reviewflow 3.31.0 → 3.33.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (377) hide show
  1. package/CHANGELOG.md +20 -0
  2. package/dist/main/routes.d.ts.map +1 -1
  3. package/dist/main/routes.js +55 -2
  4. package/dist/main/routes.js.map +1 -1
  5. package/dist/main/server.d.ts.map +1 -1
  6. package/dist/main/server.js +5 -1
  7. package/dist/main/server.js.map +1 -1
  8. package/dist/modules/ember-chat/entities/emberMemory/emberMemory.gateway.d.ts +8 -0
  9. package/dist/modules/ember-chat/entities/emberMemory/emberMemory.gateway.d.ts.map +1 -0
  10. package/dist/modules/ember-chat/entities/emberMemory/emberMemory.gateway.js +2 -0
  11. package/dist/modules/ember-chat/entities/emberMemory/emberMemory.gateway.js.map +1 -0
  12. package/dist/modules/ember-chat/entities/emberMemory/emberMemory.guard.d.ts +8 -0
  13. package/dist/modules/ember-chat/entities/emberMemory/emberMemory.guard.d.ts.map +1 -0
  14. package/dist/modules/ember-chat/entities/emberMemory/emberMemory.guard.js +4 -0
  15. package/dist/modules/ember-chat/entities/emberMemory/emberMemory.guard.js.map +1 -0
  16. package/dist/modules/ember-chat/entities/emberMemory/emberMemory.schema.d.ts +17 -0
  17. package/dist/modules/ember-chat/entities/emberMemory/emberMemory.schema.d.ts.map +1 -0
  18. package/dist/modules/ember-chat/entities/emberMemory/emberMemory.schema.js +11 -0
  19. package/dist/modules/ember-chat/entities/emberMemory/emberMemory.schema.js.map +1 -0
  20. package/dist/modules/ember-chat/interface-adapters/controllers/http/emberChat.routes.d.ts +2 -0
  21. package/dist/modules/ember-chat/interface-adapters/controllers/http/emberChat.routes.d.ts.map +1 -1
  22. package/dist/modules/ember-chat/interface-adapters/controllers/http/emberChat.routes.js +7 -1
  23. package/dist/modules/ember-chat/interface-adapters/controllers/http/emberChat.routes.js.map +1 -1
  24. package/dist/modules/ember-chat/interface-adapters/gateways/emberMemory.fileSystem.gateway.d.ts +22 -0
  25. package/dist/modules/ember-chat/interface-adapters/gateways/emberMemory.fileSystem.gateway.d.ts.map +1 -0
  26. package/dist/modules/ember-chat/interface-adapters/gateways/emberMemory.fileSystem.gateway.js +55 -0
  27. package/dist/modules/ember-chat/interface-adapters/gateways/emberMemory.fileSystem.gateway.js.map +1 -0
  28. package/dist/modules/ember-chat/services/emberSystemPrompt.d.ts +2 -0
  29. package/dist/modules/ember-chat/services/emberSystemPrompt.d.ts.map +1 -1
  30. package/dist/modules/ember-chat/services/emberSystemPrompt.js +41 -8
  31. package/dist/modules/ember-chat/services/emberSystemPrompt.js.map +1 -1
  32. package/dist/modules/ember-chat/usecases/askEmber/askEmber.usecase.d.ts +2 -0
  33. package/dist/modules/ember-chat/usecases/askEmber/askEmber.usecase.d.ts.map +1 -1
  34. package/dist/modules/ember-chat/usecases/askEmber/askEmber.usecase.js +32 -2
  35. package/dist/modules/ember-chat/usecases/askEmber/askEmber.usecase.js.map +1 -1
  36. package/dist/modules/ember-chat/usecases/clearEmberMemory/clearEmberMemory.usecase.d.ts +7 -0
  37. package/dist/modules/ember-chat/usecases/clearEmberMemory/clearEmberMemory.usecase.d.ts.map +1 -0
  38. package/dist/modules/ember-chat/usecases/clearEmberMemory/clearEmberMemory.usecase.js +4 -0
  39. package/dist/modules/ember-chat/usecases/clearEmberMemory/clearEmberMemory.usecase.js.map +1 -0
  40. package/dist/modules/platform-integration/entities/egressScan/egressScan.defaults.d.ts +3 -0
  41. package/dist/modules/platform-integration/entities/egressScan/egressScan.defaults.d.ts.map +1 -0
  42. package/dist/modules/platform-integration/entities/egressScan/egressScan.defaults.js +9 -0
  43. package/dist/modules/platform-integration/entities/egressScan/egressScan.defaults.js.map +1 -0
  44. package/dist/modules/platform-integration/entities/egressScan/egressScan.gateway.d.ts +28 -0
  45. package/dist/modules/platform-integration/entities/egressScan/egressScan.gateway.d.ts.map +1 -0
  46. package/dist/modules/platform-integration/entities/egressScan/egressScan.gateway.js +2 -0
  47. package/dist/modules/platform-integration/entities/egressScan/egressScan.gateway.js.map +1 -0
  48. package/dist/modules/platform-integration/entities/egressScan/egressScan.scanner.d.ts +11 -0
  49. package/dist/modules/platform-integration/entities/egressScan/egressScan.scanner.d.ts.map +1 -0
  50. package/dist/modules/platform-integration/entities/egressScan/egressScan.scanner.js +70 -0
  51. package/dist/modules/platform-integration/entities/egressScan/egressScan.scanner.js.map +1 -0
  52. package/dist/modules/platform-integration/entities/egressScan/egressTrace.gateway.d.ts +5 -0
  53. package/dist/modules/platform-integration/entities/egressScan/egressTrace.gateway.d.ts.map +1 -0
  54. package/dist/modules/platform-integration/entities/egressScan/egressTrace.gateway.js +2 -0
  55. package/dist/modules/platform-integration/entities/egressScan/egressTrace.gateway.js.map +1 -0
  56. package/dist/modules/platform-integration/entities/executorToken/executorCapability.d.ts +9 -0
  57. package/dist/modules/platform-integration/entities/executorToken/executorCapability.d.ts.map +1 -0
  58. package/dist/modules/platform-integration/entities/executorToken/executorCapability.js +10 -0
  59. package/dist/modules/platform-integration/entities/executorToken/executorCapability.js.map +1 -0
  60. package/dist/modules/platform-integration/entities/idempotency/idempotencyStore.gateway.d.ts +4 -0
  61. package/dist/modules/platform-integration/entities/idempotency/idempotencyStore.gateway.d.ts.map +1 -0
  62. package/dist/modules/platform-integration/entities/idempotency/idempotencyStore.gateway.js +2 -0
  63. package/dist/modules/platform-integration/entities/idempotency/idempotencyStore.gateway.js.map +1 -0
  64. package/dist/modules/platform-integration/entities/memberAccess/memberAccess.d.ts +27 -0
  65. package/dist/modules/platform-integration/entities/memberAccess/memberAccess.d.ts.map +1 -0
  66. package/dist/modules/platform-integration/entities/memberAccess/memberAccess.gateway.d.ts +13 -0
  67. package/dist/modules/platform-integration/entities/memberAccess/memberAccess.gateway.d.ts.map +1 -0
  68. package/dist/modules/platform-integration/entities/memberAccess/memberAccess.gateway.js +2 -0
  69. package/dist/modules/platform-integration/entities/memberAccess/memberAccess.gateway.js.map +1 -0
  70. package/dist/modules/platform-integration/entities/memberAccess/memberAccess.js +21 -0
  71. package/dist/modules/platform-integration/entities/memberAccess/memberAccess.js.map +1 -0
  72. package/dist/modules/platform-integration/entities/transport/cidr.d.ts +2 -0
  73. package/dist/modules/platform-integration/entities/transport/cidr.d.ts.map +1 -0
  74. package/dist/modules/platform-integration/entities/transport/cidr.js +36 -0
  75. package/dist/modules/platform-integration/entities/transport/cidr.js.map +1 -0
  76. package/dist/modules/platform-integration/entities/transport/clientIpResolver.gateway.d.ts +8 -0
  77. package/dist/modules/platform-integration/entities/transport/clientIpResolver.gateway.d.ts.map +1 -0
  78. package/dist/modules/platform-integration/entities/transport/clientIpResolver.gateway.js +2 -0
  79. package/dist/modules/platform-integration/entities/transport/clientIpResolver.gateway.js.map +1 -0
  80. package/dist/modules/platform-integration/entities/transport/transportContext.d.ts +16 -0
  81. package/dist/modules/platform-integration/entities/transport/transportContext.d.ts.map +1 -0
  82. package/dist/modules/platform-integration/entities/transport/transportContext.js +2 -0
  83. package/dist/modules/platform-integration/entities/transport/transportContext.js.map +1 -0
  84. package/dist/modules/platform-integration/interface-adapters/controllers/webhook/github.controller.d.ts.map +1 -1
  85. package/dist/modules/platform-integration/interface-adapters/controllers/webhook/github.controller.js +4 -4
  86. package/dist/modules/platform-integration/interface-adapters/controllers/webhook/github.controller.js.map +1 -1
  87. package/dist/modules/platform-integration/interface-adapters/controllers/webhook/gitlab.controller.d.ts +5 -1
  88. package/dist/modules/platform-integration/interface-adapters/controllers/webhook/gitlab.controller.d.ts.map +1 -1
  89. package/dist/modules/platform-integration/interface-adapters/controllers/webhook/gitlab.controller.js +112 -18
  90. package/dist/modules/platform-integration/interface-adapters/controllers/webhook/gitlab.controller.js.map +1 -1
  91. package/dist/modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.d.ts +25 -0
  92. package/dist/modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.d.ts.map +1 -0
  93. package/dist/modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.js +26 -0
  94. package/dist/modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.js.map +1 -0
  95. package/dist/modules/platform-integration/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.d.ts +14 -0
  96. package/dist/modules/platform-integration/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.d.ts.map +1 -0
  97. package/dist/modules/platform-integration/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.js +34 -0
  98. package/dist/modules/platform-integration/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.js.map +1 -0
  99. package/dist/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.gateway.d.ts +14 -0
  100. package/dist/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.gateway.d.ts.map +1 -0
  101. package/dist/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.gateway.js +27 -0
  102. package/dist/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.gateway.js.map +1 -0
  103. package/dist/modules/platform-integration/interface-adapters/gateways/loggerEgressTrace.gateway.d.ts +9 -0
  104. package/dist/modules/platform-integration/interface-adapters/gateways/loggerEgressTrace.gateway.d.ts.map +1 -0
  105. package/dist/modules/platform-integration/interface-adapters/gateways/loggerEgressTrace.gateway.js +14 -0
  106. package/dist/modules/platform-integration/interface-adapters/gateways/loggerEgressTrace.gateway.js.map +1 -0
  107. package/dist/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.d.ts +31 -0
