@shepai/cli 1.170.0 → 1.171.0-pr527.e2ee839
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/apis/json-schema/ActionDispositionEntry.yaml +14 -0
- package/apis/json-schema/DependencyFinding.yaml +28 -0
- package/apis/json-schema/DependencyRiskType.yaml +11 -0
- package/apis/json-schema/DependencyRules.yaml +38 -0
- package/apis/json-schema/EffectivePolicySnapshot.yaml +24 -0
- package/apis/json-schema/ReleaseIntegrityCheck.yaml +22 -0
- package/apis/json-schema/ReleaseIntegrityCheckType.yaml +9 -0
- package/apis/json-schema/ReleaseIntegrityResult.yaml +16 -0
- package/apis/json-schema/ReleaseRules.yaml +21 -0
- package/apis/json-schema/SecurityActionCategory.yaml +10 -0
- package/apis/json-schema/SecurityActionDisposition.yaml +8 -0
- package/apis/json-schema/SecurityConfig.yaml +17 -0
- package/apis/json-schema/SecurityEvent.yaml +36 -0
- package/apis/json-schema/SecurityMode.yaml +8 -0
- package/apis/json-schema/SecurityPolicy.yaml +24 -0
- package/apis/json-schema/SecuritySeverity.yaml +9 -0
- package/apis/json-schema/Settings.yaml +3 -0
- package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts +15 -1
- package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts +3 -1
- package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts +76 -0
- package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts.map +1 -0
- package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.js +11 -0
- package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts +38 -0
- package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.js +9 -0
- package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.d.ts +77 -0
- package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.d.ts.map +1 -0
- package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.js +13 -0
- package/dist/packages/core/src/application/ports/output/services/spec-initializer.interface.d.ts +11 -0
- package/dist/packages/core/src/application/ports/output/services/spec-initializer.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/agents/approve-agent-run.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/agents/approve-agent-run.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/agents/reject-agent-run.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/agents/reject-agent-run.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/features/check-and-unblock-features.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/check-and-unblock-features.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/features/create/create-feature.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/create/create-feature.use-case.js +1 -0
- package/dist/packages/core/src/application/use-cases/features/resume-feature.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/resume-feature.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/features/start-feature.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/start-feature.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.d.ts +71 -0
- package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.d.ts.map +1 -0
- package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.js +215 -0
- package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.d.ts +24 -0
- package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.d.ts.map +1 -0
- package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.js +56 -0
- package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.d.ts +36 -0
- package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.d.ts.map +1 -0
- package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.js +76 -0
- package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.d.ts +14 -0
- package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.d.ts.map +1 -0
- package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.js +46 -0
- package/dist/packages/core/src/application/use-cases/upgrade/upgrade-cli.use-case.d.ts +1 -0
- package/dist/packages/core/src/application/use-cases/upgrade/upgrade-cli.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/upgrade/upgrade-cli.use-case.js +59 -2
- package/dist/packages/core/src/domain/errors/security-violation.error.d.ts +15 -0
- package/dist/packages/core/src/domain/errors/security-violation.error.d.ts.map +1 -0
- package/dist/packages/core/src/domain/errors/security-violation.error.js +20 -0
- package/dist/packages/core/src/domain/factories/settings-defaults.factory.d.ts.map +1 -1
- package/dist/packages/core/src/domain/factories/settings-defaults.factory.js +5 -1
- package/dist/packages/core/src/domain/generated/output.d.ts +259 -0
- package/dist/packages/core/src/domain/generated/output.d.ts.map +1 -1
- package/dist/packages/core/src/domain/generated/output.js +43 -0
- package/dist/packages/core/src/infrastructure/di/container.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/di/container.js +57 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.d.ts +44 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.js +55 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.d.ts +3 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.js +14 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.d.ts +18 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.js +31 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.d.ts +29 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.js +53 -0
- package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.d.ts +24 -0
- package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.js +96 -0
- package/dist/packages/core/src/infrastructure/repositories/sqlite-settings.repository.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/repositories/sqlite-settings.repository.js +12 -3
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.d.ts +2 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.js +12 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.d.ts +22 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.js +30 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/fast-feature-agent-graph.d.ts +10 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/fast-feature-agent-graph.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-graph.d.ts +34 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-graph.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.d.ts +3 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.js +7 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.d.ts +3 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.js +32 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/node-helpers.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/node-helpers.js +19 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.d.ts +45 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.js +70 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.d.ts +4 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.js +10 -0
- package/dist/packages/core/src/infrastructure/services/external/github-repository.service.d.ts +10 -1
- package/dist/packages/core/src/infrastructure/services/external/github-repository.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/external/github-repository.service.js +101 -1
- package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.d.ts +53 -0
- package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.js +241 -0
- package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.d.ts +44 -0
- package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.js +194 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.d.ts +28 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.js +50 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.d.ts +26 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.js +147 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy.service.d.ts +44 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy.service.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy.service.js +174 -0
- package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.d.ts +1 -0
- package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.js +61 -0
- package/dist/src/presentation/cli/commands/security.command.d.ts +16 -0
- package/dist/src/presentation/cli/commands/security.command.d.ts.map +1 -0
- package/dist/src/presentation/cli/commands/security.command.js +118 -0
