@esbenwiberg/corpus-default 1.1.0

package/dist/probes/safety-dangerous-script-flags.js

@@ -0,0 +1,126 @@
+import { defineProbe } from "@esbenwiberg/repofit/sdk";
+const DANGEROUS_PATTERNS = [
+    { pattern: /\brm\s+-rf\b/, message: "uses rm -rf" },
+    { pattern: /--no-verify\b/, message: "bypasses git hooks (--no-verify)" },
+    { pattern: /--force\b|\s-f\b(?!ile)/, message: "uses --force / -f" },
+    { pattern: /\bcurl\s.*\|\s*(sh|bash|zsh)\b/, message: "pipes curl into a shell" },
+    { pattern: /\bsudo\b/, message: "invokes sudo" },
+];
+export default defineProbe({
+    id: "safety.dangerous-script-flags",
+    version: "1.0.0",
+    dimensions: [{ id: "safety", weight: 1 }],
+    tier: "static",
+    evidence: ["node_package"],
+    rationale: `
+    npm scripts are the most likely thing an agent runs unsupervised in a
+    repo. Flags like rm -rf, --no-verify, --force, or piping curl into a
+    shell can do irreversible damage. Surfacing them lets the agent (or a
+    reviewer) decide whether each one is justified.
+  `,
+    remediation: "Remove dangerous flags from npm scripts where possible: prefer `rimraf dist` over `rm -rf dist`, drop `--no-verify` (fix the hook instead), avoid `--force` and `sudo`, and never pipe `curl … | bash`. If a script genuinely needs one of these (e.g., `rm -rf dist` is fine for a clean step), add a comment explaining why so reviewers and agents skip the alarm.",
+    async detect(ev) {
+        if (!ev.node_package.present)
+            return { kind: "na", reason: "no package.json" };
+        const items = [];
+        for (const [name, body] of Object.entries(ev.node_package.scripts)) {
+            for (const { pattern, message } of DANGEROUS_PATTERNS) {
+                if (pattern.test(body)) {
+                    items.push({
+                        location: { path: `package.json#scripts.${name}` },
+                        severity: "warn",
+                        message: `script "${name}" ${message}`,
+                    });
+                }
+            }
+        }
+        return { kind: "inventory", items };
+    },
+    score: {
+        kind: "inventory",
+        severityWeights: { info: 1, warn: 3, error: 10 },
+        bands: [{ upTo: 0, score: 100 }, { upTo: 3, score: 70 }, { upTo: 9, score: 40 }, { score: 0 }],
+    },
+    fixtures: [
+        {
+            name: "no-package-json",
+            evidence: { node_package: { present: false } },
+            expect: { reading: { kind: "na", reason: "no package.json" }, score: null },
+        },
+        {
+            name: "clean-scripts",
+            evidence: {
+                node_package: {
+                    present: true,
+                    scripts: { build: "tsc", test: "vitest run" },
+                },
+            },
+            expect: { reading: { kind: "inventory", items: [] }, score: 100 },
+        },
+        {
+            name: "one-rm-rf",
+            evidence: {
+                node_package: {
+                    present: true,
+                    scripts: { clean: "rm -rf dist" },
+                },
+            },
+            expect: {
+                reading: {
+                    kind: "inventory",
+                    items: [
+                        {
+                            location: { path: "package.json#scripts.clean" },
+                            severity: "warn",
+                            message: 'script "clean" uses rm -rf',
+                        },
+                    ],
+                },
+                score: 70,
+            },
+        },
+        {
+            name: "multiple-dangerous",
+            evidence: {
+                node_package: {
+                    present: true,
+                    scripts: {
+                        clean: "rm -rf node_modules",
+                        commit: "git commit --no-verify",
+                        install: "curl https://example.com/i.sh | bash",
+                        deploy: "sudo systemctl restart app",
+                    },
+                },
+            },
+            expect: {
+                reading: {
+                    kind: "inventory",
+                    items: [
+                        {
+                            location: { path: "package.json#scripts.clean" },
+                            severity: "warn",
+                            message: 'script "clean" uses rm -rf',
+                        },
+                        {
+                            location: { path: "package.json#scripts.commit" },
+                            severity: "warn",
+                            message: 'script "commit" bypasses git hooks (--no-verify)',
+                        },
+                        {
+                            location: { path: "package.json#scripts.install" },
+                            severity: "warn",
+                            message: 'script "install" pipes curl into a shell',
+                        },
+                        {
+                            location: { path: "package.json#scripts.deploy" },
+                            severity: "warn",
+                            message: 'script "deploy" invokes sudo',
+                        },
+                    ],
+                },
+                score: 0,
+            },
+        },
+    ],
+});
+//# sourceMappingURL=safety-dangerous-script-flags.js.map

