npm - reviewflow - Versions diffs - 3.32.0 → 3.33.0 - Mend

reviewflow 3.32.0 → 3.33.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (313) hide show

package/dist/modules/review-execution/services/dispatchConstrainedActions.js ADDED Viewed

@@ -0,0 +1,20 @@
+import { constrainActionSurface } from '../../../modules/review-execution/services/constrainActionSurface.js';
+import { resolveThreadInventory } from '../../../modules/review-execution/services/resolveThreadInventory.js';
+import { executeThreadActions, } from '../../../modules/review-execution/services/threadActionsExecutor.js';
+/**
+ * Single chokepoint between parsed LLM actions and live write commands.
+ *
+ * Resolves the authenticated MR thread inventory (fail-closed), bounds the action
+ * surface against provenance + that inventory, then dispatches only the surviving
+ * actions to the executor. Forged or out-of-MR thread ids never reach a live write.
+ * Public-output verbs that survive are routed through the scanned post sink.
+ */
+export async function dispatchConstrainedActions(actions, options) {
+    const { context, provenance, inventoryGateway, logger, executor, postGateway = null } = options;
+    const threadInventory = resolveThreadInventory(inventoryGateway, { projectPath: context.projectPath, mrNumber: context.mrNumber }, logger);
+    const constrained = constrainActionSurface(actions, { provenance, threadInventory });
+    return executeThreadActions(constrained, context, logger, executor, postGateway, {
+        skipAutoCapabilityFilter: true,
+    });
+}
+//# sourceMappingURL=dispatchConstrainedActions.js.map

package/dist/modules/review-execution/services/dispatchConstrainedActions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"dispatchConstrainedActions.js","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/dispatchConstrainedActions.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,sBAAsB,EAAE,MAAM,+DAA+D,CAAA;AACtG,OAAO,EAAE,sBAAsB,EAAE,MAAM,+DAA+D,CAAA;AACtG,OAAO,EACL,oBAAoB,GAIrB,MAAM,8DAA8D,CAAA;AAmBrE;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,OAAuB,EACvB,OAAwB;IAExB,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,GAAG,IAAI,EAAE,GAAG,OAAO,CAAA;IAE/F,MAAM,eAAe,GAAG,sBAAsB,CAC5C,gBAAgB,EAChB,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,EAChE,MAAM,CACP,CAAA;IAED,MAAM,WAAW,GAAG,sBAAsB,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC,CAAA;IAEpF,OAAO,oBAAoB,CAAC,WAAW,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE;QAC/E,wBAAwB,EAAE,IAAI;KAC/B,CAAC,CAAA;AACJ,CAAC"}

package/dist/modules/review-execution/services/publicOutputExecutor.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { ReviewAction } from '../../../modules/review-execution/entities/reviewAction/reviewAction.js';
+import type { NoteCommentPostGateway } from '../../../modules/platform-integration/entities/noteComment/noteCommentPost.gateway.js';
+export type PublicOutputAction = ReviewAction;
+export interface PublicOutputContext {
+    projectPath: string;
+    mrNumber: number;
+}
+export declare function isPublicOutputAction(action: ReviewAction): boolean;
+export declare function executePublicOutput(actions: PublicOutputAction[], context: PublicOutputContext, postGateway: NoteCommentPostGateway): Promise<void>;
+//# sourceMappingURL=publicOutputExecutor.d.ts.map

package/dist/modules/review-execution/services/publicOutputExecutor.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"publicOutputExecutor.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/publicOutputExecutor.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAC;AACrG,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gFAAgF,CAAC;AAE7H,MAAM,MAAM,kBAAkB,GAAG,YAAY,CAAC;AAE9C,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAaD,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAElE;AAED,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,kBAAkB,EAAE,EAC7B,OAAO,EAAE,mBAAmB,EAC5B,WAAW,EAAE,sBAAsB,GAClC,OAAO,CAAC,IAAI,CAAC,CAYf"}

package/dist/modules/review-execution/services/publicOutputExecutor.js ADDED Viewed

@@ -0,0 +1,27 @@
+function publicOutputBody(action) {
+    switch (action.type) {
+        case 'POST_COMMENT':
+            return action.body;
+        case 'THREAD_REPLY':
+            return action.message;
+        default:
+            return null;
+    }
+}
+export function isPublicOutputAction(action) {
+    return publicOutputBody(action) !== null;
+}
+export async function executePublicOutput(actions, context, postGateway) {
+    for (const action of actions) {
+        const body = publicOutputBody(action);
+        if (body === null) {
+            continue;
+        }
+        await postGateway.postComment({
+            projectPath: context.projectPath,
+            mrNumber: context.mrNumber,
+            body,
+        });
+    }
+}
+//# sourceMappingURL=publicOutputExecutor.js.map

package/dist/modules/review-execution/services/publicOutputExecutor.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"publicOutputExecutor.js","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/publicOutputExecutor.ts"],"names":[],"mappings":"AAUA,SAAS,gBAAgB,CAAC,MAAoB;IAC5C,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,cAAc;YACjB,OAAO,MAAM,CAAC,IAAI,CAAC;QACrB,KAAK,cAAc;YACjB,OAAO,MAAM,CAAC,OAAO,CAAC;QACxB;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,MAAoB;IACvD,OAAO,gBAAgB,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAA6B,EAC7B,OAA4B,EAC5B,WAAmC;IAEnC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACtC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAClB,SAAS;QACX,CAAC;QACD,MAAM,WAAW,CAAC,WAAW,CAAC;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,IAAI;SACL,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}

package/dist/modules/review-execution/services/resolveThreadInventory.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import type { ThreadInventoryGateway } from '../../../modules/review-execution/entities/threadInventory/threadInventory.gateway.js';
+export interface PinnedMergeRequest {
+    projectPath: string;
+    mrNumber: number;
+}
+interface InventoryLogger {
+    error: (obj: object, message: string) => void;
+}
+/**
+ * Resolves the authenticated MR thread inventory, fail-closed.
+ *
+ * The inventory is built ONLY from the authenticated gateway, never from the
+ * inbound webhook payload. It is either provably complete (every advertised page
+ * followed) or provably empty. Any failure — fetch error, page-count mismatch,
+ * undelivered page — resolves to the empty set with no payload/partial fallback.
+ */
+export declare function resolveThreadInventory(gateway: ThreadInventoryGateway, pinned: PinnedMergeRequest, logger: InventoryLogger): ReadonlySet<string>;
+export {};
+//# sourceMappingURL=resolveThreadInventory.d.ts.map

package/dist/modules/review-execution/services/resolveThreadInventory.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"resolveThreadInventory.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/resolveThreadInventory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gFAAgF,CAAA;AAE5H,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,UAAU,eAAe;IACvB,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAA;CAC9C;AAID;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,OAAO,EAAE,sBAAsB,EAC/B,MAAM,EAAE,kBAAkB,EAC1B,MAAM,EAAE,eAAe,GACtB,WAAW,CAAC,MAAM,CAAC,CAsCrB"}

package/dist/modules/review-execution/services/resolveThreadInventory.js ADDED Viewed

