@shiftleftpt/sbd-toe-mcp 0.1.0 → 0.2.16

package/dist/bootstrap/checkout-backend.test.js

@@ -1,158 +0,0 @@
-import { describe, it, expect } from "vitest";
-import { sanitizeRunManifest, ensurePublishedIndex } from "../bootstrap/checkout-backend.js";
-// --- Tests ---
-describe("checkout-backend.ts", () => {
-    describe("sanitizeRunManifest", () => {
-        it("preserves run_id when present", () => {
-            const upstream = {
-                run_id: "test-run-123"
-            };
-            const result = sanitizeRunManifest(upstream);
-            expect(result.run_id).toBe("test-run-123");
-        });
-        it("omits run_id when undefined", () => {
-            const upstream = {
-                generated_at: "2026-03-24T10:00:00Z"
-            };
-            const result = sanitizeRunManifest(upstream);
-            expect(result).not.toHaveProperty("run_id");
-            expect(result.generated_at).toBe("2026-03-24T10:00:00Z");
-        });
-        it("converts SSH repo_url to HTTPS", () => {
-            const upstream = {
-                repo_url: "git@github.com:test/repo.git"
-            };
-            const result = sanitizeRunManifest(upstream);
-            expect(result.repo_url).toBe("https://github.com/test/repo");
-        });
-        it("converts SSH repo_url without .git suffix", () => {
-            const upstream = {
-                repo_url: "git@github.com:test/repo"
-            };
-            const result = sanitizeRunManifest(upstream);
-            expect(result.repo_url).toBe("https://github.com/test/repo");
-        });
-        it("preserves HTTPS repo_url unchanged", () => {
-            const upstream = {
-                repo_url: "https://github.com/test/repo.git"
-            };
-            const result = sanitizeRunManifest(upstream);
-            expect(result.repo_url).toBe("https://github.com/test/repo.git");
-        });
-        it("handles whitespace in repo_url", () => {
-            const upstream = {
-                repo_url: "  https://github.com/test/repo  "
-            };
-            const result = sanitizeRunManifest(upstream);
-            expect(result.repo_url).toBe("https://github.com/test/repo");
-        });
-        it("omits repo_url when undefined", () => {
-            const upstream = {
-                run_id: "123"
-            };
-            const result = sanitizeRunManifest(upstream);
-            expect(result).not.toHaveProperty("repo_url");
-        });
-        it("omits repo_url when empty string", () => {
-            const upstream = {
-                repo_url: ""
-            };
-            const result = sanitizeRunManifest(upstream);
-            expect(result).not.toHaveProperty("repo_url");
-        });
-        it("preserves all fields when all present", () => {
-            const upstream = {
-                run_id: "run-001",
-                generated_at: "2026-03-24T10:00:00Z",
-                branch: "main",
-                commit_sha: "abc123",
-                corpus_root: "/corpus",
-                repo_url: "https://github.com/test/repo",
-                sync_mode: "full",
-                version: "1.0.0"
-            };
-            const result = sanitizeRunManifest(upstream);
-            expect(result.run_id).toBe("run-001");
-            expect(result.generated_at).toBe("2026-03-24T10:00:00Z");
-            expect(result.branch).toBe("main");
-            expect(result.commit_sha).toBe("abc123");
-            expect(result.corpus_root).toBe("/corpus");
-            expect(result.repo_url).toBe("https://github.com/test/repo");
-            expect(result.sync_mode).toBe("full");
-            expect(result.version).toBe("1.0.0");
-        });
-    });
-    describe("ensurePublishedIndex", () => {
-        it("finds index by record_family", () => {
-            const items = [
-                {
-                    index_name: "test_docs",
-                    record_family: "documents",
-                    settings: { ranking: ["asc(popularity)"] }
-                }
-            ];
-            const result = ensurePublishedIndex(items, "documents", "default_docs");
-            expect(result.indexName).toBe("test_docs");
-            expect(result.recordFamily).toBe("documents");
-            expect(result.settings).toEqual({ ranking: ["asc(popularity)"] });
-        });
-        it("uses index_name as fallback when record_family not found", () => {
-            const items = [
-                {
-                    index_name: "fallback_index",
-                    record_family: "other_family"
-                }
-            ];
-            const result = ensurePublishedIndex(items, "entities", "fallback_index");
-            expect(result.indexName).toBe("fallback_index");
-            expect(result.recordFamily).toBe("entities");
-        });
-        it("throws when index not found by family or fallback", () => {
-            const items = [
-                {
-                    index_name: "some_index",
-                    record_family: "other_family"
-                }
-            ];
-            expect(() => {
-                ensurePublishedIndex(items, "documents", "missing_fallback");
-            }).toThrow(/O upstream não publicou um índice utilizável para "documents"/);
-        });
-        it("throws when items array is empty", () => {
-            expect(() => {
-                ensurePublishedIndex([], "documents", "fallback");
-            }).toThrow(/O upstream não publicou um índice utilizável/);
-        });
-        it("throws when items is undefined", () => {
