@shepai/cli 1.170.0 → 1.171.0-pr527.e2ee839

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (464) hide show
  1. package/apis/json-schema/ActionDispositionEntry.yaml +14 -0
  2. package/apis/json-schema/DependencyFinding.yaml +28 -0
  3. package/apis/json-schema/DependencyRiskType.yaml +11 -0
  4. package/apis/json-schema/DependencyRules.yaml +38 -0
  5. package/apis/json-schema/EffectivePolicySnapshot.yaml +24 -0
  6. package/apis/json-schema/ReleaseIntegrityCheck.yaml +22 -0
  7. package/apis/json-schema/ReleaseIntegrityCheckType.yaml +9 -0
  8. package/apis/json-schema/ReleaseIntegrityResult.yaml +16 -0
  9. package/apis/json-schema/ReleaseRules.yaml +21 -0
  10. package/apis/json-schema/SecurityActionCategory.yaml +10 -0
  11. package/apis/json-schema/SecurityActionDisposition.yaml +8 -0
  12. package/apis/json-schema/SecurityConfig.yaml +17 -0
  13. package/apis/json-schema/SecurityEvent.yaml +36 -0
  14. package/apis/json-schema/SecurityMode.yaml +8 -0
  15. package/apis/json-schema/SecurityPolicy.yaml +24 -0
  16. package/apis/json-schema/SecuritySeverity.yaml +9 -0
  17. package/apis/json-schema/Settings.yaml +3 -0
  18. package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts +15 -1
  19. package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts.map +1 -1
  20. package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts +3 -1
  21. package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts.map +1 -1
  22. package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts +76 -0
  23. package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts.map +1 -0
  24. package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.js +11 -0
  25. package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts +38 -0
  26. package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts.map +1 -1
  27. package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.js +9 -0
  28. package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.d.ts +77 -0
  29. package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.d.ts.map +1 -0
  30. package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.js +13 -0
  31. package/dist/packages/core/src/application/ports/output/services/spec-initializer.interface.d.ts +11 -0
  32. package/dist/packages/core/src/application/ports/output/services/spec-initializer.interface.d.ts.map +1 -1
  33. package/dist/packages/core/src/application/use-cases/agents/approve-agent-run.use-case.d.ts.map +1 -1
  34. package/dist/packages/core/src/application/use-cases/agents/approve-agent-run.use-case.js +2 -0
  35. package/dist/packages/core/src/application/use-cases/agents/reject-agent-run.use-case.d.ts.map +1 -1
  36. package/dist/packages/core/src/application/use-cases/agents/reject-agent-run.use-case.js +2 -0
  37. package/dist/packages/core/src/application/use-cases/features/check-and-unblock-features.use-case.d.ts.map +1 -1
  38. package/dist/packages/core/src/application/use-cases/features/check-and-unblock-features.use-case.js +2 -0
  39. package/dist/packages/core/src/application/use-cases/features/create/create-feature.use-case.d.ts.map +1 -1
  40. package/dist/packages/core/src/application/use-cases/features/create/create-feature.use-case.js +1 -0
  41. package/dist/packages/core/src/application/use-cases/features/resume-feature.use-case.d.ts.map +1 -1
  42. package/dist/packages/core/src/application/use-cases/features/resume-feature.use-case.js +2 -0
  43. package/dist/packages/core/src/application/use-cases/features/start-feature.use-case.d.ts.map +1 -1
  44. package/dist/packages/core/src/application/use-cases/features/start-feature.use-case.js +2 -0
  45. package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.d.ts +71 -0
  46. package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.d.ts.map +1 -0
  47. package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.js +215 -0
  48. package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.d.ts +24 -0
  49. package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.d.ts.map +1 -0
  50. package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.js +56 -0
  51. package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.d.ts +36 -0
  52. package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.d.ts.map +1 -0
  53. package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.js +76 -0
  54. package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.d.ts +14 -0
  55. package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.d.ts.map +1 -0
  56. package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.js +46 -0
  57. package/dist/packages/core/src/application/use-cases/upgrade/upgrade-cli.use-case.d.ts +1 -0
  58. package/dist/packages/core/src/application/use-cases/upgrade/upgrade-cli.use-case.d.ts.map +1 -1
  59. package/dist/packages/core/src/application/use-cases/upgrade/upgrade-cli.use-case.js +59 -2
  60. package/dist/packages/core/src/domain/errors/security-violation.error.d.ts +15 -0
  61. package/dist/packages/core/src/domain/errors/security-violation.error.d.ts.map +1 -0
  62. package/dist/packages/core/src/domain/errors/security-violation.error.js +20 -0
  63. package/dist/packages/core/src/domain/factories/settings-defaults.factory.d.ts.map +1 -1
  64. package/dist/packages/core/src/domain/factories/settings-defaults.factory.js +5 -1
  65. package/dist/packages/core/src/domain/generated/output.d.ts +259 -0
  66. package/dist/packages/core/src/domain/generated/output.d.ts.map +1 -1
  67. package/dist/packages/core/src/domain/generated/output.js +43 -0
  68. package/dist/packages/core/src/infrastructure/di/container.d.ts.map +1 -1
  69. package/dist/packages/core/src/infrastructure/di/container.js +57 -0
  70. package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.d.ts +44 -0
  71. package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.d.ts.map +1 -0
  72. package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.js +55 -0
  73. package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.d.ts +3 -0
  74. package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.d.ts.map +1 -1
  75. package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.js +14 -0
  76. package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.d.ts +18 -0
  77. package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.d.ts.map +1 -0
  78. package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.js +31 -0
  79. package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.d.ts +29 -0
  80. package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.d.ts.map +1 -0
  81. package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.js +53 -0
  82. package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.d.ts +24 -0
  83. package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.d.ts.map +1 -0
  84. package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.js +96 -0
  85. package/dist/packages/core/src/infrastructure/repositories/sqlite-settings.repository.d.ts.map +1 -1
  86. package/dist/packages/core/src/infrastructure/repositories/sqlite-settings.repository.js +12 -3
  87. package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.d.ts +2 -0
  88. package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.d.ts.map +1 -1
  89. package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.js +12 -0
  90. package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.d.ts +22 -0
  91. package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.d.ts.map +1 -0
  92. package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.js +30 -0
  93. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/fast-feature-agent-graph.d.ts +10 -0
  94. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/fast-feature-agent-graph.d.ts.map +1 -1
  95. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-graph.d.ts +34 -0
  96. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-graph.d.ts.map +1 -1
  97. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.d.ts +3 -1
  98. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.d.ts.map +1 -1
  99. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.js +7 -1
  100. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.d.ts +3 -1
  101. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.d.ts.map +1 -1
  102. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.js +32 -1
