npm - verbolab - Versions diffs - 0.1.0-alpha.1 - Mend

verbolab 0.1.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (493) hide show

package/LICENSE +21 -0
package/README.md +71 -0
package/dist/bin/verbo.d.ts +3 -0
package/dist/bin/verbo.d.ts.map +1 -0
package/dist/bin/verbo.js +1156 -0
package/dist/bin/verbo.js.map +1 -0
package/dist/relay/index.d.ts +2 -0
package/dist/relay/index.d.ts.map +1 -0
package/dist/relay/index.js +15 -0
package/dist/relay/index.js.map +1 -0
package/dist/src/agent/agent-launcher.d.ts +64 -0
package/dist/src/agent/agent-launcher.d.ts.map +1 -0
package/dist/src/agent/agent-launcher.js +326 -0
package/dist/src/agent/agent-launcher.js.map +1 -0
package/dist/src/agent/agent-monitor.d.ts +16 -0
package/dist/src/agent/agent-monitor.d.ts.map +1 -0
package/dist/src/agent/agent-monitor.js +41 -0
package/dist/src/agent/agent-monitor.js.map +1 -0
package/dist/src/agent/fun-names.d.ts +9 -0
package/dist/src/agent/fun-names.d.ts.map +1 -0
package/dist/src/agent/fun-names.js +118 -0
package/dist/src/agent/fun-names.js.map +1 -0
package/dist/src/agent/mcp-shim.d.ts +45 -0
package/dist/src/agent/mcp-shim.d.ts.map +1 -0
package/dist/src/agent/mcp-shim.js +192 -0
package/dist/src/agent/mcp-shim.js.map +1 -0
package/dist/src/agent/personas.d.ts +47 -0
package/dist/src/agent/personas.d.ts.map +1 -0
package/dist/src/agent/personas.js +86 -0
package/dist/src/agent/personas.js.map +1 -0
package/dist/src/agent/provider-detection.d.ts +21 -0
package/dist/src/agent/provider-detection.d.ts.map +1 -0
package/dist/src/agent/provider-detection.js +47 -0
package/dist/src/agent/provider-detection.js.map +1 -0
package/dist/src/agent/providers/claude-provider.d.ts +3 -0
package/dist/src/agent/providers/claude-provider.d.ts.map +1 -0
package/dist/src/agent/providers/claude-provider.js +119 -0
package/dist/src/agent/providers/claude-provider.js.map +1 -0
package/dist/src/agent/providers/gemini-provider.d.ts +13 -0
package/dist/src/agent/providers/gemini-provider.d.ts.map +1 -0
package/dist/src/agent/providers/gemini-provider.js +143 -0
package/dist/src/agent/providers/gemini-provider.js.map +1 -0
package/dist/src/agent/providers/openai-provider.d.ts +3 -0
package/dist/src/agent/providers/openai-provider.d.ts.map +1 -0
package/dist/src/agent/providers/openai-provider.js +127 -0
package/dist/src/agent/providers/openai-provider.js.map +1 -0
package/dist/src/agent/providers/registry.d.ts +19 -0
package/dist/src/agent/providers/registry.d.ts.map +1 -0
package/dist/src/agent/providers/registry.js +30 -0
package/dist/src/agent/providers/registry.js.map +1 -0
package/dist/src/agent/providers/types.d.ts +118 -0
package/dist/src/agent/providers/types.d.ts.map +1 -0
package/dist/src/agent/providers/types.js +2 -0
package/dist/src/agent/providers/types.js.map +1 -0
package/dist/src/approval/approval-server.d.ts +17 -0
package/dist/src/approval/approval-server.d.ts.map +1 -0
package/dist/src/approval/approval-server.js +90 -0
package/dist/src/approval/approval-server.js.map +1 -0
package/dist/src/approval/approval-store.d.ts +29 -0
package/dist/src/approval/approval-store.d.ts.map +1 -0
package/dist/src/approval/approval-store.js +94 -0
package/dist/src/approval/approval-store.js.map +1 -0
package/dist/src/auth/auth-store.d.ts +18 -0
package/dist/src/auth/auth-store.d.ts.map +1 -0
package/dist/src/auth/auth-store.js +34 -0
package/dist/src/auth/auth-store.js.map +1 -0
package/dist/src/auth/device-code-client.d.ts +32 -0
package/dist/src/auth/device-code-client.d.ts.map +1 -0
package/dist/src/auth/device-code-client.js +41 -0
package/dist/src/auth/device-code-client.js.map +1 -0
package/dist/src/auth/plan-enforcer.d.ts +8 -0
package/dist/src/auth/plan-enforcer.d.ts.map +1 -0
package/dist/src/auth/plan-enforcer.js +14 -0
package/dist/src/auth/plan-enforcer.js.map +1 -0
package/dist/src/commands/audit.d.ts +7 -0
package/dist/src/commands/audit.d.ts.map +1 -0
package/dist/src/commands/audit.js +92 -0
package/dist/src/commands/audit.js.map +1 -0
package/dist/src/commands/team.d.ts +48 -0
package/dist/src/commands/team.d.ts.map +1 -0
package/dist/src/commands/team.js +175 -0
package/dist/src/commands/team.js.map +1 -0
package/dist/src/config/verbo-config.d.ts +43 -0
package/dist/src/config/verbo-config.d.ts.map +1 -0
package/dist/src/config/verbo-config.js +111 -0
package/dist/src/config/verbo-config.js.map +1 -0
package/dist/src/core/agent-session-store.d.ts +69 -0
package/dist/src/core/agent-session-store.d.ts.map +1 -0
package/dist/src/core/agent-session-store.js +168 -0
package/dist/src/core/agent-session-store.js.map +1 -0
package/dist/src/core/audit-log-store.d.ts +33 -0
package/dist/src/core/audit-log-store.d.ts.map +1 -0
package/dist/src/core/audit-log-store.js +104 -0
package/dist/src/core/audit-log-store.js.map +1 -0
package/dist/src/core/compliance.d.ts +50 -0
package/dist/src/core/compliance.d.ts.map +1 -0
package/dist/src/core/compliance.js +59 -0
package/dist/src/core/compliance.js.map +1 -0
package/dist/src/core/conflict-detector.d.ts +19 -0
package/dist/src/core/conflict-detector.d.ts.map +1 -0
package/dist/src/core/conflict-detector.js +87 -0
package/dist/src/core/conflict-detector.js.map +1 -0
package/dist/src/core/conflict-enforcer.d.ts +37 -0
package/dist/src/core/conflict-enforcer.d.ts.map +1 -0
package/dist/src/core/conflict-enforcer.js +139 -0
package/dist/src/core/conflict-enforcer.js.map +1 -0
package/dist/src/core/cost-store.d.ts +55 -0
package/dist/src/core/cost-store.d.ts.map +1 -0
package/dist/src/core/cost-store.js +140 -0
package/dist/src/core/cost-store.js.map +1 -0
package/dist/src/core/hot-files.d.ts +19 -0
package/dist/src/core/hot-files.d.ts.map +1 -0
package/dist/src/core/hot-files.js +64 -0
package/dist/src/core/hot-files.js.map +1 -0
package/dist/src/core/human-action-store.d.ts +33 -0
package/dist/src/core/human-action-store.d.ts.map +1 -0
package/dist/src/core/human-action-store.js +92 -0
package/dist/src/core/human-action-store.js.map +1 -0
package/dist/src/core/learning-store.d.ts +32 -0
package/dist/src/core/learning-store.d.ts.map +1 -0
package/dist/src/core/learning-store.js +95 -0
package/dist/src/core/learning-store.js.map +1 -0
package/dist/src/core/merge-queue.d.ts +28 -0
package/dist/src/core/merge-queue.d.ts.map +1 -0
package/dist/src/core/merge-queue.js +92 -0
package/dist/src/core/merge-queue.js.map +1 -0
package/dist/src/core/notification-service.d.ts +13 -0
package/dist/src/core/notification-service.d.ts.map +1 -0
package/dist/src/core/notification-service.js +126 -0
package/dist/src/core/notification-service.js.map +1 -0
package/dist/src/core/notifications.d.ts +10 -0
package/dist/src/core/notifications.d.ts.map +1 -0
package/dist/src/core/notifications.js +33 -0
package/dist/src/core/notifications.js.map +1 -0
package/dist/src/core/orchestrator-store.d.ts +44 -0
package/dist/src/core/orchestrator-store.d.ts.map +1 -0
package/dist/src/core/orchestrator-store.js +69 -0
package/dist/src/core/orchestrator-store.js.map +1 -0
package/dist/src/core/parallelizer.d.ts +47 -0
package/dist/src/core/parallelizer.d.ts.map +1 -0
package/dist/src/core/parallelizer.js +224 -0
package/dist/src/core/parallelizer.js.map +1 -0
package/dist/src/core/pipeline-rollback.d.ts +29 -0
package/dist/src/core/pipeline-rollback.d.ts.map +1 -0
package/dist/src/core/pipeline-rollback.js +84 -0
package/dist/src/core/pipeline-rollback.js.map +1 -0
package/dist/src/core/pipeline-runner.d.ts +73 -0
package/dist/src/core/pipeline-runner.d.ts.map +1 -0
package/dist/src/core/pipeline-runner.js +165 -0
package/dist/src/core/pipeline-runner.js.map +1 -0
package/dist/src/core/pr-creator.d.ts +22 -0
package/dist/src/core/pr-creator.d.ts.map +1 -0
package/dist/src/core/pr-creator.js +55 -0
package/dist/src/core/pr-creator.js.map +1 -0
package/dist/src/core/rbac.d.ts +27 -0
package/dist/src/core/rbac.d.ts.map +1 -0
package/dist/src/core/rbac.js +76 -0
package/dist/src/core/rbac.js.map +1 -0
package/dist/src/core/startup-cleanup.d.ts +47 -0
package/dist/src/core/startup-cleanup.d.ts.map +1 -0
package/dist/src/core/startup-cleanup.js +150 -0
package/dist/src/core/startup-cleanup.js.map +1 -0
package/dist/src/core/task-store.d.ts +96 -0
package/dist/src/core/task-store.d.ts.map +1 -0
package/dist/src/core/task-store.js +309 -0
package/dist/src/core/task-store.js.map +1 -0
package/dist/src/core/verbo-config-editor.d.ts +44 -0
package/dist/src/core/verbo-config-editor.d.ts.map +1 -0
package/dist/src/core/verbo-config-editor.js +204 -0
package/dist/src/core/verbo-config-editor.js.map +1 -0
package/dist/src/core/verbo-config.d.ts +35 -0
