@shepai/cli 1.171.0-pr527.e2ee839 → 1.172.0-pr528.108a424
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/apis/json-schema/AgentType.yaml +1 -0
- package/apis/json-schema/Settings.yaml +0 -3
- package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts +1 -15
- package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts +1 -3
- package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts +0 -38
- package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.js +0 -9
- package/dist/packages/core/src/application/ports/output/services/spec-initializer.interface.d.ts +0 -11
- package/dist/packages/core/src/application/ports/output/services/spec-initializer.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/agents/approve-agent-run.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/agents/approve-agent-run.use-case.js +0 -2
- package/dist/packages/core/src/application/use-cases/agents/reject-agent-run.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/agents/reject-agent-run.use-case.js +0 -2
- package/dist/packages/core/src/application/use-cases/features/check-and-unblock-features.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/check-and-unblock-features.use-case.js +0 -2
- package/dist/packages/core/src/application/use-cases/features/create/create-feature.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/create/create-feature.use-case.js +0 -1
- package/dist/packages/core/src/application/use-cases/features/resume-feature.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/resume-feature.use-case.js +0 -2
- package/dist/packages/core/src/application/use-cases/features/start-feature.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/start-feature.use-case.js +0 -2
- package/dist/packages/core/src/domain/factories/settings-defaults.factory.d.ts.map +1 -1
- package/dist/packages/core/src/domain/factories/settings-defaults.factory.js +1 -5
- package/dist/packages/core/src/domain/generated/output.d.ts +1 -259
- package/dist/packages/core/src/domain/generated/output.d.ts.map +1 -1
- package/dist/packages/core/src/domain/generated/output.js +1 -43
- package/dist/packages/core/src/infrastructure/di/container.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/di/container.js +3 -57
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.d.ts +0 -3
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.js +0 -14
- package/dist/packages/core/src/infrastructure/repositories/sqlite-settings.repository.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/repositories/sqlite-settings.repository.js +3 -12
- package/dist/packages/core/src/infrastructure/services/agents/common/agent-executor-factory.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/common/agent-executor-factory.service.js +23 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/agent-validator.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/common/agent-validator.service.js +1 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.d.ts +0 -2
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.js +0 -12
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/copilot-cli-executor.service.d.ts +63 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/copilot-cli-executor.service.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/copilot-cli-executor.service.js +494 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/fast-feature-agent-graph.d.ts +0 -10
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/fast-feature-agent-graph.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-graph.d.ts +0 -34
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-graph.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.d.ts +1 -3
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.js +1 -7
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.d.ts +1 -3
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.js +1 -32
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/node-helpers.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/node-helpers.js +0 -19
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.d.ts +1 -4
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.js +0 -10
- package/dist/packages/core/src/infrastructure/services/external/github-repository.service.d.ts +1 -10
- package/dist/packages/core/src/infrastructure/services/external/github-repository.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/external/github-repository.service.js +1 -101
- package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.d.ts +0 -1
- package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.js +0 -61
- package/dist/packages/core/src/infrastructure/services/tool-installer/tools/codex.json +32 -0
- package/dist/packages/core/src/infrastructure/services/tool-installer/tools/copilot.json +32 -0
- package/dist/src/presentation/cli/index.js +0 -2
- package/dist/src/presentation/tui/prompts/agent-select.prompt.d.ts.map +1 -1
- package/dist/src/presentation/tui/prompts/agent-select.prompt.js +5 -0
- package/dist/src/presentation/web/app/actions/check-agent-auth.d.ts.map +1 -1
- package/dist/src/presentation/web/app/actions/check-agent-auth.js +18 -0
- package/dist/src/presentation/web/app/actions/get-all-agent-models.d.ts.map +1 -1
- package/dist/src/presentation/web/app/actions/get-all-agent-models.js +4 -2
- package/dist/src/presentation/web/app/build-graph-nodes.d.ts +1 -3
- package/dist/src/presentation/web/app/build-graph-nodes.d.ts.map +1 -1
- package/dist/src/presentation/web/app/build-graph-nodes.js +0 -2
- package/dist/src/presentation/web/components/common/feature-node/agent-type-icons.d.ts +1 -1
- package/dist/src/presentation/web/components/common/feature-node/agent-type-icons.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/feature-node/agent-type-icons.js +2 -0
- package/dist/src/presentation/web/components/common/feature-node/agent-type-icons.stories.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/feature-node/agent-type-icons.stories.js +1 -0
- package/dist/src/presentation/web/components/common/feature-node/feature-node-state-config.d.ts +1 -3
- package/dist/src/presentation/web/components/common/feature-node/feature-node-state-config.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/feature-node/feature-node.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/feature-node/feature-node.js +1 -2
- package/dist/src/presentation/web/components/common/repo-group/repo-group.js +1 -1
- package/dist/src/presentation/web/components/common/repository-node/repository-drawer.d.ts +1 -3
- package/dist/src/presentation/web/components/common/repository-node/repository-drawer.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/repository-node/repository-drawer.js +2 -3
- package/dist/src/presentation/web/components/features/settings/AgentModelPicker/AgentModelPicker.stories.d.ts +1 -0
- package/dist/src/presentation/web/components/features/settings/AgentModelPicker/AgentModelPicker.stories.d.ts.map +1 -1
- package/dist/src/presentation/web/components/features/settings/AgentModelPicker/AgentModelPicker.stories.js +7 -0
- package/dist/src/presentation/web/components/features/settings/agent-settings-section.d.ts.map +1 -1
- package/dist/src/presentation/web/components/features/settings/agent-settings-section.js +11 -3
- package/dist/src/presentation/web/components/features/settings/agent-settings-section.stories.d.ts +1 -0
- package/dist/src/presentation/web/components/features/settings/agent-settings-section.stories.d.ts.map +1 -1
- package/dist/src/presentation/web/components/features/settings/agent-settings-section.stories.js +8 -0
- package/dist/src/presentation/web/components/features/settings/settings-page-client.d.ts.map +1 -1
- package/dist/src/presentation/web/components/features/settings/settings-page-client.js +3 -16
- package/dist/translations/ar/cli.json +0 -20
- package/dist/translations/ar/tui.json +4 -0
- package/dist/translations/ar/web.json +1 -43
- package/dist/translations/de/cli.json +0 -20
- package/dist/translations/de/tui.json +4 -0
- package/dist/translations/de/web.json +1 -43
- package/dist/translations/en/cli.json +0 -20
- package/dist/translations/en/tui.json +4 -0
- package/dist/translations/en/web.json +1 -43
- package/dist/translations/es/cli.json +0 -20
- package/dist/translations/es/tui.json +4 -0
- package/dist/translations/es/web.json +1 -43
- package/dist/translations/fr/cli.json +0 -20
- package/dist/translations/fr/tui.json +4 -0
- package/dist/translations/fr/web.json +1 -43
- package/dist/translations/he/cli.json +0 -20
- package/dist/translations/he/tui.json +4 -0
- package/dist/translations/he/web.json +1 -43
- package/dist/translations/pt/cli.json +0 -20
- package/dist/translations/pt/tui.json +4 -0
- package/dist/translations/pt/web.json +1 -43
- package/dist/translations/ru/cli.json +0 -20
