@aicqtools/guardrail 1.0.0-alpha.10

package/dist/rules-default/separate-refund-permission.js

@@ -0,0 +1,33 @@
+import { defineRule } from '@aicqtools/rule-sdk';
+/**
+ * Refund operations are highly privileged — separation of duties requires
+ * a permission check before invoking any refund logic. Detect functions
+ * named `refund*` whose body lacks a permission/role check.
+ */
+const REFUND_NAME = /^(refund|cancelRefund|issueRefund|refund\w*)$/;
+const PERMISSION_CHECK = /\b(req\.user\.role|hasPermission|checkPermission|isAdmin|requireRole|allowedRoles|authGuard|RBAC|canRefund|verifyPermission)\b/i;
+function check(node, ctx) {
+    const name = node.childForFieldName('name');
+    if (!name)
+        return;
+    const fnName = ctx.textOf(name);
+    if (!REFUND_NAME.test(fnName))
+        return;
+    const text = ctx.textOf(node);
+    if (PERMISSION_CHECK.test(text))
+        return;
+    ctx.report({ node });
+}
+export default defineRule({
+    id: 'separate-refund-permission',
+    language: ['typescript', 'tsx'],
+    severity: 'error',
+    message: 'Refund function lacks a permission/role check (PCI DSS § 7.2 — restrict access by business need-to-know; separation of duties).',
+    messageKo: '환불 함수에 권한 체크가 없습니다 (PCI DSS § 7.2 — 업무 필요에 따른 접근 제한; 직무 분리 원칙).',
+    docs: 'https://github.com/aicqtools/aicqtools/blob/main/docs/rules/separate-refund-permission.md',
+    visitors: {
+        function_declaration: check,
+        method_definition: check,
+    },
+});
+//# sourceMappingURL=separate-refund-permission.js.map

package/dist/rules-default/separate-refund-permission.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"separate-refund-permission.js","sourceRoot":"","sources":["../../src/rules-default/separate-refund-permission.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD;;;;GAIG;AACH,MAAM,WAAW,GAAG,+CAA+C,CAAC;AACpE,MAAM,gBAAgB,GAAG,iIAAiI,CAAC;AAE3J,SAAS,KAAK,CAAC,IAAuB,EAAE,GAAgB;IACtD,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAC5C,IAAI,CAAC,IAAI;QAAE,OAAO;IAClB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC;QAAE,OAAO;IACtC,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC9B,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO;IACxC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;AACvB,CAAC;AAED,eAAe,UAAU,CAAC;IACxB,EAAE,EAAE,4BAA4B;IAChC,QAAQ,EAAE,CAAC,YAAY,EAAE,KAAK,CAAC;IAC/B,QAAQ,EAAE,OAAO;IACjB,OAAO,EAAE,iIAAiI;IAC1I,SAAS,EAAE,iEAAiE;IAC5E,IAAI,EAAE,2FAA2F;IACjG,QAAQ,EAAE;QACR,oBAAoB,EAAE,KAAK;QAC3B,iBAAiB,EAAE,KAAK;KACzB;CACF,CAAC,CAAC"}

package/dist/rules-default/track-ai-model-version.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@aicqtools/rule-sdk").FunctionRule;
+export default _default;
+//# sourceMappingURL=track-ai-model-version.d.ts.map

package/dist/rules-default/track-ai-model-version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"track-ai-model-version.d.ts","sourceRoot":"","sources":["../../src/rules-default/track-ai-model-version.ts"],"names":[],"mappings":";AAeA,wBAoBG"}

package/dist/rules-default/track-ai-model-version.js

@@ -0,0 +1,37 @@
+import { defineRule } from '@aicqtools/rule-sdk';
+/**
+ * FSC AI guideline: AI inference calls must specify the model name explicitly
+ * so audits can trace which model produced a given decision. Detect calls to
+ * `openai.chat.completions.create()` / `anthropic.messages.create()` whose
+ * argument object lacks a `model:` property.
+ *
+ * Limitation: false negatives when the options object is built elsewhere and
+ * passed in as a variable.
+ */
+const TARGET_FN = /\b(openai\.chat\.completions\.create|anthropic\.messages\.create|openai\.completions\.create)$/;
+export default defineRule({
+    id: 'track-ai-model-version',
+    language: ['typescript', 'tsx'],
+    severity: 'warning',
+    message: 'AI inference call missing explicit `model:` parameter (FSC AI guideline — model governance).',
+    messageKo: 'AI 추론 호출에 `model:` 파라미터가 명시되지 않았습니다 (금감원 AI 가이드라인 — 모델 거버넌스).',
+    docs: 'https://github.com/aicqtools/aicqtools/blob/main/docs/rules/track-ai-model-version.md',
+    visitors: {
+        call_expression(node, ctx) {
+            const fnNode = node.childForFieldName('function');
+            if (!fnNode)
+                return;
+            const fnText = ctx.textOf(fnNode);
+            if (!TARGET_FN.test(fnText))
+                return;
+            const args = node.childForFieldName('arguments');
+            if (!args)
+                return;
+            const argsText = ctx.textOf(args);
+            if (/\bmodel\s*:/.test(argsText))
+                return;
+            ctx.report({ node });
+        },
+    },
+});
+//# sourceMappingURL=track-ai-model-version.js.map