  108. package/dist/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.d.ts.map +1 -0
  109. package/dist/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.js +83 -0
  110. package/dist/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.js.map +1 -0
  111. package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.d.ts +17 -0
  112. package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.d.ts.map +1 -0
  113. package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.js +17 -0
  114. package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.js.map +1 -0
  115. package/dist/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.d.ts +6 -0
  116. package/dist/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.d.ts.map +1 -1
  117. package/dist/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.js +28 -1
  118. package/dist/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.js.map +1 -1
  119. package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.d.ts +5 -0
  120. package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.d.ts.map +1 -0
  121. package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.js +16 -0
  122. package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.js.map +1 -0
  123. package/dist/modules/platform-integration/services/autoExecutorActionFilter.d.ts +9 -0
  124. package/dist/modules/platform-integration/services/autoExecutorActionFilter.d.ts.map +1 -0
  125. package/dist/modules/platform-integration/services/autoExecutorActionFilter.js +33 -0
  126. package/dist/modules/platform-integration/services/autoExecutorActionFilter.js.map +1 -0
  127. package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.d.ts +23 -0
  128. package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.d.ts.map +1 -0
  129. package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.js +21 -0
  130. package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.js.map +1 -0
  131. package/dist/modules/platform-integration/services/scopedExecutorEnvironment.d.ts +21 -0
  132. package/dist/modules/platform-integration/services/scopedExecutorEnvironment.d.ts.map +1 -0
  133. package/dist/modules/platform-integration/services/scopedExecutorEnvironment.js +39 -0
  134. package/dist/modules/platform-integration/services/scopedExecutorEnvironment.js.map +1 -0
  135. package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.d.ts +17 -0
  136. package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.d.ts.map +1 -0
  137. package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.js +23 -0
  138. package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.js.map +1 -0
  139. package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.d.ts +3 -0
  140. package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.d.ts.map +1 -0
  141. package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.js +18 -0
  142. package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.js.map +1 -0
  143. package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.d.ts +9 -0
  144. package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.d.ts.map +1 -0
  145. package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.js +11 -0
  146. package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.js.map +1 -0
  147. package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.d.ts +13 -0
  148. package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.d.ts.map +1 -0
  149. package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.js +2 -0
  150. package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.js.map +1 -0
  151. package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.d.ts +14 -0
  152. package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.d.ts.map +1 -0
  153. package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.js +31 -0
  154. package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.js.map +1 -0
  155. package/dist/modules/review-execution/services/constrainActionSurface.d.ts +19 -0
  156. package/dist/modules/review-execution/services/constrainActionSurface.d.ts.map +1 -0
  157. package/dist/modules/review-execution/services/constrainActionSurface.js +49 -0
  158. package/dist/modules/review-execution/services/constrainActionSurface.js.map +1 -0
  159. package/dist/modules/review-execution/services/contextActionsExecutor.d.ts +2 -1
  160. package/dist/modules/review-execution/services/contextActionsExecutor.d.ts.map +1 -1
  161. package/dist/modules/review-execution/services/contextActionsExecutor.js +20 -2
  162. package/dist/modules/review-execution/services/contextActionsExecutor.js.map +1 -1
  163. package/dist/modules/review-execution/services/dispatchConstrainedActions.d.ts +30 -0
  164. package/dist/modules/review-execution/services/dispatchConstrainedActions.d.ts.map +1 -0
  165. package/dist/modules/review-execution/services/dispatchConstrainedActions.js +20 -0
  166. package/dist/modules/review-execution/services/dispatchConstrainedActions.js.map +1 -0
  167. package/dist/modules/review-execution/services/publicOutputExecutor.d.ts +10 -0
  168. package/dist/modules/review-execution/services/publicOutputExecutor.d.ts.map +1 -0
  169. package/dist/modules/review-execution/services/publicOutputExecutor.js +27 -0
  170. package/dist/modules/review-execution/services/publicOutputExecutor.js.map +1 -0
  171. package/dist/modules/review-execution/services/resolveThreadInventory.d.ts +19 -0
  172. package/dist/modules/review-execution/services/resolveThreadInventory.d.ts.map +1 -0
  173. package/dist/modules/review-execution/services/resolveThreadInventory.js +39 -0
  174. package/dist/modules/review-execution/services/resolveThreadInventory.js.map +1 -0
  175. package/dist/modules/review-execution/services/threadActionsExecutor.d.ts +11 -1
  176. package/dist/modules/review-execution/services/threadActionsExecutor.d.ts.map +1 -1
  177. package/dist/modules/review-execution/services/threadActionsExecutor.js +24 -2
  178. package/dist/modules/review-execution/services/threadActionsExecutor.js.map +1 -1
  179. package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.d.ts +6 -0
  180. package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.d.ts.map +1 -1
  181. package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.js +2 -1
  182. package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.js.map +1 -1
  183. package/dist/security/gitlabWebhookTokenSource.d.ts +9 -0
  184. package/dist/security/gitlabWebhookTokenSource.d.ts.map +1 -0
  185. package/dist/security/gitlabWebhookTokenSource.js +15 -0
  186. package/dist/security/gitlabWebhookTokenSource.js.map +1 -0
  187. package/dist/security/transportGuardConfig.d.ts +16 -0
  188. package/dist/security/transportGuardConfig.d.ts.map +1 -0
  189. package/dist/security/transportGuardConfig.js +38 -0
  190. package/dist/security/transportGuardConfig.js.map +1 -0
  191. package/dist/security/verifier.d.ts +9 -2
  192. package/dist/security/verifier.d.ts.map +1 -1
  193. package/dist/security/verifier.js +27 -10
  194. package/dist/security/verifier.js.map +1 -1
  195. package/dist/tests/acceptance/190-ember-live-answers-subscription.acceptance.test.js +7 -0
  196. package/dist/tests/acceptance/190-ember-live-answers-subscription.acceptance.test.js.map +1 -1
  197. package/dist/tests/acceptance/192-ember-ondemand-grounding-and-memory.acceptance.test.d.ts +2 -0
  198. package/dist/tests/acceptance/192-ember-ondemand-grounding-and-memory.acceptance.test.d.ts.map +1 -0
  199. package/dist/tests/acceptance/192-ember-ondemand-grounding-and-memory.acceptance.test.js +261 -0
  200. package/dist/tests/acceptance/192-ember-ondemand-grounding-and-memory.acceptance.test.js.map +1 -0
  201. package/dist/tests/factories/emberMemory.factory.d.ts +8 -0
  202. package/dist/tests/factories/emberMemory.factory.d.ts.map +1 -0
  203. package/dist/tests/factories/emberMemory.factory.js +19 -0
  204. package/dist/tests/factories/emberMemory.factory.js.map +1 -0
  205. package/dist/tests/factories/transportContext.factory.d.ts +5 -0
  206. package/dist/tests/factories/transportContext.factory.d.ts.map +1 -0
  207. package/dist/tests/factories/transportContext.factory.js +14 -0
  208. package/dist/tests/factories/transportContext.factory.js.map +1 -0
  209. package/dist/tests/stubs/egressScan.stub.d.ts +16 -0
  210. package/dist/tests/stubs/egressScan.stub.d.ts.map +1 -0
  211. package/dist/tests/stubs/egressScan.stub.js +28 -0
  212. package/dist/tests/stubs/egressScan.stub.js.map +1 -0
  213. package/dist/tests/stubs/emberMemory.stub.d.ts +25 -0
  214. package/dist/tests/stubs/emberMemory.stub.d.ts.map +1 -0
  215. package/dist/tests/stubs/emberMemory.stub.js +61 -0
  216. package/dist/tests/stubs/emberMemory.stub.js.map +1 -0
  217. package/dist/tests/stubs/idempotencyStore.stub.d.ts +9 -0
  218. package/dist/tests/stubs/idempotencyStore.stub.d.ts.map +1 -0
  219. package/dist/tests/stubs/idempotencyStore.stub.js +19 -0
  220. package/dist/tests/stubs/idempotencyStore.stub.js.map +1 -0
  221. package/dist/tests/stubs/memberAccess.stub.d.ts +24 -0
  222. package/dist/tests/stubs/memberAccess.stub.d.ts.map +1 -0
  223. package/dist/tests/stubs/memberAccess.stub.js +28 -0
  224. package/dist/tests/stubs/memberAccess.stub.js.map +1 -0
  225. package/dist/tests/units/entities/egressScan/egressScan.scanner.test.d.ts +2 -0
  226. package/dist/tests/units/entities/egressScan/egressScan.scanner.test.d.ts.map +1 -0
  227. package/dist/tests/units/entities/egressScan/egressScan.scanner.test.js +136 -0
  228. package/dist/tests/units/entities/egressScan/egressScan.scanner.test.js.map +1 -0
  229. package/dist/tests/units/interface-adapters/controllers/webhook/gitlab.controller.test.js +114 -0
  230. package/dist/tests/units/interface-adapters/controllers/webhook/gitlab.controller.test.js.map +1 -1
  231. package/dist/tests/units/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.test.d.ts +2 -0
  232. package/dist/tests/units/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.test.d.ts.map +1 -0
  233. package/dist/tests/units/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.test.js +116 -0
