@shepai/cli 1.175.0 → 1.175.1-pr527.ea242b8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/apis/json-schema/ActionDispositionEntry.yaml +14 -0
- package/apis/json-schema/DependencyFinding.yaml +28 -0
- package/apis/json-schema/DependencyRiskType.yaml +11 -0
- package/apis/json-schema/DependencyRules.yaml +38 -0
- package/apis/json-schema/EffectivePolicySnapshot.yaml +24 -0
- package/apis/json-schema/FeatureFlags.yaml +5 -0
- package/apis/json-schema/ReleaseIntegrityCheck.yaml +22 -0
- package/apis/json-schema/ReleaseIntegrityCheckType.yaml +9 -0
- package/apis/json-schema/ReleaseIntegrityResult.yaml +16 -0
- package/apis/json-schema/ReleaseRules.yaml +21 -0
- package/apis/json-schema/SecurityActionCategory.yaml +10 -0
- package/apis/json-schema/SecurityActionDisposition.yaml +8 -0
- package/apis/json-schema/SecurityConfig.yaml +17 -0
- package/apis/json-schema/SecurityEvent.yaml +36 -0
- package/apis/json-schema/SecurityMode.yaml +8 -0
- package/apis/json-schema/SecurityPolicy.yaml +24 -0
- package/apis/json-schema/SecuritySeverity.yaml +9 -0
- package/apis/json-schema/Settings.yaml +3 -0
- package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts +15 -1
- package/dist/packages/core/src/application/ports/output/agents/agent-executor.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts +3 -1
- package/dist/packages/core/src/application/ports/output/agents/feature-agent-process.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts +76 -0
- package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.d.ts.map +1 -0
- package/dist/packages/core/src/application/ports/output/repositories/security-event.repository.interface.js +11 -0
- package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts +38 -0
- package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/ports/output/services/github-repository-service.interface.js +9 -0
- package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.d.ts +77 -0
- package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.d.ts.map +1 -0
- package/dist/packages/core/src/application/ports/output/services/security-policy-service.interface.js +13 -0
- package/dist/packages/core/src/application/ports/output/services/spec-initializer.interface.d.ts +11 -0
- package/dist/packages/core/src/application/ports/output/services/spec-initializer.interface.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/agents/approve-agent-run.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/agents/approve-agent-run.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/agents/reject-agent-run.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/agents/reject-agent-run.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/features/check-and-unblock-features.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/check-and-unblock-features.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/features/create/create-feature.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/create/create-feature.use-case.js +1 -0
- package/dist/packages/core/src/application/use-cases/features/resume-feature.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/resume-feature.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/features/start-feature.use-case.d.ts.map +1 -1
- package/dist/packages/core/src/application/use-cases/features/start-feature.use-case.js +2 -0
- package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.d.ts +71 -0
- package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.d.ts.map +1 -0
- package/dist/packages/core/src/application/use-cases/security/enforce-security.use-case.js +215 -0
- package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.d.ts +24 -0
- package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.d.ts.map +1 -0
- package/dist/packages/core/src/application/use-cases/security/evaluate-security-policy.use-case.js +56 -0
- package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.d.ts +36 -0
- package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.d.ts.map +1 -0
- package/dist/packages/core/src/application/use-cases/security/get-security-state.use-case.js +76 -0
- package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.d.ts +14 -0
- package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.d.ts.map +1 -0
- package/dist/packages/core/src/application/use-cases/security/record-security-event.use-case.js +46 -0
- package/dist/packages/core/src/domain/errors/security-violation.error.d.ts +15 -0
- package/dist/packages/core/src/domain/errors/security-violation.error.d.ts.map +1 -0
- package/dist/packages/core/src/domain/errors/security-violation.error.js +20 -0
- package/dist/packages/core/src/domain/factories/settings-defaults.factory.d.ts.map +1 -1
- package/dist/packages/core/src/domain/factories/settings-defaults.factory.js +6 -1
- package/dist/packages/core/src/domain/generated/output.d.ts +263 -0
- package/dist/packages/core/src/domain/generated/output.d.ts.map +1 -1
- package/dist/packages/core/src/domain/generated/output.js +43 -0
- package/dist/packages/core/src/infrastructure/di/container.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/di/container.js +57 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.d.ts +44 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/security-event.mapper.js +55 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.d.ts +4 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/persistence/sqlite/mappers/settings.mapper.js +17 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.d.ts +18 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/053-add-security-settings-columns.js +31 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.d.ts +29 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/054-create-security-events-table.js +53 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/056-add-feature-flag-supply-chain-security.d.ts +16 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/056-add-feature-flag-supply-chain-security.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/persistence/sqlite/migrations/056-add-feature-flag-supply-chain-security.js +22 -0
- package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.d.ts +24 -0
- package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/repositories/sqlite-security-event.repository.js +96 -0
- package/dist/packages/core/src/infrastructure/repositories/sqlite-settings.repository.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/repositories/sqlite-settings.repository.js +15 -3
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.d.ts +2 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-executor.service.js +12 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-interactive-executor.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/claude-code-interactive-executor.service.js +44 -4
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.d.ts +22 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/agents/common/executors/security-constraint-validator.js +30 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/fast-feature-agent-graph.d.ts +10 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/fast-feature-agent-graph.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-graph.d.ts +35 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-graph.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.d.ts +3 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-process.service.js +7 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.d.ts +3 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/feature-agent-worker.js +32 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/node-helpers.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/node-helpers.js +25 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.d.ts +59 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/nodes/security-pre-check.js +89 -0
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.d.ts +4 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/agents/feature-agent/state.js +10 -0
- package/dist/packages/core/src/infrastructure/services/external/github-repository.service.d.ts +10 -1
- package/dist/packages/core/src/infrastructure/services/external/github-repository.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/external/github-repository.service.js +101 -1
- package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.d.ts +53 -0
- package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/dependency-risk-evaluator.js +241 -0
- package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.d.ts +44 -0
- package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/release-integrity-evaluator.js +194 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.d.ts +28 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-file-reader.js +50 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.d.ts +26 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy-validator.js +147 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy.service.d.ts +44 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy.service.d.ts.map +1 -0
- package/dist/packages/core/src/infrastructure/services/security/security-policy.service.js +174 -0
- package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.d.ts +1 -0
- package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.d.ts.map +1 -1
- package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.js +61 -0
- package/dist/src/presentation/cli/commands/security.command.d.ts +16 -0
- package/dist/src/presentation/cli/commands/security.command.d.ts.map +1 -0
- package/dist/src/presentation/cli/commands/security.command.js +133 -0
- package/dist/src/presentation/cli/index.js +2 -0
- package/dist/src/presentation/web/app/(dashboard)/get-graph-data.d.ts.map +1 -1
- package/dist/src/presentation/web/app/(dashboard)/get-graph-data.js +5 -1
- package/dist/src/presentation/web/app/actions/security.d.ts +28 -0
- package/dist/src/presentation/web/app/actions/security.d.ts.map +1 -0
- package/dist/src/presentation/web/app/actions/security.js +59 -0
- package/dist/src/presentation/web/app/build-graph-nodes.d.ts +3 -1
- package/dist/src/presentation/web/app/build-graph-nodes.d.ts.map +1 -1
- package/dist/src/presentation/web/app/build-graph-nodes.js +2 -0
- package/dist/src/presentation/web/components/common/feature-node/feature-node-state-config.d.ts +3 -1
- package/dist/src/presentation/web/components/common/feature-node/feature-node-state-config.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/feature-node/feature-node.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/feature-node/feature-node.js +2 -1
- package/dist/src/presentation/web/components/common/repository-node/repository-drawer.d.ts +3 -1
- package/dist/src/presentation/web/components/common/repository-node/repository-drawer.d.ts.map +1 -1
- package/dist/src/presentation/web/components/common/repository-node/repository-drawer.js +3 -2
- package/dist/src/presentation/web/components/common/repository-node/security-panel.d.ts +6 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.d.ts.map +1 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.js +29 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.d.ts +10 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.d.ts.map +1 -0
- package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.js +53 -0
- package/dist/src/presentation/web/components/common/security-badge.d.ts +7 -0
- package/dist/src/presentation/web/components/common/security-badge.d.ts.map +1 -0
