keystone-cli 1.0.3 → 1.1.0

package/src/expression/evaluator-audit.test.ts

@@ -59,8 +59,10 @@ describe('ExpressionEvaluator Audit Fixes', () => {
 
     it('should support level 3 array nesting', () => {
       // ${{ [ [ [ 1 ] ] ] }}
-      // biome-ignore lint/suspicious/noExplicitAny: generic loose validation for test
-      const res = ExpressionEvaluator.evaluate('${{ [ [ [ 1 ] ] ] }}', nestedContext) as any;
+      const res = ExpressionEvaluator.evaluate(
+        '${{ [ [ [ 1 ] ] ] }}',
+        nestedContext
+      ) as number[][][];
       expect(res[0][0][0]).toBe(1);
     });
   });

package/src/expression/evaluator.test.ts

@@ -1,4 +1,4 @@
-import { describe, expect, test } from 'bun:test';
+import { afterEach, describe, expect, test } from 'bun:test';
 import { ExpressionEvaluator } from './evaluator';
 
 describe('ExpressionEvaluator', () => {
@@ -21,6 +21,10 @@ describe('ExpressionEvaluator', () => {
     my_val: 123,
   };
 
+  afterEach(() => {
+    ExpressionEvaluator.setStrictMode(false);
+  });
+
   test('should evaluate simple literals', () => {
     expect(ExpressionEvaluator.evaluate("${{ 'hello' }}", context)).toBe('hello');
     expect(ExpressionEvaluator.evaluate('${{ 123 }}', context)).toBe(123);
@@ -98,6 +102,15 @@ describe('ExpressionEvaluator', () => {
     expect(ExpressionEvaluator.hasExpression('has ${{ expr }}')).toBe(true);
   });
 
+  test('should fail fast on malformed templates in strict mode', () => {
+    ExpressionEvaluator.setStrictMode(true);
+    expect(() => ExpressionEvaluator.evaluate('Hello ${{ inputs.name', context)).toThrow(
+      /Unclosed expression/
+    );
+    expect(() => ExpressionEvaluator.evaluate('Hello }}', context)).toThrow(/Unexpected/);
+    expect(ExpressionEvaluator.evaluate('Hello ${{ inputs.name }}', context)).toBe('Hello World');
+  });
+
   test('should handle evaluateObject', () => {
     const obj = {
       name: 'Hello ${{ inputs.name }}',

package/src/expression/evaluator.ts

@@ -1,7 +1,7 @@
 import jsepArrow from '@jsep-plugin/arrow';
 import jsepObject from '@jsep-plugin/object';
 import jsep from 'jsep';
-import { escapeShellArg } from '../runner/shell-executor.ts';
+import { escapeShellArg } from '../runner/executors/shell-executor.ts';
 
 // Register plugins
 jsep.plugins.register(jsepArrow);
@@ -14,6 +14,7 @@ jsep.plugins.register(jsepObject);
  * - secrets.KEY
  * - steps.step_id.output
  * - steps.step_id.outputs.field
+ * - memory.key
  * - item (for foreach)
  * - Basic JS expressions (arithmetic, comparisons, logical operators)
  * - Array access, method calls (map, filter, every, etc.)
@@ -36,10 +37,13 @@ export interface ExpressionContext {
   args?: unknown;
   index?: number;
   env?: Record<string, string>;
+  envOverrides?: Record<string, string>;
+  memory?: Record<string, unknown>;
   output?: unknown;
   autoHealAttempts?: number;
   reflexionAttempts?: number;
   outputRepairAttempts?: number;
+  qualityGateAttempts?: number;
   last_failed_step?: { id: string; error: string };
 }
 