  103. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/node-helpers.d.ts.map +1 -1
  104. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/node-helpers.js +19 -0
  105. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.d.ts +45 -0
  106. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.d.ts.map +1 -0
  107. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.js +70 -0
  108. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.d.ts +4 -1
  109. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.d.ts.map +1 -1
  110. package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.js +10 -0
  111. package/dist/packages/core/src/infrastructure/services/external/github-repository.service.d.ts +10 -1
  112. package/dist/packages/core/src/infrastructure/services/external/github-repository.service.d.ts.map +1 -1
  113. package/dist/packages/core/src/infrastructure/services/external/github-repository.service.js +101 -1
  114. package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.d.ts +53 -0
  115. package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.d.ts.map +1 -0
  116. package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.js +241 -0
  117. package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.d.ts +44 -0
  118. package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.d.ts.map +1 -0
  119. package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.js +194 -0
  120. package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.d.ts +28 -0
  121. package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.d.ts.map +1 -0
  122. package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.js +50 -0
  123. package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.d.ts +26 -0
  124. package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.d.ts.map +1 -0
  125. package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.js +147 -0
  126. package/dist/packages/core/src/infrastructure/services/security/security-policy.service.d.ts +44 -0
  127. package/dist/packages/core/src/infrastructure/services/security/security-policy.service.d.ts.map +1 -0
  128. package/dist/packages/core/src/infrastructure/services/security/security-policy.service.js +174 -0
  129. package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.d.ts +1 -0
  130. package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.d.ts.map +1 -1
  131. package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.js +61 -0
  132. package/dist/src/presentation/cli/commands/security.command.d.ts +16 -0
  133. package/dist/src/presentation/cli/commands/security.command.d.ts.map +1 -0
  134. package/dist/src/presentation/cli/commands/security.command.js +118 -0
  135. package/dist/src/presentation/cli/commands/upgrade.command.d.ts.map +1 -1
  136. package/dist/src/presentation/cli/commands/upgrade.command.js +68 -3
  137. package/dist/src/presentation/cli/index.js +2 -0
  138. package/dist/src/presentation/web/app/actions/security.d.ts +28 -0
  139. package/dist/src/presentation/web/app/actions/security.d.ts.map +1 -0
  140. package/dist/src/presentation/web/app/actions/security.js +59 -0
  141. package/dist/src/presentation/web/app/build-graph-nodes.d.ts +3 -1
  142. package/dist/src/presentation/web/app/build-graph-nodes.d.ts.map +1 -1
  143. package/dist/src/presentation/web/app/build-graph-nodes.js +2 -0
  144. package/dist/src/presentation/web/components/common/feature-node/feature-node-state-config.d.ts +3 -1
  145. package/dist/src/presentation/web/components/common/feature-node/feature-node-state-config.d.ts.map +1 -1
  146. package/dist/src/presentation/web/components/common/feature-node/feature-node.d.ts.map +1 -1
  147. package/dist/src/presentation/web/components/common/feature-node/feature-node.js +2 -1
  148. package/dist/src/presentation/web/components/common/repository-node/repository-drawer.d.ts +3 -1
  149. package/dist/src/presentation/web/components/common/repository-node/repository-drawer.d.ts.map +1 -1
  150. package/dist/src/presentation/web/components/common/repository-node/repository-drawer.js +3 -2
  151. package/dist/src/presentation/web/components/common/repository-node/security-panel.d.ts +6 -0
  152. package/dist/src/presentation/web/components/common/repository-node/security-panel.d.ts.map +1 -0
  153. package/dist/src/presentation/web/components/common/repository-node/security-panel.js +29 -0
  154. package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.d.ts +10 -0
  155. package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.d.ts.map +1 -0
  156. package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.js +53 -0
  157. package/dist/src/presentation/web/components/common/security-badge.d.ts +7 -0
  158. package/dist/src/presentation/web/components/common/security-badge.d.ts.map +1 -0
  159. package/dist/src/presentation/web/components/common/security-badge.js +30 -0
  160. package/dist/src/presentation/web/components/common/security-badge.stories.d.ts +12 -0
  161. package/dist/src/presentation/web/components/common/security-badge.stories.d.ts.map +1 -0
  162. package/dist/src/presentation/web/components/common/security-badge.stories.js +20 -0
  163. package/dist/src/presentation/web/components/features/settings/settings-page-client.d.ts.map +1 -1
  164. package/dist/src/presentation/web/components/features/settings/settings-page-client.js +16 -3
  165. package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.d.ts +6 -0
  166. package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.d.ts.map +1 -0
  167. package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.js +60 -0
  168. package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts +14 -0
  169. package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts.map +1 -0
  170. package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.js +116 -0
  171. package/dist/translations/ar/cli.json +22 -0
  172. package/dist/translations/ar/web.json +43 -1
  173. package/dist/translations/de/cli.json +22 -0
  174. package/dist/translations/de/web.json +43 -1
  175. package/dist/translations/en/cli.json +22 -0
  176. package/dist/translations/en/web.json +43 -1
  177. package/dist/translations/es/cli.json +22 -0
  178. package/dist/translations/es/web.json +43 -1
  179. package/dist/translations/fr/cli.json +22 -0
  180. package/dist/translations/fr/web.json +43 -1
  181. package/dist/translations/he/cli.json +22 -0
  182. package/dist/translations/he/web.json +43 -1
  183. package/dist/translations/pt/cli.json +22 -0
  184. package/dist/translations/pt/web.json +43 -1
  185. package/dist/translations/ru/cli.json +22 -0
  186. package/dist/translations/ru/web.json +43 -1
  187. package/dist/tsconfig.build.tsbuildinfo +1 -1
  188. package/package.json +1 -1
  189. package/web/.next/BUILD_ID +1 -1
  190. package/web/.next/build-manifest.json +2 -2
  191. package/web/.next/fallback-build-manifest.json +2 -2
  192. package/web/.next/prerender-manifest.json +3 -3
  193. package/web/.next/required-server-files.js +3 -3
  194. package/web/.next/required-server-files.json +3 -3
  195. package/web/.next/server/app/(dashboard)/@drawer/adopt/page/server-reference-manifest.json +29 -29
  196. package/web/.next/server/app/(dashboard)/@drawer/adopt/page.js +2 -1
  197. package/web/.next/server/app/(dashboard)/@drawer/adopt/page.js.nft.json +1 -1
  198. package/web/.next/server/app/(dashboard)/@drawer/adopt/page_client-reference-manifest.js +1 -1
  199. package/web/.next/server/app/(dashboard)/@drawer/chat/page/server-reference-manifest.json +27 -27
  200. package/web/.next/server/app/(dashboard)/@drawer/chat/page.js +2 -1
  201. package/web/.next/server/app/(dashboard)/@drawer/chat/page.js.nft.json +1 -1
  202. package/web/.next/server/app/(dashboard)/@drawer/chat/page_client-reference-manifest.js +1 -1
  203. package/web/.next/server/app/(dashboard)/@drawer/create/page/server-reference-manifest.json +30 -30
  204. package/web/.next/server/app/(dashboard)/@drawer/create/page.js +2 -1
  205. package/web/.next/server/app/(dashboard)/@drawer/create/page.js.nft.json +1 -1
  206. package/web/.next/server/app/(dashboard)/@drawer/create/page_client-reference-manifest.js +1 -1
  207. package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page/server-reference-manifest.json +38 -38
