reviewflow 3.32.0 → 3.34.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +20 -0
- package/dist/main/routes.d.ts.map +1 -1
- package/dist/main/routes.js +56 -5
- package/dist/main/routes.js.map +1 -1
- package/dist/main/server.d.ts.map +1 -1
- package/dist/main/server.js +5 -1
- package/dist/main/server.js.map +1 -1
- package/dist/modules/claude-invocation/entities/claudeSession/claudeSession.guard.d.ts +1 -1
- package/dist/modules/claude-invocation/entities/claudeSession/claudeSession.schema.d.ts +2 -0
- package/dist/modules/claude-invocation/entities/claudeSession/claudeSession.schema.d.ts.map +1 -1
- package/dist/modules/claude-invocation/entities/claudeSession/claudeSession.schema.js +1 -1
- package/dist/modules/claude-invocation/entities/claudeSession/claudeSession.schema.js.map +1 -1
- package/dist/modules/{ember-chat/interface-adapters/gateways/emberStreamJson.parser.d.ts → claude-invocation/interface-adapters/gateways/transcriptStreamJson.parser.d.ts} +1 -1
- package/dist/modules/claude-invocation/interface-adapters/gateways/transcriptStreamJson.parser.d.ts.map +1 -0
- package/dist/modules/{ember-chat/interface-adapters/gateways/emberStreamJson.parser.js → claude-invocation/interface-adapters/gateways/transcriptStreamJson.parser.js} +1 -1
- package/dist/modules/claude-invocation/interface-adapters/gateways/transcriptStreamJson.parser.js.map +1 -0
- package/dist/modules/ember-chat/interface-adapters/gateways/emberAnswerTransport.claude.gateway.js +1 -1
- package/dist/modules/ember-chat/interface-adapters/gateways/emberAnswerTransport.claude.gateway.js.map +1 -1
- package/dist/modules/platform-integration/entities/egressScan/egressScan.defaults.d.ts +3 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.defaults.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.defaults.js +9 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.defaults.js.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.gateway.d.ts +28 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.gateway.js +2 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.gateway.js.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.scanner.d.ts +11 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.scanner.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.scanner.js +70 -0
- package/dist/modules/platform-integration/entities/egressScan/egressScan.scanner.js.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressTrace.gateway.d.ts +5 -0
- package/dist/modules/platform-integration/entities/egressScan/egressTrace.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/egressScan/egressTrace.gateway.js +2 -0
- package/dist/modules/platform-integration/entities/egressScan/egressTrace.gateway.js.map +1 -0
- package/dist/modules/platform-integration/entities/executorToken/executorCapability.d.ts +9 -0
- package/dist/modules/platform-integration/entities/executorToken/executorCapability.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/executorToken/executorCapability.js +10 -0
- package/dist/modules/platform-integration/entities/executorToken/executorCapability.js.map +1 -0
- package/dist/modules/platform-integration/entities/idempotency/idempotencyStore.gateway.d.ts +4 -0
- package/dist/modules/platform-integration/entities/idempotency/idempotencyStore.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/idempotency/idempotencyStore.gateway.js +2 -0
- package/dist/modules/platform-integration/entities/idempotency/idempotencyStore.gateway.js.map +1 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.d.ts +27 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.gateway.d.ts +13 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.gateway.js +2 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.gateway.js.map +1 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.js +21 -0
- package/dist/modules/platform-integration/entities/memberAccess/memberAccess.js.map +1 -0
- package/dist/modules/platform-integration/entities/transport/cidr.d.ts +2 -0
- package/dist/modules/platform-integration/entities/transport/cidr.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/transport/cidr.js +36 -0
- package/dist/modules/platform-integration/entities/transport/cidr.js.map +1 -0
- package/dist/modules/platform-integration/entities/transport/clientIpResolver.gateway.d.ts +8 -0
- package/dist/modules/platform-integration/entities/transport/clientIpResolver.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/transport/clientIpResolver.gateway.js +2 -0
- package/dist/modules/platform-integration/entities/transport/clientIpResolver.gateway.js.map +1 -0
- package/dist/modules/platform-integration/entities/transport/transportContext.d.ts +16 -0
- package/dist/modules/platform-integration/entities/transport/transportContext.d.ts.map +1 -0
- package/dist/modules/platform-integration/entities/transport/transportContext.js +2 -0
- package/dist/modules/platform-integration/entities/transport/transportContext.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/github.controller.d.ts.map +1 -1
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/github.controller.js +4 -4
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/github.controller.js.map +1 -1
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/gitlab.controller.d.ts +5 -1
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/gitlab.controller.d.ts.map +1 -1
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/gitlab.controller.js +112 -18
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/gitlab.controller.js.map +1 -1
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.d.ts +25 -0
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.js +26 -0
- package/dist/modules/platform-integration/interface-adapters/controllers/webhook/transportGuard.middleware.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.d.ts +14 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.js +34 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.gateway.d.ts +14 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.gateway.js +27 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.gateway.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/loggerEgressTrace.gateway.d.ts +9 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/loggerEgressTrace.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/loggerEgressTrace.gateway.js +14 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/loggerEgressTrace.gateway.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.d.ts +31 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.js +83 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.d.ts +17 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.js +17 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.js.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.d.ts +6 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.d.ts.map +1 -1
- package/dist/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.js +28 -1
- package/dist/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.js.map +1 -1
- package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.d.ts +5 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.d.ts.map +1 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.js +16 -0
- package/dist/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.js.map +1 -0
- package/dist/modules/platform-integration/services/autoExecutorActionFilter.d.ts +9 -0
- package/dist/modules/platform-integration/services/autoExecutorActionFilter.d.ts.map +1 -0
- package/dist/modules/platform-integration/services/autoExecutorActionFilter.js +33 -0
- package/dist/modules/platform-integration/services/autoExecutorActionFilter.js.map +1 -0
- package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.d.ts +23 -0
- package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.d.ts.map +1 -0
- package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.js +21 -0
- package/dist/modules/platform-integration/services/pinnedThreadFetchTarget.js.map +1 -0
- package/dist/modules/platform-integration/services/scopedExecutorEnvironment.d.ts +21 -0
- package/dist/modules/platform-integration/services/scopedExecutorEnvironment.d.ts.map +1 -0
- package/dist/modules/platform-integration/services/scopedExecutorEnvironment.js +39 -0
- package/dist/modules/platform-integration/services/scopedExecutorEnvironment.js.map +1 -0
- package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.d.ts +17 -0
- package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.d.ts.map +1 -0
- package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.js +23 -0
- package/dist/modules/platform-integration/usecases/isTrustedActor.usecase.js.map +1 -0
- package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.d.ts +3 -0
- package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.d.ts.map +1 -0
- package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.js +18 -0
- package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.js.map +1 -0
- package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.d.ts +9 -0
- package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.d.ts.map +1 -0
- package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.js +11 -0
- package/dist/modules/review-execution/entities/actionProvenance/actionProvenance.js.map +1 -0
- package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.d.ts +13 -0
- package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.d.ts.map +1 -0
- package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.js +2 -0
- package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.js.map +1 -0
- package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.d.ts +14 -0
- package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.d.ts.map +1 -0
- package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.js +31 -0
- package/dist/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.js.map +1 -0
- package/dist/modules/review-execution/services/constrainActionSurface.d.ts +19 -0
- package/dist/modules/review-execution/services/constrainActionSurface.d.ts.map +1 -0
- package/dist/modules/review-execution/services/constrainActionSurface.js +49 -0
- package/dist/modules/review-execution/services/constrainActionSurface.js.map +1 -0
- package/dist/modules/review-execution/services/contextActionsExecutor.d.ts +2 -1
- package/dist/modules/review-execution/services/contextActionsExecutor.d.ts.map +1 -1
- package/dist/modules/review-execution/services/contextActionsExecutor.js +20 -2
- package/dist/modules/review-execution/services/contextActionsExecutor.js.map +1 -1
- package/dist/modules/review-execution/services/dispatchConstrainedActions.d.ts +30 -0
- package/dist/modules/review-execution/services/dispatchConstrainedActions.d.ts.map +1 -0
