npm - @shepai/cli - Versions diffs - 1.170.0 → 1.171.0-pr527.e2ee839 - Mend

@shepai/cli 1.170.0 → 1.171.0-pr527.e2ee839

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (464) hide show

package/dist/src/presentation/web/components/features/settings/settings-page-client.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use client';
 import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
 import { useState, useTransition, useRef, useEffect, useCallback } from 'react';
-import { Check, Bot, Terminal, GitBranch, Activity, Bell, Flag, Database, Globe, Minus, Plus, ExternalLink, Settings2, Timer, MessageSquare, LayoutGrid, } from 'lucide-react';
+import { Check, Bot, Terminal, GitBranch, Activity, Bell, Flag, Database, Globe, Minus, Plus, ExternalLink, Settings2, Timer, MessageSquare, LayoutGrid, Shield, } from 'lucide-react';
 import { toast } from 'sonner';
 import { useTranslation } from 'react-i18next';
 import { cn } from '../../../lib/utils.js';
@@ -9,11 +9,12 @@ import { Label } from '../../ui/label.js';
 import { Switch } from '../../ui/switch.js';
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue, } from '../../ui/select.js';
 import { updateSettingsAction } from '../../../app/actions/update-settings.js';
-import { EditorType, Language, TerminalType, } from '../../../../../../packages/core/src/domain/generated/output.js';
+import { EditorType, Language, SecurityMode, TerminalType, } from '../../../../../../packages/core/src/domain/generated/output.js';
 import { getEditorTypeIcon } from '../../common/editor-type-icons.js';
 import { AgentModelPicker } from '../../features/settings/AgentModelPicker/index.js';
 import { LanguageSettingsSection } from '../../features/settings/language-settings-section.js';
 import { TimeoutSlider } from '../../features/settings/timeout-slider.js';
+import { SupplyChainSecuritySettingsSection } from '../../features/settings/supply-chain-security-settings-section.js';
 const EDITOR_OPTIONS = [
     { value: EditorType.VsCode, label: 'VS Code' },
     { value: EditorType.Cursor, label: 'Cursor' },
@@ -31,6 +32,7 @@ const SECTIONS = [
     { id: 'agent', labelKey: 'settings.sections.agent', icon: Bot },
     { id: 'environment', labelKey: 'settings.sections.environment', icon: Terminal },
     { id: 'workflow', labelKey: 'settings.sections.workflow', icon: GitBranch },
+    { id: 'security', labelKey: 'settings.sections.security', icon: Shield },
     { id: 'ci', labelKey: 'settings.sections.ci', icon: Activity },
     { id: 'stage-timeouts', labelKey: 'settings.sections.timeouts', icon: Timer },
     { id: 'notifications', labelKey: 'settings.sections.notifications', icon: Bell },
@@ -440,7 +442,18 @@ export function SettingsPageClient({ settings, shepHome, dbFileSize, availableTe
                                         label: t('settings.workflow.links.pushAndPrFlags'),
                                         href: 'https://github.com/shep-ai/shep/blob/main/specs/037-feature-pr-push-flags/spec.yaml',
                                     },
-                                ], children: t('settings.workflow.hint') })] }), _jsxs("div", { id: "section-ci", className: "grid scroll-mt-18 grid-cols-1 gap-x-5 rounded-lg lg:grid-cols-[1fr_280px]", children: [_jsxs(SettingsSection, { icon: Activity, title: t('settings.ci.title'), description: t('settings.ci.description'), testId: "ci-settings-section", children: [_jsx(SettingsRow, { label: t('settings.ci.maxFixAttempts'), description: t('settings.ci.maxFixAttemptsDescription'), htmlFor: "ci-max-fix", children: _jsx(NumberStepper, { id: "ci-max-fix", testId: "ci-max-fix-input", placeholder: "3", value: ciMaxFix, onChange: setCiMaxFix, onBlur: () => {
+                                ], children: t('settings.workflow.hint') })] }), _jsxs("div", { id: "section-security", className: "grid scroll-mt-18 grid-cols-1 gap-x-5 rounded-lg lg:grid-cols-[1fr_280px]", children: [_jsx(SupplyChainSecuritySettingsSection, { securityState: {
+                                    mode: settings.security?.mode ?? SecurityMode.Advisory,
+                                    lastEvaluationAt: settings.security?.lastEvaluationAt ?? null,
+                                    policySource: settings.security?.policySource ?? null,
+                                    recentEvents: [],
+                                    highestSeverityFinding: null,
+                                } }), _jsx(SectionHint, { links: [
+                                    {
+                                        label: t('settings.security.links.securitySpec'),
+                                        href: 'https://github.com/shep-ai/shep/blob/main/specs/083-supply-chain-security/spec.yaml',
+                                    },
+                                ], children: t('settings.security.hint') })] }), _jsxs("div", { id: "section-ci", className: "grid scroll-mt-18 grid-cols-1 gap-x-5 rounded-lg lg:grid-cols-[1fr_280px]", children: [_jsxs(SettingsSection, { icon: Activity, title: t('settings.ci.title'), description: t('settings.ci.description'), testId: "ci-settings-section", children: [_jsx(SettingsRow, { label: t('settings.ci.maxFixAttempts'), description: t('settings.ci.maxFixAttemptsDescription'), htmlFor: "ci-max-fix", children: _jsx(NumberStepper, { id: "ci-max-fix", testId: "ci-max-fix-input", placeholder: "3", value: ciMaxFix, onChange: setCiMaxFix, onBlur: () => {
                                                 if (ciMaxFix !== originalCiMaxFix)
                                                     save(buildWorkflowPayload({ ciMaxFix }));
                                             }, min: 1, max: 10 }) }), _jsx(SettingsRow, { label: t('settings.ci.watchTimeout'), description: t('settings.ci.watchTimeoutDescription'), htmlFor: "ci-timeout", children: _jsx(NumberStepper, { id: "ci-timeout", testId: "ci-timeout-input", placeholder: "300", value: ciTimeout, onChange: setCiTimeout, onBlur: () => {

