSB4.mjs +0 -28
- package/dist/sdk/chunk-D55IQCUP.mjs.map +0 -1
- package/dist/sdk/chunk-LMJSJQPP.mjs.map +0 -1
- package/dist/sdk/chunk-UKG5UP5U.mjs.map +0 -1
- package/dist/sdk/chunk-UPKHRMUA.mjs.map +0 -1
- package/dist/sdk/chunk-V7RIRPO7.mjs.map +0 -1
- package/dist/sdk/chunk-VEROLBCD.mjs.map +0 -1
- package/dist/sdk/event-bus-XV2TOQFU.mjs +0 -35
- package/dist/sdk/failure-condition-evaluator-KRFY4OLQ.mjs +0 -17
- package/dist/sdk/git-repository-analyzer-VO7OZMTM.mjs +0 -458
- package/dist/sdk/git-repository-analyzer-VO7OZMTM.mjs.map +0 -1
- package/dist/sdk/github-frontend-UC326PMS.mjs.map +0 -1
- package/dist/sdk/host-H7MKML2H.mjs +0 -52
- package/dist/sdk/host-H7MKML2H.mjs.map +0 -1
- package/dist/sdk/memory-store-LPOZWQ5E.mjs +0 -12
- package/dist/sdk/ndjson-sink-JQ2INHTS.mjs +0 -44
- package/dist/sdk/routing-745DOEKR.mjs +0 -24
- package/dist/sdk/slack-frontend-UPYUYCUQ.mjs +0 -821
- package/dist/sdk/slack-frontend-UPYUYCUQ.mjs.map +0 -1
- package/dist/sdk/workflow-check-provider-AA3VNYUY.mjs +0 -28
- package/dist/sdk/workflow-check-provider-LQNQZUN5.mjs +0 -28
- package/dist/sdk/workflow-registry-W7IEH7GK.mjs +0 -12
- package/dist/traces/run-2026-02-05T13-36-03-279Z.ndjson +0 -138
- package/dist/traces/run-2026-02-05T13-36-48-767Z.ndjson +0 -1137
- package/dist/traces/run-2026-02-05T13-36-58-960Z.ndjson +0 -17
- package/dist/traces/run-2026-02-05T13-37-00-184Z.ndjson +0 -205
- package/dist/tui.d.ts +0 -51
- package/dist/tui.d.ts.map +0 -1
- /package/dist/sdk/{check-provider-registry-OB5FEBJU.mjs.map → check-provider-registry-PANIXYRB.mjs.map} +0 -0
- /package/dist/sdk/{check-provider-registry-UC2LPSB4.mjs.map → check-provider-registry-S7DKTEM6.mjs.map} +0 -0
- /package/dist/sdk/{chunk-N7IVCCGH.mjs.map → chunk-DIND4ZCV.mjs.map} +0 -0
- /package/dist/sdk/{chunk-SIMCSNXO.mjs.map → chunk-GEW6LS32.mjs.map} +0 -0
- /package/dist/sdk/{chunk-YCUWMIV5.mjs.map → chunk-JL7JXCET.mjs.map} +0 -0
- /package/dist/sdk/{chunk-QRXSDDYN.mjs.map → chunk-LG4AUKHB.mjs.map} +0 -0
- /package/dist/sdk/{chunk-P6YFV6N2.mjs.map → chunk-SZXICFQ3.mjs.map} +0 -0
- /package/dist/sdk/{chunk-UEWXVJ6C.mjs.map → chunk-VPC3QSPW.mjs.map} +0 -0
- /package/dist/sdk/{command-executor-C4DGIQ4Q.mjs.map → command-executor-TOYBBE7S.mjs.map} +0 -0
- /package/dist/sdk/{config-GYTBTHRZ.mjs.map → config-OGOS4ZU4.mjs.map} +0 -0
- /package/dist/sdk/{failure-condition-evaluator-KRFY4OLQ.mjs.map → failure-condition-evaluator-HC3M5377.mjs.map} +0 -0
- /package/dist/sdk/{liquid-extensions-WJAC7QKG.mjs.map → lazy-otel-5NH4ZJJM.mjs.map} +0 -0
- /package/dist/sdk/{memory-store-LPOZWQ5E.mjs.map → liquid-extensions-E4EUOCES.mjs.map} +0 -0
- /package/dist/sdk/{metrics-CSBGJEWW.mjs.map → memory-store-AAPL2MTE.mjs.map} +0 -0
- /package/dist/sdk/{prompt-state-X2WDGSEM.mjs.map → metrics-I6A7IHG4.mjs.map} +0 -0
- /package/dist/sdk/{routing-745DOEKR.mjs.map → prompt-state-VAKKC773.mjs.map} +0 -0
- /package/dist/sdk/{renderer-schema-FRCLA6KH.mjs.map → renderer-schema-HXEW6BRJ.mjs.map} +0 -0
- /package/dist/sdk/{trace-helpers-LUCR52GY.mjs.map → routing-OZQWAGAI.mjs.map} +0 -0
- /package/dist/sdk/{workflow-check-provider-AA3VNYUY.mjs.map → schedule-tool-handler-B7TMSG6A.mjs.map} +0 -0
- /package/dist/sdk/{workflow-check-provider-LQNQZUN5.mjs.map → schedule-tool-handler-EBNKDUJC.mjs.map} +0 -0
- /package/dist/sdk/{workflow-registry-W7IEH7GK.mjs.map → trace-helpers-PP3YHTAM.mjs.map} +0 -0
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright (c) ProbeLabs. All rights reserved.
