reviewflow 3.32.0 → 3.33.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/dist/main/routes.d.ts.map +1 -1
- package/dist/main/routes.js +52 -2
- package/dist/main/routes.js.map +1 -1
- package/dist/main/server.d.ts.map +1 -1
- package/dist/main/server.js +5 -1
- package/dist/main/server.js.map +1 -1
- package/dist/modules/platform-integration/entities/egressScan/egressScan.defaults.d.ts +3 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.defaults.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.defaults.js +9 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.defaults.js.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.gateway.d.ts +28 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.gateway.js +2 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.gateway.js.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.scanner.d.ts +11 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.scanner.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.scanner.js +70 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.scanner.js.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressTrace.gateway.d.ts +5 -0
- package/dist/modules/platform-integration/entities/egressScan/egressTrace.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressTrace.gateway.js +2 -0
- package/dist/modules/platform-integration/entities/egressScan/egressTrace.gateway.js.map +1 -0
- package/dist/modules/platform-integration/entities/executorToken/executorCapability.d.ts +9 -0
- package/dist/modules/platform-integration/entities/executorToken/executorCapability.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/executorToken/executorCapability.js +10 -0
- package/dist/modules/platform-integration/entities/executorToken/executorCapability.js.map +1 -0
- package/dist/modules/platform-integration/entities/idempotency/idempotencyStore.gateway.d.ts +4 -0
- package/dist/modules/platform-integration/entities/idempotency/idempotencyStore.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/idempotency/idempotencyStore.gateway.js +2 -0
- package/dist/modules/platform-integration/entities/idempotency/idempotencyStore.gateway.js.map +1 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.d.ts +27 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.gateway.d.ts +13 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.gateway.js +2 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.gateway.js.map +1 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.js +21 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.js.map +1 -0
- package/dist/modules/platform-integration/entities/transport/cidr.d.ts +2 -0
- package/dist/modules/platform-integration/entities/transport/cidr.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/transport/cidr.js +36 -0
- package/dist/modules/platform-integration/entities/transport/cidr.js.map +1 -0
- package/dist/modules/platform-integration/entities/transport/clientIpResolver.gateway.d.ts +8 -0
- package/dist/modules/platform-integration/entities/transport/clientIpResolver.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/transport/clientIpResolver.gateway.js +2 -0
- package/dist/modules/platform-integration/entities/transport/clientIpResolver.gateway.js.map +1 -0
- package/dist/modules/platform-integration/entities/transport/transportContext.d.ts +16 -0
- package/dist/modules/platform-integration/entities/transport/transportContext.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/transport/transportContext.js +2 -0
- package/dist/modules/platform-integration/entities/transport/transportContext.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/github.controller.d.ts.map +1 -1
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/github.controller.js +4 -4
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/github.controller.js.map +1 -1
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/gitlab.controller.d.ts +5 -1
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/gitlab.controller.d.ts.map +1 -1
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/gitlab.controller.js +112 -18
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/gitlab.controller.js.map +1 -1
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.d.ts +25 -0
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.js +26 -0
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.d.ts +14 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.js +34 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.gateway.d.ts +14 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.gateway.js +27 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.gateway.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/loggerEgressTrace.gateway.d.ts +9 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/loggerEgressTrace.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/loggerEgressTrace.gateway.js +14 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/loggerEgressTrace.gateway.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.d.ts +31 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.js +83 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.d.ts +17 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.js +17 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.d.ts +6 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.d.ts.map +1 -1
- package/dist/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.js +28 -1
- package/dist/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.js.map +1 -1
- package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.d.ts +5 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.js +16 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.js.map +1 -0
- package/dist/modules/platform-integration/services/autoExecutorActionFilter.d.ts +9 -0
- package/dist/modules/platform-integration/services/autoExecutorActionFilter.d.ts.map +1 -0
- package/dist/modules/platform-integration/services/autoExecutorActionFilter.js +33 -0
- package/dist/modules/platform-integration/services/autoExecutorActionFilter.js.map +1 -0
- package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.d.ts +23 -0
- package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.d.ts.map +1 -0
- package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.js +21 -0
- package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.js.map +1 -0
- package/dist/modules/platform-integration/services/scopedExecutorEnvironment.d.ts +21 -0
- package/dist/modules/platform-integration/services/scopedExecutorEnvironment.d.ts.map +1 -0
- package/dist/modules/platform-integration/services/scopedExecutorEnvironment.js +39 -0
- package/dist/modules/platform-integration/services/scopedExecutorEnvironment.js.map +1 -0
- package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.d.ts +17 -0
- package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.d.ts.map +1 -0
- package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.js +23 -0
- package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.js.map +1 -0
- package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.d.ts +3 -0
- package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.d.ts.map +1 -0
- package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.js +18 -0
- package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.js.map +1 -0
- package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.d.ts +9 -0
- package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.d.ts.map +1 -0
- package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.js +11 -0
- package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.js.map +1 -0
- package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.d.ts +13 -0
- package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.d.ts.map +1 -0
- package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.js +2 -0
- package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.js.map +1 -0
- package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.d.ts +14 -0
- package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.d.ts.map +1 -0
- package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.js +31 -0
- package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.js.map +1 -0
- package/dist/modules/review-execution/services/constrainActionSurface.d.ts +19 -0
- package/dist/modules/review-execution/services/constrainActionSurface.d.ts.map +1 -0
- package/dist/modules/review-execution/services/constrainActionSurface.js +49 -0
- package/dist/modules/review-execution/services/constrainActionSurface.js.map +1 -0
- package/dist/modules/review-execution/services/contextActionsExecutor.d.ts +2 -1
- package/dist/modules/review-execution/services/contextActionsExecutor.d.ts.map +1 -1
- package/dist/modules/review-execution/services/contextActionsExecutor.js +20 -2
- package/dist/modules/review-execution/services/contextActionsExecutor.js.map +1 -1
- package/dist/modules/review-execution/services/dispatchConstrainedActions.d.ts +30 -0
- package/dist/modules/review-execution/services/dispatchConstrainedActions.d.ts.map +1 -0
- package/dist/modules/review-execution/services/dispatchConstrainedActions.js +20 -0
- package/dist/modules/review-execution/services/dispatchConstrainedActions.js.map +1 -0
- package/dist/modules/review-execution/services/publicOutputExecutor.d.ts +10 -0
- package/dist/modules/review-execution/services/publicOutputExecutor.d.ts.map +1 -0
- package/dist/modules/review-execution/services/publicOutputExecutor.js +27 -0