@@ -0,0 +1,39 @@
+const MAX_PAGES = 100;
+/**
+ * Resolves the authenticated MR thread inventory, fail-closed.
+ *
+ * The inventory is built ONLY from the authenticated gateway, never from the
+ * inbound webhook payload. It is either provably complete (every advertised page
+ * followed) or provably empty. Any failure — fetch error, page-count mismatch,
+ * undelivered page — resolves to the empty set with no payload/partial fallback.
+ */
+export function resolveThreadInventory(gateway, pinned, logger) {
+    try {
+        const first = gateway.fetchPage(pinned.projectPath, pinned.mrNumber, 1);
+        const totalPages = first.totalPages;
+        const ids = new Set(first.threadIds);
+        if (totalPages < 1 || totalPages > MAX_PAGES) {
+            logger.error({ projectPath: pinned.projectPath, mrNumber: pinned.mrNumber, totalPages }, 'thread inventory: implausible page count, failing closed to empty inventory');
+            return new Set();
+        }
+        for (let page = 2; page <= totalPages; page++) {
+            const next = gateway.fetchPage(pinned.projectPath, pinned.mrNumber, page);
+            if (next.totalPages !== totalPages) {
+                logger.error({ projectPath: pinned.projectPath, mrNumber: pinned.mrNumber, page }, 'thread inventory: page-count mismatch, failing closed to empty inventory');
+                return new Set();
+            }
+            for (const id of next.threadIds)
+                ids.add(id);
+        }
+        return ids;
+    }
+    catch (error) {
+        logger.error({
+            projectPath: pinned.projectPath,
+            mrNumber: pinned.mrNumber,
+            error: error instanceof Error ? error.message : String(error),
+        }, 'thread inventory: fetch failed, failing closed to empty inventory');
+        return new Set();
+    }
+}
+//# sourceMappingURL=resolveThreadInventory.js.map

package/dist/modules/review-execution/services/resolveThreadInventory.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"resolveThreadInventory.js","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/resolveThreadInventory.ts"],"names":[],"mappings":"AAWA,MAAM,SAAS,GAAG,GAAG,CAAA;AAErB;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CACpC,OAA+B,EAC/B,MAA0B,EAC1B,MAAuB;IAEvB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAA;QACvE,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAA;QACnC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAS,KAAK,CAAC,SAAS,CAAC,CAAA;QAE5C,IAAI,UAAU,GAAG,CAAC,IAAI,UAAU,GAAG,SAAS,EAAE,CAAC;YAC7C,MAAM,CAAC,KAAK,CACV,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,UAAU,EAAE,EAC1E,6EAA6E,CAC9E,CAAA;YACD,OAAO,IAAI,GAAG,EAAU,CAAA;QAC1B,CAAC;QAED,KAAK,IAAI,IAAI,GAAG,CAAC,EAAE,IAAI,IAAI,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC;YAC9C,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;YACzE,IAAI,IAAI,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;gBACnC,MAAM,CAAC,KAAK,CACV,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,EACpE,0EAA0E,CAC3E,CAAA;gBACD,OAAO,IAAI,GAAG,EAAU,CAAA;YAC1B,CAAC;YACD,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,SAAS;gBAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;QAC9C,CAAC;QAED,OAAO,GAAG,CAAA;IACZ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CACV;YACE,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,EACD,mEAAmE,CACpE,CAAA;QACD,OAAO,IAAI,GAAG,EAAU,CAAA;IAC1B,CAAC;AACH,CAAC"}

package/dist/modules/review-execution/services/threadActionsExecutor.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import type { ReviewAction } from '../../../modules/review-execution/entities/reviewAction/reviewAction.js';
 import type { ExecutionResult, CommandExecutor } from '../../../modules/review-execution/entities/reviewAction/reviewAction.gateway.js';
+import type { NoteCommentPostGateway } from '../../../modules/platform-integration/entities/noteComment/noteCommentPost.gateway.js';
 /**
  * @deprecated Use ReviewAction instead
  */
@@ -12,6 +13,15 @@ export interface ExecutionContext {
     diffMetadata?: import('../../../modules/review-execution/entities/reviewContext/reviewContext.js').DiffMetadata;
 }
 export type { ExecutionResult, CommandExecutor };
+export interface ExecuteThreadActionsOptions {
+    /**
+     * Skip the auto-path capability filter (SPEC-196). Set by the constrained
+     * dispatch chokepoint (SPEC-198), where provenance + authenticated-inventory
+     * validation has already bounded the surface and must NOT be re-narrowed by
+     * the auto-path read+postComment gate.
+     */
+    skipAutoCapabilityFilter?: boolean;
+}
 interface Logger {
     info: (obj: object, msg: string) => void;
     warn: (obj: object, msg: string) => void;
@@ -21,6 +31,6 @@ interface Logger {
 /**
  * @deprecated Use GitLabReviewActionCliGateway or GitHubReviewActionCliGateway directly
  */
-export declare function executeThreadActions(actions: ThreadAction[], context: ExecutionContext, _logger: Logger, executor: CommandExecutor): Promise<ExecutionResult>;
+export declare function executeThreadActions(actions: ThreadAction[], context: ExecutionContext, logger: Logger, executor: CommandExecutor, postGateway?: NoteCommentPostGateway | null, options?: ExecuteThreadActionsOptions): Promise<ExecutionResult>;
 export declare const defaultCommandExecutor: CommandExecutor;
 //# sourceMappingURL=threadActionsExecutor.d.ts.map