  208. package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page.js +2 -1
  209. package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page.js.nft.json +1 -1
  210. package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page_client-reference-manifest.js +1 -1
  211. package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page/server-reference-manifest.json +38 -38
  212. package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page.js +2 -1
  213. package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page.js.nft.json +1 -1
  214. package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page_client-reference-manifest.js +1 -1
  215. package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page/server-reference-manifest.json +28 -28
  216. package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page.js +2 -1
  217. package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page.js.nft.json +1 -1
  218. package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page_client-reference-manifest.js +1 -1
  219. package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page/server-reference-manifest.json +28 -28
  220. package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page.js +2 -1
  221. package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page.js.nft.json +1 -1
  222. package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page_client-reference-manifest.js +1 -1
  223. package/web/.next/server/app/(dashboard)/chat/page/server-reference-manifest.json +27 -27
  224. package/web/.next/server/app/(dashboard)/chat/page.js +2 -1
  225. package/web/.next/server/app/(dashboard)/chat/page.js.nft.json +1 -1
  226. package/web/.next/server/app/(dashboard)/chat/page_client-reference-manifest.js +1 -1
  227. package/web/.next/server/app/(dashboard)/create/page/server-reference-manifest.json +30 -30
  228. package/web/.next/server/app/(dashboard)/create/page.js +2 -1
  229. package/web/.next/server/app/(dashboard)/create/page.js.nft.json +1 -1
  230. package/web/.next/server/app/(dashboard)/create/page_client-reference-manifest.js +1 -1
  231. package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page/server-reference-manifest.json +38 -38
  232. package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page.js +2 -1
  233. package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page.js.nft.json +1 -1
  234. package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page_client-reference-manifest.js +1 -1
  235. package/web/.next/server/app/(dashboard)/feature/[featureId]/page/server-reference-manifest.json +38 -38
  236. package/web/.next/server/app/(dashboard)/feature/[featureId]/page.js +2 -1
  237. package/web/.next/server/app/(dashboard)/feature/[featureId]/page.js.nft.json +1 -1
  238. package/web/.next/server/app/(dashboard)/feature/[featureId]/page_client-reference-manifest.js +1 -1
  239. package/web/.next/server/app/(dashboard)/page/server-reference-manifest.json +27 -27
  240. package/web/.next/server/app/(dashboard)/page.js +2 -1
  241. package/web/.next/server/app/(dashboard)/page.js.nft.json +1 -1
  242. package/web/.next/server/app/(dashboard)/page_client-reference-manifest.js +1 -1
  243. package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page/server-reference-manifest.json +28 -28
  244. package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page.js +2 -1
  245. package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page.js.nft.json +1 -1
  246. package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page_client-reference-manifest.js +1 -1
  247. package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page/server-reference-manifest.json +28 -28
  248. package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page.js +2 -1
  249. package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page.js.nft.json +1 -1
  250. package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page_client-reference-manifest.js +1 -1
  251. package/web/.next/server/app/_global-error.html +2 -2
  252. package/web/.next/server/app/_global-error.rsc +1 -1
  253. package/web/.next/server/app/_global-error.segments/__PAGE__.segment.rsc +1 -1
  254. package/web/.next/server/app/_global-error.segments/_full.segment.rsc +1 -1
  255. package/web/.next/server/app/_global-error.segments/_head.segment.rsc +1 -1
  256. package/web/.next/server/app/_global-error.segments/_index.segment.rsc +1 -1
  257. package/web/.next/server/app/_global-error.segments/_tree.segment.rsc +1 -1
  258. package/web/.next/server/app/_not-found/page/server-reference-manifest.json +6 -6
  259. package/web/.next/server/app/_not-found/page.js.nft.json +1 -1
  260. package/web/.next/server/app/_not-found/page_client-reference-manifest.js +1 -1
  261. package/web/.next/server/app/api/attachments/preview/route.js.nft.json +1 -1
  262. package/web/.next/server/app/api/evidence/route.js.nft.json +1 -1
  263. package/web/.next/server/app/api/graph-data/route.js.nft.json +1 -1
  264. package/web/.next/server/app/api/interactive/chat/[featureId]/messages/route.js.nft.json +1 -1
  265. package/web/.next/server/app/api/sessions/route.js.nft.json +1 -1
  266. package/web/.next/server/app/api/sessions-batch/route.js.nft.json +1 -1
  267. package/web/.next/server/app/features/page/server-reference-manifest.json +6 -6
  268. package/web/.next/server/app/features/page.js.nft.json +1 -1
  269. package/web/.next/server/app/features/page_client-reference-manifest.js +1 -1
  270. package/web/.next/server/app/settings/page/server-reference-manifest.json +33 -18
  271. package/web/.next/server/app/settings/page.js +1 -1
  272. package/web/.next/server/app/settings/page.js.nft.json +1 -1
  273. package/web/.next/server/app/settings/page_client-reference-manifest.js +1 -1
  274. package/web/.next/server/app/skills/page/server-reference-manifest.json +13 -13
  275. package/web/.next/server/app/skills/page.js +2 -1
  276. package/web/.next/server/app/skills/page.js.nft.json +1 -1
  277. package/web/.next/server/app/skills/page_client-reference-manifest.js +1 -1
  278. package/web/.next/server/app/tools/page/server-reference-manifest.json +11 -11
  279. package/web/.next/server/app/tools/page.js +2 -1
  280. package/web/.next/server/app/tools/page.js.nft.json +1 -1
  281. package/web/.next/server/app/tools/page_client-reference-manifest.js +1 -1
  282. package/web/.next/server/app/version/page/server-reference-manifest.json +6 -6
  283. package/web/.next/server/app/version/page.js.nft.json +1 -1
  284. package/web/.next/server/app/version/page_client-reference-manifest.js +1 -1
  285. package/web/.next/server/chunks/403f9_next_dist_esm_build_templates_app-route_370c43b1.js +1 -1
  286. package/web/.next/server/chunks/403f9_next_dist_esm_build_templates_app-route_370c43b1.js.map +1 -1
  287. package/web/.next/server/chunks/[root-of-the-server]__a402b567._.js +1 -1
  288. package/web/.next/server/chunks/[root-of-the-server]__c78383b1._.js +1 -1
  289. package/web/.next/server/chunks/[root-of-the-server]__c78383b1._.js.map +1 -1
  290. package/web/.next/server/chunks/[root-of-the-server]__cd67a84c._.js +1 -1
  291. package/web/.next/server/chunks/[root-of-the-server]__cd67a84c._.js.map +1 -1
  292. package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_adopt_page_actions_ad0071c9.js +3 -0
  293. package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_adopt_page_actions_ad0071c9.js.map +1 -0
  294. package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_chat_page_actions_90d98b2b.js +3 -0
  295. package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_chat_page_actions_90d98b2b.js.map +1 -0
  296. package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_chat_page_actions_d3828105.js +3 -0
  297. package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_chat_page_actions_d3828105.js.map +1 -0
  298. package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_create-drawer-client_tsx_5e26fc0a._.js +1 -1
  299. package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_create-drawer-client_tsx_5e26fc0a._.js.map +1 -1
  300. package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_feature-drawer-client_tsx_e9755fc8._.js +2 -2
  301. package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_feature-drawer-client_tsx_e9755fc8._.js.map +1 -1
  302. package/web/.next/server/chunks/ssr/[root-of-the-server]__1f389e5d._.js +1 -1
