@unbrained/pm-cli 2026.5.24 → 2026.5.28
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +953 -522
- package/README.md +2 -10
- package/dist/cli/bootstrap-args.d.ts +18 -1
- package/dist/cli/bootstrap-args.js +143 -3
- package/dist/cli/bootstrap-args.js.map +1 -1
- package/dist/cli/commander-usage.js +134 -11
- package/dist/cli/commander-usage.js.map +1 -1
- package/dist/cli/commands/append.js +4 -3
- package/dist/cli/commands/append.js.map +1 -1
- package/dist/cli/commands/claim.js +5 -4
- package/dist/cli/commands/claim.js.map +1 -1
- package/dist/cli/commands/close.d.ts +3 -0
- package/dist/cli/commands/close.js +26 -3
- package/dist/cli/commands/close.js.map +1 -1
- package/dist/cli/commands/completion.d.ts +2 -2
- package/dist/cli/commands/completion.js +109 -56
- package/dist/cli/commands/completion.js.map +1 -1
- package/dist/cli/commands/config.d.ts +1 -1
- package/dist/cli/commands/config.js +82 -4
- package/dist/cli/commands/config.js.map +1 -1
- package/dist/cli/commands/create.js +7 -272
- package/dist/cli/commands/create.js.map +1 -1
- package/dist/cli/commands/delete.js +4 -3
- package/dist/cli/commands/delete.js.map +1 -1
- package/dist/cli/commands/docs.d.ts +1 -12
- package/dist/cli/commands/docs.js +8 -312
- package/dist/cli/commands/docs.js.map +1 -1
- package/dist/cli/commands/extension/bundled-catalog.d.ts +14 -0
- package/dist/cli/commands/extension/bundled-catalog.js +268 -0
- package/dist/cli/commands/extension/bundled-catalog.js.map +1 -0
- package/dist/cli/commands/extension/doctor.d.ts +31 -0
- package/dist/cli/commands/extension/doctor.js +345 -0
- package/dist/cli/commands/extension/doctor.js.map +1 -0
- package/dist/cli/commands/extension/install-sources.d.ts +37 -0
- package/dist/cli/commands/extension/install-sources.js +384 -0
- package/dist/cli/commands/extension/install-sources.js.map +1 -0
- package/dist/cli/commands/extension/managed-state.d.ts +48 -0
- package/dist/cli/commands/extension/managed-state.js +172 -0
- package/dist/cli/commands/extension/managed-state.js.map +1 -0
- package/dist/cli/commands/extension/scaffold.d.ts +14 -0
- package/dist/cli/commands/extension/scaffold.js +202 -0
- package/dist/cli/commands/extension/scaffold.js.map +1 -0
- package/dist/cli/commands/extension/shared.d.ts +14 -0
- package/dist/cli/commands/extension/shared.js +106 -0
- package/dist/cli/commands/extension/shared.js.map +1 -0
- package/dist/cli/commands/extension.d.ts +36 -68
- package/dist/cli/commands/extension.js +143 -1422
- package/dist/cli/commands/extension.js.map +1 -1
- package/dist/cli/commands/files.d.ts +1 -12
- package/dist/cli/commands/files.js +11 -308
- package/dist/cli/commands/files.js.map +1 -1
- package/dist/cli/commands/get.js +4 -3
- package/dist/cli/commands/get.js.map +1 -1
- package/dist/cli/commands/health.js +17 -3
- package/dist/cli/commands/health.js.map +1 -1
- package/dist/cli/commands/history-redact.js +23 -18
- package/dist/cli/commands/history-redact.js.map +1 -1
- package/dist/cli/commands/history-repair.js +24 -18
- package/dist/cli/commands/history-repair.js.map +1 -1
- package/dist/cli/commands/legacy-none-tokens.d.ts +3 -0
- package/dist/cli/commands/legacy-none-tokens.js +39 -0
- package/dist/cli/commands/legacy-none-tokens.js.map +1 -0
- package/dist/cli/commands/linked-artifacts.d.ts +96 -0
- package/dist/cli/commands/linked-artifacts.js +335 -0
- package/dist/cli/commands/linked-artifacts.js.map +1 -0
- package/dist/cli/commands/linked-test-parsers.d.ts +28 -0
- package/dist/cli/commands/linked-test-parsers.js +192 -0
- package/dist/cli/commands/linked-test-parsers.js.map +1 -0
- package/dist/cli/commands/list.js +19 -5
- package/dist/cli/commands/list.js.map +1 -1
- package/dist/cli/commands/normalize.js +4 -3
- package/dist/cli/commands/normalize.js.map +1 -1
- package/dist/cli/commands/plan.d.ts +5 -0
- package/dist/cli/commands/plan.js +56 -8
- package/dist/cli/commands/plan.js.map +1 -1
- package/dist/cli/commands/recurrence-parsers.d.ts +26 -0
- package/dist/cli/commands/recurrence-parsers.js +98 -0
- package/dist/cli/commands/recurrence-parsers.js.map +1 -0
- package/dist/cli/commands/restore.js +19 -8
- package/dist/cli/commands/restore.js.map +1 -1
- package/dist/cli/commands/search.js +5 -8
- package/dist/cli/commands/search.js.map +1 -1
- package/dist/cli/commands/test/linked-command-detection.d.ts +37 -0
- package/dist/cli/commands/test/linked-command-detection.js +200 -0
- package/dist/cli/commands/test/linked-command-detection.js.map +1 -0
- package/dist/cli/commands/test.d.ts +1 -2
- package/dist/cli/commands/test.js +8 -350
- package/dist/cli/commands/test.js.map +1 -1
- package/dist/cli/commands/update-many.js +4 -3
- package/dist/cli/commands/update-many.js.map +1 -1
- package/dist/cli/commands/update.js +83 -356
- package/dist/cli/commands/update.js.map +1 -1
- package/dist/cli/commands/validate.js +32 -12
- package/dist/cli/commands/validate.js.map +1 -1
- package/dist/cli/error-guidance.d.ts +1 -0
- package/dist/cli/error-guidance.js +6 -2
- package/dist/cli/error-guidance.js.map +1 -1
- package/dist/cli/main.d.ts +11 -0
- package/dist/cli/main.js +76 -28
- package/dist/cli/main.js.map +1 -1
- package/dist/cli/register-list-query.d.ts +4 -1
- package/dist/cli/register-list-query.js +242 -203
- package/dist/cli/register-list-query.js.map +1 -1
- package/dist/cli/register-mutation.js +73 -11
- package/dist/cli/register-mutation.js.map +1 -1
- package/dist/cli/register-operations.js +3 -3
- package/dist/cli/register-operations.js.map +1 -1
- package/dist/cli/register-setup.js +12 -7
- package/dist/cli/register-setup.js.map +1 -1
- package/dist/cli/registration-helpers.js +3 -2
- package/dist/cli/registration-helpers.js.map +1 -1
- package/dist/cli.js +4 -3
- package/dist/cli.js.map +1 -1
- package/dist/core/config/positional-value.d.ts +44 -0
- package/dist/core/config/positional-value.js +109 -0
- package/dist/core/config/positional-value.js.map +1 -0
- package/dist/core/extensions/extension-capability-aliases.d.ts +14 -0
- package/dist/core/extensions/extension-capability-aliases.js +159 -0
- package/dist/core/extensions/extension-capability-aliases.js.map +1 -0
- package/dist/core/extensions/extension-hook-runtime.d.ts +13 -0
- package/dist/core/extensions/extension-hook-runtime.js +414 -0
- package/dist/core/extensions/extension-hook-runtime.js.map +1 -0
- package/dist/core/extensions/extension-policy.d.ts +69 -0
- package/dist/core/extensions/extension-policy.js +481 -0
- package/dist/core/extensions/extension-policy.js.map +1 -0
- package/dist/core/extensions/extension-registries.d.ts +8 -0
- package/dist/core/extensions/extension-registries.js +52 -0
- package/dist/core/extensions/extension-registries.js.map +1 -0
- package/dist/core/extensions/extension-runtime-helpers.d.ts +6 -0
- package/dist/core/extensions/extension-runtime-helpers.js +29 -0
- package/dist/core/extensions/extension-runtime-helpers.js.map +1 -0
- package/dist/core/extensions/extension-types.d.ts +13 -39
- package/dist/core/extensions/extension-types.js +34 -2
- package/dist/core/extensions/extension-types.js.map +1 -1
- package/dist/core/extensions/index.d.ts +7 -0
- package/dist/core/extensions/index.js +11 -2
- package/dist/core/extensions/index.js.map +1 -1
- package/dist/core/extensions/loader.d.ts +4 -22
- package/dist/core/extensions/loader.js +22 -1139
- package/dist/core/extensions/loader.js.map +1 -1
- package/dist/core/history/drift-scan.d.ts +11 -0
- package/dist/core/history/drift-scan.js +114 -32
- package/dist/core/history/drift-scan.js.map +1 -1
- package/dist/core/history/history-rewrite.d.ts +43 -0
- package/dist/core/history/history-rewrite.js +48 -0
- package/dist/core/history/history-rewrite.js.map +1 -0
- package/dist/core/history/history.js +5 -4
- package/dist/core/history/history.js.map +1 -1
- package/dist/core/history/replay.js +4 -3
- package/dist/core/history/replay.js.map +1 -1
- package/dist/core/item/item-record.d.ts +19 -0
- package/dist/core/item/item-record.js +24 -0
- package/dist/core/item/item-record.js.map +1 -0
- package/dist/core/output/mutation-projection.d.ts +31 -0
- package/dist/core/output/mutation-projection.js +103 -0
- package/dist/core/output/mutation-projection.js.map +1 -0
- package/dist/core/output/output.d.ts +2 -0
- package/dist/core/output/output.js +5 -3
- package/dist/core/output/output.js.map +1 -1
- package/dist/core/schema/runtime-schema.js +8 -38
- package/dist/core/schema/runtime-schema.js.map +1 -1
- package/dist/core/search/vector-stores.js +46 -9
- package/dist/core/search/vector-stores.js.map +1 -1
- package/dist/core/sentry/helpers.d.ts +1 -1
- package/dist/core/sentry/helpers.js +20 -3
- package/dist/core/sentry/helpers.js.map +1 -1
