@teambit/workspace 1.0.974 → 1.0.976

package/dist/{preview-1778178157117.js → preview-1778254115658.js}

@@ -1,5 +1,5 @@
-import * as compositions_0 from '/home/circleci/Library/Caches/Bit/capsules/8891be5ad/teambit.workspace_workspace@1.0.974/dist/workspace.composition.js';
-import * as overview_0 from '/home/circleci/Library/Caches/Bit/capsules/8891be5ad/teambit.workspace_workspace@1.0.974/dist/workspace.docs.mdx';
+import * as compositions_0 from '/home/circleci/Library/Caches/Bit/capsules/8891be5ad/teambit.workspace_workspace@1.0.976/dist/workspace.composition.js';
+import * as overview_0 from '/home/circleci/Library/Caches/Bit/capsules/8891be5ad/teambit.workspace_workspace@1.0.976/dist/workspace.docs.mdx';
 
 export const compositions = [compositions_0];
 export const overview = [overview_0];

package/dist/scope-trust/index.d.ts

@@ -0,0 +1,2 @@
+export { ScopeTrust } from './scope-trust';
+export { ScopeTrustCmd } from './scope-trust.cmd';

package/dist/scope-trust/index.js

@@ -0,0 +1,33 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+Object.defineProperty(exports, "ScopeTrust", {
+  enumerable: true,
+  get: function () {
+    return _scopeTrust().ScopeTrust;
+  }
+});
+Object.defineProperty(exports, "ScopeTrustCmd", {
+  enumerable: true,
+  get: function () {
+    return _scopeTrust2().ScopeTrustCmd;
+  }
+});
+function _scopeTrust() {
+  const data = require("./scope-trust");
+  _scopeTrust = function () {
+    return data;
+  };
+  return data;
+}
+function _scopeTrust2() {
+  const data = require("./scope-trust.cmd");
+  _scopeTrust2 = function () {
+    return data;
+  };
+  return data;
+}
+
+//# sourceMappingURL=index.js.map

package/dist/scope-trust/index.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_scopeTrust","data","require","_scopeTrust2"],"sources":["index.ts"],"sourcesContent":["export { ScopeTrust } from './scope-trust';\nexport { ScopeTrustCmd } from './scope-trust.cmd';\n"],"mappings":";;;;;;;;;;;;;;;;;AAAA,SAAAA,YAAA;EAAA,MAAAC,IAAA,GAAAC,OAAA;EAAAF,WAAA,YAAAA,CAAA;IAAA,OAAAC,IAAA;EAAA;EAAA,OAAAA,IAAA;AAAA;AACA,SAAAE,aAAA;EAAA,MAAAF,IAAA,GAAAC,OAAA;EAAAC,YAAA,YAAAA,CAAA;IAAA,OAAAF,IAAA;EAAA;EAAA,OAAAA,IAAA;AAAA","ignoreList":[]}

package/dist/scope-trust/scope-trust.cmd.d.ts

@@ -0,0 +1,18 @@
+import type { Command } from '@teambit/cli';
+import type { ScopeTrust } from './scope-trust';
+export declare class ScopeTrustCmd implements Command {
+    private scopeTrust;
+    name: string;
+    description: string;
+    arguments: {
+        name: string;
+        description: string;
+    }[];
+    options: never[];
+    group: string;
+    loadAspects: boolean;
+    extendedDescription: string;
+    constructor(scopeTrust: ScopeTrust);
+    report(args: string[]): Promise<string>;
+    private formatList;
+}

package/dist/scope-trust/scope-trust.cmd.js

@@ -0,0 +1,109 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.ScopeTrustCmd = void 0;
+function _cli() {
+  const data = require("@teambit/cli");
+  _cli = function () {
+    return data;
+  };
+  return data;
+}
+function _bitError() {
+  const data = require("@teambit/bit-error");
+  _bitError = function () {
+    return data;
+  };
+  return data;
+}
+function _chalk() {
+  const data = _interopRequireDefault(require("chalk"));
+  _chalk = function () {
+    return data;
+  };
+  return data;
+}
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+function _defineProperty(e, r, t) { return (r = _toPropertyKey(r)) in e ? Object.defineProperty(e, r, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : e[r] = t, e; }
+function _toPropertyKey(t) { var i = _toPrimitive(t, "string"); return "symbol" == typeof i ? i : i + ""; }
+function _toPrimitive(t, r) { if ("object" != typeof t || !t) return t; var e = t[Symbol.toPrimitive]; if (void 0 !== e) { var i = e.call(t, r || "default"); if ("object" != typeof i) return i; throw new TypeError("@@toPrimitive must return a primitive value."); } return ("string" === r ? String : Number)(t); }
+const ACTIONS = ['list', 'enable', 'disable', 'add', 'remove'];
+class ScopeTrustCmd {
+  constructor(scopeTrust) {
+    this.scopeTrust = scopeTrust;
+    _defineProperty(this, "name", 'trust [action] [pattern]');
+    _defineProperty(this, "description", "manage which scopes are trusted to load aspects (envs, etc.) into the workspace's process");
+    _defineProperty(this, "arguments", [{
+      name: 'action',
+      description: `one of: ${ACTIONS.join(', ')}. defaults to "list".`
+    }, {
+      name: 'pattern',
+      description: 'scope pattern (required for "add" and "remove")'
+    }]);
+    _defineProperty(this, "options", []);
+    _defineProperty(this, "group", 'component-config');
+    // Don't load aspects for this command. If the workspace already references
+    // an aspect from a scope that the trust list doesn't allow, the pre-command
+    // aspect-load step would itself trip the gate, leaving the user with no way
+    // to run `bit scope trust` to fix it. Skipping aspect-load keeps the command
+    // usable as a recovery path.
+    _defineProperty(this, "loadAspects", false);
+    _defineProperty(this, "extendedDescription", `scope-trust is opt-in. when off (the default), aspects from any scope load without a check. when on, aspects from a scope outside the trust list trigger a prompt (interactive shells) or an error (non-interactive).
+
+  bit scope trust                    # same as "list"
+  bit scope trust list               # show status; if on, print the effective trust list
+  bit scope trust enable             # turn on (writes "trustedScopes": [] to workspace.jsonc)
+  bit scope trust disable            # turn off (removes "trustedScopes" from workspace.jsonc)
+  bit scope trust add PATTERN        # add a pattern (auto-enables if needed)
+  bit scope trust remove PATTERN     # remove a pattern (does NOT disable when list is empty)
+
+once on, the effective trust set is: builtin scopes (teambit.*, bitdev.*, and a few others — run "bit scope trust list" to see) + the owner of defaultScope + entries listed under "trustedScopes". patterns are exact ("acme.frontend") or owner wildcard ("acme.*").`);
+  }
+  async report(args) {
+    const [rawAction, pattern] = args;
+    const action = rawAction || 'list';
+    if (!ACTIONS.includes(action)) {
+      throw new (_bitError().BitError)(`unknown action "${rawAction}". valid actions: ${ACTIONS.join(', ')}.`);
+    }
+    switch (action) {
+      case 'list':
+        return this.formatList();
+      case 'enable':
+        await this.scopeTrust.enable();
+        return (0, _cli().formatSuccessSummary)('scope-trust enabled (added trustedScopes: [] to workspace.jsonc)');
+      case 'disable':
+        await this.scopeTrust.disable();
+        return (0, _cli().formatSuccessSummary)('scope-trust disabled (removed trustedScopes from workspace.jsonc)');
+      case 'add':
+        {
+          const p = requirePattern(action, pattern);
+          await this.scopeTrust.addTrustedScope(p);
+          return (0, _cli().formatSuccessSummary)(`added ${_chalk().default.bold(p)} to trustedScopes in workspace.jsonc`);
+        }
+      case 'remove':
+        {
+          const p = requirePattern(action, pattern);
+          await this.scopeTrust.removeTrustedScope(p);
+          return (0, _cli().formatSuccessSummary)(`removed ${_chalk().default.bold(p)} from trustedScopes in workspace.jsonc`);
+        }
+    }
+  }
+  formatList() {
+    if (!this.scopeTrust.isOptedIn()) {
+      return (0, _cli().joinSections)([(0, _cli().formatTitle)('scope-trust is off for this workspace.'), 'aspects from any scope load without a check.', (0, _cli().formatHint)('to turn on:\n  bit scope trust enable        (no scopes added; only builtins + owner-of-defaultScope auto-trusted)\n  bit scope trust add <pattern> (turns on and adds the first scope)')]);
+    }
+    const groups = this.scopeTrust.getEffectiveTrustedPatterns();
+    return (0, _cli().joinSections)([(0, _cli().formatTitle)('scope-trust is on. aspects from these scopes load without a prompt:'), (0, _cli().formatSection)('builtin', '', groups.builtin.map(p => (0, _cli().formatItem)(p))), (0, _cli().formatSection)('inferred from workspace defaultScope', '', groups.owner.map(p => (0, _cli().formatItem)(p))), groups.configured.length ? (0, _cli().formatSection)('configured in workspace.jsonc', '', groups.configured.map(p => (0, _cli().formatItem)(p))) : (0, _cli().formatHint)('no scopes configured in workspace.jsonc. add one with `bit scope trust add <pattern>`.')]);
+  }
+}
+exports.ScopeTrustCmd = ScopeTrustCmd;
+function requirePattern(action, pattern) {
+  if (!pattern) {
+    throw new (_bitError().BitError)(`"${action}" requires a pattern. example: bit scope trust ${action} acme.frontend`);
+  }
+  return pattern;
+}
+
+//# sourceMappingURL=scope-trust.cmd.js.map

