@de-otio/repo-aegis-core 0.2.0

package/dist/lock.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lock.js","sourceRoot":"","sources":["../src/lock.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,qDAAqD;AACrD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,QAAQ,MAAM,iBAAiB,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAC1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AASnD;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAI,EAAwB,EAAE,OAAoB,EAAE;IAChF,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,IAAI,YAAY,EAAE,CAAC;IAC7C,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,qDAAqD;IACrD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,aAAa,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAE/C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC;IACvC,IAAI,OAA4B,CAAC;IACjC,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE;YAClC,KAAK,EAAE,MAAM;YACb,OAAO,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE;SAC5F,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,GAAI,GAAyB,CAAC,IAAI,CAAC;QAC7C,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAClD,MAAM,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,IAAI,CAAC;QACH,OAAO,MAAM,EAAE,EAAE,CAAC;IACpB,CAAC;YAAS,CAAC;QACT,IAAI,CAAC;YACH,MAAM,OAAO,EAAE,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC;YACP,qEAAqE;QACvE,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAI,EAAW,EAAE,OAAoB,EAAE;IACjE,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,IAAI,YAAY,EAAE,CAAC;IAC7C,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,aAAa,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAE/C,IAAI,OAAmB,CAAC;IACxB,IAAI,CAAC;QACH,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,GAAI,GAAyB,CAAC,IAAI,CAAC;QAC7C,IAAI,IAAI,KAAK,SAAS,IAAI,IAAI,KAAK,cAAc,EAAE,CAAC;YAClD,MAAM,IAAI,gBAAgB,CAAC,IAAI,CAAC,CAAC;QACnC,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,IAAI,CAAC;QACH,OAAO,EAAE,EAAE,CAAC;IACd,CAAC;YAAS,CAAC;QACT,IAAI,CAAC;YACH,OAAO,EAAE,CAAC;QACZ,CAAC;QAAC,MAAM,CAAC;YACP,0CAA0C;QAC5C,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/lock.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=lock.test.d.ts.map

package/dist/lock.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lock.test.d.ts","sourceRoot":"","sources":["../src/lock.test.ts"],"names":[],"mappings":""}

