@bouncesecurity/aghast 0.0.13

package/dist/provider-registry.d.ts

@@ -0,0 +1,15 @@
+/**
+ * AI Provider Registry.
+ *
+ * Allows providers to be registered by name and resolved at runtime.
+ * Adding a new provider requires only implementing the AIProvider interface
+ * and calling registerProvider.
+ */
+import type { AIProvider } from './types.js';
+export type ProviderFactory = () => AIProvider;
+export declare function registerProvider(name: string, factory: ProviderFactory): void;
+export declare function createProviderByName(name: string): AIProvider;
+export declare function getProviderNames(): string[];
+/** Default provider name — used as fallback in CLI when AI_PROVIDER / runtime config not set. */
+export declare const DEFAULT_PROVIDER_NAME = "claude-code";
+//# sourceMappingURL=provider-registry.d.ts.map

package/dist/provider-registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider-registry.d.ts","sourceRoot":"","sources":["../src/provider-registry.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAG7C,MAAM,MAAM,eAAe,GAAG,MAAM,UAAU,CAAC;AAI/C,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,eAAe,GAAG,IAAI,CAE7E;AAED,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,CAQ7D;AAED,wBAAgB,gBAAgB,IAAI,MAAM,EAAE,CAE3C;AAED,iGAAiG;AACjG,eAAO,MAAM,qBAAqB,gBAAgB,CAAC"}

package/dist/provider-registry.js

@@ -0,0 +1,27 @@
+/**
+ * AI Provider Registry.
+ *
+ * Allows providers to be registered by name and resolved at runtime.
+ * Adding a new provider requires only implementing the AIProvider interface
+ * and calling registerProvider.
+ */
+import { ClaudeCodeProvider } from './claude-code-provider.js';
+const registry = new Map();
+export function registerProvider(name, factory) {
+    registry.set(name, factory);
+}
+export function createProviderByName(name) {
+    const factory = registry.get(name);
+    if (!factory) {
+        throw new Error(`Unknown AI provider "${name}". Supported providers: ${[...registry.keys()].join(', ')}`);
+    }
+    return factory();
+}
+export function getProviderNames() {
+    return [...registry.keys()];
+}
+/** Default provider name — used as fallback in CLI when AI_PROVIDER / runtime config not set. */
+export const DEFAULT_PROVIDER_NAME = 'claude-code';
+// Register built-in providers
+registerProvider(DEFAULT_PROVIDER_NAME, () => new ClaudeCodeProvider());
+//# sourceMappingURL=provider-registry.js.map

package/dist/provider-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider-registry.js","sourceRoot":"","sources":["../src/provider-registry.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAI/D,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA2B,CAAC;AAEpD,MAAM,UAAU,gBAAgB,CAAC,IAAY,EAAE,OAAwB;IACrE,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC9B,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,IAAY;IAC/C,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACnC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,wBAAwB,IAAI,2BAA2B,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACzF,CAAC;IACJ,CAAC;IACD,OAAO,OAAO,EAAE,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,OAAO,CAAC,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;AAC9B,CAAC;AAED,iGAAiG;AACjG,MAAM,CAAC,MAAM,qBAAqB,GAAG,aAAa,CAAC;AAEnD,8BAA8B;AAC9B,gBAAgB,CAAC,qBAAqB,EAAE,GAAG,EAAE,CAAC,IAAI,kBAAkB,EAAE,CAAC,CAAC"}

