@shiftleftpt/sbd-toe-mcp 0.1.0

package/dist/tools/map-review-scope.js

@@ -0,0 +1,299 @@
+const VALID_RISK_LEVELS = ["L1", "L2", "L3"];
+function isValidRiskLevel(value) {
+    return (typeof value === "string" &&
+        VALID_RISK_LEVELS.includes(value));
+}
+function makeRpcError(message, data) {
+    return Object.assign(new Error(message), {
+        rpcError: { code: -32602, message, data: data ?? null }
+    });
+}
+// ---------------------------------------------------------------------------
+// Readable titles (consistent with structured-tools.ts READABLE_TITLES)
+// ---------------------------------------------------------------------------
+const READABLE_TITLES = {
+    "01-classificacao-aplicacoes": "Classificação de Aplicações",
+    "02-requisitos-seguranca": "Requisitos de Segurança",
+    "03-threat-modeling": "Threat Modeling",
+    "04-arquitetura-segura": "Arquitetura Segura",
+    "05-dependencias-sbom-sca": "Dependências, SBOM e SCA",
+    "06-desenvolvimento-seguro": "Desenvolvimento Seguro",
+    "07-cicd-seguro": "CI/CD Seguro",
+    "08-iac-infraestrutura": "IaC e Infraestrutura",
+    "09-containers-imagens": "Containers e Imagens",
+    "10-testes-seguranca": "Testes de Segurança",
+    "11-deploy-seguro": "Deploy Seguro",
+    "12-monitorizacao-operacoes": "Monitorização e Operações",
+    "13-formacao-onboarding": "Formação e Onboarding",
+    "14-governanca-contratacao": "Governança e Contratação"
+};
+const BUNDLE_CATEGORIES = {
+    "01-classificacao-aplicacoes": "foundation",
+    "02-requisitos-seguranca": "foundation",
+    "03-threat-modeling": "foundation",
+    "04-arquitetura-segura": "foundation",
+    "05-dependencias-sbom-sca": "domain",
+    "06-desenvolvimento-seguro": "domain",
+    "08-iac-infraestrutura": "domain",
+    "09-containers-imagens": "domain",
+    "10-testes-seguranca": "domain",
+    "07-cicd-seguro": "operational",
+    "11-deploy-seguro": "operational",
+    "12-monitorizacao-operacoes": "operational",
+    "13-formacao-onboarding": "operational",
+    "14-governanca-contratacao": "operational"
+};
+const EXPECTED_EVIDENCE = {
+    "01-classificacao-aplicacoes": [
+        "Classificação da aplicação documentada e actualizada.",
+        "Nível de risco revisto face às mudanças introduzidas."
+    ],
+    "02-requisitos-seguranca": [
+        "Requisitos de segurança revistos e actualizados.",
+        "Critérios de aceitação de segurança definidos para as mudanças."
+    ],
+    "03-threat-modeling": [
+        "Threat model actualizado para os flows afectados.",
+        "Novas ameaças identificadas e endereçadas."
+    ],
+    "04-arquitetura-segura": [
+        "Diagrama de arquitectura actualizado.",
+        "Decisões de segurança documentadas nos ADRs."
+    ],
+    "05-dependencias-sbom-sca": [
+        "SBOM actualizado após mudanças de dependências.",
+        "Scan de dependências executado sem findings críticos."
+    ],
+    "06-desenvolvimento-seguro": [
+        "Revisão de código com foco em segurança realizada.",
+        "Sem hardcoded secrets ou dados sensíveis no código."
+    ],
+    "07-cicd-seguro": [
+        "Pipeline CI/CD com security gates activos.",
+        "Secrets em vault — não expostos nos logs do pipeline."
+    ],
+    "08-iac-infraestrutura": [
+        "Configuração de infraestrutura revista com princípio de least privilege.",
+        "Drift de configuração verificado e remediado."
+    ],
+    "09-containers-imagens": [
+        "Imagem base actualizada e scanned sem vulnerabilidades críticas.",
+        "Dockerfile sem execução como root."
+    ],
+    "10-testes-seguranca": [
+        "SAST/DAST executados sem findings críticos por resolver.",
+        "Testes de segurança relevantes para as mudanças adicionados."
+    ],
+    "11-deploy-seguro": [
+        "Processo de release documentado e aprovado.",
+        "Rollback plan definido e testado."
+    ],
+    "12-monitorizacao-operacoes": [
+        "Alertas de segurança actualizados para cobrir as mudanças.",
+        "Logs de segurança activos e a fluir correctamente."
+    ],
+    "13-formacao-onboarding": [
+        "Equipa informada das mudanças com impacto em processos.",
+        "Documentação de onboarding actualizada."
+    ],
+    "14-governanca-contratacao": [
+        "Documentação de governança actualizada.",
+        "Aprovações e revisões necessárias obtidas."
