npm - @trops/dash-core - Versions diffs - 0.1.498 → 0.1.500 - Mend

@trops/dash-core 0.1.498 → 0.1.500

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/electron/index.js +15 -5
package/dist/electron/index.js.map +1 -1
package/dist/index.esm.js +107 -52
package/dist/index.esm.js.map +1 -1
package/dist/index.js +107 -52
package/dist/index.js.map +1 -1
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -49229,6 +49229,40 @@ var EnforcementToggles = function EnforcementToggles() {
     }
     setPendingDisable(null);
   };
+  // One-click JIT trigger for testing. Calls the gate via a fake widget
+  // identity that has no grant — the gate denies, JIT escalates, the
+  // modal pops. After approval, the call proceeds to the (nonexistent)
+  // "test-server" and errors with "server not connected"; that's the
+  // expected response since the goal is to exercise the consent flow,
+  // not the server's response.
+  var triggerTestJitPrompt = /*#__PURE__*/function () {
+    var _ref6 = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee5() {
+      var _window$mainApi3, _window$mainApi3$call;
+      return _regeneratorRuntime.wrap(function (_context5) {
+        while (1) switch (_context5.prev = _context5.next) {
+          case 0:
+            _context5.prev = 0;
+            _context5.next = 1;
+            return (_window$mainApi3 = window.mainApi) === null || _window$mainApi3 === void 0 || (_window$mainApi3 = _window$mainApi3.mcp) === null || _window$mainApi3 === void 0 || (_window$mainApi3$call = _window$mainApi3.callTool) === null || _window$mainApi3$call === void 0 ? void 0 : _window$mainApi3$call.call(_window$mainApi3, "test-server", "test_tool", {
+              path: "/tmp/jit-probe.txt"
+            }, null, "@test/jit-probe");
+          case 1:
+            _context5.next = 3;
+            break;
+          case 2:
+            _context5.prev = 2;
+            _context5["catch"](0);
+          case 3:
+          case "end":
+            return _context5.stop();
+        }
+      }, _callee5, null, [[0, 2]]);
+    }));
+    return function triggerTestJitPrompt() {
+      return _ref6.apply(this, arguments);
+    };
+  }();
   return /*#__PURE__*/jsxRuntime.jsxs("div", {
     className: "flex flex-col space-y-4 border border-gray-700 rounded p-4",
     children: [/*#__PURE__*/jsxRuntime.jsxs("div", {
@@ -49262,12 +49296,31 @@ var EnforcementToggles = function EnforcementToggles() {
         onChange: handleJitToggle,
         disabled: !enforceEnabled
       })]
-    }), /*#__PURE__*/jsxRuntime.jsx(ConfirmDisableModal, {
+    }), /*#__PURE__*/jsxRuntime.jsx(ConfirmDisableInline, {
       pending: pendingDisable,
       onCancel: function onCancel() {
         return setPendingDisable(null);
       },
       onConfirm: confirmDisable
+    }), enforceEnabled && jitEnabled && /*#__PURE__*/jsxRuntime.jsxs("div", {
+      className: "flex flex-row items-center justify-between gap-4 border-t border-gray-800 pt-4",
+      children: [/*#__PURE__*/jsxRuntime.jsxs("div", {
+        className: "flex flex-col",
+        children: [/*#__PURE__*/jsxRuntime.jsx("span", {
+          className: "text-sm font-medium text-gray-200",
+          children: "Test JIT consent prompt"
+        }), /*#__PURE__*/jsxRuntime.jsxs("span", {
+          className: "text-xs text-gray-400 mt-1",
+          children: ["Fires a fake tool call from ", /*#__PURE__*/jsxRuntime.jsx("code", {
+            children: "@test/jit-probe"
+          }), " to", " ", /*#__PURE__*/jsxRuntime.jsx("code", {
+            children: "test-server"
+          }), ". The gate runs first (no real server needed), so you'll see the JIT modal exactly as it appears in production. Approve and the call proceeds \u2014 the fake server isn't running, so a \"server not connected\" error follows in the console. That's the expected response; the goal is to validate the consent flow."]
+        })]
+      }), /*#__PURE__*/jsxRuntime.jsx(DashReact.Button, {
+        title: "Test prompt",
+        onClick: triggerTestJitPrompt
+      })]
     })]
   });
 };
@@ -49283,57 +49336,59 @@ var DISABLE_COPY = {
     confirmLabel: "Disable prompts"
   }
 };
-var ConfirmDisableModal = function ConfirmDisableModal(_ref6) {
-  var pending = _ref6.pending,
-    onCancel = _ref6.onCancel,
-    onConfirm = _ref6.onConfirm;
+/**
+ * Inline confirmation prompt — rendered directly under the toggles
+ * inside the EnforcementToggles container, NOT as a nested Modal.
+ *
+ * Why inline: the Settings panel itself is already a Modal, so a
+ * nested Modal positions relative to the panel's content area rather
+ * than the viewport, landing visibly off-center. Inline avoids the
+ * nesting entirely; the user keeps context and the warning is
+ * impossible to miss right where the toggle lives.
