feat: extract pipeline core for library consumption (#282)

* feat: extract pipeline core for library consumption * fix: chmod workspace directory for container write access * fix: resolve playwright output dir relative to deliverables parent * feat: add multi-provider LLM support via ProviderConfig * fix: resolve model overrides via options.model, remove unused model env passthrough * fix: use ANTHROPIC_AUTH_TOKEN for custom base URL and router auth * fix: skip env-based credential validation when providerConfig is present * fix: support large UID/GID values for AD/LDAP users in container
2026-04-10 04:53:36 +05:30
parent f6fd1edad6
commit 1f6dfd7e17
32 changed files with 616 additions and 106 deletions
@@ -0,0 +1,26 @@
+/**
+ * FindingsProvider — injectable interface for external findings integration.
+ *
+ * Allows external security data (SAST, SCA, secrets, etc.) to be merged
+ * into the exploitation pipeline between vulnerability analysis and exploitation.
+ *
+ * Default: no-op returning { mergedCount: 0 }.
+ */
+
+import type { ActivityInput } from '../temporal/activities.js';
+import type { VulnType } from '../types/agents.js';
+
+export interface FindingsProvider {
+  mergeFindingsIntoQueue(
+    repoPath: string,
+    vulnType: VulnType,
+    input: ActivityInput,
+  ): Promise<{ mergedCount: number }>;
+}
+
+/** Default no-op implementation — no external findings to merge. */
+export class NoOpFindingsProvider implements FindingsProvider {
+  async mergeFindingsIntoQueue(): Promise<{ mergedCount: number }> {
+    return { mergedCount: 0 };
+  }
+}