- package/dist/modules/review-execution/services/publicOutputExecutor.js.map +1 -0
- package/dist/modules/review-execution/services/resolveThreadInventory.d.ts +19 -0
- package/dist/modules/review-execution/services/resolveThreadInventory.d.ts.map +1 -0
- package/dist/modules/review-execution/services/resolveThreadInventory.js +39 -0
- package/dist/modules/review-execution/services/resolveThreadInventory.js.map +1 -0
- package/dist/modules/review-execution/services/threadActionsExecutor.d.ts +11 -1
- package/dist/modules/review-execution/services/threadActionsExecutor.d.ts.map +1 -1
- package/dist/modules/review-execution/services/threadActionsExecutor.js +24 -2
- package/dist/modules/review-execution/services/threadActionsExecutor.js.map +1 -1
- package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.d.ts +6 -0
- package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.d.ts.map +1 -1
- package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.js +2 -1
- package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.js.map +1 -1
- package/dist/security/gitlabWebhookTokenSource.d.ts +9 -0
- package/dist/security/gitlabWebhookTokenSource.d.ts.map +1 -0
- package/dist/security/gitlabWebhookTokenSource.js +15 -0
- package/dist/security/gitlabWebhookTokenSource.js.map +1 -0
- package/dist/security/transportGuardConfig.d.ts +16 -0
- package/dist/security/transportGuardConfig.d.ts.map +1 -0
- package/dist/security/transportGuardConfig.js +38 -0
- package/dist/security/transportGuardConfig.js.map +1 -0
- package/dist/security/verifier.d.ts +9 -2
- package/dist/security/verifier.d.ts.map +1 -1
- package/dist/security/verifier.js +27 -10
- package/dist/security/verifier.js.map +1 -1
- package/dist/tests/factories/transportContext.factory.d.ts +5 -0
- package/dist/tests/factories/transportContext.factory.d.ts.map +1 -0
- package/dist/tests/factories/transportContext.factory.js +14 -0
- package/dist/tests/factories/transportContext.factory.js.map +1 -0
- package/dist/tests/stubs/egressScan.stub.d.ts +16 -0
- package/dist/tests/stubs/egressScan.stub.d.ts.map +1 -0
- package/dist/tests/stubs/egressScan.stub.js +28 -0
- package/dist/tests/stubs/egressScan.stub.js.map +1 -0
- package/dist/tests/stubs/idempotencyStore.stub.d.ts +9 -0
- package/dist/tests/stubs/idempotencyStore.stub.d.ts.map +1 -0
- package/dist/tests/stubs/idempotencyStore.stub.js +19 -0
- package/dist/tests/stubs/idempotencyStore.stub.js.map +1 -0
- package/dist/tests/stubs/memberAccess.stub.d.ts +24 -0
- package/dist/tests/stubs/memberAccess.stub.d.ts.map +1 -0
- package/dist/tests/stubs/memberAccess.stub.js +28 -0
- package/dist/tests/stubs/memberAccess.stub.js.map +1 -0
- package/dist/tests/units/entities/egressScan/egressScan.scanner.test.d.ts +2 -0
- package/dist/tests/units/entities/egressScan/egressScan.scanner.test.d.ts.map +1 -0
- package/dist/tests/units/entities/egressScan/egressScan.scanner.test.js +136 -0
- package/dist/tests/units/entities/egressScan/egressScan.scanner.test.js.map +1 -0
- package/dist/tests/units/interface-adapters/controllers/webhook/gitlab.controller.test.js +114 -0
- package/dist/tests/units/interface-adapters/controllers/webhook/gitlab.controller.test.js.map +1 -1
- package/dist/tests/units/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.test.d.ts +2 -0
- package/dist/tests/units/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.test.d.ts.map +1 -0
- package/dist/tests/units/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.test.js +116 -0
- package/dist/tests/units/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/controllers/gitlabProcessorProvenance.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/controllers/gitlabProcessorProvenance.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/controllers/gitlabProcessorProvenance.test.js +69 -0
- package/dist/tests/units/modules/platform-integration/controllers/gitlabProcessorProvenance.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/entities/executorCapability.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/entities/executorCapability.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/entities/executorCapability.test.js +28 -0
- package/dist/tests/units/modules/platform-integration/entities/executorCapability.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/entities/memberAccess/memberAccess.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/entities/memberAccess/memberAccess.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/entities/memberAccess/memberAccess.test.js +18 -0
- package/dist/tests/units/modules/platform-integration/entities/memberAccess/memberAccess.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/gateways/defaultGitLabExecutor.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/gateways/defaultGitLabExecutor.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/gateways/defaultGitLabExecutor.test.js +13 -0
- package/dist/tests/units/modules/platform-integration/gateways/defaultGitLabExecutor.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/gateways/memberAccess.gitlab.cli.gateway.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/gateways/memberAccess.gitlab.cli.gateway.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/gateways/memberAccess.gitlab.cli.gateway.test.js +105 -0
- package/dist/tests/units/modules/platform-integration/gateways/memberAccess.gitlab.cli.gateway.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/gateways/scopedGitLabExecutor.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/gateways/scopedGitLabExecutor.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/gateways/scopedGitLabExecutor.test.js +85 -0
- package/dist/tests/units/modules/platform-integration/gateways/scopedGitLabExecutor.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/controllers/webhook/gitlabIdempotency.controller.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/controllers/webhook/gitlabIdempotency.controller.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/controllers/webhook/gitlabIdempotency.controller.test.js +216 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/controllers/webhook/gitlabIdempotency.controller.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.test.js +48 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/clientIpResolver.forwardedFor.gateway.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/clientIpResolver.forwardedFor.gateway.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/clientIpResolver.forwardedFor.gateway.test.js +29 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/clientIpResolver.forwardedFor.gateway.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/transportGuard.middleware.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/transportGuard.middleware.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/transportGuard.middleware.test.js +66 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/transportGuard.middleware.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorActionFilter.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorActionFilter.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorActionFilter.test.js +38 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorActionFilter.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorCapabilityGate.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorCapabilityGate.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorCapabilityGate.test.js +40 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorCapabilityGate.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/pinnedThreadFetchTarget.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/services/pinnedThreadFetchTarget.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/pinnedThreadFetchTarget.test.js +76 -0
- package/dist/tests/units/modules/platform-integration/services/pinnedThreadFetchTarget.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/scopedExecutorEnvironment.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/services/scopedExecutorEnvironment.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/scopedExecutorEnvironment.test.js +120 -0
- package/dist/tests/units/modules/platform-integration/services/scopedExecutorEnvironment.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/usecases/isTrustedActor.usecase.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/usecases/isTrustedActor.usecase.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/usecases/isTrustedActor.usecase.test.js +33 -0
- package/dist/tests/units/modules/platform-integration/usecases/isTrustedActor.usecase.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/usecases/transport/evaluateTransport.usecase.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/usecases/transport/evaluateTransport.usecase.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/usecases/transport/evaluateTransport.usecase.test.js +69 -0
- package/dist/tests/units/modules/platform-integration/usecases/transport/evaluateTransport.usecase.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/entities/actionProvenance/actionProvenance.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/entities/actionProvenance/actionProvenance.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/entities/actionProvenance/actionProvenance.test.js +26 -0
- package/dist/tests/units/modules/review-execution/entities/actionProvenance/actionProvenance.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.test.js +44 -0