@@ -90,6 +94,77 @@ export class ExpressionEvaluator {
   private static readonly MAX_TOTAL_NODES = 10000;
   // Maximum arrow function nesting depth
   private static readonly MAX_ARROW_DEPTH = 3;
+  private static strictMode = false;
+  private static jsepCache = new Map<string, ASTNode>();
+  private static maxCacheSize = 1000;
+
+  /**
+   * Set strict mode for template validation
+   */
+  static setStrictMode(strict: boolean): void {
+    ExpressionEvaluator.strictMode = strict;
+  }
+
+  /**
+   * Set the maximum cache size for parsed expressions.
+   * Default is 1000, which is suitable for most workflows.
+   * Increase for workflows with many unique expressions.
+   *
+   * @param size Maximum number of parsed expressions to cache
+   */
+  static setCacheSize(size: number): void {
+    if (size < 0) throw new Error('Cache size must be non-negative');
+    ExpressionEvaluator.maxCacheSize = size;
+    // Prune cache if it's now too large
+    while (ExpressionEvaluator.jsepCache.size > size) {
+      const firstKey = ExpressionEvaluator.jsepCache.keys().next().value;
+      if (firstKey !== undefined) ExpressionEvaluator.jsepCache.delete(firstKey);
+    }
+  }
+
+  /**
+   * Clear the expression cache. Useful for testing or memory management.
+   */
+  static clearCache(): void {
+    ExpressionEvaluator.jsepCache.clear();
+  }
+
+  private static validateTemplate(template: string): void {
+    let i = 0;
+    while (i < template.length) {
+      if (template.substring(i, i + 3) === '${{') {
+        let depth = 0;
+        let j = i + 3;
+        let closed = false;
+
+        while (j < template.length) {
+          if (template.substring(j, j + 2) === '}}' && depth === 0) {
+            closed = true;
+            i = j + 2;
+            break;
+          }
+
+          if (template[j] === '{') {
+            depth++;
+          } else if (template[j] === '}') {
+            if (depth > 0) depth--;
+          }
+          j++;
+        }
+
+        if (!closed) {
+          throw new Error(`Unclosed expression starting at index ${i}`);
+        }
+        continue;
+      }
+
+      if (template.substring(i, i + 2) === '}}') {
+        throw new Error(`Unexpected "}}" at index ${i}`);
+      }
+
+      i++;
+    }
+  }
 
   /**
    * Helper to scan string for matches of ${{ ... }} handling nested braces manually
@@ -141,6 +216,10 @@ export class ExpressionEvaluator {
    * Strict equality (===) is preserved for '==='.
    */
   static evaluate(template: string, context: ExpressionContext): unknown {
+    if (ExpressionEvaluator.strictMode && (template.includes('${{') || template.includes('}}'))) {
+      ExpressionEvaluator.validateTemplate(template);
+    }
+
     const hasExpr = ExpressionEvaluator.hasExpression(template);
 
     // Prevent excessive length
@@ -229,8 +308,37 @@ export class ExpressionEvaluator {
    * Evaluate a string and ensure the result is a string.
    * Objects and arrays are stringified to JSON.
    * null and undefined return an empty string.
+   *
+   * @throws TypeError if template is an object with a custom toString() method
    */
-  static evaluateString(template: string, context: ExpressionContext): string {
+  static evaluateString(template: unknown, context: ExpressionContext): string {
+    if (typeof template !== 'string') {
+      if (template === null || template === undefined) return '';
+
+      // Security: Reject objects with custom toString() to prevent code execution
+      // during string conversion. Only allow primitives.
+      if (typeof template === 'object') {
+        // Check if this is an object with a custom toString (not Object.prototype.toString)
+        const proto = Object.getPrototypeOf(template);
+        if (proto !== null && proto !== Object.prototype && proto !== Array.prototype) {
+          // Has custom prototype - could have malicious toString
+          if (
+            typeof (template as { toString?: unknown }).toString === 'function' &&
+            (template as { toString: () => string }).toString !== Object.prototype.toString
+          ) {
+            throw new TypeError(
+              'Security: Cannot evaluate object with custom toString() method. ' +
+                'Pass a string template instead.'
+            );
+          }
+        }
+        // Safe to serialize as JSON
+        return JSON.stringify(template, null, 2);
+      }
+
+      // Primitives are safe to convert
+      return String(template);
+    }
     const result = ExpressionEvaluator.evaluate(template, context);
 
