npm - patchwork-os - Versions diffs - 0.2.0-beta.6.canary.37 → 0.2.0-beta.6.canary.41 - Mend

patchwork-os 0.2.0-beta.6.canary.37 → 0.2.0-beta.6.canary.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/dist/commands/auditEnv.d.ts +36 -0
package/dist/commands/auditEnv.js +202 -0
package/dist/commands/auditEnv.js.map +1 -0
package/dist/commands/doctor.d.ts +35 -0
package/dist/commands/doctor.js +51 -0
package/dist/commands/doctor.js.map +1 -0
package/dist/commands/shadowScan.d.ts +34 -0
package/dist/commands/shadowScan.js +142 -0
package/dist/commands/shadowScan.js.map +1 -0
package/dist/index.js +143 -11
package/dist/index.js.map +1 -1
package/dist/recipes/RecipeOrchestrator.d.ts +2 -0
package/dist/recipes/RecipeOrchestrator.js +6 -1
package/dist/recipes/RecipeOrchestrator.js.map +1 -1
package/dist/testing/shadowRun.d.ts +52 -0
package/dist/testing/shadowRun.js +71 -0
package/dist/testing/shadowRun.js.map +1 -0
package/dist/tools/bridgeDoctor.d.ts +11 -0
package/dist/tools/bridgeDoctor.js +42 -0
package/dist/tools/bridgeDoctor.js.map +1 -1
package/package.json +2 -2

package/dist/commands/auditEnv.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * auditEnv — statically scan a recipe YAML for {{env.FOO}} references
+ * and verify those vars exist in process.env (or an optional .env file).
+ *
+ * Fills a gap that `recipe preflight` does NOT cover: preflight checks
+ * lint/tools/write-steps but silently produces empty string at runtime
+ * for missing {{env.FOO}} references. auditEnv catches that statically.
+ */
+export interface AuditEnvOptions {
+    /** Path to a .env file to check against (workspace-scoped only). */
+    envFile?: string;
+    /** Required when envFile is provided — used for path-jail check. */
+    workspace?: string;
+}
+export interface AuditEnvResult {
+    ok: boolean;
+    /** Recipe name (from YAML) or the path used to load it. */
+    recipe: string;
+    /** Env vars referenced in the recipe but not present. */
+    missing: string[];
+    /** Env vars referenced in the recipe and present. */
+    present: string[];
+    /** Non-fatal issues (e.g. value looks like a placeholder). */
+    warnings: string[];
+}
+/**
+ * Scan `recipeRef` (file path or installed recipe name) for {{env.FOO}}
+ * references and report which env vars are present / missing.
+ *
+ * `recipeRef` is resolved exactly like `recipe lint` — absolute/relative file
+ * paths are used directly; bare names are looked up under the default recipes
+ * dir.  We intentionally do NOT re-import the heavy `resolveRecipePath` helper
+ * from recipe.ts (would pull in the entire 2 400-line module).  Instead we do
+ * a minimal two-step: try direct path first, then give a clear error.
+ */
+export declare function runAuditEnv(recipeRef: string, options?: AuditEnvOptions): Promise<AuditEnvResult>;

package/dist/commands/auditEnv.js ADDED Viewed

@@ -0,0 +1,202 @@
+/**
+ * auditEnv — statically scan a recipe YAML for {{env.FOO}} references
+ * and verify those vars exist in process.env (or an optional .env file).
+ *
+ * Fills a gap that `recipe preflight` does NOT cover: preflight checks
+ * lint/tools/write-steps but silently produces empty string at runtime
+ * for missing {{env.FOO}} references. auditEnv catches that statically.
+ */
+import { existsSync, readFileSync, statSync } from "node:fs";
+import { resolve } from "node:path";
+import { parse as parseYaml } from "yaml";
+import { resolveFilePath } from "../tools/utils.js";
+// ── Pattern ──────────────────────────────────────────────────────────────────
+/** Matches {{env.FOO}} and {{env.foo}} references in template strings. */
+const ENV_REF_RE = /\{\{env\.([A-Za-z_][A-Za-z0-9_]*)\}\}/g;
+/**
+ * Walk every string value in an arbitrary JSON/YAML-parsed object and collect
+ * all unique env var names referenced via {{env.NAME}}.
