devops-whc 1.0.1

package/dist/handlers/whc-verify.js

@@ -0,0 +1,304 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.executeWhcVerify = executeWhcVerify;
+const node_crypto_1 = require("node:crypto");
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const ssh_client_1 = require("../clients/ssh-client");
+const connectivity_1 = require("../probes/connectivity");
+const workspace_state_1 = require("../state/workspace-state");
+async function executeWhcVerify(config, request, deps = {}) {
+    const startedAt = Date.now();
+    const actionIdFactory = deps.actionIdFactory ?? node_crypto_1.randomUUID;
+    const sshClient = deps.sshClient ?? new ssh_client_1.WhcSshClient(config);
+    const probeRunner = deps.probeRunner ?? connectivity_1.runConnectivityProbe;
+    const rootDir = process.cwd();
+    (0, workspace_state_1.ensureWorkspaceState)(rootDir);
+    const manifestSource = resolveManifest(rootDir, request.payload.release_id, request.payload.manifest_path);
+    if (!manifestSource.manifest) {
+        return {
+            ok: false,
+            action_id: actionIdFactory(),
+            tool: "whc_verify",
+            data: null,
+            error: {
+                code: "NOT_FOUND",
+                message: "No release manifest found. Run whc_deploy first or provide payload.manifest_path.",
+                retryable: false,
+            },
+            meta: {
+                latency_ms: Date.now() - startedAt,
+                safety_level: "A",
+                delivery_mechanism: "read_probe",
+            },
+        };
+    }
+    const releaseId = manifestSource.releaseId;
+    const changedFiles = getChangedFiles(manifestSource.manifest);
+    const sampleSize = Math.min(request.payload.random_sample_size ?? 10, changedFiles.length);
+    const sampledFiles = sampleDeterministic(changedFiles, sampleSize, request.payload.random_seed ?? releaseId);
+    const filesToCheck = uniqueStrings([...changedFiles, ...sampledFiles]);
+    const targetBasePath = request.payload.target_environment === "staging"
+        ? config.paths.staging ?? config.paths.prod
+        : config.paths.prod;
+    const missingFiles = await findMissingFilesOnTarget(sshClient, config, request.payload.target_environment, targetBasePath, filesToCheck);
+    const fileStatus = deriveFileStatus(changedFiles.length, filesToCheck.length, missingFiles.length);
+    const configNotes = [];
+    if (!targetBasePath) {
+        configNotes.push("Missing target path in config.");
+    }
+    if (request.payload.target_environment === "staging" && !config.paths.staging) {
+        configNotes.push("WHC_STAGING_PATH is not set; fallback to production path was used.");
+    }
+    const configStatus = targetBasePath && configNotes.length === 0 ? "PASS" : targetBasePath ? "PARTIAL" : "FAIL";
+    const health = await probeRunner(config);
+    const healthDetails = [];
+    if (!health.uapi.ok)
+        healthDetails.push(`UAPI: ${health.uapi.message}`);
+    if (!health.ssh.ok)
+        healthDetails.push(`SSH: ${health.ssh.message}`);
+    const healthStatus = healthDetails.length === 0 ? "PASS" : health.uapi.ok || health.ssh.ok ? "PARTIAL" : "FAIL";
+    const shouldCheckDb = request.payload.verify_level === "with_db" || inferDataImpact(manifestSource.manifest);
+    const dbVerification = shouldCheckDb
+        ? await runDbVerification(sshClient, config, request.payload.target_environment, targetBasePath)
+        : undefined;
+    const finalStatus = deriveFinalStatus(fileStatus, configStatus, healthStatus, dbVerification?.status);
+    const notes = [];
+    if (missingFiles.length > 0) {
+        notes.push(`Missing ${missingFiles.length} file(s) from manifest check.`);
+    }
