@equilateral_ai/mindmeld 3.5.0 → 3.5.2

package/hooks/pre-compact.js

@@ -18,6 +18,56 @@ const path = require('path');
 const fs = require('fs').promises;
 const crypto = require('crypto');
 
+/**
+ * Scrub sensitive data from text before sending to MindMeld API.
+ * Replaces AWS keys, API tokens, passwords, connection strings,
+ * private keys, and generic secrets with [REDACTED].
+ * @param {string} text - Text that may contain secrets
+ * @returns {string} Text with secrets replaced by [REDACTED]
+ */
+function scrubSecrets(text) {
+  if (typeof text !== 'string') return text;
+
+  const patterns = [
+    // AWS Access Keys
+    /AKIA[0-9A-Z]{16}/g,
+    // AWS Secret Keys
+    /(?:aws_secret_access_key|secret_key|secretAccessKey)\s*[=:]\s*['"]?[A-Za-z0-9/+=]{40}['"]?/gi,
+    // Generic API tokens
+    /(?:api[_-]?key|api[_-]?token|auth[_-]?token|bearer)\s*[=:]\s*['"]?[A-Za-z0-9_\-\.]{20,}['"]?/gi,
+    // Passwords
+    /(?:password|passwd|pwd)\s*[=:]\s*['"]?[^\s'"]{4,}['"]?/gi,
+    // Connection strings
+    /(?:postgres|mysql|mongodb|redis):\/\/[^\s'"]+/gi,
+    // Private keys
+    /-----BEGIN\s+(?:RSA\s+)?PRIVATE\s+KEY-----[\s\S]*?-----END\s+(?:RSA\s+)?PRIVATE\s+KEY-----/g,
+    // Generic secrets
+    /(?:secret|token|credential)\s*[=:]\s*['"]?[A-Za-z0-9_\-\.\/+=]{16,}['"]?/gi,
+  ];
+
+  let scrubbed = text;
+  for (const pattern of patterns) {
+    scrubbed = scrubbed.replace(pattern, '[REDACTED]');
+  }
+  return scrubbed;
+}
+
+/**
+ * Deep-scrub secrets from an object by traversing all string values.
+ * @param {*} obj - Object, array, or primitive to scrub
+ * @returns {*} Scrubbed copy (original is not mutated)
+ */
+function scrubSecretsDeep(obj) {
+  if (typeof obj === 'string') return scrubSecrets(obj);
+  if (obj === null || obj === undefined || typeof obj !== 'object') return obj;
+  if (Array.isArray(obj)) return obj.map(scrubSecretsDeep);
+  const result = {};
+  for (const [key, value] of Object.entries(obj)) {
+    result[key] = scrubSecretsDeep(value);
+  }
+  return result;
+}
+
 // LLM Pattern Detection (optional - requires ANTHROPIC_API_KEY)
 let LLMPatternDetector = null;
 try {
@@ -200,7 +250,7 @@ async function harvestPatterns(sessionTranscript) {
         ? sessionTranscript
         : sessionTranscript.transcript || JSON.stringify(sessionTranscript);
 
-      llmAnalysis = await detector.analyzeSessionTranscript(transcriptText, {
+      llmAnalysis = await detector.analyzeSessionTranscript(scrubSecrets(transcriptText), {
         projectName: path.basename(process.cwd()),
         filesChanged: sessionTranscript.filesChanged || []
       });
@@ -238,23 +288,23 @@ async function harvestPatterns(sessionTranscript) {
     // 2. Validate against standards
     const validationResults = await validatePatterns(mindmeld, patterns);
 
-    // 3. Record violations
+    // 3. Record violations (scrub secrets before sending to API)
     for (const result of validationResults.violations) {
-      await mindmeld.recordViolation({
+      await mindmeld.recordViolation(scrubSecretsDeep({
         pattern: result.pattern,
         violations: result.violations,
         sessionId: sessionId,
         userId: userId
-      });
+      }));
     }
 
-    // 4. Reinforce valid patterns
+    // 4. Reinforce valid patterns (scrub secrets before sending to API)
     for (const result of validationResults.valid) {
-      await mindmeld.reinforcePattern({
+      await mindmeld.reinforcePattern(scrubSecretsDeep({
         pattern: result.pattern,
         sessionId: sessionId,
         userId: userId
-      });
+      }));
     }
 
