guardrail-core 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/autopilot.test.d.ts +7 -0
- package/dist/__tests__/autopilot.test.d.ts.map +1 -0
- package/dist/__tests__/autopilot.test.js +156 -0
- package/dist/__tests__/tier-config.test.d.ts +9 -0
- package/dist/__tests__/tier-config.test.d.ts.map +1 -0
- package/dist/__tests__/tier-config.test.js +230 -0
- package/dist/__tests__/utils/hash-inline.test.d.ts +2 -0
- package/dist/__tests__/utils/hash-inline.test.d.ts.map +1 -0
- package/dist/__tests__/utils/hash-inline.test.js +62 -0
- package/dist/__tests__/utils/hash.test.d.ts +3 -0
- package/dist/__tests__/utils/hash.test.d.ts.map +1 -0
- package/dist/__tests__/utils/hash.test.js +95 -0
- package/dist/__tests__/utils/simple.test.d.ts +1 -0
- package/dist/__tests__/utils/simple.test.d.ts.map +1 -0
- package/dist/__tests__/utils/simple.test.js +10 -0
- package/dist/__tests__/utils/utils-simple.test.d.ts +1 -0
- package/dist/__tests__/utils/utils-simple.test.d.ts.map +1 -0
- package/dist/__tests__/utils/utils-simple.test.js +6 -0
- package/dist/__tests__/utils/utils.test.d.ts +15 -0
- package/dist/__tests__/utils/utils.test.d.ts.map +1 -0
- package/dist/__tests__/utils/utils.test.js +172 -0
- package/dist/autopilot/autopilot-runner.d.ts +33 -0
- package/dist/autopilot/autopilot-runner.d.ts.map +1 -0
- package/dist/autopilot/autopilot-runner.js +479 -0
- package/dist/autopilot/index.d.ts +6 -0
- package/dist/autopilot/index.d.ts.map +1 -0
- package/dist/autopilot/index.js +25 -0
- package/dist/autopilot/types.d.ts +102 -0
- package/dist/autopilot/types.d.ts.map +1 -0
- package/dist/autopilot/types.js +18 -0
- package/dist/cache/index.d.ts +7 -0
- package/dist/cache/index.d.ts.map +1 -0
- package/dist/cache/index.js +22 -0
- package/dist/cache/redis-cache.d.ts +145 -0
- package/dist/cache/redis-cache.d.ts.map +1 -0
- package/dist/cache/redis-cache.js +459 -0
- package/dist/ci/github-actions.d.ts +77 -0
- package/dist/ci/github-actions.d.ts.map +1 -0
- package/dist/ci/github-actions.js +277 -0
- package/dist/ci/index.d.ts +12 -0
- package/dist/ci/index.d.ts.map +1 -0
- package/dist/ci/index.js +27 -0
- package/dist/ci/pre-commit.d.ts +65 -0
- package/dist/ci/pre-commit.d.ts.map +1 -0
- package/dist/ci/pre-commit.js +286 -0
- package/dist/entitlements.d.ts +149 -0
- package/dist/entitlements.d.ts.map +1 -0
- package/dist/entitlements.js +464 -0
- package/dist/env.d.ts +113 -0
- package/dist/env.d.ts.map +1 -0
- package/dist/env.js +204 -0
- package/dist/fix-packs/__tests__/generate-fix-packs.test.d.ts +7 -0
- package/dist/fix-packs/__tests__/generate-fix-packs.test.d.ts.map +1 -0
- package/dist/fix-packs/__tests__/generate-fix-packs.test.js +250 -0
- package/dist/fix-packs/generate-fix-packs.d.ts +15 -0
- package/dist/fix-packs/generate-fix-packs.d.ts.map +1 -0
- package/dist/fix-packs/generate-fix-packs.js +505 -0
- package/dist/fix-packs/index.d.ts +8 -0
- package/dist/fix-packs/index.d.ts.map +1 -0
- package/dist/fix-packs/index.js +23 -0
- package/dist/fix-packs/types.d.ts +113 -0
- package/dist/fix-packs/types.d.ts.map +1 -0
- package/dist/fix-packs/types.js +71 -0
- package/dist/index.d.ts +13 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +28 -0
- package/dist/metrics/prometheus.d.ts +99 -0
- package/dist/metrics/prometheus.d.ts.map +1 -0
- package/dist/metrics/prometheus.js +306 -0
- package/dist/quota-ledger.d.ts +119 -0
- package/dist/quota-ledger.d.ts.map +1 -0
- package/dist/quota-ledger.js +462 -0
- package/dist/rbac/__tests__/permissions.test.d.ts +8 -0
- package/dist/rbac/__tests__/permissions.test.d.ts.map +1 -0
- package/dist/rbac/__tests__/permissions.test.js +350 -0
- package/dist/rbac/index.d.ts +9 -0
- package/dist/rbac/index.d.ts.map +1 -0
- package/dist/rbac/index.js +32 -0
- package/dist/rbac/permissions.d.ts +71 -0
- package/dist/rbac/permissions.d.ts.map +1 -0
- package/dist/rbac/permissions.js +247 -0
- package/dist/rbac/types.d.ts +69 -0
- package/dist/rbac/types.d.ts.map +1 -0
- package/dist/rbac/types.js +213 -0
- package/dist/tier-config.d.ts +203 -0
- package/dist/tier-config.d.ts.map +1 -0
- package/dist/tier-config.js +675 -0
- package/dist/types.d.ts +365 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +5 -0
- package/dist/utils.d.ts +36 -0
- package/dist/utils.d.ts.map +1 -0
- package/dist/utils.js +127 -0
- package/dist/verified-autofix/__tests__/format-validator.test.d.ts +11 -0
- package/dist/verified-autofix/__tests__/format-validator.test.d.ts.map +1 -0
- package/dist/verified-autofix/__tests__/format-validator.test.js +285 -0
- package/dist/verified-autofix/__tests__/pipeline.test.d.ts +11 -0
- package/dist/verified-autofix/__tests__/pipeline.test.d.ts.map +1 -0
- package/dist/verified-autofix/__tests__/pipeline.test.js +389 -0
- package/dist/verified-autofix/__tests__/repo-fingerprint.test.d.ts +11 -0
- package/dist/verified-autofix/__tests__/repo-fingerprint.test.d.ts.map +1 -0
- package/dist/verified-autofix/__tests__/repo-fingerprint.test.js +236 -0