package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import type { SecurityState } from '../../../../../../packages/core/src/application/use-cases/security/get-security-state.use-case.js';
+export interface SupplyChainSecuritySettingsSectionProps {
+    securityState: SecurityState;
+}
+export declare function SupplyChainSecuritySettingsSection({ securityState, }: SupplyChainSecuritySettingsSectionProps): import("react/jsx-runtime").JSX.Element;
+//# sourceMappingURL=supply-chain-security-settings-section.d.ts.map

package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"supply-chain-security-settings-section.d.ts","sourceRoot":"","sources":["../../../../../../../src/presentation/web/components/features/settings/supply-chain-security-settings-section.tsx"],"names":[],"mappings":"AAiBA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,yEAAyE,CAAC;AAE7G,MAAM,WAAW,uCAAuC;IACtD,aAAa,EAAE,aAAa,CAAC;CAC9B;AAeD,wBAAgB,kCAAkC,CAAC,EACjD,aAAa,GACd,EAAE,uCAAuC,2CAgKzC"}

package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.js ADDED Viewed

@@ -0,0 +1,60 @@
+'use client';
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import { useState, useTransition, useRef, useEffect } from 'react';
+import { Shield, Check, AlertTriangle, ShieldAlert, ShieldOff } from 'lucide-react';
+import { toast } from 'sonner';
+import { useTranslation } from 'react-i18next';
+import { cn } from '../../../lib/utils.js';
+import { Badge } from '../../ui/badge.js';
+import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue, } from '../../ui/select.js';
+import { updateSecurityModeAction } from '../../../app/actions/security.js';
+import { SecurityMode } from '../../../../../../packages/core/src/domain/generated/output.js';
+const MODE_OPTIONS = [
+    { value: SecurityMode.Disabled, icon: ShieldOff },
+    { value: SecurityMode.Advisory, icon: Shield },
+    { value: SecurityMode.Enforce, icon: ShieldAlert },
+];
+const SEVERITY_COLORS = {
+    Low: 'bg-blue-100 text-blue-700 dark:bg-blue-900/40 dark:text-blue-300',
+    Medium: 'bg-yellow-100 text-yellow-700 dark:bg-yellow-900/40 dark:text-yellow-300',
+    High: 'bg-orange-100 text-orange-700 dark:bg-orange-900/40 dark:text-orange-300',
+    Critical: 'bg-red-100 text-red-700 dark:bg-red-900/40 dark:text-red-300',
+};
+export function SupplyChainSecuritySettingsSection({ securityState, }) {
+    const { t } = useTranslation('web');
+    const [mode, setMode] = useState(securityState.mode);
+    const [isPending, startTransition] = useTransition();
+    const [showSaved, setShowSaved] = useState(false);
+    const prevPendingRef = useRef(false);
+    useEffect(() => {
+        if (prevPendingRef.current && !isPending) {
+            setShowSaved(true);
+            const timer = setTimeout(() => setShowSaved(false), 2000);
+            return () => clearTimeout(timer);
+        }
+        prevPendingRef.current = isPending;
+    }, [isPending]);
+    function handleModeChange(value) {
+        const newMode = value;
+        setMode(newMode);
+        startTransition(async () => {
+            const result = await updateSecurityModeAction(newMode);
+            if (!result.success) {
+                toast.error(result.error ?? t('settings.failedToSave'));
+                setMode(securityState.mode);
+            }
+        });
+    }
+    const lastEvalDisplay = securityState.lastEvaluationAt
+        ? new Date(securityState.lastEvaluationAt).toLocaleString()
+        : t('settings.security.lastEvaluationNever');
+    const policySourceDisplay = securityState.policySource ?? t('settings.security.policySourceNone');
