npm - @shepai/cli - Versions diffs - 1.174.0 → 1.175.0-pr527.9ada632 - Mend

@shepai/cli 1.174.0 → 1.175.0-pr527.9ada632

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (502) hide show

package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.js ADDED Viewed

@@ -0,0 +1,60 @@
+'use client';
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import { useState, useTransition, useRef, useEffect } from 'react';
+import { Shield, Check, AlertTriangle, ShieldAlert, ShieldOff } from 'lucide-react';
+import { toast } from 'sonner';
+import { useTranslation } from 'react-i18next';
+import { cn } from '../../../lib/utils.js';
+import { Badge } from '../../ui/badge.js';
+import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue, } from '../../ui/select.js';
+import { updateSecurityModeAction } from '../../../app/actions/security.js';
+import { SecurityMode } from '../../../../../../packages/core/src/domain/generated/output.js';
+const MODE_OPTIONS = [
+    { value: SecurityMode.Disabled, icon: ShieldOff },
+    { value: SecurityMode.Advisory, icon: Shield },
+    { value: SecurityMode.Enforce, icon: ShieldAlert },
+];
+const SEVERITY_COLORS = {
+    Low: 'bg-blue-100 text-blue-700 dark:bg-blue-900/40 dark:text-blue-300',
+    Medium: 'bg-yellow-100 text-yellow-700 dark:bg-yellow-900/40 dark:text-yellow-300',
+    High: 'bg-orange-100 text-orange-700 dark:bg-orange-900/40 dark:text-orange-300',
+    Critical: 'bg-red-100 text-red-700 dark:bg-red-900/40 dark:text-red-300',
+};
+export function SupplyChainSecuritySettingsSection({ securityState, }) {
+    const { t } = useTranslation('web');
+    const [mode, setMode] = useState(securityState.mode);
+    const [isPending, startTransition] = useTransition();
+    const [showSaved, setShowSaved] = useState(false);
+    const prevPendingRef = useRef(false);
+    useEffect(() => {
+        if (prevPendingRef.current && !isPending) {
+            setShowSaved(true);
+            const timer = setTimeout(() => setShowSaved(false), 2000);
+            return () => clearTimeout(timer);
+        }
+        prevPendingRef.current = isPending;
+    }, [isPending]);
+    function handleModeChange(value) {
+        const newMode = value;
+        setMode(newMode);
+        startTransition(async () => {
+            const result = await updateSecurityModeAction(newMode);
+            if (!result.success) {
+                toast.error(result.error ?? t('settings.failedToSave'));
+                setMode(securityState.mode);
+            }
+        });
+    }
+    const lastEvalDisplay = securityState.lastEvaluationAt
+        ? new Date(securityState.lastEvaluationAt).toLocaleString()
+        : t('settings.security.lastEvaluationNever');
+    const policySourceDisplay = securityState.policySource ?? t('settings.security.policySourceNone');
+    return (_jsxs("div", { className: "bg-background rounded-lg border", "data-testid": "security-settings-section", children: [_jsxs("div", { className: "bg-muted/30 border-b px-4 py-3", children: [_jsxs("div", { className: "flex items-center gap-2", children: [_jsx(Shield, { className: "text-muted-foreground h-3.5 w-3.5" }), _jsx("h2", { className: "text-sm font-semibold", children: t('settings.security.sectionTitle') }), isPending ? (_jsx("span", { className: "text-muted-foreground text-xs", children: t('settings.saving') })) : null, showSaved && !isPending ? (_jsxs("span", { className: "flex items-center gap-1 text-xs text-green-600", children: [_jsx(Check, { className: "h-3 w-3" }), t('settings.saved')] })) : null] }), _jsx("p", { className: "text-muted-foreground mt-0.5 text-[11px]", children: t('settings.security.sectionDescription') })] }), _jsxs("div", { className: "px-4", children: [_jsxs("div", { className: "flex items-center justify-between gap-4 border-b py-2.5", children: [_jsxs("div", { className: "min-w-0", children: [_jsx("label", { htmlFor: "security-mode", className: "cursor-pointer text-sm font-normal whitespace-nowrap", children: t('settings.security.mode') }), _jsx("p", { className: "text-muted-foreground text-[11px] leading-tight", children: t('settings.security.modeDescription') })] }), _jsx("div", { className: "flex shrink-0 items-center gap-2", children: _jsxs(Select, { value: mode, onValueChange: handleModeChange, children: [_jsx(SelectTrigger, { id: "security-mode", "data-testid": "security-mode-select", className: "w-40 cursor-pointer text-xs", children: _jsx(SelectValue, {}) }), _jsx(SelectContent, { children: MODE_OPTIONS.map((opt) => {
+                                                const Icon = opt.icon;
+                                                return (_jsx(SelectItem, { value: opt.value, children: _jsxs("span", { className: "flex items-center gap-2 text-xs", children: [_jsx(Icon, { className: "h-3.5 w-3.5 shrink-0" }), t(`settings.security.mode${opt.value}`)] }) }, opt.value));
+                                            }) })] }) })] }), _jsxs("div", { className: "flex items-center justify-between gap-4 border-b py-2.5", children: [_jsx("div", { className: "min-w-0", children: _jsx("span", { className: "text-sm font-normal whitespace-nowrap", children: t('settings.security.policySource') }) }), _jsx("span", { className: "text-muted-foreground max-w-50 truncate font-mono text-xs", children: policySourceDisplay })] }), _jsxs("div", { className: "flex items-center justify-between gap-4 border-b py-2.5", children: [_jsx("div", { className: "min-w-0", children: _jsx("span", { className: "text-sm font-normal whitespace-nowrap", children: t('settings.security.lastEvaluation') }) }), _jsx("span", { className: "text-muted-foreground text-xs", children: lastEvalDisplay })] }), _jsxs("div", { className: "py-2.5 last:border-b-0", children: [_jsx("div", { className: "mb-2", children: _jsx("span", { className: "text-sm font-normal", children: t('settings.security.recentFindings') }) }), securityState.recentEvents.length === 0 ? (_jsx("p", { className: "text-muted-foreground text-xs", children: t('settings.security.noFindings') })) : (_jsx("div", { className: "flex flex-col gap-1.5", children: securityState.recentEvents.slice(0, 5).map((event) => (_jsxs("div", { className: "flex items-start gap-2 rounded-md border px-2.5 py-1.5", children: [_jsx(AlertTriangle, { className: cn('mt-0.5 h-3 w-3 shrink-0', event.severity === 'Critical' || event.severity === 'High'
+                                                ? 'text-red-500'
+                                                : event.severity === 'Medium'
+                                                    ? 'text-yellow-500'
+                                                    : 'text-blue-500') }), _jsxs("div", { className: "min-w-0 flex-1", children: [_jsxs("div", { className: "flex items-center gap-1.5", children: [_jsx(Badge, { variant: "secondary", className: cn('px-1 py-0 text-[9px]', SEVERITY_COLORS[event.severity]), children: t(`settings.security.severity.${event.severity}`) }), _jsx("span", { className: "text-muted-foreground text-[10px]", children: event.category })] }), _jsx("p", { className: "mt-0.5 truncate text-[11px]", children: event.message })] })] }, event.id))) }))] })] })] }));
+}