package/dist/src/core/verbo-config.d.ts.map +1 -0
package/dist/src/core/verbo-config.js +55 -0
package/dist/src/core/verbo-config.js.map +1 -0
package/dist/src/core/verbo-md.d.ts +96 -0
package/dist/src/core/verbo-md.d.ts.map +1 -0
package/dist/src/core/verbo-md.js +410 -0
package/dist/src/core/verbo-md.js.map +1 -0
package/dist/src/db/database.d.ts +9 -0
package/dist/src/db/database.d.ts.map +1 -0
package/dist/src/db/database.js +37 -0
package/dist/src/db/database.js.map +1 -0
package/dist/src/db/migrations/001-personas-subtasks.d.ts +10 -0
package/dist/src/db/migrations/001-personas-subtasks.d.ts.map +1 -0
package/dist/src/db/migrations/001-personas-subtasks.js +32 -0
package/dist/src/db/migrations/001-personas-subtasks.js.map +1 -0
package/dist/src/db/migrations/002-rbac.d.ts +9 -0
package/dist/src/db/migrations/002-rbac.d.ts.map +1 -0
package/dist/src/db/migrations/002-rbac.js +31 -0
package/dist/src/db/migrations/002-rbac.js.map +1 -0
package/dist/src/db/migrations/003-provider-column.d.ts +8 -0
package/dist/src/db/migrations/003-provider-column.d.ts.map +1 -0
package/dist/src/db/migrations/003-provider-column.js +12 -0
package/dist/src/db/migrations/003-provider-column.js.map +1 -0
package/dist/src/db/migrations/004-pipeline-cost.d.ts +8 -0
package/dist/src/db/migrations/004-pipeline-cost.d.ts.map +1 -0
package/dist/src/db/migrations/004-pipeline-cost.js +23 -0
package/dist/src/db/migrations/004-pipeline-cost.js.map +1 -0
package/dist/src/db/migrations/005-audit-log-timestamp.d.ts +10 -0
package/dist/src/db/migrations/005-audit-log-timestamp.d.ts.map +1 -0
package/dist/src/db/migrations/005-audit-log-timestamp.js +39 -0
package/dist/src/db/migrations/005-audit-log-timestamp.js.map +1 -0
package/dist/src/db/migrations/006-human-action-type.d.ts +9 -0
package/dist/src/db/migrations/006-human-action-type.d.ts.map +1 -0
package/dist/src/db/migrations/006-human-action-type.js +16 -0
package/dist/src/db/migrations/006-human-action-type.js.map +1 -0
package/dist/src/db/schema.d.ts +6 -0
package/dist/src/db/schema.d.ts.map +1 -0
package/dist/src/db/schema.js +255 -0
package/dist/src/db/schema.js.map +1 -0
package/dist/src/deps/dependabot-generator.d.ts +22 -0
package/dist/src/deps/dependabot-generator.d.ts.map +1 -0
package/dist/src/deps/dependabot-generator.js +83 -0
package/dist/src/deps/dependabot-generator.js.map +1 -0
package/dist/src/deps/dependabot-monitor.d.ts +22 -0
package/dist/src/deps/dependabot-monitor.d.ts.map +1 -0
package/dist/src/deps/dependabot-monitor.js +28 -0
package/dist/src/deps/dependabot-monitor.js.map +1 -0
package/dist/src/deps/package-auditor.d.ts +24 -0
package/dist/src/deps/package-auditor.d.ts.map +1 -0
package/dist/src/deps/package-auditor.js +118 -0
package/dist/src/deps/package-auditor.js.map +1 -0
package/dist/src/init/ensure-init.d.ts +6 -0
package/dist/src/init/ensure-init.d.ts.map +1 -0
package/dist/src/init/ensure-init.js +27 -0
package/dist/src/init/ensure-init.js.map +1 -0
package/dist/src/init/project-detector.d.ts +11 -0
package/dist/src/init/project-detector.d.ts.map +1 -0
package/dist/src/init/project-detector.js +117 -0
package/dist/src/init/project-detector.js.map +1 -0
package/dist/src/init/questionnaire.d.ts +5 -0
package/dist/src/init/questionnaire.d.ts.map +1 -0
package/dist/src/init/questionnaire.js +112 -0
package/dist/src/init/questionnaire.js.map +1 -0
package/dist/src/init/template.d.ts +17 -0
package/dist/src/init/template.d.ts.map +1 -0
package/dist/src/init/template.js +46 -0
package/dist/src/init/template.js.map +1 -0
package/dist/src/intelligence/claude-client.d.ts +3 -0
package/dist/src/intelligence/claude-client.d.ts.map +1 -0
package/dist/src/intelligence/claude-client.js +12 -0
package/dist/src/intelligence/claude-client.js.map +1 -0
package/dist/src/intelligence/conflict-mediator.d.ts +17 -0
package/dist/src/intelligence/conflict-mediator.d.ts.map +1 -0
package/dist/src/intelligence/conflict-mediator.js +83 -0
package/dist/src/intelligence/conflict-mediator.js.map +1 -0
package/dist/src/intelligence/github-orchestrator.d.ts +30 -0
package/dist/src/intelligence/github-orchestrator.d.ts.map +1 -0
package/dist/src/intelligence/github-orchestrator.js +270 -0
package/dist/src/intelligence/github-orchestrator.js.map +1 -0
package/dist/src/intelligence/kill-switch.d.ts +10 -0
package/dist/src/intelligence/kill-switch.d.ts.map +1 -0
package/dist/src/intelligence/kill-switch.js +12 -0
package/dist/src/intelligence/kill-switch.js.map +1 -0
package/dist/src/intelligence/learnings-extractor.d.ts +13 -0
package/dist/src/intelligence/learnings-extractor.d.ts.map +1 -0
package/dist/src/intelligence/learnings-extractor.js +74 -0
package/dist/src/intelligence/learnings-extractor.js.map +1 -0
package/dist/src/intelligence/project-scanner.d.ts +2 -0
package/dist/src/intelligence/project-scanner.d.ts.map +1 -0
package/dist/src/intelligence/project-scanner.js +28 -0
package/dist/src/intelligence/project-scanner.js.map +1 -0
package/dist/src/intelligence/task-decomposer.d.ts +14 -0
package/dist/src/intelligence/task-decomposer.d.ts.map +1 -0
package/dist/src/intelligence/task-decomposer.js +97 -0
package/dist/src/intelligence/task-decomposer.js.map +1 -0
package/dist/src/intelligence/types.d.ts +14 -0
package/dist/src/intelligence/types.d.ts.map +1 -0
package/dist/src/intelligence/types.js +2 -0
package/dist/src/intelligence/types.js.map +1 -0
package/dist/src/mcp/server.d.ts +63 -0
package/dist/src/mcp/server.d.ts.map +1 -0
package/dist/src/mcp/server.js +537 -0
package/dist/src/mcp/server.js.map +1 -0
package/dist/src/mcp/stdio-entry.d.ts +2 -0
package/dist/src/mcp/stdio-entry.d.ts.map +1 -0
package/dist/src/mcp/stdio-entry.js +124 -0
package/dist/src/mcp/stdio-entry.js.map +1 -0
package/dist/src/mcp/subtask-handlers.d.ts +7 -0
package/dist/src/mcp/subtask-handlers.d.ts.map +1 -0
package/dist/src/mcp/subtask-handlers.js +50 -0
package/dist/src/mcp/subtask-handlers.js.map +1 -0
package/dist/src/security/network-proxy.d.ts +20 -0
package/dist/src/security/network-proxy.d.ts.map +1 -0
package/dist/src/security/network-proxy.js +125 -0
package/dist/src/security/network-proxy.js.map +1 -0
package/dist/src/security/network-sandbox.d.ts +19 -0
package/dist/src/security/network-sandbox.d.ts.map +1 -0
package/dist/src/security/network-sandbox.js +100 -0
package/dist/src/security/network-sandbox.js.map +1 -0
package/dist/src/security/sanitize.d.ts +13 -0
package/dist/src/security/sanitize.d.ts.map +1 -0
package/dist/src/security/sanitize.js +19 -0
package/dist/src/security/sanitize.js.map +1 -0
package/dist/src/security/secrets-patterns.d.ts +29 -0
package/dist/src/security/secrets-patterns.d.ts.map +1 -0
package/dist/src/security/secrets-patterns.js +430 -0
package/dist/src/security/secrets-patterns.js.map +1 -0
package/dist/src/security/secrets-scanner.d.ts +26 -0
package/dist/src/security/secrets-scanner.d.ts.map +1 -0
package/dist/src/security/secrets-scanner.js +62 -0
package/dist/src/security/secrets-scanner.js.map +1 -0
package/dist/src/skills/classifier.d.ts +9 -0
package/dist/src/skills/classifier.d.ts.map +1 -0
package/dist/src/skills/classifier.js +41 -0
package/dist/src/skills/classifier.js.map +1 -0
package/dist/src/skills/registry.d.ts +16 -0
package/dist/src/skills/registry.d.ts.map +1 -0
package/dist/src/skills/registry.js +61 -0
package/dist/src/skills/registry.js.map +1 -0
package/dist/src/sync/events.d.ts +9 -0
package/dist/src/sync/events.d.ts.map +1 -0
package/dist/src/sync/events.js +2 -0
package/dist/src/sync/events.js.map +1 -0
package/dist/src/sync/relay-server.d.ts +18 -0
package/dist/src/sync/relay-server.d.ts.map +1 -0
package/dist/src/sync/relay-server.js +131 -0
package/dist/src/sync/relay-server.js.map +1 -0
package/dist/src/sync/sync-client.d.ts +31 -0
package/dist/src/sync/sync-client.d.ts.map +1 -0
package/dist/src/sync/sync-client.js +314 -0
package/dist/src/sync/sync-client.js.map +1 -0
package/dist/src/tui/app.d.ts +35 -0
package/dist/src/tui/app.d.ts.map +1 -0
package/dist/src/tui/app.js +676 -0
package/dist/src/tui/app.js.map +1 -0
package/dist/src/tui/components/activity-feed.d.ts +12 -0
package/dist/src/tui/components/activity-feed.d.ts.map +1 -0
package/dist/src/tui/components/activity-feed.js +82 -0
package/dist/src/tui/components/activity-feed.js.map +1 -0
package/dist/src/tui/components/agent-list.d.ts +19 -0
package/dist/src/tui/components/agent-list.d.ts.map +1 -0
package/dist/src/tui/components/agent-list.js +33 -0
package/dist/src/tui/components/agent-list.js.map +1 -0
package/dist/src/tui/components/agent-row.d.ts +12 -0