+    return (_jsxs("div", { className: "bg-background rounded-lg border", "data-testid": "security-settings-section", children: [_jsxs("div", { className: "bg-muted/30 border-b px-4 py-3", children: [_jsxs("div", { className: "flex items-center gap-2", children: [_jsx(Shield, { className: "text-muted-foreground h-3.5 w-3.5" }), _jsx("h2", { className: "text-sm font-semibold", children: t('settings.security.sectionTitle') }), isPending ? (_jsx("span", { className: "text-muted-foreground text-xs", children: t('settings.saving') })) : null, showSaved && !isPending ? (_jsxs("span", { className: "flex items-center gap-1 text-xs text-green-600", children: [_jsx(Check, { className: "h-3 w-3" }), t('settings.saved')] })) : null] }), _jsx("p", { className: "text-muted-foreground mt-0.5 text-[11px]", children: t('settings.security.sectionDescription') })] }), _jsxs("div", { className: "px-4", children: [_jsxs("div", { className: "flex items-center justify-between gap-4 border-b py-2.5", children: [_jsxs("div", { className: "min-w-0", children: [_jsx("label", { htmlFor: "security-mode", className: "cursor-pointer text-sm font-normal whitespace-nowrap", children: t('settings.security.mode') }), _jsx("p", { className: "text-muted-foreground text-[11px] leading-tight", children: t('settings.security.modeDescription') })] }), _jsx("div", { className: "flex shrink-0 items-center gap-2", children: _jsxs(Select, { value: mode, onValueChange: handleModeChange, children: [_jsx(SelectTrigger, { id: "security-mode", "data-testid": "security-mode-select", className: "w-40 cursor-pointer text-xs", children: _jsx(SelectValue, {}) }), _jsx(SelectContent, { children: MODE_OPTIONS.map((opt) => {
+                                                const Icon = opt.icon;
+                                                return (_jsx(SelectItem, { value: opt.value, children: _jsxs("span", { className: "flex items-center gap-2 text-xs", children: [_jsx(Icon, { className: "h-3.5 w-3.5 shrink-0" }), t(`settings.security.mode${opt.value}`)] }) }, opt.value));
+                                            }) })] }) })] }), _jsxs("div", { className: "flex items-center justify-between gap-4 border-b py-2.5", children: [_jsx("div", { className: "min-w-0", children: _jsx("span", { className: "text-sm font-normal whitespace-nowrap", children: t('settings.security.policySource') }) }), _jsx("span", { className: "text-muted-foreground max-w-50 truncate font-mono text-xs", children: policySourceDisplay })] }), _jsxs("div", { className: "flex items-center justify-between gap-4 border-b py-2.5", children: [_jsx("div", { className: "min-w-0", children: _jsx("span", { className: "text-sm font-normal whitespace-nowrap", children: t('settings.security.lastEvaluation') }) }), _jsx("span", { className: "text-muted-foreground text-xs", children: lastEvalDisplay })] }), _jsxs("div", { className: "py-2.5 last:border-b-0", children: [_jsx("div", { className: "mb-2", children: _jsx("span", { className: "text-sm font-normal", children: t('settings.security.recentFindings') }) }), securityState.recentEvents.length === 0 ? (_jsx("p", { className: "text-muted-foreground text-xs", children: t('settings.security.noFindings') })) : (_jsx("div", { className: "flex flex-col gap-1.5", children: securityState.recentEvents.slice(0, 5).map((event) => (_jsxs("div", { className: "flex items-start gap-2 rounded-md border px-2.5 py-1.5", children: [_jsx(AlertTriangle, { className: cn('mt-0.5 h-3 w-3 shrink-0', event.severity === 'Critical' || event.severity === 'High'
+                                                ? 'text-red-500'
+                                                : event.severity === 'Medium'
+                                                    ? 'text-yellow-500'
+                                                    : 'text-blue-500') }), _jsxs("div", { className: "min-w-0 flex-1", children: [_jsxs("div", { className: "flex items-center gap-1.5", children: [_jsx(Badge, { variant: "secondary", className: cn('px-1 py-0 text-[9px]', SEVERITY_COLORS[event.severity]), children: t(`settings.security.severity.${event.severity}`) }), _jsx("span", { className: "text-muted-foreground text-[10px]", children: event.category })] }), _jsx("p", { className: "mt-0.5 truncate text-[11px]", children: event.message })] })] }, event.id))) }))] })] })] }));
+}

