@boshu2/vibe-check 2.2.1 → 2.3.0

package/dist/ai-safety/index.js

@@ -0,0 +1,177 @@
+/**
+ * AI Safety Detection Module
+ *
+ * This module detects LLM-specific antipatterns in commit history:
+ * 1. Secret Leakage - Exposed API keys, tokens, credentials
+ * 2. Scope Violation - Commits touching files outside declared domain
+ * 3. Contract Drift - Commit message format degrading over time
+ * 4. Token Spiral - Runaway token consumption (context explosion)
+ */
+import { DEFAULT_AI_SAFETY_CONFIG, } from './types.js';
+import { detectSecretLeakageFromMessages } from './secret-leakage.js';
+import { detectScopeViolations } from './scope-violation.js';
+import { detectContractDrift } from './contract-drift.js';
+import { detectTokenSpiral } from './token-spiral.js';
+// Re-export types
+export * from './types.js';
+// Re-export detector functions
+export { detectSecretLeakage, detectSecretLeakageFromMessages } from './secret-leakage.js';
+export { detectScopeViolations, loadScopeConfig } from './scope-violation.js';
+export { detectContractDrift } from './contract-drift.js';
+export { detectTokenSpiral } from './token-spiral.js';
+/**
+ * Run all AI safety detectors.
+ *
+ * @param commits - List of commits to analyze
+ * @param filesPerCommit - Map of commit hash to changed files
+ * @param config - Detection configuration
+ * @param repoPath - Optional repository path for scope config loading
+ * @param lineStatsPerCommit - Optional line stats for token estimation
+ * @returns AI safety analysis results
+ */
+export function analyzeAISafety(commits, filesPerCommit, config = {}, repoPath, lineStatsPerCommit) {
+    const cfg = { ...DEFAULT_AI_SAFETY_CONFIG, ...config };
+    // Run secret leakage detector (synchronous version for commit messages)
+    const secretLeakage = detectSecretLeakageFromMessages(commits, cfg);
+    // Run scope violation detector
+    const scopeViolations = detectScopeViolations(commits, filesPerCommit, cfg, repoPath);
+    // Run contract drift detector
+    const contractDrift = detectContractDrift(commits, cfg);
+    // Run token spiral detector
+    const tokenSpiral = detectTokenSpiral(commits, lineStatsPerCommit || new Map(), filesPerCommit, cfg);
+    // Calculate summary
+    const totalIssues = secretLeakage.totalFindings +
+        scopeViolations.totalViolations +
+        contractDrift.totalDegradingCommits +
+        tokenSpiral.spirals.length;
+    const criticalIssues = secretLeakage.criticalFindings + scopeViolations.totalViolations;
+    const warningIssues = contractDrift.totalDegradingCommits + (tokenSpiral.detected ? 1 : 0);
+    // Determine overall health
+    let overallHealth = 'healthy';
+    if (criticalIssues > 0) {
+        overallHealth = 'critical';
+    }
+    else if (warningIssues > 0) {
+        overallHealth = 'warning';
+    }
+    // Generate recommendations
+    const recommendations = generateRecommendations(secretLeakage, scopeViolations, contractDrift, tokenSpiral);
+    return {
+        secretLeakage,
+        scopeViolations,
+        contractDrift,
+        tokenSpiral,
+        summary: {
+            totalIssues,
+            criticalIssues,
+            warningIssues,
+            overallHealth,
+        },
+        recommendations,
+    };
+}
+/**
+ * Generate recommendations based on detected AI safety issues.
+ */
+function generateRecommendations(secretLeakage, scopeViolations, contractDrift, tokenSpiral) {
+    const recommendations = [];
+    // Secret Leakage recommendations
+    if (secretLeakage.detected) {
+        recommendations.push('🔐 CRITICAL: Secrets detected in commits. Rotate exposed credentials immediately.');
+        recommendations.push('Run `git filter-repo` or BFG Repo-Cleaner to remove secrets from git history.');
+        if (secretLeakage.criticalFindings > 0) {
+            recommendations.push('⚠️  High-value secrets found (API keys, tokens). This is a SECURITY INCIDENT.');
+        }
+    }
+    // Scope Violation recommendations
+    if (scopeViolations.detected) {
+        recommendations.push('🎯 AI modified files outside declared scope. Be more explicit about allowed files.');
+        recommendations.push('Example: "ONLY modify src/feature.ts and src/feature.test.ts"');
+    }
+    // Contract Drift recommendations
+    if (contractDrift.detected) {
+        const drift = contractDrift.driftMetrics;
+        if (drift.trend === 'degrading') {
+            recommendations.push(`📉 Commit message quality degrading (${drift.driftPercentage.toFixed(0)}% worse). Reinforce commit format expectations.`);
+            recommendations.push('Remind AI to use conventional commits: "feat:", "fix:", "docs:", etc.');
+        }
+    }
+    // Token Spiral recommendations
+    if (tokenSpiral.detected) {
+        if (tokenSpiral.estimatedTokens.explosionDetected) {
+            recommendations.push('💥 Token usage exploded. Context window may be filling up with repeated content.');
+            recommendations.push('Consider: 1) Break task into smaller pieces, 2) Start fresh session, 3) Use more focused prompts');
+        }
+    }
+    // Emergency recommendation for multiple critical issues
+    if (secretLeakage.criticalFindings > 0 && scopeViolations.totalViolations > 2) {
+        recommendations.unshift('🚨 SECURITY ALERT: Multiple critical AI safety issues. STOP and review all changes before proceeding.');
+    }
+    return recommendations;
+}
+/**
+ * Quick check for AI safety issues (fast, minimal analysis).
