@specverse/engines 6.16.0 → 6.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/ai/index.d.ts +2 -0
- package/dist/ai/index.d.ts.map +1 -1
- package/dist/ai/index.js +4 -0
- package/dist/ai/index.js.map +1 -1
- package/dist/ai/library-whitelist.d.ts +81 -0
- package/dist/ai/library-whitelist.d.ts.map +1 -0
- package/dist/ai/library-whitelist.js +251 -0
- package/dist/ai/library-whitelist.js.map +1 -0
- package/dist/libs/instance-factories/applications/templates/generic/backend-package-json-generator.js +34 -14
- package/dist/libs/instance-factories/services/templates/prisma/ai-behaviors-generator.js +24 -9
- package/libs/instance-factories/applications/templates/generic/backend-package-json-generator.ts +50 -14
- package/libs/instance-factories/services/templates/prisma/ai-behaviors-generator.ts +38 -7
- package/package.json +1 -1
package/dist/ai/index.d.ts
CHANGED
|
@@ -28,6 +28,8 @@ export { regenerateBehavior } from './behavior-regenerate.js';
|
|
|
28
28
|
export type { RegenerateBehaviorOptions, RegenerateBehaviorResult } from './behavior-regenerate.js';
|
|
29
29
|
export { resolveModel, resolveProviderId, describeActiveProvider } from './model-resolver.js';
|
|
30
30
|
export type { ProviderId, ResolveModelOptions } from './model-resolver.js';
|
|
31
|
+
export { AI_BEHAVIOR_LIBRARY_WHITELIST, AI_BEHAVIOR_LIBRARY_TRIGGERS, isWhitelistedLibrary, predictAiBehaviorLibraries, extractDynamicImports, validateImportWhitelist, } from './library-whitelist.js';
|
|
32
|
+
export type { AiBehaviorLibrary } from './library-whitelist.js';
|
|
31
33
|
export { claudeCli, isClaudeCliAvailable, detectClaudePath } from './providers/claude-cli.js';
|
|
32
34
|
export type { ClaudeCliOptions } from './providers/claude-cli.js';
|
|
33
35
|
export { stubModel } from './providers/stub.js';
|
package/dist/ai/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/ai/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,cAAc,qBAAqB,CAAC;AAIpC,cAAc,oCAAoC,CAAC;AAGnD,cAAc,kBAAkB,CAAC;AAGjC,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,YAAY,EACV,WAAW,EACX,UAAU,EACV,SAAS,EACT,oBAAoB,GACrB,MAAM,oBAAoB,CAAC;AAI5B,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,YAAY,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AAIlG,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,YAAY,EAAE,yBAAyB,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AAGpG,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC9F,YAAY,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/ai/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,cAAc,qBAAqB,CAAC;AAIpC,cAAc,oCAAoC,CAAC;AAGnD,cAAc,kBAAkB,CAAC;AAGjC,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,YAAY,EACV,WAAW,EACX,UAAU,EACV,SAAS,EACT,oBAAoB,GACrB,MAAM,oBAAoB,CAAC;AAI5B,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,YAAY,EAAE,wBAAwB,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AAIlG,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,YAAY,EAAE,yBAAyB,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AAGpG,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC9F,YAAY,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAK3E,OAAO,EACL,6BAA6B,EAC7B,4BAA4B,EAC5B,oBAAoB,EACpB,0BAA0B,EAC1B,qBAAqB,EACrB,uBAAuB,GACxB,MAAM,wBAAwB,CAAC;AAChC,YAAY,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAIhE,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC9F,YAAY,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAKhD,OAAO,EACL,UAAU,EACV,UAAU,EACV,cAAc,EACd,YAAY,EACZ,aAAa,EACb,SAAS,EACT,WAAW,EACX,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACV,UAAU,EACV,oBAAoB,EACpB,gBAAgB,EAChB,eAAe,GAChB,MAAM,oBAAoB,CAAC;AAK5B,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,YAAY,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAK/E,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAK5E,OAAO,EACL,cAAc,EACd,WAAW,EACX,aAAa,EACb,QAAQ,EACR,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,cAAc,EACd,kBAAkB,EAClB,aAAa,EACb,UAAU,EACV,WAAW,EACX,OAAO,GACR,MAAM,gBAAgB,CAAC;AACxB,YAAY,EACV,OAAO,EACP,qBAAqB,EACrB,YAAY,EACZ,WAAW,EACX,QAAQ,EACR,aAAa,EACb,cAAc,EACd,oBAAoB,EACpB,UAAU,GACX,MAAM,gBAAgB,CAAC;AAKxB,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAM5D,OAAO,KAAK,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAGpE,MAAM,WAAW,QAAS,SAAQ,eAAe;IAC/C,cAAc,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC1D,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IACrD,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACvD,yEAAyE;IACzE,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CACrF;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,IAAI,CAAC,EAAE,GAAG,CAAC;CACZ;AAED,cAAM,iBAAkB,YAAW,QAAQ;IACzC,IAAI,SAAQ;IACZ,OAAO,SAAW;IAClB,YAAY,WAAoE;IAEhF,OAAO,CAAC,OAAO,CAAa;IAEtB,UAAU,CAAC,MAAM,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAWlE,OAAO,IAAI,UAAU;IAIf,cAAc,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IA+F1D,OAAO,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAK3D;;;;OAIG;IACG,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAkBnF,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;CAgClE;AAED,eAAO,MAAM,MAAM,mBAA0B,CAAC;AAC9C,eAAe,MAAM,CAAC;AACtB,OAAO,EAAE,iBAAiB,EAAE,CAAC"}
|
package/dist/ai/index.js
CHANGED
|
@@ -34,6 +34,10 @@ export { BehaviorAIService } from './behavior-ai-service.js';
|
|
|
34
34
|
export { regenerateBehavior } from './behavior-regenerate.js';
|
|
35
35
|
// Model resolver — pick a LanguageModelV3 from SPECVERSE_AI_PROVIDER env.
|
|
36
36
|
export { resolveModel, resolveProviderId, describeActiveProvider } from './model-resolver.js';
|
|
37
|
+
// AI-behavior library whitelist — single source of truth for which
|
|
38
|
+
// libraries the realized backend is allowed to dynamic-import from
|
|
39
|
+
// generated *.ai.ts pure-function bodies. See library-whitelist.ts header.
|
|
40
|
+
export { AI_BEHAVIOR_LIBRARY_WHITELIST, AI_BEHAVIOR_LIBRARY_TRIGGERS, isWhitelistedLibrary, predictAiBehaviorLibraries, extractDynamicImports, validateImportWhitelist, } from './library-whitelist.js';
|
|
37
41
|
// Custom providers — thin wrappers around claude CLI and no-op stub. Most
|
|
38
42
|
// consumers should use resolveModel() rather than calling these directly.