package/dist/probes/safety-dangerous-script-flags.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safety-dangerous-script-flags.js","sourceRoot":"","sources":["../../src/probes/safety-dangerous-script-flags.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,MAAM,kBAAkB,GAA2C;IACjE,EAAE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,aAAa,EAAE;IACnD,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,kCAAkC,EAAE;IACzE,EAAE,OAAO,EAAE,yBAAyB,EAAE,OAAO,EAAE,mBAAmB,EAAE;IACpE,EAAE,OAAO,EAAE,gCAAgC,EAAE,OAAO,EAAE,yBAAyB,EAAE;IACjF,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,cAAc,EAAE;CACjD,CAAC;AAEF,eAAe,WAAW,CAAC;IACzB,EAAE,EAAE,+BAA+B;IACnC,OAAO,EAAE,OAAO;IAChB,UAAU,EAAE,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACzC,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,CAAC,cAAc,CAAC;IAE1B,SAAS,EAAE;;;;;GAKV;IAED,WAAW,EACT,uWAAuW;IAEzW,KAAK,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO;YAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QAC/E,MAAM,KAAK,GAAoB,EAAE,CAAC;QAClC,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC;YACnE,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,kBAAkB,EAAE,CAAC;gBACtD,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;oBACvB,KAAK,CAAC,IAAI,CAAC;wBACT,QAAQ,EAAE,EAAE,IAAI,EAAE,wBAAwB,IAAI,EAAE,EAAE;wBAClD,QAAQ,EAAE,MAAM;wBAChB,OAAO,EAAE,WAAW,IAAI,KAAK,OAAO,EAAE;qBACvC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC;IACtC,CAAC;IAED,KAAK,EAAE;QACL,IAAI,EAAE,WAAW;QACjB,eAAe,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QAChD,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;KAC/F;IAED,QAAQ,EAAE;QACR;YACE,IAAI,EAAE,iBAAiB;YACvB,QAAQ,EAAE,EAAE,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;YAC9C,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;SAC5E;QACD;YACE,IAAI,EAAE,eAAe;YACrB,QAAQ,EAAE;gBACR,YAAY,EAAE;oBACZ,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,YAAY,EAAE;iBAC9C;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SAClE;QACD;YACE,IAAI,EAAE,WAAW;YACjB,QAAQ,EAAE;gBACR,YAAY,EAAE;oBACZ,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE;iBAClC;aACF;YACD,MAAM,EAAE;gBACN,OAAO,EAAE;oBACP,IAAI,EAAE,WAAW;oBACjB,KAAK,EAAE;wBACL;4BACE,QAAQ,EAAE,EAAE,IAAI,EAAE,4BAA4B,EAAE;4BAChD,QAAQ,EAAE,MAAM;4BAChB,OAAO,EAAE,4BAA4B;yBACtC;qBACF;iBACF;gBACD,KAAK,EAAE,EAAE;aACV;SACF;QACD;YACE,IAAI,EAAE,oBAAoB;YAC1B,QAAQ,EAAE;gBACR,YAAY,EAAE;oBACZ,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE;wBACP,KAAK,EAAE,qBAAqB;wBAC5B,MAAM,EAAE,wBAAwB;wBAChC,OAAO,EAAE,sCAAsC;wBAC/C,MAAM,EAAE,4BAA4B;qBACrC;iBACF;aACF;YACD,MAAM,EAAE;gBACN,OAAO,EAAE;oBACP,IAAI,EAAE,WAAW;oBACjB,KAAK,EAAE;wBACL;4BACE,QAAQ,EAAE,EAAE,IAAI,EAAE,4BAA4B,EAAE;4BAChD,QAAQ,EAAE,MAAM;4BAChB,OAAO,EAAE,4BAA4B;yBACtC;wBACD;4BACE,QAAQ,EAAE,EAAE,IAAI,EAAE,6BAA6B,EAAE;4BACjD,QAAQ,EAAE,MAAM;4BAChB,OAAO,EAAE,kDAAkD;yBAC5D;wBACD;4BACE,QAAQ,EAAE,EAAE,IAAI,EAAE,8BAA8B,EAAE;4BAClD,QAAQ,EAAE,MAAM;4BAChB,OAAO,EAAE,0CAA0C;yBACpD;wBACD;4BACE,QAAQ,EAAE,EAAE,IAAI,EAAE,6BAA6B,EAAE;4BACjD,QAAQ,EAAE,MAAM;4BAChB,OAAO,EAAE,8BAA8B;yBACxC;qBACF;iBACF;gBACD,KAAK,EAAE,CAAC;aACT;SACF;KACF;CACF,CAAC,CAAC"}

