agentskeptic 3.4.0 → 3.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +109 -18
- package/dist/cli.js.map +1 -1
- package/dist/cliExecutionFinalize.d.ts +43 -0
- package/dist/cliExecutionFinalize.d.ts.map +1 -0
- package/dist/cliExecutionFinalize.js +149 -0
- package/dist/cliExecutionFinalize.js.map +1 -0
- package/dist/cliOperationalCodes.d.ts +4 -0
- package/dist/cliOperationalCodes.d.ts.map +1 -1
- package/dist/cliOperationalCodes.js +4 -0
- package/dist/cliOperationalCodes.js.map +1 -1
- package/dist/enforceCli.d.ts.map +1 -1
- package/dist/enforceCli.js +22 -3
- package/dist/enforceCli.js.map +1 -1
- package/dist/enforceStateful.d.ts.map +1 -1
- package/dist/enforceStateful.js +185 -97
- package/dist/enforceStateful.js.map +1 -1
- package/dist/execution-identity.v1.json +14 -0
- package/dist/executionIdentityVerifyCli.d.ts +7 -0
- package/dist/executionIdentityVerifyCli.d.ts.map +1 -0
- package/dist/executionIdentityVerifyCli.js +84 -0
- package/dist/executionIdentityVerifyCli.js.map +1 -0
- package/dist/mergeGateReceiptFinalize.d.ts +16 -0
- package/dist/mergeGateReceiptFinalize.d.ts.map +1 -0
- package/dist/mergeGateReceiptFinalize.js +40 -0
- package/dist/mergeGateReceiptFinalize.js.map +1 -0
- package/dist/operationalDisposition.d.ts +32 -0
- package/dist/operationalDisposition.d.ts.map +1 -1
- package/dist/operationalDisposition.js +32 -0
- package/dist/operationalDisposition.js.map +1 -1
- package/dist/publicDistribution.generated.d.ts +1 -1
- package/dist/publicDistribution.generated.js +1 -1
- package/dist/quickVerify/decomposeUnits.d.ts.map +1 -1
- package/dist/quickVerify/decomposeUnits.js +2 -1
- package/dist/quickVerify/decomposeUnits.js.map +1 -1
- package/dist/sdk/_generated/openapi-types.d.ts +77 -19
- package/dist/sdk/_generated/openapi-types.d.ts.map +1 -1
- package/dist/standardVerifyWorkflowCli.d.ts +2 -0
- package/dist/standardVerifyWorkflowCli.d.ts.map +1 -1
- package/dist/standardVerifyWorkflowCli.js +3 -0
- package/dist/standardVerifyWorkflowCli.js.map +1 -1
- package/dist/verificationReceipt.d.ts +44 -0
- package/dist/verificationReceipt.d.ts.map +1 -0
- package/dist/verificationReceipt.js +131 -0
- package/dist/verificationReceipt.js.map +1 -0
- package/dist/verify/batchVerifyTelemetrySubcommand.d.ts.map +1 -1
- package/dist/verify/batchVerifyTelemetrySubcommand.js +80 -16
- package/dist/verify/batchVerifyTelemetrySubcommand.js.map +1 -1
- package/package.json +4 -3
- package/schemas/agentskeptic-error-codes.json +28 -0
- package/schemas/ci/verification-truth.manifest.json +30 -1
- package/schemas/ci/verification-truth.manifest.schema.json +6 -1
- package/schemas/execution-identity-v1.schema.json +36 -0
- package/schemas/openapi-commercial-v1.in.yaml +92 -24
- package/schemas/openapi-commercial-v1.yaml +93 -25
- package/schemas/verification-receipt-v1.schema.json +108 -0
- package/scripts/emit-primary-marketing.cjs +1 -1
|
@@ -82,5 +82,9 @@ export const CLI_OPERATIONAL_CODES = {
|
|
|
82
82
|
EMIT_LANGGRAPH_CHECKPOINT_INVALID: "EMIT_LANGGRAPH_CHECKPOINT_INVALID",
|
|
83
83
|
EMIT_LINT_USAGE: "EMIT_LINT_USAGE",
|
|
84
84
|
EMIT_LINT_FAILED: "EMIT_LINT_FAILED",
|
|
85
|
+
RECEIPT_SCHEMA_INVALID: "RECEIPT_SCHEMA_INVALID",
|
|
86
|
+
RECEIPT_PERSIST_FAILED: "RECEIPT_PERSIST_FAILED",
|
|
87
|
+
EXECUTION_IDENTITY_MISMATCH: "EXECUTION_IDENTITY_MISMATCH",
|
|
88
|
+
EXECUTION_IDENTITY_USAGE: "EXECUTION_IDENTITY_USAGE",
|
|
85
89
|
};
|
|
86
90
|
//# sourceMappingURL=cliOperationalCodes.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cliOperationalCodes.js","sourceRoot":"","sources":["../src/cliOperationalCodes.ts"],"names":[],"mappings":"AAAA,yFAAyF;AAEzF,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,SAAS,EAAE,WAAW;IACtB,oBAAoB,EAAE,sBAAsB;IAC5C,oBAAoB,EAAE,sBAAsB;IAC5C,uBAAuB,EAAE,yBAAyB;IAClD,0BAA0B,EAAE,4BAA4B;IACxD,kBAAkB,EAAE,oBAAoB;IACxC,2BAA2B,EAAE,6BAA6B;IAC1D,4BAA4B,EAAE,8BAA8B;IAC5D,8BAA8B,EAAE,gCAAgC;IAChE,cAAc,EAAE,gBAAgB;IAChC,aAAa,EAAE,eAAe;IAC9B,yBAAyB,EAAE,2BAA2B;IACtD,4BAA4B,EAAE,8BAA8B;IAC5D,yBAAyB,EAAE,2BAA2B;IACtD,yBAAyB,EAAE,2BAA2B;IACtD,4BAA4B,EAAE,8BAA8B;IAC5D,+BAA+B,EAAE,iCAAiC;IAClE,qCAAqC,EAAE,uCAAuC;IAC9E,2BAA2B,EAAE,6BAA6B;IAC1D,2CAA2C,EAAE,6CAA6C;IAC1F,uBAAuB,EAAE,yBAAyB;IAClD,qBAAqB,EAAE,uBAAuB;IAC9C,4BAA4B,EAAE,8BAA8B;IAC5D,iCAAiC,EAAE,mCAAmC;IACtE,8BAA8B,EAAE,gCAAgC;IAChE,oCAAoC,EAAE,sCAAsC;IAC5E,4BAA4B,EAAE,8BAA8B;IAC5D,+BAA+B,EAAE,iCAAiC;IAClE,2BAA2B,EAAE,6BAA6B;IAC1D,0BAA0B,EAAE,4BAA4B;IACxD,mCAAmC,EAAE,qCAAqC;IAC1E,gCAAgC,EAAE,kCAAkC;IACpE,wCAAwC,EAAE,0CAA0C;IACpF,qBAAqB,EAAE,uBAAuB;IAC9C,2BAA2B,EAAE,6BAA6B;IAC1D,0BAA0B,EAAE,4BAA4B;IACxD,uBAAuB,EAAE,yBAAyB;IAClD,yBAAyB,EAAE,2BAA2B;IACtD,+BAA+B,EAAE,iCAAiC;IAClE,4BAA4B,EAAE,8BAA8B;IAC5D,8BAA8B,EAAE,gCAAgC;IAChE,iCAAiC,EAAE,mCAAmC;IACtE,oCAAoC,EAAE,sCAAsC;IAC5E,+BAA+B,EAAE,iCAAiC;IAClE,sBAAsB,EAAE,wBAAwB;IAChD,aAAa,EAAE,eAAe;IAC9B,sBAAsB,EAAE,wBAAwB;IAChD,iCAAiC,EAAE,mCAAmC;IACtE,eAAe,EAAE,iBAAiB;IAClC,8BAA8B,EAAE,gCAAgC;IAChE,8BAA8B,EAAE,gCAAgC;IAChE,iCAAiC,EAAE,mCAAmC;IACtE,6BAA6B,EAAE,+BAA+B;IAC9D,qBAAqB,EAAE,uBAAuB;IAC9C,+BAA+B,EAAE,iCAAiC;IAClE,4BAA4B,EAAE,8BAA8B;IAC5D,4BAA4B,EAAE,8BAA8B;IAC5D,+BAA+B,EAAE,iCAAiC;IAClE,sCAAsC,EAAE,wCAAwC;IAChF,qBAAqB,EAAE,uBAAuB;IAC9C,mBAAmB,EAAE,qBAAqB;IAC1C,cAAc,EAAE,gBAAgB;IAChC,yBAAyB,EAAE,2BAA2B;IACtD,8BAA8B,EAAE,gCAAgC;IAChE,kCAAkC,EAAE,oCAAoC;IACxE,iCAAiC,EAAE,mCAAmC;IACtE,mBAAmB,EAAE,qBAAqB;IAC1C,eAAe,EAAE,iBAAiB;IAClC,uBAAuB,EAAE,yBAAyB;IAClD,oBAAoB,EAAE,sBAAsB;IAC5C,uBAAuB,EAAE,yBAAyB;IAClD,qCAAqC,EAAE,uCAAuC;IAC9E,wBAAwB,EAAE,0BAA0B;IACpD,6BAA6B,EAAE,+BAA+B;IAC9D,cAAc,EAAE,gBAAgB;IAChC,gDAAgD,EAAE,kDAAkD;IACpG,wBAAwB,EAAE,0BAA0B;IACpD,oBAAoB,EAAE,sBAAsB;IAC5C,6BAA6B,EAAE,+BAA+B;IAC9D,iCAAiC,EAAE,mCAAmC;IACtE,eAAe,EAAE,iBAAiB;IAClC,gBAAgB,EAAE,kBAAkB;