package/dist/scope-trust/scope-trust.cmd.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_cli","data","require","_bitError","_chalk","_interopRequireDefault","e","__esModule","default","_defineProperty","r","t","_toPropertyKey","Object","defineProperty","value","enumerable","configurable","writable","i","_toPrimitive","Symbol","toPrimitive","call","TypeError","String","Number","ACTIONS","ScopeTrustCmd","constructor","scopeTrust","name","description","join","report","args","rawAction","pattern","action","includes","BitError","formatList","enable","formatSuccessSummary","disable","p","requirePattern","addTrustedScope","chalk","bold","removeTrustedScope","isOptedIn","joinSections","formatTitle","formatHint","groups","getEffectiveTrustedPatterns","formatSection","builtin","map","formatItem","owner","configured","length","exports"],"sources":["scope-trust.cmd.ts"],"sourcesContent":["import type { Command } from '@teambit/cli';\nimport { formatHint, formatItem, formatSection, formatSuccessSummary, formatTitle, joinSections } from '@teambit/cli';\nimport { BitError } from '@teambit/bit-error';\nimport chalk from 'chalk';\nimport type { ScopeTrust } from './scope-trust';\n\nconst ACTIONS = ['list', 'enable', 'disable', 'add', 'remove'] as const;\ntype Action = (typeof ACTIONS)[number];\n\nexport class ScopeTrustCmd implements Command {\n  name = 'trust [action] [pattern]';\n  description = \"manage which scopes are trusted to load aspects (envs, etc.) into the workspace's process\";\n  arguments = [\n    {\n      name: 'action',\n      description: `one of: ${ACTIONS.join(', ')}. defaults to \"list\".`,\n    },\n    {\n      name: 'pattern',\n      description: 'scope pattern (required for \"add\" and \"remove\")',\n    },\n  ];\n  options = [];\n  group = 'component-config';\n  // Don't load aspects for this command. If the workspace already references\n  // an aspect from a scope that the trust list doesn't allow, the pre-command\n  // aspect-load step would itself trip the gate, leaving the user with no way\n  // to run `bit scope trust` to fix it. Skipping aspect-load keeps the command\n  // usable as a recovery path.\n  loadAspects = false;\n  extendedDescription = `scope-trust is opt-in. when off (the default), aspects from any scope load without a check. when on, aspects from a scope outside the trust list trigger a prompt (interactive shells) or an error (non-interactive).\n\n  bit scope trust                    # same as \"list\"\n  bit scope trust list               # show status; if on, print the effective trust list\n  bit scope trust enable             # turn on (writes \"trustedScopes\": [] to workspace.jsonc)\n  bit scope trust disable            # turn off (removes \"trustedScopes\" from workspace.jsonc)\n  bit scope trust add PATTERN        # add a pattern (auto-enables if needed)\n  bit scope trust remove PATTERN     # remove a pattern (does NOT disable when list is empty)\n\nonce on, the effective trust set is: builtin scopes (teambit.*, bitdev.*, and a few others — run \"bit scope trust list\" to see) + the owner of defaultScope + entries listed under \"trustedScopes\". patterns are exact (\"acme.frontend\") or owner wildcard (\"acme.*\").`;\n\n  constructor(private scopeTrust: ScopeTrust) {}\n\n  async report(args: string[]): Promise<string> {\n    const [rawAction, pattern] = args;\n    const action = (rawAction || 'list') as Action;\n    if (!ACTIONS.includes(action)) {\n      throw new BitError(`unknown action \"${rawAction}\". valid actions: ${ACTIONS.join(', ')}.`);\n    }\n    switch (action) {\n      case 'list':\n        return this.formatList();\n      case 'enable':\n        await this.scopeTrust.enable();\n        return formatSuccessSummary('scope-trust enabled (added trustedScopes: [] to workspace.jsonc)');\n      case 'disable':\n        await this.scopeTrust.disable();\n        return formatSuccessSummary('scope-trust disabled (removed trustedScopes from workspace.jsonc)');\n      case 'add': {\n        const p = requirePattern(action, pattern);\n        await this.scopeTrust.addTrustedScope(p);\n        return formatSuccessSummary(`added ${chalk.bold(p)} to trustedScopes in workspace.jsonc`);\n      }\n      case 'remove': {\n        const p = requirePattern(action, pattern);\n        await this.scopeTrust.removeTrustedScope(p);\n        return formatSuccessSummary(`removed ${chalk.bold(p)} from trustedScopes in workspace.jsonc`);\n      }\n    }\n  }\n\n  private formatList(): string {\n    if (!this.scopeTrust.isOptedIn()) {\n      return joinSections([\n        formatTitle('scope-trust is off for this workspace.'),\n        'aspects from any scope load without a check.',\n        formatHint(\n          'to turn on:\\n  bit scope trust enable        (no scopes added; only builtins + owner-of-defaultScope auto-trusted)\\n  bit scope trust add <pattern> (turns on and adds the first scope)'\n        ),\n      ]);\n    }\n    const groups = this.scopeTrust.getEffectiveTrustedPatterns();\n    return joinSections([\n      formatTitle('scope-trust is on. aspects from these scopes load without a prompt:'),\n      formatSection(\n        'builtin',\n        '',\n        groups.builtin.map((p) => formatItem(p))\n      ),\n      formatSection(\n        'inferred from workspace defaultScope',\n        '',\n        groups.owner.map((p) => formatItem(p))\n      ),\n      groups.configured.length\n        ? formatSection(\n            'configured in workspace.jsonc',\n            '',\n            groups.configured.map((p) => formatItem(p))\n          )\n        : formatHint('no scopes configured in workspace.jsonc. add one with `bit scope trust add <pattern>`.'),\n    ]);\n  }\n}\n\nfunction requirePattern(action: Action, pattern: string | undefined): string {\n  if (!pattern) {\n    throw new BitError(`\"${action}\" requires a pattern. example: bit scope trust ${action} acme.frontend`);\n  }\n  return pattern;\n}\n"],"mappings":";;;;;;AACA,SAAAA,KAAA;EAAA,MAAAC,IAAA,GAAAC,OAAA;EAAAF,IAAA,YAAAA,CAAA;IAAA,OAAAC,IAAA;EAAA;EAAA,OAAAA,IAAA;AAAA;AACA,SAAAE,UAAA;EAAA,MAAAF,IAAA,GAAAC,OAAA;EAAAC,SAAA,YAAAA,CAAA;IAAA,OAAAF,IAAA;EAAA;EAAA,OAAAA,IAAA;AAAA;AACA,SAAAG,OAAA;EAAA,MAAAH,IAAA,GAAAI,sBAAA,CAAAH,OAAA;EAAAE,MAAA,YAAAA,CAAA;IAAA,OAAAH,IAAA;EAAA;EAAA,OAAAA,IAAA;AAAA;AAA0B,SAAAI,uBAAAC,CAAA,WAAAA,CAAA,IAAAA,CAAA,CAAAC,UAAA,GAAAD,CAAA,KAAAE,OAAA,EAAAF,CAAA;AAAA,SAAAG,gBAAAH,CAAA,EAAAI,CAAA,EAAAC,CAAA,YAAAD,CAAA,GAAAE,cAAA,CAAAF,CAAA,MAAAJ,CAAA,GAAAO,MAAA,CAAAC,cAAA,CAAAR,CAAA,EAAAI,CAAA,IAAAK,KAAA,EAAAJ,CAAA,EAAAK,UAAA,MAAAC,YAAA,MAAAC,QAAA,UAAAZ,CAAA,CAAAI,CAAA,IAAAC,CAAA,EAAAL,CAAA;AAAA,SAAAM,eAAAD,CAAA,QAAAQ,CAAA,GAAAC,YAAA,CAAAT,CAAA,uCAAAQ,CAAA,GAAAA,CAAA,GAAAA,CAAA;AAAA,SAAAC,aAAAT,CAAA,EAAAD,CAAA,2BAAAC,CAAA,KAAAA,CAAA,SAAAA,CAAA,MAAAL,CAAA,GAAAK,CAAA,CAAAU,MAAA,CAAAC,WAAA,kBAAAhB,CAAA,QAAAa,CAAA,GAAAb,CAAA,CAAAiB,IAAA,CAAAZ,CAAA,EAAAD,CAAA,uCAAAS,CAAA,SAAAA,CAAA,YAAAK,SAAA,yEAAAd,CAAA,GAAAe,MAAA,GAAAC,MAAA,EAAAf,CAAA;AAG1B,MAAMgB,OAAO,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,CAAU;AAGhE,MAAMC,aAAa,CAAoB;EAgC5CC,WAAWA,CAASC,UAAsB,EAAE;IAAA,KAAxBA,UAAsB,GAAtBA,UAAsB;IAAArB,eAAA,eA/BnC,0BAA0B;IAAAA,eAAA,sBACnB,2FAA2F;IAAAA,eAAA,oBAC7F,CACV;MACEsB,IAAI,EAAE,QAAQ;MACdC,WAAW,EAAE,WAAWL,OAAO,CAACM,IAAI,CAAC,IAAI,CAAC;IAC5C,CAAC,EACD;MACEF,IAAI,EAAE,SAAS;MACfC,WAAW,EAAE;IACf,CAAC,CACF;IAAAvB,eAAA,kBACS,EAAE;IAAAA,eAAA,gBACJ,kBAAkB;IAC1B;IACA;IACA;IACA;IACA;IAAAA,eAAA,sBACc,KAAK;IAAAA,eAAA,8BACG;AACxB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uQAAuQ;EAExN;EAE7C,MAAMyB,MAAMA,CAACC,IAAc,EAAmB;IAC5C,MAAM,CAACC,SAAS,EAAEC,OAAO,CAAC,GAAGF,IAAI;IACjC,MAAMG,MAAM,GAAIF,SAAS,IAAI,MAAiB;IAC9C,IAAI,CAACT,OAAO,CAACY,QAAQ,CAACD,MAAM,CAAC,EAAE;MAC7B,MAAM,KAAIE,oBAAQ,EAAC,mBAAmBJ,SAAS,qBAAqBT,OAAO,CAACM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;IAC5F;IACA,QAAQK,MAAM;MACZ,KAAK,MAAM;QACT,OAAO,IAAI,CAACG,UAAU,CAAC,CAAC;MAC1B,KAAK,QAAQ;QACX,MAAM,IAAI,CAACX,UAAU,CAACY,MAAM,CAAC,CAAC;QAC9B,OAAO,IAAAC,2BAAoB,EAAC,kEAAkE,CAAC;MACjG,KAAK,SAAS;QACZ,MAAM,IAAI,CAACb,UAAU,CAACc,OAAO,CAAC,CAAC;QAC/B,OAAO,IAAAD,2BAAoB,EAAC,mEAAmE,CAAC;MAClG,KAAK,KAAK;QAAE;UACV,MAAME,CAAC,GAAGC,cAAc,CAACR,MAAM,EAAED,OAAO,CAAC;UACzC,MAAM,IAAI,CAACP,UAAU,CAACiB,eAAe,CAACF,CAAC,CAAC;UACxC,OAAO,IAAAF,2BAAoB,EAAC,SAASK,gBAAK,CAACC,IAAI,CAACJ,CAAC,CAAC,sCAAsC,CAAC;QAC3F;MACA,KAAK,QAAQ;QAAE;UACb,MAAMA,CAAC,GAAGC,cAAc,CAACR,MAAM,EAAED,OAAO,CAAC;UACzC,MAAM,IAAI,CAACP,UAAU,CAACoB,kBAAkB,CAACL,CAAC,CAAC;UAC3C,OAAO,IAAAF,2BAAoB,EAAC,WAAWK,gBAAK,CAACC,IAAI,CAACJ,CAAC,CAAC,wCAAwC,CAAC;QAC/F;IACF;EACF;EAEQJ,UAAUA,CAAA,EAAW;IAC3B,IAAI,CAAC,IAAI,CAACX,UAAU,CAACqB,SAAS,CAAC,CAAC,EAAE;MAChC,OAAO,IAAAC,mBAAY,EAAC,CAClB,IAAAC,kBAAW,EAAC,wCAAwC,CAAC,EACrD,8CAA8C,EAC9C,IAAAC,iBAAU,EACR,yLACF,CAAC,CACF,CAAC;IACJ;IACA,MAAMC,MAAM,GAAG,IAAI,CAACzB,UAAU,CAAC0B,2BAA2B,CAAC,CAAC;IAC5D,OAAO,IAAAJ,mBAAY,EAAC,CAClB,IAAAC,kBAAW,EAAC,qEAAqE,CAAC,EAClF,IAAAI,oBAAa,EACX,SAAS,EACT,EAAE,EACFF,MAAM,CAACG,OAAO,CAACC,GAAG,CAAEd,CAAC,IAAK,IAAAe,iBAAU,EAACf,CAAC,CAAC,CACzC,CAAC,EACD,IAAAY,oBAAa,EACX,sCAAsC,EACtC,EAAE,EACFF,MAAM,CAACM,KAAK,CAACF,GAAG,CAAEd,CAAC,IAAK,IAAAe,iBAAU,EAACf,CAAC,CAAC,CACvC,CAAC,EACDU,MAAM,CAACO,UAAU,CAACC,MAAM,GACpB,IAAAN,oBAAa,EACX,+BAA+B,EAC/B,EAAE,EACFF,MAAM,CAACO,UAAU,CAACH,GAAG,CAAEd,CAAC,IAAK,IAAAe,iBAAU,EAACf,CAAC,CAAC,CAC5C,CAAC,GACD,IAAAS,iBAAU,EAAC,wFAAwF,CAAC,CACzG,CAAC;EACJ;AACF;AAACU,OAAA,CAAApC,aAAA,GAAAA,aAAA;AAED,SAASkB,cAAcA,CAACR,MAAc,EAAED,OAA2B,EAAU;EAC3E,IAAI,CAACA,OAAO,EAAE;IACZ,MAAM,KAAIG,oBAAQ,EAAC,IAAIF,MAAM,kDAAkDA,MAAM,gBAAgB,CAAC;EACxG;EACA,OAAOD,OAAO;AAChB","ignoreList":[]}

