npm - @delegance/claude-autopilot - Versions diffs - 5.0.1 → 5.0.3 - Mend

@delegance/claude-autopilot 5.0.1 → 5.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (412) hide show

package/dist/src/adapters/review-engine/codex.js +13 -1
package/dist/src/cli/index.js +39 -1
package/dist/src/cli/preflight.js +17 -4
package/dist/src/cli/scan.js +12 -0
package/package.json +4 -3
package/dist/presets/go/rules/go-sql-injection.d.ts.map +0 -1
package/dist/presets/go/rules/go-sql-injection.js.map +0 -1
package/dist/presets/nextjs-supabase/rules/supabase-rls-bypass.d.ts.map +0 -1
package/dist/presets/nextjs-supabase/rules/supabase-rls-bypass.js.map +0 -1
package/dist/presets/python-fastapi/rules/fastapi-missing-auth.d.ts.map +0 -1
package/dist/presets/python-fastapi/rules/fastapi-missing-auth.js.map +0 -1
package/dist/presets/rails-postgres/rules/rails-sql-injection.d.ts.map +0 -1
package/dist/presets/rails-postgres/rules/rails-sql-injection.js.map +0 -1
package/dist/presets/t3/rules/t3-server-only.d.ts.map +0 -1
package/dist/presets/t3/rules/t3-server-only.js.map +0 -1
package/dist/src/adapters/base.d.ts.map +0 -1
package/dist/src/adapters/base.js.map +0 -1
package/dist/src/adapters/council/claude.d.ts.map +0 -1
package/dist/src/adapters/council/claude.js.map +0 -1
package/dist/src/adapters/council/openai.d.ts.map +0 -1
package/dist/src/adapters/council/openai.js.map +0 -1
package/dist/src/adapters/council/types.d.ts.map +0 -1
package/dist/src/adapters/council/types.js.map +0 -1
package/dist/src/adapters/loader.d.ts.map +0 -1
package/dist/src/adapters/loader.js.map +0 -1
package/dist/src/adapters/migration-runner/supabase.d.ts.map +0 -1
package/dist/src/adapters/migration-runner/supabase.js.map +0 -1
package/dist/src/adapters/migration-runner/types.d.ts.map +0 -1
package/dist/src/adapters/migration-runner/types.js.map +0 -1
package/dist/src/adapters/review-bot-parser/cursor.d.ts.map +0 -1
package/dist/src/adapters/review-bot-parser/cursor.js.map +0 -1
package/dist/src/adapters/review-bot-parser/declarative-base.d.ts.map +0 -1
package/dist/src/adapters/review-bot-parser/declarative-base.js.map +0 -1
package/dist/src/adapters/review-bot-parser/types.d.ts.map +0 -1
package/dist/src/adapters/review-bot-parser/types.js.map +0 -1
package/dist/src/adapters/review-engine/auto.d.ts.map +0 -1
package/dist/src/adapters/review-engine/auto.js.map +0 -1
package/dist/src/adapters/review-engine/claude.d.ts.map +0 -1
package/dist/src/adapters/review-engine/claude.js.map +0 -1
package/dist/src/adapters/review-engine/codex.d.ts.map +0 -1
package/dist/src/adapters/review-engine/codex.js.map +0 -1
package/dist/src/adapters/review-engine/gemini.d.ts.map +0 -1
package/dist/src/adapters/review-engine/gemini.js.map +0 -1
package/dist/src/adapters/review-engine/openai-compatible.d.ts.map +0 -1
package/dist/src/adapters/review-engine/openai-compatible.js.map +0 -1
package/dist/src/adapters/review-engine/parse-output.d.ts.map +0 -1
package/dist/src/adapters/review-engine/parse-output.js.map +0 -1
package/dist/src/adapters/review-engine/prompt-builder.d.ts.map +0 -1
package/dist/src/adapters/review-engine/prompt-builder.js.map +0 -1
package/dist/src/adapters/review-engine/types.d.ts.map +0 -1
package/dist/src/adapters/review-engine/types.js.map +0 -1
package/dist/src/adapters/vcs-host/commit-status.d.ts.map +0 -1
package/dist/src/adapters/vcs-host/commit-status.js.map +0 -1
package/dist/src/adapters/vcs-host/github.d.ts.map +0 -1
package/dist/src/adapters/vcs-host/github.js.map +0 -1
package/dist/src/adapters/vcs-host/types.d.ts.map +0 -1
package/dist/src/adapters/vcs-host/types.js.map +0 -1
package/dist/src/cli/_pkg-root.d.ts.map +0 -1
package/dist/src/cli/_pkg-root.js.map +0 -1
package/dist/src/cli/autoregress-bridge.d.ts.map +0 -1
package/dist/src/cli/autoregress-bridge.js.map +0 -1
package/dist/src/cli/baseline.d.ts.map +0 -1
package/dist/src/cli/baseline.js.map +0 -1
package/dist/src/cli/ci.d.ts.map +0 -1
package/dist/src/cli/ci.js.map +0 -1
package/dist/src/cli/costs.d.ts.map +0 -1
package/dist/src/cli/costs.js.map +0 -1
package/dist/src/cli/council.d.ts.map +0 -1
package/dist/src/cli/council.js.map +0 -1
package/dist/src/cli/detector.d.ts.map +0 -1
package/dist/src/cli/detector.js.map +0 -1
package/dist/src/cli/explain.d.ts.map +0 -1
package/dist/src/cli/explain.js.map +0 -1
package/dist/src/cli/fix.d.ts.map +0 -1
package/dist/src/cli/fix.js.map +0 -1
