mergen-server 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +57 -0
- package/README.md +96 -0
- package/dist/__stubs__/calibration.js +471 -0
- package/dist/__stubs__/causal.js +601 -0
- package/dist/__stubs__/closed-source.js +150 -0
- package/dist/__stubs__/license.js +35 -0
- package/dist/__stubs__/plans.js +197 -0
- package/dist/app.js +467 -0
- package/dist/cli.js +250 -0
- package/dist/commands/agent-identity.js +79 -0
- package/dist/commands/gate.js +107 -0
- package/dist/commands/github.js +632 -0
- package/dist/commands/incident.js +644 -0
- package/dist/commands/policy.js +710 -0
- package/dist/commands/scan.js +243 -0
- package/dist/commands/setup.js +1218 -0
- package/dist/commands/shared.js +109 -0
- package/dist/commands/team.js +809 -0
- package/dist/datadog/blame-attribution.js +228 -0
- package/dist/datadog/client.js +159 -0
- package/dist/datadog/compactor.js +169 -0
- package/dist/datadog/fingerprinter.js +34 -0
- package/dist/datadog/incident-state.js +21 -0
- package/dist/datadog/line-matcher.js +56 -0
- package/dist/datadog/memory-store.js +399 -0
- package/dist/datadog/otel-trace.js +67 -0
- package/dist/index.js +505 -0
- package/dist/intelligence/action-risk.js +132 -0
- package/dist/intelligence/activity-feed.js +40 -0
- package/dist/intelligence/agent-identity.js +115 -0
- package/dist/intelligence/agent-pipeline.js +329 -0
- package/dist/intelligence/agent-profiles.js +81 -0
- package/dist/intelligence/ai-commit.js +16 -0
- package/dist/intelligence/approval-analytics.js +42 -0
- package/dist/intelligence/approval-events.js +5 -0
- package/dist/intelligence/arch-boundaries.js +94 -0
- package/dist/intelligence/arch-graph.js +117 -0
- package/dist/intelligence/autonomy.js +397 -0
- package/dist/intelligence/azure-broker.js +57 -0
- package/dist/intelligence/azure-proxy-sessions.js +49 -0
- package/dist/intelligence/baseline.js +1 -0
- package/dist/intelligence/behavior-baseline.js +134 -0
- package/dist/intelligence/billing.js +1 -0
- package/dist/intelligence/blast-radius.js +224 -0
- package/dist/intelligence/bypass.js +157 -0
- package/dist/intelligence/calibration-classifier.js +77 -0
- package/dist/intelligence/calibration-git-sync.js +74 -0
- package/dist/intelligence/calibration.js +1 -0
- package/dist/intelligence/cascade-detector.js +58 -0
- package/dist/intelligence/case-study-generator.js +126 -0
- package/dist/intelligence/causal-graph.js +126 -0
- package/dist/intelligence/causal.js +1 -0
- package/dist/intelligence/change-risk.js +102 -0
- package/dist/intelligence/compliance-report.js +134 -0
- package/dist/intelligence/confidence-report.js +85 -0
- package/dist/intelligence/corpus-to-policy.js +140 -0
- package/dist/intelligence/credential-broker.js +112 -0
- package/dist/intelligence/credential-misuse.js +39 -0
- package/dist/intelligence/debug-sessions.js +108 -0
- package/dist/intelligence/decision-escalation.js +36 -0
- package/dist/intelligence/decision-memory.js +47 -0
- package/dist/intelligence/decision-similarity.js +85 -0
- package/dist/intelligence/default-safety-tests.js +53 -0
- package/dist/intelligence/degradation-watcher.js +108 -0
- package/dist/intelligence/detector-plugins.js +70 -0
- package/dist/intelligence/detectors.js +1 -0
- package/dist/intelligence/device-auth.js +138 -0
- package/dist/intelligence/diff-size.js +42 -0
- package/dist/intelligence/ebpf-verify.js +45 -0
- package/dist/intelligence/enterprise-policy-engine.js +1122 -0
- package/dist/intelligence/error-fingerprint.js +1 -0
- package/dist/intelligence/execution-gate.js +100 -0
- package/dist/intelligence/execution-mode.js +22 -0
- package/dist/intelligence/gate-analytics.js +256 -0
- package/dist/intelligence/gate-decision.js +64 -0
- package/dist/intelligence/gcp-broker.js +50 -0
- package/dist/intelligence/git-adr-sync.js +207 -0
- package/dist/intelligence/hitl-hold.js +460 -0
- package/dist/intelligence/hypothesis-history.js +93 -0
- package/dist/intelligence/idp-identity.js +83 -0
- package/dist/intelligence/impl-critic.js +216 -0
- package/dist/intelligence/incident-autopilot.js +622 -0
- package/dist/intelligence/incident-replay.js +162 -0
- package/dist/intelligence/incident-result-cache.js +33 -0
- package/dist/intelligence/incident-similarity.js +58 -0
- package/dist/intelligence/infra-detectors.js +312 -0
- package/dist/intelligence/license.js +185 -0
- package/dist/intelligence/llm-spokesperson.js +62 -0
- package/dist/intelligence/mcp-prompts.js +320 -0
- package/dist/intelligence/mcp-resources.js +171 -0
