@probelabs/visor 0.1.132-ee → 0.1.137-ee

package/dist/sdk/{chunk-U3BLLEW3.mjs → chunk-KPRFDKQX.mjs}

@@ -6,7 +6,7 @@ import {
 import {
   init_sandbox,
   validateJsSyntax
-} from "./chunk-VF6XIUE4.mjs";
+} from "./chunk-LW3INISN.mjs";
 import {
   init_logger,
   logger
@@ -44,6 +44,19 @@ var init_config_loader = __esm({
       }
       cache = /* @__PURE__ */ new Map();
       loadedConfigs = /* @__PURE__ */ new Set();
+      /**
+       * Annotate tool definitions with their source base directory.
+       * This is used at runtime to resolve relative tool assets (e.g., API specs).
+       */
+      annotateToolsBaseDir(config, baseDir) {
+        if (!config.tools || typeof config.tools !== "object") {
+          return;
+        }
+        for (const tool of Object.values(config.tools)) {
+          if (!tool || typeof tool !== "object") continue;
+          tool.__baseDir = tool.__baseDir || baseDir;
+        }
+      }
       /**
        * Determine the source type from a string
        */
@@ -128,6 +141,7 @@ var init_config_loader = __esm({
             config.extends = Array.isArray(inc) ? inc : [inc];
             delete config.include;
           }
+          this.annotateToolsBaseDir(config, path.dirname(resolvedPath));
           const previousBaseDir = this.options.baseDir;
           this.options.baseDir = path.dirname(resolvedPath);
           try {
@@ -185,6 +199,12 @@ var init_config_loader = __esm({
           if (!config || typeof config !== "object") {
             throw new Error(`Invalid YAML in remote configuration: ${url}`);
           }
+          try {
+            const parsed = new URL(url);
+            const baseUrl = new URL(".", parsed).toString();
+            this.annotateToolsBaseDir(config, baseUrl);
+          } catch {
+          }
           this.cache.set(url, {
             config,
             timestamp: Date.now(),
@@ -321,9 +341,17 @@ var init_config_loader = __esm({
        */
       validateLocalPath(resolvedPath) {
         const projectRoot = this.options.projectRoot || process.cwd();
-        const normalizedPath = path.normalize(resolvedPath);
-        const normalizedRoot = path.normalize(projectRoot);
-        if (!normalizedPath.startsWith(normalizedRoot)) {
+        const canonicalize = (p) => {
+          const resolved = path.resolve(p);
+          try {
+            return path.normalize(fs.realpathSync.native(resolved));
+          } catch {
+            return path.normalize(resolved);
+          }
+        };
+        const normalizedPath = canonicalize(resolvedPath);
+        const normalizedRoot = canonicalize(projectRoot);
+        if (normalizedPath !== normalizedRoot && !normalizedPath.startsWith(`${normalizedRoot}${path.sep}`)) {
           throw new Error(
             `Security error: Path traversal detected. Cannot access files outside project root: ${projectRoot}`
           );
@@ -334,7 +362,7 @@ var init_config_loader = __esm({
           "/.ssh/",
           "/.aws/",
           "/.env",
-          "/private/"
+          "/private/etc/"
         ];
         const lowerPath = normalizedPath.toLowerCase();
         for (const pattern of sensitivePatterns) {
@@ -608,6 +636,11 @@ var init_config_schema = __esm({
         CustomToolDefinition: {
           type: "object",
           properties: {
+            type: {
+              type: "string",
+              enum: ["command", "api"],
+              description: "Tool implementation type (defaults to 'command')"
+            },
             name: {
               type: "string",
               description: "Tool name - used to reference the tool in MCP blocks"
@@ -645,7 +678,7 @@ var init_config_schema = __esm({
             },
             exec: {
               type: "string",
-              description: "Command to execute - supports Liquid template"
+              description: "Command to execute - supports Liquid template (required for type: 'command')"
             },
             stdin: {
               type: "string",
@@ -678,9 +711,132 @@ var init_config_schema = __esm({
             outputSchema: {
               $ref: "#/definitions/Record%3Cstring%2Cunknown%3E",
               description: "Expected output schema for validation"
+            },
+            spec: {
+              anyOf: [
+                {
+                  type: "string"
+                },
+                {
+                  $ref: "#/definitions/Record%3Cstring%2Cunknown%3E"
+                }
+              ],
+              description: "OpenAPI specification path/URL or inline object (required for type: 'api')"
+            },
+            overlays: {
+              anyOf: [
+                {
+                  type: "string"
+                },