  234. package/dist/tests/units/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.test.js.map +1 -0
  235. package/dist/tests/units/modules/ember-chat/controllers/emberChat.routes.test.js +14 -0
  236. package/dist/tests/units/modules/ember-chat/controllers/emberChat.routes.test.js.map +1 -1
  237. package/dist/tests/units/modules/ember-chat/entities/emberMemory.guard.test.d.ts +2 -0
  238. package/dist/tests/units/modules/ember-chat/entities/emberMemory.guard.test.d.ts.map +1 -0
  239. package/dist/tests/units/modules/ember-chat/entities/emberMemory.guard.test.js +51 -0
  240. package/dist/tests/units/modules/ember-chat/entities/emberMemory.guard.test.js.map +1 -0
  241. package/dist/tests/units/modules/ember-chat/gateways/emberMemory.fileSystem.gateway.test.d.ts +2 -0
  242. package/dist/tests/units/modules/ember-chat/gateways/emberMemory.fileSystem.gateway.test.d.ts.map +1 -0
  243. package/dist/tests/units/modules/ember-chat/gateways/emberMemory.fileSystem.gateway.test.js +82 -0
  244. package/dist/tests/units/modules/ember-chat/gateways/emberMemory.fileSystem.gateway.test.js.map +1 -0
  245. package/dist/tests/units/modules/ember-chat/services/emberSystemPrompt.test.js +74 -2
  246. package/dist/tests/units/modules/ember-chat/services/emberSystemPrompt.test.js.map +1 -1
  247. package/dist/tests/units/modules/ember-chat/usecases/askEmber.usecase.test.js +56 -1
  248. package/dist/tests/units/modules/ember-chat/usecases/askEmber.usecase.test.js.map +1 -1
  249. package/dist/tests/units/modules/ember-chat/usecases/clearEmberMemory.usecase.test.d.ts +2 -0
  250. package/dist/tests/units/modules/ember-chat/usecases/clearEmberMemory.usecase.test.d.ts.map +1 -0
  251. package/dist/tests/units/modules/ember-chat/usecases/clearEmberMemory.usecase.test.js +14 -0
  252. package/dist/tests/units/modules/ember-chat/usecases/clearEmberMemory.usecase.test.js.map +1 -0
  253. package/dist/tests/units/modules/platform-integration/controllers/gitlabProcessorProvenance.test.d.ts +2 -0
  254. package/dist/tests/units/modules/platform-integration/controllers/gitlabProcessorProvenance.test.d.ts.map +1 -0
  255. package/dist/tests/units/modules/platform-integration/controllers/gitlabProcessorProvenance.test.js +69 -0
  256. package/dist/tests/units/modules/platform-integration/controllers/gitlabProcessorProvenance.test.js.map +1 -0
  257. package/dist/tests/units/modules/platform-integration/entities/executorCapability.test.d.ts +2 -0
  258. package/dist/tests/units/modules/platform-integration/entities/executorCapability.test.d.ts.map +1 -0
  259. package/dist/tests/units/modules/platform-integration/entities/executorCapability.test.js +28 -0
  260. package/dist/tests/units/modules/platform-integration/entities/executorCapability.test.js.map +1 -0
  261. package/dist/tests/units/modules/platform-integration/entities/memberAccess/memberAccess.test.d.ts +2 -0
  262. package/dist/tests/units/modules/platform-integration/entities/memberAccess/memberAccess.test.d.ts.map +1 -0
  263. package/dist/tests/units/modules/platform-integration/entities/memberAccess/memberAccess.test.js +18 -0
  264. package/dist/tests/units/modules/platform-integration/entities/memberAccess/memberAccess.test.js.map +1 -0
  265. package/dist/tests/units/modules/platform-integration/gateways/defaultGitLabExecutor.test.d.ts +2 -0
  266. package/dist/tests/units/modules/platform-integration/gateways/defaultGitLabExecutor.test.d.ts.map +1 -0
  267. package/dist/tests/units/modules/platform-integration/gateways/defaultGitLabExecutor.test.js +13 -0
  268. package/dist/tests/units/modules/platform-integration/gateways/defaultGitLabExecutor.test.js.map +1 -0
  269. package/dist/tests/units/modules/platform-integration/gateways/memberAccess.gitlab.cli.gateway.test.d.ts +2 -0
  270. package/dist/tests/units/modules/platform-integration/gateways/memberAccess.gitlab.cli.gateway.test.d.ts.map +1 -0
  271. package/dist/tests/units/modules/platform-integration/gateways/memberAccess.gitlab.cli.gateway.test.js +105 -0
  272. package/dist/tests/units/modules/platform-integration/gateways/memberAccess.gitlab.cli.gateway.test.js.map +1 -0
  273. package/dist/tests/units/modules/platform-integration/gateways/scopedGitLabExecutor.test.d.ts +2 -0
  274. package/dist/tests/units/modules/platform-integration/gateways/scopedGitLabExecutor.test.d.ts.map +1 -0
  275. package/dist/tests/units/modules/platform-integration/gateways/scopedGitLabExecutor.test.js +85 -0
  276. package/dist/tests/units/modules/platform-integration/gateways/scopedGitLabExecutor.test.js.map +1 -0
  277. package/dist/tests/units/modules/platform-integration/interface-adapters/controllers/webhook/gitlabIdempotency.controller.test.d.ts +2 -0
  278. package/dist/tests/units/modules/platform-integration/interface-adapters/controllers/webhook/gitlabIdempotency.controller.test.d.ts.map +1 -0
  279. package/dist/tests/units/modules/platform-integration/interface-adapters/controllers/webhook/gitlabIdempotency.controller.test.js +216 -0
  280. package/dist/tests/units/modules/platform-integration/interface-adapters/controllers/webhook/gitlabIdempotency.controller.test.js.map +1 -0
  281. package/dist/tests/units/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.test.d.ts +2 -0
  282. package/dist/tests/units/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.test.d.ts.map +1 -0
  283. package/dist/tests/units/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.test.js +48 -0
  284. package/dist/tests/units/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.test.js.map +1 -0
  285. package/dist/tests/units/modules/platform-integration/interface-adapters/transport/clientIpResolver.forwardedFor.gateway.test.d.ts +2 -0
  286. package/dist/tests/units/modules/platform-integration/interface-adapters/transport/clientIpResolver.forwardedFor.gateway.test.d.ts.map +1 -0
  287. package/dist/tests/units/modules/platform-integration/interface-adapters/transport/clientIpResolver.forwardedFor.gateway.test.js +29 -0
  288. package/dist/tests/units/modules/platform-integration/interface-adapters/transport/clientIpResolver.forwardedFor.gateway.test.js.map +1 -0
  289. package/dist/tests/units/modules/platform-integration/interface-adapters/transport/transportGuard.middleware.test.d.ts +2 -0
  290. package/dist/tests/units/modules/platform-integration/interface-adapters/transport/transportGuard.middleware.test.d.ts.map +1 -0
  291. package/dist/tests/units/modules/platform-integration/interface-adapters/transport/transportGuard.middleware.test.js +66 -0
  292. package/dist/tests/units/modules/platform-integration/interface-adapters/transport/transportGuard.middleware.test.js.map +1 -0
  293. package/dist/tests/units/modules/platform-integration/services/autoExecutorActionFilter.test.d.ts +2 -0
  294. package/dist/tests/units/modules/platform-integration/services/autoExecutorActionFilter.test.d.ts.map +1 -0
  295. package/dist/tests/units/modules/platform-integration/services/autoExecutorActionFilter.test.js +38 -0
  296. package/dist/tests/units/modules/platform-integration/services/autoExecutorActionFilter.test.js.map +1 -0
  297. package/dist/tests/units/modules/platform-integration/services/autoExecutorCapabilityGate.test.d.ts +2 -0
  298. package/dist/tests/units/modules/platform-integration/services/autoExecutorCapabilityGate.test.d.ts.map +1 -0
  299. package/dist/tests/units/modules/platform-integration/services/autoExecutorCapabilityGate.test.js +40 -0
  300. package/dist/tests/units/modules/platform-integration/services/autoExecutorCapabilityGate.test.js.map +1 -0
  301. package/dist/tests/units/modules/platform-integration/services/pinnedThreadFetchTarget.test.d.ts +2 -0
  302. package/dist/tests/units/modules/platform-integration/services/pinnedThreadFetchTarget.test.d.ts.map +1 -0
  303. package/dist/tests/units/modules/platform-integration/services/pinnedThreadFetchTarget.test.js +76 -0
  304. package/dist/tests/units/modules/platform-integration/services/pinnedThreadFetchTarget.test.js.map +1 -0
  305. package/dist/tests/units/modules/platform-integration/services/scopedExecutorEnvironment.test.d.ts +2 -0
  306. package/dist/tests/units/modules/platform-integration/services/scopedExecutorEnvironment.test.d.ts.map +1 -0
  307. package/dist/tests/units/modules/platform-integration/services/scopedExecutorEnvironment.test.js +120 -0
  308. package/dist/tests/units/modules/platform-integration/services/scopedExecutorEnvironment.test.js.map +1 -0
  309. package/dist/tests/units/modules/platform-integration/usecases/isTrustedActor.usecase.test.d.ts +2 -0
  310. package/dist/tests/units/modules/platform-integration/usecases/isTrustedActor.usecase.test.d.ts.map +1 -0
  311. package/dist/tests/units/modules/platform-integration/usecases/isTrustedActor.usecase.test.js +33 -0
  312. package/dist/tests/units/modules/platform-integration/usecases/isTrustedActor.usecase.test.js.map +1 -0
  313. package/dist/tests/units/modules/platform-integration/usecases/transport/evaluateTransport.usecase.test.d.ts +2 -0
  314. package/dist/tests/units/modules/platform-integration/usecases/transport/evaluateTransport.usecase.test.d.ts.map +1 -0
  315. package/dist/tests/units/modules/platform-integration/usecases/transport/evaluateTransport.usecase.test.js +69 -0
  316. package/dist/tests/units/modules/platform-integration/usecases/transport/evaluateTransport.usecase.test.js.map +1 -0
  317. package/dist/tests/units/modules/review-execution/entities/actionProvenance/actionProvenance.test.d.ts +2 -0
  318. package/dist/tests/units/modules/review-execution/entities/actionProvenance/actionProvenance.test.d.ts.map +1 -0
  319. package/dist/tests/units/modules/review-execution/entities/actionProvenance/actionProvenance.test.js +26 -0
  320. package/dist/tests/units/modules/review-execution/entities/actionProvenance/actionProvenance.test.js.map +1 -0
  321. package/dist/tests/units/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.test.d.ts +2 -0
  322. package/dist/tests/units/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.test.d.ts.map +1 -0
  323. package/dist/tests/units/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.test.js +44 -0
  324. package/dist/tests/units/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.test.js.map +1 -0