- package/dist/src/presentation/web/components/common/security-badge.js +30 -0
- package/dist/src/presentation/web/components/common/security-badge.stories.d.ts +12 -0
- package/dist/src/presentation/web/components/common/security-badge.stories.d.ts.map +1 -0
- package/dist/src/presentation/web/components/common/security-badge.stories.js +20 -0
- package/dist/src/presentation/web/components/features/settings/feature-flags-settings-section.d.ts.map +1 -1
- package/dist/src/presentation/web/components/features/settings/feature-flags-settings-section.js +3 -0
- package/dist/src/presentation/web/components/features/settings/feature-flags-settings-section.stories.d.ts.map +1 -1
- package/dist/src/presentation/web/components/features/settings/feature-flags-settings-section.stories.js +3 -0
- package/dist/src/presentation/web/components/features/settings/settings-page-client.d.ts.map +1 -1
- package/dist/src/presentation/web/components/features/settings/settings-page-client.js +26 -7
- package/dist/src/presentation/web/components/features/settings/settings-page-client.stories.d.ts.map +1 -1
- package/dist/src/presentation/web/components/features/settings/settings-page-client.stories.js +1 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.d.ts +6 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.d.ts.map +1 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.js +60 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts +14 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.d.ts.map +1 -0
- package/dist/src/presentation/web/components/features/settings/supply-chain-security-settings-section.stories.js +116 -0
- package/dist/translations/ar/cli.json +21 -0
- package/dist/translations/ar/web.json +43 -1
- package/dist/translations/de/cli.json +21 -0
- package/dist/translations/de/web.json +43 -1
- package/dist/translations/en/cli.json +21 -0
- package/dist/translations/en/web.json +43 -1
- package/dist/translations/es/cli.json +21 -0
- package/dist/translations/es/web.json +43 -1
- package/dist/translations/fr/cli.json +21 -0
- package/dist/translations/fr/web.json +43 -1
- package/dist/translations/he/cli.json +21 -0
- package/dist/translations/he/web.json +43 -1
- package/dist/translations/pt/cli.json +22 -1
- package/dist/translations/pt/web.json +43 -1
- package/dist/translations/ru/cli.json +21 -0
- package/dist/translations/ru/web.json +43 -1
- package/dist/tsconfig.build.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/web/.next/BUILD_ID +1 -1
- package/web/.next/build-manifest.json +2 -2
- package/web/.next/fallback-build-manifest.json +2 -2
- package/web/.next/prerender-manifest.json +3 -3
- package/web/.next/required-server-files.js +3 -3
- package/web/.next/required-server-files.json +3 -3
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page/server-reference-manifest.json +29 -29
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/adopt/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/chat/page/server-reference-manifest.json +27 -27
- package/web/.next/server/app/(dashboard)/@drawer/chat/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/chat/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/create/page/server-reference-manifest.json +30 -30
- package/web/.next/server/app/(dashboard)/@drawer/create/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/create/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/feature/[featureId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/@drawer/repository/[repositoryId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/chat/page/server-reference-manifest.json +27 -27
- package/web/.next/server/app/(dashboard)/chat/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/chat/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/create/page/server-reference-manifest.json +30 -30
- package/web/.next/server/app/(dashboard)/create/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/create/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page/server-reference-manifest.json +38 -38
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/feature/[featureId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/page/server-reference-manifest.json +27 -27
- package/web/.next/server/app/(dashboard)/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/[tab]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page/server-reference-manifest.json +28 -28
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page.js.nft.json +1 -1
- package/web/.next/server/app/(dashboard)/repository/[repositoryId]/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/_global-error.html +2 -2
- package/web/.next/server/app/_global-error.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/__PAGE__.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_full.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_head.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_index.segment.rsc +1 -1
- package/web/.next/server/app/_global-error.segments/_tree.segment.rsc +1 -1
- package/web/.next/server/app/_not-found/page/server-reference-manifest.json +6 -6
- package/web/.next/server/app/_not-found/page.js.nft.json +1 -1
- package/web/.next/server/app/_not-found/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/api/attachments/preview/route.js.nft.json +1 -1
- package/web/.next/server/app/api/evidence/route.js.nft.json +1 -1
- package/web/.next/server/app/api/graph-data/route.js.nft.json +1 -1
- package/web/.next/server/app/api/interactive/chat/[featureId]/messages/route.js.nft.json +1 -1
- package/web/.next/server/app/api/sessions/route.js.nft.json +1 -1
- package/web/.next/server/app/api/sessions-batch/route.js.nft.json +1 -1
- package/web/.next/server/app/features/page/server-reference-manifest.json +6 -6
- package/web/.next/server/app/features/page.js.nft.json +1 -1
- package/web/.next/server/app/features/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/settings/page/server-reference-manifest.json +33 -18
- package/web/.next/server/app/settings/page.js +1 -1
- package/web/.next/server/app/settings/page.js.nft.json +1 -1
- package/web/.next/server/app/settings/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/skills/page/server-reference-manifest.json +13 -13
- package/web/.next/server/app/skills/page.js.nft.json +1 -1
- package/web/.next/server/app/skills/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/tools/page/server-reference-manifest.json +11 -11
- package/web/.next/server/app/tools/page.js.nft.json +1 -1
- package/web/.next/server/app/tools/page_client-reference-manifest.js +1 -1
- package/web/.next/server/app/version/page/server-reference-manifest.json +6 -6
- package/web/.next/server/app/version/page.js.nft.json +1 -1
- package/web/.next/server/app/version/page_client-reference-manifest.js +1 -1
- package/web/.next/server/chunks/403f9_next_dist_esm_build_templates_app-route_370c43b1.js +1 -1
- package/web/.next/server/chunks/403f9_next_dist_esm_build_templates_app-route_370c43b1.js.map +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__a402b567._.js +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__c78383b1._.js +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__c78383b1._.js.map +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__cd67a84c._.js +1 -1
- package/web/.next/server/chunks/[root-of-the-server]__cd67a84c._.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_adopt_page_actions_ad0071c9.js +1 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_adopt_page_actions_ad0071c9.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_chat_page_actions_90d98b2b.js +1 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_@drawer_chat_page_actions_90d98b2b.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_chat_page_actions_d3828105.js +1 -1
- package/web/.next/server/chunks/ssr/744ca_web__next-internal_server_app_(dashboard)_chat_page_actions_d3828105.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_create-drawer-client_tsx_5e26fc0a._.js +1 -1
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_create-drawer-client_tsx_5e26fc0a._.js.map +1 -1
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_feature-drawer-client_tsx_e9755fc8._.js +2 -2
- package/web/.next/server/chunks/ssr/744ca_web_components_common_control-center-drawer_feature-drawer-client_tsx_e9755fc8._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1f389e5d._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1f389e5d._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__357d99f9._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__51ec77a8._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__51ec77a8._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__540c615f._.js +2 -2
- package/web/.next/server/chunks/ssr/[root-of-the-server]__540c615f._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__66047a1b._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__66047a1b._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__6c7d3936._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__6c7d3936._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a2d6c0ac._.js +4 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a2d6c0ac._.js.map +1 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a932cd3a._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__a932cd3a._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__aa72e794._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__aa72e794._.js.map +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__b7b96453._.js +1 -1
- package/web/.next/server/chunks/ssr/[root-of-the-server]__b7b96453._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_05c23ad9._.js +1 -1
- package/web/.next/server/chunks/ssr/_05c23ad9._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_08eaf4b1._.js +3 -0
- package/web/.next/server/chunks/ssr/_08eaf4b1._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_16eb4fec._.js +1 -1
- package/web/.next/server/chunks/ssr/_16eb4fec._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_295fffde._.js +1 -1
- package/web/.next/server/chunks/ssr/_295fffde._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_45496654._.js +1 -1
- package/web/.next/server/chunks/ssr/_45496654._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_4cbb7f95._.js +1 -1
- package/web/.next/server/chunks/ssr/_4cbb7f95._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_56b9d60f._.js +1 -1
- package/web/.next/server/chunks/ssr/_56b9d60f._.js.map +1 -1
- package/web/.next/server/chunks/ssr/_6abfa39e._.js +1 -1
- package/web/.next/server/chunks/ssr/_783debcb._.js +9 -0
- package/web/.next/server/chunks/ssr/_783debcb._.js.map +1 -0
- package/web/.next/server/chunks/ssr/{_af6b8b94._.js → _e7f76333._.js} +2 -2
- package/web/.next/server/chunks/ssr/{_af6b8b94._.js.map → _e7f76333._.js.map} +1 -1
- package/web/.next/server/chunks/ssr/_f8c55130._.js +1 -1
- package/web/.next/server/chunks/ssr/_f8c55130._.js.map +1 -1
- package/web/.next/server/chunks/ssr/{_e0dd6fcf._.js → _fc1578d7._.js} +2 -2
- package/web/.next/server/chunks/ssr/_fc1578d7._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_ff04802c._.js +3 -0
- package/web/.next/server/chunks/ssr/_ff04802c._.js.map +1 -0
- package/web/.next/server/chunks/ssr/_ff87ffa6._.js +3 -0
- package/web/.next/server/chunks/ssr/_ff87ffa6._.js.map +1 -0
- package/web/.next/server/chunks/ssr/b1a17_presentation_web_components_features_settings_settings-page-client_tsx_6ed9d5f8._.js +1 -1
- package/web/.next/server/chunks/ssr/b1a17_presentation_web_components_features_settings_settings-page-client_tsx_6ed9d5f8._.js.map +1 -1
