npm - @delegance/claude-autopilot - Versions diffs - 5.0.1 → 5.0.3 - Mend

@delegance/claude-autopilot 5.0.1 → 5.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (412) hide show

package/dist/src/adapters/review-engine/codex.js +13 -1
package/dist/src/cli/index.js +39 -1
package/dist/src/cli/preflight.js +17 -4
package/dist/src/cli/scan.js +12 -0
package/package.json +4 -3
package/dist/presets/go/rules/go-sql-injection.d.ts.map +0 -1
package/dist/presets/go/rules/go-sql-injection.js.map +0 -1
package/dist/presets/nextjs-supabase/rules/supabase-rls-bypass.d.ts.map +0 -1
package/dist/presets/nextjs-supabase/rules/supabase-rls-bypass.js.map +0 -1
package/dist/presets/python-fastapi/rules/fastapi-missing-auth.d.ts.map +0 -1
package/dist/presets/python-fastapi/rules/fastapi-missing-auth.js.map +0 -1
package/dist/presets/rails-postgres/rules/rails-sql-injection.d.ts.map +0 -1
package/dist/presets/rails-postgres/rules/rails-sql-injection.js.map +0 -1
package/dist/presets/t3/rules/t3-server-only.d.ts.map +0 -1
package/dist/presets/t3/rules/t3-server-only.js.map +0 -1
package/dist/src/adapters/base.d.ts.map +0 -1
package/dist/src/adapters/base.js.map +0 -1
package/dist/src/adapters/council/claude.d.ts.map +0 -1
package/dist/src/adapters/council/claude.js.map +0 -1
package/dist/src/adapters/council/openai.d.ts.map +0 -1
package/dist/src/adapters/council/openai.js.map +0 -1
package/dist/src/adapters/council/types.d.ts.map +0 -1
package/dist/src/adapters/council/types.js.map +0 -1
package/dist/src/adapters/loader.d.ts.map +0 -1
package/dist/src/adapters/loader.js.map +0 -1
package/dist/src/adapters/migration-runner/supabase.d.ts.map +0 -1
package/dist/src/adapters/migration-runner/supabase.js.map +0 -1
package/dist/src/adapters/migration-runner/types.d.ts.map +0 -1
package/dist/src/adapters/migration-runner/types.js.map +0 -1
package/dist/src/adapters/review-bot-parser/cursor.d.ts.map +0 -1
package/dist/src/adapters/review-bot-parser/cursor.js.map +0 -1
package/dist/src/adapters/review-bot-parser/declarative-base.d.ts.map +0 -1
package/dist/src/adapters/review-bot-parser/declarative-base.js.map +0 -1
package/dist/src/adapters/review-bot-parser/types.d.ts.map +0 -1
package/dist/src/adapters/review-bot-parser/types.js.map +0 -1
package/dist/src/adapters/review-engine/auto.d.ts.map +0 -1
package/dist/src/adapters/review-engine/auto.js.map +0 -1
package/dist/src/adapters/review-engine/claude.d.ts.map +0 -1
package/dist/src/adapters/review-engine/claude.js.map +0 -1
package/dist/src/adapters/review-engine/codex.d.ts.map +0 -1
package/dist/src/adapters/review-engine/codex.js.map +0 -1
package/dist/src/adapters/review-engine/gemini.d.ts.map +0 -1
package/dist/src/adapters/review-engine/gemini.js.map +0 -1
package/dist/src/adapters/review-engine/openai-compatible.d.ts.map +0 -1
package/dist/src/adapters/review-engine/openai-compatible.js.map +0 -1
package/dist/src/adapters/review-engine/parse-output.d.ts.map +0 -1
package/dist/src/adapters/review-engine/parse-output.js.map +0 -1
package/dist/src/adapters/review-engine/prompt-builder.d.ts.map +0 -1
package/dist/src/adapters/review-engine/prompt-builder.js.map +0 -1
package/dist/src/adapters/review-engine/types.d.ts.map +0 -1
package/dist/src/adapters/review-engine/types.js.map +0 -1
package/dist/src/adapters/vcs-host/commit-status.d.ts.map +0 -1
package/dist/src/adapters/vcs-host/commit-status.js.map +0 -1
package/dist/src/adapters/vcs-host/github.d.ts.map +0 -1
package/dist/src/adapters/vcs-host/github.js.map +0 -1
package/dist/src/adapters/vcs-host/types.d.ts.map +0 -1
package/dist/src/adapters/vcs-host/types.js.map +0 -1
package/dist/src/cli/_pkg-root.d.ts.map +0 -1
package/dist/src/cli/_pkg-root.js.map +0 -1
package/dist/src/cli/autoregress-bridge.d.ts.map +0 -1
package/dist/src/cli/autoregress-bridge.js.map +0 -1
package/dist/src/cli/baseline.d.ts.map +0 -1
package/dist/src/cli/baseline.js.map +0 -1
package/dist/src/cli/ci.d.ts.map +0 -1
package/dist/src/cli/ci.js.map +0 -1
package/dist/src/cli/costs.d.ts.map +0 -1
package/dist/src/cli/costs.js.map +0 -1
package/dist/src/cli/council.d.ts.map +0 -1
package/dist/src/cli/council.js.map +0 -1
package/dist/src/cli/detector.d.ts.map +0 -1
package/dist/src/cli/detector.js.map +0 -1
package/dist/src/cli/explain.d.ts.map +0 -1
package/dist/src/cli/explain.js.map +0 -1
package/dist/src/cli/fix.d.ts.map +0 -1
package/dist/src/cli/fix.js.map +0 -1
package/dist/src/cli/hook.d.ts.map +0 -1
package/dist/src/cli/hook.js.map +0 -1
package/dist/src/cli/ignore-helper.d.ts.map +0 -1
package/dist/src/cli/ignore-helper.js.map +0 -1
package/dist/src/cli/index.d.ts.map +0 -1
package/dist/src/cli/index.js.map +0 -1
package/dist/src/cli/lsp.d.ts.map +0 -1
package/dist/src/cli/lsp.js.map +0 -1
package/dist/src/cli/mcp.d.ts.map +0 -1
package/dist/src/cli/mcp.js.map +0 -1
package/dist/src/cli/migrate-v4.d.ts.map +0 -1
package/dist/src/cli/migrate-v4.js.map +0 -1
package/dist/src/cli/pr-comment.d.ts.map +0 -1
package/dist/src/cli/pr-comment.js.map +0 -1
package/dist/src/cli/pr-desc.d.ts.map +0 -1
package/dist/src/cli/pr-desc.js.map +0 -1
package/dist/src/cli/pr-review-comments.d.ts.map +0 -1
package/dist/src/cli/pr-review-comments.js.map +0 -1
package/dist/src/cli/pr.d.ts.map +0 -1
package/dist/src/cli/pr.js.map +0 -1
package/dist/src/cli/preflight.d.ts.map +0 -1
package/dist/src/cli/preflight.js.map +0 -1
