nexus-agents 2.29.0 → 2.29.2

package/dist/chunk-5COIDGQJ.js

@@ -0,0 +1,1585 @@
+import {
+  GitHubProvider,
+  ScmError
+} from "./chunk-EPMBGZQX.js";
+import {
+  CACHE_TIMEOUTS,
+  createLogger,
+  err,
+  getTimeProvider,
+  ok
+} from "./chunk-HSOPD265.js";
+
+// src/security/trust-types.ts
+import { z } from "zod";
+var TrustTierSchema = z.enum(["1", "2", "3", "4"]);
+var TRUST_TIER_NUMERIC = {
+  "1": 1,
+  "2": 2,
+  "3": 3,
+  "4": 4
+};
+var GitHubUserRoleSchema = z.enum([
+  "owner",
+  "maintainer",
+  "collaborator",
+  "contributor",
+  "member",
+  "unknown"
+]);
+var ROLE_DEFAULT_TRUST = {
+  owner: "1",
+  maintainer: "1",
+  collaborator: "2",
+  contributor: "2",
+  member: "3",
+  unknown: "3"
+};
+var InjectionFlagSchema = z.enum([
+  "authority_claim",
+  "instruction_pattern",
+  "system_prompt_manipulation",
+  "hidden_content",
+  "urgency_manipulation",
+  "fake_conversation",
+  "base64_encoded",
+  "external_link_instruction"
+]);
+var StrippedElementSchema = z.object({
+  /** Type of element stripped. */
+  tag: z.string().min(1),
+  /** Reason for stripping. */
+  reason: z.string().min(1),
+  /** Start index in original content. */
+  startIndex: z.number().int().nonnegative(),
+  /** Length of stripped content. */
+  length: z.number().int().positive()
+});
+var SanitizedInputSchema = z.object({
+  /** Sanitized content with dangerous elements removed. */
+  content: z.string(),
+  /** Original content before sanitization (for audit). */
+  originalLength: z.number().int().nonnegative(),
+  /** Assigned trust tier based on user role and content analysis. */
+  trustTier: TrustTierSchema,
+  /** GitHub user role of the input source. */
+  userRole: GitHubUserRoleSchema,
+  /** Injection patterns detected in content. */
+  injectionFlags: z.array(InjectionFlagSchema),
+  /** Elements stripped during sanitization (audit trail). */
+  strippedElements: z.array(StrippedElementSchema),
+  /** Whether any dangerous content was detected and stripped. */
+  wasModified: z.boolean(),
+  /** Timestamp of sanitization (ISO 8601). */
+  sanitizedAt: z.iso.datetime()
+});
+var SanitizerConfigSchema = z.object({
+  /** GitHub usernames that are always Tier 1 (allowlisted maintainers). */
+  allowlistedMaintainers: z.array(z.string().min(1)).default([]),
+  /** Whether to fail open (log only) or fail closed (block). Phase 1 = open. */
+  failOpen: z.boolean().default(true),
+  /** Maximum input length before truncation. */
+  maxInputLength: z.number().int().positive().default(5e4)
+});
+
+// src/security/input-sanitizer.ts
+var DANGEROUS_HTML_PATTERN = /<(picture|source|img)\b[^>]*>[\s\S]*?<\/\1>|<(picture|source|img)\b[^>]*\/?>/gi;
+var XML_INJECTION_PATTERN = /<\/?(system|human|assistant|instructions|user|prompt|context|tool_use|tool_result)\b[^>]*>/gi;
+var HTML_COMMENT_PATTERN = /<!--[\s\S]*?-->/g;
+var INJECTION_PATTERNS = [
+  {
+    flag: "authority_claim",
+    pattern: /\b(as (?:a|the) (?:maintainer|admin|owner|security lead|repo owner|developer))\b/i
+  },
+  {
+    flag: "authority_claim",
+    pattern: /\b(i(?:'m| am) the (?:repo |project )?(?:owner|maintainer|admin))\b/i
+  },
+  {
+    flag: "instruction_pattern",
+    pattern: /\b(please (?:close|merge|label|mark|apply|delete|remove|approve|reject))\b/i
+  },
+  {
+    flag: "instruction_pattern",
+    pattern: /\b(you (?:should|must|need to) (?:close|merge|label|apply|delete))\b/i
+  },
+  {
+    flag: "system_prompt_manipulation",
+    pattern: /\b(ignore (?:all )?previous (?:instructions|rules|prompts))\b/i
+  },
+  {
+    flag: "system_prompt_manipulation",
+    pattern: /\b(forget (?:your |all )?(?:instructions|rules|safety))\b/i
+  },
+  {
+    flag: "system_prompt_manipulation",
+    pattern: /\b(new (?:instructions|rules|system prompt|directives))\b/i
+  },
+  {
+    flag: "urgency_manipulation",
+    pattern: /\b(critical|emergency|urgent|must act now|immediately|time[- ]?sensitive)\b/i
+  },
+  {
+    flag: "fake_conversation",
+    pattern: /<(?:assistant|human|user|system)>/i
+  },
+  {
+    flag: "base64_encoded",
+    // Requires at least one base64-discriminating char (g-z/G-Z or +, /, =)
+    // to avoid false positives on SHA-1 / SHA-256 hex hashes (#1811).