- package/dist/modules/review-execution/services/dispatchConstrainedActions.js +20 -0
- package/dist/modules/review-execution/services/dispatchConstrainedActions.js.map +1 -0
- package/dist/modules/review-execution/services/publicOutputExecutor.d.ts +10 -0
- package/dist/modules/review-execution/services/publicOutputExecutor.d.ts.map +1 -0
- package/dist/modules/review-execution/services/publicOutputExecutor.js +27 -0
- package/dist/modules/review-execution/services/publicOutputExecutor.js.map +1 -0
- package/dist/modules/review-execution/services/resolveThreadInventory.d.ts +19 -0
- package/dist/modules/review-execution/services/resolveThreadInventory.d.ts.map +1 -0
- package/dist/modules/review-execution/services/resolveThreadInventory.js +39 -0
- package/dist/modules/review-execution/services/resolveThreadInventory.js.map +1 -0
- package/dist/modules/review-execution/services/threadActionsExecutor.d.ts +11 -1
- package/dist/modules/review-execution/services/threadActionsExecutor.d.ts.map +1 -1
- package/dist/modules/review-execution/services/threadActionsExecutor.js +24 -2
- package/dist/modules/review-execution/services/threadActionsExecutor.js.map +1 -1
- package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.d.ts +6 -0
- package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.d.ts.map +1 -1
- package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.js +2 -1
- package/dist/modules/review-execution/usecases/gateClaudeInvocation.usecase.js.map +1 -1
- package/dist/modules/statistics-insights/entities/insight/aiInsightsSession.gateway.d.ts +13 -0
- package/dist/modules/statistics-insights/entities/insight/aiInsightsSession.gateway.d.ts.map +1 -0
- package/dist/modules/statistics-insights/entities/insight/aiInsightsSession.gateway.js +2 -0
- package/dist/modules/statistics-insights/entities/insight/aiInsightsSession.gateway.js.map +1 -0
- package/dist/modules/statistics-insights/interface-adapters/controllers/http/insights.routes.d.ts +4 -2
- package/dist/modules/statistics-insights/interface-adapters/controllers/http/insights.routes.d.ts.map +1 -1
- package/dist/modules/statistics-insights/interface-adapters/controllers/http/insights.routes.js +6 -4
- package/dist/modules/statistics-insights/interface-adapters/controllers/http/insights.routes.js.map +1 -1
- package/dist/modules/statistics-insights/interface-adapters/gateways/aiInsightsSession.claude.gateway.d.ts +31 -0
- package/dist/modules/statistics-insights/interface-adapters/gateways/aiInsightsSession.claude.gateway.d.ts.map +1 -0
- package/dist/modules/statistics-insights/interface-adapters/gateways/aiInsightsSession.claude.gateway.js +105 -0
- package/dist/modules/statistics-insights/interface-adapters/gateways/aiInsightsSession.claude.gateway.js.map +1 -0
- package/dist/modules/statistics-insights/usecases/insights/{generateAiInsights.usecase.d.ts → generateAiInsightsViaSession.usecase.d.ts} +7 -13
- package/dist/modules/statistics-insights/usecases/insights/generateAiInsightsViaSession.usecase.d.ts.map +1 -0
- package/dist/modules/statistics-insights/usecases/insights/generateAiInsightsViaSession.usecase.js +49 -0
- package/dist/modules/statistics-insights/usecases/insights/generateAiInsightsViaSession.usecase.js.map +1 -0
- package/dist/modules/statistics-insights/usecases/insights/parseAiInsightsResponse.d.ts +3 -0
- package/dist/modules/statistics-insights/usecases/insights/parseAiInsightsResponse.d.ts.map +1 -0
- package/dist/modules/statistics-insights/usecases/insights/parseAiInsightsResponse.js +20 -0
- package/dist/modules/statistics-insights/usecases/insights/parseAiInsightsResponse.js.map +1 -0
- package/dist/modules/statistics-insights/usecases/insights/persistAiInsights.usecase.d.ts +12 -0
- package/dist/modules/statistics-insights/usecases/insights/persistAiInsights.usecase.d.ts.map +1 -0
- package/dist/modules/statistics-insights/usecases/insights/persistAiInsights.usecase.js +14 -0
- package/dist/modules/statistics-insights/usecases/insights/persistAiInsights.usecase.js.map +1 -0
- package/dist/security/gitlabWebhookTokenSource.d.ts +9 -0
- package/dist/security/gitlabWebhookTokenSource.d.ts.map +1 -0
- package/dist/security/gitlabWebhookTokenSource.js +15 -0
- package/dist/security/gitlabWebhookTokenSource.js.map +1 -0
- package/dist/security/transportGuardConfig.d.ts +16 -0
- package/dist/security/transportGuardConfig.d.ts.map +1 -0
- package/dist/security/transportGuardConfig.js +38 -0
- package/dist/security/transportGuardConfig.js.map +1 -0
- package/dist/security/verifier.d.ts +9 -2
- package/dist/security/verifier.d.ts.map +1 -1
- package/dist/security/verifier.js +27 -10
- package/dist/security/verifier.js.map +1 -1
- package/dist/tests/acceptance/191-team-insights-bg-migration.acceptance.test.d.ts +2 -0
- package/dist/tests/acceptance/191-team-insights-bg-migration.acceptance.test.d.ts.map +1 -0
- package/dist/tests/acceptance/191-team-insights-bg-migration.acceptance.test.js +121 -0
- package/dist/tests/acceptance/191-team-insights-bg-migration.acceptance.test.js.map +1 -0
- package/dist/tests/factories/transportContext.factory.d.ts +5 -0
- package/dist/tests/factories/transportContext.factory.d.ts.map +1 -0
- package/dist/tests/factories/transportContext.factory.js +14 -0
- package/dist/tests/factories/transportContext.factory.js.map +1 -0
- package/dist/tests/stubs/aiInsightsSession.stub.d.ts +8 -0
- package/dist/tests/stubs/aiInsightsSession.stub.d.ts.map +1 -0
- package/dist/tests/stubs/aiInsightsSession.stub.js +15 -0
- package/dist/tests/stubs/aiInsightsSession.stub.js.map +1 -0
- package/dist/tests/stubs/egressScan.stub.d.ts +16 -0
- package/dist/tests/stubs/egressScan.stub.d.ts.map +1 -0
- package/dist/tests/stubs/egressScan.stub.js +28 -0
- package/dist/tests/stubs/egressScan.stub.js.map +1 -0
- package/dist/tests/stubs/idempotencyStore.stub.d.ts +9 -0
- package/dist/tests/stubs/idempotencyStore.stub.d.ts.map +1 -0
- package/dist/tests/stubs/idempotencyStore.stub.js +19 -0
- package/dist/tests/stubs/idempotencyStore.stub.js.map +1 -0
- package/dist/tests/stubs/memberAccess.stub.d.ts +24 -0
- package/dist/tests/stubs/memberAccess.stub.d.ts.map +1 -0
- package/dist/tests/stubs/memberAccess.stub.js +28 -0
- package/dist/tests/stubs/memberAccess.stub.js.map +1 -0
- package/dist/tests/units/architecture/noClaudePInProduction.test.js +0 -1
- package/dist/tests/units/architecture/noClaudePInProduction.test.js.map +1 -1
- package/dist/tests/units/entities/egressScan/egressScan.scanner.test.d.ts +2 -0
- package/dist/tests/units/entities/egressScan/egressScan.scanner.test.d.ts.map +1 -0
- package/dist/tests/units/entities/egressScan/egressScan.scanner.test.js +136 -0
- package/dist/tests/units/entities/egressScan/egressScan.scanner.test.js.map +1 -0
- package/dist/tests/units/interface-adapters/controllers/http/insights.routes.test.js +6 -4
- package/dist/tests/units/interface-adapters/controllers/http/insights.routes.test.js.map +1 -1
- package/dist/tests/units/interface-adapters/controllers/webhook/gitlab.controller.test.js +114 -0
- package/dist/tests/units/interface-adapters/controllers/webhook/gitlab.controller.test.js.map +1 -1
- package/dist/tests/units/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.test.d.ts +2 -0
- package/dist/tests/units/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.test.d.ts.map +1 -0
- package/dist/tests/units/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.test.js +116 -0
- package/dist/tests/units/interface-adapters/gateways/egressScanned.noteCommentPost.gateway.test.js.map +1 -0
- package/dist/tests/units/modules/claude-invocation/gateways/transcriptStreamJson.parser.test.d.ts +2 -0
- package/dist/tests/units/modules/claude-invocation/gateways/transcriptStreamJson.parser.test.d.ts.map +1 -0
- package/dist/tests/units/modules/{ember-chat/gateways/emberStreamJson.parser.test.js → claude-invocation/gateways/transcriptStreamJson.parser.test.js} +2 -2
- package/dist/tests/units/modules/claude-invocation/gateways/transcriptStreamJson.parser.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/controllers/gitlabProcessorProvenance.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/controllers/gitlabProcessorProvenance.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/controllers/gitlabProcessorProvenance.test.js +69 -0
- package/dist/tests/units/modules/platform-integration/controllers/gitlabProcessorProvenance.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/entities/executorCapability.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/entities/executorCapability.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/entities/executorCapability.test.js +28 -0
- package/dist/tests/units/modules/platform-integration/entities/executorCapability.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/entities/memberAccess/memberAccess.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/entities/memberAccess/memberAccess.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/entities/memberAccess/memberAccess.test.js +18 -0
- package/dist/tests/units/modules/platform-integration/entities/memberAccess/memberAccess.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/gateways/defaultGitLabExecutor.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/gateways/defaultGitLabExecutor.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/gateways/defaultGitLabExecutor.test.js +13 -0
- package/dist/tests/units/modules/platform-integration/gateways/defaultGitLabExecutor.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/gateways/memberAccess.gitlab.cli.gateway.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/gateways/memberAccess.gitlab.cli.gateway.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/gateways/memberAccess.gitlab.cli.gateway.test.js +105 -0
- package/dist/tests/units/modules/platform-integration/gateways/memberAccess.gitlab.cli.gateway.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/gateways/scopedGitLabExecutor.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/gateways/scopedGitLabExecutor.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/gateways/scopedGitLabExecutor.test.js +85 -0
