npm - @probelabs/visor - Versions diffs - 0.1.129 → 0.1.130 - Mend

@probelabs/visor 0.1.129 → 0.1.130

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (206) hide show

package/dist/examples/enterprise-policy/policies/slack_channel_gate.rego ADDED Viewed

@@ -0,0 +1,17 @@
+package visor.check.execute
+# Block deploy checks when triggered from Slack DMs.
+# Deploy checks should only run from designated channels.
+is_from_dm {
+  input.actor.slack.channelType == "dm"
+}
+allowed = false {
+  startswith(input.check.id, "deploy-")
+  is_from_dm
+}
+reason = "deploy checks cannot be triggered from Slack DMs" {
+  startswith(input.check.id, "deploy-")
+  is_from_dm
+}

package/dist/examples/enterprise-policy/policies/slack_tool_restrict.rego ADDED Viewed

@@ -0,0 +1,16 @@
+package visor.tool.invoke
+default allowed = true
+# Block destructive tool methods for non-admins
+is_admin { input.actor.roles[_] == "admin" }
+allowed = false {
+  endswith(input.tool.methodName, "_delete")
+  not is_admin
+}
+reason = "destructive tool methods require the admin role" {
+  endswith(input.tool.methodName, "_delete")
+  not is_admin
+}

package/dist/examples/enterprise-policy/policies/tool_invoke.rego ADDED Viewed

@@ -0,0 +1,24 @@
+# MCP tool access control policy (Visor Enterprise Edition)
+# Controls which MCP methods each role can invoke.
+# Contact hello@probelabs.com for licensing.
+package visor.tool.invoke
+default allowed = true
+# Helper: actor has admin role
+is_admin { input.actor.roles[_] == "admin" }
+# Block destructive methods for non-admins
+allowed = false {
+  endswith(input.tool.methodName, "_delete")
+  not is_admin
+}
+# Block bash execution tool for externals
+allowed = false {
+  input.tool.methodName == "bash"
+  input.actor.roles[_] == "external"
+}
+reason = "tool access denied by policy" { not allowed }

package/dist/examples/enterprise-policy/policies/tool_invoke_test.rego ADDED Viewed

