@bouncesecurity/aghast 0.0.13

package/dist/claude-code-provider.js

@@ -0,0 +1,247 @@
+/**
+ * Claude Code AI provider implementation.
+ * Uses @anthropic-ai/claude-agent-sdk per spec Section 6.2 / Appendix C.8.
+ */
+import { DEFAULT_AI_MODEL, FatalProviderError } from './types.js';
+// import { parseAIResponse } from './response-parser.js';
+import { logProgress, logDebug, logDebugFull, createTimer } from './logging.js';
+const TAG = 'ai-provider';
+const HEARTBEAT_INTERVAL_MS = 15000; // Log heartbeat every 15s if no activity
+const MAX_API_ERROR_RETRIES = 3; // Fail after this many consecutive API errors
+// JSON schema for structured output (matches spec Section 4.4)
+const OUTPUT_SCHEMA = {
+    type: 'object',
+    properties: {
+        issues: {
+            type: 'array',
+            items: {
+                type: 'object',
+                properties: {
+                    file: { type: 'string' },
+                    startLine: { type: 'integer' },
+                    endLine: { type: 'integer' },
+                    description: { type: 'string' },
+                    dataFlow: {
+                        type: 'array',
+                        items: {
+                            type: 'object',
+                            properties: {
+                                file: { type: 'string' },
+                                lineNumber: { type: 'integer' },
+                                label: { type: 'string' },
+                            },
+                            required: ['file', 'lineNumber', 'label'],
+                            additionalProperties: false,
+                        },
+                    },
+                },
+                required: ['file', 'startLine', 'endLine', 'description'],
+                additionalProperties: false,
+            },
+        },
+    },
+    required: ['issues'],
+    additionalProperties: false,
+};
+export class ClaudeCodeProvider {
+    apiKey;
+    useLocalClaude = false;
+    model = DEFAULT_AI_MODEL;
+    _queryFn;
+    debugEnabled = false;
+    constructor(options) {
+        this._queryFn = options?._queryFn;
+    }
+    async initialize(config) {
+        this.useLocalClaude = process.env.AGHAST_LOCAL_CLAUDE === 'true';
+        this.apiKey = config.apiKey ?? process.env.ANTHROPIC_API_KEY;
+        // Model selection priority: config.model (from AGHAST_AI_MODEL env or runtime config) > DEFAULT_AI_MODEL
+        if (config.model) {
+            this.model = config.model;
+        }
+        if (!this.apiKey && !this.useLocalClaude) {
+            throw new Error('ANTHROPIC_API_KEY is required (or set AGHAST_LOCAL_CLAUDE=true to use your local Claude Code session)');
+        }
+        if (this.useLocalClaude) {
+            logProgress(TAG, 'Using local Claude Code session for authentication');
+        }
+        else {
+            logDebug(TAG, 'Using API key for authentication');
+        }
+        logDebug(TAG, `Provider initialized with model ${this.model}`);
+    }
+    getModelName() {
+        return this.model;
+    }
+    enableDebug() {
+        this.debugEnabled = true;
+    }
+    async executeCheck(instructions, repositoryPath, logPrefix) {
+        const queryFn = this._queryFn ?? (await import('@anthropic-ai/claude-agent-sdk')).query;
+        const timer = createTimer();
+        const prefix = logPrefix ? `${logPrefix} ` : '';
+        const prompt = instructions;
+        logDebug(TAG, `${prefix}Starting query: model=${this.model}, cwd=${repositoryPath}, promptLen=${prompt.length}`);
+        if (this.debugEnabled) {
+            logDebugFull(TAG, `${prefix}Full prompt sent to AI`, prompt);
+        }
+        const conversation = queryFn({
+            prompt,
+            options: {
+                model: this.model,
+                cwd: repositoryPath,
+                allowedTools: ['Read', 'Glob', 'Grep', 'Bash', 'WebSearch', 'WebFetch'],
+                maxTurns: 100,
+                permissionMode: 'bypassPermissions',
+                outputFormat: {
+                    type: 'json_schema',
+                    schema: OUTPUT_SCHEMA,
+                },
+            },
+        });
+        // Consume all messages from the async generator to get the result
+        let resultText = '';
+        let structuredOutput;
+        let errorMessage;
+        let turnCount = 0;
+        let toolCallCount = 0;
+        let tokenUsage;
+        let consecutiveApiErrors = 0;
+        let currentToolName;
+        let lastActivityTime = Date.now();
+        // Background heartbeat timer - logs if no activity for a while
+        const heartbeatInterval = setInterval(() => {
+            const silentSeconds = Math.round((Date.now() - lastActivityTime) / 1000);
+            if (silentSeconds >= HEARTBEAT_INTERVAL_MS / 1000) {
+                const status = currentToolName ? `running ${currentToolName}` : 'waiting';
+                logProgress(TAG, `${prefix}Still ${status}... (${timer.elapsedStr()})`);
+            }
+        }, HEARTBEAT_INTERVAL_MS);
+        try {
+            for await (const message of conversation) {
+                lastActivityTime = Date.now();
+                // Tool progress events - emitted during long-running tool executions
+                if (message.type === 'tool_progress') {
+                    const progress = message;
+                    currentToolName = progress.tool_name;
+                    logProgress(TAG, `${prefix}Running ${progress.tool_name}... (${Math.round(progress.elapsed_time_seconds)}s)`);
+                }
+                if (message.type === 'assistant') {
+                    turnCount++;
+                    currentToolName = undefined;
+                    // Simple activity indicator at info level
+                    logProgress(TAG, `${prefix}Turn ${turnCount} (${timer.elapsedStr()})`);
+                    const content = message.message?.content;
+                    if (Array.isArray(content)) {
+                        // Count and log tool calls at debug level (compact)
+                        for (const block of content) {
+                            if (block?.type === 'tool_use') {
+                                toolCallCount++;
+                                currentToolName = block.name;
+                                const inputStr = JSON.stringify(block.input);
