sandstream-kit 1.5.0 → 1.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +26 -0
- package/dist/bumblebee.js +23 -7
- package/dist/bumblebee.js.map +1 -1
- package/dist/cli.js +97 -7
- package/dist/cli.js.map +1 -1
- package/dist/config.d.ts +5 -0
- package/dist/config.js +7 -1
- package/dist/config.js.map +1 -1
- package/dist/findings-track.d.ts +23 -0
- package/dist/findings-track.js +45 -0
- package/dist/findings-track.js.map +1 -0
- package/dist/heal.d.ts +53 -0
- package/dist/heal.js +119 -0
- package/dist/heal.js.map +1 -0
- package/dist/memory/db.d.ts +10 -0
- package/dist/memory/db.js +17 -1
- package/dist/memory/db.js.map +1 -1
- package/dist/memory/pal.d.ts +28 -0
- package/dist/memory/pal.js +51 -1
- package/dist/memory/pal.js.map +1 -1
- package/dist/service-registry.d.ts +54 -0
- package/dist/service-registry.js +248 -0
- package/dist/service-registry.js.map +1 -0
- package/dist/stack-detector.js +176 -55
- package/dist/stack-detector.js.map +1 -1
- package/dist/toml-generator.d.ts +4 -0
- package/dist/toml-generator.js +55 -99
- package/dist/toml-generator.js.map +1 -1
- package/dist/vault-meta.d.ts +7 -0
- package/dist/vault-meta.js +13 -0
- package/dist/vault-meta.js.map +1 -1
- package/package.json +2 -1
package/dist/config.d.ts
CHANGED
|
@@ -259,6 +259,11 @@ export interface kitConfig {
|
|
|
259
259
|
mcp?: McpConfig;
|
|
260
260
|
/** Agent-write pre-approval policy. See PolicyConfig + src/policy.ts. */
|
|
261
261
|
policy?: PolicyConfig;
|
|
262
|
+
/** Memory/PAL behavior. `track_findings` (default true): auto-track `kit check`
|
|
263
|
+
* findings as PAL items for cross-session reminders + auto-close on re-scan. */
|
|
264
|
+
memory?: {
|
|
265
|
+
track_findings?: boolean;
|
|
266
|
+
};
|
|
262
267
|
}
|
|
263
268
|
/**
|
|
264
269
|
* Detect the active environment name from CLI args, env vars, or NODE_ENV.
|
package/dist/config.js
CHANGED
|
@@ -160,7 +160,7 @@ const WebConfigSchema = z
|
|
|
160
160
|
.optional();
|
|
161
161
|
// Known top-level section names — used to detect typos
|
|
162
162
|
const KNOWN_SECTIONS = new Set([
|
|
163
|
-
"tools", "services", "secrets", "skills", "governance", "hooks", "web", "setup", "env", "context",
|
|
163
|
+
"tools", "services", "secrets", "skills", "governance", "hooks", "web", "setup", "env", "context", "memory",
|
|
164
164
|
]);
|
|
165
165
|
const kitConfigSchema = z
|
|
166
166
|
.object({
|
|
@@ -204,6 +204,12 @@ const kitConfigSchema = z
|
|
|
204
204
|
})
|
|
205
205
|
.passthrough()
|
|
206
206
|
.optional(),
|
|
207
|
+
memory: z
|
|
208
|
+
.object({
|
|
209
|
+
track_findings: z.boolean().optional(),
|
|
210
|
+
})
|
|
211
|
+
.passthrough()
|
|
212
|
+
.optional(),
|
|
207
213
|
})
|
|
208
214
|
.passthrough(); // allow unknown top-level keys (warn, not error)
|
|
209
215
|
/**
|
package/dist/config.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AA0SxB,gFAAgF;AAChF,4EAA4E;AAC5E,oEAAoE;AAEpE,MAAM,qBAAqB,GAAG,CAAC;KAC5B,MAAM,CAAC;IACN,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC;QACb,WAAW;QACX,KAAK;QACL,KAAK;QACL,QAAQ;QACR,SAAS;QACT,WAAW;QACX,WAAW;QACX,SAAS;QACT,OAAO;QACP,QAAQ;QACR,QAAQ;QACR,UAAU;KACX,CAAC;IACF,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC;KACD,WAAW,EAAE,CAAC;AAEjB,MAAM,mBAAmB,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,KAAK,EAAE,CAAC;SACL,IAAI,CAAC;QACJ,WAAW;QACX,WAAW;QACX,KAAK;QACL,SAAS;QACT,SAAS;QACT,WAAW;QACX,OAAO;QACP,QAAQ;QACR,QAAQ;QACR,UAAU;KACX,CAAC;SACD,QAAQ,EAAE;IACb,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,qBAAqB,CAAC,CAAC,QAAQ,EAAE;IAC5D,SAAS,EAAE,CAAC;SACT,MAAM,CAAC;QACN,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACjC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC5B,CAAC;SACD,WAAW,EAAE;SACb,QAAQ,EAAE;CACd,CAAC;KACD,WAAW,EAAE,CAAC;AAEjB,MAAM,mBAAmB,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B;mFAC+E;IAC/E,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC7D,CAAC;KACD,WAAW,EAAE,CAAC;AAEjB,MAAM,kBAAkB,GAAG,CAAC;KACzB,MAAM,CAAC;IACN,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACrD,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACtD,CAAC;KACD,WAAW,EAAE,CAAC;AAEjB,MAAM,sBAAsB,GAAG,CAAC;KAC7B,MAAM,CAAC;IACN,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC/B,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1D,MAAM,EAAE,CAAC;SACN,MAAM,CAAC;QACN,GAAG,EAAE,CAAC;aACH,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;aACtE,WAAW,EAAE;aACb,QAAQ,EAAE;QACb,OAAO,EAAE,CAAC;aACP,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;aACtE,WAAW,EAAE;aACb,QAAQ,EAAE;QACb,IAAI,EAAE,CAAC;aACJ,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;aACtE,WAAW,EAAE;aACb,QAAQ,EAAE;KACd,CAAC;SACD,WAAW,EAAE;SACb,QAAQ,EAAE;IACb,KAAK,EAAE,CAAC;SACL,MAAM,CAAC;QACN,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACzB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC3B,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACzC,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC/C,CAAC;SACD,WAAW,EAAE;SACb,QAAQ,EAAE;IACb,KAAK,EAAE,CAAC;SACL,MAAM,CAAC;QACN,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QAC/B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC/B,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;QAChE,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;KACxC,CAAC;SACD,WAAW,EAAE;SACb,QAAQ,EAAE;IACb,QAAQ,EAAE,CAAC;SACR,MAAM,CAAC;QACN,sBAAsB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACtD,iBAAiB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QACzC,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QACxC,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACxC,CAAC;SACD,WAAW,EAAE;SACb,QAAQ,EAAE;IACb,OAAO,EAAE,CAAC;SACP,MAAM,CAAC;QACN,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QACxC,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC9C,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QACxC,uBAAuB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;KAChD,CAAC;SACD,WAAW,EAAE;SACb,QAAQ,EAAE;IACb,UAAU,EAAE,CAAC;SACV,MAAM,CAAC;QACN,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QAC/B,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACrC,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC3C,CAAC;SACD,WAAW,EAAE;SACb,QAAQ,EAAE;CACd,CAAC;KACD,WAAW,EAAE,CAAC;AAEjB,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;AAE1F,MAAM,eAAe,GAAG,CAAC;KACtB,MAAM,CAAC;IACN,MAAM,EAAE,CAAC;SACN,MAAM,CAAC;QACN,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE;QACrE,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC1B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC7B,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC1B,CAAC;SACD,WAAW,EAAE;SACb,QAAQ,EAAE;CACd,CAAC;KACD,WAAW,EAAE;KACb,QAAQ,EAAE,CAAC;AAEd,uDAAuD;AACvD,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ;CAC5G,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,CAAC;KACtB,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAClD,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,mBAAmB,CAAC,CAAC,QAAQ,EAAE;IAC9D,OAAO,EAAE,mBAAmB,CAAC,QAAQ,EAAE;IACvC,MAAM,EAAE,kBAAkB,CAAC,QAAQ,EAAE;IACrC,UAAU,EAAE,sBAAsB,CAAC,QAAQ,EAAE;IAC7C,KAAK,EAAE,iBAAiB;IACxB,OAAO,EAAE,CAAC;SACP,MAAM,CAAC;QACN,MAAM,EAAE,CAAC;aACN,MAAM,CAAC;YACN,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC9B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC9B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;YAC7B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SAC9B,CAAC;aACD,WAAW,EAAE;aACb,QAAQ,EAAE;QACb,MAAM,EAAE,CAAC;aACN,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC;aACvE,WAAW,EAAE;aACb,QAAQ,EAAE;QACb,MAAM,EAAE,CAAC;aACN,MAAM,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC;aACrE,WAAW,EAAE;aACb,QAAQ,EAAE;QACb,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;QACxE,GAAG,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;KAC5E,CAAC;SACD