- package/dist/tests/units/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.parity.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.parity.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.parity.test.js +29 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.parity.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.test.js +115 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/services/contextActionsExecutor.autopath.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/services/contextActionsExecutor.autopath.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/services/contextActionsExecutor.autopath.test.js +52 -0
- package/dist/tests/units/modules/review-execution/services/contextActionsExecutor.autopath.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/services/dispatchConstrainedActions.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/services/dispatchConstrainedActions.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/services/dispatchConstrainedActions.test.js +124 -0
- package/dist/tests/units/modules/review-execution/services/dispatchConstrainedActions.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/services/resolveThreadInventory.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/services/resolveThreadInventory.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/services/resolveThreadInventory.test.js +67 -0
- package/dist/tests/units/modules/review-execution/services/resolveThreadInventory.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/usecases/gateClaudeInvocation.usecase.test.js +42 -0
- package/dist/tests/units/modules/review-execution/usecases/gateClaudeInvocation.usecase.test.js.map +1 -1
- package/dist/tests/units/security/gitlabTokenRotation.test.d.ts +2 -0
- package/dist/tests/units/security/gitlabTokenRotation.test.d.ts.map +1 -0
- package/dist/tests/units/security/gitlabTokenRotation.test.js +39 -0
- package/dist/tests/units/security/gitlabTokenRotation.test.js.map +1 -0
- package/dist/tests/units/security/noSpoofableTransportGuard.test.d.ts +2 -0
- package/dist/tests/units/security/noSpoofableTransportGuard.test.d.ts.map +1 -0
- package/dist/tests/units/security/noSpoofableTransportGuard.test.js +30 -0
- package/dist/tests/units/security/noSpoofableTransportGuard.test.js.map +1 -0
- package/dist/tests/units/security/transportGuardConfig.test.d.ts +2 -0
- package/dist/tests/units/security/transportGuardConfig.test.d.ts.map +1 -0
- package/dist/tests/units/security/transportGuardConfig.test.js +38 -0
- package/dist/tests/units/security/transportGuardConfig.test.js.map +1 -0
- package/dist/tests/units/security/verifier.test.js +33 -2
- package/dist/tests/units/security/verifier.test.js.map +1 -1
- package/dist/tests/units/services/contextActionsExecutor.egress.test.d.ts +2 -0
- package/dist/tests/units/services/contextActionsExecutor.egress.test.d.ts.map +1 -0
- package/dist/tests/units/services/contextActionsExecutor.egress.test.js +117 -0
- package/dist/tests/units/services/contextActionsExecutor.egress.test.js.map +1 -0
- package/dist/tests/units/services/contextActionsExecutor.test.js +24 -31
- package/dist/tests/units/services/contextActionsExecutor.test.js.map +1 -1
- package/dist/tests/units/services/publicOutputExecutor.test.d.ts +2 -0
- package/dist/tests/units/services/publicOutputExecutor.test.d.ts.map +1 -0
- package/dist/tests/units/services/publicOutputExecutor.test.js +72 -0
- package/dist/tests/units/services/publicOutputExecutor.test.js.map +1 -0
- package/dist/tests/units/services/threadActionsExecutor.egress.test.d.ts +2 -0
- package/dist/tests/units/services/threadActionsExecutor.egress.test.d.ts.map +1 -0
- package/dist/tests/units/services/threadActionsExecutor.egress.test.js +113 -0
- package/dist/tests/units/services/threadActionsExecutor.egress.test.js.map +1 -0
- package/dist/tests/units/services/threadActionsExecutor.test.js +32 -96
- package/dist/tests/units/services/threadActionsExecutor.test.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
export class ForwardedForClientIpResolver {
|
|
2
|
+
resolve(input) {
|
|
3
|
+
if (!input.socketTrusted) {
|
|
4
|
+
return null;
|
|
5
|
+
}
|
|
6
|
+
if (input.forwardedFor === null) {
|
|
7
|
+
return null;
|
|
8
|
+
}
|
|
9
|
+
const leftmost = input.forwardedFor.split(',')[0]?.trim();
|
|
10
|
+
if (!leftmost) {
|
|
11
|
+
return null;
|
|
12
|
+
}
|
|
13
|
+
return leftmost;
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
//# sourceMappingURL=clientIpResolver.forwardedFor.gateway.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"clientIpResolver.forwardedFor.gateway.js","sourceRoot":"","sources":["../../../../../../src/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.ts"],"names":[],"mappings":"AAKA,MAAM,OAAO,4BAA4B;IACvC,OAAO,CAAC,KAA8B;QACpC,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,KAAK,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;QAC1D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type { ReviewAction } from '../../../modules/review-execution/entities/reviewAction/reviewAction.js';
|
|
2
|
+
export type ActionCapability = 'readMr' | 'postComment' | 'threadResolve' | 'revoke' | 'addLabel';
|
|
3
|
+
export declare function capabilityForAction(action: ReviewAction): ActionCapability;
|
|
4
|
+
export interface AutoExecutorActionFilterResult {
|
|
5
|
+
allowed: ReviewAction[];
|
|
6
|
+
dropped: ReviewAction[];
|
|
7
|
+
}
|
|
8
|
+
export declare function filterAutoExecutorActions(actions: ReviewAction[]): AutoExecutorActionFilterResult;
|
|
9
|
+
//# sourceMappingURL=autoExecutorActionFilter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"autoExecutorActionFilter.d.ts","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/autoExecutorActionFilter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAA;AAGpG,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,aAAa,GAAG,eAAe,GAAG,QAAQ,GAAG,UAAU,CAAA;AAEjG,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,YAAY,GAAG,gBAAgB,CAa1E;AAED,MAAM,WAAW,8BAA8B;IAC7C,OAAO,EAAE,YAAY,EAAE,CAAA;IACvB,OAAO,EAAE,YAAY,EAAE,CAAA;CACxB;AASD,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,8BAA8B,CAajG"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import { AUTO_EXECUTOR_CAPABILITIES } from '../../../modules/platform-integration/entities/executorToken/executorCapability.js';
|
|
2
|
+
export function capabilityForAction(action) {
|
|
3
|
+
switch (action.type) {
|
|
4
|
+
case 'FETCH_THREADS':
|
|
5
|
+
return 'readMr';
|
|
6
|
+
case 'POST_COMMENT':
|
|
7
|
+
case 'THREAD_REPLY':
|
|
8
|
+
case 'POST_INLINE_COMMENT':
|
|
9
|
+
return 'postComment';
|
|
10
|
+
case 'THREAD_RESOLVE':
|
|
11
|
+
return 'threadResolve';
|
|
12
|
+
case 'ADD_LABEL':
|
|
13
|
+
return 'addLabel';
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
function isAutoCapability(capability) {
|
|
17
|
+
return ((capability === 'readMr' || capability === 'postComment') &&
|
|
18
|
+
AUTO_EXECUTOR_CAPABILITIES.has(capability));
|
|
19
|
+
}
|
|
20
|
+
export function filterAutoExecutorActions(actions) {
|
|
21
|
+
const allowed = [];
|
|
22
|
+
const dropped = [];
|
|
23
|
+
for (const action of actions) {
|
|
24
|
+
if (isAutoCapability(capabilityForAction(action))) {
|
|
25
|
+
allowed.push(action);
|
|
26
|
+
}
|
|
27
|
+
else {
|
|
28
|
+
dropped.push(action);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
return { allowed, dropped };
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=autoExecutorActionFilter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"autoExecutorActionFilter.js","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/autoExecutorActionFilter.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,0BAA0B,EAAE,MAAM,6EAA6E,CAAA;AAIxH,MAAM,UAAU,mBAAmB,CAAC,MAAoB;IACtD,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,eAAe;YAClB,OAAO,QAAQ,CAAA;QACjB,KAAK,cAAc,CAAC;QACpB,KAAK,cAAc,CAAC;QACpB,KAAK,qBAAqB;YACxB,OAAO,aAAa,CAAA;QACtB,KAAK,gBAAgB;YACnB,OAAO,eAAe,CAAA;QACxB,KAAK,WAAW;YACd,OAAO,UAAU,CAAA;IACrB,CAAC;AACH,CAAC;AAOD,SAAS,gBAAgB,CAAC,UAA4B;IACpD,OAAO,CACL,CAAC,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,aAAa,CAAC;QACzD,0BAA0B,CAAC,GAAG,CAAC,UAAU,CAAC,CAC3C,CAAA;AACH,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,OAAuB;IAC/D,MAAM,OAAO,GAAmB,EAAE,CAAA;IAClC,MAAM,OAAO,GAAmB,EAAE,CAAA;IAElC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,gBAAgB,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACtB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACtB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAA;AAC7B,CAAC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
export interface PinnedThreadFetchTarget {
|
|
2
|
+
projectPath: string;
|
|
3
|
+
mrNumber: number;
|
|
4
|
+
}
|
|
5
|
+
interface ResolvedRepository {
|
|
6
|
+
projectPath: string;
|
|
7
|
+
}
|
|
8
|
+
export interface ResolvePinnedThreadFetchTargetInput {
|
|
9
|
+
payloadProjectPath: string;
|
|
10
|
+
payloadMrNumber: number;
|
|
11
|
+
findRepository: (projectPath: string) => ResolvedRepository | null | undefined;
|
|
12
|
+
gatedMrNumber: number | null;
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
* Anchors the (projectPath, mrNumber) pair driving fetchThreads to a server-validated
|
|
16
|
+
* source (AC9). The forgeable webhook payload is never used as-is to widen scope:
|
|
17
|
+
* - projectPath MUST resolve to a configured repository.
|
|
18
|
+
* - mrNumber MUST equal the merge-request that passed the upstream trusted-actor gate.
|
|
19
|
+
* If either cannot be established, the action surface is empty (null, fail-closed).
