npm - @delegance/claude-autopilot - Versions diffs - 5.0.1 → 5.0.3 - Mend

@delegance/claude-autopilot 5.0.1 → 5.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (412) hide show

package/dist/src/adapters/review-engine/codex.js +13 -1
package/dist/src/cli/index.js +39 -1
package/dist/src/cli/preflight.js +17 -4
package/dist/src/cli/scan.js +12 -0
package/package.json +4 -3
package/dist/presets/go/rules/go-sql-injection.d.ts.map +0 -1
package/dist/presets/go/rules/go-sql-injection.js.map +0 -1
package/dist/presets/nextjs-supabase/rules/supabase-rls-bypass.d.ts.map +0 -1
package/dist/presets/nextjs-supabase/rules/supabase-rls-bypass.js.map +0 -1
package/dist/presets/python-fastapi/rules/fastapi-missing-auth.d.ts.map +0 -1
package/dist/presets/python-fastapi/rules/fastapi-missing-auth.js.map +0 -1
package/dist/presets/rails-postgres/rules/rails-sql-injection.d.ts.map +0 -1
package/dist/presets/rails-postgres/rules/rails-sql-injection.js.map +0 -1
package/dist/presets/t3/rules/t3-server-only.d.ts.map +0 -1
package/dist/presets/t3/rules/t3-server-only.js.map +0 -1
package/dist/src/adapters/base.d.ts.map +0 -1
package/dist/src/adapters/base.js.map +0 -1
package/dist/src/adapters/council/claude.d.ts.map +0 -1
package/dist/src/adapters/council/claude.js.map +0 -1
package/dist/src/adapters/council/openai.d.ts.map +0 -1
package/dist/src/adapters/council/openai.js.map +0 -1
package/dist/src/adapters/council/types.d.ts.map +0 -1
package/dist/src/adapters/council/types.js.map +0 -1
package/dist/src/adapters/loader.d.ts.map +0 -1
package/dist/src/adapters/loader.js.map +0 -1
package/dist/src/adapters/migration-runner/supabase.d.ts.map +0 -1
package/dist/src/adapters/migration-runner/supabase.js.map +0 -1
package/dist/src/adapters/migration-runner/types.d.ts.map +0 -1
package/dist/src/adapters/migration-runner/types.js.map +0 -1
package/dist/src/adapters/review-bot-parser/cursor.d.ts.map +0 -1
package/dist/src/adapters/review-bot-parser/cursor.js.map +0 -1
package/dist/src/adapters/review-bot-parser/declarative-base.d.ts.map +0 -1
package/dist/src/adapters/review-bot-parser/declarative-base.js.map +0 -1
package/dist/src/adapters/review-bot-parser/types.d.ts.map +0 -1
package/dist/src/adapters/review-bot-parser/types.js.map +0 -1
package/dist/src/adapters/review-engine/auto.d.ts.map +0 -1
package/dist/src/adapters/review-engine/auto.js.map +0 -1
package/dist/src/adapters/review-engine/claude.d.ts.map +0 -1
package/dist/src/adapters/review-engine/claude.js.map +0 -1
package/dist/src/adapters/review-engine/codex.d.ts.map +0 -1
package/dist/src/adapters/review-engine/codex.js.map +0 -1
package/dist/src/adapters/review-engine/gemini.d.ts.map +0 -1
package/dist/src/adapters/review-engine/gemini.js.map +0 -1
package/dist/src/adapters/review-engine/openai-compatible.d.ts.map +0 -1
package/dist/src/adapters/review-engine/openai-compatible.js.map +0 -1
package/dist/src/adapters/review-engine/parse-output.d.ts.map +0 -1
package/dist/src/adapters/review-engine/parse-output.js.map +0 -1
package/dist/src/adapters/review-engine/prompt-builder.d.ts.map +0 -1
package/dist/src/adapters/review-engine/prompt-builder.js.map +0 -1
package/dist/src/adapters/review-engine/types.d.ts.map +0 -1
package/dist/src/adapters/review-engine/types.js.map +0 -1
package/dist/src/adapters/vcs-host/commit-status.d.ts.map +0 -1
package/dist/src/adapters/vcs-host/commit-status.js.map +0 -1
package/dist/src/adapters/vcs-host/github.d.ts.map +0 -1
package/dist/src/adapters/vcs-host/github.js.map +0 -1
package/dist/src/adapters/vcs-host/types.d.ts.map +0 -1
package/dist/src/adapters/vcs-host/types.js.map +0 -1
package/dist/src/cli/_pkg-root.d.ts.map +0 -1
package/dist/src/cli/_pkg-root.js.map +0 -1
package/dist/src/cli/autoregress-bridge.d.ts.map +0 -1
package/dist/src/cli/autoregress-bridge.js.map +0 -1
package/dist/src/cli/baseline.d.ts.map +0 -1
package/dist/src/cli/baseline.js.map +0 -1
package/dist/src/cli/ci.d.ts.map +0 -1
package/dist/src/cli/ci.js.map +0 -1
package/dist/src/cli/costs.d.ts.map +0 -1
package/dist/src/cli/costs.js.map +0 -1
package/dist/src/cli/council.d.ts.map +0 -1
package/dist/src/cli/council.js.map +0 -1
package/dist/src/cli/detector.d.ts.map +0 -1
package/dist/src/cli/detector.js.map +0 -1
package/dist/src/cli/explain.d.ts.map +0 -1
package/dist/src/cli/explain.js.map +0 -1
package/dist/src/cli/fix.d.ts.map +0 -1
package/dist/src/cli/fix.js.map +0 -1
package/dist/src/cli/hook.d.ts.map +0 -1
package/dist/src/cli/hook.js.map +0 -1
package/dist/src/cli/ignore-helper.d.ts.map +0 -1
package/dist/src/cli/ignore-helper.js.map +0 -1
package/dist/src/cli/index.d.ts.map +0 -1
package/dist/src/cli/index.js.map +0 -1
package/dist/src/cli/lsp.d.ts.map +0 -1
package/dist/src/cli/lsp.js.map +0 -1
package/dist/src/cli/mcp.d.ts.map +0 -1
package/dist/src/cli/mcp.js.map +0 -1
package/dist/src/cli/migrate-v4.d.ts.map +0 -1
package/dist/src/cli/migrate-v4.js.map +0 -1
package/dist/src/cli/pr-comment.d.ts.map +0 -1
package/dist/src/cli/pr-comment.js.map +0 -1
package/dist/src/cli/pr-desc.d.ts.map +0 -1
package/dist/src/cli/pr-desc.js.map +0 -1
package/dist/src/cli/pr-review-comments.d.ts.map +0 -1
package/dist/src/cli/pr-review-comments.js.map +0 -1
package/dist/src/cli/pr.d.ts.map +0 -1
package/dist/src/cli/pr.js.map +0 -1
package/dist/src/cli/preflight.d.ts.map +0 -1
package/dist/src/cli/preflight.js.map +0 -1