- package/web/.next/server/chunks/ssr/f3a1f_components_common_control-center-drawer_repository-drawer-client_tsx_39a00c03._.js +1 -1
- package/web/.next/server/chunks/ssr/f3a1f_components_common_control-center-drawer_repository-drawer-client_tsx_39a00c03._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_17d39233._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_17d39233._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_54b02639._.js +2 -2
- package/web/.next/server/chunks/ssr/src_presentation_web_54b02639._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_7b7b9e3b._.js +2 -2
- package/web/.next/server/chunks/ssr/src_presentation_web_7b7b9e3b._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_807cba76._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_807cba76._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_(dashboard)_page_actions_90b5e66e.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_(dashboard)_page_actions_90b5e66e.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_skills_page_actions_4ce30db7.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_skills_page_actions_4ce30db7.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_tools_page_actions_e4032193.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web__next-internal_server_app_tools_page_actions_e4032193.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_app_actions_open-ide_ts_baaca5d5._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_ca99d62d._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_ca99d62d._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_895e5bfa._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_895e5bfa._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_control-center_7ac3562e._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_control-center_7ac3562e._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_skills_8a174cac._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_components_features_skills_8a174cac._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_db9fa0c2._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_db9fa0c2._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_e1cd1869._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_e1cd1869._.js.map +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_e3a30e30._.js +1 -1
- package/web/.next/server/chunks/ssr/src_presentation_web_e3a30e30._.js.map +1 -1
- package/web/.next/server/chunks/ssr/translations_23dd5e7e._.js +1 -1
- package/web/.next/server/chunks/ssr/translations_23dd5e7e._.js.map +1 -1
- package/web/.next/server/pages/500.html +2 -2
- package/web/.next/server/server-reference-manifest.js +1 -1
- package/web/.next/server/server-reference-manifest.json +74 -59
- package/web/.next/static/chunks/{238fdbed09dc61b6.js → 1eeabda286169861.js} +2 -2
- package/web/.next/static/chunks/20ec94c610d07a10.css +1 -0
- package/web/.next/static/chunks/{940c842293a6ee9b.js → 2dcae7bd1f3e2b51.js} +1 -1
- package/web/.next/static/chunks/3aba9d2242420cb5.js +1 -0
- package/web/.next/static/chunks/6003ad985fb78e62.js +1 -0
- package/web/.next/static/chunks/{0b07ee72b0c639ef.js → 69aa6a996dccb7dc.js} +2 -2
- package/web/.next/static/chunks/{873e837cd1179cdd.js → 6e5aeb5da5bb2ab6.js} +1 -1
- package/web/.next/static/chunks/{2ad924f5ba5ec0a6.js → 7c8e1ab108e3ceea.js} +1 -1
- package/web/.next/static/chunks/{bc41a393614b1192.js → 825ddcb7c361b2fe.js} +1 -1
- package/web/.next/static/chunks/{a22ee308ae1509ca.js → 89a6182ae40ac10b.js} +1 -1
- package/web/.next/static/chunks/{d26542df5ecc8717.js → a6d516b7e128f889.js} +1 -1
- package/web/.next/static/chunks/ae81796726a9bba3.js +1 -0
- package/web/.next/static/chunks/{b49ab0b290e9342d.js → b46545caae3b4930.js} +1 -1
- package/web/.next/static/chunks/{b7b5d65a5dd2fff1.js → c43f00ac45c5381d.js} +1 -1
- package/web/.next/static/chunks/{39054eabee156e55.js → c741f40bcb2abe54.js} +3 -3
- package/web/.next/static/chunks/{1b336d1266a0aa3d.js → dfc05704351fc940.js} +1 -1
- package/web/.next/static/chunks/eb72ac7aa8986962.js +1 -0
- package/web/.next/static/chunks/eef5d47669e61a54.js +3 -0
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1cd4327c._.js +0 -4
- package/web/.next/server/chunks/ssr/[root-of-the-server]__1cd4327c._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_2b021b35._.js +0 -3
- package/web/.next/server/chunks/ssr/_2b021b35._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_43ba79e7._.js +0 -3
- package/web/.next/server/chunks/ssr/_43ba79e7._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_7cb0396e._.js +0 -3
- package/web/.next/server/chunks/ssr/_7cb0396e._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_e0dd6fcf._.js.map +0 -1
- package/web/.next/server/chunks/ssr/_e680c57c._.js +0 -9
- package/web/.next/server/chunks/ssr/_e680c57c._.js.map +0 -1
- package/web/.next/static/chunks/28f6b1cab38ab025.js +0 -3
- package/web/.next/static/chunks/8b0a9cb5109fe899.js +0 -1
- package/web/.next/static/chunks/a20f2d6f76f469b7.css +0 -1
- package/web/.next/static/chunks/b2aa69e4b0b032d9.js +0 -1
- package/web/.next/static/chunks/b65e555419a0c664.js +0 -1
- package/web/.next/static/chunks/ba0e0fa2d1a650bb.js +0 -1
- /package/web/.next/static/{9rcv3ICw0kZNuv3TVdO8E → 4jtpgWCvk_Q6-K-puXRhW}/_buildManifest.js +0 -0
- /package/web/.next/static/{9rcv3ICw0kZNuv3TVdO8E → 4jtpgWCvk_Q6-K-puXRhW}/_clientMiddlewareManifest.json +0 -0
- /package/web/.next/static/{9rcv3ICw0kZNuv3TVdO8E → 4jtpgWCvk_Q6-K-puXRhW}/_ssgManifest.js +0 -0
|
@@ -8,6 +8,7 @@
|
|
|
8
8
|
import type { ISpecInitializerService, SpecInitializerResult } from '../../../application/ports/output/services/spec-initializer.interface.js';
|
|
9
9
|
export declare class SpecInitializerService implements ISpecInitializerService {
|
|
10
10
|
initialize(basePath: string, slug: string, featureNumber: number, description: string, mode?: 'fast'): Promise<SpecInitializerResult>;
|
|
11
|
+
scaffoldSecurityPolicy(repositoryPath: string): Promise<string>;
|
|
11
12
|
/**
|
|
12
13
|
* Scan specs/ for existing NNN-* directories and return the next available number.
|
|
13
14
|
* Uses the DB-derived hint as a minimum, but always respects filesystem state.
|
package/dist/packages/core/src/infrastructure/services/spec/spec-initializer.service.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"spec-initializer.service.d.ts","sourceRoot":"","sources":["../../../../../../../packages/core/src/infrastructure/services/spec/spec-initializer.service.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EACV,uBAAuB,EACvB,qBAAqB,EACtB,MAAM,mEAAmE,CAAC;
|
|
1
|
+
{"version":3,"file":"spec-initializer.service.d.ts","sourceRoot":"","sources":["../../../../../../../packages/core/src/infrastructure/services/spec/spec-initializer.service.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EACV,uBAAuB,EACvB,qBAAqB,EACtB,MAAM,mEAAmE,CAAC;AAwT3E,qBAAa,sBAAuB,YAAW,uBAAuB;IAC9D,UAAU,CACd,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,EACnB,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC;IAqC3B,sBAAsB,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMrE;;;OAGG;YACW,iBAAiB;CAoBhC"}
|
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
*/
|
|
8
8
|
import { mkdir, readdir, writeFile } from 'node:fs/promises';
|
|
9
9
|
import { join } from 'node:path';
|
|
10
|
+
import { SECURITY_POLICY_FILENAME } from '../../services/security/security-policy-file-reader.js';
|
|
10
11
|
/**
|
|
11
12
|
* Pad a number to 3 digits with leading zeros.
|
|
12
13
|
*/
|
|
@@ -239,6 +240,61 @@ const TEMPLATES = [
|
|
|
239
240
|
{ filename: 'tasks.yaml', content: TASKS_YAML },
|
|
240
241
|
{ filename: 'feature.yaml', content: FEATURE_YAML },
|
|
241
242
|
];
|
|
243
|
+
// ─── Security Policy Template ─────────────────────────────────────
|
|
244
|
+
// Baseline shep.security.yaml for new repositories.
|
|
245
|
+
const SECURITY_POLICY_YAML = `# Shep Supply Chain Security Policy
|
|
246
|
+
# This file defines the security posture for this repository.
|
|
247
|
+
# Shep evaluates this policy during agent execution and CI enforcement.
|
|
248
|
+
#
|
|
249
|
+
# Docs: https://shep.bot/docs/security/policy
|
|
250
|
+
|
|
251
|
+
# Security mode controls enforcement behavior:
|
|
252
|
+
# Disabled - Security checks are skipped entirely
|
|
253
|
+
# Advisory - Checks run and findings are reported, but nothing is blocked
|
|
254
|
+
# Enforce - Checks run and violations block agent actions and CI jobs
|
|
255
|
+
mode: Advisory
|
|
256
|
+
|
|
257
|
+
# Action dispositions control how the agent handles each action category.
|
|
258
|
+
# Each entry maps a category to a disposition:
|
|
259
|
+
# Allowed - Action proceeds without interruption
|
|
260
|
+
# Denied - Action is blocked before execution
|
|
261
|
+
# ApprovalRequired - Action pauses for human approval via HITL gate
|
|
262
|
+
actionDispositions:
|
|
263
|
+
- category: DependencyInstall
|
|
264
|
+
disposition: ApprovalRequired
|
|
265
|
+
- category: PackageScriptExec
|
|
266
|
+
disposition: ApprovalRequired
|
|
267
|
+
- category: CiWorkflowModify
|
|
268
|
+
disposition: ApprovalRequired
|
|
269
|
+
- category: PublishRelease
|
|
270
|
+
disposition: Denied
|
|
271
|
+
- category: SandboxEscalation
|
|
272
|
+
disposition: Denied
|
|
273
|
+
|
|
274
|
+
# Dependency risk rules evaluated by "shep security enforce"
|
|
275
|
+
dependencyRules:
|
|
276
|
+
# Verify lockfile matches package.json (detects phantom dependencies)
|
|
277
|
+
checkLockfileConsistency: true
|
|
278
|
+
# Flag packages with risky lifecycle scripts (preinstall, postinstall)
|
|
279
|
+
checkLifecycleScripts: true
|
|
280
|
+
# Flag dependencies sourced from git, file, or HTTP instead of registry
|
|
281
|
+
checkNonRegistrySource: true
|
|
282
|
+
# Require exact versions (no ^, ~, *, >= ranges)
|
|
283
|
+
enforceStrictVersionRanges: false
|
|
284
|
+
# Packages explicitly allowed (empty = allow all registry packages)
|
|
285
|
+
allowlist: []
|
|
286
|
+
# Packages explicitly blocked (takes precedence over allowlist)
|
|
287
|
+
denylist: []
|
|
288
|
+
|
|
289
|
+
# Release integrity rules for publish-path enforcement
|
|
290
|
+
releaseRules:
|
|
291
|
+
# Require publishing only from CI (not local machines)
|
|
292
|
+
requireCiOnlyPublishing: true
|
|
293
|
+
# Require npm provenance attestation on published packages
|
|
294
|
+
requireProvenance: true
|
|
295
|
+
# Check that release workflow has not been tampered with
|
|
296
|
+
checkWorkflowIntegrity: true
|
|
297
|
+
`;
|
|
242
298
|
export class SpecInitializerService {
|
|
243
299
|
async initialize(basePath, slug, featureNumber, description, mode) {
|
|
244
300
|
// Scan existing specs/ directory for highest NNN prefix to avoid collisions
|
|
@@ -262,6 +318,11 @@ export class SpecInitializerService {
|
|
|
262
318
|
await Promise.all(templates.map(({ filename, content }) => writeFile(join(specDir, filename), applyTemplate(content, vars), 'utf-8')));
|
|
263
319
|
return { specDir, featureNumber: nnn };
|
|
264
320
|
}
|
|
321
|
+
async scaffoldSecurityPolicy(repositoryPath) {
|
|
322
|
+
const filePath = join(repositoryPath, SECURITY_POLICY_FILENAME);
|
|
323
|
+
await writeFile(filePath, SECURITY_POLICY_YAML, 'utf-8');
|
|
324
|
+
return filePath;
|
|
325
|
+
}
|
|
265
326
|
/**
|
|
266
327
|
* Scan specs/ for existing NNN-* directories and return the next available number.
|
|
267
328
|
* Uses the DB-derived hint as a minimum, but always respects filesystem state.
