@devinnn/docdrift 0.1.0

package/dist/src/index.js

@@ -0,0 +1,375 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.STATE_PATH = void 0;
+exports.runDetect = runDetect;
+exports.runDocDrift = runDocDrift;
+exports.runValidate = runValidate;
+exports.runStatus = runStatus;
+exports.resolveTrigger = resolveTrigger;
+exports.parseDurationHours = parseDurationHours;
+exports.requireSha = requireSha;
+const node_path_1 = __importDefault(require("node:path"));
+const load_1 = require("./config/load");
+const validate_1 = require("./config/validate");
+const detect_1 = require("./detect");
+const bundle_1 = require("./evidence/bundle");
+const client_1 = require("./github/client");
+const engine_1 = require("./policy/engine");
+const state_1 = require("./policy/state");
+const log_1 = require("./utils/log");
+const prompts_1 = require("./devin/prompts");
+const schemas_1 = require("./devin/schemas");
+const v1_1 = require("./devin/v1");
+function parseStructured(session) {
+    return session?.structured_output ?? session?.data?.structured_output ?? {};
+}
+function inferPrUrl(session, structured) {
+    if (typeof structured?.pr?.url === "string") {
+        return structured.pr.url;
+    }
+    if (typeof session?.pull_request_url === "string") {
+        return session.pull_request_url;
+    }
+    if (typeof session?.pr_url === "string") {
+        return session.pr_url;
+    }
+    return undefined;
+}
+function inferQuestions(structured) {
+    const questions = structured?.blocked?.questions;
+    if (Array.isArray(questions)) {
+        return questions.map(String);
+    }
+    return [
+        "Which conceptual docs should be updated for this behavior change?",
+        "What are the exact user-visible semantics after this merge?"
+    ];
+}
+async function executeSession(input) {
+    const attachmentUrls = [];
+    for (const attachmentPath of input.attachmentPaths) {
+        const url = await (0, v1_1.devinUploadAttachment)(input.apiKey, attachmentPath);
+        attachmentUrls.push(url);
+    }
+    const prompt = input.item.mode === "autogen"
+        ? (0, prompts_1.buildAutogenPrompt)({
+            item: input.item,
+            attachmentUrls,
+            verificationCommands: input.config.policy.verification.commands,
+            allowlist: input.config.policy.allowlist,
+            confidenceThreshold: input.config.policy.confidence.autopatchThreshold
+        })
+        : (0, prompts_1.buildConceptualPrompt)({
+            item: input.item,
+            attachmentUrls,
+            verificationCommands: input.config.policy.verification.commands,
+            allowlist: input.config.policy.allowlist,
+            confidenceThreshold: input.config.policy.confidence.autopatchThreshold
+        });
+    const session = await (0, v1_1.devinCreateSession)(input.apiKey, {
+        prompt,
+        unlisted: input.config.devin.unlisted,
+        max_acu_limit: input.config.devin.maxAcuLimit,
+        tags: [...new Set([...(input.config.devin.tags ?? []), "docdrift", input.item.docArea])],
+        attachments: attachmentUrls,
+        structured_output: {
+            schema: schemas_1.PatchPlanSchema
+        },
+        metadata: {
+            repository: input.repository,
+            docArea: input.item.docArea,
+            mode: input.item.mode
+        }
+    });
+    const finalSession = await (0, v1_1.pollUntilTerminal)(input.apiKey, session.session_id);
+    const structured = parseStructured(finalSession);
+    const status = String(finalSession.status_enum ?? finalSession.status ?? "").toLowerCase();
+    const prUrl = inferPrUrl(finalSession, structured);
+    const verificationCommands = Array.isArray(structured?.verification?.commands)
+        ? structured.verification.commands.map(String)
+        : input.config.policy.verification.commands;
+    const verificationResults = Array.isArray(structured?.verification?.results)
+        ? structured.verification.results.map(String)
+        : verificationCommands.map(() => "not reported");
+    const verification = verificationCommands.map((command, idx) => ({
+        command,
+        result: verificationResults[idx] ?? "not reported"
+    }));
+    if (prUrl) {
+        return {
+            outcome: "PR_OPENED",
+            summary: String(structured?.summary ?? "PR opened by Devin"),
+            sessionUrl: session.url,
+            prUrl,
+            verification
+        };
+    }
+    if (status === "blocked" || structured?.status === "BLOCKED") {
+        return {
+            outcome: "BLOCKED",
+            summary: String(structured?.blocked?.reason ?? structured?.summary ?? "Session blocked"),
+            sessionUrl: session.url,
+            questions: inferQuestions(structured),
+            verification
+        };
+    }
+    return {
+        outcome: "NO_CHANGE",
+        summary: String(structured?.summary ?? "Session completed without PR"),
+        sessionUrl: session.url,
+        verification
