@vibe-validate/config 0.16.1 → 0.17.0-rc.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/config.schema.json +90 -0
  2. package/dist/index.d.ts +1 -1
  3. package/dist/index.d.ts.map +1 -1
  4. package/dist/index.js +1 -1
  5. package/dist/schema.d.ts +245 -4
  6. package/dist/schema.d.ts.map +1 -1
  7. package/dist/schema.js +74 -1
  8. package/package.json +1 -1
package/config.schema.json CHANGED
@@ -210,6 +210,96 @@
210
210
  "concurrencyScope": "directory"
211
211
  }
212
212
  },
213
+ "extractors": {
214
+ "type": "object",
215
+ "properties": {
216
+ "builtins": {
217
+ "type": "object",
218
+ "properties": {
219
+ "trust": {
220
+ "type": "string",
221
+ "enum": [
222
+ "full",
223
+ "sandbox"
224
+ ]
225
+ },
226
+ "disable": {
227
+ "type": "array",
228
+ "items": {
229
+ "type": "string"
230
+ },
231
+ "default": []
232
+ }
233
+ },
234
+ "additionalProperties": false,
235
+ "default": {
236
+ "trust": "full",
237
+ "disable": []
238
+ }
239
+ },
240
+ "localPlugins": {
241
+ "type": "object",
242
+ "properties": {
243
+ "trust": {
244
+ "type": "string",
245
+ "enum": [
246
+ "full",
247
+ "sandbox"
248
+ ]
249
+ },
250
+ "disable": {
251
+ "type": "array",
252
+ "items": {
253
+ "type": "string"
254
+ },
255
+ "default": []
256
+ }
257
+ },
258
+ "additionalProperties": false,
259
+ "default": {
260
+ "trust": "sandbox",
261
+ "disable": []
262
+ }
263
+ },
264
+ "external": {
265
+ "type": "array",
266
+ "items": {
267
+ "type": "object",
268
+ "properties": {
269
+ "package": {
270
+ "type": "string",
271
+ "minLength": 1
272
+ },
273
+ "trust": {
274
+ "type": "string",
275
+ "enum": [
276
+ "full",
277
+ "sandbox"
278
+ ],
279
+ "default": "sandbox"
280
+ }
281
+ },
282
+ "required": [
283
+ "package"
284
+ ],
285
+ "additionalProperties": false
286
+ },
287
+ "default": []
288
+ }
289
+ },
290
+ "additionalProperties": false,
291
+ "default": {
292
+ "builtins": {
293
+ "trust": "full",
294
+ "disable": []
295
+ },
296
+ "localPlugins": {
297
+ "trust": "sandbox",
298
+ "disable": []
299
+ },
300
+ "external": []
301
+ }
302
+ },
213
303
  "developerFeedback": {
214
304
  "type": "boolean",
215
305
  "default": false
package/dist/index.d.ts CHANGED
@@ -21,7 +21,7 @@
21
21
  * command: tsc --noEmit
22
22
  * ```
23
23
  */
24
- export { type ValidationStep, type ValidationPhase, type ValidationConfig, type GitConfig, type CIConfig, type HooksConfig, type SecretScanningConfig, type VibeValidateConfig, ValidationStepSchema, ValidationPhaseSchema, ValidationConfigSchema, GitConfigSchema, CIConfigSchema, HooksConfigSchema, SecretScanningSchema, VibeValidateConfigSchema, validateConfig, safeValidateConfig, } from './schema.js';
24
+ export { type ValidationStep, type ValidationPhase, type ValidationConfig, type GitConfig, type CIConfig, type HooksConfig, type SecretScanningConfig, type ExtractorTrustLevel, type ExtractorCategoryConfig, type ExternalExtractorConfig, type ExtractorsConfig, type VibeValidateConfig, ValidationStepSchema, ValidationPhaseSchema, ValidationConfigSchema, GitConfigSchema, CIConfigSchema, HooksConfigSchema, SecretScanningSchema, ExtractorTrustLevelSchema, ExtractorCategoryConfigSchema, ExternalExtractorConfigSchema, ExtractorsConfigSchema, VibeValidateConfigSchema, validateConfig, safeValidateConfig, } from './schema.js';
25
25
  export { CONFIG_FILE_NAME, loadConfigFromFile, findAndLoadConfig, } from './loader.js';
26
26
  export { GIT_DEFAULTS } from './constants.js';
27
27
  export { getRemoteBranch, getMainBranch, getRemoteOrigin } from './git-helpers.js';