-            expect(() => {
-                ensurePublishedIndex(undefined, "documents", "fallback");
-            }).toThrow(/O upstream não publicou um índice utilizável/);
-        });
-        it("defaults settings to empty object when not provided", () => {
-            const items = [
-                {
-                    index_name: "test_index",
-                    record_family: "documents"
-                    // settings omitted
-                }
-            ];
-            const result = ensurePublishedIndex(items, "documents", "fallback");
-            expect(result.settings).toEqual({});
-        });
-        it("prefers exact family match over fallback", () => {
-            const items = [
-                {
-                    index_name: "fallback_index",
-                    record_family: "other_family"
-                },
-                {
-                    index_name: "exact_docs_index",
-                    record_family: "documents"
-                }
-            ];
-            const result = ensurePublishedIndex(items, "documents", "fallback_index");
-            expect(result.indexName).toBe("exact_docs_index");
-        });
-    });
-});
-//# sourceMappingURL=checkout-backend.test.js.map

package/dist/bootstrap/checkout-backend.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"checkout-backend.test.js","sourceRoot":"","sources":["../../src/bootstrap/checkout-backend.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AA2B7F,gBAAgB;AAEhB,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,QAAQ,GAA+B;gBAC3C,MAAM,EAAE,cAAc;aACvB,CAAC;YAEF,MAAM,MAAM,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,QAAQ,GAA+B;gBAC3C,YAAY,EAAE,sBAAsB;aACrC,CAAC;YAEF,MAAM,MAAM,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,QAAQ,GAA+B;gBAC3C,QAAQ,EAAE,8BAA8B;aACzC,CAAC;YAEF,MAAM,MAAM,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,QAAQ,GAA+B;gBAC3C,QAAQ,EAAE,0BAA0B;aACrC,CAAC;YAEF,MAAM,MAAM,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,MAAM,QAAQ,GAA+B;gBAC3C,QAAQ,EAAE,kCAAkC;aAC7C,CAAC;YAEF,MAAM,MAAM,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,QAAQ,GAA+B;gBAC3C,QAAQ,EAAE,kCAAkC;aAC7C,CAAC;YAEF,MAAM,MAAM,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,QAAQ,GAA+B;gBAC3C,MAAM,EAAE,KAAK;aACd,CAAC;YAEF,MAAM,MAAM,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,QAAQ,GAA+B;gBAC3C,QAAQ,EAAE,EAAE;aACb,CAAC;YAEF,MAAM,MAAM,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,QAAQ,GAA+B;gBAC3C,MAAM,EAAE,SAAS;gBACjB,YAAY,EAAE,sBAAsB;gBACpC,MAAM,EAAE,MAAM;gBACd,UAAU,EAAE,QAAQ;gBACpB,WAAW,EAAE,SAAS;gBACtB,QAAQ,EAAE,8BAA8B;gBACxC,SAAS,EAAE,MAAM;gBACjB,OAAO,EAAE,OAAO;aACjB,CAAC;YAEF,MAAM,MAAM,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAE7C,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC;YACzD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;YAC7D,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,KAAK,GAA0C;gBACnD;oBACE,UAAU,EAAE,WAAW;oBACvB,aAAa,EAAE,WAAW;oBAC1B,QAAQ,EAAE,EAAE,OAAO,EAAE,CAAC,iBAAiB,CAAC,EAAE;iBAC3C;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,oBAAoB,CAAC,KAAK,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC;YAExE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;YAClE,MAAM,KAAK,GAA0C;gBACnD;oBACE,UAAU,EAAE,gBAAgB;oBAC5B,aAAa,EAAE,cAAc;iBAC9B;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,oBAAoB,CAAC,KAAK,EAAE,UAAU,EAAE,gBAAgB,CAAC,CAAC;YAEzE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YAC3D,MAAM,KAAK,GAA0C;gBACnD;oBACE,UAAU,EAAE,YAAY;oBACxB,aAAa,EAAE,cAAc;iBAC9B;aACF,CAAC;YAEF,MAAM,CAAC,GAAG,EAAE;gBACV,oBAAoB,CAAC,KAAK,EAAE,WAAW,EAAE,kBAAkB,CAAC,CAAC;YAC/D,CAAC,CAAC,CAAC,OAAO,CAAC,+DAA+D,CAAC,CAAC;QAC9E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,GAAG,EAAE;gBACV,oBAAoB,CAAC,EAAE,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;YACpD,CAAC,CAAC,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,CAAC,GAAG,EAAE;gBACV,oBAAoB,CAAC,SAAS,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;YAC3D,CAAC,CAAC,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC7D,MAAM,KAAK,GAA0C;gBACnD;oBACE,UAAU,EAAE,YAAY;oBACxB,aAAa,EAAE,WAAW;oBAC1B,mBAAmB;iBACpB;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,oBAAoB,CAAC,KAAK,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;YAEpE,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QACtC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,KAAK,GAA0C;gBACnD;oBACE,UAAU,EAAE,gBAAgB;oBAC5B,aAAa,EAAE,cAAc;iBAC9B;gBACD;oBACE,UAAU,EAAE,kBAAkB;oBAC9B,aAAa,EAAE,WAAW;iBAC3B;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,oBAAoB,CAAC,KAAK,EAAE,WAAW,EAAE,gBAAgB,CAAC,CAAC;YAE1E,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/bootstrap/release-checkout.d.ts

@@ -1,8 +0,0 @@
-import type { AppConfig } from "../types.js";
-export declare function assertSafeAssetUrl(url: string): void;
-export declare function assertSafeDestPath(destPath: string, baseDir: string): void;
-export declare function fetchReleaseAssetUrl(tag: string, timeoutMs: number): Promise<{
-    assetUrl: string;
-    assetName: string;
-}>;
-export declare function checkoutFromRelease(config: AppConfig, destDir: string): Promise<void>;

package/dist/bootstrap/release-checkout.js

@@ -1,168 +0,0 @@
-import { createWriteStream } from "node:fs";
-import { copyFile, mkdir, mkdtemp, rm } from "node:fs/promises";
-import { Readable } from "node:stream";
-import os from "node:os";
-import path from "node:path";
-import { pipeline } from "node:stream/promises";
-import { spawnSync } from "node:child_process";
-// SECURITY: URL base e owner/repo são HARDCODED. Nunca aceitar de env ou input externo.