- package/dist/verified-autofix/__tests__/workspace.test.d.ts +11 -0
- package/dist/verified-autofix/__tests__/workspace.test.d.ts.map +1 -0
- package/dist/verified-autofix/__tests__/workspace.test.js +314 -0
- package/dist/verified-autofix/format-validator.d.ts +101 -0
- package/dist/verified-autofix/format-validator.d.ts.map +1 -0
- package/dist/verified-autofix/format-validator.js +446 -0
- package/dist/verified-autofix/index.d.ts +14 -0
- package/dist/verified-autofix/index.d.ts.map +1 -0
- package/dist/verified-autofix/index.js +39 -0
- package/dist/verified-autofix/pipeline.d.ts +68 -0
- package/dist/verified-autofix/pipeline.d.ts.map +1 -0
- package/dist/verified-autofix/pipeline.js +330 -0
- package/dist/verified-autofix/repo-fingerprint.d.ts +56 -0
- package/dist/verified-autofix/repo-fingerprint.d.ts.map +1 -0
- package/dist/verified-autofix/repo-fingerprint.js +396 -0
- package/dist/verified-autofix/workspace.d.ts +83 -0
- package/dist/verified-autofix/workspace.d.ts.map +1 -0
- package/dist/verified-autofix/workspace.js +454 -0
- package/dist/verified-autofix.d.ts +182 -0
- package/dist/verified-autofix.d.ts.map +1 -0
- package/dist/verified-autofix.js +1021 -0
- package/dist/visualization/dependency-graph.d.ts +79 -0
- package/dist/visualization/dependency-graph.d.ts.map +1 -0
- package/dist/visualization/dependency-graph.js +399 -0
- package/dist/visualization/index.d.ts +5 -0
- package/dist/visualization/index.d.ts.map +1 -0
- package/dist/visualization/index.js +20 -0
- package/package.json +29 -0
- package/src/__tests__/autopilot.test.ts +196 -0
- package/src/__tests__/tier-config.test.ts +289 -0
- package/src/__tests__/utils/hash-inline.test.ts +76 -0
- package/src/__tests__/utils/hash.test.ts +119 -0
- package/src/__tests__/utils/simple.test.ts +10 -0
- package/src/__tests__/utils/utils-simple.test.ts +5 -0
- package/src/__tests__/utils/utils.test.ts +203 -0
- package/src/autopilot/autopilot-runner.ts +503 -0
- package/src/autopilot/index.ts +6 -0
- package/src/autopilot/types.ts +119 -0
- package/src/cache/index.ts +7 -0
- package/src/cache/redis-cache.d.ts +155 -0
- package/src/cache/redis-cache.d.ts.map +1 -0
- package/src/cache/redis-cache.ts +517 -0
- package/src/ci/github-actions.ts +335 -0
- package/src/ci/index.ts +12 -0
- package/src/ci/pre-commit.ts +338 -0
- package/src/db/usage-schema.prisma +114 -0
- package/src/entitlements.ts +570 -0
- package/src/env.d.ts +68 -0
- package/src/env.d.ts.map +1 -0
- package/src/env.ts +247 -0
- package/src/fix-packs/__tests__/generate-fix-packs.test.ts +317 -0
- package/src/fix-packs/generate-fix-packs.ts +577 -0
- package/src/fix-packs/index.ts +8 -0
- package/src/fix-packs/types.ts +206 -0
- package/src/index.d.ts +7 -0
- package/src/index.d.ts.map +1 -0
- package/src/index.ts +12 -0
- package/src/metrics/prometheus.d.ts +104 -0
- package/src/metrics/prometheus.d.ts.map +1 -0
- package/src/metrics/prometheus.ts +446 -0
- package/src/quota-ledger.ts +548 -0
- package/src/rbac/__tests__/permissions.test.ts +446 -0
- package/src/rbac/index.ts +46 -0
- package/src/rbac/permissions.ts +301 -0
- package/src/rbac/types.ts +298 -0
- package/src/tier-config.json +157 -0
- package/src/tier-config.ts +815 -0
- package/src/types.d.ts +365 -0
- package/src/types.d.ts.map +1 -0
- package/src/types.ts +441 -0
- package/src/utils.d.ts +36 -0
- package/src/utils.d.ts.map +1 -0
- package/src/utils.ts +140 -0
- package/src/verified-autofix/__tests__/format-validator.test.ts +335 -0
- package/src/verified-autofix/__tests__/pipeline.test.ts +419 -0
- package/src/verified-autofix/__tests__/repo-fingerprint.test.ts +241 -0
- package/src/verified-autofix/__tests__/workspace.test.ts +373 -0
- package/src/verified-autofix/format-validator.ts +517 -0
- package/src/verified-autofix/index.ts +63 -0
- package/src/verified-autofix/pipeline.ts +403 -0
- package/src/verified-autofix/repo-fingerprint.ts +459 -0
- package/src/verified-autofix/workspace.ts +531 -0
- package/src/verified-autofix.ts +1187 -0
- package/src/visualization/dependency-graph.d.ts +85 -0
- package/src/visualization/dependency-graph.d.ts.map +1 -0
- package/src/visualization/dependency-graph.ts +495 -0
- package/src/visualization/index.ts +5 