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAGH,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,SAAS,EACd,KAAK,QAAQ,EACb,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,EACtB,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,oBAAoB,EACpB,wBAAwB,EACxB,cAAc,EACd,kBAAkB,GACnB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAGH,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,SAAS,EACd,KAAK,QAAQ,EACb,KAAK,WAAW,EAChB,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,EACxB,KAAK,uBAAuB,EAC5B,KAAK,uBAAuB,EAC5B,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,oBAAoB,EACpB,qBAAqB,EACrB,sBAAsB,EACtB,eAAe,EACf,cAAc,EACd,iBAAiB,EACjB,oBAAoB,EACpB,yBAAyB,EACzB,6BAA6B,EAC7B,6BAA6B,EAC7B,sBAAsB,EACtB,wBAAwB,EACxB,cAAc,EACd,kBAAkB,GACnB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC"}
package/dist/index.js CHANGED
@@ -22,7 +22,7 @@
22
22
  * ```
23
23
  */
24
24
  // Core schema types and validation
25
- export { ValidationStepSchema, ValidationPhaseSchema, ValidationConfigSchema, GitConfigSchema, CIConfigSchema, HooksConfigSchema, SecretScanningSchema, VibeValidateConfigSchema, validateConfig, safeValidateConfig, } from './schema.js';
25
+ export { ValidationStepSchema, ValidationPhaseSchema, ValidationConfigSchema, GitConfigSchema, CIConfigSchema, HooksConfigSchema, SecretScanningSchema, ExtractorTrustLevelSchema, ExtractorCategoryConfigSchema, ExternalExtractorConfigSchema, ExtractorsConfigSchema, VibeValidateConfigSchema, validateConfig, safeValidateConfig, } from './schema.js';
26
26
  // Config loading
27
27
  export { CONFIG_FILE_NAME, loadConfigFromFile, findAndLoadConfig, } from './loader.js';
28
28
  // Git configuration constants and helpers
package/dist/schema.d.ts CHANGED
@@ -23,7 +23,7 @@ export declare const ValidationStepSchema: z.ZodObject<{
23
23
  continueOnError: z.ZodOptional<z.ZodBoolean>;
24
24
  /** Optional: Environment variables for this step */
25
25
  env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
26
- /** Optional: Working directory for this step (default: project root) */
26
+ /** Optional: Working directory for this step, relative to git root (default: git root) */
27
27
  cwd: z.ZodOptional<z.ZodString>;
28
28
  }, "strict", z.ZodTypeAny, {
29
29
  name: string;
@@ -68,7 +68,7 @@ export declare const ValidationPhaseSchema: z.ZodObject<{
68
68
  continueOnError: z.ZodOptional<z.ZodBoolean>;
69
69
  /** Optional: Environment variables for this step */
70
70
  env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
71
- /** Optional: Working directory for this step (default: project root) */
71
+ /** Optional: Working directory for this step, relative to git root (default: git root) */
72
72
  cwd: z.ZodOptional<z.ZodString>;
73
73
  }, "strict", z.ZodTypeAny, {
74
74
  name: string;
@@ -145,7 +145,7 @@ export declare const ValidationConfigSchema: z.ZodObject<{
145
145
  continueOnError: z.ZodOptional<z.ZodBoolean>;
146
146
  /** Optional: Environment variables for this step */
147
147
  env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
148
- /** Optional: Working directory for this step (default: project root) */
148
+ /** Optional: Working directory for this step, relative to git root (default: git root) */
149
149
  cwd: z.ZodOptional<z.ZodString>;
150
150
  }, "strict", z.ZodTypeAny, {
151
151
  name: string;
@@ -399,6 +399,133 @@ export declare const LockingConfigSchema: z.ZodObject<{
399
399
  projectId?: string | undefined;
400
400
  }>;
401
401
  export type LockingConfig = z.infer<typeof LockingConfigSchema>;
402
+ /**
403
+ * Extractor Trust Level
404
+ *
405
+ * Controls security sandbox behavior for extractors:
406
+ * - 'full': Run with full Node.js access (trusted code)
407
+ * - 'sandbox': Run in isolated V8 context with limited API access (untrusted code)
408
+ */
409
+ export declare const ExtractorTrustLevelSchema: z.ZodEnum<["full", "sandbox"]>;
410
+ export type ExtractorTrustLevel = z.infer<typeof ExtractorTrustLevelSchema>;
411
+ /**
412
+ * Extractor Category Config Schema
413
+ *
414
+ * Shared configuration for built-in and local plugin extractors.