- package/dist/core/shared/command-types.d.ts +1 -0
- package/dist/core/shared/command-types.js +2 -2
- package/dist/core/shared/command-types.js.map +1 -1
- package/dist/core/shared/constants.d.ts +10 -1
- package/dist/core/shared/constants.js +56 -58
- package/dist/core/shared/constants.js.map +1 -1
- package/dist/core/shared/levenshtein.js +23 -7
- package/dist/core/shared/levenshtein.js.map +1 -1
- package/dist/core/shared/primitives.d.ts +23 -0
- package/dist/core/shared/primitives.js +39 -2
- package/dist/core/shared/primitives.js.map +1 -1
- package/dist/core/store/front-matter-cache.d.ts +16 -2
- package/dist/core/store/front-matter-cache.js +99 -33
- package/dist/core/store/front-matter-cache.js.map +1 -1
- package/dist/core/store/item-store.js +8 -73
- package/dist/core/store/item-store.js.map +1 -1
- package/dist/mcp/server.js +76 -28
- package/dist/mcp/server.js.map +1 -1
- package/dist/sdk/cli-contracts/enum-contracts.d.ts +20 -0
- package/dist/sdk/cli-contracts/enum-contracts.js +156 -0
- package/dist/sdk/cli-contracts/enum-contracts.js.map +1 -0
- package/dist/sdk/cli-contracts/tool-option-contracts.d.ts +14 -0
- package/dist/sdk/cli-contracts/tool-option-contracts.js +243 -0
- package/dist/sdk/cli-contracts/tool-option-contracts.js.map +1 -0
- package/dist/sdk/cli-contracts/tool-parameter-tables.d.ts +11 -0
- package/dist/sdk/cli-contracts/tool-parameter-tables.js +901 -0
- package/dist/sdk/cli-contracts/tool-parameter-tables.js.map +1 -0
- package/dist/sdk/cli-contracts.d.ts +11 -33
- package/dist/sdk/cli-contracts.js +30 -1356
- package/dist/sdk/cli-contracts.js.map +1 -1
- package/dist/sdk/package-import-adapters.d.ts +74 -0
- package/dist/sdk/package-import-adapters.js +186 -0
- package/dist/sdk/package-import-adapters.js.map +1 -0
- package/dist/sdk/package-runtime-options.d.ts +26 -0
- package/dist/sdk/package-runtime-options.js +71 -0
- package/dist/sdk/package-runtime-options.js.map +1 -0
- package/dist/sdk/runtime.d.ts +2 -0
- package/dist/sdk/runtime.js +4 -2
- package/dist/sdk/runtime.js.map +1 -1
- package/docs/AGENT_GUIDE.md +6 -10
- package/docs/CLAUDE_CODE_PLUGIN.md +5 -28
- package/docs/CODEX_PLUGIN.md +5 -5
- package/docs/COMMANDS.md +19 -3
- package/docs/CONFIGURATION.md +15 -0
- package/docs/EXTENSIONS.md +4 -63
- package/docs/RELEASING.md +4 -4
- package/marketplace.json +7 -3
- package/package.json +9 -6
- package/packages/pm-beads/extensions/beads/index.js +2 -49
- package/packages/pm-beads/extensions/beads/index.ts +2 -54
- package/packages/pm-beads/extensions/beads/runtime-loader.js +86 -0
- package/packages/pm-beads/extensions/beads/runtime-loader.ts +88 -0
- package/packages/pm-beads/extensions/beads/runtime.js +26 -115
- package/packages/pm-beads/extensions/beads/runtime.ts +33 -132
- package/packages/pm-calendar/extensions/calendar/index.js +47 -2
- package/packages/pm-calendar/extensions/calendar/index.ts +52 -2
- package/packages/pm-calendar/extensions/calendar/runtime.js +1 -0
- package/packages/pm-calendar/extensions/calendar/runtime.ts +1 -0
- package/packages/pm-governance-audit/extensions/governance-audit/runtime.js +14 -41
- package/packages/pm-governance-audit/extensions/governance-audit/runtime.ts +25 -41
- package/packages/pm-guide-shell/extensions/guide-shell/runtime.js +10 -50
- package/packages/pm-guide-shell/extensions/guide-shell/runtime.ts +17 -50
- package/packages/pm-linked-test-adapters/extensions/linked-test-adapters/runtime.js +8 -40
- package/packages/pm-linked-test-adapters/extensions/linked-test-adapters/runtime.ts +10 -40
- package/packages/pm-search-advanced/extensions/search-advanced/index.js +1 -1
- package/packages/pm-search-advanced/extensions/search-advanced/runtime.js +4 -37
- package/packages/pm-search-advanced/extensions/search-advanced/runtime.ts +6 -37
- package/packages/pm-todos/extensions/todos/index.js +3 -50
- package/packages/pm-todos/extensions/todos/index.ts +3 -55
- package/packages/pm-todos/extensions/todos/runtime-loader.js +86 -0
- package/packages/pm-todos/extensions/todos/runtime-loader.ts +88 -0
- package/packages/pm-todos/extensions/todos/runtime.js +24 -117
- package/packages/pm-todos/extensions/todos/runtime.ts +32 -129
- package/plugins/pm-claude/README.md +2 -2
- package/plugins/pm-claude/commands/pm-planner.md +1 -15
- package/plugins/pm-claude/scripts/pm-mcp-server.mjs +5 -2
- package/plugins/pm-claude/skills/pm-planner/SKILL.md +3 -21
- package/plugins/pm-codex/scripts/pm-mcp-server.mjs +15 -6
- package/plugins/pm-codex/skills/pm-native/SKILL.md +1 -13
- package/PRD.md +0 -1734
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"extension-hook-runtime.js","sources":["core/extensions/extension-hook-runtime.ts"],"sourceRoot":"/","sourcesContent":["import {\n cloneCommandOptionsSnapshot,\n cloneContextSnapshot,\n cloneGlobalOptionsSnapshot,\n normalizeCommandName,\n} from \"./extension-runtime-helpers.js\";\nimport type {\n RegisteredExtensionHook,\n ExtensionHookRegistry,\n BeforeCommandHookContext,\n AfterCommandHookContext,\n OnWriteHookContext,\n OnReadHookContext,\n OnIndexHookContext,\n ExtensionCommandRegistry,\n CommandHandlerContext,\n CommandHandlerResult,\n ExtensionParserRegistry,\n ParserOverrideContext,\n ParserOverrideResult,\n ExtensionPreflightRegistry,\n PreflightOverrideContext,\n PreflightOverrideResult,\n PreflightRuntimeDecision,\n ExtensionServiceRegistry,\n ServiceOverrideContext,\n ServiceOverrideResult,\n CommandOverrideContext,\n CommandOverrideResult,\n ExtensionRendererRegistry,\n RendererOverrideContext,\n RendererOverrideResult,\n} from \"./extension-types.js\";\n\ntype HookName = keyof ExtensionHookRegistry;\n\nasync function executeRegisteredHooks<TContext>(\n entries: Array<RegisteredExtensionHook<(context: TContext) => Promise<void> | void>>,\n hookName: HookName,\n context: TContext,\n): Promise<string[]> {\n const warnings: string[] = [];\n for (const entry of entries) {\n try {\n await entry.run(cloneContextSnapshot(context));\n } catch {\n warnings.push(`extension_hook_failed:${entry.layer}:${entry.name}:${hookName}`);\n }\n }\n return warnings;\n}\n\nexport async function runBeforeCommandHooks(\n hooks: ExtensionHookRegistry,\n context: BeforeCommandHookContext,\n): Promise<string[]> {\n return executeRegisteredHooks(hooks.beforeCommand, \"beforeCommand\", context);\n}\n\nexport async function runAfterCommandHooks(\n hooks: ExtensionHookRegistry,\n context: AfterCommandHookContext,\n): Promise<string[]> {\n return executeRegisteredHooks(hooks.afterCommand, \"afterCommand\", context);\n}\n\nexport async function runOnWriteHooks(hooks: ExtensionHookRegistry, context: OnWriteHookContext): Promise<string[]> {\n return executeRegisteredHooks(hooks.onWrite, \"onWrite\", context);\n}\n\nexport async function runOnReadHooks(hooks: ExtensionHookRegistry, context: OnReadHookContext): Promise<string[]> {\n return executeRegisteredHooks(hooks.onRead, \"onRead\", context);\n}\n\nexport async function runOnIndexHooks(hooks: ExtensionHookRegistry, context: OnIndexHookContext): Promise<string[]> {\n return executeRegisteredHooks(hooks.onIndex, \"onIndex\", context);\n}\n\n\n\n/**\n * Normalize an extension handler failure into a single-line, length-bounded\n * message so the real cause can be surfaced to the user/CI without leaking\n * multi-line stack noise or unbounded payloads.\n */\nfunction describeHandlerError(error: unknown): string {\n let raw = \"\";\n if (error instanceof Error && typeof error.message === \"string\") {\n raw = error.message;\n } else if (typeof error === \"string\") {\n raw = error;\n } else if (\n typeof error === \"object\" &&\n error !== null &&\n typeof (error as { message?: unknown }).message === \"string\"\n ) {\n // Extensions may throw plain/serialized objects that carry a message but do\n // not inherit from the base Error class.\n raw = (error as { message: string }).message;\n }\n const normalized = raw.replace(/\\s+/gu, \" \").trim();\n if (normalized.length === 0) {\n return \"\";\n }\n const maxLength = 300;\n return normalized.length > maxLength ? `${normalized.slice(0, maxLength - 1)}…` : normalized;\n}\n\nexport async function runCommandHandler(\n commands: ExtensionCommandRegistry,\n context: CommandHandlerContext,\n): Promise<CommandHandlerResult> {\n const command = normalizeCommandName(context.command);\n if (command.length === 0) {\n return {\n handled: false,\n result: null,\n warnings: [],\n };\n }\n\n const matched = [...commands.handlers].reverse().find((entry) => entry.command === command);\n if (!matched) {\n return {\n handled: false,\n result: null,\n warnings: [],\n };\n }\n\n try {\n const result = await matched.run({\n command,\n args: cloneContextSnapshot(context.args),\n options: cloneContextSnapshot(context.options),\n global: cloneContextSnapshot(context.global),\n pm_root: context.pm_root,\n });\n return {\n handled: true,\n result,\n warnings: [],\n };\n } catch (error: unknown) {\n const exitCode =\n typeof error === \"object\" && error !