+    ]
+};
+const PATTERN_RULES = [
+    {
+        pattern: "src/config.ts",
+        bundles: ["02-requisitos-seguranca", "06-desenvolvimento-seguro", "08-iac-infraestrutura", "10-testes-seguranca"],
+        matches: (p) => p === "src/config.ts"
+    },
+    {
+        pattern: "src/**",
+        bundles: ["02-requisitos-seguranca", "06-desenvolvimento-seguro", "10-testes-seguranca"],
+        matches: (p) => p.startsWith("src/")
+    },
+    {
+        pattern: ".github/workflows/**",
+        bundles: ["07-cicd-seguro", "10-testes-seguranca", "11-deploy-seguro"],
+        matches: (p) => p.startsWith(".github/workflows/")
+    },
+    {
+        pattern: "package.json / *-lock.json / yarn.lock",
+        bundles: ["05-dependencias-sbom-sca"],
+        matches: (p) => p === "package.json" ||
+            p === "package-lock.json" ||
+            p === "yarn.lock" ||
+            p.endsWith("-lock.json")
+    },
+    {
+        pattern: "release/** / scripts/package-*",
+        bundles: ["11-deploy-seguro"],
+        matches: (p) => p.startsWith("release/") || p.startsWith("scripts/package-")
+    },
+    {
+        pattern: "docs/**",
+        bundles: ["14-governanca-contratacao"],
+        matches: (p) => p.startsWith("docs/")
+    },
+    {
+        pattern: "aos/** / .github/skills/**",
+        bundles: ["14-governanca-contratacao", "13-formacao-onboarding"],
+        matches: (p) => p.startsWith("aos/") || p.startsWith(".github/skills/")
+    }
+];
+const GUARDRAIL_BUNDLES = ["01-classificacao-aplicacoes", "02-requisitos-seguranca"];
+// ---------------------------------------------------------------------------
+// Handler
+// ---------------------------------------------------------------------------
+export function handleMapSbdToeReviewScope(args) {
+    // Validate riskLevel
+    const riskLevelArg = args["riskLevel"];
+    if (!isValidRiskLevel(riskLevelArg)) {
+        throw makeRpcError(`riskLevel inválido: "${String(riskLevelArg)}". Valores permitidos: L1, L2, L3.`, { invalidValue: riskLevelArg });
+    }
+    const riskLevel = riskLevelArg;
+    // Validate changedFiles
+    const changedFilesArg = args["changedFiles"];
+    if (!Array.isArray(changedFilesArg) || changedFilesArg.length === 0) {
+        throw makeRpcError('O argumento "changedFiles" é obrigatório e deve conter pelo menos um path.', { receivedValue: changedFilesArg });
+    }
+    // Normalize and validate each path
+    const normalizedPaths = [];
+    for (const raw of changedFilesArg) {
+        if (typeof raw !== "string") {
+            throw makeRpcError(`Path inválido: ${JSON.stringify(raw)}. Todos os paths devem ser strings.`);
+        }
+        // Normalize separators (cross-platform)
+        const normalized = raw.replace(/\\/g, "/");
+        // Path traversal check
+        if (normalized.includes("..")) {
+            throw makeRpcError(`Path inválido (path traversal detectado): "${normalized}". Paths com ".." não são permitidos.`, { invalidPath: normalized });
+        }
+        normalizedPaths.push(normalized);
+    }
+    // Truncate diffSummary to 500 chars (no error)
+    const rawDiffSummary = args["diffSummary"];
+    const _diffSummary = typeof rawDiffSummary === "string"
+        ? rawDiffSummary.slice(0, 500)
+        : undefined;
+    void _diffSummary; // reserved for future use
+    // ---------------------------------------------------------------------------
+    // Match paths to patterns
+    // ---------------------------------------------------------------------------
+    // Map: chapterId → { reason paths set, matched by guardrail only }
+    const bundlePathsMap = new Map();
+    const guardrailFiles = [];
+    // Track which patterns matched which files (for pathMapping output)
+    const patternMatchedFiles = new Map();
+    for (const filePath of normalizedPaths) {
+        let matchedAnyPattern = false;
+        for (const rule of PATTERN_RULES) {
+            if (rule.matches(filePath)) {
+                matchedAnyPattern = true;
+                if (!patternMatchedFiles.has(rule.pattern)) {
+                    patternMatchedFiles.set(rule.pattern, []);
+                }
+                patternMatchedFiles.get(rule.pattern).push(filePath);
+                for (const bundleId of rule.bundles) {
+                    if (!bundlePathsMap.has(bundleId)) {
+                        bundlePathsMap.set(bundleId, new Set());
+                    }
+                    bundlePathsMap.get(bundleId).add(filePath);
+                }
+            }
+        }
+        if (!matchedAnyPattern) {
+            guardrailFiles.push(filePath);
+        }
+    }
+    // Apply guardrail bundles for unmatched files
+    if (guardrailFiles.length > 0) {
+        const guardrailPattern = "Guardrail (path não mapeado)";
+        patternMatchedFiles.set(guardrailPattern, guardrailFiles);
+        for (const bundleId of GUARDRAIL_BUNDLES) {
+            if (!bundlePathsMap.has(bundleId)) {
+                bundlePathsMap.set(bundleId, new Set());
+            }
+            for (const f of guardrailFiles) {
+                bundlePathsMap.get(bundleId).add(f);
+            }
+        }
+    }
+    // ---------------------------------------------------------------------------
+    // Build deduplicated bundlesToReview
+    // ---------------------------------------------------------------------------
+    const bundlesToReview = [];
+    for (const [chapterId, filesSet] of bundlePathsMap) {
+        const filesList = [...filesSet].sort();
+        const readableTitle = READABLE_TITLES[chapterId] ?? chapterId;
+        const category = BUNDLE_CATEGORIES[chapterId] ?? "domain";
+        const reason = filesList.length === 1
+            ? `Ficheiro "${filesList[0]}" despoleta revisão deste bundle.`
+            : `Ficheiros ${filesList.map((f) => `"${f}"`).join(", ")} despoletam revisão deste bundle.`;
+        const expectedEvidence = EXPECTED_EVIDENCE[chapterId] ?? [
+            "Verificar impacto das mudanças neste bundle."
