@bouncesecurity/aghast 0.1.0 → 0.2.0

package/README.md

@@ -18,11 +18,11 @@ Define static rules, security checks as markdown instructions, point AGHAST at a
 
 ## What AGHAST Does
 
-You can read the full background to this tool in our blogpost [here](https://bouncesecurity.com/aghast) but, to cut to the chase, AGHAST helps you run three types of checks:
+You can read the full background to this tool in our blogpost [here](https://bouncesecurity.com/aghast) but, to cut to the chase, AGHAST uses three core mechanisms:
 
-- Pure AI scanning rules - let the LLM do all the analysis
-- A combination of a static rule and an AI scanning rule - the sweet spot for most use cases
-- Purely static rules - for completeness, when a traditional static rule is all you need
+- **Repository-wide AI analysis** — let the LLM analyze the whole repo against your security check instructions
+- **Targeted checks** — a pluggable discovery method (Semgrep rules, [OpenAnt](https://github.com/knostic/OpenAnt/) code units, or external SARIF findings) identifies specific code locations, then AI analyzes each independently. This is the sweet spot for most use cases
+- **Static checks** — a discovery method (e.g., Semgrep) finds issues mapped directly to results with no AI involvement, for when a traditional static rule is all you need
 
 The beauty of the approach is what you *don't* need:
 
@@ -41,8 +41,9 @@ There are almost certainly other ways of achieving this, but to our mind, this a
 ## Prerequisites
 
 - **Node.js 20+**
-- **[Semgrep Community Edition](https://semgrep.dev/docs/getting-started/)** (LGPL-2.1, optional) — only needed for checks that use Semgrep rules
-- **Anthropic API key** — for AI-based checks (not needed for semgrep-only checks)
+- **[Semgrep Community Edition](https://semgrep.dev/docs/getting-started/)** (LGPL-2.1, optional) — only needed for checks that use Semgrep discovery
+- **[OpenAnt](https://github.com/knostic/OpenAnt/)** (Apache-2.0, optional) + **Python 3.11+** — only needed for checks that use OpenAnt discovery
+- **Anthropic API key** — for AI-based checks (not needed for static checks)
 
 ## Installation
 
@@ -95,6 +96,7 @@ Results are structured JSON (or SARIF) with per-check status and detailed issues
 ## Documentation
 
 - [Getting Started](docs/getting-started.md) — installation, setup, and first scan
+- [Trying It Out](docs/trying-it-out.md) — example checks walkthrough and first scan guide
 - [Scanning](docs/scanning.md) — scan command options, environment variables, output formats
 - [Creating Checks](docs/creating-checks.md) — scaffolding new security checks
 - [Configuration Reference](docs/configuration.md) — check schemas, check types, runtime config

package/config/prompts/generic-instructions.md

@@ -3,10 +3,12 @@ GENERIC INSTRUCTIONS:
 You are performing a SPECIFIC security check as defined in the CHECK INSTRUCTIONS below.
 
 IMPORTANT:
+- All file paths are relative to your working directory. Use them directly with the Read tool (e.g., Read "src/routes/handler.ts"). Do NOT prepend "/" or construct absolute paths.
 - Focus ONLY on what the CHECK INSTRUCTIONS ask you to validate
 - Do NOT perform general security testing or look for unrelated vulnerabilities
 - Do NOT report issues outside the scope of the specific check
 - Follow the CHECK INSTRUCTIONS exactly as written
+- Be efficient — read only the files necessary to complete the check. Do not exhaustively explore the entire codebase.
 
 OUTPUT FORMAT:
 

package/config/prompts/openant-security-instructions.md

@@ -0,0 +1,94 @@
+GENERIC INSTRUCTIONS:
+
+You are performing a security review of a specific code unit within a live codebase that you can browse.
+Your job is to read the actual source code, follow the data flow, and determine whether the unit
+contains real, exploitable security vulnerabilities. Form your own independent judgment based on the code.
+
+IMPORTANT:
+- All file paths in the UNIT DETAILS section are relative to your working directory. Use them directly (e.g., Read "routes/orders.js"). Do NOT prepend "/" or construct absolute paths.
+- START by reading the target file at the specified location using your file-reading tools
+- USE the caller/callee metadata to trace data flow — read those functions to understand how input reaches this code and where output goes
+- Be efficient — once you have enough information from the target file and 1-2 direct dependencies, stop and report. Do not exhaustively explore the entire codebase.
+- If no issues are found, return {"issues": []} immediately — do not keep searching for problems.
+- Report issues ONLY for the target unit location — do not report unrelated issues found while browsing
+
+ANALYSIS APPROACH:
+
+For each code unit, ask yourself:
+- What can an attacker control? (request body, URL params, headers, query strings)
+- Where does that input end up? (database queries, HTTP requests, file operations, authorization decisions)
+- What guarantees does the code assume but not enforce? (atomicity, ownership, trust boundaries, data types)
+- Are multi-step operations safe if executed concurrently by multiple users?
+
+BEFORE REPORTING — VALIDATE EACH FINDING:
+
+Before including any issue in your response, you MUST be able to answer YES to all of these:
+1. Can I construct a specific HTTP request (or sequence of requests) that triggers this vulnerability?
+2. After the exploit, what specific harm has occurred? Name ONE of: unauthorized data accessed, unauthorized action performed, authentication/authorization bypassed, server made to contact an attacker-controlled or internal endpoint, arbitrary code/query executed. If the harm is only "bad data in a database" (wrong types, negative numbers) with no further security consequence in this codebase, it is NOT a finding.
+3. Does the exploit work against THIS codebase as written — including all middleware, route registrations, and existing validation? Do not ignore protections that exist outside the function body (e.g., middleware applied at route registration time).
+
+If you cannot answer YES to all three, do not report the issue.
+
+WHAT COUNTS AS A FINDING:
+
+Only report vulnerabilities that meet ALL of these criteria:
+- The vulnerability is exploitable by an attacker who can reach the endpoint (not just theoretical)
+- The vulnerability leads to a concrete security impact (data breach, unauthorized access, privilege escalation, code execution, etc.)
+- The vulnerability exists in the code AS WRITTEN — do not speculate about missing features, future code, or how the code might be used differently
+- The impact is demonstrated end-to-end in THIS codebase — not dependent on hypothetical downstream consumers of stored data
+
+Do NOT report:
+- Missing input validation that has no security impact (e.g., missing length checks, type checks, or negative number checks unless they lead to a specific exploit like bypassing authorization)
+- Information disclosure via error messages (e.g., leaking product names or stock counts in error responses) unless it exposes credentials or secrets
+- Missing rate limiting or DoS concerns — these are operational, not application security vulnerabilities
+- Code quality issues, defense-in-depth suggestions, or best-practice violations
+- Vulnerabilities that require the attacker to already have the access they would gain (e.g., admin-only endpoint lacks additional validation)
+
+OUTPUT FORMAT:
+
+Return your findings in the following JSON format:
+
+{
+  "issues": [
+    {
+      "file": "relative/path/to/file.ts",
+      "startLine": 40,
+      "endLine": 45,
+      "description": "Detailed explanation (see requirements below)",
+      "dataFlow": [
+        { "file": "src/routes/handler.ts", "lineNumber": 12, "label": "User input received from request parameter" },
+        { "file": "src/services/query.ts", "lineNumber": 38, "label": "Input passed to SQL query without sanitization" }
+      ]
+    }
+  ]
+}
+
+DESCRIPTION FORMATTING REQUIREMENTS:
+
+Your description field MUST be detailed and well-structured:
+- Use markdown formatting with headings (## Heading), bullet points, code blocks
+- Use \n for line breaks to create structured, readable content
+- Include an "Attack Scenario" section demonstrating exploitation
+- Include a "Recommendation" section with specific remediation steps
+
+DATA FLOW REQUIREMENTS:
+
+When the issue involves data flowing through multiple locations (e.g., user input reaching a dangerous sink), include a "dataFlow" array. Each step represents a point in the call stack or data flow:
+- "file": relative path to the source file
+- "lineNumber": the line number at that step
+- "label": a short description of what happens at this point (e.g., "User input received", "Passed to database query")
+- Order steps from source (e.g., user input) to sink (e.g., SQL execution)
+- Omit "dataFlow" entirely if the issue is localized to a single location
+
+CRITICAL: Return ONLY valid JSON. No markdown code blocks, no explanations outside the JSON.
+
+If no issues found, return: {"issues": []}
+
+If a UNIT DETAILS section appears at the end of this prompt, analyze ONLY that code unit.
+
+If CHECK INSTRUCTIONS appear below, follow them to narrow your analysis to a specific vulnerability class.
+
+---
+
+CHECK INSTRUCTIONS:
+