+    if (!shouldCheckDb) {
+        notes.push("DB verification skipped (no inferred data-impacting changes).");
+    }
+    const stateRootRelative = (process.env.WHC_STATE_ROOT ?? workspace_state_1.DEFAULT_STATE_ROOT).trim() || workspace_state_1.DEFAULT_STATE_ROOT;
+    const reportsDir = (0, node_path_1.join)((0, workspace_state_1.resolveStateRoot)(rootDir), "state", "reports");
+    const reportFile = (0, node_path_1.join)(reportsDir, `${releaseId}.verify-report.json`);
+    const data = {
+        release_id: releaseId,
+        final_status: finalStatus,
+        file_verification: {
+            declared_changed_files: changedFiles.length,
+            checked_files: filesToCheck.length,
+            missing_files: missingFiles,
+            sampled_files: sampledFiles,
+            status: fileStatus,
+        },
+        config_verification: {
+            target_environment: request.payload.target_environment,
+            target_path: targetBasePath,
+            status: configStatus,
+            notes: configNotes,
+        },
+        health_verification: {
+            status: healthStatus,
+            details: healthDetails,
+        },
+        db_verification: dbVerification,
+        notes,
+        report_file: reportFile,
+        next_step: finalStatus === "PASS" ? "Verification passed. Continue pipeline." : "Inspect report and logs, then redeploy or rollback based on policy.",
+    };
+    (0, node_fs_1.writeFileSync)(reportFile, JSON.stringify({
+        ...data,
+        manifest_source: manifestSource.path,
+        state_root: stateRootRelative,
+        verified_at: new Date().toISOString(),
+    }, null, 2) + "\n", "utf8");
+    return {
+        ok: true,
+        action_id: actionIdFactory(),
+        tool: "whc_verify",
+        data,
+        error: null,
+        meta: {
+            latency_ms: Date.now() - startedAt,
+            safety_level: "A",
+            release_intent: readReleaseIntent(manifestSource.manifest),
+            delivery_mechanism: "read_probe",
+        },
+    };
+}
+function resolveManifest(rootDir, releaseId, manifestPath) {
+    if (manifestPath) {
+        if (!(0, node_fs_1.existsSync)(manifestPath)) {
+            return { releaseId: releaseId ?? "unknown", path: manifestPath, manifest: null };
+        }
+        return {
+            releaseId: releaseId ?? extractReleaseId(manifestPath),
+            path: manifestPath,
+            manifest: parseJsonFile(manifestPath),
+        };
+    }
+    if (releaseId) {
+        const file = (0, workspace_state_1.getReleaseManifestFile)(rootDir, releaseId);
+        return {
+            releaseId,
+            path: file,
+            manifest: parseJsonFile(file),
+        };
+    }
+    const releasesDir = (0, node_path_1.join)((0, workspace_state_1.resolveStateRoot)(rootDir), "state", "releases");
+    if (!(0, node_fs_1.existsSync)(releasesDir)) {
+        return { releaseId: "latest", path: releasesDir, manifest: null };
+    }
+    const candidates = (0, node_fs_1.readdirSync)(releasesDir)
+        .filter((name) => name.endsWith(".auto-manifest.json"))
+        .map((name) => ({ name, fullPath: (0, node_path_1.join)(releasesDir, name), mtime: (0, node_fs_1.statSync)((0, node_path_1.join)(releasesDir, name)).mtimeMs }))
+        .sort((a, b) => b.mtime - a.mtime);
+    const latest = candidates[0];
+    if (!latest) {
+        return { releaseId: "latest", path: releasesDir, manifest: null };
+    }
+    return {
+        releaseId: extractReleaseId(latest.name),
+        path: latest.fullPath,
+        manifest: parseJsonFile(latest.fullPath),
+    };
+}
+function parseJsonFile(filePath) {
+    if (!(0, node_fs_1.existsSync)(filePath)) {
+        return null;
+    }
