agent-bober 0.12.0 → 0.17.0

package/dist/orchestrator/deploy/classify.js

@@ -0,0 +1,109 @@
+/**
+ * Command classifier for the deploy module (Sprint 20).
+ *
+ * classifyCommand(commandText) returns 'safe' | 'risky' based solely on the
+ * COMMAND CONTENT — never on the agent's self-declared classification.
+ *
+ * This is the safety guarantee against multi-command Bash invocations such as
+ * `echo 'safe' && kubectl scale ...`. The classifier scans the entire command
+ * string for state-mutating verbs before any execution occurs.
+ *
+ * Pattern sources:
+ * - agents/bober-diagnoser.md:188-198 (forbidden command list)
+ * - skills/bober.runbook/SKILL.md (risky-step examples)
+ * - Sprint 20 contract evaluatorNotes: multi-command gate requirement.
+ *
+ * Default-deny: when in doubt, classify risky.
+ */
+/** Risky patterns — matched against the full command string.
+ *  Most-specific patterns listed first to avoid false positives on substrings. */
+const RISKY_PATTERNS = [
+    // kubectl mutators
+    /\bkubectl\s+(delete|apply|patch|edit|scale|rollout|exec\b.*--\s+(?!.*\bget\b))/,
+    // docker mutators
+    /\bdocker\s+(rm|stop|kill|restart|run|exec\b.*(?:bash|sh))/,
+    // git mutators
+    /\bgit\s+(reset\s+--hard|push|rebase|commit|revert|clean)/,
+    // terraform / helm
+    /\b(terraform\s+(apply|destroy)|helm\s+(install|upgrade|uninstall|rollback))\b/,
+    // file mutation: rm, rmdir, mv, cp with overwrite intent
+    /(?:^|\s)(rm|rmdir)\s+/,
+    /(?:^|\s)(mv|cp)\s+.*\s+\S+/, // mv/cp with destination argument (potential overwrite)
+    // shell redirect to file (> or >>)
+    /(?:^|[\s;|&])[^>]*>[>]?\s*\S+/,
+    // chmod / chown
+    /\bchmod\b|\bchown\b/,
+    // service / process control
+    /\bsystemctl\s+(start|stop|restart|enable|disable|mask|unmask)\b/,
+    /\bservice\s+\S+\s+(start|stop|restart)\b/,
+    /\b(kill|pkill|killall)\b/,
+    // package install
+    /\b(npm\s+install|pip\s+install|apt(\s+|-get\s+)install|brew\s+install|yarn\s+add|gem\s+install|cargo\s+install)\b/,
+    // privilege escalation
+    /(?:^|\s)sudo\s+/,
+    // state-mutating HTTP
+    /\bcurl\b[^|]*\s-X\s+(POST|PUT|PATCH|DELETE)\b/i,
+    // wget downloading executables (heuristic)
+    /\bwget\s+[^|]*\.(sh|bin|exe)\b/i,
+    // AWS mutation
+    /\baws\s+(ec2|elbv2|route53)\s+(create|delete|modify|put|update)/i,
+    // GCloud mutation
+    /\bgcloud\s+\S+\s+(create|delete|update|set)\b/i,
+    // Database migrations (heuristic — covers common runners)
+    /\b(flyway\s+migrate|liquibase\s+update|alembic\s+upgrade|rake\s+db:migrate|knex\s+migrate)\b/i,
+    // Secret rotation (heuristic)
+    /\b(vault\s+(rotate|write|delete)|aws\s+secretsmanager\s+(rotate|put|delete|update))\b/i,
+];
+/**
+ * Safe explicit allowlist — used as SHORT-CIRCUIT only when the ENTIRE command
+ * matches (no chain operators present). Any command with && / || / ; chains is
+ * evaluated via RISKY_PATTERNS first before reaching this list.
+ */
+const SAFE_SINGLE_COMMAND_PATTERNS = [
+    /^kubectl\s+(get|describe|logs|top|version|config\s+view)\b[^&;|]*$/,
+    /^docker\s+(ps|logs|inspect|images|version)\b[^&;|]*$/,
+    /^(grep|rg|ag|find|cat|head|tail|less|wc|awk|jq|yq)\b[^&;|]*$/,
+    /^git\s+(log|diff|show|blame|status|rev-parse|describe)\b[^&;|]*$/,
+    /^curl\b(?![^|]*\s-X\s+(POST|PUT|PATCH|DELETE))[^&;|]*$/i,
+    /^(ps|top|htop|lsof|netstat|ss|dig|nslookup|host|ping|traceroute|df|du|free|uname|uptime|date)\b[^&;|]*$/,
+    /^(sed\s+-n|awk)\b[^&;|]*$/, // read-only sed (-n only)
+];
+/**
+ * Classify a command string by blast radius.
+ *
+ * Rules:
+ * 1. Scan the full command string for any risky pattern (takes priority over allowlist).
+ * 2. If no risky pattern matched AND the command has no chain operators (&&/||/;/|),
+ *    check if it matches the safe allowlist.
+ * 3. When in doubt → risky (default-deny).
+ *
+ * @param commandText - The raw shell command string.
+ * @returns 'safe' if the command is confirmed read-only/reversible; 'risky' otherwise.
+ */
+export function classifyCommand(commandText) {
+    const trimmed = commandText.trim();
+    if (trimmed.length === 0)
+        return "safe"; // empty / no-op
+    // Step 1: Scan for risky patterns first — this catches multi-command invocations.
+    for (const pattern of RISKY_PATTERNS) {
+        if (pattern.test(trimmed))
+            return "risky";
+    }
+    // Step 2: If no risky pattern matched, check if the whole command is a known-safe single command.
+    // A command with chain operators (&&, ||, ;, |) that passed risky-scan is still examined:
+    // pipe (|) alone can be safe (e.g., kubectl get pods | head) but && / || / ; chains to
+    // other commands need more scrutiny. Here we allow simple pipes to safe commands.
+    const hasRiskyChainOperator = /&&|\|\|/.test(trimmed);
+    const hasSemicolon = /;(?!\s*$)/.test(trimmed); // semicolons not at end
+    if (!hasRiskyChainOperator && !hasSemicolon) {
+        // Strip any trailing pipe chain and classify the base command.
+        const baseCommand = trimmed.split("|")[0].trim();
+        for (const safe of SAFE_SINGLE_COMMAND_PATTERNS) {
+            if (safe.test(baseCommand))
+                return "safe";
+        }
+    }
+    // Step 3: When in doubt, classify risky (default-deny).
+    return "risky";
+}
+//# sourceMappingURL=classify.js.map