+    pattern: /(?=[A-Za-z0-9+/]*[g-zG-Z+/=])[A-Za-z0-9+/]{40,}={0,2}/
+  },
+  {
+    flag: "external_link_instruction",
+    pattern: /(?:apply|run|execute|install)\s+(?:this\s+)?(?:from\s+)?https?:\/\//i
+  }
+];
+function stripDangerousHtml(content) {
+  const stripped = [];
+  let cleaned = content;
+  const MAX_PASSES = 5;
+  for (let pass = 0; pass < MAX_PASSES; pass++) {
+    DANGEROUS_HTML_PATTERN.lastIndex = 0;
+    if (!DANGEROUS_HTML_PATTERN.test(cleaned)) break;
+    cleaned = cleaned.replace(DANGEROUS_HTML_PATTERN, (match, _g1, _g2, offset) => {
+      stripped.push({
+        tag: match.slice(0, 30) + (match.length > 30 ? "..." : ""),
+        reason: "Dangerous HTML tag (Trail of Bits injection vector)",
+        startIndex: offset,
+        length: match.length
+      });
+      return "";
+    });
+  }
+  return { cleaned, stripped };
+}
+function stripXmlTags(content) {
+  const stripped = [];
+  let cleaned = content;
+  const MAX_PASSES = 5;
+  for (let pass = 0; pass < MAX_PASSES; pass++) {
+    XML_INJECTION_PATTERN.lastIndex = 0;
+    if (!XML_INJECTION_PATTERN.test(cleaned)) break;
+    cleaned = cleaned.replace(XML_INJECTION_PATTERN, (match, _g1, offset) => {
+      stripped.push({
+        tag: match,
+        reason: "XML-like conversation injection tag",
+        startIndex: offset,
+        length: match.length
+      });
+      return "";
+    });
+  }
+  return { cleaned, stripped };
+}
+function stripHtmlComments(content) {
+  const stripped = [];
+  let cleaned = content;
+  const MAX_PASSES = 5;
+  for (let pass = 0; pass < MAX_PASSES; pass++) {
+    HTML_COMMENT_PATTERN.lastIndex = 0;
+    const prevLength = cleaned.length;
+    cleaned = cleaned.replace(HTML_COMMENT_PATTERN, (match, offset) => {
+      const hasInstruction = /\b(ignore|execute|close|merge|delete|apply)\b/i.test(match);
+      if (!hasInstruction) return match;
+      stripped.push({
+        tag: "<!-- ... -->",
+        reason: "HTML comment with instruction-like content",
+        startIndex: offset,
+        length: match.length
+      });
+      return "";
+    });
+    if (cleaned.length === prevLength) break;
+  }
+  let searchFrom = 0;
+  while (searchFrom < cleaned.length) {
+    const openIdx = cleaned.indexOf("<!--", searchFrom);
+    if (openIdx === -1) break;
+    const closeIdx = cleaned.indexOf("-->", openIdx + 4);
+    if (closeIdx === -1) {
+      stripped.push({
+        tag: "<!--",
+        reason: "Unclosed HTML comment (potential injection vector)",
+        startIndex: openIdx,
+        length: cleaned.length - openIdx
+      });
+      cleaned = cleaned.slice(0, openIdx);
+      break;
+    }
+    searchFrom = closeIdx + 3;
+  }
+  return { cleaned, stripped };
+}
+function detectInjectionPatterns(content) {
+  const flags = /* @__PURE__ */ new Set();
+  for (const { flag, pattern } of INJECTION_PATTERNS) {
+    pattern.lastIndex = 0;
+    if (pattern.test(content)) {
+      flags.add(flag);
+    }
+  }
+  return Array.from(flags);
+}
+function assignTrustTier(userRole, injectionFlags, allowlisted) {
+  if (allowlisted) return "1";
+  const baseTier = ROLE_DEFAULT_TRUST[userRole];
+  const hostileFlags = ["system_prompt_manipulation", "fake_conversation"];
+  if (injectionFlags.some((f) => hostileFlags.includes(f))) return "4";
+  if (injectionFlags.includes("authority_claim") && userRole !== "owner" && userRole !== "maintainer") {
+    return "4";
+  }
+  return baseTier;
+}
+function sanitizeInput(content, userRole, username, config) {
+  const cfg = SanitizerConfigSchema.parse(config ?? {});
+  const truncated = content.slice(0, cfg.maxInputLength);
+  const allowlisted = cfg.allowlistedMaintainers.includes(username);
+  const html = stripDangerousHtml(truncated);
+  const xml = stripXmlTags(html.cleaned);
+  const comments = stripHtmlComments(xml.cleaned);
+  const allStripped = [...html.stripped, ...xml.stripped, ...comments.stripped];
+  const injectionFlags = detectInjectionPatterns(truncated);
+  const trustTier = assignTrustTier(userRole, injectionFlags, allowlisted);
+  return {
+    content: comments.cleaned,
+    originalLength: content.length,
+    trustTier,
+    userRole,
+    injectionFlags,
+    strippedElements: allStripped,
+    wasModified: allStripped.length > 0,
+    sanitizedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+
+// src/security/trust-classifier.ts
+function mapAuthorAssociation(association) {
+  switch (association.toUpperCase()) {
+    case "OWNER":
+      return "owner";
+    case "MEMBER":
+      return "member";
+    case "COLLABORATOR":
+      return "collaborator";
+    case "CONTRIBUTOR":
+      return "contributor";
+    case "FIRST_TIMER":
+    case "FIRST_TIME_CONTRIBUTOR":
+    case "NONE":
+      return "unknown";
+    case "MANNEQUIN":
+      return "unknown";
+    default:
+      return "unknown";
+  }
+}
+function classifyTrust(input) {
+  const allowlistedMaintainers = input.config?.allowlistedMaintainers ?? [];
+  const isAllowlisted = allowlistedMaintainers.includes(input.username);
+  const userRole = mapAuthorAssociation(input.authorAssociation);
+  if (isAllowlisted) {
+    return {
+      trustTier: "1",
+      userRole,
+      isAllowlisted: true,
+      wasDowngraded: false,
+      reason: `User ${input.username} is on the maintainer allowlist`
+    };
+  }
+  const baseTier = ROLE_DEFAULT_TRUST[userRole];
+  if (input.sanitizedInput !== void 0) {
+    const contentTier = input.sanitizedInput.trustTier;
+    const downgraded = TRUST_TIER_NUMERIC[contentTier] > TRUST_TIER_NUMERIC[baseTier];
+    return {
+      trustTier: downgraded ? contentTier : baseTier,
+      userRole,
+      isAllowlisted: false,
+      wasDowngraded: downgraded,
+      reason: downgraded ? `Downgraded from Tier ${baseTier} to ${contentTier}: injection patterns detected` : `Role ${userRole} \u2192 Tier ${baseTier}`
+    };
+  }
+  return {
+    trustTier: baseTier,
+    userRole,
+    isAllowlisted: false,
+    wasDowngraded: false,
+    reason: `Role ${userRole} \u2192 Tier ${baseTier}`
+  };
+}
+function canInfluenceDecisions(tier) {
+  return TRUST_TIER_NUMERIC[tier] <= 2;
+}
+function requiresCorroboration(tier) {
+  return tier === "2";
+}
+function getRequiredTrustTier(actionType) {
+  switch (actionType) {
+    case "GeneratePatchPlan":
+      return "1";
+    // Requires maintainer-level trust
+    case "DraftReply":
+    case "ProposeLabels":
+      return "2";
+    // Requires at least collaborator-level trust
+    case "SummarizeIssue":
+    case "ClassifyIssue":
+    case "IdentifyDuplicates":
+      return "3";
+    // Read-only, can use any input
+    case "RequestHumanApproval":
+    case "RefuseAction":
+      return "4";
+    // Always allowed (safety actions)
+    default:
+      return "1";
+  }
+}
+
+// src/security/policy-gate.ts
+import { z as z3 } from "zod";
+
+// src/security/action-schema.ts
+import { z as z2 } from "zod";
+var RepoFileSource = z2.object({