- package/dist/src/presentation/cli/commands/upgrade.command.d.ts.map +1 -1
- package/dist/src/presentation/cli/commands/upgrade.command.js +68 -3
- package/dist/src/presentation/cli/index.js +2 -0
- package/dist/src/presentation/web/app/actions/security.d.ts +28 -0
- package/dist/src/presentation/web/app/actions/security.d.ts.map +1 -0
- package/dist/src/presentation/web/app/actions/security.js +59 -0
- package/dist/src/presentation/web/app/build-graph-nodes.d.ts +3 -1
- package/dist/src/presentation/web/app/build-graph-nodes.d.ts.map +1 -1
- package/dist/src/presentation/web/app/build-graph-nodes.js +2 -0
- package/dist/src/presentation/web/components/common/feature-node/feature-node-state-config.d.ts +3 -1
- package/dist/src/presentation/web/components/common/feature-node/feature-node-state-config.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/feature-node/feature-node.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/feature-node/feature-node.js +2 -1
- package/dist/src/presentation/web/components/common/repository-node/repository-drawer.d.ts +3 -1
- package/dist/src/presentation/web/components/common/repository-node/repository-drawer.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/repository-node/repository-drawer.js +3 -2
- package/dist/src/presentation/web/components/common/repository-node/security-panel.d.ts +6 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.d.ts.map +1 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.js +29 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.d.ts +10 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.d.ts.map +1 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.js +53 -0
- package/dist/src/presentation/web/components/common/security-badge.d.ts +7 -0
- package/dist/src/presentation/web/components/common/security-badge.d.ts.map +1 -0
- package/dist/src/presentation/web/components/common/security-badge.js +30 -0
- package/dist/src/presentation/web/components/common/security-badge.stories.d.ts +12 -0
- package/dist/src/presentation/web/components/common/security-badge.stories.d.ts.map +1 -0
- package/dist/src/presentation/web/components/common/security-badge.stories.js +20 -0
- package/dist/src/presentation/web/components/features/settings/settings-page-client.d.ts.map +1 -1
- package/dist/src/presentation/web/components/features/settings/settings-page-client.js +16 -3
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.d.ts +6 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.d.ts.map +1 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.js +60 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts +14 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts.map +1 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.js +116 -0
- package/dist/translations/ar/cli.json +22 -0
- package/dist/translations/ar/web.json +43 -1
- package/dist/translations/de/cli.json +22 -0
- package/dist/translations/de/web.json +43 -1
- package/dist/translations/en/cli.json +22 -0
- package/dist/translations/en/web.json +43 -1
- package/dist/translations/es/cli.json +22 -0
- package/dist/translations/es/web.json +43 -1
- package/dist/translations/fr/cli.json +22 -0
- package/dist/translations/fr/web.json +43 -1
- package/dist/translations/he/cli.json +22 -0
- package/dist/translations/he/web.json +43 -1
- package/dist/translations/pt/cli.json +22 -0
- package/dist/translations/pt/web.json +43 -1
- package/dist/translations/ru/cli.json +22 -0
- package/dist/translations/ru/web.json +43 -1
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/web/.next/BUILD_ID +1 -1
- package/web/.next/build-manifest.json +2 -2
- package/web/.next/fallback-build-manifest.json +2 -2
- package/web/.next/prerender-manifest.json +3 -3
- package/web/.next/required-server-files.js +3 -3
- package/web/.next/required-server-files.json +3 -3
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page/server-reference-manifest.json +29 -29
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page.js +2 -1
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/chat/page/server-reference-manifest.json +27 -27
- package/web/.next/server/app/(dashboard)/@drawer/chat/page.js +2 -1
- package/web/.next/server/app/(dashboard)/@drawer/chat/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/chat/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/create/page/server-reference-manifest.json +30 -30
- package/web/.next/server/app/(dashboard)/@drawer/create/page.js +2 -1
- package/web/.next/server/app/(dashboard)/@drawer/create/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/create/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page.js +2 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page.js +2 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page.js +2 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page.js +2 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/chat/page/server-reference-manifest.json +27 -27
- package/web/.next/server/app/(dashboard)/chat/page.js +2 -1
- package/web/.next/server/app/(dashboard)/chat/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/chat/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/create/page/server-reference-manifest.json +30 -30
- package/web/.next/server/app/(dashboard)/create/page.js +2 -1
- package/web/.next/server/app/(dashboard)/create/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/create/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page.js +2 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page.js +2 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/page/server-reference-manifest.json +27 -27
- package/web/.next/server/app/(dashboard)/page.js +2 -1
- package/web/.next/server/app/(dashboard)/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page.js +2 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page.js +2 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/_global-error.html +2 -2
- package/web/.next/server/app/_global-error.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/__PAGE__.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_full.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_head.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_index.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_tree.segment.rsc +1 -1
- package/web/.next/server/app/_not-found/page/server-reference-manifest.json +6 -6
- package/web/.next/server/app/_not-found/page.js.nft.json +1 -1
- package/web/.next/server/app/_not-found/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/api/attachments/preview/route.js.nft.json +1 -1
- package/web/.next/server/app/api/evidence/route.js.nft.json +1 -1
- package/web/.next/server/app/api/graph-data/route.js.nft.json +1 -1
- package/web/.next/server/app/api/interactive/chat/[featureId]/messages/route.js.nft.json +1 -1
- package/web/.next/server/app/api/sessions/route.js.nft.json +1 -1
- package/web/.next/server/app/api/sessions-batch/route.js.nft.json +1 -1
- package/web/.next/server/app/features/page/server-reference-manifest.json +6 -6
- package/web/.next/server/app/features/page.js.nft.json +1 -1
- package/web/.next/server/app/features/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/settings/page/server-reference-manifest.json +33 -18
- package/web/.next/server/app/settings/page.js +1 -1
- package/web/.next/server/app/settings/page.js.nft.json +1 -1
- package/web/.next/server/app/settings/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/skills/page/server-reference-manifest.json +13 -13
- package/web/.next/server/app/skills/page.js +2 -1
- package/web/.next/server/app/skills/page.js.nft.json +1 -1
- package/web/.next/server/app/skills/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/tools/page/server-reference-manifest.json +11 -11
- package/web/.next/server/app/tools/page.js +2 -1
- package/web/.next/server/app/tools/page.js.nft.json +1 -1
- package/web/.next/server/app/tools/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/version/page/server-reference-manifest.json +6 -6
- package/web/.next/server/app/version/page.js.nft.json +1 -1
- package/web/.next/server/app/version/page_client-reference-manifest.js +1 -1
- package/web/.next/server/chunks/403f9_next_dist_esm_build_templates_app-route_370c43b1.js +1 -1
