@superblocksteam/shared 0.9590.8 → 0.9591.0

package/src/types/audit/ocsf.ts

@@ -163,6 +163,7 @@ export const AUDIT_EVENT_TYPE_CATALOG: AuditEventTypeEntry[] = [
       'application.git.connect',
       'application.git.disconnect',
       'application.metadata.update',
+      'application.policy_gate_check.start',
       'application.settings.update',
       'application.undeploy'
     ]
@@ -237,6 +238,7 @@ export const AUDIT_EVENT_TYPE_CATALOG: AuditEventTypeEntry[] = [
     resource_type: 'Organization',
     operations: [
       'organization.npm_allow_install_scripts_changed',
+      'organization.npm_install.blocked',
       'organization.npm_registry.create',
       'organization.npm_registry.delete',
       'organization.npm_registry.update',
@@ -339,3 +341,44 @@ const METADATA: Omit<OCSFMetadata, 'log_name'> = {
 export function buildOCSFMetadata(logName: string): OCSFMetadata {
   return { ...METADATA, log_name: logName };
 }
+
+// ---------------------------------------------------------------------------
+// npm install-blocked audit report (APPS-4191 / P6.3)
+// ---------------------------------------------------------------------------
+
+/**
+ * Wire payload for the `v1.audit.npmInstallBlocked` socket method.
+ *
+ * Emitted by the Clark dev-server runtime when the controlled install path
+ * reports `NpmInstallBlocked`. The server derives org + actor from the
+ * authenticated connection (never trusting the client for identity),
+ * throttles per-org and globally, sanitizes via the P6.1 telemetry helpers,
+ * and writes an OCSF `audit_event` row with operation
+ * `organization.npm_install.blocked`.
+ *
+ * Carries only structured, low-risk fields — deliberately NO free-text error
+ * message, so a registry token embedded in CLI output can never reach the wire.
+ */
+export interface NpmInstallBlockedAuditReport {
+  /** `NpmInstallBlocked.reason`; normalized to the shared npm outcome enum server-side. */
+  reason: string;
+  /** Raw registry host; the server buckets it to public_npm | private | unknown. */
+  registryHost?: string;
+  /** Requested package names; the server sanitizes each per P6.1 and caps the array. */
+  packages: string[];
+  /** HTTP status from the failed registry fetch, when known. */
+  httpStatus?: number;
+  /** Underlying npm/pnpm error code (e.g. E404), when known. Server caps length. */
+  npmErrorCode?: string;
+  /**
+   * Which controlled install path produced the block. The server allowlists
+   * against `NPM_INSTALL_RUNNERS` and drops any other value.
+   */
+  runner?: string;
+  /** Epoch ms when the block occurred (client clock). */
+  occurredAt: number;
+  // application attribution: NOT a wire field. The server derives it from the
+  // trusted scoped-JWT claim (`ctx.jwtClaims.app_id`) — a payload-controlled
+  // value would let any authenticated caller forge audit rows against another
+  // app in the same org.
+}

package/src/types/billing/billing.ts

@@ -22,10 +22,21 @@ const ENTERPRISE_LIKE_PLANS: ReadonlySet<BillingPlan> = new Set([
 
 const TRIAL_LIKE_PLANS: ReadonlySet<BillingPlan> = new Set([BillingPlan.TRIAL, BillingPlan.FREE]);
 
+/**
+ * Plans entitled to the Policy Gates MVP. The MVP rollout is limited to
+ * enterprise (and POC) orgs, so this is intentionally narrower than
+ * {@link isEnterpriseLikePlan} (which also covers legacy PRO/STARTER).
+ */
+const POLICY_GATES_ENTITLED_PLANS: ReadonlySet<BillingPlan> = new Set([BillingPlan.ENTERPRISE, BillingPlan.POC]);
+
 export function isEnterpriseLikePlan(plan: BillingPlan | undefined | null): boolean {
   return plan != null && ENTERPRISE_LIKE_PLANS.has(plan);
 }
 