package/dist/src/cli/report.d.ts.map +0 -1
package/dist/src/cli/report.js.map +0 -1
package/dist/src/cli/run.d.ts.map +0 -1
package/dist/src/cli/run.js.map +0 -1
package/dist/src/cli/scan.d.ts.map +0 -1
package/dist/src/cli/scan.js.map +0 -1
package/dist/src/cli/setup.d.ts.map +0 -1
package/dist/src/cli/setup.js.map +0 -1
package/dist/src/cli/test-gen.d.ts.map +0 -1
package/dist/src/cli/test-gen.js.map +0 -1
package/dist/src/cli/triage.d.ts.map +0 -1
package/dist/src/cli/triage.js.map +0 -1
package/dist/src/cli/watch.d.ts.map +0 -1
package/dist/src/cli/watch.js.map +0 -1
package/dist/src/cli/worker.d.ts.map +0 -1
package/dist/src/cli/worker.js.map +0 -1
package/dist/src/core/cache/cached-engine.d.ts.map +0 -1
package/dist/src/core/cache/cached-engine.js.map +0 -1
package/dist/src/core/cache/review-cache.d.ts.map +0 -1
package/dist/src/core/cache/review-cache.js.map +0 -1
package/dist/src/core/chunking/index.d.ts.map +0 -1
package/dist/src/core/chunking/index.js.map +0 -1
package/dist/src/core/chunking/risk-ranker.d.ts.map +0 -1
package/dist/src/core/chunking/risk-ranker.js.map +0 -1
package/dist/src/core/config/loader.d.ts.map +0 -1
package/dist/src/core/config/loader.js.map +0 -1
package/dist/src/core/config/preset-resolver.d.ts.map +0 -1
package/dist/src/core/config/preset-resolver.js.map +0 -1
package/dist/src/core/config/schema.d.ts.map +0 -1
package/dist/src/core/config/schema.js.map +0 -1
package/dist/src/core/config/types.d.ts.map +0 -1
package/dist/src/core/config/types.js.map +0 -1
package/dist/src/core/council/config.d.ts.map +0 -1
package/dist/src/core/council/config.js.map +0 -1
package/dist/src/core/council/context.d.ts.map +0 -1
package/dist/src/core/council/context.js.map +0 -1
package/dist/src/core/council/runner.d.ts.map +0 -1
package/dist/src/core/council/runner.js.map +0 -1
package/dist/src/core/council/types.d.ts.map +0 -1
package/dist/src/core/council/types.js.map +0 -1
package/dist/src/core/detect/git-context.d.ts.map +0 -1
package/dist/src/core/detect/git-context.js.map +0 -1
package/dist/src/core/detect/llm-key.d.ts.map +0 -1
package/dist/src/core/detect/llm-key.js.map +0 -1
package/dist/src/core/detect/protected-paths.d.ts.map +0 -1
package/dist/src/core/detect/protected-paths.js.map +0 -1
package/dist/src/core/detect/provider-usage.d.ts.map +0 -1
package/dist/src/core/detect/provider-usage.js.map +0 -1
package/dist/src/core/detect/stack.d.ts.map +0 -1
package/dist/src/core/detect/stack.js.map +0 -1
package/dist/src/core/detect/workspaces.d.ts.map +0 -1
package/dist/src/core/detect/workspaces.js.map +0 -1
package/dist/src/core/errors.d.ts.map +0 -1
package/dist/src/core/errors.js.map +0 -1
package/dist/src/core/findings/dedup.d.ts.map +0 -1
package/dist/src/core/findings/dedup.js.map +0 -1
package/dist/src/core/findings/types.d.ts.map +0 -1
package/dist/src/core/findings/types.js.map +0 -1
package/dist/src/core/fix/generator.d.ts.map +0 -1
package/dist/src/core/fix/generator.js.map +0 -1
package/dist/src/core/git/diff-hunks.d.ts.map +0 -1
package/dist/src/core/git/diff-hunks.js.map +0 -1
package/dist/src/core/git/touched-files.d.ts.map +0 -1
package/dist/src/core/git/touched-files.js.map +0 -1
package/dist/src/core/ignore/index.d.ts.map +0 -1
package/dist/src/core/ignore/index.js.map +0 -1
package/dist/src/core/index.d.ts.map +0 -1
package/dist/src/core/index.js.map +0 -1
package/dist/src/core/logging/ndjson-writer.d.ts.map +0 -1
package/dist/src/core/logging/ndjson-writer.js.map +0 -1
package/dist/src/core/logging/redaction.d.ts.map +0 -1
package/dist/src/core/logging/redaction.js.map +0 -1
package/dist/src/core/mcp/concurrency.d.ts.map +0 -1
package/dist/src/core/mcp/concurrency.js.map +0 -1
package/dist/src/core/mcp/handlers/fix-finding.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/fix-finding.js.map +0 -1
package/dist/src/core/mcp/handlers/get-capabilities.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/get-capabilities.js.map +0 -1
package/dist/src/core/mcp/handlers/get-findings.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/get-findings.js.map +0 -1
package/dist/src/core/mcp/handlers/review-diff.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/review-diff.js.map +0 -1
package/dist/src/core/mcp/handlers/scan-files.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/scan-files.js.map +0 -1
package/dist/src/core/mcp/handlers/validate-fix.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/validate-fix.js.map +0 -1
package/dist/src/core/mcp/run-store.d.ts.map +0 -1
package/dist/src/core/mcp/run-store.js.map +0 -1
package/dist/src/core/mcp/workspace.d.ts.map +0 -1
package/dist/src/core/mcp/workspace.js.map +0 -1
package/dist/src/core/persist/baseline.d.ts.map +0 -1
package/dist/src/core/persist/baseline.js.map +0 -1
package/dist/src/core/persist/cost-log.d.ts.map +0 -1
package/dist/src/core/persist/cost-log.js.map +0 -1
package/dist/src/core/persist/findings-cache.d.ts.map +0 -1
package/dist/src/core/persist/findings-cache.js.map +0 -1
package/dist/src/core/persist/triage.d.ts.map +0 -1
package/dist/src/core/persist/triage.js.map +0 -1
package/dist/src/core/phases/static-rules.d.ts.map +0 -1
package/dist/src/core/phases/static-rules.js.map +0 -1
package/dist/src/core/phases/tests.d.ts.map +0 -1
package/dist/src/core/phases/tests.js.map +0 -1
package/dist/src/core/pipeline/review-phase.d.ts.map +0 -1
package/dist/src/core/pipeline/review-phase.js.map +0 -1