|
|
3
|
+
* Licensed under the Elastic License 2.0; you may not use this file except
|
|
4
|
+
* in compliance with the Elastic License 2.0.
|
|
5
|
+
*/
|
|
6
|
+
/**
|
|
7
|
+
* OPA Rego Compiler - compiles .rego policy files to WASM bundles using the `opa` CLI.
|
|
8
|
+
*
|
|
9
|
+
* Handles:
|
|
10
|
+
* - Resolving input paths to WASM bytes (direct .wasm, directory with policy.wasm, or .rego files)
|
|
11
|
+
* - Compiling .rego files to WASM via `opa build`
|
|
12
|
+
* - Caching compiled bundles based on content hashes
|
|
13
|
+
* - Extracting policy.wasm from OPA tar.gz bundles
|
|
14
|
+
*
|
|
15
|
+
* Requires:
|
|
16
|
+
* - `opa` CLI on PATH (only when auto-compiling .rego files)
|
|
17
|
+
*/
|
|
18
|
+
export declare class OpaCompiler {
|
|
19
|
+
private static CACHE_DIR;
|
|
20
|
+
/**
|
|
21
|
+
* Resolve the input paths to WASM bytes.
|
|
22
|
+
*
|
|
23
|
+
* Strategy:
|
|
24
|
+
* 1. If any path is a .wasm file, read it directly
|
|
25
|
+
* 2. If a directory contains policy.wasm, read it
|
|
26
|
+
* 3. Otherwise, collect all .rego files and auto-compile via `opa build`
|
|
27
|
+
*/
|
|
28
|
+
resolveWasmBytes(paths: string[]): Promise<Buffer>;
|
|
29
|
+
/**
|
|
30
|
+
* Auto-compile .rego files to a WASM bundle using the `opa` CLI.
|
|
31
|
+
*
|
|
32
|
+
* Caches the compiled bundle based on a content hash of all input .rego files
|
|
33
|
+
* so subsequent runs skip compilation if policies haven't changed.
|
|
34
|
+
*/
|
|
35
|
+
private compileRego;
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=opa-compiler.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"opa-compiler.d.ts","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/enterprise/policy/opa-compiler.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH;;;;;;;;;;;GAWG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAC,SAAS,CAA6C;IAErE;;;;;;;OAOG;IACG,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IA+CxD;;;;;OAKG;IACH,OAAO,CAAC,WAAW;CA2FpB"}
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright (c) ProbeLabs. All rights reserved.
|
|
3
|
+
* Licensed under the Elastic License 2.0; you may not use this file except
|
|
4
|
+
* in compliance with the Elastic License 2.0.
|
|
5
|
+
*/
|
|
6
|
+
/**
|
|
7
|
+
* OPA HTTP Evaluator - evaluates policies via an external OPA server's REST API.
|
|
8
|
+
*
|
|
9
|
+
* Uses the built-in `fetch` API (Node 18+), so no extra dependencies are needed.
|
|
10
|
+
*/
|
|
11
|
+
export declare class OpaHttpEvaluator {
|
|
12
|
+
private baseUrl;
|
|
13
|
+
private timeout;
|
|
14
|
+
constructor(baseUrl: string, timeout?: number);
|
|
15
|
+
/**
|
|
16
|
+
* Check if a hostname is blocked due to SSRF concerns.
|
|
17
|
+
*
|
|
18
|
+
* Blocks:
|
|
19
|
+
* - Loopback addresses (127.x.x.x, localhost, 0.0.0.0, ::1)
|
|
20
|
+
* - Link-local addresses (169.254.x.x)
|
|
21
|
+
* - Private networks (10.x.x.x, 172.16-31.x.x, 192.168.x.x)
|
|
22
|
+
* - IPv6 unique local addresses (fd00::/8)
|
|
23
|
+
* - Cloud metadata services (*.internal)
|
|
24
|
+
*/
|
|
25
|
+
private isBlockedHostname;
|
|
26
|
+
/**
|
|
27
|
+
* Evaluate a policy rule against an input document via OPA REST API.