@@ -0,0 +1,227 @@
+# Tests for MCP tool access control policy
+# Run with: opa test examples/enterprise-policy/policies/
+package visor.tool.invoke
+# ---------------------------------------------------------------------------
+# Default allow – most tools are permitted by default
+# ---------------------------------------------------------------------------
+test_default_allowed_for_developer {
+  allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "search_issues"},
+    "actor": {"roles": ["developer"], "isLocalMode": false}
+  }
+}
+test_default_allowed_for_reviewer {
+  allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "list_repos"},
+    "actor": {"roles": ["reviewer"], "isLocalMode": false}
+  }
+}
+test_default_allowed_for_external_non_destructive {
+  allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "get_pull_request"},
+    "actor": {"roles": ["external"], "isLocalMode": false}
+  }
+}
+test_default_allowed_for_empty_roles {
+  allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "search_issues"},
+    "actor": {"roles": [], "isLocalMode": false}
+  }
+}
+# ---------------------------------------------------------------------------
+# _delete methods blocked for non-admins
+# ---------------------------------------------------------------------------
+test_delete_blocked_for_developer {
+  not allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "repo_delete"},
+    "actor": {"roles": ["developer"], "isLocalMode": false}
+  }
+}
+test_delete_blocked_for_external {
+  not allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "branch_delete"},
+    "actor": {"roles": ["external"], "isLocalMode": false}
+  }
+}
+test_delete_blocked_for_reviewer {
+  not allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "comment_delete"},
+    "actor": {"roles": ["reviewer"], "isLocalMode": false}
+  }
+}
+test_delete_blocked_for_empty_roles {
+  not allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "resource_delete"},
+    "actor": {"roles": [], "isLocalMode": false}
+  }
+}
+# ---------------------------------------------------------------------------
+# Admin can call _delete methods
+# ---------------------------------------------------------------------------
+test_admin_allowed_delete {
+  allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "repo_delete"},
+    "actor": {"roles": ["admin"], "isLocalMode": false}
+  }
+}
+test_admin_allowed_branch_delete {
+  allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "branch_delete"},
+    "actor": {"roles": ["admin"], "isLocalMode": false}
+  }
+}
+test_admin_allowed_any_tool {
+  allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "shell", "methodName": "bash"},
+    "actor": {"roles": ["admin"], "isLocalMode": false}
+  }
+}
+# ---------------------------------------------------------------------------
+# Bash blocked for external contributors
+# ---------------------------------------------------------------------------
+test_bash_blocked_for_external {
+  not allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "shell", "methodName": "bash"},
+    "actor": {"roles": ["external"], "isLocalMode": false}
+  }
+}
+test_bash_allowed_for_developer {
+  allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "shell", "methodName": "bash"},
+    "actor": {"roles": ["developer"], "isLocalMode": false}
+  }
+}
+test_bash_allowed_for_reviewer {
+  allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "shell", "methodName": "bash"},
+    "actor": {"roles": ["reviewer"], "isLocalMode": false}
+  }
+}
+# ---------------------------------------------------------------------------
+# External with _delete – blocked by both rules
+# ---------------------------------------------------------------------------
+test_external_with_delete_denied {
+  not allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "repo_delete"},
+    "actor": {"roles": ["external"], "isLocalMode": false}
+  }
+}
+# ---------------------------------------------------------------------------
+# Method name edge cases