package/dist/src/core/pipeline/run.d.ts.map +0 -1
package/dist/src/core/pipeline/run.js.map +0 -1
package/dist/src/core/runtime/idempotency.d.ts.map +0 -1
package/dist/src/core/runtime/idempotency.js.map +0 -1
package/dist/src/core/runtime/lock.d.ts.map +0 -1
package/dist/src/core/runtime/lock.js.map +0 -1
package/dist/src/core/runtime/state.d.ts.map +0 -1
package/dist/src/core/runtime/state.js.map +0 -1
package/dist/src/core/schema-alignment/detector.d.ts.map +0 -1
package/dist/src/core/schema-alignment/detector.js.map +0 -1
package/dist/src/core/schema-alignment/extractor/index.d.ts.map +0 -1
package/dist/src/core/schema-alignment/extractor/index.js.map +0 -1
package/dist/src/core/schema-alignment/extractor/prisma.d.ts.map +0 -1
package/dist/src/core/schema-alignment/extractor/prisma.js.map +0 -1
package/dist/src/core/schema-alignment/extractor/sql.d.ts.map +0 -1
package/dist/src/core/schema-alignment/extractor/sql.js.map +0 -1
package/dist/src/core/schema-alignment/llm-check.d.ts.map +0 -1
package/dist/src/core/schema-alignment/llm-check.js.map +0 -1
package/dist/src/core/schema-alignment/scanner.d.ts.map +0 -1
package/dist/src/core/schema-alignment/scanner.js.map +0 -1
package/dist/src/core/schema-alignment/types.d.ts.map +0 -1
package/dist/src/core/schema-alignment/types.js.map +0 -1
package/dist/src/core/shell.d.ts.map +0 -1
package/dist/src/core/shell.js.map +0 -1
package/dist/src/core/static-rules/registry.d.ts.map +0 -1
package/dist/src/core/static-rules/registry.js.map +0 -1
package/dist/src/core/static-rules/rules/brand-tokens.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/brand-tokens.js.map +0 -1
package/dist/src/core/static-rules/rules/console-log.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/console-log.js.map +0 -1
package/dist/src/core/static-rules/rules/hardcoded-secrets.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/hardcoded-secrets.js.map +0 -1
package/dist/src/core/static-rules/rules/insecure-redirect.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/insecure-redirect.js.map +0 -1
package/dist/src/core/static-rules/rules/large-file.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/large-file.js.map +0 -1
package/dist/src/core/static-rules/rules/missing-auth.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/missing-auth.js.map +0 -1
package/dist/src/core/static-rules/rules/missing-tests.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/missing-tests.js.map +0 -1
package/dist/src/core/static-rules/rules/npm-audit.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/npm-audit.js.map +0 -1
package/dist/src/core/static-rules/rules/package-lock-sync.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/package-lock-sync.js.map +0 -1
package/dist/src/core/static-rules/rules/schema-alignment.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/schema-alignment.js.map +0 -1
package/dist/src/core/static-rules/rules/sql-injection.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/sql-injection.js.map +0 -1
package/dist/src/core/static-rules/rules/ssrf.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/ssrf.js.map +0 -1
package/dist/src/core/static-rules/rules/todo-fixme.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/todo-fixme.js.map +0 -1
package/dist/src/core/static-rules/tailwind-extractor.d.ts.map +0 -1
package/dist/src/core/static-rules/tailwind-extractor.js.map +0 -1
package/dist/src/core/test-gen/coverage-analyzer.d.ts.map +0 -1
package/dist/src/core/test-gen/coverage-analyzer.js.map +0 -1
package/dist/src/core/test-gen/framework-detector.d.ts.map +0 -1
package/dist/src/core/test-gen/framework-detector.js.map +0 -1
package/dist/src/core/test-gen/test-writer.d.ts.map +0 -1
package/dist/src/core/test-gen/test-writer.js.map +0 -1
package/dist/src/core/ui/design-context-loader.d.ts.map +0 -1
package/dist/src/core/ui/design-context-loader.js.map +0 -1
package/dist/src/core/worker/client.d.ts.map +0 -1
package/dist/src/core/worker/client.js.map +0 -1
package/dist/src/core/worker/lockfile.d.ts.map +0 -1
package/dist/src/core/worker/lockfile.js.map +0 -1
package/dist/src/core/worker/server.d.ts.map +0 -1
package/dist/src/core/worker/server.js.map +0 -1
package/dist/src/formatters/github-annotations.d.ts.map +0 -1
package/dist/src/formatters/github-annotations.js.map +0 -1
package/dist/src/formatters/index.d.ts.map +0 -1
package/dist/src/formatters/index.js.map +0 -1
package/dist/src/formatters/junit.d.ts.map +0 -1
package/dist/src/formatters/junit.js.map +0 -1
package/dist/src/formatters/sarif.d.ts.map +0 -1
package/dist/src/formatters/sarif.js.map +0 -1
package/dist/src/index.d.ts.map +0 -1
package/dist/src/index.js.map +0 -1
package/src/adapters/base.ts +0 -19
package/src/adapters/council/claude.ts +0 -41
package/src/adapters/council/openai.ts +0 -40
package/src/adapters/council/types.ts +0 -7
package/src/adapters/loader.ts +0 -108
package/src/adapters/migration-runner/supabase.ts +0 -56
package/src/adapters/migration-runner/types.ts +0 -36
package/src/adapters/review-bot-parser/cursor.ts +0 -13
package/src/adapters/review-bot-parser/declarative-base.ts +0 -64
package/src/adapters/review-bot-parser/types.ts +0 -9
package/src/adapters/review-engine/auto.ts +0 -94
package/src/adapters/review-engine/claude.ts +0 -100
package/src/adapters/review-engine/codex.ts +0 -82
package/src/adapters/review-engine/gemini.ts +0 -105
