npm - @skillsmith/core - Versions diffs - 0.4.10 → 0.4.12 - Mend

@skillsmith/core 0.4.10 → 0.4.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (130) hide show

package/dist/src/repositories/quarantine/ApprovalRepository.js ADDED Viewed

@@ -0,0 +1,212 @@
+/**
+ * SMI-2277: Approval Repository
+ *
+ * Persists multi-approval state to SQLite instead of in-memory Map.
+ * This ensures pending approvals survive service restarts.
+ *
+ * @module @skillsmith/core/repositories/quarantine/ApprovalRepository
+ */
+import { randomUUID } from 'crypto';
+import { initializeQuarantineApprovalsSchema } from '../../db/quarantine-approvals-schema.js';
+// ============================================================================
+// SQL Queries
+// ============================================================================
+const INSERT_APPROVAL_QUERY = `
+  INSERT INTO quarantine_approvals (
+    id, skill_id, reviewer_id, reviewer_email, decision, reason,
+    created_at, required_approvals, is_complete
+  )
+  VALUES (?, ?, ?, ?, ?, ?, datetime('now') || 'Z', ?, 0)
+`;
+const SELECT_BY_SKILL_ID_QUERY = `
+  SELECT * FROM quarantine_approvals
+  WHERE skill_id = ?
+  ORDER BY created_at ASC
+`;
+const SELECT_PENDING_BY_SKILL_ID_QUERY = `
+  SELECT * FROM quarantine_approvals
+  WHERE skill_id = ? AND is_complete = 0
+  ORDER BY created_at ASC
+`;
+const COUNT_PENDING_APPROVALS_QUERY = `
+  SELECT COUNT(*) as count FROM quarantine_approvals
+  WHERE skill_id = ? AND is_complete = 0 AND decision = 'approved'
+`;
+const CHECK_REVIEWER_EXISTS_QUERY = `
+  SELECT id FROM quarantine_approvals
+  WHERE skill_id = ? AND reviewer_id = ? AND is_complete = 0
+`;
+const MARK_COMPLETE_QUERY = `
+  UPDATE quarantine_approvals
+  SET is_complete = 1, completed_at = datetime('now') || 'Z'
+  WHERE skill_id = ? AND is_complete = 0
+`;
+const DELETE_BY_SKILL_ID_QUERY = `
+  DELETE FROM quarantine_approvals WHERE skill_id = ?
+`;
+const SELECT_FIRST_PENDING_QUERY = `
+  SELECT created_at FROM quarantine_approvals
+  WHERE skill_id = ? AND is_complete = 0
+  ORDER BY created_at ASC
+  LIMIT 1
+`;
+// ============================================================================
+// Repository Implementation
+// ============================================================================
+/**
+ * Repository for persisting multi-approval workflow state.
+ *
+ * Replaces the in-memory Map<string, MultiApprovalStatus> with
+ * database-backed storage to survive service restarts.
+ *
+ * @example
+ * ```typescript
+ * const repo = new ApprovalRepository(db)
+ *
+ * // Record a reviewer's approval
+ * repo.recordApproval({
+ *   skillId: 'quarantine-123',
+ *   reviewerId: 'user-456',
+ *   reviewerRole: 'reviewer@example.com',
+ *   decision: 'approved',
+ *   reason: 'Code verified safe',
+ * })
+ *
+ * // Check if enough approvals have been collected
+ * const complete = repo.isComplete('quarantine-123')
+ * ```
+ */
+export class ApprovalRepository {
+    db;
+    constructor(db) {
+        this.db = db;
+        this.ensureTableExists();
+    }
+    /**
+     * Ensure the quarantine_approvals table exists
+     */
+    ensureTableExists() {
+        initializeQuarantineApprovalsSchema(this.db);
+    }
+    /**
+     * Record a new approval or rejection for a quarantine entry
+     *
+     * @param input - Approval details
+     * @returns The created approval entry
+     * @throws Error if reviewer has already submitted for this skill
+     */
+    recordApproval(input) {
+        const id = randomUUID();
+        const requiredApprovals = input.requiredApprovals ?? 2;
+        this.db
+            .prepare(INSERT_APPROVAL_QUERY)
+            .run(id, input.skillId, input.reviewerId, input.reviewerEmail, input.decision, input.reason ?? null, requiredApprovals);
+        const row = this.db
