@probelabs/visor 0.1.131 → 0.1.132

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (116) hide show
  1. package/README.md +460 -596
  2. package/action.yml +2 -2
  3. package/dist/ai-review-service.d.ts +3 -0
  4. package/dist/ai-review-service.d.ts.map +1 -1
  5. package/dist/cli-main.d.ts.map +1 -1
  6. package/dist/config/config-watcher.d.ts +15 -1
  7. package/dist/config/config-watcher.d.ts.map +1 -1
  8. package/dist/enterprise/policy/policy-input-builder.d.ts +2 -0
  9. package/dist/enterprise/policy/policy-input-builder.d.ts.map +1 -1
  10. package/dist/frontends/slack-frontend.d.ts.map +1 -1
  11. package/dist/generated/config-schema.d.ts +404 -96
  12. package/dist/generated/config-schema.d.ts.map +1 -1
  13. package/dist/generated/config-schema.json +2875 -0
  14. package/dist/index.js +23064 -8507
  15. package/dist/{traces/run-2026-02-15T19-14-20-379Z.ndjson → output/traces/run-2026-02-18T11-06-48-673Z.ndjson} +84 -84
  16. package/dist/{traces/run-2026-02-15T19-15-09-410Z.ndjson → output/traces/run-2026-02-18T11-07-37-310Z.ndjson} +1017 -1017
  17. package/dist/providers/ai-check-provider.d.ts +12 -0
  18. package/dist/providers/ai-check-provider.d.ts.map +1 -1
  19. package/dist/providers/workflow-check-provider.d.ts.map +1 -1
  20. package/dist/providers/workflow-tool-executor.d.ts +5 -1
  21. package/dist/providers/workflow-tool-executor.d.ts.map +1 -1
  22. package/dist/sdk/{check-provider-registry-S7BMQ2FC.mjs → check-provider-registry-4WLTLPMU.mjs} +6 -6
  23. package/dist/sdk/{check-provider-registry-ZOLEYDKM.mjs → check-provider-registry-7TCA3NSG.mjs} +6 -6
  24. package/dist/sdk/{check-provider-registry-AAPPJ4CP.mjs → check-provider-registry-RRUZHGJI.mjs} +6 -6
  25. package/dist/sdk/{chunk-OMFPM576.mjs → chunk-27RV5RR2.mjs} +2 -2
  26. package/dist/sdk/{chunk-6ZZ4DPAA.mjs → chunk-5VY5QJTY.mjs} +231 -42
  27. package/dist/sdk/chunk-5VY5QJTY.mjs.map +1 -0
  28. package/dist/sdk/{chunk-2GCSK3PD.mjs → chunk-BGBXLPLL.mjs} +3 -3
  29. package/dist/sdk/{chunk-LDFUW34H.mjs → chunk-BOGVSF57.mjs} +231 -42
  30. package/dist/sdk/chunk-BOGVSF57.mjs.map +1 -0
  31. package/dist/sdk/{chunk-EBTD2D4L.mjs → chunk-FAKITJ3J.mjs} +2 -2
  32. package/dist/sdk/{chunk-RI77TA6V.mjs → chunk-LMJNI6RM.mjs} +4 -4
  33. package/dist/sdk/chunk-LMJNI6RM.mjs.map +1 -0
  34. package/dist/sdk/{chunk-LQ5B4T6L.mjs → chunk-U3BLLEW3.mjs} +431 -82
  35. package/dist/sdk/chunk-U3BLLEW3.mjs.map +1 -0
  36. package/dist/sdk/{chunk-VO4N6TEL.mjs → chunk-UBDHAGYY.mjs} +3 -3
  37. package/dist/sdk/{chunk-N4I6ZDCJ.mjs → chunk-VG7FWDC2.mjs} +3 -3
  38. package/dist/sdk/{chunk-RI77TA6V.mjs.map → chunk-VG7FWDC2.mjs.map} +1 -1
  39. package/dist/sdk/{chunk-MQ57AB4U.mjs → chunk-XGI47XIH.mjs} +260 -55
  40. package/dist/sdk/chunk-XGI47XIH.mjs.map +1 -0
  41. package/dist/sdk/{config-4EG7IQIU.mjs → config-FMIIATKX.mjs} +2 -2
  42. package/dist/sdk/{failure-condition-evaluator-GLHZZF47.mjs → failure-condition-evaluator-MUUAK7MN.mjs} +3 -3
  43. package/dist/sdk/{failure-condition-evaluator-KN55WXRO.mjs → failure-condition-evaluator-PNONVBXD.mjs} +3 -3
  44. package/dist/sdk/{github-frontend-F4TE2JY7.mjs → github-frontend-DWF6BLZH.mjs} +3 -3
  45. package/dist/sdk/{github-frontend-HCOKL53D.mjs → github-frontend-WR4S3NG5.mjs} +3 -3
  46. package/dist/sdk/{host-SAT6RHDX.mjs → host-S3LSWESP.mjs} +3 -3