|
|
1
|
+
{"version":3,"file":"cliOperationalCodes.js","sourceRoot":"","sources":["../src/cliOperationalCodes.ts"],"names":[],"mappings":"AAAA,yFAAyF;AAEzF,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,SAAS,EAAE,WAAW;IACtB,oBAAoB,EAAE,sBAAsB;IAC5C,oBAAoB,EAAE,sBAAsB;IAC5C,uBAAuB,EAAE,yBAAyB;IAClD,0BAA0B,EAAE,4BAA4B;IACxD,kBAAkB,EAAE,oBAAoB;IACxC,2BAA2B,EAAE,6BAA6B;IAC1D,4BAA4B,EAAE,8BAA8B;IAC5D,8BAA8B,EAAE,gCAAgC;IAChE,cAAc,EAAE,gBAAgB;IAChC,aAAa,EAAE,eAAe;IAC9B,yBAAyB,EAAE,2BAA2B;IACtD,4BAA4B,EAAE,8BAA8B;IAC5D,yBAAyB,EAAE,2BAA2B;IACtD,yBAAyB,EAAE,2BAA2B;IACtD,4BAA4B,EAAE,8BAA8B;IAC5D,+BAA+B,EAAE,iCAAiC;IAClE,qCAAqC,EAAE,uCAAuC;IAC9E,2BAA2B,EAAE,6BAA6B;IAC1D,2CAA2C,EAAE,6CAA6C;IAC1F,uBAAuB,EAAE,yBAAyB;IAClD,qBAAqB,EAAE,uBAAuB;IAC9C,4BAA4B,EAAE,8BAA8B;IAC5D,iCAAiC,EAAE,mCAAmC;IACtE,8BAA8B,EAAE,gCAAgC;IAChE,oCAAoC,EAAE,sCAAsC;IAC5E,4BAA4B,EAAE,8BAA8B;IAC5D,+BAA+B,EAAE,iCAAiC;IAClE,2BAA2B,EAAE,6BAA6B;IAC1D,0BAA0B,EAAE,4BAA4B;IACxD,mCAAmC,EAAE,qCAAqC;IAC1E,gCAAgC,EAAE,kCAAkC;IACpE,wCAAwC,EAAE,0CAA0C;IACpF,qBAAqB,EAAE,uBAAuB;IAC9C,2BAA2B,EAAE,6BAA6B;IAC1D,0BAA0B,EAAE,4BAA4B;IACxD,uBAAuB,EAAE,yBAAyB;IAClD,yBAAyB,EAAE,2BAA2B;IACtD,+BAA+B,EAAE,iCAAiC;IAClE,4BAA4B,EAAE,8BAA8B;IAC5D,8BAA8B,EAAE,gCAAgC;IAChE,iCAAiC,EAAE,mCAAmC;IACtE,oCAAoC,EAAE,sCAAsC;IAC5E,+BAA+B,EAAE,iCAAiC;IAClE,sBAAsB,EAAE,wBAAwB;IAChD,aAAa,EAAE,eAAe;IAC9B,sBAAsB,EAAE,wBAAwB;IAChD,iCAAiC,EAAE,mCAAmC;IACtE,eAAe,EAAE,iBAAiB;IAClC,8BAA8B,EAAE,gCAAgC;IAChE,8BAA8B,EAAE,gCAAgC;IAChE,iCAAiC,EAAE,mCAAmC;IACtE,6BAA6B,EAAE,+BAA+B;IAC9D,qBAAqB,EAAE,uBAAuB;IAC9C,+BAA+B,EAAE,iCAAiC;IAClE,4BAA4B,EAAE,8BAA8B;IAC5D,4BAA4B,EAAE,8BAA8B;IAC5D,+BAA+B,EAAE,iCAAiC;IAClE,sCAAsC,EAAE,wCAAwC;IAChF,qBAAqB,EAAE,uBAAuB;IAC9C,mBAAmB,EAAE,qBAAqB;IAC1C,cAAc,EAAE,gBAAgB;IAChC,yBAAyB,EAAE,2BAA2B;IACtD,8BAA8B,EAAE,gCAAgC;IAChE,kCAAkC,EAAE,oCAAoC;IACxE,iCAAiC,EAAE,mCAAmC;IACtE,mBAAmB,EAAE,qBAAqB;IAC1C,eAAe,EAAE,iBAAiB;IAClC,uBAAuB,EAAE,yBAAyB;IAClD,oBAAoB,EAAE,sBAAsB;IAC5C,uBAAuB,EAAE,yBAAyB;IAClD,qCAAqC,EAAE,uCAAuC;IAC9E,wBAAwB,EAAE,0BAA0B;IACpD,6BAA6B,EAAE,+BAA+B;IAC9D,cAAc,EAAE,gBAAgB;IAChC,gDAAgD,EAAE,kDAAkD;IACpG,wBAAwB,EAAE,0BAA0B;IACpD,oBAAoB,EAAE,sBAAsB;IAC5C,6BAA6B,EAAE,+BAA+B;IAC9D,iCAAiC,EAAE,mCAAmC;IACtE,eAAe,EAAE,iBAAiB;IAClC,gBAAgB,EAAE,kBAAkB;IACpC,sBAAsB,EAAE,wBAAwB;IAChD,sBAAsB,EAAE,wBAAwB;IAChD,2BAA2B,EAAE,6BAA6B;IAC1D,wBAAwB,EAAE,0BAA0B;CAC5C,CAAC"}
|
package/dist/enforceCli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforceCli.d.ts","sourceRoot":"","sources":["../src/enforceCli.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"enforceCli.d.ts","sourceRoot":"","sources":["../src/enforceCli.ts"],"names":[],"mappings":"AAUA,wFAAwF;AACxF,eAAO,MAAM,wBAAwB,wXACkV,CAAC;AAuBxX,wBAAsB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsC9D"}
|
package/dist/enforceCli.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { CLI_OPERATIONAL_CODES, cliErrorEnvelope, formatOperationalMessage, } from "./failureCatalog.js";
|
|
2
2
|
import { TruthLayerError } from "./truthLayerError.js";
|
|
3
3
|
import { LICENSE_PREFLIGHT_ENABLED } from "./generated/commercialBuildFlags.js";
|
|
4
|
+
import { exitAfterEnforceCliReceipt } from "./cliExecutionFinalize.js";
|
|
4
5
|
import { runStatefulEnforce } from "./enforceStateful.js";
|
|
5
6
|
/** User-facing message for OSS builds when `enforce` is invoked; exported for tests. */
|
|
6
7
|
export const ENFORCE_OSS_GATE_MESSAGE = "The OSS build cannot run agentskeptic enforce (CI lock gating). Install the published npm package agentskeptic, set AGENTSKEPTIC_API_KEY (legacy WORKFLOW_VERIFIER_API_KEY accepted), and point COMMERCIAL_LICENSE_API_BASE_URL at your license server; or run npm run build:commercial with COMMERCIAL_LICENSE_API_BASE_URL set. Policy: docs/commercial-enforce-gate-normative.md";
|
|
@@ -30,7 +31,13 @@ export async function runEnforce(args) {
|
|
|
30
31
|
}
|
|
31
32
|
if (!LICENSE_PREFLIGHT_ENABLED) {
|
|
32
33
|
writeCliError(CLI_OPERATIONAL_CODES.ENFORCE_REQUIRES_COMMERCIAL_BUILD, ENFORCE_OSS_GATE_MESSAGE);
|
|
33
|
-
|
|
34
|
+
exitAfterEnforceCliReceipt({
|
|
35
|
+
parsedBatch: null,
|
|
36
|
+
quick: null,
|
|
37
|
+
exitCode: 3,
|
|
38
|
+
operationalCode: CLI_OPERATIONAL_CODES.ENFORCE_REQUIRES_COMMERCIAL_BUILD,
|
|
39
|
+
certificate: null,
|
|
40
|
+
});
|
|
34
41
|
}
|
|
35
42
|
try {
|
|
36
43
|
await runStatefulEnforce(args);
|
|
@@ -38,11 +45,23 @@ export async function runEnforce(args) {
|
|
|
38
45
|
catch (e) {
|
|
39
46
|
if (e instanceof TruthLayerError) {
|
|
40
47
|
writeCliError(e.code, e.message);
|
|
41
|
-
|
|
48
|
+
exitAfterEnforceCliReceipt({
|
|
49
|
+
parsedBatch: null,
|
|
50
|
+
quick: null,
|
|
51
|
+
exitCode: 3,
|
|
52
|
+
operationalCode: e.code,
|
|
53
|
+
certificate: null,
|
|
54
|
+
});
|
|
42
55
|
}
|
|
43
56
|
const msg = e instanceof Error ? e.message : String(e);
|
|
44
57
|
writeCliError(CLI_OPERATIONAL_CODES.INTERNAL_ERROR, formatOperationalMessage(msg));
|
|
45
|
-
|
|
58
|
+
exitAfterEnforceCliReceipt({
|
|
59
|
+
parsedBatch: null,
|
|
60
|
+
quick: null,
|
|
61
|
+
exitCode: 3,
|
|
62
|
+
operationalCode: CLI_OPERATIONAL_CODES.INTERNAL_ERROR,
|
|
63
|
+
certificate: null,
|
|
64
|
+
});
|
|
46
65
|
}