- package/web/.next/server/chunks/403f9_next_dist_esm_build_templates_app-route_370c43b1.js.map +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__a402b567._.js +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__c78383b1._.js +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__c78383b1._.js.map +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__cd67a84c._.js +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__cd67a84c._.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_adopt_page_actions_ad0071c9.js +3 -0
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_adopt_page_actions_ad0071c9.js.map +1 -0
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_chat_page_actions_90d98b2b.js +3 -0
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_chat_page_actions_90d98b2b.js.map +1 -0
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_chat_page_actions_d3828105.js +3 -0
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_chat_page_actions_d3828105.js.map +1 -0
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_create-drawer-client_tsx_5e26fc0a._.js +1 -1
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_create-drawer-client_tsx_5e26fc0a._.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_feature-drawer-client_tsx_e9755fc8._.js +2 -2
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_feature-drawer-client_tsx_e9755fc8._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1f389e5d._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1f389e5d._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__357d99f9._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__51ec77a8._.js +3 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__51ec77a8._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__540c615f._.js +4 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__540c615f._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__66047a1b._.js +3 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__66047a1b._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__6c7d3936._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__6c7d3936._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__9a9cb046._.js +3 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__9a9cb046._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a2d6c0ac._.js +4 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a2d6c0ac._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a932cd3a._.js +3 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a932cd3a._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__aa72e794._.js +3 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__aa72e794._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__b7b96453._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__b7b96453._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_02580450._.js +3 -0
- package/web/.next/server/chunks/ssr/_02580450._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_05c23ad9._.js +1 -1
- package/web/.next/server/chunks/ssr/_05c23ad9._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_1594e369._.js +9 -0
- package/web/.next/server/chunks/ssr/_1594e369._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_16eb4fec._.js +1 -1
- package/web/.next/server/chunks/ssr/_16eb4fec._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_21d37090._.js +3 -0
- package/web/.next/server/chunks/ssr/_21d37090._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_45496654._.js +1 -1
- package/web/.next/server/chunks/ssr/_45496654._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_4cbb7f95._.js +1 -1
- package/web/.next/server/chunks/ssr/_4cbb7f95._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_5119a3df._.js +1 -1
- package/web/.next/server/chunks/ssr/_5119a3df._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_56b9d60f._.js +1 -1
- package/web/.next/server/chunks/ssr/_56b9d60f._.js.map +1 -1
- package/web/.next/server/chunks/ssr/{_0d7dd23b._.js → _767748d2._.js} +2 -2
- package/web/.next/server/chunks/ssr/_767748d2._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_df737cce._.js +1 -1
- package/web/.next/server/chunks/ssr/{_77ae079a._.js → _ee42a212._.js} +2 -2
- package/web/.next/server/chunks/ssr/{_77ae079a._.js.map → _ee42a212._.js.map} +1 -1
- package/web/.next/server/chunks/ssr/_f8c55130._.js +4 -0
- package/web/.next/server/chunks/ssr/_f8c55130._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_ff04802c._.js +3 -0
- package/web/.next/server/chunks/ssr/_ff04802c._.js.map +1 -0
- package/web/.next/server/chunks/ssr/b1a17_presentation_web_components_features_settings_settings-page-client_tsx_6ed9d5f8._.js +1 -1
- package/web/.next/server/chunks/ssr/b1a17_presentation_web_components_features_settings_settings-page-client_tsx_6ed9d5f8._.js.map +1 -1
- package/web/.next/server/chunks/ssr/f3a1f_components_common_control-center-drawer_repository-drawer-client_tsx_39a00c03._.js +1 -1
- package/web/.next/server/chunks/ssr/f3a1f_components_common_control-center-drawer_repository-drawer-client_tsx_39a00c03._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_17d39233._.js +3 -0
- package/web/.next/server/chunks/ssr/src_presentation_web_17d39233._.js.map +1 -0
- package/web/.next/server/chunks/ssr/src_presentation_web_54b02639._.js +5 -0
- package/web/.next/server/chunks/ssr/src_presentation_web_54b02639._.js.map +1 -0
- package/web/.next/server/chunks/ssr/src_presentation_web_7b7b9e3b._.js +5 -0
- package/web/.next/server/chunks/ssr/src_presentation_web_7b7b9e3b._.js.map +1 -0
- package/web/.next/server/chunks/ssr/src_presentation_web_807cba76._.js +3 -0
- package/web/.next/server/chunks/ssr/src_presentation_web_807cba76._.js.map +1 -0
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_(dashboard)_page_actions_90b5e66e.js +3 -0
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_(dashboard)_page_actions_90b5e66e.js.map +1 -0
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_skills_page_actions_4ce30db7.js +3 -0
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_skills_page_actions_4ce30db7.js.map +1 -0
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_tools_page_actions_e4032193.js +3 -0
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_tools_page_actions_e4032193.js.map +1 -0
- package/web/.next/server/chunks/ssr/src_presentation_web_app_actions_open-ide_ts_baaca5d5._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_ca99d62d._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_ca99d62d._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_895e5bfa._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_895e5bfa._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_control-center_7ac3562e._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_control-center_7ac3562e._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_skills_8a174cac._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_skills_8a174cac._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_db9fa0c2._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_db9fa0c2._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_e1cd1869._.js +3 -0
- package/web/.next/server/chunks/ssr/src_presentation_web_e1cd1869._.js.map +1 -0
- package/web/.next/server/chunks/ssr/src_presentation_web_e3a30e30._.js +3 -0
- package/web/.next/server/chunks/ssr/src_presentation_web_e3a30e30._.js.map +1 -0
- package/web/.next/server/chunks/ssr/translations_23dd5e7e._.js +1 -1
- package/web/.next/server/chunks/ssr/translations_23dd5e7e._.js.map +1 -1
- package/web/.next/server/pages/500.html +2 -2
- package/web/.next/server/server-reference-manifest.js +1 -1
- package/web/.next/server/server-reference-manifest.json +74 -59
- package/web/.next/static/chunks/051873309d87fb45.css +1 -0
- package/web/.next/static/chunks/{8e12deeabf6624e9.js → 16fa4d3877c28fe2.js} +1 -1
- package/web/.next/static/chunks/23d80bb760e7dc4c.js +1 -0
- package/web/.next/static/chunks/30a0ba9015f94405.js +7 -0
- package/web/.next/static/chunks/{7a6854bb07182777.js → 39f6ad3f9005703a.js} +1 -1
- package/web/.next/static/chunks/3aba9d2242420cb5.js +1 -0
- package/web/.next/static/chunks/7a6f56f37aaa17ea.js +1 -0
- package/web/.next/static/chunks/{b0a6fce5425f8d3a.js → 7e05e7e25220ee9a.js} +1 -1
- package/web/.next/static/chunks/{f9da308b3033c57a.js → 89dd90bf14488ec0.js} +1 -1