  47. package/dist/sdk/{host-VA3ET7N6.mjs → host-U7V54J2H.mjs} +3 -3
  48. package/dist/sdk/{routing-KFYQGOYU.mjs → routing-F4FOWVKF.mjs} +4 -4
  49. package/dist/sdk/{routing-OXQKETSA.mjs → routing-MVDVJDYJ.mjs} +4 -4
  50. package/dist/sdk/{schedule-tool-handler-OQF57URO.mjs → schedule-tool-handler-7DNEGDZC.mjs} +6 -6
  51. package/dist/sdk/{schedule-tool-handler-PJVKWSYX.mjs → schedule-tool-handler-FRN3KKRM.mjs} +6 -6
  52. package/dist/sdk/{schedule-tool-handler-G353DHS6.mjs → schedule-tool-handler-VFES42DD.mjs} +6 -6
  53. package/dist/sdk/sdk.d.mts +56 -38
  54. package/dist/sdk/sdk.d.ts +56 -38
  55. package/dist/sdk/sdk.js +744 -115
  56. package/dist/sdk/sdk.js.map +1 -1
  57. package/dist/sdk/sdk.mjs +5 -5
  58. package/dist/sdk/{slack-frontend-LAY45IBR.mjs → slack-frontend-JS2VAZWB.mjs} +95 -4
  59. package/dist/sdk/slack-frontend-JS2VAZWB.mjs.map +1 -0
  60. package/dist/sdk/{trace-helpers-R2ETIEC2.mjs → trace-helpers-KSPGA24B.mjs} +2 -2
  61. package/dist/sdk/{trace-helpers-LOPBHYYX.mjs → trace-helpers-RDPXIN4S.mjs} +2 -2
  62. package/dist/sdk/{workflow-check-provider-LRWD52WN.mjs → workflow-check-provider-4NFWH6YO.mjs} +6 -6
  63. package/dist/sdk/{workflow-check-provider-N2DRFQDB.mjs → workflow-check-provider-BMVJ6X7N.mjs} +6 -6
  64. package/dist/sdk/{workflow-check-provider-57KAR4Y4.mjs → workflow-check-provider-CPGIRZMH.mjs} +6 -6
  65. package/dist/slack/adapter.d.ts +2 -0
  66. package/dist/slack/adapter.d.ts.map +1 -1
  67. package/dist/slack/client.d.ts +3 -0
  68. package/dist/slack/client.d.ts.map +1 -1
  69. package/dist/slack/markdown.d.ts +29 -0
  70. package/dist/slack/markdown.d.ts.map +1 -1
  71. package/dist/slack/socket-runner.d.ts +2 -0
  72. package/dist/slack/socket-runner.d.ts.map +1 -1
  73. package/dist/{output/traces/run-2026-02-15T19-14-20-379Z.ndjson → traces/run-2026-02-18T11-06-48-673Z.ndjson} +84 -84
  74. package/dist/{output/traces/run-2026-02-15T19-15-09-410Z.ndjson → traces/run-2026-02-18T11-07-37-310Z.ndjson} +1017 -1017
  75. package/dist/tui/chat-tui.d.ts +7 -0
  76. package/dist/tui/chat-tui.d.ts.map +1 -1
  77. package/dist/tui/components/input-bar.d.ts +11 -0
  78. package/dist/tui/components/input-bar.d.ts.map +1 -1
  79. package/dist/tui/components/trace-viewer.d.ts +25 -1
  80. package/dist/tui/components/trace-viewer.d.ts.map +1 -1
  81. package/dist/types/bot.d.ts +12 -0
  82. package/dist/types/bot.d.ts.map +1 -1
  83. package/dist/types/config.d.ts +4 -1
  84. package/dist/types/config.d.ts.map +1 -1
  85. package/package.json +3 -3
  86. package/dist/defaults/.visor.yaml +0 -420
  87. package/dist/sdk/chunk-6ZZ4DPAA.mjs.map +0 -1
  88. package/dist/sdk/chunk-LDFUW34H.mjs.map +0 -1
  89. package/dist/sdk/chunk-LQ5B4T6L.mjs.map +0 -1
  90. package/dist/sdk/chunk-MQ57AB4U.mjs.map +0 -1
  91. package/dist/sdk/chunk-N4I6ZDCJ.mjs.map +0 -1
  92. package/dist/sdk/slack-frontend-LAY45IBR.mjs.map +0 -1
  93. /package/dist/sdk/{check-provider-registry-AAPPJ4CP.mjs.map → check-provider-registry-4WLTLPMU.mjs.map} +0 -0
  94. /package/dist/sdk/{check-provider-registry-S7BMQ2FC.mjs.map → check-provider-registry-7TCA3NSG.mjs.map} +0 -0
  95. /package/dist/sdk/{check-provider-registry-ZOLEYDKM.mjs.map → check-provider-registry-RRUZHGJI.mjs.map} +0 -0
  96. /package/dist/sdk/{chunk-EBTD2D4L.mjs.map → chunk-27RV5RR2.mjs.map} +0 -0
