@superblocksteam/shared 0.9586.6 → 0.9589.0

package/src/types/policyGate/index.ts

@@ -0,0 +1,52 @@
+export type PolicyGateReadinessAction =
+  | 'contact_admin'
+  | 'fix_with_clark'
+  | 'request_approval'
+  | 'request_suppression'
+  | 'rerun_gate'
+  | 'view_report'
+  | 'wait';
+
+export type PolicyGateReadinessFindingSummary = {
+  advisory: number;
+  approvalRequired: number;
+  blocking: number;
+  suppressed: number;
+};
+
+export type PolicyGateReadinessItem = {
+  actions: PolicyGateReadinessAction[];
+  findingSummary: PolicyGateReadinessFindingSummary;
+  itemId: string;
+  itemType: 'security_agent' | 'security_scan';
+  mode: 'advisory' | 'approval' | 'blocking' | 'report_only';
+  policyId: string;
+  policyVersionId: string;
+  reviewRunId?: string;
+  staleReason?: string;
+  status: PolicyGateReadinessItemStatus;
+};
+
+export type PolicyGateReadinessItemStatus =
+  | 'advisory_findings'
+  | 'approval_required'
+  | 'blocked'
+  | 'failed'
+  | 'missing'
+  | 'passed'
+  | 'running'
+  | 'stale';
+
+export type PolicyGateReadinessResponse = {
+  items: PolicyGateReadinessItem[];
+  status: PolicyGateReadinessStatus;
+  target: PolicyGateReadinessTarget;
+};
+
+export type PolicyGateReadinessStatus = 'allowed' | 'approval_required' | 'blocked' | 'failed' | 'running' | 'stale';
+
+export type PolicyGateReadinessTarget = {
+  applicationId: string;
+  commitId: string;
+  directoryContentsHash: string | null;
+};

package/src/types/rbac/index.ts

@@ -124,6 +124,7 @@ export enum AssignmentTypeEnum {
 }
 
 export enum PrincipalTypeEnum {
+  APPLICATION = 'application',
   GROUP = 'group',
   USER = 'user'
   // ORGANIZATION = 'organization',
@@ -133,6 +134,7 @@ export enum PrincipalTypeEnum {
 export enum ResourceTypeEnum {
   ACCESS_TOKENS = 'access_tokens',
   AGENTS = 'agents',
+  AI_INFERENCE = 'ai.inference',
   APPLICATIONS = 'apps',
   APPLICATIONS_APIS = 'apps.apis',
   APPLICATIONS_PAGES = 'apps.pages',
@@ -190,6 +192,9 @@ export const ActionTypeByResourceType = {
     READ: ActionTypeEnum.READ,
     MANAGE: ActionTypeEnum.MANAGE
   },
+  AI_INFERENCE: {
+    MANAGE: ActionTypeEnum.MANAGE
+  },
   INTEGRATIONS_DEFAULT_AI: {
     MANAGE: ActionTypeEnum.MANAGE
   },
@@ -309,6 +314,7 @@ export type AssignmentDto = {
   // group and user maps to principalId in the model
   // that means we will either have group or user in this object
   group?: GroupBrief;
+  principalApplication?: ResourceBrief & { devEnvEnabled: boolean };
   user?: {
     id: string;
     name: string;

package/src/types/response/GetPolicyGateReadinessResponseBody.ts

@@ -0,0 +1,3 @@
+import { PolicyGateReadinessResponse } from '../policyGate/index.js';
+
+export type GetPolicyGateReadinessResponseBody = PolicyGateReadinessResponse;

package/src/types/response/index.ts

@@ -28,6 +28,7 @@ export * from './PutApiUpdateResponseBody.js';
 export * from './GetApplicationDeploymentsResponseBody.js';
 export * from './GetApiDeploymentsResponseBody.js';
 export * from './GetPermissionEntitiesResponseBody.js';
+export * from './GetPolicyGateReadinessResponseBody.js';
 export * from './GetGroupPermissionEntitiesResponseBody.js';
 export * from './GetAuditLogsEntitiesResponseBody.js';
 export * from './GetAuditLogsResponseBody.js';