package/dist/scope-trust/scope-trust.d.ts

@@ -0,0 +1,93 @@
+import type { ComponentID } from '@teambit/component-id';
+import type { Logger } from '@teambit/logger';
+import type { Workspace } from '../workspace';
+export type TrustedScopesGroups = {
+    /** patterns built into Bit (e.g. `teambit.*`, `bitdev.*`) */
+    builtin: string[];
+    /** owner wildcard inferred from `defaultScope` (e.g. `acme.frontend` → `acme.*`) */
+    owner: string[];
+    /** patterns explicitly configured in `workspace.jsonc` under `trustedScopes` */
+    configured: string[];
+};
+/**
+ * Workspace-level scope-trust policy. Opt-in: when the `trustedScopes` key is
+ * present in workspace.jsonc (even as an empty array), the aspect-load gate
+ * is active. When the key is absent, no gate runs and any aspect loads.
+ *
+ * Once opted in, a scope is trusted if it matches any pattern in:
+ * - the builtin set (e.g. `teambit.*`, `bitdev.*`; see `BUILTIN_TRUSTED_PATTERNS`),
+ * - the pattern derived from the workspace's `defaultScope`
+ *   (e.g. `acme.frontend` → `acme.*`; legacy dotless `my-scope` → `my-scope`),
+ * - the `trustedScopes` array configured in workspace.jsonc.
+ *
+ * Patterns are exact (`acme.frontend`) or owner wildcard (`acme.*`).
+ *
+ * Wired into `ScopeMain` via `setAspectLoadGuard`; the guard runs in the
+ * aspect-loader path so untrusted aspects never reach `require()`.
+ */
+export declare class ScopeTrust {
+    private workspace;
+    private logger;
+    private deniedThisRun;
+    constructor(workspace: Workspace, logger: Logger);
+    /**
+     * `true` when the workspace has opted in (the `trustedScopes` key is present
+     * in workspace.jsonc, even as an empty array). When `false`, the aspect-load
+     * gate is a no-op.
+     */
+    isOptedIn(): boolean;
+    /**
+     * Effective trust list, broken down by source. Useful for both internal
+     * checks and the `bit scope trust list` UX.
+     */
+    getEffectiveTrustedPatterns(): TrustedScopesGroups;
+    /**
+     * True iff `scopeName` matches any pattern in the effective trust list.
+     * `scopeName` is expected to be the bare scope (e.g. `acme.frontend`).
+     */
+    isScopeTrusted(scopeName: string): boolean;
+    /**
+     * Pattern matcher. Two forms:
+     * - exact: `acme.frontend` matches only `acme.frontend`.
+     * - owner wildcard: `acme.*` matches `acme.<anything>`.
+     */
+    static matchesPattern(scopeName: string, pattern: string): boolean;
+    /** Opt the workspace in by writing `trustedScopes: []` (idempotent). */
+    enable(): Promise<void>;
+    /**
+     * Opt the workspace out by removing the `trustedScopes` key (idempotent).
+     * Uses `overrideExisting` because key deletion isn't expressible via
+     * `mergeIntoExisting`; comments on other keys may be reformatted as a result.
+     */
+    disable(): Promise<void>;
+    /** Add `pattern` to `trustedScopes` (auto-enables if not yet). */
+    addTrustedScope(pattern: string): Promise<void>;
+    /**
+     * Remove `pattern` from `trustedScopes`. Leaves the key in place even if
+     * the list becomes empty — use `disable()` to fully turn the gate off.
+     */
+    removeTrustedScope(pattern: string): Promise<void>;
+    /**
+     * Build the aspect-load guard. No-op when not opted in. When opted in:
+     * untrusted scopes get a TTY prompt to extend the trust list, or in
+     * non-TTY contexts an instructional error.
+     */
+    createGuard(): (componentId: ComponentID) => Promise<void>;
+    private readExt;
+    /**
+     * Apply `mutator` to the current `trustedScopes` list. If the mutator
+     * returns `null`, treat the call as a no-op (idempotent fast path).
+     * Uses `mergeIntoExisting` so other keys' comments are preserved.
+     */
+    private mutateConfiguredList;
+    private writeExtPatch;
+    /**
+     * Returns the trust pattern derived from the workspace's `defaultScope`:
+     * - `acme.frontend` → `acme.*` (owner wildcard)
+     * - `my-scope` (legacy dotless) → `my-scope` (exact match)
+     * - empty / unset → undefined
+     */
+    private getInferredOwnerPattern;
+    private promptForTrust;
+    static isValidPattern(pattern: string): boolean;
+}