package/config/prompts/sarif-validation-instructions.md

@@ -0,0 +1,58 @@
+GENERIC INSTRUCTIONS:
+
+You are validating a security finding reported by an external tool. Your task is to determine whether this finding is a TRUE POSITIVE (real vulnerability) or a FALSE POSITIVE (not actually vulnerable).
+
+IMPORTANT:
+- All file paths are relative to your working directory. Use them directly with the Read tool (e.g., Read "src/routes/handler.ts"). Do NOT prepend "/" or construct absolute paths.
+- Focus ONLY on validating the specific finding described below
+- Read the actual code at the specified location and surrounding context
+- Consider the full context: data flow, sanitization, framework protections, etc.
+- Be efficient — read only the files necessary to validate the finding.
+- If TRUE POSITIVE (real vulnerability), return it as an issue with your own detailed description
+- If FALSE POSITIVE (not actually vulnerable), return {"issues": []}
+- Do NOT search for or report other vulnerabilities — only validate the specific finding
+
+OUTPUT FORMAT:
+
+Return your findings in the following JSON format:
+
+{
+  "issues": [
+    {
+      "file": "relative/path/to/file.ts",
+      "startLine": 40,
+      "endLine": 45,
+      "description": "Detailed explanation (see requirements below)",
+      "dataFlow": [
+        { "file": "src/routes/handler.ts", "lineNumber": 12, "label": "User input received from request parameter" },
+        { "file": "src/services/query.ts", "lineNumber": 38, "label": "Input passed to SQL query without sanitization" }
+      ]
+    }
+  ]
+}
+
+DESCRIPTION FORMATTING REQUIREMENTS:
+
+Your description field MUST be detailed and well-structured:
+- Use markdown formatting with headings (## Heading), bullet points, code blocks
+- Use \n for line breaks to create structured, readable content
+- Include an "Attack Scenario" section demonstrating exploitation
+- Include a "Recommendation" section with specific remediation steps
+
+DATA FLOW REQUIREMENTS:
+
+When the issue involves data flowing through multiple locations (e.g., user input reaching a dangerous sink), include a "dataFlow" array. Each step represents a point in the call stack or data flow:
+- "file": relative path to the source file
+- "lineNumber": the line number at that step
+- "label": a short description of what happens at this point (e.g., "User input received", "Passed to database query")
+- Order steps from source (e.g., user input) to sink (e.g., SQL execution)
+- Omit "dataFlow" entirely if the issue is localized to a single location
+
+CRITICAL: Return ONLY valid JSON. No markdown code blocks, no explanations outside the JSON.
+
+If the finding is a false positive (not actually vulnerable), return: {"issues": []}
+
+---
+
+ADDITIONAL CONTEXT:
+

package/dist/check-library.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"check-library.d.ts","sourceRoot":"","sources":["../src/check-library.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EACV,aAAa,EACb,YAAY,EACZ,kBAAkB,EAClB,eAAe,EAChB,MAAM,YAAY,CAAC;AAIpB,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,kBAAkB,EAAE,CAAC;CAC9B;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CA0DjF;AAID;;;GAGG;AACH,wBAAsB,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CA8E3F;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,UAAU,EAAE,MAAM,EAAE,GACnB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CA2B9B;AAED;;;;GAIG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,aAAa,EACvB,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAChC,OAAO,CAAC,aAAa,EAAE,CAAC,CAmD1B;AAID,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,aAAa,EAAE,CAAC;CACzB;AAED;;;GAGG;AACH,wBAAsB,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAiChF;AAID,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,aAAa,EACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,gBAAgB,CAAC,CAyB3B;AAKD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,aAAa,EACpB,aAAa,EAAE,MAAM,GACpB,OAAO,CAcT;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,aAAa,EAAE,EACvB,aAAa,EAAE,MAAM,GACpB,aAAa,EAAE,CAIjB;AAID;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,YAAY,CAoB7E;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,aAAa,EACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,YAAY,CAAC,CAgBvB;AAOD;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,MAAM,EAAE,EACf,eAAe,CAAC,EAAE,MAAM,EAAE,GACzB,MAAM,EAAE,CAOV;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EAAE,EACf,aAAa,CAAC,EAAE,MAAM,EAAE,GACvB,MAAM,EAAE,CAOV;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,EAAE,EACf,KAAK,EAAE,aAAa,GACnB,MAAM,EAAE,CAGV"}
+{"version":3,"file":"check-library.d.ts","sourceRoot":"","sources":["../src/check-library.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EACV,aAAa,EACb,YAAY,EACZ,kBAAkB,EAClB,eAAe,EAChB,MAAM,YAAY,CAAC;AAKpB,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,kBAAkB,EAAE,CAAC;CAC9B;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CA0DjF;AAID;;;GAGG;AACH,wBAAsB,mBAAmB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAiI3F;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,UAAU,EAAE,MAAM,EAAE,GACnB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CA2B9B;AAED;;;;GAIG;AACH,wBAAsB,aAAa,CACjC,QAAQ,EAAE,aAAa,EACvB,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAChC,OAAO,CAAC,aAAa,EAAE,CAAC,CAoD1B;AAID,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,aAAa,EAAE,CAAC;CACzB;AAED;;;GAGG;AACH,wBAAsB,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAiChF;AAID,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,aAAa,EACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,gBAAgB,CAAC,CA6B3B;AAKD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,aAAa,EACpB,aAAa,EAAE,MAAM,GACpB,OAAO,CAcT;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,aAAa,EAAE,EACvB,aAAa,EAAE,MAAM,GACpB,aAAa,EAAE,CAIjB;AAID;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,YAAY,CAoB7E;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,aAAa,EACpB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,YAAY,CAAC,CAgBvB;AAOD;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,KAAK,EAAE,MAAM,EAAE,EACf,eAAe,CAAC,EAAE,MAAM,EAAE,GACzB,MAAM,EAAE,CAOV;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EAAE,EACf,aAAa,CAAC,EAAE,MAAM,EAAE,GACvB,MAAM,EAAE,CAOV;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,MAAM,EAAE,EACf,KAAK,EAAE,aAAa,GACnB,MAAM,EAAE,CAGV"}