package/dist/src/tui/components/agent-row.d.ts.map +1 -0
package/dist/src/tui/components/agent-row.js +37 -0
package/dist/src/tui/components/agent-row.js.map +1 -0
package/dist/src/tui/components/approval-terminal.d.ts +13 -0
package/dist/src/tui/components/approval-terminal.d.ts.map +1 -0
package/dist/src/tui/components/approval-terminal.js +34 -0
package/dist/src/tui/components/approval-terminal.js.map +1 -0
package/dist/src/tui/components/audit-viewer.d.ts +16 -0
package/dist/src/tui/components/audit-viewer.d.ts.map +1 -0
package/dist/src/tui/components/audit-viewer.js +46 -0
package/dist/src/tui/components/audit-viewer.js.map +1 -0
package/dist/src/tui/components/auth-gate.d.ts +9 -0
package/dist/src/tui/components/auth-gate.d.ts.map +1 -0
package/dist/src/tui/components/auth-gate.js +112 -0
package/dist/src/tui/components/auth-gate.js.map +1 -0
package/dist/src/tui/components/command-palette.d.ts +12 -0
package/dist/src/tui/components/command-palette.d.ts.map +1 -0
package/dist/src/tui/components/command-palette.js +51 -0
package/dist/src/tui/components/command-palette.js.map +1 -0
package/dist/src/tui/components/compliance-badge.d.ts +11 -0
package/dist/src/tui/components/compliance-badge.d.ts.map +1 -0
package/dist/src/tui/components/compliance-badge.js +12 -0
package/dist/src/tui/components/compliance-badge.js.map +1 -0
package/dist/src/tui/components/decomposition-review.d.ts +10 -0
package/dist/src/tui/components/decomposition-review.d.ts.map +1 -0
package/dist/src/tui/components/decomposition-review.js +19 -0
package/dist/src/tui/components/decomposition-review.js.map +1 -0
package/dist/src/tui/components/dependency-graph.d.ts +13 -0
package/dist/src/tui/components/dependency-graph.d.ts.map +1 -0
package/dist/src/tui/components/dependency-graph.js +143 -0
package/dist/src/tui/components/dependency-graph.js.map +1 -0
package/dist/src/tui/components/diff-viewer.d.ts +11 -0
package/dist/src/tui/components/diff-viewer.d.ts.map +1 -0
package/dist/src/tui/components/diff-viewer.js +82 -0
package/dist/src/tui/components/diff-viewer.js.map +1 -0
package/dist/src/tui/components/edit-task-input.d.ts +10 -0
package/dist/src/tui/components/edit-task-input.d.ts.map +1 -0
package/dist/src/tui/components/edit-task-input.js +20 -0
package/dist/src/tui/components/edit-task-input.js.map +1 -0
package/dist/src/tui/components/footer.d.ts +12 -0
package/dist/src/tui/components/footer.d.ts.map +1 -0
package/dist/src/tui/components/footer.js +41 -0
package/dist/src/tui/components/footer.js.map +1 -0
package/dist/src/tui/components/header.d.ts +8 -0
package/dist/src/tui/components/header.d.ts.map +1 -0
package/dist/src/tui/components/header.js +20 -0
package/dist/src/tui/components/header.js.map +1 -0
package/dist/src/tui/components/human-actions.d.ts +14 -0
package/dist/src/tui/components/human-actions.d.ts.map +1 -0
package/dist/src/tui/components/human-actions.js +43 -0
package/dist/src/tui/components/human-actions.js.map +1 -0
package/dist/src/tui/components/log-panel.d.ts +10 -0
package/dist/src/tui/components/log-panel.d.ts.map +1 -0
package/dist/src/tui/components/log-panel.js +38 -0
package/dist/src/tui/components/log-panel.js.map +1 -0
package/dist/src/tui/components/memory-viewer.d.ts +10 -0
package/dist/src/tui/components/memory-viewer.d.ts.map +1 -0
package/dist/src/tui/components/memory-viewer.js +44 -0
package/dist/src/tui/components/memory-viewer.js.map +1 -0
package/dist/src/tui/components/new-task-input.d.ts +9 -0
package/dist/src/tui/components/new-task-input.d.ts.map +1 -0
package/dist/src/tui/components/new-task-input.js +21 -0
package/dist/src/tui/components/new-task-input.js.map +1 -0
package/dist/src/tui/components/orchestrator-status.d.ts +9 -0
package/dist/src/tui/components/orchestrator-status.d.ts.map +1 -0
package/dist/src/tui/components/orchestrator-status.js +15 -0
package/dist/src/tui/components/orchestrator-status.js.map +1 -0
package/dist/src/tui/components/parallelize-banner.d.ts +8 -0
package/dist/src/tui/components/parallelize-banner.d.ts.map +1 -0
package/dist/src/tui/components/parallelize-banner.js +9 -0
package/dist/src/tui/components/parallelize-banner.js.map +1 -0
package/dist/src/tui/components/progress-bar.d.ts +9 -0
package/dist/src/tui/components/progress-bar.d.ts.map +1 -0
package/dist/src/tui/components/progress-bar.js +15 -0
package/dist/src/tui/components/progress-bar.js.map +1 -0
package/dist/src/tui/components/review-queue.d.ts +13 -0
package/dist/src/tui/components/review-queue.d.ts.map +1 -0
package/dist/src/tui/components/review-queue.js +78 -0
package/dist/src/tui/components/review-queue.js.map +1 -0
package/dist/src/tui/components/rich-header.d.ts +11 -0
package/dist/src/tui/components/rich-header.d.ts.map +1 -0
package/dist/src/tui/components/rich-header.js +25 -0
package/dist/src/tui/components/rich-header.js.map +1 -0
package/dist/src/tui/components/spinner.d.ts +7 -0
package/dist/src/tui/components/spinner.d.ts.map +1 -0
package/dist/src/tui/components/spinner.js +8 -0
package/dist/src/tui/components/spinner.js.map +1 -0
package/dist/src/tui/components/status-bar.d.ts +23 -0
package/dist/src/tui/components/status-bar.d.ts.map +1 -0
package/dist/src/tui/components/status-bar.js +28 -0
package/dist/src/tui/components/status-bar.js.map +1 -0
package/dist/src/tui/components/task-queue.d.ts +11 -0
package/dist/src/tui/components/task-queue.d.ts.map +1 -0
package/dist/src/tui/components/task-queue.js +30 -0
package/dist/src/tui/components/task-queue.js.map +1 -0
package/dist/src/tui/components/team-view.d.ts +13 -0
package/dist/src/tui/components/team-view.d.ts.map +1 -0
package/dist/src/tui/components/team-view.js +12 -0
package/dist/src/tui/components/team-view.js.map +1 -0
package/dist/src/tui/graph-renderer.d.ts +11 -0
package/dist/src/tui/graph-renderer.d.ts.map +1 -0
package/dist/src/tui/graph-renderer.js +296 -0
package/dist/src/tui/graph-renderer.js.map +1 -0
package/dist/src/tui/hooks/use-bell.d.ts +21 -0
package/dist/src/tui/hooks/use-bell.d.ts.map +1 -0
package/dist/src/tui/hooks/use-bell.js +38 -0
package/dist/src/tui/hooks/use-bell.js.map +1 -0
package/dist/src/tui/hooks/use-ci-status.d.ts +16 -0
package/dist/src/tui/hooks/use-ci-status.d.ts.map +1 -0
package/dist/src/tui/hooks/use-ci-status.js +97 -0
package/dist/src/tui/hooks/use-ci-status.js.map +1 -0
package/dist/src/tui/hooks/use-command-palette.d.ts +37 -0
package/dist/src/tui/hooks/use-command-palette.d.ts.map +1 -0
package/dist/src/tui/hooks/use-command-palette.js +108 -0
package/dist/src/tui/hooks/use-command-palette.js.map +1 -0
package/dist/src/tui/hooks/use-diff-view.d.ts +16 -0
package/dist/src/tui/hooks/use-diff-view.d.ts.map +1 -0
package/dist/src/tui/hooks/use-diff-view.js +75 -0
package/dist/src/tui/hooks/use-diff-view.js.map +1 -0
package/dist/src/tui/hooks/use-keyboard.d.ts +3 -0
package/dist/src/tui/hooks/use-keyboard.d.ts.map +1 -0
package/dist/src/tui/hooks/use-keyboard.js +70 -0
package/dist/src/tui/hooks/use-keyboard.js.map +1 -0
package/dist/src/tui/hooks/use-log-stream.d.ts +25 -0
package/dist/src/tui/hooks/use-log-stream.d.ts.map +1 -0
package/dist/src/tui/hooks/use-log-stream.js +83 -0
package/dist/src/tui/hooks/use-log-stream.js.map +1 -0
package/dist/src/tui/hooks/use-spinner.d.ts +3 -0
package/dist/src/tui/hooks/use-spinner.d.ts.map +1 -0
package/dist/src/tui/hooks/use-spinner.js +13 -0
package/dist/src/tui/hooks/use-spinner.js.map +1 -0
package/dist/src/tui/hooks/use-store.d.ts +33 -0
package/dist/src/tui/hooks/use-store.d.ts.map +1 -0
package/dist/src/tui/hooks/use-store.js +21 -0
package/dist/src/tui/hooks/use-store.js.map +1 -0
package/dist/src/tui/lib/diff-parser.d.ts +24 -0
package/dist/src/tui/lib/diff-parser.d.ts.map +1 -0
package/dist/src/tui/lib/diff-parser.js +115 -0
package/dist/src/tui/lib/diff-parser.js.map +1 -0
package/dist/src/tui/lib/palette-commands.d.ts +14 -0
package/dist/src/tui/lib/palette-commands.d.ts.map +1 -0
package/dist/src/tui/lib/palette-commands.js +101 -0
package/dist/src/tui/lib/palette-commands.js.map +1 -0
package/dist/src/tui/tui.d.ts +8 -0
package/dist/src/tui/tui.d.ts.map +1 -0
package/dist/src/tui/tui.js +8 -0
package/dist/src/tui/tui.js.map +1 -0
package/package.json +66 -0
package/skills/api-design.md +84 -0
package/skills/backend-typescript.md +76 -0
package/skills/data-modeling.md +73 -0
package/skills/devops-ci.md +82 -0
package/skills/frontend-design.md +69 -0
package/skills/observability.md +73 -0
package/skills/react-nextjs.md +76 -0
package/skills/refactoring.md +77 -0
package/skills/security.md +75 -0
package/skills/testing.md +69 -0