+# ---------------------------------------------------------------------------
+test_method_containing_delete_in_middle_not_blocked {
+  allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "delete_branch"},
+    "actor": {"roles": ["developer"], "isLocalMode": false}
+  }
+}
+test_method_exactly_delete_suffix {
+  not allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "file_delete"},
+    "actor": {"roles": ["developer"], "isLocalMode": false}
+  }
+}
+# ---------------------------------------------------------------------------
+# Reason message
+# ---------------------------------------------------------------------------
+test_reason_present_when_denied {
+  reason == "tool access denied by policy" with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "repo_delete"},
+    "actor": {"roles": ["external"], "isLocalMode": false}
+  }
+}
+test_reason_not_defined_when_allowed {
+  not reason with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "search_issues"},
+    "actor": {"roles": ["developer"], "isLocalMode": false}
+  }
+}
+# ---------------------------------------------------------------------------
+# Multi-role actor – admin role in list overrides restrictions
+# ---------------------------------------------------------------------------
+test_multi_role_with_admin_allows_delete {
+  allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "github", "methodName": "repo_delete"},
+    "actor": {"roles": ["developer", "admin"], "isLocalMode": false}
+  }
+}
+test_multi_role_external_and_developer_bash_blocked {
+  # external role triggers bash block even if other roles are present
+  not allowed with input as {
+    "scope": "tool.invoke",
+    "tool": {"serverName": "shell", "methodName": "bash"},
+    "actor": {"roles": ["external", "developer"], "isLocalMode": false}
+  }
+}
+# ---------------------------------------------------------------------------
+# is_admin helper rule
+# ---------------------------------------------------------------------------
+test_is_admin_true_for_admin_role {
+  is_admin with input as {
+    "actor": {"roles": ["admin"], "isLocalMode": false}
+  }
+}
+test_is_admin_false_for_developer_role {
+  not is_admin with input as {
+    "actor": {"roles": ["developer"], "isLocalMode": false}
+  }
+}
+test_is_admin_false_for_empty_roles {
+  not is_admin with input as {
+    "actor": {"roles": [], "isLocalMode": false}
+  }
+}

package/dist/examples/enterprise-policy/visor.yaml ADDED Viewed

@@ -0,0 +1,64 @@
+# OPA Policy Engine example configuration
+# Requires Visor Enterprise Edition (EE) and a valid license.
+# Contact hello@probelabs.com for licensing.
+version: "1.0"
+policy:
+  engine: local
+  rules: ./policies/
+  fallback: deny
+  timeout: 5000
+  roles:
+    admin:
+      author_association: [OWNER]
+      users: [cto-username]
+      slack_users: [U0123ADMIN]
+      emails: [admin@company.com]
+    developer:
+      author_association: [MEMBER, COLLABORATOR]
+      emails: [alice@co.com, bob@co.com]
+    reviewer:
+      author_association: [MEMBER, COLLABORATOR, CONTRIBUTOR]
+    external:
+      author_association: [FIRST_TIME_CONTRIBUTOR, FIRST_TIMER, NONE]
+    eng-channel:
+      slack_channels: [C0123ENG]
+      slack_users: [U0123ALICE, U0123BOB]
+steps:
+  security-scan:
+    type: ai
+    prompt: "Review for security issues"
+    policy:
+      require: reviewer
+  deploy-staging:
+    type: command
+    exec: ./deploy.sh staging
+    criticality: external
+    assume: "deployment approved"
+    policy:
+      require: [developer, admin]
+      deny: [external]
+  deploy-production:
+    type: command
+    exec: ./deploy.sh production
+    criticality: external
+    assume: "production deployment approved"
+    policy:
+      require: admin
+      rule: visor/deploy/production
+  ai-code-review:
+    type: ai
+    prompt: "Review code quality"
+    ai:
+      allowBash: true
+      allowEdit: true
+      mcpServers:
+        github:
+          command: gh-mcp
+          allowedMethods: ["search_*", "get_*"]