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"format-validator.d.ts","sourceRoot":"","sources":["../../src/verified-autofix/format-validator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAQH,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,cAAc,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,SAAS,CAAC,EAAE,iBAAiB,CAAC;CAC/B;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;CACjB;AAkDD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAqBvD;AAMD;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,OAAO,GAAG,gBAAgB,CA8DhE;AAMD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,oBAAoB,CAsHtE;AAMD;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,WAAW,EAAE,MAAM,GAAG;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAsB5G;AAMD;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAa7F;AAMD;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,MAAM,EAAE,CAAA;CAAE,CAqBhF;AAMD,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,MAAM,CAAC,EAAE,iBAAiB,CAAC;IAC3B,cAAc,CAAC,EAAE,oBAAoB,CAAC;IACtC,UAAU,CAAC,EAAE;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IACjD,aAAa,CAAC,EAAE;QAAE,IAAI,EAAE,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IACpD,aAAa,CAAC,EAAE;QAAE,QAAQ,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IACvD,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,MAAM,EACX,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;IAAE,cAAc,CAAC,EAAE,OAAO,CAAA;CAAE,GACrC,oBAAoB,CAkFtB;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAGtD"}
|
|
@@ -0,0 +1,446 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Format Validator - Strict Output Protocol Enforcement
|
|
4
|
+
*
|
|
5
|
+
* Validates AI agent output format:
|
|
6
|
+
* 1. JSON shape validation (guardrail-v1 format)
|
|
7
|
+
* 2. Unified diff validity checking
|
|
8
|
+
* 3. Markdown fence stripping (forgiving)
|
|
9
|
+
* 4. Path safety validation
|
|
10
|
+
* 5. Stub/placeholder detection
|
|
11
|
+
*/
|
|
12
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
13
|
+
if (k2 === undefined) k2 = k;
|
|
14
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
15
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
16
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
17
|
+
}
|
|
18
|
+
Object.defineProperty(o, k2, desc);
|
|
19
|
+
}) : (function(o, m, k, k2) {
|
|
20
|
+
if (k2 === undefined) k2 = k;
|
|
21
|
+
o[k2] = m[k];
|
|
22
|
+
}));
|
|
23
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
24
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
25
|
+
}) : function(o, v) {
|
|
26
|
+
o["default"] = v;
|
|
27
|
+
});
|
|
28
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
29
|
+
var ownKeys = function(o) {
|
|
30
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
31
|
+
var ar = [];
|
|
32
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
33
|
+
return ar;
|
|
34
|
+
};
|
|
35
|
+
return ownKeys(o);
|
|
36
|
+
};
|
|
37
|
+
return function (mod) {
|
|
38
|
+
if (mod && mod.__esModule) return mod;
|
|
39
|
+
var result = {};
|
|
40
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
41
|
+
__setModuleDefault(result, mod);
|
|
42
|
+
return result;
|
|
43
|
+
};
|
|
44
|
+
})();
|
|
45
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
46
|
+
exports.stripMarkdownFences = stripMarkdownFences;
|
|
47
|
+
exports.validateJsonShape = validateJsonShape;
|
|
48
|
+
exports.validateUnifiedDiff = validateUnifiedDiff;
|
|
49
|
+
exports.validatePathSafety = validatePathSafety;
|
|
50
|
+
exports.validateCommandSafety = validateCommandSafety;
|
|
51
|
+
exports.detectStubs = detectStubs;
|
|
52
|
+
exports.validateAgentOutput = validateAgentOutput;
|
|
53
|
+
exports.isMarkdownWrapped = isMarkdownWrapped;
|
|
54
|
+
const path = __importStar(require("path"));
|
|
55
|
+
// ============================================================================
|
|
56
|
+
// CONSTANTS
|
|
57
|
+
// ============================================================================
|
|
58
|
+
const STUB_PATTERNS = [
|
|
59
|
+
/TODO\s*:/i,
|
|
60
|
+
/FIXME\s*:/i,
|
|
61
|
+
/XXX\s*:/i,
|
|
62
|
+
/HACK\s*:/i,
|
|
63
|
+
/\bplaceholder\b/i,
|
|
64
|
+
/\bstub\b/i,
|
|
65
|
+
/\bnot\s+implemented\b/i,
|
|
66
|
+
/throw\s+new\s+Error\s*\(\s*['"`]Not implemented/i,
|
|
67
|
+
/\/\/\s*TODO/i,
|
|
68
|
+
/\/\*\s*TODO/i,
|
|
69
|
+
/console\.log\s*\(\s*['"`]TODO/i,
|
|
70
|
+
];
|
|
71
|
+
const UNSAFE_PATH_PATTERNS = [
|
|
72
|
+
/\.\.\//, // Parent directory traversal
|
|
73
|
+
/^\/etc\//, // System config
|
|
74
|
+
/^\/usr\//, // System binaries
|
|
75
|
+
/^\/var\//, // System var
|
|
76
|
+
/^\/root\//, // Root home
|
|
77
|
+
/^\/home\/(?![\w-]+\/)/, // Other users' homes
|
|
78
|
+
/^C:\\Windows\\/i, // Windows system
|
|
79
|
+
/^C:\\Program Files/i, // Windows programs
|
|
80
|
+
/node_modules\//, // Dependencies
|
|
81
|
+
/\.git\//, // Git internals
|
|
82
|
+
];
|
|
83
|
+
const UNSAFE_COMMANDS = [
|
|
84
|
+
/\brm\s+-rf?\s+\//, // Delete root
|
|
85
|
+
/\brm\s+-rf?\s+~\//, // Delete home
|
|
86
|
+
/\bsudo\b/, // Elevated privileges
|
|
87
|
+
/\bchmod\s+777\b/, // Insecure permissions
|
|
88
|
+
/\bcurl\b.*\|\s*sh\b/, // Pipe to shell
|
|
89
|
+
/\bwget\b.*\|\s*sh\b/, // Pipe to shell
|
|
90
|
+
/\beval\s*\(/, // Code injection
|
|
91
|
+
/\bexec\s*\(/, // Code execution
|
|
92
|
+
/\b--force\b/, // Force flags (risky)
|
|
93
|
+
/\bgit\s+push\s+--force\b/, // Force push
|
|
94
|
+
];
|
|
95
|
+
// ============================================================================
|
|
96
|
+
// MARKDOWN FENCE STRIPPING
|
|
97
|
+
// ============================================================================
|
|
98
|
+
/**
|
|
99
|
+
* Strip markdown code fences from raw agent output (forgiving mode)