package/dist/src/cli/hook.d.ts.map +0 -1
package/dist/src/cli/hook.js.map +0 -1
package/dist/src/cli/ignore-helper.d.ts.map +0 -1
package/dist/src/cli/ignore-helper.js.map +0 -1
package/dist/src/cli/index.d.ts.map +0 -1
package/dist/src/cli/index.js.map +0 -1
package/dist/src/cli/lsp.d.ts.map +0 -1
package/dist/src/cli/lsp.js.map +0 -1
package/dist/src/cli/mcp.d.ts.map +0 -1
package/dist/src/cli/mcp.js.map +0 -1
package/dist/src/cli/migrate-v4.d.ts.map +0 -1
package/dist/src/cli/migrate-v4.js.map +0 -1
package/dist/src/cli/pr-comment.d.ts.map +0 -1
package/dist/src/cli/pr-comment.js.map +0 -1
package/dist/src/cli/pr-desc.d.ts.map +0 -1
package/dist/src/cli/pr-desc.js.map +0 -1
package/dist/src/cli/pr-review-comments.d.ts.map +0 -1
package/dist/src/cli/pr-review-comments.js.map +0 -1
package/dist/src/cli/pr.d.ts.map +0 -1
package/dist/src/cli/pr.js.map +0 -1
package/dist/src/cli/preflight.d.ts.map +0 -1
package/dist/src/cli/preflight.js.map +0 -1
package/dist/src/cli/report.d.ts.map +0 -1
package/dist/src/cli/report.js.map +0 -1
package/dist/src/cli/run.d.ts.map +0 -1
package/dist/src/cli/run.js.map +0 -1
package/dist/src/cli/scan.d.ts.map +0 -1
package/dist/src/cli/scan.js.map +0 -1
package/dist/src/cli/setup.d.ts.map +0 -1
package/dist/src/cli/setup.js.map +0 -1
package/dist/src/cli/test-gen.d.ts.map +0 -1
package/dist/src/cli/test-gen.js.map +0 -1
package/dist/src/cli/triage.d.ts.map +0 -1
package/dist/src/cli/triage.js.map +0 -1
package/dist/src/cli/watch.d.ts.map +0 -1
package/dist/src/cli/watch.js.map +0 -1
package/dist/src/cli/worker.d.ts.map +0 -1
package/dist/src/cli/worker.js.map +0 -1
package/dist/src/core/cache/cached-engine.d.ts.map +0 -1
package/dist/src/core/cache/cached-engine.js.map +0 -1
package/dist/src/core/cache/review-cache.d.ts.map +0 -1
package/dist/src/core/cache/review-cache.js.map +0 -1
package/dist/src/core/chunking/index.d.ts.map +0 -1
package/dist/src/core/chunking/index.js.map +0 -1
package/dist/src/core/chunking/risk-ranker.d.ts.map +0 -1
package/dist/src/core/chunking/risk-ranker.js.map +0 -1
package/dist/src/core/config/loader.d.ts.map +0 -1
package/dist/src/core/config/loader.js.map +0 -1
package/dist/src/core/config/preset-resolver.d.ts.map +0 -1
package/dist/src/core/config/preset-resolver.js.map +0 -1
package/dist/src/core/config/schema.d.ts.map +0 -1
package/dist/src/core/config/schema.js.map +0 -1
package/dist/src/core/config/types.d.ts.map +0 -1
package/dist/src/core/config/types.js.map +0 -1
package/dist/src/core/council/config.d.ts.map +0 -1
package/dist/src/core/council/config.js.map +0 -1
package/dist/src/core/council/context.d.ts.map +0 -1
package/dist/src/core/council/context.js.map +0 -1
package/dist/src/core/council/runner.d.ts.map +0 -1
package/dist/src/core/council/runner.js.map +0 -1
package/dist/src/core/council/types.d.ts.map +0 -1
package/dist/src/core/council/types.js.map +0 -1
package/dist/src/core/detect/git-context.d.ts.map +0 -1
package/dist/src/core/detect/git-context.js.map +0 -1
package/dist/src/core/detect/llm-key.d.ts.map +0 -1
package/dist/src/core/detect/llm-key.js.map +0 -1
package/dist/src/core/detect/protected-paths.d.ts.map +0 -1
package/dist/src/core/detect/protected-paths.js.map +0 -1
package/dist/src/core/detect/provider-usage.d.ts.map +0 -1
package/dist/src/core/detect/provider-usage.js.map +0 -1
package/dist/src/core/detect/stack.d.ts.map +0 -1
package/dist/src/core/detect/stack.js.map +0 -1
package/dist/src/core/detect/workspaces.d.ts.map +0 -1
package/dist/src/core/detect/workspaces.js.map +0 -1
package/dist/src/core/errors.d.ts.map +0 -1
package/dist/src/core/errors.js.map +0 -1
package/dist/src/core/findings/dedup.d.ts.map +0 -1
package/dist/src/core/findings/dedup.js.map +0 -1
package/dist/src/core/findings/types.d.ts.map +0 -1
package/dist/src/core/findings/types.js.map +0 -1
package/dist/src/core/fix/generator.d.ts.map +0 -1
package/dist/src/core/fix/generator.js.map +0 -1
package/dist/src/core/git/diff-hunks.d.ts.map +0 -1
package/dist/src/core/git/diff-hunks.js.map +0 -1
package/dist/src/core/git/touched-files.d.ts.map +0 -1
package/dist/src/core/git/touched-files.js.map +0 -1
package/dist/src/core/ignore/index.d.ts.map +0 -1
package/dist/src/core/ignore/index.js.map +0 -1
package/dist/src/core/index.d.ts.map +0 -1
package/dist/src/core/index.js.map +0 -1
package/dist/src/core/logging/ndjson-writer.d.ts.map +0 -1
package/dist/src/core/logging/ndjson-writer.js.map +0 -1