     // 5. Check for promotion candidates
@@ -274,7 +324,26 @@ async function harvestPatterns(sessionTranscript) {
       console.error('[MindMeld] Plan harvesting failed (non-fatal):', error.message);
     }
 
-    // 7. Log results
+    // 7. Detect and send corrections from conversation text
+    let correctionsDetected = 0;
+    try {
+      const transcriptText = typeof sessionTranscript === 'string'
+        ? sessionTranscript
+        : sessionTranscript.transcript || JSON.stringify(sessionTranscript);
+
+      const corrections = detectCorrections(transcriptText);
+      correctionsDetected = corrections.length;
+
+      if (corrections.length > 0) {
+        console.error(`[MindMeld] Detected ${corrections.length} correction(s) in session`);
+        await sendCorrections(corrections, authToken, apiConfig);
+        console.error(`[MindMeld] Sent ${corrections.length} correction(s) to API`);
+      }
+    } catch (error) {
+      console.error('[MindMeld] Correction harvesting failed (non-fatal):', error.message);
+    }
+
+    // 8. Log results
     const elapsed = Date.now() - startTime;
     const summary = {
       patternsDetected: patterns.length,
@@ -282,6 +351,7 @@ async function harvestPatterns(sessionTranscript) {
       reinforced: validationResults.valid.length,
       promotionCandidates: candidates.length,
       plansHarvested: harvestedPlans.length,
+      correctionsDetected: correctionsDetected,
       plans: harvestedPlans,
       readmeStale: null,
       readmeUpdateRecommended: false,
@@ -436,10 +506,10 @@ function parsePlanFile(filename, content, stat) {
     sizeBytes: stat.size,
     lineCount: lines.length,
     sections: Object.keys(sections),
-    context: sections['context'] || null,
+    context: scrubSecrets(sections['context'] || null),
     filesReferenced: fileRefs.slice(0, 20),
     projectHints: projectHints,
-    content: content
+    content: scrubSecrets(content)
   };
 }
 
@@ -502,6 +572,109 @@ async function checkPromotionCandidates(mindmeld, validPatterns) {
   return candidates;
 }
 
+/**
+ * Detect correction language patterns in conversation text.
+ * Scans for phrases indicating the user corrected the AI's approach.
+ * @param {string} conversationText - Raw conversation text to scan
+ * @returns {Array<{correction_text: string, context_before: string, context_after: string, pattern_matched: string}>}
+ */
+function detectCorrections(conversationText) {
+  if (typeof conversationText !== 'string' || conversationText.length === 0) return [];
+
+  const correctionPatterns = [
+    /no,? don'?t/gi,
+    /that'?s wrong/gi,
+    /instead,? do/gi,
+    /not like that/gi,
+    /revert that/gi,
+    /undo that/gi,
+    /shouldn'?t have/gi,
+    /wrong approach/gi,
+    /bad pattern/gi,
+    /don'?t use/gi,
+    /never do that/gi,
+    /stop doing/gi,
+  ];
+
+  const corrections = [];
+
+  for (const pattern of correctionPatterns) {
+    let match;
+    while ((match = pattern.exec(conversationText)) !== null) {
+      const matchStart = match.index;
+      const matchEnd = matchStart + match[0].length;
+
+      const contextStart = Math.max(0, matchStart - 100);
+      const contextEnd = Math.min(conversationText.length, matchEnd + 100);
+
+      corrections.push({
+        correction_text: match[0],
+        context_before: conversationText.slice(contextStart, matchStart),
+        context_after: conversationText.slice(matchEnd, contextEnd),
+        pattern_matched: pattern.source,
+      });
+    }
+  }
+
+  return corrections;
+}
+
+/**
+ * Send detected corrections to the MindMeld API.
+ * @param {Array} corrections - Array of correction objects from detectCorrections
+ * @param {string} authToken - Auth token for API calls
+ * @param {{apiUrl: string}} apiConfig - API configuration
+ * @returns {Promise<void>}
+ */
+async function sendCorrections(corrections, authToken, apiConfig) {
+  if (!corrections || corrections.length === 0) return;
+
+  const url = `${apiConfig.apiUrl}/corrections`;
+  const body = JSON.stringify({
+    corrections: scrubSecretsDeep(corrections),
+    source: 'hook-harvest',
+  });
+
+  const https = require('https');
+  const http = require('http');
+  const parsedUrl = new URL(url);
+  const transport = parsedUrl.protocol === 'https:' ? https : http;
+
+  const headers = {
+    'Content-Type': 'application/json',
+    'Content-Length': Buffer.byteLength(body),
+  };
+  if (authToken) {
+    headers['Authorization'] = `Bearer ${authToken}`;
+  }
+
+  return new Promise((resolve, reject) => {
+    const req = transport.request(
+      {
+        hostname: parsedUrl.hostname,
+        port: parsedUrl.port,
+        path: parsedUrl.pathname,
+        method: 'POST',
+        headers,
+      },
+      (res) => {
+        let data = '';
+        res.on('data', (chunk) => (data += chunk));
+        res.on('end', () => {
+          if (res.statusCode >= 200 && res.statusCode < 300) {
+            resolve(data);
+          } else {
+            reject(new Error(`Corrections API returned ${res.statusCode}: ${data}`));
+          }
+        });
+      }
+    );
+    req.on('error', reject);
+    req.write(body);
+    req.end();
+  });
+}
+
 /**
  * Generate session ID using crypto for consistency
  */
@@ -650,20 +823,95 @@ async function generatePostCompactContext(summary, llmAnalysis) {
   return sections.join('\n');
 }
 