+                                const inputPreview = inputStr.length > 100 ? inputStr.slice(0, 100) + '...' : inputStr;
+                                logDebug(TAG, `${prefix}Tool[${toolCallCount}]: ${block.name} ${inputPreview}`);
+                            }
+                        }
+                        // Log assistant text at debug level
+                        const textChunks = content
+                            .filter((c) => c?.type === 'text' && typeof c.text === 'string')
+                            .map((c) => c.text.trim())
+                            .filter(Boolean);
+                        if (textChunks.length > 0) {
+                            logDebug(TAG, `${prefix}Assistant: ${textChunks.join(' | ')}`);
+                            // Detect rate-limit messages — fail immediately since retrying won't help
+                            const rateLimitMatch = textChunks.find((t) => /you've hit your limit|rate limit/i.test(t));
+                            if (rateLimitMatch) {
+                                throw new FatalProviderError(`AI provider rate limit reached: ${rateLimitMatch}`);
+                            }
+                            // Detect authentication errors (401) — fail immediately, unrecoverable
+                            const authErrorMatch = textChunks.find((t) => /API Error:\s*401/i.test(t));
+                            if (authErrorMatch) {
+                                throw new FatalProviderError(`AI provider authentication failed (401): ${authErrorMatch}`);
+                            }
+                            // Detect API errors surfaced as assistant text by the SDK
+                            const apiErrorMatch = textChunks.find((t) => t.includes('API Error:'));
+                            if (apiErrorMatch) {
+                                consecutiveApiErrors++;
+                                if (consecutiveApiErrors >= MAX_API_ERROR_RETRIES) {
+                                    throw new Error(`AI provider API error (after ${MAX_API_ERROR_RETRIES} attempts): ${apiErrorMatch}`);
+                                }
+                            }
+                            else {
+                                consecutiveApiErrors = 0;
+                            }
+                        }
+                    }
+                }
+                if (message.type === 'result') {
+                    if (message.subtype === 'success') {
+                        resultText = message.result;
+                        // Extract structured output if available
+                        const resultMsg = message;
+                        if (resultMsg.structured_output) {
+                            structuredOutput = resultMsg.structured_output;
+                            logDebug(TAG, `${prefix}Structured output: ${structuredOutput.issues.length} issues`);
+                        }
+                        // Extract token usage if available.
+                        // Prefer modelUsage (camelCase, per-model breakdown) over usage (snake_case, raw API).
+                        if (resultMsg.modelUsage && Object.keys(resultMsg.modelUsage).length > 0) {
+                            let inputTokens = 0;
+                            let outputTokens = 0;
+                            for (const model of Object.values(resultMsg.modelUsage)) {
+                                inputTokens += model.inputTokens;
+                                outputTokens += model.outputTokens;
+                            }
+                            tokenUsage = { inputTokens, outputTokens, totalTokens: inputTokens + outputTokens };
+                            logDebug(TAG, `${prefix}Token usage: ${tokenUsage.inputTokens} in, ${tokenUsage.outputTokens} out, ${tokenUsage.totalTokens} total`);
+                        }
+                        else if (resultMsg.usage) {
+                            tokenUsage = {
+                                inputTokens: resultMsg.usage.input_tokens,
+                                outputTokens: resultMsg.usage.output_tokens,
+                                totalTokens: resultMsg.usage.input_tokens + resultMsg.usage.output_tokens,
+                            };
+                            logDebug(TAG, `${prefix}Token usage: ${tokenUsage.inputTokens} in, ${tokenUsage.outputTokens} out, ${tokenUsage.totalTokens} total`);
+                        }
+                        logProgress(TAG, `${prefix}Completed in ${timer.elapsedStr()} (${turnCount} turns, ${toolCallCount} tool calls)`);
+                    }
+                    else {
+                        const errorResult = message;
+                        errorMessage = errorResult.errors?.join('; ') ?? `AI provider error: ${errorResult.subtype}`;
+                        logProgress(TAG, `${prefix}Failed: ${errorResult.subtype} (${timer.elapsedStr()})`);
+                    }
+                }
+            }
+        }
+        finally {
+            clearInterval(heartbeatInterval);
+        }
+        if (errorMessage) {
+            logDebug(TAG, `${prefix}Error: ${errorMessage}`);
+            throw new Error(errorMessage);
+        }
+        if (!resultText && !structuredOutput && !errorMessage) {
+            throw new Error('AI provider returned no result');
+        }
+        logDebug(TAG, `${prefix}Result: ${resultText.length} chars`);
+        if (this.debugEnabled) {
+            logDebugFull(TAG, `${prefix}Full AI response`, resultText);
+        }
+        // Structured output from SDK is required - we enforce JSON schema output mode.
+        // The response parser (parseAIResponse) is kept in the codebase as a potential
+        // fallback for future use cases (e.g., alternative AI providers that don't support
+        // structured output), but this provider always requires structured output.
+        if (structuredOutput) {
+            return { raw: resultText, parsed: structuredOutput, tokenUsage };
+        }
+        // No fallback parsing - structured output is mandatory for this provider.
+        // If needed in the future, uncomment:
+        // const parsed = parseAIResponse(resultText);
+        // return { raw: resultText, parsed: parsed ?? undefined };
+        throw new Error('AI provider did not return structured output');
+    }
+    async validateConfig() {
+        return !!this.apiKey || this.useLocalClaude;
+    }
+}
+//# sourceMappingURL=claude-code-provider.js.map