package/dist/rules-default/track-ai-model-version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"track-ai-model-version.js","sourceRoot":"","sources":["../../src/rules-default/track-ai-model-version.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD;;;;;;;;GAQG;AACH,MAAM,SAAS,GAAG,gGAAgG,CAAC;AAEnH,eAAe,UAAU,CAAC;IACxB,EAAE,EAAE,wBAAwB;IAC5B,QAAQ,EAAE,CAAC,YAAY,EAAE,KAAK,CAAC;IAC/B,QAAQ,EAAE,SAAS;IACnB,OAAO,EAAE,8FAA8F;IACvG,SAAS,EAAE,+DAA+D;IAC1E,IAAI,EAAE,uFAAuF;IAC7F,QAAQ,EAAE;QACR,eAAe,CAAC,IAAuB,EAAE,GAAgB;YACvD,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;YAClD,IAAI,CAAC,MAAM;gBAAE,OAAO;YACpB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAClC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC;gBAAE,OAAO;YACpC,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;YACjD,IAAI,CAAC,IAAI;gBAAE,OAAO;YAClB,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,OAAO;YACzC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QACvB,CAAC;KACF;CACF,CAAC,CAAC"}

package/dist/rules-default/type-hint-required-public.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Public functions (not starting with `_`) should have a return type annotation.
+ * Helps catch type errors and serves as inline documentation.
+ *
+ * Heuristic: looks for `-> Type:` after parameter list. False positives possible
+ * for functions that genuinely have no useful return type, but that's rare.
+ */
+declare const _default: import("@aicqtools/rule-sdk").FunctionRule;
+export default _default;
+//# sourceMappingURL=type-hint-required-public.d.ts.map

package/dist/rules-default/type-hint-required-public.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"type-hint-required-public.d.ts","sourceRoot":"","sources":["../../src/rules-default/type-hint-required-public.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;;AACH,wBAgBG"}

package/dist/rules-default/type-hint-required-public.js

@@ -0,0 +1,29 @@
+import { defineRule } from '@aicqtools/rule-sdk';
+/**
+ * Public functions (not starting with `_`) should have a return type annotation.
+ * Helps catch type errors and serves as inline documentation.
+ *
+ * Heuristic: looks for `-> Type:` after parameter list. False positives possible
+ * for functions that genuinely have no useful return type, but that's rare.
+ */
+export default defineRule({
+    id: 'type-hint-required-public',
+    language: 'python',
+    severity: 'info',
+    message: 'Public function is missing a return type annotation (`-> Type:`).',
+    messageKo: 'public 함수에 반환 타입 어노테이션 누락 (`-> Type:`).',
+    visitors: {
+        function_definition(node, ctx) {
+            const name = node.childForFieldName('name');
+            if (!name)
+                return;
+            const nameText = ctx.textOf(name);
+            if (nameText.startsWith('_'))
+                return;
+            const returnType = node.childForFieldName('return_type');
+            if (!returnType)
+                ctx.report({ node: name });
+        },
+    },
+});
+//# sourceMappingURL=type-hint-required-public.js.map

package/dist/rules-default/type-hint-required-public.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"type-hint-required-public.js","sourceRoot":"","sources":["../../src/rules-default/type-hint-required-public.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD;;;;;;GAMG;AACH,eAAe,UAAU,CAAC;IACxB,EAAE,EAAE,2BAA2B;IAC/B,QAAQ,EAAE,QAAQ;IAClB,QAAQ,EAAE,MAAM;IAChB,OAAO,EAAE,mEAAmE;IAC5E,SAAS,EAAE,yCAAyC;IACpD,QAAQ,EAAE;QACR,mBAAmB,CAAC,IAAI,EAAE,GAAG;YAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,CAAC,IAAI;gBAAE,OAAO;YAClB,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,OAAO;YACrC,MAAM,UAAU,GAAG,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC;YACzD,IAAI,CAAC,UAAU;gBAAE,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;KACF;CACF,CAAC,CAAC"}

package/dist/rules-default/verify-pg-response.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@aicqtools/rule-sdk").FunctionRule;
+export default _default;
+//# sourceMappingURL=verify-pg-response.d.ts.map