- package/dist/translations/ru/tui.json +4 -0
- package/dist/translations/ru/web.json +1 -43
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/web/.next/BUILD_ID +1 -1
- package/web/.next/build-manifest.json +2 -2
- package/web/.next/fallback-build-manifest.json +2 -2
- package/web/.next/prerender-manifest.json +3 -3
- package/web/.next/required-server-files.js +2 -2
- package/web/.next/required-server-files.json +2 -2
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page/server-reference-manifest.json +29 -29
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page.js +1 -2
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/chat/page/server-reference-manifest.json +27 -27
- package/web/.next/server/app/(dashboard)/@drawer/chat/page.js +1 -2
- package/web/.next/server/app/(dashboard)/@drawer/chat/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/chat/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/create/page/server-reference-manifest.json +30 -30
- package/web/.next/server/app/(dashboard)/@drawer/create/page.js +1 -2
- package/web/.next/server/app/(dashboard)/@drawer/create/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/create/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page.js +1 -2
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page.js +1 -2
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page.js +1 -2
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page.js +1 -2
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/chat/page/server-reference-manifest.json +27 -27
- package/web/.next/server/app/(dashboard)/chat/page.js +1 -2
- package/web/.next/server/app/(dashboard)/chat/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/chat/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/create/page/server-reference-manifest.json +30 -30
- package/web/.next/server/app/(dashboard)/create/page.js +1 -2
- package/web/.next/server/app/(dashboard)/create/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/create/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page.js +1 -2
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page.js +1 -2
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/page/server-reference-manifest.json +27 -27
- package/web/.next/server/app/(dashboard)/page.js +1 -2
- package/web/.next/server/app/(dashboard)/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page.js +1 -2
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page.js +1 -2
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/_global-error.html +2 -2
- package/web/.next/server/app/_global-error.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/__PAGE__.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_full.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_head.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_index.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_tree.segment.rsc +1 -1
- package/web/.next/server/app/_not-found/page/server-reference-manifest.json +6 -6
- package/web/.next/server/app/_not-found/page.js.nft.json +1 -1
- package/web/.next/server/app/_not-found/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/api/attachments/preview/route.js.nft.json +1 -1
- package/web/.next/server/app/api/evidence/route.js.nft.json +1 -1
- package/web/.next/server/app/api/graph-data/route.js.nft.json +1 -1
- package/web/.next/server/app/api/interactive/chat/[featureId]/messages/route.js.nft.json +1 -1
- package/web/.next/server/app/api/sessions/route.js.nft.json +1 -1
- package/web/.next/server/app/api/sessions-batch/route.js.nft.json +1 -1
- package/web/.next/server/app/features/page/server-reference-manifest.json +6 -6
- package/web/.next/server/app/features/page.js.nft.json +1 -1
- package/web/.next/server/app/features/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/settings/page/server-reference-manifest.json +18 -33
- package/web/.next/server/app/settings/page.js +1 -1
- package/web/.next/server/app/settings/page.js.nft.json +1 -1
- package/web/.next/server/app/settings/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/skills/page/server-reference-manifest.json +13 -13
- package/web/.next/server/app/skills/page.js +1 -2
- package/web/.next/server/app/skills/page.js.nft.json +1 -1
- package/web/.next/server/app/skills/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/tools/page/server-reference-manifest.json +11 -11
- package/web/.next/server/app/tools/page.js +1 -2
- package/web/.next/server/app/tools/page.js.nft.json +1 -1
- package/web/.next/server/app/tools/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/version/page/server-reference-manifest.json +6 -6
- package/web/.next/server/app/version/page.js.nft.json +1 -1
- package/web/.next/server/app/version/page_client-reference-manifest.js +1 -1
- package/web/.next/server/chunks/403f9_next_dist_esm_build_templates_app-route_370c43b1.js +1 -1
- package/web/.next/server/chunks/403f9_next_dist_esm_build_templates_app-route_370c43b1.js.map +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__a402b567._.js +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__c78383b1._.js +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__c78383b1._.js.map +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__cd67a84c._.js +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__cd67a84c._.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_create-drawer-client_tsx_5e26fc0a._.js +1 -1
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_create-drawer-client_tsx_5e26fc0a._.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_feature-drawer-client_tsx_e9755fc8._.js +2 -2
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_feature-drawer-client_tsx_e9755fc8._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1cd4327c._.js +4 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1cd4327c._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1f389e5d._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1f389e5d._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__357d99f9._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__4fb81977._.js +4 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__4fb81977._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__6c7d3936._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__6c7d3936._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__7dcd0917._.js +4 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__7dcd0917._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__92ffd5ee._.js +4 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__92ffd5ee._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__b020c17d._.js +4 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__b020c17d._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__b7b96453._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__b7b96453._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__ba7f5873._.js +4 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__ba7f5873._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__c5e09f6f._.js +4 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__c5e09f6f._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__fa525872._.js +3 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__fa525872._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_02e01240._.js +4 -0
- package/web/.next/server/chunks/ssr/_02e01240._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_05c23ad9._.js +1 -1
- package/web/.next/server/chunks/ssr/_05c23ad9._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_16eb4fec._.js +1 -1
- package/web/.next/server/chunks/ssr/_16eb4fec._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_18886033._.js +4 -0
- package/web/.next/server/chunks/ssr/_18886033._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_1e08a336._.js +1 -1
- package/web/.next/server/chunks/ssr/_22e00a14._.js +4 -0
- package/web/.next/server/chunks/ssr/_22e00a14._.js.map +1 -0
- package/web/.next/server/chunks/ssr/{_ee42a212._.js → _324beb75._.js} +2 -2
- package/web/.next/server/chunks/ssr/{_ee42a212._.js.map → _324beb75._.js.map} +1 -1
- package/web/.next/server/chunks/ssr/_43ba79e7._.js +3 -0
- package/web/.next/server/chunks/ssr/_43ba79e7._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_45496654._.js +1 -1
- package/web/.next/server/chunks/ssr/_45496654._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_4cbb7f95._.js +1 -1
- package/web/.next/server/chunks/ssr/_4cbb7f95._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_5119a3df._.js +1 -1
- package/web/.next/server/chunks/ssr/_5119a3df._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_56b9d60f._.js +1 -1
- package/web/.next/server/chunks/ssr/_56b9d60f._.js.map +1 -1
- package/web/.next/server/chunks/ssr/{_767748d2._.js → _5e3cb0a7._.js} +2 -2
