/** * Shared CLI execution observation pipeline. * * Both `peac observe command` (unsigned JSON emission) and `peac * record command` (Wire 0.2 JWS signing) reuse the same capture + * build + validate pipeline so a record produced by one is * indistinguishable from a record produced by the other (modulo the * outer signing envelope). This module is the single source of truth * for that shared behavior. * * Public surface intentionally narrow: * - resolveProgramPath(token, childEnv) -- childEnv-aware PATH lookup * - preflightOutputWritable(output) -- writability check before spawn * - runObservationCore(opts, ...) -- capture + build + validate * * The pipeline is an OBSERVER, not a sandbox / permission system / * shell orchestrator / process supervisor / job scheduler. */ import { type CliExecutionObservation } from '@peac/schema'; import { type CaptureResult } from './capture.js'; import { preflightOutputWritable as neutralPreflightOutputWritable } from './output-preflight.js'; import { type ArgvMode, type CwdMode, type BinaryPathMode, type EnvMode, type StdinMode, type ExitCodeMode, type ExecutionMode } from './observation-builder.js'; /** Capture-pipeline options shared by both subcommands. */ export interface CoreObservationOptions { captureMode: ArgvMode; unsafeAllowRawCapture: boolean; captureStdinMode: StdinMode; captureStdoutBytes: number; captureStderrBytes: number; captureArgvBytes: number; envAllow: string[]; envMode: EnvMode; unsafeAllowRawEnv: boolean; captureCwdMode: CwdMode; captureBinaryPath: BinaryPathMode; secretScan: boolean; unsafeDisableSecretScan: boolean; policyDigest?: string; configDigest?: string; approvalRef?: string; executionMode: ExecutionMode; shellMode: boolean; timeoutMs: number; killGraceMs: number; exitCodeMode: ExitCodeMode; } export interface CoreObservationIO { /** Environment passed to the spawned child (what the child RECEIVES). */ childEnv: NodeJS.ProcessEnv; /** Environment inspected by --env-allow for record entries. */ captureEnv: NodeJS.ProcessEnv; cwd: string; peacCliVersion: string; } export type CoreObservationResult = { ok: true; observation: CliExecutionObservation; capture: CaptureResult; } | { ok: false; code: string; message: string; }; /** * Resolve a program token to its absolute path. Resolution honors the * supplied `childEnv` ONLY (the environment that will be passed to * spawn). The ambient `process.env` is not consulted: callers must * pass `childEnv` explicitly so the execution-environment source is * auditable at the call site. When no executable is found in * `childEnv.PATH`, returns the token unchanged so spawn surfaces a * clear ENOENT error. */ export declare function resolveProgramPath(token: string, childEnv: NodeJS.ProcessEnv): string; /** * Re-export of the neutral output-path preflight from * `lib/output-preflight.ts`. Kept here so PR 2 callers * (`observe command`, `record command`) and any future callers that * already import this name from this module continue to work. */ export declare const preflightOutputWritable: typeof neutralPreflightOutputWritable; /** * Run the shared capture + build + validate pipeline. * * Returns `{ ok: true, observation, capture }` when all stages succeed * (observation is the schema-validated record; capture carries the * child's exit info for downstream exit-code-mode handling). * Returns `{ ok: false, code, message }` for any structured failure. * * Stages: * 1. resolveProgramPath(programToken, childEnv) * 2. captureCommand(...) (raises CliSpawnFailedError) * 3. buildObservation(...) (raises CliObservationBuilderError) * 4. CliExecutionSchema.safeParse(observation) */ export declare function runObservationCore(opts: CoreObservationOptions, programToken: string, args: string[], io: CoreObservationIO): Promise; //# sourceMappingURL=observation-pipeline.d.ts.map