@shepai/cli 1.175.0 → 1.175.1-pr527.ea242b8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/apis/json-schema/ActionDispositionEntry.yaml +14 -0
- package/apis/json-schema/DependencyFinding.yaml +28 -0
- package/apis/json-schema/DependencyRiskType.yaml +11 -0
- package/apis/json-schema/DependencyRules.yaml +38 -0
- package/apis/json-schema/EffectivePolicySnapshot.yaml +24 -0
- package/apis/json-schema/FeatureFlags.yaml +5 -0
- package/apis/json-schema/ReleaseIntegrityCheck.yaml +22 -0
- package/apis/json-schema/ReleaseIntegrityCheckType.yaml +9 -0
- package/apis/json-schema/ReleaseIntegrityResult.yaml +16 -0
- package/apis/json-schema/ReleaseRules.yaml +21 -0
- package/apis/json-schema/SecurityActionCategory.yaml +10 -0
- package/apis/json-schema/SecurityActionDisposition.yaml +8 -0
- package/apis/json-schema/SecurityConfig.yaml +17 -0
- package/apis/json-schema/SecurityEvent.yaml +36 -0
- package/apis/json-schema/SecurityMode.yaml +8 -0
- package/apis/json-schema/SecurityPolicy.yaml +24 -0
- package/apis/json-schema/SecuritySeverity.yaml +9 -0
- package/apis/json-schema/Settings.yaml +3 -0
- package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts +15 -1
- package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts +3 -1
- package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts +76 -0
- package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts.map +1 -0
- package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.js +11 -0
- package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts +38 -0
- package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.js +9 -0
- package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.d.ts +77 -0
- package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.d.ts.map +1 -0
- package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.js +13 -0
- package/dist/packages/core/src/application/ports/output/services/spec-initializer.interface.d.ts +11 -0
- package/dist/packages/core/src/application/ports/output/services/spec-initializer.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/agents/approve-agent-run.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/agents/approve-agent-run.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/agents/reject-agent-run.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/agents/reject-agent-run.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/features/check-and-unblock-features.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/check-and-unblock-features.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/features/create/create-feature.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/create/create-feature.use-case.js +1 -0
- package/dist/packages/core/src/application/use-cases/features/resume-feature.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/resume-feature.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/features/start-feature.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/start-feature.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.d.ts +71 -0
- package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.d.ts.map +1 -0
- package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.js +215 -0
- package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.d.ts +24 -0
- package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.d.ts.map +1 -0
- package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.js +56 -0
- package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.d.ts +36 -0
- package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.d.ts.map +1 -0
- package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.js +76 -0
- package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.d.ts +14 -0
- package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.d.ts.map +1 -0
- package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.js +46 -0
- package/dist/packages/core/src/domain/errors/security-violation.error.d.ts +15 -0
- package/dist/packages/core/src/domain/errors/security-violation.error.d.ts.map +1 -0
- package/dist/packages/core/src/domain/errors/security-violation.error.js +20 -0
- package/dist/packages/core/src/domain/factories/settings-defaults.factory.d.ts.map +1 -1
- package/dist/packages/core/src/domain/factories/settings-defaults.factory.js +6 -1
- package/dist/packages/core/src/domain/generated/output.d.ts +263 -0
- package/dist/packages/core/src/domain/generated/output.d.ts.map +1 -1
- package/dist/packages/core/src/domain/generated/output.js +43 -0
- package/dist/packages/core/src/infrastructure/di/container.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/di/container.js +57 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.d.ts +44 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.js +55 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.d.ts +4 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.js +17 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.d.ts +18 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.js +31 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.d.ts +29 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.js +53 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/056-add-feature-flag-supply-chain-security.d.ts +16 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/056-add-feature-flag-supply-chain-security.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/056-add-feature-flag-supply-chain-security.js +22 -0
- package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.d.ts +24 -0
- package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.js +96 -0
- package/dist/packages/core/src/infrastructure/repositories/sqlite-settings.repository.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/repositories/sqlite-settings.repository.js +15 -3
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.d.ts +2 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.js +12 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-interactive-executor.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-interactive-executor.service.js +44 -4
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.d.ts +22 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.js +30 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/fast-feature-agent-graph.d.ts +10 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/fast-feature-agent-graph.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-graph.d.ts +35 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-graph.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.d.ts +3 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.js +7 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.d.ts +3 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.js +32 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/node-helpers.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/node-helpers.js +25 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.d.ts +59 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.js +89 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.d.ts +4 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.js +10 -0
- package/dist/packages/core/src/infrastructure/services/external/github-repository.service.d.ts +10 -1
- package/dist/packages/core/src/infrastructure/services/external/github-repository.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/external/github-repository.service.js +101 -1
- package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.d.ts +53 -0
- package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.js +241 -0
- package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.d.ts +44 -0
- package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.js +194 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.d.ts +28 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.js +50 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.d.ts +26 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.js +147 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy.service.d.ts +44 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy.service.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy.service.js +174 -0
- package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.d.ts +1 -0
- package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.js +61 -0
- package/dist/src/presentation/cli/commands/security.command.d.ts +16 -0
- package/dist/src/presentation/cli/commands/security.command.d.ts.map +1 -0
- package/dist/src/presentation/cli/commands/security.command.js +133 -0
- package/dist/src/presentation/cli/index.js +2 -0