package/dist/src/mcp/stdio-entry.js ADDED Viewed

@@ -0,0 +1,124 @@
+import path from 'path';
+import { spawn, spawnSync } from 'child_process';
+import fs from 'fs';
+import { ulid } from 'ulid';
+import { createDatabase } from '../db/database.js';
+import { createTaskStore } from '../core/task-store.js';
+import { createAgentSessionStore } from '../core/agent-session-store.js';
+import { createConflictDetector } from '../core/conflict-detector.js';
+import { createHumanActionStore } from '../core/human-action-store.js';
+import { createOrchestratorStore } from '../core/orchestrator-store.js';
+import { createRbacStore, createRbacChecker } from '../core/rbac.js';
+import { createCostStore } from '../core/cost-store.js';
+import { createVerboMcpServer } from './server.js';
+import { decodeJwtPayload } from '../auth/device-code-client.js';
+import { sanitizeForShell } from '../security/sanitize.js';
+const dbPath = process.env.VERBO_DB_PATH;
+/**
+ * Derive humanId from the authenticated JWT token rather than trusting an
+ * env var that any process could set to impersonate a user.
+ * Falls back to 'local' only when no token is available (local dev).
+ */
+function resolveHumanId() {
+    const token = process.env.VERBO_AUTH_TOKEN;
+    if (token) {
+        try {
+            const payload = decodeJwtPayload(token);
+            return payload.sub;
+        }
+        catch {
+            // Invalid token — fall back to 'local'
+        }
+    }
+    return 'local';
+}
+const humanId = resolveHumanId();
+// Derive project root from DB path (.verbo/verbo.db → project root)
+const projectDir = path.resolve(dbPath, '..', '..');
+// Each agent process gets a unique pipeline run ID for per-session cost tracking
+const pipelineRunId = process.env.VERBO_PIPELINE_RUN_ID ?? ulid();
+const budgetPerTaskUsd = process.env.VERBO_BUDGET_PER_TASK_USD
+    ? parseFloat(process.env.VERBO_BUDGET_PER_TASK_USD)
+    : undefined;
+const db = createDatabase(dbPath);
+const tasks = createTaskStore(db);
+const sessions = createAgentSessionStore(db);
+const detector = createConflictDetector(tasks);
+const humanActions = createHumanActionStore(db);
+const orchestratorStore = createOrchestratorStore();
+const rbacStore = createRbacStore(db.raw());
+const rbac = createRbacChecker(rbacStore);
+const costStore = createCostStore(db);
+/**
+ * Launch a claude agent subprocess for a spawned subtask.
+ * Resolves as soon as the process is started so the parent agent can
+ * immediately call await_subtask and poll for completion.
+ */
+function launchSubtaskAgent(subtask) {
+    const worktreePath = path.join(projectDir, '.verbo', 'agents', subtask.id);
+    const branch = `verbo/${subtask.id}`;
+    const mcpConfigPath = path.join(projectDir, '.verbo', 'mcp.json');
+    const approvalPort = parseInt(process.env.VERBO_APPROVAL_PORT ?? '5050');
+    // Recreate worktree (clean up stale from previous run if any)
+    // Use spawnSync with argument arrays to avoid shell injection
+    try {
+        spawnSync('git', ['worktree', 'remove', worktreePath, '--force'], { cwd: projectDir, stdio: 'ignore' });
+    }
+    catch { }
+    try {
+        spawnSync('git', ['branch', '-D', branch], { cwd: projectDir, stdio: 'ignore' });
+    }
+    catch { }
+    const worktreeResult = spawnSync('git', ['worktree', 'add', worktreePath, '-b', branch], { cwd: projectDir, stdio: 'pipe' });
+    if (worktreeResult.status !== 0) {
+        throw new Error(`git worktree add failed: ${worktreeResult.stderr?.toString()}`);
+    }
+    // Write medium-trust approval hook config
+    const claudeDir = path.join(worktreePath, '.claude');
+    if (!fs.existsSync(claudeDir))
+        fs.mkdirSync(claudeDir, { recursive: true });
+    fs.writeFileSync(path.join(claudeDir, 'settings.json'), JSON.stringify({
+        hooks: { PreToolUse: [{ matcher: 'Bash|Write', hooks: [{ type: 'http', url: `http://127.0.0.1:${approvalPort}/hooks`, timeout: 300 }] }] },
+    }, null, 2));
+    const prompt = [
+        `You are an autonomous coding agent working on a Verbo subtask.`,
+        `Task ID: ${subtask.id}`,
+        `Title: ${subtask.title}`,
+        subtask.description ? `Description: ${subtask.description}` : '',
+        subtask.filePaths?.length ? `Files: ${subtask.filePaths.join(', ')}` : '',
+        `\nWorkflow:`,
+        `1. Call claim_task with taskId="${subtask.id}"`,
+        `2. Call update_progress after each major step`,
+        `3. Implement the task`,
+        `4. Run: git add -A && git commit -m "feat: ${sanitizeForShell(subtask.title)}"`,
+        `5. Call complete_task with a summary`,
+        `\nAlways use Verbo MCP tools to communicate progress.`,
+    ].filter(Boolean).join('\n');
+    const logDir = path.join(projectDir, '.verbo', 'logs');
+    if (!fs.existsSync(logDir))
+        fs.mkdirSync(logDir, { recursive: true });
+    const logStream = fs.createWriteStream(path.join(logDir, `${subtask.id}.log`), { flags: 'a' });
+    logStream.write(`--- Subtask agent launched at ${new Date().toISOString()} ---\n`);
+    const child = spawn('claude', [
+        '-p', prompt,
+        '--mcp-config', mcpConfigPath,
+        '--output-format', 'stream-json',
+        '--allowedTools', 'Read,Glob,Grep,Edit,Write,Bash,mcp__verbo__claim_task,mcp__verbo__update_progress,mcp__verbo__complete_task,mcp__verbo__create_task,mcp__verbo__report_files,mcp__verbo__get_conflicts,mcp__verbo__unclaim_task,mcp__verbo__flag_human_action,mcp__verbo__list_human_actions,mcp__verbo__resolve_human_action,mcp__verbo__report_token_usage,mcp__verbo__spawn_subtask,mcp__verbo__await_subtask,mcp__verbo__list_tasks,mcp__verbo__list_sessions',
+    ], { cwd: worktreePath, stdio: ['ignore', 'pipe', 'pipe'] });
+    child.stdout?.on('data', (d) => logStream.write(d.toString()));
+    child.stderr?.on('data', (d) => logStream.write(`[stderr] ${d.toString()}`));
+    child.on('close', (code) => {
+        logStream.write(`\n--- Subtask exited with code ${code} at ${new Date().toISOString()} ---\n`);
+        logStream.end();
+        if (code !== 0)
+            tasks.unclaim(subtask.id);
+    });
+}
+const mcp = createVerboMcpServer({
+    tasks, sessions, detector, humanActions, humanId, rbac,
+    projectDir, orchestratorStore,
+    costStore, pipelineRunId, budgetPerTaskUsd,
+    onSpawnSubtask: async (subtask) => { launchSubtaskAgent(subtask); },
+});
+await mcp.startStdio();
+//# sourceMappingURL=stdio-entry.js.map