package/dist/claude-code-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"claude-code-provider.js","sourceRoot":"","sources":["../src/claude-code-provider.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAClE,0DAA0D;AAC1D,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEhF,MAAM,GAAG,GAAG,aAAa,CAAC;AAC1B,MAAM,qBAAqB,GAAG,KAAK,CAAC,CAAC,yCAAyC;AAC9E,MAAM,qBAAqB,GAAG,CAAC,CAAC,CAAC,8CAA8C;AAQ/E,+DAA+D;AAC/D,MAAM,aAAa,GAAG;IACpB,IAAI,EAAE,QAAQ;IACd,UAAU,EAAE;QACV,MAAM,EAAE;YACN,IAAI,EAAE,OAAO;YACb,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACxB,SAAS,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;oBAC9B,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;oBAC5B,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAC/B,QAAQ,EAAE;wBACR,IAAI,EAAE,OAAO;wBACb,KAAK,EAAE;4BACL,IAAI,EAAE,QAAQ;4BACd,UAAU,EAAE;gCACV,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;gCACxB,UAAU,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE;gCAC/B,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;6BAC1B;4BACD,QAAQ,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,OAAO,CAAC;4BACzC,oBAAoB,EAAE,KAAK;yBAC5B;qBACF;iBACF;gBACD,QAAQ,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,CAAC;gBACzD,oBAAoB,EAAE,KAAK;aAC5B;SACF;KACF;IACD,QAAQ,EAAE,CAAC,QAAQ,CAAC;IACpB,oBAAoB,EAAE,KAAK;CACnB,CAAC;AAEX,MAAM,OAAO,kBAAkB;IACrB,MAAM,CAAqB;IAC3B,cAAc,GAAY,KAAK,CAAC;IAChC,KAAK,GAAW,gBAAgB,CAAC;IACjC,QAAQ,CAAsB;IAC9B,YAAY,GAAY,KAAK,CAAC;IAEtC,YAAY,OAAgC;QAC1C,IAAI,CAAC,QAAQ,GAAG,OAAO,EAAE,QAAQ,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAsB;QACrC,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,MAAM,CAAC;QACjE,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;QAC7D,yGAAyG;QACzG,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAC5B,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,uGAAuG,CAAC,CAAC;QAC3H,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,WAAW,CAAC,GAAG,EAAE,oDAAoD,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,GAAG,EAAE,kCAAkC,CAAC,CAAC;QACpD,CAAC;QACD,QAAQ,CAAC,GAAG,EAAE,mCAAmC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,WAAW;QACT,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,YAAoB,EACpB,cAAsB,EACtB,SAAkB;QAElB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,MAAM,CAAC,gCAAgC,CAAC,CAAC,CAAC,KAAK,CAAC;QACxF,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,SAAS,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAEhD,MAAM,MAAM,GAAG,YAAY,CAAC;QAE5B,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,yBAAyB,IAAI,CAAC,KAAK,SAAS,cAAc,eAAe,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;QACjH,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,YAAY,CAAC,GAAG,EAAE,GAAG,MAAM,wBAAwB,EAAE,MAAM,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,YAAY,GAAG,OAAO,CAAC;YAC3B,MAAM;YACN,OAAO,EAAE;gBACP,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,GAAG,EAAE,cAAc;gBACnB,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,CAAC;gBACvE,QAAQ,EAAE,GAAG;gBACb,cAAc,EAAE,mBAAmB;gBACnC,YAAY,EAAE;oBACZ,IAAI,EAAE,aAAa;oBACnB,MAAM,EAAE,aAAa;iBACtB;aACF;SACF,CAAC,CAAC;QAEH,kEAAkE;QAClE,IAAI,UAAU,GAAG,EAAE,CAAC;QACpB,IAAI,gBAA2C,CAAC;QAChD,IAAI,YAAgC,CAAC;QACrC,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,aAAa,GAAG,CAAC,CAAC;QACtB,IAAI,UAAkC,CAAC;QAEvC,IAAI,oBAAoB,GAAG,CAAC,CAAC;QAC7B,IAAI,eAAmC,CAAC;QACxC,IAAI,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAElC,+DAA+D;QAC/D,MAAM,iBAAiB,GAAG,WAAW,CAAC,GAAG,EAAE;YACzC,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC;YACzE,IAAI,aAAa,IAAI,qBAAqB,GAAG,IAAI,EAAE,CAAC;gBAClD,MAAM,MAAM,GAAG,eAAe,CAAC,CAAC,CAAC,WAAW,eAAe,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;gBAC1E,WAAW,CAAC,GAAG,EAAE,GAAG,MAAM,SAAS,MAAM,QAAQ,KAAK,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;YAC1E,CAAC;QACH,CAAC,EAAE,qBAAqB,CAAC,CAAC;QAE1B,IAAI,CAAC;YACH,IAAI,KAAK,EAAE,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;gBACzC,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBAChC,qEAAqE;gBACrE,IAAI,OAAO,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;oBACrC,MAAM,QAAQ,GAAG,OAA8D,CAAC;oBAChF,eAAe,GAAG,QAAQ,CAAC,SAAS,CAAC;oBACrC,WAAW,CAAC,GAAG,EAAE,GAAG,MAAM,WAAW,QAAQ,CAAC,SAAS,QAAQ,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;gBAChH,CAAC;gBAED,IAAI,OAAO,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;oBACjC,SAAS,EAAE,CAAC;oBACZ,eAAe,GAAG,SAAS,CAAC;oBAC5B,0CAA0C;oBAC1C,WAAW,CAAC,GAAG,EAAE,GAAG,MAAM,QAAQ,SAAS,KAAK,KAAK,