package/dist/probes/secrets-dotenv-gitignored.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@esbenwiberg/repofit/sdk").Probe;
+export default _default;
+//# sourceMappingURL=secrets-dotenv-gitignored.d.ts.map

package/dist/probes/secrets-dotenv-gitignored.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets-dotenv-gitignored.d.ts","sourceRoot":"","sources":["../../src/probes/secrets-dotenv-gitignored.ts"],"names":[],"mappings":";AAEA,wBA+CG"}

package/dist/probes/secrets-dotenv-gitignored.js

@@ -0,0 +1,45 @@
+import { defineProbe } from "@esbenwiberg/repofit/sdk";
+export default defineProbe({
+    id: "secrets.dotenv-gitignored",
+    version: "1.0.0",
+    dimensions: [{ id: "safety", weight: 1 }],
+    tier: "static",
+    evidence: ["gitignore"],
+    rationale: `
+    .env files routinely hold API keys, database passwords, and other
+    secrets. If .gitignore doesn't cover them, an agent running "git add"
+    or "git commit -A" can leak the entire credential set into history in
+    one move. This is a high-blast-radius mistake we can prevent with a
+    one-line check.
+  `,
+    remediation: "Add `.env` (and ideally `.env.*` to cover `.env.local`, `.env.production`, etc.) to your `.gitignore`. Keep an `.env.example` file checked in with placeholder values so newcomers know which variables are expected.",
+    async detect(ev) {
+        if (!ev.gitignore.present)
+            return { kind: "na", reason: "no .gitignore" };
+        return { kind: "predicate", value: ev.gitignore.ignores(".env") };
+    },
+    score: { kind: "predicate", direction: "positive" },
+    fixtures: [
+        {
+            name: "no-gitignore",
+            evidence: { gitignore: { present: false, patterns: [] } },
+            expect: { reading: { kind: "na", reason: "no .gitignore" }, score: null },
+        },
+        {
+            name: "dotenv-ignored",
+            evidence: { gitignore: { present: true, patterns: [".env"] } },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "wildcard-ignored",
+            evidence: { gitignore: { present: true, patterns: [".env*"] } },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "not-ignored",
+            evidence: { gitignore: { present: true, patterns: ["node_modules"] } },
+            expect: { reading: { kind: "predicate", value: false }, score: 0 },
+        },
+    ],
+});
+//# sourceMappingURL=secrets-dotenv-gitignored.js.map

package/dist/probes/secrets-dotenv-gitignored.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets-dotenv-gitignored.js","sourceRoot":"","sources":["../../src/probes/secrets-dotenv-gitignored.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,eAAe,WAAW,CAAC;IACzB,EAAE,EAAE,2BAA2B;IAC/B,OAAO,EAAE,OAAO;IAChB,UAAU,EAAE,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACzC,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,CAAC,WAAW,CAAC;IAEvB,SAAS,EAAE;;;;;;GAMV;IAED,WAAW,EACT,uNAAuN;IAEzN,KAAK,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,OAAO;YAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QAC1E,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;IACpE,CAAC;IAED,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE;IAEnD,QAAQ,EAAE;QACR;YACE,IAAI,EAAE,cAAc;YACpB,QAAQ,EAAE,EAAE,SAAS,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE;YACzD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;SAC1E;QACD;YACE,IAAI,EAAE,gBAAgB;YACtB,QAAQ,EAAE,EAAE,SAAS,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE;YAC9D,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,QAAQ,EAAE,EAAE,SAAS,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE;YAC/D,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,aAAa;YACnB,QAAQ,EAAE,EAAE,SAAS,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,cAAc,CAAC,EAAE,EAAE;YACtE,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE;SACnE;KACF;CACF,CAAC,CAAC"}

package/dist/probes/secrets-precommit-scan-configured.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@esbenwiberg/repofit/sdk").Probe;
+export default _default;
+//# sourceMappingURL=secrets-precommit-scan-configured.d.ts.map

package/dist/probes/secrets-precommit-scan-configured.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets-precommit-scan-configured.d.ts","sourceRoot":"","sources":["../../src/probes/secrets-precommit-scan-configured.ts"],"names":[],"mappings":";AA8BA,wBAwGG"}