+            .prepare('SELECT * FROM quarantine_approvals WHERE id = ?')
+            .get(id);
+        return rowToEntry(row);
+    }
+    /**
+     * Get all approvals for a quarantine entry (both pending and complete)
+     *
+     * @param skillId - The quarantine entry ID
+     * @returns All approval entries for this skill
+     */
+    getApprovals(skillId) {
+        const rows = this.db.prepare(SELECT_BY_SKILL_ID_QUERY).all(skillId);
+        return rows.map(rowToEntry);
+    }
+    /**
+     * Get only pending (non-complete) approvals for a quarantine entry
+     *
+     * @param skillId - The quarantine entry ID
+     * @returns Pending approval entries
+     */
+    getPendingApprovals(skillId) {
+        const rows = this.db.prepare(SELECT_PENDING_BY_SKILL_ID_QUERY).all(skillId);
+        return rows.map(rowToEntry);
+    }
+    /**
+     * Check if a specific reviewer has already submitted for a skill
+     *
+     * @param skillId - The quarantine entry ID
+     * @param reviewerId - The reviewer's user ID
+     * @returns True if the reviewer already has a pending approval
+     */
+    hasReviewerApproved(skillId, reviewerId) {
+        const row = this.db.prepare(CHECK_REVIEWER_EXISTS_QUERY).get(skillId, reviewerId);
+        return !!row;
+    }
+    /**
+     * Check if the required number of approvals have been reached
+     *
+     * @param skillId - The quarantine entry ID
+     * @param requiredApprovals - Number of approvals needed (default: 2)
+     * @returns True if approval count meets or exceeds required
+     */
+    isComplete(skillId, requiredApprovals = 2) {
+        const { count } = this.db.prepare(COUNT_PENDING_APPROVALS_QUERY).get(skillId);
+        return count >= requiredApprovals;
+    }
+    /**
+     * Mark all pending approvals for a skill as complete
+     *
+     * @param skillId - The quarantine entry ID
+     * @returns Number of rows updated
+     */
+    markComplete(skillId) {
+        const result = this.db.prepare(MARK_COMPLETE_QUERY).run(skillId);
+        return result.changes;
+    }
+    /**
+     * Delete all approvals for a skill (for cleanup/reset/cancellation)
+     *
+     * @param skillId - The quarantine entry ID
+     * @returns Number of rows deleted
+     */
+    clearApprovals(skillId) {
+        const result = this.db.prepare(DELETE_BY_SKILL_ID_QUERY).run(skillId);
+        return result.changes;
+    }
+    /**
+     * Get the timestamp of the first pending approval for timeout checks
+     *
+     * @param skillId - The quarantine entry ID
+     * @returns ISO date string of the first approval, or null if none
+     */
+    getWorkflowStartTime(skillId) {
+        const row = this.db.prepare(SELECT_FIRST_PENDING_QUERY).get(skillId);
+        return row?.created_at ?? null;
+    }
+    /**
+     * Get the count of pending approvals for a skill
+     *
+     * @param skillId - The quarantine entry ID
+     * @returns Count of pending approved entries
+     */
+    getPendingApprovalCount(skillId) {
+        const { count } = this.db.prepare(COUNT_PENDING_APPROVALS_QUERY).get(skillId);
+        return count;
+    }
+}
+// ============================================================================
+// Helpers
+// ============================================================================
+/**
+ * Convert a database row to a domain object
+ */
+function rowToEntry(row) {
+    return {
+        id: row.id,
+        skillId: row.skill_id,
+        reviewerId: row.reviewer_id,
+        reviewerEmail: row.reviewer_email,
+        decision: row.decision,
+        reason: row.reason,
+        createdAt: row.created_at,
+        completedAt: row.completed_at,
+        requiredApprovals: row.required_approvals,
+        isComplete: row.is_complete === 1,
+    };
+}
+//# sourceMappingURL=ApprovalRepository.js.map