package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import type { Meta, StoryObj } from '@storybook/react';
+import { SupplyChainSecuritySettingsSection } from './supply-chain-security-settings-section.js';
+declare const meta: Meta<typeof SupplyChainSecuritySettingsSection>;
+export default meta;
+type Story = StoryObj<typeof SupplyChainSecuritySettingsSection>;
+/** Advisory mode with no findings — default posture for new repositories. */
+export declare const AdvisoryNoFindings: Story;
+/** Disabled mode — security enforcement is turned off. */
+export declare const Disabled: Story;
+/** Enforce mode with a critical finding. */
+export declare const EnforceWithCriticalFinding: Story;
+/** Advisory mode with multiple findings of varying severity. */
+export declare const AdvisoryWithMultipleFindings: Story;
+//# sourceMappingURL=supply-chain-security-settings-section.stories.d.ts.map

package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"supply-chain-security-settings-section.stories.d.ts","sourceRoot":"","sources":["../../../../../../../src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAOvD,OAAO,EAAE,kCAAkC,EAAE,MAAM,0CAA0C,CAAC;AAG9F,QAAA,MAAM,IAAI,EAAE,IAAI,CAAC,OAAO,kCAAkC,CAIzD,CAAC;AAEF,eAAe,IAAI,CAAC;AACpB,KAAK,KAAK,GAAG,QAAQ,CAAC,OAAO,kCAAkC,CAAC,CAAC;AAUjE,6EAA6E;AAC7E,eAAO,MAAM,kBAAkB,EAAE,KAIhC,CAAC;AAEF,0DAA0D;AAC1D,eAAO,MAAM,QAAQ,EAAE,KAOtB,CAAC;AAEF,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B,EAAE,KAgCxC,CAAC;AAEF,gEAAgE;AAChE,eAAO,MAAM,4BAA4B,EAAE,KAkD1C,CAAC"}