|
|
20
|
+
*/
|
|
21
|
+
export declare function resolvePinnedThreadFetchTarget(input: ResolvePinnedThreadFetchTargetInput): PinnedThreadFetchTarget | null;
|
|
22
|
+
export {};
|
|
23
|
+
//# sourceMappingURL=pinnedThreadFetchTarget.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pinnedThreadFetchTarget.d.ts","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/pinnedThreadFetchTarget.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,UAAU,kBAAkB;IAC1B,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,mCAAmC;IAClD,kBAAkB,EAAE,MAAM,CAAA;IAC1B,eAAe,EAAE,MAAM,CAAA;IACvB,cAAc,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,kBAAkB,GAAG,IAAI,GAAG,SAAS,CAAA;IAC9E,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;AAED;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAC5C,KAAK,EAAE,mCAAmC,GACzC,uBAAuB,GAAG,IAAI,CAchC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Anchors the (projectPath, mrNumber) pair driving fetchThreads to a server-validated
|
|
3
|
+
* source (AC9). The forgeable webhook payload is never used as-is to widen scope:
|
|
4
|
+
* - projectPath MUST resolve to a configured repository.
|
|
5
|
+
* - mrNumber MUST equal the merge-request that passed the upstream trusted-actor gate.
|
|
6
|
+
* If either cannot be established, the action surface is empty (null, fail-closed).
|
|
7
|
+
*/
|
|
8
|
+
export function resolvePinnedThreadFetchTarget(input) {
|
|
9
|
+
const repository = input.findRepository(input.payloadProjectPath);
|
|
10
|
+
if (!repository) {
|
|
11
|
+
return null;
|
|
12
|
+
}
|
|
13
|
+
if (input.gatedMrNumber === null || input.payloadMrNumber !== input.gatedMrNumber) {
|
|
14
|
+
return null;
|
|
15
|
+
}
|
|
16
|
+
return {
|
|
17
|
+
projectPath: repository.projectPath,
|
|
18
|
+
mrNumber: input.gatedMrNumber,
|
|
19
|
+
};
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=pinnedThreadFetchTarget.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pinnedThreadFetchTarget.js","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/pinnedThreadFetchTarget.ts"],"names":[],"mappings":"AAgBA;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAC5C,KAA0C;IAE1C,MAAM,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAA;IACjE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,IAAI,CAAA;IACb,CAAC;IAED,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,IAAI,KAAK,CAAC,eAAe,KAAK,KAAK,CAAC,aAAa,EAAE,CAAC;QAClF,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO;QACL,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,QAAQ,EAAE,KAAK,CAAC,aAAa;KAC9B,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
export declare const EXECUTOR_TOKEN_ENV_KEY = "REVIEWFLOW_EXECUTOR_TOKEN";
|
|
2
|
+
export declare const ENV_ALLOWLIST: readonly ["PATH", "HOME", "GLAB_CONFIG_DIR", "LANG"];
|
|
3
|
+
export type AllowlistedEnvKey = (typeof ENV_ALLOWLIST)[number];
|
|
4
|
+
export type ScopedExecutorEnv = Partial<Record<AllowlistedEnvKey, string>>;
|
|
5
|
+
export declare class MissingExecutorTokenError extends Error {
|
|
6
|
+
constructor();
|
|
7
|
+
}
|
|
8
|
+
export interface ExecutorFileWriter {
|
|
9
|
+
write(path: string, contents: string): void;
|
|
10
|
+
}
|
|
11
|
+
export interface BuildScopedExecutorEnvironmentInput {
|
|
12
|
+
parentEnv: Record<string, string | undefined>;
|
|
13
|
+
isolatedDir: string;
|
|
14
|
+
fileWriter: ExecutorFileWriter;
|
|
15
|
+
}
|
|
16
|
+
export interface ScopedExecutorEnvironment {
|
|
17
|
+
env: ScopedExecutorEnv;
|
|
18
|
+
configFilePath: string;
|
|
19
|
+
}
|
|
20
|
+
export declare function buildScopedExecutorEnvironment(input: BuildScopedExecutorEnvironmentInput): ScopedExecutorEnvironment;
|
|
21
|
+
//# sourceMappingURL=scopedExecutorEnvironment.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scopedExecutorEnvironment.d.ts","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/scopedExecutorEnvironment.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,sBAAsB,8BAA8B,CAAA;AAEjE,eAAO,MAAM,aAAa,sDAAuD,CAAA;AAEjF,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAA;AAE9D,MAAM,MAAM,iBAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC,CAAA;AAE1E,qBAAa,yBAA0B,SAAQ,KAAK;;CAOnD;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CAC5C;AAED,MAAM,WAAW,mCAAmC;IAClD,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;IAC7C,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,kBAAkB,CAAA;CAC/B;AAED,MAAM,WAAW,yBAAyB;IACxC,GAAG,EAAE,iBAAiB,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;CACvB;AAYD,wBAAgB,8BAA8B,CAC5C,KAAK,EAAE,mCAAmC,GACzC,yBAAyB,CAwB3B"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
export const EXECUTOR_TOKEN_ENV_KEY = 'REVIEWFLOW_EXECUTOR_TOKEN';
|
|
2
|
+
export const ENV_ALLOWLIST = ['PATH', 'HOME', 'GLAB_CONFIG_DIR', 'LANG'];
|
|
3
|
+
export class MissingExecutorTokenError extends Error {
|
|
4
|
+
constructor() {
|
|
5
|
+
super(`Executor service token (${EXECUTOR_TOKEN_ENV_KEY}) is absent or empty; refusing to start with the ambient token.`);
|
|
6
|
+
this.name = 'MissingExecutorTokenError';
|
|
7
|
+
}
|
|
8
|
+
}
|
|
9
|
+
function renderGlabConfig(token) {
|
|
10
|
+
return [
|
|
11
|
+
'hosts:',
|
|
12
|
+
' gitlab.com:',
|
|
13
|
+
` token: ${token}`,
|
|
14
|
+
' api_protocol: https',
|
|
15
|
+
'',
|
|
16
|
+
].join('\n');
|
|
17
|
+
}
|
|
18
|
+
export function buildScopedExecutorEnvironment(input) {
|
|
19
|
+
const token = input.parentEnv[EXECUTOR_TOKEN_ENV_KEY]?.trim();
|
|
20
|
+
if (!token) {
|
|
21
|
+
throw new MissingExecutorTokenError();
|
|
22
|
+
}
|
|
23
|
+
const home = `${input.isolatedDir}/home`;
|
|
24
|
+
const glabConfigDir = `${input.isolatedDir}/glab-config`;
|
|
25
|
+
const env = {
|
|
26
|
+
HOME: home,
|
|
27
|
+
GLAB_CONFIG_DIR: glabConfigDir,
|
|
28
|
+
};
|
|
29
|
+
const path = input.parentEnv.PATH;
|
|
30
|
+
if (path)
|
|
31
|
+
env.PATH = path;
|
|
32
|
+
const lang = input.parentEnv.LANG;
|
|
33
|
+
if (lang)
|
|
34
|
+
env.LANG = lang;
|
|
35
|
+
const configFilePath = `${glabConfigDir}/glab-cli/config.yml`;
|
|
36
|
+
input.fileWriter.write(configFilePath, renderGlabConfig(token));
|
|
37
|
+
return { env, configFilePath };
|
|
38
|
+
}
|
|
39
|
+
//# sourceMappingURL=scopedExecutorEnvironment.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scopedExecutorEnvironment.js","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/scopedExecutorEnvironment.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,sBAAsB,GAAG,2BAA2B,CAAA;AAEjE,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,CAAU,CAAA;AAMjF,MAAM,OAAO,yBAA0B,SAAQ,KAAK;IAClD;QACE,KAAK,CACH,2BAA2B,sBAAsB,iEAAiE,CACnH,CAAA;QACD,IAAI,CAAC,IAAI,GAAG,2BAA2B,CAAA;IACzC,CAAC;CACF;AAiBD,SAAS,gBAAgB,CAAC,KAAa;IACrC,OAAO;QACL,QAAQ;QACR,eAAe;QACf,cAAc,KAAK,EAAE;QACrB,yBAAyB;QACzB,EAAE;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACd,CAAC;AAED,MAAM,UAAU,8BAA8B,CAC5C,KAA0C;IAE1C,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,sBAAsB,CAAC,EAAE,IAAI,EAAE,CAAA;IAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,yBAAyB,EAAE,CAAA;IACvC,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,OAAO,CAAA;IACxC,MAAM,aAAa,GAAG,GAAG,KAAK,CAAC,WAAW,cAAc,CAAA;IAExD,MAAM,GAAG,GAAsB;QAC7B,IAAI,EAAE,IAAI;QACV,eAAe,EAAE,aAAa;KAC/B,CAAA;IAED,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAA;IACjC,IAAI,IAAI;QAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAA;IAEzB,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAA;IACjC,IAAI,IAAI;QAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAA;IAEzB,MAAM,cAAc,GAAG,GAAG,aAAa,sBAAsB,CAAA;IAC7D,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,cAAc,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAA;IAE/D,OAAO,EAAE,GAAG,EAAE,cAAc,EAAE,CAAA;AAChC,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import type { MemberAccessGateway } from '../../../modules/platform-integration/entities/memberAccess/memberAccess.gateway.js';
|
|
2
|
+
export interface IsTrustedActorInput {
|
|
3
|
+
username: string;
|
|
4
|
+
projectPath: string;
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* Decides whether the trigger actor is a trusted (Developer+) member of the target
|
|
8
|
+
* project (SPEC-197). Consumes the fail-closed MemberAccessGateway: any resolution
|
|
9
|
+
* failure or sub-Developer level collapses to non-trusted, so a thrown lookup never
|
|
10
|
+
* widens trust.