package/dist/orchestrator/deploy/classify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"classify.js","sourceRoot":"","sources":["../../../src/orchestrator/deploy/classify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;kFACkF;AAClF,MAAM,cAAc,GAA0B;IAC5C,mBAAmB;IACnB,gFAAgF;IAChF,kBAAkB;IAClB,2DAA2D;IAC3D,eAAe;IACf,0DAA0D;IAC1D,mBAAmB;IACnB,+EAA+E;IAC/E,yDAAyD;IACzD,uBAAuB;IACvB,4BAA4B,EAAE,wDAAwD;IACtF,mCAAmC;IACnC,+BAA+B;IAC/B,gBAAgB;IAChB,qBAAqB;IACrB,4BAA4B;IAC5B,iEAAiE;IACjE,0CAA0C;IAC1C,0BAA0B;IAC1B,kBAAkB;IAClB,mHAAmH;IACnH,uBAAuB;IACvB,iBAAiB;IACjB,sBAAsB;IACtB,gDAAgD;IAChD,2CAA2C;IAC3C,iCAAiC;IACjC,eAAe;IACf,kEAAkE;IAClE,kBAAkB;IAClB,gDAAgD;IAChD,0DAA0D;IAC1D,+FAA+F;IAC/F,8BAA8B;IAC9B,wFAAwF;CACzF,CAAC;AAEF;;;;GAIG;AACH,MAAM,4BAA4B,GAA0B;IAC1D,oEAAoE;IACpE,sDAAsD;IACtD,8DAA8D;IAC9D,kEAAkE;IAClE,yDAAyD;IACzD,yGAAyG;IACzG,2BAA2B,EAAE,0BAA0B;CACxD,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,eAAe,CAAC,WAAmB;IACjD,MAAM,OAAO,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC,CAAC,gBAAgB;IAEzD,kFAAkF;IAClF,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;YAAE,OAAO,OAAO,CAAC;IAC5C,CAAC;IAED,kGAAkG;IAClG,0FAA0F;IAC1F,uFAAuF;IACvF,kFAAkF;IAClF,MAAM,qBAAqB,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,wBAAwB;IACxE,IAAI,CAAC,qBAAqB,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5C,+DAA+D;QAC/D,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACjD,KAAK,MAAM,IAAI,IAAI,4BAA4B,EAAE,CAAC;YAChD,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC;gBAAE,OAAO,MAAM,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/orchestrator/deploy/execute.d.ts

@@ -0,0 +1,45 @@
+/**
+ * executeAction — main entrypoint for the deploy module (Sprint 20).
+ *
+ * Execution sequence:
+ *   0. Validate action shape (inverse required) — throws BEFORE any I/O.
+ *   1. Authoritative classification via classifyCommand() — overrides agent's self-declaration.
+ *   2. Log proposed action to actions.jsonl for audit.
+ *   3. If risky: gate via Tier 2 checkpoint (or auto-approve with warning if allowAutopilotRiskyActions).
+ *   4. Write ChangeEntry with status='pending' BEFORE execution.
+ *   5. Execute via injected seam.
+ *   6. Write ChangeEntry with terminal status ('executed' | 'failed') AFTER execution.
+ *
+ * Critical invariants:
+ * - ChangeEntry is ALWAYS written (even on crash) once execution starts.
+ * - inverse.description is REQUIRED and validated up-front (Zod + explicit guard).
+ * - The agent's self-declared classification is a HINT; classifyCommand() is authoritative.
+ * - allowAutopilotRiskyActions=true skips interactive approval but NOT the audit trail.
+ */
+import { type ProposedAction, type ExecutorSeam } from "./types.js";
+import { type RiskyActionConfig } from "./resolve.js";
+export interface ExecuteActionDeps {
+    /** Override for tests. Default = execa wrapper (defaultExecutor). */
+    executor?: ExecutorSeam;
+    /** Override for tests to capture stderr warnings. Default = process.stderr.write. */
+    writeWarn?: (msg: string) => void;
+    /** Override for tests — injectable clock. Default = () => new Date(). */
+    now?: () => Date;
+}
+export interface ExecuteActionResult {
+    status: "executed" | "failed" | "aborted";
+    reason?: "checkpoint_rejected" | "precondition_failed" | "missing_inverse" | "postcondition_failed";
+    durationMs: number;
+    error?: string;
+}
+/**
+ * Execute a single proposed action under the deploy discipline.
+ *
+ * @param action      - The proposed action (agent's self-classified).
+ * @param incidentId  - Incident ID for audit trail writes.
+ * @param projectRoot - Root path for incident artifact writes.
+ * @param config      - Pipeline config (controls allowAutopilotRiskyActions + mechanism resolution).
+ * @param deps        - Optional injection overrides (executor, writeWarn, now).
+ */
+export declare function executeAction(action: ProposedAction, incidentId: string, projectRoot: string, config: RiskyActionConfig | undefined, deps?: ExecuteActionDeps): Promise<ExecuteActionResult>;
+//# sourceMappingURL=execute.d.ts.map

