@boshu2/vibe-check 2.2.1 → 2.4.0

package/dist/ai-safety/secret-leakage.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Secret Leakage Detector
+ *
+ * Scans commit diffs for exposed secrets: API keys, tokens, credentials.
+ * Ported from ai-platform/tests/agents/test_agent_security.py
+ */
+import { Commit } from '../types.js';
+import { SecretLeakageResult, AISafetyConfig } from './types.js';
+/**
+ * Detect secrets leaked in commit diffs.
+ */
+export declare function detectSecretLeakage(repoPath: string, commits: Commit[], config?: Partial<AISafetyConfig>): Promise<SecretLeakageResult>;
+/**
+ * Synchronous version that works with already-fetched commit data.
+ * For use when diffs aren't available (e.g., from JSONL timeline).
+ */
+export declare function detectSecretLeakageFromMessages(commits: Commit[], config?: Partial<AISafetyConfig>): SecretLeakageResult;
+//# sourceMappingURL=secret-leakage.d.ts.map

package/dist/ai-safety/secret-leakage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-leakage.d.ts","sourceRoot":"","sources":["../../src/ai-safety/secret-leakage.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EACL,mBAAmB,EAGnB,cAAc,EACf,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EAAE,EACjB,MAAM,GAAE,OAAO,CAAC,cAAc,CAAM,GACnC,OAAO,CAAC,mBAAmB,CAAC,CAwF9B;AAoDD;;;GAGG;AACH,wBAAgB,+BAA+B,CAC7C,OAAO,EAAE,MAAM,EAAE,EACjB,MAAM,GAAE,OAAO,CAAC,cAAc,CAAM,GACnC,mBAAmB,CAyDrB"}

package/dist/ai-safety/secret-leakage.js

@@ -0,0 +1,188 @@
+/**
+ * Secret Leakage Detector
+ *
+ * Scans commit diffs for exposed secrets: API keys, tokens, credentials.
+ * Ported from ai-platform/tests/agents/test_agent_security.py
+ */
+import { simpleGit } from 'simple-git';
+import { SECRET_PATTERNS, } from './types.js';
+/**
+ * Detect secrets leaked in commit diffs.
+ */
+export async function detectSecretLeakage(repoPath, commits, config = {}) {
+    if (!config.secretDetectionEnabled) {
+        return {
+            detected: false,
+            findings: [],
+            totalFindings: 0,
+            criticalFindings: 0,
+            message: 'Secret detection disabled',
+        };
+    }
+    const findings = [];
+    const git = simpleGit(repoPath);
+    // Merge custom patterns if provided
+    const patterns = {
+        ...SECRET_PATTERNS,
+        ...(config.customSecretPatterns || {}),
+    };
+    for (const commit of commits) {
+        try {
+            let contentToScan;
+            if (config.secretScanDepth === 'shallow') {
+                // Only scan commit message
+                contentToScan = commit.message;
+            }
+            else {
+                // Full scan: get diff content using simple-git
+                const diff = await git.show([commit.hash, '--format=', '--patch']);
+                contentToScan = diff;
+            }
+            // Scan for each secret pattern
+            for (const [patternName, regex] of Object.entries(patterns)) {
+                // Reset regex state
+                regex.lastIndex = 0;
+                let match;
+                while ((match = regex.exec(contentToScan)) !== null) {
+                    const matchedText = match[0];
+                    const startIndex = match.index;
+                    // Get line context (20 chars before and after)
+                    const contextStart = Math.max(0, startIndex - 20);
+                    const contextEnd = Math.min(contentToScan.length, startIndex + matchedText.length + 20);
+                    const rawContext = contentToScan.substring(contextStart, contextEnd);
+                    // Mask the secret in context (show first 8 chars only)
+                    const maskedSecret = maskSecret(matchedText);
+                    const lineContext = rawContext.replace(matchedText, maskedSecret);
+                    // Determine file from diff context
+                    const file = extractFileFromDiff(contentToScan, startIndex);
+                    findings.push({
+                        commitHash: commit.hash,
+                        commitMessage: commit.message,
+                        timestamp: commit.date,
+                        file: file || 'unknown',
+                        pattern: patternName,
+                        matchedText: maskedSecret,
+                        lineContext: lineContext.replace(/\n/g, ' ').trim(),
+                        severity: determineSeverity(patternName),
+                    });
+                }
+            }
+        }
+        catch (error) {
+            // Skip commits we can't analyze
+            continue;
+        }
+    }
+    const criticalFindings = findings.filter((f) => f.severity === 'critical').length;
+    const detected = findings.length > 0;
+    let message = 'No secrets detected';
+    if (detected) {
+        message = `${findings.length} secret(s) found (${criticalFindings} critical)`;
+    }
+    return {
+        detected,
+        findings,
+        totalFindings: findings.length,
+        criticalFindings,
+        message,
+    };
+}
+/**
+ * Mask a secret, showing only first 8 characters.