package/src/adapters/review-engine/openai-compatible.ts +0 -100
package/src/adapters/review-engine/parse-output.ts +0 -74
package/src/adapters/review-engine/prompt-builder.ts +0 -19
package/src/adapters/review-engine/types.ts +0 -19
package/src/adapters/vcs-host/commit-status.ts +0 -39
package/src/adapters/vcs-host/github.ts +0 -77
package/src/adapters/vcs-host/types.ts +0 -44
package/src/cli/_pkg-root.ts +0 -85
package/src/cli/autoregress-bridge.ts +0 -30
package/src/cli/baseline.ts +0 -125
package/src/cli/ci.ts +0 -45
package/src/cli/costs.ts +0 -80
package/src/cli/council.ts +0 -96
package/src/cli/detector.ts +0 -92
package/src/cli/explain.ts +0 -197
package/src/cli/fix.ts +0 -249
package/src/cli/hook.ts +0 -124
package/src/cli/ignore-helper.ts +0 -116
package/src/cli/index.ts +0 -612
package/src/cli/lsp.ts +0 -200
package/src/cli/mcp.ts +0 -206
package/src/cli/migrate-v4.ts +0 -388
package/src/cli/pr-comment.ts +0 -139
package/src/cli/pr-desc.ts +0 -168
package/src/cli/pr-review-comments.ts +0 -92
package/src/cli/pr.ts +0 -76
package/src/cli/preflight.ts +0 -235
package/src/cli/report.ts +0 -186
package/src/cli/run.ts +0 -425
package/src/cli/scan.ts +0 -233
package/src/cli/setup.ts +0 -191
package/src/cli/test-gen.ts +0 -125
package/src/cli/triage.ts +0 -137
package/src/cli/watch.ts +0 -190
package/src/cli/worker.ts +0 -109
package/src/core/.gitkeep +0 -0
package/src/core/cache/cached-engine.ts +0 -32
package/src/core/cache/review-cache.ts +0 -70
package/src/core/chunking/index.ts +0 -113
package/src/core/chunking/risk-ranker.ts +0 -56
package/src/core/config/loader.ts +0 -53
package/src/core/config/preset-resolver.ts +0 -46
package/src/core/config/schema.ts +0 -181
package/src/core/config/types.ts +0 -98
package/src/core/council/config.ts +0 -71
package/src/core/council/context.ts +0 -17
package/src/core/council/runner.ts +0 -83
package/src/core/council/types.ts +0 -45
package/src/core/detect/git-context.ts +0 -27
package/src/core/detect/llm-key.ts +0 -89
package/src/core/detect/protected-paths.ts +0 -63
package/src/core/detect/provider-usage.ts +0 -74
package/src/core/detect/stack.ts +0 -153
package/src/core/detect/workspaces.ts +0 -103
package/src/core/errors.ts +0 -37
package/src/core/findings/dedup.ts +0 -14
package/src/core/findings/types.ts +0 -39
package/src/core/fix/generator.ts +0 -149
package/src/core/git/diff-hunks.ts +0 -86
package/src/core/git/touched-files.ts +0 -73
package/src/core/ignore/index.ts +0 -54
package/src/core/index.ts +0 -1
package/src/core/logging/ndjson-writer.ts +0 -37
package/src/core/logging/redaction.ts +0 -19
package/src/core/mcp/concurrency.ts +0 -16
package/src/core/mcp/handlers/fix-finding.ts +0 -126
package/src/core/mcp/handlers/get-capabilities.ts +0 -62
package/src/core/mcp/handlers/get-findings.ts +0 -36
package/src/core/mcp/handlers/review-diff.ts +0 -65
package/src/core/mcp/handlers/scan-files.ts +0 -65
package/src/core/mcp/handlers/validate-fix.ts +0 -41
package/src/core/mcp/run-store.ts +0 -85
package/src/core/mcp/workspace.ts +0 -35
package/src/core/persist/baseline.ts +0 -112
package/src/core/persist/cost-log.ts +0 -30
package/src/core/persist/findings-cache.ts +0 -43
package/src/core/persist/triage.ts +0 -112
package/src/core/phases/static-rules.ts +0 -93
package/src/core/phases/tests.ts +0 -51
package/src/core/pipeline/review-phase.ts +0 -182
package/src/core/pipeline/run.ts +0 -116
package/src/core/runtime/idempotency.ts +0 -6
package/src/core/runtime/lock.ts +0 -29
package/src/core/runtime/state.ts +0 -97
package/src/core/schema-alignment/detector.ts +0 -59
package/src/core/schema-alignment/extractor/index.ts +0 -24
package/src/core/schema-alignment/extractor/prisma.ts +0 -21
package/src/core/schema-alignment/extractor/sql.ts +0 -99
package/src/core/schema-alignment/llm-check.ts +0 -91
package/src/core/schema-alignment/scanner.ts +0 -107
package/src/core/schema-alignment/types.ts +0 -43
package/src/core/shell.ts +0 -48
package/src/core/static-rules/registry.ts +0 -59
package/src/core/static-rules/rules/brand-tokens.ts +0 -145
package/src/core/static-rules/rules/console-log.ts +0 -42
package/src/core/static-rules/rules/hardcoded-secrets.ts +0 -83
package/src/core/static-rules/rules/insecure-redirect.ts +0 -67
package/src/core/static-rules/rules/large-file.ts +0 -37
package/src/core/static-rules/rules/missing-auth.ts +0 -70
package/src/core/static-rules/rules/missing-tests.ts +0 -57
package/src/core/static-rules/rules/npm-audit.ts +0 -38
package/src/core/static-rules/rules/package-lock-sync.ts +0 -54
package/src/core/static-rules/rules/schema-alignment.ts +0 -132
package/src/core/static-rules/rules/sql-injection.ts +0 -71
package/src/core/static-rules/rules/ssrf.ts +0 -63
package/src/core/static-rules/rules/todo-fixme.ts +0 -40
package/src/core/static-rules/tailwind-extractor.ts +0 -38
package/src/core/test-gen/coverage-analyzer.ts +0 -93
package/src/core/test-gen/framework-detector.ts +0 -21
package/src/core/test-gen/test-writer.ts +0 -33
package/src/core/ui/design-context-loader.ts +0 -87
package/src/core/worker/client.ts +0 -46
package/src/core/worker/lockfile.ts +0 -38
package/src/core/worker/server.ts +0 -81
package/src/formatters/github-annotations.ts +0 -36
package/src/formatters/index.ts +0 -3
package/src/formatters/junit.ts +0 -52
package/src/formatters/sarif.ts +0 -103
package/src/index.ts +0 -3