package/dist/lock.test.js

@@ -0,0 +1,125 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+// Copyright (C) 2026 Richard Myers and contributors.
+import { describe, it, before, after } from "node:test";
+import assert from "node:assert/strict";
+import { mkdtempSync, writeFileSync, existsSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import lockfile from "proper-lockfile";
+import { withLock, withLockSync } from "./lock.js";
+import { LockTimeoutError } from "./exceptions.js";
+let tmp;
+before(() => {
+    tmp = mkdtempSync(join(tmpdir(), "repo-aegis-lock-test-"));
+});
+after(() => {
+    rmSync(tmp, { recursive: true, force: true });
+});
+function lockPathFor(name) {
+    const p = join(tmp, name);
+    writeFileSync(p, "");
+    return p;
+}
+describe("withLockSync", () => {
+    it("runs fn while holding the lock and returns its result", () => {
+        const lp = lockPathFor("happy.lock");
+        const result = withLockSync(() => 42, { lockPath: lp });
+        assert.equal(result, 42);
+    });
+    it("releases the lock even when fn throws", () => {
+        const lp = lockPathFor("throw.lock");
+        assert.throws(() => withLockSync(() => { throw new Error("boom"); }, { lockPath: lp }), /boom/);
+        // Should be able to acquire it again immediately.
+        const r = withLockSync(() => "ok", { lockPath: lp });
+        assert.equal(r, "ok");
+    });
+    it("creates the lock file if missing", () => {
+        const lp = join(tmp, "auto-create.lock");
+        assert.equal(existsSync(lp), false);
+        withLockSync(() => 1, { lockPath: lp });
+        assert.ok(existsSync(lp));
+    });
+    it("throws LockTimeoutError when another process holds the lock", () => {
+        const lp = lockPathFor("contended.lock");
+        const release = lockfile.lockSync(lp, { stale: 30_000 });
+        try {
+            assert.throws(() => withLockSync(() => 1, { lockPath: lp }), LockTimeoutError);
+        }
+        finally {
+            release();
+        }
+    });
+});
+describe("withLock (async)", () => {
+    it("runs fn and returns its result", async () => {
+        const lp = lockPathFor("async-happy.lock");
+        const result = await withLock(() => 99, { lockPath: lp });
+        assert.equal(result, 99);
+    });
+    it("supports async fn", async () => {
+        const lp = lockPathFor("async-fn.lock");
+        const result = await withLock(async () => {
+            await new Promise(r => setTimeout(r, 5));
+            return "done";
+        }, { lockPath: lp });
+        assert.equal(result, "done");
+    });
+    it("releases the lock when fn rejects", async () => {
+        const lp = lockPathFor("async-reject.lock");
+        await assert.rejects(withLock(async () => { throw new Error("x"); }, { lockPath: lp }), /x/);
+        const r = await withLock(() => "ok", { lockPath: lp });
+        assert.equal(r, "ok");
+    });
+    it("serializes two parallel withLock calls against the same lockPath", async () => {
+        // Two concurrent withLock calls on the same path must NOT overlap.
+        // We record entry/exit timestamps for each and assert one's interval
+        // fully precedes the other.
+        const lp = lockPathFor("async-serialize.lock");
+        const HOLD_MS = 60;
+        const spans = [];
+        async function critical(label) {
+            return withLock(async () => {
+                const start = Date.now();
+                await new Promise(r => setTimeout(r, HOLD_MS));
+                const end = Date.now();
+                const span = { start, end, label };
+                spans.push(span);
+                return span;
+            }, { lockPath: lp, timeoutMs: 5000 });
+        }
+        const [a, b] = await Promise.all([critical("a"), critical("b")]);
+        // Sort by start time and assert non-overlap.
+        const sorted = [a, b].sort((x, y) => x.start - y.start);
+        assert.ok(sorted[0].end <= sorted[1].start, `expected serialized intervals; got a=[${a.start},${a.end}] b=[${b.start},${b.end}]`);
+        assert.equal(spans.length, 2);
+    });
+    it("throws LockTimeoutError when the path is held by lockfile.lockSync", async () => {
+        const lp = lockPathFor("async-contended.lock");
+        const release = lockfile.lockSync(lp, { stale: 30_000 });
+        try {
+            await assert.rejects(withLock(() => 1, { lockPath: lp, timeoutMs: 100 }), LockTimeoutError);
+        }
+        finally {
+            release();
+        }
+    });
+    it("honours timeoutMs (rejects within the timeout window)", async () => {
+        const lp = lockPathFor("async-timeout.lock");
+        const release = lockfile.lockSync(lp, { stale: 30_000 });
+        try {
+            const t0 = Date.now();
+            await assert.rejects(withLock(() => 1, { lockPath: lp, timeoutMs: 100 }), LockTimeoutError);
+            const elapsed = Date.now() - t0;
+            // proper-lockfile retry math + jitter: a 100ms timeout typically
+            // settles in well under 500ms. Generous upper bound to avoid CI
+            // flake on busy runners; the lower bound asserts we waited at all
+            // (i.e. that timeoutMs wasn't ignored entirely and rejected
+            // immediately at the very first retry).
+            assert.ok(elapsed < 1500, `withLock should reject promptly under timeoutMs=100; elapsed=${elapsed}ms`);
+        }
+        finally {
+            release();
+        }
+    });
+});
+//# sourceMappingURL=lock.test.js.map

package/dist/lock.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"lock.test.js","sourceRoot":"","sources":["../src/lock.test.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,qDAAqD;AACrD,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC;AACxD,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACzE,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,QAAQ,MAAM,iBAAiB,CAAC;AACvC,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAEnD,IAAI,GAAW,CAAC;AAEhB,MAAM,CAAC,GAAG,EAAE;IACV,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC,CAAC;AAC7D,CAAC,CAAC,CAAC;AAEH,KAAK,CAAC,GAAG,EAAE;IACT,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;AAChD,CAAC,CAAC,CAAC;AAEH,SAAS,WAAW,CAAC,IAAY;IAC/B,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC1B,aAAa,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACrB,OAAO,CAAC,CAAC;AACX,CAAC;AAED,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,MAAM,EAAE,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QACxD,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,EAAE,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,GAAG,EAAE,GAAG,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,CAAC,CAAC;QAChG,kDAAkD;QAClD,MAAM,CAAC,GAAG,YAAY,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QACrD,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;QACzC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;QACpC,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QACxC,MAAM,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,EAAE,GAAG,WAAW,CAAC,gBAAgB,CAAC,CAAC;QACzC,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACzD,IAAI,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,EAAE,gBAAgB,CAAC,CAAC;QACjF,CAAC;gBAAS,CAAC;YACT,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,EAAE,GAAG,WAAW,CAAC,kBAAkB,CAAC,CAAC;QAC3C,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QAC1D,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mBAAmB,EAAE,KAAK,IAAI,EAAE;QACjC,MAAM,EAAE,GAAG,WAAW,CAAC,eAAe,CAAC,CAAC;QACxC,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,IAAI,EAAE;YACvC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACzC,OAAO,MAAM,CAAC;QAChB,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QACrB,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,EAAE,GAAG,WAAW,CAAC,mBAAmB,CAAC,CAAC;QAC5C,MAAM,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,IAAI,EAAE,GAAG,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QAC7F,MAAM,CAAC,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QACvD,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;QAChF,mEAAmE;QACnE,qEAAqE;QACrE,4BAA4B;QAC5B,MAAM,EAAE,GAAG,WAAW,CAAC,sBAAsB,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,EAAE,CAAC;QAGnB,MAAM,KAAK,GAAW,EAAE,CAAC;QAEzB,KAAK,UAAU,QAAQ,CAAC,KAAa;YACnC,OAAO,QAAQ,CAAC,KAAK,IAAI,EAAE;gBACzB,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACzB,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;gBAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACvB,MAAM,IAAI,GAAS,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC;gBACzC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBACjB,OAAO,IAAI,CAAC;YACd,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACxC,CAAC;QAED,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACjE,6CAA6C;QAC7C,MAAM,MAAM,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC;QACxD,MAAM,CAAC,EAAE,CACP,MAAM,CAAC,CAAC,CAAE,CAAC,GAAG,IAAI,MAAM,CAAC,CAAC,CAAE,CAAC,KAAK,EAClC,yCAAyC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,GAAG,CACrF,CAAC;QACF,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oEAAoE,EAAE,KAAK,IAAI,EAAE;QAClF,MAAM,EAAE,GAAG,WAAW,CAAC,sBAAsB,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACzD,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAClB,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,EACnD,gBAAgB,CACjB,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,EAAE,GAAG,WAAW,CAAC,oBAAoB,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACzD,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACtB,MAAM,MAAM,CAAC,OAAO,CAClB,QAAQ,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,EACnD,gBAAgB,CACjB,CAAC;YACF,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;YAChC,iEAAiE;YACjE,gEAAgE;YAChE,kEAAkE;YAClE,4DAA4D;YAC5D,wCAAwC;YACxC,MAAM,CAAC,EAAE,CACP,OAAO,GAAG,IAAI,EACd,gEAAgE,OAAO,IAAI,CAC5E,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/paths.d.ts