package/dist/src/mcp/stdio-entry.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"stdio-entry.js","sourceRoot":"","sources":["../../../src/mcp/stdio-entry.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD,OAAO,EAAE,uBAAuB,EAAE,MAAM,gCAAgC,CAAC;AACzE,OAAO,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AACtE,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,+BAA+B,CAAC;AACxE,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAE3D,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAc,CAAC;AAE1C;;;;GAIG;AACH,SAAS,cAAc;IACrB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAC3C,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACxC,OAAO,OAAO,CAAC,GAAG,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,uCAAuC;QACzC,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,OAAO,GAAG,cAAc,EAAE,CAAC;AAEjC,oEAAoE;AACpE,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AAEpD,iFAAiF;AACjF,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,IAAI,EAAE,CAAC;AAClE,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,yBAAyB;IAC5D,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;IACnD,CAAC,CAAC,SAAS,CAAC;AAEd,MAAM,EAAE,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;AAClC,MAAM,KAAK,GAAG,eAAe,CAAC,EAAE,CAAC,CAAC;AAClC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,EAAE,CAAC,CAAC;AAC7C,MAAM,QAAQ,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;AAC/C,MAAM,YAAY,GAAG,sBAAsB,CAAC,EAAE,CAAC,CAAC;AAChD,MAAM,iBAAiB,GAAG,uBAAuB,EAAE,CAAC;AACpD,MAAM,SAAS,GAAG,eAAe,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;AAC5C,MAAM,IAAI,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;AAC1C,MAAM,SAAS,GAAG,eAAe,CAAC,EAAE,CAAC,CAAC;AACtC;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,OAAa;IACvC,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,SAAS,OAAO,CAAC,EAAE,EAAE,CAAC;IACrC,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;IAClE,MAAM,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,MAAM,CAAC,CAAC;IAEzE,8DAA8D;IAC9D,8DAA8D;IAC9D,IAAI,CAAC;QAAC,SAAS,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,CAAC,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IACzH,IAAI,CAAC;QAAC,SAAS,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAClG,MAAM,cAAc,GAAG,SAAS,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,KAAK,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7H,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,4BAA4B,cAAc,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,0CAA0C;IAC1C,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IACrD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5E,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC;QACrE,KAAK,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,oBAAoB,YAAY,QAAQ,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE;KAC3I,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAEb,MAAM,MAAM,GAAG;QACb,gEAAgE;QAChE,YAAY,OAAO,CAAC,EAAE,EAAE;QACxB,UAAU,OAAO,CAAC,KAAK,EAAE;QACzB,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,gBAAgB,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE;QAChE,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,UAAU,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE;QACzE,aAAa;QACb,mCAAmC,OAAO,CAAC,EAAE,GAAG;QAChD,+CAA+C;QAC/C,uBAAuB;QACvB,8CAA8C,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG;QAChF,sCAAsC;QACtC,uDAAuD;KACxD,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE7B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IACvD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACtE,MAAM,SAAS,GAAG,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,OAAO,CAAC,EAAE,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;IAC/F,SAAS,CAAC,KAAK,CAAC,iCAAiC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAEnF,MAAM,KAAK,GAAG,KAAK,CAAC,QAAQ,EAAE;QAC5B,IAAI,EAAE,MAAM;QACZ,cAAc,EAAE,aAAa;QAC7B,iBAAiB,EAAE,aAAa;QAChC,gBAAgB,EAAE,mbAAmb;KACtc,EAAE,EAAE,GAAG,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IAE7D,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IACvE,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,CAAC;IACrF,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAmB,EAAE,EAAE;QACxC,SAAS,CAAC,KAAK,CAAC,kCAAkC,IAAI,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;QAC/F,SAAS,CAAC,GAAG,EAAE,CAAC;QAChB,IAAI,IAAI,KAAK,CAAC;YAAE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,GAAG,GAAG,oBAAoB,CAAC;IAC/B,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,IAAI;IACtD,UAAU,EAAE,iBAAiB;IAC7B,SAAS,EAAE,aAAa,EAAE,gBAAgB;IAC1C,cAAc,EAAE,KAAK,EAAE,OAAa,EAAE,EAAE,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;CAC1E,CAAC,CAAC;AAEH,MAAM,GAAG,CAAC,UAAU,EAAE,CAAC"}

package/dist/src/mcp/subtask-handlers.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { Task, TaskStore } from '../core/task-store.js';
+export declare const MAX_SUBTASK_DEPTH = 2;
+export declare function createSubtaskHandlers(tasks: TaskStore, onSpawnSubtask?: (subtask: Task) => void): {
+    spawnSubtask: (args: unknown) => Promise<Task>;
+    awaitSubtask: (args: unknown) => Promise<Task>;
+};
+//# sourceMappingURL=subtask-handlers.d.ts.map

package/dist/src/mcp/subtask-handlers.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"subtask-handlers.d.ts","sourceRoot":"","sources":["../../../src/mcp/subtask-handlers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAI7D,eAAO,MAAM,iBAAiB,IAAI,CAAC;AAMnC,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,SAAS,EAChB,cAAc,CAAC,EAAE,CAAC,OAAO,EAAE,IAAI,KAAK,IAAI;yBAEN,OAAO,KAAG,OAAO,CAAC,IAAI,CAAC;yBAqCvB,OAAO,KAAG,OAAO,CAAC,IAAI,CAAC;EAiC1D"}