package/dist/src/core/logging/redaction.d.ts.map +0 -1
package/dist/src/core/logging/redaction.js.map +0 -1
package/dist/src/core/mcp/concurrency.d.ts.map +0 -1
package/dist/src/core/mcp/concurrency.js.map +0 -1
package/dist/src/core/mcp/handlers/fix-finding.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/fix-finding.js.map +0 -1
package/dist/src/core/mcp/handlers/get-capabilities.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/get-capabilities.js.map +0 -1
package/dist/src/core/mcp/handlers/get-findings.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/get-findings.js.map +0 -1
package/dist/src/core/mcp/handlers/review-diff.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/review-diff.js.map +0 -1
package/dist/src/core/mcp/handlers/scan-files.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/scan-files.js.map +0 -1
package/dist/src/core/mcp/handlers/validate-fix.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/validate-fix.js.map +0 -1
package/dist/src/core/mcp/run-store.d.ts.map +0 -1
package/dist/src/core/mcp/run-store.js.map +0 -1
package/dist/src/core/mcp/workspace.d.ts.map +0 -1
package/dist/src/core/mcp/workspace.js.map +0 -1
package/dist/src/core/persist/baseline.d.ts.map +0 -1
package/dist/src/core/persist/baseline.js.map +0 -1
package/dist/src/core/persist/cost-log.d.ts.map +0 -1
package/dist/src/core/persist/cost-log.js.map +0 -1
package/dist/src/core/persist/findings-cache.d.ts.map +0 -1
package/dist/src/core/persist/findings-cache.js.map +0 -1
package/dist/src/core/persist/triage.d.ts.map +0 -1
package/dist/src/core/persist/triage.js.map +0 -1
package/dist/src/core/phases/static-rules.d.ts.map +0 -1
package/dist/src/core/phases/static-rules.js.map +0 -1
package/dist/src/core/phases/tests.d.ts.map +0 -1
package/dist/src/core/phases/tests.js.map +0 -1
package/dist/src/core/pipeline/review-phase.d.ts.map +0 -1
package/dist/src/core/pipeline/review-phase.js.map +0 -1
package/dist/src/core/pipeline/run.d.ts.map +0 -1
package/dist/src/core/pipeline/run.js.map +0 -1
package/dist/src/core/runtime/idempotency.d.ts.map +0 -1
package/dist/src/core/runtime/idempotency.js.map +0 -1
package/dist/src/core/runtime/lock.d.ts.map +0 -1
package/dist/src/core/runtime/lock.js.map +0 -1
package/dist/src/core/runtime/state.d.ts.map +0 -1
package/dist/src/core/runtime/state.js.map +0 -1
package/dist/src/core/schema-alignment/detector.d.ts.map +0 -1
package/dist/src/core/schema-alignment/detector.js.map +0 -1
package/dist/src/core/schema-alignment/extractor/index.d.ts.map +0 -1
package/dist/src/core/schema-alignment/extractor/index.js.map +0 -1
package/dist/src/core/schema-alignment/extractor/prisma.d.ts.map +0 -1
package/dist/src/core/schema-alignment/extractor/prisma.js.map +0 -1
package/dist/src/core/schema-alignment/extractor/sql.d.ts.map +0 -1
package/dist/src/core/schema-alignment/extractor/sql.js.map +0 -1
package/dist/src/core/schema-alignment/llm-check.d.ts.map +0 -1
package/dist/src/core/schema-alignment/llm-check.js.map +0 -1
package/dist/src/core/schema-alignment/scanner.d.ts.map +0 -1
package/dist/src/core/schema-alignment/scanner.js.map +0 -1
package/dist/src/core/schema-alignment/types.d.ts.map +0 -1
package/dist/src/core/schema-alignment/types.js.map +0 -1
package/dist/src/core/shell.d.ts.map +0 -1
package/dist/src/core/shell.js.map +0 -1
package/dist/src/core/static-rules/registry.d.ts.map +0 -1
package/dist/src/core/static-rules/registry.js.map +0 -1
package/dist/src/core/static-rules/rules/brand-tokens.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/brand-tokens.js.map +0 -1
package/dist/src/core/static-rules/rules/console-log.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/console-log.js.map +0 -1
package/dist/src/core/static-rules/rules/hardcoded-secrets.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/hardcoded-secrets.js.map +0 -1
package/dist/src/core/static-rules/rules/insecure-redirect.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/insecure-redirect.js.map +0 -1
package/dist/src/core/static-rules/rules/large-file.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/large-file.js.map +0 -1
package/dist/src/core/static-rules/rules/missing-auth.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/missing-auth.js.map +0 -1
package/dist/src/core/static-rules/rules/missing-tests.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/missing-tests.js.map +0 -1