package/dist/check-library.js

@@ -8,6 +8,7 @@ import { readFile, readdir, access, constants } from 'node:fs/promises';
 import { resolve, join, basename } from 'node:path';
 import picomatch from 'picomatch';
 import { normalizeRepoPath } from './repository-analyzer.js';
+import { getCheckType, getValidCheckTypes } from './check-types.js';
 /**
  * Load and parse the Layer 1 registry from <configDir>/checks-config.json.
  * Throws on missing file, malformed JSON, or invalid structure.
@@ -97,6 +98,9 @@ export async function loadCheckDefinition(checkFolderPath) {
     if (obj.confidence !== undefined && typeof obj.confidence !== 'string') {
         throw new Error(`Check definition "${defPath}": "confidence" must be a string`);
     }
+    if (obj.model !== undefined && typeof obj.model !== 'string') {
+        throw new Error(`Check definition "${defPath}": "model" must be a string`);
+    }
     if (obj.applicablePaths !== undefined && !Array.isArray(obj.applicablePaths)) {
         throw new Error(`Check definition "${defPath}": "applicablePaths" must be an array`);
     }
@@ -108,7 +112,7 @@ export async function loadCheckDefinition(checkFolderPath) {
             throw new Error(`Check definition "${defPath}": "checkTarget" must be an object`);
         }
         const ct = obj.checkTarget;
-        const validTypes = ['semgrep', 'semgrep-only', 'repository'];
+        const validTypes = getValidCheckTypes();
         if (typeof ct.type !== 'string' || !validTypes.includes(ct.type)) {
             throw new Error(`Check definition "${defPath}": "checkTarget.type" must be one of: ${validTypes.join(', ')}`);
         }
@@ -124,11 +128,55 @@ export async function loadCheckDefinition(checkFolderPath) {
         if (ct.concurrency !== undefined && (typeof ct.concurrency !== 'number' || ct.concurrency <= 0 || !Number.isInteger(ct.concurrency))) {
             throw new Error(`Check definition "${defPath}": "checkTarget.concurrency" must be a positive integer`);
         }
+        // Validate discovery field for targeted/static types
+        if (ct.type === 'targeted' || ct.type === 'static') {
+            const validDiscoveries = ct.type === 'targeted' ? ['semgrep', 'openant', 'sarif'] : ['semgrep'];
+            if (typeof ct.discovery !== 'string' || !validDiscoveries.includes(ct.discovery)) {
+                throw new Error(`Check definition "${defPath}": "checkTarget.discovery" is required for type "${ct.type}" and must be one of: ${validDiscoveries.join(', ')}`);
+            }
+        }
+        if (ct.sarifFile !== undefined && typeof ct.sarifFile !== 'string') {
+            throw new Error(`Check definition "${defPath}": "checkTarget.sarifFile" must be a string`);
+        }
+        if (ct.discovery === 'sarif' && !ct.sarifFile) {
+            throw new Error(`Check definition "${defPath}": "checkTarget.sarifFile" is required when discovery is "sarif"`);
+        }
+        // Validate openant filter config
+        if (ct.openant !== undefined) {
+            if (typeof ct.openant !== 'object' || ct.openant === null) {
+                throw new Error(`Check definition "${defPath}": "checkTarget.openant" must be an object`);
+            }
+            const oa = ct.openant;
+            if (oa.unitTypes !== undefined && !Array.isArray(oa.unitTypes)) {
+                throw new Error(`Check definition "${defPath}": "checkTarget.openant.unitTypes" must be an array`);
+            }
+            if (oa.excludeUnitTypes !== undefined && !Array.isArray(oa.excludeUnitTypes)) {
+                throw new Error(`Check definition "${defPath}": "checkTarget.openant.excludeUnitTypes" must be an array`);
+            }
+            if (oa.securityClassifications !== undefined && !Array.isArray(oa.securityClassifications)) {
+                throw new Error(`Check definition "${defPath}": "checkTarget.openant.securityClassifications" must be an array`);
+            }
+            if (oa.reachableOnly !== undefined && typeof oa.reachableOnly !== 'boolean') {
+                throw new Error(`Check definition "${defPath}": "checkTarget.openant.reachableOnly" must be a boolean`);
+            }
+            if (oa.entryPointsOnly !== undefined && typeof oa.entryPointsOnly !== 'boolean') {
+                throw new Error(`Check definition "${defPath}": "checkTarget.openant.entryPointsOnly" must be a boolean`);
+            }
+            if (oa.minConfidence !== undefined && (typeof oa.minConfidence !== 'number' || oa.minConfidence < 0 || oa.minConfidence > 1)) {
+                throw new Error(`Check definition "${defPath}": "checkTarget.openant.minConfidence" must be a number between 0 and 1`);
+            }
+        }
     }
     const def = parsed;
-    // instructionsFile is required for all check types except semgrep-only
-    if (def.checkTarget?.type !== 'semgrep-only' && !def.instructionsFile) {
-        throw new Error(`Check definition "${defPath}" is missing required field "instructionsFile" (required for non-semgrep-only checks)`);
+    // instructionsFile is required for check types where needsInstructions is true,
+    // UNLESS the discovery type provides a self-contained generic prompt.
+    // Discovery types with self-contained prompts (openant, sarif) don't need instructions.
+    const SELF_CONTAINED_DISCOVERIES = new Set(['openant', 'sarif']);
+    const discoveryIsSelfContained = def.checkTarget?.discovery
+        ? SELF_CONTAINED_DISCOVERIES.has(def.checkTarget.discovery)
+        : false;
+    if (getCheckType(def.checkTarget?.type).needsInstructions && !discoveryIsSelfContained && !def.instructionsFile) {
+        throw new Error(`Check definition "${defPath}" is missing required field "instructionsFile"`);
     }
     return def;
 }
@@ -192,6 +240,8 @@ export async function resolveChecks(registry, checkFolders) {
             merged.severity = def.severity;
         if (def.confidence)
             merged.confidence = def.confidence;
+        if (def.model)
+            merged.model = def.model;
         if (def.applicablePaths)
             merged.applicablePaths = def.applicablePaths;
         if (def.excludedPaths)
@@ -251,9 +301,13 @@ export async function validateCheck(check, basePath) {
     if (!check.id || typeof check.id !== 'string' || check.id.trim() === '') {
         errors.push('Check is missing a valid "id" field');
     }
-    // semgrep-only checks don't need an instructionsFile
-    if (check.checkTarget?.type === 'semgrep-only') {
-        // No instructionsFile validation needed
+    // Discovery types with self-contained generic prompts don't need instructions
+    const SELF_CONTAINED_DISCOVERIES_V = new Set(['openant', 'sarif']);
+    const discoverySelfContained = check.checkTarget?.discovery
+        ? SELF_CONTAINED_DISCOVERIES_V.has(check.checkTarget.discovery)
+        : false;
+    if (!getCheckType(check.checkTarget?.type).needsInstructions || discoverySelfContained) {
+        // No instructionsFile validation needed for this check type/discovery
     }
     else if (!check.instructionsFile) {
         errors.push('Check is missing required "instructionsFile" field');