     if (result === null || result === undefined) {
@@ -250,7 +358,22 @@ export class ExpressionEvaluator {
    */
   static evaluateExpression(expr: string, context: ExpressionContext): unknown {
     try {
-      const ast = jsep(expr);
+      let ast = ExpressionEvaluator.jsepCache.get(expr);
+      if (!ast) {
+        ast = jsep(expr);
+        // Only cache if maxCacheSize > 0 (caching enabled)
+        if (ExpressionEvaluator.maxCacheSize > 0) {
+          // Manage cache size with incremental eviction to reduce GC pressure
+          if (ExpressionEvaluator.jsepCache.size >= ExpressionEvaluator.maxCacheSize) {
+            const firstKey = ExpressionEvaluator.jsepCache.keys().next().value;
+            if (firstKey !== undefined) {
+              ExpressionEvaluator.jsepCache.delete(firstKey);
+            }
+          }
+          ExpressionEvaluator.jsepCache.set(expr, ast);
+        }
+      }
+
       // Track total nodes evaluated to prevent DoS
       const nodeCounter = { count: 0 };
       return ExpressionEvaluator.evaluateNode(ast, context, 0, nodeCounter);
@@ -357,6 +480,7 @@ export class ExpressionEvaluator {
           args: context.args,
           index: context.index,
           env: context.env || {},
+          memory: context.memory || {},
           stdout: contextAsRecord.stdout, // For transform expressions
           last_failed_step: context.last_failed_step,
         };
@@ -399,8 +523,9 @@ export class ExpressionEvaluator {
           if (
             ExpressionEvaluator.FORBIDDEN_PROPERTIES.has(property) ||
             ExpressionEvaluator.FORBIDDEN_PROPERTIES.has(propertyLower) ||
-            normalizedProperty.includes('proto') ||
-            normalizedProperty.includes('constructor')
+            normalizedProperty === '__proto__' ||
+            normalizedProperty === 'constructor' ||
+            normalizedProperty === 'prototype'
           ) {
             throw new Error(`Access to property "${property}" is forbidden for security reasons`);
           }
@@ -425,15 +550,19 @@ export class ExpressionEvaluator {
 