|
|
28
|
+
*
|
|
29
|
+
* @param input - The input document to evaluate
|
|
30
|
+
* @param rulePath - OPA rule path (e.g., 'visor/check/execute')
|
|
31
|
+
* @returns The result object from OPA, or undefined on error
|
|
32
|
+
*/
|
|
33
|
+
evaluate(input: object, rulePath: string): Promise<any>;
|
|
34
|
+
shutdown(): Promise<void>;
|
|
35
|
+
}
|
|
36
|
+
//# sourceMappingURL=opa-http-evaluator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"opa-http-evaluator.d.ts","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/enterprise/policy/opa-http-evaluator.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;;GAIG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,OAAO,CAAS;gBAEZ,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,MAAa;IAyBnD;;;;;;;;;OASG;IACH,OAAO,CAAC,iBAAiB;IA6EzB;;;;;;OAMG;IACG,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAsCvD,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAGhC"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright (c) ProbeLabs. All rights reserved.
|
|
3
|
+
* Licensed under the Elastic License 2.0; you may not use this file except
|
|
4
|
+
* in compliance with the Elastic License 2.0.
|
|
5
|
+
*/
|
|
6
|
+
import type { PolicyEngine, PolicyConfig, PolicyDecision } from '../../policy/types';
|
|
7
|
+
import { type ActorContext, type RepositoryContext, type PullRequestContext } from './policy-input-builder';
|
|
8
|
+
/**
|
|
9
|
+
* Enterprise OPA Policy Engine.
|
|
10
|
+
*
|
|
11
|
+
* Wraps both WASM (local) and HTTP (remote) OPA evaluators behind the
|
|
12
|
+
* OSS PolicyEngine interface. All OPA input building and role resolution
|
|
13
|
+
* is handled internally — the OSS call sites pass only plain types.
|
|
14
|
+
*/
|
|
15
|
+
export declare class OpaPolicyEngine implements PolicyEngine {
|
|
16
|
+
private evaluator;
|
|
17
|
+
private fallback;
|
|
18
|
+
private timeout;
|
|
19
|
+
private config;
|
|
20
|
+
private inputBuilder;
|
|
21
|
+
private logger;
|
|
22
|
+
constructor(config: PolicyConfig);
|
|
23
|
+
initialize(config: PolicyConfig): Promise<void>;
|
|
24
|
+
/**
|
|
25
|
+
* Update actor/repo/PR context (e.g., after PR info becomes available).
|
|
26
|
+
* Called by the enterprise loader when engine context is enriched.
|
|
27
|
+
*/
|
|
28
|
+
setActorContext(actor: ActorContext, repo?: RepositoryContext, pullRequest?: PullRequestContext): void;
|
|
29
|
+
evaluateCheckExecution(checkId: string, checkConfig: unknown): Promise<PolicyDecision>;
|
|
30
|
+
evaluateToolInvocation(serverName: string, methodName: string, transport?: string): Promise<PolicyDecision>;
|
|
31
|
+
evaluateCapabilities(checkId: string, capabilities: {
|
|
32
|
+
allowEdit?: boolean;
|
|
33
|
+
allowBash?: boolean;
|
|
34
|
+
allowedTools?: string[];
|
|
35
|
+
}): Promise<PolicyDecision>;
|
|
36
|
+
shutdown(): Promise<void>;
|
|
37
|
+
private resolveRulePath;
|
|
38
|
+
private doEvaluate;
|
|
39
|
+
private rawEvaluate;
|
|
40
|
+
/**
|
|
41
|
+
* Navigate nested OPA WASM result tree to reach the specific rule's output.
|
|
42
|
+
* The WASM entrypoint `-e visor` means the result root IS the visor package,
|
|
43
|
+
* so we strip the `visor/` prefix and walk the remaining segments.
