@probelabs/visor 0.1.131-ee → 0.1.132

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (123) hide show
  1. package/README.md +460 -596
  2. package/action.yml +2 -2
  3. package/dist/ai-review-service.d.ts +3 -0
  4. package/dist/ai-review-service.d.ts.map +1 -1
  5. package/dist/cli-main.d.ts.map +1 -1
  6. package/dist/config/config-watcher.d.ts +15 -1
  7. package/dist/config/config-watcher.d.ts.map +1 -1
  8. package/dist/enterprise/policy/policy-input-builder.d.ts +2 -0
  9. package/dist/enterprise/policy/policy-input-builder.d.ts.map +1 -1
  10. package/dist/frontends/slack-frontend.d.ts.map +1 -1
  11. package/dist/generated/config-schema.d.ts +404 -96
  12. package/dist/generated/config-schema.d.ts.map +1 -1
  13. package/dist/generated/config-schema.json +2875 -0
  14. package/dist/index.js +23085 -10225
  15. package/dist/output/traces/run-2026-02-18T11-06-48-673Z.ndjson +138 -0
  16. package/dist/output/traces/run-2026-02-18T11-07-37-310Z.ndjson +1357 -0
  17. package/dist/providers/ai-check-provider.d.ts +12 -0
  18. package/dist/providers/ai-check-provider.d.ts.map +1 -1
  19. package/dist/providers/workflow-check-provider.d.ts.map +1 -1
  20. package/dist/providers/workflow-tool-executor.d.ts +5 -1
  21. package/dist/providers/workflow-tool-executor.d.ts.map +1 -1
  22. package/dist/sdk/{check-provider-registry-FMHECPI4.mjs → check-provider-registry-4WLTLPMU.mjs} +7 -7
  23. package/dist/sdk/{check-provider-registry-ZOLEYDKM.mjs → check-provider-registry-7TCA3NSG.mjs} +6 -6
  24. package/dist/sdk/check-provider-registry-RRUZHGJI.mjs +28 -0
  25. package/dist/sdk/{chunk-EBTD2D4L.mjs → chunk-27RV5RR2.mjs} +2 -2
  26. package/dist/sdk/{chunk-UXMMGCAS.mjs → chunk-5VY5QJTY.mjs} +236 -47
  27. package/dist/sdk/chunk-5VY5QJTY.mjs.map +1 -0
  28. package/dist/sdk/{chunk-2GCSK3PD.mjs → chunk-BGBXLPLL.mjs} +3 -3
  29. package/dist/sdk/chunk-BOGVSF57.mjs +40101 -0
  30. package/dist/sdk/chunk-BOGVSF57.mjs.map +1 -0
  31. package/dist/sdk/chunk-FAKITJ3J.mjs +739 -0
  32. package/dist/sdk/chunk-FAKITJ3J.mjs.map +1 -0
  33. package/dist/sdk/chunk-LMJNI6RM.mjs +436 -0
  34. package/dist/sdk/chunk-LMJNI6RM.mjs.map +1 -0
  35. package/dist/sdk/{chunk-LQ5B4T6L.mjs → chunk-U3BLLEW3.mjs} +431 -82
  36. package/dist/sdk/chunk-U3BLLEW3.mjs.map +1 -0
  37. package/dist/sdk/chunk-UBDHAGYY.mjs +1502 -0
  38. package/dist/sdk/chunk-UBDHAGYY.mjs.map +1 -0
  39. package/dist/sdk/{chunk-N4I6ZDCJ.mjs → chunk-VG7FWDC2.mjs} +3 -3
  40. package/dist/sdk/chunk-VG7FWDC2.mjs.map +1 -0
  41. package/dist/sdk/{chunk-MQ57AB4U.mjs → chunk-XGI47XIH.mjs} +260 -55
  42. package/dist/sdk/chunk-XGI47XIH.mjs.map +1 -0
  43. package/dist/sdk/{config-4EG7IQIU.mjs → config-FMIIATKX.mjs} +2 -2
  44. package/dist/sdk/{failure-condition-evaluator-GLHZZF47.mjs → failure-condition-evaluator-MUUAK7MN.mjs} +3 -3
  45. package/dist/sdk/failure-condition-evaluator-PNONVBXD.mjs +17 -0
  46. package/dist/sdk/{github-frontend-F4TE2JY7.mjs → github-frontend-DWF6BLZH.mjs} +3 -3
  47. package/dist/sdk/github-frontend-WR4S3NG5.mjs +1356 -0
  48. package/dist/sdk/github-frontend-WR4S3NG5.mjs.map +1 -0
  49. package/dist/sdk/{host-GOOVFXW6.mjs → host-S3LSWESP.mjs} +3 -3
  50. package/dist/sdk/{host-VA3ET7N6.mjs → host-U7V54J2H.mjs} +3 -3
  51. package/dist/sdk/{routing-OXQKETSA.mjs → routing-F4FOWVKF.mjs} +4 -4
  52. package/dist/sdk/routing-MVDVJDYJ.mjs +25 -0
  53. package/dist/sdk/{schedule-tool-handler-YTBMLVEA.mjs → schedule-tool-handler-7DNEGDZC.mjs} +7 -7
  54. package/dist/sdk/{schedule-tool-handler-PJVKWSYX.mjs → schedule-tool-handler-FRN3KKRM.mjs} +6 -6
  55. package/dist/sdk/schedule-tool-handler-VFES42DD.mjs +38 -0
  56. package/dist/sdk/schedule-tool-handler-VFES42DD.mjs.map +1 -0
  57. package/dist/sdk/sdk.d.mts +56 -38
  58. package/dist/sdk/sdk.d.ts +56 -38
  59. package/dist/sdk/sdk.js +1017 -1646
  60. package/dist/sdk/sdk.js.map +1 -1
  61. package/dist/sdk/sdk.mjs +6 -6
  62. package/dist/sdk/{slack-frontend-LAY45IBR.mjs → slack-frontend-JS2VAZWB.mjs} +95 -4
  63. package/dist/sdk/slack-frontend-JS2VAZWB.mjs.map +1 -0
  64. package/dist/sdk/{trace-helpers-R2ETIEC2.mjs → trace-helpers-KSPGA24B.mjs} +2 -2
  65. package/dist/sdk/trace-helpers-KSPGA24B.mjs.map +1 -0
  66. package/dist/sdk/trace-helpers-RDPXIN4S.mjs +25 -0