package/dist/repository-analyzer.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Repository Analyzer component.
+ * Extracts Git metadata from target repositories.
+ * Implements spec Appendix B.4.
+ */
+import type { RepositoryInfo } from './types.js';
+/**
+ * Result of repository analysis including branch and commit.
+ */
+export interface RepositoryAnalysis {
+    repository: RepositoryInfo;
+    branch?: string;
+    commit?: string;
+}
+/**
+ * Check if a directory is a Git repository.
+ */
+export declare function isGitRepository(path: string): Promise<boolean>;
+/**
+ * Get the Git remote URL for 'origin'.
+ * Returns undefined if no origin remote is configured.
+ */
+export declare function getRemoteUrl(path: string): Promise<string | undefined>;
+/**
+ * Get the current Git branch name.
+ * Returns undefined if HEAD is detached or not on a branch.
+ */
+export declare function getCurrentBranch(path: string): Promise<string | undefined>;
+/**
+ * Get the current commit hash (full SHA).
+ */
+export declare function getCommitHash(path: string): Promise<string | undefined>;
+/**
+ * Sanitize a Git URL by removing embedded credentials.
+ * Handles URLs like:
+ * - https://user:pass@github.com/org/repo
+ * - ssh://user:pass@github.com/org/repo
+ */
+export declare function sanitizeUrl(url: string): string;
+/**
+ * Normalize a Git URL by removing the .git suffix and cleaning up the URL.
+ * Extracts org/repo path for common providers.
+ */
+export declare function normalizeUrl(url: string): string;
+/**
+ * Parse a Git URL and extract the organization and repository name.
+ * Returns { org, repo } or undefined if parsing fails.
+ *
+ * For URLs with nested paths (e.g., org/suborg/repo), returns the last
+ * two path segments as org and repo respectively.
+ */
+export declare function parseGitUrl(url: string): {
+    org: string;
+    repo: string;
+} | undefined;
+/**
+ * Normalize a repository path/URL for matching purposes.
+ * 1. Remove .git suffix (via normalizeUrl)
+ * 2. Replace backslashes with forward slashes
+ * 3. Convert to lowercase
+ */
+export declare function normalizeRepoPath(repoPathOrUrl: string): string;
+/**
+ * Analyze a repository and extract all Git metadata.
+ * For non-Git directories, returns a RepositoryInfo with isGitRepository: false.
+ */
+export declare function analyzeRepository(path: string): Promise<RepositoryAnalysis>;
+//# sourceMappingURL=repository-analyzer.d.ts.map

package/dist/repository-analyzer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"repository-analyzer.d.ts","sourceRoot":"","sources":["../src/repository-analyzer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAOH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAKjD;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,cAAc,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAQpE;AA8BD;;;GAGG;AACH,wBAAsB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAO5E;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAO7B;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAE7E;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAmC/C;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAchD;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CA6BlF;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,aAAa,EAAE,MAAM,GAAG,MAAM,CAK/D;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,kBAAkB,CAAC,CAqD7B"}

