sentinelayer-cli 0.1.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (127) hide show
  1. package/README.md +996 -996
  2. package/bin/create-sentinelayer.js +5 -5
  3. package/bin/sentinelayer-cli.js +4 -4
  4. package/bin/sl.js +5 -5
  5. package/package.json +62 -54
  6. package/src/agents/jules/config/definition.js +209 -209
  7. package/src/agents/jules/config/system-prompt.js +175 -175
  8. package/src/agents/jules/error-intake.js +51 -51
  9. package/src/agents/jules/fix-cycle.js +377 -377
  10. package/src/agents/jules/loop.js +367 -367
  11. package/src/agents/jules/pulse.js +319 -319
  12. package/src/agents/jules/stream.js +186 -186
  13. package/src/agents/jules/swarm/file-scanner.js +74 -74
  14. package/src/agents/jules/swarm/index.js +11 -11
  15. package/src/agents/jules/swarm/orchestrator.js +362 -362
  16. package/src/agents/jules/swarm/pattern-hunter.js +123 -123
  17. package/src/agents/jules/swarm/sub-agent.js +308 -308
  18. package/src/agents/jules/tools/auth-audit.js +226 -222
  19. package/src/agents/jules/tools/dispatch.js +327 -327
  20. package/src/agents/jules/tools/file-edit.js +180 -180
  21. package/src/agents/jules/tools/file-read.js +100 -100
  22. package/src/agents/jules/tools/frontend-analyze.js +570 -570
  23. package/src/agents/jules/tools/glob.js +168 -168
  24. package/src/agents/jules/tools/grep.js +228 -228
  25. package/src/agents/jules/tools/index.js +29 -29
  26. package/src/agents/jules/tools/path-guards.js +161 -161
  27. package/src/agents/jules/tools/runtime-audit.js +493 -493
  28. package/src/agents/jules/tools/shell.js +383 -383
  29. package/src/ai/aidenid.js +972 -945
  30. package/src/ai/client.js +508 -508
  31. package/src/ai/domain-target-store.js +268 -268
  32. package/src/ai/identity-store.js +270 -270
  33. package/src/ai/site-store.js +145 -145
  34. package/src/audit/agents/architecture.js +180 -180
  35. package/src/audit/agents/compliance.js +179 -179
  36. package/src/audit/agents/documentation.js +165 -165
  37. package/src/audit/agents/performance.js +145 -145
  38. package/src/audit/agents/security.js +215 -215
  39. package/src/audit/agents/testing.js +172 -172
  40. package/src/audit/orchestrator.js +557 -557
  41. package/src/audit/package.js +204 -204
  42. package/src/audit/registry.js +284 -284
  43. package/src/audit/replay.js +103 -103
  44. package/src/auth/http.js +113 -113
  45. package/src/auth/service.js +891 -848
  46. package/src/auth/session-store.js +359 -345
  47. package/src/cli.js +252 -252
  48. package/src/commands/ai/identity-lifecycle.js +1338 -1337
  49. package/src/commands/ai/provision-governance.js +1272 -1246
  50. package/src/commands/ai/shared.js +147 -147
  51. package/src/commands/ai.js +11 -11
  52. package/src/commands/apply.js +12 -12
  53. package/src/commands/audit.js +1166 -1166
  54. package/src/commands/auth.js +375 -366
  55. package/src/commands/chat.js +191 -191
  56. package/src/commands/config.js +184 -184
  57. package/src/commands/cost.js +311 -311
  58. package/src/commands/daemon/core.js +850 -850
  59. package/src/commands/daemon/extended.js +1048 -1048
  60. package/src/commands/daemon/shared.js +213 -213
  61. package/src/commands/daemon.js +11 -11
  62. package/src/commands/guide.js +174 -174
  63. package/src/commands/ingest.js +58 -58
  64. package/src/commands/init.js +55 -55
  65. package/src/commands/legacy-args.js +10 -10
  66. package/src/commands/mcp.js +461 -404
