@de-otio/repo-aegis-core 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (191) hide show
  1. package/dist/age.d.ts +32 -0
  2. package/dist/age.d.ts.map +1 -0
  3. package/dist/age.js +98 -0
  4. package/dist/age.js.map +1 -0
  5. package/dist/audit-log.d.ts +50 -0
  6. package/dist/audit-log.d.ts.map +1 -0
  7. package/dist/audit-log.js +183 -0
  8. package/dist/audit-log.js.map +1 -0
  9. package/dist/audit-log.test.d.ts +2 -0
  10. package/dist/audit-log.test.d.ts.map +1 -0
  11. package/dist/audit-log.test.js +181 -0
  12. package/dist/audit-log.test.js.map +1 -0
  13. package/dist/deny-set.d.ts +43 -0
  14. package/dist/deny-set.d.ts.map +1 -0
  15. package/dist/deny-set.js +165 -0
  16. package/dist/deny-set.js.map +1 -0
  17. package/dist/deny-set.test.d.ts +2 -0
  18. package/dist/deny-set.test.d.ts.map +1 -0
  19. package/dist/deny-set.test.js +155 -0
  20. package/dist/deny-set.test.js.map +1 -0
  21. package/dist/exceptions.d.ts +96 -0
  22. package/dist/exceptions.d.ts.map +1 -0
  23. package/dist/exceptions.js +143 -0
  24. package/dist/exceptions.js.map +1 -0
  25. package/dist/exit-codes.d.ts +4 -0
  26. package/dist/exit-codes.d.ts.map +1 -0
  27. package/dist/exit-codes.js +6 -0
  28. package/dist/exit-codes.js.map +1 -0
  29. package/dist/first-touch.d.ts +57 -0
  30. package/dist/first-touch.d.ts.map +1 -0
  31. package/dist/first-touch.js +112 -0
  32. package/dist/first-touch.js.map +1 -0
  33. package/dist/import-graph.test.d.ts +2 -0
  34. package/dist/import-graph.test.d.ts.map +1 -0
  35. package/dist/import-graph.test.js +210 -0
  36. package/dist/import-graph.test.js.map +1 -0
  37. package/dist/index.d.ts +37 -0
  38. package/dist/index.d.ts.map +1 -0
  39. package/dist/index.js +68 -0
  40. package/dist/index.js.map +1 -0
  41. package/dist/lock.d.ts +22 -0
  42. package/dist/lock.d.ts.map +1 -0
  43. package/dist/lock.js +86 -0
  44. package/dist/lock.js.map +1 -0
  45. package/dist/lock.test.d.ts +2 -0
  46. package/dist/lock.test.d.ts.map +1 -0
  47. package/dist/lock.test.js +125 -0
  48. package/dist/lock.test.js.map +1 -0
  49. package/dist/paths.d.ts +22 -0
  50. package/dist/paths.d.ts.map +1 -0
  51. package/dist/paths.js +46 -0
  52. package/dist/paths.js.map +1 -0
  53. package/dist/paths.test.d.ts +2 -0
  54. package/dist/paths.test.d.ts.map +1 -0
  55. package/dist/paths.test.js +78 -0
  56. package/dist/paths.test.js.map +1 -0
  57. package/dist/redaction.d.ts +29 -0
  58. package/dist/redaction.d.ts.map +1 -0
  59. package/dist/redaction.js +48 -0
  60. package/dist/redaction.js.map +1 -0
  61. package/dist/redaction.test.d.ts +2 -0
  62. package/dist/redaction.test.d.ts.map +1 -0
  63. package/dist/redaction.test.js +67 -0
  64. package/dist/redaction.test.js.map +1 -0
  65. package/dist/regex-safety.d.ts +87 -0
  66. package/dist/regex-safety.d.ts.map +1 -0
  67. package/dist/regex-safety.js +322 -0
  68. package/dist/regex-safety.js.map +1 -0
  69. package/dist/regex-safety.test.d.ts +2 -0
  70. package/dist/regex-safety.test.d.ts.map +1 -0
  71. package/dist/regex-safety.test.js +149 -0
  72. package/dist/regex-safety.test.js.map +1 -0
  73. package/dist/registry-mutate.d.ts +35 -0
  74. package/dist/registry-mutate.d.ts.map +1 -0
  75. package/dist/registry-mutate.js +149 -0
  76. package/dist/registry-mutate.js.map +1 -0
  77. package/dist/registry-mutate.test.d.ts +2 -0
  78. package/dist/registry-mutate.test.d.ts.map +1 -0
  79. package/dist/registry-mutate.test.js +96 -0
  80. package/dist/registry-mutate.test.js.map +1 -0
  81. package/dist/registry.d.ts +64 -0
  82. package/dist/registry.d.ts.map +1 -0
  83. package/dist/registry.js +120 -0
  84. package/dist/registry.js.map +1 -0
  85. package/dist/registry.test.d.ts +2 -0
  86. package/dist/registry.test.d.ts.map +1 -0
  87. package/dist/registry.test.js +316 -0
  88. package/dist/registry.test.js.map +1 -0
  89. package/dist/remote-url.d.ts +18 -0
  90. package/dist/remote-url.d.ts.map +1 -0
  91. package/dist/remote-url.js +66 -0
  92. package/dist/remote-url.js.map +1 -0
  93. package/dist/remote-url.test.d.ts +2 -0
  94. package/dist/remote-url.test.d.ts.map +1 -0
  95. package/dist/remote-url.test.js +116 -0
  96. package/dist/remote-url.test.js.map +1 -0