  67. package/dist/sdk/trace-helpers-RDPXIN4S.mjs.map +1 -0
  68. package/dist/sdk/{workflow-check-provider-4SA32BO7.mjs → workflow-check-provider-4NFWH6YO.mjs} +7 -7
  69. package/dist/sdk/workflow-check-provider-4NFWH6YO.mjs.map +1 -0
  70. package/dist/sdk/{workflow-check-provider-57KAR4Y4.mjs → workflow-check-provider-BMVJ6X7N.mjs} +6 -6
  71. package/dist/sdk/workflow-check-provider-BMVJ6X7N.mjs.map +1 -0
  72. package/dist/sdk/workflow-check-provider-CPGIRZMH.mjs +28 -0
  73. package/dist/sdk/workflow-check-provider-CPGIRZMH.mjs.map +1 -0
  74. package/dist/slack/adapter.d.ts +2 -0
  75. package/dist/slack/adapter.d.ts.map +1 -1
  76. package/dist/slack/client.d.ts +3 -0
  77. package/dist/slack/client.d.ts.map +1 -1
  78. package/dist/slack/markdown.d.ts +29 -0
  79. package/dist/slack/markdown.d.ts.map +1 -1
  80. package/dist/slack/socket-runner.d.ts +2 -0
  81. package/dist/slack/socket-runner.d.ts.map +1 -1
  82. package/dist/traces/run-2026-02-18T11-06-48-673Z.ndjson +138 -0
  83. package/dist/traces/run-2026-02-18T11-07-37-310Z.ndjson +1357 -0
  84. package/dist/tui/chat-tui.d.ts +7 -0
  85. package/dist/tui/chat-tui.d.ts.map +1 -1
  86. package/dist/tui/components/input-bar.d.ts +11 -0
  87. package/dist/tui/components/input-bar.d.ts.map +1 -1
  88. package/dist/tui/components/trace-viewer.d.ts +25 -1
  89. package/dist/tui/components/trace-viewer.d.ts.map +1 -1
  90. package/dist/types/bot.d.ts +12 -0
  91. package/dist/types/bot.d.ts.map +1 -1
  92. package/dist/types/config.d.ts +4 -1
  93. package/dist/types/config.d.ts.map +1 -1
  94. package/package.json +3 -3
  95. package/dist/defaults/.visor.yaml +0 -420
  96. package/dist/sdk/chunk-LQ5B4T6L.mjs.map +0 -1
  97. package/dist/sdk/chunk-MQ57AB4U.mjs.map +0 -1
  98. package/dist/sdk/chunk-N4I6ZDCJ.mjs.map +0 -1
  99. package/dist/sdk/chunk-UXMMGCAS.mjs.map +0 -1
  100. package/dist/sdk/knex-store-HPXJILBL.mjs +0 -411
  101. package/dist/sdk/knex-store-HPXJILBL.mjs.map +0 -1
  102. package/dist/sdk/loader-ID5LMXOW.mjs +0 -89
  103. package/dist/sdk/loader-ID5LMXOW.mjs.map +0 -1
  104. package/dist/sdk/opa-policy-engine-UUPFN5CL.mjs +0 -655
  105. package/dist/sdk/opa-policy-engine-UUPFN5CL.mjs.map +0 -1
  106. package/dist/sdk/slack-frontend-LAY45IBR.mjs.map +0 -1
  107. package/dist/sdk/validator-XTZJZZJH.mjs +0 -134
  108. package/dist/sdk/validator-XTZJZZJH.mjs.map +0 -1
  109. /package/dist/sdk/{check-provider-registry-FMHECPI4.mjs.map → check-provider-registry-4WLTLPMU.mjs.map} +0 -0
  110. /package/dist/sdk/{check-provider-registry-ZOLEYDKM.mjs.map → check-provider-registry-7TCA3NSG.mjs.map} +0 -0
  111. /package/dist/sdk/{config-4EG7IQIU.mjs.map → check-provider-registry-RRUZHGJI.mjs.map} +0 -0
  112. /package/dist/sdk/{chunk-EBTD2D4L.mjs.map → chunk-27RV5RR2.mjs.map} +0 -0
  113. /package/dist/sdk/{chunk-2GCSK3PD.mjs.map → chunk-BGBXLPLL.mjs.map} +0 -0
  114. /package/dist/sdk/{failure-condition-evaluator-GLHZZF47.mjs.map → config-FMIIATKX.mjs.map} +0 -0
  115. /package/dist/sdk/{routing-OXQKETSA.mjs.map → failure-condition-evaluator-MUUAK7MN.mjs.map} +0 -0
  116. /package/dist/sdk/{schedule-tool-handler-PJVKWSYX.mjs.map → failure-condition-evaluator-PNONVBXD.mjs.map} +0 -0
  117. /package/dist/sdk/{github-frontend-F4TE2JY7.mjs.map → github-frontend-DWF6BLZH.mjs.map} +0 -0
  118. /package/dist/sdk/{host-GOOVFXW6.mjs.map → host-S3LSWESP.mjs.map} +0 -0
  119. /package/dist/sdk/{host-VA3ET7N6.mjs.map → host-U7V54J2H.mjs.map} +0 -0
  120. /package/dist/sdk/{schedule-tool-handler-YTBMLVEA.mjs.map → routing-F4FOWVKF.mjs.map} +0 -0
  121. /package/dist/sdk/{trace-helpers-R2ETIEC2.mjs.map → routing-MVDVJDYJ.mjs.map} +0 -0
  122. /package/dist/sdk/{workflow-check-provider-4SA32BO7.mjs.map → schedule-tool-handler-7DNEGDZC.mjs.map} +0 -0
  123. /package/dist/sdk/{workflow-check-provider-57KAR4Y4.mjs.map → schedule-tool-handler-FRN3KKRM.mjs.map} +0 -0
package/dist/generated/config-schema.d.ts CHANGED
@@ -100,6 +100,10 @@ export declare const configSchema: {
100
100
  readonly type: "number";
101
101
  readonly description: "Maximum number of checks to run in parallel (default: 3)";
102
102
  };
103
+ readonly max_ai_concurrency: {
104
+ readonly type: "number";
105