+  type: z2.literal("repoFile"),
+  path: z2.string().min(1),
+  line: z2.number().int().positive().optional(),
+  commit: z2.string().regex(/^[a-f0-9]{7,40}$/).optional()
+});
+var IssueCommentSource = z2.object({
+  type: z2.literal("issueComment"),
+  issueNumber: z2.number().int().positive(),
+  commentId: z2.number().int().positive(),
+  author: z2.string().min(1),
+  authorTrustTier: TrustTierSchema
+});
+var CIResultSource = z2.object({
+  type: z2.literal("ciResult"),
+  runId: z2.number().int().positive(),
+  status: z2.enum(["pass", "fail"]),
+  job: z2.string().min(1)
+});
+var PolicyDocSource = z2.object({
+  type: z2.literal("policyDoc"),
+  path: z2.string().min(1),
+  section: z2.string().min(1)
+});
+var MaintainerCommandSource = z2.object({
+  type: z2.literal("maintainerCommand"),
+  username: z2.string().min(1),
+  commentId: z2.number().int().positive()
+});
+var SourceCitationSchema = z2.discriminatedUnion("type", [
+  RepoFileSource,
+  IssueCommentSource,
+  CIResultSource,
+  PolicyDocSource,
+  MaintainerCommandSource
+]);
+var SummarizeIssueAction = z2.object({
+  type: z2.literal("SummarizeIssue"),
+  summary: z2.string().min(10).max(2e3),
+  sources: z2.array(SourceCitationSchema).min(1).max(20)
+});
+var ProposeLabelsAction = z2.object({
+  type: z2.literal("ProposeLabels"),
+  labels: z2.array(z2.string()).min(1).max(5),
+  reason: z2.string().min(10).max(500),
+  sources: z2.array(SourceCitationSchema).min(1).max(20)
+});
+var DraftReplyAction = z2.object({
+  type: z2.literal("DraftReply"),
+  body: z2.string().min(10).max(2e3),
+  requiresApproval: z2.literal(true),
+  sources: z2.array(SourceCitationSchema).min(1).max(20)
+});
+var RequestHumanApprovalAction = z2.object({
+  type: z2.literal("RequestHumanApproval"),
+  reason: z2.string().min(10).max(500),
+  context: z2.string().min(10).max(2e3)
+});
+var GeneratePatchPlanAction = z2.object({
+  type: z2.literal("GeneratePatchPlan"),
+  files: z2.array(
+    z2.object({
+      path: z2.string().min(1),
+      operation: z2.enum(["modify", "create", "delete"]),
+      description: z2.string().min(10).max(500)
+    })
+  ).min(1).max(10),
+  rationale: z2.string().min(10).max(1e3),
+  requiresApproval: z2.literal(true),
+  sources: z2.array(SourceCitationSchema).min(2).max(20)
+});
+var ClassifyIssueAction = z2.object({
+  type: z2.literal("ClassifyIssue"),
+  category: z2.enum(["bug", "feature", "question", "documentation", "security", "performance"]),
+  confidence: z2.number().min(0).max(1),
+  sources: z2.array(SourceCitationSchema).min(1).max(20)
+});
+var IdentifyDuplicatesAction = z2.object({
+  type: z2.literal("IdentifyDuplicates"),
+  candidates: z2.array(z2.number().int().positive()).min(1).max(10),
+  similarity: z2.array(z2.number().min(0).max(1)),
+  sources: z2.array(SourceCitationSchema).min(1).max(20)
+});
+var RefuseActionAction = z2.object({
+  type: z2.literal("RefuseAction"),
+  reason: z2.string().min(10).max(500),
+  escalateTo: z2.enum(["maintainer", "security"])
+});
+var HandoffMessageAction = z2.object({
+  type: z2.literal("HandoffMessage"),
+  targetCapability: z2.string().min(1).max(100),
+  reason: z2.string().min(5).max(500),
+  inputTrustTier: z2.enum(["1", "2", "3", "4"]),
+  sources: z2.array(SourceCitationSchema).min(1).max(20)
+});
+var AgentActionSchema = z2.discriminatedUnion("type", [
+  SummarizeIssueAction,
+  ProposeLabelsAction,
+  DraftReplyAction,
+  RequestHumanApprovalAction,
+  GeneratePatchPlanAction,
+  ClassifyIssueAction,
+  IdentifyDuplicatesAction,
+  RefuseActionAction,
+  HandoffMessageAction
+]);
+var READ_ONLY_ACTIONS = /* @__PURE__ */ new Set([
+  "SummarizeIssue",
+  "ClassifyIssue",
+  "IdentifyDuplicates",
+  "RefuseAction",
+  "RequestHumanApproval",
+  "HandoffMessage"
+]);
+var MUTATING_ACTIONS = /* @__PURE__ */ new Set([
+  "ProposeLabels",
+  "DraftReply",
+  "GeneratePatchPlan"
+]);
+var CITATION_REQUIRED_ACTIONS = /* @__PURE__ */ new Set([
+  "SummarizeIssue",
+  "ProposeLabels",
+  "DraftReply",
+  "GeneratePatchPlan",
+  "ClassifyIssue",
+  "IdentifyDuplicates",
+  "HandoffMessage"
+]);
+function validateAgentAction(input) {
+  const result = AgentActionSchema.safeParse(input);
+  if (result.success) {
+    return { ok: true, value: result.data };
+  }
+  const messages = result.error.issues.map((issue) => `${issue.path.join(".")}: ${issue.message}`);
+  return { ok: false, error: `Action validation failed: ${messages.join("; ")}` };
+}
+function isReadOnlyAction(actionType) {
+  return READ_ONLY_ACTIONS.has(actionType);
+}
+function isMutatingAction(actionType) {
+  return MUTATING_ACTIONS.has(actionType);
+}
+function requiresCitation(actionType) {
+  return CITATION_REQUIRED_ACTIONS.has(actionType);
+}
+
+// src/security/policy-gate.ts
+var ViolationSchema = z3.object({
+  /** Machine-readable rule identifier. */
+  rule: z3.string().min(1),
+  /** Human-readable description of the violation. */
+  message: z3.string().min(1),
+  /** Severity: 'block' prevents execution, 'warn' logs only. */
+  severity: z3.enum(["block", "warn"])
+});
+function getActionSources(action) {
+  if ("sources" in action) {
+    return action.sources;
+  }
+  return [];
+}
+function checkCitationRequirement(action) {
+  if (!requiresCitation(action.type)) return void 0;
+  const sources = getActionSources(action);
+  if (sources.length === 0) {
+    return {
+      rule: "REQUIRE_CITATION",
+      message: `Action '${action.type}' requires at least one source citation`,
+      severity: "block"
+    };
+  }
+  return void 0;
+}
+function checkTrustRequirement(action, context) {
+  const requiredTier = getRequiredTrustTier(action.type);
+  const requiredNumeric = TRUST_TIER_NUMERIC[requiredTier];
+  const inputNumeric = TRUST_TIER_NUMERIC[context.inputTrustTier];
+  if (inputNumeric > requiredNumeric) {
+    return {
+      rule: "INSUFFICIENT_TRUST",
+      message: `Action '${action.type}' requires Tier ${requiredTier} but input is Tier ${context.inputTrustTier}`,
+      severity: "block"
+    };
+  }
+  return void 0;
+}
+function checkInfluenceBlock(action, context) {
+  if (!canInfluenceDecisions(context.inputTrustTier) && isMutatingAction(action.type)) {
+    return {
+      rule: "UNTRUSTED_INFLUENCE",
+      message: `Tier ${context.inputTrustTier} input cannot drive mutating action '${action.type}'`,
+      severity: "block"
+    };
+  }
+  return void 0;
+}
+function checkRuleOfTwo(context) {
+  const isUntrusted = TRUST_TIER_NUMERIC[context.inputTrustTier] >= 3;
+  if (isUntrusted && context.hasWriteAccess && context.hasSecretAccess) {
+    return {
+      rule: "RULE_OF_TWO",
+      message: "Rule of Two violation: agent simultaneously processes untrusted input, has write access, and accesses secrets",
+      severity: "block"
+    };
+  }
+  return void 0;
+}
+function checkLabelValidity(action, context) {
+  if (action.type !== "ProposeLabels") return void 0;
+  const labels = context.existingLabels;