package/dist/check-library.js.map

@@ -1 +1 @@
-{"version":3,"file":"check-library.js","sourceRoot":"","sources":["../src/check-library.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,SAAS,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAc7D;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,SAAiB;IACvD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;IAC5D,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,+BAA+B,UAAU,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACjG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACxG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,KAAK,IAAI;QACf,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC;QACrB,CAAC,KAAK,CAAC,OAAO,CAAE,MAAkC,CAAC,MAAM,CAAC,EAC1D,CAAC;QACD,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,wDAAwD,CACnF,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,MAAM,MAAM,GAAI,MAAkC,CAAC,MAAmB,CAAC;IACvE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,qBAAqB,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,GAAG,GAAG,KAAgC,CAAC;QAC7C,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,iCAAiC,CAAC,CAAC;QAC7F,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,iCAAiC,CAAC,CAAC;QAC7F,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACjD,IAAI,OAAO,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC5C,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,kBAAkB,CAAC,oBAAoB,CAAC,CAAC;YACnG,CAAC;QACH,CAAC;QACD,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAClE,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,6BAA6B,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,OAAO,MAAuB,CAAC;AACjC,CAAC;AAED,qCAAqC;AAErC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,eAAuB;IAC/D,MAAM,OAAO,GAAG,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,eAAe,CAAC,GAAG,OAAO,CAAC,CAAC;IAC9E,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,oCAAoC,OAAO,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACnG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,qBAAqB,OAAO,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAC1G,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,oCAAoC,CAAC,CAAC;IACpF,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,sCAAsC,CAAC,CAAC;IACtF,CAAC;IACD,IAAI,GAAG,CAAC,gBAAgB,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;QACnF,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,wCAAwC,CAAC,CAAC;IACxF,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,gCAAgC,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QACvE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,kCAAkC,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,GAAG,CAAC,eAAe,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,uCAAuC,CAAC,CAAC;IACvF,CAAC;IACD,IAAI,GAAG,CAAC,aAAa,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QACzE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,qCAAqC,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,GAAG,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;QAClC,IAAI,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,oCAAoC,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,EAAE,GAAG,GAAG,CAAC,WAAsC,CAAC;QACtD,MAAM,UAAU,GAAG,CAAC,SAAS,EAAE,cAAc,EAAE,YAAY,CAAC,CAAC;QAC7D,IAAI,OAAO,EAAE,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACjE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,yCAAyC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChH,CAAC;QACD,IAAI,EAAE,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;YACvF,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,kDAAkD,CAAC,CAAC;QAClG,CAAC;QACD,IAAI,EAAE,CAAC,MAAM,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,0CAA0C,CAAC,CAAC;QAC1F,CAAC;QACD,IAAI,EAAE,CAAC,UAAU,KAAK,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC,UAAU,KAAK,QAAQ,IAAI,EAAE,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YACjI,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,wDAAwD,CAAC,CAAC;QACxG,CAAC;QACD,IAAI,EAAE,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC,WAAW,KAAK,QAAQ,IAAI,EAAE,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YACrI,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,yDAAyD,CAAC,CAAC;QACzG,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAG,MAAyB,CAAC;IAEtC,uEAAuE;IACvE,IAAI,GAAG,CAAC,WAAW,EAAE,IAAI,KAAK,cAAc,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QACtE,MAAM,IAAI,KAAK,CACb,qBAAqB,OAAO,uFAAuF,CACpH,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,UAAoB;IAEpB,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEzC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,iCAAiC;YACjC,SAAS;QACX,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACpC,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;YACxD,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,aAAa,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;gBAC5C,0BAA0B;gBAC1B,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,UAAU,CAAC,CAAC;gBAClD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;YACjC,CAAC;YAAC,MAAM,CAAC;gBACP,0CAA0C;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAuB,EACvB,YAAiC;IAEjC,MAAM,MAAM,GAAoB,EAAE,CAAC;IAEnC,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,UAAU,KAAK,CAAC,EAAE,gFAAgF,CACnG,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,UAAU,CAAC,CAAC;QAClD,IAAI,GAAG,CAAC,EAAE,KAAK,KAAK,CAAC,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CACb,oCAAoC,KAAK,CAAC,EAAE,SAAS,KAAK,CAAC,EAAE,cAAc,GAAG,CAAC,EAAE,GAAG,CACrF,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,MAAM,MAAM,GAAkB;YAC5B,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,gBAAgB,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,SAAS;YAC9F,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,QAAQ,EAAE,UAAU;SACrB,CAAC;QAEF,IAAI,GAAG,CAAC,QAAQ;YAAE,MAAM,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;QACjD,IAAI,GAAG,CAAC,UAAU;YAAE,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;QACvD,IAAI,GAAG,CAAC,eAAe;YAAE,MAAM,CAAC,eAAe,GAAG,GAAG,CAAC,eAAe,CAAC;QACtE,IAAI,GAAG,CAAC,aAAa;YAAE,MAAM,CAAC,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC;QAEhE,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,MAAM,CAAC,WAAW,GAAG,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YAC5C,+CAA+C;YAC/C,IAAI,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC;gBACvC,MAAM,CAAC,WAAW,CAAC,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;oBAC7C,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;oBAC1C,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YACjC,CAAC;YACD,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;gBAC9B,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAQD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,UAAkB;IACjD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,+BAA+B,UAAU,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACjG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACxG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,KAAK,IAAI;QACf,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC;QACrB,CAAC,KAAK,CAAC,OAAO,CAAE,MAAkC,CAAC,MAAM,CAAC,EAC1D,CAAC;QACD,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,wDAAwD,CACnF,CAAC;IACJ,CAAC;IAED,OAAO,MAA4B,CAAC;AACtC,CAAC;AASD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAoB,EACpB,QAAgB;IAEhB,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,OAAO,KAAK,CAAC,EAAE,KAAK,QAAQ,IAAI,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACxE,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;IAED,qDAAqD;IACrD,IAAI,KAAK,CAAC,WAAW,EAAE,IAAI,KAAK,cAAc,EAAE,CAAC;QAC/C,wCAAwC;IAC1C,CAAC;SAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;IACpE,CAAC;SAAM,CAAC;QACN,wEAAwE;QACxE,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACnE,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,gBAAgB,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,CACT,sBAAsB,KAAK,CAAC,gBAAgB,mBAAmB,gBAAgB,GAAG,CACnF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC;AAED,yCAAyC;AAEzC,uEAAuE;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAAoB,EACpB,aAAqB;IAErB,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,cAAc,GAAG,iBAAiB,CAAC,aAAa,CAAC,CAAC;IAExD,OAAO,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;QAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QACzD,OAAO,CACL,cAAc,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC5C,mBAAmB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAC7C,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CACvC,MAAuB,EACvB,aAAqB;IAErB,OAAO,MAAM;SACV,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,KAAK,CAAC;SAC1C,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,sBAAsB,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,sCAAsC;AAEtC;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,EAAU,EAAE,QAAgB;IAC7D,sCAAsC;IACtC,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC;IAE/D,8CAA8C;IAC9C,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAClC,kDAAkD,CACnD,CAAC;IACF,IAAI,aAAa,EAAE,CAAC;QAClB,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,CAAC;IAED,OAAO;QACL,EAAE;QACF,IAAI;QACJ,QAAQ;QACR,OAAO,EAAE,QAAQ;KAClB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAoB,EACpB,QAAgB;IAEhB,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,UAAU,KAAK,CAAC,EAAE,2BAA2B,CAAC,CAAC;IACjE,CAAC;IACD,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;IACnE,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,qCAAqC,KAAK,CAAC,gBAAgB,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACnH,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,OAAO,kBAAkB,CAAC,KAAK,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;AAChD,CAAC;AAED,yBAAyB;AACzB,8EAA8E;AAC9E,0EAA0E;AAC1E,uEAAuE;AAEvE;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,KAAe,EACf,eAA0B;IAE1B,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,eAAe,CAAC,CAAC;IAC3C,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CACjC,KAAe,EACf,aAAwB;IAExB,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;IACzC,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAAe,EACf,KAAoB;IAEpB,MAAM,UAAU,GAAG,qBAAqB,CAAC,KAAK,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IACvE,OAAO,mBAAmB,CAAC,UAAU,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;AAC9D,CAAC"}
+{"version":3,"file":"check-library.js","sourceRoot":"","sources":["../src/check-library.