-const HARDCODED_API_BASE = "https://api.github.com/repos/Shiftleftpt/sbd-toe-knowledge-graph";
-const ALLOWED_ASSET_URL_PREFIXES = [
-    "https://github.com/Shiftleftpt/sbd-toe-knowledge-graph/",
-    "https://objects.githubusercontent.com/",
-];
-// Fixed list of files to copy from the extracted bundle to destDir.
-// SECURITY: Only known paths are copied; no dynamic traversal of extracted content.
-const KNOWN_FILES = [
-    {
-        src: path.join("data", "publish", "algolia_docs_records.json"),
-        dest: path.join("data", "publish", "algolia_docs_records.json"),
-    },
-    {
-        src: path.join("data", "publish", "algolia_entities_records.json"),
-        dest: path.join("data", "publish", "algolia_entities_records.json"),
-    },
-    {
-        src: path.join("data", "publish", "algolia_docs_records_enriched.json"),
-        dest: path.join("data", "publish", "algolia_docs_records_enriched.json"),
-    },
-    {
-        src: path.join("data", "publish", "algolia_entities_records_enriched.json"),
-        dest: path.join("data", "publish", "algolia_entities_records_enriched.json"),
-    },
-    {
-        src: path.join("data", "publish", "algolia_index_settings.json"),
-        dest: path.join("data", "publish", "algolia_index_settings.json"),
-    },
-    {
-        src: path.join("data", "reports", "run_manifest.json"),
-        dest: path.join("data", "reports", "run_manifest.json"),
-    },
-];
-export function assertSafeAssetUrl(url) {
-    const allowed = ALLOWED_ASSET_URL_PREFIXES.some((prefix) => url.startsWith(prefix));
-    if (!allowed) {
-        throw new Error(`URL de asset não autorizada: ${url}`);
-    }
-}
-export function assertSafeDestPath(destPath, baseDir) {
-    const resolved = path.resolve(destPath);
-    const base = path.resolve(baseDir);
-    if (!resolved.startsWith(base + path.sep) && resolved !== base) {
-        throw new Error(`Path traversal detectado: ${destPath}`);
-    }
-}
-export async function fetchReleaseAssetUrl(tag, timeoutMs) {
-    const controller = new AbortController();
-    const timer = setTimeout(() => controller.abort(), timeoutMs);
-    try {
-        const releaseUrl = tag === "latest"
-            ? `${HARDCODED_API_BASE}/releases/latest`
-            : `${HARDCODED_API_BASE}/releases/tags/${encodeURIComponent(tag)}`;
-        const resp = await fetch(releaseUrl, {
-            signal: controller.signal,
-            headers: {
-                Accept: "application/vnd.github+json",
-                "X-GitHub-Api-Version": "2022-11-28",
-            },
-        });
-        if (!resp.ok) {
-            throw new Error(`GitHub API respondeu ${resp.status} para ${releaseUrl}`);
-        }
-        const release = (await resp.json());
-        const asset = release.assets?.find((a) => a.name.endsWith(".tar.gz") ||
-            a.name.endsWith(".zip") ||
-            a.name.includes("bundle"));
-        if (!asset) {
-            throw new Error(`Nenhum asset de bundle encontrado na release '${tag}'.`);
-        }
-        assertSafeAssetUrl(asset.browser_download_url);
-        return { assetUrl: asset.browser_download_url, assetName: asset.name };
-    }
-    finally {
-        clearTimeout(timer);
-    }
-}
-export async function checkoutFromRelease(config, destDir) {
-    const { upstreamReleaseTag, upstreamReleaseMaxBytes, upstreamReleaseTimeoutMs } = config.backend;
-    const { assetUrl, assetName } = await fetchReleaseAssetUrl(upstreamReleaseTag, upstreamReleaseTimeoutMs);
-    process.stderr.write(`[release-checkout] Downloading asset '${assetName}' from release '${upstreamReleaseTag}'.\n`);
-    // Download with timeout and size limit
-    const controller = new AbortController();
-    const timer = setTimeout(() => controller.abort(), upstreamReleaseTimeoutMs);
-    let tmpDir;
-    let tmpFile;
-    try {
-        const resp = await fetch(assetUrl, { signal: controller.signal });
-        if (!resp.ok || !resp.body) {
-            throw new Error(`Download falhou com status ${resp.status} para ${assetUrl}`);
-        }
-        tmpDir = await mkdtemp(path.join(os.tmpdir(), "sbd-release-"));
-        tmpFile = path.join(tmpDir, assetName);
-        let bytesReceived = 0;
-        const fileStream = createWriteStream(tmpFile);
-        await pipeline(Readable.fromWeb(resp.body), async function* (source) {
-            for await (const chunk of source) {
-                bytesReceived += chunk.length;
-                if (bytesReceived > upstreamReleaseMaxBytes) {
-                    throw new Error(`Asset excede o limite de tamanho (${upstreamReleaseMaxBytes} bytes): ${assetName}`);
-                }
-                yield chunk;
-            }
-        }, fileStream);
-        // Extract
-        const extractDir = path.join(tmpDir, "extracted");
-        await mkdir(extractDir, { recursive: true });
-        if (assetName.endsWith(".tar.gz") || assetName.endsWith(".tgz")) {
-            // SECURITY: argv fixos, sem shell, sem interpolação de env
-            const result = spawnSync("tar", ["-xzf", tmpFile, "-C", extractDir], {
-                stdio: ["ignore", "ignore", "pipe"],
-                timeout: upstreamReleaseTimeoutMs,
-                shell: false,
-            });
-            if (result.status !== 0) {