+  if (labels === void 0) return void 0;
+  const invalid = action.labels.filter((l) => !labels.has(l));
+  if (invalid.length > 0) {
+    return {
+      rule: "INVALID_LABELS",
+      message: `Proposed labels not in repository: ${invalid.join(", ")}`,
+      severity: "block"
+    };
+  }
+  return void 0;
+}
+function checkSourceTrustTiers(action) {
+  const sources = getActionSources(action);
+  if (sources.length === 0) return void 0;
+  const requiredTier = getRequiredTrustTier(action.type);
+  const requiredNumeric = TRUST_TIER_NUMERIC[requiredTier];
+  for (const source of sources) {
+    if (source.type === "issueComment") {
+      const sourceTierNumeric = TRUST_TIER_NUMERIC[source.authorTrustTier];
+      if (sourceTierNumeric > requiredNumeric) {
+        return {
+          rule: "SOURCE_TRUST_MISMATCH",
+          message: `Source from '${source.author}' (Tier ${source.authorTrustTier}) insufficient for action requiring Tier ${requiredTier}`,
+          severity: "warn"
+        };
+      }
+    }
+  }
+  return void 0;
+}
+function evaluatePolicy(action, context) {
+  const violations = [];
+  const checks = [
+    checkCitationRequirement(action),
+    checkTrustRequirement(action, context),
+    checkInfluenceBlock(action, context),
+    checkRuleOfTwo(context),
+    checkLabelValidity(action, context),
+    checkSourceTrustTiers(action)
+  ];
+  for (const violation of checks) {
+    if (violation !== void 0) {
+      violations.push(violation);
+    }
+  }
+  const hasBlockingViolation = violations.some((v) => v.severity === "block");
+  const needsApproval = !hasBlockingViolation && isMutatingAction(action.type);
+  return {
+    allowed: !hasBlockingViolation,
+    requiresApproval: needsApproval,
+    violations,
+    evaluatedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function canProceed(actionType, inputTrustTier) {
+  if (isReadOnlyAction(actionType)) {
+    const requiredTier = getRequiredTrustTier(actionType);
+    return TRUST_TIER_NUMERIC[inputTrustTier] <= TRUST_TIER_NUMERIC[requiredTier];
+  }
+  return canInfluenceDecisions(inputTrustTier);
+}
+
+// src/security/corroboration-validator.ts
+function hasCIPass(sources) {
+  return sources.some((s) => s.type === "ciResult" && s.status === "pass");
+}
+function hasMaintainerCommand(sources) {
+  return sources.some((s) => s.type === "maintainerCommand");
+}
+function hasTier1Comment(sources) {
+  return sources.some((s) => s.type === "issueComment" && s.authorTrustTier === "1");
+}
+function hasRepoFileRef(sources) {
+  return sources.some((s) => s.type === "repoFile");
+}
+function hasCodeLevelEvidence(sources) {
+  return sources.some((s) => s.type === "repoFile" && s.line !== void 0);
+}
+function hasPolicyDocRef(sources) {
+  return sources.some((s) => s.type === "policyDoc");
+}
+function hasSourceAtTier(sources, maxTier) {
+  const maxNumeric = TRUST_TIER_NUMERIC[maxTier];
+  return sources.some((s) => {
+    if (s.type === "issueComment") {
+      return TRUST_TIER_NUMERIC[s.authorTrustTier] <= maxNumeric;
+    }
+    return true;
+  });
+}
+var ACTION_CORROBORATION_RULES = {
+  SummarizeIssue: [
+    {
+      description: "At least one Tier 1/2 source",
+      isSatisfied: (s) => hasSourceAtTier(s, "2")
+    }
+  ],
+  ProposeLabels: [
+    {
+      description: "Keyword match in issue body (repo file) OR maintainer instruction",
+      isSatisfied: (s) => hasRepoFileRef(s) || hasMaintainerCommand(s) || hasPolicyDocRef(s)
+    }
+  ],
+  DraftReply: [
+    {
+      description: "At least one Tier 1 source citation",
+      isSatisfied: (s) => hasRepoFileRef(s) || hasCIPass(s) || hasMaintainerCommand(s) || hasPolicyDocRef(s) || hasTier1Comment(s)
+    }
+  ],
+  GeneratePatchPlan: [
+    {
+      description: "Failing test OR bug reproduction steps (code-level evidence)",
+      isSatisfied: (s) => hasCodeLevelEvidence(s) || hasCIPass(s)
+    },
+    {
+      description: "Maintainer corroboration",
+      isSatisfied: (s) => hasMaintainerCommand(s) || hasTier1Comment(s)
+    }
+  ],
+  ClassifyIssue: [
+    {
+      description: "At least one source citation",
+      isSatisfied: (s) => s.length > 0
+    }
+  ],
+  IdentifyDuplicates: [
+    {
+      description: "At least one source citation",
+      isSatisfied: (s) => s.length > 0
+    }
+  ],
+  RequestHumanApproval: [],
+  RefuseAction: [],
+  HandoffMessage: [
+    {
+      description: "At least one source citation for trust tier propagation",
+      isSatisfied: (s) => s.length > 0
+    }
+  ]
+};
+function validateCorroboration(action) {
+  const rules = ACTION_CORROBORATION_RULES[action.type];
+  const sources = "sources" in action ? action.sources : [];
+  if (rules.length === 0) {
+    return {
+      satisfied: true,
+      corroboratingSources: sources,
+      missing: [],
+      actionType: action.type
+    };
+  }
+  const missing = [];
+  const corroborating = [];
+  for (const rule of rules) {
+    if (rule.isSatisfied(sources)) {
+      for (const s of sources) {
+        if (!corroborating.includes(s)) {
+          corroborating.push(s);
+        }
+      }
+    } else {
+      missing.push(rule.description);
+    }
+  }
+  return {
+    satisfied: missing.length === 0,
+    corroboratingSources: corroborating,
+    missing,
+    actionType: action.type
+  };
+}
+function getCorroborationRules(actionType) {
+  return ACTION_CORROBORATION_RULES[actionType];
+}
+
+// src/security/reputation-model.ts
+import { z as z4 } from "zod";
+var SuspiciousSignalSchema = z4.enum([
+  "new_account",
+  "no_prior_contributions",
+  "injection_patterns_detected",
+  "rapid_comments",
+  "mismatched_authority_claim"
+]);
+var DAYS_PER_YEAR_APPROX = 36.5;
+var SUSPICIOUS_THRESHOLDS = {
+  /** Account younger than this (days) is flagged. */
+  newAccountDays: 30,
+  /** Fewer contributions than this is flagged. */
+  minContributions: 1,
+  /** More comments than this in the window triggers rapid-comment flag. */
+  rapidCommentThreshold: 5,
+  /** Time window (minutes) for rapid comment detection. */
+  rapidCommentWindowMinutes: 10
+};
+var DEFAULT_TTL_MS = CACHE_TIMEOUTS.reputationTtlMs;
+var DEFAULT_MAX_SIZE = 1e3;
+var ReputationCache = class {
+  cache = /* @__PURE__ */ new Map();
+  ttlMs;
+  maxSize;
+  constructor(ttlMs = DEFAULT_TTL_MS, maxSize = DEFAULT_MAX_SIZE) {
+    this.ttlMs = ttlMs;
+    this.maxSize = maxSize;
+  }
+  get(username) {
+    const entry = this.cache.get(username);
+    if (entry === void 0) return void 0;
+    if (Date.now() > entry.expiresAt) {
+      this.cache.delete(username);
+      return void 0;
+    }
+    return entry.assessment;
+  }
+  set(username, assessment) {
+    if (this.cache.size >= this.maxSize && !this.cache.has(username)) {
+      this.evictOldest();
+    }
+    this.cache.set(username, {
+      assessment,
+      expiresAt: Date.now() + this.ttlMs
+    });
+  }
+  /** Evict a batch of oldest entries (10% of maxSize, minimum 1). */
+  evictOldest() {