- package/web/.next/static/chunks/{2b2f3a70ebd6ac1c.js → 9374d251360e808b.js} +1 -1
- package/web/.next/static/chunks/{f29814a72404ea2b.js → 9423dc2310202fda.js} +1 -1
- package/web/.next/static/chunks/a794cf7a1a5648dd.js +1 -0
- package/web/.next/static/chunks/{3d1df5c349d855eb.js → a8edb9423086e83f.js} +1 -1
- package/web/.next/static/chunks/ae81796726a9bba3.js +1 -0
- package/web/.next/static/chunks/{a3802d6f8677cd04.js → b9c62932ed987239.js} +2 -2
- package/web/.next/static/chunks/{c5a0b452afc8fe47.js → d1c3e0ee8e788c87.js} +1 -1
- package/web/.next/static/chunks/{ca23a8642f750548.js → e8c3c12f92e9a521.js} +2 -2
- package/web/.next/static/chunks/f3d5e0ae13def35a.js +1 -0
- package/web/.next/static/chunks/{d5366257d6b9f855.js → fb8dadb64c0ffc6b.js} +1 -1
- package/web/.next/static/chunks/fd232b88b5b50b2e.js +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1cd4327c._.js +0 -4
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1cd4327c._.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__4fb81977._.js +0 -4
- package/web/.next/server/chunks/ssr/[root-of-the-server]__4fb81977._.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__7dcd0917._.js +0 -4
- package/web/.next/server/chunks/ssr/[root-of-the-server]__7dcd0917._.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__92ffd5ee._.js +0 -4
- package/web/.next/server/chunks/ssr/[root-of-the-server]__92ffd5ee._.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__b020c17d._.js +0 -4
- package/web/.next/server/chunks/ssr/[root-of-the-server]__b020c17d._.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__ba7f5873._.js +0 -4
- package/web/.next/server/chunks/ssr/[root-of-the-server]__ba7f5873._.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__c5e09f6f._.js +0 -4
- package/web/.next/server/chunks/ssr/[root-of-the-server]__c5e09f6f._.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__fa525872._.js +0 -3
- package/web/.next/server/chunks/ssr/[root-of-the-server]__fa525872._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_02e01240._.js +0 -4
- package/web/.next/server/chunks/ssr/_02e01240._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_0d7dd23b._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_18886033._.js +0 -4
- package/web/.next/server/chunks/ssr/_18886033._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_22e00a14._.js +0 -4
- package/web/.next/server/chunks/ssr/_22e00a14._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_43ba79e7._.js +0 -3
- package/web/.next/server/chunks/ssr/_43ba79e7._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_a5a5901d._.js +0 -4
- package/web/.next/server/chunks/ssr/_a5a5901d._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_a963dd3c._.js +0 -3
- package/web/.next/server/chunks/ssr/_a963dd3c._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_ad09f271._.js +0 -4
- package/web/.next/server/chunks/ssr/_ad09f271._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_c3f595c6._.js +0 -4
- package/web/.next/server/chunks/ssr/_c3f595c6._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_deabc145._.js +0 -3
- package/web/.next/server/chunks/ssr/_deabc145._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_e3f14907._.js +0 -9
- package/web/.next/server/chunks/ssr/_e3f14907._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_ea9e1556._.js +0 -4
- package/web/.next/server/chunks/ssr/_ea9e1556._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_f1ba9be6._.js +0 -6
- package/web/.next/server/chunks/ssr/_f1ba9be6._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_f33cd07e._.js +0 -6
- package/web/.next/server/chunks/ssr/_f33cd07e._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_f8b45233._.js +0 -4
- package/web/.next/server/chunks/ssr/_f8b45233._.js.map +0 -1
- package/web/.next/static/chunks/06a86173379e6c51.js +0 -1
- package/web/.next/static/chunks/16ed73f9880b7d63.js +0 -1
- package/web/.next/static/chunks/4559a403ee40dd19.js +0 -7
- package/web/.next/static/chunks/74e5b5c7950efbc1.js +0 -1
- package/web/.next/static/chunks/8b0a9cb5109fe899.js +0 -1
- package/web/.next/static/chunks/9c6f8f49799efd3a.js +0 -1
- package/web/.next/static/chunks/b14085e99b88e7f7.css +0 -1
- package/web/.next/static/chunks/b65e555419a0c664.js +0 -1
- package/web/.next/static/chunks/f51250616da82bd2.js +0 -1
- /package/web/.next/static/{0KDwNT3AGQmFGIwjHx99r → t6SUt71jyk_PYf152Imog}/_buildManifest.js +0 -0
- /package/web/.next/static/{0KDwNT3AGQmFGIwjHx99r → t6SUt71jyk_PYf152Imog}/_clientMiddlewareManifest.json +0 -0
- /package/web/.next/static/{0KDwNT3AGQmFGIwjHx99r → t6SUt71jyk_PYf152Imog}/_ssgManifest.js +0 -0
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Get Security State Use Case
|
|
3
|
+
*
|
|
4
|
+
* Returns the current security state for UI projection:
|
|
5
|
+
* - Effective mode from settings
|
|
6
|
+
* - Recent security events (limited)
|
|
7
|
+
* - Highest-severity open finding
|
|
8
|
+
* - Last evaluation timestamp
|
|
9
|
+
*/
|
|
10
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
11
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
12
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
13
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
14
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
15
|
+
};
|
|
16
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
17
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
18
|
+
};
|
|
19
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
20
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
21
|
+
};
|
|
22
|
+
import { injectable, inject } from 'tsyringe';
|
|
23
|
+
import { SecurityMode, SecuritySeverity } from '../../../domain/generated/output.js';
|
|
24
|
+
/** Maximum number of recent events returned. */
|
|
25
|
+
const RECENT_EVENTS_LIMIT = 20;
|
|
26
|
+
/** Severity ordering for comparison (higher = more severe). */
|
|
27
|
+
const SEVERITY_RANK = {
|
|
28
|
+
[SecuritySeverity.Low]: 0,
|
|
29
|
+
[SecuritySeverity.Medium]: 1,
|
|
30
|
+
[SecuritySeverity.High]: 2,
|
|
31
|
+
[SecuritySeverity.Critical]: 3,
|
|
32
|
+
};
|
|
33
|
+
let GetSecurityStateUseCase = class GetSecurityStateUseCase {
|
|
34
|
+
eventRepository;
|
|
35
|
+
settingsRepository;
|
|
36
|
+
constructor(eventRepository, settingsRepository) {
|
|
37
|
+
this.eventRepository = eventRepository;
|
|
38
|
+
this.settingsRepository = settingsRepository;
|
|
39
|
+
}
|
|
40
|
+
async execute(repositoryPath) {
|
|
41
|
+
const settings = await this.settingsRepository.load();
|
|
42
|
+
const securityConfig = settings?.security;
|
|
43
|
+
const recentEvents = await this.eventRepository.findByRepository(repositoryPath, {
|
|
44
|
+
limit: RECENT_EVENTS_LIMIT,
|
|
45
|
+
});
|
|
46
|
+
const highestSeverityFinding = this.findHighestSeverity(recentEvents);
|
|
47
|
+
return {
|
|
48
|
+
mode: securityConfig?.mode ?? SecurityMode.Advisory,
|
|
49
|
+
lastEvaluationAt: securityConfig?.lastEvaluationAt ?? null,
|
|
50
|
+
policySource: securityConfig?.policySource ?? null,
|
|
51
|
+
recentEvents,
|
|
52
|
+
highestSeverityFinding,
|
|
53
|
+
};
|
|
54
|
+
}
|
|
55
|
+
findHighestSeverity(events) {
|
|
56
|
+
if (events.length === 0) {
|
|
57
|
+
return null;
|
|
58
|
+
}
|
|
59
|
+
let highest = events[0];
|
|
60
|
+
for (const event of events) {
|
|
61
|
+
const eventRank = SEVERITY_RANK[event.severity] ?? 0;
|
|
62
|
+
const highestRank = SEVERITY_RANK[highest.severity] ?? 0;
|
|
63
|
+
if (eventRank > highestRank) {
|
|
64
|
+
highest = event;
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
return highest;
|
|
68
|
+
}
|
|
69
|
+
};
|
|
70
|
+
GetSecurityStateUseCase = __decorate([
|
|
71
|
+
injectable(),
|
|
72
|
+
__param(0, inject('ISecurityEventRepository')),
|
|
73
|
+
__param(1, inject('ISettingsRepository')),
|
|
74
|
+
__metadata("design:paramtypes", [Object, Object])
|
|
75
|
+
], GetSecurityStateUseCase);
|
|
76
|
+
export { GetSecurityStateUseCase };
|
package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.d.ts
ADDED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Record Security Event Use Case
|
|
3
|
+
*
|
|
4
|
+
* Persists a security event and triggers 90-day retention cleanup.
|
|
5
|
+
* Used by runtime guardrails and enforcement flow to record findings.