|
|
44
|
+
*/
|
|
45
|
+
private navigateWasmResult;
|
|
46
|
+
private parseDecision;
|
|
47
|
+
}
|
|
48
|
+
//# sourceMappingURL=opa-policy-engine.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"opa-policy-engine.d.ts","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/enterprise/policy/opa-policy-engine.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EACV,YAAY,EACZ,YAAY,EACZ,cAAc,EAEf,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAEL,KAAK,YAAY,EACjB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,EACxB,MAAM,wBAAwB,CAAC;AAEhC;;;;;;GAMG;AACH,qBAAa,eAAgB,YAAW,YAAY;IAClD,OAAO,CAAC,SAAS,CAAoD;IACrE,OAAO,CAAC,QAAQ,CAA4B;IAC5C,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,YAAY,CAAmC;IACvD,OAAO,CAAC,MAAM,CAAa;gBAEf,MAAM,EAAE,YAAY;IAM1B,UAAU,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAiDrD;;;OAGG;IACH,eAAe,CACb,KAAK,EAAE,YAAY,EACnB,IAAI,CAAC,EAAE,iBAAiB,EACxB,WAAW,CAAC,EAAE,kBAAkB,GAC/B,IAAI;IAID,sBAAsB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,GAAG,OAAO,CAAC,cAAc,CAAC;IAmBtF,sBAAsB,CAC1B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,cAAc,CAAC;IAMpB,oBAAoB,CACxB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE;QACZ,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;KACzB,GACA,OAAO,CAAC,cAAc,CAAC;IAMpB,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ/B,OAAO,CAAC,eAAe;YAOT,UAAU;YAkCV,WAAW;IAWzB;;;;OAIG;IACH,OAAO,CAAC,kBAAkB;IAe1B,OAAO,CAAC,aAAa;CAqBtB"}
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright (c) ProbeLabs. All rights reserved.
|
|
3
|
+
* Licensed under the Elastic License 2.0; you may not use this file except
|
|
4
|
+
* in compliance with the Elastic License 2.0.
|
|
5
|
+
*/
|
|
6
|
+
/**
|
|
7
|
+
* OPA WASM Evaluator - loads and evaluates OPA policies locally.
|
|
8
|
+
*
|
|
9
|
+
* Supports three input formats:
|
|
10
|
+
* 1. Pre-compiled `.wasm` bundle — loaded directly (fastest startup)
|
|
11
|
+
* 2. `.rego` files or directory — auto-compiled to WASM via `opa build` CLI
|
|
12
|
+
* 3. Directory with `policy.wasm` inside — loaded directly
|
|
13
|
+
*
|
|
14
|
+
* Compilation and caching of .rego files is delegated to {@link OpaCompiler}.
|
|
15
|
+
*
|
|
16
|
+
* Requires:
|
|
17
|
+
* - `@open-policy-agent/opa-wasm` npm package (optional dep)
|
|
18
|
+
* - `opa` CLI on PATH (only when auto-compiling .rego files)
|
|
19
|
+
*/
|
|
20
|
+
export declare class OpaWasmEvaluator {
|
|
21
|
+
private policy;
|
|
22
|
+
private dataDocument;
|
|
23
|
+
private compiler;
|
|
24
|
+
initialize(rulesPath: string | string[]): Promise<void>;
|
|
25
|
+
/**
|
|
26
|
+
* Load external data from a JSON file to use as the OPA data document.
|
|
27
|
+
* The loaded data will be passed to `policy.setData()` during evaluation,
|
|
28
|
+
* making it available in Rego via `data.<key>`.
|
|
29
|
+
*/
|
|
30
|
+
loadData(dataPath: string): void;
|
|
31
|
+
evaluate(input: object): Promise<any>;
|
|
32
|
+
shutdown(): Promise<void>;
|
|
33
|
+
}
|
|
34
|
+
//# sourceMappingURL=opa-wasm-evaluator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"opa-wasm-evaluator.d.ts","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/enterprise/policy/opa-wasm-evaluator.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH;;;;;;;;;;;;;GAaG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,MAAM,CAAa;IAC3B,OAAO,CAAC,YAAY,CAAc;IAClC,OAAO,CAAC,QAAQ,CAAkC;IAE5C,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IA6B7D;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IA2B1B,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAcrC,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAehC"}
|
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright (c) ProbeLabs. All rights reserved.
|
|
3
|
+
* Licensed under the Elastic License 2.0; you may not use this file except
|
|
4
|
+
* in compliance with the Elastic License 2.0.
|
|
5
|
+
*/
|
|
6
|
+
import type { PolicyConfig, StepPolicyOverride } from '../../policy/types';
|
|
7
|
+
/**
|
|
8
|
+
* OPA input document shape (internal to enterprise code).
|
|
9
|
+
* This mirrors what OPA .rego rules expect — OSS code never sees this type.