  97. package/dist/render.d.ts +54 -0
  98. package/dist/render.d.ts.map +1 -0
  99. package/dist/render.js +182 -0
  100. package/dist/render.js.map +1 -0
  101. package/dist/render.test.d.ts +2 -0
  102. package/dist/render.test.d.ts.map +1 -0
  103. package/dist/render.test.js +152 -0
  104. package/dist/render.test.js.map +1 -0
  105. package/dist/repo.d.ts +40 -0
  106. package/dist/repo.d.ts.map +1 -0
  107. package/dist/repo.js +214 -0
  108. package/dist/repo.js.map +1 -0
  109. package/dist/repo.test.d.ts +2 -0
  110. package/dist/repo.test.d.ts.map +1 -0
  111. package/dist/repo.test.js +234 -0
  112. package/dist/repo.test.js.map +1 -0
  113. package/dist/scan.d.ts +103 -0
  114. package/dist/scan.d.ts.map +1 -0
  115. package/dist/scan.js +436 -0
  116. package/dist/scan.js.map +1 -0
  117. package/dist/scan.test.d.ts +2 -0
  118. package/dist/scan.test.d.ts.map +1 -0
  119. package/dist/scan.test.js +437 -0
  120. package/dist/scan.test.js.map +1 -0
  121. package/dist/schemas.d.ts +50 -0
  122. package/dist/schemas.d.ts.map +1 -0
  123. package/dist/schemas.js +190 -0
  124. package/dist/schemas.js.map +1 -0
  125. package/dist/secret-markers.d.ts +34 -0
  126. package/dist/secret-markers.d.ts.map +1 -0
  127. package/dist/secret-markers.js +118 -0
  128. package/dist/secret-markers.js.map +1 -0
  129. package/dist/secret-markers.test.d.ts +2 -0
  130. package/dist/secret-markers.test.d.ts.map +1 -0
  131. package/dist/secret-markers.test.js +154 -0
  132. package/dist/secret-markers.test.js.map +1 -0
  133. package/dist/trust-boundary.d.ts +33 -0
  134. package/dist/trust-boundary.d.ts.map +1 -0
  135. package/dist/trust-boundary.js +77 -0
  136. package/dist/trust-boundary.js.map +1 -0
  137. package/dist/trust-boundary.test.d.ts +2 -0
  138. package/dist/trust-boundary.test.d.ts.map +1 -0
  139. package/dist/trust-boundary.test.js +170 -0
  140. package/dist/trust-boundary.test.js.map +1 -0
  141. package/dist/types.d.ts +47 -0
  142. package/dist/types.d.ts.map +1 -0
  143. package/dist/types.js +8 -0
  144. package/dist/types.js.map +1 -0
  145. package/dist/working-tree.d.ts +38 -0
  146. package/dist/working-tree.d.ts.map +1 -0
  147. package/dist/working-tree.js +133 -0
  148. package/dist/working-tree.js.map +1 -0
  149. package/dist/working-tree.test.d.ts +2 -0
  150. package/dist/working-tree.test.d.ts.map +1 -0
  151. package/dist/working-tree.test.js +162 -0
  152. package/dist/working-tree.test.js.map +1 -0
  153. package/package.json +40 -0
  154. package/src/age.ts +113 -0
  155. package/src/audit-log.test.ts +222 -0
  156. package/src/audit-log.ts +215 -0
  157. package/src/deny-set.test.ts +208 -0
  158. package/src/deny-set.ts +231 -0
  159. package/src/exceptions.ts +134 -0
  160. package/src/exit-codes.ts +5 -0
  161. package/src/first-touch.ts +172 -0
  162. package/src/import-graph.test.ts +239 -0
  163. package/src/index.ts +191 -0
  164. package/src/lock.test.ts +151 -0
  165. package/src/lock.ts +88 -0
  166. package/src/paths.test.ts +94 -0
  167. package/src/paths.ts +55 -0
  168. package/src/redaction.test.ts +81 -0
  169. package/src/redaction.ts +49 -0
  170. package/src/regex-safety.test.ts +194 -0
  171. package/src/regex-safety.ts +349 -0
  172. package/src/registry-mutate.test.ts +134 -0
  173. package/src/registry-mutate.ts +185 -0
  174. package/src/registry.test.ts +460 -0
  175. package/src/registry.ts +178 -0
  176. package/src/remote-url.test.ts +121 -0
  177. package/src/remote-url.ts +78 -0
  178. package/src/render.test.ts +206 -0
  179. package/src/render.ts +215 -0
  180. package/src/repo.test.ts +275 -0
  181. package/src/repo.ts +245 -0
  182. package/src/scan.test.ts +580 -0
  183. package/src/scan.ts +531 -0
  184. package/src/schemas.ts +207 -0
  185. package/src/secret-markers.test.ts +183 -0
  186. package/src/secret-markers.ts +145 -0
  187. package/src/trust-boundary.test.ts +198 -0
  188. package/src/trust-boundary.ts +98 -0
  189. package/src/types.ts +55 -0
  190. package/src/working-tree.test.ts +193 -0
  191. package/src/working-tree.ts +130 -0
package/dist/repo.test.js ADDED
@@ -0,0 +1,234 @@
1
+ // SPDX-License-Identifier: GPL-3.0-or-later
2
