@workflow-cannon/workspace-kit 0.11.0 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +2 -0
  2. package/dist/cli/run-command.js +7 -2
  3. package/dist/core/module-registry.d.ts +1 -1
  4. package/dist/core/module-registry.js +2 -2
  5. package/package.json +1 -1
package/README.md CHANGED
@@ -66,6 +66,8 @@ This keeps automation adaptive without sacrificing safety, governance, or develo
66
66
  - **Phases 0–7** are complete through **`v0.9.0`** (see roadmap for slice ids).
67
67
  - **Phase 8** ships maintainer/onboarding hardening (`v0.10.0`): policy denial clarity, runbooks, and doc alignment for CLI vs `run` approval.
68
68
  - **Phase 9–10** ship agent/onboarding parity (`v0.11.0`): interactive policy opt-in, strict response-template mode, Agent CLI map (`docs/maintainers/AGENT-CLI-MAP.md`), and CLI-first Cursor guidance.
69
+ - **Phase 11** ships architectural review follow-up hardening (`v0.12.0`): policy/session denial edge tests, persistence concurrency semantics, release doc-sweep checklist, and runtime path audit note.
70
+ - **Phase 12** is the active queue: Cursor-native thin-client extension delivery (`T296`–`T310`).
69
71
 
70
72
  Historical note: this file’s milestone list is not the live queue—always check task state for **`ready`** work.
71
73
 
package/dist/cli/run-command.js CHANGED
@@ -78,6 +78,7 @@ export async function handleRunCommand(cwd, args, io, codes) {
78
78
  const sessionId = resolveSessionId(process.env);
79
79
  const policyOp = resolvePolicyOperationIdForCommand(subcommand, effective);
80
80
  const explicitPolicyApproval = parsePolicyApproval(commandArgs);
81
+ const hasPolicyApprovalField = Object.hasOwn(commandArgs, "policyApproval");
81
82
  let resolvedSensitiveApproval = explicitPolicyApproval;
82
83
  let interactiveSessionFollowup = false;
83
84
  if (sensitive) {
@@ -126,7 +127,9 @@ export async function handleRunCommand(cwd, args, io, codes) {
126
127
  command: `run ${subcommand}`,
127
128
  actor,
128
129
  allowed: false,
129
- message: "missing policyApproval in JSON args"
130
+ message: hasPolicyApprovalField
131
+ ? "invalid policyApproval in JSON args"
132
+ : "missing policyApproval in JSON args"
130
133
  });
131
134
  }
132
135
  writeLine(JSON.stringify({
@@ -134,7 +137,9 @@ export async function handleRunCommand(cwd, args, io, codes) {
134
137
  code: "policy-denied",
135
138
  operationId: policyOp ?? null,
136
139
  remediationDoc: POLICY_APPROVAL_HUMAN_DOC,
137
- message: 'Sensitive command requires policyApproval in JSON args (or an existing session grant for this operation). Example: {"policyApproval":{"confirmed":true,"rationale":"why","scope":"session"}}. See remediationDoc for env vs JSON approval surfaces.',
140
+ message: hasPolicyApprovalField
141
+ ? 'Sensitive command received an invalid policyApproval object. Use {"policyApproval":{"confirmed":true,"rationale":"why","scope":"session"}} (scope optional) or use an existing session grant for this operation.'
142
+ : 'Sensitive command requires policyApproval in JSON args (or an existing session grant for this operation). Example: {"policyApproval":{"confirmed":true,"rationale":"why","scope":"session"}}. See remediationDoc for env vs JSON approval surfaces.',
138
143
  hint: policyOp != null
139
144
  ? `Operation ${policyOp} requires explicit approval; WORKSPACE_KIT_POLICY_APPROVAL is not read for workspace-kit run. Optional: set WORKSPACE_KIT_INTERACTIVE_APPROVAL=on in a TTY for a prompt (see ${POLICY_APPROVAL_HUMAN_DOC}).`
140
145
  : "Operation could not be mapped to policyOperationId; check policy.extraSensitiveModuleCommands and pass policyApproval in JSON args."
package/dist/core/module-registry.d.ts CHANGED
@@ -3,7 +3,7 @@ export declare class ModuleRegistryError extends Error {
3
3
  readonly code: string;
4
4
  constructor(code: string, message: string);
5
5
  }
6
- export declare function validateModuleSet(modules: WorkflowModule[]): void;
6
+ export declare function validateModuleSet(modules: WorkflowModule[], workspacePath?: string): void;
7
7
  export type ModuleRegistryOptions = {
8
8
  enabledModules?: string[];
9
9
  disabledModules?: string[];
package/dist/core/module-registry.js CHANGED
@@ -142,10 +142,10 @@ function validateInstructionContracts(moduleMap, workspacePath) {
142
142
  }
143
143
  }
144
144
  }
145
- export function validateModuleSet(modules) {
145
+ export function validateModuleSet(modules, workspacePath) {
146
146
  const moduleMap = buildModuleMap(modules);
147
147
  validateDependencies(moduleMap);
148
- validateInstructionContracts(moduleMap, process.cwd());
148
+ validateInstructionContracts(moduleMap, workspacePath ?? process.cwd());
149
149
  topologicalSort(moduleMap);
150
150
  }
151
151
  export class ModuleRegistry {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@workflow-cannon/workspace-kit",
3
- "version": "0.11.0",
3
+ "version": "0.12.0",
4
4
  "private": false,
5
5
  "packageManager": "pnpm@10.0.0",
6
6
  "license": "MIT",