|
|
39
43
|
export { claudeCli, isClaudeCliAvailable, detectClaudePath } from './providers/claude-cli.js';
|
package/dist/ai/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/ai/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,kFAAkF;AAClF,cAAc,qBAAqB,CAAC;AAEpC,2EAA2E;AAC3E,iBAAiB;AACjB,cAAc,oCAAoC,CAAC;AAEnD,SAAS;AACT,cAAc,kBAAkB,CAAC;AAEjC,+DAA+D;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAQ9D,uEAAuE;AACvE,4EAA4E;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAG7D,2DAA2D;AAC3D,gDAAgD;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAG9D,0EAA0E;AAC1E,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAG9F,0EAA0E;AAC1E,0EAA0E;AAC1E,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAE9F,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAEhD,yEAAyE;AACzE,2EAA2E;AAC3E,2DAA2D;AAC3D,OAAO,EACL,UAAU,EACV,UAAU,EACV,cAAc,EACd,YAAY,EACZ,aAAa,EACb,SAAS,EACT,WAAW,EACX,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAQ5B,yEAAyE;AACzE,yEAAyE;AACzE,oEAAoE;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD,uEAAuE;AACvE,uEAAuE;AACvE,0EAA0E;AAC1E,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAG/C,2EAA2E;AAC3E,yEAAyE;AACzE,sDAAsD;AACtD,OAAO,EACL,cAAc,EACd,WAAW,EACX,aAAa,EACb,QAAQ,EACR,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,cAAc,EACd,kBAAkB,EAClB,aAAa,EACb,UAAU,EACV,WAAW,EACX,OAAO,GACR,MAAM,gBAAgB,CAAC;AAaxB,2EAA2E;AAC3E,4EAA4E;AAC5E,sDAAsD;AACtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAO5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAmB7D,MAAM,iBAAiB;IACrB,IAAI,GAAG,IAAI,CAAC;IACZ,OAAO,GAAG,OAAO,CAAC;IAClB,YAAY,GAAG,CAAC,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC;IAExE,OAAO,GAAQ,IAAI,CAAC;IAE5B,KAAK,CAAC,UAAU,CAAC,MAAiC;QAChD,IAAI,CAAC;YACH,MAAM,EAAE,sBAAsB,EAAE,GAAG,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;YACtF,IAAI,CAAC,OAAO,GAAG,IAAI,sBAAsB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CACV,6BAA6B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACtF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;IACrF,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,IAAS,EAAE,QAAc;QAC5C,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,KAAK,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CACR,4FAA4F,CAC7F,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,iBAAiB,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;YAC9C,IAAI,SAAS,CAAC,WAAW;gBAAE,KAAK,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC;YACpE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAEf,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,IAAI,EAAE,CAAC;YACtC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;gBAC5C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACf,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;oBAC3B,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;oBACjC,IAAI,KAAK,CAAC,WAAW;wBAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;oBACrD,MAAM,KAAK,GAAG,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;oBACrC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACrB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACf,KAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;wBACvD,KAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;wBACvD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;4BACzB,KAAK,CAAC,IAAI,CACR,KAAK,IAAI,CAAC,IAAI,MAAM,IAAI,CAAC,IAAI,IAAI,QAAQ,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAChH,CAAC;wBACJ,CAAC;oBACH,CAAC;oBACD,MAAM,IAAI,GAAG,KAAK,CAAC,aAAa,IAAI,EAAE,CAAC;oBACvC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACpB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACf,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;wBACjC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;4BACvB,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;wBACzD,CAAC;oBACH,CAAC;oBACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACjB,CAAC;YACH,CAAC;YAED,MAAM,WAAW,GAAG,SAAS,CAAC,WAAW,IAAI,EAAE,CAAC;YAChD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,KAAK,CAAC,IAAI,CAAC,oBAAoB,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;gBACtD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;oBAC/B,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,QAAQ,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,KAAK,IAAI,eAAe,EAAE,CAAC,CAAC;gBAC7F,CAAC;gBACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;YAED,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,IAAI,EAAE,CAAC;YAC1C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,KAAK,CAAC,IAAI,CAAC,iBAAiB,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;gBAChD,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;oBAC3B,KAAK,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC;oBAChC,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;wBACnB,KAAK,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAiC,CAAC,EAAE,CAAC;4BACjF,KAAK,CAAC,IAAI,CAAC,OAAO,MAAM,KAAK,EAAE,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC,CAAC;wBACvD,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;YAED,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,IAAI,EAAE,CAAC;YACtC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;gBAC5C,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;oBACzB,KAAK,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC;gBAClC,CAAC;gBACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CACR,kFAAkF,CACnF,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;QACzE,KAAK,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;QAC9E,KAAK,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QACnE,KAAK,CAAC,IAAI,CACR,mHAAmH,CACpH,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,IAAS,EAAE,QAAiB;QACxC,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,6BAA6B,CAAC,CAAC;QACpE,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CAAC,IAAY,EAAE,OAA2B;QAC9D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,iBAAiB,EAAE,CAAC;YACxC,IAAI,CAAC,OAAO,CAAC,WAAW;gBAAE,OAAO,IAAI,CAAC;YACtC,OAAO,MAAM,OAAO,CAAC,gBAAgB,CAAC;gBACpC,IAAI;gBACJ,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,cAAc,EAAE,OAAO,CAAC,cAAc;gBACtC,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI,EAAE;gBAC9C,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,SAAiB,EAAE,OAAa;QAC7C,IAAI,CAAC;YACH,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;YAC/D,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,SAAgB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,CAAC,CAAC;YACvF,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC7B,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACf,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;gBAC/B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACxB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBACzB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;YACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;gBACtC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;YACD,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChD,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBAC3B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YAClE,CAAC;YACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,eAAe,SAAS,0FAA0F,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QACpL,CAAC;IACH,CAAC;CACF;AAED,MAAM,CAAC,MAAM,MAAM,GAAG,IAAI,iBAAiB,EAAE,CAAC;AAC9C,eAAe,MAAM,CAAC;AACtB,OAAO,EAAE,iBAAiB,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/ai/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,kFAAkF;AAClF,cAAc,qBAAqB,CAAC;AAEpC,2EAA2E;AAC3E,iBAAiB;AACjB,cAAc,oCAAoC,CAAC;AAEnD,SAAS;AACT,cAAc,kBAAkB,CAAC;AAEjC,+DAA+D;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAQ9D,uEAAuE;AACvE,4EAA4E;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAG7D,2DAA2D;AAC3D,gDAAgD;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAG9D,0EAA0E;AAC1E,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAG9F,mEAAmE;AACnE,mEAAmE;AACnE,2EAA2E;AAC3E,OAAO,EACL,6BAA6B,EAC7B,4BAA4B,EAC5B,oBAAoB,EACpB,0BAA0B,EAC1B,qBAAqB,EACrB,uBAAuB,GACxB,MAAM,wBAAwB,CAAC;AAGhC,0EAA0E;AAC1E,0EAA0E;AAC1E,OAAO,EAAE,SAAS,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAE9F,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAEhD,yEAAyE;AACzE,2EAA2E;AAC3E,2DAA2D;AAC3D,OAAO,EACL,UAAU,EACV,UAAU,EACV,cAAc,EACd,YAAY,EACZ,aAAa,EACb,SAAS,EACT,WAAW,EACX,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAQ5B,yEAAyE;AACzE,yEAAyE;AACzE,oEAAoE;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD,uEAAuE;AACvE,uEAAuE;AACvE,0EAA0E;AAC1E,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAG/C,2EAA2E;AAC3E,yEAAyE;AACzE,sDAAsD;AACtD,OAAO,EACL,cAAc,EACd,WAAW,EACX,aAAa,EACb,QAAQ,EACR,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,QAAQ,EACR,UAAU,EACV,cAAc,EACd,kBAAkB,EAClB,aAAa,EACb,UAAU,EACV,WAAW,EACX,OAAO,GACR,MAAM,gBAAgB,CAAC;AAaxB,2EAA2E;AAC3E,4EAA4E;AAC5E,sDAAsD;AACtD,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAO5D,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAmB7D,MAAM,iBAAiB;IACrB,IAAI,GAAG,IAAI,CAAC;IACZ,OAAO,GAAG,OAAO,CAAC;IAClB,YAAY,GAAG,CAAC,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC;IAExE,OAAO,GAAQ,IAAI,CAAC;IAE5B,KAAK,CAAC,UAAU,CAAC,MAAiC;QAChD,IAAI,CAAC;YACH,MAAM,EAAE,sBAAsB,EAAE,GAAG,MAAM,MAAM,CAAC,oCAAoC,CAAC,CAAC;YACtF,IAAI,CAAC,OAAO,GAAG,IAAI,sBAAsB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CACV,6BAA6B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACtF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;IACrF,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,IAAS,EAAE,QAAc;QAC5C,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAa,EAAE,CAAC;QAE3B,KAAK,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CACR,4FAA4F,CAC7F,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,KAAK,CAAC,IAAI,CAAC,iBAAiB,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;YAC9C,IAAI,SAAS,CAAC,WAAW;gBAAE,KAAK,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,WAAW,EAAE,CAAC,CAAC;YACpE,