package/dist/src/repositories/quarantine/ApprovalRepository.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ApprovalRepository.js","sourceRoot":"","sources":["../../../../src/repositories/quarantine/ApprovalRepository.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAA;AACnC,OAAO,EAAE,mCAAmC,EAAE,MAAM,yCAAyC,CAAA;AAkD7F,+EAA+E;AAC/E,cAAc;AACd,+EAA+E;AAE/E,MAAM,qBAAqB,GAAG;;;;;;CAM7B,CAAA;AAED,MAAM,wBAAwB,GAAG;;;;CAIhC,CAAA;AAED,MAAM,gCAAgC,GAAG;;;;CAIxC,CAAA;AAED,MAAM,6BAA6B,GAAG;;;CAGrC,CAAA;AAED,MAAM,2BAA2B,GAAG;;;CAGnC,CAAA;AAED,MAAM,mBAAmB,GAAG;;;;CAI3B,CAAA;AAED,MAAM,wBAAwB,GAAG;;CAEhC,CAAA;AAED,MAAM,0BAA0B,GAAG;;;;;CAKlC,CAAA;AAED,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,OAAO,kBAAkB;IACrB,EAAE,CAAc;IAExB,YAAY,EAAgB;QAC1B,IAAI,CAAC,EAAE,GAAG,EAAE,CAAA;QACZ,IAAI,CAAC,iBAAiB,EAAE,CAAA;IAC1B,CAAC;IAED;;OAEG;IACK,iBAAiB;QACvB,mCAAmC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC9C,CAAC;IAED;;;;;;OAMG;IACH,cAAc,CAAC,KAA0B;QACvC,MAAM,EAAE,GAAG,UAAU,EAAE,CAAA;QACvB,MAAM,iBAAiB,GAAG,KAAK,CAAC,iBAAiB,IAAI,CAAC,CAAA;QAEtD,IAAI,CAAC,EAAE;aACJ,OAAO,CAAC,qBAAqB,CAAC;aAC9B,GAAG,CACF,EAAE,EACF,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,UAAU,EAChB,KAAK,CAAC,aAAa,EACnB,KAAK,CAAC,QAAQ,EACd,KAAK,CAAC,MAAM,IAAI,IAAI,EACpB,iBAAiB,CAClB,CAAA;QAEH,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAAC,iDAAiD,CAAC;aAC1D,GAAG,CAAC,EAAE,CAAgB,CAAA;QAEzB,OAAO,UAAU,CAAC,GAAG,CAAC,CAAA;IACxB,CAAC;IAED;;;;;OAKG;IACH,YAAY,CAAC,OAAe;QAC1B,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC,GAAG,CAAC,OAAO,CAAkB,CAAA;QAEpF,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;IAC7B,CAAC;IAED;;;;;OAKG;IACH,mBAAmB,CAAC,OAAe;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,gCAAgC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAkB,CAAA;QAE5F,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;IAC7B,CAAC;IAED;;;;;;OAMG;IACH,mBAAmB,CAAC,OAAe,EAAE,UAAkB;QACrD,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC,CAAA;QAEjF,OAAO,CAAC,CAAC,GAAG,CAAA;IACd,CAAC;IAED;;;;;;OAMG;IACH,UAAU,CAAC,OAAe,EAAE,oBAA4B,CAAC;QACvD,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC,GAAG,CAAC,OAAO,CAE3E,CAAA;QAED,OAAO,KAAK,IAAI,iBAAiB,CAAA;IACnC,CAAC;IAED;;;;;OAKG;IACH,YAAY,CAAC,OAAe;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAEhE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED;;;;;OAKG;IACH,cAAc,CAAC,OAAe;QAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAErE,OAAO,MAAM,CAAC,OAAO,CAAA;IACvB,CAAC;IAED;;;;;OAKG;IACH,oBAAoB,CAAC,OAAe;QAClC,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC,GAAG,CAAC,OAAO,CAEtD,CAAA;QAEb,OAAO,GAAG,EAAE,UAAU,IAAI,IAAI,CAAA;IAChC,CAAC;IAED;;;;;OAKG;IACH,uBAAuB,CAAC,OAAe;QACrC,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC,GAAG,CAAC,OAAO,CAE3E,CAAA;QAED,OAAO,KAAK,CAAA;IACd,CAAC;CACF;AAED,+EAA+E;AAC/E,UAAU;AACV,+EAA+E;AAE/E;;GAEG;AACH,SAAS,UAAU,CAAC,GAAgB;IAClC,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAE;QACV,OAAO,EAAE,GAAG,CAAC,QAAQ;QACrB,UAAU,EAAE,GAAG,CAAC,WAAW;QAC3B,aAAa,EAAE,GAAG,CAAC,cAAc;QACjC,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,SAAS,EAAE,GAAG,CAAC,UAAU;QACzB,WAAW,EAAE,GAAG,CAAC,YAAY;QAC7B,iBAAiB,EAAE,GAAG,CAAC,kBAAkB;QACzC,UAAU,EAAE,GAAG,CAAC,WAAW,KAAK,CAAC;KAClC,CAAA;AACH,CAAC"}