+ // Copyright (C) 2026 Richard Myers and contributors.
3
+ import { describe, it, before, after } from "node:test";
4
+ import assert from "node:assert/strict";
5
+ import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
6
+ import { tmpdir } from "node:os";
7
+ import { join } from "node:path";
8
+ import { execFileSync } from "node:child_process";
9
+ import { readRepoConfig, addEngagement, addEngagements, removeEngagement, setClass, unsetClass, REPO_CLASSES, } from "./repo.js";
10
+ import { NotAGitRepoError } from "./exceptions.js";
11
+ // Each describe block owns its own tmp/gitDir/nonGitDir to avoid cross-block
12
+ // state leakage when a test fails mid-cleanup. Previously a single file-level
13
+ // `before` allocated one tmp directory shared across every describe; a
14
+ // failure inside any `it` could leave git config in a state that broke later
15
+ // blocks. Per-describe fresh dirs make each block hermetic.
16
+ function mkGitDir(parent, name) {
17
+ const dir = join(parent, name);
18
+ execFileSync("mkdir", ["-p", dir]);
19
+ execFileSync("git", ["init", "-q", "-b", "main"], { cwd: dir });
20
+ execFileSync("git", ["config", "user.email", "test@example.com"], { cwd: dir });
21
+ execFileSync("git", ["config", "user.name", "test"], { cwd: dir });
22
+ return dir;
23
+ }
24
+ describe("readRepoConfig", () => {
25
+ let tmp;
26
+ let nonGitDir;
27
+ let gitDir;
28
+ before(() => {
29
+ tmp = mkdtempSync(join(tmpdir(), "repo-aegis-repo-rrc-"));
30
+ nonGitDir = join(tmp, "non-git");
31
+ execFileSync("mkdir", ["-p", nonGitDir]);
32
+ gitDir = mkGitDir(tmp, "git");
33
+ });
34
+ after(() => {
35
+ rmSync(tmp, { recursive: true, force: true });
36
+ });
37
+ it("returns isGitRepo=false outside a git repo", () => {
38
+ const cfg = readRepoConfig(nonGitDir);
39
+ assert.equal(cfg.isGitRepo, false);
40
+ assert.equal(cfg.class, "private-strict");
41
+ assert.equal(cfg.engagements.length, 0);
42
+ });
43
+ it("returns isGitRepo=true with default class inside a git repo without config", () => {
44
+ const cfg = readRepoConfig(gitDir);
45
+ assert.equal(cfg.isGitRepo, true);
46
+ assert.equal(cfg.class, "private-strict");
47
+ assert.equal(cfg.classExplicit, false);
48
+ });
49
+ it("reads class when set", () => {
50
+ setClass("public-eligible", gitDir);
51
+ const cfg = readRepoConfig(gitDir);
52
+ assert.equal(cfg.class, "public-eligible");
53
+ assert.equal(cfg.classExplicit, true);
54
+ unsetClass(gitDir);
55
+ });
56
+ it("falls back to private-strict when class value is invalid", () => {
57
+ execFileSync("git", ["config", "repo-aegis.class", "bogus"], { cwd: gitDir });
58
+ const cfg = readRepoConfig(gitDir);
59
+ assert.equal(cfg.class, "private-strict");
60
+ unsetClass(gitDir);
61
+ });
62
+ });
63
+ describe("addEngagement / removeEngagement", () => {
64
+ let tmp;
65
+ let nonGitDir;
66
+ let gitDir;
67
+ before(() => {
68
+ tmp = mkdtempSync(join(tmpdir(), "repo-aegis-repo-eng-"));
69
+ nonGitDir = join(tmp, "non-git");
70
+ execFileSync("mkdir", ["-p", nonGitDir]);
71
+ gitDir = mkGitDir(tmp, "git");
72
+ });
73
+ after(() => {
74
+ rmSync(tmp, { recursive: true, force: true });
75
+ });
76
+ it("adds and removes an engagement idempotently", () => {
77
+ const r1 = addEngagement("customer-a", gitDir);
78
+ assert.equal(r1, true);
79
+ const r2 = addEngagement("customer-a", gitDir);
80
+ assert.equal(r2, false); // already present
81
+ const cfg = readRepoConfig(gitDir);
82
+ assert.ok(cfg.engagements.includes("customer-a"));
83
+ const removed = removeEngagement("customer-a", gitDir);
84
+ assert.equal(removed, true);
85
+ const cfg2 = readRepoConfig(gitDir);
86
+ assert.ok(!cfg2.engagements.includes("customer-a"));
87
+ });
88
+ it("removeEngagement returns false when not present", () => {
89
+ const r = removeEngagement("never-was-set", gitDir);
90
+ assert.equal(r, false);
91
+ });
92
+ it("supports multiple engagements (multi-value config)", () => {
93
+ addEngagement("customer-a", gitDir);
94
+ addEngagement("customer-b", gitDir);
95
+ const cfg = readRepoConfig(gitDir);
96
+ assert.deepEqual([...cfg.engagements].sort(), ["customer-a", "customer-b"]);
97
+ removeEngagement("customer-a", gitDir);
98
+ removeEngagement("customer-b", gitDir);
99