package/dist/src/cli/report.d.ts.map +0 -1
package/dist/src/cli/report.js.map +0 -1
package/dist/src/cli/run.d.ts.map +0 -1
package/dist/src/cli/run.js.map +0 -1
package/dist/src/cli/scan.d.ts.map +0 -1
package/dist/src/cli/scan.js.map +0 -1
package/dist/src/cli/setup.d.ts.map +0 -1
package/dist/src/cli/setup.js.map +0 -1
package/dist/src/cli/test-gen.d.ts.map +0 -1
package/dist/src/cli/test-gen.js.map +0 -1
package/dist/src/cli/triage.d.ts.map +0 -1
package/dist/src/cli/triage.js.map +0 -1
package/dist/src/cli/watch.d.ts.map +0 -1
package/dist/src/cli/watch.js.map +0 -1
package/dist/src/cli/worker.d.ts.map +0 -1
package/dist/src/cli/worker.js.map +0 -1
package/dist/src/core/cache/cached-engine.d.ts.map +0 -1
package/dist/src/core/cache/cached-engine.js.map +0 -1
package/dist/src/core/cache/review-cache.d.ts.map +0 -1
package/dist/src/core/cache/review-cache.js.map +0 -1
package/dist/src/core/chunking/index.d.ts.map +0 -1
package/dist/src/core/chunking/index.js.map +0 -1
package/dist/src/core/chunking/risk-ranker.d.ts.map +0 -1
package/dist/src/core/chunking/risk-ranker.js.map +0 -1
package/dist/src/core/config/loader.d.ts.map +0 -1
package/dist/src/core/config/loader.js.map +0 -1
package/dist/src/core/config/preset-resolver.d.ts.map +0 -1
package/dist/src/core/config/preset-resolver.js.map +0 -1
package/dist/src/core/config/schema.d.ts.map +0 -1
package/dist/src/core/config/schema.js.map +0 -1
package/dist/src/core/config/types.d.ts.map +0 -1
package/dist/src/core/config/types.js.map +0 -1
package/dist/src/core/council/config.d.ts.map +0 -1
package/dist/src/core/council/config.js.map +0 -1
package/dist/src/core/council/context.d.ts.map +0 -1
package/dist/src/core/council/context.js.map +0 -1
package/dist/src/core/council/runner.d.ts.map +0 -1
package/dist/src/core/council/runner.js.map +0 -1
package/dist/src/core/council/types.d.ts.map +0 -1
package/dist/src/core/council/types.js.map +0 -1
package/dist/src/core/detect/git-context.d.ts.map +0 -1
package/dist/src/core/detect/git-context.js.map +0 -1
package/dist/src/core/detect/llm-key.d.ts.map +0 -1
package/dist/src/core/detect/llm-key.js.map +0 -1
package/dist/src/core/detect/protected-paths.d.ts.map +0 -1
package/dist/src/core/detect/protected-paths.js.map +0 -1
package/dist/src/core/detect/provider-usage.d.ts.map +0 -1
package/dist/src/core/detect/provider-usage.js.map +0 -1
package/dist/src/core/detect/stack.d.ts.map +0 -1
package/dist/src/core/detect/stack.js.map +0 -1
package/dist/src/core/detect/workspaces.d.ts.map +0 -1
package/dist/src/core/detect/workspaces.js.map +0 -1
package/dist/src/core/errors.d.ts.map +0 -1
package/dist/src/core/errors.js.map +0 -1
package/dist/src/core/findings/dedup.d.ts.map +0 -1
package/dist/src/core/findings/dedup.js.map +0 -1
package/dist/src/core/findings/types.d.ts.map +0 -1
package/dist/src/core/findings/types.js.map +0 -1
package/dist/src/core/fix/generator.d.ts.map +0 -1
package/dist/src/core/fix/generator.js.map +0 -1
package/dist/src/core/git/diff-hunks.d.ts.map +0 -1
package/dist/src/core/git/diff-hunks.js.map +0 -1
package/dist/src/core/git/touched-files.d.ts.map +0 -1
package/dist/src/core/git/touched-files.js.map +0 -1
package/dist/src/core/ignore/index.d.ts.map +0 -1
package/dist/src/core/ignore/index.js.map +0 -1
package/dist/src/core/index.d.ts.map +0 -1
package/dist/src/core/index.js.map +0 -1
package/dist/src/core/logging/ndjson-writer.d.ts.map +0 -1
package/dist/src/core/logging/ndjson-writer.js.map +0 -1
package/dist/src/core/logging/redaction.d.ts.map +0 -1
package/dist/src/core/logging/redaction.js.map +0 -1
package/dist/src/core/mcp/concurrency.d.ts.map +0 -1
package/dist/src/core/mcp/concurrency.js.map +0 -1
package/dist/src/core/mcp/handlers/fix-finding.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/fix-finding.js.map +0 -1
package/dist/src/core/mcp/handlers/get-capabilities.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/get-capabilities.js.map +0 -1
package/dist/src/core/mcp/handlers/get-findings.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/get-findings.js.map +0 -1
package/dist/src/core/mcp/handlers/review-diff.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/review-diff.js.map +0 -1
package/dist/src/core/mcp/handlers/scan-files.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/scan-files.js.map +0 -1
package/dist/src/core/mcp/handlers/validate-fix.d.ts.map +0 -1
package/dist/src/core/mcp/handlers/validate-fix.js.map +0 -1
package/dist/src/core/mcp/run-store.d.ts.map +0 -1
package/dist/src/core/mcp/run-store.js.map +0 -1
package/dist/src/core/mcp/workspace.d.ts.map +0 -1
package/dist/src/core/mcp/workspace.js.map +0 -1
package/dist/src/core/persist/baseline.d.ts.map +0 -1
package/dist/src/core/persist/baseline.js.map +0 -1
package/dist/src/core/persist/cost-log.d.ts.map +0 -1
package/dist/src/core/persist/cost-log.js.map +0 -1
package/dist/src/core/persist/findings-cache.d.ts.map +0 -1
package/dist/src/core/persist/findings-cache.js.map +0 -1
package/dist/src/core/persist/triage.d.ts.map +0 -1
package/dist/src/core/persist/triage.js.map +0 -1
package/dist/src/core/phases/static-rules.d.ts.map +0 -1
package/dist/src/core/phases/static-rules.js.map +0 -1
package/dist/src/core/phases/tests.d.ts.map +0 -1
package/dist/src/core/phases/tests.js.map +0 -1
package/dist/src/core/pipeline/review-phase.d.ts.map +0 -1
package/dist/src/core/pipeline/review-phase.js.map +0 -1