package/dist/scope-trust/scope-trust.js

@@ -0,0 +1,262 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.ScopeTrust = void 0;
+function _bitError() {
+  const data = require("@teambit/bit-error");
+  _bitError = function () {
+    return data;
+  };
+  return data;
+}
+function _legacyBitId() {
+  const data = require("@teambit/legacy-bit-id");
+  _legacyBitId = function () {
+    return data;
+  };
+  return data;
+}
+function _enquirer() {
+  const data = require("enquirer");
+  _enquirer = function () {
+    return data;
+  };
+  return data;
+}
+function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
+function _defineProperty(e, r, t) { return (r = _toPropertyKey(r)) in e ? Object.defineProperty(e, r, { value: t, enumerable: !0, configurable: !0, writable: !0 }) : e[r] = t, e; }
+function _toPropertyKey(t) { var i = _toPrimitive(t, "string"); return "symbol" == typeof i ? i : i + ""; }
+function _toPrimitive(t, r) { if ("object" != typeof t || !t) return t; var e = t[Symbol.toPrimitive]; if (void 0 !== e) { var i = e.call(t, r || "default"); if ("object" != typeof i) return i; throw new TypeError("@@toPrimitive must return a primitive value."); } return ("string" === r ? String : Number)(t); }
+const BUILTIN_TRUSTED_PATTERNS = ['teambit.*', 'bitdev.*', 'learn-bit-react.*', 'bitdesign.*', 'frontend.*'];
+const WORKSPACE_ASPECT_ID = 'teambit.workspace/workspace';
+const TRUSTED_SCOPES_KEY = 'trustedScopes';
+/**
+ * Workspace-level scope-trust policy. Opt-in: when the `trustedScopes` key is
+ * present in workspace.jsonc (even as an empty array), the aspect-load gate
+ * is active. When the key is absent, no gate runs and any aspect loads.
+ *
+ * Once opted in, a scope is trusted if it matches any pattern in:
+ * - the builtin set (e.g. `teambit.*`, `bitdev.*`; see `BUILTIN_TRUSTED_PATTERNS`),
+ * - the pattern derived from the workspace's `defaultScope`
+ *   (e.g. `acme.frontend` → `acme.*`; legacy dotless `my-scope` → `my-scope`),
+ * - the `trustedScopes` array configured in workspace.jsonc.
+ *
+ * Patterns are exact (`acme.frontend`) or owner wildcard (`acme.*`).
+ *
+ * Wired into `ScopeMain` via `setAspectLoadGuard`; the guard runs in the
+ * aspect-loader path so untrusted aspects never reach `require()`.
+ */
+class ScopeTrust {
+  constructor(workspace, logger) {
+    this.workspace = workspace;
+    this.logger = logger;
+    _defineProperty(this, "deniedThisRun", new Set());
+  }
+
+  /**
+   * `true` when the workspace has opted in (the `trustedScopes` key is present
+   * in workspace.jsonc, even as an empty array). When `false`, the aspect-load
+   * gate is a no-op.
+   */
+  isOptedIn() {
+    return Object.prototype.hasOwnProperty.call(this.readExt(), TRUSTED_SCOPES_KEY);
+  }
+
+  /**
+   * Effective trust list, broken down by source. Useful for both internal
+   * checks and the `bit scope trust list` UX.
+   */
+  getEffectiveTrustedPatterns() {
+    const ext = this.readExt();
+    const configured = Array.isArray(ext[TRUSTED_SCOPES_KEY]) ? ext[TRUSTED_SCOPES_KEY].slice() : [];
+    const owner = this.getInferredOwnerPattern();
+    return {
+      builtin: BUILTIN_TRUSTED_PATTERNS.slice(),
+      owner: owner ? [owner] : [],
+      configured
+    };
+  }
+
+  /**
+   * True iff `scopeName` matches any pattern in the effective trust list.
+   * `scopeName` is expected to be the bare scope (e.g. `acme.frontend`).
+   */
+  isScopeTrusted(scopeName) {
+    if (!scopeName) return false;
+    const groups = this.getEffectiveTrustedPatterns();
+    const all = [...groups.builtin, ...groups.owner, ...groups.configured];
+    return all.some(pattern => ScopeTrust.matchesPattern(scopeName, pattern));
+  }
+
+  /**
+   * Pattern matcher. Two forms:
+   * - exact: `acme.frontend` matches only `acme.frontend`.
+   * - owner wildcard: `acme.*` matches `acme.<anything>`.
+   */
+  static matchesPattern(scopeName, pattern) {
+    if (pattern === scopeName) return true;
+    if (pattern.endsWith('.*')) {
+      const owner = pattern.slice(0, -2);
+      return scopeName.startsWith(`${owner}.`);
+    }
+    return false;
+  }
+
+  /** Opt the workspace in by writing `trustedScopes: []` (idempotent). */
+  async enable() {
+    if (this.isOptedIn()) return;
+    await this.writeExtPatch({
+      [TRUSTED_SCOPES_KEY]: []
+    }, 'enable scope-trust');
+  }
+
+  /**
+   * Opt the workspace out by removing the `trustedScopes` key (idempotent).
+   * Uses `overrideExisting` because key deletion isn't expressible via
+   * `mergeIntoExisting`; comments on other keys may be reformatted as a result.
+   */
+  async disable() {
+    if (!this.isOptedIn()) return;
+    const updated = _objectSpread({}, this.readExt());
+    delete updated[TRUSTED_SCOPES_KEY];
+    const wsConfig = this.workspace.getWorkspaceConfig();
+    wsConfig.setExtension(WORKSPACE_ASPECT_ID, updated, {
+      overrideExisting: true,
+      ignoreVersion: true
+    });
+    await wsConfig.write({
+      reasonForChange: 'disable scope-trust'
+    });
+  }
+
+  /** Add `pattern` to `trustedScopes` (auto-enables if not yet). */
+  async addTrustedScope(pattern) {
+    if (!ScopeTrust.isValidPattern(pattern)) {
+      throw new (_bitError().BitError)(`invalid scope pattern: "${pattern}". use an exact scope name (e.g. "acme.frontend" or "my-scope") or an owner wildcard (e.g. "acme.*").`);
+    }
+    await this.mutateConfiguredList(list => list.includes(pattern) ? null : [...list, pattern], `add trusted scope ${pattern}`);
+  }
+
+  /**
+   * Remove `pattern` from `trustedScopes`. Leaves the key in place even if
+   * the list becomes empty — use `disable()` to fully turn the gate off.
+   */
+  async removeTrustedScope(pattern) {
+    await this.mutateConfiguredList(list => list.includes(pattern) ? list.filter(p => p !== pattern) : null, `remove trusted scope ${pattern}`);
+  }
+
+  /**
+   * Build the aspect-load guard. No-op when not opted in. When opted in:
+   * untrusted scopes get a TTY prompt to extend the trust list, or in
+   * non-TTY contexts an instructional error.
+   */
+  createGuard() {
+    return async componentId => {
+      if (!this.isOptedIn()) return;
+      const scopeName = componentId.scope;
+      if (this.isScopeTrusted(scopeName)) return;
+      const deny = () => {
+        throw makeUntrustedError(scopeName, componentId);
+      };
+
+      // The user's answer is persisted to workspace.jsonc on accept; remember
+      // a denial so we don't re-prompt for the same scope in this run.
+      if (this.deniedThisRun.has(scopeName)) deny();
+      const isInteractive = Boolean(process.stdin.isTTY) && Boolean(process.stdout.isTTY);
+      if (!isInteractive) deny();
+      const accepted = await this.promptForTrust(scopeName, componentId);
+      if (!accepted) {
+        this.deniedThisRun.add(scopeName);
+        deny();
+      }
+      await this.addTrustedScope(scopeName);
+      this.logger.consoleSuccess(`added "${scopeName}" to trustedScopes in workspace.jsonc`);
+    };
+  }
+  readExt() {
+    try {
+      return this.workspace.getWorkspaceConfig().extension(WORKSPACE_ASPECT_ID, true) || {};
+    } catch {
+      return {};
+    }
+  }
+
+  /**
+   * Apply `mutator` to the current `trustedScopes` list. If the mutator
+   * returns `null`, treat the call as a no-op (idempotent fast path).
+   * Uses `mergeIntoExisting` so other keys' comments are preserved.
+   */
+  async mutateConfiguredList(mutator, reason) {
+    const ext = this.readExt();
+    const current = Array.isArray(ext[TRUSTED_SCOPES_KEY]) ? ext[TRUSTED_SCOPES_KEY] : [];
+    const next = mutator(current);
+    if (next === null) return;
+    await this.writeExtPatch({
+      [TRUSTED_SCOPES_KEY]: next
+    }, reason);
+  }
+  async writeExtPatch(patch, reason) {
+    const wsConfig = this.workspace.getWorkspaceConfig();
+    wsConfig.setExtension(WORKSPACE_ASPECT_ID, patch, {
+      mergeIntoExisting: true,
+      ignoreVersion: true
+    });
+    await wsConfig.write({
+      reasonForChange: reason
+    });
+  }
+
+  /**
+   * Returns the trust pattern derived from the workspace's `defaultScope`:
+   * - `acme.frontend` → `acme.*` (owner wildcard)
+   * - `my-scope` (legacy dotless) → `my-scope` (exact match)
+   * - empty / unset → undefined
+   */
+  getInferredOwnerPattern() {
+    const defaultScope = this.workspace.defaultScope;
+    if (!defaultScope) return undefined;
+    if (!defaultScope.includes('.')) return defaultScope;
+    const owner = defaultScope.split('.')[0];
+    if (!owner) return undefined;
+    return `${owner}.*`;
+  }
+  async promptForTrust(scopeName, componentId) {
+    try {
+      const response = await (0, _enquirer().prompt)({
+        type: 'toggle',
+        name: 'trust',
+        message: `Aspect ${componentId.toString()} comes from scope "${scopeName}", which isn't on your workspace's trusted list.\n` + `Trust "${scopeName}" and add it to workspace.jsonc?`,
+        enabled: 'Yes',
+        disabled: 'No',
+        initial: false
+        // The `toggle` prompt's option type isn't exported by enquirer's main
+        // typings; cast just the literal so the rest of the call stays typed.
+      });
+      return Boolean(response.trust);
+    } catch {
+      // user cancelled the prompt (Ctrl+C etc.)
+      return false;
+    }
+  }
+  static isValidPattern(pattern) {
+    if (!pattern || typeof pattern !== 'string') return false;
+    if (pattern.endsWith('.*')) {
+      const owner = pattern.slice(0, -2);
+      // wildcard must be a single owner segment ("acme.*"), not nested
+      // ("acme.frontend.*") — the matcher only consults scope owners.
+      if (owner.includes('.')) return false;
+      return (0, _legacyBitId().isValidScopeName)(owner);
+    }
+    // exact match: "acme.frontend" or dotless legacy "my-scope".
+    return (0, _legacyBitId().isValidScopeName)(pattern);
+  }
+}
+exports.ScopeTrust = ScopeTrust;
+function makeUntrustedError(scopeName, componentId) {
+  return new (_bitError().BitError)(`cannot load aspect ${componentId.toString()}: scope "${scopeName}" isn't on the workspace's trusted list.\n` + `\n` + `to trust this scope, run:\n` + `  bit scope trust add ${scopeName}\n` + `or add it to "trustedScopes" under "${WORKSPACE_ASPECT_ID}" in workspace.jsonc.`);
+}
+
+//# sourceMappingURL=scope-trust.js.map