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;oBAEvE,MAAM,OAAO,GAAI,OAAe,CAAC,OAAO,EAAE,OAAO,CAAC;oBAClD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;wBAC3B,oDAAoD;wBACpD,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;4BAC5B,IAAI,KAAK,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;gCAC/B,aAAa,EAAE,CAAC;gCAChB,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC;gCAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gCAC7C,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC;gCACvF,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,QAAQ,aAAa,MAAM,KAAK,CAAC,IAAI,IAAI,YAAY,EAAE,CAAC,CAAC;4BAClF,CAAC;wBACH,CAAC;wBAED,oCAAoC;wBACpC,MAAM,UAAU,GAAG,OAAO;6BACvB,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;6BACpE,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;6BAC9B,MAAM,CAAC,OAAO,CAAC,CAAC;wBACnB,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BAC1B,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,cAAc,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;4BAE/D,0EAA0E;4BAC1E,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CACnD,mCAAmC,CAAC,IAAI,CAAC,CAAC,CAAC,CAC5C,CAAC;4BACF,IAAI,cAAc,EAAE,CAAC;gCACnB,MAAM,IAAI,kBAAkB,CAAC,mCAAmC,cAAc,EAAE,CAAC,CAAC;4BACpF,CAAC;4BAED,uEAAuE;4BACvE,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CACnD,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC,CAC5B,CAAC;4BACF,IAAI,cAAc,EAAE,CAAC;gCACnB,MAAM,IAAI,kBAAkB,CAAC,4CAA4C,cAAc,EAAE,CAAC,CAAC;4BAC7F,CAAC;4BAED,0DAA0D;4BAC1D,MAAM,aAAa,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;4BAC/E,IAAI,aAAa,EAAE,CAAC;gCAClB,oBAAoB,EAAE,CAAC;gCACvB,IAAI,oBAAoB,IAAI,qBAAqB,EAAE,CAAC;oCAClD,MAAM,IAAI,KAAK,CAAC,gCAAgC,qBAAqB,eAAe,aAAa,EAAE,CAAC,CAAC;gCACvG,CAAC;4BACH,CAAC;iCAAM,CAAC;gCACN,oBAAoB,GAAG,CAAC,CAAC;4BAC3B,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAED,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAC9B,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;wBAClC,UAAU,GAAG,OAAO,CAAC,MAAgB,CAAC;wBACtC,yCAAyC;wBACzC,MAAM,SAAS,GAAG,OAKjB,CAAC;wBACF,IAAI,SAAS,CAAC,iBAAiB,EAAE,CAAC;4BAChC,gBAAgB,GAAG,SAAS,CAAC,iBAAiB,CAAC;4BAC/C,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,sBAAsB,gBAAgB,CAAC,MAAM,CAAC,MAAM,SAAS,CAAC,CAAC;wBACxF,CAAC;wBACD,oCAAoC;wBACpC,uFAAuF;wBACvF,IAAI,SAAS,CAAC,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BACzE,IAAI,WAAW,GAAG,CAAC,CAAC;4BACpB,IAAI,YAAY,GAAG,CAAC,CAAC;4BACrB,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;gCACxD,WAAW,IAAI,KAAK,CAAC,WAAW,CAAC;gCACjC,YAAY,IAAI,KAAK,CAAC,YAAY,CAAC;4BACrC,CAAC;4BACD,UAAU,GAAG,EAAE,WAAW,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,GAAG,YAAY,EAAE,CAAC;4BACpF,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,gBAAgB,UAAU,CAAC,WAAW,QAAQ,UAAU,CAAC,YAAY,SAAS,UAAU,CAAC,WAAW,QAAQ,CAAC,CAAC;wBACvI,CAAC;6BAAM,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;4BAC3B,UAAU,GAAG;gCACX,WAAW,EAAE,SAAS,CAAC,KAAK,CAAC,YAAY;gCACzC,YAAY,EAAE,SAAS,CAAC,KAAK,CAAC,aAAa;gCAC3C,WAAW,EAAE,SAAS,CAAC,KAAK,CAAC,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,aAAa;6BAC1E,CAAC;4BACF,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,gBAAgB,UAAU,CAAC,WAAW,QAAQ,UAAU,CAAC,YAAY,SAAS,UAAU,CAAC,WAAW,QAAQ,CAAC,CAAC;wBACvI,CAAC;wBACD,WAAW,CAAC,GAAG,EAAE,GAAG,MAAM,gBAAgB,KAAK,CAAC,UAAU,EAAE,KAAK,SAAS,WAAW,aAAa,cAAc,CAAC,CAAC;oBACpH,CAAC;yBAAM,CAAC;wBACN,MAAM,WAAW,GAAG,OAAiD,CAAC;wBACtE,YAAY,GAAG,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,sBAAsB,WAAW,CAAC,OAAO,EAAE,CAAC;wBAC7F,WAAW,CAAC,GAAG,EAAE,GAAG,MAAM,WAAW,WAAW,CAAC,OAAO,KAAK,KAAK,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;oBACtF,CAAC;gBACH,CAAC;YACH,CAAC;QACD,CAAC;gBAAS,CAAC;YACT,aAAa,CAAC,iBAAiB,CAAC,CAAC;QACnC,CAAC;QAED,IAAI,YAAY,EAAE,CAAC;YACjB,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,UAAU,YAAY,EAAE,CAAC,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;QAChC,CAAC;QAED,IAAI,CAAC,UAAU,IAAI,CAAC,gBAAgB,IAAI,CAAC,YAAY,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,QAAQ,CAAC,GAAG,EAAE,GAAG,MAAM,WAAW,UAAU,CAAC,MAAM,QAAQ,CAAC,CAAC;QAC7D,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,YAAY,CAAC,GAAG,EAAE,GAAG,MAAM,kBAAkB,EAAE,UAAU,CAAC,CAAC;QAC7D,CAAC;QAED,+EAA+E;QAC/E,+EAA+E;QAC/E,mFAAmF;QACnF,2EAA2E;QAC3E,IAAI,gBAAgB,EAAE,CAAC;YACrB,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,gBAAgB,EAAE,UAAU,EAAE,CAAC;QACnE,CAAC;QAED,0EAA0E;QAC1E,sCAAsC;QACtC,8CAA8C;QAC9C,2DAA2D;QAC3D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,cAAc,CAAC;IAC9C,CAAC;CACF"}