- package/dist/intelligence/normalize.js +108 -0
- package/dist/intelligence/notifications.js +83 -0
- package/dist/intelligence/oidc-issuer.js +87 -0
- package/dist/intelligence/override-corpus.js +597 -0
- package/dist/intelligence/planning-gate.js +84 -0
- package/dist/intelligence/plans.js +223 -0
- package/dist/intelligence/platt-scaling.js +164 -0
- package/dist/intelligence/policy-proposals.js +84 -0
- package/dist/intelligence/policy-suggester.js +161 -0
- package/dist/intelligence/policy-sync.js +103 -0
- package/dist/intelligence/policy-test-runner.js +35 -0
- package/dist/intelligence/postmortem-parser.js +181 -0
- package/dist/intelligence/postmortem-retrieval.js +224 -0
- package/dist/intelligence/postmortem-store.js +596 -0
- package/dist/intelligence/pr-commenter.js +81 -0
- package/dist/intelligence/pr-policy-gate.js +38 -0
- package/dist/intelligence/pr-shadow-analyzer.js +229 -0
- package/dist/intelligence/process-tree.js +108 -0
- package/dist/intelligence/prompts.js +1 -0
- package/dist/intelligence/replay.js +38 -0
- package/dist/intelligence/repro-steps.js +1 -0
- package/dist/intelligence/resource-extractors.js +0 -0
- package/dist/intelligence/resource-file-context.js +138 -0
- package/dist/intelligence/risk-score.js +22 -0
- package/dist/intelligence/rollback.js +137 -0
- package/dist/intelligence/runbook-updater.js +143 -0
- package/dist/intelligence/sandbox.js +194 -0
- package/dist/intelligence/script-trust.js +104 -0
- package/dist/intelligence/session-metrics.js +67 -0
- package/dist/intelligence/session-threat-tracker.js +231 -0
- package/dist/intelligence/shadow-digest-cron.js +81 -0
- package/dist/intelligence/shadow-log.js +284 -0
- package/dist/intelligence/shell-ast.js +145 -0
- package/dist/intelligence/siem-forward.js +104 -0
- package/dist/intelligence/slack-digest.js +151 -0
- package/dist/intelligence/slack-override-loop.js +217 -0
- package/dist/intelligence/slack-routing.js +67 -0
- package/dist/intelligence/slack.js +900 -0
- package/dist/intelligence/sql-ast.js +31 -0
- package/dist/intelligence/team.js +1 -0
- package/dist/intelligence/telemetry.js +76 -0
- package/dist/intelligence/threshold-optimizer.js +75 -0
- package/dist/intelligence/token-budget.js +66 -0
- package/dist/intelligence/tool-guard.js +708 -0
- package/dist/intelligence/tool-manifest 2.js +74 -0
- package/dist/intelligence/tool-manifest.js +125 -0
- package/dist/intelligence/tools-analysis.js +857 -0
- package/dist/intelligence/tools-arch.js +152 -0
- package/dist/intelligence/tools-autonomy.js +495 -0
- package/dist/intelligence/tools-blast-radius.js +140 -0
- package/dist/intelligence/tools-browser.js +431 -0
- package/dist/intelligence/tools-change-timeline.js +154 -0
- package/dist/intelligence/tools-credentials.js +117 -0
- package/dist/intelligence/tools-datadog.js +233 -0
- package/dist/intelligence/tools-debug-sessions.js +209 -0
- package/dist/intelligence/tools-discovery.js +284 -0
- package/dist/intelligence/tools-infra.js +612 -0
- package/dist/intelligence/tools-intent.js +128 -0
- package/dist/intelligence/tools-memory.js +514 -0
- package/dist/intelligence/tools-runbook.js +951 -0
- package/dist/intelligence/tools-sessions.js +107 -0
- package/dist/intelligence/tools-state.js +232 -0
- package/dist/intelligence/tools-utility.js +430 -0
- package/dist/intelligence/tools-validate.js +215 -0
- package/dist/intelligence/tools.js +1 -0
- package/dist/intelligence/trace-context.js +11 -0
- package/dist/intelligence/unclassified-clusters.js +87 -0
- package/dist/intelligence/usage.js +195 -0
- package/dist/routes/active-authors.js +63 -0
- package/dist/routes/activity-feed.js +21 -0
- package/dist/routes/adr.js +117 -0
- package/dist/routes/agent-activity.js +184 -0
- package/dist/routes/agent-blunders.js +163 -0
- package/dist/routes/agents.js +175 -0
- package/dist/routes/api-keys.js +65 -0
- package/dist/routes/arch.js +75 -0
- package/dist/routes/audit-export.js +93 -0
- package/dist/routes/billing-dashboard.js +158 -0
- package/dist/routes/billing-outcome.js +77 -0
- package/dist/routes/calibration.js +305 -0
- package/dist/routes/ci-gate-history.js +20 -0
- package/dist/routes/ci-gate.js +232 -0
- package/dist/routes/ci.js +293 -0
- package/dist/routes/compliance-report.js +24 -0
- package/dist/routes/confidence.js +30 -0
- package/dist/routes/credentials.js +119 -0
- package/dist/routes/dashboard.js +1407 -0
- package/dist/routes/decision-memory.js +42 -0
- package/dist/routes/demo.js +844 -0
- package/dist/routes/device-auth-stub.js +173 -0