+export function isPolicyGatesEntitledPlan(plan: BillingPlan | undefined | null): boolean {
+  return plan != null && POLICY_GATES_ENTITLED_PLANS.has(plan);
+}
+
 export function isTrialLikePlan(plan: BillingPlan | undefined | null): boolean {
   return plan != null && TRIAL_LIKE_PLANS.has(plan);
 }

package/src/types/billing/index.ts

@@ -1,2 +1,3 @@
 export * from './freeCreditsTier.js';
 export * from './billing.js';
+export * from './spendAlert.js';

package/src/types/billing/spendAlert.ts

@@ -0,0 +1,84 @@
+/**
+ * Spend Alerts — proactive billing alerts admins configure on /spending.
+ *
+ * Wire types shared between client (RTK Query slice in reduxApi/billing) and
+ * server (/v1/billing/spend-alerts controller). The DB stores `thresholds`
+ * and `recipients` as JSONB blobs whose shape matches these types exactly —
+ * see migration 1778896201000-create-spend-alert-table.
+ */
+
+export type SpendAlertType = 'org_spend' | 'per_user_spend' | 'overage_spend' | 'refill_spend';
+
+/**
+ * Unit identifier stored in `threshold.unit`. The client-side modal maps
+ * these to human labels (% of monthly usage / credits used / etc.); the
+ * server treats them opaquely for v1 (no evaluation yet).
+ *
+ * Adding a new unit requires an update here AND on the server-side enum
+ * in `validateThresholdUnit` so persistence rejects unknown values rather
+ * than silently storing them.
+ */
+export type SpendAlertThresholdUnit =
+  // Org spend
+  | 'percent'
+  | 'credits_used'
+  | 'dollars_spent'
+  // Per-user spend
+  | 'credits'
+  | 'dollars'
+  // Overage spend
+  | 'overage_credits'
+  | 'overage_dollars'
+  // Refill spend. Credit-denominated — every refill-eligible plan
+  // (TEAMS / POC) is credit-based, so there's no dollar variant.
+  | 'refill_credits';
+
+export interface SpendAlertThreshold {
+  /** Positive number. Server validates this is > 0. */
+  value: number;
+  unit: SpendAlertThresholdUnit;
+}
+
+export type SpendAlertRecipientKind =
+  /** Everyone with admin role on the org. Resolved at dispatch time. */
+  | 'all_admins'
+  /**
+   * Per-user alerts only. The user whose usage crossed the threshold.
+   * Resolved at dispatch time — not stored as a user_id, since the
+   * recipient depends on which user fired the alert.
+   */
+  | 'triggering_user'
+  /** Specific user by id. Resolved against the user table at dispatch. */
+  | 'user';
+
+export interface SpendAlertRecipient {
+  kind: SpendAlertRecipientKind;
+  /** Required when kind === 'user'. Ignored for other kinds. */
+  userId?: string;
+}
+
+export interface SpendAlertDto {
+  id: string;
+  organizationId: string;
+  alertType: SpendAlertType;
+  thresholds: SpendAlertThreshold[];
+  recipients: SpendAlertRecipient[];
+  created: string;
+  updated: string;
+}
+
+export interface CreateSpendAlertBody {
+  alertType: SpendAlertType;
+  thresholds: SpendAlertThreshold[];
+  recipients: SpendAlertRecipient[];
+}
+
+export type UpdateSpendAlertBody = Partial<Pick<CreateSpendAlertBody, 'thresholds' | 'recipients'>>;
+
+export interface ListSpendAlertsResponseBody {
+  alerts: SpendAlertDto[];
+}
+
+export interface SpendAlertResponseBody {
+  alert: SpendAlertDto;
+}

package/src/types/policyGate/index.ts

@@ -1,3 +1,6 @@
+// Single source of truth for the built-in security scan surfaces; flip to `true` to restore the security-scan UI and execution.
+export const SECURITY_SCANS_ENABLED: boolean = false;
+
 export type PolicyGateReadinessAction =
   | 'contact_admin'
   | 'fix_with_clark'
@@ -16,7 +19,11 @@ export type PolicyGateReadinessFindingSummary = {
 
 export type PolicyGateReadinessFinding = {
   blocking: boolean;
+  humanSummary?: string | null;
+  locationsJson?: unknown[];
+  remediationHintJson?: Record<string, unknown>;
   severity: 'critical' | 'high' | 'info' | 'low' | 'medium';
+  technicalSummary?: string | null;
   title: string;
 };
 