- package/web/.next/server/chunks/ssr/_5e3cb0a7._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_a5a5901d._.js +4 -0
- package/web/.next/server/chunks/ssr/_a5a5901d._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_a963dd3c._.js +3 -0
- package/web/.next/server/chunks/ssr/_a963dd3c._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_ad09f271._.js +4 -0
- package/web/.next/server/chunks/ssr/_ad09f271._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_c3f595c6._.js +4 -0
- package/web/.next/server/chunks/ssr/_c3f595c6._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_c9d3f255._.js +3 -0
- package/web/.next/server/chunks/ssr/_c9d3f255._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_df737cce._.js +1 -1
- package/web/.next/server/chunks/ssr/_e3f14907._.js +9 -0
- package/web/.next/server/chunks/ssr/_e3f14907._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_ea9e1556._.js +4 -0
- package/web/.next/server/chunks/ssr/_ea9e1556._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_f1ba9be6._.js +6 -0
- package/web/.next/server/chunks/ssr/_f1ba9be6._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_f33cd07e._.js +6 -0
- package/web/.next/server/chunks/ssr/_f33cd07e._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_f8b45233._.js +4 -0
- package/web/.next/server/chunks/ssr/_f8b45233._.js.map +1 -0
- package/web/.next/server/chunks/ssr/b1a17_presentation_web_components_features_settings_settings-page-client_tsx_6ed9d5f8._.js +1 -1
- package/web/.next/server/chunks/ssr/b1a17_presentation_web_components_features_settings_settings-page-client_tsx_6ed9d5f8._.js.map +1 -1
- package/web/.next/server/chunks/ssr/f3a1f_components_common_control-center-drawer_repository-drawer-client_tsx_39a00c03._.js +1 -1
- package/web/.next/server/chunks/ssr/f3a1f_components_common_control-center-drawer_repository-drawer-client_tsx_39a00c03._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_app_actions_open-ide_ts_baaca5d5._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_app_actions_open-ide_ts_baaca5d5._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_ca99d62d._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_ca99d62d._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_895e5bfa._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_895e5bfa._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_control-center_7ac3562e._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_control-center_7ac3562e._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_skills_8a174cac._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_skills_8a174cac._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_db9fa0c2._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_db9fa0c2._.js.map +1 -1
- package/web/.next/server/chunks/ssr/translations_23dd5e7e._.js +1 -1
- package/web/.next/server/chunks/ssr/translations_23dd5e7e._.js.map +1 -1
- package/web/.next/server/pages/500.html +2 -2
- package/web/.next/server/server-reference-manifest.js +1 -1
- package/web/.next/server/server-reference-manifest.json +59 -74
- package/web/.next/static/chunks/01d34ca202152b33.js +1 -0
- package/web/.next/static/chunks/120279c82aa8aa25.js +1 -0
- package/web/.next/static/chunks/2e32d8578aace93a.js +1 -0
- package/web/.next/static/chunks/{16fa4d3877c28fe2.js → 41f5bb33ac4f3c7d.js} +1 -1
- package/web/.next/static/chunks/{b9c62932ed987239.js → 43cf78a6c49eb7c1.js} +2 -2
- package/web/.next/static/chunks/4559a403ee40dd19.js +7 -0
- package/web/.next/static/chunks/{a8edb9423086e83f.js → 50b760a2c7ad03d3.js} +1 -1
- package/web/.next/static/chunks/{d1c3e0ee8e788c87.js → 6e10cf4513c1f54f.js} +1 -1
- package/web/.next/static/chunks/{39f6ad3f9005703a.js → 8a486366e2878cbc.js} +1 -1
- package/web/.next/static/chunks/8b0a9cb5109fe899.js +1 -0
- package/web/.next/static/chunks/{9374d251360e808b.js → 947678ada7948442.js} +1 -1
- package/web/.next/static/chunks/{7e05e7e25220ee9a.js → b1b0c8ff51c0c2fc.js} +3 -3
- package/web/.next/static/chunks/b65e555419a0c664.js +1 -0
- package/web/.next/static/chunks/{89dd90bf14488ec0.js → bd55a833b24ee17b.js} +1 -1
- package/web/.next/static/chunks/{e8c3c12f92e9a521.js → c91571264851a71e.js} +3 -3
- package/web/.next/static/chunks/cc832e47f53eb2c3.js +1 -0
- package/web/.next/static/chunks/{fb8dadb64c0ffc6b.js → d5366257d6b9f855.js} +1 -1
- package/web/.next/static/chunks/da504d7f1c40bce1.js +1 -0
- package/web/.next/static/chunks/dcf8bb4389557a76.css +1 -0
- package/web/.next/static/chunks/f8f647baf2e91a9d.js +1 -0
- package/web/public/icons/agents/copilot.svg +12 -0
- package/apis/json-schema/ActionDispositionEntry.yaml +0 -14
- package/apis/json-schema/DependencyFinding.yaml +0 -28
- package/apis/json-schema/DependencyRiskType.yaml +0 -11
- package/apis/json-schema/DependencyRules.yaml +0 -38
- package/apis/json-schema/EffectivePolicySnapshot.yaml +0 -24
- package/apis/json-schema/ReleaseIntegrityCheck.yaml +0 -22
- package/apis/json-schema/ReleaseIntegrityCheckType.yaml +0 -9
- package/apis/json-schema/ReleaseIntegrityResult.yaml +0 -16
- package/apis/json-schema/ReleaseRules.yaml +0 -21
- package/apis/json-schema/SecurityActionCategory.yaml +0 -10
- package/apis/json-schema/SecurityActionDisposition.yaml +0 -8
- package/apis/json-schema/SecurityConfig.yaml +0 -17
- package/apis/json-schema/SecurityEvent.yaml +0 -36
- package/apis/json-schema/SecurityMode.yaml +0 -8
- package/apis/json-schema/SecurityPolicy.yaml +0 -24
- package/apis/json-schema/SecuritySeverity.yaml +0 -9
- package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts +0 -76
- package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts.map +0 -1
- package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.js +0 -11
- package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.d.ts +0 -77
- package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.d.ts.map +0 -1
- package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.js +0 -13
- package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.d.ts +0 -71
- package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.d.ts.map +0 -1
- package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.js +0 -215
- package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.d.ts +0 -24
- package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.d.ts.map +0 -1
- package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.js +0 -56
- package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.d.ts +0 -36
- package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.d.ts.map +0 -1
- package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.js +0 -76
- package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.d.ts +0 -14
- package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.d.ts.map +0 -1
- package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.js +0 -46
- package/dist/packages/core/src/domain/errors/security-violation.error.d.ts +0 -15
- package/dist/packages/core/src/domain/errors/security-violation.error.d.ts.map +0 -1
- package/dist/packages/core/src/domain/errors/security-violation.error.js +0 -20
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.d.ts +0 -44
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.d.ts.map +0 -1
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.js +0 -55
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.d.ts +0 -18
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.d.ts.map +0 -1
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.js +0 -31
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.d.ts +0 -29
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.d.ts.map +0 -1
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.js +0 -53
- package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.d.ts +0 -24
- package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.d.ts.map +0 -1
- package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.js +0 -96
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.d.ts +0 -22
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.d.ts.map +0 -1
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.js +0 -30
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.d.ts +0 -45
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.d.ts.map +0 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.js +0 -70
- package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.d.ts +0 -53
- package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.d.ts.map +0 -1
- package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.js +0 -241
- package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.d.ts +0 -44
- package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.d.ts.map +0 -1
- package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.js +0 -194