-// Execute if called directly
-if (require.main === module) {
-  // Read session transcript from stdin or args
-  const input = process.argv[2];
+/**
+ * Read stdin with timeout.
+ * Claude Code hooks receive JSON input via stdin, not command-line arguments.
+ * @returns {Promise<string>} stdin content or empty string
+ */
+function readStdin() {
+  return new Promise((resolve) => {
+    let data = '';
+    const timeout = setTimeout(() => resolve(data), 2000);
+
+    if (process.stdin.isTTY) {
+      clearTimeout(timeout);
+      resolve('');
+      return;
+    }
+
+    process.stdin.setEncoding('utf-8');
+    process.stdin.on('data', chunk => { data += chunk; });
+    process.stdin.on('end', () => {
+      clearTimeout(timeout);
+      resolve(data);
+    });
+    process.stdin.on('error', () => {
+      clearTimeout(timeout);
+      resolve('');
+    });
+    process.stdin.resume();
+  });
+}
+
+/**
+ * Read the session transcript from the best available source.
+ * Priority:
+ *   1. stdin JSON with transcript_path (Claude Code hooks protocol)
+ *   2. process.argv[2] (legacy / manual testing, limited by OS ARG_MAX)
+ * @returns {Promise<Object>} Parsed session transcript
+ */
+async function readTranscriptInput() {
+  // 1. Try stdin — Claude Code hooks pass JSON with transcript_path
+  try {
+    const stdin = await readStdin();
+    if (stdin) {
+      const hookInput = JSON.parse(stdin);
+
+      // If we got a transcript_path, read the file (no ARG_MAX limit)
+      if (hookInput.transcript_path) {
+        console.error(`[MindMeld] Reading transcript from file: ${hookInput.transcript_path}`);
+        const content = await fs.readFile(hookInput.transcript_path, 'utf-8');
+        const transcript = parseSessionTranscript(content);
+        // Merge hook metadata (session_id, cwd) into transcript
+        if (hookInput.session_id && !transcript.sessionId) {
+          transcript.sessionId = hookInput.session_id;
+        }
+        return transcript;
+      }
+
+      // If stdin itself contains the transcript (inline JSON)
+      if (hookInput.transcript || hookInput.messages || hookInput.sessionId) {
+        return parseSessionTranscript(JSON.stringify(hookInput));
+      }
 
-  if (!input) {
-    console.error('[MindMeld] Usage: pre-compact.js <session-transcript-json>');
-    process.exit(0);
+      // Stdin had JSON but no transcript — try parsing it as-is
+      return parseSessionTranscript(stdin);
+    }
+  } catch (e) {
+    console.error(`[MindMeld] stdin parse failed (falling back to argv): ${e.message}`);
+  }
+
+  // 2. Fallback: process.argv[2] (legacy, limited to ~1MB on macOS)
+  const argInput = process.argv[2];
+  if (argInput) {
+    console.error('[MindMeld] Reading transcript from argv (legacy mode)');
+    return parseSessionTranscript(argInput);
   }
 
