@boshu2/vibe-check 2.2.1 → 2.4.0

package/dist/ai-safety/contract-drift.js

@@ -0,0 +1,230 @@
+/**
+ * Contract Drift Detector
+ *
+ * Tracks commit message format compliance over time.
+ * Detects degradation from conventional commits format.
+ * Reports drift percentage and trend.
+ */
+// Valid conventional commit types
+const VALID_TYPES = new Set([
+    'feat', 'fix', 'docs', 'style', 'refactor', 'perf',
+    'test', 'build', 'ci', 'chore', 'revert', 'tracer', 'tb',
+]);
+// Vague words that indicate low-quality commit messages
+const VAGUE_WORDS = new Set([
+    'fix', 'update', 'change', 'modify', 'stuff', 'things',
+    'misc', 'wip', 'temp', 'test', 'debug', 'asdf', 'foo',
+]);
+/**
+ * Calculate compliance score for a single commit message.
+ * Returns 0-100 where 100 is perfect conventional commit format.
+ */
+function scoreCommitCompliance(message) {
+    const issues = [];
+    let score = 100;
+    // Check conventional commit format: type(scope): description
+    const conventionalMatch = message.match(/^(\w+)(?:\(([^)]+)\))?:\s*(.+)/);
+    if (!conventionalMatch) {
+        // No conventional format at all
+        if (!message.includes(':')) {
+            issues.push('missing_colon');
+            score -= 30;
+        }
+        // Try to detect if there's a type-like prefix
+        const words = message.split(/\s+/);
+        if (words.length > 0 && !VALID_TYPES.has(words[0].toLowerCase())) {
+            issues.push('missing_type');
+            score -= 25;
+        }
+    }
+    else {
+        const [, type, , description] = conventionalMatch;
+        // Check if type is valid
+        if (!VALID_TYPES.has(type.toLowerCase())) {
+            issues.push('invalid_type');
+            score -= 20;
+        }
+        // Check description quality
+        if (!description || description.trim().length === 0) {
+            issues.push('no_description');
+            score -= 30;
+        }
+        else {
+            // Check for vague descriptions
+            const descWords = description.toLowerCase().split(/\s+/);
+            const vagueCount = descWords.filter(w => VAGUE_WORDS.has(w)).length;
+            if (vagueCount > 0 && descWords.length <= 3) {
+                issues.push('vague_message');
+                score -= 15;
+            }
+            // Check for too short description
+            if (description.length < 10) {
+                issues.push('too_short');
+                score -= 10;
+            }
+            // Check for all caps (shouting)
+            if (description === description.toUpperCase() && description.length > 5) {
+                issues.push('all_caps');
+                score -= 10;
+            }
+            // Check for lowercase start (should be lowercase for conventional commits)
+            if (description[0] && description[0] === description[0].toUpperCase() &&
+                description[0] !== description[0].toLowerCase()) {
+                // Starts with uppercase - minor issue
+                issues.push('starts_with_lowercase');
+                score -= 5;
+            }
+        }
+    }
+    // Ensure score stays in bounds
+    return {
+        score: Math.max(0, Math.min(100, score)),
+        issues,
+    };
+}
+/**
+ * Calculate entropy score for commit messages.
+ * Higher entropy (0-1) means more random/inconsistent messages.
+ */
+function calculateEntropy(commits) {
+    if (commits.length === 0)
+        return 0;
+    // Count type distribution
+    const typeCounts = new Map();
+    for (const commit of commits) {
+        const count = typeCounts.get(commit.type) || 0;
+        typeCounts.set(commit.type, count + 1);
+    }
+    // Calculate Shannon entropy
+    let entropy = 0;
+    const total = commits.length;
+    for (const count of typeCounts.values()) {
+        const p = count / total;
+        if (p > 0) {
+            entropy -= p * Math.log2(p);
+        }
+    }
+    // Normalize to 0-1 range (max entropy = log2(n) for n categories)
+    const maxEntropy = Math.log2(Math.max(typeCounts.size, 1));
+    const normalizedEntropy = maxEntropy > 0 ? entropy / maxEntropy : 0;
+    // Invert: we want high entropy for BAD (inconsistent) commits
+    // Low variety in types is actually good for contract compliance
+    // So we measure "type consistency" inversely
+    // Actually, for contract drift, we want to measure message QUALITY entropy
+    // A mix of good and bad messages = medium entropy
+    // All bad messages = low entropy (consistently bad)
+    // All good messages = low entropy (consistently good)
+    // For our purposes, we'll measure the "other" type ratio as entropy proxy
+    const otherCount = typeCounts.get('other') || 0;
+    const otherRatio = otherCount / total;
+    return otherRatio; // 0 = all conventional, 1 = all non-conventional
+}
+/**
+ * Detect contract drift in commit messages.