package/dist/rules-default/verify-pg-response.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-pg-response.d.ts","sourceRoot":"","sources":["../../src/rules-default/verify-pg-response.ts"],"names":[],"mappings":";AA0BA,wBAYG"}

package/dist/rules-default/verify-pg-response.js

@@ -0,0 +1,37 @@
+import { defineRule } from '@aicqtools/rule-sdk';
+/**
+ * PCI DSS / payment-domain best practice: external PG (payment gateway)
+ * responses must be verified (signature/hash/checksum) before being
+ * trusted for downstream state changes.
+ *
+ * Heuristic: function bodies that contain a PG-domain HTTP call
+ * (`/payments`, `/pay`, `pg.`) and proceed without invoking
+ * `signature` / `hash` / `checksum` / `verify`.
+ *
+ * Limitation: false negatives if verification is delegated to a wrapper
+ * function. Severity is `warning` to limit noise.
+ */
+const PG_CALL = /\b(axios|fetch|got|http\.(get|post)|httpClient)\b.*\b(payments?|pg|inicis|toss|kakao|naver)\b/i;
+const VERIFICATION = /\b(signature|hash|checksum|verify|hmac|hmacSha)\b/i;
+function check(node, ctx) {
+    const text = ctx.textOf(node);
+    if (!PG_CALL.test(text))
+        return;
+    if (VERIFICATION.test(text))
+        return;
+    ctx.report({ node });
+}
+export default defineRule({
+    id: 'verify-pg-response',
+    language: ['typescript', 'tsx'],
+    severity: 'warning',
+    message: 'Payment gateway response is consumed without signature/hash verification (PCI DSS § 6.2.4 — input validation; payment-domain best practice).',
+    messageKo: '결제 게이트웨이 응답을 서명/해시 검증 없이 사용합니다 (PCI DSS § 6.2.4 — 입력 검증; 결제 도메인 권장 사항).',
+    docs: 'https://github.com/aicqtools/aicqtools/blob/main/docs/rules/verify-pg-response.md',
+    visitors: {
+        function_declaration: check,
+        arrow_function: check,
+        method_definition: check,
+    },
+});
+//# sourceMappingURL=verify-pg-response.js.map

package/dist/rules-default/verify-pg-response.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-pg-response.js","sourceRoot":"","sources":["../../src/rules-default/verify-pg-response.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD;;;;;;;;;;;GAWG;AACH,MAAM,OAAO,GAAG,gGAAgG,CAAC;AACjH,MAAM,YAAY,GAAG,oDAAoD,CAAC;AAE1E,SAAS,KAAK,CAAC,IAAuB,EAAE,GAAgB;IACtD,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC9B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO;IAChC,IAAI,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO;IACpC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;AACvB,CAAC;AAED,eAAe,UAAU,CAAC;IACxB,EAAE,EAAE,oBAAoB;IACxB,QAAQ,EAAE,CAAC,YAAY,EAAE,KAAK,CAAC;IAC/B,QAAQ,EAAE,SAAS;IACnB,OAAO,EAAE,8IAA8I;IACvJ,SAAS,EAAE,yEAAyE;IACpF,IAAI,EAAE,mFAAmF;IACzF,QAAQ,EAAE;QACR,oBAAoB,EAAE,KAAK;QAC3B,cAAc,EAAE,KAAK;QACrB,iBAAiB,EAAE,KAAK;KACzB;CACF,CAAC,CAAC"}

package/dist/rules-default/won-format-thousands.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@aicqtools/rule-sdk").FunctionRule;
+export default _default;
+//# sourceMappingURL=won-format-thousands.d.ts.map

package/dist/rules-default/won-format-thousands.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"won-format-thousands.d.ts","sourceRoot":"","sources":["../../src/rules-default/won-format-thousands.ts"],"names":[],"mappings":";AAWA,wBAYG"}

package/dist/rules-default/won-format-thousands.js

@@ -0,0 +1,24 @@
+import { defineRule } from '@aicqtools/rule-sdk';
+/**
+ * Detect string literals like `"5000원"` or `"50000원"` (≥4 digits) without a thousands
+ * separator. UX best practice in Korea: always show ₩ amounts as `5,000원`.
+ *
+ * Known limitation: doesn't catch programmatically-formatted amounts (template literals
+ * with computed values are intentionally skipped to avoid false positives).
+ */
+const WON_NUMBER_PATTERN = /["'`](\d{4,})원["'`]/;
+export default defineRule({
+    id: 'won-format-thousands',
+    language: ['typescript', 'javascript', 'tsx'],
+    severity: 'info',
+    message: 'Won amount should use thousands separator: `5,000원` instead of `5000원`.',
+    messageKo: '원화 금액은 천단위 콤마 권장: `5000원` → `5,000원`.',
+    visitors: {
+        string(node, ctx) {
+            const text = ctx.textOf(node);
+            if (WON_NUMBER_PATTERN.test(text))
+                ctx.report({ node });
+        },
+    },
+});
+//# sourceMappingURL=won-format-thousands.js.map

