@superblocksteam/shared 0.9589.6 → 0.9590.1

package/src/types/policyGate/index.ts

@@ -14,14 +14,39 @@ export type PolicyGateReadinessFindingSummary = {
   suppressed: number;
 };
 
+export type PolicyGateReadinessFinding = {
+  blocking: boolean;
+  severity: 'critical' | 'high' | 'info' | 'low' | 'medium';
+  title: string;
+};
+
+export type PolicyGateScanPhaseName = 'built_asset' | 'dependency_audit' | 'source';
+
+export type PolicyGateScanPhaseState = 'complete' | 'failed' | 'pending' | 'running' | 'skipped';
+
+export type PolicyGateScanPhaseProgress = {
+  completedAt?: string;
+  durationMs?: number;
+  startedAt?: string;
+  state: PolicyGateScanPhaseState;
+};
+
+export type PolicyGateScanProgress = {
+  phases: Partial<Record<PolicyGateScanPhaseName, PolicyGateScanPhaseProgress>>;
+  requiredPhases: PolicyGateScanPhaseName[];
+};
+
 export type PolicyGateReadinessItem = {
   actions: PolicyGateReadinessAction[];
+  displayName?: string;
+  findings?: PolicyGateReadinessFinding[];
   findingSummary: PolicyGateReadinessFindingSummary;
   itemId: string;
   itemType: 'security_agent' | 'security_scan';
   mode: 'advisory' | 'approval' | 'blocking' | 'report_only';
   policyId: string;
   policyVersionId: string;
+  progress?: PolicyGateScanProgress;
   reviewRunId?: string;
   staleReason?: string;
   status: PolicyGateReadinessItemStatus;
@@ -43,7 +68,7 @@ export type PolicyGateReadinessResponse = {
   target: PolicyGateReadinessTarget;
 };
 
-export type PolicyGateReadinessStatus = 'allowed' | 'approval_required' | 'blocked' | 'failed' | 'running' | 'stale';
+export type PolicyGateReadinessStatus = 'allowed' | 'approval_required' | 'blocked' | 'disabled' | 'failed' | 'running' | 'stale';
 
 export type PolicyGateReadinessTarget = {
   applicationId: string;

package/src/types/rbac/index.ts

@@ -146,10 +146,12 @@ export enum ResourceTypeEnum {
   INTEGRATIONS_DEFAULT_AI = 'integrations.default_ai',
   LOGS = 'logs',
   LOGS_STREAMS = 'logs.streams',
+  NPM_REGISTRY = 'npm_registry',
   ORGANIZATION = 'org',
   // ORGANIZATION_REQUESTS = 'org.requests',
   ORGANIZATION_USERS = 'org.users',
   ORG_KNOWLEDGE = 'org_knowledge',
+  POLICY_AGENTS = 'policy_agents',
   PROFILES = 'profiles',
   REPOSITORIES = 'repos',
   ROLES = 'roles',
@@ -222,6 +224,10 @@ export const ActionTypeByResourceType = {
   PROFILES: {
     MANAGE: ActionTypeEnum.MANAGE
   },
+  POLICY_AGENTS: {
+    MANAGE: ActionTypeEnum.MANAGE,
+    VIEW: ActionTypeEnum.VIEW
+  },
   ROLES: {
     READ: ActionTypeEnum.READ,
     MANAGE: ActionTypeEnum.MANAGE
@@ -277,6 +283,9 @@ export const ActionTypeByResourceType = {
     MANAGE: ActionTypeEnum.MANAGE,
     READ: ActionTypeEnum.READ
   },
+  NPM_REGISTRY: {
+    MANAGE: ActionTypeEnum.MANAGE
+  },
   SCHEDULED_JOBS: {
     CREATE: ActionTypeEnum.CREATE,
     DELETE: ActionTypeEnum.DELETE,

package/src/types/reviewPolicy/index.ts

@@ -112,6 +112,35 @@ export interface ReviewPolicyRunDto {
   errorMessage: string | null;
 }
 
+export interface ReviewFindingDto {
+  id: string;
+  sourceTool: string;
+  sourceRuleId: string | null;
+  sourcePolicyId: string | null;
+  sourcePhase: ReviewFindingSourcePhase | null;
+  category: ReviewFindingCategory;
+  findingType: string | null;
+  severity: ReviewFindingSeverity;
+  confidence: ReviewFindingConfidence | null;
+  blocking: boolean;
+  blockingReason: string | null;
+  title: string;
+  humanSummary: string | null;
+  technicalSummary: string | null;
+  evidence: Record<string, unknown>;
+  locations: unknown[];
+  remediationHint: Record<string, unknown>;
+  clarkRemediable: boolean;
+  adminOnly: boolean;
+  created: string;
+}
+
+export interface ReviewPolicyRunReportDto {
+  policy: ReviewPolicyDto;
+  run: ReviewPolicyRunDto;
+  findings: ReviewFindingDto[];
+}
+
 export interface ReviewPolicyRunsDto {
   policy: ReviewPolicyDto;
   runs: ReviewPolicyRunDto[];
@@ -125,8 +154,10 @@ export interface ReviewPolicySummaryDto {
 }
 