  325. package/dist/tests/units/modules/review-execution/services/constrainActionSurface.parity.test.d.ts +2 -0
  326. package/dist/tests/units/modules/review-execution/services/constrainActionSurface.parity.test.d.ts.map +1 -0
  327. package/dist/tests/units/modules/review-execution/services/constrainActionSurface.parity.test.js +29 -0
  328. package/dist/tests/units/modules/review-execution/services/constrainActionSurface.parity.test.js.map +1 -0
  329. package/dist/tests/units/modules/review-execution/services/constrainActionSurface.test.d.ts +2 -0
  330. package/dist/tests/units/modules/review-execution/services/constrainActionSurface.test.d.ts.map +1 -0
  331. package/dist/tests/units/modules/review-execution/services/constrainActionSurface.test.js +115 -0
  332. package/dist/tests/units/modules/review-execution/services/constrainActionSurface.test.js.map +1 -0
  333. package/dist/tests/units/modules/review-execution/services/contextActionsExecutor.autopath.test.d.ts +2 -0
  334. package/dist/tests/units/modules/review-execution/services/contextActionsExecutor.autopath.test.d.ts.map +1 -0
  335. package/dist/tests/units/modules/review-execution/services/contextActionsExecutor.autopath.test.js +52 -0
  336. package/dist/tests/units/modules/review-execution/services/contextActionsExecutor.autopath.test.js.map +1 -0
  337. package/dist/tests/units/modules/review-execution/services/dispatchConstrainedActions.test.d.ts +2 -0
  338. package/dist/tests/units/modules/review-execution/services/dispatchConstrainedActions.test.d.ts.map +1 -0
  339. package/dist/tests/units/modules/review-execution/services/dispatchConstrainedActions.test.js +124 -0
  340. package/dist/tests/units/modules/review-execution/services/dispatchConstrainedActions.test.js.map +1 -0
  341. package/dist/tests/units/modules/review-execution/services/resolveThreadInventory.test.d.ts +2 -0
  342. package/dist/tests/units/modules/review-execution/services/resolveThreadInventory.test.d.ts.map +1 -0
  343. package/dist/tests/units/modules/review-execution/services/resolveThreadInventory.test.js +67 -0
  344. package/dist/tests/units/modules/review-execution/services/resolveThreadInventory.test.js.map +1 -0
  345. package/dist/tests/units/modules/review-execution/usecases/gateClaudeInvocation.usecase.test.js +42 -0
  346. package/dist/tests/units/modules/review-execution/usecases/gateClaudeInvocation.usecase.test.js.map +1 -1
  347. package/dist/tests/units/security/gitlabTokenRotation.test.d.ts +2 -0
  348. package/dist/tests/units/security/gitlabTokenRotation.test.d.ts.map +1 -0
  349. package/dist/tests/units/security/gitlabTokenRotation.test.js +39 -0
  350. package/dist/tests/units/security/gitlabTokenRotation.test.js.map +1 -0
  351. package/dist/tests/units/security/noSpoofableTransportGuard.test.d.ts +2 -0
  352. package/dist/tests/units/security/noSpoofableTransportGuard.test.d.ts.map +1 -0
  353. package/dist/tests/units/security/noSpoofableTransportGuard.test.js +30 -0
  354. package/dist/tests/units/security/noSpoofableTransportGuard.test.js.map +1 -0
  355. package/dist/tests/units/security/transportGuardConfig.test.d.ts +2 -0
  356. package/dist/tests/units/security/transportGuardConfig.test.d.ts.map +1 -0
  357. package/dist/tests/units/security/transportGuardConfig.test.js +38 -0
  358. package/dist/tests/units/security/transportGuardConfig.test.js.map +1 -0
  359. package/dist/tests/units/security/verifier.test.js +33 -2
  360. package/dist/tests/units/security/verifier.test.js.map +1 -1
  361. package/dist/tests/units/services/contextActionsExecutor.egress.test.d.ts +2 -0
  362. package/dist/tests/units/services/contextActionsExecutor.egress.test.d.ts.map +1 -0
  363. package/dist/tests/units/services/contextActionsExecutor.egress.test.js +117 -0
  364. package/dist/tests/units/services/contextActionsExecutor.egress.test.js.map +1 -0
  365. package/dist/tests/units/services/contextActionsExecutor.test.js +24 -31
  366. package/dist/tests/units/services/contextActionsExecutor.test.js.map +1 -1
  367. package/dist/tests/units/services/publicOutputExecutor.test.d.ts +2 -0
  368. package/dist/tests/units/services/publicOutputExecutor.test.d.ts.map +1 -0
  369. package/dist/tests/units/services/publicOutputExecutor.test.js +72 -0
  370. package/dist/tests/units/services/publicOutputExecutor.test.js.map +1 -0
  371. package/dist/tests/units/services/threadActionsExecutor.egress.test.d.ts +2 -0
  372. package/dist/tests/units/services/threadActionsExecutor.egress.test.d.ts.map +1 -0
  373. package/dist/tests/units/services/threadActionsExecutor.egress.test.js +113 -0
  374. package/dist/tests/units/services/threadActionsExecutor.egress.test.js.map +1 -0
  375. package/dist/tests/units/services/threadActionsExecutor.test.js +32 -96
  376. package/dist/tests/units/services/threadActionsExecutor.test.js.map +1 -1
  377. package/package.json +1 -1
package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.js ADDED
@@ -0,0 +1,16 @@
1
+ export class ForwardedForClientIpResolver {
2
+ resolve(input) {
3
+ if (!input.socketTrusted) {
4
+ return null;
5
+ }
6
+ if (input.forwardedFor === null) {
7
+ return null;
8
+ }
9
+ const leftmost = input.forwardedFor.split(',')[0]?.trim();
10
+ if (!leftmost) {
11
+ return null;
12
+ }
13
+ return leftmost;
14
+ }
15
+ }
16
+ //# sourceMappingURL=clientIpResolver.forwardedFor.gateway.js.map
package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"clientIpResolver.forwardedFor.gateway.js","sourceRoot":"","sources":["../../../../../../src/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.ts"],"names":[],"mappings":"AAKA,MAAM,OAAO,4BAA4B;IACvC,OAAO,CAAC,KAA8B;QACpC,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,KAAK,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;QAC1D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
package/dist/modules/platform-integration/services/autoExecutorActionFilter.d.ts ADDED
@@ -0,0 +1,9 @@
1
+ import type { ReviewAction } from '../../../modules/review-execution/entities/reviewAction/reviewAction.js';
2
+ export type ActionCapability = 'readMr' | 'postComment' | 'threadResolve' | 'revoke' | 'addLabel';
3
+ export declare function capabilityForAction(action: ReviewAction): ActionCapability;
4
+ export interface AutoExecutorActionFilterResult {
5
+ allowed: ReviewAction[];
6
+ dropped: ReviewAction[];
7
+ }
8
+ export declare function filterAutoExecutorActions(actions: ReviewAction[]): AutoExecutorActionFilterResult;
9
+ //# sourceMappingURL=autoExecutorActionFilter.d.ts.map
package/dist/modules/platform-integration/services/autoExecutorActionFilter.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"autoExecutorActionFilter.d.ts","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/autoExecutorActionFilter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAA;AAGpG,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,aAAa,GAAG,eAAe,GAAG,QAAQ,GAAG,UAAU,CAAA;AAEjG,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,YAAY,GAAG,gBAAgB,CAa1E;AAED,MAAM,WAAW,8BAA8B;IAC7C,OAAO,EAAE,YAAY,EAAE,CAAA;IACvB,OAAO,EAAE,YAAY,EAAE,CAAA;CACxB;AASD,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,8BAA8B,CAajG"}
package/dist/modules/platform-integration/services/autoExecutorActionFilter.js ADDED
@@ -0,0 +1,33 @@
1
+ import { AUTO_EXECUTOR_CAPABILITIES } from '../../../modules/platform-integration/entities/executorToken/executorCapability.js';
2
+ export function capabilityForAction(action) {
3
+ switch (action.type) {
4
+ case 'FETCH_THREADS':
5
+ return 'readMr';
6
+ case 'POST_COMMENT':
7
+ case 'THREAD_REPLY':
8
+ case 'POST_INLINE_COMMENT':
9
+ return 'postComment';
10
+ case 'THREAD_RESOLVE':
11
+ return 'threadResolve';
12
+ case 'ADD_LABEL':
13
+ return 'addLabel';
14
+ }
15
+ }
16
+ function isAutoCapability(capability) {
17
+ return ((capability === 'readMr' || capability === 'postComment') &&
18
+ AUTO_EXECUTOR_CAPABILITIES.has(capability));
19
+ }
20
+ export function filterAutoExecutorActions(actions) {
21
+ const allowed = [];
22
+ const dropped = [];
23
+ for (const action of actions) {
24
+ if (isAutoCapability(capabilityForAction(action))) {
25
+ allowed.push(action);
26
+ }
27
+ else {
28
+ dropped.push(action);
29
+ }
30
+ }
31
+ return { allowed, dropped };
32
+ }
33
+ //# sourceMappingURL=autoExecutorActionFilter.js.map
package/dist/modules/platform-integration/services/autoExecutorActionFilter.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"autoExecutorActionFilter.js","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/autoExecutorActionFilter.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,0BAA0B,EAAE,MAAM,6EAA6E,CAAA;AAIxH,MAAM,UAAU,mBAAmB,CAAC,MAAoB;IACtD,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,eAAe;YAClB,OAAO,QAAQ,CAAA;QACjB,KAAK,cAAc,CAAC;QACpB,KAAK,cAAc,CAAC;QACpB,KAAK,qBAAqB;YACxB,OAAO,aAAa,CAAA;QACtB,KAAK,gBAAgB;YACnB,OAAO,eAAe,CAAA;QACxB,KAAK,WAAW;YACd,OAAO,UAAU,CAAA;IACrB,CAAC;AACH,CAAC;AAOD,SAAS,gBAAgB,CAAC,UAA4B;IACpD,OAAO,CACL,CAAC,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,aAAa,CAAC;QACzD,0BAA0B,CAAC,GAAG,CAAC,UAAU,CAAC,CAC3C,CAAA;AACH,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,OAAuB;IAC/D,MAAM,OAAO,GAAmB,EAAE,CAAA;IAClC,MAAM,OAAO,GAAmB,EAAE,CAAA;IAElC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,gBAAgB,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACtB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACtB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAA;AAC7B,CAAC"}
package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.d.ts ADDED
@@ -0,0 +1,23 @@
1
+ export interface PinnedThreadFetchTarget {
2
+ projectPath: string;
3
+ mrNumber: number;
4
+ }
5
+ interface ResolvedRepository {
6
+ projectPath: string;
7
+ }
8
+ export interface ResolvePinnedThreadFetchTargetInput {
9
+ payloadProjectPath: string;
10
+ payloadMrNumber: number;
11
+ findRepository: (projectPath: string) => ResolvedRepository | null | undefined;
12
+ gatedMrNumber: number | null;
13
+ }
14
+ /**
15
+ * Anchors the (projectPath, mrNumber) pair driving fetchThreads to a server-validated
16
+ * source (AC9). The forgeable webhook payload is never used as-is to widen scope:
17
+ * - projectPath MUST resolve to a configured repository.