package/dist/scope-trust/scope-trust.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["_bitError","data","require","_legacyBitId","_enquirer","ownKeys","e","r","t","Object","keys","getOwnPropertySymbols","o","filter","getOwnPropertyDescriptor","enumerable","push","apply","_objectSpread","arguments","length","forEach","_defineProperty","getOwnPropertyDescriptors","defineProperties","defineProperty","_toPropertyKey","value","configurable","writable","i","_toPrimitive","Symbol","toPrimitive","call","TypeError","String","Number","BUILTIN_TRUSTED_PATTERNS","WORKSPACE_ASPECT_ID","TRUSTED_SCOPES_KEY","ScopeTrust","constructor","workspace","logger","Set","isOptedIn","prototype","hasOwnProperty","readExt","getEffectiveTrustedPatterns","ext","configured","Array","isArray","slice","owner","getInferredOwnerPattern","builtin","isScopeTrusted","scopeName","groups","all","some","pattern","matchesPattern","endsWith","startsWith","enable","writeExtPatch","disable","updated","wsConfig","getWorkspaceConfig","setExtension","overrideExisting","ignoreVersion","write","reasonForChange","addTrustedScope","isValidPattern","BitError","mutateConfiguredList","list","includes","removeTrustedScope","p","createGuard","componentId","scope","deny","makeUntrustedError","deniedThisRun","has","isInteractive","Boolean","process","stdin","isTTY","stdout","accepted","promptForTrust","add","consoleSuccess","extension","mutator","reason","current","next","patch","mergeIntoExisting","defaultScope","undefined","split","response","prompt","type","name","message","toString","enabled","disabled","initial","trust","isValidScopeName","exports"],"sources":["scope-trust.ts"],"sourcesContent":["import type { ComponentID } from '@teambit/component-id';\nimport type { Logger } from '@teambit/logger';\nimport { BitError } from '@teambit/bit-error';\nimport { isValidScopeName } from '@teambit/legacy-bit-id';\nimport { prompt } from 'enquirer';\nimport type { Workspace } from '../workspace';\n\nconst BUILTIN_TRUSTED_PATTERNS = ['teambit.*', 'bitdev.*', 'learn-bit-react.*', 'bitdesign.*', 'frontend.*'];\n\nconst WORKSPACE_ASPECT_ID = 'teambit.workspace/workspace';\n\nconst TRUSTED_SCOPES_KEY = 'trustedScopes';\n\nexport type TrustedScopesGroups = {\n  /** patterns built into Bit (e.g. `teambit.*`, `bitdev.*`) */\n  builtin: string[];\n  /** owner wildcard inferred from `defaultScope` (e.g. `acme.frontend` → `acme.*`) */\n  owner: string[];\n  /** patterns explicitly configured in `workspace.jsonc` under `trustedScopes` */\n  configured: string[];\n};\n\n/**\n * Workspace-level scope-trust policy. Opt-in: when the `trustedScopes` key is\n * present in workspace.jsonc (even as an empty array), the aspect-load gate\n * is active. When the key is absent, no gate runs and any aspect loads.\n *\n * Once opted in, a scope is trusted if it matches any pattern in:\n * - the builtin set (e.g. `teambit.*`, `bitdev.*`; see `BUILTIN_TRUSTED_PATTERNS`),\n * - the pattern derived from the workspace's `defaultScope`\n *   (e.g. `acme.frontend` → `acme.*`; legacy dotless `my-scope` → `my-scope`),\n * - the `trustedScopes` array configured in workspace.jsonc.\n *\n * Patterns are exact (`acme.frontend`) or owner wildcard (`acme.*`).\n *\n * Wired into `ScopeMain` via `setAspectLoadGuard`; the guard runs in the\n * aspect-loader path so untrusted aspects never reach `require()`.\n */\nexport class ScopeTrust {\n  private deniedThisRun = new Set<string>();\n\n  constructor(\n    private workspace: Workspace,\n    private logger: Logger\n  ) {}\n\n  /**\n   * `true` when the workspace has opted in (the `trustedScopes` key is present\n   * in workspace.jsonc, even as an empty array). When `false`, the aspect-load\n   * gate is a no-op.\n   */\n  isOptedIn(): boolean {\n    return Object.prototype.hasOwnProperty.call(this.readExt(), TRUSTED_SCOPES_KEY);\n  }\n\n  /**\n   * Effective trust list, broken down by source. Useful for both internal\n   * checks and the `bit scope trust list` UX.\n   */\n  getEffectiveTrustedPatterns(): TrustedScopesGroups {\n    const ext = this.readExt();\n    const configured = Array.isArray(ext[TRUSTED_SCOPES_KEY]) ? (ext[TRUSTED_SCOPES_KEY] as string[]).slice() : [];\n    const owner = this.getInferredOwnerPattern();\n    return {\n      builtin: BUILTIN_TRUSTED_PATTERNS.slice(),\n      owner: owner ? [owner] : [],\n      configured,\n    };\n  }\n\n  /**\n   * True iff `scopeName` matches any pattern in the effective trust list.\n   * `scopeName` is expected to be the bare scope (e.g. `acme.frontend`).\n   */\n  isScopeTrusted(scopeName: string): boolean {\n    if (!scopeName) return false;\n    const groups = this.getEffectiveTrustedPatterns();\n    const all = [...groups.builtin, ...groups.owner, ...groups.configured];\n    return all.some((pattern) => ScopeTrust.matchesPattern(scopeName, pattern));\n  }\n\n  /**\n   * Pattern matcher. Two forms:\n   * - exact: `acme.frontend` matches only `acme.frontend`.\n   * - owner wildcard: `acme.*` matches `acme.<anything>`.\n   */\n  static matchesPattern(scopeName: string, pattern: string): boolean {\n    if (pattern === scopeName) return true;\n    if (pattern.endsWith('.*')) {\n      const owner = pattern.slice(0, -2);\n      return scopeName.startsWith(`${owner}.`);\n    }\n    return false;\n  }\n\n  /** Opt the workspace in by writing `trustedScopes: []` (idempotent). */\n  async enable(): Promise<void> {\n    if (this.isOptedIn()) return;\n    await this.writeExtPatch({ [TRUSTED_SCOPES_KEY]: [] }, 'enable scope-trust');\n  }\n\n  /**\n   * Opt the workspace out by removing the `trustedScopes` key (idempotent).\n   * Uses `overrideExisting` because key deletion isn't expressible via\n   * `mergeIntoExisting`; comments on other keys may be reformatted as a result.\n   */\n  async disable(): Promise<void> {\n    if (!this.isOptedIn()) return;\n    const updated = { ...this.readExt() };\n    delete updated[TRUSTED_SCOPES_KEY];\n    const wsConfig = this.workspace.getWorkspaceConfig();\n    wsConfig.setExtension(WORKSPACE_ASPECT_ID, updated, { overrideExisting: true, ignoreVersion: true });\n    await wsConfig.write({ reasonForChange: 'disable scope-trust' });\n  }\n\n  /** Add `pattern` to `trustedScopes` (auto-enables if not yet). */\n  async addTrustedScope(pattern: string): Promise<void> {\n    if (!ScopeTrust.isValidPattern(pattern)) {\n      throw new BitError(\n        `invalid scope pattern: \"${pattern}\". use an exact scope name (e.g. \"acme.frontend\" or \"my-scope\") or an owner wildcard (e.g. \"acme.*\").