@@ -0,0 +1,22 @@
+export declare function repoAegisHome(): string;
+export declare function registryPath(home?: string): string;
+export declare function markersDir(home?: string): string;
+export declare function flatMarkersPath(home?: string): string;
+export declare function statePath(home?: string): string;
+export declare function leakContextFlagPath(home?: string): string;
+export declare function lockFilePath(home?: string): string;
+export declare function denySetCachePath(home?: string): string;
+/**
+ * Path of the operator audit log. JSON Lines, append-only, chmod 600.
+ * Off by default; opted into via `~/.config/repo-aegis/state/audit-log.json`
+ * (`{ "enabled": true }`). See `audit-log.ts` for the writer and
+ * `cli/commands/audit-log.ts` for the on/off/show/path subcommands.
+ */
+export declare function auditLogPath(home?: string): string;
+/**
+ * True if `REPO_AEGIS_HOME` is set in the environment, indicating the user
+ * (or a parent process) has overridden the default home. CLI uses this to
+ * print a stderr warning that the override is in effect.
+ */
+export declare function isHomeOverridden(): boolean;
+//# sourceMappingURL=paths.d.ts.map

package/dist/paths.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.d.ts","sourceRoot":"","sources":["../src/paths.ts"],"names":[],"mappings":"AAKA,wBAAgB,aAAa,IAAI,MAAM,CAEtC;AAED,wBAAgB,YAAY,CAAC,IAAI,GAAE,MAAwB,GAAG,MAAM,CAEnE;AAED,wBAAgB,UAAU,CAAC,IAAI,GAAE,MAAwB,GAAG,MAAM,CAEjE;AAED,wBAAgB,eAAe,CAAC,IAAI,GAAE,MAAwB,GAAG,MAAM,CAEtE;AAED,wBAAgB,SAAS,CAAC,IAAI,GAAE,MAAwB,GAAG,MAAM,CAEhE;AAED,wBAAgB,mBAAmB,CAAC,IAAI,GAAE,MAAwB,GAAG,MAAM,CAE1E;AAED,wBAAgB,YAAY,CAAC,IAAI,GAAE,MAAwB,GAAG,MAAM,CAEnE;AAED,wBAAgB,gBAAgB,CAAC,IAAI,GAAE,MAAwB,GAAG,MAAM,CAEvE;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,IAAI,GAAE,MAAwB,GAAG,MAAM,CAEnE;AAED;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,OAAO,CAE1C"}

