@sanity/ailf 6.1.2 → 7.0.0

package/dist/webhook/eval-request-handler.js

@@ -10,21 +10,25 @@
  * Designed to run in any HTTP environment: Cloudflare Workers, Vercel
  * functions, Express, Hono, etc.
  *
- * Supports two scoping modes:
- * - **Release-scoped** — requires `perspective` field
- * - **Task-scoped** — requires `tasks` array (optionally with `areas`)
- *
- * At least one of `perspective` or `tasks` must be present.
+ * The eval-request document carries a canonical `PipelineRequest` JSON
+ * blob in its `pipelineRequest` field (see W0239). The handler parses it
+ * via `PipelineRequestSchema` from `@sanity/ailf-core` and forwards it
+ * to the dispatcher as-is. Scoping (release-scoped via `perspective`,
+ * task-scoped via `tasks`) is asserted on the parsed `PipelineRequest`
+ * — at least one must be present.
  *
  * Flow:
  * 1. Receive eval request payload (from Sanity webhook projection)
- * 2. Validate: must be `ailf.evalRequest` type, `pending` status,
- *    with either `perspective` or `tasks`
- * 3. Dispatch evaluation to GitHub Actions via `repository_dispatch`
- *    with `external-eval` event type and scoped client payload
- * 4. On success: PATCH the eval request document → `status: "dispatched"`
- * 5. On failure: PATCH the eval request document → `status: "failed"` + error
- * 6. Return a structured result
+ * 2. Validate envelope: must be `ailf.evalRequest` type, `pending` status,
+ *    `pipelineRequest` present
+ * 3. Parse + Zod-validate `pipelineRequest` against `PipelineRequestSchema`
+ * 4. Assert scoping: parsed request must have `perspective` or `tasks`
+ * 5. Dispatch evaluation to GitHub Actions via `repository_dispatch`
+ *    with `external-eval` event type — the parsed `PipelineRequest`
+ *    rides as `client_payload.request` unchanged
+ * 6. On success: PATCH the eval request document → `status: "dispatched"`
+ * 7. On failure: PATCH the eval request document → `status: "failed"` + error
+ * 8. Return a structured result
  *
  * ## Sanity Manage Webhook Configuration
  *
@@ -45,6 +49,7 @@
  * @see docs/design-docs/report-store/visibility-workflows.md
  */
 import { createClient } from "@sanity/client";
+import { PipelineRequestSchema } from "../_vendor/ailf-core/index.js";
 // ---------------------------------------------------------------------------
 // Constants
 // ---------------------------------------------------------------------------
@@ -116,18 +121,33 @@ export async function handleEvalRequest(payload, config) {
             requestId,
         };
     }
-    const hasPerspective = !!payload.perspective;
-    const hasTasks = Array.isArray(payload.tasks) && payload.tasks.length > 0;
+    if (!payload.pipelineRequest) {
+        return markFailed("Missing required field: pipelineRequest. The eval-request document " +
+            "must carry a canonical PipelineRequest JSON serialization.");
+    }
+    let parsedRequest;
+    try {
+        parsedRequest = JSON.parse(payload.pipelineRequest);
+    }
+    catch (err) {
+        return markFailed(`pipelineRequest is not valid JSON: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    const parseResult = PipelineRequestSchema.safeParse(parsedRequest);
+    if (!parseResult.success) {
+        return markFailed(`pipelineRequest failed PipelineRequestSchema validation: ${parseResult.error.message}`);
+    }
+    const request = reconcileCallerIdentity(parseResult.data, payload.requestedBy);
+    const hasPerspective = !!request.perspective;
+    const hasTasks = Array.isArray(request.tasks) && request.tasks.length > 0;
     if (!hasPerspective && !hasTasks) {
-        return markFailed("Missing required field: perspective or tasks. " +
-            "Provide a content release perspective for release evals, " +
-            "or a tasks array for task-scoped evals.");
+        return markFailed("pipelineRequest must scope the evaluation: provide either " +
+            "`perspective` (release-scoped) or `tasks` (task-scoped).");
     }
     // -------------------------------------------------------------------------
     // 3. Dispatch evaluation via GitHub Actions
     // -------------------------------------------------------------------------
     const repo = config.githubRepo ?? DEFAULT_REPO;
-    const dispatchResult = await dispatchGitHubEval(repo, payload, config);
+    const dispatchResult = await dispatchGitHubEval(repo, request, config);
     // -------------------------------------------------------------------------
     // 4. Update eval request document status
     // -------------------------------------------------------------------------
@@ -152,46 +172,66 @@ export async function handleEvalRequest(payload, config) {
     // Dispatch failed — mark the document as failed
     return markFailed(dispatchResult.error ?? "Unknown dispatch error");
 }
+// ---------------------------------------------------------------------------
+// Internal helpers
+// ---------------------------------------------------------------------------
+/**
+ * Reconcile caller-claimed identity against the trustworthy Sanity write
+ * context.