package/dist/rules-default/won-format-thousands.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"won-format-thousands.js","sourceRoot":"","sources":["../../src/rules-default/won-format-thousands.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD;;;;;;GAMG;AACH,MAAM,kBAAkB,GAAG,qBAAqB,CAAC;AAEjD,eAAe,UAAU,CAAC;IACxB,EAAE,EAAE,sBAAsB;IAC1B,QAAQ,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,KAAK,CAAC;IAC7C,QAAQ,EAAE,MAAM;IAChB,OAAO,EAAE,yEAAyE;IAClF,SAAS,EAAE,uCAAuC;IAClD,QAAQ,EAAE;QACR,MAAM,CAAC,IAAI,EAAE,GAAG;YACd,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC9B,IAAI,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,CAAC;KACF;CACF,CAAC,CAAC"}

package/dist/runner/apply-rule-config.d.ts

@@ -0,0 +1,69 @@
+import type { RuleOverride } from '@aicqtools/core';
+import type { Rule } from '@aicqtools/rule-sdk';
+/**
+ * Resolution of `config.modules.guardrail.rules` (the `{ ruleId: 'off' | 'warn' | 'error' }` map)
+ * against the loaded rule set. Filters out `off`'d rules, overrides severity for `warn`/`error`
+ * entries, and reports unknown rule ids back to the caller so the CLI can warn the user once.
+ */
+export interface ApplyRuleConfigResult {
+    readonly rules: readonly Rule[];
+    /** rule ids that appeared in the config map but matched no loaded rule */
+    readonly unknownIds: readonly string[];
+}
+type RuleLevel = 'off' | 'warn' | 'error';
+/**
+ * Apply the user-supplied `rules:` map to a loaded rule list.
+ *
+ * - `off`        → drop the rule from the returned list
+ * - `warn`/`error` → return a copy of the rule with `severity` overridden
+ * - missing entry → rule passes through unchanged
+ *
+ * Map keys that don't correspond to any loaded rule are collected in `unknownIds`. The function
+ * never throws; an invalid level value (should already be rejected by zod) is treated as "no
+ * override" rather than crashing the run.
+ */
+export declare function applyRuleConfig(rules: readonly Rule[], cfgMap: Readonly<Record<string, RuleLevel>> | undefined): ApplyRuleConfigResult;
+/**
+ * Auto-anchor a single `overrides.paths` glob (alpha.10).
+ *
+ * `fast-glob` returns absolute file paths, so a user-written `scripts/**` would silently never
+ * match. We prepend `**\/` unless the glob already carries an anchor token, mirroring the
+ * ESLint mental model where `paths: ['scripts/**']` means "any `scripts/` in the project":
+ *
+ * - leading `**` (with or without `/`) — already anchored, leave alone
+ * - leading `/` — Unix absolute path, user opted out of auto-anchor
+ * - leading `<letter>:/` — Windows drive path, same
+ * - leading `!` — negation; preserve the marker, normalize the body
+ *
+ * The function is pure and never throws. Empty input returns empty.
+ */
+export declare function normalizeOverridePath(glob: string): string;
+/**
+ * Apply per-path `overrides` (alpha.8) on top of an already-globally-resolved rule list.
+ *
+ * For each override entry whose `paths` globs match `filePath`, merge its `rules` map into a
+ * per-file effective level map. Later matching entries win for the same rule id (ESLint semantics).
+ * `off` drops the rule for this file; `warn`/`error` copies the rule with overridden severity.
+ *
+ * Fast path: if no overrides are configured, returns the input list unchanged so the file loop
+ * stays cheap when this feature is unused.
+ *
+ * Alpha.10: `paths` globs are auto-anchored via `normalizeOverridePath` so users can write
+ * `scripts/**` instead of `**\/scripts/**` and get the expected ESLint semantics. When the
+ * optional `matchCounts` array is provided, each matched override entry's slot is incremented;
+ * the caller (CLI) reads zero-valued slots to emit "matched no files — ignored." warnings.
+ */
+export declare function applyOverridesForFile(baselineRules: readonly Rule[], overrides: readonly RuleOverride[], filePath: string, matchCounts?: number[]): readonly Rule[];
+/**
+ * Collect rule ids referenced by `overrides` entries that don't match any loaded rule, paired
+ * with the index of the offending override entry. The caller (CLI) uses these to emit one
+ * stderr warning per typo so configuration mistakes surface early rather than silently no-op'ing.
+ */
+export interface UnknownOverrideId {
+    readonly index: number;
+    readonly id: string;
+    readonly paths: readonly string[];
+}
+export declare function collectUnknownOverrideIds(baselineRules: readonly Rule[], overrides: readonly RuleOverride[]): readonly UnknownOverrideId[];
+export {};
+//# sourceMappingURL=apply-rule-config.d.ts.map