package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import type { Meta, StoryObj } from '@storybook/react';
+import { SupplyChainSecuritySettingsSection } from './supply-chain-security-settings-section.js';
+declare const meta: Meta<typeof SupplyChainSecuritySettingsSection>;
+export default meta;
+type Story = StoryObj<typeof SupplyChainSecuritySettingsSection>;
+/** Advisory mode with no findings — default posture for new repositories. */
+export declare const AdvisoryNoFindings: Story;
+/** Disabled mode — security enforcement is turned off. */
+export declare const Disabled: Story;
+/** Enforce mode with a critical finding. */
+export declare const EnforceWithCriticalFinding: Story;
+/** Advisory mode with multiple findings of varying severity. */
+export declare const AdvisoryWithMultipleFindings: Story;
+//# sourceMappingURL=supply-chain-security-settings-section.stories.d.ts.map

package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"supply-chain-security-settings-section.stories.d.ts","sourceRoot":"","sources":["../../../../../../../src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAOvD,OAAO,EAAE,kCAAkC,EAAE,MAAM,0CAA0C,CAAC;AAG9F,QAAA,MAAM,IAAI,EAAE,IAAI,CAAC,OAAO,kCAAkC,CAIzD,CAAC;AAEF,eAAe,IAAI,CAAC;AACpB,KAAK,KAAK,GAAG,QAAQ,CAAC,OAAO,kCAAkC,CAAC,CAAC;AAUjE,6EAA6E;AAC7E,eAAO,MAAM,kBAAkB,EAAE,KAIhC,CAAC;AAEF,0DAA0D;AAC1D,eAAO,MAAM,QAAQ,EAAE,KAOtB,CAAC;AAEF,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B,EAAE,KAgCxC,CAAC;AAEF,gEAAgE;AAChE,eAAO,MAAM,4BAA4B,EAAE,KAkD1C,CAAC"}

package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.js ADDED Viewed

@@ -0,0 +1,116 @@
+import { SecurityMode, SecuritySeverity, SecurityActionCategory, SecurityActionDisposition, } from '../../../../../../packages/core/src/domain/generated/output.js';
+import { SupplyChainSecuritySettingsSection } from './supply-chain-security-settings-section.js';
+const meta = {
+    title: 'Settings/SupplyChainSecuritySettingsSection',
+    component: SupplyChainSecuritySettingsSection,
+    tags: ['autodocs'],
+};
+export default meta;
+const baseState = {
+    mode: SecurityMode.Advisory,
+    lastEvaluationAt: null,
+    policySource: null,
+    recentEvents: [],
+    highestSeverityFinding: null,
+};
+/** Advisory mode with no findings — default posture for new repositories. */
+export const AdvisoryNoFindings = {
+    args: {
+        securityState: baseState,
+    },
+};
+/** Disabled mode — security enforcement is turned off. */
+export const Disabled = {
+    args: {
+        securityState: {
+            ...baseState,
+            mode: SecurityMode.Disabled,
+        },
+    },
+};
+/** Enforce mode with a critical finding. */
+export const EnforceWithCriticalFinding = {
+    args: {
+        securityState: {
+            mode: SecurityMode.Enforce,
+            lastEvaluationAt: new Date().toISOString(),
+            policySource: 'shep.security.yaml',
+            recentEvents: [
+                {
+                    id: 'evt-1',
+                    repositoryPath: '/path/to/repo',
+                    severity: SecuritySeverity.Critical,
+                    category: SecurityActionCategory.PublishRelease,
+                    disposition: SecurityActionDisposition.Denied,
+                    message: 'Missing npm provenance configuration in release workflow',
+                    remediationSummary: 'Add --provenance flag to npm publish step',
+                    createdAt: new Date().toISOString(),
+                    updatedAt: new Date().toISOString(),
+                },
+            ],
+            highestSeverityFinding: {
+                id: 'evt-1',
+                repositoryPath: '/path/to/repo',
+                severity: SecuritySeverity.Critical,
+                category: SecurityActionCategory.PublishRelease,
+                disposition: SecurityActionDisposition.Denied,
+                message: 'Missing npm provenance configuration in release workflow',
+                remediationSummary: 'Add --provenance flag to npm publish step',
+                createdAt: new Date().toISOString(),
+                updatedAt: new Date().toISOString(),
+            },
+        },
+    },
+};
+/** Advisory mode with multiple findings of varying severity. */
+export const AdvisoryWithMultipleFindings = {
+    args: {
+        securityState: {
+            mode: SecurityMode.Advisory,
+            lastEvaluationAt: new Date(Date.now() - 3600000).toISOString(),
+            policySource: 'shep.security.yaml',
+            recentEvents: [
+                {
+                    id: 'evt-1',
+                    repositoryPath: '/path/to/repo',
+                    severity: SecuritySeverity.High,
+                    category: SecurityActionCategory.DependencyInstall,
+                    disposition: SecurityActionDisposition.Denied,
+                    message: 'Package has postinstall lifecycle script: malicious-pkg@1.0.0',
+                    createdAt: new Date().toISOString(),
+                    updatedAt: new Date().toISOString(),
+                },
+                {
+                    id: 'evt-2',
+                    repositoryPath: '/path/to/repo',
+                    severity: SecuritySeverity.Medium,
+                    category: SecurityActionCategory.CiWorkflowModify,
+                    disposition: SecurityActionDisposition.Allowed,
+                    message: '[Governance Audit] Branch protection not enabled on main',
+                    createdAt: new Date().toISOString(),
+                    updatedAt: new Date().toISOString(),
+                },
+                {
+                    id: 'evt-3',
+                    repositoryPath: '/path/to/repo',
+                    severity: SecuritySeverity.Low,
+                    category: SecurityActionCategory.DependencyInstall,
+                    disposition: SecurityActionDisposition.Allowed,
+                    message: 'Dependency uses git source instead of registry: lodash@git+https://...',
+                    createdAt: new Date().toISOString(),
+                    updatedAt: new Date().toISOString(),
+                },
+            ],
+            highestSeverityFinding: {
+                id: 'evt-1',
+                repositoryPath: '/path/to/repo',
+                severity: SecuritySeverity.High,
+                category: SecurityActionCategory.DependencyInstall,
+                disposition: SecurityActionDisposition.Denied,
+                message: 'Package has postinstall lifecycle script: malicious-pkg@1.0.0',
+                createdAt: new Date().toISOString(),
+                updatedAt: new Date().toISOString(),
+            },
+        },
+    },
+};