+        ];
+        bundlesToReview.push({ chapterId, readableTitle, category, reason, expectedEvidence });
+    }
+    // Sort by category then chapterId for deterministic output
+    bundlesToReview.sort((a, b) => {
+        const catOrder = { foundation: 0, domain: 1, operational: 2 };
+        const catDiff = catOrder[a.category] - catOrder[b.category];
+        return catDiff !== 0 ? catDiff : a.chapterId.localeCompare(b.chapterId);
+    });
+    // ---------------------------------------------------------------------------
+    // Build pathMapping
+    // ---------------------------------------------------------------------------
+    const pathMapping = [];
+    for (const [pattern, matchedFiles] of patternMatchedFiles) {
+        // Collect bundles for this pattern
+        const bundlesForPattern = new Set();
+        for (const rule of PATTERN_RULES) {
+            if (rule.pattern === pattern) {
+                for (const b of rule.bundles)
+                    bundlesForPattern.add(b);
+            }
+        }
+        // For guardrail pattern
+        if (pattern === "Guardrail (path não mapeado)") {
+            for (const b of GUARDRAIL_BUNDLES)
+                bundlesForPattern.add(b);
+        }
+        pathMapping.push({
+            pattern,
+            matchedFiles: [...matchedFiles].sort(),
+            bundles: [...bundlesForPattern].sort()
+        });
+    }
+    // ---------------------------------------------------------------------------
+    // Build nextSteps
+    // ---------------------------------------------------------------------------
+    const foundationIds = bundlesToReview
+        .filter((b) => b.category === "foundation")
+        .map((b) => b.chapterId);
+    const domainIds = bundlesToReview
+        .filter((b) => b.category === "domain")
+        .map((b) => b.chapterId);
+    const operationalIds = bundlesToReview
+        .filter((b) => b.category === "operational")
+        .map((b) => b.chapterId);
+    const nextSteps = [];
+    if (foundationIds.length > 0) {
+        nextSteps.push(`Rever bundles fundacionais: ${foundationIds.join(", ")} — assegurar que a classificação e requisitos de segurança estão actualizados.`);
+    }
+    if (domainIds.length > 0) {
+        nextSteps.push(`Rever bundles de domínio: ${domainIds.join(", ")} — validar que as práticas de segurança específicas foram aplicadas.`);
+    }
+    if (operationalIds.length > 0) {
+        nextSteps.push(`Rever bundles operacionais: ${operationalIds.join(", ")} — confirmar que processos operacionais de segurança estão actualizados.`);
+    }
+    if (riskLevel === "L2" || riskLevel === "L3") {
+        nextSteps.push(`Para nível ${riskLevel}: executar testes de segurança automatizados (SAST/DAST) antes do merge.`);
+    }
+    if (riskLevel === "L3") {
+        nextSteps.push("Para nível L3: obter aprovação formal do responsável de segurança antes do deploy.");
+    }
+    nextSteps.push(`Usar get_sbd_toe_chapter_brief(chapterId) para obter detalhe de cada bundle activado.`);
+    return { bundlesToReview, pathMapping, nextSteps };
+}
+//# sourceMappingURL=map-review-scope.js.map

package/dist/tools/map-review-scope.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"map-review-scope.js","sourceRoot":"","sources":["../../src/tools/map-review-scope.ts"],"names":[],"mappings":"AAAA,MAAM,iBAAiB,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAU,CAAC;AAGtD,SAAS,gBAAgB,CAAC,KAAc;IACtC,OAAO,CACL,OAAO,KAAK,KAAK,QAAQ;QACxB,iBAAuC,CAAC,QAAQ,CAAC,KAAK,CAAC,CACzD,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,OAAe,EAAE,IAAc;IACnD,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE;QACvC,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,IAAI,IAAI,EAAE;KACxD,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,wEAAwE;AACxE,8EAA8E;AAE9E,MAAM,eAAe,GAA2B;IAC9C,6BAA6B,EAAE,6BAA6B;IAC5D,yBAAyB,EAAM,yBAAyB;IACxD,oBAAoB,EAAW,iBAAiB;IAChD,uBAAuB,EAAQ,oBAAoB;IACnD,0BAA0B,EAAK,0BAA0B;IACzD,2BAA2B,EAAI,wBAAwB;IACvD,gBAAgB,EAAe,cAAc;IAC7C,uBAAuB,EAAQ,sBAAsB;IACrD,uBAAuB,EAAQ,sBAAsB;IACrD,qBAAqB,EAAU,qBAAqB;IACpD,kBAAkB,EAAa,eAAe;IAC9C,4BAA4B,EAAG,2BAA2B;IAC1D,wBAAwB,EAAO,uBAAuB;IACtD,2BAA2B,EAAI,0BAA0B;CAC1D,CAAC;AAIF,MAAM,iBAAiB,GAAmC;IACxD,6BAA6B,EAAE,YAAY;IAC3C,yBAAyB,EAAM,YAAY;IAC3C,oBAAoB,EAAW,YAAY;IAC3C,uBAAuB,EAAQ,YAAY;IAC3C,0BAA0B,EAAK,QAAQ;IACvC,2BAA2B,EAAI,QAAQ;IACvC,uBAAuB,EAAQ,QAAQ;IACvC,uBAAuB,EAAQ,QAAQ;IACvC,qBAAqB,EAAU,QAAQ;IACvC,gBAAgB,EAAe,aAAa;IAC5C,kBAAkB,EAAa,aAAa;IAC5C,4BAA4B,EAAG,aAAa;IAC5C,wBAAwB,EAAO,aAAa;IAC5C,2BAA2B,EAAI,aAAa;CAC7C,CAAC;AAEF,MAAM,iBAAiB,GAA6B;IAClD,6BAA6B,EAAE;QAC7B,uDAAuD;QACvD,uDAAuD;KACxD;IACD,yBAAyB,EAAE;QACzB,kDAAkD;QAClD,iEAAiE;KAClE;IACD,oBAAoB,EAAE;QACpB,mDAAmD;QACnD,4CAA4C;KAC7C;IACD,uBAAuB,EAAE;QACvB,uCAAuC;QACvC,8CAA8C;KAC/C;IACD,0BAA0B,EAAE;QAC1B,iDAAiD;QACjD,uDAAuD;KACxD;IACD,2BAA2B,EAAE;QAC3B,oDAAoD;QACpD,qDAAqD;KACtD;IACD,gBAAgB,EAAE;QAChB,4CAA4C;QAC5C,uDAAuD;KACxD;IACD,uBAAuB,EAAE;QACvB,0EAA0E;QAC1E,+CAA+C;KAChD;IACD,uBAAuB,EAAE;QACvB,kEAAkE;QAClE,oCAAoC;KACrC;IACD,qBAAqB,EAAE;QACrB,0DAA0D;QAC1D,8DAA8D;KAC/D;IACD,kBAAkB,EAAE;QAClB,6CAA6C;QAC7C,mCAAmC;KACpC;IACD,4BAA4B,EAAE;QAC5B,4DAA4D;QAC5D,oDAAoD;KACrD;IACD,wBAAwB,EAAE;QACxB,yDAAyD;QACzD,yCAAyC;KAC1C;IACD,2BAA2B,EAAE;QAC3B,yCAAyC;QACzC,4CAA4C;KAC7C;CACF,CAAC;AAYF,MAAM,aAAa,GAAkB;IACnC;QACE,OAAO,EAAE,eAAe;QACxB,OAAO,EAAE,CAAC,yBAAyB,EAAE,2BAA2B,EAAE,uBAAuB,EAAE,qBAAqB,CAAC;QACjH,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,eAAe;KACtC;IACD;QACE,OAAO,EAAE,QAAQ;QACjB,OAAO,EAAE,CAAC,yBAAyB,EAAE,2BAA2B,EAAE,qBAAqB,CAAC;QACxF,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC;KACrC;IACD;QACE,OAAO,EAAE,sBAAsB;QAC/B,OAAO,EAAE,CAAC,gBAAgB,EAAE,qBAAqB,EAAE,kBAAkB,CAAC;QACtE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,oBAAoB,CAAC;KACnD;IACD;QACE,OAAO,EAAE,wCAAwC;QACjD,OAAO,EAAE,CAAC,0BAA0B,CAAC;QACrC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CACb,CAAC,KAAK,cAAc;YACpB,CAAC,KAAK,mBAAmB;YACzB,CAAC,KAAK,WAAW;YACjB,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,OAAO,EAAE,gCAAgC;QACzC,OAAO,EAAE,CAAC,kBAAkB,CAAC;QAC7B,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,kBAAkB,CAAC;KAC7E;IACD;QACE,OAAO,EAAE,SAAS;QAClB,OAAO,EAAE,CAAC,2BAA2B,CAAC;QACtC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC;KACtC;IACD;QACE,OAAO,EAAE,4BAA4B;QACrC,OAAO,EAAE,CAAC,2BAA2B,EAAE,wBAAwB,CAAC;QAChE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC;KACxE;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,6BAA6B,EAAE,yBAAyB,CAAC,CAAC;AA0BrF,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,MAAM,UAAU,0BAA0B,CACxC,IAA6B;IAE7B,qBAAqB;IACrB,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;IACvC,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAAE,CAAC;QACpC,MAAM,YAAY,CAChB,wBAAwB,MAAM,CAAC,YAAY,CAAC,oCAAoC,EAChF,EAAE,YAAY,EAAE,YAAY,EAAE,CAC/B,CAAC;IACJ,CAAC;IACD,MAAM,SAAS,GAAG,YAAY,CAAC;IAE/B,wBAAwB;IACxB,MAAM,eAAe,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC;IAC7C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpE,MAAM,YAAY,CAChB,4EAA4E,EAC5E,EAAE,aAAa,EAAE,eAAe,EAAE,CACnC,CAAC;IACJ,CAAC;IAED,mCAAmC;IACnC,MAAM,eAAe,GAAa,EAAE,CAAC;IACrC,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QAClC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,YAAY,CAAC,kBAAkB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,qCAAqC,CAAC,CAAC;QACjG,CAAC;QACD,wCAAwC;QACxC,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAE3C,uBAAuB;QACvB,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAM,YAAY,CAChB,8CAA8C,UAAU,uCAAuC,EAC/F,EAAE,WAAW,EAAE,UAAU,EAAE,CAC5B,CAAC;QACJ,CAAC;QAED,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC;IAED,+CAA+C;IAC/C,MAAM,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC;IAC3C,MAAM,YAAY,GAChB,OAAO,cAAc,KAAK,QAAQ;QAChC,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;QAC9B,CAAC,CAAC,SAAS,CAAC;IAChB,KAAK,YAAY,CAAC,CAAC,0BAA0B;IAE7C,8EAA8E;IAC9E,0BAA0B;IAC1B,8EAA8E;IAE9E,mEAAmE;IACnE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAuB,CAAC;IACtD,MAAM,cAAc,GAAa,EAAE,CAAC;IAEpC,oEAAoE;IACpE,MAAM,mBAAmB,GAAG,IAAI,GAAG,EAAoB,CAAC;IAExD,KAAK,MAAM,QAAQ,IAAI,eAAe,EAAE,CAAC;QACvC,IAAI,iBAAiB,GAAG,KAAK,CAAC;QAE9B,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3B,iBAAiB,GAAG,IAAI,CAAC;gBACzB,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC3C,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBAC5C,CAAC;gBACD,mBAAmB,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAEtD,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBACpC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClC,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;oBAC1C,CAAC;oBACD,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,gBAAgB,GAAG,8BAA8B,CAAC;QACxD,mBAAmB,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC;QAC1D,KAAK,MAAM,QAAQ,IAAI,iBAAiB,EAAE,CAAC;YACzC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAClC,cAAc,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;YAC1C,CAAC;YACD,KAAK,MAAM,CAAC,IAAI,cAAc,EAAE,CAAC;gBAC/B,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,qCAAqC;IACrC,8EAA8E;IAE9E,MAAM,eAAe,GAAqB,EAAE,CAAC;IAC7C,KAAK,MAAM,CAAC,SAAS,EAAE,QAAQ,CAAC,IAAI,cAAc,EAAE,CAAC;QACnD,MAAM,SAAS,GAAG,CAAC,GAAG,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;QACvC,MAAM,aAAa,GAAG,eAAe,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC;QAC9D,MAAM,QAAQ,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI,QAAQ,CAAC;QAC1D,MAAM,MAAM,GACV,SAAS,CAAC,MAAM,KAAK,CAAC;YACpB,CAAC,CAAC,aAAa,SAAS,CAAC,CAAC,CAAC,mCAAmC;YAC9D,CAAC,CAAC,aAAa,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,mCAAmC,CAAC;QAChG,