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,SAAS,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAO7D,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAQpE;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,SAAiB;IACvD,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,EAAE,oBAAoB,CAAC,CAAC;IAC5D,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,+BAA+B,UAAU,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACjG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACxG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,KAAK,IAAI;QACf,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC;QACrB,CAAC,KAAK,CAAC,OAAO,CAAE,MAAkC,CAAC,MAAM,CAAC,EAC1D,CAAC;QACD,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,wDAAwD,CACnF,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,MAAM,MAAM,GAAI,MAAkC,CAAC,MAAmB,CAAC;IACvE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YAChD,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,qBAAqB,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,GAAG,GAAG,KAAgC,CAAC;QAC7C,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,iCAAiC,CAAC,CAAC;QAC7F,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,iCAAiC,CAAC,CAAC;QAC7F,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACjD,IAAI,OAAO,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAC5C,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,kBAAkB,CAAC,oBAAoB,CAAC,CAAC;YACnG,CAAC;QACH,CAAC;QACD,IAAI,GAAG,CAAC,OAAO,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAClE,MAAM,IAAI,KAAK,CAAC,gBAAgB,UAAU,aAAa,CAAC,6BAA6B,CAAC,CAAC;QACzF,CAAC;IACH,CAAC;IAED,OAAO,MAAuB,CAAC;AACjC,CAAC;AAED,qCAAqC;AAErC;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,eAAuB;IAC/D,MAAM,OAAO,GAAG,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,eAAe,CAAC,GAAG,OAAO,CAAC,CAAC;IAC9E,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,oCAAoC,OAAO,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACnG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,qBAAqB,OAAO,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAC1G,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,sCAAsC;IACtC,MAAM,GAAG,GAAG,MAAiC,CAAC;IAC9C,IAAI,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,IAAI,GAAG,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACvD,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,oCAAoC,CAAC,CAAC;IACpF,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,sCAAsC,CAAC,CAAC;IACtF,CAAC;IACD,IAAI,GAAG,CAAC,gBAAgB,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,gBAAgB,KAAK,QAAQ,EAAE,CAAC;QACnF,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,wCAAwC,CAAC,CAAC;IACxF,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,gCAAgC,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;QACvE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,kCAAkC,CAAC,CAAC;IAClF,CAAC;IACD,IAAI,GAAG,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC7D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,6BAA6B,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,GAAG,CAAC,eAAe,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAC7E,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,uCAAuC,CAAC,CAAC;IACvF,CAAC;IACD,IAAI,GAAG,CAAC,aAAa,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QACzE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,qCAAqC,CAAC,CAAC;IACrF,CAAC;IACD,IAAI,GAAG,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;QAClC,IAAI,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,oCAAoC,CAAC,CAAC;QACpF,CAAC;QACD,MAAM,EAAE,GAAG,GAAG,CAAC,WAAsC,CAAC;QACtD,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;QACxC,IAAI,OAAO,EAAE,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACjE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,yCAAyC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChH,CAAC;QACD,IAAI,EAAE,CAAC,KAAK,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC;YACvF,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,kDAAkD,CAAC,CAAC;QAClG,CAAC;QACD,IAAI,EAAE,CAAC,MAAM,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,0CAA0C,CAAC,CAAC;QAC1F,CAAC;QACD,IAAI,EAAE,CAAC,UAAU,KAAK,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC,UAAU,KAAK,QAAQ,IAAI,EAAE,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YACjI,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,wDAAwD,CAAC,CAAC;QACxG,CAAC;QACD,IAAI,EAAE,CAAC,WAAW,KAAK,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC,WAAW,KAAK,QAAQ,IAAI,EAAE,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YACrI,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,yDAAyD,CAAC,CAAC;QACzG,CAAC;QACD,qDAAqD;QACrD,IAAI,EAAE,CAAC,IAAI,KAAK,UAAU,IAAI,EAAE,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnD,MAAM,gBAAgB,GAAG,EAAE,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YAChG,IAAI,OAAO,EAAE,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC;gBACjF,MAAM,IAAI,KAAK,CACb,qBAAqB,OAAO,oDAAoD,EAAE,CAAC,IAAI,yBAAyB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC9I,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,EAAE,CAAC,SAAS,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YACnE,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,6CAA6C,CAAC,CAAC;QAC7F,CAAC;QACD,IAAI,EAAE,CAAC,SAAS,KAAK,OAAO,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CACb,qBAAqB,OAAO,kEAAkE,CAC/F,CAAC;QACJ,CAAC;QACD,iCAAiC;QACjC,IAAI,EAAE,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAC7B,IAAI,OAAO,EAAE,CAAC,OAAO,KAAK,QAAQ,IAAI,EAAE,CAAC,OAAO,KAAK,IAAI,EAAE,CAAC;gBAC1D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,4CAA4C,CAAC,CAAC;YAC5F,CAAC;YACD,MAAM,EAAE,GAAG,EAAE,CAAC,OAAkC,CAAC;YACjD,IAAI,EAAE,CAAC,SAAS,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/D,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,qDAAqD,CAAC,CAAC;YACrG,CAAC;YACD,IAAI,EAAE,CAAC,gBAAgB,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBAC7E,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,4DAA4D,CAAC,CAAC;YAC5G,CAAC;YACD,IAAI,EAAE,CAAC,uBAAuB,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBAC3F,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,mEAAmE,CAAC,CAAC;YACnH,CAAC;YACD,IAAI,EAAE,CAAC,aAAa,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,aAAa,KAAK,SAAS,EAAE,CAAC;gBAC5E,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,0DAA0D,CAAC,CAAC;YAC1G,CAAC;YACD,IAAI,EAAE,CAAC,eAAe,KAAK,SAAS,IAAI,OAAO,EAAE,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;gBAChF,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,4DAA4D,CAAC,CAAC;YAC5G,CAAC;YACD,IAAI,EAAE,CAAC,aAAa,KAAK,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC,aAAa,KAAK,QAAQ,IAAI,EAAE,CAAC,aAAa,GAAG,CAAC,IAAI,EAAE,CAAC,aAAa,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC7H,MAAM,IAAI,KAAK,CAAC,qBAAqB,OAAO,yEAAyE,CAAC,CAAC;YACzH,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAG,MAAyB,CAAC;IAEtC,gFAAgF;IAChF,sEAAsE;IACtE,wFAAwF;IACxF,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IACjE,MAAM,wBAAwB,GAAG,GAAG,CAAC,WAAW,EAAE,SAAS;QACzD,CAAC,CAAC,0BAA0B,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,SAAS,CAAC;QAC3D,CAAC,CAAC,KAAK,CAAC;IACV,IAAI,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,iBAAiB,IAAI,CAAC,wBAAwB,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;QAChH,MAAM,IAAI,KAAK,CACb,qBAAqB,OAAO,gDAAgD,CAC7E,CAAC;IACJ,CAAC;IAED,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,UAAoB;IAEpB,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEzC,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/B,CAAC;QAAC,MAAM,CAAC;YACP,iCAAiC;YACjC,SAAS;QACX,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACpC,MAAM,aAAa,GAAG,IAAI,CAAC,UAAU,EAAE,KAAK,GAAG,OAAO,CAAC,CAAC;YACxD,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,aAAa,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;gBAC5C,0BAA0B;gBAC1B,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,UAAU,CAAC,CAAC;gBAClD,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;YACjC,CAAC;YAAC,MAAM,CAAC;gBACP,0CAA0C;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAuB,EACvB,YAAiC;IAEjC,MAAM,MAAM,GAAoB,EAAE,CAAC;IAEnC,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;QACpC,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,UAAU,KAAK,CAAC,EAAE,gFAAgF,CACnG,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,UAAU,CAAC,CAAC;QAClD,IAAI,GAAG,CAAC,EAAE,KAAK,KAAK,CAAC,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CACb,oCAAoC,KAAK,CAAC,EAAE,SAAS,KAAK,CAAC,EAAE,cAAc,GAAG,CAAC,EAAE,GAAG,CACrF,CAAC;QACJ,CAAC;QAED,0BAA0B;QAC1B,MAAM,MAAM,GAAkB;YAC5B,EAAE,EAAE,KAAK,CAAC,EAAE;YACZ,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,gBAAgB,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,SAAS;YAC9F,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,QAAQ,EAAE,UAAU;SACrB,CAAC;QAEF,IAAI,GAAG,CAAC,QAAQ;YAAE,MAAM,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;QACjD,IAAI,GAAG,CAAC,UAAU;YAAE,MAAM,CAAC,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;QACvD,IAAI,GAAG,CAAC,KAAK;YAAE,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACxC,IAAI,GAAG,CAAC,eAAe;YAAE,MAAM,CAAC,eAAe,GAAG,GAAG,CAAC,eAAe,CAAC;QACtE,IAAI,GAAG,CAAC,aAAa;YAAE,MAAM,CAAC,aAAa,GAAG,GAAG,CAAC,aAAa,CAAC;QAEhE,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,MAAM,CAAC,WAAW,GAAG,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YAC5C,+CAA+C;YAC/C,IAAI,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC;gBACvC,MAAM,CAAC,WAAW,CAAC,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;oBAC7C,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;oBAC1C,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YACjC,CAAC;YACD,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;gBAC9B,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAQD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,UAAkB;IACjD,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,+BAA+B,UAAU,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACjG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACxG,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,IACE,OAAO,MAAM,KAAK,QAAQ;QAC1B,MAAM,KAAK,IAAI;QACf,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC;QACrB,CAAC,KAAK,CAAC,OAAO,CAAE,MAAkC,CAAC,MAAM,CAAC,EAC1D,CAAC;QACD,MAAM,IAAI,KAAK,CACb,gBAAgB,UAAU,wDAAwD,CACnF,CAAC;IACJ,CAAC;IAED,OAAO,MAA4B,CAAC;AACtC,CAAC;AASD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAoB,EACpB,QAAgB;IAEhB,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,OAAO,KAAK,CAAC,EAAE,KAAK,QAAQ,IAAI,KAAK,CAAC,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACxE,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;IAED,8EAA8E;IAC9E,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IACnE,MAAM,sBAAsB,GAAG,KAAK,CAAC,WAAW,EAAE,SAAS;QACzD,CAAC,CAAC,4BAA4B,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,CAAC;QAC/D,CAAC,CAAC,KAAK,CAAC;IACV,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,iBAAiB,IAAI,sBAAsB,EAAE,CAAC;QACvF,sEAAsE;IACxE,CAAC;SAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,oDAAoD,CAAC,CAAC;IACpE,CAAC;SAAM,CAAC;QACN,wEAAwE;QACxE,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACnE,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,gBAAgB,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QACjD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,CAAC,IAAI,CACT,sBAAsB,KAAK,CAAC,gBAAgB,mBAAmB,gBAAgB,GAAG,CACnF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC;AAED,yCAAyC;AAEzC,uEAAuE;AACvE,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAAoB,EACpB,aAAqB;IAErB,IAAI,KAAK,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,cAAc,GAAG,iBAAiB,CAAC,aAAa,CAAC,CAAC;IAExD,OAAO,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE;QAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;QACzD,OAAO,CACL,cAAc,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC5C,mBAAmB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAC7C,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CACvC,MAAuB,EACvB,aAAqB;IAErB,OAAO,MAAM;SACV,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,KAAK,KAAK,CAAC;SAC1C,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,sBAAsB,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,sCAAsC;AAEtC;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,EAAU,EAAE,QAAgB;IAC7D,sCAAsC;IACtC,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,eAAe,CAAC;IAE/D,8CAA8C;IAC9C,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAClC,kDAAkD,CACnD,CAAC;IACF,IAAI,aAAa,EAAE,CAAC;QAClB,QAAQ,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,CAAC;IAED,OAAO;QACL,EAAE;QACF,IAAI;QACJ,QAAQ;QACR,OAAO,EAAE,QAAQ;KAClB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,KAAoB,EACpB,QAAgB;IAEhB,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,UAAU,KAAK,CAAC,EAAE,2BAA2B,CAAC,CAAC;IACjE,CAAC;IACD,MAAM,gBAAgB,GAAG,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;IACnE,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CACb,qCAAqC,KAAK,CAAC,gBAAgB,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACnH,EAAE,KAAK,EAAE,GAAG,EAAE,CACf,CAAC;IACJ,CAAC;IAED,OAAO,kBAAkB,CAAC,KAAK,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;AAChD,CAAC;AAED,yBAAyB;AACzB,8EAA8E;AAC9E,0EAA0E;AAC1E,uEAAuE;AAEvE;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,KAAe,EACf,eAA0B;IAE1B,IAAI,CAAC,eAAe,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,eAAe,CAAC,CAAC;IAC3C,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CACjC,KAAe,EACf,aAAwB;IAExB,IAAI,CAAC,aAAa,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,aAAa,CAAC,CAAC;IACzC,OAAO,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAAe,EACf,KAAoB;IAEpB,MAAM,UAAU,GAAG,qBAAqB,CAAC,KAAK,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IACvE,OAAO,mBAAmB,CAAC,UAAU,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;AAC9D,CAAC"}

