@probelabs/visor 0.1.129 → 0.1.130-ee

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (216) hide show
  1. package/README.md +23 -0
  2. package/dist/cli-main.d.ts.map +1 -1
  3. package/dist/config.d.ts +4 -0
  4. package/dist/config.d.ts.map +1 -1
  5. package/dist/docs/author-permissions.md +20 -0
  6. package/dist/docs/enterprise-policy.md +1325 -0
  7. package/dist/docs/index.md +10 -0
  8. package/dist/docs/scheduler-storage.md +433 -0
  9. package/dist/docs/scheduler.md +12 -2
  10. package/dist/enterprise/license/validator.d.ts +39 -0
  11. package/dist/enterprise/license/validator.d.ts.map +1 -0
  12. package/dist/enterprise/loader.d.ts +25 -0
  13. package/dist/enterprise/loader.d.ts.map +1 -0
  14. package/dist/enterprise/policy/opa-compiler.d.ts +37 -0
  15. package/dist/enterprise/policy/opa-compiler.d.ts.map +1 -0
  16. package/dist/enterprise/policy/opa-http-evaluator.d.ts +36 -0
  17. package/dist/enterprise/policy/opa-http-evaluator.d.ts.map +1 -0
  18. package/dist/enterprise/policy/opa-policy-engine.d.ts +48 -0
  19. package/dist/enterprise/policy/opa-policy-engine.d.ts.map +1 -0
  20. package/dist/enterprise/policy/opa-wasm-evaluator.d.ts +34 -0
  21. package/dist/enterprise/policy/opa-wasm-evaluator.d.ts.map +1 -0
  22. package/dist/enterprise/policy/policy-input-builder.d.ts +120 -0
  23. package/dist/enterprise/policy/policy-input-builder.d.ts.map +1 -0
  24. package/dist/enterprise/scheduler/knex-store.d.ts +41 -0
  25. package/dist/enterprise/scheduler/knex-store.d.ts.map +1 -0
  26. package/dist/examples/README.md +23 -0
  27. package/dist/examples/enterprise-policy/README.md +344 -0
  28. package/dist/examples/enterprise-policy/policies/capability_resolve.rego +29 -0
  29. package/dist/examples/enterprise-policy/policies/capability_resolve_test.rego +230 -0
  30. package/dist/examples/enterprise-policy/policies/check_execute.rego +71 -0
  31. package/dist/examples/enterprise-policy/policies/check_execute_test.rego +321 -0
  32. package/dist/examples/enterprise-policy/policies/deploy_production.rego +33 -0
  33. package/dist/examples/enterprise-policy/policies/deploy_production_test.rego +29 -0
  34. package/dist/examples/enterprise-policy/policies/slack_channel_gate.rego +17 -0
  35. package/dist/examples/enterprise-policy/policies/slack_tool_restrict.rego +16 -0
  36. package/dist/examples/enterprise-policy/policies/tool_invoke.rego +24 -0
  37. package/dist/examples/enterprise-policy/policies/tool_invoke_test.rego +227 -0
  38. package/dist/examples/enterprise-policy/visor.yaml +64 -0
  39. package/dist/failure-condition-evaluator.d.ts +18 -0
  40. package/dist/failure-condition-evaluator.d.ts.map +1 -1
  41. package/dist/frontends/slack-frontend.d.ts +1 -0
  42. package/dist/frontends/slack-frontend.d.ts.map +1 -1
  43. package/dist/generated/config-schema.d.ts +139 -0
  44. package/dist/generated/config-schema.d.ts.map +1 -1
  45. package/dist/index.js +13821 -7172
  46. package/dist/liquid-extensions.d.ts.map +1 -1
  47. package/dist/policy/default-engine.d.ts +17 -0