package/dist/src/presentation/web/lib/feature-flags.js CHANGED Viewed

@@ -36,7 +36,7 @@ export function getFeatureFlags() {
             ? isEnabled(process.env.NEXT_PUBLIC_FLAG_ENV_DEPLOY)
             : true,
         debug: false,
-        githubImport: false,
+        githubImport: true,
         adoptBranch: false,
         gitRebaseSync: false,
         reactFileManager: isEnabled(process.env.NEXT_PUBLIC_FLAG_REACT_FILE_MANAGER),

package/dist/translations/ar/cli.json CHANGED Viewed

@@ -187,6 +187,26 @@
         "failedToList": "خطأ في عرض الأدوات: {{error}}"
       }
     },
+    "security": {
+      "description": "Supply-chain security policy management",
+      "enforce": {
+        "description": "Evaluate repository security posture and enforce policy",
+        "repoOption": "Repository path (defaults to current directory)",
+        "outputOption": "Output format (table, json, yaml)",
+        "passed": "Security enforcement passed",
+        "failed": "Security enforcement failed",
+        "advisoryNote": "Mode is Advisory — findings are reported but do not block",
+        "disabledNote": "Security mode is Disabled — no checks performed",
+        "modeLabel": "Mode",
+        "sourceLabel": "Source",
+        "dependencyFindingsLabel": "Dependency Findings",
+        "releaseIntegrityLabel": "Release Integrity",
+        "totalFindingsLabel": "Total Findings",
+        "governanceFindingsLabel": "GitHub Governance (audit-only)",
+        "noFindings": "No findings",
+        "failedToEnforce": "Failed to evaluate security posture"
+      }
+    },
     "feat": {
       "description": "إدارة الميزات عبر دورة حياة تطوير البرمجيات",
       "new": {
@@ -209,6 +229,9 @@
         "injectSkillsOption": "Inject curated skills into the worktree",
         "noInjectSkillsOption": "Skip skill injection for this invocation",
         "attachOption": "إرفاق ملف (قابل للتكرار)",
+        "remoteOption": "GitHub URL or owner/repo — clone (or fork) then create feature",
+        "remoteConflict": "Cannot use --remote with --repo. --remote clones the repo first.",
+        "forkedInfo": "Auto-forked (no push access to original)",
         "parentNotFound": "الميزة الأصلية غير موجودة: {{id}}",
         "attachmentNotFound": "المرفق غير موجود: {{path}}",
         "spinnerText": "جارٍ التفكير",
@@ -438,6 +461,15 @@
         "cloneFailed": "فشل الاستنساخ: {{error}}",
         "failedToImport": "فشل استيراد المستودع"
       },
+      "initRemote": {
+        "description": "Create a GitHub repository from the current local repo",
+        "nameArgument": "Repository name (defaults to directory name)",
+        "publicOption": "Create a public repository (default: private)",
+        "orgOption": "GitHub organization to create the repo under",
+        "created": "GitHub repository created: {{name}}",
+        "urlLabel": "URL:",
+        "failed": "Failed to create GitHub repository"
+      },
       "ls": {
         "description": "عرض المستودعات المتتبعة",
         "title": "المستودعات",