+ */
+function maskSecret(secret) {
+    if (secret.length <= 8) {
+        return '***';
+    }
+    return secret.substring(0, 8) + '***';
+}
+/**
+ * Extract filename from diff context.
+ * Looks for lines like "+++ b/path/to/file.ts"
+ */
+function extractFileFromDiff(diff, position) {
+    // Find the nearest "+++ b/" before the match position
+    const beforeMatch = diff.substring(0, position);
+    const lines = beforeMatch.split('\n');
+    // Search backwards for file header
+    for (let i = lines.length - 1; i >= 0; i--) {
+        const line = lines[i];
+        if (line.startsWith('+++ b/')) {
+            return line.substring(6); // Remove "+++ b/"
+        }
+        if (line.startsWith('diff --git')) {
+            // Found diff header without +++ b/, extract from diff line
+            const match = line.match(/diff --git a\/.+ b\/(.+)/);
+            return match ? match[1] : null;
+        }
+    }
+    return null;
+}
+/**
+ * Determine severity based on pattern type.
+ */
+function determineSeverity(patternName) {
+    // High-value secrets are critical
+    const criticalPatterns = [
+        'OpenAI API Key',
+        'GitHub Personal Access Token',
+        'GitLab Personal Access Token',
+        'AWS Access Key',
+    ];
+    return criticalPatterns.includes(patternName) ? 'critical' : 'warning';
+}
+/**
+ * Synchronous version that works with already-fetched commit data.
+ * For use when diffs aren't available (e.g., from JSONL timeline).
+ */
+export function detectSecretLeakageFromMessages(commits, config = {}) {
+    if (!config.secretDetectionEnabled) {
+        return {
+            detected: false,
+            findings: [],
+            totalFindings: 0,
+            criticalFindings: 0,
+            message: 'Secret detection disabled',
+        };
+    }
+    const findings = [];
+    const patterns = {
+        ...SECRET_PATTERNS,
+        ...(config.customSecretPatterns || {}),
+    };
+    for (const commit of commits) {
+        const contentToScan = commit.message;
+        for (const [patternName, regex] of Object.entries(patterns)) {
+            regex.lastIndex = 0;
+            let match;
+            while ((match = regex.exec(contentToScan)) !== null) {
+                const matchedText = match[0];
+                const maskedSecret = maskSecret(matchedText);
+                findings.push({
+                    commitHash: commit.hash,
+                    commitMessage: commit.message,
+                    timestamp: commit.date,
+                    file: 'commit-message',
+                    pattern: patternName,
+                    matchedText: maskedSecret,
+                    lineContext: commit.message.substring(0, 80),
+                    severity: determineSeverity(patternName),
+                });
+            }
+        }
+    }
+    const criticalFindings = findings.filter((f) => f.severity === 'critical').length;
+    const detected = findings.length > 0;
+    let message = 'No secrets in commit messages';
+    if (detected) {
+        message = `${findings.length} secret(s) in messages (${criticalFindings} critical)`;
+    }
+    return {
+        detected,
+        findings,
+        totalFindings: findings.length,
+        criticalFindings,
+        message,
+    };
+}
+//# sourceMappingURL=secret-leakage.js.map

package/dist/ai-safety/secret-leakage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secret-leakage.js","sourceRoot":"","sources":["../../src/ai-safety/secret-leakage.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,SAAS,EAAa,MAAM,YAAY,CAAC;AAElD,OAAO,EAGL,eAAe,GAEhB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,QAAgB,EAChB,OAAiB,EACjB,SAAkC,EAAE;IAEpC,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE,CAAC;QACnC,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,EAAE;YACZ,aAAa,EAAE,CAAC;YAChB,gBAAgB,EAAE,CAAC;YACnB,OAAO,EAAE,2BAA2B;SACrC,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,GAAG,GAAc,SAAS,CAAC,QAAQ,CAAC,CAAC;IAE3C,oCAAoC;IACpC,MAAM,QAAQ,GAAG;QACf,GAAG,eAAe;QAClB,GAAG,CAAC,MAAM,CAAC,oBAAoB,IAAI,EAAE,CAAC;KACvC,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,IAAI,aAAqB,CAAC;YAE1B,IAAI,MAAM,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBACzC,2BAA2B;gBAC3B,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC;YACjC,CAAC;iBAAM,CAAC;gBACN,+CAA+C;gBAC/C,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;gBACnE,aAAa,GAAG,IAAI,CAAC;YACvB,CAAC;YAED,+BAA+B;YAC/B,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5D,oBAAoB;gBACpB,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;gBAEpB,IAAI,KAA6B,CAAC;gBAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;oBACpD,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;oBAC7B,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC;oBAE/B,+CAA+C;oBAC/C,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,GAAG,EAAE,CAAC,CAAC;oBAClD