npm - @synth-deploy/server - Versions diffs - 0.1.0 - Mend

@synth-deploy/server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (317) hide show

package/dist/agent/debrief-retention.d.ts +12 -0
package/dist/agent/debrief-retention.d.ts.map +1 -0
package/dist/agent/debrief-retention.js +27 -0
package/dist/agent/debrief-retention.js.map +1 -0
package/dist/agent/envoy-client.d.ts +216 -0
package/dist/agent/envoy-client.d.ts.map +1 -0
package/dist/agent/envoy-client.js +266 -0
package/dist/agent/envoy-client.js.map +1 -0
package/dist/agent/envoy-registry.d.ts +102 -0
package/dist/agent/envoy-registry.d.ts.map +1 -0
package/dist/agent/envoy-registry.js +319 -0
package/dist/agent/envoy-registry.js.map +1 -0
package/dist/agent/health-checker.d.ts +39 -0
package/dist/agent/health-checker.d.ts.map +1 -0
package/dist/agent/health-checker.js +49 -0
package/dist/agent/health-checker.js.map +1 -0
package/dist/agent/mcp-client-manager.d.ts +36 -0
package/dist/agent/mcp-client-manager.d.ts.map +1 -0
package/dist/agent/mcp-client-manager.js +106 -0
package/dist/agent/mcp-client-manager.js.map +1 -0
package/dist/agent/stale-deployment-detector.d.ts +15 -0
package/dist/agent/stale-deployment-detector.d.ts.map +1 -0
package/dist/agent/stale-deployment-detector.js +50 -0
package/dist/agent/stale-deployment-detector.js.map +1 -0
package/dist/agent/step-runner.d.ts +31 -0
package/dist/agent/step-runner.d.ts.map +1 -0
package/dist/agent/step-runner.js +80 -0
package/dist/agent/step-runner.js.map +1 -0
package/dist/agent/synth-agent.d.ts +168 -0
package/dist/agent/synth-agent.d.ts.map +1 -0
package/dist/agent/synth-agent.js +1195 -0
package/dist/agent/synth-agent.js.map +1 -0
package/dist/api/agent.d.ts +36 -0
package/dist/api/agent.d.ts.map +1 -0
package/dist/api/agent.js +867 -0
package/dist/api/agent.js.map +1 -0
package/dist/api/api-keys.d.ts +4 -0
package/dist/api/api-keys.d.ts.map +1 -0
package/dist/api/api-keys.js +118 -0
package/dist/api/api-keys.js.map +1 -0
package/dist/api/artifacts.d.ts +5 -0
package/dist/api/artifacts.d.ts.map +1 -0
package/dist/api/artifacts.js +142 -0
package/dist/api/artifacts.js.map +1 -0
package/dist/api/auth.d.ts +4 -0
package/dist/api/auth.d.ts.map +1 -0
package/dist/api/auth.js +280 -0
package/dist/api/auth.js.map +1 -0
package/dist/api/deployments.d.ts +11 -0
package/dist/api/deployments.d.ts.map +1 -0
package/dist/api/deployments.js +1098 -0
package/dist/api/deployments.js.map +1 -0
package/dist/api/environments.d.ts +5 -0
package/dist/api/environments.d.ts.map +1 -0
package/dist/api/environments.js +69 -0
package/dist/api/environments.js.map +1 -0
package/dist/api/envoy-reports.d.ts +17 -0
package/dist/api/envoy-reports.d.ts.map +1 -0
package/dist/api/envoy-reports.js +138 -0
package/dist/api/envoy-reports.js.map +1 -0
package/dist/api/envoys.d.ts +5 -0
package/dist/api/envoys.d.ts.map +1 -0
package/dist/api/envoys.js +192 -0
package/dist/api/envoys.js.map +1 -0
package/dist/api/fleet.d.ts +11 -0
package/dist/api/fleet.d.ts.map +1 -0
package/dist/api/fleet.js +394 -0
package/dist/api/fleet.js.map +1 -0
package/dist/api/graph.d.ts +8 -0
package/dist/api/graph.d.ts.map +1 -0
package/dist/api/graph.js +355 -0
package/dist/api/graph.js.map +1 -0
package/dist/api/health.d.ts +20 -0
package/dist/api/health.d.ts.map +1 -0
package/dist/api/health.js +248 -0
package/dist/api/health.js.map +1 -0
package/dist/api/idp-schemas.d.ts +41 -0
package/dist/api/idp-schemas.d.ts.map +1 -0
package/dist/api/idp-schemas.js +17 -0
package/dist/api/idp-schemas.js.map +1 -0
package/dist/api/idp.d.ts +6 -0
package/dist/api/idp.d.ts.map +1 -0
package/dist/api/idp.js +620 -0