+ });
100
+ it("addEngagements multi-add returns only newly-added ids", () => {
101
+ addEngagement("customer-a", gitDir);
102
+ const added = addEngagements(["customer-a", "customer-b", "customer-c"], gitDir);
103
+ assert.deepEqual(added.sort(), ["customer-b", "customer-c"]);
104
+ removeEngagement("customer-a", gitDir);
105
+ removeEngagement("customer-b", gitDir);
106
+ removeEngagement("customer-c", gitDir);
107
+ });
108
+ it("escapes regex-special characters in engagement id when removing", () => {
109
+ // ids shouldn't typically have special chars, but verify the escape works
110
+ addEngagement("customer.a", gitDir);
111
+ addEngagement("customer-a", gitDir);
112
+ removeEngagement("customer.a", gitDir);
113
+ const cfg = readRepoConfig(gitDir);
114
+ // customer-a should still be present; only customer.a removed
115
+ assert.ok(cfg.engagements.includes("customer-a"));
116
+ assert.ok(!cfg.engagements.includes("customer.a"));
117
+ removeEngagement("customer-a", gitDir);
118
+ });
119
+ it("throws NotAGitRepoError outside a git repo", () => {
120
+ assert.throws(() => addEngagement("x", nonGitDir), NotAGitRepoError);
121
+ assert.throws(() => removeEngagement("x", nonGitDir), NotAGitRepoError);
122
+ });
123
+ });
124
+ describe("setClass / unsetClass", () => {
125
+ let tmp;
126
+ let nonGitDir;
127
+ let gitDir;
128
+ before(() => {
129
+ tmp = mkdtempSync(join(tmpdir(), "repo-aegis-repo-cls-"));
130
+ nonGitDir = join(tmp, "non-git");
131
+ execFileSync("mkdir", ["-p", nonGitDir]);
132
+ gitDir = mkGitDir(tmp, "git");
133
+ });
134
+ after(() => {
135
+ rmSync(tmp, { recursive: true, force: true });
136
+ });
137
+ it("each REPO_CLASSES value can round-trip", () => {
138
+ for (const cls of REPO_CLASSES) {
139
+ setClass(cls, gitDir);
140
+ const cfg = readRepoConfig(gitDir);
141
+ assert.equal(cfg.class, cls);
142
+ }
143
+ unsetClass(gitDir);
144
+ });
145
+ it("unsetClass on already-unset config does not throw", () => {
146
+ unsetClass(gitDir);
147
+ unsetClass(gitDir);
148
+ const cfg = readRepoConfig(gitDir);
149
+ assert.equal(cfg.classExplicit, false);
150
+ });
151
+ it("setClass throws NotAGitRepoError outside a git repo", () => {
152
+ assert.throws(() => setClass("public-eligible", nonGitDir), NotAGitRepoError);
153
+ });
154
+ });
155
+ describe(".repo-aegis.yml overrides", () => {
156
+ let tmp;
157
+ let overrideRepo;
158
+ const yamlPath = (dir) => join(dir, ".repo-aegis.yml");
159
+ const writeOverride = (dir, body) => {
160
+ writeFileSync(yamlPath(dir), body);
161
+ };
162
+ before(() => {
163
+ tmp = mkdtempSync(join(tmpdir(), "repo-aegis-repo-yml-"));
164
+ overrideRepo = mkGitDir(tmp, "override-repo");
165
+ });
166
+ after(() => {
167
+ rmSync(tmp, { recursive: true, force: true });
168
+ });
169
+ it("yml provides class when git config does not", () => {
170
+ writeOverride(overrideRepo, "class: customer-coupled\nengagements: [from-yml]\n");
171
+ const cfg = readRepoConfig(overrideRepo);
172
+ assert.equal(cfg.class, "customer-coupled");
173
+ assert.equal(cfg.classExplicit, true);
174
+ assert.equal(cfg.classFromOverride, true);
175
+ assert.deepEqual(cfg.engagements, ["from-yml"]);
176
+ assert.equal(cfg.engagementsFromOverride, true);
177
+ rmSync(yamlPath(overrideRepo));
178
+ unsetClass(overrideRepo);
179
+ });
180
+ it("git config wins over yml when both set", () => {
181
+ execFileSync("git", ["config", "repo-aegis.class", "private-strict"], {
182
+ cwd: overrideRepo,
183
+ });
184
+ execFileSync("git", ["config", "--add", "repo-aegis.engagement", "from-config"], {
185
+ cwd: overrideRepo,
186
+ });
187
+ writeOverride(overrideRepo, "class: customer-coupled\nengagements: [from-yml]\n");
188
+ const cfg = readRepoConfig(overrideRepo);
189
+ assert.equal(cfg.class, "private-strict", "git config class wins");
190
+ assert.equal(cfg.classFromOverride, undefined);
191
+ assert.deepEqual(cfg.engagements, ["from-config"]);
192
+ assert.equal(cfg.engagementsFromOverride, undefined);
193
+ execFileSync("git", ["config", "--unset-all", "repo-aegis.class"], { cwd: overrideRepo });
194
+ execFileSync("git", ["config", "--unset-all", "repo-aegis.engagement"], { cwd: overrideRepo });
195
+ rmSync(yamlPath(overrideRepo));
196