package/dist/src/repositories/quarantine/index.d.ts CHANGED Viewed

@@ -7,4 +7,6 @@ export * from './types.js';
 export * from './queries.js';
 export * from './query-builder.js';
 export { QuarantineRepository } from './QuarantineRepository.js';
+export { ApprovalRepository } from './ApprovalRepository.js';
+export type { ApprovalRow, ApprovalEntry, RecordApprovalInput } from './ApprovalRepository.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/repositories/quarantine/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/repositories/quarantine/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,YAAY,CAAA;AAC1B,cAAc,cAAc,CAAA;AAC5B,cAAc,oBAAoB,CAAA;AAClC,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/repositories/quarantine/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,YAAY,CAAA;AAC1B,cAAc,cAAc,CAAA;AAC5B,cAAc,oBAAoB,CAAA;AAClC,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAC5D,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAA"}

package/dist/src/repositories/quarantine/index.js CHANGED Viewed

@@ -7,4 +7,5 @@ export * from './types.js';
 export * from './queries.js';
 export * from './query-builder.js';
 export { QuarantineRepository } from './QuarantineRepository.js';
+export { ApprovalRepository } from './ApprovalRepository.js';
 //# sourceMappingURL=index.js.map

package/dist/src/repositories/quarantine/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/repositories/quarantine/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,YAAY,CAAA;AAC1B,cAAc,cAAc,CAAA;AAC5B,cAAc,oBAAoB,CAAA;AAClC,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/repositories/quarantine/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,cAAc,YAAY,CAAA;AAC1B,cAAc,cAAc,CAAA;AAC5B,cAAc,oBAAoB,CAAA;AAClC,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA"}

package/dist/src/security/audit-types.d.ts CHANGED Viewed

@@ -7,7 +7,7 @@
 /**
  * Types of security events that are audited
  */
-export type AuditEventType = 'url_fetch' | 'file_access' | 'skill_install' | 'skill_uninstall' | 'security_scan' | 'cache_operation' | 'source_sync' | 'config_change' | 'quarantine_authenticated_review' | 'quarantine_multi_approval' | 'quarantine_multi_approval_complete' | 'quarantine_multi_approval_cancelled' | 'security_feature_flag_override';
+export type AuditEventType = 'url_fetch' | 'file_access' | 'skill_install' | 'skill_uninstall' | 'security_scan' | 'cache_operation' | 'source_sync' | 'config_change' | 'quarantine_authenticated_review' | 'quarantine_multi_approval' | 'quarantine_multi_approval_complete' | 'quarantine_multi_approval_cancelled' | 'quarantine_multi_approval_timeout' | 'security_feature_flag_override';
 /**
  * Actor performing the action
  */

package/dist/src/security/audit-types.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"audit-types.d.ts","sourceRoot":"","sources":["../../../src/security/audit-types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,WAAW,GACX,aAAa,GACb,eAAe,GACf,iBAAiB,GACjB,eAAe,GACf,iBAAiB,GACjB,aAAa,GACb,eAAe,GAEf,iCAAiC,GACjC,2BAA2B,GAC3B,oCAAoC,GACpC,qCAAqC,~~GAErC~~,gCAAgC,CAAA;AAEpC;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,UAAU,CAAA;AAE/E;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,SAAS,GAAG,OAAO,GAAG,SAAS,CAAA;AAErE;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,cAAc,CAAA;IAC1B,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,UAAU,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,WAAW,CAAA;IACnB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,cAAc,CAAA;IAC1B,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,UAAU,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,WAAW,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAClC,UAAU,EAAE,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,CAAC,EAAE,cAAc,CAAA;IAC3B,KAAK,CAAC,EAAE,UAAU,CAAA;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,MAAM,CAAC,EAAE,WAAW,CAAA;IACpB,KAAK,CAAC,EAAE,IAAI,CAAA;IACZ,KAAK,CAAC,EAAE,IAAI,CAAA;IACZ,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED;;GAEG;AACH,eAAO,MAAM,kBAAkB,IAAI,CAAA;AAEnC;;GAEG;AACH,eAAO,MAAM,kBAAkB,OAAO,CAAA;AAEtC;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;OAGG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;IAErB;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAA;IAC9C,gBAAgB,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAA;IAC7C,cAAc,EAAE,MAAM,CAAA;IACtB,YAAY,EAAE,MAAM,CAAA;IACpB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;CAC5B"}
1	+ {"version":3,"file":"audit-types.d.ts","sourceRoot":"","sources":["../../../src/security/audit-types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;GAEG;AACH,MAAM,MAAM,cAAc,GACtB,WAAW,GACX,aAAa,GACb,eAAe,GACf,iBAAiB,GACjB,eAAe,GACf,iBAAiB,GACjB,aAAa,GACb,eAAe,GAEf,iCAAiC,GACjC,2BAA2B,GAC3B,oCAAoC,GACpC,qCAAqC,GACrC,mCAAmC,GAEnC,gCAAgC,CAAA;AAEpC;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAAG,SAAS,GAAG,UAAU,CAAA;AAE/E;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,SAAS,GAAG,OAAO,GAAG,SAAS,CAAA;AAErE;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,cAAc,CAAA;IAC1B,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,UAAU,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,WAAW,CAAA;IACnB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAA;IACV,UAAU,EAAE,cAAc,CAAA;IAC1B,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,UAAU,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,WAAW,CAAA;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAClC,UAAU,EAAE,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,UAAU,CAAC,EAAE,cAAc,CAAA;IAC3B,KAAK,CAAC,EAAE,UAAU,CAAA;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,MAAM,CAAC,EAAE,WAAW,CAAA;IACpB,KAAK,CAAC,EAAE,IAAI,CAAA;IACZ,KAAK,CAAC,EAAE,IAAI,CAAA;IACZ,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED;;GAEG;AACH,eAAO,MAAM,kBAAkB,IAAI,CAAA;AAEnC;;GAEG;AACH,eAAO,MAAM,kBAAkB,OAAO,CAAA;AAEtC;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC;;;OAGG;IACH,WAAW,CAAC,EAAE,OAAO,CAAA;IAErB;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,CAAA;IAC9C,gBAAgB,EAAE,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAA;IAC7C,cAAc,EAAE,MAAM,CAAA;IACtB,YAAY,EAAE,MAAM,CAAA;IACpB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;CAC5B"}