package/src/core/ignore/index.ts DELETED Viewed

@@ -1,54 +0,0 @@
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import { minimatch } from 'minimatch';
-import type { Finding } from '../findings/types.ts';
-import type { GuardrailConfig } from '../config/types.ts';
-export interface IgnoreRule {
-  ruleId: string | '*';  // finding id prefix or '*' for any
-  pathGlob: string | null; // null = match all paths
-}
-export function loadIgnoreRules(cwd: string): IgnoreRule[] {
-  const filePath = path.join(cwd, '.guardrail-ignore');
-  if (!fs.existsSync(filePath)) return [];
-  const rules: IgnoreRule[] = [];
-  for (const raw of fs.readFileSync(filePath, 'utf8').split('\n')) {
-    const line = raw.trim();
-    if (!line || line.startsWith('#')) continue;
-    const parts = line.split(/\s+/);
-    if (parts.length === 1) {
-      // bare glob — suppress any finding whose file matches
-      rules.push({ ruleId: '*', pathGlob: parts[0]! });
-    } else {
-      // <rule-id-or-*> <path-glob>
-      rules.push({ ruleId: parts[0]!, pathGlob: parts[1]! });
-    }
-  }
-  return rules;
-}
-function matchesRule(finding: Finding, rule: IgnoreRule): boolean {
-  const ruleMatches = rule.ruleId === '*' || finding.id.startsWith(rule.ruleId);
-  if (!ruleMatches) return false;
-  if (rule.pathGlob === null) return true;
-  return minimatch(finding.file.replace(/\\/g, '/'), rule.pathGlob, { matchBase: true });
-}
-/** Convert `ignore:` entries from guardrail.config.yaml into IgnoreRules. */
-export function parseConfigIgnore(entries: GuardrailConfig['ignore']): IgnoreRule[] {
-  if (!entries || entries.length === 0) return [];
-  return entries.map(entry => {
-    if (typeof entry === 'string') {
-      return { ruleId: '*', pathGlob: entry };
-    }
-    return { ruleId: entry.rule ?? '*', pathGlob: entry.path };
-  });
-}
-export function applyIgnoreRules(findings: Finding[], rules: IgnoreRule[]): Finding[] {
-  if (rules.length === 0) return findings;
-  return findings.filter(f => !rules.some(r => matchesRule(f, r)));
-}

package/src/core/index.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};

package/src/core/logging/ndjson-writer.ts DELETED Viewed

@@ -1,37 +0,0 @@
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import { applyRedaction, DEFAULT_REDACTION_PATTERNS } from './redaction.ts';
-export interface NdjsonLoggerOptions {
-  runId: string;
-  logsDir?: string;
-  redactionPatterns?: readonly string[];
-}
-export class NdjsonLogger {
-  private readonly runId: string;
-  private readonly filePath: string;
-  private readonly stream: fs.WriteStream;
-  private readonly redactionPatterns: readonly string[];
-  constructor(options: NdjsonLoggerOptions) {
-    this.runId = options.runId;
-    this.redactionPatterns = options.redactionPatterns ?? DEFAULT_REDACTION_PATTERNS;
-    const logsDir = options.logsDir ?? path.join('.claude', 'logs');
-    fs.mkdirSync(logsDir, { recursive: true });
-    this.filePath = path.join(logsDir, `${this.runId}.ndjson`);
-    this.stream = fs.createWriteStream(this.filePath, { flags: 'a' });
-  }
-  log(event: string, fields: Record<string, unknown> = {}): void {
-    const entry = { ts: new Date().toISOString(), runId: this.runId, event, ...fields };
-    const serialized = applyRedaction(JSON.stringify(entry), this.redactionPatterns);
-    this.stream.write(serialized + '\n');
-  }
-  close(): Promise<void> {
-    return new Promise(resolve => this.stream.end(() => resolve()));
-  }
-  getFilePath(): string { return this.filePath; }
-}

package/src/core/logging/redaction.ts DELETED Viewed

@@ -1,19 +0,0 @@
-export const DEFAULT_REDACTION_PATTERNS: readonly string[] = Object.freeze([
-  '\\bsk-[a-zA-Z0-9_-]{20,}',
-  '\\beyJ[a-zA-Z0-9_-]{30,}',
-  '\\bghp_[a-zA-Z0-9]{30,}',
-  '\\bxoxb-[a-zA-Z0-9-]{20,}',
-  '\\bAKIA[A-Z0-9]{16}\\b',
-]);
-export function applyRedaction(text: string, patterns: readonly string[]): string {
-  let result = text;
-  for (const pattern of patterns) {
-    result = result.replace(new RegExp(pattern, 'g'), '[REDACTED]');
-  }
-  return result;
-}
-export function containsSecret(text: string, patterns: readonly string[]): boolean {
-  return patterns.some(p => new RegExp(p).test(text));
-}

package/src/core/mcp/concurrency.ts DELETED Viewed

@@ -1,16 +0,0 @@
-const mutexes = new Map<string, Promise<void>>();
-export async function withWriteLock<T>(workspace: string, fn: () => Promise<T>): Promise<T> {
-  let unlock!: () => void;
-  const current = new Promise<void>(resolve => { unlock = resolve; });
-  const prev = mutexes.get(workspace) ?? Promise.resolve();
-  mutexes.set(workspace, current);
-  await prev;
-  try {
-    return await fn();
-  } finally {
-    unlock();
-    if (mutexes.get(workspace) === current) mutexes.delete(workspace);
-  }
-}

