npm - @shepai/cli - Versions diffs - 1.175.0-pr534.6e82e47 → 1.175.1-pr527.ea242b8 - Mend

@shepai/cli 1.175.0-pr534.6e82e47 → 1.175.1-pr527.ea242b8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (414) hide show

package/apis/json-schema/ActionDispositionEntry.yaml ADDED Viewed

@@ -0,0 +1,14 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: ActionDispositionEntry.yaml
+type: object
+properties:
+  category:
+    $ref: SecurityActionCategory.yaml
+    description: The action category
+  disposition:
+    $ref: SecurityActionDisposition.yaml
+    description: How this action should be handled
+required:
+  - category
+  - disposition
+description: Mapping of an action category to its enforcement disposition

package/apis/json-schema/DependencyFinding.yaml ADDED Viewed

@@ -0,0 +1,28 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: DependencyFinding.yaml
+type: object
+properties:
+  packageName:
+    type: string
+    description: Package name (e.g. 'lodash', '@types/node')
+  version:
+    type: string
+    description: Package version or range (e.g. '^4.17.0')
+  severity:
+    $ref: SecuritySeverity.yaml
+    description: Severity of this finding
+  riskType:
+    $ref: DependencyRiskType.yaml
+    description: Type of dependency risk detected
+  message:
+    type: string
+    description: Human-readable description of the finding
+  remediation:
+    type: string
+    description: Actionable remediation guidance
+required:
+  - packageName
+  - severity
+  - riskType
+  - message
+description: Single dependency risk finding

package/apis/json-schema/DependencyRiskType.yaml ADDED Viewed

@@ -0,0 +1,11 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: DependencyRiskType.yaml
+type: string
+enum:
+  - LockfileInconsistency
+  - NonRegistrySource
+  - LifecycleScript
+  - DenylistViolation
+  - AllowlistViolation
+  - VersionRangePolicy
+description: Type of dependency risk finding

package/apis/json-schema/DependencyRules.yaml ADDED Viewed

@@ -0,0 +1,38 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: DependencyRules.yaml
+type: object
+properties:
+  checkLockfileConsistency:
+    type: boolean
+    default: true
+    description: "Check manifest-lockfile consistency (default: true)"
+  checkLifecycleScripts:
+    type: boolean
+    default: true
+    description: "Flag packages with lifecycle scripts (default: true)"
+  checkNonRegistrySource:
+    type: boolean
+    default: true
+    description: "Flag non-registry dependency sources (default: true)"
+  enforceStrictVersionRanges:
+    type: boolean
+    default: false
+    description: "Enforce strict version ranges — no ^ or * (default: false)"
+  allowlist:
+    type: array
+    items:
+      type: string
+    description: Packages explicitly allowed (empty = allow all)
+  denylist:
+    type: array
+    items:
+      type: string
+    description: Packages explicitly denied
+required:
+  - checkLockfileConsistency
+  - checkLifecycleScripts
+  - checkNonRegistrySource
+  - enforceStrictVersionRanges
+  - allowlist
+  - denylist
+description: Dependency risk evaluation policy rules

package/apis/json-schema/EffectivePolicySnapshot.yaml ADDED Viewed

@@ -0,0 +1,24 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: EffectivePolicySnapshot.yaml
+type: object
+properties:
+  mode:
+    $ref: SecurityMode.yaml
+    description: Resolved effective security mode
+  source:
+    type: string
+    description: Where the policy was sourced from (e.g. 'shep.security.yaml', 'settings-default')
+  evaluatedAt:
+    type: string
+    description: ISO timestamp when this snapshot was computed
+  actionDispositions:
+    type: array
+    items:
+      $ref: ActionDispositionEntry.yaml
+    description: Resolved per-action-category enforcement dispositions
+required:
+  - mode
+  - source
+  - evaluatedAt
+  - actionDispositions
+description: Computed effective security policy snapshot