18
+ * - mrNumber MUST equal the merge-request that passed the upstream trusted-actor gate.
19
+ * If either cannot be established, the action surface is empty (null, fail-closed).
20
+ */
21
+ export declare function resolvePinnedThreadFetchTarget(input: ResolvePinnedThreadFetchTargetInput): PinnedThreadFetchTarget | null;
22
+ export {};
23
+ //# sourceMappingURL=pinnedThreadFetchTarget.d.ts.map
package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"pinnedThreadFetchTarget.d.ts","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/pinnedThreadFetchTarget.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,UAAU,kBAAkB;IAC1B,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,mCAAmC;IAClD,kBAAkB,EAAE,MAAM,CAAA;IAC1B,eAAe,EAAE,MAAM,CAAA;IACvB,cAAc,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,kBAAkB,GAAG,IAAI,GAAG,SAAS,CAAA;IAC9E,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;AAED;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAC5C,KAAK,EAAE,mCAAmC,GACzC,uBAAuB,GAAG,IAAI,CAchC"}
package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.js ADDED
@@ -0,0 +1,21 @@
1
+ /**
2
+ * Anchors the (projectPath, mrNumber) pair driving fetchThreads to a server-validated
3
+ * source (AC9). The forgeable webhook payload is never used as-is to widen scope:
4
+ * - projectPath MUST resolve to a configured repository.
5
+ * - mrNumber MUST equal the merge-request that passed the upstream trusted-actor gate.
6
+ * If either cannot be established, the action surface is empty (null, fail-closed).
7
+ */
8
+ export function resolvePinnedThreadFetchTarget(input) {
9
+ const repository = input.findRepository(input.payloadProjectPath);
10
+ if (!repository) {
11
+ return null;
12
+ }
13
+ if (input.gatedMrNumber === null || input.payloadMrNumber !== input.gatedMrNumber) {
14
+ return null;
15
+ }
16
+ return {
17
+ projectPath: repository.projectPath,
18
+ mrNumber: input.gatedMrNumber,
19
+ };
20
+ }
21
+ //# sourceMappingURL=pinnedThreadFetchTarget.js.map
package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"pinnedThreadFetchTarget.js","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/pinnedThreadFetchTarget.ts"],"names":[],"mappings":"AAgBA;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAC5C,KAA0C;IAE1C,MAAM,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAA;IACjE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,IAAI,CAAA;IACb,CAAC;IAED,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,IAAI,KAAK,CAAC,eAAe,KAAK,KAAK,CAAC,aAAa,EAAE,CAAC;QAClF,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO;QACL,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,QAAQ,EAAE,KAAK,CAAC,aAAa;KAC9B,CAAA;AACH,CAAC"}
package/dist/modules/platform-integration/services/scopedExecutorEnvironment.d.ts ADDED
@@ -0,0 +1,21 @@
1
+ export declare const EXECUTOR_TOKEN_ENV_KEY = "REVIEWFLOW_EXECUTOR_TOKEN";
2
+ export declare const ENV_ALLOWLIST: readonly ["PATH", "HOME", "GLAB_CONFIG_DIR", "LANG"];
3
+ export type AllowlistedEnvKey = (typeof ENV_ALLOWLIST)[number];
4
+ export type ScopedExecutorEnv = Partial<Record<AllowlistedEnvKey, string>>;
5
+ export declare class MissingExecutorTokenError extends Error {
6
+ constructor();
7
+ }
8
+ export interface ExecutorFileWriter {
9
+ write(path: string, contents: string): void;
10
+ }
11
+ export interface BuildScopedExecutorEnvironmentInput {
12
+ parentEnv: Record<string, string | undefined>;
13
+ isolatedDir: string;
14
+ fileWriter: ExecutorFileWriter;
15
+ }
16
+ export interface ScopedExecutorEnvironment {
17
+ env: ScopedExecutorEnv;
18
+ configFilePath: string;
19
+ }
20
+ export declare function buildScopedExecutorEnvironment(input: BuildScopedExecutorEnvironmentInput): ScopedExecutorEnvironment;
21
+ //# sourceMappingURL=scopedExecutorEnvironment.d.ts.map
package/dist/modules/platform-integration/services/scopedExecutorEnvironment.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scopedExecutorEnvironment.d.ts","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/scopedExecutorEnvironment.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,sBAAsB,8BAA8B,CAAA;AAEjE,eAAO,MAAM,aAAa,sDAAuD,CAAA;AAEjF,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAA;AAE9D,MAAM,MAAM,iBAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC,CAAA;AAE1E,qBAAa,yBAA0B,SAAQ,KAAK;;CAOnD;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CAC5C;AAED,MAAM,WAAW,mCAAmC;IAClD,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;IAC7C,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,kBAAkB,CAAA;CAC/B;AAED,MAAM,WAAW,yBAAyB;IACxC,GAAG,EAAE,iBAAiB,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;CACvB;AAYD,wBAAgB,8BAA8B,CAC5C,KAAK,EAAE,mCAAmC,GACzC,yBAAyB,CAwB3B"}
package/dist/modules/platform-integration/services/scopedExecutorEnvironment.js ADDED
@@ -0,0 +1,39 @@
1
+ export const EXECUTOR_TOKEN_ENV_KEY = 'REVIEWFLOW_EXECUTOR_TOKEN';
2
+ export const ENV_ALLOWLIST = ['PATH', 'HOME', 'GLAB_CONFIG_DIR', 'LANG'];
3
+ export class MissingExecutorTokenError extends Error {
4
+ constructor() {
5
+ super(`Executor service token (${EXECUTOR_TOKEN_ENV_KEY}) is absent or empty; refusing to start with the ambient token.`);
6
+ this.name = 'MissingExecutorTokenError';
7
+ }
8
+ }
9
+ function renderGlabConfig(token) {
10
+ return [
11
+ 'hosts:',
12
+ ' gitlab.com:',
13
+ ` token: ${token}`,
14
+ ' api_protocol: https',
15
+ '',
16
+ ].join('\n');
17
+ }
18
+ export function buildScopedExecutorEnvironment(input) {
19
+ const token = input.parentEnv[EXECUTOR_TOKEN_ENV_KEY]?.trim();
20
+ if (!token) {
21
+ throw new MissingExecutorTokenError();
22
+ }
23
+ const home = `${input.isolatedDir}/home`;
24
+ const glabConfigDir = `${input.isolatedDir}/glab-config`;
25
+ const env = {
26
+ HOME: home,
27
+ GLAB_CONFIG_DIR: glabConfigDir,
28
+ };
29
+ const path = input.parentEnv.PATH;
30
+ if (path)
31
+ env.PATH = path;
32
+ const lang = input.parentEnv.LANG;
33
+ if (lang)
34
+ env.LANG = lang;
35
+ const configFilePath = `${glabConfigDir}/glab-cli/config.yml`;
36
+ input.fileWriter.write(configFilePath, renderGlabConfig(token));
37
+ return { env, configFilePath };
38
+ }
39
+ //# sourceMappingURL=scopedExecutorEnvironment.js.map
package/dist/modules/platform-integration/services/scopedExecutorEnvironment.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scopedExecutorEnvironment.js","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/scopedExecutorEnvironment.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,sBAAsB,GAAG,2BAA2B,CAAA;AAEjE,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,CAAU,CAAA;AAMjF,MAAM,OAAO,yBAA0B,SAAQ,KAAK;IAClD;QACE,KAAK,CACH,2BAA2B,sBAAsB,iEAAiE,CACnH,CAAA;QACD,IAAI,CAAC,IAAI,GAAG,2BAA2B,CAAA;IACzC,CAAC;CACF;AAiBD,SAAS,gBAAgB,CAAC,KAAa;IACrC,OAAO;QACL,QAAQ;QACR,eAAe;QACf,cAAc,KAAK,EAAE;QACrB,yBAAyB;QACzB,EAAE;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACd,CAAC;AAED,MAAM,UAAU,8BAA8B,CAC5C,KAA0C;IAE1C,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,sBAAsB,CAAC,EAAE,IAAI,EAAE,CAAA;IAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,yBAAyB,EAAE,CAAA;IACvC,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,OAAO,CAAA;IACxC,MAAM,aAAa,GAAG,GAAG,KAAK,CAAC,WAAW,cAAc,CAAA;IAExD,MAAM,GAAG,GAAsB;QAC7B,IAAI,EAAE,IAAI;QACV,eAAe,EAAE,aAAa;KAC/B,CAAA;IAED,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAA;IACjC,IAAI,IAAI;QAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAA;IAEzB,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAA;IACjC,IAAI,IAAI;QAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAA;IAEzB,MAAM,cAAc,GAAG,GAAG,aAAa,sBAAsB,CAAA;IAC7D,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,cAAc,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAA;IAE/D,OAAO,EAAE,GAAG,EAAE,cAAc,EAAE,CAAA;AAChC,CAAC"}
package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.d.ts ADDED
@@ -0,0 +1,17 @@
1
+ import type { MemberAccessGateway } from '../../../modules/platform-integration/entities/memberAccess/memberAccess.gateway.js';
2
+ export interface IsTrustedActorInput {
3
+ username: string;
4
+ projectPath: string;
5
+ }
6
+ /**
7
+ * Decides whether the trigger actor is a trusted (Developer+) member of the target
8
+ * project (SPEC-197). Consumes the fail-closed MemberAccessGateway: any resolution
9
+ * failure or sub-Developer level collapses to non-trusted, so a thrown lookup never
10
+ * widens trust.