+    const batchSize = Math.max(1, Math.floor(this.maxSize * 0.1));
+    const keys = this.cache.keys();
+    for (let i = 0; i < batchSize; i++) {
+      const next = keys.next();
+      if (next.done === true) break;
+      this.cache.delete(next.value);
+    }
+  }
+  clear() {
+    this.cache.clear();
+  }
+  get size() {
+    return this.cache.size;
+  }
+};
+function detectSuspiciousSignals(metadata) {
+  const signals = [];
+  if (metadata.accountAgeDays < SUSPICIOUS_THRESHOLDS.newAccountDays) {
+    signals.push("new_account");
+  }
+  if (metadata.priorContributions < SUSPICIOUS_THRESHOLDS.minContributions) {
+    signals.push("no_prior_contributions");
+  }
+  const hostileInjectionFlags = [
+    "system_prompt_manipulation",
+    "fake_conversation",
+    "authority_claim",
+    "hidden_content"
+  ];
+  const hasHostileFlags = metadata.injectionFlags.some((f) => hostileInjectionFlags.includes(f));
+  if (hasHostileFlags) {
+    signals.push("injection_patterns_detected");
+  }
+  if (metadata.recentCommentCount > SUSPICIOUS_THRESHOLDS.rapidCommentThreshold && metadata.recentCommentWindowMinutes <= SUSPICIOUS_THRESHOLDS.rapidCommentWindowMinutes) {
+    signals.push("rapid_comments");
+  }
+  const hasAuthorityClaim = metadata.injectionFlags.includes("authority_claim");
+  const association = metadata.authorAssociation.toUpperCase();
+  const isAuthoritative = association === "OWNER" || association === "MEMBER";
+  if (hasAuthorityClaim && !isAuthoritative) {
+    signals.push("mismatched_authority_claim");
+  }
+  return signals;
+}
+function calculateReputationScore(metadata, signals, userRole) {
+  let score = 50;
+  const roleBonus = {
+    owner: 40,
+    maintainer: 35,
+    collaborator: 25,
+    contributor: 15,
+    member: 5,
+    unknown: 0
+  };
+  score += roleBonus[userRole];
+  score += Math.min(metadata.accountAgeDays / DAYS_PER_YEAR_APPROX, 10);
+  score += Math.min(metadata.priorContributions, 10);
+  const signalPenalty = {
+    new_account: -15,
+    no_prior_contributions: -10,
+    injection_patterns_detected: -25,
+    rapid_comments: -20,
+    mismatched_authority_claim: -30
+  };
+  for (const signal of signals) {
+    score += signalPenalty[signal];
+  }
+  return Math.max(0, Math.min(100, Math.round(score)));
+}
+function mapRole(association) {
+  switch (association.toUpperCase()) {
+    case "OWNER":
+      return "owner";
+    case "MEMBER":
+      return "member";
+    case "COLLABORATOR":
+      return "collaborator";
+    case "CONTRIBUTOR":
+      return "contributor";
+    default:
+      return "unknown";
+  }
+}
+function determineEffectiveTier(userRole, signals) {
+  const baseTier = ROLE_DEFAULT_TRUST[userRole];
+  const hostileSignals = [
+    "injection_patterns_detected",
+    "mismatched_authority_claim"
+  ];
+  if (signals.some((s) => hostileSignals.includes(s))) return "4";
+  if (signals.length >= 2) {
+    const baseNumeric = TRUST_TIER_NUMERIC[baseTier];
+    const downgraded = Math.min(baseNumeric + 1, 4);
+    return String(downgraded);
+  }
+  return baseTier;
+}
+function assessReputation(metadata, cache) {
+  const cached = cache?.get(metadata.username);
+  if (cached !== void 0) return cached;
+  const userRole = mapRole(metadata.authorAssociation);
+  const signals = detectSuspiciousSignals(metadata);
+  const score = calculateReputationScore(metadata, signals, userRole);
+  const effectiveTier = determineEffectiveTier(userRole, signals);
+  const assessment = {
+    username: metadata.username,
+    userRole,
+    suspiciousSignals: signals,
+    isSuspicious: signals.length > 0,
+    effectiveTrustTier: effectiveTier,
+    reputationScore: score,
+    reason: buildReason(userRole, signals, effectiveTier),
+    assessedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  cache?.set(metadata.username, assessment);
+  return assessment;
+}
+function buildReason(role, signals, tier) {
+  if (signals.length === 0) {
+    return `Role ${role} \u2192 Tier ${tier} (no suspicious signals)`;
+  }
+  const signalList = signals.join(", ");
+  return `Role ${role} \u2192 Tier ${tier} (signals: ${signalList})`;
+}
+
+// src/dogfooding/github-client.ts
+import { execFileSync } from "child_process";
+var logger = createLogger({ component: "GitHubClient" });
+function parsePRUrl(url) {
+  const httpPattern = /github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)/;
+  const shortPattern = /^([^/]+)\/([^/#]+)(?:#|\/pull\/)(\d+)$/;
+  const match = httpPattern.exec(url) ?? shortPattern.exec(url);
+  if (match === null) {
+    return err(new Error(`Invalid PR URL format: ${url}`));
+  }
+  const owner = match[1];
+  const repo = match[2];
+  const numberStr = match[3];
+  if (owner === void 0 || repo === void 0 || numberStr === void 0) {
+    return err(new Error(`Invalid PR URL format: ${url}`));
+  }
+  const prNumber = parseInt(numberStr, 10);
+  if (isNaN(prNumber)) {
+    return err(new Error(`Invalid PR URL format: ${url}`));
+  }
+  return ok({ owner, repo, prNumber });
+}
+function parseIssueUrl(url) {
+  const httpPattern = /github\.com\/([^/]+)\/([^/]+)\/issues\/(\d+)/;
+  const shortPattern = /^([^/]+)\/([^/#]+)#(\d+)$/;
+  const match = httpPattern.exec(url) ?? shortPattern.exec(url);
+  if (match === null) {
+    return err(new Error(`Invalid issue URL format: ${url}`));
+  }
+  const owner = match[1];
+  const repo = match[2];
+  const numberStr = match[3];
+  if (owner === void 0 || repo === void 0 || numberStr === void 0) {
+    return err(new Error(`Invalid issue URL format: ${url}`));
+  }
+  const issueNumber = parseInt(numberStr, 10);
+  if (isNaN(issueNumber)) {
+    return err(new Error(`Invalid issue URL format: ${url}`));
+  }
+  return ok({ owner, repo, issueNumber });
+}
+
+// src/scm/github-provider-traits.ts
+var logger2 = createLogger({ component: "GitHubProviderTraits" });
+var cachedGhToken = null;
+var ghTokenPromise;
+async function resolveGhToken() {
+  if (cachedGhToken !== null) return cachedGhToken;
+  ghTokenPromise ??= resolveGhTokenImpl().finally(() => {
+    ghTokenPromise = void 0;
+  });
+  return ghTokenPromise;
+}
+async function resolveGhTokenImpl() {
+  const envToken = process.env["GITHUB_TOKEN"] ?? process.env["GH_TOKEN"];
+  if (envToken !== void 0 && envToken.length > 0) {
+    cachedGhToken = envToken;
+    return envToken;
+  }
+  try {
+    const { execFile } = await import("child_process");
+    const { promisify } = await import("util");
+    const exec = promisify(execFile);
+    const { stdout } = await exec("gh", ["auth", "token"], { timeout: 5e3 });
+    const token = stdout.trim();
+    cachedGhToken = token.length > 0 ? token : void 0;
+  } catch {
+    cachedGhToken = void 0;
+  }
+  return cachedGhToken;
+}
+async function execGhApi(endpoint, method) {
+  const { execFile } = await import("child_process");
+  const { promisify } = await import("util");
+  const exec = promisify(execFile);
+  const args = ["api", endpoint];