+                {
+                  $ref: "#/definitions/Record%3Cstring%2Cunknown%3E"
+                },
+                {
+                  type: "array",
+                  items: {
+                    anyOf: [
+                      {
+                        type: "string"
+                      },
+                      {
+                        $ref: "#/definitions/Record%3Cstring%2Cunknown%3E"
+                      }
+                    ]
+                  }
+                }
+              ],
+              description: "Overlay path/URL, inline object, or a mixed array applied in order"
+            },
+            targetUrl: {
+              type: "string",
+              description: "Override API base URL instead of OpenAPI servers"
+            },
+            target_url: {
+              type: "string",
+              description: "Alias for targetUrl (snake_case)"
+            },
+            whitelist: {
+              anyOf: [
+                {
+                  type: "array",
+                  items: {
+                    type: "string"
+                  }
+                },
+                {
+                  type: "string"
+                }
+              ],
+              description: "Include only operations matching these glob patterns (operationId or METHOD:/path)"
+            },
+            blacklist: {
+              anyOf: [
+                {
+                  type: "array",
+                  items: {
+                    type: "string"
+                  }
+                },
+                {
+                  type: "string"
+                }
+              ],
+              description: "Exclude operations matching these glob patterns (ignored when whitelist is set)"
+            },
+            headers: {
+              $ref: "#/definitions/Record%3Cstring%2Cstring%3E",
+              description: "Extra headers added to all API requests"
+            },
+            disableXMcp: {
+              type: "boolean",
+              description: "Disable X-MCP: 1 request header"
+            },
+            disable_x_mcp: {
+              type: "boolean",
+              description: "Alias for disableXMcp (snake_case)"
+            },
+            apiKey: {
+              type: "string",
+              description: "API key fallback credential used by security schemes"
+            },
+            api_key: {
+              type: "string",
+              description: "Alias for apiKey (snake_case)"
+            },
+            securitySchemeName: {
+              type: "string",
+              description: "Preferred security scheme name (optional hint)"
+            },
+            security_scheme_name: {
+              type: "string",
+              description: "Alias for securitySchemeName (snake_case)"
+            },
+            securityCredentials: {
+              $ref: "#/definitions/Record%3Cstring%2Cstring%3E",
+              description: "Credentials by OpenAPI security scheme name"
+            },
+            security_credentials: {
+              $ref: "#/definitions/Record%3Cstring%2Cstring%3E",
+              description: "Alias for securityCredentials (snake_case)"
+            },
+            namePrefix: {
+              type: "string",
+              description: "Optional prefix prepended to generated operation tool names"
+            },
+            name_prefix: {
+              type: "string",
+              description: "Alias for namePrefix (snake_case)"
+            },
+            requestTimeoutMs: {
+              type: "number",
+              description: "Request timeout in milliseconds for API calls"
+            },
+            request_timeout_ms: {
+              type: "number",
+              description: "Alias for requestTimeoutMs (snake_case)"
             }
           },
-          required: ["name", "exec"],
+          required: ["name"],
           additionalProperties: false,
           description: "Custom tool definition for use in MCP blocks",
           patternProperties: {
@@ -811,6 +967,46 @@ var init_config_schema = __esm({
               type: "string",
               description: "Script content to execute for script checks"
             },
+            tools: {
+              type: "array",
+              items: {
+                anyOf: [
+                  {
+                    type: "string"
+                  },
+                  {
+                    type: "object",
+                    properties: {
+                      workflow: {
+                        type: "string"
+                      },
+                      args: {
+                        $ref: "#/definitions/Record%3Cstring%2Cunknown%3E"
+                      }
+                    },