         switch (binaryNode.operator) {
           case '+':
-            return (left as number) + (right as number);
+            // Support both string concatenation and numeric addition
+            if (typeof left === 'string' || typeof right === 'string') {
+              return String(left ?? '') + String(right ?? '');
+            }
+            return Number(left) + Number(right);
           case '-':
-            return (left as number) - (right as number);
+            return Number(left) - Number(right);
           case '*':
-            return (left as number) * (right as number);
+            return Number(left) * Number(right);
           case '/':
-            return (left as number) / (right as number);
+            return Number(left) / Number(right);
           case '%':
-            return (left as number) % (right as number);
+            return Number(left) % Number(right);
           case '==':
             // Use loose equality to match non-programmer expectations (e.g. "5" == 5)
             // Strict equality is available via ===
@@ -447,13 +576,13 @@ export class ExpressionEvaluator {
           case '!==':
             return left !== right;
           case '<':
-            return (left as number) < (right as number);
+            return Number(left) < Number(right);
           case '<=':
-            return (left as number) <= (right as number);
+            return Number(left) <= Number(right);
           case '>':
-            return (left as number) > (right as number);
+            return Number(left) > Number(right);
           case '>=':
-            return (left as number) >= (right as number);
+            return Number(left) >= Number(right);
           default:
             throw new Error(`Unsupported binary operator: ${binaryNode.operator}`);
         }
@@ -518,6 +647,17 @@ export class ExpressionEvaluator {
             prop.key.type === 'Identifier' && !prop.computed
               ? (prop.key as jsep.Identifier).name
               : ExpressionEvaluator.evaluateNode(prop.key, context);
+          if (typeof key === 'string') {
+            const normalizedKey = key.normalize('NFKC').toLowerCase();
+            if (
+              ExpressionEvaluator.FORBIDDEN_PROPERTIES.has(key) ||
+              ExpressionEvaluator.FORBIDDEN_PROPERTIES.has(normalizedKey) ||
+              normalizedKey.includes('proto') ||
+              normalizedKey.includes('constructor')
+            ) {
+              throw new Error(`Access to property "${key}" is forbidden for security reasons`);
+            }
+          }
           result[key as string] = ExpressionEvaluator.evaluateNode(prop.value, context);
         }
         return result;
@@ -544,7 +684,8 @@ export class ExpressionEvaluator {
             if (arg.type === 'ArrowFunctionExpression') {
               return ExpressionEvaluator.createArrowFunction(
                 arg as ArrowFunctionExpression,
-                context
+                context,
+                nodeCounter
               );
             }
             return ExpressionEvaluator.evaluateNode(arg, context);
@@ -653,7 +794,8 @@ export class ExpressionEvaluator {
             if (arg.type === 'ArrowFunctionExpression') {
               return ExpressionEvaluator.createArrowFunction(
                 arg as ArrowFunctionExpression,
-                context
+                context,
+                nodeCounter
               );
             }
             return ExpressionEvaluator.evaluateNode(arg, context);
@@ -668,7 +810,11 @@ export class ExpressionEvaluator {
       case 'ArrowFunctionExpression': {
         // Arrow functions should be handled in the context of CallExpression
         // If we reach here, it means they're being used outside of a method call
-        return ExpressionEvaluator.createArrowFunction(node as ArrowFunctionExpression, context);
+        return ExpressionEvaluator.createArrowFunction(
+          node as ArrowFunctionExpression,
+          context,
+          nodeCounter
+        );
       }
 
       default:
@@ -681,7 +827,8 @@ export class ExpressionEvaluator {
    */
   private static createArrowFunction(
     arrowNode: ArrowFunctionExpression,
-    context: ExpressionContext
+    context: ExpressionContext,
+    nodeCounter: { count: number }
   ): (...args: unknown[]) => unknown {
     return (...args: unknown[]) => {
       // Create a new context with arrow function parameters
@@ -695,7 +842,7 @@ export class ExpressionEvaluator {
       });
 
       // Evaluate the body with the new context
-      return ExpressionEvaluator.evaluateNode(arrowNode.body, arrowContext);
+      return ExpressionEvaluator.evaluateNode(arrowNode.body, arrowContext, 0, nodeCounter);
     };
   }
 

package/src/parser/config-schema.ts

@@ -100,6 +100,24 @@ export const ConfigSchema = z.object({
       }),
     })
     .default({}),
+  expression: z
+    .object({
+      strict: z.boolean().default(false),
+    })
+    .default({}),
+  features: z
+    .object({
+      context_injection: z
+        .object({
+          enabled: z.boolean().default(false),
+          search_depth: z.number().default(3),
+          sources: z
+            .array(z.enum(['readme', 'agents_md', 'cursor_rules']))
+            .default(['readme', 'agents_md', 'cursor_rules']),
+        })
+        .optional(),
+    })
+    .optional(),
 });
 
 export type Config = z.infer<typeof ConfigSchema>;

package/src/parser/schema.ts

@@ -104,13 +104,19 @@ const ReflexionSchema = z.object({
   hint: z.string().optional(),
 });
 
+// ===== Matrix Strategy Schema =====
+
+const StrategySchema = z.object({
+  matrix: z.record(z.array(z.union([z.string(), z.number(), z.boolean()]))),
+});
+
 // ===== Base Step Schema =====
 