- package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.d.ts +0 -28
- package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.d.ts.map +0 -1
- package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.js +0 -50
- package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.d.ts +0 -26
- package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.d.ts.map +0 -1
- package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.js +0 -147
- package/dist/packages/core/src/infrastructure/services/security/security-policy.service.d.ts +0 -44
- package/dist/packages/core/src/infrastructure/services/security/security-policy.service.d.ts.map +0 -1
- package/dist/packages/core/src/infrastructure/services/security/security-policy.service.js +0 -174
- package/dist/src/presentation/cli/commands/security.command.d.ts +0 -16
- package/dist/src/presentation/cli/commands/security.command.d.ts.map +0 -1
- package/dist/src/presentation/cli/commands/security.command.js +0 -118
- package/dist/src/presentation/web/app/actions/security.d.ts +0 -28
- package/dist/src/presentation/web/app/actions/security.d.ts.map +0 -1
- package/dist/src/presentation/web/app/actions/security.js +0 -59
- package/dist/src/presentation/web/components/common/repository-node/security-panel.d.ts +0 -6
- package/dist/src/presentation/web/components/common/repository-node/security-panel.d.ts.map +0 -1
- package/dist/src/presentation/web/components/common/repository-node/security-panel.js +0 -29
- package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.d.ts +0 -10
- package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.d.ts.map +0 -1
- package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.js +0 -53
- package/dist/src/presentation/web/components/common/security-badge.d.ts +0 -7
- package/dist/src/presentation/web/components/common/security-badge.d.ts.map +0 -1
- package/dist/src/presentation/web/components/common/security-badge.js +0 -30
- package/dist/src/presentation/web/components/common/security-badge.stories.d.ts +0 -12
- package/dist/src/presentation/web/components/common/security-badge.stories.d.ts.map +0 -1
- package/dist/src/presentation/web/components/common/security-badge.stories.js +0 -20
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.d.ts +0 -6
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.d.ts.map +0 -1
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.js +0 -60
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts +0 -14
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts.map +0 -1
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.js +0 -116
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_adopt_page_actions_ad0071c9.js +0 -3
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_adopt_page_actions_ad0071c9.js.map +0 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_chat_page_actions_90d98b2b.js +0 -3
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_chat_page_actions_90d98b2b.js.map +0 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_chat_page_actions_d3828105.js +0 -3
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_chat_page_actions_d3828105.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__51ec77a8._.js +0 -3
- package/web/.next/server/chunks/ssr/[root-of-the-server]__51ec77a8._.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__540c615f._.js +0 -4
- package/web/.next/server/chunks/ssr/[root-of-the-server]__540c615f._.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__66047a1b._.js +0 -3
- package/web/.next/server/chunks/ssr/[root-of-the-server]__66047a1b._.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__9a9cb046._.js +0 -3
- package/web/.next/server/chunks/ssr/[root-of-the-server]__9a9cb046._.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a2d6c0ac._.js +0 -4
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a2d6c0ac._.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a932cd3a._.js +0 -3
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a932cd3a._.js.map +0 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__aa72e794._.js +0 -3
- package/web/.next/server/chunks/ssr/[root-of-the-server]__aa72e794._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_02580450._.js +0 -3
- package/web/.next/server/chunks/ssr/_02580450._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_1594e369._.js +0 -9
- package/web/.next/server/chunks/ssr/_1594e369._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_21d37090._.js +0 -3
- package/web/.next/server/chunks/ssr/_21d37090._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_767748d2._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_f8c55130._.js +0 -4
- package/web/.next/server/chunks/ssr/_f8c55130._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_ff04802c._.js +0 -3
- package/web/.next/server/chunks/ssr/_ff04802c._.js.map +0 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_17d39233._.js +0 -3
- package/web/.next/server/chunks/ssr/src_presentation_web_17d39233._.js.map +0 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_54b02639._.js +0 -5
- package/web/.next/server/chunks/ssr/src_presentation_web_54b02639._.js.map +0 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_7b7b9e3b._.js +0 -5
- package/web/.next/server/chunks/ssr/src_presentation_web_7b7b9e3b._.js.map +0 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_807cba76._.js +0 -3
- package/web/.next/server/chunks/ssr/src_presentation_web_807cba76._.js.map +0 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_(dashboard)_page_actions_90b5e66e.js +0 -3
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_(dashboard)_page_actions_90b5e66e.js.map +0 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_skills_page_actions_4ce30db7.js +0 -3
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_skills_page_actions_4ce30db7.js.map +0 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_tools_page_actions_e4032193.js +0 -3
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_tools_page_actions_e4032193.js.map +0 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_e1cd1869._.js +0 -3
- package/web/.next/server/chunks/ssr/src_presentation_web_e1cd1869._.js.map +0 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_e3a30e30._.js +0 -3
- package/web/.next/server/chunks/ssr/src_presentation_web_e3a30e30._.js.map +0 -1
- package/web/.next/static/chunks/051873309d87fb45.css +0 -1
- package/web/.next/static/chunks/23d80bb760e7dc4c.js +0 -1
- package/web/.next/static/chunks/30a0ba9015f94405.js +0 -7
- package/web/.next/static/chunks/3aba9d2242420cb5.js +0 -1
- package/web/.next/static/chunks/7a6f56f37aaa17ea.js +0 -1
- package/web/.next/static/chunks/9423dc2310202fda.js +0 -1
- package/web/.next/static/chunks/a794cf7a1a5648dd.js +0 -1
- package/web/.next/static/chunks/ae81796726a9bba3.js +0 -1
- package/web/.next/static/chunks/f3d5e0ae13def35a.js +0 -1
- package/web/.next/static/chunks/fd232b88b5b50b2e.js +0 -1
- /package/web/.next/static/{t6SUt71jyk_PYf152Imog → S_u3qor6FkwObhA1F2xEj}/_buildManifest.js +0 -0
- /package/web/.next/static/{t6SUt71jyk_PYf152Imog → S_u3qor6FkwObhA1F2xEj}/_clientMiddlewareManifest.json +0 -0
- /package/web/.next/static/{t6SUt71jyk_PYf152Imog → S_u3qor6FkwObhA1F2xEj}/_ssgManifest.js +0 -0
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Migration 053: Add security settings columns to the settings table.
|
|
3
|
-
*
|
|
4
|
-
* Adds three columns for supply-chain security configuration:
|
|
5
|
-
* - security_mode TEXT NOT NULL DEFAULT 'Advisory'
|
|
6
|
-
* - security_last_evaluation_at TEXT (nullable)
|
|
7
|
-
* - security_policy_source TEXT (nullable)
|
|
8
|
-
*
|
|
9
|
-
* These columns store the effective security mode, last evaluation
|
|
10
|
-
* timestamp, and policy source origin for the SecurityConfig model.
|
|
11
|
-
*
|
|
12
|
-
* Migration is idempotent: checks column existence before ALTER.
|
|
13
|
-
*/
|
|
14
|
-
export async function up({ context: db }) {
|
|
15
|
-
const columns = db.pragma('table_info(settings)');
|
|
16
|
-
const existingNames = new Set(columns.map((c) => c.name));
|
|
17
|
-
if (!existingNames.has('security_mode')) {
|
|
18
|
-
db.exec("ALTER TABLE settings ADD COLUMN security_mode TEXT NOT NULL DEFAULT 'Advisory'");
|
|
19
|
-
}
|
|
20
|
-
if (!existingNames.has('security_last_evaluation_at')) {
|
|
21
|
-
db.exec('ALTER TABLE settings ADD COLUMN security_last_evaluation_at TEXT');
|
|
22
|
-
}
|
|
23
|
-
if (!existingNames.has('security_policy_source')) {
|
|
24
|
-
db.exec('ALTER TABLE settings ADD COLUMN security_policy_source TEXT');
|
|
25
|
-
}
|
|
26
|
-
}
|
|
27
|
-
export async function down({ context: db }) {
|
|
28
|
-
// Additive-only migration — columns are nullable/defaulted and ignored
|
|
29
|
-
// by older code. No-op per LESSONS.md backward compatibility rules.
