@urateam/core 0.1.34 → 0.1.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/audit-immutability.test.js +7 -0
- package/dist/__tests__/audit-immutability.test.js.map +1 -1
- package/dist/__tests__/review-convention-prompt.test.d.ts +2 -0
- package/dist/__tests__/review-convention-prompt.test.d.ts.map +1 -0
- package/dist/__tests__/review-convention-prompt.test.js +142 -0
- package/dist/__tests__/review-convention-prompt.test.js.map +1 -0
- package/dist/executor/prompt/templates.d.ts.map +1 -1
- package/dist/executor/prompt/templates.js +6 -3
- package/dist/executor/prompt/templates.js.map +1 -1
- package/dist/executor/review/review-prompt.d.ts.map +1 -1
- package/dist/executor/review/review-prompt.js +8 -2
- package/dist/executor/review/review-prompt.js.map +1 -1
- package/dist/security/index.d.ts +1 -1
- package/dist/security/index.d.ts.map +1 -1
- package/dist/security/index.js +1 -1
- package/dist/security/index.js.map +1 -1
- package/dist/security/review-checklist.d.ts +16 -1
- package/dist/security/review-checklist.d.ts.map +1 -1
- package/dist/security/review-checklist.js +85 -1
- package/dist/security/review-checklist.js.map +1 -1
- package/package.json +1 -1
|
@@ -70,6 +70,13 @@ describe("audit_events immutability", () => {
|
|
|
70
70
|
"packages/core/src/qa/github.ts",
|
|
71
71
|
"packages/core/src/qa/gap.ts",
|
|
72
72
|
"packages/core/src/__tests__/audit-immutability.test.ts",
|
|
73
|
+
// Tier 2: the convention-checklist text documents the
|
|
74
|
+
// `audit-bypass-undocumented` category by name (`logAuditEventUnchecked`
|
|
75
|
+
// appears as a literal in the prompt fragment, not as a call site).
|
|
76
|
+
// The grep is intentionally loose so renames to similar identifiers
|
|
77
|
+
// still trip; the allow-list entry is the right surface for "this
|
|
78
|
+
// file mentions the name but does not invoke it" exceptions.
|
|
79
|
+
"packages/core/src/security/review-checklist.ts",
|
|
73
80
|
];
|
|
74
81
|
let matches = [];
|
|
75
82
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit-immutability.test.js","sourceRoot":"","sources":["../../src/__tests__/audit-immutability.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAEzE,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;IACzC,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACxD,MAAM,OAAO,GAAG;YACd,sCAAsC;YACtC,qDAAqD;YACrD,wDAAwD;SACzD,CAAC;QAEF,MAAM,QAAQ,GAAG;YACf,iCAAiC;YACjC,iCAAiC;SAClC,CAAC;QAEF,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,YAAY,CACtB,KAAK,EACL,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,EAC9C,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,CACpC,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;YAC1D,CAAC;YAAC,MAAM,CAAC;gBACP,0DAA0D;YAC5D,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,OAAO;aACtB,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;aAClC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QAE1E,MAAM,CACJ,SAAS,EACT,2CAA2C,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAClE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAChB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mFAAmF,EAAE,GAAG,EAAE;QAC3F,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACxD,wCAAwC;QACxC,sCAAsC;QACtC,oDAAoD;QACpD,iFAAiF;QACjF,4EAA4E;QAC5E,yEAAyE;QACzE,sBAAsB;QACtB,MAAM,OAAO,GAAG;YACd,mCAAmC;YACnC,8BAA8B;YAC9B,mCAAmC;YACnC,wCAAwC;YACxC,yCAAyC;YACzC,4CAA4C;YAC5C,mDAAmD;YACnD,+CAA+C;YAC/C,uDAAuD;YACvD,mDAAmD;YACnD,sDAAsD;YACtD,oDAAoD;YACpD,sEAAsE;YACtE,6DAA6D;YAC7D,4CAA4C;YAC5C,kDAAkD;YAClD,mCAAmC;YACnC,qDAAqD;YACrD,gCAAgC;YAChC,6BAA6B;YAC7B,wDAAwD;
|
|
1
|
+
{"version":3,"file":"audit-immutability.test.js","sourceRoot":"","sources":["../../src/__tests__/audit-immutability.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAEzE,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;IACzC,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACxD,MAAM,OAAO,GAAG;YACd,sCAAsC;YACtC,qDAAqD;YACrD,wDAAwD;SACzD,CAAC;QAEF,MAAM,QAAQ,GAAG;YACf,iCAAiC;YACjC,iCAAiC;SAClC,CAAC;QAEF,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;YAC3B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,YAAY,CACtB,KAAK,EACL,CAAC,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,EAC9C,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,CACpC,CAAC;gBACF,OAAO,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;YAC1D,CAAC;YAAC,MAAM,CAAC;gBACP,0DAA0D;YAC5D,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,OAAO;aACtB,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;aAClC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QAE1E,MAAM,CACJ,SAAS,EACT,2CAA2C,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAClE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAChB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mFAAmF,EAAE,GAAG,EAAE;QAC3F,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACxD,wCAAwC;QACxC,sCAAsC;QACtC,oDAAoD;QACpD,iFAAiF;QACjF,4EAA4E;QAC5E,yEAAyE;QACzE,sBAAsB;QACtB,MAAM,OAAO,GAAG;YACd,mCAAmC;YACnC,8BAA8B;YAC9B,mCAAmC;YACnC,wCAAwC;YACxC,yCAAyC;YACzC,4CAA4C;YAC5C,mDAAmD;YACnD,+CAA+C;YAC/C,uDAAuD;YACvD,mDAAmD;YACnD,sDAAsD;YACtD,oDAAoD;YACpD,sEAAsE;YACtE,6DAA6D;YAC7D,4CAA4C;YAC5C,kDAAkD;YAClD,mCAAmC;YACnC,qDAAqD;YACrD,gCAAgC;YAChC,6BAA6B;YAC7B,wDAAwD;YACxD,sDAAsD;YACtD,yEAAyE;YACzE,oEAAoE;YACpE,oEAAoE;YACpE,kEAAkE;YAClE,6DAA6D;YAC7D,gDAAgD;SACjD,CAAC;QAEF,IAAI,OAAO,GAAa,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,YAAY,CACtB,KAAK,EACL,CAAC,MAAM,EAAE,KAAK,EAAE,wBAAwB,EAAE,IAAI,EAAE,kBAAkB,CAAC,EACnE,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,EAAE,CACpC,CAAC;YACF,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,aAAa;QACf,CAAC;QAED,MAAM,SAAS,GAAG,OAAO;aACtB,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;aAClC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC;QAE1E,MAAM,CACJ,SAAS,EACT,kDAAkD,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACzE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAChB,CAAC,CAAC,CAAC;IAEH;;;;;;;;;;;OAWG;IACH,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,MAAM,CAAC,CAAC;QACxE,MAAM,OAAO,GAAG,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACjE,MAAM,CACJ,OAAO,CAAC,MAAM,EACd,2FAA2F,CAC5F,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACV,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,MAAM,CAAC;QACnD,MAAM,CACJ,UAAU,EACV,mBAAmB,UAAU,8CAA8C,MAAM,oDAAoD,CACtI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACjB,CAAC,CAAC,CAAC;IAEH;;;;;;;;OAQG;IACH,EAAE,CAAC,+EAA+E,EAAE,GAAG,EAAE;QACvF,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,MAAM,CAAC,CAAC;QACxE,MAAM,OAAO,GAAG,CAAC,GAAG,QAAQ,CAAC,QAAQ,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACjE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,CAAC,sCAAsC;QACxE,MAAM,CACJ,OAAO,CAAC,MAAM,EACd,+DAA+D,CAChE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACV,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,MAAM,CAAC;QACnD,MAAM,CACJ,UAAU,EACV,mBAAmB,UAAU,8CAA8C,MAAM,GAAG,CACrF,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACjB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"review-convention-prompt.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/review-convention-prompt.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,142 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tier 2 — convention-checklist review prompt.
|
|
3
|
+
*
|
|
4
|
+
* The review-stage prompt is augmented with a 9-category project-convention
|
|
5
|
+
* checklist drawn from CLAUDE.md. The review agent uses these categories
|
|
6
|
+
* verbatim in its `ReviewFinding[]` output, so the existing draft-PR /
|
|
7
|
+
* review-fix loop machinery picks them up as blocking findings just like
|
|
8
|
+
* the security categories.
|
|
9
|
+
*
|
|
10
|
+
* This test verifies the prompt assembly contains every category by name,
|
|
11
|
+
* the categories list in REVIEW_OUTPUT_FORMAT is exhaustive, and the
|
|
12
|
+
* checklist text itself is non-empty.