+    try {
+        return JSON.parse((0, node_fs_1.readFileSync)(filePath, "utf8"));
+    }
+    catch {
+        return null;
+    }
+}
+function getChangedFiles(manifest) {
+    const value = manifest.changed_files;
+    if (!Array.isArray(value)) {
+        return [];
+    }
+    return value.filter((item) => typeof item === "string" && item.length > 0);
+}
+function uniqueStrings(values) {
+    return Array.from(new Set(values));
+}
+function sampleDeterministic(source, sampleSize, seed) {
+    if (sampleSize <= 0) {
+        return [];
+    }
+    const pool = [...source];
+    const sampled = [];
+    let state = seedToNumber(seed);
+    while (pool.length > 0 && sampled.length < sampleSize) {
+        state = (state * 1664525 + 1013904223) >>> 0;
+        const index = state % pool.length;
+        sampled.push(pool[index]);
+        pool.splice(index, 1);
+    }
+    return sampled;
+}
+function seedToNumber(seed) {
+    let result = 2166136261;
+    for (const ch of seed) {
+        result ^= ch.charCodeAt(0);
+        result = Math.imul(result, 16777619);
+    }
+    return result >>> 0;
+}
+async function findMissingFilesOnTarget(sshClient, config, targetEnvironment, targetBasePath, filesToCheck) {
+    if (!targetBasePath || filesToCheck.length === 0) {
+        return [];
+    }
+    const quotedBase = quoteShell(targetBasePath);
+    const checks = filesToCheck
+        .map((file) => {
+        const quotedRelative = quoteShell(file);
+        return `[ -e ${quotedBase}/${quotedRelative} ] && echo OK:${file} || echo MISS:${file}`;
+    })
+        .join("; ");
+    try {
+        const result = await execOnTarget(sshClient, config, targetEnvironment, checks);
+        return result.stdout
+            .split("\n")
+            .map((line) => line.trim())
+            .filter((line) => line.startsWith("MISS:"))
+            .map((line) => line.slice(5));
+    }
+    catch {
+        return filesToCheck;
+    }
+}
+async function runDbVerification(sshClient, config, targetEnvironment, targetBasePath) {
+    if (!targetBasePath) {
+        return { status: "FAIL", details: ["Cannot run DB check because target path is missing."] };
+    }
+    const command = `cd ${quoteShell(targetBasePath)} && wp db check --quiet >/dev/null 2>&1 && echo DB_OK || echo DB_FAIL`;
+    try {
+        const result = await execOnTarget(sshClient, config, targetEnvironment, command);
+        if (result.stdout.includes("DB_OK")) {
+            return { status: "PASS", details: ["wp db check passed."] };
+        }
+        return { status: "FAIL", details: ["wp db check failed."] };
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : "DB verification failed";
+        return { status: "PARTIAL", details: [message] };
+    }
+}
+async function execOnTarget(sshClient, config, targetEnvironment, command) {
+    if (targetEnvironment === "staging") {
+        const target = config.sshTargets.staging;
+        if (!target || !target.privateKeyPath) {
+            throw new Error("Staging SSH target is not configured for key-based execution.");
+        }
+        const result = await sshClient.execWithKey({
+            host: target.host,
+            port: target.port,
+            username: target.username,
+            privateKeyPath: target.privateKeyPath,
+        }, command);
+        if (!result.ok) {
+            throw new Error(result.message || result.stderr || "SSH command failed");
+        }
+        return { stdout: result.stdout };
+    }
+    const result = await sshClient.execWithKey(config.sshTargets.prod, command);
+    if (!result.ok) {
+        throw new Error(result.message || result.stderr || "SSH command failed");
+    }
+    return { stdout: result.stdout };
+}