-  const sessionTranscript = parseSessionTranscript(input);
+  return null;
+}
+
+// Execute if called directly
+if (require.main === module) {
+  readTranscriptInput()
+    .then(async (sessionTranscript) => {
+      if (!sessionTranscript) {
+        console.error('[MindMeld] No transcript input received (stdin or argv)');
+        process.exit(0);
+      }
+
+      const result = await harvestPatterns(sessionTranscript);
 
-  harvestPatterns(sessionTranscript)
-    .then(async (result) => {
       // Generate and output context summary for post-compaction injection
       const postCompactContext = await generatePostCompactContext(
         result,
@@ -680,4 +928,4 @@ if (require.main === module) {
     });
 }
 
-module.exports = { harvestPatterns, harvestPlans, parseSessionTranscript, generatePostCompactContext };
+module.exports = { harvestPatterns, harvestPlans, parseSessionTranscript, generatePostCompactContext, scrubSecrets, scrubSecretsDeep, detectCorrections, sendCorrections, readStdin, readTranscriptInput };

package/hooks/session-start.js

@@ -427,7 +427,7 @@ async function loadAuthToken() {
  * @returns {Promise<Object>} Cognito constructor options or empty object (uses prod defaults)
  */
 async function loadCognitoConfig() {
-  // 1. Check .mindmeld/config.json first (always points to prod)
+  // 1. Check .mindmeld/config.json first (explicit project config, always wins)
   try {
     const mindmeldConfigPath = path.join(process.cwd(), '.mindmeld', 'config.json');
     const content = await fs.readFile(mindmeldConfigPath, 'utf-8');
@@ -442,21 +442,28 @@ async function loadCognitoConfig() {
     // No .mindmeld/config.json or no auth section
   }
 
-  // 2. Fallback to .myworld.json (may point to dev — for backwards compatibility)
-  try {
-    const configPath = path.join(process.cwd(), '.myworld.json');
-    const content = await fs.readFile(configPath, 'utf-8');
-    const config = JSON.parse(content);
-    const auth = config.deployments?.backend?.auth;
-    if (auth?.domain && auth?.client_id) {
-      return {
-        cognitoDomain: `${auth.domain}.auth.us-east-2.amazoncognito.com`,
-        cognitoClientId: auth.client_id
-      };
+  // 2. Fallback to .myworld.json — but only for consumer projects.
+  //    If this IS the MindMeld source repo, .myworld.json has dev Cognito
+  //    config that would authenticate against the wrong user pool.
+  const isSourceRepo = await isMindMeldSourceRepo();
+  if (!isSourceRepo) {
+    try {
+      const configPath = path.join(process.cwd(), '.myworld.json');
+      const content = await fs.readFile(configPath, 'utf-8');
+      const config = JSON.parse(content);
+      const auth = config.deployments?.backend?.auth;
+      if (auth?.domain && auth?.client_id) {
+        return {
+          cognitoDomain: `${auth.domain}.auth.us-east-2.amazoncognito.com`,
+          cognitoClientId: auth.client_id
+        };
+      }
+    } catch (error) {
+      // No .myworld.json
     }
-  } catch (error) {
-    // No .myworld.json — use production defaults
   }
+
+  // 3. Production defaults (AuthManager has these built-in)
   return {};
 }
 
@@ -483,15 +490,40 @@ function spawnBackgroundLogin() {
   }
 }
 
+/**
+ * Detect if we're running inside the MindMeld source repository (developer context)
+ * vs. a consumer project that uses MindMeld for standards injection.
+ *
+ * When developing MindMeld itself, .myworld.json contains deployment config pointing
+ * at dev/staging environments. The hook should still use production for its own
+ * standards and auth — dev URLs are for the product, not for the hook's API calls.
+ *
+ * @returns {Promise<boolean>} True if this is the MindMeld source repo
+ */
+async function isMindMeldSourceRepo() {
+  try {
+    const configPath = path.join(process.cwd(), '.myworld.json');
+    const content = await fs.readFile(configPath, 'utf-8');
+    const config = JSON.parse(content);
+    const productName = (config.project?.product || '').toLowerCase();
+    return productName === 'mindmeld';
+  } catch (error) {
+    return false;
+  }
+}
+
 /**
  * Load API configuration
- * Priority: .mindmeld/config.json → .myworld.json → env var → production default
- * The hook should always talk to the production MindMeld API for standards/patterns,
- * regardless of which environment the developer is building against.
+ * Priority: .mindmeld/config.json → .myworld.json (consumer only) → env var → production default
+ *
+ * When running inside the MindMeld source repo, .myworld.json is skipped because it
+ * contains dev/staging deployment config for the product — not config for the hook's
+ * own API calls, which should always target production.
+ *
  * @returns {Promise<{apiUrl: string}>}
  */
 async function loadApiConfig() {
-  // 1. Check .mindmeld/config.json first (always points to prod)
+  // 1. Check .mindmeld/config.json first (explicit project config, always wins)
   try {
     const mindmeldConfigPath = path.join(process.cwd(), '.mindmeld', 'config.json');
     const content = await fs.readFile(mindmeldConfigPath, 'utf-8');
@@ -503,20 +535,28 @@ async function loadApiConfig() {
     // No .mindmeld/config.json or no apiUrl
   }
 