package/dist/orchestrator/deploy/execute.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"execute.d.ts","sourceRoot":"","sources":["../../../src/orchestrator/deploy/execute.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAIH,OAAO,EAAwB,KAAK,cAAc,EAAE,KAAK,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1F,OAAO,EAA4D,KAAK,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAKhH,MAAM,WAAW,iBAAiB;IAChC,qEAAqE;IACrE,QAAQ,CAAC,EAAE,YAAY,CAAC;IACxB,qFAAqF;IACrF,SAAS,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IAClC,yEAAyE;IACzE,GAAG,CAAC,EAAE,MAAM,IAAI,CAAC;CAClB;AAID,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC;IAC1C,MAAM,CAAC,EAAE,qBAAqB,GAAG,qBAAqB,GAAG,iBAAiB,GAAG,sBAAsB,CAAC;IACpG,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAID;;;;;;;;GAQG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,cAAc,EACtB,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,iBAAiB,GAAG,SAAS,EACrC,IAAI,GAAE,iBAAsB,GAC3B,OAAO,CAAC,mBAAmB,CAAC,CAiI9B"}

package/dist/orchestrator/deploy/execute.js

@@ -0,0 +1,146 @@
+/**
+ * executeAction — main entrypoint for the deploy module (Sprint 20).
+ *
+ * Execution sequence:
+ *   0. Validate action shape (inverse required) — throws BEFORE any I/O.
+ *   1. Authoritative classification via classifyCommand() — overrides agent's self-declaration.
+ *   2. Log proposed action to actions.jsonl for audit.
+ *   3. If risky: gate via Tier 2 checkpoint (or auto-approve with warning if allowAutopilotRiskyActions).
+ *   4. Write ChangeEntry with status='pending' BEFORE execution.
+ *   5. Execute via injected seam.
+ *   6. Write ChangeEntry with terminal status ('executed' | 'failed') AFTER execution.
+ *
+ * Critical invariants:
+ * - ChangeEntry is ALWAYS written (even on crash) once execution starts.
+ * - inverse.description is REQUIRED and validated up-front (Zod + explicit guard).
+ * - The agent's self-declared classification is a HINT; classifyCommand() is authoritative.
+ * - allowAutopilotRiskyActions=true skips interactive approval but NOT the audit trail.
+ */
+import { appendChange, appendTimeline, appendAction } from "../../incident/timeline.js";
+import { ProposedActionSchema } from "./types.js";
+import { classifyCommand } from "./classify.js";
+import { getRiskyActionMechanism, resolveRiskyActionMechanismName } from "./resolve.js";
+import { defaultExecutor } from "./executor.js";
+// ── executeAction ──────────────────────────────────────────────────────────────
+/**
+ * Execute a single proposed action under the deploy discipline.
+ *
+ * @param action      - The proposed action (agent's self-classified).
+ * @param incidentId  - Incident ID for audit trail writes.
+ * @param projectRoot - Root path for incident artifact writes.
+ * @param config      - Pipeline config (controls allowAutopilotRiskyActions + mechanism resolution).
+ * @param deps        - Optional injection overrides (executor, writeWarn, now).
+ */
+export async function executeAction(action, incidentId, projectRoot, config, deps = {}) {
+    const executor = deps.executor ?? defaultExecutor;
+    const writeWarn = deps.writeWarn ?? ((m) => process.stderr.write(m));
+    const now = deps.now ?? (() => new Date());
+    // ── Step 0: validate action shape BEFORE any I/O. ───────────────────────────
+    // Explicit guard first — throws a clear, test-matchable error for the most
+    // critical invariant (inverse required). Then Zod validates the rest.
+    const rawAction = action;
+    if (!rawAction.inverse?.description ||
+        rawAction.inverse.description.trim() === "") {
+        throw new Error(`executeAction: action.inverse is required and must be non-empty (action id: ${rawAction.id ?? "unknown"})`);
+    }
+    // Full schema validation (validates all remaining fields).
+    ProposedActionSchema.parse(action);
+    // ── Step 1: authoritative classification (overrides agent's self-declared). ──
+    // If the command content is risky, the action IS risky regardless of `action.classification`.
+    const commandClassification = action.command ? classifyCommand(action.command) : action.classification;
+    const isRisky = commandClassification === "risky" || action.classification === "risky";
+    // ── Step 2: log proposed action (always, for audit trail). ─────────────────
+    await appendAction(projectRoot, incidentId, {