package/dist/src/security/audit-types.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"audit-types.js","sourceRoot":"","sources":["../../../src/security/audit-types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;~~AA4EH~~;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAA;AAEnC;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,CAAA,CAAC,WAAW"}
1	+ {"version":3,"file":"audit-types.js","sourceRoot":"","sources":["../../../src/security/audit-types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AA6EH;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAA;AAEnC;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,CAAA,CAAC,WAAW"}

package/dist/src/security/scanner/SecurityScanner.formatters.js CHANGED Viewed

@@ -19,7 +19,7 @@ export function toMinimalRefs(report) {
     return report.findings.map((finding) => {
         const line = finding.lineNumber ?? 0;
         const severity = finding.severity.toUpperCase();
-        const message = finding.message.replace(/"/g, '\\"');
+        const message = finding.message.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
         // Format: skill_id:line:severity:type:message
         return `${report.skillId}:${line}:${severity}:${finding.type}:${message}`;
     });

package/dist/src/security/scanner/SecurityScanner.formatters.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"SecurityScanner.formatters.js","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.formatters.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;;;;;;;;GASG;AACH,MAAM,UAAU,aAAa,CAAC,MAAkB;IAC9C,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACrC,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,IAAI,CAAC,CAAA;QACpC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAA;QAC/C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;~~QACpD~~,8CAA8C;QAC9C,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,IAAI,IAAI,QAAQ,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,EAAE,CAAA;IAC3E,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,OAAO,CAAC,MAAkB;IACxC,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,OAAO,EAAE;QACjE,EAAE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE;QAC7E,EAAE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,OAAO,EAAE;QACnE,EAAE,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,SAAS,EAAE;QAC3E,EAAE,EAAE,EAAE,sBAAsB,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,OAAO,EAAE;QAC/E,EAAE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE;QAC7E,EAAE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE;QACrE,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE;QACrD,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE;KAC9D,CAAA;IAED,MAAM,eAAe,GAA2B;QAC9C,QAAQ,EAAE,OAAO;QACjB,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,SAAS;QACjB,GAAG,EAAE,MAAM;KACZ,CAAA;IAED,OAAO;QACL,OAAO,EAAE,+CAA+C;QACxD,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE;YACJ;gBACE,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,6BAA6B;wBACnC,OAAO,EAAE,OAAO;wBAChB,cAAc,EAAE,0CAA0C;wBAC1D,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;4BAC1B,EAAE,EAAE,IAAI,CAAC,EAAE;4BACX,IAAI,EAAE,IAAI,CAAC,IAAI;4BACf,gBAAgB,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;4BACrC,oBAAoB,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;yBAC/C,CAAC,CAAC;qBACJ;iBACF;gBACD,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;oBACzC,MAAM,EAAE,OAAO,CAAC,IAAI;oBACpB,KAAK,EAAE,eAAe,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,SAAS;oBACrD,OAAO,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,OAAO,EAAE;oBAClC,SAAS,EAAE;wBACT;4BACE,gBAAgB,EAAE;gCAChB,gBAAgB,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,OAAO,EAAE;gCACzC,MAAM,EAAE;oCACN,SAAS,EAAE,OAAO,CAAC,UAAU,IAAI,CAAC;oCAClC,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;iCACnE;6BACF;yBACF;qBACF;oBACD,UAAU,EAAE;wBACV,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,MAAM;wBACxC,sBAAsB,EAAE,OAAO,CAAC,sBAAsB,IAAI,KAAK;qBAChE;iBACF,CAAC,CAAC;gBACH,WAAW,EAAE;oBACX;wBACE,mBAAmB,EAAE,IAAI;wBACzB,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE;qBAC3C;iBACF;aACF;SACF;KACF,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAkB;IACpD,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACrC,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;QACtF,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,IAAI,CAAC,CAAA;QACpC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QAChG,OAAO,KAAK,QAAQ,SAAS,MAAM,CAAC,OAAO,SAAS,IAAI,KAAK,OAAO,EAAE,CAAA;IACxE,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CAAC,MAAkB;IAS1C,MAAM,UAAU,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAA;IACtF,MAAM,MAAM,GAA2B,EAAE,CAAA;IAEzC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;QACtE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;IACxD,CAAC;IAED,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,aAAa,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;QACrC,UAAU;QACV,MAAM;QACN,cAAc,EAAE,MAAM,CAAC,cAAc;KACtC,CAAA;AACH,CAAC"}