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAEf,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,IAAI,EAAE,CAAC;YACtC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;gBAC5C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACf,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;oBAC3B,KAAK,CAAC,IAAI,CAAC,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;oBACjC,IAAI,KAAK,CAAC,WAAW;wBAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;oBACrD,MAAM,KAAK,GAAG,KAAK,CAAC,UAAU,IAAI,EAAE,CAAC;oBACrC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACrB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACf,KAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;wBACvD,KAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;wBACvD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;4BACzB,KAAK,CAAC,IAAI,CACR,KAAK,IAAI,CAAC,IAAI,MAAM,IAAI,CAAC,IAAI,IAAI,QAAQ,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAChH,CAAC;wBACJ,CAAC;oBACH,CAAC;oBACD,MAAM,IAAI,GAAG,KAAK,CAAC,aAAa,IAAI,EAAE,CAAC;oBACvC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACpB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;wBACf,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;wBACjC,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;4BACvB,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;wBACzD,CAAC;oBACH,CAAC;oBACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBACjB,CAAC;YACH,CAAC;YAED,MAAM,WAAW,GAAG,SAAS,CAAC,WAAW,IAAI,EAAE,CAAC;YAChD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC3B,KAAK,CAAC,IAAI,CAAC,oBAAoB,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC;gBACtD,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;oBAC/B,KAAK,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,QAAQ,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,KAAK,IAAI,eAAe,EAAE,CAAC,CAAC;gBAC7F,CAAC;gBACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;YAED,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,IAAI,EAAE,CAAC;YAC1C,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,KAAK,CAAC,IAAI,CAAC,iBAAiB,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;gBAChD,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;oBAC3B,KAAK,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC;oBAChC,IAAI,GAAG,CAAC,UAAU,EAAE,CAAC;wBACnB,KAAK,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,UAAiC,CAAC,EAAE,CAAC;4BACjF,KAAK,CAAC,IAAI,CAAC,OAAO,MAAM,KAAK,EAAE,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC,CAAC;wBACvD,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;YAED,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,IAAI,EAAE,CAAC;YACtC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;gBAC5C,KAAK,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;oBACzB,KAAK,CAAC,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC;gBAClC,CAAC;gBACD,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;QACH,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC3C,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CACR,kFAAkF,CACnF,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;QACzE,KAAK,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;QAC9E,KAAK,CAAC,IAAI,CAAC,sDAAsD,CAAC,CAAC;QACnE,KAAK,CAAC,IAAI,CACR,mHAAmH,CACpH,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEf,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,IAAS,EAAE,QAAiB;QACxC,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,6BAA6B,CAAC,CAAC;QACpE,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CAAC,IAAY,EAAE,OAA2B;QAC9D,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,iBAAiB,EAAE,CAAC;YACxC,IAAI,CAAC,OAAO,CAAC,WAAW;gBAAE,OAAO,IAAI,CAAC;YACtC,OAAO,MAAM,OAAO,CAAC,gBAAgB,CAAC;gBACpC,IAAI;gBACJ,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,aAAa,EAAE,OAAO,CAAC,aAAa;gBACpC,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,cAAc,EAAE,OAAO,CAAC,cAAc;gBACtC,eAAe,EAAE,OAAO,CAAC,eAAe,IAAI,EAAE;gBAC9C,IAAI,EAAE,OAAO,CAAC,IAAI;aACnB,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,SAAiB,EAAE,OAAa;QAC7C,IAAI,CAAC;YACH,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;YAC/D,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,SAAgB,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,IAAI,SAAS,EAAE,CAAC,CAAC;YACvF,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YAC7B,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;YACvC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACf,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;gBAC/B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBACxB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;YACD,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBACzB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACzB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;YACD,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,KAAK,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;gBACtC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACtB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjB,CAAC;YACD,IAAI,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChD,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBAC3B,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YAClE,CAAC;YACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,eAAe,SAAS,0FAA0F,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QACpL,CAAC;IACH,CAAC;CACF;AAED,MAAM,CAAC,MAAM,MAAM,GAAG,IAAI,iBAAiB,EAAE,CAAC;AAC9C,eAAe,MAAM,CAAC;AACtB,OAAO,EAAE,iBAAiB,EAAE,CAAC"}
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AI-behavior library whitelist — single source of truth for which
|
|
3
|
+
* external libraries AI-generated `behaviors/*.ai.ts` pure-function
|
|
4
|
+
* bodies are allowed to dynamic-import.
|
|
5
|
+
*
|
|
6
|
+
* Three things keyed off this module:
|
|
7
|
+
*
|
|
8
|
+
* 1. The validator in `ai-behaviors-generator.ts` rejects any
|
|
9
|
+
* generated body whose `await import('LITERAL')` calls reference
|
|
10
|
+
* a literal not in `AI_BEHAVIOR_LIBRARY_WHITELIST`. Closes the
|
|
11
|
+
* gap where the validator previously failed equally on whitelisted
|
|
12
|
+
* and unwhitelisted imports (because the engines workspace lacks
|
|
13
|
+
* both), so non-whitelisted libs slipped through to AI-INVALID
|
|
14
|
+
* and only crashed at runtime in the realized backend.
|
|
15
|
+
*
|
|
16
|
+
* 2. `backend-package-json-generator.ts` calls
|
|
17
|
+
* `predictAiBehaviorLibraries(spec)` and only emits deps for libs
|
|
18
|
+
* whose triggers fire in the spec's step text. Avoids the dep
|
|
19
|
+
* bloat where every realized backend installed all 5 libs even
|
|
20
|
+
* when 97% of bodies needed none.
|
|
21
|
+
*
|
|
22
|
+
* 3. The behavior prompt YAML's "LIBRARY WHITELIST" section is the
|
|
23
|
+
* author-facing description — the trigger phrases here MUST stay
|
|
24
|
+
* in sync with the prompt. If you add or rename a trigger here,
|
|
25
|
+
* update `assets/prompts/core/standard/default/behavior.prompt.yaml`
|
|
26
|
+
* and bump `PROMPT_VERSION` in `ai-behaviors-generator.ts`.
|
|
27
|
+
*
|
|
28
|
+
* Triage status (2026-05-02 audit, #43K-B-review):
|
|
29
|
+
* jsonwebtoken — used in 2 of 49 cached bodies. KEEP.
|
|
30
|
+
* expr-eval — used in 1 of 49 cached bodies. MONITORED.
|
|
31
|
+
* bcryptjs — 0 of 49. MONITORED — drop after 2026-11 if no real spec uses it.
|
|
32
|
+
* crypto — 0 of 49. MONITORED — drop after 2026-11 if no real spec uses it.
|
|
33
|
+
* uuid — 0 of 49. MONITORED — drop after 2026-11 if no real spec uses it.
|
|
34
|
+
*/
|
|
35
|
+
export declare const AI_BEHAVIOR_LIBRARY_WHITELIST: readonly ["jsonwebtoken", "bcryptjs", "uuid", "crypto", "expr-eval"];
|
|
36
|
+
export type AiBehaviorLibrary = typeof AI_BEHAVIOR_LIBRARY_WHITELIST[number];
|
|
37
|
+
/** Is `name` a member of the whitelist? */
|
|
38
|
+
export declare function isWhitelistedLibrary(name: string): name is AiBehaviorLibrary;
|
|
39
|
+
/**
|
|
40
|
+
* Trigger phrases per library — when any regex matches a step's text,
|
|
41
|
+
* the corresponding library is predicted to be needed by the AI body
|
|
42
|
+
* the realize engine will generate for that step.
|
|
43
|
+
*
|
|
44
|
+
* Kept in sync with `behavior.prompt.yaml`'s LIBRARY WHITELIST section.
|
|
45
|
+
* If you change the prompt's triggers, update both places + bump
|
|
46
|
+
* PROMPT_VERSION.
|
|
47
|
+
*/
|
|
48
|
+
export declare const AI_BEHAVIOR_LIBRARY_TRIGGERS: Record<AiBehaviorLibrary, RegExp[]>;
|
|
49
|
+
/**
|
|
50
|
+
* Walk every step text in a SpecVerse spec and predict which whitelist
|
|
51
|
+
* libraries the AI body generator will need. The set is the basis for
|
|
52
|
+
* the realized backend's `package.json` deps — only libs predicted as
|
|
53
|
+
* needed get added.
|
|
54
|
+
*
|
|
55
|
+
* Walks: spec.components[].(controllers / services).operations[].steps[]
|
|
56
|
+
* + spec.components[].models[].behaviors[].steps[]
|
|
57
|
+
*/
|
|
58
|
+
export declare function predictAiBehaviorLibraries(spec: any): Set<AiBehaviorLibrary>;
|
|
59
|
+
/**
|
|
60
|
+
* Extract the literal module specifiers from every `await import('X')`
|
|
61
|
+
* (or bare `import('X')`) call in a TS source string. Used by the AI
|
|
62
|
+
* body validator to enforce whitelist compliance — any returned name
|
|
63
|
+
* not in `AI_BEHAVIOR_LIBRARY_WHITELIST` rejects the body.
|
|
64
|
+
*
|
|
65
|
+
* Walks char-by-char tracking string + comment context — ignores any
|
|
66
|
+
* `import(...)` syntax that appears inside a comment or string literal,
|
|
67
|
+
* so commented-out examples and string content can't false-positive.
|
|
68
|
+
*
|
|
69
|
+
* Computed specifiers (`import(varName)`) and template-string
|
|
70
|
+
* specifiers (`` import(`name`) ``) are intentionally NOT extracted:
|
|
71
|
+
* they're rejected by the validator anyway (only allow string-literal
|
|
72
|
+
* specifiers) and the safe answer when we can't statically resolve a
|
|
73
|
+
* specifier is "don't try."