415
+ */
416
+ export declare const ExtractorCategoryConfigSchema: z.ZodObject<{
417
+ /** Trust level for extractors in this category (default varies by category) */
418
+ trust: z.ZodOptional<z.ZodEnum<["full", "sandbox"]>>;
419
+ /** List of extractor names to disable (default: []) */
420
+ disable: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
421
+ }, "strict", z.ZodTypeAny, {
422
+ disable: string[];
423
+ trust?: "full" | "sandbox" | undefined;
424
+ }, {
425
+ trust?: "full" | "sandbox" | undefined;
426
+ disable?: string[] | undefined;
427
+ }>;
428
+ export type ExtractorCategoryConfig = z.infer<typeof ExtractorCategoryConfigSchema>;
429
+ /**
430
+ * External Extractor Config Schema
431
+ *
432
+ * Configuration for an explicit npm package extractor.
433
+ */
434
+ export declare const ExternalExtractorConfigSchema: z.ZodObject<{
435
+ /** npm package name (e.g., '@my-org/vibe-validate-plugin-gradle') */
436
+ package: z.ZodString;
437
+ /** Trust level (default: 'sandbox') */
438
+ trust: z.ZodDefault<z.ZodOptional<z.ZodEnum<["full", "sandbox"]>>>;
439
+ }, "strict", z.ZodTypeAny, {
440
+ trust: "full" | "sandbox";
441
+ package: string;
442
+ }, {
443
+ package: string;
444
+ trust?: "full" | "sandbox" | undefined;
445
+ }>;
446
+ export type ExternalExtractorConfig = z.infer<typeof ExternalExtractorConfigSchema>;
447
+ /**
448
+ * Extractors Configuration Schema
449
+ *
450
+ * Controls extractor plugin loading, trust levels, and selective disabling.
451
+ */
452
+ export declare const ExtractorsConfigSchema: z.ZodObject<{
453
+ /**
454
+ * Built-in extractors configuration
455
+ * Default: { trust: 'full', disable: [] }
456
+ */
457
+ builtins: z.ZodDefault<z.ZodOptional<z.ZodObject<{
458
+ /** Trust level for extractors in this category (default varies by category) */
459
+ trust: z.ZodOptional<z.ZodEnum<["full", "sandbox"]>>;
460
+ /** List of extractor names to disable (default: []) */
461
+ disable: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
462
+ }, "strict", z.ZodTypeAny, {
463
+ disable: string[];
464
+ trust?: "full" | "sandbox" | undefined;
465
+ }, {
466
+ trust?: "full" | "sandbox" | undefined;
467
+ disable?: string[] | undefined;
468
+ }>>>;
469
+ /**
470
+ * Local plugins configuration (auto-discovered from vibe-validate-local-plugins/)
471
+ * Default: { trust: 'sandbox', disable: [] }
472
+ */
473
+ localPlugins: z.ZodDefault<z.ZodOptional<z.ZodObject<{
474
+ /** Trust level for extractors in this category (default varies by category) */
475
+ trust: z.ZodOptional<z.ZodEnum<["full", "sandbox"]>>;
476
+ /** List of extractor names to disable (default: []) */
477
+ disable: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
478
+ }, "strict", z.ZodTypeAny, {
479
+ disable: string[];
480
+ trust?: "full" | "sandbox" | undefined;
481
+ }, {
482
+ trust?: "full" | "sandbox" | undefined;
483
+ disable?: string[] | undefined;
484
+ }>>>;
485
+ /**
486
+ * External npm package extractors (explicit registration required)
487
+ * Default: []
488
+ */
489
+ external: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodObject<{
490
+ /** npm package name (e.g., '@my-org/vibe-validate-plugin-gradle') */
491
+ package: z.ZodString;
492
+ /** Trust level (default: 'sandbox') */
493
+ trust: z.ZodDefault<z.ZodOptional<z.ZodEnum<["full", "sandbox"]>>>;
494
+ }, "strict", z.ZodTypeAny, {
495
+ trust: "full" | "sandbox";
496
+ package: string;
497
+ }, {
498
+ package: string;
499
+ trust?: "full" | "sandbox" | undefined;
500
+ }>, "many">>>;
501
+ }, "strict", z.ZodTypeAny, {
502
+ builtins: {
503