- package/dist/routes/explain-why.js +39 -0
- package/dist/routes/gate-analytics.js +213 -0
- package/dist/routes/gate.js +28 -0
- package/dist/routes/github-webhook.js +364 -0
- package/dist/routes/habituation.js +30 -0
- package/dist/routes/health-integrations.js +243 -0
- package/dist/routes/heartbeats.js +45 -0
- package/dist/routes/hitl.js +364 -0
- package/dist/routes/impact-report.js +645 -0
- package/dist/routes/incident-webhook.js +63 -0
- package/dist/routes/incidents.js +366 -0
- package/dist/routes/layers.js +62 -0
- package/dist/routes/license.js +187 -0
- package/dist/routes/oidc-issuer.js +30 -0
- package/dist/routes/onboarding.js +170 -0
- package/dist/routes/otel.js +67 -0
- package/dist/routes/otlp-receiver.js +179 -0
- package/dist/routes/overrides.js +241 -0
- package/dist/routes/pagerduty.js +258 -0
- package/dist/routes/policies.js +809 -0
- package/dist/routes/policy-nl.js +169 -0
- package/dist/routes/postmortem.js +102 -0
- package/dist/routes/pr-shadow.js +47 -0
- package/dist/routes/rbac.js +61 -0
- package/dist/routes/replay.js +17 -0
- package/dist/routes/risk-report.js +164 -0
- package/dist/routes/runbooks.js +125 -0
- package/dist/routes/safety-test.js +174 -0
- package/dist/routes/sdk.js +222 -0
- package/dist/routes/sensor.js +819 -0
- package/dist/routes/sentry.js +140 -0
- package/dist/routes/sessions.js +43 -0
- package/dist/routes/setup-ui.js +594 -0
- package/dist/routes/shadow-report.js +107 -0
- package/dist/routes/slack-routing.js +171 -0
- package/dist/routes/team-usage.js +71 -0
- package/dist/routes/telemetry.js +28 -0
- package/dist/routes/tenants.js +199 -0
- package/dist/routes/tickets.js +167 -0
- package/dist/routes/validate.js +13 -0
- package/dist/routes/war-room.js +113 -0
- package/dist/scripts/check-arch.js +22 -0
- package/dist/seeds/community-corpus.js +176 -0
- package/dist/seeds/corpus.js +1224 -0
- package/dist/sensor/action-ledger.js +327 -0
- package/dist/sensor/adr-store.js +140 -0
- package/dist/sensor/agent-blunder-store.js +370 -0
- package/dist/sensor/agent-context-store.js +225 -0
- package/dist/sensor/agent-memory-store.js +231 -0
- package/dist/sensor/audit-fetch.js +23 -0
- package/dist/sensor/audit-log.js +273 -0
- package/dist/sensor/buffer-schemas.js +225 -0
- package/dist/sensor/buffer.js +599 -0
- package/dist/sensor/bypass-tracker.js +93 -0
- package/dist/sensor/ci-gate-history.js +70 -0
- package/dist/sensor/cloud-auth.js +183 -0
- package/dist/sensor/commit-context-store.js +235 -0
- package/dist/sensor/docker-log-stream.js +164 -0
- package/dist/sensor/docker-monitor.js +122 -0
- package/dist/sensor/extended-buffer.js +46 -0
- package/dist/sensor/feedback-token.js +41 -0
- package/dist/sensor/file-lock.js +6 -0
- package/dist/sensor/fs-watcher.js +106 -0
- package/dist/sensor/gate-heartbeat.js +122 -0
- package/dist/sensor/git-suspect.js +136 -0
- package/dist/sensor/habituation-store.js +77 -0
- package/dist/sensor/heartbeat-monitor.js +133 -0
- package/dist/sensor/incident-store.js +340 -0
- package/dist/sensor/infra-normalizer.js +513 -0
- package/dist/sensor/ingest.js +339 -0
- package/dist/sensor/jest-reporter.js +52 -0
- package/dist/sensor/k8s-events.js +132 -0
- package/dist/sensor/layer2-store.js +111 -0
- package/dist/sensor/layer3-store.js +230 -0
- package/dist/sensor/layer4-store.js +147 -0
- package/dist/sensor/logger.js +13 -0
- package/dist/sensor/otel-exporter.js +161 -0
- package/dist/sensor/paths.js +71 -0
- package/dist/sensor/policy-history.js +147 -0
- package/dist/sensor/pr-shadow-store.js +83 -0
- package/dist/sensor/process-watcher.js +162 -0
- package/dist/sensor/rbac.js +92 -0
- package/dist/sensor/redact.js +114 -0
- package/dist/sensor/redis-store.js +191 -0
- package/dist/sensor/route-reachability.js +64 -0
- package/dist/sensor/security-utils.js +18 -0
- package/dist/sensor/service-graph.js +170 -0
- package/dist/sensor/service-topology.js +227 -0
- package/dist/sensor/session-history.js +74 -0
- package/dist/sensor/session-persist.js +38 -0
- package/dist/sensor/shadow-promote.js +122 -0
- package/dist/sensor/sourcemap.js +281 -0
- package/dist/sensor/sqlite-store.js +205 -0
- package/dist/sensor/sso.js +164 -0
- package/dist/sensor/vitest-reporter.js +65 -0
- package/dist/sensor/watcher.js +48 -0
- package/dist/storage/interfaces.js +0 -0
- package/dist/storage/pg/pg-action-ledger.js +138 -0
- package/dist/storage/pg/pg-approval-store.js +107 -0
- package/dist/storage/pg/pg-blunder-store.js +193 -0
- package/dist/storage/pg/pg-ci-gate-history.js +83 -0