- package/dist/src/presentation/web/app/(dashboard)/get-graph-data.d.ts.map +1 -1
- package/dist/src/presentation/web/app/(dashboard)/get-graph-data.js +5 -1
- package/dist/src/presentation/web/app/actions/security.d.ts +28 -0
- package/dist/src/presentation/web/app/actions/security.d.ts.map +1 -0
- package/dist/src/presentation/web/app/actions/security.js +59 -0
- package/dist/src/presentation/web/app/build-graph-nodes.d.ts +3 -1
- package/dist/src/presentation/web/app/build-graph-nodes.d.ts.map +1 -1
- package/dist/src/presentation/web/app/build-graph-nodes.js +2 -0
- package/dist/src/presentation/web/components/common/feature-node/feature-node-state-config.d.ts +3 -1
- package/dist/src/presentation/web/components/common/feature-node/feature-node-state-config.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/feature-node/feature-node.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/feature-node/feature-node.js +2 -1
- package/dist/src/presentation/web/components/common/repository-node/repository-drawer.d.ts +3 -1
- package/dist/src/presentation/web/components/common/repository-node/repository-drawer.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/repository-node/repository-drawer.js +3 -2
- package/dist/src/presentation/web/components/common/repository-node/security-panel.d.ts +6 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.d.ts.map +1 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.js +29 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.d.ts +10 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.d.ts.map +1 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.js +53 -0
- package/dist/src/presentation/web/components/common/security-badge.d.ts +7 -0
- package/dist/src/presentation/web/components/common/security-badge.d.ts.map +1 -0
- package/dist/src/presentation/web/components/common/security-badge.js +30 -0
- package/dist/src/presentation/web/components/common/security-badge.stories.d.ts +12 -0
- package/dist/src/presentation/web/components/common/security-badge.stories.d.ts.map +1 -0
- package/dist/src/presentation/web/components/common/security-badge.stories.js +20 -0
- package/dist/src/presentation/web/components/features/settings/feature-flags-settings-section.d.ts.map +1 -1
- package/dist/src/presentation/web/components/features/settings/feature-flags-settings-section.js +3 -0
- package/dist/src/presentation/web/components/features/settings/feature-flags-settings-section.stories.d.ts.map +1 -1
- package/dist/src/presentation/web/components/features/settings/feature-flags-settings-section.stories.js +3 -0
- package/dist/src/presentation/web/components/features/settings/settings-page-client.d.ts.map +1 -1
- package/dist/src/presentation/web/components/features/settings/settings-page-client.js +26 -7
- package/dist/src/presentation/web/components/features/settings/settings-page-client.stories.d.ts.map +1 -1
- package/dist/src/presentation/web/components/features/settings/settings-page-client.stories.js +1 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.d.ts +6 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.d.ts.map +1 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.js +60 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts +14 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts.map +1 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.js +116 -0
- package/dist/translations/ar/cli.json +21 -0
- package/dist/translations/ar/web.json +43 -1
- package/dist/translations/de/cli.json +21 -0
- package/dist/translations/de/web.json +43 -1
- package/dist/translations/en/cli.json +21 -0
- package/dist/translations/en/web.json +43 -1
- package/dist/translations/es/cli.json +21 -0
- package/dist/translations/es/web.json +43 -1
- package/dist/translations/fr/cli.json +21 -0
- package/dist/translations/fr/web.json +43 -1
- package/dist/translations/he/cli.json +21 -0
- package/dist/translations/he/web.json +43 -1
- package/dist/translations/pt/cli.json +22 -1
- package/dist/translations/pt/web.json +43 -1
- package/dist/translations/ru/cli.json +21 -0
- package/dist/translations/ru/web.json +43 -1
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/web/.next/BUILD_ID +1 -1
- package/web/.next/build-manifest.json +2 -2
- package/web/.next/fallback-build-manifest.json +2 -2
- package/web/.next/prerender-manifest.json +3 -3
- package/web/.next/required-server-files.js +3 -3
- package/web/.next/required-server-files.json +3 -3
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page/server-reference-manifest.json +29 -29
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/chat/page/server-reference-manifest.json +27 -27
- package/web/.next/server/app/(dashboard)/@drawer/chat/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/chat/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/create/page/server-reference-manifest.json +30 -30
- package/web/.next/server/app/(dashboard)/@drawer/create/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/create/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/chat/page/server-reference-manifest.json +27 -27
- package/web/.next/server/app/(dashboard)/chat/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/chat/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/create/page/server-reference-manifest.json +30 -30
- package/web/.next/server/app/(dashboard)/create/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/create/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/page/server-reference-manifest.json +27 -27
- package/web/.next/server/app/(dashboard)/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/_global-error.html +2 -2
- package/web/.next/server/app/_global-error.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/__PAGE__.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_full.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_head.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_index.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_tree.segment.rsc +1 -1
- package/web/.next/server/app/_not-found/page/server-reference-manifest.json +6 -6
- package/web/.next/server/app/_not-found/page.js.nft.json +1 -1
- package/web/.next/server/app/_not-found/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/api/attachments/preview/route.js.nft.json +1 -1
- package/web/.next/server/app/api/evidence/route.js.nft.json +1 -1
- package/web/.next/server/app/api/graph-data/route.js.nft.json +1 -1
- package/web/.next/server/app/api/interactive/chat/[featureId]/messages/route.js.nft.json +1 -1
- package/web/.next/server/app/api/sessions/route.js.nft.json +1 -1
- package/web/.next/server/app/api/sessions-batch/route.js.nft.json +1 -1
- package/web/.next/server/app/features/page/server-reference-manifest.json +6 -6
- package/web/.next/server/app/features/page.js.nft.json +1 -1
- package/web/.next/server/app/features/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/settings/page/server-reference-manifest.json +33 -18
- package/web/.next/server/app/settings/page.js +1 -1
- package/web/.next/server/app/settings/page.js.nft.json +1 -1
- package/web/.next/server/app/settings/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/skills/page/server-reference-manifest.json +13 -13
- package/web/.next/server/app/skills/page.js.nft.json +1 -1
- package/web/.next/server/app/skills/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/tools/page/server-reference-manifest.json +11 -11
- package/web/.next/server/app/tools/page.js.nft.json +1 -1
- package/web/.next/server/app/tools/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/version/page/server-reference-manifest.json +6 -6
- package/web/.next/server/app/version/page.js.nft.json +1 -1
- package/web/.next/server/app/version/page_client-reference-manifest.js +1 -1
- package/web/.next/server/chunks/403f9_next_dist_esm_build_templates_app-route_370c43b1.js +1 -1
- package/web/.next/server/chunks/403f9_next_dist_esm_build_templates_app-route_370c43b1.js.map +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__a402b567._.js +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__c78383b1._.js +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__c78383b1._.js.map +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__cd67a84c._.js +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__cd67a84c._.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_adopt_page_actions_ad0071c9.js +1 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_adopt_page_actions_ad0071c9.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_chat_page_actions_90d98b2b.js +1 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_chat_page_actions_90d98b2b.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_chat_page_actions_d3828105.js +1 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_chat_page_actions_d3828105.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_create-drawer-client_tsx_5e26fc0a._.js +1 -1