- package/dist/tests/units/modules/platform-integration/gateways/scopedGitLabExecutor.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/controllers/webhook/gitlabIdempotency.controller.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/controllers/webhook/gitlabIdempotency.controller.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/controllers/webhook/gitlabIdempotency.controller.test.js +216 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/controllers/webhook/gitlabIdempotency.controller.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.test.js +48 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/gateways/inMemoryIdempotencyStore.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/clientIpResolver.forwardedFor.gateway.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/clientIpResolver.forwardedFor.gateway.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/clientIpResolver.forwardedFor.gateway.test.js +29 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/clientIpResolver.forwardedFor.gateway.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/transportGuard.middleware.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/transportGuard.middleware.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/transportGuard.middleware.test.js +66 -0
- package/dist/tests/units/modules/platform-integration/interface-adapters/transport/transportGuard.middleware.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorActionFilter.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorActionFilter.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorActionFilter.test.js +38 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorActionFilter.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorCapabilityGate.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorCapabilityGate.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorCapabilityGate.test.js +40 -0
- package/dist/tests/units/modules/platform-integration/services/autoExecutorCapabilityGate.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/pinnedThreadFetchTarget.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/services/pinnedThreadFetchTarget.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/pinnedThreadFetchTarget.test.js +76 -0
- package/dist/tests/units/modules/platform-integration/services/pinnedThreadFetchTarget.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/scopedExecutorEnvironment.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/services/scopedExecutorEnvironment.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/services/scopedExecutorEnvironment.test.js +120 -0
- package/dist/tests/units/modules/platform-integration/services/scopedExecutorEnvironment.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/usecases/isTrustedActor.usecase.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/usecases/isTrustedActor.usecase.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/usecases/isTrustedActor.usecase.test.js +33 -0
- package/dist/tests/units/modules/platform-integration/usecases/isTrustedActor.usecase.test.js.map +1 -0
- package/dist/tests/units/modules/platform-integration/usecases/transport/evaluateTransport.usecase.test.d.ts +2 -0
- package/dist/tests/units/modules/platform-integration/usecases/transport/evaluateTransport.usecase.test.d.ts.map +1 -0
- package/dist/tests/units/modules/platform-integration/usecases/transport/evaluateTransport.usecase.test.js +69 -0
- package/dist/tests/units/modules/platform-integration/usecases/transport/evaluateTransport.usecase.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/entities/actionProvenance/actionProvenance.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/entities/actionProvenance/actionProvenance.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/entities/actionProvenance/actionProvenance.test.js +26 -0
- package/dist/tests/units/modules/review-execution/entities/actionProvenance/actionProvenance.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.test.js +44 -0
- package/dist/tests/units/modules/review-execution/interface-adapters/gateways/threadInventory.gitlab.gateway.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.parity.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.parity.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.parity.test.js +29 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.parity.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.test.js +115 -0
- package/dist/tests/units/modules/review-execution/services/constrainActionSurface.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/services/contextActionsExecutor.autopath.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/services/contextActionsExecutor.autopath.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/services/contextActionsExecutor.autopath.test.js +52 -0
- package/dist/tests/units/modules/review-execution/services/contextActionsExecutor.autopath.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/services/dispatchConstrainedActions.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/services/dispatchConstrainedActions.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/services/dispatchConstrainedActions.test.js +124 -0
- package/dist/tests/units/modules/review-execution/services/dispatchConstrainedActions.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/services/resolveThreadInventory.test.d.ts +2 -0
- package/dist/tests/units/modules/review-execution/services/resolveThreadInventory.test.d.ts.map +1 -0
- package/dist/tests/units/modules/review-execution/services/resolveThreadInventory.test.js +67 -0
- package/dist/tests/units/modules/review-execution/services/resolveThreadInventory.test.js.map +1 -0
- package/dist/tests/units/modules/review-execution/usecases/gateClaudeInvocation.usecase.test.js +42 -0
- package/dist/tests/units/modules/review-execution/usecases/gateClaudeInvocation.usecase.test.js.map +1 -1
- package/dist/tests/units/security/gitlabTokenRotation.test.d.ts +2 -0
- package/dist/tests/units/security/gitlabTokenRotation.test.d.ts.map +1 -0
- package/dist/tests/units/security/gitlabTokenRotation.test.js +39 -0
- package/dist/tests/units/security/gitlabTokenRotation.test.js.map +1 -0
- package/dist/tests/units/security/noSpoofableTransportGuard.test.d.ts +2 -0
- package/dist/tests/units/security/noSpoofableTransportGuard.test.d.ts.map +1 -0
- package/dist/tests/units/security/noSpoofableTransportGuard.test.js +30 -0
- package/dist/tests/units/security/noSpoofableTransportGuard.test.js.map +1 -0
- package/dist/tests/units/security/transportGuardConfig.test.d.ts +2 -0
- package/dist/tests/units/security/transportGuardConfig.test.d.ts.map +1 -0
- package/dist/tests/units/security/transportGuardConfig.test.js +38 -0
- package/dist/tests/units/security/transportGuardConfig.test.js.map +1 -0
- package/dist/tests/units/security/verifier.test.js +33 -2
- package/dist/tests/units/security/verifier.test.js.map +1 -1
- package/dist/tests/units/services/contextActionsExecutor.egress.test.d.ts +2 -0
- package/dist/tests/units/services/contextActionsExecutor.egress.test.d.ts.map +1 -0
- package/dist/tests/units/services/contextActionsExecutor.egress.test.js +117 -0
- package/dist/tests/units/services/contextActionsExecutor.egress.test.js.map +1 -0
- package/dist/tests/units/services/contextActionsExecutor.test.js +24 -31
- package/dist/tests/units/services/contextActionsExecutor.test.js.map +1 -1
- package/dist/tests/units/services/publicOutputExecutor.test.d.ts +2 -0
- package/dist/tests/units/services/publicOutputExecutor.test.d.ts.map +1 -0
- package/dist/tests/units/services/publicOutputExecutor.test.js +72 -0
- package/dist/tests/units/services/publicOutputExecutor.test.js.map +1 -0
- package/dist/tests/units/services/threadActionsExecutor.egress.test.d.ts +2 -0
- package/dist/tests/units/services/threadActionsExecutor.egress.test.d.ts.map +1 -0
- package/dist/tests/units/services/threadActionsExecutor.egress.test.js +113 -0
- package/dist/tests/units/services/threadActionsExecutor.egress.test.js.map +1 -0
- package/dist/tests/units/services/threadActionsExecutor.test.js +32 -96
- package/dist/tests/units/services/threadActionsExecutor.test.js.map +1 -1
- package/dist/tests/units/usecases/insights/generateAiInsightsViaSession.usecase.test.d.ts +2 -0
- package/dist/tests/units/usecases/insights/generateAiInsightsViaSession.usecase.test.d.ts.map +1 -0
- package/dist/tests/units/usecases/insights/generateAiInsightsViaSession.usecase.test.js +114 -0
- package/dist/tests/units/usecases/insights/generateAiInsightsViaSession.usecase.test.js.map +1 -0
- package/dist/tests/units/usecases/insights/parseAiInsightsResponse.test.d.ts +2 -0
- package/dist/tests/units/usecases/insights/parseAiInsightsResponse.test.d.ts.map +1 -0
- package/dist/tests/units/usecases/insights/parseAiInsightsResponse.test.js +45 -0
- package/dist/tests/units/usecases/insights/parseAiInsightsResponse.test.js.map +1 -0
- package/dist/tests/units/usecases/insights/persistAiInsights.usecase.test.d.ts +2 -0
- package/dist/tests/units/usecases/insights/persistAiInsights.usecase.test.d.ts.map +1 -0
- package/dist/tests/units/usecases/insights/persistAiInsights.usecase.test.js +87 -0
- package/dist/tests/units/usecases/insights/persistAiInsights.usecase.test.js.map +1 -0
- package/package.json +9 -2
- package/dist/frameworks/claude/claudeInsightsInvoker.d.ts +0 -3
- package/dist/frameworks/claude/claudeInsightsInvoker.d.ts.map +0 -1
- package/dist/frameworks/claude/claudeInsightsInvoker.js +0 -58
- package/dist/frameworks/claude/claudeInsightsInvoker.js.map +0 -1
- package/dist/modules/ember-chat/interface-adapters/gateways/emberStreamJson.parser.d.ts.map +0 -1
- package/dist/modules/ember-chat/interface-adapters/gateways/emberStreamJson.parser.js.map +0 -1
- package/dist/modules/statistics-insights/usecases/insights/generateAiInsights.usecase.d.ts.map +0 -1
- package/dist/modules/statistics-insights/usecases/insights/generateAiInsights.usecase.js +0 -65
- package/dist/modules/statistics-insights/usecases/insights/generateAiInsights.usecase.js.map +0 -1
- package/dist/tests/units/modules/ember-chat/gateways/emberStreamJson.parser.test.d.ts +0 -2
- package/dist/tests/units/modules/ember-chat/gateways/emberStreamJson.parser.test.d.ts.map +0 -1
- package/dist/tests/units/modules/ember-chat/gateways/emberStreamJson.parser.test.js.map +0 -1
- package/dist/tests/units/usecases/insights/generateAiInsights.usecase.test.d.ts +0 -2
- package/dist/tests/units/usecases/insights/generateAiInsights.usecase.test.d.ts.map +0 -1
- package/dist/tests/units/usecases/insights/generateAiInsights.usecase.test.js +0 -253
- package/dist/tests/units/usecases/insights/generateAiInsights.usecase.test.js.map +0 -1
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import type { MemberAccessGateway } from '../../../../modules/platform-integration/entities/memberAccess/memberAccess.gateway.js';
|
|
2
|
+
import { type ResolvedAccessLevel } from '../../../../modules/platform-integration/entities/memberAccess/memberAccess.js';
|
|
3
|
+
export type CommandExecutor = (command: string) => string;
|
|
4
|
+
export interface GitLabMemberAccessOptions {
|
|
5
|
+
ttlMs: number;
|
|
6
|
+
clock: () => number;
|
|
7
|
+
}
|
|
8
|
+
/**
|
|
9
|
+
* Cached, fail-closed GitLab membership resolver (SPEC-197).