- package/dist/storage/pg/pg-client.js +24 -0
- package/dist/storage/pg/pg-event-store.js +63 -0
- package/dist/storage/pg/pg-incident-store.js +190 -0
- package/dist/storage/pg/pg-migrations.js +26 -0
- package/dist/storage/pg/pg-override-corpus.js +447 -0
- package/dist/storage/pg/pg-shadow-log.js +129 -0
- package/dist/storage/sqlite/sqlite-action-ledger.js +18 -0
- package/dist/storage/sqlite/sqlite-approval-store.js +37 -0
- package/dist/storage/sqlite/sqlite-blunder-store.js +27 -0
- package/dist/storage/sqlite/sqlite-ci-gate-history.js +19 -0
- package/dist/storage/sqlite/sqlite-event-store.js +29 -0
- package/dist/storage/sqlite/sqlite-incident-store.js +34 -0
- package/dist/storage/sqlite/sqlite-override-corpus.js +75 -0
- package/dist/storage/sqlite/sqlite-shadow-log.js +36 -0
- package/dist/storage/store-factory.js +55 -0
- package/dist/storage/store-registry.js +31 -0
- package/dist/update-checker.js +107 -0
- package/dist/workers/autopilot-worker.js +28 -0
- package/dist/workers/notification-worker.js +28 -0
- package/dist/workers/queues.js +58 -0
- package/dist/workers/validation-worker.js +24 -0
- package/dist/workers/worker-registry.js +18 -0
- package/package.json +123 -0
- package/sdk/mergen-inject.js +260 -0
- package/sdk/node.js +313 -0
- package/sdk/vite-plugin.ts +57 -0
- package/sdk/webpack-plugin.js +106 -0
package/dist/cli.js
ADDED
|
@@ -0,0 +1,250 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
import { error, VERSION } from "./commands/shared.js";
|
|
3
|
+
import { loginCommand, setupCommand, testCommand, ciCommand, startCommand, doctorCommand, quickstartCommand } from "./commands/setup.js";
|
|
4
|
+
import { postmortemCommand, timelineCommand, watchCommand, explainCommand, statusCommand, resolvedCommand, replayCommand } from "./commands/incident.js";
|
|
5
|
+
import { approveCommand, shadowReportCommand, allowCommand, verifyLogCommand, guardCommand, policyPushCommand, policyPullCommand, policyDiffCommand, testSafetyCommand, policySimulateCommand, policyTestCommand, policyVersionsCommand, policyRollbackCommand, traceReplayCommand } from "./commands/policy.js";
|
|
6
|
+
import { prCommand, prShadowCommand, feedbackCommand, backfillCommand, connectCommand } from "./commands/github.js";
|
|
7
|
+
import { inviteCommand, joinCommand, impactReportCommand, exportCommand, initCommand, demoCommand, exportRiskReportCommand, partnerShortlistCommand, execCommand } from "./commands/team.js";
|
|
8
|
+
import { agentRegisterCommand, agentListCommand } from "./commands/agent-identity.js";
|
|
9
|
+
import { gateCheckCommand } from "./commands/gate.js";
|
|
10
|
+
import { scanCommand } from "./commands/scan.js";
|
|
11
|
+
async function main() {
|
|
12
|
+
const args = process.argv.slice(2);
|
|
13
|
+
const command = args[0];
|
|
14
|
+
switch (command) {
|
|
15
|
+
case "init":
|
|
16
|
+
await initCommand();
|
|
17
|
+
break;
|
|
18
|
+
case "resolved":
|
|
19
|
+
await resolvedCommand(args.slice(1));
|
|
20
|
+
break;
|
|
21
|
+
case "demo":
|
|
22
|
+
await demoCommand();
|
|
23
|
+
break;
|
|
24
|
+
case "pr":
|
|
25
|
+
await prCommand(args.slice(1));
|
|
26
|
+
break;
|
|
27
|
+
case "connect":
|
|
28
|
+
await connectCommand(args.slice(1));
|
|
29
|
+
break;
|
|
30
|
+
case "backfill":
|
|
31
|
+
await backfillCommand(args.slice(1));
|
|
32
|
+
break;
|
|
33
|
+
case "feedback":
|
|
34
|
+
await feedbackCommand(args.slice(1));
|
|
35
|
+
break;
|
|
36
|
+
case "pr-shadow":
|
|
37
|
+
await prShadowCommand();
|
|
38
|
+
break;
|
|
39
|
+
case "approve":
|
|
40
|
+
await approveCommand(args.slice(1));
|
|
41
|
+
break;
|
|
42
|
+
case "shadow-report":
|
|
43
|
+
await shadowReportCommand();
|
|
44
|
+
break;
|
|
45
|
+
case "allow":
|
|
46
|
+
await allowCommand(args.slice(1));
|
|
47
|
+
break;
|
|
48
|
+
case "impact-report":
|
|
49
|
+
await impactReportCommand(args.slice(1));
|
|
50
|
+
break;
|
|
51
|
+
case "setup":
|
|
52
|
+
await setupCommand();
|
|
53
|
+
break;
|
|
54
|
+
case "login":
|
|
55
|
+
await loginCommand();
|
|
56
|
+
break;
|
|
57
|
+
case "test":
|
|
58
|
+
await testCommand();
|
|
59
|
+
break;
|
|
60
|
+
case "start":
|
|
61
|
+
await startCommand();
|
|
62
|
+
break;
|
|
63
|
+
case "ci":
|
|
64
|
+
await ciCommand();
|
|
65
|
+
break;
|
|
66
|
+
case "invite":
|
|
67
|
+
await inviteCommand();
|
|
68
|
+
break;
|
|
69
|
+
case "join":
|
|
70
|
+
await joinCommand(args);
|
|
71
|
+
break;
|
|
72
|
+
case "postmortem":
|
|
73
|
+
await postmortemCommand(args);
|
|
74
|
+
break;
|
|
75
|
+