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_create-drawer-client_tsx_5e26fc0a._.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_feature-drawer-client_tsx_e9755fc8._.js +2 -2
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_feature-drawer-client_tsx_e9755fc8._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1f389e5d._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1f389e5d._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__357d99f9._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__51ec77a8._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__51ec77a8._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__540c615f._.js +2 -2
- package/web/.next/server/chunks/ssr/[root-of-the-server]__540c615f._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__66047a1b._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__66047a1b._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__6c7d3936._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__6c7d3936._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a2d6c0ac._.js +4 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a2d6c0ac._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a932cd3a._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a932cd3a._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__aa72e794._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__aa72e794._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__b7b96453._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__b7b96453._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_05c23ad9._.js +1 -1
- package/web/.next/server/chunks/ssr/_05c23ad9._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_08eaf4b1._.js +3 -0
- package/web/.next/server/chunks/ssr/_08eaf4b1._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_16eb4fec._.js +1 -1
- package/web/.next/server/chunks/ssr/_16eb4fec._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_295fffde._.js +1 -1
- package/web/.next/server/chunks/ssr/_295fffde._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_45496654._.js +1 -1
- package/web/.next/server/chunks/ssr/_45496654._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_4cbb7f95._.js +1 -1
- package/web/.next/server/chunks/ssr/_4cbb7f95._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_56b9d60f._.js +1 -1
- package/web/.next/server/chunks/ssr/_56b9d60f._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_6abfa39e._.js +1 -1
- package/web/.next/server/chunks/ssr/_783debcb._.js +9 -0
- package/web/.next/server/chunks/ssr/_783debcb._.js.map +1 -0
- package/web/.next/server/chunks/ssr/{_af6b8b94._.js → _e7f76333._.js} +2 -2
- package/web/.next/server/chunks/ssr/{_af6b8b94._.js.map → _e7f76333._.js.map} +1 -1
- package/web/.next/server/chunks/ssr/_f8c55130._.js +1 -1
- package/web/.next/server/chunks/ssr/_f8c55130._.js.map +1 -1
- package/web/.next/server/chunks/ssr/{_e0dd6fcf._.js → _fc1578d7._.js} +2 -2
- package/web/.next/server/chunks/ssr/_fc1578d7._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_ff04802c._.js +3 -0
- package/web/.next/server/chunks/ssr/_ff04802c._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_ff87ffa6._.js +3 -0
- package/web/.next/server/chunks/ssr/_ff87ffa6._.js.map +1 -0
- package/web/.next/server/chunks/ssr/b1a17_presentation_web_components_features_settings_settings-page-client_tsx_6ed9d5f8._.js +1 -1
- package/web/.next/server/chunks/ssr/b1a17_presentation_web_components_features_settings_settings-page-client_tsx_6ed9d5f8._.js.map +1 -1
- package/web/.next/server/chunks/ssr/f3a1f_components_common_control-center-drawer_repository-drawer-client_tsx_39a00c03._.js +1 -1
- package/web/.next/server/chunks/ssr/f3a1f_components_common_control-center-drawer_repository-drawer-client_tsx_39a00c03._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_17d39233._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_17d39233._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_54b02639._.js +2 -2
- package/web/.next/server/chunks/ssr/src_presentation_web_54b02639._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_7b7b9e3b._.js +2 -2
- package/web/.next/server/chunks/ssr/src_presentation_web_7b7b9e3b._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_807cba76._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_807cba76._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_(dashboard)_page_actions_90b5e66e.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_(dashboard)_page_actions_90b5e66e.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_skills_page_actions_4ce30db7.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_skills_page_actions_4ce30db7.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_tools_page_actions_e4032193.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_tools_page_actions_e4032193.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_app_actions_open-ide_ts_baaca5d5._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_ca99d62d._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_ca99d62d._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_895e5bfa._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_895e5bfa._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_control-center_7ac3562e._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_control-center_7ac3562e._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_skills_8a174cac._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_skills_8a174cac._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_db9fa0c2._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_db9fa0c2._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_e1cd1869._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_e1cd1869._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_e3a30e30._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_e3a30e30._.js.map +1 -1
- package/web/.next/server/chunks/ssr/translations_23dd5e7e._.js +1 -1
- package/web/.next/server/chunks/ssr/translations_23dd5e7e._.js.map +1 -1
- package/web/.next/server/pages/500.html +2 -2
- package/web/.next/server/server-reference-manifest.js +1 -1
- package/web/.next/server/server-reference-manifest.json +74 -59
- package/web/.next/static/chunks/{238fdbed09dc61b6.js → 1eeabda286169861.js} +2 -2
- package/web/.next/static/chunks/20ec94c610d07a10.css +1 -0
- package/web/.next/static/chunks/{940c842293a6ee9b.js → 2dcae7bd1f3e2b51.js} +1 -1
- package/web/.next/static/chunks/3aba9d2242420cb5.js +1 -0
- package/web/.next/static/chunks/6003ad985fb78e62.js +1 -0
- package/web/.next/static/chunks/{0b07ee72b0c639ef.js → 69aa6a996dccb7dc.js} +2 -2
- package/web/.next/static/chunks/{873e837cd1179cdd.js → 6e5aeb5da5bb2ab6.js} +1 -1
- package/web/.next/static/chunks/{2ad924f5ba5ec0a6.js → 7c8e1ab108e3ceea.js} +1 -1
- package/web/.next/static/chunks/{bc41a393614b1192.js → 825ddcb7c361b2fe.js} +1 -1
- package/web/.next/static/chunks/{a22ee308ae1509ca.js → 89a6182ae40ac10b.js} +1 -1
- package/web/.next/static/chunks/{d26542df5ecc8717.js → a6d516b7e128f889.js} +1 -1
- package/web/.next/static/chunks/ae81796726a9bba3.js +1 -0
- package/web/.next/static/chunks/{b49ab0b290e9342d.js → b46545caae3b4930.js} +1 -1
- package/web/.next/static/chunks/{b7b5d65a5dd2fff1.js → c43f00ac45c5381d.js} +1 -1
- package/web/.next/static/chunks/{39054eabee156e55.js → c741f40bcb2abe54.js} +3 -3
- package/web/.next/static/chunks/{1b336d1266a0aa3d.js → dfc05704351fc940.js} +1 -1
- package/web/.next/static/chunks/eb72ac7aa8986962.js +1 -0
- package/web/.next/static/chunks/eef5d47669e61a54.js +3 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1cd4327c._.js +0 -4
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1cd4327c._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_2b021b35._.js +0 -3
- package/web/.next/server/chunks/ssr/_2b021b35._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_43ba79e7._.js +0 -3
- package/web/.next/server/chunks/ssr/_43ba79e7._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_7cb0396e._.js +0 -3
- package/web/.next/server/chunks/ssr/_7cb0396e._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_e0dd6fcf._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_e680c57c._.js +0 -9
- package/web/.next/server/chunks/ssr/_e680c57c._.js.map +0 -1
- package/web/.next/static/chunks/28f6b1cab38ab025.js +0 -3
- package/web/.next/static/chunks/8b0a9cb5109fe899.js +0 -1
