@quantiya/codevibe-claude-plugin 1.0.37 → 1.0.39

package/node_modules/@quantiya/codevibe-core/dist/reviewer/subprocess.d.ts

@@ -1,117 +0,0 @@
-/**
- * Successful subprocess run. Exit status may still be failure (non-zero
- * code); the caller decides whether to treat that as a reviewer spawn error
- * or as a parse failure with whatever stdout it produced.
- */
-export interface SubprocessOutcome {
-    /** Captured stdout decoded as UTF-8. Reviewers that emit non-UTF-8 are
-     *  misbehaving by contract; lossy decode keeps the parser running rather
-     *  than returning an IO error for what is really a "reviewer is broken"
-     *  scenario. */
-    stdout: string;
-    /** Captured stderr (same lossy-decode policy). Surfaced to callers so
-     *  audit records can include it. */
-    stderr: string;
-    /** Wall-clock milliseconds from `spawn()` to exit. Populated even on
-     *  non-zero exit because per-reviewer latency is a cost / reliability
-     *  telemetry input. */
-    elapsed_ms: number;
-    /** Whether the process exited with status 0. Separate from the stdout
-     *  contents — a reviewer that printed its verdict and then crashed on
-     *  shutdown is still "failed" from an audit perspective even if the
-     *  verdict parses cleanly. */
-    exit_success: boolean;
-}
-/**
- * Subprocess-layer errors. Discriminated union; callers (per-agent
- * providers) map these into `ReviewerError` with their own `AgentKind`.
- */
-export type SubprocessError = {
-    /** The child process could not be spawned at all (binary not on
-     *  PATH, permission denied, fork/exec failed). */
-    kind: 'spawn_failed';
-    reason: string;
-} | {
-    /** The child exceeded its `timeout_ms` budget. The child has been
-     *  (or will be) killed via SIGKILL by the time this error is
-     *  returned. */
-    kind: 'timeout';
-    /** The timeout budget in ms, for telemetry. */
-    elapsed_ms: number;
-} | {
-    /** A non-timeout IO failure occurred while running the subprocess
-     *  (stdin write failed, stdout read failed, etc.). */
-    kind: 'io';
-    reason: string;
-} | {
-    /** Caller signalled abort via the `signal` option before the child
-     *  exited. The child has been killed via SIGKILL. Distinct from
-     *  `timeout` so the audit log can attribute "reviewer cancelled by
-     *  engine" separately from "reviewer ran past budget." */
-    kind: 'cancelled';
-};
-/** Class wrapper so callers can `throw`/`catch` typed errors. */
-export declare class SubprocessErrorClass extends Error {
-    readonly detail: SubprocessError;
-    constructor(detail: SubprocessError);
-}
-/**
- * Inputs to `runReviewer`. Callers (per-agent providers) build this struct
- * with their agent-specific binary + args + env, then hand off lifecycle
- * management to this module.
- */
-export interface RunReviewerOptions {
-    /** Path or command name to spawn. */
-    command: string;
-    /** Arguments to pass to the command. */
-    args: readonly string[];
-    /**
-     * Environment variables to set. **MUST include
-     * `QUORUM_REVIEWER_SUBPROCESS: '1'`** — this is the plugin-isolation env
-     * guard that prevents reviewer hook fires from evicting the user's
-     * primary plugin session. Each provider is responsible for setting it;
-     * this module does NOT inject it automatically because providers may
-     * also need to forward `process.env` selectively.
-     */
-    env: NodeJS.ProcessEnv;
-    /** Working directory; falls back to `process.cwd()`. */
-    cwd?: string;
-    /**
-     * Prompt to write to the child's stdin. Always followed by stdin EOF.
-     * Most reviewer CLIs finish reading the prompt then begin emitting
-     * output — a reviewer that blocks on a stuck stdin pipe is the §3.1
-     * test scenario.
-     */
-    prompt: string;
-    /**
-     * Wall-clock timeout (ms) bounding the whole spawn-to-exit window,
-     * INCLUDING the stdin write. This is the load-bearing detail per §3.1:
-     * an earlier (Rust v1) implementation wrapped only the wait-for-exit,
-     * which let a child that refused to drain stdin block the parent in
-     * pipe-full back-pressure indefinitely. Wrapping write+wait under one
-     * timeout is the fix.
-     */
-    timeout_ms: number;
-    /**
-     * Optional `AbortSignal` for engine-driven cancellation (e.g., user
-     * abort, sibling reviewer hard-rejecting). Aborting after a clean exit
-     * is a no-op; aborting mid-flight teardown is a `cancelled` error.
-     */
-    signal?: AbortSignal;
-}
-/**
- * Run a preconfigured command as a reviewer subprocess.
- *
- * Contract:
- * - Stdin, stdout, stderr are piped (caller cannot override; output capture
- *   is the whole purpose of the call).
- * - `prompt` is written to the child's stdin then stdin is closed (EOF).
- * - The whole spawn → write-stdin → wait-for-exit lifecycle races against
- *   `timeout_ms` AND any `signal` abort. On timeout / abort the streams
- *   are explicitly destroyed and the child is SIGKILL'd before throwing.
- *
- * Throws `SubprocessErrorClass` on failure; the `.detail.kind` discriminator
- * tells the caller which path tripped (`spawn_failed` / `timeout` / `io` /
- * `cancelled`).
- */
-export declare function runReviewer(opts: RunReviewerOptions): Promise<SubprocessOutcome>;