package/dist/src/mcp/subtask-handlers.js ADDED Viewed

@@ -0,0 +1,50 @@
+// ---- Constants ----
+export const MAX_SUBTASK_DEPTH = 2;
+const AWAIT_POLL_INTERVAL_MS = 3000;
+const AWAIT_DEFAULT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
+// ---- Factory ----
+export function createSubtaskHandlers(tasks, onSpawnSubtask) {
+    async function spawnSubtask(args) {
+        const { parentTaskId, title, description, priority, filePaths, autoLaunch } = args;
+        const parent = tasks.get(parentTaskId);
+        if (!parent) {
+            throw new Error(`Parent task not found: ${parentTaskId}`);
+        }
+        const parentDepth = parent.depth ?? 0;
+        if (parentDepth >= MAX_SUBTASK_DEPTH) {
+            throw new Error(`Cannot spawn subtask: parent task is at max depth (${MAX_SUBTASK_DEPTH})`);
+        }
+        const subtask = tasks.create({
+            title,
+            description,
+            priority,
+            filePaths,
+            parentTaskId,
+        });
+        if (autoLaunch) {
+            onSpawnSubtask?.(subtask);
+        }
+        return subtask;
+    }
+    async function awaitSubtask(args) {
+        const { subtaskId, timeoutMs } = args;
+        const timeout = Math.min(timeoutMs ?? AWAIT_DEFAULT_TIMEOUT_MS, AWAIT_DEFAULT_TIMEOUT_MS);
+        const deadline = Date.now() + timeout;
+        while (true) {
+            const task = tasks.get(subtaskId);
+            if (!task) {
+                throw new Error(`Subtask not found: ${subtaskId}`);
+            }
+            if (task.status === 'done') {
+                return task;
+            }
+            const remaining = deadline - Date.now();
+            if (remaining <= 0) {
+                throw new Error(`Timed out waiting for subtask ${subtaskId} after ${timeout}ms`);
+            }
+            await new Promise((resolve) => setTimeout(resolve, Math.min(AWAIT_POLL_INTERVAL_MS, remaining)));
+        }
+    }
+    return { spawnSubtask, awaitSubtask };
+}
+//# sourceMappingURL=subtask-handlers.js.map

package/dist/src/mcp/subtask-handlers.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"subtask-handlers.js","sourceRoot":"","sources":["../../../src/mcp/subtask-handlers.ts"],"names":[],"mappings":"AAEA,sBAAsB;AAEtB,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC;AACnC,MAAM,sBAAsB,GAAG,IAAI,CAAC;AACpC,MAAM,wBAAwB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AAE5D,oBAAoB;AAEpB,MAAM,UAAU,qBAAqB,CACnC,KAAgB,EAChB,cAAwC;IAExC,KAAK,UAAU,YAAY,CAAC,IAAa;QACvC,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,IAO7E,CAAC;QAEF,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,0BAA0B,YAAY,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,IAAI,CAAC,CAAC;QACtC,IAAI,WAAW,IAAI,iBAAiB,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CACb,sDAAsD,iBAAiB,GAAG,CAC3E,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC;YAC3B,KAAK;YACL,WAAW;YACX,QAAQ;YACR,SAAS;YACT,YAAY;SACb,CAAC,CAAC;QAEH,IAAI,UAAU,EAAE,CAAC;YACf,cAAc,EAAE,CAAC,OAAO,CAAC,CAAC;QAC5B,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,UAAU,YAAY,CAAC,IAAa;QACvC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAGhC,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,wBAAwB,EAAE,wBAAwB,CAAC,CAAC;QAC1F,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;QAEtC,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAClC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,MAAM,IAAI,KAAK,CAAC,sBAAsB,SAAS,EAAE,CAAC,CAAC;YACrD,CAAC;YAED,IAAI,IAAI,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC3B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,SAAS,GAAG,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACxC,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;gBACnB,MAAM,IAAI,KAAK,CACb,iCAAiC,SAAS,UAAU,OAAO,IAAI,CAChE,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAClC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,GAAG,CAAC,sBAAsB,EAAE,SAAS,CAAC,CAAC,CACjE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,CAAC;AACxC,CAAC"}

package/dist/src/security/network-proxy.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+export type AuditEventType = 'network_blocked' | 'network_allowed';
+export interface AuditEvent {
+    type: AuditEventType;
+    host: string;
+    port: number;
+    method: string;
+    timestamp: string;
+}
+export type AuditCallback = (event: AuditEvent) => void;
+export interface NetworkProxyOptions {
+    isAllowed: (host: string) => boolean;
+    onAuditEvent?: AuditCallback;
+}
+export interface NetworkProxy {
+    start(): Promise<number>;
+    stop(): Promise<void>;
+    port(): number;
+}
+export declare function createNetworkProxy(options: NetworkProxyOptions): NetworkProxy;
+//# sourceMappingURL=network-proxy.d.ts.map

package/dist/src/security/network-proxy.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"network-proxy.d.ts","sourceRoot":"","sources":["../../../src/security/network-proxy.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,cAAc,GAAG,iBAAiB,GAAG,iBAAiB,CAAC;AAEnE,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,aAAa,GAAG,CAAC,KAAK,EAAE,UAAU,KAAK,IAAI,CAAC;AAExD,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC;IACrC,YAAY,CAAC,EAAE,aAAa,CAAC;CAC9B;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IACzB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACtB,IAAI,IAAI,MAAM,CAAC;CAChB;AAID,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,mBAAmB,GAAG,YAAY,CAkJ7E"}

package/dist/src/security/network-proxy.js ADDED Viewed

@@ -0,0 +1,125 @@
+import http from 'http';
+import net from 'net';
+// ---- Factory ----
+export function createNetworkProxy(options) {
+    const { isAllowed, onAuditEvent } = options;
+    let server = null;
+    let _port = 0;
+    function emit(event) {
+        onAuditEvent?.(event);
+    }
+    // Handle HTTPS CONNECT tunneling
+    function handleConnect(req, clientSocket, _head) {
+        const [host, portStr] = (req.url ?? '').split(':');
+        const port = parseInt(portStr ?? '443', 10);
+        if (!host || !isAllowed(host)) {
+            emit({
+                type: 'network_blocked',
+                host: host ?? '',
+                port,
+                method: 'CONNECT',
+                timestamp: new Date().toISOString(),
+            });
+            clientSocket.write('HTTP/1.1 403 Forbidden\r\n\r\n');
+            clientSocket.destroy();
+            return;
+        }
+        emit({
+            type: 'network_allowed',
+            host,
+            port,
+            method: 'CONNECT',
+            timestamp: new Date().toISOString(),
+        });
+        const serverSocket = net.connect(port, host, () => {
+            clientSocket.write('HTTP/1.1 200 Connection Established\r\nProxy-agent: verbo-sandbox\r\n\r\n');
+            serverSocket.pipe(clientSocket);
+            clientSocket.pipe(serverSocket);
+        });
+        serverSocket.on('error', () => {
+            clientSocket.destroy();
+        });
+        clientSocket.on('error', () => {
+            serverSocket.destroy();
+        });
+    }
+    // Handle plain HTTP proxy requests
+    function handleRequest(req, res) {
+        let parsedUrl;
+        try {
+            parsedUrl = new URL(req.url ?? '');
+        }
+        catch {
+            res.writeHead(400);
+            res.end('Bad Request');
+            return;
+        }
+        const host = parsedUrl.hostname;
+        const port = parseInt(parsedUrl.port || '80', 10);
+        const method = req.method ?? 'GET';
+        if (!isAllowed(host)) {
+            emit({
+                type: 'network_blocked',
+                host,
+                port,
+                method,
+                timestamp: new Date().toISOString(),
+            });
+            res.writeHead(403, { 'Content-Type': 'text/plain' });
+            res.end(`Forbidden: ${host} is not in the allowed domains list`);
+            return;
+        }
+        emit({ type: 'network_allowed', host, port, method, timestamp: new Date().toISOString() });
+        // Strip proxy-specific headers
+        const headers = { ...req.headers };
+        delete headers['proxy-connection'];
+        delete headers['proxy-authorization'];
+        const proxyReq = http.request({
+            hostname: host,
+            port,
+            path: parsedUrl.pathname + parsedUrl.search,
+            method,
+            headers,
+        }, (proxyRes) => {
+            res.writeHead(proxyRes.statusCode ?? 200, proxyRes.headers);
+            proxyRes.pipe(res);
+        });
+        proxyReq.on('error', () => {
+            if (!res.headersSent) {
+                res.writeHead(502);
+            }
+            res.end('Bad Gateway');
+        });
+        req.pipe(proxyReq);
+    }
+    return {
+        start() {
+            return new Promise((resolve, reject) => {
+                server = http.createServer(handleRequest);
+                server.on('connect', handleConnect);
+                server.on('error', reject);
+                server.listen(0, '127.0.0.1', () => {
+                    const addr = server.address();
+                    _port = addr.port;
+                    resolve(_port);
+                });
+            });
+        },
+        stop() {
+            return new Promise((resolve) => {
+                if (!server) {
+                    resolve();
+                    return;
+                }
+                const s = server;
+                server = null;
+                _port = 0;
+                s.close(() => resolve());
+            });
+        },
+        port() {
+            return _port;
+        },
+    };
+}
+//# sourceMappingURL=network-proxy.js.map