package/dist/cli.d.ts

@@ -0,0 +1,13 @@
+#!/usr/bin/env node
+/**
+ * Unified CLI entry point for aghast.
+ * Subcommand router: delegates to `scan` or `new-check`.
+ *
+ * Usage:
+ *   aghast scan <repo-path> [options]
+ *   aghast new-check [options]
+ *   aghast --help
+ *   aghast --version
+ */
+import 'dotenv/config';
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;;;;;GASG;AAEH,OAAO,eAAe,CAAC"}

package/dist/cli.js

@@ -0,0 +1,78 @@
+#!/usr/bin/env node
+/**
+ * Unified CLI entry point for aghast.
+ * Subcommand router: delegates to `scan` or `new-check`.
+ *
+ * Usage:
+ *   aghast scan <repo-path> [options]
+ *   aghast new-check [options]
+ *   aghast --help
+ *   aghast --version
+ */
+import 'dotenv/config';
+import { createRequire } from 'node:module';
+import { ERROR_CODES, formatError, formatFatalError } from './error-codes.js';
+// Signal to subcommand modules that they're being imported, not run directly
+process.env._AGHAST_CLI = '1';
+const USAGE = `Usage: aghast <command> [options]
+
+Commands:
+  scan        Run security checks against a repository
+  new-check   Scaffold a new security check
+
+Options:
+  --help      Show this help message
+  --version   Show version number
+
+Run 'aghast <command> --help' for more information on a command.`;
+function getVersion() {
+    const require = createRequire(import.meta.url);
+    const pkg = require('../package.json');
+    return pkg.version;
+}
+function printVersion() {
+    console.log(getVersion());
+}
+async function main() {
+    // Graceful shutdown on POSIX signals
+    process.on('SIGINT', () => {
+        process.exit(130);
+    });
+    process.on('SIGTERM', () => {
+        process.exit(143);
+    });
+    const args = process.argv.slice(2);
+    const command = args[0];
+    if (!command || command === '--help' || command === '-h') {
+        console.log(USAGE);
+        process.exit(0);
+    }
+    if (command === '--version' || command === '-V') {
+        printVersion();
+        process.exit(0);
+    }
+    const subArgs = args.slice(1);
+    switch (command) {
+        case 'scan': {
+            const { runScan } = await import('./index.js');
+            await runScan(subArgs);
+            break;
+        }
+        case 'new-check': {
+            const { runNewCheck } = await import('./new-check.js');
+            await runNewCheck(subArgs);
+            break;
+        }
+        default:
+            console.error(formatError(ERROR_CODES.E1002, `Unknown command: ${command}`));
+            console.error('');
+            console.error(USAGE);
+            process.exit(1);
+    }
+}
+main().catch((err) => {
+    console.error('');
+    console.error(formatFatalError(err instanceof Error ? err.message : String(err), getVersion()));
+    process.exit(1);
+});
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA;;;;;;;;;GASG;AAEH,OAAO,eAAe,CAAC;AACvB,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAE9E,6EAA6E;AAC7E,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,GAAG,CAAC;AAE9B,MAAM,KAAK,GAAG;;;;;;;;;;iEAUmD,CAAC;AAElE,SAAS,UAAU;IACjB,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAwB,CAAC;IAC9D,OAAO,GAAG,CAAC,OAAO,CAAC;AACrB,CAAC;AAED,SAAS,YAAY;IACnB,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,qCAAqC;IACrC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;QACxB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;QACzB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IAExB,IAAI,CAAC,OAAO,IAAI,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,IAAI,OAAO,KAAK,WAAW,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QAChD,YAAY,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE9B,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;YAC/C,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;YACvB,MAAM;QACR,CAAC;QACD,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,gBAAgB,CAAC,CAAC;YACvD,MAAM,WAAW,CAAC,OAAO,CAAC,CAAC;YAC3B,MAAM;QACR,CAAC;QACD;YACE,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,KAAK,EAAE,oBAAoB,OAAO,EAAE,CAAC,CAAC,CAAC;YAC7E,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAClB,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;IAChG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/colors.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Color helpers for CLI output.