package/node_modules/@quantiya/codevibe-core/dist/reviewer/types.d.ts

@@ -1,101 +0,0 @@
-/**
- * Three agent kinds the reviewer subprocess layer can spawn.
- *
- * Lowercase wire format matches `codevibe_policy::AgentKind`'s
- * `#[serde(rename_all = "lowercase")]` attribute. **Append-only after launch**
- * — adding a fourth agent (e.g. a hypothetical fourth CLI) is fine; renaming
- * `claude` → `Claude` would break every audit chain entry that has serialised
- * it.
- */
-export type AgentKind = 'claude' | 'gemini' | 'codex';
-/**
- * Review lens a reviewer seat evaluates through.
- *
- * snake_case wire format matches `codevibe_policy::ReviewerRole`'s
- * `#[serde(rename_all = "snake_case")]` attribute, locked in Phase 2f.0.a.1.
- * **Append-only post-launch** — these strings are cryptographically bound
- * into the audit hash chain once used. Renaming or removing a value would
- * break chain verification on every prior entry. Adding new values is fine
- * (Custom roles slipped to 2.0.1 per the locked design).
- *
- * Code-artifact lenses: architecture, correctness, security.
- * Docs-artifact lenses: accuracy, clarity, completeness.
- * Mixed-artifact composite lenses: architecture_and_accuracy,
- *   correctness_and_clarity, security_and_completeness.
- *
- * The AppSync-facing `ReviewerRole` enum in `src/types/reviewer.ts` uses
- * UPPERCASE GraphQL convention; this snake_case version is for the Rust
- * engine wire. Translation between the two layers is the AppSync resolver's
- * job, not the reviewer module's.
- */
-export type ReviewerRole = 'architecture' | 'correctness' | 'security' | 'accuracy' | 'clarity' | 'completeness' | 'architecture_and_accuracy' | 'correctness_and_clarity' | 'security_and_completeness';
-/**
- * Reviewer verdict kinds. Four values, each maps to a different path through
- * the consensus engine.
- *
- * UPPERCASE wire format matches `codevibe_reviewer::VerdictKind`'s
- * `#[serde(rename_all = "UPPERCASE")]` attribute. Append-only post-launch.
- *
- * - `APPROVE` — plan/artifact is sound, proceed.
- * - `REJECT` — plan/artifact has fundamental problems; do not proceed.
- * - `REVISE` — plan/artifact is close but needs specific changes. Requires
- *   populated `suggested_changes` per the parser's locked invariant.
- * - `ESCALATE` — reviewer cannot decide confidently; surface to user.
- */
-export type VerdictKind = 'APPROVE' | 'REJECT' | 'REVISE' | 'ESCALATE';
-/**
- * Newtype-equivalent for `ReviewerVerdict.verdict_id`. Mirrors Rust's
- * `VerdictId(pub Uuid)` with `#[serde(transparent)]` — wire form is just the
- * UUID string, no envelope.
- */
-export type VerdictId = string;
-/**
- * One reviewer's verdict at one gate. Records reasoning plus perf/cost
- * metadata for telemetry (review latency, token cost per task, etc.).
- *
- * `gate_id` is a plain UUID string (matches Rust's `Uuid` field — the engine
- * wraps this in its own `GateId` newtype, but the reviewer crate stays
- * agnostic to avoid an engine→reviewer→engine cycle).
- *
- * # Identity
- *
- * Per Phase 2f.0.a's seat/role pivot, verdicts are keyed on `seat_id` +
- * `role`, NOT on `reviewer_agent`. Consensus dedup + audit attribution
- * happen via `seat_id`; `reviewer_agent` stays for cost-attribution metadata
- * only and is NOT a uniqueness key (two seats may share an agent in the
- * single-vendor case).
- *
- * Field ordering + names match the Rust struct verbatim — the audit chain's
- * SHA-256 hashes serialised JSON, so any change to field order or naming
- * would invalidate every prior chain entry. Append-only after launch.
- */
-export interface ReviewerVerdict {
-    /** Primary key. UUID v4 string. */
-    verdict_id: VerdictId;
-    /** Foreign key to `ReviewGate`. Plain UUID string per the reviewer crate's
-     *  agnostic-to-engine design. */
-    gate_id: string;
-    /** Seat that produced the verdict. Primary identity key for dedup +
-     *  audit attribution. Providers MUST copy this from `ReviewerSpec.seat_id`. */
-    seat_id: number;
-    /** Lens the seat reviewed through. Copied from `ReviewerSpec.role` verbatim. */
-    role: ReviewerRole;
-    /** Agent that produced the verdict. Descriptive metadata (cost attribution,
-     *  per-agent reliability); NOT an identity key. */
-    reviewer_agent: AgentKind;
-    /** The verdict itself. */
-    verdict: VerdictKind;
-    /** Reviewer's free-form reasoning. */
-    reasoning: string;
-    /** Ordered list of specific changes. **Required** when `verdict === 'REVISE'`;
-     *  empty for other verdicts (enforced by the output parser). */
-    suggested_changes: string[];
-    /** Model identifier used (for cost attribution). */
-    model_used: string | null;
-    /** Tokens consumed by this reviewer. */
-    tokens_used: number | null;
-    /** End-to-end latency for this reviewer's verdict (ms). */
-    latency_ms: number | null;
-    /** ISO 8601 UTC timestamp string when the reviewer returned the verdict. */
-    submitted_at: string;
-}