- package/web/.next/static/chunks/a20f2d6f76f469b7.css +0 -1
- package/web/.next/static/chunks/b2aa69e4b0b032d9.js +0 -1
- package/web/.next/static/chunks/b65e555419a0c664.js +0 -1
- package/web/.next/static/chunks/ba0e0fa2d1a650bb.js +0 -1
- /package/web/.next/static/{9rcv3ICw0kZNuv3TVdO8E → 4jtpgWCvk_Q6-K-puXRhW}/_buildManifest.js +0 -0
- /package/web/.next/static/{9rcv3ICw0kZNuv3TVdO8E → 4jtpgWCvk_Q6-K-puXRhW}/_clientMiddlewareManifest.json +0 -0
- /package/web/.next/static/{9rcv3ICw0kZNuv3TVdO8E → 4jtpgWCvk_Q6-K-puXRhW}/_ssgManifest.js +0 -0
package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-graph.d.ts
CHANGED
|
@@ -56,6 +56,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
56
56
|
ciFixAttempts: number;
|
|
57
57
|
ciFixHistory: import("../../../../domain/index.js").CiFixRecord[];
|
|
58
58
|
ciFixStatus: "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted";
|
|
59
|
+
securityMode: import("../../../../domain/index.js").SecurityMode;
|
|
60
|
+
securityActionDispositions: Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>;
|
|
59
61
|
}, {
|
|
60
62
|
featureId?: string | undefined;
|
|
61
63
|
repositoryPath?: string | undefined;
|
|
@@ -89,7 +91,9 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
89
91
|
ciFixAttempts?: number | undefined;
|
|
90
92
|
ciFixHistory?: import("../../../../domain/index.js").CiFixRecord[] | undefined;
|
|
91
93
|
ciFixStatus?: "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted" | undefined;
|
|
92
|
-
|
|
94
|
+
securityMode?: import("../../../../domain/index.js").SecurityMode | undefined;
|
|
95
|
+
securityActionDispositions?: Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>> | undefined;
|
|
96
|
+
}, "implement" | "__start__" | "analyze" | "requirements" | "research" | "plan" | "validate_spec_analyze" | "validate_spec_requirements" | "validate_research" | "validate_plan_tasks" | "repair_spec_analyze" | "repair_spec_requirements" | "repair_research" | "repair_plan_tasks", {
|
|
93
97
|
featureId: {
|
|
94
98
|
(): import("@langchain/langgraph").LastValue<string>;
|
|
95
99
|
(annotation: import("@langchain/langgraph").SingleReducer<string, string>): import("@langchain/langgraph").BinaryOperatorAggregate<string, string>;
|
|
@@ -142,6 +146,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
142
146
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
143
147
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
144
148
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
149
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
150
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
145
151
|
}, {
|
|
146
152
|
featureId: {
|
|
147
153
|
(): import("@langchain/langgraph").LastValue<string>;
|
|
@@ -195,6 +201,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
195
201
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
196
202
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
197
203
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
204
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
205
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
198
206
|
}, import("@langchain/langgraph").StateDefinition, {
|
|
199
207
|
analyze: Partial<import("@langchain/langgraph").StateType<{
|
|
200
208
|
featureId: {
|
|
@@ -249,6 +257,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
249
257
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
250
258
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
251
259
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
260
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
261
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
252
262
|
}>>;
|
|
253
263
|
requirements: Partial<import("@langchain/langgraph").StateType<{
|
|
254
264
|
featureId: {
|
|
@@ -303,6 +313,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
303
313
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
304
314
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
305
315
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
316
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
317
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
306
318
|
}>>;
|
|
307
319
|
research: Partial<import("@langchain/langgraph").StateType<{
|
|
308
320
|
featureId: {
|
|
@@ -357,6 +369,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
357
369
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
358
370
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
359
371
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
372
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
373
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
360
374
|
}>>;
|
|
361
375
|
plan: Partial<import("@langchain/langgraph").StateType<{
|
|
362
376
|
featureId: {
|
|
@@ -411,6 +425,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
411
425
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
412
426
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
413
427
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
428
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
429
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
414
430
|
}>>;
|
|
415
431
|
implement: Partial<import("@langchain/langgraph").StateType<{
|
|
416
432
|
featureId: {
|
|
@@ -465,6 +481,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
465
481
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
466
482
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
467
483
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
484
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
485
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
468
486
|
}>>;
|
|
469
487
|
validate_spec_analyze: Partial<import("@langchain/langgraph").StateType<{
|
|
470
488
|
featureId: {
|
|
@@ -519,6 +537,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
519
537
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
520
538
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
521
539
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
540
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
541
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
522
542
|
}>>;
|
|
523
543
|
validate_spec_requirements: Partial<import("@langchain/langgraph").StateType<{
|
|
524
544
|
featureId: {
|
|
@@ -573,6 +593,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
573
593
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
574
594
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
575
595
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
596
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
597
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
576
598
|
}>>;
|
|
577
599
|
validate_research: Partial<import("@langchain/langgraph").StateType<{
|
|
578
600
|
featureId: {
|
|
@@ -627,6 +649,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
627
649
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
628
650
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
629
651
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
652
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
653
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
630
654
|
}>>;
|
|
631
655
|
validate_plan_tasks: Partial<import("@langchain/langgraph").StateType<{
|
|
632
656
|
featureId: {
|
|
@@ -681,6 +705,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
681
705
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
682
706
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
683
707
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
708
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
709
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
684
710
|
}>>;
|
|
685
711
|
repair_spec_analyze: Partial<import("@langchain/langgraph").StateType<{
|
|
686
712
|
featureId: {
|
|
@@ -735,6 +761,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
735
761
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
736
762
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
737
763
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
764
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
765
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
738
766
|
}>>;
|
|
739
767
|
repair_spec_requirements: Partial<import("@langchain/langgraph").StateType<{
|
|
740
768
|
featureId: {
|
|
@@ -789,6 +817,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
789
817
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
790
818
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
791
819
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
820
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
821
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
792
822
|
}>>;
|
|
793
823
|