|
|
47
66
|
}
|
|
48
67
|
//# sourceMappingURL=enforceCli.js.map
|
package/dist/enforceCli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforceCli.js","sourceRoot":"","sources":["../src/enforceCli.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,wFAAwF;AACxF,MAAM,CAAC,MAAM,wBAAwB,GACnC,qXAAqX,CAAC;AAExX,SAAS,aAAa,CAAC,IAAY,EAAE,OAAe;IAClD,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,YAAY;IACnB,OAAO;;;;;;;;;;;;;4CAamC,CAAC;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAAc;IAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,CAAC,yBAAyB,EAAE,CAAC;QAC/B,aAAa,CAAC,qBAAqB,CAAC,iCAAiC,EAAE,wBAAwB,CAAC,CAAC;QACjG,
|
|
1
|
+
{"version":3,"file":"enforceCli.js","sourceRoot":"","sources":["../src/enforceCli.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,qBAAqB,EACrB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AACvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,wFAAwF;AACxF,MAAM,CAAC,MAAM,wBAAwB,GACnC,qXAAqX,CAAC;AAExX,SAAS,aAAa,CAAC,IAAY,EAAE,OAAe;IAClD,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,YAAY;IACnB,OAAO;;;;;;;;;;;;;4CAamC,CAAC;AAC7C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAAc;IAC7C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC;QAC5B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,CAAC,yBAAyB,EAAE,CAAC;QAC/B,aAAa,CAAC,qBAAqB,CAAC,iCAAiC,EAAE,wBAAwB,CAAC,CAAC;QACjG,0BAA0B,CAAC;YACzB,WAAW,EAAE,IAAI;YACjB,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,CAAC;YACX,eAAe,EAAE,qBAAqB,CAAC,iCAAiC;YACxE,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC;QACH,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,YAAY,eAAe,EAAE,CAAC;YACjC,aAAa,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC;YACjC,0BAA0B,CAAC;gBACzB,WAAW,EAAE,IAAI;gBACjB,KAAK,EAAE,IAAI;gBACX,QAAQ,EAAE,CAAC;gBACX,eAAe,EAAE,CAAC,CAAC,IAAI;gBACvB,WAAW,EAAE,IAAI;aAClB,CAAC,CAAC;QACL,CAAC;QACD,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,aAAa,CAAC,qBAAqB,CAAC,cAAc,EAAE,wBAAwB,CAAC,GAAG,CAAC,CAAC,CAAC;QACnF,0BAA0B,CAAC;YACzB,WAAW,EAAE,IAAI;YACjB,KAAK,EAAE,IAAI;YACX,QAAQ,EAAE,CAAC;YACX,eAAe,EAAE,qBAAqB,CAAC,cAAc;YACrD,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforceStateful.d.ts","sourceRoot":"","sources":["../src/enforceStateful.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"enforceStateful.d.ts","sourceRoot":"","sources":["../src/enforceStateful.ts"],"names":[],"mappings":"AAgEA,wBAAsB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA+MtE"}
|
package/dist/enforceStateful.js
CHANGED
|
@@ -1,16 +1,17 @@
|
|
|
1
1
|
import { randomUUID } from "node:crypto";
|
|
2
|
-
import { CLI_OPERATIONAL_CODES } from "./cliOperationalCodes.js";
|
|
3
2
|
import { parseBatchVerifyCliArgs, parseQuickCliArgs } from "./cliArgv.js";
|
|
4
|
-
import {
|
|
5
|
-
import {
|
|
6
|
-
import {
|
|
3
|
+
import { CLI_OPERATIONAL_CODES } from "./cliOperationalCodes.js";
|
|
4
|
+
import { exitAfterEnforceCliReceipt } from "./cliExecutionFinalize.js";
|
|
5
|
+
import { cliErrorEnvelope, formatOperationalMessage } from "./failureCatalog.js";
|
|
6
|
+
import { canonicalCertificateSha256, materialTruthSha256 } from "./governanceEvidence.js";
|
|
7
|
+
import { buildOutcomeCertificateFromQuickReport, buildOutcomeCertificateFromWorkflowResult, } from "./outcomeCertificate.js";
|
|
7
8
|
import { stableStringify } from "./jsonStableStringify.js";
|
|
8
9
|
import { runLicensePreflightIfNeeded } from "./commercial/licensePreflight.js";
|
|
9
|
-
import {
|
|
10
|
-
import { postEnforcementJson } from "./sdk/transport.js";
|
|
11
|
-
import { buildOutcomeCertificateFromQuickReport, buildOutcomeCertificateFromWorkflowResult } from "./outcomeCertificate.js";
|
|
10
|
+
import { verifyWorkflow } from "./pipeline.js";
|
|
12
11
|
import { runQuickVerifyToValidatedReport } from "./quickVerify/runQuickVerify.js";
|
|
13
|
-
import {
|
|
12
|
+
import { postEnforcementJson } from "./sdk/transport.js";
|
|
13
|
+
import { runBatchVerifyToValidatedResult } from "./standardVerifyWorkflowCli.js";
|
|
14
|
+
import { TruthLayerError } from "./truthLayerError.js";
|
|
14
15
|
function parseEnforceMode(args) {
|
|
15
16
|
const hasCreate = args.includes("--create-baseline");
|
|
16
17
|
const hasAccept = args.includes("--accept-drift");
|
|
@@ -27,8 +28,7 @@ function stripEnforceModeArgs(args) {
|
|
|
27
28
|
return args.filter((a) => a !== "--create-baseline" && a !== "--accept-drift");
|
|
28
29
|
}
|
|
29
30
|
function apiKeyOrThrow() {
|
|
30
|
-
const apiKey = process.env.AGENTSKEPTIC_API_KEY?.trim() ||
|
|
31
|
-
process.env.WORKFLOW_VERIFIER_API_KEY?.trim();
|
|
31
|
+
const apiKey = process.env.AGENTSKEPTIC_API_KEY?.trim() || process.env.WORKFLOW_VERIFIER_API_KEY?.trim();
|
|
32
32
|
if (!apiKey) {
|
|
33
33
|
throw new TruthLayerError(CLI_OPERATIONAL_CODES.LICENSE_KEY_MISSING, "Commercial agentskeptic enforce requires AGENTSKEPTIC_API_KEY.");
|
|
34
34
|
}
|
|
@@ -38,96 +38,184 @@ async function postEnforcementState(path, payload) {
|
|
|
38
38
|
const apiKey = apiKeyOrThrow();
|
|
39
39
|
return postEnforcementJson({ path, payload, apiKey });
|
|
40
40
|
}
|
|
41
|
+
function writeOperationalErr(code, message) {
|
|
42
|
+
console.error(cliErrorEnvelope(code, formatOperationalMessage(message)));
|
|
43
|
+
}
|
|
41
44
|
export async function runStatefulEnforce(args) {
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
45
|
+
let parsedBatch = null;
|
|
46
|
+
let pq = null;
|
|
47
|
+
let certificate = null;