|
|
10
|
+
*
|
|
11
|
+
* Resolves the actor's numeric id via the Users API (`/users?username=`) then the
|
|
12
|
+
* project membership via the Members API (`/projects/:id/members/all/:user_id`),
|
|
13
|
+
* both through the injected authenticated glab executor. Results are cached per
|
|
14
|
+
* username with a TTL. Every failure mode — lookup error, timeout, ambiguous match
|
|
15
|
+
* (more than one user), unknown username (empty list), non-member, or an
|
|
16
|
+
* access_level outside the known scale — resolves to `null` (non-trusted). The
|
|
17
|
+
* cache keys strictly on username, so a trusted result for one actor never widens
|
|
18
|
+
* trust for another (AC5).
|
|
19
|
+
*/
|
|
20
|
+
export declare class GitLabMemberAccessCliGateway implements MemberAccessGateway {
|
|
21
|
+
private readonly executor;
|
|
22
|
+
private readonly cache;
|
|
23
|
+
private readonly ttlMs;
|
|
24
|
+
private readonly clock;
|
|
25
|
+
constructor(executor: CommandExecutor, options?: Partial<GitLabMemberAccessOptions>);
|
|
26
|
+
resolve(projectPath: string, username: string): Promise<ResolvedAccessLevel>;
|
|
27
|
+
private lookup;
|
|
28
|
+
private resolveUserId;
|
|
29
|
+
private resolveMembership;
|
|
30
|
+
}
|
|
31
|
+
//# sourceMappingURL=memberAccess.gitlab.cli.gateway.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"memberAccess.gitlab.cli.gateway.d.ts","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8EAA8E,CAAC;AACxH,OAAO,EAGL,KAAK,mBAAmB,EACzB,MAAM,sEAAsE,CAAC;AAE9E,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,MAAM,KAAK,MAAM,CAAC;AAE1D,MAAM,WAAW,yBAAyB;IACxC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,MAAM,CAAC;CACrB;AAuBD;;;;;;;;;;;GAWG;AACH,qBAAa,4BAA6B,YAAW,mBAAmB;IAMpE,OAAO,CAAC,QAAQ,CAAC,QAAQ;IAL3B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAiC;IACvD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;IAC/B,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAe;gBAGlB,QAAQ,EAAE,eAAe,EAC1C,OAAO,CAAC,EAAE,OAAO,CAAC,yBAAyB,CAAC;IAMxC,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAYlF,OAAO,CAAC,MAAM;IAQd,OAAO,CAAC,aAAa;IAcrB,OAAO,CAAC,iBAAiB;CAe1B"}
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
import { z } from 'zod';
|
|
2
|
+
import { MEMBER_ACCESS_LEVELS, } from '../../../../modules/platform-integration/entities/memberAccess/memberAccess.js';
|
|
3
|
+
const DEFAULT_TTL_MS = 5 * 60 * 1000;
|
|
4
|
+
const gitLabUserSchema = z.object({ id: z.number().int() });
|
|
5
|
+
const gitLabUserListSchema = z.array(gitLabUserSchema);
|
|
6
|
+
const gitLabMemberSchema = z.object({ access_level: z.number().int() });
|
|
7
|
+
const KNOWN_ACCESS_LEVELS = new Set(Object.values(MEMBER_ACCESS_LEVELS));
|
|
8
|
+
function toKnownAccessLevel(value) {
|
|
9
|
+
if (!KNOWN_ACCESS_LEVELS.has(value)) {
|
|
10
|
+
return null;
|
|
11
|
+
}
|
|
12
|
+
const known = Object.values(MEMBER_ACCESS_LEVELS).find((level) => level === value);
|
|
13
|
+
return known ?? null;
|
|
14
|
+
}
|
|
15
|
+
/**
|
|
16
|
+
* Cached, fail-closed GitLab membership resolver (SPEC-197).
|
|
17
|
+
*
|
|
18
|
+
* Resolves the actor's numeric id via the Users API (`/users?username=`) then the
|
|
19
|
+
* project membership via the Members API (`/projects/:id/members/all/:user_id`),
|
|
20
|
+
* both through the injected authenticated glab executor. Results are cached per
|
|
21
|
+
* username with a TTL. Every failure mode — lookup error, timeout, ambiguous match
|
|
22
|
+
* (more than one user), unknown username (empty list), non-member, or an
|
|
23
|
+
* access_level outside the known scale — resolves to `null` (non-trusted). The
|
|
24
|
+
* cache keys strictly on username, so a trusted result for one actor never widens
|
|
25
|
+
* trust for another (AC5).
|
|
26
|
+
*/
|
|
27
|
+
export class GitLabMemberAccessCliGateway {
|
|
28
|
+
executor;
|
|
29
|
+
cache = new Map();
|
|
30
|
+
ttlMs;
|
|
31
|
+
clock;
|
|
32
|
+
constructor(executor, options) {
|
|
33
|
+
this.executor = executor;
|
|
34
|
+
this.ttlMs = options?.ttlMs ?? DEFAULT_TTL_MS;
|
|
35
|
+
this.clock = options?.clock ?? (() => Date.now());
|
|
36
|
+
}
|
|
37
|
+
async resolve(projectPath, username) {
|
|
38
|
+
const cacheKey = `${projectPath} ${username}`;
|
|
39
|
+
const cached = this.cache.get(cacheKey);
|
|
40
|
+
if (cached && cached.expiresAt > this.clock()) {
|
|
41
|
+
return cached.accessLevel;
|
|
42
|
+
}
|
|
43
|
+
const accessLevel = this.lookup(projectPath, username);
|
|
44
|
+
this.cache.set(cacheKey, { accessLevel, expiresAt: this.clock() + this.ttlMs });
|
|
45
|
+
return accessLevel;
|
|
46
|
+
}
|
|
47
|
+
lookup(projectPath, username) {
|
|
48
|
+
const userId = this.resolveUserId(username);
|
|
49
|
+
if (userId === null) {
|
|
50
|
+
return null;
|
|
51
|
+
}
|
|
52
|
+
return this.resolveMembership(projectPath, userId);
|
|
53
|
+
}
|
|
54
|
+
resolveUserId(username) {
|
|
55
|
+
try {
|
|
56
|
+
const encodedUsername = encodeURIComponent(username);
|
|
57
|
+
const response = this.executor(`glab api users?username=${encodedUsername}`);
|
|
58
|
+
const parsed = gitLabUserListSchema.safeParse(JSON.parse(response));
|
|
59
|
+
if (!parsed.success || parsed.data.length !== 1) {
|
|
60
|
+
return null;
|
|
61
|
+
}
|
|
62
|
+
return parsed.data[0].id;
|
|
63
|
+
}
|
|
64
|
+
catch {
|
|
65
|
+
return null;
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
resolveMembership(projectPath, userId) {
|
|
69
|
+
try {
|
|
70
|
+
const encodedProject = projectPath.replace(/\//g, '%2F');
|
|
71
|
+
const response = this.executor(`glab api projects/${encodedProject}/members/all/${userId}`);
|
|
72
|
+
const parsed = gitLabMemberSchema.safeParse(JSON.parse(response));
|
|
73
|
+
if (!parsed.success) {
|
|
74
|
+
return null;
|
|
75
|
+
}
|
|
76
|
+
return toKnownAccessLevel(parsed.data.access_level);
|
|
77
|
+
}
|
|
78
|
+
catch {
|
|
79
|
+
return null;
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
}
|
|
83
|
+
//# sourceMappingURL=memberAccess.gitlab.cli.gateway.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"memberAccess.gitlab.cli.gateway.js","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/interface-adapters/gateways/memberAccess.gitlab.cli.gateway.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACL,oBAAoB,GAGrB,MAAM,sEAAsE,CAAC;AAS9E,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAErC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AAC5D,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;AACvD,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AAExE,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAS,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,CAAC;AAOjF,SAAS,kBAAkB,CAAC,KAAa;IACvC,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,KAAK,KAAK,CAAC,CAAC;IACnF,OAAO,KAAK,IAAI,IAAI,CAAC;AACvB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,4BAA4B;IAMpB;IALF,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IACtC,KAAK,CAAS;IACd,KAAK,CAAe;IAErC,YACmB,QAAyB,EAC1C,OAA4C;QAD3B,aAAQ,GAAR,QAAQ,CAAiB;QAG1C,IAAI,CAAC,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,cAAc,CAAC;QAC9C,IAAI,CAAC,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,WAAmB,EAAE,QAAgB;QACjD,MAAM,QAAQ,GAAG,GAAG,WAAW,IAAI,QAAQ,EAAE,CAAC;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACxC,IAAI,MAAM,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;YAC9C,OAAO,MAAM,CAAC,WAAW,CAAC;QAC5B,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QAChF,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,MAAM,CAAC,WAAmB,EAAE,QAAgB;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC5C,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,iBAAiB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IACrD,CAAC;IAEO,aAAa,CAAC,QAAgB;QACpC,IAAI,CAAC;YACH,MAAM,eAAe,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,2BAA2B,eAAe,EAAE,CAAC,CAAC;YAC7E,MAAM,MAAM,GAAG,oBAAoB,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;YACpE,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAChD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,iBAAiB,CAAC,WAAmB,EAAE,MAAc;QAC3D,IAAI,CAAC;YACH,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAC5B,qBAAqB,cAAc,gBAAgB,MAAM,EAAE,CAC5D,CAAC;YACF,MAAM,MAAM,GAAG,kBAAkB,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC;YAClE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACtD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}
|
package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.d.ts
ADDED
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { type ExecutorFileWriter, type ScopedExecutorEnv } from '../../../../modules/platform-integration/services/scopedExecutorEnvironment.js';
|
|
2
|
+
import type { CommandExecutor } from '../../../../modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.js';
|
|
3
|
+
export type ScopedSpawn = (command: string, env: ScopedExecutorEnv, cwd: string) => string;
|
|
4
|
+
export interface CreateScopedGitLabExecutorInput {
|
|
5
|
+
parentEnv: Record<string, string | undefined>;
|
|
6
|
+
isolatedDir: string;
|
|
7
|
+
fileWriter: ExecutorFileWriter;
|
|
8
|
+
spawn: ScopedSpawn;
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Builds a CommandExecutor whose GitLab credential is a dedicated service token (AC1,
|
|
12
|
+
* fail-closed at construction), whose process env is an allowlist with the token never
|
|
13
|
+
* present (AC2/AC3), and which runs against an isolated HOME/GLAB_CONFIG_DIR holding the
|
|
14
|
+
* token in its own glab config file (AC4). Never inherits the ambient admin token.