+    };
+}
+async function runDetect(options) {
+    const config = (0, load_1.loadConfig)();
+    const runtimeValidation = await (0, validate_1.validateRuntimeConfig)(config);
+    if (runtimeValidation.errors.length) {
+        throw new Error(`Config validation failed:\n${runtimeValidation.errors.join("\n")}`);
+    }
+    const repo = process.env.GITHUB_REPOSITORY ?? "local/docdrift";
+    const { report } = await (0, detect_1.buildDriftReport)({
+        config,
+        repo,
+        baseSha: options.baseSha,
+        headSha: options.headSha,
+        trigger: options.trigger ?? "manual"
+    });
+    (0, log_1.logInfo)(`Drift items detected: ${report.items.length}`);
+    return { hasDrift: report.items.length > 0 };
+}
+async function runDocDrift(options) {
+    const config = (0, load_1.loadConfig)();
+    const runtimeValidation = await (0, validate_1.validateRuntimeConfig)(config);
+    if (runtimeValidation.errors.length) {
+        throw new Error(`Config validation failed:\n${runtimeValidation.errors.join("\n")}`);
+    }
+    const repo = process.env.GITHUB_REPOSITORY ?? "local/docdrift";
+    const commitSha = process.env.GITHUB_SHA ?? options.headSha;
+    const githubToken = process.env.GITHUB_TOKEN;
+    const devinApiKey = process.env.DEVIN_API_KEY;
+    const { report, runInfo, evidenceRoot } = await (0, detect_1.buildDriftReport)({
+        config,
+        repo,
+        baseSha: options.baseSha,
+        headSha: options.headSha,
+        trigger: options.trigger ?? "manual"
+    });
+    const docAreaByName = new Map(config.docAreas.map((area) => [area.name, area]));
+    let state = (0, state_1.loadState)();
+    const startedAt = Date.now();
+    const results = [];
+    const metrics = {
+        driftItemsDetected: report.items.length,
+        prsOpened: 0,
+        issuesOpened: 0,
+        blockedCount: 0,
+        timeToSessionTerminalMs: [],
+        docAreaCounts: {},
+        noiseRateProxy: 0
+    };
+    for (const item of report.items) {
+        metrics.docAreaCounts[item.docArea] = (metrics.docAreaCounts[item.docArea] ?? 0) + 1;
+        const areaConfig = docAreaByName.get(item.docArea);
+        if (!areaConfig) {
+            continue;
+        }
+        const decision = (0, engine_1.decidePolicy)({
+            item,
+            docAreaConfig: areaConfig,
+            config,
+            state,
+            repo,
+            baseSha: options.baseSha,
+            headSha: options.headSha
+        });
+        if (decision.action === "NOOP") {
+            results.push({
+                docArea: item.docArea,
+                decision,
+                outcome: "NO_CHANGE",
+                summary: decision.reason
+            });
+            continue;
+        }
+        if (decision.action === "UPDATE_EXISTING_PR") {
+            const existingPr = state.areaLatestPr[item.docArea];
+            const summary = existingPr
+                ? `Bundled into existing PR: ${existingPr}`
+                : "PR cap reached and no existing area PR; escalated";
+            const outcome = existingPr ? "NO_CHANGE" : "BLOCKED";
+            results.push({
+                docArea: item.docArea,
+                decision,
+                outcome,
+                summary,
+                prUrl: existingPr
+            });
+            state = (0, engine_1.applyDecisionToState)({
+                state,
+                decision,
+                docArea: item.docArea,
+                outcome,
+                link: existingPr
+            });
+            continue;
+        }
+        const bundle = await (0, bundle_1.buildEvidenceBundle)({ runInfo, item, evidenceRoot });
+        const attachmentPaths = [...new Set([bundle.archivePath, ...bundle.attachmentPaths])];
+        let sessionOutcome = {
+            outcome: "NO_CHANGE",
+            summary: "Skipped Devin session",
+            verification: config.policy.verification.commands.map((command) => ({ command, result: "not run" }))
+        };
+        if (devinApiKey) {
+            const sessionStart = Date.now();
+            sessionOutcome = await executeSession({
+                apiKey: devinApiKey,
+                repository: repo,
+                item,
+                attachmentPaths,
+                config
+            });
+            metrics.timeToSessionTerminalMs.push(Date.now() - sessionStart);
+        }
+        else {
+            (0, log_1.logWarn)("DEVIN_API_KEY not set; running fallback behavior", { docArea: item.docArea });
+            sessionOutcome = {
+                outcome: "BLOCKED",
+                summary: "DEVIN_API_KEY missing; cannot start Devin session",
+                questions: ["Set DEVIN_API_KEY in environment or GitHub Actions secrets"],
+                verification: config.policy.verification.commands.map((command) => ({ command, result: "not run" }))
+            };
+        }
+        let issueUrl;
+        if (githubToken &&
