nexus-agents 2.153.0 → 2.154.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js CHANGED
@@ -22,7 +22,7 @@ import "./chunk-M4YN3U3P.js";
22
22
  import {
23
23
  setupCommandAsync,
24
24
  verifyCommand
25
- } from "./chunk-HTXQVLOI.js";
25
+ } from "./chunk-6VYNHHII.js";
26
26
  import "./chunk-CD7FU55Z.js";
27
27
  import {
28
28
  AuthHandler,
@@ -142,7 +142,7 @@ import {
142
142
  validateCommand,
143
143
  validateWorkflow,
144
144
  wrapInMarkdownFence
145
- } from "./chunk-C6S6L5WB.js";
145
+ } from "./chunk-KNVO4P4W.js";
146
146
  import "./chunk-CMAQI2SJ.js";
147
147
  import "./chunk-T2SGTVB4.js";
148
148
  import "./chunk-HFOQKCD2.js";
@@ -170,7 +170,7 @@ import {
170
170
  loadConfig,
171
171
  runDoctor,
172
172
  validateNexusEnv
173
- } from "./chunk-EJXJNWV6.js";
173
+ } from "./chunk-25F6LRU2.js";
174
174
  import "./chunk-GMQH2I4P.js";
175
175
  import {
176
176
  shutdownExpertBridge
package/dist/index.d.ts CHANGED
@@ -26252,6 +26252,52 @@ type PrReviewRecordOutcome = {
26252
26252
  readonly detail: string;
26253
26253
  };
26254
26254
 
26255
+ /**
26256
+ * nexus-agents/mcp — PR-Review Large-Diff Budget Packer (#4140, epic #4130).
26257
+ *
26258
+ * Option A of the large-diff affordance: when a PR diff exceeds the voter PANEL
26259
+ * budget (`MAX_DIFF_LENGTH`), pack it down to a REAL, security-prioritized subset
26260
+ * of WHOLE files instead of hard-failing at the schema or lossily hand-truncating
26261
+ * mid-hunk. A packed review is honestly labeled PARTIAL and (per the #4140 C1
26262
+ * gate wired in pr-review-tool.ts) is BARRED from a verified-approve — it can
26263
+ * BLOCK on a reviewed file but never verified-APPROVE.
26264
+ *
26265
+ * This module is PURE, deterministic, and I/O-free: no model call, no filesystem,
26266
+ * no clock. It is unit-testable in isolation and reused by `executePrReviewBody`.
26267
+ *
26268
+ * FILE-BOUNDARY SAFETY is the load-bearing invariant. `splitByFile` splits only on
26269
+ * `^diff --git ` file headers, so each unit is a whole file's hunk-set. The packer
26270
+ * includes each file WHOLE or drops it — worst case a single over-budget file is
26271
+ * included TRUNCATED with an explicit marker AND still listed as partially-seen. A
26272
+ * voter never receives a corrupted mid-hunk fragment that reads as complete.
26273
+ *
26274
+ * NOT built here (deferred): the exhaustive multi-pass arm (#4151), file-fetch
26275
+ * (#4152), and any scored/weighted ranker. Ordering is a documented two-tier
26276
+ * partition (sensitive-path files first, stable; then the rest in diff order) —
26277
+ * NOT a score.
26278
+ *
26279
+ * @module mcp/tools/pr-review-diff-budget
26280
+ */
26281
+
26282
+ /**
26283
+ * Machine-readable coverage of a large-diff review (#4140). Present ONLY when the
26284
+ * input diff exceeded the panel budget and was packed; ABSENT for a whole-diff
26285
+ * review (a within-budget diff is byte-identical to pre-#4140). `partial: true`
26286
+ * means the verdict was BARRED from a verified-approve (the C1 gate below).