-                const stderr = result.stderr instanceof Buffer ? result.stderr.toString() : "";
-                throw new Error(`Extracção tar falhou (status ${result.status ?? "?"}): ${stderr.trim()}`);
-            }
-        }
-        else if (assetName.endsWith(".zip")) {
-            // SECURITY: argv fixos, sem shell, sem interpolação de env
-            const result = spawnSync("unzip", ["-q", tmpFile, "-d", extractDir], {
-                stdio: ["ignore", "ignore", "pipe"],
-                timeout: upstreamReleaseTimeoutMs,
-                shell: false,
-            });
-            if (result.status !== 0) {
-                const stderr = result.stderr instanceof Buffer ? result.stderr.toString() : "";
-                throw new Error(`Extracção zip falhou (status ${result.status ?? "?"}): ${stderr.trim()}`);
-            }
-        }
-        else {
-            throw new Error(`Formato de asset não suportado: ${assetName}`);
-        }
-        // Copy known files from extracted bundle to destDir
-        for (const { src, dest } of KNOWN_FILES) {
-            const srcPath = path.join(extractDir, src);
-            const destPath = path.join(destDir, dest);
-            // SECURITY: validate that the destination stays within destDir
-            assertSafeDestPath(destPath, destDir);
-            await mkdir(path.dirname(destPath), { recursive: true });
-            try {
-                await copyFile(srcPath, destPath);
-                process.stderr.write(`[release-checkout] Copiado: ${dest}\n`);
-            }
-            catch (err) {
-                const message = err instanceof Error ? err.message : String(err);
-                process.stderr.write(`[release-checkout] AVISO: ficheiro não encontrado no bundle: ${src} (${message})\n`);
-            }
-        }
-        process.stderr.write(`[release-checkout] Checkout via release '${upstreamReleaseTag}' concluído.\n`);
-    }
-    finally {
-        clearTimeout(timer);
-        if (tmpDir) {
-            await rm(tmpDir, { recursive: true, force: true }).catch(() => undefined);
-        }
-    }
-}
-//# sourceMappingURL=release-checkout.js.map

package/dist/bootstrap/release-checkout.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"release-checkout.js","sourceRoot":"","sources":["../../src/bootstrap/release-checkout.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,kBAAkB,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAG/C,wFAAwF;AACxF,MAAM,kBAAkB,GACtB,kEAAkE,CAAC;AAErE,MAAM,0BAA0B,GAAG;IACjC,yDAAyD;IACzD,wCAAwC;CACzC,CAAC;AAEF,oEAAoE;AACpE,oFAAoF;AACpF,MAAM,WAAW,GAAyC;IACxD;QACE,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,2BAA2B,CAAC;QAC9D,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,2BAA2B,CAAC;KAChE;IACD;QACE,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,+BAA+B,CAAC;QAClE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,+BAA+B,CAAC;KACpE;IACD;QACE,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,oCAAoC,CAAC;QACvE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,oCAAoC,CAAC;KACzE;IACD;QACE,GAAG,EAAE,IAAI,CAAC,IAAI,CACZ,MAAM,EACN,SAAS,EACT,wCAAwC,CACzC;QACD,IAAI,EAAE,IAAI,CAAC,IAAI,CACb,MAAM,EACN,SAAS,EACT,wCAAwC,CACzC;KACF;IACD;QACE,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,6BAA6B,CAAC;QAChE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,6BAA6B,CAAC;KAClE;IACD;QACE,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,mBAAmB,CAAC;QACtD,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,EAAE,mBAAmB,CAAC;KACxD;CACF,CAAC;AAEF,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,MAAM,OAAO,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CACzD,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,CACvB,CAAC;IACF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,EAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,QAAgB,EAAE,OAAe;IAClE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACnC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,KAAK,IAAI,EAAE,CAAC;QAC/D,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,GAAW,EACX,SAAiB;IAEjB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,SAAS,CAAC,CAAC;IAE9D,IAAI,CAAC;QACH,MAAM,UAAU,GACd,GAAG,KAAK,QAAQ;YACd,CAAC,CAAC,GAAG,kBAAkB,kBAAkB;YACzC,CAAC,CAAC,GAAG,kBAAkB,kBAAkB,kBAAkB,CAAC,GAAG,CAAC,EAAE,CAAC;QAEvE,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,UAAU,EAAE;YACnC,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE;gBACP,MAAM,EAAE,6BAA6B;gBACrC,sBAAsB,EAAE,YAAY;aACrC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,wBAAwB,IAAI,CAAC,MAAM,SAAS,UAAU,EAAE,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAEjC,CAAC;QACF,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,CAChC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC1B,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACvB,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAC5B,CAAC;QAEF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,iDAAiD,GAAG,IAAI,CAAC,CAAC;QAC5E,CAAC;QAED,kBAAkB,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC/C,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,oBAAoB,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;IACzE,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAiB,EACjB,OAAe;IAEf,MAAM,EAAE,kBAAkB,EAAE,uBAAuB,EAAE,wBAAwB,EAAE,GAC7E,MAAM,CAAC,