|
|
10
|
+
*/
|
|
11
|
+
export interface OpaInput {
|
|
12
|
+
scope: string;
|
|
13
|
+
check?: {
|
|
14
|
+
id: string;
|
|
15
|
+
type: string;
|
|
16
|
+
group?: string;
|
|
17
|
+
tags?: string[];
|
|
18
|
+
criticality?: string;
|
|
19
|
+
sandbox?: string;
|
|
20
|
+
policy?: StepPolicyOverride;
|
|
21
|
+
};
|
|
22
|
+
tool?: {
|
|
23
|
+
serverName: string;
|
|
24
|
+
methodName: string;
|
|
25
|
+
transport?: string;
|
|
26
|
+
};
|
|
27
|
+
capability?: {
|
|
28
|
+
allowEdit?: boolean;
|
|
29
|
+
allowBash?: boolean;
|
|
30
|
+
allowedTools?: string[];
|
|
31
|
+
enableDelegate?: boolean;
|
|
32
|
+
sandbox?: string;
|
|
33
|
+
};
|
|
34
|
+
actor: {
|
|
35
|
+
authorAssociation?: string;
|
|
36
|
+
login?: string;
|
|
37
|
+
roles: string[];
|
|
38
|
+
isLocalMode: boolean;
|
|
39
|
+
slack?: {
|
|
40
|
+
userId?: string;
|
|
41
|
+
email?: string;
|
|
42
|
+
channelId?: string;
|
|
43
|
+
channelType?: 'channel' | 'dm' | 'group';
|
|
44
|
+
};
|
|
45
|
+
};
|
|
46
|
+
repository?: {
|
|
47
|
+
owner?: string;
|
|
48
|
+
name?: string;
|
|
49
|
+
branch?: string;
|
|
50
|
+
baseBranch?: string;
|
|
51
|
+
event?: string;
|
|
52
|
+
action?: string;
|
|
53
|
+
};
|
|
54
|
+
pullRequest?: {
|
|
55
|
+
number?: number;
|
|
56
|
+
labels?: string[];
|
|
57
|
+
draft?: boolean;
|
|
58
|
+
changedFiles?: number;
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
export interface ActorContext {
|
|
62
|
+
authorAssociation?: string;
|
|
63
|
+
login?: string;
|
|
64
|
+
isLocalMode: boolean;
|
|
65
|
+
slack?: {
|
|
66
|
+
userId?: string;
|
|
67
|
+
email?: string;
|
|
68
|
+
channelId?: string;
|
|
69
|
+
channelType?: 'channel' | 'dm' | 'group';
|
|
70
|
+
};
|
|
71
|
+
}
|
|
72
|
+
export interface RepositoryContext {
|
|
73
|
+
owner?: string;
|
|
74
|
+
name?: string;
|
|
75
|
+
branch?: string;
|
|
76
|
+
baseBranch?: string;
|
|
77
|
+
event?: string;
|
|
78
|
+
action?: string;
|
|
79
|
+
}
|
|
80
|
+
export interface PullRequestContext {
|
|
81
|
+
number?: number;
|
|
82
|
+
labels?: string[];
|
|
83
|
+
draft?: boolean;
|
|
84
|
+
changedFiles?: number;
|
|
85
|
+
}
|
|
86
|
+
export interface CheckContext {
|
|
87
|
+
id: string;
|
|
88
|
+
type: string;
|
|
89
|
+
group?: string;
|
|
90
|
+
tags?: string[];
|
|
91
|
+
criticality?: string;
|
|
92
|
+
sandbox?: string;
|
|
93
|
+
policy?: StepPolicyOverride;
|
|
94
|
+
}
|
|
95
|
+
/**
|
|
96
|
+
* Builds OPA-compatible input documents from engine context.
|
|
97
|
+
*
|
|
98
|
+
* Resolves actor roles from the `policy.roles` config section by matching
|
|
99
|
+
* the actor's authorAssociation and login against role definitions.