repair_research: Partial<import("@langchain/langgraph").StateType<{
|
|
794
824
|
featureId: {
|
|
@@ -843,6 +873,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
843
873
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
844
874
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
845
875
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
876
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
877
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
846
878
|
}>>;
|
|
847
879
|
repair_plan_tasks: Partial<import("@langchain/langgraph").StateType<{
|
|
848
880
|
featureId: {
|
|
@@ -897,6 +929,8 @@ export declare function createFeatureAgentGraph(depsOrExecutor: FeatureAgentGrap
|
|
|
897
929
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
898
930
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").CiFixRecord[], import("../../../../domain/index.js").CiFixRecord[]>;
|
|
899
931
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
932
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<import("../../../../domain/index.js").SecurityMode, import("../../../../domain/index.js").SecurityMode>;
|
|
933
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>, Partial<Record<import("../../../../domain/index.js").SecurityActionCategory, import("../../../../domain/index.js").SecurityActionDisposition>>>;
|
|
900
934
|
}>>;
|
|
901
935
|
}, unknown, unknown>;
|
|
902
936
|
//# sourceMappingURL=feature-agent-graph.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"feature-agent-graph.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-graph.ts"],"names":[],"mappings":"AAAA,OAAO,EAA0B,KAAK,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACxF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,+DAA+D,CAAC;AAOpG,OAAO,EAAmB,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAclF,OAAO,EAAE,sBAAsB,EAAE,KAAK,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE5E;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,cAAc,CAAC;IACzB,aAAa,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;CACjD;AAwID;;;;;;;;;;;;GAYG;AACH,wBAAgB,uBAAuB,CACrC,cAAc,EAAE,qBAAqB,GAAG,cAAc,EACtD,YAAY,CAAC,EAAE,mBAAmB
|
|
1
|
+
{"version":3,"file":"feature-agent-graph.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-graph.ts"],"names":[],"mappings":"AAAA,OAAO,EAA0B,KAAK,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACxF,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,+DAA+D,CAAC;AAOpG,OAAO,EAAmB,KAAK,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAclF,OAAO,EAAE,sBAAsB,EAAE,KAAK,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAE5E;;;GAGG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,cAAc,CAAC;IACzB,aAAa,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;CACjD;AAwID;;;;;;;;;;;;GAYG;AACH,wBAAgB,uBAAuB,CACrC,cAAc,EAAE,qBAAqB,GAAG,cAAc,EACtD,YAAY,CAAC,EAAE,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qBAgFnC"}
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
*/
|
|
8
8
|
import type { IFeatureAgentProcessService } from '../../../../application/ports/output/agents/feature-agent-process.interface.js';
|
|
9
9
|
import type { IAgentRunRepository } from '../../../../application/ports/output/agents/agent-run-repository.interface.js';
|
|
10
|
-
import { type ApprovalGates, type AgentType } from '../../../../domain/generated/output.js';
|
|
10
|
+
import { type ApprovalGates, type AgentType, type SecurityMode, type SecurityActionCategory, type SecurityActionDisposition } from '../../../../domain/generated/output.js';
|
|
11
11
|
export declare class FeatureAgentProcessService implements IFeatureAgentProcessService {
|
|
12
12
|
private readonly runRepository;
|
|
13
13
|
constructor(runRepository: IAgentRunRepository);
|
|
@@ -28,6 +28,8 @@ export declare class FeatureAgentProcessService implements IFeatureAgentProcessS
|
|
|
28
28
|
fast?: boolean;
|
|
29
29
|
model?: string;
|
|
30
30
|
resumeReason?: string;
|
|
31
|
+
securityMode?: SecurityMode;
|
|
32
|
+
securityActionDispositions?: Partial<Record<SecurityActionCategory, SecurityActionDisposition>>;
|
|
31
33
|
}): number;
|
|
32
34
|
isAlive(pid: number): boolean;
|
|
33
35
|
checkAndMarkCrashed(runId: string): Promise<void>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"feature-agent-process.service.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,sEAAsE,CAAC;AACxH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qEAAqE,CAAC;AAC/G,OAAO,
|
|
1
|
+
{"version":3,"file":"feature-agent-process.service.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,sEAAsE,CAAC;AACxH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,qEAAqE,CAAC;AAC/G,OAAO,EAEL,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,sBAAsB,EAC3B,KAAK,yBAAyB,EAC/B,MAAM,8BAA8B,CAAC;AAatC,qBAAa,0BAA2B,YAAW,2BAA2B;IAChE,OAAO,CAAC,QAAQ,CAAC,aAAa;gBAAb,aAAa,EAAE,mBAAmB;IAE/D,KAAK,CACH,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,YAAY,CAAC,EAAE,MAAM,EACrB,OAAO,CAAC,EAAE;QACR,aAAa,CAAC,EAAE,aAAa,CAAC;QAC9B,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;QAC9B,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,SAAS,CAAC,EAAE,SAAS,CAAC;QACtB,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,YAAY,CAAC;QAC5B,0BAA0B,CAAC,EAAE,OAAO,CAClC,MAAM,CAAC,sBAAsB,EAAE,yBAAyB,CAAC,CAC1D,CAAC;KACH,GACA,MAAM;IA4FT,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IASvB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAexD"}
|
|
@@ -12,7 +12,7 @@ import { join } from 'node:path';
|
|
|
12
12
|
import { openSync } from 'node:fs';
|
|
13
13
|
import { homedir } from 'node:os';
|
|
14
14
|
import { mkdirSync } from 'node:fs';
|
|
15
|
-
import { AgentRunStatus } from '../../../../domain/generated/output.js';
|
|
15
|
+
import { AgentRunStatus, } from '../../../../domain/generated/output.js';
|
|
16
16
|
import { IS_WINDOWS } from '../../../platform.js';
|
|
17
17
|
const __dirname = dirname(fileURLToPath(import.meta.url));
|
|
18
18
|
/** Terminal statuses that should not be updated */
|
|
@@ -90,6 +90,12 @@ export class FeatureAgentProcessService {
|
|
|
90
90
|
if (options?.resumeReason) {
|
|
91
91
|
args.push('--resume-reason', options.resumeReason);
|
|
92
92
|
}
|
|
93
|
+
if (options?.securityMode) {
|
|
94
|
+
args.push('--security-mode', options.securityMode);
|
|
95
|
+
}
|
|
96
|
+
if (options?.securityActionDispositions) {
|
|
97
|
+
args.push('--security-dispositions', JSON.stringify(options.securityActionDispositions));
|
|
98
|
+
}
|
|
93
99
|
// Create log file for worker output (for debugging)
|
|
94
100
|
const logsDir = join(homedir(), '.shep', 'logs');
|
|
95
101
|
mkdirSync(logsDir, { recursive: true });
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
* CLI Args: --feature-id <id> --run-id <id> --repo <path> --spec-dir <path>
|
|
10
10
|
*/
|
|
11
11
|
import 'reflect-metadata';
|
|
12
|
-
import { type AgentType } from '../../../../domain/generated/output.js';
|
|
12
|
+
import { SecurityMode, type AgentType, type SecurityActionCategory, type SecurityActionDisposition } from '../../../../domain/generated/output.js';
|
|
13
13
|
import type { ApprovalGates } from '../../../../domain/generated/output.js';
|
|
14
14
|
export interface WorkerArgs {
|
|
15
15
|
featureId: string;
|
|
@@ -33,6 +33,8 @@ export interface WorkerArgs {
|
|
|
33
33
|
fast?: boolean;
|
|
34
34
|
model?: string;
|
|
35
35
|
resumeReason?: string;
|
|
36
|
+
securityMode?: SecurityMode;
|
|
37
|
+
securityActionDispositions?: Partial<Record<SecurityActionCategory, SecurityActionDisposition>>;
|
|
36
38
|
}
|
|
37
39
|
/**
|
|
38
40
|
* Parse CLI arguments into a WorkerArgs object.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"feature-agent-worker.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.ts"],"names":[],"mappings":";AACA;;;;;;;;GAQG;AAEH,OAAO,kBAAkB,CAAC;AAgB1B,OAAO,
|
|
1
|
+
{"version":3,"file":"feature-agent-worker.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.ts"],"names":[],"mappings":";AACA;;;;;;;;GAQG;AAEH,OAAO,kBAAkB,CAAC;AAgB1B,OAAO,EAGL,YAAY,EACZ,KAAK,SAAS,EACd,KAAK,sBAAsB,EAC3B,KAAK,yBAAyB,EAC/B,MAAM,8BAA8B,CAAC;AAWtC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAElE,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,SAAS,CAAC,EAAE,SAAS,CAAC;IACtB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,0BAA0B,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB,EAAE,yBAAyB,CAAC,CAAC,CAAC;CACjG;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,UAAU,CA4G1D;AAgCD;;;GAGG;AACH,wBAAsB,SAAS,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAmT/D"}
|
package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.js
CHANGED
|
@@ -16,7 +16,7 @@ import { initializeContainer, container } from '../../../di/container.js';
