npm - @synth-deploy/server - Versions diffs - 0.1.0 - Mend

@synth-deploy/server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (317) hide show

package/dist/agent/debrief-retention.d.ts +12 -0
package/dist/agent/debrief-retention.d.ts.map +1 -0
package/dist/agent/debrief-retention.js +27 -0
package/dist/agent/debrief-retention.js.map +1 -0
package/dist/agent/envoy-client.d.ts +216 -0
package/dist/agent/envoy-client.d.ts.map +1 -0
package/dist/agent/envoy-client.js +266 -0
package/dist/agent/envoy-client.js.map +1 -0
package/dist/agent/envoy-registry.d.ts +102 -0
package/dist/agent/envoy-registry.d.ts.map +1 -0
package/dist/agent/envoy-registry.js +319 -0
package/dist/agent/envoy-registry.js.map +1 -0
package/dist/agent/health-checker.d.ts +39 -0
package/dist/agent/health-checker.d.ts.map +1 -0
package/dist/agent/health-checker.js +49 -0
package/dist/agent/health-checker.js.map +1 -0
package/dist/agent/mcp-client-manager.d.ts +36 -0
package/dist/agent/mcp-client-manager.d.ts.map +1 -0
package/dist/agent/mcp-client-manager.js +106 -0
package/dist/agent/mcp-client-manager.js.map +1 -0
package/dist/agent/stale-deployment-detector.d.ts +15 -0
package/dist/agent/stale-deployment-detector.d.ts.map +1 -0
package/dist/agent/stale-deployment-detector.js +50 -0
package/dist/agent/stale-deployment-detector.js.map +1 -0
package/dist/agent/step-runner.d.ts +31 -0
package/dist/agent/step-runner.d.ts.map +1 -0
package/dist/agent/step-runner.js +80 -0
package/dist/agent/step-runner.js.map +1 -0
package/dist/agent/synth-agent.d.ts +168 -0
package/dist/agent/synth-agent.d.ts.map +1 -0
package/dist/agent/synth-agent.js +1195 -0
package/dist/agent/synth-agent.js.map +1 -0
package/dist/api/agent.d.ts +36 -0
package/dist/api/agent.d.ts.map +1 -0
package/dist/api/agent.js +867 -0
package/dist/api/agent.js.map +1 -0
package/dist/api/api-keys.d.ts +4 -0
package/dist/api/api-keys.d.ts.map +1 -0
package/dist/api/api-keys.js +118 -0
package/dist/api/api-keys.js.map +1 -0
package/dist/api/artifacts.d.ts +5 -0
package/dist/api/artifacts.d.ts.map +1 -0
package/dist/api/artifacts.js +142 -0
package/dist/api/artifacts.js.map +1 -0
package/dist/api/auth.d.ts +4 -0
package/dist/api/auth.d.ts.map +1 -0
package/dist/api/auth.js +280 -0
package/dist/api/auth.js.map +1 -0
package/dist/api/deployments.d.ts +11 -0
package/dist/api/deployments.d.ts.map +1 -0
package/dist/api/deployments.js +1098 -0
package/dist/api/deployments.js.map +1 -0
package/dist/api/environments.d.ts +5 -0
package/dist/api/environments.d.ts.map +1 -0
package/dist/api/environments.js +69 -0
package/dist/api/environments.js.map +1 -0
package/dist/api/envoy-reports.d.ts +17 -0
package/dist/api/envoy-reports.d.ts.map +1 -0
package/dist/api/envoy-reports.js +138 -0
package/dist/api/envoy-reports.js.map +1 -0
package/dist/api/envoys.d.ts +5 -0
package/dist/api/envoys.d.ts.map +1 -0
package/dist/api/envoys.js +192 -0
package/dist/api/envoys.js.map +1 -0
package/dist/api/fleet.d.ts +11 -0
package/dist/api/fleet.d.ts.map +1 -0
package/dist/api/fleet.js +394 -0
package/dist/api/fleet.js.map +1 -0
package/dist/api/graph.d.ts +8 -0
package/dist/api/graph.d.ts.map +1 -0
package/dist/api/graph.js +355 -0
package/dist/api/graph.js.map +1 -0
package/dist/api/health.d.ts +20 -0
package/dist/api/health.d.ts.map +1 -0
package/dist/api/health.js +248 -0
package/dist/api/health.js.map +1 -0
package/dist/api/idp-schemas.d.ts +41 -0
package/dist/api/idp-schemas.d.ts.map +1 -0
package/dist/api/idp-schemas.js +17 -0
package/dist/api/idp-schemas.js.map +1 -0