  48. package/dist/policy/default-engine.d.ts.map +1 -0
  49. package/dist/policy/index.d.ts +4 -0
  50. package/dist/policy/index.d.ts.map +1 -0
  51. package/dist/policy/policy-check-command.d.ts +65 -0
  52. package/dist/policy/policy-check-command.d.ts.map +1 -0
  53. package/dist/policy/types.d.ts +81 -0
  54. package/dist/policy/types.d.ts.map +1 -0
  55. package/dist/providers/ai-check-provider.d.ts.map +1 -1
  56. package/dist/providers/check-provider.interface.d.ts +2 -0
  57. package/dist/providers/check-provider.interface.d.ts.map +1 -1
  58. package/dist/providers/claude-code-check-provider.d.ts.map +1 -1
  59. package/dist/providers/mcp-check-provider.d.ts.map +1 -1
  60. package/dist/providers/mcp-custom-sse-server.d.ts.map +1 -1
  61. package/dist/providers/workflow-check-provider.d.ts.map +1 -1
  62. package/dist/scheduler/index.d.ts +2 -0
  63. package/dist/scheduler/index.d.ts.map +1 -1
  64. package/dist/scheduler/schedule-store.d.ts +33 -59
  65. package/dist/scheduler/schedule-store.d.ts.map +1 -1
  66. package/dist/scheduler/schedule-tool.d.ts.map +1 -1
  67. package/dist/scheduler/scheduler.d.ts +24 -3
  68. package/dist/scheduler/scheduler.d.ts.map +1 -1
  69. package/dist/scheduler/store/index.d.ts +7 -0
  70. package/dist/scheduler/store/index.d.ts.map +1 -0
  71. package/dist/scheduler/store/json-migrator.d.ts +10 -0
  72. package/dist/scheduler/store/json-migrator.d.ts.map +1 -0
  73. package/dist/scheduler/store/sqlite-store.d.ts +32 -0
  74. package/dist/scheduler/store/sqlite-store.d.ts.map +1 -0
  75. package/dist/scheduler/store/types.d.ts +127 -0
  76. package/dist/scheduler/store/types.d.ts.map +1 -0
  77. package/dist/sdk/check-provider-registry-PANIXYRB.mjs +28 -0
  78. package/dist/sdk/check-provider-registry-S7DKTEM6.mjs +28 -0
  79. package/dist/sdk/{chunk-D5KI4YQ4.mjs → chunk-DIND4ZCV.mjs} +2 -2
  80. package/dist/sdk/{chunk-XDLQ3UNF.mjs → chunk-GEW6LS32.mjs} +2 -2
  81. package/dist/sdk/{chunk-N7HO6KKC.mjs → chunk-HOKQOO3G.mjs} +11 -6
  82. package/dist/sdk/chunk-HOKQOO3G.mjs.map +1 -0
  83. package/dist/sdk/{chunk-XR7XXGL7.mjs → chunk-JL7JXCET.mjs} +2 -2
  84. package/dist/sdk/{chunk-6W75IMDC.mjs → chunk-LG4AUKHB.mjs} +2 -2
  85. package/dist/sdk/{chunk-BDGUM6BA.mjs → chunk-S6CD7GFM.mjs} +1463 -568
  86. package/dist/sdk/chunk-S6CD7GFM.mjs.map +1 -0
  87. package/dist/sdk/{chunk-PO7X5XI7.mjs → chunk-SZXICFQ3.mjs} +2 -2
  88. package/dist/sdk/{chunk-DGZPPGJJ.mjs → chunk-TQ4D3YOF.mjs} +1463 -568
  89. package/dist/sdk/chunk-TQ4D3YOF.mjs.map +1 -0
  90. package/dist/sdk/{chunk-HEX3RL32.mjs → chunk-UCMJJ3IM.mjs} +5 -2
  91. package/dist/sdk/{chunk-HEX3RL32.mjs.map → chunk-UCMJJ3IM.mjs.map} +1 -1
  92. package/dist/sdk/{chunk-7YSOINAQ.mjs → chunk-UCNT3PDT.mjs} +342 -5
  93. package/dist/sdk/chunk-UCNT3PDT.mjs.map +1 -0
  94. package/dist/sdk/{chunk-R5Z7YWPB.mjs → chunk-V2IV3ILA.mjs} +7 -5
  95. package/dist/sdk/chunk-V2IV3ILA.mjs.map +1 -0
  96. package/dist/sdk/{chunk-SGS2VMEL.mjs → chunk-VMLORODQ.mjs} +107 -20
  97. package/dist/sdk/chunk-VMLORODQ.mjs.map +1 -0