== null && \"exitCode\" in error\n ? (error as { exitCode?: unknown }).exitCode\n : undefined;\n if (typeof exitCode === \"number\" && Number.isFinite(exitCode)) {\n throw error;\n }\n return {\n handled: false,\n result: null,\n warnings: [`extension_command_handler_failed:${matched.layer}:${matched.name}:${matched.command}`],\n errorMessage: describeHandlerError(error),\n };\n }\n}\n\n\nexport async function runParserOverride(\n parsers: ExtensionParserRegistry,\n context: ParserOverrideContext,\n): Promise<ParserOverrideResult> {\n const command = normalizeCommandName(context.command);\n if (command.length === 0) {\n return {\n overridden: false,\n context: {\n command,\n args: cloneContextSnapshot(context.args),\n options: cloneCommandOptionsSnapshot(context.options),\n global: cloneGlobalOptionsSnapshot(context.global),\n pm_root: context.pm_root,\n },\n warnings: [],\n };\n }\n\n const matched = [...parsers.overrides].reverse().find((entry) => entry.command === command);\n if (!matched) {\n return {\n overridden: false,\n context: {\n command,\n args: cloneContextSnapshot(context.args),\n options: cloneCommandOptionsSnapshot(context.options),\n global: cloneGlobalOptionsSnapshot(context.global),\n pm_root: context.pm_root,\n },\n warnings: [],\n };\n }\n\n try {\n const delta = (await Promise.resolve(\n matched.run({\n command,\n args: cloneContextSnapshot(context.args),\n options: cloneCommandOptionsSnapshot(context.options),\n global: cloneGlobalOptionsSnapshot(context.global),\n pm_root: context.pm_root,\n }),\n )) ?? {};\n const nextArgs = Array.isArray(delta.args) ? cloneContextSnapshot(delta.args) : cloneContextSnapshot(context.args);\n const nextOptions = delta.options ? cloneCommandOptionsSnapshot(delta.options) : cloneCommandOptionsSnapshot(context.options);\n const nextGlobal = delta.global ? cloneGlobalOptionsSnapshot(delta.global) : cloneGlobalOptionsSnapshot(context.global);\n return {\n overridden: true,\n context: {\n command,\n args: nextArgs,\n options: nextOptions,\n global: nextGlobal,\n pm_root: context.pm_root,\n },\n warnings: [],\n };\n } catch {\n return {\n overridden: false,\n context: {\n command,\n args: cloneContextSnapshot(context.args),\n options: cloneCommandOptionsSnapshot(context.options),\n global: cloneGlobalOptionsSnapshot(context.global),\n pm_root: context.pm_root,\n },\n warnings: [`extension_parser_override_failed:${matched.layer}:${matched.name}:${matched.command}`],\n };\n }\n}\n\n\nexport async function runPreflightOverride(\n preflight: ExtensionPreflightRegistry,\n context: PreflightOverrideContext,\n): Promise<PreflightOverrideResult> {\n const matched = [...preflight.overrides].reverse()[0];\n const baseContext: CommandHandlerContext = {\n command: normalizeCommandName(context.command),\n args: cloneContextSnapshot(context.args),\n options: cloneCommandOptionsSnapshot(context.options),\n global: cloneGlobalOptionsSnapshot(context.global),\n pm_root: context.pm_root,\n };\n const baseDecision: PreflightRuntimeDecision = cloneContextSnapshot(context.decision);\n if (!matched) {\n return {\n overridden: false,\n context: baseContext,\n decision: baseDecision,\n warnings: [],\n };\n }\n\n try {\n const delta = (await Promise.resolve(\n matched.run({\n command: baseContext.command,\n args: cloneContextSnapshot(baseContext.args),\n options: cloneCommandOptionsSnapshot(baseContext.options),\n global: cloneGlobalOptionsSnapshot(baseContext.global),\n pm_root: baseContext.pm_root,\n decision: cloneContextSnapshot(baseDecision),\n }),\n )) ?? {};\n const nextContext: CommandHandlerContext = {\n command: baseContext.command,\n args: Array.isArray(delta.args) ? cloneContextSnapshot(delta.args) : baseContext.args,\n options: delta.options ? cloneCommandOptionsSnapshot(delta.options) : baseContext.options,\n global: delta.global ? cloneGlobalOptionsSnapshot(delta.global) : baseContext.global,\n pm_root: baseContext.pm_root,\n };\n const nextDecision: PreflightRuntimeDecision = {\n enforce_item_format_gate:\n typeof delta.enforce_item_format_gate === \"boolean\"\n ? delta.enforce_item_format_gate\n : baseDecision.enforce_item_format_gate,\n run_preflight_item_format_sync:\n typeof delta.run_preflight_item_format_sync === \"boolean\"\n ? delta.run_preflight_item_format_sync\n : baseDecision.run_preflight_item_format_sync,\n run_extension_migrations:\n typeof delta.run_extension_migrations === \"boolean\"\n ? delta.run_extension_migrations\n : baseDecision.run_extension_migrations,\n enforce_mandatory_migration_gate:\n typeof delta.enforce_mandatory_migration_gate === \"boolean\"\n ? delta.enforce_mandatory_migration_gate\n : baseDecision.enforce_mandatory_migration_gate,\n };\n return {\n overridden: true,\n context: nextContext,\n decision: nextDecision,\n warnings: [],\n };\n } catch {\n return {\n overridden: false,\n context: baseContext,\n decision: baseDecision,\n warnings: [`extension_preflight_override_failed:${matched.layer}:${matched.name}`],\n };\n }\n}\n\n\nfunction resolveDefaultServiceResult(context: ServiceOverrideContext): ServiceOverrideResult {\n return {\n handled: false,\n result: context.payload,\n warnings: [],\n };\n}\n\nexport function runServiceOverrideSync(\n services: ExtensionServiceRegistry,\n context: ServiceOverrideContext,\n): ServiceOverrideResult {\n const matches = [...services.overrides].reverse().filter((entry) => entry.service === context.service);\n if (matches.length === 0) {\n return resolveDefaultServiceResult(context);\n }\n\n const warnings: string[] = [];\n for (const matched of matches) {\n try {\n const serviceContext = {\n service: context.service,\n command: context.command ? normalizeCommandName(context.command) : undefined,\n args: context.args ? cloneContextSnapshot(context.args) : undefined,\n options: context.options ? cloneCommandOptionsSnapshot(context.options) : undefined,\n global: context.global ? cloneGlobalOptionsSnapshot(context.global) : undefined,\n pm_root: context.pm_root,\n payload: cloneContextSnapshot(context.payload),\n };\n const result = matched.run(serviceContext);\n if (result instanceof Promise) {\n warnings.push(`extension_service_override_async_unsupported:${matched.layer}:${matched.name}:${matched.service}`);\n continue;\n }\n if (context.service === \"output_format\" && (result === null || result === undefined || result === serviceContext.payload)) {\n continue;\n }\n return {\n handled: true,\n result,\n warnings,\n };\n } catch {\n warnings.push(`extension_service_override_failed:${matched.layer}:${matched.name}:${matched.service}`);\n }\n }\n return {\n handled: false,\n result: context.payload,\n warnings,\n };\n}\n\nexport async function runServiceOverride(\n services: ExtensionServiceRegistry,\n context: ServiceOverrideContext,\n): Promise<ServiceOverrideResult> {\n const matches = [...services.overrides].reverse().filter((entry) => entry.service === context.service);\n if (matches.length === 0) {\n return resolveDefaultServiceResult(context);\n }\n\n const warnings: string[] = [];\n for (const matched of matches) {\n try {\n const serviceContext = {\n service: context.service,\n command: context.command ? normalizeCommandName(context.command) : undefined,\n args: context.args ? cloneContextSnapshot(context.args) : undefined,\n options: context.options ? cloneCommandOptionsSnapshot(context.options) : undefined,\n global: context.global ? cloneGlobalOptionsSnapshot(context.global) : undefined,\n pm_root: context.pm_root,\n payload: cloneContextSnapshot(context.payload),\n };\n const result = await Promise.resolve(matched.run(serviceContext));\n if (context.service === \"output_format\" && (result === null || result === undefined || result === serviceContext.payload)) {\n continue;\n }\n return {\n handled: true,\n result,\n warnings,\n };\n } catch {\n warnings.push(`extension_service_override_failed:${matched.layer}:${matched.name}:${matched.service}`);\n }\n }\n return {\n handled: false,\n result: context.payload,\n warnings,\n };\n}\n\nexport function runCommandOverride(\n commands: ExtensionCommandRegistry,\n context: CommandOverrideContext,\n): CommandOverrideResult {\n const command = normalizeCommandName(context.command);\n if (command.length === 0) {\n return {\n overridden: false,\n result: context.result,\n warnings: [],\n };\n }\n\n const matched = [...commands.overrides].reverse().find((entry) => entry.command === command);\n if (!matched) {\n return {\n overridden: false,\n result: context.result,\n warnings: [],\n };\n }\n\n try {\n const overrideOptions = cloneCommandOptionsSnapshot(context.options);\n const overrideGlobal = cloneGlobalOptionsSnapshot(context.global);\n const overrideResult = matched.run({\n command,\n args: cloneContextSnapshot(context.args),\n options: overrideOptions,\n global: overrideGlobal,\n pm_root: context.pm_root,\n result: cloneContextSnapshot(context.result),\n });\n if (overrideResult instanceof Promise) {\n return {\n overridden: false,\n result: context.result,\n warnings: [`extension_command_override_async_unsupported:${matched.layer}:${matched.name}:${matched.command}`],\n };\n }\n return {\n overridden: true,\n result: overrideResult,\n warnings: [],\n };\n } catch {\n return {\n overridden: false,\n result: context.result,\n warnings: [`extension_command_override_failed:${matched.layer}:${matched.name}:${matched.command}`],\n };\n }\n}\n\n\nexport function runRendererOverride(\n renderers: ExtensionRendererRegistry,\n context: RendererOverrideContext,\n): RendererOverrideResult {\n const matched = [...renderers.overrides].reverse().find((entry) => entry.format === context.format);\n if (!matched) {\n return {\n overridden: false,\n rendered: null,\n warnings: [],\n };\n }\n\n try {\n const rendererCommand = typeof context.command === \"string\" ? normalizeCommandName(context.command) : \"\";\n const rendererArgs = Array.isArray(context.args) ? cloneContextSnapshot(context.args) : [];\n const rendererOptions = cloneCommandOptionsSnapshot(context.options);\n const rendererGlobal = cloneGlobalOptionsSnapshot(context.global);\n const rendererPmRoot = typeof context.pm_root === \"string\" ? context.pm_root : \"\";\n const rendered = matched.run({\n format: context.format,\n command: rendererCommand,\n args: rendererArgs,\n options: rendererOptions,\n global: rendererGlobal,\n pm_root: rendererPmRoot,\n result: cloneContextSnapshot(context.result),\n });\n if (typeof rendered !== \"string\") {\n return {\n overridden: false,\n rendered: null,\n warnings: [`extension_renderer_invalid_result:${matched.layer}:${matched.name}:${matched.format}`],\n };\n }\n return {\n overridden: true,\n rendered,\n warnings: [],\n };\n } catch {\n return {\n overridden: false,\n rendered: null,\n warnings: [`extension_renderer_failed:${matched.layer}:${matched.name}:${matched.format}`],\n };\n }\n}\n"],"names":[],"mappings":";;AAAA,OAAO,EACL,2BAA2B,EAC3B,oBAAoB,EACpB,0BAA0B,EAC1B,oBAAoB,GACrB,MAAM,gCAAgC,CAAC;AA+BxC,KAAK,UAAU,sBAAsB,CACnC,OAAoF,EACpF,QAAkB,EAClB,OAAiB;IAEjB,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,GAAG,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,IAAI,CAAC,yBAAyB,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,IAAI,QAAQ,EAAE,CAAC,CAAC;QAClF,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,KAA4B,EAC5B,OAAiC;IAEjC,OAAO,sBAAsB,CAAC,KAAK,CAAC,aAAa,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,KAA4B,EAC5B,OAAgC;IAEhC,OAAO,sBAAsB,CAAC,KAAK,CAAC,YAAY,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;AAC7E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAA4B,EAAE,OAA2B;IAC7F,OAAO,sBAAsB,CAAC,KAAK,CAAC,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAA4B,EAAE,OAA0B;IAC3F,OAAO,sBAAsB,CAAC,KAAK,CAAC,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;AACjE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAA4B,EAAE,OAA2B;IAC7F,OAAO,sBAAsB,CAAC,KAAK,CAAC,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;AACnE,CAAC;AAID;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,KAAc;IAC1C,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,IAAI,KAAK,YAAY,KAAK,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChE,GAAG,GAAG,KAAK,CAAC,OAAO,CAAC;IACtB,CAAC;SAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACrC,GAAG,GAAG,KAAK,CAAC;IACd,CAAC;SAAM,IACL,OAAO,KAAK,KAAK,QAAQ;QACzB,KAAK,KAAK,IAAI;QACd,OAAQ,KAA+B,CAAC,OAAO,KAAK,QAAQ,EAC5D,CAAC;QACD,4EAA4E;QAC5E,yCAAyC;QACzC,GAAG,GAAI,KAA6B,CAAC,OAAO,CAAC;IAC/C,CAAC;IACD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACpD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,SAAS,GAAG,GAAG,CAAC;IACtB,OAAO,UAAU,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC;AAC/F,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,QAAkC,EAClC,OAA8B;IAE9B,MAAM,OAAO,GAAG,oBAAoB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;IAC5F,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAC/B,OAAO;YACP,IAAI,EAAE,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC;YACxC,OAAO,EAAE,oBAAoB,CAAC,OAAO,CAAC,OAAO,CAAC;YAC9C,MAAM,EAAE,oBAAoB,CAAC,OAAO,CAAC,MAAM,CAAC;YAC5C,OAAO,EAAE,OAAO,CAAC,OAAO;SACzB,CAAC,CAAC;QACH,OAAO;YACL,OAAO,EAAE,IAAI;YACb,MAAM;YACN,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,MAAM,QAAQ,GACZ,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,UAAU,IAAI,KAAK;YAChE,CAAC,CAAE,KAAgC,CAAC,QAAQ;YAC5C,CAAC,CAAC,SAAS,CAAC;QAChB,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9D,MAAM,KAAK,CAAC;QACd,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,CAAC,oCAAoC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAClG,YAAY,EAAE,oBAAoB,CAAC,KAAK,CAAC;SAC1C,CAAC;IACJ,CAAC;AACH,CAAC;AAGD,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,OAAgC,EAChC,OAA8B;IAE9B,MAAM,OAAO,GAAG,oBAAoB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE;gBACP,OAAO;gBACP,IAAI,EAAE,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC;gBACxC,OAAO,EAAE,2BAA2B,CAAC,OAAO,CAAC,OAAO,CAAC;gBACrD,MAAM,EAAE,0BAA0B,CAAC,OAAO,CAAC,MAAM,CAAC;gBAClD,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB;YACD,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;IAC5F,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE;gBACP,OAAO;gBACP,IAAI,EAAE,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC;gBACxC,OAAO,EAAE,2BAA2B,CAAC,OAAO,CAAC,OAAO,CAAC;gBACrD,MAAM,EAAE,0BAA0B,CAAC,OAAO,CAAC,MAAM,CAAC;gBAClD,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB;YACD,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,CAAC,MAAM,OAAO,CAAC,OAAO,CAClC,OAAO,CAAC,GAAG,CAAC;YACV,OAAO;YACP,IAAI,EAAE,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC;YACxC,OAAO,EAAE,2BAA2B,CAAC,OAAO,CAAC,OAAO,CAAC;YACrD,MAAM,EAAE,0BAA0B,CAAC,OAAO,CAAC,MAAM,CAAC;YAClD,OAAO,EAAE,OAAO,CAAC,OAAO;SACzB,CAAC,CACH,CAAC,IAAI,EAAE,CAAC;QACT,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACnH,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,2BAA2B,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC9H,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,0BAA0B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,0BAA0B,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACxH,OAAO;YACL,UAAU,EAAE,IAAI;YAChB,OAAO,EAAE;gBACP,OAAO;gBACP,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,WAAW;gBACpB,MAAM,EAAE,UAAU;gBAClB,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB;YACD,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE;gBACP,OAAO;gBACP,IAAI,EAAE,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC;gBACxC,OAAO,EAAE,2BAA2B,CAAC,OAAO,CAAC,OAAO,CAAC;gBACrD,MAAM,EAAE,0BAA0B,CAAC,OAAO,CAAC,MAAM,CAAC;gBAClD,OAAO,EAAE,OAAO,CAAC,OAAO;aACzB;YACD,QAAQ,EAAE,CAAC,oCAAoC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;SACnG,CAAC;IACJ,CAAC;AACH,CAAC;AAGD,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,SAAqC,EACrC,OAAiC;IAEjC,MAAM,OAAO,GAAG,CAAC,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IACtD,MAAM,WAAW,GAA0B;QACzC,OAAO,EAAE,oBAAoB,CAAC,OAAO,CAAC,OAAO,CAAC;QAC9C,IAAI,EAAE,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC;QACxC,OAAO,EAAE,2BAA2B,CAAC,OAAO,CAAC,OAAO,CAAC;QACrD,MAAM,EAAE,0BAA0B,CAAC,OAAO,CAAC,MAAM,CAAC;QAClD,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC;IACF,MAAM,YAAY,GAA6B,oBAAoB,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IACtF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE,WAAW;YACpB,QAAQ,EAAE,YAAY;YACtB,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,CAAC,MAAM,OAAO,CAAC,OAAO,CAClC,OAAO,CAAC,GAAG,CAAC;YACV,OAAO,EAAE,WAAW,CAAC,OAAO;YAC5B,IAAI,EAAE,oBAAoB,CAAC,WAAW,CAAC,IAAI,CAAC;YAC5C,OAAO,EAAE,2BAA2B,CAAC,WAAW,CAAC,OAAO,CAAC;YACzD,MAAM,EAAE,0BAA0B,CAAC,WAAW,CAAC,MAAM,CAAC;YACtD,OAAO,EAAE,WAAW,CAAC,OAAO;YAC5B,QAAQ,EAAE,oBAAoB,CAAC,YAAY,CAAC;SAC7C,CAAC,CACH,CAAC,IAAI,EAAE,CAAC;QACT,MAAM,WAAW,GAA0B;YACzC,OAAO,EAAE,WAAW,CAAC,OAAO;YAC5B,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI;YACrF,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO;YACzF,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,0BAA0B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM;YACpF,OAAO,EAAE,WAAW,CAAC,OAAO;SAC7B,CAAC;QACF,MAAM,YAAY,GAA6B;YAC7C,wBAAwB,EACtB,OAAO,KAAK,CAAC,wBAAwB,KAAK,SAAS;gBACjD,CAAC,CAAC,KAAK,CAAC,wBAAwB;gBAChC,CAAC,CAAC,YAAY,CAAC,wBAAwB;YAC3C,8BAA8B,EAC5B,OAAO