+function deriveFileStatus(declaredCount, checkedCount, missingCount) {
+    if (declaredCount === 0) {
+        return "PARTIAL";
+    }
+    if (checkedCount === 0 || missingCount === checkedCount) {
+        return "FAIL";
+    }
+    if (missingCount > 0) {
+        return "PARTIAL";
+    }
+    return "PASS";
+}
+function deriveFinalStatus(fileStatus, configStatus, healthStatus, dbStatus) {
+    const statuses = [fileStatus, configStatus, healthStatus, dbStatus].filter(Boolean);
+    if (statuses.includes("FAIL")) {
+        return "FAIL";
+    }
+    if (statuses.includes("PARTIAL")) {
+        return "PARTIAL";
+    }
+    return "PASS";
+}
+function inferDataImpact(manifest) {
+    const releaseIntent = readReleaseIntent(manifest);
+    return releaseIntent === "migrate" || releaseIntent === "recover";
+}
+function readReleaseIntent(manifest) {
+    const value = manifest.release_intent;
+    if (value === "refresh" || value === "deploy" || value === "promote" || value === "migrate" || value === "recover") {
+        return value;
+    }
+    return undefined;
+}
+function quoteShell(input) {
+    return `'${input.replace(/'/g, `'"'"'`)}'`;
+}
+function extractReleaseId(filePath) {
+    const base = filePath.split(/[\\/]/).pop() ?? "release";
+    return base.replace(/\.auto-manifest\.json$/, "").replace(/\.json$/, "");
+}

package/dist/idempotency/store.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InMemoryIdempotencyStore = void 0;
+class InMemoryIdempotencyStore {
+    store = new Map();
+    get(key) {
+        return this.store.get(key);
+    }
+    set(key, record) {
+        this.store.set(key, record);
+    }
+}
+exports.InMemoryIdempotencyStore = InMemoryIdempotencyStore;

package/dist/index.js

@@ -0,0 +1,109 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_crypto_1 = require("node:crypto");
+const env_1 = require("./config/env");
+const tool_dispatcher_1 = require("./dispatcher/tool-dispatcher");
+const whc_check_health_1 = require("./handlers/whc-check-health");
+const connectivity_1 = require("./probes/connectivity");
+const whc_check_health_2 = require("./schemas/whc-check-health");
+const tool_registry_1 = require("./registry/tool-registry");
+const store_1 = require("./idempotency/store");
+const audit_logger_1 = require("./audit/audit-logger");
+const server_1 = require("./server");
+const packageJson = require("../package.json");
+const APP_VERSION = packageJson.version;
+const HELP_TEXT = [
+    `WHC MCP CLI Help v${APP_VERSION}`,
+    "",
+    "Modes:",
+    "  --serve         Start MCP stdio server (registers all tools)",
+    "  --probe         Run connectivity probe (UAPI, SSH, WP-CLI)",
+    "  --check-health  Execute whc_check_health once and print JSON",
+    "  --version       Print CLI version",
+    "  --help          Show this help",
+    "",
+    "Quick start:",
+    "  1) npm install",
+    "  2) copy .env.example to .env and fill secrets",
+    "  3) npm run mcp:prepare",
+    "  4) npm run serve",
+    "",
+    "Published package use:",
+    "  npx -y devops-whc --serve",
+    "  npx -y devops-whc --probe",
+    "  npx -y devops-whc --check-health",
+    "",
+    "Safe release flow:",
+    "  1) check-health",
+    "  2) pre-deploy logs",
+    "  3) staging deploy dry-run (confirmed=true if policy requires)",
+    "  4) staging deploy real",
+    "  5) smoke gate",
+    "  6) promote live only when smoke is green",
+    "",
+    "Managed clone/sync payload reminders:",
+    "  - direction is required: live_to_staging or staging_to_live",
+    "  - sync_scope is required for clear safety intent",
+    "  - staging_to_live + database/everything needs backup policy",
+    "",
+    "Flow log:",
+    "  - default: .mcp/whc-mcp/logs/flow-events.jsonl",