|
|
11
|
+
*/
|
|
12
|
+
export declare class IsTrustedActorUseCase {
|
|
13
|
+
private readonly memberAccessGateway;
|
|
14
|
+
constructor(memberAccessGateway: MemberAccessGateway);
|
|
15
|
+
execute(input: IsTrustedActorInput): Promise<boolean>;
|
|
16
|
+
}
|
|
17
|
+
//# sourceMappingURL=isTrustedActor.usecase.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"isTrustedActor.usecase.d.ts","sourceRoot":"","sources":["../../../../src/modules/platform-integration/usecases/isTrustedActor.usecase.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8EAA8E,CAAC;AAGxH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;GAKG;AACH,qBAAa,qBAAqB;IACpB,OAAO,CAAC,QAAQ,CAAC,mBAAmB;gBAAnB,mBAAmB,EAAE,mBAAmB;IAE/D,OAAO,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC;CAQ5D"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import { isDeveloperOrAbove } from '../../../modules/platform-integration/entities/memberAccess/memberAccess.js';
|
|
2
|
+
/**
|
|
3
|
+
* Decides whether the trigger actor is a trusted (Developer+) member of the target
|
|
4
|
+
* project (SPEC-197). Consumes the fail-closed MemberAccessGateway: any resolution
|
|
5
|
+
* failure or sub-Developer level collapses to non-trusted, so a thrown lookup never
|
|
6
|
+
* widens trust.
|
|
7
|
+
*/
|
|
8
|
+
export class IsTrustedActorUseCase {
|
|
9
|
+
memberAccessGateway;
|
|
10
|
+
constructor(memberAccessGateway) {
|
|
11
|
+
this.memberAccessGateway = memberAccessGateway;
|
|
12
|
+
}
|
|
13
|
+
async execute(input) {
|
|
14
|
+
try {
|
|
15
|
+
const accessLevel = await this.memberAccessGateway.resolve(input.projectPath, input.username);
|
|
16
|
+
return isDeveloperOrAbove(accessLevel);
|
|
17
|
+
}
|
|
18
|
+
catch {
|
|
19
|
+
return false;
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
//# sourceMappingURL=isTrustedActor.usecase.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"isTrustedActor.usecase.js","sourceRoot":"","sources":["../../../../src/modules/platform-integration/usecases/isTrustedActor.usecase.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sEAAsE,CAAC;AAO1G;;;;;GAKG;AACH,MAAM,OAAO,qBAAqB;IACH;IAA7B,YAA6B,mBAAwC;QAAxC,wBAAmB,GAAnB,mBAAmB,CAAqB;IAAG,CAAC;IAEzE,KAAK,CAAC,OAAO,CAAC,KAA0B;QACtC,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC9F,OAAO,kBAAkB,CAAC,WAAW,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
import type { TransportContext, TransportDecision } from '../../../../modules/platform-integration/entities/transport/transportContext.js';
|
|
2
|
+
export declare function evaluateTransport(context: TransportContext): TransportDecision;
|
|
3
|
+
//# sourceMappingURL=evaluateTransport.usecase.d.ts.map
|
package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.d.ts.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evaluateTransport.usecase.d.ts","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/usecases/transport/evaluateTransport.usecase.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,uEAAuE,CAAC;AAK/E,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,gBAAgB,GAAG,iBAAiB,CAmB9E"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { isIpInCidr } from '../../../../modules/platform-integration/entities/transport/cidr.js';
|
|
2
|
+
const REJECT_STATUS = 403;
|
|
3
|
+
export function evaluateTransport(context) {
|
|
4
|
+
if (context.directSocketAddress !== context.trustedHopAddress) {
|
|
5
|
+
return { kind: 'reject', status: REJECT_STATUS, reason: 'untrusted-socket' };
|
|
6
|
+
}
|
|
7
|
+
if (context.forwardedProto !== 'https') {
|
|
8
|
+
return { kind: 'reject', status: REJECT_STATUS, reason: 'non-https' };
|
|
9
|
+
}
|
|
10
|
+
const clientIp = context.resolvedClientIp;
|
|
11
|
+
const allowed = clientIp !== null &&
|
|
12
|
+
context.allowedCidrRanges.some((range) => isIpInCidr(clientIp, range));
|
|
13
|
+
if (!allowed) {
|
|
14
|
+
return { kind: 'reject', status: REJECT_STATUS, reason: 'off-allowlist' };
|
|
15
|
+
}
|
|
16
|
+
return { kind: 'accept' };
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=evaluateTransport.usecase.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evaluateTransport.usecase.js","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/usecases/transport/evaluateTransport.usecase.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,UAAU,EAAE,MAAM,2DAA2D,CAAC;AAEvF,MAAM,aAAa,GAAG,GAAG,CAAC;AAE1B,MAAM,UAAU,iBAAiB,CAAC,OAAyB;IACzD,IAAI,OAAO,CAAC,mBAAmB,KAAK,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAC9D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,OAAO,CAAC,cAAc,KAAK,OAAO,EAAE,CAAC;QACvC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IACxE,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAC1C,MAAM,OAAO,GACX,QAAQ,KAAK,IAAI;QACjB,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IAEzE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAC5E,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAC5B,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
export type Provenance = 'trusted' | 'untrusted';
|
|
2
|
+
/**
|
|
3
|
+
* Fail-closed provenance resolver.
|
|
4
|
+
* Only the exact canonical token resolves to `trusted`; every other value
|
|
5
|
+
* (including casing, padding, non-string types, null/undefined) is `untrusted`.
|
|
6
|
+
* `trusted` is NEVER derived from a payload field.
|
|
7
|
+
*/
|
|
8
|
+
export declare function resolveProvenance(value: unknown): Provenance;
|
|
9
|
+
//# sourceMappingURL=actionProvenance.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"actionProvenance.d.ts","sourceRoot":"","sources":["../../../../../src/modules/review-execution/entities/actionProvenance/actionProvenance.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,WAAW,CAAA;AAIhD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,OAAO,GAAG,UAAU,CAE5D"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
const CANONICAL_TRUSTED = 'trusted';
|
|
2
|
+
/**
|
|
3
|
+
* Fail-closed provenance resolver.