+ readonly description: "Maximum total concurrent AI API calls across all checks (default: unlimited). When set, creates a shared concurrency limiter that gates every LLM request across all ProbeAgent instances in this run.";
106
+ };
103
107
  readonly fail_fast: {
104
108
  readonly type: "boolean";
105
109
  readonly description: "Stop execution when any check fails (default: false)";
@@ -146,6 +150,18 @@ export declare const configSchema: {
146
150
  readonly $ref: "#/definitions/WorkspaceConfig";
147
151
  readonly description: "Workspace isolation configuration for sandboxed execution";
148
152
  };
153
+ readonly sandbox: {
154
+ readonly type: "string";
155
+ readonly description: "Workspace-level default sandbox name (all checks use this unless overridden)";
156
+ };
157
+ readonly sandboxes: {
158
+ readonly $ref: "#/definitions/Record%3Cstring%2CSandboxConfig%3E";
159
+ readonly description: "Named sandbox environment definitions";
160
+ };
161
+ readonly sandbox_defaults: {
162
+ readonly $ref: "#/definitions/SandboxDefaults";
163
+ readonly description: "Workspace-level sandbox defaults (env allowlist, etc.)";
164
+ };
149
165
  readonly slack: {
150
166
  readonly $ref: "#/definitions/SlackConfig";
151
167
  readonly description: "Slack configuration";
@@ -156,7 +172,7 @@ export declare const configSchema: {
156
172
  };
157
173
  readonly policy: {
158
174
  readonly $ref: "#/definitions/PolicyConfig";
159
- readonly description: "Enterprise policy engine configuration (EE feature)";
175
+ readonly description: "Enterprise policy engine configuration";
160
176
  };
161
177
  };
162
178
  readonly required: readonly ["version"];
@@ -459,7 +475,7 @@ export declare const configSchema: {
459
475
  };
460
476
  readonly ai_bash_config_js: {
461
477
  readonly type: "string";
462
- readonly description: "JavaScript expression to dynamically compute bash configuration for this AI check. Expression has access to: outputs, inputs, pr, files, env, memory. Must return a BashConfig object with optional allow/deny string arrays.\n\nExample: ``` return outputs['build-config']?.bash_config ?? {}; ```";
478
+ readonly description: "JavaScript expression to dynamically compute bash configuration for this AI check. Expression has access to: outputs, inputs, pr, files, env, memory Must return a BashConfig object with allow/deny arrays.\n\nExample: ``` return outputs['build-config']?.bash_config ?? {}; ```";
463
479
  };
464
480
  readonly claude_code: {
465
481
  readonly $ref: "#/definitions/ClaudeCodeConfig";
@@ -710,7 +726,7 @@ export declare const configSchema: {
710
726
  readonly description: "Arguments/inputs for the workflow";
711
727
  };
712
728
  readonly overrides: {
713
- readonly $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-12605-26099-src_types_config.ts-0-46407%3E%3E";
729
+ readonly $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381%3E%3E";
714
730
  readonly description: "Override specific step configurations in the workflow";
715
731
  };
716
732
  readonly output_mapping: {
@@ -726,7 +742,7 @@ export declare const configSchema: {
726
742
  readonly description: "Config file path - alternative to workflow ID (loads a Visor config file as workflow)";
727
743
  };
728
744
  readonly workflow_overrides: {
729
- readonly $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-12605-26099-src_types_config.ts-0-46407%3E%3E";
745
+ readonly $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381%3E%3E";
730
746
  readonly description: "Alias for overrides - workflow step overrides (backward compatibility)";
731
747
  };
732
748
  readonly ref: {
@@ -793,6 +809,10 @@ export declare const configSchema: {
793
809
  readonly type: "boolean";
794
810
  readonly description: "Keep worktree after workflow completion (default: false)";
795
811
  };
812
+ readonly sandbox: {
813
+ readonly type: "string";
814
+ readonly description: "Sandbox name to use for this check (overrides workspace-level default)";
815
+ };
796
816
  readonly policy: {
797
817
  readonly $ref: "#/definitions/StepPolicyOverride";
798
818
  readonly description: "Per-step policy override (enterprise)";
@@ -913,6 +933,14 @@ export declare const configSchema: {
913
933
  readonly type: "string";
914
934
  readonly description: "Completion prompt for post-completion validation/review (runs after attempt_completion)";