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,MAAM,EAAE,UAAU,GAAG,WAAW,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;oBACxF,MAAM,UAAU,GAAG,aAAa,CAAC,SAAS,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;oBAErE,uDAAuD;oBACvD,MAAM,YAAY,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;oBAC7C,MAAM,WAAW,GAAG,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;oBAElE,mCAAmC;oBACnC,MAAM,IAAI,GAAG,mBAAmB,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC;oBAE5D,QAAQ,CAAC,IAAI,CAAC;wBACZ,UAAU,EAAE,MAAM,CAAC,IAAI;wBACvB,aAAa,EAAE,MAAM,CAAC,OAAO;wBAC7B,SAAS,EAAE,MAAM,CAAC,IAAI;wBACtB,IAAI,EAAE,IAAI,IAAI,SAAS;wBACvB,OAAO,EAAE,WAAW;wBACpB,WAAW,EAAE,YAAY;wBACzB,WAAW,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE;wBACnD,QAAQ,EAAE,iBAAiB,CAAC,WAAW,CAAC;qBACzC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,gCAAgC;YAChC,SAAS;QACX,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAClF,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAErC,IAAI,OAAO,GAAG,qBAAqB,CAAC;IACpC,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,qBAAqB,gBAAgB,YAAY,CAAC;IAChF,CAAC;IAED,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,gBAAgB;QAChB,OAAO;KACR,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,MAAc;IAChC,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,SAAS,mBAAmB,CAAC,IAAY,EAAE,QAAgB;IACzD,sDAAsD;IACtD,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEtC,mCAAmC;IACnC,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB;QAC9C,CAAC;QACD,IAAI,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAClC,2DAA2D;YAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;YACrD,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACjC,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,WAAmB;IAC5C,kCAAkC;IAClC,MAAM,gBAAgB,GAAG;QACvB,gBAAgB;QAChB,8BAA8B;QAC9B,8BAA8B;QAC9B,gBAAgB;KACjB,CAAC;IAEF,OAAO,gBAAgB,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;AACzE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,+BAA+B,CAC7C,OAAiB,EACjB,SAAkC,EAAE;IAEpC,IAAI,CAAC,MAAM,CAAC,sBAAsB,EAAE,CAAC;QACnC,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,EAAE;YACZ,aAAa,EAAE,CAAC;YAChB,gBAAgB,EAAE,CAAC;YACnB,OAAO,EAAE,2BAA2B;SACrC,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAoB,EAAE,CAAC;IACrC,MAAM,QAAQ,GAAG;QACf,GAAG,eAAe;QAClB,GAAG,CAAC,MAAM,CAAC,oBAAoB,IAAI,EAAE,CAAC;KACvC,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC;QAErC,KAAK,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5D,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC;YAEpB,IAAI,KAA6B,CAAC;YAClC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBACpD,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;gBAC7B,MAAM,YAAY,GAAG,UAAU,CAAC,WAAW,CAAC,CAAC;gBAE7C,QAAQ,CAAC,IAAI,CAAC;oBACZ,UAAU,EAAE,MAAM,CAAC,IAAI;oBACvB,aAAa,EAAE,MAAM,CAAC,OAAO;oBAC7B,SAAS,EAAE,MAAM,CAAC,IAAI;oBACtB,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,WAAW;oBACpB,WAAW,EAAE,YAAY;oBACzB,WAAW,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC;oBAC5C,QAAQ,EAAE,iBAAiB,CAAC,WAAW,CAAC;iBACzC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,UAAU,CAAC,CAAC,MAAM,CAAC;IAClF,MAAM,QAAQ,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAErC,IAAI,OAAO,GAAG,+BAA+B,CAAC;IAC9C,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,2BAA2B,gBAAgB,YAAY,CAAC;IACtF,CAAC;IAED,OAAO;QACL,QAAQ;QACR,QAAQ;QACR,aAAa,EAAE,QAAQ,CAAC,MAAM;QAC9B,gBAAgB;QAChB,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/ai-safety/token-spiral.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Token Spiral Detector
+ *
+ * Estimates token usage from commit size and detects explosion patterns.
+ * Uses heuristic: ~4 characters per token (GPT-style tokenization).
+ * Detects when commits exceed baseline by configurable threshold.
+ */
+import { Commit } from '../types.js';
+import { TokenSpiralResult, AISafetyConfig } from './types.js';
+/**
+ * Detect token spirals in commit history.
+ */
+export declare function detectTokenSpiral(commits: Commit[], lineStatsPerCommit: Map<string, {
+    additions: number;
+    deletions: number;
+}>, filesPerCommit: Map<string, string[]>, config?: Partial<AISafetyConfig>): TokenSpiralResult;
+//# sourceMappingURL=token-spiral.d.ts.map

package/dist/ai-safety/token-spiral.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-spiral.d.ts","sourceRoot":"","sources":["../../src/ai-safety/token-spiral.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EACL,iBAAiB,EAGjB,cAAc,EACf,MAAM,YAAY,CAAC;AA+EpB;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EAAE,EACjB,kBAAkB,EAAE,GAAG,CAAC,MAAM,EAAE;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,EACzE,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EACrC,MAAM,GAAE,OAAO,CAAC,cAAc,CAAM,GACnC,iBAAiB,CAwJnB"}

package/dist/ai-safety/token-spiral.js

@@ -0,0 +1,183 @@
+/**
+ * Token Spiral Detector
+ *
+ * Estimates token usage from commit size and detects explosion patterns.