  303. package/web/.next/server/chunks/ssr/[root-of-the-server]__1f389e5d._.js.map +1 -1
  304. package/web/.next/server/chunks/ssr/[root-of-the-server]__357d99f9._.js +1 -1
  305. package/web/.next/server/chunks/ssr/[root-of-the-server]__51ec77a8._.js +3 -0
  306. package/web/.next/server/chunks/ssr/[root-of-the-server]__51ec77a8._.js.map +1 -0
  307. package/web/.next/server/chunks/ssr/[root-of-the-server]__540c615f._.js +4 -0
  308. package/web/.next/server/chunks/ssr/[root-of-the-server]__540c615f._.js.map +1 -0
  309. package/web/.next/server/chunks/ssr/[root-of-the-server]__66047a1b._.js +3 -0
  310. package/web/.next/server/chunks/ssr/[root-of-the-server]__66047a1b._.js.map +1 -0
  311. package/web/.next/server/chunks/ssr/[root-of-the-server]__6c7d3936._.js +1 -1
  312. package/web/.next/server/chunks/ssr/[root-of-the-server]__6c7d3936._.js.map +1 -1
  313. package/web/.next/server/chunks/ssr/[root-of-the-server]__9a9cb046._.js +3 -0
  314. package/web/.next/server/chunks/ssr/[root-of-the-server]__9a9cb046._.js.map +1 -0
  315. package/web/.next/server/chunks/ssr/[root-of-the-server]__a2d6c0ac._.js +4 -0
  316. package/web/.next/server/chunks/ssr/[root-of-the-server]__a2d6c0ac._.js.map +1 -0
  317. package/web/.next/server/chunks/ssr/[root-of-the-server]__a932cd3a._.js +3 -0
  318. package/web/.next/server/chunks/ssr/[root-of-the-server]__a932cd3a._.js.map +1 -0
  319. package/web/.next/server/chunks/ssr/[root-of-the-server]__aa72e794._.js +3 -0
  320. package/web/.next/server/chunks/ssr/[root-of-the-server]__aa72e794._.js.map +1 -0
  321. package/web/.next/server/chunks/ssr/[root-of-the-server]__b7b96453._.js +1 -1
  322. package/web/.next/server/chunks/ssr/[root-of-the-server]__b7b96453._.js.map +1 -1
  323. package/web/.next/server/chunks/ssr/_02580450._.js +3 -0
  324. package/web/.next/server/chunks/ssr/_02580450._.js.map +1 -0
  325. package/web/.next/server/chunks/ssr/_05c23ad9._.js +1 -1
  326. package/web/.next/server/chunks/ssr/_05c23ad9._.js.map +1 -1
  327. package/web/.next/server/chunks/ssr/_1594e369._.js +9 -0
  328. package/web/.next/server/chunks/ssr/_1594e369._.js.map +1 -0
  329. package/web/.next/server/chunks/ssr/_16eb4fec._.js +1 -1
  330. package/web/.next/server/chunks/ssr/_16eb4fec._.js.map +1 -1
  331. package/web/.next/server/chunks/ssr/_21d37090._.js +3 -0
  332. package/web/.next/server/chunks/ssr/_21d37090._.js.map +1 -0
  333. package/web/.next/server/chunks/ssr/_45496654._.js +1 -1
  334. package/web/.next/server/chunks/ssr/_45496654._.js.map +1 -1
  335. package/web/.next/server/chunks/ssr/_4cbb7f95._.js +1 -1
  336. package/web/.next/server/chunks/ssr/_4cbb7f95._.js.map +1 -1
  337. package/web/.next/server/chunks/ssr/_5119a3df._.js +1 -1
  338. package/web/.next/server/chunks/ssr/_5119a3df._.js.map +1 -1
  339. package/web/.next/server/chunks/ssr/_56b9d60f._.js +1 -1
  340. package/web/.next/server/chunks/ssr/_56b9d60f._.js.map +1 -1
  341. package/web/.next/server/chunks/ssr/{_0d7dd23b._.js → _767748d2._.js} +2 -2
  342. package/web/.next/server/chunks/ssr/_767748d2._.js.map +1 -0
  343. package/web/.next/server/chunks/ssr/_df737cce._.js +1 -1
  344. package/web/.next/server/chunks/ssr/{_77ae079a._.js → _ee42a212._.js} +2 -2
  345. package/web/.next/server/chunks/ssr/{_77ae079a._.js.map → _ee42a212._.js.map} +1 -1
  346. package/web/.next/server/chunks/ssr/_f8c55130._.js +4 -0
  347. package/web/.next/server/chunks/ssr/_f8c55130._.js.map +1 -0
  348. package/web/.next/server/chunks/ssr/_ff04802c._.js +3 -0
  349. package/web/.next/server/chunks/ssr/_ff04802c._.js.map +1 -0
  350. package/web/.next/server/chunks/ssr/b1a17_presentation_web_components_features_settings_settings-page-client_tsx_6ed9d5f8._.js +1 -1
  351. package/web/.next/server/chunks/ssr/b1a17_presentation_web_components_features_settings_settings-page-client_tsx_6ed9d5f8._.js.map +1 -1
  352. package/web/.next/server/chunks/ssr/f3a1f_components_common_control-center-drawer_repository-drawer-client_tsx_39a00c03._.js +1 -1
  353. package/web/.next/server/chunks/ssr/f3a1f_components_common_control-center-drawer_repository-drawer-client_tsx_39a00c03._.js.map +1 -1
  354. package/web/.next/server/chunks/ssr/src_presentation_web_17d39233._.js +3 -0
  355. package/web/.next/server/chunks/ssr/src_presentation_web_17d39233._.js.map +1 -0
  356. package/web/.next/server/chunks/ssr/src_presentation_web_54b02639._.js +5 -0
  357. package/web/.next/server/chunks/ssr/src_presentation_web_54b02639._.js.map +1 -0
  358. package/web/.next/server/chunks/ssr/src_presentation_web_7b7b9e3b._.js +5 -0
  359. package/web/.next/server/chunks/ssr/src_presentation_web_7b7b9e3b._.js.map +1 -0
  360. package/web/.next/server/chunks/ssr/src_presentation_web_807cba76._.js +3 -0
  361. package/web/.next/server/chunks/ssr/src_presentation_web_807cba76._.js.map +1 -0
  362. package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_(dashboard)_page_actions_90b5e66e.js +3 -0
  363. package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_(dashboard)_page_actions_90b5e66e.js.map +1 -0
  364. package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_skills_page_actions_4ce30db7.js +3 -0
  365. package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_skills_page_actions_4ce30db7.js.map +1 -0
  366. package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_tools_page_actions_e4032193.js +3 -0
  367. package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_tools_page_actions_e4032193.js.map +1 -0
  368. package/web/.next/server/chunks/ssr/src_presentation_web_app_actions_open-ide_ts_baaca5d5._.js +1 -1
  369. package/web/.next/server/chunks/ssr/src_presentation_web_ca99d62d._.js +1 -1
  370. package/web/.next/server/chunks/ssr/src_presentation_web_ca99d62d._.js.map +1 -1
  371. package/web/.next/server/chunks/ssr/src_presentation_web_components_895e5bfa._.js +1 -1
  372. package/web/.next/server/chunks/ssr/src_presentation_web_components_895e5bfa._.js.map +1 -1
  373. package/web/.next/server/chunks/ssr/src_presentation_web_components_features_control-center_7ac3562e._.js +1 -1
  374. package/web/.next/server/chunks/ssr/src_presentation_web_components_features_control-center_7ac3562e._.js.map +1 -1
  375. package/web/.next/server/chunks/ssr/src_presentation_web_components_features_skills_8a174cac._.js +1 -1
  376. package/web/.next/server/chunks/ssr/src_presentation_web_components_features_skills_8a174cac._.js.map +1 -1
  377. package/web/.next/server/chunks/ssr/src_presentation_web_db9fa0c2._.js +1 -1
  378. package/web/.next/server/chunks/ssr/src_presentation_web_db9fa0c2._.js.map +1 -1
  379. package/web/.next/server/chunks/ssr/src_presentation_web_e1cd1869._.js +3 -0
  380. package/web/.next/server/chunks/ssr/src_presentation_web_e1cd1869._.js.map +1 -0
  381. package/web/.next/server/chunks/ssr/src_presentation_web_e3a30e30._.js +3 -0
  382. package/web/.next/server/chunks/ssr/src_presentation_web_e3a30e30._.js.map +1 -0
  383. package/web/.next/server/chunks/ssr/translations_23dd5e7e._.js +1 -1
  384. package/web/.next/server/chunks/ssr/translations_23dd5e7e._.js.map +1 -1
  385. package/web/.next/server/pages/500.html +2 -2
  386. package/web/.next/server/server-reference-manifest.js +1 -1
  387. package/web/.next/server/server-reference-manifest.json +74 -59
  388. package/web/.next/static/chunks/051873309d87fb45.css +1 -0
  389. package/web/.next/static/chunks/{8e12deeabf6624e9.js → 16fa4d3877c28fe2.js} +1 -1
  390. package/web/.next/static/chunks/23d80bb760e7dc4c.js +1 -0
  391. package/web/.next/static/chunks/30a0ba9015f94405.js +7 -0
  392. package/web/.next/static/chunks/{7a6854bb07182777.js → 39f6ad3f9005703a.js} +1 -1
  393. package/web/.next/static/chunks/3aba9d2242420cb5.js +1 -0
  394. package/web/.next/static/chunks/7a6f56f37aaa17ea.js +1 -0
  395. package/web/.next/static/chunks/{b0a6fce5425f8d3a.js → 7e05e7e25220ee9a.js} +1 -1
  396. package/web/.next/static/chunks/{f9da308b3033c57a.js → 89dd90bf14488ec0.js} +1 -1
  397. package/web/.next/static/chunks/{2b2f3a70ebd6ac1c.js → 9374d251360e808b.js} +1 -1
  398. package/web/.next/static/chunks/{f29814a72404ea2b.js → 9423dc2310202fda.js} +1 -1
  399. package/web/.next/static/chunks/a794cf7a1a5648dd.js +1 -0
  400. package/web/.next/static/chunks/{3d1df5c349d855eb.js → a8edb9423086e83f.js} +1 -1