package/dist/src/security/network-proxy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"network-proxy.js","sourceRoot":"","sources":["../../../src/security/network-proxy.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,GAAG,MAAM,KAAK,CAAC;AA2BtB,oBAAoB;AAEpB,MAAM,UAAU,kBAAkB,CAAC,OAA4B;IAC7D,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC;IAC5C,IAAI,MAAM,GAAuB,IAAI,CAAC;IACtC,IAAI,KAAK,GAAG,CAAC,CAAC;IAEd,SAAS,IAAI,CAAC,KAAiB;QAC7B,YAAY,EAAE,CAAC,KAAK,CAAC,CAAC;IACxB,CAAC;IAED,iCAAiC;IACjC,SAAS,aAAa,CACpB,GAAyB,EACzB,YAAwB,EACxB,KAAa;QAEb,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACnD,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,IAAI,KAAK,EAAE,EAAE,CAAC,CAAC;QAE5C,IAAI,CAAC,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,IAAI,EAAE,iBAAiB;gBACvB,IAAI,EAAE,IAAI,IAAI,EAAE;gBAChB,IAAI;gBACJ,MAAM,EAAE,SAAS;gBACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,CAAC,CAAC;YACH,YAAY,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YACrD,YAAY,CAAC,OAAO,EAAE,CAAC;YACvB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,IAAI,EAAE,iBAAiB;YACvB,IAAI;YACJ,IAAI;YACJ,MAAM,EAAE,SAAS;YACjB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE;YAChD,YAAY,CAAC,KAAK,CAChB,2EAA2E,CAC5E,CAAC;YACF,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAChC,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YAC5B,YAAY,CAAC,OAAO,EAAE,CAAC;QACzB,CAAC,CAAC,CAAC;QAEH,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YAC5B,YAAY,CAAC,OAAO,EAAE,CAAC;QACzB,CAAC,CAAC,CAAC;IACL,CAAC;IAED,mCAAmC;IACnC,SAAS,aAAa,CAAC,GAAyB,EAAE,GAAwB;QACxE,IAAI,SAAc,CAAC;QACnB,IAAI,CAAC;YACH,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACnB,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACvB,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,SAAS,CAAC,QAAQ,CAAC;QAChC,MAAM,IAAI,GAAG,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;QAClD,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,KAAK,CAAC;QAEnC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,IAAI,EAAE,iBAAiB;gBACvB,IAAI;gBACJ,IAAI;gBACJ,MAAM;gBACN,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,CAAC,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,YAAY,EAAE,CAAC,CAAC;YACrD,GAAG,CAAC,GAAG,CAAC,cAAc,IAAI,qCAAqC,CAAC,CAAC;YACjE,OAAO;QACT,CAAC;QAED,IAAI,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAE3F,+BAA+B;QAC/B,MAAM,OAAO,GAAG,EAAE,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;QACnC,OAAO,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACnC,OAAO,OAAO,CAAC,qBAAqB,CAAC,CAAC;QAEtC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAC3B;YACE,QAAQ,EAAE,IAAI;YACd,IAAI;YACJ,IAAI,EAAE,SAAS,CAAC,QAAQ,GAAG,SAAS,CAAC,MAAM;YAC3C,MAAM;YACN,OAAO;SACR,EACD,CAAC,QAAQ,EAAE,EAAE;YACX,GAAG,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,IAAI,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC5D,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC,CACF,CAAC;QAEF,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACxB,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;gBACrB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACrB,CAAC;YACD,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrB,CAAC;IAED,OAAO;QACL,KAAK;YACH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;gBAC1C,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;gBACpC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;gBAC3B,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;oBACjC,MAAM,IAAI,GAAG,MAAO,CAAC,OAAO,EAAqB,CAAC;oBAClD,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC;oBAClB,OAAO,CAAC,KAAK,CAAC,CAAC;gBACjB,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI;YACF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;gBAC7B,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,EAAE,CAAC;oBACV,OAAO;gBACT,CAAC;gBACD,MAAM,CAAC,GAAG,MAAM,CAAC;gBACjB,MAAM,GAAG,IAAI,CAAC;gBACd,KAAK,GAAG,CAAC,CAAC;gBACV,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;YAC3B,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI;YACF,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/src/security/network-sandbox.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { type AuditCallback } from './network-proxy.js';
+export interface NetworkSandboxOptions {
+    /** Explicit domain allowlist. If omitted, read from VERBO.md on start(). */
+    allowedDomains?: string[];
+    onAuditEvent?: AuditCallback;
+}
+export interface NetworkSandbox {
+    /** Start the proxy. Reads allowed_domains from VERBO.md if projectDir given. */
+    start(projectDir?: string): Promise<number>;
+    stop(): Promise<void>;
+    /** Returns true if host is in the allowlist (wildcard-aware). */
+    isAllowed(host: string): boolean;
+    /** Returns HTTP_PROXY/HTTPS_PROXY env vars pointing at the running proxy. */
+    getProxyEnv(): Record<string, string>;
+}
+export declare function createNetworkSandbox(options?: NetworkSandboxOptions): NetworkSandbox;
+/** Parse `allowed_domains` from the `## Security` section of a VERBO.md string. */
+export declare function parseAllowedDomains(content: string): string[];
+//# sourceMappingURL=network-sandbox.d.ts.map

package/dist/src/security/network-sandbox.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"network-sandbox.d.ts","sourceRoot":"","sources":["../../../src/security/network-sandbox.ts"],"names":[],"mappings":"AAEA,OAAO,EAAyC,KAAK,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAI/F,MAAM,WAAW,qBAAqB;IACpC,4EAA4E;IAC5E,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B,YAAY,CAAC,EAAE,aAAa,CAAC;CAC9B;AAED,MAAM,WAAW,cAAc;IAC7B,gFAAgF;IAChF,KAAK,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC5C,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACtB,iEAAiE;IACjE,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;IACjC,6EAA6E;IAC7E,WAAW,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACvC;AAID,wBAAgB,oBAAoB,CAAC,OAAO,GAAE,qBAA0B,GAAG,cAAc,CA6DxF;AAWD,mFAAmF;AACnF,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE,CAsB7D"}

package/dist/src/security/network-sandbox.js ADDED Viewed

@@ -0,0 +1,100 @@
+import fs from 'fs';
+import path from 'path';
+import { createNetworkProxy } from './network-proxy.js';
+// ---- Factory ----
+export function createNetworkSandbox(options = {}) {
+    let proxy = null;
+    let _allowedDomains = options.allowedDomains ?? [];
+    function matchDomain(pattern, host) {
+        if (pattern === host)
+            return true;
+        // Wildcard prefix: *.example.com matches sub.example.com and example.com
+        if (pattern.startsWith('*.')) {
+            const suffix = pattern.slice(1); // '.example.com'
+            return host === suffix.slice(1) || host.endsWith(suffix);
+        }
+        return false;
+    }
+    function isAllowed(host) {
+        // Empty allowlist = sandbox enabled but nothing permitted — block all (default-deny)
+        if (_allowedDomains.length === 0)
+            return false;
+        for (const pattern of _allowedDomains) {
+            if (matchDomain(pattern, host))
+                return true;
+        }
+        return false;
+    }
+    return {
+        async start(projectDir) {
+            // Load allowed_domains from VERBO.md unless caller provided an explicit list
+            if (options.allowedDomains === undefined && projectDir) {
+                _allowedDomains = readAllowedDomains(projectDir);
+            }
+            proxy = createNetworkProxy({ isAllowed, onAuditEvent: options.onAuditEvent });
+            return proxy.start();
+        },
+        async stop() {
+            if (proxy) {
+                await proxy.stop();
+                proxy = null;
+            }
+        },
+        isAllowed,
+        getProxyEnv() {
+            if (!proxy)
+                return {};
+            const p = proxy.port();
+            const url = `http://127.0.0.1:${p}`;
+            return {
+                HTTP_PROXY: url,
+                HTTPS_PROXY: url,
+                http_proxy: url,
+                https_proxy: url,
+                // Never proxy loopback — keeps MCP server and approval server reachable
+                NO_PROXY: '127.0.0.1,localhost',
+                no_proxy: '127.0.0.1,localhost',
+            };
+        },
+    };
+}
+// ---- VERBO.md parsing helpers ----
+function readAllowedDomains(projectDir) {
+    const verboMdPath = path.join(projectDir, 'VERBO.md');
+    if (!fs.existsSync(verboMdPath))
+        return [];
+    const content = fs.readFileSync(verboMdPath, 'utf-8');
+    return parseAllowedDomains(content);
+}
+/** Parse `allowed_domains` from the `## Security` section of a VERBO.md string. */
+export function parseAllowedDomains(content) {
+    let inSecurity = false;
+    for (const line of content.split('\n')) {
+        const sectionMatch = line.match(/^## (.+)/);
+        if (sectionMatch) {
+            inSecurity = sectionMatch[1].trim().toLowerCase() === 'security';
+            continue;
+        }
+        if (!inSecurity)
+            continue;
+        const kvMatch = line.match(/^(\w[\w_]*)\s*:\s*(.+)/);
+        if (!kvMatch)
+            continue;
+        const [, key, value] = kvMatch;
+        if (key.trim() === 'allowed_domains') {
+            return parseArrayValue(value.trim());
+        }
+    }
+    return [];
+}
+function parseArrayValue(value) {
+    const trimmed = value.trim();
+    const inner = trimmed.startsWith('[') && trimmed.endsWith(']')
+        ? trimmed.slice(1, -1)
+        : trimmed;
+    return inner
+        .split(',')
+        .map((s) => s.trim().replace(/^['"]|['"]$/g, ''))
+        .filter(Boolean);
+}
+//# sourceMappingURL=network-sandbox.js.map