|
|
74
|
+
*/
|
|
75
|
+
export declare function extractDynamicImports(code: string): string[];
|
|
76
|
+
/**
|
|
77
|
+
* Validate that every dynamic import in `code` references a whitelisted
|
|
78
|
+
* library. Returns a list of violating specifiers (empty list = clean).
|
|
79
|
+
*/
|
|
80
|
+
export declare function validateImportWhitelist(code: string): string[];
|
|
81
|
+
//# sourceMappingURL=library-whitelist.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"library-whitelist.d.ts","sourceRoot":"","sources":["../../src/ai/library-whitelist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH,eAAO,MAAM,6BAA6B,sEAMhC,CAAC;AAEX,MAAM,MAAM,iBAAiB,GAAG,OAAO,6BAA6B,CAAC,MAAM,CAAC,CAAC;AAI7E,2CAA2C;AAC3C,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,IAAI,iBAAiB,CAE5E;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,4BAA4B,EAAE,MAAM,CAAC,iBAAiB,EAAE,MAAM,EAAE,CAkC5E,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,GAAG,GAAG,GAAG,CAAC,iBAAiB,CAAC,CA6D5E;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAiE5D;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAE9D"}
|
|
@@ -0,0 +1,251 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* AI-behavior library whitelist — single source of truth for which
|
|
3
|
+
* external libraries AI-generated `behaviors/*.ai.ts` pure-function
|
|
4
|
+
* bodies are allowed to dynamic-import.
|
|
5
|
+
*
|
|
6
|
+
* Three things keyed off this module:
|
|
7
|
+
*
|
|
8
|
+
* 1. The validator in `ai-behaviors-generator.ts` rejects any
|
|
9
|
+
* generated body whose `await import('LITERAL')` calls reference
|
|
10
|
+
* a literal not in `AI_BEHAVIOR_LIBRARY_WHITELIST`. Closes the
|
|
11
|
+
* gap where the validator previously failed equally on whitelisted
|
|
12
|
+
* and unwhitelisted imports (because the engines workspace lacks
|
|
13
|
+
* both), so non-whitelisted libs slipped through to AI-INVALID
|
|
14
|
+
* and only crashed at runtime in the realized backend.
|
|
15
|
+
*
|
|
16
|
+
* 2. `backend-package-json-generator.ts` calls
|
|
17
|
+
* `predictAiBehaviorLibraries(spec)` and only emits deps for libs
|
|
18
|
+
* whose triggers fire in the spec's step text. Avoids the dep
|
|
19
|
+
* bloat where every realized backend installed all 5 libs even
|
|
20
|
+
* when 97% of bodies needed none.
|
|
21
|
+
*
|
|
22
|
+
* 3. The behavior prompt YAML's "LIBRARY WHITELIST" section is the
|
|
23
|
+
* author-facing description — the trigger phrases here MUST stay
|
|
24
|
+
* in sync with the prompt. If you add or rename a trigger here,
|
|
25
|
+
* update `assets/prompts/core/standard/default/behavior.prompt.yaml`
|
|
26
|
+
* and bump `PROMPT_VERSION` in `ai-behaviors-generator.ts`.
|
|
27
|
+
*
|
|
28
|
+
* Triage status (2026-05-02 audit, #43K-B-review):
|
|
29
|
+
* jsonwebtoken — used in 2 of 49 cached bodies. KEEP.
|
|
30
|
+
* expr-eval — used in 1 of 49 cached bodies. MONITORED.
|
|
31
|
+
* bcryptjs — 0 of 49. MONITORED — drop after 2026-11 if no real spec uses it.
|
|
32
|
+
* crypto — 0 of 49. MONITORED — drop after 2026-11 if no real spec uses it.
|
|
33
|
+
* uuid — 0 of 49. MONITORED — drop after 2026-11 if no real spec uses it.
|
|
34
|
+
*/
|
|
35
|
+
export const AI_BEHAVIOR_LIBRARY_WHITELIST = [
|
|
36
|
+
'jsonwebtoken',
|
|
37
|
+
'bcryptjs',
|
|
38
|
+
'uuid',
|
|
39
|
+
'crypto',
|
|
40
|
+
'expr-eval',
|
|
41
|
+
];
|
|
42
|
+
const WHITELIST_SET = new Set(AI_BEHAVIOR_LIBRARY_WHITELIST);
|
|
43
|
+
/** Is `name` a member of the whitelist? */
|
|
44
|
+
export function isWhitelistedLibrary(name) {
|
|
45
|
+
return WHITELIST_SET.has(name);
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* Trigger phrases per library — when any regex matches a step's text,
|
|
49
|
+
* the corresponding library is predicted to be needed by the AI body
|
|
50
|
+
* the realize engine will generate for that step.
|
|
51
|
+
*
|
|
52
|
+
* Kept in sync with `behavior.prompt.yaml`'s LIBRARY WHITELIST section.
|
|
53
|
+
* If you change the prompt's triggers, update both places + bump
|
|
54
|
+
* PROMPT_VERSION.
|
|
55
|
+
*/
|
|
56
|
+
export const AI_BEHAVIOR_LIBRARY_TRIGGERS = {
|
|
57
|
+
// JWT: explicit lib name OR the abbrev OR signing/verifying intent.
|
|
58
|
+
// \bJWT\b avoids matching "JWTRevoked" or "BJWT" — only the standalone token.
|
|
59
|
+
jsonwebtoken: [
|
|
60
|
+
/jsonwebtoken/i,
|
|
61
|
+
/\bJWT\b/,
|
|
62
|
+
/\bsign\s+tokens?\b/i,
|
|
63
|
+
/\bverify\s+token\s+signature\b/i,
|
|
64
|
+
/\bdecode\s+token\b/i,
|
|
65
|
+
],
|
|
66
|
+
// bcryptjs (or just "bcrypt") + the hash/compare-password pattern.
|
|
67
|
+
bcryptjs: [
|
|
68
|
+
/\bbcryptjs?\b/i,
|
|
69
|
+
/\bhash\s+password\b/i,
|
|
70
|
+
/\bcompare\s+password\b/i,
|
|
71
|
+
],
|
|
72
|
+
// Note: these triggers are deliberately specific. "uuid" alone would
|
|
73
|
+
// match too aggressively (e.g. "userId: UUID required" in an attribute
|
|
74
|
+
// declaration). Anchor on action-y phrasing instead.
|
|
75
|
+
uuid: [
|
|
76
|
+
/\bvia\s+uuid\b/i,
|
|
77
|
+
/\bgenerate\s+uuid\b/i,
|
|
78
|
+
],
|
|
79
|
+
// node:crypto built-in — only the explicit "via crypto" or hash-action
|
|
80
|
+
// phrasings, since "crypto" alone would match "crypto-currency", "crypto
|
|
81
|
+
// wallet", etc.
|
|
82
|
+
crypto: [
|
|
83
|
+
/\bvia\s+crypto\b/i,
|
|
84
|
+
/\bcompute\s+(?:hash|checksum)\b/i,
|
|
85
|
+
],
|
|
86
|
+
'expr-eval': [
|
|
87
|
+
/\bexpr-eval\b/i,
|
|
88
|
+
/\bevaluate\s+formula\b/i,
|
|
89
|
+
],
|
|
90
|
+
};
|
|
91
|
+
/**
|
|
92
|
+
* Walk every step text in a SpecVerse spec and predict which whitelist
|
|
93
|
+
* libraries the AI body generator will need. The set is the basis for
|
|
94
|
+
* the realized backend's `package.json` deps — only libs predicted as
|
|
95
|
+
* needed get added.
|
|
96
|
+
*
|
|
97
|
+
* Walks: spec.components[].(controllers / services).operations[].steps[]
|
|
98
|
+
* + spec.components[].models[].behaviors[].steps[]
|
|
99
|
+
*/
|
|
100
|
+
export function predictAiBehaviorLibraries(spec) {
|
|
101
|
+
const found = new Set();
|
|
102
|
+
if (!spec)
|
|
103
|
+
return found;
|
|
104
|
+
const allSteps = [];
|
|
105
|
+
const collectFromOps = (ops) => {
|
|
106
|
+
if (!ops)
|
|
107
|
+
return;
|
|
108
|
+
const entries = Array.isArray(ops) ? ops : Object.values(ops);
|
|
109
|
+
for (const op of entries) {
|
|
110
|
+
const steps = Array.isArray(op?.steps) ? op.steps : [];
|
|
111
|
+
for (const step of steps) {
|
|
112
|
+
const text = typeof step === 'string' ? step : (step?.step || step?.action);
|
|
113
|
+
if (typeof text === 'string')
|
|
114
|
+
allSteps.push(text);
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
};
|
|
118
|
+
const collectFromModels = (models) => {
|
|
119
|
+
if (!models)
|
|
120
|
+
return;
|
|
121
|
+
const entries = Array.isArray(models) ? models : Object.values(models);
|
|
122
|
+
for (const m of entries) {
|
|
123
|
+
collectFromOps(m?.behaviors);
|
|
124
|
+
}
|
|
125
|
+
};
|
|
126
|
+
const components = Array.isArray(spec.components)
|
|
127
|
+
? spec.components
|
|
128
|
+
: (spec.components ? Object.values(spec.components) : []);
|
|
129
|
+
for (const comp of components) {
|
|
130
|
+
if (!comp)
|
|
131
|
+
continue;
|
|
132
|
+
// Controllers may declare actions or behaviors-derived ops.