package/dist/api/idp.js.map +1 -0
package/dist/api/intake.d.ts +10 -0
package/dist/api/intake.d.ts.map +1 -0
package/dist/api/intake.js +418 -0
package/dist/api/intake.js.map +1 -0
package/dist/api/partitions.d.ts +5 -0
package/dist/api/partitions.d.ts.map +1 -0
package/dist/api/partitions.js +113 -0
package/dist/api/partitions.js.map +1 -0
package/dist/api/progress-event-store.d.ts +62 -0
package/dist/api/progress-event-store.d.ts.map +1 -0
package/dist/api/progress-event-store.js +118 -0
package/dist/api/progress-event-store.js.map +1 -0
package/dist/api/schemas.d.ts +1000 -0
package/dist/api/schemas.d.ts.map +1 -0
package/dist/api/schemas.js +328 -0
package/dist/api/schemas.js.map +1 -0
package/dist/api/security-boundaries.d.ts +4 -0
package/dist/api/security-boundaries.d.ts.map +1 -0
package/dist/api/security-boundaries.js +32 -0
package/dist/api/security-boundaries.js.map +1 -0
package/dist/api/settings.d.ts +4 -0
package/dist/api/settings.d.ts.map +1 -0
package/dist/api/settings.js +99 -0
package/dist/api/settings.js.map +1 -0
package/dist/api/system.d.ts +75 -0
package/dist/api/system.d.ts.map +1 -0
package/dist/api/system.js +558 -0
package/dist/api/system.js.map +1 -0
package/dist/api/telemetry.d.ts +4 -0
package/dist/api/telemetry.d.ts.map +1 -0
package/dist/api/telemetry.js +24 -0
package/dist/api/telemetry.js.map +1 -0
package/dist/api/users.d.ts +4 -0
package/dist/api/users.d.ts.map +1 -0
package/dist/api/users.js +173 -0
package/dist/api/users.js.map +1 -0
package/dist/archive-unpacker.d.ts +24 -0
package/dist/archive-unpacker.d.ts.map +1 -0
package/dist/archive-unpacker.js +239 -0
package/dist/archive-unpacker.js.map +1 -0
package/dist/artifact-analyzer.d.ts +59 -0
package/dist/artifact-analyzer.d.ts.map +1 -0
package/dist/artifact-analyzer.js +334 -0
package/dist/artifact-analyzer.js.map +1 -0
package/dist/auth/idp/index.d.ts +9 -0
package/dist/auth/idp/index.d.ts.map +1 -0
package/dist/auth/idp/index.js +5 -0
package/dist/auth/idp/index.js.map +1 -0
package/dist/auth/idp/ldap.d.ts +56 -0
package/dist/auth/idp/ldap.d.ts.map +1 -0
package/dist/auth/idp/ldap.js +276 -0
package/dist/auth/idp/ldap.js.map +1 -0
package/dist/auth/idp/oidc.d.ts +27 -0
package/dist/auth/idp/oidc.d.ts.map +1 -0
package/dist/auth/idp/oidc.js +97 -0
package/dist/auth/idp/oidc.js.map +1 -0
package/dist/auth/idp/role-mapping.d.ts +9 -0
package/dist/auth/idp/role-mapping.d.ts.map +1 -0
package/dist/auth/idp/role-mapping.js +16 -0
package/dist/auth/idp/role-mapping.js.map +1 -0
package/dist/auth/idp/saml.d.ts +40 -0
package/dist/auth/idp/saml.d.ts.map +1 -0
package/dist/auth/idp/saml.js +117 -0
package/dist/auth/idp/saml.js.map +1 -0
package/dist/auth/idp/types.d.ts +23 -0
package/dist/auth/idp/types.d.ts.map +1 -0
package/dist/auth/idp/types.js +2 -0
package/dist/auth/idp/types.js.map +1 -0
package/dist/fleet/fleet-executor.d.ts +35 -0
package/dist/fleet/fleet-executor.d.ts.map +1 -0
package/dist/fleet/fleet-executor.js +228 -0
package/dist/fleet/fleet-executor.js.map +1 -0
package/dist/fleet/fleet-store.d.ts +13 -0
package/dist/fleet/fleet-store.d.ts.map +1 -0
package/dist/fleet/fleet-store.js +13 -0
package/dist/fleet/fleet-store.js.map +1 -0
package/dist/fleet/index.d.ts +5 -0
package/dist/fleet/index.d.ts.map +1 -0
package/dist/fleet/index.js +4 -0
package/dist/fleet/index.js.map +1 -0
package/dist/fleet/representative-selector.d.ts +15 -0
package/dist/fleet/representative-selector.d.ts.map +1 -0
package/dist/fleet/representative-selector.js +71 -0
package/dist/fleet/representative-selector.js.map +1 -0
package/dist/graph/graph-executor.d.ts +36 -0
package/dist/graph/graph-executor.d.ts.map +1 -0