  98. package/dist/sdk/{chunk-2KB35MB7.mjs → chunk-VPC3QSPW.mjs} +2 -2
  99. package/dist/sdk/{chunk-J5RGJQ53.mjs → chunk-YJRBN3XS.mjs} +2 -2
  100. package/dist/sdk/{command-executor-DVVXERLR.mjs → command-executor-TOYBBE7S.mjs} +4 -4
  101. package/dist/sdk/{config-7VTT64SQ.mjs → config-OGOS4ZU4.mjs} +4 -4
  102. package/dist/sdk/failure-condition-evaluator-HC3M5377.mjs +17 -0
  103. package/dist/sdk/{github-frontend-3N2NLO66.mjs → github-frontend-E2KJSC3Y.mjs} +7 -7
  104. package/dist/sdk/{host-ONVMEHAA.mjs → host-EE6EJ2FM.mjs} +4 -4
  105. package/dist/sdk/host-OUSD2OIQ.mjs +63 -0
  106. package/dist/sdk/host-OUSD2OIQ.mjs.map +1 -0
  107. package/dist/sdk/knex-store-HPXJILBL.mjs +411 -0
  108. package/dist/sdk/knex-store-HPXJILBL.mjs.map +1 -0
  109. package/dist/sdk/lazy-otel-5NH4ZJJM.mjs +24 -0
  110. package/dist/sdk/{liquid-extensions-5IZLTFSZ.mjs → liquid-extensions-E4EUOCES.mjs} +5 -5
  111. package/dist/sdk/loader-ID5LMXOW.mjs +89 -0
  112. package/dist/sdk/loader-ID5LMXOW.mjs.map +1 -0
  113. package/dist/sdk/memory-store-AAPL2MTE.mjs +12 -0
  114. package/dist/sdk/{metrics-GXQ2EDXA.mjs → metrics-I6A7IHG4.mjs} +3 -3
  115. package/dist/sdk/opa-policy-engine-UUPFN5CL.mjs +655 -0
  116. package/dist/sdk/opa-policy-engine-UUPFN5CL.mjs.map +1 -0
  117. package/dist/sdk/{prompt-state-YHGXB2OA.mjs → prompt-state-VAKKC773.mjs} +4 -4
  118. package/dist/sdk/{renderer-schema-CMXOLNIG.mjs → renderer-schema-HXEW6BRJ.mjs} +3 -3
  119. package/dist/sdk/{routing-S3Y7T2X3.mjs → routing-OZQWAGAI.mjs} +9 -8
  120. package/dist/sdk/schedule-tool-handler-B7TMSG6A.mjs +38 -0
  121. package/dist/sdk/schedule-tool-handler-EBNKDUJC.mjs +38 -0
  122. package/dist/sdk/sdk.d.mts +134 -4
  123. package/dist/sdk/sdk.d.ts +134 -4
  124. package/dist/sdk/sdk.js +3787 -1105
  125. package/dist/sdk/sdk.js.map +1 -1
  126. package/dist/sdk/sdk.mjs +14 -14
  127. package/dist/sdk/{slack-frontend-R3M2CACB.mjs → slack-frontend-LAY45IBR.mjs} +119 -29
  128. package/dist/sdk/slack-frontend-LAY45IBR.mjs.map +1 -0
  129. package/dist/sdk/{trace-helpers-YHNPC7MR.mjs → trace-helpers-PP3YHTAM.mjs} +3 -3
  130. package/dist/sdk/{tui-frontend-S546M7A7.mjs → tui-frontend-T56PZB67.mjs} +25 -16
  131. package/dist/sdk/tui-frontend-T56PZB67.mjs.map +1 -0
  132. package/dist/sdk/validator-XTZJZZJH.mjs +134 -0
  133. package/dist/sdk/validator-XTZJZZJH.mjs.map +1 -0
  134. package/dist/sdk/workflow-check-provider-E7YPEZ45.mjs +28 -0
  135. package/dist/sdk/workflow-check-provider-E7YPEZ45.mjs.map +1 -0
  136. package/dist/sdk/workflow-check-provider-HB4XTD4Z.mjs +28 -0
  137. package/dist/sdk/workflow-check-provider-HB4XTD4Z.mjs.map +1 -0
  138. package/dist/sdk/workflow-registry-AAD37XKZ.mjs +12 -0
  139. package/dist/sdk/workflow-registry-AAD37XKZ.mjs.map +1 -0
  140. package/dist/slack/client.d.ts +12 -0
  141. package/dist/slack/client.d.ts.map +1 -1
  142. package/dist/slack/slack-output-adapter.d.ts.map +1 -1
  143. package/dist/slack/socket-runner.d.ts.map +1 -1
  144. package/dist/state-machine/dispatch/execution-invoker.d.ts.map +1 -1