package/dist/modules/review-execution/services/threadActionsExecutor.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"threadActionsExecutor.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/threadActionsExecutor.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAA;AAGpG,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAA+C,MAAM,0EAA0E,CAAA;~~AAI7K~~;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,YAAY,CAAA;AAEvC,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,QAAQ,GAAG,QAAQ,CAAA;IAC7B,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,OAAO,oEAAoE,EAAE,YAAY,CAAA;CACzG;AAED,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,CAAA;AAEhD,UAAU,MAAM;IACd,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACxC,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACxC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACzC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;CAC1C;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,YAAY,EAAE,EACvB,OAAO,EAAE,gBAAgB,EACzB,~~OAAO~~,EAAE,MAAM,~~EACf~~,QAAQ,EAAE,eAAe,~~GACxB~~,OAAO,CAAC,eAAe,CAAC,~~CAe1B~~;AAED,eAAO,MAAM,sBAAsB,EAAE,eAUpC,CAAA"}
1	+ {"version":3,"file":"threadActionsExecutor.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/threadActionsExecutor.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAA;AAGpG,OAAO,KAAK,EAAE,eAAe,EAAE,eAAe,EAA+C,MAAM,0EAA0E,CAAA;AAC7K,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gFAAgF,CAAA;AAM5H;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,YAAY,CAAA;AAEvC,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,QAAQ,GAAG,QAAQ,CAAA;IAC7B,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,YAAY,CAAC,EAAE,OAAO,oEAAoE,EAAE,YAAY,CAAA;CACzG;AAED,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,CAAA;AAEhD,MAAM,WAAW,2BAA2B;IAC1C;;;;;OAKG;IACH,wBAAwB,CAAC,EAAE,OAAO,CAAA;CACnC;AAED,UAAU,MAAM;IACd,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACxC,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACxC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IACzC,KAAK,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;CAC1C;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,YAAY,EAAE,EACvB,OAAO,EAAE,gBAAgB,EACzB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,eAAe,EACzB,WAAW,GAAE,sBAAsB,GAAG,IAAW,EACjD,OAAO,GAAE,2BAAgC,GACxC,OAAO,CAAC,eAAe,CAAC,CA+C1B;AAED,eAAO,MAAM,sBAAsB,EAAE,eAUpC,CAAA"}

package/dist/modules/review-execution/services/threadActionsExecutor.js CHANGED Viewed

@@ -1,11 +1,13 @@
 import { execSync } from 'node:child_process';
 import { GitLabReviewActionCliGateway } from '../../../modules/review-execution/interface-adapters/gateways/cli/reviewAction.gitlab.cli.gateway.js';
 import { GitHubReviewActionCliGateway } from '../../../modules/review-execution/interface-adapters/gateways/cli/reviewAction.github.cli.gateway.js';
+import { executePublicOutput, isPublicOutputAction } from '../../../modules/review-execution/services/publicOutputExecutor.js';
+import { filterAutoExecutorActions } from '../../../modules/platform-integration/services/autoExecutorActionFilter.js';
 const COMMAND_TIMEOUT_MS = 30000;
 /**
  * @deprecated Use GitLabReviewActionCliGateway or GitHubReviewActionCliGateway directly
  */
-export async function executeThreadActions(actions, context, _logger, executor) {
+export async function executeThreadActions(actions, context, logger, executor, postGateway = null, options = {}) {
     const gatewayContext = {
         projectPath: context.projectPath,
         mrNumber: context.mrNumber,
@@ -13,10 +15,30 @@ export async function executeThreadActions(actions, context, _logger, executor)
         diffMetadata: context.diffMetadata,
         baseUrl: null,
     };
+    let effectiveActions = actions;
+    if (!options.skipAutoCapabilityFilter) {
+        const { allowed, dropped } = filterAutoExecutorActions(actions);
+        if (dropped.length > 0) {
+            logger.warn({ droppedTypes: dropped.map(action => action.type) }, 'Auto executor dropped write-capable actions outside the read+postComment capability set');
+        }
+        effectiveActions = allowed;
+    }
     const gateway = context.platform === 'gitlab'
         ? new GitLabReviewActionCliGateway(executor)
         : new GitHubReviewActionCliGateway(executor);
-    return gateway.execute(actions, gatewayContext);
+    if (postGateway === null) {
+        return gateway.execute(effectiveActions, gatewayContext);
+    }
+    const publicOutputActions = effectiveActions.filter(isPublicOutputAction);
+    const remainingActions = effectiveActions.filter(action => !isPublicOutputAction(action));
+    await executePublicOutput(publicOutputActions, { projectPath: context.projectPath, mrNumber: context.mrNumber }, postGateway);
+    const cliResult = await gateway.execute(remainingActions, gatewayContext);
+    return {
+        total: effectiveActions.length,
+        succeeded: cliResult.succeeded + publicOutputActions.length,
+        failed: cliResult.failed,
+        skipped: cliResult.skipped,
+    };
 }
 export const defaultCommandExecutor = (command, args, cwd) => {
     execSync(`${command} ${args.map(a => `'${a.replace(/'/g, "'\\''")}'`).join(' ')}`, {

package/dist/modules/review-execution/services/threadActionsExecutor.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"threadActionsExecutor.js","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/threadActionsExecutor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAE7C,OAAO,EAAE,4BAA4B,EAAE,MAAM,+FAA+F,CAAA;AAC5I,OAAO,EAAE,4BAA4B,EAAE,MAAM,+FAA+F,CAAA;AAG5I,MAAM,kBAAkB,GAAG,KAAK,CAAA;~~AAwBhC~~;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAuB,EACvB,OAAyB,EACzB,~~OAAe~~,~~EACf~~,QAAyB;~~IAEzB~~,MAAM,cAAc,GAA4B;QAC9C,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,OAAO,EAAE,IAAI;KACd,CAAA;IAED,MAAM,OAAO,GACX,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAC3B,CAAC,CAAC,IAAI,4BAA4B,CAAC,QAAQ,CAAC;QAC5C,CAAC,CAAC,IAAI,4BAA4B,CAAC,QAAQ,CAAC,CAAA;IAEhD,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,cAAc,CAAC,CAAA;~~AACjD~~,CAAC;AAED,MAAM,CAAC,MAAM,sBAAsB,GAAoB,CACrD,OAAe,EACf,IAAc,EACd,GAAW,EACL,EAAE;IACR,QAAQ,CAAC,GAAG,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE;QACjF,GAAG;QACH,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,kBAAkB;KAC5B,CAAC,CAAA;AACJ,CAAC,CAAA"}
1	+ {"version":3,"file":"threadActionsExecutor.js","sourceRoot":"","sources":["../../../../src/modules/review-execution/services/threadActionsExecutor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAE7C,OAAO,EAAE,4BAA4B,EAAE,MAAM,+FAA+F,CAAA;AAC5I,OAAO,EAAE,4BAA4B,EAAE,MAAM,+FAA+F,CAAA;AAG5I,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,6DAA6D,CAAA;AACvH,OAAO,EAAE,yBAAyB,EAAE,MAAM,qEAAqE,CAAA;AAE/G,MAAM,kBAAkB,GAAG,KAAK,CAAA;AAkChC;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAAuB,EACvB,OAAyB,EACzB,MAAc,EACd,QAAyB,EACzB,cAA6C,IAAI,EACjD,UAAuC,EAAE;IAEzC,MAAM,cAAc,GAA4B;QAC9C,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,OAAO,EAAE,IAAI;KACd,CAAA;IAED,IAAI,gBAAgB,GAAG,OAAO,CAAA;IAC9B,IAAI,CAAC,OAAO,CAAC,wBAAwB,EAAE,CAAC;QACtC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAA;QAC/D,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CACT,EAAE,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,EACpD,yFAAyF,CAC1F,CAAA;QACH,CAAC;QACD,gBAAgB,GAAG,OAAO,CAAA;IAC5B,CAAC;IAED,MAAM,OAAO,GACX,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAC3B,CAAC,CAAC,IAAI,4BAA4B,CAAC,QAAQ,CAAC;QAC5C,CAAC,CAAC,IAAI,4BAA4B,CAAC,QAAQ,CAAC,CAAA;IAEhD,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,OAAO,OAAO,CAAC,OAAO,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAA;IAC1D,CAAC;IAED,MAAM,mBAAmB,GAAG,gBAAgB,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAA;IACzE,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAA;IAEzF,MAAM,mBAAmB,CACvB,mBAAmB,EACnB,EAAE,WAAW,EAAE,OAAO,CAAC,WAAW,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,EAChE,WAAW,CACZ,CAAA;IAED,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAA;IAEzE,OAAO;QACL,KAAK,EAAE,gBAAgB,CAAC,MAAM;QAC9B,SAAS,EAAE,SAAS,CAAC,SAAS,GAAG,mBAAmB,CAAC,MAAM;QAC3D,MAAM,EAAE,SAAS,CAAC,MAAM;QACxB,OAAO,EAAE,SAAS,CAAC,OAAO;KAC3B,CAAA;AACH,CAAC;AAED,MAAM,CAAC,MAAM,sBAAsB,GAAoB,CACrD,OAAe,EACf,IAAc,EACd,GAAW,EACL,EAAE;IACR,QAAQ,CAAC,GAAG,OAAO,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE;QACjF,GAAG;QACH,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,kBAAkB;KAC5B,CAAC,CAAA;AACJ,CAAC,CAAA"}