-const BaseStepSchema = z.object({
+export const BaseStepSchema = z.object({
   id: z.string(),
   type: z.string(),
   needs: z.array(z.string()).optional().default([]),
-  if: z.string().optional(),
+  if: z.union([z.string(), z.boolean()]).optional(),
   timeout: z.number().int().positive().optional(),
   retry: RetrySchema.optional(),
   auto_heal: AutoHealSchema.optional(),
@@ -123,8 +129,12 @@ const BaseStepSchema = z.object({
   // Accept both number and string (for expressions or YAML number-as-string)
   concurrency: z.union([z.number().int().positive(), z.string()]).optional(),
   pool: z.string().optional(), // Resource pool to use for this step
+  breakpoint: z.boolean().optional(),
+  strategy: StrategySchema.optional(),
   transform: z.string().optional(),
   learn: z.boolean().optional(),
+  memoize: z.boolean().optional(),
+  memoizeTtlSeconds: z.number().int().positive().optional(),
   inputSchema: z.any().optional(),
   outputSchema: z.any().optional(),
   outputRetries: z.number().int().min(0).optional(), // Max retries for output validation failures
@@ -136,9 +146,11 @@ const BaseStepSchema = z.object({
 
 const ShellStepSchema = BaseStepSchema.extend({
   type: z.literal('shell'),
-  run: z.string(),
+  run: z.string().optional(),
+  args: z.array(z.string()).optional(),
   dir: z.string().optional(),
   env: z.record(z.string()).optional(),
+  allowOutsideCwd: z.boolean().optional(),
   allowInsecure: z.boolean().optional(),
 });
 
@@ -176,6 +188,14 @@ const EngineHandoffSchema = z.object({
   }),
 });
 
+const QualityGateSchema = z.object({
+  agent: z.string(),
+  prompt: z.string().optional(),
+  provider: z.string().optional(),
+  model: z.string().optional(),
+  maxAttempts: z.number().int().min(1).default(1),
+});
+
 const LlmStepSchema = BaseStepSchema.extend({
   type: z.literal('llm'),
   agent: z.string(),
@@ -183,8 +203,51 @@ const LlmStepSchema = BaseStepSchema.extend({
   model: z.string().optional(),
   prompt: z.string(),
   tools: z.array(AgentToolSchema).optional(),
+  allowedHandoffs: z.array(z.string()).optional(),
   maxIterations: z.number().int().positive().default(10),
   maxMessageHistory: z.number().int().positive().optional(), // Max messages to keep in conversation history
+  contextStrategy: z.enum(['truncate', 'summary', 'auto']).optional(),
+  qualityGate: QualityGateSchema.optional(),
+  useGlobalMcp: z.boolean().optional(),
+  allowClarification: z.boolean().optional(),
+  mcpServers: z
+    .array(
+      z.union([
+        z.string(),
+        z.object({
+          name: z.string(),
+          type: z.enum(['local', 'remote']).optional(),
+          command: z.string().optional(),
+          args: z.array(z.string()).optional(),
+          env: z.record(z.string()).optional(),
+          url: z.string().optional(),
+          headers: z.record(z.string()).optional(),
+          timeout: z.number().int().positive().optional(),
+        }),
+      ])
+    )
+    .optional(),
+  useStandardTools: z.boolean().optional(),
+  allowOutsideCwd: z.boolean().optional(),
+  allowInsecure: z.boolean().optional(),
+  handoff: EngineHandoffSchema.optional(),
+});
+
+const PlanStepSchema = BaseStepSchema.extend({
+  type: z.literal('plan'),
+  goal: z.string(),
+  context: z.string().optional(),
+  constraints: z.string().optional(),
+  prompt: z.string().optional(),
+  agent: z.string().optional().default('keystone-architect'),
+  provider: z.string().optional(),
+  model: z.string().optional(),
+  tools: z.array(AgentToolSchema).optional(),
+  allowedHandoffs: z.array(z.string()).optional(),
+  maxIterations: z.number().int().positive().default(10),
+  maxMessageHistory: z.number().int().positive().optional(),
+  contextStrategy: z.enum(['truncate', 'summary', 'auto']).optional(),
+  qualityGate: QualityGateSchema.optional(),
   useGlobalMcp: z.boolean().optional(),
   allowClarification: z.boolean().optional(),
   mcpServers: z
@@ -229,7 +292,7 @@ const FileStepSchema = BaseStepSchema.extend({
   type: z.literal('file'),
   path: z.string(),
   content: z.string().optional(),
-  op: z.enum(['read', 'write', 'append']),
+  op: z.enum(['read', 'write', 'append', 'patch']),
   allowOutsideCwd: z.boolean().optional(),
 });
 