+        timestamp: now().toISOString(),
+        action: action.description,
+        blastRadius: isRisky ? "risky" : "safe",
+        requiresApproval: isRisky,
+        rationale: action.reasoning,
+    });
+    // ── Step 3: if risky, gate via Tier 2 checkpoint. ──────────────────────────
+    if (isRisky) {
+        const allow = config?.pipeline?.allowAutopilotRiskyActions === true;
+        const mechanismName = resolveRiskyActionMechanismName(config, true, action.id);
+        if (allow) {
+            // Auto-approve with STERN warning to stderr. Audit trail STILL written below.
+            writeWarn(`[bober deploy] WARN allowAutopilotRiskyActions=true — auto-approved risky action ${action.id}: ` +
+                `${action.description}. Inverse recorded: "${action.inverse.description}". ` +
+                `Mechanism would have been: ${mechanismName}.\n`);
+        }
+        else {
+            const mech = getRiskyActionMechanism(config, true, action.id);
+            const outcome = await mech.request(`risky-action-${action.id}`, {
+                kind: "risky-action",
+                actionId: action.id,
+                description: action.description,
+                classification: "risky",
+                classificationReasoning: action.reasoning,
+                command: action.command,
+                inverse: action.inverse,
+            });
+            // Handle all three CheckpointOutcome variants.
+            if ("approved" in outcome && outcome.approved === false) {
+                await appendTimeline(projectRoot, incidentId, {
+                    timestamp: now().toISOString(),
+                    eventKind: "action_aborted",
+                    source: "deployer",
+                    summary: `Action ${action.id} rejected at checkpoint: ${outcome.feedback}`,
+                });
+                return { status: "aborted", reason: "checkpoint_rejected", durationMs: 0 };
+            }
+            if ("edit" in outcome) {
+                // The operator modified the command via checkpoint edit. Log the modification.
+                // Re-classification of the modified command is deferred to Sprint 24 (full /bober-incident flow).
+                // For now, treat as approved and proceed with the original action.
+                writeWarn(`[bober deploy] INFO checkpoint edit received for action ${action.id}. ` +
+                    `Edit delta recorded; proceeding with original command.\n`);
+            }
+            // If neither rejected nor edited, fall through — approved=true.
+        }
+    }
+    // ── Step 4: write ChangeEntry with status='pending' BEFORE execution. ───────
+    const startedAt = now().toISOString();
+    const pendingEntry = {
+        id: action.id,
+        type: isRisky ? "risky-action" : "safe-action",
+        executedAt: startedAt,
+        description: action.description,
+        inverse: action.inverse,
+        status: "pending",
+    };
+    await appendChange(projectRoot, incidentId, pendingEntry);
+    // ── Step 5: execute via injected seam. ──────────────────────────────────────
+    const startTime = Date.now();
+    let exitCode = 0;
+    let stderr = "";
+    let crashed = false;
+    try {
+        if (action.command) {
+            const r = await executor.run(action.command);
+            exitCode = r.exitCode;
+            stderr = r.stderr;
+        }
+    }
+    catch (err) {
+        crashed = true;
+        stderr = err instanceof Error ? err.message : String(err);
+    }
+    const durationMs = Date.now() - startTime;
+    // ── Step 6: write ChangeEntry with terminal status AFTER execution. ──────────
+    // Written even if the executor crashed — the audit trail is preserved.
+    const finalStatus = crashed || exitCode !== 0 ? "failed" : "executed";
+    const finalEntry = {
+        id: action.id,
+        type: isRisky ? "risky-action" : "safe-action",
+        executedAt: now().toISOString(),
+        description: action.description,
+        inverse: action.inverse,
+        status: finalStatus,
+    };
+    await appendChange(projectRoot, incidentId, finalEntry);
+    if (finalStatus === "failed") {
+        return { status: "failed", durationMs, error: stderr };
+    }
+    return { status: "executed", durationMs };
+}
+//# sourceMappingURL=execute.js.map