package/dist/repository-analyzer.js

@@ -0,0 +1,230 @@
+/**
+ * Repository Analyzer component.
+ * Extracts Git metadata from target repositories.
+ * Implements spec Appendix B.4.
+ */
+import { execFile } from 'node:child_process';
+import { promisify } from 'node:util';
+import { access, constants } from 'node:fs/promises';
+import { join } from 'node:path';
+import { logDebug, logProgress } from './logging.js';
+const execFileAsync = promisify(execFile);
+const TAG = 'repo-analyzer';
+/**
+ * Check if a directory is a Git repository.
+ */
+export async function isGitRepository(path) {
+    try {
+        const gitDir = join(path, '.git');
+        await access(gitDir, constants.F_OK);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Execute a git command in the specified directory.
+ * Returns the trimmed stdout, or undefined if the command fails.
+ *
+ * Note: 10 second timeout is sufficient for most git metadata commands.
+ * Commands like rev-parse are fast even on large repositories.
+ *
+ * Security: Uses execFile with argument array to prevent command injection.
+ * The args parameter is split on whitespace and passed as separate arguments.
+ */
+async function gitCommand(path, args) {
+    try {
+        const argArray = args.split(/\s+/).filter(Boolean);
+        const { stdout } = await execFileAsync('git', argArray, {
+            cwd: path,
+            timeout: 10000,
+        });
+        return stdout.trim();
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        logDebug(TAG, `Git command failed (git ${args}): ${message}`);
+        return undefined;
+    }
+}
+/**
+ * Get the Git remote URL for 'origin'.
+ * Returns undefined if no origin remote is configured.
+ */
+export async function getRemoteUrl(path) {
+    const url = await gitCommand(path, 'config --get remote.origin.url');
+    if (!url) {
+        logDebug(TAG, 'No origin remote configured');
+        return undefined;
+    }
+    return url;
+}
+/**
+ * Get the current Git branch name.
+ * Returns undefined if HEAD is detached or not on a branch.
+ */
+export async function getCurrentBranch(path) {
+    const branch = await gitCommand(path, 'rev-parse --abbrev-ref HEAD');
+    if (!branch || branch === 'HEAD') {
+        logDebug(TAG, 'Detached HEAD or no branch');
+        return undefined;
+    }
+    return branch;
+}
+/**
+ * Get the current commit hash (full SHA).
+ */
+export async function getCommitHash(path) {
+    return gitCommand(path, 'rev-parse HEAD');
+}
+/**
+ * Sanitize a Git URL by removing embedded credentials.
+ * Handles URLs like:
+ * - https://user:pass@github.com/org/repo
+ * - ssh://user:pass@github.com/org/repo
+ */
+export function sanitizeUrl(url) {
+    try {
+        // Handle standard SSH URLs (git@github.com:org/repo.git)
+        // These use key-based auth, not embedded credentials
+        if (url.startsWith('git@') && !url.includes('://')) {
+            return url;
+        }
+        // Handle other non-URL SSH formats (user@host:path without protocol)
+        // But only if there's no colon before the @ (which would indicate credentials)
+        if (url.includes('@') && !url.includes('://')) {
+            const atIndex = url.indexOf('@');
+            const colonBeforeAt = url.lastIndexOf(':', atIndex);
+            // If there's a colon before @, it's likely credentials (user:pass@host)
+            // Standard SSH format is user@host:path (colon after @)
+            if (colonBeforeAt === -1) {
+                return url;
+            }
+            // Has credentials in SSH-style URL, strip them
+            return url.slice(atIndex + 1);
+        }
+        // Handle URLs with protocol (https://, ssh://, etc.)
+        const parsed = new URL(url);
+        if (parsed.username || parsed.password) {
+            parsed.username = '';
+            parsed.password = '';
+            return parsed.toString();
+        }
+        return url;
+    }
+    catch {
+        // If URL parsing fails, try a regex-based approach
+        // Matches protocol://user:pass@host or protocol://user@host
+        return url.replace(/^([a-z]+:\/\/)[^@]+@/, '$1');
+    }
+}
+/**
+ * Normalize a Git URL by removing the .git suffix and cleaning up the URL.
+ * Extracts org/repo path for common providers.
+ */
+export function normalizeUrl(url) {
+    let normalized = url;
+    // Remove trailing .git suffix
+    if (normalized.endsWith('.git')) {
+        normalized = normalized.slice(0, -4);
+    }
+    // Remove trailing slashes
+    while (normalized.endsWith('/')) {
+        normalized = normalized.slice(0, -1);
+    }
+    return normalized;
+}
+/**
+ * Parse a Git URL and extract the organization and repository name.
+ * Returns { org, repo } or undefined if parsing fails.
+ *
+ * For URLs with nested paths (e.g., org/suborg/repo), returns the last
+ * two path segments as org and repo respectively.
+ */
+export function parseGitUrl(url) {
+    const normalized = normalizeUrl(sanitizeUrl(url));
+    // SSH format: git@github.com:org/repo or git@github.com:org/suborg/repo
+    // Match host:path where path contains at least one slash
+    const sshMatch = normalized.match(/^git@[^:]+:(.+)$/);
+    if (sshMatch) {
+        const pathPart = sshMatch[1];
+        const segments = pathPart.split('/').filter(Boolean);
+        if (segments.length >= 2) {
+            // Take last segment as repo, second-to-last as org
+            return { org: segments[segments.length - 2], repo: segments[segments.length - 1] };
+        }
+        return undefined;
+    }
+    // HTTPS format: https://github.com/org/repo
+    try {
+        const parsed = new URL(normalized);
+        const pathParts = parsed.pathname.split('/').filter(Boolean);
+        if (pathParts.length >= 2) {
+            // Take last segment as repo, second-to-last as org
+            return { org: pathParts[pathParts.length - 2], repo: pathParts[pathParts.length - 1] };
+        }
+    }
+    catch {
+        // Not a valid URL
+    }
+    return undefined;
+}
+/**
+ * Normalize a repository path/URL for matching purposes.
+ * 1. Remove .git suffix (via normalizeUrl)
+ * 2. Replace backslashes with forward slashes
+ * 3. Convert to lowercase
+ */
+export function normalizeRepoPath(repoPathOrUrl) {
+    let normalized = normalizeUrl(repoPathOrUrl);
+    normalized = normalized.replace(/\\/g, '/');
+    normalized = normalized.toLowerCase();
+    return normalized;
+}
+/**
+ * Analyze a repository and extract all Git metadata.
+ * For non-Git directories, returns a RepositoryInfo with isGitRepository: false.
+ */
+export async function analyzeRepository(path) {
+    const isGit = await isGitRepository(path);
+    if (!isGit) {
+        logProgress(TAG, `Warning: ${path} is not a Git repository`);
+        return {
+            repository: {
+                path,
+                isGitRepository: false,
+            },
+        };
+    }
+    logDebug(TAG, `Analyzing Git repository: ${path}`);
+    const [rawRemoteUrl, branch, commit] = await Promise.all([
+        getRemoteUrl(path),
+        getCurrentBranch(path),
+        getCommitHash(path),
+    ]);
+    // Sanitize and normalize the remote URL
+    const remoteUrl = rawRemoteUrl
+        ? normalizeUrl(sanitizeUrl(rawRemoteUrl))
+        : undefined;
+    const repository = {
+        path,
+        isGitRepository: true,
+    };
+    if (remoteUrl) {
+        repository.remoteUrl = remoteUrl;
+    }
+    if (branch) {
+        repository.branch = branch;
+    }
+    if (commit) {
+        repository.commit = commit;
+    }
+    logDebug(TAG, `Repository analysis complete: branch=${branch ?? 'none'}, commit=${commit?.slice(0, 7) ?? 'none'}`);
+    return {
+        repository,
+        branch,
+        commit,
+    };
+}
+//# sourceMappingURL=repository-analyzer.js.map