package/dist/api/idp.d.ts +6 -0
package/dist/api/idp.d.ts.map +1 -0
package/dist/api/idp.js +620 -0
package/dist/api/idp.js.map +1 -0
package/dist/api/intake.d.ts +10 -0
package/dist/api/intake.d.ts.map +1 -0
package/dist/api/intake.js +418 -0
package/dist/api/intake.js.map +1 -0
package/dist/api/partitions.d.ts +5 -0
package/dist/api/partitions.d.ts.map +1 -0
package/dist/api/partitions.js +113 -0
package/dist/api/partitions.js.map +1 -0
package/dist/api/progress-event-store.d.ts +62 -0
package/dist/api/progress-event-store.d.ts.map +1 -0
package/dist/api/progress-event-store.js +118 -0
package/dist/api/progress-event-store.js.map +1 -0
package/dist/api/schemas.d.ts +1000 -0
package/dist/api/schemas.d.ts.map +1 -0
package/dist/api/schemas.js +328 -0
package/dist/api/schemas.js.map +1 -0
package/dist/api/security-boundaries.d.ts +4 -0
package/dist/api/security-boundaries.d.ts.map +1 -0
package/dist/api/security-boundaries.js +32 -0
package/dist/api/security-boundaries.js.map +1 -0
package/dist/api/settings.d.ts +4 -0
package/dist/api/settings.d.ts.map +1 -0
package/dist/api/settings.js +99 -0
package/dist/api/settings.js.map +1 -0
package/dist/api/system.d.ts +75 -0
package/dist/api/system.d.ts.map +1 -0
package/dist/api/system.js +558 -0
package/dist/api/system.js.map +1 -0
package/dist/api/telemetry.d.ts +4 -0
package/dist/api/telemetry.d.ts.map +1 -0
package/dist/api/telemetry.js +24 -0
package/dist/api/telemetry.js.map +1 -0
package/dist/api/users.d.ts +4 -0
package/dist/api/users.d.ts.map +1 -0
package/dist/api/users.js +173 -0
package/dist/api/users.js.map +1 -0
package/dist/archive-unpacker.d.ts +24 -0
package/dist/archive-unpacker.d.ts.map +1 -0
package/dist/archive-unpacker.js +239 -0
package/dist/archive-unpacker.js.map +1 -0
package/dist/artifact-analyzer.d.ts +59 -0
package/dist/artifact-analyzer.d.ts.map +1 -0
package/dist/artifact-analyzer.js +334 -0
package/dist/artifact-analyzer.js.map +1 -0
package/dist/auth/idp/index.d.ts +9 -0
package/dist/auth/idp/index.d.ts.map +1 -0
package/dist/auth/idp/index.js +5 -0
package/dist/auth/idp/index.js.map +1 -0
package/dist/auth/idp/ldap.d.ts +56 -0
package/dist/auth/idp/ldap.d.ts.map +1 -0
package/dist/auth/idp/ldap.js +276 -0
package/dist/auth/idp/ldap.js.map +1 -0
package/dist/auth/idp/oidc.d.ts +27 -0
package/dist/auth/idp/oidc.d.ts.map +1 -0
package/dist/auth/idp/oidc.js +97 -0
package/dist/auth/idp/oidc.js.map +1 -0
package/dist/auth/idp/role-mapping.d.ts +9 -0
package/dist/auth/idp/role-mapping.d.ts.map +1 -0
package/dist/auth/idp/role-mapping.js +16 -0
package/dist/auth/idp/role-mapping.js.map +1 -0
package/dist/auth/idp/saml.d.ts +40 -0
package/dist/auth/idp/saml.d.ts.map +1 -0
package/dist/auth/idp/saml.js +117 -0
package/dist/auth/idp/saml.js.map +1 -0
package/dist/auth/idp/types.d.ts +23 -0
package/dist/auth/idp/types.d.ts.map +1 -0
package/dist/auth/idp/types.js +2 -0
package/dist/auth/idp/types.js.map +1 -0
package/dist/fleet/fleet-executor.d.ts +35 -0
package/dist/fleet/fleet-executor.d.ts.map +1 -0
package/dist/fleet/fleet-executor.js +228 -0
package/dist/fleet/fleet-executor.js.map +1 -0
package/dist/fleet/fleet-store.d.ts +13 -0
package/dist/fleet/fleet-store.d.ts.map +1 -0
package/dist/fleet/fleet-store.js +13 -0
package/dist/fleet/fleet-store.js.map +1 -0
package/dist/fleet/index.d.ts +5 -0
package/dist/fleet/index.d.ts.map +1 -0
package/dist/fleet/index.js +4 -0
package/dist/fleet/index.js.map +1 -0
package/dist/fleet/representative-selector.d.ts +15 -0
package/dist/fleet/representative-selector.d.ts.map +1 -0