`\n      );\n    }\n    await this.mutateConfiguredList(\n      (list) => (list.includes(pattern) ? null : [...list, pattern]),\n      `add trusted scope ${pattern}`\n    );\n  }\n\n  /**\n   * Remove `pattern` from `trustedScopes`. Leaves the key in place even if\n   * the list becomes empty — use `disable()` to fully turn the gate off.\n   */\n  async removeTrustedScope(pattern: string): Promise<void> {\n    await this.mutateConfiguredList(\n      (list) => (list.includes(pattern) ? list.filter((p) => p !== pattern) : null),\n      `remove trusted scope ${pattern}`\n    );\n  }\n\n  /**\n   * Build the aspect-load guard. No-op when not opted in. When opted in:\n   * untrusted scopes get a TTY prompt to extend the trust list, or in\n   * non-TTY contexts an instructional error.\n   */\n  createGuard(): (componentId: ComponentID) => Promise<void> {\n    return async (componentId: ComponentID) => {\n      if (!this.isOptedIn()) return;\n      const scopeName = componentId.scope;\n      if (this.isScopeTrusted(scopeName)) return;\n\n      const deny = (): never => {\n        throw makeUntrustedError(scopeName, componentId);\n      };\n\n      // The user's answer is persisted to workspace.jsonc on accept; remember\n      // a denial so we don't re-prompt for the same scope in this run.\n      if (this.deniedThisRun.has(scopeName)) deny();\n\n      const isInteractive = Boolean(process.stdin.isTTY) && Boolean(process.stdout.isTTY);\n      if (!isInteractive) deny();\n\n      const accepted = await this.promptForTrust(scopeName, componentId);\n      if (!accepted) {\n        this.deniedThisRun.add(scopeName);\n        deny();\n      }\n      await this.addTrustedScope(scopeName);\n      this.logger.consoleSuccess(`added \"${scopeName}\" to trustedScopes in workspace.jsonc`);\n    };\n  }\n\n  private readExt(): Record<string, unknown> {\n    try {\n      return (this.workspace.getWorkspaceConfig().extension(WORKSPACE_ASPECT_ID, true) || {}) as Record<\n        string,\n        unknown\n      >;\n    } catch {\n      return {};\n    }\n  }\n\n  /**\n   * Apply `mutator` to the current `trustedScopes` list. If the mutator\n   * returns `null`, treat the call as a no-op (idempotent fast path).\n   * Uses `mergeIntoExisting` so other keys' comments are preserved.\n   */\n  private async mutateConfiguredList(mutator: (list: string[]) => string[] | null, reason: string): Promise<void> {\n    const ext = this.readExt();\n    const current: string[] = Array.isArray(ext[TRUSTED_SCOPES_KEY]) ? (ext[TRUSTED_SCOPES_KEY] as string[]) : [];\n    const next = mutator(current);\n    if (next === null) return;\n    await this.writeExtPatch({ [TRUSTED_SCOPES_KEY]: next }, reason);\n  }\n\n  private async writeExtPatch(patch: Record<string, unknown>, reason: string): Promise<void> {\n    const wsConfig = this.workspace.getWorkspaceConfig();\n    wsConfig.setExtension(WORKSPACE_ASPECT_ID, patch, { mergeIntoExisting: true, ignoreVersion: true });\n    await wsConfig.write({ reasonForChange: reason });\n  }\n\n  /**\n   * Returns the trust pattern derived from the workspace's `defaultScope`:\n   * - `acme.frontend` → `acme.*` (owner wildcard)\n   * - `my-scope` (legacy dotless) → `my-scope` (exact match)\n   * - empty / unset → undefined\n   */\n  private getInferredOwnerPattern(): string | undefined {\n    const defaultScope = this.workspace.defaultScope;\n    if (!defaultScope) return undefined;\n    if (!defaultScope.includes('.')) return defaultScope;\n    const owner = defaultScope.split('.')[0];\n    if (!owner) return undefined;\n    return `${owner}.*`;\n  }\n\n  private async promptForTrust(scopeName: string, componentId: ComponentID): Promise<boolean> {\n    try {\n      const response = (await prompt({\n        type: 'toggle',\n        name: 'trust',\n        message:\n          `Aspect ${componentId.toString()} comes from scope \"${scopeName}\", which isn't on your workspace's trusted list.\\n` +\n          `Trust \"${scopeName}\" and add it to workspace.jsonc?`,\n        enabled: 'Yes',\n        disabled: 'No',\n        initial: false,\n        // The `toggle` prompt's option type isn't exported by enquirer's main\n        // typings; cast just the literal so the rest of the call stays typed.\n      } as Parameters<typeof prompt>[0])) as { trust: boolean };\n      return Boolean(response.trust);\n    } catch {\n      // user cancelled the prompt (Ctrl+C etc.)\n      return false;\n    }\n  }\n\n  static isValidPattern(pattern: string): boolean {\n    if (!pattern || typeof pattern !== 'string') return false;\n    if (pattern.endsWith('.*')) {\n      const owner = pattern.slice(0, -2);\n      // wildcard must be a single owner segment (\"acme.*\"), not nested\n      // (\"acme.frontend.*\") — the matcher only consults scope owners.\n      if (owner.includes('.')) return false;\n      return isValidScopeName(owner);\n    }\n    // exact match: \"acme.frontend\" or dotless legacy \"my-scope\".\n    return isValidScopeName(pattern);\n  }\n}\n\nfunction makeUntrustedError(scopeName: string, componentId: ComponentID): BitError {\n  return new BitError(\n    `cannot load aspect ${componentId.toString()}: scope \"${scopeName}\" isn't on the workspace's trusted list.\\n` +\n      `\\n` +\n      `to trust this scope, run:\\n` +\n      `  bit scope trust add ${scopeName}\\n` +\n      `or add it to \"trustedScopes\" under \"${WORKSPACE_ASPECT_ID}\" in workspace.jsonc.`\n  );\n}\n"],"mappings":";;;;;;AAEA,SAAAA,UAAA;EAAA,MAAAC,IAAA,GAAAC,OAAA;EAAAF,SAAA,YAAAA,CAAA;IAAA,OAAAC,IAAA;EAAA;EAAA,OAAAA,IAAA;AAAA;AACA,SAAAE,aAAA;EAAA,MAAAF,IAAA,GAAAC,OAAA;EAAAC,YAAA,YAAAA,CAAA;IAAA,OAAAF,IAAA;EAAA;EAAA,OAAAA,IAAA;AAAA;AACA,SAAAG,UAAA;EAAA,MAAAH,IAAA,GAAAC,OAAA;EAAAE,SAAA,YAAAA,CAAA;IAAA,OAAAH,IAAA;EAAA;EAAA,OAAAA,IAAA;AAAA;AAAkC,SAAAI,QAAAC,CAAA,EAAAC,CAAA,QAAAC,CAAA,GAAAC,MAAA,CAAAC,IAAA,CAAAJ,CAAA,OAAAG,MAAA,CAAAE,qBAAA,QAAAC,CAAA,GAAAH,MAAA,CAAAE,qBAAA,CAAAL,CAAA,GAAAC,CAAA,KAAAK,CAAA,GAAAA,CAAA,CAAAC,MAAA,WAAAN,CAAA,WAAAE,MAAA,CAAAK,wBAAA,CAAAR,CAAA,EAAAC,CAAA,EAAAQ,UAAA,OAAAP,CAAA,CAAAQ,IAAA,CAAAC,KAAA,CAAAT,CAAA,EAAAI,CAAA,YAAAJ,CAAA;AAAA,SAAAU,cAAAZ,CAAA,aAAAC,CAAA,MAAAA,CAAA,GAAAY,SAAA,CAAAC,MAAA,EAAAb,CAAA,UAAAC,CAAA,WAAAW,SAAA,CAAAZ,CAAA,IAAAY,SAAA,CAAAZ,CAAA,QAAAA,CAAA,OAAAF,OAAA,CAAAI,MAAA,CAAAD,CAAA,OAAAa,OAAA,WAAAd,CAAA,IAAAe,eAAA,CAAAhB,CAAA,EAAAC,CAAA,EAAAC,CAAA,CAAAD,CAAA,SAAAE,MAAA,CAAAc,yBAAA,GAAAd,MAAA,CAAAe,gBAAA,CAAAlB,CAAA,EAAAG,MAAA,CAAAc,yBAAA,CAAAf,CAAA,KAAAH,OAAA,CAAAI,MAAA,CAAAD,CAAA,GAAAa,OAAA,WAAAd,CAAA,IAAAE,MAAA,CAAAgB,cAAA,CAAAnB,CAAA,EAAAC,CAAA,EAAAE,MAAA,CAAAK,wBAAA,CAAAN,CAAA,EAAAD,CAAA,iBAAAD,CAAA;AAAA,SAAAgB,gBAAAhB,CAAA,EAAAC,CAAA,EAAAC,CAAA,YAAAD,CAAA,GAAAmB,cAAA