+ */
+function collectEnvRefs(value, seen = new Set()) {
+    if (typeof value === "string") {
+        for (const m of value.matchAll(ENV_REF_RE)) {
+            // m[1] is always defined — the regex has exactly one capture group
+            seen.add(m[1]);
+        }
+    }
+    else if (Array.isArray(value)) {
+        for (const item of value) {
+            collectEnvRefs(item, seen);
+        }
+    }
+    else if (value !== null && typeof value === "object") {
+        for (const v of Object.values(value)) {
+            collectEnvRefs(v, seen);
+        }
+    }
+    return seen;
+}
+// ── .env file parser ──────────────────────────────────────────────────────────
+/**
+ * Parse a simple KEY=VALUE .env file.  Lines starting with # and blank lines
+ * are ignored.  Values may be optionally quoted with ' or ".  Does NOT expand
+ * variable references — only static values are relevant for presence checks.
+ */
+function parseDotEnv(content) {
+    const map = new Map();
+    for (const rawLine of content.split(/\r?\n/)) {
+        const line = rawLine.trim();
+        if (!line || line.startsWith("#"))
+            continue;
+        const eqIdx = line.indexOf("=");
+        if (eqIdx === -1)
+            continue;
+        const key = line.slice(0, eqIdx).trim();
+        if (!key)
+            continue;
+        let val = line.slice(eqIdx + 1).trim();
+        // Strip surrounding quotes if present
+        if ((val.startsWith('"') && val.endsWith('"')) ||
+            (val.startsWith("'") && val.endsWith("'"))) {
+            val = val.slice(1, -1);
+        }
+        map.set(key, val);
+    }
+    return map;
+}
+// ── Placeholder heuristic ─────────────────────────────────────────────────────
+/** Values that look like placeholders rather than real secrets. */
+const PLACEHOLDER_RE = /^(changeme|replace[-_]?me|todo|fixme|<[^>]+>|\[.*\]|your[-_]?.*here|placeholder|example|xxx+|dummy|fake|test)$/i;
+function looksLikePlaceholder(val) {
+    return PLACEHOLDER_RE.test(val.trim());
+}
+// ── Public API ────────────────────────────────────────────────────────────────
+/**
+ * Scan `recipeRef` (file path or installed recipe name) for {{env.FOO}}
+ * references and report which env vars are present / missing.
+ *
+ * `recipeRef` is resolved exactly like `recipe lint` — absolute/relative file
+ * paths are used directly; bare names are looked up under the default recipes
+ * dir.  We intentionally do NOT re-import the heavy `resolveRecipePath` helper
+ * from recipe.ts (would pull in the entire 2 400-line module).  Instead we do
+ * a minimal two-step: try direct path first, then give a clear error.
+ */
+export async function runAuditEnv(recipeRef, options = {}) {
+    // ── 1. Resolve recipe path ─────────────────────────────────────────────────
+    const directPath = resolve(recipeRef);
+    let recipePath;
+    if (existsSync(directPath) && statSync(directPath).isFile()) {
+        recipePath = directPath;
+    }
+    else {
+        return {
+            ok: false,
+            recipe: recipeRef,
+            missing: [],
+            present: [],
+            warnings: [`Recipe file not found: ${recipeRef}`],
+        };
+    }
+    // ── 2. Load + parse YAML ───────────────────────────────────────────────────
+    let raw;
+    try {
+        const text = readFileSync(recipePath, "utf-8");
+        raw = parseYaml(text);
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return {
+            ok: false,
+            recipe: recipeRef,
+            missing: [],
+            present: [],
+            warnings: [`Failed to parse recipe YAML: ${msg}`],
+        };
+    }
+    // Prefer recipe.name for display; fall back to path.
+    const recipeName = raw !== null &&
+        typeof raw === "object" &&
+        typeof raw.name === "string"
+        ? raw.name
+        : recipeRef;
+    // ── 3. Collect {{env.FOO}} references ─────────────────────────────────────
+    const refs = collectEnvRefs(raw);
+    if (refs.size === 0) {
+        return {
+            ok: true,
+            recipe: recipeName,
+            missing: [],
+            present: [],
+            warnings: [],
+        };
+    }
+    // ── 4. Build env lookup map ────────────────────────────────────────────────
+    // Start with process.env as baseline.
