npm - @workflow-cannon/workspace-kit - Versions diffs - 0.11.0 → 0.13.0 - Mend

@workflow-cannon/workspace-kit 0.11.0 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +3 -0
package/dist/cli/run-command.js +7 -2
package/dist/core/module-registry.d.ts +1 -1
package/dist/core/module-registry.js +2 -2
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -66,6 +66,9 @@ This keeps automation adaptive without sacrificing safety, governance, or develo
 - **Phases 0–7** are complete through **`v0.9.0`** (see roadmap for slice ids).
 - **Phase 8** ships maintainer/onboarding hardening (`v0.10.0`): policy denial clarity, runbooks, and doc alignment for CLI vs `run` approval.
 - **Phase 9–10** ship agent/onboarding parity (`v0.11.0`): interactive policy opt-in, strict response-template mode, Agent CLI map (`docs/maintainers/AGENT-CLI-MAP.md`), and CLI-first Cursor guidance.
+- **Phase 11** ships architectural review follow-up hardening (`v0.12.0`): policy/session denial edge tests, persistence concurrency semantics, release doc-sweep checklist, and runtime path audit note.
+- **Phase 12** ships Cursor-native thin-client extension delivery (`v0.13.0`): dashboard/tasks/config UI flows, extension test suite, and operator/security docs.
+- **Phase 13** is the active queue: Task Engine lifecycle tightening (`T311+`).
 Historical note: this file’s milestone list is not the live queue—always check task state for **`ready`** work.

package/dist/cli/run-command.js CHANGED Viewed

@@ -78,6 +78,7 @@ export async function handleRunCommand(cwd, args, io, codes) {
     const sessionId = resolveSessionId(process.env);
     const policyOp = resolvePolicyOperationIdForCommand(subcommand, effective);
     const explicitPolicyApproval = parsePolicyApproval(commandArgs);
+    const hasPolicyApprovalField = Object.hasOwn(commandArgs, "policyApproval");
     let resolvedSensitiveApproval = explicitPolicyApproval;
     let interactiveSessionFollowup = false;
     if (sensitive) {
@@ -126,7 +127,9 @@ export async function handleRunCommand(cwd, args, io, codes) {
                     command: `run ${subcommand}`,
                     actor,
                     allowed: false,
-                    message: "missing policyApproval in JSON args"
+                    message: hasPolicyApprovalField
+                        ? "invalid policyApproval in JSON args"
+                        : "missing policyApproval in JSON args"
                 });
             }
             writeLine(JSON.stringify({
@@ -134,7 +137,9 @@ export async function handleRunCommand(cwd, args, io, codes) {
                 code: "policy-denied",
                 operationId: policyOp ?? null,
                 remediationDoc: POLICY_APPROVAL_HUMAN_DOC,
-                message: 'Sensitive command requires policyApproval in JSON args (or an existing session grant for this operation). Example: {"policyApproval":{"confirmed":true,"rationale":"why","scope":"session"}}. See remediationDoc for env vs JSON approval surfaces.',
+                message: hasPolicyApprovalField
+                    ? 'Sensitive command received an invalid policyApproval object. Use {"policyApproval":{"confirmed":true,"rationale":"why","scope":"session"}} (scope optional) or use an existing session grant for this operation.'
+                    : 'Sensitive command requires policyApproval in JSON args (or an existing session grant for this operation). Example: {"policyApproval":{"confirmed":true,"rationale":"why","scope":"session"}}. See remediationDoc for env vs JSON approval surfaces.',
                 hint: policyOp != null
                     ? `Operation ${policyOp} requires explicit approval; WORKSPACE_KIT_POLICY_APPROVAL is not read for workspace-kit run. Optional: set WORKSPACE_KIT_INTERACTIVE_APPROVAL=on in a TTY for a prompt (see ${POLICY_APPROVAL_HUMAN_DOC}).`
                     : "Operation could not be mapped to policyOperationId; check policy.extraSensitiveModuleCommands and pass policyApproval in JSON args."

package/dist/core/module-registry.d.ts CHANGED Viewed

@@ -3,7 +3,7 @@ export declare class ModuleRegistryError extends Error {
     readonly code: string;
     constructor(code: string, message: string);
 }
-export declare function validateModuleSet(modules: WorkflowModule[]): void;
+export declare function validateModuleSet(modules: WorkflowModule[], workspacePath?: string): void;
 export type ModuleRegistryOptions = {
     enabledModules?: string[];
     disabledModules?: string[];

package/dist/core/module-registry.js CHANGED Viewed

@@ -142,10 +142,10 @@ function validateInstructionContracts(moduleMap, workspacePath) {
         }
     }
 }
-export function validateModuleSet(modules) {
+export function validateModuleSet(modules, workspacePath) {
     const moduleMap = buildModuleMap(modules);
     validateDependencies(moduleMap);
-    validateInstructionContracts(moduleMap, process.cwd());
+    validateInstructionContracts(moduleMap, workspacePath ?? process.cwd());
     topologicalSort(moduleMap);
 }
 export class ModuleRegistry {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@workflow-cannon/workspace-kit",
-  "version": "0.11.0",
+  "version": "0.13.0",
   "private": false,
   "packageManager": "pnpm@10.0.0",
   "license": "MIT",