,WAAW,EAAE;SACb,QAAQ,EAAE;IACb,GAAG,EAAE,eAAe;IACpB,KAAK,EAAE,CAAC;SACL,MAAM,CAAC;QACN,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC9B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC9B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC3B,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC9B,CAAC;SACD,WAAW,EAAE;SACb,QAAQ,EAAE;IACb,MAAM,EAAE,CAAC;SACN,MAAM,CAAC;QACN,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;KACvC,CAAC;SACD,WAAW,EAAE;SACb,QAAQ,EAAE;CACd,CAAC;KACD,WAAW,EAAE,CAAC,CAAC,iDAAiD;AAEnE;;GAEG;AACH,SAAS,sBAAsB,CAAC,MAAoB;IAClD,OAAO,MAAM;SACV,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QACb,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACrE,OAAO,OAAO,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;IACzC,CAAC,CAAC;SACD,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,wBAAwB,CAAC,UAAoB,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;IAChF,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;IACzD,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAEpC,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;IAEpD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IACrC,IAAI,OAAO,KAAK,YAAY;QAAE,OAAO,MAAM,CAAC;IAC5C,IAAI,OAAO,KAAK,aAAa;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE5B,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAAe,EAAE,QAAqB;IAC3E,OAAO;QACL,GAAG,IAAI;QACP,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK;QACnC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YACzB,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,GAAG,QAAQ,CAAC,QAAQ,EAAE;YACpD,CAAC,CAAC,IAAI,CAAC,QAAQ;QACjB,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO;QACzC,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM;QACtC,UAAU,EAAE,QAAQ,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU;KACnD,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAAY,EAAE,OAAgB;IAC7D,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,KAAK,CAAC,OAAO,CAA4B,CAAC;IAEtD,gFAAgF;IAChF,MAAM,MAAM,GAAG,eAAe,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE9C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,SAAS,GAAG,sBAAsB,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC9D,MAAM,IAAI,KAAK,CAAC,uBAAuB,SAAS,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,+EAA+E;IAC/E,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC,6BAA6B,GAAG,0BAA0B,CAAC,GAAG,cAAc,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5G,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAA4B,CAAC;IAEjD,wDAAwD;IACxD,MAAM,SAAS,GAAG,OAAO,IAAI,wBAAwB,EAAE,CAAC;IACxD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;IACvC,IAAI,QAAQ,IAAI,SAAS,KAAK,KAAK,EAAE,CAAC;QACpC,OAAO,sBAAsB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Bridge between security findings and the PAL ledger. Shared by `kit check`
|
|
3
|
+
* (tracks findings each run) and `kit heal` (re-scans + confirms healing via
|
|
4
|
+
* auto-close). Kept separate so neither command owns the mapping.
|
|
5
|
+
*/
|
|
6
|
+
import type { SecurityCheckResult } from "./check-security.js";
|
|
7
|
+
import type { SyncFinding } from "./memory/pal.js";
|
|
8
|
+
/** Findings worth acting on: fails always, warns only in security-relevant
|
|
9
|
+
* categories (not every warn — avoids ledger/heal noise). */
|
|
10
|
+
export declare function actionableFindings(results: SecurityCheckResult[]): SecurityCheckResult[];
|
|
11
|
+
/** Map a security finding to a short, actionable PAL item. `dedupKey` is stable
|
|
12
|
+
* across re-scans so the same finding maps to the same ledger row. */
|
|
13
|
+
export declare function securityFindingToSync(r: SecurityCheckResult): SyncFinding;
|
|
14
|
+
/**
|
|
15
|
+
* Sync security findings into the PAL ledger (track + auto-close cleared ones).
|
|
16
|
+
* Fail-open: returns the sync counts, or null if the store is unavailable —
|
|
17
|
+
* tracking must never break the calling command.
|
|
18
|
+
*/
|
|
19
|
+
export declare function syncSecurityFindings(results: SecurityCheckResult[]): Promise<{
|
|
20
|
+
added: number;
|
|
21
|
+
reopened: number;
|
|
22
|
+
closed: string[];
|
|
23
|
+
} | null>;
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
const TRACK_WARN = new Set(["secrets", "exposure", "supply-chain"]);
|
|
2
|
+
/** Findings worth acting on: fails always, warns only in security-relevant
|
|
3
|
+
* categories (not every warn — avoids ledger/heal noise). */
|
|
4
|
+
export function actionableFindings(results) {
|
|
5
|
+
return results.filter((r) => r.status === "fail" || (r.status === "warn" && TRACK_WARN.has(r.category)));
|
|
6
|
+
}
|
|
7
|
+
/** Map a security finding to a short, actionable PAL item. `dedupKey` is stable
|
|
8
|
+
* across re-scans so the same finding maps to the same ledger row. */
|
|
9
|
+
export function securityFindingToSync(r) {
|
|
10
|
+
const detail = [r.detail, r.suggestion ? `Fix: ${r.suggestion}` : null]
|
|
11
|
+
.filter(Boolean)
|
|
12
|
+
.join(" · ");
|
|
13
|
+
return {
|
|
14
|
+
dedupKey: `${r.category}:${r.name}`,
|
|
15
|
+
title: `${r.name}: ${r.status}`,
|
|
16
|
+
detail: detail || undefined,
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Sync security findings into the PAL ledger (track + auto-close cleared ones).
|
|
21
|
+
* Fail-open: returns the sync counts, or null if the store is unavailable —
|
|
22
|
+
* tracking must never break the calling command.
|
|
23
|
+
*/
|
|
24
|
+
export async function syncSecurityFindings(results) {
|
|
25
|
+
try {
|
|
26
|
+
const { openMemoryDb } = await import("./memory/db.js");
|
|
27
|
+
const { palSyncFindings } = await import("./memory/pal.js");
|
|
28
|
+
const { getCurrentProjectRoot } = await import("./memory/project.js");
|
|
29
|
+
const { basename } = await import("node:path");
|
|
30
|
+
const scope = basename(getCurrentProjectRoot());
|
|
31
|
+
const db = openMemoryDb();
|
|
32
|
+
try {
|
|
33
|
+
return palSyncFindings(db, "sec", actionableFindings(results).map(securityFindingToSync), {
|
|
34
|
+
scope,
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
finally {
|
|
38
|
+
db.close();
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
catch {
|
|
42
|
+
return null;
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
//# sourceMappingURL=findings-track.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"findings-track.js","sourceRoot":"","sources":["../src/findings-track.ts"],"names":[],"mappings":"AAQA,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,UAAU,EAAE,cAAc,CAAC,CAAC,CAAC;AAEpE;8DAC8D;AAC9D,MAAM,UAAU,kBAAkB,CAAC,OAA8B;IAC/D,OAAO,OAAO,CAAC,MAAM,CACnB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAClF,CAAC;AACJ,CAAC;AAED;uEACuE;AACvE,MAAM,UAAU,qBAAqB,CAAC,CAAsB;IAC1D,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SACpE,MAAM,CAAC,OAAO,CAAC;SACf,IAAI,CAAC,KAAK,CAAC,CAAC;IACf,OAAO;QACL,QAAQ,EAAE,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,EAAE;QACnC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,MAAM,EAAE;QAC/B,MAAM,EAAE,MAAM,IAAI,SAAS;KAC5B,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,OAA8B;IAE9B,IAAI,CAAC;QACH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;QACxD,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;QAC5D,MAAM,EAAE,qBAAqB,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QACtE,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QAC/C,MAAM,KAAK,GAAG,QAAQ,CAAC,qBAAqB,EAAE,CAAC,CAAC;QAChD,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,OAAO,eAAe,CAAC,EAAE,EAAE,KAAK,EAAE,kBAAkB,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,qBAAqB,CAAC,EAAE;gBACxF,KAAK;aACN,CAAC,CAAC;QACL,CAAC;gBAAS,CAAC;YACT,EAAE,CAAC,KAAK,EAAE,CAAC;QACb,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
|
package/dist/heal.d.ts
ADDED
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `kit heal` — bounded self-heal loop.