+    let envMap = new Map(Object.entries(process.env));
+    if (options.envFile) {
+        // Security: envFile must stay within workspace.
+        if (!options.workspace) {
+            return {
+                ok: false,
+                recipe: recipeName,
+                missing: [],
+                present: [],
+                warnings: [
+                    "envFile provided but workspace is required for path validation",
+                ],
+            };
+        }
+        try {
+            resolveFilePath(options.envFile, options.workspace);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            return {
+                ok: false,
+                recipe: recipeName,
+                missing: [],
+                present: [],
+                warnings: [`envFile path rejected: ${msg}`],
+            };
+        }
+        const envFilePath = resolve(options.workspace, options.envFile);
+        if (!existsSync(envFilePath)) {
+            return {
+                ok: false,
+                recipe: recipeName,
+                missing: [],
+                present: [],
+                warnings: [`envFile not found: ${options.envFile}`],
+            };
+        }
+        const dotEnvContent = readFileSync(envFilePath, "utf-8");
+        const dotEnvMap = parseDotEnv(dotEnvContent);
+        // envFile entries supplement (and override) process.env entries.
+        envMap = new Map([...envMap, ...dotEnvMap]);
+    }
+    // ── 5. Split refs into present / missing ──────────────────────────────────
+    const missing = [];
+    const present = [];
+    const warnings = [];
+    for (const name of Array.from(refs).sort()) {
+        const val = envMap.get(name);
+        if (val === undefined || val === null) {
+            missing.push(name);
+        }
+        else {
+            present.push(name);
+            // Warn if the value looks like an unfilled placeholder.
+            if (looksLikePlaceholder(val)) {
+                warnings.push(`${name} is set but value looks like a placeholder ("${val}")`);
+            }
+        }
+    }
+    return {
+        ok: missing.length === 0,
+        recipe: recipeName,
+        missing,
+        present,
+        warnings,
+    };
+}
+//# sourceMappingURL=auditEnv.js.map

package/dist/commands/auditEnv.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auditEnv.js","sourceRoot":"","sources":["../../src/commands/auditEnv.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,KAAK,IAAI,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAqBpD,gFAAgF;AAEhF,0EAA0E;AAC1E,MAAM,UAAU,GAAG,wCAAwC,CAAC;AAE5D;;;GAGG;AACH,SAAS,cAAc,CACrB,KAAc,EACd,OAAoB,IAAI,GAAG,EAAE;IAE7B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3C,mEAAmE;YACnE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAW,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,cAAc,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACvD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,KAAgC,CAAC,EAAE,CAAC;YAChE,cAAc,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,iFAAiF;AAEjF;;;;GAIG;AACH,SAAS,WAAW,CAAC,OAAe;IAClC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAkB,CAAC;IACtC,KAAK,MAAM,OAAO,IAAI,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,SAAS;QAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;QACxC,IAAI,CAAC,GAAG;YAAE,SAAS;QACnB,IAAI,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACvC,sCAAsC;QACtC,IACE,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC1C,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAC1C,CAAC;YACD,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;QACD,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,iFAAiF;AAEjF,mEAAmE;AACnE,MAAM,cAAc,GAClB,iHAAiH,CAAC;AAEpH,SAAS,oBAAoB,CAAC,GAAW;IACvC,OAAO,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AACzC,CAAC;AAED,iFAAiF;AAEjF;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,SAAiB,EACjB,UAA2B,EAAE;IAE7B,8EAA8E;IAC9E,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IACtC,IAAI,UAAkB,CAAC;IAEvB,IAAI,UAAU,CAAC,UAAU,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;QAC5D,UAAU,GAAG,UAAU,CAAC;IAC1B,CAAC;SAAM,CAAC;QACN,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