package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.d.ts CHANGED Viewed

@@ -17,6 +17,12 @@ export interface GateClaudeInvocationInput {
     job: ReviewJob;
     triggerSource: TriggerSource;
     processor: GateClaudeInvocationProcessor;
+    /**
+     * Trigger-actor provenance verdict (SPEC-197). When explicitly `false` the job
+     * is parked pending regardless of triggerMode: a non-trusted actor never
+     * auto-runs. `undefined`/`true` preserves the existing triggerMode behaviour.
+     */
+    actorTrusted?: boolean;
 }
 export type GateClaudeInvocationResult = {
     status: 'enqueued';

package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"gateClaudeInvocation.usecase.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/usecases/gateClaudeInvocation.usecase.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AACnC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qCAAqC,CAAC;AAErE,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,0FAA0F,CAAC;AAC5I,OAAO,KAAK,EACV,oBAAoB,EACpB,aAAa,EACd,MAAM,yFAAyF,CAAC;AAEjG,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,WAAW,CAAC;AAEpD,MAAM,MAAM,6BAA6B,GAAG,CAC1C,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,WAAW,KAChB,OAAO,CAAC,IAAI,CAAC,CAAC;AAEnB,MAAM,MAAM,qBAAqB,GAAG,CAClC,GAAG,EAAE,SAAS,EACd,SAAS,EAAE,6BAA6B,KACrC,OAAO,CAAC,OAAO,CAAC,CAAC;AAEtB,MAAM,WAAW,gCAAgC;IAC/C,WAAW,EAAE,WAAW,CAAC;IACzB,2BAA2B,EAAE,2BAA2B,CAAC;IACzD,OAAO,EAAE,qBAAqB,CAAC;IAC/B,uBAAuB,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,IAAI,CAAC;IACjE,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,IAAI,CAAC;CACpB;AAED,MAAM,WAAW,yBAAyB;IACxC,GAAG,EAAE,SAAS,CAAC;IACf,aAAa,EAAE,aAAa,CAAC;IAC7B,SAAS,EAAE,6BAA6B,CAAC;~~CAC1C~~;AAED,MAAM,MAAM,0BAA0B,GAClC;IAAE,MAAM,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GACrC;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GACxC;IAAE,MAAM,EAAE,UAAU,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAM3C,qBAAa,2BAA2B;IAC1B,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,gCAAgC;IAE7D,OAAO,CAAC,KAAK,EAAE,yBAAyB,GAAG,OAAO,CAAC,0BAA0B,CAAC;~~CAgCrF~~"}
1	+ {"version":3,"file":"gateClaudeInvocation.usecase.d.ts","sourceRoot":"","sources":["../../../../src/modules/review-execution/usecases/gateClaudeInvocation.usecase.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AACnC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qCAAqC,CAAC;AAErE,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,0FAA0F,CAAC;AAC5I,OAAO,KAAK,EACV,oBAAoB,EACpB,aAAa,EACd,MAAM,yFAAyF,CAAC;AAEjG,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,WAAW,CAAC;AAEpD,MAAM,MAAM,6BAA6B,GAAG,CAC1C,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,WAAW,KAChB,OAAO,CAAC,IAAI,CAAC,CAAC;AAEnB,MAAM,MAAM,qBAAqB,GAAG,CAClC,GAAG,EAAE,SAAS,EACd,SAAS,EAAE,6BAA6B,KACrC,OAAO,CAAC,OAAO,CAAC,CAAC;AAEtB,MAAM,WAAW,gCAAgC;IAC/C,WAAW,EAAE,WAAW,CAAC;IACzB,2BAA2B,EAAE,2BAA2B,CAAC;IACzD,OAAO,EAAE,qBAAqB,CAAC;IAC/B,uBAAuB,EAAE,CAAC,OAAO,EAAE,oBAAoB,KAAK,IAAI,CAAC;IACjE,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,IAAI,CAAC;CACpB;AAED,MAAM,WAAW,yBAAyB;IACxC,GAAG,EAAE,SAAS,CAAC;IACf,aAAa,EAAE,aAAa,CAAC;IAC7B,SAAS,EAAE,6BAA6B,CAAC;IACzC;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,MAAM,0BAA0B,GAClC;IAAE,MAAM,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GACrC;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,GACxC;IAAE,MAAM,EAAE,UAAU,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAM3C,qBAAa,2BAA2B;IAC1B,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,gCAAgC;IAE7D,OAAO,CAAC,KAAK,EAAE,yBAAyB,GAAG,OAAO,CAAC,0BAA0B,CAAC;CAkCrF"}

package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.js CHANGED Viewed

@@ -9,7 +9,8 @@ export class GateClaudeInvocationUseCase {
     }
     async execute(input) {
         const { triggerMode, pendingReviewRequestGateway, enqueue, broadcastPendingChanged, logger } = this.deps;
-        if (triggerMode === 'full-auto') {
+        const actorParks = input.actorTrusted === false;
+        if (triggerMode === 'full-auto' && !actorParks) {
             const enqueued = await enqueue(input.job, input.processor);
             if (!enqueued) {
                 logger.info({ jobId: input.job.id }, 'Job rejected by queue (deduplicated or already active)');