  97. /package/dist/sdk/{chunk-2GCSK3PD.mjs.map → chunk-BGBXLPLL.mjs.map} +0 -0
  98. /package/dist/sdk/{chunk-OMFPM576.mjs.map → chunk-FAKITJ3J.mjs.map} +0 -0
  99. /package/dist/sdk/{chunk-VO4N6TEL.mjs.map → chunk-UBDHAGYY.mjs.map} +0 -0
  100. /package/dist/sdk/{config-4EG7IQIU.mjs.map → config-FMIIATKX.mjs.map} +0 -0
  101. /package/dist/sdk/{failure-condition-evaluator-GLHZZF47.mjs.map → failure-condition-evaluator-MUUAK7MN.mjs.map} +0 -0
  102. /package/dist/sdk/{failure-condition-evaluator-KN55WXRO.mjs.map → failure-condition-evaluator-PNONVBXD.mjs.map} +0 -0
  103. /package/dist/sdk/{github-frontend-F4TE2JY7.mjs.map → github-frontend-DWF6BLZH.mjs.map} +0 -0
  104. /package/dist/sdk/{github-frontend-HCOKL53D.mjs.map → github-frontend-WR4S3NG5.mjs.map} +0 -0
  105. /package/dist/sdk/{host-SAT6RHDX.mjs.map → host-S3LSWESP.mjs.map} +0 -0
  106. /package/dist/sdk/{host-VA3ET7N6.mjs.map → host-U7V54J2H.mjs.map} +0 -0
  107. /package/dist/sdk/{routing-KFYQGOYU.mjs.map → routing-F4FOWVKF.mjs.map} +0 -0
  108. /package/dist/sdk/{routing-OXQKETSA.mjs.map → routing-MVDVJDYJ.mjs.map} +0 -0
  109. /package/dist/sdk/{schedule-tool-handler-G353DHS6.mjs.map → schedule-tool-handler-7DNEGDZC.mjs.map} +0 -0
  110. /package/dist/sdk/{schedule-tool-handler-OQF57URO.mjs.map → schedule-tool-handler-FRN3KKRM.mjs.map} +0 -0
  111. /package/dist/sdk/{schedule-tool-handler-PJVKWSYX.mjs.map → schedule-tool-handler-VFES42DD.mjs.map} +0 -0
  112. /package/dist/sdk/{trace-helpers-LOPBHYYX.mjs.map → trace-helpers-KSPGA24B.mjs.map} +0 -0
  113. /package/dist/sdk/{trace-helpers-R2ETIEC2.mjs.map → trace-helpers-RDPXIN4S.mjs.map} +0 -0
  114. /package/dist/sdk/{workflow-check-provider-57KAR4Y4.mjs.map → workflow-check-provider-4NFWH6YO.mjs.map} +0 -0
  115. /package/dist/sdk/{workflow-check-provider-LRWD52WN.mjs.map → workflow-check-provider-BMVJ6X7N.mjs.map} +0 -0
  116. /package/dist/sdk/{workflow-check-provider-N2DRFQDB.mjs.map → workflow-check-provider-CPGIRZMH.mjs.map} +0 -0
package/dist/sdk/{chunk-LQ5B4T6L.mjs → chunk-U3BLLEW3.mjs} RENAMED
@@ -515,6 +515,10 @@ var init_config_schema = __esm({
515
515
  type: "number",
516
516
  description: "Maximum number of checks to run in parallel (default: 3)"
517
517
  },
518
+ max_ai_concurrency: {
519
+ type: "number",
520
+ description: "Maximum total concurrent AI API calls across all checks (default: unlimited). When set, creates a shared concurrency limiter that gates every LLM request across all ProbeAgent instances in this run."
521
+ },
518
522
  fail_fast: {
519
523
  type: "boolean",
520
524
  description: "Stop execution when any check fails (default: false)"
@@ -561,6 +565,18 @@ var init_config_schema = __esm({
561
565
  $ref: "#/definitions/WorkspaceConfig",
562
566
  description: "Workspace isolation configuration for sandboxed execution"
563
567
  },
568
+ sandbox: {
569
+ type: "string",
570
+ description: "Workspace-level default sandbox name (all checks use this unless overridden)"
571
+ },
572
+ sandboxes: {
573
+ $ref: "#/definitions/Record%3Cstring%2CSandboxConfig%3E",
574
+ description: "Named sandbox environment definitions"
575
+ },
576
+ sandbox_defaults: {
577
+ $ref: "#/definitions/SandboxDefaults",
578
+ description: "Workspace-level sandbox defaults (env allowlist, etc.)"
