first commit

packages/marketplace/src/env.ts

@@ -0,0 +1,44 @@
+import type { VersionStatus } from "./db/types.js";
+
+export type AuditEnforcement = "none" | "flag" | "block";
+
+export function getAuditEnforcement(env: Env): AuditEnforcement {
+	const val = env.AUDIT_ENFORCEMENT;
+	if (val === "none" || val === "flag" || val === "block") return val;
+	return "flag";
+}
+
+/**
+ * Map (enforcement, codeVerdict, imageVerdict) → version status.
+ *
+ * Rules:
+ *   none  → always "published"
+ *   flag  → pass = "published", warn/fail = "flagged"
+ *   block → pass = "published", warn = "flagged", fail = "rejected"
+ *
+ * In block mode, only an explicit "pass" from both auditors results in
+ * auto-publishing.  A "warn" verdict (including from audit errors, which
+ * now return "fail") requires human review.  This prevents fail-open
+ * bypasses where a crafted input causes the auditor to error.
+ */
+export function resolveVersionStatus(
+	enforcement: AuditEnforcement,
+	codeVerdict: string | null,
+	imageVerdict: string | null,
+): VersionStatus {
+	if (enforcement === "none") return "published";
+
+	// Normalize: treat null/undefined as "pass" (no audit ran)
+	const code = codeVerdict ?? "pass";
+	const image = imageVerdict ?? "pass";
+
+	if (enforcement === "flag") {
+		if (code === "pass" && image === "pass") return "published";
+		return "flagged";
+	}
+
+	// enforcement === "block"
+	if (code === "fail" || image === "fail") return "rejected";
+	if (code === "warn" || image === "warn") return "flagged";
+	return "published";
+}