+ * Uses heuristic: ~4 characters per token (GPT-style tokenization).
+ * Detects when commits exceed baseline by configurable threshold.
+ */
+// Token estimation constants
+const CHARS_PER_TOKEN = 4; // Approximate for GPT-style tokenization
+const TOKENS_PER_LINE = 15; // Approximate tokens per line of code
+const BASELINE_COMMIT_COUNT = 5; // Number of commits for baseline calculation
+// Thresholds for indicators
+const LARGE_DIFF_THRESHOLD = 500; // lines
+const MANY_FILES_THRESHOLD = 10; // files
+const MASSIVE_ADDITIONS_THRESHOLD = 1000; // lines added
+/**
+ * Estimate tokens for a single commit based on diff stats.
+ */
+function estimateCommitTokens(additions, deletions, fileCount, messageLength, method) {
+    switch (method) {
+        case 'char_count':
+            // Estimate based on approximate character count
+            // Assume ~40 chars per line of code
+            const estimatedChars = (additions + deletions) * 40 + messageLength;
+            return Math.round(estimatedChars / CHARS_PER_TOKEN);
+        case 'lines':
+            // Estimate based on line count
+            return Math.round((additions + deletions) * TOKENS_PER_LINE);
+        case 'diff_size':
+            // Hybrid: consider files, lines, and message
+            const lineTokens = (additions + deletions) * TOKENS_PER_LINE;
+            const fileTokens = fileCount * 50; // ~50 tokens per file header
+            const msgTokens = Math.round(messageLength / CHARS_PER_TOKEN);
+            return Math.round(lineTokens + fileTokens + msgTokens);
+        default:
+            return 0;
+    }
+}
+/**
+ * Identify indicators for why a commit might be spiraling.
+ */
+function identifyIndicators(additions, deletions, fileCount) {
+    const indicators = [];
+    const totalLines = additions + deletions;
+    if (totalLines > LARGE_DIFF_THRESHOLD) {
+        indicators.push('large_diff');
+    }
+    if (fileCount > MANY_FILES_THRESHOLD) {
+        indicators.push('many_files');
+    }
+    if (additions > MASSIVE_ADDITIONS_THRESHOLD) {
+        indicators.push('massive_additions');
+    }
+    if (deletions > additions * 2) {
+        indicators.push('heavy_deletions');
+    }
+    if (additions > deletions * 5 && additions > 200) {
+        indicators.push('bulk_additions');
+    }
+    return indicators;
+}
+/**
+ * Detect token spirals in commit history.
+ */
+export function detectTokenSpiral(commits, lineStatsPerCommit, filesPerCommit, config = {}) {
+    // Check if token tracking is enabled
+    if (config.tokenTrackingEnabled === false) {
+        return {
+            detected: false,
+            estimatedTokens: {
+                totalTokens: 0,
+                averagePerCommit: 0,
+                peakCommit: null,
+                baseline: 0,
+                explosionDetected: false,
+            },
+            spirals: [],
+            message: 'Token tracking disabled',
+        };
+    }
+    if (commits.length === 0) {
+        return {
+            detected: false,
+            estimatedTokens: {
+                totalTokens: 0,
+                averagePerCommit: 0,
+                peakCommit: null,
+                baseline: 0,
+                explosionDetected: false,
+            },
+            spirals: [],
+            message: 'No commits to analyze',
+        };
+    }
+    const method = config.tokenEstimationMethod ?? 'char_count';
+    const explosionThreshold = config.explosionThreshold ?? 2.0;
+    // Sort commits by date (oldest first)
+    const sortedCommits = [...commits].sort((a, b) => a.date.getTime() - b.date.getTime());
+    // Calculate token estimates per commit
+    const tokenEstimates = [];
+    for (const commit of sortedCommits) {
+        const lineStats = lineStatsPerCommit.get(commit.hash) || { additions: 0, deletions: 0 };
+        const files = filesPerCommit.get(commit.hash) || [];
+        const tokens = estimateCommitTokens(lineStats.additions, lineStats.deletions, files.length, commit.message.length, method);
+        tokenEstimates.push({
+            commit,
+            tokens,
+            additions: lineStats.additions,