+ disable: string[];
504
+ trust?: "full" | "sandbox" | undefined;
505
+ };
506
+ localPlugins: {
507
+ disable: string[];
508
+ trust?: "full" | "sandbox" | undefined;
509
+ };
510
+ external: {
511
+ trust: "full" | "sandbox";
512
+ package: string;
513
+ }[];
514
+ }, {
515
+ builtins?: {
516
+ trust?: "full" | "sandbox" | undefined;
517
+ disable?: string[] | undefined;
518
+ } | undefined;
519
+ localPlugins?: {
520
+ trust?: "full" | "sandbox" | undefined;
521
+ disable?: string[] | undefined;
522
+ } | undefined;
523
+ external?: {
524
+ package: string;
525
+ trust?: "full" | "sandbox" | undefined;
526
+ }[] | undefined;
527
+ }>;
528
+ export type ExtractorsConfig = z.infer<typeof ExtractorsConfigSchema>;
402
529
  /**
403
530
  * Full Configuration Schema
404
531
  *
@@ -427,7 +554,7 @@ export declare const VibeValidateConfigSchema: z.ZodObject<{
427
554
  continueOnError: z.ZodOptional<z.ZodBoolean>;
428
555
  /** Optional: Environment variables for this step */
429
556
  env: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
430
- /** Optional: Working directory for this step (default: project root) */
557
+ /** Optional: Working directory for this step, relative to git root (default: git root) */
431
558
  cwd: z.ZodOptional<z.ZodString>;
432
559
  }, "strict", z.ZodTypeAny, {
433
560
  name: string;
@@ -644,6 +771,92 @@ export declare const VibeValidateConfigSchema: z.ZodObject<{
644
771
  concurrencyScope?: "directory" | "project" | undefined;
645
772
  projectId?: string | undefined;
646
773
  }>>>;
774
+ /**
775
+ * Extractor plugins configuration (optional)
776
+ *
777
+ * Controls trust levels and selective disabling for extractors:
778
+ * - Built-in extractors (shipped with vibe-validate)
779
+ * - Local plugins (auto-discovered from vibe-validate-local-plugins/)
780
+ * - External npm packages (explicit registration required)
781
+ *
782
+ * Default: { builtins: { trust: 'full', disable: [] }, localPlugins: { trust: 'sandbox', disable: [] }, external: [] }
783
+ */
784
+ extractors: z.ZodDefault<z.ZodOptional<z.ZodObject<{
785
+ /**
786
+ * Built-in extractors configuration
787
+ * Default: { trust: 'full', disable: [] }
788
+ */
789
+ builtins: z.ZodDefault<z.ZodOptional<z.ZodObject<{
790
+ /** Trust level for extractors in this category (default varies by category) */
791
+ trust: z.ZodOptional<z.ZodEnum<["full", "sandbox"]>>;
792
+ /** List of extractor names to disable (default: []) */
793
+ disable: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
794
+ }, "strict", z.ZodTypeAny, {
795
+ disable: string[];
796
+ trust?: "full" | "sandbox" | undefined;
797
+ }, {
798
+ trust?: "full" | "sandbox" | undefined;
799
+ disable?: string[] | undefined;
800
+ }>>>;
801
+ /**
802
+ * Local plugins configuration (auto-discovered from vibe-validate-local-plugins/)
803
+ * Default: { trust: 'sandbox', disable: [] }
804
+ */
805
+ localPlugins: z.ZodDefault<z.ZodOptional<z.ZodObject<{
806
+ /** Trust level for extractors in this category (default varies by category) */
807
+ trust: z.ZodOptional<z.ZodEnum<["full", "sandbox"]>>;
808
+ /** List of extractor names to disable (default: []) */
809
+ disable: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
810
+ }, "strict", z.ZodTypeAny, {
811
+ disable: string[];
812
+ trust?: "full" | "sandbox" | undefined;
813
+ }, {
814
+ trust?: "full" | "sandbox" | undefined;
815
+ disable?: string[] | undefined;
816
+ }>>>;
817
+ /**
818
+ * External npm package extractors (explicit registration required)
819
+ * Default: []
820
+ */
821
+ external: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodObject<{