-  // 2. Fallback to .myworld.json (may point to dev)
-  try {
-    const configPath = path.join(process.cwd(), '.myworld.json');
-    const content = await fs.readFile(configPath, 'utf-8');
-    const config = JSON.parse(content);
-    const backend = config.deployments?.backend;
-    return {
-      apiUrl: backend?.api?.base_url || 'https://api.mindmeld.dev'
-    };
-  } catch (error) {
-    return {
-      apiUrl: process.env.MINDMELD_API_URL || 'https://api.mindmeld.dev'
-    };
+  // 2. Fallback to .myworld.json — but only for consumer projects.
+  //    If this IS the MindMeld source repo, .myworld.json has dev deployment
+  //    URLs that would send hook API calls to the wrong environment.
+  const isSourceRepo = await isMindMeldSourceRepo();
+  if (!isSourceRepo) {
+    try {
+      const configPath = path.join(process.cwd(), '.myworld.json');
+      const content = await fs.readFile(configPath, 'utf-8');
+      const config = JSON.parse(content);
+      const backend = config.deployments?.backend;
+      if (backend?.api?.base_url) {
+        return { apiUrl: backend.api.base_url };
+      }
+    } catch (error) {
+      // No .myworld.json
+    }
   }
+
+  // 3. Environment variable or production default
+  return {
+    apiUrl: process.env.MINDMELD_API_URL || 'https://api.mindmeld.dev'
+  };
 }
 
 /**
@@ -565,7 +605,9 @@ async function fetchRelevantStandardsFromAPI(apiUrl, authToken, characteristics,
         try {
           const parsed = JSON.parse(data);
           if (res.statusCode >= 400) {
-            reject(new Error(parsed.message || `HTTP ${res.statusCode}`));
+            const err = new Error(parsed.message || `HTTP ${res.statusCode}`);
+            err.statusCode = res.statusCode;
+            reject(err);
           } else {
             resolve(parsed.data?.standards || parsed.standards || []);
           }
@@ -767,6 +809,14 @@ async function injectContext() {
       // Subscription enforcement — do NOT fall through to file-based injection
       console.error('[MindMeld] Active subscription required. Subscribe at app.mindmeld.dev');
       return '';
+    } else if (standardsResult.status === 'rejected' &&
+               (standardsResult.reason.statusCode === 401 || standardsResult.reason.message === 'Unauthorized')) {
+      // Auth token expired or invalid — trigger re-auth and use file-based fallback
+      console.error('[MindMeld] Auth token expired. Triggering re-authentication...');
+      spawnBackgroundLogin();
+      const categories = mindmeld.relevanceDetector.mapCharacteristicsToCategories(characteristics);
+      relevantStandards = await mindmeld.relevanceDetector.loadStandardsFromFiles(categories, characteristics);
+      console.error(`[MindMeld] ${relevantStandards.length} standards from file fallback (scored)`);
     } else {
       if (standardsResult.status === 'rejected') {
         console.error(`[MindMeld] API fallback: ${standardsResult.reason.message}`);
@@ -893,6 +943,20 @@ async function cacheSubagentContext(standards, teamPatterns, projectName) {
   console.error(`[MindMeld] Cached subagent context (${sections.length} lines)`);
 }
 
