@synth-deploy/server 0.1.0

package/dist/artifact-analyzer.js

@@ -0,0 +1,334 @@
+import { sanitizeForPrompt } from "@synth-deploy/core";
+import { archiveFormat, unpackArchive, formatExtractedFiles } from "./archive-unpacker.js";
+// ---------------------------------------------------------------------------
+// Type detection
+// ---------------------------------------------------------------------------
+/**
+ * Detect artifact type from name and metadata.
+ * Used as a hint for the LLM and for intake routing — not for analysis.
+ */
+export function detectArtifactType(artifact) {
+    if (artifact.type)
+        return artifact.type;
+    const name = artifact.name.toLowerCase();
+    const meta = artifact.metadata || {};
+    if (name === "dockerfile" || name.endsWith("/dockerfile") || meta["content-type"]?.includes("dockerfile")) {
+        return "dockerfile";
+    }
+    if (name === "chart.yaml" || name === "chart.yml")
+        return "helm-chart";
+    if (name === "values.yaml" || name === "values.yml")
+        return "helm-values";
+    if (name === "package.json")
+        return "node-package";
+    if (name === "makefile" || name.endsWith("/makefile"))
+        return "makefile";
+    if (name.endsWith(".tar.gz") || name.endsWith(".tgz"))
+        return "tarball";
+    if (name.endsWith(".tar"))
+        return "tarball";
+    if (name.endsWith(".zip"))
+        return "zip";
+    if (name.endsWith(".nupkg"))
+        return "nupkg";
+    if (name.endsWith(".jar") || name.endsWith(".war") || name.endsWith(".ear"))
+        return "java-archive";
+    if (name.endsWith(".whl"))
+        return "python-package";
+    if (name.endsWith(".deb"))
+        return "debian-package";
+    if (name.endsWith(".rpm"))
+        return "rpm-package";
+    if (name.endsWith(".yaml") || name.endsWith(".yml"))
+        return "yaml";
+    if (name.endsWith(".json"))
+        return "json";
+    if (name.endsWith(".sh") || name.endsWith(".bash"))
+        return "shell-script";
+    return "unknown";
+}
+// ---------------------------------------------------------------------------
+// LLM reasoning
+// ---------------------------------------------------------------------------
+const ANALYSIS_SYSTEM_PROMPT = `You are a deployment artifact analyzer. Given information about a deployment artifact, produce a structured analysis.
+
+Your response must be valid JSON with these fields:
+- "summary": A plain-language description (1-3 sentences) of what this artifact is and how it should be deployed.
+- "dependencies": An array of strings listing runtime dependencies, system requirements, or external services needed.
+- "configurationExpectations": An object mapping configuration key names to descriptions of expected values.
+- "deploymentIntent": A short phrase describing the deployment method (e.g., "Container deployment via Docker Compose", "Kubernetes Helm release").
+- "confidence": A number 0-1 indicating how confident you are in this analysis.
+
+Focus on actionable deployment intelligence. Be specific about ports, environment variables, and deployment prerequisites.`;
+async function analyzeWithLlm(llm, artifact, artifactType, extractedArchiveContent) {
+    const contentSection = extractedArchiveContent
+        ? `Archive contents:\n\n${sanitizeForPrompt(extractedArchiveContent)}`
+        : artifact.content
+            ? `Content:\n'''\n${sanitizeForPrompt(artifact.content.toString("utf-8").slice(0, 4000))}\n'''`
+            : "(no content available)";
+    const prompt = `Analyze this deployment artifact.