+                    required: ["workflow"],
+                    additionalProperties: false
+                  }
+                ]
+              },
+              description: "Tool names to expose inside script checks (string names or workflow references)"
+            },
+            tools_js: {
+              type: "string",
+              description: "JavaScript expression to dynamically compute tools for script checks"
+            },
+            mcp_servers: {
+              $ref: "#/definitions/Record%3Cstring%2CMcpServerConfig%3E",
+              description: "MCP servers whose tools are exposed inside script checks"
+            },
+            enable_fetch: {
+              type: "boolean",
+              description: "Enable fetch() function in script checks (default: false)"
+            },
+            enable_bash: {
+              type: "boolean",
+              description: "Enable bash() function in script checks (default: false)"
+            },
             schedule: {
               type: "string",
               description: 'Cron schedule expression (e.g., "0 2 * * *") - optional for any check type'
@@ -1156,7 +1352,7 @@ var init_config_schema = __esm({
               description: "Arguments/inputs for the workflow"
             },
             overrides: {
-              $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381%3E%3E",
+              $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-13489-28083-src_types_config.ts-0-53867%3E%3E",
               description: "Override specific step configurations in the workflow"
             },
             output_mapping: {
@@ -1172,7 +1368,7 @@ var init_config_schema = __esm({
               description: "Config file path - alternative to workflow ID (loads a Visor config file as workflow)"
             },
             workflow_overrides: {
-              $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381%3E%3E",
+              $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-13489-28083-src_types_config.ts-0-53867%3E%3E",
               description: "Alias for overrides - workflow step overrides (backward compatibility)"
             },
             ref: {
@@ -1278,6 +1474,72 @@ var init_config_schema = __esm({
           ],
           description: "Valid check types in configuration"
         },
+        "Record<string,McpServerConfig>": {
+          type: "object",
+          additionalProperties: {
+            $ref: "#/definitions/McpServerConfig"
+          }
+        },
+        McpServerConfig: {
+          type: "object",
+          properties: {
+            command: {
+              type: "string",
+              description: "Command to execute (presence indicates stdio server)"
+            },
+            args: {
+              type: "array",
+              items: {
+                type: "string"
+              },
+              description: "Arguments to pass to the command"
+            },
+            env: {
+              $ref: "#/definitions/Record%3Cstring%2Cstring%3E",
+              description: "Environment variables for the MCP server"
+            },
+            url: {
+              type: "string",
+              description: "URL endpoint (presence indicates external server)"
+            },
+            transport: {
+              type: "string",
+              enum: ["stdio", "sse", "http"],
+              description: "Transport type"
+            },
+            workflow: {
+              type: "string",
+              description: "Workflow ID or path (presence indicates workflow tool)"
+            },
+            inputs: {
+              $ref: "#/definitions/Record%3Cstring%2Cunknown%3E",
+              description: "Inputs to pass to workflow"
+            },
+            description: {
+              type: "string",
+              description: "Tool description for AI"
+            },
+            allowedMethods: {
+              type: "array",
+              items: {
+                type: "string"
+              },
+              description: 'Whitelist specific methods from this MCP server (supports wildcards like "search_*")'
+            },
+            blockedMethods: {
+              type: "array",
+              items: {
+                type: "string"
+              },
+              description: 'Block specific methods from this MCP server (supports wildcards like "*_delete")'
+            }
+          },
+          additionalProperties: false,
+          description: "Unified MCP server/tool entry - type detected by which properties are present\n\nDetection logic (priority order): 1. Has `command` \u2192 stdio MCP server (external process) 2. Has `url` \u2192 SSE/HTTP MCP server (external endpoint) 3. Has `workflow` \u2192 workflow tool reference 4. Empty `{}` or just key \u2192 auto-detect from `tools:` section",