package/apis/json-schema/FeatureFlags.yaml CHANGED Viewed

@@ -34,6 +34,10 @@ properties:
     type: boolean
     default: false
     description: Enable the Inventory page showing all repositories and features
+  supplyChainSecurity:
+    type: boolean
+    default: true
+    description: Enable the supply chain security feature (policy engine, badges, settings, CLI, CI gate). When false, the feature is inert regardless of SecurityMode.
 required:
   - skills
   - envDeploy
@@ -43,4 +47,5 @@ required:
   - gitRebaseSync
   - reactFileManager
   - inventory
+  - supplyChainSecurity
 description: Feature flag toggles for runtime feature control

package/apis/json-schema/ReleaseIntegrityCheck.yaml ADDED Viewed

@@ -0,0 +1,22 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: ReleaseIntegrityCheck.yaml
+type: object
+properties:
+  checkType:
+    $ref: ReleaseIntegrityCheckType.yaml
+    description: Type of check performed
+  passed:
+    type: boolean
+    description: Whether this check passed
+  message:
+    type: string
+    description: Human-readable description of the result
+  severity:
+    $ref: SecuritySeverity.yaml
+    description: Severity when this check fails
+required:
+  - checkType
+  - passed
+  - message
+  - severity
+description: Result of a single release integrity check

package/apis/json-schema/ReleaseIntegrityCheckType.yaml ADDED Viewed

@@ -0,0 +1,9 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: ReleaseIntegrityCheckType.yaml
+type: string
+enum:
+  - CiOnlyPublishing
+  - SecretConfiguration
+  - ProvenanceConfiguration
+  - WorkflowIntegrity
+description: Type of release integrity check

package/apis/json-schema/ReleaseIntegrityResult.yaml ADDED Viewed

@@ -0,0 +1,16 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: ReleaseIntegrityResult.yaml
+type: object
+properties:
+  checks:
+    type: array
+    items:
+      $ref: ReleaseIntegrityCheck.yaml
+    description: Individual check results
+  passed:
+    type: boolean
+    description: Whether all checks passed
+required:
+  - checks
+  - passed
+description: Aggregated release integrity evaluation result

package/apis/json-schema/ReleaseRules.yaml ADDED Viewed

@@ -0,0 +1,21 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: ReleaseRules.yaml
+type: object
+properties:
+  requireCiOnlyPublishing:
+    type: boolean
+    default: true
+    description: "Require publishing from CI only, not local (default: true)"
+  requireProvenance:
+    type: boolean
+    default: true
+    description: "Require npm provenance flags on publish (default: true)"
+  checkWorkflowIntegrity:
+    type: boolean
+    default: true
+    description: "Check that release workflow has not been tampered with (default: true)"
+required:
+  - requireCiOnlyPublishing
+  - requireProvenance
+  - checkWorkflowIntegrity
+description: Release integrity policy rules

package/apis/json-schema/SecurityActionCategory.yaml ADDED Viewed

@@ -0,0 +1,10 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: SecurityActionCategory.yaml
+type: string
+enum:
+  - DependencyInstall
+  - PackageScriptExec
+  - CiWorkflowModify
+  - PublishRelease
+  - SandboxEscalation
+description: Categories of risky agent actions for runtime guardrails

package/apis/json-schema/SecurityActionDisposition.yaml ADDED Viewed

@@ -0,0 +1,8 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: SecurityActionDisposition.yaml
+type: string
+enum:
+  - Allowed
+  - Denied
+  - ApprovalRequired
+description: Enforcement disposition for a security action category

package/apis/json-schema/SecurityConfig.yaml ADDED Viewed

@@ -0,0 +1,17 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: SecurityConfig.yaml
+type: object
+properties:
+  mode:
+    $ref: SecurityMode.yaml
+    default: Advisory
+    description: "Effective security mode (default: Advisory)"
+  lastEvaluationAt:
+    type: string
+    description: ISO timestamp of last policy evaluation (null if never evaluated)
+  policySource:
+    type: string
+    description: Source of the active security policy (null if never evaluated)
+required:
+  - mode
+description: Supply-chain security configuration persisted in settings