@@ -250,13 +313,15 @@ const HumanStepSchema = BaseStepSchema.extend({
 
 const SleepStepSchema = BaseStepSchema.extend({
   type: z.literal('sleep'),
-  duration: z.union([z.number().int().positive(), z.string()]),
+  duration: z.union([z.number().int().positive(), z.string()]).optional(),
+  until: z.string().optional(),
   durable: z.boolean().optional(), // Persist across restarts for long sleeps
 });
 
 const ScriptStepSchema = BaseStepSchema.extend({
   type: z.literal('script'),
   run: z.string(),
+  allowOutsideCwd: z.boolean().optional(),
   allowInsecure: z.boolean().optional().default(false),
 });
 
@@ -321,13 +386,29 @@ const MemoryStepSchema = BaseStepSchema.extend({
   limit: z.number().int().positive().optional().default(5),
 });
 
+const ArtifactStepSchema = BaseStepSchema.extend({
+  type: z.literal('artifact'),
+  op: z.enum(['upload', 'download']),
+  name: z.string(),
+  paths: z.array(z.string()).optional(),
+  path: z.string().optional(),
+  allowOutsideCwd: z.boolean().optional(),
+});
+
+const WaitStepSchema = BaseStepSchema.extend({
+  type: z.literal('wait'),
+  event: z.string(),
+  oneShot: z.boolean().optional().default(true),
+  // timeout is already in BaseStepSchema, but let's make it explicit here if needed
+});
+
 // ===== Discriminated Union for Steps =====
 
-// biome-ignore lint/suspicious/noExplicitAny: Recursive Zod type
-export const StepSchema: z.ZodType<any> = z.lazy(() =>
+export const StepSchema: z.ZodType<unknown> = z.lazy(() =>
   z.discriminatedUnion('type', [
     ShellStepSchema,
     LlmStepSchema,
+    PlanStepSchema,
     WorkflowStepSchema,
     FileStepSchema,
     RequestStepSchema,
@@ -338,6 +419,8 @@ export const StepSchema: z.ZodType<any> = z.lazy(() =>
     MemoryStepSchema,
     JoinStepSchema,
     BlueprintStepSchema,
+    ArtifactStepSchema,
+    WaitStepSchema,
   ])
 );
 
@@ -354,21 +437,40 @@ const EvalSchema = z.object({
 
 // ===== Workflow Schema =====
 
-export const WorkflowSchema = z.object({
-  name: z.string(),
-  description: z.string().optional(),
-  inputs: z.record(InputSchema).optional(),
-  outputs: z.record(z.string()).optional(),
-  outputSchema: z.any().optional(), // JSON Schema for final workflow outputs
-  env: z.record(z.string()).optional(),
-  concurrency: z.union([z.number().int().positive(), z.string()]).optional(),
-  pools: z.record(z.union([z.number().int().positive(), z.string()])).optional(), // Resource pool overrides
-  steps: z.array(StepSchema),
-  errors: z.array(StepSchema).optional(),
-  finally: z.array(StepSchema).optional(),
-  compensate: z.lazy(() => StepSchema).optional(), // Top-level compensation for the entire workflow
-  eval: EvalSchema.optional(),
-});
+export const WorkflowSchema = z
+  .object({
+    name: z.string(),
+    description: z.string().optional(),
+    inputs: z.record(InputSchema).optional(),
+    outputs: z.record(z.string()).optional(),
+    outputSchema: z.any().optional(), // JSON Schema for final workflow outputs
+    env: z.record(z.string()).optional(),
+    concurrency: z.union([z.number().int().positive(), z.string()]).optional(),
+    pools: z.record(z.union([z.number().int().positive(), z.string()])).optional(), // Resource pool overrides
+    steps: z.array(StepSchema),
+    errors: z.array(StepSchema).optional(),
+    finally: z.array(StepSchema).optional(),
+    compensate: z.lazy(() => StepSchema).optional(), // Top-level compensation for the entire workflow
+    eval: EvalSchema.optional(),
+  })
+  .superRefine((data, ctx) => {
+    const checkShellSteps = (steps: Step[] | undefined, pathPrefix: (string | number)[]) => {
+      if (!steps) return;
+      steps.forEach((step, index) => {
+        if (step.type === 'shell' && !step.run && !step.args) {
+          ctx.addIssue({
+            code: z.ZodIssueCode.custom,
+            message: 'Shell step must have either "run" or "args"',
+            path: [...pathPrefix, index],
+          });
+        }
+      });
+    };
+
+    checkShellSteps(data.steps, ['steps']);
+    checkShellSteps(data.errors, ['errors']);
+    checkShellSteps(data.finally, ['finally']);
+  });
 