+            deletions: lineStats.deletions,
+            fileCount: files.length,
+        });
+    }
+    // Calculate baseline from first N commits
+    const baselineCommits = tokenEstimates.slice(0, BASELINE_COMMIT_COUNT);
+    const baseline = baselineCommits.length > 0
+        ? baselineCommits.reduce((sum, c) => sum + c.tokens, 0) / baselineCommits.length
+        : 0;
+    // Find peak commit
+    let peakCommit = null;
+    let maxTokens = 0;
+    for (const est of tokenEstimates) {
+        if (est.tokens > maxTokens) {
+            maxTokens = est.tokens;
+            peakCommit = {
+                hash: est.commit.hash,
+                tokens: est.tokens,
+                message: est.commit.message,
+            };
+        }
+    }
+    // Calculate totals
+    const totalTokens = tokenEstimates.reduce((sum, c) => sum + c.tokens, 0);
+    const averagePerCommit = tokenEstimates.length > 0
+        ? Math.round(totalTokens / tokenEstimates.length)
+        : 0;
+    // Detect spirals (commits exceeding baseline by threshold)
+    const spirals = [];
+    let explosionDetected = false;
+    // Only check commits after the baseline window
+    const commitsToCheck = tokenEstimates.slice(BASELINE_COMMIT_COUNT);
+    for (const est of commitsToCheck) {
+        if (baseline > 0) {
+            const multiplier = est.tokens / baseline;
+            if (multiplier >= explosionThreshold) {
+                explosionDetected = true;
+                const indicators = identifyIndicators(est.additions, est.deletions, est.fileCount);
+                spirals.push({
+                    commitHash: est.commit.hash,
+                    commitMessage: est.commit.message,
+                    timestamp: est.commit.date,
+                    estimatedTokens: est.tokens,
+                    baselineMultiplier: Math.round(multiplier * 10) / 10,
+                    indicators,
+                });
+            }
+        }
+    }
+    // Generate message
+    const detected = spirals.length > 0;
+    let message = 'Token usage within normal range';
+    if (detected) {
+        if (explosionDetected) {
+            const maxMultiplier = Math.max(...spirals.map(s => s.baselineMultiplier));
+            message = `Token explosion detected: ${spirals.length} commit(s) exceeded ${explosionThreshold}x baseline (max: ${maxMultiplier}x)`;
+        }
+        else {
+            message = `${spirals.length} commit(s) with elevated token usage`;
+        }
+    }
+    return {
+        detected,
+        estimatedTokens: {
+            totalTokens,
+            averagePerCommit,
+            peakCommit,
+            baseline: Math.round(baseline),
+            explosionDetected,
+        },
+        spirals,
+        message,
+    };
+}
+//# sourceMappingURL=token-spiral.js.map

package/dist/ai-safety/token-spiral.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-spiral.js","sourceRoot":"","sources":["../../src/ai-safety/token-spiral.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAUH,6BAA6B;AAC7B,MAAM,eAAe,GAAG,CAAC,CAAC,CAAC,yCAAyC;AACpE,MAAM,eAAe,GAAG,EAAE,CAAC,CAAC,sCAAsC;AAClE,MAAM,qBAAqB,GAAG,CAAC,CAAC,CAAC,6CAA6C;AAE9E,4BAA4B;AAC5B,MAAM,oBAAoB,GAAG,GAAG,CAAC,CAAC,QAAQ;AAC1C,MAAM,oBAAoB,GAAG,EAAE,CAAC,CAAC,QAAQ;AACzC,MAAM,2BAA2B,GAAG,IAAI,CAAC,CAAC,cAAc;AAExD;;GAEG;AACH,SAAS,oBAAoB,CAC3B,SAAiB,EACjB,SAAiB,EACjB,SAAiB,EACjB,aAAqB,EACrB,MAA4C;IAE5C,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,YAAY;YACf,gDAAgD;YAChD,oCAAoC;YACpC,MAAM,cAAc,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC;YACpE,OAAO,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,eAAe,CAAC,CAAC;QAEtD,KAAK,OAAO;YACV,+BAA+B;YAC/B,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,SAAS,CAAC,GAAG,eAAe,CAAC,CAAC;QAE/D,KAAK,WAAW;YACd,6CAA6C;YAC7C,MAAM,UAAU,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC,GAAG,eAAe,CAAC;YAC7D,MAAM,UAAU,GAAG,SAAS,GAAG,EAAE,CAAC,CAAC,6BAA6B;YAChE,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,GAAG,eAAe,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,UAAU,GAAG,SAAS,CAAC,CAAC;QAEzD;YACE,OAAO,CAAC,CAAC;IACb,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CACzB,SAAiB,EACjB,SAAiB,EACjB,SAAiB;IAEjB,MAAM,UAAU,GAAa,EAAE,CAAC;IAEhC,MAAM,UAAU,GAAG,SAAS,GAAG,SAAS,CAAC;IACzC,IAAI,UAAU,GAAG,oBAAoB,EAAE,CAAC;QACtC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAChC,CAAC;IAED,IAAI,SAAS,GAAG,oBAAoB,EAAE,CAAC;QACrC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAChC,CAAC;IAED,IAAI,SAAS,GAAG,2BAA2B,EAAE,CAAC;QAC5C,UAAU,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,SAAS,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC;QAC9B,UAAU,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;IACrC,CAAC;IAED,IAAI,SAAS,GAAG,SAAS,GAAG,CAAC,IAAI,SAAS,GAAG,GAAG,EAAE,CAAC;QACjD,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAC/B,OAAiB,EACjB,kBAAyE,EACzE,cAAqC,EACrC,SAAkC,EAAE;IAEpC,qCAAqC;IACrC,IAAI,MAAM,CAAC,oBAAoB,KAAK,KAAK,EAAE,CAAC;QAC1C,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,eAAe,EAAE;gBACf,WAAW,EAAE,CAAC;gBACd,gBAAgB,EAAE,CAAC;gBACnB,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,CAAC;gBACX,iBAAiB,EAAE,KAAK;aACzB;YACD,OAAO,EAAE,EAAE;YACX,OAAO,EAAE,yBAAyB;SACnC,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,eAAe,EAAE;gBACf,WAAW,EAAE,CAAC;gBACd,gBAAgB,EAAE,CAAC;gBACnB,UAAU,EAAE,IAAI;gBAChB,QAAQ,EAAE,CAAC;gBACX,iBAAiB,EAAE,KAAK;aACzB;YACD,OAAO,EAAE,EAAE;YACX,OAAO,EAAE,uBAAuB;SACjC,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,qBAAqB,IAAI,YAAY,CAAC;IAC5D,MAAM,kBAAkB,GAAG,MAAM,CAAC,kBAAkB,IAAI,GAAG,CAAC;IAE5D,sCAAsC;IACtC,MAAM,aAAa,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CACrC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,CAC9C,CAAC;IAEF,uCAAuC;IACvC,MAAM,cAAc,GAMf,EAAE,CAAC;IAER,KAAK,MAAM,MAAM,IAAI,aAAa,EAAE,CAAC;QACnC,MAAM,SAAS,GAAG,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;QACxF,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,MAAM,GAAG,oBAAoB,CACjC,SAAS,CAAC,SAAS,EACnB,SAAS,CAAC,SAAS,EACnB,KAAK,CAAC,MAAM,EACZ,MAAM,CAAC,OAAO,CAAC,MAAM,EACrB,MAAM,CACP,CAAC;QAEF,cAAc,CAAC,IAAI,CAAC;YAClB,MAAM;YACN,MAAM;YACN,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,SAAS,EAAE,KAAK,CAAC,MAAM;SACxB,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,MAAM,eAAe,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,qBAAqB,CAAC,CAAC;IACvE,MAAM,QAAQ,GAAG,eAAe,CAAC,MAAM,GAAG,CAAC;QACzC,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,eAAe,CAAC,MAAM;QAChF,CAAC,CAAC,CAAC,CAAC;IAEN,mBAAmB;IACnB,IAAI,UAAU,GAAgC,IAAI,CAAC;IACnD,IAAI,SAAS,GAAG,CAAC,CAAC;IAElB,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;QACjC,IAAI,GAAG,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC;YACvB,UAAU,GAAG;gBACX,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI;gBACrB,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO;aAC5B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,mBAAmB;IACnB,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACzE,MAAM,gBAAgB,GAAG,cAAc,CAAC,MAAM,GAAG,CAAC;QAChD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC;QACjD,CAAC,CAAC,CAAC,CAAC;IAEN,2DAA2D;IAC3D,MAAM,OAAO,GAAkB,EAAE,CAAC;IAClC,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAE9B,+CAA+C;IAC/C,MAAM,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAEnE,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;QACjC,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;YACjB,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,GAAG,QAAQ,CAAC;YAEzC,IAAI,UAAU,IAAI,kBAAkB,EAAE,CAAC;gBACrC,iBAAiB,GAAG,IAAI,CAAC;gBACzB,MAAM,UAAU,GAAG,kBAAkB,CACnC,GAAG,CAAC,SAAS,EACb,GAAG,CAAC,SAAS,EACb,GAAG,CAAC,SAAS,CACd,CAAC;gBAEF,OAAO,CAAC,IAAI,CAAC;oBACX,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI;oBAC3B,aAAa,EAAE,GAAG,CAAC,MAAM,CAAC,OAAO;oBACjC,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI;oBAC1B,eAAe,EAAE,GAAG,CAAC,MAAM;oBAC3B,kBAAkB,EAAE,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,EAAE,CAAC,GAAG,EAAE;oBACpD,UAAU;iBACX,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,mBAAmB;IACnB,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;IACpC,IAAI,OAAO,GAAG,iCAAiC,CAAC;IAEhD,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,iBAAiB,EAAE,CAAC;YACtB,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC;YAC1E,OAAO,GAAG,6BAA6B,OAAO,CAAC,MAAM,uBAAuB,kBAAkB,oBAAoB,aAAa,IAAI,CAAC;QACtI,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,GAAG,OAAO,CAAC,MAAM,sCAAsC,CAAC;QACpE,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ;QACR,eAAe,EAAE;YACf,WAAW;YACX,gBAAgB;YAChB,UAAU;YACV,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;YAC9B,iBAAiB;SAClB;QACD,OAAO;QACP,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/ai-safety/types.d.ts