|
|
15
|
+
*/
|
|
16
|
+
export declare function createScopedGitLabExecutor(input: CreateScopedGitLabExecutorInput): CommandExecutor;
|
|
17
|
+
//# sourceMappingURL=scopedGitLabExecutor.d.ts.map
|
package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.d.ts.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scopedGitLabExecutor.d.ts","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACvB,MAAM,sEAAsE,CAAA;AAC7E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0FAA0F,CAAA;AAE/H,MAAM,MAAM,WAAW,GAAG,CACxB,OAAO,EAAE,MAAM,EACf,GAAG,EAAE,iBAAiB,EACtB,GAAG,EAAE,MAAM,KACR,MAAM,CAAA;AAEX,MAAM,WAAW,+BAA+B;IAC9C,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;IAC7C,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,kBAAkB,CAAA;IAC9B,KAAK,EAAE,WAAW,CAAA;CACnB;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CACxC,KAAK,EAAE,+BAA+B,GACrC,eAAe,CAUjB"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { buildScopedExecutorEnvironment, } from '../../../../modules/platform-integration/services/scopedExecutorEnvironment.js';
|
|
2
|
+
/**
|
|
3
|
+
* Builds a CommandExecutor whose GitLab credential is a dedicated service token (AC1,
|
|
4
|
+
* fail-closed at construction), whose process env is an allowlist with the token never
|
|
5
|
+
* present (AC2/AC3), and which runs against an isolated HOME/GLAB_CONFIG_DIR holding the
|
|
6
|
+
* token in its own glab config file (AC4). Never inherits the ambient admin token.
|
|
7
|
+
*/
|
|
8
|
+
export function createScopedGitLabExecutor(input) {
|
|
9
|
+
const { env } = buildScopedExecutorEnvironment({
|
|
10
|
+
parentEnv: input.parentEnv,
|
|
11
|
+
isolatedDir: input.isolatedDir,
|
|
12
|
+
fileWriter: input.fileWriter,
|
|
13
|
+
});
|
|
14
|
+
const cwd = env.HOME ?? input.isolatedDir;
|
|
15
|
+
return (command) => input.spawn(command, env, cwd);
|
|
16
|
+
}
|
|
17
|
+
//# sourceMappingURL=scopedGitLabExecutor.js.map
|
package/dist/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scopedGitLabExecutor.js","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,8BAA8B,GAG/B,MAAM,sEAAsE,CAAA;AAgB7E;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CACxC,KAAsC;IAEtC,MAAM,EAAE,GAAG,EAAE,GAAG,8BAA8B,CAAC;QAC7C,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,UAAU,EAAE,KAAK,CAAC,UAAU;KAC7B,CAAC,CAAA;IAEF,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,IAAI,KAAK,CAAC,WAAW,CAAA;IAEzC,OAAO,CAAC,OAAe,EAAU,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;AACpE,CAAC"}
|
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
import type { ThreadFetchGateway } from '../../../../modules/platform-integration/entities/threadFetch/threadFetch.gateway.js';
|
|
2
2
|
import type { ReviewContextThread } from '../../../../modules/review-execution/entities/reviewContext/reviewContext.js';
|
|
3
3
|
export type CommandExecutor = (command: string) => string;
|
|
4
|
+
/**
|
|
5
|
+
* Fail-closed scoped GitLab executor (SPEC-196 AC1-AC4). Built lazily on first use so the
|
|
6
|
+
* dedicated service token is read at construction time; if absent it throws and no job is
|
|
7
|
+
* started. The token never enters the child env (AC3); it lives in an isolated glab config
|
|
8
|
+
* file under a per-process HOME/GLAB_CONFIG_DIR (AC4). Never inherits the ambient admin token.
|
|
9
|
+
*/
|
|
4
10
|
export declare const defaultGitLabExecutor: CommandExecutor;
|
|
5
11
|
export declare class GitLabThreadFetchGateway implements ThreadFetchGateway {
|
|
6
12
|
private readonly executor;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"threadFetch.gitlab.gateway.d.ts","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"threadFetch.gitlab.gateway.d.ts","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,4EAA4E,CAAA;AACpH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oEAAoE,CAAA;AAI7G,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,EAAE,MAAM,KAAK,MAAM,CAAA;AAczD;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,EAAE,eAWnC,CAAA;AAmBD,qBAAa,wBAAyB,YAAW,kBAAkB;IACrD,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAAR,QAAQ,EAAE,eAAe;IAEtD,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,GAAG,mBAAmB,EAAE;CAwBrF"}
|
package/dist/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.js
CHANGED
|
@@ -1,6 +1,33 @@
|
|
|
1
1
|
import { execSync } from 'node:child_process';
|
|
2
|
+
import { mkdirSync, writeFileSync } from 'node:fs';
|
|
3
|
+
import { dirname } from 'node:path';
|
|
4
|
+
import { tmpdir } from 'node:os';
|
|
5
|
+
import { createScopedGitLabExecutor } from '../../../../modules/platform-integration/interface-adapters/gateways/scopedGitLabExecutor.js';
|
|
6
|
+
const realFileWriter = {
|
|
7
|
+
write(path, contents) {
|
|
8
|
+
mkdirSync(dirname(path), { recursive: true });
|
|
9
|
+
writeFileSync(path, contents, { mode: 0o600 });
|
|
10
|
+
},
|
|
11
|
+
};
|
|
12
|
+
const scopedSpawn = (command, env, cwd) => execSync(command, { encoding: 'utf-8', timeout: 30000, env, cwd });
|
|
13
|
+
let scopedExecutor = null;
|
|
14
|
+
/**
|
|
15
|
+
* Fail-closed scoped GitLab executor (SPEC-196 AC1-AC4). Built lazily on first use so the
|
|
16
|
+
* dedicated service token is read at construction time; if absent it throws and no job is
|
|
17
|
+
* started. The token never enters the child env (AC3); it lives in an isolated glab config
|
|
18
|
+
* file under a per-process HOME/GLAB_CONFIG_DIR (AC4). Never inherits the ambient admin token.