+    "  - override: set WHC_FLOW_LOG_PATH",
+    "",
+    "Secrets safety:",
+    "  - do not commit .env or .vscode/whc.env",
+    "  - npm tarball excludes local env files by design",
+    "",
+    "Reference:",
+    "  - AGENT_MCP_USAGE.md",
+].join("\n");
+async function main() {
+    if (process.argv.includes("--help")) {
+        console.log(HELP_TEXT);
+        return;
+    }
+    if (process.argv.includes("--version") || process.argv.includes("-v")) {
+        console.log(APP_VERSION);
+        return;
+    }
+    // MCP stdio server mode — all 6 tools registered, reads from stdin/stdout
+    if (process.argv.includes("--serve")) {
+        await (0, server_1.startMcpServer)();
+        return;
+    }
+    const config = (0, env_1.loadConfig)();
+    if (process.argv.includes("--probe")) {
+        const report = await (0, connectivity_1.runConnectivityProbe)(config);
+        const stagingWpCliOk = report.wpcli.staging.reachable;
+        console.log(JSON.stringify({
+            ok: report.uapi.ok && report.ssh.ok && report.wpcli.prod.reachable && stagingWpCliOk,
+            action_id: (0, node_crypto_1.randomUUID)(),
+            tool: "whc_connectivity_probe",
+            data: report,
+        }, null, 2));
+        return;
+    }
+    if (process.argv.includes("--check-health")) {
+        const request = (0, whc_check_health_1.buildDefaultWhcCheckHealthRequest)(config);
+        const toolDef = tool_registry_1.TOOL_REGISTRY["whc_check_health"];
+        const result = await (0, tool_dispatcher_1.dispatch)({
+            config,
+            toolDef,
+            rawInput: request,
+            validate: whc_check_health_2.validateWhcCheckHealthRequest,
+            execute: (cfg, req) => (0, whc_check_health_1.executeWhcCheckHealth)(cfg, req),
+            idempotencyStore: new store_1.InMemoryIdempotencyStore(),
+            auditLogger: new audit_logger_1.ConsoleAuditLogger(),
+            actionIdFactory: node_crypto_1.randomUUID,
+        });
+        console.log(JSON.stringify(result, null, 2));
+        return;
+    }
+    console.log(HELP_TEXT);
+}
+main().catch((error) => {
+    const message = error instanceof Error ? error.message : "Unknown startup error";
+    console.error(message);
+    process.exitCode = 1;
+});

package/dist/policy/policy-engine.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.evaluatePolicy = evaluatePolicy;
+function evaluatePolicy(input) {
+    if (input.mode === "read") {
+        return {
+            allowed: true,
+            requiresConfirm: false,
+            requiresDryRun: false,
+            safetyLevel: input.safetyLevel,
+        };
+    }
+    if (input.safetyLevel === "D") {
+        const missingDryRun = !input.dryRun;
+        const missingConfirm = !input.confirmed;
+        if (missingDryRun || missingConfirm) {
+            return {
+                allowed: false,
+                requiresConfirm: true,
+                requiresDryRun: true,
+                reason: "Level D operation requires both dry_run and explicit confirmation",
+                safetyLevel: input.safetyLevel,
+            };
+        }
+    }
+    if (input.safetyLevel === "C" && !input.confirmed) {
+        return {
+            allowed: false,
+            requiresConfirm: true,
+            requiresDryRun: false,
+            reason: "Level C operation requires explicit confirmation",
+            safetyLevel: input.safetyLevel,
+        };
+    }
+    return {
+        allowed: true,
+        requiresConfirm: input.safetyLevel === "B" || input.safetyLevel === "C" || input.safetyLevel === "D",
+        requiresDryRun: input.safetyLevel === "D",
+        safetyLevel: input.safetyLevel,
+    };
+}