package/dist/fleet/representative-selector.js +71 -0
package/dist/fleet/representative-selector.js.map +1 -0
package/dist/graph/graph-executor.d.ts +36 -0
package/dist/graph/graph-executor.d.ts.map +1 -0
package/dist/graph/graph-executor.js +348 -0
package/dist/graph/graph-executor.js.map +1 -0
package/dist/graph/graph-inference.d.ts +22 -0
package/dist/graph/graph-inference.d.ts.map +1 -0
package/dist/graph/graph-inference.js +149 -0
package/dist/graph/graph-inference.js.map +1 -0
package/dist/graph/graph-store.d.ts +12 -0
package/dist/graph/graph-store.d.ts.map +1 -0
package/dist/graph/graph-store.js +61 -0
package/dist/graph/graph-store.js.map +1 -0
package/dist/graph/index.d.ts +5 -0
package/dist/graph/index.d.ts.map +1 -0
package/dist/graph/index.js +4 -0
package/dist/graph/index.js.map +1 -0
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +837 -0
package/dist/index.js.map +1 -0
package/dist/intake/index.d.ts +6 -0
package/dist/intake/index.d.ts.map +1 -0
package/dist/intake/index.js +5 -0
package/dist/intake/index.js.map +1 -0
package/dist/intake/intake-processor.d.ts +17 -0
package/dist/intake/intake-processor.d.ts.map +1 -0
package/dist/intake/intake-processor.js +99 -0
package/dist/intake/intake-processor.js.map +1 -0
package/dist/intake/intake-store.d.ts +7 -0
package/dist/intake/intake-store.d.ts.map +1 -0
package/dist/intake/intake-store.js +7 -0
package/dist/intake/intake-store.js.map +1 -0
package/dist/intake/registry-poller.d.ts +41 -0
package/dist/intake/registry-poller.d.ts.map +1 -0
package/dist/intake/registry-poller.js +202 -0
package/dist/intake/registry-poller.js.map +1 -0
package/dist/intake/webhook-handlers.d.ts +37 -0
package/dist/intake/webhook-handlers.d.ts.map +1 -0
package/dist/intake/webhook-handlers.js +268 -0
package/dist/intake/webhook-handlers.js.map +1 -0
package/dist/logger.d.ts +5 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +15 -0
package/dist/logger.js.map +1 -0
package/dist/mcp/resources.d.ts +9 -0
package/dist/mcp/resources.d.ts.map +1 -0
package/dist/mcp/resources.js +72 -0
package/dist/mcp/resources.js.map +1 -0
package/dist/mcp/server.d.ts +15 -0
package/dist/mcp/server.d.ts.map +1 -0
package/dist/mcp/server.js +20 -0
package/dist/mcp/server.js.map +1 -0
package/dist/mcp/tools.d.ts +9 -0
package/dist/mcp/tools.d.ts.map +1 -0
package/dist/mcp/tools.js +88 -0
package/dist/mcp/tools.js.map +1 -0
package/dist/middleware/auth.d.ts +29 -0
package/dist/middleware/auth.d.ts.map +1 -0
package/dist/middleware/auth.js +76 -0
package/dist/middleware/auth.js.map +1 -0
package/dist/middleware/permissions.d.ts +13 -0
package/dist/middleware/permissions.d.ts.map +1 -0
package/dist/middleware/permissions.js +32 -0
package/dist/middleware/permissions.js.map +1 -0
package/dist/pattern-store.d.ts +104 -0
package/dist/pattern-store.d.ts.map +1 -0
package/dist/pattern-store.js +299 -0
package/dist/pattern-store.js.map +1 -0
package/package.json +54 -0
package/src/agent/debrief-retention.ts +44 -0
package/src/agent/envoy-client.ts +474 -0
package/src/agent/envoy-registry.ts +384 -0
package/src/agent/health-checker.ts +70 -0
package/src/agent/mcp-client-manager.ts +131 -0
package/src/agent/stale-deployment-detector.ts +79 -0
package/src/agent/step-runner.ts +124 -0
package/src/agent/synth-agent.ts +1567 -0
package/src/api/agent.ts +1075 -0
package/src/api/api-keys.ts +129 -0
package/src/api/artifacts.ts +194 -0
package/src/api/auth.ts +320 -0
package/src/api/deployments.ts +1347 -0
package/src/api/environments.ts +97 -0
package/src/api/envoy-reports.ts +159 -0