package/dist/runner/apply-rule-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"apply-rule-config.d.ts","sourceRoot":"","sources":["../../src/runner/apply-rule-config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAY,MAAM,iBAAiB,CAAC;AAC9D,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAEhD;;;;GAIG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,KAAK,EAAE,SAAS,IAAI,EAAE,CAAC;IAChC,0EAA0E;IAC1E,QAAQ,CAAC,UAAU,EAAE,SAAS,MAAM,EAAE,CAAC;CACxC;AAED,KAAK,SAAS,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAC;AAM1C;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,CAC7B,KAAK,EAAE,SAAS,IAAI,EAAE,EACtB,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,GAAG,SAAS,GACtD,qBAAqB,CAgCvB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAa1D;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,qBAAqB,CACnC,aAAa,EAAE,SAAS,IAAI,EAAE,EAC9B,SAAS,EAAE,SAAS,YAAY,EAAE,EAClC,QAAQ,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,MAAM,EAAE,GACrB,SAAS,IAAI,EAAE,CAwCjB;AAED;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,CAAC;CACnC;AAED,wBAAgB,yBAAyB,CACvC,aAAa,EAAE,SAAS,IAAI,EAAE,EAC9B,SAAS,EAAE,SAAS,YAAY,EAAE,GACjC,SAAS,iBAAiB,EAAE,CAY9B"}