  145. package/dist/state-machine/dispatch/policy-gate.d.ts +28 -0
  146. package/dist/state-machine/dispatch/policy-gate.d.ts.map +1 -0
  147. package/dist/state-machine/states/level-dispatch.d.ts.map +1 -1
  148. package/dist/state-machine/states/routing.d.ts.map +1 -1
  149. package/dist/state-machine/states/wave-planning.d.ts.map +1 -1
  150. package/dist/state-machine-execution-engine.d.ts.map +1 -1
  151. package/dist/test-runner/core/flow-stage.d.ts.map +1 -1
  152. package/dist/test-runner/validator.d.ts.map +1 -1
  153. package/dist/tui/chat-runner.d.ts.map +1 -1
  154. package/dist/tui/chat-state.d.ts +1 -0
  155. package/dist/tui/chat-state.d.ts.map +1 -1
  156. package/dist/tui/chat-tui.d.ts +3 -2
  157. package/dist/tui/chat-tui.d.ts.map +1 -1
  158. package/dist/tui/components/chat-box.d.ts +9 -0
  159. package/dist/tui/components/chat-box.d.ts.map +1 -1
  160. package/dist/tui/components/input-bar.d.ts +18 -1
  161. package/dist/tui/components/input-bar.d.ts.map +1 -1
  162. package/dist/tui/components/status-bar.d.ts +5 -2
  163. package/dist/tui/components/status-bar.d.ts.map +1 -1
  164. package/dist/tui/components/trace-viewer.d.ts +1 -0
  165. package/dist/tui/components/trace-viewer.d.ts.map +1 -1
  166. package/dist/tui/tui-frontend.d.ts.map +1 -1
  167. package/dist/types/config.d.ts +107 -3
  168. package/dist/types/config.d.ts.map +1 -1
  169. package/dist/types/engine.d.ts +5 -0
  170. package/dist/types/engine.d.ts.map +1 -1
  171. package/dist/types/execution.d.ts +1 -1
  172. package/dist/types/execution.d.ts.map +1 -1
  173. package/package.json +14 -4
  174. package/dist/output/traces/run-2026-02-08T18-16-04-160Z.ndjson +0 -138
  175. package/dist/output/traces/run-2026-02-08T18-16-51-253Z.ndjson +0 -1357
  176. package/dist/sdk/check-provider-registry-ACRGIYOB.mjs +0 -28
  177. package/dist/sdk/check-provider-registry-VYHKFHK2.mjs +0 -28
  178. package/dist/sdk/chunk-7YSOINAQ.mjs.map +0 -1
  179. package/dist/sdk/chunk-BDGUM6BA.mjs.map +0 -1
  180. package/dist/sdk/chunk-DGZPPGJJ.mjs.map +0 -1
  181. package/dist/sdk/chunk-N7HO6KKC.mjs.map +0 -1
  182. package/dist/sdk/chunk-R5Z7YWPB.mjs.map +0 -1
  183. package/dist/sdk/chunk-SGS2VMEL.mjs.map +0 -1
  184. package/dist/sdk/failure-condition-evaluator-4WMDF4Q3.mjs +0 -17
  185. package/dist/sdk/memory-store-3N4AZCYB.mjs +0 -12
  186. package/dist/sdk/slack-frontend-R3M2CACB.mjs.map +0 -1
  187. package/dist/sdk/tui-frontend-S546M7A7.mjs.map +0 -1
  188. package/dist/sdk/workflow-check-provider-4F3432ZP.mjs +0 -28
  189. package/dist/sdk/workflow-check-provider-A44PBPG2.mjs +0 -28
  190. package/dist/sdk/workflow-registry-ZAYYXLEP.mjs +0 -12
  191. package/dist/traces/run-2026-02-08T18-16-04-160Z.ndjson +0 -138
  192. package/dist/traces/run-2026-02-08T18-16-51-253Z.ndjson +0 -1357
  193. /package/dist/sdk/{check-provider-registry-ACRGIYOB.mjs.map → check-provider-registry-PANIXYRB.mjs.map} +0 -0
  194. /package/dist/sdk/{check-provider-registry-VYHKFHK2.mjs.map → check-provider-registry-S7DKTEM6.mjs.map} +0 -0