|
|
133
|
+
const ctrls = comp.controllers;
|
|
134
|
+
if (ctrls) {
|
|
135
|
+
const ctrlEntries = Array.isArray(ctrls) ? ctrls : Object.values(ctrls);
|
|
136
|
+
for (const c of ctrlEntries) {
|
|
137
|
+
collectFromOps(c?.actions);
|
|
138
|
+
collectFromOps(c?.behaviors);
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
// Services have operations.
|
|
142
|
+
const services = comp.services;
|
|
143
|
+
if (services) {
|
|
144
|
+
const svcEntries = Array.isArray(services) ? services : Object.values(services);
|
|
145
|
+
for (const s of svcEntries) {
|
|
146
|
+
collectFromOps(s?.operations);
|
|
147
|
+
}
|
|
148
|
+
}
|
|
149
|
+
collectFromModels(comp.models);
|
|
150
|
+
}
|
|
151
|
+
// Run each lib's triggers against the collected step text.
|
|
152
|
+
for (const lib of AI_BEHAVIOR_LIBRARY_WHITELIST) {
|
|
153
|
+
const triggers = AI_BEHAVIOR_LIBRARY_TRIGGERS[lib];
|
|
154
|
+
if (allSteps.some((step) => triggers.some((re) => re.test(step)))) {
|
|
155
|
+
found.add(lib);
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
return found;
|
|
159
|
+
}
|
|
160
|
+
/**
|
|
161
|
+
* Extract the literal module specifiers from every `await import('X')`
|
|
162
|
+
* (or bare `import('X')`) call in a TS source string. Used by the AI
|
|
163
|
+
* body validator to enforce whitelist compliance — any returned name
|
|
164
|
+
* not in `AI_BEHAVIOR_LIBRARY_WHITELIST` rejects the body.
|
|
165
|
+
*
|
|
166
|
+
* Walks char-by-char tracking string + comment context — ignores any
|
|
167
|
+
* `import(...)` syntax that appears inside a comment or string literal,
|
|
168
|
+
* so commented-out examples and string content can't false-positive.
|
|
169
|
+
*
|
|
170
|
+
* Computed specifiers (`import(varName)`) and template-string
|
|
171
|
+
* specifiers (`` import(`name`) ``) are intentionally NOT extracted:
|
|
172
|
+
* they're rejected by the validator anyway (only allow string-literal
|
|
173
|
+
* specifiers) and the safe answer when we can't statically resolve a
|
|
174
|
+
* specifier is "don't try."
|
|
175
|
+
*/
|
|
176
|
+
export function extractDynamicImports(code) {
|
|
177
|
+
const out = [];
|
|
178
|
+
let i = 0;
|
|
179
|
+
let stringChar = null; // null when not in a string
|
|
180
|
+
const len = code.length;
|
|
181
|
+
while (i < len) {
|
|
182
|
+
const c = code[i];
|
|
183
|
+
// Inside a string — consume until matching closer (handle escapes).
|
|
184
|
+
if (stringChar !== null) {
|
|
185
|
+
if (c === '\\' && i + 1 < len) {
|
|
186
|
+
i += 2;
|
|
187
|
+
continue;
|
|
188
|
+
}
|
|
189
|
+
if (c === stringChar) {
|
|
190
|
+
stringChar = null;
|
|
191
|
+
}
|
|
192
|
+
i++;
|
|
193
|
+
continue;
|
|
194
|
+
}
|
|
195
|
+
// Block comment
|
|
196
|
+
if (c === '/' && code[i + 1] === '*') {
|
|
197
|
+
const end = code.indexOf('*/', i + 2);
|
|
198
|
+
i = end < 0 ? len : end + 2;
|
|
199
|
+
continue;
|
|
200
|
+
}
|
|
201
|
+
// Line comment
|
|
202
|
+
if (c === '/' && code[i + 1] === '/') {
|
|
203
|
+
const end = code.indexOf('\n', i + 2);
|
|
204
|
+
i = end < 0 ? len : end;
|
|
205
|
+
continue;
|
|
206
|
+
}
|
|
207
|
+
// String start
|
|
208
|
+
if (c === '"' || c === "'" || c === '`') {
|
|
209
|
+
stringChar = c;
|
|
210
|
+
i++;
|
|
211
|
+
continue;
|
|
212
|
+
}
|
|
213
|
+
// `import(` pattern — must be preceded by a non-identifier char so
|
|
214
|
+
// we don't match `myimport(` or similar. Then skip whitespace,
|
|
215
|
+
// capture the literal between matching quotes, verify it's followed
|
|
216
|
+
// by `)` (modulo whitespace).
|
|
217
|
+
if (c === 'i' && code.slice(i, i + 7) === 'import(') {
|
|
218
|
+
const prev = i > 0 ? code[i - 1] : '\0';
|
|
219
|
+
if (!/[a-zA-Z0-9_$]/.test(prev)) {
|
|
220
|
+
let j = i + 7;
|
|
221
|
+
while (j < len && /\s/.test(code[j]))
|
|
222
|
+
j++;
|
|
223
|
+
const quote = code[j];
|
|
224
|
+
if (quote === '"' || quote === "'") {
|
|
225
|
+
const endQuote = code.indexOf(quote, j + 1);
|
|
226
|
+
if (endQuote > 0) {
|
|
227
|
+
const lit = code.slice(j + 1, endQuote);
|
|
228
|
+
let k = endQuote + 1;
|
|
229
|
+
while (k < len && /\s/.test(code[k]))
|
|
230
|
+
k++;
|
|
231
|
+
if (code[k] === ')') {
|
|
232
|
+
out.push(lit);
|
|
233
|
+
i = k + 1;
|
|
234
|
+
continue;
|
|
235
|
+
}
|
|
236
|
+
}
|
|
237
|
+
}
|
|
238
|
+
}
|
|
239
|
+
}
|
|
240
|
+
i++;
|
|
241
|
+
}
|
|
242
|
+
return out;
|
|
243
|
+
}
|
|
244
|
+
/**
|
|
245
|
+
* Validate that every dynamic import in `code` references a whitelisted
|
|
246
|
+
* library. Returns a list of violating specifiers (empty list = clean).