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security Command Group
|
|
3
|
+
*
|
|
4
|
+
* Top-level security command with subcommands for supply-chain security
|
|
5
|
+
* policy management and enforcement.
|
|
6
|
+
*
|
|
7
|
+
* Usage:
|
|
8
|
+
* shep security enforce Evaluate and enforce security posture
|
|
9
|
+
* shep security enforce --output json Machine-readable output for CI
|
|
10
|
+
*/
|
|
11
|
+
import { Command } from 'commander';
|
|
12
|
+
/**
|
|
13
|
+
* Create the security command group with all subcommands.
|
|
14
|
+
*/
|
|
15
|
+
export declare function createSecurityCommand(): Command;
|
|
16
|
+
//# sourceMappingURL=security.command.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security.command.d.ts","sourceRoot":"","sources":["../../../../../src/presentation/cli/commands/security.command.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AASpC;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,OAAO,CAoI/C"}
|
|
@@ -0,0 +1,133 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Security Command Group
|
|
3
|
+
*
|
|
4
|
+
* Top-level security command with subcommands for supply-chain security
|
|
5
|
+
* policy management and enforcement.
|
|
6
|
+
*
|
|
7
|
+
* Usage:
|
|
8
|
+
* shep security enforce Evaluate and enforce security posture
|
|
9
|
+
* shep security enforce --output json Machine-readable output for CI
|
|
10
|
+
*/
|
|
11
|
+
import { Command } from 'commander';
|
|
12
|
+
import { container } from '../../../../packages/core/src/infrastructure/di/container.js';
|
|
13
|
+
import { EnforceSecurityUseCase } from '../../../../packages/core/src/application/use-cases/security/enforce-security.use-case.js';
|
|
14
|
+
import { SecurityMode } from '../../../../packages/core/src/domain/generated/output.js';
|
|
15
|
+
import { getSettings } from '../../../../packages/core/src/infrastructure/services/settings.service.js';
|
|
16
|
+
import { colors, fmt, messages } from '../ui/index.js';
|
|
17
|
+
import { OutputFormatter } from '../ui/output.js';
|
|
18
|
+
import { getCliI18n } from '../i18n.js';
|
|
19
|
+
/**
|
|
20
|
+
* Create the security command group with all subcommands.
|
|
21
|
+
*/
|
|
22
|
+
export function createSecurityCommand() {
|
|
23
|
+
const t = getCliI18n().t;
|
|
24
|
+
const security = new Command('security').description(t('cli:commands.security.description'));
|
|
25
|
+
security
|
|
26
|
+
.command('enforce')
|
|
27
|
+
.description(t('cli:commands.security.enforce.description'))
|
|
28
|
+
.option('-r, --repo <path>', t('cli:commands.security.enforce.repoOption'), process.cwd())
|
|
29
|
+
.option('-o, --output <format>', t('cli:commands.security.enforce.outputOption'), 'table')
|
|
30
|
+
.action(async (options) => {
|
|
31
|
+
try {
|
|
32
|
+
// Master kill switch — if the supplyChainSecurity feature flag is off,
|
|
33
|
+
// the command becomes a no-op and exits 0. Prevents accidental enforcement
|
|
34
|
+
// after the flag has been used as a rollback.
|
|
35
|
+
//
|
|
36
|
+
// Two ways to disable:
|
|
37
|
+
// 1. SHEP_SUPPLY_CHAIN_SECURITY=false environment variable (intended for CI)
|
|
38
|
+
// 2. featureFlags.supplyChainSecurity=false in the Shep settings DB (local user)
|
|
39
|
+
const envOverride = process.env.SHEP_SUPPLY_CHAIN_SECURITY;
|
|
40
|
+
const envDisabled = envOverride === 'false' || envOverride === '0';
|
|
41
|
+
const settingsEnabled = getSettings().featureFlags?.supplyChainSecurity ?? true;
|
|
42
|
+
if (envDisabled || !settingsEnabled) {
|
|
43
|
+
messages.info(t('cli:commands.security.enforce.flagDisabledNote'));
|
|
44
|
+
return;
|
|
45
|
+
}
|
|
46
|
+
const useCase = container.resolve(EnforceSecurityUseCase);
|
|
47
|
+
const result = await useCase.execute({ repositoryPath: options.repo });
|
|
48
|
+
const outputFormat = options.output;
|
|
49
|
+
if (outputFormat === 'json' || outputFormat === 'yaml') {
|
|
50
|
+
// Machine-readable output
|
|
51
|
+
console.log(OutputFormatter.format(result, outputFormat));
|
|
52
|
+
}
|
|
53
|
+
else {
|
|
54
|
+
// Human-readable table output
|
|
55
|
+
messages.newline();
|
|
56
|
+
if (result.mode === SecurityMode.Disabled) {
|
|
57
|
+
messages.info(t('cli:commands.security.enforce.disabledNote'));
|
|
58
|
+
messages.newline();
|
|
59
|
+
}
|
|
60
|
+
else {
|
|
61
|
+
// Summary header
|
|
62
|
+
console.log(`${fmt.label(t('cli:commands.security.enforce.modeLabel'))}: ${result.mode}`);
|
|
63
|
+
console.log(`${fmt.label(t('cli:commands.security.enforce.sourceLabel'))}: ${result.policy.source}`);
|
|
64
|
+
console.log(`${fmt.label(t('cli:commands.security.enforce.totalFindingsLabel'))}: ${result.totalFindings}`);
|
|
65
|
+
messages.newline();
|
|
66
|
+
// Dependency findings
|
|
67
|
+
if (result.dependencyFindings.length > 0) {
|
|
68
|
+
console.log(fmt.heading(t('cli:commands.security.enforce.dependencyFindingsLabel')));
|
|
69
|
+
for (const finding of result.dependencyFindings) {
|
|
70
|
+
const severityColor = finding.severity === 'Critical' || finding.severity === 'High'
|
|
71
|
+
? colors.error
|
|
72
|
+
: colors.warning;
|
|
73
|
+
console.log(` ${severityColor(`[${finding.severity}]`)} ${finding.packageName}: ${finding.message}`);
|
|
74
|
+
if (finding.remediation) {
|
|
75
|
+
console.log(` ${colors.muted(finding.remediation)}`);
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
messages.newline();
|
|
79
|
+
}
|
|
80
|
+
// Release integrity
|
|
81
|
+
const failedChecks = result.releaseIntegrity.checks.filter((c) => !c.passed);
|
|
82
|
+
if (failedChecks.length > 0) {
|
|
83
|
+
console.log(fmt.heading(t('cli:commands.security.enforce.releaseIntegrityLabel')));
|
|
84
|
+
for (const check of failedChecks) {
|
|
85
|
+
const severityColor = check.severity === 'Critical' || check.severity === 'High'
|
|
86
|
+
? colors.error
|
|
87
|
+
: colors.warning;
|
|
88
|
+
console.log(` ${severityColor(`[${check.severity}]`)} ${check.message}`);
|
|
89
|
+
}
|
|
90
|
+
messages.newline();
|
|
91
|
+
}
|
|
92
|
+
// Governance findings (audit-only)
|
|
93
|
+
if (result.governanceFindings.length > 0) {
|
|
94
|
+
console.log(fmt.heading(t('cli:commands.security.enforce.governanceFindingsLabel')));
|
|
95
|
+
for (const finding of result.governanceFindings) {
|
|
96
|
+
const severityColor = finding.severity === 'Critical' || finding.severity === 'High'
|
|
97
|
+
? colors.error
|
|
98
|
+
: colors.warning;
|
|
99
|
+
console.log(` ${severityColor(`[${finding.severity}]`)} ${finding.message}`);
|
|
100
|
+
if (finding.remediation) {
|
|
101
|
+
console.log(` ${colors.muted(finding.remediation)}`);
|
|
102
|
+
}
|
|
103
|
+
}
|
|
104
|
+
messages.newline();
|
|
105
|
+
}
|
|
106
|
+
// Result
|
|
107
|
+
if (result.totalFindings === 0) {
|
|
108
|
+
messages.info(t('cli:commands.security.enforce.noFindings'));
|
|
109
|
+
}
|
|
110
|
+
if (result.passed) {
|
|
111
|
+
messages.success(t('cli:commands.security.enforce.passed'));
|
|
112
|
+
if (result.mode === SecurityMode.Advisory && result.totalFindings > 0) {
|
|
113
|
+
messages.info(t('cli:commands.security.enforce.advisoryNote'));
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
else {
|
|
117
|
+
messages.error(t('cli:commands.security.enforce.failed'));
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
messages.newline();
|
|
121
|
+
}
|
|
122
|
+
if (!result.passed) {
|
|
123
|
+
process.exitCode = 1;
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
catch (error) {
|
|
127
|
+
const err = error instanceof Error ? error : new Error(String(error));
|
|
128
|
+
messages.error(t('cli:commands.security.enforce.failedToEnforce'), err);
|
|
129
|
+
process.exitCode = 1;
|
|
130
|
+
}
|
|
131
|
+
});
|
|
132
|
+
return security;
|
|
133
|
+
}
|
|
@@ -42,6 +42,7 @@ import { createIdeOpenCommand } from './commands/ide-open.command.js';
|
|
|
42
42
|
import { createInstallCommand } from './commands/install.command.js';
|
|
43
43
|
import { createUpgradeCommand } from './commands/upgrade.command.js';
|
|
44
44
|
import { createToolsCommand } from './commands/tools.command.js';
|
|
45
|
+
import { createSecurityCommand } from './commands/security.command.js';
|
|
45
46
|
import { messages } from './ui/index.js';
|
|
46
47
|
// Daemon lifecycle commands
|
|
47
48
|
import { createStartCommand } from './commands/start.command.js';
|
|
@@ -121,6 +122,7 @@ async function bootstrap() {
|
|
|
121
122
|
program.addCommand(createIdeOpenCommand());
|
|
122
123
|
program.addCommand(createInstallCommand());
|
|
123
124
|
program.addCommand(createToolsCommand());
|
|
125
|
+
program.addCommand(createSecurityCommand());
|
|
124
126
|
program.addCommand(createUpgradeCommand());
|
|
125
127
|
// Daemon lifecycle commands (task-9)
|
|
126
128
|
program.addCommand(createStartCommand());
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"get-graph-data.d.ts","sourceRoot":"","sources":["../../../../../../src/presentation/web/app/(dashboard)/get-graph-data.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AAE5E,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAI1C,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAiFD,MAAM,MAAM,aAAa,GACrB;IAAE,MAAM,EAAE,SAAS,CAAA;CAAE,GACrB;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,WAAW,CAAA;CAAE,GACtC;IAAE,MAAM,EAAE,YAAY,CAAA;CAAE,CAAC;AA6B7B,wBAAsB,YAAY,IAAI,OAAO,CAAC;IAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IAAC,KAAK,EAAE,IAAI,EAAE,CAAA;CAAE,CAAC,
|
|
1
|
+
{"version":3,"file":"get-graph-data.d.ts","sourceRoot":"","sources":["../../../../../../src/presentation/web/app/(dashboard)/get-graph-data.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AAE5E,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAI1C,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAiFD,MAAM,MAAM,aAAa,GACrB;IAAE,MAAM,EAAE,SAAS,CAAA;CAAE,GACrB;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,WAAW,CAAA;CAAE,GACtC;IAAE,MAAM,EAAE,YAAY,CAAA;CAAE,CAAC;AA6B7B,wBAAsB,YAAY,IAAI,OAAO,CAAC;IAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IAAC,KAAK,EAAE,IAAI,EAAE,CAAA;CAAE,CAAC,CAmFxF"}
|
|
@@ -135,13 +135,17 @@ export async function getGraphData() {
|
|
|
135
135
|
const run = feature.agentRunId ? await agentRunRepo.findById(feature.agentRunId) : null;
|
|
136
136
|
return { feature, run };
|
|
137
137
|
}));
|
|
138
|
-
const { workflow } = getSettings();
|
|
138
|
+
const { workflow, security, featureFlags } = getSettings();
|
|
139
|
+
// Master kill switch: when the supplyChainSecurity feature flag is off, skip
|
|
140
|
+
// passing securityMode so no feature card renders the SecurityBadge.