package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.js ADDED Viewed

@@ -0,0 +1,116 @@
+import { SecurityMode, SecuritySeverity, SecurityActionCategory, SecurityActionDisposition, } from '../../../../../../packages/core/src/domain/generated/output.js';
+import { SupplyChainSecuritySettingsSection } from './supply-chain-security-settings-section.js';
+const meta = {
+    title: 'Settings/SupplyChainSecuritySettingsSection',
+    component: SupplyChainSecuritySettingsSection,
+    tags: ['autodocs'],
+};
+export default meta;
+const baseState = {
+    mode: SecurityMode.Advisory,
+    lastEvaluationAt: null,
+    policySource: null,
+    recentEvents: [],
+    highestSeverityFinding: null,
+};
+/** Advisory mode with no findings — default posture for new repositories. */
+export const AdvisoryNoFindings = {
+    args: {
+        securityState: baseState,
+    },
+};
+/** Disabled mode — security enforcement is turned off. */
+export const Disabled = {
+    args: {
+        securityState: {
+            ...baseState,
+            mode: SecurityMode.Disabled,
+        },
+    },
+};
+/** Enforce mode with a critical finding. */
+export const EnforceWithCriticalFinding = {
+    args: {
+        securityState: {
+            mode: SecurityMode.Enforce,
+            lastEvaluationAt: new Date().toISOString(),
+            policySource: 'shep.security.yaml',
+            recentEvents: [
+                {
+                    id: 'evt-1',
+                    repositoryPath: '/path/to/repo',
+                    severity: SecuritySeverity.Critical,
+                    category: SecurityActionCategory.PublishRelease,
+                    disposition: SecurityActionDisposition.Denied,
+                    message: 'Missing npm provenance configuration in release workflow',
+                    remediationSummary: 'Add --provenance flag to npm publish step',
+                    createdAt: new Date().toISOString(),
+                    updatedAt: new Date().toISOString(),
+                },
+            ],
+            highestSeverityFinding: {
+                id: 'evt-1',
+                repositoryPath: '/path/to/repo',
+                severity: SecuritySeverity.Critical,
+                category: SecurityActionCategory.PublishRelease,
+                disposition: SecurityActionDisposition.Denied,
+                message: 'Missing npm provenance configuration in release workflow',
+                remediationSummary: 'Add --provenance flag to npm publish step',
+                createdAt: new Date().toISOString(),
+                updatedAt: new Date().toISOString(),
+            },
+        },
+    },
+};
+/** Advisory mode with multiple findings of varying severity. */
+export const AdvisoryWithMultipleFindings = {
+    args: {
+        securityState: {
+            mode: SecurityMode.Advisory,
+            lastEvaluationAt: new Date(Date.now() - 3600000).toISOString(),
+            policySource: 'shep.security.yaml',
+            recentEvents: [
+                {
+                    id: 'evt-1',
+                    repositoryPath: '/path/to/repo',
+                    severity: SecuritySeverity.High,
+                    category: SecurityActionCategory.DependencyInstall,
+                    disposition: SecurityActionDisposition.Denied,
+                    message: 'Package has postinstall lifecycle script: malicious-pkg@1.0.0',
+                    createdAt: new Date().toISOString(),
+                    updatedAt: new Date().toISOString(),
+                },
+                {
+                    id: 'evt-2',
+                    repositoryPath: '/path/to/repo',
+                    severity: SecuritySeverity.Medium,
+                    category: SecurityActionCategory.CiWorkflowModify,
+                    disposition: SecurityActionDisposition.Allowed,
+                    message: '[Governance Audit] Branch protection not enabled on main',
+                    createdAt: new Date().toISOString(),
+                    updatedAt: new Date().toISOString(),
+                },
+                {
+                    id: 'evt-3',
+                    repositoryPath: '/path/to/repo',
+                    severity: SecuritySeverity.Low,
+                    category: SecurityActionCategory.DependencyInstall,
+                    disposition: SecurityActionDisposition.Allowed,
+                    message: 'Dependency uses git source instead of registry: lodash@git+https://...',
+                    createdAt: new Date().toISOString(),
+                    updatedAt: new Date().toISOString(),
+                },
+            ],
+            highestSeverityFinding: {
+                id: 'evt-1',
+                repositoryPath: '/path/to/repo',
+                severity: SecuritySeverity.High,
+                category: SecurityActionCategory.DependencyInstall,
+                disposition: SecurityActionDisposition.Denied,
+                message: 'Package has postinstall lifecycle script: malicious-pkg@1.0.0',
+                createdAt: new Date().toISOString(),
+                updatedAt: new Date().toISOString(),
+            },
+        },
+    },
+};

package/dist/translations/ar/cli.json CHANGED Viewed

@@ -187,6 +187,26 @@
         "failedToList": "خطأ في عرض الأدوات: {{error}}"
       }
     },
+    "security": {
+      "description": "Supply-chain security policy management",
+      "enforce": {
+        "description": "Evaluate repository security posture and enforce policy",
+        "repoOption": "Repository path (defaults to current directory)",
+        "outputOption": "Output format (table, json, yaml)",
+        "passed": "Security enforcement passed",
+        "failed": "Security enforcement failed",
+        "advisoryNote": "Mode is Advisory — findings are reported but do not block",
+        "disabledNote": "Security mode is Disabled — no checks performed",
+        "modeLabel": "Mode",
+        "sourceLabel": "Source",
+        "dependencyFindingsLabel": "Dependency Findings",
+        "releaseIntegrityLabel": "Release Integrity",
+        "totalFindingsLabel": "Total Findings",
+        "governanceFindingsLabel": "GitHub Governance (audit-only)",
+        "noFindings": "No findings",
+        "failedToEnforce": "Failed to evaluate security posture"
+      }
+    },
     "feat": {
       "description": "إدارة الميزات عبر دورة حياة تطوير البرمجيات",
       "new": {
@@ -567,6 +587,8 @@
       "alreadyUpToDate": "محدّث بالفعل (v{{version}})",
       "upgradingFromTo": "الترقية من v{{current}} إلى v{{latest}}",
       "upgradingToLatest": "الترقية من v{{current}} إلى الأحدث",
+      "downloadingPackage": "جارٍ تنزيل الإصدار الجديد...",
+      "downloadFailed": "لم يكتمل التنزيل المسبق — المتابعة بالتثبيت",
       "stoppingDaemon": "جارٍ إيقاف الخدمة الخلفية قبل الترقية...",
       "restartingDaemon": "جارٍ إعادة تشغيل الخدمة الخلفية...",
       "daemonRestarted": "تمت إعادة تشغيل الخدمة الخلفية بنجاح.",