package/dist/runner/apply-rule-config.js

@@ -0,0 +1,164 @@
+import micromatch from 'micromatch';
+const LEVEL_TO_SEVERITY = {
+    warn: 'warning',
+    error: 'error',
+};
+/**
+ * Apply the user-supplied `rules:` map to a loaded rule list.
+ *
+ * - `off`        → drop the rule from the returned list
+ * - `warn`/`error` → return a copy of the rule with `severity` overridden
+ * - missing entry → rule passes through unchanged
+ *
+ * Map keys that don't correspond to any loaded rule are collected in `unknownIds`. The function
+ * never throws; an invalid level value (should already be rejected by zod) is treated as "no
+ * override" rather than crashing the run.
+ */
+export function applyRuleConfig(rules, cfgMap) {
+    if (!cfgMap || Object.keys(cfgMap).length === 0) {
+        return { rules, unknownIds: [] };
+    }
+    const knownIds = new Set(rules.map((r) => r.id));
+    const unknownIds = [];
+    for (const id of Object.keys(cfgMap)) {
+        if (!knownIds.has(id))
+            unknownIds.push(id);
+    }
+    const out = [];
+    for (const rule of rules) {
+        const level = cfgMap[rule.id];
+        if (level === undefined) {
+            out.push(rule);
+            continue;
+        }
+        if (level === 'off')
+            continue;
+        const severity = LEVEL_TO_SEVERITY[level];
+        if (!severity) {
+            // Unrecognized level — treat as no override, never crash.
+            out.push(rule);
+            continue;
+        }
+        // Copy with overridden severity. `Rule` is a discriminated union; preserve the union
+        // by re-spreading per branch.
+        if (rule.kind === 'function') {
+            out.push({ ...rule, severity });
+        }
+        else {
+            out.push({ ...rule, severity });
+        }
+    }
+    return { rules: out, unknownIds };
+}
+/**
+ * Auto-anchor a single `overrides.paths` glob (alpha.10).
+ *
+ * `fast-glob` returns absolute file paths, so a user-written `scripts/**` would silently never
+ * match. We prepend `**\/` unless the glob already carries an anchor token, mirroring the
+ * ESLint mental model where `paths: ['scripts/**']` means "any `scripts/` in the project":
+ *
+ * - leading `**` (with or without `/`) — already anchored, leave alone
+ * - leading `/` — Unix absolute path, user opted out of auto-anchor
+ * - leading `<letter>:/` — Windows drive path, same
+ * - leading `!` — negation; preserve the marker, normalize the body
+ *
+ * The function is pure and never throws. Empty input returns empty.
+ */
+export function normalizeOverridePath(glob) {
+    if (!glob)
+        return glob;
+    let negation = '';
+    let body = glob;
+    if (body.startsWith('!')) {
+        negation = '!';
+        body = body.slice(1);
+    }
+    if (!body)
+        return negation;
+    if (body.startsWith('**'))
+        return negation + body;
+    if (body.startsWith('/'))
+        return negation + body;
+    if (/^[A-Za-z]:\//.test(body))
+        return negation + body;
+    return negation + '**/' + body;
+}
+/**
+ * Apply per-path `overrides` (alpha.8) on top of an already-globally-resolved rule list.
+ *
+ * For each override entry whose `paths` globs match `filePath`, merge its `rules` map into a
+ * per-file effective level map. Later matching entries win for the same rule id (ESLint semantics).
+ * `off` drops the rule for this file; `warn`/`error` copies the rule with overridden severity.
+ *
+ * Fast path: if no overrides are configured, returns the input list unchanged so the file loop
+ * stays cheap when this feature is unused.
+ *
+ * Alpha.10: `paths` globs are auto-anchored via `normalizeOverridePath` so users can write
+ * `scripts/**` instead of `**\/scripts/**` and get the expected ESLint semantics. When the
+ * optional `matchCounts` array is provided, each matched override entry's slot is incremented;
+ * the caller (CLI) reads zero-valued slots to emit "matched no files — ignored." warnings.
+ */
+export function applyOverridesForFile(baselineRules, overrides, filePath, matchCounts) {
+    if (overrides.length === 0)
+        return baselineRules;
+    const normalized = filePath.replace(/\\/g, '/');
+    const effective = new Map();
+    let anyMatch = false;
+    for (let i = 0; i < overrides.length; i++) {
+        const ov = overrides[i];
+        if (!ov)
+            continue;
+        const paths = ov.paths.map(normalizeOverridePath);
+        const matched = micromatch.isMatch(normalized, paths, { dot: true }) ||
+            micromatch.isMatch(filePath, paths, { dot: true });
+        if (!matched)
+            continue;
+        anyMatch = true;
+        if (matchCounts)
+            matchCounts[i] = (matchCounts[i] ?? 0) + 1;
+        for (const [id, level] of Object.entries(ov.rules)) {
+            effective.set(id, level);
+        }
+    }
+    if (!anyMatch)
+        return baselineRules;
+    const out = [];
+    for (const rule of baselineRules) {
+        const level = effective.get(rule.id);
+        if (level === undefined) {
+            out.push(rule);
+            continue;
+        }
+        if (level === 'off')
+            continue;
+        const severity = LEVEL_TO_SEVERITY[level];
+        if (!severity) {
+            out.push(rule);
+            continue;
+        }
+        if (rule.kind === 'function') {
+            out.push({ ...rule, severity });
+        }
+        else {
+            out.push({ ...rule, severity });
+        }
+    }
+    return out;
+}
+export function collectUnknownOverrideIds(baselineRules, overrides) {
+    if (overrides.length === 0)
+        return [];
+    const knownIds = new Set(baselineRules.map((r) => r.id));
+    const out = [];
+    for (let i = 0; i < overrides.length; i++) {
+        const ov = overrides[i];
+        if (!ov)
+            continue;
+        for (const id of Object.keys(ov.rules)) {
+            if (!knownIds.has(id))
+                out.push({ index: i, id, paths: ov.paths });
+        }
+    }
+    return out;
+}
+//# sourceMappingURL=apply-rule-config.js.map