+/**
+ * Get maturity tier prefix for a standard
+ * @param {string|undefined} maturityTier - The maturity_tier from the standard
+ * @returns {string} Prefix string based on tier
+ */
+function getMaturityPrefix(maturityTier) {
+  switch (maturityTier) {
+    case 'reinforced': return '**[MUST FOLLOW]** ';
+    case 'solidified': return '**[SHOULD FOLLOW]** ';
+    case 'provisional':
+    default: return '**[CONSIDER]** ';
+  }
+}
+
 /**
  * Format context injection for Claude Code
  * @param {object} data - Context data to inject
@@ -968,8 +1032,15 @@ function formatContextInjection(data) {
   const standards = [];
   const workflows = [];
 
+  const businessInvariants = [];
   if (relevantStandards && relevantStandards.length > 0) {
     for (const item of relevantStandards) {
+      // Separate business invariants from code standards
+      if (item.content_type === 'business_invariant') {
+        businessInvariants.push(item);
+        continue;
+      }
+
       // Detect workflows: check type flag, rule prefix, keywords, or structured examples
       const isWorkflow = item.type === 'workflow' ||
         (item.rule && item.rule.startsWith('WORKFLOW:')) ||
@@ -990,7 +1061,9 @@ function formatContextInjection(data) {
     sections.push('');
 
     for (const standard of standards) {
-      sections.push(`### ${standard.element}`);
+      const tierPrefix = getMaturityPrefix(standard.maturity_tier);
+      const lbPrefix = standard.load_bearing ? '[CRITICAL] ' : '';
+      sections.push(`### ${tierPrefix}${lbPrefix}${standard.element}`);
       sections.push(`**Category**: ${standard.category}`);
       // Add fingerprint to rule text
       sections.push(`**Rule**: ${standard.rule} ${fingerprintStr}`);
@@ -1018,6 +1091,11 @@ function formatContextInjection(data) {
         }
       }
 
+      if (standard.consequence_tier === 'IRREVERSIBLE' || standard.consequence_tier === 'EXTERNAL_SIDE_EFFECT') {
+        sections.push('');
+        sections.push('⚠️ CONSEQUENCE: This standard involves irreversible/external actions. Verify before proceeding.');
+      }
+
       sections.push('');
     }
   }
@@ -1033,7 +1111,8 @@ function formatContextInjection(data) {
         ? workflow.examples[0]
         : null;
 
-      sections.push(`### ${workflow.element} ${fingerprintStr}`);
+      const tierPrefix = getMaturityPrefix(workflow.maturity_tier);
+      sections.push(`### ${tierPrefix}${workflow.element} ${fingerprintStr}`);
       sections.push(`**Category**: ${workflow.category}`);
 
       if (workflowData) {
@@ -1085,6 +1164,32 @@ function formatContextInjection(data) {
     }
   }
 
+  // Business invariants (rendered with rationale and consequences)
+  if (businessInvariants.length > 0) {
+    sections.push('## Business Invariants');
+    sections.push('');
+
+    for (const invariant of businessInvariants) {
+      const tierPrefix = getMaturityPrefix(invariant.maturity_tier);
+      sections.push(`### ${tierPrefix}${invariant.element}`);
+      sections.push(`**Domain**: ${invariant.category}`);
+      sections.push(`**Invariant**: ${invariant.rule} ${fingerprintStr}`);
+      if (invariant.rationale) {
+        sections.push(`**Rationale**: ${invariant.rationale}`);
+      }
+      if (invariant.consequences) {
+        sections.push(`**If violated**: ${invariant.consequences}`);
+      }
+      if (invariant.exceptions && Array.isArray(invariant.exceptions) && invariant.exceptions.length > 0) {
+        sections.push('**Exceptions**:');
+        for (const ex of invariant.exceptions) {
+          sections.push(`- ${ex}`);
+        }
+      }
+      sections.push('');
+    }
+  }
+
   // Team patterns (high correlation only)
   if (teamPatterns && teamPatterns.length > 0) {
     sections.push('## Team Patterns');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@equilateral_ai/mindmeld",
-  "version": "3.5.0",
+  "version": "3.5.2",
   "description": "Intelligent standards injection for AI coding sessions - context-aware, self-documenting, scales to large codebases",
   "main": "src/index.js",
   "bin": {
@@ -81,6 +81,7 @@
   "dependencies": {
     "@aws-sdk/client-bedrock-runtime": "^3.460.0",
     "@aws-sdk/client-ssm": "^3.985.0",
+    "js-yaml": "^4.1.1",
     "pg": "^8.18.0"
   },
   "devDependencies": {