,KAAK,CAAC,8BAA8B,KAAK,SAAS;gBACvD,CAAC,CAAC,KAAK,CAAC,8BAA8B;gBACtC,CAAC,CAAC,YAAY,CAAC,8BAA8B;YACjD,wBAAwB,EACtB,OAAO,KAAK,CAAC,wBAAwB,KAAK,SAAS;gBACjD,CAAC,CAAC,KAAK,CAAC,wBAAwB;gBAChC,CAAC,CAAC,YAAY,CAAC,wBAAwB;YAC3C,gCAAgC,EAC9B,OAAO,KAAK,CAAC,gCAAgC,KAAK,SAAS;gBACzD,CAAC,CAAC,KAAK,CAAC,gCAAgC;gBACxC,CAAC,CAAC,YAAY,CAAC,gCAAgC;SACpD,CAAC;QACF,OAAO;YACL,UAAU,EAAE,IAAI;YAChB,OAAO,EAAE,WAAW;YACpB,QAAQ,EAAE,YAAY;YACtB,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,OAAO,EAAE,WAAW;YACpB,QAAQ,EAAE,YAAY;YACtB,QAAQ,EAAE,CAAC,uCAAuC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;SACnF,CAAC;IACJ,CAAC;AACH,CAAC;AAGD,SAAS,2BAA2B,CAAC,OAA+B;IAClE,OAAO;QACL,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,OAAO,CAAC,OAAO;QACvB,QAAQ,EAAE,EAAE;KACb,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,QAAkC,EAClC,OAA+B;IAE/B,MAAM,OAAO,GAAG,CAAC,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACvG,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,2BAA2B,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,OAAO,IAAI,OAAO,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,cAAc,GAAG;gBACrB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC5E,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;gBACnE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;gBACnF,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,0BAA0B,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC/E,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,OAAO,EAAE,oBAAoB,CAAC,OAAO,CAAC,OAAO,CAAC;aAC/C,CAAC;YACF,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAC3C,IAAI,MAAM,YAAY,OAAO,EAAE,CAAC;gBAC9B,QAAQ,CAAC,IAAI,CAAC,gDAAgD,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;gBAClH,SAAS;YACX,CAAC;YACD,IAAI,OAAO,CAAC,OAAO,KAAK,eAAe,IAAI,CAAC,MAAM,KAAK,IAAI,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1H,SAAS;YACX,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM;gBACN,QAAQ;aACT,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,IAAI,CAAC,qCAAqC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QACzG,CAAC;IACH,CAAC;IACD,OAAO;QACL,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,OAAO,CAAC,OAAO;QACvB,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,QAAkC,EAClC,OAA+B;IAE/B,MAAM,OAAO,GAAG,CAAC,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IACvG,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,2BAA2B,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,KAAK,MAAM,OAAO,IAAI,OAAO,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,cAAc,GAAG;gBACrB,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC5E,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;gBACnE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;gBACnF,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,0BAA0B,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC/E,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,OAAO,EAAE,oBAAoB,CAAC,OAAO,CAAC,OAAO,CAAC;aAC/C,CAAC;YACF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC;YAClE,IAAI,OAAO,CAAC,OAAO,KAAK,eAAe,IAAI,CAAC,MAAM,KAAK,IAAI,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,cAAc,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1H,SAAS;YACX,CAAC;YACD,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM;gBACN,QAAQ;aACT,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,QAAQ,CAAC,IAAI,CAAC,qCAAqC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QACzG,CAAC;IACH,CAAC;IACD,OAAO;QACL,OAAO,EAAE,KAAK;QACd,MAAM,EAAE,OAAO,CAAC,OAAO;QACvB,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,QAAkC,EAClC,OAA+B;IAE/B,MAAM,OAAO,GAAG,oBAAoB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACtD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,CAAC,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;IAC7F,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,2BAA2B,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACrE,MAAM,cAAc,GAAG,0BAA0B,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAClE,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC;YACjC,OAAO;YACP,IAAI,EAAE,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC;YACxC,OAAO,EAAE,eAAe;YACxB,MAAM,EAAE,cAAc;YACtB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,oBAAoB,CAAC,OAAO,CAAC,MAAM,CAAC;SAC7C,CAAC,CAAC;QACH,IAAI,cAAc,YAAY,OAAO,EAAE,CAAC;YACtC,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,QAAQ,EAAE,CAAC,gDAAgD,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;aAC/G,CAAC;QACJ,CAAC;QACD,OAAO;YACL,UAAU,EAAE,IAAI;YAChB,MAAM,EAAE,cAAc;YACtB,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,QAAQ,EAAE,CAAC,qCAAqC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;SACpG,CAAC;IACJ,CAAC;AACH,CAAC;AAGD,MAAM,UAAU,mBAAmB,CACjC,SAAoC,EACpC,OAAgC;IAEhC,MAAM,OAAO,GAAG,CAAC,GAAG,SAAS,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACpG,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACzG,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3F,MAAM,eAAe,GAAG,2BAA2B,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACrE,MAAM,cAAc,GAAG,0BAA0B,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAClE,MAAM,cAAc,GAAG,OAAO,OAAO,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;QAClF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC;YAC3B,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,eAAe;YACxB,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,eAAe;YACxB,MAAM,EAAE,cAAc;YACtB,OAAO,EAAE,cAAc;YACvB,MAAM,EAAE,oBAAoB,CAAC,OAAO,CAAC,MAAM,CAAC;SAC7C,CAAC,CAAC;QACH,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;YACjC,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,CAAC,qCAAqC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;aACnG,CAAC;QACJ,CAAC;QACD,OAAO;YACL,UAAU,EAAE,IAAI;YAChB,QAAQ;YACR,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,CAAC,6BAA6B,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;SAC3F,CAAC;IACJ,CAAC;AACH,CAAC","debugId":"015da859-473a-5b98-b534-a4edbfae0dd7"}
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
import { type ExtensionCapability, type ExtensionGovernancePolicy, type ExtensionLayer, type ExtensionPolicyMode, type ExtensionPolicySurface, type ExtensionSandboxProfile, type ExtensionTrustMode } from "./extension-types.js";
|
|
2
|
+
import type { PmSettings } from "../../types/index.js";
|
|
3
|
+
interface NormalizedExtensionPolicyOverride {
|
|
4
|
+
name: string;
|
|
5
|
+
disabled: boolean;
|
|
6
|
+
requireTrusted: boolean;
|
|
7
|
+
requireProvenance: boolean;
|
|
8
|
+
sandboxProfile?: ExtensionSandboxProfile;
|
|
9
|
+
allowedCapabilities: Set<string>;
|
|
10
|
+
blockedCapabilities: Set<string>;
|
|
11
|
+
allowedSurfaces: Set<string>;
|
|
12
|
+
blockedSurfaces: Set<string>;
|
|
13
|
+
allowedCommands: Set<string>;
|
|
14
|
+
blockedCommands: Set<string>;
|
|
15
|
+
allowedActions: Set<string>;
|
|
16
|
+
blockedActions: Set<string>;
|
|
17
|
+
allowedServices: Set<string>;
|
|
18
|
+
blockedServices: Set<string>;
|
|
19
|
+
}
|
|
20
|
+
export interface NormalizedExtensionPolicy {
|
|
21
|
+
mode: ExtensionPolicyMode;
|
|
22
|
+
trustMode: ExtensionTrustMode;
|
|
23
|
+
requireProvenance: boolean;
|
|
24
|
+
trustedExtensions: Set<string>;
|
|
25
|
+
defaultSandboxProfile: ExtensionSandboxProfile;
|
|
26
|
+
allowedExtensions: Set<string>;
|
|
27
|
+
blockedExtensions: Set<string>;
|
|
28
|
+
allowedCapabilities: Set<string>;
|
|
29
|
+
blockedCapabilities: Set<string>;
|
|
30
|
+
allowedSurfaces: Set<string>;
|
|
31
|
+
blockedSurfaces: Set<string>;
|
|
32
|
+
allowedCommands: Set<string>;
|
|
33
|
+
blockedCommands: Set<string>;
|
|
34
|
+
allowedActions: Set<string>;
|
|
35
|
+
blockedActions: Set<string>;
|
|
36
|
+
allowedServices: Set<string>;
|
|
37
|
+
blockedServices: Set<string>;
|
|
38
|
+
overridesByName: Map<string, NormalizedExtensionPolicyOverride>;
|
|
39
|
+
warnings: string[];
|
|
40
|
+
}
|
|
41
|
+
export interface PolicyExtensionRef {
|
|
42
|
+
layer: ExtensionLayer;
|
|
43
|
+
name: string;
|
|
44
|
+
trusted?: boolean;
|
|
45
|
+
provenanceVerified?: boolean;
|
|
46
|
+
sandboxProfile?: ExtensionSandboxProfile;
|
|
47
|
+
permissions?: Record<string, boolean | undefined>;
|
|
48
|
+
}
|
|
49
|
+
export declare function normalizePolicySandboxProfile(value: string | undefined): ExtensionSandboxProfile;
|
|
50
|
+
export declare function normalizeExtensionPolicy(settings: PmSettings): NormalizedExtensionPolicy;
|
|
51
|
+
export declare function serializeExtensionPolicy(policy: NormalizedExtensionPolicy): ExtensionGovernancePolicy;
|
|
52
|
+
export declare function hydrateExtensionPolicy(policy: ExtensionGovernancePolicy): NormalizedExtensionPolicy;
|
|
53
|
+
export declare function evaluateExtensionPolicyForExtension(policy: NormalizedExtensionPolicy, extension: PolicyExtensionRef): {
|
|
54
|
+