package/src/api/envoys.ts +237 -0
package/src/api/fleet.ts +510 -0
package/src/api/graph.ts +516 -0
package/src/api/health.ts +311 -0
package/src/api/idp-schemas.ts +19 -0
package/src/api/idp.ts +735 -0
package/src/api/intake.ts +537 -0
package/src/api/partitions.ts +147 -0
package/src/api/progress-event-store.ts +153 -0
package/src/api/schemas.ts +376 -0
package/src/api/security-boundaries.ts +54 -0
package/src/api/settings.ts +118 -0
package/src/api/system.ts +704 -0
package/src/api/telemetry.ts +32 -0
package/src/api/users.ts +210 -0
package/src/archive-unpacker.ts +271 -0
package/src/artifact-analyzer.ts +438 -0
package/src/auth/idp/index.ts +8 -0
package/src/auth/idp/ldap.ts +340 -0
package/src/auth/idp/oidc.ts +117 -0
package/src/auth/idp/role-mapping.ts +22 -0
package/src/auth/idp/saml.ts +148 -0
package/src/auth/idp/types.ts +22 -0
package/src/fleet/fleet-executor.ts +309 -0
package/src/fleet/fleet-store.ts +13 -0
package/src/fleet/index.ts +4 -0
package/src/fleet/representative-selector.ts +83 -0
package/src/graph/graph-executor.ts +446 -0
package/src/graph/graph-inference.ts +184 -0
package/src/graph/graph-store.ts +75 -0
package/src/graph/index.ts +4 -0
package/src/index.ts +916 -0
package/src/intake/index.ts +5 -0
package/src/intake/intake-processor.ts +111 -0
package/src/intake/intake-store.ts +7 -0
package/src/intake/registry-poller.ts +230 -0
package/src/intake/webhook-handlers.ts +328 -0
package/src/logger.ts +19 -0
package/src/mcp/resources.ts +98 -0
package/src/mcp/server.ts +34 -0
package/src/mcp/tools.ts +117 -0
package/src/middleware/auth.ts +103 -0
package/src/middleware/permissions.ts +35 -0
package/src/pattern-store.ts +409 -0
package/tests/agent-mode.test.ts +536 -0
package/tests/api-handlers.test.ts +1245 -0
package/tests/archive-unpacker.test.ts +179 -0
package/tests/artifact-analyzer.test.ts +240 -0
package/tests/auth-middleware.test.ts +189 -0
package/tests/decision-diary.test.ts +957 -0
package/tests/diary-reader.test.ts +782 -0
package/tests/envoy-client.test.ts +342 -0
package/tests/envoy-reports.test.ts +156 -0
package/tests/mcp-tools.test.ts +213 -0
package/tests/orchestration.test.ts +536 -0
package/tests/partition-deletion.test.ts +143 -0
package/tests/partition-isolation.test.ts +830 -0
package/tests/pattern-store.test.ts +371 -0
package/tests/rbac-enforcement.test.ts +409 -0
package/tests/ssrf-validation.test.ts +56 -0
package/tests/stale-deployment.test.ts +85 -0
package/tests/step-runner.test.ts +308 -0
package/tests/ui-journey.test.ts +330 -0
package/tsconfig.json +11 -0
package/vitest.config.ts +27 -0

package/dist/agent/step-runner.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+/** Legacy deployment step type — kept for backward compatibility with step-runner. */
+interface DeploymentStep {
+    id: string;
+    name: string;
+    type: string;
+    command: string;
+    order: number;
+}
+export interface StepResult {
+    success: boolean;
+    exitCode: number | null;
+    stdout: string;
+    stderr: string;
+    durationMs: number;
+    timedOut: boolean;
+}
+export interface StepValidationWarning {
+    pattern: string;
+    description: string;
+}
+export declare function validateCommand(command: string): StepValidationWarning[];
+/**
+ * Executes a deployment step's shell command with variable injection and timeout.
+ *
+ * Variables are injected as environment variables merged with the current
+ * process environment. stdout/stderr are truncated to the last 2000 chars
+ * to prevent memory issues in debrief entries.