11
+ */
12
+ export declare class IsTrustedActorUseCase {
13
+ private readonly memberAccessGateway;
14
+ constructor(memberAccessGateway: MemberAccessGateway);
15
+ execute(input: IsTrustedActorInput): Promise<boolean>;
16
+ }
17
+ //# sourceMappingURL=isTrustedActor.usecase.d.ts.map
package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"isTrustedActor.usecase.d.ts","sourceRoot":"","sources":["../../../../src/modules/platform-integration/usecases/isTrustedActor.usecase.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8EAA8E,CAAC;AAGxH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;GAKG;AACH,qBAAa,qBAAqB;IACpB,OAAO,CAAC,QAAQ,CAAC,mBAAmB;gBAAnB,mBAAmB,EAAE,mBAAmB;IAE/D,OAAO,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC;CAQ5D"}
package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.js ADDED
@@ -0,0 +1,23 @@
1
+ import { isDeveloperOrAbove } from '../../../modules/platform-integration/entities/memberAccess/memberAccess.js';
2
+ /**
3
+ * Decides whether the trigger actor is a trusted (Developer+) member of the target
4
+ * project (SPEC-197). Consumes the fail-closed MemberAccessGateway: any resolution
5
+ * failure or sub-Developer level collapses to non-trusted, so a thrown lookup never
6
+ * widens trust.
7
+ */
8
+ export class IsTrustedActorUseCase {
9
+ memberAccessGateway;
10
+ constructor(memberAccessGateway) {
11
+ this.memberAccessGateway = memberAccessGateway;
12
+ }
13
+ async execute(input) {
14
+ try {
15
+ const accessLevel = await this.memberAccessGateway.resolve(input.projectPath, input.username);
16
+ return isDeveloperOrAbove(accessLevel);
17
+ }
18
+ catch {
19
+ return false;
20
+ }
21
+ }
22
+ }
23
+ //# sourceMappingURL=isTrustedActor.usecase.js.map
package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"isTrustedActor.usecase.js","sourceRoot":"","sources":["../../../../src/modules/platform-integration/usecases/isTrustedActor.usecase.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sEAAsE,CAAC;AAO1G;;;;;GAKG;AACH,MAAM,OAAO,qBAAqB;IACH;IAA7B,YAA6B,mBAAwC;QAAxC,wBAAmB,GAAnB,mBAAmB,CAAqB;IAAG,CAAC;IAEzE,KAAK,CAAC,OAAO,CAAC,KAA0B;QACtC,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC9F,OAAO,kBAAkB,CAAC,WAAW,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}
package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ import type { TransportContext, TransportDecision } from '../../../../modules/platform-integration/entities/transport/transportContext.js';
2
+ export declare function evaluateTransport(context: TransportContext): TransportDecision;
3
+ //# sourceMappingURL=evaluateTransport.usecase.d.ts.map
package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"evaluateTransport.usecase.d.ts","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/usecases/transport/evaluateTransport.usecase.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,uEAAuE,CAAC;AAK/E,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,gBAAgB,GAAG,iBAAiB,CAmB9E"}
package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.js ADDED
@@ -0,0 +1,18 @@
1
+ import { isIpInCidr } from '../../../../modules/platform-integration/entities/transport/cidr.js';
2
+ const REJECT_STATUS = 403;
3
+ export function evaluateTransport(context) {
4
+ if (context.directSocketAddress !== context.trustedHopAddress) {
5
+ return { kind: 'reject', status: REJECT_STATUS, reason: 'untrusted-socket' };
6
+ }
7
+ if (context.forwardedProto !== 'https') {
8
+ return { kind: 'reject', status: REJECT_STATUS, reason: 'non-https' };
9
+ }
10
+ const clientIp = context.resolvedClientIp;
11
+ const allowed = clientIp !== null &&
12
+ context.allowedCidrRanges.some((range) => isIpInCidr(clientIp, range));
13
+ if (!allowed) {
14
+ return { kind: 'reject', status: REJECT_STATUS, reason: 'off-allowlist' };
15
+ }
16
+ return { kind: 'accept' };
17
+ }
18
+ //# sourceMappingURL=evaluateTransport.usecase.js.map
package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"evaluateTransport.usecase.js","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/usecases/transport/evaluateTransport.usecase.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,UAAU,EAAE,MAAM,2DAA2D,CAAC;AAEvF,MAAM,aAAa,GAAG,GAAG,CAAC;AAE1B,MAAM,UAAU,iBAAiB,CAAC,OAAyB;IACzD,IAAI,OAAO,CAAC,mBAAmB,KAAK,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAC9D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,OAAO,CAAC,cAAc,KAAK,OAAO,EAAE,CAAC;QACvC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IACxE,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAC1C,MAAM,OAAO,GACX,QAAQ,KAAK,IAAI;QACjB,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IAEzE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAC5E,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAC5B,CAAC"}
package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.d.ts ADDED
@@ -0,0 +1,9 @@
1
+ export type Provenance = 'trusted' | 'untrusted';
2
+ /**
3
+ * Fail-closed provenance resolver.
4
+ * Only the exact canonical token resolves to `trusted`; every other value
5
+ * (including casing, padding, non-string types, null/undefined) is `untrusted`.
6
+ * `trusted` is NEVER derived from a payload field.
7
+ */
8
+ export declare function resolveProvenance(value: unknown): Provenance;
9
+ //# sourceMappingURL=actionProvenance.d.ts.map
package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"actionProvenance.d.ts","sourceRoot":"","sources":["../../../../../src/modules/review-execution/entities/actionProvenance/actionProvenance.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,WAAW,CAAA;AAIhD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,OAAO,GAAG,UAAU,CAE5D"}
package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.js ADDED
@@ -0,0 +1,11 @@
1
+ const CANONICAL_TRUSTED = 'trusted';
2
+ /**
3
+ * Fail-closed provenance resolver.
4
+ * Only the exact canonical token resolves to `trusted`; every other value
5
+ * (including casing, padding, non-string types, null/undefined) is `untrusted`.
6
+ * `trusted` is NEVER derived from a payload field.
7
+ */
8
+ export function resolveProvenance(value) {
9
+ return value === CANONICAL_TRUSTED ? 'trusted' : 'untrusted';
10
+ }
11
+ //# sourceMappingURL=actionProvenance.js.map
package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"actionProvenance.js","sourceRoot":"","sources":["../../../../../src/modules/review-execution/entities/actionProvenance/actionProvenance.ts"],"names":[],"mappings":"AAEA,MAAM,iBAAiB,GAAG,SAAS,CAAA;AAEnC;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAc;IAC9C,OAAO,KAAK,KAAK,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAA;AAC9D,CAAC"}
package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.d.ts ADDED
@@ -0,0 +1,13 @@
1
+ export interface ThreadInventoryPage {
2
+ page: number;
3
+ totalPages: number;
4
+ threadIds: string[];
5
+ }
6
+ /**
7
+ * Authenticated, page-by-page access to the current MR's thread inventory.
8
+ * Each page carries its own `totalPages` so the resolver can prove completeness.
9
+ */
10
+ export interface ThreadInventoryGateway {
11
+ fetchPage(projectPath: string, mergeRequestNumber: number, page: number): ThreadInventoryPage;
12
+ }
13
+ //# sourceMappingURL=threadInventory.gateway.d.ts.map
package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"threadInventory.gateway.d.ts","sourceRoot":"","sources":["../../../../../src/modules/review-execution/entities/threadInventory/threadInventory.gateway.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAA;IACZ,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,EAAE,CAAA;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,mBAAmB,CAAA;CAC9F"}
package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.js ADDED
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=threadInventory.gateway.js.map
package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"threadInventory.gateway.js","sourceRoot":"","sources":["../../../../../src/modules/review-execution/entities/threadInventory/threadInventory.gateway.ts"],"names":[],"mappings":""}
package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.d.ts ADDED
@@ -0,0 +1,14 @@
1
+ import type { ThreadInventoryGateway, ThreadInventoryPage } from '../../../../modules/review-execution/entities/threadInventory/threadInventory.gateway.js';
2
+ export type CommandExecutor = (command: string) => string;
3
+ /**
4
+ * Authenticated GitLab Threads (discussions) inventory access.
5
+ *
6
+ * Issues `glab api -i` so the response carries the `X-Total-Pages` header used by the
7
+ * resolver to prove pagination completeness (complete-or-empty, fail-closed).
8
+ */
9
+ export declare class GitLabThreadInventoryGateway implements ThreadInventoryGateway {
10
+ private readonly executor;
11
+ constructor(executor: CommandExecutor);
12
+ fetchPage(projectPath: string, mergeRequestNumber: number, page: number): ThreadInventoryPage;
13
+ }
14
+ //# sourceMappingURL=threadInventory.gitlab.gateway.d.ts.map
package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"threadInventory.gitlab.gateway.d.ts","sourceRoot":"","sources":["../../../../../src/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,sBAAsB,EACtB,mBAAmB,EACpB,MAAM,gFAAgF,CAAA;AAEvF,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,MAAM,KAAK,MAAM,CAAA;AAazD;;;;;GAKG;AACH,qBAAa,4BAA6B,YAAW,sBAAsB;IAC7D,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,eAAe;IAEtD,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,mBAAmB;CAkB9F"}
package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.js ADDED
@@ -0,0 +1,31 @@
1
+ const HEADER_BODY_SEPARATOR = '\r\n\r\n';
2
+ function parseTotalPages(headers) {
3
+ const match = headers.match(/x-total-pages:\s*(\d+)/i);
4
+ return match ? Number.parseInt(match[1], 10) : 1;
5
+ }
6
+ /**
7
+ * Authenticated GitLab Threads (discussions) inventory access.