package/dist/probes/connectivity.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runConnectivityProbe = runConnectivityProbe;
+const ssh_client_1 = require("../clients/ssh-client");
+const wpcli_client_1 = require("../clients/wpcli-client");
+const whc_uapi_client_1 = require("../clients/whc-uapi-client");
+async function runConnectivityProbe(config) {
+    const uapiClient = new whc_uapi_client_1.WhcUapiClient(config);
+    const sshClient = new ssh_client_1.WhcSshClient(config);
+    const wpCliClient = new wpcli_client_1.WpCliClient(config, sshClient);
+    const [uapi, prodSsh, wpcli] = await Promise.all([uapiClient.probe(), sshClient.probe(), wpCliClient.probe()]);
+    let stagingSsh = {
+        ok: false,
+        latencyMs: 0,
+        message: "staging SSH key target not configured",
+    };
+    if (config.sshTargets.staging?.privateKeyPath) {
+        stagingSsh = await sshClient.probeTarget({
+            host: config.sshTargets.staging.host,
+            port: config.sshTargets.staging.port,
+            username: config.sshTargets.staging.username,
+            privateKeyPath: config.sshTargets.staging.privateKeyPath,
+        });
+    }
+    else if (config.sshTargets.staging) {
+        stagingSsh = {
+            ok: false,
+            latencyMs: 0,
+            message: "staging SSH uses password mode; key-based SSH probe skipped",
+        };
+    }
+    return {
+        uapi,
+        ssh: prodSsh,
+        sshEnvironments: {
+            prod: prodSsh,
+            staging: stagingSsh,
+        },
+        wpcli,
+    };
+}

package/dist/registry/tool-registry.js

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TOOL_REGISTRY = void 0;
+exports.getToolDefinition = getToolDefinition;
+exports.TOOL_REGISTRY = {
+    whc_prepare: {
+        name: "whc_prepare",
+        mode: "write",
+        safetyLevel: "B",
+        description: "Initialize hidden workspace state and validate deploy readiness",
+    },
+    whc_setup_remote: {
+        name: "whc_setup_remote",
+        mode: "write",
+        safetyLevel: "C",
+        description: "Create cPanel Git repository and return SSH remote URL",
+    },
+    whc_deploy: {
+        name: "whc_deploy",
+        mode: "write",
+        safetyLevel: "C",
+        description: "Trigger VersionControl::deployment for staging or production",
+    },
+    whc_ssh_exec: {
+        name: "whc_ssh_exec",
+        mode: "write",
+        safetyLevel: "C",
+        description: "Execute safe read/sync SSH command on WHC host through enforced policy",
+    },
+    whc_get_logs: {
+        name: "whc_get_logs",
+        mode: "read",
+        safetyLevel: "A",
+        description: "Fetch latest app logs from WHC server",
+    },
+    whc_db_backup: {
+        name: "whc_db_backup",
+        mode: "write",
+        safetyLevel: "D",
+        description: "Create remote compressed SQL backup with audit tracking",
+    },
+    whc_check_health: {
+        name: "whc_check_health",
+        mode: "read",
+        safetyLevel: "A",
+        description: "Collect disk usage, SSL expiry, and load summary",
+    },
+    whc_verify: {
+        name: "whc_verify",
+        mode: "read",
+        safetyLevel: "A",
+        description: "Run post-deploy DevOps verification based on release manifest",
+    },
+    whc_pipeline_status: {
+        name: "whc_pipeline_status",
+        mode: "read",
+        safetyLevel: "A",
+        description: "Read latest hidden pipeline status and artifact pointers",
+    },
+    whc_rollback: {
+        name: "whc_rollback",
+        mode: "write",
+        safetyLevel: "D",
+        description: "Execute guarded rollback with mandatory dry-run, confirmation, and verify-chain",
+    },
+};