+ */
+export function quickAISafetyCheck(commits, filesPerCommit) {
+    const analysis = analyzeAISafety(commits, filesPerCommit);
+    const issues = [];
+    if (analysis.secretLeakage.detected)
+        issues.push('secret-leakage');
+    if (analysis.scopeViolations.detected)
+        issues.push('scope-violation');
+    if (analysis.contractDrift.detected)
+        issues.push('contract-drift');
+    if (analysis.tokenSpiral.detected)
+        issues.push('token-spiral');
+    return {
+        hasIssues: issues.length > 0,
+        issueCount: issues.length,
+        topIssue: issues[0] || null,
+    };
+}
+/**
+ * Format AI safety analysis for terminal output.
+ */
+export function formatAISafetyAnalysis(analysis) {
+    const lines = [];
+    // Header
+    const healthEmoji = analysis.summary.overallHealth === 'critical'
+        ? '🚨'
+        : analysis.summary.overallHealth === 'warning'
+            ? '⚠️'
+            : '✅';
+    lines.push(`\n${healthEmoji} AI Safety: ${analysis.summary.overallHealth.toUpperCase()}`);
+    lines.push('─'.repeat(50));
+    // Individual pattern results
+    if (analysis.secretLeakage.detected) {
+        lines.push(`🔐 Secret Leakage: ${analysis.secretLeakage.message}`);
+    }
+    if (analysis.scopeViolations.detected) {
+        lines.push(`🎯 Scope Violations: ${analysis.scopeViolations.message}`);
+    }
+    if (analysis.contractDrift.detected) {
+        lines.push(`📉 Contract Drift: ${analysis.contractDrift.message}`);
+    }
+    if (analysis.tokenSpiral.detected) {
+        lines.push(`💥 Token Spiral: ${analysis.tokenSpiral.message}`);
+    }
+    // Summary
+    if (analysis.summary.totalIssues > 0) {
+        lines.push('');
+        lines.push(`Total: ${analysis.summary.totalIssues} issue${analysis.summary.totalIssues > 1 ? 's' : ''} ` +
+            `(${analysis.summary.criticalIssues} critical, ${analysis.summary.warningIssues} warning)`);
+    }
+    else {
+        lines.push('No AI safety issues detected.');
+    }
+    // Recommendations
+    if (analysis.recommendations.length > 0) {
+        lines.push('');
+        lines.push('Recommendations:');
+        for (const rec of analysis.recommendations.slice(0, 5)) {
+            lines.push(`  ${rec}`);
+        }
+    }
+    return lines.join('\n');
+}
+//# sourceMappingURL=index.js.map

package/dist/ai-safety/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/ai-safety/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAGL,wBAAwB,GAKzB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,+BAA+B,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,kBAAkB;AAClB,cAAc,YAAY,CAAC;AAC3B,+BAA+B;AAC/B,OAAO,EAAE,mBAAmB,EAAE,+BAA+B,EAAE,MAAM,qBAAqB,CAAC;AAC3F,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC9E,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAiB,EACjB,cAAqC,EACrC,SAAkC,EAAE,EACpC,QAAiB,EACjB,kBAA0E;IAE1E,MAAM,GAAG,GAAG,EAAE,GAAG,wBAAwB,EAAE,GAAG,MAAM,EAAE,CAAC;IAEvD,wEAAwE;IACxE,MAAM,aAAa,GAAG,+BAA+B,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAEpE,+BAA+B;IAC/B,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,EAAE,cAAc,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAEtF,8BAA8B;IAC9B,MAAM,aAAa,GAAG,mBAAmB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAExD,4BAA4B;IAC5B,MAAM,WAAW,GAAG,iBAAiB,CACnC,OAAO,EACP,kBAAkB,IAAI,IAAI,GAAG,EAAE,EAC/B,cAAc,EACd,GAAG,CACJ,CAAC;IAEF,oBAAoB;IACpB,MAAM,WAAW,GACf,aAAa,CAAC,aAAa;QAC3B,eAAe,CAAC,eAAe;QAC/B,aAAa,CAAC,qBAAqB;QACnC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;IAE7B,MAAM,cAAc,GAAG,aAAa,CAAC,gBAAgB,GAAG,eAAe,CAAC,eAAe,CAAC;IAExF,MAAM,aAAa,GAAG,aAAa,CAAC,qBAAqB,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3F,2BAA2B;IAC3B,IAAI,aAAa,GAAuC,SAAS,CAAC;IAClE,IAAI,cAAc,GAAG,CAAC,EAAE,CAAC;QACvB,aAAa,GAAG,UAAU,CAAC;IAC7B,CAAC;SAAM,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