package/dist/graph/graph-executor.js +348 -0
package/dist/graph/graph-executor.js.map +1 -0
package/dist/graph/graph-inference.d.ts +22 -0
package/dist/graph/graph-inference.d.ts.map +1 -0
package/dist/graph/graph-inference.js +149 -0
package/dist/graph/graph-inference.js.map +1 -0
package/dist/graph/graph-store.d.ts +12 -0
package/dist/graph/graph-store.d.ts.map +1 -0
package/dist/graph/graph-store.js +61 -0
package/dist/graph/graph-store.js.map +1 -0
package/dist/graph/index.d.ts +5 -0
package/dist/graph/index.d.ts.map +1 -0
package/dist/graph/index.js +4 -0
package/dist/graph/index.js.map +1 -0
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +837 -0
package/dist/index.js.map +1 -0
package/dist/intake/index.d.ts +6 -0
package/dist/intake/index.d.ts.map +1 -0
package/dist/intake/index.js +5 -0
package/dist/intake/index.js.map +1 -0
package/dist/intake/intake-processor.d.ts +17 -0
package/dist/intake/intake-processor.d.ts.map +1 -0
package/dist/intake/intake-processor.js +99 -0
package/dist/intake/intake-processor.js.map +1 -0
package/dist/intake/intake-store.d.ts +7 -0
package/dist/intake/intake-store.d.ts.map +1 -0
package/dist/intake/intake-store.js +7 -0
package/dist/intake/intake-store.js.map +1 -0
package/dist/intake/registry-poller.d.ts +41 -0
package/dist/intake/registry-poller.d.ts.map +1 -0
package/dist/intake/registry-poller.js +202 -0
package/dist/intake/registry-poller.js.map +1 -0
package/dist/intake/webhook-handlers.d.ts +37 -0
package/dist/intake/webhook-handlers.d.ts.map +1 -0
package/dist/intake/webhook-handlers.js +268 -0
package/dist/intake/webhook-handlers.js.map +1 -0
package/dist/logger.d.ts +5 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +15 -0
package/dist/logger.js.map +1 -0
package/dist/mcp/resources.d.ts +9 -0
package/dist/mcp/resources.d.ts.map +1 -0
package/dist/mcp/resources.js +72 -0
package/dist/mcp/resources.js.map +1 -0
package/dist/mcp/server.d.ts +15 -0
package/dist/mcp/server.d.ts.map +1 -0
package/dist/mcp/server.js +20 -0
package/dist/mcp/server.js.map +1 -0
package/dist/mcp/tools.d.ts +9 -0
package/dist/mcp/tools.d.ts.map +1 -0
package/dist/mcp/tools.js +88 -0
package/dist/mcp/tools.js.map +1 -0
package/dist/middleware/auth.d.ts +29 -0
package/dist/middleware/auth.d.ts.map +1 -0
package/dist/middleware/auth.js +76 -0
package/dist/middleware/auth.js.map +1 -0
package/dist/middleware/permissions.d.ts +13 -0
package/dist/middleware/permissions.d.ts.map +1 -0
package/dist/middleware/permissions.js +32 -0
package/dist/middleware/permissions.js.map +1 -0
package/dist/pattern-store.d.ts +104 -0
package/dist/pattern-store.d.ts.map +1 -0
package/dist/pattern-store.js +299 -0
package/dist/pattern-store.js.map +1 -0
package/package.json +54 -0
package/src/agent/debrief-retention.ts +44 -0
package/src/agent/envoy-client.ts +474 -0
package/src/agent/envoy-registry.ts +384 -0
package/src/agent/health-checker.ts +70 -0
package/src/agent/mcp-client-manager.ts +131 -0
package/src/agent/stale-deployment-detector.ts +79 -0
package/src/agent/step-runner.ts +124 -0
package/src/agent/synth-agent.ts +1567 -0
package/src/api/agent.ts +1075 -0
package/src/api/api-keys.ts +129 -0
package/src/api/artifacts.ts +194 -0
package/src/api/auth.ts +320 -0
package/src/api/deployments.ts +1347 -0
package/src/api/environments.ts +97 -0
package/src/api/envoy-reports.ts +159 -0
package/src/api/envoys.ts +237 -0
package/src/api/fleet.ts +510 -0
package/src/api/graph.ts +516 -0
package/src/api/health.ts +311 -0
package/src/api/idp-schemas.ts +19 -0
package/src/api/idp.ts +735 -0
package/src/api/intake.ts +537 -0
package/src/api/partitions.ts +147 -0