|
|
30
|
-
void db;
|
|
31
|
-
}
|
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Migration 054: Create security_events table.
|
|
3
|
-
*
|
|
4
|
-
* Creates the security_events table for persisting security audit events
|
|
5
|
-
* (policy violations, approval decisions, enforcement outcomes).
|
|
6
|
-
*
|
|
7
|
-
* Columns:
|
|
8
|
-
* - id TEXT PRIMARY KEY
|
|
9
|
-
* - repository_path TEXT NOT NULL
|
|
10
|
-
* - feature_id TEXT (nullable)
|
|
11
|
-
* - severity TEXT NOT NULL
|
|
12
|
-
* - category TEXT NOT NULL
|
|
13
|
-
* - disposition TEXT NOT NULL
|
|
14
|
-
* - actor TEXT (nullable)
|
|
15
|
-
* - message TEXT (nullable)
|
|
16
|
-
* - remediation_summary TEXT (nullable)
|
|
17
|
-
* - created_at TEXT NOT NULL
|
|
18
|
-
*
|
|
19
|
-
* Indexes:
|
|
20
|
-
* - idx_security_events_repo_created ON (repository_path, created_at)
|
|
21
|
-
* - idx_security_events_feature ON (feature_id)
|
|
22
|
-
*
|
|
23
|
-
* Migration is idempotent: uses IF NOT EXISTS on CREATE TABLE and indexes.
|
|
24
|
-
*/
|
|
25
|
-
import type { MigrationParams } from 'umzug';
|
|
26
|
-
import type Database from 'better-sqlite3';
|
|
27
|
-
export declare function up({ context: db }: MigrationParams<Database.Database>): Promise<void>;
|
|
28
|
-
export declare function down({ context: db }: MigrationParams<Database.Database>): Promise<void>;
|
|
29
|
-
//# sourceMappingURL=054-create-security-events-table.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"054-create-security-events-table.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,OAAO,CAAC;AAC7C,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAE3C,wBAAsB,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAyB3F;AAED,wBAAsB,IAAI,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAI7F"}
|
|
@@ -1,53 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Migration 054: Create security_events table.
|
|
3
|
-
*
|
|
4
|
-
* Creates the security_events table for persisting security audit events
|
|
5
|
-
* (policy violations, approval decisions, enforcement outcomes).
|
|
6
|
-
*
|
|
7
|
-
* Columns:
|
|
8
|
-
* - id TEXT PRIMARY KEY
|
|
9
|
-
* - repository_path TEXT NOT NULL
|
|
10
|
-
* - feature_id TEXT (nullable)
|
|
11
|
-
* - severity TEXT NOT NULL
|
|
12
|
-
* - category TEXT NOT NULL
|
|
13
|
-
* - disposition TEXT NOT NULL
|
|
14
|
-
* - actor TEXT (nullable)
|
|
15
|
-
* - message TEXT (nullable)
|
|
16
|
-
* - remediation_summary TEXT (nullable)
|
|
17
|
-
* - created_at TEXT NOT NULL
|
|
18
|
-
*
|
|
19
|
-
* Indexes:
|
|
20
|
-
* - idx_security_events_repo_created ON (repository_path, created_at)
|
|
21
|
-
* - idx_security_events_feature ON (feature_id)
|
|
22
|
-
*
|
|
23
|
-
* Migration is idempotent: uses IF NOT EXISTS on CREATE TABLE and indexes.
|
|
24
|
-
*/
|
|
25
|
-
export async function up({ context: db }) {
|
|
26
|
-
db.exec(`
|
|
27
|
-
CREATE TABLE IF NOT EXISTS security_events (
|
|
28
|
-
id TEXT PRIMARY KEY,
|
|
29
|
-
repository_path TEXT NOT NULL,
|
|
30
|
-
feature_id TEXT,
|
|
31
|
-
severity TEXT NOT NULL,
|
|
32
|
-
category TEXT NOT NULL,
|
|
33
|
-
disposition TEXT NOT NULL,
|
|
34
|
-
actor TEXT,
|
|
35
|
-
message TEXT,
|
|
36
|
-
remediation_summary TEXT,
|
|
37
|
-
created_at TEXT NOT NULL
|
|
38
|
-
)
|
|
39
|
-
`);
|
|
40
|
-
db.exec(`
|
|
41
|
-
CREATE INDEX IF NOT EXISTS idx_security_events_repo_created
|
|
42
|
-
ON security_events(repository_path, created_at)
|
|
43
|
-
`);
|
|
44
|
-
db.exec(`
|
|
45
|
-
CREATE INDEX IF NOT EXISTS idx_security_events_feature
|
|
46
|
-
ON security_events(feature_id)
|
|
47
|
-
`);
|
|
48
|
-
}
|
|
49
|
-
export async function down({ context: db }) {
|
|
50
|
-
// Additive-only migration — table is new and ignored by older code.
|
|
51
|
-
// No-op per LESSONS.md backward compatibility rules.
|
|
52
|
-
void db;
|
|
53
|
-
}
|
package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.d.ts
DELETED
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* SQLite Security Event Repository Implementation
|
|
3
|
-
*
|
|
4
|
-
* Implements ISecurityEventRepository using SQLite database.
|
|
5
|
-
* Uses prepared statements to prevent SQL injection.
|
|
6
|
-
* Supports 90-day retention cleanup.
|
|
7
|
-
*/
|
|
8
|
-
import type Database from 'better-sqlite3';
|
|
9
|
-
import type { ISecurityEventRepository, SecurityEventQueryOptions } from '../../application/ports/output/repositories/security-event.repository.interface.js';
|
|
10
|
-
import type { SecurityEvent } from '../../domain/generated/output.js';
|
|
11
|
-
/**
|
|
12
|
-
* SQLite implementation of ISecurityEventRepository.
|
|
13
|
-
* Manages SecurityEvent persistence with repository-scoped queries.
|
|
14
|
-
*/
|
|
15
|
-
export declare class SQLiteSecurityEventRepository implements ISecurityEventRepository {
|
|
16
|
-
private readonly db;
|
|
17
|
-
constructor(db: Database.Database);
|
|
18
|
-
save(event: SecurityEvent): Promise<void>;
|
|
19
|
-
findByRepository(repositoryPath: string, options?: SecurityEventQueryOptions): Promise<SecurityEvent[]>;
|
|
20
|
-
findByFeature(featureId: string, options?: SecurityEventQueryOptions): Promise<SecurityEvent[]>;
|
|
21
|
-
deleteOlderThan(date: Date): Promise<number>;
|
|
22
|
-
count(repositoryPath: string): Promise<number>;
|
|
23
|
-
}
|
|
24
|
-
//# sourceMappingURL=sqlite-security-event.repository.d.ts.map
|
package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.d.ts.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"sqlite-security-event.repository.d.ts","sourceRoot":"","sources":["../../../../../../packages/core/src/infrastructure/repositories/sqlite-security-event.repository.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,QAAQ,MAAM,gBAAgB,CAAC;AAE3C,OAAO,KAAK,EACV,wBAAwB,EACxB,yBAAyB,EAC1B,MAAM,oFAAoF,CAAC;AAC5F,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,kCAAkC,CAAC;AAOtE;;;GAGG;AACH,qBACa,6BAA8B,YAAW,wBAAwB;IAChE,OAAO,CAAC,QAAQ,CAAC,EAAE;gBAAF,EAAE,EAAE,QAAQ,CAAC,QAAQ;IAE5C,IAAI,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBzC,gBAAgB,CACpB,cAAc,EAAE,MAAM,EACtB,OAAO,CAAC,EAAE,yBAAyB,GAClC,OAAO,CAAC,aAAa,EAAE,CAAC;IA2BrB,aAAa,CACjB,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,yBAAyB,GAClC,OAAO,CAAC,aAAa,EAAE,CAAC;IA2BrB,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC;IAM5C,KAAK,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAOrD"}
|
package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.js
DELETED
|
@@ -1,96 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* SQLite Security Event Repository Implementation
|
|
3
|
-
*
|
|
4
|
-
* Implements ISecurityEventRepository using SQLite database.