+            (decision.action === "OPEN_ISSUE" || sessionOutcome.outcome === "BLOCKED" || sessionOutcome.outcome === "NO_CHANGE")) {
+            issueUrl = await (0, client_1.createIssue)({
+                token: githubToken,
+                repository: repo,
+                issue: {
+                    title: `[docdrift] ${item.docArea}: docs drift requires input`,
+                    body: (0, client_1.renderBlockedIssueBody)({
+                        docArea: item.docArea,
+                        evidenceSummary: item.summary,
+                        questions: sessionOutcome.questions ?? ["Please confirm intended behavior and doc wording."],
+                        sessionUrl: sessionOutcome.sessionUrl
+                    }),
+                    labels: ["docdrift"]
+                }
+            });
+            metrics.issuesOpened += 1;
+            sessionOutcome.outcome = "ISSUE_OPENED";
+        }
+        if (sessionOutcome.outcome === "PR_OPENED") {
+            metrics.prsOpened += 1;
+        }
+        if (sessionOutcome.outcome === "BLOCKED") {
+            metrics.blockedCount += 1;
+        }
+        const result = {
+            docArea: item.docArea,
+            decision,
+            outcome: sessionOutcome.outcome,
+            summary: sessionOutcome.summary,
+            sessionUrl: sessionOutcome.sessionUrl,
+            prUrl: sessionOutcome.prUrl,
+            issueUrl
+        };
+        results.push(result);
+        if (githubToken) {
+            const body = (0, client_1.renderRunComment)({
+                docArea: item.docArea,
+                summary: sessionOutcome.summary,
+                decision: decision.action,
+                outcome: sessionOutcome.outcome,
+                sessionUrl: sessionOutcome.sessionUrl,
+                prUrl: sessionOutcome.prUrl,
+                issueUrl,
+                validation: sessionOutcome.verification
+            });
+            await (0, client_1.postCommitComment)({
+                token: githubToken,
+                repository: repo,
+                commitSha,
+                body
+            });
+        }
+        state = (0, engine_1.applyDecisionToState)({
+            state,
+            decision,
+            docArea: item.docArea,
+            outcome: sessionOutcome.outcome,
+            link: sessionOutcome.prUrl ?? issueUrl
+        });
+    }
+    (0, state_1.saveState)(state);
+    metrics.noiseRateProxy =
+        metrics.driftItemsDetected === 0 ? 0 : Number((metrics.prsOpened / metrics.driftItemsDetected).toFixed(4));
+    (0, bundle_1.writeMetrics)(metrics);
+    (0, log_1.logInfo)("Run complete", {
+        items: report.items.length,
+        elapsedMs: Date.now() - startedAt
+    });
+    return results;
+}
+async function runValidate() {
+    const config = (0, load_1.loadConfig)();
+    const runtimeValidation = await (0, validate_1.validateRuntimeConfig)(config);
+    if (runtimeValidation.errors.length) {
+        throw new Error(`Config validation failed:\n${runtimeValidation.errors.join("\n")}`);
+    }
+    runtimeValidation.warnings.forEach((warning) => (0, log_1.logWarn)(warning));
+    (0, log_1.logInfo)("Config is valid");
+}
+async function runStatus(sinceHours = 24) {
+    const apiKey = process.env.DEVIN_API_KEY;
+    if (!apiKey) {
+        throw new Error("DEVIN_API_KEY is required for status command");
+    }
+    const sessions = await (0, v1_1.devinListSessions)(apiKey, { limit: 50, tag: "docdrift" });
+    const cutoff = Date.now() - sinceHours * 60 * 60 * 1000;
+    const filtered = sessions.filter((session) => {
+        const createdAt = session?.created_at ? Date.parse(String(session.created_at)) : Date.now();
+        return Number.isFinite(createdAt) ? createdAt >= cutoff : true;
+    });
+    if (!filtered.length) {
+        (0, log_1.logInfo)(`No docdrift sessions in last ${sinceHours}h`);
+        return;
+    }
+    for (const session of filtered) {
+        const id = String(session.session_id ?? session.id ?? "unknown");
+        const status = String(session.status_enum ?? session.status ?? "unknown");
+        const url = String(session.url ?? "");
+        console.log(`${id}\t${status}\t${url}`);
+    }
+}
+function resolveTrigger(eventName) {
+    if (eventName === "push") {
+        return "push";
+    }
+    if (eventName === "schedule") {
+        return "schedule";
+    }
+    return "manual";
+}
+function parseDurationHours(value) {
+    if (!value) {
+        return 24;
+    }
+    const normalized = value.endsWith("h") ? value.slice(0, -1) : value;
+    const parsed = Number(normalized);
+    if (!Number.isFinite(parsed) || parsed <= 0) {
+        throw new Error(`Invalid --since value: ${value}`);
+    }
+    return parsed;
+}
+function requireSha(value, label) {
+    if (!value) {
+        throw new Error(`Missing required argument: ${label}`);
+    }
+    return value;
+}
+exports.STATE_PATH = node_path_1.default.resolve(".docdrift", "state.json");