package/src/core/mcp/handlers/fix-finding.ts DELETED Viewed

@@ -1,126 +0,0 @@
-// src/core/mcp/handlers/fix-finding.ts
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import { resolveWorkspace, assertInWorkspace } from '../workspace.ts';
-import { loadRun, checksumFile } from '../run-store.ts';
-import { withWriteLock } from '../concurrency.ts';
-import { generateFix, buildUnifiedDiff } from '../../fix/generator.ts';
-import type { ReviewEngine } from '../../../adapters/review-engine/types.ts';
-import type { GuardrailConfig } from '../../config/types.ts';
-export interface FixFindingResult {
-  schema_version: 1;
-  status: 'fixed' | 'reverted' | 'human_required' | 'skipped';
-  reason?: string;
-  patch?: string;
-  commitSha?: string;
-  appliedFiles: string[];
-}
-export async function handleFixFinding(
-  input: { run_id: string; finding_id: string; cwd?: string; dry_run?: boolean },
-  config: GuardrailConfig,
-  engine: ReviewEngine,
-): Promise<FixFindingResult> {
-  const workspace = resolveWorkspace(input.cwd);
-  const record = loadRun(workspace, input.run_id);
-  if (!record) {
-    throw Object.assign(
-      new Error(`run_not_found: no run with id "${input.run_id}"`),
-      { code: 'run_not_found' },
-    );
-  }
-  const finding = record.findings.find(f => f.id === input.finding_id);
-  if (!finding) {
-    throw Object.assign(
-      new Error(`finding_not_found: no finding with id "${input.finding_id}"`),
-      { code: 'finding_not_found' },
-    );
-  }
-  // Protected path check
-  if (finding.protectedPath) {
-    return { schema_version: 1, status: 'human_required', reason: 'protected_path', appliedFiles: [] };
-  }
-  // Validate finding.file against workspace boundary (run records could be tampered)
-  const absFile = assertInWorkspace(workspace, finding.file);
-  // Look up checksum under both the raw finding.file and its relative form,
-  // so the drift check works whether older runs stored absolute or relative keys.
-  const relKey = path.relative(workspace, absFile);
-  const savedChecksum = record.fileChecksums[finding.file] ?? record.fileChecksums[relKey] ?? '';
-  // Dry-run path: generate fix, return patch, no mutations
-  if (input.dry_run) {
-    const currentChecksum = checksumFile(absFile);
-    if (savedChecksum && currentChecksum !== savedChecksum) {
-      return { schema_version: 1, status: 'human_required', reason: 'file_changed', appliedFiles: [] };
-    }
-    const genResult = await generateFix(finding, engine, workspace);
-    if (genResult.status !== 'ok') {
-      return { schema_version: 1, status: 'human_required', reason: genResult.reason, appliedFiles: [] };
-    }
-    const patch = buildUnifiedDiff(
-      genResult.originalLines!,
-      genResult.replacementLines!,
-      finding.file,
-      genResult.startLine!,
-      { color: false }, // MCP clients parse patch text — no ANSI
-    );
-    return { schema_version: 1, status: 'skipped', reason: 'dry_run', patch, appliedFiles: [] };
-  }
-  // Apply path: checksum validation + fix generation run INSIDE the lock to
-  // prevent TOCTOU between two concurrent fix_finding calls on the same file.
-  return withWriteLock(workspace, async () => {
-    const currentChecksum = checksumFile(absFile);
-    if (savedChecksum && currentChecksum !== savedChecksum) {
-      return { schema_version: 1 as const, status: 'human_required' as const, reason: 'file_changed', appliedFiles: [] };
-    }
-    const genResult = await generateFix(finding, engine, workspace);
-    if (genResult.status !== 'ok') {
-      return { schema_version: 1 as const, status: 'human_required' as const, reason: genResult.reason, appliedFiles: [] };
-    }
-    const patch = buildUnifiedDiff(
-      genResult.originalLines!,
-      genResult.replacementLines!,
-      finding.file,
-      genResult.startLine!,
-      { color: false },
-    );
-    const originalContent = fs.readFileSync(absFile, 'utf8');
-    const allLines = originalContent.split('\n');
-    const newLines = [
-      ...allLines.slice(0, genResult.startLine! - 1),
-      ...genResult.replacementLines!,
-      ...allLines.slice(genResult.endLine!),
-    ];
-    const tmpFile = absFile + '.guardrail.tmp';
-    fs.writeFileSync(tmpFile, newLines.join('\n'), 'utf8');
-    fs.renameSync(tmpFile, absFile);
-    // Test verification
-    if (config.testCommand) {
-      const { spawnSync } = await import('node:child_process');
-      const testResult = spawnSync('/bin/sh', ['-c', config.testCommand], {
-        cwd: workspace,
-        shell: false,
-        timeout: 120_000,
-        encoding: 'utf8',
-      });
-      if (testResult.status !== 0) {
-        fs.writeFileSync(absFile, originalContent, 'utf8');
-        return { schema_version: 1 as const, status: 'reverted' as const, patch, appliedFiles: [] };
-      }
-    }
-    return { schema_version: 1 as const, status: 'fixed' as const, patch, appliedFiles: [finding.file] };
-  });
-}

package/src/core/mcp/handlers/get-capabilities.ts DELETED Viewed

@@ -1,62 +0,0 @@
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import * as child_process from 'node:child_process';
-import { fileURLToPath } from 'node:url';
-import { resolveWorkspace } from '../workspace.ts';
-import type { GuardrailConfig, StaticRuleReference } from '../../config/types.ts';
-export interface CapabilitiesResult {
-  schema_version: 1;
-  adapter: string;
-  enabledRules: string[];
-  writeable: boolean;
-  gitAvailable: boolean;
-  testCommandConfigured: boolean;
-  guardrailVersion: string;
-}
-function readVersion(): string {
-  try {
-    const pkgPath = path.join(path.dirname(fileURLToPath(import.meta.url)), '../../../../package.json');
-    return (JSON.parse(fs.readFileSync(pkgPath, 'utf8')) as { version: string }).version;
-  } catch {
-    return 'unknown';
-  }
-}
-function isGitAvailable(workspace: string): boolean {
-  try {
-    // Safe: no user input, static arguments only
-    child_process.execFileSync('git', ['rev-parse', '--git-dir'], {
-      cwd: workspace,
-      stdio: 'ignore',
-    });
-    return true;
-  } catch {
-    return false;
-  }
-}
-function extractRuleName(rule: StaticRuleReference): string {
-  return typeof rule === 'string' ? rule : rule.adapter;
-}
-export async function handleGetCapabilities(
-  input: { cwd?: string },
-  config: GuardrailConfig,
-  adapterName: string,
-): Promise<CapabilitiesResult> {
-  const workspace = resolveWorkspace(input.cwd);
-  const staticRules = config.staticRules ?? [];
-  const enabledRules = staticRules.map(extractRuleName);
-  return {
-    schema_version: 1,
-    adapter: adapterName,
-    enabledRules,
-    writeable: true,
-    gitAvailable: isGitAvailable(workspace),
-    testCommandConfigured: !!config.testCommand,
-    guardrailVersion: readVersion(),
-  };
-}