package/dist/runner/apply-rule-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"apply-rule-config.js","sourceRoot":"","sources":["../../src/runner/apply-rule-config.ts"],"names":[],"mappings":"AAAA,OAAO,UAAU,MAAM,YAAY,CAAC;AAgBpC,MAAM,iBAAiB,GAAgD;IACrE,IAAI,EAAE,SAAS;IACf,KAAK,EAAE,OAAO;CACf,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,UAAU,eAAe,CAC7B,KAAsB,EACtB,MAAuD;IAEvD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChD,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IACnC,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACjD,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACrC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAAE,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,MAAM,GAAG,GAAW,EAAE,CAAC;IACvB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,SAAS;QACX,CAAC;QACD,IAAI,KAAK,KAAK,KAAK;YAAE,SAAS;QAC9B,MAAM,QAAQ,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,0DAA0D;YAC1D,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,SAAS;QACX,CAAC;QACD,qFAAqF;QACrF,8BAA8B;QAC9B,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC7B,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;AACpC,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAY;IAChD,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,IAAI,GAAG,IAAI,CAAC;IAChB,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,QAAQ,GAAG,GAAG,CAAC;QACf,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IACD,IAAI,CAAC,IAAI;QAAE,OAAO,QAAQ,CAAC;IAC3B,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,QAAQ,GAAG,IAAI,CAAC;IAClD,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,QAAQ,GAAG,IAAI,CAAC;IACjD,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,QAAQ,GAAG,IAAI,CAAC;IACtD,OAAO,QAAQ,GAAG,KAAK,GAAG,IAAI,CAAC;AACjC,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,qBAAqB,CACnC,aAA8B,EAC9B,SAAkC,EAClC,QAAgB,EAChB,WAAsB;IAEtB,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,aAAa,CAAC;IACjD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAChD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAqB,CAAC;IAC/C,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,CAAC,EAAE;YAAE,SAAS;QAClB,MAAM,KAAK,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QAClD,MAAM,OAAO,GACX,UAAU,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;YACpD,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,IAAI,CAAC,OAAO;YAAE,SAAS;QACvB,QAAQ,GAAG,IAAI,CAAC;QAChB,IAAI,WAAW;YAAE,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;QAC5D,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;YACnD,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,IAAI,CAAC,QAAQ;QAAE,OAAO,aAAa,CAAC;IACpC,MAAM,GAAG,GAAW,EAAE,CAAC;IACvB,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACrC,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,SAAS;QACX,CAAC;QACD,IAAI,KAAK,KAAK,KAAK;YAAE,SAAS;QAC9B,MAAM,QAAQ,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;QAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,SAAS;QACX,CAAC;QACD,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC7B,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAaD,MAAM,UAAU,yBAAyB,CACvC,aAA8B,EAC9B,SAAkC;IAElC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACtC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,MAAM,GAAG,GAAwB,EAAE,CAAC;IACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,CAAC,EAAE;YAAE,SAAS;QAClB,KAAK,MAAM,EAAE,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;YACvC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAAE,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/runner/context.d.ts

@@ -0,0 +1,12 @@
+import type Parser from 'tree-sitter';
+import type { Diagnostic, Language, Range } from '@aicqtools/core';
+import type { RuleContext, RuleMeta } from '@aicqtools/rule-sdk';
+export declare function rangeOfNode(node: Parser.SyntaxNode): Range;
+export interface RunContext {
+    readonly filePath: string;
+    readonly source: string;
+    readonly language: Language;
+    readonly diagnostics: Diagnostic[];
+}
+export declare function makeRuleContext(run: RunContext, meta: RuleMeta): RuleContext;
+//# sourceMappingURL=context.d.ts.map

package/dist/runner/context.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../../src/runner/context.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAY,MAAM,iBAAiB,CAAC;AAC7E,OAAO,KAAK,EAAE,WAAW,EAAE,QAAQ,EAAc,MAAM,qBAAqB,CAAC;AAE7E,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,UAAU,GAAG,KAAK,CAK1D;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,UAAU,EAAE,CAAC;CACpC;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,GAAG,WAAW,CA0B5E"}

package/dist/runner/context.js

@@ -0,0 +1,34 @@
+export function rangeOfNode(node) {
+    return {
+        start: { line: node.startPosition.row + 1, column: node.startPosition.column + 1 },
+        end: { line: node.endPosition.row + 1, column: node.endPosition.column + 1 },
+    };
+}
+export function makeRuleContext(run, meta) {
+    return {
+        filePath: run.filePath,
+        source: run.source,
+        language: run.language,
+        textOf(node) {
+            return run.source.slice(node.startIndex, node.endIndex);
+        },
+        rangeOf(node) {
+            return rangeOfNode(node);
+        },
+        report(args) {
+            const diagnostic = {
+                ruleId: meta.id,
+                severity: meta.severity,
+                message: args.message ?? meta.message,
+                ...(args.messageKo ?? meta.messageKo
+                    ? { messageKo: args.messageKo ?? meta.messageKo }
+                    : {}),
+                file: run.filePath,
+                range: rangeOfNode(args.node),
+                ...(meta.docs ? { docs: meta.docs } : {}),
+            };
+            run.diagnostics.push(diagnostic);
+        },
+    };
+}
+//# sourceMappingURL=context.js.map

package/dist/runner/context.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"context.js","sourceRoot":"","sources":["../../src/runner/context.ts"],"names":[],"mappings":"AAIA,MAAM,UAAU,WAAW,CAAC,IAAuB;IACjD,OAAO;QACL,KAAK,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,GAAG,GAAG,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE;QAClF,GAAG,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,GAAG,GAAG,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;KAC7E,CAAC;AACJ,CAAC;AASD,MAAM,UAAU,eAAe,CAAC,GAAe,EAAE,IAAc;IAC7D,OAAO;QACL,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,QAAQ,EAAE,GAAG,CAAC,QAAQ;QACtB,MAAM,CAAC,IAAI;YACT,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO,CAAC,IAAI;YACV,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QACD,MAAM,CAAC,IAAgB;YACrB,MAAM,UAAU,GAAe;gBAC7B,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,QAAQ,EAAE,IAAI,CAAC,QAAoB;gBACnC,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO;gBACrC,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS;oBAClC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,EAAE;oBACjD,CAAC,CAAC,EAAE,CAAC;gBACP,IAAI,EAAE,GAAG,CAAC,QAAQ;gBAClB,KAAK,EAAE,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;gBAC7B,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC5B,CAAC;YAChB,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACnC,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/runner/index.d.ts