case "timeline":
|
|
76
|
+
await timelineCommand(args);
|
|
77
|
+
break;
|
|
78
|
+
case "watch":
|
|
79
|
+
await watchCommand(args);
|
|
80
|
+
break;
|
|
81
|
+
case "explain":
|
|
82
|
+
await explainCommand(args.slice(1));
|
|
83
|
+
break;
|
|
84
|
+
case "quickstart":
|
|
85
|
+
await quickstartCommand();
|
|
86
|
+
break;
|
|
87
|
+
case "status":
|
|
88
|
+
await statusCommand();
|
|
89
|
+
break;
|
|
90
|
+
case "doctor":
|
|
91
|
+
await doctorCommand();
|
|
92
|
+
break;
|
|
93
|
+
case "export":
|
|
94
|
+
await exportCommand(args);
|
|
95
|
+
break;
|
|
96
|
+
case "export-risk-report":
|
|
97
|
+
await exportRiskReportCommand(args.slice(1));
|
|
98
|
+
break;
|
|
99
|
+
case "partner-shortlist":
|
|
100
|
+
await partnerShortlistCommand(args.slice(1));
|
|
101
|
+
break;
|
|
102
|
+
case "exec":
|
|
103
|
+
await execCommand(args.slice(1));
|
|
104
|
+
break;
|
|
105
|
+
case "test-safety":
|
|
106
|
+
await testSafetyCommand();
|
|
107
|
+
break;
|
|
108
|
+
case "policy-push":
|
|
109
|
+
await policyPushCommand();
|
|
110
|
+
break;
|
|
111
|
+
case "policy-pull":
|
|
112
|
+
await policyPullCommand(args.slice(1));
|
|
113
|
+
break;
|
|
114
|
+
case "policy-diff":
|
|
115
|
+
await policyDiffCommand();
|
|
116
|
+
break;
|
|
117
|
+
case "policy-simulate":
|
|
118
|
+
await policySimulateCommand(args.slice(1));
|
|
119
|
+
break;
|
|
120
|
+
case "policy-test":
|
|
121
|
+
await policyTestCommand(args.slice(1));
|
|
122
|
+
break;
|
|
123
|
+
case "policy-versions":
|
|
124
|
+
await policyVersionsCommand();
|
|
125
|
+
break;
|
|
126
|
+
case "policy-rollback":
|
|
127
|
+
await policyRollbackCommand(args.slice(1));
|
|
128
|
+
break;
|
|
129
|
+
case "trace-replay":
|
|
130
|
+
await traceReplayCommand(args.slice(1));
|
|
131
|
+
break;
|
|
132
|
+
case "verify-log":
|
|
133
|
+
await verifyLogCommand();
|
|
134
|
+
break;
|
|
135
|
+
case "guard":
|
|
136
|
+
await guardCommand(args);
|
|
137
|
+
break;
|
|
138
|
+
case "replay":
|
|
139
|
+
await replayCommand(args.slice(1));
|
|
140
|
+
break;
|
|
141
|
+
case "agent-register":
|
|
142
|
+
await agentRegisterCommand(args.slice(1));
|
|
143
|
+
break;
|
|
144
|
+
case "agent-list":
|
|
145
|
+
await agentListCommand();
|
|
146
|
+
break;
|
|
147
|
+
case "gate-check":
|
|
148
|
+
await gateCheckCommand(args.slice(1));
|
|
149
|
+
break;
|
|
150
|
+
case "scan":
|
|
151
|
+
await scanCommand(args.slice(1));
|
|
152
|
+
break;
|
|
153
|
+
case "version":
|
|
154
|
+
case "--version":
|
|
155
|
+
case "-v":
|
|
156
|
+
console.log(`mergen-server v${VERSION}`);
|
|
157
|
+
break;
|
|
158
|
+
case void 0:
|
|
159
|
+
await demoCommand();
|
|
160
|
+
break;
|
|
161
|
+
case "help":
|
|
162
|
+
case "--help":
|
|
163
|
+
case "-h":
|
|
164
|
+
console.log(`
|
|
165
|
+
Mergen \u2014 production incident intelligence
|
|
166
|
+
|
|
167
|
+
Usage:
|
|
168
|
+
mergen-server Zero-config demo \u2014 loads 50 sample incidents instantly
|
|
169
|
+
mergen-server start Start server (production mode)
|
|
170
|
+
mergen-server login Authenticate Mergen CLI (automatic browser & manual fallback)
|
|
171
|
+
mergen-server login --key <key> Directly authenticate using a license key
|
|
172
|
+
mergen-server approve <id> Temporarily bypass a blocked command block (10 min)
|
|
173
|
+
mergen-server setup Quick setup: Node check \u2192 IDE \u2192 login \u2192 start (no questions)
|
|
174
|
+
mergen-server setup --full Full wizard: also connects Slack, PagerDuty, GitHub, git hooks
|
|
175
|
+
mergen-server setup --yes Non-interactive full setup (skip all prompts, use defaults)
|
|
176
|
+
mergen-server setup --ide cursor Configure a specific IDE (cursor|vscode|claude-code|windsurf)
|
|
177
|
+
mergen-server demo Same as no args \u2014 demo with sample incidents
|
|
178
|
+
mergen-server status Live snapshot: server health, buffer, errors, MCP activity
|
|
179
|
+
mergen-server doctor Full health-check: env vars, IDE config, integrations
|
|
180
|
+
mergen-server connect github Auto-register GitHub webhook \u2192 populates intent archive
|
|
181
|
+
mergen-server backfill github Import historical PRs \u2192 enables explain_why on day 1
|
|
182
|
+
mergen-server init Connect Datadog (guided setup)
|
|
183
|
+
mergen-server pr Generate a PR description from your debug session
|
|
184
|
+
mergen-server pr --copy Same, but copies to clipboard
|
|
185
|
+
mergen-server quickstart Guided wizard \u2014 from zero to first real insight in 2 min
|
|
186
|
+
mergen-server watch <cmd> Stream any process into Mergen (auto-starts server if needed)