|
|
5
|
-
* Uses prepared statements to prevent SQL injection.
|
|
6
|
-
* Supports 90-day retention cleanup.
|
|
7
|
-
*/
|
|
8
|
-
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
9
|
-
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
10
|
-
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
11
|
-
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
12
|
-
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
13
|
-
};
|
|
14
|
-
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
15
|
-
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
16
|
-
};
|
|
17
|
-
import { injectable } from 'tsyringe';
|
|
18
|
-
import { toDatabase, fromDatabase, } from '../persistence/sqlite/mappers/security-event.mapper.js';
|
|
19
|
-
/**
|
|
20
|
-
* SQLite implementation of ISecurityEventRepository.
|
|
21
|
-
* Manages SecurityEvent persistence with repository-scoped queries.
|
|
22
|
-
*/
|
|
23
|
-
let SQLiteSecurityEventRepository = class SQLiteSecurityEventRepository {
|
|
24
|
-
db;
|
|
25
|
-
constructor(db) {
|
|
26
|
-
this.db = db;
|
|
27
|
-
}
|
|
28
|
-
async save(event) {
|
|
29
|
-
const row = toDatabase(event);
|
|
30
|
-
const stmt = this.db.prepare(`
|
|
31
|
-
INSERT INTO security_events (
|
|
32
|
-
id, repository_path, feature_id, severity, category,
|
|
33
|
-
disposition, actor, message, remediation_summary, created_at
|
|
34
|
-
) VALUES (
|
|
35
|
-
@id, @repository_path, @feature_id, @severity, @category,
|
|
36
|
-
@disposition, @actor, @message, @remediation_summary, @created_at
|
|
37
|
-
)
|
|
38
|
-
`);
|
|
39
|
-
stmt.run(row);
|
|
40
|
-
}
|
|
41
|
-
async findByRepository(repositoryPath, options) {
|
|
42
|
-
let sql = 'SELECT * FROM security_events WHERE repository_path = ?';
|
|
43
|
-
const params = [repositoryPath];
|
|
44
|
-
if (options?.severity) {
|
|
45
|
-
sql += ' AND severity = ?';
|
|
46
|
-
params.push(options.severity);
|
|
47
|
-
}
|
|
48
|
-
sql += ' ORDER BY created_at DESC';
|
|
49
|
-
if (options?.limit) {
|
|
50
|
-
sql += ' LIMIT ?';
|
|
51
|
-
params.push(options.limit);
|
|
52
|
-
}
|
|
53
|
-
if (options?.offset) {
|
|
54
|
-
sql += ' OFFSET ?';
|
|
55
|
-
params.push(options.offset);
|
|
56
|
-
}
|
|
57
|
-
const stmt = this.db.prepare(sql);
|
|
58
|
-
const rows = stmt.all(...params);
|
|
59
|
-
return rows.map(fromDatabase);
|
|
60
|
-
}
|
|
61
|
-
async findByFeature(featureId, options) {
|
|
62
|
-
let sql = 'SELECT * FROM security_events WHERE feature_id = ?';
|
|
63
|
-
const params = [featureId];
|
|
64
|
-
if (options?.severity) {
|
|
65
|
-
sql += ' AND severity = ?';
|
|
66
|
-
params.push(options.severity);
|
|
67
|
-
}
|
|
68
|
-
sql += ' ORDER BY created_at DESC';
|
|
69
|
-
if (options?.limit) {
|
|
70
|
-
sql += ' LIMIT ?';
|
|
71
|
-
params.push(options.limit);
|
|
72
|
-
}
|
|
73
|
-
if (options?.offset) {
|
|
74
|
-
sql += ' OFFSET ?';
|
|
75
|
-
params.push(options.offset);
|
|
76
|
-
}
|
|
77
|
-
const stmt = this.db.prepare(sql);
|
|
78
|
-
const rows = stmt.all(...params);
|
|
79
|
-
return rows.map(fromDatabase);
|
|
80
|
-
}
|
|
81
|
-
async deleteOlderThan(date) {
|
|
82
|
-
const stmt = this.db.prepare('DELETE FROM security_events WHERE created_at < ?');
|
|
83
|
-
const result = stmt.run(date.toISOString());
|
|
84
|
-
return result.changes;
|
|
85
|
-
}
|
|
86
|
-
async count(repositoryPath) {
|
|
87
|
-
const stmt = this.db.prepare('SELECT COUNT(*) as cnt FROM security_events WHERE repository_path = ?');
|
|
88
|
-
const row = stmt.get(repositoryPath);
|
|
89
|
-
return row.cnt;
|
|
90
|
-
}
|
|
91
|
-
};
|
|
92
|
-
SQLiteSecurityEventRepository = __decorate([
|
|
93
|
-
injectable(),
|
|
94
|
-
__metadata("design:paramtypes", [Object])
|
|
95
|
-
], SQLiteSecurityEventRepository);
|
|
96
|
-
export { SQLiteSecurityEventRepository };
|
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Security Constraint Validator
|
|
3
|
-
*
|
|
4
|
-
* Pure function that validates security constraints against executor capabilities.
|
|
5
|
-
* Reusable across all executor types. Throws SecurityViolationError in Enforce mode
|
|
6
|
-
* when constraints are incompatible. Logs warnings in Advisory mode.
|
|
7
|
-
*/
|
|
8
|
-
import type { SecurityConstraints } from '../../../../../application/ports/output/agents/agent-executor.interface.js';
|
|
9
|
-
export interface ExecutorCapabilities {
|
|
10
|
-
/** Whether this executor requires --dangerously-skip-permissions or equivalent */
|
|
11
|
-
requiresPermissiveMode: boolean;
|
|
12
|
-
/** Human-readable executor name for error messages */
|
|
13
|
-
executorName: string;
|
|
14
|
-
}
|
|
15
|
-
/**
|
|
16
|
-
* Validate security constraints against executor capabilities.
|
|
17
|
-
*
|
|
18
|
-
* @returns A warning message if Advisory mode detects an issue, or undefined if clean.
|
|
19
|
-
* @throws SecurityViolationError in Enforce mode when constraints are incompatible.