|
|
19
|
+
*/
|
|
2
20
|
export const defaultGitLabExecutor = (command) => {
|
|
3
|
-
|
|
21
|
+
if (scopedExecutor === null) {
|
|
22
|
+
const isolatedDir = `${tmpdir()}/reviewflow-executor-${process.pid}`;
|
|
23
|
+
scopedExecutor = createScopedGitLabExecutor({
|
|
24
|
+
parentEnv: process.env,
|
|
25
|
+
isolatedDir,
|
|
26
|
+
fileWriter: realFileWriter,
|
|
27
|
+
spawn: scopedSpawn,
|
|
28
|
+
});
|
|
29
|
+
}
|
|
30
|
+
return scopedExecutor(command);
|
|
4
31
|
};
|
|
5
32
|
export class GitLabThreadFetchGateway {
|
|
6
33
|
executor;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"threadFetch.gitlab.gateway.js","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;
|
|
1
|
+
{"version":3,"file":"threadFetch.gitlab.gateway.js","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/interface-adapters/gateways/threadFetch.gitlab.gateway.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAC7C,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AAClD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAA;AAGhC,OAAO,EAAE,0BAA0B,EAAE,MAAM,oFAAoF,CAAA;AAK/H,MAAM,cAAc,GAAuB;IACzC,KAAK,CAAC,IAAY,EAAE,QAAgB;QAClC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;QAC7C,aAAa,CAAC,IAAI,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAA;IAChD,CAAC;CACF,CAAA;AAED,MAAM,WAAW,GAAG,CAAC,OAAe,EAAE,GAAsB,EAAE,GAAW,EAAU,EAAE,CACnF,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAA;AAEpE,IAAI,cAAc,GAA2B,IAAI,CAAA;AAEjD;;;;;GAKG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAoB,CAAC,OAAe,EAAU,EAAE;IAChF,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QAC5B,MAAM,WAAW,GAAG,GAAG,MAAM,EAAE,wBAAwB,OAAO,CAAC,GAAG,EAAE,CAAA;QACpE,cAAc,GAAG,0BAA0B,CAAC;YAC1C,SAAS,EAAE,OAAO,CAAC,GAAG;YACtB,WAAW;YACX,UAAU,EAAE,cAAc;YAC1B,KAAK,EAAE,WAAW;SACnB,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,cAAc,CAAC,OAAO,CAAC,CAAA;AAChC,CAAC,CAAA;AAmBD,MAAM,OAAO,wBAAwB;IACN;IAA7B,YAA6B,QAAyB;QAAzB,aAAQ,GAAR,QAAQ,CAAiB;IAAG,CAAC;IAE1D,YAAY,CAAC,WAAmB,EAAE,kBAA0B;QAC1D,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;QACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAC5B,qBAAqB,cAAc,mBAAmB,kBAAkB,cAAc,CACvF,CAAA;QACD,MAAM,WAAW,GAAuB,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;QAE5D,MAAM,OAAO,GAA0B,EAAE,CAAA;QAEzC,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YACrC,IAAI,CAAC,SAAS,EAAE,UAAU;gBAAE,SAAQ;YAEpC,OAAO,CAAC,IAAI,CAAC;gBACX,EAAE,EAAE,UAAU,CAAC,EAAE;gBACjB,IAAI,EAAE,SAAS,CAAC,QAAQ,EAAE,QAAQ,IAAI,IAAI;gBAC1C,IAAI,EAAE,SAAS,CAAC,QAAQ,EAAE,QAAQ,IAAI,IAAI;gBAC1C,MAAM,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM;gBAChD,IAAI,EAAE,SAAS,CAAC,IAAI;aACrB,CAAC,CAAA;QACJ,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;CACF"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
import type { ClientIpResolutionInput, ClientIpResolver } from '../../../../../modules/platform-integration/entities/transport/clientIpResolver.gateway.js';
|
|
2
|
+
export declare class ForwardedForClientIpResolver implements ClientIpResolver {
|
|
3
|
+
resolve(input: ClientIpResolutionInput): string | null;
|
|
4
|
+
}
|
|
5
|
+
//# sourceMappingURL=clientIpResolver.forwardedFor.gateway.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"clientIpResolver.forwardedFor.gateway.d.ts","sourceRoot":"","sources":["../../../../../../src/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,uBAAuB,EACvB,gBAAgB,EACjB,MAAM,+EAA+E,CAAC;AAEvF,qBAAa,4BAA6B,YAAW,gBAAgB;IACnE,OAAO,CAAC,KAAK,EAAE,uBAAuB,GAAG,MAAM,GAAG,IAAI;CAgBvD"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
export class ForwardedForClientIpResolver {
|
|
2
|
+
resolve(input) {
|
|
3
|
+
if (!input.socketTrusted) {
|
|
4
|
+
return null;
|
|
5
|
+
}
|
|
6
|
+
if (input.forwardedFor === null) {
|
|
7
|
+
return null;
|
|
8
|
+
}
|
|
9
|
+
const leftmost = input.forwardedFor.split(',')[0]?.trim();
|
|
10
|
+
if (!leftmost) {
|
|
11
|
+
return null;
|
|
12
|
+
}
|
|
13
|
+
return leftmost;
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
//# sourceMappingURL=clientIpResolver.forwardedFor.gateway.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"clientIpResolver.forwardedFor.gateway.js","sourceRoot":"","sources":["../../../../../../src/modules/platform-integration/interface-adapters/gateways/transport/clientIpResolver.forwardedFor.gateway.ts"],"names":[],"mappings":"AAKA,MAAM,OAAO,4BAA4B;IACvC,OAAO,CAAC,KAA8B;QACpC,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,KAAK,CAAC,YAAY,KAAK,IAAI,EAAE,CAAC;YAChC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;QAC1D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type { ReviewAction } from '../../../modules/review-execution/entities/reviewAction/reviewAction.js';
|
|
2
|
+
export type ActionCapability = 'readMr' | 'postComment' | 'threadResolve' | 'revoke' | 'addLabel';
|
|
3
|
+
export declare function capabilityForAction(action: ReviewAction): ActionCapability;
|
|
4
|
+
export interface AutoExecutorActionFilterResult {
|
|
5
|
+
allowed: ReviewAction[];
|
|
6
|
+
dropped: ReviewAction[];
|
|
7
|
+
}
|
|
8
|
+
export declare function filterAutoExecutorActions(actions: ReviewAction[]): AutoExecutorActionFilterResult;
|
|
9
|
+
//# sourceMappingURL=autoExecutorActionFilter.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"autoExecutorActionFilter.d.ts","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/autoExecutorActionFilter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kEAAkE,CAAA;AAGpG,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,aAAa,GAAG,eAAe,GAAG,QAAQ,GAAG,UAAU,CAAA;AAEjG,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,YAAY,GAAG,gBAAgB,CAa1E;AAED,MAAM,WAAW,8BAA8B;IAC7C,OAAO,EAAE,YAAY,EAAE,CAAA;IACvB,OAAO,EAAE,YAAY,EAAE,CAAA;CACxB;AASD,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,8BAA8B,CAajG"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import { AUTO_EXECUTOR_CAPABILITIES } from '../../../modules/platform-integration/entities/executorToken/executorCapability.js';
|
|
2
|
+
export function capabilityForAction(action) {
|
|
3
|
+
switch (action.type) {
|
|
4
|
+
case 'FETCH_THREADS':
|
|
5
|
+
return 'readMr';
|
|
6
|
+
case 'POST_COMMENT':
|
|
7
|
+
case 'THREAD_REPLY':
|
|
8
|
+
case 'POST_INLINE_COMMENT':
|
|
9
|
+
return 'postComment';
|
|
10
|
+
case 'THREAD_RESOLVE':
|
|
11
|
+
return 'threadResolve';
|
|
12
|
+
case 'ADD_LABEL':
|
|
13
|
+
return 'addLabel';
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
function isAutoCapability(capability) {
|
|
17
|
+
return ((capability === 'readMr' || capability === 'postComment') &&
|
|
18
|
+
AUTO_EXECUTOR_CAPABILITIES.has(capability));
|
|
19
|
+
}
|
|
20
|
+
export function filterAutoExecutorActions(actions) {
|
|
21
|
+
const allowed = [];
|
|
22
|
+
const dropped = [];
|
|
23
|
+
for (const action of actions) {
|
|
24
|
+
if (isAutoCapability(capabilityForAction(action))) {
|
|
25
|
+
allowed.push(action);
|
|
26
|
+
}
|
|
27
|
+
else {
|
|
28
|
+
dropped.push(action);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
return { allowed, dropped };
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=autoExecutorActionFilter.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"autoExecutorActionFilter.js","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/autoExecutorActionFilter.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,0BAA0B,EAAE,MAAM,6EAA6E,CAAA;AAIxH,MAAM,UAAU,mBAAmB,CAAC,MAAoB;IACtD,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,eAAe;YAClB,OAAO,QAAQ,CAAA;QACjB,KAAK,cAAc,CAAC;QACpB,KAAK,cAAc,CAAC;QACpB,KAAK,qBAAqB;YACxB,OAAO,aAAa,CAAA;QACtB,KAAK,gBAAgB;YACnB,OAAO,eAAe,CAAA;QACxB,KAAK,WAAW;YACd,OAAO,UAAU,CAAA;IACrB,CAAC;AACH,CAAC;AAOD,SAAS,gBAAgB,CAAC,UAA4B;IACpD,OAAO,CACL,CAAC,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,aAAa,CAAC;QACzD,0BAA0B,CAAC,GAAG,CAAC,UAAU,CAAC,CAC3C,CAAA;AACH,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,OAAuB;IAC/D,MAAM,OAAO,GAAmB,EAAE,CAAA;IAClC,MAAM,OAAO,GAAmB,EAAE,CAAA;IAElC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,gBAAgB,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC;YAClD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACtB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACtB,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAA;AAC7B,CAAC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
export interface PinnedThreadFetchTarget {
|
|
2
|
+
projectPath: string;
|
|
3
|
+
mrNumber: number;
|
|
4
|
+
}
|
|
5
|
+
interface ResolvedRepository {
|
|
6
|
+
projectPath: string;
|
|
7
|
+
}
|
|
8
|
+
export interface ResolvePinnedThreadFetchTargetInput {
|
|
9
|
+
payloadProjectPath: string;
|
|
10
|
+
payloadMrNumber: number;
|
|
11
|
+
findRepository: (projectPath: string) => ResolvedRepository | null | undefined;
|
|
12
|
+
gatedMrNumber: number | null;
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
* Anchors the (projectPath, mrNumber) pair driving fetchThreads to a server-validated
|
|
16
|
+
* source (AC9). The forgeable webhook payload is never used as-is to widen scope:
|
|
17
|
+
* - projectPath MUST resolve to a configured repository.
|
|
18
|
+
* - mrNumber MUST equal the merge-request that passed the upstream trusted-actor gate.
|
|
19
|
+
* If either cannot be established, the action surface is empty (null, fail-closed).
|
|
20
|
+
*/
|
|
21
|
+
export declare function resolvePinnedThreadFetchTarget(input: ResolvePinnedThreadFetchTargetInput): PinnedThreadFetchTarget | null;
|
|
22
|
+
export {};
|
|
23
|
+
//# sourceMappingURL=pinnedThreadFetchTarget.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pinnedThreadFetchTarget.d.ts","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/pinnedThreadFetchTarget.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,uBAAuB;IACtC,WAAW,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,UAAU,kBAAkB;IAC1B,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,mCAAmC;IAClD,kBAAkB,EAAE,MAAM,CAAA;IAC1B,eAAe,EAAE,MAAM,CAAA;IACvB,cAAc,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,kBAAkB,GAAG,IAAI,GAAG,SAAS,CAAA;IAC9E,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;AAED;;;;;;GAMG;AACH,wBAAgB,8BAA8B,CAC5C,KAAK,EAAE,mCAAmC,GACzC,uBAAuB,GAAG,IAAI,CAchC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Anchors the (projectPath, mrNumber) pair driving fetchThreads to a server-validated
|
|
3
|
+
* source (AC9). The forgeable webhook payload is never used as-is to widen scope:
|
|
4
|
+
* - projectPath MUST resolve to a configured repository.