|
|
6
|
+
*/
|
|
7
|
+
import type { SecurityEvent } from '../../../domain/generated/output.js';
|
|
8
|
+
import type { ISecurityEventRepository } from '../../ports/output/repositories/security-event.repository.interface.js';
|
|
9
|
+
export declare class RecordSecurityEventUseCase {
|
|
10
|
+
private readonly eventRepository;
|
|
11
|
+
constructor(eventRepository: ISecurityEventRepository);
|
|
12
|
+
execute(event: SecurityEvent): Promise<void>;
|
|
13
|
+
}
|
|
14
|
+
//# sourceMappingURL=record-security-event.use-case.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"record-security-event.use-case.d.ts","sourceRoot":"","sources":["../../../../../../../packages/core/src/application/use-cases/security/record-security-event.use-case.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACzE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,wEAAwE,CAAC;AAMvH,qBACa,0BAA0B;IAGnC,OAAO,CAAC,QAAQ,CAAC,eAAe;gBAAf,eAAe,EAAE,wBAAwB;IAGtD,OAAO,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;CAcnD"}
|
package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.js
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Record Security Event Use Case
|
|
3
|
+
*
|
|
4
|
+
* Persists a security event and triggers 90-day retention cleanup.
|
|
5
|
+
* Used by runtime guardrails and enforcement flow to record findings.
|
|
6
|
+
*/
|
|
7
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
8
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
10
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
11
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
12
|
+
};
|
|
13
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
14
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
15
|
+
};
|
|
16
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
17
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
18
|
+
};
|
|
19
|
+
import { injectable, inject } from 'tsyringe';
|
|
20
|
+
import { randomUUID } from 'node:crypto';
|
|
21
|
+
/** Retention window in days for security events. */
|
|
22
|
+
const SECURITY_EVENT_RETENTION_DAYS = 90;
|
|
23
|
+
let RecordSecurityEventUseCase = class RecordSecurityEventUseCase {
|
|
24
|
+
eventRepository;
|
|
25
|
+
constructor(eventRepository) {
|
|
26
|
+
this.eventRepository = eventRepository;
|
|
27
|
+
}
|
|
28
|
+
async execute(event) {
|
|
29
|
+
// Ensure the event has an ID
|
|
30
|
+
const eventToSave = {
|
|
31
|
+
...event,
|
|
32
|
+
id: event.id || randomUUID(),
|
|
33
|
+
};
|
|
34
|
+
await this.eventRepository.save(eventToSave);
|
|
35
|
+
// Trigger 90-day retention cleanup
|
|
36
|
+
const cutoff = new Date();
|
|
37
|
+
cutoff.setDate(cutoff.getDate() - SECURITY_EVENT_RETENTION_DAYS);
|
|
38
|
+
await this.eventRepository.deleteOlderThan(cutoff);
|
|
39
|
+
}
|
|
40
|
+
};
|
|
41
|
+
RecordSecurityEventUseCase = __decorate([
|
|
42
|
+
injectable(),
|
|
43
|
+
__param(0, inject('ISecurityEventRepository')),
|
|
44
|
+
__metadata("design:paramtypes", [Object])
|
|
45
|
+
], RecordSecurityEventUseCase);
|
|
46
|
+
export { RecordSecurityEventUseCase };
|
|
@@ -24,6 +24,7 @@ export declare class UpgradeCliUseCase {
|
|
|
24
24
|
constructor(versionService: IVersionService, daemonService: IDaemonService);
|
|
25
25
|
execute(onOutput?: (data: string) => void): Promise<UpgradeResult>;
|
|
26
26
|
private getLatestVersion;
|
|
27
|
+
private preDownloadPackage;
|
|
27
28
|
/**
|
|
28
29
|
* Schedule a daemon self-restart after upgrade.
|
|
29
30
|
* Reads the current daemon port, spawns a new daemon process with the
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"upgrade-cli.use-case.d.ts","sourceRoot":"","sources":["../../../../../../../packages/core/src/application/use-cases/upgrade/upgrade-cli.use-case.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;
|
|
1
|
+
{"version":3,"file":"upgrade-cli.use-case.d.ts","sourceRoot":"","sources":["../../../../../../../packages/core/src/application/use-cases/upgrade/upgrade-cli.use-case.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAOH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0DAA0D,CAAC;AAChG,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,yDAAyD,CAAC;AAE9F,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,YAAY,GAAG,UAAU,GAAG,OAAO,CAAC;IAC5C,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAQD,qBACa,iBAAiB;IAG1B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAE/B,OAAO,CAAC,QAAQ,CAAC,aAAa;gBAFb,cAAc,EAAE,eAAe,EAE/B,aAAa,EAAE,cAAc;IAG1C,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC;IAyCxE,OAAO,CAAC,gBAAgB;IA6CxB,OAAO,CAAC,kBAAkB;IAwD1B;;;;OAIG;IACG,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC;IA2B5C,OAAO,CAAC,aAAa;CAuBtB"}
|
|
@@ -24,7 +24,11 @@ var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
|
24
24
|
};
|
|
25
25
|
import { injectable, inject } from 'tsyringe';
|
|
26
26
|
import { spawn } from 'node:child_process';
|
|
27
|
+
import { mkdtempSync, rmSync } from 'node:fs';
|
|
28
|
+
import { tmpdir } from 'node:os';
|
|
29
|
+
import { join } from 'node:path';
|
|
27
30
|
const VERSION_CHECK_TIMEOUT_MS = 10_000;
|
|
31
|
+
const NPM_CACHE_ADD_TIMEOUT_MS = 120_000;
|
|
28
32
|
/** Delay (ms) before the current process exits to allow the SSE response to flush. */
|
|
29
33
|
const SELF_RESTART_DELAY_MS = 1_000;
|
|
30
34
|
let UpgradeCliUseCase = class UpgradeCliUseCase {
|
|
@@ -43,8 +47,14 @@ let UpgradeCliUseCase = class UpgradeCliUseCase {
|
|
|
43
47
|
onOutput?.(`Already up to date (v${currentVersion})\n`);
|
|
44
48
|
return { status: 'up-to-date', currentVersion, latestVersion };
|
|
45
49
|
}
|
|
46
|
-
// 3.