package/dist/src/core/static-rules/rules/npm-audit.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/npm-audit.js.map +0 -1
package/dist/src/core/static-rules/rules/package-lock-sync.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/package-lock-sync.js.map +0 -1
package/dist/src/core/static-rules/rules/schema-alignment.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/schema-alignment.js.map +0 -1
package/dist/src/core/static-rules/rules/sql-injection.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/sql-injection.js.map +0 -1
package/dist/src/core/static-rules/rules/ssrf.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/ssrf.js.map +0 -1
package/dist/src/core/static-rules/rules/todo-fixme.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/todo-fixme.js.map +0 -1
package/dist/src/core/static-rules/tailwind-extractor.d.ts.map +0 -1
package/dist/src/core/static-rules/tailwind-extractor.js.map +0 -1
package/dist/src/core/test-gen/coverage-analyzer.d.ts.map +0 -1
package/dist/src/core/test-gen/coverage-analyzer.js.map +0 -1
package/dist/src/core/test-gen/framework-detector.d.ts.map +0 -1
package/dist/src/core/test-gen/framework-detector.js.map +0 -1
package/dist/src/core/test-gen/test-writer.d.ts.map +0 -1
package/dist/src/core/test-gen/test-writer.js.map +0 -1
package/dist/src/core/ui/design-context-loader.d.ts.map +0 -1
package/dist/src/core/ui/design-context-loader.js.map +0 -1
package/dist/src/core/worker/client.d.ts.map +0 -1
package/dist/src/core/worker/client.js.map +0 -1
package/dist/src/core/worker/lockfile.d.ts.map +0 -1
package/dist/src/core/worker/lockfile.js.map +0 -1
package/dist/src/core/worker/server.d.ts.map +0 -1
package/dist/src/core/worker/server.js.map +0 -1
package/dist/src/formatters/github-annotations.d.ts.map +0 -1
package/dist/src/formatters/github-annotations.js.map +0 -1
package/dist/src/formatters/index.d.ts.map +0 -1
package/dist/src/formatters/index.js.map +0 -1
package/dist/src/formatters/junit.d.ts.map +0 -1
package/dist/src/formatters/junit.js.map +0 -1
package/dist/src/formatters/sarif.d.ts.map +0 -1
package/dist/src/formatters/sarif.js.map +0 -1
package/dist/src/index.d.ts.map +0 -1
package/dist/src/index.js.map +0 -1
package/src/adapters/base.ts +0 -19
package/src/adapters/council/claude.ts +0 -41
package/src/adapters/council/openai.ts +0 -40
package/src/adapters/council/types.ts +0 -7
package/src/adapters/loader.ts +0 -108
package/src/adapters/migration-runner/supabase.ts +0 -56
package/src/adapters/migration-runner/types.ts +0 -36
package/src/adapters/review-bot-parser/cursor.ts +0 -13
package/src/adapters/review-bot-parser/declarative-base.ts +0 -64
package/src/adapters/review-bot-parser/types.ts +0 -9
package/src/adapters/review-engine/auto.ts +0 -94
package/src/adapters/review-engine/claude.ts +0 -100
package/src/adapters/review-engine/codex.ts +0 -82
package/src/adapters/review-engine/gemini.ts +0 -105
package/src/adapters/review-engine/openai-compatible.ts +0 -100
package/src/adapters/review-engine/parse-output.ts +0 -74
package/src/adapters/review-engine/prompt-builder.ts +0 -19
package/src/adapters/review-engine/types.ts +0 -19
package/src/adapters/vcs-host/commit-status.ts +0 -39
package/src/adapters/vcs-host/github.ts +0 -77
package/src/adapters/vcs-host/types.ts +0 -44
package/src/cli/_pkg-root.ts +0 -85
package/src/cli/autoregress-bridge.ts +0 -30
package/src/cli/baseline.ts +0 -125
package/src/cli/ci.ts +0 -45
package/src/cli/costs.ts +0 -80
package/src/cli/council.ts +0 -96
package/src/cli/detector.ts +0 -92
package/src/cli/explain.ts +0 -197
package/src/cli/fix.ts +0 -249
package/src/cli/hook.ts +0 -124
package/src/cli/ignore-helper.ts +0 -116
package/src/cli/index.ts +0 -612
package/src/cli/lsp.ts +0 -200
package/src/cli/mcp.ts +0 -206
package/src/cli/migrate-v4.ts +0 -388
package/src/cli/pr-comment.ts +0 -139
package/src/cli/pr-desc.ts +0 -168
package/src/cli/pr-review-comments.ts +0 -92
package/src/cli/pr.ts +0 -76
package/src/cli/preflight.ts +0 -235
package/src/cli/report.ts +0 -186
package/src/cli/run.ts +0 -425
package/src/cli/scan.ts +0 -233
package/src/cli/setup.ts +0 -191
package/src/cli/test-gen.ts +0 -125
package/src/cli/triage.ts +0 -137
package/src/cli/watch.ts +0 -190
package/src/cli/worker.ts +0 -109
package/src/core/.gitkeep +0 -0
package/src/core/cache/cached-engine.ts +0 -32
package/src/core/cache/review-cache.ts +0 -70