|
|
5
|
+
* - mrNumber MUST equal the merge-request that passed the upstream trusted-actor gate.
|
|
6
|
+
* If either cannot be established, the action surface is empty (null, fail-closed).
|
|
7
|
+
*/
|
|
8
|
+
export function resolvePinnedThreadFetchTarget(input) {
|
|
9
|
+
const repository = input.findRepository(input.payloadProjectPath);
|
|
10
|
+
if (!repository) {
|
|
11
|
+
return null;
|
|
12
|
+
}
|
|
13
|
+
if (input.gatedMrNumber === null || input.payloadMrNumber !== input.gatedMrNumber) {
|
|
14
|
+
return null;
|
|
15
|
+
}
|
|
16
|
+
return {
|
|
17
|
+
projectPath: repository.projectPath,
|
|
18
|
+
mrNumber: input.gatedMrNumber,
|
|
19
|
+
};
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=pinnedThreadFetchTarget.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pinnedThreadFetchTarget.js","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/pinnedThreadFetchTarget.ts"],"names":[],"mappings":"AAgBA;;;;;;GAMG;AACH,MAAM,UAAU,8BAA8B,CAC5C,KAA0C;IAE1C,MAAM,UAAU,GAAG,KAAK,CAAC,cAAc,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAA;IACjE,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,IAAI,CAAA;IACb,CAAC;IAED,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,IAAI,KAAK,CAAC,eAAe,KAAK,KAAK,CAAC,aAAa,EAAE,CAAC;QAClF,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO;QACL,WAAW,EAAE,UAAU,CAAC,WAAW;QACnC,QAAQ,EAAE,KAAK,CAAC,aAAa;KAC9B,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
export declare const EXECUTOR_TOKEN_ENV_KEY = "REVIEWFLOW_EXECUTOR_TOKEN";
|
|
2
|
+
export declare const ENV_ALLOWLIST: readonly ["PATH", "HOME", "GLAB_CONFIG_DIR", "LANG"];
|
|
3
|
+
export type AllowlistedEnvKey = (typeof ENV_ALLOWLIST)[number];
|
|
4
|
+
export type ScopedExecutorEnv = Partial<Record<AllowlistedEnvKey, string>>;
|
|
5
|
+
export declare class MissingExecutorTokenError extends Error {
|
|
6
|
+
constructor();
|
|
7
|
+
}
|
|
8
|
+
export interface ExecutorFileWriter {
|
|
9
|
+
write(path: string, contents: string): void;
|
|
10
|
+
}
|
|
11
|
+
export interface BuildScopedExecutorEnvironmentInput {
|
|
12
|
+
parentEnv: Record<string, string | undefined>;
|
|
13
|
+
isolatedDir: string;
|
|
14
|
+
fileWriter: ExecutorFileWriter;
|
|
15
|
+
}
|
|
16
|
+
export interface ScopedExecutorEnvironment {
|
|
17
|
+
env: ScopedExecutorEnv;
|
|
18
|
+
configFilePath: string;
|
|
19
|
+
}
|
|
20
|
+
export declare function buildScopedExecutorEnvironment(input: BuildScopedExecutorEnvironmentInput): ScopedExecutorEnvironment;
|
|
21
|
+
//# sourceMappingURL=scopedExecutorEnvironment.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scopedExecutorEnvironment.d.ts","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/scopedExecutorEnvironment.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,sBAAsB,8BAA8B,CAAA;AAEjE,eAAO,MAAM,aAAa,sDAAuD,CAAA;AAEjF,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAA;AAE9D,MAAM,MAAM,iBAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC,CAAA;AAE1E,qBAAa,yBAA0B,SAAQ,KAAK;;CAOnD;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CAC5C;AAED,MAAM,WAAW,mCAAmC;IAClD,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAA;IAC7C,WAAW,EAAE,MAAM,CAAA;IACnB,UAAU,EAAE,kBAAkB,CAAA;CAC/B;AAED,MAAM,WAAW,yBAAyB;IACxC,GAAG,EAAE,iBAAiB,CAAA;IACtB,cAAc,EAAE,MAAM,CAAA;CACvB;AAYD,wBAAgB,8BAA8B,CAC5C,KAAK,EAAE,mCAAmC,GACzC,yBAAyB,CAwB3B"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
export const EXECUTOR_TOKEN_ENV_KEY = 'REVIEWFLOW_EXECUTOR_TOKEN';
|
|
2
|
+
export const ENV_ALLOWLIST = ['PATH', 'HOME', 'GLAB_CONFIG_DIR', 'LANG'];
|
|
3
|
+
export class MissingExecutorTokenError extends Error {
|
|
4
|
+
constructor() {
|
|
5
|
+
super(`Executor service token (${EXECUTOR_TOKEN_ENV_KEY}) is absent or empty; refusing to start with the ambient token.`);
|
|
6
|
+
this.name = 'MissingExecutorTokenError';
|
|
7
|
+
}
|
|
8
|
+
}
|
|
9
|
+
function renderGlabConfig(token) {
|
|
10
|
+
return [
|
|
11
|
+
'hosts:',
|
|
12
|
+
' gitlab.com:',
|
|
13
|
+
` token: ${token}`,
|
|
14
|
+
' api_protocol: https',
|
|
15
|
+
'',
|
|
16
|
+
].join('\n');
|
|
17
|
+
}
|
|
18
|
+
export function buildScopedExecutorEnvironment(input) {
|
|
19
|
+
const token = input.parentEnv[EXECUTOR_TOKEN_ENV_KEY]?.trim();
|
|
20
|
+
if (!token) {
|
|
21
|
+
throw new MissingExecutorTokenError();
|
|
22
|
+
}
|
|
23
|
+
const home = `${input.isolatedDir}/home`;
|
|
24
|
+
const glabConfigDir = `${input.isolatedDir}/glab-config`;
|
|
25
|
+
const env = {
|
|
26
|
+
HOME: home,
|
|
27
|
+
GLAB_CONFIG_DIR: glabConfigDir,
|
|
28
|
+
};
|
|
29
|
+
const path = input.parentEnv.PATH;
|
|
30
|
+
if (path)
|
|
31
|
+
env.PATH = path;
|
|
32
|
+
const lang = input.parentEnv.LANG;
|
|
33
|
+
if (lang)
|
|
34
|
+
env.LANG = lang;
|
|
35
|
+
const configFilePath = `${glabConfigDir}/glab-cli/config.yml`;
|
|
36
|
+
input.fileWriter.write(configFilePath, renderGlabConfig(token));
|
|
37
|
+
return { env, configFilePath };
|
|
38
|
+
}
|
|
39
|
+
//# sourceMappingURL=scopedExecutorEnvironment.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"scopedExecutorEnvironment.js","sourceRoot":"","sources":["../../../../src/modules/platform-integration/services/scopedExecutorEnvironment.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,sBAAsB,GAAG,2BAA2B,CAAA;AAEjE,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,CAAU,CAAA;AAMjF,MAAM,OAAO,yBAA0B,SAAQ,KAAK;IAClD;QACE,KAAK,CACH,2BAA2B,sBAAsB,iEAAiE,CACnH,CAAA;QACD,IAAI,CAAC,IAAI,GAAG,2BAA2B,CAAA;IACzC,CAAC;CACF;AAiBD,SAAS,gBAAgB,CAAC,KAAa;IACrC,OAAO;QACL,QAAQ;QACR,eAAe;QACf,cAAc,KAAK,EAAE;QACrB,yBAAyB;QACzB,EAAE;KACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACd,CAAC;AAED,MAAM,UAAU,8BAA8B,CAC5C,KAA0C;IAE1C,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,sBAAsB,CAAC,EAAE,IAAI,EAAE,CAAA;IAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,yBAAyB,EAAE,CAAA;IACvC,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,KAAK,CAAC,WAAW,OAAO,CAAA;IACxC,MAAM,aAAa,GAAG,GAAG,KAAK,CAAC,WAAW,cAAc,CAAA;IAExD,MAAM,GAAG,GAAsB;QAC7B,IAAI,EAAE,IAAI;QACV,eAAe,EAAE,aAAa;KAC/B,CAAA;IAED,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAA;IACjC,IAAI,IAAI;QAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAA;IAEzB,MAAM,IAAI,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAA;IACjC,IAAI,IAAI;QAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAA;IAEzB,MAAM,cAAc,GAAG,GAAG,aAAa,sBAAsB,CAAA;IAC7D,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,cAAc,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAA;IAE/D,OAAO,EAAE,GAAG,EAAE,cAAc,EAAE,CAAA;AAChC,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import type { MemberAccessGateway } from '../../../modules/platform-integration/entities/memberAccess/memberAccess.gateway.js';
|
|
2
|
+
export interface IsTrustedActorInput {
|
|
3
|
+
username: string;
|
|
4
|
+
projectPath: string;
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* Decides whether the trigger actor is a trusted (Developer+) member of the target
|
|
8
|
+
* project (SPEC-197). Consumes the fail-closed MemberAccessGateway: any resolution
|
|
9
|
+
* failure or sub-Developer level collapses to non-trusted, so a thrown lookup never
|
|
10
|
+
* widens trust.