;QAC7B,aAAa,GAAG,SAAS,CAAC;IAC5B,CAAC;IAED,2BAA2B;IAC3B,MAAM,eAAe,GAAG,uBAAuB,CAC7C,aAAa,EACb,eAAe,EACf,aAAa,EACb,WAAW,CACZ,CAAC;IAEF,OAAO;QACL,aAAa;QACb,eAAe;QACf,aAAa;QACb,WAAW;QACX,OAAO,EAAE;YACP,WAAW;YACX,cAAc;YACd,aAAa;YACb,aAAa;SACd;QACD,eAAe;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAC9B,aAAkC,EAClC,eAAqC,EACrC,aAAkC,EAClC,WAA8B;IAE9B,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,iCAAiC;IACjC,IAAI,aAAa,CAAC,QAAQ,EAAE,CAAC;QAC3B,eAAe,CAAC,IAAI,CAClB,mFAAmF,CACpF,CAAC;QACF,eAAe,CAAC,IAAI,CAClB,+EAA+E,CAChF,CAAC;QACF,IAAI,aAAa,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;YACvC,eAAe,CAAC,IAAI,CAClB,+EAA+E,CAChF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,eAAe,CAAC,QAAQ,EAAE,CAAC;QAC7B,eAAe,CAAC,IAAI,CAClB,oFAAoF,CACrF,CAAC;QACF,eAAe,CAAC,IAAI,CAClB,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,IAAI,aAAa,CAAC,QAAQ,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,aAAa,CAAC,YAAY,CAAC;QACzC,IAAI,KAAK,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;YAChC,eAAe,CAAC,IAAI,CAClB,wCAAwC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,iDAAiD,CAC1H,CAAC;YACF,eAAe,CAAC,IAAI,CAClB,uEAAuE,CACxE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;QACzB,IAAI,WAAW,CAAC,eAAe,CAAC,iBAAiB,EAAE,CAAC;YAClD,eAAe,CAAC,IAAI,CAClB,kFAAkF,CACnF,CAAC;YACF,eAAe,CAAC,IAAI,CAClB,kGAAkG,CACnG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,IAAI,aAAa,CAAC,gBAAgB,GAAG,CAAC,IAAI,eAAe,CAAC,eAAe,GAAG,CAAC,EAAE,CAAC;QAC9E,eAAe,CAAC,OAAO,CACrB,uGAAuG,CACxG,CAAC;IACJ,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAiB,EACjB,cAAqC;IAMrC,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IAE1D,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,QAAQ,CAAC,aAAa,CAAC,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACnE,IAAI,QAAQ,CAAC,eAAe,CAAC,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACtE,IAAI,QAAQ,CAAC,aAAa,CAAC,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACnE,IAAI,QAAQ,CAAC,WAAW,CAAC,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAE/D,OAAO;QACL,SAAS,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC;QAC5B,UAAU,EAAE,MAAM,CAAC,MAAM;QACzB,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI;KAC5B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAA0B;IAC/D,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,SAAS;IACT,MAAM,WAAW,GACf,QAAQ,CAAC,OAAO,CAAC,aAAa,KAAK,UAAU;QAC3C,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,aAAa,KAAK,SAAS;YAC5C,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,GAAG,CAAC;IACZ,KAAK,CAAC,IAAI,CAAC,KAAK,WAAW,eAAe,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IAC1F,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE3B,6BAA6B;IAC7B,IAAI,QAAQ,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,sBAAsB,QAAQ,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,QAAQ,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,wBAAwB,QAAQ,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,QAAQ,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,sBAAsB,QAAQ,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,oBAAoB,QAAQ,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,UAAU;IACV,IAAI,QAAQ,CAAC,OAAO,CAAC,WAAW,GAAG,CAAC,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CACR,UAAU,QAAQ,CAAC,OAAO,CAAC,WAAW,SAAS,QAAQ,CAAC,OAAO,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG;YAC3F,IAAI,QAAQ,CAAC,OAAO,CAAC,cAAc,cAAc,QAAQ,CAAC,OAAO,CAAC,aAAa,WAAW,CAC7F,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC9C,CAAC;IAED,kBAAkB;IAClB,IAAI,QAAQ,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC/B,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACvD,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/ai-safety/scope-violation.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Scope Violation Detector
+ *
+ * Detects commits touching files outside declared scope.