915
935
  };
936
+ readonly enable_scheduler: {
937
+ readonly type: "boolean";
938
+ readonly description: "Enable the schedule tool for scheduling workflow executions (requires scheduler configuration)";
939
+ };
940
+ readonly enableExecutePlan: {
941
+ readonly type: "boolean";
942
+ readonly description: "Enable the execute_plan DSL orchestration tool (replaces analyze_all when enabled)";
943
+ };
916
944
  };
917
945
  readonly additionalProperties: false;
918
946
  readonly description: "AI provider configuration";
@@ -1366,7 +1394,7 @@ export declare const configSchema: {
1366
1394
  readonly description: "Custom output name (defaults to workflow name)";
1367
1395
  };
1368
1396
  readonly overrides: {
1369
- readonly $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-12605-26099-src_types_config.ts-0-46407%3E%3E";
1397
+ readonly $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381%3E%3E";
1370
1398
  readonly description: "Step overrides";
1371
1399
  };
1372
1400
  readonly output_mapping: {
@@ -1381,13 +1409,13 @@ export declare const configSchema: {
1381
1409
  readonly '^x-': {};
1382
1410
  };
1383
1411
  };
1384
- readonly 'Record<string,Partial<interface-src_types_config.ts-12605-26099-src_types_config.ts-0-46407>>': {
1412
+ readonly 'Record<string,Partial<interface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381>>': {
1385
1413
  readonly type: "object";
1386
1414
  readonly additionalProperties: {
1387
- readonly $ref: "#/definitions/Partial%3Cinterface-src_types_config.ts-12605-26099-src_types_config.ts-0-46407%3E";
1415
+ readonly $ref: "#/definitions/Partial%3Cinterface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381%3E";
1388
1416
  };
1389
1417
  };
1390
- readonly 'Partial<interface-src_types_config.ts-12605-26099-src_types_config.ts-0-46407>': {
1418
+ readonly 'Partial<interface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381>': {
1391
1419
  readonly type: "object";
1392
1420
  readonly additionalProperties: false;
1393
1421
  };
@@ -1501,9 +1529,9 @@ export declare const configSchema: {
1501
1529
  readonly run: {
1502
1530
  readonly type: "array";
1503
1531
  readonly items: {
1504
- readonly type: "string";
1532
+ readonly $ref: "#/definitions/OnSuccessRunItem";
1505
1533
  };
1506
- readonly description: "Post-success steps to run";
1534
+ readonly description: "Post-success steps to run - can be step names or rich invocations with arguments";
1507
1535
  };
1508
1536
  readonly goto: {
1509
1537
  readonly type: "string";
@@ -1535,6 +1563,16 @@ export declare const configSchema: {
1535
1563
  readonly '^x-': {};
1536
1564
  };
1537
1565
  };
1566
+ readonly OnSuccessRunItem: {
1567
+ readonly anyOf: readonly [{
1568
+ readonly type: "string";
1569
+ }, {
1570
+ readonly $ref: "#/definitions/OnInitStepInvocation";
1571
+ }, {
1572
+ readonly $ref: "#/definitions/OnInitWorkflowInvocation";
1573
+ }];
1574
+ readonly description: "Success routing run item - can be step name, step with args, or workflow with args";
1575
+ };
1538
1576
  readonly OnFinishConfig: {
1539
1577
  readonly type: "object";
1540
1578
  readonly properties: {
@@ -1575,6 +1613,37 @@ export declare const configSchema: {
1575
1613
  readonly '^x-': {};
1576
1614
  };
1577
1615
  };
1616
+ readonly StepPolicyOverride: {
1617
+ readonly type: "object";
1618
+ readonly properties: {
1619
+ readonly require: {
1620
+ readonly anyOf: readonly [{
1621
+ readonly type: "string";
1622
+ }, {
1623
+ readonly type: "array";
1624
+ readonly items: {
1625
+ readonly type: "string";
1626
+ };
1627
+ }];
1628
+ readonly description: "Required role(s) - any of these roles suffices";
1629
+ };
1630
+ readonly deny: {
1631
+ readonly type: "array";
1632
+ readonly items: {
1633
+ readonly type: "string";
1634
+ };
1635
+ readonly description: "Explicit deny for roles";
1636
+ };
1637
+ readonly rule: {
1638
+ readonly type: "string";
1639
+ readonly description: "Custom OPA rule path for this step";
1640
+ };
1641
+ };
1642
+ readonly additionalProperties: false;
1643
+ readonly patternProperties: {
1644
+ readonly '^x-': {};
1645
+ };
1646
+ };
1578
1647
  readonly OutputConfig: {
1579
1648
  readonly type: "object";
1580
1649
  readonly properties: {
@@ -1975,6 +2044,141 @@ export declare const configSchema: {