package/node_modules/@quantiya/codevibe-core/dist/types/orchestration.d.ts

@@ -1,57 +0,0 @@
-/**
- * Wire-shape `UserDecisionKind` enum — matches AppSync schema directly
- * (`codevibe-backend/graphql/schema.graphql:716-722`). Append-only post-launch.
- *
- * V1 ships only the 3 no-notes kinds (`ACCEPT`, `REJECT_RESTART`,
- * `ABORT_TASK`); the two `_WITH_NOTES` variants are defined here for
- * completeness against the schema but are NOT in V1's hardcoded option
- * table — they require a `notes: EncryptedPayloadInput` value alongside
- * the kind, which the V1 "type a number" UX has no surface for.
- */
-export declare enum UserDecisionKind {
-    ACCEPT = "ACCEPT",
-    ACCEPT_WITH_NOTES = "ACCEPT_WITH_NOTES",
-    REJECT_WITH_NOTES = "REJECT_WITH_NOTES",
-    REJECT_RESTART = "REJECT_RESTART",
-    ABORT_TASK = "ABORT_TASK"
-}
-/**
- * Input shape for `applyUserDecision` mutation. Matches AppSync schema
- * (`codevibe-backend/graphql/schema.graphql:775-790`).
- *
- * REQUIRED fields: `gateId`, `taskId`, `sessionId`, `currentRound`, `decision`.
- * OPTIONAL field: `notes` (only used for `_WITH_NOTES` decision kinds, which
- * are V2-only in V1).
- */
-export interface ApplyUserDecisionInput {
-    gateId: string;
-    taskId: string;
-    sessionId: string;
-    currentRound: number;
-    decision: UserDecisionKind;
-    notes?: never;
-}
-/**
- * `UserDecisionAppliedEvent` envelope — returned by `applyUserDecision`
- * mutation AND streamed via `onApplyUserDecision` subscription per
- * Phase 3.b mobile V1 bridge §1.1. Top-level `sessionId` is the
- * subscription filter key (mirrors `GateResolvedEvent` precedent at
- * `schema.graphql:815-821`).
- *
- * `payload` is `AWSJSON` on the wire — AppSync delivers it as a
- * JSON-encoded string that callers must `JSON.parse` before treating
- * as the typed `PostDecisionAction` shape from
- * `codevibe-revision/src/user_decision.rs:109`. V1 desktop-plugin
- * callers do NOT consume `payload` (the engine-determined next-gate
- * action is handled server-side by the orchestration loop, NOT
- * client-side in V1); the field is preserved on the envelope for
- * forward-compat.
- */
-export interface UserDecisionAppliedEvent {
-    sessionId: string;
-    taskId: string;
-    gateId: string;
-    decision: UserDecisionKind;
-    /** AWSJSON-encoded `PostDecisionAction` shape; opaque to V1 plugin callers. */
-    payload: string;
-}