+ */
+export declare function runStep(step: DeploymentStep, variables: Record<string, string>, timeoutMs: number): Promise<StepResult>;
+export {};
+//# sourceMappingURL=step-runner.d.ts.map

package/dist/agent/step-runner.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"step-runner.d.ts","sourceRoot":"","sources":["../../src/agent/step-runner.ts"],"names":[],"mappings":"AAEA,sFAAsF;AACtF,UAAU,cAAc;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAMD,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB;AAYD,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,qBAAqB,EAAE,CAQxE;AAuBD;;;;;;GAMG;AACH,wBAAgB,OAAO,CACrB,IAAI,EAAE,cAAc,EACpB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EACjC,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,UAAU,CAAC,CA0CrB"}

package/dist/agent/step-runner.js ADDED Viewed

@@ -0,0 +1,80 @@
+import { exec } from "node:child_process";
+const DANGEROUS_PATTERNS = [
+    { regex: /\benv\b.*\|/, description: "Pipes environment to another command" },
+    { regex: /\bcurl\b.*-d\s/, description: "Sends data via curl" },
+    { regex: /\bwget\b/, description: "Downloads content via wget" },
+    { regex: /\beval\b/, description: "Uses eval for dynamic execution" },
+    { regex: /`[^`]+`/, description: "Contains backtick command substitution" },
+    { regex: /\/etc\/shadow/, description: "References sensitive system files" },
+    { regex: /\brm\s+-rf\s+\//, description: "Recursive deletion from root" },
+];
+export function validateCommand(command) {
+    const warnings = [];
+    for (const { regex, description } of DANGEROUS_PATTERNS) {
+        if (regex.test(command)) {
+            warnings.push({ pattern: regex.source, description });
+        }
+    }
+    return warnings;
+}
+// ---------------------------------------------------------------------------
+// Environment isolation — only expose safe host vars + declared variables
+// ---------------------------------------------------------------------------
+const SAFE_HOST_VARS = ['PATH', 'HOME', 'SHELL', 'TERM', 'USER', 'LANG'];
+function buildStepEnv(variables) {
+    const env = {};
+    for (const key of SAFE_HOST_VARS) {
+        if (process.env[key])
+            env[key] = process.env[key];
+    }
+    return { ...env, ...variables };
+}
+const MAX_OUTPUT_CHARS = 2000;
+function truncate(output) {
+    if (output.length <= MAX_OUTPUT_CHARS)
+        return output;
+    return "…" + output.slice(-MAX_OUTPUT_CHARS);
+}
+/**
+ * Executes a deployment step's shell command with variable injection and timeout.
+ *
+ * Variables are injected as environment variables merged with the current
+ * process environment. stdout/stderr are truncated to the last 2000 chars
+ * to prevent memory issues in debrief entries.
+ */
+export function runStep(step, variables, timeoutMs) {
+    const start = Date.now();
+    const controller = new AbortController();
+    return new Promise((resolve) => {
+        const child = exec(step.command, {
+            env: buildStepEnv(variables),
+            signal: controller.signal,
+            timeout: timeoutMs,
+        }, (error, stdout, stderr) => {
+            const durationMs = Date.now() - start;
+            if (error && error.killed) {
+                resolve({
+                    success: false,
+                    exitCode: null,
+                    stdout: truncate(stdout),
+                    stderr: truncate(stderr),
+                    durationMs,
+                    timedOut: true,
+                });
+                return;
+            }
+            const exitCode = error ? (error.code ?? 1) : 0;
+            resolve({
+                success: exitCode === 0,
+                exitCode,
+                stdout: truncate(stdout),
+                stderr: truncate(stderr),
+                durationMs,
+                timedOut: false,
+            });
+        });
+        // Ensure the child process reference is used to suppress lint warnings
+        void child;
+    });
+}
+//# sourceMappingURL=step-runner.js.map

package/dist/agent/step-runner.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"step-runner.js","sourceRoot":"","sources":["../../src/agent/step-runner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AA6B1C,MAAM,kBAAkB,GAAkD;IACxE,EAAE,KAAK,EAAE,aAAa,EAAE,WAAW,EAAE,sCAAsC,EAAE;IAC7E,EAAE,KAAK,EAAE,gBAAgB,EAAE,WAAW,EAAE,qBAAqB,EAAE;IAC/D,EAAE,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,4BAA4B,EAAE;IAChE,EAAE,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,iCAAiC,EAAE;IACrE,EAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,wCAAwC,EAAE;IAC3E,EAAE,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,mCAAmC,EAAE;IAC5E,EAAE,KAAK,EAAE,iBAAiB,EAAE,WAAW,EAAE,8BAA8B,EAAE;CAC1E,CAAC;AAEF,MAAM,UAAU,eAAe,CAAC,OAAe;IAC7C,MAAM,QAAQ,GAA4B,EAAE,CAAC;IAC7C,KAAK,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