 export type CreateReviewPolicyBody =
-  | { policyType: 'built_in_security_scan' }
-  | { policyType: 'security_agent'; name: string; prompt: string };
+  | { policyType: 'built_in_security_scan'; mode?: ReviewPolicyMode }
+  | { policyType: 'security_agent'; mode: ReviewPolicyMode; name: string; prompt: string };
 
 export type UpdateReviewPolicyBody = { status: AiAgentStatus };
-export type UpdateReviewPolicyConfigBody = { activeVersionId: string; name: string; prompt: string };
+export type UpdateReviewPolicyConfigBody =
+  | { activeVersionId: string; policyType: 'built_in_security_scan'; mode: ReviewPolicyMode }
+  | { activeVersionId: string; policyType: 'security_agent'; mode: ReviewPolicyMode; name: string; prompt: string };

package/src/types/user/index.ts

@@ -47,12 +47,14 @@ export type GetOrganizationGeneralResponseBody = {
   name: string;
   allowedDomains: Domain[];
   roleSettings: RoleSettingsDto;
+  npmAllowInstallScripts?: boolean;
 };
 
 export type PatchOrganizationGeneralResponseBody = {
   name?: string;
   allowedDomains?: string[];
   roleSettings?: RoleSettingsDto;
+  npmAllowInstallScripts?: boolean;
 };
 
 export type DataTreeUser = {

package/src/utils/string.test.ts

@@ -1,6 +1,6 @@
 import { describe, test, expect } from 'vitest';
 
-import { camelCaseToDisplay, getNextEntityName, validateEmail } from './string.js';
+import { camelCaseToDisplay, getNextEntityName, isUuid, validateEmail } from './string.js';
 
 describe('camel case to display', () => {
   test('can convert camel case to display', () => {
@@ -19,6 +19,37 @@ describe('validate email', () => {
   });
 });
 
+describe('isUuid', () => {
+  test('accepts canonical RFC 4122-style UUIDs (case-insensitive)', () => {
+    expect(isUuid('a1b2c3d4-e5f6-7890-abcd-1234567890ab')).toBe(true);
+    expect(isUuid('A1B2C3D4-E5F6-7890-ABCD-1234567890AB')).toBe(true);
+    expect(isUuid('00000000-0000-0000-0000-000000000000')).toBe(true);
+  });
+
+  test('rejects non-UUID strings without throwing', () => {
+    // Strictness is the contract — these are the shapes PostgreSQL would
+    // reject with `invalid input syntax for type uuid` if forwarded to a
+    // UUID column.
+    expect(isUuid('not-a-uuid')).toBe(false);
+    expect(isUuid('unknown agent id')).toBe(false);
+    // Near-miss: first segment is 7 chars instead of 8.
+    expect(isUuid('1234567-1234-1234-1234-123456789abc')).toBe(false);
+    // Too many segments.
+    expect(isUuid('a1b2c3d4-e5f6-7890-abcd-1234567890ab-extra')).toBe(false);
+    // Non-hex character.
+    expect(isUuid('a1b2c3d4-e5f6-7890-abcd-1234567890zz')).toBe(false);
+    // Empty string.
+    expect(isUuid('')).toBe(false);
+  });
+
+  test('rejects non-string inputs', () => {
+    expect(isUuid(null)).toBe(false);
+    expect(isUuid(undefined)).toBe(false);
+    expect(isUuid(123)).toBe(false);
+    expect(isUuid({})).toBe(false);
+  });
+});
+
 describe('getNextEntityName', () => {
   test('get next name with underscore', async () => {
     expect(getNextEntityName('Tabs_', ['Tabs_1', 'Tabs_2', 'Tabs_3'])).toEqual('Tabs_4');

package/src/utils/string.ts

@@ -18,6 +18,18 @@ export const validateEmail = (email: string): boolean => {
   return EmailRegexComplete.test(email);
 };
 
+// Matches canonical RFC 4122-style UUIDs (8-4-4-4-12 hex, case-insensitive).
+// Intentionally strict: we want to reject inputs that PostgreSQL would later
+// reject with `invalid input syntax for type uuid`, surfacing the boundary as
+// a 4xx in our own validators instead of a 500 from the DB driver. Do NOT
+// loosen this to a partial match or a "looks UUID-ish" regex — the strictness
+// is the contract.
+export const UUID_REGEX_STRING = '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}';
+const UuidRegexComplete = new RegExp(`^${UUID_REGEX_STRING}$`, 'i');
+export const isUuid = (value: unknown): value is string => {
+  return typeof value === 'string' && UuidRegexComplete.test(value);
+};
+
 export const getNextEntityName = (prefix: string, existingNames: string[], separator = '_') => {
   const cleanName = (name: string) => {
     return (