package/src/types/reviewPolicy/index.ts

@@ -0,0 +1,132 @@
+export const AI_AGENT_STATUSES = ['active', 'disabled'] as const;
+
+export const REVIEW_POLICY_NAME_MAX_LENGTH = 120;
+export const REVIEW_POLICY_PROMPT_MAX_LENGTH = 10000;
+
+export const REVIEW_POLICY_TYPES = ['built_in_security_scan', 'security_agent'] as const;
+export const REVIEW_POLICY_SOURCES = ['admin_configured', 'superblocks_managed'] as const;
+export const REVIEW_POLICY_TRIGGERS = ['before_deploy', 'after_checkpoint', 'manual'] as const;
+export const REVIEW_POLICY_EXECUTION_CONTEXTS = [
+  'edit_mode_app',
+  'superblocks_sabs_built_assets',
+  'superblocks_sabs_dependency_metadata',
+  'superblocks_sabs_source_snapshot'
+] as const;
+export const REVIEW_POLICY_RUNTIMES = ['superblocks_dev_server_agent', 'superblocks_sabs'] as const;
+export const REVIEW_POLICY_MODES = ['advisory', 'blocking'] as const;
+export const REVIEW_POLICY_RUNNER_TYPES = ['built_in_security_scan', 'llm_security_agent'] as const;
+export const REVIEW_FINDING_SOURCE_PHASES = ['built_asset', 'dependency', 'edit_mode_app', 'iac', 'image', 'source'] as const;
+export const REVIEW_FINDING_CATEGORIES = [
+  'external_policy',
+  'misconfiguration',
+  'security_agent',
+  'secret',
+  'sensitive_data',
+  'vulnerability'
+] as const;
+
+// Severity and confidence order is semantically meaningful from strongest to weakest.
+export const REVIEW_FINDING_SEVERITIES = ['critical', 'high', 'medium', 'low', 'info'] as const;
+export const REVIEW_FINDING_CONFIDENCES = ['high', 'medium', 'low'] as const;
+export const REVIEW_FINDING_SUPPRESSION_STATUSES = ['active', 'expired', 'revoked'] as const;
+
+// Lifecycle ordering is semantically meaningful; matches AiAgentRun status sequence with review-specific states.
+export const REVIEW_RUN_STATUSES = [
+  'queued',
+  'running',
+  'passed',
+  'findings',
+  'blocked',
+  'errored',
+  'timed_out',
+  'canceled',
+  'stale'
+] as const;
+
+// Lifecycle ordering is semantically meaningful.
+export const REVIEW_RUN_DECISIONS = ['allowed', 'advisory_allowed', 'blocked', 'error_blocked', 'not_applicable'] as const;
+export const REVIEW_RUN_TRIGGERED_BYS = ['system', 'user'] as const;
+
+export type AiAgentStatus = (typeof AI_AGENT_STATUSES)[number];
+export type ReviewPolicyStatus = AiAgentStatus;
+export type ReviewPolicyType = (typeof REVIEW_POLICY_TYPES)[number];
+export type ReviewPolicySource = (typeof REVIEW_POLICY_SOURCES)[number];
+export type ReviewPolicyTrigger = (typeof REVIEW_POLICY_TRIGGERS)[number];
+export type ReviewPolicyExecutionContext = (typeof REVIEW_POLICY_EXECUTION_CONTEXTS)[number];
+export type ReviewPolicyRuntime = (typeof REVIEW_POLICY_RUNTIMES)[number];
+export type ReviewPolicyMode = (typeof REVIEW_POLICY_MODES)[number];
+export type ReviewPolicyRunnerType = (typeof REVIEW_POLICY_RUNNER_TYPES)[number];
+export type ReviewFindingSourcePhase = (typeof REVIEW_FINDING_SOURCE_PHASES)[number];
+export type ReviewFindingCategory = (typeof REVIEW_FINDING_CATEGORIES)[number];
+export type ReviewFindingSeverity = (typeof REVIEW_FINDING_SEVERITIES)[number];
+export type ReviewFindingConfidence = (typeof REVIEW_FINDING_CONFIDENCES)[number];
+export type ReviewFindingSuppressionStatus = (typeof REVIEW_FINDING_SUPPRESSION_STATUSES)[number];
+export type ReviewRunStatus = (typeof REVIEW_RUN_STATUSES)[number];
+export type ReviewRunDecision = (typeof REVIEW_RUN_DECISIONS)[number];
+export type ReviewRunTriggeredBy = (typeof REVIEW_RUN_TRIGGERED_BYS)[number];
+
+export type ReviewPolicyScopeType = 'all_apps' | 'limited';
+
+export interface ReviewPolicyLastRunDto {
+  id: string;
+  status: ReviewRunStatus;
+  created: string;
+}
+
+export interface ReviewPolicyDto {
+  id: string;
+  organizationId: string;
+  aiAgentId: string;
+  activeVersionId: string;
+  versionNumber: number;
+  policyType: ReviewPolicyType;
+  source: ReviewPolicySource;
+  name: string;
+  status: AiAgentStatus;
+  mode: ReviewPolicyMode;
+  scope: { type: ReviewPolicyScopeType };
+  lastRun: ReviewPolicyLastRunDto | null;
+  createdBy: string | null;
+  created: string;
+}
+
+export interface ReviewPolicyDetailDto extends ReviewPolicyDto {
+  prompt: string;
+}
+
+export interface ReviewPolicyRunDto {
+  id: string;
+  applicationId: string;
+  applicationName: string | null;
+  applicationCommitId: string;
+  policyVersionNumber: number;
+  findingsCount: number;
+  profileId: string;
+  status: ReviewRunStatus;
+  decision: ReviewRunDecision | null;
+  decisionReason: string | null;
+  startedAt: string | null;
+  completedAt: string | null;
+  created: string;
+  errorCode: string | null;
+  errorMessage: string | null;
+}
+
+export interface ReviewPolicyRunsDto {
+  policy: ReviewPolicyDto;
+  runs: ReviewPolicyRunDto[];
+}
+
+export interface ReviewPolicySummaryDto {
+  activeAgents: number;
+  agentRuns24h: number;
+  securityScans24h: number;
+  findings24h: number;
+}
+
+export type CreateReviewPolicyBody =
+  | { policyType: 'built_in_security_scan' }
+  | { policyType: 'security_agent'; name: string; prompt: string };
+
+export type UpdateReviewPolicyBody = { status: AiAgentStatus };
+export type UpdateReviewPolicyConfigBody = { activeVersionId: string; name: string; prompt: string };