package/dist/probes/secrets-precommit-scan-configured.js

@@ -0,0 +1,130 @@
+import { defineProbe } from "@esbenwiberg/repofit/sdk";
+const SECRET_TOOL_HINTS = [
+    /\bsecretlint\b/i,
+    /\bgitleaks\b/i,
+    /\btruffle?hog\b/i,
+    /\bdetect-secrets\b/i,
+    /\bggshield\b/i,
+    /\btrivy\s+fs\b/i,
+];
+const PRECOMMIT_PATHS = [
+    ".pre-commit-config.yaml",
+    ".pre-commit-config.yml",
+    ".husky/pre-commit",
+    ".githooks/pre-commit",
+];
+const SH_PATH = /([A-Za-z0-9_./-]+\.sh)\b/g;
+function resolveHelperPaths(hookPath, scriptRef, allFiles) {
+    const basename = scriptRef.split("/").pop();
+    if (!basename?.endsWith(".sh"))
+        return [];
+    const hookDir = hookPath.split("/").slice(0, -1).join("/");
+    return allFiles.filter((p) => {
+        if (p.split("/").pop() !== basename)
+            return false;
+        return hookDir.length === 0 || p.startsWith(`${hookDir}/`);
+    });
+}
+export default defineProbe({
+    id: "secrets.precommit-scan-configured",
+    version: "1.1.0",
+    dimensions: [{ id: "safety", weight: 1 }],
+    tier: "derived",
+    evidence: ["files", "size_stats", "ci_workflows"],
+    rationale: `
+    A pre-commit or CI step that scans for secrets is the only durable
+    defense against accidentally committing a token. Without it, prevention
+    relies on every human and every agent remembering to check by hand.
+    Hooks that source helper scripts (e.g. .githooks/lib/secret-checks.sh)
+    are followed one level deep so the scanner is still recognised.
+  `,
+    remediation: "Add a secret scanner that runs on every commit. Easiest paths: `gitleaks` (single binary, fast), `secretlint` (npm, configurable), `trufflehog`, or `detect-secrets`. Wire it into a pre-commit hook (`.husky/pre-commit`, `.githooks/pre-commit`, or `.pre-commit-config.yaml`) and/or a CI job. Either alone is fine — both is better.",
+    async detect(ev) {
+        const allFiles = ev.size_stats.files.map((f) => f.path);
+        const visited = new Set();
+        for (const path of PRECOMMIT_PATHS) {
+            const raw = await ev.files.readText(path);
+            if (!raw)
+                continue;
+            if (SECRET_TOOL_HINTS.some((p) => p.test(raw))) {
+                return { kind: "predicate", value: true };
+            }
+            for (const m of raw.matchAll(SH_PATH)) {
+                const ref = m[1];
+                if (!ref)
+                    continue;
+                for (const candidate of resolveHelperPaths(path, ref, allFiles)) {
+                    if (visited.has(candidate))
+                        continue;
+                    visited.add(candidate);
+                    const childRaw = await ev.files.readText(candidate);
+                    if (childRaw && SECRET_TOOL_HINTS.some((p) => p.test(childRaw))) {
+                        return { kind: "predicate", value: true };
+                    }
+                }
+            }
+        }
+        for (const wf of ev.ci_workflows.workflows) {
+            if (SECRET_TOOL_HINTS.some((p) => p.test(wf.raw))) {
+                return { kind: "predicate", value: true };
+            }
+        }
+        return { kind: "predicate", value: false };
+    },
+    score: { kind: "predicate", direction: "positive" },
+    fixtures: [
+        {
+            name: "nothing-configured",
+            evidence: {
+                files: [],
+                size_stats: { files: [], totalBytes: 0, totalFiles: 0, source: "git-ls-files" },
+                ci_workflows: { present: false, workflows: [] },
+            },
+            expect: { reading: { kind: "predicate", value: false }, score: 0 },
+        },
+        {
+            name: "secretlint-in-husky",
+            evidence: {
+                files: { ".husky/pre-commit": "npx secretlint --maskSecrets '**/*'\n" },
+                size_stats: { files: [], totalBytes: 0, totalFiles: 0, source: "git-ls-files" },
+                ci_workflows: { present: false, workflows: [] },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "gitleaks-in-sourced-helper",
+            evidence: {
+                files: {
+                    ".githooks/pre-commit": 'bash "$SCRIPT_DIR/lib/secret-checks.sh"\n',
+                    ".githooks/lib/secret-checks.sh": "gitleaks protect --staged\n",
+                },
+                size_stats: {
+                    source: "git-ls-files",
+                    totalBytes: 100,
+                    totalFiles: 2,
+                    files: [
+                        { path: ".githooks/pre-commit", bytes: 50, lines: 5, depth: 1 },
+                        { path: ".githooks/lib/secret-checks.sh", bytes: 50, lines: 5, depth: 2 },
+                    ],
+                },
+                ci_workflows: { present: false, workflows: [] },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "gitleaks-in-ci",
+            evidence: {
+                files: [],
+                size_stats: { files: [], totalBytes: 0, totalFiles: 0, source: "git-ls-files" },
+                ci_workflows: {
+                    present: true,
+                    workflows: [
+                        { path: ".github/workflows/security.yml", raw: "uses: zricethezav/gitleaks-action@v2" },
+                    ],
+                },
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+    ],
+});
+//# sourceMappingURL=secrets-precommit-scan-configured.js.map