579
+ },
564
580
  slack: {
565
581
  $ref: "#/definitions/SlackConfig",
566
582
  description: "Slack configuration"
@@ -571,7 +587,7 @@ var init_config_schema = __esm({
571
587
  },
572
588
  policy: {
573
589
  $ref: "#/definitions/PolicyConfig",
574
- description: "Enterprise policy engine configuration (EE feature)"
590
+ description: "Enterprise policy engine configuration"
575
591
  }
576
592
  },
577
593
  required: ["version"],
@@ -874,7 +890,7 @@ var init_config_schema = __esm({
874
890
  },
875
891
  ai_bash_config_js: {
876
892
  type: "string",
877
- description: "JavaScript expression to dynamically compute bash configuration for this AI check. Expression has access to: outputs, inputs, pr, files, env, memory. Must return a BashConfig object with optional allow/deny string arrays.\n\nExample: ``` return outputs['build-config']?.bash_config ?? {}; ```"
893
+ description: "JavaScript expression to dynamically compute bash configuration for this AI check. Expression has access to: outputs, inputs, pr, files, env, memory Must return a BashConfig object with allow/deny arrays.\n\nExample: ``` return outputs['build-config']?.bash_config ?? {}; ```"
878
894
  },
879
895
  claude_code: {
880
896
  $ref: "#/definitions/ClaudeCodeConfig",
@@ -1140,7 +1156,7 @@ var init_config_schema = __esm({
1140
1156
  description: "Arguments/inputs for the workflow"
1141
1157
  },
1142
1158
  overrides: {
1143
- $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-12605-26099-src_types_config.ts-0-46407%3E%3E",
1159
+ $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381%3E%3E",
1144
1160
  description: "Override specific step configurations in the workflow"
1145
1161
  },
1146
1162
  output_mapping: {
@@ -1156,7 +1172,7 @@ var init_config_schema = __esm({
1156
1172
  description: "Config file path - alternative to workflow ID (loads a Visor config file as workflow)"
1157
1173
  },
1158
1174
  workflow_overrides: {
1159
- $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-12605-26099-src_types_config.ts-0-46407%3E%3E",
1175
+ $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381%3E%3E",
1160
1176
  description: "Alias for overrides - workflow step overrides (backward compatibility)"
1161
1177
  },
1162
1178
  ref: {
@@ -1226,6 +1242,10 @@ var init_config_schema = __esm({
1226
1242
  type: "boolean",
1227
1243
  description: "Keep worktree after workflow completion (default: false)"
1228
1244
  },
1245
+ sandbox: {
1246
+ type: "string",
1247
+ description: "Sandbox name to use for this check (overrides workspace-level default)"
1248
+ },
1229
1249
  policy: {
1230
1250
  $ref: "#/definitions/StepPolicyOverride",
1231
1251
  description: "Per-step policy override (enterprise)"
@@ -1370,6 +1390,14 @@ var init_config_schema = __esm({
1370
1390
  completion_prompt: {
1371
1391
  type: "string",
1372
1392
  description: "Completion prompt for post-completion validation/review (runs after attempt_completion)"
1393
+ },
1394
+ enable_scheduler: {
1395
+ type: "boolean",
1396
+ description: "Enable the schedule tool for scheduling workflow executions (requires scheduler configuration)"
1397
+ },
1398
+ enableExecutePlan: {
1399
+ type: "boolean",
1400
+ description: "Enable the execute_plan DSL orchestration tool (replaces analyze_all when enabled)"
1373
1401
  }
1374
1402
  },
1375
1403
  additionalProperties: false,
@@ -1832,7 +1860,7 @@ var init_config_schema = __esm({
1832
1860
  description: "Custom output name (defaults to workflow name)"
1833
1861
  },
1834
1862
  overrides: {
1835
- $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-12605-26099-src_types_config.ts-0-46407%3E%3E",
1863
+ $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381%3E%3E",
1836
1864
  description: "Step overrides"
1837
1865
  },
1838
1866
  output_mapping: {
@@ -1847,13 +1875,13 @@ var init_config_schema = __esm({
1847
1875
  "^x-": {}
1848
1876
  }
1849
1877
  },
1850
- "Record<string,Partial<interface-src_types_config.ts-12605-26099-src_types_config.ts-0-46407>>": {
1878
+ "Record<string,Partial<interface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381>>": {
1851
1879
  type: "object",
1852
1880
  additionalProperties: {
1853
- $ref: "#/definitions/Partial%3Cinterface-src_types_config.ts-12605-26099-src_types_config.ts-0-46407%3E"
1881