package/dist/repository-analyzer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"repository-analyzer.js","sourceRoot":"","sources":["../src/repository-analyzer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAGrD,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;AAC1C,MAAM,GAAG,GAAG,eAAe,CAAC;AAW5B;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,IAAY;IAChD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAClC,MAAM,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,KAAK,UAAU,UAAU,CACvB,IAAY,EACZ,IAAY;IAEZ,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,QAAQ,EAAE;YACtD,GAAG,EAAE,IAAI;YACT,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;IACvB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,QAAQ,CAAC,GAAG,EAAE,2BAA2B,IAAI,MAAM,OAAO,EAAE,CAAC,CAAC;QAC9D,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAY;IAC7C,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,gCAAgC,CAAC,CAAC;IACrE,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,QAAQ,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAC;QAC7C,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,IAAY;IAEZ,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,6BAA6B,CAAC,CAAC;IACrE,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACjC,QAAQ,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC;QAC5C,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAY;IAC9C,OAAO,UAAU,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;AAC5C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,IAAI,CAAC;QACH,yDAAyD;QACzD,qDAAqD;QACrD,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACnD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,qEAAqE;QACrE,+EAA+E;QAC/E,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9C,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,aAAa,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YACpD,wEAAwE;YACxE,wDAAwD;YACxD,IAAI,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;gBACzB,OAAO,GAAG,CAAC;YACb,CAAC;YACD,+CAA+C;YAC/C,OAAO,GAAG,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;QAChC,CAAC;QAED,qDAAqD;QACrD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACvC,MAAM,CAAC,QAAQ,GAAG,EAAE,CAAC;YACrB,MAAM,CAAC,QAAQ,GAAG,EAAE,CAAC;YACrB,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAAC,MAAM,CAAC;QACP,mDAAmD;QACnD,4DAA4D;QAC5D,OAAO,GAAG,CAAC,OAAO,CAAC,sBAAsB,EAAE,IAAI,CAAC,CAAC;IACnD,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,IAAI,UAAU,GAAG,GAAG,CAAC;IAErB,8BAA8B;IAC9B,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QAChC,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,0BAA0B;IAC1B,OAAO,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAChC,UAAU,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,MAAM,UAAU,GAAG,YAAY,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;IAElD,wEAAwE;IACxE,yDAAyD;IACzD,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACtD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,QAAQ,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC7B,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACrD,IAAI,QAAQ,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YACzB,mDAAmD;YACnD,OAAO,EAAE,GAAG,EAAE,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;QACrF,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,4CAA4C;IAC5C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;QACnC,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC7D,IAAI,SAAS,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;YAC1B,mDAAmD;YACnD,OAAO,EAAE,GAAG,EAAE,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC;QACzF,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,kBAAkB;IACpB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,aAAqB;IACrD,IAAI,UAAU,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;IAC7C,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC5C,UAAU,GAAG,UAAU,CAAC,WAAW,EAAE,CAAC;IACtC,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,IAAY;IAEZ,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,IAAI,CAAC,CAAC;IAE1C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,WAAW,CAAC,GAAG,EAAE,YAAY,IAAI,0BAA0B,CAAC,CAAC;QAC7D,OAAO;YACL,UAAU,EAAE;gBACV,IAAI;gBACJ,eAAe,EAAE,KAAK;aACvB;SACF,CAAC;IACJ,CAAC;IAED,QAAQ,CAAC,GAAG,EAAE,6BAA6B,IAAI,EAAE,CAAC,CAAC;IAEnD,MAAM,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACvD,YAAY,CAAC,IAAI,CAAC;QAClB,gBAAgB,CAAC,IAAI,CAAC;QACtB,aAAa,CAAC,IAAI,CAAC;KACpB,CAAC,CAAC;IAEH,wCAAwC;IACxC,MAAM,SAAS,GAAG,YAAY;QAC5B,CAAC,CAAC,YAAY,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC,CAAC,SAAS,CAAC;IAEd,MAAM,UAAU,GAAmB;QACjC,IAAI;QACJ,eAAe,EAAE,IAAI;KACtB,CAAC;IAEF,IAAI,SAAS,EAAE,CAAC;QACd,UAAU,CAAC,SAAS,GAAG,SAAS,CAAC;IACnC,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC;IAC7B,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC;IAC7B,CAAC;IAED,QAAQ,CACN,GAAG,EACH,wCAAwC,MAAM,IAAI,MAAM,YAAY,MAAM,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,EAAE,CACpG,CAAC;IAEF,OAAO;QACL,UAAU;QACV,MAAM;QACN,MAAM;KACP,CAAC;AACJ,CAAC"}