package/dist/check-types.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Check type descriptor system.
+ *
+ * Each check type declares its characteristics (needs AI, needs instructions, etc.)
+ * in one place. Code throughout the codebase queries these descriptors instead
+ * of comparing raw type strings.
+ *
+ * Check types describe *execution mode* (what happens with targets).
+ * Discovery type (how targets are found) is a separate axis — see src/discovery.ts.
+ */
+/** Characteristics of a check type. */
+export interface CheckTypeDescriptor {
+    /** The string value used in check definitions. */
+    readonly type: string;
+    /** Whether the check requires an AI provider. */
+    readonly needsAI: boolean;
+    /** Whether the check requires an instructions markdown file. */
+    readonly needsInstructions: boolean;
+    /** Whether the check supports maxTargets (multi-target checks). */
+    readonly supportsMaxTargets: boolean;
+}
+/**
+ * Get the descriptor for a check type string.
+ * Returns conservative defaults for unknown/undefined types.
+ */
+export declare function getCheckType(type: string | undefined): CheckTypeDescriptor;
+/** All valid check type strings. */
+export declare function getValidCheckTypes(): string[];
+/** Check type string constants for use in routing (scan-runner switch). */
+export declare const CHECK_TYPE: {
+    readonly REPOSITORY: string;
+    readonly TARGETED: string;
+    readonly STATIC: string;
+};
+//# sourceMappingURL=check-types.d.ts.map