1	+ {"version":3,"file":"SecurityScanner.formatters.js","sourceRoot":"","sources":["../../../../src/security/scanner/SecurityScanner.formatters.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E;;;;;;;;;GASG;AACH,MAAM,UAAU,aAAa,CAAC,MAAkB;IAC9C,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACrC,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,IAAI,CAAC,CAAA;QACpC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAA;QAC/C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;QAC3E,8CAA8C;QAC9C,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,IAAI,IAAI,QAAQ,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,EAAE,CAAA;IAC3E,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,OAAO,CAAC,MAAkB;IACxC,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,OAAO,EAAE;QACjE,EAAE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE;QAC7E,EAAE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,OAAO,EAAE;QACnE,EAAE,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,mBAAmB,EAAE,QAAQ,EAAE,SAAS,EAAE;QAC3E,EAAE,EAAE,EAAE,sBAAsB,EAAE,IAAI,EAAE,sBAAsB,EAAE,QAAQ,EAAE,OAAO,EAAE;QAC/E,EAAE,EAAE,EAAE,oBAAoB,EAAE,IAAI,EAAE,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE;QAC7E,EAAE,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE;QACrE,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,EAAE;QACrD,EAAE,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,OAAO,EAAE;KAC9D,CAAA;IAED,MAAM,eAAe,GAA2B;QAC9C,QAAQ,EAAE,OAAO;QACjB,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,SAAS;QACjB,GAAG,EAAE,MAAM;KACZ,CAAA;IAED,OAAO;QACL,OAAO,EAAE,+CAA+C;QACxD,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE;YACJ;gBACE,IAAI,EAAE;oBACJ,MAAM,EAAE;wBACN,IAAI,EAAE,6BAA6B;wBACnC,OAAO,EAAE,OAAO;wBAChB,cAAc,EAAE,0CAA0C;wBAC1D,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;4BAC1B,EAAE,EAAE,IAAI,CAAC,EAAE;4BACX,IAAI,EAAE,IAAI,CAAC,IAAI;4BACf,gBAAgB,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;4BACrC,oBAAoB,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE;yBAC/C,CAAC,CAAC;qBACJ;iBACF;gBACD,OAAO,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;oBACzC,MAAM,EAAE,OAAO,CAAC,IAAI;oBACpB,KAAK,EAAE,eAAe,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,SAAS;oBACrD,OAAO,EAAE,EAAE,IAAI,EAAE,OAAO,CAAC,OAAO,EAAE;oBAClC,SAAS,EAAE;wBACT;4BACE,gBAAgB,EAAE;gCAChB,gBAAgB,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,OAAO,EAAE;gCACzC,MAAM,EAAE;oCACN,SAAS,EAAE,OAAO,CAAC,UAAU,IAAI,CAAC;oCAClC,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS;iCACnE;6BACF;yBACF;qBACF;oBACD,UAAU,EAAE;wBACV,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,MAAM;wBACxC,sBAAsB,EAAE,OAAO,CAAC,sBAAsB,IAAI,KAAK;qBAChE;iBACF,CAAC,CAAC;gBACH,WAAW,EAAE;oBACX;wBACE,mBAAmB,EAAE,IAAI;wBACzB,UAAU,EAAE,MAAM,CAAC,SAAS,CAAC,WAAW,EAAE;qBAC3C;iBACF;aACF;SACF;KACF,CAAA;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAkB;IACpD,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE;QACrC,MAAM,QAAQ,GACZ,OAAO,CAAC,QAAQ,KAAK,UAAU,IAAI,OAAO,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;QACtF,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,IAAI,CAAC,CAAA;QACpC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QAChG,OAAO,KAAK,QAAQ,SAAS,MAAM,CAAC,OAAO,SAAS,IAAI,KAAK,OAAO,EAAE,CAAA;IACxE,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CAAC,MAAkB;IAS1C,MAAM,UAAU,GAA2B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAA;IACtF,MAAM,MAAM,GAA2B,EAAE,CAAA;IAEzC,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;QACtE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAA;IACxD,CAAC;IAED,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,aAAa,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;QACrC,UAAU;QACV,MAAM;QACN,cAAc,EAAE,MAAM,CAAC,cAAc;KACtC,CAAA;AACH,CAAC"}