package/src/core/chunking/index.ts +0 -113
package/src/core/chunking/risk-ranker.ts +0 -56
package/src/core/config/loader.ts +0 -53
package/src/core/config/preset-resolver.ts +0 -46
package/src/core/config/schema.ts +0 -181
package/src/core/config/types.ts +0 -98
package/src/core/council/config.ts +0 -71
package/src/core/council/context.ts +0 -17
package/src/core/council/runner.ts +0 -83
package/src/core/council/types.ts +0 -45
package/src/core/detect/git-context.ts +0 -27
package/src/core/detect/llm-key.ts +0 -89
package/src/core/detect/protected-paths.ts +0 -63
package/src/core/detect/provider-usage.ts +0 -74
package/src/core/detect/stack.ts +0 -153
package/src/core/detect/workspaces.ts +0 -103
package/src/core/errors.ts +0 -37
package/src/core/findings/dedup.ts +0 -14
package/src/core/findings/types.ts +0 -39
package/src/core/fix/generator.ts +0 -149
package/src/core/git/diff-hunks.ts +0 -86
package/src/core/git/touched-files.ts +0 -73
package/src/core/ignore/index.ts +0 -54
package/src/core/index.ts +0 -1
package/src/core/logging/ndjson-writer.ts +0 -37
package/src/core/logging/redaction.ts +0 -19
package/src/core/mcp/concurrency.ts +0 -16
package/src/core/mcp/handlers/fix-finding.ts +0 -126
package/src/core/mcp/handlers/get-capabilities.ts +0 -62
package/src/core/mcp/handlers/get-findings.ts +0 -36
package/src/core/mcp/handlers/review-diff.ts +0 -65
package/src/core/mcp/handlers/scan-files.ts +0 -65
package/src/core/mcp/handlers/validate-fix.ts +0 -41
package/src/core/mcp/run-store.ts +0 -85
package/src/core/mcp/workspace.ts +0 -35
package/src/core/persist/baseline.ts +0 -112
package/src/core/persist/cost-log.ts +0 -30
package/src/core/persist/findings-cache.ts +0 -43
package/src/core/persist/triage.ts +0 -112
package/src/core/phases/static-rules.ts +0 -93
package/src/core/phases/tests.ts +0 -51
package/src/core/pipeline/review-phase.ts +0 -182
package/src/core/pipeline/run.ts +0 -116
package/src/core/runtime/idempotency.ts +0 -6
package/src/core/runtime/lock.ts +0 -29
package/src/core/runtime/state.ts +0 -97
package/src/core/schema-alignment/detector.ts +0 -59
package/src/core/schema-alignment/extractor/index.ts +0 -24
package/src/core/schema-alignment/extractor/prisma.ts +0 -21
package/src/core/schema-alignment/extractor/sql.ts +0 -99
package/src/core/schema-alignment/llm-check.ts +0 -91
package/src/core/schema-alignment/scanner.ts +0 -107
package/src/core/schema-alignment/types.ts +0 -43
package/src/core/shell.ts +0 -48
package/src/core/static-rules/registry.ts +0 -59
package/src/core/static-rules/rules/brand-tokens.ts +0 -145
package/src/core/static-rules/rules/console-log.ts +0 -42
package/src/core/static-rules/rules/hardcoded-secrets.ts +0 -83
package/src/core/static-rules/rules/insecure-redirect.ts +0 -67
package/src/core/static-rules/rules/large-file.ts +0 -37
package/src/core/static-rules/rules/missing-auth.ts +0 -70
package/src/core/static-rules/rules/missing-tests.ts +0 -57
package/src/core/static-rules/rules/npm-audit.ts +0 -38
package/src/core/static-rules/rules/package-lock-sync.ts +0 -54
package/src/core/static-rules/rules/schema-alignment.ts +0 -132
package/src/core/static-rules/rules/sql-injection.ts +0 -71
package/src/core/static-rules/rules/ssrf.ts +0 -63
package/src/core/static-rules/rules/todo-fixme.ts +0 -40
package/src/core/static-rules/tailwind-extractor.ts +0 -38
package/src/core/test-gen/coverage-analyzer.ts +0 -93
package/src/core/test-gen/framework-detector.ts +0 -21
package/src/core/test-gen/test-writer.ts +0 -33
package/src/core/ui/design-context-loader.ts +0 -87
package/src/core/worker/client.ts +0 -46
package/src/core/worker/lockfile.ts +0 -38
package/src/core/worker/server.ts +0 -81
package/src/formatters/github-annotations.ts +0 -36
package/src/formatters/index.ts +0 -3
package/src/formatters/junit.ts +0 -52
package/src/formatters/sarif.ts +0 -103
package/src/index.ts +0 -3

package/src/cli/lsp.ts DELETED Viewed

@@ -1,200 +0,0 @@
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import type { Finding } from '../core/findings/types.ts';
-// LSP DiagnosticSeverity values (spec §3.16.1)
-const DSev = { Error: 1, Warning: 2, Information: 3 } as const;
-export function findingToUri(filePath: string, cwd: string): string {
-  const abs = path.isAbsolute(filePath) ? filePath : path.resolve(cwd, filePath);
-  // file:// with three slashes on Unix, four on Windows (file:///C:/...)