8
+ *
9
+ * Issues `glab api -i` so the response carries the `X-Total-Pages` header used by the
10
+ * resolver to prove pagination completeness (complete-or-empty, fail-closed).
11
+ */
12
+ export class GitLabThreadInventoryGateway {
13
+ executor;
14
+ constructor(executor) {
15
+ this.executor = executor;
16
+ }
17
+ fetchPage(projectPath, mergeRequestNumber, page) {
18
+ const encodedProject = projectPath.replace(/\//g, '%2F');
19
+ const raw = this.executor(`glab api -i "projects/${encodedProject}/merge_requests/${mergeRequestNumber}/discussions?page=${page}&per_page=100"`);
20
+ const separatorIndex = raw.indexOf(HEADER_BODY_SEPARATOR);
21
+ const headers = separatorIndex === -1 ? '' : raw.slice(0, separatorIndex);
22
+ const body = separatorIndex === -1 ? raw : raw.slice(separatorIndex + HEADER_BODY_SEPARATOR.length);
23
+ const discussions = JSON.parse(body);
24
+ return {
25
+ page,
26
+ totalPages: parseTotalPages(headers),
27
+ threadIds: discussions.map(discussion => discussion.id),
28
+ };
29
+ }
30
+ }
31
+ //# sourceMappingURL=threadInventory.gitlab.gateway.js.map
package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"threadInventory.gitlab.gateway.js","sourceRoot":"","sources":["../../../../../src/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.ts"],"names":[],"mappings":"AAWA,MAAM,qBAAqB,GAAG,UAAU,CAAA;AAExC,SAAS,eAAe,CAAC,OAAe;IACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAA;IACtD,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AAClD,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,4BAA4B;IACV;IAA7B,YAA6B,QAAyB;QAAzB,aAAQ,GAAR,QAAQ,CAAiB;IAAG,CAAC;IAE1D,SAAS,CAAC,WAAmB,EAAE,kBAA0B,EAAE,IAAY;QACrE,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QACxD,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CACvB,yBAAyB,cAAc,mBAAmB,kBAAkB,qBAAqB,IAAI,gBAAgB,CACtH,CAAA;QAED,MAAM,cAAc,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAA;QACzD,MAAM,OAAO,GAAG,cAAc,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAA;QACzE,MAAM,IAAI,GAAG,cAAc,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,cAAc,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAA;QAEnG,MAAM,WAAW,GAAuB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAExD,OAAO;YACL,IAAI;YACJ,UAAU,EAAE,eAAe,CAAC,OAAO,CAAC;YACpC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;SACxD,CAAA;IACH,CAAC;CACF"}
package/dist/modules/review-execution/services/constrainActionSurface.d.ts ADDED
@@ -0,0 +1,19 @@
1
+ import type { ReviewAction } from '../../../modules/review-execution/entities/reviewAction/reviewAction.js';
2
+ import type { Provenance } from '../../../modules/review-execution/entities/actionProvenance/actionProvenance.js';
3
+ export interface ActionSurfaceConstraints {
4
+ provenance: Provenance;
5
+ threadInventory: ReadonlySet<string>;
6
+ }
7
+ /**
8
+ * Bounds the executable write surface derived from LLM output.
9
+ *
10
+ * - `POST_COMMENT` is always allowed (the only untrusted write verb).
11
+ * - `FETCH_THREADS` is allowed only for `trusted` provenance (read-amplification gate).
12
+ * - `THREAD_RESOLVE` / `THREAD_REPLY` require BOTH `trusted` provenance AND the (trimmed)
13
+ * target id being a member of the authenticated MR thread inventory.
14
+ * - Any other verb is dropped.
15
+ *
16
+ * Membership is computed from the passed inventory only, never from token text.
17
+ */
18
+ export declare function constrainActionSurface(actions: ReviewAction[], constraints: ActionSurfaceConstraints): ReviewAction[];
19
+ //# sourceMappingURL=constrainActionSurface.d.ts.map
package/dist/modules/review-execution/services/constrainActionSurface.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"constrainActionSurface.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/constrainActionSurface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAA;AACpG,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0EAA0E,CAAA;AAE1G,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,UAAU,CAAA;IACtB,eAAe,EAAE,WAAW,CAAC,MAAM,CAAC,CAAA;CACrC;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,YAAY,EAAE,EACvB,WAAW,EAAE,wBAAwB,GACpC,YAAY,EAAE,CAwChB"}
package/dist/modules/review-execution/services/constrainActionSurface.js ADDED
@@ -0,0 +1,49 @@
1
+ /**
2
+ * Bounds the executable write surface derived from LLM output.
3
+ *
4
+ * - `POST_COMMENT` is always allowed (the only untrusted write verb).
5
+ * - `FETCH_THREADS` is allowed only for `trusted` provenance (read-amplification gate).
6
+ * - `THREAD_RESOLVE` / `THREAD_REPLY` require BOTH `trusted` provenance AND the (trimmed)
7
+ * target id being a member of the authenticated MR thread inventory.
8
+ * - Any other verb is dropped.
9
+ *
10
+ * Membership is computed from the passed inventory only, never from token text.
11
+ */
12
+ export function constrainActionSurface(actions, constraints) {
13
+ const { provenance, threadInventory } = constraints;
14
+ const isTrusted = provenance === 'trusted';
15
+ const constrained = [];
16
+ for (const action of actions) {
17
+ switch (action.type) {
18
+ case 'POST_COMMENT':
19
+ constrained.push(action);
20
+ break;
21
+ case 'FETCH_THREADS':
22
+ if (isTrusted)
23
+ constrained.push(action);
24
+ break;
25
+ case 'THREAD_RESOLVE': {
26
+ if (!isTrusted)
27
+ break;
28
+ const target = action.threadId.trim();
29
+ if (threadInventory.has(target)) {
30
+ constrained.push({ ...action, threadId: target });
31
+ }
32
+ break;
33
+ }
34
+ case 'THREAD_REPLY': {
35
+ if (!isTrusted)
36
+ break;
37
+ const target = action.threadId.trim();
38
+ if (threadInventory.has(target)) {
39
+ constrained.push({ ...action, threadId: target });
40
+ }
41
+ break;
42
+ }
43
+ default:
44
+ break;
45
+ }
46
+ }
47
+ return constrained;
48
+ }
49
+ //# sourceMappingURL=constrainActionSurface.js.map
package/dist/modules/review-execution/services/constrainActionSurface.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"constrainActionSurface.js","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/constrainActionSurface.ts"],"names":[],"mappings":"AAQA;;;;;;;;;;GAUG;AACH,MAAM,UAAU,sBAAsB,CACpC,OAAuB,EACvB,WAAqC;IAErC,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,WAAW,CAAA;IACnD,MAAM,SAAS,GAAG,UAAU,KAAK,SAAS,CAAA;IAE1C,MAAM,WAAW,GAAmB,EAAE,CAAA;IAEtC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;YACpB,KAAK,cAAc;gBACjB,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;gBACxB,MAAK;YAEP,KAAK,eAAe;gBAClB,IAAI,SAAS;oBAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;gBACvC,MAAK;YAEP,KAAK,gBAAgB,CAAC,CAAC,CAAC;gBACtB,IAAI,CAAC,SAAS;oBAAE,MAAK;gBACrB,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;gBACrC,IAAI,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBAChC,WAAW,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;gBACnD,CAAC;gBACD,MAAK;YACP,CAAC;YAED,KAAK,cAAc,CAAC,CAAC,CAAC;gBACpB,IAAI,CAAC,SAAS;oBAAE,MAAK;gBACrB,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;gBACrC,IAAI,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBAChC,WAAW,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;gBACnD,CAAC;gBACD,MAAK;YACP,CAAC;YAED;gBACE,MAAK;QACT,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAA;AACpB,CAAC"}
package/dist/modules/review-execution/services/contextActionsExecutor.d.ts CHANGED
@@ -1,6 +1,7 @@
1
1
  import type { ReviewContext } from '../../../modules/review-execution/entities/reviewContext/reviewContext.js';
2
2
  import type { ReviewAction } from '../../../modules/review-execution/entities/reviewAction/reviewAction.js';
3
3
  import type { ExecutionResult, CommandExecutor } from '../../../modules/review-execution/entities/reviewAction/reviewAction.gateway.js';
4
+ import type { NoteCommentPostGateway } from '../../../modules/platform-integration/entities/noteComment/noteCommentPost.gateway.js';
4
5
  /**
5
6
  * @deprecated Use ReviewContextAction from reviewAction entity instead
6
7
  */
@@ -15,5 +16,5 @@ interface Logger {
15
16
  /**
16
17
  * @deprecated Use GitLabReviewActionCliGateway or GitHubReviewActionCliGateway directly
17
18
  */
18
- export declare function executeActionsFromContext(context: ReviewContext, localPath: string, _logger: Logger, executor: CommandExecutor, baseUrl?: string | null): Promise<ExecutionResult>;
19
+ export declare function executeActionsFromContext(context: ReviewContext, localPath: string, logger: Logger, executor: CommandExecutor, baseUrl?: string | null, postGateway?: NoteCommentPostGateway | null): Promise<ExecutionResult>;
19
20
  //# sourceMappingURL=contextActionsExecutor.d.ts.map
package/dist/modules/review-execution/services/contextActionsExecutor.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"contextActionsExecutor.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/contextActionsExecutor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oEAAoE,CAAA;AACvG,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAA;AAGpG,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,0EAA0E,CAAA;AAEhI;;GAEG;AACH,YAAY,EAAE,YAAY,IAAI,mBAAmB,EAAE,CAAA;AAEnD,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,CAAA;AAEhD,UAAU,MAAM;IACd,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACxC,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACxC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACzC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;CAC1C;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,aAAa,EACtB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,eAAe,EACzB,OAAO,GAAE,MAAM,GAAG,IAAW,GAC5B,OAAO,CAAC,eAAe,CAAC,CAe1B"}