|
|
13
|
+
*/
|
|
14
|
+
import { describe, it, expect } from "vitest";
|
|
15
|
+
import { reviewTemplate } from "../executor/prompt/templates.js";
|
|
16
|
+
import { PROJECT_CONVENTION_CHECKLIST, REVIEW_OUTPUT_FORMAT, } from "../security/review-checklist.js";
|
|
17
|
+
const TIER_2_CATEGORIES = [
|
|
18
|
+
"scratch-files",
|
|
19
|
+
"db-ddl-drift",
|
|
20
|
+
"audit-bypass-undocumented",
|
|
21
|
+
"credential-in-interface",
|
|
22
|
+
"spec-vs-impl",
|
|
23
|
+
"convention-execfile",
|
|
24
|
+
"convention-console",
|
|
25
|
+
"convention-throw",
|
|
26
|
+
"convention-as-any",
|
|
27
|
+
];
|
|
28
|
+
const stubIssue = {
|
|
29
|
+
id: "BEC-999",
|
|
30
|
+
slug: "test-issue",
|
|
31
|
+
title: "test issue",
|
|
32
|
+
description: "fixture",
|
|
33
|
+
acceptanceCriteria: [],
|
|
34
|
+
labels: ["auto-implement"],
|
|
35
|
+
priority: 0,
|
|
36
|
+
};
|
|
37
|
+
const stubRepo = {
|
|
38
|
+
url: "https://example.invalid/repo.git",
|
|
39
|
+
defaultBranch: "main",
|
|
40
|
+
testCommand: "pnpm test",
|
|
41
|
+
buildCommand: "pnpm build",
|
|
42
|
+
provider: "github",
|
|
43
|
+
};
|
|
44
|
+
describe("PROJECT_CONVENTION_CHECKLIST — exported and non-empty", () => {
|
|
45
|
+
it("is a non-empty string", () => {
|
|
46
|
+
expect(typeof PROJECT_CONVENTION_CHECKLIST).toBe("string");
|
|
47
|
+
expect(PROJECT_CONVENTION_CHECKLIST.length).toBeGreaterThan(200);
|
|
48
|
+
});
|
|
49
|
+
it("mentions all 9 Tier 2 categories by exact name", () => {
|
|
50
|
+
for (const cat of TIER_2_CATEGORIES) {
|
|
51
|
+
expect(PROJECT_CONVENTION_CHECKLIST, `category "${cat}" must be named verbatim in the checklist`).toContain(cat);
|
|
52
|
+
}
|
|
53
|
+
});
|
|
54
|
+
it("names the failure modes the autonomous pipeline has actually shipped (PR #258 scratch files, PR #254 spec-vs-impl, etc.)", () => {
|
|
55
|
+
// These are contextual references the brief calls out — anchor the
|
|
56
|
+
// checklist to real incidents so the agent has explicit framing.
|
|
57
|
+
expect(PROJECT_CONVENTION_CHECKLIST).toMatch(/scratch|FINAL_|TESTING_|TEST_/);
|
|
58
|
+
expect(PROJECT_CONVENTION_CHECKLIST).toMatch(/execFile/);
|
|
59
|
+
expect(PROJECT_CONVENTION_CHECKLIST).toMatch(/createLogger|console\.log/);
|
|
60
|
+
expect(PROJECT_CONVENTION_CHECKLIST).toMatch(/failPipeline|throw/);
|
|
61
|
+
expect(PROJECT_CONVENTION_CHECKLIST).toMatch(/AnyDb|as any/);
|
|
62
|
+
});
|
|
63
|
+
});
|
|
64
|
+
describe("REVIEW_OUTPUT_FORMAT — enumerates the new categories", () => {
|
|
65
|
+
it("lists every Tier 2 category in the allowed-values block", () => {
|
|
66
|
+
for (const cat of TIER_2_CATEGORIES) {
|
|
67
|
+
expect(REVIEW_OUTPUT_FORMAT, `category "${cat}" must be listed as a valid value in REVIEW_OUTPUT_FORMAT`).toContain(cat);
|
|
68
|
+
}
|
|
69
|
+
});
|
|
70
|
+
});
|
|
71
|
+
describe("reviewTemplate — assembles the convention checklist into the prompt", () => {
|
|
72
|
+
it("includes PROJECT_CONVENTION_CHECKLIST verbatim", () => {
|
|
73
|
+
const prompt = reviewTemplate(stubIssue, stubRepo);
|
|
74
|
+
expect(prompt).toContain(PROJECT_CONVENTION_CHECKLIST);
|
|
75
|
+
});
|
|
76
|
+
it("includes every Tier 2 category name", () => {
|
|
77
|
+
const prompt = reviewTemplate(stubIssue, stubRepo);
|
|
78
|
+
for (const cat of TIER_2_CATEGORIES) {
|
|
79
|
+
expect(prompt, `category "${cat}" must appear in the assembled prompt`).toContain(cat);
|
|
80
|
+
}
|
|
81
|
+
});
|
|
82
|
+
it("still includes SECURITY_REVIEW_CHECKLIST (additive, not replacement)", () => {
|
|
83
|
+
const prompt = reviewTemplate(stubIssue, stubRepo);
|
|
84
|
+
expect(prompt).toContain("SQL injection");
|
|
85
|
+
expect(prompt).toContain("XSS");
|
|
86
|
+
});
|
|
87
|
+
it("includes REVIEW_OUTPUT_FORMAT (anchor for the structured-output parser)", () => {
|
|
88
|
+
// The template uses `${REVIEW_OUTPUT_FORMAT}` then `.trim()` on the whole
|
|
89
|
+
// string, which strips the constant's trailing newline. Compare against
|
|
90
|
+
// the trimmed value so the assertion catches both missing-interpolation
|
|
91
|
+
// and accidental-removal but tolerates the .trim().
|
|
92
|
+
const prompt = reviewTemplate(stubIssue, stubRepo);
|
|
93
|
+
expect(prompt).toContain(REVIEW_OUTPUT_FORMAT.trim());
|
|
94
|
+
});
|
|
95
|
+
});
|
|
96
|
+
describe("OpenRouter fanout prompt — includes the convention checklist + enumerates Tier 2 categories", () => {
|
|
97
|
+
it("buildReviewPrompt's system message includes PROJECT_CONVENTION_CHECKLIST", async () => {
|
|
98
|
+
const { buildReviewPrompt } = await import("../executor/review/review-prompt.js");
|
|
99
|
+
const built = buildReviewPrompt({
|
|
100
|
+
handoff: {
|
|
101
|
+
runId: "r1",
|
|
102
|
+
issueId: "i1",
|
|
103
|
+
stage: "review",
|
|
104
|
+
timestamp: new Date().toISOString(),
|
|
105
|
+
summary: "stub",
|
|
106
|
+
filesChanged: [],
|
|
107
|
+
approach: "stub",
|
|
108
|
+
context: { issueIntent: "stub", constraints: [], assumptions: [] },
|
|
109
|
+
tokenBudget: { contextTokensUsed: 0, recommendedMaxTurns: 1 },
|
|
110
|
+
},
|
|
111
|
+
diff: "",
|
|
112
|
+
files: [],
|
|
113
|
+
maxInputTokens: 8000,
|
|
114
|
+
});
|
|
115
|
+
const system = built.messages.find((m) => m.role === "system");
|
|
116
|
+
expect(system?.content).toContain(PROJECT_CONVENTION_CHECKLIST);
|
|
117
|
+
});
|
|
118
|
+
it("buildReviewPrompt's system message enumerates every Tier 2 category", async () => {
|
|
119
|
+
const { buildReviewPrompt } = await import("../executor/review/review-prompt.js");
|
|
120
|
+
const built = buildReviewPrompt({
|
|
121
|
+
handoff: {
|
|
122
|
+
runId: "r1",
|
|
123
|
+
issueId: "i1",
|
|
124
|
+
stage: "review",
|
|
125
|
+
timestamp: new Date().toISOString(),
|
|
126
|
+
summary: "stub",
|
|
127
|
+
filesChanged: [],
|
|
128
|
+
approach: "stub",
|
|
129
|
+
context: { issueIntent: "stub", constraints: [], assumptions: [] },
|
|
130
|
+
tokenBudget: { contextTokensUsed: 0, recommendedMaxTurns: 1 },
|
|
131
|
+
},
|
|
132
|
+
diff: "",
|
|
133
|
+
files: [],
|
|
134
|
+
maxInputTokens: 8000,
|
|
135
|
+
});
|
|
136
|
+
const system = built.messages.find((m) => m.role === "system")?.content ?? "";
|
|
137
|
+
for (const cat of TIER_2_CATEGORIES) {
|
|
138
|
+
expect(system, `fanout system prompt must mention category "${cat}"`).toContain(cat);
|
|
139
|
+
}
|
|
140
|
+
});
|
|
141
|
+
});
|
|
142
|
+