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,SAAS,CAAC,IAAI;YACvD,8CAA8C;SAC/C,CAAC;QAEF,eAAe,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACzF,CAAC;IAED,2DAA2D;IAC3D,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC5B,MAAM,QAAQ,GAAmC,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC;QAC9F,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC5D,OAAO,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,8EAA8E;IAC9E,oBAAoB;IACpB,8EAA8E;IAE9E,MAAM,WAAW,GAAuB,EAAE,CAAC;IAC3C,KAAK,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,IAAI,mBAAmB,EAAE,CAAC;QAC1D,mCAAmC;QACnC,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;QAC5C,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,IAAI,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;gBAC7B,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO;oBAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QACD,wBAAwB;QACxB,IAAI,OAAO,KAAK,8BAA8B,EAAE,CAAC;YAC/C,KAAK,MAAM,CAAC,IAAI,iBAAiB;gBAAE,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC9D,CAAC;QACD,WAAW,CAAC,IAAI,CAAC;YACf,OAAO;YACP,YAAY,EAAE,CAAC,GAAG,YAAY,CAAC,CAAC,IAAI,EAAE;YACtC,OAAO,EAAE,CAAC,GAAG,iBAAiB,CAAC,CAAC,IAAI,EAAE;SACvC,CAAC,CAAC;IACL,CAAC;IAED,8EAA8E;IAC9E,kBAAkB;IAClB,8EAA8E;IAE9E,MAAM,aAAa,GAAG,eAAe;SAClC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,YAAY,CAAC;SAC1C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC3B,MAAM,SAAS,GAAG,eAAe;SAC9B,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;SACtC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC3B,MAAM,cAAc,GAAG,eAAe;SACnC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,aAAa,CAAC;SAC3C,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAE3B,MAAM,SAAS,GAAa,EAAE,CAAC;IAE/B,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,SAAS,CAAC,IAAI,CACZ,+BAA+B,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,gFAAgF,CACxI,CAAC;IACJ,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,SAAS,CAAC,IAAI,CACZ,6BAA6B,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,sEAAsE,CACxH,CAAC;IACJ,CAAC;IACD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,SAAS,CAAC,IAAI,CACZ,+BAA+B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,0EAA0E,CACnI,CAAC;IACJ,CAAC;IAED,IAAI,SAAS,KAAK,IAAI,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QAC7C,SAAS,CAAC,IAAI,CACZ,cAAc,SAAS,0EAA0E,CAClG,CAAC;IACJ,CAAC;IACD,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACvB,SAAS,CAAC,IAAI,CACZ,oFAAoF,CACrF,CAAC;IACJ,CAAC;IAED,SAAS,CAAC,IAAI,CACZ,uFAAuF,CACxF,CAAC;IAEF,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC;AACrD,CAAC"}

package/dist/tools/map-review-scope.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/tools/map-review-scope.test.js

@@ -0,0 +1,204 @@
+import { describe, it, expect } from "vitest";
+import { handleMapSbdToeReviewScope } from "./map-review-scope.js";
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function call(args) {
+    return handleMapSbdToeReviewScope(args);
+}
+function bundleIds(result) {
+    return result.bundlesToReview.map((b) => b.chapterId);
+}
+// ---------------------------------------------------------------------------
+// Validation — path traversal & input errors
+// ---------------------------------------------------------------------------
+describe("handleMapSbdToeReviewScope — validation", () => {
+    it("throws rpcError -32602 for path with '..'", () => {
+        let err;
+        try {
+            call({ changedFiles: ["../etc/passwd"], riskLevel: "L1" });
+        }
+        catch (e) {
+            err = e;
+        }
+        expect(err).toBeInstanceOf(Error);
+        expect(err.rpcError?.code).toBe(-32602);
+        expect(err.message).toContain("..");
+    });
+    it("throws rpcError -32602 for path with embedded '..'", () => {
+        let err;
+        try {
+            call({ changedFiles: ["src/../config.ts"], riskLevel: "L1" });
+        }
+        catch (e) {
+            err = e;
+        }
+        expect(err).toBeInstanceOf(Error);
+        expect(err.rpcError?.code).toBe(-32602);
+    });
+    it("throws rpcError -32602 for empty changedFiles array", () => {
+        let err;
+        try {
+            call({ changedFiles: [], riskLevel: "L1" });
+        }
+        catch (e) {
+            err = e;
+        }
+        expect(err).toBeInstanceOf(Error);
+        expect(err.rpcError?.code).toBe(-32602);
+    });
+    it("throws rpcError -32602 for invalid riskLevel", () => {
+        let err;
+        try {
+            call({ changedFiles: ["src/index.ts"], riskLevel: "L9" });
+        }
+        catch (e) {
+            err = e;
+        }
+        expect(err).toBeInstanceOf(Error);
+        expect(err.rpcError?.code).toBe(-32602);
+    });
+    it("throws rpcError -32602 when changedFiles is missing", () => {
+        let err;