package/dist/orchestrator/deploy/execute.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"execute.js","sourceRoot":"","sources":["../../../src/orchestrator/deploy/execute.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAExF,OAAO,EAAE,oBAAoB,EAA0C,MAAM,YAAY,CAAC;AAC1F,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,uBAAuB,EAAE,+BAA+B,EAA0B,MAAM,cAAc,CAAC;AAChH,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAsBhD,kFAAkF;AAElF;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAsB,EACtB,UAAkB,EAClB,WAAmB,EACnB,MAAqC,EACrC,OAA0B,EAAE;IAE5B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,eAAe,CAAC;IAClD,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAE3C,+EAA+E;IAC/E,2EAA2E;IAC3E,sEAAsE;IACtE,MAAM,SAAS,GAAG,MAAiC,CAAC;IACpD,IACE,CAAC,SAAS,CAAC,OAAO,EAAE,WAAW;QAC/B,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,EAC3C,CAAC;QACD,MAAM,IAAI,KAAK,CACb,+EAA+E,SAAS,CAAC,EAAE,IAAI,SAAS,GAAG,CAC5G,CAAC;IACJ,CAAC;IACD,2DAA2D;IAC3D,oBAAoB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAEnC,gFAAgF;IAChF,8FAA8F;IAC9F,MAAM,qBAAqB,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC;IACvG,MAAM,OAAO,GAAG,qBAAqB,KAAK,OAAO,IAAI,MAAM,CAAC,cAAc,KAAK,OAAO,CAAC;IAEvF,8EAA8E;IAC9E,MAAM,YAAY,CAAC,WAAW,EAAE,UAAU,EAAE;QAC1C,SAAS,EAAE,GAAG,EAAE,CAAC,WAAW,EAAE;QAC9B,MAAM,EAAE,MAAM,CAAC,WAAW;QAC1B,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM;QACvC,gBAAgB,EAAE,OAAO;QACzB,SAAS,EAAE,MAAM,CAAC,SAAS;KAC5B,CAAC,CAAC;IAEH,8EAA8E;IAC9E,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,KAAK,GAAG,MAAM,EAAE,QAAQ,EAAE,0BAA0B,KAAK,IAAI,CAAC;QACpE,MAAM,aAAa,GAAG,+BAA+B,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAE/E,IAAI,KAAK,EAAE,CAAC;YACV,8EAA8E;YAC9E,SAAS,CACP,oFAAoF,MAAM,CAAC,EAAE,IAAI;gBAC/F,GAAG,MAAM,CAAC,WAAW,wBAAwB,MAAM,CAAC,OAAO,CAAC,WAAW,KAAK;gBAC5E,8BAA8B,aAAa,KAAK,CACnD,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,GAAG,uBAAuB,CAAC,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;YAC9D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,gBAAgB,MAAM,CAAC,EAAE,EAAW,EAAE;gBACvE,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,MAAM,CAAC,EAAE;gBACnB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,cAAc,EAAE,OAAgB;gBAChC,uBAAuB,EAAE,MAAM,CAAC,SAAS;gBACzC,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,OAAO,EAAE,MAAM,CAAC,OAAO;aACxB,CAAC,CAAC;YAEH,+CAA+C;YAC/C,IAAI,UAAU,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,KAAK,EAAE,CAAC;gBACxD,MAAM,cAAc,CAAC,WAAW,EAAE,UAAU,EAAE;oBAC5C,SAAS,EAAE,GAAG,EAAE,CAAC,WAAW,EAAE;oBAC9B,SAAS,EAAE,gBAAgB;oBAC3B,MAAM,EAAE,UAAU;oBAClB,OAAO,EAAE,UAAU,MAAM,CAAC,EAAE,4BAA6B,OAAiD,CAAC,QAAQ,EAAE;iBACtH,CAAC,CAAC;gBACH,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,qBAAqB,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;YAC7E,CAAC;YACD,IAAI,MAAM,IAAI,OAAO,EAAE,CAAC;gBACtB,+EAA+E;gBAC/E,kGAAkG;gBAClG,mEAAmE;gBACnE,SAAS,CACP,2DAA2D,MAAM,CAAC,EAAE,IAAI;oBACtE,0DAA0D,CAC7D,CAAC;YACJ,CAAC;YACD,gEAAgE;QAClE,CAAC;IACH,CAAC;IAED,+EAA+E;IAC/E,MAAM,SAAS,GAAG,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC;IACtC,MAAM,YAAY,GAAgB;QAChC,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,aAAa;QAC9C,UAAU,EAAE,SAAS;QACrB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM,EAAE,SAAS;KAClB,CAAC;IACF,MAAM,YAAY,CAAC,WAAW,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC;IAE1D,+EAA+E;IAC/E,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,IAAI,CAAC;QACH,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,MAAM,CAAC,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAC7C,QAAQ,GAAG,CAAC,CAAC,QAAQ,CAAC;YACtB,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;QACpB,CAAC;IACH,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,OAAO,GAAG,IAAI,CAAC;QACf,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAE1C,gFAAgF;IAChF,uEAAuE;IACvE,MAAM,WAAW,GAA0B,OAAO,IAAI,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC;IAC7F,MAAM,UAAU,GAAgB;QAC9B,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,aAAa;QAC9C,UAAU,EAAE,GAAG,EAAE,CAAC,WAAW,EAAE;QAC/B,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,MAAM,EAAE,WAAW;KACpB,CAAC;IACF,MAAM,YAAY,CAAC,WAAW,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC;IAExD,IAAI,WAAW,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IACzD,CAAC;IACD,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;AAC5C,CAAC"}

package/dist/orchestrator/deploy/executor.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Default executor seam for the deploy module (Sprint 20).
+ *
+ * Production code uses defaultExecutor (execa wrapper).
+ * Tests inject a fake ExecutorSeam to avoid real shell execution.
+ *
+ * Every Bash command the deployer sends MUST route through this seam.
+ * The seam runs AFTER classifyCommand() approves the command — the
+ * classification gate is the caller's responsibility (see execute.ts).
+ *
+ * Pattern mirrors src/orchestrator/tools/handlers.ts:70 (execa usage).
+ */
+import type { ExecutorSeam } from "./types.js";
+/**
+ * Default execa-backed executor.
+ *
+ * Runs the command via `sh -c <command>`. Captures stdout, stderr, exitCode.
+ * Does NOT reject on non-zero exit code (reject: false) — the caller in
+ * execute.ts decides whether a non-zero exit is a failure.
+ */
+export declare const defaultExecutor: ExecutorSeam;
+//# sourceMappingURL=executor.d.ts.map

package/dist/orchestrator/deploy/executor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"executor.d.ts","sourceRoot":"","sources":["../../../src/orchestrator/deploy/executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,EAAE,YAS7B,CAAC"}