|
|
|
16
16
|
import { createFeatureAgentGraph } from './feature-agent-graph.js';
|
|
17
17
|
import { createFastFeatureAgentGraph } from './fast-feature-agent-graph.js';
|
|
18
18
|
import { createCheckpointer } from '../common/checkpointer.js';
|
|
19
|
-
import { AgentRunStatus, SdlcLifecycle } from '../../../../domain/generated/output.js';
|
|
19
|
+
import { AgentRunStatus, SdlcLifecycle, SecurityMode, } from '../../../../domain/generated/output.js';
|
|
20
20
|
import { initializeSettings } from '../../../services/settings.service.js';
|
|
21
21
|
import { InitializeSettingsUseCase } from '../../../../application/use-cases/settings/initialize-settings.use-case.js';
|
|
22
22
|
import { setHeartbeatContext } from './heartbeat.js';
|
|
@@ -76,6 +76,23 @@ export function parseWorkerArgs(args) {
|
|
|
76
76
|
const resumeReason = resumeReasonIdx !== -1 && resumeReasonIdx + 1 < args.length
|
|
77
77
|
? args[resumeReasonIdx + 1]
|
|
78
78
|
: undefined;
|
|
79
|
+
const securityModeIdx = args.indexOf('--security-mode');
|
|
80
|
+
const securityModeRaw = securityModeIdx !== -1 && securityModeIdx + 1 < args.length
|
|
81
|
+
? args[securityModeIdx + 1]
|
|
82
|
+
: undefined;
|
|
83
|
+
const securityMode = securityModeRaw && Object.values(SecurityMode).includes(securityModeRaw)
|
|
84
|
+
? securityModeRaw
|
|
85
|
+
: undefined;
|
|
86
|
+
const securityDispositionsIdx = args.indexOf('--security-dispositions');
|
|
87
|
+
let securityActionDispositions;
|
|
88
|
+
if (securityDispositionsIdx !== -1 && securityDispositionsIdx + 1 < args.length) {
|
|
89
|
+
try {
|
|
90
|
+
securityActionDispositions = JSON.parse(args[securityDispositionsIdx + 1]);
|
|
91
|
+
}
|
|
92
|
+
catch {
|
|
93
|
+
securityActionDispositions = undefined;
|
|
94
|
+
}
|
|
95
|
+
}
|
|
79
96
|
return {
|
|
80
97
|
featureId: getArg('feature-id'),
|
|
81
98
|
runId: getArg('run-id'),
|
|
@@ -98,6 +115,8 @@ export function parseWorkerArgs(args) {
|
|
|
98
115
|
fast,
|
|
99
116
|
model,
|
|
100
117
|
resumeReason,
|
|
118
|
+
securityMode,
|
|
119
|
+
securityActionDispositions,
|
|
101
120
|
};
|
|
102
121
|
}
|
|
103
122
|
/** Simple worker logger — writes to stdout which is redirected to log file by the parent. */
|
|
@@ -159,6 +178,10 @@ export async function runWorker(args) {
|
|
|
159
178
|
...(args.agentType ? ['--agent-type', args.agentType] : []),
|
|
160
179
|
...(args.fast ? ['--fast'] : []),
|
|
161
180
|
...(args.model ? ['--model', args.model] : []),
|
|
181
|
+
...(args.securityMode ? ['--security-mode', args.securityMode] : []),
|
|
182
|
+
...(args.securityActionDispositions
|
|
183
|
+
? ['--security-dispositions', JSON.stringify(args.securityActionDispositions)]
|
|
184
|
+
: []),
|
|
162
185
|
];
|
|
163
186
|
log(`Starting worker — full command:`);
|
|
164
187
|
log(` ${cmdParts.join(' ')}`);
|
|
@@ -292,6 +315,10 @@ export async function runWorker(args) {
|
|
|
292
315
|
ciWatchEnabled: args.ciWatchEnabled ?? true,
|
|
293
316
|
enableEvidence: args.enableEvidence ?? false,
|
|
294
317
|
commitEvidence: args.commitEvidence ?? false,
|
|
318
|
+
...(args.securityMode ? { securityMode: args.securityMode } : {}),
|
|
319
|
+
...(args.securityActionDispositions
|
|
320
|
+
? { securityActionDispositions: args.securityActionDispositions }
|
|
321
|
+
: {}),
|
|
295
322
|
}, graphConfig);
|
|
296
323
|
}
|
|
297
324
|
else {
|
|
@@ -310,6 +337,10 @@ export async function runWorker(args) {
|
|
|
310
337
|
ciWatchEnabled: args.ciWatchEnabled ?? true,
|
|
311
338
|
enableEvidence: args.enableEvidence ?? false,
|
|
312
339
|
commitEvidence: args.commitEvidence ?? false,
|
|
340
|
+
...(args.securityMode ? { securityMode: args.securityMode } : {}),
|
|
341
|
+
...(args.securityActionDispositions
|
|
342
|
+
? { securityActionDispositions: args.securityActionDispositions }
|
|
343
|
+
: {}),
|
|
313
344
|
}, graphConfig);
|
|
314
345
|
}
|
|
315
346
|
log(`Graph invocation completed. Error: ${result.error ?? 'none'}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"node-helpers.d.ts","sourceRoot":"","sources":["../../../../../../../../../packages/core/src/infrastructure/services/agents/feature-agent/nodes/node-helpers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,OAAO,KAAK,EACV,cAAc,EACd,qBAAqB,EACrB,oBAAoB,EACrB,MAAM,+DAA+D,CAAC;AACvE,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAC;
|
|
1
|
+
{"version":3,"file":"node-helpers.d.ts","sourceRoot":"","sources":["../../../../../../../../../packages/core/src/infrastructure/services/agents/feature-agent/nodes/node-helpers.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,OAAO,KAAK,EACV,cAAc,EACd,qBAAqB,EACrB,oBAAoB,EACrB,MAAM,+DAA+D,CAAC;AACvE,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAC;AAI5E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAUrD;;;;GAIG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM;IAE7C,4DAA4D;gBAChD,IAAI;kBAGF,MAAM,GAAG,IAAI;mBAIZ,MAAM,GAAG,IAAI;EAK/B;AAED,MAAM,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAE7D;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAMtE;AAoBD;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAO1D;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,iBAAiB,EACxB,SAAS,CAAC,EAAE,OAAO,CAAC,IAAI,CAAC,qBAAqB,EAAE,SAAS,CAAC,CAAC,EAC3D,QAAQ,CAAC,EAAE,MAAM,GAChB,qBAAqB,CAUvB;AAeD;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAQrD;AAgBD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,CAElD;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,GAAG,SAAS,GAAG,OAAO,CAQ3F;AAMD,MAAM,MAAM,aAAa,GAAG,eAAe,GAAG,mBAAmB,GAAG,eAAe,GAAG,SAAS,CAAC;AAMhG;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,YAAY,EAAE,MAAM,GAAG,aAAa,CAKjE;AAED,MAAM,WAAW,YAAY;IAC3B,wDAAwD;IACxD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kFAAkF;IAClF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,0CAA0C;IAC1C,MAAM,CAAC,EAAE,UAAU,CAAC;CACrB;AAED;;;;;;GAMG;AACH,wBAAsB,YAAY,CAChC,QAAQ,EAAE,cAAc,EACxB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,qBAAqB,EAC9B,SAAS,CAAC,EAAE,YAAY,GACvB,OAAO,CAAC,oBAAoB,CAAC,CA6B/B;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAW5D;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,UAAU,GAAG,IAAI,CAiB5F;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI;IAAE,QAAQ,EAAE,IAAI,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAOhG;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,UAAU,GAAG,IAAI,CAoB1F;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI,CAa5F;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,IAAI,EAAE;IACzC,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,6FAA6F;IAC7F,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B,GAAG,MAAM,CAiCT;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,CAa3E;AAKD;;;;;;GAMG;AACH,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,iBAAiB,EACxB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,UAAU,GACd,IAAI,CA6BN;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CACzB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,cAAc,EACxB,WAAW,EAAE,CAAC,KAAK,EAAE,iBAAiB,EAAE,GAAG,EAAE,UAAU,KAAK,MAAM,GACjE,CAAC,KAAK,EAAE,iBAAiB,KAAK,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CA+KnE;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,iBAAiB,EACxB,QAAQ,EAAE,QAAQ,EAAE,EACpB,GAAG,EAAE,UAAU,CAAC,OAAO,gBAAgB,CAAC,GACvC,IAAI,CAaN"}
|
package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/node-helpers.js
CHANGED
|
@@ -10,6 +10,8 @@ import { execSync } from 'node:child_process';
|
|
|
10
10
|
import { join, dirname, relative } from 'node:path';
|
|
11
11
|
import { interrupt, isGraphBubbleUp } from '@langchain/langgraph';
|
|
12
12
|
import { hasSettings, getSettings } from '../../../../services/settings.service.js';
|
|
13
|
+
import { SecurityViolationError } from '../../../../../domain/errors/security-violation.error.js';
|
|
14
|
+
import { checkSecurityDisposition, resolveEffectiveSecurityMode } from './security-pre-check.js';
|
|
13
15
|
import { reportNodeStart } from '../heartbeat.js';
|
|
14
16
|
import { recordPhaseStart, recordPhaseEnd, recordApprovalWaitStart, } from '../phase-timing-context.js';
|
|
15
17
|
import { updateNodeLifecycle } from '../lifecycle-context.js';
|
|
@@ -489,6 +491,29 @@ export function executeNode(nodeName, executor, buildPrompt) {
|
|
|
489
491
|
};
|
|
490
492
|
}
|
|
491
493
|
}
|
|
494
|
+
// Security pre-check: evaluate policy before executing the agent.
|
|
495
|
+
// Master kill switch — when the supplyChainSecurity feature flag is off,
|
|
496
|
+
// resolveEffectiveSecurityMode forces the mode to Disabled so
|
|
497
|
+
// checkSecurityDisposition returns a skip and no security logic runs.