|
|
100
|
+
*/
|
|
101
|
+
function stripMarkdownFences(raw) {
|
|
102
|
+
let content = raw.trim();
|
|
103
|
+
// Remove ```json ... ``` wrapper
|
|
104
|
+
const jsonFenceMatch = content.match(/^```(?:json)?\s*([\s\S]*?)```\s*$/);
|
|
105
|
+
if (jsonFenceMatch && jsonFenceMatch[1]) {
|
|
106
|
+
content = jsonFenceMatch[1].trim();
|
|
107
|
+
}
|
|
108
|
+
// Remove leading/trailing ``` if partial
|
|
109
|
+
if (content.startsWith('```json')) {
|
|
110
|
+
content = content.slice(7).trim();
|
|
111
|
+
}
|
|
112
|
+
else if (content.startsWith('```')) {
|
|
113
|
+
content = content.slice(3).trim();
|
|
114
|
+
}
|
|
115
|
+
if (content.endsWith('```')) {
|
|
116
|
+
content = content.slice(0, -3).trim();
|
|
117
|
+
}
|
|
118
|
+
return content;
|
|
119
|
+
}
|
|
120
|
+
// ============================================================================
|
|
121
|
+
// JSON SHAPE VALIDATION
|
|
122
|
+
// ============================================================================
|
|
123
|
+
/**
|
|
124
|
+
* Validate the guardrail-v1 JSON shape
|
|
125
|
+
*/
|
|
126
|
+
function validateJsonShape(obj) {
|
|
127
|
+
const errors = [];
|
|
128
|
+
const warnings = [];
|
|
129
|
+
if (!obj || typeof obj !== 'object') {
|
|
130
|
+
return { valid: false, errors: ['Input must be a JSON object'], warnings: [] };
|
|
131
|
+
}
|
|
132
|
+
const data = obj;
|
|
133
|
+
// Check format field
|
|
134
|
+
if (data['format'] !== 'guardrail-v1') {
|
|
135
|
+
errors.push(`Missing or invalid "format" field. Expected "guardrail-v1", got "${data['format']}"`);
|
|
136
|
+
}
|
|
137
|
+
// Check diff field
|
|
138
|
+
if (typeof data['diff'] !== 'string') {
|
|
139
|
+
errors.push('Missing or invalid "diff" field. Must be a string.');
|
|
140
|
+
}
|
|
141
|
+
else if (data['diff'].length === 0) {
|
|
142
|
+
warnings.push('Empty diff field - no changes to apply');
|
|
143
|
+
}
|
|
144
|
+
// Check commands field
|
|
145
|
+
if (!Array.isArray(data['commands'])) {
|
|
146
|
+
errors.push('Missing or invalid "commands" field. Must be an array.');
|
|
147
|
+
}
|
|
148
|
+
else {
|
|
149
|
+
for (let i = 0; i < data['commands'].length; i++) {
|
|
150
|
+
if (typeof data['commands'][i] !== 'string') {
|
|
151
|
+
errors.push(`commands[${i}] must be a string`);
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
// Check tests field
|
|
156
|
+
if (!Array.isArray(data['tests'])) {
|
|
157
|
+
errors.push('Missing or invalid "tests" field. Must be an array.');
|
|
158
|
+
}
|
|
159
|
+
else {
|
|
160
|
+
for (let i = 0; i < data['tests'].length; i++) {
|
|
161
|
+
if (typeof data['tests'][i] !== 'string') {
|
|
162
|
+
errors.push(`tests[${i}] must be a string`);
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
// Check notes field
|
|
167
|
+
if (typeof data['notes'] !== 'string') {
|
|
168
|
+
errors.push('Missing or invalid "notes" field. Must be a string.');
|
|
169
|
+
}
|
|
170
|
+
if (errors.length > 0) {
|
|
171
|
+
return { valid: false, errors, warnings };
|
|
172
|
+
}
|
|
173
|
+
const sanitized = {
|
|
174
|
+
format: 'guardrail-v1',
|
|
175
|
+
diff: data['diff'],
|
|
176
|
+
commands: data['commands'],
|
|
177
|
+
tests: data['tests'],
|
|
178
|
+
notes: data['notes'],
|
|
179
|
+
};
|
|
180
|
+
return { valid: true, errors: [], warnings, sanitized };
|
|
181
|
+
}
|
|
182
|
+
// ============================================================================
|
|
183
|
+
// UNIFIED DIFF VALIDATION
|
|
184
|
+
// ============================================================================
|
|
185
|
+
/**
|
|
186
|
+
* Parse and validate unified diff format
|
|
187
|
+
*/
|
|
188
|
+
function validateUnifiedDiff(diff) {
|
|
189
|
+
const errors = [];
|
|
190
|
+
const hunks = [];
|
|
191
|
+
const filesAffected = [];
|
|
192
|
+
if (!diff || diff.trim().length === 0) {
|
|
193
|
+
return { valid: true, errors: [], hunks: [], filesAffected: [] };
|
|
194
|
+
}
|
|
195
|
+
const lines = diff.split('\n');
|
|
196
|
+
let currentFile = null;
|
|
197
|
+
let currentHunk = null;
|
|
198
|
+
let hunkContent = [];
|
|
199
|
+
let lineIndex = 0;
|
|
200
|
+
while (lineIndex < lines.length) {
|
|
201
|
+
const line = lines[lineIndex] || '';
|
|
202
|
+
// File header: --- a/path or --- path
|
|
203
|
+
if (line.startsWith('--- ')) {
|
|
204
|
+
const filePath = line.slice(4).replace(/^[ab]\//, '').split('\t')[0];
|
|
205
|
+
if (filePath) {
|
|
206
|
+
currentFile = filePath;
|
|
207
|
+
}
|
|
208
|
+
lineIndex++;
|
|
209
|
+
continue;
|
|
210
|
+
}
|
|
211
|
+
// File header: +++ b/path or +++ path
|
|
212
|
+
if (line.startsWith('+++ ')) {
|
|
213
|
+
const filePath = line.slice(4).replace(/^[ab]\//, '').split('\t')[0];
|
|
214
|
+
if (filePath && filePath !== '/dev/null') {
|
|
215
|
+
currentFile = filePath;
|
|
216
|
+
if (!filesAffected.includes(filePath)) {
|
|
217
|
+
filesAffected.push(filePath);
|
|
218
|
+
}
|
|
219
|
+
}
|
|
220
|
+
lineIndex++;
|