package/dist/response-parser.d.ts

@@ -0,0 +1,12 @@
+/**
+ * AI response parser.
+ * Parses raw AI responses into CheckResponse format (spec Appendix A.3b).
+ * Handles malformed JSON, missing fields, and edge cases.
+ */
+import type { CheckResponse } from './types.js';
+/**
+ * Attempt to parse a raw AI response string into a CheckResponse.
+ * Returns undefined if the response is not valid JSON or lacks the expected structure.
+ */
+export declare function parseAIResponse(raw: string): CheckResponse | undefined;
+//# sourceMappingURL=response-parser.d.ts.map

package/dist/response-parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"response-parser.d.ts","sourceRoot":"","sources":["../src/response-parser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAyB,MAAM,YAAY,CAAC;AAKvE;;;GAGG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS,CAgHtE"}

package/dist/response-parser.js

@@ -0,0 +1,109 @@
+/**
+ * AI response parser.
+ * Parses raw AI responses into CheckResponse format (spec Appendix A.3b).
+ * Handles malformed JSON, missing fields, and edge cases.
+ */
+import { logDebug } from './logging.js';
+const TAG = 'parser';
+/**
+ * Attempt to parse a raw AI response string into a CheckResponse.
+ * Returns undefined if the response is not valid JSON or lacks the expected structure.
+ */
+export function parseAIResponse(raw) {
+    logDebug(TAG, `Parsing response: ${raw.length} chars`);
+    const tryParse = (text) => {
+        try {
+            return JSON.parse(text);
+        }
+        catch {
+            return undefined;
+        }
+    };
+    // 1) Direct parse
+    let parsed = tryParse(raw);
+    // 2) If that fails, look for a fenced code block (```json ... ```)
+    if (parsed === undefined) {
+        const fence = raw.match(/```(?:json)?\s*([\s\S]*?)```/i);
+        if (fence?.[1]) {
+            logDebug(TAG, 'Trying fenced code block extraction');
+            parsed = tryParse(fence[1]);
+        }
+    }
+    // 3) If still failing, grab the first balanced-looking JSON object
+    if (parsed === undefined) {
+        const firstBrace = raw.indexOf('{');
+        const lastBrace = raw.lastIndexOf('}');
+        if (firstBrace !== -1 && lastBrace !== -1 && lastBrace > firstBrace) {
+            logDebug(TAG, 'Trying brace extraction');
+            const slice = raw.slice(firstBrace, lastBrace + 1);
+            parsed = tryParse(slice);
+        }
+    }
+    if (parsed === undefined) {
+        logDebug(TAG, 'All parse strategies failed');
+        return undefined;
+    }
+    if (typeof parsed !== 'object' || parsed === null) {
+        return undefined;
+    }
+    const obj = parsed;
+    if (!Array.isArray(obj.issues)) {
+        logDebug(TAG, `Missing issues array, keys: ${Object.keys(obj).join(', ')}`);
+        return undefined;
+    }
+    const issues = [];
+    for (const item of obj.issues) {
+        if (typeof item !== 'object' || item === null) {
+            continue;
+        }
+        const issue = item;
+        // Required fields: file, description, startLine, endLine (per spec A.3)
+        if (typeof issue.file !== 'string' || typeof issue.description !== 'string') {
+            continue;
+        }
+        // Line numbers are required - skip issues without valid line numbers
+        if (typeof issue.startLine !== 'number' || typeof issue.endLine !== 'number') {
+            logDebug(TAG, `Skipping issue missing required line numbers: ${issue.file}`);
+            continue;
+        }
+        const aiIssue = {
+            file: issue.file,
+            startLine: issue.startLine,
+            endLine: issue.endLine,
+            description: issue.description,
+        };
+        // Parse optional dataFlow array
+        if (Array.isArray(issue.dataFlow)) {
+            const validSteps = [];
+            for (const step of issue.dataFlow) {
+                if (typeof step === 'object' && step !== null &&
+                    typeof step.file === 'string' &&
+                    typeof step.lineNumber === 'number' &&
+                    typeof step.label === 'string') {
+                    validSteps.push({
+                        file: step.file,
+                        lineNumber: step.lineNumber,
+                        label: step.label,
+                    });
+                }
+            }
+            if (validSteps.length > 0) {
+                aiIssue.dataFlow = validSteps;
+            }
+        }
+        issues.push(aiIssue);
+    }
+    logDebug(TAG, `Parsed ${issues.length} issues`);
+    const response = { issues };
+    if (obj.flagged === true) {
+        response.flagged = true;
+    }
+    if (typeof obj.summary === 'string') {
+        response.summary = obj.summary;
+    }
+    if (typeof obj.analysisNotes === 'string') {
+        response.analysisNotes = obj.analysisNotes;
+    }
+    return response;
+}
+//# sourceMappingURL=response-parser.js.map