package/apis/json-schema/SecurityEvent.yaml ADDED Viewed

@@ -0,0 +1,36 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: SecurityEvent.yaml
+type: object
+properties:
+  repositoryPath:
+    type: string
+    description: Absolute path to the repository this event belongs to
+  featureId:
+    type: string
+    description: Feature ID if this event occurred during a feature run
+  severity:
+    $ref: SecuritySeverity.yaml
+    description: Severity of this security event
+  category:
+    $ref: SecurityActionCategory.yaml
+    description: Action category that triggered this event
+  disposition:
+    $ref: SecurityActionDisposition.yaml
+    description: How the action was handled (allowed, denied, approval-required)
+  actor:
+    type: string
+    description: Actor or source that triggered this event (agent, user, CI)
+  message:
+    type: string
+    description: Human-readable event description
+  remediationSummary:
+    type: string
+    description: Actionable remediation guidance
+required:
+  - repositoryPath
+  - severity
+  - category
+  - disposition
+allOf:
+  - $ref: BaseEntity.yaml
+description: Persisted security event for audit and observability

package/apis/json-schema/SecurityMode.yaml ADDED Viewed

@@ -0,0 +1,8 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: SecurityMode.yaml
+type: string
+enum:
+  - Disabled
+  - Advisory
+  - Enforce
+description: Effective security mode for a repository

package/apis/json-schema/SecurityPolicy.yaml ADDED Viewed

@@ -0,0 +1,24 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: SecurityPolicy.yaml
+type: object
+properties:
+  mode:
+    $ref: SecurityMode.yaml
+    description: Desired security mode for this repository
+  actionDispositions:
+    type: array
+    items:
+      $ref: ActionDispositionEntry.yaml
+    description: Per-action-category enforcement dispositions
+  dependencyRules:
+    $ref: DependencyRules.yaml
+    description: Dependency risk evaluation rules
+  releaseRules:
+    $ref: ReleaseRules.yaml
+    description: Release integrity check rules
+required:
+  - mode
+  - actionDispositions
+  - dependencyRules
+  - releaseRules
+description: Security policy configuration from shep.security.yaml

package/apis/json-schema/SecuritySeverity.yaml ADDED Viewed

@@ -0,0 +1,9 @@
+$schema: https://json-schema.org/draft/2020-12/schema
+$id: SecuritySeverity.yaml
+type: string
+enum:
+  - Low
+  - Medium
+  - High
+  - Critical
+description: Severity level for security findings

package/apis/json-schema/Settings.yaml CHANGED Viewed

@@ -36,6 +36,9 @@ properties:
   fabLayout:
     $ref: FabLayoutConfig.yaml
     description: FAB layout configuration (optional, defaults applied at runtime)
+  security:
+    $ref: SecurityConfig.yaml
+    description: Supply-chain security configuration (optional, defaults applied at runtime)
 required:
   - models
   - user