package/dist/probes/secrets-precommit-scan-configured.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets-precommit-scan-configured.js","sourceRoot":"","sources":["../../src/probes/secrets-precommit-scan-configured.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,MAAM,iBAAiB,GAAG;IACxB,iBAAiB;IACjB,eAAe;IACf,kBAAkB;IAClB,qBAAqB;IACrB,eAAe;IACf,iBAAiB;CAClB,CAAC;AAEF,MAAM,eAAe,GAAG;IACtB,yBAAyB;IACzB,wBAAwB;IACxB,mBAAmB;IACnB,sBAAsB;CACvB,CAAC;AAEF,MAAM,OAAO,GAAG,2BAA2B,CAAC;AAE5C,SAAS,kBAAkB,CAAC,QAAgB,EAAE,SAAiB,EAAE,QAAkB;IACjF,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;IAC5C,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAC1C,MAAM,OAAO,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3D,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAC3B,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;QAClD,OAAO,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,GAAG,OAAO,GAAG,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;AACL,CAAC;AAED,eAAe,WAAW,CAAC;IACzB,EAAE,EAAE,mCAAmC;IACvC,OAAO,EAAE,OAAO;IAChB,UAAU,EAAE,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACzC,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,cAAc,CAAC;IAEjD,SAAS,EAAE;;;;;;GAMV;IAED,WAAW,EACT,0UAA0U;IAE5U,KAAK,CAAC,MAAM,CAAC,EAAE;QACb,MAAM,QAAQ,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;QAClC,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;YACnC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,CAAC,GAAG;gBAAE,SAAS;YACnB,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAC/C,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;YAC5C,CAAC;YACD,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBACtC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjB,IAAI,CAAC,GAAG;oBAAE,SAAS;gBACnB,KAAK,MAAM,SAAS,IAAI,kBAAkB,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,EAAE,CAAC;oBAChE,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;wBAAE,SAAS;oBACrC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;oBACvB,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;oBACpD,IAAI,QAAQ,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;wBAChE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;oBAC5C,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QACD,KAAK,MAAM,EAAE,IAAI,EAAE,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC3C,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;gBAClD,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;YAC5C,CAAC;QACH,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IAC7C,CAAC;IAED,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE;IAEnD,QAAQ,EAAE;QACR;YACE,IAAI,EAAE,oBAAoB;YAC1B,QAAQ,EAAE;gBACR,KAAK,EAAE,EAAE;gBACT,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE;gBAC/E,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE;aAChD;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE;SACnE;QACD;YACE,IAAI,EAAE,qBAAqB;YAC3B,QAAQ,EAAE;gBACR,KAAK,EAAE,EAAE,mBAAmB,EAAE,uCAAuC,EAAE;gBACvE,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE;gBAC/E,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE;aAChD;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,4BAA4B;YAClC,QAAQ,EAAE;gBACR,KAAK,EAAE;oBACL,sBAAsB,EAAE,2CAA2C;oBACnE,gCAAgC,EAAE,6BAA6B;iBAChE;gBACD,UAAU,EAAE;oBACV,MAAM,EAAE,cAAc;oBACtB,UAAU,EAAE,GAAG;oBACf,UAAU,EAAE,CAAC;oBACb,KAAK,EAAE;wBACL,EAAE,IAAI,EAAE,sBAAsB,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;wBAC/D,EAAE,IAAI,EAAE,gCAAgC,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE;qBAC1E;iBACF;gBACD,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE;aAChD;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,gBAAgB;YACtB,QAAQ,EAAE;gBACR,KAAK,EAAE,EAAE;gBACT,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE;gBAC/E,YAAY,EAAE;oBACZ,OAAO,EAAE,IAAI;oBACb,SAAS,EAAE;wBACT,EAAE,IAAI,EAAE,gCAAgC,EAAE,GAAG,EAAE,sCAAsC,EAAE;qBACxF;iBACF;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;KACF;CACF,CAAC,CAAC"}