OAAO,CAAC;IAEjB,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,oBAAoB,CACxD,kBAAkB,EAClB,wBAAwB,CACzB,CAAC;IAEF,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,yCAAyC,SAAS,mBAAmB,kBAAkB,MAAM,CAC9F,CAAC;IAEF,uCAAuC;IACvC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,wBAAwB,CAAC,CAAC;IAE7E,IAAI,MAA0B,CAAC;IAC/B,IAAI,OAA2B,CAAC;IAEhC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;QAClE,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,CAAC,MAAM,SAAS,QAAQ,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,cAAc,CAAC,CAAC,CAAC;QAC/D,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;QAEvC,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAE9C,MAAM,QAAQ,CACZ,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,IAA4D,CAAC,EACnF,KAAK,SAAS,CAAC,EAAE,MAAiC;YAChD,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBACjC,aAAa,IAAI,KAAK,CAAC,MAAM,CAAC;gBAC9B,IAAI,aAAa,GAAG,uBAAuB,EAAE,CAAC;oBAC5C,MAAM,IAAI,KAAK,CACb,qCAAqC,uBAAuB,YAAY,SAAS,EAAE,CACpF,CAAC;gBACJ,CAAC;gBACD,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,EACD,UAAU,CACX,CAAC;QAEF,UAAU;QACV,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAClD,MAAM,KAAK,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE7C,IAAI,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YAChE,2DAA2D;YAC3D,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,EAAE;gBACnE,KAAK,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC;gBACnC,OAAO,EAAE,wBAAwB;gBACjC,KAAK,EAAE,KAAK;aACb,CAAC,CAAC;YACH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACxB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,YAAY,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC/E,MAAM,IAAI,KAAK,CAAC,gCAAgC,MAAM,CAAC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC7F,CAAC;QACH,CAAC;aAAM,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,2DAA2D;YAC3D,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,EAAE;gBACnE,KAAK,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC;gBACnC,OAAO,EAAE,wBAAwB;gBACjC,KAAK,EAAE,KAAK;aACb,CAAC,CAAC;YACH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACxB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,YAAY,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC/E,MAAM,IAAI,KAAK,CAAC,gCAAgC,MAAM,CAAC,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC7F,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,mCAAmC,SAAS,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,oDAAoD;QACpD,KAAK,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,IAAI,WAAW,EAAE,CAAC;YACxC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;YAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAE1C,+DAA+D;YAC/D,kBAAkB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAEtC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAEzD,IAAI,CAAC;gBACH,MAAM,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;gBAClC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,+BAA+B,IAAI,IAAI,CAAC,CAAC;YAChE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACjE,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,gEAAgE,GAAG,KAAK,OAAO,KAAK,CACrF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,4CAA4C,kBAAkB,gBAAgB,CAC/E,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACpB,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,EAAE,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/bootstrap/release-checkout.test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/bootstrap/release-checkout.test.js

@@ -1,137 +0,0 @@
-import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
-import path from "node:path";
-import { assertSafeAssetUrl, assertSafeDestPath, fetchReleaseAssetUrl, } from "./release-checkout.js";
-// ---------------------------------------------------------------------------
-// assertSafeAssetUrl
-// ---------------------------------------------------------------------------
-describe("assertSafeAssetUrl", () => {
-    it("accepts an authorised github.com URL", () => {
-        expect(() => assertSafeAssetUrl("https://github.com/Shiftleftpt/sbd-toe-knowledge-graph/releases/download/v1.0.0/bundle.tar.gz")).not.toThrow();
-    });
-    it("accepts an authorised objects.githubusercontent.com URL", () => {
-        expect(() => assertSafeAssetUrl("https://objects.githubusercontent.com/github-production-release-asset-2e65be/123/bundle.tar.gz")).not.toThrow();
-    });
-    it("rejects an unauthorised external URL", () => {
-        expect(() => assertSafeAssetUrl("https://evil.example.com/malicious.tar.gz")).toThrow("URL de asset não autorizada");
-    });
-    it("rejects a URL that starts with an allowed prefix but has wrong host", () => {
-        expect(() => assertSafeAssetUrl("https://evil.github.com/Shiftleftpt/anything")).toThrow("URL de asset não autorizada");
-    });
-});
-// ---------------------------------------------------------------------------
-// assertSafeDestPath
-// ---------------------------------------------------------------------------
-describe("assertSafeDestPath", () => {
-    const baseDir = "/tmp/sbd-base";
-    it("accepts a path inside baseDir", () => {
-        expect(() => assertSafeDestPath(path.join(baseDir, "data", "publish", "file.json"), baseDir)).not.toThrow();
-    });
-    it("accepts a path equal to baseDir", () => {
-        expect(() => assertSafeDestPath(baseDir, baseDir)).not.toThrow();
