npm - nexus-agents - Versions diffs - 2.81.2 → 2.81.3 - Mend

nexus-agents 2.81.2 → 2.81.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/{chunk-MRCURXAX.js → chunk-EKLY4LBJ.js} RENAMED Viewed

@@ -8,7 +8,7 @@ import {
   checkSqlite,
   defaultConfig,
   initDataDirectories
-} from "./chunk-6KO6LO3L.js";
+} from "./chunk-WLAQXITV.js";
 import {
   probeAllClis
 } from "./chunk-BMNWUPJO.js";
@@ -1974,4 +1974,4 @@ export {
   setupCommand,
   setupCommandAsync
 };
-//# sourceMappingURL=chunk-MRCURXAX.js.map
+//# sourceMappingURL=chunk-EKLY4LBJ.js.map

package/dist/{chunk-6KO6LO3L.js → chunk-WLAQXITV.js} RENAMED Viewed

@@ -40,7 +40,7 @@ import {
 } from "./chunk-I2HMWH4R.js";
 // src/version.ts
-var VERSION = true ? "2.81.2" : "dev";
+var VERSION = true ? "2.81.3" : "dev";
 // src/config/schemas-core.ts
 import { z } from "zod";
@@ -2107,7 +2107,7 @@ async function runDoctorFix(result) {
   writeLine2("\u2500".repeat(40));
   let fixCount = 0;
   if (!result.dataDirectory.rootExists || result.dataDirectory.subdirectories.some((d) => !d.exists || !d.writable)) {
-    const { runSetup } = await import("./setup-command-JBTK3LGD.js");
+    const { runSetup } = await import("./setup-command-3VQHU7BZ.js");
     const setupResult = runSetup({
       skipMcp: true,
       skipRules: true,
@@ -2219,4 +2219,4 @@ export {
   startStdioServer,
   closeServer
 };
-//# sourceMappingURL=chunk-6KO6LO3L.js.map
+//# sourceMappingURL=chunk-WLAQXITV.js.map

package/dist/cli.js CHANGED Viewed

@@ -22,7 +22,7 @@ import {
 import {
   setupCommandAsync,
   verifyCommand
-} from "./chunk-MRCURXAX.js";
+} from "./chunk-EKLY4LBJ.js";
 import "./chunk-6YQCLEHL.js";
 import {
   AuthHandler,
@@ -153,7 +153,7 @@ import {
   validateCommand,
   validateWorkflow,
   wrapInMarkdownFence
-} from "./chunk-37ZXD5B6.js";
+} from "./chunk-755EZIUF.js";
 import "./chunk-AP2FD37C.js";
 import "./chunk-ED6VQWNG.js";
 import {
@@ -226,7 +226,7 @@ import {
   loadConfig,
   runDoctor,
   validateNexusEnv
-} from "./chunk-6KO6LO3L.js";
+} from "./chunk-WLAQXITV.js";
 import "./chunk-WZGCVCRQ.js";
 import "./chunk-73K7575Z.js";
 import {

package/dist/index.d.ts CHANGED Viewed

@@ -30966,12 +30966,38 @@ type PolicyDecision = {
     readonly reason: string;
     readonly escalateTo?: string;
 };
+/**
+ * Typed snapshot of the pipeline state available to policy rules (#2932).
+ *
+ * Listing the fields by name (instead of an untyped `Record<string, unknown>`)
+ * surfaces missing-producer bugs at compile time. The pre-#2932 untyped
+ * shape let `securityReviewRule`, `costBudgetRule`, `highRiskApprovalRule`,
+ * and `boundedIterationRule` read keys that no producer ever wrote — every
+ * comparison evaluated against `undefined`, so every rule allowed. Those
+ * four rules were deleted in the same change; this interface lists only
+ * the fields with a real producer chain.
+ *
+ * Adding a new rule means adding its input field here AND wiring a
+ * producer that writes it onto `TaskContract.metadata` upstream of
+ * `checkPipelinePolicy`.
+ */
+interface PipelineStateSnapshot {
+    /**
+     * Caller trust tier (`'1'`..`'4'` per `security/trust-types.ts`). Producers
+     * include `trust-classifier`, `input-sanitizer`, `firewall-pipeline`, and
+     * `mcp/middleware/request-context`; threading the value into
+     * `TaskContract.metadata.trustTier` is owner-scoped follow-up work — see
+     * the corresponding issue. When absent, `trustTierRule` allows (the
+     * existing fail-open default for unknown trust).
+     */
+    readonly trustTier?: string;
+}
 /** Context provided to policy rules for evaluation. */
 interface PolicyContext {
     readonly taskId: string;
     readonly stageId: string;
     readonly stageType: string;
-    readonly pipelineState: Readonly<Record<string, unknown>>;
+    readonly pipelineState: PipelineStateSnapshot;
 }
 /** A policy rule with priority-ordered evaluation. */
 interface PolicyRule {

package/dist/index.js CHANGED Viewed

@@ -518,7 +518,7 @@ import {
   validateWorkflow,
   validateWorkflowDependencies,
   withLogging
-} from "./chunk-37ZXD5B6.js";
+} from "./chunk-755EZIUF.js";
 import "./chunk-AP2FD37C.js";
 import {
   SharedMemoryStore
@@ -742,7 +742,7 @@ import {
   getKnownNexusVarNames,
   startStdioServer,
   validateNexusEnv
-} from "./chunk-6KO6LO3L.js";
+} from "./chunk-WLAQXITV.js";
 import {
   AvailabilityCache,
   filterAvailableModels,
@@ -6009,8 +6009,12 @@ async function executeSingleVote(plan, config, log) {
     return parseVotingResult(result);
   } catch (error) {
     const msg = error instanceof Error ? error.message : String(error);
-    log.warn("Vote execution failed, auto-approving", { error: msg });
-    return { kind: "approved", approvalPercentage: 0 };
+    log.warn("Vote execution failed, treating as rejected", { error: msg });
+    return {
+      kind: "rejected",
+      feedback: `Vote infrastructure failed \u2014 no consensus produced: ${msg}`,
+      approvalPercentage: 0
+    };
   }
 }
 function parseVotingResult(result) {