|
|
187
|
+
mergen-server explain [file] Analyze a log file or piped input \u2014 no server required
|
|
188
|
+
mergen-server invite Generate a team invite URL
|
|
189
|
+
mergen-server join <url> Join a team Mergen instance
|
|
190
|
+
mergen-server postmortem [h] Generate a postmortem document (default: last 1 hour)
|
|
191
|
+
mergen-server timeline [seconds] Unified causal timeline
|
|
192
|
+
mergen-server export [label] Export session as JSON + HTML report
|
|
193
|
+
mergen-server export-risk-report Print CISO security risk report
|
|
194
|
+
mergen-server export-risk-report --markdown Save as shareable Markdown file
|
|
195
|
+
mergen-server exec -- <cmd> Run a command through the full Mergen gate (policy, HITL, blast radius), then execute
|
|
196
|
+
mergen-server exec --allow-offline -- <cmd> Same, but degrade to a local-only check if mergen-server isn't running
|
|
197
|
+
mergen-server gate-check -- <cmd> Evaluate only, no execution (exit 0=pass 1=blocked). Used by the Claude Code PreToolUse hook
|
|
198
|
+
mergen-server impact-report Print the 5 pre-agreed Day-30 metrics
|
|
199
|
+
mergen-server impact-report --slide Screenshot-ready 5-number card
|
|
200
|
+
mergen-server impact-report --baseline Save Day-1 numbers (compare at Day 30)
|
|
201
|
+
mergen-server impact-report --compare Show delta vs. saved baseline
|
|
202
|
+
mergen-server impact-report --html Write full HTML report to disk
|
|
203
|
+
mergen-server partner-shortlist Print design-partner filter criteria and commands
|
|
204
|
+
mergen-server partner-shortlist --add <name> <company> [role] [reach] [notes]
|
|
205
|
+
mergen-server partner-shortlist --list Show saved candidates
|
|
206
|
+
mergen-server test-safety Run adversarial bypass test suite against the gate
|
|
207
|
+
mergen-server scan <url> Scan an MCP server for injection vectors and risk signals
|
|
208
|
+
mergen-server scan <url> --json Machine-readable JSON output (exits 1 if CRITICAL found)
|
|
209
|
+
mergen-server policy-push Save live server policy \u2192 .mergen/policy.json (for git)
|
|
210
|
+
mergen-server policy-pull Apply .mergen/policy.json \u2192 live server
|
|
211
|
+
mergen-server policy-pull --merge Merge (add new rules only, keep existing)
|
|
212
|
+
mergen-server policy-diff Show diff between .mergen/policy.json and live server
|
|
213
|
+
mergen-server policy-simulate <file> [--window-days=N] Replay a candidate policy file against
|
|
214
|
+
historical traffic \u2014 blocks/holds/passes, agents & services affected
|
|
215
|
+
mergen-server policy-test [file.json] Run {input,expectedVerdict} test cases against the live
|
|
216
|
+
policy \u2014 no server required, CI-usable. Defaults to a built-in 8-case suite.
|
|
217
|
+
mergen-server policy-versions List restorable full-policy snapshots (one per policy save)
|
|
218
|
+
mergen-server policy-rollback <versionId> Restore policy to a prior snapshot (immutable rules always survive)
|
|
219
|
+
mergen-server trace-replay <traceId> Reconstruct the full gate-event + blunder-log timeline for one cross-process trace
|
|
220
|
+
mergen-server replay <dir> Score historical incidents against the detector pipeline
|
|
221
|
+
mergen-server agent-register <id> Issue a signed identity token for an agent profile (see agent-profiles API)
|
|
222
|
+
mergen-server agent-list List issued agent identity tokens on this machine
|
|
223
|
+
mergen-server verify-log Verify Agent Blunder Log hash chain (tamper-evident audit)
|
|
224
|
+
mergen-server guard Pre-commit runtime check (includes incident history for staged services)
|
|
225
|
+
mergen-server guard --install Install as git pre-commit hook
|
|
226
|
+
mergen-server test Validate installation
|
|
227
|
+
mergen-server ci CI smoke test (exit 0 = healthy)
|
|
228
|
+
mergen-server --version Show version
|
|
229
|
+
|
|
230
|
+
Examples:
|
|
231
|
+
npx mergen-server # instant demo \u2014 no config needed
|
|
232
|
+
mergen-server setup --yes # non-interactive setup in CI
|
|
233
|
+
mergen-server setup --ide cursor --skip-github
|
|
234
|
+
mergen-server start & # production server in background
|
|
235
|
+
mergen-server connect github --repo acme/api
|
|
236
|
+
mergen-server watch npm start
|
|
237
|
+
|
|
238
|
+
Documentation: https://github.com/omertt27/Mergen
|
|
239
|
+
`);
|
|
240
|
+
break;
|
|
241
|
+
default:
|
|
242
|
+
error(`Unknown command: ${command}`);
|
|
243
|
+
console.log("Run: mergen-server --help");
|
|
244
|
+
process.exit(1);
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
