npm - @scheduler-systems/gal-run - Versions diffs - 0.0.399 → 0.0.401 - Mend

@scheduler-systems/gal-run 0.0.399 → 0.0.401

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.cjs +60 -7
package/package.json +1 -1

package/dist/index.cjs CHANGED Viewed

@@ -3970,7 +3970,7 @@ var cliVersion, defaultApiUrl, BUILD_CONSTANTS, constants_default;
 var init_constants = __esm({
   "src/constants.ts"() {
     "use strict";
-    cliVersion = true ? "0.0.399" : "0.0.0-dev";
+    cliVersion = true ? "0.0.401" : "0.0.0-dev";
     defaultApiUrl = true ? "https://api.gal.run" : "http://localhost:3000";
     BUILD_CONSTANTS = Object.freeze([cliVersion, defaultApiUrl]);
     constants_default = BUILD_CONSTANTS;
@@ -4880,7 +4880,7 @@ function detectEnvironment() {
     return "dev";
   }
   try {
-    const version2 = true ? "0.0.399" : void 0;
+    const version2 = true ? "0.0.401" : void 0;
     if (version2 && version2.includes("-local")) {
       return "dev";
     }
@@ -5249,7 +5249,7 @@ function getId() {
 }
 function getCliVersion() {
   try {
-    return true ? "0.0.399" : "0.0.0-dev";
+    return true ? "0.0.401" : "0.0.0-dev";
   } catch {
     return "0.0.0-dev";
   }
@@ -14409,7 +14409,60 @@ var init_capability_analyzer = __esm({
         message: "The prompt includes a production deployment operation. Production deploys require elevated cloud permissions and may impact live users.",
         recommendation: "Ensure the session has appropriate GCP / cloud IAM roles. Run a dry-run or staging deploy first to validate the change. Verify that required secrets (GCP_SA_KEY, etc.) are available to the runner."
       },
-      // 5. npm publish
+      // 5. Browser profile / persisted browser auth
+      {
+        ruleId: "BROWSER_PROFILE_REQUIREMENT",
+        category: "browser_profiles",
+        severity: "warning",
+        patterns: [
+          /\bbrowser\s+profile(s)?\b/i,
+          /\bbrowser_profile_ids\b/i,
+          /\bstorage\s*state\b/i,
+          /playwright.{0,40}(auth|profile|storage|cookie|session)/i,
+          /console\.(firebase|cloud)\.google\.com/i,
+          /(attach|inject|reuse|use).{0,40}browser.{0,30}profile/i
+        ],
+        title: "Browser profile requirement detected",
+        message: "The prompt indicates browser automation that may require persisted authenticated browser state. Without an active browser profile, UI/console operations can fail with login or permission errors.",
+        recommendation: "Ensure approved browser profile IDs are available for the target account and passed to dispatch. Prefer pre-seeded profiles for production consoles instead of interactive login inside the run."
+      },
+      // 6. Cloud authentication (GCP/Firebase)
+      {
+        ruleId: "CLOUD_AUTH_REQUIREMENT",
+        category: "cloud_auth",
+        severity: "warning",
+        patterns: [
+          /\bgcloud\s+auth\b/i,
+          /\bgcloud-adc\b/i,
+          /\bgoogle_application_credentials\b/i,
+          /\bgoogle\s+application\s+credentials\b/i,
+          /\bworkload\s+identity(\s+federation)?\b/i,
+          /\bfirebase\s+(admin|auth|cli|login)\b/i,
+          /\bservice\s+account\b/i,
+          /\bcloud\s+iam\b/i
+        ],
+        title: "Cloud authentication requirement detected",
+        message: "The prompt references GCP/Firebase authentication or cloud identity setup. Runs without valid cloud auth often fail at runtime with permission or credential errors.",
+        recommendation: "Verify that cloud auth is available before dispatch (for example Workload Identity or approved auth refs). Confirm the target account has the required IAM roles for the requested operation."
+      },
+      // 7. Approved environment secrets/auth refs
+      {
+        ruleId: "ENVIRONMENT_CONFIG_REQUIREMENT",
+        category: "environment_config",
+        severity: "warning",
+        patterns: [
+          /\benvironmentconfig\b/i,
+          /\benvironment\s+config(uration)?\b/i,
+          /\bapproved\s+environment\b/i,
+          /environment\.(secrets|auth)/i,
+          /secrets\/[a-z0-9._-]+/i,
+          /\b(secret|auth)\s+ref(erence)?s?\b/i
+        ],
+        title: "Approved environment configuration requirement detected",
+        message: "The prompt references environment-level secrets or auth references. If approved environment configuration is missing, dispatch can appear healthy but fail during execution.",
+        recommendation: "Confirm approved environment config includes all required secret/auth refs before dispatch. Block or defer dispatch when required refs are missing."
+      },
+      // 8. npm publish
       {
         ruleId: "NPM_PUBLISH",
         category: "npm_publish",
@@ -14428,7 +14481,7 @@ var init_capability_analyzer = __esm({
         message: "The prompt includes an npm publish operation. Publishing requires a valid npm token with publish rights to the target package scope.",
         recommendation: "Ensure NPM_TOKEN or NODE_AUTH_TOKEN is set in the runner environment. Verify the package version has been bumped and CHANGELOG is updated before publishing. Consider using a one-time publish token scoped to the specific package."
       },
-      // 6. Elevated / admin permissions
+      // 9. Elevated / admin permissions
       {
         ruleId: "ELEVATED_PERMISSIONS",
         category: "elevated_permissions",
@@ -14450,7 +14503,7 @@ var init_capability_analyzer = __esm({
         message: "The prompt references elevated permissions (admin merge, bypass reviews, skip CI checks). These operations should only be performed by authorised users in exceptional circumstances.",
         recommendation: "Document the reason for the elevated operation. Prefer the normal PR review flow. If CI must be skipped, add `[skip ci]` only to non-production changes."
       },
-      // 7. Org/repo admin operations requiring elevated GitHub App permissions (#1878)
+      // 10. Org/repo admin operations requiring elevated GitHub App permissions (#1878)
       //
       // The GitHub App integration token used by background sessions is scoped to
       // repository-level access.  Org-wide or repo-level admin write operations
@@ -71140,7 +71193,7 @@ var init_index = __esm({
 });
 // src/bootstrap.ts
-var cliVersion10 = true ? "0.0.399" : "0.0.0-dev";
+var cliVersion10 = true ? "0.0.401" : "0.0.0-dev";
 var args = process.argv.slice(2);
 var requestedGlobalHelp = args.length === 1 && (args[0] === "--help" || args[0] === "-h");
 var requestedVersion = args.length === 1 && (args[0] === "--version" || args[0] === "-V");

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@scheduler-systems/gal-run",
-  "version": "0.0.399",
+  "version": "0.0.401",
   "description": "GAL CLI - Command-line tool for managing AI agent configurations across your organization",
   "license": "Elastic-2.0",
   "private": false,