  195. /package/dist/sdk/{chunk-D5KI4YQ4.mjs.map → chunk-DIND4ZCV.mjs.map} +0 -0
  196. /package/dist/sdk/{chunk-XDLQ3UNF.mjs.map → chunk-GEW6LS32.mjs.map} +0 -0
  197. /package/dist/sdk/{chunk-XR7XXGL7.mjs.map → chunk-JL7JXCET.mjs.map} +0 -0
  198. /package/dist/sdk/{chunk-6W75IMDC.mjs.map → chunk-LG4AUKHB.mjs.map} +0 -0
  199. /package/dist/sdk/{chunk-PO7X5XI7.mjs.map → chunk-SZXICFQ3.mjs.map} +0 -0
  200. /package/dist/sdk/{chunk-2KB35MB7.mjs.map → chunk-VPC3QSPW.mjs.map} +0 -0
  201. /package/dist/sdk/{chunk-J5RGJQ53.mjs.map → chunk-YJRBN3XS.mjs.map} +0 -0
  202. /package/dist/sdk/{command-executor-DVVXERLR.mjs.map → command-executor-TOYBBE7S.mjs.map} +0 -0
  203. /package/dist/sdk/{config-7VTT64SQ.mjs.map → config-OGOS4ZU4.mjs.map} +0 -0
  204. /package/dist/sdk/{failure-condition-evaluator-4WMDF4Q3.mjs.map → failure-condition-evaluator-HC3M5377.mjs.map} +0 -0
  205. /package/dist/sdk/{github-frontend-3N2NLO66.mjs.map → github-frontend-E2KJSC3Y.mjs.map} +0 -0
  206. /package/dist/sdk/{host-ONVMEHAA.mjs.map → host-EE6EJ2FM.mjs.map} +0 -0
  207. /package/dist/sdk/{liquid-extensions-5IZLTFSZ.mjs.map → lazy-otel-5NH4ZJJM.mjs.map} +0 -0
  208. /package/dist/sdk/{memory-store-3N4AZCYB.mjs.map → liquid-extensions-E4EUOCES.mjs.map} +0 -0
  209. /package/dist/sdk/{metrics-GXQ2EDXA.mjs.map → memory-store-AAPL2MTE.mjs.map} +0 -0
  210. /package/dist/sdk/{prompt-state-YHGXB2OA.mjs.map → metrics-I6A7IHG4.mjs.map} +0 -0
  211. /package/dist/sdk/{routing-S3Y7T2X3.mjs.map → prompt-state-VAKKC773.mjs.map} +0 -0
  212. /package/dist/sdk/{renderer-schema-CMXOLNIG.mjs.map → renderer-schema-HXEW6BRJ.mjs.map} +0 -0
  213. /package/dist/sdk/{trace-helpers-YHNPC7MR.mjs.map → routing-OZQWAGAI.mjs.map} +0 -0
  214. /package/dist/sdk/{workflow-check-provider-4F3432ZP.mjs.map → schedule-tool-handler-B7TMSG6A.mjs.map} +0 -0
  215. /package/dist/sdk/{workflow-check-provider-A44PBPG2.mjs.map → schedule-tool-handler-EBNKDUJC.mjs.map} +0 -0
  216. /package/dist/sdk/{workflow-registry-ZAYYXLEP.mjs.map → trace-helpers-PP3YHTAM.mjs.map} +0 -0
package/README.md CHANGED
@@ -186,6 +186,7 @@ Visor is a general SDLC automation framework:
186
186
  - [Developer Experience Playbook](#-developer-experience-playbook)
187
187
  - [Tag-Based Check Filtering](#-tag-based-check-filtering)
188
188
  - [PR Comment Commands](#-pr-comment-commands)
189
+ - [Enterprise Policy Engine (EE)](#-enterprise-policy-engine-ee)
189
190
  - [Suppressing Warnings](#-suppressing-warnings)
190
191
  - [Troubleshooting](#-troubleshooting)
191
192
  - [Security Defaults](#-security-defaults)
@@ -307,6 +308,28 @@ steps:
307
308
 
308
309
  Learn more: [docs/author-permissions.md](docs/author-permissions.md)
309
310
 
311
+ ## 🏢 Enterprise Policy Engine (EE)
312
+
313
+ > **Enterprise Edition feature.** Requires a Visor EE license. Contact **hello@probelabs.com**.
314
+
315
+ Add OPA-based role-based access control to gate checks, MCP tools, and AI capabilities using [Rego](https://www.openpolicyagent.org/docs/latest/policy-language/) policies.