+ * Scope can be defined via .vibe-check/scope.yaml or passed in config.
+ * Uses glob patterns (minimatch) for flexible matching.
+ */
+import { Commit } from '../types.js';
+import { ScopeViolationResult, ScopeDefinition, AISafetyConfig } from './types.js';
+/**
+ * Load scope configuration from .vibe-check/scope.yaml
+ */
+export declare function loadScopeConfig(repoPath: string): ScopeDefinition | null;
+/**
+ * Detect scope violations in commits.
+ */
+export declare function detectScopeViolations(commits: Commit[], filesPerCommit: Map<string, string[]>, config?: Partial<AISafetyConfig>, repoPath?: string): ScopeViolationResult;
+//# sourceMappingURL=scope-violation.d.ts.map

package/dist/ai-safety/scope-violation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-violation.d.ts","sourceRoot":"","sources":["../../src/ai-safety/scope-violation.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EACL,oBAAoB,EAEpB,eAAe,EACf,cAAc,EACf,MAAM,YAAY,CAAC;AAcpB;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,CAwBxE;AA2CD;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EAAE,EACjB,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EACrC,MAAM,GAAE,OAAO,CAAC,cAAc,CAAM,EACpC,QAAQ,CAAC,EAAE,MAAM,GAChB,oBAAoB,CAwFtB"}

package/dist/ai-safety/scope-violation.js

@@ -0,0 +1,150 @@
+/**
+ * Scope Violation Detector
+ *
+ * Detects commits touching files outside declared scope.
+ * Scope can be defined via .vibe-check/scope.yaml or passed in config.
+ * Uses glob patterns (minimatch) for flexible matching.
+ */
+import { minimatch } from 'minimatch';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as yaml from 'js-yaml';
+/**
+ * Load scope configuration from .vibe-check/scope.yaml
+ */
+export function loadScopeConfig(repoPath) {
+    const configPath = path.join(repoPath, '.vibe-check', 'scope.yaml');
+    try {
+        if (!fs.existsSync(configPath)) {
+            return null;
+        }
+        const content = fs.readFileSync(configPath, 'utf-8');
+        const config = yaml.load(content);
+        if (!config?.scope) {
+            return null;
+        }
+        return {
+            allowedPatterns: config.scope.allowed_patterns || [],
+            allowedDirs: config.scope.allowed_dirs || [],
+            description: config.scope.description,
+        };
+    }
+    catch {
+        // Config file doesn't exist or is invalid
+        return null;
+    }
+}
+/**
+ * Check if a file path matches any of the allowed patterns.
+ */
+function isFileAllowed(filePath, scope, exceptions) {
+    // Check exceptions first (always allowed)
+    for (const exception of exceptions) {
+        if (minimatch(filePath, exception) || filePath === exception) {
+            return true;
+        }
+        // Also check just the filename for common exceptions
+        const fileName = path.basename(filePath);
+        if (fileName === exception) {
+            return true;
+        }
+    }
+    // Check allowed patterns (glob)
+    for (const pattern of scope.allowedPatterns) {
+        if (minimatch(filePath, pattern, { matchBase: true })) {
+            return true;
+        }
+    }
+    // Check allowed directories
+    for (const dir of scope.allowedDirs) {
+        // Normalize paths for comparison
+        const normalizedDir = dir.endsWith('/') ? dir : dir + '/';
+        const normalizedFile = filePath.startsWith('/') ? filePath.slice(1) : filePath;
+        if (normalizedFile.startsWith(normalizedDir) || normalizedFile.startsWith(dir)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Detect scope violations in commits.