package/dist/paths.js

@@ -0,0 +1,46 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+// Copyright (C) 2026 Richard Myers and contributors.
+import { homedir } from "node:os";
+import { join } from "node:path";
+export function repoAegisHome() {
+    return process.env["REPO_AEGIS_HOME"] ?? join(homedir(), ".config", "repo-aegis");
+}
+export function registryPath(home = repoAegisHome()) {
+    return process.env["REPO_AEGIS_REGISTRY"] ?? join(home, "engagements.yaml");
+}
+export function markersDir(home = repoAegisHome()) {
+    return process.env["REPO_AEGIS_MARKERS_DIR"] ?? join(home, "markers");
+}
+export function flatMarkersPath(home = repoAegisHome()) {
+    return join(home, "markers.txt");
+}
+export function statePath(home = repoAegisHome()) {
+    return join(home, "state");
+}
+export function leakContextFlagPath(home = repoAegisHome()) {
+    return join(statePath(home), "leak-context-mode");
+}
+export function lockFilePath(home = repoAegisHome()) {
+    return join(statePath(home), ".lock");
+}
+export function denySetCachePath(home = repoAegisHome()) {
+    return join(statePath(home), "deny-set.cache.json");
+}
+/**
+ * Path of the operator audit log. JSON Lines, append-only, chmod 600.
+ * Off by default; opted into via `~/.config/repo-aegis/state/audit-log.json`
+ * (`{ "enabled": true }`). See `audit-log.ts` for the writer and
+ * `cli/commands/audit-log.ts` for the on/off/show/path subcommands.
+ */
+export function auditLogPath(home = repoAegisHome()) {
+    return join(statePath(home), "audit.log");
+}
+/**
+ * True if `REPO_AEGIS_HOME` is set in the environment, indicating the user
+ * (or a parent process) has overridden the default home. CLI uses this to
+ * print a stderr warning that the override is in effect.
+ */
+export function isHomeOverridden() {
+    return process.env["REPO_AEGIS_HOME"] !== undefined;
+}
+//# sourceMappingURL=paths.js.map

package/dist/paths.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.js","sourceRoot":"","sources":["../src/paths.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,qDAAqD;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,MAAM,UAAU,aAAa;IAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;AACpF,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,OAAe,aAAa,EAAE;IACzD,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;AAC9E,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,OAAe,aAAa,EAAE;IACvD,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;AACxE,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,OAAe,aAAa,EAAE;IAC5D,OAAO,IAAI,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,OAAe,aAAa,EAAE;IACtD,OAAO,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAe,aAAa,EAAE;IAChE,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,mBAAmB,CAAC,CAAC;AACpD,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,OAAe,aAAa,EAAE;IACzD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,OAAe,aAAa,EAAE;IAC7D,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,qBAAqB,CAAC,CAAC;AACtD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,OAAe,aAAa,EAAE;IACzD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,CAAC;AAC5C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,gBAAgB;IAC9B,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,SAAS,CAAC;AACtD,CAAC"}

package/dist/paths.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=paths.test.d.ts.map

package/dist/paths.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.test.d.ts","sourceRoot":"","sources":["../src/paths.test.ts"],"names":[],"mappings":""}