+ */
+var ConfirmDisableInline = function ConfirmDisableInline(_ref7) {
+  var pending = _ref7.pending,
+    onCancel = _ref7.onCancel,
+    onConfirm = _ref7.onConfirm;
   if (!pending) return null;
   var copy = DISABLE_COPY[pending.flag];
   if (!copy) return null;
-  return /*#__PURE__*/jsxRuntime.jsx(DashReact.Modal, {
-    isOpen: !!pending,
-    setIsOpen: function setIsOpen(open) {
-      return !open && onCancel();
-    },
-    children: /*#__PURE__*/jsxRuntime.jsxs("div", {
-      className: "flex flex-col w-full max-w-md border-2 border-amber-500 rounded",
-      children: [/*#__PURE__*/jsxRuntime.jsx("div", {
-        className: "px-5 py-4 border-b border-gray-700",
-        children: /*#__PURE__*/jsxRuntime.jsxs("div", {
-          className: "flex flex-row items-center gap-2",
-          children: [/*#__PURE__*/jsxRuntime.jsx(DashReact.FontAwesomeIcon, {
-            icon: "triangle-exclamation",
-            className: "h-4 w-4 text-amber-500"
-          }), /*#__PURE__*/jsxRuntime.jsx("span", {
-            className: "text-base font-semibold text-gray-100",
-            children: copy.title
-          })]
-        })
-      }), /*#__PURE__*/jsxRuntime.jsx("div", {
-        className: "px-5 py-4 text-xs text-gray-300 leading-relaxed",
-        children: copy.body
-      }), /*#__PURE__*/jsxRuntime.jsxs("div", {
-        className: "flex justify-end gap-2 px-5 py-3 border-t border-gray-700",
-        children: [/*#__PURE__*/jsxRuntime.jsx(DashReact.Button, {
-          title: "Cancel",
-          onClick: onCancel
-        }), /*#__PURE__*/jsxRuntime.jsx(DashReact.Button, {
-          title: copy.confirmLabel,
-          onClick: onConfirm
-        })]
+  return /*#__PURE__*/jsxRuntime.jsxs("div", {
+    className: "flex flex-col gap-3 border-2 border-amber-500 rounded p-3 mt-2",
+    children: [/*#__PURE__*/jsxRuntime.jsxs("div", {
+      className: "flex flex-row items-center gap-2",
+      children: [/*#__PURE__*/jsxRuntime.jsx(DashReact.FontAwesomeIcon, {
+        icon: "triangle-exclamation",
+        className: "h-4 w-4 text-amber-500"
+      }), /*#__PURE__*/jsxRuntime.jsx("span", {
+        className: "text-sm font-semibold text-gray-100",
+        children: copy.title
       })]
-    })
+    }), /*#__PURE__*/jsxRuntime.jsx("div", {
+      className: "text-xs text-gray-300 leading-relaxed",
+      children: copy.body
+    }), /*#__PURE__*/jsxRuntime.jsxs("div", {
+      className: "flex justify-end gap-2",
+      children: [/*#__PURE__*/jsxRuntime.jsx(DashReact.Button, {
+        title: "Cancel",
+        onClick: onCancel
+      }), /*#__PURE__*/jsxRuntime.jsx(DashReact.Button, {
+        title: copy.confirmLabel,
+        onClick: onConfirm
+      })]
+    })]
   });
 };
-var WidgetGrantRow = function WidgetGrantRow(_ref7) {
-  var widgetId = _ref7.widgetId,
-    declared = _ref7.declared,
-    granted = _ref7.granted,
-    hasManifest = _ref7.hasManifest,
-    grantOrigin = _ref7.grantOrigin,
-    onRevokeWidget = _ref7.onRevokeWidget,
-    onRevokeServer = _ref7.onRevokeServer,
-    onGrantManually = _ref7.onGrantManually;
+var WidgetGrantRow = function WidgetGrantRow(_ref8) {
+  var widgetId = _ref8.widgetId,
+    declared = _ref8.declared,
+    granted = _ref8.granted,
+    hasManifest = _ref8.hasManifest,
+    grantOrigin = _ref8.grantOrigin,
+    onRevokeWidget = _ref8.onRevokeWidget,
+    onRevokeServer = _ref8.onRevokeServer,
+    onGrantManually = _ref8.onGrantManually;
   var declaredServers = declared && declared.servers || {};
   var grantedServers = granted && granted.servers || {};
   var allServerNames = Array.from(new Set([].concat(_toConsumableArray(Object.keys(declaredServers)), _toConsumableArray(Object.keys(grantedServers)))));
@@ -49405,10 +49460,10 @@ var WidgetGrantRow = function WidgetGrantRow(_ref7) {
     })]
   });
 };
-var PermsList = function PermsList(_ref8) {
-  var label = _ref8.label,
-    declaredItems = _ref8.declaredItems,
-    grantedItems = _ref8.grantedItems;
+var PermsList = function PermsList(_ref9) {
+  var label = _ref9.label,
+    declaredItems = _ref9.declaredItems,
+    grantedItems = _ref9.grantedItems;
   if (declaredItems.length === 0 && grantedItems.length === 0) return null;
   var grantedSet = new Set(grantedItems);
   var declaredSet = new Set(declaredItems);
@@ -49464,8 +49519,8 @@ function isServerEntirelyStale(decl, grant) {
  * the user audit grants that were approved against a scanner guess
  * rather than the developer's explicit declaration.
  */
-var GrantOriginBadge = function GrantOriginBadge(_ref9) {
-  var origin = _ref9.origin;
+var GrantOriginBadge = function GrantOriginBadge(_ref0) {
+  var origin = _ref0.origin;
   var styles = {
     declared: {
       label: "declared",