//# sourceMappingURL=review-convention-prompt.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"review-convention-prompt.test.js","sourceRoot":"","sources":["../../src/__tests__/review-convention-prompt.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACjE,OAAO,EACL,4BAA4B,EAC5B,oBAAoB,GACrB,MAAM,iCAAiC,CAAC;AAGzC,MAAM,iBAAiB,GAAG;IACxB,eAAe;IACf,cAAc;IACd,2BAA2B;IAC3B,yBAAyB;IACzB,cAAc;IACd,qBAAqB;IACrB,oBAAoB;IACpB,kBAAkB;IAClB,mBAAmB;CACX,CAAC;AAEX,MAAM,SAAS,GAAmB;IAChC,EAAE,EAAE,SAAS;IACb,IAAI,EAAE,YAAY;IAClB,KAAK,EAAE,YAAY;IACnB,WAAW,EAAE,SAAS;IACtB,kBAAkB,EAAE,EAAE;IACtB,MAAM,EAAE,CAAC,gBAAgB,CAAC;IAC1B,QAAQ,EAAE,CAAC;CACZ,CAAC;AAEF,MAAM,QAAQ,GAAe;IAC3B,GAAG,EAAE,kCAAkC;IACvC,aAAa,EAAE,MAAM;IACrB,WAAW,EAAE,WAAW;IACxB,YAAY,EAAE,YAAY;IAC1B,QAAQ,EAAE,QAAQ;CACnB,CAAC;AAEF,QAAQ,CAAC,uDAAuD,EAAE,GAAG,EAAE;IACrE,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;QAC/B,MAAM,CAAC,OAAO,4BAA4B,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3D,MAAM,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,KAAK,MAAM,GAAG,IAAI,iBAAiB,EAAE,CAAC;YACpC,MAAM,CACJ,4BAA4B,EAC5B,aAAa,GAAG,2CAA2C,CAC5D,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0HAA0H,EAAE,GAAG,EAAE;QAClI,mEAAmE;QACnE,iEAAiE;QACjE,MAAM,CAAC,4BAA4B,CAAC,CAAC,OAAO,CAAC,+BAA+B,CAAC,CAAC;QAC9E,MAAM,CAAC,4BAA4B,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACzD,MAAM,CAAC,4BAA4B,CAAC,CAAC,OAAO,CAAC,2BAA2B,CAAC,CAAC;QAC1E,MAAM,CAAC,4BAA4B,CAAC,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;QACnE,MAAM,CAAC,4BAA4B,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;IAC/D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,sDAAsD,EAAE,GAAG,EAAE;IACpE,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,KAAK,MAAM,GAAG,IAAI,iBAAiB,EAAE,CAAC;YACpC,MAAM,CACJ,oBAAoB,EACpB,aAAa,GAAG,2DAA2D,CAC5E,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,qEAAqE,EAAE,GAAG,EAAE;IACnF,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACnD,KAAK,MAAM,GAAG,IAAI,iBAAiB,EAAE,CAAC;YACpC,MAAM,CAAC,MAAM,EAAE,aAAa,GAAG,uCAAuC,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACzF,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sEAAsE,EAAE,GAAG,EAAE;QAC9E,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAC1C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yEAAyE,EAAE,GAAG,EAAE;QACjF,0EAA0E;QAC1E,wEAAwE;QACxE,wEAAwE;QACxE,oDAAoD;QACpD,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACnD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,6FAA6F,EAAE,GAAG,EAAE;IAC3G,EAAE,CAAC,0EAA0E,EAAE,KAAK,IAAI,EAAE;QACxF,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,qCAAqC,CAAC,CAAC;QAClF,MAAM,KAAK,GAAG,iBAAiB,CAAC;YAC9B,OAAO,EAAE;gBACP,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,IAAI;gBACb,KAAK,EAAE,QAAQ;gBACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,OAAO,EAAE,MAAM;gBACf,YAAY,EAAE,EAAE;gBAChB,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE;gBAClE,WAAW,EAAE,EAAE,iBAAiB,EAAE,CAAC,EAAE,mBAAmB,EAAE,CAAC,EAAE;aAC9D;YACD,IAAI,EAAE,EAAE;YACR,KAAK,EAAE,EAAE;YACT,cAAc,EAAE,IAAI;SACrB,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC;QAC/D,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,qCAAqC,CAAC,CAAC;QAClF,MAAM,KAAK,GAAG,iBAAiB,CAAC;YAC9B,OAAO,EAAE;gBACP,KAAK,EAAE,IAAI;gBACX,OAAO,EAAE,IAAI;gBACb,KAAK,EAAE,QAAQ;gBACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACnC,OAAO,EAAE,MAAM;gBACf,YAAY,EAAE,EAAE;gBAChB,QAAQ,EAAE,MAAM;gBAChB,OAAO,EAAE,EAAE,WAAW,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE;gBAClE,WAAW,EAAE,EAAE,iBAAiB,EAAE,CAAC,EAAE,mBAAmB,EAAE,CAAC,EAAE;aAC9D;YACD,IAAI,EAAE,EAAE;YACR,KAAK,EAAE,EAAE;YACT,cAAc,EAAE,IAAI;SACrB,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,EAAE,OAAO,IAAI,EAAE,CAAC;QAC9E,KAAK,MAAM,GAAG,IAAI,iBAAiB,EAAE,CAAC;YACpC,MAAM,CAAC,MAAM,EAAE,+CAA+C,GAAG,GAAG,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACvF,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../../../src/executor/prompt/templates.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,cAAc,EACd,UAAU,EACV,eAAe,EACf,qBAAqB,EAErB,oBAAoB,EACrB,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"templates.d.ts","sourceRoot":"","sources":["../../../src/executor/prompt/templates.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,cAAc,EACd,UAAU,EACV,eAAe,EACf,qBAAqB,EAErB,oBAAoB,EACrB,MAAM,gBAAgB,CAAC;AAYxB;;;;GAIG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAQ9C;AAMD;;GAEG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,cAAc,GAAG,MAAM,CAyB5D;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,CAOzD;AAKD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,OAAO,CAAC,EAAE,eAAe,GAAG,MAAM,CA4C9D;AAuBD;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,CAAC,EAAE,qBAAqB,GAAG,MAAM,CA4B5E;AAMD,wBAAgB,cAAc,CAC5B,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,UAAU,EAChB,OAAO,CAAC,EAAE,eAAe,GACxB,MAAM,CAeR;AAED,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,UAAU,EAChB,OAAO,CAAC,EAAE,eAAe,GACxB,MAAM,CAcR;AAED,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,UAAU,EAChB,OAAO,CAAC,EAAE,eAAe,EACzB,cAAc,CAAC,EAAE,qBAAqB,EACtC,aAAa,CAAC,EAAE,oBAAoB,GACnC,MAAM,CAiFR;AAED,wBAAgB,YAAY,CAC1B,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,UAAU,EAChB,OAAO,CAAC,EAAE,eAAe,GACxB,MAAM,CAgBR;AAED,wBAAgB,cAAc,CAC5B,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,UAAU,EAChB,OAAO,CAAC,EAAE,eAAe,GACxB,MAAM,CAwBR"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { SECURITY_REVIEW_CHECKLIST, REVIEW_OUTPUT_FORMAT, } from "../../security/review-checklist.js";
|
|
1
|
+
import { SECURITY_REVIEW_CHECKLIST, PROJECT_CONVENTION_CHECKLIST, REVIEW_OUTPUT_FORMAT, } from "../../security/review-checklist.js";
|
|
2
2
|
import { sanitize } from "./sanitizer.js";
|
|
3
3
|
// ---------------------------------------------------------------------------
|
|
4
4
|
// XML-escape helper (prevents reviewer content from breaking prompt structure)
|
|
@@ -292,9 +292,12 @@ ${handoffBlock(handoff)}
|
|
|
292
292
|
|
|
293
293
|
${SECURITY_REVIEW_CHECKLIST}
|
|
294
294
|
|
|
295
|
+
${PROJECT_CONVENTION_CHECKLIST}
|
|
296
|
+
|
|
295
297
|
Instructions:
|
|
296
|
-
- Review all changed files for correctness, style,
|
|
297
|
-
- Apply the security checklist
|
|
298
|
+
- Review all changed files for correctness, style, security, AND adherence to the Project Convention Checklist above.
|
|
299
|
+
- Apply the security checklist to every change.
|
|
300
|
+
- Apply the Tier 2 convention checklist to every change. The 9 categories (scratch-files, db-ddl-drift, audit-bypass-undocumented, credential-in-interface, spec-vs-impl, convention-execfile, convention-console, convention-throw, convention-as-any) are blocking-severity by default — use them verbatim in your \`ReviewFinding.category\` field so operators see one consistent vocabulary across the deterministic gates (Tiers 1a/1b/1c) and your findings.
|
|
298
301
|
- IMPORTANT: Cross-reference the implementation against the acceptance criteria listed in the issue data above. For each criterion, verify there is corresponding code in the diff. If any acceptance criterion is NOT addressed by the code changes, report it as a blocking finding with category "incomplete-implementation".
|
|
299
302
|
- DEAD CODE CHECK: For every new export (function, class, constant) in the changed files, use Grep to check if it is imported and called from at least one file other than its own test file. Re-exports in index/barrel files do NOT count as callers — there must be an actual invocation. Exception: side-effect-only registrations that run at import time are acceptable. If a new export has no callers outside its definition and test files, report it as a BLOCKING finding with category "dead-code" — the implementation is not wired into the pipeline and will have no effect at runtime.
|
|
300
303
|
- DOCUMENTATION CHECK: If the changes introduce new configuration options, CLI flags, environment variables, or change existing behavior, check whether CLAUDE.md, README.md, or deploy/README.md were updated. If documentation was not updated, report it as a warning finding with category "missing-documentation".