package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts CHANGED Viewed

@@ -20,7 +20,7 @@
  * }
  * ```
  */
-import type { AgentType, AgentFeature } from '../../../../domain/generated/output.js';
+import type { AgentType, AgentFeature, SecurityMode, SecurityActionCategory, SecurityActionDisposition } from '../../../../domain/generated/output.js';
 /**
  * Token usage and execution statistics returned by an agent.
  */
@@ -62,6 +62,18 @@ export interface AgentExecutionStreamEvent {
     /** When the event was emitted */
     timestamp: Date;
 }
+/**
+ * Security constraints derived from the effective security policy.
+ * Passed to executors so they can validate compatibility before launch.
+ */
+export interface SecurityConstraints {
+    /** Effective security mode for this execution */
+    mode: SecurityMode;
+    /** Per-action-category enforcement dispositions */
+    actionDispositions: Record<SecurityActionCategory, SecurityActionDisposition>;
+    /** Required sandbox level (e.g. 'strict' forbids --dangerously-skip-permissions) */
+    sandboxLevel: 'permissive' | 'strict';
+}
 /**
  * Options for controlling agent execution behavior.
  */
@@ -88,6 +100,8 @@ export interface AgentExecutionOptions {
     disableMcp?: boolean;
     /** Restrict available built-in tools via --tools flag */
     tools?: string[];
+    /** Security policy constraints for this execution */
+    securityConstraints?: SecurityConstraints;
 }
 /**
  * Port interface for executing prompts against an AI agent.

package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"agent-executor.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/agents/agent-executor.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,KAAK,~~EAAE~~,SAAS,~~EAAE~~,YAAY,~~EAAE~~,MAAM,wCAAwC,CAAC;~~AAEtF~~;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,8DAA8D;IAC9D,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,uDAAuD;IACvD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,4BAA4B;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qDAAqD;IACrD,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,mBAAmB,CAAC;IAC5B,yCAAyC;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,2DAA2D;IAC3D,IAAI,EAAE,UAAU,GAAG,QAAQ,GAAG,OAAO,CAAC;IACtC,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,iCAAiC;IACjC,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,sCAAsC;IACtC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mDAAmD;IACnD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oCAAoC;IACpC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wEAAwE;IACxE,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,mEAAmE;IACnE,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,yDAAyD;IACzD,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;~~CAClB~~;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,cAAc;IAC7B,8CAA8C;IAC9C,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAE9B;;;;;;OAMG;IACH,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAExF;;;;;;OAMG;IACH,aAAa,CACX,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,qBAAqB,GAC9B,aAAa,CAAC,yBAAyB,CAAC,CAAC;IAE5C;;;;;OAKG;IACH,eAAe,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC;CACjD"}
1	+ {"version":3,"file":"agent-executor.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/agents/agent-executor.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,KAAK,EACV,SAAS,EACT,YAAY,EACZ,YAAY,EACZ,sBAAsB,EACtB,yBAAyB,EAC1B,MAAM,wCAAwC,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,8DAA8D;IAC9D,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,uDAAuD;IACvD,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,4BAA4B;IAC5B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qDAAqD;IACrD,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,4CAA4C;IAC5C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2CAA2C;IAC3C,KAAK,CAAC,EAAE,mBAAmB,CAAC;IAC5B,yCAAyC;IACzC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,2DAA2D;IAC3D,IAAI,EAAE,UAAU,GAAG,QAAQ,GAAG,OAAO,CAAC;IACtC,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,iCAAiC;IACjC,SAAS,EAAE,IAAI,CAAC;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,iDAAiD;IACjD,IAAI,EAAE,YAAY,CAAC;IACnB,mDAAmD;IACnD,kBAAkB,EAAE,MAAM,CAAC,sBAAsB,EAAE,yBAAyB,CAAC,CAAC;IAC9E,oFAAoF;IACpF,YAAY,EAAE,YAAY,GAAG,QAAQ,CAAC;CACvC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,sCAAsC;IACtC,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,mDAAmD;IACnD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oCAAoC;IACpC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iCAAiC;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wEAAwE;IACxE,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,mEAAmE;IACnE,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,yDAAyD;IACzD,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,qDAAqD;IACrD,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;CAC3C;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,cAAc;IAC7B,8CAA8C;IAC9C,QAAQ,CAAC,SAAS,EAAE,SAAS,CAAC;IAE9B;;;;;;OAMG;IACH,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAExF;;;;;;OAMG;IACH,aAAa,CACX,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,qBAAqB,GAC9B,aAAa,CAAC,yBAAyB,CAAC,CAAC;IAE5C;;;;;OAKG;IACH,eAAe,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC;CACjD"}