package/node_modules/@quantiya/codevibe-core/dist/types/reviewer.d.ts

@@ -1,67 +0,0 @@
-/**
- * Review lens a reviewer seat evaluates through. Mirrors
- * codevibe-policy::ReviewerRole in the Rust engine.
- *
- * **Append-only post-launch** per the 2026-04-23 memory lock — these
- * string values are cryptographically bound into the audit hash chain
- * once used. Renaming or removing a value would break chain verification
- * on every prior entry. Add new values freely; never rename or remove.
- *
- * UPPERCASE here (matches AppSync GraphQL enum convention). The Lambda
- * translates to snake_case before writing to the audit chain / Rust
- * engine wire.
- */
-export declare enum ReviewerRole {
-    ARCHITECTURE = "ARCHITECTURE",
-    CORRECTNESS = "CORRECTNESS",
-    SECURITY = "SECURITY",
-    ACCURACY = "ACCURACY",
-    CLARITY = "CLARITY",
-    COMPLETENESS = "COMPLETENESS",
-    ARCHITECTURE_AND_ACCURACY = "ARCHITECTURE_AND_ACCURACY",
-    CORRECTNESS_AND_CLARITY = "CORRECTNESS_AND_CLARITY",
-    SECURITY_AND_COMPLETENESS = "SECURITY_AND_COMPLETENESS"
-}
-/**
- * One seat in a user's reviewer panel. `seat_id` is the panel position
- * (0-indexed: Pro has seats 0–1, Max has 0–2). `role` is the review lens
- * — unique within a policy. `agent` (CLAUDE | GEMINI | CODEX) may repeat
- * across seats — single-vendor users get multiple same-kind seats with
- * distinct roles.
- */
-export interface ReviewerAgentSpec {
-    seatId: number;
-    role: ReviewerRole;
-    agent: 'CLAUDE' | 'GEMINI' | 'CODEX';
-    modelHint?: string | null;
-}
-export interface ReviewerAgentSpecInput {
-    seatId: number;
-    role: ReviewerRole;
-    agent: 'CLAUDE' | 'GEMINI' | 'CODEX';
-    modelHint?: string | null;
-}
-/**
- * Input for updateReviewerPolicy. Fields are independent:
- * - orchestrationEnabledDefault: set to true/false to persist the user's
- *   opt-in preference for new sessions. Null = leave unchanged.
- * - reviewerSeats: non-empty array sets a custom panel. Empty array
- *   resets to tier defaults. Null = leave unchanged.
- */
-export interface UpdateReviewerPolicyInput {
-    orchestrationEnabledDefault?: boolean | null;
-    reviewerSeats?: ReviewerAgentSpecInput[] | null;
-}
-/**
- * User record returned by updateAvailableAgents and updateReviewerPolicy.
- * Subset of the full AppSync User type — only the fields the two mutations
- * return. Use this in the AppSyncClient response typing, not as a general
- * "User" replacement.
- */
-export interface UserReviewerPolicySnapshot {
-    userId: string;
-    availableAgents?: Array<'CLAUDE' | 'GEMINI' | 'CODEX'> | null;
-    orchestrationEnabledDefault?: boolean | null;
-    reviewerSeats?: ReviewerAgentSpec[] | null;
-    updatedAt: string;
-}

package/node_modules/content-disposition/HISTORY.md

@@ -1,72 +0,0 @@
-1.0.1 / 2025-11-18
-=================
-
-  * Updated `engines` field to Node@18 or higher (fixed reference, see 1.0.0)
-  * Remove dependency `safe-buffer`
-
-1.0.0 / 2024-08-31
-==================
-
-  * drop node <18
-  * allow utf8 as alias for utf-8
-
-0.5.4 / 2021-12-10
-==================
-
-  * deps: safe-buffer@5.2.1
-
-0.5.3 / 2018-12-17
-==================
-
-  * Use `safe-buffer` for improved Buffer API
-
-0.5.2 / 2016-12-08
-==================
-
-  * Fix `parse` to accept any linear whitespace character
-
-0.5.1 / 2016-01-17
-==================
-
-  * perf: enable strict mode
-
-0.5.0 / 2014-10-11
-==================
-
-  * Add `parse` function
-
-0.4.0 / 2014-09-21
-==================
-
-  * Expand non-Unicode `filename` to the full ISO-8859-1 charset
-
-0.3.0 / 2014-09-20
-==================
-
-  * Add `fallback` option
-  * Add `type` option
-
-0.2.0 / 2014-09-19
-==================
-
-  * Reduce ambiguity of file names with hex escape in buggy browsers
-
-0.1.2 / 2014-09-19
-==================
-
-  * Fix periodic invalid Unicode filename header
-
-0.1.1 / 2014-09-19
-==================
-
-  * Fix invalid characters appearing in `filename*` parameter
-
-0.1.0 / 2014-09-18
-==================
-
-  * Make the `filename` argument optional
-
-0.0.0 / 2014-09-18
-==================
-
-  * Initial release