+ */
+export function detectContractDrift(commits, config = {}) {
+    // Check if contract checking is enabled
+    if (config.contractCheckEnabled === false) {
+        return {
+            detected: false,
+            driftMetrics: {
+                baselineCompliance: 0,
+                currentCompliance: 0,
+                driftPercentage: 0,
+                trend: 'stable',
+                entropyScore: 0,
+            },
+            degradingCommits: [],
+            totalDegradingCommits: 0,
+            message: 'Contract checking disabled',
+        };
+    }
+    if (commits.length === 0) {
+        return {
+            detected: false,
+            driftMetrics: {
+                baselineCompliance: 100,
+                currentCompliance: 100,
+                driftPercentage: 0,
+                trend: 'stable',
+                entropyScore: 0,
+            },
+            degradingCommits: [],
+            totalDegradingCommits: 0,
+            message: 'No commits to analyze',
+        };
+    }
+    const driftThreshold = config.driftThreshold ?? 30;
+    // Sort commits by date (oldest first)
+    const sortedCommits = [...commits].sort((a, b) => a.date.getTime() - b.date.getTime());
+    // Calculate compliance for all commits
+    const complianceData = sortedCommits.map(commit => ({
+        commit,
+        ...scoreCommitCompliance(commit.message),
+    }));
+    // Determine baseline window (first 20% or at least 3 commits)
+    const baselineSize = Math.max(3, Math.floor(commits.length * 0.2));
+    const currentSize = Math.max(3, Math.floor(commits.length * 0.2));
+    const baselineCommits = complianceData.slice(0, baselineSize);
+    const currentCommits = complianceData.slice(-currentSize);
+    // Calculate average compliance
+    const baselineCompliance = baselineCommits.length > 0
+        ? baselineCommits.reduce((sum, c) => sum + c.score, 0) / baselineCommits.length
+        : 100;
+    const currentCompliance = currentCommits.length > 0
+        ? currentCommits.reduce((sum, c) => sum + c.score, 0) / currentCommits.length
+        : 100;
+    // Calculate drift percentage (negative = improvement, positive = degradation)
+    const driftPercentage = baselineCompliance > 0
+        ? ((baselineCompliance - currentCompliance) / baselineCompliance) * 100
+        : 0;
+    // Determine trend
+    let trend = 'stable';
+    if (driftPercentage > 10) {
+        trend = 'degrading';
+    }
+    else if (driftPercentage < -10) {
+        trend = 'improving';
+    }
+    // Calculate entropy score
+    const entropyScore = calculateEntropy(sortedCommits);
+    // Find degrading commits (score below 70)
+    const degradingCommits = complianceData
+        .filter(c => c.score < 70)
+        .map(c => ({
+        hash: c.commit.hash,
+        message: c.commit.message,
+        timestamp: c.commit.date,
+        issues: c.issues,
+        complianceScore: c.score,
+    }));
+    // Detect if contract drift is significant
+    const detected = driftPercentage > driftThreshold || degradingCommits.length > commits.length * 0.3;
+    // Generate message
+    let message = 'Commit format compliance stable';
+    if (detected) {
+        if (trend === 'degrading') {
+            message = `Commit format degrading: ${driftPercentage.toFixed(0)}% drift from baseline`;
+        }
+        else {
+            message = `${degradingCommits.length} commits below quality threshold`;
+        }
+    }
+    else if (trend === 'improving') {
+        message = 'Commit format improving over time';
+    }
+    return {
+        detected,
+        driftMetrics: {
+            baselineCompliance: Math.round(baselineCompliance),
+            currentCompliance: Math.round(currentCompliance),
+            driftPercentage: Math.round(driftPercentage),
+            trend,
+            entropyScore: Math.round(entropyScore * 100) / 100,
+        },
+        degradingCommits,
+        totalDegradingCommits: degradingCommits.length,
+        message,
+    };
+}
+//# sourceMappingURL=contract-drift.js.map

package/dist/ai-safety/contract-drift.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"contract-drift.js","sourceRoot":"","sources":["../../src/ai-safety/contract-drift.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAUH,kCAAkC;AAClC,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;IAC1B,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM;IAClD,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI;CACzD,CAAC,CAAC;AAEH,wDAAwD;AACxD,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC;IAC1B,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ;IACtD,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK;CACtD,CAAC,CAAC;AAOH;;;GAGG;AACH,SAAS,qBAAqB,CAAC,OAAe;IAI5C,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,IAAI,KAAK,GAAG,GAAG,CAAC;IAEhB,6DAA6D;IAC7D,MAAM,iBAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;IAE1E,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,gCAAgC;QAChC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAC7B,KAAK,IAAI,EAAE,CAAC;QACd,CAAC;QAED,8CAA8C;QAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACjE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5B,KAAK,IAAI,EAAE,CAAC;QACd,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,EAAE,IAAI,EAAE,AAAD,EAAG,WAAW,CAAC,GAAG,iBAAiB,CAAC;QAElD,yBAAyB;QACzB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAC5B,KAAK,IAAI,EAAE,CAAC;QACd,CAAC;QAED,4BAA4B;QAC5B,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;YAC9B,KAAK,IAAI,EAAE,CAAC;QACd,CAAC;aAAM,CAAC;YACN,+BAA+B;YAC/B,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACzD,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;YACpE,IAAI,UAAU,GAAG,CAAC,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;gBAC5C,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;gBAC7B,KAAK,IAAI,EAAE,CAAC;YACd,CAAC;YAED,kCAAkC;YAClC,IAAI,WAAW,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;gBAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;gBACzB,KAAK,IAAI,EAAE,CAAC;YACd,CAAC;YAED,gCAAgC;YAChC,IAAI,WAAW,KAAK,WAAW,CAAC,WAAW,EAAE,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBACxB,KAAK,IAAI,EAAE,CAAC;YACd,CAAC;YAED,2EAA2E;YAC3E,IAAI,WAAW,CAAC,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,KAAK,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE;gBACjE,WAAW,CAAC,CAAC,CAAC,KAAK,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;gBACpD,sCAAsC;gBACtC,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;gBACrC,KAAK,IAAI,CAAC,CAAC;YACb,CAAC;QACH,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACxC,MAAM;KACP,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,OAAiB;IACzC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAEnC,0BAA0B;IAC1B,MAAM,UAAU,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC7C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/C,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC;IAED,4BAA4B;IAC5B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC;IAE7B,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC;QACxC,MAAM,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC;QACxB,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACV,OAAO,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,kEAAkE;IAClE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC3D,MAAM,iBAAiB,GAAG,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IAEpE,8DAA8D;IAC9D,gEAAgE;IAChE,6CAA6C;IAE7C,2EAA2E;IAC3E,kDAAkD;IAClD,oDAAoD;IACpD,sDAAsD;IAEtD,0EAA0E;IAC1E,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,UAAU,GAAG,UAAU,GAAG,KAAK,CAAC;IAEtC,OAAO,UAAU,CAAC,CAAC,iDAAiD;AACtE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAiB,EACjB,SAAkC,EAAE;IAEpC,wCAAwC;IACxC,IAAI,MAAM,CAAC,oBAAoB,KAAK,KAAK,EAAE,CAAC;QAC1C,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,YAAY,EAAE;gBACZ,kBAAkB,EAAE,CAAC;gBACrB,iBAAiB,EAAE,CAAC;gBACpB,eAAe,EAAE,CAAC;gBAClB,KAAK,EAAE,QAAQ;gBACf,YAAY,EAAE,CAAC;aAChB;YACD,gBAAgB,EAAE,EAAE;YACpB,qBAAqB,EAAE,CAAC;YACxB,OAAO,EAAE,4BAA4B;SACtC,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,YAAY,EAAE;gBACZ,kBAAkB,EAAE,GAAG;gBACvB,iBAAiB,EAAE,GAAG;gBACtB,eAAe,EAAE,CAAC;gBAClB,KAAK,EAAE,QAAQ;gBACf,YAAY,EAAE,CAAC;aAChB;YACD,gBAAgB,EAAE,EAAE;YACpB,qBAAqB,EAAE,CAAC;YACxB,OAAO,EAAE,uBAAuB;SACjC,CAAC;IACJ,CAAC;IAED,MAAM,cAAc,GAAG,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC;IAEnD,sCAAsC;IACtC,MAAM,aAAa,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CACrC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAC9C,CAAC;IAEF,uCAAuC;IACvC,MAAM,cAAc,GAAG,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAClD,MAAM;QACN,GAAG,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC;KACzC,CAAC,CAAC,CAAC;IAEJ,8DAA8D;IAC9D,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC;IACnE,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC;IAElE,MAAM,eAAe,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,MAAM,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,WAAW,CAAC,CAAC;IAE1D,+BAA+B;IAC/B,MAAM,kBAAkB,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC;QACnD,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,eAAe,CAAC,MAAM;QAC/E,CAAC,CAAC,GAAG,CAAC;IAER,MAAM,iBAAiB,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC;QACjD,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,GAAG,cAAc,CAAC,MAAM;QAC7E,CAAC,CAAC,GAAG,CAAC;IAER,8EAA8E;IAC9E,MAAM,eAAe,GAAG,kBAAkB,GAAG,CAAC;QAC5C,CAAC,CAAC,CAAC,CAAC,kBAAkB,GAAG,iBAAiB,CAAC,GAAG,kBAAkB,CAAC,GAAG,GAAG;QACvE,CAAC,CAAC,CAAC,CAAC;IAEN,kBAAkB;IAClB,IAAI,KAAK,GAAyC,QAAQ,CAAC;IAC3D,IAAI,eAAe,GAAG,EAAE,EAAE,CAAC;QACzB,KAAK,GAAG,WAAW,CAAC;IACtB,CAAC;SAAM,IAAI,eAAe,GAAG,CAAC,EAAE,EAAE,CAAC;QACjC,KAAK,GAAG,WAAW,CAAC;IACtB,CAAC;IAED,0BAA0B;IAC1B,MAAM,YAAY,GAAG,gBAAgB,CAAC,aAAa,CAAC,CAAC;IAErD,0CAA0C;IAC1C,MAAM,gBAAgB,GAAsB,cAAc;SACvD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;SACzB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACT,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI;QACnB,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO;QACzB,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,IAAI;QACxB,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,eAAe,EAAE,CAAC,CAAC,KAAK;KACzB,CAAC,CAAC,CAAC;IAEN,0CAA0C;IAC1C,MAAM,QAAQ,GAAG,eAAe,GAAG,cAAc,IAAI,gBAAgB,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,GAAG,CAAC;IAEpG,mBAAmB;IACnB,IAAI,OAAO,GAAG,iCAAiC,CAAC;IAChD,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,KAAK,KAAK,WAAW,EAAE,CAAC;YAC1B,OAAO,GAAG,4BAA4B,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC;QAC1F,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,GAAG,gBAAgB,CAAC,MAAM,kCAAkC,CAAC;QACzE,CAAC;IACH,CAAC;SAAM,IAAI,KAAK,KAAK,WAAW,EAAE,CAAC;QACjC,OAAO,GAAG,mCAAmC,CAAC;IAChD,CAAC;IAED,OAAO;QACL,QAAQ;QACR,YAAY,EAAE;YACZ,kBAAkB,EAAE,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC;YAClD,iBAAiB,EAAE,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;YAChD,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC;YAC5C,KAAK;YACL,YAAY,EAAE,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,GAAG,CAAC,GAAG,GAAG;SACnD;QACD,gBAAgB;QAChB,qBAAqB,EAAE,gBAAgB,CAAC,MAAM;QAC9C,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/ai-safety/index.d.ts

@@ -0,0 +1,43 @@
+/**
+ * AI Safety Detection Module
+ *
+ * This module detects LLM-specific antipatterns in commit history:
+ * 1. Secret Leakage - Exposed API keys, tokens, credentials
+ * 2. Scope Violation - Commits touching files outside declared domain
+ * 3. Contract Drift - Commit message format degrading over time
+ * 4. Token Spiral - Runaway token consumption (context explosion)
+ */
+import { Commit } from '../types.js';
+import { AISafetyAnalysis, AISafetyConfig } from './types.js';
+export * from './types.js';
+export { detectSecretLeakage, detectSecretLeakageFromMessages } from './secret-leakage.js';
+export { detectScopeViolations, loadScopeConfig } from './scope-violation.js';
+export { detectContractDrift } from './contract-drift.js';
+export { detectTokenSpiral } from './token-spiral.js';
+/**
+ * Run all AI safety detectors.