@@ -0,0 +1,122 @@
+/**
+ * AI Safety Detection Types
+ *
+ * These detect LLM-specific antipatterns in commit history:
+ * 1. Secret Leakage - Exposed API keys, tokens, credentials
+ * 2. Scope Violation - Commits touching files outside declared domain
+ * 3. Contract Drift - Commit message format degrading over time
+ * 4. Token Spiral - Runaway token consumption (context explosion)
+ */
+export interface SecretLeakageResult {
+    detected: boolean;
+    findings: SecretFinding[];
+    totalFindings: number;
+    criticalFindings: number;
+    message: string;
+}
+export interface SecretFinding {
+    commitHash: string;
+    commitMessage: string;
+    timestamp: Date;
+    file: string;
+    pattern: string;
+    matchedText: string;
+    lineContext: string;
+    severity: 'critical' | 'warning';
+}
+export declare const SECRET_PATTERNS: Record<string, RegExp>;
+export interface ScopeViolationResult {
+    detected: boolean;
+    violations: ScopeViolation[];
+    totalViolations: number;
+    totalUnauthorizedFiles: number;
+    message: string;
+}
+export interface ScopeViolation {
+    commitHash: string;
+    commitMessage: string;
+    timestamp: Date;
+    unauthorizedFiles: string[];
+    declaredScope: string[];
+    description: string;
+}
+export interface ScopeDefinition {
+    allowedPatterns: string[];
+    allowedDirs: string[];
+    description?: string;
+}
+export interface ContractDriftResult {
+    detected: boolean;
+    driftMetrics: ContractDriftMetrics;
+    degradingCommits: DegradingCommit[];
+    totalDegradingCommits: number;
+    message: string;
+}
+export interface ContractDriftMetrics {
+    baselineCompliance: number;
+    currentCompliance: number;
+    driftPercentage: number;
+    trend: 'improving' | 'stable' | 'degrading';
+    entropyScore: number;
+}
+export interface DegradingCommit {
+    hash: string;
+    message: string;
+    timestamp: Date;
+    issues: string[];
+    complianceScore: number;
+}
+export interface TokenSpiralResult {
+    detected: boolean;
+    estimatedTokens: TokenEstimate;
+    spirals: TokenSpiral[];
+    message: string;
+}
+export interface TokenEstimate {
+    totalTokens: number;
+    averagePerCommit: number;
+    peakCommit: {
+        hash: string;
+        tokens: number;
+        message: string;
+    } | null;
+    baseline: number;
+    explosionDetected: boolean;
+}
+export interface TokenSpiral {
+    commitHash: string;
+    commitMessage: string;
+    timestamp: Date;
+    estimatedTokens: number;
+    baselineMultiplier: number;
+    indicators: string[];
+}
+export interface AISafetyAnalysis {
+    secretLeakage: SecretLeakageResult;
+    scopeViolations: ScopeViolationResult;
+    contractDrift: ContractDriftResult;
+    tokenSpiral: TokenSpiralResult;
+    summary: {
+        totalIssues: number;
+        criticalIssues: number;
+        warningIssues: number;
+        overallHealth: 'healthy' | 'warning' | 'critical';
+    };
+    recommendations: string[];
+}
+export interface AISafetyConfig {
+    secretDetectionEnabled: boolean;
+    customSecretPatterns?: Record<string, RegExp>;
+    secretScanDepth: 'full' | 'shallow';
+    scopeCheckEnabled: boolean;
+    scope?: ScopeDefinition;
+    allowedExceptions: string[];
+    contractCheckEnabled: boolean;
+    driftThreshold: number;
+    requireConventionalCommits: boolean;
+    tokenTrackingEnabled: boolean;
+    tokenEstimationMethod: 'char_count' | 'lines' | 'diff_size';
+    explosionThreshold: number;
+}
+export declare const DEFAULT_AI_SAFETY_CONFIG: AISafetyConfig;
+//# sourceMappingURL=types.d.ts.map