+
+Name: ${sanitizeForPrompt(artifact.name)}
+Type: ${sanitizeForPrompt(artifactType)}
+Source: ${sanitizeForPrompt(artifact.source)}
+Metadata: ${sanitizeForPrompt(JSON.stringify(artifact.metadata || {}))}
+
+${contentSection}
+
+Produce a JSON analysis of this artifact for deployment planning purposes.`;
+    const result = await llm.reason({
+        prompt,
+        systemPrompt: ANALYSIS_SYSTEM_PROMPT,
+        promptSummary: `Artifact analysis for "${artifact.name}" (${artifactType})`,
+    });
+    if (!result.ok) {
+        console.warn(`[artifact-analyzer] LLM analysis failed for "${artifact.name}": ${result.reason}`);
+        return null;
+    }
+    try {
+        const jsonMatch = result.text.match(/\{[\s\S]*\}/);
+        if (!jsonMatch)
+            return null;
+        const parsed = JSON.parse(jsonMatch[0]);
+        return {
+            summary: parsed.summary ?? `Analysis of "${artifact.name}"`,
+            dependencies: parsed.dependencies ?? [],
+            configurationExpectations: parsed.configurationExpectations ?? {},
+            deploymentIntent: parsed.deploymentIntent,
+            confidence: typeof parsed.confidence === "number" ? parsed.confidence : 0.5,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+// ---------------------------------------------------------------------------
+// Pattern overlay
+// ---------------------------------------------------------------------------
+function applyPatternOverrides(analysis, derived) {
+    return {
+        summary: derived.summary || analysis.summary,
+        dependencies: derived.dependencies && derived.dependencies.length > 0
+            ? derived.dependencies
+            : analysis.dependencies,
+        configurationExpectations: derived.configurationExpectations
+            ? { ...analysis.configurationExpectations, ...derived.configurationExpectations }
+            : analysis.configurationExpectations,
+        deploymentIntent: derived.deploymentIntent || analysis.deploymentIntent,
+        confidence: analysis.confidence,
+    };
+}
+/**
+ * Artifact analysis engine.
+ *
+ * Analysis pipeline:
+ *   1. Check pattern store for matching corrections (if available)
+ *      - Auto-apply if >= 2 corrections and confidence >= 0.7 (no LLM call)
+ *      - Suggest if 1 correction or confidence < 0.7 (apply as overlay after LLM)
+ *   2. If LLM is unavailable, return an "unavailable" result — no silent fallback
+ *   3. Run LLM analysis on the raw artifact content
+ *   4. Apply pattern-suggest overlay if applicable
+ *   5. Record debrief entry with decision trail
+ */
+export class ArtifactAnalyzer {
+    _llm;
+    _debrief;
+    _patternStore;
+    constructor(deps) {
+        this._llm = deps.llm;
+        this._debrief = deps.debrief;
+        this._patternStore = deps.patternStore;
+    }
+    /**
+     * Analyze a deployment artifact. Returns structured analysis with
+     * confidence score and method used.
+     */
+    async analyze(artifact) {
+        const artifactType = detectArtifactType(artifact);
+        const reasoningTrail = [];
+        reasoningTrail.push(`Artifact: "${artifact.name}", detected type: ${artifactType}, source: ${artifact.source}`);
+        // --- Step 1: Check pattern store ---
+        let matchedPatterns = [];
+        if (this._patternStore) {
+            matchedPatterns = this._patternStore.findMatches(artifact.source, artifactType, artifact.name);
+            if (matchedPatterns.length > 0) {
+                const autoMatch = matchedPatterns.find((m) => m.mode === "auto");
+                if (autoMatch) {
+                    reasoningTrail.push(`Pattern match: "${autoMatch.pattern.namePattern}" (${autoMatch.pattern.corrections.length} corrections, confidence ${autoMatch.pattern.confidence}). Auto-applying without LLM call.`);
+                    const analysis = {
+                        summary: autoMatch.pattern.derivedAnalysis.summary ?? `Pattern-matched artifact "${artifact.name}"`,
+                        dependencies: autoMatch.pattern.derivedAnalysis.dependencies ?? [],
+                        configurationExpectations: autoMatch.pattern.derivedAnalysis.configurationExpectations ?? {},