+ *
+ * @param commits - List of commits to analyze
+ * @param filesPerCommit - Map of commit hash to changed files
+ * @param config - Detection configuration
+ * @param repoPath - Optional repository path for scope config loading
+ * @param lineStatsPerCommit - Optional line stats for token estimation
+ * @returns AI safety analysis results
+ */
+export declare function analyzeAISafety(commits: Commit[], filesPerCommit: Map<string, string[]>, config?: Partial<AISafetyConfig>, repoPath?: string, lineStatsPerCommit?: Map<string, {
+    additions: number;
+    deletions: number;
+}>): AISafetyAnalysis;
+/**
+ * Quick check for AI safety issues (fast, minimal analysis).
+ */
+export declare function quickAISafetyCheck(commits: Commit[], filesPerCommit: Map<string, string[]>): {
+    hasIssues: boolean;
+    issueCount: number;
+    topIssue: string | null;
+};
+/**
+ * Format AI safety analysis for terminal output.
+ */
+export declare function formatAISafetyAnalysis(analysis: AISafetyAnalysis): string;
+//# sourceMappingURL=index.d.ts.map

package/dist/ai-safety/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/ai-safety/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EACL,gBAAgB,EAChB,cAAc,EAMf,MAAM,YAAY,CAAC;AAOpB,cAAc,YAAY,CAAC;AAE3B,OAAO,EAAE,mBAAmB,EAAE,+BAA+B,EAAE,MAAM,qBAAqB,CAAC;AAC3F,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC9E,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE,MAAM,EAAE,EACjB,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EACrC,MAAM,GAAE,OAAO,CAAC,cAAc,CAAM,EACpC,QAAQ,CAAC,EAAE,MAAM,EACjB,kBAAkB,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,GACzE,gBAAgB,CA4DlB;AAyED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,OAAO,EAAE,MAAM,EAAE,EACjB,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,GACpC;IACD,SAAS,EAAE,OAAO,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,CAcA;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,gBAAgB,GAAG,MAAM,CAgDzE"}

package/dist/ai-safety/index.js

@@ -0,0 +1,177 @@
+/**
+ * AI Safety Detection Module
+ *
+ * This module detects LLM-specific antipatterns in commit history:
+ * 1. Secret Leakage - Exposed API keys, tokens, credentials
+ * 2. Scope Violation - Commits touching files outside declared domain
+ * 3. Contract Drift - Commit message format degrading over time
+ * 4. Token Spiral - Runaway token consumption (context explosion)
+ */
+import { DEFAULT_AI_SAFETY_CONFIG, } from './types.js';
+import { detectSecretLeakageFromMessages } from './secret-leakage.js';
+import { detectScopeViolations } from './scope-violation.js';
+import { detectContractDrift } from './contract-drift.js';
+import { detectTokenSpiral } from './token-spiral.js';
+// Re-export types
+export * from './types.js';
+// Re-export detector functions
+export { detectSecretLeakage, detectSecretLeakageFromMessages } from './secret-leakage.js';
+export { detectScopeViolations, loadScopeConfig } from './scope-violation.js';
+export { detectContractDrift } from './contract-drift.js';
+export { detectTokenSpiral } from './token-spiral.js';
+/**
+ * Run all AI safety detectors.
+ *
+ * @param commits - List of commits to analyze
+ * @param filesPerCommit - Map of commit hash to changed files
+ * @param config - Detection configuration
+ * @param repoPath - Optional repository path for scope config loading
+ * @param lineStatsPerCommit - Optional line stats for token estimation
+ * @returns AI safety analysis results
+ */
+export function analyzeAISafety(commits, filesPerCommit, config = {}, repoPath, lineStatsPerCommit) {
+    const cfg = { ...DEFAULT_AI_SAFETY_CONFIG, ...config };
+    // Run secret leakage detector (synchronous version for commit messages)
+    const secretLeakage = detectSecretLeakageFromMessages(commits, cfg);
+    // Run scope violation detector
+    const scopeViolations = detectScopeViolations(commits, filesPerCommit, cfg, repoPath);
+    // Run contract drift detector
+    const contractDrift = detectContractDrift(commits, cfg);
+    // Run token spiral detector
+    const tokenSpiral = detectTokenSpiral(commits, lineStatsPerCommit || new Map(), filesPerCommit, cfg);
+    // Calculate summary
+    const totalIssues = secretLeakage.totalFindings +
+        scopeViolations.totalViolations +
+        contractDrift.totalDegradingCommits +
+        tokenSpiral.spirals.length;
+    const criticalIssues = secretLeakage.criticalFindings + scopeViolations.totalViolations;
+    const warningIssues = contractDrift.totalDegradingCommits + (tokenSpiral.detected ? 1 : 0);
+    // Determine overall health
+    let overallHealth = 'healthy';
+    if (criticalIssues > 0) {
+        overallHealth = 'critical';
+    }
+    else if (warningIssues > 0) {
+        overallHealth = 'warning';
+    }
+    // Generate recommendations
+    const recommendations = generateRecommendations(secretLeakage, scopeViolations, contractDrift, tokenSpiral);
+    return {
+        secretLeakage,
+        scopeViolations,
+        contractDrift,
+        tokenSpiral,
+        summary: {
+            totalIssues,
+            criticalIssues,
+            warningIssues,
+            overallHealth,
+        },
+        recommendations,
+    };
+}
+/**
+ * Generate recommendations based on detected AI safety issues.