+        try {
+            call({ riskLevel: "L1" });
+        }
+        catch (e) {
+            err = e;
+        }
+        expect(err).toBeInstanceOf(Error);
+        expect(err.rpcError?.code).toBe(-32602);
+    });
+});
+// ---------------------------------------------------------------------------
+// Path mapping
+// ---------------------------------------------------------------------------
+describe("handleMapSbdToeReviewScope — path mapping", () => {
+    it("src/index.ts + .github/workflows/ci.yml (L2) → 06-desenvolvimento-seguro and 07-cicd-seguro", () => {
+        const result = call({
+            changedFiles: ["src/index.ts", ".github/workflows/ci.yml"],
+            riskLevel: "L2"
+        });
+        const ids = bundleIds(result);
+        expect(ids).toContain("06-desenvolvimento-seguro");
+        expect(ids).toContain("07-cicd-seguro");
+    });
+    it("package.json (L1) → 05-dependencias-sbom-sca", () => {
+        const result = call({ changedFiles: ["package.json"], riskLevel: "L1" });
+        expect(bundleIds(result)).toContain("05-dependencias-sbom-sca");
+    });
+    it("src/config.ts → includes 08-iac-infraestrutura (specific rule)", () => {
+        const result = call({ changedFiles: ["src/config.ts"], riskLevel: "L1" });
+        expect(bundleIds(result)).toContain("08-iac-infraestrutura");
+    });
+    it("docs/readme.md → 14-governanca-contratacao", () => {
+        const result = call({ changedFiles: ["docs/readme.md"], riskLevel: "L1" });
+        expect(bundleIds(result)).toContain("14-governanca-contratacao");
+    });
+    it("yarn.lock → 05-dependencias-sbom-sca", () => {
+        const result = call({ changedFiles: ["yarn.lock"], riskLevel: "L1" });
+        expect(bundleIds(result)).toContain("05-dependencias-sbom-sca");
+    });
+    it("release/v1.0.tar.gz → 11-deploy-seguro", () => {
+        const result = call({ changedFiles: ["release/v1.0.tar.gz"], riskLevel: "L1" });
+        expect(bundleIds(result)).toContain("11-deploy-seguro");
+    });
+    it(".github/skills/sbd-toe-skill/SKILL.md → 13-formacao-onboarding and 14-governanca-contratacao", () => {
+        const result = call({ changedFiles: [".github/skills/sbd-toe-skill/SKILL.md"], riskLevel: "L1" });
+        const ids = bundleIds(result);
+        expect(ids).toContain("13-formacao-onboarding");
+        expect(ids).toContain("14-governanca-contratacao");
+    });
+    it("unmapped path triggers guardrail bundles", () => {
+        const result = call({ changedFiles: ["random/unknown/file.txt"], riskLevel: "L1" });
+        const ids = bundleIds(result);
+        expect(ids).toContain("01-classificacao-aplicacoes");
+        expect(ids).toContain("02-requisitos-seguranca");
+    });
+});
+// ---------------------------------------------------------------------------
+// Deduplication
+// ---------------------------------------------------------------------------
+describe("handleMapSbdToeReviewScope — deduplication", () => {
+    it("bundle activated by multiple paths appears only once", () => {
+        const result = call({
+            changedFiles: ["src/index.ts", "src/config.ts", "src/tools/structured-tools.ts"],
+            riskLevel: "L1"
+        });
+        const ids = bundleIds(result);
+        const uniqueIds = new Set(ids);
+        expect(ids.length).toBe(uniqueIds.size);
+    });
+    it("reason mentions multiple files when applicable", () => {
+        const result = call({
+            changedFiles: ["src/index.ts", "src/tools/structured-tools.ts"],
+            riskLevel: "L1"
+        });
+        const devBundle = result.bundlesToReview.find((b) => b.chapterId === "06-desenvolvimento-seguro");
+        expect(devBundle).toBeDefined();
+        // reason should mention both files
+        expect(devBundle?.reason).toContain("src/index.ts");
+        expect(devBundle?.reason).toContain("src/tools/structured-tools.ts");
+    });
+});
+// ---------------------------------------------------------------------------
+// Output structure
+// ---------------------------------------------------------------------------
+describe("handleMapSbdToeReviewScope — output structure", () => {
+    it("each bundle entry has required fields", () => {
+        const result = call({
+            changedFiles: ["src/index.ts", "package.json"],
+            riskLevel: "L2"
+        });
+        for (const bundle of result.bundlesToReview) {
+            expect(typeof bundle.chapterId).toBe("string");
+            expect(typeof bundle.readableTitle).toBe("string");
+            expect(["foundation", "domain", "operational"]).toContain(bundle.category);
+            expect(typeof bundle.reason).toBe("string");
+            expect(bundle.expectedEvidence.length).toBeGreaterThan(0);
+        }
+    });