package/dist/src/security/network-sandbox.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"network-sandbox.js","sourceRoot":"","sources":["../../../src/security/network-sandbox.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,kBAAkB,EAAyC,MAAM,oBAAoB,CAAC;AAoB/F,oBAAoB;AAEpB,MAAM,UAAU,oBAAoB,CAAC,UAAiC,EAAE;IACtE,IAAI,KAAK,GAAwB,IAAI,CAAC;IACtC,IAAI,eAAe,GAAa,OAAO,CAAC,cAAc,IAAI,EAAE,CAAC;IAE7D,SAAS,WAAW,CAAC,OAAe,EAAE,IAAY;QAChD,IAAI,OAAO,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAElC,yEAAyE;QACzE,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,iBAAiB;YAClD,OAAO,IAAI,KAAK,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,SAAS,SAAS,CAAC,IAAY;QAC7B,qFAAqF;QACrF,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QAE/C,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;YACtC,IAAI,WAAW,CAAC,OAAO,EAAE,IAAI,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC9C,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,UAAmB;YAC7B,6EAA6E;YAC7E,IAAI,OAAO,CAAC,cAAc,KAAK,SAAS,IAAI,UAAU,EAAE,CAAC;gBACvD,eAAe,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACnD,CAAC;YAED,KAAK,GAAG,kBAAkB,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;YAC9E,OAAO,KAAK,CAAC,KAAK,EAAE,CAAC;QACvB,CAAC;QAED,KAAK,CAAC,IAAI;YACR,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;gBACnB,KAAK,GAAG,IAAI,CAAC;YACf,CAAC;QACH,CAAC;QAED,SAAS;QAET,WAAW;YACT,IAAI,CAAC,KAAK;gBAAE,OAAO,EAAE,CAAC;YACtB,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;YACvB,MAAM,GAAG,GAAG,oBAAoB,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,UAAU,EAAE,GAAG;gBACf,WAAW,EAAE,GAAG;gBAChB,UAAU,EAAE,GAAG;gBACf,WAAW,EAAE,GAAG;gBAChB,wEAAwE;gBACxE,QAAQ,EAAE,qBAAqB;gBAC/B,QAAQ,EAAE,qBAAqB;aAChC,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED,qCAAqC;AAErC,SAAS,kBAAkB,CAAC,UAAkB;IAC5C,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IACtD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC;QAAE,OAAO,EAAE,CAAC;IAC3C,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IACtD,OAAO,mBAAmB,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,mBAAmB,CAAC,OAAe;IACjD,IAAI,UAAU,GAAG,KAAK,CAAC;IAEvB,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC5C,IAAI,YAAY,EAAE,CAAC;YACjB,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,KAAK,UAAU,CAAC;YACjE,SAAS;QACX,CAAC;QAED,IAAI,CAAC,UAAU;YAAE,SAAS;QAE1B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;QACrD,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,MAAM,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,OAAO,CAAC;QAC/B,IAAI,GAAG,CAAC,IAAI,EAAE,KAAK,iBAAiB,EAAE,CAAC;YACrC,OAAO,eAAe,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,MAAM,KAAK,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAC5D,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACtB,CAAC,CAAC,OAAO,CAAC;IACZ,OAAO,KAAK;SACT,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;SAChD,MAAM,CAAC,OAAO,CAAC,CAAC;AACrB,CAAC"}

package/dist/src/security/sanitize.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Sanitise a string so it is safe to embed inside a double-quoted shell
+ * argument (e.g. `git commit -m "feat: <sanitised>"`).
+ *
+ * Uses an **allowlist** approach: only characters known to be harmless inside
+ * double-quoted strings are kept.  Everything else is stripped.
+ *
+ * Allowed characters: letters, digits, spaces, hyphens, underscores,
+ * brackets `[](){}`, dots, colons, hash, forward slashes, commas, and
+ * common accented Latin characters (for Portuguese/Spanish task titles).
+ */
+export declare function sanitizeForShell(raw: string): string;
+//# sourceMappingURL=sanitize.d.ts.map

package/dist/src/security/sanitize.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"sanitize.d.ts","sourceRoot":"","sources":["../../../src/security/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAMpD"}

package/dist/src/security/sanitize.js ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Sanitise a string so it is safe to embed inside a double-quoted shell
+ * argument (e.g. `git commit -m "feat: <sanitised>"`).
+ *
+ * Uses an **allowlist** approach: only characters known to be harmless inside
+ * double-quoted strings are kept.  Everything else is stripped.
+ *
+ * Allowed characters: letters, digits, spaces, hyphens, underscores,
+ * brackets `[](){}`, dots, colons, hash, forward slashes, commas, and
+ * common accented Latin characters (for Portuguese/Spanish task titles).
+ */
+export function sanitizeForShell(raw) {
+    // Allowlist: keep only safe characters
+    // eslint-disable-next-line no-control-regex
+    const cleaned = raw.replace(/[^a-zA-Z0-9 \-_\[\]().{}:#/,\u00C0-\u024F]/g, '');
+    // Collapse multiple spaces and trim
+    return cleaned.replace(/\s{2,}/g, ' ').trim();
+}
+//# sourceMappingURL=sanitize.js.map

package/dist/src/security/sanitize.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"sanitize.js","sourceRoot":"","sources":["../../../src/security/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAW;IAC1C,uCAAuC;IACvC,4CAA4C;IAC5C,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,6CAA6C,EAAE,EAAE,CAAC,CAAC;IAC/E,oCAAoC;IACpC,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;AAChD,CAAC"}

package/dist/src/security/secrets-patterns.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * Secrets pattern library — 54 RegExp patterns compiled at module load.
+ *
+ * Covers: AWS, GitHub, Stripe, private keys, .env, JWT, connection strings,
+ * Google/GCP, Azure, Slack, Twilio, email services, package registries,
+ * Supabase, hosting providers, and generic credential patterns.
+ *
+ * All patterns include the `g` flag. When reusing a pattern across multiple
+ * inputs, reset `pattern.lastIndex = 0` between calls, or use
+ * `String.prototype.match()` / `matchAll()` which reset it automatically.
+ */
+export type Severity = 'critical' | 'high' | 'medium' | 'low';
+export type Category = 'aws' | 'github' | 'stripe' | 'private-key' | 'dotenv' | 'jwt' | 'connection-string' | 'google' | 'azure' | 'slack' | 'twilio' | 'email' | 'registry' | 'supabase' | 'hosting' | 'generic';
+export interface SecretPattern {
+    id: string;
+    name: string;
+    category: Category;
+    /** Pre-compiled at module load. Includes `g` (and sometimes `i`/`m`) flags. */
+    pattern: RegExp;
+    severity: Severity;
+}
+export declare const SECRET_PATTERNS: readonly SecretPattern[];
+/** Total number of patterns — must equal 54. */
+export declare const PATTERN_COUNT: number;
+/** Patterns grouped by category, built once at module load. */
+export declare const PATTERNS_BY_CATEGORY: ReadonlyMap<Category, readonly SecretPattern[]>;
+/** Patterns grouped by severity, built once at module load. */
+export declare const PATTERNS_BY_SEVERITY: ReadonlyMap<Severity, readonly SecretPattern[]>;
+//# sourceMappingURL=secrets-patterns.d.ts.map

package/dist/src/security/secrets-patterns.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"secrets-patterns.d.ts","sourceRoot":"","sources":["../../../src/security/secrets-patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE9D,MAAM,MAAM,QAAQ,GAChB,KAAK,GACL,QAAQ,GACR,QAAQ,GACR,aAAa,GACb,QAAQ,GACR,KAAK,GACL,mBAAmB,GACnB,QAAQ,GACR,OAAO,GACP,OAAO,GACP,QAAQ,GACR,OAAO,GACP,UAAU,GACV,UAAU,GACV,SAAS,GACT,SAAS,CAAC;AAEd,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,QAAQ,CAAC;IACnB,+EAA+E;IAC/E,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,QAAQ,CAAC;CACpB;AAED,eAAO,MAAM,eAAe,EAAE,SAAS,aAAa,EAkbnD,CAAC;AAEF,gDAAgD;AAChD,eAAO,MAAM,aAAa,QAAyB,CAAC;AAEpD,+DAA+D;AAC/D,eAAO,MAAM,oBAAoB,EAAE,WAAW,CAAC,QAAQ,EAAE,SAAS,aAAa,EAAE,CAQ7E,CAAC;AAEL,+DAA+D;AAC/D,eAAO,MAAM,oBAAoB,EAAE,WAAW,CAAC,QAAQ,EAAE,SAAS,aAAa,EAAE,CAQ7E,CAAC"}