package/dist/paths.test.js

@@ -0,0 +1,78 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+// Copyright (C) 2026 Richard Myers and contributors.
+import { describe, it, beforeEach, afterEach } from "node:test";
+import assert from "node:assert/strict";
+import { repoAegisHome, registryPath, markersDir, flatMarkersPath, statePath, leakContextFlagPath, lockFilePath, isHomeOverridden, } from "./paths.js";
+let originalHome;
+let originalRegistry;
+let originalMarkersDir;
+beforeEach(() => {
+    originalHome = process.env["REPO_AEGIS_HOME"];
+    originalRegistry = process.env["REPO_AEGIS_REGISTRY"];
+    originalMarkersDir = process.env["REPO_AEGIS_MARKERS_DIR"];
+    delete process.env["REPO_AEGIS_HOME"];
+    delete process.env["REPO_AEGIS_REGISTRY"];
+    delete process.env["REPO_AEGIS_MARKERS_DIR"];
+});
+afterEach(() => {
+    if (originalHome !== undefined)
+        process.env["REPO_AEGIS_HOME"] = originalHome;
+    else
+        delete process.env["REPO_AEGIS_HOME"];
+    if (originalRegistry !== undefined)
+        process.env["REPO_AEGIS_REGISTRY"] = originalRegistry;
+    else
+        delete process.env["REPO_AEGIS_REGISTRY"];
+    if (originalMarkersDir !== undefined)
+        process.env["REPO_AEGIS_MARKERS_DIR"] = originalMarkersDir;
+    else
+        delete process.env["REPO_AEGIS_MARKERS_DIR"];
+});
+describe("paths", () => {
+    it("default home is ~/.config/repo-aegis", () => {
+        const h = repoAegisHome();
+        assert.match(h, /\.config\/repo-aegis$/);
+    });
+    it("REPO_AEGIS_HOME env overrides home", () => {
+        process.env["REPO_AEGIS_HOME"] = "/tmp/custom";
+        assert.equal(repoAegisHome(), "/tmp/custom");
+    });
+    it("REPO_AEGIS_REGISTRY overrides registry path", () => {
+        process.env["REPO_AEGIS_REGISTRY"] = "/tmp/custom-registry.yaml";
+        assert.equal(registryPath(), "/tmp/custom-registry.yaml");
+    });
+    it("registryPath defaults to home/engagements.yaml", () => {
+        process.env["REPO_AEGIS_HOME"] = "/tmp/x";
+        assert.equal(registryPath(), "/tmp/x/engagements.yaml");
+    });
+    it("REPO_AEGIS_MARKERS_DIR overrides markers path", () => {
+        process.env["REPO_AEGIS_MARKERS_DIR"] = "/tmp/custom-markers";
+        assert.equal(markersDir(), "/tmp/custom-markers");
+    });
+    it("markersDir defaults to home/markers", () => {
+        process.env["REPO_AEGIS_HOME"] = "/tmp/x";
+        assert.equal(markersDir(), "/tmp/x/markers");
+    });
+    it("flatMarkersPath is home/markers.txt", () => {
+        process.env["REPO_AEGIS_HOME"] = "/tmp/x";
+        assert.equal(flatMarkersPath(), "/tmp/x/markers.txt");
+    });
+    it("statePath is home/state", () => {
+        process.env["REPO_AEGIS_HOME"] = "/tmp/x";
+        assert.equal(statePath(), "/tmp/x/state");
+    });
+    it("leakContextFlagPath is home/state/leak-context-mode", () => {
+        process.env["REPO_AEGIS_HOME"] = "/tmp/x";
+        assert.equal(leakContextFlagPath(), "/tmp/x/state/leak-context-mode");
+    });
+    it("lockFilePath is home/state/.lock", () => {
+        process.env["REPO_AEGIS_HOME"] = "/tmp/x";
+        assert.equal(lockFilePath(), "/tmp/x/state/.lock");
+    });
+    it("isHomeOverridden reflects env var presence", () => {
+        assert.equal(isHomeOverridden(), false);
+        process.env["REPO_AEGIS_HOME"] = "/tmp/x";
+        assert.equal(isHomeOverridden(), true);
+    });
+});
+//# sourceMappingURL=paths.test.js.map

package/dist/paths.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"paths.test.js","sourceRoot":"","sources":["../src/paths.test.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,qDAAqD;AACrD,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAChE,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EACL,aAAa,EACb,YAAY,EACZ,UAAU,EACV,eAAe,EACf,SAAS,EACT,mBAAmB,EACnB,YAAY,EACZ,gBAAgB,GACjB,MAAM,YAAY,CAAC;AAEpB,IAAI,YAAgC,CAAC;AACrC,IAAI,gBAAoC,CAAC;AACzC,IAAI,kBAAsC,CAAC;AAE3C,UAAU,CAAC,GAAG,EAAE;IACd,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAC9C,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACtD,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IAC3D,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACtC,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC1C,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;AAC/C,CAAC,CAAC,CAAC;AAEH,SAAS,CAAC,GAAG,EAAE;IACb,IAAI,YAAY,KAAK,SAAS;QAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,YAAY,CAAC;;QACzE,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAC3C,IAAI,gBAAgB,KAAK,SAAS;QAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,GAAG,gBAAgB,CAAC;;QACrF,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IAC/C,IAAI,kBAAkB,KAAK,SAAS;QAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,GAAG,kBAAkB,CAAC;;QAC5F,OAAO,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;AACpD,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,OAAO,EAAE,GAAG,EAAE;IACrB,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,CAAC,GAAG,aAAa,EAAE,CAAC;QAC1B,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,uBAAuB,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,aAAa,CAAC;QAC/C,MAAM,CAAC,KAAK,CAAC,aAAa,EAAE,EAAE,aAAa,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,GAAG,2BAA2B,CAAC;QACjE,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,EAAE,2BAA2B,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,QAAQ,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,EAAE,yBAAyB,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,GAAG,qBAAqB,CAAC;QAC9D,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,qBAAqB,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,QAAQ,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,gBAAgB,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,QAAQ,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,eAAe,EAAE,EAAE,oBAAoB,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,QAAQ,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,cAAc,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,QAAQ,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,gCAAgC,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,QAAQ,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,YAAY,EAAE,EAAE,oBAAoB,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,KAAK,CAAC,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,QAAQ,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,IAAI,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/redaction.d.ts