|
|
100
|
+
*/
|
|
101
|
+
export declare class PolicyInputBuilder {
|
|
102
|
+
private roles;
|
|
103
|
+
private actor;
|
|
104
|
+
private repository?;
|
|
105
|
+
private pullRequest?;
|
|
106
|
+
constructor(policyConfig: PolicyConfig, actor: ActorContext, repository?: RepositoryContext, pullRequest?: PullRequestContext);
|
|
107
|
+
/** Resolve which roles apply to the current actor. */
|
|
108
|
+
resolveRoles(): string[];
|
|
109
|
+
private buildActor;
|
|
110
|
+
forCheckExecution(check: CheckContext): OpaInput;
|
|
111
|
+
forToolInvocation(serverName: string, methodName: string, transport?: string): OpaInput;
|
|
112
|
+
forCapabilityResolve(checkId: string, capabilities: {
|
|
113
|
+
allowEdit?: boolean;
|
|
114
|
+
allowBash?: boolean;
|
|
115
|
+
allowedTools?: string[];
|
|
116
|
+
enableDelegate?: boolean;
|
|
117
|
+
sandbox?: string;
|
|
118
|
+
}): OpaInput;
|
|
119
|
+
}
|
|
120
|
+
//# sourceMappingURL=policy-input-builder.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policy-input-builder.d.ts","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/enterprise/policy/policy-input-builder.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAoB,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7F;;;GAGG;AACH,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE;QACN,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,MAAM,CAAC,EAAE,kBAAkB,CAAC;KAC7B,CAAC;IACF,IAAI,CAAC,EAAE;QACL,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,CAAC;IACF,UAAU,CAAC,EAAE;QACX,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,KAAK,EAAE;QACL,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,EAAE,MAAM,EAAE,CAAC;QAChB,WAAW,EAAE,OAAO,CAAC;QACrB,KAAK,CAAC,EAAE;YACN,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB,WAAW,CAAC,EAAE,SAAS,GAAG,IAAI,GAAG,OAAO,CAAC;SAC1C,CAAC;KACH,CAAC;IACF,UAAU,CAAC,EAAE;QACX,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,WAAW,CAAC,EAAE;QACZ,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAClB,KAAK,CAAC,EAAE,OAAO,CAAC;QAChB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,OAAO,CAAC;IACrB,KAAK,CAAC,EAAE;QACN,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,WAAW,CAAC,EAAE,SAAS,GAAG,IAAI,GAAG,OAAO,CAAC;KAC1C,CAAC;CACH;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,kBAAkB,CAAC;CAC7B;AAED;;;;;GAKG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,KAAK,CAAmC;IAChD,OAAO,CAAC,KAAK,CAAe;IAC5B,OAAO,CAAC,UAAU,CAAC,CAAoB;IACvC,OAAO,CAAC,WAAW,CAAC,CAAqB;gBAGvC,YAAY,EAAE,YAAY,EAC1B,KAAK,EAAE,YAAY,EACnB,UAAU,CAAC,EAAE,iBAAiB,EAC9B,WAAW,CAAC,EAAE,kBAAkB;IAQlC,sDAAsD;IACtD,YAAY,IAAI,MAAM,EAAE;IA8DxB,OAAO,CAAC,UAAU;IAUlB,iBAAiB,CAAC,KAAK,EAAE,YAAY,GAAG,QAAQ;IAkBhD,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,QAAQ;IAUvF,oBAAoB,CAClB,OAAO,EAAE,MAAM,EACf,YAAY,EAAE;QACZ,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,GACA,QAAQ;CAUZ"}
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright (c) ProbeLabs. All rights reserved.
|
|
3
|
+
* Licensed under the Elastic License 2.0; you may not use this file except
|
|
4
|
+
* in compliance with the Elastic License 2.0.
|
|
5
|
+
*/
|
|
6
|
+
import type { Schedule, ScheduleLimits } from '../../scheduler/schedule-store';
|
|
7
|
+
import type { ScheduleStoreBackend, ScheduleStoreStats, StorageConfig, HAConfig } from '../../scheduler/store/types';
|
|
8
|
+
/**
|
|
9
|
+
* Enterprise Knex-backed store for PostgreSQL, MySQL, and MSSQL
|
|
10
|
+
*/
|
|
11
|
+
export declare class KnexStoreBackend implements ScheduleStoreBackend {
|
|
12
|
+
private knex;
|
|
13
|
+
private driver;
|
|
14
|
+
private connection;
|
|
15
|
+
constructor(driver: 'postgresql' | 'mysql' | 'mssql', storageConfig: StorageConfig, _haConfig?: HAConfig);
|
|
16
|
+
initialize(): Promise<void>;
|
|
17
|
+
private buildStandardConnection;
|
|
18
|
+
private buildMssqlConnection;
|
|
19
|
+
private resolveSslConfig;
|
|
20
|
+
private validateSslPath;
|
|
21
|
+
shutdown(): Promise<void>;
|
|
22
|
+
private migrateSchema;
|
|
23
|
+
private getKnex;
|
|
24
|
+