package/dist/translations/ar/web.json CHANGED Viewed

@@ -15,7 +15,8 @@
       "flags": "العلامات",
       "chat": "المحادثة",
       "layout": "التخطيط",
-      "database": "قاعدة البيانات"
+      "database": "قاعدة البيانات",
+      "security": "Security"
     },
     "language": {
       "title": "اللغة",
@@ -224,6 +225,47 @@
       "swapPositionDescription": "نقل زر المحادثة إلى اليسار وزر الإنشاء إلى اليمين",
       "hint": "يوجد زران عائمان (إنشاء ومحادثة) في الزوايا السفلية لمركز التحكم. قم بتفعيل هذا الخيار لتبديل مواضعهما."
     },
+    "security": {
+      "title": "Supply Chain Security",
+      "sectionTitle": "Supply Chain Security",
+      "sectionDescription": "Configure security mode and review policy enforcement findings",
+      "mode": "Security mode",
+      "modeDescription": "Controls how the policy engine responds to violations",
+      "modeDisabled": "Disabled",
+      "modeAdvisory": "Advisory",
+      "modeEnforce": "Enforce",
+      "policySource": "Policy source",
+      "policySourceNone": "No policy loaded",
+      "lastEvaluation": "Last evaluation",
+      "lastEvaluationNever": "Never",
+      "recentFindings": "Recent findings",
+      "noFindings": "No security findings recorded",
+      "runEnforcement": "Run enforcement",
+      "running": "Running...",
+      "severity": {
+        "Low": "Low",
+        "Medium": "Medium",
+        "High": "High",
+        "Critical": "Critical"
+      },
+      "hint": "Security mode controls how the policy engine handles violations. Advisory mode logs findings without blocking. Enforce mode blocks risky actions and fails builds.",
+      "links": {
+        "securitySpec": "Security spec"
+      },
+      "badge": {
+        "advisory": "Security: Advisory",
+        "enforce": "Security: Enforce",
+        "disabled": "Security: Disabled"
+      },
+      "panel": {
+        "title": "Security",
+        "governance": "Governance",
+        "dependencies": "Dependencies",
+        "noFindings": "No security findings",
+        "findingsByCategory": "Findings by category",
+        "totalFindings": "{{count}} finding(s)"
+      }
+    },
     "database": {
       "title": "قاعدة البيانات",
       "description": "مسار قاعدة البيانات وإدارتها",