package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts CHANGED Viewed

@@ -9,7 +9,7 @@
  * - Application layer depends on this interface
  * - Infrastructure layer provides concrete implementation
  */
-import type { ApprovalGates, AgentType } from '../../../../domain/generated/output.js';
+import type { ApprovalGates, AgentType, SecurityMode, SecurityActionCategory, SecurityActionDisposition } from '../../../../domain/generated/output.js';
 /**
  * Service interface for feature agent background process management.
  */
@@ -40,6 +40,8 @@ export interface IFeatureAgentProcessService {
         fast?: boolean;
         model?: string;
         resumeReason?: string;
+        securityMode?: SecurityMode;
+        securityActionDispositions?: Partial<Record<SecurityActionCategory, SecurityActionDisposition>>;
     }): number;
     /**
      * Check if a process is still alive.

package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"feature-agent-process.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/agents/feature-agent-process.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,~~EAAE~~,aAAa,~~EAAE~~,SAAS,~~EAAE~~,MAAM,wCAAwC,CAAC;~~AAEvF~~;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;;;;;;;OAQG;IACH,KAAK,CACH,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,YAAY,CAAC,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE;QACR,aAAa,CAAC,EAAE,aAAa,CAAC;QAC9B,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,YAAY,CAAC,EAAE,MAAM,CAAC;~~KACvB~~,GACA,MAAM,CAAC;IAEV;;;;;OAKG;IACH,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAE9B;;;;;OAKG;IACH,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnD"}
1	+ {"version":3,"file":"feature-agent-process.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/agents/feature-agent-process.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EACV,aAAa,EACb,SAAS,EACT,YAAY,EACZ,sBAAsB,EACtB,yBAAyB,EAC1B,MAAM,wCAAwC,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;;;;;;;OAQG;IACH,KAAK,CACH,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,YAAY,CAAC,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE;QACR,aAAa,CAAC,EAAE,aAAa,CAAC;QAC9B,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,YAAY,CAAC;QAC5B,0BAA0B,CAAC,EAAE,OAAO,CAClC,MAAM,CAAC,sBAAsB,EAAE,yBAAyB,CAAC,CAC1D,CAAC;KACH,GACA,MAAM,CAAC;IAEV;;;;;OAKG;IACH,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IAE9B;;;;;OAKG;IACH,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACnD"}

package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts ADDED Viewed

@@ -0,0 +1,76 @@
+/**
+ * Security Event Repository Interface
+ *
+ * Output port for SecurityEvent persistence operations.
+ * Implementations handle database-specific logic (SQLite, etc.).
+ *
+ * Following Clean Architecture:
+ * - Domain and Application layers depend on this interface
+ * - Infrastructure layer provides concrete implementations
+ */
+import type { SecurityEvent, SecuritySeverity } from '../../../../domain/generated/output.js';
+/**
+ * Options for querying security events.
+ */
+export interface SecurityEventQueryOptions {
+    /** Maximum number of events to return */
+    limit?: number;
+    /** Number of events to skip (for pagination) */
+    offset?: number;
+    /** Filter by minimum severity level */
+    severity?: SecuritySeverity;
+}
+/**
+ * Repository interface for SecurityEvent entity persistence.
+ *
+ * Implementations must:
+ * - Handle database connection management
+ * - Provide thread-safe operations (SQLite WAL handles concurrency)
+ * - Support repository-scoped and feature-scoped queries
+ * - Use parameterized queries for all SQL operations
+ */
+export interface ISecurityEventRepository {
+    /**
+     * Persist a new security event.
+     *
+     * @param event - The security event to persist
+     */
+    save(event: SecurityEvent): Promise<void>;
+    /**
+     * Find security events for a given repository path.
+     *
+     * Results are ordered by created_at DESC (most recent first).
+     *
+     * @param repositoryPath - Absolute path to the repository
+     * @param options - Optional query filters and pagination
+     * @returns Array of matching security events
+     */
+    findByRepository(repositoryPath: string, options?: SecurityEventQueryOptions): Promise<SecurityEvent[]>;
+    /**
+     * Find security events for a given feature run.
+     *
+     * Results are ordered by created_at DESC (most recent first).