package/dist/src/model/state.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.emptyState = void 0;
+const emptyState = () => ({
+    idempotency: {},
+    dailyPrCount: {},
+    areaDailyPrOpened: {},
+    areaLatestPr: {}
+});
+exports.emptyState = emptyState;

package/dist/src/model/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/src/policy/confidence.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scoreSignals = scoreSignals;
+exports.combineWithDevinPlan = combineWithDevinPlan;
+const tierWeight = {
+    0: 1,
+    1: 0.9,
+    2: 0.6,
+    3: 0.35
+};
+function clamp01(value) {
+    return Math.max(0, Math.min(1, value));
+}
+function scoreSignals(signals) {
+    if (!signals.length) {
+        return 0;
+    }
+    let complement = 1;
+    for (const signal of signals) {
+        const weight = tierWeight[signal.tier] ?? 0.3;
+        const weighted = clamp01(signal.confidence * weight);
+        complement *= 1 - weighted;
+    }
+    return clamp01(1 - complement);
+}
+function combineWithDevinPlan(detectorConfidence, devinPlanConfidence) {
+    if (typeof devinPlanConfidence !== "number") {
+        return detectorConfidence;
+    }
+    return clamp01(detectorConfidence * 0.65 + devinPlanConfidence * 0.35);
+}