package/dist/translations/ar/web.json CHANGED Viewed

@@ -15,7 +15,8 @@
       "flags": "العلامات",
       "chat": "المحادثة",
       "layout": "التخطيط",
-      "database": "قاعدة البيانات"
+      "database": "قاعدة البيانات",
+      "security": "Security"
     },
     "language": {
       "title": "اللغة",
@@ -224,6 +225,47 @@
       "swapPositionDescription": "نقل زر المحادثة إلى اليسار وزر الإنشاء إلى اليمين",
       "hint": "يوجد زران عائمان (إنشاء ومحادثة) في الزوايا السفلية لمركز التحكم. قم بتفعيل هذا الخيار لتبديل مواضعهما."
     },
+    "security": {
+      "title": "Supply Chain Security",
+      "sectionTitle": "Supply Chain Security",
+      "sectionDescription": "Configure security mode and review policy enforcement findings",
+      "mode": "Security mode",
+      "modeDescription": "Controls how the policy engine responds to violations",
+      "modeDisabled": "Disabled",
+      "modeAdvisory": "Advisory",
+      "modeEnforce": "Enforce",
+      "policySource": "Policy source",
+      "policySourceNone": "No policy loaded",
+      "lastEvaluation": "Last evaluation",
+      "lastEvaluationNever": "Never",
+      "recentFindings": "Recent findings",
+      "noFindings": "No security findings recorded",
+      "runEnforcement": "Run enforcement",
+      "running": "Running...",
+      "severity": {
+        "Low": "Low",
+        "Medium": "Medium",
+        "High": "High",
+        "Critical": "Critical"
+      },
+      "hint": "Security mode controls how the policy engine handles violations. Advisory mode logs findings without blocking. Enforce mode blocks risky actions and fails builds.",
+      "links": {
+        "securitySpec": "Security spec"
+      },
+      "badge": {
+        "advisory": "Security: Advisory",
+        "enforce": "Security: Enforce",
+        "disabled": "Security: Disabled"
+      },
+      "panel": {
+        "title": "Security",
+        "governance": "Governance",
+        "dependencies": "Dependencies",
+        "noFindings": "No security findings",
+        "findingsByCategory": "Findings by category",
+        "totalFindings": "{{count}} finding(s)"
+      }
+    },
     "database": {
       "title": "قاعدة البيانات",
       "description": "مسار قاعدة البيانات وإدارتها",

package/dist/translations/de/cli.json CHANGED Viewed

@@ -187,6 +187,26 @@
         "failedToList": "Fehler beim Auflisten der Tools: {{error}}"
       }
     },
+    "security": {
+      "description": "Supply-chain security policy management",
+      "enforce": {
+        "description": "Evaluate repository security posture and enforce policy",
+        "repoOption": "Repository path (defaults to current directory)",
+        "outputOption": "Output format (table, json, yaml)",
+        "passed": "Security enforcement passed",
+        "failed": "Security enforcement failed",
+        "advisoryNote": "Mode is Advisory — findings are reported but do not block",
+        "disabledNote": "Security mode is Disabled — no checks performed",
+        "modeLabel": "Mode",
+        "sourceLabel": "Source",
+        "dependencyFindingsLabel": "Dependency Findings",
+        "releaseIntegrityLabel": "Release Integrity",
+        "totalFindingsLabel": "Total Findings",
+        "governanceFindingsLabel": "GitHub Governance (audit-only)",
+        "noFindings": "No findings",
+        "failedToEnforce": "Failed to evaluate security posture"
+      }
+    },
     "feat": {
       "description": "Features durch den SDLC-Lebenszyklus verwalten",
       "new": {
@@ -567,6 +587,8 @@
       "alreadyUpToDate": "Bereits aktuell (v{{version}})",
       "upgradingFromTo": "Aktualisierung von v{{current}} auf v{{latest}}",
       "upgradingToLatest": "Aktualisierung von v{{current}} auf die neueste Version",
+      "downloadingPackage": "Neue Version wird heruntergeladen...",
+      "downloadFailed": "Vorab-Download nicht abgeschlossen — Installation wird fortgesetzt",
       "stoppingDaemon": "Dienst wird vor Aktualisierung gestoppt...",
       "restartingDaemon": "Dienst wird neu gestartet...",
       "daemonRestarted": "Dienst erfolgreich neu gestartet.",