  67. package/src/commands/omargate.js +15 -15
  68. package/src/commands/persona.js +20 -20
  69. package/src/commands/plugin.js +260 -260
  70. package/src/commands/policy.js +132 -132
  71. package/src/commands/prompt.js +238 -238
  72. package/src/commands/review.js +704 -704
  73. package/src/commands/scan.js +866 -788
  74. package/src/commands/spec.js +716 -716
  75. package/src/commands/swarm.js +651 -651
  76. package/src/commands/telemetry.js +202 -202
  77. package/src/commands/watch.js +510 -510
  78. package/src/config/agent-dictionary.js +182 -182
  79. package/src/config/io.js +56 -56
  80. package/src/config/paths.js +18 -18
  81. package/src/config/schema.js +55 -55
  82. package/src/config/service.js +184 -184
  83. package/src/cost/budget.js +235 -235
  84. package/src/cost/history.js +188 -188
  85. package/src/cost/tracker.js +171 -171
  86. package/src/daemon/artifact-lineage.js +534 -534
  87. package/src/daemon/assignment-ledger.js +770 -770
  88. package/src/daemon/ast-parser-layer.js +258 -258
  89. package/src/daemon/budget-governor.js +633 -633
  90. package/src/daemon/callgraph-overlay.js +646 -646
  91. package/src/daemon/error-worker.js +626 -626
  92. package/src/daemon/hybrid-mapper.js +929 -929
  93. package/src/daemon/jira-lifecycle.js +632 -632
  94. package/src/daemon/operator-control.js +657 -657
  95. package/src/daemon/reliability-lane.js +471 -471
  96. package/src/daemon/watchdog.js +971 -971
  97. package/src/guide/generator.js +316 -316
  98. package/src/ingest/engine.js +918 -918
  99. package/src/legacy-cli.js +2548 -2435
  100. package/src/mcp/registry.js +695 -695
  101. package/src/memory/blackboard.js +301 -301
  102. package/src/memory/retrieval.js +581 -581
  103. package/src/plugin/manifest.js +553 -553
  104. package/src/policy/packs.js +144 -144
  105. package/src/prompt/generator.js +118 -106
  106. package/src/review/ai-review.js +669 -669
  107. package/src/review/local-review.js +1284 -1284
  108. package/src/review/replay.js +235 -235
  109. package/src/review/report.js +664 -664
  110. package/src/review/spec-binding.js +487 -487
  111. package/src/scaffold/generator.js +67 -0
  112. package/src/scaffold/templates.js +150 -0
  113. package/src/scan/generator.js +418 -351
  114. package/src/scan/gh-secrets.js +107 -0
  115. package/src/spec/generator.js +519 -519
  116. package/src/spec/regenerate.js +237 -237
  117. package/src/spec/templates.js +91 -91
  118. package/src/swarm/dashboard.js +247 -247
  119. package/src/swarm/factory.js +363 -363
  120. package/src/swarm/pentest.js +934 -934
  121. package/src/swarm/registry.js +419 -419
  122. package/src/swarm/report.js +158 -158
  123. package/src/swarm/runtime.js +576 -576
  124. package/src/swarm/scenario-dsl.js +272 -272
  125. package/src/telemetry/ledger.js +302 -302
  126. package/src/telemetry/sync.js +96 -59
  127. package/src/ui/markdown.js +220 -220
package/src/audit/registry.js CHANGED
@@ -1,284 +1,284 @@
1
- import fsp from "node:fs/promises";
2
- import path from "node:path";
3
-
4
- const BUILTIN_AUDIT_AGENTS = Object.freeze([
5
- {
6
- id: "security",
7
- persona: "Nina Patel",
8
- domain: "Security",
9
- tools: ["read", "grep", "dependency-audit"],
10
- permissionMode: "plan",
11
- maxTurns: 8,
12
- confidenceFloor: 0.85,
13
- evidenceRequirements: ["file_line_reference", "repro_steps"],
14
- escalationTargets: ["release", "architecture"],
15
- },
16