|
|
20
|
-
*/
|
|
21
|
-
export declare function validateSecurityConstraints(constraints: SecurityConstraints | undefined, capabilities: ExecutorCapabilities): string | undefined;
|
|
22
|
-
//# sourceMappingURL=security-constraint-validator.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"security-constraint-validator.d.ts","sourceRoot":"","sources":["../../../../../../../../../packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,4EAA4E,CAAC;AAGtH,MAAM,WAAW,oBAAoB;IACnC,kFAAkF;IAClF,sBAAsB,EAAE,OAAO,CAAC;IAChC,sDAAsD;IACtD,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CACzC,WAAW,EAAE,mBAAmB,GAAG,SAAS,EAC5C,YAAY,EAAE,oBAAoB,GACjC,MAAM,GAAG,SAAS,CAiBpB"}
|
|
@@ -1,30 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Security Constraint Validator
|
|
3
|
-
*
|
|
4
|
-
* Pure function that validates security constraints against executor capabilities.
|
|
5
|
-
* Reusable across all executor types. Throws SecurityViolationError in Enforce mode
|
|
6
|
-
* when constraints are incompatible. Logs warnings in Advisory mode.
|
|
7
|
-
*/
|
|
8
|
-
import { SecurityMode, SecurityActionCategory } from '../../../../../domain/generated/output.js';
|
|
9
|
-
import { SecurityViolationError } from '../../../../../domain/errors/security-violation.error.js';
|
|
10
|
-
/**
|
|
11
|
-
* Validate security constraints against executor capabilities.
|
|
12
|
-
*
|
|
13
|
-
* @returns A warning message if Advisory mode detects an issue, or undefined if clean.
|
|
14
|
-
* @throws SecurityViolationError in Enforce mode when constraints are incompatible.
|
|
15
|
-
*/
|
|
16
|
-
export function validateSecurityConstraints(constraints, capabilities) {
|
|
17
|
-
if (!constraints)
|
|
18
|
-
return undefined;
|
|
19
|
-
if (constraints.mode === SecurityMode.Disabled)
|
|
20
|
-
return undefined;
|
|
21
|
-
if (constraints.sandboxLevel === 'strict' && capabilities.requiresPermissiveMode) {
|
|
22
|
-
const rule = `Executor "${capabilities.executorName}" requires permissive mode but policy demands strict sandbox`;
|
|
23
|
-
const remediation = 'Either switch to an executor that supports strict sandboxing, or relax the sandbox policy to permissive.';
|
|
24
|
-
if (constraints.mode === SecurityMode.Enforce) {
|
|
25
|
-
throw new SecurityViolationError(rule, SecurityActionCategory.SandboxEscalation, remediation);
|
|
26
|
-
}
|
|
27
|
-
return `[security:advisory] ${rule}. ${remediation}`;
|
|
28
|
-
}
|
|
29
|
-
return undefined;
|
|
30
|
-
}
|
|
@@ -1,45 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Security Pre-Check for Feature Agent Nodes
|
|
3
|
-
*
|
|
4
|
-
* Classifies node actions by SecurityActionCategory and evaluates
|
|
5
|
-
* the effective disposition based on the security policy mode and
|
|
6
|
-
* per-category overrides from FeatureAgentState.
|
|
7
|
-
*
|
|
8
|
-
* Used by executeNode() to enforce or warn about security policy
|
|
9
|
-
* before executing agent prompts.
|
|
10
|
-
*/
|
|
11
|
-
import { SecurityActionCategory, SecurityActionDisposition, SecurityMode } from '../../../../../domain/generated/output.js';
|
|
12
|
-
/**
|
|
13
|
-
* Classify a node name into its SecurityActionCategory.
|
|
14
|
-
* Returns null for read-only nodes (requirements, research, plan, analyze)
|
|
15
|
-
* that have no security-sensitive actions.
|
|
16
|
-
*/
|
|
17
|
-
export declare function classifyNodeAction(nodeName: string): SecurityActionCategory | null;
|
|
18
|
-
/** Result of a security disposition check. */
|
|
19
|
-
export type SecurityCheckResult = {
|
|
20
|
-
action: 'skip';
|
|
21
|
-
} | {
|
|
22
|
-
action: 'allow';
|
|
23
|
-
} | {
|
|
24
|
-
action: 'warn';
|
|
25
|
-
category: SecurityActionCategory;
|
|
26
|
-
nodeName: string;
|
|
27
|
-
} | {
|
|
28
|
-
action: 'deny';
|
|
29
|
-
category: SecurityActionCategory;
|
|
30
|
-
nodeName: string;
|
|
31
|
-
} | {
|
|
32
|
-
action: 'approval_required';
|
|
33
|
-
category: SecurityActionCategory;
|
|
34
|
-
nodeName: string;
|
|
35
|
-
};
|
|
36
|
-
/**
|
|
37
|
-
* Check the security disposition for a node based on the effective policy.
|
|
38
|
-
*
|
|
39
|
-
* @param nodeName - The graph node name (e.g. 'implement', 'merge')
|
|
40
|
-
* @param securityMode - Effective security mode from state
|
|
41
|
-
* @param actionDispositions - Per-category disposition overrides from state
|
|
42
|
-
* @returns The action to take: skip, allow, warn, deny, or approval_required
|
|
43
|
-
*/
|
|
44
|
-
export declare function checkSecurityDisposition(nodeName: string, securityMode: SecurityMode, actionDispositions: Partial<Record<SecurityActionCategory, SecurityActionDisposition>>): SecurityCheckResult;
|
|
45
|
-
//# sourceMappingURL=security-pre-check.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"security-pre-check.d.ts","sourceRoot":"","sources":["../../../../../../../../../packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,sBAAsB,EACtB,yBAAyB,EACzB,YAAY,EACb,MAAM,8BAA8B,CAAC;AAWtC;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,sBAAsB,GAAG,IAAI,CAElF;AAED,8CAA8C;AAC9C,MAAM,MAAM,mBAAmB,GAC3B;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,GAClB;IAAE,MAAM,EAAE,OAAO,CAAA;CAAE,GACnB;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,sBAAsB,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GACtE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,sBAAsB,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GACtE;IAAE,MAAM,EAAE,mBAAmB,CAAC;IAAC,QAAQ,EAAE,sBAAsB,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC;AAExF;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,YAAY,EAC1B,kBAAkB,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB,EAAE,yBAAyB,CAAC,CAAC,GACrF,mBAAmB,CAyCrB"}
|
|
@@ -1,70 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Security Pre-Check for Feature Agent Nodes
|
|
3
|
-
*
|
|
4
|
-
* Classifies node actions by SecurityActionCategory and evaluates
|
|
5
|
-
* the effective disposition based on the security policy mode and
|
|
6
|
-
* per-category overrides from FeatureAgentState.
|
|
7
|
-
*
|
|
8
|
-
* Used by executeNode() to enforce or warn about security policy
|
|
9
|
-
* before executing agent prompts.
|
|
10
|
-
*/
|
|
11
|
-
import { SecurityActionCategory, SecurityActionDisposition, SecurityMode, } from '../../../../../domain/generated/output.js';
|
|
12
|
-
/** Map node names to the security action category they represent. */
|
|
13
|
-
const NODE_ACTION_MAP = {
|
|
14
|
-
implement: SecurityActionCategory.PackageScriptExec,
|
|
15
|
-
'fast-implement': SecurityActionCategory.PackageScriptExec,
|
|
16
|
-
evidence: SecurityActionCategory.PackageScriptExec,
|
|
17
|
-
merge: SecurityActionCategory.CiWorkflowModify,
|
|
18
|
-
'ci-fix': SecurityActionCategory.CiWorkflowModify,
|
|
19
|
-
};
|
|
20
|
-
/**
|
|
21
|
-
* Classify a node name into its SecurityActionCategory.