+    it("pathMapping covers matched patterns", () => {
+        const result = call({
+            changedFiles: ["src/index.ts", ".github/workflows/ci.yml", "package.json"],
+            riskLevel: "L1"
+        });
+        expect(result.pathMapping.length).toBeGreaterThanOrEqual(3);
+    });
+    it("nextSteps is non-empty", () => {
+        const result = call({ changedFiles: ["src/index.ts"], riskLevel: "L1" });
+        expect(result.nextSteps.length).toBeGreaterThan(0);
+    });
+    it("nextSteps mentions L2+ security tests for L2", () => {
+        const result = call({ changedFiles: ["src/index.ts"], riskLevel: "L2" });
+        const hasL2Step = result.nextSteps.some((s) => s.includes("L2") && s.includes("SAST"));
+        expect(hasL2Step).toBe(true);
+    });
+    it("nextSteps mentions L3 approval for L3", () => {
+        const result = call({ changedFiles: ["src/index.ts"], riskLevel: "L3" });
+        const hasL3Step = result.nextSteps.some((s) => s.includes("L3") && s.includes("aprovação"));
+        expect(hasL3Step).toBe(true);
+    });
+});
+// ---------------------------------------------------------------------------
+// Cross-platform paths
+// ---------------------------------------------------------------------------
+describe("handleMapSbdToeReviewScope — cross-platform paths", () => {
+    it("normalizes Windows-style backslashes before matching", () => {
+        const result = call({
+            changedFiles: ["src\\index.ts"],
+            riskLevel: "L1"
+        });
+        expect(bundleIds(result)).toContain("06-desenvolvimento-seguro");
+    });
+});
+// ---------------------------------------------------------------------------
+// diffSummary truncation
+// ---------------------------------------------------------------------------
+describe("handleMapSbdToeReviewScope — diffSummary", () => {
+    it("accepts diffSummary without error, truncated silently", () => {
+        const longSummary = "x".repeat(1000);
+        expect(() => call({ changedFiles: ["src/index.ts"], riskLevel: "L1", diffSummary: longSummary })).not.toThrow();
+    });
+});
+//# sourceMappingURL=map-review-scope.test.js.map

package/dist/tools/map-review-scope.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"map-review-scope.test.js","sourceRoot":"","sources":["../../src/tools/map-review-scope.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AAEnE,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,IAAI,CAAC,IAA6B;IACzC,OAAO,0BAA0B,CAAC,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED,SAAS,SAAS,CAAC,MAA+B;IAChD,OAAO,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;AACxD,CAAC;AAED,8EAA8E;AAC9E,6CAA6C;AAC7C,8EAA8E;AAE9E,QAAQ,CAAC,yCAAyC,EAAE,GAAG,EAAE;IACvD,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,IAAI,GAAY,CAAC;QACjB,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,eAAe,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,GAAG,GAAG,CAAC,CAAC;QACV,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAClC,MAAM,CAAE,GAA+C,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC;QACrF,MAAM,CAAE,GAAa,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,IAAI,GAAY,CAAC;QACjB,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,kBAAkB,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,GAAG,GAAG,CAAC,CAAC;QACV,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAClC,MAAM,CAAE,GAA+C,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC;IACvF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,IAAI,GAAY,CAAC;QACjB,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,GAAG,GAAG,CAAC,CAAC;QACV,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAClC,MAAM,CAAE,GAA+C,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC;IACvF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,IAAI,GAAY,CAAC;QACjB,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,GAAG,GAAG,CAAC,CAAC;QACV,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAClC,MAAM,CAAE,GAA+C,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC;IACvF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,IAAI,GAAY,CAAC;QACjB,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5B,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,GAAG,GAAG,CAAC,CAAC;QACV,CAAC;QACD,MAAM,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAClC,MAAM,CAAE,GAA+C,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC;IACvF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,QAAQ,CAAC,2CAA2C,EAAE,GAAG,EAAE;IACzD,EAAE,CAAC,6FAA6F,EAAE,GAAG,EAAE;QACrG,MAAM,MAAM,GAAG,IAAI,CAAC;YAClB,YAAY,EAAE,CAAC,cAAc,EAAE,0BAA0B,CAAC;YAC1D,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,2BAA2B,CAAC,CAAC;QACnD,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,eAAe,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1E,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