+ */
+function generateRecommendations(secretLeakage, scopeViolations, contractDrift, tokenSpiral) {
+    const recommendations = [];
+    // Secret Leakage recommendations
+    if (secretLeakage.detected) {
+        recommendations.push('🔐 CRITICAL: Secrets detected in commits. Rotate exposed credentials immediately.');
+        recommendations.push('Run `git filter-repo` or BFG Repo-Cleaner to remove secrets from git history.');
+        if (secretLeakage.criticalFindings > 0) {
+            recommendations.push('⚠️  High-value secrets found (API keys, tokens). This is a SECURITY INCIDENT.');
+        }
+    }
+    // Scope Violation recommendations
+    if (scopeViolations.detected) {
+        recommendations.push('🎯 AI modified files outside declared scope. Be more explicit about allowed files.');
+        recommendations.push('Example: "ONLY modify src/feature.ts and src/feature.test.ts"');
+    }
+    // Contract Drift recommendations
+    if (contractDrift.detected) {
+        const drift = contractDrift.driftMetrics;
+        if (drift.trend === 'degrading') {
+            recommendations.push(`📉 Commit message quality degrading (${drift.driftPercentage.toFixed(0)}% worse). Reinforce commit format expectations.`);
+            recommendations.push('Remind AI to use conventional commits: "feat:", "fix:", "docs:", etc.');
+        }
+    }
+    // Token Spiral recommendations
+    if (tokenSpiral.detected) {
+        if (tokenSpiral.estimatedTokens.explosionDetected) {
+            recommendations.push('💥 Token usage exploded. Context window may be filling up with repeated content.');
+            recommendations.push('Consider: 1) Break task into smaller pieces, 2) Start fresh session, 3) Use more focused prompts');
+        }
+    }
+    // Emergency recommendation for multiple critical issues
+    if (secretLeakage.criticalFindings > 0 && scopeViolations.totalViolations > 2) {
+        recommendations.unshift('🚨 SECURITY ALERT: Multiple critical AI safety issues. STOP and review all changes before proceeding.');
+    }
+    return recommendations;
+}
+/**
+ * Quick check for AI safety issues (fast, minimal analysis).
+ */
+export function quickAISafetyCheck(commits, filesPerCommit) {
+    const analysis = analyzeAISafety(commits, filesPerCommit);
+    const issues = [];
+    if (analysis.secretLeakage.detected)
+        issues.push('secret-leakage');
+    if (analysis.scopeViolations.detected)
+        issues.push('scope-violation');
+    if (analysis.contractDrift.detected)
+        issues.push('contract-drift');
+    if (analysis.tokenSpiral.detected)
+        issues.push('token-spiral');
+    return {
+        hasIssues: issues.length > 0,
+        issueCount: issues.length,
+        topIssue: issues[0] || null,
+    };
+}
+/**
+ * Format AI safety analysis for terminal output.
+ */
+export function formatAISafetyAnalysis(analysis) {
+    const lines = [];
+    // Header
+    const healthEmoji = analysis.summary.overallHealth === 'critical'
+        ? '🚨'
+        : analysis.summary.overallHealth === 'warning'
+            ? '⚠️'
+            : '✅';
+    lines.push(`\n${healthEmoji} AI Safety: ${analysis.summary.overallHealth.toUpperCase()}`);
+    lines.push('─'.repeat(50));
+    // Individual pattern results
+    if (analysis.secretLeakage.detected) {
+        lines.push(`🔐 Secret Leakage: ${analysis.secretLeakage.message}`);
+    }
+    if (analysis.scopeViolations.detected) {
+        lines.push(`🎯 Scope Violations: ${analysis.scopeViolations.message}`);
+    }
+    if (analysis.contractDrift.detected) {
+        lines.push(`📉 Contract Drift: ${analysis.contractDrift.message}`);
+    }
+    if (analysis.tokenSpiral.detected) {
+        lines.push(`💥 Token Spiral: ${analysis.tokenSpiral.message}`);
+    }
+    // Summary
+    if (analysis.summary.totalIssues > 0) {
+        lines.push('');
+        lines.push(`Total: ${analysis.summary.totalIssues} issue${analysis.summary.totalIssues > 1 ? 's' : ''} ` +
+            `(${analysis.summary.criticalIssues} critical, ${analysis.summary.warningIssues} warning)`);
+    }
+    else {
+        lines.push('No AI safety issues detected.');
+    }
+    // Recommendations
+    if (analysis.recommendations.length > 0) {
+        lines.push('');
+        lines.push('Recommendations:');
+        for (const rec of analysis.recommendations.slice(0, 5)) {
+            lines.push(`  ${rec}`);
+        }
+    }
+    return lines.join('\n');
+}
+//# sourceMappingURL=index.js.map