package/dist/src/core/pipeline/run.d.ts.map +0 -1
package/dist/src/core/pipeline/run.js.map +0 -1
package/dist/src/core/runtime/idempotency.d.ts.map +0 -1
package/dist/src/core/runtime/idempotency.js.map +0 -1
package/dist/src/core/runtime/lock.d.ts.map +0 -1
package/dist/src/core/runtime/lock.js.map +0 -1
package/dist/src/core/runtime/state.d.ts.map +0 -1
package/dist/src/core/runtime/state.js.map +0 -1
package/dist/src/core/schema-alignment/detector.d.ts.map +0 -1
package/dist/src/core/schema-alignment/detector.js.map +0 -1
package/dist/src/core/schema-alignment/extractor/index.d.ts.map +0 -1
package/dist/src/core/schema-alignment/extractor/index.js.map +0 -1
package/dist/src/core/schema-alignment/extractor/prisma.d.ts.map +0 -1
package/dist/src/core/schema-alignment/extractor/prisma.js.map +0 -1
package/dist/src/core/schema-alignment/extractor/sql.d.ts.map +0 -1
package/dist/src/core/schema-alignment/extractor/sql.js.map +0 -1
package/dist/src/core/schema-alignment/llm-check.d.ts.map +0 -1
package/dist/src/core/schema-alignment/llm-check.js.map +0 -1
package/dist/src/core/schema-alignment/scanner.d.ts.map +0 -1
package/dist/src/core/schema-alignment/scanner.js.map +0 -1
package/dist/src/core/schema-alignment/types.d.ts.map +0 -1
package/dist/src/core/schema-alignment/types.js.map +0 -1
package/dist/src/core/shell.d.ts.map +0 -1
package/dist/src/core/shell.js.map +0 -1
package/dist/src/core/static-rules/registry.d.ts.map +0 -1
package/dist/src/core/static-rules/registry.js.map +0 -1
package/dist/src/core/static-rules/rules/brand-tokens.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/brand-tokens.js.map +0 -1
package/dist/src/core/static-rules/rules/console-log.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/console-log.js.map +0 -1
package/dist/src/core/static-rules/rules/hardcoded-secrets.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/hardcoded-secrets.js.map +0 -1
package/dist/src/core/static-rules/rules/insecure-redirect.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/insecure-redirect.js.map +0 -1
package/dist/src/core/static-rules/rules/large-file.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/large-file.js.map +0 -1
package/dist/src/core/static-rules/rules/missing-auth.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/missing-auth.js.map +0 -1
package/dist/src/core/static-rules/rules/missing-tests.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/missing-tests.js.map +0 -1
package/dist/src/core/static-rules/rules/npm-audit.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/npm-audit.js.map +0 -1
package/dist/src/core/static-rules/rules/package-lock-sync.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/package-lock-sync.js.map +0 -1
package/dist/src/core/static-rules/rules/schema-alignment.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/schema-alignment.js.map +0 -1
package/dist/src/core/static-rules/rules/sql-injection.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/sql-injection.js.map +0 -1
package/dist/src/core/static-rules/rules/ssrf.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/ssrf.js.map +0 -1
package/dist/src/core/static-rules/rules/todo-fixme.d.ts.map +0 -1
package/dist/src/core/static-rules/rules/todo-fixme.js.map +0 -1
package/dist/src/core/static-rules/tailwind-extractor.d.ts.map +0 -1
package/dist/src/core/static-rules/tailwind-extractor.js.map +0 -1
package/dist/src/core/test-gen/coverage-analyzer.d.ts.map +0 -1
package/dist/src/core/test-gen/coverage-analyzer.js.map +0 -1
package/dist/src/core/test-gen/framework-detector.d.ts.map +0 -1
package/dist/src/core/test-gen/framework-detector.js.map +0 -1
package/dist/src/core/test-gen/test-writer.d.ts.map +0 -1
package/dist/src/core/test-gen/test-writer.js.map +0 -1
package/dist/src/core/ui/design-context-loader.d.ts.map +0 -1
package/dist/src/core/ui/design-context-loader.js.map +0 -1
package/dist/src/core/worker/client.d.ts.map +0 -1
package/dist/src/core/worker/client.js.map +0 -1
package/dist/src/core/worker/lockfile.d.ts.map +0 -1
package/dist/src/core/worker/lockfile.js.map +0 -1
package/dist/src/core/worker/server.d.ts.map +0 -1
package/dist/src/core/worker/server.js.map +0 -1
package/dist/src/formatters/github-annotations.d.ts.map +0 -1
package/dist/src/formatters/github-annotations.js.map +0 -1
package/dist/src/formatters/index.d.ts.map +0 -1
package/dist/src/formatters/index.js.map +0 -1
package/dist/src/formatters/junit.d.ts.map +0 -1
package/dist/src/formatters/junit.js.map +0 -1
package/dist/src/formatters/sarif.d.ts.map +0 -1
package/dist/src/formatters/sarif.js.map +0 -1
package/dist/src/index.d.ts.map +0 -1
package/dist/src/index.js.map +0 -1
package/src/adapters/base.ts +0 -19
package/src/adapters/council/claude.ts +0 -41
package/src/adapters/council/openai.ts +0 -40
package/src/adapters/council/types.ts +0 -7
package/src/adapters/loader.ts +0 -108
package/src/adapters/migration-runner/supabase.ts +0 -56
package/src/adapters/migration-runner/types.ts +0 -36
package/src/adapters/review-bot-parser/cursor.ts +0 -13
package/src/adapters/review-bot-parser/declarative-base.ts +0 -64
package/src/adapters/review-bot-parser/types.ts +0 -9
package/src/adapters/review-engine/auto.ts +0 -94
package/src/adapters/review-engine/claude.ts +0 -100
package/src/adapters/review-engine/codex.ts +0 -82
package/src/adapters/review-engine/gemini.ts +0 -105