package/dist/orchestrator/deploy/executor.js

@@ -0,0 +1,31 @@
+/**
+ * Default executor seam for the deploy module (Sprint 20).
+ *
+ * Production code uses defaultExecutor (execa wrapper).
+ * Tests inject a fake ExecutorSeam to avoid real shell execution.
+ *
+ * Every Bash command the deployer sends MUST route through this seam.
+ * The seam runs AFTER classifyCommand() approves the command — the
+ * classification gate is the caller's responsibility (see execute.ts).
+ *
+ * Pattern mirrors src/orchestrator/tools/handlers.ts:70 (execa usage).
+ */
+import { execa } from "execa";
+/**
+ * Default execa-backed executor.
+ *
+ * Runs the command via `sh -c <command>`. Captures stdout, stderr, exitCode.
+ * Does NOT reject on non-zero exit code (reject: false) — the caller in
+ * execute.ts decides whether a non-zero exit is a failure.
+ */
+export const defaultExecutor = {
+    async run(command) {
+        const r = await execa("sh", ["-c", command], { reject: false });
+        return {
+            exitCode: r.exitCode ?? 1,
+            stdout: r.stdout,
+            stderr: r.stderr,
+        };
+    },
+};
+//# sourceMappingURL=executor.js.map

package/dist/orchestrator/deploy/executor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"executor.js","sourceRoot":"","sources":["../../../src/orchestrator/deploy/executor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,OAAO,CAAC;AAG9B;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,eAAe,GAAiB;IAC3C,KAAK,CAAC,GAAG,CAAC,OAAe;QACvB,MAAM,CAAC,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAChE,OAAO;YACL,QAAQ,EAAE,CAAC,CAAC,QAAQ,IAAI,CAAC;YACzB,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,MAAM,EAAE,CAAC,CAAC,MAAM;SACjB,CAAC;IACJ,CAAC;CACF,CAAC"}

package/dist/orchestrator/deploy/index.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Public API for the deploy module (Sprint 20).
+ *
+ * Sprint 24 (/bober-incident CLI command) will import from this barrel
+ * to wire the deployer spawn with the risky-action checkpoint callback.
+ *
+ * Usage:
+ *   import { executeAction, classifyCommand, resolveRiskyActionMechanismName,
+ *            type ProposedAction } from "../orchestrator/deploy/index.js";
+ *
+ * Observability MCP tools are merged at spawn time via mergeObsTools() from
+ * src/orchestrator/observability/merge.ts — the same pattern used for the
+ * diagnoser agent (Sprint 16). The deployer's tool list at spawn is:
+ *   [Read, Bash, Grep, Glob, ...namespacedObsTools]
+ */
+export { executeAction, type ExecuteActionDeps, type ExecuteActionResult } from "./execute.js";
+export { classifyCommand } from "./classify.js";
+export { resolveRiskyActionMechanismName, getRiskyActionMechanism, type RiskyActionConfig } from "./resolve.js";
+export { defaultExecutor } from "./executor.js";
+export { ProposedActionSchema, type ProposedAction, type ExecutorSeam, type DeployResult } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/orchestrator/deploy/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/orchestrator/deploy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,aAAa,EAAE,KAAK,iBAAiB,EAAE,KAAK,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAC/F,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,+BAA+B,EAAE,uBAAuB,EAAE,KAAK,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAChH,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,KAAK,YAAY,EAAE,KAAK,YAAY,EAAE,MAAM,YAAY,CAAC"}

package/dist/orchestrator/deploy/index.js

@@ -0,0 +1,21 @@
+/**
+ * Public API for the deploy module (Sprint 20).
+ *
+ * Sprint 24 (/bober-incident CLI command) will import from this barrel
+ * to wire the deployer spawn with the risky-action checkpoint callback.
+ *
+ * Usage:
+ *   import { executeAction, classifyCommand, resolveRiskyActionMechanismName,
+ *            type ProposedAction } from "../orchestrator/deploy/index.js";
+ *
+ * Observability MCP tools are merged at spawn time via mergeObsTools() from
+ * src/orchestrator/observability/merge.ts — the same pattern used for the
+ * diagnoser agent (Sprint 16). The deployer's tool list at spawn is:
+ *   [Read, Bash, Grep, Glob, ...namespacedObsTools]
+ */
+export { executeAction } from "./execute.js";
+export { classifyCommand } from "./classify.js";
+export { resolveRiskyActionMechanismName, getRiskyActionMechanism } from "./resolve.js";
+export { defaultExecutor } from "./executor.js";
+export { ProposedActionSchema } from "./types.js";
+//# sourceMappingURL=index.js.map

package/dist/orchestrator/deploy/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/orchestrator/deploy/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,aAAa,EAAoD,MAAM,cAAc,CAAC;AAC/F,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,+BAA+B,EAAE,uBAAuB,EAA0B,MAAM,cAAc,CAAC;AAChH,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,oBAAoB,EAA6D,MAAM,YAAY,CAAC"}