822
+ /** npm package name (e.g., '@my-org/vibe-validate-plugin-gradle') */
823
+ package: z.ZodString;
824
+ /** Trust level (default: 'sandbox') */
825
+ trust: z.ZodDefault<z.ZodOptional<z.ZodEnum<["full", "sandbox"]>>>;
826
+ }, "strict", z.ZodTypeAny, {
827
+ trust: "full" | "sandbox";
828
+ package: string;
829
+ }, {
830
+ package: string;
831
+ trust?: "full" | "sandbox" | undefined;
832
+ }>, "many">>>;
833
+ }, "strict", z.ZodTypeAny, {
834
+ builtins: {
835
+ disable: string[];
836
+ trust?: "full" | "sandbox" | undefined;
837
+ };
838
+ localPlugins: {
839
+ disable: string[];
840
+ trust?: "full" | "sandbox" | undefined;
841
+ };
842
+ external: {
843
+ trust: "full" | "sandbox";
844
+ package: string;
845
+ }[];
846
+ }, {
847
+ builtins?: {
848
+ trust?: "full" | "sandbox" | undefined;
849
+ disable?: string[] | undefined;
850
+ } | undefined;
851
+ localPlugins?: {
852
+ trust?: "full" | "sandbox" | undefined;
853
+ disable?: string[] | undefined;
854
+ } | undefined;
855
+ external?: {
856
+ package: string;
857
+ trust?: "full" | "sandbox" | undefined;
858
+ }[] | undefined;
859
+ }>>>;
647
860
  /**
648
861
  * Developer feedback for continuous quality improvement (optional, default: false)
649
862
  *
@@ -694,6 +907,20 @@ export declare const VibeValidateConfigSchema: z.ZodObject<{
694
907
  concurrencyScope: "directory" | "project";
695
908
  projectId?: string | undefined;
696
909
  };
910
+ extractors: {
911
+ builtins: {
912
+ disable: string[];
913
+ trust?: "full" | "sandbox" | undefined;
914
+ };
915
+ localPlugins: {
916
+ disable: string[];
917
+ trust?: "full" | "sandbox" | undefined;
918
+ };
919
+ external: {
920
+ trust: "full" | "sandbox";
921
+ package: string;
922
+ }[];
923
+ };
697
924
  developerFeedback: boolean;
698
925
  ci?: {
699
926
  failFast?: boolean | undefined;
@@ -747,6 +974,20 @@ export declare const VibeValidateConfigSchema: z.ZodObject<{
747
974
  concurrencyScope?: "directory" | "project" | undefined;
748
975
  projectId?: string | undefined;
749
976
  } | undefined;
977
+ extractors?: {
978
+ builtins?: {
979
+ trust?: "full" | "sandbox" | undefined;
980
+ disable?: string[] | undefined;
981
+ } | undefined;
982
+ localPlugins?: {
983
+ trust?: "full" | "sandbox" | undefined;
984
+ disable?: string[] | undefined;
985
+ } | undefined;
986
+ external?: {
987
+ package: string;
988
+ trust?: "full" | "sandbox" | undefined;
989
+ }[] | undefined;
990
+ } | undefined;
750
991
  developerFeedback?: boolean | undefined;
751
992
  }>;
752
993
  export type VibeValidateConfig = z.input<typeof VibeValidateConfigSchema>;
package/dist/schema.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB;;;;GAIG;AACH,eAAO,MAAM,oBAAoB;IAC/B,kEAAkE;;IAGlE,qDAAqD;;IAGrD,uEAAuE;;IAGvE,+EAA+E;;IAG/E,qDAAqD;;IAGrD,oDAAoD;;IAGpD,wEAAwE;;;;;;;;;;;;;;;;;;EAE/D,CAAC;AAEZ,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAElE;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB;IAChC,wDAAwD;;IAGxD,iDAAiD;;IAGjD,qCAAqC;;QArCrC,kEAAkE;;QAGlE,qDAAqD;;QAGrD,uEAAuE;;QAGvE,+EAA+E;;QAG/E,qDAAqD;;QAGrD,oDAAoD;;QAGpD,wEAAwE;;;;;;;;;;;;;;;;;;;IAsBxE,qFAAqF;;IAGrF,gEAAgE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEvD,CAAC;AAGZ,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE;;GAEG;AACH,eAAO,MAAM,sBAAsB;IACjC,mCAAmC;;QAvBnC,wDAAwD;;QAGxD,iDAAiD;;QAGjD,qCAAqC;;YArCrC,kEAAkE;;YAGlE,qDAAqD;;YAGrD,uEAAuE;;YAGvE,+EAA+E;;YAG/E,qDAAqD;;YAGrD,oDAAoD;;YAGpD,wEAAwE;;;;;;;;;;;;;;;;;;;QAsBxE,qFAAqF;;QAGrF,gEAAgE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAchE,uFAAuF