allowed: boolean;
|
|
55
|
+
warning: string | null;
|
|
56
|
+
};
|
|
57
|
+
export declare function evaluateExtensionPolicyForCapability(policy: NormalizedExtensionPolicy, extension: PolicyExtensionRef, capability: string): {
|
|
58
|
+
allowed: boolean;
|
|
59
|
+
warning: string | null;
|
|
60
|
+
};
|
|
61
|
+
export declare function evaluateExtensionPolicyForRegistration(policy: NormalizedExtensionPolicy, extension: PolicyExtensionRef, surface: ExtensionPolicySurface, method: string, capability?: ExtensionCapability, details?: {
|
|
62
|
+
command?: string;
|
|
63
|
+
action?: string;
|
|
64
|
+
service?: string;
|
|
65
|
+
}): {
|
|
66
|
+
allowed: boolean;
|
|
67
|
+
warning: string | null;
|
|
68
|
+
};
|
|
69
|
+
export {};
|
|
@@ -0,0 +1,481 @@
|
|
|
1
|
+
|
|
2
|
+
!function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="3a8acf74-cc81-5417-8ee9-30d80fde2102")}catch(e){}}();
|
|
3
|
+
import { KNOWN_EXTENSION_POLICY_MODES, KNOWN_EXTENSION_POLICY_SURFACES, KNOWN_EXTENSION_SANDBOX_PROFILES, KNOWN_EXTENSION_TRUST_MODES, } from "./extension-types.js";
|
|
4
|
+
import { isKnownExtensionCapability } from "./extension-capability-aliases.js";
|
|
5
|
+
import { normalizeCommandName } from "./extension-runtime-helpers.js";
|
|
6
|
+
function normalizePolicyName(value) {
|
|
7
|
+
if (typeof value !== "string") {
|
|
8
|
+
return "";
|
|
9
|
+
}
|
|
10
|
+
return value.trim().toLowerCase();
|
|
11
|
+
}
|
|
12
|
+
function normalizePolicyStringSet(values) {
|
|
13
|
+
return new Set((values ?? [])
|
|
14
|
+
.map((value) => value.trim().toLowerCase())
|
|
15
|
+
.filter((value) => value.length > 0));
|
|
16
|
+
}
|
|
17
|
+
function normalizePolicySurfaceToken(value) {
|
|
18
|
+
const normalized = value.trim().toLowerCase();
|
|
19
|
+
if (normalized.length === 0) {
|
|
20
|
+
return "";
|
|
21
|
+
}
|
|
22
|
+
const segments = normalized
|
|
23
|
+
.split(/[.:/]/)
|
|
24
|
+
.map((segment) => segment.replace(/[\s_-]+/g, ""))
|
|
25
|
+
.filter((segment) => segment.length > 0);
|
|
26
|
+
if (segments.length === 0) {
|
|
27
|
+
return "";
|
|
28
|
+
}
|
|
29
|
+
if (segments.length === 1) {
|
|
30
|
+
return segments[0];
|
|
31
|
+
}
|
|
32
|
+
return `${segments[0]}.${segments.slice(1).join("")}`;
|
|
33
|
+
}
|
|
34
|
+
function normalizePolicySurfaceSet(values) {
|
|
35
|
+
return new Set((values ?? [])
|
|
36
|
+
.map((value) => normalizePolicySurfaceToken(value))
|
|
37
|
+
.filter((value) => value.length > 0));
|
|
38
|
+
}
|
|
39
|
+
function normalizePolicyMode(value) {
|
|
40
|
+
const normalized = normalizePolicyName(value);
|
|
41
|
+
if (KNOWN_EXTENSION_POLICY_MODES.includes(normalized)) {
|
|
42
|
+
return normalized;
|
|
43
|
+
}
|
|
44
|
+
return "off";
|
|
45
|
+
}
|
|
46
|
+
function normalizePolicyTrustMode(value) {
|
|
47
|
+
const normalized = normalizePolicyName(value);
|
|
48
|
+
if (KNOWN_EXTENSION_TRUST_MODES.includes(normalized)) {
|
|
49
|
+
return normalized;
|
|
50
|
+
}
|
|
51
|
+
return "off";
|
|
52
|
+
}
|
|
53
|
+
export function normalizePolicySandboxProfile(value) {
|
|
54
|
+
const normalized = normalizePolicyName(value);
|
|
55
|
+
if (KNOWN_EXTENSION_SANDBOX_PROFILES.includes(normalized)) {
|
|
56
|
+
return normalized;
|
|
57
|
+
}
|
|
58
|
+
return "none";
|
|
59
|
+
}
|
|
60
|
+
function toSortedList(values) {
|
|
61
|
+
return [...new Set(values)].sort((left, right) => left.localeCompare(right));
|
|
62
|
+
}
|
|
63
|
+
function buildExtensionPolicyOverride(rawOverride) {
|
|
64
|
+
const name = normalizePolicyName(rawOverride.name);
|
|
65
|
+
if (name.length === 0) {
|
|
66
|
+
return null;
|
|
67
|
+
}
|
|
68
|
+
return {
|
|
69
|
+
name,
|
|
70
|
+
normalized: {
|
|
71
|
+
name,
|
|
72
|
+
disabled: rawOverride.disabled === true,
|
|
73
|
+
requireTrusted: rawOverride.require_trusted === true,
|
|
74
|
+
requireProvenance: rawOverride.require_provenance === true,
|
|
75
|
+
sandboxProfile: rawOverride.sandbox_profile !== undefined
|
|
76
|
+
? normalizePolicySandboxProfile(rawOverride.sandbox_profile)
|
|
77
|
+
: undefined,
|
|
78
|
+
allowedCapabilities: normalizePolicyStringSet(rawOverride.allowed_capabilities),
|
|
79
|
+
blockedCapabilities: normalizePolicyStringSet(rawOverride.blocked_capabilities),
|
|
80
|
+
allowedSurfaces: normalizePolicySurfaceSet(rawOverride.allowed_surfaces),
|
|
81
|
+
blockedSurfaces: normalizePolicySurfaceSet(rawOverride.blocked_surfaces),
|
|
82
|
+
allowedCommands: normalizePolicyStringSet(rawOverride.allowed_commands),
|
|
83
|
+
blockedCommands: normalizePolicyStringSet(rawOverride.blocked_commands),
|
|
84
|
+
allowedActions: normalizePolicyStringSet(rawOverride.allowed_actions),
|
|
85
|
+
blockedActions: normalizePolicyStringSet(rawOverride.blocked_actions),
|
|
86
|
+
allowedServices: normalizePolicyStringSet(rawOverride.allowed_services),
|
|
87
|
+
blockedServices: normalizePolicyStringSet(rawOverride.blocked_services),
|
|
88
|
+
},
|
|
89
|
+
};
|
|
90
|
+
}
|
|
91
|
+
function collectExtensionPolicyOverrides(rawOverrides) {
|
|
92
|
+
const overridesByName = new Map();
|
|
93
|
+
for (const rawOverride of rawOverrides ?? []) {
|
|
94
|
+
const built = buildExtensionPolicyOverride(rawOverride);
|
|
95
|
+
if (built) {
|
|
96
|
+
overridesByName.set(built.name, built.normalized);
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
return overridesByName;
|
|
100
|
+
}
|
|
101
|
+
export function normalizeExtensionPolicy(settings) {
|
|
102
|
+
const policy = settings.extensions.policy;
|
|
103
|
+
const mode = normalizePolicyMode(policy?.mode);
|
|
104
|
+
const trustMode = normalizePolicyTrustMode(policy?.trust_mode);
|
|
105
|
+
const requireProvenance = policy?.require_provenance === true;
|
|
106
|
+
const trustedExtensions = normalizePolicyStringSet(policy?.trusted_extensions);
|
|
107
|
+
const defaultSandboxProfile = normalizePolicySandboxProfile(policy?.default_sandbox_profile);
|
|
108
|
+
const allowedExtensions = normalizePolicyStringSet(policy?.allowed_extensions);
|
|
109
|
+
const blockedExtensions = normalizePolicyStringSet(policy?.blocked_extensions);
|
|
110
|
+
const allowedCapabilities = normalizePolicyStringSet(policy?.allowed_capabilities);
|
|
111
|
+
const blockedCapabilities = normalizePolicyStringSet(policy?.blocked_capabilities);
|
|
112
|
+
const allowedSurfaces = normalizePolicySurfaceSet(policy?.allowed_surfaces);
|
|
113
|
+
const blockedSurfaces = normalizePolicySurfaceSet(policy?.blocked_surfaces);
|
|
114
|
+
const allowedCommands = normalizePolicyStringSet(policy?.allowed_commands);
|
|
115
|
+
const blockedCommands = normalizePolicyStringSet(policy?.blocked_commands);
|
|
116
|
+
const allowedActions = normalizePolicyStringSet(policy?.allowed_actions);
|
|
117
|
+
const blockedActions = normalizePolicyStringSet(policy?.blocked_actions);
|
|
118
|
+
const allowedServices = normalizePolicyStringSet(policy?.allowed_services);
|
|
119
|
+
const blockedServices = normalizePolicyStringSet(policy?.blocked_services);
|
|
120
|
+
const overridesByName = collectExtensionPolicyOverrides(policy?.extension_overrides);
|
|
121
|
+
const warnings = [];
|
|
122
|
+
for (const capability of toSortedList([...allowedCapabilities, ...blockedCapabilities])) {
|
|
123
|
+
if (!isKnownExtensionCapability(capability)) {
|
|
124
|
+
warnings.push(`extension_policy_unknown_capability:${capability}`);
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
for (const override of [...overridesByName.values()].sort((left, right) => left.name.localeCompare(right.name))) {
|
|
128
|
+
for (const capability of toSortedList([...override.allowedCapabilities, ...override.blockedCapabilities])) {
|
|
129
|
+
if (!isKnownExtensionCapability(capability)) {
|
|
130
|
+
warnings.push(`extension_policy_unknown_capability:${override.name}:${capability}`);
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
const knownSurfaces = new Set(KNOWN_EXTENSION_POLICY_SURFACES);
|
|
135
|
+
for (const surface of toSortedList([...allowedSurfaces, ...blockedSurfaces])) {
|
|
136
|
+
if (!knownSurfaces.has(surface)) {
|
|
137
|
+
warnings.push(`extension_policy_unknown_surface:${surface}`);
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
for (const override of [...overridesByName.values()].sort((left, right) => left.name.localeCompare(right.name))) {
|
|
141
|
+
for (const surface of toSortedList([...override.allowedSurfaces, ...override.blockedSurfaces])) {
|
|
142
|
+
if (!knownSurfaces.has(surface)) {
|
|
143
|
+
warnings.push(`extension_policy_unknown_surface:${override.name}:${surface}`);
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
return {
|
|
148
|
+
mode,
|
|
149
|
+
trustMode,
|
|
150
|
+
requireProvenance,
|
|
151
|
+
trustedExtensions,
|
|
152
|
+
defaultSandboxProfile,
|
|
153
|
+
allowedExtensions,
|
|
154
|
+
blockedExtensions,
|
|
155
|
+
allowedCapabilities,
|
|
156
|
+
blockedCapabilities,
|
|
157
|
+
allowedSurfaces,
|
|
158
|
+
blockedSurfaces,
|
|
159
|
+
allowedCommands,
|
|
160
|
+
blockedCommands,
|
|
161
|
+
allowedActions,
|
|
162
|
+
blockedActions,
|
|
163
|
+
allowedServices,
|
|
164
|
+
blockedServices,
|
|
165
|
+
overridesByName,
|
|
166
|
+
warnings: [...new Set(warnings)].sort((left, right) => left.localeCompare(right)),
|
|
167
|
+
};
|
|
168
|
+
}
|
|
169
|
+
export function serializeExtensionPolicy(policy) {
|
|
170
|
+
const overrides = [...policy.overridesByName.values()]
|
|
171
|
+
.sort((left, right) => left.name.localeCompare(right.name))
|
|
172
|
+
.map((override) => ({
|
|
173
|
+
name: override.name,
|
|
174
|
+
...(override.disabled ? { disabled: true } : {}),
|
|
175
|
+
...(override.requireTrusted ? { require_trusted: true } : {}),
|
|
176
|
+
...(override.requireProvenance ? { require_provenance: true } : {}),
|
|
177
|
+
...(override.sandboxProfile ? { sandbox_profile: override.sandboxProfile } : {}),
|
|
178
|
+
...(override.allowedCapabilities.size > 0 ? { allowed_capabilities: toSortedList(override.allowedCapabilities) } : {}),
|
|
179
|
+
...(override.blockedCapabilities.size > 0 ? { blocked_capabilities: toSortedList(override.blockedCapabilities) } : {}),
|
|
180
|
+
...(override.allowedSurfaces.size > 0 ? { allowed_surfaces: toSortedList(override.allowedSurfaces) } : {}),
|
|
181
|
+
...(override.blockedSurfaces.size > 0 ? { blocked_surfaces: toSortedList(override.blockedSurfaces) } : {}),
|
|
182
|
+
...(override.allowedCommands.size > 0 ? { allowed_commands: toSortedList(override.allowedCommands) } : {}),
|
|
183
|
+
...(override.blockedCommands.size > 0 ? { blocked_commands: toSortedList(override.blockedCommands) } : {}),
|
|
184
|
+
...(override.allowedActions.size > 0 ? { allowed_actions: toSortedList(override.allowedActions) } : {}),
|
|
185
|
+
...(override.blockedActions.size > 0 ? { blocked_actions: toSortedList(override.blockedActions) } : {}),
|
|
186
|
+
...(override.allowedServices.size > 0 ? { allowed_services: toSortedList(override.allowedServices) } : {}),
|
|
187
|
+
...(override.blockedServices.size > 0 ? { blocked_services: toSortedList(override.blockedServices) } : {}),
|
|
188
|
+
}));
|
|
189
|
+
return {
|
|
190
|
+
mode: policy.mode,
|
|
191
|
+
trust_mode: policy.trustMode,
|
|
192
|
+
require_provenance: policy.requireProvenance,
|
|
193
|
+
trusted_extensions: toSortedList(policy.trustedExtensions),
|
|
194
|
+
default_sandbox_profile: policy.defaultSandboxProfile,
|
|
195
|
+
allowed_extensions: toSortedList(policy.allowedExtensions),
|
|
196
|
+
blocked_extensions: toSortedList(policy.blockedExtensions),
|
|
197
|
+
allowed_capabilities: toSortedList(policy.allowedCapabilities),
|
|
198
|
+
blocked_capabilities: toSortedList(policy.blockedCapabilities),
|
|
199
|
+
allowed_surfaces: toSortedList(policy.allowedSurfaces),
|
|
200
|
+
blocked_surfaces: toSortedList(policy.blockedSurfaces),
|
|
201
|
+
allowed_commands: toSortedList(policy.allowedCommands),
|
|
202
|
+
blocked_commands: toSortedList(policy.blockedCommands),
|
|
203
|
+
allowed_actions: toSortedList(policy.allowedActions),
|
|
204
|
+
blocked_actions: toSortedList(policy.blockedActions),
|
|
205
|
+
allowed_services: toSortedList(policy.allowedServices),
|
|
206
|
+
blocked_services: toSortedList(policy.blockedServices),
|
|
207
|
+
extension_overrides: overrides,
|
|
208
|
+
};
|
|
209
|
+
}
|
|
210
|
+
export function hydrateExtensionPolicy(policy) {
|
|
211
|
+
const overridesByName = collectExtensionPolicyOverrides(policy.extension_overrides);
|
|
212
|
+
return {
|
|
213
|
+
mode: normalizePolicyMode(policy.mode),
|
|
214
|
+
trustMode: normalizePolicyTrustMode(policy.trust_mode),
|
|
215
|
+
requireProvenance: policy.require_provenance === true,
|
|
216
|
+
trustedExtensions: normalizePolicyStringSet(policy.trusted_extensions),
|
|
217
|
+
defaultSandboxProfile: normalizePolicySandboxProfile(policy.default_sandbox_profile),
|
|
218
|
+
allowedExtensions: normalizePolicyStringSet(policy.allowed_extensions),
|
|
219
|
+
blockedExtensions: normalizePolicyStringSet(policy.blocked_extensions),
|
|
220
|
+
allowedCapabilities: normalizePolicyStringSet(policy.allowed_capabilities),
|
|
221
|
+
blockedCapabilities: normalizePolicyStringSet(policy.blocked_capabilities),
|
|
222
|
+
allowedSurfaces: normalizePolicySurfaceSet(policy.allowed_surfaces),
|
|
223
|
+
blockedSurfaces: normalizePolicySurfaceSet(policy.blocked_surfaces),
|
|
224
|
+
allowedCommands: normalizePolicyStringSet(policy.allowed_commands),
|
|
225
|
+
blockedCommands: normalizePolicyStringSet(policy.blocked_commands),
|
|
226
|
+
allowedActions: normalizePolicyStringSet(policy.allowed_actions),
|
|
227
|
+
blockedActions: normalizePolicyStringSet(policy.blocked_actions),
|
|
228
|
+
allowedServices: normalizePolicyStringSet(policy.allowed_services),
|
|
229
|
+
blockedServices: normalizePolicyStringSet(policy.blocked_services),
|
|
230
|
+
overridesByName,
|
|
231
|
+
warnings: [],
|
|
232
|
+
};
|
|
233
|
+
}
|
|
234
|
+
function resolvePolicyOverride(policy, extensionName) {
|
|
235
|
+
return policy.overridesByName.get(normalizePolicyName(extensionName)) ?? null;
|
|
236
|
+
}
|
|
237
|
+
function evaluatePolicySet(allowed, blocked, value, notAllowlistedReason, blockedReason) {
|
|
238
|
+
if (blocked.has(value)) {
|
|
239
|
+
return blockedReason;
|
|
240
|
+
}
|
|
241
|
+
if (allowed.size > 0 && !allowed.has(value)) {
|
|
242
|
+
return notAllowlistedReason;
|
|
243
|
+
}
|
|
244
|
+
return null;
|
|
245
|
+
}
|
|
246
|
+
function resolvePolicyCapabilityReason(policy, extension, capability) {
|
|
247
|
+
const normalizedCapability = capability.trim().toLowerCase();
|
|
248
|
+
const override = resolvePolicyOverride(policy, extension.name);
|
|
249
|
+
const allowed = override && override.allowedCapabilities.size > 0 ? override.allowedCapabilities : policy.allowedCapabilities;
|
|
250
|
+
const blocked = new Set([
|
|
251
|
+
...policy.blockedCapabilities,
|
|
252
|
+
...(override ? override.blockedCapabilities : []),
|
|
253
|
+
]);
|
|
254
|
+
return evaluatePolicySet(allowed, blocked, normalizedCapability, "capability_not_allowlisted", "capability_blocked");
|
|
255
|
+
}
|
|
256
|
+
function resolvePolicySurfaceReason(policy, extension, surface) {
|
|
257
|
+
const override = resolvePolicyOverride(policy, extension.name);
|
|
258
|
+
const allowed = override && override.allowedSurfaces.size > 0 ? override.allowedSurfaces : policy.allowedSurfaces;
|
|
259
|
+
const blocked = new Set([
|
|
260
|
+
...policy.blockedSurfaces,
|
|
261
|
+
...(override ? override.blockedSurfaces : []),
|
|
262
|
+
]);
|
|
263
|
+
return evaluatePolicySet(allowed, blocked, surface, "surface_not_allowlisted", "surface_blocked");
|
|
264
|
+
}
|
|
265
|
+
function resolvePolicyCommandReason(policy, extension, command) {
|
|
266
|
+
const normalizedCommand = normalizeCommandName(command);
|
|
267
|
+
if (normalizedCommand.length === 0) {
|
|
268
|
+
return null;
|
|
269
|
+
}
|
|
270
|
+
const override = resolvePolicyOverride(policy, extension.name);
|
|
271
|
+
const allowed = override && override.allowedCommands.size > 0 ? override.allowedCommands : policy.allowedCommands;
|
|
272
|
+
const blocked = new Set([
|
|
273
|
+
...policy.blockedCommands,
|
|
274
|
+
...(override ? override.blockedCommands : []),
|
|
275
|
+
]);
|
|
276
|
+
return evaluatePolicySet(allowed, blocked, normalizedCommand, "command_not_allowlisted", "command_blocked");
|
|
277
|
+
}
|
|
278
|
+
function resolvePolicyActionReason(policy, extension, action) {
|
|
279
|
+
const normalizedAction = normalizePolicyName(action).replace(/\s+/g, "-");
|
|
280
|
+
if (normalizedAction.length === 0) {
|
|
281
|
+
return null;
|
|
282
|
+
}
|
|
283
|
+
const override = resolvePolicyOverride(policy, extension.name);
|
|
284
|
+
const allowed = override && override.allowedActions.size > 0 ? override.allowedActions : policy.allowedActions;
|
|
285
|
+
const blocked = new Set([
|
|
286
|
+
...policy.blockedActions,
|
|
287
|
+
...(override ? override.blockedActions : []),
|
|
288
|
+
]);
|
|
289
|
+
return evaluatePolicySet(allowed, blocked, normalizedAction, "action_not_allowlisted", "action_blocked");
|
|
290
|
+
}
|
|
291
|
+
function resolvePolicyServiceReason(policy, extension, service) {
|
|
292
|
+
const normalizedService = normalizePolicyName(service);
|
|
293
|
+
if (normalizedService.length === 0) {
|
|
294
|
+
return null;
|
|
295
|
+
}
|
|
296
|
+
const override = resolvePolicyOverride(policy, extension.name);
|
|
297
|
+