|
|
22
|
-
* Returns null for read-only nodes (requirements, research, plan, analyze)
|
|
23
|
-
* that have no security-sensitive actions.
|
|
24
|
-
*/
|
|
25
|
-
export function classifyNodeAction(nodeName) {
|
|
26
|
-
return NODE_ACTION_MAP[nodeName] ?? null;
|
|
27
|
-
}
|
|
28
|
-
/**
|
|
29
|
-
* Check the security disposition for a node based on the effective policy.
|
|
30
|
-
*
|
|
31
|
-
* @param nodeName - The graph node name (e.g. 'implement', 'merge')
|
|
32
|
-
* @param securityMode - Effective security mode from state
|
|
33
|
-
* @param actionDispositions - Per-category disposition overrides from state
|
|
34
|
-
* @returns The action to take: skip, allow, warn, deny, or approval_required
|
|
35
|
-
*/
|
|
36
|
-
export function checkSecurityDisposition(nodeName, securityMode, actionDispositions) {
|
|
37
|
-
// Disabled mode — no checks
|
|
38
|
-
if (securityMode === SecurityMode.Disabled) {
|
|
39
|
-
return { action: 'skip' };
|
|
40
|
-
}
|
|
41
|
-
// Read-only nodes have no security-sensitive actions
|
|
42
|
-
const category = classifyNodeAction(nodeName);
|
|
43
|
-
if (!category) {
|
|
44
|
-
return { action: 'skip' };
|
|
45
|
-
}
|
|
46
|
-
// Look up the disposition for this category
|
|
47
|
-
const disposition = actionDispositions[category];
|
|
48
|
-
// No disposition configured — default to allow
|
|
49
|
-
if (!disposition) {
|
|
50
|
-
return { action: 'allow' };
|
|
51
|
-
}
|
|
52
|
-
if (disposition === SecurityActionDisposition.Allowed) {
|
|
53
|
-
return { action: 'allow' };
|
|
54
|
-
}
|
|
55
|
-
if (disposition === SecurityActionDisposition.Denied) {
|
|
56
|
-
// In Enforce mode, deny the action; in Advisory mode, just warn
|
|
57
|
-
if (securityMode === SecurityMode.Enforce) {
|
|
58
|
-
return { action: 'deny', category, nodeName };
|
|
59
|
-
}
|
|
60
|
-
return { action: 'warn', category, nodeName };
|
|
61
|
-
}
|
|
62
|
-
if (disposition === SecurityActionDisposition.ApprovalRequired) {
|
|
63
|
-
// In Enforce mode, require approval; in Advisory mode, just warn
|
|
64
|
-
if (securityMode === SecurityMode.Enforce) {
|
|
65
|
-
return { action: 'approval_required', category, nodeName };
|
|
66
|
-
}
|
|
67
|
-
return { action: 'warn', category, nodeName };
|
|
68
|
-
}
|
|
69
|
-
return { action: 'allow' };
|
|
70
|
-
}
|
package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.d.ts
DELETED
|
@@ -1,53 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Dependency Risk Evaluator
|
|
3
|
-
*
|
|
4
|
-
* Evaluates repository-local dependency risk signals without
|
|
5
|
-
* external services. Checks:
|
|
6
|
-
* - Manifest-lockfile consistency (package.json vs lockfile)
|
|
7
|
-
* - Dependency source types (registry vs git vs file)
|
|
8
|
-
* - Risky lifecycle scripts (preinstall, postinstall, prepare)
|
|
9
|
-
* - Allowlist/denylist enforcement
|
|
10
|
-
* - Version-range strictness
|
|
11
|
-
*
|
|
12
|
-
* Returns an array of DependencyFinding objects with severity and remediation.
|
|
13
|
-
*/
|
|
14
|
-
import type { DependencyFinding, DependencyRules } from '../../../domain/generated/output.js';
|
|
15
|
-
export declare class DependencyRiskEvaluator {
|
|
16
|
-
/**
|
|
17
|
-
* Evaluate dependency risk for a repository.
|
|
18
|
-
*
|
|
19
|
-
* @param repositoryPath - Absolute path to the repository root
|
|
20
|
-
* @param rules - Dependency risk policy rules
|
|
21
|
-
* @returns Array of dependency findings
|
|
22
|
-
*/
|
|
23
|
-
evaluate(repositoryPath: string, rules: DependencyRules): DependencyFinding[];
|
|
24
|
-
/**
|
|
25
|
-
* Collect all dependencies from package.json (dependencies + devDependencies).
|
|
26
|
-
*/
|
|
27
|
-
private collectDependencies;
|
|
28
|
-
/**
|
|
29
|
-
* Check that a lockfile exists when there are dependencies.
|
|
30
|
-
*/
|
|
31
|
-
private checkLockfileConsistency;
|
|
32
|
-
/**
|
|
33
|
-
* Check for dependencies installed from non-registry sources.
|
|
34
|
-
*/
|
|
35
|
-
private checkNonRegistrySources;
|
|
36
|
-
/**
|
|
37
|
-
* Check installed packages for risky lifecycle scripts.
|
|
38
|
-
*/
|
|
39
|
-
private checkLifecycleScripts;
|
|
40
|
-
/**
|
|
41
|
-
* Check dependencies against the denylist.
|
|
42
|
-
*/
|
|
43
|
-
private checkDenylist;
|
|
44
|
-
/**
|
|
45
|
-
* Check dependencies against the allowlist (non-empty allowlist = only listed packages allowed).
|
|
46
|
-
*/
|
|
47
|
-
private checkAllowlist;
|
|
48
|
-
/**
|
|
49
|
-
* Check version ranges for strictness (no ^, ~, *, >= patterns).
|
|
50
|
-
*/
|
|
51
|
-
private checkVersionRangeStrictness;
|
|
52
|
-
}
|
|
53
|
-
//# sourceMappingURL=dependency-risk-evaluator.d.ts.map
|
package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.d.ts.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"dependency-risk-evaluator.d.ts","sourceRoot":"","sources":["../../../../../../../packages/core/src/infrastructure/services/security/dependency-risk-evaluator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,KAAK,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,qCAAqC,CAAC;AAsB9F,qBAAa,uBAAuB;IAClC;;;;;;OAMG;IACH,QAAQ,CAAC,cAAc,EAAE,MAAM,EAAE,KAAK,EAAE,eAAe,GAAG,iBAAiB,EAAE;IAmD7E;;OAEG;IACH,OAAO,CAAC,mBAAmB;IAgB3B;;OAEG;IACH,OAAO,CAAC,wBAAwB;IA0BhC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAqB/B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IA8C7B;;OAEG;IACH,OAAO,CAAC,aAAa;IAoBrB;;OAEG;IACH,OAAO,CAAC,cAAc;IAoBtB;;OAEG;IACH,OAAO,CAAC,2BAA2B;CAwBpC"}
|