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"templates.js","sourceRoot":"","sources":["../../../src/executor/prompt/templates.ts"],"names":[],"mappings":"AAQA,OAAO,EACL,yBAAyB,EACzB,oBAAoB,GACrB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,8EAA8E;AAC9E,+EAA+E;AAC/E,8EAA8E;AAE9E;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,OAAO,IAAI;SACR,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AAC1B,CAAC;AAED,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,KAAqB;IAClD,OAAO;;;;;YAKG,KAAK,CAAC,EAAE;SACX,KAAK,CAAC,KAAK;YACR,KAAK,CAAC,QAAQ;UAChB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM;;;EAGzC,KAAK,CAAC,WAAW;;;EAGjB,CAAC,GAAG,EAAE;QACJ,MAAM,WAAW,GAAG,CAAC,CAAC;QACtB,MAAM,QAAQ,GAAG,KAAK,CAAC,kBAAkB,IAAI,EAAE,CAAC;QAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,MAAM,CAAC;QACzC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7E,OAAO,QAAQ,CAAC,MAAM,GAAG,WAAW;YAClC,CAAC,CAAC,KAAK,GAAG,eAAe,QAAQ,CAAC,MAAM,GAAG,WAAW,0BAA0B;YAChF,CAAC,CAAC,KAAK,CAAC;IACZ,CAAC,CAAC,EAAE;cACQ,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAgB;IAC/C,OAAO;cACK,IAAI,CAAC,GAAG;kBACJ,IAAI,CAAC,aAAa;gBACpB,IAAI,CAAC,WAAW;iBACf,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,qBAAqB,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,wBAAwB,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE;gBACpL,CAAC;AACjB,CAAC;AAED,iKAAiK;AACjK,MAAM,wBAAwB,GAAG,GAAG,CAAC;AAErC;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,OAAyB;IACpD,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IAExB,6EAA6E;IAC7E,4EAA4E;IAC5E,sDAAsD;IACtD,MAAM,aAAa,GAAG,CAAC,CAAS,EAAE,EAAE,CAClC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,8BAA8B,EAAE,2BAA2B,CAAC,CAAC;IAEnF,IAAI,KAAK,GAAG;;;SAGL,OAAO,CAAC,KAAK;WACX,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC;YAC7B,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC;iBAC1B,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM;eAC9D,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM;eACnE,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,EAAE,CAAC;IAEnF,IAAI,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAChC,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;QACvC,KAAK,IAAI,mBAAmB,EAAE,CAAC,MAAM,YAAY,EAAE,CAAC,MAAM,SAAS,CAAC;QACpE,IAAI,EAAE,CAAC,YAAY,EAAE,CAAC;YACpB,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,MAAM,GAAG,wBAAwB;gBAC1E,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,wBAAwB,CAAC,GAAG,aAAa;gBAC1E,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC;YAC1B,KAAK,IAAI,oBAAoB,aAAa,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,aAAa,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,aAAa,CAAC,YAAY,CAAC,EAAE,CAAC;QAChJ,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,IAAI,EAAE,CAAC;IACtG,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,YAAY,GAAG,gBAAgB,CAAC,GAAG,CACvC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,MAAM,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,UAAU,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAC3J,CAAC;QACF,KAAK,IAAI,+BAA+B,gBAAgB,CAAC,MAAM,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAChG,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,gBAAgB,CAAC,MAAM,CAAC;QACxF,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAChB,KAAK,IAAI,QAAQ,OAAO,iCAAiC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,KAAK,IAAI,6BAA6B,CAAC;IACvC,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,OAAsB,EAAE,KAAa;IAC1D,MAAM,QAAQ,GACZ,OAAO,CAAC,IAAI;QACV,CAAC,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;QAC/E,CAAC,CAAC,SAAS,CAAC;IAEhB,IAAI,KAAK,GAAG,eAAe,KAAK,GAAG,CAAC,KAAK,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;YAC1F,QAAQ;EAClB,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;IAE1B,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,KAAK,IAAI,kCAAkC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;IACnF,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgC;IAClE,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IAEzB,IAAI,KAAK,GAAG;;;MAGR,QAAQ,CAAC,KAAK;UACV,QAAQ,CAAC,QAAQ,EAAE,CAAC;IAE5B,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QACxB,KAAK,IAAI,gCAAgC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;IAC5E,CAAC;IAED,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;QAC7B,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;QACpC,KAAK,IAAI;EACX,SAAS,CAAC,EAAE,CAAC,OAAO,CAAC;YACX,SAAS,CAAC,EAAE,CAAC,QAAQ,CAAC;iBACjB,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,KAAK,IAAI,+BAA+B,QAAQ,CAAC,QAAQ,CAAC,MAAM,YAAY,CAAC;QAC7E,KAAK,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACpF,CAAC;IAED,KAAK,IAAI,sBAAsB,CAAC;IAChC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,MAAM,UAAU,cAAc,CAC5B,KAAqB,EACrB,IAAgB,EAChB,OAAyB;IAEzB,OAAO;;EAEP,cAAc,CAAC,KAAK,CAAC;;EAErB,gBAAgB,CAAC,IAAI,CAAC;;EAEtB,YAAY,CAAC,OAAO,CAAC;;;;;;;CAOtB,CAAC,IAAI,EAAE,CAAC;AACT,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,KAAqB,EACrB,IAAgB,EAChB,OAAyB;IAEzB,OAAO;;EAEP,cAAc,CAAC,KAAK,CAAC;;EAErB,gBAAgB,CAAC,IAAI,CAAC;;EAEtB,YAAY,CAAC,OAAO,CAAC;;;;;;CAMtB,CAAC,IAAI,EAAE,CAAC;AACT,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,KAAqB,EACrB,IAAgB,EAChB,OAAyB,EACzB,cAAsC,EACtC,aAAoC;IAEpC,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,oGAAoG,aAAa,CAAC,aAAa;;EAExI,gBAAgB,CAAC,IAAI,CAAC;;;;;;;;;;;;CAYvB,CAAC,IAAI,EAAE,CAAC;IACP,CAAC;IAED,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO;;EAET,cAAc,CAAC,KAAK,CAAC;;EAErB,gBAAgB,CAAC,IAAI,CAAC;;EAEtB,mBAAmB,CAAC,cAAc,CAAC;;EAEnC,YAAY,CAAC,OAAO,CAAC;;;kCAGW,cAAc,CAAC,QAAQ;6DACI,IAAI,CAAC,aAAa,mCAAmC,IAAI,CAAC,aAAa;;+DAErE,KAAK,CAAC,EAAE;+BACxC,cAAc,CAAC,QAAQ;kIAC4E,IAAI,CAAC,YAAY,aAAa,IAAI,CAAC,WAAW;;;;;;;CAO/K,CAAC,IAAI,EAAE,CAAC;IACP,CAAC;IAED,OAAO;;EAEP,cAAc,CAAC,KAAK,CAAC;;EAErB,gBAAgB,CAAC,IAAI,CAAC;;EAEtB,YAAY,CAAC,OAAO,CAAC;;;iCAGU,KAAK,CAAC,EAAE,IAAI,KAAK,CAAC,IAAI;;2BAE5B,IAAI,CAAC,YAAY;0BAClB,IAAI,CAAC,WAAW;;;;;;;;;;;;;;;;;EAiBxC,CAAC,KAAK,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,sCAAsC;;;;;CAK1H,CAAC,IAAI,EAAE,CAAC;AACT,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,KAAqB,EACrB,IAAgB,EAChB,OAAyB;IAEzB,OAAO;;EAEP,cAAc,CAAC,KAAK,CAAC;;EAErB,gBAAgB,CAAC,IAAI,CAAC;;EAEtB,YAAY,CAAC,OAAO,CAAC;;;6BAGM,IAAI,CAAC,WAAW;;;;;CAK5C,CAAC,IAAI,EAAE,CAAC;AACT,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,KAAqB,EACrB,IAAgB,EAChB,OAAyB;IAEzB,OAAO;;EAEP,cAAc,CAAC,KAAK,CAAC;;EAErB,gBAAgB,CAAC,IAAI,CAAC;;EAEtB,YAAY,CAAC,OAAO,CAAC;;EAErB,yBAAyB
|
|
1
|
+