- {
17
- id: "architecture",
18
- persona: "Maya Volkov",
19
- domain: "Architecture",
20
- tools: ["read", "grep", "structure-map"],
21
- permissionMode: "plan",
22
- maxTurns: 8,
23
- confidenceFloor: 0.8,
24
- evidenceRequirements: ["component_map", "impact_summary"],
25
- escalationTargets: ["security", "performance"],
26
- },
27
- {
28
- id: "performance",
29
- persona: "Arjun Mehta",
30
- domain: "Performance",
31
- tools: ["read", "grep", "profiler-hints"],
32
- permissionMode: "plan",
33
- maxTurns: 6,
34
- confidenceFloor: 0.8,
35
- evidenceRequirements: ["latency_paths", "runtime_assumptions"],
36
- escalationTargets: ["architecture", "reliability"],
37
- },
38
- {
39
- id: "compliance",
40
- persona: "Leila Farouk",
41
- domain: "Compliance",
42
- tools: ["read", "grep", "control-map"],
43
- permissionMode: "plan",
44
- maxTurns: 6,
45
- confidenceFloor: 0.82,
46
- evidenceRequirements: ["control_refs", "evidence_paths"],
47
- escalationTargets: ["security", "release"],
48
- },
49
- {
50
- id: "frontend",
51
- persona: "Jules Tanaka",
52
- domain: "Frontend",
53
- tools: ["read", "grep", "ui-lint"],
54
- permissionMode: "plan",
55
- maxTurns: 6,
56
- confidenceFloor: 0.75,
57
- evidenceRequirements: ["component_paths", "repro_steps"],
58
- escalationTargets: ["testing", "security"],
59
- },
60
- {
61
- id: "data-layer",
62
- persona: "Linh Tran",
63
- domain: "Data Layer",
64
- tools: ["read", "grep", "query-review"],
65
- permissionMode: "plan",
66
- maxTurns: 6,
67
- confidenceFloor: 0.8,
68
- evidenceRequirements: ["query_paths", "risk_evidence"],
69
- escalationTargets: ["performance", "security"],
70
- },
71
- {
72
- id: "release",
73
- persona: "Omar Singh",
74
- domain: "Release Engineering",
75
- tools: ["read", "grep", "workflow-review"],
76
- permissionMode: "plan",
77
- maxTurns: 6,
78
- confidenceFloor: 0.8,
79
- evidenceRequirements: ["workflow_refs", "gate_matrix"],
80
- escalationTargets: ["security", "reliability"],
81
- },
82
- {
83
- id: "infrastructure",
84
- persona: "Kat Hughes",
85
- domain: "Infrastructure",
86
- tools: ["read", "grep", "infra-lint"],
87
- permissionMode: "plan",
88
- maxTurns: 6,
89
- confidenceFloor: 0.78,
90
- evidenceRequirements: ["infra_paths", "blast_radius"],
91
- escalationTargets: ["security", "reliability"],
92
- },
93
- {
94
- id: "reliability",
95
- persona: "Noah Ben-David",
96
- domain: "Reliability",
97
- tools: ["read", "grep", "test-runner"],
98
- permissionMode: "plan",
99
- maxTurns: 6,
100
- confidenceFloor: 0.78,
101
- evidenceRequirements: ["failure_modes", "rollback_plan"],
102
- escalationTargets: ["release", "observability"],
103
- },
104
- {
105
- id: "observability",
106
- persona: "Sofia Alvarez",
107
- domain: "Observability",
108
- tools: ["read", "grep", "telemetry-review"],
109
- permissionMode: "plan",
110
- maxTurns: 6,
111
- confidenceFloor: 0.75,
112
- evidenceRequirements: ["signal_inventory", "gaps"],
113
- escalationTargets: ["reliability", "release"],
114
- },
115
- {
116
- id: "testing",
117
- persona: "Priya Raman",
118
- domain: "Testing",
119
- tools: ["read", "grep", "test-runner"],
120
- permissionMode: "plan",
121
- maxTurns: 6,
122
- confidenceFloor: 0.8,
123
- evidenceRequirements: ["failing_paths", "coverage_gaps"],
124
- escalationTargets: ["frontend", "architecture"],
125
- },
126
- {
127
- id: "supply-chain",
128
- persona: "Nora Kline",
129
- domain: "Supply Chain",
130