package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"gateClaudeInvocation.usecase.js","sourceRoot":"","sources":["../../../../src/modules/review-execution/usecases/gateClaudeInvocation.usecase.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;~~AAuCnE~~,SAAS,cAAc,CAAC,KAAa;IACnC,OAAO,WAAW,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,OAAO,2BAA2B;IACT;IAA7B,YAA6B,IAAsC;QAAtC,SAAI,GAAJ,IAAI,CAAkC;IAAG,CAAC;IAEvE,KAAK,CAAC,OAAO,CAAC,KAAgC;QAC5C,MAAM,EAAE,WAAW,EAAE,2BAA2B,EAAE,OAAO,EAAE,uBAAuB,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC;QAEzG,IAAI,WAAW,KAAK,WAAW,EAAE,CAAC;~~YAChC~~,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;YAC3D,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,wDAAwD,CAAC,CAAC;gBAC/F,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,wDAAwD,EAAE,CAAC;YAClG,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;QAC1E,MAAM,OAAO,GAAyB;YACpC,sBAAsB,EAAE,SAAS;YACjC,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,OAAO,IAAI,QAAQ;YACtC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,QAAQ;YAC5B,aAAa,EAAE,KAAK,CAAC,aAAa;YAClC,SAAS;SACV,CAAC;QAEF,MAAM,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChD,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACjC,MAAM,CAAC,IAAI,CACT,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,EACtE,+DAA+D,CAChE,CAAC;QAEF,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;CACF"}
1	+ {"version":3,"file":"gateClaudeInvocation.usecase.js","sourceRoot":"","sources":["../../../../src/modules/review-execution/usecases/gateClaudeInvocation.usecase.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;AA6CnE,SAAS,cAAc,CAAC,KAAa;IACnC,OAAO,WAAW,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,OAAO,2BAA2B;IACT;IAA7B,YAA6B,IAAsC;QAAtC,SAAI,GAAJ,IAAI,CAAkC;IAAG,CAAC;IAEvE,KAAK,CAAC,OAAO,CAAC,KAAgC;QAC5C,MAAM,EAAE,WAAW,EAAE,2BAA2B,EAAE,OAAO,EAAE,uBAAuB,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC;QAEzG,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,KAAK,KAAK,CAAC;QAEhD,IAAI,WAAW,KAAK,WAAW,IAAI,CAAC,UAAU,EAAE,CAAC;YAC/C,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;YAC3D,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,wDAAwD,CAAC,CAAC;gBAC/F,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,wDAAwD,EAAE,CAAC;YAClG,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,SAAS,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/C,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;QAC1E,MAAM,OAAO,GAAyB;YACpC,sBAAsB,EAAE,SAAS;YACjC,GAAG,EAAE,KAAK,CAAC,GAAG;YACd,OAAO,EAAE,KAAK,CAAC,GAAG,CAAC,OAAO,IAAI,QAAQ;YACtC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,QAAQ;YAC5B,aAAa,EAAE,KAAK,CAAC,aAAa;YAClC,SAAS;SACV,CAAC;QAEF,MAAM,2BAA2B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAChD,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACjC,MAAM,CAAC,IAAI,CACT,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,EACtE,+DAA+D,CAChE,CAAC;QAEF,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;CACF"}

package/dist/security/gitlabWebhookTokenSource.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Reads the current GitLab webhook token from the process environment on every
+ * call so the secret can be rotated without redeploying or restarting the
+ * process: an operator updates GITLAB_WEBHOOK_TOKEN (and the GitLab webhook
+ * secret), and the next verification already uses the new value.
+ */
+export declare function currentGitlabWebhookToken(): string | null;
+export declare function __resetGitlabTokenCacheForTests(): void;
+//# sourceMappingURL=gitlabWebhookTokenSource.d.ts.map

package/dist/security/gitlabWebhookTokenSource.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"gitlabWebhookTokenSource.d.ts","sourceRoot":"","sources":["../../src/security/gitlabWebhookTokenSource.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,yBAAyB,IAAI,MAAM,GAAG,IAAI,CAGzD;AAED,wBAAgB,+BAA+B,IAAI,IAAI,CAGtD"}

package/dist/security/gitlabWebhookTokenSource.js ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * Reads the current GitLab webhook token from the process environment on every
+ * call so the secret can be rotated without redeploying or restarting the
+ * process: an operator updates GITLAB_WEBHOOK_TOKEN (and the GitLab webhook
+ * secret), and the next verification already uses the new value.
+ */
+export function currentGitlabWebhookToken() {
+    const token = process.env.GITLAB_WEBHOOK_TOKEN;
+    return typeof token === 'string' && token.length > 0 ? token : null;
+}
+export function __resetGitlabTokenCacheForTests() {
+    // No cache is kept; the token is read fresh on every call. This hook exists
+    // so rotation tests document the no-capture contract explicitly.
+}
+//# sourceMappingURL=gitlabWebhookTokenSource.js.map

package/dist/security/gitlabWebhookTokenSource.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gitlabWebhookTokenSource.js","sourceRoot":"","sources":["../../src/security/gitlabWebhookTokenSource.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB;IACvC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IAC/C,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,+BAA+B;IAC7C,4EAA4E;IAC5E,iEAAiE;AACnE,CAAC"}

package/dist/security/transportGuardConfig.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { TransportGuardConfig } from '../modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.js';
+export declare const DEFAULT_LOOPBACK_HOP = "127.0.0.1";
+/**
+ * The single trusted hop the app accepts connections from. Scoped to the
+ * loopback reverse proxy only; never a broad subnet, never `true`.
+ */
+export declare function resolveTrustedHopAddress(): string;
+export declare function resolveAllowedCidrRanges(): string[];
+export declare function resolveTransportGuardConfig(): TransportGuardConfig;
+/**
+ * The value handed to Fastify's `trustProxy` option. It is always the single
+ * loopback hop, never `true` and never an arbitrary/broad value, so Express-style
+ * derived request attributes cannot be inflated from client-supplied headers.
+ */
+export declare function transportTrustProxyValue(): string;
+//# sourceMappingURL=transportGuardConfig.d.ts.map

package/dist/security/transportGuardConfig.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"transportGuardConfig.d.ts","sourceRoot":"","sources":["../../src/security/transportGuardConfig.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,oGAAoG,CAAC;AAE/I,eAAO,MAAM,oBAAoB,cAAc,CAAC;AAYhD;;;GAGG;AACH,wBAAgB,wBAAwB,IAAI,MAAM,CAKjD;AAED,wBAAgB,wBAAwB,IAAI,MAAM,EAAE,CAEnD;AAED,wBAAgB,2BAA2B,IAAI,oBAAoB,CAKlE;AAED;;;;GAIG;AACH,wBAAgB,wBAAwB,IAAI,MAAM,CAEjD"}