{"version":3,"file":"templates.js","sourceRoot":"","sources":["../../../src/executor/prompt/templates.ts"],"names":[],"mappings":"AAQA,OAAO,EACL,yBAAyB,EACzB,4BAA4B,EAC5B,oBAAoB,GACrB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAE1C,8EAA8E;AAC9E,+EAA+E;AAC/E,8EAA8E;AAE9E;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,OAAO,IAAI;SACR,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AAC1B,CAAC;AAED,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,KAAqB;IAClD,OAAO;;;;;YAKG,KAAK,CAAC,EAAE;SACX,KAAK,CAAC,KAAK;YACR,KAAK,CAAC,QAAQ;UAChB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM;;;EAGzC,KAAK,CAAC,WAAW;;;EAGjB,CAAC,GAAG,EAAE;QACJ,MAAM,WAAW,GAAG,CAAC,CAAC;QACtB,MAAM,QAAQ,GAAG,KAAK,CAAC,kBAAkB,IAAI,EAAE,CAAC;QAChD,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,MAAM,CAAC;QACzC,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7E,OAAO,QAAQ,CAAC,MAAM,GAAG,WAAW;YAClC,CAAC,CAAC,KAAK,GAAG,eAAe,QAAQ,CAAC,MAAM,GAAG,WAAW,0BAA0B;YAChF,CAAC,CAAC,KAAK,CAAC;IACZ,CAAC,CAAC,EAAE;cACQ,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAgB;IAC/C,OAAO;cACK,IAAI,CAAC,GAAG;kBACJ,IAAI,CAAC,aAAa;gBACpB,IAAI,CAAC,WAAW;iBACf,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,qBAAqB,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,wBAAwB,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE;gBACpL,CAAC;AACjB,CAAC;AAED,iKAAiK;AACjK,MAAM,wBAAwB,GAAG,GAAG,CAAC;AAErC;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,OAAyB;IACpD,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAC;IAExB,6EAA6E;IAC7E,4EAA4E;IAC5E,sDAAsD;IACtD,MAAM,aAAa,GAAG,CAAC,CAAS,EAAE,EAAE,CAClC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,8BAA8B,EAAE,2BAA2B,CAAC,CAAC;IAEnF,IAAI,KAAK,GAAG;;;SAGL,OAAO,CAAC,KAAK;WACX,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC;YAC7B,aAAa,CAAC,OAAO,CAAC,QAAQ,CAAC;iBAC1B,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM;eAC9D,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM;eACnE,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,EAAE,CAAC;IAEnF,IAAI,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QAChC,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;QACvC,KAAK,IAAI,mBAAmB,EAAE,CAAC,MAAM,YAAY,EAAE,CAAC,MAAM,SAAS,CAAC;QACpE,IAAI,EAAE,CAAC,YAAY,EAAE,CAAC;YACpB,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,MAAM,GAAG,wBAAwB;gBAC1E,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,wBAAwB,CAAC,GAAG,aAAa;gBAC1E,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC;YAC1B,KAAK,IAAI,oBAAoB,aAAa,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,aAAa,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,MAAM,aAAa,CAAC,YAAY,CAAC,EAAE,CAAC;QAChJ,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,IAAI,EAAE,CAAC;IACtG,IAAI,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAChC,MAAM,YAAY,GAAG,gBAAgB,CAAC,GAAG,CACvC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,MAAM,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,UAAU,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAC3J,CAAC;QACF,KAAK,IAAI,+BAA+B,gBAAgB,CAAC,MAAM,OAAO,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAChG,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,EAAE,MAAM,IAAI,CAAC,CAAC,GAAG,gBAAgB,CAAC,MAAM,CAAC;QACxF,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAChB,KAAK,IAAI,QAAQ,OAAO,iCAAiC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,KAAK,IAAI,6BAA6B,CAAC;IACvC,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,OAAsB,EAAE,KAAa;IAC1D,MAAM,QAAQ,GACZ,OAAO,CAAC,IAAI;QACV,CAAC,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE;QAC/E,CAAC,CAAC,SAAS,CAAC;IAEhB,IAAI,KAAK,GAAG,eAAe,KAAK,GAAG,CAAC,KAAK,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC;YAC1F,QAAQ;EAClB,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;IAE1B,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;QACrB,KAAK,IAAI,kCAAkC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;IACnF,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgC;IAClE,IAAI,CAAC,QAAQ;QAAE,OAAO,EAAE,CAAC;IAEzB,IAAI,KAAK,GAAG;;;MAGR,QAAQ,CAAC,KAAK;UACV,QAAQ,CAAC,QAAQ,EAAE,CAAC;IAE5B,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QACxB,KAAK,IAAI,gCAAgC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;IAC5E,CAAC;IAED,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;QAC7B,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;QACpC,KAAK,IAAI;EACX,SAAS,CAAC,EAAE,CAAC,OAAO,CAAC;YACX,SAAS,CAAC,EAAE,CAAC,QAAQ,CAAC;iBACjB,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,KAAK,IAAI,+BAA+B,QAAQ,CAAC,QAAQ,CAAC,MAAM,YAAY,CAAC;QAC7E,KAAK,IAAI,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACpF,CAAC;IAED,KAAK,IAAI,sBAAsB,CAAC;IAChC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,MAAM,UAAU,cAAc,CAC5B,KAAqB,EACrB,IAAgB,EAChB,OAAyB;IAEzB,OAAO;;EAEP,cAAc,CAAC,KAAK,CAAC;;EAErB,gBAAgB,CAAC,IAAI,CAAC;;EAEtB,YAAY,CAAC,OAAO,CAAC;;;;;;;CAOtB,CAAC,IAAI,EAAE,CAAC;AACT,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,KAAqB,EACrB,IAAgB,EAChB,OAAyB;IAEzB,OAAO;;EAEP,cAAc,CAAC,KAAK,CAAC;;EAErB,gBAAgB,CAAC,IAAI,CAAC;;EAEtB,YAAY,CAAC,OAAO,CAAC;;;;;;CAMtB,CAAC,IAAI,EAAE,CAAC;AACT,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,KAAqB,EACrB,IAAgB,EAChB,OAAyB,EACzB,cAAsC,EACtC,aAAoC;IAEpC,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,oGAAoG,aAAa,CAAC,aAAa;;EAExI,gBAAgB,CAAC,IAAI,CAAC;;;;;;;;;;;;CAYvB,CAAC,IAAI,EAAE,CAAC;IACP,CAAC;IAED,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO;;EAET,cAAc,CAAC,KAAK,CAAC;;EAErB,gBAAgB,CAAC,IAAI,CAAC;;EAEtB,mBAAmB,CAAC,cAAc,CAAC;;EAEnC,YAAY,CAAC,OAAO,CAAC;;;kCAGW,cAAc,CAAC,QAAQ;6DACI,IAAI,CAAC,aAAa,mCAAmC,IAAI,CAAC,aAAa;;+DAErE,KAAK,CAAC,EAAE;+BACxC,cAAc,CAAC,QAAQ;kIAC4E,IAAI,CAAC,YAAY,aAAa,IAAI,CAAC,WAAW;;;;;;;CAO/K,CAAC,IAAI,EAAE,CAAC;IACP,CAAC;IAED,OAAO;;EAEP,cAAc,CAAC,KAAK,CAAC;;EAErB,gBAAgB,CAAC,IAAI,CAAC;;EAEtB,YAAY,CAAC,OAAO,CAAC;;;iCAGU,KAAK,CAAC,EAAE,IAAI,KAAK,CAAC,IAAI;;2BAE5B,IAAI,CAAC,YAAY;0BAClB,IAAI,CAAC,WAAW;;;;;;;;;;;;;;;;;EAiBxC,CAAC,KAAK,CAAC,kBAAkB,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,sCAAsC;;;;;CAK1H,CAAC,IAAI,EAAE,CAAC;AACT,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,KAAqB,EACrB,IAAgB,EAChB,OAAyB;IAEzB,OAAO;;EAEP,cAAc,CAAC,KAAK,CAAC;;EAErB,gBAAgB,CAAC,IAAI,CAAC;;EAEtB,YAAY,CAAC,OAAO,CAAC;;;6BAGM,IAAI,CAAC,WAAW;;;;;CAK5C,CAAC,IAAI,EAAE,CAAC;AACT,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,KAAqB,EACrB,IAAgB,EAChB,OAAyB;IAEzB,OAAO;;EAEP,cAAc,CAAC,KAAK,CAAC;;EAErB,gBAAgB,CAAC,IAAI,CAAC;;EAEtB,YAAY,CAAC,OAAO,CAAC;;EAErB,yBAAyB;;EAEzB,4BAA4B;;;;;;;;;;;EAW5B,oBAAoB;CACrB,CAAC,IAAI,EAAE,CAAC;AACT,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"review-prompt.d.ts","sourceRoot":"","sources":["../../../src/executor/review/review-prompt.ts"],"names":[],"mappings":"AACA,OAAO,EAAuB,KAAK,aAAa,EAAE,KAAK,eAAe,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"review-prompt.d.ts","sourceRoot":"","sources":["../../../src/executor/review/review-prompt.ts"],"names":[],"mappings":"AACA,OAAO,EAAuB,KAAK,aAAa,EAAE,KAAK,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAE/F,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAwB1D,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,eAAe,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC7C,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,WAAW,EAAE,CAAC;IACxB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,uEAAuE;AACvE,wBAAgB,cAAc,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,gBAAgB,GAAG,WAAW,CAkDtE;AA0CD,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,EAAE,CAqBhE"}
|
|
@@ -1,20 +1,26 @@
|
|
|
1
1
|
import { z } from "zod";
|
|
2
2
|
import { ReviewFindingSchema } from "../../types.js";
|
|
3
|
-
|
|
3
|
+
import { PROJECT_CONVENTION_CHECKLIST } from "../../security/review-checklist.js";
|
|
4
|
+
const SYSTEM_PROMPT = `You are a careful code reviewer. Review the diff and changed files for issues in three dimensions plus the urateam project conventions enumerated below.