|
|
11
|
+
*/
|
|
12
|
+
export declare class IsTrustedActorUseCase {
|
|
13
|
+
private readonly memberAccessGateway;
|
|
14
|
+
constructor(memberAccessGateway: MemberAccessGateway);
|
|
15
|
+
execute(input: IsTrustedActorInput): Promise<boolean>;
|
|
16
|
+
}
|
|
17
|
+
//# sourceMappingURL=isTrustedActor.usecase.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"isTrustedActor.usecase.d.ts","sourceRoot":"","sources":["../../../../src/modules/platform-integration/usecases/isTrustedActor.usecase.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,8EAA8E,CAAC;AAGxH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;GAKG;AACH,qBAAa,qBAAqB;IACpB,OAAO,CAAC,QAAQ,CAAC,mBAAmB;gBAAnB,mBAAmB,EAAE,mBAAmB;IAE/D,OAAO,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO,CAAC,OAAO,CAAC;CAQ5D"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import { isDeveloperOrAbove } from '../../../modules/platform-integration/entities/memberAccess/memberAccess.js';
|
|
2
|
+
/**
|
|
3
|
+
* Decides whether the trigger actor is a trusted (Developer+) member of the target
|
|
4
|
+
* project (SPEC-197). Consumes the fail-closed MemberAccessGateway: any resolution
|
|
5
|
+
* failure or sub-Developer level collapses to non-trusted, so a thrown lookup never
|
|
6
|
+
* widens trust.
|
|
7
|
+
*/
|
|
8
|
+
export class IsTrustedActorUseCase {
|
|
9
|
+
memberAccessGateway;
|
|
10
|
+
constructor(memberAccessGateway) {
|
|
11
|
+
this.memberAccessGateway = memberAccessGateway;
|
|
12
|
+
}
|
|
13
|
+
async execute(input) {
|
|
14
|
+
try {
|
|
15
|
+
const accessLevel = await this.memberAccessGateway.resolve(input.projectPath, input.username);
|
|
16
|
+
return isDeveloperOrAbove(accessLevel);
|
|
17
|
+
}
|
|
18
|
+
catch {
|
|
19
|
+
return false;
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
//# sourceMappingURL=isTrustedActor.usecase.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"isTrustedActor.usecase.js","sourceRoot":"","sources":["../../../../src/modules/platform-integration/usecases/isTrustedActor.usecase.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sEAAsE,CAAC;AAO1G;;;;;GAKG;AACH,MAAM,OAAO,qBAAqB;IACH;IAA7B,YAA6B,mBAAwC;QAAxC,wBAAmB,GAAnB,mBAAmB,CAAqB;IAAG,CAAC;IAEzE,KAAK,CAAC,OAAO,CAAC,KAA0B;QACtC,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC9F,OAAO,kBAAkB,CAAC,WAAW,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
import type { TransportContext, TransportDecision } from '../../../../modules/platform-integration/entities/transport/transportContext.js';
|
|
2
|
+
export declare function evaluateTransport(context: TransportContext): TransportDecision;
|
|
3
|
+
//# sourceMappingURL=evaluateTransport.usecase.d.ts.map
|
package/dist/modules/platform-integration/usecases/transport/evaluateTransport.usecase.d.ts.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evaluateTransport.usecase.d.ts","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/usecases/transport/evaluateTransport.usecase.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,iBAAiB,EAClB,MAAM,uEAAuE,CAAC;AAK/E,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,gBAAgB,GAAG,iBAAiB,CAmB9E"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { isIpInCidr } from '../../../../modules/platform-integration/entities/transport/cidr.js';
|
|
2
|
+
const REJECT_STATUS = 403;
|
|
3
|
+
export function evaluateTransport(context) {
|
|
4
|
+
if (context.directSocketAddress !== context.trustedHopAddress) {
|
|
5
|
+
return { kind: 'reject', status: REJECT_STATUS, reason: 'untrusted-socket' };
|
|
6
|
+
}
|
|
7
|
+
if (context.forwardedProto !== 'https') {
|
|
8
|
+
return { kind: 'reject', status: REJECT_STATUS, reason: 'non-https' };
|
|
9
|
+
}
|
|
10
|
+
const clientIp = context.resolvedClientIp;
|
|
11
|
+
const allowed = clientIp !== null &&
|
|
12
|
+
context.allowedCidrRanges.some((range) => isIpInCidr(clientIp, range));
|
|
13
|
+
if (!allowed) {
|
|
14
|
+
return { kind: 'reject', status: REJECT_STATUS, reason: 'off-allowlist' };
|
|
15
|
+
}
|
|
16
|
+
return { kind: 'accept' };
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=evaluateTransport.usecase.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"evaluateTransport.usecase.js","sourceRoot":"","sources":["../../../../../src/modules/platform-integration/usecases/transport/evaluateTransport.usecase.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,UAAU,EAAE,MAAM,2DAA2D,CAAC;AAEvF,MAAM,aAAa,GAAG,GAAG,CAAC;AAE1B,MAAM,UAAU,iBAAiB,CAAC,OAAyB;IACzD,IAAI,OAAO,CAAC,mBAAmB,KAAK,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAC9D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,OAAO,CAAC,cAAc,KAAK,OAAO,EAAE,CAAC;QACvC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IACxE,CAAC;IAED,MAAM,QAAQ,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAC1C,MAAM,OAAO,GACX,QAAQ,KAAK,IAAI;QACjB,OAAO,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IAEzE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;IAC5E,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAC5B,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
export type Provenance = 'trusted' | 'untrusted';
|
|
2
|
+
/**
|
|
3
|
+
* Fail-closed provenance resolver.
|
|
4
|
+
* Only the exact canonical token resolves to `trusted`; every other value
|
|
5
|
+
* (including casing, padding, non-string types, null/undefined) is `untrusted`.
|
|
6
|
+
* `trusted` is NEVER derived from a payload field.
|
|
7
|
+
*/
|
|
8
|
+
export declare function resolveProvenance(value: unknown): Provenance;
|
|
9
|
+
//# sourceMappingURL=actionProvenance.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"actionProvenance.d.ts","sourceRoot":"","sources":["../../../../../src/modules/review-execution/entities/actionProvenance/actionProvenance.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,WAAW,CAAA;AAIhD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,OAAO,GAAG,UAAU,CAE5D"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
const CANONICAL_TRUSTED = 'trusted';
|
|
2
|
+
/**
|
|
3
|
+
* Fail-closed provenance resolver.
|
|
4
|
+
* Only the exact canonical token resolves to `trusted`; every other value
|
|
5
|
+
* (including casing, padding, non-string types, null/undefined) is `untrusted`.
|
|
6
|
+
* `trusted` is NEVER derived from a payload field.
|
|
7
|
+
*/
|
|
8
|
+
export function resolveProvenance(value) {
|
|
9
|
+
return value === CANONICAL_TRUSTED ? 'trusted' : 'untrusted';
|
|
10
|
+
}
|
|
11
|
+
//# sourceMappingURL=actionProvenance.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"actionProvenance.js","sourceRoot":"","sources":["../../../../../src/modules/review-execution/entities/actionProvenance/actionProvenance.ts"],"names":[],"mappings":"AAEA,MAAM,iBAAiB,GAAG,SAAS,CAAA;AAEnC;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAc;IAC9C,OAAO,KAAK,KAAK,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAA;AAC9D,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
export interface ThreadInventoryPage {
|
|
2
|
+
page: number;
|
|
3
|
+
totalPages: number;
|
|
4
|
+
threadIds: string[];
|
|
5
|
+
}
|
|
6
|
+
/**
|
|
7
|
+
* Authenticated, page-by-page access to the current MR's thread inventory.
|
|
8
|
+
* Each page carries its own `totalPages` so the resolver can prove completeness.
|
|
9
|
+
*/
|
|
10
|
+
export interface ThreadInventoryGateway {
|
|
11
|
+
fetchPage(projectPath: string, mergeRequestNumber: number, page: number): ThreadInventoryPage;
|
|
12
|
+
}
|
|
13
|
+
//# sourceMappingURL=threadInventory.gateway.d.ts.map
|
package/dist/modules/review-execution/entities/threadInventory/threadInventory.gateway.d.ts.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"threadInventory.gateway.d.ts","sourceRoot":"","sources":["../../../../../src/modules/review-execution/entities/threadInventory/threadInventory.gateway.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAA;IACZ,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,EAAE,CAAA;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,mBAAmB,CAAA;CAC9F"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"threadInventory.gateway.js","sourceRoot":"","sources":["../../../../../src/modules/review-execution/entities/threadInventory/threadInventory.gateway.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import type { ThreadInventoryGateway, ThreadInventoryPage } from '../../../../modules/review-execution/entities/threadInventory/threadInventory.gateway.js';
|
|
2
|
+
export type CommandExecutor = (command: string) => string;
|
|
3
|
+
/**
|
|
4
|
+
* Authenticated GitLab Threads (discussions) inventory access.
|
|
5
|
+
*
|
|
6
|
+
* Issues `glab api -i` so the response carries the `X-Total-Pages` header used by the
|
|
7
|
+
* resolver to prove pagination completeness (complete-or-empty, fail-closed).
|
|
8
|
+
*/
|
|
9
|
+
export declare class GitLabThreadInventoryGateway implements ThreadInventoryGateway {
|
|
10
|
+
private readonly executor;
|
|
11
|
+
constructor(executor: CommandExecutor);
|
|
12
|
+
fetchPage(projectPath: string, mergeRequestNumber: number, page: number): ThreadInventoryPage;
|
|
13
|
+
}
|
|
14
|
+
//# sourceMappingURL=threadInventory.gitlab.gateway.d.ts.map
|