@@ -0,0 +1,29 @@
+export type RedactionMode = "preview" | "hash" | "position-only";
+/**
+ * Redact a matched marker string for safe display.
+ *
+ * Default mode `preview` returns `<first-3-chars>***<length-N>` for matches
+ * of length >= 4, else `[redacted]`. The literal match value never appears
+ * in output that flows to AI agent context (PostToolUse hook output, error
+ * messages, JSON payloads), because the literal match in recent context is
+ * exactly the recency-pressure failure mode the tool exists to prevent.
+ *
+ * `hash` mode returns the first 8 hex chars of SHA-256 + length, useful
+ * when distinct hits should be distinguishable from each other but the
+ * value itself remains opaque.
+ *
+ * `position-only` returns the constant `[redacted]`.
+ */
+export declare function redactMatch(match: string, mode?: RedactionMode): string;
+/**
+ * Pass-through; explicit "this is the literal".
+ *
+ * Should ONLY be called when the user has explicitly opted in via the
+ * `--verbose` CLI flag. Hooks must never pass through this function.
+ *
+ * The previous `REPO_AEGIS_REVEAL_MATCHES` env-var was removed: env
+ * vars propagate to subprocess hooks unintentionally and could cause
+ * literal markers to flow into AI tool-result context.
+ */
+export declare function revealMatch(match: string): string;
+//# sourceMappingURL=redaction.d.ts.map

package/dist/redaction.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redaction.d.ts","sourceRoot":"","sources":["../src/redaction.ts"],"names":[],"mappings":"AAIA,MAAM,MAAM,aAAa,GAAG,SAAS,GAAG,MAAM,GAAG,eAAe,CAAC;AAEjE;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,GAAE,aAAyB,GAAG,MAAM,CAalF;AAED;;;;;;;;;GASG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEjD"}

package/dist/redaction.js

@@ -0,0 +1,48 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+// Copyright (C) 2026 Richard Myers and contributors.
+import { createHash } from "node:crypto";
+/**
+ * Redact a matched marker string for safe display.
+ *
+ * Default mode `preview` returns `<first-3-chars>***<length-N>` for matches
+ * of length >= 4, else `[redacted]`. The literal match value never appears
+ * in output that flows to AI agent context (PostToolUse hook output, error
+ * messages, JSON payloads), because the literal match in recent context is
+ * exactly the recency-pressure failure mode the tool exists to prevent.
+ *
+ * `hash` mode returns the first 8 hex chars of SHA-256 + length, useful
+ * when distinct hits should be distinguishable from each other but the
+ * value itself remains opaque.
+ *
+ * `position-only` returns the constant `[redacted]`.
+ */
+export function redactMatch(match, mode = "preview") {
+    // Use code-point iteration to avoid splitting surrogate pairs in the
+    // first 3 characters of multi-byte unicode markers.
+    const codePoints = Array.from(match);
+    if (mode === "position-only")
+        return "[redacted]";
+    if (mode === "hash") {
+        const h = createHash("sha256").update(match).digest("hex").slice(0, 8);
+        return `[hash:${h}:${codePoints.length}]`;
+    }
+    // preview
+    if (codePoints.length < 4)
+        return "[redacted]";
+    const head = codePoints.slice(0, 3).join("");
+    return `${head}***${codePoints.length}`;
+}
+/**
+ * Pass-through; explicit "this is the literal".
+ *
+ * Should ONLY be called when the user has explicitly opted in via the
+ * `--verbose` CLI flag. Hooks must never pass through this function.
+ *
+ * The previous `REPO_AEGIS_REVEAL_MATCHES` env-var was removed: env
+ * vars propagate to subprocess hooks unintentionally and could cause
+ * literal markers to flow into AI tool-result context.
+ */
+export function revealMatch(match) {
+    return match;
+}
+//# sourceMappingURL=redaction.js.map

package/dist/redaction.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redaction.js","sourceRoot":"","sources":["../src/redaction.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,qDAAqD;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAIzC;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,WAAW,CAAC,KAAa,EAAE,OAAsB,SAAS;IACxE,qEAAqE;IACrE,oDAAoD;IACpD,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrC,IAAI,IAAI,KAAK,eAAe;QAAE,OAAO,YAAY,CAAC;IAClD,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QACpB,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACvE,OAAO,SAAS,CAAC,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;IAC5C,CAAC;IACD,UAAU;IACV,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,YAAY,CAAC;IAC/C,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7C,OAAO,GAAG,IAAI,MAAM,UAAU,CAAC,MAAM,EAAE,CAAC;AAC1C,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/redaction.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=redaction.test.d.ts.map

package/dist/redaction.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redaction.test.d.ts","sourceRoot":"","sources":["../src/redaction.test.ts"],"names":[],"mappings":""}