+ * Uses picocolors which automatically respects NO_COLOR env var and non-TTY.
+ */
+export declare function colorStatus(status: string): string;
+export declare function colorError(message: string): string;
+//# sourceMappingURL=colors.d.ts.map

package/dist/colors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"colors.d.ts","sourceRoot":"","sources":["../src/colors.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAQlD;AAED,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAElD"}

package/dist/colors.js

@@ -0,0 +1,18 @@
+/**
+ * Color helpers for CLI output.
+ * Uses picocolors which automatically respects NO_COLOR env var and non-TTY.
+ */
+import pc from 'picocolors';
+export function colorStatus(status) {
+    switch (status) {
+        case 'PASS': return pc.green(status);
+        case 'FAIL': return pc.red(status);
+        case 'FLAG': return pc.yellow(status);
+        case 'ERROR': return pc.red(status);
+        default: return status;
+    }
+}
+export function colorError(message) {
+    return pc.red(message);
+}
+//# sourceMappingURL=colors.js.map

package/dist/colors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"colors.js","sourceRoot":"","sources":["../src/colors.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,YAAY,CAAC;AAE5B,MAAM,UAAU,WAAW,CAAC,MAAc;IACxC,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACrC,KAAK,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACnC,KAAK,MAAM,CAAC,CAAC,OAAO,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QACtC,KAAK,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpC,OAAO,CAAC,CAAC,OAAO,MAAM,CAAC;IACzB,CAAC;AACH,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,OAAe;IACxC,OAAO,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AACzB,CAAC"}

package/dist/error-codes.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Trackable error codes for CLI error paths.
+ *
+ * Numbering scheme:
+ *   E1xxx — CLI parsing (argument/flag/command errors)
+ *   E2xxx — Configuration (config dir, checks, runtime config)
+ *   E3xxx — AI provider
+ *   E4xxx — Repository/target validation
+ *   E5xxx — Semgrep
+ *   E9xxx — Internal/fatal
+ */
+export interface ErrorCode {
+    code: string;
+    label: string;
+}
+export declare const ERROR_CODES: {
+    readonly E1001: ErrorCode;
+    readonly E1002: ErrorCode;
+    readonly E1003: ErrorCode;
+    readonly E2001: ErrorCode;
+    readonly E2002: ErrorCode;
+    readonly E2003: ErrorCode;
+    readonly E2004: ErrorCode;
+    readonly E2005: ErrorCode;
+    readonly E3001: ErrorCode;
+    readonly E3002: ErrorCode;
+    readonly E3003: ErrorCode;
+    readonly E4001: ErrorCode;
+    readonly E5001: ErrorCode;
+    readonly E5002: ErrorCode;
+    readonly E9001: ErrorCode;
+};
+/**
+ * Format an error message with a trackable error code.
+ * Output: "Error [E1001]: <message>"
+ */
+export declare function formatError(errorCode: ErrorCode, message: string): string;
+/**
+ * Format a fatal error with version and bug report URL.
+ */
+export declare function formatFatalError(message: string, version: string): string;
+//# sourceMappingURL=error-codes.d.ts.map

package/dist/error-codes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-codes.d.ts","sourceRoot":"","sources":["../src/error-codes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAMD,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;CA2Bd,CAAC;AAEX;;;GAGG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAEzE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAWzE"}