package/dist/failure-condition-evaluator.d.ts CHANGED Viewed

@@ -39,6 +39,24 @@ export declare class FailureConditionEvaluator {
         workflowInputs?: Record<string, unknown>;
         /** Current step's output for guarantee evaluation */
         output?: unknown;
+        /** Conversation context for TUI/CLI/Slack messages */
+        conversation?: {
+            transport?: string;
+            thread?: {
+                id: string;
+            };
+            messages?: Array<{
+                role: string;
+                text: string;
+                timestamp: string;
+            }>;
+            current?: {
+                role: string;
+                text: string;
+                timestamp: string;
+            };
+            attributes?: Record<string, unknown>;
+        };
     }): Promise<boolean>;
     /**
      * Evaluate all failure conditions for a check result

package/dist/failure-condition-evaluator.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/failure-condition-evaluator.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAG3C,OAAO,EACL,iBAAiB,EAGjB,sBAAsB,EAEvB,MAAM,gBAAgB,CAAC;AAMxB;;GAEG;AACH,qBAAa,yBAAyB;IACpC,OAAO,CAAC,OAAO,CAAC,CAAU;;IAI1B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAI3B;;OAEG;IACG,uBAAuB,CAC3B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,aAAa,EAC5B,UAAU,EAAE,MAAM,EAClB,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,EAC/C,iBAAiB,CAAC,EAAE,MAAM,GACzB,OAAO,CAAC,OAAO,CAAC;IA2DnB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAO9B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAOxB;;OAEG;IACG,mBAAmB,CACvB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,WAAW,CAAC,EAAE;QACZ,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAC7C,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACzC,qDAAqD;QACrD,MAAM,CAAC,EAAE,OAAO,CAAC;~~KAClB~~,GACA,OAAO,CAAC,OAAO,CAAC;~~IAoFnB~~;;OAEG;IACG,kBAAkB,CACtB,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,aAAa,EAC5B,gBAAgB,CAAC,EAAE,iBAAiB,EACpC,eAAe,CAAC,EAAE,iBAAiB,EACnC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,EAC/C,iBAAiB,CAAC,EAAE,MAAM,GACzB,OAAO,CAAC,sBAAsB,EAAE,CAAC;IAmCpC;;OAEG;YACW,oBAAoB;IA0ElC;;OAEG;YACW,uBAAuB;IA0BrC;;;OAGG;IACH,OAAO,CAAC,kBAAkB;~~IAwO1B~~;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAOzB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAe9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAkK9B,OAAO,CAAC,qBAAqB;IAmB7B;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,sBAAsB,EAAE,GAAG,OAAO;IAItE;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,sBAAsB,EAAE,GAAG,sBAAsB,EAAE;IAIvF;;OAEG;IACH,MAAM,CAAC,sBAAsB,CAAC,OAAO,EAAE,sBAAsB,EAAE,GAAG;QAChE,KAAK,EAAE,sBAAsB,EAAE,CAAC;QAChC,OAAO,EAAE,sBAAsB,EAAE,CAAC;QAClC,IAAI,EAAE,sBAAsB,EAAE,CAAC;KAChC;IASD;;OAEG;IACH,MAAM,CAAC,aAAa,CAAC,OAAO,EAAE,sBAAsB,EAAE,GAAG,MAAM;CAiChE"}
1	+ {"version":3,"file":"","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/failure-condition-evaluator.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAG3C,OAAO,EACL,iBAAiB,EAGjB,sBAAsB,EAEvB,MAAM,gBAAgB,CAAC;AAMxB;;GAEG;AACH,qBAAa,yBAAyB;IACpC,OAAO,CAAC,OAAO,CAAC,CAAU;;IAI1B;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAI3B;;OAEG;IACG,uBAAuB,CAC3B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,aAAa,EAC5B,UAAU,EAAE,MAAM,EAClB,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,EAC/C,iBAAiB,CAAC,EAAE,MAAM,GACzB,OAAO,CAAC,OAAO,CAAC;IA2DnB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAO9B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAOxB;;OAEG;IACG,mBAAmB,CACvB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,WAAW,CAAC,EAAE;QACZ,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAC7C,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACzC,qDAAqD;QACrD,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,sDAAsD;QACtD,YAAY,CAAC,EAAE;YACb,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB,MAAM,CAAC,EAAE;gBAAE,EAAE,EAAE,MAAM,CAAA;aAAE,CAAC;YACxB,QAAQ,CAAC,EAAE,KAAK,CAAC;gBAAE,IAAI,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,MAAM,CAAC;gBAAC,SAAS,EAAE,MAAM,CAAA;aAAE,CAAC,CAAC;YACpE,OAAO,CAAC,EAAE;gBAAE,IAAI,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,MAAM,CAAC;gBAAC,SAAS,EAAE,MAAM,CAAA;aAAE,CAAC;YAC5D,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SACtC,CAAC;KACH,GACA,OAAO,CAAC,OAAO,CAAC;IAuFnB;;OAEG;IACG,kBAAkB,CACtB,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,aAAa,EAC5B,gBAAgB,CAAC,EAAE,iBAAiB,EACpC,eAAe,CAAC,EAAE,iBAAiB,EACnC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,EAC/C,iBAAiB,CAAC,EAAE,MAAM,GACzB,OAAO,CAAC,sBAAsB,EAAE,CAAC;IAmCpC;;OAEG;YACW,oBAAoB;IA0ElC;;OAEG;YACW,uBAAuB;IA0BrC;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IA2O1B;;OAEG;IACH,OAAO,CAAC,iBAAiB;IAOzB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAe9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAkK9B,OAAO,CAAC,qBAAqB;IAmB7B;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,sBAAsB,EAAE,GAAG,OAAO;IAItE;;OAEG;IACH,MAAM,CAAC,mBAAmB,CAAC,OAAO,EAAE,sBAAsB,EAAE,GAAG,sBAAsB,EAAE;IAIvF;;OAEG;IACH,MAAM,CAAC,sBAAsB,CAAC,OAAO,EAAE,sBAAsB,EAAE,GAAG;QAChE,KAAK,EAAE,sBAAsB,EAAE,CAAC;QAChC,OAAO,EAAE,sBAAsB,EAAE,CAAC;QAClC,IAAI,EAAE,sBAAsB,EAAE,CAAC;KAChC;IASD;;OAEG;IACH,MAAM,CAAC,aAAa,CAAC,OAAO,EAAE,sBAAsB,EAAE,GAAG,MAAM;CAiChE"}

package/dist/frontends/slack-frontend.d.ts CHANGED Viewed

@@ -39,6 +39,7 @@ export declare class SlackFrontend implements Frontend {
     private ackName;
     private doneName;
     private errorNotified;
+    private cachedTraceInfo;
     constructor(config?: SlackFrontendConfig);
     start(ctx: FrontendContext): void;
     stop(): void;