package/dist/redaction.test.js

@@ -0,0 +1,67 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+// Copyright (C) 2026 Richard Myers and contributors.
+import { describe, it } from "node:test";
+import assert from "node:assert/strict";
+import { redactMatch, revealMatch } from "./redaction.js";
+describe("redactMatch", () => {
+    it("preview mode: shows first 3 chars + length for long strings", () => {
+        assert.equal(redactMatch("acme-corp", "preview"), "acm***9");
+        assert.equal(redactMatch("betaco", "preview"), "bet***6");
+    });
+    it("preview mode: redacts short strings entirely", () => {
+        assert.equal(redactMatch("abc", "preview"), "[redacted]");
+        assert.equal(redactMatch("ab", "preview"), "[redacted]");
+        assert.equal(redactMatch("", "preview"), "[redacted]");
+    });
+    it("preview mode is the default", () => {
+        assert.equal(redactMatch("acme-corp"), "acm***9");
+    });
+    it("hash mode: returns hex hash + length, deterministic", () => {
+        const a = redactMatch("acme-corp", "hash");
+        const b = redactMatch("acme-corp", "hash");
+        assert.equal(a, b);
+        assert.match(a, /^\[hash:[a-f0-9]{8}:9\]$/);
+    });
+    it("hash mode: distinct inputs produce distinct outputs", () => {
+        assert.notEqual(redactMatch("acme-corp", "hash"), redactMatch("betaco", "hash"));
+    });
+    it("position-only mode: always [redacted]", () => {
+        assert.equal(redactMatch("acme-corp", "position-only"), "[redacted]");
+        assert.equal(redactMatch("anything", "position-only"), "[redacted]");
+    });
+    it("never includes the literal in any redaction mode", () => {
+        const literal = "veryspecificcustomername";
+        const modes = ["preview", "hash", "position-only"];
+        for (const m of modes) {
+            const out = redactMatch(literal, m);
+            assert.ok(!out.includes(literal), `mode ${m} leaked literal`);
+        }
+    });
+    it("handles unicode without crashing", () => {
+        assert.ok(redactMatch("éâô-corp", "preview").length > 0);
+        assert.ok(redactMatch("中文corp", "hash").length > 0);
+    });
+    it("preview mode does not split surrogate pairs", () => {
+        // 🔒 is U+1F512, a surrogate pair in UTF-16. .slice(0,3) on the raw
+        // string would split the surrogate; code-point iteration must not.
+        const s = "🔒🔑🔓abcd";
+        const out = redactMatch(s, "preview");
+        // Length is 7 code points; preview returns the first 3 code points + ***N
+        assert.match(out, /^🔒🔑🔓\*\*\*7$/);
+    });
+    it("preview mode counts length in code points, not UTF-16 units", () => {
+        const s = "🔒🔑🔓"; // 3 code points, 6 UTF-16 units
+        assert.equal(redactMatch(s, "preview"), "[redacted]"); // length 3 < 4
+    });
+});
+describe("revealMatch", () => {
+    it("returns the literal", () => {
+        assert.equal(revealMatch("acme-corp"), "acme-corp");
+    });
+    it("is the only function that returns the literal", () => {
+        // Documentary test: enforces by convention that revealMatch is the
+        // single point of literal exposure in the redaction module.
+        assert.equal(typeof revealMatch, "function");
+    });
+});
+//# sourceMappingURL=redaction.test.js.map

package/dist/redaction.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"redaction.test.js","sourceRoot":"","sources":["../src/redaction.test.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,qDAAqD;AACrD,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE1D,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,EAAE,SAAS,CAAC,EAAE,SAAS,CAAC,CAAC;QAC7D,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,QAAQ,EAAE,SAAS,CAAC,EAAE,SAAS,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,EAAE,SAAS,CAAC,EAAE,YAAY,CAAC,CAAC;QAC1D,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,SAAS,CAAC,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,CAAC,EAAE,YAAY,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;QACrC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,CAAC,GAAG,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,GAAG,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACnB,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,0BAA0B,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,CAAC,QAAQ,CACb,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,EAChC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAC9B,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,EAAE,eAAe,CAAC,EAAE,YAAY,CAAC,CAAC;QACtE,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,UAAU,EAAE,eAAe,CAAC,EAAE,YAAY,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;QAC1D,MAAM,OAAO,GAAG,0BAA0B,CAAC;QAC3C,MAAM,KAAK,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,eAAe,CAAU,CAAC;QAC5D,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;YACtB,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACpC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QAChE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,MAAM,CAAC,EAAE,CAAC,WAAW,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACzD,MAAM,CAAC,EAAE,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,oEAAoE;QACpE,mEAAmE;QACnE,MAAM,CAAC,GAAG,YAAY,CAAC;QACvB,MAAM,GAAG,GAAG,WAAW,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QACtC,0EAA0E;QAC1E,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,gCAAgC;QACpD,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,eAAe;IACxE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,EAAE,CAAC,qBAAqB,EAAE,GAAG,EAAE;QAC7B,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,WAAW,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,mEAAmE;QACnE,4DAA4D;QAC5D,MAAM,CAAC,KAAK,CAAC,OAAO,WAAW,EAAE,UAAU,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/regex-safety.d.ts