package/dist/translations/de/web.json CHANGED Viewed

@@ -15,7 +15,8 @@
       "flags": "Flags",
       "chat": "Chat",
       "layout": "Layout",
-      "database": "Datenbank"
+      "database": "Datenbank",
+      "security": "Security"
     },
     "language": {
       "title": "Sprache",
@@ -224,6 +225,47 @@
       "swapPositionDescription": "Chat-Button nach links und Erstellen-Button nach rechts verschieben",
       "hint": "Die zwei schwebenden Aktionsschaltflächen (Erstellen und Chat) befinden sich in den unteren Ecken des Kontrollzentrums. Aktivieren Sie diese Option, um ihre Positionen zu tauschen."
     },
+    "security": {
+      "title": "Supply Chain Security",
+      "sectionTitle": "Supply Chain Security",
+      "sectionDescription": "Configure security mode and review policy enforcement findings",
+      "mode": "Security mode",
+      "modeDescription": "Controls how the policy engine responds to violations",
+      "modeDisabled": "Disabled",
+      "modeAdvisory": "Advisory",
+      "modeEnforce": "Enforce",
+      "policySource": "Policy source",
+      "policySourceNone": "No policy loaded",
+      "lastEvaluation": "Last evaluation",
+      "lastEvaluationNever": "Never",
+      "recentFindings": "Recent findings",
+      "noFindings": "No security findings recorded",
+      "runEnforcement": "Run enforcement",
+      "running": "Running...",
+      "severity": {
+        "Low": "Low",
+        "Medium": "Medium",
+        "High": "High",
+        "Critical": "Critical"
+      },
+      "hint": "Security mode controls how the policy engine handles violations. Advisory mode logs findings without blocking. Enforce mode blocks risky actions and fails builds.",
+      "links": {
+        "securitySpec": "Security spec"
+      },
+      "badge": {
+        "advisory": "Security: Advisory",
+        "enforce": "Security: Enforce",
+        "disabled": "Security: Disabled"
+      },
+      "panel": {
+        "title": "Security",
+        "governance": "Governance",
+        "dependencies": "Dependencies",
+        "noFindings": "No security findings",
+        "findingsByCategory": "Findings by category",
+        "totalFindings": "{{count}} finding(s)"
+      }
+    },
     "database": {
       "title": "Datenbank",
       "description": "Datenbankpfad und -verwaltung",

package/dist/translations/en/cli.json CHANGED Viewed

@@ -187,6 +187,26 @@
         "failedToList": "Error listing tools: {{error}}"
       }
     },
+    "security": {
+      "description": "Supply-chain security policy management",
+      "enforce": {
+        "description": "Evaluate repository security posture and enforce policy",
+        "repoOption": "Repository path (defaults to current directory)",
+        "outputOption": "Output format (table, json, yaml)",
+        "passed": "Security enforcement passed",
+        "failed": "Security enforcement failed",
+        "advisoryNote": "Mode is Advisory — findings are reported but do not block",
+        "disabledNote": "Security mode is Disabled — no checks performed",
+        "modeLabel": "Mode",
+        "sourceLabel": "Source",
+        "dependencyFindingsLabel": "Dependency Findings",
+        "releaseIntegrityLabel": "Release Integrity",
+        "totalFindingsLabel": "Total Findings",
+        "governanceFindingsLabel": "GitHub Governance (audit-only)",
+        "noFindings": "No findings",
+        "failedToEnforce": "Failed to evaluate security posture"
+      }
+    },
     "feat": {
       "description": "Manage features through the SDLC lifecycle",
       "new": {
@@ -567,6 +587,8 @@
       "alreadyUpToDate": "Already up to date (v{{version}})",
       "upgradingFromTo": "Upgrading from v{{current}} to v{{latest}}",
       "upgradingToLatest": "Upgrading from v{{current}} to latest",
+      "downloadingPackage": "Downloading new version...",
+      "downloadFailed": "Pre-download did not complete — proceeding with install",
       "stoppingDaemon": "Stopping daemon before upgrade...",
       "restartingDaemon": "Restarting daemon...",
       "daemonRestarted": "Daemon restarted successfully.",