+ $ref: "#/definitions/Partial%3Cinterface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381%3E"
1854
1882
  }
1855
1883
  },
1856
- "Partial<interface-src_types_config.ts-12605-26099-src_types_config.ts-0-46407>": {
1884
+ "Partial<interface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381>": {
1857
1885
  type: "object",
1858
1886
  additionalProperties: false
1859
1887
  },
@@ -1967,9 +1995,9 @@ var init_config_schema = __esm({
1967
1995
  run: {
1968
1996
  type: "array",
1969
1997
  items: {
1970
- type: "string"
1998
+ $ref: "#/definitions/OnSuccessRunItem"
1971
1999
  },
1972
- description: "Post-success steps to run"
2000
+ description: "Post-success steps to run - can be step names or rich invocations with arguments"
1973
2001
  },
1974
2002
  goto: {
1975
2003
  type: "string",
@@ -2001,6 +2029,20 @@ var init_config_schema = __esm({
2001
2029
  "^x-": {}
2002
2030
  }
2003
2031
  },
2032
+ OnSuccessRunItem: {
2033
+ anyOf: [
2034
+ {
2035
+ type: "string"
2036
+ },
2037
+ {
2038
+ $ref: "#/definitions/OnInitStepInvocation"
2039
+ },
2040
+ {
2041
+ $ref: "#/definitions/OnInitWorkflowInvocation"
2042
+ }
2043
+ ],
2044
+ description: "Success routing run item - can be step name, step with args, or workflow with args"
2045
+ },
2004
2046
  OnFinishConfig: {
2005
2047
  type: "object",
2006
2048
  properties: {
@@ -2041,6 +2083,40 @@ var init_config_schema = __esm({
2041
2083
  "^x-": {}
2042
2084
  }
2043
2085
  },
2086
+ StepPolicyOverride: {
2087
+ type: "object",
2088
+ properties: {
2089
+ require: {
2090
+ anyOf: [
2091
+ {
2092
+ type: "string"
2093
+ },
2094
+ {
2095
+ type: "array",
2096
+ items: {
2097
+ type: "string"
2098
+ }
2099
+ }
2100
+ ],
2101
+ description: "Required role(s) - any of these roles suffices"
2102
+ },
2103
+ deny: {
2104
+ type: "array",
2105
+ items: {
2106
+ type: "string"
2107
+ },
2108
+ description: "Explicit deny for roles"
2109
+ },
2110
+ rule: {
2111
+ type: "string",
2112
+ description: "Custom OPA rule path for this step"
2113
+ }
2114
+ },
2115
+ additionalProperties: false,
2116
+ patternProperties: {
2117
+ "^x-": {}
2118
+ }
2119
+ },
2044
2120
  OutputConfig: {
2045
2121
  type: "object",
2046
2122
  properties: {
@@ -2447,6 +2523,141 @@ var init_config_schema = __esm({
2447
2523
  "^x-": {}
2448
2524
  }
2449
2525
  },
2526
+ "Record<string,SandboxConfig>": {
2527
+ type: "object",
2528
+ additionalProperties: {
2529
+ $ref: "#/definitions/SandboxConfig"
2530
+ }
2531
+ },
2532
+ SandboxConfig: {
2533
+ type: "object",
2534
+ properties: {
2535
+ image: {
2536
+ type: "string",
2537
+ description: 'Docker image to use (e.g., "node:20-alpine")'
2538
+ },
2539
+ dockerfile: {
2540
+ type: "string",
2541
+ description: "Path to Dockerfile (relative to config file or absolute)"
2542
+ },
2543
+ dockerfile_inline: {
2544
+ type: "string",
2545
+ description: "Inline Dockerfile content"
2546
+ },
2547
+ compose: {
2548
+ type: "string",
2549
+ description: "Path to docker-compose file"
2550
+ },
2551
+ service: {
2552
+ type: "string",
2553
+ description: "Service name within the compose file"
2554
+ },
2555
+ workdir: {
2556
+ type: "string",
2557
+ description: "Working directory inside container (default: /workspace)"
2558
+ },
2559
+ env_passthrough: {
2560
+ type: "array",
2561
+ items: {
2562
+ type: "string"
2563
+ },
2564
+ description: "Glob patterns for host env vars to forward into sandbox"
2565
+ },
2566
+ network: {
2567
+ type: "boolean",
2568
+ description: "Enable/disable network access (default: true)"
2569
+ },
2570
+ read_only: {
2571
+ type: "boolean",
2572
+ description: "Mount repo as read-only (default: false)"
2573
+ },
2574
+ resources: {
2575
+ $ref: "#/definitions/SandboxResourceConfig",
2576
+ description: "Resource limits"
2577
+ },
2578
+ visor_path: {
2579
+ type: "string",
2580
+ description: "Where visor is mounted inside container (default: /opt/visor)"
2581
+ },
2582
+ cache: {
2583
+ $ref: "#/definitions/SandboxCacheConfig",
2584
+ description: "Cache volume configuration"
2585
+ }
2586
+ },
2587
+ additionalProperties: false,
2588
+ description: "Configuration for a single sandbox environment",
2589
+ patternProperties: {
2590
+ "^x-": {}
2591
+ }
2592
+ },
2593
+ SandboxResourceConfig: {
2594
+ type: "object",
2595
+ properties: {
2596
+ memory: {
2597
+ type: "string",
2598
+ description: 'Memory limit (e.g., "512m", "2g")'