+     *
+     * @param featureId - The feature ID to filter by
+     * @param options - Optional query filters and pagination
+     * @returns Array of matching security events
+     */
+    findByFeature(featureId: string, options?: SecurityEventQueryOptions): Promise<SecurityEvent[]>;
+    /**
+     * Delete security events older than the given date.
+     *
+     * Used for 90-day retention cleanup.
+     *
+     * @param date - Events created before this date will be deleted
+     * @returns Number of events deleted
+     */
+    deleteOlderThan(date: Date): Promise<number>;
+    /**
+     * Count security events for a given repository path.
+     *
+     * @param repositoryPath - Absolute path to the repository
+     * @returns Total count of security events
+     */
+    count(repositoryPath: string): Promise<number>;
+}
+//# sourceMappingURL=security-event.repository.interface.d.ts.map

package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"security-event.repository.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/repositories/security-event.repository.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,wCAAwC,CAAC;AAE9F;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,yCAAyC;IACzC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gDAAgD;IAChD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,uCAAuC;IACvC,QAAQ,CAAC,EAAE,gBAAgB,CAAC;CAC7B;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;;OAIG;IACH,IAAI,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE1C;;;;;;;;OAQG;IACH,gBAAgB,CACd,cAAc,EAAE,MAAM,EACtB,OAAO,CAAC,EAAE,yBAAyB,GAClC,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAE5B;;;;;;;;OAQG;IACH,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,yBAAyB,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAEhG;;;;;;;OAOG;IACH,eAAe,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE7C;;;;;OAKG;IACH,KAAK,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CAChD"}

package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.js ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * Security Event Repository Interface
+ *
+ * Output port for SecurityEvent persistence operations.
+ * Implementations handle database-specific logic (SQLite, etc.).
+ *
+ * Following Clean Architecture:
+ * - Domain and Application layers depend on this interface
+ * - Infrastructure layer provides concrete implementations
+ */
+export {};

package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts CHANGED Viewed

@@ -114,6 +114,28 @@ export interface ForkResult {
     nameWithOwner: string;
     alreadyExisted: boolean;
 }
+/**
+ * Category of a governance audit finding.
+ */
+export declare enum GovernanceFindingCategory {
+    BranchProtection = "BranchProtection",
+    Codeowners = "Codeowners",
+    WorkflowPermissions = "WorkflowPermissions"
+}
+/**
+ * A single finding from a GitHub governance audit.
+ * Findings are advisory-only — Shep reports gaps but does not mutate remote settings.
+ */
+export interface GovernanceFinding {
+    /** Category of the governance check */
+    category: GovernanceFindingCategory;
+    /** Severity of the finding */
+    severity: 'Low' | 'Medium' | 'High' | 'Critical' | 'Unknown';
+    /** Human-readable description of the finding */
+    message: string;
+    /** Actionable remediation guidance */
+    remediation: string;
+}
 /**
  * Output port for GitHub repository operations.
  *
@@ -198,5 +220,21 @@ export interface IGitHubRepositoryService {
      * @throws {GitHubForkError} on failure
      */
     forkRepository(nameWithOwner: string, options?: ForkOptions): Promise<ForkResult>;
+    /**
+     * Audit repository governance settings via the gh CLI.
+     *
+     * Checks branch protection rules, CODEOWNERS presence, and workflow
+     * permissions. Returns findings with severity and remediation suggestions.
+     * This is audit-only — no remote settings are mutated.
+     *
+     * Handles auth/permission errors gracefully by returning an Unknown-severity
+     * finding instead of throwing.
+     *
+     * @param owner - Repository owner (e.g. "octocat")
+     * @param repo - Repository name (e.g. "my-project")
+     * @param defaultBranch - Branch to check protection for (default: "main")
+     * @returns Array of governance findings (empty if all checks pass)
+     */
+    auditRepositoryGovernance(owner: string, repo: string, defaultBranch?: string): Promise<GovernanceFinding[]>;
 }
 //# sourceMappingURL=github-repository-service.interface.d.ts.map