|
|
48
|
+
try {
|
|
49
|
+
const mode = parseEnforceMode(args);
|
|
50
|
+
const stripped = stripEnforceModeArgs(args);
|
|
51
|
+
const isQuick = stripped.includes("--input") ||
|
|
52
|
+
stripped.includes("--export-registry") ||
|
|
53
|
+
stripped.includes("--emit-events");
|
|
54
|
+
const runId = process.env.AGENTSKEPTIC_RUN_ID?.trim() ||
|
|
55
|
+
process.env.WORKFLOW_VERIFIER_RUN_ID?.trim() ||
|
|
56
|
+
randomUUID();
|
|
57
|
+
await runLicensePreflightIfNeeded("enforce", { runId, xRequestId: randomUUID() });
|
|
58
|
+
let terminalStatus;
|
|
59
|
+
let workflowId;
|
|
60
|
+
if (isQuick) {
|
|
61
|
+
const q = parseQuickCliArgs(stripped);
|
|
62
|
+
pq = q;
|
|
63
|
+
const out = await runQuickVerifyToValidatedReport({
|
|
64
|
+
inputUtf8: q.inputPath === "-"
|
|
65
|
+
? await new Promise((resolve, reject) => {
|
|
66
|
+
let s = "";
|
|
67
|
+
process.stdin.setEncoding("utf8");
|
|
68
|
+
process.stdin.on("data", (d) => {
|
|
69
|
+
s += d;
|
|
70
|
+
});
|
|
71
|
+
process.stdin.on("end", () => resolve(s));
|
|
72
|
+
process.stdin.on("error", reject);
|
|
73
|
+
})
|
|
74
|
+
: await import("node:fs/promises").then((m) => m.readFile(q.inputPath, "utf8")),
|
|
75
|
+
postgresUrl: q.postgresUrl ?? undefined,
|
|
76
|
+
sqlitePath: q.dbPath ?? undefined,
|
|
77
|
+
});
|
|
78
|
+
workflowId = q.workflowIdQuick;
|
|
79
|
+
certificate = buildOutcomeCertificateFromQuickReport({
|
|
80
|
+
report: out.report,
|
|
81
|
+
workflowId: q.workflowIdQuick,
|
|
82
|
+
humanReportOptions: {
|
|
83
|
+
workflowId: q.workflowIdQuick,
|
|
84
|
+
eventsPath: q.emitEventsPath ?? undefined,
|
|
85
|
+
registryPath: q.exportPath,
|
|
86
|
+
dbFlag: q.dbPath ?? undefined,
|
|
87
|
+
postgresUrl: q.postgresUrl !== undefined,
|
|
88
|
+
},
|
|
89
|
+
});
|
|
90
|
+
terminalStatus =
|
|
91
|
+
out.report.verdict === "pass" ? "complete"
|
|
92
|
+
: out.report.verdict === "fail" ? "inconsistent"
|
|
93
|
+
: "incomplete";
|
|
94
|
+
}
|
|
95
|
+
else {
|
|
96
|
+
const parsed = parseBatchVerifyCliArgs(stripped);
|
|
97
|
+
parsedBatch = parsed;
|
|
98
|
+
const wf = await runBatchVerifyToValidatedResult(() => verifyWorkflow({
|
|
99
|
+
workflowId: parsed.workflowId,
|
|
100
|
+
eventsPath: parsed.eventsPath,
|
|
101
|
+
registryPath: parsed.registryPath,
|
|
102
|
+
database: parsed.database,
|
|
103
|
+
verificationPolicy: parsed.verificationPolicy,
|
|
104
|
+
truthReport: parsed.noHumanReport ? () => { } : (report) => process.stderr.write(`${report}\n`),
|
|
105
|
+
}));
|
|
106
|
+
workflowId = parsed.workflowId;
|
|
107
|
+
certificate = buildOutcomeCertificateFromWorkflowResult(wf, "contract_sql");
|
|
108
|
+
terminalStatus =
|
|
109
|
+
wf.status === "complete" ? "complete"
|
|
110
|
+
: wf.status === "inconsistent" ? "inconsistent"
|
|
111
|
+
: "incomplete";
|
|
112
|
+
}
|
|
113
|
+
const payload = {
|
|
114
|
+
schema_version: 2,
|
|
115
|
+
run_id: runId,
|
|
116
|
+
workflow_id: workflowId,
|
|
117
|
+
outcome_certificate_v1: certificate,
|
|
118
|
+
material_truth_sha256: materialTruthSha256(certificate),
|
|
119
|
+
certificate_sha256: canonicalCertificateSha256(certificate),
|
|
120
|
+
};
|
|
121
|
+
if (mode === "accept-drift") {
|
|
122
|
+
const expected = process.env.AGENTSKEPTIC_ENFORCE_EXPECTED_PROJECTION_HASH?.trim() ||
|
|
123
|
+
process.env.WORKFLOW_VERIFIER_ENFORCE_EXPECTED_PROJECTION_HASH?.trim();
|
|
124
|
+
const verRaw = process.env.AGENTSKEPTIC_ENFORCE_LIFECYCLE_STATE_VERSION?.trim() ||
|
|
125
|
+
process.env.WORKFLOW_VERIFIER_ENFORCE_LIFECYCLE_STATE_VERSION?.trim();
|
|
126
|
+
const lifecycle_state_version = verRaw !== undefined && verRaw !== "" ? Number.parseInt(verRaw, 10) : NaN;
|
|
127
|
+
if (!expected || !Number.isInteger(lifecycle_state_version)) {
|
|
128
|
+
throw new TruthLayerError(CLI_OPERATIONAL_CODES.ENFORCE_USAGE, "For --accept-drift, set AGENTSKEPTIC_ENFORCE_EXPECTED_PROJECTION_HASH and AGENTSKEPTIC_ENFORCE_LIFECYCLE_STATE_VERSION from the prior hosted enforce POST /check response (fields expected_projection_hash_for_accept and lifecycle_state_version).");
|
|
129
|
+
}
|
|
130
|
+
payload.expected_projection_hash = expected;
|
|
131
|
+
payload.lifecycle_state_version = lifecycle_state_version;
|
|
132
|
+
}
|
|
133
|
+
const route = mode === "create-baseline" ? "/api/v1/enforcement/baselines"
|
|
134
|
+
: mode === "accept-drift" ? "/api/v1/enforcement/accept"
|
|
135
|
+
: "/api/v1/enforcement/check";
|
|
136
|
+
const stateRes = await postEnforcementState(route, payload);
|
|
137
|
+
if (!stateRes.ok) {
|
|
138
|
+
const o = typeof stateRes.body === "object" && stateRes.body !== null ?
|
|
139
|
+
stateRes.body
|
|
140
|
+
: {};
|
|
141
|
+
const problemCode = typeof o.code === "string" && o.code.trim() ? o.code : `HTTP_${stateRes.status}`;
|
|
142
|
+
const problemHint = typeof o.message === "string"
|
|
143
|
+
? o.message
|
|
144
|
+
: typeof o.detail === "string"
|
|
145
|
+
? o.detail
|
|
146
|
+
: typeof o.next_action === "string"
|
|
147
|
+
? o.next_action
|
|
148
|
+
: `HTTP ${stateRes.status}`;
|
|
149
|
+
throw new TruthLayerError(CLI_OPERATIONAL_CODES.LICENSE_DENIED, `${problemCode}: ${problemHint}${stateRes.requestId ? ` [x-request-id=${stateRes.requestId}]` : ""}`);
|
|
150
|
+
}
|
|
151
|
+
process.stdout.write(`${stableStringify({ schemaVersion: 2, enforce: stateRes.body })}\n`);
|
|
152
|
+
const resBody = typeof stateRes.body === "object" && stateRes.body !== null ?