|
|
3
|
+
*
|
|
4
|
+
* Auto-applies the SAFE, deterministic, reversible fixes for `kit check`
|
|
5
|
+
* findings and re-scans until green, while two classes are deliberately NOT
|
|
6
|
+
* auto-healed:
|
|
7
|
+
* - GATED: destructive/outward fixes (secret rotation, history purge,
|
|
8
|
+
* propagate, `npm audit fix`). heal PROPOSES the exact command; the human
|
|
9
|
+
* or agent runs it, hitting the existing elevation gate + audit log. heal
|
|
10
|
+
* never calls elevation itself.
|
|
11
|
+
* - FAIL-CLOSED: a supply-chain checksum mismatch may be tampering, so heal
|
|
12
|
+
* refuses and alerts — auto-clearing+re-downloading would mask an attack.
|
|
13
|
+
*
|
|
14
|
+
* Zero-LLM: heal classifies + applies deterministic fixers and emits proposals.
|
|
15
|
+
* The `--agent` surface is just structured proposals for an external agent to
|
|
16
|
+
* run; no model is embedded.
|
|
17
|
+
*/
|
|
18
|
+
import { type SecurityCheckResult } from "./check-security.js";
|
|
19
|
+
export type HealClass = "safe" | "gated" | "fail-closed";
|
|
20
|
+
export interface GatedFinding {
|
|
21
|
+
name: string;
|
|
22
|
+
issue: string;
|
|
23
|
+
action: string;
|
|
24
|
+
}
|
|
25
|
+
export interface HealResult {
|
|
26
|
+
/** dedup keys (category:name) of findings that were auto-fixed and cleared. */
|
|
27
|
+
healed: string[];
|
|
28
|
+
/** findings heal proposes but will never auto-run (destructive/outward). */
|
|
29
|
+
gated: GatedFinding[];
|
|
30
|
+
/** tamper-suspect findings heal refuses to touch. */
|
|
31
|
+
failClosed: SecurityCheckResult[];
|
|
32
|
+
/** dry-run only: what WOULD be auto-fixed. */
|
|
33
|
+
plannedSafe: string[];
|
|
34
|
+
iterations: number;
|
|
35
|
+
}
|
|
36
|
+
/** A checksum/integrity mismatch is a tamper signal — never auto-healed. */
|
|
37
|
+
export declare function isFailClosed(r: SecurityCheckResult): boolean;
|
|
38
|
+
/**
|
|
39
|
+
* A SAFE, deterministic, reversible fixer for this finding, or null. Two
|
|
40
|
+
* recipes cover the common cases; anything unmatched stays gated/manual (safe
|
|
41
|
+
* default = don't auto-touch).
|
|
42
|
+
*/
|
|
43
|
+
export declare function safeRecipe(r: SecurityCheckResult): (() => Promise<void>) | null;
|
|
44
|
+
export declare function classify(r: SecurityCheckResult): HealClass;
|
|
45
|
+
/**
|
|
46
|
+
* Run the heal loop. Re-scans after each round of safe fixes; PAL auto-close
|
|
47
|
+
* confirms a finding cleared. Bounded by `maxIterations` and a no-progress
|
|
48
|
+
* guard (a safe fix that doesn't clear its finding is not retried).
|
|
49
|
+
*/
|
|
50
|
+
export declare function runHeal(opts?: {
|
|
51
|
+
dryRun?: boolean;
|
|
52
|
+
maxIterations?: number;
|
|
53
|
+
}): Promise<HealResult>;
|
package/dist/heal.js
ADDED
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `kit heal` — bounded self-heal loop.
|
|
3
|
+
*
|
|
4
|
+
* Auto-applies the SAFE, deterministic, reversible fixes for `kit check`
|
|
5
|
+
* findings and re-scans until green, while two classes are deliberately NOT
|
|
6
|
+
* auto-healed:
|
|
7
|
+
* - GATED: destructive/outward fixes (secret rotation, history purge,
|
|
8
|
+
* propagate, `npm audit fix`). heal PROPOSES the exact command; the human
|
|
9
|
+
* or agent runs it, hitting the existing elevation gate + audit log. heal
|
|
10
|
+
* never calls elevation itself.
|
|
11
|
+
* - FAIL-CLOSED: a supply-chain checksum mismatch may be tampering, so heal
|
|
12
|
+
* refuses and alerts — auto-clearing+re-downloading would mask an attack.
|
|
13
|
+
*
|
|
14
|
+
* Zero-LLM: heal classifies + applies deterministic fixers and emits proposals.
|
|
15
|
+
* The `--agent` surface is just structured proposals for an external agent to
|
|
16
|
+
* run; no model is embedded.
|
|
17
|
+
*/
|
|
18
|
+
import { checkSecurity } from "./check-security.js";
|
|
19
|
+
import { installTools } from "./install.js";
|
|
20
|
+
import { patchGitignore } from "./check-gitignore.js";
|
|
21
|
+
import { syncSecurityFindings, actionableFindings } from "./findings-track.js";
|
|
22
|
+
const dedupKey = (r) => `${r.category}:${r.name}`;
|
|
23
|
+
/** A checksum/integrity mismatch is a tamper signal — never auto-healed. */
|
|
24
|
+
export function isFailClosed(r) {
|
|
25
|
+
if (r.status !== "fail")
|
|
26
|
+
return false;
|
|
27
|
+
const s = `${r.detail} ${r.suggestion ?? ""}`.toLowerCase();
|
|
28
|
+
return s.includes("checksum mismatch") || s.includes("do not trust");
|
|
29
|
+
}
|
|
30
|
+
/**
|
|
31
|
+
* A SAFE, deterministic, reversible fixer for this finding, or null. Two
|
|
32
|
+
* recipes cover the common cases; anything unmatched stays gated/manual (safe
|
|
33
|
+
* default = don't auto-touch).
|
|
34
|
+
*/
|
|
35
|
+
export function safeRecipe(r) {
|
|
36
|
+
if (isFailClosed(r))
|
|
37
|
+
return null;
|
|
38
|
+
// A missing scanner/tool whose suggestion is `mise use <ref>` → install it.
|
|
39
|
+
const m = r.suggestion?.match(/mise use (\S+)/);
|
|
40
|
+
if (m) {
|
|
41
|
+
const ref = m[1];
|
|
42
|
+
return async () => {
|
|
43
|
+
await installTools({ [ref]: "latest" });
|
|
44
|
+
};
|
|
45
|
+
}
|
|
46
|
+
// A .gitignore missing a sensitive pattern → patch it (idempotent, reversible).
|
|
47
|
+
if (/gitignore/i.test(`${r.name} ${r.detail}`)) {
|
|
48
|
+
return async () => {
|
|
49
|
+
await patchGitignore();
|
|
50
|
+
};
|
|
51
|
+
}
|
|
52
|
+
return null;
|
|
53
|
+
}
|
|
54
|
+
export function classify(r) {
|
|
55
|
+
if (isFailClosed(r))
|
|
56
|
+
return "fail-closed";
|
|
57
|
+
return safeRecipe(r) ? "safe" : "gated";
|
|
58
|
+
}
|
|
59
|
+
function toGated(r) {
|
|
60
|
+
return { name: r.name, issue: r.detail, action: r.suggestion ?? "see `kit check`" };
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Run the heal loop. Re-scans after each round of safe fixes; PAL auto-close
|
|
64
|
+
* confirms a finding cleared. Bounded by `maxIterations` and a no-progress
|
|
65
|
+
* guard (a safe fix that doesn't clear its finding is not retried).
|
|
66
|
+
*/
|
|
67
|
+
export async function runHeal(opts = {}) {
|
|
68
|
+
const max = opts.maxIterations ?? 3;
|
|
69
|
+
const tried = new Set();
|
|
70
|
+
let gated = [];
|
|
71
|
+
let failClosed = [];
|
|
72
|
+
let plannedSafe = [];
|
|
73
|
+
let iterations = 0;
|
|
74
|
+
let appliedAny = false;
|
|
75
|
+
let lastResults = [];
|
|
76
|
+
for (let i = 0; i < max; i++) {
|
|
77
|
+
iterations = i + 1;
|
|
78
|
+
lastResults = await checkSecurity();
|
|
79
|
+
await syncSecurityFindings(lastResults); // track + auto-close (fail-open)
|
|
80
|
+
const actionable = actionableFindings(lastResults);
|
|
81
|
+
failClosed = actionable.filter(isFailClosed);
|
|
82
|
+
gated = actionable.filter((r) => classify(r) === "gated").map(toGated);
|
|
83
|
+
// Fail-closed findings are EXCLUDED from auto-heal (safeRecipe returns null
|
|
84
|
+
// for them) and surfaced loudly — but they don't block applying unrelated,
|
|
85
|
+
// integrity-independent safe fixes (e.g. patching .gitignore). The tamper-
|
|
86
|
+
// suspect binary is never trusted/run; halting everything on a flaky scanner
|
|
87
|
+
// checksum would make heal unusable.