|
221
|
+
continue;
|
|
222
|
+
}
|
|
223
|
+
// Hunk header: @@ -start,count +start,count @@
|
|
224
|
+
const hunkMatch = line.match(/^@@\s+-(\d+)(?:,(\d+))?\s+\+(\d+)(?:,(\d+))?\s+@@/);
|
|
225
|
+
if (hunkMatch) {
|
|
226
|
+
// Save previous hunk
|
|
227
|
+
if (currentHunk && currentFile) {
|
|
228
|
+
currentHunk.content = hunkContent.join('\n');
|
|
229
|
+
hunks.push(currentHunk);
|
|
230
|
+
}
|
|
231
|
+
currentHunk = {
|
|
232
|
+
file: currentFile || 'unknown',
|
|
233
|
+
oldStart: parseInt(hunkMatch[1] || '1', 10),
|
|
234
|
+
oldLines: parseInt(hunkMatch[2] || '1', 10),
|
|
235
|
+
newStart: parseInt(hunkMatch[3] || '1', 10),
|
|
236
|
+
newLines: parseInt(hunkMatch[4] || '1', 10),
|
|
237
|
+
content: '',
|
|
238
|
+
};
|
|
239
|
+
hunkContent = [line];
|
|
240
|
+
lineIndex++;
|
|
241
|
+
continue;
|
|
242
|
+
}
|
|
243
|
+
// Diff content lines
|
|
244
|
+
if (currentHunk) {
|
|
245
|
+
if (line.startsWith('+') || line.startsWith('-') || line.startsWith(' ') || line === '') {
|
|
246
|
+
hunkContent.push(line);
|
|
247
|
+
}
|
|
248
|
+
else if (line.startsWith('diff --git')) {
|
|
249
|
+
// New file in multi-file diff - save current hunk
|
|
250
|
+
if (currentFile) {
|
|
251
|
+
currentHunk.content = hunkContent.join('\n');
|
|
252
|
+
hunks.push(currentHunk);
|
|
253
|
+
}
|
|
254
|
+
currentHunk = null;
|
|
255
|
+
hunkContent = [];
|
|
256
|
+
currentFile = null;
|
|
257
|
+
}
|
|
258
|
+
else if (line.startsWith('index ') || line.startsWith('new file') || line.startsWith('deleted file')) {
|
|
259
|
+
// Git diff metadata - skip
|
|
260
|
+
}
|
|
261
|
+
else if (line.trim() !== '') {
|
|
262
|
+
// Unexpected line in hunk
|
|
263
|
+
errors.push(`Unexpected line in diff at line ${lineIndex + 1}: "${line.slice(0, 50)}..."`);
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
lineIndex++;
|
|
267
|
+
}
|
|
268
|
+
// Save last hunk
|
|
269
|
+
if (currentHunk && currentFile) {
|
|
270
|
+
currentHunk.content = hunkContent.join('\n');
|
|
271
|
+
hunks.push(currentHunk);
|
|
272
|
+
}
|
|
273
|
+
// Validate hunk line counts
|
|
274
|
+
for (const hunk of hunks) {
|
|
275
|
+
const hunkLines = hunk.content.split('\n').filter(l => !l.startsWith('@@'));
|
|
276
|
+
const addLines = hunkLines.filter(l => l.startsWith('+')).length;
|
|
277
|
+
const delLines = hunkLines.filter(l => l.startsWith('-')).length;
|
|
278
|
+
const ctxLines = hunkLines.filter(l => l.startsWith(' ') || l === '').length;
|
|
279
|
+
const expectedOld = delLines + ctxLines;
|
|
280
|
+
const expectedNew = addLines + ctxLines;
|
|
281
|
+
// Allow some tolerance for trailing newlines
|
|
282
|
+
if (Math.abs(expectedOld - hunk.oldLines) > 1) {
|
|
283
|
+
errors.push(`Hunk for ${hunk.file}: old line count mismatch (header: ${hunk.oldLines}, actual: ${expectedOld})`);
|
|
284
|
+
}
|
|
285
|
+
if (Math.abs(expectedNew - hunk.newLines) > 1) {
|
|
286
|
+
errors.push(`Hunk for ${hunk.file}: new line count mismatch (header: ${hunk.newLines}, actual: ${expectedNew})`);
|
|
287
|
+
}
|
|
288
|
+
}
|
|
289
|
+
return {
|
|
290
|
+
valid: errors.length === 0,
|
|
291
|
+
errors,
|
|
292
|
+
hunks,
|
|
293
|
+
filesAffected,
|
|
294
|
+
};
|
|
295
|
+
}
|
|
296
|
+
// ============================================================================
|
|
297
|
+
// PATH SAFETY VALIDATION
|
|
298
|
+
// ============================================================================
|
|
299
|
+
/**
|
|
300
|
+
* Validate that file paths are safe (no traversal, no system paths)
|
|
301
|
+
*/
|
|
302
|
+
function validatePathSafety(paths, projectRoot) {
|
|
303
|
+
const issues = [];
|
|
304
|
+
for (const filePath of paths) {
|
|
305
|
+
// Check for unsafe patterns
|
|
306
|
+
for (const pattern of UNSAFE_PATH_PATTERNS) {
|
|
307
|
+
if (pattern.test(filePath)) {
|
|
308
|
+
issues.push(`Unsafe path pattern detected: ${filePath}`);
|
|
309
|
+
break;
|
|
310
|
+
}
|
|
311
|
+
}
|
|
312
|
+
// Resolve and check if within project
|
|
313
|
+
const resolved = path.resolve(projectRoot, filePath);
|
|
314
|
+
const relative = path.relative(projectRoot, resolved);
|
|
315
|
+
if (relative.startsWith('..') || path.isAbsolute(relative)) {
|
|
316
|
+
issues.push(`Path escapes project root: ${filePath}`);
|
|
317
|
+
}
|
|
318
|
+
}
|
|
319
|
+
return { safe: issues.length === 0, issues };
|
|
320
|
+
}
|
|
321
|
+
// ============================================================================
|
|
322
|
+
// COMMAND SAFETY VALIDATION
|
|
323
|
+
// ============================================================================
|
|
324
|
+
/**
|
|
325
|
+
* Validate that commands are safe to run
|
|
326
|
+
*/
|
|
327
|
+
function validateCommandSafety(commands) {
|
|
328
|
+
const issues = [];
|
|
329
|
+
for (const cmd of commands) {
|
|
330
|
+
for (const pattern of UNSAFE_COMMANDS) {
|
|
331
|
+
if (pattern.test(cmd)) {
|
|
332
|
+
issues.push(`Potentially unsafe command: ${cmd}`);
|
|
333
|
+
break;
|
|
334
|
+
}
|