-  return `file://${abs.startsWith('/') ? '' : '/'}${abs}`;
-}
-export function findingToDiagnostic(f: Finding): {
-  range: { start: { line: number; character: number }; end: { line: number; character: number } };
-  severity: number;
-  source: string;
-  code: string;
-  message: string;
-} {
-  const line = Math.max(0, (f.line ?? 1) - 1); // LSP is 0-indexed; findings are 1-indexed
-  return {
-    range: { start: { line, character: 0 }, end: { line, character: 999 } },
-    severity: f.severity === 'critical' ? DSev.Error : f.severity === 'warning' ? DSev.Warning : DSev.Information,
-    source: 'guardrail',
-    code: f.id,
-    message: f.suggestion ? `${f.message}\n\n${f.suggestion}` : f.message,
-  };
-}
-export function groupByUri(findings: Finding[], cwd: string): Map<string, Finding[]> {
-  const map = new Map<string, Finding[]>();
-  for (const f of findings) {
-    const uri = findingToUri(f.file, cwd);
-    const arr = map.get(uri) ?? [];
-    arr.push(f);
-    map.set(uri, arr);
-  }
-  return map;
-}
-export function encodeMessage(body: object): Buffer {
-  const json = JSON.stringify(body);
-  const byteLen = Buffer.byteLength(json, 'utf8');
-  return Buffer.from(`Content-Length: ${byteLen}\r\n\r\n${json}`, 'utf8');
-}
-/** Parse as many complete LSP messages as possible from `buf`. Returns parsed objects and remaining bytes. */
-export function parseMessages(buf: Buffer): { messages: unknown[]; remaining: Buffer } {
-  const messages: unknown[] = [];
-  let remaining = buf;
-  while (remaining.length > 0) {
-    const headerEnd = remaining.indexOf('\r\n\r\n');
-    if (headerEnd < 0) break;
-    const headers = remaining.slice(0, headerEnd).toString('utf8');
-    const match = headers.match(/Content-Length:\s*(\d+)/i);
-    if (!match) { remaining = remaining.slice(headerEnd + 4); continue; }
-    const contentLength = parseInt(match[1]!, 10);
-    const bodyStart = headerEnd + 4;
-    if (remaining.length < bodyStart + contentLength) break;
-    const body = remaining.slice(bodyStart, bodyStart + contentLength).toString('utf8');
-    remaining = remaining.slice(bodyStart + contentLength);
-    try { messages.push(JSON.parse(body)); } catch { /* skip malformed */ }
-  }
-  return { messages, remaining };
-}
-export async function runLsp(options: { cwd?: string } = {}): Promise<void> {
-  const cwd = options.cwd ?? process.cwd();
-  const cacheFile = path.join(cwd, '.guardrail-cache', 'findings.json');
-  let initialized = false;
-  let didShutdown = false;
-  function send(msg: object): void {
-    process.stdout.write(encodeMessage(msg));
-  }
-  function notify(method: string, params: object): void {
-    send({ jsonrpc: '2.0', method, params });
-  }
-  function respond(id: number | string | null, result: unknown): void {
-    send({ jsonrpc: '2.0', id, result });
-  }
-  function respondError(id: number | string | null, code: number, message: string): void {
-    send({ jsonrpc: '2.0', id, error: { code, message } });
-  }
-  function readFindings(): Finding[] {
-    if (!fs.existsSync(cacheFile)) return [];
-    try { return JSON.parse(fs.readFileSync(cacheFile, 'utf8')) as Finding[]; }
-    catch { return []; }
-  }
-  function publishAll(findings: Finding[]): void {
-    const byUri = groupByUri(findings, cwd);
-    for (const [uri, ff] of byUri) {
-      notify('textDocument/publishDiagnostics', {
-        uri,
-        diagnostics: ff.map(findingToDiagnostic),
-      });
-    }
-  }
-  function publishForUri(uri: string, findings: Finding[]): void {
-    notify('textDocument/publishDiagnostics', {
-      uri,
-      diagnostics: findings.filter(f => findingToUri(f.file, cwd) === uri).map(findingToDiagnostic),
-    });
-  }
-  // Watch cache dir so editors see diagnostics update after a guardrail run
-  let watcher: fs.FSWatcher | null = null;
-  function startWatching(): void {
-    const dir = path.dirname(cacheFile);
-    if (!fs.existsSync(dir)) return;
-    try {
-      watcher = fs.watch(dir, { persistent: false }, (_event, filename) => {
-        if (filename === 'findings.json' && initialized) publishAll(readFindings());
-      });
-    } catch { /* watch unavailable */ }
-  }
-  type LspMessage = { jsonrpc: string; id?: number | string; method?: string; params?: unknown };
-  function handle(msg: LspMessage): void {
-    const { id, method, params } = msg;
-    if (!method) return; // response, ignore
-    switch (method) {
-      case 'initialize':
-        respond(id!, {
-          capabilities: {
-            textDocumentSync: { openClose: true, change: 1 /* full */ },