,CAAAnB,CAAA,MAAAD,CAAA,GAAAG,MAAA,CAAAgB,cAAA,CAAAnB,CAAA,EAAAC,CAAA,IAAAoB,KAAA,EAAAnB,CAAA,EAAAO,UAAA,MAAAa,YAAA,MAAAC,QAAA,UAAAvB,CAAA,CAAAC,CAAA,IAAAC,CAAA,EAAAF,CAAA;AAAA,SAAAoB,eAAAlB,CAAA,QAAAsB,CAAA,GAAAC,YAAA,CAAAvB,CAAA,uCAAAsB,CAAA,GAAAA,CAAA,GAAAA,CAAA;AAAA,SAAAC,aAAAvB,CAAA,EAAAD,CAAA,2BAAAC,CAAA,KAAAA,CAAA,SAAAA,CAAA,MAAAF,CAAA,GAAAE,CAAA,CAAAwB,MAAA,CAAAC,WAAA,kBAAA3B,CAAA,QAAAwB,CAAA,GAAAxB,CAAA,CAAA4B,IAAA,CAAA1B,CAAA,EAAAD,CAAA,uCAAAuB,CAAA,SAAAA,CAAA,YAAAK,SAAA,yEAAA5B,CAAA,GAAA6B,MAAA,GAAAC,MAAA,EAAA7B,CAAA;AAGlC,MAAM8B,wBAAwB,GAAG,CAAC,WAAW,EAAE,UAAU,EAAE,mBAAmB,EAAE,aAAa,EAAE,YAAY,CAAC;AAE5G,MAAMC,mBAAmB,GAAG,6BAA6B;AAEzD,MAAMC,kBAAkB,GAAG,eAAe;AAW1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,MAAMC,UAAU,CAAC;EAGtBC,WAAWA,CACDC,SAAoB,EACpBC,MAAc,EACtB;IAAA,KAFQD,SAAoB,GAApBA,SAAoB;IAAA,KACpBC,MAAc,GAAdA,MAAc;IAAAtB,eAAA,wBAJA,IAAIuB,GAAG,CAAS,CAAC;EAKtC;;EAEH;AACF;AACA;AACA;AACA;EACEC,SAASA,CAAA,EAAY;IACnB,OAAOrC,MAAM,CAACsC,SAAS,CAACC,cAAc,CAACd,IAAI,CAAC,IAAI,CAACe,OAAO,CAAC,CAAC,EAAET,kBAAkB,CAAC;EACjF;;EAEA;AACF;AACA;AACA;EACEU,2BAA2BA,CAAA,EAAwB;IACjD,MAAMC,GAAG,GAAG,IAAI,CAACF,OAAO,CAAC,CAAC;IAC1B,MAAMG,UAAU,GAAGC,KAAK,CAACC,OAAO,CAACH,GAAG,CAACX,kBAAkB,CAAC,CAAC,GAAIW,GAAG,CAACX,kBAAkB,CAAC,CAAce,KAAK,CAAC,CAAC,GAAG,EAAE;IAC9G,MAAMC,KAAK,GAAG,IAAI,CAACC,uBAAuB,CAAC,CAAC;IAC5C,OAAO;MACLC,OAAO,EAAEpB,wBAAwB,CAACiB,KAAK,CAAC,CAAC;MACzCC,KAAK,EAAEA,KAAK,GAAG,CAACA,KAAK,CAAC,GAAG,EAAE;MAC3BJ;IACF,CAAC;EACH;;EAEA;AACF;AACA;AACA;EACEO,cAAcA,CAACC,SAAiB,EAAW;IACzC,IAAI,CAACA,SAAS,EAAE,OAAO,KAAK;IAC5B,MAAMC,MAAM,GAAG,IAAI,CAACX,2BAA2B,CAAC,CAAC;IACjD,MAAMY,GAAG,GAAG,CAAC,GAAGD,MAAM,CAACH,OAAO,EAAE,GAAGG,MAAM,CAACL,KAAK,EAAE,GAAGK,MAAM,CAACT,UAAU,CAAC;IACtE,OAAOU,GAAG,CAACC,IAAI,CAAEC,OAAO,IAAKvB,UAAU,CAACwB,cAAc,CAACL,SAAS,EAAEI,OAAO,CAAC,CAAC;EAC7E;;EAEA;AACF;AACA;AACA;AACA;EACE,OAAOC,cAAcA,CAACL,SAAiB,EAAEI,OAAe,EAAW;IACjE,IAAIA,OAAO,KAAKJ,SAAS,EAAE,OAAO,IAAI;IACtC,IAAII,OAAO,CAACE,QAAQ,CAAC,IAAI,CAAC,EAAE;MAC1B,MAAMV,KAAK,GAAGQ,OAAO,CAACT,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;MAClC,OAAOK,SAAS,CAACO,UAAU,CAAC,GAAGX,KAAK,GAAG,CAAC;IAC1C;IACA,OAAO,KAAK;EACd;;EAEA;EACA,MAAMY,MAAMA,CAAA,EAAkB;IAC5B,IAAI,IAAI,CAACtB,SAAS,CAAC,CAAC,EAAE;IACtB,MAAM,IAAI,CAACuB,aAAa,CAAC;MAAE,CAAC7B,kBAAkB,GAAG;IAAG,CAAC,EAAE,oBAAoB,CAAC;EAC9E;;EAEA;AACF;AACA;AACA;AACA;EACE,MAAM8B,OAAOA,CAAA,EAAkB;IAC7B,IAAI,CAAC,IAAI,CAACxB,SAAS,CAAC,CAAC,EAAE;IACvB,MAAMyB,OAAO,GAAArD,aAAA,KAAQ,IAAI,CAAC+B,OAAO,CAAC,CAAC,CAAE;IACrC,OAAOsB,OAAO,CAAC/B,kBAAkB,CAAC;IAClC,MAAMgC,QAAQ,GAAG,IAAI,CAAC7B,SAAS,CAAC8B,kBAAkB,CAAC,CAAC;IACpDD,QAAQ,CAACE,YAAY,CAACnC,mBAAmB,EAAEgC,OAAO,EAAE;MAAEI,gBAAgB,EAAE,IAAI;MAAEC,aAAa,EAAE;IAAK,CAAC,CAAC;IACpG,MAAMJ,QAAQ,CAACK,KAAK,CAAC;MAAEC,eAAe,EAAE;IAAsB,CAAC,CAAC;EAClE;;EAEA;EACA,MAAMC,eAAeA,CAACf,OAAe,EAAiB;IACpD,IAAI,CAACvB,UAAU,CAACuC,cAAc,CAAChB,OAAO,CAAC,EAAE;MACvC,MAAM,KAAIiB,oBAAQ,EAChB,2BAA2BjB,OAAO,uGACpC,CAAC;IACH;IACA,MAAM,IAAI,CAACkB,oBAAoB,CAC5BC,IAAI,IAAMA,IAAI,CAACC,QAAQ,CAACpB,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,GAAGmB,IAAI,EAAEnB,OAAO,CAAE,EAC9D,qBAAqBA,OAAO,EAC9B,CAAC;EACH;;EAEA;AACF;AACA;AACA;EACE,MAAMqB,kBAAkBA,CAACrB,OAAe,EAAiB;IACvD,MAAM,IAAI,CAACkB,oBAAoB,CAC5BC,IAAI,IAAMA,IAAI,CAACC,QAAQ,CAACpB,OAAO,CAAC,GAAGmB,IAAI,CAACtE,MAAM,CAAEyE,CAAC,IAAKA,CAAC,KAAKtB,OAAO,CAAC,GAAG,IAAK,EAC7E,wBAAwBA,OAAO,EACjC,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;EACEuB,WAAWA,CAAA,EAAgD;IACzD,OAAO,MAAOC,WAAwB,IAAK;MACzC,IAAI,CAAC,IAAI,CAAC1C,SAAS,CAAC,CAAC,EAAE;MACvB,MAAMc,SAAS,GAAG4B,WAAW,CAACC,KAAK;MACnC,IAAI,IAAI,CAAC9B,cAAc,CAACC,SAAS,CAAC,EAAE;MAEpC,MAAM8B,IAAI,GAAGA,CAAA,KAAa;QACxB,MAAMC,kBAAkB,CAAC/B,SAAS,EAAE4B,WAAW,CAAC;MAClD,CAAC;;MAED;MACA;MACA,IAAI,IAAI,CAACI,aAAa,CAACC,GAAG,CAACjC,SAAS,CAAC,EAAE8B,IAAI,CAAC,CAAC;MAE7C,MAAMI,aAAa,GAAGC,OAAO,CAACC,OAAO,CAACC,KAAK,CAACC,KAAK,CAAC,IAAIH,OAAO,CAACC,OAAO,CAACG,MAAM,CAACD,KAAK,CAAC;MACnF,IAAI,CAACJ,aAAa,EAAEJ,IAAI,CAAC,CAAC;MAE1B,MAAMU,QAAQ,GAAG,MAAM,IAAI,CAACC,cAAc,CAACzC,SAAS,EAAE4B,WAAW,CAAC;MAClE,IAAI,CAACY,QAAQ,EAAE;QACb,IAAI,CAACR,aAAa,CAACU,GAAG,CAAC1C,SAAS,CAAC;QACjC8B,IAAI,CAAC,CAAC;MACR;MACA,MAAM,IAAI,CAACX,eAAe,CAACnB,SAAS,CAAC;MACrC,IAAI,CAAChB,MAAM,CAAC2D,cAAc,CAAC,UAAU3C,SAAS,uCAAuC,CAAC;IACxF,CAAC;EACH;EAEQX,OAAOA,CAAA,EAA4B;IACzC,IAAI;MACF,OAAQ,IAAI,CAACN,SAAS,CAAC8B,kBAAkB,CAAC,CAAC,CAAC+B,SAAS,CAACjE,mBAAmB,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IAIxF,CAAC,CAAC,MAAM;MACN,OAAO,CAAC,CAAC;IACX;EACF;;EAEA;AACF;AACA;AACA;AACA;EACE,MAAc2C,oBAAoBA,CAACuB,OAA4C,EAAEC,MAAc,EAAiB;IAC9G,MAAMvD,GAAG,GAAG,IAAI,CAACF,OAAO,CAAC,CAAC;IAC1B,MAAM0D,OAAiB,GAAGtD,KAAK,CAACC,OAAO,CAACH,GAAG,CAACX,kBAAkB,CAAC,CAAC,GAAIW,GAAG,CAACX,kBAAkB,CAAC,GAAgB,EAAE;IAC7G,MAAMoE,IAAI,GAAGH,OAAO,CAACE,OAAO,CAAC;IAC7B,IAAIC,IAAI,KAAK,IAAI,EAAE;IACnB,MAAM,IAAI,CAACvC,aAAa,CAAC;MAAE,CAAC7B,kBAAkB,GAAGoE;IAAK,CAAC,EAAEF,MAAM,CAAC;EAClE;EAEA,MAAcrC,aAAaA,CAACwC,KAA8B,EAAEH,MAAc,EAAiB;IACzF,MAAMlC,QAAQ,GAAG,IAAI,CAAC7B,SAAS,CAAC8B,kBAAkB,CAAC,CAAC;IACpDD,QAAQ,CAACE,YAAY,CAACnC,mBAAmB,EAAEsE,KAAK,EAAE;MAAEC,iBAAiB,EAAE,IAAI;MAAElC,aAAa,EAAE;IAAK,CAAC,CAAC;IACnG,MAAMJ,QAAQ,CAACK,KAAK,CAAC;MAAEC,eAAe,EAAE4B;IAAO,CAAC,CAAC;EACnD;;EAEA;AACF;AACA;AACA;AACA;AACA;EACUjD,uBAAuBA,CAAA,EAAuB;IACpD,MAAMsD,YAAY,GAAG,IAAI,CAACpE,SAAS,CAACoE,YAAY;IAChD,IAAI,CAACA,YAAY,EAAE,OAAOC,SAAS;IACnC,IAAI,CAACD,YAAY,CAAC3B,QAAQ,CAAC,GAAG,CAAC,EAAE,OAAO2B,YAAY;IACpD,MAAMvD,KAAK,GAAGuD,YAAY,CAACE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACxC,IAAI,CAACzD,KAAK,EAAE,OAAOwD,SAAS;IAC5B,OAAO,GAAGxD,KAAK,IAAI;EACrB;EAEA,MAAc6C,cAAcA,CAACzC,SAAiB,EAAE4B,WAAwB,EAAoB;IAC1F,IAAI;MACF,MAAM0B,QAAQ,GAAI,MAAM,IAAAC,kBAAM,EAAC;QAC7BC,IAAI,EAAE,QAAQ;QACdC,IAAI,EAAE,OAAO;QACbC,OAAO,EACL,UAAU9B,WAAW,CAAC+B,QAAQ,CAAC,CAAC,sBAAsB3D,SAAS,oDAAoD,GACnH,UAAUA,SAAS,kCAAkC;QACvD4D,OAAO,EAAE,KAAK;QACdC,QAAQ,EAAE,IAAI;QACdC,OAAO,EAAE;QACT;QACA;MACF,CAAiC,CAAwB;MACzD,OAAO3B,OAAO,CAACmB,QAAQ,CAACS,KAAK,CAAC;IAChC,CAAC,CAAC,MAAM;MACN;MACA,OAAO,KAAK;IACd;EACF;EAEA,OAAO3C,cAAcA,CAAChB,OAAe,EAAW;IAC9C,IAAI,CAACA,OAAO,IAAI,OAAOA,OAAO,KAAK,QAAQ,EAAE,OAAO,KAAK;IACzD,IAAIA,OAAO,CAACE,QAAQ,CAAC,IAAI,CAAC,EAAE;MAC1B,MAAMV,KAAK,GAAGQ,OAAO,CAACT,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;MAClC;MACA;MACA,IAAIC,KAAK,CAAC4B,QAAQ,CAAC,GAAG,CAAC,EAAE,OAAO,KAAK;MACrC,OAAO,IAAAwC,+BAAgB,EAACpE,KAAK,CAAC;IAChC;IACA;IACA,OAAO,IAAAoE,+BAAgB,EAAC5D,OAAO,CAAC;EAClC;AACF;AAAC6D,OAAA,CAAApF,UAAA,GAAAA,UAAA;AAED,SAASkD,kBAAkBA,CAAC/B,SAAiB,EAAE4B,WAAwB,EAAY;EACjF,OAAO,KAAIP,oBAAQ,EACjB,sBAAsBO,WAAW,CAAC+B,QAAQ,CAAC,CAAC,YAAY3D,SAAS,4CAA4C,GAC3G,IAAI,GACJ,6BAA6B,GAC7B,yBAAyBA,SAAS,IAAI,GACtC,uCAAuCrB,mBAAmB,uBAC9D,CAAC;AACH","ignoreList":[]}