package/dist/src/policy/engine.js

@@ -0,0 +1,108 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decidePolicy = decidePolicy;
+exports.applyDecisionToState = applyDecisionToState;
+const glob_1 = require("../utils/glob");
+const hash_1 = require("../utils/hash");
+const confidence_1 = require("./confidence");
+function ymd(iso = new Date().toISOString()) {
+    return iso.slice(0, 10);
+}
+function buildIdempotencyKey(input) {
+    return (0, hash_1.sha256)(`${input.repo}:${input.docArea}:${input.baseSha}:${input.headSha}:${input.action}`);
+}
+function decidePolicy(input) {
+    const { item, docAreaConfig, config, state } = input;
+    const confidence = (0, confidence_1.scoreSignals)(item.signals);
+    const threshold = config.policy.confidence.autopatchThreshold;
+    const today = ymd();
+    const hasStrongSignal = item.signals.some((signal) => signal.tier <= 1);
+    const prCountToday = state.dailyPrCount[today] ?? 0;
+    const capReached = prCountToday >= config.policy.prCaps.maxPrsPerDay;
+    const areaDailyKey = `${today}:${item.docArea}`;
+    const exceedsFileCap = item.impactedDocs.length > config.policy.prCaps.maxFilesTouched;
+    const hasPathOutsideAllowlist = item.impactedDocs.some((filePath) => filePath && !(0, glob_1.isPathAllowed)(filePath, config.policy.allowlist));
+    let action = "NOOP";
+    let reason = "No action needed";
+    if (hasPathOutsideAllowlist) {
+        action = "OPEN_ISSUE";
+        reason = "Impacted files include non-allowlisted paths";
+    }
+    else if (exceedsFileCap) {
+        action = "OPEN_ISSUE";
+        reason = "Impacted files exceed maxFilesTouched policy cap";
+    }
+    else if (item.mode === "autogen") {
+        if (!hasStrongSignal) {
+            action = "OPEN_ISSUE";
+            reason = "Autogen area without strong signal; escalate as issue";
+        }
+        else if (confidence < threshold) {
+            action = "OPEN_ISSUE";
+            reason = `Confidence ${confidence.toFixed(2)} below threshold ${threshold.toFixed(2)}`;
+        }
+        else if (capReached) {
+            action = state.areaLatestPr[item.docArea] ? "UPDATE_EXISTING_PR" : "OPEN_ISSUE";
+            reason = "Daily PR cap reached";
+        }
+        else if (state.areaDailyPrOpened[areaDailyKey]) {
+            action = "UPDATE_EXISTING_PR";
+            reason = "One PR per doc area per day bundling rule";
+        }
+        else {
+            action = "OPEN_PR";
+            reason = "Strong autogen signal with confidence above threshold";
+        }
+    }
+    else {
+        const requireHuman = Boolean(docAreaConfig.patch.requireHumanConfirmation);
+        if (!requireHuman && hasStrongSignal && confidence >= Math.min(0.95, threshold + 0.1)) {
+            action = "OPEN_PR";
+            reason = "Conceptual area is high-confidence and human confirmation not required";
+        }
+        else {
+            action = "OPEN_ISSUE";
+            reason = "Conceptual drift defaults to human-in-the-loop issue";
+        }
+    }
+    const idempotencyKey = buildIdempotencyKey({
+        repo: input.repo,
+        docArea: item.docArea,
+        baseSha: input.baseSha,
+        headSha: input.headSha,
+        action
+    });
+    if (state.idempotency[idempotencyKey]) {
+        return {
+            action: "NOOP",
+            confidence,
+            reason: "Idempotency key already processed",
+            idempotencyKey
+        };
+    }
+    return {
+        action,
+        confidence,
+        reason,
+        idempotencyKey
+    };
+}
+function applyDecisionToState(input) {
+    const today = ymd();
+    const next = JSON.parse(JSON.stringify(input.state));
+    const record = {
+        createdAt: new Date().toISOString(),
+        action: input.decision.action,
+        outcome: input.outcome,
+        link: input.link
+    };
+    next.idempotency[input.decision.idempotencyKey] = record;
+    if (input.outcome === "PR_OPENED") {
+        next.dailyPrCount[today] = (next.dailyPrCount[today] ?? 0) + 1;
+        next.areaDailyPrOpened[`${today}:${input.docArea}`] = input.link ?? "opened";
+        if (input.link) {
+            next.areaLatestPr[input.docArea] = input.link;
+        }
+    }
+    return next;
+}

package/dist/src/policy/state.js

@@ -0,0 +1,17 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadState = loadState;
+exports.saveState = saveState;
+const node_path_1 = __importDefault(require("node:path"));
+const state_1 = require("../model/state");
+const fs_1 = require("../utils/fs");
+const statePath = node_path_1.default.resolve(".docdrift", "state.json");
+function loadState() {
+    return (0, fs_1.readJsonFile)(statePath, (0, state_1.emptyState)());
+}
+function saveState(state) {
+    (0, fs_1.writeJsonFile)(statePath, state);
+}

package/dist/src/utils/exec.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.execCommand = execCommand;
+const node_child_process_1 = require("node:child_process");
+const node_util_1 = require("node:util");
+const exec = (0, node_util_1.promisify)(node_child_process_1.exec);
+async function execCommand(command, cwd = process.cwd()) {
+    try {
+        const { stdout, stderr } = await exec(command, {
+            cwd,
+            maxBuffer: 10 * 1024 * 1024
+        });
+        return { command, stdout, stderr, exitCode: 0 };
+    }
+    catch (error) {
+        const e = error;
+        return {
+            command,
+            stdout: e.stdout ?? "",
+            stderr: e.stderr ?? String(error),
+            exitCode: typeof e.code === "number" ? e.code : 1
+        };
+    }
+}