package/dist/probes/secrets-scan-clean.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@esbenwiberg/repofit/sdk").Probe;
+export default _default;
+//# sourceMappingURL=secrets-scan-clean.d.ts.map

package/dist/probes/secrets-scan-clean.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets-scan-clean.d.ts","sourceRoot":"","sources":["../../src/probes/secrets-scan-clean.ts"],"names":[],"mappings":";AAWA,wBA2EG"}

package/dist/probes/secrets-scan-clean.js

@@ -0,0 +1,80 @@
+import { defineProbe } from "@esbenwiberg/repofit/sdk";
+const SCAN_SCRIPT_CANDIDATES = [
+    "secrets",
+    "secret:scan",
+    "secrets:scan",
+    "secrets:check",
+    "secret-scan",
+    "scan:secrets",
+];
+export default defineProbe({
+    id: "secrets.scan-clean",
+    version: "1.0.0",
+    dimensions: [{ id: "safety", weight: 1 }],
+    tier: "executed",
+    evidence: ["node_package", "commands"],
+    rationale: `
+    A configured secret scanner only helps if it's actually run. This
+    probe runs the project's secret-scan script and reports clean only
+    when it exits zero — meaning no secrets detected in the working
+    tree. Pairs with \`secrets.precommit-scan-configured\`: configured
+    tells you the gate exists, clean tells you the tree currently
+    passes it. N/A if no scan script is exposed (the precommit hook
+    alone can't be invoked uniformly across tools).
+  `,
+    remediation: 'Expose your secret scanner as a runnable script so the gate can be invoked outside the precommit hook. Node: add `"secrets": "gitleaks detect --no-banner --no-git"` (or the equivalent for `trufflehog`, `detect-secrets`, `secretlint`) to `package.json` scripts. Then run it and clean up any findings — a flagged secret in the working tree is the only thing that matters here.',
+    async detect(ev) {
+        if (!ev.node_package.present)
+            return { kind: "na", reason: "no package.json" };
+        const scripts = ev.node_package.scripts;
+        const scriptName = SCAN_SCRIPT_CANDIDATES.find((name) => typeof scripts[name] === "string" && scripts[name].trim().length > 0);
+        if (!scriptName) {
+            return { kind: "na", reason: "no secrets scan script" };
+        }
+        const run = await ev.commands.run({
+            argv: ["npm", "run", scriptName, "--silent"],
+            timeoutMs: 300_000,
+        });
+        if (run.timedOut)
+            return { kind: "na", reason: "secrets scan timed out" };
+        return { kind: "predicate", value: run.exitCode === 0 };
+    },
+    score: { kind: "predicate", direction: "positive" },
+    fixtures: [
+        {
+            name: "no-package-json",
+            evidence: { node_package: { present: false } },
+            expect: { reading: { kind: "na", reason: "no package.json" }, score: null },
+        },
+        {
+            name: "no-scan-script",
+            evidence: { node_package: { present: true, scripts: { test: "vitest" } } },
+            expect: { reading: { kind: "na", reason: "no secrets scan script" }, score: null },
+        },
+        {
+            name: "scan-clean",
+            evidence: {
+                node_package: {
+                    present: true,
+                    scripts: { secrets: "gitleaks detect --no-banner --no-git" },
+                },
+                commands: [{ argv: ["npm", "run", "secrets", "--silent"], exitCode: 0, durationMs: 1200 }],
+            },
+            expect: { reading: { kind: "predicate", value: true }, score: 100 },
+        },
+        {
+            name: "scan-finds-leak",
+            evidence: {
+                node_package: {
+                    present: true,
+                    scripts: { "secrets:scan": "gitleaks detect --no-banner --no-git" },
+                },
+                commands: [
+                    { argv: ["npm", "run", "secrets:scan", "--silent"], exitCode: 1, durationMs: 1500 },
+                ],
+            },
+            expect: { reading: { kind: "predicate", value: false }, score: 0 },
+        },
+    ],
+});
+//# sourceMappingURL=secrets-scan-clean.js.map