- tools: ["read", "grep", "dependency-audit"],
131
- permissionMode: "plan",
132
- maxTurns: 6,
133
- confidenceFloor: 0.82,
134
- evidenceRequirements: ["dependency_refs", "version_risks"],
135
- escalationTargets: ["security", "release"],
136
- },
137
- {
138
- id: "code-quality",
139
- persona: "Ethan Park",
140
- domain: "Code Quality",
141
- tools: ["read", "grep", "lint-review"],
142
- permissionMode: "plan",
143
- maxTurns: 6,
144
- confidenceFloor: 0.75,
145
- evidenceRequirements: ["rule_hits", "refactor_candidates"],
146
- escalationTargets: ["architecture", "testing"],
147
- },
148
- {
149
- id: "documentation",
150
- persona: "Samir Okafor",
151
- domain: "Documentation",
152
- tools: ["read", "grep", "spec-check"],
153
- permissionMode: "plan",
154
- maxTurns: 4,
155
- confidenceFloor: 0.7,
156
- evidenceRequirements: ["doc_paths", "spec_mismatches"],
157
- escalationTargets: ["architecture", "release"],
158
- },
159
- {
160
- id: "ai-governance",
161
- persona: "Amina Chen",
162
- domain: "AI Governance",
163
- tools: ["read", "grep", "policy-check"],
164
- permissionMode: "plan",
165
- maxTurns: 6,
166
- confidenceFloor: 0.82,
167
- evidenceRequirements: ["budget_controls", "eval_refs"],
168
- escalationTargets: ["security", "reliability"],
169
- },
170
- ]);
171
-
172
- function normalizeString(value) {
173
- return String(value || "").trim();
174
- }
175
-
176
- function normalizeAgentId(value) {
177
- return normalizeString(value).toLowerCase();
178
- }
179
-
180
- function normalizeAgentRecord(record = {}) {
181
- return {
182
- id: normalizeAgentId(record.id),
183
- persona: normalizeString(record.persona),
184
- domain: normalizeString(record.domain),
185
- tools: Array.isArray(record.tools) ? record.tools.map((item) => normalizeString(item)).filter(Boolean) : [],
186
- permissionMode: normalizeString(record.permissionMode || "plan") || "plan",
187
- maxTurns: Math.max(1, Math.floor(Number(record.maxTurns || 1))),
188
- confidenceFloor: Math.max(0, Math.min(1, Number(record.confidenceFloor || 0))),
189
- evidenceRequirements: Array.isArray(record.evidenceRequirements)
190
- ? record.evidenceRequirements.map((item) => normalizeString(item)).filter(Boolean)
191
- : [],
192
- escalationTargets: Array.isArray(record.escalationTargets)
193
- ? record.escalationTargets.map((item) => normalizeAgentId(item)).filter(Boolean)
194
- : [],
195
- };
196
- }
197
-
198
- function mergeRegistry(builtinAgents = [], overrideAgents = []) {
199
- const byId = new Map();
200
- for (const builtin of builtinAgents) {
201
- byId.set(builtin.id, { ...builtin });
202
- }
203
- for (const override of overrideAgents) {
204
- const normalized = normalizeAgentRecord(override);
205
- if (!normalized.id) {
206
- continue;
207
- }
208
- const existing = byId.get(normalized.id) || {};
209
- byId.set(normalized.id, {
210
- ...existing,
211
- ...normalized,
212
- });
213
- }
214
- return [...byId.values()].sort((left, right) => left.id.localeCompare(right.id));
215
- }
216
-
217
- function parseAgentFilter(rawValue) {
218
- const normalized = normalizeString(rawValue);
219
- if (!normalized) {
220
- return [];
221
- }
222
- return [...new Set(normalized.split(",").map((item) => normalizeAgentId(item)).filter(Boolean))];
223
- }
224
-
225
- export function listBuiltinAuditAgents() {
226
- return BUILTIN_AUDIT_AGENTS.map((agent) => ({ ...agent }));
227
- }
228
-
229
- export async function loadAuditRegistry({ registryFile = "" } = {}) {