|
|
5
|
+
|
|
6
|
+
Primary dimensions:
|
|
4
7
|
- reuse: duplication of existing code
|
|
5
8
|
- quality: bugs, error-handling, type misuse, edge cases
|
|
6
9
|
- efficiency: needless work, N+1 queries, hot-loop allocations
|
|
7
10
|
|
|
11
|
+
${PROJECT_CONVENTION_CHECKLIST}
|
|
12
|
+
|
|
8
13
|
Output exactly one JSON object and nothing else, matching this shape:
|
|
9
14
|
{ "findings": [
|
|
10
15
|
{ "severity": "blocking" | "warning" | "suggestion",
|
|
11
16
|
"file": "path/to/file.ext",
|
|
12
17
|
"line": <integer>,
|
|
13
|
-
"category": "reuse" | "quality" | "efficiency",
|
|
18
|
+
"category": "reuse" | "quality" | "efficiency" | "scratch-files" | "db-ddl-drift" | "audit-bypass-undocumented" | "credential-in-interface" | "spec-vs-impl" | "convention-execfile" | "convention-console" | "convention-throw" | "convention-as-any",
|
|
14
19
|
"description": "<concise>",
|
|
15
20
|
"fix": "<concrete suggestion>" }
|
|
16
21
|
]
|
|
17
22
|
}
|
|
23
|
+
Use the Tier 2 project-convention category strings VERBATIM for convention violations — operators see one consistent vocabulary across both the main review agent and the OpenRouter fanout.
|
|
18
24
|
Return an empty findings array if you find nothing.`;
|
|
19
25
|
/** Cheap heuristic: ~4 chars/token. Good enough to gate truncation. */
|
|
20
26
|
export function estimateTokens(s) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"review-prompt.js","sourceRoot":"","sources":["../../../src/executor/review/review-prompt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,mBAAmB,EAA4C,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"review-prompt.js","sourceRoot":"","sources":["../../../src/executor/review/review-prompt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,mBAAmB,EAA4C,MAAM,gBAAgB,CAAC;AAC/F,OAAO,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAC;AAGlF,MAAM,aAAa,GAAG;;;;;;;EAOpB,4BAA4B;;;;;;;;;;;;;oDAasB,CAAC;AAerD,uEAAuE;AACvE,MAAM,UAAU,cAAc,CAAC,CAAS;IACtC,OAAO,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,KAAuB;IACvD,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,KAAK,CAAC;IACvD,MAAM,WAAW,GAAG;QAClB,WAAW;QACX,OAAO,CAAC,OAAO,CAAC,WAAW;QAC3B,EAAE;QACF,gBAAgB;QAChB,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;QACnD,EAAE;QACF,gBAAgB;QAChB,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;QACnD,EAAE;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAEb,MAAM,SAAS,GAAG,CAAC,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAErE,uEAAuE;IACvE,MAAM,WAAW,GACf,cAAc,CAAC,aAAa,CAAC;QAC7B,cAAc,CAAC,WAAW,CAAC;QAC3B,cAAc,CAAC,SAAS,CAAC,CAAC;IAC5B,IAAI,SAAS,GAAG,cAAc,GAAG,WAAW,CAAC;IAC7C,IAAI,SAAS,GAAG,CAAC;QAAE,SAAS,GAAG,CAAC,CAAC;IACjC,MAAM,aAAa,GAAiB,EAAE,CAAC;IACvC,IAAI,cAAc,GAAG,CAAC,CAAC;IACvB,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,MAAM,KAAK,GAAG,cAAc,CAAC,CAAC,IAAI,aAAa,CAAC,CAAC,IAAI,YAAY,CAAC;QAClE,MAAM,IAAI,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,IAAI,IAAI,SAAS,EAAE,CAAC;YACtB,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YACtB,SAAS,IAAI,IAAI,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,cAAc,IAAI,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAED,MAAM,UAAU,GAAG,aAAa;SAC7B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,IAAI,aAAa,CAAC,CAAC,IAAI,YAAY,CAAC;SAC/D,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,MAAM,WAAW,GAAG,GAAG,WAAW,KAAK,SAAS,KAAK,UAAU,EAAE,CAAC;IAElE,OAAO;QACL,QAAQ,EAAE;YACR,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,aAAa,EAAE;YAC1C,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE;SACvC;QACD,oBAAoB,EAAE,WAAW,GAAG,cAAc,CAAC,UAAU,CAAC;QAC9D,cAAc;KACf,CAAC;AACJ,CAAC;AAED,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC;CACvC,CAAC,CAAC;AAEH,sEAAsE;AACtE,SAAS,sBAAsB,CAAC,CAAS;IACvC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC;IACf,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACf,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBACf,8DAA8D;gBAC9D,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;gBACtB,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;oBACjB,CAAC,IAAI,CAAC,CAAC,CAAE,oBAAoB;gBAC/B,CAAC;qBAAM,CAAC;oBACN,CAAC,IAAI,CAAC,CAAC,CAAE,+BAA+B;gBAC1C,CAAC;gBACD,SAAS;YACX,CAAC;YACD,IAAI,CAAC,KAAK,GAAG;gBAAE,QAAQ,GAAG,KAAK,CAAC;YAChC,SAAS;QACX,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACd,QAAQ,GAAG,IAAI,CAAC;YAChB,SAAS;QACX,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACd,IAAI,KAAK,KAAK,CAAC;gBAAE,KAAK,GAAG,CAAC,CAAC;YAC3B,KAAK,IAAI,CAAC,CAAC;QACb,CAAC;aAAM,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACrB,KAAK,IAAI,CAAC,CAAC;YACX,IAAI,KAAK,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC;gBAAE,OAAO,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,GAAW;IAC7C,MAAM,MAAM,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAC3C,IAAI,CAAC,MAAM;QACT,MAAM,IAAI,KAAK,CACb,qEAAqE,CACtE,CAAC;IACJ,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,kDAAmD,CAAW,CAAC,OAAO,EAAE,CACzE,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,sBAAsB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACxD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CACb,kDAAkD,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CACzE,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC;AAC9B,CAAC"}
|
package/dist/security/index.d.ts
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export { SECURITY_REVIEW_CHECKLIST, REVIEW_OUTPUT_FORMAT } from "./review-checklist.js";
|
|
1
|
+
export { SECURITY_REVIEW_CHECKLIST, PROJECT_CONVENTION_CHECKLIST, REVIEW_OUTPUT_FORMAT } from "./review-checklist.js";
|
|
2
2
|
export { createSandboxConfig } from "./sandbox.js";
|
|
3
3
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,4BAA4B,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AACtH,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
|
package/dist/security/index.js
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export { SECURITY_REVIEW_CHECKLIST, REVIEW_OUTPUT_FORMAT } from "./review-checklist.js";
|
|
1
|
+
export { SECURITY_REVIEW_CHECKLIST, PROJECT_CONVENTION_CHECKLIST, REVIEW_OUTPUT_FORMAT } from "./review-checklist.js";
|
|
2
2
|
export { createSandboxConfig } from "./sandbox.js";
|
|
3
3
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,yBAAyB,EAAE,4BAA4B,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AACtH,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
|
|
@@ -1,3 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tier 2 — project-convention checklist injected into the review prompt.