package/src/adapters/review-engine/openai-compatible.ts +0 -100
package/src/adapters/review-engine/parse-output.ts +0 -74
package/src/adapters/review-engine/prompt-builder.ts +0 -19
package/src/adapters/review-engine/types.ts +0 -19
package/src/adapters/vcs-host/commit-status.ts +0 -39
package/src/adapters/vcs-host/github.ts +0 -77
package/src/adapters/vcs-host/types.ts +0 -44
package/src/cli/_pkg-root.ts +0 -85
package/src/cli/autoregress-bridge.ts +0 -30
package/src/cli/baseline.ts +0 -125
package/src/cli/ci.ts +0 -45
package/src/cli/costs.ts +0 -80
package/src/cli/council.ts +0 -96
package/src/cli/detector.ts +0 -92
package/src/cli/explain.ts +0 -197
package/src/cli/fix.ts +0 -249
package/src/cli/hook.ts +0 -124
package/src/cli/ignore-helper.ts +0 -116
package/src/cli/index.ts +0 -612
package/src/cli/lsp.ts +0 -200
package/src/cli/mcp.ts +0 -206
package/src/cli/migrate-v4.ts +0 -388
package/src/cli/pr-comment.ts +0 -139
package/src/cli/pr-desc.ts +0 -168
package/src/cli/pr-review-comments.ts +0 -92
package/src/cli/pr.ts +0 -76
package/src/cli/preflight.ts +0 -235
package/src/cli/report.ts +0 -186
package/src/cli/run.ts +0 -425
package/src/cli/scan.ts +0 -233
package/src/cli/setup.ts +0 -191
package/src/cli/test-gen.ts +0 -125
package/src/cli/triage.ts +0 -137
package/src/cli/watch.ts +0 -190
package/src/cli/worker.ts +0 -109
package/src/core/.gitkeep +0 -0
package/src/core/cache/cached-engine.ts +0 -32
package/src/core/cache/review-cache.ts +0 -70
package/src/core/chunking/index.ts +0 -113
package/src/core/chunking/risk-ranker.ts +0 -56
package/src/core/config/loader.ts +0 -53
package/src/core/config/preset-resolver.ts +0 -46
package/src/core/config/schema.ts +0 -181
package/src/core/config/types.ts +0 -98
package/src/core/council/config.ts +0 -71
package/src/core/council/context.ts +0 -17
package/src/core/council/runner.ts +0 -83
package/src/core/council/types.ts +0 -45
package/src/core/detect/git-context.ts +0 -27
package/src/core/detect/llm-key.ts +0 -89
package/src/core/detect/protected-paths.ts +0 -63
package/src/core/detect/provider-usage.ts +0 -74
package/src/core/detect/stack.ts +0 -153
package/src/core/detect/workspaces.ts +0 -103
package/src/core/errors.ts +0 -37
package/src/core/findings/dedup.ts +0 -14
package/src/core/findings/types.ts +0 -39
package/src/core/fix/generator.ts +0 -149
package/src/core/git/diff-hunks.ts +0 -86
package/src/core/git/touched-files.ts +0 -73
package/src/core/ignore/index.ts +0 -54
package/src/core/index.ts +0 -1
package/src/core/logging/ndjson-writer.ts +0 -37
package/src/core/logging/redaction.ts +0 -19
package/src/core/mcp/concurrency.ts +0 -16
package/src/core/mcp/handlers/fix-finding.ts +0 -126
package/src/core/mcp/handlers/get-capabilities.ts +0 -62
package/src/core/mcp/handlers/get-findings.ts +0 -36
package/src/core/mcp/handlers/review-diff.ts +0 -65
package/src/core/mcp/handlers/scan-files.ts +0 -65
package/src/core/mcp/handlers/validate-fix.ts +0 -41
package/src/core/mcp/run-store.ts +0 -85
package/src/core/mcp/workspace.ts +0 -35
package/src/core/persist/baseline.ts +0 -112
package/src/core/persist/cost-log.ts +0 -30
package/src/core/persist/findings-cache.ts +0 -43
package/src/core/persist/triage.ts +0 -112
package/src/core/phases/static-rules.ts +0 -93
package/src/core/phases/tests.ts +0 -51
package/src/core/pipeline/review-phase.ts +0 -182
package/src/core/pipeline/run.ts +0 -116
package/src/core/runtime/idempotency.ts +0 -6
package/src/core/runtime/lock.ts +0 -29
package/src/core/runtime/state.ts +0 -97
package/src/core/schema-alignment/detector.ts +0 -59
package/src/core/schema-alignment/extractor/index.ts +0 -24
package/src/core/schema-alignment/extractor/prisma.ts +0 -21
package/src/core/schema-alignment/extractor/sql.ts +0 -99
package/src/core/schema-alignment/llm-check.ts +0 -91
package/src/core/schema-alignment/scanner.ts +0 -107
package/src/core/schema-alignment/types.ts +0 -43
package/src/core/shell.ts +0 -48
package/src/core/static-rules/registry.ts +0 -59
package/src/core/static-rules/rules/brand-tokens.ts +0 -145
package/src/core/static-rules/rules/console-log.ts +0 -42
package/src/core/static-rules/rules/hardcoded-secrets.ts +0 -83
package/src/core/static-rules/rules/insecure-redirect.ts +0 -67
package/src/core/static-rules/rules/large-file.ts +0 -37
package/src/core/static-rules/rules/missing-auth.ts +0 -70
package/src/core/static-rules/rules/missing-tests.ts +0 -57
package/src/core/static-rules/rules/npm-audit.ts +0 -38
package/src/core/static-rules/rules/package-lock-sync.ts +0 -54
package/src/core/static-rules/rules/schema-alignment.ts +0 -132
package/src/core/static-rules/rules/sql-injection.ts +0 -71
package/src/core/static-rules/rules/ssrf.ts +0 -63
package/src/core/static-rules/rules/todo-fixme.ts +0 -40
package/src/core/static-rules/tailwind-extractor.ts +0 -38
package/src/core/test-gen/coverage-analyzer.ts +0 -93
package/src/core/test-gen/framework-detector.ts +0 -21
package/src/core/test-gen/test-writer.ts +0 -33
package/src/core/ui/design-context-loader.ts +0 -87
package/src/core/worker/client.ts +0 -46
package/src/core/worker/lockfile.ts +0 -38
package/src/core/worker/server.ts +0 -81
package/src/formatters/github-annotations.ts +0 -36
package/src/formatters/index.ts +0 -3
package/src/formatters/junit.ts +0 -52
package/src/formatters/sarif.ts +0 -103
package/src/index.ts +0 -3