package/dist/translations/de/cli.json CHANGED Viewed

@@ -187,6 +187,26 @@
         "failedToList": "Fehler beim Auflisten der Tools: {{error}}"
       }
     },
+    "security": {
+      "description": "Supply-chain security policy management",
+      "enforce": {
+        "description": "Evaluate repository security posture and enforce policy",
+        "repoOption": "Repository path (defaults to current directory)",
+        "outputOption": "Output format (table, json, yaml)",
+        "passed": "Security enforcement passed",
+        "failed": "Security enforcement failed",
+        "advisoryNote": "Mode is Advisory — findings are reported but do not block",
+        "disabledNote": "Security mode is Disabled — no checks performed",
+        "modeLabel": "Mode",
+        "sourceLabel": "Source",
+        "dependencyFindingsLabel": "Dependency Findings",
+        "releaseIntegrityLabel": "Release Integrity",
+        "totalFindingsLabel": "Total Findings",
+        "governanceFindingsLabel": "GitHub Governance (audit-only)",
+        "noFindings": "No findings",
+        "failedToEnforce": "Failed to evaluate security posture"
+      }
+    },
     "feat": {
       "description": "Features durch den SDLC-Lebenszyklus verwalten",
       "new": {
@@ -209,6 +229,9 @@
         "injectSkillsOption": "Inject curated skills into the worktree",
         "noInjectSkillsOption": "Skip skill injection for this invocation",
         "attachOption": "Eine Datei anhängen (wiederholbar)",
+        "remoteOption": "GitHub URL or owner/repo — clone (or fork) then create feature",
+        "remoteConflict": "Cannot use --remote with --repo. --remote clones the repo first.",
+        "forkedInfo": "Auto-forked (no push access to original)",
         "parentNotFound": "Übergeordnetes Feature nicht gefunden: {{id}}",
         "attachmentNotFound": "Anhang nicht gefunden: {{path}}",
         "spinnerText": "Denke nach",
@@ -438,6 +461,15 @@
         "cloneFailed": "Klonen fehlgeschlagen: {{error}}",
         "failedToImport": "Repository konnte nicht importiert werden"
       },
+      "initRemote": {
+        "description": "Create a GitHub repository from the current local repo",
+        "nameArgument": "Repository name (defaults to directory name)",
+        "publicOption": "Create a public repository (default: private)",
+        "orgOption": "GitHub organization to create the repo under",
+        "created": "GitHub repository created: {{name}}",
+        "urlLabel": "URL:",
+        "failed": "Failed to create GitHub repository"
+      },
       "ls": {
         "description": "Verfolgte Repositories auflisten",
         "title": "Repositories",

package/dist/translations/de/web.json CHANGED Viewed

@@ -15,7 +15,8 @@
       "flags": "Flags",
       "chat": "Chat",
       "layout": "Layout",
-      "database": "Datenbank"
+      "database": "Datenbank",
+      "security": "Security"
     },
     "language": {
       "title": "Sprache",
@@ -224,6 +225,47 @@
       "swapPositionDescription": "Chat-Button nach links und Erstellen-Button nach rechts verschieben",
       "hint": "Die zwei schwebenden Aktionsschaltflächen (Erstellen und Chat) befinden sich in den unteren Ecken des Kontrollzentrums. Aktivieren Sie diese Option, um ihre Positionen zu tauschen."
     },
+    "security": {
+      "title": "Supply Chain Security",
+      "sectionTitle": "Supply Chain Security",
+      "sectionDescription": "Configure security mode and review policy enforcement findings",
+      "mode": "Security mode",
+      "modeDescription": "Controls how the policy engine responds to violations",
+      "modeDisabled": "Disabled",
+      "modeAdvisory": "Advisory",
+      "modeEnforce": "Enforce",
+      "policySource": "Policy source",
+      "policySourceNone": "No policy loaded",
+      "lastEvaluation": "Last evaluation",
+      "lastEvaluationNever": "Never",
+      "recentFindings": "Recent findings",
+      "noFindings": "No security findings recorded",
+      "runEnforcement": "Run enforcement",
+      "running": "Running...",
+      "severity": {
+        "Low": "Low",
+        "Medium": "Medium",
+        "High": "High",
+        "Critical": "Critical"
+      },
+      "hint": "Security mode controls how the policy engine handles violations. Advisory mode logs findings without blocking. Enforce mode blocks risky actions and fails builds.",
+      "links": {
+        "securitySpec": "Security spec"
+      },
+      "badge": {
+        "advisory": "Security: Advisory",
+        "enforce": "Security: Enforce",
+        "disabled": "Security: Disabled"
+      },
+      "panel": {
+        "title": "Security",
+        "governance": "Governance",
+        "dependencies": "Dependencies",
+        "noFindings": "No security findings",
+        "findingsByCategory": "Findings by category",
+        "totalFindings": "{{count}} finding(s)"
+      }
+    },
     "database": {
       "title": "Datenbank",
       "description": "Datenbankpfad und -verwaltung",