1975
2044
  readonly '^x-': {};
1976
2045
  };
1977
2046
  };
2047
+ readonly 'Record<string,SandboxConfig>': {
2048
+ readonly type: "object";
2049
+ readonly additionalProperties: {
2050
+ readonly $ref: "#/definitions/SandboxConfig";
2051
+ };
2052
+ };
2053
+ readonly SandboxConfig: {
2054
+ readonly type: "object";
2055
+ readonly properties: {
2056
+ readonly image: {
2057
+ readonly type: "string";
2058
+ readonly description: "Docker image to use (e.g., \"node:20-alpine\")";
2059
+ };
2060
+ readonly dockerfile: {
2061
+ readonly type: "string";
2062
+ readonly description: "Path to Dockerfile (relative to config file or absolute)";
2063
+ };
2064
+ readonly dockerfile_inline: {
2065
+ readonly type: "string";
2066
+ readonly description: "Inline Dockerfile content";
2067
+ };
2068
+ readonly compose: {
2069
+ readonly type: "string";
2070
+ readonly description: "Path to docker-compose file";
2071
+ };
2072
+ readonly service: {
2073
+ readonly type: "string";
2074
+ readonly description: "Service name within the compose file";
2075
+ };
2076
+ readonly workdir: {
2077
+ readonly type: "string";
2078
+ readonly description: "Working directory inside container (default: /workspace)";
2079
+ };
2080
+ readonly env_passthrough: {
2081
+ readonly type: "array";
2082
+ readonly items: {
2083
+ readonly type: "string";
2084
+ };
2085
+ readonly description: "Glob patterns for host env vars to forward into sandbox";
2086
+ };
2087
+ readonly network: {
2088
+ readonly type: "boolean";
2089
+ readonly description: "Enable/disable network access (default: true)";
2090
+ };
2091
+ readonly read_only: {
2092
+ readonly type: "boolean";
2093
+ readonly description: "Mount repo as read-only (default: false)";
2094
+ };
2095
+ readonly resources: {
2096
+ readonly $ref: "#/definitions/SandboxResourceConfig";
2097
+ readonly description: "Resource limits";
2098
+ };
2099
+ readonly visor_path: {
2100
+ readonly type: "string";
2101
+ readonly description: "Where visor is mounted inside container (default: /opt/visor)";
2102
+ };
2103
+ readonly cache: {
2104
+ readonly $ref: "#/definitions/SandboxCacheConfig";
2105
+ readonly description: "Cache volume configuration";
2106
+ };
2107
+ };
2108
+ readonly additionalProperties: false;
2109
+ readonly description: "Configuration for a single sandbox environment";
2110
+ readonly patternProperties: {
2111
+ readonly '^x-': {};
2112
+ };
2113
+ };
2114
+ readonly SandboxResourceConfig: {
2115
+ readonly type: "object";
2116
+ readonly properties: {
2117
+ readonly memory: {
2118
+ readonly type: "string";
2119
+ readonly description: "Memory limit (e.g., \"512m\", \"2g\")";
2120
+ };
2121
+ readonly cpu: {
2122
+ readonly type: "number";
2123
+ readonly description: "CPU limit (e.g., 1.0, 0.5)";
2124
+ };
2125
+ };
2126
+ readonly additionalProperties: false;
2127
+ readonly description: "Resource limits for sandbox containers";
2128
+ readonly patternProperties: {
2129
+ readonly '^x-': {};
2130
+ };
2131
+ };
2132
+ readonly SandboxCacheConfig: {
2133
+ readonly type: "object";
2134
+ readonly properties: {
2135
+ readonly prefix: {
2136
+ readonly type: "string";
2137
+ readonly description: "Liquid template for cache scope prefix (default: git branch)";
2138
+ };
2139
+ readonly fallback_prefix: {
2140
+ readonly type: "string";
2141
+ readonly description: "Fallback prefix when current prefix has no cache";
2142
+ };
2143
+ readonly paths: {
2144
+ readonly type: "array";
2145
+ readonly items: {
2146
+ readonly type: "string";
2147
+ };
2148
+ readonly description: "Paths inside the container to cache";
2149
+ };
2150
+ readonly ttl: {
2151
+ readonly type: "string";
2152
+ readonly description: "Time-to-live for cache volumes (e.g., \"7d\", \"24h\")";
2153
+ };
2154
+ readonly max_scopes: {
2155
+ readonly type: "number";
2156
+ readonly description: "Maximum number of cache scopes to keep";
2157
+ };
2158
+ };
2159
+ readonly required: readonly ["paths"];
2160
+ readonly additionalProperties: false;
2161
+ readonly description: "Cache configuration for sandbox volumes";
2162
+ readonly patternProperties: {
2163
+ readonly '^x-': {};
2164
+ };
2165
+ };
2166
+ readonly SandboxDefaults: {
2167
+ readonly type: "object";
2168
+ readonly properties: {