|
335
|
+
}
|
|
336
|
+
}
|
|
337
|
+
return { safe: issues.length === 0, issues };
|
|
338
|
+
}
|
|
339
|
+
// ============================================================================
|
|
340
|
+
// STUB DETECTION
|
|
341
|
+
// ============================================================================
|
|
342
|
+
/**
|
|
343
|
+
* Detect placeholder/stub code in diff additions
|
|
344
|
+
*/
|
|
345
|
+
function detectStubs(diff) {
|
|
346
|
+
const stubs = [];
|
|
347
|
+
const lines = diff.split('\n');
|
|
348
|
+
for (const line of lines) {
|
|
349
|
+
// Only check added lines
|
|
350
|
+
if (!line.startsWith('+') || line.startsWith('+++')) {
|
|
351
|
+
continue;
|
|
352
|
+
}
|
|
353
|
+
const content = line.slice(1); // Remove the + prefix
|
|
354
|
+
for (const pattern of STUB_PATTERNS) {
|
|
355
|
+
if (pattern.test(content)) {
|
|
356
|
+
stubs.push(content.trim().slice(0, 100));
|
|
357
|
+
break;
|
|
358
|
+
}
|
|
359
|
+
}
|
|
360
|
+
}
|
|
361
|
+
return { hasStubs: stubs.length > 0, stubs };
|
|
362
|
+
}
|
|
363
|
+
/**
|
|
364
|
+
* Full validation pipeline for agent output
|
|
365
|
+
*/
|
|
366
|
+
function validateAgentOutput(raw, projectRoot, options) {
|
|
367
|
+
const errors = [];
|
|
368
|
+
const warnings = [];
|
|
369
|
+
// Step 1: Check for markdown fences and strip them (forgiving mode)
|
|
370
|
+
const wasMarkdownWrapped = isMarkdownWrapped(raw);
|
|
371
|
+
if (wasMarkdownWrapped) {
|
|
372
|
+
if (options?.strictMarkdown) {
|
|
373
|
+
// In strict mode, reject markdown-wrapped output entirely
|
|
374
|
+
return {
|
|
375
|
+
valid: false,
|
|
376
|
+
errors: ['Output must be raw JSON, not wrapped in markdown fences. Remove ```json and ``` markers.'],
|
|
377
|
+
warnings: [],
|
|
378
|
+
wasMarkdownWrapped: true,
|
|
379
|
+
};
|
|
380
|
+
}
|
|
381
|
+
// In forgiving mode, strip fences but warn
|
|
382
|
+
warnings.push('Output was wrapped in markdown fences (```json). Stripped automatically. AI should return raw JSON.');
|
|
383
|
+
}
|
|
384
|
+
const stripped = stripMarkdownFences(raw);
|
|
385
|
+
// Step 2: Parse JSON
|
|
386
|
+
let parsed;
|
|
387
|
+
try {
|
|
388
|
+
parsed = JSON.parse(stripped);
|
|
389
|
+
}
|
|
390
|
+
catch (e) {
|
|
391
|
+
return {
|
|
392
|
+
valid: false,
|
|
393
|
+
errors: [`Invalid JSON: ${e.message}`],
|
|
394
|
+
warnings: [],
|
|
395
|
+
};
|
|
396
|
+
}
|
|
397
|
+
// Step 3: Validate JSON shape
|
|
398
|
+
const shapeResult = validateJsonShape(parsed);
|
|
399
|
+
if (!shapeResult.valid || !shapeResult.sanitized) {
|
|
400
|
+
return {
|
|
401
|
+
valid: false,
|
|
402
|
+
errors: shapeResult.errors,
|
|
403
|
+
warnings: shapeResult.warnings,
|
|
404
|
+
};
|
|
405
|
+
}
|
|
406
|
+
warnings.push(...shapeResult.warnings);
|
|
407
|
+
const output = shapeResult.sanitized;
|
|
408
|
+
// Step 4: Validate unified diff
|
|
409
|
+
const diffValidation = validateUnifiedDiff(output.diff);
|
|
410
|
+
if (!diffValidation.valid) {
|
|
411
|
+
errors.push(...diffValidation.errors);
|
|
412
|
+
}
|
|
413
|
+
// Step 5: Validate path safety
|
|
414
|
+
const pathSafety = validatePathSafety(diffValidation.filesAffected, projectRoot);
|
|
415
|
+
if (!pathSafety.safe) {
|
|
416
|
+
errors.push(...pathSafety.issues);
|
|
417
|
+
}
|
|
418
|
+
// Step 6: Validate command safety
|
|
419
|
+
const commandSafety = validateCommandSafety(output.commands);
|
|
420
|
+
if (!commandSafety.safe) {
|
|
421
|
+
warnings.push(...commandSafety.issues); // Warn but don't block
|
|
422
|
+
}
|
|
423
|
+
// Step 7: Detect stubs
|
|
424
|
+
const stubDetection = detectStubs(output.diff);
|
|
425
|
+
if (stubDetection.hasStubs) {
|
|
426
|
+
errors.push(`Stub/placeholder code detected in diff: ${stubDetection.stubs.slice(0, 3).join(', ')}`);
|
|
427
|
+
}
|
|
428
|
+
return {
|
|
429
|
+
valid: errors.length === 0,
|
|
430
|
+
errors,
|
|
431
|
+
warnings,
|
|
432
|
+
output,
|
|
433
|
+
diffValidation,
|
|
434
|
+
pathSafety,
|
|
435
|
+
commandSafety,
|
|
436
|
+
stubDetection,
|
|
437
|
+
wasMarkdownWrapped,
|
|
438
|
+
};
|
|
439
|
+
}
|
|
440
|
+
/**
|
|
441
|
+
* Quick check if output is markdown-wrapped (for error messages)
|
|
442
|
+
*/
|
|
443
|
+
function isMarkdownWrapped(raw) {
|
|
444
|
+
const trimmed = raw.trim();
|
|
445
|
+
return trimmed.startsWith('```') || trimmed.includes('```json');
|
|
446
|
+
}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Verified AutoFix Module - Public API
|
|
3
|
+
*
|
|
4
|
+
* Exports for the verified autofix pipeline:
|
|
5
|
+
* - Format validation
|
|
6
|
+
* - Temp workspace management
|
|
7
|
+
* - Repo fingerprinting
|
|
8
|
+
* - Full pipeline orchestration
|
|
9
|
+
*/
|
|
10
|
+
export { validateAgentOutput, validateJsonShape, validateUnifiedDiff, validatePathSafety, validateCommandSafety, detectStubs, stripMarkdownFences, isMarkdownWrapped, type GuardrailV1Output, type ValidationResult, type DiffValidationResult, type ParsedHunk, type FullValidationResult, } from './format-validator';