main().catch((err) => {
|
|
248
|
+
error(err.message);
|
|
249
|
+
process.exit(1);
|
|
250
|
+
});
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
import { existsSync, readFileSync } from "fs";
|
|
2
|
+
import { homedir } from "os";
|
|
3
|
+
import { join } from "path";
|
|
4
|
+
import { log, error, success, hr } from "./shared.js";
|
|
5
|
+
function readLocalSecret() {
|
|
6
|
+
const secretPath = process.env.MERGEN_AGENT_TOKEN_SECRET ? "" : join(homedir(), ".mergen", "secret");
|
|
7
|
+
if (process.env.MERGEN_AGENT_TOKEN_SECRET) return process.env.MERGEN_AGENT_TOKEN_SECRET;
|
|
8
|
+
if (secretPath && existsSync(secretPath)) {
|
|
9
|
+
try {
|
|
10
|
+
return readFileSync(secretPath, "utf8").trim();
|
|
11
|
+
} catch {
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
return "";
|
|
15
|
+
}
|
|
16
|
+
async function agentRegisterCommand(args) {
|
|
17
|
+
const profileId = args.find((a) => !a.startsWith("--"));
|
|
18
|
+
const parentFlag = args.find((a) => a.startsWith("--parent="));
|
|
19
|
+
const parentAgentId = parentFlag ? parentFlag.split("=")[1] : void 0;
|
|
20
|
+
const userFlag = args.find((a) => a.startsWith("--user="));
|
|
21
|
+
const userId = (userFlag ? userFlag.split("=")[1] : void 0) || process.env.MERGEN_USER_ID || void 0;
|
|
22
|
+
if (!profileId) {
|
|
23
|
+
error("Usage: mergen-server agent-register <profile-id> [--parent=<parentAgentId>] [--user=<email>]");
|
|
24
|
+
console.log(" Issues a signed MERGEN_AGENT_TOKEN for the given agent-profile id.");
|
|
25
|
+
console.log(" Register the profile first with the agent-profiles API (POST /agent-profiles), then run this.");
|
|
26
|
+
console.log(" --parent=<id> Mints this as a sub-agent token, recording lineage (which agent spawned it)");
|
|
27
|
+
console.log(" in the blunder log and replay view \u2014 use when a coordinating/planner agent");
|
|
28
|
+
console.log(" spawns this one.");
|
|
29
|
+
console.log(" --user=<email> Binds the human principal this agent acts on behalf of into the signed token");
|
|
30
|
+
console.log(" (Layer 3 SSO attribution). Falls back to MERGEN_USER_ID. Flows onto every");
|
|
31
|
+
console.log(' action-ledger row as user_id \u2014 "which human is this agent acting for."');
|
|
32
|
+
process.exit(1);
|
|
33
|
+
}
|
|
34
|
+
const secret = readLocalSecret();
|
|
35
|
+
if (!secret) {
|
|
36
|
+
error("No signing secret found \u2014 start mergen-server at least once to generate ~/.mergen/secret, or set MERGEN_AGENT_TOKEN_SECRET.");
|
|
37
|
+
process.exit(1);
|
|
38
|
+
}
|
|
39
|
+
const { setAgentTokenSecret, issueToken } = await import("../intelligence/agent-identity.js");
|
|
40
|
+
setAgentTokenSecret(secret);
|
|
41
|
+
const token = issueToken(profileId, void 0, parentAgentId, userId);
|
|
42
|
+
hr();
|
|
43
|
+
success(`Issued agent identity token for profile "${profileId}"${userId ? ` (on behalf of ${userId})` : ""}`);
|
|
44
|
+
console.log("");
|
|
45
|
+
console.log(" Add this to the MCP server env block for the agent that should carry this identity:");
|
|
46
|
+
console.log("");
|
|
47
|
+
console.log(` MERGEN_AGENT_TOKEN=${token}`);
|
|
48
|
+
console.log("");
|
|
49
|
+
console.log(' For Cursor/VSCode/Windsurf, add it to the "env" object in your mcp.json mergen entry.');
|
|
50
|
+
console.log(" For Claude Code: claude mcp add mergen --env MERGEN_AGENT_TOKEN=<token> --transport stdio -- node <server-path>");
|
|
51
|
+
console.log("");
|
|
52
|
+
console.log(" This token is long-lived (1 year) and is NOT stored server-side beyond a local record for");
|
|
53
|
+
console.log(" operator visibility (mergen-server agent-list) \u2014 verification is stateless. Re-run this");
|
|
54
|
+
console.log(" command to issue a fresh token; the old one keeps working until it expires (no revocation list yet).");
|
|
55
|
+
hr();
|
|
56
|
+
}
|
|
57
|
+
async function agentListCommand() {
|
|
58
|
+
const { listIssuedTokenRecords } = await import("../intelligence/agent-identity.js");
|
|
59
|
+
const records = listIssuedTokenRecords();
|
|
60
|
+
if (records.length === 0) {
|
|
61
|
+
log("No agent identity tokens have been issued on this machine. Run: mergen-server agent-register <profile-id>");
|
|
62
|
+
return;
|
|
63
|
+
}
|
|
64
|
+
hr();
|
|
65
|
+
console.log("Issued agent identity tokens:\n");
|
|
66
|
+
for (const r of records) {
|
|
67
|
+
const expired = Date.now() > r.expiresAt ? " (EXPIRED)" : "";
|
|
68
|
+
console.log(` ${r.agentId}`);
|
|
69
|
+
console.log(` issued: ${new Date(r.issuedAt).toISOString()}`);