  401. package/web/.next/static/chunks/ae81796726a9bba3.js +1 -0
  402. package/web/.next/static/chunks/{a3802d6f8677cd04.js → b9c62932ed987239.js} +2 -2
  403. package/web/.next/static/chunks/{c5a0b452afc8fe47.js → d1c3e0ee8e788c87.js} +1 -1
  404. package/web/.next/static/chunks/{ca23a8642f750548.js → e8c3c12f92e9a521.js} +2 -2
  405. package/web/.next/static/chunks/f3d5e0ae13def35a.js +1 -0
  406. package/web/.next/static/chunks/{d5366257d6b9f855.js → fb8dadb64c0ffc6b.js} +1 -1
  407. package/web/.next/static/chunks/fd232b88b5b50b2e.js +1 -0
  408. package/web/.next/server/chunks/ssr/[root-of-the-server]__1cd4327c._.js +0 -4
  409. package/web/.next/server/chunks/ssr/[root-of-the-server]__1cd4327c._.js.map +0 -1
  410. package/web/.next/server/chunks/ssr/[root-of-the-server]__4fb81977._.js +0 -4
  411. package/web/.next/server/chunks/ssr/[root-of-the-server]__4fb81977._.js.map +0 -1
  412. package/web/.next/server/chunks/ssr/[root-of-the-server]__7dcd0917._.js +0 -4
  413. package/web/.next/server/chunks/ssr/[root-of-the-server]__7dcd0917._.js.map +0 -1
  414. package/web/.next/server/chunks/ssr/[root-of-the-server]__92ffd5ee._.js +0 -4
  415. package/web/.next/server/chunks/ssr/[root-of-the-server]__92ffd5ee._.js.map +0 -1
  416. package/web/.next/server/chunks/ssr/[root-of-the-server]__b020c17d._.js +0 -4
  417. package/web/.next/server/chunks/ssr/[root-of-the-server]__b020c17d._.js.map +0 -1
  418. package/web/.next/server/chunks/ssr/[root-of-the-server]__ba7f5873._.js +0 -4
  419. package/web/.next/server/chunks/ssr/[root-of-the-server]__ba7f5873._.js.map +0 -1
  420. package/web/.next/server/chunks/ssr/[root-of-the-server]__c5e09f6f._.js +0 -4
  421. package/web/.next/server/chunks/ssr/[root-of-the-server]__c5e09f6f._.js.map +0 -1
  422. package/web/.next/server/chunks/ssr/[root-of-the-server]__fa525872._.js +0 -3
  423. package/web/.next/server/chunks/ssr/[root-of-the-server]__fa525872._.js.map +0 -1
  424. package/web/.next/server/chunks/ssr/_02e01240._.js +0 -4
  425. package/web/.next/server/chunks/ssr/_02e01240._.js.map +0 -1
  426. package/web/.next/server/chunks/ssr/_0d7dd23b._.js.map +0 -1
  427. package/web/.next/server/chunks/ssr/_18886033._.js +0 -4
  428. package/web/.next/server/chunks/ssr/_18886033._.js.map +0 -1
  429. package/web/.next/server/chunks/ssr/_22e00a14._.js +0 -4
  430. package/web/.next/server/chunks/ssr/_22e00a14._.js.map +0 -1
  431. package/web/.next/server/chunks/ssr/_43ba79e7._.js +0 -3
  432. package/web/.next/server/chunks/ssr/_43ba79e7._.js.map +0 -1
  433. package/web/.next/server/chunks/ssr/_a5a5901d._.js +0 -4
  434. package/web/.next/server/chunks/ssr/_a5a5901d._.js.map +0 -1
  435. package/web/.next/server/chunks/ssr/_a963dd3c._.js +0 -3
  436. package/web/.next/server/chunks/ssr/_a963dd3c._.js.map +0 -1
  437. package/web/.next/server/chunks/ssr/_ad09f271._.js +0 -4
  438. package/web/.next/server/chunks/ssr/_ad09f271._.js.map +0 -1
  439. package/web/.next/server/chunks/ssr/_c3f595c6._.js +0 -4
  440. package/web/.next/server/chunks/ssr/_c3f595c6._.js.map +0 -1
  441. package/web/.next/server/chunks/ssr/_deabc145._.js +0 -3
  442. package/web/.next/server/chunks/ssr/_deabc145._.js.map +0 -1
  443. package/web/.next/server/chunks/ssr/_e3f14907._.js +0 -9
  444. package/web/.next/server/chunks/ssr/_e3f14907._.js.map +0 -1
  445. package/web/.next/server/chunks/ssr/_ea9e1556._.js +0 -4
  446. package/web/.next/server/chunks/ssr/_ea9e1556._.js.map +0 -1
  447. package/web/.next/server/chunks/ssr/_f1ba9be6._.js +0 -6
  448. package/web/.next/server/chunks/ssr/_f1ba9be6._.js.map +0 -1
  449. package/web/.next/server/chunks/ssr/_f33cd07e._.js +0 -6
  450. package/web/.next/server/chunks/ssr/_f33cd07e._.js.map +0 -1
  451. package/web/.next/server/chunks/ssr/_f8b45233._.js +0 -4
  452. package/web/.next/server/chunks/ssr/_f8b45233._.js.map +0 -1
  453. package/web/.next/static/chunks/06a86173379e6c51.js +0 -1
  454. package/web/.next/static/chunks/16ed73f9880b7d63.js +0 -1
  455. package/web/.next/static/chunks/4559a403ee40dd19.js +0 -7
  456. package/web/.next/static/chunks/74e5b5c7950efbc1.js +0 -1
  457. package/web/.next/static/chunks/8b0a9cb5109fe899.js +0 -1
  458. package/web/.next/static/chunks/9c6f8f49799efd3a.js +0 -1
  459. package/web/.next/static/chunks/b14085e99b88e7f7.css +0 -1
  460. package/web/.next/static/chunks/b65e555419a0c664.js +0 -1
  461. package/web/.next/static/chunks/f51250616da82bd2.js +0 -1
  462. /package/web/.next/static/{0KDwNT3AGQmFGIwjHx99r → t6SUt71jyk_PYf152Imog}/_buildManifest.js +0 -0
  463. /package/web/.next/static/{0KDwNT3AGQmFGIwjHx99r → t6SUt71jyk_PYf152Imog}/_clientMiddlewareManifest.json +0 -0
  464. /package/web/.next/static/{0KDwNT3AGQmFGIwjHx99r → t6SUt71jyk_PYf152Imog}/_ssgManifest.js +0 -0
package/apis/json-schema/ActionDispositionEntry.yaml ADDED
@@ -0,0 +1,14 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: ActionDispositionEntry.yaml
3
+ type: object
4
+ properties:
5
+ category:
6
+ $ref: SecurityActionCategory.yaml
7
+ description: The action category
8
+ disposition:
9
+ $ref: SecurityActionDisposition.yaml
10
+ description: How this action should be handled
11
+ required:
12
+ - category
13
+ - disposition
14
+ description: Mapping of an action category to its enforcement disposition
package/apis/json-schema/DependencyFinding.yaml ADDED
@@ -0,0 +1,28 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: DependencyFinding.yaml
3
+ type: object
4
+ properties:
5
+ packageName:
6
+ type: string
7
+ description: Package name (e.g. 'lodash', '@types/node')
8
+ version:
9
+ type: string
10
+ description: Package version or range (e.g. '^4.17.0')
11
+ severity:
12
+ $ref: SecuritySeverity.yaml
13
+ description: Severity of this finding
14
+ riskType:
15
+ $ref: DependencyRiskType.yaml
16
+ description: Type of dependency risk detected
17
+ message:
18
+ type: string
19
+ description: Human-readable description of the finding
20
+ remediation:
21
+ type: string
22
+ description: Actionable remediation guidance
23
+ required:
24
+ - packageName
25
+ - severity
26
+ - riskType
27
+ - message
28
+ description: Single dependency risk finding
package/apis/json-schema/DependencyRiskType.yaml ADDED
@@ -0,0 +1,11 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: DependencyRiskType.yaml
3
+ type: string
4
+ enum:
5
+ - LockfileInconsistency
6
+ - NonRegistrySource
7
+ - LifecycleScript
8
+ - DenylistViolation
9
+ - AllowlistViolation
10
+ - VersionRangePolicy
11
+ description: Type of dependency risk finding
package/apis/json-schema/DependencyRules.yaml ADDED
@@ -0,0 +1,38 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: DependencyRules.yaml
3
+ type: object
4
+ properties:
5
+ checkLockfileConsistency:
6
+ type: boolean
7
+ default: true
8
+ description: "Check manifest-lockfile consistency (default: true)"
9
+ checkLifecycleScripts:
10
+ type: boolean
11
+ default: true
12
+ description: "Flag packages with lifecycle scripts (default: true)"
13
+ checkNonRegistrySource:
14
+ type: boolean
15
+ default: true
16
+ description: "Flag non-registry dependency sources (default: true)"
17
+ enforceStrictVersionRanges:
18
+ type: boolean
19
+ default: false
20
+ description: "Enforce strict version ranges — no ^ or * (default: false)"
21
+ allowlist:
22
+ type: array
23
+ items:
24
+ type: string
25
+ description: Packages explicitly allowed (empty = allow all)
26
+ denylist:
27
+ type: array
28
+ items:
29
+ type: string
30
+ description: Packages explicitly denied
31
+ required:
32
+ - checkLockfileConsistency
33
+ - checkLifecycleScripts
34
+ - checkNonRegistrySource
35
+ - enforceStrictVersionRanges
36
+ - allowlist
37
+ - denylist
38
+ description: Dependency risk evaluation policy rules
package/apis/json-schema/EffectivePolicySnapshot.yaml ADDED
@@ -0,0 +1,24 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: EffectivePolicySnapshot.yaml
3
+ type: object
4
+ properties:
5
+ mode:
6
+ $ref: SecurityMode.yaml
7
+ description: Resolved effective security mode
8
+ source:
9
+ type: string
10
+ description: Where the policy was sourced from (e.g. 'shep.security.yaml', 'settings-default')
11
+ evaluatedAt:
12
+ type: string
13
+ description: ISO timestamp when this snapshot was computed
14
+ actionDispositions:
15
+ type: array
16
+ items:
17
+ $ref: ActionDispositionEntry.yaml
18
+ description: Resolved per-action-category enforcement dispositions