package/dist/security/transportGuardConfig.js ADDED Viewed

@@ -0,0 +1,38 @@
+export const DEFAULT_LOOPBACK_HOP = '127.0.0.1';
+function parseCidrRanges(raw) {
+    if (!raw) {
+        return [];
+    }
+    return raw
+        .split(',')
+        .map((range) => range.trim())
+        .filter((range) => range.length > 0);
+}
+/**
+ * The single trusted hop the app accepts connections from. Scoped to the
+ * loopback reverse proxy only; never a broad subnet, never `true`.
+ */
+export function resolveTrustedHopAddress() {
+    const configured = process.env.WEBHOOK_TRUSTED_HOP;
+    return typeof configured === 'string' && configured.length > 0
+        ? configured
+        : DEFAULT_LOOPBACK_HOP;
+}
+export function resolveAllowedCidrRanges() {
+    return parseCidrRanges(process.env.WEBHOOK_ALLOWED_CIDR_RANGES);
+}
+export function resolveTransportGuardConfig() {
+    return {
+        trustedHopAddress: resolveTrustedHopAddress(),
+        allowedCidrRanges: resolveAllowedCidrRanges(),
+    };
+}
+/**
+ * The value handed to Fastify's `trustProxy` option. It is always the single
+ * loopback hop, never `true` and never an arbitrary/broad value, so Express-style
+ * derived request attributes cannot be inflated from client-supplied headers.
+ */
+export function transportTrustProxyValue() {
+    return resolveTrustedHopAddress();
+}
+//# sourceMappingURL=transportGuardConfig.js.map

package/dist/security/transportGuardConfig.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"transportGuardConfig.js","sourceRoot":"","sources":["../../src/security/transportGuardConfig.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,oBAAoB,GAAG,WAAW,CAAC;AAEhD,SAAS,eAAe,CAAC,GAAuB;IAC9C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,OAAO,GAAG;SACP,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACzC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,wBAAwB;IACtC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IACnD,OAAO,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;QAC5D,CAAC,CAAC,UAAU;QACZ,CAAC,CAAC,oBAAoB,CAAC;AAC3B,CAAC;AAED,MAAM,UAAU,wBAAwB;IACtC,OAAO,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC,CAAC;AAClE,CAAC;AAED,MAAM,UAAU,2BAA2B;IACzC,OAAO;QACL,iBAAiB,EAAE,wBAAwB,EAAE;QAC7C,iBAAiB,EAAE,wBAAwB,EAAE;KAC9C,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO,wBAAwB,EAAE,CAAC;AACpC,CAAC"}

package/dist/security/verifier.d.ts CHANGED Viewed

@@ -4,8 +4,10 @@ export interface VerificationResult {
     error?: string;
 }
 /**
- * Verify GitLab webhook signature
- * GitLab uses a simple secret token sent in the X-Gitlab-Token header
+ * Verify GitLab webhook signature.
+ * GitLab uses a simple secret token sent in the X-Gitlab-Token header.
+ * The expected token is read from the current configuration on every call so it
+ * can be rotated without restarting the process (see gitlabWebhookTokenSource).
  */
 export declare function verifyGitLabSignature(request: FastifyRequest): VerificationResult;
 /**
@@ -17,5 +19,10 @@ export declare function verifyGitHubSignature(request: FastifyRequest): Verifica
  * Extract event type from request headers
  */
 export declare function getGitLabEventType(request: FastifyRequest): string | undefined;
+/**
+ * Extract the per-event delivery identifier from request headers.
+ * Symmetric to getGitLabEventType; reads X-Gitlab-Event-UUID.
+ */
+export declare function getGitLabEventUuid(request: FastifyRequest): string | undefined;
 export declare function getGitHubEventType(request: FastifyRequest): string | undefined;
 //# sourceMappingURL=verifier.d.ts.map

package/dist/security/verifier.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../src/security/verifier.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;~~AAG9C~~,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;~~AAED;;;GAGG~~;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,cAAc,GAAG,kBAAkB,~~CAuBjF~~;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,cAAc,GAAG,kBAAkB,CAkCjF;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,cAAc,GAAG,MAAM,GAAG,SAAS,CAG9E;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,cAAc,GAAG,MAAM,GAAG,SAAS,CAG9E"}
1	+ {"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../../src/security/verifier.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAI9C,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAcD;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,cAAc,GAAG,kBAAkB,CAiBjF;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,cAAc,GAAG,kBAAkB,CAkCjF;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,cAAc,GAAG,MAAM,GAAG,SAAS,CAG9E;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,cAAc,GAAG,MAAM,GAAG,SAAS,CAG9E;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,cAAc,GAAG,MAAM,GAAG,SAAS,CAG9E"}

package/dist/security/verifier.js CHANGED Viewed

@@ -1,23 +1,32 @@
-import { createHmac, timingSafeEqual } from 'node:crypto';
+import { createHmac, randomBytes, timingSafeEqual } from 'node:crypto';
 import { loadEnvSecrets } from '../config/loader.js';
+import { currentGitlabWebhookToken } from '../security/gitlabWebhookTokenSource.js';
+// Per-process random key used only to fold both candidate and expected tokens
+// into fixed-length digests before comparison. It never leaves the process and
+// is not a secret in the trust model; its sole purpose is to make timingSafeEqual
+// operate on equal-length inputs so no length-based oracle precedes the compare.
+const comparisonKey = randomBytes(32);
+function constantTimeStringEqual(candidate, expected) {
+    const candidateDigest = createHmac('sha256', comparisonKey).update(candidate).digest();
+    const expectedDigest = createHmac('sha256', comparisonKey).update(expected).digest();
+    return timingSafeEqual(candidateDigest, expectedDigest);
+}
 /**
- * Verify GitLab webhook signature
- * GitLab uses a simple secret token sent in the X-Gitlab-Token header
+ * Verify GitLab webhook signature.
+ * GitLab uses a simple secret token sent in the X-Gitlab-Token header.
+ * The expected token is read from the current configuration on every call so it
+ * can be rotated without restarting the process (see gitlabWebhookTokenSource).
  */
 export function verifyGitLabSignature(request) {
     const token = request.headers['x-gitlab-token'];
     if (!token || typeof token !== 'string') {
         return { valid: false, error: 'Header X-Gitlab-Token manquant' };
     }
-    const secrets = loadEnvSecrets();
-    const expectedToken = secrets.gitlabWebhookToken;
-    // Use timing-safe comparison to prevent timing attacks
-    const tokenBuffer = Buffer.from(token);
-    const expectedBuffer = Buffer.from(expectedToken);
-    if (tokenBuffer.length !== expectedBuffer.length) {
+    const expectedToken = currentGitlabWebhookToken();
+    if (expectedToken === null) {
         return { valid: false, error: 'Token invalide' };
     }
-    if (!timingSafeEqual(tokenBuffer, expectedBuffer)) {
+    if (!constantTimeStringEqual(token, expectedToken)) {
         return { valid: false, error: 'Token invalide' };
     }
     return { valid: true };
@@ -60,6 +69,14 @@ export function getGitLabEventType(request) {
     const eventHeader = request.headers['x-gitlab-event'];
     return typeof eventHeader === 'string' ? eventHeader : undefined;
 }
+/**
+ * Extract the per-event delivery identifier from request headers.
+ * Symmetric to getGitLabEventType; reads X-Gitlab-Event-UUID.
+ */
+export function getGitLabEventUuid(request) {
+    const uuidHeader = request.headers['x-gitlab-event-uuid'];
+    return typeof uuidHeader === 'string' ? uuidHeader : undefined;
+}
 export function getGitHubEventType(request) {
     const eventHeader = request.headers['x-github-event'];
     return typeof eventHeader === 'string' ? eventHeader : undefined;