-    });
-    it("rejects a path-traversal attempt with ../", () => {
-        expect(() => assertSafeDestPath(path.join(baseDir, "..", "..", "etc", "passwd"), baseDir)).toThrow("Path traversal detectado");
-    });
-    it("rejects an absolute path outside baseDir", () => {
-        expect(() => assertSafeDestPath("/usr/local/bin/evil", baseDir)).toThrow("Path traversal detectado");
-    });
-});
-// ---------------------------------------------------------------------------
-// fetchReleaseAssetUrl  (mocked fetch)
-// ---------------------------------------------------------------------------
-describe("fetchReleaseAssetUrl", () => {
-    beforeEach(() => {
-        vi.stubGlobal("fetch", vi.fn());
-    });
-    afterEach(() => {
-        vi.unstubAllGlobals();
-    });
-    it("throws when GitHub API returns 404", async () => {
-        vi.mocked(fetch).mockResolvedValueOnce(new Response(null, { status: 404 }));
-        await expect(fetchReleaseAssetUrl("latest", 5000)).rejects.toThrow("GitHub API respondeu 404");
-    });
-    it("throws when release has no assets", async () => {
-        vi.mocked(fetch).mockResolvedValueOnce(new Response(JSON.stringify({ assets: [] }), {
-            status: 200,
-            headers: { "Content-Type": "application/json" },
-        }));
-        await expect(fetchReleaseAssetUrl("latest", 5000)).rejects.toThrow("Nenhum asset de bundle encontrado");
-    });
-    it("throws when release has no assets property at all", async () => {
-        vi.mocked(fetch).mockResolvedValueOnce(new Response(JSON.stringify({}), {
-            status: 200,
-            headers: { "Content-Type": "application/json" },
-        }));
-        await expect(fetchReleaseAssetUrl("latest", 5000)).rejects.toThrow("Nenhum asset de bundle encontrado");
-    });
-    it("throws when asset URL is not in allowed prefixes", async () => {
-        vi.mocked(fetch).mockResolvedValueOnce(new Response(JSON.stringify({
-            assets: [
-                {
-                    name: "bundle.tar.gz",
-                    browser_download_url: "https://evil.example.com/bundle.tar.gz",
-                },
-            ],
-        }), {
-            status: 200,
-            headers: { "Content-Type": "application/json" },
-        }));
-        await expect(fetchReleaseAssetUrl("latest", 5000)).rejects.toThrow("URL de asset não autorizada");
-    });
-    it("returns assetUrl and assetName for a valid release with bundle asset", async () => {
-        const downloadUrl = "https://github.com/Shiftleftpt/sbd-toe-knowledge-graph/releases/download/v1.0.0/bundle.tar.gz";
-        vi.mocked(fetch).mockResolvedValueOnce(new Response(JSON.stringify({
-            assets: [
-                {
-                    name: "bundle.tar.gz",
-                    browser_download_url: downloadUrl,
-                },
-            ],
-        }), {
-            status: 200,
-            headers: { "Content-Type": "application/json" },
-        }));
-        const result = await fetchReleaseAssetUrl("latest", 5000);
-        expect(result.assetUrl).toBe(downloadUrl);
-        expect(result.assetName).toBe("bundle.tar.gz");
-    });
-    it("uses tag-specific URL when tag is not 'latest'", async () => {
-        const downloadUrl = "https://github.com/Shiftleftpt/sbd-toe-knowledge-graph/releases/download/v2.0.0/bundle.tar.gz";
-        vi.mocked(fetch).mockResolvedValueOnce(new Response(JSON.stringify({
-            assets: [
-                {
-                    name: "bundle.tar.gz",
-                    browser_download_url: downloadUrl,
-                },
-            ],
-        }), {
-            status: 200,
-            headers: { "Content-Type": "application/json" },
-        }));
-        await fetchReleaseAssetUrl("v2.0.0", 5000);
-        const calledUrl = vi.mocked(fetch).mock.calls[0]?.[0];
-        expect(calledUrl).toContain("/releases/tags/v2.0.0");
-    });
-});
-// ---------------------------------------------------------------------------
-// UPSTREAM_SOURCE config validation
-// ---------------------------------------------------------------------------
-describe("getConfig UPSTREAM_SOURCE validation", () => {
-    afterEach(() => {
-        vi.unstubAllGlobals();
-        // Reset module to clear cached config
-        vi.resetModules();
-    });
-    it("throws when UPSTREAM_SOURCE has an invalid value", async () => {
-        process.env["UPSTREAM_SOURCE"] = "INVALID";
-        try {
-            const { getConfig } = await import("../config.js");
-            // Reset cache by re-importing a fresh module (resetModules above)
-            expect(() => getConfig()).toThrow("UPSTREAM_SOURCE deve ser 'local' ou 'release'");
-        }
-        finally {
-            delete process.env["UPSTREAM_SOURCE"];
-        }
-    });
-});
-//# sourceMappingURL=release-checkout.test.js.map