package/src/adapters/review-engine/openai-compatible.ts DELETED Viewed

@@ -1,100 +0,0 @@
-import OpenAI from 'openai';
-import { parseReviewOutput } from './parse-output.ts';
-import { GuardrailError } from '../../core/errors.ts';
-import type { Capabilities } from '../base.ts';
-import type { ReviewEngine, ReviewInput, ReviewOutput } from './types.ts';
-import { buildSystemPrompt, classifyError } from './prompt-builder.ts';
-const MAX_OUTPUT_TOKENS = 4096;
-const SYSTEM_PROMPT_TEMPLATE = `You are a senior software architect reviewing code changes for quality, security, and correctness.
-The codebase context:
-{STACK}{GIT_CONTEXT}{DESIGN_SCHEMA}
-Provide structured feedback in exactly this format:
-## Review Summary
-One paragraph overall assessment.
-## Findings
-For each finding, use this format:
-### [CRITICAL|WARNING|NOTE] <short title>
-<explanation>
-**Suggestion:** <actionable fix>
-Rules:
-- CRITICAL: Blocks merge (security issues, data loss risks, broken contracts)
-- WARNING: Should address before merging (logic errors, missing error handling, test gaps)
-- NOTE: Improvement suggestion (style, performance, clarity)
-- Maximum 10 findings, ranked by severity
-- Be specific and constructive
-- Reference the file and line when possible`;
-export const openaiCompatibleAdapter: ReviewEngine = {
-  name: 'openai-compatible',
-  apiVersion: '1.0.0',
-  getCapabilities(): Capabilities {
-    return { structuredOutput: false, streaming: false, maxContextTokens: 128000, inlineComments: false };
-  },
-  estimateTokens(content: string): number {
-    return Math.ceil(content.length / 4);
-  },
-  async review(input: ReviewInput): Promise<ReviewOutput> {
-    const opts = (input.context as Record<string, unknown> | undefined) ?? {};
-    // API key: options.apiKey → named env var → OPENAI_API_KEY
-    const apiKeyEnv = (opts['apiKeyEnv'] as string | undefined) ?? 'OPENAI_API_KEY';
-    const apiKey = (opts['apiKey'] as string | undefined) ?? process.env[apiKeyEnv] ?? 'ollama';
-    const baseURL = (opts['baseUrl'] as string | undefined) ??
-      process.env.OPENAI_BASE_URL ??
-      undefined;
-    const model = opts['model'] as string | undefined;
-    if (!model) {
-      throw new GuardrailError(
-        'openai-compatible adapter requires options.model to be set in guardrail.config.yaml',
-        { code: 'invalid_config', provider: 'openai-compatible' },
-      );
-    }
-    const systemPrompt = buildSystemPrompt(input, SYSTEM_PROMPT_TEMPLATE);
-    const client = new OpenAI({ apiKey, ...(baseURL ? { baseURL } : {}) });
-    let response: OpenAI.Chat.ChatCompletion;
-    try {
-      response = await client.chat.completions.create({
-        model,
-        max_tokens: MAX_OUTPUT_TOKENS,
-        messages: [
-          { role: 'system', content: systemPrompt },
-          { role: 'user', content: `Please review the following:\n\n---\n\n${input.content}` },
-        ],
-      });
-    } catch (err) {
-      const message = err instanceof Error ? err.message : String(err);
-      const code = classifyError(message);
-      throw new GuardrailError(`openai-compatible review call failed: ${message}`, {
-        code,
-        provider: 'openai-compatible',
-        retryable: code === 'rate_limit',
-      });
-    }
-    const rawOutput = response.choices[0]?.message.content ?? '';
-    return {
-      findings: parseReviewOutput(rawOutput, 'openai-compatible'),
-      rawOutput,
-      usage: response.usage
-        ? { input: response.usage.prompt_tokens, output: response.usage.completion_tokens }
-        : undefined,
-    };
-  },
-};
-export default openaiCompatibleAdapter;

package/src/adapters/review-engine/parse-output.ts DELETED Viewed

@@ -1,74 +0,0 @@
-import type { Finding } from '../../core/findings/types.ts';
-// Matches "path/to/file.ts:42", "`path/to/file.ts`", or bare filenames with common extensions
-const FILE_REF = /(?:`([^`]+\.[a-z]{1,6})`|(\b[\w./\-]+\.[a-z]{1,6})(?::(\d+))?)/;
-function extractFileRef(text: string): { file: string; line?: number } {
-  const m = text.match(FILE_REF);
-  if (!m) return { file: '<unspecified>' };
-  const raw = (m[1] ?? m[2])!;
-  // Skip version strings (v1.2.3) and bare dotfile extensions with no path separator
-  if (/^v?\d/.test(raw) || (!raw.includes('/') && raw.startsWith('.') && raw.split('.').length === 2)) {
-    return { file: '<unspecified>' };
-  }
-  const line = m[3] ? parseInt(m[3], 10) : undefined;
-  return { file: raw, line };
-}
-// Accepts any of: `### [CRITICAL] title`, `### CRITICAL title`, `### **CRITICAL** title`,
-// `### **[CRITICAL]** title`. Severity capture works across variants.
-const FINDING_REGEX =
-  /### (?:\*\*)?\[?(CRITICAL|WARNING|NOTE)\]?(?:\*\*)?\s*(.+?)(?=\n### (?:\*\*)?\[?(?:CRITICAL|WARNING|NOTE)\]?|## Review Summary|$)/gs;
-// "Substantive" output = enough non-whitespace chars to be a real LLM response, not
-// an empty/placeholder string. Anything past this with zero parsed findings is likely
-// format drift we should warn about.
-const NONTRIVIAL_OUTPUT_THRESHOLD = 40;
-/**
- * Parses the structured CRITICAL|WARNING|NOTE markdown format produced by all review
- * engine adapters. Extracts file:line references from the finding body when present.
- *
- * Tolerates common LLM format drift (missing brackets, bold wrappers) because the prompt
- * alone doesn't guarantee literal `### [CRITICAL]` — models routinely emit
- * `### CRITICAL` or `### **CRITICAL**`. A strict parser silently returns zero findings
- * on otherwise-valid output, which is exactly the silent-failure mode this file exists to
- * prevent.
- */
-export function parseReviewOutput(output: string, idPrefix: string): Finding[] {
-  const findings: Finding[] = [];
-  for (const match of output.matchAll(FINDING_REGEX)) {
-    const severity = match[1]!.toLowerCase() as Finding['severity'];
-    const body = match[2]!.trim();
-    const titleEnd = body.indexOf('\n');
-    const title = (titleEnd > 0 ? body.slice(0, titleEnd) : body).trim();
-    const suggestion = body.match(/\*\*Suggestion:\*\*\s*(.+)/s)?.[1]?.trim();
-    const { file, line } = extractFileRef(body);
-    findings.push({
-      id: `${idPrefix}-${findings.length}`,
-      source: 'review-engine',
-      severity,
-      category: 'review-engine',
-      file,
-      line,
-      message: title,
-      suggestion,
-      protectedPath: false,
-      createdAt: new Date().toISOString(),
-    });
-  }
-  if (findings.length === 0) {
-    const nonWhitespace = output.replace(/\s/g, '').length;
-    if (nonWhitespace >= NONTRIVIAL_OUTPUT_THRESHOLD) {
-      const preview = output.slice(0, 200).replace(/\s+/g, ' ').trim();
-      // eslint-disable-next-line no-console
-      console.warn(
-        `[parseReviewOutput] LLM returned ${output.length} chars but no findings parsed. ` +
-        `Expected '### [CRITICAL|WARNING|NOTE] …'. Preview: ${preview}${output.length > 200 ? '…' : ''}`,
-      );
-    }
-  }
-  return findings;
-}

package/src/adapters/review-engine/prompt-builder.ts DELETED Viewed

@@ -1,19 +0,0 @@
-import type { ReviewInput } from './types.ts';
-const DEFAULT_STACK = 'A web application — stack details unspecified.';
-export function buildSystemPrompt(input: ReviewInput, template: string): string {
-  const stack = input.context?.stack ?? DEFAULT_STACK;
-  const gitCtx = input.context?.gitSummary ? `\n\nChange context: ${input.context.gitSummary}` : '';
-  const designBlock = input.context?.designSchema ? `\n\n${input.context.designSchema}` : '';
-  return template
-    .replace('{STACK}', stack)
-    .replace('{GIT_CONTEXT}', gitCtx)
-    .replace('{DESIGN_SCHEMA}', designBlock);
-}
-export function classifyError(message: string): 'auth' | 'rate_limit' | 'transient_network' {
-  if (/unauthorized|401|invalid.api.key|authentication|api.key|403/i.test(message)) return 'auth';
-  if (/rate.limit|429|overloaded|quota/i.test(message)) return 'rate_limit';
-  return 'transient_network';
-}