package/dist/security/verifier.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../src/security/verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;~~AAE1D~~,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;~~AAOpD;;;GAGG;AACH~~,MAAM,~~UAAU~~,~~qBAAqB,~~CAAC,~~OAAuB~~;~~IAC3D~~,MAAM,~~KAAK~~,GAAG,~~OAAO~~,CAAC,~~OAAO~~,CAAC,~~gBAAgB,~~CAAC~~,CAAC~~;~~IAEhD~~,~~IAAI~~,CAAC,~~KAAK~~,~~IAAI~~,~~OAAO~~,~~KAAK~~,~~KAAK~~,~~QAAQ~~,~~EAAE~~,CAAC~~;QACxC~~,~~OAAO~~,EAAE,~~KAAK~~,~~EAAE~~,~~KAAK~~,~~EAAE~~,~~KAAK~~,~~EAAE~~,~~gCAAgC~~,EAAE,CAAC;~~IACnE~~,~~CAAC;IAED,~~MAAM,~~OAAO~~,GAAG,~~cAAc~~,EAAE,CAAC~~;IACjC~~,MAAM,~~aAAa~~,~~GAAG~~,~~OAAO~~,CAAC,~~kBAAkB~~,CAAC;~~IAEjD~~,~~uDAAuD;IACvD~~,~~MAAM~~,~~WAAW~~,~~GAAG~~,~~MAAM~~,CAAC,~~IAAI~~,CAAC,~~KAAK~~,CAAC,~~CAAC~~;~~IACvC~~,MAAM,~~cAAc~~,GAAG,~~MAAM~~,CAAC,~~IAAI~~,CAAC,~~aAAa~~,CAAC,CAAC;~~IAElD~~,IAAI,~~WAAW~~,CAAC,~~MAAM~~,KAAK,~~cAAc~~,CAAC,MAAM,EAAE,CAAC;~~QACjD~~,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;IACnD,CAAC;IAED,IAAI,CAAC,~~eAAe~~,CAAC,~~WAAW~~,EAAE,~~cAAc~~,CAAC,EAAE,CAAC;~~QAClD~~,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;IACnD,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAuB;IAC3D,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAEzD,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAChD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC;IACxE,CAAC;IAED,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;IACjC,MAAM,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAE3C,mDAAmD;IACnD,MAAM,OAAO,GAAI,OAAiD,CAAC,OAAO,CAAC;IAC3E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mDAAmD,EAAE,CAAC;IACtF,CAAC;IAED,6BAA6B;IAC7B,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACrB,MAAM,iBAAiB,GAAG,UAAU,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;IAEzD,6BAA6B;IAC7B,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAEtD,IAAI,eAAe,CAAC,MAAM,KAAK,cAAc,CAAC,MAAM,EAAE,CAAC;QACrD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;IACvD,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,eAAe,EAAE,cAAc,CAAC,EAAE,CAAC;QACtD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;IACvD,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAuB;IACxD,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACtD,OAAO,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAuB;IACxD,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACtD,OAAO,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;AACnE,CAAC"}
1	+ {"version":3,"file":"verifier.js","sourceRoot":"","sources":["../../src/security/verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEvE,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,yBAAyB,EAAE,MAAM,wCAAwC,CAAC;AAOnF,8EAA8E;AAC9E,+EAA+E;AAC/E,kFAAkF;AAClF,iFAAiF;AACjF,MAAM,aAAa,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;AAEtC,SAAS,uBAAuB,CAAC,SAAiB,EAAE,QAAgB;IAClE,MAAM,eAAe,GAAG,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;IACvF,MAAM,cAAc,GAAG,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAC;IACrF,OAAO,eAAe,CAAC,eAAe,EAAE,cAAc,CAAC,CAAC;AAC1D,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAuB;IAC3D,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAEhD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC;IACnE,CAAC;IAED,MAAM,aAAa,GAAG,yBAAyB,EAAE,CAAC;IAClD,IAAI,aAAa,KAAK,IAAI,EAAE,CAAC;QAC3B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;IACnD,CAAC;IAED,IAAI,CAAC,uBAAuB,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC;QACnD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;IACnD,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,OAAuB;IAC3D,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAEzD,IAAI,CAAC,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAChD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC;IACxE,CAAC;IAED,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;IACjC,MAAM,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAE3C,mDAAmD;IACnD,MAAM,OAAO,GAAI,OAAiD,CAAC,OAAO,CAAC;IAC3E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,mDAAmD,EAAE,CAAC;IACtF,CAAC;IAED,6BAA6B;IAC7B,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC1C,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACrB,MAAM,iBAAiB,GAAG,UAAU,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;IAEzD,6BAA6B;IAC7B,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC/C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IAEtD,IAAI,eAAe,CAAC,MAAM,KAAK,cAAc,CAAC,MAAM,EAAE,CAAC;QACrD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;IACvD,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,eAAe,EAAE,cAAc,CAAC,EAAE,CAAC;QACtD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;IACvD,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAuB;IACxD,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACtD,OAAO,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;AACnE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAuB;IACxD,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAC1D,OAAO,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;AACjE,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,OAAuB;IACxD,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACtD,OAAO,OAAO,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;AACnE,CAAC"}

package/dist/tests/factories/transportContext.factory.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import type { TransportContext } from '../../modules/platform-integration/entities/transport/transportContext.js';
+export declare class TransportContextFactory {
+    static valid(overrides?: Partial<TransportContext>): TransportContext;
+}
+//# sourceMappingURL=transportContext.factory.d.ts.map

