feat: import bash-parser, docker-parser, nginx-parser from safegres#80
Merged
pyramation merged 19 commits intomainfrom Apr 27, 2026
Merged
feat: import bash-parser, docker-parser, nginx-parser from safegres#80pyramation merged 19 commits intomainfrom
pyramation merged 19 commits intomainfrom
Conversation
…arsing - Create docker-parser package with full Dockerfile parsing/deparsing - Create bash-parser package with bash/shell command parsing/deparsing - Implement heterogeneous parsing: RUN instructions include nested Bash AST - Add comprehensive test suites with round-trip testing - Add fixtures for both Dockerfile and bash scripts - Remove pgpm configuration, convert to pnpm-only workspace - Add ESLint v9 flat config for linting
- Rename workflow from 'pgpm tests' to 'CI' - Update matrix to use bash-parser and docker-parser packages - Remove pgpm-specific steps (no longer needed for pnpm-only workspace) - Add lint step to CI pipeline
…sh-parsers feat: add docker-parser and bash-parser packages with heterogeneous parsing
Phase 1: policy-engine package - Core types: Decision, PolicyModule, PolicyContext, PolicyData, Obligation - PolicyHelpers: all, any, none, count, find, match (exact/iexact/prefix/suffix/glob/regex), get, defined, empty, includes - Evaluator: evaluatePolicy, evaluatePolicies with deny-overrides strategy - Validator: validateModule, validateContext, validateData - 85 tests passing Phase 2: nginx-parser package - Lexer: tokenizes nginx.conf files (structural tokens, quoted strings, variables, comments) - Parser: recursive descent parser for all nginx constructs (server, location, upstream, map, if, http, events, stream, types, limit_except) - Deparser: AST to nginx.conf string conversion with proper indentation - cleanTree utility for round-trip testing - 53 tests passing Also includes: - POLICY_ENGINE_PLAN.md with full implementation plan - nginx fixtures for testing
feat: add policy-engine and nginx-parser packages
- Add SAFEGRES_PLAN.md with comprehensive unified security system design - Update all packages to All Rights Reserved, Interweb, Inc. license - Set all packages to publishConfig restricted to prevent accidental publishing - Create LICENSE file with proprietary license text The safegres plan combines: - PolicyEngine types (Decision, PolicyModule, Obligation) - RLS AST node types from constructive-db (DirectOwner, Membership, etc.) - Unified condition system for postgres, ingress, and egress layers
…plan feat: add safegres plan and update licenses to All Rights Reserved
Implements Phase 1 of the safegres plan - core unified types and helpers: Types: - Condition types: DirectOwner, DirectOwnerAny, Membership, MembershipByField, MembershipByJoin, OrgHierarchy, Temporal, Publishable, PathMatch, HostMatch, DestinationMatch, FieldEquals, FieldIn, BoolExpr, AllOf, AnyOf, Not, True, False - Obligation types: log, mask (shared), rowFilter, columnMask, audit (postgres), setHeader, rateLimit, rewrite, route, cache, cors (ingress), allowDestination, denyDestination, proxyThrough (egress) - Policy types: SafegresPolicy, SafegresRule, SafegresTarget, SecurityLayer - Context types: SafegresContext, SafegresRequest, SafegresIdentity, SafegresData Helpers: - Match: exact, iexact, prefix, suffix, contains, glob, regex - Quantifiers: all, any, none, count, find, filter, map, first, last - Access: get, defined, empty, includes, truthy, falsy, equals, coalesce - Condition builders: directOwner, membership, membershipByField, orgHierarchy, temporal, publishable, pathMatch, hostMatch, allOf, anyOf, not, always, never Tests: 125 passing tests covering all types, helpers, and policy validation
…package Devin/1767985858 safegres package
- Rename project from dockerjs to Safegres - Add architecture overview diagram showing policy definition, engine, and compilers - Add security flow diagram showing ingress, database, and egress layers - Add condition types diagram showing identity, temporal, resource, and composition - Update packages table to include safegres and policy-engine - Add quick example showing policy definition with TypeScript - Add design principles and roadmap sections - Update license to All Rights Reserved, Interweb, Inc.
- Add centered logo image and CI badge to all package READMEs - Updated packages: safegres, policy-engine, docker-parser, bash-parser, nginx-parser
- Keep mermaid diagrams and architecture content from feature branch - Use new safegres brand image URL from main branch - Update all package READMEs with safegres brand image
…package Devin/1767985858 safegres package
…safegres (with history)
…, MIT license, CI matrix)
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Imports three parser packages from
constructive-io/safegresintodev-utilswith git history preserved (using thegit merge --allow-unrelated-histories+git read-treepattern).Packages added
bash-parserdocker-parserbash-parserviaworkspace:*)nginx-parserConventions aligned to dev-utils standard
package.json:homepage/repository/bugs→constructive-io/dev-utils,license→MIT,publishConfig.access→public,build→makage build,clean→makage clean,lint→eslint . --fix,makage→0.1.10tsconfig.json/tsconfig.esm.json: matched existing dev-utils patterns (rootDir: "src/",module: "es2022"for ESM,declaration: falsefor ESM)jest.config.js: aligned with dev-utils style (explicittransform,modulePathIgnorePatterns).github/workflows/ci.ymlOrigin
These packages previously lived in
constructive-io/safegres(originallydockerjs). The security-related packages (safegres,policy-engine,safegres-audit) remain in that repo for now.Review & Testing Checklist for Human
pnpm install && pnpm buildsucceeds at rootcd packages/bash-parser && pnpm testpasses (58 tests)cd packages/docker-parser && pnpm testpasses (78 tests) — this package depends onbash-parserviaworkspace:*cd packages/nginx-parser && pnpm testpasses (53 tests)Notes
docker-parser/scripts/generate-fixtures.tsreferences a__fixtures__/dockerpath from the old repo. It's a dev utility script, not part of build/test — tests use inline data. Can be updated or removed in a follow-up.pnpm-lock.yamldiff is large due to the new workspace packages being resolved.Link to Devin session: https://app.devin.ai/sessions/b11501fe09fd4a5b90d91b629c0ca4f4
Requested by: @pyramation