package/src/adapters/review-engine/types.ts DELETED Viewed

@@ -1,19 +0,0 @@
-import type { AdapterBase } from '../base.ts';
-import type { Finding } from '../../core/findings/types.ts';
-export interface ReviewInput {
-  content: string;
-  kind: 'spec' | 'pr-diff' | 'file-batch';
-  context?: { spec?: string; plan?: string; stack?: string; cwd?: string; gitSummary?: string; designSchema?: string };
-}
-export interface ReviewOutput {
-  findings: Finding[];
-  rawOutput: string;
-  usage?: { input: number; output: number; costUSD?: number };
-}
-export interface ReviewEngine extends AdapterBase {
-  review(input: ReviewInput): Promise<ReviewOutput>;
-  estimateTokens(content: string): number;
-}

package/src/adapters/vcs-host/commit-status.ts DELETED Viewed

@@ -1,39 +0,0 @@
-import { runSafe } from '../../core/shell.ts';
-export type CommitState = 'pending' | 'success' | 'failure' | 'error';
-export interface CommitStatusOptions {
-  sha: string;
-  state: CommitState;
-  description?: string;
-  context?: string;
-  targetUrl?: string;
-  cwd?: string;
-}
-function getCurrentSha(cwd: string): string | null {
-  return runSafe('git', ['rev-parse', 'HEAD'], { cwd })?.trim() ?? null;
-}
-export function resolveCommitSha(cwd: string, envSha?: string): string | null {
-  return envSha
-    ?? process.env.GITHUB_SHA
-    ?? getCurrentSha(cwd);
-}
-export function postCommitStatus(opts: CommitStatusOptions): boolean {
-  const payload = JSON.stringify({
-    state: opts.state,
-    description: (opts.description ?? '').slice(0, 140),
-    context: opts.context ?? 'guardrail',
-    ...(opts.targetUrl ? { target_url: opts.targetUrl } : {}),
-  });
-  const result = runSafe('gh', [
-    'api', `repos/{owner}/{repo}/statuses/${opts.sha}`,
-    '--method', 'POST',
-    '--input', '-',
-  ], { cwd: opts.cwd, input: payload });
-  return result !== null;
-}

package/src/adapters/vcs-host/github.ts DELETED Viewed

@@ -1,77 +0,0 @@
-import { runSafe, runThrowing } from '../../core/shell.ts';
-import { GuardrailError } from '../../core/errors.ts';
-import type { Capabilities } from '../base.ts';
-import type { VcsHost, GenericComment, PrMetadata, CreatePrOptions, CreatePrResult } from './types.ts';
-export const githubAdapter: VcsHost = {
-  name: 'github',
-  apiVersion: '1.0.0',
-  getCapabilities(): Capabilities {
-    return { structuredOutput: true, streaming: false, maxContextTokens: 0, inlineComments: true };
-  },
-  async getPrDiff(pr: number | string): Promise<string> {
-    const result = runSafe('gh', ['pr', 'diff', String(pr)]);
-    if (result === null) throw new GuardrailError(`Failed to get diff for PR ${pr}`, { code: 'transient_network' });
-    return result;
-  },
-  async getPrMetadata(pr: number | string): Promise<PrMetadata> {
-    const raw = runThrowing('gh', ['pr', 'view', String(pr), '--json', 'title,body,files,headRefOid,baseRefName,headRefName'], { errorCode: 'transient_network' });
-    const data = JSON.parse(raw) as { title: string; body: string; files: { path: string }[]; headRefOid: string; baseRefName: string; headRefName: string };
-    return {
-      title: data.title,
-      body: data.body ?? '',
-      files: (data.files ?? []).map((f: { path: string }) => f.path),
-      headSha: data.headRefOid,
-      baseRef: data.baseRefName,
-      headRef: data.headRefName,
-    };
-  },
-  async postComment(pr: number | string, body: string): Promise<void> {
-    runThrowing('gh', ['pr', 'comment', String(pr), '--body', body], { errorCode: 'transient_network' });
-  },
-  async getReviewComments(pr: number | string): Promise<GenericComment[]> {
-    const raw = runSafe('gh', ['api', `repos/{owner}/{repo}/pulls/${pr}/comments`, '--paginate']);
-    if (!raw) return [];
-    try {
-      const parsed = JSON.parse(raw) as Array<{ id: number; user: { login: string }; body: string; path: string; line?: number; html_url: string }>;
-      return parsed.map(c => ({ id: c.id, author: c.user.login, body: c.body, path: c.path, line: c.line, url: c.html_url }));
-    } catch { return []; }
-  },
-  async replyToComment(pr: number | string, commentId: string | number, body: string): Promise<void> {
-    runThrowing('gh', ['api', `repos/{owner}/{repo}/pulls/${pr}/comments/${commentId}/replies`, '--method', 'POST', '--field', `body=${body}`], { errorCode: 'transient_network' });
-  },
-  async createPr(opts: CreatePrOptions): Promise<CreatePrResult> {
-    const existing = runSafe('gh', ['pr', 'list', '--head', opts.head, '--json', 'number,url', '--limit', '1']);
-    if (existing) {
-      try {
-        const parsed = JSON.parse(existing) as Array<{ number: number; url: string }>;
-        if (parsed.length > 0 && parsed[0]) {
-          return { number: parsed[0].number, url: parsed[0].url, alreadyExisted: true };
-        }
-      } catch { /* fall through to create */ }
-    }
-    const args = ['pr', 'create', '--title', opts.title, '--body', opts.body, '--base', opts.base, '--head', opts.head];
-    if (opts.draft) args.push('--draft');
-    const raw = runThrowing('gh', args, { errorCode: 'transient_network' });
-    const url = raw.trim();
-    const match = url.match(/\/pull\/(\d+)$/);
-    const number = match ? parseInt(match[1]!, 10) : 0;
-    return { number, url, alreadyExisted: false };
-  },
-  async push(branch: string, opts?: { setUpstream?: boolean }): Promise<void> {
-    const args = ['push', 'origin', branch];
-    if (opts?.setUpstream) args.splice(1, 0, '-u');
-    runThrowing('git', args, { errorCode: 'transient_network' });
-  },
-};
-export default githubAdapter;

package/src/adapters/vcs-host/types.ts DELETED Viewed

@@ -1,44 +0,0 @@
-import type { AdapterBase } from '../base.ts';
-export interface GenericComment {
-  id: string | number;
-  author: string;
-  body: string;
-  path?: string;
-  line?: number;
-  url?: string;
-}
-export interface PrMetadata {
-  title: string;
-  body: string;
-  files: string[];
-  headSha: string;
-  baseRef: string;
-  headRef: string;
-}
-export interface CreatePrOptions {
-  title: string;
-  body: string;
-  base: string;
-  head: string;
-  draft?: boolean;
-  idempotencyKey?: string;
-}
-export interface CreatePrResult {
-  number: number;
-  url: string;
-  alreadyExisted: boolean;
-}
-export interface VcsHost extends AdapterBase {
-  getPrDiff(pr: number | string): Promise<string>;
-  getPrMetadata(pr: number | string): Promise<PrMetadata>;
-  postComment(pr: number | string, body: string, idempotencyKey?: string): Promise<void>;
-  getReviewComments(pr: number | string): Promise<GenericComment[]>;
-  replyToComment(pr: number | string, commentId: string | number, body: string, idempotencyKey?: string): Promise<void>;
-  createPr(opts: CreatePrOptions): Promise<CreatePrResult>;
-  push(branch: string, opts?: { setUpstream?: boolean }): Promise<void>;
-}