package/dist/error-codes.js

@@ -0,0 +1,60 @@
+/**
+ * Trackable error codes for CLI error paths.
+ *
+ * Numbering scheme:
+ *   E1xxx — CLI parsing (argument/flag/command errors)
+ *   E2xxx — Configuration (config dir, checks, runtime config)
+ *   E3xxx — AI provider
+ *   E4xxx — Repository/target validation
+ *   E5xxx — Semgrep
+ *   E9xxx — Internal/fatal
+ */
+function ec(code, label) {
+    return { code, label };
+}
+export const ERROR_CODES = {
+    // E1xxx — CLI parsing
+    E1001: ec('E1001', 'Missing required flag argument'),
+    E1002: ec('E1002', 'Unknown command'),
+    E1003: ec('E1003', 'Required input missing'),
+    // E2xxx — Configuration
+    E2001: ec('E2001', 'Config directory not specified'),
+    E2002: ec('E2002', 'Config directory structure invalid'),
+    E2003: ec('E2003', 'No checks found'),
+    E2004: ec('E2004', 'Invalid check definition'),
+    E2005: ec('E2005', 'Configuration error'),
+    // E3xxx — AI provider
+    E3001: ec('E3001', 'API key missing'),
+    E3002: ec('E3002', 'Unknown AI provider'),
+    E3003: ec('E3003', 'Mock AI response file not found'),
+    // E4xxx — Repository/target validation
+    E4001: ec('E4001', 'Repository path not found'),
+    // E5xxx — Semgrep
+    E5001: ec('E5001', 'Semgrep not installed'),
+    E5002: ec('E5002', 'Semgrep execution failed'),
+    // E9xxx — Internal
+    E9001: ec('E9001', 'Fatal internal error'),
+};
+/**
+ * Format an error message with a trackable error code.
+ * Output: "Error [E1001]: <message>"
+ */
+export function formatError(errorCode, message) {
+    return `Error [${errorCode.code}]: ${message}`;
+}
+/**
+ * Format a fatal error with version and bug report URL.
+ */
+export function formatFatalError(message, version) {
+    const title = encodeURIComponent(`[Bug] ${message}`);
+    const body = encodeURIComponent(`**Version:** ${version}\n\n**Error:**\n${message}`);
+    const url = `https://github.com/BounceSecurity/aghast/issues/new?title=${title}&body=${body}&labels=bug`;
+    return [
+        `AGHAST Fatal Error [${ERROR_CODES.E9001.code}]: ${message}`,
+        `Version: ${version}`,
+        '',
+        `If this is unexpected, please report it:`,
+        `  ${url}`,
+    ].join('\n');
+}
+//# sourceMappingURL=error-codes.js.map

package/dist/error-codes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-codes.js","sourceRoot":"","sources":["../src/error-codes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAOH,SAAS,EAAE,CAAC,IAAY,EAAE,KAAa;IACrC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACzB,CAAC;AAED,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,sBAAsB;IACtB,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,gCAAgC,CAAC;IACpD,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,iBAAiB,CAAC;IACrC,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,wBAAwB,CAAC;IAE5C,wBAAwB;IACxB,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,gCAAgC,CAAC;IACpD,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,oCAAoC,CAAC;IACxD,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,iBAAiB,CAAC;IACrC,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,0BAA0B,CAAC;IAC9C,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,qBAAqB,CAAC;IAEzC,sBAAsB;IACtB,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,iBAAiB,CAAC;IACrC,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,qBAAqB,CAAC;IACzC,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,iCAAiC,CAAC;IAErD,uCAAuC;IACvC,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,2BAA2B,CAAC;IAE/C,kBAAkB;IAClB,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,uBAAuB,CAAC;IAC3C,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,0BAA0B,CAAC;IAE9C,mBAAmB;IACnB,KAAK,EAAE,EAAE,CAAC,OAAO,EAAE,sBAAsB,CAAC;CAClC,CAAC;AAEX;;;GAGG;AACH,MAAM,UAAU,WAAW,CAAC,SAAoB,EAAE,OAAe;IAC/D,OAAO,UAAU,SAAS,CAAC,IAAI,MAAM,OAAO,EAAE,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAe,EAAE,OAAe;IAC/D,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,OAAO,EAAE,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,kBAAkB,CAAC,gBAAgB,OAAO,mBAAmB,OAAO,EAAE,CAAC,CAAC;IACrF,MAAM,GAAG,GAAG,6DAA6D,KAAK,SAAS,IAAI,aAAa,CAAC;IACzG,OAAO;QACL,uBAAuB,WAAW,CAAC,KAAK,CAAC,IAAI,MAAM,OAAO,EAAE;QAC5D,YAAY,OAAO,EAAE;QACrB,EAAE;QACF,0CAA0C;QAC1C,KAAK,GAAG,EAAE;KACX,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC"}

package/dist/formatters/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Formatter registry — resolves output format IDs to formatter instances.
+ */
+import type { OutputFormatter } from './types.js';
+export type { OutputFormatter } from './types.js';
+/** Returns the formatter for the given ID, or throws listing available formats. */
+export declare function getFormatter(id: string): OutputFormatter;
+/** Returns all registered format IDs. */
+export declare function getAvailableFormats(): string[];
+//# sourceMappingURL=index.d.ts.map