+                        deploymentIntent: autoMatch.pattern.derivedAnalysis.deploymentIntent,
+                        confidence: autoMatch.pattern.confidence,
+                    };
+                    this._patternStore.recordApplication(autoMatch.pattern.id);
+                    reasoningTrail.push("Pattern derived analysis applied directly.");
+                    this._recordDebrief(artifact, artifactType, analysis, "pattern-auto", reasoningTrail);
+                    return { analysis, method: "pattern-auto", matchedPatterns };
+                }
+                reasoningTrail.push(`Pattern suggestion available: "${matchedPatterns[0].pattern.namePattern}" ` +
+                    `(${matchedPatterns[0].pattern.corrections.length} corrections, ` +
+                    `confidence ${matchedPatterns[0].pattern.confidence}). ` +
+                    `Not auto-applying — threshold not met.`);
+            }
+        }
+        // --- Step 2: Unpack archive if applicable ---
+        let extractedArchiveContent;
+        if (artifact.content) {
+            const format = archiveFormat(artifactType, artifact.name);
+            if (format) {
+                const unpacked = await unpackArchive(artifact.content, format);
+                extractedArchiveContent = formatExtractedFiles(unpacked);
+                reasoningTrail.push(`Archive unpacked (${format}): ${unpacked.files.length} text files extracted, ${unpacked.skipped} skipped.`);
+            }
+        }
+        // --- Step 3: Require LLM ---
+        if (!this._llm.isAvailable()) {
+            const analysis = {
+                summary: `Cannot analyze "${artifact.name}" — LLM is required for artifact analysis.`,
+                dependencies: [],
+                configurationExpectations: {},
+                confidence: 0,
+            };
+            reasoningTrail.push("LLM not available — analysis cannot proceed.");
+            this._recordDebrief(artifact, artifactType, analysis, "unavailable", reasoningTrail);
+            return { analysis, method: "unavailable" };
+        }
+        // --- Step 4: LLM analysis ---
+        reasoningTrail.push("LLM available — analyzing artifact.");
+        const llmAnalysis = await analyzeWithLlm(this._llm, artifact, artifactType, extractedArchiveContent);
+        if (!llmAnalysis) {
+            const analysis = {
+                summary: `Analysis of "${artifact.name}" failed — LLM returned no usable result.`,
+                dependencies: [],
+                configurationExpectations: {},
+                confidence: 0,
+            };
+            reasoningTrail.push("LLM returned no usable result.");
+            this._recordDebrief(artifact, artifactType, analysis, "unavailable", reasoningTrail);
+            return { analysis, method: "unavailable" };
+        }
+        reasoningTrail.push(`LLM analysis complete. Confidence: ${llmAnalysis.confidence}.`);
+        let analysis = llmAnalysis;
+        let method = "llm";
+        // --- Step 4: Apply pattern-suggest overlay ---
+        if (matchedPatterns.length > 0) {
+            analysis = applyPatternOverrides(analysis, matchedPatterns[0].pattern.derivedAnalysis);
+            method = "pattern-suggest";
+            reasoningTrail.push("Pattern suggestion applied as overlay on LLM analysis.");
+        }
+        this._recordDebrief(artifact, artifactType, analysis, method, reasoningTrail);
+        return {
+            analysis,
+            method,
+            matchedPatterns: matchedPatterns.length > 0 ? matchedPatterns : undefined,
+        };
+    }
+    /**
+     * Re-analyze an artifact using its stored annotations as correction context.
+     * Returns null if LLM is unavailable.
+     */
+    async reanalyzeWithAnnotations(artifact) {
+        if (!this._llm.isAvailable() || artifact.annotations.length === 0)
+            return null;
+        const correctionsText = artifact.annotations
+            .map((a) => `- ${a.field}: ${a.correction}`)
+            .join("\n");
+        const prompt = `An artifact's analysis has user corrections. Revise the analysis to incorporate them.
