oxe-cc 0.9.2 → 1.0.0

package/lib/runtime/models/work-item.d.ts

@@ -0,0 +1,15 @@
+import type { WorkspaceStrategy } from './workspace';
+export type WorkItemStatus = 'pending' | 'ready' | 'running' | 'completed' | 'failed' | 'blocked' | 'skipped';
+export type WorkItemType = 'task' | 'checkpoint' | 'gate' | 'verification';
+export interface WorkItem {
+    work_item_id: string;
+    run_id: string;
+    title: string;
+    type: WorkItemType;
+    depends_on: string[];
+    mutation_scope: string[];
+    policy_ref: string | null;
+    verify_ref: string[];
+    status: WorkItemStatus;
+    workspace_strategy: WorkspaceStrategy;
+}

package/lib/runtime/models/work-item.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/runtime/models/workspace.d.ts

@@ -0,0 +1,25 @@
+export type WorkspaceStrategy = 'inplace' | 'git_worktree' | 'ephemeral_container';
+export type WorkspaceStatus = 'allocating' | 'ready' | 'dirty' | 'disposed' | 'error';
+export interface Workspace {
+    workspace_id: string;
+    strategy: WorkspaceStrategy;
+    base_commit: string | null;
+    branch: string | null;
+    container_ref: string | null;
+    status: WorkspaceStatus;
+    root_path: string;
+}
+export interface WorkspaceLease {
+    workspace_id: string;
+    strategy: WorkspaceStrategy;
+    branch: string | null;
+    base_commit: string | null;
+    root_path: string;
+    ttl_minutes: number;
+}
+export interface SnapshotRef {
+    snapshot_id: string;
+    workspace_id: string;
+    commit: string;
+    created_at: string;
+}

package/lib/runtime/models/workspace.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/runtime/plugins/index.d.ts

@@ -0,0 +1,2 @@
+export * from './plugin-abi';
+export * from './plugin-registry';

package/lib/runtime/plugins/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./plugin-abi"), exports);
+__exportStar(require("./plugin-registry"), exports);

package/lib/runtime/plugins/plugin-abi.d.ts

@@ -0,0 +1,76 @@
+import type { WorkspaceManager } from '../workspace/workspace-manager';
+import type { VerificationResult } from '../models/verification-result';
+export interface ToolInvocationInput {
+    action_type: string;
+    work_item_id: string;
+    run_id: string;
+    attempt_id: string;
+    params: Record<string, unknown>;
+    workspace_root: string;
+}
+export interface ToolInvocationResult {
+    success: boolean;
+    output: string;
+    evidence_paths: string[];
+    side_effects_applied: string[];
+    error?: string;
+}
+export interface ToolProvider {
+    readonly name: string;
+    readonly kind: 'read' | 'mutation' | 'verification' | 'analysis' | 'external_operation';
+    readonly idempotent: boolean;
+    supports(actionType: string): boolean;
+    invoke(input: ToolInvocationInput): Promise<ToolInvocationResult>;
+}
+export interface WorkspaceProvider extends WorkspaceManager {
+    readonly name: string;
+    supportsStrategy(strategy: string): boolean;
+}
+export interface VerificationInput {
+    check_id: string;
+    check_type: string;
+    command: string | null;
+    work_item_id: string;
+    workspace_root: string;
+    evidence_dir: string;
+}
+export interface VerifierProvider {
+    readonly name: string;
+    supports(checkType: string): boolean;
+    execute(input: VerificationInput): Promise<VerificationResult>;
+}
+export interface ContextRequest {
+    work_item_id: string;
+    run_id: string;
+    decision_type: 'execute' | 'verify' | 'plan' | 'review';
+    artifact_paths: string[];
+    project_root: string;
+}
+export interface PluginContextArtifact {
+    source: string;
+    weight: number;
+    reason: string;
+    content?: string;
+}
+export interface PluginContextArtifacts {
+    included: PluginContextArtifact[];
+    excluded: Array<{
+        source: string;
+        reason: string;
+    }>;
+    total_weight: number;
+}
+export interface ContextProvider {
+    readonly name: string;
+    collect(input: ContextRequest): Promise<PluginContextArtifacts>;
+}
+export interface OxePlugin {
+    readonly name: string;
+    readonly version?: string;
+    toolProviders?: ToolProvider[];
+    workspaceProviders?: WorkspaceProvider[];
+    verifierProviders?: VerifierProvider[];
+    contextProviders?: ContextProvider[];
+    /** Legacy lifecycle hooks (compatible with oxe-plugins.cjs) */
+    hooks?: Record<string, (ctx: Record<string, unknown>) => Promise<void> | void>;
+}

package/lib/runtime/plugins/plugin-abi.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/runtime/plugins/plugin-registry.d.ts