316
+
317
+ ```yaml
318
+ policy:
319
+ engine: local
320
+ rules: ./policies/
321
+ fallback: deny
322
+ roles:
323
+ admin:
324
+ author_association: [OWNER]
325
+ developer:
326
+ author_association: [MEMBER, COLLABORATOR]
327
+ ```
328
+
329
+ Checks denied by policy are skipped with reason `policy_denied`. Without a valid license, the engine silently disables and all checks run normally.
330
+
331
+ Learn more: [docs/enterprise-policy.md](docs/enterprise-policy.md) | [examples/enterprise-policy/](examples/enterprise-policy/)
332
+
310
333
  ## 🔇 Suppressing Warnings
311
334
 
312
335
  Suppress a specific issue by adding a nearby `visor-disable` comment.
package/dist/cli-main.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/cli-main.ts"],"names":[],"mappings":"AA0oBA;;GAEG;AACH,wBAAsB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CA+2C1C"}
1
+ {"version":3,"file":"","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/cli-main.ts"],"names":[],"mappings":"AAyxBA;;GAEG;AACH,wBAAsB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAu1C1C"}
package/dist/config.d.ts CHANGED
@@ -83,6 +83,10 @@ export declare class ConfigManager {
83
83
  * Validate individual check configuration
84
84
  */
85
85
  private validateCheckConfig;
86
+ /**
87
+ * Validate policy engine configuration
88
+ */
89
+ private validatePolicyConfig;
86
90
  /**
87
91
  * Validate MCP servers object shape and values (basic shape only)
88
92
  */
package/dist/config.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/config.ts"],"names":[],"mappings":"AAKA,OAAO,EACL,WAAW,EAGX,YAAY,EAIZ,oBAAoB,EACpB,YAAY,EACZ,iBAAiB,EAClB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAOzC;;;GAGG;AACH,eAAO,MAAM,oBAAoB,EAAE,SAAS,YAAY,EAS9C,CAAC;AAEX;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,eAAe,CAgBrB;IACF,OAAO,CAAC,kBAAkB,CAA6C;IACvE,OAAO,CAAC,kBAAkB,CAAgE;IAC1F,OAAO,CAAC,mBAAmB,CAA2D;IAEtF;;OAEG;IACU,UAAU,CACrB,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,WAAW,CAAC;IAqHvB;;;OAGG;IACU,oBAAoB,CAC/B,GAAG,EAAE,OAAO,CAAC,WAAW,CAAC,EACzB,OAAO,GAAE,iBAAiB,GAAG;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO,GACrD,OAAO,CAAC,WAAW,CAAC;IAkDvB;;OAEG;IACU,iBAAiB,CAAC,OAAO,GAAE,iBAAsB,GAAG,OAAO,CAAC,WAAW,CAAC;IA4CrF;;OAEG;YACW,qBAAqB;IAiBnC;;OAEG;IACU,gBAAgB,IAAI,OAAO,CAAC,WAAW,CAAC;IAgBrD;;OAEG;IACI,wBAAwB,IAAI,WAAW,GAAG,IAAI;IA0FrD;;OAEG;IACH,OAAO,CAAC,eAAe;IAuBvB;;;OAGG;YACW,uBAAuB;IAkFrC;;OAEG;YACW,aAAa;IA6B3B;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IAgC/B;;OAEG;IACI,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,EAAE,UAAU,EAAE,UAAU,GAAG,YAAY;IAqB9F;;OAEG;IACU,0BAA0B,IAAI,OAAO,CAAC;QACjD,MAAM,CAAC,EAAE,WAAW,CAAC;QACrB,oBAAoB,EAAE,oBAAoB,CAAC;KAC5C,CAAC;IA2BF;;;;OAIG;IACI,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,EAAE,MAAM,UAAQ,GAAG,IAAI;IAoOzE;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAoH7B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA8T3B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IA0DhC;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IAgG7B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IA6DzB;;OAEG;IACH,OAAO,CAAC,wBAAwB;IA6EhC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA+B5B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAY9B;;OAEG;IACH,OAAO,CAAC,iBAAiB;CA6B1B"}
1