package/src/api/progress-event-store.ts +153 -0
package/src/api/schemas.ts +376 -0
package/src/api/security-boundaries.ts +54 -0
package/src/api/settings.ts +118 -0
package/src/api/system.ts +704 -0
package/src/api/telemetry.ts +32 -0
package/src/api/users.ts +210 -0
package/src/archive-unpacker.ts +271 -0
package/src/artifact-analyzer.ts +438 -0
package/src/auth/idp/index.ts +8 -0
package/src/auth/idp/ldap.ts +340 -0
package/src/auth/idp/oidc.ts +117 -0
package/src/auth/idp/role-mapping.ts +22 -0
package/src/auth/idp/saml.ts +148 -0
package/src/auth/idp/types.ts +22 -0
package/src/fleet/fleet-executor.ts +309 -0
package/src/fleet/fleet-store.ts +13 -0
package/src/fleet/index.ts +4 -0
package/src/fleet/representative-selector.ts +83 -0
package/src/graph/graph-executor.ts +446 -0
package/src/graph/graph-inference.ts +184 -0
package/src/graph/graph-store.ts +75 -0
package/src/graph/index.ts +4 -0
package/src/index.ts +916 -0
package/src/intake/index.ts +5 -0
package/src/intake/intake-processor.ts +111 -0
package/src/intake/intake-store.ts +7 -0
package/src/intake/registry-poller.ts +230 -0
package/src/intake/webhook-handlers.ts +328 -0
package/src/logger.ts +19 -0
package/src/mcp/resources.ts +98 -0
package/src/mcp/server.ts +34 -0
package/src/mcp/tools.ts +117 -0
package/src/middleware/auth.ts +103 -0
package/src/middleware/permissions.ts +35 -0
package/src/pattern-store.ts +409 -0
package/tests/agent-mode.test.ts +536 -0
package/tests/api-handlers.test.ts +1245 -0
package/tests/archive-unpacker.test.ts +179 -0
package/tests/artifact-analyzer.test.ts +240 -0
package/tests/auth-middleware.test.ts +189 -0
package/tests/decision-diary.test.ts +957 -0
package/tests/diary-reader.test.ts +782 -0
package/tests/envoy-client.test.ts +342 -0
package/tests/envoy-reports.test.ts +156 -0
package/tests/mcp-tools.test.ts +213 -0
package/tests/orchestration.test.ts +536 -0
package/tests/partition-deletion.test.ts +143 -0
package/tests/partition-isolation.test.ts +830 -0
package/tests/pattern-store.test.ts +371 -0
package/tests/rbac-enforcement.test.ts +409 -0
package/tests/ssrf-validation.test.ts +56 -0
package/tests/stale-deployment.test.ts +85 -0
package/tests/step-runner.test.ts +308 -0
package/tests/ui-journey.test.ts +330 -0
package/tsconfig.json +11 -0
package/vitest.config.ts +27 -0

package/src/artifact-analyzer.ts ADDED Viewed

@@ -0,0 +1,438 @@
+import type { ArtifactAnalysis, Artifact } from "@synth-deploy/core";
+import type { LlmClient, LlmResult } from "@synth-deploy/core";
+import type { DebriefWriter } from "@synth-deploy/core";
+import { sanitizeForPrompt } from "@synth-deploy/core";
+import type { PatternStore, PatternMatch, DerivedAnalysis } from "./pattern-store.js";
+import { archiveFormat, unpackArchive, formatExtractedFiles } from "./archive-unpacker.js";
+// ---------------------------------------------------------------------------
+// Public types
+// ---------------------------------------------------------------------------
+export interface ArtifactInput {
+  name: string;
+  type?: string;
+  source: string;
+  content?: Buffer;
+  metadata?: Record<string, string>;
+}
+export interface AnalysisResult {
+  analysis: ArtifactAnalysis;
+  /** How the analysis was produced */
+  method: "llm" | "pattern-auto" | "pattern-suggest" | "unavailable";
+  /** Patterns that were matched, if any */
+  matchedPatterns?: PatternMatch[];
+}
+// ---------------------------------------------------------------------------
+// Type detection
+// ---------------------------------------------------------------------------
+/**
+ * Detect artifact type from name and metadata.