1
+ {"version":3,"file":"contextActionsExecutor.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/contextActionsExecutor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oEAAoE,CAAA;AACvG,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAA;AAGpG,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,0EAA0E,CAAA;AAChI,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gFAAgF,CAAA;AAI5H;;GAEG;AACH,YAAY,EAAE,YAAY,IAAI,mBAAmB,EAAE,CAAA;AAEnD,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,CAAA;AAEhD,UAAU,MAAM;IACd,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACxC,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACxC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACzC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;CAC1C;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,aAAa,EACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,eAAe,EACzB,OAAO,GAAE,MAAM,GAAG,IAAW,EAC7B,WAAW,GAAE,sBAAsB,GAAG,IAAW,GAChD,OAAO,CAAC,eAAe,CAAC,CA4C1B"}
package/dist/modules/review-execution/services/contextActionsExecutor.js CHANGED
@@ -1,9 +1,11 @@
1
1
  import { GitLabReviewActionCliGateway } from '../../../modules/review-execution/interface-adapters/gateways/cli/reviewAction.gitlab.cli.gateway.js';
2
2
  import { GitHubReviewActionCliGateway } from '../../../modules/review-execution/interface-adapters/gateways/cli/reviewAction.github.cli.gateway.js';
3
+ import { executePublicOutput, isPublicOutputAction } from '../../../modules/review-execution/services/publicOutputExecutor.js';
4
+ import { filterAutoExecutorActions } from '../../../modules/platform-integration/services/autoExecutorActionFilter.js';
3
5
  /**
4
6
  * @deprecated Use GitLabReviewActionCliGateway or GitHubReviewActionCliGateway directly
5
7
  */
6
- export async function executeActionsFromContext(context, localPath, _logger, executor, baseUrl = null) {
8
+ export async function executeActionsFromContext(context, localPath, logger, executor, baseUrl = null, postGateway = null) {
7
9
  const gatewayContext = {
8
10
  projectPath: context.projectPath,
9
11
  mrNumber: context.mergeRequestNumber,
@@ -11,9 +13,25 @@ export async function executeActionsFromContext(context, localPath, _logger, exe
11
13
  diffMetadata: context.diffMetadata,
12
14
  baseUrl,
13
15
  };
16
+ const { allowed, dropped } = filterAutoExecutorActions(context.actions);
17
+ if (dropped.length > 0) {
18
+ logger.warn({ droppedTypes: dropped.map(action => action.type) }, 'Auto executor dropped write-capable actions outside the read+postComment capability set');
19
+ }
14
20
  const gateway = context.platform === 'gitlab'
15
21
  ? new GitLabReviewActionCliGateway(executor)
16
22
  : new GitHubReviewActionCliGateway(executor);
17
- return gateway.execute(context.actions, gatewayContext);
23
+ if (postGateway === null) {
24
+ return gateway.execute(allowed, gatewayContext);
25
+ }
26
+ const publicOutputActions = allowed.filter(isPublicOutputAction);
27
+ const remainingActions = allowed.filter(action => !isPublicOutputAction(action));
28
+ await executePublicOutput(publicOutputActions, { projectPath: context.projectPath, mrNumber: context.mergeRequestNumber }, postGateway);
29
+ const cliResult = await gateway.execute(remainingActions, gatewayContext);
30
+ return {
31
+ total: allowed.length,
32
+ succeeded: cliResult.succeeded + publicOutputActions.length,
33
+ failed: cliResult.failed,
34
+ skipped: cliResult.skipped,
35
+ };
18
36
  }
19
37
  //# sourceMappingURL=contextActionsExecutor.js.map
package/dist/modules/review-execution/services/contextActionsExecutor.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"contextActionsExecutor.js","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/contextActionsExecutor.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,4BAA4B,EAAE,MAAM,+FAA+F,CAAA;AAC5I,OAAO,EAAE,4BAA4B,EAAE,MAAM,+FAA+F,CAAA;AAiB5I;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,OAAsB,EACtB,SAAiB,EACjB,OAAe,EACf,QAAyB,EACzB,UAAyB,IAAI;IAE7B,MAAM,cAAc,GAAG;QACrB,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,QAAQ,EAAE,OAAO,CAAC,kBAAkB;QACpC,SAAS;QACT,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,OAAO;KACR,CAAA;IAED,MAAM,OAAO,GACX,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAC3B,CAAC,CAAC,IAAI,4BAA4B,CAAC,QAAQ,CAAC;QAC5C,CAAC,CAAC,IAAI,4BAA4B,CAAC,QAAQ,CAAC,CAAA;IAEhD,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,OAAyB,EAAE,cAAc,CAAC,CAAA;AAC3E,CAAC"}
1
+ {"version":3,"file":"contextActionsExecutor.js","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/contextActionsExecutor.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,4BAA4B,EAAE,MAAM,+FAA+F,CAAA;AAC5I,OAAO,EAAE,4BAA4B,EAAE,MAAM,+FAA+F,CAAA;AAG5I,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,6DAA6D,CAAA;AACvH,OAAO,EAAE,yBAAyB,EAAE,MAAM,qEAAqE,CAAA;AAgB/G;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,OAAsB,EACtB,SAAiB,EACjB,MAAc,EACd,QAAyB,EACzB,UAAyB,IAAI,EAC7B,cAA6C,IAAI;IAEjD,MAAM,cAAc,GAAG;QACrB,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,QAAQ,EAAE,OAAO,CAAC,kBAAkB;QACpC,SAAS;QACT,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,OAAO;KACR,CAAA;IAED,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,yBAAyB,CAAC,OAAO,CAAC,OAAyB,CAAC,CAAA;IAEzF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CACT,EAAE,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EACpD,yFAAyF,CAC1F,CAAA;IACH,CAAC;IAED,MAAM,OAAO,GACX,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAC3B,CAAC,CAAC,IAAI,4BAA4B,CAAC,QAAQ,CAAC;QAC5C,CAAC,CAAC,IAAI,4BAA4B,CAAC,QAAQ,CAAC,CAAA;IAEhD,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,cAAc,CAAC,CAAA;IACjD,CAAC;IAED,MAAM,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAA;IAChE,MAAM,gBAAgB,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAA;IAEhF,MAAM,mBAAmB,CACvB,mBAAmB,EACnB,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,QAAQ,EAAE,OAAO,CAAC,kBAAkB,EAAE,EAC1E,WAAW,CACZ,CAAA;IAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAA;IAEzE,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,SAAS,EAAE,SAAS,CAAC,SAAS,GAAG,mBAAmB,CAAC,MAAM;QAC3D,MAAM,EAAE,SAAS,CAAC,MAAM;QACxB,OAAO,EAAE,SAAS,CAAC,OAAO;KAC3B,CAAA;AACH,CAAC"}
package/dist/modules/review-execution/services/dispatchConstrainedActions.d.ts ADDED
@@ -0,0 +1,30 @@
1
+ import type { ReviewAction } from '../../../modules/review-execution/entities/reviewAction/reviewAction.js';
2
+ import type { Provenance } from '../../../modules/review-execution/entities/actionProvenance/actionProvenance.js';
3
+ import type { ThreadInventoryGateway } from '../../../modules/review-execution/entities/threadInventory/threadInventory.gateway.js';
4
+ import { type ExecutionContext, type ExecutionResult, type CommandExecutor } from '../../../modules/review-execution/services/threadActionsExecutor.js';
5
+ import type { NoteCommentPostGateway } from '../../../modules/platform-integration/entities/noteComment/noteCommentPost.gateway.js';
6
+ interface DispatchLogger {
7
+ info: (obj: object, message: string) => void;
8
+ warn: (obj: object, message: string) => void;
9
+ error: (obj: object, message: string) => void;
10
+ debug: (obj: object, message: string) => void;
11
+ }
12
+ export interface DispatchOptions {
13
+ context: ExecutionContext;
14
+ provenance: Provenance;
15
+ inventoryGateway: ThreadInventoryGateway;
16
+ logger: DispatchLogger;
17
+ executor: CommandExecutor;
18
+ postGateway?: NoteCommentPostGateway | null;
19
+ }
20
+ /**
21
+ * Single chokepoint between parsed LLM actions and live write commands.
22
+ *
23
+ * Resolves the authenticated MR thread inventory (fail-closed), bounds the action
24
+ * surface against provenance + that inventory, then dispatches only the surviving
25
+ * actions to the executor. Forged or out-of-MR thread ids never reach a live write.
26
+ * Public-output verbs that survive are routed through the scanned post sink.
27
+ */
28
+ export declare function dispatchConstrainedActions(actions: ReviewAction[], options: DispatchOptions): Promise<ExecutionResult>;
29
+ export {};
30
+ //# sourceMappingURL=dispatchConstrainedActions.d.ts.map
package/dist/modules/review-execution/services/dispatchConstrainedActions.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"dispatchConstrainedActions.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/dispatchConstrainedActions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAA;AACpG,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0EAA0E,CAAA;AAC1G,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gFAAgF,CAAA;AAG5H,OAAO,EAEL,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,eAAe,EACrB,MAAM,8DAA8D,CAAA;AACrE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gFAAgF,CAAA;AAE5H,UAAU,cAAc;IACtB,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAA;IAC5C,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAA;IAC5C,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAA;IAC7C,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAA;CAC9C;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,gBAAgB,CAAA;IACzB,UAAU,EAAE,UAAU,CAAA;IACtB,gBAAgB,EAAE,sBAAsB,CAAA;IACxC,MAAM,EAAE,cAAc,CAAA;IACtB,QAAQ,EAAE,eAAe,CAAA;IACzB,WAAW,CAAC,EAAE,sBAAsB,GAAG,IAAI,CAAA;CAC5C;AAED;;;;;;;GAOG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,YAAY,EAAE,EACvB,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,eAAe,CAAC,CAc1B"}