package/dist/response-parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"response-parser.js","sourceRoot":"","sources":["../src/response-parser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAExC,MAAM,GAAG,GAAG,QAAQ,CAAC;AAErB;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,QAAQ,CAAC,GAAG,EAAE,qBAAqB,GAAG,CAAC,MAAM,QAAQ,CAAC,CAAC;IAEvD,MAAM,QAAQ,GAAG,CAAC,IAAY,EAAW,EAAE;QACzC,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC,CAAC;IAEF,kBAAkB;IAClB,IAAI,MAAM,GAAY,QAAQ,CAAC,GAAG,CAAC,CAAC;IAEpC,mEAAmE;IACnE,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACzD,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACf,QAAQ,CAAC,GAAG,EAAE,qCAAqC,CAAC,CAAC;YACrD,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,mEAAmE;IACnE,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,UAAU,KAAK,CAAC,CAAC,IAAI,SAAS,KAAK,CAAC,CAAC,IAAI,SAAS,GAAG,UAAU,EAAE,CAAC;YACpE,QAAQ,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;YACzC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,UAAU,EAAE,SAAS,GAAG,CAAC,CAAC,CAAC;YACnD,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,QAAQ,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAC;QAC7C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QAClD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,GAAG,GAAG,MAAiC,CAAC;IAE9C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,QAAQ,CAAC,GAAG,EAAE,+BAA+B,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAC5E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,MAAM,GAAc,EAAE,CAAC;IAC7B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QAC9B,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;YAC9C,SAAS;QACX,CAAC;QACD,MAAM,KAAK,GAAG,IAA+B,CAAC;QAC9C,wEAAwE;QACxE,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YAC5E,SAAS;QACX,CAAC;QACD,qEAAqE;QACrE,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC7E,QAAQ,CAAC,GAAG,EAAE,iDAAiD,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAC7E,SAAS;QACX,CAAC;QACD,MAAM,OAAO,GAAY;YACvB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,WAAW,EAAE,KAAK,CAAC,WAAW;SAC/B,CAAC;QAEF,gCAAgC;QAChC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC;YAClC,MAAM,UAAU,GAAmB,EAAE,CAAC;YACtC,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;gBAClC,IACE,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI;oBACzC,OAAQ,IAAgC,CAAC,IAAI,KAAK,QAAQ;oBAC1D,OAAQ,IAAgC,CAAC,UAAU,KAAK,QAAQ;oBAChE,OAAQ,IAAgC,CAAC,KAAK,KAAK,QAAQ,EAC3D,CAAC;oBACD,UAAU,CAAC,IAAI,CAAC;wBACd,IAAI,EAAG,IAAgC,CAAC,IAAc;wBACtD,UAAU,EAAG,IAAgC,CAAC,UAAoB;wBAClE,KAAK,EAAG,IAAgC,CAAC,KAAe;qBACzD,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,CAAC,QAAQ,GAAG,UAAU,CAAC;YAChC,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACvB,CAAC;IAED,QAAQ,CAAC,GAAG,EAAE,UAAU,MAAM,CAAC,MAAM,SAAS,CAAC,CAAC;IAEhD,MAAM,QAAQ,GAAkB,EAAE,MAAM,EAAE,CAAC;IAE3C,IAAI,GAAG,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;QACzB,QAAQ,CAAC,OAAO,GAAG,IAAI,CAAC;IAC1B,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QACpC,QAAQ,CAAC,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;IACjC,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ,EAAE,CAAC;QAC1C,QAAQ,CAAC,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC;IAC7C,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/runtime-config.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Runtime configuration loader.
+ * Loads runtime-config.json from the config directory to override AI provider and reporting settings.
+ * Spec Section 8.1 & Appendix C.10.
+ */
+import type { RuntimeConfig } from './types.js';
+/**
+ * Load runtime configuration from file.
+ * @param configDir - Directory containing runtime-config.json.
+ * @param explicitPath - Explicit path to the runtime config file (from --runtime-config CLI flag).
+ * @returns Parsed RuntimeConfig object, or empty object if file absent
+ * @throws Error if file exists but contains invalid JSON
+ */
+export declare function loadRuntimeConfig(configDir: string, explicitPath?: string): Promise<RuntimeConfig>;
+//# sourceMappingURL=runtime-config.d.ts.map