+ * Used as a hint for the LLM and for intake routing — not for analysis.
+ */
+export function detectArtifactType(artifact: ArtifactInput): string {
+  if (artifact.type) return artifact.type;
+  const name = artifact.name.toLowerCase();
+  const meta = artifact.metadata || {};
+  if (name === "dockerfile" || name.endsWith("/dockerfile") || meta["content-type"]?.includes("dockerfile")) {
+    return "dockerfile";
+  }
+  if (name === "chart.yaml" || name === "chart.yml") return "helm-chart";
+  if (name === "values.yaml" || name === "values.yml") return "helm-values";
+  if (name === "package.json") return "node-package";
+  if (name === "makefile" || name.endsWith("/makefile")) return "makefile";
+  if (name.endsWith(".tar.gz") || name.endsWith(".tgz")) return "tarball";
+  if (name.endsWith(".tar")) return "tarball";
+  if (name.endsWith(".zip")) return "zip";
+  if (name.endsWith(".nupkg")) return "nupkg";
+  if (name.endsWith(".jar") || name.endsWith(".war") || name.endsWith(".ear")) return "java-archive";
+  if (name.endsWith(".whl")) return "python-package";
+  if (name.endsWith(".deb")) return "debian-package";
+  if (name.endsWith(".rpm")) return "rpm-package";
+  if (name.endsWith(".yaml") || name.endsWith(".yml")) return "yaml";
+  if (name.endsWith(".json")) return "json";
+  if (name.endsWith(".sh") || name.endsWith(".bash")) return "shell-script";
+  return "unknown";
+}
+// ---------------------------------------------------------------------------
+// LLM reasoning
+// ---------------------------------------------------------------------------
+const ANALYSIS_SYSTEM_PROMPT = `You are a deployment artifact analyzer. Given information about a deployment artifact, produce a structured analysis.
+Your response must be valid JSON with these fields:
+- "summary": A plain-language description (1-3 sentences) of what this artifact is and how it should be deployed.
+- "dependencies": An array of strings listing runtime dependencies, system requirements, or external services needed.
+- "configurationExpectations": An object mapping configuration key names to descriptions of expected values.
+- "deploymentIntent": A short phrase describing the deployment method (e.g., "Container deployment via Docker Compose", "Kubernetes Helm release").
+- "confidence": A number 0-1 indicating how confident you are in this analysis.
+Focus on actionable deployment intelligence. Be specific about ports, environment variables, and deployment prerequisites.`;
+async function analyzeWithLlm(
+  llm: LlmClient,
+  artifact: ArtifactInput,
+  artifactType: string,
+  extractedArchiveContent?: string,
+): Promise<ArtifactAnalysis | null> {
+  const contentSection = extractedArchiveContent
+    ? `Archive contents:\n\n${sanitizeForPrompt(extractedArchiveContent)}`
+    : artifact.content
+      ? `Content:\n'''\n${sanitizeForPrompt(artifact.content.toString("utf-8").slice(0, 4000))}\n'''`
+      : "(no content available)";
+  const prompt = `Analyze this deployment artifact.