+ {"version":3,"file":"","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/config.ts"],"names":[],"mappings":"AAKA,OAAO,EACL,WAAW,EAGX,YAAY,EAIZ,oBAAoB,EACpB,YAAY,EACZ,iBAAiB,EAClB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAOzC;;;GAGG;AACH,eAAO,MAAM,oBAAoB,EAAE,SAAS,YAAY,EAS9C,CAAC;AAEX;;GAEG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,eAAe,CAgBrB;IACF,OAAO,CAAC,kBAAkB,CAA6C;IACvE,OAAO,CAAC,kBAAkB,CAAgE;IAC1F,OAAO,CAAC,mBAAmB,CAA2D;IAEtF;;OAEG;IACU,UAAU,CACrB,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,WAAW,CAAC;IAqHvB;;;OAGG;IACU,oBAAoB,CAC/B,GAAG,EAAE,OAAO,CAAC,WAAW,CAAC,EACzB,OAAO,GAAE,iBAAiB,GAAG;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAO,GACrD,OAAO,CAAC,WAAW,CAAC;IAkDvB;;OAEG;IACU,iBAAiB,CAAC,OAAO,GAAE,iBAAsB,GAAG,OAAO,CAAC,WAAW,CAAC;IA4CrF;;OAEG;YACW,qBAAqB;IAiBnC;;OAEG;IACU,gBAAgB,IAAI,OAAO,CAAC,WAAW,CAAC;IAgBrD;;OAEG;IACI,wBAAwB,IAAI,WAAW,GAAG,IAAI;IA0FrD;;OAEG;IACH,OAAO,CAAC,eAAe;IAuBvB;;;OAGG;YACW,uBAAuB;IAkFrC;;OAEG;YACW,aAAa;IA6B3B;;;OAGG;IACH,OAAO,CAAC,uBAAuB;IAgC/B;;OAEG;IACI,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,EAAE,UAAU,EAAE,UAAU,GAAG,YAAY;IAqB9F;;OAEG;IACU,0BAA0B,IAAI,OAAO,CAAC;QACjD,MAAM,CAAC,EAAE,WAAW,CAAC;QACrB,oBAAoB,EAAE,oBAAoB,CAAC;KAC5C,CAAC;IA2BF;;;;OAIG;IACI,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,EAAE,MAAM,UAAQ,GAAG,IAAI;IA+SzE;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAoH7B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IA8T3B;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAmM5B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IA0DhC;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IAiG7B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IA6DzB;;OAEG;IACH,OAAO,CAAC,wBAAwB;IA6EhC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA+B5B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAY9B;;OAEG;IACH,OAAO,CAAC,iBAAiB;CA6B1B"}
package/dist/docs/author-permissions.md CHANGED
@@ -602,8 +602,28 @@ steps:
602
602
  (outputs["tests-full"] && outputs["tests-full"].error === false))
603
603
  ```
604
604
 
605
+ ## Enterprise Policy Engine (EE)
606
+
607
+ For organizations that need centralized, auditable policy enforcement beyond inline `if`/`fail_if` expressions, Visor's Enterprise Edition includes an [OPA-based policy engine](./enterprise-policy.md).
608
+
609
+ | Feature | Author Permissions (OSS) | Policy Engine (EE) |
610
+ |---------|--------------------------|-------------------|
611
+ | **License** | None (OSS) | EE license required |
612
+ | **Mechanism** | JavaScript expressions in `if`/`fail_if` | OPA Rego policies |
613
+ | **Scope** | Per-step conditions | Pre-execution gating, tool filtering, capability restriction |
614
+ | **Role system** | `hasMinPermission()`, `isMember()`, etc. | Custom roles via `policy.roles` config |
615
+
616
+ **When to use Author Permissions**: Simple permission checks for small teams with straightforward rules.
617
+
618
+ **When to use the Policy Engine**: Centralized, auditable enforcement for organizations needing compliance, separation of duties, or complex role hierarchies. The policy engine evaluates before `if` conditions, providing an additional layer of control.
619
+
620
+ Both systems work together -- author permission functions remain available even when the policy engine is active.
621
+
622
+ Learn more: [Enterprise Policy Engine documentation](./enterprise-policy.md)
623
+
605
624
  ## Related Documentation
606
625
 
626
+ - [Enterprise Policy Engine](./enterprise-policy.md) - OPA-based role-based access control (EE)
607
627
  - [Liquid Templates](./liquid-templates.md) - Template syntax and variables
608
628
  - [Debugging Guide](./debugging.md) - Debugging JavaScript expressions
609
629
  - [Command Provider](./command-provider.md) - Command execution and transforms