19
+ required:
20
+ - mode
21
+ - source
22
+ - evaluatedAt
23
+ - actionDispositions
24
+ description: Computed effective security policy snapshot
package/apis/json-schema/ReleaseIntegrityCheck.yaml ADDED
@@ -0,0 +1,22 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: ReleaseIntegrityCheck.yaml
3
+ type: object
4
+ properties:
5
+ checkType:
6
+ $ref: ReleaseIntegrityCheckType.yaml
7
+ description: Type of check performed
8
+ passed:
9
+ type: boolean
10
+ description: Whether this check passed
11
+ message:
12
+ type: string
13
+ description: Human-readable description of the result
14
+ severity:
15
+ $ref: SecuritySeverity.yaml
16
+ description: Severity when this check fails
17
+ required:
18
+ - checkType
19
+ - passed
20
+ - message
21
+ - severity
22
+ description: Result of a single release integrity check
package/apis/json-schema/ReleaseIntegrityCheckType.yaml ADDED
@@ -0,0 +1,9 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: ReleaseIntegrityCheckType.yaml
3
+ type: string
4
+ enum:
5
+ - CiOnlyPublishing
6
+ - SecretConfiguration
7
+ - ProvenanceConfiguration
8
+ - WorkflowIntegrity
9
+ description: Type of release integrity check
package/apis/json-schema/ReleaseIntegrityResult.yaml ADDED
@@ -0,0 +1,16 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: ReleaseIntegrityResult.yaml
3
+ type: object
4
+ properties:
5
+ checks:
6
+ type: array
7
+ items:
8
+ $ref: ReleaseIntegrityCheck.yaml
9
+ description: Individual check results
10
+ passed:
11
+ type: boolean
12
+ description: Whether all checks passed
13
+ required:
14
+ - checks
15
+ - passed
16
+ description: Aggregated release integrity evaluation result
package/apis/json-schema/ReleaseRules.yaml ADDED
@@ -0,0 +1,21 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: ReleaseRules.yaml
3
+ type: object
4
+ properties:
5
+ requireCiOnlyPublishing:
6
+ type: boolean
7
+ default: true
8
+ description: "Require publishing from CI only, not local (default: true)"
9
+ requireProvenance:
10
+ type: boolean
11
+ default: true
12
+ description: "Require npm provenance flags on publish (default: true)"
13
+ checkWorkflowIntegrity:
14
+ type: boolean
15
+ default: true
16
+ description: "Check that release workflow has not been tampered with (default: true)"
17
+ required:
18
+ - requireCiOnlyPublishing
19
+ - requireProvenance
20
+ - checkWorkflowIntegrity
21
+ description: Release integrity policy rules
package/apis/json-schema/SecurityActionCategory.yaml ADDED
@@ -0,0 +1,10 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: SecurityActionCategory.yaml
3
+ type: string
4
+ enum:
5
+ - DependencyInstall
6
+ - PackageScriptExec
7
+ - CiWorkflowModify
8
+ - PublishRelease
9
+ - SandboxEscalation
10
+ description: Categories of risky agent actions for runtime guardrails
package/apis/json-schema/SecurityActionDisposition.yaml ADDED
@@ -0,0 +1,8 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: SecurityActionDisposition.yaml
3
+ type: string
4
+ enum:
5
+ - Allowed
6
+ - Denied
7
+ - ApprovalRequired
8
+ description: Enforcement disposition for a security action category
package/apis/json-schema/SecurityConfig.yaml ADDED
@@ -0,0 +1,17 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: SecurityConfig.yaml
3
+ type: object
4
+ properties:
5
+ mode:
6
+ $ref: SecurityMode.yaml
7
+ default: Advisory
8
+ description: "Effective security mode (default: Advisory)"
9
+ lastEvaluationAt:
10
+ type: string
11
+ description: ISO timestamp of last policy evaluation (null if never evaluated)
12
+ policySource:
13
+ type: string
14
+ description: Source of the active security policy (null if never evaluated)
15
+ required:
16
+ - mode
17
+ description: Supply-chain security configuration persisted in settings
package/apis/json-schema/SecurityEvent.yaml ADDED
@@ -0,0 +1,36 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: SecurityEvent.yaml
3
+ type: object
4
+ properties:
5
+ repositoryPath:
6
+ type: string
7
+ description: Absolute path to the repository this event belongs to
8
+ featureId:
9
+ type: string
10
+ description: Feature ID if this event occurred during a feature run
11
+ severity:
12
+ $ref: SecuritySeverity.yaml
13
+ description: Severity of this security event
14
+ category:
15
+ $ref: SecurityActionCategory.yaml
16
+ description: Action category that triggered this event
17
+ disposition:
18
+ $ref: SecurityActionDisposition.yaml
19
+ description: How the action was handled (allowed, denied, approval-required)
20
+ actor:
21
+ type: string
22
+ description: Actor or source that triggered this event (agent, user, CI)
23
+ message:
24
+ type: string
25
+ description: Human-readable event description
26
+ remediationSummary:
27
+ type: string
28
+ description: Actionable remediation guidance
29
+ required:
30
+ - repositoryPath
31
+ - severity
32
+ - category
33
+ - disposition
34
+ allOf:
35
+ - $ref: BaseEntity.yaml
36
+ description: Persisted security event for audit and observability
package/apis/json-schema/SecurityMode.yaml ADDED
@@ -0,0 +1,8 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: SecurityMode.yaml
3
+ type: string
4
+ enum:
5
+ - Disabled
6
+ - Advisory
7
+ - Enforce
8
+ description: Effective security mode for a repository
package/apis/json-schema/SecurityPolicy.yaml ADDED
@@ -0,0 +1,24 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: SecurityPolicy.yaml
3
+ type: object
4
+ properties:
5
+ mode:
6
+ $ref: SecurityMode.yaml
7
+ description: Desired security mode for this repository
8
+ actionDispositions:
9
+ type: array
10
+ items:
11
+ $ref: ActionDispositionEntry.yaml
12
+ description: Per-action-category enforcement dispositions
13
+ dependencyRules:
14
+ $ref: DependencyRules.yaml
15
+ description: Dependency risk evaluation rules
16
+ releaseRules:
17
+ $ref: ReleaseRules.yaml
18
+ description: Release integrity check rules
19
+ required:
20
+ - mode
21
+ - actionDispositions
22
+ - dependencyRules
23
+ - releaseRules
24
+ description: Security policy configuration from shep.security.yaml
package/apis/json-schema/SecuritySeverity.yaml ADDED
@@ -0,0 +1,9 @@
1
+ $schema: https://json-schema.org/draft/2020-12/schema
2
+ $id: SecuritySeverity.yaml
3
+ type: string
4
+ enum:
5
+ - Low
6
+ - Medium
7
+ - High
8
+ - Critical
9
+ description: Severity level for security findings
package/apis/json-schema/Settings.yaml CHANGED
@@ -36,6 +36,9 @@ properties:
36
36
  fabLayout:
37
37
  $ref: FabLayoutConfig.yaml
38
38
  description: FAB layout configuration (optional, defaults applied at runtime)
39
+ security:
40
+ $ref: SecurityConfig.yaml
41
+ description: Supply-chain security configuration (optional, defaults applied at runtime)
39
42
  required:
40
43
  - models
41
44
  - user
package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts CHANGED
@@ -20,7 +20,7 @@
20
20
  * }
21
21
  * ```
22
22
  */
23
- import type { AgentType, AgentFeature } from '../../../../domain/generated/output.js';
23
+ import type { AgentType, AgentFeature, SecurityMode, SecurityActionCategory, SecurityActionDisposition } from '../../../../domain/generated/output.js';
24
24
  /**
25
25
  * Token usage and execution statistics returned by an agent.
26
26
  */
@@ -62,6 +62,18 @@ export interface AgentExecutionStreamEvent {
62
62
  /** When the event was emitted */
63
63
  timestamp: Date;
64
64
  }
65
+ /**
66
+ * Security constraints derived from the effective security policy.
67
+ * Passed to executors so they can validate compatibility before launch.
68
+ */
69
+ export interface SecurityConstraints {
70
+ /** Effective security mode for this execution */
71
+ mode: SecurityMode;
72
+ /** Per-action-category enforcement dispositions */
73
+ actionDispositions: Record<SecurityActionCategory, SecurityActionDisposition>;
74
+ /** Required sandbox level (e.g. 'strict' forbids --dangerously-skip-permissions) */
75
+ sandboxLevel: 'permissive' | 'strict';
76
+ }
65
77
  /**
66
78
  * Options for controlling agent execution behavior.
67
79
  */
@@ -88,6 +100,8 @@ export interface AgentExecutionOptions {
88
100
  disableMcp?: boolean;
89
101
  /** Restrict available built-in tools via --tools flag */
90
102
  tools?: string[];
103
+ /** Security policy constraints for this execution */
104
+ securityConstraints?: SecurityConstraints;
91
105
  }
92
106
  /**
93
107
  * Port interface for executing prompts against an AI agent.