+Name: ${sanitizeForPrompt(artifact.name)}
+Type: ${sanitizeForPrompt(artifactType)}
+Source: ${sanitizeForPrompt(artifact.source)}
+Metadata: ${sanitizeForPrompt(JSON.stringify(artifact.metadata || {}))}
+${contentSection}
+Produce a JSON analysis of this artifact for deployment planning purposes.`;
+  const result: LlmResult = await llm.reason({
+    prompt,
+    systemPrompt: ANALYSIS_SYSTEM_PROMPT,
+    promptSummary: `Artifact analysis for "${artifact.name}" (${artifactType})`,
+  });
+  if (!result.ok) {
+    console.warn(`[artifact-analyzer] LLM analysis failed for "${artifact.name}": ${result.reason}`);
+    return null;
+  }
+  try {
+    const jsonMatch = result.text.match(/\{[\s\S]*\}/);
+    if (!jsonMatch) return null;
+    const parsed = JSON.parse(jsonMatch[0]) as {
+      summary?: string;
+      dependencies?: string[];
+      configurationExpectations?: Record<string, string>;
+      deploymentIntent?: string;
+      confidence?: number;
+    };
+    return {
+      summary: parsed.summary ?? `Analysis of "${artifact.name}"`,
+      dependencies: parsed.dependencies ?? [],
+      configurationExpectations: parsed.configurationExpectations ?? {},
+      deploymentIntent: parsed.deploymentIntent,
+      confidence: typeof parsed.confidence === "number" ? parsed.confidence : 0.5,
+    };
+  } catch {
+    return null;
+  }
+}
+// ---------------------------------------------------------------------------
+// Pattern overlay
+// ---------------------------------------------------------------------------
+function applyPatternOverrides(
+  analysis: ArtifactAnalysis,
+  derived: DerivedAnalysis,
+): ArtifactAnalysis {
+  return {
+    summary: derived.summary || analysis.summary,
+    dependencies: derived.dependencies && derived.dependencies.length > 0
+      ? derived.dependencies
+      : analysis.dependencies,
+    configurationExpectations: derived.configurationExpectations
+      ? { ...analysis.configurationExpectations, ...derived.configurationExpectations }
+      : analysis.configurationExpectations,
+    deploymentIntent: derived.deploymentIntent || analysis.deploymentIntent,
+    confidence: analysis.confidence,
+  };
+}
+// ---------------------------------------------------------------------------
+// ArtifactAnalyzer
+// ---------------------------------------------------------------------------
+export interface ArtifactAnalyzerDeps {
+  llm: LlmClient;
+  debrief: DebriefWriter;
+  patternStore?: PatternStore;
+}
+/**
+ * Artifact analysis engine.
+ *
+ * Analysis pipeline:
+ *   1. Check pattern store for matching corrections (if available)
+ *      - Auto-apply if >= 2 corrections and confidence >= 0.7 (no LLM call)
+ *      - Suggest if 1 correction or confidence < 0.7 (apply as overlay after LLM)
+ *   2. If LLM is unavailable, return an "unavailable" result — no silent fallback
+ *   3. Run LLM analysis on the raw artifact content
+ *   4. Apply pattern-suggest overlay if applicable
+ *   5. Record debrief entry with decision trail
+ */
+export class ArtifactAnalyzer {
+  private readonly _llm: LlmClient;
+  private readonly _debrief: DebriefWriter;
+  private readonly _patternStore?: PatternStore;
+  constructor(deps: ArtifactAnalyzerDeps) {
+    this._llm = deps.llm;
+    this._debrief = deps.debrief;
+    this._patternStore = deps.patternStore;
+  }
+  /**
+   * Analyze a deployment artifact. Returns structured analysis with
+   * confidence score and method used.
+   */
+  async analyze(artifact: ArtifactInput): Promise<AnalysisResult> {
+    const artifactType = detectArtifactType(artifact);
+    const reasoningTrail: string[] = [];
+    reasoningTrail.push(`Artifact: "${artifact.name}", detected type: ${artifactType}, source: ${artifact.source}`);
+    // --- Step 1: Check pattern store ---
+    let matchedPatterns: PatternMatch[] = [];
+    if (this._patternStore) {
+      matchedPatterns = this._patternStore.findMatches(
+        artifact.source,
+        artifactType,
+        artifact.name,
+      );
+      if (matchedPatterns.length > 0) {
+        const autoMatch = matchedPatterns.find((m) => m.mode === "auto");
+        if (autoMatch) {
+          reasoningTrail.push(
+            `Pattern match: "${autoMatch.pattern.namePattern}" (${autoMatch.pattern.corrections.length} corrections, confidence ${autoMatch.pattern.confidence}). Auto-applying without LLM call.`,