package/src/cli/_pkg-root.ts DELETED Viewed

@@ -1,85 +0,0 @@
-/**
- * Resolves the canonical package root directory from the perspective of any
- * source file in the package. Robust under both source (`src/cli/foo.ts` →
- * `<root>`) and compiled (`dist/src/cli/foo.js` → `<root>`) layouts.
- *
- * Background: every site that hardcoded `path.resolve(dirname(fileURLToPath(...)), '..', '..')`
- * worked when called from the source layout but resolved one level shallow under
- * the compiled output (landing in `dist/` instead of the package root). The
- * real-world soak against `npx @delegance/claude-autopilot@alpha init` surfaced
- * this — `init` couldn't find `presets/<name>/guardrail.config.yaml` because it
- * was looking at `dist/presets/...` (which doesn't exist; presets ship at the
- * package root).
- *
- * This helper walks up from the caller's `import.meta.url` looking for the
- * `@delegance/claude-autopilot` package.json. Both source and compiled callers
- * land in the same place.
- */
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import { fileURLToPath } from 'node:url';
-const PACKAGE_NAME = '@delegance/claude-autopilot';
-/**
- * Walks up from the caller's location looking for the package.json that
- * declares `name === '@delegance/claude-autopilot'`. Returns the directory
- * containing that package.json, or null if not found within `maxDepth` levels.
- */
-export function findPackageRoot(callerImportMetaUrl: string, maxDepth = 10): string | null {
-  let dir = path.dirname(fileURLToPath(callerImportMetaUrl));
-  for (let i = 0; i < maxDepth; i++) {
-    const candidate = path.join(dir, 'package.json');
-    if (fs.existsSync(candidate)) {
-      try {
-        const pkg = JSON.parse(fs.readFileSync(candidate, 'utf8')) as { name?: string };
-        if (pkg.name === PACKAGE_NAME) return dir;
-      } catch {
-        /* keep walking */
-      }
-    }
-    const parent = path.dirname(dir);
-    if (parent === dir) break;
-    dir = parent;
-  }
-  return null;
-}
-/**
- * Throws a clear error if the package root can't be located. Use at sites that
- * absolutely require the root (e.g. preset config lookup).
- */
-export function requirePackageRoot(callerImportMetaUrl: string): string {
-  const root = findPackageRoot(callerImportMetaUrl);
-  if (!root) {
-    throw new Error(
-      `[claude-autopilot] Could not locate package root from ${fileURLToPath(callerImportMetaUrl)}. ` +
-      `Reinstall: npm install -g @delegance/claude-autopilot@alpha`,
-    );
-  }
-  return root;
-}
-/**
- * Resolve a sibling-module path for dynamic `import()` that works under both
- * source (caller is `.ts`) and compiled (caller is `.js`) layouts.
- *
- * Background: `import('./rules/foo.ts')` and `import('./review-engine/auto.ts')`
- * are dynamic-import string literals — TS's `rewriteRelativeImportExtensions`
- * only rewrites STATIC imports, leaving these string refs as `.ts` post-compile.
- * Under compiled output, the actual module is `.js`, so the import fails with
- * `Failed to import adapter from .../auto.ts`.
- *
- * This helper detects whether the caller is itself compiled (`.js`/`.mjs`) and
- * rewrites the ref's extension to match.
- *
- * @param ref Sibling-module ref ending in `.ts` (e.g. `./review-engine/auto.ts`).
- * @param callerImportMetaUrl Caller's `import.meta.url`.
- * @returns Absolute filesystem path suitable for `import()`.
- */
-export function resolveSiblingModule(ref: string, callerImportMetaUrl: string): string {
-  const callerIsCompiled = callerImportMetaUrl.endsWith('.js') || callerImportMetaUrl.endsWith('.mjs');
-  const adjustedRef = callerIsCompiled ? ref.replace(/\.ts$/, '.js') : ref;
-  return fileURLToPath(new URL(adjustedRef, callerImportMetaUrl));
-}

package/src/cli/autoregress-bridge.ts DELETED Viewed

@@ -1,30 +0,0 @@
-// src/cli/autoregress-bridge.ts
-import * as path from 'node:path';
-import { spawnSync } from 'node:child_process';
-import { fileURLToPath } from 'node:url';
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const SCRIPT = path.resolve(__dirname, '../../scripts/autoregress.ts');
-const VALID_MODES = ['run', 'update', 'generate', 'diff'];
-export function buildAutoregressArgs(args: string[]): string[] {
-  const mode = args[0] && VALID_MODES.includes(args[0]) ? args[0] : 'run';
-  const rest = args[0] && VALID_MODES.includes(args[0]) ? args.slice(1) : args;
-  return [mode, ...rest];
-}
-export function runAutoregress(args: string[]): number {
-  const resolvedArgs = buildAutoregressArgs(args);
-  const result = spawnSync(
-    process.execPath,
-    ['--import', 'tsx', SCRIPT, ...resolvedArgs],
-    { stdio: 'inherit', cwd: process.cwd() },
-  );
-  if (result.error) {
-    console.error(`[autoregress] failed to launch: ${result.error.message}`);
-    console.error(`  script: ${SCRIPT}`);
-    return 1;
-  }
-  return result.status ?? 1;
-}