|
|
498
|
+
const supplyChainSecurityEnabled = hasSettings()
|
|
499
|
+
? (getSettings().featureFlags?.supplyChainSecurity ?? true)
|
|
500
|
+
: true;
|
|
501
|
+
const effectiveSecurityMode = resolveEffectiveSecurityMode(state.securityMode, supplyChainSecurityEnabled);
|
|
502
|
+
const securityCheck = checkSecurityDisposition(nodeName, effectiveSecurityMode, state.securityActionDispositions ?? {});
|
|
503
|
+
if (securityCheck.action === 'deny') {
|
|
504
|
+
throw new SecurityViolationError(`Node "${nodeName}" denied by security policy (category: ${securityCheck.category})`, securityCheck.category, `Action category "${securityCheck.category}" is denied. Update security policy to allow this action.`);
|
|
505
|
+
}
|
|
506
|
+
if (securityCheck.action === 'approval_required') {
|
|
507
|
+
log.info(`Security policy requires approval for "${nodeName}" (category: ${securityCheck.category})`);
|
|
508
|
+
interrupt({
|
|
509
|
+
node: nodeName,
|
|
510
|
+
message: `Security policy requires approval for "${securityCheck.category}" before "${nodeName}" can execute.`,
|
|
511
|
+
securityCategory: securityCheck.category,
|
|
512
|
+
});
|
|
513
|
+
}
|
|
514
|
+
if (securityCheck.action === 'warn') {
|
|
515
|
+
log.info(`Security advisory: "${nodeName}" would be restricted (category: ${securityCheck.category})`);
|
|
516
|
+
}
|
|
492
517
|
const startTime = Date.now();
|
|
493
518
|
const resumePrefix = buildResumeContext(state.resumeReason);
|
|
494
519
|
const prompt = resumePrefix + buildPrompt(state, log);
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security Pre-Check for Feature Agent Nodes
|
|
3
|
+
*
|
|
4
|
+
* Classifies node actions by SecurityActionCategory and evaluates
|
|
5
|
+
* the effective disposition based on the security policy mode and
|
|
6
|
+
* per-category overrides from FeatureAgentState.
|
|
7
|
+
*
|
|
8
|
+
* Used by executeNode() to enforce or warn about security policy
|
|
9
|
+
* before executing agent prompts.
|
|
10
|
+
*/
|
|
11
|
+
import { SecurityActionCategory, SecurityActionDisposition, SecurityMode } from '../../../../../domain/generated/output.js';
|
|
12
|
+
/**
|
|
13
|
+
* Classify a node name into its SecurityActionCategory.
|
|
14
|
+
* Returns null for read-only nodes (requirements, research, plan, analyze)
|
|
15
|
+
* that have no security-sensitive actions.
|
|
16
|
+
*/
|
|
17
|
+
export declare function classifyNodeAction(nodeName: string): SecurityActionCategory | null;
|
|
18
|
+
/**
|
|
19
|
+
* Resolve the effective SecurityMode for a node execution, honoring the
|
|
20
|
+
* supplyChainSecurity master kill switch. When the feature flag is false,
|
|
21
|
+
* the mode is forced to Disabled regardless of the mode stored in state.
|
|
22
|
+
*
|
|
23
|
+
* Extracted as a pure function so the gate can be unit-tested without
|
|
24
|
+
* spinning up the full node-helpers infrastructure.
|
|
25
|
+
*
|
|
26
|
+
* @param stateMode - The security mode carried in FeatureAgentState (or undefined)
|
|
27
|
+
* @param supplyChainSecurityEnabled - Value of the supplyChainSecurity feature flag
|
|
28
|
+
* @returns SecurityMode.Disabled when the flag is off, otherwise the state mode
|
|
29
|
+
* (or Disabled when state has no mode set).
|
|
30
|
+
*/
|
|
31
|
+
export declare function resolveEffectiveSecurityMode(stateMode: SecurityMode | undefined, supplyChainSecurityEnabled: boolean): SecurityMode;
|
|
32
|
+
/** Result of a security disposition check. */
|
|
33
|
+
export type SecurityCheckResult = {
|
|
34
|
+
action: 'skip';
|
|
35
|
+
} | {
|
|
36
|
+
action: 'allow';
|
|
37
|
+
} | {
|
|
38
|
+
action: 'warn';
|
|
39
|
+
category: SecurityActionCategory;
|
|
40
|
+
nodeName: string;
|
|
41
|
+
} | {
|
|
42
|
+
action: 'deny';
|
|
43
|
+
category: SecurityActionCategory;
|
|
44
|
+
nodeName: string;
|
|
45
|
+
} | {
|
|
46
|
+
action: 'approval_required';
|
|
47
|
+
category: SecurityActionCategory;
|
|
48
|
+
nodeName: string;
|
|
49
|
+
};
|
|
50
|
+
/**
|
|
51
|
+
* Check the security disposition for a node based on the effective policy.
|
|
52
|
+
*
|
|
53
|
+
* @param nodeName - The graph node name (e.g. 'implement', 'merge')
|
|
54
|
+
* @param securityMode - Effective security mode from state
|
|
55
|
+
* @param actionDispositions - Per-category disposition overrides from state
|
|
56
|
+
* @returns The action to take: skip, allow, warn, deny, or approval_required
|
|
57
|
+
*/
|
|
58
|
+
export declare function checkSecurityDisposition(nodeName: string, securityMode: SecurityMode, actionDispositions: Partial<Record<SecurityActionCategory, SecurityActionDisposition>>): SecurityCheckResult;
|
|
59
|
+
//# sourceMappingURL=security-pre-check.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-pre-check.d.ts","sourceRoot":"","sources":["../../../../../../../../../packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EACL,sBAAsB,EACtB,yBAAyB,EACzB,YAAY,EACb,MAAM,8BAA8B,CAAC;AAWtC;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,sBAAsB,GAAG,IAAI,CAElF;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,4BAA4B,CAC1C,SAAS,EAAE,YAAY,GAAG,SAAS,EACnC,0BAA0B,EAAE,OAAO,GAClC,YAAY,CAKd;AAED,8CAA8C;AAC9C,MAAM,MAAM,mBAAmB,GAC3B;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,GAClB;IAAE,MAAM,EAAE,OAAO,CAAA;CAAE,GACnB;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,sBAAsB,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GACtE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,sBAAsB,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,GACtE;IAAE,MAAM,EAAE,mBAAmB,CAAC;IAAC,QAAQ,EAAE,sBAAsB,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC;AAExF;;;;;;;GAOG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,YAAY,EAC1B,kBAAkB,EAAE,OAAO,CAAC,MAAM,CAAC,sBAAsB,EAAE,yBAAyB,CAAC,CAAC,GACrF,mBAAmB,CAyCrB"}
|
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security Pre-Check for Feature Agent Nodes
|
|
3
|
+
*
|
|
4
|
+
* Classifies node actions by SecurityActionCategory and evaluates
|
|
5
|
+
* the effective disposition based on the security policy mode and
|
|
6
|
+
* per-category overrides from FeatureAgentState.
|
|
7
|
+
*
|
|
8
|
+
* Used by executeNode() to enforce or warn about security policy
|
|
9
|
+
* before executing agent prompts.
|
|
10
|
+
*/
|
|
11
|
+
import { SecurityActionCategory, SecurityActionDisposition, SecurityMode, } from '../../../../../domain/generated/output.js';
|
|
12
|
+
/** Map node names to the security action category they represent. */
|
|
13
|
+
const NODE_ACTION_MAP = {
|
|
14
|
+
implement: SecurityActionCategory.PackageScriptExec,
|
|
15
|
+
'fast-implement': SecurityActionCategory.PackageScriptExec,
|
|
16
|
+
evidence: SecurityActionCategory.PackageScriptExec,
|
|
17
|
+
merge: SecurityActionCategory.CiWorkflowModify,
|
|
18
|
+
'ci-fix': SecurityActionCategory.CiWorkflowModify,
|
|
19
|
+
};
|
|
20
|
+
/**
|
|
21
|
+
* Classify a node name into its SecurityActionCategory.