package/dist/src/services/quarantine/QuarantineService.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 /**
  * SMI-2269: Quarantine Service with Authentication
+ * SMI-2277: Persist multi-approval state to database
  *
  * Service layer for quarantine operations that enforces authentication
  * and authorization. Wraps QuarantineRepository with security controls.
@@ -13,10 +14,12 @@
  * - Enforces security_reviewer permission for review access
  * - Multi-approval workflow for MALICIOUS severity
  * - Audit logs include verified reviewer identity
+ * - Approval state persisted to database (survives restarts)
  *
  * @module @skillsmith/core/services/quarantine/QuarantineService
  */
 import type { QuarantineRepository } from '../../repositories/quarantine/index.js';
+import type { ApprovalRepository } from '../../repositories/quarantine/ApprovalRepository.js';
 import type { AuditLogger } from '../../security/AuditLogger.js';
 import type { AuthenticatedSession, AuthenticatedReviewInput, AuthenticatedReviewResult, MultiApprovalStatus } from './types.js';
 /**
@@ -27,10 +30,11 @@ import type { AuthenticatedSession, AuthenticatedReviewInput, AuthenticatedRevie
  * - Permission checks (security_reviewer role)
  * - Multi-approval workflow for MALICIOUS severity
  * - Audit logging with verified identities
+ * - Database-persisted approval state (SMI-2277)
  *
  * @example
  * ```typescript
- * const service = new QuarantineService(repository, auditLogger)
+ * const service = new QuarantineService(repository, approvalRepository, auditLogger)
  *
  * // Review a quarantined skill (requires authentication)
  * const result = await service.review(
@@ -42,15 +46,9 @@ import type { AuthenticatedSession, AuthenticatedReviewInput, AuthenticatedRevie
  */
 export declare class QuarantineService {
     private readonly repository;
+    private readonly approvalRepository;
     private readonly auditLogger;
-    /**
-     * In-memory store for pending multi-approvals
-     * Key: quarantineId, Value: MultiApprovalStatus
-     *
-     * Note: In production, this should be persisted to database
-     */
-    private pendingApprovals;
-    constructor(repository: QuarantineRepository, auditLogger: AuditLogger);
+    constructor(repository: QuarantineRepository, approvalRepository: ApprovalRepository, auditLogger: AuditLogger);
     /**
      * Find a quarantine entry by ID
      *
@@ -106,6 +104,9 @@ export declare class QuarantineService {
      * before a skill can be unquarantined. This prevents single
      * reviewer compromise from allowing malicious skills.
      *
+     * Approval state is persisted to the database (SMI-2277) so
+     * pending approvals survive service restarts.
+     *
      * @param session - Authenticated session
      * @param quarantineId - Quarantine entry ID
      * @param skillId - Skill ID
@@ -145,5 +146,12 @@ export declare class QuarantineService {
      * @returns Whether the entry was deleted
      */
     delete(session: AuthenticatedSession, id: string): boolean;
+    /**
+     * Build a MultiApprovalStatus from database rows
+     *
+     * Converts persisted approval entries into the MultiApprovalStatus
+     * interface expected by consumers.
+     */
+    private buildMultiApprovalStatus;
 }
 //# sourceMappingURL=QuarantineService.d.ts.map