+
+Artifact Name: ${sanitizeForPrompt(artifact.name)}
+Type: ${sanitizeForPrompt(artifact.type)}
+
+Current Analysis:
+Summary: ${sanitizeForPrompt(artifact.analysis.summary)}
+Dependencies: ${sanitizeForPrompt(JSON.stringify(artifact.analysis.dependencies))}
+Configuration Expectations: ${sanitizeForPrompt(JSON.stringify(artifact.analysis.configurationExpectations))}
+Deployment Intent: ${sanitizeForPrompt(artifact.analysis.deploymentIntent ?? "unknown")}
+Confidence: ${artifact.analysis.confidence}
+
+User Corrections:
+${sanitizeForPrompt(correctionsText)}
+
+Produce a JSON analysis that incorporates all user corrections. Raise confidence proportional to how much the corrections clarify the artifact's purpose.`;
+        const result = await this._llm.reason({
+            prompt,
+            systemPrompt: ANALYSIS_SYSTEM_PROMPT,
+            promptSummary: `Re-analysis of "${artifact.name}" with ${artifact.annotations.length} user correction(s)`,
+        });
+        if (!result.ok)
+            return null;
+        try {
+            const jsonMatch = result.text.match(/\{[\s\S]*\}/);
+            if (!jsonMatch)
+                return null;
+            const parsed = JSON.parse(jsonMatch[0]);
+            const revised = {
+                summary: parsed.summary ?? artifact.analysis.summary,
+                dependencies: parsed.dependencies ?? artifact.analysis.dependencies,
+                configurationExpectations: parsed.configurationExpectations ?? artifact.analysis.configurationExpectations,
+                deploymentIntent: parsed.deploymentIntent ?? artifact.analysis.deploymentIntent,
+                confidence: typeof parsed.confidence === "number"
+                    ? Math.max(parsed.confidence, artifact.analysis.confidence)
+                    : artifact.analysis.confidence,
+            };
+            this._debrief.record({
+                partitionId: null,
+                deploymentId: null,
+                agent: "server",
+                decisionType: "artifact-analysis",
+                decision: `Re-analyzed "${artifact.name}" with ${artifact.annotations.length} user correction(s). Confidence: ${revised.confidence}.`,
+                reasoning: result.text,
+                context: {
+                    artifactName: artifact.name,
+                    corrections: correctionsText,
+                    confidence: revised.confidence,
+                    prompt,
+                },
+            });
+            return revised;
+        }
+        catch {
+            return null;
+        }
+    }
+    // -------------------------------------------------------------------------
+    // Debrief integration
+    // -------------------------------------------------------------------------
+    _recordDebrief(artifact, artifactType, analysis, method, reasoningTrail) {
+        const confidenceLabel = analysis.confidence >= 0.8
+            ? "high"
+            : analysis.confidence >= 0.5
+                ? "medium"
+                : "low";
+        this._debrief.record({
+            partitionId: null,
+            deploymentId: null,
+            agent: "server",
+            decisionType: "artifact-analysis",
+            decision: `Analyzed artifact "${artifact.name}" (${artifactType}) via ${method}. ` +
+                `Confidence: ${analysis.confidence} (${confidenceLabel}). ` +
+                `Found ${analysis.dependencies.length} dependencies, ` +
+                `${Object.keys(analysis.configurationExpectations).length} configuration expectations.`,
+            reasoning: reasoningTrail.join(" "),
+            context: {
+                artifactName: artifact.name,
+                artifactType,
+                source: artifact.source,
+                method,
+                confidence: analysis.confidence,
+                confidenceLabel,