230
- const builtin = listBuiltinAuditAgents();
231
- const resolvedRegistryFile = normalizeString(registryFile)
232
- ? path.resolve(process.cwd(), registryFile)
233
- : "";
234
- if (!resolvedRegistryFile) {
235
- return {
236
- registrySource: "builtin",
237
- registryFile: "",
238
- agents: builtin,
239
- };
240
- }
241
-
242
- const raw = await fsp.readFile(resolvedRegistryFile, "utf-8");
243
- const parsed = JSON.parse(raw);
244
- if (!parsed || typeof parsed !== "object" || !Array.isArray(parsed.agents)) {
245
- throw new Error("Invalid audit registry file: expected { agents: [...] }.");
246
- }
247
-
248
- const merged = mergeRegistry(builtin, parsed.agents);
249
- return {
250
- registrySource: "custom",
251
- registryFile: resolvedRegistryFile,
252
- agents: merged,
253
- };
254
- }
255
-
256
- export function selectAuditAgents(agents = [], requested = "") {
257
- const requestedIds = parseAgentFilter(requested);
258
- if (requestedIds.length === 0) {
259
- return {
260
- selected: [...agents],
261
- requestedIds,
262
- missing: [],
263
- };
264
- }
265
-
266
- const byId = new Map(agents.map((agent) => [agent.id, agent]));
267
- const selected = [];
268
- const missing = [];
269
- for (const id of requestedIds) {
270
- const agent = byId.get(id);
271
- if (!agent) {
272
- missing.push(id);
273
- continue;
274
- }
275
- selected.push(agent);
276
- }
277
-
278
- return {
279
- selected,
280
- requestedIds,
281
- missing,
282
- };
283
- }
284
-
1
+ import fsp from "node:fs/promises";
2
+ import path from "node:path";
3
+
4
+ const BUILTIN_AUDIT_AGENTS = Object.freeze([
5
+ {
6
+ id: "security",
7
+ persona: "Nina Patel",
8
+ domain: "Security",
9
+ tools: ["read", "grep", "dependency-audit"],
10
+ permissionMode: "plan",
11
+ maxTurns: 8,
12
+ confidenceFloor: 0.85,
13
+ evidenceRequirements: ["file_line_reference", "repro_steps"],
14
+ escalationTargets: ["release", "architecture"],
15
+ },
16
+ {
17
+ id: "architecture",
18
+ persona: "Maya Volkov",
19
+ domain: "Architecture",
20
+ tools: ["read", "grep", "structure-map"],
21
+ permissionMode: "plan",
22
+ maxTurns: 8,
23
+ confidenceFloor: 0.8,
24
+ evidenceRequirements: ["component_map", "impact_summary"],
25
+ escalationTargets: ["security", "performance"],
26
+ },
27
+ {
28
+ id: "performance",
29
+ persona: "Arjun Mehta",
30
+ domain: "Performance",
31
+ tools: ["read", "grep", "profiler-hints"],
32
+ permissionMode: "plan",
33
+ maxTurns: 6,
34
+ confidenceFloor: 0.8,
35
+ evidenceRequirements: ["latency_paths", "runtime_assumptions"],
36
+ escalationTargets: ["architecture", "reliability"],
37
+ },
38
+ {
39
+ id: "compliance",
40
+ persona: "Leila Farouk",
41
+ domain: "Compliance",
42
+ tools: ["read", "grep", "control-map"],
43
+ permissionMode: "plan",
44
+ maxTurns: 6,
45
+ confidenceFloor: 0.82,
46
+ evidenceRequirements: ["control_refs", "evidence_paths"],
47
+ escalationTargets: ["security", "release"],
48
+ },
49
+ {
50
+ id: "frontend",
51
+ persona: "Jules Tanaka",
52
+ domain: "Frontend",
53
+ tools: ["read", "grep", "ui-lint"],
54
+ permissionMode: "plan",
55
+ maxTurns: 6,
56
+ confidenceFloor: 0.75,
57
+ evidenceRequirements: ["component_paths", "repro_steps"],
58
+ escalationTargets: ["testing", "security"],
59
+ },
60
+ {
61
+ id: "data-layer",
62
+ persona: "Linh Tran",
63
+ domain: "Data Layer",
64
+ tools: ["read", "grep", "query-review"],
65
+ permissionMode: "plan",
66
+ maxTurns: 6,