+ */
+export function detectScopeViolations(commits, filesPerCommit, config = {}, repoPath) {
+    // Check if scope checking is enabled
+    if (config.scopeCheckEnabled === false) {
+        return {
+            detected: false,
+            violations: [],
+            totalViolations: 0,
+            totalUnauthorizedFiles: 0,
+            message: 'Scope checking disabled',
+        };
+    }
+    // Try to load scope from config or file
+    let scope = config.scope;
+    if (!scope && repoPath) {
+        scope = loadScopeConfig(repoPath) || undefined;
+    }
+    // No scope defined = no violations possible
+    if (!scope) {
+        return {
+            detected: false,
+            violations: [],
+            totalViolations: 0,
+            totalUnauthorizedFiles: 0,
+            message: 'No scope defined (use .vibe-check/scope.yaml or config)',
+        };
+    }
+    // Check for empty scope (nothing allowed = everything violates)
+    if (scope.allowedPatterns.length === 0 && scope.allowedDirs.length === 0) {
+        return {
+            detected: false,
+            violations: [],
+            totalViolations: 0,
+            totalUnauthorizedFiles: 0,
+            message: 'Scope defined but empty (no patterns or dirs)',
+        };
+    }
+    const exceptions = config.allowedExceptions || [
+        'package.json',
+        'package-lock.json',
+        'tsconfig.json',
+        '.gitignore',
+        'README.md',
+    ];
+    const violations = [];
+    let totalUnauthorizedFiles = 0;
+    for (const commit of commits) {
+        const files = filesPerCommit.get(commit.hash) || [];
+        const unauthorizedFiles = [];
+        for (const file of files) {
+            if (!isFileAllowed(file, scope, exceptions)) {
+                unauthorizedFiles.push(file);
+                totalUnauthorizedFiles++;
+            }
+        }
+        if (unauthorizedFiles.length > 0) {
+            violations.push({
+                commitHash: commit.hash,
+                commitMessage: commit.message,
+                timestamp: commit.date,
+                unauthorizedFiles,
+                declaredScope: [...scope.allowedPatterns, ...scope.allowedDirs],
+                description: `Commit touched ${unauthorizedFiles.length} file(s) outside declared scope`,
+            });
+        }
+    }
+    const detected = violations.length > 0;
+    let message = 'No scope violations detected';
+    if (detected) {
+        message = `${violations.length} commit(s) violated scope (${totalUnauthorizedFiles} unauthorized files)`;
+    }
+    return {
+        detected,
+        violations,
+        totalViolations: violations.length,
+        totalUnauthorizedFiles,
+        message,
+    };
+}
+//# sourceMappingURL=scope-violation.js.map

package/dist/ai-safety/scope-violation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-violation.js","sourceRoot":"","sources":["../../src/ai-safety/scope-violation.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,IAAI,MAAM,SAAS,CAAC;AAqBhC;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;IAEpE,IAAI,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAoB,CAAC;QAErD,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,eAAe,EAAE,MAAM,CAAC,KAAK,CAAC,gBAAgB,IAAI,EAAE;YACpD,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,YAAY,IAAI,EAAE;YAC5C,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,WAAW;SACtC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,0CAA0C;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,QAAgB,EAChB,KAAsB,EACtB,UAAoB;IAEpB,0CAA0C;IAC1C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,qDAAqD;QACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACzC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;QAC5C,IAAI,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACpC,iCAAiC;QACjC,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;QAC1D,MAAM,cAAc,GAAG,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAE/E,IAAI,cAAc,CAAC,UAAU,CAAC,aAAa,CAAC,IAAI,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/E,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAiB,EACjB,cAAqC,EACrC,SAAkC,EAAE,EACpC,QAAiB;IAEjB,qCAAqC;IACrC,IAAI,MAAM,CAAC,iBAAiB,KAAK,KAAK,EAAE,CAAC;QACvC,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,UAAU,EAAE,EAAE;YACd,eAAe,EAAE,CAAC;YAClB,sBAAsB,EAAE,CAAC;YACzB,OAAO,EAAE,yBAAyB;SACnC,CAAC;IACJ,CAAC;IAED,wCAAwC;IACxC,IAAI,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACzB,IAAI,CAAC,KAAK,IAAI,QAAQ,EAAE,CAAC;QACvB,KAAK,GAAG,eAAe,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;IACjD,CAAC;IAED,4CAA4C;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,UAAU,EAAE,EAAE;YACd,eAAe,EAAE,CAAC;YAClB,sBAAsB,EAAE,CAAC;YACzB,OAAO,EAAE,yDAAyD;SACnE,CAAC;IACJ,CAAC;IAED,gEAAgE;IAChE,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzE,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,UAAU,EAAE,EAAE;YACd,eAAe,EAAE,CAAC;YAClB,sBAAsB,EAAE,CAAC;YACzB,OAAO,EAAE,+CAA+C;SACzD,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,CAAC,iBAAiB,IAAI;QAC7C,cAAc;QACd,mBAAmB;QACnB,eAAe;QACf,YAAY;QACZ,WAAW;KACZ,CAAC;IAEF,MAAM,UAAU,GAAqB,EAAE,CAAC;IACxC,IAAI,sBAAsB,GAAG,CAAC,CAAC;IAE/B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,iBAAiB,GAAa,EAAE,CAAC;QAEvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,UAAU,CAAC,EAAE,CAAC;gBAC5C,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC7B,sBAAsB,EAAE,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,UAAU,CAAC,IAAI,CAAC;gBACd,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,aAAa,EAAE,MAAM,CAAC,OAAO;gBAC7B,SAAS,EAAE,MAAM,CAAC,IAAI;gBACtB,iBAAiB;gBACjB,aAAa,EAAE,CAAC,GAAG,KAAK,CAAC,eAAe,EAAE,GAAG,KAAK,CAAC,WAAW,CAAC;gBAC/D,WAAW,EAAE,kBAAkB,iBAAiB,CAAC,MAAM,iCAAiC;aACzF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;IACvC,IAAI,OAAO,GAAG,8BAA8B,CAAC;IAE7C,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,GAAG,GAAG,UAAU,CAAC,MAAM,8BAA8B,sBAAsB,sBAAsB,CAAC;IAC3G,CAAC;IAED,OAAO;QACL,QAAQ;QACR,UAAU;QACV,eAAe,EAAE,UAAU,CAAC,MAAM;QAClC,sBAAsB;QACtB,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/ai-safety/secret-leakage.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Secret Leakage Detector
+ *
+ * Scans commit diffs for exposed secrets: API keys, tokens, credentials.