package/dist/runtime-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime-config.d.ts","sourceRoot":"","sources":["../src/runtime-config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CA2DxG"}

package/dist/runtime-config.js

@@ -0,0 +1,73 @@
+/**
+ * Runtime configuration loader.
+ * Loads runtime-config.json from the config directory to override AI provider and reporting settings.
+ * Spec Section 8.1 & Appendix C.10.
+ */
+import { readFile } from 'node:fs/promises';
+import { resolve } from 'node:path';
+/**
+ * Load runtime configuration from file.
+ * @param configDir - Directory containing runtime-config.json.
+ * @param explicitPath - Explicit path to the runtime config file (from --runtime-config CLI flag).
+ * @returns Parsed RuntimeConfig object, or empty object if file absent
+ * @throws Error if file exists but contains invalid JSON
+ */
+export async function loadRuntimeConfig(configDir, explicitPath) {
+    const pathToLoad = explicitPath ?? resolve(configDir, 'runtime-config.json');
+    let content;
+    try {
+        content = await readFile(pathToLoad, 'utf-8');
+    }
+    catch (err) {
+        // File absent: silently return defaults
+        if (err.code === 'ENOENT') {
+            return {};
+        }
+        throw err;
+    }
+    // File exists but may have invalid JSON
+    let parsed;
+    try {
+        parsed = JSON.parse(content);
+    }
+    catch {
+        throw new Error(`Invalid JSON in runtime config file: ${pathToLoad}`);
+    }
+    if (typeof parsed !== 'object' || parsed === null || Array.isArray(parsed)) {
+        throw new Error(`Runtime config file "${pathToLoad}" must contain a JSON object`);
+    }
+    // Validate field types
+    const obj = parsed;
+    if (obj.aiProvider !== undefined) {
+        if (typeof obj.aiProvider !== 'object' || obj.aiProvider === null || Array.isArray(obj.aiProvider)) {
+            throw new Error(`Runtime config "${pathToLoad}": "aiProvider" must be an object`);
+        }
+        const ap = obj.aiProvider;
+        if (ap.name !== undefined && typeof ap.name !== 'string') {
+            throw new Error(`Runtime config "${pathToLoad}": "aiProvider.name" must be a string`);
+        }
+        if (ap.model !== undefined && typeof ap.model !== 'string') {
+            throw new Error(`Runtime config "${pathToLoad}": "aiProvider.model" must be a string`);
+        }
+    }
+    if (obj.reporting !== undefined) {
+        if (typeof obj.reporting !== 'object' || obj.reporting === null || Array.isArray(obj.reporting)) {
+            throw new Error(`Runtime config "${pathToLoad}": "reporting" must be an object`);
+        }
+        const rpt = obj.reporting;
+        if (rpt.outputDirectory !== undefined && typeof rpt.outputDirectory !== 'string') {
+            throw new Error(`Runtime config "${pathToLoad}": "reporting.outputDirectory" must be a string`);
+        }
+        if (rpt.outputFormat !== undefined && typeof rpt.outputFormat !== 'string') {
+            throw new Error(`Runtime config "${pathToLoad}": "reporting.outputFormat" must be a string`);
+        }
+    }
+    if (obj.genericPrompt !== undefined && typeof obj.genericPrompt !== 'string') {
+        throw new Error(`Runtime config "${pathToLoad}": "genericPrompt" must be a string`);
+    }
+    if (obj.failOnCheckFailure !== undefined && typeof obj.failOnCheckFailure !== 'boolean') {
+        throw new Error(`Runtime config "${pathToLoad}": "failOnCheckFailure" must be a boolean`);
+    }
+    return parsed;
+}
+//# sourceMappingURL=runtime-config.js.map