67
+ confidenceFloor: 0.8,
68
+ evidenceRequirements: ["query_paths", "risk_evidence"],
69
+ escalationTargets: ["performance", "security"],
70
+ },
71
+ {
72
+ id: "release",
73
+ persona: "Omar Singh",
74
+ domain: "Release Engineering",
75
+ tools: ["read", "grep", "workflow-review"],
76
+ permissionMode: "plan",
77
+ maxTurns: 6,
78
+ confidenceFloor: 0.8,
79
+ evidenceRequirements: ["workflow_refs", "gate_matrix"],
80
+ escalationTargets: ["security", "reliability"],
81
+ },
82
+ {
83
+ id: "infrastructure",
84
+ persona: "Kat Hughes",
85
+ domain: "Infrastructure",
86
+ tools: ["read", "grep", "infra-lint"],
87
+ permissionMode: "plan",
88
+ maxTurns: 6,
89
+ confidenceFloor: 0.78,
90
+ evidenceRequirements: ["infra_paths", "blast_radius"],
91
+ escalationTargets: ["security", "reliability"],
92
+ },
93
+ {
94
+ id: "reliability",
95
+ persona: "Noah Ben-David",
96
+ domain: "Reliability",
97
+ tools: ["read", "grep", "test-runner"],
98
+ permissionMode: "plan",
99
+ maxTurns: 6,
100
+ confidenceFloor: 0.78,
101
+ evidenceRequirements: ["failure_modes", "rollback_plan"],
102
+ escalationTargets: ["release", "observability"],
103
+ },
104
+ {
105
+ id: "observability",
106
+ persona: "Sofia Alvarez",
107
+ domain: "Observability",
108
+ tools: ["read", "grep", "telemetry-review"],
109
+ permissionMode: "plan",
110
+ maxTurns: 6,
111
+ confidenceFloor: 0.75,
112
+ evidenceRequirements: ["signal_inventory", "gaps"],
113
+ escalationTargets: ["reliability", "release"],
114
+ },
115
+ {
116
+ id: "testing",
117
+ persona: "Priya Raman",
118
+ domain: "Testing",
119
+ tools: ["read", "grep", "test-runner"],
120
+ permissionMode: "plan",
121
+ maxTurns: 6,
122
+ confidenceFloor: 0.8,
123
+ evidenceRequirements: ["failing_paths", "coverage_gaps"],
124
+ escalationTargets: ["frontend", "architecture"],
125
+ },
126
+ {
127
+ id: "supply-chain",
128
+ persona: "Nora Kline",
129
+ domain: "Supply Chain",
130
+ tools: ["read", "grep", "dependency-audit"],
131
+ permissionMode: "plan",
132
+ maxTurns: 6,
133
+ confidenceFloor: 0.82,
134
+ evidenceRequirements: ["dependency_refs", "version_risks"],
135
+ escalationTargets: ["security", "release"],
136
+ },
137
+ {
138
+ id: "code-quality",
139
+ persona: "Ethan Park",
140
+ domain: "Code Quality",
141
+ tools: ["read", "grep", "lint-review"],
142
+ permissionMode: "plan",
143
+ maxTurns: 6,
144
+ confidenceFloor: 0.75,
145
+ evidenceRequirements: ["rule_hits", "refactor_candidates"],
146
+ escalationTargets: ["architecture", "testing"],
147
+ },
148
+ {
149
+ id: "documentation",
150
+ persona: "Samir Okafor",
151
+ domain: "Documentation",
152
+ tools: ["read", "grep", "spec-check"],
153
+ permissionMode: "plan",
154
+ maxTurns: 4,
155
+ confidenceFloor: 0.7,
156
+ evidenceRequirements: ["doc_paths", "spec_mismatches"],
157
+ escalationTargets: ["architecture", "release"],
158
+ },
159
+ {
160
+ id: "ai-governance",
161
+ persona: "Amina Chen",
162
+ domain: "AI Governance",
163
+ tools: ["read", "grep", "policy-check"],
164
+ permissionMode: "plan",
165
+ maxTurns: 6,
166
+ confidenceFloor: 0.82,
167
+ evidenceRequirements: ["budget_controls", "eval_refs"],
168
+ escalationTargets: ["security", "reliability"],
169
+ },
170
+ ]);
171
+
172
+ function normalizeString(value) {
173
+ return String(value || "").trim();
174
+ }
175
+
176
+ function normalizeAgentId(value) {
177
+ return normalizeString(value).toLowerCase();
178
+ }
179
+
180