|
|
88
|
+
const toApply = actionable.filter((r) => classify(r) === "safe" && !tried.has(dedupKey(r)));
|
|
89
|
+
if (toApply.length === 0)
|
|
90
|
+
break; // converged: nothing new to safely fix
|
|
91
|
+
if (opts.dryRun) {
|
|
92
|
+
plannedSafe = toApply.map(dedupKey);
|
|
93
|
+
break;
|
|
94
|
+
}
|
|
95
|
+
for (const r of toApply) {
|
|
96
|
+
tried.add(dedupKey(r));
|
|
97
|
+
try {
|
|
98
|
+
await safeRecipe(r)();
|
|
99
|
+
appliedAny = true;
|
|
100
|
+
}
|
|
101
|
+
catch {
|
|
102
|
+
// leave it — the next re-scan will still surface it
|
|
103
|
+
}
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
// Confirm the final state when we changed anything (loop applies then the next
|
|
107
|
+
// iteration scans; a final scan covers fixes applied in the last iteration).
|
|
108
|
+
if (appliedAny && !opts.dryRun) {
|
|
109
|
+
lastResults = await checkSecurity();
|
|
110
|
+
await syncSecurityFindings(lastResults);
|
|
111
|
+
const actionable = actionableFindings(lastResults);
|
|
112
|
+
failClosed = actionable.filter(isFailClosed);
|
|
113
|
+
gated = actionable.filter((r) => classify(r) === "gated").map(toGated);
|
|
114
|
+
}
|
|
115
|
+
const finalActionable = new Set(actionableFindings(lastResults).map(dedupKey));
|
|
116
|
+
const healed = [...tried].filter((k) => !finalActionable.has(k));
|
|
117
|
+
return { healed, gated, failClosed, plannedSafe, iterations };
|
|
118
|
+
}
|
|
119
|
+
//# sourceMappingURL=heal.js.map
|
package/dist/heal.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"heal.js","sourceRoot":"","sources":["../src/heal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,EAAE,aAAa,EAA4B,MAAM,qBAAqB,CAAC;AAC9E,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAsB/E,MAAM,QAAQ,GAAG,CAAC,CAAsB,EAAU,EAAE,CAAC,GAAG,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;AAE/E,4EAA4E;AAC5E,MAAM,UAAU,YAAY,CAAC,CAAsB;IACjD,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IACtC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,UAAU,IAAI,EAAE,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5D,OAAO,CAAC,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;AACvE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,UAAU,CAAC,CAAsB;IAC/C,IAAI,YAAY,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACjC,4EAA4E;IAC5E,MAAM,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAChD,IAAI,CAAC,EAAE,CAAC;QACN,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACjB,OAAO,KAAK,IAAI,EAAE;YAChB,MAAM,YAAY,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC1C,CAAC,CAAC;IACJ,CAAC;IACD,gFAAgF;IAChF,IAAI,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;QAC/C,OAAO,KAAK,IAAI,EAAE;YAChB,MAAM,cAAc,EAAE,CAAC;QACzB,CAAC,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,CAAsB;IAC7C,IAAI,YAAY,CAAC,CAAC,CAAC;QAAE,OAAO,aAAa,CAAC;IAC1C,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;AAC1C,CAAC;AAED,SAAS,OAAO,CAAC,CAAsB;IACrC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,UAAU,IAAI,iBAAiB,EAAE,CAAC;AACtF,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,OAAqD,EAAE;IACnF,MAAM,GAAG,GAAG,IAAI,CAAC,aAAa,IAAI,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,GAAG,EAAU,CAAC;IAChC,IAAI,KAAK,GAAmB,EAAE,CAAC;IAC/B,IAAI,UAAU,GAA0B,EAAE,CAAC;IAC3C,IAAI,WAAW,GAAa,EAAE,CAAC;IAC/B,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,IAAI,WAAW,GAA0B,EAAE,CAAC;IAE5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,UAAU,GAAG,CAAC,GAAG,CAAC,CAAC;QACnB,WAAW,GAAG,MAAM,aAAa,EAAE,CAAC;QACpC,MAAM,oBAAoB,CAAC,WAAW,CAAC,CAAC,CAAC,iCAAiC;QAE1E,MAAM,UAAU,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;QACnD,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC7C,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAEvE,4EAA4E;QAC5E,2EAA2E;QAC3E,2EAA2E;QAC3E,6EAA6E;QAC7E,qCAAqC;QACrC,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5F,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM,CAAC,uCAAuC;QAExE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACpC,MAAM;QACR,CAAC;QAED,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;YACxB,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YACvB,IAAI,CAAC;gBACH,MAAM,UAAU,CAAC,CAAC,CAAE,EAAE,CAAC;gBACvB,UAAU,GAAG,IAAI,CAAC;YACpB,CAAC;YAAC,MAAM,CAAC;gBACP,oDAAoD;YACtD,CAAC;QACH,CAAC;IACH,CAAC;IAED,+EAA+E;IAC/E,6EAA6E;IAC7E,IAAI,UAAU,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QAC/B,WAAW,GAAG,MAAM,aAAa,EAAE,CAAC;QACpC,MAAM,oBAAoB,CAAC,WAAW,CAAC,CAAC;QACxC,MAAM,UAAU,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;QACnD,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC7C,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/E,MAAM,MAAM,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;AAChE,CAAC"}
|
package/dist/memory/db.d.ts
CHANGED
|
@@ -40,6 +40,16 @@ export interface SearchOptions {
|
|
|
40
40
|
* Pass opts.projectPath to scope to one repo (relevance + blast-radius); omit it
|
|
41
41
|
* for cross-project ("--global") recall over the personal store.
|
|
42
42
|
*/
|
|
43
|
+
/**
|
|
44
|
+
* Turn a raw user query into a safe FTS5 MATCH expression. A raw string is
|
|
45
|
+
* otherwise parsed AS an FTS5 expression, so a hyphen, colon, quote, `*`, or a
|
|
46
|
+
* bare `AND`/`OR`/`NEAR` either crashes the query ("no such column: …") or acts
|
|
47
|
+
* as an unintended operator. We split on whitespace, quote each term (escaping
|
|
48
|
+
* embedded quotes by doubling them — the FTS5 string-literal rule), and
|
|
49
|
+
* prefix-match it; terms are joined by implicit AND. Returns "" for an
|
|
50
|
+
* empty/whitespace query so the caller can short-circuit.
|
|
51
|
+
*/
|
|
52
|
+
export declare function toFtsMatchQuery(raw: string): string;
|
|
43
53
|
export declare function searchMessages(db: DatabaseSync, query: string, opts?: SearchOptions): SearchHit[];
|
|
44
54
|
/**
|
|
45
55
|
* Most-recent messages by wall-clock time (newest first) — the basis for session
|
package/dist/memory/db.js
CHANGED
|
@@ -211,9 +211,25 @@ export function insertToolUse(db, t) {
|
|
|
211
211
|
* Pass opts.projectPath to scope to one repo (relevance + blast-radius); omit it
|
|
212
212
|
* for cross-project ("--global") recall over the personal store.
|
|
213
213
|
*/
|
|
214
|
+
/**
|
|
215
|
+
* Turn a raw user query into a safe FTS5 MATCH expression. A raw string is
|
|
216
|
+
* otherwise parsed AS an FTS5 expression, so a hyphen, colon, quote, `*`, or a
|
|
217
|
+
* bare `AND`/`OR`/`NEAR` either crashes the query ("no such column: …") or acts
|
|
218
|
+
* as an unintended operator. We split on whitespace, quote each term (escaping
|
|
219
|
+
* embedded quotes by doubling them — the FTS5 string-literal rule), and
|
|
220
|
+
* prefix-match it; terms are joined by implicit AND. Returns "" for an
|
|
221
|
+
* empty/whitespace query so the caller can short-circuit.