package/dist/frontends/slack-frontend.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"slack-frontend.d.ts","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/frontends/slack-frontend.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAUxD,KAAK,mBAAmB,GAAG;IACzB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,SAAS,CAAC,EAAE;QACV,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;CACH,CAAC;AAEF,qBAAa,aAAc,YAAW,QAAQ;IAC5C,SAAgB,IAAI,WAAW;IAC/B,OAAO,CAAC,IAAI,CAAsC;IAClD,OAAO,CAAC,GAAG,CAAsB;IAEjC,OAAO,CAAC,KAAK,CAAkB;IAC/B,OAAO,CAAC,MAAM,CAAgD;IAC9D,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,QAAQ,CAAsB;IACtC,OAAO,CAAC,aAAa,CAAkB;~~gBAE3B~~,MAAM,CAAC,EAAE,mBAAmB;IAIxC,KAAK,CAAC,GAAG,EAAE,eAAe,GAAG,IAAI;~~IAgJjC~~,IAAI,IAAI,IAAI;IAKZ,OAAO,CAAC,QAAQ;IAchB,OAAO,CAAC,sBAAsB;IAY9B,OAAO,CAAC,oBAAoB;IAW5B,OAAO,CAAC,kBAAkB;YAcZ,cAAc;~~IAoC5B~~,OAAO,CAAC,uBAAuB;YAcjB,yBAAyB;YAgCzB,qBAAqB;~~YAkCrB~~,iBAAiB;IA6B/B;;;;OAIG;YACW,oBAAoB;~~IAyKlC~~,OAAO,CAAC,YAAY;CAWrB"}
1	+ {"version":3,"file":"slack-frontend.d.ts","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/frontends/slack-frontend.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,KAAK,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAUxD,KAAK,mBAAmB,GAAG;IACzB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,SAAS,CAAC,EAAE;QACV,OAAO,CAAC,EAAE,OAAO,CAAC;KACnB,CAAC;CACH,CAAC;AAEF,qBAAa,aAAc,YAAW,QAAQ;IAC5C,SAAgB,IAAI,WAAW;IAC/B,OAAO,CAAC,IAAI,CAAsC;IAClD,OAAO,CAAC,GAAG,CAAsB;IAEjC,OAAO,CAAC,KAAK,CAAkB;IAC/B,OAAO,CAAC,MAAM,CAAgD;IAC9D,OAAO,CAAC,OAAO,CAAkB;IACjC,OAAO,CAAC,QAAQ,CAAsB;IACtC,OAAO,CAAC,aAAa,CAAkB;IACvC,OAAO,CAAC,eAAe,CAAoD;gBAE/D,MAAM,CAAC,EAAE,mBAAmB;IAIxC,KAAK,CAAC,GAAG,EAAE,eAAe,GAAG,IAAI;IA6JjC,IAAI,IAAI,IAAI;IAKZ,OAAO,CAAC,QAAQ;IAchB,OAAO,CAAC,sBAAsB;IAY9B,OAAO,CAAC,oBAAoB;IAW5B,OAAO,CAAC,kBAAkB;YAcZ,cAAc;IA2D5B,OAAO,CAAC,uBAAuB;YAcjB,yBAAyB;YAgCzB,qBAAqB;YAsCrB,iBAAiB;IA6B/B;;;;OAIG;YACW,oBAAoB;IAsMlC,OAAO,CAAC,YAAY;CAWrB"}