,EAAE;YACX,OAAO,EAAE,EAAE;YACX,QAAQ,EAAE,CAAC,0BAA0B,SAAS,EAAE,CAAC;SAClD,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,IAAI,GAAY,CAAC;IACjB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAC/C,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IACxB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7D,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,EAAE;YACX,OAAO,EAAE,EAAE;YACX,QAAQ,EAAE,CAAC,gCAAgC,GAAG,EAAE,CAAC;SAClD,CAAC;IACJ,CAAC;IAED,qDAAqD;IACrD,MAAM,UAAU,GACd,GAAG,KAAK,IAAI;QACZ,OAAO,GAAG,KAAK,QAAQ;QACvB,OAAQ,GAA+B,CAAC,IAAI,KAAK,QAAQ;QACvD,CAAC,CAAG,GAA+B,CAAC,IAAe;QACnD,CAAC,CAAC,SAAS,CAAC;IAEhB,6EAA6E;IAC7E,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;IAEjC,IAAI,IAAI,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;QACpB,OAAO;YACL,EAAE,EAAE,IAAI;YACR,MAAM,EAAE,UAAU;YAClB,OAAO,EAAE,EAAE;YACX,OAAO,EAAE,EAAE;YACX,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,sCAAsC;IACtC,IAAI,MAAM,GAAoC,IAAI,GAAG,CACnD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAC5B,CAAC;IAEF,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,gDAAgD;QAChD,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACvB,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,UAAU;gBAClB,OAAO,EAAE,EAAE;gBACX,OAAO,EAAE,EAAE;gBACX,QAAQ,EAAE;oBACR,gEAAgE;iBACjE;aACF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,eAAe,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,UAAU;gBAClB,OAAO,EAAE,EAAE;gBACX,OAAO,EAAE,EAAE;gBACX,QAAQ,EAAE,CAAC,0BAA0B,GAAG,EAAE,CAAC;aAC5C,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAChE,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7B,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,UAAU;gBAClB,OAAO,EAAE,EAAE;gBACX,OAAO,EAAE,EAAE;gBACX,QAAQ,EAAE,CAAC,sBAAsB,OAAO,CAAC,OAAO,EAAE,CAAC;aACpD,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG,WAAW,CAAC,aAAa,CAAC,CAAC;QAC7C,iEAAiE;QACjE,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,6EAA6E;IAC7E,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QAC3C,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACtC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnB,wDAAwD;YACxD,IAAI,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,QAAQ,CAAC,IAAI,CACX,GAAG,IAAI,gDAAgD,GAAG,IAAI,CAC/D,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,EAAE,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;QACxB,MAAM,EAAE,UAAU;QAClB,OAAO;QACP,OAAO;QACP,QAAQ;KACT,CAAC;AACJ,CAAC"}

package/dist/commands/doctor.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * `patchwork doctor` CLI verb.
+ *
+ * Runs a subset of bridge health checks that are safe without a live bridge
+ * connection (no extensionClient, no ProbeResults). Reports workspace path,
+ * git binary, lock file, and automation policy readability.
+ *
+ * No changes to src/index.ts — wire routing separately.
+ */
+export interface DoctorOptions {
+    workspace?: string;
+    port?: number;
+    automationPolicyPath?: string;
+    json?: boolean;
+}
+export interface DoctorResult {
+    ok: boolean;
+    checks: Array<{
+        name: string;
+        status: "ok" | "warn" | "fail";
+        detail?: string;
+        suggestion?: string;
+    }>;
+}
+/**
+ * Run CLI-safe bridge health checks and return a structured result.
+ *
+ * Maps `CheckResult` (which uses `"error"` for failures) to the public
+ * `DoctorResult` shape (which uses `"fail"`). Warns are preserved as `"warn"`.
+ * Skipped checks are surfaced as `"ok"` (they are non-issues from the CLI
+ * perspective).
+ *
+ * `ok` is `true` when no check has `status === "fail"`.
+ */
+export declare function runDoctor(options?: DoctorOptions): Promise<DoctorResult>;

package/dist/commands/doctor.js ADDED Viewed

@@ -0,0 +1,51 @@
+/**
+ * `patchwork doctor` CLI verb.
+ *
+ * Runs a subset of bridge health checks that are safe without a live bridge
+ * connection (no extensionClient, no ProbeResults). Reports workspace path,
+ * git binary, lock file, and automation policy readability.
+ *
+ * No changes to src/index.ts — wire routing separately.
+ */
+import { runBridgeHealthChecks } from "../tools/bridgeDoctor.js";
+/**
+ * Run CLI-safe bridge health checks and return a structured result.