-          },
-          serverInfo: { name: 'guardrail', version: '4.1.0' },
-        });
-        break;
-      case 'initialized':
-        initialized = true;
-        startWatching();
-        publishAll(readFindings());
-        break;
-      case 'textDocument/didOpen':
-      case 'textDocument/didChange': {
-        const p = params as { textDocument?: { uri?: string } } | undefined;
-        const uri = p?.textDocument?.uri;
-        if (uri) publishForUri(uri, readFindings());
-        break;
-      }
-      case 'textDocument/didClose':
-        // Keep diagnostics visible after close
-        break;
-      case 'shutdown':
-        didShutdown = true;
-        watcher?.close();
-        respond(id!, null);
-        break;
-      case 'exit':
-        process.exit(didShutdown ? 0 : 1);
-        break;
-      case '$/cancelRequest':
-        break;
-      default:
-        if (id !== undefined) respondError(id, -32601, `Method not found: ${method}`);
-    }
-  }
-  // Frame-aware stdin reader
-  let buf = Buffer.alloc(0);
-  process.stdin.on('data', (chunk: Buffer) => {
-    buf = Buffer.concat([buf, chunk]);
-    const { messages, remaining } = parseMessages(buf);
-    buf = remaining as Buffer<ArrayBuffer>;
-    for (const msg of messages) handle(msg as LspMessage);
-  });
-  process.stdin.on('end', () => {
-    watcher?.close();
-    process.exit(0);
-  });
-  return new Promise<void>(() => { /* event-loop keeps us alive */ });
-}

package/src/cli/mcp.ts DELETED Viewed

@@ -1,206 +0,0 @@
-// src/cli/mcp.ts
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import { Server } from '@modelcontextprotocol/sdk/server/index.js';
-import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
-import { CallToolRequestSchema, ListToolsRequestSchema } from '@modelcontextprotocol/sdk/types.js';
-import { loadConfig } from '../core/config/loader.ts';
-import { loadAdapter } from '../adapters/loader.ts';
-import type { ReviewEngine } from '../adapters/review-engine/types.ts';
-import type { GuardrailConfig } from '../core/config/types.ts';
-import { handleReviewDiff } from '../core/mcp/handlers/review-diff.ts';
-import { handleScanFiles } from '../core/mcp/handlers/scan-files.ts';
-import { handleGetFindings } from '../core/mcp/handlers/get-findings.ts';
-import { handleFixFinding } from '../core/mcp/handlers/fix-finding.ts';
-import { handleValidateFix } from '../core/mcp/handlers/validate-fix.ts';
-import { handleGetCapabilities } from '../core/mcp/handlers/get-capabilities.ts';
-export async function runMcp(options: { cwd?: string; configPath?: string } = {}): Promise<void> {
-  const cwd = options.cwd ?? process.cwd();
-  const configPath = options.configPath ?? path.join(cwd, 'guardrail.config.yaml');
-  let config: GuardrailConfig = { configVersion: 1 };
-  if (fs.existsSync(configPath)) {
-    const loaded = await loadConfig(configPath);
-    if (loaded) config = loaded;
-  }
-  // Determine adapter name and options from config
-  const engineRef = (config as unknown as Record<string, unknown>).reviewEngine;
-  const ref =
-    typeof engineRef === 'string'
-      ? engineRef
-      : (engineRef as { adapter?: string } | undefined)?.adapter ?? 'auto';
-  const engineOptions =
-    typeof engineRef === 'object' && engineRef !== null
-      ? (engineRef as { options?: Record<string, unknown> }).options
-      : undefined;
-  const engine = await loadAdapter<ReviewEngine>({ point: 'review-engine', ref, options: engineOptions });
-  const adapterName = engine.name;
-  const server = new Server(
-    { name: 'guardrail', version: '1.0.0' },
-    { capabilities: { tools: {} } },
-  );
-  server.setRequestHandler(ListToolsRequestSchema, async () => ({
-    tools: [
-      {
-        name: 'review_diff',
-        description: 'Review git-changed files against a base ref. Returns structured findings.',
-        inputSchema: {
-          type: 'object',
-          properties: {
-            base: { type: 'string', description: 'Base ref to diff against (default: upstream or HEAD~1)' },
-            cwd: { type: 'string', description: 'Working directory (default: process.cwd())' },
-            static_only: { type: 'boolean', description: 'Skip LLM review, run static rules only' },
-          },
-        },
-      },
-      {
-        name: 'scan_files',
-        description: 'Review specific files or directories. Does not require git.',
-        inputSchema: {
-          type: 'object',
-          required: ['files'],
-          properties: {
-            files: { type: 'array', items: { type: 'string' }, description: 'File or directory paths to scan' },