|
|
153
|
+
stateRes.body
|
|
154
|
+
: {};
|
|
155
|
+
const resultStatus = typeof resBody.result_status === "string" ? String(resBody.result_status) : undefined;
|
|
156
|
+
if (route === "/api/v1/enforcement/check" && (resultStatus === "drift" || resultStatus === "rerun_fail")) {
|
|
157
|
+
const msg = resultStatus === "rerun_fail" ? "Hosted enforce reported rerun failure against baseline." : "Drift detected.";
|
|
158
|
+
console.error(cliErrorEnvelope(CLI_OPERATIONAL_CODES.VERIFICATION_OUTPUT_LOCK_MISMATCH, msg));
|
|
159
|
+
exitAfterEnforceCliReceipt({
|
|
160
|
+
parsedBatch,
|
|
161
|
+
quick: pq,
|
|
162
|
+
exitCode: 4,
|
|
163
|
+
operationalCode: null,
|
|
164
|
+
certificate,
|
|
165
|
+
enforceExitKindDrift: true,
|
|
166
|
+
});
|
|
167
|
+
}
|
|
168
|
+
/** Legacy envelope (schema_version 1) surfaced `status`; keep for mocks / older gateways. */
|
|
169
|
+
const legacyStatus = typeof resBody.status === "string" ? String(resBody.status ?? "ok") : "ok";
|
|
170
|
+
if (legacyStatus === "drift") {
|
|
171
|
+
console.error(cliErrorEnvelope(CLI_OPERATIONAL_CODES.VERIFICATION_OUTPUT_LOCK_MISMATCH, "Drift detected."));
|
|
172
|
+
exitAfterEnforceCliReceipt({
|
|
173
|
+
parsedBatch,
|
|
174
|
+
quick: pq,
|
|
175
|
+
exitCode: 4,
|
|
176
|
+
operationalCode: null,
|
|
177
|
+
certificate,
|
|
178
|
+
enforceExitKindDrift: true,
|
|
179
|
+
});
|
|
180
|
+
}
|
|
181
|
+
if (terminalStatus === "complete") {
|
|
182
|
+
exitAfterEnforceCliReceipt({
|
|
183
|
+
parsedBatch,
|
|
184
|
+
quick: pq,
|
|
185
|
+
exitCode: 0,
|
|
186
|
+
operationalCode: null,
|
|
187
|
+
certificate,
|
|
188
|
+
});
|
|
189
|
+
}
|
|
190
|
+
if (terminalStatus === "inconsistent") {
|
|
191
|
+
exitAfterEnforceCliReceipt({
|
|
192
|
+
parsedBatch,
|
|
193
|
+
quick: pq,
|
|
194
|
+
exitCode: 1,
|
|
195
|
+
operationalCode: null,
|
|
196
|
+
certificate,
|
|
197
|
+
});
|
|
198
|
+
}
|
|
199
|
+
exitAfterEnforceCliReceipt({
|
|
200
|
+
parsedBatch,
|
|
201
|
+
quick: pq,
|
|
202
|
+
exitCode: 2,
|
|
203
|
+
operationalCode: null,
|
|
204
|
+
certificate,
|
|
78
205
|
});
|
|
79
|
-
terminalStatus =
|
|
80
|
-
out.report.verdict === "pass" ? "complete"
|
|
81
|
-
: out.report.verdict === "fail" ? "inconsistent"
|
|
82
|
-
: "incomplete";
|
|
83
|
-
}
|
|
84
|
-
else {
|
|
85
|
-
const parsed = parseBatchVerifyCliArgs(stripped);
|
|
86
|
-
const wf = await runBatchVerifyToValidatedResult(() => verifyWorkflow({
|
|
87
|
-
workflowId: parsed.workflowId,
|
|
88
|
-
eventsPath: parsed.eventsPath,
|
|
89
|
-
registryPath: parsed.registryPath,
|
|
90
|
-
database: parsed.database,
|
|
91
|
-
verificationPolicy: parsed.verificationPolicy,
|
|
92
|
-
truthReport: parsed.noHumanReport ? () => { } : (report) => process.stderr.write(`${report}\n`),
|
|
93
|
-
}));
|
|
94
|
-
workflowId = parsed.workflowId;
|
|
95
|
-
certificate = buildOutcomeCertificateFromWorkflowResult(wf, "contract_sql");
|
|
96
|
-
terminalStatus =
|
|
97
|
-
wf.status === "complete" ? "complete"
|
|
98
|
-
: wf.status === "inconsistent" ? "inconsistent"
|
|
99
|
-
: "incomplete";
|
|
100
|
-
}
|
|
101
|
-
const payload = {
|
|
102
|
-
schema_version: 2,
|
|
103
|
-
run_id: runId,
|
|
104
|
-
workflow_id: workflowId,
|
|
105
|
-
outcome_certificate_v1: certificate,
|
|
106
|
-
material_truth_sha256: materialTruthSha256(certificate),
|
|
107
|
-
certificate_sha256: canonicalCertificateSha256(certificate),
|
|
108
|
-
};
|
|
109
|
-
const route = mode === "create-baseline" ? "/api/v1/enforcement/baselines"
|
|
110
|
-
: mode === "accept-drift" ? "/api/v1/enforcement/accept"
|
|
111
|
-
: "/api/v1/enforcement/check";
|
|
112
|
-
const stateRes = await postEnforcementState(route, payload);
|
|
113
|
-
if (!stateRes.ok) {
|
|
114
|
-
const detail = typeof stateRes.body === "object" && stateRes.body !== null && "detail" in stateRes.body
|
|
115
|
-
? String(stateRes.body.detail ?? `HTTP ${stateRes.status}`)
|
|
116
|
-
: `HTTP ${stateRes.status}`;
|
|
117
|
-
throw new TruthLayerError(CLI_OPERATIONAL_CODES.LICENSE_DENIED, `${detail}${stateRes.requestId ? ` [x-request-id=${stateRes.requestId}]` : ""}`);
|
|
118
206
|
}
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
207
|
+
catch (e) {
|
|
208
|
+
if (e instanceof TruthLayerError) {
|
|
209
|
+
writeOperationalErr(e.code, e.message);
|
|
210
|
+
exitAfterEnforceCliReceipt({
|
|
211
|
+
parsedBatch,
|
|
212
|
+
quick: pq,
|
|
213
|
+
exitCode: 3,
|
|
214
|
+
operationalCode: e.code,
|
|
215
|
+
certificate,
|
|
216
|
+
});
|
|
217
|
+
}
|
|
218
|
+
throw e;
|
|
126
219
|
}
|
|
127
|
-
if (terminalStatus === "complete")
|
|
128
|
-
process.exit(0);
|
|
129
|
-
if (terminalStatus === "inconsistent")
|
|
130
|
-
process.exit(1);
|
|
131
|
-
process.exit(2);
|
|
132
220
|
}
|
|
133
221
|