package/dist/ai-safety/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/ai-safety/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAGL,wBAAwB,GAKzB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,+BAA+B,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD,kBAAkB;AAClB,cAAc,YAAY,CAAC;AAC3B,+BAA+B;AAC/B,OAAO,EAAE,mBAAmB,EAAE,+BAA+B,EAAE,MAAM,qBAAqB,CAAC;AAC3F,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC9E,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEtD;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,OAAiB,EACjB,cAAqC,EACrC,SAAkC,EAAE,EACpC,QAAiB,EACjB,kBAA0E;IAE1E,MAAM,GAAG,GAAG,EAAE,GAAG,wBAAwB,EAAE,GAAG,MAAM,EAAE,CAAC;IAEvD,wEAAwE;IACxE,MAAM,aAAa,GAAG,+BAA+B,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAEpE,+BAA+B;IAC/B,MAAM,eAAe,GAAG,qBAAqB,CAAC,OAAO,EAAE,cAAc,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAEtF,8BAA8B;IAC9B,MAAM,aAAa,GAAG,mBAAmB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAExD,4BAA4B;IAC5B,MAAM,WAAW,GAAG,iBAAiB,CACnC,OAAO,EACP,kBAAkB,IAAI,IAAI,GAAG,EAAE,EAC/B,cAAc,EACd,GAAG,CACJ,CAAC;IAEF,oBAAoB;IACpB,MAAM,WAAW,GACf,aAAa,CAAC,aAAa;QAC3B,eAAe,CAAC,eAAe;QAC/B,aAAa,CAAC,qBAAqB;QACnC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;IAE7B,MAAM,cAAc,GAAG,aAAa,CAAC,gBAAgB,GAAG,eAAe,CAAC,eAAe,CAAC;IAExF,MAAM,aAAa,GAAG,aAAa,CAAC,qBAAqB,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3F,2BAA2B;IAC3B,IAAI,aAAa,GAAuC,SAAS,CAAC;IAClE,IAAI,cAAc,GAAG,CAAC,EAAE,CAAC;QACvB,aAAa,GAAG,UAAU,CAAC;IAC7B,CAAC;SAAM,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;QAC7B,aAAa,GAAG,SAAS,CAAC;IAC5B,CAAC;IAED,2BAA2B;IAC3B,MAAM,eAAe,GAAG,uBAAuB,CAC7C,aAAa,EACb,eAAe,EACf,aAAa,EACb,WAAW,CACZ,CAAC;IAEF,OAAO;QACL,aAAa;QACb,eAAe;QACf,aAAa;QACb,WAAW;QACX,OAAO,EAAE;YACP,WAAW;YACX,cAAc;YACd,aAAa;YACb,aAAa;SACd;QACD,eAAe;KAChB,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAC9B,aAAkC,EAClC,eAAqC,EACrC,aAAkC,EAClC,WAA8B;IAE9B,MAAM,eAAe,GAAa,EAAE,CAAC;IAErC,iCAAiC;IACjC,IAAI,aAAa,CAAC,QAAQ,EAAE,CAAC;QAC3B,eAAe,CAAC,IAAI,CAClB,mFAAmF,CACpF,CAAC;QACF,eAAe,CAAC,IAAI,CAClB,+EAA+E,CAChF,CAAC;QACF,IAAI,aAAa,CAAC,gBAAgB,GAAG,CAAC,EAAE,CAAC;YACvC,eAAe,CAAC,IAAI,CAClB,+EAA+E,CAChF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,kCAAkC;IAClC,IAAI,eAAe,CAAC,QAAQ,EAAE,CAAC;QAC7B,eAAe,CAAC,IAAI,CAClB,oFAAoF,CACrF,CAAC;QACF,eAAe,CAAC,IAAI,CAClB,+DAA+D,CAChE,CAAC;IACJ,CAAC;IAED,iCAAiC;IACjC,IAAI,aAAa,CAAC,QAAQ,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,aAAa,CAAC,YAAY,CAAC;QACzC,IAAI,KAAK,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;YAChC,eAAe,CAAC,IAAI,CAClB,wCAAwC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC,iDAAiD,CAC1H,CAAC;YACF,eAAe,CAAC,IAAI,CAClB,uEAAuE,CACxE,CAAC;QACJ,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;QACzB,IAAI,WAAW,CAAC,eAAe,CAAC,iBAAiB,EAAE,CAAC;YAClD,eAAe,CAAC,IAAI,CAClB,kFAAkF,CACnF,CAAC;YACF,eAAe,CAAC,IAAI,CAClB,kGAAkG,CACnG,CAAC;QACJ,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,IAAI,aAAa,CAAC,gBAAgB,GAAG,CAAC,IAAI,eAAe,CAAC,eAAe,GAAG,CAAC,EAAE,CAAC;QAC9E,eAAe,CAAC,OAAO,CACrB,uGAAuG,CACxG,CAAC;IACJ,CAAC;IAED,OAAO,eAAe,CAAC;AACzB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAiB,EACjB,cAAqC;IAMrC,MAAM,QAAQ,GAAG,eAAe,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IAE1D,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,QAAQ,CAAC,aAAa,CAAC,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACnE,IAAI,QAAQ,CAAC,eAAe,CAAC,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACtE,IAAI,QAAQ,CAAC,aAAa,CAAC,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACnE,IAAI,QAAQ,CAAC,WAAW,CAAC,QAAQ;QAAE,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAE/D,OAAO;QACL,SAAS,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC;QAC5B,UAAU,EAAE,MAAM,CAAC,MAAM;QACzB,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI;KAC5B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,QAA0B;IAC/D,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,SAAS;IACT,MAAM,WAAW,GACf,QAAQ,CAAC,OAAO,CAAC,aAAa,KAAK,UAAU;QAC3C,CAAC,CAAC,IAAI;QACN,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,aAAa,KAAK,SAAS;YAC5C,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,GAAG,CAAC;IACZ,KAAK,CAAC,IAAI,CAAC,KAAK,WAAW,eAAe,QAAQ,CAAC,OAAO,CAAC,aAAa,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IAC1F,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;IAE3B,6BAA6B;IAC7B,IAAI,QAAQ,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,sBAAsB,QAAQ,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,QAAQ,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;QACtC,KAAK,CAAC,IAAI,CAAC,wBAAwB,QAAQ,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,QAAQ,CAAC,aAAa,CAAC,QAAQ,EAAE,CAAC;QACpC,KAAK,CAAC,IAAI,CAAC,sBAAsB,QAAQ,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QAClC,KAAK,CAAC,IAAI,CAAC,oBAAoB,QAAQ,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,UAAU;IACV,IAAI,QAAQ,CAAC,OAAO,CAAC,WAAW,GAAG,CAAC,EAAE,CAAC;QACrC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CACR,UAAU,QAAQ,CAAC,OAAO,CAAC,WAAW,SAAS,QAAQ,CAAC,OAAO,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG;YAC3F,IAAI,QAAQ,CAAC,OAAO,CAAC,cAAc,cAAc,QAAQ,CAAC,OAAO,CAAC,aAAa,WAAW,CAC7F,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC9C,CAAC;IAED,kBAAkB;IAClB,IAAI,QAAQ,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,KAAK,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAC/B,KAAK,MAAM,GAAG,IAAI,QAAQ,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;YACvD,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/ai-safety/scope-violation.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Scope Violation Detector
+ *
+ * Detects commits touching files outside declared scope.