package/dist/src/services/quarantine/QuarantineService.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"QuarantineService.d.ts","sourceRoot":"","sources":["../../../../src/services/quarantine/QuarantineService.ts"],"names":[],"mappings":"AAAA~~;;;;;;;;;;;;;;;;;GAiBG~~;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,wCAAwC,CAAA;AAClF,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAA;AAChE,OAAO,KAAK,EACV,oBAAoB,EACpB,wBAAwB,EACxB,yBAAyB,EACzB,mBAAmB,EAEpB,MAAM,YAAY,CAAA;AAqBnB~~;;;;;;;;;;;;;;;;;;;;GAoBG~~;AACH,qBAAa,iBAAiB;~~IAU1B~~,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,~~WAAW~~;~~IAV9B;;;;;OAKG;IACH~~,OAAO,CAAC,~~gBAAgB~~,~~CAA8C~~;~~gBAGnD~~,UAAU,EAAE,oBAAoB,EAChC,WAAW,EAAE,WAAW;IAO3C;;;;;;OAMG;IACH,QAAQ,CAAC,OAAO,EAAE,oBAAoB,EAAE,EAAE,EAAE,MAAM;IAKlD;;;;;;OAMG;IACH,aAAa,CAAC,OAAO,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM;IAK5D;;;;;;OAMG;IACH,OAAO,CAAC,OAAO,EAAE,oBAAoB,EAAE,MAAM,CAAC,EAAE,UAAU,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAK9F;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,EAAE,oBAAoB;IAStC;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CACJ,OAAO,EAAE,oBAAoB,EAC7B,YAAY,EAAE,MAAM,EACpB,KAAK,EAAE,wBAAwB,GAC9B,yBAAyB;IAoF5B~~;;;;;;;;;;;;OAYG~~;IACH,OAAO,CAAC,uBAAuB;~~IAkJ~~/B;;;;;;OAMG;IACH,sBAAsB,CACpB,OAAO,EAAE,oBAAoB,EAC7B,YAAY,EAAE,MAAM,GACnB,mBAAmB,GAAG,IAAI;~~IAK7B~~;;;;;;OAMG;IACH,mBAAmB,CAAC,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IA8BjF;;;;;;OAMG;IACH,MAAM,CAAC,OAAO,EAAE,oBAAoB,EAAE,KAAK,EAAE,UAAU,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAK1F;;;;;;OAMG;IACH,MAAM,CAAC,OAAO,EAAE,oBAAoB,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO;~~CAQ3D~~"}
1	+ {"version":3,"file":"QuarantineService.d.ts","sourceRoot":"","sources":["../../../../src/services/quarantine/QuarantineService.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,wCAAwC,CAAA;AAClF,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,qDAAqD,CAAA;AAC7F,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAA;AAChE,OAAO,KAAK,EACV,oBAAoB,EACpB,wBAAwB,EACxB,yBAAyB,EACzB,mBAAmB,EAEpB,MAAM,YAAY,CAAA;AAqBnB;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,qBAAa,iBAAiB;IAE1B,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,kBAAkB;IACnC,OAAO,CAAC,QAAQ,CAAC,WAAW;gBAFX,UAAU,EAAE,oBAAoB,EAChC,kBAAkB,EAAE,kBAAkB,EACtC,WAAW,EAAE,WAAW;IAO3C;;;;;;OAMG;IACH,QAAQ,CAAC,OAAO,EAAE,oBAAoB,EAAE,EAAE,EAAE,MAAM;IAKlD;;;;;;OAMG;IACH,aAAa,CAAC,OAAO,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM;IAK5D;;;;;;OAMG;IACH,OAAO,CAAC,OAAO,EAAE,oBAAoB,EAAE,MAAM,CAAC,EAAE,UAAU,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAK9F;;;;;OAKG;IACH,QAAQ,CAAC,OAAO,EAAE,oBAAoB;IAStC;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CACJ,OAAO,EAAE,oBAAoB,EAC7B,YAAY,EAAE,MAAM,EACpB,KAAK,EAAE,wBAAwB,GAC9B,yBAAyB;IAoF5B;;;;;;;;;;;;;;;OAeG;IACH,OAAO,CAAC,uBAAuB;IA2K/B;;;;;;OAMG;IACH,sBAAsB,CACpB,OAAO,EAAE,oBAAoB,EAC7B,YAAY,EAAE,MAAM,GACnB,mBAAmB,GAAG,IAAI;IAW7B;;;;;;OAMG;IACH,mBAAmB,CAAC,OAAO,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO;IA8BjF;;;;;;OAMG;IACH,MAAM,CAAC,OAAO,EAAE,oBAAoB,EAAE,KAAK,EAAE,UAAU,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAK1F;;;;;;OAMG;IACH,MAAM,CAAC,OAAO,EAAE,oBAAoB,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO;IAa1D;;;;;OAKG;IACH,OAAO,CAAC,wBAAwB;CA+BjC"}