|
|
11
|
+
export { TempWorkspace, tempWorkspace, type WorkspaceOptions, type WorkspaceInfo, type ApplyResult, type VerifyResult, type CheckResult, } from './workspace';
|
|
12
|
+
export { fingerprintRepo, getInstallCommand, getBuildCommand, getTestCommand, getTypecheckCommand, type PackageManager, type BuildTool, type Framework, type TestRunner, type RepoFingerprint, type FingerprintResult, } from './repo-fingerprint';
|
|
13
|
+
export { VerifiedAutofixPipeline, verifiedAutofixPipeline, formatPipelineResult, formatPipelineResultJson, type PipelineOptions, type PipelineStage, type PipelineResult, } from './pipeline';
|
|
14
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/verified-autofix/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,qBAAqB,EACrB,WAAW,EACX,mBAAmB,EACnB,iBAAiB,EACjB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,UAAU,EACf,KAAK,oBAAoB,GAC1B,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,aAAa,EACb,aAAa,EACb,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,WAAW,GACjB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,mBAAmB,EACnB,KAAK,cAAc,EACnB,KAAK,SAAS,EACd,KAAK,SAAS,EACd,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,iBAAiB,GACvB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,uBAAuB,EACvB,uBAAuB,EACvB,oBAAoB,EACpB,wBAAwB,EACxB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,cAAc,GACpB,MAAM,YAAY,CAAC"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Verified AutoFix Module - Public API
|
|
4
|
+
*
|
|
5
|
+
* Exports for the verified autofix pipeline:
|
|
6
|
+
* - Format validation
|
|
7
|
+
* - Temp workspace management
|
|
8
|
+
* - Repo fingerprinting
|
|
9
|
+
* - Full pipeline orchestration
|
|
10
|
+
*/
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.formatPipelineResultJson = exports.formatPipelineResult = exports.verifiedAutofixPipeline = exports.VerifiedAutofixPipeline = exports.getTypecheckCommand = exports.getTestCommand = exports.getBuildCommand = exports.getInstallCommand = exports.fingerprintRepo = exports.tempWorkspace = exports.TempWorkspace = exports.isMarkdownWrapped = exports.stripMarkdownFences = exports.detectStubs = exports.validateCommandSafety = exports.validatePathSafety = exports.validateUnifiedDiff = exports.validateJsonShape = exports.validateAgentOutput = void 0;
|
|
13
|
+
// Format validation
|
|
14
|
+
var format_validator_1 = require("./format-validator");
|
|
15
|
+
Object.defineProperty(exports, "validateAgentOutput", { enumerable: true, get: function () { return format_validator_1.validateAgentOutput; } });
|
|
16
|
+
Object.defineProperty(exports, "validateJsonShape", { enumerable: true, get: function () { return format_validator_1.validateJsonShape; } });
|
|
17
|
+
Object.defineProperty(exports, "validateUnifiedDiff", { enumerable: true, get: function () { return format_validator_1.validateUnifiedDiff; } });
|
|
18
|
+
Object.defineProperty(exports, "validatePathSafety", { enumerable: true, get: function () { return format_validator_1.validatePathSafety; } });
|
|
19
|
+
Object.defineProperty(exports, "validateCommandSafety", { enumerable: true, get: function () { return format_validator_1.validateCommandSafety; } });
|
|
20
|
+
Object.defineProperty(exports, "detectStubs", { enumerable: true, get: function () { return format_validator_1.detectStubs; } });
|
|
21
|
+
Object.defineProperty(exports, "stripMarkdownFences", { enumerable: true, get: function () { return format_validator_1.stripMarkdownFences; } });
|
|
22
|
+
Object.defineProperty(exports, "isMarkdownWrapped", { enumerable: true, get: function () { return format_validator_1.isMarkdownWrapped; } });
|
|
23
|
+
// Workspace management
|
|
24
|
+
var workspace_1 = require("./workspace");
|
|
25
|
+
Object.defineProperty(exports, "TempWorkspace", { enumerable: true, get: function () { return workspace_1.TempWorkspace; } });
|
|
26
|
+
Object.defineProperty(exports, "tempWorkspace", { enumerable: true, get: function () { return workspace_1.tempWorkspace; } });
|
|
27
|
+
// Repo fingerprinting
|
|
28
|
+
var repo_fingerprint_1 = require("./repo-fingerprint");
|
|
29
|
+
Object.defineProperty(exports, "fingerprintRepo", { enumerable: true, get: function () { return repo_fingerprint_1.fingerprintRepo; } });
|
|
30
|
+
Object.defineProperty(exports, "getInstallCommand", { enumerable: true, get: function () { return repo_fingerprint_1.getInstallCommand; } });
|
|
31
|
+
Object.defineProperty(exports, "getBuildCommand", { enumerable: true, get: function () { return repo_fingerprint_1.getBuildCommand; } });
|
|
32
|
+
Object.defineProperty(exports, "getTestCommand", { enumerable: true, get: function () { return repo_fingerprint_1.getTestCommand; } });
|
|
33
|
+
Object.defineProperty(exports, "getTypecheckCommand", { enumerable: true, get: function () { return repo_fingerprint_1.getTypecheckCommand; } });
|
|
34
|
+
// Pipeline orchestration
|
|
35
|
+
var pipeline_1 = require("./pipeline");
|