+ * Scope can be defined via .vibe-check/scope.yaml or passed in config.
+ * Uses glob patterns (minimatch) for flexible matching.
+ */
+import { Commit } from '../types.js';
+import { ScopeViolationResult, ScopeDefinition, AISafetyConfig } from './types.js';
+/**
+ * Load scope configuration from .vibe-check/scope.yaml
+ */
+export declare function loadScopeConfig(repoPath: string): ScopeDefinition | null;
+/**
+ * Detect scope violations in commits.
+ */
+export declare function detectScopeViolations(commits: Commit[], filesPerCommit: Map<string, string[]>, config?: Partial<AISafetyConfig>, repoPath?: string): ScopeViolationResult;
+//# sourceMappingURL=scope-violation.d.ts.map

package/dist/ai-safety/scope-violation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-violation.d.ts","sourceRoot":"","sources":["../../src/ai-safety/scope-violation.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EACL,oBAAoB,EAEpB,eAAe,EACf,cAAc,EACf,MAAM,YAAY,CAAC;AAcpB;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI,CAwBxE;AA2CD;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,MAAM,EAAE,EACjB,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EACrC,MAAM,GAAE,OAAO,CAAC,cAAc,CAAM,EACpC,QAAQ,CAAC,EAAE,MAAM,GAChB,oBAAoB,CAwFtB"}

package/dist/ai-safety/scope-violation.js

@@ -0,0 +1,150 @@
+/**
+ * Scope Violation Detector
+ *
+ * Detects commits touching files outside declared scope.
+ * Scope can be defined via .vibe-check/scope.yaml or passed in config.
+ * Uses glob patterns (minimatch) for flexible matching.
+ */
+import { minimatch } from 'minimatch';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as yaml from 'js-yaml';
+/**
+ * Load scope configuration from .vibe-check/scope.yaml
+ */
+export function loadScopeConfig(repoPath) {
+    const configPath = path.join(repoPath, '.vibe-check', 'scope.yaml');
+    try {
+        if (!fs.existsSync(configPath)) {
+            return null;
+        }
+        const content = fs.readFileSync(configPath, 'utf-8');
+        const config = yaml.load(content);
+        if (!config?.scope) {
+            return null;
+        }
+        return {
+            allowedPatterns: config.scope.allowed_patterns || [],
+            allowedDirs: config.scope.allowed_dirs || [],
+            description: config.scope.description,
+        };
+    }
+    catch {
+        // Config file doesn't exist or is invalid
+        return null;
+    }
+}
+/**
+ * Check if a file path matches any of the allowed patterns.
+ */
+function isFileAllowed(filePath, scope, exceptions) {
+    // Check exceptions first (always allowed)
+    for (const exception of exceptions) {
+        if (minimatch(filePath, exception) || filePath === exception) {
+            return true;
+        }
+        // Also check just the filename for common exceptions
+        const fileName = path.basename(filePath);
+        if (fileName === exception) {
+            return true;
+        }
+    }
+    // Check allowed patterns (glob)
+    for (const pattern of scope.allowedPatterns) {
+        if (minimatch(filePath, pattern, { matchBase: true })) {
+            return true;
+        }
+    }
+    // Check allowed directories
+    for (const dir of scope.allowedDirs) {
+        // Normalize paths for comparison
+        const normalizedDir = dir.endsWith('/') ? dir : dir + '/';
+        const normalizedFile = filePath.startsWith('/') ? filePath.slice(1) : filePath;
+        if (normalizedFile.startsWith(normalizedDir) || normalizedFile.startsWith(dir)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Detect scope violations in commits.