2599
+ },
2600
+ cpu: {
2601
+ type: "number",
2602
+ description: "CPU limit (e.g., 1.0, 0.5)"
2603
+ }
2604
+ },
2605
+ additionalProperties: false,
2606
+ description: "Resource limits for sandbox containers",
2607
+ patternProperties: {
2608
+ "^x-": {}
2609
+ }
2610
+ },
2611
+ SandboxCacheConfig: {
2612
+ type: "object",
2613
+ properties: {
2614
+ prefix: {
2615
+ type: "string",
2616
+ description: "Liquid template for cache scope prefix (default: git branch)"
2617
+ },
2618
+ fallback_prefix: {
2619
+ type: "string",
2620
+ description: "Fallback prefix when current prefix has no cache"
2621
+ },
2622
+ paths: {
2623
+ type: "array",
2624
+ items: {
2625
+ type: "string"
2626
+ },
2627
+ description: "Paths inside the container to cache"
2628
+ },
2629
+ ttl: {
2630
+ type: "string",
2631
+ description: 'Time-to-live for cache volumes (e.g., "7d", "24h")'
2632
+ },
2633
+ max_scopes: {
2634
+ type: "number",
2635
+ description: "Maximum number of cache scopes to keep"
2636
+ }
2637
+ },
2638
+ required: ["paths"],
2639
+ additionalProperties: false,
2640
+ description: "Cache configuration for sandbox volumes",
2641
+ patternProperties: {
2642
+ "^x-": {}
2643
+ }
2644
+ },
2645
+ SandboxDefaults: {
2646
+ type: "object",
2647
+ properties: {
2648
+ env_passthrough: {
2649
+ type: "array",
2650
+ items: {
2651
+ type: "string"
2652
+ },
2653
+ description: "Base env var patterns for all sandboxes (replaces hardcoded defaults when set)"
2654
+ }
2655
+ },
2656
+ additionalProperties: false,
2657
+ patternProperties: {
2658
+ "^x-": {}
2659
+ }
2660
+ },
2450
2661
  SlackConfig: {
2451
2662
  type: "object",
2452
2663
  properties: {
@@ -2506,7 +2717,16 @@ var init_config_schema = __esm({
2506
2717
  properties: {
2507
2718
  path: {
2508
2719
  type: "string",
2509
- description: "Path to schedules JSON file (default: .visor/schedules.json)"
2720
+ description: "Path to schedules JSON file (legacy, triggers auto-migration)"
2721
+ },
2722
+ driver: {
2723
+ type: "string",
2724
+ enum: ["sqlite", "postgresql", "mysql", "mssql"],
2725
+ description: "Database driver (default: 'sqlite')"
2726
+ },
2727
+ connection: {
2728
+ $ref: "#/definitions/SchedulerStorageConnectionConfig",
2729
+ description: "Database connection configuration"
2510
2730
  }
2511
2731
  },
2512
2732
  additionalProperties: false,
@@ -2515,6 +2735,10 @@ var init_config_schema = __esm({
2515
2735
  "^x-": {}
2516
2736
  }
2517
2737
  },
2738
+ ha: {
2739
+ $ref: "#/definitions/SchedulerHAConfig",
2740
+ description: "High-availability configuration for multi-node deployments"
2741
+ },
2518
2742
  limits: {
2519
2743
  $ref: "#/definitions/SchedulerLimitsConfig",
2520
2744
  description: "Limits for dynamic schedules"
@@ -2542,44 +2766,123 @@ var init_config_schema = __esm({
2542
2766
  "^x-": {}
2543
2767
  }
2544
2768
  },
2545
- PolicyConfig: {
2769
+ SchedulerStorageConnectionConfig: {
2546
2770
  type: "object",
2547
2771
  properties: {
2548
- engine: {
2772
+ filename: {
2549
2773
  type: "string",
2550
- enum: ["local", "remote", "disabled"],
2551
- description: "Policy engine mode: 'local' (WASM), 'remote' (HTTP OPA server), or 'disabled'"
2774
+ description: "SQLite database file path (default: '.visor/schedules.db')"
2552
2775
  },
2553
- rules: {
2554
- anyOf: [{ type: "string" }, { type: "array", items: { type: "string" } }],
2555
- description: "Path to .rego files or .wasm bundle (local mode)"
2776
+ host: {
2777
+ type: "string",
2778
+ description: "Database host (PostgreSQL/MySQL/MSSQL)"
2556
2779
  },
2557
- data: {
2780
+ port: {
2781
+ type: "number",
2782
+ description: "Database port (PostgreSQL/MySQL/MSSQL)"
2783
+ },
2784
+ database: {
2558
2785
  type: "string",
2559
- description: "Path to a JSON file to load as OPA data document (local mode)"
2786
+ description: "Database name (PostgreSQL/MySQL/MSSQL)"
2560
2787
  },
2561
- url: {
2788
+ user: {
2562
2789
  type: "string",
2563
- description: "OPA server URL (remote mode)"
2790
+ description: "Database user (PostgreSQL/MySQL/MSSQL)"
2564
2791
  },
2565
- fallback: {
2792
+ password: {
2566
2793
  type: "string",
2567
- enum: ["allow", "deny", "warn"],
2568
- description: "Default decision when policy evaluation fails (default: 'deny'). Use 'warn' for audit mode: violations are logged but not enforced."