package/src/utils/git-url.test.ts

@@ -1,13 +1,6 @@
 import { describe, expect, it } from 'vitest';
 
-import {
-  GITHUB_PAT_SETTINGS_URL,
-  getGitHubCompareUrl,
-  gitRemoteUrlToWeb,
-  isGitHubUrl,
-  isValidGitUrl,
-  sshGitUrlToHttps
-} from './git-url.js';
+import { getGitHubCompareUrl, gitRemoteUrlToWeb, isGitHubUrl, isValidGitUrl, sshGitUrlToHttps } from './git-url.js';
 
 describe('isValidGitUrl', () => {
   it.each([
@@ -151,9 +144,3 @@ describe('sshGitUrlToHttps', () => {
     expect(sshGitUrlToHttps('not-a-url')).toBeNull();
   });
 });
-
-describe('GITHUB_PAT_SETTINGS_URL', () => {
-  it('is a valid URL', () => {
-    expect(GITHUB_PAT_SETTINGS_URL).toBe('https://github.com/settings/tokens');
-  });
-});

package/src/utils/git-url.ts

@@ -10,8 +10,6 @@ const SSH_GIT_URL_RE = /^[\w-]+@[\w.-]+:[\w./-]+(\.git)?$/;
 // ssh:// protocol format: ssh://git@host/path
 const SSH_PROTOCOL_RE = /^ssh:\/\/[\w-]+@[\w.-]+(\/[\w./-]+)+(\.git)?\/?$/i;
 
-export const GITHUB_PAT_SETTINGS_URL = 'https://github.com/settings/tokens';
-
 export function isValidGitUrl(url: string): boolean {
   const trimmed = url.trim();
   return HTTPS_GIT_URL_RE.test(trimmed) || SSH_GIT_URL_RE.test(trimmed) || SSH_PROTOCOL_RE.test(trimmed);