|
|
247
|
+
*/
|
|
248
|
+
export function validateImportWhitelist(code) {
|
|
249
|
+
return extractDynamicImports(code).filter((n) => !isWhitelistedLibrary(n));
|
|
250
|
+
}
|
|
251
|
+
//# sourceMappingURL=library-whitelist.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"library-whitelist.js","sourceRoot":"","sources":["../../src/ai/library-whitelist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH,MAAM,CAAC,MAAM,6BAA6B,GAAG;IAC3C,cAAc;IACd,UAAU;IACV,MAAM;IACN,QAAQ;IACR,WAAW;CACH,CAAC;AAIX,MAAM,aAAa,GAAwB,IAAI,GAAG,CAAC,6BAA6B,CAAC,CAAC;AAElF,2CAA2C;AAC3C,MAAM,UAAU,oBAAoB,CAAC,IAAY;IAC/C,OAAO,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAwC;IAC/E,oEAAoE;IACpE,8EAA8E;IAC9E,YAAY,EAAE;QACZ,eAAe;QACf,SAAS;QACT,qBAAqB;QACrB,iCAAiC;QACjC,qBAAqB;KACtB;IACD,mEAAmE;IACnE,QAAQ,EAAE;QACR,gBAAgB;QAChB,sBAAsB;QACtB,yBAAyB;KAC1B;IACD,qEAAqE;IACrE,uEAAuE;IACvE,qDAAqD;IACrD,IAAI,EAAE;QACJ,iBAAiB;QACjB,sBAAsB;KACvB;IACD,uEAAuE;IACvE,yEAAyE;IACzE,gBAAgB;IAChB,MAAM,EAAE;QACN,mBAAmB;QACnB,kCAAkC;KACnC;IACD,WAAW,EAAE;QACX,gBAAgB;QAChB,yBAAyB;KAC1B;CACF,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,UAAU,0BAA0B,CAAC,IAAS;IAClD,MAAM,KAAK,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC3C,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAExB,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,MAAM,cAAc,GAAG,CAAC,GAAQ,EAAE,EAAE;QAClC,IAAI,CAAC,GAAG;YAAE,OAAO;QACjB,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC9D,KAAK,MAAM,EAAE,IAAI,OAAgB,EAAE,CAAC;YAClC,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YACvD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,IAAI,IAAI,EAAE,MAAM,CAAC,CAAC;gBAC5E,IAAI,OAAO,IAAI,KAAK,QAAQ;oBAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpD,CAAC;QACH,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,iBAAiB,GAAG,CAAC,MAAW,EAAE,EAAE;QACxC,IAAI,CAAC,MAAM;YAAE,OAAO;QACpB,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACvE,KAAK,MAAM,CAAC,IAAI,OAAgB,EAAE,CAAC;YACjC,cAAc,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC;QAC/C,CAAC,CAAC,IAAI,CAAC,UAAU;QACjB,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAE5D,KAAK,MAAM,IAAI,IAAI,UAAmB,EAAE,CAAC;QACvC,IAAI,CAAC,IAAI;YAAE,SAAS;QACpB,4DAA4D;QAC5D,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC;QAC/B,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACxE,KAAK,MAAM,CAAC,IAAI,WAAoB,EAAE,CAAC;gBACrC,cAAc,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;gBAC3B,cAAc,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC;QACD,4BAA4B;QAC5B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAChF,KAAK,MAAM,CAAC,IAAI,UAAmB,EAAE,CAAC;gBACpC,cAAc,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QACD,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IAED,2DAA2D;IAC3D,KAAK,MAAM,GAAG,IAAI,6BAA6B,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,4BAA4B,CAAC,GAAG,CAAC,CAAC;QACnD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAY;IAChD,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,IAAI,UAAU,GAAkB,IAAI,CAAC,CAAE,4BAA4B;IACnE,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC;IAExB,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;QAEnB,oEAAoE;QACpE,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;YACxB,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC;gBAAC,CAAC,IAAI,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YACpD,IAAI,CAAC,KAAK,UAAU,EAAE,CAAC;gBAAC,UAAU,GAAG,IAAI,CAAC;YAAC,CAAC;YAC5C,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,gBAAgB;QAChB,IAAI,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;YAC5B,SAAS;QACX,CAAC;QACD,eAAe;QACf,IAAI,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;YACtC,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;YACxB,SAAS;QACX,CAAC;QACD,eAAe;QACf,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACxC,UAAU,GAAG,CAAC,CAAC;YACf,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QAED,mEAAmE;QACnE,+DAA+D;QAC/D,oEAAoE;QACpE,8BAA8B;QAC9B,IAAI,CAAC,KAAK,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;YACpD,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YACzC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;gBACd,OAAO,CAAC,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAE,CAAC;oBAAE,CAAC,EAAE,CAAC;gBAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;gBACtB,IAAI,KAAK,KAAK,GAAG,IAAI,KAAK,KAAK,GAAG,EAAE,CAAC;oBACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC5C,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;wBACjB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;wBACxC,IAAI,CAAC,GAAG,QAAQ,GAAG,CAAC,CAAC;wBACrB,OAAO,CAAC,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAE,CAAC;4BAAE,CAAC,EAAE,CAAC;wBAC3C,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;4BACpB,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;4BACd,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;4BACV,SAAS;wBACX,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,CAAC,EAAE,CAAC;IACN,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAY;IAClD,OAAO,qBAAqB,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7E,CAAC"}
|
|
@@ -1,3 +1,14 @@
|
|
|
1
|
+
import { predictAiBehaviorLibraries } from "@specverse/engines/ai";
|
|
2
|
+
const AI_LIBRARY_VERSIONS = {
|
|
3
|
+
"jsonwebtoken": { runtime: "^9.0.0", types: "^9.0.0" },
|
|
4
|
+
"bcryptjs": { runtime: "^2.4.3", types: "^2.4.0" },
|
|
5
|
+
"uuid": { runtime: "^9.0.0", types: "^9.0.0" },
|
|
6
|
+
"crypto": {
|
|
7
|
+
runtime: "*"
|
|
8
|
+
/* Node built-in */
|
|
9
|
+
},
|
|
10
|
+
"expr-eval": { runtime: "^2.0.2" }
|
|
11
|
+
};
|
|
1
12
|
function resolveOrmName(manifest) {
|
|
2
13
|
if (!manifest) return "PrismaORM";
|
|
3
14
|
const inner = manifest.manifests ? Object.values(manifest.manifests)[0] : manifest;
|
|
@@ -65,16 +76,11 @@ function generateBackendPackageJson(context) {
|
|
|
65
76
|
"zod": "^3.22.0",
|
|
66
77
|
"dotenv": "^16.3.0",
|
|
67
78
|
"commander": "^13.0.0",
|
|
68
|
-
// AI-behavior whitelist —
|
|
69
|
-
//
|
|
70
|
-
//
|
|
71
|
-
//
|
|
72
|
-
|
|
73
|
-
// doesn't actually use them.
|
|
74
|
-
"jsonwebtoken": "^9.0.0",
|
|
75
|
-
"bcryptjs": "^2.4.3",
|
|
76
|
-
"uuid": "^9.0.0",
|
|
77
|
-
"expr-eval": "^2.0.2"
|
|
79
|
+
// AI-behavior whitelist deps — only included when the spec's step
|
|
80
|
+
// text actually triggers them (predicted via predictAiBehaviorLibraries).
|
|
81
|
+
// Pre-fix every backend installed all 5 libs unconditionally even
|
|
82
|
+
// though 97% of generated bodies imported nothing. (#43K-B-review)
|
|
83
|
+
...buildAiLibraryDeps(spec, "runtime")
|
|
78
84
|
},
|
|
79
85
|
devDependencies: {
|
|
80
86
|
"typescript": "^5.3.0",
|
|
@@ -86,10 +92,9 @@ function generateBackendPackageJson(context) {
|
|
|
86
92
|
"eslint": "^9.0.0",
|
|
87
93
|
"@typescript-eslint/eslint-plugin": "^8.0.0",
|
|
88
94
|
"@typescript-eslint/parser": "^8.0.0",
|
|
89
|
-
// Type definitions for
|
|
90
|
-
|
|
91
|
-
"
|
|
92
|
-
"@types/uuid": "^9.0.0"
|
|
95
|
+
// Type definitions for whichever AI-behavior whitelist libs are
|
|
96
|
+
// included as runtime deps above. Same per-spec gating.
|
|
97
|
+
...buildAiLibraryDeps(spec, "types")
|
|
93
98
|
},
|
|
94
99
|
engines: {
|
|
95
100
|
node: ">=20.0.0"
|
|
@@ -97,6 +102,21 @@ function generateBackendPackageJson(context) {
|
|
|
97
102
|
};
|
|
98
103
|
return JSON.stringify(pkg, null, 2);
|
|
99
104
|
}
|
|
105
|
+
function buildAiLibraryDeps(spec, kind) {
|
|
106
|
+
const out = {};
|
|
107
|
+
const predicted = predictAiBehaviorLibraries(spec);
|
|
108
|
+
for (const lib of predicted) {
|
|
109
|
+
const versions = AI_LIBRARY_VERSIONS[lib];
|
|
110
|
+
if (!versions) continue;
|
|
111
|
+
if (kind === "runtime") {
|
|
112
|
+
if (versions.runtime === "*") continue;
|
|
113
|
+
out[lib] = versions.runtime;
|
|
114
|
+
} else if (kind === "types" && versions.types) {
|
|
115
|
+
out[`@types/${lib}`] = versions.types;
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
return out;
|
|
119
|
+
}
|
|
100
120
|
export {
|
|
101
121
|
generateBackendPackageJson as default
|
|
102
122
|
};
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { matchStep } from "./step-conventions.js";
|
|
2
|
+
import { validateImportWhitelist } from "@specverse/engines/ai";
|
|
2
3
|
import { createHash } from "crypto";
|
|
3
4
|
import { readFileSync, writeFileSync, existsSync, mkdirSync, unlinkSync } from "fs";
|
|
4
5
|
import { dirname, join } from "path";
|
|
@@ -16,6 +17,11 @@ async function validateTypeScript(code) {
|
|
|
16
17
|
return msg;
|
|
17
18
|
}
|
|
18
19
|
}
|
|
20
|
+
function validateImports(code) {
|
|
21
|
+
const offenders = validateImportWhitelist(code);
|
|
22
|
+
if (offenders.length === 0) return null;
|
|
23
|
+
return `import not in whitelist: ${offenders.join(", ")} (allowed: jsonwebtoken | bcryptjs | uuid | crypto | expr-eval)`;
|
|
24
|
+
}
|
|
19
25
|
async function validateTypeScriptTypes(code) {
|
|
20
26
|
let ts;
|
|
21
27
|
try {
|
|
@@ -75,7 +81,7 @@ async function validateTypeScriptTypes(code) {
|
|
|
75
81
|
return null;
|
|
76
82
|
}
|
|
77
83
|
}
|
|
78
|
-
const PROMPT_VERSION = "9.