|
|
222
|
+
*/
|
|
223
|
+
export function toFtsMatchQuery(raw) {
|
|
224
|
+
const terms = raw.trim().split(/\s+/).filter(Boolean);
|
|
225
|
+
return terms.map((t) => `"${t.replace(/"/g, '""')}"*`).join(" ");
|
|
226
|
+
}
|
|
214
227
|
export function searchMessages(db, query, opts = {}) {
|
|
228
|
+
const match = toFtsMatchQuery(query);
|
|
229
|
+
if (!match)
|
|
230
|
+
return [];
|
|
215
231
|
const limit = opts.limit ?? 20;
|
|
216
|
-
const params = [
|
|
232
|
+
const params = [match];
|
|
217
233
|
let where = "messages_fts MATCH ?";
|
|
218
234
|
if (opts.projectPath) {
|
|
219
235
|
where += " AND (m.cwd = ? OR m.cwd LIKE ?)";
|
package/dist/memory/db.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"db.js","sourceRoot":"","sources":["../../src/memory/db.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AASrE,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC;AAEhC,MAAM,UAAU,YAAY;IAC1B,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,OAAO,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,WAAW,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,YAAY,EAAE,CAAC;IAC3B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,MAAM,UAAU,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2FlB,CAAC;AAEF,SAAS,YAAY,CACnB,EAAgB,EAChB,KAAa,EACb,MAAc,EACd,IAAY;IAEZ,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC,qBAAqB,KAAK,GAAG,CAAC,CAAC,GAAG,EAAwB,CAAC;IACnF,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,MAAM,CAAC,EAAE,CAAC;QAC7C,EAAE,CAAC,IAAI,CAAC,eAAe,KAAK,eAAe,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAED,SAAS,OAAO,CAAC,EAAgB;IAC/B,EAAE,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;IAC7E,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACpB,2EAA2E;IAC3E,6CAA6C;IAC7C,YAAY,CAAC,EAAE,EAAE,iBAAiB,EAAE,eAAe,EAAE,4BAA4B,CAAC,CAAC;IACnF,2EAA2E;IAC3E,6EAA6E;IAC7E,uBAAuB;IACvB,YAAY,CAAC,EAAE,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC;IAC5D,MAAM,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,yCAAyC,CAAC,CAAC,GAAG,EAExD,CAAC;IACd,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,EAAE,CAAC,OAAO,CAAC,6CAA6C,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAChF,CAAC;SAAM,IAAI,GAAG,CAAC,OAAO,GAAG,cAAc,EAAE,CAAC;QACxC,EAAE,CAAC,OAAO,CAAC,oCAAoC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,IAAa;IACxC,MAAM,MAAM,GAAG,IAAI,IAAI,eAAe,EAAE,CAAC;IACzC,IAAI,MAAM,KAAK,UAAU;QAAE,eAAe,EAAE,CAAC;IAC7C,MAAM,EAAE,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;IACpC,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IACrC,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IACtC,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IACrC,OAAO,CAAC,EAAE,CAAC,CAAC;IACZ,IAAI,MAAM,KAAK,UAAU,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC;YACH,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,2DAA2D;QAC7D,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,2FAA2F;AAC3F,MAAM,UAAU,aAAa,CAC3B,EAAgB,EAChB,IAAY,EACZ,OAAe,EACf,IAAY;IAEZ,OAAO,CAAC,CAAC,EAAE;SACR,OAAO,CAAC,uEAAuE,CAAC;SAChF,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,eAAe,CAC7B,EAAgB,EAChB,IAAY,EACZ,OAAe,EACf,IAAY;IAEZ,EAAE,CAAC,OAAO,CACR;;sHAEkH,CACnH,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,EAAgB,EAAE,CAAe;IAC7D,EAAE,CAAC,OAAO,CACR;;;;;;;0FAOsF,CACvF,CAAC,GAAG,CACH,CAAC,CAAC,SAAS,EACX,CAAC,CAAC,OAAO,EACT,CAAC,CAAC,OAAO,IAAI,IAAI,EACjB,CAAC,CAAC,cAAc,IAAI,IAAI,EACxB,CAAC,CAAC,aAAa,IAAI,IAAI,EACvB,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAC3B,CAAC;AACJ,CAAC;AAED,oFAAoF;AACpF,MAAM,UAAU,aAAa,CAAC,EAAgB,EAAE,CAAe;IAC7D,MAAM,GAAG,GAAG,EAAE;SACX,OAAO,CACN;;sDAEgD,CACjD;SACA,GAAG,CACF,CAAC,CAAC,IAAI,EACN,CAAC,CAAC,SAAS,EACX,CAAC,CAAC,UAAU,IAAI,IAAI,EACpB,CAAC,CAAC,IAAI,EACN,CAAC,CAAC,IAAI,IAAI,IAAI,EACd,CAAC,CAAC,OAAO,IAAI,IAAI,EACjB,CAAC,CAAC,KAAK,IAAI,IAAI,EACf,CAAC,CAAC,WAAW,IAAI,IAAI,EACrB,CAAC,CAAC,YAAY,IAAI,IAAI,EACtB,CAAC,CAAC,SAAS,IAAI,IAAI,EACnB,CAAC,CAAC,GAAG,IAAI,IAAI,EACb,CAAC,CAAC,SAAS,IAAI,IAAI,EACnB,CAAC,CAAC,OAAO,IAAI,IAAI,CAClB,CAAC;IACJ,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,EAAE,CAAC,OAAO,CACR,4EAA4E,CAC7E,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,EAAgB,EAAE,CAAe;IAC7D,EAAE,CAAC,OAAO,CACR;4BACwB,CACzB,CAAC,GAAG,CACH,CAAC,CAAC,WAAW,IAAI,IAAI,EACrB,CAAC,CAAC,SAAS,IAAI,IAAI,EACnB,CAAC,CAAC,QAAQ,EACV,CAAC,CAAC,SAAS,IAAI,IAAI,EACnB,CAAC,CAAC,SAAS,IAAI,IAAI,CACpB,CAAC;AACJ,CAAC;AAQD;;;;GAIG;AACH,MAAM,UAAU,cAAc,CAC5B,EAAgB,EAChB,KAAa,EACb,OAAsB,EAAE;IAExB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAwB,CAAC,KAAK,CAAC,CAAC;IAC5C,IAAI,KAAK,GAAG,sBAAsB,CAAC;IACnC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,KAAK,IAAI,kCAAkC,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnB,OAAO,EAAE;SACN,OAAO,CACN;;;;eAIS,KAAK;;eAEL,CACV;SACA,GAAG,CAAC,GAAG,MAAM,CAA2B,CAAC;AAC9C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,EAAgB,EAAE,OAAsB,EAAE;IACvE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAwB,EAAE,CAAC;IACvC,IAAI,KAAK,GAAG,uCAAuC,CAAC;IACpD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,KAAK,IAAI,8BAA8B,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnB,OAAO,EAAE;SACN,OAAO,CACN;;eAES,KAAK;;eAEL,CACV;SACA,GAAG,CAAC,GAAG,MAAM,CAA2B,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,EAAgB;IACvC,MAAM,KAAK,GAAG,CAAC,GAAW,EAAU,EAAE;QACpC,MAAM,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,EAA+B,CAAC;QAC7D,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC,CAAC;IACF,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,MAAM,KAAK,UAAU,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC;YACH,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,0CAA0C;QAC5C,CAAC;IACH,CAAC;IACD,MAAM,SAAS,GACb,EAAE;SACC,OAAO,CACN,2FAA2F,CAC5F;SACA,GAAG,EACP,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAE9D,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,oCAAoC,CAAC;QACrD,QAAQ,EAAE,KAAK,CAAC,oCAAoC,CAAC;QACrD,QAAQ,EAAE,KAAK,CAAC,qCAAqC,CAAC;QACtD,WAAW,EAAE,KAAK,CAChB,iEAAiE,CAClE;QACD,MAAM;QACN,SAAS;QACT,SAAS;KACV,CAAC;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"db.js","sourceRoot":"","sources":["../../src/memory/db.