@@ -0,0 +1,9 @@
+export { runFile, runFileWithSource } from './run-file.js';
+export { runProject, resolveIgnores } from './run-project.js';
+export { runRule } from './run-rule.js';
+export { ruleSignature, rulesetSignature } from './ruleset-signature.js';
+export { applyRuleConfig, applyOverridesForFile, collectUnknownOverrideIds, normalizeOverridePath } from './apply-rule-config.js';
+export type { ApplyRuleConfigResult, UnknownOverrideId } from './apply-rule-config.js';
+export type { RunFileResult } from './run-file.js';
+export type { RunProjectOptions } from './run-project.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/runner/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/runner/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,yBAAyB,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAClI,YAAY,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AACvF,YAAY,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,YAAY,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/runner/index.js

@@ -0,0 +1,6 @@
+export { runFile, runFileWithSource } from './run-file.js';
+export { runProject, resolveIgnores } from './run-project.js';
+export { runRule } from './run-rule.js';
+export { ruleSignature, rulesetSignature } from './ruleset-signature.js';
+export { applyRuleConfig, applyOverridesForFile, collectUnknownOverrideIds, normalizeOverridePath } from './apply-rule-config.js';
+//# sourceMappingURL=index.js.map

package/dist/runner/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/runner/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,yBAAyB,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/runner/ruleset-signature.d.ts

@@ -0,0 +1,4 @@
+import type { Rule } from '@aicqtools/rule-sdk';
+export declare function ruleSignature(rule: Rule): string;
+export declare function rulesetSignature(rules: readonly Rule[]): string[];
+//# sourceMappingURL=ruleset-signature.d.ts.map

package/dist/runner/ruleset-signature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ruleset-signature.d.ts","sourceRoot":"","sources":["../../src/runner/ruleset-signature.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAEhD,wBAAgB,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAMhD;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,SAAS,IAAI,EAAE,GAAG,MAAM,EAAE,CAEjE"}

package/dist/runner/ruleset-signature.js

@@ -0,0 +1,11 @@
+export function ruleSignature(rule) {
+    if (rule.kind === 'pattern') {
+        return `pattern:${rule.id}:${rule.severity}:${rule.query}`;
+    }
+    const visitorKeys = Object.keys(rule.visitors).sort().join(',');
+    return `function:${rule.id}:${rule.severity}:${visitorKeys}`;
+}
+export function rulesetSignature(rules) {
+    return rules.map(ruleSignature);
+}
+//# sourceMappingURL=ruleset-signature.js.map

package/dist/runner/ruleset-signature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ruleset-signature.js","sourceRoot":"","sources":["../../src/runner/ruleset-signature.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,aAAa,CAAC,IAAU;IACtC,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5B,OAAO,WAAW,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;IAC7D,CAAC;IACD,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAChE,OAAO,YAAY,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,QAAQ,IAAI,WAAW,EAAE,CAAC;AAC/D,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAsB;IACrD,OAAO,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;AAClC,CAAC"}

package/dist/runner/run-file.d.ts

@@ -0,0 +1,10 @@
+import type { Diagnostic, Language } from '@aicqtools/core';
+import type { Rule } from '@aicqtools/rule-sdk';
+export interface RunFileResult {
+    readonly filePath: string;
+    readonly language: Language | null;
+    readonly diagnostics: readonly Diagnostic[];
+}
+export declare function runFile(filePath: string, rules: readonly Rule[]): Promise<RunFileResult>;
+export declare function runFileWithSource(filePath: string, source: string, language: Language, rules: readonly Rule[]): RunFileResult;
+//# sourceMappingURL=run-file.d.ts.map

package/dist/runner/run-file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"run-file.d.ts","sourceRoot":"","sources":["../../src/runner/run-file.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE5D,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,qBAAqB,CAAC;AAIhD,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,WAAW,EAAE,SAAS,UAAU,EAAE,CAAC;CAC7C;AAED,wBAAsB,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,IAAI,EAAE,GAAG,OAAO,CAAC,aAAa,CAAC,CAM9F;AAED,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,QAAQ,EAClB,KAAK,EAAE,SAAS,IAAI,EAAE,GACrB,aAAa,CAsBf"}