@@ -0,0 +1,21 @@
+import type { OxePlugin, ToolProvider, WorkspaceProvider, VerifierProvider, ContextProvider } from './plugin-abi';
+export declare class PluginRegistry {
+    private plugins;
+    register(plugin: OxePlugin): void;
+    unregister(name: string): void;
+    loadFromDirectory(dir: string): string[];
+    toolProviderFor(actionType: string): ToolProvider | null;
+    workspaceProviderFor(strategy: string): WorkspaceProvider | null;
+    verifierProviderFor(checkType: string): VerifierProvider | null;
+    contextProviderFor(name: string): ContextProvider | null;
+    allContextProviders(): ContextProvider[];
+    allToolProviders(): ToolProvider[];
+    runHook(hookName: string, ctx: Record<string, unknown>): Promise<void>;
+    list(): Array<{
+        name: string;
+        version?: string;
+        providers: string[];
+    }>;
+}
+export declare function globalRegistry(): PluginRegistry;
+export declare function resetGlobalRegistry(): void;

package/lib/runtime/plugins/plugin-registry.js

@@ -0,0 +1,114 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PluginRegistry = void 0;
+exports.globalRegistry = globalRegistry;
+exports.resetGlobalRegistry = resetGlobalRegistry;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+class PluginRegistry {
+    constructor() {
+        this.plugins = [];
+    }
+    register(plugin) {
+        if (this.plugins.some((p) => p.name === plugin.name)) {
+            throw new Error(`Plugin "${plugin.name}" is already registered`);
+        }
+        this.plugins.push(plugin);
+    }
+    unregister(name) {
+        this.plugins = this.plugins.filter((p) => p.name !== name);
+    }
+    loadFromDirectory(dir) {
+        if (!fs_1.default.existsSync(dir))
+            return [];
+        const loaded = [];
+        for (const file of fs_1.default.readdirSync(dir)) {
+            if (!file.endsWith('.cjs') && !file.endsWith('.js'))
+                continue;
+            const fullPath = path_1.default.resolve(dir, file);
+            try {
+                // eslint-disable-next-line @typescript-eslint/no-var-requires
+                const mod = require(fullPath);
+                const plugin = 'default' in mod && mod.default ? mod.default : mod;
+                if (plugin && plugin.name) {
+                    this.register(plugin);
+                    loaded.push(plugin.name);
+                }
+            }
+            catch {
+                // skip invalid plugin files
+            }
+        }
+        return loaded;
+    }
+    toolProviderFor(actionType) {
+        for (const plugin of this.plugins) {
+            const provider = plugin.toolProviders?.find((p) => p.supports(actionType));
+            if (provider)
+                return provider;
+        }
+        return null;
+    }
+    workspaceProviderFor(strategy) {
+        for (const plugin of this.plugins) {
+            const provider = plugin.workspaceProviders?.find((p) => p.supportsStrategy(strategy));
+            if (provider)
+                return provider;
+        }
+        return null;
+    }
+    verifierProviderFor(checkType) {
+        for (const plugin of this.plugins) {
+            const provider = plugin.verifierProviders?.find((p) => p.supports(checkType));
+            if (provider)
+                return provider;
+        }
+        return null;
+    }
+    contextProviderFor(name) {
+        for (const plugin of this.plugins) {
+            const provider = plugin.contextProviders?.find((p) => p.name === name);
+            if (provider)
+                return provider;
+        }
+        return null;
+    }
+    allContextProviders() {
+        return this.plugins.flatMap((p) => p.contextProviders ?? []);
+    }
+    allToolProviders() {
+        return this.plugins.flatMap((p) => p.toolProviders ?? []);
+    }
+    async runHook(hookName, ctx) {
+        for (const plugin of this.plugins) {
+            const hook = plugin.hooks?.[hookName];
+            if (hook)
+                await hook(ctx);
+        }
+    }
+    list() {
+        return this.plugins.map((p) => ({
+            name: p.name,
+            version: p.version,
+            providers: [
+                ...(p.toolProviders?.map((tp) => `tool:${tp.name}`) ?? []),
+                ...(p.workspaceProviders?.map((wp) => `workspace:${wp.name}`) ?? []),
+                ...(p.verifierProviders?.map((vp) => `verifier:${vp.name}`) ?? []),
+                ...(p.contextProviders?.map((cp) => `context:${cp.name}`) ?? []),
+            ],
+        }));
+    }
+}
+exports.PluginRegistry = PluginRegistry;
+let _globalRegistry = null;
+function globalRegistry() {
+    if (!_globalRegistry)
+        _globalRegistry = new PluginRegistry();
+    return _globalRegistry;
+}
+function resetGlobalRegistry() {
+    _globalRegistry = null;
+}

package/lib/runtime/policy/index.d.ts

@@ -0,0 +1 @@
+export * from './policy-engine';

package/lib/runtime/policy/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./policy-engine"), exports);