 // ===== Agent Schema =====
 
@@ -388,6 +490,7 @@ export type RetryConfig = z.infer<typeof RetrySchema>;
 export type Step = z.infer<typeof StepSchema>;
 export type ShellStep = z.infer<typeof ShellStepSchema>;
 export type LlmStep = z.infer<typeof LlmStepSchema>;
+export type PlanStep = z.infer<typeof PlanStepSchema>;
 export type WorkflowStep = z.infer<typeof WorkflowStepSchema>;
 export type FileStep = z.infer<typeof FileStepSchema>;
 export type RequestStep = z.infer<typeof RequestStepSchema>;
@@ -398,7 +501,35 @@ export type MemoryStep = z.infer<typeof MemoryStepSchema>;
 export type EngineStep = z.infer<typeof EngineStepSchema>;
 export type JoinStep = z.infer<typeof JoinStepSchema>;
 export type BlueprintStep = z.infer<typeof BlueprintStepSchema>;
+export type ArtifactStep = z.infer<typeof ArtifactStepSchema>;
 export type Blueprint = z.infer<typeof BlueprintSchema>;
 export type Workflow = z.infer<typeof WorkflowSchema>;
 export type AgentTool = z.infer<typeof AgentToolSchema>;
+export type WaitStep = z.infer<typeof WaitStepSchema>;
+
+// ===== Helper Schemas =====
+export {
+  InputSchema,
+  RetrySchema,
+  AutoHealSchema,
+  ReflexionSchema,
+  StrategySchema,
+  EngineConfigSchema,
+  EngineHandoffSchema,
+  BlueprintSchema,
+  WaitStepSchema,
+  ShellStepSchema,
+  LlmStepSchema,
+  PlanStepSchema,
+  WorkflowStepSchema,
+  FileStepSchema,
+  RequestStepSchema,
+  HumanStepSchema,
+  SleepStepSchema,
+  ScriptStepSchema,
+  EngineStepSchema,
+  BlueprintStepSchema,
+  MemoryStepSchema,
+  ArtifactStepSchema,
+};
 export type Agent = z.infer<typeof AgentSchema>;

package/src/parser/test-schema.ts

@@ -9,21 +9,21 @@ export interface TestDefinition {
       step?: string;
       type?: string;
       prompt?: string;
-      // biome-ignore lint/suspicious/noExplicitAny: Mock responses can be any type
-      response: any;
+      response: unknown;
     }>;
   };
+  options?: {
+    allowSideEffects?: boolean;
+  };
   snapshot?: {
     steps: Record<
       string,
       {
         status: string;
-        // biome-ignore lint/suspicious/noExplicitAny: Step outputs can be any type
-        output: any;
+        output: unknown;
         error?: string;
       }
     >;
-    // biome-ignore lint/suspicious/noExplicitAny: Workflow outputs can be any type
-    outputs: Record<string, any>;
+    outputs: Record<string, unknown>;
   };
 }