create(schedule: Omit<Schedule, 'id' | 'createdAt' | 'runCount' | 'failureCount' | 'status'>): Promise<Schedule>;
|
|
25
|
+
importSchedule(schedule: Schedule): Promise<void>;
|
|
26
|
+
get(id: string): Promise<Schedule | undefined>;
|
|
27
|
+
update(id: string, patch: Partial<Schedule>): Promise<Schedule | undefined>;
|
|
28
|
+
delete(id: string): Promise<boolean>;
|
|
29
|
+
getByCreator(creatorId: string): Promise<Schedule[]>;
|
|
30
|
+
getActiveSchedules(): Promise<Schedule[]>;
|
|
31
|
+
getDueSchedules(now?: number): Promise<Schedule[]>;
|
|
32
|
+
findByWorkflow(creatorId: string, workflowName: string): Promise<Schedule[]>;
|
|
33
|
+
getAll(): Promise<Schedule[]>;
|
|
34
|
+
getStats(): Promise<ScheduleStoreStats>;
|
|
35
|
+
validateLimits(creatorId: string, isRecurring: boolean, limits: ScheduleLimits): Promise<void>;
|
|
36
|
+
tryAcquireLock(lockId: string, nodeId: string, ttlSeconds: number): Promise<string | null>;
|
|
37
|
+
releaseLock(lockId: string, lockToken: string): Promise<void>;
|
|
38
|
+
renewLock(lockId: string, lockToken: string, ttlSeconds: number): Promise<boolean>;
|
|
39
|
+
flush(): Promise<void>;
|
|
40
|
+
}
|
|
41
|
+
//# sourceMappingURL=knex-store.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"knex-store.d.ts","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/enterprise/scheduler/knex-store.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAYH,OAAO,KAAK,EAAE,QAAQ,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAC/E,OAAO,KAAK,EACV,oBAAoB,EACpB,kBAAkB,EAClB,aAAa,EACb,QAAQ,EAET,MAAM,6BAA6B,CAAC;AA+FrC;;GAEG;AACH,qBAAa,gBAAiB,YAAW,oBAAoB;IAC3D,OAAO,CAAC,IAAI,CAAqB;IACjC,OAAO,CAAC,MAAM,CAAmC;IACjD,OAAO,CAAC,UAAU,CAAyB;gBAGzC,MAAM,EAAE,YAAY,GAAG,OAAO,GAAG,OAAO,EACxC,aAAa,EAAE,aAAa,EAC5B,SAAS,CAAC,EAAE,QAAQ;IAMhB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAkDjC,OAAO,CAAC,uBAAuB;IAW/B,OAAO,CAAC,oBAAoB;IAkB5B,OAAO,CAAC,gBAAgB;IA4BxB,OAAO,CAAC,eAAe;IAWjB,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;YAOjB,aAAa;IA4C3B,OAAO,CAAC,OAAO;IAST,MAAM,CACV,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,GAAG,WAAW,GAAG,UAAU,GAAG,cAAc,GAAG,QAAQ,CAAC,GACpF,OAAO,CAAC,QAAQ,CAAC;IAkBd,cAAc,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAOjD,GAAG,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC;IAM9C,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAAC;IAgB3E,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAYpC,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAMpD,kBAAkB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;IAMzC,eAAe,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAsBlD,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAW5E,MAAM,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;IAM7B,QAAQ,IAAI,OAAO,CAAC,kBAAkB,CAAC;IA4BvC,cAAc,CAClB,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,OAAO,EACpB,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,IAAI,CAAC;IAqCV,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAmC1F,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK7D,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAalF,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B"}
|
package/dist/examples/README.md
CHANGED
|
@@ -126,6 +126,17 @@ Example configurations demonstrating various Visor features and use cases.
|
|
|
126
126
|
- **`failure-conditions-github-style.yaml`** - GitHub-style failure conditions
|
|
127
127
|
- **`failure-conditions-migration.yaml`** - Migration patterns for failure conditions
|
|
128
128
|
|
|
129
|
+
### Sandbox Examples
|
|
130
|
+
- **`sandbox-basic.yaml`** - Basic Docker sandbox with image mode
|
|
131
|
+
- **`sandbox-cache.yaml`** - Sandbox with cache volume mounts
|
|
132
|
+
- **`sandbox-dockerfile-inline.yaml`** - Sandbox with inline Dockerfile
|
|
133
|
+
- **`sandbox-env-passthrough.yaml`** - Sandbox environment variable passthrough
|
|
134
|
+
- **`sandbox-multi-env.yaml`** - Multiple sandbox environments per check
|
|
135
|
+
- **`sandbox-read-only.yaml`** - Read-only sandbox with network isolation
|
|
136
|
+
|
|
137
|
+
### Enterprise Policy Examples (EE)
|
|
138
|
+