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AASrE,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC;AAEhC,MAAM,UAAU,YAAY;IAC1B,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,OAAO,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,WAAW,CAAC,CAAC;AACxE,CAAC;AAED,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,YAAY,EAAE,CAAC;IAC3B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,MAAM,UAAU,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2FlB,CAAC;AAEF,SAAS,YAAY,CACnB,EAAgB,EAChB,KAAa,EACb,MAAc,EACd,IAAY;IAEZ,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC,qBAAqB,KAAK,GAAG,CAAC,CAAC,GAAG,EAAwB,CAAC;IACnF,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,MAAM,CAAC,EAAE,CAAC;QAC7C,EAAE,CAAC,IAAI,CAAC,eAAe,KAAK,eAAe,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAED,SAAS,OAAO,CAAC,EAAgB;IAC/B,EAAE,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAC;IAC7E,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACpB,2EAA2E;IAC3E,6CAA6C;IAC7C,YAAY,CAAC,EAAE,EAAE,iBAAiB,EAAE,eAAe,EAAE,4BAA4B,CAAC,CAAC;IACnF,2EAA2E;IAC3E,6EAA6E;IAC7E,uBAAuB;IACvB,YAAY,CAAC,EAAE,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC;IAC5D,MAAM,GAAG,GAAG,EAAE,CAAC,OAAO,CAAC,yCAAyC,CAAC,CAAC,GAAG,EAExD,CAAC;IACd,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,EAAE,CAAC,OAAO,CAAC,6CAA6C,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAChF,CAAC;SAAM,IAAI,GAAG,CAAC,OAAO,GAAG,cAAc,EAAE,CAAC;QACxC,EAAE,CAAC,OAAO,CAAC,oCAAoC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,IAAa;IACxC,MAAM,MAAM,GAAG,IAAI,IAAI,eAAe,EAAE,CAAC;IACzC,IAAI,MAAM,KAAK,UAAU;QAAE,eAAe,EAAE,CAAC;IAC7C,MAAM,EAAE,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;IACpC,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IACrC,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC;IACtC,EAAE,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IACrC,OAAO,CAAC,EAAE,CAAC,CAAC;IACZ,IAAI,MAAM,KAAK,UAAU,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC;YACH,SAAS,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,2DAA2D;QAC7D,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,2FAA2F;AAC3F,MAAM,UAAU,aAAa,CAC3B,EAAgB,EAChB,IAAY,EACZ,OAAe,EACf,IAAY;IAEZ,OAAO,CAAC,CAAC,EAAE;SACR,OAAO,CAAC,uEAAuE,CAAC;SAChF,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AAC9B,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,eAAe,CAC7B,EAAgB,EAChB,IAAY,EACZ,OAAe,EACf,IAAY;IAEZ,EAAE,CAAC,OAAO,CACR;;sHAEkH,CACnH,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,EAAgB,EAAE,CAAe;IAC7D,EAAE,CAAC,OAAO,CACR;;;;;;;0FAOsF,CACvF,CAAC,GAAG,CACH,CAAC,CAAC,SAAS,EACX,CAAC,CAAC,OAAO,EACT,CAAC,CAAC,OAAO,IAAI,IAAI,EACjB,CAAC,CAAC,cAAc,IAAI,IAAI,EACxB,CAAC,CAAC,aAAa,IAAI,IAAI,EACvB,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAC3B,CAAC;AACJ,CAAC;AAED,oFAAoF;AACpF,MAAM,UAAU,aAAa,CAAC,EAAgB,EAAE,CAAe;IAC7D,MAAM,GAAG,GAAG,EAAE;SACX,OAAO,CACN;;sDAEgD,CACjD;SACA,GAAG,CACF,CAAC,CAAC,IAAI,EACN,CAAC,CAAC,SAAS,EACX,CAAC,CAAC,UAAU,IAAI,IAAI,EACpB,CAAC,CAAC,IAAI,EACN,CAAC,CAAC,IAAI,IAAI,IAAI,EACd,CAAC,CAAC,OAAO,IAAI,IAAI,EACjB,CAAC,CAAC,KAAK,IAAI,IAAI,EACf,CAAC,CAAC,WAAW,IAAI,IAAI,EACrB,CAAC,CAAC,YAAY,IAAI,IAAI,EACtB,CAAC,CAAC,SAAS,IAAI,IAAI,EACnB,CAAC,CAAC,GAAG,IAAI,IAAI,EACb,CAAC,CAAC,SAAS,IAAI,IAAI,EACnB,CAAC,CAAC,OAAO,IAAI,IAAI,CAClB,CAAC;IACJ,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,EAAE,CAAC,OAAO,CACR,4EAA4E,CAC7E,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,EAAgB,EAAE,CAAe;IAC7D,EAAE,CAAC,OAAO,CACR;4BACwB,CACzB,CAAC,GAAG,CACH,CAAC,CAAC,WAAW,IAAI,IAAI,EACrB,CAAC,CAAC,SAAS,IAAI,IAAI,EACnB,CAAC,CAAC,QAAQ,EACV,CAAC,CAAC,SAAS,IAAI,IAAI,EACnB,CAAC,CAAC,SAAS,IAAI,IAAI,CACpB,CAAC;AACJ,CAAC;AAQD;;;;GAIG;AACH;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACtD,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,EAAgB,EAChB,KAAa,EACb,OAAsB,EAAE;IAExB,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACrC,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAwB,CAAC,KAAK,CAAC,CAAC;IAC5C,IAAI,KAAK,GAAG,sBAAsB,CAAC;IACnC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,KAAK,IAAI,kCAAkC,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnB,OAAO,EAAE;SACN,OAAO,CACN;;;;eAIS,KAAK;;eAEL,CACV;SACA,GAAG,CAAC,GAAG,MAAM,CAA2B,CAAC;AAC9C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,EAAgB,EAAE,OAAsB,EAAE;IACvE,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAwB,EAAE,CAAC;IACvC,IAAI,KAAK,GAAG,uCAAuC,CAAC;IACpD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,KAAK,IAAI,8BAA8B,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,WAAW,IAAI,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnB,OAAO,EAAE;SACN,OAAO,CACN;;eAES,KAAK;;eAEL,CACV;SACA,GAAG,CAAC,GAAG,MAAM,CAA2B,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,EAAgB;IACvC,MAAM,KAAK,GAAG,CAAC,GAAW,EAAU,EAAE;QACpC,MAAM,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,EAA+B,CAAC;QAC7D,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7B,CAAC,CAAC;IACF,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,IAAI,SAAS,GAAG,CAAC,CAAC;IAClB,IAAI,MAAM,KAAK,UAAU,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC;YACH,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,0CAA0C;QAC5C,CAAC;IACH,CAAC;IACD,MAAM,SAAS,GACb,EAAE;SACC,OAAO,CACN,2FAA2F,CAC5F;SACA,GAAG,EACP,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAE9D,OAAO;QACL,QAAQ,EAAE,KAAK,CAAC,oCAAoC,CAAC;QACrD,QAAQ,EAAE,KAAK,CAAC,oCAAoC,CAAC;QACrD,QAAQ,EAAE,KAAK,CAAC,qCAAqC,CAAC;QACtD,WAAW,EAAE,KAAK,CAChB,iEAAiE,CAClE;QACD,MAAM;QACN,SAAS;QACT,SAAS;KACV,CAAC;AACJ,CAAC"}
|
package/dist/memory/pal.d.ts
CHANGED
|
@@ -46,6 +46,34 @@ export interface PalListOptions {
|
|
|
46
46
|
export declare function palList(db: DatabaseSync, opts?: PalListOptions): PendingAction[];
|
|
47
47
|
export declare function palDone(db: DatabaseSync, id: string): boolean;
|
|
48
48
|
export declare function palSnooze(db: DatabaseSync, id: string, days: number): boolean;
|
|
49
|
+
/** One scanner finding to track. `dedupKey` is stable per finding within its
|
|
50
|
+
* source (e.g. `category:name`), so re-scans map to the same ledger item. */
|
|
51
|
+
export interface SyncFinding {
|
|
52
|
+
dedupKey: string;
|
|
53
|
+
title: string;
|
|
54
|
+
detail?: string;
|
|
55
|
+
}
|
|
56
|
+
export interface SyncFindingsResult {
|
|
57
|
+
added: number;
|
|
58
|
+
reopened: number;
|
|
59
|
+
closed: string[];
|
|
60
|
+
}
|
|
61
|
+
/** Deterministic pal id for a finding: `${sourceTag}-${6 hex}`. The source tag
|
|
62
|
+
* prefix lets a per-source sync reconcile only its own items. */
|
|
63
|
+
export declare function findingPalId(sourceTag: string, dedupKey: string): string;
|
|
64
|
+
/**
|
|
65
|
+
* Sync a scanner's CURRENT findings into the ledger — the "track" layer.
