pumuki 6.3.286 → 6.3.287
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/VERSION +1 -1
- package/integrations/lifecycle/audit.ts +51 -6
- package/package.json +1 -1
package/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
6.3.
|
|
1
|
+
6.3.287
|
|
@@ -6,6 +6,7 @@ import { runPlatformGate } from '../git/runPlatformGate';
|
|
|
6
6
|
import { evaluatePlatformGateFindings } from '../git/runPlatformGateEvaluation';
|
|
7
7
|
import { DEFAULT_FACT_FILE_EXTENSIONS } from '../git/runPlatformGateFacts';
|
|
8
8
|
import { resolvePolicyForStage, type ResolvedStagePolicy } from '../gate/stagePolicies';
|
|
9
|
+
import { writePreWriteLease } from './preWriteLease';
|
|
9
10
|
|
|
10
11
|
export type LifecycleAuditStage = 'PRE_WRITE' | 'PRE_COMMIT' | 'PRE_PUSH' | 'CI';
|
|
11
12
|
|
|
@@ -59,6 +60,7 @@ type LifecycleAuditDependencies = {
|
|
|
59
60
|
readEvidence: typeof readEvidence;
|
|
60
61
|
resolvePolicyForStage: typeof resolvePolicyForStage;
|
|
61
62
|
runPlatformGate: typeof runPlatformGate;
|
|
63
|
+
writePreWriteLease: typeof writePreWriteLease;
|
|
62
64
|
};
|
|
63
65
|
|
|
64
66
|
type LifecycleAuditScope =
|
|
@@ -435,6 +437,7 @@ export const runLifecycleAudit = async (params: {
|
|
|
435
437
|
readEvidence,
|
|
436
438
|
resolvePolicyForStage,
|
|
437
439
|
runPlatformGate,
|
|
440
|
+
writePreWriteLease,
|
|
438
441
|
...params.dependencies,
|
|
439
442
|
};
|
|
440
443
|
const git = activeDependencies.git;
|
|
@@ -525,13 +528,55 @@ export const runLifecycleAudit = async (params: {
|
|
|
525
528
|
: stagedWithoutSupportedCode
|
|
526
529
|
? findings.map(toStagedNoSupportedCodeAuditAdvisoryFinding)
|
|
527
530
|
: findings;
|
|
528
|
-
|
|
529
|
-
const
|
|
531
|
+
let mutableEffectiveFindings = effectiveFindings;
|
|
532
|
+
const hasBlockingFinding = mutableEffectiveFindings.some((finding) => finding.blocking);
|
|
533
|
+
let gateExitCode =
|
|
530
534
|
scopedGlobalEnforcementOnly || rangePrePushWithoutSupportedCodeSddOnly || stagedWithoutSupportedCode
|
|
531
535
|
? 0
|
|
532
536
|
: hasBlockingFinding
|
|
533
537
|
? 1
|
|
534
538
|
: originalGateExitCode;
|
|
539
|
+
|
|
540
|
+
if (params.stage === 'PRE_WRITE' && params.auditMode === 'gate' && gateExitCode === 0) {
|
|
541
|
+
try {
|
|
542
|
+
const lease = activeDependencies.writePreWriteLease({
|
|
543
|
+
repoRoot,
|
|
544
|
+
git,
|
|
545
|
+
allowExistingCodeChanges: true,
|
|
546
|
+
});
|
|
547
|
+
if (!lease.valid) {
|
|
548
|
+
mutableEffectiveFindings = [
|
|
549
|
+
...mutableEffectiveFindings,
|
|
550
|
+
{
|
|
551
|
+
ruleId: 'governance.prewrite.lease-write-failed',
|
|
552
|
+
severity: 'ERROR',
|
|
553
|
+
code: lease.code,
|
|
554
|
+
message: lease.message,
|
|
555
|
+
file: lease.path,
|
|
556
|
+
blocking: true,
|
|
557
|
+
},
|
|
558
|
+
];
|
|
559
|
+
gateExitCode = 1;
|
|
560
|
+
}
|
|
561
|
+
} catch (error) {
|
|
562
|
+
mutableEffectiveFindings = [
|
|
563
|
+
...mutableEffectiveFindings,
|
|
564
|
+
{
|
|
565
|
+
ruleId: 'governance.prewrite.lease-write-failed',
|
|
566
|
+
severity: 'ERROR',
|
|
567
|
+
code: 'PRE_WRITE_LEASE_WRITE_FAILED',
|
|
568
|
+
message:
|
|
569
|
+
error instanceof Error
|
|
570
|
+
? `PRE_WRITE audit passed but could not write the required lease: ${error.message}`
|
|
571
|
+
: 'PRE_WRITE audit passed but could not write the required lease.',
|
|
572
|
+
file: '.pumuki/prewrite-lease.json',
|
|
573
|
+
blocking: true,
|
|
574
|
+
},
|
|
575
|
+
];
|
|
576
|
+
gateExitCode = 1;
|
|
577
|
+
}
|
|
578
|
+
}
|
|
579
|
+
|
|
535
580
|
const effectiveSnapshotOutcome =
|
|
536
581
|
gateExitCode === 0 && snapshotOutcome === 'BLOCK' ? 'PASS' : snapshotOutcome;
|
|
537
582
|
|
|
@@ -545,14 +590,14 @@ export const runLifecycleAudit = async (params: {
|
|
|
545
590
|
files_scanned: filesScanned,
|
|
546
591
|
untracked_matching_extensions_count: untrackedMatchingExtensionsCount,
|
|
547
592
|
snapshot_outcome: effectiveSnapshotOutcome,
|
|
548
|
-
findings_count:
|
|
549
|
-
blocking_findings_count:
|
|
593
|
+
findings_count: mutableEffectiveFindings.length,
|
|
594
|
+
blocking_findings_count: mutableEffectiveFindings.filter((finding) => finding.blocking).length,
|
|
550
595
|
rules_coverage: evidence?.snapshot.rules_coverage ?? null,
|
|
551
596
|
rule_id_normalization: buildRuleIdNormalization({
|
|
552
|
-
findings:
|
|
597
|
+
findings: mutableEffectiveFindings,
|
|
553
598
|
rulesCoverage: evidence?.snapshot.rules_coverage,
|
|
554
599
|
}),
|
|
555
|
-
findings:
|
|
600
|
+
findings: mutableEffectiveFindings,
|
|
556
601
|
policy_reconcile_hint: POLICY_RECONCILE_HINT,
|
|
557
602
|
};
|
|
558
603
|
};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "pumuki",
|
|
3
|
-
"version": "6.3.
|
|
3
|
+
"version": "6.3.287",
|
|
4
4
|
"description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"bin": {
|