|
|
3
|
+
*
|
|
4
|
+
* Each entry names a `category` string the review agent must use verbatim in
|
|
5
|
+
* its `ReviewFinding` output. The pipeline runner already treats blocking
|
|
6
|
+
* findings as a draft-PR trigger (and the review-fix loop re-runs implement
|
|
7
|
+
* to address them), so adding categories here automatically picks up the
|
|
8
|
+
* existing gate machinery — no runner-side changes needed.
|
|
9
|
+
*
|
|
10
|
+
* The 9 categories mirror the operator brief; their names are also the
|
|
11
|
+
* `category` strings used by Tiers 1a/1b/1c's deterministic gates so the
|
|
12
|
+
* review-stage agent's findings classify into the same buckets as the gate
|
|
13
|
+
* findings (operators see one consistent vocabulary across both surfaces).
|
|
14
|
+
*/
|
|
15
|
+
export declare const PROJECT_CONVENTION_CHECKLIST = "## Project Convention Checklist\n\nFor each item below, scan the diff and emit a blocking `ReviewFinding` with the\nexact `category` string shown when the convention is violated. The autonomous\npipeline has historically shipped PRs that fail one or more of these checks;\nyour job is to catch every regression deterministically.\n\n### category: \"scratch-files\"\nAny new file matching `*.bak`, `*_REPORT.md`, `FINAL_*.md`, `TESTING_*.md`,\n`TEST_*.md`, `*_CHECKLIST.md`, repo-root `commit-*.sh`, `run-*.sh`, `*.tmp`,\n`*.log`, OR any new `*.md` at the repo root that isn't one of:\nCLAUDE.md, README.md, CHANGELOG.md, CONTRIBUTING.md, SECURITY.md,\nCODE_OF_CONDUCT.md, LICENSE.md, AUTHORS.md.\n\n### category: \"db-ddl-drift\"\nIf `packages/core/src/db/migrations/{sqlite,postgres}/*.sql` are added or\nmodified, verify ALL THREE required sites are updated (CLAUDE.md \"DB schema\nchanges\" is the authority):\n1. `MIGRATION_COLUMNS` array in `db/client.ts` \u2014 generates the ALTER TABLE\n statements for existing installs on startup.\n2. `getCreateTablesDDL()` in `db/client.ts` \u2014 the CREATE TABLE template for\n fresh installs.\n3. The Drizzle schema in `db/schema.ts` \u2014 keeps ORM types in sync.\nMismatch in any of the three ships a release that's broken on fresh installs,\nbroken on existing installs, or both.\n\n### category: \"audit-bypass-undocumented\"\nIf `logAuditEventUnchecked` is added to a new file, verify the file appears\nin the allow-list in `__tests__/audit-immutability.test.ts` AND in CLAUDE.md's\nenumeration of bypass call sites.\n\n### category: \"credential-in-interface\"\nFlag any public interface field named `*Token`, `*Secret`, `*Key`,\n`*Credential`, `*Password`, `*Auth` \u2014 credentials should never leave\n`process.env`. (PR #251 BEC-207 had a raw OAuth token field \"for logging\";\ncatch this class deterministically.)\n\n### category: \"spec-vs-impl\"\nJSDoc that references a config/option/env/deps/options field by name; verify\nthat field exists in the relevant type/schema. Tier 1c's deterministic gate\nruns the same check; the review-stage backup catches anything the gate's\nheuristic misses (e.g., `@param` annotation styles).\n\n### category: \"convention-execfile\"\nFlag any new use of `child_process.exec` or the global `exec()` \u2014 CLAUDE.md\nmandates `execFile` (no shell parsing) for all subprocess invocations.\n\n### category: \"convention-console\"\nFlag any `console.log` / `console.error` / etc. \u2014 structured logging via\n`createLogger` from `logger.js` only. Console calls won't reach the audit\nlog or operator dashboards.\n\n### category: \"convention-throw\"\nFlag bare `throw` statements in ANY pipeline failure path \u2014 not only\n`pipeline/runner.ts`, but also `executor/executor.ts`, every module under\n`pm/actions/`, feedback-pipeline / RALPH / review-fix paths, and any other\nmodule that owns a pipeline-stage execution. Use `failPipeline()` so the\nerror classification (transient vs permanent) and DB state stay consistent.\nException: re-throwing after `failPipeline()` to exit a push-queue / lock\ncallback is allowed and documented in CLAUDE.md.\n\n### category: \"convention-as-any\"\nFlag new `as any` casts outside the documented `AnyDb` / db-cast pattern\nin CLAUDE.md. If you reach for `as any`, either the code or the types are\nwrong \u2014 fix the underlying issue.\n";
|
|
1
16
|
/**
|
|
2
17
|
* Security review checklist used by the review stage agent.
|
|
3
18
|
*/
|
|
@@ -11,5 +26,5 @@ export declare const SECURITY_REVIEW_CHECKLIST = "## Security Review Checklist\n
|
|
|
11
26
|
* ("Stage review completed — agent output was not parseable prose") from appearing
|
|
12
27
|
* in PR descriptions when the review stage runs without errors (BEC-167).
|
|
13
28
|
*/
|
|
14
|
-
export declare const REVIEW_OUTPUT_FORMAT = "Emit your final output as a single ```json code block containing a HandoffArtifact JSON envelope. The JSON block MUST match this shape exactly:\n\n```json\n{\n \"stage\": \"review\",\n \"summary\": \"<1\u20132 sentence prose summary of what was reviewed and the overall verdict>\",\n \"filesChanged\": [\"path/to/reviewed/file.ts\"],\n \"approach\": \"<short prose: what the implementation does and how>\",\n \"context\": {\n \"issueIntent\": \"<what the issue was trying to achieve>\",\n \"constraints\": [],\n \"assumptions\": [],\n \"reviewFindings\": [\n {\n \"severity\": \"blocking\",\n \"file\": \"path/to/file.ts\",\n \"line\": 42,\n \"category\": \"SQL Injection\",\n \"description\": \"Clear explanation of the issue\",\n \"fix\": \"Suggested remediation\"\n }\n ]\n },\n \"tokenBudget\": {\n \"contextTokensUsed\": 0,\n \"recommendedMaxTurns\": 10\n }\n}\n```\n\nRules:\n- `severity` must be one of: `\"blocking\"`, `\"warning\"`, `\"suggestion\"`\n- `category` can be any of: `\"SQL Injection\"`, `\"XSS\"`, `\"Command Injection\"`, `\"Path Traversal\"`, `\"Auth\"`, `\"Data Exposure\"`, `\"Dependency\"
|
|
29
|
+
export declare const REVIEW_OUTPUT_FORMAT = "Emit your final output as a single ```json code block containing a HandoffArtifact JSON envelope. The JSON block MUST match this shape exactly:\n\n```json\n{\n \"stage\": \"review\",\n \"summary\": \"<1\u20132 sentence prose summary of what was reviewed and the overall verdict>\",\n \"filesChanged\": [\"path/to/reviewed/file.ts\"],\n \"approach\": \"<short prose: what the implementation does and how>\",\n \"context\": {\n \"issueIntent\": \"<what the issue was trying to achieve>\",\n \"constraints\": [],\n \"assumptions\": [],\n \"reviewFindings\": [\n {\n \"severity\": \"blocking\",\n \"file\": \"path/to/file.ts\",\n \"line\": 42,\n \"category\": \"SQL Injection\",\n \"description\": \"Clear explanation of the issue\",\n \"fix\": \"Suggested remediation\"\n }\n ]\n },\n \"tokenBudget\": {\n \"contextTokensUsed\": 0,\n \"recommendedMaxTurns\": 10\n }\n}\n```\n\nRules:\n- `severity` must be one of: `\"blocking\"`, `\"warning\"`, `\"suggestion\"`\n- `category` can be any of:\n - Security: `\"SQL Injection\"`, `\"XSS\"`, `\"Command Injection\"`, `\"Path Traversal\"`, `\"Auth\"`, `\"Data Exposure\"`, `\"Dependency\"`\n - Quality: `\"incomplete-implementation\"`, `\"dead-code\"`, `\"missing-documentation\"`\n - Tier 2 project conventions (use these exact strings): `\"scratch-files\"`, `\"db-ddl-drift\"`, `\"audit-bypass-undocumented\"`, `\"credential-in-interface\"`, `\"spec-vs-impl\"`, `\"convention-execfile\"`, `\"convention-console\"`, `\"convention-throw\"`, `\"convention-as-any\"`\n - Fallback: `\"Other\"`\n- If there are NO findings, emit an empty array: `\"reviewFindings\": []`\n- ALL fields (`summary`, `filesChanged`, `approach`, `context`, `tokenBudget`) are REQUIRED \u2014 even when there are no findings\n- `summary` must be prose (NOT JSON). Write 1\u20132 sentences describing what was reviewed and the verdict.\n";
|
|
15
30
|
//# sourceMappingURL=review-checklist.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"review-checklist.d.ts","sourceRoot":"","sources":["../../src/security/review-checklist.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,eAAO,MAAM,yBAAyB,srCAyBrC,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,oBAAoB,
|
|
1
|
+
{"version":3,"file":"review-checklist.d.ts","sourceRoot":"","sources":["../../src/security/review-checklist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,4BAA4B,4zGAiExC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,yBAAyB,srCAyBrC,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,oBAAoB,o5DAwChC,CAAC"}
|
|
@@ -1,3 +1,83 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Tier 2 — project-convention checklist injected into the review prompt.