+ });
197
+ it("invalid class in yml throws RepoOverrideError", async () => {
198
+ const { RepoOverrideError } = await import("./repo.js");
199
+ writeOverride(overrideRepo, "class: not-a-real-class\n");
200
+ assert.throws(() => readRepoConfig(overrideRepo), RepoOverrideError);
201
+ rmSync(yamlPath(overrideRepo));
202
+ });
203
+ it("non-array engagements throws RepoOverrideError", async () => {
204
+ const { RepoOverrideError } = await import("./repo.js");
205
+ writeOverride(overrideRepo, "engagements: customer-a\n");
206
+ assert.throws(() => readRepoConfig(overrideRepo), RepoOverrideError);
207
+ rmSync(yamlPath(overrideRepo));
208
+ });
209
+ it("malformed YAML throws RepoOverrideError", async () => {
210
+ const { RepoOverrideError } = await import("./repo.js");
211
+ writeOverride(overrideRepo, "class: customer-coupled\n unindented: bad\n");
212
+ assert.throws(() => readRepoConfig(overrideRepo), RepoOverrideError);
213
+ rmSync(yamlPath(overrideRepo));
214
+ });
215
+ it("yml is found via git toplevel even from a subdirectory", () => {
216
+ const sub = join(overrideRepo, "src", "deep");
217
+ execFileSync("mkdir", ["-p", sub]);
218
+ writeOverride(overrideRepo, "class: scratch\n");
219
+ const cfg = readRepoConfig(sub);
220
+ assert.equal(cfg.class, "scratch");
221
+ assert.equal(cfg.classFromOverride, true);
222
+ rmSync(yamlPath(overrideRepo));
223
+ });
224
+ it("works in non-git dirs (yml at cwd)", () => {
225
+ const dir = join(tmp, "non-git-with-yml");
226
+ execFileSync("mkdir", ["-p", dir]);
227
+ writeOverride(dir, "class: scratch\n");
228
+ const cfg = readRepoConfig(dir);
229
+ assert.equal(cfg.isGitRepo, false);
230
+ assert.equal(cfg.class, "scratch");
231
+ assert.equal(cfg.classFromOverride, true);
232
+ });
233
+ });
234
+ //# sourceMappingURL=repo.test.js.map
package/dist/repo.test.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"repo.test.js","sourceRoot":"","sources":["../src/repo.test.ts"],"names":[],"mappings":"AAAA,4CAA4C;AAC5C,qDAAqD;AACrD,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC;AACxD,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EACL,cAAc,EACd,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,QAAQ,EACR,UAAU,EACV,YAAY,GACb,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAEnD,6EAA6E;AAC7E,8EAA8E;AAC9E,uEAAuE;AACvE,6EAA6E;AAC7E,4DAA4D;AAE5D,SAAS,QAAQ,CAAC,MAAc,EAAE,IAAY;IAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC/B,YAAY,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;IACnC,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IAChE,YAAY,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,kBAAkB,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IAChF,YAAY,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,WAAW,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;IACnE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,IAAI,GAAW,CAAC;IAChB,IAAI,SAAiB,CAAC;IACtB,IAAI,MAAc,CAAC;IAEnB,MAAM,CAAC,GAAG,EAAE;QACV,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC,CAAC;QAC1D,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACjC,YAAY,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QACzC,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,EAAE;QACT,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,GAAG,GAAG,cAAc,CAAC,SAAS,CAAC,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4EAA4E,EAAE,GAAG,EAAE;QACpF,MAAM,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;QAC9B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC,CAAC;QACpC,MAAM,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,iBAAiB,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;QACtC,UAAU,CAAC,MAAM,CAAC,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;QAClE,YAAY,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,kBAAkB,EAAE,OAAO,CAAC,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC;QAC9E,MAAM,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;QAC1C,UAAU,CAAC,MAAM,CAAC,CAAC;IACrB,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,kCAAkC,EAAE,GAAG,EAAE;IAChD,IAAI,GAAW,CAAC;IAChB,IAAI,SAAiB,CAAC;IACtB,IAAI,MAAc,CAAC;IAEnB,MAAM,CAAC,GAAG,EAAE;QACV,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC,CAAC;QAC1D,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACjC,YAAY,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QACzC,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,EAAE;QACT,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,EAAE,GAAG,aAAa,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QAC/C,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QACvB,MAAM,EAAE,GAAG,aAAa,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QAC/C,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC,kBAAkB;QAC3C,MAAM,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;QAClD,MAAM,OAAO,GAAG,gBAAgB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACvD,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAC5B,MAAM,IAAI,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACpC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,CAAC,GAAG,gBAAgB,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QACpD,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,aAAa,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACpC,aAAa,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACpC,MAAM,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,GAAG,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC,CAAC;QAC5E,gBAAgB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACvC,gBAAgB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC/D,aAAa,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACpC,MAAM,KAAK,GAAG,cAAc,CAAC,CAAC,YAAY,EAAE,YAAY,EAAE,YAAY,CAAC,EAAE,MAAM,CAAC,CAAC;QACjF,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC,CAAC;QAC7D,gBAAgB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACvC,gBAAgB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACvC,gBAAgB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,0EAA0E;QAC1E,aAAa,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACpC,aAAa,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACpC,gBAAgB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACvC,MAAM,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACnC,8DAA8D;QAC9D,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;QAClD,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;QACnD,gBAAgB,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,SAAS,CAAC,EAAE,gBAAgB,CAAC,CAAC;QACrE,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,gBAAgB,CAAC,GAAG,EAAE,SAAS,CAAC,EAAE,gBAAgB,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,IAAI,GAAW,CAAC;IAChB,IAAI,SAAiB,CAAC;IACtB,IAAI,MAAc,CAAC;IAEnB,MAAM,CAAC,GAAG,EAAE;QACV,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC,CAAC;QAC1D,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACjC,YAAY,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QACzC,MAAM,GAAG,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,EAAE;QACT,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;YAC/B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACtB,MAAM,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC/B,CAAC;QACD,UAAU,CAAC,MAAM,CAAC,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QAC3D,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,MAAM,GAAG,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,iBAAiB,EAAE,SAAS,CAAC,EAAE,gBAAgB,CAAC,CAAC;IAChF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;IACzC,IAAI,GAAW,CAAC;IAChB,IAAI,YAAoB,CAAC;IACzB,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAU,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IACvE,MAAM,aAAa,GAAG,CAAC,GAAW,EAAE,IAAY,EAAQ,EAAE;QACxD,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC;IAEF,MAAM,CAAC,GAAG,EAAE;QACV,GAAG,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC,CAAC;QAC1D,YAAY,GAAG,QAAQ,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,KAAK,CAAC,GAAG,EAAE;QACT,MAAM,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,aAAa,CAAC,YAAY,EAAE,oDAAoD,CAAC,CAAC;QAClF,MAAM,GAAG,GAAG,cAAc,CAAC,YAAY,CAAC,CAAC;QACzC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,kBAAkB,CAAC,CAAC;QAC5C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;QAC1C,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;QAChD,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,CAAC,CAAC;QAChD,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;QAC/B,UAAU,CAAC,YAAY,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,YAAY,