package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"github-repository-service.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/services/github-repository-service.interface.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;GAEG;AACH,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAMD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,6DAA6D;IAC7D,aAAa,EAAE,MAAM,CAAC;IACtB,mDAAmD;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,SAAS,EAAE,OAAO,CAAC;IACnB,iDAAiD;IACjD,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,qCAAqC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+FAA+F;IAC/F,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,gDAAgD;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,qDAAqD;IACrD,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,4EAA4E;IAC5E,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,sDAAsD;IACtD,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CACxC;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,OAAO,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,OAAO,CAAC;CACzB;AAMD;;;;GAIG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;;OAIG;IACH,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE3B;;;;;;;OAOG;IACH,eAAe,CACb,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,YAAY,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB;;;;;;;;OAQG;IACH,oBAAoB,CAAC,OAAO,CAAC,EAAE,2BAA2B,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAEnF;;;;;OAKG;IACH,iBAAiB,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAEnD;;;;;;;;;;;;OAYG;IACH,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,CAAC;IAE7C;;;;;;;;;OASG;IACH,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvD;;;;OAIG;IACH,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAExC;;;;;OAKG;IACH,eAAe,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAElE;;;;;;OAMG;IACH,cAAc,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;~~CACnF~~"}
1	+ {"version":3,"file":"github-repository-service.interface.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/application/ports/output/services/github-repository-service.interface.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH;;GAEG;AACH,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,gBAAiB,SAAQ,KAAK;gBAC7B,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAED;;GAEG;AACH,qBAAa,eAAgB,SAAQ,KAAK;gBAC5B,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK;CAM3C;AAMD;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,6DAA6D;IAC7D,aAAa,EAAE,MAAM,CAAC;IACtB,mDAAmD;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,SAAS,EAAE,OAAO,CAAC;IACnB,iDAAiD;IACjD,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,qCAAqC;IACrC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+FAA+F;IAC/F,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,gDAAgD;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,qDAAqD;IACrD,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,4EAA4E;IAC5E,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;CACrC;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,wCAAwC;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,sDAAsD;IACtD,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CACxC;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,OAAO,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,oBAAY,yBAAyB;IACnC,gBAAgB,qBAAqB;IACrC,UAAU,eAAe;IACzB,mBAAmB,wBAAwB;CAC5C;AAED;;;GAGG;AACH,MAAM,WAAW,iBAAiB;IAChC,uCAAuC;IACvC,QAAQ,EAAE,yBAAyB,CAAC;IACpC,8BAA8B;IAC9B,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,GAAG,SAAS,CAAC;IAC7D,gDAAgD;IAChD,OAAO,EAAE,MAAM,CAAC;IAChB,sCAAsC;IACtC,WAAW,EAAE,MAAM,CAAC;CACrB;AAMD;;;;GAIG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;;OAIG;IACH,SAAS,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IAE3B;;;;;;;OAOG;IACH,eAAe,CACb,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,YAAY,GACrB,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB;;;;;;;;OAQG;IACH,oBAAoB,CAAC,OAAO,CAAC,EAAE,2BAA2B,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;IAEnF;;;;;OAKG;IACH,iBAAiB,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAC;IAEnD;;;;;;;;;;;;OAYG;IACH,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,CAAC;IAE7C;;;;;;;;;OASG;IACH,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvD;;;;OAIG;IACH,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAExC;;;;;OAKG;IACH,eAAe,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAElE;;;;;;OAMG;IACH,cAAc,CAAC,aAAa,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAElF;;;;;;;;;;;;;;OAcG;IACH,yBAAyB,CACvB,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;CACjC"}

package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.js CHANGED Viewed

@@ -80,3 +80,12 @@ export class GitHubForkError extends Error {
             this.cause = cause;
     }
 }
+/**
+ * Category of a governance audit finding.
+ */
+export var GovernanceFindingCategory;
+(function (GovernanceFindingCategory) {
+    GovernanceFindingCategory["BranchProtection"] = "BranchProtection";
+    GovernanceFindingCategory["Codeowners"] = "Codeowners";
+    GovernanceFindingCategory["WorkflowPermissions"] = "WorkflowPermissions";
+})(GovernanceFindingCategory || (GovernanceFindingCategory = {}));