package/dist/check-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-types.d.ts","sourceRoot":"","sources":["../src/check-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,uCAAuC;AACvC,MAAM,WAAW,mBAAmB;IAClC,kDAAkD;IAClD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,gEAAgE;IAChE,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,mEAAmE;IACnE,QAAQ,CAAC,kBAAkB,EAAE,OAAO,CAAC;CACtC;AA6CD;;;GAGG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,mBAAmB,CAG1E;AAED,oCAAoC;AACpC,wBAAgB,kBAAkB,IAAI,MAAM,EAAE,CAE7C;AAED,2EAA2E;AAC3E,eAAO,MAAM,UAAU;;;;CAIb,CAAC"}

package/dist/check-types.js

@@ -0,0 +1,66 @@
+/**
+ * Check type descriptor system.
+ *
+ * Each check type declares its characteristics (needs AI, needs instructions, etc.)
+ * in one place. Code throughout the codebase queries these descriptors instead
+ * of comparing raw type strings.
+ *
+ * Check types describe *execution mode* (what happens with targets).
+ * Discovery type (how targets are found) is a separate axis — see src/discovery.ts.
+ */
+// --- Check Type Definitions ---
+const REPOSITORY = {
+    type: 'repository',
+    needsAI: true,
+    needsInstructions: true,
+    supportsMaxTargets: false,
+};
+const TARGETED = {
+    type: 'targeted',
+    needsAI: true,
+    needsInstructions: true,
+    supportsMaxTargets: true,
+};
+const STATIC = {
+    type: 'static',
+    needsAI: false,
+    needsInstructions: false,
+    supportsMaxTargets: true,
+};
+/** All registered check types, keyed by their type string. */
+const CHECK_TYPES = new Map([
+    [REPOSITORY.type, REPOSITORY],
+    [TARGETED.type, TARGETED],
+    [STATIC.type, STATIC],
+]);
+/**
+ * Default descriptor used when the type is unknown or undefined.
+ * Conservative defaults: requires AI and instructions (the common case).
+ */
+const DEFAULT_DESCRIPTOR = {
+    type: '',
+    needsAI: true,
+    needsInstructions: true,
+    supportsMaxTargets: false,
+};
+// --- Public API ---
+/**
+ * Get the descriptor for a check type string.
+ * Returns conservative defaults for unknown/undefined types.
+ */
+export function getCheckType(type) {
+    if (!type)
+        return DEFAULT_DESCRIPTOR;
+    return CHECK_TYPES.get(type) ?? DEFAULT_DESCRIPTOR;
+}
+/** All valid check type strings. */
+export function getValidCheckTypes() {
+    return [...CHECK_TYPES.keys()];
+}
+/** Check type string constants for use in routing (scan-runner switch). */
+export const CHECK_TYPE = {
+    REPOSITORY: REPOSITORY.type,
+    TARGETED: TARGETED.type,
+    STATIC: STATIC.type,
+};
+//# sourceMappingURL=check-types.js.map

package/dist/check-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-types.js","sourceRoot":"","sources":["../src/check-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAcH,iCAAiC;AAEjC,MAAM,UAAU,GAAwB;IACtC,IAAI,EAAE,YAAY;IAClB,OAAO,EAAE,IAAI;IACb,iBAAiB,EAAE,IAAI;IACvB,kBAAkB,EAAE,KAAK;CAC1B,CAAC;AAEF,MAAM,QAAQ,GAAwB;IACpC,IAAI,EAAE,UAAU;IAChB,OAAO,EAAE,IAAI;IACb,iBAAiB,EAAE,IAAI;IACvB,kBAAkB,EAAE,IAAI;CACzB,CAAC;AAEF,MAAM,MAAM,GAAwB;IAClC,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,KAAK;IACd,iBAAiB,EAAE,KAAK;IACxB,kBAAkB,EAAE,IAAI;CACzB,CAAC;AAEF,8DAA8D;AAC9D,MAAM,WAAW,GAA6C,IAAI,GAAG,CAAC;IACpE,CAAC,UAAU,CAAC,IAAI,EAAE,UAAU,CAAC;IAC7B,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC;IACzB,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC;CACtB,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,kBAAkB,GAAwB;IAC9C,IAAI,EAAE,EAAE;IACR,OAAO,EAAE,IAAI;IACb,iBAAiB,EAAE,IAAI;IACvB,kBAAkB,EAAE,KAAK;CAC1B,CAAC;AAEF,qBAAqB;AAErB;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,IAAwB;IACnD,IAAI,CAAC,IAAI;QAAE,OAAO,kBAAkB,CAAC;IACrC,OAAO,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,kBAAkB,CAAC;AACrD,CAAC;AAED,oCAAoC;AACpC,MAAM,UAAU,kBAAkB;IAChC,OAAO,CAAC,GAAG,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;AACjC,CAAC;AAED,2EAA2E;AAC3E,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,UAAU,EAAE,UAAU,CAAC,IAAI;IAC3B,QAAQ,EAAE,QAAQ,CAAC,IAAI;IACvB,MAAM,EAAE,MAAM,CAAC,IAAI;CACX,CAAC"}

package/dist/claude-code-provider.d.ts

@@ -19,8 +19,11 @@ export declare class ClaudeCodeProvider implements AIProvider {
     });
     initialize(config: ProviderConfig): Promise<void>;
     getModelName(): string;
+    setModel(model: string): void;
     enableDebug(): void;
-    executeCheck(instructions: string, repositoryPath: string, logPrefix?: string): Promise<AIResponse>;
+    executeCheck(instructions: string, repositoryPath: string, logPrefix?: string, options?: {
+        maxTurns?: number;
+    }): Promise<AIResponse>;
     validateConfig(): Promise<boolean>;
 }
 //# sourceMappingURL=claude-code-provider.d.ts.map