+          );
+          const analysis: ArtifactAnalysis = {
+            summary: autoMatch.pattern.derivedAnalysis.summary ?? `Pattern-matched artifact "${artifact.name}"`,
+            dependencies: autoMatch.pattern.derivedAnalysis.dependencies ?? [],
+            configurationExpectations: autoMatch.pattern.derivedAnalysis.configurationExpectations ?? {},
+            deploymentIntent: autoMatch.pattern.derivedAnalysis.deploymentIntent,
+            confidence: autoMatch.pattern.confidence,
+          };
+          this._patternStore.recordApplication(autoMatch.pattern.id);
+          reasoningTrail.push("Pattern derived analysis applied directly.");
+          this._recordDebrief(artifact, artifactType, analysis, "pattern-auto", reasoningTrail);
+          return { analysis, method: "pattern-auto", matchedPatterns };
+        }
+        reasoningTrail.push(
+          `Pattern suggestion available: "${matchedPatterns[0].pattern.namePattern}" ` +
+          `(${matchedPatterns[0].pattern.corrections.length} corrections, ` +
+          `confidence ${matchedPatterns[0].pattern.confidence}). ` +
+          `Not auto-applying — threshold not met.`,
+        );
+      }
+    }
+    // --- Step 2: Unpack archive if applicable ---
+    let extractedArchiveContent: string | undefined;
+    if (artifact.content) {
+      const format = archiveFormat(artifactType, artifact.name);
+      if (format) {
+        const unpacked = await unpackArchive(artifact.content, format);
+        extractedArchiveContent = formatExtractedFiles(unpacked);
+        reasoningTrail.push(
+          `Archive unpacked (${format}): ${unpacked.files.length} text files extracted, ${unpacked.skipped} skipped.`,
+        );
+      }
+    }
+    // --- Step 3: Require LLM ---
+    if (!this._llm.isAvailable()) {
+      const analysis: ArtifactAnalysis = {
+        summary: `Cannot analyze "${artifact.name}" — LLM is required for artifact analysis.`,
+        dependencies: [],
+        configurationExpectations: {},
+        confidence: 0,
+      };
+      reasoningTrail.push("LLM not available — analysis cannot proceed.");
+      this._recordDebrief(artifact, artifactType, analysis, "unavailable", reasoningTrail);
+      return { analysis, method: "unavailable" };
+    }
+    // --- Step 4: LLM analysis ---
+    reasoningTrail.push("LLM available — analyzing artifact.");
+    const llmAnalysis = await analyzeWithLlm(this._llm, artifact, artifactType, extractedArchiveContent);
+    if (!llmAnalysis) {
+      const analysis: ArtifactAnalysis = {
+        summary: `Analysis of "${artifact.name}" failed — LLM returned no usable result.`,
+        dependencies: [],
+        configurationExpectations: {},
+        confidence: 0,
+      };
+      reasoningTrail.push("LLM returned no usable result.");
+      this._recordDebrief(artifact, artifactType, analysis, "unavailable", reasoningTrail);
+      return { analysis, method: "unavailable" };
+    }
+    reasoningTrail.push(`LLM analysis complete. Confidence: ${llmAnalysis.confidence}.`);
+    let analysis = llmAnalysis;
+    let method: AnalysisResult["method"] = "llm";
+    // --- Step 4: Apply pattern-suggest overlay ---
+    if (matchedPatterns.length > 0) {
+      analysis = applyPatternOverrides(analysis, matchedPatterns[0].pattern.derivedAnalysis);
+      method = "pattern-suggest";
+      reasoningTrail.push("Pattern suggestion applied as overlay on LLM analysis.");
+    }
+    this._recordDebrief(artifact, artifactType, analysis, method, reasoningTrail);
+    return {
+      analysis,
+      method,
+      matchedPatterns: matchedPatterns.length > 0 ? matchedPatterns : undefined,
+    };
+  }
+  /**
+   * Re-analyze an artifact using its stored annotations as correction context.
+   * Returns null if LLM is unavailable.
+   */
+  async reanalyzeWithAnnotations(artifact: Artifact): Promise<ArtifactAnalysis | null> {
+    if (!this._llm.isAvailable() || artifact.annotations.length === 0) return null;
+    const correctionsText = artifact.annotations
+      .map((a) => `- ${a.field}: ${a.correction}`)
+      .join("\n");
+    const prompt = `An artifact's analysis has user corrections. Revise the analysis to incorporate them.