+ * Ported from ai-platform/tests/agents/test_agent_security.py
+ */
+import { Commit } from '../types.js';
+import { SecretLeakageResult, AISafetyConfig } from './types.js';
+/**
+ * Detect secrets leaked in commit diffs.
+ */
+export declare function detectSecretLeakage(repoPath: string, commits: Commit[], config?: Partial<AISafetyConfig>): Promise<SecretLeakageResult>;
+/**
+ * Synchronous version that works with already-fetched commit data.
+ * For use when diffs aren't available (e.g., from JSONL timeline).
+ */
+export declare function detectSecretLeakageFromMessages(commits: Commit[], config?: Partial<AISafetyConfig>): SecretLeakageResult;
+//# sourceMappingURL=secret-leakage.d.ts.map

package/dist/ai-safety/secret-leakage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-leakage.d.ts","sourceRoot":"","sources":["../../src/ai-safety/secret-leakage.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EACL,mBAAmB,EAGnB,cAAc,EACf,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EAAE,EACjB,MAAM,GAAE,OAAO,CAAC,cAAc,CAAM,GACnC,OAAO,CAAC,mBAAmB,CAAC,CAwF9B;AAoDD;;;GAGG;AACH,wBAAgB,+BAA+B,CAC7C,OAAO,EAAE,MAAM,EAAE,EACjB,MAAM,GAAE,OAAO,CAAC,cAAc,CAAM,GACnC,mBAAmB,CAyDrB"}

package/dist/ai-safety/secret-leakage.js

@@ -0,0 +1,188 @@
+/**
+ * Secret Leakage Detector
+ *
+ * Scans commit diffs for exposed secrets: API keys, tokens, credentials.
+ * Ported from ai-platform/tests/agents/test_agent_security.py
+ */
+import { simpleGit } from 'simple-git';
+import { SECRET_PATTERNS, } from './types.js';
+/**
+ * Detect secrets leaked in commit diffs.
+ */
+export async function detectSecretLeakage(repoPath, commits, config = {}) {
+    if (!config.secretDetectionEnabled) {
+        return {
+            detected: false,
+            findings: [],
+            totalFindings: 0,
+            criticalFindings: 0,
+            message: 'Secret detection disabled',
+        };
+    }
+    const findings = [];
+    const git = simpleGit(repoPath);
+    // Merge custom patterns if provided
+    const patterns = {
+        ...SECRET_PATTERNS,
+        ...(config.customSecretPatterns || {}),
+    };
+    for (const commit of commits) {
+        try {
+            let contentToScan;
+            if (config.secretScanDepth === 'shallow') {
+                // Only scan commit message
+                contentToScan = commit.message;
+            }
+            else {
+                // Full scan: get diff content using simple-git
+                const diff = await git.show([commit.hash, '--format=', '--patch']);
+                contentToScan = diff;
+            }
+            // Scan for each secret pattern
+            for (const [patternName, regex] of Object.entries(patterns)) {
+                // Reset regex state
+                regex.lastIndex = 0;
+                let match;
+                while ((match = regex.exec(contentToScan)) !== null) {
+                    const matchedText = match[0];
+                    const startIndex = match.index;
+                    // Get line context (20 chars before and after)
+                    const contextStart = Math.max(0, startIndex - 20);
+                    const contextEnd = Math.min(contentToScan.length, startIndex + matchedText.length + 20);
+                    const rawContext = contentToScan.substring(contextStart, contextEnd);
+                    // Mask the secret in context (show first 8 chars only)
+                    const maskedSecret = maskSecret(matchedText);
+                    const lineContext = rawContext.replace(matchedText, maskedSecret);
+                    // Determine file from diff context
+                    const file = extractFileFromDiff(contentToScan, startIndex);
+                    findings.push({
+                        commitHash: commit.hash,
+                        commitMessage: commit.message,
+                        timestamp: commit.date,
+                        file: file || 'unknown',
+                        pattern: patternName,
+                        matchedText: maskedSecret,
+                        lineContext: lineContext.replace(/\n/g, ' ').trim(),
+                        severity: determineSeverity(patternName),
+                    });
+                }
+            }
+        }
+        catch (error) {
+            // Skip commits we can't analyze
+            continue;
+        }
+    }
+    const criticalFindings = findings.filter((f) => f.severity === 'critical').length;
+    const detected = findings.length > 0;
+    let message = 'No secrets detected';
+    if (detected) {
+        message = `${findings.length} secret(s) found (${criticalFindings} critical)`;
+    }
+    return {
+        detected,
+        findings,
+        totalFindings: findings.length,
+        criticalFindings,
+        message,
+    };
+}
+/**
+ * Mask a secret, showing only first 8 characters.