package/dist/ai-safety/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/ai-safety/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAQH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,UAAU,GAAG,SAAS,CAAC;CAClC;AAED,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CASlD,CAAC;AAMF,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,cAAc,EAAE,CAAC;IAC7B,eAAe,EAAE,MAAM,CAAC;IACxB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAMD,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,OAAO,CAAC;IAClB,YAAY,EAAE,oBAAoB,CAAC;IACnC,gBAAgB,EAAE,eAAe,EAAE,CAAC;IACpC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,oBAAoB;IACnC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,KAAK,EAAE,WAAW,GAAG,QAAQ,GAAG,WAAW,CAAC;IAC5C,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;CACzB;AAMD,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,OAAO,CAAC;IAClB,eAAe,EAAE,aAAa,CAAC;IAC/B,OAAO,EAAE,WAAW,EAAE,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE;QACV,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;KACjB,GAAG,IAAI,CAAC;IACT,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,OAAO,CAAC;CAC5B;AAED,MAAM,WAAW,WAAW;IAC1B,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,IAAI,CAAC;IAChB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAMD,MAAM,WAAW,gBAAgB;IAE/B,aAAa,EAAE,mBAAmB,CAAC;IACnC,eAAe,EAAE,oBAAoB,CAAC;IACtC,aAAa,EAAE,mBAAmB,CAAC;IACnC,WAAW,EAAE,iBAAiB,CAAC;IAG/B,OAAO,EAAE;QACP,WAAW,EAAE,MAAM,CAAC;QACpB,cAAc,EAAE,MAAM,CAAC;QACvB,aAAa,EAAE,MAAM,CAAC;QACtB,aAAa,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;KACnD,CAAC;IAGF,eAAe,EAAE,MAAM,EAAE,CAAC;CAC3B;AAMD,MAAM,WAAW,cAAc;IAE7B,sBAAsB,EAAE,OAAO,CAAC;IAChC,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9C,eAAe,EAAE,MAAM,GAAG,SAAS,CAAC;IAGpC,iBAAiB,EAAE,OAAO,CAAC;IAC3B,KAAK,CAAC,EAAE,eAAe,CAAC;IACxB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAG5B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,0BAA0B,EAAE,OAAO,CAAC;IAGpC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,YAAY,GAAG,OAAO,GAAG,WAAW,CAAC;IAC5D,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,eAAO,MAAM,wBAAwB,EAAE,cAWtC,CAAC"}

package/dist/ai-safety/types.js

@@ -0,0 +1,32 @@
+/**
+ * AI Safety Detection Types
+ *
+ * These detect LLM-specific antipatterns in commit history:
+ * 1. Secret Leakage - Exposed API keys, tokens, credentials
+ * 2. Scope Violation - Commits touching files outside declared domain
+ * 3. Contract Drift - Commit message format degrading over time
+ * 4. Token Spiral - Runaway token consumption (context explosion)
+ */
+export const SECRET_PATTERNS = {
+    'OpenAI API Key': /sk-[a-zA-Z0-9]{48}/g,
+    'GitHub Personal Access Token': /ghp_[a-zA-Z0-9]{36}/g,
+    'GitLab Personal Access Token': /glpat-[a-zA-Z0-9]{20}/g,
+    'AWS Access Key': /AKIA[0-9A-Z]{16}/g,
+    'Slack Token': /xox[baprs]-[a-zA-Z0-9-]+/g,
+    'Generic API Key': /api[_-]?key\s*[:=]\s*['"]?[a-zA-Z0-9]{32,}['"]?/gi,
+    'Generic Secret': /secret\s*[:=]\s*['"]?[a-zA-Z0-9]{16,}['"]?/gi,
+    'Password Assignment': /password\s*[:=]\s*['"]?[^\s'"]{8,}['"]?/gi,
+};
+export const DEFAULT_AI_SAFETY_CONFIG = {
+    secretDetectionEnabled: true,
+    secretScanDepth: 'full',
+    scopeCheckEnabled: false, // Requires explicit scope definition
+    allowedExceptions: ['package.json', 'package-lock.json', 'tsconfig.json', '.gitignore', 'README.md'],
+    contractCheckEnabled: true,
+    driftThreshold: 30,
+    requireConventionalCommits: true,
+    tokenTrackingEnabled: true,
+    tokenEstimationMethod: 'char_count',
+    explosionThreshold: 2.0,
+};
+//# sourceMappingURL=types.js.map

package/dist/ai-safety/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/ai-safety/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA2BH,MAAM,CAAC,MAAM,eAAe,GAA2B;IACrD,gBAAgB,EAAE,qBAAqB;IACvC,8BAA8B,EAAE,sBAAsB;IACtD,8BAA8B,EAAE,wBAAwB;IACxD,gBAAgB,EAAE,mBAAmB;IACrC,aAAa,EAAE,2BAA2B;IAC1C,iBAAiB,EAAE,mDAAmD;IACtE,gBAAgB,EAAE,8CAA8C;IAChE,qBAAqB,EAAE,2CAA2C;CACnE,CAAC;AA0IF,MAAM,CAAC,MAAM,wBAAwB,GAAmB;IACtD,sBAAsB,EAAE,IAAI;IAC5B,eAAe,EAAE,MAAM;IACvB,iBAAiB,EAAE,KAAK,EAAE,qCAAqC;IAC/D,iBAAiB,EAAE,CAAC,cAAc,EAAE,mBAAmB,EAAE,eAAe,EAAE,YAAY,EAAE,WAAW,CAAC;IACpG,oBAAoB,EAAE,IAAI;IAC1B,cAAc,EAAE,EAAE;IAClB,0BAA0B,EAAE,IAAI;IAChC,oBAAoB,EAAE,IAAI;IAC1B,qBAAqB,EAAE,YAAY;IACnC,kBAAkB,EAAE,GAAG;CACxB,CAAC"}