+ *
+ * Maps `CheckResult` (which uses `"error"` for failures) to the public
+ * `DoctorResult` shape (which uses `"fail"`). Warns are preserved as `"warn"`.
+ * Skipped checks are surfaced as `"ok"` (they are non-issues from the CLI
+ * perspective).
+ *
+ * `ok` is `true` when no check has `status === "fail"`.
+ */
+export async function runDoctor(options = {}) {
+    const workspace = options.workspace ?? process.cwd();
+    const raw = await runBridgeHealthChecks(workspace, {
+        port: options.port,
+        automationPolicyPath: options.automationPolicyPath,
+    });
+    const checks = raw.map((c) => {
+        let status;
+        if (c.status === "error") {
+            status = "fail";
+        }
+        else if (c.status === "warn") {
+            status = "warn";
+        }
+        else {
+            // "ok" | "skip" — both treated as non-failing from CLI perspective
+            status = "ok";
+        }
+        const entry = { name: c.name, status };
+        if (c.detail !== undefined)
+            entry.detail = c.detail;
+        if (c.suggestion !== undefined)
+            entry.suggestion = c.suggestion;
+        return entry;
+    });
+    return {
+        ok: checks.every((c) => c.status !== "fail"),
+        checks,
+    };
+}
+//# sourceMappingURL=doctor.js.map

package/dist/commands/doctor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"doctor.js","sourceRoot":"","sources":["../../src/commands/doctor.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAmBjE;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,UAAyB,EAAE;IAE3B,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IAErD,MAAM,GAAG,GAAG,MAAM,qBAAqB,CAAC,SAAS,EAAE;QACjD,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,oBAAoB,EAAE,OAAO,CAAC,oBAAoB;KACnD,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC3B,IAAI,MAA8B,CAAC;QACnC,IAAI,CAAC,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;YACzB,MAAM,GAAG,MAAM,CAAC;QAClB,CAAC;aAAM,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC/B,MAAM,GAAG,MAAM,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,mEAAmE;YACnE,MAAM,GAAG,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,KAAK,GAAmC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;QACvE,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS;YAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;QACpD,IAAI,CAAC,CAAC,UAAU,KAAK,SAAS;YAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC;QAChE,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC;QAC5C,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/commands/shadowScan.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+/**
+ * `patchwork shadow-scan` CLI — replay historical run data through
+ * the destructive-tool classifier and report which runs would be reclassified.
+ *
+ * Default runs source: ~/.claude/ide/runs.jsonl (outside any workspace —
+ * do NOT validate through resolveFilePath). If --runs-file is supplied, it
+ * IS workspace-scoped and validated through resolveFilePath.
+ */
+import { type RunRecord } from "../testing/shadowRun.js";
+export interface ShadowScanCliOptions {
+    /** ISO date string or relative like "24h", "7d". Default: last 7 days. */
+    since?: string;
+    limit?: number;
+    /** Override default ~/.claude/ide/runs.jsonl path. Workspace-scoped. */
+    runsFile?: string;
+    /** Output JSON instead of human-readable text. */
+    json?: boolean;
+    /** Workspace root for resolveFilePath (required if runsFile is set). */
+    workspace?: string;
+}
+/**
+ * Parse a relative duration string like "24h" or "7d" into a Date that many
+ * milliseconds in the past. If the string is not a recognised relative form,
+ * fall back to `new Date(str)` (ISO 8601 parse).
+ *
+ * Exported so tests can call it directly.
+ */
+export declare function parseSinceDuration(str: string): Date;
+/**
+ * Parse JSONL content into RunRecord[]. Malformed lines are skipped with a
+ * stderr warning. Exported so tests can call it directly.
+ */
+export declare function parseRunsFile(content: string): RunRecord[];
+export declare function runShadowScanCli(options?: ShadowScanCliOptions): Promise<void>;

package/dist/commands/shadowScan.js ADDED Viewed

@@ -0,0 +1,142 @@
+/**
+ * `patchwork shadow-scan` CLI — replay historical run data through
+ * the destructive-tool classifier and report which runs would be reclassified.