2169
+ readonly env_passthrough: {
2170
+ readonly type: "array";
2171
+ readonly items: {
2172
+ readonly type: "string";
2173
+ };
2174
+ readonly description: "Base env var patterns for all sandboxes (replaces hardcoded defaults when set)";
2175
+ };
2176
+ };
2177
+ readonly additionalProperties: false;
2178
+ readonly patternProperties: {
2179
+ readonly '^x-': {};
2180
+ };
2181
+ };
1978
2182
  readonly SlackConfig: {
1979
2183
  readonly type: "object";
1980
2184
  readonly properties: {
@@ -2034,7 +2238,16 @@ export declare const configSchema: {
2034
2238
  readonly properties: {
2035
2239
  readonly path: {
2036
2240
  readonly type: "string";
2037
- readonly description: "Path to schedules JSON file (default: .visor/schedules.json)";
2241
+ readonly description: "Path to schedules JSON file (legacy, triggers auto-migration)";
2242
+ };
2243
+ readonly driver: {
2244
+ readonly type: "string";
2245
+ readonly enum: readonly ["sqlite", "postgresql", "mysql", "mssql"];
2246
+ readonly description: "Database driver (default: 'sqlite')";
2247
+ };
2248
+ readonly connection: {
2249
+ readonly $ref: "#/definitions/SchedulerStorageConnectionConfig";
2250
+ readonly description: "Database connection configuration";
2038
2251
  };
2039
2252
  };
2040
2253
  readonly additionalProperties: false;
@@ -2043,6 +2256,10 @@ export declare const configSchema: {
2043
2256
  readonly '^x-': {};
2044
2257
  };
2045
2258
  };
2259
+ readonly ha: {
2260
+ readonly $ref: "#/definitions/SchedulerHAConfig";
2261
+ readonly description: "High-availability configuration for multi-node deployments";
2262
+ };
2046
2263
  readonly limits: {
2047
2264
  readonly $ref: "#/definitions/SchedulerLimitsConfig";
2048
2265
  readonly description: "Limits for dynamic schedules";
@@ -2070,51 +2287,120 @@ export declare const configSchema: {
2070
2287
  readonly '^x-': {};
2071
2288
  };
2072
2289
  };
2073
- readonly PolicyConfig: {
2290
+ readonly SchedulerStorageConnectionConfig: {
2074
2291
  readonly type: "object";
2075
2292
  readonly properties: {
2076
- readonly engine: {
2293
+ readonly filename: {
2077
2294
  readonly type: "string";
2078
- readonly enum: readonly ["local", "remote", "disabled"];
2079
- readonly description: "Policy engine mode: 'local' (WASM), 'remote' (HTTP OPA server), or 'disabled'";
2295
+ readonly description: "SQLite database file path (default: '.visor/schedules.db')";
2080
2296
  };
2081
- readonly rules: {
2297
+ readonly host: {
2298
+ readonly type: "string";
2299
+ readonly description: "Database host (PostgreSQL/MySQL/MSSQL)";
2300
+ };
2301
+ readonly port: {
2302
+ readonly type: "number";
2303
+ readonly description: "Database port (PostgreSQL/MySQL/MSSQL)";
2304
+ };
2305
+ readonly database: {
2306
+ readonly type: "string";
2307
+ readonly description: "Database name (PostgreSQL/MySQL/MSSQL)";
2308
+ };
2309
+ readonly user: {
2310
+ readonly type: "string";
2311
+ readonly description: "Database user (PostgreSQL/MySQL/MSSQL)";
2312
+ };
2313
+ readonly password: {
2314
+ readonly type: "string";
2315
+ readonly description: "Database password (PostgreSQL/MySQL/MSSQL)";
2316
+ };
2317
+ readonly ssl: {
2082
2318
  readonly anyOf: readonly [{
2083
- readonly type: "string";
2319
+ readonly type: "boolean";
2084
2320
  }, {
2085
- readonly type: "array";
2086
- readonly items: {
2087
- readonly type: "string";
2088
- };
2321
+ readonly $ref: "#/definitions/SchedulerSslConfig";
2089
2322
  }];
2090
- readonly description: "Path to .rego files or .wasm bundle (local mode)";
2323
+ readonly description: "SSL/TLS configuration (PostgreSQL/MySQL/MSSQL)";
2091
2324
  };
2092
- readonly data: {
2325
+ readonly connection_string: {
2093
2326
  readonly type: "string";
2094
- readonly description: "Path to a JSON file to load as OPA data document (local mode)";
2327
+ readonly description: "Connection string URL (e.g., postgresql://user:pass@host/db)";
2095
2328
  };
2096
- readonly url: {
2329
+ readonly pool: {
2330
+ readonly type: "object";
2331
+ readonly properties: {
2332
+ readonly min: {
2333
+ readonly type: "number";
2334
+ };
2335
+ readonly max: {
2336
+ readonly type: "number";
2337
+ };
2338
+ };
2339
+ readonly additionalProperties: false;
2340
+ readonly description: "Connection pool configuration";