+                dependencyCount: analysis.dependencies.length,
+                configExpectationCount: Object.keys(analysis.configurationExpectations).length,
+                deploymentIntent: analysis.deploymentIntent,
+            },
+        });
+    }
+}
+// ---------------------------------------------------------------------------
+// Factory
+// ---------------------------------------------------------------------------
+export function createArtifactAnalyzer(deps) {
+    return new ArtifactAnalyzer(deps);
+}
+//# sourceMappingURL=artifact-analyzer.js.map

package/dist/artifact-analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"artifact-analyzer.js","sourceRoot":"","sources":["../src/artifact-analyzer.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAEvD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAsB3F,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,QAAuB;IACxD,IAAI,QAAQ,CAAC,IAAI;QAAE,OAAO,QAAQ,CAAC,IAAI,CAAC;IAExC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;IACzC,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC;IAErC,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,IAAI,CAAC,cAAc,CAAC,EAAE,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;QAC1G,OAAO,YAAY,CAAC;IACtB,CAAC;IACD,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,KAAK,WAAW;QAAE,OAAO,YAAY,CAAC;IACvE,IAAI,IAAI,KAAK,aAAa,IAAI,IAAI,KAAK,YAAY;QAAE,OAAO,aAAa,CAAC;IAC1E,IAAI,IAAI,KAAK,cAAc;QAAE,OAAO,cAAc,CAAC;IACnD,IAAI,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC;QAAE,OAAO,UAAU,CAAC;IACzE,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,SAAS,CAAC;IACxE,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,SAAS,CAAC;IAC5C,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,OAAO,CAAC;IAC5C,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,cAAc,CAAC;IACnG,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,gBAAgB,CAAC;IACnD,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,gBAAgB,CAAC;IACnD,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,aAAa,CAAC;IAChD,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,MAAM,CAAC;IACnE,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,MAAM,CAAC;IAC1C,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,cAAc,CAAC;IAE1E,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,MAAM,sBAAsB,GAAG;;;;;;;;;2HAS4F,CAAC;AAE5H,KAAK,UAAU,cAAc,CAC3B,GAAc,EACd,QAAuB,EACvB,YAAoB,EACpB,uBAAgC;IAEhC,MAAM,cAAc,GAAG,uBAAuB;QAC5C,CAAC,CAAC,wBAAwB,iBAAiB,CAAC,uBAAuB,CAAC,EAAE;QACtE,CAAC,CAAC,QAAQ,CAAC,OAAO;YAChB,CAAC,CAAC,kBAAkB,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,OAAO;YAC/F,CAAC,CAAC,wBAAwB,CAAC;IAE/B,MAAM,MAAM,GAAG;;QAET,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC;QAChC,iBAAiB,CAAC,YAAY,CAAC;UAC7B,iBAAiB,CAAC,QAAQ,CAAC,MAAM,CAAC;YAChC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;;EAEpE,cAAc;;2EAE2D,CAAC;IAE1E,MAAM,MAAM,GAAc,MAAM,GAAG,CAAC,MAAM,CAAC;QACzC,MAAM;QACN,YAAY,EAAE,sBAAsB;QACpC,aAAa,EAAE,0BAA0B,QAAQ,CAAC,IAAI,MAAM,YAAY,GAAG;KAC5E,CAAC,CAAC;IAEH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,gDAAgD,QAAQ,CAAC,IAAI,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QACjG,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACnD,IAAI,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QAE5B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAMrC,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,gBAAgB,QAAQ,CAAC,IAAI,GAAG;YAC3D,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,EAAE;YACvC,yBAAyB,EAAE,MAAM,CAAC,yBAAyB,IAAI,EAAE;YACjE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,UAAU,EAAE,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG;SAC5E,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E,SAAS,qBAAqB,CAC5B,QAA0B,EAC1B,OAAwB;IAExB,OAAO;QACL,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,QAAQ,CAAC,OAAO;QAC5C,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC;YACnE,CAAC,CAAC,OAAO,