+ */
+function maskSecret(secret) {
+    if (secret.length <= 8) {
+        return '***';
+    }
+    return secret.substring(0, 8) + '***';
+}
+/**
+ * Extract filename from diff context.
+ * Looks for lines like "+++ b/path/to/file.ts"
+ */
+function extractFileFromDiff(diff, position) {
+    // Find the nearest "+++ b/" before the match position
+    const beforeMatch = diff.substring(0, position);
+    const lines = beforeMatch.split('\n');
+    // Search backwards for file header
+    for (let i = lines.length - 1; i >= 0; i--) {
+        const line = lines[i];
+        if (line.startsWith('+++ b/')) {
+            return line.substring(6); // Remove "+++ b/"
+        }
+        if (line.startsWith('diff --git')) {
+            // Found diff header without +++ b/, extract from diff line
+            const match = line.match(/diff --git a\/.+ b\/(.+)/);
+            return match ? match[1] : null;
+        }
+    }
+    return null;
+}
+/**
+ * Determine severity based on pattern type.
+ */
+function determineSeverity(patternName) {
+    // High-value secrets are critical
+    const criticalPatterns = [
+        'OpenAI API Key',
+        'GitHub Personal Access Token',
+        'GitLab Personal Access Token',
+        'AWS Access Key',
+    ];
+    return criticalPatterns.includes(patternName) ? 'critical' : 'warning';
+}
+/**
+ * Synchronous version that works with already-fetched commit data.
+ * For use when diffs aren't available (e.g., from JSONL timeline).
+ */
+export function detectSecretLeakageFromMessages(commits, config = {}) {
+    if (!config.secretDetectionEnabled) {
+        return {
+            detected: false,
+            findings: [],
+            totalFindings: 0,
+            criticalFindings: 0,
+            message: 'Secret detection disabled',
+        };
+    }
+    const findings = [];
+    const patterns = {
+        ...SECRET_PATTERNS,
+        ...(config.customSecretPatterns || {}),
+    };
+    for (const commit of commits) {
+        const contentToScan = commit.message;
+        for (const [patternName, regex] of Object.entries(patterns)) {
+            regex.lastIndex = 0;
+            let match;
+            while ((match = regex.exec(contentToScan)) !== null) {
+                const matchedText = match[0];
+                const maskedSecret = maskSecret(matchedText);
+                findings.push({
+                    commitHash: commit.hash,
+                    commitMessage: commit.message,
+                    timestamp: commit.date,
+                    file: 'commit-message',
+                    pattern: patternName,
+                    matchedText: maskedSecret,
+                    lineContext: commit.message.substring(0, 80),
+                    severity: determineSeverity(patternName),
+                });
+            }
+        }
+    }
+    const criticalFindings = findings.filter((f) => f.severity === 'critical').length;
+    const detected = findings.length > 0;
+    let message = 'No secrets in commit messages';
+    if (detected) {
+        message = `${findings.length} secret(s) in messages (${criticalFindings} critical)`;
+    }
+    return {
+        detected,
+        findings,
+        totalFindings: findings.length,
+        criticalFindings,
+        message,
+    };
+}
+//# sourceMappingURL=secret-leakage.js.map

package/dist/ai-safety/secret-leakage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-leakage.js","sourceRoot":"","sources":["../../src/ai-safety/secret-leakage.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,SAAS,EAAa,MAAM,YAAY,CAAC;AAElD,OAAO,EAGL,eAAe,GAEhB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,QAAgB,EAChB,OAAiB,EACjB,SAAkC,EAAE;IAEpC,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE,CAAC;QACnC,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,EAAE;YACZ,aAAa,EAAE,CAAC;YAChB,gBAAgB,EAAE,CAAC;YACnB,OAAO,EAAE,2BAA2B;SACrC,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,GAAG,GAAc,SAAS,CAAC,QAAQ,CAAC,CAAC;IAE3C,oCAAoC;IACpC,MAAM,QAAQ,GAAG;QACf,GAAG,eAAe;QAClB,GAAG,CAAC,MAAM,CAAC,oBAAoB,IAAI,EAAE,CAAC;KACvC,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,IAAI,aAAqB,CAAC;YAE1B,IAAI,MAAM,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBACzC,2BAA2B;gBAC3B,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC;YACjC,CAAC;iBAAM,CAAC;gBACN,+CAA+C;gBAC/C,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;gBACnE,aAAa,GAAG,IAAI,CAAC;YACvB,CAAC;YAED,+BAA+B;YAC/B,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5D,oBAAoB;gBACpB,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;gBAEpB,IAAI,KAA6B,CAAC;gBAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBACpD,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC7B,