,kBAAkB,EAAE,CAAC;QACxD,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACxB,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,8EAA8E;AAC9E,0EAA0E;AAC1E,8EAA8E;AAE9E,MAAM,cAAc,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;AAEzE,SAAS,YAAY,CAAC,SAAiC;IACrD,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;QACjC,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,GAAG,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC;IACrD,CAAC;IACD,OAAO,EAAE,GAAG,GAAG,EAAE,GAAG,SAAS,EAAE,CAAC;AAClC,CAAC;AAED,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAE9B,SAAS,QAAQ,CAAC,MAAc;IAC9B,IAAI,MAAM,CAAC,MAAM,IAAI,gBAAgB;QAAE,OAAO,MAAM,CAAC;IACrD,OAAO,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,gBAAgB,CAAC,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,OAAO,CACrB,IAAoB,EACpB,SAAiC,EACjC,SAAiB;IAEjB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IAEzC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,KAAK,GAAG,IAAI,CAChB,IAAI,CAAC,OAAO,EACZ;YACE,GAAG,EAAE,YAAY,CAAC,SAAS,CAAC;YAC5B,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE,SAAS;SACnB,EACD,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;YACxB,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;YAEtC,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;gBAC1B,OAAO,CAAC;oBACN,OAAO,EAAE,KAAK;oBACd,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC;oBACxB,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC;oBACxB,UAAU;oBACV,QAAQ,EAAE,IAAI;iBACf,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,MAAM,QAAQ,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAyB,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACpE,OAAO,CAAC;gBACN,OAAO,EAAE,QAAQ,KAAK,CAAC;gBACvB,QAAQ;gBACR,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC;gBACxB,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC;gBACxB,UAAU;gBACV,QAAQ,EAAE,KAAK;aAChB,CAAC,CAAC;QACL,CAAC,CACF,CAAC;QAEF,uEAAuE;QACvE,KAAK,KAAK,CAAC;IACb,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/agent/synth-agent.d.ts ADDED Viewed

@@ -0,0 +1,168 @@
+import type { Deployment, DeploymentId, DeploymentTrigger, DebriefWriter, AppSettings } from "@synth-deploy/core";
+import type { IArtifactStore, IEnvironmentStore, IPartitionStore } from "@synth-deploy/core";
+import type { ServiceHealthChecker } from "./health-checker.js";
+import type { McpClientManager, McpToolResult } from "./mcp-client-manager.js";
+export interface DeploymentStore {
+    save(deployment: Deployment): void;
+    get(id: DeploymentId): Deployment | undefined;
+    getByPartition(partitionId: string): Deployment[];
+    getByArtifact(artifactId: string): Deployment[];
+    list(): Deployment[];
+    countByEnvironment(envId: string, since: Date): number;
+    findByArtifactVersion(artifactId: string, version: string, status?: string): Deployment[];
+    findRecentByArtifact(artifactId: string, since: Date, status?: string): Deployment[];
+    findLatestByEnvironment(envId: string): Deployment | undefined;
+}
+export interface AgentOptions {
+    /** Number of health check retries after initial failure. Default: 1 */
+    healthCheckRetries: number;
+    /** Base delay between health check retries in ms. Default: 500 */
+    healthCheckBackoffMs: number;
+    /** Simulated execution delay in ms. Default: 10 */
+    executionDelayMs: number;
+}
+/**
+ * Thrown when a pipeline step fails after the agent has reasoned through it
+ * and determined the deployment cannot proceed.
+ *
+ * Carries structured reasoning so the final debrief entry can explain
+ * exactly why the deployment was aborted.
+ */
+export declare class OrchestrationError extends Error {
+    readonly step: string;
+    readonly reasoning: string;
+    constructor(step: string, message: string, reasoning: string);
+}
+/**
+ * Command Agent — the reasoning engine that orchestrates deployments.
+ *
+ * Processes deployment requests through a structured pipeline. When a step
+ * encounters an unexpected situation, the agent evaluates the specifics —
+ * error type, environment context, conflict severity — and makes a
+ * context-dependent decision about how to proceed.
+ *
+ * Key reasoning behaviors:
+ *
+ *   Health check failures:
+ *   - DNS errors abort immediately (retrying won't resolve infrastructure config)
+ *   - Timeouts on production get extended backoff (service may be under load)
+ *   - Connection refused gets standard retry (process may be restarting)
+ *
+ *   Variable conflicts:
+ *   - Multiple connectivity vars pointing cross-environment → block deployment
+ *   - Single cross-env connectivity var → proceed with operator warning
+ *   - Sensitive variable overrides → proceed, log for audit without exposing values
+ *   - Standard overrides → proceed with precedence rules
+ *
+ * Every decision is recorded to the Debrief. No silent actions.