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,kBAAkB,EAAE,gBAAgB,CAAC,EAAE;YACpE,GAAG,EAAE,YAAY;SAClB,CAAC,CAAC;QACH,YAAY,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,uBAAuB,EAAE,aAAa,CAAC,EAAE;YAC/E,GAAG,EAAE,YAAY;SAClB,CAAC,CAAC;QACH,aAAa,CAAC,YAAY,EAAE,oDAAoD,CAAC,CAAC;QAClF,MAAM,GAAG,GAAG,cAAc,CAAC,YAAY,CAAC,CAAC;QACzC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,gBAAgB,EAAE,uBAAuB,CAAC,CAAC;QACnE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;QAC/C,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC;QACnD,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,uBAAuB,EAAE,SAAS,CAAC,CAAC;QACrD,YAAY,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,aAAa,EAAE,kBAAkB,CAAC,EAAE,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAC;QAC1F,YAAY,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,aAAa,EAAE,uBAAuB,CAAC,EAAE,EAAE,GAAG,EAAE,YAAY,EAAE,CAAC,CAAC;QAC/F,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QACxD,aAAa,CAAC,YAAY,EAAE,2BAA2B,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,iBAAiB,CAAC,CAAC;QACrE,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QACxD,aAAa,CAAC,YAAY,EAAE,2BAA2B,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,iBAAiB,CAAC,CAAC;QACrE,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QACxD,aAAa,CAAC,YAAY,EAAE,8CAA8C,CAAC,CAAC;QAC5E,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,cAAc,CAAC,YAAY,CAAC,EAAE,iBAAiB,CAAC,CAAC;QACrE,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC9C,YAAY,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;QACnC,aAAa,CAAC,YAAY,EAAE,kBAAkB,CAAC,CAAC;QAChD,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;QAC1C,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;QAC1C,YAAY,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;QACnC,aAAa,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;QACvC,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,EAAE,IAAI,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
package/dist/scan.d.ts ADDED
@@ -0,0 +1,103 @@
1
+ import type { DenySet } from "./deny-set.js";
2
+ import type { RepoConfig } from "./repo.js";
3
+ import { type RedactionMode } from "./redaction.js";
4
+ export interface ScanHit {
5
+ path?: string;
6
+ line: number;
7
+ column: number;
8
+ matchPreview: string;
9
+ /**
10
+ * The marker file stem (engagement id, or `_always`) the matched pattern
11
+ * was loaded from. Filled in by scanText when the deny set carries
12
+ * `patternSources`. Optional for backward compatibility with deny sets
13
+ * that don't supply attribution (synthetic test fixtures, older callers).
14
+ */
15
+ engagement?: string;
16
+ }
17
+ export interface SkippedFile {
18
+ path: string;
19
+ reason: "binary" | "too-large" | "unreadable";
20
+ bytes?: number;
21
+ }
22
+ export interface ScanOptions {
23
+ revealMatches?: boolean;
24
+ redactionMode?: RedactionMode;
25
+ maxFileBytes?: number;
26
+ /** When true, treat lines containing `repo-aegis: allow` as suppressed. Default: true. */
27
+ respectAllowComments?: boolean;
28
+ }
29
+ /**
30
+ * A line is allowed-by-comment if it contains the literal token
31
+ * `repo-aegis: allow` (case-insensitive). Optional reason can follow,
32
+ * e.g. `// repo-aegis: allow — synthetic test fixture`. The token is
33
+ * intentionally explicit (not just `allow`) to avoid accidental
34
+ * suppression by unrelated comments.
35
+ */
36
+ export declare const ALLOW_COMMENT: RegExp;
37
+ /**
38
+ * Scan an arbitrary text body. The most general primitive; called by
39
+ * the more specific scanners after they've extracted text from their
40
+ * input (staged diff, file contents, commit range diff).
41
+ */
42
+ export declare function scanText(text: string, denySet: DenySet, path?: string, opts?: ScanOptions): ScanHit[];
43
+ /**
44
+ * Scan a single file from disk. Canonicalises the path via realpath to
45
+ * defeat symlink-tricks. Rejects paths outside the repo working tree
46
+ * (or current cwd if not in a git repo).
47
+ */
48
+ export declare function scanFile(path: string, denySet: DenySet, opts?: ScanOptions, workingTree?: string): {
49
+ hits: ScanHit[];
50
+ skipped: SkippedFile[];
51
+ };
52
+ /**
53
+ * Scan the staged diff in a git repo. Pre-commit hook entry point.