+function getToolDefinition(toolName) {
+    return exports.TOOL_REGISTRY[toolName];
+}

package/dist/schemas/whc-check-health.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildDefaultWhcCheckHealthPayload = buildDefaultWhcCheckHealthPayload;
+exports.validateWhcCheckHealthRequest = validateWhcCheckHealthRequest;
+const zod_1 = require("zod");
+const sourceProfileSchema = zod_1.z.object({
+    local_project_root: zod_1.z.string().min(1).optional(),
+    local_app_path: zod_1.z.string().min(1).optional(),
+    source_kind: zod_1.z.enum(["full_site", "partial_content", "package_only", "artifact_first", "monorepo_slice"]),
+    deploy_unit: zod_1.z.enum(["raw_source", "build_artifact", "package_bundle"]),
+    build_command: zod_1.z.string().min(1).optional(),
+    build_artifact_path: zod_1.z.string().min(1).optional(),
+});
+const payloadSchema = zod_1.z.object({
+    target_environment: zod_1.z.enum(["live", "staging", "auto"]).default("auto"),
+    release_intent: zod_1.z.enum(["refresh", "deploy", "promote", "migrate", "recover"]),
+    pipeline_id: zod_1.z.enum(["P0", "P1", "P2", "P2R", "P3", "P3D", "P4", "P5"]),
+    source_profile: sourceProfileSchema,
+});
+const requestSchema = zod_1.z.object({
+    request_id: zod_1.z.string().min(1),
+    actor: zod_1.z.object({
+        kind: zod_1.z.literal("copilot"),
+        user_hint: zod_1.z.string().min(1).optional(),
+    }),
+    dry_run: zod_1.z.boolean().optional(),
+    idempotency_key: zod_1.z.string().min(1).optional(),
+    payload: payloadSchema,
+});
+function buildDefaultWhcCheckHealthPayload(config) {
+    const releaseIntent = config.sourceProfile.defaultReleaseIntent;
+    const sourceProfile = {
+        local_project_root: config.sourceProfile.localProjectRoot,
+        local_app_path: config.sourceProfile.localAppPath,
+        source_kind: config.sourceProfile.sourceKind,
+        deploy_unit: config.sourceProfile.deployUnit,
+        build_command: config.sourceProfile.buildCommand,
+        build_artifact_path: config.sourceProfile.buildArtifactPath,
+    };
+    const pipelineId = "P1";
+    return {
+        target_environment: "auto",
+        release_intent: releaseIntent,
+        pipeline_id: pipelineId,
+        source_profile: sourceProfile,
+    };
+}
+function validateWhcCheckHealthRequest(input) {
+    const parsed = requestSchema.safeParse(input);
+    if (!parsed.success) {
+        const issues = parsed.error.issues.map((issue) => `${issue.path.join(".")}: ${issue.message}`).join("; ");
+        throw new Error(`VALIDATION_ERROR: ${issues}`);
+    }
+    return parsed.data;
+}

package/dist/schemas/whc-db-backup.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateWhcDbBackupRequest = validateWhcDbBackupRequest;
+const zod_1 = require("zod");
+const payloadSchema = zod_1.z.object({
+    target_environment: zod_1.z.enum(["live", "staging"]),
+    output_path: zod_1.z.string().min(1).optional(),
+    compress: zod_1.z.boolean().default(true),
+    tables: zod_1.z.array(zod_1.z.string().min(1)).optional(),
+});
+const requestSchema = zod_1.z.object({
+    request_id: zod_1.z.string().min(1),
+    actor: zod_1.z.object({
+        kind: zod_1.z.literal("copilot"),
+        user_hint: zod_1.z.string().min(1).optional(),
+    }),
+    dry_run: zod_1.z.boolean().optional(),
+    confirmed: zod_1.z.boolean().optional(),
+    idempotency_key: zod_1.z.string().min(1),
+    payload: payloadSchema,
+});
+function validateWhcDbBackupRequest(input) {
+    const parsed = requestSchema.safeParse(input);
+    if (!parsed.success) {
+        const issues = parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join("; ");
+        throw new Error(`VALIDATION_ERROR: ${issues}`);
+    }
+    return parsed.data;
+}