package/dist/tests/factories/transportContext.factory.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"transportContext.factory.d.ts","sourceRoot":"","sources":["../../../src/tests/factories/transportContext.factory.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uEAAuE,CAAC;AAI9G,qBAAa,uBAAuB;IAClC,MAAM,CAAC,KAAK,CAAC,SAAS,GAAE,OAAO,CAAC,gBAAgB,CAAM,GAAG,gBAAgB;CAU1E"}

package/dist/tests/factories/transportContext.factory.js ADDED Viewed

@@ -0,0 +1,14 @@
+const TRUSTED_HOP = '127.0.0.1';
+export class TransportContextFactory {
+    static valid(overrides = {}) {
+        return {
+            directSocketAddress: TRUSTED_HOP,
+            trustedHopAddress: TRUSTED_HOP,
+            forwardedProto: 'https',
+            resolvedClientIp: '10.20.30.40',
+            allowedCidrRanges: ['10.20.30.0/24'],
+            ...overrides,
+        };
+    }
+}
+//# sourceMappingURL=transportContext.factory.js.map

package/dist/tests/factories/transportContext.factory.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"transportContext.factory.js","sourceRoot":"","sources":["../../../src/tests/factories/transportContext.factory.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,GAAG,WAAW,CAAC;AAEhC,MAAM,OAAO,uBAAuB;IAClC,MAAM,CAAC,KAAK,CAAC,YAAuC,EAAE;QACpD,OAAO;YACL,mBAAmB,EAAE,WAAW;YAChC,iBAAiB,EAAE,WAAW;YAC9B,cAAc,EAAE,OAAO;YACvB,gBAAgB,EAAE,aAAa;YAC/B,iBAAiB,EAAE,CAAC,eAAe,CAAC;YACpC,GAAG,SAAS;SACb,CAAC;IACJ,CAAC;CACF"}

package/dist/tests/stubs/egressScan.stub.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+import type { EgressScanGateway, EgressScanInput, EgressScanResult } from '../../modules/platform-integration/entities/egressScan/egressScan.gateway.js';
+import type { EgressTraceGateway } from '../../modules/platform-integration/entities/egressScan/egressTrace.gateway.js';
+import type { EgressScanTrace } from '../../modules/platform-integration/entities/egressScan/egressScan.gateway.js';
+export declare class StubEgressScanGateway implements EgressScanGateway {
+    readonly calls: EgressScanInput[];
+    private result;
+    private shouldFail;
+    setResult(result: EgressScanResult): void;
+    setShouldFail(shouldFail: boolean): void;
+    scan(input: EgressScanInput): EgressScanResult;
+}
+export declare class StubEgressTraceGateway implements EgressTraceGateway {
+    readonly traces: EgressScanTrace[];
+    record(trace: EgressScanTrace): void;
+}
+//# sourceMappingURL=egressScan.stub.d.ts.map

package/dist/tests/stubs/egressScan.stub.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"egressScan.stub.d.ts","sourceRoot":"","sources":["../../../src/tests/stubs/egressScan.stub.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,iBAAiB,EACjB,eAAe,EACf,gBAAgB,EACjB,MAAM,0EAA0E,CAAC;AAClF,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2EAA2E,CAAC;AACpH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0EAA0E,CAAC;AAEhH,qBAAa,qBAAsB,YAAW,iBAAiB;IAC7D,QAAQ,CAAC,KAAK,EAAE,eAAe,EAAE,CAAM;IACvC,OAAO,CAAC,MAAM,CAAiC;IAC/C,OAAO,CAAC,UAAU,CAAS;IAE3B,SAAS,CAAC,MAAM,EAAE,gBAAgB,GAAG,IAAI;IAIzC,aAAa,CAAC,UAAU,EAAE,OAAO,GAAG,IAAI;IAIxC,IAAI,CAAC,KAAK,EAAE,eAAe,GAAG,gBAAgB;CAU/C;AAED,qBAAa,sBAAuB,YAAW,kBAAkB;IAC/D,QAAQ,CAAC,MAAM,EAAE,eAAe,EAAE,CAAM;IAExC,MAAM,CAAC,KAAK,EAAE,eAAe,GAAG,IAAI;CAGrC"}

package/dist/tests/stubs/egressScan.stub.js ADDED Viewed

@@ -0,0 +1,28 @@
+export class StubEgressScanGateway {
+    calls = [];
+    result = null;
+    shouldFail = false;
+    setResult(result) {
+        this.result = result;
+    }
+    setShouldFail(shouldFail) {
+        this.shouldFail = shouldFail;
+    }
+    scan(input) {
+        this.calls.push(input);
+        if (this.shouldFail) {
+            throw new Error('scanner failure');
+        }
+        if (this.result === null) {
+            return { decision: 'pass', body: input.body };
+        }
+        return this.result;
+    }
+}
+export class StubEgressTraceGateway {
+    traces = [];
+    record(trace) {
+        this.traces.push(trace);
+    }
+}
+//# sourceMappingURL=egressScan.stub.js.map

package/dist/tests/stubs/egressScan.stub.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"egressScan.stub.js","sourceRoot":"","sources":["../../../src/tests/stubs/egressScan.stub.ts"],"names":[],"mappings":"AAQA,MAAM,OAAO,qBAAqB;IACvB,KAAK,GAAsB,EAAE,CAAC;IAC/B,MAAM,GAA4B,IAAI,CAAC;IACvC,UAAU,GAAG,KAAK,CAAC;IAE3B,SAAS,CAAC,MAAwB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,aAAa,CAAC,UAAmB;QAC/B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;IAED,IAAI,CAAC,KAAsB;QACzB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,EAAE,CAAC;YACzB,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;CACF;AAED,MAAM,OAAO,sBAAsB;IACxB,MAAM,GAAsB,EAAE,CAAC;IAExC,MAAM,CAAC,KAAsB;QAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1B,CAAC;CACF"}

package/dist/tests/stubs/idempotencyStore.stub.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { IdempotencyStore } from '../../modules/platform-integration/entities/idempotency/idempotencyStore.gateway.js';
+export declare class StubIdempotencyStore implements IdempotencyStore {
+    readonly recordedKeys: string[];
+    private readonly present;
+    recordIfAbsent(eventKey: string): Promise<boolean>;
+    get entryCount(): number;
+    has(eventKey: string): boolean;
+}
+//# sourceMappingURL=idempotencyStore.stub.d.ts.map

package/dist/tests/stubs/idempotencyStore.stub.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"idempotencyStore.stub.d.ts","sourceRoot":"","sources":["../../../src/tests/stubs/idempotencyStore.stub.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iFAAiF,CAAC;AAExH,qBAAa,oBAAqB,YAAW,gBAAgB;IAC3D,QAAQ,CAAC,YAAY,EAAE,MAAM,EAAE,CAAM;IACrC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAqB;IAEvC,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IASxD,IAAI,UAAU,IAAI,MAAM,CAEvB;IAED,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO;CAG/B"}