|
|
4
|
+
* Only the exact canonical token resolves to `trusted`; every other value
|
|
5
|
+
* (including casing, padding, non-string types, null/undefined) is `untrusted`.
|
|
6
|
+
* `trusted` is NEVER derived from a payload field.
|
|
7
|
+
*/
|
|
8
|
+
export function resolveProvenance(value) {
|
|
9
|
+
return value === CANONICAL_TRUSTED ? 'trusted' : 'untrusted';
|
|
10
|
+
}
|
|
11
|
+
//# sourceMappingURL=actionProvenance.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"actionProvenance.js","sourceRoot":"","sources":["../../../../../src/modules/review-execution/entities/actionProvenance/actionProvenance.ts"],"names":[],"mappings":"AAEA,MAAM,iBAAiB,GAAG,SAAS,CAAA;AAEnC;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAc;IAC9C,OAAO,KAAK,KAAK,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAA;AAC9D,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
export interface ThreadInventoryPage {
|
|
2
|
+
page: number;
|
|
3
|
+
totalPages: number;
|
|
4
|
+
threadIds: string[];
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* Authenticated, page-by-page access to the current MR's thread inventory.
|
|
8
|
+
* Each page carries its own `totalPages` so the resolver can prove completeness.
|
|
9
|
+
*/
|
|
10
|
+
export interface ThreadInventoryGateway {
|
|
11
|
+
fetchPage(projectPath: string, mergeRequestNumber: number, page: number): ThreadInventoryPage;
|
|
12
|
+
}
|
|
13
|
+
//# sourceMappingURL=threadInventory.gateway.d.ts.map
|
package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.d.ts.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"threadInventory.gateway.d.ts","sourceRoot":"","sources":["../../../../../src/modules/review-execution/entities/threadInventory/threadInventory.gateway.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAA;IACZ,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,EAAE,CAAA;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,mBAAmB,CAAA;CAC9F"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"threadInventory.gateway.js","sourceRoot":"","sources":["../../../../../src/modules/review-execution/entities/threadInventory/threadInventory.gateway.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import type { ThreadInventoryGateway, ThreadInventoryPage } from '../../../../modules/review-execution/entities/threadInventory/threadInventory.gateway.js';
|
|
2
|
+
export type CommandExecutor = (command: string) => string;
|
|
3
|
+
/**
|
|
4
|
+
* Authenticated GitLab Threads (discussions) inventory access.
|
|
5
|
+
*
|
|
6
|
+
* Issues `glab api -i` so the response carries the `X-Total-Pages` header used by the
|
|
7
|
+
* resolver to prove pagination completeness (complete-or-empty, fail-closed).
|
|
8
|
+
*/
|
|
9
|
+
export declare class GitLabThreadInventoryGateway implements ThreadInventoryGateway {
|
|
10
|
+
private readonly executor;
|
|
11
|
+
constructor(executor: CommandExecutor);
|
|
12
|
+
fetchPage(projectPath: string, mergeRequestNumber: number, page: number): ThreadInventoryPage;
|
|
13
|
+
}
|
|
14
|
+
//# sourceMappingURL=threadInventory.gitlab.gateway.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"threadInventory.gitlab.gateway.d.ts","sourceRoot":"","sources":["../../../../../src/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,sBAAsB,EACtB,mBAAmB,EACpB,MAAM,gFAAgF,CAAA;AAEvF,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,MAAM,KAAK,MAAM,CAAA;AAazD;;;;;GAKG;AACH,qBAAa,4BAA6B,YAAW,sBAAsB;IAC7D,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,eAAe;IAEtD,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,mBAAmB;CAkB9F"}
|
package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.js
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
const HEADER_BODY_SEPARATOR = '\r\n\r\n';
|
|
2
|
+
function parseTotalPages(headers) {
|
|
3
|
+
const match = headers.match(/x-total-pages:\s*(\d+)/i);
|
|
4
|
+
return match ? Number.parseInt(match[1], 10) : 1;
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* Authenticated GitLab Threads (discussions) inventory access.
|
|
8
|
+
*
|
|
9
|
+
* Issues `glab api -i` so the response carries the `X-Total-Pages` header used by the
|
|
10
|
+
* resolver to prove pagination completeness (complete-or-empty, fail-closed).
|
|
11
|
+
*/
|
|
12
|
+
export class GitLabThreadInventoryGateway {
|
|
13
|
+
executor;
|
|
14
|
+
constructor(executor) {
|
|
15
|
+
this.executor = executor;
|
|
16
|
+
}
|
|
17
|
+
fetchPage(projectPath, mergeRequestNumber, page) {
|
|
18
|
+
const encodedProject = projectPath.replace(/\//g, '%2F');
|
|
19
|
+
const raw = this.executor(`glab api -i "projects/${encodedProject}/merge_requests/${mergeRequestNumber}/discussions?page=${page}&per_page=100"`);
|
|
20
|
+
const separatorIndex = raw.indexOf(HEADER_BODY_SEPARATOR);
|
|
21
|
+
const headers = separatorIndex === -1 ? '' : raw.slice(0, separatorIndex);
|
|
22
|
+
const body = separatorIndex === -1 ? raw : raw.slice(separatorIndex + HEADER_BODY_SEPARATOR.length);
|
|
23
|
+
const discussions = JSON.parse(body);
|
|
24
|
+
return {
|
|
25
|
+
page,
|
|
26
|
+
totalPages: parseTotalPages(headers),
|
|
27
|
+
threadIds: discussions.map(discussion => discussion.id),
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
//# sourceMappingURL=threadInventory.gitlab.gateway.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"threadInventory.gitlab.gateway.js","sourceRoot":"","sources":["../../../../../src/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.ts"],"names":[],"mappings":"AAWA,MAAM,qBAAqB,GAAG,UAAU,CAAA;AAExC,SAAS,eAAe,CAAC,OAAe;IACtC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAA;IACtD,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;AAClD,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,4BAA4B;IACV;IAA7B,YAA6B,QAAyB;QAAzB,aAAQ,GAAR,QAAQ,CAAiB;IAAG,CAAC;IAE1D,SAAS,CAAC,WAAmB,EAAE,kBAA0B,EAAE,IAAY;QACrE,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QACxD,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CACvB,yBAAyB,cAAc,mBAAmB,kBAAkB,qBAAqB,IAAI,gBAAgB,CACtH,CAAA;QAED,MAAM,cAAc,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAA;QACzD,MAAM,OAAO,GAAG,cAAc,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAA;QACzE,MAAM,IAAI,GAAG,cAAc,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,cAAc,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAA;QAEnG,MAAM,WAAW,GAAuB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAExD,OAAO;YACL,IAAI;YACJ,UAAU,EAAE,eAAe,CAAC,OAAO,CAAC;YACpC,SAAS,EAAE,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;SACxD,CAAA;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import type { ReviewAction } from '../../../modules/review-execution/entities/reviewAction/reviewAction.js';
|
|
2
|
+
import type { Provenance } from '../../../modules/review-execution/entities/actionProvenance/actionProvenance.js';
|
|
3
|
+
export interface ActionSurfaceConstraints {
|
|
4
|
+
provenance: Provenance;
|
|
5
|
+
threadInventory: ReadonlySet<string>;
|
|
6
|
+
}
|
|
7
|
+
/**
|
|
8
|
+
* Bounds the executable write surface derived from LLM output.
|
|
9
|
+
*
|
|
10
|
+
* - `POST_COMMENT` is always allowed (the only untrusted write verb).
|
|
11
|
+
* - `FETCH_THREADS` is allowed only for `trusted` provenance (read-amplification gate).
|
|
12
|
+
* - `THREAD_RESOLVE` / `THREAD_REPLY` require BOTH `trusted` provenance AND the (trimmed)
|
|
13
|
+
* target id being a member of the authenticated MR thread inventory.
|
|
14
|
+
* - Any other verb is dropped.