+ */
+export declare class SynthAgent {
+    private debrief;
+    private deployments;
+    private artifactStore;
+    private environmentStore;
+    private partitionStore;
+    private healthChecker;
+    private settingsReader?;
+    private options;
+    private explicitOptions;
+    mcpClientManager?: McpClientManager;
+    constructor(debrief: DebriefWriter, deployments: DeploymentStore, artifactStore: IArtifactStore, environmentStore: IEnvironmentStore, partitionStore: IPartitionStore, healthChecker?: ServiceHealthChecker, options?: Partial<AgentOptions>, settingsReader?: {
+        get(): AppSettings;
+    } | undefined);
+    /**
+     * Returns effective agent options. Precedence (highest wins):
+     *   1. Explicit constructor options
+     *   2. Global settings from SettingsStore
+     *   3. DEFAULT_OPTIONS
+     */
+    private getEffectiveOptions;
+    /**
+     * Check whether the caller has the required permission.
+     * RBAC enforcement is not yet implemented — always returns true.
+     */
+    private checkCallerPermission;
+    triggerDeployment(trigger: DeploymentTrigger): Promise<Deployment>;
+    /**
+     * Survey connected MCP servers and record available external intelligence
+     * to the Debrief. This runs before deployment to surface any relevant
+     * monitoring data, incident context, or diagnostic tools.
+     *
+     * Returns the list of tool call results (empty if no servers are connected).
+     * Never throws — external server failures must not block deployments.
+     */
+    runExternalChecks(partitionId: string, environmentId: string): Promise<McpToolResult[]>;
+    private resolveConfiguration;
+    /**
+     * Analyze all variable conflicts together and produce a risk assessment.
+     *
+     * This is where genuine reasoning happens — the decision depends on
+     * the combination of factors across all conflicts, not just individual
+     * pattern matches:
+     *
+     *   - A single cross-env connectivity var might be intentional partition config
+     *   - Multiple cross-env connectivity vars are almost certainly misconfiguration
+     *   - Sensitive vars get audit logging regardless of other factors
+     *   - The assessed risk level determines whether to proceed or block
+     */
+    private assessConflictRisk;
+    /**
+     * Record debrief entries for each conflict category found in the assessment.
+     */
+    private recordConflictReasoning;
+    /**
+     * Detect if a variable's winning value might reference the wrong environment.
+     */
+    private detectCrossEnvironmentPattern;
+    /**
+     * Pre-flight health check with context-dependent retry logic.
+     *
+     * The retry strategy depends on the error type:
+     *   - DNS failure → abort immediately (retrying won't fix infrastructure config)
+     *   - Timeout in production → retry with extended backoff (service under load)
+     *   - Connection refused → retry with standard backoff (process restarting)
+     *   - After retries exhausted → fail with environment-appropriate reasoning
+     */
+    private preflightHealthCheck;
+    /**
+     * Analyze a health check failure and decide what to do.
+     *
+     * The decision depends on three factors:
+     *   1. Error type (DNS vs timeout vs connection refused vs server error)
+     *   2. Environment context (production gets more patience)
+     *   3. Whether retries remain
+     *
+     * Different factor combinations produce different actions:
+     *   - DNS failure → abort immediately regardless of retries remaining
+     *   - Timeout + production + retries remaining → retry with extended backoff
+     *   - Connection refused + retries remaining → retry with standard backoff
+     *   - Any error + no retries remaining → abort with environment-specific message
+     */
+    private reasonAboutHealthFailure;
+    /**
+     * Categorize a health check error string into a semantic type.
+     * This drives the retry/abort decision tree.
+     */
+    private categorizeError;
+    private executeDeployment;
+    /**
+     * Delegate deployment execution to the configured Envoy.
+     * Throws OrchestrationError if the Envoy is unreachable or reports failure.