package/dist/bootstrap/release-checkout.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"release-checkout.test.js","sourceRoot":"","sources":["../../src/bootstrap/release-checkout.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,uBAAuB,CAAC;AAE/B,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CAAC,GAAG,EAAE,CACV,kBAAkB,CAChB,+FAA+F,CAChG,CACF,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,CAAC,GAAG,EAAE,CACV,kBAAkB,CAChB,gGAAgG,CACjG,CACF,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CAAC,GAAG,EAAE,CACV,kBAAkB,CAAC,2CAA2C,CAAC,CAChE,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,GAAG,EAAE;QAC7E,MAAM,CAAC,GAAG,EAAE,CACV,kBAAkB,CAAC,8CAA8C,CAAC,CACnE,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,MAAM,OAAO,GAAG,eAAe,CAAC;IAEhC,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,CAAC,GAAG,EAAE,CACV,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW,CAAC,EAAE,OAAO,CAAC,CAChF,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,GAAG,EAAE,CACV,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,OAAO,CAAC,CAC7E,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,CAAC,GAAG,EAAE,CACV,kBAAkB,CAAC,qBAAqB,EAAE,OAAO,CAAC,CACnD,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,uCAAuC;AACvC,8EAA8E;AAE9E,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,EAAE,CAAC,gBAAgB,EAAE,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CACpC,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CACpC,CAAC;QAEF,MAAM,MAAM,CAAC,oBAAoB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAChE,0BAA0B,CAC3B,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CACpC,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,EAAE;YAC3C,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CAAC,CACH,CAAC;QAEF,MAAM,MAAM,CAAC,oBAAoB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAChE,mCAAmC,CACpC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CACpC,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE;YAC/B,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CAAC,CACH,CAAC;QAEF,MAAM,MAAM,CAAC,oBAAoB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAChE,mCAAmC,CACpC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CACpC,IAAI,QAAQ,CACV,IAAI,CAAC,SAAS,CAAC;YACb,MAAM,EAAE;gBACN;oBACE,IAAI,EAAE,eAAe;oBACrB,oBAAoB,EAClB,wCAAwC;iBAC3C;aACF;SACF,CAAC,EACF;YACE,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CACF,CACF,CAAC;QAEF,MAAM,MAAM,CAAC,oBAAoB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAChE,6BAA6B,CAC9B,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,KAAK,IAAI,EAAE;QACpF,MAAM,WAAW,GACf,+FAA+F,CAAC;QAElG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CACpC,IAAI,QAAQ,CACV,IAAI,CAAC,SAAS,CAAC;YACb,MAAM,EAAE;gBACN;oBACE,IAAI,EAAE,eAAe;oBACrB,oBAAoB,EAAE,WAAW;iBAClC;aACF;SACF,CAAC,EACF;YACE,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CACF,CACF,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAC1D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,WAAW,GACf,+FAA+F,CAAC;QAElG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,qBAAqB,CACpC,IAAI,QAAQ,CACV,IAAI,CAAC,SAAS,CAAC;YACb,MAAM,EAAE;gBACN;oBACE,IAAI,EAAE,eAAe;oBACrB,oBAAoB,EAAE,WAAW;iBAClC;aACF;SACF,CAAC,EACF;YACE,MAAM,EAAE,GAAG;YACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CACF,CACF,CAAC;QAEF,MAAM,oBAAoB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAE3C,MAAM,SAAS,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAW,CAAC;QAChE,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,oCAAoC;AACpC,8EAA8E;AAE9E,QAAQ,CAAC,sCAAsC,EAAE,GAAG,EAAE;IACpD,SAAS,CAAC,GAAG,EAAE;QACb,EAAE,CAAC,gBAAgB,EAAE,CAAC;QACtB,sCAAsC;QACtC,EAAE,CAAC,YAAY,EAAE,CAAC;IACpB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;QAChE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,SAAS,CAAC;QAC3C,IAAI,CAAC;YACH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC;YACnD,kEAAkE;YAClE,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,EAAE,CAAC,CAAC,OAAO,CAC/B,+CAA+C,CAChD,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACxC,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/resources/sbd-toe-resources.test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/resources/sbd-toe-resources.test.js

@@ -1,134 +0,0 @@
-import { describe, it, expect } from "vitest";
-import { buildSkillTemplateMarkdown, buildChapterApplicabilityJson, buildSetupAgentPrompt } from "./sbd-toe-resources.js";
-describe("buildSkillTemplateMarkdown", () => {
-    it("L1 with projectRole returns non-empty string containing L1 and Cap.", () => {
-        const result = buildSkillTemplateMarkdown("L1", "mcp-wrapper");
-        expect(result).toBeTruthy();
-        expect(result).toContain("L1");
-        expect(result).toContain("Cap.");
-        expect(result).toContain("mcp-wrapper");
-    });
-    it("L2 with projectRole returns non-empty string containing L2", () => {
-        const result = buildSkillTemplateMarkdown("L2", "api-service");
-        expect(result.length).toBeGreaterThan(0);
-        expect(result).toContain("L2");
-        expect(result).toContain("api-service");
-    });
-    it("L3 with projectRole returns non-empty string containing L3", () => {
-        const result = buildSkillTemplateMarkdown("L3", "platform-service");
-        expect(result.length).toBeGreaterThan(0);
-        expect(result).toContain("L3");
-    });
-    it("invalid riskLevel L9 throws Error mentioning L9", () => {
-        expect(() => buildSkillTemplateMarkdown("L9", "x")).toThrow(Error);
-        expect(() => buildSkillTemplateMarkdown("L9", "x")).toThrow("L9");
-    });
-    it("output contains all required sections", () => {
-        const result = buildSkillTemplateMarkdown("L1", "mcp-wrapper");