package/src/cli/baseline.ts DELETED Viewed

@@ -1,125 +0,0 @@
-import * as path from 'node:path';
-import * as fs from 'node:fs';
-import {
-  loadBaseline, saveBaseline, clearBaseline, diffAgainstBaseline,
-  baselineFilePath,
-} from '../core/persist/baseline.ts';
-import { loadCachedFindings } from '../core/persist/findings-cache.ts';
-const C = {
-  reset: '\x1b[0m', bold: '\x1b[1m', dim: '\x1b[2m',
-  green: '\x1b[32m', yellow: '\x1b[33m', red: '\x1b[31m', cyan: '\x1b[36m',
-};
-const fmt = (c: keyof typeof C, t: string) => `${C[c]}${t}${C.reset}`;
-export interface BaselineCommandOptions {
-  cwd?: string;
-  note?: string;
-  baselinePath?: string;
-}
-export async function runBaseline(sub: string, options: BaselineCommandOptions = {}): Promise<number> {
-  const cwd = options.cwd ?? process.cwd();
-  const bPath = baselineFilePath(cwd, options.baselinePath);
-  const relPath = path.relative(cwd, bPath);
-  switch (sub) {
-    case 'create': {
-      if (fs.existsSync(bPath)) {
-        console.log(fmt('yellow', `[baseline] ${relPath} already exists — use \`guardrail baseline update\` to refresh, or \`guardrail baseline clear\` to reset`));
-        return 1;
-      }
-      return createOrUpdate(cwd, bPath, relPath, options.note, 'Created');
-    }
-    case 'update': {
-      return createOrUpdate(cwd, bPath, relPath, options.note, 'Updated');
-    }
-    case 'show': {
-      const baseline = loadBaseline(cwd, options.baselinePath);
-      if (!baseline) {
-        console.log(fmt('yellow', `[baseline] No baseline found at ${relPath}`));
-        console.log(fmt('dim', '  Run: guardrail baseline create'));
-        return 0;
-      }
-      console.log(`\n${fmt('bold', '[baseline]')} ${fmt('dim', relPath)}`);
-      console.log(fmt('dim', `  Created: ${baseline.createdAt}  Updated: ${baseline.updatedAt}`));
-      if (baseline.note) console.log(fmt('dim', `  Note: ${baseline.note}`));
-      console.log(`  ${baseline.entries.length} pinned finding${baseline.entries.length !== 1 ? 's' : ''}\n`);
-      for (const e of baseline.entries) {
-        const sev = e.severity === 'critical' ? fmt('red', 'CRIT') : e.severity === 'warning' ? fmt('yellow', 'WARN') : fmt('dim', 'NOTE');
-        console.log(`  [${sev}] ${fmt('dim', `${e.file}${e.line ? `:${e.line}` : ''}`)} ${e.message.slice(0, 70)}`);
-      }
-      console.log('');
-      return 0;
-    }
-    case 'diff': {
-      const baseline = loadBaseline(cwd, options.baselinePath);
-      if (!baseline) {
-        console.log(fmt('yellow', `[baseline] No baseline found — run: guardrail baseline create`));
-        return 1;
-      }
-      const current = loadCachedFindings(cwd);
-      if (current.length === 0) {
-        console.log(fmt('yellow', '[baseline] No cached findings — run `guardrail run` or `guardrail scan` first'));
-        return 1;
-      }
-      const diff = diffAgainstBaseline(current, baseline);
-      console.log(`\n${fmt('bold', '[guardrail baseline diff]')} vs ${fmt('dim', relPath)}\n`);
-      if (diff.added.length > 0) {
-        console.log(fmt('red', `  ${diff.added.length} new finding${diff.added.length !== 1 ? 's' : ''} (not in baseline):`));
-        for (const f of diff.added) {
-          const sev = f.severity === 'critical' ? fmt('red', 'CRIT') : f.severity === 'warning' ? fmt('yellow', 'WARN') : fmt('dim', 'NOTE');
-          console.log(`    [${sev}] ${fmt('dim', `${f.file}${f.line ? `:${f.line}` : ''}`)} ${f.message.slice(0, 70)}`);
-        }
-        console.log('');
-      }
-      if (diff.resolved.length > 0) {
-        console.log(fmt('green', `  ${diff.resolved.length} resolved (in baseline but not in current):`));
-        for (const e of diff.resolved) {
-          console.log(`    ${fmt('dim', `${e.file}${e.line ? `:${e.line}` : ''}`)} ${e.message.slice(0, 70)}`);
-        }
-        console.log('');
-      }
-      if (diff.added.length === 0 && diff.resolved.length === 0) {
-        console.log(fmt('green', `  ✓ No changes vs baseline (${diff.unchanged.length} pinned findings unchanged)\n`));
-      } else {
-        console.log(fmt('dim', `  ${diff.unchanged.length} unchanged · run \`guardrail baseline update\` to pin new state\n`));
-      }
-      return diff.added.some(f => f.severity === 'critical') ? 1 : 0;
-    }
-    case 'clear': {
-      if (!fs.existsSync(bPath)) {
-        console.log(fmt('dim', `[baseline] No baseline at ${relPath} — nothing to clear`));
-        return 0;
-      }
-      clearBaseline(cwd, options.baselinePath);
-      console.log(fmt('green', `[baseline] Cleared ${relPath}`));
-      return 0;
-    }
-    default:
-      console.error(fmt('red', `[baseline] Unknown subcommand: "${sub}"`));
-      console.error(fmt('dim', '  Usage: guardrail baseline <create|update|show|diff|clear> [--note "..."]'));
-      return 1;
-  }
-}
-function createOrUpdate(cwd: string, bPath: string, relPath: string, note: string | undefined, verb: string): number {
-  const findings = loadCachedFindings(cwd);
-  if (findings.length === 0) {
-    console.log(fmt('yellow', '[baseline] No cached findings to snapshot — run `guardrail run` or `guardrail scan` first'));
-    return 1;
-  }
-  const baseline = saveBaseline(cwd, findings, { note, overridePath: bPath === path.join(cwd, '.guardrail-baseline.json') ? undefined : bPath });
-  console.log(`\n${fmt('green', `[baseline] ${verb}`)} ${fmt('dim', relPath)}`);
-  console.log(`  ${baseline.entries.length} finding${baseline.entries.length !== 1 ? 's' : ''} pinned as accepted baseline`);
-  if (note) console.log(`  Note: ${note}`);
-  console.log(fmt('dim', `\n  Commit this file to share the baseline with your team:`));
-  console.log(fmt('cyan', `    git add ${relPath} && git commit -m "chore: update guardrail baseline"\n`));
-  return 0;
-}

package/src/cli/ci.ts DELETED Viewed

@@ -1,45 +0,0 @@
-import { runCommand } from './run.ts';
-export interface CiCommandOptions {
-  cwd?: string;
-  configPath?: string;
-  base?: string;
-  postComments?: boolean;
-  sarifOutput?: string;
-  diff?: boolean;
-  inlineComments?: boolean;
-  newOnly?: boolean;
-  failOn?: 'critical' | 'warning' | 'note' | 'none';
-}
-/**
- * `guardrail ci` — opinionated single-command CI entrypoint.
- *
- * Defaults:
- *   base          GITHUB_BASE_REF → HEAD~1
- *   output        guardrail.sarif
- *   post-comments true
- *   fail-on       critical (or policy.failOn from config)
- *   new-only      false (or policy.newOnly from config)
- */
-export async function runCi(options: CiCommandOptions = {}): Promise<number> {
-  const base = options.base
-    ?? process.env.GITHUB_BASE_REF
-    ?? process.env.CI_MERGE_REQUEST_TARGET_BRANCH_NAME  // GitLab
-    ?? 'HEAD~1';
-  const sarifOutput = options.sarifOutput ?? 'guardrail.sarif';
-  return runCommand({
-    cwd: options.cwd,
-    configPath: options.configPath,
-    base,
-    postComments: options.postComments ?? true,
-    format: 'sarif',
-    outputPath: sarifOutput,
-    diff: options.diff,
-    inlineComments: options.inlineComments ?? true,
-    newOnly: options.newOnly,
-    failOn: options.failOn,
-  });
-}