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE9E,CAAC;AAGZ,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE;;GAEG;AACH,eAAO,MAAM,eAAe;IAC1B,uCAAuC;;IAGvC,oCAAoC;;IAGpC,6CAA6C;;IAG7C,sDAAsD;;;;;;;;;;;;EAE7C,CAAC;AAEZ,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAExD;;GAEG;AACH,eAAO,MAAM,cAAc;IACzB,6DAA6D;;IAG7D,mEAAmE;;IAGnE,oDAAoD;;IAGpD,iDAAiD;;;;;;;;;;;;EAExC,CAAC;AAEZ,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAEtD;;GAEG;AACH,eAAO,MAAM,oBAAoB;IAC/B,2DAA2D;;IAG3D,iEAAiE;;;;;;;;;;;;;;EAWlE,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;GAEG;AACH,eAAO,MAAM,iBAAiB;IAC5B,oCAAoC;;QAElC,sDAAsD;;QAGtD,0EAA0E;;QAG1E,+CAA+C;;YA9BjD,2DAA2D;;YAG3D,iEAAiE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiCxD,CAAC;AAEZ,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D;;;;GAIG;AACH,eAAO,MAAM,mBAAmB;IAC9B,uEAAuE;;IAGvE;;;;OAIG;;IAGH;;;;OAIG;;;;;;;;;;EAEM,CAAC;AAEZ,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE;;;;GAIG;AACH,eAAO,MAAM,wBAAwB;IACnC,+BAA+B;;QA5H/B,mCAAmC;;YAvBnC,wDAAwD;;YAGxD,iDAAiD;;YAGjD,qCAAqC;;gBArCrC,kEAAkE;;gBAGlE,qDAAqD;;gBAGrD,uEAAuE;;gBAGvE,+EAA+E;;gBAG/E,qDAAqD;;gBAGrD,oDAAoD;;gBAGpD,wEAAwE;;;;;;;;;;;;;;;;;;;YAsBxE,qFAAqF;;YAGrF,gEAAgE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAchE,uFAAuF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA4HvF,oCAAoC;;QAjHpC,uCAAuC;;QAGvC,oCAAoC;;QAGpC,6CAA6C;;QAG7C,sDAAsD;;;;;;;;;;;;;IAgHtD,mEAAmE;;QAtGnE,6DAA6D;;QAG7D,mEAAmE;;QAGnE,oDAAoD;;QAGpD,iDAAiD;;;;;;;;;;;;;IAgGjD,6CAA6C;;QAhE7C,oCAAoC;;YAElC,sDAAsD;;YAGtD,0EAA0E;;YAG1E,+CAA+C;;gBA9BjD,2DAA2D;;gBAG3D,iEAAiE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA2FjE,kDAAkD;;QAhDlD,uEAAuE;;QAGvE;;;;WAIG;;QAGH;;;;WAIG;;;;;;;;;;;IAwCH;;;;;;;;OAQG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEM,CAAC;AAGZ,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAE1E;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,GAAG,kBAAkB,CAElE;AAED;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,OAAO,GAC9C;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,IAAI,EAAE,kBAAkB,CAAA;CAAE,GAC3C;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAcvC"}
1
+ {"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB;;;;GAIG;AACH,eAAO,MAAM,oBAAoB;IAC/B,kEAAkE;;IAGlE,qDAAqD;;IAGrD,uEAAuE;;IAGvE,+EAA+E;;IAG/E,qDAAqD;;IAGrD,oDAAoD;;IAGpD,0FAA0F;;;;;;;;;;;;;;;;;;EAEjF,CAAC;AAEZ,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAElE;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB;IAChC,wDAAwD;;IAGxD,iDAAiD;;IAGjD,qCAAqC;;QArCrC,kEAAkE;;QAGlE,qDAAqD;;QAGrD,uEAAuE;;QAGvE,+EAA+E;;QAG/E,qDAAqD;;QAGrD,oDAAoD;;QAGpD,0FAA0F;;;;;;;;;;;;;;;;;;;IAsB1F,qFAAqF;;IAGrF,gEAAgE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEvD,CAAC;AAGZ,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEpE;;GAEG;AACH,eAAO,MAAM,sBAAsB;IACjC,mCAAmC;;QAvBnC,wDAAwD;;QAGxD,iDAAiD;;QAGjD,qCAAqC;;YArCrC,kEAAkE;;YAGlE,qDAAqD;;YAGrD,uEAAuE;;YAGvE,+EAA+E;;YAG/E,qDAAqD;;YAGrD,oDAAoD;;YAGpD,0FAA0F;;;;;;;;;;;;;;;;;;;QAsB1F,qFAAqF;;QAGrF,gEAAgE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAchE,uFAAuF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE9E,CAAC;AAGZ,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE;;GAEG;AACH,eAAO,MAAM,eAAe;IAC1B,uCAAuC;;IAGvC,oCAAoC;;IAGpC,6CAA6C;;IAG7C,sDAAsD;;;;;;;;;;;;EAE7C,CAAC;AAEZ,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAExD;;GAEG;AACH,eAAO,MAAM,cAAc;IACzB,6DAA6D;;IAG7D,mEAAmE;;IAGnE,oDAAoD;;IAGpD,iDAAiD;;;;;;;;;;;;EAExC,CAAC;AAEZ,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAEtD;;GAEG;AACH,eAAO,MAAM,oBAAoB;IAC/B,2DAA2D;;IAG3D,iEAAiE;;;;;;;;;;;;;;EAWlE,