package/dist/types.d.ts

@@ -81,6 +81,16 @@ export interface WorkspaceExtConfig {
      * Example: ["oxlint.config.json", "biome.json", "*.bak"]
      */
     ignoredFiles?: string[];
+    /**
+     * Scope-name patterns that the workspace trusts when loading aspects (envs,
+     * generators, etc.) imported from those scopes. The effective trust set is:
+     * a builtin set (e.g. `teambit.*`, `bitdev.*`) + the owner of `defaultScope`
+     * (e.g. `acme.frontend` → `acme.*`) + entries listed here.
+     *
+     * Patterns: exact (`acme.frontend`) or owner wildcard (`acme.*`).
+     * Manage via `bit scope trust [enable|disable|add|remove] [pattern]`.
+     */
+    trustedScopes?: string[];
     /**
      * If set to `true`, Bit auto-syncs the local `.bitmap` to the latest scope HEAD versions
      * whenever the git HEAD has moved since the last sync (sentinel-driven, runs once per

package/dist/types.js.map

@@ -1 +1 @@
-{"version":3,"names":[],"sources":["types.ts"],"sourcesContent":["interface VendorConfig {\n  directory: string;\n}\n\nexport interface WorkspaceExtConfig {\n  /**\n   * name of the workspace.\n   */\n  name: string;\n\n  /**\n   * path to icon.\n   */\n  icon: string;\n\n  /**\n   * set the default scope when there is no matching for the component in the components array.\n   */\n  defaultScope: string;\n\n  /**\n   * set the default directory when there is no matching for the component in the components array.\n   */\n  defaultDirectory: string;\n\n  /**\n   * sets the location of the root components directory.\n   * The location is a relative path to the workspace root and should use linux path separators (/).\n   */\n  rootComponentsDirectory?: string;\n\n  /**\n   * set the default structure of components in your project\n   */\n  vendor: VendorConfig;\n\n  /**\n   * All component extensions applied by default on all components in the workspace (except vendor components)\n   */\n  extensions: { [extensionsId: string]: string };\n\n  /**\n   * If set to\n   * `true`, it allows the workspace to resolve scope's aspects from node modules\n   * installed in the workspace's `node_modules` directory. If not set or set to `false`, aspects will only be resolved\n   * from the scope aspects capsule.\n   */\n  resolveAspectsFromNodeModules?: boolean;\n\n  /**\n   * If set to `true`, it allows the workspace to resolve envs from node modules\n   * installed in the workspace's `node_modules` directory.\n   * the envs will be resolved from the node_modules of the env's root (workspace/node_modules/.bit_roots/{envId})\n   * and if not found (usually when the env was hoisted to the root node_modules) then from the node_modules of the\n   * workspace.\n   * If not set or set to `false`, envs will only be resolved from the scope envs capsule.\n   */\n  resolveEnvsFromRoots?: boolean;\n\n  /**\n   * If set to `true`, bit will try to load aspects dependencies automatically.\n   * even if the aspects dependencies are not configured in the workspace.jsonc root config.\n   * for example having the aspect\n   * main aspect\n   * export class MainAspectMain {\n   *  ...\n   *   static dependencies = [MyDepAspect];\n   * }\n   * and the in the workspace.jsonc file:\n   * {\n   *  ...\n   *   main-aspect: {}\n   * }\n   * when set to true, bit will try to load MyDepAspect automatically.\n   */\n  autoLoadAspectsDeps?: boolean;\n\n  /**\n   * If set to `true`, enables external package manager mode. When enabled:\n   * - `bit install` will not install dependencies and will prompt the user to use their package manager.\n   * - Other commands that trigger installation (e.g., `bit import`, `bit checkout`) will skip the installation and print a warning.\n   * When this prop is set by bit to `true`, the following properties are automatically set to `false`:\n   * - `rootComponent`.\n   * - `enableWorkspaceConfigWrite`.\n   */\n  externalPackageManager?: boolean;\n\n  /**\n   * List of file patterns to ignore from all components in the workspace.\n   * Uses gitignore syntax.\n   * Example: [\"oxlint.config.json\", \"biome.json\", \"*.bak\"]\n   */\n  ignoredFiles?: string[];\n\n  /**\n   * If set to `true`, Bit auto-syncs the local `.bitmap` to the latest scope HEAD versions\n   * whenever the git HEAD has moved since the last sync (sentinel-driven, runs once per\n   * `git pull`). Designed for repos with strict branch-protection rules: combined with\n   * `bit ci merge --no-bitmap-commit`, the CI never commits `.bitmap` to the default\n   * branch — every developer's first Bit command after `git pull` reconciles their\n   * local `.bitmap` with the latest exported scope versions automatically.\n   *\n   * The mechanism is a no-op when:\n   * - the workspace is not inside a git repo,\n   * - the workspace is on a lane (lanes have their own sync flow),\n   * - git HEAD is unchanged since the last successful reconciliation.\n   *\n   * On a failed remote-scope fetch, the command continues with the cached `.bitmap`\n   * state and the sentinel is NOT advanced, so the next command retries.\n   */\n  bitmapAutoSync?: boolean;\n}\n"],"mappings":"","ignoreList":[]}
+{"version":3,"names":[],"sources":["types.ts"],"sourcesContent":["interface VendorConfig {\n  directory: string;\n}\n\nexport interface WorkspaceExtConfig {\n  /**\n   * name of the workspace.\n   */\n  name: string;\n\n  /**\n   * path to icon.\n   */\n  icon: string;\n\n  /**\n   * set the default scope when there is no matching for the component in the components array.\n   */\n  defaultScope: string;\n\n  /**\n   * set the default directory when there is no matching for the component in the components array.\n   */\n  defaultDirectory: string;\n\n  /**\n   * sets the location of the root components directory.\n   * The location is a relative path to the workspace root and should use linux path separators (/).\n   */\n  rootComponentsDirectory?: string;\n\n  /**\n   * set the default structure of components in your project\n   */\n  vendor: VendorConfig;\n\n  /**\n   * All component extensions applied by default on all components in the workspace (except vendor components)\n   */\n  extensions: { [extensionsId: string]: string };\n\n  /**\n   * If set to\n   * `true`, it allows the workspace to resolve scope's aspects from node modules\n   * installed in the workspace's `node_modules` directory. If not set or set to `false`, aspects will only be resolved\n   * from the scope aspects capsule.\n   */\n  resolveAspectsFromNodeModules?: boolean;\n\n  /**\n   * If set to `true`, it allows the workspace to resolve envs from node modules\n   * installed in the workspace's `node_modules` directory.\n   * the envs will be resolved from the node_modules of the env's root (workspace/node_modules/.bit_roots/{envId})\n   * and if not found (usually when the env was hoisted to the root node_modules) then from the node_modules of the\n   * workspace.\n   * If not set or set to `false`, envs will only be resolved from the scope envs capsule.\n   */\n  resolveEnvsFromRoots?: boolean;\n\n  /**\n   * If set to `true`, bit will try to load aspects dependencies automatically.\n   * even if the aspects dependencies are not configured in the workspace.jsonc root config.\n   * for example having the aspect\n   * main aspect\n   * export class MainAspectMain {\n   *  ...\n   *   static dependencies = [MyDepAspect];\n   * }\n   * and the in the workspace.jsonc file:\n   * {\n   *  ...\n   *   main-aspect: {}\n   * }\n   * when set to true, bit will try to load MyDepAspect automatically.\n   */\n  autoLoadAspectsDeps?: boolean;\n\n  /**\n   * If set to `true`, enables external package manager mode. When enabled:\n   * - `bit install` will not install dependencies and will prompt the user to use their package manager.\n   * - Other commands that trigger installation (e.g., `bit import`, `bit checkout`) will skip the installation and print a warning.\n   * When this prop is set by bit to `true`, the following properties are automatically set to `false`:\n   * - `rootComponent`.\n   * - `enableWorkspaceConfigWrite`.\n   */\n  externalPackageManager?: boolean;\n\n  /**\n   * List of file patterns to ignore from all components in the workspace.\n   * Uses gitignore syntax.\n   * Example: [\"oxlint.config.json\", \"biome.json\", \"*.bak\"]\n   */\n  ignoredFiles?: string[];\n\n  /**\n   * Scope-name patterns that the workspace trusts when loading aspects (envs,\n   * generators, etc.) imported from those scopes. The effective trust set is:\n   * a builtin set (e.g. `teambit.*`, `bitdev.*`) + the owner of `defaultScope`\n   * (e.g. `acme.frontend` → `acme.*`) + entries listed here.\n   *\n   * Patterns: exact (`acme.frontend`) or owner wildcard (`acme.*`).\n   * Manage via `bit scope trust [enable|disable|add|remove] [pattern]`.\n   */\n  trustedScopes?: string[];\n\n  /**\n   * If set to `true`, Bit auto-syncs the local `.bitmap` to the latest scope HEAD versions\n   * whenever the git HEAD has moved since the last sync (sentinel-driven, runs once per\n   * `git pull`). Designed for repos with strict branch-protection rules: combined with\n   * `bit ci merge --no-bitmap-commit`, the CI never commits `.bitmap` to the default\n   * branch — every developer's first Bit command after `git pull` reconciles their\n   * local `.bitmap` with the latest exported scope versions automatically.\n   *\n   * The mechanism is a no-op when:\n   * - the workspace is not inside a git repo,\n   * - the workspace is on a lane (lanes have their own sync flow),\n   * - git HEAD is unchanged since the last successful reconciliation.\n   *\n   * On a failed remote-scope fetch, the command continues with the cached `.bitmap`\n   * state and the sentinel is NOT advanced, so the next command retries.\n   */\n  bitmapAutoSync?: boolean;\n}\n"],"mappings":"","ignoreList":[]}