+ *
+ * Default runs source: ~/.claude/ide/runs.jsonl (outside any workspace —
+ * do NOT validate through resolveFilePath). If --runs-file is supplied, it
+ * IS workspace-scoped and validated through resolveFilePath.
+ */
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { destructiveToolClassifier, runShadowScan, } from "../testing/shadowRun.js";
+import { resolveFilePath } from "../tools/utils.js";
+/** Max bytes the runs JSONL is allowed to be before we skip the read. */
+const MAX_RUNS_BYTES = 1_048_576; // 1 MB
+/**
+ * Parse a relative duration string like "24h" or "7d" into a Date that many
+ * milliseconds in the past. If the string is not a recognised relative form,
+ * fall back to `new Date(str)` (ISO 8601 parse).
+ *
+ * Exported so tests can call it directly.
+ */
+export function parseSinceDuration(str) {
+    const relMatch = /^(\d+)(h|d)$/.exec(str.trim());
+    if (relMatch) {
+        const amount = parseInt(relMatch[1], 10);
+        const unit = relMatch[2];
+        const ms = unit === "h" ? amount * 3_600_000 : amount * 86_400_000;
+        return new Date(Date.now() - ms);
+    }
+    const parsed = new Date(str);
+    if (Number.isNaN(parsed.getTime())) {
+        throw new Error(`Invalid since value: "${str}". Use ISO 8601 or relative like "24h", "7d".`);
+    }
+    return parsed;
+}
+/**
+ * Parse JSONL content into RunRecord[]. Malformed lines are skipped with a
+ * stderr warning. Exported so tests can call it directly.
+ */
+export function parseRunsFile(content) {
+    const records = [];
+    const lines = content.split("\n");
+    for (let i = 0; i < lines.length; i++) {
+        const line = (lines[i] ?? "").trim();
+        if (line.length === 0)
+            continue;
+        try {
+            const parsed = JSON.parse(line);
+            if (typeof parsed === "object" &&
+                parsed !== null &&
+                !Array.isArray(parsed)) {
+                records.push(parsed);
+            }
+            else {
+                process.stderr.write(`[shadow-scan] warn: line ${i + 1} is not an object — skipped\n`);
+            }
+        }
+        catch {
+            process.stderr.write(`[shadow-scan] warn: line ${i + 1} is malformed JSON — skipped\n`);
+        }
+    }
+    return records;
+}
+function defaultRunsPath() {
+    return path.join(os.homedir(), ".claude", "ide", "runs.jsonl");
+}
+function buildLoadPastRuns(runsPath) {
+    return async () => {
+        let stat;
+        try {
+            stat = fs.statSync(runsPath);
+        }
+        catch (err) {
+            // File absent → no runs to scan
+            if (err.code === "ENOENT") {
+                return [];
+            }
+            throw err;
+        }
+        if (stat.size > MAX_RUNS_BYTES) {
+            process.stderr.write(`[shadow-scan] warn: ${runsPath} is ${stat.size} bytes (> 1 MB limit) — skipping read\n`);
+            return [];
+        }
+        const content = fs.readFileSync(runsPath, "utf8");
+        return parseRunsFile(content);
+    };
+}
+function printHumanReadable(result) {
+    process.stdout.write(`Scanned: ${result.scanned}\n`);
+    process.stdout.write(`Reclassified: ${result.reclassified}\n`);
+    if (result.reclassified === 0) {
+        process.stdout.write("No runs would be reclassified.\n");
+        return;
+    }
+    process.stdout.write("\n");
+    for (const c of result.classifications) {
+        if (!c.reclassified)
+            continue;
+        const reason = c.reason ?? "no reason given";
+        process.stdout.write(`[REVIEW] ${c.recipeName} / ${c.toolName} — ${reason}\n`);
+    }
+}
+export async function runShadowScanCli(options = {}) {
+    // Parse --since
+    let since;
+    if (options.since !== undefined) {
+        since = parseSinceDuration(options.since);
+    }
+    else {
+        // Default: last 7 days
+        since = parseSinceDuration("7d");
+    }
+    // Resolve runs file path
+    let runsPath;
+    if (options.runsFile !== undefined) {
+        // Explicitly provided — validate via resolveFilePath (workspace-scoped)
+        const workspace = options.workspace ?? process.cwd();
+        runsPath = resolveFilePath(options.runsFile, workspace);
+    }
+    else {