- **`enterprise-policy/`** - OPA policy engine with role-based access control **(Enterprise Edition -- requires license, contact hello@probelabs.com)**
|
|
139
|
+
|
|
129
140
|
### Integration Examples
|
|
130
141
|
- **`jira-simple-example.yaml`** - Simple JIRA integration
|
|
131
142
|
- **`jira-single-issue-workflow.yaml`** - Single JIRA issue workflow
|
|
@@ -406,6 +417,28 @@ visor --config examples/bedrock-config.yaml --provider bedrock
|
|
|
406
417
|
visor --config examples/claude-code-config.yaml
|
|
407
418
|
```
|
|
408
419
|
|
|
420
|
+
## 🐳 Sandbox Examples
|
|
421
|
+
|
|
422
|
+
```bash
|
|
423
|
+
# Basic Docker sandbox
|
|
424
|
+
visor --config examples/sandbox-basic.yaml
|
|
425
|
+
|
|
426
|
+
# Sandbox with cache volumes
|
|
427
|
+
visor --config examples/sandbox-cache.yaml
|
|
428
|
+
|
|
429
|
+
# Inline Dockerfile sandbox
|
|
430
|
+
visor --config examples/sandbox-dockerfile-inline.yaml
|
|
431
|
+
|
|
432
|
+
# Environment variable passthrough
|
|
433
|
+
visor --config examples/sandbox-env-passthrough.yaml
|
|
434
|
+
|
|
435
|
+
# Multiple sandbox environments
|
|
436
|
+
visor --config examples/sandbox-multi-env.yaml
|
|
437
|
+
|
|
438
|
+
# Read-only sandbox with network isolation
|
|
439
|
+
visor --config examples/sandbox-read-only.yaml
|
|
440
|
+
```
|
|
441
|
+
|
|
409
442
|
## 🔧 MCP & Tools Examples
|
|
410
443
|
|
|
411
444
|
```bash
|
|
@@ -434,6 +467,26 @@ visor --config examples/workflows/quick-pr-check.yaml --input "pr_type=feature"
|
|
|
434
467
|
visor --config examples/workflows/workflow-composition-example.yaml
|
|
435
468
|
```
|
|
436
469
|
|
|
470
|
+
## Enterprise Policy Engine (EE)
|
|
471
|
+
|
|
472
|
+
> **Enterprise Edition feature.** Requires a Visor EE license.
|
|
473
|
+
> Contact **hello@probelabs.com** for licensing.
|
|
474
|
+
|
|
475
|
+
Role-based access control for checks, MCP tools, and AI capabilities using OPA (Open Policy Agent) policies:
|
|
476
|
+
|
|
477
|
+
```bash
|
|
478
|
+
# Install EE build
|
|
479
|
+
npm install @probelabs/visor@ee
|
|
480
|
+
|
|
481
|
+
# Set license
|
|
482
|
+
export VISOR_LICENSE="<your-jwt-token>"
|
|
483
|
+
|
|
484
|
+
# Run with policy enforcement
|
|
485
|
+
visor --config examples/enterprise-policy/visor.yaml
|
|
486
|
+
```
|
|
487
|
+
|
|
488
|
+
See [`examples/enterprise-policy/README.md`](enterprise-policy/README.md) for full documentation, configuration reference, and Rego policy examples.
|
|
489
|
+
|
|
437
490
|
## 📚 Further Reading
|
|
438
491
|
|
|
439
492
|
- [Main README](../README.md) - Complete Visor documentation
|
|
@@ -38,7 +38,7 @@ checks:
|
|
|
38
38
|
operation: set
|
|
39
39
|
namespace: calculator
|
|
40
40
|
key: number1
|
|
41
|
-
value_js: "parseFloat(outputs['get-number1'])"
|
|
41
|
+
value_js: "parseFloat(outputs['get-number1'].text)"
|
|
42
42
|
|
|
43
43
|
# Step 3: Get second number
|
|
44
44
|
get-number2:
|
|
@@ -55,7 +55,7 @@ checks:
|
|
|
55
55
|
operation: set
|
|
56
56
|
namespace: calculator
|
|
57
57
|
key: number2
|
|
58
|
-
value_js: "parseFloat(outputs['get-number2'])"
|
|
58
|
+
value_js: "parseFloat(outputs['get-number2'].text)"
|
|
59
59
|
|
|
60
60
|
# Step 5: Get operation
|
|
61
61
|
get-operation:
|
|
@@ -72,7 +72,7 @@ checks:
|
|
|
72
72
|
operation: set
|
|
73
73
|
namespace: calculator
|
|
74
74
|
key: operation
|
|
75
|
-
value_js: "outputs['get-operation'].trim()"
|
|
75
|
+
value_js: "outputs['get-operation'].text.trim()"
|
|
76
76
|
|
|
77
77
|
# Step 7: Perform calculation using memory and JavaScript
|
|
78
78
|
calculate:
|
|
@@ -122,7 +122,7 @@ checks:
|
|
|
122
122
|
║ CALCULATION RESULT ║
|
|
123
123
|
╠════════════════════════════════════════╣
|
|
124
124
|
║ ║
|
|
125
|
-
║ {{ outputs['get-number1'] }} {{ outputs['get-operation'] }} {{ outputs['get-number2'] }} = {{ outputs['calculate'] }}
|
|
125
|
+
║ {{ outputs['get-number1'].text }} {{ outputs['get-operation'].text }} {{ outputs['get-number2'].text }} = {{ outputs['calculate'] }}
|
|
126
126
|
║ ║
|
|
127
127
|
╚════════════════════════════════════════╝
|
|
128
128
|
|