package/dist/probes/secrets-scan-clean.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secrets-scan-clean.js","sourceRoot":"","sources":["../../src/probes/secrets-scan-clean.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,MAAM,sBAAsB,GAAG;IAC7B,SAAS;IACT,aAAa;IACb,cAAc;IACd,eAAe;IACf,aAAa;IACb,cAAc;CACf,CAAC;AAEF,eAAe,WAAW,CAAC;IACzB,EAAE,EAAE,oBAAoB;IACxB,OAAO,EAAE,OAAO;IAChB,UAAU,EAAE,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACzC,IAAI,EAAE,UAAU;IAChB,QAAQ,EAAE,CAAC,cAAc,EAAE,UAAU,CAAC;IAEtC,SAAS,EAAE;;;;;;;;GAQV;IAED,WAAW,EACT,wXAAwX;IAE1X,KAAK,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO;YAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QAC/E,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC;QACxC,MAAM,UAAU,GAAG,sBAAsB,CAAC,IAAI,CAC5C,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,CAC/E,CAAC;QACF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;QAC1D,CAAC;QACD,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC;YAChC,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,UAAU,CAAC;YAC5C,SAAS,EAAE,OAAO;SACnB,CAAC,CAAC;QACH,IAAI,GAAG,CAAC,QAAQ;YAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;QAC1E,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;IAC1D,CAAC;IAED,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE;IAEnD,QAAQ,EAAE;QACR;YACE,IAAI,EAAE,iBAAiB;YACvB,QAAQ,EAAE,EAAE,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;YAC9C,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,iBAAiB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;SAC5E;QACD;YACE,IAAI,EAAE,gBAAgB;YACtB,QAAQ,EAAE,EAAE,YAAY,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE;YAC1E,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,wBAAwB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE;SACnF;QACD;YACE,IAAI,EAAE,YAAY;YAClB,QAAQ,EAAE;gBACR,YAAY,EAAE;oBACZ,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE;iBAC7D;gBACD,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;aAC3F;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SACpE;QACD;YACE,IAAI,EAAE,iBAAiB;YACvB,QAAQ,EAAE;gBACR,YAAY,EAAE;oBACZ,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,EAAE,cAAc,EAAE,sCAAsC,EAAE;iBACpE;gBACD,QAAQ,EAAE;oBACR,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,UAAU,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE;iBACpF;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE;SACnE;KACF;CACF,CAAC,CAAC"}

package/dist/probes/size-directory-depth.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@esbenwiberg/repofit/sdk").Probe;
+export default _default;
+//# sourceMappingURL=size-directory-depth.d.ts.map

package/dist/probes/size-directory-depth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"size-directory-depth.d.ts","sourceRoot":"","sources":["../../src/probes/size-directory-depth.ts"],"names":[],"mappings":";AAEA,wBAmFG"}

package/dist/probes/size-directory-depth.js

@@ -0,0 +1,80 @@
+import { defineProbe } from "@esbenwiberg/repofit/sdk";
+export default defineProbe({
+    id: "size.directory-depth",
+    version: "1.1.0",
+    dimensions: [{ id: "cost", weight: 1 }],
+    tier: "derived",
+    evidence: ["size_stats"],
+    rationale: `
+    Very deeply nested paths add navigation cost: more tokens per file
+    reference, more overhead resolving "where does this live?", and a higher
+    chance of typos in path-driven tool calls. The p95 of path depth is a
+    robust summary that one shallow tree of fixtures can't skew.
+  `,
+    remediation: "If p95 path depth is high, inspect `git ls-files | awk -F/ '{ print NF \" \" $0 }' | sort -nr | head` to find the deepest tracked paths. Flatten redundant grouping when it is only ceremony, but do not collapse meaningful package/module boundaries. Aim for p95 depth ≤ 6.",
+    async detect(ev) {
+        if (ev.size_stats.source === "none") {
+            return { kind: "na", reason: "no git working tree" };
+        }
+        if (ev.size_stats.files.length === 0) {
+            return { kind: "na", reason: "no tracked files" };
+        }
+        const depths = ev.size_stats.files.map((f) => f.depth);
+        return { kind: "distribution", samples: depths };
+    },
+    score: {
+        kind: "distribution",
+        stat: "p95",
+        bands: [
+            { upTo: 6, score: 100 },
+            { upTo: 8, score: 80 },
+            { upTo: 10, score: 50 },
+            { upTo: 12, score: 20 },
+            { score: 0 },
+        ],
+    },
+    fixtures: [
+        {
+            name: "shallow-tree",
+            evidence: {
+                size_stats: {
+                    source: "git-ls-files",
+                    totalBytes: 0,
+                    totalFiles: 3,
+                    totalBytesEffective: 0,
+                    totalFilesEffective: 3,
+                    files: [
+                        { path: "a.md", bytes: 1, lines: 1, depth: 1, generated: false },
+                        { path: "src/x.ts", bytes: 1, lines: 1, depth: 2, generated: false },
+                        { path: "src/y.ts", bytes: 1, lines: 1, depth: 2, generated: false },
+                    ],
+                },
+            },
+            expect: { reading: { kind: "distribution", samples: [1, 2, 2] }, score: 100 },
+        },
+        {
+            name: "deep-tree",
+            evidence: {
+                size_stats: {
+                    source: "git-ls-files",
+                    totalBytes: 0,
+                    totalFiles: 2,
+                    totalBytesEffective: 0,
+                    totalFilesEffective: 2,
+                    files: [
+                        { path: "a/b/c/d/e/f/g/h/i/file.ts", bytes: 1, lines: 1, depth: 10, generated: false },
+                        {
+                            path: "a/b/c/d/e/f/g/h/i/j/k/file.ts",
+                            bytes: 1,
+                            lines: 1,
+                            depth: 12,
+                            generated: false,
+                        },
+                    ],
+                },
+            },
+            expect: { reading: { kind: "distribution", samples: [10, 12] }, score: 20 },
+        },
+    ],
+});
+//# sourceMappingURL=size-directory-depth.js.map