package/dist/formatters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/formatters/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAIlD,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAOlD,mFAAmF;AACnF,wBAAgB,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,eAAe,CAOxD;AAED,yCAAyC;AACzC,wBAAgB,mBAAmB,IAAI,MAAM,EAAE,CAE9C"}

package/dist/formatters/index.js

@@ -0,0 +1,23 @@
+/**
+ * Formatter registry — resolves output format IDs to formatter instances.
+ */
+import { JsonFormatter } from './json-formatter.js';
+import { SarifFormatter } from './sarif-formatter.js';
+const formatters = new Map([
+    ['json', new JsonFormatter()],
+    ['sarif', new SarifFormatter()],
+]);
+/** Returns the formatter for the given ID, or throws listing available formats. */
+export function getFormatter(id) {
+    const formatter = formatters.get(id);
+    if (!formatter) {
+        const available = getAvailableFormats().join(', ');
+        throw new Error(`Unknown output format "${id}". Available formats: ${available}`);
+    }
+    return formatter;
+}
+/** Returns all registered format IDs. */
+export function getAvailableFormats() {
+    return Array.from(formatters.keys());
+}
+//# sourceMappingURL=index.js.map

package/dist/formatters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/formatters/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAItD,MAAM,UAAU,GAAG,IAAI,GAAG,CAA0B;IAClD,CAAC,MAAM,EAAE,IAAI,aAAa,EAAE,CAAC;IAC7B,CAAC,OAAO,EAAE,IAAI,cAAc,EAAE,CAAC;CAChC,CAAC,CAAC;AAEH,mFAAmF;AACnF,MAAM,UAAU,YAAY,CAAC,EAAU;IACrC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACrC,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,0BAA0B,EAAE,yBAAyB,SAAS,EAAE,CAAC,CAAC;IACpF,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,yCAAyC;AACzC,MAAM,UAAU,mBAAmB;IACjC,OAAO,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;AACvC,CAAC"}

package/dist/formatters/json-formatter.d.ts

@@ -0,0 +1,11 @@
+/**
+ * JSON output formatter — reproduces current default behavior.
+ */
+import type { ScanResults } from '../types.js';
+import type { OutputFormatter } from './types.js';
+export declare class JsonFormatter implements OutputFormatter {
+    readonly id = "json";
+    readonly fileExtension = ".json";
+    format(results: ScanResults): string;
+}
+//# sourceMappingURL=json-formatter.d.ts.map

package/dist/formatters/json-formatter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"json-formatter.d.ts","sourceRoot":"","sources":["../../src/formatters/json-formatter.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,qBAAa,aAAc,YAAW,eAAe;IACnD,QAAQ,CAAC,EAAE,UAAU;IACrB,QAAQ,CAAC,aAAa,WAAW;IAEjC,MAAM,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM;CAGrC"}

package/dist/formatters/json-formatter.js

@@ -0,0 +1,11 @@
+/**
+ * JSON output formatter — reproduces current default behavior.
+ */
+export class JsonFormatter {
+    id = 'json';
+    fileExtension = '.json';
+    format(results) {
+        return JSON.stringify(results, null, 2);
+    }
+}
+//# sourceMappingURL=json-formatter.js.map

package/dist/formatters/json-formatter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"json-formatter.js","sourceRoot":"","sources":["../../src/formatters/json-formatter.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,MAAM,OAAO,aAAa;IACf,EAAE,GAAG,MAAM,CAAC;IACZ,aAAa,GAAG,OAAO,CAAC;IAEjC,MAAM,CAAC,OAAoB;QACzB,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC1C,CAAC;CACF"}

package/dist/formatters/sarif-formatter.d.ts

@@ -0,0 +1,18 @@
+/**
+ * SARIF 2.1.0 output formatter.
+ * Maps ScanResults to the SARIF schema for integration with
+ * code scanning UIs (e.g. GitHub Code Scanning) and SARIF viewers.
+ */
+import type { ScanResults } from '../types.js';
+import type { OutputFormatter } from './types.js';
+/** Maps aghast severity to SARIF result level. */
+export declare function mapSeverityToLevel(severity: string | undefined): 'error' | 'warning' | 'note';
+export declare class SarifFormatter implements OutputFormatter {
+    readonly id = "sarif";
+    readonly fileExtension = ".sarif";
+    format(results: ScanResults): string;
+    private buildRules;
+    private buildResults;
+    private buildCodeFlow;
+}
+//# sourceMappingURL=sarif-formatter.d.ts.map

package/dist/formatters/sarif-formatter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif-formatter.d.ts","sourceRoot":"","sources":["../../src/formatters/sarif-formatter.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,WAAW,EAA+B,MAAM,aAAa,CAAC;AAC5E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAElD,kDAAkD;AAClD,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,CAY7F;AA0DD,qBAAa,cAAe,YAAW,eAAe;IACpD,QAAQ,CAAC,EAAE,WAAW;IACtB,QAAQ,CAAC,aAAa,YAAY;IAElC,MAAM,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM;IAwBpC,OAAO,CAAC,UAAU;IAclB,OAAO,CAAC,YAAY;IAgCpB,OAAO,CAAC,aAAa;CAiBtB"}