|
|
66
|
+
*
|
|
67
|
+
* Each finding becomes an open `kind='finding'` item (deterministic id, so a
|
|
68
|
+
* re-scan is idempotent). An item that had cleared (closed) and now recurs is
|
|
69
|
+
* REOPENED; an open item whose finding the scan no longer reports is auto-CLOSED.
|
|
70
|
+
* Finding-presence IS the verify, so this needs no shell and no stored command —
|
|
71
|
+
* same security posture as the rest of PAL. Reconciliation is per source-tag and
|
|
72
|
+
* per scope, so a partial sync never touches another source's or repo's items.
|
|
73
|
+
*/
|
|
74
|
+
export declare function palSyncFindings(db: DatabaseSync, sourceTag: string, findings: SyncFinding[], opts?: {
|
|
75
|
+
scope?: string;
|
|
76
|
+
}): SyncFindingsResult;
|
|
49
77
|
export interface AutoVerifyResult {
|
|
50
78
|
checked: number;
|
|
51
79
|
closed: string[];
|
package/dist/memory/pal.js
CHANGED
|
@@ -15,7 +15,7 @@
|
|
|
15
15
|
* plant a command that detonates later in a more-trusted session. Fail-open /
|
|
16
16
|
* no-info aware.
|
|
17
17
|
*/
|
|
18
|
-
import { randomBytes } from "node:crypto";
|
|
18
|
+
import { randomBytes, createHash } from "node:crypto";
|
|
19
19
|
import { readFileSync, existsSync } from "node:fs";
|
|
20
20
|
import { homedir } from "node:os";
|
|
21
21
|
import { join } from "node:path";
|
|
@@ -59,6 +59,56 @@ export function palSnooze(db, id, days) {
|
|
|
59
59
|
.run(`+${d} days`, id);
|
|
60
60
|
return Number(res.changes) > 0;
|
|
61
61
|
}
|
|
62
|
+
/** Deterministic pal id for a finding: `${sourceTag}-${6 hex}`. The source tag
|
|
63
|
+
* prefix lets a per-source sync reconcile only its own items. */
|
|
64
|
+
export function findingPalId(sourceTag, dedupKey) {
|
|
65
|
+
const h = createHash("sha256").update(dedupKey).digest("hex").slice(0, 6);
|
|
66
|
+
return `${sourceTag}-${h}`;
|
|
67
|
+
}
|
|
68
|
+
/**
|
|
69
|
+
* Sync a scanner's CURRENT findings into the ledger — the "track" layer.
|
|
70
|
+
*
|
|
71
|
+
* Each finding becomes an open `kind='finding'` item (deterministic id, so a
|
|
72
|
+
* re-scan is idempotent). An item that had cleared (closed) and now recurs is
|
|
73
|
+
* REOPENED; an open item whose finding the scan no longer reports is auto-CLOSED.
|
|
74
|
+
* Finding-presence IS the verify, so this needs no shell and no stored command —
|
|
75
|
+
* same security posture as the rest of PAL. Reconciliation is per source-tag and
|
|
76
|
+
* per scope, so a partial sync never touches another source's or repo's items.
|
|
77
|
+
*/
|
|
78
|
+
export function palSyncFindings(db, sourceTag, findings, opts = {}) {
|
|
79
|
+
const scope = opts.scope ?? null;
|
|
80
|
+
const currentIds = new Set();
|
|
81
|
+
let added = 0;
|
|
82
|
+
let reopened = 0;
|
|
83
|
+
for (const f of findings) {
|
|
84
|
+
const id = findingPalId(sourceTag, f.dedupKey);
|
|
85
|
+
currentIds.add(id);
|
|
86
|
+
const existing = db.prepare("SELECT status FROM pending_actions WHERE id = ?").get(id);
|
|
87
|
+
if (!existing) {
|
|
88
|
+
db.prepare(`INSERT INTO pending_actions (id, status, title, detail, scope, kind)
|
|
89
|
+
VALUES (?, 'open', ?, ?, ?, 'finding')`).run(id, f.title, f.detail ?? null, scope);
|
|
90
|
+
added++;
|
|
91
|
+
}
|
|
92
|
+
else if (existing.status === "closed") {
|
|
93
|
+
db.prepare("UPDATE pending_actions SET status='open', closed_at=NULL, title=?, detail=? WHERE id=?").run(f.title, f.detail ?? null, id);
|
|
94
|
+
reopened++;
|
|
95
|
+
}
|
|
96
|
+
else {
|
|
97
|
+
// already open/snoozed — refresh the text so the reminder stays accurate
|
|
98
|
+
db.prepare("UPDATE pending_actions SET title=?, detail=? WHERE id=?").run(f.title, f.detail ?? null, id);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
// Auto-close findings of THIS source + scope that the scan no longer reports.
|
|
102
|
+
const open = db
|
|
103
|
+
.prepare("SELECT id FROM pending_actions WHERE kind='finding' AND status='open' AND id LIKE ? AND scope IS ?")
|
|
104
|
+
.all(`${sourceTag}-%`, scope);
|
|
105
|
+
const closed = [];
|
|
106
|
+
for (const row of open) {
|
|
107
|
+
if (!currentIds.has(row.id) && palDone(db, row.id))
|
|
108
|
+
closed.push(row.id);
|
|
109
|
+
}
|
|
110
|
+
return { added, reopened, closed };
|
|
111
|
+
}
|
|
62
112
|
/**
|
|
63
113
|
* Parse the stored JSON into a VerifyCheck, defensively. Only known shapes are
|
|
64
114
|
* accepted; anything malformed, unknown, or legacy returns null and is never
|
package/dist/memory/pal.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pal.js","sourceRoot":"","sources":["../../src/memory/pal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"pal.js","sourceRoot":"","sources":["../../src/memory/pal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAuCjC,SAAS,KAAK,CAAC,EAAgB;IAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7B,MAAM,EAAE,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,2BAA2B;QACtE,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,4CAA4C,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;YAAE,OAAO,EAAE,CAAC;IACnF,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,EAAgB,EAAE,KAAkB;IACzD,MAAM,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC;IACrB,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC7D,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACrE,EAAE,CAAC,OAAO,CACR;uCACmC,CACpC,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,IAAI,IAAI,EAAE,KAAK,CAAC,KAAK,IAAI,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;IACrF,OAAO,EAAE,CAAC;AACZ,CAAC;AAQD,MAAM,UAAU,OAAO,CAAC,EAAgB,EAAE,OAAuB,EAAE;IACjE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC;IACrC,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC7B,OAAO,EAAE;aACN,OAAO,CACN,yGAAyG,CAC1G;aACA,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAA+B,CAAC;IAC3D,CAAC;IACD,OAAO,EAAE;SACN,OAAO,CAAC,wEAAwE,CAAC;SACjF,GAAG,CAAC,MAAM,CAA+B,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,EAAgB,EAAE,EAAU;IAClD,MAAM,GAAG,GAAG,EAAE;SACX,OAAO,CACN,uGAAuG,CACxG;SACA,GAAG,CAAC,EAAE,CAAC,CAAC;IACX,OAAO,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,EAAgB,EAAE,EAAU,EAAE,IAAY;IAClE,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,EAAE;SACX,OAAO,CACN,yFAAyF,CAC1F;SACA,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IACzB,OAAO,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;AACjC,CAAC;AAgBD;kEACkE;AAClE,MAAM,UAAU,YAAY,CAAC,SAAiB,EAAE,QAAgB;IAC9D,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1E,OAAO,GAAG,SAAS,IAAI,CAAC,EAAE,CAAC;AAC7B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,EAAgB,EAChB,SAAiB,EACjB,QAAuB,EACvB,OAA2B,EAAE;IAE7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC;IACjC,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,QAAQ,GAAG,CAAC,CAAC;IAEjB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;QACzB,MAAM,EAAE,GAAG,YAAY,CAAC,SAAS,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC/C,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACnB,MAAM,QAAQ,GAAG,EAAE,CAAC,OAAO,CAAC,iDAAiD,CAAC,CAAC,GAAG,CAAC,EAAE,CAExE,CAAC;QACd,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,EAAE,CAAC,OAAO,CACR;gDACwC,CACzC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,MAAM,IAAI,IAAI,EAAE,KAAK,CAAC,CAAC;YAC5C,KAAK,EAAE,CAAC;QACV,CAAC;aAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACxC,EAAE,CAAC,OAAO,CACR,wFAAwF,CACzF,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,MAAM,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;YACrC,QAAQ,EAAE,CAAC;QACb,CAAC;aAAM,CAAC;YACN,yEAAyE;YACzE,EAAE,CAAC,OAAO,CAAC,yDAAyD,CAAC,CAAC,GAAG,CACvE,CAAC,CAAC,KAAK,EACP,CAAC,CAAC,MAAM,IAAI,IAAI,EAChB,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,MAAM,IAAI,GAAG,EAAE;SACZ,OAAO,CACN,oGAAoG,CACrG;SACA,GAAG,CAAC,GAAG,SAAS,IAAI,EAAE,KAAK,CAAqB,CAAC;IACpD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;AACrC,CAAC;AAED;;;;GAIG;AACH,SAAS,UAAU,CAAC,IAAmB;IACrC,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,IAAI,GAAY,CAAC;IACjB,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACjD,MAAM,CAAC,GAAG,GAA8B,CAAC;IACzC,IAAI,CAAC,CAAC,IAAI,KAAK,aAAa,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC3D,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/C,CAAC;IACD,IAAI,CAAC,CAAC,IAAI,KAAK,aAAa,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC1F,OAAO,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;IAC/D,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,QAAQ,CAAC,KAAkB;IACxC,IAAI,CAAC;QACH,IAAI,KAAK,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;YACjC,OAAO,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QACD,6EAA6E;QAC7E,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,CAAC;QAC3D,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;YACtF,OAAO,GAAG,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,CAAC;QACrC,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC,CAAC,wCAAwC;IACvD,CAAC;AACH,CAAC;AAQD;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,EAAgB,EAChB,aAAa,GAAG,CAAC;IAEjB,MAAM,GAAG,GAAqB,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACvE,MAAM,IAAI,GAAG,EAAE;SACZ,OAAO,CACN,8GAA8G,CAC/G;SACA,GAAG,EAAgC,CAAC;IACvC,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QACzC,IAAI,CAAC,KAAK;YAAE,SAAS,CAAC,mDAAmD;QACzE,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;QACrC,IAAI,MAAM,KAAK,IAAI;YAAE,SAAS,CAAC,UAAU;QACzC,GAAG,CAAC,OAAO,EAAE,CAAC;QACd,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACxB,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,MAAM,GAAG,CAAC,CAAC,aAAa,GAAG,CAAC,CAAC;gBACnC,IAAI,MAAM,IAAI,aAAa,EAAE,CAAC;oBAC5B,EAAE,CAAC,OAAO,CACR,mGAAmG,CACpG,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;oBACpB,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACxB,CAAC;qBAAM,CAAC;oBACN,EAAE,CAAC,OAAO,CAAC,uDAAuD,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;gBACxF,CAAC;YACH,CAAC;iBAAM,IAAI,CAAC,CAAC,aAAa,KAAK,CAAC,EAAE,CAAC;gBACjC,EAAE,CAAC,OAAO,CAAC,uDAAuD,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAChF,CAAC;QACH,CAAC;aAAM,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;YAC5C,EAAE,CAAC,OAAO,CACR,sFAAsF,CACvF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACZ,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,iFAAiF;AAEjF,MAAM,UAAU,mBAAmB;IACjC,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,CAAC,CAAC;AACzF,CAAC;AAcD,4FAA4F;AAC5F,MAAM,UAAU,kBAAkB,CAChC,EAAgB,EAChB,OAAe,mBAAmB,EAAE;IAEpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAC9C,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IACzB,CAAC;IACD,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CACvB;;2CAEuC,CACxC,CAAC;IACF,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACtB,IAAI,CAAC,CAAC;YAAE,SAAS;QACjB,IAAI,CAAc,CAAC;QACnB,IAAI,CAAC;YACH,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAgB,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;QACD,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,KAAK;YAAE,SAAS;QAChC,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,IAAI,MAAM,CAAC,CAAC;QACrE,4EAA4E;QAC5E,yEAAyE;QACzE,sEAAsE;QACtE,4EAA4E;QAC5E,yEAAyE;QACzE,0EAA0E;QAC1E,aAAa;QACb,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CACpB,CAAC,CAAC,EAAE,EACJ,MAAM,EACN,CAAC,CAAC,KAAK,EACP,CAAC,CAAC,GAAG,IAAI,IAAI,EACb,CAAC,CAAC,IAAI,IAAI,IAAI,EACd,QAAQ,EACR,IAAI,EACJ,CAAC,CAAC,EAAE,IAAI,IAAI,EACZ,CAAC,CAAC,UAAU,IAAI,IAAI,EACpB,CAAC,CAAC,WAAW,IAAI,CAAC,CACnB,CAAC;QACF,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;YAAE,QAAQ,EAAE,CAAC;IAC1C,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,CAAC;AACtB,CAAC"}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Single source of truth for the services kit detects and wires up.
|
|
3
|
+
*
|
|
4
|
+
* This unifies two tables that used to live apart and drift: the detection
|
|
5
|
+
* table (which deps/files mean "this repo uses X") in stack-detector.ts, and the
|
|
6
|
+
* generation table (X's login/check/secret-keys/tool) in toml-generator.ts.
|
|
7
|
+
* Keeping them as one `ServiceDef` per service means:
|
|
8
|
+
* - adding a service (or a whole new DB/BaaS) is ONE data entry, not edits to
|
|
9
|
+
* two files that must be kept in sync;
|
|
10
|
+
* - detection is language-agnostic: a Python or Go repo that uses Stripe now
|
|
11
|
+
* gets `services: ["stripe"]` (the per-language detectors used to hardcode
|
|
12
|
+
* `services: []`, so the whole secret/login layer was Node-only).
|
|
13
|
+
*
|
|
14
|
+
* stack-detector.ts calls {@link detectServices}; toml-generator.ts reads
|
|
15
|
+
* {@link SERVICE_BY_ID}. Registry ORDER is detection + emit order — keep it
|
|
16
|
+
* stable (tests pin "supabase before stripe", and migrate precedence is
|
|
17
|
+
* "first detected service that declares a `migrate`", so supabase must precede
|
|
18
|
+
* prisma/drizzle here).
|
|
19
|
+
*/
|
|
20
|
+
export interface ServiceDef {
|
|
21
|
+
id: string;
|
|
22
|
+
/** node: exact package name in dependencies/devDependencies. */
|
|
23
|
+
deps?: string[];
|
|
24
|
+
/** python: substring matched (case-insensitive) in requirements.txt/pyproject.toml. */
|
|
25
|
+
pyDeps?: string[];
|
|
26
|
+
/** go: substring matched in go.mod (module path). */
|
|
27
|
+
goMods?: string[];
|
|
28
|
+
/** marker files/dirs, any language (checked relative to repo root). */
|
|
29
|
+
files?: string[];
|
|
30
|
+
/** login command, or a `#`-prefixed informational note when there's no CLI. */
|
|
31
|
+
login?: string;
|
|
32
|
+
/** verify command, or a `#`-prefixed informational note. */
|
|
33
|
+
check?: string;
|
|
34
|
+
/** env keys this service needs. */
|
|
35
|
+
secrets?: string[];
|
|
36
|
+
/** mise tool to add to [tools] when this service is present. */
|
|
37
|
+
tool?: string;
|
|
38
|
+
/** migrate command — first detected service that declares one wins (see setupSection). */
|
|
39
|
+
migrate?: string;
|
|
40
|
+
}
|
|
41
|
+
export declare const SERVICE_REGISTRY: ServiceDef[];
|
|
42
|
+
/** Lookup by service id, for the generator. */
|
|
43
|
+
export declare const SERVICE_BY_ID: Record<string, ServiceDef>;
|
|
44
|
+
/**
|
|
45
|
+
* Detect which services a repo uses, language-agnostically. Returns ids in
|
|
46
|
+
* registry order. `fileExists` is repo-root-relative so each language detector
|
|
47
|
+
* can pass its own cwd-bound checker.
|
|
48
|
+
*/
|
|
49
|
+
export declare function detectServices(signals: {
|
|
50
|
+
deps?: string[];
|
|
51
|
+
pyText?: string;
|
|
52
|
+
goMod?: string;
|
|
53
|
+
fileExists: (relPath: string) => Promise<boolean>;
|
|
54
|
+
}): Promise<string[]>;
|