+Artifact Name: ${sanitizeForPrompt(artifact.name)}
+Type: ${sanitizeForPrompt(artifact.type)}
+Current Analysis:
+Summary: ${sanitizeForPrompt(artifact.analysis.summary)}
+Dependencies: ${sanitizeForPrompt(JSON.stringify(artifact.analysis.dependencies))}
+Configuration Expectations: ${sanitizeForPrompt(JSON.stringify(artifact.analysis.configurationExpectations))}
+Deployment Intent: ${sanitizeForPrompt(artifact.analysis.deploymentIntent ?? "unknown")}
+Confidence: ${artifact.analysis.confidence}
+User Corrections:
+${sanitizeForPrompt(correctionsText)}
+Produce a JSON analysis that incorporates all user corrections. Raise confidence proportional to how much the corrections clarify the artifact's purpose.`;
+    const result: LlmResult = await this._llm.reason({
+      prompt,
+      systemPrompt: ANALYSIS_SYSTEM_PROMPT,
+      promptSummary: `Re-analysis of "${artifact.name}" with ${artifact.annotations.length} user correction(s)`,
+    });
+    if (!result.ok) return null;
+    try {
+      const jsonMatch = result.text.match(/\{[\s\S]*\}/);
+      if (!jsonMatch) return null;
+      const parsed = JSON.parse(jsonMatch[0]) as {
+        summary?: string;
+        dependencies?: string[];
+        configurationExpectations?: Record<string, string>;
+        deploymentIntent?: string;
+        confidence?: number;
+      };
+      const revised: ArtifactAnalysis = {
+        summary: parsed.summary ?? artifact.analysis.summary,
+        dependencies: parsed.dependencies ?? artifact.analysis.dependencies,
+        configurationExpectations: parsed.configurationExpectations ?? artifact.analysis.configurationExpectations,
+        deploymentIntent: parsed.deploymentIntent ?? artifact.analysis.deploymentIntent,
+        confidence: typeof parsed.confidence === "number"
+          ? Math.max(parsed.confidence, artifact.analysis.confidence)
+          : artifact.analysis.confidence,
+      };
+      this._debrief.record({
+        partitionId: null,
+        deploymentId: null,
+        agent: "server",
+        decisionType: "artifact-analysis",
+        decision: `Re-analyzed "${artifact.name}" with ${artifact.annotations.length} user correction(s). Confidence: ${revised.confidence}.`,
+        reasoning: result.text,
+        context: {
+          artifactName: artifact.name,
+          corrections: correctionsText,
+          confidence: revised.confidence,
+          prompt,
+        },
+      });
+      return revised;
+    } catch {
+      return null;
+    }
+  }
+  // -------------------------------------------------------------------------
+  // Debrief integration
+  // -------------------------------------------------------------------------
+  private _recordDebrief(
+    artifact: ArtifactInput,
+    artifactType: string,
+    analysis: ArtifactAnalysis,
+    method: AnalysisResult["method"],
+    reasoningTrail: string[],
+  ): void {
+    const confidenceLabel =
+      analysis.confidence >= 0.8
+        ? "high"
+        : analysis.confidence >= 0.5
+          ? "medium"
+          : "low";
+    this._debrief.record({
+      partitionId: null,
+      deploymentId: null,
+      agent: "server",
+      decisionType: "artifact-analysis",
+      decision: `Analyzed artifact "${artifact.name}" (${artifactType}) via ${method}. ` +
+        `Confidence: ${analysis.confidence} (${confidenceLabel}). ` +
+        `Found ${analysis.dependencies.length} dependencies, ` +
+        `${Object.keys(analysis.configurationExpectations).length} configuration expectations.`,
+      reasoning: reasoningTrail.join(" "),
+      context: {
+        artifactName: artifact.name,
+        artifactType,
+        source: artifact.source,
+        method,
+        confidence: analysis.confidence,
+        confidenceLabel,
+        dependencyCount: analysis.dependencies.length,
+        configExpectationCount: Object.keys(analysis.configurationExpectations).length,
+        deploymentIntent: analysis.deploymentIntent,
+      },
+    });
+  }
+}
+// ---------------------------------------------------------------------------
+// Factory
+// ---------------------------------------------------------------------------
+export function createArtifactAnalyzer(deps: ArtifactAnalyzerDeps): ArtifactAnalyzer {
+  return new ArtifactAnalyzer(deps);
+}

package/src/auth/idp/index.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export type { IdpAdapter } from "./types.js";
+export { OidcAdapter } from "./oidc.js";
+export type { OidcAuthenticateParams } from "./oidc.js";
+export { SamlAdapter } from "./saml.js";
+export type { SamlConfig, SamlAuthenticateParams } from "./saml.js";
+export { LdapAdapter } from "./ldap.js";
+export type { LdapConfig, LdapAuthenticateParams } from "./ldap.js";
+export { applyRoleMappings } from "./role-mapping.js";