package/dist/generated/config-schema.d.ts CHANGED Viewed

@@ -154,6 +154,10 @@ export declare const configSchema: {
                     readonly $ref: "#/definitions/SchedulerConfig";
                     readonly description: "Scheduler configuration for scheduled workflow execution";
                 };
+                readonly policy: {
+                    readonly $ref: "#/definitions/PolicyConfig";
+                    readonly description: "Enterprise policy engine configuration (EE feature)";
+                };
             };
             readonly required: readonly ["version"];
             readonly patternProperties: {
@@ -785,6 +789,10 @@ export declare const configSchema: {
                     readonly type: "boolean";
                     readonly description: "Keep worktree after workflow completion (default: false)";
                 };
+                readonly policy: {
+                    readonly $ref: "#/definitions/StepPolicyOverride";
+                    readonly description: "Per-step policy override (enterprise)";
+                };
             };
             readonly additionalProperties: false;
             readonly description: "Configuration for a single check";
@@ -2058,6 +2066,55 @@ export declare const configSchema: {
                 readonly '^x-': {};
             };
         };
+        readonly PolicyConfig: {
+            readonly type: "object";
+            readonly properties: {
+                readonly engine: {
+                    readonly type: "string";
+                    readonly enum: readonly ["local", "remote", "disabled"];
+                    readonly description: "Policy engine mode: 'local' (WASM), 'remote' (HTTP OPA server), or 'disabled'";
+                };
+                readonly rules: {
+                    readonly anyOf: readonly [{
+                        readonly type: "string";
+                    }, {
+                        readonly type: "array";
+                        readonly items: {
+                            readonly type: "string";
+                        };
+                    }];
+                    readonly description: "Path to .rego files or .wasm bundle (local mode)";
+                };
+                readonly data: {
+                    readonly type: "string";
+                    readonly description: "Path to a JSON file to load as OPA data document (local mode)";
+                };
+                readonly url: {
+                    readonly type: "string";
+                    readonly description: "OPA server URL (remote mode)";
+                };
+                readonly fallback: {
+                    readonly type: "string";
+                    readonly enum: readonly ["allow", "deny", "warn"];
+                    readonly description: "Default decision when policy evaluation fails (default: 'deny'). Use 'warn' for audit mode: violations are logged but not enforced.";
+                };
+                readonly timeout: {
+                    readonly type: "number";
+                    readonly description: "Evaluation timeout in milliseconds (default: 5000)";
+                };
+                readonly roles: {
+                    readonly type: "object";
+                    readonly additionalProperties: {
+                        readonly $ref: "#/definitions/PolicyRoleConfig";
+                    };
+                    readonly description: "Role definitions: map role names to conditions";
+                };
+            };
+            readonly additionalProperties: false;
+            readonly patternProperties: {
+                readonly '^x-': {};
+            };
+        };
         readonly SchedulerLimitsConfig: {
             readonly type: "object";
             readonly properties: {
@@ -2116,6 +2173,57 @@ export declare const configSchema: {
                 readonly '^x-': {};
             };
         };
+        readonly PolicyRoleConfig: {
+            readonly type: "object";
+            readonly properties: {
+                readonly author_association: {
+                    readonly type: "array";
+                    readonly items: {
+                        readonly type: "string";
+                    };
+                    readonly description: "GitHub author associations that map to this role";
+                };
+                readonly teams: {
+                    readonly type: "array";
+                    readonly items: {
+                        readonly type: "string";
+                    };
+                    readonly description: "GitHub team slugs";
+                };
+                readonly users: {
+                    readonly type: "array";
+                    readonly items: {
+                        readonly type: "string";
+                    };
+                    readonly description: "Explicit GitHub usernames";
+                };
+                readonly slack_users: {
+                    readonly type: "array";
+                    readonly items: {
+                        readonly type: "string";
+                    };
+                    readonly description: "Slack user IDs (e.g., U0123ABC)";
+                };
+                readonly emails: {
+                    readonly type: "array";
+                    readonly items: {
+                        readonly type: "string";
+                    };
+                    readonly description: "Email addresses for identity matching";
+                };
+                readonly slack_channels: {
+                    readonly type: "array";
+                    readonly items: {
+                        readonly type: "string";
+                    };
+                    readonly description: "Slack channel IDs — role only applies when triggered from these channels";
+                };
+            };
+            readonly additionalProperties: false;
+            readonly patternProperties: {
+                readonly '^x-': {};
+            };
+        };
         readonly 'Record<string,StaticCronJob>': {
             readonly type: "object";
             readonly additionalProperties: {
@@ -2181,6 +2289,37 @@ export declare const configSchema: {
                 readonly '^x-': {};
             };
         };
+        readonly StepPolicyOverride: {
+            readonly type: "object";
+            readonly properties: {
+                readonly require: {
+                    readonly anyOf: readonly [{
+                        readonly type: "string";
+                    }, {
+                        readonly type: "array";
+                        readonly items: {
+                            readonly type: "string";
+                        };
+                    }];
+                    readonly description: "Required role(s) — any of these roles suffices";
+                };
+                readonly deny: {
+                    readonly type: "array";
+                    readonly items: {
+                        readonly type: "string";
+                    };
+                    readonly description: "Explicit deny for roles";
+                };
+                readonly rule: {
+                    readonly type: "string";
+                    readonly description: "Custom OPA rule path for this step";
+                };
+            };
+            readonly additionalProperties: false;
+            readonly patternProperties: {
+                readonly '^x-': {};
+            };
+        };
     };
 };
 export default configSchema;

package/dist/generated/config-schema.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"config-schema.d.ts","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/generated/config-schema.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8vEf,CAAC;AACX,eAAe,YAAY,CAAC"}
1	+ {"version":3,"file":"config-schema.d.ts","sourceRoot":"","sources":["file:///home/runner/work/visor/visor/src/generated/config-schema.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+2Ef,CAAC;AACX,eAAe,YAAY,CAAC"}