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;GAEG;AACH,eAAO,MAAM,iBAAiB;IAC5B,oCAAoC;;QAElC,sDAAsD;;QAGtD,0EAA0E;;QAG1E,+CAA+C;;YA9BjD,2DAA2D;;YAG3D,iEAAiE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiCxD,CAAC;AAEZ,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE5D;;;;GAIG;AACH,eAAO,MAAM,mBAAmB;IAC9B,uEAAuE;;IAGvE;;;;OAIG;;IAGH;;;;OAIG;;;;;;;;;;EAEM,CAAC;AAEZ,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB,gCAA8B,CAAC;AAErE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE5E;;;;GAIG;AACH,eAAO,MAAM,6BAA6B;IACxC,+EAA+E;;IAG/E,uDAAuD;;;;;;;;EAE9C,CAAC;AAEZ,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAEpF;;;;GAIG;AACH,eAAO,MAAM,6BAA6B;IACxC,qEAAqE;;IAGrE,uCAAuC;;;;;;;;EAE9B,CAAC;AAEZ,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAEpF;;;;GAIG;AACH,eAAO,MAAM,sBAAsB;IACjC;;;OAGG;;QAjCH,+EAA+E;;QAG/E,uDAAuD;;;;;;;;;IAoCvD;;;OAGG;;QA1CH,+EAA+E;;QAG/E,uDAAuD;;;;;;;;;IA6CvD;;;OAGG;;QApCH,qEAAqE;;QAGrE,uCAAuC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAmC9B,CAAC;AAEZ,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAEtE;;;;GAIG;AACH,eAAO,MAAM,wBAAwB;IACnC,+BAA+B;;QAtM/B,mCAAmC;;YAvBnC,wDAAwD;;YAGxD,iDAAiD;;YAGjD,qCAAqC;;gBArCrC,kEAAkE;;gBAGlE,qDAAqD;;gBAGrD,uEAAuE;;gBAGvE,+EAA+E;;gBAG/E,qDAAqD;;gBAGrD,oDAAoD;;gBAGpD,0FAA0F;;;;;;;;;;;;;;;;;;;YAsB1F,qFAAqF;;YAGrF,gEAAgE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAchE,uFAAuF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAsMvF,oCAAoC;;QA3LpC,uCAAuC;;QAGvC,oCAAoC;;QAGpC,6CAA6C;;QAG7C,sDAAsD;;;;;;;;;;;;;IA0LtD,mEAAmE;;QAhLnE,6DAA6D;;QAG7D,mEAAmE;;QAGnE,oDAAoD;;QAGpD,iDAAiD;;;;;;;;;;;;;IA0KjD,6CAA6C;;QA1I7C,oCAAoC;;YAElC,sDAAsD;;YAGtD,0EAA0E;;YAG1E,+CAA+C;;gBA9BjD,2DAA2D;;gBAG3D,iEAAiE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAqKjE,kDAAkD;;QA1HlD,uEAAuE;;QAGvE;;;;WAIG;;QAGH;;;;WAIG;;;;;;;;;;;IAkHH;;;;;;;;;OASG;;QAtEH;;;WAGG;;YAjCH,+EAA+E;;YAG/E,uDAAuD;;;;;;;;;QAoCvD;;;WAGG;;YA1CH,+EAA+E;;YAG/E,uDAAuD;;;;;;;;;QA6CvD;;;WAGG;;YApCH,qEAAqE;;YAGrE,uCAAuC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAyFvC;;;;;;;;OAQG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEM,CAAC;AAGZ,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAE1E;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,GAAG,kBAAkB,CAElE;AAED;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,OAAO,GAC9C;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,IAAI,EAAE,kBAAkB,CAAA;CAAE,GAC3C;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAcvC"}
package/dist/schema.js CHANGED
@@ -24,7 +24,7 @@ export const ValidationStepSchema = z.object({
24
24
  continueOnError: z.boolean().optional(),
25
25
  /** Optional: Environment variables for this step */
26
26
  env: z.record(z.string(), z.string()).optional(),
27
- /** Optional: Working directory for this step (default: project root) */
27
+ /** Optional: Working directory for this step, relative to git root (default: git root) */
28
28
  cwd: z.string().optional(),
29
29
  }).strict();
30
30
  /**
@@ -133,6 +133,64 @@ export const LockingConfigSchema = z.object({
133
133
  */
134
134
  projectId: z.string().optional(),
135
135
  }).strict();
136
+ /**
137
+ * Extractor Trust Level
138
+ *
139
+ * Controls security sandbox behavior for extractors:
140
+ * - 'full': Run with full Node.js access (trusted code)
141
+ * - 'sandbox': Run in isolated V8 context with limited API access (untrusted code)
142
+ */
143
+ export const ExtractorTrustLevelSchema = z.enum(['full', 'sandbox']);
144
+ /**
145
+ * Extractor Category Config Schema
146
+ *
147
+ * Shared configuration for built-in and local plugin extractors.