+ */
+export function detectScopeViolations(commits, filesPerCommit, config = {}, repoPath) {
+    // Check if scope checking is enabled
+    if (config.scopeCheckEnabled === false) {
+        return {
+            detected: false,
+            violations: [],
+            totalViolations: 0,
+            totalUnauthorizedFiles: 0,
+            message: 'Scope checking disabled',
+        };
+    }
+    // Try to load scope from config or file
+    let scope = config.scope;
+    if (!scope && repoPath) {
+        scope = loadScopeConfig(repoPath) || undefined;
+    }
+    // No scope defined = no violations possible
+    if (!scope) {
+        return {
+            detected: false,
+            violations: [],
+            totalViolations: 0,
+            totalUnauthorizedFiles: 0,
+            message: 'No scope defined (use .vibe-check/scope.yaml or config)',
+        };
+    }
+    // Check for empty scope (nothing allowed = everything violates)
+    if (scope.allowedPatterns.length === 0 && scope.allowedDirs.length === 0) {
+        return {
+            detected: false,
+            violations: [],
+            totalViolations: 0,
+            totalUnauthorizedFiles: 0,
+            message: 'Scope defined but empty (no patterns or dirs)',
+        };
+    }
+    const exceptions = config.allowedExceptions || [
+        'package.json',
+        'package-lock.json',
+        'tsconfig.json',
+        '.gitignore',
+        'README.md',
+    ];
+    const violations = [];
+    let totalUnauthorizedFiles = 0;
+    for (const commit of commits) {
+        const files = filesPerCommit.get(commit.hash) || [];
+        const unauthorizedFiles = [];
+        for (const file of files) {
+            if (!isFileAllowed(file, scope, exceptions)) {
+                unauthorizedFiles.push(file);
+                totalUnauthorizedFiles++;
+            }
+        }
+        if (unauthorizedFiles.length > 0) {
+            violations.push({
+                commitHash: commit.hash,
+                commitMessage: commit.message,
+                timestamp: commit.date,
+                unauthorizedFiles,
+                declaredScope: [...scope.allowedPatterns, ...scope.allowedDirs],
+                description: `Commit touched ${unauthorizedFiles.length} file(s) outside declared scope`,
+            });
+        }
+    }
+    const detected = violations.length > 0;
+    let message = 'No scope violations detected';
+    if (detected) {
+        message = `${violations.length} commit(s) violated scope (${totalUnauthorizedFiles} unauthorized files)`;
+    }
+    return {
+        detected,
+        violations,
+        totalViolations: violations.length,
+        totalUnauthorizedFiles,
+        message,
+    };
+}
+//# sourceMappingURL=scope-violation.js.map

package/dist/ai-safety/scope-violation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scope-violation.js","sourceRoot":"","sources":["../../src/ai-safety/scope-violation.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,IAAI,MAAM,SAAS,CAAC;AAqBhC;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;IAEpE,IAAI,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAoB,CAAC;QAErD,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,eAAe,EAAE,MAAM,CAAC,KAAK,CAAC,gBAAgB,IAAI,EAAE;YACpD,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,YAAY,IAAI,EAAE;YAC5C,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,WAAW;SACtC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,0CAA0C;QAC1C,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CACpB,QAAgB,EAChB,KAAsB,EACtB,UAAoB;IAEpB,0CAA0C;IAC1C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,qDAAqD;QACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACzC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,gCAAgC;IAChC,KAAK,MAAM,OAAO,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;QAC5C,IAAI,SAAS,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YACtD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,4BAA4B;IAC5B,KAAK,MAAM,GAAG,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;QACpC,iCAAiC;QACjC,MAAM,aAAa,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC;QAC1D,MAAM,cAAc,GAAG,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;QAE/E,IAAI,cAAc,CAAC,UAAU,CAAC,aAAa,CAAC,IAAI,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/E,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,OAAiB,EACjB,cAAqC,EACrC,SAAkC,EAAE,EACpC,QAAiB;IAEjB,qCAAqC;IACrC,IAAI,MAAM,CAAC,iBAAiB,KAAK,KAAK,EAAE,CAAC;QACvC,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,UAAU,EAAE,EAAE;YACd,eAAe,EAAE,CAAC;YAClB,sBAAsB,EAAE,CAAC;YACzB,OAAO,EAAE,yBAAyB;SACnC,CAAC;IACJ,CAAC;IAED,wCAAwC;IACxC,IAAI,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACzB,IAAI,CAAC,KAAK,IAAI,QAAQ,EAAE,CAAC;QACvB,KAAK,GAAG,eAAe,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;IACjD,CAAC;IAED,4CAA4C;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,UAAU,EAAE,EAAE;YACd,eAAe,EAAE,CAAC;YAClB,sBAAsB,EAAE,CAAC;YACzB,OAAO,EAAE,yDAAyD;SACnE,CAAC;IACJ,CAAC;IAED,gEAAgE;IAChE,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzE,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,UAAU,EAAE,EAAE;YACd,eAAe,EAAE,CAAC;YAClB,sBAAsB,EAAE,CAAC;YACzB,OAAO,EAAE,+CAA+C;SACzD,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,CAAC,iBAAiB,IAAI;QAC7C,cAAc;QACd,mBAAmB;QACnB,eAAe;QACf,YAAY;QACZ,WAAW;KACZ,CAAC;IAEF,MAAM,UAAU,GAAqB,EAAE,CAAC;IACxC,IAAI,sBAAsB,GAAG,CAAC,CAAC;IAE/B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,iBAAiB,GAAa,EAAE,CAAC;QAEvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,KAAK,EAAE,UAAU,CAAC,EAAE,CAAC;gBAC5C,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC7B,sBAAsB,EAAE,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,UAAU,CAAC,IAAI,CAAC;gBACd,UAAU,EAAE,MAAM,CAAC,IAAI;gBACvB,aAAa,EAAE,MAAM,CAAC,OAAO;gBAC7B,SAAS,EAAE,MAAM,CAAC,IAAI;gBACtB,iBAAiB;gBACjB,aAAa,EAAE,CAAC,GAAG,KAAK,CAAC,eAAe,EAAE,GAAG,KAAK,CAAC,WAAW,CAAC;gBAC/D,WAAW,EAAE,kBAAkB,iBAAiB,CAAC,MAAM,iCAAiC;aACzF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC;IACvC,IAAI,OAAO,GAAG,8BAA8B,CAAC;IAE7C,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,GAAG,GAAG,UAAU,CAAC,MAAM,8BAA8B,sBAAsB,sBAAsB,CAAC;IAC3G,CAAC;IAED,OAAO;QACL,QAAQ;QACR,UAAU;QACV,eAAe,EAAE,UAAU,CAAC,MAAM;QAClC,sBAAsB;QACtB,OAAO;KACR,CAAC;AACJ,CAAC"}