|
|
50
|
+
// 3. Pre-download the package into npm cache before install
|
|
47
51
|
const target = latestVersion ? `v${latestVersion}` : 'latest';
|
|
52
|
+
onOutput?.(`Downloading @shepai/cli@latest...\n`);
|
|
53
|
+
const cached = await this.preDownloadPackage();
|
|
54
|
+
if (!cached) {
|
|
55
|
+
onOutput?.('Pre-download did not complete — proceeding with install...\n');
|
|
56
|
+
}
|
|
57
|
+
// 4. Run install (fast if cached)
|
|
48
58
|
onOutput?.(`Upgrading from v${currentVersion} to ${target}...\n`);
|
|
49
59
|
try {
|
|
50
60
|
const exitCode = await this.runNpmInstall(onOutput);
|
|
@@ -104,6 +114,53 @@ let UpgradeCliUseCase = class UpgradeCliUseCase {
|
|
|
104
114
|
});
|
|
105
115
|
});
|
|
106
116
|
}
|
|
117
|
+
preDownloadPackage() {
|
|
118
|
+
let tmpDir;
|
|
119
|
+
try {
|
|
120
|
+
tmpDir = mkdtempSync(join(tmpdir(), 'shep-upgrade-'));
|
|
121
|
+
}
|
|
122
|
+
catch {
|
|
123
|
+
return Promise.resolve(false);
|
|
124
|
+
}
|
|
125
|
+
const cleanup = () => {
|
|
126
|
+
try {
|
|
127
|
+
rmSync(tmpDir, { recursive: true, force: true });
|
|
128
|
+
}
|
|
129
|
+
catch {
|
|
130
|
+
/* best-effort */
|
|
131
|
+
}
|
|
132
|
+
};
|
|
133
|
+
return new Promise((resolve) => {
|
|
134
|
+
let settled = false;
|
|
135
|
+
const child = spawn('npm', ['install', '--prefix', tmpDir, '--ignore-scripts', '@shepai/cli@latest'], {
|
|
136
|
+
stdio: ['ignore', 'ignore', 'pipe'],
|
|
137
|
+
});
|
|
138
|
+
const timeout = setTimeout(() => {
|
|
139
|
+
if (!settled) {
|
|
140
|
+
settled = true;
|
|
141
|
+
child.kill();
|
|
142
|
+
cleanup();
|
|
143
|
+
resolve(false);
|
|
144
|
+
}
|
|
145
|
+
}, NPM_CACHE_ADD_TIMEOUT_MS);
|
|
146
|
+
child.on('close', (code) => {
|
|
147
|
+
if (!settled) {
|
|
148
|
+
settled = true;
|
|
149
|
+
clearTimeout(timeout);
|
|
150
|
+
cleanup();
|
|
151
|
+
resolve(code === 0);
|
|
152
|
+
}
|
|
153
|
+
});
|
|
154
|
+
child.on('error', () => {
|
|
155
|
+
if (!settled) {
|
|
156
|
+
settled = true;
|
|
157
|
+
clearTimeout(timeout);
|
|
158
|
+
cleanup();
|
|
159
|
+
resolve(false);
|
|
160
|
+
}
|
|
161
|
+
});
|
|
162
|
+
});
|
|
163
|
+
}
|
|
107
164
|
/**
|
|
108
165
|
* Schedule a daemon self-restart after upgrade.
|
|
109
166
|
* Reads the current daemon port, spawns a new daemon process with the
|
|
@@ -130,7 +187,7 @@ let UpgradeCliUseCase = class UpgradeCliUseCase {
|
|
|
130
187
|
}
|
|
131
188
|
runNpmInstall(onOutput) {
|
|
132
189
|
return new Promise((resolve, reject) => {
|
|
133
|
-
const child = spawn('npm', ['i', '-g', '@shepai/cli@latest'], {
|
|
190
|
+
const child = spawn('npm', ['i', '-g', '@shepai/cli@latest', '--prefer-offline'], {
|
|
134
191
|
stdio: ['ignore', 'pipe', 'pipe'],
|
|
135
192
|
});
|
|
136
193
|
child.stdout?.on('data', (data) => {
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security Violation Error
|
|
3
|
+
*
|
|
4
|
+
* Thrown when a security policy constraint is violated during agent execution.
|
|
5
|
+
* Contains structured information about the violated rule, the action category,
|
|
6
|
+
* and actionable remediation guidance.
|
|
7
|
+
*/
|
|
8
|
+
import type { SecurityActionCategory } from '../generated/output.js';
|
|
9
|
+
export declare class SecurityViolationError extends Error {
|
|
10
|
+
readonly rule: string;
|
|
11
|
+
readonly category: SecurityActionCategory;
|
|
12
|
+
readonly remediation: string;
|
|
13
|
+
constructor(rule: string, category: SecurityActionCategory, remediation: string);
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=security-violation.error.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-violation.error.d.ts","sourceRoot":"","sources":["../../../../../../packages/core/src/domain/errors/security-violation.error.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAElE,qBAAa,sBAAuB,SAAQ,KAAK;aAE7B,IAAI,EAAE,MAAM;aACZ,QAAQ,EAAE,sBAAsB;aAChC,WAAW,EAAE,MAAM;gBAFnB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,sBAAsB,EAChC,WAAW,EAAE,MAAM;CAMtC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security Violation Error
|
|
3
|
+
*
|
|
4
|
+
* Thrown when a security policy constraint is violated during agent execution.
|
|
5
|
+
* Contains structured information about the violated rule, the action category,
|
|
6
|
+
* and actionable remediation guidance.
|
|
7
|
+
*/
|
|
8
|
+
export class SecurityViolationError extends Error {
|
|
9
|
+
rule;
|
|
10
|
+
category;
|
|
11
|
+
remediation;
|
|
12
|
+
constructor(rule, category, remediation) {
|
|
13
|
+
super(`Security policy violation: ${rule}`);
|
|
14
|
+
this.rule = rule;
|
|
15
|
+
this.category = category;
|
|
16
|
+
this.remediation = remediation;
|
|
17
|
+
this.name = 'SecurityViolationError';
|
|
18
|
+
Object.setPrototypeOf(this, new.target.prototype);
|
|
19
|
+
}
|
|
20
|
+
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"settings-defaults.factory.d.ts","sourceRoot":"","sources":["../../../../../../packages/core/src/domain/factories/settings-defaults.factory.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EACV,QAAQ,
|
|
1
|
+
{"version":3,"file":"settings-defaults.factory.d.ts","sourceRoot":"","sources":["../../../../../../packages/core/src/domain/factories/settings-defaults.factory.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EACV,QAAQ,EAYT,MAAM,qBAAqB,CAAC;AAoD7B;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,qBAAqB,IAAI,QAAQ,CAmJhD"}
|
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
* - Auto-update enabled, log level set to info
|
|
12
12
|
* - Unique IDs and timestamps generated for each instance
|
|
13
13
|
*/
|
|
14
|
-
import { AgentType, AgentAuthMethod, EditorType, SkillSourceType, TerminalType, } from '../generated/output.js';
|
|
14
|
+
import { AgentType, AgentAuthMethod, EditorType, SkillSourceType, SecurityMode, TerminalType, } from '../generated/output.js';
|
|
15
15
|
/**
|
|
16
16
|
* Default AI model for all SDLC agents.
|
|
17
17
|
* Provides balanced performance and cost for all workflow stages.