148
+ */
149
+ export const ExtractorCategoryConfigSchema = z.object({
150
+ /** Trust level for extractors in this category (default varies by category) */
151
+ trust: ExtractorTrustLevelSchema.optional(),
152
+ /** List of extractor names to disable (default: []) */
153
+ disable: z.array(z.string()).optional().default([]),
154
+ }).strict();
155
+ /**
156
+ * External Extractor Config Schema
157
+ *
158
+ * Configuration for an explicit npm package extractor.
159
+ */
160
+ export const ExternalExtractorConfigSchema = z.object({
161
+ /** npm package name (e.g., '@my-org/vibe-validate-plugin-gradle') */
162
+ package: z.string().min(1, 'Package name cannot be empty'),
163
+ /** Trust level (default: 'sandbox') */
164
+ trust: ExtractorTrustLevelSchema.optional().default('sandbox'),
165
+ }).strict();
166
+ /**
167
+ * Extractors Configuration Schema
168
+ *
169
+ * Controls extractor plugin loading, trust levels, and selective disabling.
170
+ */
171
+ export const ExtractorsConfigSchema = z.object({
172
+ /**
173
+ * Built-in extractors configuration
174
+ * Default: { trust: 'full', disable: [] }
175
+ */
176
+ builtins: ExtractorCategoryConfigSchema.optional().default({
177
+ trust: 'full',
178
+ disable: [],
179
+ }),
180
+ /**
181
+ * Local plugins configuration (auto-discovered from vibe-validate-local-plugins/)
182
+ * Default: { trust: 'sandbox', disable: [] }
183
+ */
184
+ localPlugins: ExtractorCategoryConfigSchema.optional().default({
185
+ trust: 'sandbox',
186
+ disable: [],
187
+ }),
188
+ /**
189
+ * External npm package extractors (explicit registration required)
190
+ * Default: []
191
+ */
192
+ external: z.array(ExternalExtractorConfigSchema).optional().default([]),
193
+ }).strict();
136
194
  /**
137
195
  * Full Configuration Schema
138
196
  *
@@ -162,6 +220,21 @@ export const VibeValidateConfigSchema = z.object({
162
220
  enabled: true,
163
221
  concurrencyScope: 'directory',
164
222
  }),
223
+ /**
224
+ * Extractor plugins configuration (optional)
225
+ *
226
+ * Controls trust levels and selective disabling for extractors:
227
+ * - Built-in extractors (shipped with vibe-validate)
228
+ * - Local plugins (auto-discovered from vibe-validate-local-plugins/)
229
+ * - External npm packages (explicit registration required)
230
+ *
231
+ * Default: { builtins: { trust: 'full', disable: [] }, localPlugins: { trust: 'sandbox', disable: [] }, external: [] }
232
+ */
233
+ extractors: ExtractorsConfigSchema.optional().default({
234
+ builtins: { trust: 'full', disable: [] },
235
+ localPlugins: { trust: 'sandbox', disable: [] },
236
+ external: [],
237
+ }),
165
238
  /**
166
239
  * Developer feedback for continuous quality improvement (optional, default: false)
167
240
  *
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@vibe-validate/config",
3
- "version": "0.16.1",
3
+ "version": "0.17.0-rc.6",
4
4
  "description": "Configuration system for vibe-validate with TypeScript-first design and config templates",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",