//# sourceMappingURL=enforceStateful.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforceStateful.js","sourceRoot":"","sources":["../src/enforceStateful.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"enforceStateful.js","sourceRoot":"","sources":["../src/enforceStateful.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,uBAAuB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAC;AACvE,OAAO,EAAE,gBAAgB,EAAE,wBAAwB,EAAE,MAAM,qBAAqB,CAAC;AACjF,OAAO,EAAE,0BAA0B,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC1F,OAAO,EACL,sCAAsC,EACtC,yCAAyC,GAE1C,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,+BAA+B,EAAE,MAAM,iCAAiC,CAAC;AAClF,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,+BAA+B,EAAE,MAAM,gCAAgC,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAIvD,SAAS,gBAAgB,CAAC,IAAc;IACtC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;IAClD,IAAI,SAAS,IAAI,SAAS,EAAE,CAAC;QAC3B,MAAM,IAAI,eAAe,CACvB,qBAAqB,CAAC,aAAa,EACnC,yDAAyD,CAC1D,CAAC;IACJ,CAAC;IACD,IAAI,SAAS;QAAE,OAAO,iBAAiB,CAAC;IACxC,IAAI,SAAS;QAAE,OAAO,cAAc,CAAC;IACrC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,oBAAoB,CAAC,IAAc;IAC1C,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,mBAAmB,IAAI,CAAC,KAAK,gBAAgB,CAAC,CAAC;AACjF,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,MAAM,GACV,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,IAAI,EAAE,IAAI,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE,IAAI,EAAE,CAAC;IAC5F,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,eAAe,CACvB,qBAAqB,CAAC,mBAAmB,EACzC,gEAAgE,CACjE,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,IAAkG,EAClG,OAAgC;IAEhC,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;IAC/B,OAAO,mBAAmB,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAY,EAAE,OAAe;IACxD,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,IAAI,EAAE,wBAAwB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,IAAc;IACrD,IAAI,WAAW,GAAgC,IAAI,CAAC;IACpD,IAAI,EAAE,GAA0B,IAAI,CAAC;IACrC,IAAI,WAAW,GAAgC,IAAI,CAAC;IAEpD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACpC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;QAC5C,MAAM,OAAO,GACX,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;YAC5B,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YACtC,QAAQ,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;QAErC,MAAM,KAAK,GACT,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,IAAI,EAAE;YACvC,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,IAAI,EAAE;YAC5C,UAAU,EAAE,CAAC;QACf,MAAM,2BAA2B,CAAC,SAAS,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;QAElF,IAAI,cAA0D,CAAC;QAC/D,IAAI,UAAkB,CAAC;QACvB,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACtC,EAAE,GAAG,CAAC,CAAC;YACP,MAAM,GAAG,GAAG,MAAM,+BAA+B,CAAC;gBAChD,SAAS,EACP,CAAC,CAAC,SAAS,KAAK,GAAG;oBACjB,CAAC,CAAC,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;wBAC5C,IAAI,CAAC,GAAG,EAAE,CAAC;wBACX,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;wBAClC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE;4BAC7B,CAAC,IAAI,CAAC,CAAC;wBACT,CAAC,CAAC,CAAC;wBACH,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;wBAC1C,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;oBACpC,CAAC,CAAC;oBACJ,CAAC,CAAC,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;gBACnF,WAAW,EAAE,CAAC,CAAC,WAAW,IAAI,SAAS;gBACvC,UAAU,EAAE,CAAC,CAAC,MAAM,IAAI,SAAS;aAClC,CAAC,CAAC;YACH,UAAU,GAAG,CAAC,CAAC,eAAe,CAAC;YAC/B,WAAW,GAAG,sCAAsC,CAAC;gBACnD,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,UAAU,EAAE,CAAC,CAAC,eAAe;gBAC7B,kBAAkB,EAAE;oBAClB,UAAU,EAAE,CAAC,CAAC,eAAe;oBAC7B,UAAU,EAAE,CAAC,CAAC,cAAc,IAAI,SAAS;oBACzC,YAAY,EAAE,CAAC,CAAC,UAAU;oBAC1B,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,SAAS;oBAC7B,WAAW,EAAE,CAAC,CAAC,WAAW,KAAK,SAAS;iBACzC;aACF,CAAC,CAAC;YACH,cAAc;gBACZ,GAAG,CAAC,MAAM,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,CAAC,UAAU;oBAC1C,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,KAAK,MAAM,CAAC,CAAC,CAAC,cAAc;wBAChD,CAAC,CAAC,YAAY,CAAC;QACnB,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAG,uBAAuB,CAAC,QAAQ,CAAC,CAAC;YACjD,WAAW,GAAG,MAAM,CAAC;YACrB,MAAM,EAAE,GAAG,MAAM,+BAA+B,CAAC,GAAG,EAAE,CACpD,cAAc,CAAC;gBACb,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;gBAC7C,WAAW,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,IAAI,CAAC;aAC/F,CAAC,CACH,CAAC;YACF,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;YAC/B,WAAW,GAAG,yCAAyC,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;YAC5E,cAAc;gBACZ,EAAE,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,UAAU;oBACrC,CAAC,CAAC,EAAE,CAAC,MAAM,KAAK,cAAc,CAAC,CAAC,CAAC,cAAc;wBAC/C,CAAC,CAAC,YAAY,CAAC;QACnB,CAAC;QACD,MAAM,OAAO,GAA4B;YACvC,cAAc,EAAE,CAAC;YACjB,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,UAAU;YACvB,sBAAsB,EAAE,WAAW;YACnC,qBAAqB,EAAE,mBAAmB,CAAC,WAAW,CAAC;YACvD,kBAAkB,EAAE,0BAA0B,CAAC,WAAW,CAAC;SAC5D,CAAC;QAEF,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAC5B,MAAM,QAAQ,GACZ,OAAO,CAAC,GAAG,CAAC,6CAA6C,EAAE,IAAI,EAAE;gBACjE,OAAO,CAAC,GAAG,CAAC,kDAAkD,EAAE,IAAI,EAAE,CAAC;YACzE,MAAM,MAAM,GACV,OAAO,CAAC,GAAG,CAAC,4CAA4C,EAAE,IAAI,EAAE;gBAChE,OAAO,CAAC,GAAG,CAAC,iDAAiD,EAAE,IAAI,EAAE,CAAC;YACxE,MAAM,uBAAuB,GAC3B,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAC5E,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBAC5D,MAAM,IAAI,eAAe,CACvB,qBAAqB,CAAC,aAAa,EACnC,qPAAqP,CACtP,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,wBAAwB,GAAG,QAAQ,CAAC;YAC5C,OAAO,CAAC,uBAAuB,GAAG,uBAAuB,CAAC;QAC5D,CAAC;QAED,MAAM,KAAK,GACT,IAAI,KAAK,iBAAiB,CAAC,CAAC,CAAC,+BAA+B;YAC5D,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC,CAAC,4BAA4B;gBACxD,CAAC,CAAC,2BAA2B,CAAC;QAEhC,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC5D,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,CAAC,GACL,OAAO,QAAQ,CAAC,IAAI,KAAK,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;gBAC1D,QAAQ,CAAC,IAAgC;gBAC5C,CAAC,CAAC,EAAE,CAAC;YACP,MAAM,WAAW,GACf,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;YACnF,MAAM,WAAW,GACf,OAAO,CAAC,CAAC,OAAO,KAAK,QAAQ;gBAC3B,CAAC,CAAC,CAAC,CAAC,OAAO;gBACX,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ;oBAC5B,CAAC,CAAC,CAAC,CAAC,MAAM;oBACV,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,KAAK,QAAQ;wBACjC,CAAC,CAAC,CAAC,CAAC,WAAW;wBACf,CAAC,CAAC,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;YACpC,MAAM,IAAI,eAAe,CACvB,qBAAqB,CAAC,cAAc,EACpC,GAAG,WAAW,KAAK,WAAW,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,kBAAkB,QAAQ,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACrG,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,eAAe,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC;QAE3F,MAAM,OAAO,GACX,OAAO,QAAQ,CAAC,IAAI,KAAK,QAAQ,IAAI,QAAQ,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;YAC1D,QAAQ,CAAC,IAAgC;YAC5C,CAAC,CAAC,EAAE,CAAC;QAEP,MAAM,YAAY,GAChB,OAAO,OAAO,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAExF,IAAI,KAAK,KAAK,2BAA2B,IAAI,CAAC,YAAY,KAAK,OAAO,IAAI,YAAY,KAAK,YAAY,CAAC,EAAE,CAAC;YACzG,MAAM,GAAG,GACP,YAAY,KAAK,YAAY,CAAC,CAAC,CAAC,yDAAyD,CAAC,CAAC,CAAC,iBAAiB,CAAC;YAChH,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,iCAAiC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC9F,0BAA0B,CAAC;gBACzB,WAAW;gBACX,KAAK,EAAE,EAAE;gBACT,QAAQ,EAAE,CAAC;gBACX,eAAe,EAAE,IAAI;gBACrB,WAAW;gBACX,oBAAoB,EAAE,IAAI;aAC3B,CAAC,CAAC;QACL,CAAC;QAED,6FAA6F;QAC7F,MAAM,YAAY,GAChB,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC7E,IAAI,YAAY,KAAK,OAAO,EAAE,CAAC;YAC7B,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,iCAAiC,EAAE,iBAAiB,CAAC,CAAC,CAAC;YAC5G,0BAA0B,CAAC;gBACzB,WAAW;gBACX,KAAK,EAAE,EAAE;gBACT,QAAQ,EAAE,CAAC;gBACX,eAAe,EAAE,IAAI;gBACrB,WAAW;gBACX,oBAAoB,EAAE,IAAI;aAC3B,CAAC,CAAC;QACL,CAAC;QACD,IAAI,cAAc,KAAK,UAAU,EAAE,CAAC;YAClC,0BAA0B,CAAC;gBACzB,WAAW;gBACX,KAAK,EAAE,EAAE;gBACT,QAAQ,EAAE,CAAC;gBACX,eAAe,EAAE,IAAI;gBACrB,WAAW;aACZ,CAAC,CAAC;QACL,CAAC;QACD,IAAI,cAAc,KAAK,cAAc,EAAE,CAAC;YACtC,0BAA0B,CAAC;gBACzB,WAAW;gBACX,KAAK,EAAE,EAAE;gBACT,QAAQ,EAAE,CAAC;gBACX,eAAe,EAAE,IAAI;gBACrB,WAAW;aACZ,CAAC,CAAC;QACL,CAAC;QACD,0BAA0B,CAAC;YACzB,WAAW;YACX,KAAK,EAAE,EAAE;YACT,QAAQ,EAAE,CAAC;YACX,eAAe,EAAE,IAAI;YACrB,WAAW;SACZ,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,YAAY,eAAe,EAAE,CAAC;YACjC,mBAAmB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC;YACvC,0BAA0B,CAAC;gBACzB,WAAW;gBACX,KAAK,EAAE,EAAE;gBACT,QAAQ,EAAE,CAAC;gBACX,eAAe,EAAE,CAAC,CAAC,IAAI;gBACvB,WAAW;aACZ,CAAC,CAAC;QACL,CAAC;QACD,MAAM,CAAC,CAAC;IACV,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
{
|
|
2
|
+
"$schema": "https://agentskeptic.com/schemas/execution-identity-v1.schema.json",
|
|
3
|
+
"closedDriftPathCount": 24,
|
|
4
|
+
"identityVersion": "1.0.0",
|
|
5
|
+
"mergeGateFingerprintSha256": "64b5ae2ed5025c08c7c9d7b601958cc90edc32c0d80ea207fdaa373de5b9c2fc",
|
|
6
|
+
"nodeEnginesDeclared": "22.x || 24.x",
|
|
7
|
+
"npmPackageVersion": "3.6.0",
|
|
8
|
+
"pythonPipExtrasFragment": "dev,postgres",
|
|
9
|
+
"verificationContractManifest": {
|
|
10
|
+
"manifestSha256": "c5f23ec43576716c4b9a13e752cd2962a78bb4b4da1f9e521f911e15dfd80268",
|
|
11
|
+
"url": "https://agentskeptic.com/contract/v1.json",
|
|
12
|
+
"version": "1.0.1"
|
|
13
|
+
}
|
|
14
|
+
}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { StandardVerifyWorkflowCliIo } from "./standardVerifyWorkflowCli.js";
|
|
2
|
+
export declare function executionIdentityVerifyUsage(): string;
|
|
3
|
+
/**
|
|
4
|
+
* Operational exits (3): prints JSON stderr envelope via `stderrLine`; verification exits delegate to `io.exit`.
|
|
5
|
+
*/
|
|
6
|
+
export declare function runExecutionIdentityVerifyCli(argv: string[], io?: Partial<Pick<StandardVerifyWorkflowCliIo, "consoleLog" | "stderrLine" | "exit">>): void;
|
|
7
|
+
//# sourceMappingURL=executionIdentityVerifyCli.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"executionIdentityVerifyCli.d.ts","sourceRoot":"","sources":["../src/executionIdentityVerifyCli.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,gCAAgC,CAAC;AAalF,wBAAgB,4BAA4B,IAAI,MAAM,CAYrD;AAOD;;GAEG;AACH,wBAAgB,6BAA6B,CAC3C,IAAI,EAAE,MAAM,EAAE,EACd,EAAE,GAAE,OAAO,CAAC,IAAI,CAAC,2BAA2B,EAAE,YAAY,GAAG,YAAY,GAAG,MAAM,CAAC,CAAM,GACxF,IAAI,CA8DN"}
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Compare pinned execution-identity JSON to the bundled dist artifact (`execution-identity verify`).
|
|
3
|
+
*/
|
|
4
|
+
import { readFileSync } from "node:fs";
|
|
5
|
+
import path from "node:path";
|
|
6
|
+
import { deepStrictEqual } from "node:assert";
|
|
7
|
+
import { CLI_OPERATIONAL_CODES } from "./cliOperationalCodes.js";
|
|
8
|
+
import { cliErrorEnvelope, formatOperationalMessage } from "./failureCatalog.js";
|
|
9
|
+
import { CLI_EXITED_AFTER_ERROR } from "./standardVerifyWorkflowCli.js";
|
|
10
|
+
import { argValue } from "./cliArgv.js";
|
|
11
|
+
import { npmPackageRootFromHere } from "./verificationReceipt.js";
|
|
12
|
+
const defaultIo = {
|
|
13
|
+
consoleLog: (line) => {
|
|
14
|
+
process.stdout.write(`${line}\n`);
|
|
15
|
+
},
|
|
16
|
+
stderrLine: (line) => {
|
|
17
|
+
process.stderr.write(`${line}\n`);
|
|
18
|
+
},
|
|
19
|
+
exit: (code) => process.exit(code),
|
|
20
|
+
};
|
|
21
|
+
export function executionIdentityVerifyUsage() {
|
|
22
|
+
return `Usage:
|
|
23
|
+
agentskeptic execution-identity verify --expect-json <path>
|
|
24
|
+
|
|
25
|
+
Compare repo-pinned execution-identity JSON against the bundled dist/artifact (same fields except $schema is ignored).
|
|
26
|
+
|
|
27
|
+
Exit codes:
|
|
28
|
+
0 pinned JSON matches dist/execution-identity.v1.json
|
|
29
|
+
2 field mismatch (${CLI_OPERATIONAL_CODES.EXECUTION_IDENTITY_MISMATCH})
|
|
30
|
+
3 usage or IO/read failure (${CLI_OPERATIONAL_CODES.EXECUTION_IDENTITY_USAGE} / operational)
|
|
31
|
+
|
|
32
|
+
--help, -h print this message and exit 0`;
|
|
33
|
+
}
|
|
34
|
+
function stripSchema(obj) {
|
|
35
|
+
const { $schema: _, ...rest } = obj;
|
|
36
|
+
return rest;
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Operational exits (3): prints JSON stderr envelope via `stderrLine`; verification exits delegate to `io.exit`.