+        // Default path is outside any workspace — do NOT use resolveFilePath
+        runsPath = defaultRunsPath();
+    }
+    const loadPastRuns = buildLoadPastRuns(runsPath);
+    const result = await runShadowScan({
+        loadPastRuns,
+        classifier: destructiveToolClassifier,
+        since,
+        limit: options.limit,
+    });
+    if (options.json) {
+        process.stdout.write(`${JSON.stringify(result, null, 2)}\n`);
+    }
+    else {
+        printHumanReadable(result);
+    }
+    if (result.reclassified > 0) {
+        process.exitCode = 1;
+    }
+}
+//# sourceMappingURL=shadowScan.js.map

package/dist/commands/shadowScan.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"shadowScan.js","sourceRoot":"","sources":["../../src/commands/shadowScan.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EACL,yBAAyB,EAEzB,aAAa,GAEd,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAEpD,yEAAyE;AACzE,MAAM,cAAc,GAAG,SAAS,CAAC,CAAC,OAAO;AAczC;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACjD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAW,EAAE,EAAE,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAc,CAAC;QACtC,MAAM,EAAE,GAAG,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,MAAM,GAAG,UAAU,CAAC;QACnE,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IACnC,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CACb,yBAAyB,GAAG,+CAA+C,CAC5E,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,OAAe;IAC3C,MAAM,OAAO,GAAgB,EAAE,CAAC;IAChC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QACrC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QAChC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAY,CAAC;YAC3C,IACE,OAAO,MAAM,KAAK,QAAQ;gBAC1B,MAAM,KAAK,IAAI;gBACf,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EACtB,CAAC;gBACD,OAAO,CAAC,IAAI,CAAC,MAAmB,CAAC,CAAC;YACpC,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,4BAA4B,CAAC,GAAG,CAAC,+BAA+B,CACjE,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,4BAA4B,CAAC,GAAG,CAAC,gCAAgC,CAClE,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,eAAe;IACtB,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,iBAAiB,CAAC,QAAgB;IACzC,OAAO,KAAK,IAAI,EAAE;QAChB,IAAI,IAAc,CAAC;QACnB,IAAI,CAAC;YACH,IAAI,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,gCAAgC;YAChC,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACrD,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,GAAG,cAAc,EAAE,CAAC;YAC/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,uBAAuB,QAAQ,OAAO,IAAI,CAAC,IAAI,yCAAyC,CACzF,CAAC;YACF,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAClD,OAAO,aAAa,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAwB;IAClD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC;IACrD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,MAAM,CAAC,YAAY,IAAI,CAAC,CAAC;IAC/D,IAAI,MAAM,CAAC,YAAY,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACzD,OAAO;IACT,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC3B,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,eAAe,EAAE,CAAC;QACvC,IAAI,CAAC,CAAC,CAAC,YAAY;YAAE,SAAS;QAC9B,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,IAAI,iBAAiB,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,YAAY,CAAC,CAAC,UAAU,MAAM,CAAC,CAAC,QAAQ,MAAM,MAAM,IAAI,CACzD,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,UAAgC,EAAE;IAElC,gBAAgB;IAChB,IAAI,KAAuB,CAAC;IAC5B,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAChC,KAAK,GAAG,kBAAkB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC5C,CAAC;SAAM,CAAC;QACN,uBAAuB;QACvB,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,yBAAyB;IACzB,IAAI,QAAgB,CAAC;IACrB,IAAI,OAAO,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;QACnC,wEAAwE;QACxE,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QACrD,QAAQ,GAAG,eAAe,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC1D,CAAC;SAAM,CAAC;QACN,qEAAqE;QACrE,QAAQ,GAAG,eAAe,EAAE,CAAC;IAC/B,CAAC;IAED,MAAM,YAAY,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC;QACjC,YAAY;QACZ,UAAU,EAAE,yBAAyB;QACrC,KAAK;QACL,KAAK,EAAE,OAAO,CAAC,KAAK;KACrB,CAAC,CAAC;IAEH,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;IAC/D,CAAC;SAAM,CAAC;QACN,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI,MAAM,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;AACH,CAAC"}