-            cwd: { type: 'string' },
-            ask: { type: 'string', description: 'Targeted question, e.g. "is there SQL injection risk?"' },
-          },
-        },
-      },
-      {
-        name: 'get_findings',
-        description: 'Return findings from a prior review_diff or scan_files run by run_id.',
-        inputSchema: {
-          type: 'object',
-          required: ['run_id'],
-          properties: {
-            run_id: { type: 'string' },
-            severity: { type: 'string', enum: ['critical', 'warning', 'note'], description: 'Minimum severity to include' },
-            cwd: { type: 'string' },
-          },
-        },
-      },
-      {
-        name: 'fix_finding',
-        description: 'Apply an LLM-generated fix for a specific finding. Validates file checksum before applying.',
-        inputSchema: {
-          type: 'object',
-          required: ['run_id', 'finding_id'],
-          properties: {
-            run_id: { type: 'string' },
-            finding_id: { type: 'string' },
-            cwd: { type: 'string' },
-            dry_run: { type: 'boolean', description: 'Return patch without applying' },
-          },
-        },
-      },
-      {
-        name: 'validate_fix',
-        description: 'Run the configured testCommand and return pass/fail.',
-        inputSchema: {
-          type: 'object',
-          properties: {
-            cwd: { type: 'string' },
-            files: { type: 'array', items: { type: 'string' } },
-          },
-        },
-      },
-      {
-        name: 'get_capabilities',
-        description: 'Return adapter, enabled rules, and workspace metadata.',
-        inputSchema: {
-          type: 'object',
-          properties: { cwd: { type: 'string' } },
-        },
-      },
-    ],
-  }));
-  server.setRequestHandler(CallToolRequestSchema, async (request) => {
-    const { name, arguments: args = {} } = request.params;
-    const a = args as Record<string, unknown>;
-    try {
-      let result: unknown;
-      switch (name) {
-        case 'review_diff':
-          result = await handleReviewDiff(
-            {
-              base: a['base'] as string | undefined,
-              cwd: a['cwd'] as string | undefined,
-              static_only: a['static_only'] as boolean | undefined,
-            },
-            config,
-            engine,
-          );
-          break;
-        case 'scan_files':
-          result = await handleScanFiles(
-            {
-              files: a['files'] as string[],
-              cwd: a['cwd'] as string | undefined,
-              ask: a['ask'] as string | undefined,
-            },
-            config,
-            engine,
-          );
-          break;
-        case 'get_findings':
-          result = await handleGetFindings({
-            run_id: a['run_id'] as string,
-            severity: a['severity'] as 'critical' | 'warning' | 'note' | undefined,
-            cwd: a['cwd'] as string | undefined,
-          });
-          break;
-        case 'fix_finding':
-          result = await handleFixFinding(
-            {
-              run_id: a['run_id'] as string,
-              finding_id: a['finding_id'] as string,
-              cwd: a['cwd'] as string | undefined,
-              dry_run: a['dry_run'] as boolean | undefined,
-            },
-            config,
-            engine,
-          );
-          break;
-        case 'validate_fix':
-          result = await handleValidateFix(
-            {
-              cwd: a['cwd'] as string | undefined,
-              files: a['files'] as string[] | undefined,
-            },
-            config,
-          );
-          break;
-        case 'get_capabilities':
-          result = await handleGetCapabilities(
-            { cwd: a['cwd'] as string | undefined },
-            config,
-            adapterName,
-          );
-          break;
-        default:
-          return {
-            content: [{ type: 'text' as const, text: JSON.stringify({ error: `Unknown tool: ${name}` }) }],
-            isError: true,
-          };
-      }
-      return { content: [{ type: 'text' as const, text: JSON.stringify(result) }] };
-    } catch (err) {
-      const msg = err instanceof Error ? err.message : String(err);
-      const code = (err as { code?: string }).code ?? 'unknown_error';
-      return {
-        content: [{ type: 'text' as const, text: JSON.stringify({ error: msg, code }) }],
-        isError: true,
-      };
-    }
-  });
-  const transport = new StdioServerTransport();
-  await server.connect(transport);
-}