+          patternProperties: {
+            "^x-": {}
+          }
+        },
         EventTrigger: {
           type: "string",
           enum: [
@@ -1406,72 +1668,6 @@ var init_config_schema = __esm({
             "^x-": {}
           }
         },
-        "Record<string,McpServerConfig>": {
-          type: "object",
-          additionalProperties: {
-            $ref: "#/definitions/McpServerConfig"
-          }
-        },
-        McpServerConfig: {
-          type: "object",
-          properties: {
-            command: {
-              type: "string",
-              description: "Command to execute (presence indicates stdio server)"
-            },
-            args: {
-              type: "array",
-              items: {
-                type: "string"
-              },
-              description: "Arguments to pass to the command"
-            },
-            env: {
-              $ref: "#/definitions/Record%3Cstring%2Cstring%3E",
-              description: "Environment variables for the MCP server"
-            },
-            url: {
-              type: "string",
-              description: "URL endpoint (presence indicates external server)"
-            },
-            transport: {
-              type: "string",
-              enum: ["stdio", "sse", "http"],
-              description: "Transport type"
-            },
-            workflow: {
-              type: "string",
-              description: "Workflow ID or path (presence indicates workflow tool)"
-            },
-            inputs: {
-              $ref: "#/definitions/Record%3Cstring%2Cunknown%3E",
-              description: "Inputs to pass to workflow"
-            },
-            description: {
-              type: "string",
-              description: "Tool description for AI"
-            },
-            allowedMethods: {
-              type: "array",
-              items: {
-                type: "string"
-              },
-              description: 'Whitelist specific methods from this MCP server (supports wildcards like "search_*")'
-            },
-            blockedMethods: {
-              type: "array",
-              items: {
-                type: "string"
-              },
-              description: 'Block specific methods from this MCP server (supports wildcards like "*_delete")'
-            }
-          },
-          additionalProperties: false,
-          description: "Unified MCP server/tool entry - type detected by which properties are present\n\nDetection logic (priority order): 1. Has `command` \u2192 stdio MCP server (external process) 2. Has `url` \u2192 SSE/HTTP MCP server (external endpoint) 3. Has `workflow` \u2192 workflow tool reference 4. Empty `{}` or just key \u2192 auto-detect from `tools:` section",
-          patternProperties: {
-            "^x-": {}
-          }
-        },
         AIRetryConfig: {
           type: "object",
           properties: {
@@ -1860,7 +2056,7 @@ var init_config_schema = __esm({
               description: "Custom output name (defaults to workflow name)"
             },
             overrides: {
-              $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381%3E%3E",
+              $ref: "#/definitions/Record%3Cstring%2CPartial%3Cinterface-src_types_config.ts-13489-28083-src_types_config.ts-0-53867%3E%3E",
               description: "Step overrides"
             },
             output_mapping: {
@@ -1875,13 +2071,13 @@ var init_config_schema = __esm({
             "^x-": {}
           }
         },
-        "Record<string,Partial<interface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381>>": {
+        "Record<string,Partial<interface-src_types_config.ts-13489-28083-src_types_config.ts-0-53867>>": {
           type: "object",
           additionalProperties: {
-            $ref: "#/definitions/Partial%3Cinterface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381%3E"
+            $ref: "#/definitions/Partial%3Cinterface-src_types_config.ts-13489-28083-src_types_config.ts-0-53867%3E"
           }
         },
-        "Partial<interface-src_types_config.ts-13489-27516-src_types_config.ts-0-51381>": {
+        "Partial<interface-src_types_config.ts-13489-28083-src_types_config.ts-0-53867>": {
           type: "object",
           additionalProperties: false
         },
@@ -3173,6 +3369,18 @@ var init_config = __esm({
       validEventTriggers = [...VALID_EVENT_TRIGGERS];
       validOutputFormats = ["table", "json", "markdown", "sarif"];
       validGroupByOptions = ["check", "file", "severity", "group"];
+      /**
+       * Annotate tools with the originating config directory for relative asset resolution.