package/src/core/mcp/handlers/get-findings.ts DELETED Viewed

@@ -1,36 +0,0 @@
-import { resolveWorkspace } from '../workspace.ts';
-import { loadRun } from '../run-store.ts';
-import type { Finding, Severity } from '../../findings/types.ts';
-export interface GetFindingsResult {
-  schema_version: 1;
-  run_id: string;
-  findings: Finding[];
-  cachedAt: string;
-}
-// Severity order: index 0 = highest priority
-const SEVERITY_ORDER = ['critical', 'warning', 'note'] as const;
-export async function handleGetFindings(input: {
-  run_id: string;
-  severity?: Severity;
-  cwd?: string;
-}): Promise<GetFindingsResult> {
-  const workspace = resolveWorkspace(input.cwd);
-  const record = loadRun(workspace, input.run_id);
-  if (!record) {
-    throw Object.assign(
-      new Error(`run_not_found: no run with id "${input.run_id}"`),
-      { code: 'run_not_found' }
-    );
-  }
-  let findings = record.findings;
-  if (input.severity) {
-    const minIdx = SEVERITY_ORDER.indexOf(input.severity);
-    findings = findings.filter(f => SEVERITY_ORDER.indexOf(f.severity) <= minIdx);
-  }
-  return { schema_version: 1, run_id: input.run_id, findings, cachedAt: record.createdAt };
-}

package/src/core/mcp/handlers/review-diff.ts DELETED Viewed

@@ -1,65 +0,0 @@
-import * as crypto from 'node:crypto';
-import * as path from 'node:path';
-import { resolveWorkspace } from '../workspace.ts';
-import { saveRun, checksumFile, pruneOldRuns } from '../run-store.ts';
-import { runGuardrail } from '../../pipeline/run.ts';
-import { resolveGitTouchedFiles } from '../../git/touched-files.ts';
-import { loadRulesFromConfig } from '../../static-rules/registry.ts';
-import { detectGitContext } from '../../detect/git-context.ts';
-import type { ReviewEngine } from '../../../adapters/review-engine/types.ts';
-import type { GuardrailConfig } from '../../config/types.ts';
-import type { Finding } from '../../findings/types.ts';
-export interface ReviewDiffResult {
-  schema_version: 1;
-  run_id: string;
-  findings: Finding[];
-  human_summary: string;
-  usage?: { costUSD?: number };
-}
-export async function handleReviewDiff(
-  input: { base?: string; cwd?: string; static_only?: boolean },
-  config: GuardrailConfig,
-  engine: ReviewEngine,
-): Promise<ReviewDiffResult> {
-  const workspace = resolveWorkspace(input.cwd);
-  pruneOldRuns(workspace, 24 * 60 * 60 * 1000);
-  const touchedFiles = resolveGitTouchedFiles({ cwd: workspace, base: input.base });
-  const staticRules = config.staticRules ? await loadRulesFromConfig(config.staticRules) : [];
-  const gitCtx = detectGitContext(workspace);
-  const result = await runGuardrail({
-    touchedFiles,
-    config,
-    reviewEngine: engine,
-    staticRules,
-    cwd: workspace,
-    gitSummary: gitCtx.summary ?? undefined,
-    base: input.base,
-    skipReview: input.static_only ?? false,
-  });
-  const run_id = crypto.randomUUID();
-  const fileChecksums: Record<string, string> = {};
-  for (const f of touchedFiles) {
-    const abs = path.isAbsolute(f) ? f : path.resolve(workspace, f);
-    fileChecksums[f] = checksumFile(abs);
-  }
-  saveRun(workspace, run_id, result.allFindings, fileChecksums);
-  const critCount = result.allFindings.filter(f => f.severity === 'critical').length;
-  const warnCount = result.allFindings.filter(f => f.severity === 'warning').length;
-  const human_summary = result.allFindings.length === 0
-    ? 'No findings — looks clean.'
-    : `${result.allFindings.length} finding${result.allFindings.length !== 1 ? 's' : ''}: ${critCount} critical, ${warnCount} warning.`;
-  return {
-    schema_version: 1,
-    run_id,
-    findings: result.allFindings,
-    human_summary,
-    usage: result.totalCostUSD !== undefined ? { costUSD: result.totalCostUSD } : undefined,
-  };
-}

package/src/core/mcp/handlers/scan-files.ts DELETED Viewed

@@ -1,65 +0,0 @@
-import * as crypto from 'node:crypto';
-import * as path from 'node:path';
-import { resolveWorkspace, assertInWorkspace } from '../workspace.ts';
-import { saveRun, checksumFile, pruneOldRuns } from '../run-store.ts';
-import { runReviewPhase } from '../../pipeline/review-phase.ts';
-import { detectStack } from '../../detect/stack.ts';
-import type { ReviewEngine } from '../../../adapters/review-engine/types.ts';
-import type { GuardrailConfig } from '../../config/types.ts';
-import type { Finding } from '../../findings/types.ts';
-export interface ScanFilesResult {
-  schema_version: 1;
-  run_id: string;
-  findings: Finding[];
-  human_summary: string;
-}
-export async function handleScanFiles(
-  input: { files: string[]; cwd?: string; ask?: string },
-  config: GuardrailConfig,
-  engine: ReviewEngine,
-): Promise<ScanFilesResult> {
-  const workspace = resolveWorkspace(input.cwd);
-  pruneOldRuns(workspace, 24 * 60 * 60 * 1000);
-  // Validate all paths before any I/O
-  const resolvedFiles = input.files.map(f => assertInWorkspace(workspace, f));
-  const stack = detectStack(workspace) ?? config.stack;
-  const effectiveConfig: GuardrailConfig = input.ask
-    ? { ...config, stack: `${stack ?? 'unknown'}\n\nFocus: ${input.ask}` }
-    : config;
-  const result = await runReviewPhase({
-    touchedFiles: resolvedFiles,
-    config: effectiveConfig,
-    engine,
-    cwd: workspace,
-  });
-  const run_id = crypto.randomUUID();
-  const fileChecksums: Record<string, string> = {};
-  for (const f of resolvedFiles) {
-    // Store relative key so fix_finding's finding.file lookup matches
-    const relKey = path.relative(workspace, f);
-    fileChecksums[relKey] = checksumFile(f);
-  }
-  // Normalize finding.file to relative paths so downstream lookups against
-  // fileChecksums (keyed by relative paths) work regardless of whether the
-  // review engine echoed absolute or relative paths.
-  const normalizedFindings = result.findings.map(f => {
-    if (!f.file) return f;
-    const rel = path.isAbsolute(f.file) ? path.relative(workspace, f.file) : f.file;
-    return rel === f.file ? f : { ...f, file: rel };
-  });
-  saveRun(workspace, run_id, normalizedFindings, fileChecksums);
-  const critCount = result.findings.filter(f => f.severity === 'critical').length;
-  const warnCount = result.findings.filter(f => f.severity === 'warning').length;
-  const human_summary = result.findings.length === 0
-    ? 'No findings.'
-    : `${result.findings.length} finding${result.findings.length !== 1 ? 's' : ''}: ${critCount} critical, ${warnCount} warning.`;
-  return { schema_version: 1, run_id, findings: normalizedFindings, human_summary };
-}