2794
+ description: "Database password (PostgreSQL/MySQL/MSSQL)"
2569
2795
  },
2570
- timeout: {
2571
- type: "number",
2572
- description: "Evaluation timeout in milliseconds (default: 5000)"
2796
+ ssl: {
2797
+ anyOf: [
2798
+ {
2799
+ type: "boolean"
2800
+ },
2801
+ {
2802
+ $ref: "#/definitions/SchedulerSslConfig"
2803
+ }
2804
+ ],
2805
+ description: "SSL/TLS configuration (PostgreSQL/MySQL/MSSQL)"
2573
2806
  },
2574
- roles: {
2807
+ connection_string: {
2808
+ type: "string",
2809
+ description: "Connection string URL (e.g., postgresql://user:pass@host/db)"
2810
+ },
2811
+ pool: {
2575
2812
  type: "object",
2576
- additionalProperties: {
2577
- $ref: "#/definitions/PolicyRoleConfig"
2813
+ properties: {
2814
+ min: {
2815
+ type: "number"
2816
+ },
2817
+ max: {
2818
+ type: "number"
2819
+ }
2578
2820
  },
2579
- description: "Role definitions: map role names to conditions"
2821
+ additionalProperties: false,
2822
+ description: "Connection pool configuration",
2823
+ patternProperties: {
2824
+ "^x-": {}
2825
+ }
2826
+ }
2827
+ },
2828
+ additionalProperties: false,
2829
+ description: "Scheduler storage connection configuration",
2830
+ patternProperties: {
2831
+ "^x-": {}
2832
+ }
2833
+ },
2834
+ SchedulerSslConfig: {
2835
+ type: "object",
2836
+ properties: {
2837
+ enabled: {
2838
+ type: "boolean",
2839
+ description: "Enable SSL (default: true when SslConfig object is provided)"
2840
+ },
2841
+ reject_unauthorized: {
2842
+ type: "boolean",
2843
+ description: "Reject unauthorized certificates (default: true)"
2844
+ },
2845
+ ca: {
2846
+ type: "string",
2847
+ description: "Path to CA certificate PEM file"
2848
+ },
2849
+ cert: {
2850
+ type: "string",
2851
+ description: "Path to client certificate PEM file"
2852
+ },
2853
+ key: {
2854
+ type: "string",
2855
+ description: "Path to client key PEM file"
2856
+ }
2857
+ },
2858
+ additionalProperties: false,
2859
+ description: "SSL/TLS configuration for scheduler database connections",
2860
+ patternProperties: {
2861
+ "^x-": {}
2862
+ }
2863
+ },
2864
+ SchedulerHAConfig: {
2865
+ type: "object",
2866
+ properties: {
2867
+ enabled: {
2868
+ type: "boolean",
2869
+ description: "Enable distributed locking for multi-node deployments (default: false)"
2870
+ },
2871
+ node_id: {
2872
+ type: "string",
2873
+ description: "Unique node identifier (default: hostname-pid)"
2874
+ },
2875
+ lock_ttl: {
2876
+ type: "number",
2877
+ description: "Lock time-to-live in seconds (default: 60)"
2878
+ },
2879
+ heartbeat_interval: {
2880
+ type: "number",
2881
+ description: "Heartbeat interval for lock renewal in seconds (default: 15)"
2580
2882
  }
2581
2883
  },
2582
2884
  additionalProperties: false,
2885
+ description: "Scheduler high-availability configuration",
2583
2886
  patternProperties: {
2584
2887
  "^x-": {}
2585
2888
  }
@@ -2642,45 +2945,6 @@ var init_config_schema = __esm({
2642
2945
  "^x-": {}
2643
2946
  }
2644
2947
  },
2645
- PolicyRoleConfig: {
2646
- type: "object",
2647
- properties: {
2648
- author_association: {
2649
- type: "array",
2650
- items: { type: "string" },
2651
- description: "GitHub author associations that map to this role"
2652
- },
2653
- teams: {
2654
- type: "array",
2655
- items: { type: "string" },
2656
- description: "GitHub team slugs"
2657
- },
2658
- users: {
2659
- type: "array",
2660
- items: { type: "string" },
2661
- description: "Explicit GitHub usernames"
2662
- },
2663
- slack_users: {
2664
- type: "array",
2665
- items: { type: "string" },
2666
- description: "Slack user IDs (e.g., U0123ABC)"
2667
- },
2668
- emails: {
2669
- type: "array",
2670
- items: { type: "string" },
2671
- description: "Email addresses for identity matching"