|
|
15
|
+
*
|
|
16
|
+
* Membership is computed from the passed inventory only, never from token text.
|
|
17
|
+
*/
|
|
18
|
+
export declare function constrainActionSurface(actions: ReviewAction[], constraints: ActionSurfaceConstraints): ReviewAction[];
|
|
19
|
+
//# sourceMappingURL=constrainActionSurface.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constrainActionSurface.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/constrainActionSurface.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAA;AACpG,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0EAA0E,CAAA;AAE1G,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,UAAU,CAAA;IACtB,eAAe,EAAE,WAAW,CAAC,MAAM,CAAC,CAAA;CACrC;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,YAAY,EAAE,EACvB,WAAW,EAAE,wBAAwB,GACpC,YAAY,EAAE,CAwChB"}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Bounds the executable write surface derived from LLM output.
|
|
3
|
+
*
|
|
4
|
+
* - `POST_COMMENT` is always allowed (the only untrusted write verb).
|
|
5
|
+
* - `FETCH_THREADS` is allowed only for `trusted` provenance (read-amplification gate).
|
|
6
|
+
* - `THREAD_RESOLVE` / `THREAD_REPLY` require BOTH `trusted` provenance AND the (trimmed)
|
|
7
|
+
* target id being a member of the authenticated MR thread inventory.
|
|
8
|
+
* - Any other verb is dropped.
|
|
9
|
+
*
|
|
10
|
+
* Membership is computed from the passed inventory only, never from token text.
|
|
11
|
+
*/
|
|
12
|
+
export function constrainActionSurface(actions, constraints) {
|
|
13
|
+
const { provenance, threadInventory } = constraints;
|
|
14
|
+
const isTrusted = provenance === 'trusted';
|
|
15
|
+
const constrained = [];
|
|
16
|
+
for (const action of actions) {
|
|
17
|
+
switch (action.type) {
|
|
18
|
+
case 'POST_COMMENT':
|
|
19
|
+
constrained.push(action);
|
|
20
|
+
break;
|
|
21
|
+
case 'FETCH_THREADS':
|
|
22
|
+
if (isTrusted)
|
|
23
|
+
constrained.push(action);
|
|
24
|
+
break;
|
|
25
|
+
case 'THREAD_RESOLVE': {
|
|
26
|
+
if (!isTrusted)
|
|
27
|
+
break;
|
|
28
|
+
const target = action.threadId.trim();
|
|
29
|
+
if (threadInventory.has(target)) {
|
|
30
|
+
constrained.push({ ...action, threadId: target });
|
|
31
|
+
}
|
|
32
|
+
break;
|
|
33
|
+
}
|
|
34
|
+
case 'THREAD_REPLY': {
|
|
35
|
+
if (!isTrusted)
|
|
36
|
+
break;
|
|
37
|
+
const target = action.threadId.trim();
|
|
38
|
+
if (threadInventory.has(target)) {
|
|
39
|
+
constrained.push({ ...action, threadId: target });
|
|
40
|
+
}
|
|
41
|
+
break;
|
|
42
|
+
}
|
|
43
|
+
default:
|
|
44
|
+
break;
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
return constrained;
|
|
48
|
+
}
|
|
49
|
+
//# sourceMappingURL=constrainActionSurface.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constrainActionSurface.js","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/constrainActionSurface.ts"],"names":[],"mappings":"AAQA;;;;;;;;;;GAUG;AACH,MAAM,UAAU,sBAAsB,CACpC,OAAuB,EACvB,WAAqC;IAErC,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,WAAW,CAAA;IACnD,MAAM,SAAS,GAAG,UAAU,KAAK,SAAS,CAAA;IAE1C,MAAM,WAAW,GAAmB,EAAE,CAAA;IAEtC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;YACpB,KAAK,cAAc;gBACjB,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;gBACxB,MAAK;YAEP,KAAK,eAAe;gBAClB,IAAI,SAAS;oBAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;gBACvC,MAAK;YAEP,KAAK,gBAAgB,CAAC,CAAC,CAAC;gBACtB,IAAI,CAAC,SAAS;oBAAE,MAAK;gBACrB,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;gBACrC,IAAI,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBAChC,WAAW,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;gBACnD,CAAC;gBACD,MAAK;YACP,CAAC;YAED,KAAK,cAAc,CAAC,CAAC,CAAC;gBACpB,IAAI,CAAC,SAAS;oBAAE,MAAK;gBACrB,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAA;gBACrC,IAAI,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;oBAChC,WAAW,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;gBACnD,CAAC;gBACD,MAAK;YACP,CAAC;YAED;gBACE,MAAK;QACT,CAAC;IACH,CAAC;IAED,OAAO,WAAW,CAAA;AACpB,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import type { ReviewContext } from '../../../modules/review-execution/entities/reviewContext/reviewContext.js';
|
|
2
2
|
import type { ReviewAction } from '../../../modules/review-execution/entities/reviewAction/reviewAction.js';
|
|
3
3
|
import type { ExecutionResult, CommandExecutor } from '../../../modules/review-execution/entities/reviewAction/reviewAction.gateway.js';
|
|
4
|
+
import type { NoteCommentPostGateway } from '../../../modules/platform-integration/entities/noteComment/noteCommentPost.gateway.js';
|
|
4
5
|
/**
|
|
5
6
|
* @deprecated Use ReviewContextAction from reviewAction entity instead
|
|
6
7
|
*/
|
|
@@ -15,5 +16,5 @@ interface Logger {
|
|
|
15
16
|
/**
|
|
16
17
|
* @deprecated Use GitLabReviewActionCliGateway or GitHubReviewActionCliGateway directly
|
|
17
18
|
*/
|
|
18
|
-
export declare function executeActionsFromContext(context: ReviewContext, localPath: string,
|
|
19
|
+
export declare function executeActionsFromContext(context: ReviewContext, localPath: string, logger: Logger, executor: CommandExecutor, baseUrl?: string | null, postGateway?: NoteCommentPostGateway | null): Promise<ExecutionResult>;
|
|
19
20
|
//# sourceMappingURL=contextActionsExecutor.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contextActionsExecutor.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/contextActionsExecutor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oEAAoE,CAAA;AACvG,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAA;AAGpG,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,0EAA0E,CAAA;
|
|
1
|
+
{"version":3,"file":"contextActionsExecutor.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/contextActionsExecutor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oEAAoE,CAAA;AACvG,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAA;AAGpG,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,0EAA0E,CAAA;AAChI,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gFAAgF,CAAA;AAI5H;;GAEG;AACH,YAAY,EAAE,YAAY,IAAI,mBAAmB,EAAE,CAAA;AAEnD,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,CAAA;AAEhD,UAAU,MAAM;IACd,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACxC,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACxC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACzC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;CAC1C;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,OAAO,EAAE,aAAa,EACtB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,eAAe,EACzB,OAAO,GAAE,MAAM,GAAG,IAAW,EAC7B,WAAW,GAAE,sBAAsB,GAAG,IAAW,GAChD,OAAO,CAAC,eAAe,CAAC,CA4C1B"}
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
import { GitLabReviewActionCliGateway } from '../../../modules/review-execution/interface-adapters/gateways/cli/reviewAction.gitlab.cli.gateway.js';
|
|
2
2
|
import { GitHubReviewActionCliGateway } from '../../../modules/review-execution/interface-adapters/gateways/cli/reviewAction.github.cli.gateway.js';
|
|
3
|
+
import { executePublicOutput, isPublicOutputAction } from '../../../modules/review-execution/services/publicOutputExecutor.js';
|
|
4
|
+
import { filterAutoExecutorActions } from '../../../modules/platform-integration/services/autoExecutorActionFilter.js';