package/dist/translations/en/web.json CHANGED Viewed

@@ -15,7 +15,8 @@
       "flags": "Flags",
       "chat": "Chat",
       "layout": "Layout",
-      "database": "Database"
+      "database": "Database",
+      "security": "Security"
     },
     "language": {
       "title": "Language",
@@ -224,6 +225,47 @@
       "swapPositionDescription": "Move the Chat button to the left and the Create button to the right",
       "hint": "The two floating action buttons (Create and Chat) sit in the bottom corners of the control center. Enable this toggle to swap their positions."
     },
+    "security": {
+      "title": "Supply Chain Security",
+      "sectionTitle": "Security",
+      "sectionDescription": "Policy-driven supply chain security enforcement",
+      "mode": "Security Mode",
+      "modeDescription": "Controls how security policy is enforced",
+      "modeDisabled": "Disabled",
+      "modeAdvisory": "Advisory",
+      "modeEnforce": "Enforce",
+      "policySource": "Policy Source",
+      "policySourceNone": "Settings only",
+      "lastEvaluation": "Last Evaluation",
+      "lastEvaluationNever": "Never",
+      "recentFindings": "Recent Findings",
+      "noFindings": "No findings",
+      "runEnforcement": "Run Enforcement",
+      "running": "Running...",
+      "severity": {
+        "Low": "Low",
+        "Medium": "Medium",
+        "High": "High",
+        "Critical": "Critical"
+      },
+      "hint": "Security mode controls how the policy engine handles violations. Advisory mode logs findings without blocking. Enforce mode blocks risky actions and fails builds.",
+      "links": {
+        "securitySpec": "Security spec"
+      },
+      "badge": {
+        "advisory": "Advisory",
+        "enforce": "Enforce",
+        "disabled": "Disabled"
+      },
+      "panel": {
+        "title": "Security",
+        "governance": "Governance",
+        "dependencies": "Dependencies",
+        "noFindings": "No security findings",
+        "findingsByCategory": "Findings by Severity",
+        "totalFindings": "{{count}} finding(s)"
+      }
+    },
     "database": {
       "title": "Database",
       "description": "Database path and management",

package/dist/translations/es/cli.json CHANGED Viewed

@@ -187,6 +187,26 @@
         "failedToList": "Error al listar herramientas: {{error}}"
       }
     },
+    "security": {
+      "description": "Supply-chain security policy management",
+      "enforce": {
+        "description": "Evaluate repository security posture and enforce policy",
+        "repoOption": "Repository path (defaults to current directory)",
+        "outputOption": "Output format (table, json, yaml)",
+        "passed": "Security enforcement passed",
+        "failed": "Security enforcement failed",
+        "advisoryNote": "Mode is Advisory — findings are reported but do not block",
+        "disabledNote": "Security mode is Disabled — no checks performed",
+        "modeLabel": "Mode",
+        "sourceLabel": "Source",
+        "dependencyFindingsLabel": "Dependency Findings",
+        "releaseIntegrityLabel": "Release Integrity",
+        "totalFindingsLabel": "Total Findings",
+        "governanceFindingsLabel": "GitHub Governance (audit-only)",
+        "noFindings": "No findings",
+        "failedToEnforce": "Failed to evaluate security posture"
+      }
+    },
     "feat": {
       "description": "Administrar funcionalidades a través del ciclo de vida SDLC",
       "new": {
@@ -567,6 +587,8 @@
       "alreadyUpToDate": "Ya está actualizado (v{{version}})",
       "upgradingFromTo": "Actualizando de v{{current}} a v{{latest}}",
       "upgradingToLatest": "Actualizando de v{{current}} a la última versión",
+      "downloadingPackage": "Descargando nueva versión...",
+      "downloadFailed": "La descarga previa no se completó — continuando con la instalación",
       "stoppingDaemon": "Deteniendo el demonio antes de actualizar...",
       "restartingDaemon": "Reiniciando el demonio...",
       "daemonRestarted": "Demonio reiniciado exitosamente.",