26287
+ */
26288
+ interface PrReviewCoverage {
26289
+ /** Number of files whose full diff the panel actually reviewed. */
26290
+ readonly reviewedFiles: number;
26291
+ /** Total number of files in the original diff. */
26292
+ readonly totalFiles: number;
26293
+ /** Paths NOT fully reviewed (dropped, or the one truncated-head file). */
26294
+ readonly droppedFiles: readonly string[];
26295
+ /** True when coverage is incomplete (`droppedFiles.length > 0`). */
26296
+ readonly partial: boolean;
26297
+ /** Day-one strategy is always `'budget'` (exhaustive arm deferred to #4151). */
26298
+ readonly strategy: 'budget';
26299
+ }
26300
+
26255
26301
  /**
26256
26302
  * nexus-agents/mcp - PR Review Tool (#2233 Child 1)
26257
26303
  *
@@ -26273,9 +26319,10 @@ type PrReviewRecordOutcome = {
26273
26319
  * roles, not code-level. The 5 here are the ones with concrete claims about
26274
26320
  * code (#2233). */
26275
26321
  declare const PR_REVIEW_ROLES: readonly VoterRole[];
26276
- /** Hard cap on diff size sent to voters. Diffs above this are truncated with
26277
- * an explicit notice the tool stays useful for typical PRs without blowing
26278
- * the context budget. */
26322
+ /** Voter PANEL budget: the max diff bytes packed into the proposal sent to the
26323
+ * 5-voter panel. Diffs above this are NOT rejected they are security-prioritized
26324
+ * and PARTIALLY reviewed (whole-file packing via `pr-review-diff-budget.ts`, #4140).
26325
+ * Also the byte cap the canonical `reviewedDiffHash` binds to (unchanged, #3831). */
26279
26326
  declare const MAX_DIFF_LENGTH = 50000;
26280
26327
  declare const PrReviewInputSchema: z.ZodObject<{
26281
26328
  prTitle: z.ZodString;
@@ -26358,6 +26405,12 @@ interface PrReviewResponse {
26358
26405
  * authentic record was written, otherwise `persisted: false` with the reason.
26359
26406
  */
26360
26407
  readonly recordOutcome?: PrReviewRecordOutcome;
26408
+ /**
26409
+ * Large-diff review coverage (#4140). Present only when the input diff exceeded
26410
+ * `MAX_DIFF_LENGTH` and was security-prioritized + partially reviewed; absent for
26411
+ * a whole-diff (≤`MAX_DIFF_LENGTH`) review.
26412
+ */
26413
+ readonly coverage?: PrReviewCoverage;
26361
26414
  }
26362
26415
  interface PrReviewDeps extends BaseMcpToolDeps {
26363
26416
  /**
package/dist/index.js CHANGED
@@ -520,7 +520,7 @@ import {
520
520
  validateWorkflow,
521
521
  validateWorkflowDependencies,
522
522
  withLogging
523
- } from "./chunk-C6S6L5WB.js";
523
+ } from "./chunk-KNVO4P4W.js";
524
524
  import {
525
525
  OPENAI_MODELS,
526
526
  OPENAI_MODEL_ALIASES,
@@ -560,7 +560,7 @@ import {
560
560
  getKnownNexusVarNames,
561
561
  startStdioServer,
562
562
  validateNexusEnv
563
- } from "./chunk-EJXJNWV6.js";
563
+ } from "./chunk-25F6LRU2.js";
564
564
  import {
565
565
  CliCircuitBreakerIntegration,
566
566
  createCliCircuitBreakerIntegration
@@ -8,9 +8,9 @@ import {
8
8
  runWizard,
9
9
  setupCommand,
10
10
  setupCommandAsync
11
- } from "./chunk-HTXQVLOI.js";
11
+ } from "./chunk-6VYNHHII.js";
12
12
  import "./chunk-CD7FU55Z.js";
13
- import "./chunk-EJXJNWV6.js";
13
+ import "./chunk-25F6LRU2.js";
14
14
  import "./chunk-NUBSJGQZ.js";
15
15
  import "./chunk-6T3EPABN.js";
16
16
  import "./chunk-ZM4O442V.js";
@@ -35,4 +35,4 @@ export {
35
35
  setupCommand,
36
36
  setupCommandAsync
37
37
  };
38
- //# sourceMappingURL=setup-command-4WFSYJK2.js.map
38
+ //# sourceMappingURL=setup-command-OAJCXIMR.js.map
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nexus-agents",
3
- "version": "2.153.0",
3
+ "version": "2.154.0",
4
4
  "description": "Governance substrate for AI coding agents — adversarial PR review, drift-detected rules, tamper-evident audit, and closed-loop outcome routing for Claude, Codex, Gemini, and OpenCode",
5
5
  "mcpName": "io.github.nexus-substrate/nexus-agents",
6
6
  "license": "MIT",