CAAC,YAAY;YACtB,CAAC,CAAC,QAAQ,CAAC,YAAY;QACzB,yBAAyB,EAAE,OAAO,CAAC,yBAAyB;YAC1D,CAAC,CAAC,EAAE,GAAG,QAAQ,CAAC,yBAAyB,EAAE,GAAG,OAAO,CAAC,yBAAyB,EAAE;YACjF,CAAC,CAAC,QAAQ,CAAC,yBAAyB;QACtC,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,IAAI,QAAQ,CAAC,gBAAgB;QACvE,UAAU,EAAE,QAAQ,CAAC,UAAU;KAChC,CAAC;AACJ,CAAC;AAYD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,gBAAgB;IACV,IAAI,CAAY;IAChB,QAAQ,CAAgB;IACxB,aAAa,CAAgB;IAE9C,YAAY,IAA0B;QACpC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC;QACrB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC;QAC7B,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,YAAY,CAAC;IACzC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO,CAAC,QAAuB;QACnC,MAAM,YAAY,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAClD,MAAM,cAAc,GAAa,EAAE,CAAC;QAEpC,cAAc,CAAC,IAAI,CAAC,cAAc,QAAQ,CAAC,IAAI,qBAAqB,YAAY,aAAa,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;QAEhH,sCAAsC;QACtC,IAAI,eAAe,GAAmB,EAAE,CAAC;QACzC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,WAAW,CAC9C,QAAQ,CAAC,MAAM,EACf,YAAY,EACZ,QAAQ,CAAC,IAAI,CACd,CAAC;YAEF,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/B,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;gBACjE,IAAI,SAAS,EAAE,CAAC;oBACd,cAAc,CAAC,IAAI,CACjB,mBAAmB,SAAS,CAAC,OAAO,CAAC,WAAW,MAAM,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,4BAA4B,SAAS,CAAC,OAAO,CAAC,UAAU,oCAAoC,CACvL,CAAC;oBAEF,MAAM,QAAQ,GAAqB;wBACjC,OAAO,EAAE,SAAS,CAAC,OAAO,CAAC,eAAe,CAAC,OAAO,IAAI,6BAA6B,QAAQ,CAAC,IAAI,GAAG;wBACnG,YAAY,EAAE,SAAS,CAAC,OAAO,CAAC,eAAe,CAAC,YAAY,IAAI,EAAE;wBAClE,yBAAyB,EAAE,SAAS,CAAC,OAAO,CAAC,eAAe,CAAC,yBAAyB,IAAI,EAAE;wBAC5F,gBAAgB,EAAE,SAAS,CAAC,OAAO,CAAC,eAAe,CAAC,gBAAgB;wBACpE,UAAU,EAAE,SAAS,CAAC,OAAO,CAAC,UAAU;qBACzC,CAAC;oBAEF,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;oBAC3D,cAAc,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;oBAElE,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,cAAc,EAAE,cAAc,CAAC,CAAC;oBAEtF,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,EAAE,eAAe,EAAE,CAAC;gBAC/D,CAAC;gBAED,cAAc,CAAC,IAAI,CACjB,kCAAkC,eAAe,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,IAAI;oBAC5E,IAAI,eAAe,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,gBAAgB;oBACjE,cAAc,eAAe,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,KAAK;oBACxD,wCAAwC,CACzC,CAAC;YACJ,CAAC;QACH,CAAC;QAED,+CAA+C;QAC/C,IAAI,uBAA2C,CAAC;QAChD,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACrB,MAAM,MAAM,GAAG,aAAa,CAAC,YAAY,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC1D,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBAC/D,uBAAuB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;gBACzD,cAAc,CAAC,IAAI,CACjB,qBAAqB,MAAM,MAAM,QAAQ,CAAC,KAAK,CAAC,MAAM,0BAA0B,QAAQ,CAAC,OAAO,WAAW,CAC5G,CAAC;YACJ,CAAC;QACH,CAAC;QAED,8BAA8B;QAE9B,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC;YAC7B,MAAM,QAAQ,GAAqB;gBACjC,OAAO,EAAE,mBAAmB,QAAQ,CAAC,IAAI,4CAA4C;gBACrF,YAAY,EAAE,EAAE;gBAChB,yBAAyB,EAAE,EAAE;gBAC7B,UAAU,EAAE,CAAC;aACd,CAAC;YAEF,cAAc,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;YACpE,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,cAAc,CAAC,CAAC;YAErF,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;QAC7C,CAAC;QAED,+BAA+B;QAC/B,cAAc,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;QAC3D,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,YAAY,EAAE,uBAAuB,CAAC,CAAC;QAErG,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,QAAQ,GAAqB;gBACjC,OAAO,EAAE,gBAAgB,QAAQ,CAAC,IAAI,2CAA2C;gBACjF,YAAY,EAAE,EAAE;gBAChB,yBAAyB,EAAE,EAAE;gBAC7B,UAAU,EAAE,CAAC;aACd,CAAC;YAEF,cAAc,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;YACtD,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,aAAa,EAAE,cAAc,CAAC,CAAC;YAErF,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;QAC7C,CAAC;QAED,cAAc,CAAC,IAAI,CAAC,sCAAsC,WAAW,CAAC,UAAU,GAAG,CAAC,CAAC;QAErF,IAAI,QAAQ,GAAG,WAAW,CAAC;QAC