|
|
3
|
+
*
|
|
4
|
+
* Each entry names a `category` string the review agent must use verbatim in
|
|
5
|
+
* its `ReviewFinding` output. The pipeline runner already treats blocking
|
|
6
|
+
* findings as a draft-PR trigger (and the review-fix loop re-runs implement
|
|
7
|
+
* to address them), so adding categories here automatically picks up the
|
|
8
|
+
* existing gate machinery — no runner-side changes needed.
|
|
9
|
+
*
|
|
10
|
+
* The 9 categories mirror the operator brief; their names are also the
|
|
11
|
+
* `category` strings used by Tiers 1a/1b/1c's deterministic gates so the
|
|
12
|
+
* review-stage agent's findings classify into the same buckets as the gate
|
|
13
|
+
* findings (operators see one consistent vocabulary across both surfaces).
|
|
14
|
+
*/
|
|
15
|
+
export const PROJECT_CONVENTION_CHECKLIST = `## Project Convention Checklist
|
|
16
|
+
|
|
17
|
+
For each item below, scan the diff and emit a blocking \`ReviewFinding\` with the
|
|
18
|
+
exact \`category\` string shown when the convention is violated. The autonomous
|
|
19
|
+
pipeline has historically shipped PRs that fail one or more of these checks;
|
|
20
|
+
your job is to catch every regression deterministically.
|
|
21
|
+
|
|
22
|
+
### category: "scratch-files"
|
|
23
|
+
Any new file matching \`*.bak\`, \`*_REPORT.md\`, \`FINAL_*.md\`, \`TESTING_*.md\`,
|
|
24
|
+
\`TEST_*.md\`, \`*_CHECKLIST.md\`, repo-root \`commit-*.sh\`, \`run-*.sh\`, \`*.tmp\`,
|
|
25
|
+
\`*.log\`, OR any new \`*.md\` at the repo root that isn't one of:
|
|
26
|
+
CLAUDE.md, README.md, CHANGELOG.md, CONTRIBUTING.md, SECURITY.md,
|
|
27
|
+
CODE_OF_CONDUCT.md, LICENSE.md, AUTHORS.md.
|
|
28
|
+
|
|
29
|
+
### category: "db-ddl-drift"
|
|
30
|
+
If \`packages/core/src/db/migrations/{sqlite,postgres}/*.sql\` are added or
|
|
31
|
+
modified, verify ALL THREE required sites are updated (CLAUDE.md "DB schema
|
|
32
|
+
changes" is the authority):
|
|
33
|
+
1. \`MIGRATION_COLUMNS\` array in \`db/client.ts\` — generates the ALTER TABLE
|
|
34
|
+
statements for existing installs on startup.
|
|
35
|
+
2. \`getCreateTablesDDL()\` in \`db/client.ts\` — the CREATE TABLE template for
|
|
36
|
+
fresh installs.
|
|
37
|
+
3. The Drizzle schema in \`db/schema.ts\` — keeps ORM types in sync.
|
|
38
|
+
Mismatch in any of the three ships a release that's broken on fresh installs,
|
|
39
|
+
broken on existing installs, or both.
|
|
40
|
+
|
|
41
|
+
### category: "audit-bypass-undocumented"
|
|
42
|
+
If \`logAuditEventUnchecked\` is added to a new file, verify the file appears
|
|
43
|
+
in the allow-list in \`__tests__/audit-immutability.test.ts\` AND in CLAUDE.md's
|
|
44
|
+
enumeration of bypass call sites.
|
|
45
|
+
|
|
46
|
+
### category: "credential-in-interface"
|
|
47
|
+
Flag any public interface field named \`*Token\`, \`*Secret\`, \`*Key\`,
|
|
48
|
+
\`*Credential\`, \`*Password\`, \`*Auth\` — credentials should never leave
|
|
49
|
+
\`process.env\`. (PR #251 BEC-207 had a raw OAuth token field "for logging";
|
|
50
|
+
catch this class deterministically.)
|
|
51
|
+
|
|
52
|
+
### category: "spec-vs-impl"
|
|
53
|
+
JSDoc that references a config/option/env/deps/options field by name; verify
|
|
54
|
+
that field exists in the relevant type/schema. Tier 1c's deterministic gate
|
|
55
|
+
runs the same check; the review-stage backup catches anything the gate's
|
|
56
|
+
heuristic misses (e.g., \`@param\` annotation styles).
|
|
57
|
+
|
|
58
|
+
### category: "convention-execfile"
|
|
59
|
+
Flag any new use of \`child_process.exec\` or the global \`exec()\` — CLAUDE.md
|
|
60
|
+
mandates \`execFile\` (no shell parsing) for all subprocess invocations.
|
|
61
|
+
|
|
62
|
+
### category: "convention-console"
|
|
63
|
+
Flag any \`console.log\` / \`console.error\` / etc. — structured logging via
|
|
64
|
+
\`createLogger\` from \`logger.js\` only. Console calls won't reach the audit
|
|
65
|
+
log or operator dashboards.
|
|
66
|
+
|
|
67
|
+
### category: "convention-throw"
|
|
68
|
+
Flag bare \`throw\` statements in ANY pipeline failure path — not only
|
|
69
|
+
\`pipeline/runner.ts\`, but also \`executor/executor.ts\`, every module under
|
|
70
|
+
\`pm/actions/\`, feedback-pipeline / RALPH / review-fix paths, and any other
|
|
71
|
+
module that owns a pipeline-stage execution. Use \`failPipeline()\` so the
|
|
72
|
+
error classification (transient vs permanent) and DB state stay consistent.
|
|
73
|
+
Exception: re-throwing after \`failPipeline()\` to exit a push-queue / lock
|
|
74
|
+
callback is allowed and documented in CLAUDE.md.
|
|
75
|
+
|
|
76
|
+
### category: "convention-as-any"
|
|
77
|
+
Flag new \`as any\` casts outside the documented \`AnyDb\` / db-cast pattern
|
|
78
|
+
in CLAUDE.md. If you reach for \`as any\`, either the code or the types are
|
|
79
|
+
wrong — fix the underlying issue.
|
|
80
|
+
`;
|
|
1
81
|
/**
|
|
2
82
|
* Security review checklist used by the review stage agent.
|
|
3
83
|
*/
|
|
@@ -68,7 +148,11 @@ export const REVIEW_OUTPUT_FORMAT = `Emit your final output as a single \`\`\`js
|
|
|
68
148
|
|
|
69
149
|
Rules:
|
|
70
150
|
- \`severity\` must be one of: \`"blocking"\`, \`"warning"\`, \`"suggestion"\`
|
|
71
|
-
- \`category\` can be any of:
|
|
151
|
+
- \`category\` can be any of:
|
|
152
|
+
- Security: \`"SQL Injection"\`, \`"XSS"\`, \`"Command Injection"\`, \`"Path Traversal"\`, \`"Auth"\`, \`"Data Exposure"\`, \`"Dependency"\`
|
|
153
|
+
- Quality: \`"incomplete-implementation"\`, \`"dead-code"\`, \`"missing-documentation"\`
|
|
154
|
+
- Tier 2 project conventions (use these exact strings): \`"scratch-files"\`, \`"db-ddl-drift"\`, \`"audit-bypass-undocumented"\`, \`"credential-in-interface"\`, \`"spec-vs-impl"\`, \`"convention-execfile"\`, \`"convention-console"\`, \`"convention-throw"\`, \`"convention-as-any"\`
|
|
155
|
+
- Fallback: \`"Other"\`
|
|
72
156
|
- If there are NO findings, emit an empty array: \`"reviewFindings": []\`
|
|
73
157
|
- ALL fields (\`summary\`, \`filesChanged\`, \`approach\`, \`context\`, \`tokenBudget\`) are REQUIRED — even when there are no findings
|
|
74
158
|
- \`summary\` must be prose (NOT JSON). Write 1–2 sentences describing what was reviewed and the verdict.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"review-checklist.js","sourceRoot":"","sources":["../../src/security/review-checklist.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;CAyBxC,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG
|
|
1
|
+
{"version":3,"file":"review-checklist.js","sourceRoot":"","sources":["../../src/security/review-checklist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiE3C,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;CAyBxC,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwCnC,CAAC"}
|