|
|
3
5
|
/**
|
|
4
6
|
* @deprecated Use GitLabReviewActionCliGateway or GitHubReviewActionCliGateway directly
|
|
5
7
|
*/
|
|
6
|
-
export async function executeActionsFromContext(context, localPath,
|
|
8
|
+
export async function executeActionsFromContext(context, localPath, logger, executor, baseUrl = null, postGateway = null) {
|
|
7
9
|
const gatewayContext = {
|
|
8
10
|
projectPath: context.projectPath,
|
|
9
11
|
mrNumber: context.mergeRequestNumber,
|
|
@@ -11,9 +13,25 @@ export async function executeActionsFromContext(context, localPath, _logger, exe
|
|
|
11
13
|
diffMetadata: context.diffMetadata,
|
|
12
14
|
baseUrl,
|
|
13
15
|
};
|
|
16
|
+
const { allowed, dropped } = filterAutoExecutorActions(context.actions);
|
|
17
|
+
if (dropped.length > 0) {
|
|
18
|
+
logger.warn({ droppedTypes: dropped.map(action => action.type) }, 'Auto executor dropped write-capable actions outside the read+postComment capability set');
|
|
19
|
+
}
|
|
14
20
|
const gateway = context.platform === 'gitlab'
|
|
15
21
|
? new GitLabReviewActionCliGateway(executor)
|
|
16
22
|
: new GitHubReviewActionCliGateway(executor);
|
|
17
|
-
|
|
23
|
+
if (postGateway === null) {
|
|
24
|
+
return gateway.execute(allowed, gatewayContext);
|
|
25
|
+
}
|
|
26
|
+
const publicOutputActions = allowed.filter(isPublicOutputAction);
|
|
27
|
+
const remainingActions = allowed.filter(action => !isPublicOutputAction(action));
|
|
28
|
+
await executePublicOutput(publicOutputActions, { projectPath: context.projectPath, mrNumber: context.mergeRequestNumber }, postGateway);
|
|
29
|
+
const cliResult = await gateway.execute(remainingActions, gatewayContext);
|
|
30
|
+
return {
|
|
31
|
+
total: allowed.length,
|
|
32
|
+
succeeded: cliResult.succeeded + publicOutputActions.length,
|
|
33
|
+
failed: cliResult.failed,
|
|
34
|
+
skipped: cliResult.skipped,
|
|
35
|
+
};
|
|
18
36
|
}
|
|
19
37
|
//# sourceMappingURL=contextActionsExecutor.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contextActionsExecutor.js","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/contextActionsExecutor.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,4BAA4B,EAAE,MAAM,+FAA+F,CAAA;AAC5I,OAAO,EAAE,4BAA4B,EAAE,MAAM,+FAA+F,CAAA;
|
|
1
|
+
{"version":3,"file":"contextActionsExecutor.js","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/contextActionsExecutor.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,4BAA4B,EAAE,MAAM,+FAA+F,CAAA;AAC5I,OAAO,EAAE,4BAA4B,EAAE,MAAM,+FAA+F,CAAA;AAG5I,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,6DAA6D,CAAA;AACvH,OAAO,EAAE,yBAAyB,EAAE,MAAM,qEAAqE,CAAA;AAgB/G;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,OAAsB,EACtB,SAAiB,EACjB,MAAc,EACd,QAAyB,EACzB,UAAyB,IAAI,EAC7B,cAA6C,IAAI;IAEjD,MAAM,cAAc,GAAG;QACrB,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,QAAQ,EAAE,OAAO,CAAC,kBAAkB;QACpC,SAAS;QACT,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,OAAO;KACR,CAAA;IAED,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,yBAAyB,CAAC,OAAO,CAAC,OAAyB,CAAC,CAAA;IAEzF,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CACT,EAAE,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EACpD,yFAAyF,CAC1F,CAAA;IACH,CAAC;IAED,MAAM,OAAO,GACX,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAC3B,CAAC,CAAC,IAAI,4BAA4B,CAAC,QAAQ,CAAC;QAC5C,CAAC,CAAC,IAAI,4BAA4B,CAAC,QAAQ,CAAC,CAAA;IAEhD,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,cAAc,CAAC,CAAA;IACjD,CAAC;IAED,MAAM,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAA;IAChE,MAAM,gBAAgB,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAA;IAEhF,MAAM,mBAAmB,CACvB,mBAAmB,EACnB,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,QAAQ,EAAE,OAAO,CAAC,kBAAkB,EAAE,EAC1E,WAAW,CACZ,CAAA;IAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAA;IAEzE,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,SAAS,EAAE,SAAS,CAAC,SAAS,GAAG,mBAAmB,CAAC,MAAM;QAC3D,MAAM,EAAE,SAAS,CAAC,MAAM;QACxB,OAAO,EAAE,SAAS,CAAC,OAAO;KAC3B,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import type { ReviewAction } from '../../../modules/review-execution/entities/reviewAction/reviewAction.js';
|
|
2
|
+
import type { Provenance } from '../../../modules/review-execution/entities/actionProvenance/actionProvenance.js';
|
|
3
|
+
import type { ThreadInventoryGateway } from '../../../modules/review-execution/entities/threadInventory/threadInventory.gateway.js';
|
|
4
|
+
import { type ExecutionContext, type ExecutionResult, type CommandExecutor } from '../../../modules/review-execution/services/threadActionsExecutor.js';
|
|
5
|
+
import type { NoteCommentPostGateway } from '../../../modules/platform-integration/entities/noteComment/noteCommentPost.gateway.js';
|
|
6
|
+
interface DispatchLogger {
|
|
7
|
+
info: (obj: object, message: string) => void;
|
|
8
|
+
warn: (obj: object, message: string) => void;
|
|
9
|
+
error: (obj: object, message: string) => void;
|
|
10
|
+
debug: (obj: object, message: string) => void;
|
|
11
|
+
}
|
|
12
|
+
export interface DispatchOptions {
|
|
13
|
+
context: ExecutionContext;
|
|
14
|
+
provenance: Provenance;
|
|
15
|
+
inventoryGateway: ThreadInventoryGateway;
|
|
16
|
+
logger: DispatchLogger;
|
|
17
|
+
executor: CommandExecutor;
|
|
18
|
+
postGateway?: NoteCommentPostGateway | null;
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Single chokepoint between parsed LLM actions and live write commands.
|
|
22
|
+
*
|
|
23
|
+
* Resolves the authenticated MR thread inventory (fail-closed), bounds the action
|
|
24
|
+
* surface against provenance + that inventory, then dispatches only the surviving
|
|
25
|
+
* actions to the executor. Forged or out-of-MR thread ids never reach a live write.
|
|
26
|
+
* Public-output verbs that survive are routed through the scanned post sink.
|
|
27
|
+
*/
|
|
28
|
+
export declare function dispatchConstrainedActions(actions: ReviewAction[], options: DispatchOptions): Promise<ExecutionResult>;
|
|
29
|
+
export {};
|
|
30
|
+
//# sourceMappingURL=dispatchConstrainedActions.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dispatchConstrainedActions.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/dispatchConstrainedActions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAA;AACpG,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,0EAA0E,CAAA;AAC1G,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gFAAgF,CAAA;AAG5H,OAAO,EAEL,KAAK,gBAAgB,EACrB,KAAK,eAAe,EACpB,KAAK,eAAe,EACrB,MAAM,8DAA8D,CAAA;AACrE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gFAAgF,CAAA;AAE5H,UAAU,cAAc;IACtB,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAA;IAC5C,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAA;IAC5C,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAA;IAC7C,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAA;CAC9C;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,gBAAgB,CAAA;IACzB,UAAU,EAAE,UAAU,CAAA;IACtB,gBAAgB,EAAE,sBAAsB,CAAA;IACxC,MAAM,EAAE,cAAc,CAAA;IACtB,QAAQ,EAAE,eAAe,CAAA;IACzB,WAAW,CAAC,EAAE,sBAAsB,GAAG,IAAI,CAAA;CAC5C;AAED;;;;;;;GAOG;AACH,wBAAsB,0BAA0B,CAC9C,OAAO,EAAE,YAAY,EAAE,EACvB,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,eAAe,CAAC,CAc1B"}
|