2341
+ readonly patternProperties: {
2342
+ readonly '^x-': {};
2343
+ };
2344
+ };
2345
+ };
2346
+ readonly additionalProperties: false;
2347
+ readonly description: "Scheduler storage connection configuration";
2348
+ readonly patternProperties: {
2349
+ readonly '^x-': {};
2350
+ };
2351
+ };
2352
+ readonly SchedulerSslConfig: {
2353
+ readonly type: "object";
2354
+ readonly properties: {
2355
+ readonly enabled: {
2356
+ readonly type: "boolean";
2357
+ readonly description: "Enable SSL (default: true when SslConfig object is provided)";
2358
+ };
2359
+ readonly reject_unauthorized: {
2360
+ readonly type: "boolean";
2361
+ readonly description: "Reject unauthorized certificates (default: true)";
2362
+ };
2363
+ readonly ca: {
2097
2364
  readonly type: "string";
2098
- readonly description: "OPA server URL (remote mode)";
2365
+ readonly description: "Path to CA certificate PEM file";
2099
2366
  };
2100
- readonly fallback: {
2367
+ readonly cert: {
2101
2368
  readonly type: "string";
2102
- readonly enum: readonly ["allow", "deny", "warn"];
2103
- readonly description: "Default decision when policy evaluation fails (default: 'deny'). Use 'warn' for audit mode: violations are logged but not enforced.";
2369
+ readonly description: "Path to client certificate PEM file";
2104
2370
  };
2105
- readonly timeout: {
2371
+ readonly key: {
2372
+ readonly type: "string";
2373
+ readonly description: "Path to client key PEM file";
2374
+ };
2375
+ };
2376
+ readonly additionalProperties: false;
2377
+ readonly description: "SSL/TLS configuration for scheduler database connections";
2378
+ readonly patternProperties: {
2379
+ readonly '^x-': {};
2380
+ };
2381
+ };
2382
+ readonly SchedulerHAConfig: {
2383
+ readonly type: "object";
2384
+ readonly properties: {
2385
+ readonly enabled: {
2386
+ readonly type: "boolean";
2387
+ readonly description: "Enable distributed locking for multi-node deployments (default: false)";
2388
+ };
2389
+ readonly node_id: {
2390
+ readonly type: "string";
2391
+ readonly description: "Unique node identifier (default: hostname-pid)";
2392
+ };
2393
+ readonly lock_ttl: {
2106
2394
  readonly type: "number";
2107
- readonly description: "Evaluation timeout in milliseconds (default: 5000)";
2395
+ readonly description: "Lock time-to-live in seconds (default: 60)";
2108
2396
  };
2109
- readonly roles: {
2110
- readonly type: "object";
2111
- readonly additionalProperties: {
2112
- readonly $ref: "#/definitions/PolicyRoleConfig";
2113
- };
2114
- readonly description: "Role definitions: map role names to conditions";
2397
+ readonly heartbeat_interval: {
2398
+ readonly type: "number";
2399
+ readonly description: "Heartbeat interval for lock renewal in seconds (default: 15)";
2115
2400
  };
2116
2401
  };
2117
2402
  readonly additionalProperties: false;
2403
+ readonly description: "Scheduler high-availability configuration";
2118
2404
  readonly patternProperties: {
2119
2405
  readonly '^x-': {};
2120
2406
  };
@@ -2177,57 +2463,6 @@ export declare const configSchema: {
2177
2463
  readonly '^x-': {};
2178
2464
  };
2179
2465
  };
2180
- readonly PolicyRoleConfig: {
2181
- readonly type: "object";
2182
- readonly properties: {
2183
- readonly author_association: {
2184
- readonly type: "array";
2185
- readonly items: {
2186
- readonly type: "string";
2187
- };
2188
- readonly description: "GitHub author associations that map to this role";
2189
- };
2190
- readonly teams: {
2191
- readonly type: "array";
2192
- readonly items: {
2193
- readonly type: "string";
2194
- };
2195
- readonly description: "GitHub team slugs";
2196
- };
2197
- readonly users: {
2198
- readonly type: "array";
2199
- readonly items: {
2200
- readonly type: "string";
2201
- };
2202
- readonly description: "Explicit GitHub usernames";
2203
- };
2204
- readonly slack_users: {
2205
- readonly type: "array";
2206
- readonly items: {
2207
- readonly type: "string";
2208
- };
2209
- readonly description: "Slack user IDs (e.g., U0123ABC)";
2210
- };
2211
- readonly emails: {
2212
- readonly type: "array";
2213
- readonly items: {
2214
- readonly type: "string";
2215
- };
2216
- readonly description: "Email addresses for identity matching";
2217
- };
2218
- readonly slack_channels: {