package/dist/src/utils/fs.js

@@ -0,0 +1,39 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureDir = ensureDir;
+exports.readJsonFile = readJsonFile;
+exports.writeJsonFile = writeJsonFile;
+exports.safeReadText = safeReadText;
+exports.copyIfExists = copyIfExists;
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_path_1 = __importDefault(require("node:path"));
+function ensureDir(dirPath) {
+    node_fs_1.default.mkdirSync(dirPath, { recursive: true });
+}
+function readJsonFile(filePath, fallback) {
+    if (!node_fs_1.default.existsSync(filePath)) {
+        return fallback;
+    }
+    return JSON.parse(node_fs_1.default.readFileSync(filePath, "utf8"));
+}
+function writeJsonFile(filePath, value) {
+    ensureDir(node_path_1.default.dirname(filePath));
+    node_fs_1.default.writeFileSync(filePath, `${JSON.stringify(value, null, 2)}\n`, "utf8");
+}
+function safeReadText(filePath) {
+    if (!node_fs_1.default.existsSync(filePath)) {
+        return "";
+    }
+    return node_fs_1.default.readFileSync(filePath, "utf8");
+}
+function copyIfExists(sourcePath, destPath) {
+    if (!node_fs_1.default.existsSync(sourcePath)) {
+        return false;
+    }
+    ensureDir(node_path_1.default.dirname(destPath));
+    node_fs_1.default.copyFileSync(sourcePath, destPath);
+    return true;
+}

package/dist/src/utils/git.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.gitChangedPaths = gitChangedPaths;
+exports.gitDiffSummary = gitDiffSummary;
+exports.gitCommitList = gitCommitList;
+const exec_1 = require("./exec");
+async function gitChangedPaths(baseSha, headSha) {
+    const res = await (0, exec_1.execCommand)(`git diff --name-only ${baseSha} ${headSha}`);
+    if (res.exitCode !== 0) {
+        throw new Error(`Unable to compute changed paths: ${res.stderr}`);
+    }
+    return res.stdout
+        .split("\n")
+        .map((v) => v.trim())
+        .filter(Boolean);
+}
+async function gitDiffSummary(baseSha, headSha) {
+    const res = await (0, exec_1.execCommand)(`git diff --stat ${baseSha} ${headSha}`);
+    if (res.exitCode !== 0) {
+        throw new Error(`Unable to compute diff summary: ${res.stderr}`);
+    }
+    return res.stdout.trim();
+}
+async function gitCommitList(baseSha, headSha) {
+    const res = await (0, exec_1.execCommand)(`git log --pretty=format:%H ${baseSha}..${headSha}`);
+    if (res.exitCode !== 0) {
+        return [];
+    }
+    return res.stdout
+        .split("\n")
+        .map((v) => v.trim())
+        .filter(Boolean);
+}

package/dist/src/utils/glob.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.globToRegExp = globToRegExp;
+exports.matchesGlob = matchesGlob;
+exports.isPathAllowed = isPathAllowed;
+function escapeRegex(input) {
+    return input.replace(/[|\\{}()[\]^$+?.]/g, "\\$&");
+}
+function globToRegExp(glob) {
+    const escaped = escapeRegex(glob)
+        .replace(/\*\*/g, "::DOUBLE_STAR::")
+        .replace(/\*/g, "[^/]*")
+        .replace(/::DOUBLE_STAR::/g, ".*");
+    return new RegExp(`^${escaped}$`);
+}
+function matchesGlob(glob, value) {
+    return globToRegExp(glob).test(value);
+}
+function isPathAllowed(path, allowlist) {
+    return allowlist.some((glob) => matchesGlob(glob, path));
+}

package/dist/src/utils/hash.js

@@ -0,0 +1,10 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sha256 = sha256;
+const node_crypto_1 = __importDefault(require("node:crypto"));
+function sha256(input) {
+    return node_crypto_1.default.createHash("sha256").update(input).digest("hex");
+}