UNPKG

@capgo/cli

Version:

A CLI to upload to capgo servers

github.com/Cap-go/capgo/tree/main/cli

Cap-go/capgo

93 lines (92 loc) 4.54 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
import type { AndroidOnboardingStep } from '../android/types.js'; import type { OnboardingStep } from '../types.js'; /** state → the set of input fields that legitimately answer it (in order). */ export declare const STEP_ALLOWED_FIELDS: Partial<Record<AndroidOnboardingStep, string[]>>; /** The set of all android input keys we govern (for the extras check). */ export declare const ANDROID_INPUT_KEYS: string[]; /** * Validate an incoming next_step input against the step it answers. * * Returns { ok:true } when the input carries EXACTLY ONE of the step's allowed * fields and no other governed android key. Otherwise { ok:false } with the * allowed fields + the offending extra keys for a corrective message. * * Inputs with NO governed android key always pass (plain continue / other * vocabularies). Steps with no allowed-field entry FAIL CLOSED for governed * keys (hostile-review 2026-06-12): an android field sent at an auto step, at * the google-sign-in park, or before the android flow has rendered its first * step ('welcome', i.e. null progress) is never a legitimate answer — letting * it through allowed jumping the keystore phase past the credentials-exist * data-safety gate (which is seeded only when the flow renders * keystore-method-select). * * @param currentStep the resume step the user is currently on * @param input the next_step input object */ export declare function validateStepInput(currentStep: AndroidOnboardingStep, input: Record<string, unknown>): { ok: boolean; allowedFields?: string[]; extras: string[]; }; /** * Content validation for the keystore store-password steps, mirroring the ink * TUI onSubmit guards in app.tsx so the stateless MCP path enforces the SAME * rule before a value is persisted (and before it can reach keystore-generating): * * - keystore-new-store-password → reject < 6 chars (app.tsx:2575, * 'Password must be at least 6 characters') * - keystore-existing-store-password → reject empty (app.tsx:2455, * 'Store password cannot be empty') * * Returns { ok:true } when the value passes (or the step is not a store-password * step). On failure returns { ok:false, message } with the exact main wording so * the gate can re-render the current step with a corrective summary and persist * nothing. * * @param currentStep the resume step the user is currently on * @param storePassword the supplied keystoreStorePassword (or undefined/null) */ export declare function validateStorePassword(currentStep: AndroidOnboardingStep, storePassword: string | undefined | null): { ok: boolean; message?: string; }; /** The set of all iOS input keys the MCP governs (for the extras check). */ export declare const IOS_INPUT_KEYS: string[]; /** * Validate incoming iOS next_step input against the step it answers. * * Returns { ok:true } when the input is a legitimate answer for `currentStep` * (see the vocabulary rules above). Otherwise { ok:false, message } with a * corrective instruction for the agent. Inputs with NO governed iOS key always * pass — the android gate (and the rest of drive()) owns those. * * @param currentStep the iOS step the user is currently on (the session-parked * recovery step when one is parked, else the resume step — see * engine.ts effectiveIosStep) * @param input the next_step input object */ export declare function validateIosStepInput(currentStep: OnboardingStep, input: Record<string, unknown>): { ok: boolean; message?: string; }; /** The tail family answer fields (one per step family; envExportPath is the ask-export-env companion). */ export declare const TAIL_FAMILY_FIELDS: readonly ["ciSecretAction", "githubActionsSetup", "exportEnvAction", "packageManager", "buildScript", "buildScriptCustom", "workflowFileAction"]; /** Every tail input key the MCP governs (for presence/extras checks). */ export declare const TAIL_INPUT_KEYS: string[]; /** * Validate an incoming tail next_step input against the step it answers. * * @param currentStep the EFFECTIVE tail step (the session-parked step when one * is parked, else the platform resume step — see engine.ts) * @param input the next_step input object * @param ctx optional parked inventories for the dynamic vocabularies */ export declare function validateTailStepInput(currentStep: string, input: Record<string, unknown>, ctx?: { ciSecretTargets?: { provider: string; }[]; availableScripts?: Record<string, string>; }): { ok: boolean; message?: string; };