@@ -48,10 +55,24 @@ export type PolicyGateReadinessItem = {
   policyVersionId: string;
   progress?: PolicyGateScanProgress;
   reviewRunId?: string;
+  runs?: PolicyGateReadinessRun[];
   staleReason?: string;
   status: PolicyGateReadinessItemStatus;
 };
 
+export type PolicyGateReadinessRun = {
+  completedAt?: string;
+  createdAt?: string;
+  decision: 'advisory_allowed' | 'allowed' | 'blocked' | 'error_blocked' | 'not_applicable' | null;
+  errorCode?: string;
+  errorMessage?: string;
+  findingSummary: PolicyGateReadinessFindingSummary;
+  reviewRunId: string;
+  startedAt?: string;
+  staleReason?: string | null;
+  status: PolicyGateReadinessItemStatus;
+};
+
 export type PolicyGateReadinessItemStatus =
   | 'advisory_findings'
   | 'approval_required'
@@ -75,3 +96,10 @@ export type PolicyGateReadinessTarget = {
   commitId: string;
   directoryContentsHash: string | null;
 };
+
+/**
+ * Stable error code used in BadRequestError messages when a deploy is rejected
+ * due to unresolved policy gate findings. Both server and client reference this
+ * constant so the contract doesn't rely on fragile string matching.
+ */
+export const POLICY_GATE_BLOCKED_ERROR = 'POLICY_GATE_BLOCKED';

package/src/types/rbac/index.ts

@@ -146,6 +146,7 @@ export enum ResourceTypeEnum {
   INTEGRATIONS_DEFAULT_AI = 'integrations.default_ai',
   LOGS = 'logs',
   LOGS_STREAMS = 'logs.streams',
+  NATIVE_DATABASES = 'native_databases',
   NPM_REGISTRY = 'npm_registry',
   ORGANIZATION = 'org',
   // ORGANIZATION_REQUESTS = 'org.requests',
@@ -283,6 +284,9 @@ export const ActionTypeByResourceType = {
     MANAGE: ActionTypeEnum.MANAGE,
     READ: ActionTypeEnum.READ
   },
+  NATIVE_DATABASES: {
+    MANAGE: ActionTypeEnum.MANAGE
+  },
   NPM_REGISTRY: {
     MANAGE: ActionTypeEnum.MANAGE
   },

package/src/types/reviewPolicy/index.ts

@@ -86,6 +86,7 @@ export interface ReviewPolicyDto {
   mode: ReviewPolicyMode;
   scope: { type: ReviewPolicyScopeType };
   lastRun: ReviewPolicyLastRunDto | null;
+  freshPendingApprovalRunCount: number;
   createdBy: string | null;
   created: string;
 }
@@ -105,6 +106,7 @@ export interface ReviewPolicyRunDto {
   status: ReviewRunStatus;
   decision: ReviewRunDecision | null;
   decisionReason: string | null;
+  hasFreshPendingApproval: boolean;
   startedAt: string | null;
   completedAt: string | null;
   created: string;
@@ -146,11 +148,19 @@ export interface ReviewPolicyRunsDto {
   runs: ReviewPolicyRunDto[];
 }
 
+// Trailing-time windows the summary can be scoped to. Order is semantically
+// meaningful (shortest to longest) for rendering the selector.
+export const REVIEW_POLICY_SUMMARY_WINDOWS = ['24h', '7d', '30d'] as const;
+export type ReviewPolicySummaryWindow = (typeof REVIEW_POLICY_SUMMARY_WINDOWS)[number];
+export const DEFAULT_REVIEW_POLICY_SUMMARY_WINDOW: ReviewPolicySummaryWindow = '24h';
+
 export interface ReviewPolicySummaryDto {
+  // `activeAgents` is a point-in-time count and is not affected by `window`.
   activeAgents: number;
-  agentRuns24h: number;
-  securityScans24h: number;
-  findings24h: number;
+  agentRuns: number;
+  securityScans: number;
+  findings: number;
+  window: ReviewPolicySummaryWindow;
 }
 
 export type CreateReviewPolicyBody =