package/dist/claude-code-provider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"claude-code-provider.d.ts","sourceRoot":"","sources":["../src/claude-code-provider.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAA6B,MAAM,YAAY,CAAC;AASpG,gEAAgE;AAChE,MAAM,MAAM,OAAO,GAAG,CAAC,MAAM,EAAE;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC,KAAK,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAsC7C,qBAAa,kBAAmB,YAAW,UAAU;IACnD,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,cAAc,CAAkB;IACxC,OAAO,CAAC,KAAK,CAA4B;IACzC,OAAO,CAAC,QAAQ,CAAsB;IACtC,OAAO,CAAC,YAAY,CAAkB;gBAE1B,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAA;KAAE;IAItC,UAAU,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBvD,YAAY,IAAI,MAAM;IAItB,WAAW,IAAI,IAAI;IAIb,YAAY,CAChB,YAAY,EAAE,MAAM,EACpB,cAAc,EAAE,MAAM,EACtB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,UAAU,CAAC;IAqMhB,cAAc,IAAI,OAAO,CAAC,OAAO,CAAC;CAGzC"}
+{"version":3,"file":"claude-code-provider.d.ts","sourceRoot":"","sources":["../src/claude-code-provider.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,cAAc,EAA6B,MAAM,YAAY,CAAC;AAUpG,gEAAgE;AAChE,MAAM,MAAM,OAAO,GAAG,CAAC,MAAM,EAAE;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC,KAAK,aAAa,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAsC7C,qBAAa,kBAAmB,YAAW,UAAU;IACnD,OAAO,CAAC,MAAM,CAAqB;IACnC,OAAO,CAAC,cAAc,CAAkB;IACxC,OAAO,CAAC,KAAK,CAA4B;IACzC,OAAO,CAAC,QAAQ,CAAsB;IACtC,OAAO,CAAC,YAAY,CAAkB;gBAE1B,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAA;KAAE;IAItC,UAAU,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBvD,YAAY,IAAI,MAAM;IAItB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAI7B,WAAW,IAAI,IAAI;IAIb,YAAY,CAChB,YAAY,EAAE,MAAM,EACpB,cAAc,EAAE,MAAM,EACtB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAC9B,OAAO,CAAC,UAAU,CAAC;IA4MhB,cAAc,IAAI,OAAO,CAAC,OAAO,CAAC;CAGzC"}

package/dist/claude-code-provider.js

@@ -8,6 +8,7 @@ import { logProgress, logDebug, logDebugFull, createTimer } from './logging.js';
 const TAG = 'ai-provider';
 const HEARTBEAT_INTERVAL_MS = 15000; // Log heartbeat every 15s if no activity
 const MAX_API_ERROR_RETRIES = 3; // Fail after this many consecutive API errors
+const MAX_ERROR_DETECTION_LENGTH = 200; // Only check short text chunks for SDK error patterns — longer text is AI analysis content
 // JSON schema for structured output (matches spec Section 4.4)
 const OUTPUT_SCHEMA = {
     type: 'object',
@@ -73,15 +74,19 @@ export class ClaudeCodeProvider {
     getModelName() {
         return this.model;
     }
+    setModel(model) {
+        this.model = model;
+    }
     enableDebug() {
         this.debugEnabled = true;
     }
-    async executeCheck(instructions, repositoryPath, logPrefix) {
+    async executeCheck(instructions, repositoryPath, logPrefix, options) {
         const queryFn = this._queryFn ?? (await import('@anthropic-ai/claude-agent-sdk')).query;
         const timer = createTimer();
         const prefix = logPrefix ? `${logPrefix} ` : '';
+        const effectiveMaxTurns = options?.maxTurns ?? 100;
         const prompt = instructions;
-        logDebug(TAG, `${prefix}Starting query: model=${this.model}, cwd=${repositoryPath}, promptLen=${prompt.length}`);
+        logDebug(TAG, `${prefix}Starting query: model=${this.model}, cwd=${repositoryPath}, promptLen=${prompt.length}, maxTurns=${effectiveMaxTurns}`);
         if (this.debugEnabled) {
             logDebugFull(TAG, `${prefix}Full prompt sent to AI`, prompt);
         }
@@ -91,7 +96,7 @@ export class ClaudeCodeProvider {
                 model: this.model,
                 cwd: repositoryPath,
                 allowedTools: ['Read', 'Glob', 'Grep', 'Bash', 'WebSearch', 'WebFetch'],
-                maxTurns: 100,
+                maxTurns: effectiveMaxTurns,
                 permissionMode: 'bypassPermissions',
                 outputFormat: {
                     type: 'json_schema',
@@ -150,23 +155,28 @@ export class ClaudeCodeProvider {
                             .filter(Boolean);
                         if (textChunks.length > 0) {
                             logDebug(TAG, `${prefix}Assistant: ${textChunks.join(' | ')}`);
-                            // Detect rate-limit messages — fail immediately since retrying won't help
-                            const rateLimitMatch = textChunks.find((t) => /you've hit your limit|rate limit/i.test(t));
+                            // Error detection: only check short text chunks to avoid matching the AI's
+                            // own analysis text (e.g., a security finding mentioning "rate limiting").
+                            // SDK/API error messages are typically short (under 200 chars), while AI analysis
+                            // text is much longer.
+                            const shortChunks = textChunks.filter((t) => t.length < MAX_ERROR_DETECTION_LENGTH);
+                            // Detect rate-limit messages — fail immediately since retrying won't help.
+                            const rateLimitMatch = shortChunks.find((t) => /you've hit your limit|API Error:\s*429|rate.?limit.?exceeded/i.test(t));
                             if (rateLimitMatch) {
                                 throw new FatalProviderError(`AI provider rate limit reached: ${rateLimitMatch}`);
                             }
                             // Detect authentication errors (401) — fail immediately, unrecoverable
-                            const authErrorMatch = textChunks.find((t) => /API Error:\s*401/i.test(t));
+                            const authErrorMatch = shortChunks.find((t) => /API Error:\s*401/i.test(t));
                             if (authErrorMatch) {
                                 throw new FatalProviderError(`AI provider authentication failed (401): ${authErrorMatch}`);
                             }
                             // Detect login required — fail immediately, unrecoverable without user action
-                            const loginRequiredMatch = textChunks.find((t) => /not logged in/i.test(t));
+                            const loginRequiredMatch = shortChunks.find((t) => /not logged in/i.test(t));
                             if (loginRequiredMatch) {
                                 throw new FatalProviderError(`AI provider not logged in: ${loginRequiredMatch}. Please authenticate before running scans.`);
                             }
                             // Detect API errors surfaced as assistant text by the SDK
-                            const apiErrorMatch = textChunks.find((t) => t.includes('API Error:'));
+                            const apiErrorMatch = shortChunks.find((t) => t.includes('API Error:'));
                             if (apiErrorMatch) {
                                 consecutiveApiErrors++;
                                 if (consecutiveApiErrors >= MAX_API_ERROR_RETRIES) {