package/dist/runtime-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runtime-config.js","sourceRoot":"","sources":["../src/runtime-config.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,SAAiB,EAAE,YAAqB;IAC9E,MAAM,UAAU,GAAG,YAAY,IAAI,OAAO,CAAC,SAAS,EAAE,qBAAqB,CAAC,CAAC;IAC7E,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,wCAAwC;QACxC,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACrD,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,wCAAwC;IACxC,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,wCAAwC,UAAU,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,wBAAwB,UAAU,8BAA8B,CAAC,CAAC;IACpF,CAAC;IAED,uBAAuB;IACvB,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACjC,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,IAAI,GAAG,CAAC,UAAU,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YACnG,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,mCAAmC,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,EAAE,GAAG,GAAG,CAAC,UAAqC,CAAC;QACrD,IAAI,EAAE,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACzD,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,uCAAuC,CAAC,CAAC;QACxF,CAAC;QACD,IAAI,EAAE,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC3D,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,wCAAwC,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IACD,IAAI,GAAG,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;QAChC,IAAI,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ,IAAI,GAAG,CAAC,SAAS,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAChG,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,kCAAkC,CAAC,CAAC;QACnF,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,CAAC,SAAoC,CAAC;QACrD,IAAI,GAAG,CAAC,eAAe,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,eAAe,KAAK,QAAQ,EAAE,CAAC;YACjF,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,iDAAiD,CAAC,CAAC;QAClG,CAAC;QACD,IAAI,GAAG,CAAC,YAAY,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,YAAY,KAAK,QAAQ,EAAE,CAAC;YAC3E,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,8CAA8C,CAAC,CAAC;QAC/F,CAAC;IACH,CAAC;IACD,IAAI,GAAG,CAAC,aAAa,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,qCAAqC,CAAC,CAAC;IACtF,CAAC;IACD,IAAI,GAAG,CAAC,kBAAkB,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,kBAAkB,KAAK,SAAS,EAAE,CAAC;QACxF,MAAM,IAAI,KAAK,CAAC,mBAAmB,UAAU,2CAA2C,CAAC,CAAC;IAC5F,CAAC;IAED,OAAO,MAAuB,CAAC;AACjC,CAAC"}

package/dist/sarif-parser.d.ts

@@ -0,0 +1,20 @@
+/**
+ * SARIF 2.1.0 parser for Semgrep output.
+ * Extracts CheckTarget[] from SARIF results.
+ */
+import type { CheckTarget } from './types.js';
+/**
+ * Parse SARIF 2.1.0 JSON content into CheckTarget[].
+ * Skips results with missing location fields.
+ * Throws on invalid JSON or missing SARIF structure.
+ */
+export declare function parseSARIF(sarifContent: string): CheckTarget[];
+/**
+ * Deduplicate targets by file:startLine:endLine key.
+ */
+export declare function deduplicateTargets(targets: CheckTarget[]): CheckTarget[];
+/**
+ * Limit the number of targets to a maximum.
+ */
+export declare function limitTargets(targets: CheckTarget[], maxTargets: number): CheckTarget[];
+//# sourceMappingURL=sarif-parser.d.ts.map

package/dist/sarif-parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sarif-parser.d.ts","sourceRoot":"","sources":["../src/sarif-parser.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAyB9C;;;;GAIG;AACH,wBAAgB,UAAU,CAAC,YAAY,EAAE,MAAM,GAAG,WAAW,EAAE,CAsD9D;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,WAAW,EAAE,GAAG,WAAW,EAAE,CAaxE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,WAAW,EAAE,EAAE,UAAU,EAAE,MAAM,GAAG,WAAW,EAAE,CAEtF"}