+  if (method !== void 0) args.push("--method", method);
+  const token = await resolveGhToken();
+  const env = token !== void 0 ? { ...process.env, GH_TOKEN: token } : void 0;
+  try {
+    const { stdout } = await exec("gh", args, {
+      maxBuffer: 10 * 1024 * 1024,
+      timeout: 3e4,
+      ...env !== void 0 ? { env } : {}
+    });
+    return ok(stdout.trim());
+  } catch (error) {
+    const execError = error;
+    return err(
+      new ScmError(`gh api failed: ${execError.message}`, "github", void 0, {
+        endpoint,
+        stderr: execError.stderr
+      })
+    );
+  }
+}
+function mapFileChange(raw) {
+  const statusMap = {
+    added: "added",
+    removed: "removed",
+    modified: "modified",
+    renamed: "renamed",
+    copied: "copied"
+  };
+  return {
+    filename: raw.filename,
+    status: statusMap[raw.status] ?? "modified",
+    additions: raw.additions,
+    deletions: raw.deletions,
+    ...raw.patch !== void 0 ? { patch: raw.patch } : {},
+    ...raw.previous_filename !== void 0 ? { previousFilename: raw.previous_filename } : {}
+  };
+}
+var GitHubReviewer = class {
+  constructor(provider) {
+    this.provider = provider;
+  }
+  async getPullRequestDetail(prNumber) {
+    const repo = this.provider.repo;
+    logger2.debug("Getting PR detail", { repo, prNumber });
+    const prResult = await execGhApi(`repos/${repo}/pulls/${String(prNumber)}`);
+    if (!prResult.ok) return prResult;
+    const filesResult = await execGhApi(`repos/${repo}/pulls/${String(prNumber)}/files`);
+    if (!filesResult.ok) return filesResult;
+    try {
+      const pr = JSON.parse(prResult.value);
+      const files = JSON.parse(filesResult.value);
+      return ok({
+        number: pr.number,
+        title: pr.title,
+        body: pr.body ?? "",
+        author: pr.user.login,
+        base: pr.base.ref,
+        head: pr.head.ref,
+        url: pr.html_url,
+        draft: pr.draft,
+        authorAssociation: pr.author_association,
+        labels: pr.labels.map((l) => l.name),
+        files: files.map(mapFileChange),
+        additions: pr.additions,
+        deletions: pr.deletions,
+        headSha: pr.head.sha
+      });
+    } catch {
+      return err(new ScmError("Failed to parse PR detail JSON", "github"));
+    }
+  }
+  async createReview(prNumber, body, decision) {
+    const repo = this.provider.repo;
+    const eventMap = {
+      approve: "APPROVE",
+      request_changes: "REQUEST_CHANGES",
+      comment: "COMMENT"
+    };
+    logger2.info("Creating review", { repo, prNumber, decision });
+    const { execFile } = await import("child_process");
+    const { promisify } = await import("util");
+    const exec = promisify(execFile);
+    try {
+      await exec(
+        "gh",
+        [
+          "api",
+          `repos/${repo}/pulls/${String(prNumber)}/reviews`,
+          "--method",
+          "POST",
+          "-f",
+          `body=${body}`,
+          "-f",
+          `event=${eventMap[decision]}`
+        ],
+        { maxBuffer: 10 * 1024 * 1024, timeout: 3e4 }
+      );
+      return ok(void 0);
+    } catch (error) {
+      const execError = error;
+      return err(new ScmError(`Failed to create review: ${execError.message}`, "github"));
+    }
+  }
+  async getIssueDetail(issueNumber) {
+    const repo = this.provider.repo;
+    logger2.debug("Getting issue detail", { repo, issueNumber });
+    const result = await execGhApi(`repos/${repo}/issues/${String(issueNumber)}`);
+    if (!result.ok) return result;
+    try {
+      const raw = JSON.parse(result.value);
+      return ok({
+        number: raw.number,
+        title: raw.title,
+        body: raw.body ?? "",
+        labels: raw.labels.map((l) => l.name),
+        author: raw.user.login,
+        createdAt: raw.created_at,
+        authorAssociation: raw.author_association,
+        state: raw.state,
+        url: raw.html_url
+      });
+    } catch {
+      return err(new ScmError("Failed to parse issue detail JSON", "github"));
+    }
+  }
+  async listCommentDetails(issueNumber) {
+    const repo = this.provider.repo;
+    logger2.debug("Listing comment details", { repo, issueNumber });
+    const result = await execGhApi(`repos/${repo}/issues/${String(issueNumber)}/comments`);
+    if (!result.ok) return result;
+    try {
+      const comments = JSON.parse(result.value);
+      return ok(
+        comments.map((c) => ({
+          id: c.id,
+          body: c.body,
+          author: c.user.login,
+          createdAt: c.created_at,
+          authorAssociation: c.author_association
+        }))
+      );
+    } catch {
+      return err(new ScmError("Failed to parse comment details JSON", "github"));
+    }
+  }
+};
+var GitHubUserInfo = class {
+  async fetchUserMetadata(username) {
+    logger2.debug("Fetching user metadata", { username });
+    const result = await execGhApi(`users/${username}`);
+    if (!result.ok) return result;
+    try {
+      const raw = JSON.parse(result.value);
+      return ok({
+        login: raw.login,
+        name: raw.name,
+        company: raw.company,
+        followers: raw.followers,
+        following: raw.following,
+        publicRepos: raw.public_repos,
+        createdAt: raw.created_at
+      });
+    } catch {
+      return err(new ScmError("Failed to parse user metadata JSON", "github"));
+    }
+  }
+};
+function createFullGitHubProvider(repo) {
+  const base = new GitHubProvider(repo);
+  const reviewer = new GitHubReviewer(base);
+  const userInfo = new GitHubUserInfo();
+  return Object.assign(base, {
+    getPullRequestDetail: reviewer.getPullRequestDetail.bind(reviewer),
+    createReview: reviewer.createReview.bind(reviewer),
+    getIssueDetail: reviewer.getIssueDetail.bind(reviewer),
+    listCommentDetails: reviewer.listCommentDetails.bind(reviewer),
+    fetchUserMetadata: userInfo.fetchUserMetadata.bind(userInfo)
+  });
+}
+
+// src/dogfooding/issue-triage-types.ts
+import { z as z5 } from "zod";
+var CATEGORY_DISPLAY_NAMES = {
+  bug: "Bug Report",
+  feature: "Feature Request",
+  question: "Question",
+  documentation: "Documentation",
+  security: "Security",
+  performance: "Performance"
+};
+var CATEGORY_EMOJI = {
+  bug: ":bug:",
+  feature: ":sparkles:",
+  question: ":question:",
+  documentation: ":books:",
+  security: ":lock:",
+  performance: ":zap:"
+};
+var DEFAULT_ISSUE_TRIAGE_CONFIG = {
+  dryRun: true,
+  maxComments: 50,
+  enableReputation: true
+};
+var IssueTriageConfigSchema = z5.object({
+  dryRun: z5.boolean().default(true),
+  githubToken: z5.string().optional(),
+  maxComments: z5.number().int().min(1).max(100).default(50),
+  enableReputation: z5.boolean().default(true)
+});
+
+// src/dogfooding/issue-triage-helpers.ts
+var CATEGORY_KEYWORDS = {
+  bug: ["bug", "error", "crash", "broken", "fix", "fail", "issue", "wrong", "unexpected"],
+  feature: ["feature", "request", "enhancement", "proposal", "add", "support", "implement"],
