ktx/packages/cli/src/context/tools/action-target-connection.ts

import type { ToolSession } from './tool-session.js';

type ActionTargetConnectionValidation = { ok: true } | { ok: false; error: string };

export function validateActionTargetConnection(
  session: ToolSession | undefined,
  connectionId: string,
): ActionTargetConnectionValidation {
  const allowed = session?.allowedConnectionNames;
  if (!allowed) {
    return { ok: true };
  }
  if (allowed.has(connectionId)) {
    return { ok: true };
  }
  const allowedList = [...allowed].sort();
  return {
    ok: false,
    error: `connectionId "${connectionId}" is outside this ingest session's allowed target connections: ${
      allowedList.length > 0 ? allowedList.join(', ') : '(none)'
    }`,
  };
}
feat(ingest): default local ingest to isolated diffs (#128) * docs: add isolated-diff ingestion design * Refine isolated-diff ingestion design after adversarial review iteration 1 * Refine isolated-diff ingestion design after adversarial review iteration 2 * Refine isolated-diff ingestion design after adversarial review iteration 3 * feat: persist ingest trace events * feat: add isolated ingest patch helpers * feat: validate wiki body semantic references * feat: add final ingest artifact gates * feat: execute ingest work units in child worktrees * feat: integrate isolated work unit patches * feat: route selected ingest sources through isolated diffs * test: cover isolated diff ingestion regressions * feat: add isolated diff ingestion v1 core * docs: document ingest trace inspection * docs: add isolated diff ingestion v1 core plan * fix(ingest): tighten final artifact gates * fix(ingest): gate isolated final integration tree * fix(ingest): persist postmortem failure traces * fix(ingest): trace policy conflicts and cleanup child worktrees * test(ingest): verify isolated diff postmortem coverage * docs: add isolated diff ingestion gates and trace closure plan * fix(ingest): gate provenance before isolated diff squash * docs: add isolated diff ingestion provenance gate closure plan * fix(ingest): gate final wiki references * fix(ingest): enforce SL target connection scope * fix(ingest): trace isolated SL target policy gates * test(ingest): cover isolated diff reference and target gates * chore(ingest): verify isolated diff gate closure * docs: add isolated diff ingestion reference and target gate closure plan * fix(ingest): gate global wiki references * docs: add isolated diff ingestion global wiki reference gate closure plan * fix(ingest): validate scan sources and wiki refs * test(ingest): cover isolated diff textual conflict resolver * test(ingest): cover isolated diff resolver integration * feat(ingest): repair isolated diff textual conflicts * feat(ingest): report isolated diff resolver outcomes * test(ingest): verify isolated diff textual conflict repair * test(ingest): align textual conflict failure coverage * docs: add isolated diff textual conflict resolver plan * test(ingest): cover isolated diff gate repair * feat(ingest): add isolated diff gate repair agent * feat(ingest): repair isolated diff semantic gate failures * feat(ingest): wire isolated diff gate repair * test(ingest): verify isolated diff final gate repair * chore(ingest): verify isolated diff gate repair * docs: add isolated diff gate repair plan * Improve ingest progress updates * feat(ingest): route direct-write connectors through isolated diffs * test(ingest): cover non-metabase isolated diff routing * feat(ingest): project metricflow semantic models before work units * test(ingest): verify metricflow isolated projection path * chore(ingest): verify isolated diff connector migration * docs: add isolated diff connector migration plan * feat(ingest): make isolated diff routing the private default * feat(ingest): promote isolated diff to default runner path * feat(ingest): default local ingest to isolated diffs * chore(ingest): remove isolated diff allowlist references * fix(ingest): preserve transient evidence for isolated work units * docs: add isolated diff default promotion plan * refactor(ingest): remove shared worktree WorkUnit path * docs(ingest): align WorkUnit prompts with isolated diffs * test(ingest): drop unused runner import * docs: add isolated diff shared worktree removal plan * docs: add isolated diff gate repair classification plan * fix: restrict claude-code mcp servers * docs: align ingest trace guidance with public CLI --------- Co-authored-by: Andrey Avtomonov <7889985+andreybavt@users.noreply.github.com> 2026-05-18 13:38:06 +02:00			`import type { ToolSession } from './tool-session.js';`

			`type ActionTargetConnectionValidation = { ok: true } \| { ok: false; error: string };`

			`export function validateActionTargetConnection(`
			`session: ToolSession \| undefined,`
			`connectionId: string,`
			`): ActionTargetConnectionValidation {`
			`const allowed = session?.allowedConnectionNames;`
			`if (!allowed) {`
			`return { ok: true };`
			`}`
			`if (allowed.has(connectionId)) {`
			`return { ok: true };`
			`}`
			`const allowedList = [...allowed].sort();`
			`return {`
			`ok: false,`
			error: `connectionId "${connectionId}" is outside this ingest session's allowed target connections: ${
			`allowedList.length > 0 ? allowedList.join(', ') : '(none)'`
			}`,
			`};`
			`}`