2219
- readonly type: "array";
2220
- readonly items: {
2221
- readonly type: "string";
2222
- };
2223
- readonly description: "Slack channel IDs — role only applies when triggered from these channels";
2224
- };
2225
- };
2226
- readonly additionalProperties: false;
2227
- readonly patternProperties: {
2228
- readonly '^x-': {};
2229
- };
2230
- };
2231
2466
  readonly 'Record<string,StaticCronJob>': {
2232
2467
  readonly type: "object";
2233
2468
  readonly additionalProperties: {
@@ -2293,10 +2528,15 @@ export declare const configSchema: {
2293
2528
  readonly '^x-': {};
2294
2529
  };
2295
2530
  };
2296
- readonly StepPolicyOverride: {
2531
+ readonly PolicyConfig: {
2297
2532
  readonly type: "object";
2298
2533
  readonly properties: {
2299
- readonly require: {
2534
+ readonly engine: {
2535
+ readonly type: "string";
2536
+ readonly enum: readonly ["local", "remote", "disabled"];
2537
+ readonly description: "Policy engine mode";
2538
+ };
2539
+ readonly rules: {
2300
2540
  readonly anyOf: readonly [{
2301
2541
  readonly type: "string";
2302
2542
  }, {
@@ -2305,18 +2545,86 @@ export declare const configSchema: {
2305
2545
  readonly type: "string";
2306
2546
  };
2307
2547
  }];
2308
- readonly description: "Required role(s) any of these roles suffices";
2548
+ readonly description: "Path to .rego files or .wasm bundle (local mode)";
2309
2549
  };
2310
- readonly deny: {
2550
+ readonly data: {
2551
+ readonly type: "string";
2552
+ readonly description: "Path to a JSON file to load as OPA data document";
2553
+ };
2554
+ readonly url: {
2555
+ readonly type: "string";
2556
+ readonly description: "OPA server URL (remote mode)";
2557
+ };
2558
+ readonly fallback: {
2559
+ readonly type: "string";
2560
+ readonly enum: readonly ["allow", "deny", "warn"];
2561
+ readonly description: "Default decision when policy evaluation fails";
2562
+ };
2563
+ readonly timeout: {
2564
+ readonly type: "number";
2565
+ readonly description: "Evaluation timeout in ms (default: 5000)";
2566
+ };
2567
+ readonly roles: {
2568
+ readonly $ref: "#/definitions/Record%3Cstring%2CPolicyRoleConfig%3E";
2569
+ readonly description: "Role definitions: map role names to conditions";
2570
+ };
2571
+ };
2572
+ readonly required: readonly ["engine"];
2573
+ readonly additionalProperties: false;
2574
+ readonly patternProperties: {
2575
+ readonly '^x-': {};
2576
+ };
2577
+ };
2578
+ readonly 'Record<string,PolicyRoleConfig>': {
2579
+ readonly type: "object";
2580
+ readonly additionalProperties: {
2581
+ readonly $ref: "#/definitions/PolicyRoleConfig";
2582
+ };
2583
+ };
2584
+ readonly PolicyRoleConfig: {
2585
+ readonly type: "object";
2586
+ readonly properties: {
2587
+ readonly author_association: {
2311
2588
  readonly type: "array";
2312
2589
  readonly items: {
2313
2590
  readonly type: "string";
2314
2591
  };
2315
- readonly description: "Explicit deny for roles";
2592
+ readonly description: "GitHub author associations that map to this role";
2316
2593
  };
2317
- readonly rule: {
2318
- readonly type: "string";
2319
- readonly description: "Custom OPA rule path for this step";
2594
+ readonly teams: {
2595
+ readonly type: "array";
2596
+ readonly items: {
2597
+ readonly type: "string";
2598
+ };
2599
+ readonly description: "GitHub team slugs (requires GitHub API)";
2600
+ };
2601
+ readonly users: {
2602
+ readonly type: "array";
2603
+ readonly items: {
2604
+ readonly type: "string";
2605
+ };
2606
+ readonly description: "Explicit GitHub usernames";
2607
+ };
2608
+ readonly slack_users: {
2609
+ readonly type: "array";
2610
+ readonly items: {
2611
+ readonly type: "string";
2612
+ };
2613
+ readonly description: "Slack user IDs (e.g., [\"U0123ABC\"])";
2614
+ };
2615
+ readonly emails: {
2616
+ readonly type: "array";
2617
+ readonly items: {
2618
+ readonly type: "string";
2619
+ };
2620
+ readonly description: "Email addresses for identity matching (e.g., [\"alice@co.com\"])";
2621
+ };
2622
+ readonly slack_channels: {
2623
+ readonly type: "array";
2624
+ readonly items: {
2625
+ readonly type: "string";
2626
+ };
2627
+ readonly description: "Slack channel IDs — role only applies when triggered from these channels";
2320
2628
  };
2321
2629
  };
2322
2630
  readonly additionalProperties: false;