package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"agent-executor.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/agents/agent-executor.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,wCAAwC,CAAC;AAEtF;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,8DAA8D;IAC9D,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,uDAAuD;IACvD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,4BAA4B;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qDAAqD;IACrD,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,mBAAmB,CAAC;IAC5B,yCAAyC;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,2DAA2D;IAC3D,IAAI,EAAE,UAAU,GAAG,QAAQ,GAAG,OAAO,CAAC;IACtC,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,iCAAiC;IACjC,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,sCAAsC;IACtC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mDAAmD;IACnD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oCAAoC;IACpC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wEAAwE;IACxE,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,mEAAmE;IACnE,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,yDAAyD;IACzD,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,cAAc;IAC7B,8CAA8C;IAC9C,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAE9B;;;;;;OAMG;IACH,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAExF;;;;;;OAMG;IACH,aAAa,CACX,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,qBAAqB,GAC9B,aAAa,CAAC,yBAAyB,CAAC,CAAC;IAE5C;;;;;OAKG;IACH,eAAe,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC;CACjD"}
1
+ {"version":3,"file":"agent-executor.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/agents/agent-executor.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,KAAK,EACV,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,sBAAsB,EACtB,yBAAyB,EAC1B,MAAM,wCAAwC,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,8DAA8D;IAC9D,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,uDAAuD;IACvD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,4BAA4B;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qDAAqD;IACrD,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,mBAAmB,CAAC;IAC5B,yCAAyC;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,2DAA2D;IAC3D,IAAI,EAAE,UAAU,GAAG,QAAQ,GAAG,OAAO,CAAC;IACtC,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,iCAAiC;IACjC,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,iDAAiD;IACjD,IAAI,EAAE,YAAY,CAAC;IACnB,mDAAmD;IACnD,kBAAkB,EAAE,MAAM,CAAC,sBAAsB,EAAE,yBAAyB,CAAC,CAAC;IAC9E,oFAAoF;IACpF,YAAY,EAAE,YAAY,GAAG,QAAQ,CAAC;CACvC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,sCAAsC;IACtC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mDAAmD;IACnD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oCAAoC;IACpC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wEAAwE;IACxE,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,mEAAmE;IACnE,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,yDAAyD;IACzD,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,qDAAqD;IACrD,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;CAC3C;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,cAAc;IAC7B,8CAA8C;IAC9C,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAE9B;;;;;;OAMG;IACH,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAExF;;;;;;OAMG;IACH,aAAa,CACX,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,qBAAqB,GAC9B,aAAa,CAAC,yBAAyB,CAAC,CAAC;IAE5C;;;;;OAKG;IACH,eAAe,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC;CACjD"}
package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts CHANGED
@@ -9,7 +9,7 @@
9
9
  * - Application layer depends on this interface
10
10
  * - Infrastructure layer provides concrete implementation
11
11
  */
12
- import type { ApprovalGates, AgentType } from '../../../../domain/generated/output.js';
12
+ import type { ApprovalGates, AgentType, SecurityMode, SecurityActionCategory, SecurityActionDisposition } from '../../../../domain/generated/output.js';
13
13
  /**
14
14
  * Service interface for feature agent background process management.
15
15
  */
@@ -40,6 +40,8 @@ export interface IFeatureAgentProcessService {
40
40
  fast?: boolean;
41
41
  model?: string;
42
42
  resumeReason?: string;
43
+ securityMode?: SecurityMode;
44
+ securityActionDispositions?: Partial<Record<SecurityActionCategory, SecurityActionDisposition>>;
43
45
  }): number;
44
46
  /**
45
47
  * Check if a process is still alive.
package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"feature-agent-process.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/agents/feature-agent-process.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,wCAAwC,CAAC;AAEvF;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;;;;;;;OAQG;IACH,KAAK,CACH,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,YAAY,CAAC,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE;QACR,aAAa,CAAC,EAAE,aAAa,CAAC;QAC9B,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,GACA,MAAM,CAAC;IAEV;;;;;OAKG;IACH,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAE9B;;;;;OAKG;IACH,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnD"}
1
+ {"version":3,"file":"feature-agent-process.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/agents/feature-agent-process.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EACV,aAAa,EACb,SAAS,EACT,YAAY,EACZ,sBAAsB,EACtB,yBAAyB,EAC1B,MAAM,wCAAwC,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;;;;;;;OAQG;IACH,KAAK,CACH,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,YAAY,CAAC,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE;QACR,aAAa,CAAC,EAAE,aAAa,CAAC;QAC9B,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,YAAY,CAAC;QAC5B,0BAA0B,CAAC,EAAE,OAAO,CAClC,MAAM,CAAC,sBAAsB,EAAE,yBAAyB,CAAC,CAC1D,CAAC;KACH,GACA,MAAM,CAAC;IAEV;;;;;OAKG;IACH,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAE9B;;;;;OAKG;IACH,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnD"}
package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts ADDED
@@ -0,0 +1,76 @@
1
+ /**
2
+ * Security Event Repository Interface
3
+ *
4
+ * Output port for SecurityEvent persistence operations.
5
+ * Implementations handle database-specific logic (SQLite, etc.).
6
+ *
7
+ * Following Clean Architecture:
8
+ * - Domain and Application layers depend on this interface
9
+ * - Infrastructure layer provides concrete implementations
10
+ */
11
+ import type { SecurityEvent, SecuritySeverity } from '../../../../domain/generated/output.js';
12
+ /**
13
+ * Options for querying security events.
14
+ */
15
+ export interface SecurityEventQueryOptions {
16
+ /** Maximum number of events to return */
17
+ limit?: number;
18
+ /** Number of events to skip (for pagination) */
19
+ offset?: number;
20
+ /** Filter by minimum severity level */
21
+ severity?: SecuritySeverity;
22
+ }
23
+ /**
24
+ * Repository interface for SecurityEvent entity persistence.
25
+ *
26
+ * Implementations must:
27
+ * - Handle database connection management
28
+ * - Provide thread-safe operations (SQLite WAL handles concurrency)
29
+ * - Support repository-scoped and feature-scoped queries
30
+ * - Use parameterized queries for all SQL operations
31
+ */
32
+ export interface ISecurityEventRepository {
33
+ /**
34
+ * Persist a new security event.
35
+ *
36
+ * @param event - The security event to persist
37
+ */
38
+ save(event: SecurityEvent): Promise<void>;
39
+ /**
40
+ * Find security events for a given repository path.
41
+ *
42
+ * Results are ordered by created_at DESC (most recent first).
43
+ *
44
+ * @param repositoryPath - Absolute path to the repository
45
+ * @param options - Optional query filters and pagination
46
+ * @returns Array of matching security events
47
+ */
48
+ findByRepository(repositoryPath: string, options?: SecurityEventQueryOptions): Promise<SecurityEvent[]>;
49
+ /**
50
+ * Find security events for a given feature run.
51
+ *
52
+ * Results are ordered by created_at DESC (most recent first).
53
+ *
54
+ * @param featureId - The feature ID to filter by
55
+ * @param options - Optional query filters and pagination
56
+ * @returns Array of matching security events
57
+ */
58
+ findByFeature(featureId: string, options?: SecurityEventQueryOptions): Promise<SecurityEvent[]>;
59
+ /**
60
+ * Delete security events older than the given date.
61
+ *
62
+ * Used for 90-day retention cleanup.
63
+ *
64
+ * @param date - Events created before this date will be deleted
65
+ * @returns Number of events deleted
66
+ */
67
+ deleteOlderThan(date: Date): Promise<number>;
68
+ /**
69
+ * Count security events for a given repository path.
70
+ *
71
+ * @param repositoryPath - Absolute path to the repository
72
+ * @returns Total count of security events
73
+ */
74
+ count(repositoryPath: string): Promise<number>;
75
+ }
76
+ //# sourceMappingURL=security-event.repository.interface.d.ts.map
package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"security-event.repository.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/repositories/security-event.repository.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,wCAAwC,CAAC;AAE9F;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gDAAgD;IAChD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,uCAAuC;IACvC,QAAQ,CAAC,EAAE,gBAAgB,CAAC;CAC7B;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;;OAIG;IACH,IAAI,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE1C;;;;;;;;OAQG;IACH,gBAAgB,CACd,cAAc,EAAE,MAAM,EACtB,OAAO,CAAC,EAAE,yBAAyB,GAClC,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAE5B;;;;;;;;OAQG;IACH,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,yBAAyB,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAEhG;;;;;;;OAOG;IACH,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE7C;;;;;OAKG;IACH,KAAK,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAChD"}
package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.js ADDED
@@ -0,0 +1,11 @@
1
+ /**
2
+ * Security Event Repository Interface
3
+ *
4
+ * Output port for SecurityEvent persistence operations.
5
+ * Implementations handle database-specific logic (SQLite, etc.).
6
+ *
7
+ * Following Clean Architecture:
8
+ * - Domain and Application layers depend on this interface
9
+ * - Infrastructure layer provides concrete implementations
10
+ */
11
+ export {};
package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts CHANGED
@@ -88,6 +88,28 @@ export interface ParsedGitHubUrl {
88
88
  /** Combined owner/repo (e.g. "octocat/my-project") */
89
89
  nameWithOwner: string;
90
90
  }
91
+ /**
92
+ * Category of a governance audit finding.
93
+ */
94
+ export declare enum GovernanceFindingCategory {
95
+ BranchProtection = "BranchProtection",
96
+ Codeowners = "Codeowners",
97
+ WorkflowPermissions = "WorkflowPermissions"
98
+ }
99
+ /**
100
+ * A single finding from a GitHub governance audit.