+     */
+    private delegateToEnvoy;
+    private postDeployVerify;
+    private delay;
+}
+export declare class InMemoryDeploymentStore implements DeploymentStore {
+    private deployments;
+    save(deployment: Deployment): void;
+    get(id: DeploymentId): Deployment | undefined;
+    getByPartition(partitionId: string): Deployment[];
+    getByArtifact(artifactId: string): Deployment[];
+    list(): Deployment[];
+    countByEnvironment(envId: string, since: Date): number;
+    findByArtifactVersion(artifactId: string, version: string, status?: string): Deployment[];
+    findRecentByArtifact(artifactId: string, since: Date, status?: string): Deployment[];
+    findLatestByEnvironment(envId: string): Deployment | undefined;
+}
+//# sourceMappingURL=synth-agent.d.ts.map

package/dist/agent/synth-agent.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"synth-agent.d.ts","sourceRoot":"","sources":["../../src/agent/synth-agent.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,UAAU,EACV,YAAY,EACZ,iBAAiB,EACjB,aAAa,EAIb,WAAW,EAEZ,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC7F,OAAO,KAAK,EACV,oBAAoB,EAErB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,KAAK,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAS/E,MAAM,WAAW,eAAe;IAC9B,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI,CAAC;IACnC,GAAG,CAAC,EAAE,EAAE,YAAY,GAAG,UAAU,GAAG,SAAS,CAAC;IAC9C,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,UAAU,EAAE,CAAC;IAClD,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,EAAE,CAAC;IAChD,IAAI,IAAI,UAAU,EAAE,CAAC;IACrB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,GAAG,MAAM,CAAC;IACvD,qBAAqB,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE,CAAC;IAC1F,oBAAoB,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE,CAAC;IACrF,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAAC;CAChE;AAED,MAAM,WAAW,YAAY;IAC3B,uEAAuE;IACvE,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kEAAkE;IAClE,oBAAoB,EAAE,MAAM,CAAC;IAC7B,mDAAmD;IACnD,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AA4ED;;;;;;GAMG;AACH,qBAAa,kBAAmB,SAAQ,KAAK;aAEzB,IAAI,EAAE,MAAM;aAEZ,SAAS,EAAE,MAAM;gBAFjB,IAAI,EAAE,MAAM,EAC5B,OAAO,EAAE,MAAM,EACC,SAAS,EAAE,MAAM;CAKpC;AAMD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,UAAU;IAMnB,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,aAAa;IACrB,OAAO,CAAC,gBAAgB;IACxB,OAAO,CAAC,cAAc;IACtB,OAAO,CAAC,aAAa;IAErB,OAAO,CAAC,cAAc,CAAC;IAZzB,OAAO,CAAC,OAAO,CAAe;IAC9B,OAAO,CAAC,eAAe,CAAwB;IAC/C,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;gBAG1B,OAAO,EAAE,aAAa,EACtB,WAAW,EAAE,eAAe,EAC5B,aAAa,EAAE,cAAc,EAC7B,gBAAgB,EAAE,iBAAiB,EACnC,cAAc,EAAE,eAAe,EAC/B,aAAa,GAAE,oBAAiD,EACxE,OAAO,GAAE,OAAO,CAAC,YAAY,CAAM,EAC3B,cAAc,CAAC,EAAE;QAAE,GAAG,IAAI,WAAW,CAAA;KAAE,YAAA;IAMjD;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB;IAc3B;;;OAGG;IACH,OAAO,CAAC,qBAAqB;IASvB,iBAAiB,CACrB,OAAO,EAAE,iBAAiB,GACzB,OAAO,CAAC,UAAU,CAAC;IA8RtB;;;;;;;OAOG;IACG,iBAAiB,CACrB,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,aAAa,EAAE,CAAC;IA8D3B,OAAO,CAAC,oBAAoB;IA2G5B;;;;;;;;;;;OAWG;IACH,OAAO,CAAC,kBAAkB;IA8G1B;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAoI/B;;OAEG;IACH,OAAO,CAAC,6BAA6B;IAoBrC;;;;;;;;OAQG;YACW,oBAAoB;IAoJlC;;;;;;;;;;;;;OAaG;IACH,OAAO,CAAC,wBAAwB;IA6FhC;;;OAGG;IACH,OAAO,CAAC,eAAe;YAiCT,iBAAiB;IAgD/B;;;OAGG;YACW,eAAe;YAqJf,gBAAgB;IA8B9B,OAAO,CAAC,KAAK;CAGd;AAMD,qBAAa,uBAAwB,YAAW,eAAe;IAC7D,OAAO,CAAC,WAAW,CAA4C;IAE/D,IAAI,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI;IAIlC,GAAG,CAAC,EAAE,EAAE,YAAY,GAAG,UAAU,GAAG,SAAS;IAI7C,cAAc,CAAC,WAAW,EAAE,MAAM,GAAG,UAAU,EAAE;IAMjD,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,EAAE;IAM/C,IAAI,IAAI,UAAU,EAAE;IAIpB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,GAAG,MAAM;IAMtD,qBAAqB,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE;IASzF,oBAAoB,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE;IAWpF,uBAAuB,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS;CAK/D"}