3B,IAAI,MAAM,GAA6B,KAAK,CAAC;QAE7C,gDAAgD;QAChD,IAAI,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/B,QAAQ,GAAG,qBAAqB,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YACvF,MAAM,GAAG,iBAAiB,CAAC;YAC3B,cAAc,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,cAAc,CAAC,CAAC;QAE9E,OAAO;YACL,QAAQ;YACR,MAAM;YACN,eAAe,EAAE,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS;SAC1E,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,wBAAwB,CAAC,QAAkB;QAC/C,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,QAAQ,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAE/E,MAAM,eAAe,GAAG,QAAQ,CAAC,WAAW;aACzC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,UAAU,EAAE,CAAC;aAC3C,IAAI,CAAC,IAAI,CAAC,CAAC;QAEd,MAAM,MAAM,GAAG;;iBAEF,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC;QACzC,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC;;;WAG7B,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;gBACvC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;8BACnD,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAAC;qBACvF,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,gBAAgB,IAAI,SAAS,CAAC;cACzE,QAAQ,CAAC,QAAQ,CAAC,UAAU;;;EAGxC,iBAAiB,CAAC,eAAe,CAAC;;0JAEsH,CAAC;QAEvJ,MAAM,MAAM,GAAc,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;YAC/C,MAAM;YACN,YAAY,EAAE,sBAAsB;YACpC,aAAa,EAAE,mBAAmB,QAAQ,CAAC,IAAI,UAAU,QAAQ,CAAC,WAAW,CAAC,MAAM,qBAAqB;SAC1G,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE;YAAE,OAAO,IAAI,CAAC;QAE5B,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YACnD,IAAI,CAAC,SAAS;gBAAE,OAAO,IAAI,CAAC;YAE5B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAMrC,CAAC;YAEF,MAAM,OAAO,GAAqB;gBAChC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO;gBACpD,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,QAAQ,CAAC,QAAQ,CAAC,YAAY;gBACnE,yBAAyB,EAAE,MAAM,CAAC,yBAAyB,IAAI,QAAQ,CAAC,QAAQ,CAAC,yBAAyB;gBAC1G,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,IAAI,QAAQ,CAAC,QAAQ,CAAC,gBAAgB;gBAC/E,UAAU,EAAE,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ;oBAC/C,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;oBAC3D,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU;aACjC,CAAC;YAEF,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACnB,WAAW,EAAE,IAAI;gBACjB,YAAY,EAAE,IAAI;gBAClB,KAAK,EAAE,QAAQ;gBACf,YAAY,EAAE,mBAAmB;gBACjC,QAAQ,EAAE,gBAAgB,QAAQ,CAAC,IAAI,UAAU,QAAQ,CAAC,WAAW,CAAC,MAAM,oCAAoC,OAAO,CAAC,UAAU,GAAG;gBACrI,SAAS,EAAE,MAAM,CAAC,IAAI;gBACtB,OAAO,EAAE;oBACP,YAAY,EAAE,QAAQ,CAAC,IAAI;oBAC3B,WAAW,EAAE,eAAe;oBAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,MAAM;iBACP;aACF,CAAC,CAAC;YAEH,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,sBAAsB;IACtB,4EAA4E;IAEpE,cAAc,CACpB,QAAuB,EACvB,YAAoB,EACpB,QAA0B,EAC1B,MAAgC,EAChC,cAAwB;QAExB,MAAM,eAAe,GACnB,QAAQ,CAAC,UAAU,IAAI,GAAG;YACxB,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,QAAQ,CAAC,UAAU,IAAI,GAAG;gBAC1B,CAAC,CAAC,QAAQ;gBACV,CAAC,CAAC,KAAK,CAAC;QAEd,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC;YACnB,WAAW,EAAE,IAAI;YACjB,YAAY,EAAE,IAAI;YAClB,KAAK,EAAE,QAAQ;YACf,YAAY,EAAE,mBAAmB;YACjC,QAAQ,EAAE,sBAAsB,QAAQ,CAAC,IAAI,MAAM,YAAY,SAAS,MAAM,IAAI;gBAChF,eAAe,QAAQ,CAAC,UAAU,KAAK,eAAe,KAAK;gBAC3D,SAAS,QAAQ,CAAC,YAAY,CAAC,MAAM,iBAAiB;gBACtD,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAAC,MAAM,8BAA8B;YACzF,SAAS,EAAE,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC;YACnC,OAAO,EAAE;gBACP,YAAY,EAAE,QAAQ,CAAC,IAAI;gBAC3B,YAAY;gBACZ,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,MAAM;gBACN,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,eAAe;gBACf,eAAe,EAAE,QAAQ,CAAC,YAAY,CAAC,MAAM;gBAC7C,sBAAsB,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAAC,MAAM;gBAC9E,gBAAgB,EAAE,QAAQ,CAAC,gBAAgB;aAC5C;SACF,CAAC,CAAC;IACL,CAAC;CACF;AAED,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,MAAM,UAAU,sBAAsB,CAAC,IAA0B;IAC/D,OAAO,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC;AACpC,CAAC"}