package/dist/orchestrator/deploy/resolve.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Risky-action mechanism resolver (Sprint 20).
+ *
+ * Wraps the 6-tier resolver from Sprint 14 (resolveCheckpointMechanismName)
+ * with a FORCED FLOOR for risky actions:
+ *
+ *   Tier 0 (Sprint 20): if isRisky && !allowAutopilotRiskyActions && resolved==='noop'
+ *   → override to 'disk'.
+ *
+ * This is the unconditional gate (s20-c6): even mode='autopilot' +
+ * checkpointMechanism='noop' cannot bypass the gate for risky actions.
+ *
+ * The escape hatch (allowAutopilotRiskyActions=true) lets fully-automated
+ * environments (CI, batch jobs) skip interactive approval WHILE preserving
+ * the audit trail (ChangeEntry is always written). Document this as a footgun.
+ */
+import { type CheckpointMechanism, type CheckpointOverrideConfig } from "../checkpoints/index.js";
+/**
+ * Extended config shape: pipeline.allowAutopilotRiskyActions is a Sprint 20 field.
+ * Other pipeline fields are passed through to the underlying resolver unchanged.
+ */
+export interface RiskyActionConfig extends CheckpointOverrideConfig {
+    pipeline?: CheckpointOverrideConfig["pipeline"] & {
+        allowAutopilotRiskyActions?: boolean;
+    };
+}
+/**
+ * Pure name resolver for risky-action mechanism.
+ *
+ * Tier 0 (Sprint 20 FORCED FLOOR):
+ *   if isRisky && !allowAutopilotRiskyActions && underlying resolves to 'noop'
+ *   → return 'disk'.
+ *
+ * Tiers 1-6: defer to resolveCheckpointMechanismName (Sprint 14).
+ *
+ * The checkpointId is dynamic: 'risky-action-<actionId>'. Passing it through
+ * to the underlying resolver allows per-checkpoint overrides to target a specific
+ * action id (rare; not a documented feature; semantically correct).
+ *
+ * @param config   - Pipeline config, may include allowAutopilotRiskyActions.
+ * @param isRisky  - True when the action is classified as risky.
+ * @param actionId - Optional action id; used to form the checkpoint id.
+ */
+export declare function resolveRiskyActionMechanismName(config: RiskyActionConfig | undefined, isRisky: boolean, actionId?: string): string;
+/**
+ * Impure wrapper: resolves the mechanism NAME and returns the registered
+ * CheckpointMechanism implementation. Tests may call resolveRiskyActionMechanismName
+ * directly (pure, no side effects) and assert the returned name.
+ */
+export declare function getRiskyActionMechanism(config: RiskyActionConfig | undefined, isRisky: boolean, actionId?: string): CheckpointMechanism;
+//# sourceMappingURL=resolve.d.ts.map

package/dist/orchestrator/deploy/resolve.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve.d.ts","sourceRoot":"","sources":["../../../src/orchestrator/deploy/resolve.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAGL,KAAK,mBAAmB,EACxB,KAAK,wBAAwB,EAC9B,MAAM,yBAAyB,CAAC;AAEjC;;;GAGG;AACH,MAAM,WAAW,iBAAkB,SAAQ,wBAAwB;IACjE,QAAQ,CAAC,EAAE,wBAAwB,CAAC,UAAU,CAAC,GAAG;QAChD,0BAA0B,CAAC,EAAE,OAAO,CAAC;KACtC,CAAC;CACH;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,+BAA+B,CAC7C,MAAM,EAAE,iBAAiB,GAAG,SAAS,EACrC,OAAO,EAAE,OAAO,EAChB,QAAQ,CAAC,EAAE,MAAM,GAChB,MAAM,CAUR;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,iBAAiB,GAAG,SAAS,EACrC,OAAO,EAAE,OAAO,EAChB,QAAQ,CAAC,EAAE,MAAM,GAChB,mBAAmB,CAErB"}

package/dist/orchestrator/deploy/resolve.js

@@ -0,0 +1,53 @@
+/**
+ * Risky-action mechanism resolver (Sprint 20).
+ *
+ * Wraps the 6-tier resolver from Sprint 14 (resolveCheckpointMechanismName)
+ * with a FORCED FLOOR for risky actions:
+ *
+ *   Tier 0 (Sprint 20): if isRisky && !allowAutopilotRiskyActions && resolved==='noop'
+ *   → override to 'disk'.
+ *
+ * This is the unconditional gate (s20-c6): even mode='autopilot' +
+ * checkpointMechanism='noop' cannot bypass the gate for risky actions.
+ *
+ * The escape hatch (allowAutopilotRiskyActions=true) lets fully-automated
+ * environments (CI, batch jobs) skip interactive approval WHILE preserving
+ * the audit trail (ChangeEntry is always written). Document this as a footgun.
+ */
+import { resolveCheckpointMechanismName, getCheckpointMechanism, } from "../checkpoints/index.js";
+/**
+ * Pure name resolver for risky-action mechanism.
+ *
+ * Tier 0 (Sprint 20 FORCED FLOOR):
+ *   if isRisky && !allowAutopilotRiskyActions && underlying resolves to 'noop'
+ *   → return 'disk'.
+ *
+ * Tiers 1-6: defer to resolveCheckpointMechanismName (Sprint 14).
+ *
+ * The checkpointId is dynamic: 'risky-action-<actionId>'. Passing it through
+ * to the underlying resolver allows per-checkpoint overrides to target a specific
+ * action id (rare; not a documented feature; semantically correct).
+ *
+ * @param config   - Pipeline config, may include allowAutopilotRiskyActions.
+ * @param isRisky  - True when the action is classified as risky.
+ * @param actionId - Optional action id; used to form the checkpoint id.
+ */
+export function resolveRiskyActionMechanismName(config, isRisky, actionId) {
+    const checkpointId = `risky-action-${actionId ?? "default"}`;
+    const resolved = resolveCheckpointMechanismName(checkpointId, config);
+    const allow = config?.pipeline?.allowAutopilotRiskyActions === true;
+    // Forced floor: risky + !allow + resolved==='noop' → 'disk'.
+    if (isRisky && !allow && resolved === "noop") {
+        return "disk";
+    }
+    return resolved;
+}
+/**
+ * Impure wrapper: resolves the mechanism NAME and returns the registered
+ * CheckpointMechanism implementation. Tests may call resolveRiskyActionMechanismName
+ * directly (pure, no side effects) and assert the returned name.
+ */
+export function getRiskyActionMechanism(config, isRisky, actionId) {
+    return getCheckpointMechanism(resolveRiskyActionMechanismName(config, isRisky, actionId));
+}
+//# sourceMappingURL=resolve.js.map