|
|
141
|
+
const supplyChainSecurityEnabled = featureFlags?.supplyChainSecurity ?? true;
|
|
139
142
|
const { nodes, edges } = buildGraphNodes(repositories, featuresWithRuns, {
|
|
140
143
|
enableEvidence: workflow.enableEvidence,
|
|
141
144
|
commitEvidence: workflow.commitEvidence,
|
|
142
145
|
ciWatchEnabled: workflow.ciWatchEnabled,
|
|
143
146
|
repoGitInfo: repoGitInfoMap,
|
|
144
147
|
repoGitStatus: repoGitStatusMap,
|
|
148
|
+
securityMode: supplyChainSecurityEnabled ? security?.mode : undefined,
|
|
145
149
|
});
|
|
146
150
|
// Enrich feature nodes with deployment status
|
|
147
151
|
let deploymentService = null;
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import type { SecurityState } from '../../../../../packages/core/src/application/use-cases/security/get-security-state.use-case.js';
|
|
2
|
+
import type { EnforceSecurityResult } from '../../../../../packages/core/src/application/use-cases/security/enforce-security.use-case.js';
|
|
3
|
+
import type { SecurityMode } from '../../../../../packages/core/src/domain/generated/output.js';
|
|
4
|
+
export interface GetSecurityStateResult {
|
|
5
|
+
state?: SecurityState;
|
|
6
|
+
error?: string;
|
|
7
|
+
}
|
|
8
|
+
export interface EnforceSecurityActionResult {
|
|
9
|
+
result?: EnforceSecurityResult;
|
|
10
|
+
error?: string;
|
|
11
|
+
}
|
|
12
|
+
export interface UpdateSecurityModeResult {
|
|
13
|
+
success: boolean;
|
|
14
|
+
error?: string;
|
|
15
|
+
}
|
|
16
|
+
/**
|
|
17
|
+
* Fetches the current security state for a repository.
|
|
18
|
+
*/
|
|
19
|
+
export declare function getSecurityStateAction(repositoryPath: string): Promise<GetSecurityStateResult>;
|
|
20
|
+
/**
|
|
21
|
+
* Runs the full security enforcement flow for a repository.
|
|
22
|
+
*/
|
|
23
|
+
export declare function enforceSecurityAction(repositoryPath: string): Promise<EnforceSecurityActionResult>;
|
|
24
|
+
/**
|
|
25
|
+
* Updates the security mode in settings.
|
|
26
|
+
*/
|
|
27
|
+
export declare function updateSecurityModeAction(mode: SecurityMode): Promise<UpdateSecurityModeResult>;
|
|
28
|
+
//# sourceMappingURL=security.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../../../../../src/presentation/web/app/actions/security.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAEV,aAAa,EACd,MAAM,yEAAyE,CAAC;AACjF,OAAO,KAAK,EAEV,qBAAqB,EACtB,MAAM,uEAAuE,CAAC;AAC/E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,sCAAsC,CAAC;AAEzE,MAAM,WAAW,sBAAsB;IACrC,KAAK,CAAC,EAAE,aAAa,CAAC;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,2BAA2B;IAC1C,MAAM,CAAC,EAAE,qBAAqB,CAAC;IAC/B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,sBAAsB,CAAC,CASjC;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,2BAA2B,CAAC,CAUtC;AAED;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,IAAI,EAAE,YAAY,GACjB,OAAO,CAAC,wBAAwB,CAAC,CAyBnC"}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
'use server';
|
|
2
|
+
import { revalidatePath } from 'next/cache';
|
|
3
|
+
import { resolve } from '../../lib/server-container.js';
|
|
4
|
+
import { updateSettings as updateSettingsSingleton } from '../../../../../packages/core/src/infrastructure/services/settings.service.js';
|
|
5
|
+
/**
|
|
6
|
+
* Fetches the current security state for a repository.
|
|
7
|
+
*/
|
|
8
|
+
export async function getSecurityStateAction(repositoryPath) {
|
|
9
|
+
try {
|
|
10
|
+
const useCase = resolve('GetSecurityStateUseCase');
|
|
11
|
+
const state = await useCase.execute(repositoryPath);
|
|
12
|
+
return { state };
|
|
13
|
+
}
|
|
14
|
+
catch (error) {
|
|
15
|
+
const message = error instanceof Error ? error.message : 'Failed to load security state';
|
|
16
|
+
return { error: message };
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Runs the full security enforcement flow for a repository.
|
|
21
|
+
*/
|
|
22
|
+
export async function enforceSecurityAction(repositoryPath) {
|
|
23
|
+
try {
|
|
24
|
+
const useCase = resolve('EnforceSecurityUseCase');
|
|
25
|
+
const result = await useCase.execute({ repositoryPath });
|
|
26
|
+
revalidatePath('/', 'layout');
|
|
27
|
+
return { result };
|
|
28
|
+
}
|
|
29
|
+
catch (error) {
|
|
30
|
+
const message = error instanceof Error ? error.message : 'Failed to run security enforcement';
|
|
31
|
+
return { error: message };
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
/**
|
|
35
|
+
* Updates the security mode in settings.