|
|
@@ -185,6 +185,9 @@ export function createDefaultSettings() {
|
|
|
185
185
|
reactFileManager: false,
|
|
186
186
|
inventory: false,
|
|
187
187
|
};
|
|
188
|
+
const security = {
|
|
189
|
+
mode: SecurityMode.Advisory,
|
|
190
|
+
};
|
|
188
191
|
return {
|
|
189
192
|
id: globalThis.crypto.randomUUID(),
|
|
190
193
|
models,
|
|
@@ -195,6 +198,7 @@ export function createDefaultSettings() {
|
|
|
195
198
|
notifications,
|
|
196
199
|
workflow,
|
|
197
200
|
featureFlags,
|
|
201
|
+
security,
|
|
198
202
|
onboardingComplete: false,
|
|
199
203
|
createdAt: now,
|
|
200
204
|
updatedAt: now,
|
|
@@ -658,6 +658,28 @@ export type FabLayoutConfig = {
|
|
|
658
658
|
*/
|
|
659
659
|
swapPosition: boolean;
|
|
660
660
|
};
|
|
661
|
+
export declare enum SecurityMode {
|
|
662
|
+
Disabled = "Disabled",
|
|
663
|
+
Advisory = "Advisory",
|
|
664
|
+
Enforce = "Enforce"
|
|
665
|
+
}
|
|
666
|
+
/**
|
|
667
|
+
* Supply-chain security configuration persisted in settings
|
|
668
|
+
*/
|
|
669
|
+
export type SecurityConfig = {
|
|
670
|
+
/**
|
|
671
|
+
* Effective security mode (default: Advisory)
|
|
672
|
+
*/
|
|
673
|
+
mode: SecurityMode;
|
|
674
|
+
/**
|
|
675
|
+
* ISO timestamp of last policy evaluation (null if never evaluated)
|
|
676
|
+
*/
|
|
677
|
+
lastEvaluationAt?: string;
|
|
678
|
+
/**
|
|
679
|
+
* Source of the active security policy (null if never evaluated)
|
|
680
|
+
*/
|
|
681
|
+
policySource?: string;
|
|
682
|
+
};
|
|
661
683
|
/**
|
|
662
684
|
* Global Shep platform settings (singleton)
|
|
663
685
|
*/
|
|
@@ -706,6 +728,10 @@ export type Settings = BaseEntity & {
|
|
|
706
728
|
* FAB layout configuration (optional, defaults applied at runtime)
|
|
707
729
|
*/
|
|
708
730
|
fabLayout?: FabLayoutConfig;
|
|
731
|
+
/**
|
|
732
|
+
* Supply-chain security configuration (optional, defaults applied at runtime)
|
|
733
|
+
*/
|
|
734
|
+
security?: SecurityConfig;
|
|
709
735
|
};
|
|
710
736
|
export declare enum TaskState {
|
|
711
737
|
Todo = "Todo",
|
|
@@ -1669,6 +1695,239 @@ export type Repository = SoftDeletableEntity & {
|
|
|
1669
1695
|
*/
|
|
1670
1696
|
remoteUrl?: string;
|
|
1671
1697
|
};
|
|
1698
|
+
export declare enum SecurityActionCategory {
|
|
1699
|
+
DependencyInstall = "DependencyInstall",
|
|
1700
|
+
PackageScriptExec = "PackageScriptExec",
|
|
1701
|
+
CiWorkflowModify = "CiWorkflowModify",
|
|
1702
|
+
PublishRelease = "PublishRelease",
|
|
1703
|
+
SandboxEscalation = "SandboxEscalation"
|
|
1704
|
+
}
|
|
1705
|
+
export declare enum SecurityActionDisposition {
|
|
1706
|
+
Allowed = "Allowed",
|
|
1707
|
+
Denied = "Denied",
|
|
1708
|
+
ApprovalRequired = "ApprovalRequired"
|
|
1709
|
+
}
|
|
1710
|
+
/**
|
|
1711
|
+
* Mapping of an action category to its enforcement disposition
|
|
1712
|
+
*/
|
|
1713
|
+
export type ActionDispositionEntry = {
|
|
1714
|
+
/**
|
|
1715
|
+
* The action category
|
|
1716
|
+
*/
|
|
1717
|
+
category: SecurityActionCategory;
|
|
1718
|
+
/**
|
|
1719
|
+
* How this action should be handled
|
|
1720
|
+
*/
|
|
1721
|
+
disposition: SecurityActionDisposition;
|
|
1722
|
+
};
|
|
1723
|
+
/**
|
|
1724
|
+
* Dependency risk evaluation policy rules
|
|
1725
|
+
*/
|
|
1726
|
+
export type DependencyRules = {
|
|
1727
|
+
/**
|
|
1728
|
+
* Check manifest-lockfile consistency (default: true)
|
|
1729
|
+
*/
|
|
1730
|
+
checkLockfileConsistency: boolean;
|
|
1731
|
+
/**
|
|
1732
|
+
* Flag packages with lifecycle scripts (default: true)
|
|
1733
|
+
*/
|
|
1734
|
+
checkLifecycleScripts: boolean;
|
|
1735
|
+
/**
|
|
1736
|
+
* Flag non-registry dependency sources (default: true)
|
|
1737
|
+
*/
|
|
1738
|
+
checkNonRegistrySource: boolean;
|
|
1739
|
+
/**
|
|
1740
|
+
* Enforce strict version ranges — no ^ or * (default: false)
|
|
1741
|
+
*/
|
|
1742
|
+
enforceStrictVersionRanges: boolean;
|
|
1743
|
+
/**
|
|
1744
|
+
* Packages explicitly allowed (empty = allow all)
|
|
1745
|
+
*/
|
|
1746
|
+
allowlist: string[];
|
|
1747
|
+
/**
|
|
1748
|
+
* Packages explicitly denied
|
|
1749
|
+
*/
|
|
1750
|
+
denylist: string[];
|
|
1751
|
+
};
|
|
1752
|
+
/**
|
|
1753
|
+
* Release integrity policy rules
|
|
1754
|
+
*/
|
|
1755
|
+
export type ReleaseRules = {
|
|
1756
|
+
/**
|
|
1757
|
+
* Require publishing from CI only, not local (default: true)
|
|
1758
|
+
*/
|
|
1759
|
+
requireCiOnlyPublishing: boolean;
|
|
1760
|
+
/**
|
|
1761
|
+
* Require npm provenance flags on publish (default: true)
|
|
1762
|
+
*/
|
|
1763
|
+
requireProvenance: boolean;
|
|
1764
|
+
/**
|
|
1765
|
+
* Check that release workflow has not been tampered with (default: true)
|
|
1766
|
+
*/
|
|
1767
|
+
checkWorkflowIntegrity: boolean;
|
|
1768
|
+
};
|
|
1769
|
+
/**
|
|
1770
|
+
* Security policy configuration from shep.security.yaml
|
|
1771
|
+
*/
|
|
1772
|
+
export type SecurityPolicy = {
|
|
1773
|
+
/**
|
|
1774
|
+
* Desired security mode for this repository
|
|
1775
|
+
*/
|
|
1776
|
+
mode: SecurityMode;
|
|
1777
|
+
/**
|
|
1778
|
+
* Per-action-category enforcement dispositions
|
|
1779
|
+
*/
|
|
1780
|
+