+  question: ["question", "how to", "help", "confused", "explain", "documentation"],
+  documentation: ["docs", "documentation", "readme", "typo", "example", "guide"],
+  security: ["security", "vulnerability", "cve", "exploit", "injection", "xss", "csrf"],
+  performance: ["performance", "slow", "memory", "leak", "optimize", "latency", "timeout"]
+};
+function categorizeIssue(title, body) {
+  const text = `${title} ${body}`.toLowerCase();
+  const scores = {
+    bug: 0,
+    feature: 0,
+    question: 0,
+    documentation: 0,
+    security: 0,
+    performance: 0
+  };
+  let totalMatches = 0;
+  for (const [category, keywords] of Object.entries(CATEGORY_KEYWORDS)) {
+    for (const keyword of keywords) {
+      if (text.includes(keyword)) {
+        scores[category]++;
+        totalMatches++;
+      }
+    }
+  }
+  let bestCategory = "bug";
+  let bestScore = 0;
+  for (const [category, score] of Object.entries(scores)) {
+    if (score > bestScore) {
+      bestScore = score;
+      bestCategory = category;
+    }
+  }
+  const confidence = totalMatches > 0 ? Math.min(bestScore / totalMatches, 1) : 0.1;
+  return [bestCategory, Math.round(confidence * 100) / 100];
+}
+var LABEL_HINTS = /* @__PURE__ */ new Map([
+  ["bug", "bug"],
+  ["feature request", "enhancement"],
+  ["enhancement", "enhancement"],
+  ["breaking change", "breaking-change"],
+  ["documentation", "documentation"],
+  ["help wanted", "help wanted"],
+  ["good first issue", "good first issue"],
+  ["security", "security"],
+  ["performance", "performance"],
+  ["regression", "regression"]
+]);
+function extractLabelsFromBody(title, body) {
+  const text = `${title} ${body}`.toLowerCase();
+  const labels = [];
+  for (const [pattern, label] of LABEL_HINTS) {
+    if (text.includes(pattern) && !labels.includes(label)) {
+      labels.push(label);
+    }
+  }
+  return labels.slice(0, 5);
+}
+function formatTriageComment(result) {
+  const emoji = CATEGORY_EMOJI[result.category];
+  const categoryName = CATEGORY_DISPLAY_NAMES[result.category];
+  const lines = [];
+  lines.push(`## ${emoji} Issue Triage: ${categoryName}`);
+  lines.push("");
+  lines.push(
+    `**Category:** ${categoryName} (${String(Math.round(result.categoryConfidence * 100))}% confidence)`
+  );
+  lines.push(
+    `**Trust Tier:** ${result.trustAssessment.trustTier} (${result.trustAssessment.userRole})`
+  );
+  if (result.trustAssessment.reputationScore !== void 0) {
+    lines.push(`**Reputation Score:** ${String(result.trustAssessment.reputationScore)}/100`);
+  }
+  if (result.trustAssessment.isSuspicious) {
+    lines.push("");
+    lines.push(":warning: **Suspicious signals detected:**");
+    for (const signal of result.trustAssessment.suspiciousSignals) {
+      lines.push(`- ${signal}`);
+    }
+  }
+  if (result.proposedActions.length > 0) {
+    lines.push("");
+    lines.push("### Proposed Actions");
+    lines.push("");
+    for (const action of result.proposedActions) {
+      const status = formatActionStatus(action);
+      lines.push(`- ${status} **${action.type}**: ${action.description}`);
+    }
+  }
+  lines.push("");
+  lines.push(`---`);
+  lines.push(`_Triage completed in ${String(result.totalDurationMs)}ms_`);
+  return lines.join("\n");
+}
+function formatActionStatus(action) {
+  if (action.policyApproved && action.corroborated) return ":white_check_mark:";
+  if (action.policyApproved && !action.corroborated) return ":yellow_circle:";
+  return ":no_entry:";
+}
+
+// src/dogfooding/issue-triage.ts
+var logger3 = createLogger({ component: "IssueTriage" });
+var IssueTriage = class {
+  config;
+  reputationCache;
+  constructor(config) {
+    this.config = { ...DEFAULT_ISSUE_TRIAGE_CONFIG, ...config };
+    this.reputationCache = new ReputationCache();
+  }
+  /**
+   * Triages a GitHub issue through the full security pipeline.
+   */
+  async triageIssue(issueUrl) {
+    const startTime = getTimeProvider().now();
+    logger3.info("Starting issue triage", { issueUrl });
+    const parseResult = parseIssueUrl(issueUrl);
+    if (!parseResult.ok) return parseResult;
+    const { owner, repo, issueNumber } = parseResult.value;
+    const fetchResult = await this.fetchIssueData(owner, repo, issueNumber);
+    if (!fetchResult.ok) return fetchResult;
+    const { issue: issueResult, comments } = fetchResult.value;
+    const safeTitle = this.sanitizeContent(issueResult.title, issueResult.author);
+    const safeBody = this.sanitizeContent(issueResult.body, issueResult.author);
+    const trustResult = this.classifyAuthor(issueResult);
+    const reputation = this.assessAuthorReputation(issueResult, comments);
+    const actions = this.generateActions(safeTitle, safeBody, issueResult, trustResult);
+    const validatedActions = this.validateActions(actions, trustResult);
+    const result = this.buildResult({
+      issue: issueResult,
+      actions: validatedActions,
+      trustResult,
+      reputation,
+      safeContent: { title: safeTitle, body: safeBody },
+      startTime
+    });
+    logger3.info("Issue triage completed", {
+      issueNumber,
+      category: result.category,
+      actionCount: result.proposedActions.length,
+      durationMs: result.totalDurationMs
+    });
+    return ok(result);
+  }
+  /**
+   * Sanitizes untrusted issue content before processing.
+   * (Source: Issue #828 — input-sanitizer wiring)
+   */
+  sanitizeContent(text, author) {
+    if (text.length === 0) return text;
+    const result = sanitizeInput(text, "unknown", author);
+    if (result.wasModified) {
+      logger3.warn("Issue content sanitized", {
+        author,
+        strippedCount: result.strippedElements.length,
+        injectionFlags: result.injectionFlags
+      });
+    }
+    return result.content;
+  }
+  /**
+   * Classifies the issue author's trust tier.
+   * (Source: Issue #828 — trust-classifier wiring)
+   */
+  classifyAuthor(issue) {
+    return classifyTrust({
+      username: issue.author,
+      authorAssociation: issue.authorAssociation
+    });
+  }
+  /**
+   * Assesses the issue author's reputation using the reputation model.
+   * This is one of the two NEW security module wirings completing #828.
+   * (Source: Issue #828 — reputation-model wiring)
+   */
+  assessAuthorReputation(issue, comments) {
+    if (!this.config.enableReputation) return void 0;
+    const sanitizeResult = sanitizeInput(issue.body, "unknown", issue.author);
+    const metadata = {
+      username: issue.author,
+      accountAgeDays: estimateAccountAge(issue.createdAt),
+      priorContributions: countAuthorComments(issue.author, comments),
+      recentCommentCount: countRecentComments(issue.author, comments),
+      recentCommentWindowMinutes: 10,
+      authorAssociation: issue.authorAssociation,
+      injectionFlags: sanitizeResult.injectionFlags
+    };
+    return assessReputation(metadata, this.reputationCache);
+  }
+  /**
+   * Generates typed agent actions based on issue analysis.