package/lib/runtime/policy/policy-engine.d.ts

@@ -0,0 +1,40 @@
+export type PolicyAction = 'allow' | 'deny' | 'require_human_gate';
+export interface PolicyWhenClause {
+    tool?: string;
+    env?: string;
+    kind?: string;
+}
+export interface PolicyAssertClause {
+    diff_within_scope?: boolean;
+}
+export interface PolicyRule {
+    id: string;
+    when: PolicyWhenClause;
+    assert?: PolicyAssertClause;
+    action: PolicyAction;
+}
+export interface PolicyContext {
+    tool: string;
+    env?: string;
+    kind?: string;
+    mutation_scope?: string[];
+    affected_paths?: string[];
+}
+export interface PolicyDecision {
+    allowed: boolean;
+    gate_required: boolean;
+    reason: string;
+    rule_id: string | null;
+}
+export declare class PolicyEngine {
+    private readonly rules;
+    constructor(rules?: PolicyRule[]);
+    evaluate(ctx: PolicyContext): PolicyDecision;
+    private matches;
+    private checkAssert;
+    withRule(rule: PolicyRule): PolicyEngine;
+    static fromConfig(config: {
+        policies?: PolicyRule[];
+    }): PolicyEngine;
+    static fromConfigFile(configPath: string): PolicyEngine;
+}

package/lib/runtime/policy/policy-engine.js

@@ -0,0 +1,80 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PolicyEngine = void 0;
+const ALLOW_ALL = {
+    allowed: true,
+    gate_required: false,
+    reason: 'no matching policy — default allow',
+    rule_id: null,
+};
+class PolicyEngine {
+    constructor(rules = []) {
+        this.rules = rules;
+    }
+    evaluate(ctx) {
+        for (const rule of this.rules) {
+            if (!this.matches(rule.when, ctx))
+                continue;
+            if (rule.assert) {
+                const assertFailed = this.checkAssert(rule.assert, ctx);
+                if (assertFailed) {
+                    return {
+                        allowed: false,
+                        gate_required: false,
+                        reason: `Assert failed for rule ${rule.id}: ${assertFailed}`,
+                        rule_id: rule.id,
+                    };
+                }
+            }
+            switch (rule.action) {
+                case 'allow':
+                    return { allowed: true, gate_required: false, reason: `Allowed by rule ${rule.id}`, rule_id: rule.id };
+                case 'deny':
+                    return { allowed: false, gate_required: false, reason: `Denied by rule ${rule.id}`, rule_id: rule.id };
+                case 'require_human_gate':
+                    return { allowed: true, gate_required: true, reason: `Gate required by rule ${rule.id}`, rule_id: rule.id };
+            }
+        }
+        return ALLOW_ALL;
+    }
+    matches(when, ctx) {
+        if (when.tool && when.tool !== ctx.tool)
+            return false;
+        if (when.env && when.env !== ctx.env)
+            return false;
+        if (when.kind && when.kind !== ctx.kind)
+            return false;
+        return true;
+    }
+    checkAssert(assert, ctx) {
+        if (assert.diff_within_scope === true) {
+            const scope = ctx.mutation_scope ?? [];
+            const affected = ctx.affected_paths ?? [];
+            if (scope.length === 0)
+                return null; // no scope declared — pass
+            const outsideScope = affected.filter((p) => !scope.some((s) => p.startsWith(s) || s.startsWith(p)));
+            if (outsideScope.length > 0) {
+                return `paths outside mutation scope: ${outsideScope.join(', ')}`;
+            }
+        }
+        return null;
+    }
+    withRule(rule) {
+        return new PolicyEngine([...this.rules, rule]);
+    }
+    static fromConfig(config) {
+        return new PolicyEngine(config.policies ?? []);
+    }
+    static fromConfigFile(configPath) {
+        try {
+            // Dynamic require to avoid bundling issues
+            // eslint-disable-next-line @typescript-eslint/no-var-requires
+            const cfg = require(configPath);
+            return PolicyEngine.fromConfig(cfg);
+        }
+        catch {
+            return new PolicyEngine();
+        }
+    }
+}
+exports.PolicyEngine = PolicyEngine;

package/lib/runtime/projection/index.d.ts

@@ -0,0 +1 @@
+export * from './projection-engine';

package/lib/runtime/projection/index.js

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./projection-engine"), exports);

package/lib/runtime/projection/projection-engine.d.ts

@@ -0,0 +1,11 @@
+import type { RunState } from '../reducers/run-state-reducer';
+import type { ExecutionGraph } from '../compiler/graph-compiler';
+import type { VerificationResult } from '../models/verification-result';
+import type { CheckResult } from '../verification/verification-compiler';
+export declare class ProjectionEngine {
+    projectPlan(state: RunState, graph: ExecutionGraph): string;
+    projectVerify(state: RunState, results: VerificationResult[], checkResults?: CheckResult[]): string;
+    projectState(state: RunState): string;
+    projectRunSummary(state: RunState): string;
+    projectPRSummary(state: RunState, graph: ExecutionGraph): string;
+}