|
|
84
|
+
const PROMPT_VERSION = "9.8.0";
|
|
79
85
|
function cacheKey(step, modelName, operationName, functionName, inputs) {
|
|
80
86
|
const payload = JSON.stringify({ step, modelName, operationName, functionName, inputs: [...inputs].sort(), v: PROMPT_VERSION });
|
|
81
87
|
return createHash("sha256").update(payload).digest("hex").slice(0, 16);
|
|
@@ -249,8 +255,9 @@ ${body}
|
|
|
249
255
|
}`;
|
|
250
256
|
const syntaxError = await validateTypeScript(testCode);
|
|
251
257
|
const typeError = syntaxError ? null : await validateTypeScriptTypes(testCode);
|
|
252
|
-
|
|
253
|
-
|
|
258
|
+
const importError = syntaxError || typeError ? null : validateImports(testCode);
|
|
259
|
+
if (syntaxError || typeError || importError) {
|
|
260
|
+
console.warn(` [ai-validate] cached ${functionName} failed validation: ${syntaxError || typeError || importError}`);
|
|
254
261
|
body = null;
|
|
255
262
|
source = "STUB";
|
|
256
263
|
} else {
|
|
@@ -285,13 +292,20 @@ ${body}
|
|
|
285
292
|
source = "AI-INVALID";
|
|
286
293
|
} else {
|
|
287
294
|
const typeError = await validateTypeScriptTypes(testCode);
|
|
288
|
-
|
|
289
|
-
|
|
295
|
+
const importError = typeError ? null : validateImports(testCode);
|
|
296
|
+
if (typeError || importError) {
|
|
297
|
+
console.warn(` [ai-validate] ${functionName} ${typeError ? "type errors: " + typeError : "whitelist violation: " + importError}`);
|
|
290
298
|
try {
|
|
291
|
-
const
|
|
292
|
-
|
|
299
|
+
const errorParts = [];
|
|
300
|
+
if (typeError) errorParts.push(`TypeScript type errors:
|
|
301
|
+
${typeError}`);
|
|
302
|
+
if (importError) errorParts.push(`Import-whitelist violation: ${importError}.
|
|
303
|
+
Only these libraries may be dynamic-imported: jsonwebtoken, bcryptjs, uuid, crypto, expr-eval. Anything else is forbidden \u2014 throw an Error if the step needs an unsupported library.`);
|
|
304
|
+
const retryHint = `Your previous output had problems:
|
|
305
|
+
|
|
306
|
+
${errorParts.join("\n\n")}
|
|
293
307
|
|
|
294
|
-
Fix these specifically \u2014 common causes:
|
|
308
|
+
Fix these specifically \u2014 common type-error causes:
|
|
295
309
|
- RegExp match indices are 'string | undefined'; use non-null assertion or extract to a typed variable
|
|
296
310
|
- Strict null checks: guard or assert before use
|
|
297
311
|
- Don't declare locals you never reference
|
|
@@ -315,7 +329,8 @@ ${retried}
|
|
|
315
329
|
}`;
|
|
316
330
|
const retrySyntaxError = await validateTypeScript(retryCode);
|
|
317
331
|
const retryTypeError = retrySyntaxError ? null : await validateTypeScriptTypes(retryCode);
|
|
318
|
-
|
|
332
|
+
const retryImportError = retrySyntaxError || retryTypeError ? null : validateImports(retryCode);
|
|
333
|
+
if (!retrySyntaxError && !retryTypeError && !retryImportError) {
|
|
319
334
|
body = retried;
|
|
320
335
|
source = "AI-GENERATED";
|
|
321
336
|
cacheWrite(key, body);
|
package/libs/instance-factories/applications/templates/generic/backend-package-json-generator.ts
CHANGED
|
@@ -8,6 +8,20 @@
|
|
|
8
8
|
*/
|
|
9
9
|
|
|
10
10
|
import type { TemplateContext } from '@specverse/types';
|
|
11
|
+
import { predictAiBehaviorLibraries } from '@specverse/engines/ai';
|
|
12
|
+
|
|
13
|
+
// Version pins for the AI-behavior whitelist libs. Single source of
|
|
14
|
+
// truth so the runtime dep + the @types dep stay in sync. Listed
|
|
15
|
+
// here (not in `library-whitelist.ts`) because that module is shared
|
|
16
|
+
// with the validator + spec scanner — those don't care about npm
|
|
17
|
+
// version ranges, only library names.
|
|
18
|
+
const AI_LIBRARY_VERSIONS: Record<string, { runtime: string; types?: string }> = {
|
|
19
|
+
'jsonwebtoken': { runtime: '^9.0.0', types: '^9.0.0' },
|
|
20
|
+
'bcryptjs': { runtime: '^2.4.3', types: '^2.4.0' },
|
|
21
|
+
'uuid': { runtime: '^9.0.0', types: '^9.0.0' },
|
|
22
|
+
'crypto': { runtime: '*' /* Node built-in */ },
|
|
23
|
+
'expr-eval': { runtime: '^2.0.2' },
|
|
24
|
+
};
|
|
11
25
|
|
|
12
26
|
/** Read the manifest's resolved orm name (e.g. "PrismaORM", "MongoDBNativeDriver"). */
|
|
13
27
|
function resolveOrmName(manifest: any): string {
|
|
@@ -108,16 +122,11 @@ export default function generateBackendPackageJson(context: TemplateContext): st
|
|
|
108
122
|
'zod': '^3.22.0',
|
|
109
123
|
'dotenv': '^16.3.0',
|
|
110
124
|
'commander': '^13.0.0',
|
|
111
|
-
// AI-behavior whitelist —
|
|
112
|
-
//
|
|
113
|
-
//
|
|
114
|
-
//
|
|
115
|
-
|
|
116
|
-
// doesn't actually use them.
|
|
117
|
-
'jsonwebtoken': '^9.0.0',
|
|
118
|
-
'bcryptjs': '^2.4.3',
|
|
119
|
-
'uuid': '^9.0.0',
|
|
120
|
-
'expr-eval': '^2.0.2'
|
|
125
|
+
// AI-behavior whitelist deps — only included when the spec's step
|
|
126
|
+
// text actually triggers them (predicted via predictAiBehaviorLibraries).
|
|
127
|
+
// Pre-fix every backend installed all 5 libs unconditionally even
|
|
128
|
+
// though 97% of generated bodies imported nothing. (#43K-B-review)
|
|
129
|
+
...buildAiLibraryDeps(spec, 'runtime')
|
|
121
130
|
},
|
|
122
131
|
|
|
123
132
|
devDependencies: {
|
|
@@ -130,10 +139,9 @@ export default function generateBackendPackageJson(context: TemplateContext): st
|
|
|
130
139
|
'eslint': '^9.0.0',
|
|
131
140
|
'@typescript-eslint/eslint-plugin': '^8.0.0',
|
|
132
141
|
'@typescript-eslint/parser': '^8.0.0',
|
|
133
|
-
// Type definitions for
|
|
134
|
-
|
|
135
|
-
'
|
|
136
|
-
'@types/uuid': '^9.0.0'
|
|
142
|
+
// Type definitions for whichever AI-behavior whitelist libs are
|
|
143
|
+
// included as runtime deps above. Same per-spec gating.
|
|
144
|
+
...buildAiLibraryDeps(spec, 'types')
|
|
137
145
|
},
|
|
138
146
|
|
|
139
147
|
engines: {
|
|
@@ -143,3 +151,31 @@ export default function generateBackendPackageJson(context: TemplateContext): st
|
|
|
143
151
|
|
|
144
152
|
return JSON.stringify(pkg, null, 2);
|
|
145
153
|
}
|
|
154
|
+
|
|
155
|
+
/**
|
|
156
|
+
* Build the AI-library deps block for the given spec. `kind = 'runtime'`
|
|
157
|
+
* yields the runtime deps (jsonwebtoken etc.); `kind = 'types'` yields
|
|
158
|
+
* the matching @types/* devDeps. Empty object when no whitelist trigger
|
|
159
|
+
* fires in the spec — the realized backend then ships without any of
|
|
160
|
+
* these deps installed (the validator already prevented bodies from
|
|
161
|
+
* importing them, so nothing references them at runtime).