|
|
70
|
+
console.log(` expires: ${new Date(r.expiresAt).toISOString()}${expired}`);
|
|
71
|
+
if (r.userId) console.log(` on behalf of: ${r.userId}`);
|
|
72
|
+
console.log("");
|
|
73
|
+
}
|
|
74
|
+
hr();
|
|
75
|
+
}
|
|
76
|
+
export {
|
|
77
|
+
agentListCommand,
|
|
78
|
+
agentRegisterCommand
|
|
79
|
+
};
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
import { existsSync, readFileSync } from "fs";
|
|
2
|
+
import { homedir } from "os";
|
|
3
|
+
import { join } from "path";
|
|
4
|
+
import { error, hr } from "./shared.js";
|
|
5
|
+
import { findPort } from "./shared.js";
|
|
6
|
+
function readLocalSecret() {
|
|
7
|
+
const secretPath = join(homedir(), ".mergen", "secret");
|
|
8
|
+
if (existsSync(secretPath)) {
|
|
9
|
+
try {
|
|
10
|
+
return readFileSync(secretPath, "utf8").trim();
|
|
11
|
+
} catch {
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
return "";
|
|
15
|
+
}
|
|
16
|
+
async function evaluateViaGate(command, toolName) {
|
|
17
|
+
const port = await findPort();
|
|
18
|
+
if (!port) return { reachable: false };
|
|
19
|
+
const secret = readLocalSecret();
|
|
20
|
+
const headers = { "Content-Type": "application/json" };
|
|
21
|
+
if (secret) headers["x-mergen-secret"] = secret;
|
|
22
|
+
const resp = await fetch(`http://127.0.0.1:${port}/gate/evaluate`, {
|
|
23
|
+
method: "POST",
|
|
24
|
+
headers,
|
|
25
|
+
body: JSON.stringify({ command, toolName }),
|
|
26
|
+
signal: AbortSignal.timeout(5 * 6e4)
|
|
27
|
+
// generous — a HOLD suspends until a human approves/denies
|
|
28
|
+
});
|
|
29
|
+
if (!resp.ok) {
|
|
30
|
+
throw new Error(`gate evaluation request failed: HTTP ${resp.status}`);
|
|
31
|
+
}
|
|
32
|
+
const body = await resp.json();
|
|
33
|
+
return { reachable: true, isError: body.isError, text: body.text };
|
|
34
|
+
}
|
|
35
|
+
function readStdin() {
|
|
36
|
+
return new Promise((resolve) => {
|
|
37
|
+
let data = "";
|
|
38
|
+
if (process.stdin.isTTY) {
|
|
39
|
+
resolve("");
|
|
40
|
+
return;
|
|
41
|
+
}
|
|
42
|
+
process.stdin.setEncoding("utf8");
|
|
43
|
+
process.stdin.on("data", (chunk) => {
|
|
44
|
+
data += chunk;
|
|
45
|
+
});
|
|
46
|
+
process.stdin.on("end", () => resolve(data));
|
|
47
|
+
process.stdin.on("error", () => resolve(data));
|
|
48
|
+
});
|
|
49
|
+
}
|
|
50
|
+
function extractCommandFromHookPayload(raw) {
|
|
51
|
+
let parsed;
|
|
52
|
+
try {
|
|
53
|
+
parsed = JSON.parse(raw);
|
|
54
|
+
} catch {
|
|
55
|
+
return null;
|
|
56
|
+
}
|
|
57
|
+
if (!parsed || typeof parsed !== "object") return null;
|
|
58
|
+
const obj = parsed;
|
|
59
|
+
const toolInput = obj.tool_input;
|
|
60
|
+
const candidate = toolInput?.command ?? toolInput?.cmd ?? obj.command ?? obj.cmd;
|
|
61
|
+
return typeof candidate === "string" && candidate.length > 0 ? candidate : null;
|
|
62
|
+
}
|
|
63
|
+
async function gateCheckCommand(args) {
|
|
64
|
+
const dashDash = args.indexOf("--");
|
|
65
|
+
const cmdParts = dashDash >= 0 ? args.slice(dashDash + 1) : args;
|
|
66
|
+
let fullCommand;
|
|
67
|
+
if (cmdParts.length > 0) {
|
|
68
|
+
fullCommand = cmdParts.join(" ");
|
|
69
|
+
} else {
|
|
70
|
+
const raw = await readStdin();
|
|
71
|
+
const extracted = raw ? extractCommandFromHookPayload(raw) : null;
|
|
72
|
+
if (!extracted) {
|
|
73
|
+
error("gate-check: no command given (pass -- <command>, or a Claude Code hook JSON payload on stdin) \u2014 failing closed.");
|
|
74
|
+
process.exit(1);
|
|
75
|
+
return;
|
|
76
|
+
}
|
|
77
|
+
fullCommand = extracted;
|
|
78
|
+
}
|
|
79
|
+
let evaluation;
|
|
80
|
+
try {
|
|
81
|
+
evaluation = await evaluateViaGate(fullCommand);
|
|
82
|
+
} catch (err) {
|
|
83
|
+
error(`gate-check: could not reach mergen-server \u2014 ${err instanceof Error ? err.message : String(err)}`);
|
|
84
|
+
process.exit(1);
|
|
85
|
+
return;
|
|
86
|
+
}
|
|
87
|
+
if (!evaluation.reachable) {
|
|
88
|
+
hr();
|
|
89
|
+
error("gate-check: no mergen-server is running \u2014 refusing to allow (fail closed).");
|
|
90
|
+
console.error(" Start it with: mergen-server start");
|
|
91
|
+
hr();
|
|
92
|
+
process.exit(1);
|
|
93
|
+
}
|
|
94
|
+
if (evaluation.isError) {
|
|
95
|
+
hr();
|
|
96
|
+
console.error("\u2B21 Mergen \u2014 BLOCKED\n");
|
|
97
|
+
console.error(evaluation.text);
|
|
98
|
+
hr();
|
|
99
|
+
process.exit(1);
|
|
100
|
+
}
|
|
101
|
+
process.exit(0);
|
|
102
|
+
}
|
|
103
|
+
export {
|
|
104
|
+
evaluateViaGate,
|
|
105
|
+
extractCommandFromHookPayload,
|
|
106
|
+
gateCheckCommand
|
|
107
|
+
};
|