package/src/core/mcp/handlers/validate-fix.ts DELETED Viewed

@@ -1,41 +0,0 @@
-import { spawnSync } from 'node:child_process';
-import { resolveWorkspace } from '../workspace.ts';
-import { withWriteLock } from '../concurrency.ts';
-import type { GuardrailConfig } from '../../config/types.ts';
-export interface ValidateFixResult {
-  schema_version: 1;
-  passed: boolean;
-  output: string;
-  durationMs: number;
-}
-export async function handleValidateFix(
-  input: { cwd?: string; files?: string[] },
-  config: GuardrailConfig,
-): Promise<ValidateFixResult> {
-  const workspace = resolveWorkspace(input.cwd);
-  if (!config.testCommand) {
-    return { schema_version: 1, passed: true, output: '', durationMs: 0 };
-  }
-  return withWriteLock(workspace, async () => {
-    const start = Date.now();
-    const result = spawnSync('/bin/sh', ['-c', config.testCommand!], {
-      cwd: workspace,
-      shell: false,
-      timeout: 120_000,
-      encoding: 'utf8',
-    });
-    const durationMs = Date.now() - start;
-    const raw = ((result.stdout ?? '') + (result.stderr ?? '')).slice(0, 4000);
-    return {
-      schema_version: 1 as const,
-      passed: result.status === 0,
-      output: raw,
-      durationMs,
-    };
-  });
-}

package/src/core/mcp/run-store.ts DELETED Viewed

@@ -1,85 +0,0 @@
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import * as crypto from 'node:crypto';
-import type { Finding } from '../findings/types.ts';
-const RUNS_DIR = '.guardrail-cache/runs';
-export interface RunRecord {
-  run_id: string;
-  createdAt: string;
-  findings: Finding[];
-  fileChecksums: Record<string, string>;
-}
-function runsDir(cwd: string): string {
-  return path.join(cwd, RUNS_DIR);
-}
-// Reject any run_id that isn't a safe filename component — path separators,
-// relative segments, hidden files, or empty strings.
-// run_ids are generated server-side as UUIDs (crypto.randomUUID) so strict
-// validation here is safe. MCP clients that fabricate run_ids get a clear
-// rejection instead of silently reading outside RUNS_DIR.
-const VALID_RUN_ID = /^[A-Za-z0-9_-]+$/;
-function assertValidRunId(runId: string): void {
-  if (!runId || typeof runId !== 'string' || !VALID_RUN_ID.test(runId)) {
-    throw Object.assign(
-      new Error(`invalid run_id: "${runId}" (expected alphanumeric + dash/underscore)`),
-      { code: 'invalid_run_id' },
-    );
-  }
-}
-function runFilePath(cwd: string, runId: string): string {
-  assertValidRunId(runId);
-  return path.join(runsDir(cwd), `${runId}.json`);
-}
-export function saveRun(
-  cwd: string,
-  runId: string,
-  findings: Finding[],
-  fileChecksums: Record<string, string>,
-): void {
-  const dir = runsDir(cwd);
-  fs.mkdirSync(dir, { recursive: true });
-  const record: RunRecord = { run_id: runId, createdAt: new Date().toISOString(), findings, fileChecksums };
-  const tmp = runFilePath(cwd, runId) + '.tmp';
-  fs.writeFileSync(tmp, JSON.stringify(record, null, 2), 'utf8');
-  fs.renameSync(tmp, runFilePath(cwd, runId));
-}
-export function loadRun(cwd: string, runId: string): RunRecord | null {
-  const p = runFilePath(cwd, runId);
-  if (!fs.existsSync(p)) return null;
-  try {
-    return JSON.parse(fs.readFileSync(p, 'utf8')) as RunRecord;
-  } catch {
-    return null;
-  }
-}
-export function checksumFile(filePath: string): string {
-  try {
-    const content = fs.readFileSync(filePath);
-    return crypto.createHash('sha256').update(content).digest('hex');
-  } catch {
-    return '';
-  }
-}
-export function pruneOldRuns(cwd: string, maxAgeMs: number): void {
-  const dir = runsDir(cwd);
-  if (!fs.existsSync(dir)) return;
-  const cutoff = Date.now() - maxAgeMs;
-  for (const entry of fs.readdirSync(dir)) {
-    if (!entry.endsWith('.json')) continue;
-    const full = path.join(dir, entry);
-    try {
-      const stat = fs.statSync(full);
-      if (stat.mtimeMs < cutoff) fs.unlinkSync(full);
-    } catch { /* ignore */ }
-  }
-}

package/src/core/mcp/workspace.ts DELETED Viewed

@@ -1,35 +0,0 @@
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-export function resolveWorkspace(cwd?: string): string {
-  return fs.realpathSync(cwd ?? process.cwd());
-}
-export function assertInWorkspace(workspace: string, filePath: string): string {
-  const resolvedWorkspace = fs.realpathSync(workspace);
-  const abs = path.isAbsolute(filePath)
-    ? filePath
-    : path.resolve(resolvedWorkspace, filePath);
-  let resolved: string;
-  try {
-    resolved = fs.realpathSync(abs);
-  } catch {
-    // File doesn't exist yet — check the directory
-    const dir = path.dirname(abs);
-    let resolvedDir: string;
-    try {
-      resolvedDir = fs.realpathSync(dir);
-    } catch {
-      // Parent directory doesn't exist — resolve what we can
-      resolvedDir = path.resolve(dir);
-    }
-    resolved = path.join(resolvedDir, path.basename(abs));
-  }
-  const root = resolvedWorkspace.endsWith(path.sep) ? resolvedWorkspace : resolvedWorkspace + path.sep;
-  if (!resolved.startsWith(root) && resolved !== resolvedWorkspace) {
-    throw new Error(`Path "${filePath}" is outside workspace "${workspace}"`);
-  }
-  return resolved;
-}