-        expect(result).toContain("# SbD-ToE Skill Template");
-        expect(result).toContain("## Classificação de Risco");
-        expect(result).toContain("## Capítulos Activos");
-        expect(result).toContain("## Capítulos Condicionais");
-        expect(result).toContain("## Triggers de Consulta");
-        expect(result).toContain("## Requisitos Base");
-    });
-    it("L1 active chapters are all present in output", () => {
-        const result = buildSkillTemplateMarkdown("L1", "x");
-        expect(result).toContain("Cap. 01");
-        expect(result).toContain("Cap. 02");
-        expect(result).toContain("Cap. 06");
-        expect(result).toContain("Cap. 10");
-    });
-    it("L2 has wider active list than L1", () => {
-        const r1 = buildSkillTemplateMarkdown("L1", "x");
-        const r2 = buildSkillTemplateMarkdown("L2", "x");
-        // L2 has Cap. 03 and Cap. 04 active; they are only conditional in L1
-        expect(r2).toContain("Cap. 03");
-        expect(r2).toContain("Cap. 04");
-        // L1 lists Cap. 03 as conditional
-        expect(r1).toContain("Cap. 03");
-    });
-});
-describe("buildChapterApplicabilityJson", () => {
-    it("L1 returns object with riskLevel and active/conditional/excluded as arrays", () => {
-        const result = buildChapterApplicabilityJson("L1");
-        expect(result["riskLevel"]).toBe("L1");
-        expect(Array.isArray(result["active"])).toBe(true);
-        expect(Array.isArray(result["conditional"])).toBe(true);
-        expect(Array.isArray(result["excluded"])).toBe(true);
-        expect(result["active"].length).toBeGreaterThan(0);
-    });
-    it("L2 returns object with riskLevel and all arrays", () => {
-        const result = buildChapterApplicabilityJson("L2");
-        expect(result["riskLevel"]).toBe("L2");
-        expect(Array.isArray(result["active"])).toBe(true);
-        expect(Array.isArray(result["conditional"])).toBe(true);
-        expect(Array.isArray(result["excluded"])).toBe(true);
-        expect(result["active"].length).toBeGreaterThan(0);
-    });
-    it("L3 returns object with riskLevel and all arrays; excluded is empty", () => {
-        const result = buildChapterApplicabilityJson("L3");
-        expect(result["riskLevel"]).toBe("L3");
-        expect(Array.isArray(result["active"])).toBe(true);
-        expect(Array.isArray(result["conditional"])).toBe(true);
-        expect(Array.isArray(result["excluded"])).toBe(true);
-        expect(result["excluded"].length).toBe(0);
-    });
-    it("invalid riskLevel X throws Error mentioning X", () => {
-        expect(() => buildChapterApplicabilityJson("X")).toThrow(Error);
-        expect(() => buildChapterApplicabilityJson("X")).toThrow("X");
-    });
-    it("L1 active list contains expected chapters from docs/sbd-toe-applicability.md", () => {
-        const result = buildChapterApplicabilityJson("L1");
-        expect(result.active).toContain("Cap. 01");
-        expect(result.active).toContain("Cap. 02");
-        expect(result.active).toContain("Cap. 05");
-        expect(result.active).toContain("Cap. 06");
-        expect(result.active).toContain("Cap. 07");
-        expect(result.active).toContain("Cap. 10");
-    });
-    it("L1 conditional list contains Cap. 03, Cap. 04, Cap. 11, Cap. 12, Cap. 14", () => {
-        const result = buildChapterApplicabilityJson("L1");
-        expect(result.conditional).toContain("Cap. 03");
-        expect(result.conditional).toContain("Cap. 04");
-        expect(result.conditional).toContain("Cap. 11");
-        expect(result.conditional).toContain("Cap. 12");
-        expect(result.conditional).toContain("Cap. 14");
-    });
-});
-describe("buildSetupAgentPrompt", () => {
-    it("L1 returns non-empty string containing L1 and Cap. 01", () => {
-        const result = buildSetupAgentPrompt("L1");
-        expect(result.length).toBeGreaterThan(0);
-        expect(result).toContain("L1");
-        expect(result).toContain("Cap. 01");
-    });
-    it("L1 with projectRole includes projectRole in text", () => {
-        const result = buildSetupAgentPrompt("L1", "mcp-wrapper");
-        expect(result).toContain("mcp-wrapper");
-    });
-    it("L1 without projectRole still contains mandatory rules", () => {
-        const result = buildSetupAgentPrompt("L1");
-        expect(result).toContain("Cap. 01 → Cap. 02");
-        expect(result).toContain("search_sbd_toe_manual");
-    });
-    it("L2 includes L2 active chapters", () => {
-        const result = buildSetupAgentPrompt("L2");
-        expect(result).toContain("L2");
-        expect(result).toContain("Cap. 03");
-        expect(result).toContain("Cap. 04");
-    });
-    it("L3 has no conditional chapters", () => {
-        const result = buildSetupAgentPrompt("L3");
-        expect(result).toContain("L3");
-        expect(result).toContain("nenhum");
-    });
-    it("invalid L4 riskLevel throws Error mentioning L4", () => {
-        expect(() => buildSetupAgentPrompt("L4")).toThrow(Error);
-        expect(() => buildSetupAgentPrompt("L4")).toThrow("L4");
-    });
-    it("invalid empty string riskLevel throws Error", () => {
-        expect(() => buildSetupAgentPrompt("")).toThrow(Error);
-    });
-});
-//# sourceMappingURL=sbd-toe-resources.test.js.map