package/dist/orchestrator/deploy/resolve.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolve.js","sourceRoot":"","sources":["../../../src/orchestrator/deploy/resolve.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EACL,8BAA8B,EAC9B,sBAAsB,GAGvB,MAAM,yBAAyB,CAAC;AAYjC;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,+BAA+B,CAC7C,MAAqC,EACrC,OAAgB,EAChB,QAAiB;IAEjB,MAAM,YAAY,GAAG,gBAAgB,QAAQ,IAAI,SAAS,EAAE,CAAC;IAC7D,MAAM,QAAQ,GAAG,8BAA8B,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACtE,MAAM,KAAK,GAAG,MAAM,EAAE,QAAQ,EAAE,0BAA0B,KAAK,IAAI,CAAC;IAEpE,6DAA6D;IAC7D,IAAI,OAAO,IAAI,CAAC,KAAK,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC7C,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CACrC,MAAqC,EACrC,OAAgB,EAChB,QAAiB;IAEjB,OAAO,sBAAsB,CAAC,+BAA+B,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;AAC5F,CAAC"}

package/dist/orchestrator/deploy/spawn.d.ts

@@ -0,0 +1,60 @@
+/**
+ * Deployer spawn-site integration surface (Sprint 20).
+ *
+ * Sprint 24 (/bober-incident CLI command) will call spawnDeployer() to:
+ *   1. Merge observability MCP tools (same pattern as the diagnoser — Sprint 16).
+ *   2. Load the bober-deployer agent definition.
+ *   3. Register the risky-action checkpoint callback (the gate that calls executeAction).
+ *
+ * This module exports the spawn helper and the RiskyActionCheckpointCallback type
+ * so Sprint 24 can wire without importing from internal deploy/ modules directly.
+ *
+ * Pattern:
+ * - mergeObsTools: from src/orchestrator/observability/merge.ts (Sprint 16)
+ * - loadAgentDefinition: from src/orchestrator/agent-loader.ts (Sprint 15 pattern)
+ *
+ * The deployer's tool list at spawn time:
+ *   [Read, Bash, Grep, Glob, ...namespacedObsTools]
+ *
+ * The risky-action callback:
+ *   Called once per ProposedAction that classifyCommand() classifies as risky.
+ *   Receives the action description, classification reasoning, and inverse.
+ *   Returns the checkpoint outcome (approved, rejected, or operator-edited).
+ *
+ * Sprint 24 integration point:
+ * ```typescript
+ * import { spawnDeployer } from "../orchestrator/deploy/spawn.js";
+ * const { agentDef, obsTools, stopObs } = await spawnDeployer(config, projectRoot);
+ * try {
+ *   // pass agentDef + obsTools to the agentic loop
+ * } finally {
+ *   await stopObs();
+ * }
+ * ```
+ */
+import type { AgentDefinition } from "../agent-loader.js";
+import type { NamespacedTool } from "../observability/index.js";
+import type { RiskyActionConfig } from "./resolve.js";
+export interface DeployerSpawnContext {
+    /** Loaded bober-deployer agent definition (frontmatter + body). */
+    agentDef: AgentDefinition;
+    /** Observability tools merged from configured providers. Namespaced obs__<provider>__<tool>. */
+    obsTools: NamespacedTool[];
+    /** Call in finally to stop all started observability MCP servers. */
+    stopObs: () => Promise<void>;
+}
+/**
+ * Prepare the deployer subagent's spawn context.
+ *
+ * Mirrors the diagnoser spawn pattern (Sprint 15/16):
+ *   1. Load the agent definition from agents/bober-deployer.md.
+ *   2. Merge observability MCP tools via Promise.allSettled (partial failure safe).
+ *   3. Return the spawn context for Sprint 24 to pass into the agentic loop.
+ *
+ * The caller MUST call stopObs() in a finally block to release observability MCP processes.
+ *
+ * @param config      - Pipeline config (controls allowAutopilotRiskyActions + mechanism resolution).
+ * @param projectRoot - Absolute path to the project root.
+ */
+export declare function spawnDeployer(config: RiskyActionConfig | undefined, projectRoot: string): Promise<DeployerSpawnContext>;
+//# sourceMappingURL=spawn.d.ts.map

package/dist/orchestrator/deploy/spawn.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"spawn.d.ts","sourceRoot":"","sources":["../../../src/orchestrator/deploy/spawn.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAIH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAC1D,OAAO,KAAK,EAAE,cAAc,EAAqB,MAAM,2BAA2B,CAAC;AACnF,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAItD,MAAM,WAAW,oBAAoB;IACnC,mEAAmE;IACnE,QAAQ,EAAE,eAAe,CAAC;IAC1B,gGAAgG;IAChG,QAAQ,EAAE,cAAc,EAAE,CAAC;IAC3B,qEAAqE;IACrE,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9B;AAID;;;;;;;;;;;;GAYG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,iBAAiB,GAAG,SAAS,EACrC,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,oBAAoB,CAAC,CAe/B"}