|
|
36
|
+
*/
|
|
37
|
+
export async function updateSecurityModeAction(mode) {
|
|
38
|
+
try {
|
|
39
|
+
const loadUseCase = resolve('LoadSettingsUseCase');
|
|
40
|
+
const current = await loadUseCase.execute();
|
|
41
|
+
const merged = {
|
|
42
|
+
...current,
|
|
43
|
+
security: {
|
|
44
|
+
...current.security,
|
|
45
|
+
mode,
|
|
46
|
+
},
|
|
47
|
+
updatedAt: new Date(),
|
|
48
|
+
};
|
|
49
|
+
const updateUseCase = resolve('UpdateSettingsUseCase');
|
|
50
|
+
await updateUseCase.execute(merged);
|
|
51
|
+
updateSettingsSingleton(merged);
|
|
52
|
+
revalidatePath('/', 'layout');
|
|
53
|
+
return { success: true };
|
|
54
|
+
}
|
|
55
|
+
catch (error) {
|
|
56
|
+
const message = error instanceof Error ? error.message : 'Failed to update security mode';
|
|
57
|
+
return { success: false, error: message };
|
|
58
|
+
}
|
|
59
|
+
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { Feature, Repository, AgentRun } from '../../../../packages/core/src/domain/generated/output.js';
|
|
1
|
+
import type { Feature, Repository, AgentRun, SecurityMode } from '../../../../packages/core/src/domain/generated/output.js';
|
|
2
2
|
import type { CanvasNodeType } from '../components/features/features-canvas/index.js';
|
|
3
3
|
import type { Edge } from '@xyflow/react';
|
|
4
4
|
export interface FeatureWithRun {
|
|
@@ -29,6 +29,8 @@ export interface BuildGraphNodesOptions {
|
|
|
29
29
|
}>;
|
|
30
30
|
/** Git info resolution status keyed by repository path */
|
|
31
31
|
repoGitStatus?: Map<string, 'loading' | 'ready' | 'not-a-repo'>;
|
|
32
|
+
/** Global security mode from settings (omitted or Disabled means no badge) */
|
|
33
|
+
securityMode?: SecurityMode;
|
|
32
34
|
}
|
|
33
35
|
export declare function buildGraphNodes(repositories: Repository[], featuresWithRuns: FeatureWithRun[], options?: BuildGraphNodesOptions): {
|
|
34
36
|
nodes: CanvasNodeType[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"build-graph-nodes.d.ts","sourceRoot":"","sources":["../../../../../src/presentation/web/app/build-graph-nodes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"build-graph-nodes.d.ts","sourceRoot":"","sources":["../../../../../src/presentation/web/app/build-graph-nodes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,OAAO,EACP,UAAU,EACV,QAAQ,EACR,YAAY,EACb,MAAM,sCAAsC,CAAC;AAS9C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAC;AAC5E,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAG1C,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,GAAG,EAAE,QAAQ,GAAG,IAAI,CAAC;CACtB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,sBAAsB;IACrC,uEAAuE;IACvE,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,6EAA6E;IAC7E,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,qEAAqE;IACrE,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,0FAA0F;IAC1F,WAAW,CAAC,EAAE,GAAG,CACf,MAAM,EACN;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,aAAa,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CACzF,CAAC;IACF,0DAA0D;IAC1D,aAAa,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,GAAG,YAAY,CAAC,CAAC;IAChE,8EAA8E;IAC9E,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B;AAED,wBAAgB,eAAe,CAC7B,YAAY,EAAE,UAAU,EAAE,EAC1B,gBAAgB,EAAE,cAAc,EAAE,EAClC,OAAO,CAAC,EAAE,sBAAsB,GAC/B;IAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IAAC,KAAK,EAAE,IAAI,EAAE,CAAA;CAAE,CAoG5C"}
|
|
@@ -140,6 +140,8 @@ function appendFeatureNodes(repoFeatures, repoNodeId, allFeaturesWithRuns, nodes
|
|
|
140
140
|
mergeable: feature.pr.mergeable,
|
|
141
141
|
},
|
|
142
142
|
}),
|
|
143
|
+
...(options?.securityMode &&
|
|
144
|
+
options.securityMode !== 'Disabled' && { securityMode: options.securityMode }),
|
|
143
145
|
};
|
|
144
146
|
const featureNodeId = `feat-${feature.id}`;
|
|
145
147
|
nodes.push({
|
package/dist/src/presentation/web/components/common/feature-node/feature-node-state-config.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { type LucideIcon } from 'lucide-react';
|
|
2
2
|
import type { Node } from '@xyflow/react';
|
|
3
|
-
import type { PrStatus, CiStatus, DeploymentState } from '../../../../../../packages/core/src/domain/generated/output.js';
|
|
3
|
+
import type { PrStatus, CiStatus, DeploymentState, SecurityMode } from '../../../../../../packages/core/src/domain/generated/output.js';
|
|
4
4
|
import type { AgentTypeValue } from './agent-type-icons.js';
|
|
5
5
|
export type FeatureNodeState = 'creating' | 'running' | 'action-required' | 'done' | 'blocked' | 'pending' | 'error' | 'deleting' | 'archived';
|
|
6
6
|
export type FeatureLifecyclePhase = 'pending' | 'requirements' | 'research' | 'implementation' | 'review' | 'awaitingUpstream' | 'deploy' | 'maintain';
|
|
@@ -109,6 +109,8 @@ export interface FeatureNodeData {
|
|
|
109
109
|
status: DeploymentState;
|
|
110
110
|
url?: string;
|
|
111
111
|
};
|
|
112
|
+
/** Security mode when active (Disabled, Advisory, Enforce) */
|
|
113
|
+
securityMode?: SecurityMode;
|
|
112
114
|
onAction?: () => void;
|
|
113
115
|
onSettings?: () => void;
|
|
114
116
|
hasChildren?: boolean;
|
package/dist/src/presentation/web/components/common/feature-node/feature-node-state-config.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"feature-node-state-config.d.ts","sourceRoot":"","sources":["../../../../../../../src/presentation/web/components/common/feature-node/feature-node-state-config.ts"],"names":[],"mappings":"AAAA,OAAO,EASL,KAAK,UAAU,EAChB,MAAM,cAAc,CAAC;AACtB,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"feature-node-state-config.d.ts","sourceRoot":"","sources":["../../../../../../../src/presentation/web/components/common/feature-node/feature-node-state-config.ts"],"names":[],"mappings":"AAAA,OAAO,EASL,KAAK,UAAU,EAChB,MAAM,cAAc,CAAC;AACtB,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,KAAK,EACV,QAAQ,EACR,QAAQ,EACR,eAAe,EACf,YAAY,EACb,MAAM,sCAAsC,CAAC;AAC9C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEzD,MAAM,MAAM,gBAAgB,GACxB,UAAU,GACV,SAAS,GACT,iBAAiB,GACjB,MAAM,GACN,SAAS,GACT,SAAS,GACT,OAAO,GACP,UAAU,GACV,UAAU,CAAC;AAEf,MAAM,MAAM,qBAAqB,GAC7B,SAAS,GACT,cAAc,GACd,UAAU,GACV,gBAAgB,GAChB,QAAQ,GACR,kBAAkB,GAClB,QAAQ,GACR,UAAU,CAAC;AAEf,0DAA0D;AAC1D,eAAO,MAAM,sBAAsB,EAAE,MAAM,CAAC,qBAAqB,EAAE,MAAM,CASxE,CAAC;AAEF,0DAA0D;AAC1D,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,qBAAqB,EAAE,MAAM,CASvE,CAAC;AAEF,4DAA4D;AAC5D,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,qBAAqB,EAAE,MAAM,CASvE,CAAC;AAEF,2EAA2E;AAC3E,eAAO,MAAM,mBAAmB,EAAE,MAAM,CACtC,qBAAqB,EACrB;IACE,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB,CAwEF,CAAC;AAEF,mFAAmF;AACnF,eAAO,MAAM,iBAAiB,EAAE,OAAO,CAAC,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAIvE,CAAC;AAEF,0EAA0E;AAC1E,eAAO,MAAM,iBAAiB,EAAE,OAAO,CAAC,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAIvE,CAAC;AAEF,gFAAgF;AAChF,eAAO,MAAM,qBAAqB,EAAE,MAAM,CAAC,qBAAqB,EAAE,MAAM,CASvE,CAAC;AAEF,MAAM,WAAW,eAAe;IAC9B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,qBAAqB,CAAC;IACjC,KAAK,EAAE,gBAAgB,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,8CAA8C;IAC9C,cAAc,EAAE,MAAM,CAAC;IACvB,uCAAuC;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,kFAAkF;IAClF,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gDAAgD;IAChD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gFAAgF;IAChF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4DAA4D;IAC5D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,2CAA2C;IAC3C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0CAA0C;IAC1C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,uEAAuE;IACvE,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,0DAA0D;IAC1D,SAAS,CAAC,EAAE,cAAc,CAAC;IAC3B,8DAA8D;IAC9D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mCAAmC;IACnC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,0DAA0D;IAC1D,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,+CAA+C;IAC/C,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,0EAA0E;IAC1E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8DAA8D;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,4EAA4E;IAC5E,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sDAAsD;IACtD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,+DAA+D;IAC/D,EAAE,CAAC,EAAE;QACH,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,QAAQ,CAAC;QACjB,QAAQ,CAAC,EAAE,QAAQ,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,yDAAyD;IACzD,aAAa,CAAC,EAAE;QACd,QAAQ,EAAE,OAAO,CAAC;QAClB,SAAS,EAAE,OAAO,CAAC;QACnB,UAAU,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,4DAA4D;IAC5D,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,gDAAgD;IAChD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,sDAAsD;IACtD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,8DAA8D;IAC9D,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,mDAAmD;IACnD,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,2DAA2D;IAC3D,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,kDAAkD;IAClD,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,+CAA+C;IAC/C,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,+EAA+E;IAC/E,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,kDAAkD;IAClD,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,+DAA+D;IAC/D,UAAU,CAAC,EAAE;QACX,MAAM,EAAE,eAAe,CAAC;QACxB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAC;IACF,8DAA8D;IAC9D,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,IAAI,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,IAAI,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,2DAA2D;IAC3D,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,6DAA6D;IAC7D,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,QAAQ,CAAC,EAAE,CACT,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,OAAO,EACjB,aAAa,CAAC,EAAE,OAAO,EACvB,OAAO,CAAC,EAAE,OAAO,KACd,IAAI,CAAC;IACV,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,IAAI,CAAC;IACtC,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,IAAI,CAAC;IACtC,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,IAAI,CAAC;IACrC,SAAS,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,IAAI,CAAC;IACxC,WAAW,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,IAAI,CAAC;IAC1C,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,EAAE,aAAa,CAAC,CAAC;AAEnE,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,UAAU,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,OAAO,CAAC;CAC1B;AAED,eAAO,MAAM,sBAAsB,EAAE,MAAM,CAAC,gBAAgB,EAAE,sBAAsB,CA2FnF,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"feature-node.d.ts","sourceRoot":"","sources":["../../../../../../../src/presentation/web/components/common/feature-node/feature-node.tsx"],"names":[],"mappings":"AA8CA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"feature-node.d.ts","sourceRoot":"","sources":["../../../../../../../src/presentation/web/components/common/feature-node/feature-node.tsx"],"names":[],"mappings":"AA8CA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAoDnE,wBAAgB,WAAW,CAAC,EAC1B,IAAI,EACJ,QAAQ,GACT,EAAE;IACD,IAAI,EAAE,eAAe,CAAC;IACtB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,2CAynBA"}