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC;oBAE/B,+CAA+C;oBAC/C,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAC;oBAClD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,UAAU,GAAG,WAAW,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;oBACxF,MAAM,UAAU,GAAG,aAAa,CAAC,SAAS,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;oBAErE,uDAAuD;oBACvD,MAAM,YAAY,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;oBAC7C,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;oBAElE,mCAAmC;oBACnC,MAAM,IAAI,GAAG,mBAAmB,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;oBAE5D,QAAQ,CAAC,IAAI,CAAC;wBACZ,UAAU,EAAE,MAAM,CAAC,IAAI;wBACvB,aAAa,EAAE,MAAM,CAAC,OAAO;wBAC7B,SAAS,EAAE,MAAM,CAAC,IAAI;wBACtB,IAAI,EAAE,IAAI,IAAI,SAAS;wBACvB,OAAO,EAAE,WAAW;wBACpB,WAAW,EAAE,YAAY;wBACzB,WAAW,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE;wBACnD,QAAQ,EAAE,iBAAiB,CAAC,WAAW,CAAC;qBACzC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gCAAgC;YAChC,SAAS;QACX,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAClF,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAErC,IAAI,OAAO,GAAG,qBAAqB,CAAC;IACpC,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,qBAAqB,gBAAgB,YAAY,CAAC;IAChF,CAAC;IAED,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,gBAAgB;QAChB,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,MAAc;IAChC,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,IAAY,EAAE,QAAgB;IACzD,sDAAsD;IACtD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEtC,mCAAmC;IACnC,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB;QAC9C,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,2DAA2D;YAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;YACrD,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjC,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,WAAmB;IAC5C,kCAAkC;IAClC,MAAM,gBAAgB,GAAG;QACvB,gBAAgB;QAChB,8BAA8B;QAC9B,8BAA8B;QAC9B,gBAAgB;KACjB,CAAC;IAEF,OAAO,gBAAgB,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;AACzE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAC7C,OAAiB,EACjB,SAAkC,EAAE;IAEpC,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE,CAAC;QACnC,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,EAAE;YACZ,aAAa,EAAE,CAAC;YAChB,gBAAgB,EAAE,CAAC;YACnB,OAAO,EAAE,2BAA2B;SACrC,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAG;QACf,GAAG,eAAe;QAClB,GAAG,CAAC,MAAM,CAAC,oBAAoB,IAAI,EAAE,CAAC;KACvC,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC;QAErC,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5D,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;YAEpB,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACpD,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC7B,MAAM,YAAY,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;gBAE7C,QAAQ,CAAC,IAAI,CAAC;oBACZ,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,aAAa,EAAE,MAAM,CAAC,OAAO;oBAC7B,SAAS,EAAE,MAAM,CAAC,IAAI;oBACtB,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,WAAW;oBACpB,WAAW,EAAE,YAAY;oBACzB,WAAW,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;oBAC5C,QAAQ,EAAE,iBAAiB,CAAC,WAAW,CAAC;iBACzC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAClF,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAErC,IAAI,OAAO,GAAG,+BAA+B,CAAC;IAC9C,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,2BAA2B,gBAAgB,YAAY,CAAC;IACtF,CAAC;IAED,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,gBAAgB;QAChB,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/ai-safety/token-spiral.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Token Spiral Detector
+ *
+ * Estimates token usage from commit size and detects explosion patterns.
+ * Uses heuristic: ~4 characters per token (GPT-style tokenization).
+ * Detects when commits exceed baseline by configurable threshold.
+ */
+import { Commit } from '../types.js';
+import { TokenSpiralResult, AISafetyConfig } from './types.js';
+/**
+ * Detect token spirals in commit history.
+ */
+export declare function detectTokenSpiral(commits: Commit[], lineStatsPerCommit: Map<string, {
+    additions: number;
+    deletions: number;
+}>, filesPerCommit: Map<string, string[]>, config?: Partial<AISafetyConfig>): TokenSpiralResult;
+//# sourceMappingURL=token-spiral.d.ts.map

package/dist/ai-safety/token-spiral.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-spiral.d.ts","sourceRoot":"","sources":["../../src/ai-safety/token-spiral.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EACL,iBAAiB,EAGjB,cAAc,EACf,MAAM,YAAY,CAAC;AA+EpB;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EAAE,EACjB,kBAAkB,EAAE,GAAG,CAAC,MAAM,EAAE;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,EACzE,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EACrC,MAAM,GAAE,OAAO,CAAC,cAAc,CAAM,GACnC,iBAAiB,CAwJnB"}