+ function normalizeAgentRecord(record = {}) {
181
+ return {
182
+ id: normalizeAgentId(record.id),
183
+ persona: normalizeString(record.persona),
184
+ domain: normalizeString(record.domain),
185
+ tools: Array.isArray(record.tools) ? record.tools.map((item) => normalizeString(item)).filter(Boolean) : [],
186
+ permissionMode: normalizeString(record.permissionMode || "plan") || "plan",
187
+ maxTurns: Math.max(1, Math.floor(Number(record.maxTurns || 1))),
188
+ confidenceFloor: Math.max(0, Math.min(1, Number(record.confidenceFloor || 0))),
189
+ evidenceRequirements: Array.isArray(record.evidenceRequirements)
190
+ ? record.evidenceRequirements.map((item) => normalizeString(item)).filter(Boolean)
191
+ : [],
192
+ escalationTargets: Array.isArray(record.escalationTargets)
193
+ ? record.escalationTargets.map((item) => normalizeAgentId(item)).filter(Boolean)
194
+ : [],
195
+ };
196
+ }
197
+
198
+ function mergeRegistry(builtinAgents = [], overrideAgents = []) {
199
+ const byId = new Map();
200
+ for (const builtin of builtinAgents) {
201
+ byId.set(builtin.id, { ...builtin });
202
+ }
203
+ for (const override of overrideAgents) {
204
+ const normalized = normalizeAgentRecord(override);
205
+ if (!normalized.id) {
206
+ continue;
207
+ }
208
+ const existing = byId.get(normalized.id) || {};
209
+ byId.set(normalized.id, {
210
+ ...existing,
211
+ ...normalized,
212
+ });
213
+ }
214
+ return [...byId.values()].sort((left, right) => left.id.localeCompare(right.id));
215
+ }
216
+
217
+ function parseAgentFilter(rawValue) {
218
+ const normalized = normalizeString(rawValue);
219
+ if (!normalized) {
220
+ return [];
221
+ }
222
+ return [...new Set(normalized.split(",").map((item) => normalizeAgentId(item)).filter(Boolean))];
223
+ }
224
+
225
+ export function listBuiltinAuditAgents() {
226
+ return BUILTIN_AUDIT_AGENTS.map((agent) => ({ ...agent }));
227
+ }
228
+
229
+ export async function loadAuditRegistry({ registryFile = "" } = {}) {
230
+ const builtin = listBuiltinAuditAgents();
231
+ const resolvedRegistryFile = normalizeString(registryFile)
232
+ ? path.resolve(process.cwd(), registryFile)
233
+ : "";
234
+ if (!resolvedRegistryFile) {
235
+ return {
236
+ registrySource: "builtin",
237
+ registryFile: "",
238
+ agents: builtin,
239
+ };
240
+ }
241
+
242
+ const raw = await fsp.readFile(resolvedRegistryFile, "utf-8");
243
+ const parsed = JSON.parse(raw);
244
+ if (!parsed || typeof parsed !== "object" || !Array.isArray(parsed.agents)) {
245
+ throw new Error("Invalid audit registry file: expected { agents: [...] }.");
246
+ }
247
+
248
+ const merged = mergeRegistry(builtin, parsed.agents);
249
+ return {
250
+ registrySource: "custom",
251
+ registryFile: resolvedRegistryFile,
252
+ agents: merged,
253
+ };
254
+ }
255
+
256
+ export function selectAuditAgents(agents = [], requested = "") {
257
+ const requestedIds = parseAgentFilter(requested);
258
+ if (requestedIds.length === 0) {
259
+ return {
260
+ selected: [...agents],
261
+ requestedIds,
262
+ missing: [],
263
+ };
264
+ }
265
+
266
+ const byId = new Map(agents.map((agent) => [agent.id, agent]));
267
+ const selected = [];
268
+ const missing = [];
269
+ for (const id of requestedIds) {
270
+ const agent = byId.get(id);
271
+ if (!agent) {
272
+ missing.push(id);
273
+ continue;
274
+ }
275
+ selected.push(agent);
276
+ }
277
+
278
+ return {
279
+ selected,
280
+ requestedIds,
281
+ missing,
282
+ };
283
+ }
284
+