@@ -0,0 +1,87 @@
+export interface PatternValidationResult {
+    ok: boolean;
+    reason?: string;
+}
+export type RegexBackend = "re2" | "in-process" | "subprocess";
+/**
+ * Test-only override. Forces {@link getRegexBackend} and
+ * {@link validatePattern} to use a specific backend regardless of which
+ * backends are installed. Pass `null` to clear. Production callers must
+ * not use this.
+ *
+ * @internal
+ */
+export declare function setRegexBackendForTesting(backend: RegexBackend | null): void;
+/**
+ * Report which regex backend repo-aegis is using for *additional*
+ * pattern-safety validation:
+ *
+ * - `"re2"`: the optional `re2` dependency is installed. Patterns that
+ *   compile cleanly in re2 are provably safe from catastrophic
+ *   backtracking (re2's hybrid NFA/DFA evaluator is linear-time by
+ *   construction). For patterns that re2 can't parse (lookahead /
+ *   look-behind / backreferences are unsupported in re2), validation
+ *   falls back to the `"in-process"` time-budget heuristic.
+ * - `"in-process"`: re2 is unavailable; the in-process timer fires
+ *   after the test completes (best-effort, may exceed budget).
+ *   {@link validatePatterns} `{ strict: true }` upgrades to
+ *   `"subprocess"` for the duration of that call.
+ * - `"subprocess"`: only returned by {@link getRegexBackend} when set
+ *   via {@link setRegexBackendForTesting}; otherwise an internal
+ *   detail of {@link validatePatterns}.
+ *
+ * Note: re2 affects *validation*, not the scanner's regex engine. The
+ * scanner still uses Node's native RegExp because the marker patterns
+ * may legitimately use lookahead constructs that re2 doesn't support.
+ */
+export declare function getRegexBackend(): RegexBackend;
+/**
+ * Validate a single regex pattern for use as a marker.
+ *
+ * Checks:
+ * 1. Compiles as a JavaScript RegExp without throwing.
+ * 2. Length <= 2048 chars.
+ * 3. Backtracking-bound test against `'a'.repeat(1000)` completes within 100ms.
+ *    Catastrophic-backtracking patterns (e.g., `(a+)+$`) hang here and are
+ *    rejected as ReDoS-suspected.
+ *
+ * Run at `render` time; bad patterns must not reach the hot path of `check`.
+ *
+ * @internal Prefer {@link validatePatterns} (which can run strict,
+ * subprocess-backed validation that is preemptable on catastrophic
+ * backtracking). This single-pattern, in-process helper is exposed for
+ * intra-repo callers that already pre-validate adversary-trust boundaries
+ * but is not part of the supported public API.
+ */
+export declare function validatePattern(pattern: string): PatternValidationResult;
+export interface ValidatePatternsOptions {
+    /**
+     * If true, run the backtracking-bound test in a subprocess that can be
+     * preemptively killed on timeout. Catches catastrophic-backtracking
+     * patterns that the in-process timer can only detect after-the-fact.
+     * Adds ~50-200ms of process-spawn overhead for the whole batch.
+     * Default: false (use the in-process timer).
+     */
+    strict?: boolean;
+}
+/**
+ * Validate a list of patterns. Returns split valid/invalid.
+ *
+ * With `strict: true`, runs the backtracking-bound check in a subprocess
+ * that can be preemptively killed if any pattern hangs the regex engine.
+ * Recommended for `render` and other one-time-cost paths; not for the
+ * per-scan hot path.
+ */
+export declare function validatePatterns(patterns: string[], opts?: ValidatePatternsOptions): {
+    valid: string[];
+    invalid: {
+        pattern: string;
+        reason: string;
+    }[];
+};
+/**
+ * Validate that a combined alternation regex is within the size cap.
+ * Used by render and the deny-set computation as a safety net.
+ */
+export declare function validateCombinedSize(combined: string): PatternValidationResult;
+//# sourceMappingURL=regex-safety.d.ts.map

package/dist/regex-safety.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"regex-safety.d.ts","sourceRoot":"","sources":["../src/regex-safety.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,uBAAuB;IACtC,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,MAAM,YAAY,GAAG,KAAK,GAAG,YAAY,GAAG,YAAY,CAAC;AA+B/D;;;;;;;GAOG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,YAAY,GAAG,IAAI,GAAG,IAAI,CAE5E;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,eAAe,IAAI,YAAY,CAG9C;AAQD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,uBAAuB,CA2CxE;AAED,MAAM,WAAW,uBAAuB;IACtC;;;;;;OAMG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAC9B,QAAQ,EAAE,MAAM,EAAE,EAClB,IAAI,GAAE,uBAA4B,GACjC;IAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IAAC,OAAO,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,EAAE,CAAA;CAAE,CAYrE;AA+GD;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,uBAAuB,CAQ9E"}