package/dist/auth/idp/index.d.ts

@@ -0,0 +1,9 @@
+export type { IdpAdapter } from "./types.js";
+export { OidcAdapter } from "./oidc.js";
+export type { OidcAuthenticateParams } from "./oidc.js";
+export { SamlAdapter } from "./saml.js";
+export type { SamlConfig, SamlAuthenticateParams } from "./saml.js";
+export { LdapAdapter } from "./ldap.js";
+export type { LdapConfig, LdapAuthenticateParams } from "./ldap.js";
+export { applyRoleMappings } from "./role-mapping.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/idp/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/idp/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,YAAY,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,YAAY,EAAE,UAAU,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,YAAY,EAAE,UAAU,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AACpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/auth/idp/index.js

@@ -0,0 +1,5 @@
+export { OidcAdapter } from "./oidc.js";
+export { SamlAdapter } from "./saml.js";
+export { LdapAdapter } from "./ldap.js";
+export { applyRoleMappings } from "./role-mapping.js";
+//# sourceMappingURL=index.js.map

package/dist/auth/idp/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/idp/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAExC,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAExC,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAExC,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/auth/idp/ldap.d.ts

@@ -0,0 +1,56 @@
+import type { IdpUser } from "@synth-deploy/core";
+import type { IdpAdapter } from "./types.js";
+export interface LdapConfig {
+    url: string;
+    bindDn: string;
+    bindCredential: string;
+    searchBase: string;
+    searchFilter: string;
+    groupSearchBase: string;
+    groupSearchFilter: string;
+    useTls: boolean;
+    tlsCaPath?: string;
+}
+export interface LdapAuthenticateParams {
+    username: string;
+    password: string;
+    config: LdapConfig;
+}
+/**
+ * LDAP/Active Directory adapter -- implements IdpAdapter for LDAP-based identity providers.
+ *
+ * Authentication flow:
+ * 1. Bind with service account credentials
+ * 2. Search for the user by username
+ * 3. Bind with the user's DN + provided password
+ * 4. Query group memberships (supports AD nested groups via matching rule OID)
+ * 5. Return IdpUser
+ */
+export declare class LdapAdapter implements IdpAdapter {
+    type: string;
+    authenticate(params: unknown): Promise<IdpUser>;
+    validateConfig(config: unknown): Promise<{
+        valid: boolean;
+        error?: string;
+    }>;
+    /**
+     * Tests the LDAP connection by attempting a service account bind.
+     * Returns success/error without authenticating any user.
+     */
+    testConnection(config: LdapConfig): Promise<{
+        success: boolean;
+        error?: string;
+    }>;
+    /**
+     * Tests whether a specific user can be found in the LDAP directory.
+     * Uses the service account to search — does not authenticate the user.
+     */
+    testUser(config: LdapConfig, username: string): Promise<{
+        found: boolean;
+        userDn?: string;
+        email?: string;
+        displayName?: string;
+        error?: string;
+    }>;
+}
+//# sourceMappingURL=ldap.d.ts.map

package/dist/auth/idp/ldap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ldap.d.ts","sourceRoot":"","sources":["../../../src/auth/idp/ldap.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,UAAU,CAAC;CACpB;AA4FD;;;;;;;;;GASG;AACH,qBAAa,WAAY,YAAW,UAAU;IAC5C,IAAI,SAAU;IAER,YAAY,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IA4F/C,cAAc,CAAC,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAiDlF;;;OAGG;IACG,cAAc,CAAC,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAkBvF;;;OAGG;IACG,QAAQ,CACZ,MAAM,EAAE,UAAU,EAClB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAmCtG"}