const allowed = override && override.allowedServices.size > 0 ? override.allowedServices : policy.allowedServices;
|
|
298
|
+
const blocked = new Set([
|
|
299
|
+
...policy.blockedServices,
|
|
300
|
+
...(override ? override.blockedServices : []),
|
|
301
|
+
]);
|
|
302
|
+
return evaluatePolicySet(allowed, blocked, normalizedService, "service_not_allowlisted", "service_blocked");
|
|
303
|
+
}
|
|
304
|
+
function resolvePolicyExtensionReason(policy, extension) {
|
|
305
|
+
const name = normalizePolicyName(extension.name);
|
|
306
|
+
const override = resolvePolicyOverride(policy, extension.name);
|
|
307
|
+
if (override?.disabled === true) {
|
|
308
|
+
return "extension_override_disabled";
|
|
309
|
+
}
|
|
310
|
+
return evaluatePolicySet(policy.allowedExtensions, policy.blockedExtensions, name, "extension_not_allowlisted", "extension_blocked");
|
|
311
|
+
}
|
|
312
|
+
function resolvePolicyTrustReason(policy, extension) {
|
|
313
|
+
if (policy.trustMode === "off") {
|
|
314
|
+
return null;
|
|
315
|
+
}
|
|
316
|
+
const override = resolvePolicyOverride(policy, extension.name);
|
|
317
|
+
const name = normalizePolicyName(extension.name);
|
|
318
|
+
const trusted = extension.trusted === true;
|
|
319
|
+
const provenanceVerified = extension.provenanceVerified === true;
|
|
320
|
+
if (policy.trustedExtensions.size > 0 && !policy.trustedExtensions.has(name)) {
|
|
321
|
+
return "extension_not_trusted";
|
|
322
|
+
}
|
|
323
|
+
if ((override?.requireTrusted === true || policy.trustMode === "warn" || policy.trustMode === "enforce") && !trusted) {
|
|
324
|
+
return "extension_untrusted";
|
|
325
|
+
}
|
|
326
|
+
if ((policy.requireProvenance || override?.requireProvenance === true) && !provenanceVerified) {
|
|
327
|
+
return "provenance_missing_or_unverified";
|
|
328
|
+
}
|
|
329
|
+
return null;
|
|
330
|
+
}
|
|
331
|
+
function resolvePolicySandboxReason(policy, extension) {
|
|
332
|
+
if (policy.mode === "off") {
|
|
333
|
+
return null;
|
|
334
|
+
}
|
|
335
|
+
const override = resolvePolicyOverride(policy, extension.name);
|
|
336
|
+
const profile = override?.sandboxProfile ?? extension.sandboxProfile ?? policy.defaultSandboxProfile;
|
|
337
|
+
if (profile === "none") {
|
|
338
|
+
return null;
|
|
339
|
+
}
|
|
340
|
+
const permissions = extension.permissions;
|
|
341
|
+
if (!permissions) {
|
|
342
|
+
return "sandbox_permissions_missing";
|
|
343
|
+
}
|
|
344
|
+
const hasPermission = (name) => permissions[name] === true;
|
|
345
|
+
if (profile === "restricted") {
|
|
346
|
+
if (hasPermission("process_spawn")) {
|
|
347
|
+
return "sandbox_restricted_disallows_process_spawn";
|
|
348
|
+
}
|
|
349
|
+
if (hasPermission("env_write")) {
|
|
350
|
+
return "sandbox_restricted_disallows_env_write";
|
|
351
|
+
}
|
|
352
|
+
return null;
|
|
353
|
+
}
|
|
354
|
+
if (profile === "strict") {
|
|
355
|
+
if (hasPermission("process_spawn")) {
|
|
356
|
+
return "sandbox_strict_disallows_process_spawn";
|
|
357
|
+
}
|
|
358
|
+
if (hasPermission("network")) {
|
|
359
|
+
return "sandbox_strict_disallows_network";
|
|
360
|
+
}
|
|
361
|
+
if (hasPermission("fs_write")) {
|
|
362
|
+
return "sandbox_strict_disallows_fs_write";
|
|
363
|
+
}
|
|
364
|
+
if (hasPermission("env_write")) {
|
|
365
|
+
return "sandbox_strict_disallows_env_write";
|
|
366
|
+
}
|
|
367
|
+
}
|
|
368
|
+
return null;
|
|
369
|
+
}
|
|
370
|
+
function buildPolicyWarning(mode, scope, extension, reason, details = {}) {
|
|
371
|
+
const tokens = Object.entries(details)
|
|
372
|
+
.sort((left, right) => left[0].localeCompare(right[0]))
|
|
373
|
+
.map(([key, value]) => `${key}=${value}`)
|
|
374
|
+
.join(":");
|
|
375
|
+
const suffix = tokens.length > 0 ? `:${tokens}` : "";
|
|
376
|
+
return `extension_policy_${mode}_${scope}:${extension.layer}:${extension.name}:reason=${reason}${suffix}`;
|
|
377
|
+
}
|
|
378
|
+
export function evaluateExtensionPolicyForExtension(policy, extension) {
|
|
379
|
+
if (policy.mode === "off" && policy.trustMode === "off") {
|
|
380
|
+
return { allowed: true, warning: null };
|
|
381
|
+
}
|
|
382
|
+
const reason = resolvePolicyExtensionReason(policy, extension);
|
|
383
|
+
const trustReason = resolvePolicyTrustReason(policy, extension);
|
|
384
|
+
const sandboxReason = resolvePolicySandboxReason(policy, extension);
|
|
385
|
+
const extensionEnforced = reason && policy.mode === "enforce";
|
|
386
|
+
const trustEnforced = trustReason && policy.trustMode === "enforce";
|
|
387
|
+
const sandboxEnforced = sandboxReason && policy.mode === "enforce";
|
|
388
|
+
if (!reason && !trustReason && !sandboxReason) {
|
|
389
|
+
return { allowed: true, warning: null };
|
|
390
|
+
}
|
|
391
|
+
if (extensionEnforced) {
|
|
392
|
+
return {
|
|
393
|
+
allowed: false,
|
|
394
|
+
warning: buildPolicyWarning("blocked", "extension", extension, reason),
|
|
395
|
+
};
|
|
396
|
+
}
|
|
397
|
+
if (trustEnforced) {
|
|
398
|
+
return {
|
|
399
|
+
allowed: false,
|
|
400
|
+
warning: buildPolicyWarning("blocked", "trust", extension, trustReason),
|
|
401
|
+
};
|
|
402
|
+
}
|
|
403
|
+
if (sandboxEnforced) {
|
|
404
|
+
return {
|
|
405
|
+
allowed: false,
|
|
406
|
+
warning: buildPolicyWarning("blocked", "extension", extension, sandboxReason),
|
|
407
|
+
};
|
|
408
|
+
}
|
|
409
|
+
if (reason && policy.mode === "warn") {
|
|
410
|
+
return {
|
|
411
|
+
allowed: true,
|
|
412
|
+
warning: buildPolicyWarning("violation", "extension", extension, reason),
|
|
413
|
+
};
|
|
414
|
+
}
|
|
415
|
+
if (trustReason && policy.trustMode === "warn") {
|
|
416
|
+
return {
|
|
417
|
+
allowed: true,
|
|
418
|
+
warning: buildPolicyWarning("violation", "trust", extension, trustReason),
|
|
419
|
+
};
|
|
420
|
+
}
|
|
421
|
+
if (sandboxReason && policy.mode === "warn") {
|
|
422
|
+
return {
|
|
423
|
+
allowed: true,
|
|
424
|
+
warning: buildPolicyWarning("violation", "extension", extension, sandboxReason),
|
|
425
|
+
};
|
|
426
|
+
}
|
|
427
|
+
return {
|
|
428
|
+
allowed: true,
|
|
429
|
+
warning: null,
|
|
430
|
+
};
|
|
431
|
+
}
|
|
432
|
+
export function evaluateExtensionPolicyForCapability(policy, extension, capability) {
|
|
433
|
+
if (policy.mode === "off") {
|
|
434
|
+
return { allowed: true, warning: null };
|
|
435
|
+
}
|
|
436
|
+
const reason = resolvePolicyCapabilityReason(policy, extension, capability);
|
|
437
|
+
if (!reason) {
|
|
438
|
+
return { allowed: true, warning: null };
|
|
439
|
+
}
|
|
440
|
+
return {
|
|
441
|
+
allowed: policy.mode === "warn",
|
|
442
|
+
warning: buildPolicyWarning(policy.mode === "warn" ? "violation" : "blocked", "capability", extension, reason, { capability: capability.trim().toLowerCase() }),
|
|
443
|
+
};
|
|
444
|
+
}
|
|
445
|
+
export function evaluateExtensionPolicyForRegistration(policy, extension, surface, method, capability, details) {
|
|
446
|
+
if (policy.mode === "off") {
|
|
447
|
+
return { allowed: true, warning: null };
|
|
448
|
+
}
|
|
449
|
+
const capabilityReason = typeof capability === "string" ? resolvePolicyCapabilityReason(policy, extension, capability) : null;
|
|
450
|
+
const surfaceReason = resolvePolicySurfaceReason(policy, extension, surface);
|
|
451
|
+
const commandReason = details?.command ? resolvePolicyCommandReason(policy, extension, details.command) : null;
|
|
452
|
+
const actionReason = details?.action ? resolvePolicyActionReason(policy, extension, details.action) : null;
|
|
453
|
+
const serviceReason = details?.service ? resolvePolicyServiceReason(policy, extension, details.service) : null;
|
|
454
|
+
const reason = capabilityReason ?? surfaceReason ?? commandReason ?? actionReason ?? serviceReason;
|
|
455
|
+
if (!reason) {
|
|
456
|
+
return { allowed: true, warning: null };
|
|
457
|
+
}
|
|
458
|
+
const warningDetails = {
|
|
459
|
+
method: normalizePolicyName(method).replace(/\s+/g, "_"),
|
|
460
|
+
surface,
|
|
461
|
+
};
|
|
462
|
+
if (capability) {
|
|
463
|
+
warningDetails.capability = capability;
|
|
464
|
+
}
|
|
465
|
+
if (details?.command) {
|
|
466
|
+
warningDetails.command = normalizeCommandName(details.command);
|
|
467
|
+
}
|
|
468
|
+
if (details?.action) {
|
|
469
|
+
warningDetails.action = normalizePolicyName(details.action).replace(/\s+/g, "-");
|
|
470
|
+
}
|
|
471
|
+
if (details?.service) {
|
|
472
|
+
warningDetails.service = normalizePolicyName(details.service);
|
|
473
|
+
}
|
|
474
|
+
const warning = buildPolicyWarning(policy.mode === "warn" ? "violation" : "blocked", "registration", extension, reason, warningDetails);
|
|
475
|
+
return {
|
|
476
|
+
allowed: policy.mode === "warn",
|
|
477
|
+
warning,
|
|
478
|
+
};
|
|
479
|
+
}
|
|
480
|
+
//# sourceMappingURL=extension-policy.js.map
|
|
481
|
+
//# debugId=3a8acf74-cc81-5417-8ee9-30d80fde2102
|