101
+ * Findings are advisory-only — Shep reports gaps but does not mutate remote settings.
102
+ */
103
+ export interface GovernanceFinding {
104
+ /** Category of the governance check */
105
+ category: GovernanceFindingCategory;
106
+ /** Severity of the finding */
107
+ severity: 'Low' | 'Medium' | 'High' | 'Critical' | 'Unknown';
108
+ /** Human-readable description of the finding */
109
+ message: string;
110
+ /** Actionable remediation guidance */
111
+ remediation: string;
112
+ }
91
113
  /**
92
114
  * Output port for GitHub repository operations.
93
115
  *
@@ -151,5 +173,21 @@ export interface IGitHubRepositoryService {
151
173
  * @throws {GitHubPermissionError} if the permission check fails (e.g. gh not installed, not authenticated)
152
174
  */
153
175
  getViewerPermission(repoPath: string): Promise<string>;
176
+ /**
177
+ * Audit repository governance settings via the gh CLI.
178
+ *
179
+ * Checks branch protection rules, CODEOWNERS presence, and workflow
180
+ * permissions. Returns findings with severity and remediation suggestions.
181
+ * This is audit-only — no remote settings are mutated.
182
+ *
183
+ * Handles auth/permission errors gracefully by returning an Unknown-severity
184
+ * finding instead of throwing.
185
+ *
186
+ * @param owner - Repository owner (e.g. "octocat")
187
+ * @param repo - Repository name (e.g. "my-project")
188
+ * @param defaultBranch - Branch to check protection for (default: "main")
189
+ * @returns Array of governance findings (empty if all checks pass)
190
+ */
191
+ auditRepositoryGovernance(owner: string, repo: string, defaultBranch?: string): Promise<GovernanceFinding[]>;
154
192
  }
155
193
  //# sourceMappingURL=github-repository-service.interface.d.ts.map
package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"github-repository-service.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/services/github-repository-service.interface.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;GAEG;AACH,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAMD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,6DAA6D;IAC7D,aAAa,EAAE,MAAM,CAAC;IACtB,mDAAmD;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,SAAS,EAAE,OAAO,CAAC;IACnB,iDAAiD;IACjD,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,qCAAqC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+FAA+F;IAC/F,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,gDAAgD;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,qDAAqD;IACrD,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,4EAA4E;IAC5E,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,sDAAsD;IACtD,aAAa,EAAE,MAAM,CAAC;CACvB;AAMD;;;;GAIG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;;OAIG;IACH,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE3B;;;;;;;OAOG;IACH,eAAe,CACb,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,YAAY,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB;;;;;;;;OAQG;IACH,oBAAoB,CAAC,OAAO,CAAC,EAAE,2BAA2B,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAEnF;;;;;OAKG;IACH,iBAAiB,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAEnD;;;;;;;;;;;;OAYG;IACH,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,CAAC;IAE7C;;;;;;;;;OASG;IACH,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACxD"}
1
+ {"version":3,"file":"github-repository-service.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/services/github-repository-service.interface.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;GAEG;AACH,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAMD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,6DAA6D;IAC7D,aAAa,EAAE,MAAM,CAAC;IACtB,mDAAmD;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,SAAS,EAAE,OAAO,CAAC;IACnB,iDAAiD;IACjD,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,qCAAqC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+FAA+F;IAC/F,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,gDAAgD;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,qDAAqD;IACrD,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,4EAA4E;IAC5E,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,sDAAsD;IACtD,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,oBAAY,yBAAyB;IACnC,gBAAgB,qBAAqB;IACrC,UAAU,eAAe;IACzB,mBAAmB,wBAAwB;CAC5C;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,uCAAuC;IACvC,QAAQ,EAAE,yBAAyB,CAAC;IACpC,8BAA8B;IAC9B,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,GAAG,SAAS,CAAC;IAC7D,gDAAgD;IAChD,OAAO,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAC;CACrB;AAMD;;;;GAIG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;;OAIG;IACH,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE3B;;;;;;;OAOG;IACH,eAAe,CACb,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,YAAY,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB;;;;;;;;OAQG;IACH,oBAAoB,CAAC,OAAO,CAAC,EAAE,2BAA2B,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAEnF;;;;;OAKG;IACH,iBAAiB,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAEnD;;;;;;;;;;;;OAYG;IACH,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,CAAC;IAE7C;;;;;;;;;OASG;IACH,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvD;;;;;;;;;;;;;;OAcG;IACH,yBAAyB,CACvB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;CACjC"}
package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.js CHANGED
@@ -68,3 +68,12 @@ export class GitHubPermissionError extends Error {
68
68
  this.cause = cause;
69
69
  }
70
70
  }
71
+ /**
72
+ * Category of a governance audit finding.
73
+ */
74
+ export var GovernanceFindingCategory;
75
+ (function (GovernanceFindingCategory) {
76
+ GovernanceFindingCategory["BranchProtection"] = "BranchProtection";
77
+ GovernanceFindingCategory["Codeowners"] = "Codeowners";
78
+ GovernanceFindingCategory["WorkflowPermissions"] = "WorkflowPermissions";
79
+ })(GovernanceFindingCategory || (GovernanceFindingCategory = {}));
package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.d.ts ADDED
@@ -0,0 +1,77 @@
1
+ /**
2
+ * Security Policy Service Interface
3
+ *
4
+ * Output port for the central security policy engine.
5
+ * Implementations handle policy file reading, validation, merging
6
+ * with persisted settings, and deterministic policy evaluation.
7
+ *
8
+ * Following Clean Architecture:
9
+ * - Application and use-case layers depend on this interface
10
+ * - Infrastructure layer provides the concrete implementation
11
+ * - All consumers (CLI, runtime, CI, UI) resolve the same instance via DI
12
+ */
13
+ import type { EffectivePolicySnapshot, SecurityActionCategory, SecurityActionDisposition } from '../../../../domain/generated/output.js';
14
+ /**
15
+ * Result of validating a security policy file.
16
+ */
17
+ export interface PolicyValidationResult {
18
+ /** Whether the policy file is valid */
19
+ valid: boolean;
20
+ /** Per-field validation error messages (empty when valid) */
21
+ errors: string[];
22
+ }
23
+ /**
24
+ * Service interface for security policy evaluation.
25
+ *
26
+ * Implementations must:
27
+ * - Read shep.security.yaml from the repository root
28
+ * - Merge repository policy with persisted settings defaults
29
+ * - Apply deterministic precedence (global defaults < repo policy)
30
+ * - Cache effective policy per repository path
31
+ * - Fail fast on invalid policy files with actionable errors
32
+ */
33
+ export interface ISecurityPolicyService {
34
+ /**
35
+ * Evaluate and compute the effective security policy for a repository.
36
+ *
37
+ * Reads the policy file, merges with persisted settings defaults,
38
+ * validates, and returns a deterministic snapshot. Re-evaluates
39
+ * on every call (no cache).
40
+ *
41
+ * @param repositoryPath - Absolute path to the repository root
42
+ * @returns Computed effective policy snapshot
43
+ * @throws Error if the policy file exists but is invalid
44
+ */
45
+ evaluatePolicy(repositoryPath: string): Promise<EffectivePolicySnapshot>;
46
+ /**
47
+ * Get the effective security policy for a repository.
48
+ *
49
+ * Returns a cached snapshot if available, otherwise computes
50
+ * and caches the result. Use evaluatePolicy() to force re-evaluation.
51
+ *
52
+ * @param repositoryPath - Absolute path to the repository root
53
+ * @returns Cached or freshly computed effective policy snapshot
54
+ * @throws Error if the policy file exists but is invalid
55
+ */
56
+ getEffectivePolicy(repositoryPath: string): Promise<EffectivePolicySnapshot>;
57
+ /**
58
+ * Validate a security policy file without computing effective policy.
59
+ *
60
+ * Parses and validates the file against the expected schema.
61
+ * Returns a structured result with per-field error messages.
62
+ *
63
+ * @param filePath - Absolute path to the policy file
64
+ * @returns Validation result with errors array
65
+ */
66
+ validatePolicyFile(filePath: string): Promise<PolicyValidationResult>;
67
+ /**
68
+ * Look up the enforcement disposition for a specific action category
69
+ * within a given effective policy snapshot.
70
+ *
71
+ * @param policy - The effective policy snapshot to query
72
+ * @param actionCategory - The action category to look up
73
+ * @returns The disposition (Allowed, Denied, or ApprovalRequired)
74
+ */
75
+ getActionDisposition(policy: EffectivePolicySnapshot, actionCategory: SecurityActionCategory): SecurityActionDisposition;
76
+ }
77
+ //# sourceMappingURL=security-policy-service.interface.d.ts.map