+   */
+  generateActions(safeTitle, safeBody, issue, trustResult) {
+    const actions = [];
+    const source = this.createRepoSource(issue);
+    const [category, confidence] = categorizeIssue(safeTitle, safeBody);
+    actions.push({
+      type: "ClassifyIssue",
+      category,
+      confidence,
+      sources: [source]
+    });
+    const labels = extractLabelsFromBody(safeTitle, safeBody);
+    if (labels.length > 0) {
+      actions.push({
+        type: "ProposeLabels",
+        labels,
+        reason: `Keyword-based label extraction from issue #${String(issue.number)}`,
+        sources: [source]
+      });
+    }
+    if (trustResult.trustTier === "1" || trustResult.trustTier === "2") {
+      const summary = `Issue #${String(issue.number)} "${safeTitle}" by ${issue.author} (${trustResult.userRole})`;
+      actions.push({
+        type: "SummarizeIssue",
+        summary: summary.length >= 10 ? summary : `${summary} \u2014 awaiting further analysis`,
+        sources: [source]
+      });
+    }
+    return actions;
+  }
+  /**
+   * Validates all actions through policy gate and corroboration validator.
+   * This completes the #828 wiring by integrating corroboration-validator.
+   * (Source: Issue #828 — policy-gate + corroboration-validator wiring)
+   */
+  validateActions(actions, trustResult) {
+    const context = {
+      inputTrustTier: trustResult.trustTier,
+      hasWriteAccess: !this.config.dryRun,
+      hasSecretAccess: false
+    };
+    return actions.map((action) => {
+      const policyDecision = evaluatePolicy(action, context);
+      const corrobResult = this.validateActionCorroboration(action);
+      return {
+        type: action.type,
+        description: describeAction(action),
+        policyApproved: policyDecision.allowed,
+        corroborated: corrobResult.satisfied,
+        details: buildActionDetails(action, policyDecision, corrobResult)
+      };
+    });
+  }
+  /**
+   * Validates corroboration for a single action.
+   * This is the second NEW security module wiring completing #828.
+   * (Source: Issue #828 — corroboration-validator wiring)
+   */
+  validateActionCorroboration(action) {
+    return validateCorroboration(action);
+  }
+  /**
+   * Builds the final triage result.
+   */
+  buildResult(opts) {
+    const { issue, actions, trustResult, reputation, safeContent, startTime } = opts;
+    const [category, confidence] = categorizeIssue(safeContent.title, safeContent.body);
+    const isTier1 = trustResult.trustTier === "1";
+    const trustAssessment = {
+      trustTier: trustResult.trustTier,
+      userRole: trustResult.userRole,
+      isAllowlisted: trustResult.isAllowlisted,
+      reputationScore: reputation?.reputationScore,
+      suspiciousSignals: isTier1 ? [] : reputation?.suspiciousSignals ?? [],
+      isSuspicious: isTier1 ? false : reputation?.isSuspicious ?? false
+    };
+    return {
+      issueNumber: issue.number,
+      repository: `${issue.owner}/${issue.repo}`,
+      proposedActions: actions,
+      trustAssessment,
+      category,
+      categoryConfidence: confidence,
+      totalDurationMs: getTimeProvider().now() - startTime,
+      timestamp: getTimeProvider().nowIso()
+    };
+  }
+  /**
+   * Creates a repo file source citation for the triage.
+   */
+  createRepoSource(issue) {
+    return {
+      type: "repoFile",
+      path: `issues/${String(issue.number)}`
+    };
+  }
+  /**
+   * Fetches issue data from the SCM provider and maps to dogfooding types.
+   */
+  async fetchIssueData(owner, repo, issueNumber) {
+    const provider = createFullGitHubProvider(`${owner}/${repo}`);
+    const detailResult = await provider.getIssueDetail(issueNumber);
+    if (!detailResult.ok) return err(detailResult.error);
+    const detail = detailResult.value;
+    const issue = {
+      number: detail.number,
+      title: detail.title,
+      body: detail.body,
+      author: detail.author,
+      authorAssociation: detail.authorAssociation,
+      owner,
+      repo,
+      url: detail.url,
+      state: detail.state,
+      labels: [...detail.labels],
+      createdAt: detail.createdAt
+    };
+    const commentsResult = await provider.listCommentDetails(issueNumber);
+    const comments = commentsResult.ok ? commentsResult.value.map((c) => ({
+      id: c.id,
+      body: c.body,
+      author: c.author,
+      authorAssociation: c.authorAssociation,
+      createdAt: c.createdAt
+    })) : [];
+    return ok({ issue, comments });
+  }
+};
+var DEFAULT_ACCOUNT_AGE_DAYS = 365;
+function estimateAccountAge(_createdAt) {
+  return DEFAULT_ACCOUNT_AGE_DAYS;
+}
+function countAuthorComments(author, comments) {
+  return comments.filter((c) => c.author === author).length;
+}
+function countRecentComments(author, comments) {
+  const tenMinutesAgo = Date.now() - 10 * 60 * 1e3;
+  return comments.filter(
+    (c) => c.author === author && new Date(c.createdAt).getTime() > tenMinutesAgo
+  ).length;
+}
+function describeAction(action) {
+  switch (action.type) {
+    case "ClassifyIssue":
+      return `Classified as ${action.category} (${String(Math.round(action.confidence * 100))}% confidence)`;
+    case "ProposeLabels":
+      return `Suggest labels: ${action.labels.join(", ")}`;
+    case "SummarizeIssue":
+      return action.summary.slice(0, 100);
+    default:
+      return `${action.type} action`;
+  }
+}
+function buildActionDetails(action, policy, corrob) {
+  return {
+    policyViolations: policy.violations.map((v) => v.rule),
+    missingCorroboration: corrob.missing,
+    ...action.type === "ClassifyIssue" && { category: action.category },
+    ...action.type === "ProposeLabels" && { labels: action.labels }
+  };
+}
+function createIssueTriage(config) {
+  return new IssueTriage(config);
+}
+
+export {
+  TrustTierSchema,
+  TRUST_TIER_NUMERIC,
+  GitHubUserRoleSchema,
+  ROLE_DEFAULT_TRUST,
+  InjectionFlagSchema,
+  StrippedElementSchema,
+  SanitizedInputSchema,
+  SanitizerConfigSchema,
+  sanitizeInput,
+  mapAuthorAssociation,
+  classifyTrust,
+  canInfluenceDecisions,
+  requiresCorroboration,
+  getRequiredTrustTier,
+  SourceCitationSchema,
+  AgentActionSchema,
+  validateAgentAction,
+  isReadOnlyAction,
+  isMutatingAction,
+  requiresCitation,
+  ViolationSchema,
+  evaluatePolicy,
+  canProceed,
+  validateCorroboration,
+  getCorroborationRules,
+  SuspiciousSignalSchema,
+  ReputationCache,
+  assessReputation,
+  parsePRUrl,
+  GitHubReviewer,
+  GitHubUserInfo,
+  createFullGitHubProvider,
+  formatTriageComment,
+  IssueTriage,
+  createIssueTriage
+};
+//# sourceMappingURL=chunk-5COIDGQJ.js.map