|
|
162
|
+
*
|
|
163
|
+
* `crypto` is a Node built-in, so it never produces a runtime dep
|
|
164
|
+
* entry; if a body uses it, no install is needed.
|
|
165
|
+
*/
|
|
166
|
+
function buildAiLibraryDeps(spec: any, kind: 'runtime' | 'types'): Record<string, string> {
|
|
167
|
+
const out: Record<string, string> = {};
|
|
168
|
+
const predicted = predictAiBehaviorLibraries(spec);
|
|
169
|
+
for (const lib of predicted) {
|
|
170
|
+
const versions = AI_LIBRARY_VERSIONS[lib];
|
|
171
|
+
if (!versions) continue;
|
|
172
|
+
if (kind === 'runtime') {
|
|
173
|
+
// Skip Node built-ins (crypto) — they don't go in package.json deps.
|
|
174
|
+
if (versions.runtime === '*') continue;
|
|
175
|
+
out[lib] = versions.runtime;
|
|
176
|
+
} else if (kind === 'types' && versions.types) {
|
|
177
|
+
out[`@types/${lib}`] = versions.types;
|
|
178
|
+
}
|
|
179
|
+
}
|
|
180
|
+
return out;
|
|
181
|
+
}
|
|
@@ -19,6 +19,7 @@
|
|
|
19
19
|
|
|
20
20
|
import type { TemplateContext } from '@specverse/types';
|
|
21
21
|
import { matchStep, type StepContext } from './step-conventions.js';
|
|
22
|
+
import { validateImportWhitelist } from '@specverse/engines/ai';
|
|
22
23
|
import { createHash } from 'crypto';
|
|
23
24
|
import { readFileSync, writeFileSync, existsSync, mkdirSync, unlinkSync } from 'fs';
|
|
24
25
|
import { dirname, join } from 'path';
|
|
@@ -59,6 +60,26 @@ async function validateTypeScript(code: string): Promise<string | null> {
|
|
|
59
60
|
* unused locals, undefined references. Reprompting with the tsc error
|
|
60
61
|
* lets the LLM self-correct without burning a per-step retry.
|
|
61
62
|
*/
|
|
63
|
+
/**
|
|
64
|
+
* Validate that every dynamic `await import('LIT')` in `code` references
|
|
65
|
+
* a whitelisted library. Returns null if clean; an error message
|
|
66
|
+
* otherwise. The whitelist (and the rationale behind each entry) lives
|
|
67
|
+
* in `engines/src/ai/library-whitelist.ts` — single source of truth.
|
|
68
|
+
*
|
|
69
|
+
* This closes the gap noted in TODO #43K-B-review: pre-fix, the type
|
|
70
|
+
* validator above failed on every dynamic import (whitelisted or not)
|
|
71
|
+
* because the engines workspace has none of the whitelist libs
|
|
72
|
+
* installed; bodies were silently routed through the AI-INVALID
|
|
73
|
+
* fallback regardless of import legality. Bodies importing
|
|
74
|
+
* non-whitelisted libs would crash at runtime in the realized backend.
|
|
75
|
+
* Now we reject them at generation time.
|
|
76
|
+
*/
|
|
77
|
+
function validateImports(code: string): string | null {
|
|
78
|
+
const offenders = validateImportWhitelist(code);
|
|
79
|
+
if (offenders.length === 0) return null;
|
|
80
|
+
return `import not in whitelist: ${offenders.join(', ')} (allowed: jsonwebtoken | bcryptjs | uuid | crypto | expr-eval)`;
|
|
81
|
+
}
|
|
82
|
+
|
|
62
83
|
async function validateTypeScriptTypes(code: string): Promise<string | null> {
|
|
63
84
|
let ts: any;
|
|
64
85
|
try {
|
|
@@ -135,7 +156,7 @@ async function validateTypeScriptTypes(code: string): Promise<string | null> {
|
|
|
135
156
|
* produces a new hash. The prompt version is part of the hash so
|
|
136
157
|
* prompt upgrades also invalidate.
|
|
137
158
|
*/
|
|
138
|
-
const PROMPT_VERSION = '9.
|
|
159
|
+
const PROMPT_VERSION = '9.8.0'; // 9.8: import-whitelist enforcement (#43K-B-review)
|
|
139
160
|
|
|
140
161
|
function cacheKey(step: string, modelName: string, operationName: string, functionName: string, inputs: string[]): string {
|
|
141
162
|
const payload = JSON.stringify({ step, modelName, operationName, functionName, inputs: [...inputs].sort(), v: PROMPT_VERSION });
|
|
@@ -458,8 +479,9 @@ export async function generateAiBehaviorsFile(opts: {
|
|
|
458
479
|
const testCode = `export async function ${functionName}(input: any): Promise<any> {\n${body}\n}`;
|
|
459
480
|
const syntaxError = await validateTypeScript(testCode);
|
|
460
481
|
const typeError = syntaxError ? null : await validateTypeScriptTypes(testCode);
|
|
461
|
-
|
|
462
|
-
|
|
482
|
+
const importError = (syntaxError || typeError) ? null : validateImports(testCode);
|
|
483
|
+
if (syntaxError || typeError || importError) {
|
|
484
|
+
console.warn(` [ai-validate] cached ${functionName} failed validation: ${syntaxError || typeError || importError}`);
|
|
463
485
|
body = null; // Force regeneration
|
|
464
486
|
source = 'STUB';
|
|
465
487
|
} else {
|
|
@@ -498,10 +520,18 @@ export async function generateAiBehaviorsFile(opts: {
|
|
|
498
520
|
source = 'AI-INVALID';
|
|
499
521
|
} else {
|
|
500
522
|
const typeError = await validateTypeScriptTypes(testCode);
|
|
501
|
-
|
|
502
|
-
|
|
523
|
+
// Whitelist gate runs after type check so error precedence is
|
|
524
|
+
// syntax > types > imports (most-actionable error first).
|
|
525
|
+
const importError = typeError ? null : validateImports(testCode);
|
|
526
|
+
if (typeError || importError) {
|
|
527
|
+
console.warn(` [ai-validate] ${functionName} ${typeError ? 'type errors: ' + typeError : 'whitelist violation: ' + importError}`);
|
|
503
528
|
try {
|
|
504
|
-
|
|
529
|
+
// Build a retry hint that targets whichever gate failed.
|
|
530
|
+
// Mixed failures (type AND import) get both messages.
|
|
531
|
+
const errorParts: string[] = [];
|
|
532
|
+
if (typeError) errorParts.push(`TypeScript type errors:\n${typeError}`);
|
|
533
|
+
if (importError) errorParts.push(`Import-whitelist violation: ${importError}.\nOnly these libraries may be dynamic-imported: jsonwebtoken, bcryptjs, uuid, crypto, expr-eval. Anything else is forbidden — throw an Error if the step needs an unsupported library.`);
|
|
534
|
+
const retryHint = `Your previous output had problems:\n\n${errorParts.join('\n\n')}\n\nFix these specifically — common type-error causes:\n- RegExp match indices are 'string | undefined'; use non-null assertion or extract to a typed variable\n- Strict null checks: guard or assert before use\n- Don't declare locals you never reference\n\nIMPORTANT: The destructure line \`const { ... } = input;\` is added by the wrapper, NOT by you. Output ONLY the function body that goes AFTER that line — do not repeat the destructure or you will produce duplicate-declaration errors.`;
|
|
505
535
|
const retried = await aiService.generateBehavior({
|
|
506
536
|
step: `${step}\n\n${retryHint}`,
|
|
507
537
|
modelName,
|
|
@@ -516,7 +546,8 @@ export async function generateAiBehaviorsFile(opts: {
|
|
|
516
546
|
const retryCode = `export async function ${functionName}(input: any): Promise<any> {\n${retried}\n}`;
|
|
517
547
|
const retrySyntaxError = await validateTypeScript(retryCode);
|
|
518
548
|
const retryTypeError = retrySyntaxError ? null : await validateTypeScriptTypes(retryCode);
|
|
519
|
-
|
|
549
|
+
const retryImportError = (retrySyntaxError || retryTypeError) ? null : validateImports(retryCode);
|
|
550
|
+
if (!retrySyntaxError && !retryTypeError && !retryImportError) {
|
|
520
551
|
body = retried;
|
|
521
552
|
source = 'AI-GENERATED';
|
|
522
553
|
cacheWrite(key, body);
|