|
|
40
|
+
*/
|
|
41
|
+
export function runExecutionIdentityVerifyCli(argv, io = {}) {
|
|
42
|
+
const out = { ...defaultIo, ...io };
|
|
43
|
+
if (argv.includes("--help") || argv.includes("-h")) {
|
|
44
|
+
out.consoleLog(executionIdentityVerifyUsage());
|
|
45
|
+
out.exit(0);
|
|
46
|
+
}
|
|
47
|
+
if (argv[0] !== "verify") {
|
|
48
|
+
out.stderrLine(cliErrorEnvelope(CLI_OPERATIONAL_CODES.EXECUTION_IDENTITY_USAGE, formatOperationalMessage("Expected subcommand verify.")));
|
|
49
|
+
out.exit(3);
|
|
50
|
+
throw new Error(CLI_EXITED_AFTER_ERROR);
|
|
51
|
+
}
|
|
52
|
+
const expectPathRaw = argValue(argv.slice(1), "--expect-json");
|
|
53
|
+
if (!expectPathRaw?.trim()) {
|
|
54
|
+
out.stderrLine(cliErrorEnvelope(CLI_OPERATIONAL_CODES.EXECUTION_IDENTITY_USAGE, formatOperationalMessage("Missing --expect-json <path>.")));
|
|
55
|
+
out.exit(3);
|
|
56
|
+
throw new Error(CLI_EXITED_AFTER_ERROR);
|
|
57
|
+
}
|
|
58
|
+
const packageRoot = npmPackageRootFromHere(import.meta.url);
|
|
59
|
+
const bundledPath = path.join(packageRoot, "dist", "execution-identity.v1.json");
|
|
60
|
+
const expectAbs = path.resolve(expectPathRaw);
|
|
61
|
+
let bundled;
|
|
62
|
+
let expectDoc;
|
|
63
|
+
try {
|
|
64
|
+
bundled = JSON.parse(readFileSync(bundledPath, "utf8"));
|
|
65
|
+
expectDoc = JSON.parse(readFileSync(expectAbs, "utf8"));
|
|
66
|
+
}
|
|
67
|
+
catch (e) {
|
|
68
|
+
const msg = e instanceof Error ? e.message : String(e);
|
|
69
|
+
out.stderrLine(cliErrorEnvelope(CLI_OPERATIONAL_CODES.EXECUTION_IDENTITY_USAGE, formatOperationalMessage(`Cannot read execution-identity JSON: ${msg}`)));
|
|
70
|
+
out.exit(3);
|
|
71
|
+
throw new Error(CLI_EXITED_AFTER_ERROR);
|
|
72
|
+
}
|
|
73
|
+
try {
|
|
74
|
+
deepStrictEqual(stripSchema(bundled), stripSchema(expectDoc));
|
|
75
|
+
}
|
|
76
|
+
catch {
|
|
77
|
+
out.stderrLine(cliErrorEnvelope(CLI_OPERATIONAL_CODES.EXECUTION_IDENTITY_MISMATCH, formatOperationalMessage("Pinned execution-identity JSON does not match dist/execution-identity.v1.json.")));
|
|
78
|
+
out.exit(2);
|
|
79
|
+
throw new Error(CLI_EXITED_AFTER_ERROR);
|
|
80
|
+
}
|
|
81
|
+
out.exit(0);
|
|
82
|
+
throw new Error(CLI_EXITED_AFTER_ERROR);
|
|
83
|
+
}
|
|
84
|
+
//# sourceMappingURL=executionIdentityVerifyCli.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"executionIdentityVerifyCli.js","sourceRoot":"","sources":["../src/executionIdentityVerifyCli.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,wBAAwB,EAAE,MAAM,qBAAqB,CAAC;AACjF,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAExC,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AAElE,MAAM,SAAS,GAAG;IAChB,UAAU,EAAE,CAAC,IAAY,EAAE,EAAE;QAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC;IACpC,CAAC;IACD,UAAU,EAAE,CAAC,IAAY,EAAE,EAAE;QAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,IAAI,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;CACuC,CAAC;AAEpF,MAAM,UAAU,4BAA4B;IAC1C,OAAO;;;;;;;uBAOc,qBAAqB,CAAC,2BAA2B;iCACvC,qBAAqB,CAAC,wBAAwB;;4CAEnC,CAAC;AAC7C,CAAC;AAED,SAAS,WAAW,CAAC,GAA4B;IAC/C,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,GAAG,IAAI,EAAE,GAAG,GAAG,CAAC;IACpC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,6BAA6B,CAC3C,IAAc,EACd,KAAuF,EAAE;IAEzF,MAAM,GAAG,GAAG,EAAE,GAAG,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC;IACpC,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QACnD,GAAG,CAAC,UAAU,CAAC,4BAA4B,EAAE,CAAC,CAAC;QAC/C,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACd,CAAC;IACD,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QACzB,GAAG,CAAC,UAAU,CACZ,gBAAgB,CACd,qBAAqB,CAAC,wBAAwB,EAC9C,wBAAwB,CAAC,6BAA6B,CAAC,CACxD,CACF,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,aAAa,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;IAC/D,IAAI,CAAC,aAAa,EAAE,IAAI,EAAE,EAAE,CAAC;QAC3B,GAAG,CAAC,UAAU,CACZ,gBAAgB,CACd,qBAAqB,CAAC,wBAAwB,EAC9C,wBAAwB,CAAC,+BAA+B,CAAC,CAC1D,CACF,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,WAAW,GAAG,sBAAsB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC5D,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,EAAE,4BAA4B,CAAC,CAAC;IACjF,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC9C,IAAI,OAAgC,CAAC;IACrC,IAAI,SAAkC,CAAC;IACvC,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAA4B,CAAC;QACnF,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,MAAM,CAAC,CAA4B,CAAC;IACrF,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,GAAG,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACvD,GAAG,CAAC,UAAU,CACZ,gBAAgB,CACd,qBAAqB,CAAC,wBAAwB,EAC9C,wBAAwB,CAAC,wCAAwC,GAAG,EAAE,CAAC,CACxE,CACF,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,CAAC;QACH,eAAe,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,CAAC,UAAU,CACZ,gBAAgB,CACd,qBAAqB,CAAC,2BAA2B,EACjD,wBAAwB,CAAC,gFAAgF,CAAC,CAC3G,CACF,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACZ,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;AAC1C,CAAC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
export type MergeGatePhaseTimings = {
|
|
2
|
+
regeneration: number;
|
|
3
|
+
preflightDriftRoster: number;
|
|
4
|
+
gitDiffGate: number;
|
|
5
|
+
structuralGuards: number;
|
|
6
|
+
postgresDistribution: number;
|
|
7
|
+
journeyTail: number;
|
|
8
|
+
};
|
|
9
|
+
export declare function finalizeMergeGateReceipt(args: {
|
|
10
|
+
packageRoot: string;
|
|
11
|
+
timings: MergeGatePhaseTimings;
|
|
12
|
+
exitCode: number;
|
|
13
|
+
outcome: "success" | "failure" | "operational_abort";
|
|
14
|
+
verificationTruthExitPhase: string | null;
|
|
15
|
+
}): void;
|
|
16
|
+
//# sourceMappingURL=mergeGateReceiptFinalize.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mergeGateReceiptFinalize.d.ts","sourceRoot":"","sources":["../src/mergeGateReceiptFinalize.ts"],"names":[],"mappings":"AAOA,MAAM,MAAM,qBAAqB,GAAG;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB,CAAC;AAEF,wBAAgB,wBAAwB,CAAC,IAAI,EAAE;IAC7C,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,qBAAqB,CAAC;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,SAAS,GAAG,SAAS,GAAG,mBAAmB,CAAC;IACrD,0BAA0B,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3C,GAAG,IAAI,CAgCP"}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Loaded dynamically from verification-truth.mjs after `npm run build` in merge gate prelude.
|
|
3
|
+
*/
|
|
4
|
+
import { cliErrorEnvelope, formatOperationalMessage } from "./failureCatalog.js";
|
|
5
|
+
import { CLI_OPERATIONAL_CODES } from "./cliOperationalCodes.js";
|
|
6
|
+
import { writeVerificationReceipt } from "./verificationReceipt.js";
|
|
7
|
+
export function finalizeMergeGateReceipt(args) {
|
|
8
|
+
const cwd = process.cwd();
|
|
9
|
+
let outcome = args.outcome;
|
|
10
|
+
let exitCode = args.exitCode;
|
|
11
|
+
if (args.exitCode === 0 && outcome !== "success") {
|
|
12
|
+
outcome = "success";
|
|
13
|
+
}
|
|
14
|
+
const r = writeVerificationReceipt({
|
|
15
|
+
cwd,
|
|
16
|
+
exitCode,
|
|
17
|
+
inputIntegrity: {
|
|
18
|
+
dbKind: "none",
|
|
19
|
+
eventsSha256: null,
|
|
20
|
+
npmTestScript: "verification:truth",
|
|
21
|
+
registrySha256: null,
|
|
22
|
+
verificationTruthExitPhase: args.verificationTruthExitPhase,
|
|
23
|
+
workflowId: "merge_gate",
|
|
24
|
+
},
|
|
25
|
+
kind: "merge_gate",
|
|
26
|
+
outcome,
|
|
27
|
+
packageRoot: args.packageRoot,
|
|
28
|
+
phaseTimingsMs: args.timings,
|
|
29
|
+
verificationSummary: {
|
|
30
|
+
enforceExitKind: null,
|
|
31
|
+
operationalCode: null,
|
|
32
|
+
workflowStatus: outcome === "success" ? "complete" : outcome === "failure" ? "inconsistent" : null,
|
|
33
|
+
},
|
|
34
|
+
});
|
|
35
|
+
if (!r.ok) {
|
|
36
|
+
console.error(cliErrorEnvelope(CLI_OPERATIONAL_CODES.RECEIPT_PERSIST_FAILED, formatOperationalMessage(r.message)));
|
|
37
|
+
process.exit(3);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
//# sourceMappingURL=mergeGateReceiptFinalize.js.map
|