|
36
|
+
Object.defineProperty(exports, "VerifiedAutofixPipeline", { enumerable: true, get: function () { return pipeline_1.VerifiedAutofixPipeline; } });
|
|
37
|
+
Object.defineProperty(exports, "verifiedAutofixPipeline", { enumerable: true, get: function () { return pipeline_1.verifiedAutofixPipeline; } });
|
|
38
|
+
Object.defineProperty(exports, "formatPipelineResult", { enumerable: true, get: function () { return pipeline_1.formatPipelineResult; } });
|
|
39
|
+
Object.defineProperty(exports, "formatPipelineResultJson", { enumerable: true, get: function () { return pipeline_1.formatPipelineResultJson; } });
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Verified AutoFix Pipeline - Orchestration Layer
|
|
3
|
+
*
|
|
4
|
+
* Pipeline order:
|
|
5
|
+
* 1. format → validate JSON shape + strip markdown
|
|
6
|
+
* 2. diff/path safety → validate unified diff + paths within project
|
|
7
|
+
* 3. command safety → warn on risky commands
|
|
8
|
+
* 4. stub detection → block TODO/placeholder in production
|
|
9
|
+
* 5. apply diff → git apply --check then git apply
|
|
10
|
+
* 6. typecheck → tsc --noEmit
|
|
11
|
+
* 7. build (ship) → npm run build
|
|
12
|
+
* 8. tests → npm test
|
|
13
|
+
*/
|
|
14
|
+
import { type FullValidationResult, type GuardrailV1Output } from './format-validator';
|
|
15
|
+
import { type VerifyResult } from './workspace';
|
|
16
|
+
import { type RepoFingerprint } from './repo-fingerprint';
|
|
17
|
+
export interface PipelineOptions {
|
|
18
|
+
projectPath: string;
|
|
19
|
+
agentOutputFile?: string;
|
|
20
|
+
agentOutputRaw?: string;
|
|
21
|
+
dryRun?: boolean;
|
|
22
|
+
skipTests?: boolean;
|
|
23
|
+
verbose?: boolean;
|
|
24
|
+
timeout?: number;
|
|
25
|
+
skipEntitlements?: boolean;
|
|
26
|
+
strictMarkdown?: boolean;
|
|
27
|
+
onProgress?: (stage: PipelineStage, message: string, data?: unknown) => void;
|
|
28
|
+
}
|
|
29
|
+
export type PipelineStage = 'init' | 'validate' | 'fingerprint' | 'workspace' | 'apply' | 'typecheck' | 'build' | 'test' | 'commit' | 'done' | 'error';
|
|
30
|
+
export interface PipelineResult {
|
|
31
|
+
success: boolean;
|
|
32
|
+
stage: PipelineStage;
|
|
33
|
+
duration: number;
|
|
34
|
+
validation?: FullValidationResult;
|
|
35
|
+
fingerprint?: RepoFingerprint;
|
|
36
|
+
verification?: VerifyResult;
|
|
37
|
+
filesModified: string[];
|
|
38
|
+
errors: string[];
|
|
39
|
+
warnings: string[];
|
|
40
|
+
failureContext: string[];
|
|
41
|
+
output?: GuardrailV1Output;
|
|
42
|
+
}
|
|
43
|
+
export declare class VerifiedAutofixPipeline {
|
|
44
|
+
private workspace;
|
|
45
|
+
constructor();
|
|
46
|
+
/**
|
|
47
|
+
* Run the full verification pipeline
|
|
48
|
+
*/
|
|
49
|
+
run(options: PipelineOptions): Promise<PipelineResult>;
|
|
50
|
+
/**
|
|
51
|
+
* Run from a file (CLI convenience method)
|
|
52
|
+
*/
|
|
53
|
+
runFromFile(agentOutputFile: string, projectPath: string, options?: Partial<PipelineOptions>): Promise<PipelineResult>;
|
|
54
|
+
/**
|
|
55
|
+
* Validate only (no apply) - for checking output format
|
|
56
|
+
*/
|
|
57
|
+
validateOnly(raw: string, projectPath: string): FullValidationResult;
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Format pipeline result for CLI output
|
|
61
|
+
*/
|
|
62
|
+
export declare function formatPipelineResult(result: PipelineResult): string;
|
|
63
|
+
/**
|
|
64
|
+
* Format result as JSON for machine consumption
|
|
65
|
+
*/
|
|
66
|
+
export declare function formatPipelineResultJson(result: PipelineResult): string;
|
|
67
|
+
export declare const verifiedAutofixPipeline: VerifiedAutofixPipeline;
|
|
68
|
+
//# sourceMappingURL=pipeline.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pipeline.d.ts","sourceRoot":"","sources":["../../src/verified-autofix/pipeline.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,EAEL,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAiB,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAmB,KAAK,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAO3E,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CAC9E;AAED,MAAM,MAAM,aAAa,GACrB,MAAM,GACN,UAAU,GACV,aAAa,GACb,WAAW,GACX,OAAO,GACP,WAAW,GACX,OAAO,GACP,MAAM,GACN,QAAQ,GACR,MAAM,GACN,OAAO,CAAC;AAEZ,MAAM,WAAW,cAAc;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,aAAa,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,oBAAoB,CAAC;IAClC,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,MAAM,CAAC,EAAE,iBAAiB,CAAC;CAC5B;AAMD,qBAAa,uBAAuB;IAClC,OAAO,CAAC,SAAS,CAAgB;;IAMjC;;OAEG;IACG,GAAG,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC;IAoM5D;;OAEG;IACG,WAAW,CACf,eAAe,EAAE,MAAM,EACvB,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,GACjC,OAAO,CAAC,cAAc,CAAC;IAQ1B;;OAEG;IACH,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,oBAAoB;CAGrE;AAMD;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM,CAiEnE;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,cAAc,GAAG,MAAM,CAkBvE;AAMD,eAAO,MAAM,uBAAuB,yBAAgC,CAAC"}
|