+ *
+ * The `pipelineRequest` blob is authored by whoever wrote the Sanity
+ * document — a browser writer (App SDK dashboard) can set
+ * `executor.name` / `owner.individual` to any string, including
+ * someone else's. The webhook's only trustworthy identity signal is
+ * `payload.requestedBy` (the Sanity-session-authenticated writer).
+ *
+ * Per D0037, `owner.team` is caller-supplied (the caller knows their
+ * team); `executor.surface` / `executor.type` are caller-supplied.
+ * Identity fields (`executor.name`, `executor.githubActor`,
+ * `owner.individual`) are overwritten or stripped server-side here so
+ * downstream provenance reflects who actually wrote the document, not
+ * what they claimed.
+ *
+ * When `requestedBy` is missing (legacy documents), the executor/owner
+ * identity fields are stripped — the pipeline's server-side detection
+ * fills them as best it can.
+ */
+function reconcileCallerIdentity(request, requestedBy) {
+    const out = { ...request };
+    if (request.executor) {
+        out.executor = {
+            ...request.executor,
+            ...(requestedBy ? { name: requestedBy } : { name: undefined }),
+            githubActor: undefined,
+        };
+    }
+    if (request.owner) {
+        out.owner = {
+            ...request.owner,
+            ...(requestedBy
+                ? { individual: requestedBy }
+                : { individual: undefined }),
+        };
+    }
+    return out;
+}
 /**
  * Dispatch an evaluation via GitHub Actions repository_dispatch.
  *
- * Supports both release-scoped (perspective) and task-scoped (tasks/areas)
- * evaluations. Uses the `external-eval` event type with a client_payload
- * conforming to PipelineRequestSchema. The workflow passes it directly to
- * the CLI via `--config` without field translation.
+ * Forwards the already-validated `PipelineRequest` as-is under
+ * `client_payload.request` — no field translation, no hardcoded
+ * overrides. The workflow passes the request to the CLI via `--config`.
+ *
+ * Workflow-level metadata (`caller_repo`) stays at the top level of
+ * `client_payload` for the workflow to read, separate from the
+ * pipeline-invocation contract.
  */
-async function dispatchGitHubEval(repo, payload, config) {
+async function dispatchGitHubEval(repo, request, config) {
     const url = `${GITHUB_API}/repos/${repo}/dispatches`;
-    const hasPerspective = !!payload.perspective;
-    const hasTasks = Array.isArray(payload.tasks) && payload.tasks.length > 0;
-    const hasAreas = Array.isArray(payload.areas) && payload.areas.length > 0;
-    // Nest the PipelineRequest under `request` to stay within GitHub's
-    // 10-property limit on client_payload. Workflow-level metadata
-    // (caller_repo) stays at the top level for the workflow to read.
     const body = {
         client_payload: {
             caller_repo: "sanity-io/www-sanity-io",
-            request: {
-                dataset: payload.dataset,
-                mode: payload.mode,
-                projectId: payload.projectId,
-                publish: true,
-                source: "production",
-                // Studio-initiated evals always use Content Lake as the task source.
-                // Without this, the pipeline only loads filesystem .task.ts files and
-                // Studio-owned tasks are invisible.
-                taskMode: "content-lake",
-                // Release-scoped fields
-                ...(hasPerspective ? { perspective: payload.perspective } : {}),
-                // Task-scoped fields
-                ...(hasTasks ? { tasks: payload.tasks } : {}),
-                ...(hasAreas ? { areas: payload.areas } : {}),
-                ...(payload.debug ? { debug: true } : {}),
-                ...(payload.tag ? { publishTag: payload.tag } : {}),
-                ...(payload.sourceReportId
-                    ? { sourceReportId: payload.sourceReportId }
-                    : {}),
-            },
+            request,
         },
         event_type: "external-eval",
     };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sanity/ailf",
-  "version": "6.1.2",
+  "version": "7.0.0",
   "private": false,
   "publishConfig": {
     "access": "public"
@@ -56,8 +56,8 @@
     "tsx": "^4.19.2",
     "typescript": "^5.7.3",
     "vitest": "^4.1.5",
-    "@sanity/ailf-core": "0.1.0",
-    "@sanity/ailf-shared": "0.1.0"
+    "@sanity/ailf-shared": "0.1.0",
+    "@sanity/ailf-core": "0.1.0"
   },
   "scripts": {
     "build": "tsc && tsc -p tsconfig.scripts.json && tsx scripts/bundle-workspace-deps.ts",