package/dist/probes/size-directory-depth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"size-directory-depth.js","sourceRoot":"","sources":["../../src/probes/size-directory-depth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAEvD,eAAe,WAAW,CAAC;IACzB,EAAE,EAAE,sBAAsB;IAC1B,OAAO,EAAE,OAAO;IAChB,UAAU,EAAE,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IACvC,IAAI,EAAE,SAAS;IACf,QAAQ,EAAE,CAAC,YAAY,CAAC;IAExB,SAAS,EAAE;;;;;GAKV;IAED,WAAW,EACT,gRAAgR;IAElR,KAAK,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YACpC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;QACvD,CAAC;QACD,IAAI,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;QACpD,CAAC;QACD,MAAM,MAAM,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QACvD,OAAO,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;IACnD,CAAC;IAED,KAAK,EAAE;QACL,IAAI,EAAE,cAAc;QACpB,IAAI,EAAE,KAAK;QACX,KAAK,EAAE;YACL,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE;YACvB,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;YACtB,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;YACvB,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;YACvB,EAAE,KAAK,EAAE,CAAC,EAAE;SACb;KACF;IAED,QAAQ,EAAE;QACR;YACE,IAAI,EAAE,cAAc;YACpB,QAAQ,EAAE;gBACR,UAAU,EAAE;oBACV,MAAM,EAAE,cAAc;oBACtB,UAAU,EAAE,CAAC;oBACb,UAAU,EAAE,CAAC;oBACb,mBAAmB,EAAE,CAAC;oBACtB,mBAAmB,EAAE,CAAC;oBACtB,KAAK,EAAE;wBACL,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE;wBAChE,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE;wBACpE,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE;qBACrE;iBACF;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,GAAG,EAAE;SAC9E;QACD;YACE,IAAI,EAAE,WAAW;YACjB,QAAQ,EAAE;gBACR,UAAU,EAAE;oBACV,MAAM,EAAE,cAAc;oBACtB,UAAU,EAAE,CAAC;oBACb,UAAU,EAAE,CAAC;oBACb,mBAAmB,EAAE,CAAC;oBACtB,mBAAmB,EAAE,CAAC;oBACtB,KAAK,EAAE;wBACL,EAAE,IAAI,EAAE,2BAA2B,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE;wBACtF;4BACE,IAAI,EAAE,+BAA+B;4BACrC,KAAK,EAAE,CAAC;4BACR,KAAK,EAAE,CAAC;4BACR,KAAK,EAAE,EAAE;4BACT,SAAS,EAAE,KAAK;yBACjB;qBACF;iBACF;aACF;YACD,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE;SAC5E;KACF;CACF,CAAC,CAAC"}

package/dist/probes/size-large-files.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@esbenwiberg/repofit/sdk").Probe;
+export default _default;
+//# sourceMappingURL=size-large-files.d.ts.map

package/dist/probes/size-large-files.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"size-large-files.d.ts","sourceRoot":"","sources":["../../src/probes/size-large-files.ts"],"names":[],"mappings":";AAMA,wBAqHG"}