package/dist/translations/en/cli.json CHANGED Viewed

@@ -187,6 +187,26 @@
         "failedToList": "Error listing tools: {{error}}"
       }
     },
+    "security": {
+      "description": "Supply-chain security policy management",
+      "enforce": {
+        "description": "Evaluate repository security posture and enforce policy",
+        "repoOption": "Repository path (defaults to current directory)",
+        "outputOption": "Output format (table, json, yaml)",
+        "passed": "Security enforcement passed",
+        "failed": "Security enforcement failed",
+        "advisoryNote": "Mode is Advisory — findings are reported but do not block",
+        "disabledNote": "Security mode is Disabled — no checks performed",
+        "modeLabel": "Mode",
+        "sourceLabel": "Source",
+        "dependencyFindingsLabel": "Dependency Findings",
+        "releaseIntegrityLabel": "Release Integrity",
+        "totalFindingsLabel": "Total Findings",
+        "governanceFindingsLabel": "GitHub Governance (audit-only)",
+        "noFindings": "No findings",
+        "failedToEnforce": "Failed to evaluate security posture"
+      }
+    },
     "feat": {
       "description": "Manage features through the SDLC lifecycle",
       "new": {
@@ -209,6 +229,9 @@
         "injectSkillsOption": "Inject curated skills into the worktree",
         "noInjectSkillsOption": "Skip skill injection for this invocation",
         "attachOption": "Attach a file (repeatable)",
+        "remoteOption": "GitHub URL or owner/repo — clone (or fork) then create feature",
+        "remoteConflict": "Cannot use --remote with --repo. --remote clones the repo first.",
+        "forkedInfo": "Auto-forked (no push access to original)",
         "parentNotFound": "Parent feature not found: {{id}}",
         "attachmentNotFound": "Attachment not found: {{path}}",
         "spinnerText": "Thinking",
@@ -438,6 +461,15 @@
         "cloneFailed": "Clone failed: {{error}}",
         "failedToImport": "Failed to import repository"
       },
+      "initRemote": {
+        "description": "Create a GitHub repository from the current local repo",
+        "nameArgument": "Repository name (defaults to directory name)",
+        "publicOption": "Create a public repository (default: private)",
+        "orgOption": "GitHub organization to create the repo under",
+        "created": "GitHub repository created: {{name}}",
+        "urlLabel": "URL:",
+        "failed": "Failed to create GitHub repository"
+      },
       "ls": {
         "description": "List tracked repositories",
         "title": "Repositories",