|
|
22
|
+
* Returns null for read-only nodes (requirements, research, plan, analyze)
|
|
23
|
+
* that have no security-sensitive actions.
|
|
24
|
+
*/
|
|
25
|
+
export function classifyNodeAction(nodeName) {
|
|
26
|
+
return NODE_ACTION_MAP[nodeName] ?? null;
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Resolve the effective SecurityMode for a node execution, honoring the
|
|
30
|
+
* supplyChainSecurity master kill switch. When the feature flag is false,
|
|
31
|
+
* the mode is forced to Disabled regardless of the mode stored in state.
|
|
32
|
+
*
|
|
33
|
+
* Extracted as a pure function so the gate can be unit-tested without
|
|
34
|
+
* spinning up the full node-helpers infrastructure.
|
|
35
|
+
*
|
|
36
|
+
* @param stateMode - The security mode carried in FeatureAgentState (or undefined)
|
|
37
|
+
* @param supplyChainSecurityEnabled - Value of the supplyChainSecurity feature flag
|
|
38
|
+
* @returns SecurityMode.Disabled when the flag is off, otherwise the state mode
|
|
39
|
+
* (or Disabled when state has no mode set).
|
|
40
|
+
*/
|
|
41
|
+
export function resolveEffectiveSecurityMode(stateMode, supplyChainSecurityEnabled) {
|
|
42
|
+
if (!supplyChainSecurityEnabled) {
|
|
43
|
+
return SecurityMode.Disabled;
|
|
44
|
+
}
|
|
45
|
+
return stateMode ?? SecurityMode.Disabled;
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Check the security disposition for a node based on the effective policy.
|
|
49
|
+
*
|
|
50
|
+
* @param nodeName - The graph node name (e.g. 'implement', 'merge')
|
|
51
|
+
* @param securityMode - Effective security mode from state
|
|
52
|
+
* @param actionDispositions - Per-category disposition overrides from state
|
|
53
|
+
* @returns The action to take: skip, allow, warn, deny, or approval_required
|
|
54
|
+
*/
|
|
55
|
+
export function checkSecurityDisposition(nodeName, securityMode, actionDispositions) {
|
|
56
|
+
// Disabled mode — no checks
|
|
57
|
+
if (securityMode === SecurityMode.Disabled) {
|
|
58
|
+
return { action: 'skip' };
|
|
59
|
+
}
|
|
60
|
+
// Read-only nodes have no security-sensitive actions
|
|
61
|
+
const category = classifyNodeAction(nodeName);
|
|
62
|
+
if (!category) {
|
|
63
|
+
return { action: 'skip' };
|
|
64
|
+
}
|
|
65
|
+
// Look up the disposition for this category
|
|
66
|
+
const disposition = actionDispositions[category];
|
|
67
|
+
// No disposition configured — default to allow
|
|
68
|
+
if (!disposition) {
|
|
69
|
+
return { action: 'allow' };
|
|
70
|
+
}
|
|
71
|
+
if (disposition === SecurityActionDisposition.Allowed) {
|
|
72
|
+
return { action: 'allow' };
|
|
73
|
+
}
|
|
74
|
+
if (disposition === SecurityActionDisposition.Denied) {
|
|
75
|
+
// In Enforce mode, deny the action; in Advisory mode, just warn
|
|
76
|
+
if (securityMode === SecurityMode.Enforce) {
|
|
77
|
+
return { action: 'deny', category, nodeName };
|
|
78
|
+
}
|
|
79
|
+
return { action: 'warn', category, nodeName };
|
|
80
|
+
}
|
|
81
|
+
if (disposition === SecurityActionDisposition.ApprovalRequired) {
|
|
82
|
+
// In Enforce mode, require approval; in Advisory mode, just warn
|
|
83
|
+
if (securityMode === SecurityMode.Enforce) {
|
|
84
|
+
return { action: 'approval_required', category, nodeName };
|
|
85
|
+
}
|
|
86
|
+
return { action: 'warn', category, nodeName };
|
|
87
|
+
}
|
|
88
|
+
return { action: 'allow' };
|
|
89
|
+
}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
import type { ApprovalGates, CiFixRecord, Evidence } from '../../../../domain/generated/output.js';
|
|
1
|
+
import type { ApprovalGates, CiFixRecord, Evidence, SecurityActionCategory, SecurityActionDisposition } from '../../../../domain/generated/output.js';
|
|
2
|
+
import { SecurityMode } from '../../../../domain/generated/output.js';
|
|
2
3
|
/**
|
|
3
4
|
* State annotation for the feature-agent graph.
|
|
4
5
|
*
|
|
@@ -59,6 +60,8 @@ export declare const FeatureAgentAnnotation: import("@langchain/langgraph").Anno
|
|
|
59
60
|
ciFixAttempts: import("@langchain/langgraph").BinaryOperatorAggregate<number, number>;
|
|
60
61
|
ciFixHistory: import("@langchain/langgraph").BinaryOperatorAggregate<CiFixRecord[], CiFixRecord[]>;
|
|
61
62
|
ciFixStatus: import("@langchain/langgraph").BinaryOperatorAggregate<"success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted", "success" | "timeout" | "idle" | "watching" | "fixing" | "exhausted">;
|
|
63
|
+
securityMode: import("@langchain/langgraph").BinaryOperatorAggregate<SecurityMode, SecurityMode>;
|
|
64
|
+
securityActionDispositions: import("@langchain/langgraph").BinaryOperatorAggregate<Partial<Record<SecurityActionCategory, SecurityActionDisposition>>, Partial<Record<SecurityActionCategory, SecurityActionDisposition>>>;
|
|
62
65
|
}>;
|
|
63
66
|
export type FeatureAgentState = typeof FeatureAgentAnnotation.State;
|
|
64
67
|
//# sourceMappingURL=state.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/infrastructure/services/agents/feature-agent/state.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../../../../../../../../packages/core/src/infrastructure/services/agents/feature-agent/state.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,aAAa,EACb,WAAW,EACX,QAAQ,EACR,sBAAsB,EACtB,yBAAyB,EAC1B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AAE5D;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmIjC,CAAC;AAEH,MAAM,MAAM,iBAAiB,GAAG,OAAO,sBAAsB,CAAC,KAAK,CAAC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { Annotation } from '@langchain/langgraph';
|
|
2
|
+
import { SecurityMode } from '../../../../domain/generated/output.js';
|
|
2
3
|
/**
|
|
3
4
|
* State annotation for the feature-agent graph.
|
|
4
5
|
*
|
|
@@ -126,4 +127,13 @@ export const FeatureAgentAnnotation = Annotation.Root({
|
|
|
126
127
|
reducer: (_prev, next) => next,
|
|
127
128
|
default: () => 'idle',
|
|
128
129
|
}),
|
|
130
|
+
// --- Security policy state (set once at spawn, read by nodes) ---
|
|
131
|
+
securityMode: Annotation({
|
|
132
|
+
reducer: (_prev, next) => next,
|
|
133
|
+
default: () => SecurityMode.Disabled,
|
|
134
|
+
}),
|
|
135
|
+
securityActionDispositions: Annotation({
|
|
136
|
+
reducer: (_prev, next) => next,
|
|
137
|
+
default: () => ({}),
|
|
138
|
+
}),
|
|
129
139
|
});
|