actionDispositions: ActionDispositionEntry[];
|
|
1781
|
+
/**
|
|
1782
|
+
* Dependency risk evaluation rules
|
|
1783
|
+
*/
|
|
1784
|
+
dependencyRules: DependencyRules;
|
|
1785
|
+
/**
|
|
1786
|
+
* Release integrity check rules
|
|
1787
|
+
*/
|
|
1788
|
+
releaseRules: ReleaseRules;
|
|
1789
|
+
};
|
|
1790
|
+
export declare enum SecuritySeverity {
|
|
1791
|
+
Low = "Low",
|
|
1792
|
+
Medium = "Medium",
|
|
1793
|
+
High = "High",
|
|
1794
|
+
Critical = "Critical"
|
|
1795
|
+
}
|
|
1796
|
+
/**
|
|
1797
|
+
* Persisted security event for audit and observability
|
|
1798
|
+
*/
|
|
1799
|
+
export type SecurityEvent = BaseEntity & {
|
|
1800
|
+
/**
|
|
1801
|
+
* Absolute path to the repository this event belongs to
|
|
1802
|
+
*/
|
|
1803
|
+
repositoryPath: string;
|
|
1804
|
+
/**
|
|
1805
|
+
* Feature ID if this event occurred during a feature run
|
|
1806
|
+
*/
|
|
1807
|
+
featureId?: string;
|
|
1808
|
+
/**
|
|
1809
|
+
* Severity of this security event
|
|
1810
|
+
*/
|
|
1811
|
+
severity: SecuritySeverity;
|
|
1812
|
+
/**
|
|
1813
|
+
* Action category that triggered this event
|
|
1814
|
+
*/
|
|
1815
|
+
category: SecurityActionCategory;
|
|
1816
|
+
/**
|
|
1817
|
+
* How the action was handled (allowed, denied, approval-required)
|
|
1818
|
+
*/
|
|
1819
|
+
disposition: SecurityActionDisposition;
|
|
1820
|
+
/**
|
|
1821
|
+
* Actor or source that triggered this event (agent, user, CI)
|
|
1822
|
+
*/
|
|
1823
|
+
actor?: string;
|
|
1824
|
+
/**
|
|
1825
|
+
* Human-readable event description
|
|
1826
|
+
*/
|
|
1827
|
+
message?: string;
|
|
1828
|
+
/**
|
|
1829
|
+
* Actionable remediation guidance
|
|
1830
|
+
*/
|
|
1831
|
+
remediationSummary?: string;
|
|
1832
|
+
};
|
|
1833
|
+
export declare enum DependencyRiskType {
|
|
1834
|
+
LockfileInconsistency = "LockfileInconsistency",
|
|
1835
|
+
NonRegistrySource = "NonRegistrySource",
|
|
1836
|
+
LifecycleScript = "LifecycleScript",
|
|
1837
|
+
DenylistViolation = "DenylistViolation",
|
|
1838
|
+
AllowlistViolation = "AllowlistViolation",
|
|
1839
|
+
VersionRangePolicy = "VersionRangePolicy"
|
|
1840
|
+
}
|
|
1841
|
+
/**
|
|
1842
|
+
* Single dependency risk finding
|
|
1843
|
+
*/
|
|
1844
|
+
export type DependencyFinding = {
|
|
1845
|
+
/**
|
|
1846
|
+
* Package name (e.g. 'lodash', '@types/node')
|
|
1847
|
+
*/
|
|
1848
|
+
packageName: string;
|
|
1849
|
+
/**
|
|
1850
|
+
* Package version or range (e.g. '^4.17.0')
|
|
1851
|
+
*/
|
|
1852
|
+
version?: string;
|
|
1853
|
+
/**
|
|
1854
|
+
* Severity of this finding
|
|
1855
|
+
*/
|
|
1856
|
+
severity: SecuritySeverity;
|
|
1857
|
+
/**
|
|
1858
|
+
* Type of dependency risk detected
|
|
1859
|
+
*/
|
|
1860
|
+
riskType: DependencyRiskType;
|
|
1861
|
+
/**
|
|
1862
|
+
* Human-readable description of the finding
|
|
1863
|
+
*/
|
|
1864
|
+
message: string;
|
|
1865
|
+
/**
|
|
1866
|
+
* Actionable remediation guidance
|
|
1867
|
+
*/
|
|
1868
|
+
remediation?: string;
|
|
1869
|
+
};
|
|
1870
|
+
export declare enum ReleaseIntegrityCheckType {
|
|
1871
|
+
CiOnlyPublishing = "CiOnlyPublishing",
|
|
1872
|
+
SecretConfiguration = "SecretConfiguration",
|
|
1873
|
+
ProvenanceConfiguration = "ProvenanceConfiguration",
|
|
1874
|
+
WorkflowIntegrity = "WorkflowIntegrity"
|
|
1875
|
+
}
|
|
1876
|
+
/**
|
|
1877
|
+
* Result of a single release integrity check
|
|
1878
|
+
*/
|
|
1879
|
+
export type ReleaseIntegrityCheck = {
|
|
1880
|
+
/**
|
|
1881
|
+
* Type of check performed
|
|
1882
|
+
*/
|
|
1883
|
+
checkType: ReleaseIntegrityCheckType;
|
|
1884
|
+
/**
|
|
1885
|
+
* Whether this check passed
|
|
1886
|
+
*/
|
|
1887
|
+
passed: boolean;
|
|
1888
|
+
/**
|
|
1889
|
+
* Human-readable description of the result
|
|
1890
|
+
*/
|
|
1891
|
+
message: string;
|
|
1892
|
+
/**
|
|
1893
|
+
* Severity when this check fails
|
|
1894
|
+
*/
|
|
1895
|
+
severity: SecuritySeverity;
|
|
1896
|
+
};
|
|
1897
|
+
/**
|
|
1898
|
+
* Aggregated release integrity evaluation result
|
|
1899
|
+
*/
|
|
1900
|
+
export type ReleaseIntegrityResult = {
|
|
1901
|
+
/**
|
|
1902
|
+
* Individual check results
|
|
1903
|
+
*/
|
|
1904
|
+
checks: ReleaseIntegrityCheck[];
|
|
1905
|
+
/**
|
|
1906
|
+
* Whether all checks passed
|
|
1907
|
+
*/
|
|
1908
|
+
passed: boolean;
|
|
1909
|
+
};
|
|
1910
|
+
/**
|
|
1911
|
+
* Computed effective security policy snapshot
|
|
1912
|
+
*/
|
|
1913
|
+
export type EffectivePolicySnapshot = {
|
|
1914
|
+
/**
|
|
1915
|
+
* Resolved effective security mode
|
|
1916
|
+
*/
|
|
1917
|
+
mode: SecurityMode;
|
|
1918
|
+
/**
|
|
1919
|
+
* Where the policy was sourced from (e.g. 'shep.security.yaml', 'settings-default')
|
|
1920
|
+
*/
|
|
1921
|
+
source: string;
|
|
1922
|
+
/**
|
|
1923
|
+
* ISO timestamp when this snapshot was computed
|
|
1924
|
+
*/
|
|
1925
|
+
evaluatedAt: string;
|
|
1926
|
+
/**
|
|
1927
|
+
* Resolved per-action-category enforcement dispositions
|
|
1928
|
+
*/
|
|
1929
|
+
actionDispositions: ActionDispositionEntry[];
|
|
1930
|
+
};
|
|
1672
1931
|
/**
|
|
1673
1932
|
* Single installation suggestion for a tool
|
|
1674
1933
|
*/
|