package/dist/translations/en/web.json CHANGED Viewed

@@ -15,7 +15,8 @@
       "flags": "Flags",
       "chat": "Chat",
       "layout": "Layout",
-      "database": "Database"
+      "database": "Database",
+      "security": "Security"
     },
     "language": {
       "title": "Language",
@@ -224,6 +225,47 @@
       "swapPositionDescription": "Move the Chat button to the left and the Create button to the right",
       "hint": "The two floating action buttons (Create and Chat) sit in the bottom corners of the control center. Enable this toggle to swap their positions."
     },
+    "security": {
+      "title": "Supply Chain Security",
+      "sectionTitle": "Security",
+      "sectionDescription": "Policy-driven supply chain security enforcement",
+      "mode": "Security Mode",
+      "modeDescription": "Controls how security policy is enforced",
+      "modeDisabled": "Disabled",
+      "modeAdvisory": "Advisory",
+      "modeEnforce": "Enforce",
+      "policySource": "Policy Source",
+      "policySourceNone": "Settings only",
+      "lastEvaluation": "Last Evaluation",
+      "lastEvaluationNever": "Never",
+      "recentFindings": "Recent Findings",
+      "noFindings": "No findings",
+      "runEnforcement": "Run Enforcement",
+      "running": "Running...",
+      "severity": {
+        "Low": "Low",
+        "Medium": "Medium",
+        "High": "High",
+        "Critical": "Critical"
+      },
+      "hint": "Security mode controls how the policy engine handles violations. Advisory mode logs findings without blocking. Enforce mode blocks risky actions and fails builds.",
+      "links": {
+        "securitySpec": "Security spec"
+      },
+      "badge": {
+        "advisory": "Advisory",
+        "enforce": "Enforce",
+        "disabled": "Disabled"
+      },
+      "panel": {
+        "title": "Security",
+        "governance": "Governance",
+        "dependencies": "Dependencies",
+        "noFindings": "No security findings",
+        "findingsByCategory": "Findings by Severity",
+        "totalFindings": "{{count}} finding(s)"
+      }
+    },
     "database": {
       "title": "Database",
       "description": "Database path and management",

package/dist/translations/es/cli.json CHANGED Viewed

@@ -187,6 +187,26 @@
         "failedToList": "Error al listar herramientas: {{error}}"
       }
     },
+    "security": {
+      "description": "Supply-chain security policy management",
+      "enforce": {
+        "description": "Evaluate repository security posture and enforce policy",
+        "repoOption": "Repository path (defaults to current directory)",
+        "outputOption": "Output format (table, json, yaml)",
+        "passed": "Security enforcement passed",
+        "failed": "Security enforcement failed",
+        "advisoryNote": "Mode is Advisory — findings are reported but do not block",
+        "disabledNote": "Security mode is Disabled — no checks performed",
+        "modeLabel": "Mode",
+        "sourceLabel": "Source",
+        "dependencyFindingsLabel": "Dependency Findings",
+        "releaseIntegrityLabel": "Release Integrity",
+        "totalFindingsLabel": "Total Findings",
+        "governanceFindingsLabel": "GitHub Governance (audit-only)",
+        "noFindings": "No findings",
+        "failedToEnforce": "Failed to evaluate security posture"
+      }
+    },
     "feat": {
       "description": "Administrar funcionalidades a través del ciclo de vida SDLC",
       "new": {
@@ -209,6 +229,9 @@
         "injectSkillsOption": "Inject curated skills into the worktree",
         "noInjectSkillsOption": "Skip skill injection for this invocation",
         "attachOption": "Adjuntar un archivo (repetible)",
+        "remoteOption": "GitHub URL or owner/repo — clone (or fork) then create feature",
+        "remoteConflict": "Cannot use --remote with --repo. --remote clones the repo first.",
+        "forkedInfo": "Auto-forked (no push access to original)",
         "parentNotFound": "Funcionalidad padre no encontrada: {{id}}",
         "attachmentNotFound": "Archivo adjunto no encontrado: {{path}}",
         "spinnerText": "Pensando",
@@ -438,6 +461,15 @@
         "cloneFailed": "Error al clonar: {{error}}",
         "failedToImport": "Error al importar el repositorio"
       },
+      "initRemote": {
+        "description": "Create a GitHub repository from the current local repo",
+        "nameArgument": "Repository name (defaults to directory name)",
+        "publicOption": "Create a public repository (default: private)",
+        "orgOption": "GitHub organization to create the repo under",
+        "created": "GitHub repository created: {{name}}",
+        "urlLabel": "URL:",
+        "failed": "Failed to create GitHub repository"
+      },
       "ls": {
         "description": "Listar repositorios rastreados",
         "title": "Repositorios",