3E,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,2BAA2B,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,WAAW,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,qBAAqB,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChF,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8FAA8F,EAAE,GAAG,EAAE;QACtG,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,uCAAuC,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAClG,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,wBAAwB,CAAC,CAAC;QAChD,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,2BAA2B,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,yBAAyB,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpF,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QAC9B,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,6BAA6B,CAAC,CAAC;QACrD,MAAM,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,QAAQ,CAAC,4CAA4C,EAAE,GAAG,EAAE;IAC1D,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,MAAM,GAAG,IAAI,CAAC;YAClB,YAAY,EAAE,CAAC,cAAc,EAAE,eAAe,EAAE,+BAA+B,CAAC;YAChF,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;QAC9B,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC;YAClB,YAAY,EAAE,CAAC,cAAc,EAAE,+BAA+B,CAAC;YAC/D,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,CAC3C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,KAAK,2BAA2B,CACnD,CAAC;QACF,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;QAChC,mCAAmC;QACnC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QACpD,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,SAAS,CAAC,+BAA+B,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,QAAQ,CAAC,+CAA+C,EAAE,GAAG,EAAE;IAC7D,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC;YAClB,YAAY,EAAE,CAAC,cAAc,EAAE,cAAc,CAAC;YAC9C,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;QACH,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;YAC5C,MAAM,CAAC,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC/C,MAAM,CAAC,OAAO,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACnD,MAAM,CAAC,CAAC,YAAY,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAC3E,MAAM,CAAC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YAC5C,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,MAAM,GAAG,IAAI,CAAC;YAClB,YAAY,EAAE,CAAC,cAAc,EAAE,0BAA0B,EAAE,cAAc,CAAC;YAC1E,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzE,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzE,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;QACvF,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzE,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;QAC5F,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E,QAAQ,CAAC,mDAAmD,EAAE,GAAG,EAAE;IACjE,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,MAAM,GAAG,IAAI,CAAC;YAClB,YAAY,EAAE,CAAC,eAAe,CAAC;YAC/B,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC;QACH,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,2BAA2B,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,8EAA8E;AAC9E,yBAAyB;AACzB,8EAA8E;AAE9E,QAAQ,CAAC,0CAA0C,EAAE,GAAG,EAAE;IACxD,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,MAAM,WAAW,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,CAAC,GAAG,EAAE,CACV,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,cAAc,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC,CACpF,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/tools/plan-repo-governance.d.ts

@@ -0,0 +1,41 @@
+declare const VALID_RISK_LEVELS: readonly ["L1", "L2", "L3"];
+declare const VALID_SCALES: readonly ["startup", "mid-size", "enterprise"];
+declare const VALID_ENFORCEMENT_LEVELS: readonly ["advisory", "enforced", "strict"];
+type RiskLevel = (typeof VALID_RISK_LEVELS)[number];
+type Scale = (typeof VALID_SCALES)[number];
+type EnforcementLevel = (typeof VALID_ENFORCEMENT_LEVELS)[number];
+type ControlCategory = "access" | "code-quality" | "supply-chain" | "secrets" | "ci-cd" | "audit";
+interface Control {
+    controlId: string;
+    description: string;
+    category: ControlCategory;
+    rationale: string;
+}
+interface BaselineCheckpoint {
+    phase: string;
+    actions: string[];
+    tooling?: string[];
+}
+interface EvidenceItem {
+    item: string;
+    category: string;
+    requiredFor: RiskLevel[];
+}
+interface Gap {
+    area: string;
+    risk: string;
+    mitigation: string;
+}
+export declare function handlePlanRepoGovernance(args: Record<string, unknown>): {
+    applicableControls: Control[];
+    mandatoryControls: string[];
+    recommendedControls: string[];
+    baselineCheckpoints: BaselineCheckpoint[];
+    evidenceChecklist: EvidenceItem[];
+    gaps: Gap[];
+    platformSpecific: {
+        recommendations: string;
+    };
+};
+export type { Control, BaselineCheckpoint, EvidenceItem, Gap };
+export type { Scale, EnforcementLevel };