54
+ * Streams the diff through a temp file rather than buffering it whole
55
+ * — multi-GB pushes that previously OOM'd are now bounded by disk
56
+ * temp space and a small read buffer.
57
+ */
58
+ export declare function scanStagedDiff(repo: RepoConfig, denySet: DenySet, opts?: ScanOptions): {
59
+ hits: ScanHit[];
60
+ skipped: SkippedFile[];
61
+ };
62
+ /**
63
+ * Scan the diff over an arbitrary git range (e.g. `main..HEAD`,
64
+ * `<remote-sha>..<local-sha>`). Pre-push hook entry point.
65
+ *
66
+ * Only added-line content is scanned. The caller is responsible for
67
+ * passing a syntactically valid range; if `git diff` exits non-zero,
68
+ * the throw propagates. Streams the diff (see scanStagedDiff).
69
+ */
70
+ export declare function scanRange(repo: RepoConfig, denySet: DenySet, range: string, opts?: ScanOptions): {
71
+ hits: ScanHit[];
72
+ skipped: SkippedFile[];
73
+ };
74
+ export interface HistoryHit {
75
+ pattern: string;
76
+ commitSha: string;
77
+ commitSummary: string;
78
+ }
79
+ export interface ScanHistoryOptions extends ScanOptions {
80
+ /** Lower bound revspec; only commits reachable from the bound forward
81
+ * are scanned. e.g. "main", "v1.0.0", "HEAD~100". When omitted, scans
82
+ * the full history (the design's default). */
83
+ since?: string;
84
+ }
85
+ /**
86
+ * Scan the full git history with a single `git log -G <combined> -p`
87
+ * invocation, then attribute matches per-pattern by walking each
88
+ * commit's diff text. Returns one HistoryHit per (pattern, commit)
89
+ * match. Pass `--since` to bound the lower edge.
90
+ *
91
+ * Cost scales as O(history-size + patterns × hits). Patterns are
92
+ * combined via `|` into a single regex passed to `git log -G`, so we
93
+ * pay one git invocation regardless of pattern count. Per-pattern
94
+ * attribution happens in-process by re-testing each diff line against
95
+ * the individual patterns — cheap because git already filtered to
96
+ * commits where at least one pattern matched.
97
+ *
98
+ * The pattern field is redacted by default (preview mode) — same
99
+ * policy as scan hits. Pass `revealMatches: true` to opt into
100
+ * literals (NEVER from a hook).
101
+ */
102
+ export declare function scanHistory(repo: RepoConfig, denySet: DenySet, opts?: ScanHistoryOptions): HistoryHit[];
103
+ //# sourceMappingURL=scan.d.ts.map
package/dist/scan.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scan.d.ts","sourceRoot":"","sources":["../src/scan.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAA4B,KAAK,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAU9E,MAAM,WAAW,OAAO;IACtB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,QAAQ,GAAG,WAAW,GAAG,YAAY,CAAC;IAC9C,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,0FAA0F;IAC1F,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;;;GAMG;AACH,eAAO,MAAM,aAAa,QAA2B,CAAC;AAiCtD;;;;GAIG;AACH,wBAAgB,QAAQ,CACtB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,OAAO,EAChB,IAAI,CAAC,EAAE,MAAM,EACb,IAAI,GAAE,WAAgB,GACrB,OAAO,EAAE,CAsBX;AAED;;;;GAIG;AACH,wBAAgB,QAAQ,CACtB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,OAAO,EAChB,IAAI,GAAE,WAAgB,EACtB,WAAW,CAAC,EAAE,MAAM,GACnB;IAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IAAC,OAAO,EAAE,WAAW,EAAE,CAAA;CAAE,CAuC7C;AA6KD;;;;;GAKG;AACH,wBAAgB,cAAc,CAC5B,IAAI,EAAE,UAAU,EAChB,OAAO,EAAE,OAAO,EAChB,IAAI,GAAE,WAAgB,GACrB;IAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IAAC,OAAO,EAAE,WAAW,EAAE,CAAA;CAAE,CAU7C;AAED;;;;;;;GAOG;AACH,wBAAgB,SAAS,CACvB,IAAI,EAAE,UAAU,EAChB,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,MAAM,EACb,IAAI,GAAE,WAAgB,GACrB;IAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IAAC,OAAO,EAAE,WAAW,EAAE,CAAA;CAAE,CAU7C;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,kBAAmB,SAAQ,WAAW;IACrD;;kDAE8C;IAC9C,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,WAAW,CACzB,IAAI,EAAE,UAAU,EAChB,OAAO,EAAE,OAAO,EAChB,IAAI,GAAE,kBAAuB,GAC5B,UAAU,EAAE,CAwFd"}