|
|
@@ -18,6 +18,7 @@ import { DeleteFeatureDialog } from '../../common/delete-feature-dialog/index.js
|
|
|
18
18
|
import { featureNodeStateConfig, lifecycleRunningVerbs, lifecyclePhaseBadge, } from './feature-node-state-config.js';
|
|
19
19
|
import { getAgentTypeIcon } from './agent-type-icons.js';
|
|
20
20
|
import { FeatureSessionsDropdown } from './feature-sessions-dropdown.js';
|
|
21
|
+
import { SecurityBadge } from '../../common/security-badge.js';
|
|
21
22
|
function AgentIcon({ agentType, className }) {
|
|
22
23
|
const IconComponent = getAgentTypeIcon(agentType);
|
|
23
24
|
return _jsx(IconComponent, { className: className });
|
|
@@ -111,7 +112,7 @@ export function FeatureNode({ data, selected, }) {
|
|
|
111
112
|
selected &&
|
|
112
113
|
'border-e-rose-400 border-t-rose-400 border-b-rose-400 dark:border-e-amber-500 dark:border-t-amber-500 dark:border-b-amber-500', selected &&
|
|
113
114
|
data.state !== 'action-required' &&
|
|
114
|
-
'border-blue-400 dark:border-amber-500/60', data.state === 'deleting' && 'opacity-60', data.state === 'archived' && 'opacity-50'), children: [data.state !== 'creating' ? (_jsx("div", { className: "absolute end-4 top-3", children: _jsx(TooltipProvider, { children: _jsxs(Tooltip, { children: [_jsx(TooltipTrigger, { asChild: true, children: _jsxs("span", { "data-testid": "feature-node-phase-badge", className: "flex items-center gap-1.5", children: [_jsx("span", { className: "text-muted-foreground text-[10px]", children: lifecyclePhaseBadge[data.lifecycle].tooltip }), _jsx("span", { className: cn('h-1.5 w-1.5 -translate-y-px rounded-full', lifecyclePhaseBadge[data.lifecycle].dot) })] }) }), _jsxs(TooltipContent, { side: "right", className: "max-w-56", children: [_jsx("p", { className: "font-semibold", children: lifecyclePhaseBadge[data.lifecycle].tooltip }), _jsx("p", { className: "mt-1 text-xs leading-relaxed text-neutral-500", children: lifecyclePhaseBadge[data.lifecycle].description })] })] }) }) })) : null, _jsxs("div", { className: "flex items-center gap-1.5 pe-24", children: [data.agentType ? (_jsx(AgentIcon, { agentType: data.agentType, className: "h-4 w-4 shrink-0" })) : null, _jsx(TooltipProvider, { children: _jsxs(Tooltip, { children: [_jsx(TooltipTrigger, { asChild: true, children: _jsx("span", { "data-testid": "feature-node-fast-mode-badge", className: "shrink-0", children: data.fastMode ? (_jsx(Zap, { className: "h-3.5 w-3.5 text-amber-500" })) : (_jsx(ClipboardList, { className: "h-3.5 w-3.5 text-indigo-500" })) }) }), _jsx(TooltipContent, { side: "top", children: data.fastMode ? t('featureNode.fastMode') : t('featureNode.specDriven') })] }) }), _jsx("h3", { className: "min-w-0 truncate text-sm font-bold", children: data.name })] }), data.description ? (_jsx("p", { "data-testid": "feature-node-description", className: "text-muted-foreground mt-1 line-clamp-2 text-xs", children: data.description })) : null, _jsxs("div", { className: "mt-auto pt-2", children: [config.showProgressBar ? (_jsxs(_Fragment, { children: [_jsx("div", { className: "text-muted-foreground flex items-center justify-end text-[10px]", children: _jsxs("span", { children: [data.progress, "%"] }) }), _jsx("div", { "data-testid": "feature-node-progress-bar", className: "bg-muted mt-1.5 h-1 w-full overflow-hidden rounded-full", children: _jsx("div", { className: cn('h-full rounded-full transition-all', config.progressClass), style: { width: `${data.progress}%` } }) })] })) : null, !config.showProgressBar &&
|
|
115
|
+
'border-blue-400 dark:border-amber-500/60', data.state === 'deleting' && 'opacity-60', data.state === 'archived' && 'opacity-50'), children: [data.state !== 'creating' ? (_jsx("div", { className: "absolute end-4 top-3", children: _jsx(TooltipProvider, { children: _jsxs(Tooltip, { children: [_jsx(TooltipTrigger, { asChild: true, children: _jsxs("span", { "data-testid": "feature-node-phase-badge", className: "flex items-center gap-1.5", children: [_jsx("span", { className: "text-muted-foreground text-[10px]", children: lifecyclePhaseBadge[data.lifecycle].tooltip }), _jsx("span", { className: cn('h-1.5 w-1.5 -translate-y-px rounded-full', lifecyclePhaseBadge[data.lifecycle].dot) })] }) }), _jsxs(TooltipContent, { side: "right", className: "max-w-56", children: [_jsx("p", { className: "font-semibold", children: lifecyclePhaseBadge[data.lifecycle].tooltip }), _jsx("p", { className: "mt-1 text-xs leading-relaxed text-neutral-500", children: lifecyclePhaseBadge[data.lifecycle].description })] })] }) }) })) : null, _jsxs("div", { className: "flex items-center gap-1.5 pe-24", children: [data.agentType ? (_jsx(AgentIcon, { agentType: data.agentType, className: "h-4 w-4 shrink-0" })) : null, _jsx(TooltipProvider, { children: _jsxs(Tooltip, { children: [_jsx(TooltipTrigger, { asChild: true, children: _jsx("span", { "data-testid": "feature-node-fast-mode-badge", className: "shrink-0", children: data.fastMode ? (_jsx(Zap, { className: "h-3.5 w-3.5 text-amber-500" })) : (_jsx(ClipboardList, { className: "h-3.5 w-3.5 text-indigo-500" })) }) }), _jsx(TooltipContent, { side: "top", children: data.fastMode ? t('featureNode.fastMode') : t('featureNode.specDriven') })] }) }), data.securityMode ? _jsx(SecurityBadge, { mode: data.securityMode }) : null, _jsx("h3", { className: "min-w-0 truncate text-sm font-bold", children: data.name })] }), data.description ? (_jsx("p", { "data-testid": "feature-node-description", className: "text-muted-foreground mt-1 line-clamp-2 text-xs", children: data.description })) : null, _jsxs("div", { className: "mt-auto pt-2", children: [config.showProgressBar ? (_jsxs(_Fragment, { children: [_jsx("div", { className: "text-muted-foreground flex items-center justify-end text-[10px]", children: _jsxs("span", { children: [data.progress, "%"] }) }), _jsx("div", { "data-testid": "feature-node-progress-bar", className: "bg-muted mt-1.5 h-1 w-full overflow-hidden rounded-full", children: _jsx("div", { className: cn('h-full rounded-full transition-all', config.progressClass), style: { width: `${data.progress}%` } }) })] })) : null, !config.showProgressBar &&
|
|
115
116
|
![
|
|
116
117
|
'deleting',
|
|
117
118
|
'creating',
|
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
import type { RepositoryNodeData } from './repository-node-config.js';
|
|
2
|
+
import type { SecurityEvent } from '../../../../../../packages/core/src/domain/generated/output.js';
|
|
2
3
|
export interface RepositoryDrawerProps {
|
|
3
4
|
data: RepositoryNodeData | null;
|
|
4
5
|
onClose: () => void;
|
|
6
|
+
securityEvents?: SecurityEvent[];
|
|
5
7
|
}
|
|
6
|
-
export declare function RepositoryDrawer({ data, onClose }: RepositoryDrawerProps): import("react/jsx-runtime").JSX.Element;
|
|
8
|
+
export declare function RepositoryDrawer({ data, onClose, securityEvents }: RepositoryDrawerProps): import("react/jsx-runtime").JSX.Element;
|
|
7
9
|
//# sourceMappingURL=repository-drawer.d.ts.map
|
package/dist/src/presentation/web/components/common/repository-node/repository-drawer.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"repository-drawer.d.ts","sourceRoot":"","sources":["../../../../../../../src/presentation/web/components/common/repository-node/repository-drawer.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAGnE,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAChC,OAAO,EAAE,MAAM,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"repository-drawer.d.ts","sourceRoot":"","sources":["../../../../../../../src/presentation/web/components/common/repository-node/repository-drawer.tsx"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAGnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAE1E,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,kBAAkB,GAAG,IAAI,CAAC;IAChC,OAAO,EAAE,MAAM,IAAI,CAAC;IACpB,cAAc,CAAC,EAAE,aAAa,EAAE,CAAC;CAClC;AAED,wBAAgB,gBAAgB,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,cAAc,EAAE,EAAE,qBAAqB,2CAgHxF"}
|
|
@@ -8,7 +8,8 @@ import { Separator } from '../../ui/separator.js';
|
|
|
8
8
|
import { ActionButton } from '../../common/action-button/index.js';
|
|
9
9
|
import { useFeatureFlags } from '../../../hooks/feature-flags-context.js';
|
|
10
10
|
import { useRepositoryActions } from './use-repository-actions.js';
|
|
11
|
-
|
|
11
|
+
import { SecurityPanel } from './security-panel.js';
|
|
12
|
+
export function RepositoryDrawer({ data, onClose, securityEvents }) {
|
|
12
13
|
const featureFlags = useFeatureFlags();