2672
- },
2673
- slack_channels: {
2674
- type: "array",
2675
- items: { type: "string" },
2676
- description: "Slack channel IDs \u2014 role only applies when triggered from these channels"
2677
- }
2678
- },
2679
- additionalProperties: false,
2680
- patternProperties: {
2681
- "^x-": {}
2682
- }
2683
- },
2684
2948
  "Record<string,StaticCronJob>": {
2685
2949
  type: "object",
2686
2950
  additionalProperties: {
@@ -2746,21 +3010,106 @@ var init_config_schema = __esm({
2746
3010
  "^x-": {}
2747
3011
  }
2748
3012
  },
2749
- StepPolicyOverride: {
3013
+ PolicyConfig: {
2750
3014
  type: "object",
2751
3015
  properties: {
2752
- require: {
2753
- anyOf: [{ type: "string" }, { type: "array", items: { type: "string" } }],
2754
- description: "Required role(s) \u2014 any of these roles suffices"
3016
+ engine: {
3017
+ type: "string",
3018
+ enum: ["local", "remote", "disabled"],
3019
+ description: "Policy engine mode"
2755
3020
  },
2756
- deny: {
2757
- type: "array",
2758
- items: { type: "string" },
2759
- description: "Explicit deny for roles"
3021
+ rules: {
3022
+ anyOf: [
3023
+ {
3024
+ type: "string"
3025
+ },
3026
+ {
3027
+ type: "array",
3028
+ items: {
3029
+ type: "string"
3030
+ }
3031
+ }
3032
+ ],
3033
+ description: "Path to .rego files or .wasm bundle (local mode)"
2760
3034
  },
2761
- rule: {
3035
+ data: {
2762
3036
  type: "string",
2763
- description: "Custom OPA rule path for this step"
3037
+ description: "Path to a JSON file to load as OPA data document"
3038
+ },
3039
+ url: {
3040
+ type: "string",
3041
+ description: "OPA server URL (remote mode)"
3042
+ },
3043
+ fallback: {
3044
+ type: "string",
3045
+ enum: ["allow", "deny", "warn"],
3046
+ description: "Default decision when policy evaluation fails"
3047
+ },
3048
+ timeout: {
3049
+ type: "number",
3050
+ description: "Evaluation timeout in ms (default: 5000)"
3051
+ },
3052
+ roles: {
3053
+ $ref: "#/definitions/Record%3Cstring%2CPolicyRoleConfig%3E",
3054
+ description: "Role definitions: map role names to conditions"
3055
+ }
3056
+ },
3057
+ required: ["engine"],
3058
+ additionalProperties: false,
3059
+ patternProperties: {
3060
+ "^x-": {}
3061
+ }
3062
+ },
3063
+ "Record<string,PolicyRoleConfig>": {
3064
+ type: "object",
3065
+ additionalProperties: {
3066
+ $ref: "#/definitions/PolicyRoleConfig"
3067
+ }
3068
+ },
3069
+ PolicyRoleConfig: {
3070
+ type: "object",
3071
+ properties: {
3072
+ author_association: {
3073
+ type: "array",
3074
+ items: {
3075
+ type: "string"
3076
+ },
3077
+ description: "GitHub author associations that map to this role"
3078
+ },
3079
+ teams: {
3080
+ type: "array",
3081
+ items: {
3082
+ type: "string"
3083
+ },
3084
+ description: "GitHub team slugs (requires GitHub API)"
3085
+ },
3086
+ users: {
3087
+ type: "array",
3088
+ items: {
3089
+ type: "string"
3090
+ },
3091
+ description: "Explicit GitHub usernames"
3092
+ },
3093
+ slack_users: {
3094
+ type: "array",
3095
+ items: {
3096
+ type: "string"
3097
+ },
3098
+ description: 'Slack user IDs (e.g., ["U0123ABC"])'
3099
+ },
3100
+ emails: {
3101
+ type: "array",
3102
+ items: {
3103
+ type: "string"
3104
+ },
3105
+ description: 'Email addresses for identity matching (e.g., ["alice@co.com"])'
3106
+ },
3107
+ slack_channels: {
3108
+ type: "array",
3109
+ items: {
3110
+ type: "string"
3111
+ },
3112
+ description: "Slack channel IDs \u2014 role only applies when triggered from these channels"
2764
3113
  }
2765
3114
  },
2766
3115
  additionalProperties: false,
@@ -4320,4 +4669,4 @@ export {
4320
4669
  config_exports,
4321
4670
  init_config
4322
4671
  };
4323
- //# sourceMappingURL=chunk-LQ5B4T6L.mjs.map
4672
+ //# sourceMappingURL=chunk-U3BLLEW3.mjs.map