+       */
+      annotateToolBaseDirs(config, baseDir) {
+        if (!config.tools || typeof config.tools !== "object") {
+          return;
+        }
+        for (const tool of Object.values(config.tools)) {
+          if (!tool || typeof tool !== "object") continue;
+          tool.__baseDir = tool.__baseDir || baseDir;
+        }
+      }
       /**
        * Load configuration from a file
        */
@@ -3225,6 +3433,7 @@ var init_config = __esm({
           if (parsedConfig.id && typeof parsedConfig.id === "string") {
             parsedConfig = await this.convertWorkflowToConfig(parsedConfig, path2.dirname(resolvedPath));
           }
+          this.annotateToolBaseDirs(parsedConfig, path2.dirname(resolvedPath));
           parsedConfig = this.normalizeStepsAndChecks(parsedConfig, !!extendsValue);
           await this.loadWorkflows(parsedConfig, path2.dirname(resolvedPath));
           if (validate) {
@@ -3285,6 +3494,7 @@ var init_config = __esm({
           if (parsedConfig.id && typeof parsedConfig.id === "string") {
             parsedConfig = await this.convertWorkflowToConfig(parsedConfig, baseDir || process.cwd());
           }
+          this.annotateToolBaseDirs(parsedConfig, baseDir || process.cwd());
           parsedConfig = this.normalizeStepsAndChecks(parsedConfig, !!extendsValue);
           await this.loadWorkflows(parsedConfig, baseDir || process.cwd());
           if (validate) this.validateConfig(parsedConfig);
@@ -3797,6 +4007,42 @@ ${errors}`);
         if (config.ai_mcp_servers) {
           this.validateMcpServersObject(config.ai_mcp_servers, "ai_mcp_servers", errors, warnings);
         }
+        if (config.tools) {
+          for (const [toolName, toolDef] of Object.entries(config.tools)) {
+            const type = toolDef.type || "command";
+            if (type === "api") {
+              const spec = toolDef.spec;
+              const hasStringSpec = typeof spec === "string" && spec.trim().length > 0;
+              const hasInlineSpec = !!spec && typeof spec === "object" && !Array.isArray(spec);
+              if (!hasStringSpec && !hasInlineSpec) {
+                errors.push({
+                  field: `tools.${toolName}.spec`,
+                  message: `Invalid tool configuration for "${toolName}": missing spec field (required for type: api)`
+                });
+              }
+              const overlays = toolDef.overlays;
+              if (overlays !== void 0) {
+                const isInlineOverlay = !!overlays && typeof overlays === "object" && !Array.isArray(overlays);
+                const isStringOverlay = typeof overlays === "string";
+                const isMixedArrayOverlay = Array.isArray(overlays) && overlays.every(
+                  (item) => typeof item === "string" || !!item && typeof item === "object" && !Array.isArray(item)
+                );
+                if (!isInlineOverlay && !isStringOverlay && !isMixedArrayOverlay) {
+                  errors.push({
+                    field: `tools.${toolName}.overlays`,
+                    message: `Invalid tool configuration for "${toolName}": overlays must be a string, object, or array of strings/objects`,
+                    value: overlays
+                  });
+                }
+              }
+            } else if (!toolDef.exec || typeof toolDef.exec !== "string") {
+              errors.push({
+                field: `tools.${toolName}.exec`,
+                message: `Invalid tool configuration for "${toolName}": missing exec field (required for command tools)`
+              });
+            }
+          }
+        }
         if (config.output) {
           this.validateOutputConfig(config.output, errors);
         }
@@ -4464,6 +4710,9 @@ ${errors}`);
                 if (topLevel && allowedTopLevelKeys.has(addl)) {
                   continue;
                 }
+                if (!topLevel && addl === "__baseDir" && pathStr.startsWith("tools.")) {
+                  continue;
+                }
                 if (!topLevel && addl === "sandbox" && pathStr.match(/^(checks|steps)\.[^.]+$/)) {
                   continue;
                 }
@@ -4669,4 +4918,4 @@ export {
   config_exports,
   init_config
 };
-//# sourceMappingURL=chunk-U3BLLEW3.mjs.map
+//# sourceMappingURL=chunk-KPRFDKQX.mjs.map