|
|
13
14
|
const handleClose = useCallback(() => {
|
|
14
15
|
onClose();
|
|
@@ -20,5 +21,5 @@ export function RepositoryDrawer({ data, onClose }) {
|
|
|
20
21
|
targetType: 'repository',
|
|
21
22
|
repositoryPath: data.repositoryPath,
|
|
22
23
|
}
|
|
23
|
-
: undefined, header: data ? (_jsxs("div", { "data-testid": "repository-drawer-header", children: [_jsx(DrawerTitle, { children: data.name }), data.repositoryPath ? (_jsx(DrawerDescription, { className: "truncate font-mono text-xs", children: data.repositoryPath })) : null] })) : undefined, children: data?.repositoryPath ? (_jsxs(_Fragment, { children: [_jsx(Separator, {}), _jsxs("div", { className: "flex flex-col gap-3 p-4", children: [_jsx("div", { className: "text-muted-foreground text-xs font-semibold tracking-wider", children: "OPEN WITH" }), _jsxs("div", { className: "flex flex-col gap-2", children: [_jsx(ActionButton, { label: "Open in IDE", onClick: actions.openInIde, loading: actions.ideLoading, error: !!actions.ideError, icon: Code2, variant: "outline", size: "sm" }), _jsx(ActionButton, { label: "Open in Shell", onClick: actions.openInShell, loading: actions.shellLoading, error: !!actions.shellError, icon: Terminal, variant: "outline", size: "sm" }), _jsx(ActionButton, { label: "Open Folder", onClick: actions.openFolder, loading: actions.folderLoading, error: !!actions.folderError, icon: FolderOpen, variant: "outline", size: "sm" })] })] }), data.id && featureFlags.gitRebaseSync ? (_jsxs(_Fragment, { children: [_jsx(Separator, {}), _jsxs("div", { className: "flex flex-col gap-3 p-4", children: [_jsx("div", { className: "text-muted-foreground text-xs font-semibold tracking-wider", children: "GIT OPERATIONS" }), _jsxs("div", { className: "flex flex-col gap-2", children: [_jsx(ActionButton, { label: "Sync Main", onClick: actions.syncMain, loading: actions.syncLoading, error: !!actions.syncError, icon: RefreshCw, variant: "outline", size: "sm" }), actions.syncError ? (_jsx("p", { className: "text-destructive text-xs", children: actions.syncError })) : null] })] })] })) : null] })) : null }));
|
|
24
|
+
: undefined, header: data ? (_jsxs("div", { "data-testid": "repository-drawer-header", children: [_jsx(DrawerTitle, { children: data.name }), data.repositoryPath ? (_jsx(DrawerDescription, { className: "truncate font-mono text-xs", children: data.repositoryPath })) : null] })) : undefined, children: data?.repositoryPath ? (_jsxs(_Fragment, { children: [_jsx(Separator, {}), _jsxs("div", { className: "flex flex-col gap-3 p-4", children: [_jsx("div", { className: "text-muted-foreground text-xs font-semibold tracking-wider", children: "OPEN WITH" }), _jsxs("div", { className: "flex flex-col gap-2", children: [_jsx(ActionButton, { label: "Open in IDE", onClick: actions.openInIde, loading: actions.ideLoading, error: !!actions.ideError, icon: Code2, variant: "outline", size: "sm" }), _jsx(ActionButton, { label: "Open in Shell", onClick: actions.openInShell, loading: actions.shellLoading, error: !!actions.shellError, icon: Terminal, variant: "outline", size: "sm" }), _jsx(ActionButton, { label: "Open Folder", onClick: actions.openFolder, loading: actions.folderLoading, error: !!actions.folderError, icon: FolderOpen, variant: "outline", size: "sm" })] })] }), data.id && featureFlags.gitRebaseSync ? (_jsxs(_Fragment, { children: [_jsx(Separator, {}), _jsxs("div", { className: "flex flex-col gap-3 p-4", children: [_jsx("div", { className: "text-muted-foreground text-xs font-semibold tracking-wider", children: "GIT OPERATIONS" }), _jsxs("div", { className: "flex flex-col gap-2", children: [_jsx(ActionButton, { label: "Sync Main", onClick: actions.syncMain, loading: actions.syncLoading, error: !!actions.syncError, icon: RefreshCw, variant: "outline", size: "sm" }), actions.syncError ? (_jsx("p", { className: "text-destructive text-xs", children: actions.syncError })) : null] })] })] })) : null, securityEvents != null && securityEvents.length >= 0 ? (_jsxs(_Fragment, { children: [_jsx(Separator, {}), _jsx("div", { className: "flex flex-col gap-3 p-4", children: _jsx(SecurityPanel, { events: securityEvents }) })] })) : null] })) : null }));
|
|
24
25
|
}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import type { SecurityEvent } from '../../../../../../packages/core/src/domain/generated/output.js';
|
|
2
|
+
export interface SecurityPanelProps {
|
|
3
|
+
events: SecurityEvent[];
|
|
4
|
+
}
|
|
5
|
+
export declare function SecurityPanel({ events }: SecurityPanelProps): import("react/jsx-runtime").JSX.Element;
|
|
6
|
+
//# sourceMappingURL=security-panel.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-panel.d.ts","sourceRoot":"","sources":["../../../../../../../src/presentation/web/components/common/repository-node/security-panel.tsx"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAE1E,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,aAAa,EAAE,CAAC;CACzB;AAgBD,wBAAgB,aAAa,CAAC,EAAE,MAAM,EAAE,EAAE,kBAAkB,2CA6F3D"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
'use client';
|
|
2
|
+
import { jsx as _jsx, jsxs as _jsxs, Fragment as _Fragment } from "react/jsx-runtime";
|
|
3
|
+
import { useState } from 'react';
|
|
4
|
+
import { Shield, ChevronDown, AlertTriangle } from 'lucide-react';
|
|
5
|
+
import { useTranslation } from 'react-i18next';
|
|
6
|
+
import { cn } from '../../../lib/utils.js';
|
|
7
|
+
import { Badge } from '../../ui/badge.js';
|
|
8
|
+
const SEVERITY_COLORS = {
|
|
9
|
+
Low: 'bg-blue-100 text-blue-700 dark:bg-blue-900/40 dark:text-blue-300',
|
|
10
|
+
Medium: 'bg-yellow-100 text-yellow-700 dark:bg-yellow-900/40 dark:text-yellow-300',
|
|
11
|
+
High: 'bg-orange-100 text-orange-700 dark:bg-orange-900/40 dark:text-orange-300',
|
|
12
|
+
Critical: 'bg-red-100 text-red-700 dark:bg-red-900/40 dark:text-red-300',
|
|
13
|
+
};
|
|
14
|
+
const SEVERITY_ICON_COLORS = {
|
|
15
|
+
Low: 'text-blue-500',
|
|
16
|
+
Medium: 'text-yellow-500',
|
|
17
|
+
High: 'text-orange-500',
|
|
18
|
+
Critical: 'text-red-500',
|
|
19
|
+
};
|
|
20
|
+
export function SecurityPanel({ events }) {
|
|
21
|
+
const { t } = useTranslation('web');
|
|
22
|
+
const hasFindings = events.length > 0;
|
|
23
|
+
const [expanded, setExpanded] = useState(hasFindings);
|
|
24
|
+
const severityCounts = events.reduce((acc, event) => {
|
|
25
|
+
acc[event.severity] = (acc[event.severity] ?? 0) + 1;
|
|
26
|
+
return acc;
|
|
27
|
+
}, {});
|
|
28
|
+
return (_jsxs("div", { "data-testid": "security-panel", children: [_jsxs("button", { type: "button", onClick: () => setExpanded(!expanded), className: "flex w-full cursor-pointer items-center justify-between text-left", children: [_jsxs("div", { className: "flex items-center gap-2", children: [_jsx(Shield, { className: "text-muted-foreground h-3.5 w-3.5" }), _jsx("span", { className: "text-muted-foreground text-xs font-semibold tracking-wider", children: t('settings.security.panel.title').toUpperCase() }), hasFindings ? (_jsx(Badge, { variant: "secondary", className: "bg-red-100 px-1.5 py-0 text-[9px] text-red-700 dark:bg-red-900/40 dark:text-red-300", children: events.length })) : null] }), _jsx(ChevronDown, { className: cn('text-muted-foreground h-3.5 w-3.5 transition-transform', expanded && 'rotate-180') })] }), expanded ? (_jsx("div", { className: "mt-3 flex flex-col gap-2", children: !hasFindings ? (_jsx("p", { className: "text-muted-foreground text-xs", children: t('settings.security.panel.noFindings') })) : (_jsxs(_Fragment, { children: [_jsx("div", { className: "flex flex-wrap gap-1.5", children: Object.entries(severityCounts).map(([severity, count]) => (_jsxs(Badge, { variant: "secondary", className: cn('px-1.5 py-0 text-[9px]', SEVERITY_COLORS[severity]), children: [count, " ", severity] }, severity))) }), _jsx("div", { className: "flex flex-col gap-1.5", children: events.slice(0, 5).map((event) => (_jsxs("div", { className: "flex items-start gap-2 rounded-md border px-2 py-1.5", children: [_jsx(AlertTriangle, { className: cn('mt-0.5 h-3 w-3 shrink-0', SEVERITY_ICON_COLORS[event.severity] ?? 'text-muted-foreground') }), _jsxs("div", { className: "min-w-0 flex-1", children: [_jsx("p", { className: "truncate text-[11px]", children: event.message }), event.remediationSummary ? (_jsx("p", { className: "text-muted-foreground mt-0.5 truncate text-[10px]", children: event.remediationSummary })) : null] })] }, event.id))) })] })) })) : null] }));
|
|
29
|
+
}
|
package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.d.ts
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { Meta, StoryObj } from '@storybook/react';
|
|
2
|
+
import { SecurityPanel } from './security-panel.js';
|
|
3
|
+
declare const meta: Meta<typeof SecurityPanel>;
|
|
4
|
+
export default meta;
|
|
5
|
+
type Story = StoryObj<typeof SecurityPanel>;
|
|
6
|
+
/** No findings — clean repository. */
|
|
7
|
+
export declare const NoFindings: Story;
|
|
8
|
+
/** Mixed governance and dependency findings. */
|
|
9
|
+
export declare const MixedFindings: Story;
|
|
10
|
+
//# sourceMappingURL=security-panel.stories.d.ts.map
|
package/dist/src/presentation/web/components/common/repository-node/security-panel.stories.d.ts.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"security-panel.stories.d.ts","sourceRoot":"","sources":["../../../../../../../src/presentation/web/components/common/repository-node/security-panel.stories.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAMvD,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,QAAA,MAAM,IAAI,EAAE,IAAI,CAAC,OAAO,aAAa,CAIpC,CAAC;AAEF,eAAe,IAAI,CAAC;AACpB,KAAK,KAAK,GAAG,QAAQ,CAAC,OAAO,aAAa,CAAC,CAAC;AAE5C,sCAAsC;AACtC,eAAO,MAAM,UAAU,EAAE,KAIxB,CAAC;AAEF,gDAAgD;AAChD,eAAO,MAAM,aAAa,EAAE,KAqC3B,CAAC"}
|